more major overhaul, restructured db calls, etc

2015-02-12 15:23:08 -05:00 · 2015-02-12 15:23:08 -05:00 · a8c4e60bb1
commit a8c4e60bb1
parent ef1ac3dc6d
10 changed files with 407 additions and 252 deletions
--- a/7
+++ b/7
@ -0,0 +1,7 @@
+Copyright 2014 Amsul, http://amsul.ca
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/dashboard.php
+++ b/dashboard.php
@ -1,62 +0,0 @@
-<?php
-  session_start();
-
-  // Load config...
-  require_once("config.inc.php");
-
-  // Page title mod
-  $yaptc_pagename = 'Dashboard';
-
-  // Load header
-  require_once($yaptc_inc . "header.inc.php");
-
-  // Load menu
-  require_once($yaptc_inc . "menu.inc.php");
-
-  //************************ CONTENT START ************************
-
-  // If user is not logged in, give error and option to go to login
-  if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
-  {
-    session_destroy();
-
-    echo "not logged in!!!";
-    exit();
-  }
-  else
-  {
-
-// content for logged-in users here
-
-    $query = "SELECT users.id, users.firstname, users.lastname, , users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype
-              FROM users, punches, punchtypes
-              WHERE users.id = :id";
-      $stmt = $sql->prepare($query);
-      $stmt->execute(array(':id' => $_SESSION['user_id']));
-      $user = $stmt->fetchObject();
-    echo 'You may make changes to your user profile below if you wish.  Updates will take effect immediately on pressing "Save".';
-    echo '<form class="pure-form" action="profile.php" method="post">';
-    echo '<fieldset class="pure-group" id="userinfo">';
-    echo '<label for="username">Username</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->username\" value=\"$user->username\" id=\"username\" name=\"username\" readonly>";
-    echo '<label for="created">Created</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->created\" value=\"$user->created\" id=\"created\" name=\"created\" readonly>";
-    echo '<label for="usertype">User Type</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->usertype\" value=\"$user->usertype\" id=\"usertype\" name=\"usertype\" readonly>";
-    echo '<label for="firstname">First Name</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->firstname\" id=\"firstname\" name=\"firstname\">";
-    echo '<label for="lastname">Last Name</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->lastname\" id=\"lastname\" name=\"lastname\">";
-    echo '<label for="username">Email Address</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->email\" id=\"username\" name=\"username\">";
-    echo '</fieldset>';
-    echo '<button type="submit" class="pure-button pure-input-1-2 pure-button-primary" value="Update">Save Changes</button>';
-    echo '</form>';
-
-// end logged-in content
-  }
-
-  //************************ CONTENT END ************************
-  // Load footer
-  require_once($yaptc_inc . "footer.inc.php");
-?>
--- a/includes/header.inc.php
+++ b/includes/header.inc.php
@ -13,5 +13,13 @@
 <!--[if gt IE 8]><!-->
 <link rel="stylesheet" href="<?php echo $yaptc_incweb; ?>side-menu.css">
 <!--<![endif]-->
+
+<!--[if lte IE 8]>
+    <link rel="stylesheet" href="<?php echo $yaptc_libweb; ?>pure/grids-responsive-old-ie-min.css">
+<![endif]-->
+<!--[if gt IE 8]><!-->
+    <link rel="stylesheet" href="<?php echo $yaptc_libweb; ?>pure/grids-responsive-min.css">
+<!--<![endif]-->
+
 </head>
 <body>
--- a/includes/menu.inc.php
+++ b/includes/menu.inc.php
@ -25,8 +25,8 @@

              echo '<li'; if ($yaptc_pagename=='Home') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="index.php">Home</a></li>';
              echo '<li'; if ($yaptc_pagename=='Profile') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="profile.php">Profile</a></li>';
-              echo '<li'; if ($yaptc_pagename=='Time') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="time.php">Time</a></li>';
-              echo '<li'; if ($yaptc_pagename=='Dashboard') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="dashboard.php">Dashboard</a></li>';
+              echo '<li'; if ($yaptc_pagename=='Punch Log') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="punchlog.php">Punch Log</a></li>';
+              echo '<li'; if ($yaptc_pagename=='Users') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="users.php">Users</a></li>';
              echo '<li'; if ($yaptc_pagename=='Reports') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="reports.php">Reports</a></li>';
              echo '<li'; if ($yaptc_pagename=='Logout') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="logout.php">Logout</a></li>';
 }
--- a/index.php
+++ b/index.php
@ -4,8 +4,6 @@ require_once("config.inc.php");
 $yaptc_pagename = "Home";
 require_once($yaptc_inc . "header.inc.php");
 require_once($yaptc_inc . "menu.inc.php");
-//********** BEGIN CONTENT **********//
-
 // Is user logged in?  If not, they shouldn't be here - kill all variables and redirect to login...
