user deletion fixed, license added for fpdf even though not using

This commit is contained in:
Josh North 2015-02-20 01:57:34 -05:00
parent ca258c49fc
commit dc77dc7e65
10 changed files with 199 additions and 307 deletions

6
LICENSE (fpdf) Executable file
View File

@ -0,0 +1,6 @@
FPDF has no license details... except as below as stated on http://www.fpdf.org/en/FAQ.php#q1
1. What's exactly the license of FPDF? Are there any usage restrictions?
FPDF is released under a permissive license: there is no usage restriction. You may embed it freely in your application (commercial or not), with or without modifications.

View File

@ -2,7 +2,6 @@
<div class="header">
<h2>Server Time: <span id="date_time"></span><script type="text/javascript">window.onload = date_time('date_time');</script></h2>
</div>
</div>
<script src="<?php echo $yaptc_libweb; ?>ui.js"></script>
</body>

View File

@ -13,7 +13,7 @@
// Get login status and access level
if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($sql); } else { $userLogged = false; $userAccess = ""; }
if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($yaptc_db); } else { $userLogged = false; $userAccess = ""; }
// All menu options - only ones with permissions allowed are shown to logged-in users.
// Home
@ -54,8 +54,8 @@ if ($userLogged == false) {
<div class="header">
<h1><?php echo $yaptc_pagename; ?></h1>
<h2><?php if (isset($_SESSION['user_id'])) {echo "Logged as: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname'];} else {echo "Please log in to use the timecard system";}?></h2>
<h4><?php if (!empty($adminmessage)) {echo "<div class=\"successmessage\">" . $adminmessage . "</div>"; } ?></h4>
<h2><?php if (isset($_SESSION['user_id'])): echo "Logged as: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname']; else: echo "Please log in to use the timecard system"; endif; ?></h2>
<h4><?php if (!empty($adminmessage)): echo "<div class=\"adminmessage\">" . $adminmessage . "</div>"; endif; ?></h4>
</div>
<div class="content">

View File

@ -4,14 +4,20 @@ require_once("config.inc.php");
$yaptc_pagename = "Home";
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false) {
if (getSessionStatus() == false):
killSession();
} else {
//********** BEGIN CONTENT **********//
else:
//********** BEGIN CONTENT **********// ?>
<?php
$userid = $_SESSION['user_id'];
// This is to get the current user status - in or out - and the notes and times associated for use in the form
$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
$result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
$result->execute();
$last = $result->fetchObject();
@ -75,7 +81,7 @@ $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches
// Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in
if ($status == "In") {
$query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid";
$stmt = $sql->prepare($query);
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(
':p_punchid' => $punchid,
':p_notes' => $p_notes
@ -83,7 +89,7 @@ $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches
} //$status == "In"
else {
$query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())";
$stmt = $sql->prepare($query);
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(
':p_userid' => $_SESSION['user_id'],
':p_notes' => $p_notes
@ -97,9 +103,10 @@ $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches
// Close out the form...
echo "</fieldset>";
echo "</form>";
?>
//********** END CONTENT **********//
}
<?php //********** END CONTENT **********//
endif;
require_once($yaptc_inc . "footer.inc.php");
?>

