Point808/yaptc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

user deletion fixed, license added for fpdf even though not using

Browse Source
This commit is contained in:
Josh North 2015-02-20 01:57:34 -05:00
parent ca258c49fc
commit dc77dc7e65
10 changed files with 199 additions and 307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
LICENSE (fpdf) Executable file
View File

@ -0,0 +1,6 @@
FPDF has no license details... except as below as stated on http://www.fpdf.org/en/FAQ.php#q1
1. What's exactly the license of FPDF? Are there any usage restrictions?
FPDF is released under a permissive license: there is no usage restriction. You may embed it freely in your application (commercial or not), with or without modifications.

7
includes/footer.inc.php
View File

@ -1,8 +1,7 @@
</div> </div>
<div class="header"> <div class="header">
<h2>Server Time: <span id="date_time"></span><script type="text/javascript">window.onload = date_time('date_time');</script></h2> <h2>Server Time: <span id="date_time"></span><script type="text/javascript">window.onload = date_time('date_time');</script></h2>
</div> </div>
</div> </div>
<script src="<?php echo $yaptc_libweb; ?>ui.js"></script> <script src="<?php echo $yaptc_libweb; ?>ui.js"></script>
</body> </body>

6
includes/menu.inc.php
View File

@ -13,7 +13,7 @@
// Get login status and access level // Get login status and access level
if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($sql); } else { $userLogged = false; $userAccess = ""; } if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($yaptc_db); } else { $userLogged = false; $userAccess = ""; }
// All menu options - only ones with permissions allowed are shown to logged-in users. // All menu options - only ones with permissions allowed are shown to logged-in users.
// Home // Home
@ -54,8 +54,8 @@ if ($userLogged == false) {
<div class="header"> <div class="header">
<h1><?php echo $yaptc_pagename; ?></h1> <h1><?php echo $yaptc_pagename; ?></h1>
<h2><?php if (isset($_SESSION['user_id'])) {echo "Logged as: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname'];} else {echo "Please log in to use the timecard system";}?></h2> <h2><?php if (isset($_SESSION['user_id'])): echo "Logged as: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname']; else: echo "Please log in to use the timecard system"; endif; ?></h2>
<h4><?php if (!empty($adminmessage)) {echo "<div class=\"successmessage\">" . $adminmessage . "</div>"; } ?></h4> <h4><?php if (!empty($adminmessage)): echo "<div class=\"adminmessage\">" . $adminmessage . "</div>"; endif; ?></h4>
</div> </div>
<div class="content"> <div class="content">

25
index.php
View File

@ -4,14 +4,20 @@ require_once("config.inc.php");
$yaptc_pagename = "Home"; $yaptc_pagename = "Home";
require_once($yaptc_inc . "header.inc.php"); require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php"); require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false) { if (getSessionStatus() == false):
killSession(); killSession();
} else { else:
//********** BEGIN CONTENT **********// //********** BEGIN CONTENT **********// ?>
<?php
$userid = $_SESSION['user_id']; $userid = $_SESSION['user_id'];
// This is to get the current user status - in or out - and the notes and times associated for use in the form // This is to get the current user status - in or out - and the notes and times associated for use in the form
$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1"); $result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
$result->execute(); $result->execute();
$last = $result->fetchObject(); $last = $result->fetchObject();
@ -75,7 +81,7 @@ $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches
// Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in // Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in
if ($status == "In") { if ($status == "In") {
$query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid"; $query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid";
$stmt = $sql->prepare($query); $stmt = $yaptc_db->prepare($query);
$stmt->execute(array( $stmt->execute(array(
':p_punchid' => $punchid, ':p_punchid' => $punchid,
':p_notes' => $p_notes ':p_notes' => $p_notes
@ -83,7 +89,7 @@ $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches
} //$status == "In" } //$status == "In"
else { else {
$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())"; $query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())";
$stmt = $sql->prepare($query); $stmt = $yaptc_db->prepare($query);
$stmt->execute(array( $stmt->execute(array(
':p_userid' => $_SESSION['user_id'], ':p_userid' => $_SESSION['user_id'],
':p_notes' => $p_notes ':p_notes' => $p_notes
@ -97,9 +103,10 @@ $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches
// Close out the form... // Close out the form...
echo "</fieldset>"; echo "</fieldset>";
echo "</form>"; echo "</form>";
?>
//********** END CONTENT **********// <?php //********** END CONTENT **********//
} endif;
require_once($yaptc_inc . "footer.inc.php"); require_once($yaptc_inc . "footer.inc.php");
?> ?>