 if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
 {
@ -17,38 +15,68 @@ echo "<h2 class=\"content-subhead\">You are not logged in!!!</h2>";
 }
 else
 {
-
+//********** BEGIN CONTENT **********//
 $userid = $_SESSION['user_id'];
-$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punchtypes.id as typeid, punchtypes.punchname as type, punches.time as time, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id INNER JOIN punchtypes ON punches.punchtypeid = punchtypes.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
+$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
 $result->execute();
 $last = $result->fetchObject();
 echo "<h2 class=\"content-subhead\">Current Status</h2>";
-echo "<p>You have been Punched $last->type since " . date('g:i a \o\n M jS, Y', strtotime($last->time)) . ".</p>";
+if(!isset($last->user))
+{
+echo "<p>You do not appear to have any punches on record.</p>";
+$status = "Out";
+}
+else
+{
+if (!empty($last->outtime)) { $status = "Out"; $statustime = $last->outtime; } else { $status = "In"; $statustime = $last->intime; $punchid = $last->punchid; $notes = $last->notes; }
+echo "<p>You have been Punched $status since " . date('g:i a \o\n M jS, Y', strtotime($statustime)) . ".</p>";
+}
 echo "<h2 class=\"content-subhead\">Quick Punch</h2>";
 echo "<p>Clicking the button below will immediately enter a new punch for you depending on your current status.  Any notes you enter will be attached to the punch for your administrator to review.</p>";
-echo "<form class=\"pure-form pure-form-stacked\">";
+echo "<form class=\"pure-form pure-form-stacked\" action=\"index.php\" method=\"post\">";
 echo "<fieldset>";
-echo "<input type=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\">";
+echo "<input class=\"pure-input-1\" type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\" value=\"$notes\">";
 echo "<div class=\"pure-controls\">";
-if ($last->typeid=="00000000001") {
-  //$result = $sql->prepare("INSERT INTO punches (userid, punchtypeid, time) VALUES ($userid, "00000000002", NOW())");
-  //$result->execute();
-  //$punch = $result->fetchObject();
-echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success\">Punch OUT</button>";
+if ($status=="In") {
+echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success pure-button-disabled\">Punch IN</button>";
+echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error\">Punch OUT</button>";
  } else {
 echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success\">Punch IN</button>";
+echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error pure-button-disabled\">Punch OUT</button>";
 }
 echo "</div>";
+
+    if (!empty($_POST)) {
+    if (!empty($_POST['notes'])) {
+$p_notes = $_POST['notes'];
+} else {
+$p_notes = "";
+}
+if ($status=="In") {
+$query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid";
+   $stmt = $sql->prepare($query);
+$stmt->execute(array(
+        ':p_punchid'    => $punchid,
+        ':p_notes'    => $p_notes,
+    ));
+  } else {
+$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())";
+   $stmt = $sql->prepare($query);
+$stmt->execute(array(
+        ':p_userid' => $_SESSION['user_id'],
+        ':p_notes'    => $p_notes,
+    ));
+}
+
+header('Location: '.$_SERVER['PHP_SELF']);
+exit;
+}
+
 echo "</fieldset>";
 echo "</form>";


-
-
-
-
-  }
-
 //********** END CONTENT **********//
+}
 require_once($yaptc_inc . "footer.inc.php");
 ?>
--- a/profile.php
+++ b/profile.php
@ -1,57 +1,76 @@
 <?php
-  session_start();
-
-  // Load config...
-  require_once("config.inc.php");
-
-  // Page title mod
-  $yaptc_pagename = 'Profile';
-
-  // Load header
-  require_once($yaptc_inc . "header.inc.php");
-
-  // Load menu
-  require_once($yaptc_inc . "menu.inc.php");
-
-  //************************ CONTENT START ************************
-
-  // If user is not logged in, give error and option to go to login
-  if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
-  {
-    session_destroy();
-
-    echo "not logged in!!!";
-    exit();
-  }
-  else
-  {
+session_start();
+require_once("config.inc.php");
+$yaptc_pagename = "Profile";
+require_once($yaptc_inc . "header.inc.php");
+require_once($yaptc_inc . "menu.inc.php");
+//********** BEGIN CONTENT **********//
+// Is user logged in?  If not, they shouldn't be here - kill all variables and redirect to login...