View File

@ -4,34 +4,33 @@ require_once("config.inc.php");
$yaptc_pagename = "Login";
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
//********** BEGIN CONTENT **********//
// Is user logged in? If so, tell them and go to main...
if (isset($_SESSION['user_id']) && isset($_SESSION['signature']) && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] = true && $_SESSION['signature'] = md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
{
if (getSessionStatus() == true):
header ("Refresh:3; url=index.php", true, 303);
echo "<h2 class=\"content-subhead\">You are already logged in...</h2>";
}
else
{
echo "<h2 class=\"content-subhead\">User Login</h2>";
echo "<form class=\"pure-form\" action=\"login.php\" method=\"post\">";
echo "<fieldset class=\"pure-group\" id=\"login\">";
echo "<label for=\"username\">Username</label>";
echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"Username\" id=\"username\" name=\"username\">";
echo "<label for=\"password\">Password</label>";
echo "<input type=\"password\" class=\"pure-input-1-2\" placeholder=\"Password\" id=\"password\" name=\"password\">";
echo "</fieldset>";
echo "<button type=\"submit\" class=\"pure-button pure-input-1-2 pure-button-primary\" value=\"Login\">Sign in</button>";
echo "</form>";
else:
//********** BEGIN CONTENT **********// ?>
<h2 class="content-subhead">User Login</h2>
<form class="pure-form" action="login.php" method="post">
<fieldset class="pure-group" id="login">
<input type="text" class="pure-input-1" placeholder="Username" id="username" name="username" />
<input type="password" class="pure-input-1" placeholder="Password" id="password" name="password" />
</fieldset>
<button type="submit" class="pure-button button-success pure-input-1 pure-button-primary" value="Login">Sign in</button>
</form>
<?php
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$hasher = new PasswordHash(8, FALSE);
if (!empty($_POST)) {
if (!empty($_POST)):
$query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt, firstname, lastname FROM users WHERE username = :username";
$stmt = $sql->prepare($query);
$stmt->execute(array(':username' => $_POST['username']));
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(
':username' => $_POST['username']
));
$user = $stmt->fetchObject();
if ($user && $user->password == $hasher->CheckPassword($_POST['password'], $user->password)) {
if ($user && $user->password == $hasher->CheckPassword($_POST['password'], $user->password)):
session_regenerate_id();
$_SESSION['user_id'] = $user->id;
$_SESSION['loggedIn'] = TRUE;
@ -39,20 +38,16 @@ require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$_SESSION['firstname'] = $user->firstname;
$_SESSION['lastname'] = $user->lastname;
session_write_close();
echo "Login successful...";
header("Location: index.php");
}
else
{
else:
header("Refresh:3; url=login.php", true, 303);
echo "<h2 class=\"content-subhead\">Login failed, please try again...</h2>";
}
}
}
endif;
endif;
?>
//********** END CONTENT **********//
<?php //********** END CONTENT **********//
endif;
require_once($yaptc_inc . "footer.inc.php");
?>

View File

@ -32,8 +32,8 @@ CREATE TABLE `punches` (
`intime` datetime NOT NULL,
`outtime` datetime DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `userid` (`userid`),
CONSTRAINT `punches_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `users` (`id`)
KEY `punches_ibfk_1` (`userid`),
CONSTRAINT `punches_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -63,9 +63,9 @@ CREATE TABLE `users` (
`lastname` varchar(50) DEFAULT NULL,
`usertype` int(11) unsigned zerofill NOT NULL,
PRIMARY KEY (`id`),
KEY `usertype` (`usertype`),
CONSTRAINT `users_ibfk_1` FOREIGN KEY (`usertype`) REFERENCES `usertypes` (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8;
KEY `users_ibfk_1` (`usertype`),
CONSTRAINT `users_ibfk_1` FOREIGN KEY (`usertype`) REFERENCES `usertypes` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB AUTO_INCREMENT=21 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
@ -101,10 +101,6 @@ LOCK TABLES `usertypes` WRITE;
INSERT INTO `usertypes` VALUES (00000000001,'Administrator'),(00000000002,'User');
/*!40000 ALTER TABLE `usertypes` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping routines for database 'yaptc'
--
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
@ -115,4 +111,4 @@ UNLOCK TABLES;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2015-02-18 19:57:14
-- Dump completed on 2015-02-20 1:54:16