75
login.php
View File

@ -4,55 +4,50 @@ require_once("config.inc.php");
$yaptc_pagename = "Login"; $yaptc_pagename = "Login";
require_once($yaptc_inc . "header.inc.php"); require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php"); require_once($yaptc_inc . "menu.inc.php");
//********** BEGIN CONTENT **********// if (getSessionStatus() == true):
// Is user logged in? If so, tell them and go to main...
if (isset($_SESSION['user_id']) && isset($_SESSION['signature']) && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] = true && $_SESSION['signature'] = md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
{
header ("Refresh:3; url=index.php", true, 303); header ("Refresh:3; url=index.php", true, 303);
echo "<h2 class=\"content-subhead\">You are already logged in...</h2>"; echo "<h2 class=\"content-subhead\">You are already logged in...</h2>";
} else:
else //********** BEGIN CONTENT **********// ?>
{
echo "<h2 class=\"content-subhead\">User Login</h2>";
echo "<form class=\"pure-form\" action=\"login.php\" method=\"post\">"; <h2 class="content-subhead">User Login</h2>
echo "<fieldset class=\"pure-group\" id=\"login\">"; <form class="pure-form" action="login.php" method="post">
echo "<label for=\"username\">Username</label>"; <fieldset class="pure-group" id="login">
echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"Username\" id=\"username\" name=\"username\">"; <input type="text" class="pure-input-1" placeholder="Username" id="username" name="username" />
echo "<label for=\"password\">Password</label>"; <input type="password" class="pure-input-1" placeholder="Password" id="password" name="password" />
echo "<input type=\"password\" class=\"pure-input-1-2\" placeholder=\"Password\" id=\"password\" name=\"password\">"; </fieldset>
echo "</fieldset>"; <button type="submit" class="pure-button button-success pure-input-1 pure-button-primary" value="Login">Sign in</button>
echo "<button type=\"submit\" class=\"pure-button pure-input-1-2 pure-button-primary\" value=\"Login\">Sign in</button>"; </form>
echo "</form>";
<?php
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php"); require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$hasher = new PasswordHash(8, FALSE); $hasher = new PasswordHash(8, FALSE);
if (!empty($_POST)) { if (!empty($_POST)):
$query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt, firstname, lastname FROM users WHERE username = :username"; $query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt, firstname, lastname FROM users WHERE username = :username";
$stmt = $sql->prepare($query); $stmt = $yaptc_db->prepare($query);
$stmt->execute(array(':username' => $_POST['username'])); $stmt->execute(array(
$user = $stmt->fetchObject(); ':username' => $_POST['username']
if ($user && $user->password == $hasher->CheckPassword($_POST['password'], $user->password)) { ));
$user = $stmt->fetchObject();
if ($user && $user->password == $hasher->CheckPassword($_POST['password'], $user->password)):
session_regenerate_id(); session_regenerate_id();
$_SESSION['user_id'] = $user->id; $_SESSION['user_id'] = $user->id;
$_SESSION['loggedIn'] = TRUE; $_SESSION['loggedIn'] = TRUE;
$_SESSION['signature'] = md5($user->id . $_SERVER['HTTP_USER_AGENT']); $_SESSION['signature'] = md5($user->id . $_SERVER['HTTP_USER_AGENT']);
$_SESSION['firstname'] = $user->firstname; $_SESSION['firstname'] = $user->firstname;
$_SESSION['lastname'] = $user->lastname; $_SESSION['lastname'] = $user->lastname;
session_write_close(); session_write_close();
echo "Login successful..."; header("Location: index.php");
header("Location: index.php"); else:
header("Refresh:3; url=login.php", true, 303);
} echo "<h2 class=\"content-subhead\">Login failed, please try again...</h2>";
else endif;
{ endif;
header ("Refresh:3; url=login.php", true, 303); ?>
echo "<h2 class=\"content-subhead\">Login failed, please try again...</h2>";
}
}
}
//********** END CONTENT **********// <?php //********** END CONTENT **********//
endif;
require_once($yaptc_inc . "footer.inc.php"); require_once($yaptc_inc . "footer.inc.php");
?> ?>

