Point808/yaptc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed up users page a little, still need editing...

Browse Source
This commit is contained in:
Josh North 2015-02-19 10:53:29 -05:00
parent f01b6a129a
commit 1dc1badd8c
3 changed files with 168 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
includes/menu.inc.php
View File

@ -11,6 +11,7 @@
<ul>
<?php
// Get login status and access level
if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($sql); } else { $userLogged = false; $userAccess = ""; }
@ -53,7 +54,7 @@ if ($userLogged == false) {
<div class="header">
<h1><?php echo $yaptc_pagename; ?></h1>
<h2><?php if (isset($_SESSION['user_id'])) {echo "User: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname'];} else {echo "Please log in to use the timecard system";}?></h2>
<h2><?php if (isset($_SESSION['user_id'])) {echo "Logged as: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname'];} else {echo "Please log in to use the timecard system";}?></h2>
<h4><?php if (!empty($adminmessage)) {echo "<div class=\"successmessage\">" . $adminmessage . "</div>"; } ?></h4>
</div>

169
index.php
View File

@ -4,87 +4,102 @@ require_once("config.inc.php");
$yaptc_pagename = "Home";
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
// Is user logged in? If not, they shouldn't be here - kill all variables and redirect to login...
if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
{
session_start();
session_unset();
session_destroy();
header ("Refresh:3; url=login.php", true, 303);
echo "<h2 class=\"content-subhead\">You are not logged in!!!</h2>";
}
else
{
if (getSessionStatus() == false) {
killSession();
} else {
//********** BEGIN CONTENT **********//
$userid = $_SESSION['user_id'];
$userid = $_SESSION['user_id'];
// This is to get the current user status - in or out - and the notes and times associated for use in the form
$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
$result->execute();
$last = $result->fetchObject();
// Let's build the page - this is the header with current status
echo "<h2 class=\"content-subhead\">Current Status</h2>";
if(!isset($last->user)) {
echo "<p>You do not appear to have any punches on record.</p>";
$status = "Out";
} else {
if (!empty($last->outtime)) { $status = "Out"; $statustime = $last->outtime; } else { $status = "In"; $statustime = $last->intime; $punchid = $last->punchid; $notes = $last->notes; }
echo "<p>You have been Punched $status since " . date('g:i a \o\n M jS, Y', strtotime($statustime)) . ".</p>";
}
echo "<h2 class=\"content-subhead\">Quick Punch</h2>";
echo "<p>Clicking the button below will immediately enter a new punch for you depending on your current status. Any notes you enter will be attached to the punch for your administrator to review.</p>";
echo "<form class=\"pure-form pure-form-stacked\" action=\"index.php\" method=\"post\">";
echo "<fieldset>";
if (isset($notes)) {
echo "<input class=\"pure-input-1\" type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\" value=\"$notes\">";
} else {
echo "<input class=\"pure-input-1\" type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\">";
}
echo "<div class=\"pure-controls\">";
if ($status=="In") {
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success pure-button-disabled\">Punch IN</button>";
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error\">Punch OUT</button>";
} else {
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success\">Punch IN</button>";
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error pure-button-disabled\">Punch OUT</button>";
}
echo "</div>";
// If the posted variables are not empty, we must be trying to insert a new punch. Use the form values to insert new record
if (!empty($_POST)) {
// Is the notes field set? If so, use, otherwise set to null
if (isset($_POST['notes'])) { if (!empty($_POST['notes'])) { $p_notes = $_POST['notes']; } else { $p_notes = NULL; } } else { $p_notes = NULL; }
// Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in
if ($status=="In") {
$query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid";
$stmt = $sql->prepare($query);
$stmt->execute(array(
':p_punchid' => $punchid,
':p_notes' => $p_notes,
));
} else {
$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())";
$stmt = $sql->prepare($query);
$stmt->execute(array(
':p_userid' => $_SESSION['user_id'],
':p_notes' => $p_notes,
));
}
// And then send user back to this page to see the updates
header('Location: '.$_SERVER['PHP_SELF']);
}
// Close out the form...
echo "</fieldset>";
echo "</form>";
//********** END CONTENT **********//
$result->execute();
$last = $result->fetchObject();
// Let's build the page - this is the header with current status
echo "<h2 class=\"content-subhead\">Current Status</h2>";
if (!isset($last->user)) {
echo "<p>You do not appear to have any punches on record.</p>";
$status = "Out";
} //!isset($last->user)
else {
if (!empty($last->outtime)) {
$status = "Out";
$statustime = $last->outtime;
} //!empty($last->outtime)
else {
$status = "In";
$statustime = $last->intime;
$punchid = $last->punchid;
$notes = $last->notes;
}
echo "<p>You have been Punched $status since " . date('g:i a \o\n M jS, Y', strtotime($statustime)) . ".</p>";
}
echo "<h2 class=\"content-subhead\">Quick Punch</h2>";
echo "<p>Clicking the button below will immediately enter a new punch for you depending on your current status. Any notes you enter will be attached to the punch for your administrator to review.</p>";
echo "<form class=\"pure-form pure-form-stacked\" action=\"index.php\" method=\"post\">";
echo "<fieldset>";
if (isset($notes)) {
echo "<input class=\"pure-input-1\" type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\" value=\"$notes\">";
} //isset($notes)
else {
echo "<input class=\"pure-input-1\" type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\">";
}
echo "<div class=\"pure-controls\">";
if ($status == "In") {
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success pure-button-disabled\">Punch IN</button>";
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error\">Punch OUT</button>";
} //$status == "In"
else {
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success\">Punch IN</button>";
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error pure-button-disabled\">Punch OUT</button>";
}
echo "</div>";
// If the posted variables are not empty, we must be trying to insert a new punch. Use the form values to insert new record
if (!empty($_POST)) {
// Is the notes field set? If so, use, otherwise set to null
if (isset($_POST['notes'])) {
if (!empty($_POST['notes'])) {
$p_notes = $_POST['notes'];
} //!empty($_POST['notes'])
else {
$p_notes = NULL;
}
} //isset($_POST['notes'])
else {
$p_notes = NULL;
}
// Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in
if ($status == "In") {
$query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid";
$stmt = $sql->prepare($query);
$stmt->execute(array(
':p_punchid' => $punchid,
':p_notes' => $p_notes
));
} //$status == "In"
else {
$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())";
$stmt = $sql->prepare($query);
$stmt->execute(array(
':p_userid' => $_SESSION['user_id'],
':p_notes' => $p_notes
));
}
// And then send user back to this page to see the updates
header('Location: ' . $_SERVER['PHP_SELF']);
} //!empty($_POST)
// Close out the form...
echo "</fieldset>";
echo "</form>";
//********** END CONTENT **********//
}
require_once($yaptc_inc . "footer.inc.php");
?>

