Restriction in Adding Events

newphpcoder

i want to share my problem in my website

For the better understandng of my website, I want to tell all the details.

I have a database and i has a 2 tables 1 for the tbllogin which consist of Username and Department, and the second table is caltbl which i use for the calendar events.

2.When my website run the first webpage is the login form. If the Username and Department is correct she can browse the other webpages, like the calendar event.

In the calendar event you can see the calendar and when you click the date theirs a link "new event" appear and if theirs no existing event theres a text saying "No Events", when you click the link you can add events. I want that theirs a specific person that can only add events for the restriction of adding events. I want to happen that if the user is xxx and her department is yyy the link shoud appear and she can add events. i want that only to her the link should be appear..

here is the code:

<?php
$host = "localhost";

$username = "";

$password = "";

$dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');

$dbName = 'dspi';

mysql_select_db($dbName);	
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>DSPI CALENDAR EVENTS</title>
<script>
function goLastMonth(month, year){
// If the month is January, decrement the year
if(month == 1){
--year;
month = 13;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year;
}
//next function
function goNextMonth(month, year){
// If the month is December, increment the year
if(month == 12){
++year;
month = 0;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year;
} 

function remChars(txtControl, txtCount, intMaxLength)
{
if(txtControl.value.length > intMaxLength)
txtControl.value = txtControl.value.substring(0, (intMaxLength-1));
else
txtCount.value = intMaxLength - txtControl.value.length;
}

function checkFilled() {
var filled = 0
var x = document.form1.calName.value;
//x = x.replace(/^\s+/,""); // strip leading spaces
if (x.length > 0) {filled ++}

var y = document.form1.calDesc.value;
//y = y.replace(/^s+/,""); // strip leading spaces
if (y.length > 0) {filled ++}

if (filled == 2) {
document.getElementById("Submit").disabled = false;
}
else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased

}

</script>
<style>
body{
background-image: url(layout_image/bgroundv09.png);
background-attachment: fixed; 
font-family:Georgia, "Times New Roman", Times, serif;
font-size:16px;
}
.today{
/*background-color:#00CCCC;*/
font-weight:bold;
font-style:italic;
border-bottom-style:dashed;
background-image:url(calBg.jpg);
background-repeat:no-repeat;
background-position:center;
position:relative;
color:#FFFF00;
}
.today span{
position:absolute;
left:0;
top:0; 
}

.today a{
color:#FFFF00;
padding-top:10px;
}
.selected {
color: #FFFFFF;
background-color: #C00000;
}
.event {
/*background-color: #C6D1DC;*/
/*border:1px solid #ffffff;*/
background-image:url(layout_image/boxv01.png);
border: 1px ;
/*border-bottom-style:dashed;*/
/*border color #427e1a;*/
} 
.normal {

} 
table{
border:1px solid #cccccc;
padding:3px;
}
th{
width:36px;
background-color:#bcdd24;
text-align:center;
color:#ffffff;
border-left:1px solid #ffffff;
}
td{
text-align:center;
padding:8px;
margin:0;
}
table.tableClass{
width:350px;
border:none;
border-collapse: collapse;
font-size:85%;
border:1px dotted #cccccc;
}
table.tableClass input,textarea{
font-size:90%;
}
#form1{
margin:5px 0 0 0;
}
#greyBox{
height:10px;
width:10px;
background-color:#C6D1DC;
border:1px solid #666666;
margin:5px;
}
#hr{border-bottom:1px solid #cccccc;width:300px;}
.output{width:300px;border-bottom:1px dotted #ccc;margin-bottom:5px;padding:6px;}
h5{margin:0;}
</style>

<?php
//$todaysDate = date("n/j/Y");
//echo $todaysDate;
// Get values from query string
$day = (isset($_GET["day"])) ? $_GET['day'] : "";
$month = (isset($_GET["month"])) ? $_GET['month'] : "";
$year = (isset($_GET["year"])) ? $_GET['year'] : "";
//comparaters for today's date
//$todaysDate = date("n/j/Y");
//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : "";
//$what = (isset($_GET["what"])) ? $_GET['what'] : "";