16
schema.mysql → mysql.sql
View File

@ -32,8 +32,8 @@ CREATE TABLE `punches` (
`intime` datetime NOT NULL, `intime` datetime NOT NULL,
`outtime` datetime DEFAULT NULL, `outtime` datetime DEFAULT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `userid` (`userid`), KEY `punches_ibfk_1` (`userid`),
CONSTRAINT `punches_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `users` (`id`) CONSTRAINT `punches_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1; ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
@ -63,9 +63,9 @@ CREATE TABLE `users` (
`lastname` varchar(50) DEFAULT NULL, `lastname` varchar(50) DEFAULT NULL,
`usertype` int(11) unsigned zerofill NOT NULL, `usertype` int(11) unsigned zerofill NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `usertype` (`usertype`), KEY `users_ibfk_1` (`usertype`),
CONSTRAINT `users_ibfk_1` FOREIGN KEY (`usertype`) REFERENCES `usertypes` (`id`) CONSTRAINT `users_ibfk_1` FOREIGN KEY (`usertype`) REFERENCES `usertypes` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8; ) ENGINE=InnoDB AUTO_INCREMENT=21 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */; /*!40101 SET character_set_client = @saved_cs_client */;
-- --
@ -101,10 +101,6 @@ LOCK TABLES `usertypes` WRITE;
INSERT INTO `usertypes` VALUES (00000000001,'Administrator'),(00000000002,'User'); INSERT INTO `usertypes` VALUES (00000000001,'Administrator'),(00000000002,'User');
/*!40000 ALTER TABLE `usertypes` ENABLE KEYS */; /*!40000 ALTER TABLE `usertypes` ENABLE KEYS */;
UNLOCK TABLES; UNLOCK TABLES;
--
-- Dumping routines for database 'yaptc'
--
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
@ -115,4 +111,4 @@ UNLOCK TABLES;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2015-02-18 19:57:14 -- Dump completed on 2015-02-20 1:54:16