152
users.php
View File

@ -4,51 +4,10 @@ require_once("config.inc.php");
$yaptc_pagename = "Users";
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
// Is user logged in? If not, they shouldn't be here - kill all variables and redirect to login...
if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
{
session_start();
session_unset();
session_destroy();
header ("Refresh:3; url=login.php", true, 303);
echo "<h2 class=\"content-subhead\">You are not logged in!!!</h2>";
}
else
{
if (getSessionStatus() == false) {
killSession();
} else {
//********** BEGIN CONTENT **********//
echo "<h2 class=\"content-subhead\">System Users</h2>";
echo "<p>Editing to be added, for now, it doesn;t exist</p>";
$result = $sql->prepare("SELECT users.id as userid, users.username as username, users.email as email, users.created as created, users.firstname as firstname, users.lastname as lastname, users.usertype as usertypeid, usertypes.typename as usertype
FROM yaptc.users
INNER JOIN usertypes ON users.usertype = usertypes.id
ORDER BY users.lastname ASC;");
$result->execute();
echo '<table class="pure-table">';
echo '<thead>';
echo '<tr>';
echo '<th>First Name</th>';
echo '<th>Last Name</th>';
echo '<th>Username</th>';
echo '<th>Email</th>';
echo '<th>Created</th>';
echo '<th>User Type</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<tr>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['created'] . "</td>";
echo "<td>" . $row['usertype'] . "</td>";
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
echo "<h2 class=\"content-subhead\">Add User</h2>";
echo "<p>Use the following form to add users to the system. Passwords must be 8+ characters. Email must be filled out, and username must be unique.</p>";
@ -58,19 +17,19 @@ if (!empty($_POST))
{
if (empty($_POST['username']))
{
echo "Username cannot be empty.";
$errors['username'] = "Username cannot be empty.";
}
if (preg_match('/[^a-zA-Z0-9 .-_]/', $_POST['username']))
{
echo "Username contains illegal characters.";
$errors['username'] = "Username contains illegal characters.";
}
if (empty($_POST['password']))
{
echo "Password cannot be empty.";
$errors['password'] = "Password cannot be empty.";
}
if (strlen($_POST['password']) < 8)
{
echo "Password must be at least 8 charcaters.";
$errors['password'] = "Password must be at least 8 charcaters.";
}
// OPTIONAL
// Force passwords to contain at least one number and one special character.
@ -86,16 +45,16 @@ if (!empty($_POST))
*/
if (empty($_POST['password_confirm']))
{
echo "Please confirm password.";
$errors['password_confirm'] = "Please confirm password.";
}
if ($_POST['password'] != $_POST['password_confirm'])
{
echo "Passwords do not match.";
$errors['password_confirm'] = "Passwords do not match.";
}
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if (!$email)
{
echo "Not a valid email address.";
$errors['email'] = "Not a valid email address.";
}
/**
@ -125,11 +84,11 @@ if (!empty($_POST))
{
if ($existing->username == $_POST['username'])
{
echo "That username is already in use.";
$errors['username'] = "That username is already in use.";
}
if ($existing->email == $email)
{
echo "That email address is already in use.";
$errors['email'] = "That email address is already in use.";
}
}
}
@ -151,10 +110,12 @@ if (!empty($_POST) && empty($errors))
* prepared statements, be sure to escape your data before passing it to
* your query.
*/
$query = "INSERT INTO users (username, password, email, created, usertype)
VALUES (:username, :password, :email, NOW(), :usertype)";
$query = "INSERT INTO users (firstname, lastname, username, password, email, created, usertype)
VALUES (:firstname, :lastname, :username, :password, :email, NOW(), :usertype)";
$stmt = $sql->prepare($query);
$success = $stmt->execute(array(
':firstname' => $_POST['firstname'],
