. */ ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION ini_set('session.gc_probability', 1); // GC RATES ini_set('session.gc_divisor', 100); // TIMES ini_set('session.use_cookies', '1'); ini_set('session.use_only_cookies', '0'); ini_set('session.cookie_lifetime', '0'); ini_set('session.cookie_secure', '1'); ini_set('session.cookie_httponly', '1'); ini_set('session.cookie_samesite', 'Strict'); session_save_path('.tmp'); // TEMP spl_autoload_register(); session_start(); // START require_once __DIR__ . '/autoload.php'; // AUTOLOAD require_once __DIR__ . '/src/Misc/defuse-crypto.phar'; use App\LobbySIO\Config\Registry; use Defuse\Crypto\Crypto; $Users = new \App\LobbySIO\Database\Users(); if (Registry::AUTHMETHOD == 'SAML') { //simplesaml require_once('../simplesamlphp/lib/_autoload.php'); $auth = new \SimpleSAML\Auth\Simple(Registry::AUTHIDP); //$auth->requireAuth(); $auth->isAuthenticated(); if (!$auth->isAuthenticated()) { $attributes = 'none'; } else { $attributes = $auth->getAttributes(); $saml_user_email = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0]; $saml_user_info = $Users->getUserInfoByEmail($saml_user_email, "1", "0"); $saml_user_id = $saml_user_info["0"]["users_id"]; } $session = \SimpleSAML\Session::getSessionFromRequest(); $session->cleanup(); } $StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES $encKey = $StaticFunctions->loadEncryptionKeyFromConfig(); $SiteInfo = new \App\LobbySIO\Database\SiteInfo(); if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT if (isset($saml_user_id)) { $sessuserid=$saml_user_id; } else { $sessuserid=$_SESSION['user_id']; } } elseif (!isset($_SESSION['user_id'])) { if (isset($saml_user_id)) { $sessuserid=$saml_user_id; } else { $sessuserid='2'; } $session_user = $Users->getUserInfo($sessuserid, "1", "0"); } if (isset($session_user)) { // GET UID OR SET TO KIOSK $uid = $session_user["0"]["users_id"];} else { $uid = "2"; } $app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP LANGUAGE if(!isset($app_disp_lang)) { $app_disp_lang=$StaticFunctions->getDefaultLanguage(); } $siteidcookie = filter_input(INPUT_COOKIE, 'app_site', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP SITE foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) { $lookup_array[$arr['sites_id']]=1; } if(isset($lookup_array[$siteidcookie])) { $siteid = $siteidcookie; } else { $siteid = "1"; } if(!isset($siteid)) { $siteid="1"; } $Translate = new \App\LobbySIO\Language\Translate($app_disp_lang); // SETUP TRANSLATOR $transLang = $Translate->userLanguage(); $VisitTypeInfo = new \App\LobbySIO\Database\VisitTypeInfo(); // ADDITIONAL CLASSES $IDTypeInfo = new \App\LobbySIO\Database\IDTypeInfo(); $VisitInfo = new \App\LobbySIO\Database\VisitInfo(); $VisitActions = new \App\LobbySIO\Database\VisitActions(); $app_current_pagename = $transLang['STR_COMMON_HOME']; // PAGE SETUP $app_current_pageicon = ' '; require_once("inc/header.inc.php"); $urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL)); //header("X-Frame-Options: SAMEORIGIN"); //header("X-Content-Type-Options: nosniff"); //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false); if (!empty($_GET['a'])) { echo '
' . print_r($_POST, true) . '
'; echo 'Verification has been : ' . (Classes\Misc\Csrf::verifyToken('home') ? 'successful' : 'unsuccessful'); } Classes\Visit::dbprefix(); ?> getUserSessionStatus() == false) { ?>
 
getSite($siteid, $uid, "0", "0")[0]["sites_name"]; ?>
 
 
 


 
 
 
 


 
 
getUserSessionStatus() == true) { if (empty($Users->readUserFirstAndLast($uid)[0]["users_lastname"])) { $Users->updateSamlFirstAndLast($uid, $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'][0], $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'][0]); ?>
 