80
profile.php
View File

@ -4,67 +4,77 @@ require_once("config.inc.php");
$yaptc_pagename = "Profile"; $yaptc_pagename = "Profile";
require_once($yaptc_inc . "header.inc.php"); require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php"); require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false) { if (getSessionStatus() == false):
killSession(); killSession();
} else { else:
//********** BEGIN CONTENT **********// //********** BEGIN CONTENT **********// ?>
<?php
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id"; $query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id";
$stmt = $sql->prepare($query); $stmt = $yaptc_db->prepare($query);
$stmt->execute(array(':id' => $_SESSION['user_id'])); $stmt->execute(array(':id' => $_SESSION['user_id']));
$user = $stmt->fetchObject(); $user = $stmt->fetchObject();
?> ?>
<h2 class\"content-subhead">Profile Information</h2>
<?php if (isset($errors['update'])): ?>
<p class="error"><?php echo $errors['update']; ?></p>
<?php endif; ?>
<h2 class="content-subhead">Profile Information</h2>
<p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".</p> <p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".</p>
<form class="pure-form pure-form-aligned" action="profile.php" method="post"> <p>PASSWORD CHANGE IS NOT CURRENTLY IMPLEMENTED</p>
<fieldset> <form class="pure-form pure-form-stacked" action="profile.php" method="post">
<div class="pure-control-group"> <fieldset id="update">
<div class="pure-g">
<div class="pure-u-1 pure-u-md-1-3">
<label for="username">Username</label> <label for="username">Username</label>
<input type="text" name="username" maxlength="50" value="<?php echo $user->username; ?>" readonly> <input type="text" name="username" maxlength="50" value="<?php echo $user->username; ?>" readonly>
</div>
<div class="pure-control-group">
<label for="created">Created</label> <label for="created">Created</label>
<input type="text" name="created" value="<?php echo $user->created; ?>" readonly> <input type="text" name="created" value="<?php echo $user->created; ?>" readonly>
</div>
<div class="pure-control-group">
<label for="usertype">User Type</label> <label for="usertype">User Type</label>
<input type="text" name="usertype" maxlength="50" value="<?php echo $user->usertype; ?>" readonly> <input type="text" name="usertype" maxlength="50" value="<?php echo $user->usertype; ?>" readonly>
</div> </div>
<div class="pure-control-group"> <div class="pure-u-1 pure-u-md-1-3">
<label for="firstname">First Name</label> <label for="firstname">First Name</label>
<input type="text" name="firstname" maxlength="50" value="<?php echo $user->firstname; ?>"> <input type="text" name="firstname" maxlength="50" value="<?php echo $user->firstname; ?>">
</div>
<div class="pure-control-group">
<label for="lastname">Last Name</label> <label for="lastname">Last Name</label>
<input type="text" name="lastname" maxlength="50" value="<?php echo $user->lastname; ?>"> <input type="text" name="lastname" maxlength="50" value="<?php echo $user->lastname; ?>">
</div>
<div class="pure-control-group">
<label for="email">Email</label> <label for="email">Email</label>
<input type="text" name="email" maxlength="100" value="<?php echo $user->email; ?>"> <input type="text" name="email" maxlength="100" value="<?php echo $user->email; ?>">
</div> </div>
<div class="pure-controls"> <div class="pure-u-1 pure-u-md-1-3">
<button type="submit" class="pure-button button-xlarge button-success">Save</button> <label for="newpassword1">New Password</label>
<input type="password" name="newpassword1" maxlength="50" disabled>
<label for="newpassword2">Confirm Password</label>
<input type="password" name="newpassword2" maxlength="50" disabled>
<?php echo isset($errors['newpassword2']) ? $errors['newpassword2'] : ''; ?>
</div> </div>
<div class="pure-controls pure-u-1">
<button type="submit" class="pure-input-1 pure-button button-success ">Save</button>
</div>
</div>
</fieldset>
</form>
<?php <?php
if (!empty($_POST)) { if (!empty($_POST)):
$query = "UPDATE users SET firstname = :firstname, lastname = :lastname, email = :email WHERE id = :userid"; if (empty($_POST['newpassword1']) && empty($_POST['newpassword2'])):
$stmt = $sql->prepare($query); updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['newpassword1'], $_POST['newpassword2']);
$stmt->execute(array( header('Location: ' . $_SERVER['PHP_SELF']);
':userid' => $_SESSION['user_id'], elseif (!empty($_POST['newpassword1']) || !empty($_POST['newpassword2'])):
':firstname' => $_POST['firstname'], $errors['newpassword2'] = "New passwords do not match.";
':lastname' => $_POST['lastname'], elseif ($_POST['newpassword1'] != $_POST['newpassword2']):
':email' => $_POST['email'] $errors['newpassword2'] = "New passwords do not match.";
));
header('Location: '.$_SERVER['PHP_SELF']); endif;
exit; //otherwise what?
} endif;
echo "</fieldset>"; ?>
echo "</form>";
//********** END CONTENT **********// <?php //********** END CONTENT **********//
} endif;
require_once($yaptc_inc . "footer.inc.php"); require_once($yaptc_inc . "footer.inc.php");
?> ?>

