Point808/yaptc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MAJOR updatesgit add --all

Browse Source
This commit is contained in:
Josh North 2015-02-25 16:01:50 -05:00
parent e54b722bf5
commit 73c7c17219
12 changed files with 285 additions and 429 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config.inc.php.example
View File

@ -7,10 +7,9 @@ $yaptc_appname = 'Timecard System'; // Program name to display in
$yaptc_company = 'Widgets, Inc.'; // Your company name
$yaptc_db = new PDO('mysql:host=localhost;dbname=YOUR_DATABASE;charset=utf8', 'YOUR_USER', 'YOUR_PASSWORD'); // Database connection string
$db = new PDO('mysql:host=localhost;dbname=YOUR_DATABASE;charset=utf8', 'YOUR_USER', 'YOUR_PASSWORD'); // Database connection string
$yaptc_adminmsg = ''; // Message will display on all pages!
$yaptc_allowadvancedpunch = 'yes'; // Should we allow users to make manual punch entries? set to yes or no
$yaptc_min_password = '8'; // Minimum password length
$yaptc_language = 'en'; // Language
$yaptc_language = 'en'; // 2-character language code. Used to set HTML header and language template

15
includes/footer.inc.php
View File

@ -1,8 +1,9 @@
</div>
<div class="header">
<h2><?php echo lang('SERVER_TIME') . ": " . $timenow; ?></h2>
</div>
</div>
<script src="<?php echo $yaptc_libweb; ?>ui.js"></script>
</body>
</div>
<div class="header">
<h2><?php echo lang('SERVER_TIME') . ": " . $timenow . " - - - " . lang('SOFTWARE_VERSION') . ": " . $yaptc_version; ?></h2>
</div>
</div>
</div>
<script src="<?php echo $yaptc_libweb; ?>ui.js"></script>
</body>
</html>

55
includes/functions.inc.php
View File

@ -3,15 +3,65 @@
// Languages
function lang($phrase){
static $lang = array(
'ACCOUNT_INFO_HEADER' => 'Account Information',
'ACCOUNT_INFO_DESC' => 'You may make changes to your user profile below. To change your password, enter a new password twice below and press save. Minimum password length is ',
'USER_LIST_HEADER' => 'User List',
'USER_LIST_DESC' => 'Delete or Punch users from the actions column. Eventually, password resets will also be enabled.',
'PUNCH_HISTORY_HEADER' => 'Punch History',
'PUNCH_HISTORY_DESC' => 'The following is your entire punch history, most recent first.',
'NO_PUNCHES' => 'You have no recorded punches',
'NOT_AUTHORIZED' => 'Not Authorized!',
'OUT' => 'Out',
'IN' => 'In',
'ADD_USER' => 'Add User',
'ADD_USER_DESC' => 'All fields are required! Username and email must be unique. Minimum password length is ',
'HOURS' => 'Hours',
'FLAG' => 'Flag',
'NOTES' => 'Notes',
'HOME' => 'Home',
'LOGIN' => 'Login',
'LOGOUT' => 'Logout',
'ACCOUNT' => 'Account',
'META_DESC' => 'YAPTC Timecard system is a time recording application for small businesses.',
'USERS' => 'Manage Users',
'SAVE' => 'Save',
'NEW' => 'New',
'NAME' => 'Name',
'CONFIRM' => 'Confirm',
'PUNCH' => 'Punch',
'NOTES_PLACEHOLDER' => 'Enter notes if needed',
'USERNAME' => 'Username',
'DELETE_WARNING' => '********* WARNING! ********** Are you SURE you want to DELETE this user AND ALL ASSOCIATED PUNCHES!?!? There is NO UNDO!',
'ACTIONS' => 'Actions',
'CREATED' => 'Created',
'MIN_PASSWORD_LENGTH' => 'Minimum password length is ',
'USERTYPE' => 'User Type',
'ILLEGAL_CHARACTERS' => 'Username contains illegal characters',
'PASSWORD_NOTMATCH' => 'Passwords do not match',
'EMAIL_NOTVALID' => 'Email address not valid',
'USERNAME_NOTEMPTY' => 'Username cannot be empty',
'PASSWORD_NOTEMPTY' => 'Password cannot be empty',
'USERNAME_USED' => 'Username already in use',
'EMAIL_USED' => 'Email already in use',
'PASSWORD_NOTCONFIRMED' => 'Password must be confirmed',
'PASSWORD' => 'Password',
'USER' => 'User',
'FIRSTNAME' => 'First Name',
'LASTNAME' => 'Last Name',
'EMAIL' => 'E-Mail',
'USER_INFORMATION' => 'User Information',
'PUNCH_EDITOR' => 'Punch Edit',
'PLEASE_LOG_IN' => 'Please log in to use the timecard system',
'REPORTS' => 'Reports',
'SINCE' => 'since',
'PUNCH_STATUS' => 'Punch Status',
'SERVER_TIME' => 'Server Time',
'QUICK_PUNCH_PARAGRAPH' => 'Click below to immediately punch your time. You may enter notes for your administrator to review.',
'ADVANCED_PUNCH_PARAGRAPH' => 'Click the punch button to immediately punch your time. You may also make changes to the defaults. Note that changing the punch time will result in a flag on the punch for your administrator to review.',
'YOU_HAVE_BEEN_PUNCHED' => 'You have been punched',
'QUICK_PUNCH' => 'Quick Punch'
'QUICK_PUNCH' => 'Quick Punch',
'SOFTWARE_VERSION' => 'Software Version',
'ADVANCED_PUNCH' => 'Advanced Punch'
);
return $lang[$phrase];
}
@ -20,6 +70,9 @@ function lang($phrase){
// Current Time
$timenow = date('Y-m-d H:i:s');
// This Version
$yaptc_version = 'yaptc 0.8-beta';
// Get user list for users management page
function listUsers($yaptc_db) {
$stmt = $yaptc_db->query("SELECT users.id as userid, users.username as username, users.email as email, users.created as created, users.firstname as firstname, users.lastname as lastname, users.usertype as usertypeid, usertypes.typename as usertype