//$day = (!isset($day)) ? $day = date("j") : $day = "";
if(empty($day)){ $day = date("j"); }

if(empty($month)){ $month = date("n"); }

if(empty($year)){ $year = date("Y"); } 
//set up vars for calendar etc
$currentTimeStamp = strtotime("$year-$month-$day");
$monthName = date("F", $currentTimeStamp);
$numDays = date("t", $currentTimeStamp);
$counter = 0;
//$numEventsThisMonth = 0;
//$hasEvent = false;
//$todaysEvents = ""; 
//run a selec statement to hi-light the days
function hiLightEvt($eMonth,$eDay,$eYear){
//$tDayName = date("l");
$todaysDate = date("n/j/Y");
$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
if($todaysDate == $dateToCompare){
//$aClass = '<span>' . $tDayName . '</span>';
$aClass='class="today"';
}else{
//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
//echo $todaysDate;
//return;
$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
while($row= mysql_fetch_array($result)){
if($row['eCount'] >=1){
$aClass = 'class="event"';
}elseif($row['eCount'] ==0){
$aClass ='class="normal"';
}
}
}
return $aClass;
}
?>
<div id="Calendar_Event">
<table width="350" cellpadding="0" cellspacing="0">
<tr>
<td width="50" colspan="1">
<input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);">
</td>
<td width="250" colspan="5">
<span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br>
</td>
<td width="50" colspan="1" align="right">
<input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);">
</td>
</tr> 
<tr>
<th>M</td>
<th>T</td>
<th>W</td>
<th>T</td>
<th>F</td>
<th>S</td>
<th>S</td>
</tr>
<tr>
<?php
for($i = 1; $i < $numDays+1; $i++, $counter++){
$dateToCompare = $month . '/' . $i . '/' . $year;
$timeStamp = strtotime("$year-$month-$i");
//echo $timeStamp . '<br/>';
if($i == 1){
// Workout when the first day of the month is
$firstDay = date("N", $timeStamp);
for($j = 1; $j < $firstDay; $j++, $counter++){
echo "<td>&nbsp;</td>";
} 
}
if($counter % 7 == 0 ){
?>
</tr><tr>
<?php
}
?>
<!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td> 
<?php
}
?>
</table>
</div>
<div id="New_Event">
<?php
if(isset($_GET['v'])){
if(isset($_POST['Submit'])){
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";
mysql_query($sql);
}
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='rhoda.barrera@dunlop.ph' AND Department='MIS'");
if (mysql_num_rows($check)>0){ 
?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">New Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>
</div>
<div id="Cal_Event">
<?php
if(isset($_GET['f'])){
include 'calForm.php';
}
if($numRows == 0 ){
echo '';
}else{
//echo '<ul>';
echo '<h3>Event Listed</h3>';
while($row = mysql_fetch_array($result)){
?>

<h5><?=$row['calName'];?></h5>
<?=$row['calDesc'];?><br/>
Listed On: <?=$row['calStamp'];?>
<?php
}
}
}
?>
</div>
</body>
</html>

anoopmail

doesn't these line of your code work?

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='rhoda.barrera@dunlop.ph' AND Department='MIS'");
if (mysql_num_rows($check)>0){
?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">New Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>

newphpcoder

anoopmail;10962534 wrote:

doesn't these line of your code work?

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='rhoda.barrera@dunlop.ph' AND Department='MIS'");
if (mysql_num_rows($check)>0){
?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">New Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>

No doesn't work,,because when i try to ligin in different username and department the link for add event was also appear

anoopmail

if u r using this hard coded username 'rhoda.barrera@dunlop.ph' it wont work..u have to figure out the usrename for the logged in user and use it.

newphpcoder

i want to share my problem in my website

For the better understandng of my website, I want to tell all the details.

I have a database and i has a 2 tables 1 for the tbllogin which consist of Username and Department, and the second table is caltbl which i use for the calendar events.

2.When my website run the first webpage is the login form. If the Username and Department is correct she can browse the other webpages, like the calendar event.