+if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
+{
+session_start();
+session_unset();
+session_destroy();
+header ("Refresh:3; url=login.php", true, 303);
+echo "<h2 class=\"content-subhead\">You are not logged in!!!</h2>";
+}
+else
+{
+echo "<h2 class=\"content-subhead\">Profile Information</h2>";
+echo "<p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing \"Save\".</p>";
    $query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype
              FROM users, usertypes
              WHERE users.id = :id";
      $stmt = $sql->prepare($query);
      $stmt->execute(array(':id' => $_SESSION['user_id']));
      $user = $stmt->fetchObject();
-    echo 'You may make changes to your user profile below if you wish.  Updates will take effect immediately on pressing "Save".';
-    echo '<form class="pure-form" action="profile.php" method="post">';
-    echo '<fieldset class="pure-group" id="userinfo">';
-    echo '<label for="username">Username</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->username\" value=\"$user->username\" id=\"username\" name=\"username\" readonly>";
-    echo '<label for="created">Created</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->created\" value=\"$user->created\" id=\"created\" name=\"created\" readonly>";
-    echo '<label for="usertype">User Type</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->usertype\" value=\"$user->usertype\" id=\"usertype\" name=\"usertype\" readonly>";
-    echo '<label for="firstname">First Name</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->firstname\" id=\"firstname\" name=\"firstname\">";
-    echo '<label for="lastname">Last Name</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->lastname\" id=\"lastname\" name=\"lastname\">";
-    echo '<label for="username">Email Address</label>';
-    echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"$user->email\" id=\"username\" name=\"username\">";
-    echo '</fieldset>';
-    echo '<button type="submit" class="pure-button pure-input-1-2 pure-button-primary" value="Update">Save Changes</button>';
-    echo '</form>';
+echo "<form class=\"pure-form pure-form-aligned\" action=\"profile.php\" method=\"post\">";
+echo "<fieldset>";
+echo "<div class=\"pure-control-group\">";
+echo "<label for=\"username\">Username</label>";
+echo "<input class=\"pure-input-1-2\" type=\"text\" name=\"username\" maxlength=\"50\" value=\"$user->username\" readonly>";
+echo "</div>";
+echo "<div class=\"pure-control-group\">";
+echo "<label for=\"created\">Created</label>";
+echo "<input class=\"pure-input-1-2\" type=\"text\" name=\"created\" value=\"$user->created\" readonly>";
+echo "</div>";
+echo "<div class=\"pure-control-group\">";
+echo "<label for=\"usertype\">User Type</label>";
+echo "<input class=\"pure-input-1-2\" type=\"text\" name=\"usertype\" maxlength=\"50\" value=\"$user->usertype\" readonly>";
+echo "</div>";
+echo "<div class=\"pure-control-group\">";
+echo "<label for=\"firstname\">First Name</label>";
+echo "<input class=\"pure-input-1-2\" type=\"text\" name=\"firstname\" maxlength=\"50\" value=\"$user->firstname\">";
+echo "</div>";
+echo "<div class=\"pure-control-group\">";
+echo "<label for=\"lastname\">Last Name</label>";
+echo "<input class=\"pure-input-1-2\" type=\"text\" name=\"lastname\" maxlength=\"50\" value=\"$user->lastname\">";
+echo "</div>";
+echo "<div class=\"pure-control-group\">";
+echo "<label for=\"email\">Email</label>";
+echo "<input class=\"pure-input-1-2\" type=\"text\" name=\"email\" maxlength=\"100\" value=\"$user->email\">";
+echo "</div>";
+echo "<div class=\"pure-controls\">";
+echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success\">Save</button>";
+echo "</div>";
+    if (!empty($_POST)) {
+$query = "UPDATE users SET firstname = :firstname, lastname = :lastname, email = :email WHERE id = :userid";
+   $stmt = $sql->prepare($query);
+$stmt->execute(array(
+        ':userid' => $_SESSION['user_id'],
+        ':firstname' => $_POST['firstname'],
+        ':lastname'    => $_POST['lastname'],
+        ':email'    => $_POST['email']
+    ));
+header('Location: '.$_SERVER['PHP_SELF']);
+exit;
+}
+echo "</fieldset>";
+echo "</form>";
  }

-  //************************ CONTENT END ************************
-  // Load footer
-  require_once($yaptc_inc . "footer.inc.php");
+
+
+//********** END CONTENT **********//
+require_once($yaptc_inc . "footer.inc.php");
 ?>
--- a/punchlog.php
+++ b/punchlog.php
@ -0,0 +1,149 @@
+<?php
+session_start();
+require_once("config.inc.php");
+$yaptc_pagename = "Punch Log";
+require_once($yaptc_inc . "header.inc.php");
+require_once($yaptc_inc . "menu.inc.php");
+// Is user logged in?  If not, they shouldn't be here - kill all variables and redirect to login...