53
includes/header.inc.php
View File

@ -1,28 +1,27 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="YAPTC Timecard system is a time recording application for small businesses.">
<title><?php echo $yaptc_company . ">" . $yaptc_appname . ">" . $yaptc_pagename; ?></title>
<link rel="stylesheet" href="<?php echo $yaptc_libweb; ?>pure/pure.css">
<!--[if lte IE 8]>
<link rel="stylesheet" href="<?php echo $yaptc_incweb; ?>side-menu-old-ie.css">
<![endif]-->
<!--[if gt IE 8]><!-->
<link rel="stylesheet" href="<?php echo $yaptc_incweb; ?>side-menu.css">
<!--<![endif]-->
<!--[if lte IE 8]>
<link rel="stylesheet" href="<?php echo $yaptc_libweb; ?>pure/grids-responsive-old-ie-min.css">
<![endif]-->
<!--[if gt IE 8]><!-->
<link rel="stylesheet" href="<?php echo $yaptc_libweb; ?>pure/grids-responsive-min.css">
<!--<![endif]-->
</head>
<body>
<html lang="<?php echo $yaptc_language; ?>">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="description" content="<?php echo lang('META_DESC'); ?>" />
<title><?php echo $yaptc_company . " > " . $yaptc_appname . " > " . $yaptc_pagename; ?></title>
<link rel="stylesheet" href="<?php echo $yaptc_libweb; ?>pure/pure.css" />
<!--[if lte IE 8]>
<link rel="stylesheet" href="<?php echo $yaptc_incweb; ?>side-menu-old-ie.css" />
<![endif]-->
<!--[if gt IE 8]>
<!-->
<link rel="stylesheet" href="<?php echo $yaptc_incweb; ?>side-menu.css" />
<!--
<![endif]-->
<!--[if lte IE 8]>
<link rel="stylesheet" href="<?php echo $yaptc_libweb; ?>pure/grids-responsive-old-ie-min.css" />
<![endif]-->
<!--[if gt IE 8]>
<!-->
<link rel="stylesheet" href="<?php echo $yaptc_libweb; ?>pure/grids-responsive-min.css" />
<!--
<![endif]-->
</head>
<body>
<div id="layout">