In the calendar event you can see the calendar and when you click the date theirs a link "new event" appear and if theirs no existing event theres a text saying "No Events", when you click the link you can add events. I want that theirs a specific person that can only add events for the restriction of adding events. I want to happen that if the user is xxx and her department is yyy the link shoud appear and she can add events. i want that only to her the link should be appear..

here is the code:

<?php
$host = "localhost";

$username = "";

$password = "";

$dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');

$dbName = 'dspi';

mysql_select_db($dbName);	
?>
<html>
<head>
<script>
function goLastMonth(month, year){
// If the month is January, decrement the year
if(month == 1){
--year;
month = 13;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year;
}
//next function
function goNextMonth(month, year){
// If the month is December, increment the year
if(month == 12){
++year;
month = 0;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year;
} 

function remChars(txtControl, txtCount, intMaxLength)
{
if(txtControl.value.length > intMaxLength)
txtControl.value = txtControl.value.substring(0, (intMaxLength-1));
else
txtCount.value = intMaxLength - txtControl.value.length;
}

function checkFilled() {
var filled = 0
var x = document.form1.calName.value;
//x = x.replace(/^\s+/,""); // strip leading spaces
if (x.length > 0) {filled ++}

var y = document.form1.calDesc.value;
//y = y.replace(/^s+/,""); // strip leading spaces
if (y.length > 0) {filled ++}

if (filled == 2) {
document.getElementById("Submit").disabled = false;
}
else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased

}

</script>
<style>
body{
background-image: url(layout_image/bgroundv09.png);
background-attachment: fixed; 
font-family:Georgia, "Times New Roman", Times, serif;
font-size:16px;
}
.today{
/*background-color:#00CCCC;*/
font-weight:bold;
font-style:italic;
border-bottom-style:dashed;
background-image:url(calBg.jpg);
background-repeat:no-repeat;
background-position:center;
position:relative;
color:#FFFF00;
}
.today span{
position:absolute;
left:0;
top:0; 
}

.today a{
color:#FFFF00;
padding-top:10px;
}
.selected {
color: #FFFFFF;
background-color: #C00000;
}
.event {
/*background-color: #C6D1DC;*/
/*border:1px solid #ffffff;*/
background-image:url(layout_image/boxv01.png);
border: 1px ;
/*border-bottom-style:dashed;*/
/*border color #427e1a;*/
} 
.normal {

} 
table{
border:1px solid #cccccc;
padding:3px;
}
th{
width:36px;
background-color:#bcdd24;
text-align:center;
color:#ffffff;
border-left:1px solid #ffffff;
}
td{
text-align:center;
padding:8px;
margin:0;
}
table.tableClass{
width:350px;
border:none;
border-collapse: collapse;
font-size:85%;
border:1px dotted #cccccc;
}
table.tableClass input,textarea{
font-size:90%;
}
#form1{
margin:5px 0 0 0;
}
#greyBox{
height:10px;
width:10px;
background-color:#C6D1DC;
border:1px solid #666666;
margin:5px;
}
#hr{border-bottom:1px solid #cccccc;width:300px;}
.output{width:300px;border-bottom:1px dotted #ccc;margin-bottom:5px;padding:6px;}
h5{margin:0;}

</style>
<style type="text/css">
#Calendar_Event {
	position:absolute;
	width:200px;
	height:94px;
	z-index:2;
	left: 255px;
	top: 233px;
}
#New_Event {
	position:absolute;
	width:126px;
	height:21px;
	z-index:3;
	left: 612px;
	top: 232px;
}
</style>

<style type="text/css">
</head>

<body>
<form>
<?php
//$todaysDate = date("n/j/Y");
//echo $todaysDate;
// Get values from query string
$day = (isset($_GET["day"])) ? $_GET['day'] : "";
$month = (isset($_GET["month"])) ? $_GET['month'] : "";
$year = (isset($_GET["year"])) ? $_GET['year'] : "";
//comparaters for today's date
//$todaysDate = date("n/j/Y");
//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : "";
//$what = (isset($_GET["what"])) ? $_GET['what'] : "";

