Hey guys,
I need an idea on how to determine wether a user that has been logged in is a supervisor. Ive made my login.php file and my choosereview.php.I have a very slight idea on how to do it but i just cant get it right.I want to determine whether the user logged in is a supervisor and then direct the user to the choosereview.php.All useres are supposed to be directed there,but supervisors have extra information displayed on their webpage.Ive managed to make the page for non-supervisors bt im having a bit of difficulty with supervisors.
Ok, the code is :

<?php 

   require_once("nocache.php");
  $id = $_POST["id"];
  
  $pword = $_POST["pword"];
  
  if (empty($id) || empty($pword))
  {
    header("location: login.html");
  }
  
  else { 
     require_once("dbconn.php");
  
     $sql = "select * from employee where empid = '$id' and password = '$pword'";
  
     $rs = mysql_query($sql, $dbConn);
  
     if (mysql_num_rows($rs)> 0 ) 
    {
  
         session_start();
  
         $_SESSION["who"] = $id;
         $_SESSION["surname"] = mysql_result($rs,0,"surname");
         $_SESSION["firstname"]=mysql_result($rs,0,"firstname");

//Ive been trying to use an IF statement within this statement to determine that the user is a supervisor while keeping the condition that a user is logged in true as well.But i get stuck at the part where im supposed to write something within the if statement.
       
$sql2 = "select * from employee,departments where employee.empid = departments.supervisorid";
$rs2 = mysql_query($sql2, $dbConn);
        
               if(mysql_num_rows($rs2)> 0 && $_SESSION["who"]==$id)
                {
                   $sup=true;
                  }


              header("location: choosereview.php");
	
}
    
	 else 
	 {
       header("location: employee.php");}
    }
?>

The table for Departments has the fields: ID, DepartmentID,Department Name and Supervisor ID, where as the employee table has ID,EmpID,First Name,LastName.
The problem is that supervisor ID is the same as the emoloyeeID.
So say an employee id is 100 if that person is a supervisor their supervisor id is also 100. Im lost:S

Now the Choosereview:

<?php
  require_once("nocache.php");

  session_start();
  if (!$_SESSION["who"])
   {
    header("location: logoff.php");
    }
  else 
   {
    $emp = $_SESSION["who"];
    $sn=$_SESSION["surname"];
    $fn=$_SESSION["firstname"];
           }
?>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
  <title>Employee Review</title>
</head>
<body>
<h1>Review Page</h1>
<p>


<h3>Welcome to the Review Page <?php echo $fn;?> <?php echo $sn;?>  (<?php echo $emp; ?>)</h3>

//Over here here i want an IF statement that will show certain data ONLY if the logged in user is a supervisor


<?php
require_once("dbconn.php");
$sql="SELECT * FROM reviews WHERE empid='$emp'";
$rs = mysql_query($sql, $dbConn);
?>




<?php

while ($row = mysql_fetch_array($rs)) {?>


<?php

$_SESSION["rid"] =mysql_result($rs,0,"reviewid");

echo'<h4>Employee ID</h4>';
echo $emp;

echo'<h4>Supervisor ID</h4>';
echo $row["supervisorid"];

echo'<h4>Review ID</h4>';
echo $row["reviewid"];

echo'<h4>Date Completed:</h4>';
echo $row["datecompleted"];

echo'<h4>Review Year</h4>';
echo '<a href="viewReview.php" />';
echo $row["reviewYear"];
echo '</a>';

echo'<h4>Completed</h4>';
echo $row["completed"];

?>

<?php }; ?>





<br/>

<a href="logoff.php">Log Off</a><br/> 

</p>

</body>

</html>

add column is_supervisor to the employee database default to no/false

Thing is i cant change the database.Its part of my assignment and we are not allowed to change the database:S

Member Avatar for rajarajan2017

In the user creation page, you will specify the user rights. while defining the rights, you should have one more column in table to identify their rights. So when a user login, you can cross check their rights to proceed further. Session or Cookies are not suitable for this scenario.

Yeah i know.But the problem is, i dont have access to the database.Its read only:S There is another way,but i just dont know exactly what:S

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.