Point808/yaptc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed up users page a little, still need editing...

Browse Source
This commit is contained in:
Josh North 2015-02-19 10:53:29 -05:00
parent f01b6a129a
commit 1dc1badd8c
3 changed files with 168 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
includes/menu.inc.php
View File

@ -11,6 +11,7 @@
<ul> <ul>
<?php <?php
// Get login status and access level // Get login status and access level
if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($sql); } else { $userLogged = false; $userAccess = ""; } if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($sql); } else { $userLogged = false; $userAccess = ""; }
@ -53,7 +54,7 @@ if ($userLogged == false) {
<div class="header"> <div class="header">
<h1><?php echo $yaptc_pagename; ?></h1> <h1><?php echo $yaptc_pagename; ?></h1>
<h2><?php if (isset($_SESSION['user_id'])) {echo "User: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname'];} else {echo "Please log in to use the timecard system";}?></h2> <h2><?php if (isset($_SESSION['user_id'])) {echo "Logged as: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname'];} else {echo "Please log in to use the timecard system";}?></h2>
<h4><?php if (!empty($adminmessage)) {echo "<div class=\"successmessage\">" . $adminmessage . "</div>"; } ?></h4> <h4><?php if (!empty($adminmessage)) {echo "<div class=\"successmessage\">" . $adminmessage . "</div>"; } ?></h4>
</div> </div>

169
index.php
View File

@ -4,87 +4,102 @@ require_once("config.inc.php");
$yaptc_pagename = "Home"; $yaptc_pagename = "Home";
require_once($yaptc_inc . "header.inc.php"); require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php"); require_once($yaptc_inc . "menu.inc.php");
// Is user logged in? If not, they shouldn't be here - kill all variables and redirect to login... if (getSessionStatus() == false) {
if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT'])) killSession();
{ } else {
session_start();
session_unset();
session_destroy();
header ("Refresh:3; url=login.php", true, 303);
echo "<h2 class=\"content-subhead\">You are not logged in!!!</h2>";
}
else
{
//********** BEGIN CONTENT **********// //********** BEGIN CONTENT **********//
$userid = $_SESSION['user_id'];
$userid = $_SESSION['user_id'];
// This is to get the current user status - in or out - and the notes and times associated for use in the form // This is to get the current user status - in or out - and the notes and times associated for use in the form
$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1"); $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
$result->execute(); $result->execute();
$last = $result->fetchObject(); $last = $result->fetchObject();
// Let's build the page - this is the header with current status // Let's build the page - this is the header with current status
echo "<h2 class=\"content-subhead\">Current Status</h2>"; echo "<h2 class=\"content-subhead\">Current Status</h2>";
if(!isset($last->user)) { if (!isset($last->user)) {
echo "<p>You do not appear to have any punches on record.</p>"; echo "<p>You do not appear to have any punches on record.</p>";
$status = "Out"; $status = "Out";
} else { } //!isset($last->user)
if (!empty($last->outtime)) { $status = "Out"; $statustime = $last->outtime; } else { $status = "In"; $statustime = $last->intime; $punchid = $last->punchid; $notes = $last->notes; } else {
echo "<p>You have been Punched $status since " . date('g:i a \o\n M jS, Y', strtotime($statustime)) . ".</p>"; if (!empty($last->outtime)) {
} $status = "Out";
echo "<h2 class=\"content-subhead\">Quick Punch</h2>"; $statustime = $last->outtime;
} //!empty($last->outtime)
echo "<p>Clicking the button below will immediately enter a new punch for you depending on your current status. Any notes you enter will be attached to the punch for your administrator to review.</p>"; else {
echo "<form class=\"pure-form pure-form-stacked\" action=\"index.php\" method=\"post\">"; $status = "In";