+if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
+{
+session_start();
+session_unset();
+session_destroy();
+header ("Refresh:3; url=login.php", true, 303);
+echo "<h2 class=\"content-subhead\">You are not logged in!!!</h2>";
+}
+else
+{
+//********** BEGIN CONTENT **********//
+$userid = $_SESSION['user_id'];
+$nowarray = explode("-", date("Y-m-d-H-i"));
+$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
+$result->execute();
+$last = $result->fetchObject();
+echo "<h2 class=\"content-subhead\">Advanced Punch</h2>";
+if(!isset($last->user))
+{
+$status = "Out";
+}
+else
+{
+if (!empty($last->outtime)) { $status = "Out"; $statustime = $last->outtime; } else { $status = "In"; $statustime = $last->intime; $punchid = $last->punchid; $notes = $last->notes; }
+}
+echo "<p>Use this form to enter a specific time on your punch.  NOTE: changing the time from the current time will cause a flag on your log for the administrator to review, so we suggest you enter a reason why in the notes field (i.e. forgot punch, working from home, system down, etc).</p>";
+echo "<form class=\"pure-form pure-form-stacked\" action=\"punchlog.php\" method=\"post\">";
+echo "<fieldset>";
+echo "<div class=\"pure-g\">";
+echo "<div class=\"pure-u-1 pure-u-md-1-3\">";
+echo "<label for=\"year\">Year</label>";
+echo "<input type=\"text\" name=\"year\" maxlength=\"4\" placeholder=" . $nowarray[0] . ">";
+echo "</div>";
+echo "<div class=\"pure-u-1 pure-u-md-1-3\">";
+echo "<label for=\"month\">Month</label>";
+echo "<input type=\"text\" name=\"month\" maxlength=\"2\" placeholder=" . $nowarray[1] . ">";
+echo "</div>";
+echo "<div class=\"pure-u-1 pure-u-md-1-3\">";
+echo "<label for=\"day\">Day</label>";
+echo "<input type=\"text\" name=\"day\" maxlength=\"2\" placeholder=" . $nowarray[2] . ">";
+echo "</div>";
+echo "<div class=\"pure-u-1 pure-u-md-1-3\">";
+echo "<label for=\"hour\">Hour (24-hr format)</label>";
+echo "<input type=\"text\" name=\"hour\" maxlength=\"2\" placeholder=" . $nowarray[3] . ">";
+echo "</div>";
+echo "<div class=\"pure-u-1 pure-u-md-1-3\">";
+echo "<label for=\"minute\">Minute</label>";
+echo "<input type=\"text\" name=\"minute\" maxlength=\"2\" placeholder=" . $nowarray[4] . ">";
+echo "</div>";
+echo "<div class=\"pure-u-1 pure-u-md-1-3\">";
+echo "<label for=\"notes\">Notes</label>";
+echo "<input type=\"text\" name=\"notes\" placeholder=\"Enter notes if needed\" maxlength=\"255\" value=\"$notes\">";
+echo "</div>";
+echo "</div>";
+echo "<div class=\"pure-controls\">";
+if ($status=="In") {
+echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success pure-button-disabled\">Punch IN</button>";
+echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error\">Punch OUT</button>";
+  } else {
+echo "<button type=\"submit\" class=\"pure-button button-xlarge button-success\">Punch IN</button>";
+echo "<button type=\"submit\" class=\"pure-button button-xlarge button-error pure-button-disabled\">Punch OUT</button>";
+}
+echo "</div>";
+    if (!empty($_POST)) {
+    if (!empty($_POST['notes'])) {
+$p_notes = $_POST['notes'];
+} else {
+$p_notes = "";
+}
+$p_punchtime = $_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day'] . " " . $_POST['hour'] . ":" . $_POST['minute'] . ":00";
+
+if ($status=="In") {
+$query = "UPDATE punches SET outtime = :p_punchtime, notes = :p_notes WHERE id = :p_punchid";
+   $stmt = $sql->prepare($query);
+$stmt->execute(array(
+        ':p_punchid'    => $punchid,
+        ':p_notes'    => $p_notes,
+        ':p_punchtime'    => $p_punchtime
+    ));
+  } else {
+$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, :p_punchtime)";
+   $stmt = $sql->prepare($query);
+$stmt->execute(array(
+        ':p_userid' => $_SESSION['user_id'],
+        ':p_notes'    => $p_notes,
+        ':p_punchtime'    => $p_punchtime