8
punchlog.php
View File

@ -13,7 +13,7 @@ $userid = $_SESSION['user_id'];
$timenow = date('Y-m-d H:i'); $timenow = date('Y-m-d H:i');
// This is to get the current user status - in or out - and the notes and times associated for use in the form // This is to get the current user status - in or out - and the notes and times associated for use in the form
$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1"); $result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
$result->execute(); $result->execute();
$last = $result->fetchObject(); $last = $result->fetchObject();
@ -65,7 +65,7 @@ if (isset($_POST['punchtime'])) {
// Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in // Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in
if ($status=="In") { if ($status=="In") {
$query = "UPDATE punches SET outtime = :p_punchtime, notes = :p_notes, modified = :p_modified WHERE id = :p_punchid"; $query = "UPDATE punches SET outtime = :p_punchtime, notes = :p_notes, modified = :p_modified WHERE id = :p_punchid";
$stmt = $sql->prepare($query); $stmt = $yaptc_db->prepare($query);
$stmt->execute(array( $stmt->execute(array(
':p_punchid' => $punchid, ':p_punchid' => $punchid,
':p_notes' => $p_notes, ':p_notes' => $p_notes,
@ -74,7 +74,7 @@ if ($status=="In") {
)); ));
} else { } else {
$query = "INSERT INTO punches (userid, notes, intime, modified) VALUES (:p_userid, :p_notes, :p_punchtime, :p_modified)"; $query = "INSERT INTO punches (userid, notes, intime, modified) VALUES (:p_userid, :p_notes, :p_punchtime, :p_modified)";
$stmt = $sql->prepare($query); $stmt = $yaptc_db->prepare($query);
$stmt->execute(array( $stmt->execute(array(
':p_userid' => $_SESSION['user_id'], ':p_userid' => $_SESSION['user_id'],
':p_notes' => $p_notes, ':p_notes' => $p_notes,
@ -94,7 +94,7 @@ echo "</form>";
echo "<h2 class=\"content-subhead\">Punch History</h2>"; echo "<h2 class=\"content-subhead\">Punch History</h2>";
echo "<p>Below is your full punch history, sorted newest to oldest.</p>"; echo "<p>Below is your full punch history, sorted newest to oldest.</p>";
$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC"); $result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC");
$result->execute(); $result->execute();
echo '<table class="pure-table">'; echo '<table class="pure-table">';
echo '<thead>'; echo '<thead>';

