From a8c4e60bb1f0be9c7d7d6bc485ec5fd3b8f1eb97 Mon Sep 17 00:00:00 2001 From: Josh North Date: Thu, 12 Feb 2015 15:23:08 -0500 Subject: [PATCH] more major overhaul, restructured db calls, etc --- LICENSE (pickadate) | 7 ++ dashboard.php | 62 ---------------- includes/header.inc.php | 8 ++ includes/menu.inc.php | 4 +- index.php | 64 +++++++++++----- profile.php | 113 +++++++++++++++++------------ punchlog.php | 149 ++++++++++++++++++++++++++++++++++++++ reports.php | 89 +++++++++++++++++++++++ time.php | 78 -------------------- register.php => users.php | 85 ++++++++++------------ 10 files changed, 407 insertions(+), 252 deletions(-) create mode 100755 LICENSE (pickadate) delete mode 100755 dashboard.php create mode 100755 punchlog.php create mode 100755 reports.php delete mode 100755 time.php rename register.php => users.php (74%) diff --git a/LICENSE (pickadate) b/LICENSE (pickadate) new file mode 100755 index 0000000..826bab2 --- /dev/null +++ b/LICENSE (pickadate) @@ -0,0 +1,7 @@ +Copyright 2014 Amsul, http://amsul.ca + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/dashboard.php b/dashboard.php deleted file mode 100755 index 389e57f..0000000 --- a/dashboard.php +++ /dev/null @@ -1,62 +0,0 @@ -prepare($query); - $stmt->execute(array(':id' => $_SESSION['user_id'])); - $user = $stmt->fetchObject(); - echo 'You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".'; - echo '
'; - echo '
'; - echo ''; - echo "username\" value=\"$user->username\" id=\"username\" name=\"username\" readonly>"; - echo ''; - echo "created\" value=\"$user->created\" id=\"created\" name=\"created\" readonly>"; - echo ''; - echo "usertype\" value=\"$user->usertype\" id=\"usertype\" name=\"usertype\" readonly>"; - echo ''; - echo "firstname\" id=\"firstname\" name=\"firstname\">"; - echo ''; - echo "lastname\" id=\"lastname\" name=\"lastname\">"; - echo ''; - echo "email\" id=\"username\" name=\"username\">"; - echo '
'; - echo ''; - echo '
'; - -// end logged-in content - } - - //************************ CONTENT END ************************ - // Load footer - require_once($yaptc_inc . "footer.inc.php"); -?> diff --git a/includes/header.inc.php b/includes/header.inc.php index 30054b0..24d03f2 100755 --- a/includes/header.inc.php +++ b/includes/header.inc.php @@ -13,5 +13,13 @@ + + + + + + diff --git a/includes/menu.inc.php b/includes/menu.inc.php index 2ed3b35..1582fe4 100755 --- a/includes/menu.inc.php +++ b/includes/menu.inc.php @@ -25,8 +25,8 @@ echo '';} else {echo '>';} echo 'Home'; echo '';} else {echo '>';} echo 'Profile'; - echo '';} else {echo '>';} echo 'Time'; - echo '';} else {echo '>';} echo 'Dashboard'; + echo '';} else {echo '>';} echo 'Punch Log'; + echo '';} else {echo '>';} echo 'Users'; echo '';} else {echo '>';} echo 'Reports'; echo '';} else {echo '>';} echo 'Logout'; } diff --git a/index.php b/index.php index 1e8c310..fb8a7d0 100755 --- a/index.php +++ b/index.php @@ -4,8 +4,6 @@ require_once("config.inc.php"); $yaptc_pagename = "Home"; require_once($yaptc_inc . "header.inc.php"); require_once($yaptc_inc . "menu.inc.php"); -//********** BEGIN CONTENT **********// - // Is user logged in? If not, they shouldn't be here - kill all variables and redirect to login... if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT'])) { @@ -17,38 +15,68 @@ echo "

You are not logged in!!!

"; } else { - +//********** BEGIN CONTENT **********// $userid = $_SESSION['user_id']; -$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punchtypes.id as typeid, punchtypes.punchname as type, punches.time as time, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id INNER JOIN punchtypes ON punches.punchtypeid = punchtypes.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1"); +$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1"); $result->execute(); $last = $result->fetchObject(); echo "

Current Status

"; -echo "

You have been Punched $last->type since " . date('g:i a \o\n M jS, Y', strtotime($last->time)) . ".

"; +if(!isset($last->user)) +{ +echo "

You do not appear to have any punches on record.