View File

@ -4,67 +4,77 @@ require_once("config.inc.php");
$yaptc_pagename = "Profile";
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false) {
if (getSessionStatus() == false):
killSession();
} else {
//********** BEGIN CONTENT **********//
else:
//********** BEGIN CONTENT **********// ?>
<?php
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id";
$stmt = $sql->prepare($query);
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(':id' => $_SESSION['user_id']));
$user = $stmt->fetchObject();
?>
<h2 class\"content-subhead">Profile Information</h2>
<?php if (isset($errors['update'])): ?>
<p class="error"><?php echo $errors['update']; ?></p>
<?php endif; ?>
<h2 class="content-subhead">Profile Information</h2>
<p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".</p>
<form class="pure-form pure-form-aligned" action="profile.php" method="post">
<fieldset>
<div class="pure-control-group">
<p>PASSWORD CHANGE IS NOT CURRENTLY IMPLEMENTED</p>
<form class="pure-form pure-form-stacked" action="profile.php" method="post">
<fieldset id="update">
<div class="pure-g">
<div class="pure-u-1 pure-u-md-1-3">
<label for="username">Username</label>
<input type="text" name="username" maxlength="50" value="<?php echo $user->username; ?>" readonly>
</div>
<div class="pure-control-group">
<label for="created">Created</label>
<input type="text" name="created" value="<?php echo $user->created; ?>" readonly>
</div>
<div class="pure-control-group">
<label for="usertype">User Type</label>
<input type="text" name="usertype" maxlength="50" value="<?php echo $user->usertype; ?>" readonly>
</div>
<div class="pure-control-group">
<div class="pure-u-1 pure-u-md-1-3">
<label for="firstname">First Name</label>
<input type="text" name="firstname" maxlength="50" value="<?php echo $user->firstname; ?>">
</div>
<div class="pure-control-group">
<label for="lastname">Last Name</label>
<input type="text" name="lastname" maxlength="50" value="<?php echo $user->lastname; ?>">
</div>
<div class="pure-control-group">
<label for="email">Email</label>
<input type="text" name="email" maxlength="100" value="<?php echo $user->email; ?>">
</div>
<div class="pure-controls">
<button type="submit" class="pure-button button-xlarge button-success">Save</button>
<div class="pure-u-1 pure-u-md-1-3">
<label for="newpassword1">New Password</label>
<input type="password" name="newpassword1" maxlength="50" disabled>
<label for="newpassword2">Confirm Password</label>
<input type="password" name="newpassword2" maxlength="50" disabled>
<?php echo isset($errors['newpassword2']) ? $errors['newpassword2'] : ''; ?>
</div>
<div class="pure-controls pure-u-1">
<button type="submit" class="pure-input-1 pure-button button-success ">Save</button>
</div>
</div>
</fieldset>
</form>
<?php
if (!empty($_POST)) {
$query = "UPDATE users SET firstname = :firstname, lastname = :lastname, email = :email WHERE id = :userid";
$stmt = $sql->prepare($query);
$stmt->execute(array(
':userid' => $_SESSION['user_id'],
':firstname' => $_POST['firstname'],
':lastname' => $_POST['lastname'],
':email' => $_POST['email']
));
if (!empty($_POST)):
if (empty($_POST['newpassword1']) && empty($_POST['newpassword2'])):
updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['newpassword1'], $_POST['newpassword2']);
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
echo "</fieldset>";
echo "</form>";
elseif (!empty($_POST['newpassword1']) || !empty($_POST['newpassword2'])):
$errors['newpassword2'] = "New passwords do not match.";
elseif ($_POST['newpassword1'] != $_POST['newpassword2']):
$errors['newpassword2'] = "New passwords do not match.";
endif;
//otherwise what?
endif;
?>
//********** END CONTENT **********//
}
<?php //********** END CONTENT **********//
endif;
require_once($yaptc_inc . "footer.inc.php");
?>

View File

@ -13,7 +13,7 @@ $userid = $_SESSION['user_id'];
$timenow = date('Y-m-d H:i');
// This is to get the current user status - in or out - and the notes and times associated for use in the form
$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
$result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
$result->execute();
$last = $result->fetchObject();
@ -65,7 +65,7 @@ if (isset($_POST['punchtime'])) {
// Is the user currently punched in? If so, insert the punch out record, otherwise, insert a new punch in
if ($status=="In") {
$query = "UPDATE punches SET outtime = :p_punchtime, notes = :p_notes, modified = :p_modified WHERE id = :p_punchid";
$stmt = $sql->prepare($query);
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(
':p_punchid' => $punchid,
':p_notes' => $p_notes,
@ -74,7 +74,7 @@ if ($status=="In") {
));
} else {
$query = "INSERT INTO punches (userid, notes, intime, modified) VALUES (:p_userid, :p_notes, :p_punchtime, :p_modified)";
$stmt = $sql->prepare($query);
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(
':p_userid' => $_SESSION['user_id'],
':p_notes' => $p_notes,
@ -94,7 +94,7 @@ echo "</form>";
echo "<h2 class=\"content-subhead\">Punch History</h2>";
echo "<p>Below is your full punch history, sorted newest to oldest.</p>";
$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC");
$result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC");
$result->execute();
echo '<table class="pure-table">';
echo '<thead>';