165
reports.php
View File

@ -4,129 +4,56 @@ require_once("config.inc.php");
$yaptc_pagename = "Reports"; $yaptc_pagename = "Reports";
require_once($yaptc_inc . "header.inc.php"); require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php"); require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false) { if (getSessionStatus() == false):
killSession(); killSession();
} else { else:
//********** BEGIN CONTENT **********// //********** BEGIN CONTENT **********// ?>
echo "<h2 class=\"content-subhead\">Punch History</h2>"; <h2 class="content-subhead">Punch History</h2>
echo "<p>Below is your company punch history. The below drop-down can be used to select pre-configured reports. Other reports are currently being written.</p>"; <p>Below is your company punch history. The below drop-down can be used to select pre-configured reports. Other reports are currently being written.</p>
<form class="pure-form pure-form-stacked" action="reports.php" method="post">
<fieldset>
<div class="pure-g">
<div class="pure-u-1">
<label for="reporttype">Report Type</label>
<select name="reporttype" class="pure-input-1-2">
<?php if (isset($_POST['reporttype'])): ?>
<option value="<?php echo $_POST['reporttype']; ?>"><?php echo $_POST['reporttype']; ?></option>
<option>----------</option>
<?php else: ?>
<option></option>
<?php endif; ?>
<option value="Hours per week per user">Hours per week per user</option>
<option value="Hours per month per user">Hours per month per user</option>
</select>
</div>
</div>
<button type=\"submit\" class=\"pure-button pure-button-primary\">Submit</button>
</fieldset>
</form>
<?php if (isset($_POST['reporttype'])): ?>
<?php if ($_POST['reporttype'] == "Hours per week per user"): ?><table class="pure-table">
<thead><tr><th>Year</th><th>Week#</th><th>Username</th><th>Hours</th></tr></thead>
<tbody><?php foreach (reportWeeklyByUser($yaptc_db) as $row): ?>
<tr><td><?php echo $row['g_year']; ?></td><td><?php echo $row['g_week']; ?></td><td><?php echo $row['username']; ?></td><td><?php echo $row['punchhours']; ?></td></tr><?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
<?php if ($_POST['reporttype'] == "Hours per month per user"): ?><table class="pure-table">
<thead><tr><th>Year</th><th>Month</th><th>Username</th><th>Hours</th></tr></thead>
<tbody><?php foreach (reportMonthlyByUser($yaptc_db) as $row): ?>
<tr><td><?php echo $row['g_year']; ?></td><td><?php echo $row['g_month']; ?></td><td><?php echo $row['username']; ?></td><td><?php echo $row['punchhours']; ?></td></tr><?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
<?php else: ?>
<p>No query to display. Please select from the dropdown above...</p>
<?php endif; ?>
echo "<form class=\"pure-form pure-form-stacked\" action=\"reports.php\" method=\"post\">";
echo " <fieldset>";
echo " <div class=\"pure-g\">";
echo " <div class=\"pure-u-1\">";
echo " <label for=\"reporttype\">Report Type</label>";
echo " <select name=\"reporttype\" class=\"pure-input-1-2\">";
if (isset($_POST['reporttype'])) { echo "<option value=\"" . $_POST['reporttype'] . "\">" . $_POST['reporttype'] . "</option><option>----------</option>";}
else { echo "<option></option>";}
echo " <option value=\"Hours per week per user\">Hours per week per user</option>";
echo " <option value=\"Hours per month per user\">Hours per month per user</option>";
echo " </select>";
echo " </div>";
echo " </div>";
echo " <button type=\"submit\" class=\"pure-button pure-button-primary\">Submit</button>";
echo " </fieldset>";
echo "</form>";
if (isset($_POST['reporttype'])) { <?php //********** END CONTENT **********//
if ($_POST['reporttype'] == "Hours per week per user") { endif;
$query = "SELECT
YEAR(punches.intime) AS g_year,
WEEK(punches.intime) AS g_week,
ROUND(SUM(TIME_TO_SEC(TIMEDIFF(punches.outtime, punches.intime))/3600),2) AS punchhours,
punches.id as punchid,
users.id as user,
users.username as username,
users.firstname as firstname,
users.lastname as lastname,
punches.intime as intime,
punches.outtime as outtime,
punches.notes as notes,
punches.modified as modified
FROM punches
INNER JOIN users ON punches.userid = users.id
GROUP BY g_year, g_week, users.username;";
$stmt = $sql->prepare($query);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
//set up table header and open table
echo '<table class="pure-table">';
echo '<thead>';
echo '<tr>';
echo '<th>Year</th>';
echo '<th>Week#</th>';
echo '<th>Username</th>';
echo '<th>Hours</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
// $rows is an array containing all records...
foreach ($rows as $row) {
echo "<tr>";
echo "<td>" . $row['g_year'] . "</td>";
echo "<td>" . $row['g_week'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['punchhours'] . "</td>";
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
}
elseif ($_POST['reporttype'] == "Hours per month per user") {
$query = "SELECT
YEAR(punches.intime) AS g_year,
MONTHNAME(punches.intime) AS g_month,
ROUND(SUM(TIME_TO_SEC(TIMEDIFF(punches.outtime, punches.intime))/3600),2) AS punchhours,
punches.id as punchid,
users.id as user,
users.username as username,
users.firstname as firstname,
users.lastname as lastname,
punches.intime as intime,
punches.outtime as outtime,
punches.notes as notes,
punches.modified as modified
FROM punches
INNER JOIN users ON punches.userid = users.id
GROUP BY g_year, g_month, users.username;";
$stmt = $sql->prepare($query);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
//set up table header and open table
echo '<table class="pure-table">';
echo '<thead>';
echo '<tr>';
echo '<th>Year</th>';
echo '<th>Month</th>';
echo '<th>Username</th>';
echo '<th>Hours</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
// $rows is an array containing all records...
foreach ($rows as $row) {
echo "<tr>";
echo "<td>" . $row['g_year'] . "</td>";
echo "<td>" . $row['g_month'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['punchhours'] . "</td>";
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
}
else {
echo "no query";
}
} else { echo "no query"; }
//********** END CONTENT **********//
}
require_once($yaptc_inc . "footer.inc.php"); require_once($yaptc_inc . "footer.inc.php");
?> ?>

