So I have this food ordering system where each admin uploads his or her food from the backend and users can browse through those food from the frontend, a simple program. But what I want is that an admin should not be able to view or update the food from another admin as right now any of the admins can view and update all the food that are uploaded on the backend. What I want is only a specific admin only viewing and updating his or her added food items.
Attached below is the snippet and picture of the food view and update page where it displays all foods and can update them.
FYI the code is in PHP and the backend is SQL in phpMyAdmin
Please do let me if there are any confusions in my explanation.
<?php include('partials/menu.php'); ?>
<div class="main-content">
<div class="wrapper">
<h1>Manage Food</h1>
<br /><br />
<!-- Button to Add Admin -->
<a href="<?php echo SITEURL; ?>admin/add-food.php" class="btn-primary">Add Food</a>
<br /><br /><br />
<?php
if(isset($_SESSION['add']))
{
echo $_SESSION['add'];
unset($_SESSION['add']);
}
if(isset($_SESSION['delete']))
{
echo $_SESSION['delete'];
unset($_SESSION['delete']);
}
if(isset($_SESSION['upload']))
{
echo $_SESSION['upload'];
unset($_SESSION['upload']);
}
if(isset($_SESSION['unauthorize']))
{
echo $_SESSION['unauthorize'];
unset($_SESSION['unauthorize']);
}
if(isset($_SESSION['update']))
{
echo $_SESSION['update'];
unset($_SESSION['update']);
}
?>
<table class="tbl-full">
<tr>
<th>S.N.</th>
<th>Title</th>
<th>Price</th>
<th>Image</th>
<th>Featured</th>
<th>Active</th>
<th>Actions</th>
</tr>
<?php
//Create a SQL Query to Get all the Food
$sql = "SELECT * FROM tbl_food";
//Execute the qUery
$res = mysqli_query($conn, $sql);
//Count Rows to check whether we have foods or not
$count = mysqli_num_rows($res);
//Create Serial Number VAriable and Set Default VAlue as 1
$sn=1;
if($count>0)
{
//We have food in Database
//Get the Foods from Database and Display
while($row=mysqli_fetch_assoc($res))
{
//get the values from individual columns
$id = $row['id'];
$title = $row['title'];
$price = $row['price'];
$image_name = $row['image_name'];
$featured = $row['featured'];
$active = $row['active'];
?>
<tr>
<td><?php echo $sn++; ?>. </td>
<td><?php echo $title; ?></td>
<td>$<?php echo $price; ?></td>
<td>
<?php
//CHeck whether we have image or not
if($image_name=="")
{
//WE do not have image, DIslpay Error Message
echo "<div class='error'>Image not Added.</div>";
}
else
{
//WE Have Image, Display Image
?>
<img src="<?php echo SITEURL; ?>images/food/<?php echo $image_name; ?>" width="100px">
<?php
}
?>
</td>
<td><?php echo $featured; ?></td>
<td><?php echo $active; ?></td>
<td>
<a href="<?php echo SITEURL; ?>admin/update-food.php?id=<?php echo $id; ?>" class="btn-secondary">Update Food</a>
<a href="<?php echo SITEURL; ?>admin/delete-food.php?id=<?php echo $id; ?>&image_name=<?php echo $image_name; ?>" class="btn-danger">Delete Food</a>
</td>
</tr>
<?php
}
}
else
{
//Food not Added in Database
echo "<tr> <td colspan='7' class='error'> Food not Added Yet. </td> </tr>";
}
?>
</table>
</div>
</div>
<?php include('partials/footer.php'); ?>
Attached is a picture of this