93
includes/menu.inc.php
View File

@ -1,62 +1,35 @@
<div id="layout">
<!-- Menu toggle -->
<a href="#menu" id="menuLink" class="menu-link">
<!-- Hamburger icon -->
<span></span>
</a>
<div id="menu">
<div class="pure-menu pure-menu-open">
<a class="pure-menu-heading" href="index.php"><?php echo $yaptc_company; ?></a>
<ul>
<?php
// Get logged-in user's profile information
$session_user = getUserInfo($db, $_SESSION['user_id']);
<?php
if (isset($_SESSION['user_id'])): $session_user = getUserInfo($db, $_SESSION['user_id']); endif;
$session_status = getSessionStatus();
// Menu Setup
// For logged-out users
if ($session_status == false):
echo '<li'; if ($yaptc_pagename=='Login') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="login.php">Login</a></li>';
// For logged-in users, depending on access
elseif ($session_status == true):
// Home
echo '<li'; if ($yaptc_pagename=='Home'): echo ' class="pure-menu-selected">'; else: echo '>'; endif; echo '<a href="index.php">Home</a></li>';
// Profile Menu
echo '<li'; if ($yaptc_pagename=='Profile'): echo ' class="pure-menu-selected">'; else: echo '>'; endif; echo '<a href="profile.php">Profile</a></li>';
// Punch Log Menu
echo '<li'; if ($yaptc_pagename=='Punch Log'): echo ' class="pure-menu-selected">'; else: echo '>'; endif; echo '<a href="punchlog.php">Punch Log</a></li>';
// Users Menu
if ($session_user["0"]["usertype"] == "Administrator"):
echo '<li'; if ($yaptc_pagename=='Users'): echo ' class="pure-menu-selected">'; else: echo '>'; endif; echo '<a href="users.php">Users</a></li>';
endif;
// Manual Punch
if ($session_user["0"]["usertype"] == "Administrator"):
echo '<li'; if ($yaptc_pagename=='Manual Punch'): echo ' class="pure-menu-selected">'; else: echo '>'; endif; echo '<a href="manualpunch.php">Manual Punch</a></li>';
endif;
// Reports Menu
if ($session_user["0"]["usertype"] == "Administrator"):
echo '<li'; if ($yaptc_pagename=='Reports'): echo ' class="pure-menu-selected">'; else: echo '>'; endif; echo '<a href="reports.php">Reports</a></li>';
endif;
// Logout Menu
echo '<li'; if ($yaptc_pagename=='Logout'): echo ' class="pure-menu-selected">'; else: echo '>'; endif; echo '<a href="logout.php">Logout</a></li>';
endif;
?>
</ul>
</div>
</div>
<div id="main">
<div class="header">
<h1><?php echo $yaptc_pagename; ?></h1>
<h2><?php if (isset($_SESSION['user_id'])): echo "User: " . $session_user["0"]["firstname"] . ' ' . $session_user["0"]["lastname"]; else: echo "Please log in to use the timecard system"; endif; ?></h2>
<h4><?php if (!empty($adminmessage)): echo "<div class=\"adminmessage\">" . $adminmessage . "</div>"; endif; ?></h4>
</div>
<div class="content">
<!-- SIDE MENU -->
<a href="#menu" id="menuLink" class="menu-link"><span></span></a>
<div id="menu">
<div class="pure-menu pure-menu-open">
<a class="pure-menu-heading" href="index.php"><?php echo $yaptc_company; ?></a>
<ul>
<?php if ($session_status == false): ?>
<!-- MENU FOR ALL LOGGED OUT -->
<li class="<?php if ($yaptc_pagename==lang('LOGIN')): echo "pure-menu-selected"; endif; ?>"><a href="login.php"><?php echo lang('LOGIN'); ?></a></li>
<?php elseif ($session_status == true): ?>
<!-- MENU FOR ALL LOGGED IN -->
<li class="<?php if ($yaptc_pagename==lang('HOME')): echo "pure-menu-selected"; endif; ?>"><a href="index.php"><?php echo lang('HOME'); ?></a></li>
<li class="<?php if ($yaptc_pagename==lang('ACCOUNT')): echo "pure-menu-selected"; endif; ?>"><a href="profile.php"><?php echo lang('ACCOUNT'); ?></a></li>
<?php if ($session_user["0"]["usertype"] == "Administrator"): ?>
<!-- ADDITIONAL MENU IF LOGGED IN AS ADMIN -->
<li class="<?php if ($yaptc_pagename==lang('USERS')): echo "pure-menu-selected"; endif; ?>"><a href="users.php"><?php echo lang('USERS'); ?></a></li>
<li class="<?php if ($yaptc_pagename==lang('PUNCH_EDITOR')): echo "pure-menu-selected"; endif; ?>"><a href="manualpunch.php"><?php echo lang('PUNCH_EDITOR'); ?></a></li>
<li class="<?php if ($yaptc_pagename==lang('REPORTS')): echo "pure-menu-selected"; endif; ?>"><a href="reports.php"><?php echo lang('REPORTS'); ?></a></li>
<?php endif; ?>
<!-- MENU FOR ALL LOGGED IN - BOTTOM END -->
<li class="<?php if ($yaptc_pagename==lang('LOGOUT')): echo "pure-menu-selected"; endif; ?>"><a href="logout.php"><?php echo lang('LOGOUT'); ?></a></li>
<?php endif; ?>
</ul>
</div>
</div>
<div id="main">
<div class="header">
<h1><?php echo $yaptc_pagename; ?></h1>
<h2><?php if (isset($_SESSION['user_id'])): echo lang('USER') . ": " . $session_user["0"]["firstname"] . ' ' . $session_user["0"]["lastname"]; else: echo lang('PLEASE_LOG_IN'); endif; ?></h2>
</div>
<div class="content">

10
includes/side-menu.css
View File

@ -38,19 +38,19 @@ body {
line-height:1em;
}
.header {
margin:.25em 0 0 0;
margin:.25em 0 1em 0;
color:#333;
padding:.0;
padding:0;
border-bottom:2px solid #eee;
}
.header h1 {
margin:0;
margin:.25em 0 0 0;
font-size:2em;
font-weight:300;
padding:0;
}
.header h2 {
margin:0;
margin:.25em 0 0 0;
font-size:1em;
font-weight:300;
padding:0;
@ -63,7 +63,7 @@ body {
font-size:1.5em;
}
.content p {
margin:.25em 0 1em 0;
margin:.25em 0 0 0;
font-weight:300;
color: #888;
font-size:1em;