118
users.php
View File

@ -7,11 +7,11 @@ require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false) { if (getSessionStatus() == false) {
killSession(); killSession();
} else { } else {
//********** BEGIN CONTENT **********// //********** BEGIN CONTENT **********// ?>
echo "<h2 class=\"content-subhead\">Add User</h2>";
echo "<p>Use the following form to add users to the system. Passwords must be 8+ characters. Email must be filled out, and username must be unique.</p>";
<h2 class="content-subhead">Add User</h2>
<p>All fields are required! Password must be 8+ characters. Username and email must be unique.</p>
<?php
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php"); require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
if (!empty($_POST['newuser'])) if (!empty($_POST['newuser']))
{ {
@ -31,18 +31,6 @@ if (!empty($_POST['newuser']))
{ {
$errors['password'] = "Password must be at least 8 charcaters."; $errors['password'] = "Password must be at least 8 charcaters.";
} }
// OPTIONAL
// Force passwords to contain at least one number and one special character.
/*
if (!preg_match('/[0-9]/', $_POST['password']))
{
$errors['password'] = "Password must contain at least one number.";
}
if (!preg_match('/[\W]/', $_POST['password']))
{
$errors['password'] = "Password must contain at least one special character.";
}
*/
if (empty($_POST['password_confirm'])) if (empty($_POST['password_confirm']))
{ {
$errors['password_confirm'] = "Please confirm password."; $errors['password_confirm'] = "Please confirm password.";
@ -56,28 +44,15 @@ if (!empty($_POST['newuser']))
{ {
$errors['email'] = "Not a valid email address."; $errors['email'] = "Not a valid email address.";
} }
/**
* Check that the username and email aren't already in our database.
* Note the use of prepared statements. If you aren't using prepared
* statements, be sure to escape your data before passing it to the query.
*
* Note also the absence of SELECT *
* Grab the columns you need, nothing more.
*/
$query = "SELECT username, email $query = "SELECT username, email
FROM users FROM users
WHERE username = :username OR email = :email"; WHERE username = :username OR email = :email";
$stmt = $sql->prepare($query); $stmt = $yaptc_db->prepare($query);
$stmt->execute(array( $stmt->execute(array(
':username' => $_POST['username'], ':username' => $_POST['username'],
':email' => $email ':email' => $email
)); ));
/**
* There may well be more than one point of failure, but all we really need
* is the first one.
*/
$existing = $stmt->fetchObject(); $existing = $stmt->fetchObject();
if ($existing) if ($existing)
@ -93,26 +68,13 @@ if (!empty($_POST['newuser']))
} }
} }
/**
* If the form has been submitted and no errors were detected, we can proceed
* to account creation.
*/
if (!empty($_POST['newuser']) && empty($errors)) if (!empty($_POST['newuser']) && empty($errors))
{ {
/**
* Hash password before storing in database
*/
$hasher = new PasswordHash(8, FALSE); $hasher = new PasswordHash(8, FALSE);
$password = $hasher->HashPassword($_POST['password']); $password = $hasher->HashPassword($_POST['password']);
/**
* I'm going to mention it again because it's important; if you aren't using
* prepared statements, be sure to escape your data before passing it to
* your query.
*/
$query = "INSERT INTO users (firstname, lastname, username, password, email, created, usertype) $query = "INSERT INTO users (firstname, lastname, username, password, email, created, usertype)
VALUES (:firstname, :lastname, :username, :password, :email, NOW(), :usertype)"; VALUES (:firstname, :lastname, :username, :password, :email, NOW(), :usertype)";
$stmt = $sql->prepare($query); $stmt = $yaptc_db->prepare($query);
$success = $stmt->execute(array( $success = $stmt->execute(array(
':firstname' => $_POST['firstname'], ':firstname' => $_POST['firstname'],