//$day = (!isset($day)) ? $day = date("j") : $day = "";
if(empty($day)){ $day = date("j"); }

if(empty($month)){ $month = date("n"); }

if(empty($year)){ $year = date("Y"); } 
//set up vars for calendar etc
$currentTimeStamp = strtotime("$year-$month-$day");
$monthName = date("F", $currentTimeStamp);
$numDays = date("t", $currentTimeStamp);
$counter = 0;
//$numEventsThisMonth = 0;
//$hasEvent = false;
//$todaysEvents = ""; 
//run a selec statement to hi-light the days
function hiLightEvt($eMonth,$eDay,$eYear){
//$tDayName = date("l");
$todaysDate = date("n/j/Y");
$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
if($todaysDate == $dateToCompare){
//$aClass = '<span>' . $tDayName . '</span>';
$aClass='class="today"';
}else{
//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
//echo $todaysDate;
//return;
$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
while($row= mysql_fetch_array($result)){
if($row['eCount'] >=1){
$aClass = 'class="event"';
}elseif($row['eCount'] ==0){
$aClass ='class="normal"';
}
}
}
return $aClass;
}
?>
<div id="Calendar_Event">
<table width="350" cellpadding="0" cellspacing="0">
<tr>
<td width="50" colspan="1">
<input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);">
</td>
<td width="250" colspan="5">
<span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br>
</td>
<td width="50" colspan="1" align="right">
<input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);">
</td>
</tr> 
<tr>
<th>M</td>
<th>T</td>
<th>W</td>
<th>T</td>
<th>F</td>
<th>S</td>
<th>S</td>
</tr>
<tr>
<?php
for($i = 1; $i < $numDays+1; $i++, $counter++){
$dateToCompare = $month . '/' . $i . '/' . $year;
$timeStamp = strtotime("$year-$month-$i");
//echo $timeStamp . '<br/>';
if($i == 1){
// Workout when the first day of the month is
$firstDay = date("N", $timeStamp);
for($j = 1; $j < $firstDay; $j++, $counter++){
echo "<td>&nbsp;</td>";
} 
}
if($counter % 7 == 0 ){
?>
</tr><tr>
<?php
}
?>
<!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td> 
<?php
}
?>
</table>
</div>
<div id="New_Event">
<?php
if(isset($_GET['v'])){
if(isset($_POST['Submit'])){
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";
mysql_query($sql);
}
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='xxx' AND Department='yyy'");
if (mysql_num_rows($check)>0){ 
?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>
</div>
<div id="Cal_Event">
<?php
if(isset($_GET['f'])){
include 'calForm.php';
}
if($numRows == 0 ){
echo '';
}else{
//echo '<ul>';
echo '<h3>Event Listed</h3>';
while($row = mysql_fetch_array($result)){
?>

<h5><?=$row['calName'];?></h5>
<?=$row['calDesc'];?><br/>
Listed On: <?=$row['calStamp'];?>
<?php
}
}
}
?>
</div>
</form>
</body>
</html>

Krik

if($user == 'xxx' && $department == 'yyy') {
    // display html with link for entering a new event
}
else {
    // display html for event only

Without having to look through all your code that is the most basic example.

I will note that for myself I usually assign permissions in the database. Usually this is as simple as adding a permissions column to the the table that has their login info. You then can set super admins as 3, admins a 2, users as 1, and guest get 0.

If each user has to be specifically granted permissions to each page, you then need a database to store each users permissions level for each page.

And in both cases the system then checks the users permission level to determine if the link is visible or if they can access the page.

newphpcoder

anoopmail;10962757 wrote:
if u r using this hard coded username 'rhoda.barrera@dunlop.ph' it wont work..u have to figure out the usrename for the logged in user and use it.

How can i figure if the user is login, I'm sorry i have no idea about that..I hope you can help me.

anoopmail

Put a login form.
Then on submitting the form, verify the userid agiant database, if correct, set a session variable

 $_SESSION['user_id'] = $_POST['user_id'] ; # this will be the posted user id/email from the login form
[code=php]
once it is set, you can check across all pages as
[code=php]
if(isset($_SESSION['user_id']){
...

Google for more info about using sessions
http://www.tizag.com/phpT/phpsessions.php

newphpcoder

Krik;10962947 wrote:
if($user == 'xxx' && $department == 'yyy') {
    // display html with link for entering a new event
}
else {
    // display html for event only
Without having to look through all your code that is the most basic example.

I will note that for myself I usually assign permissions in the database. Usually this is as simple as adding a permissions column to the the table that has their login info. You then can set super admins as 3, admins a 2, users as 1, and guest get 0.