82
index.php
View File

@ -2,15 +2,15 @@
session_start();
require_once("config.inc.php");
require_once($yaptc_inc . "functions.inc.php");
$yaptc_pagename = "Home";
$yaptc_pagename = lang('HOME');
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false):
killSession();
else: ?>
<!-- ********** BEGIN CONTENT ********** -->
<!-- ********** BEGIN CONTENT ********** -->
<?php
// Get punch status for buttons and times
$session_punch = listPunches($db, $session_user["0"]["userid"], 1);
if (!isset($session_punch['0']['intime'])):
$session_status = lang('OUT');
@ -28,50 +28,52 @@ else:
$session_message = lang('PUNCH_STATUS') . ": " . $session_status . " " . lang('SINCE') . " " . date('g:i a \o\n M jS, Y', strtotime($statustime));
endif;
endif;
?>
<h2 class="content-subhead"><?php echo lang('QUICK_PUNCH'); ?></h2>
<p><?php echo $session_message; ?></p>
<p><?php echo lang('QUICK_PUNCH_PARAGRAPH'); ?></p>
<form class="pure-form pure-form-stacked" action="index.php" method="post">
<fieldset id="punch">
<input type="text" name="notes" placeholder="Enter notes if needed" maxlength="255" value="<?php if (isset($notes)): echo $notes; endif; ?>">
<?php if ($session_status == lang('IN')): ?>
<button type="submit" class="pure-button button-success pure-button-disabled">Punch IN</button>
<button type="submit" class="pure-button button-error">Punch OUT</button>
<?php elseif ($session_status == lang('OUT')): ?>
<button type="submit" class="pure-button button-success">Punch IN</button>
<button type="submit" class="pure-button button-error pure-button-disabled">Punch OUT</button>
<?php endif; ?>
</fieldset>
</form>
<?php
$punchtime = date('Y-m-d H:i:s');
if (!empty($_POST)):
// Process posted data from quickpunch section
if (isset($_POST['quickpunch'])):
if (!empty($_POST['notes'])): $notes = $_POST['notes']; else: $notes = NULL; endif;
if ($session_status == lang('IN')): punchOut($yaptc_db, $punchid, $notes, $punchtime, NULL);
if ($session_status == lang('IN')): punchOut($yaptc_db, $punchid, $notes, $timenow, NULL);
elseif ($session_status == lang('OUT')): punchIn($yaptc_db, $_SESSION['user_id'], $notes, $timenow, NULL);
endif;
header('Location: ' . $_SERVER['PHP_SELF']);
endif;
// Process posted data from advancedpunch section
if (isset($_POST['advancedpunch'])):
if (!empty($_POST['notes'])): $notes = $_POST['notes']; else: $notes = NULL; endif;
if (!empty($_POST['punchtime'])): $punchtime = $_POST['punchtime']; else: $punchtime = $timenow; endif;
if ($session_status == lang('IN')): punchOut($yaptc_db, $punchid, $notes, $timenow, NULL);
elseif ($session_status == lang('OUT')): punchIn($yaptc_db, $_SESSION['user_id'], $notes, $punchtime, NULL);
endif;
header('Location: ' . $_SERVER['PHP_SELF']);
endif;
// HTML section for quick punch only
if ($yaptc_allowuseradvancedpunch == "no"): ?>
<h2 class="content-subhead"><?php echo lang('QUICK_PUNCH'); ?></h2>
<p><?php echo $session_message; ?></p>
<p><?php echo lang('QUICK_PUNCH_PARAGRAPH'); ?></p>
<form class="pure-form pure-form-stacked" action="index.php" method="post">
<fieldset>
<input type="text" name="notes" placeholder="<?php echo lang('NOTES_PLACEHOLDER'); ?>" maxlength="255" value="<?php if (isset($notes)): echo $notes; endif; ?>" />
<button type="submit" class="pure-button <?php echo lang('PUNCH') . " "; if ($session_status == lang('IN')): echo "button-error"; elseif ($session_status == lang('OUT')): echo "button-success"; endif;?>" name="quickpunch"><?php echo lang('PUNCH') . " "; if ($session_status == lang('IN')): echo lang('OUT'); elseif ($session_status == lang('OUT')): echo lang('IN'); endif;?></button>
</fieldset>
</form>
<?php
// HTML section for advanced punch only
elseif ($yaptc_allowuseradvancedpunch == "yes"): ?>
<h2 class="content-subhead"><?php echo lang('ADVANCED_PUNCH'); ?></h2>
<p><?php echo $session_message; ?></p>
<p><?php echo lang('ADVANCED_PUNCH_PARAGRAPH'); ?></p>
<form class="pure-form pure-form-stacked" action="index.php" method="post">
<fieldset>
<input type="text" name="punchtime" placeholder="<?php echo $timenow; ?>" />
<input type="text" name="notes" placeholder="<?php echo lang('NOTES_PLACEHOLDER'); ?>" maxlength="255" value="<?php if (isset($notes)): echo $notes; endif; ?>" />
<button type="submit" class="pure-button <?php echo lang('PUNCH') . " "; if ($session_status == lang('IN')): echo "button-error"; elseif ($session_status == lang('OUT')): echo "button-success"; endif;?>" name="advancedpunch"><?php echo lang('PUNCH') . " "; if ($session_status == lang('IN')): echo lang('OUT'); elseif ($session_status == lang('OUT')): echo lang('IN'); endif;?></button>
</fieldset>
</form>
?>
<!-- ********** END CONTENT ********** -->
<?php endif; ?>
<!-- ********** END CONTENT ********** -->
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>

