Dreamweaver - Mostrar informacion segun los usuarios

<?php require_once('../Connections/Miconexion.php'); ?>

<?php

//initialize the session

if (!isset($_SESSION)) {

  session_start();

}

// ** Logout the current user. **

$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";

if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){

  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);

}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){

  //to fully log out a visitor we need to clear the session varialbles

  $_SESSION['MM_Username'] = NULL;

  $_SESSION['MM_UserGroup'] = NULL;

  $_SESSION['PrevUrl'] = NULL;

  unset($_SESSION['MM_Username']);

  unset($_SESSION['MM_UserGroup']);

  unset($_SESSION['PrevUrl']);

  $logoutGoTo = "../index.php";

  if ($logoutGoTo) {

    header("Location: $logoutGoTo");

    exit;

  }

}

?>

<?php

if (!isset($_SESSION)) {

  session_start();

}

$MM_authorizedUsers = "";

$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {

  // For security, start by assuming the visitor is NOT authorized.

  $isValid = False;

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.

  // Therefore, we know that a user is NOT logged in if that Session variable is blank.

  if (!empty($UserName)) {

    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.

    // Parse the strings into arrays.

    $arrUsers = Explode(",", $strUsers);

    $arrGroups = Explode(",", $strGroups);

    if (in_array($UserName, $arrUsers)) {

      $isValid = true;

    }

    // Or, you may restrict access to only certain users based on their username.

    if (in_array($UserGroup, $arrGroups)) {

      $isValid = true;

    }

    if (($strUsers == "") && true) {

      $isValid = true;

    }

  }

  return $isValid;

}

$MM_restrictGoTo = "../login.php";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {

  $MM_qsChar = "?";

  $MM_referrer = $_SERVER['PHP_SELF'];

  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)

  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];

  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

  header("Location: ". $MM_restrictGoTo);

  exit;

}

?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

$currentPage = $_SERVER["PHP_SELF"];

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

		$NombreArchivoServidor= $_FILES['Imagen']['name'];

  $insertSQL = sprintf("INSERT INTO producto (Nombre, Descripcion, Precio, Cantidad, Imagen) VALUES (%s, %s, %s, %s, %s)",

                       GetSQLValueString($_POST['Nombre'], "text"),

                       GetSQLValueString($_POST['Descripcion'], "text"),

                       GetSQLValueString($_POST['Precio'], "double"),

                       GetSQLValueString($_POST['Cantidad'], "int"),

                       GetSQLValueString($NombreArchivoServidor, "text"));

  mysql_select_db($database_Miconexion, $Miconexion);

  $Result1 = mysql_query($insertSQL, $Miconexion) or die(mysql_error());

  if($Result1){

	   move_uploaded_file($_FILES['Imagen']['tmp_name'],"../imagenesProductos/".$NombreArchivoServidor);

  }

  $insertGoTo = "AdminProductos.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $insertGoTo));

}

if ((isset($_GET['Clave'])) && ($_GET['Clave'] != "")) {

  $deleteSQL = sprintf("DELETE FROM producto WHERE Clave=%s",

                       GetSQLValueString($_GET['Clave'], "int"));

  mysql_select_db($database_Miconexion, $Miconexion);

  $Result1 = mysql_query($deleteSQL, $Miconexion) or die(mysql_error());

}

$maxRows_Recordset1 = 3;

$pageNum_Recordset1 = 0;

if (isset($_GET['pageNum_Recordset1'])) {

  $pageNum_Recordset1 = $_GET['pageNum_Recordset1'];

}

$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;

mysql_select_db($database_Miconexion, $Miconexion);

$query_Recordset1 = "SELECT * FROM producto ORDER BY Clave ASC";

$query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1);

$Recordset1 = mysql_query($query_limit_Recordset1, $Miconexion) or die(mysql_error());

$row_Recordset1 = mysql_fetch_assoc($Recordset1);

if (isset($_GET['totalRows_Recordset1'])) {

  $totalRows_Recordset1 = $_GET['totalRows_Recordset1'];

} else {

  $all_Recordset1 = mysql_query($query_Recordset1);

  $totalRows_Recordset1 = mysql_num_rows($all_Recordset1);

}

$totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1;

$queryString_Recordset1 = "";

if (!empty($_SERVER['QUERY_STRING'])) {

  $params = explode("&", $_SERVER['QUERY_STRING']);

  $newParams = array();

  foreach ($params as $param) {

    if (stristr($param, "pageNum_Recordset1") == false &&

        stristr($param, "totalRows_Recordset1") == false) {

      array_push($newParams, $param);

    }

  }

  if (count($newParams) != 0) {

    $queryString_Recordset1 = "&" . htmlentities(implode("&", $newParams));

  }

}

$queryString_Recordset1 = sprintf("&totalRows_Recordset1=%d%s", $totalRows_Recordset1, $queryString_Recordset1);

