-1

i made a little web application in university and have some problems with data access.

There are 3 user accounts which can log in and all of them can create their own lectures afterwards.

Problem: Each teacher should only see the lectures he created and not the ones the other two created. At the moment every teacher sees every lecture.

I don't know which code I should post here, but I am very thankful for any kind of help!

Thanks so much!

Edit: Thanks for your answer. I tried it the last few hours, but I have not idea what to to anymore.

That's my code where I save the lecture into the database. There seems to be a problem with the $_SESSION.

public function save(Vorlesung $vorlesung)
    {

        try {
            $stmt = $this->pdo->prepare('
              INSERT INTO vorlesung
                (name, login_dozent)
              VALUES
                (:name, '$_SESSION[dozent]')
            ');
            $stmt->bindParam(':name', $vorlesung->name);
            $stmt->execute();
        } catch (PDOException $e) {
            echo("Fehler! Bitten wenden Sie sich an den Administrator...<br>" . $e->getMessage() . "<br>");
            die();
        }
        return $vorlesung;
    }

That's my login code:

<?php
require_once("Mapper/DozentManager.php");
require_once("Mapper/Dozent.php");

$login = htmlspecialchars($_POST["login"], ENT_QUOTES, "UTF-8");
$password = htmlspecialchars($_POST["password"], ENT_QUOTES, "UTF-8");

if (!empty($login) && !empty($password)) {
    $DozentManager = new DozentManager();
    $dozent = $DozentManager->findByLogin($login, $password);
    if ($dozent==null) {
        header('Location: login.php');
        die();
    } else {
        session_start();
        $_SESSION ['dozent'] = $dozent;
        $_SESSION ['login'] = "1";
        header('Location: index.php');
        die();
    }
} else {
    echo "Error: Bitte alle Felder ausfüllen!<br/>";
}
Timo Springer
  • 15
  • 6
  • First of all: very welcome to stackoverflow! This seems to be your homework - and people here don't like to do your stuff. – sics Apr 02 '16 at 08:16
  • Welcome to SO: to help us help you, what have you tried? we can only give extremely general solutions to the current question which may not be helpful to you at all. – iam-decoder Apr 02 '16 at 08:17

2 Answers2

2

It's not very precise, without example of code... So let's be general : you store into your database : - teachers (each of them may have a unique login or id) - lectures : each of them should include a data to identify your teacher : its unique login or id.

Then you will be able to filter your lectures using the currently connected teacher you should have store as a session value for example.

On login script :

  • check if the teacher is in database using its login + password and gets its unique login or id. Then store it into a session value :

$_SESSION['teacher'] = $the_teacher_id

  • when you create a lecture, store the teacher id into the database, with the other data of the lecture : INSERT INTO lectures (teacher, other_lecture_data) VALUES ('$_SESSION[teacher]', $other_lecture_data_value);

  • when you list all available lectures, filter them using the currently connected teacher unique login or id :

SELECT * FROM lectures WHERE teacher = '$_SESSION[teacher]';

Baptiste
  • 364
  • 2
  • 5
  • Thanks for your answer. In theory that sounds great, but I still have some problems with my code. I edited my answer above. Thanks so much! – Timo Springer Apr 02 '16 at 11:08
1

Your lecture table should look like this:

id | lecture_name | teacher_id
------------------------------
1  | lecture 1    | 1
2  | lecutre 2    | 2

Your query should look like this:

select * from lecture where teacher_id = 1; // or another teacher id
sics
  • 1,298
  • 1
  • 11
  • 24