View File

@ -4,129 +4,56 @@ require_once("config.inc.php");
$yaptc_pagename = "Reports";
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false) {
if (getSessionStatus() == false):
killSession();
} else {
//********** BEGIN CONTENT **********//
else:
//********** BEGIN CONTENT **********// ?>
echo "<h2 class=\"content-subhead\">Punch History</h2>";
echo "<p>Below is your company punch history. The below drop-down can be used to select pre-configured reports. Other reports are currently being written.</p>";
<h2 class="content-subhead">Punch History</h2>
<p>Below is your company punch history. The below drop-down can be used to select pre-configured reports. Other reports are currently being written.</p>
<form class="pure-form pure-form-stacked" action="reports.php" method="post">
<fieldset>
<div class="pure-g">
<div class="pure-u-1">
<label for="reporttype">Report Type</label>
<select name="reporttype" class="pure-input-1-2">
<?php if (isset($_POST['reporttype'])): ?>
<option value="<?php echo $_POST['reporttype']; ?>"><?php echo $_POST['reporttype']; ?></option>
<option>----------</option>
<?php else: ?>
<option></option>
<?php endif; ?>
<option value="Hours per week per user">Hours per week per user</option>
<option value="Hours per month per user">Hours per month per user</option>
</select>
</div>
</div>
<button type=\"submit\" class=\"pure-button pure-button-primary\">Submit</button>
</fieldset>
</form>
<?php if (isset($_POST['reporttype'])): ?>
<?php if ($_POST['reporttype'] == "Hours per week per user"): ?><table class="pure-table">
<thead><tr><th>Year</th><th>Week#</th><th>Username</th><th>Hours</th></tr></thead>
<tbody><?php foreach (reportWeeklyByUser($yaptc_db) as $row): ?>
<tr><td><?php echo $row['g_year']; ?></td><td><?php echo $row['g_week']; ?></td><td><?php echo $row['username']; ?></td><td><?php echo $row['punchhours']; ?></td></tr><?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
<?php if ($_POST['reporttype'] == "Hours per month per user"): ?><table class="pure-table">
<thead><tr><th>Year</th><th>Month</th><th>Username</th><th>Hours</th></tr></thead>
<tbody><?php foreach (reportMonthlyByUser($yaptc_db) as $row): ?>
<tr><td><?php echo $row['g_year']; ?></td><td><?php echo $row['g_month']; ?></td><td><?php echo $row['username']; ?></td><td><?php echo $row['punchhours']; ?></td></tr><?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
<?php else: ?>
<p>No query to display. Please select from the dropdown above...</p>
<?php endif; ?>
echo "<form class=\"pure-form pure-form-stacked\" action=\"reports.php\" method=\"post\">";
echo " <fieldset>";
echo " <div class=\"pure-g\">";
echo " <div class=\"pure-u-1\">";
echo " <label for=\"reporttype\">Report Type</label>";
echo " <select name=\"reporttype\" class=\"pure-input-1-2\">";
if (isset($_POST['reporttype'])) { echo "<option value=\"" . $_POST['reporttype'] . "\">" . $_POST['reporttype'] . "</option><option>----------</option>";}