32
login.php
View File

@ -2,18 +2,18 @@
session_start();
require_once("config.inc.php");
require_once($yaptc_inc . "functions.inc.php");
$yaptc_pagename = "Login";
$yaptc_pagename = lang('LOGIN');
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == true):
header ("Refresh:3; url=index.php", true, 303);
echo "<h2 class=\"content-subhead\">You are already logged in...</h2>";
header('Location: index.php');
else: ?>
<!-- ********** BEGIN CONTENT ********** -->
<!-- ********** BEGIN CONTENT ********** -->
<?php
// hash password for comparison
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$hasher = new PasswordHash(8, FALSE);
// compare if posted
if (!empty($_POST)):
$query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt, firstname, lastname FROM users WHERE username = :username";
$stmt = $yaptc_db->prepare($query);
@ -30,20 +30,18 @@ if (!empty($_POST)):
$_SESSION['lastname'] = $user->lastname;
session_write_close();
header("Location: index.php");
else:
header("Refresh:3; url=login.php", true, 303);
echo "<h2 class=\"content-subhead\">Login failed, please try again...</h2>";
endif;
endif;
?>
<h2 class="content-subhead">User Login</h2>
<form class="pure-form" action="login.php" method="post">
<fieldset class="pure-group" id="login">
<input type="text" class="pure-input-1" placeholder="Username" id="username" name="username" />
<input type="password" class="pure-input-1" placeholder="Password" id="password" name="password" />
</fieldset>
<button type="submit" class="pure-button button-success pure-input-1 pure-button-primary" value="Login">Sign in</button>
</form>
<!-- ********** END CONTENT ********** -->
<h2 class="content-subhead"><?php echo lang('USER_INFORMATION'); ?></h2>
<form class="pure-form" action="login.php" method="post">
<fieldset class="pure-group" id="login">
<input type="text" class="pure-input-1" placeholder="<?php echo lang('USERNAME'); ?>" id="username" name="username" />
<input type="password" class="pure-input-1" placeholder="<?php echo lang('PASSWORD'); ?>" id="password" name="password" />
</fieldset>
<button type="submit" class="pure-button button-success pure-input-1 pure-button-primary" name="login"><?php echo lang('LOGIN'); ?></button>
</form>
<!-- ********** END CONTENT ********** -->
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>

9
logout.php
View File

@ -2,16 +2,13 @@
session_start();
require_once("config.inc.php");
require_once($yaptc_inc . "functions.inc.php");
$yaptc_pagename = "Logout";
$yaptc_pagename = lang('LOGOUT');
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false):
killSession();
else: ?>
<!-- ********** BEGIN CONTENT ********** -->
<!-- ********** BEGIN CONTENT ********** -->
<?php killSession(); ?>
<h2 class="content-subhead">Logging out...</h2>
<!-- ********** END CONTENT ********** -->
<!-- ********** END CONTENT ********** -->
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>