"; +$status = "Out"; +} +else +{ +if (!empty($last->outtime)) { $status = "Out"; $statustime = $last->outtime; } else { $status = "In"; $statustime = $last->intime; $punchid = $last->punchid; $notes = $last->notes; } +echo "

You have been Punched $status since " . date('g:i a \o\n M jS, Y', strtotime($statustime)) . ".

"; +} echo "

Quick Punch

"; echo "

Clicking the button below will immediately enter a new punch for you depending on your current status. Any notes you enter will be attached to the punch for your administrator to review.

"; -echo "
"; +echo ""; echo "
"; -echo ""; +echo ""; echo "
"; -if ($last->typeid=="00000000001") { - //$result = $sql->prepare("INSERT INTO punches (userid, punchtypeid, time) VALUES ($userid, "00000000002", NOW())"); - //$result->execute(); - //$punch = $result->fetchObject(); -echo ""; +if ($status=="In") { +echo ""; +echo ""; } else { echo ""; +echo ""; } echo "
"; + + if (!empty($_POST)) { + if (!empty($_POST['notes'])) { +$p_notes = $_POST['notes']; +} else { +$p_notes = ""; +} +if ($status=="In") { +$query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid"; + $stmt = $sql->prepare($query); +$stmt->execute(array( + ':p_punchid' => $punchid, + ':p_notes' => $p_notes, + )); + } else { +$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())"; + $stmt = $sql->prepare($query); +$stmt->execute(array( + ':p_userid' => $_SESSION['user_id'], + ':p_notes' => $p_notes, + )); +} + +header('Location: '.$_SERVER['PHP_SELF']); +exit; +} + echo "
"; echo "
"; - - - - - } - //********** END CONTENT **********// +} require_once($yaptc_inc . "footer.inc.php"); ?> diff --git a/profile.php b/profile.php index 268bf70..bc87da1 100755 --- a/profile.php +++ b/profile.php @@ -1,57 +1,76 @@ You are not logged in!!!"; +} +else +{ +echo "

Profile Information

"; +echo "

You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing \"Save\".

"; $query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id"; $stmt = $sql->prepare($query); $stmt->execute(array(':id' => $_SESSION['user_id'])); $user = $stmt->fetchObject(); - echo 'You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".'; - echo '
'; - echo '
'; - echo ''; - echo "username\" value=\"$user->username\" id=\"username\" name=\"username\" readonly>"; - echo ''; - echo "created\" value=\"$user->created\" id=\"created\" name=\"created\" readonly>"; - echo ''; - echo "usertype\" value=\"$user->usertype\" id=\"usertype\" name=\"usertype\" readonly>"; - echo ''; - echo "firstname\" id=\"firstname\" name=\"firstname\">"; - echo ''; - echo "lastname\" id=\"lastname\" name=\"lastname\">"; - echo ''; - echo "email\" id=\"username\" name=\"username\">"; - echo '
'; - echo ''; - echo '
'; +echo "
"; +echo "
"; +echo "
"; +echo ""; +echo "username\" readonly>"; +echo "
"; +echo "
"; +echo ""; +echo "created\" readonly>"; +echo "
"; +echo "
"; +echo ""; +echo "usertype\" readonly>"; +echo "
"; +echo "
"; +echo ""; +echo "firstname\">"; +echo "
"; +echo "
"; +echo ""; +echo "lastname\">"; +echo "
"; +echo "
"; +echo ""; +echo "email\">"; +echo "
"; +echo "
"; +echo ""; +echo "
"; + if (!empty($_POST)) { +$query = "UPDATE users SET firstname = :firstname, lastname = :lastname, email = :email WHERE id = :userid"; + $stmt = $sql->prepare($query); +$stmt->execute(array( + ':userid' => $_SESSION['user_id'], + ':firstname' => $_POST['firstname'], + ':lastname' => $_POST['lastname'], + ':email' => $_POST['email'] + )); +header('Location: '.$_SERVER['PHP_SELF']); +exit; +} +echo "
"; +echo "
"; } - //************************ CONTENT END ************************ - // Load footer - require_once($yaptc_inc . "footer.inc.php"); + + +//********** END CONTENT **********// +require_once($yaptc_inc . "footer.inc.php"); ?> diff --git a/punchlog.php b/punchlog.php new file mode 100755 index 0000000..77ff74c --- /dev/null +++ b/punchlog.php @@ -0,0 +1,149 @@ +You are not logged in!!!"; +} +else +{ +//********** BEGIN CONTENT **********// +$userid = $_SESSION['user_id']; +$nowarray = explode("-", date("Y-m-d-H-i")); +$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1"); +$result->execute(); +$last = $result->fetchObject(); +echo "

Advanced Punch

"; +if(!isset($last->user)) +{ +$status = "Out"; +} +else +{ +if (!empty($last->outtime)) { $status = "Out"; $statustime = $last->outtime; } else { $status = "In"; $statustime = $last->intime; $punchid = $last->punchid; $notes = $last->notes; } +} +echo "

Use this form to enter a specific time on your punch. NOTE: changing the time from the current time will cause a flag on your log for the administrator to review, so we suggest you enter a reason why in the notes field (i.e. forgot punch, working from home, system down, etc).