else { echo "<option></option>";}
echo " <option value=\"Hours per week per user\">Hours per week per user</option>";
echo " <option value=\"Hours per month per user\">Hours per month per user</option>";
echo " </select>";
echo " </div>";
echo " </div>";
echo " <button type=\"submit\" class=\"pure-button pure-button-primary\">Submit</button>";
echo " </fieldset>";
echo "</form>";
if (isset($_POST['reporttype'])) {
if ($_POST['reporttype'] == "Hours per week per user") {
$query = "SELECT
YEAR(punches.intime) AS g_year,
WEEK(punches.intime) AS g_week,
ROUND(SUM(TIME_TO_SEC(TIMEDIFF(punches.outtime, punches.intime))/3600),2) AS punchhours,
punches.id as punchid,
users.id as user,
users.username as username,
users.firstname as firstname,
users.lastname as lastname,
punches.intime as intime,
punches.outtime as outtime,
punches.notes as notes,
punches.modified as modified
FROM punches
INNER JOIN users ON punches.userid = users.id
GROUP BY g_year, g_week, users.username;";
$stmt = $sql->prepare($query);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
//set up table header and open table
echo '<table class="pure-table">';
echo '<thead>';
echo '<tr>';
echo '<th>Year</th>';
echo '<th>Week#</th>';
echo '<th>Username</th>';
echo '<th>Hours</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
// $rows is an array containing all records...
foreach ($rows as $row) {
echo "<tr>";
echo "<td>" . $row['g_year'] . "</td>";
echo "<td>" . $row['g_week'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['punchhours'] . "</td>";
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
}
elseif ($_POST['reporttype'] == "Hours per month per user") {
$query = "SELECT
YEAR(punches.intime) AS g_year,
MONTHNAME(punches.intime) AS g_month,
ROUND(SUM(TIME_TO_SEC(TIMEDIFF(punches.outtime, punches.intime))/3600),2) AS punchhours,
punches.id as punchid,
users.id as user,
users.username as username,
users.firstname as firstname,
users.lastname as lastname,
punches.intime as intime,
punches.outtime as outtime,
punches.notes as notes,
punches.modified as modified
FROM punches
INNER JOIN users ON punches.userid = users.id
GROUP BY g_year, g_month, users.username;";
$stmt = $sql->prepare($query);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
//set up table header and open table
echo '<table class="pure-table">';
echo '<thead>';
echo '<tr>';
echo '<th>Year</th>';
echo '<th>Month</th>';
echo '<th>Username</th>';
echo '<th>Hours</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
// $rows is an array containing all records...
foreach ($rows as $row) {
echo "<tr>";
echo "<td>" . $row['g_year'] . "</td>";
echo "<td>" . $row['g_month'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['punchhours'] . "</td>";
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
}
else {
echo "no query";
}
} else { echo "no query"; }
//********** END CONTENT **********//
}
<?php //********** END CONTENT **********//
endif;
require_once($yaptc_inc . "footer.inc.php");
?>