99
profile.php
View File

@ -2,18 +2,17 @@
session_start();
require_once("config.inc.php");
require_once($yaptc_inc . "functions.inc.php");
$yaptc_pagename = "Profile";
$yaptc_pagename = lang('ACCOUNT');
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false):
killSession();
else: ?>
<!-- ********** BEGIN CONTENT ********** -->
<!-- ********** BEGIN CONTENT ********** -->
<?php
if (!empty($_POST)):
if (isset($_POST['saveprofile'])):
if (empty($_POST['password']) && empty($_POST['newpassword2'])):
setUserInfo($db, $session_user["0"]["userid"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['usertypeid'], $session_user["0"]["password"]);
setUserInfo($db, $session_user["0"]["userid"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["usertypeid"], $session_user["0"]["password"]);
header('Location: ' . $_SERVER['PHP_SELF']);
elseif (strlen($_POST['password']) < $yaptc_min_password):
echo "Password must be at least $yaptc_min_password characters.";
@ -26,51 +25,59 @@ elseif (!empty($_POST['password']) && ($_POST['password'] = $_POST['newpassword2
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$hasher = new PasswordHash(8, FALSE);
$password = $hasher->HashPassword($_POST['password']);
setUserInfo($db, $session_user["0"]["userid"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['usertypeid'], $password);
setUserInfo($db, $session_user["0"]["userid"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["usertypeid"], $password);
header('Location: ' . $_SERVER['PHP_SELF']);
endif;
endif;
?>
<h2 class="content-subhead"><?php echo lang('ACCOUNT_INFO_HEADER'); ?></h2>
<p><?php echo lang('ACCOUNT_INFO_DESC') . $yaptc_min_password; ?></p>
<form class="pure-form pure-form-stacked" action="profile.php" method="post">
<fieldset>
<div class="pure-g">
<div class="pure-u-1 pure-u-md-1-3">
<label for="username"><?php echo lang('USERNAME'); ?></label>
<input type="text" name="username" id="username" maxlength="50" value="<?php echo $session_user["0"]["username"]; ?>" readonly />
<label for="created"><?php echo lang('CREATED'); ?></label>
<input type="text" name="created" id="created" value="<?php echo $session_user["0"]["created"]; ?>" readonly />
<label for="usertype"><?php echo lang('USERTYPE'); ?></label>
<input type="text" name="usertype" id="usertype" maxlength="50" value="<?php echo $session_user["0"]["usertype"]; ?>" readonly />
</div>
<div class="pure-u-1 pure-u-md-1-3">
<label for="firstname"><?php echo lang('FIRSTNAME'); ?></label>
<input type="text" name="firstname" id="firstname" maxlength="50" value="<?php echo $session_user["0"]["firstname"]; ?>" />
<label for="lastname"><?php echo lang('LASTNAME'); ?></label>
<input type="text" name="lastname" id="lastname" maxlength="50" value="<?php echo $session_user["0"]["lastname"]; ?>" />
<label for="email"><?php echo lang('EMAIL'); ?></label>
<input type="text" name="email" id="email" maxlength="100" value="<?php echo $session_user["0"]["email"]; ?>" />
</div>
<div class="pure-u-1 pure-u-md-1-3">
<label for="password"><?php echo lang('NEW') . " " . lang('PASSWORD'); ?></label>
<input type="password" name="password" id="password" />
<label for="newpassword2"><?php echo lang('CONFIRM') . " " . lang('NEW') . " " . lang('PASSWORD'); ?></label>
<input type="password" name="newpassword2" id="newpassword2" />
</div>
<div class="pure-controls pure-u-1">
<button type="submit" name="saveprofile" id="saveprofile" class="pure-input-1 pure-button button-success "><?php echo lang('SAVE'); ?></button>
</div>
</div>
</fieldset>
</form>
<h2 class="content-subhead"><?php echo lang('PUNCH_HISTORY_HEADER'); ?></h2>
<p><?php echo lang('PUNCH_HISTORY_DESC'); ?></p>
<table class="pure-table">
<thead>
<tr><th><?php echo lang('IN') . " / " . lang('OUT'); ?></th><th><?php echo lang('HOURS'); ?></th><th><?php echo lang('FLAG'); ?></th><th><?php echo lang('NOTES'); ?></th></tr>
</thead>
<tbody>
<?php foreach (listPunches($db, $session_user["0"]["userid"]) as $row): ?>
<tr>
<td><?php echo $row['intime'] . " / " . $row['outtime']; ?></td><td><?php echo $row['punchhours']; ?></td><td><?php echo $row['modified']; ?></td><td><?php echo $row['notes']; ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<h2 class="content-subhead">Profile Information</h2>
<p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".</p>
<p>To change your password, enter a new password twice below and press save. Password minimum length is <?php echo $yaptc_min_password; ?></p>
<form class="pure-form pure-form-stacked" action="profile.php" method="post">
<fieldset id="update">
<div class="pure-g">
<div class="pure-u-1 pure-u-md-1-3">
<label for="username">Username</label>
<input type="text" name="username" maxlength="50" value="<?php echo $session_user["0"]["username"]; ?>" readonly>
<label for="created">Created</label>
<input type="text" name="created" value="<?php echo $session_user["0"]["created"]; ?>" readonly>
<label for="usertype">User Type</label>
<input type="text" name="usertype" maxlength="50" value="<?php echo $session_user["0"]["usertype"]; ?>" readonly>
<input type="hidden" name="usertypeid" maxlength="50" value="<?php echo $session_user["0"]["usertypeid"]; ?>" readonly>
</div>
<div class="pure-u-1 pure-u-md-1-3">
<label for="firstname">First Name</label>
<input type="text" name="firstname" maxlength="50" value="<?php echo $session_user["0"]["firstname"]; ?>">
<label for="lastname">Last Name</label>
<input type="text" name="lastname" maxlength="50" value="<?php echo $session_user["0"]["lastname"]; ?>">
<label for="email">Email</label>
<input type="text" name="email" maxlength="100" value="<?php echo $session_user["0"]["email"]; ?>">
</div>
<div class="pure-u-1 pure-u-md-1-3">
<label for="password">New Password</label>
<input type="password" name="password">
<label for="newpassword2">Confirm Password</label>
<input type="password" name="newpassword2">
</div>
<div class="pure-controls pure-u-1">
<button type="submit" class="pure-input-1 pure-button button-success ">Save</button>
</div>
</div>
</fieldset>
</form>
<!-- ********** END CONTENT ********** -->
<!-- ********** END CONTENT ********** -->
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>