(string)FILTER_SANITIZE_STRING, 'fd_siteId' => (int)FILTER_VALIDATE_INT, 'fd_isVendor' => (int)FILTER_VALIDATE_INT, 'fd_manualTimeDate' => (string)FILTER_SANITIZE_STRING, 'fd_firstName' => (string)FILTER_SANITIZE_STRING, 'fd_lastName' => (string)FILTER_SANITIZE_STRING, 'fd_carNum' => (string)FILTER_SANITIZE_STRING, 'fd_ssaNum' => (string)FILTER_SANITIZE_STRING, 'fd_visitorCompany' => (string)FILTER_SANITIZE_STRING, 'form_data_contact1' => (string)FILTER_SANITIZE_STRING, 'form_data_contact2' => (string)FILTER_SANITIZE_STRING, 'form_data_workstart' => (string)FILTER_SANITIZE_STRING, 'form_data_workend' => (string)FILTER_SANITIZE_STRING, 'fd_visitType' => (int)FILTER_VALIDATE_INT, 'fd_escortRequired' => (int)FILTER_VALIDATE_INT, 'fd_visitorSignature' => (string)FILTER_SANITIZE_STRING, 'fd_escortSignature' => (string)FILTER_SANITIZE_STRING, 'fd_escortName' => (string)FILTER_SANITIZE_STRING, 'db_vendorinfo_id' => (string)FILTER_SANITIZE_STRING, 'db_vendorinfo_checklistrequired' => (string)FILTER_SANITIZE_STRING, 'db_vendorinfo_routinework' => (string)FILTER_SANITIZE_STRING, 'db_vendorinfo_nonroutinework' => (string)FILTER_SANITIZE_STRING, 'fd_routineornonroutine' => (int)FILTER_VALIDATE_INT, 'db_vendorinfo_coi' => (string)FILTER_SANITIZE_STRING, 'db_vendorinfo_worksummary' => (string)FILTER_SANITIZE_STRING, 'db_vendorinfo_equipmentsummary' => (string)FILTER_SANITIZE_STRING, 'fd_voidVisitId' => (int)FILTER_VALIDATE_INT, 'fd_voidVisitNotes' => (string)FILTER_SANITIZE_STRING, 'db_vendorinfo_checklistcompleted' => (int)FILTER_VALIDATE_INT, 'db_vendorinfo_workcompleted' => (int)FILTER_VALIDATE_INT, 'db_vendorinfo_sitecleanup' => (int)FILTER_VALIDATE_INT, 'db_vendorinfo_doccompleted' => (int)FILTER_VALIDATE_INT, 'outtime' => (string)FILTER_SANITIZE_STRING, 'endvisit' => (string)FILTER_SANITIZE_STRING ]); ?> setTimeZone(new DateTimeZone('UTC')); $postdate=$newdate->format('Y-m-d H:i:s'); echo $VisitActions->endVisit($form_data['endvisit'], $postdate); } else { echo $VisitActions->endVisit($form_data['endvisit'], $StaticFunctions->getUTC()); } } ?> voidVisit( $form_data['fd_voidVisitId'], "0", $form_data['fd_voidVisitNotes'] ); ob_end_clean(); unset($form_data); } } ?> setInfoVendorVisitFinal( $form_data['db_vendorinfo_id'], $form_data['db_vendorinfo_checklistcompleted'], $form_data['db_vendorinfo_workcompleted'], $form_data['db_vendorinfo_sitecleanup'], $uid, $form_data['db_vendorinfo_doccompleted'] ); ob_end_clean(); unset($form_data); } } ?> setInfoVendorVisitInitial( $form_data['db_vendorinfo_id'], $form_data['db_vendorinfo_checklistrequired'], $fdroutinework, $fdnonroutinework, $form_data['db_vendorinfo_coi'], $form_data['db_vendorinfo_worksummary'], $form_data['db_vendorinfo_equipmentsummary'] ); ob_end_clean(); unset($form_data); } } ?