118
users.php
View File

@ -7,11 +7,11 @@ require_once($yaptc_inc . "menu.inc.php");
if (getSessionStatus() == false) {
killSession();
} else {
//********** BEGIN CONTENT **********//
echo "<h2 class=\"content-subhead\">Add User</h2>";
echo "<p>Use the following form to add users to the system. Passwords must be 8+ characters. Email must be filled out, and username must be unique.</p>";
//********** BEGIN CONTENT **********// ?>
<h2 class="content-subhead">Add User</h2>
<p>All fields are required! Password must be 8+ characters. Username and email must be unique.</p>
<?php
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
if (!empty($_POST['newuser']))
{
@ -31,18 +31,6 @@ if (!empty($_POST['newuser']))
{
$errors['password'] = "Password must be at least 8 charcaters.";
}
// OPTIONAL
// Force passwords to contain at least one number and one special character.
/*
if (!preg_match('/[0-9]/', $_POST['password']))
{
$errors['password'] = "Password must contain at least one number.";
}
if (!preg_match('/[\W]/', $_POST['password']))
{
$errors['password'] = "Password must contain at least one special character.";
}
*/
if (empty($_POST['password_confirm']))
{
$errors['password_confirm'] = "Please confirm password.";
@ -56,28 +44,15 @@ if (!empty($_POST['newuser']))
{
$errors['email'] = "Not a valid email address.";
}
/**
* Check that the username and email aren't already in our database.
* Note the use of prepared statements. If you aren't using prepared
* statements, be sure to escape your data before passing it to the query.
*
* Note also the absence of SELECT *
* Grab the columns you need, nothing more.
*/
$query = "SELECT username, email
FROM users
WHERE username = :username OR email = :email";
$stmt = $sql->prepare($query);
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(
':username' => $_POST['username'],
':email' => $email
));
/**
* There may well be more than one point of failure, but all we really need
* is the first one.
*/
$existing = $stmt->fetchObject();
if ($existing)
@ -93,26 +68,13 @@ if (!empty($_POST['newuser']))
}
}
/**
* If the form has been submitted and no errors were detected, we can proceed
* to account creation.
*/
if (!empty($_POST['newuser']) && empty($errors))
{
/**
* Hash password before storing in database
*/
$hasher = new PasswordHash(8, FALSE);
$password = $hasher->HashPassword($_POST['password']);
/**
* I'm going to mention it again because it's important; if you aren't using
* prepared statements, be sure to escape your data before passing it to
* your query.
*/
$query = "INSERT INTO users (firstname, lastname, username, password, email, created, usertype)
VALUES (:firstname, :lastname, :username, :password, :email, NOW(), :usertype)";
$stmt = $sql->prepare($query);
$stmt = $yaptc_db->prepare($query);
$success = $stmt->execute(array(
':firstname' => $_POST['firstname'],
':lastname' => $_POST['lastname'],
@ -134,13 +96,6 @@ if (!empty($_POST['newuser']) && empty($errors))
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>User Registration</title>
</head>
<body>
<?php if (isset($message)): ?>
<p class="success"><?php echo $message; ?></p>
<?php endif; ?>
@ -193,7 +148,7 @@ if (!empty($_POST['deluser']))
{
if ($_SERVER['REQUEST_METHOD'] == 'DELETE' || ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['_METHOD'] == 'DELETE')) {
$deleteid = (int) $_POST['deleteid'];
$deletequery = $sql->prepare("DELETE FROM users WHERE users.id=$deleteid");
$deletequery = $yaptc_db->prepare("DELETE FROM users WHERE users.id=$deleteid");
$deletequery->execute();
echo "user deleted!";
if ($deletequery !== false) {
@ -205,45 +160,42 @@ echo "user deleted!";
}
echo "<h2 class=\"content-subhead\">User List</h2>";
echo "<p>Current users. To edit, select the edit button in the right column.</p>";
$result = $sql->prepare("SELECT users.id as userid, users.username as username, users.email as email, users.created as created, users.firstname as firstname, users.lastname as lastname, users.usertype as usertypeid, usertypes.typename as usertype
FROM yaptc.users
INNER JOIN usertypes ON users.usertype = usertypes.id
ORDER BY users.lastname ASC;");
$result->execute();
echo '<table class="pure-table">';
echo '<thead>';
echo '<tr>';
echo '<th>First Name</th>';
echo '<th>Last Name</th>';
echo '<th>Username</th>';
echo '<th>Email</th>';
echo '<th>Created</th>';
echo '<th>User Type</th>';
echo '<th>Actions</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<tr>";
?>
<h2 class="content-subhead">User List</h2>
<p>Current users. To edit, select the edit button in the right column.</p>
<table class="pure-table">
<thead>
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>Username</th>
<th>Email</th>
<th>Created</th>
<th>User Type</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<tr>
<?php
foreach (listUsers($yaptc_db) as $row) {
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['created'] . "</td>";
echo "<td>" . $row['usertype'] . "</td>";
?><td><form method="post" onsubmit="return confirm('Are you sure you want to delete this user?')">
?>
<td><form method="post" onsubmit="return confirm('WARNING! - WARNING! - WARNING! This will delete the user and ALL punches associated with them. There is NO UNDO! Are you sure?')">
<input type="hidden" name="_METHOD" value="DELETE">
<input type="hidden" name="deleteid" value="<?php echo $row['userid']; ?>"><button name="deluser" value="deluser" type="submit">Delete</button></form></td>
<?php
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
<input type="hidden" name="deleteid" value="<?php echo $row['userid']; ?>"><button button class="button-error pure-button" name="deluser" value="deluser" type="submit">Delete</button></form></td>
</tr>
<?php } ?>
</tbody>
</table>
//********** END CONTENT **********//
<?php //********** END CONTENT **********//
require_once($yaptc_inc . "footer.inc.php");
?>