117
punchlog.php
View File

@ -1,117 +0,0 @@
<?php
session_start();
require_once("config.inc.php");
require_once($yaptc_inc . "functions.inc.php");
$yaptc_pagename = "Punch Log";
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false):
killSession();
else: ?>
<!-- ********** BEGIN CONTENT ********** -->
<?php
$userid = $_SESSION['user_id'];
// This is to get the current user status - in or out - and the notes and times associated for use in the form
$result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
$result->execute();
$last = $result->fetchObject();
// Let's build the page - this is the header with current status IF allowed
if ($yaptc_allowadvancedpunch == 'yes'):
echo "<h2 class=\"content-subhead\">Advanced Punch</h2>";
if(!isset($last->user)) {
echo "<p>You do not appear to have any punches on record.</p>";
$status = "Out";
} else {
if (!empty($last->outtime)) { $status = "Out"; $statustime = $last->outtime; } else { $status = "In"; $statustime = $last->intime; $punchid = $last->punchid; $notes = $last->notes; }
echo "<p>You have been Punched $status since " . date('g:i a \o\n M jS, Y', strtotime($statustime)) . ".</p>";
}
echo "<p>Use this form to enter a specific time on your punch. NOTE: changing the time from the current time will cause a flag on your log for the administrator to review, so we suggest you enter a reason why in the notes field (i.e. forgot punch, working from home, system down, etc).</p>";
echo "<form class=\"pure-form pure-form-stacked\" action=\"punchlog.php\" method=\"post\">";
echo "<fieldset>";
echo "<label for=\"punchtime\">Punch Time</label>";
echo "<input type=\"text\" name=\"punchtime\" placeholder=\"$timenow\" maxlength=\"20\">";
echo "<label for=\"notes\">Notes</label>";
if (isset($notes)) {
echo "<input type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\" value=\"$notes\">";
} else {
echo "<input type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\">";
}
echo "<div class=\"pure-controls\">";
if ($status=="In") {
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success pure-button-disabled\">Punch IN</button>";
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error\">Punch OUT</button>";
} else {
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success\">Punch IN</button>";
echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error pure-button-disabled\">Punch OUT</button>";
}
echo "</div>";
// If the posted variables are not empty, we must be trying to insert a new punch. Use the form values to insert new record
if (!empty($_POST)) {
// Is the notes field set? If so, use, otherwise set to null
if (isset($_POST['notes'])) { if (!empty($_POST['notes'])) { $p_notes = $_POST['notes']; } else { $p_notes = NULL; } } else { $p_notes = NULL; }
// Is the punch time field set? If so, use, otherwise set to now
if (isset($_POST['punchtime'])) {
if (!empty($_POST['punchtime'])) { $p_punchtime = $_POST['punchtime'] . ':00'; $p_modified = "1"; } else { $p_punchtime = $timenow; $p_modified = "0"; }
} else { $p_punchtime = $timenow; $p_modified = "0"; }
// Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in
if ($status=="In") {
$query = "UPDATE punches SET outtime = :p_punchtime, notes = :p_notes, modified = :p_modified WHERE id = :p_punchid";
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(
':p_punchid' => $punchid,
':p_notes' => $p_notes,
':p_punchtime' => $p_punchtime,
':p_modified' => $p_modified,
));
} else {
$query = "INSERT INTO punches (userid, notes, intime, modified) VALUES (:p_userid, :p_notes, :p_punchtime, :p_modified)";
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(
':p_userid' => $_SESSION['user_id'],
':p_notes' => $p_notes,
':p_punchtime' => $p_punchtime,
':p_modified' => $p_modified,
));
}
// And then send user back to this page to see the updates
header('Location: '.$_SERVER['PHP_SELF']);
}
// Close out the form...
echo "</fieldset>";
echo "</form>";
endif;
echo "<h2 class=\"content-subhead\">Punch History</h2>";
echo "<p>Below is your full punch history, sorted newest to oldest.</p>";
?>
<table class="pure-table">
<thead><tr><th>In</th><th>Out</th><th>Name</th><th>Hours</th><th>Flagged</th><th>Notes</th></tr></thead>
<tbody><?php foreach (listPunches($db, $session_user["0"]["userid"]) as $row): ?>
<tr><td><?php echo $row['intime']; ?></td><td><?php echo $row['outtime']; ?></td><td><?php echo $row['lastname'] . ", " . $row['firstname']; ?></td><td><?php echo $row['punchhours']; ?></td><td><?php echo $row['modified']; ?></td><td><?php echo $row['notes']; ?></td></tr><?php endforeach; ?>
</tbody>
</table>
<!-- ********** END CONTENT ********** -->
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>