+    ));
+}
+
+
+
+
+
+header('Location: '.$_SERVER['PHP_SELF']);
+exit;
+}
+echo "</fieldset>";
+echo "</form>";
+
+
+echo "<h2 class=\"content-subhead\">Punch History</h2>";
+echo "<p>Below is your full punch history, sorted newest to oldest.</p>";
+$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC");
+$result->execute();
+echo '<table class="pure-table">';
+echo '<thead>';
+echo '<tr>';
+echo '<th>Time In</th>';
+echo '<th>Time Out</th>';
+echo '<th>Hours</th>';
+echo '<th>Flag</th>';
+echo '<th>Notes</th>';
+echo '</tr>';
+echo '</thead>';
+echo '<tbody>';
+while ($row = $result->fetch(PDO::FETCH_ASSOC))
+{
+$intime = $row['intime'];
+$outtime = $row['outtime'];
+$date1 = new DateTime($intime);
+$date2 = new DateTime($outtime);
+$seconds = abs($date1->getTimestamp()-$date2->getTimestamp());
+$flag = $row['modified'];
+if ($flag == "1") {$flg="YES";} else {$flg="";}
+$notes = $row['notes'];
+echo "<tr>";
+echo "<td>$intime</td>";
+echo "<td>$outtime</td>";
+echo "<td>" . number_format((float)(($seconds/60)/60), 2, '.', '') . "</td>";
+echo "<td>$flg</td>";
+echo "<td>$notes</td>";
+echo "</tr>";
+}
+echo '</tbody>';
+echo '</table>';
+
+
+
+//********** END CONTENT **********//
+}
+require_once($yaptc_inc . "footer.inc.php");
+?>
--- a/reports.php
+++ b/reports.php
@ -0,0 +1,89 @@
+<?php
+session_start();
+require_once("config.inc.php");
+$yaptc_pagename = "Reports";
+require_once($yaptc_inc . "header.inc.php");
+require_once($yaptc_inc . "menu.inc.php");
+// Is user logged in?  If not, they shouldn't be here - kill all variables and redirect to login...
+if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
+{
+session_start();
+session_unset();
+session_destroy();
+header ("Refresh:3; url=login.php", true, 303);
+echo "<h2 class=\"content-subhead\">You are not logged in!!!</h2>";
+}
+else
+{
+//********** BEGIN CONTENT **********//
+echo "<h2 class=\"content-subhead\">Punch History</h2>";
+echo "<p>Below is your company punch history.  You can use the form boxes to narrow down the results as needed, by date, user, or a combination.</p>";
+
+
+echo "<form class=\"pure-form pure-form-stacked\" action=\"reports.php\" method=\"post\">";
+echo "    <fieldset>";
+echo "        <div class=\"pure-g\">";
+echo "             <div class=\"pure-u-1 pure-u-md-1-3\">";
+echo "                <label for=\"order\">Sort Order</label>";
+echo "                <select name=\"order\" class=\"pure-input-1-2\">";
+echo "                    <option>Newest to Oldest</option>";
+echo "                    <option>Oldest to Newest</option>";
+echo "                </select>";
+echo "            </div>";
+echo "        </div>";
+echo "        <button type=\"submit\" class=\"pure-button pure-button-primary\">Submit</button>";
+echo "    </fieldset>";
+echo "</form>";
+
+
+
+// tag order to query depending on drop-down
+if ($_POST['order'] == "Newest to Oldest") {
+ $order="ORDER BY punches.id DESC"; }
+ else {
+ $order="ORDER BY punches.id"; }
+
+// actual query
+$query = "SELECT
+  punches.id as punchid,
+  users.id as user,
+  users.firstname as firstname,
+  users.lastname as lastname,
+  punches.intime as intime,
+  punches.outtime as outtime,
+  punches.notes as notes,
+  punches.modified as modified
+  FROM punches
+  INNER JOIN users ON punches.userid = users.id $order";
+
+   $stmt = $sql->prepare($query);
+$stmt->execute();
+
+$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+//set up table header and open table
+echo '<table class="pure-table">';
+echo '<thead>';
+echo '<tr>';
+echo '<th>First Name</th>';
+echo '<th>Last Name</th>';
+echo '<th>Time In</th>';
+echo '<th>Time Out</th>';
+echo '<th>Hours</th>';
+echo '<th>Flag</th>';
+echo '<th>Notes</th>';
+echo '</tr>';
+echo '</thead>';
+echo '<tbody>';
+
+// $rows is an array containing all records...