"; +echo "
"; +echo "
"; +echo "
"; +echo "
"; +echo ""; +echo ""; +echo "
"; +echo "
"; +echo ""; +echo ""; +echo "
"; +echo "
"; +echo ""; +echo ""; +echo "
"; +echo "
"; +echo ""; +echo ""; +echo "
"; +echo "
"; +echo ""; +echo ""; +echo "
"; +echo "
"; +echo ""; +echo ""; +echo "
"; +echo "
"; +echo "
"; +if ($status=="In") { +echo ""; +echo ""; + } else { +echo ""; +echo ""; +} +echo "
"; + if (!empty($_POST)) { + if (!empty($_POST['notes'])) { +$p_notes = $_POST['notes']; +} else { +$p_notes = ""; +} +$p_punchtime = $_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day'] . " " . $_POST['hour'] . ":" . $_POST['minute'] . ":00"; + +if ($status=="In") { +$query = "UPDATE punches SET outtime = :p_punchtime, notes = :p_notes WHERE id = :p_punchid"; + $stmt = $sql->prepare($query); +$stmt->execute(array( + ':p_punchid' => $punchid, + ':p_notes' => $p_notes, + ':p_punchtime' => $p_punchtime + )); + } else { +$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, :p_punchtime)"; + $stmt = $sql->prepare($query); +$stmt->execute(array( + ':p_userid' => $_SESSION['user_id'], + ':p_notes' => $p_notes, + ':p_punchtime' => $p_punchtime + )); +} + + + + + +header('Location: '.$_SERVER['PHP_SELF']); +exit; +} +echo "
"; +echo "
"; + + +echo "

Punch History

"; +echo "

Below is your full punch history, sorted newest to oldest.

"; +$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC"); +$result->execute(); +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +while ($row = $result->fetch(PDO::FETCH_ASSOC)) +{ +$intime = $row['intime']; +$outtime = $row['outtime']; +$date1 = new DateTime($intime); +$date2 = new DateTime($outtime); +$seconds = abs($date1->getTimestamp()-$date2->getTimestamp()); +$flag = $row['modified']; +if ($flag == "1") {$flg="YES";} else {$flg="";} +$notes = $row['notes']; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +} +echo ''; +echo '
Time InTime OutHoursFlagNotes
$intime$outtime" . number_format((float)(($seconds/60)/60), 2, '.', '') . "$flg$notes
'; + + + +//********** END CONTENT **********// +} +require_once($yaptc_inc . "footer.inc.php"); +?> diff --git a/reports.php b/reports.php new file mode 100755 index 0000000..bc8ed1f --- /dev/null +++ b/reports.php @@ -0,0 +1,89 @@ +You are not logged in!!!"; +} +else +{ +//********** BEGIN CONTENT **********// +echo "

Punch History

"; +echo "

Below is your company punch history. You can use the form boxes to narrow down the results as needed, by date, user, or a combination.