146
users.php
View File

@ -2,50 +2,32 @@
session_start();
require_once("config.inc.php");
require_once($yaptc_inc . "functions.inc.php");
$yaptc_pagename = "Users";
$yaptc_pagename = lang('USERS');
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false):
killSession();
else: ?>
<!-- ********** BEGIN CONTENT ********** -->
<!-- ********** BEGIN CONTENT ********** -->
<?php if($session_user["0"]["usertype"] !== "Administrator"): header("Location: index.php"); ?>
<h2 class="content-subhead"><?php echo lang('NOT_AUTHORIZED'); ?></h2>
<?php endif; ?>
<h2 class="content-subhead"><?php echo lang('ADD_USER'); ?></h2>
<p><?php echo lang('ADD_USER_DESC') . $yaptc_min_password; ?></p>
<?php if ($session_user["0"]["usertype"] == "Administrator"): ?>
<h2 class="content-subhead">Add User</h2>
<p>All fields are required! Password must be at least <?php echo $yaptc_min_password; ?> characters. Username and email must be unique.</p>
<?php
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
if (!empty($_POST['newuser']))
{
if (empty($_POST['username']))
{
$errors['username'] = "Username cannot be empty.";
}
if (preg_match('/[^a-zA-Z0-9 .-_]/', $_POST['username']))
{
$errors['username'] = "Username contains illegal characters.";
}
if (empty($_POST['password']))
{
$errors['password'] = "Password cannot be empty.";
}
if (strlen($_POST['password']) < $yaptc_min_password)
{
$errors['password'] = "Password must be at least $yaptc_min_password charcaters.";
}
if (empty($_POST['password_confirm']))
{
$errors['password_confirm'] = "Please confirm password.";
}
if ($_POST['password'] != $_POST['password_confirm'])
{
$errors['password_confirm'] = "Passwords do not match.";
}
if (!empty($_POST['newuser'])):
if (empty($_POST['username'])): $errors['username'] = lang('USERNAME_NOTEMPTY'); endif;
if (preg_match('/[^a-zA-Z0-9 .-_]/', $_POST['username'])): $errors['username'] = lang('ILLEGAL_CHARACTERS'); endif;
if (empty($_POST['password'])): $errors['password'] = lang('PASSWORD_NOTEMPTY'); endif;
if (strlen($_POST['password']) < $yaptc_min_password): $errors['password'] = lang('MIN_PASSWORD_LENGTH') . $yaptc_min_password; endif;
if (empty($_POST['password_confirm'])): $errors['password_confirm'] = lang('PASSWORD_NOTCONFIRMED'); endif;
if ($_POST['password'] != $_POST['password_confirm']): $errors['password_confirm'] = lang('PASSWORD_NOTMATCH'); endif;
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if (!$email)
{
$errors['email'] = "Not a valid email address.";
}
if (!$email): $errors['email'] = lang('EMAIL_NOTVALID'); endif;
$query = "SELECT username, email
FROM users
WHERE username = :username OR email = :email";
@ -54,26 +36,19 @@ if (!empty($_POST['newuser']))
':username' => $_POST['username'],
':email' => $email
));
$existing = $stmt->fetchObject();
if ($existing):
if ($existing->username == $_POST['username']): $errors['username'] = lang('USERNAME_USED'); endif;
if ($existing->email == $email): $errors['email'] = lang('PASSWORD_USED'); endif;
endif;
endif;
if ($existing)
{
if ($existing->username == $_POST['username'])
{
$errors['username'] = "That username is already in use.";
}
if ($existing->email == $email)
{
$errors['email'] = "That email address is already in use.";
}
}
}
if (!empty($_POST['newuser']) && empty($errors))
{
if (!empty($_POST['newuser']) && empty($errors)):
$hasher = new PasswordHash(8, FALSE);
$password = $hasher->HashPassword($_POST['password']);
$query = "INSERT INTO users (firstname, lastname, username, password, email, created, usertype)
VALUES (:firstname, :lastname, :username, :password, :email, NOW(), :usertype)";
$stmt = $yaptc_db->prepare($query);
@ -85,17 +60,8 @@ if (!empty($_POST['newuser']) && empty($errors))
':email' => $_POST['email'],
':usertype' => $_POST['usertype'],
));
if ($success)
{
$message = "Account created.";
}
else
{
echo "Account could not be created. Please try again later.";
}
}
if ($success): $message = "Account created."; else: echo "Account could not be created. Please try again later."; endif;
endif;
?>
<?php if (isset($message)): ?>
@ -132,8 +98,8 @@ if (!empty($_POST['newuser']) && empty($errors))
</div>
<div class="pure-u-1 pure-u-md-1">
<label for="usertype">Access Level</label>
<select id="usertype" name="usertype" required />
<option value="00000000002">User</option>
<select id="usertype" name="usertype" required>
<option value="00000000002" selected>User</option>
<option value="00000000001">Administrator</option>
</select>
<?php echo isset($errors['usertype']) ? $errors['usertype'] : ''; ?>
@ -165,42 +131,20 @@ echo "user deleted!";
?>
<h2 class="content-subhead">User List</h2>
<p>Current users. To edit, select the edit button in the right column.</p>
<table class="pure-table">
<thead>
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>Username</th>
<th>Email</th>
<th>Created</th>
<th>User Type</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<tr>
<?php
foreach (getUserInfo($db, "%") as $row) {
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['created'] . "</td>";
echo "<td>" . $row['usertype'] . "</td>";
?>
<td><form method="post" onsubmit="return confirm('WARNING! - WARNING! - WARNING! This will delete the user and ALL punches associated with them. There is NO UNDO! Are you sure?')">
<input type="hidden" name="_METHOD" value="DELETE">
<input type="hidden" name="deleteid" value="<?php echo $row['userid']; ?>"><button button class="button-error pure-button" name="deluser" value="deluser" type="submit" <?php if ($row['username'] == "admin"): echo "disabled"; endif; ?>>Delete</button></form></td>
</tr>
<?php } ?>
</tbody>
</table>
<h2 class="content-subhead"><?php echo lang('USER_LIST_HEADER'); ?></h2>
<p><?php echo lang('USER_LIST_DESC'); ?></p>
<table class="pure-table">
<thead>
<tr><th><?php echo lang('NAME'); ?></th><th><?php echo lang('USERNAME'); ?></th><th><?php echo lang('EMAIL'); ?></th><th><?php echo lang('CREATED'); ?></th><th><?php echo lang('USERTYPE'); ?></th><th><?php echo lang('ACTIONS'); ?></th></tr>
</thead>
<tbody>
<?php foreach (getUserInfo($db, "%") as $row): ?>
<tr>
<td><?php echo $row['lastname'] . ", " . $row['firstname']; ?></td><td><?php echo $row['username']; ?></td><td><?php echo $row['email']; ?></td><td><?php echo $row['created']; ?></td><td><?php echo $row['usertype']; ?></td><td><form method="post" onsubmit="return confirm('<?php echo lang('DELETE_WARNING'); ?>')"><input type="hidden" id="_METHOD" name="_METHOD" value="DELETE" /><input type="hidden" id="deleteid" name="deleteid" value="<?php echo $row['userid']; ?>" /><button class="button-error pure-button" id="deluser" name="deluser" value="deluser" type="submit" <?php if ($row['username'] == "admin"): echo "disabled"; endif; ?>>Delete</button></form></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php else: ?>
<h2 class="content-subhead">NOT AUTHORIZED!</h2>
<?php endif; ?>
<!-- ********** END CONTENT ********** -->
<!-- ********** END CONTENT ********** -->
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>