+foreach ($rows as $row)
+    echo "<tr><td>" . $row['firstname'] . "</td><td>" . $row['lastname'] . "</td><td>" . $row['intime'] . "</td><td>" . $row['outtime'] . "</td><td>" . $row['hours'] . "</td><td>" . $row['flag'] . "</td><td>" . $row['notes'] . "</td></tr>";
+
+echo '</tbody>';
+echo '</table>';
+
+//********** END CONTENT **********//
+}
+require_once($yaptc_inc . "footer.inc.php");
+?>
--- a/time.php
+++ b/time.php
@ -1,78 +0,0 @@
-<?php
-  session_start();
-
-  // Load config...
-  require_once("config.inc.php");
-
-  // Page title mod
-  $yaptc_pagename = 'Time';
-
-  // Load header
-  require_once($yaptc_inc . "header.inc.php");
-
-  // Load menu
-  require_once($yaptc_inc . "menu.inc.php");
-
-  //************************ CONTENT START ************************
-
-  // If user is not logged in, give error and option to go to login
-  if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
-  {
-    session_destroy();
-
-    echo "not logged in!!!";
-    exit();
-  }
-  else
-  {
-
-// content for logged-in users here
-$userid = $_SESSION['user_id'];
-
-$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punchtypes.punchname as type, punches.time as time, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id INNER JOIN punchtypes ON punches.punchtypeid = punchtypes.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
-$result->execute();
-$last = $result->fetchObject();
-echo "You have been punched $last->type since $last->time.";
-
-
-// eventually i will get these in one query - for now this is separate to show all punches vs the last punch and status
-$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punchtypes.punchname as type, punches.time as time, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id INNER JOIN punchtypes ON punches.punchtypeid = punchtypes.id WHERE users.id = $userid ORDER BY punches.id DESC");
-$result->execute();
-
-
-echo '<table class="pure-table">';
-echo '<thead>';
-echo '<tr>';
-echo '<th>Time</th>';
-echo '<th>Type</th>';
-echo '<th>Changed</th>';
-echo '<th>Notes</th>';
-echo '</tr>';
-echo '</thead>';
-echo '<tbody>';
-while ($row = $result->fetch(PDO::FETCH_ASSOC))
-{
-$time = $row['time'];
-$type = $row['type'];
-$changed = $row['modified'];
-if ($changed == "1") {$chg="YES";} else {$chg="NO";}
-$notes = $row['notes'];
-echo "<tr>";
-echo "<td>$time</td>";
-echo "<td>$type</td>";
-echo "<td>$chg</td>";
-echo "<td>$notes</td>";
-echo "</tr>";
-}
-echo '</tbody>';
-echo '</table>';
-
-
-
-// end logged-in content
-  }
-
-  //************************ CONTENT END ************************
-  // Load footer
-  require_once($yaptc_inc . "footer.inc.php");
-?>
--- a/register.php
+++ b/register.php
@ -1,51 +1,40 @@
 <?php
-
-include 'lib/phpass-0.3/PasswordHash.php';
-
-/**
- * Don't use mysql_ functions. These are for MySQL 4.x and have been deprecated
- * since 2004. MySQLi is fine if you know you'll only be using MySQL databases.
- * PDO doesn't tie you to a specific RDBMS.