If each user has to be specifically granted permissions to each page, you then need a database to store each users permissions level for each page.

And in both cases the system then checks the users permission level to determine if the link is visible or if they can access the page.

How can i add in my database the users permission

newphpcoder

anoopmail;10963373 wrote:
Put a login form.
Then on submitting the form, verify the userid agiant database, if correct, set a session variable
 $_SESSION['user_id'] = $_POST['user_id'] ; # this will be the posted user id/email from the login form
[code=php]
once it is set, you can check across all pages as
[code=php]
if(isset($_SESSION['user_id']){
...
Google for more info about using sessions
http://www.tizag.com/phpT/phpsessions.php

Where i put the code

if(isset($_SESSION['user_id']){
...

and what condition i should put on if condition..?
Thank you

Krik

Which method where you looking at?

I referenced 2 different way the first was a groups method the second was individual permissions by page method.

newphpcoder

Krik;10963480 wrote:
Which method where you looking at?

I referenced 2 different way the first was a groups method the second was individual permissions by page method.

It is individual permission, because only one user should be permitted to add event.

Thisis the field in my database table:

tbllogin
ID
Username
Department

tblcal
calID
calName
calDesc
calDate
calStamp

NogDog

I've merged the two threads together. In the future, please pick one forum and post there; multiple cross-posts are frowned upon here and pretty much any other forum on the web.

newphpcoder

NogDog;10963486 wrote:
I've merged the two threads together. In the future, please pick one forum and post there; multiple cross-posts are frowned upon here and pretty much any other forum on the web.

For the better discussion I will put the code for the login and in the calendar page because the condition for the adding events depend on who is the user who is login.

Here is my code in login:

<?php 
session_start(); 
session_regenerate_id(); 

if($_SESSION['loggedin']){ 
//the user is already logged in, lets redirect them to the other page 
    header("Location:Company.php"); 
} 


//require_once 'conn.php';   

$db_name="dspi"; 

mysql_connect("localhost", "root", "") or die("Cannot connect to server"); 
mysql_select_db("$db_name")or die("Cannot select DB");    


    $department = mysql_real_escape_string($_POST['department']);    
    $username = mysql_real_escape_string($_POST['username']); 

    $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
    $ct = mysql_num_rows($sql); 

    if($ct == 1) { 
// im guessing this means that the user is valid. 
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value. 
            $row = mysql_fetch_assoc($sql);   

        if($row['Department']=='Accounting') { 
            header('location: Company.php'); 
        } elseif($row['Department']=='Engineering') { 
            header('location: Company.php'); 
        } elseif($row['Department']=='Finishing_Goods') { 
            header('location: Company.php'); 
        } elseif($row['Department']=='HRAD') { 
            header('location: Company.php'); 
        } elseif($row['Department']=='MIS') { 
            header('location:Company.php'); 
        } elseif($row['Department']=='Packaging_and_Design') { 
            header('location:Company.php'); 
        } elseif($row['Department']=='Production') { 
            header('location:Company.php'); 
        } elseif($row['Department']=='Purchasing_Logistic') { 
            header('location:Company.php'); 
        } elseif($row['Department']=='QA_and_Technical') { 
            header('location:Company.php'); 
        } elseif($row['Department']=='Supply_Chain') { 
            header('location:Company.php'); 
        } 
        else { 
            header('location:index.php'); 
            echo"Incorrect Username or Department"; 

            }   
} 
?>

in this login page the echo in my else statement was not work or appear if the user or department is not correct, then i don't where i can put session to store the username and departent.

and my code in my calendar event page:

<?php
$host = "localhost";

$username = "";

$password = "";

$dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');

