Restriction in Adding Events in Calendar

I have no code for checking if the user is login…I only check if the user is equalt to user =xxx and department is =yyy then she can add event or else she cant add event.

In the script you posted here, how do you know which user has logged in? Do you use session variables?

The top code is for what?or where i can put it?

i have new condition in adding events but this code was not work because it falls on the else statement which is “You cannot add event.”

here is the code:


<?php
if(isset($_GET['v'])){
if(isset($_POST['Submit'])){
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";
mysql_query($sql);
}
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='".$_SESSION['Username']."' AND Department='".$_SESSION['Department']."' AND Permission='True'");
if (mysql_num_rows($check)>0){ 
?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>