> setTimeZone(new DateTimeZone('UTC')); $form_data['fd_manualTimeDate']=$manualdate->format('Y-m-d H:i:s'); } else { $form_data['fd_manualTimeDate'] = $StaticFunctions->getUTC(); // OTHERWISE USE NOW()UTC } $visitid = $VisitActions->newVisit( // ADD VISIT RECORD Crypto::encrypt($form_data['fd_firstName'], $encKey), Crypto::encrypt($form_data['fd_lastName'], $encKey), Crypto::encrypt($form_data['fd_visitorCompany'], $encKey), $form_data['fd_visitType'], $form_data['fd_manualTimeDate'], $form_data['fd_visitorSignature'], $form_data['fd_siteId'], "1", $form_data['fd_escortSignature'], $form_data['fd_escortName'], empty($form_data['fd_carNum'])?"":$form_data['fd_carNum'], empty($form_data['fd_ssaNum'])?"":$form_data['fd_ssaNum'], empty($form_data['fd_isVendor'])?(int)0:$form_data['fd_isVendor']); if($form_data['fd_isVendor'] === (int)1) { // ADD VENDOR RECORD IF REQUIRED $vendorid = $VisitActions->setInfoVendorVisitNew( $visitid, empty($form_data['form_data_contact1'])?"":$form_data['form_data_contact1'], empty($form_data['form_data_contact2'])?"":$form_data['form_data_contact2'], empty($form_data['form_data_workstart'])?"":$form_data['form_data_workstart'], empty($form_data['form_data_workend'])?"":$form_data['form_data_workend']); } ob_end_clean(); unset($form_data); } } ?> getSite($siteid, $uid, "0", "0")[0]["sites_region"] == "US") { if (empty($_POST['citizen'])) { $citizen_error=(int)'1'; } elseif ($_POST['citizen']==='00') { $citizen_error=(int)'1'; } else { $citizen_error=(int)'0'; }; }elseif($SiteInfo->getSite($siteid, $uid, "0", "0")[0]["sites_region"] == "EMEA" || $SiteInfo->getSite($siteid, $uid, "0", "0")[0]["sites_region"] == "CAN"){ $_POST['citizen']=NULL; $citizen_error=(int)'0'; } if (isset($_POST['id_type']) && $_POST['id_type']===1 && isset($_POST['id_reference'])) { $id_reference_error=0; } elseif (isset($_POST['id_type']) && $_POST['id_type']===1 && empty($_POST['id_reference'])) { $id_reference_error=1; } else { $id_reference_error=0; }; if ($id_type_error+$badge_error+$initials_error+$citizen_error+$id_reference_error===0) { $approved=2; echo $VisitActions->approveVisit($_POST['approvevisit'], $_POST['id_type'], $_POST['id_reference'], $_POST['citizen'], $_POST['badge'], $_POST['initials'], $approved); } } // check all unapproved or approved $approval = "1"; // Set up pagination $page_num = 1; if(!empty($_GET['pnum'])): $page_num = filter_input(INPUT_GET, 'pnum', FILTER_VALIDATE_INT); if(false === $page_num): $page_num = 1; endif; endif; $offset = ($page_num - 1) * $StaticFunctions->getPageRows(); $row_count = count($VisitInfo->getVisitInfo($siteid, $approval, "empty", "%", "%", "%", "%", "%", "%")); $page_count = 0; if (0 === $row_count): else: $page_count = (int)ceil($row_count / $StaticFunctions->getPageRows()); if($page_num > $page_count): $page_num = 1; endif; endif; ?>