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Document sans titre</title>

</head>

<body>

<h1>HOLA:  <?php echo $_SESSION['MM_Username']?></p>

<p><a href="<?php echo $logoutAction ?>">Desconectar</a></p>

<form action="<?php echo $editFormAction; ?>" method="post" enctype="multipart/form-data" name="form1" id="form1">

  <table align="center">

    <tr valign="baseline">

      <td nowrap="nowrap" align="right">Nombre:</td>

      <td><input type="text" name="Nombre" value="" size="32" /></td>

    </tr>

    <tr valign="baseline">

      <td nowrap="nowrap" align="right">Descripcion:</td>

      <td>

        <!--

      <input type="text" name="Descripcion" value="" size="32" />

     </td>

      -->

        <label for="Descripcion"></label>

      <textarea name="Descripcion" id="Descripcion" cols="45" rows="5"></textarea></td>

    </tr>

    <tr valign="baseline">

      <td nowrap="nowrap" align="right">Precio:</td>

      <td><input type="text" name="Precio" value="" size="32" /></td>

    </tr>

    <tr valign="baseline">

      <td nowrap="nowrap" align="right">Cantidad:</td>

      <td><input type="text" name="Cantidad" value="" size="32" /></td>

    </tr>

    <tr valign="baseline">

      <td nowrap="nowrap" align="right">Imagen:</td>

      <td>

      <!--

      <input type="text" name="Imagen" value="" size="32" />

      </p>

      -->

      <p>

        <label for="Imagen"></label>

        <input type="file" name="Imagen" id="Imagen" />

      </p></td>

    <tr valign="baseline">

      <td nowrap="nowrap" align="right">&nbsp;</td>

      <td><input type="submit" value="Insérer un enregistrement" /></td>

    </tr>

  </table>

  <input type="hidden" name="MM_insert" value="form1" />

</form>

<p>Registro <?php echo ($startRow_Recordset1 + 1) ?>al<?php echo min($startRow_Recordset1 + $maxRows_Recordset1, $totalRows_Recordset1) ?>de un total de <?php echo $totalRows_Recordset1 ?> </p>

<p>&nbsp;

<table border="0" align="center">

  <tr>

    <td><?php if ($pageNum_Recordset1 > 0) { // Show if not first page ?>

        <a href="<?php printf("%s?pageNum_Recordset1=%d%s", $currentPage, 0, $queryString_Recordset1); ?>">Premier</a>

        <?php } // Show if not first page ?></td>

    <td><?php if ($pageNum_Recordset1 > 0) { // Show if not first page ?>

        <a href="<?php printf("%s?pageNum_Recordset1=%d%s", $currentPage, max(0, $pageNum_Recordset1 - 1), $queryString_Recordset1); ?>">Pr&eacute;c&eacute;dent</a>

        <?php } // Show if not first page ?></td>

    <td><?php if ($pageNum_Recordset1 < $totalPages_Recordset1) { // Show if not last page ?>

        <a href="<?php printf("%s?pageNum_Recordset1=%d%s", $currentPage, min($totalPages_Recordset1, $pageNum_Recordset1 + 1), $queryString_Recordset1); ?>">Suivant</a>

        <?php } // Show if not last page ?></td>

    <td><?php if ($pageNum_Recordset1 < $totalPages_Recordset1) { // Show if not last page ?>

        <a href="<?php printf("%s?pageNum_Recordset1=%d%s", $currentPage, $totalPages_Recordset1, $queryString_Recordset1); ?>">Dernier</a>

        <?php } // Show if not last page ?></td>

  </tr>

</table>

</p>

<table border="1" align="center">

  <tr>

    <td>Borrar</td>

    <td>Editar</td>

    <td>Clave</td>

    <td>Nombre</td>

    <td>Descripcion</td>

    <td>Precio</td>

    <td>Cantidad</td>

    <td>Imagen</td>

  </tr>

  <?php do { ?>

    <tr>

      <td><a href="AdminProductos.php?Clave=<?php echo $row_Recordset1['Clave']; ?>">Borrar</a></td>

      <td><a href="EditarDatos.php?ClaveEditar=<?php echo $row_Recordset1['Clave']; ?>">Editar</a></td>

      <td><?php echo $row_Recordset1['Clave']; ?></td>

      <td><?php echo $row_Recordset1['Nombre']; ?></td>

      <td><?php echo $row_Recordset1['Descripcion']; ?></td>

      <td><?php echo $row_Recordset1['Precio']; ?></td>

      <td><?php echo $row_Recordset1['Cantidad']; ?></td>

      <td><?php echo $row_Recordset1['Imagen']; ?></td>

    </tr>

    <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?>

</table>

<p>&nbsp;</p>

<p>&nbsp;</p>

</body>

</html>

<?php

mysql_free_result($Recordset1);

?>