Hello,
So I have a php page that Im working on for a school that I work at and I have kinda run into a couple of snags. I have created a simple login page for usernames and passwords that are housed in the database that I have created. If you login using a user account with admin privallages it kicks you to a user account control panel and if you login as a student it kicks you to a student page. All of the security is based on cookies… What I have done is created a simple php page that displays all of the data that has been entered into the database under each column ie. Grades, courses, instructor, etc… well I have all the data coming into my php form from the tables but I cant figure out for the life of me how to seperate all the data to just show whats relivant to a particular student. All the data is confidential and I really need to figure out a good way to make it so students only see information on themselves because funding agencies, ssn and much high risk data is available to them on the site. This is where my expertise on sql/php gets a little shakey. I understand what needs to be done I think but I just dont know the steps to do it. From what Im thinking I need to have the students login and when they do that then I need to pull that username out of the cookie and reference the username that they logged in with to the database and make the database be relational by usernames somehow but like I said this is where it gets a little fuzzy for me. If anyone would be willing to take a peek at my script I would really appriciate it. Let me know and ill post it on my ftp since its a little to big for kirupa.
thanks
gary
EDIT: HERES THE CODE FOR THE INDEX.PHP PAGE THAT THE DATA IS DISPLAYED IN
<?php
include_once ("../auth.php");
include_once ("../authconfig.php");
include_once ("../check.php");
$hostname_connect = "localhost";
$database_connect = "******";
$username_connect = "******";
$password_connect = "******";
$connect = mysql_pconnect($hostname_connect, $username_connect, $password_connect) or trigger_error(mysql_error(),E_USER_ERROR);
$colname_getGradeForUser = "0";
if (isset($_COOKIE['username'])) {
$colname_getGradeForUser = (get_magic_quotes_gpc()) ? $_COOKIE['username'] : addslashes($_COOKIE['username']);
}
mysql_select_db($database_connect, $connect);
$query_getGradeForUser = sprintf('SELECT * FROM `grades` LIMIT 0, 30' , $colname_getGradeForUser);
$getGradeForUser = mysql_query($query_getGradeForUser, $connect) or die(mysql_error());
$row_getGradeForUser = mysql_fetch_assoc($getGradeForUser);
$totalRows_getGradeForUser = mysql_num_rows($getGradeForUser);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Test data output for ctlc db</title>
</head>
<body>
<strong>Grades for: <? echo $_COOKIE['$username']; ?>
</strong>
<table border="1" cellpadding="8" cellspacing="0">
<tr>
<td>course</td>
<td>grade</td>
<td>student name</td>
<td>instructor name</td>
</tr>
<?php do { ?>
<tr>
<td><?php echo $row_getGradeForUser['course']; ?></td>
<td><?php echo $row_getGradeForUser['grade']; ?></td>
<td><?php echo $row_getGradeForUser['student']; ?></td>
<td><?php echo $row_getGradeForUser['instructor']; ?></td>
</tr>
<?php } while ($row_getGradeForUser = mysql_fetch_assoc($getGradeForUser)); ?>
</table>
</body>
</html>
<?php
mysql_free_result($getGradeForUser);
?> lt($getGradeForUser);
?>