':lastname' => $_POST['lastname'], ':lastname' => $_POST['lastname'],
@ -134,13 +96,6 @@ if (!empty($_POST['newuser']) && empty($errors))
?> ?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>User Registration</title>
</head>
<body>
<?php if (isset($message)): ?> <?php if (isset($message)): ?>
<p class="success"><?php echo $message; ?></p> <p class="success"><?php echo $message; ?></p>
<?php endif; ?> <?php endif; ?>
@ -193,7 +148,7 @@ if (!empty($_POST['deluser']))
{ {
if ($_SERVER['REQUEST_METHOD'] == 'DELETE' || ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['_METHOD'] == 'DELETE')) { if ($_SERVER['REQUEST_METHOD'] == 'DELETE' || ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['_METHOD'] == 'DELETE')) {
$deleteid = (int) $_POST['deleteid']; $deleteid = (int) $_POST['deleteid'];
$deletequery = $sql->prepare("DELETE FROM users WHERE users.id=$deleteid"); $deletequery = $yaptc_db->prepare("DELETE FROM users WHERE users.id=$deleteid");
$deletequery->execute(); $deletequery->execute();
echo "user deleted!"; echo "user deleted!";
if ($deletequery !== false) { if ($deletequery !== false) {
@ -205,45 +160,42 @@ echo "user deleted!";
} }
echo "<h2 class=\"content-subhead\">User List</h2>"; ?>
echo "<p>Current users. To edit, select the edit button in the right column.</p>";
$result = $sql->prepare("SELECT users.id as userid, users.username as username, users.email as email, users.created as created, users.firstname as firstname, users.lastname as lastname, users.usertype as usertypeid, usertypes.typename as usertype <h2 class="content-subhead">User List</h2>
FROM yaptc.users <p>Current users. To edit, select the edit button in the right column.</p>
INNER JOIN usertypes ON users.usertype = usertypes.id <table class="pure-table">
ORDER BY users.lastname ASC;"); <thead>
$result->execute(); <tr>
echo '<table class="pure-table">'; <th>First Name</th>
echo '<thead>'; <th>Last Name</th>
echo '<tr>'; <th>Username</th>
echo '<th>First Name</th>'; <th>Email</th>
echo '<th>Last Name</th>'; <th>Created</th>
echo '<th>Username</th>'; <th>User Type</th>
echo '<th>Email</th>'; <th>Actions</th>
echo '<th>Created</th>'; </tr>
echo '<th>User Type</th>'; </thead>
echo '<th>Actions</th>'; <tbody>
echo '</tr>'; <tr>
echo '</thead>'; <?php
echo '<tbody>'; foreach (listUsers($yaptc_db) as $row) {
while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<tr>";
echo "<td>" . $row['firstname'] . "</td>"; echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>"; echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['username'] . "</td>"; echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['email'] . "</td>"; echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['created'] . "</td>"; echo "<td>" . $row['created'] . "</td>";
echo "<td>" . $row['usertype'] . "</td>"; echo "<td>" . $row['usertype'] . "</td>";
?><td><form method="post" onsubmit="return confirm('Are you sure you want to delete this user?')"> ?>
<td><form method="post" onsubmit="return confirm('WARNING! - WARNING! - WARNING! This will delete the user and ALL punches associated with them. There is NO UNDO! Are you sure?')">
<input type="hidden" name="_METHOD" value="DELETE"> <input type="hidden" name="_METHOD" value="DELETE">
<input type="hidden" name="deleteid" value="<?php echo $row['userid']; ?>"><button name="deluser" value="deluser" type="submit">Delete</button></form></td> <input type="hidden" name="deleteid" value="<?php echo $row['userid']; ?>"><button button class="button-error pure-button" name="deluser" value="deluser" type="submit">Delete</button></form></td>
<?php </tr>
echo "</tr>"; <?php } ?>
} </tbody>
echo '</tbody>'; </table>
echo '</table>';
//********** END CONTENT **********// <?php //********** END CONTENT **********//
require_once($yaptc_inc . "footer.inc.php"); require_once($yaptc_inc . "footer.inc.php");
?> ?>