如何筛选登录用户的消息

Question

我正在研究一个帖子/布告牌系统。用户登录以查看与其相关的帖子。我打算根据学校，计划，级别和其他一些人过滤要查看的消息。因此，例如，管理员向100级学生和另一名B级学生发送A级到100级计算机科学学生。如果我以100级学生的身份登录，无论我的课程如何，我都会看到后A。如果我作为100级计算机科学专业的学生登录，我会看到B后。

我有一个帖子表（tblpost），其中存储了帖子，同样存储了所有用户的用户表（tblusers）。所以我试图使用IF ELSE语句来过滤帖子，但只有IF语句有效。

以下是我的表格：

向tblUsers

tblpost

这是我的代码：adminviewpost.php

<?php require_once('Connections/localhost.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);

  $logoutGoTo = "index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_login = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_login = $_SESSION['MM_Username'];
}
mysql_select_db($database_localhost, $localhost);
$query_login = sprintf("SELECT * FROM tblusers WHERE user_id = %s", GetSQLValueString($colname_login, "text"));
$login = mysql_query($query_login, $localhost) or die(mysql_error());
$row_login = mysql_fetch_assoc($login);
$totalRows_login = mysql_num_rows($login);

$db_school = $row_login['school'];
$db_prog = $row_login['prog'];
$db_level = $row_login['level'];
$db_stream = $row_login['stream'];
$db_society = $row_login['society'];
$db_nationality = $row_login['nationality'];
$db_position = $row_login['positionid'];

mysql_select_db($database_localhost, $localhost);
$query_mainposts = "SELECT * FROM tblposts";
$mainposts = mysql_query($query_mainposts, $localhost) or die(mysql_error());
$row_mainposts = mysql_fetch_assoc($mainposts);
$totalRows_mainposts = mysql_num_rows($mainposts);

$db_post_school = $row_mainposts['school'];
$db_post_prog = $row_mainposts['prog'];
$db_post_level = $row_mainposts['level'];
$db_post_stream = $row_mainposts['stream'];
$db_post_society = $row_mainposts['society'];
$db_post_nationality = $row_mainposts['nationality'];
$db_post_position = $row_mainposts['position'];

mysql_select_db($database_localhost, $localhost);
if ($db_post_school!==NULL && $db_post_prog==NULL && $db_post_level==NULL && $db_post_stream==NULL && $db_post_society==NULL && $db_post_nationality==NULL && $db_post_position==NULL) {
    # code...
    $query_posts = "SELECT * FROM tblposts WHERE school = '$db_school'
";
$posts = mysql_query($query_posts, $localhost) or die(mysql_error());
$row_posts = mysql_fetch_assoc($posts);
$totalRows_posts = mysql_num_rows($posts);
}
elseif ($db_post_school!==NULL && $db_post_prog==NULL && $db_post_level !==NULL && $db_post_stream==NULL && $db_post_society==NULL && $db_post_nationality==NULL && $db_post_position==NULL) {
    # code...
    $query_posts = "SELECT * FROM tblposts WHERE school = '$db_school' && level = '$db_level'
";
$posts = mysql_query($query_posts, $localhost) or die(mysql_error());
$row_posts = mysql_fetch_assoc($posts);
$totalRows_posts = mysql_num_rows($posts);
}

?>