echo "<fieldset>"; $statustime = $last->intime;
if (isset($notes)) { $punchid = $last->punchid;
echo "<input class=\"pure-input-1\" type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\" value=\"$notes\">"; $notes = $last->notes;
} else { }
echo "<input class=\"pure-input-1\" type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\">"; echo "<p>You have been Punched $status since " . date('g:i a \o\n M jS, Y', strtotime($statustime)) . ".</p>";
} }
echo "<div class=\"pure-controls\">"; echo "<h2 class=\"content-subhead\">Quick Punch</h2>";
if ($status=="In") {
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success pure-button-disabled\">Punch IN</button>"; echo "<p>Clicking the button below will immediately enter a new punch for you depending on your current status. Any notes you enter will be attached to the punch for your administrator to review.</p>";
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error\">Punch OUT</button>"; echo "<form class=\"pure-form pure-form-stacked\" action=\"index.php\" method=\"post\">";
} else { echo "<fieldset>";
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success\">Punch IN</button>"; if (isset($notes)) {
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error pure-button-disabled\">Punch OUT</button>"; echo "<input class=\"pure-input-1\" type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\" value=\"$notes\">";
} } //isset($notes)
echo "</div>"; else {
echo "<input class=\"pure-input-1\" type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\">";
// If the posted variables are not empty, we must be trying to insert a new punch. Use the form values to insert new record }
if (!empty($_POST)) { echo "<div class=\"pure-controls\">";
if ($status == "In") {
// Is the notes field set? If so, use, otherwise set to null echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success pure-button-disabled\">Punch IN</button>";
if (isset($_POST['notes'])) { if (!empty($_POST['notes'])) { $p_notes = $_POST['notes']; } else { $p_notes = NULL; } } else { $p_notes = NULL; } echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error\">Punch OUT</button>";
} //$status == "In"
// Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in else {
if ($status=="In") { echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success\">Punch IN</button>";
$query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid"; echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error pure-button-disabled\">Punch OUT</button>";
$stmt = $sql->prepare($query); }
$stmt->execute(array( echo "</div>";
':p_punchid' => $punchid,
':p_notes' => $p_notes, // If the posted variables are not empty, we must be trying to insert a new punch. Use the form values to insert new record
)); if (!empty($_POST)) {
} else {
$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())"; // Is the notes field set? If so, use, otherwise set to null
$stmt = $sql->prepare($query); if (isset($_POST['notes'])) {
$stmt->execute(array( if (!empty($_POST['notes'])) {
':p_userid' => $_SESSION['user_id'], $p_notes = $_POST['notes'];
':p_notes' => $p_notes, } //!empty($_POST['notes'])
)); else {
} $p_notes = NULL;
}
// And then send user back to this page to see the updates } //isset($_POST['notes'])
header('Location: '.$_SERVER['PHP_SELF']); else {
} $p_notes = NULL;
}
// Close out the form...
echo "</fieldset>"; // Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in
echo "</form>"; if ($status == "In") {
$query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid";
$stmt = $sql->prepare($query);
//********** END CONTENT **********// $stmt->execute(array(
':p_punchid' => $punchid,
':p_notes' => $p_notes
));
} //$status == "In"
else {
$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())";
$stmt = $sql->prepare($query);
$stmt->execute(array(
':p_userid' => $_SESSION['user_id'],
':p_notes' => $p_notes
));
}
// And then send user back to this page to see the updates
header('Location: ' . $_SERVER['PHP_SELF']);
} //!empty($_POST)
// Close out the form...