"; + + +echo "
"; +echo "
"; +echo "
"; +echo "
"; +echo " "; +echo " "; +echo "
"; +echo "
"; +echo " "; +echo "
"; +echo "
"; + + + +// tag order to query depending on drop-down +if ($_POST['order'] == "Newest to Oldest") { + $order="ORDER BY punches.id DESC"; } + else { + $order="ORDER BY punches.id"; } + +// actual query +$query = "SELECT + punches.id as punchid, + users.id as user, + users.firstname as firstname, + users.lastname as lastname, + punches.intime as intime, + punches.outtime as outtime, + punches.notes as notes, + punches.modified as modified + FROM punches + INNER JOIN users ON punches.userid = users.id $order"; + + $stmt = $sql->prepare($query); +$stmt->execute(); + +$rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + +//set up table header and open table +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; +echo ''; + +// $rows is an array containing all records... +foreach ($rows as $row) + echo ""; + +echo ''; +echo '
First NameLast NameTime InTime OutHoursFlagNotes
" . $row['firstname'] . "" . $row['lastname'] . "" . $row['intime'] . "" . $row['outtime'] . "" . $row['hours'] . "" . $row['flag'] . "" . $row['notes'] . "
'; + +//********** END CONTENT **********// +} +require_once($yaptc_inc . "footer.inc.php"); +?> diff --git a/time.php b/time.php deleted file mode 100755 index b9788be..0000000 --- a/time.php +++ /dev/null @@ -1,78 +0,0 @@ -prepare("SELECT punches.id as punchid, users.id as user, punchtypes.punchname as type, punches.time as time, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id INNER JOIN punchtypes ON punches.punchtypeid = punchtypes.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1"); -$result->execute(); -$last = $result->fetchObject(); -echo "You have been punched $last->type since $last->time."; - - -// eventually i will get these in one query - for now this is separate to show all punches vs the last punch and status -$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punchtypes.punchname as type, punches.time as time, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id INNER JOIN punchtypes ON punches.punchtypeid = punchtypes.id WHERE users.id = $userid ORDER BY punches.id DESC"); -$result->execute(); - - -echo ''; -echo ''; -echo ''; -echo ''; -echo ''; -echo ''; -echo ''; -echo ''; -echo ''; -echo ''; -while ($row = $result->fetch(PDO::FETCH_ASSOC)) -{ -$time = $row['time']; -$type = $row['type']; -$changed = $row['modified']; -if ($changed == "1") {$chg="YES";} else {$chg="NO";} -$notes = $row['notes']; -echo ""; -echo ""; -echo ""; -echo ""; -echo ""; -echo ""; -} -echo ''; -echo '
TimeTypeChangedNotes
$time$type$chg$notes
'; - - - -// end logged-in content - } - - //************************ CONTENT END ************************ - // Load footer - require_once($yaptc_inc . "footer.inc.php"); -?> diff --git a/register.php b/users.php similarity index 74% rename from register.php rename to users.php index 8051a7f..bde65ca 100755 --- a/register.php +++ b/users.php @@ -1,51 +1,40 @@ You are not logged in!!!"; +} +else +{ +//********** BEGIN CONTENT **********// +require_once($yaptc_lib . "phpass-0.3/PasswordHash.php"); if (!empty($_POST)) { - // First check that required fields have been filled in. if (empty($_POST['username'])) { - $errors['username'] = "Username cannot be empty."; + echo "Username cannot be empty."; } - - // OPTIONAL - // Restrict usernames to alphanumeric plus space, dot, dash, and underscore. - /* if (preg_match('/[^a-zA-Z0-9 .-_]/', $_POST['username'])) { - $errors['username'] = "Username contains illegal characters."; + echo "Username contains illegal characters."; } - */ - if (empty($_POST['password'])) { - $errors['password'] = "Password cannot be empty."; + echo "Password cannot be empty."; } - - /** - * Note there's no upper limit to password length. - */ if (strlen($_POST['password']) < 8) { - $errors['password'] = "Password must be at least 8 charcaters."; + echo "Password must be at least 8 charcaters."; } - // OPTIONAL // Force passwords to contain at least one number and one special character. /* @@ -58,21 +47,18 @@ if (!empty($_POST)) $errors['password'] = "Password must contain at least one special character."; } */ - if (empty($_POST['password_confirm'])) { - $errors['password_confirm'] = "Please confirm password."; + echo "Please confirm password."; } - if ($_POST['password'] != $_POST['password_confirm']) { - $errors['password'] = "Passwords do not match."; + echo "Passwords do not match."; } - $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); if (!$email) { - $errors['email'] = "Not a valid email address."; + echo "Not a valid email address."; } /** @@ -102,11 +88,11 @@ if (!empty($_POST)) { if ($existing->username == $_POST['username']) { - $errors['username'] = "That username is already in use."; + echo "That username is already in use."; } if ($existing->email == $email) { - $errors['email'] = "That email address is already in use."; + echo "That email address is already in use."; } } } @@ -128,13 +114,14 @@ if (!empty($_POST) && empty($errors)) * prepared statements, be sure to escape your data before passing it to * your query. */ - $query = "INSERT INTO users (username, password, email, created) - VALUES (:username, :password, :email, NOW())"; + $query = "INSERT INTO users (username, password, email, created, usertype) + VALUES (:username, :password, :email, NOW(), :usertype)"; $stmt = $sql->prepare($query); $success = $stmt->execute(array( ':username' => $_POST['username'], ':password' => $password, ':email' => $_POST['email'], + ':usertype' => $_POST['usertype'], )); if ($success) @@ -143,7 +130,7 @@ if (!empty($_POST) && empty($errors)) } else { - $errors['registration'] = "Account could not be created. Please try again later."; + echo "Account could not be created. Please try again later."; } } @@ -191,9 +178,17 @@ if (!empty($_POST) && empty($errors))
- + +