- */
-$sql = new PDO('mysql:host=localhost;dbname=yaptc;', 'yaptc', 'yaptcpassw0rd');
-
-// Create an array to catch any errors in the registration form.
-$errors = array();
-
-/**
- * Make sure the form has been submitted before trying to process it. This is
- * the single most common cause of 'undefined index' notices.
- */
+session_start();
+require_once("config.inc.php");
+$yaptc_pagename = "Users";
+require_once($yaptc_inc . "header.inc.php");
+require_once($yaptc_inc . "menu.inc.php");
+// Is user logged in?  If not, they shouldn't be here - kill all variables and redirect to login...
+if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
+{
+session_start();
+session_unset();
+session_destroy();
+header ("Refresh:3; url=login.php", true, 303);
+echo "<h2 class=\"content-subhead\">You are not logged in!!!</h2>";
+}
+else
+{
+//********** BEGIN CONTENT **********//
+require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
 if (!empty($_POST))
 {
-    // First check that required fields have been filled in.
    if (empty($_POST['username']))
    {
-        $errors['username'] = "Username cannot be empty.";
+        echo "Username cannot be empty.";
    }
-
-    // OPTIONAL
-    // Restrict usernames to alphanumeric plus space, dot, dash, and underscore.
-    /*
    if (preg_match('/[^a-zA-Z0-9 .-_]/', $_POST['username']))
    {
-        $errors['username'] = "Username contains illegal characters.";
+        echo "Username contains illegal characters.";
    }
-    */
-
    if (empty($_POST['password']))
    {
-        $errors['password'] = "Password cannot be empty.";
+        echo "Password cannot be empty.";
    }
-
-    /**
-     * Note there's no upper limit to password length.
-     */
    if (strlen($_POST['password']) < 8)
    {
-        $errors['password'] = "Password must be at least 8 charcaters.";
+        echo "Password must be at least 8 charcaters.";
    }
-
    // OPTIONAL
    // Force passwords to contain at least one number and one special character.
    /*
@ -58,21 +47,18 @@ if (!empty($_POST))
        $errors['password'] = "Password must contain at least one special character.";
    }
    */
-
    if (empty($_POST['password_confirm']))
    {
-        $errors['password_confirm'] = "Please confirm password.";
+        echo "Please confirm password.";
    }
-
    if ($_POST['password'] != $_POST['password_confirm'])
    {
-        $errors['password'] = "Passwords do not match.";
+        echo "Passwords do not match.";
    }
-
    $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
    if (!$email)
    {
-        $errors['email'] = "Not a valid email address.";
+        echo "Not a valid email address.";
    }

    /**
@ -102,11 +88,11 @@ if (!empty($_POST))
    {
        if ($existing->username == $_POST['username'])
        {
-            $errors['username'] = "That username is already in use.";
+        echo "That username is already in use.";
        }
        if ($existing->email == $email)
        {
-            $errors['email'] = "That email address is already in use.";
+        echo "That email address is already in use.";
        }
    }
 }
@ -128,13 +114,14 @@ if (!empty($_POST) && empty($errors))
     * prepared statements, be sure to escape your data before passing it to
     * your query.
     */
-    $query = "INSERT INTO users (username, password, email, created)
-              VALUES (:username, :password, :email, NOW())";
+    $query = "INSERT INTO users (username, password, email, created, usertype)
+              VALUES (:username, :password, :email, NOW(), :usertype)";
    $stmt = $sql->prepare($query);
    $success = $stmt->execute(array(
        ':username' => $_POST['username'],
        ':password' => $password,
        ':email'    => $_POST['email'],
+        ':usertype'    => $_POST['usertype'],
    ));

    if ($success)
@ -143,7 +130,7 @@ if (!empty($_POST) && empty($errors))
    }
    else
    {
-        $errors['registration'] = "Account could not be created. Please try again later.";
+        echo "Account could not be created. Please try again later.";
    }
 }

@ -191,9 +178,17 @@ if (!empty($_POST) && empty($errors))
                <span class="error">
                    <?php echo isset($errors['password_confirm']) ? $errors['password_confirm'] : ''; ?>
                </span><br />
-
+                <input type="hidden" name="usertype" value="00000000001"/>
                <input type="submit" value="Submit" />
            </fieldset>
        </form>
    </body>
 </html>
+<?php
+
+
+}
+
+//********** END CONTENT **********//
+require_once($yaptc_inc . "footer.inc.php");
+?>