echo "</fieldset>";
echo "</form>";
//********** END CONTENT **********//
} }
require_once($yaptc_inc . "footer.inc.php"); require_once($yaptc_inc . "footer.inc.php");
?> ?>

152
users.php
View File

@ -4,51 +4,10 @@ require_once("config.inc.php");
$yaptc_pagename = "Users"; $yaptc_pagename = "Users";
require_once($yaptc_inc . "header.inc.php"); require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php"); require_once($yaptc_inc . "menu.inc.php");
// Is user logged in? If not, they shouldn't be here - kill all variables and redirect to login... if (getSessionStatus() == false) {
if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT'])) killSession();
{ } else {
session_start();
session_unset();
session_destroy();
header ("Refresh:3; url=login.php", true, 303);
echo "<h2 class=\"content-subhead\">You are not logged in!!!</h2>";
}
else
{
//********** BEGIN CONTENT **********// //********** BEGIN CONTENT **********//
echo "<h2 class=\"content-subhead\">System Users</h2>";
echo "<p>Editing to be added, for now, it doesn;t exist</p>";
$result = $sql->prepare("SELECT users.id as userid, users.username as username, users.email as email, users.created as created, users.firstname as firstname, users.lastname as lastname, users.usertype as usertypeid, usertypes.typename as usertype
FROM yaptc.users
INNER JOIN usertypes ON users.usertype = usertypes.id
ORDER BY users.lastname ASC;");
$result->execute();
echo '<table class="pure-table">';
echo '<thead>';
echo '<tr>';
echo '<th>First Name</th>';
echo '<th>Last Name</th>';
echo '<th>Username</th>';
echo '<th>Email</th>';
echo '<th>Created</th>';
echo '<th>User Type</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<tr>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['created'] . "</td>";
echo "<td>" . $row['usertype'] . "</td>";
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
echo "<h2 class=\"content-subhead\">Add User</h2>"; echo "<h2 class=\"content-subhead\">Add User</h2>";
echo "<p>Use the following form to add users to the system. Passwords must be 8+ characters. Email must be filled out, and username must be unique.</p>"; echo "<p>Use the following form to add users to the system. Passwords must be 8+ characters. Email must be filled out, and username must be unique.</p>";
@ -58,19 +17,19 @@ if (!empty($_POST))
{ {
if (empty($_POST['username'])) if (empty($_POST['username']))
{ {
echo "Username cannot be empty."; $errors['username'] = "Username cannot be empty.";
} }
if (preg_match('/[^a-zA-Z0-9 .-_]/', $_POST['username'])) if (preg_match('/[^a-zA-Z0-9 .-_]/', $_POST['username']))
{ {
echo "Username contains illegal characters."; $errors['username'] = "Username contains illegal characters.";
} }
if (empty($_POST['password'])) if (empty($_POST['password']))
{ {
echo "Password cannot be empty."; $errors['password'] = "Password cannot be empty.";
} }
if (strlen($_POST['password']) < 8) if (strlen($_POST['password']) < 8)
{ {
echo "Password must be at least 8 charcaters."; $errors['password'] = "Password must be at least 8 charcaters.";
} }
// OPTIONAL // OPTIONAL
// Force passwords to contain at least one number and one special character. // Force passwords to contain at least one number and one special character.
@ -86,16 +45,16 @@ if (!empty($_POST))
*/ */
if (empty($_POST['password_confirm'])) if (empty($_POST['password_confirm']))
{ {
echo "Please confirm password."; $errors['password_confirm'] = "Please confirm password.";
} }
if ($_POST['password'] != $_POST['password_confirm']) if ($_POST['password'] != $_POST['password_confirm'])
{ {
echo "Passwords do not match."; $errors['password_confirm'] = "Passwords do not match.";
} }
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if (!$email) if (!$email)
{ {
echo "Not a valid email address."; $errors['email'] = "Not a valid email address.";
} }
/** /**
@ -125,11 +84,11 @@ if (!empty($_POST))
{ {
if ($existing->username == $_POST['username']) if ($existing->username == $_POST['username'])
{ {
echo "That username is already in use."; $errors['username'] = "That username is already in use.";
} }
if ($existing->email == $email) if ($existing->email == $email)
{ {
echo "That email address is already in use."; $errors['email'] = "That email address is already in use.";
} }
} }
} }
@ -151,10 +110,12 @@ if (!empty($_POST) && empty($errors))
* prepared statements, be sure to escape your data before passing it to * prepared statements, be sure to escape your data before passing it to
* your query. * your query.