':lastname' => $_POST['lastname'],
':username' => $_POST['username'],
':password' => $password,
':email' => $_POST['email'],
@ -190,33 +151,34 @@ if (!empty($_POST) && empty($errors))
<p class="error"><?php echo $errors['registration']; ?></p>
<?php endif; ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset id="registration">
<label for="username">Username</label>
<input type="text" id="username" name="username" />
<span class="error">
<form class="pure-form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset id="registration" class="pure-group">
<div class="pure-g">
<div class="pure-u-1 pure-u-md-1-2">
<input type="text" class="pure-input" id="firstname" name="firstname" placeholder="First Name" required />
<?php echo isset($errors['firstname']) ? $errors['firstname'] : ''; ?>
<input type="text" class="pure-input" id="lastname" name="lastname" placeholder="Last Name" required />
<?php echo isset($errors['lastname']) ? $errors['lastname'] : ''; ?>
<input type="text" class="pure-input" id="username" name="username" placeholder="Username" required />
<?php echo isset($errors['username']) ? $errors['username'] : ''; ?>
</span><br />
<label for="email">Email Address</label>
<input type="text" id="email" name="email" />
<span class="error">
</div>
<div class="pure-u-1 pure-u-md-1-2">
<input type="text" class="pure-input" id="email" name="email" placeholder="Email" />
<?php echo isset($errors['email']) ? $errors['email'] : ''; ?>
</span><br />
<label for="password">Password</label>
<input type="password" id="password" name="password" />
<span class="error">
<input type="password" class="pure-input" id="password" name="password" placeholder="Password" required />
<?php echo isset($errors['password']) ? $errors['password'] : ''; ?>
</span><br />
<label for="password_confirm">Confirm Password</label>
<input type="password" id="password_confirm" name="password_confirm" />
<span class="error">
<input type="password" class="pure-input" id="password_confirm" name="password_confirm" placeholder="Confirm Password" required />
<?php echo isset($errors['password_confirm']) ? $errors['password_confirm'] : ''; ?>
</span><br />
<input type="hidden" name="usertype" value="00000000001"/>
<input type="submit" value="Submit" />
</div>
<div class="pure-u-1 pure-u-md-1">
<label for="usertype">Access Level</label>
<select id="usertype" name="usertype" required />
<option value="00000000002">User</option>
<option value="00000000001">Administrator</option>
</select>
<?php echo isset($errors['usertype']) ? $errors['usertype'] : ''; ?>
<button type="submit" class="pure-button button-success" value="Submit">Create</button>
</div>
</fieldset>
</form>
</body>
@ -226,6 +188,40 @@ if (!empty($_POST) && empty($errors))
}
echo "<h2 class=\"content-subhead\">User List</h2>";
echo "<p>Current users. To edit, select the edit button in the right column.</p>";
$result = $sql->prepare("SELECT users.id as userid, users.username as username, users.email as email, users.created as created, users.firstname as firstname, users.lastname as lastname, users.usertype as usertypeid, usertypes.typename as usertype
FROM yaptc.users
INNER JOIN usertypes ON users.usertype = usertypes.id
ORDER BY users.lastname ASC;");
$result->execute();
echo '<table class="pure-table">';
echo '<thead>';
echo '<tr>';
echo '<th>First Name</th>';
echo '<th>Last Name</th>';
echo '<th>Username</th>';
echo '<th>Email</th>';
echo '<th>Created</th>';
echo '<th>User Type</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<tr>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['created'] . "</td>";
echo "<td>" . $row['usertype'] . "</td>";
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
//********** END CONTENT **********//
require_once($yaptc_inc . "footer.inc.php");
?>