getSite($siteid, $uid, "0", "0")[0]["sites_region"] == "EMEA") { ?>getVisitInfo($siteid, $approval, "empty", "%", "%", "%", "%", $StaticFunctions->getPageRows(), $offset) as $row): $visitid = $row['visits_id']; $timein = new DateTime($row['visits_intime'], new DateTimeZone('UTC')); $timein->setTimezone(new DateTimeZone("$timezone")); $timein_disp = $timein->format('Y-m-d H:i:s'); if(!empty($row['visits_carnum'])) { $carnum=$row['visits_carnum']; } else { $carnum="";} if(!empty($row['visits_ssanum'])) { $ssanum=$row['visits_ssanum']; } else { $ssanum="";} if(!empty($row['visits_isvendor'])) { $isvendor=$row['visits_isvendor']; } else { $isvendor="";} if(!empty($row['visits_approved'])) { $visitapproved=$row['visits_approved']; } else { $visitapproved="";} ?> getInfoVendorVisitInitial($visitid) as $rowvn) { $db_vendorinfo_id = $rowvn['db_vendorinfo_id']; $db_vendorinfo_contact1 = $rowvn['db_vendorinfo_contact1']; $db_vendorinfo_contact2 = $rowvn['db_vendorinfo_contact2']; $db_vendorinfo_workstart = $rowvn['db_vendorinfo_workstart']; $db_vendorinfo_workend = $rowvn['db_vendorinfo_workend']; $db_vendorinfo_customerimpacted = $rowvn['db_vendorinfo_customerimpacted']; $db_vendorinfo_checklistrequired= $rowvn['db_vendorinfo_checklistrequired']; $db_vendorinfo_routinework = $rowvn['db_vendorinfo_routinework']; $db_vendorinfo_nonroutinework = $rowvn['db_vendorinfo_nonroutinework']; $db_vendorinfo_coi = $rowvn['db_vendorinfo_coi']; $db_vendorinfo_worksummary = $rowvn['db_vendorinfo_worksummary']; $db_vendorinfo_equipmentsummary = $rowvn['db_vendorinfo_equipmentsummary']; if ($db_vendorinfo_routinework === 1 || $db_vendorinfo_nonroutinework === 1) { if (!empty($db_vendorinfo_worksummary) && !empty($db_vendorinfo_equipmentsummary)){$initialvendorformcomplete=1;} } else {$initialvendorformcomplete=0;} ?> getInfoVendorVisitFinal($visitid) as $rowvm) { $db_vendorinfo_id = $rowvm['db_vendorinfo_id']; $db_vendorinfo_contact1 = $rowvm['db_vendorinfo_contact1']; $db_vendorinfo_contact2 = $rowvm['db_vendorinfo_contact2']; $db_vendorinfo_workstart = $rowvm['db_vendorinfo_workstart']; $db_vendorinfo_workend = $rowvm['db_vendorinfo_workend']; $db_vendorinfo_customerimpacted = $rowvm['db_vendorinfo_customerimpacted']; $db_vendorinfo_checklistrequired = $rowvm['db_vendorinfo_checklistrequired']; $db_vendorinfo_routinework = $rowvm['db_vendorinfo_routinework']; $db_vendorinfo_nonroutinework = $rowvm['db_vendorinfo_nonroutinework']; $db_vendorinfo_coi = $rowvm['db_vendorinfo_coi']; $db_vendorinfo_worksummary = $rowvm['db_vendorinfo_worksummary']; $db_vendorinfo_equipmentsummary = $rowvm['db_vendorinfo_equipmentsummary']; $db_vendorinfo_checklistcompleted = $rowvm['db_vendorinfo_checklistcompleted']; $db_vendorinfo_workcompleted = $rowvm['db_vendorinfo_workcompleted']; $db_vendorinfo_sitecleanup = $rowvm['db_vendorinfo_sitecleanup']; $db_vendorinfo_doccompleted = $rowvm['db_vendorinfo_doccompleted']; if ($db_vendorinfo_workcompleted === 1 && $db_vendorinfo_sitecleanup === 1) { $finalvendorformcomplete=1; } else { $finalvendorformcomplete=0; } ?> getSite($siteid, $uid, "0", "0")[0]["sites_region"] == "EMEA") { ?>
" type="text" id="id_reference-" name="id_reference">
getSite($siteid, $uid, "0", "0")[0]["sites_region"] == "US") { ?>
getSite($siteid, $uid, "0", "0")[0]["sites_region"] == "EMEA") { ?>
getInfoVisitType("%", $row['visits_reason'])[0]["visittypes_name"]]; ?>

'; } ?>
getIDTypeInfo($row['visits_id_type'])[0]["idtypes_name"]]; ?>
getSite($siteid, $uid, "0", "0")[0]["sites_region"] == "US") { ?>
? getCountryInfo($row['visits_citizen'])[0]["countries_name"]; ?>
readUserFirstAndLast($row['visits_initials'])[0]["users_firstname"] . " " . $Users->readUserFirstAndLast($row['visits_initials'])[0]["users_lastname"]; ?> 
   
getCarnumReqd() == "true") { ?>
" autofocus maxlength="15">
   
getCarnumReqd() == "true") { ?>