$dbName = 'dspi';

mysql_select_db($dbName);	
?>
<html>
<body>
<script>
function goLastMonth(month, year){
// If the month is January, decrement the year
if(month == 1){
--year;
month = 13;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year;
}
//next function
function goNextMonth(month, year){
// If the month is December, increment the year
if(month == 12){
++year;
month = 0;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year;
} 

function remChars(txtControl, txtCount, intMaxLength)
{
if(txtControl.value.length > intMaxLength)
txtControl.value = txtControl.value.substring(0, (intMaxLength-1));
else
txtCount.value = intMaxLength - txtControl.value.length;
}

function checkFilled() {
var filled = 0
var x = document.form1.calName.value;
//x = x.replace(/^\s+/,""); // strip leading spaces
if (x.length > 0) {filled ++}

var y = document.form1.calDesc.value;
//y = y.replace(/^s+/,""); // strip leading spaces
if (y.length > 0) {filled ++}

if (filled == 2) {
document.getElementById("Submit").disabled = false;
}
else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased

}

</script>
<?php
//$todaysDate = date("n/j/Y");
//echo $todaysDate;
// Get values from query string
$day = (isset($_GET["day"])) ? $_GET['day'] : "";
$month = (isset($_GET["month"])) ? $_GET['month'] : "";
$year = (isset($_GET["year"])) ? $_GET['year'] : "";
//comparaters for today's date
//$todaysDate = date("n/j/Y");
//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : "";
//$what = (isset($_GET["what"])) ? $_GET['what'] : "";

//$day = (!isset($day)) ? $day = date("j") : $day = "";
if(empty($day)){ $day = date("j"); }

if(empty($month)){ $month = date("n"); }

if(empty($year)){ $year = date("Y"); } 
//set up vars for calendar etc
$currentTimeStamp = strtotime("$year-$month-$day");
$monthName = date("F", $currentTimeStamp);
$numDays = date("t", $currentTimeStamp);
$counter = 0;
//$numEventsThisMonth = 0;
//$hasEvent = false;
//$todaysEvents = ""; 
//run a selec statement to hi-light the days
function hiLightEvt($eMonth,$eDay,$eYear){
//$tDayName = date("l");
$todaysDate = date("n/j/Y");
$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
if($todaysDate == $dateToCompare){
//$aClass = '<span>' . $tDayName . '</span>';
$aClass='class="today"';
}else{
//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
//echo $todaysDate;
//return;
$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
while($row= mysql_fetch_array($result)){
if($row['eCount'] >=1){
$aClass = 'class="event"';
}elseif($row['eCount'] ==0){
$aClass ='class="normal"';
}
}
}
return $aClass;
}
?>
<div id="Calendar_Event">
<table width="350" cellpadding="0" cellspacing="0">
<tr>
<td width="50" colspan="1">
<input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);">
</td>
<td width="250" colspan="5">
<span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br>
</td>
<td width="50" colspan="1" align="right">
<input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);">
</td>
</tr> 
<tr>
<th>M</td>
<th>T</td>
<th>W</td>
<th>T</td>
<th>F</td>
<th>S</td>
<th>S</td>
</tr>
<tr>
<?php
for($i = 1; $i < $numDays+1; $i++, $counter++){
$dateToCompare = $month . '/' . $i . '/' . $year;
$timeStamp = strtotime("$year-$month-$i");
//echo $timeStamp . '<br/>';
if($i == 1){
// Workout when the first day of the month is
$firstDay = date("N", $timeStamp);
for($j = 1; $j < $firstDay; $j++, $counter++){
echo "<td>&nbsp;</td>";
} 
}
if($counter % 7 == 0 ){
?>
</tr><tr>
<?php
}
?>
<!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td> 
<?php
}
?>
</table>
</div>
<div id="New_Event">
<?php
if(isset($_GET['v'])){
if(isset($_POST['Submit'])){
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";
mysql_query($sql);
}
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='xxx' AND Department='MIS'");
if (mysql_num_rows($check)>0){ 
?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>
</div>
<div id="Cal_Event">
<?php
if(isset($_GET['f'])){
include 'calForm.php';
}
if($numRows == 0 ){
echo '';
}else{
//echo '<ul>';
echo '<h3>Event Listed</h3>';
while($row = mysql_fetch_array($result)){
?>

<h5><?=$row['calName'];?></h5>
<?=$row['calDesc'];?><br/>
Listed On: <?=$row['calStamp'];?>
<?php
}
}
}
?>
</div>
</body>
</html>

in this calendar event when i click the link for the calendar and when i choose a date to add event, the link for add event was not appear even i am the user who have the rights to add event, the output is "You cannot add event."

And the table for login and calendar was separated..