*/ */
$query = "INSERT INTO users (username, password, email, created, usertype) $query = "INSERT INTO users (firstname, lastname, username, password, email, created, usertype)
VALUES (:username, :password, :email, NOW(), :usertype)"; VALUES (:firstname, :lastname, :username, :password, :email, NOW(), :usertype)";
$stmt = $sql->prepare($query); $stmt = $sql->prepare($query);
$success = $stmt->execute(array( $success = $stmt->execute(array(
':firstname' => $_POST['firstname'],
':lastname' => $_POST['lastname'],
':username' => $_POST['username'], ':username' => $_POST['username'],
':password' => $password, ':password' => $password,
':email' => $_POST['email'], ':email' => $_POST['email'],
@ -190,33 +151,34 @@ if (!empty($_POST) && empty($errors))
<p class="error"><?php echo $errors['registration']; ?></p> <p class="error"><?php echo $errors['registration']; ?></p>
<?php endif; ?> <?php endif; ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <form class="pure-form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset id="registration"> <fieldset id="registration" class="pure-group">
<label for="username">Username</label> <div class="pure-g">
<input type="text" id="username" name="username" /> <div class="pure-u-1 pure-u-md-1-2">
<span class="error"> <input type="text" class="pure-input" id="firstname" name="firstname" placeholder="First Name" required />
<?php echo isset($errors['firstname']) ? $errors['firstname'] : ''; ?>
<input type="text" class="pure-input" id="lastname" name="lastname" placeholder="Last Name" required />
<?php echo isset($errors['lastname']) ? $errors['lastname'] : ''; ?>
<input type="text" class="pure-input" id="username" name="username" placeholder="Username" required />
<?php echo isset($errors['username']) ? $errors['username'] : ''; ?> <?php echo isset($errors['username']) ? $errors['username'] : ''; ?>
</span><br /> </div>
<div class="pure-u-1 pure-u-md-1-2">
<label for="email">Email Address</label> <input type="text" class="pure-input" id="email" name="email" placeholder="Email" />
<input type="text" id="email" name="email" />
<span class="error">
<?php echo isset($errors['email']) ? $errors['email'] : ''; ?> <?php echo isset($errors['email']) ? $errors['email'] : ''; ?>
</span><br /> <input type="password" class="pure-input" id="password" name="password" placeholder="Password" required />
<label for="password">Password</label>
<input type="password" id="password" name="password" />
<span class="error">
<?php echo isset($errors['password']) ? $errors['password'] : ''; ?> <?php echo isset($errors['password']) ? $errors['password'] : ''; ?>
</span><br /> <input type="password" class="pure-input" id="password_confirm" name="password_confirm" placeholder="Confirm Password" required />
<label for="password_confirm">Confirm Password</label>
<input type="password" id="password_confirm" name="password_confirm" />
<span class="error">
<?php echo isset($errors['password_confirm']) ? $errors['password_confirm'] : ''; ?> <?php echo isset($errors['password_confirm']) ? $errors['password_confirm'] : ''; ?>
</span><br /> </div>
<input type="hidden" name="usertype" value="00000000001"/> <div class="pure-u-1 pure-u-md-1">
<input type="submit" value="Submit" /> <label for="usertype">Access Level</label>
<select id="usertype" name="usertype" required />
<option value="00000000002">User</option>
<option value="00000000001">Administrator</option>
</select>
<?php echo isset($errors['usertype']) ? $errors['usertype'] : ''; ?>
<button type="submit" class="pure-button button-success" value="Submit">Create</button>
</div>
</fieldset> </fieldset>
</form> </form>
</body> </body>
@ -226,6 +188,40 @@ if (!empty($_POST) && empty($errors))
} }
echo "<h2 class=\"content-subhead\">User List</h2>";
echo "<p>Current users. To edit, select the edit button in the right column.</p>";
$result = $sql->prepare("SELECT users.id as userid, users.username as username, users.email as email, users.created as created, users.firstname as firstname, users.lastname as lastname, users.usertype as usertypeid, usertypes.typename as usertype
FROM yaptc.users
INNER JOIN usertypes ON users.usertype = usertypes.id
ORDER BY users.lastname ASC;");
$result->execute();
echo '<table class="pure-table">';
echo '<thead>';
echo '<tr>';
echo '<th>First Name</th>';
echo '<th>Last Name</th>';
echo '<th>Username</th>';
echo '<th>Email</th>';
echo '<th>Created</th>';
echo '<th>User Type</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<tr>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['created'] . "</td>";
echo "<td>" . $row['usertype'] . "</td>";
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
//********** END CONTENT **********// //********** END CONTENT **********//
require_once($yaptc_inc . "footer.inc.php"); require_once($yaptc_inc . "footer.inc.php");
?> ?>