From f01b6a129a6a7ec2b0dfd3da149a261b2db4edf9 Mon Sep 17 00:00:00 2001
From: Josh North <josh.north@point808.com>
Date: Wed, 18 Feb 2015 20:01:47 -0500
Subject: [PATCH] new schema

---
 config.inc.php.example | 23 ++++++++++++++++++++
 includes/menu.inc.php  | 48 +++++++++++++++++++++++++++---------------
 schema.mysql           | 14 ++++++++----
 3 files changed, 64 insertions(+), 21 deletions(-)

diff --git a/config.inc.php.example b/config.inc.php.example
index 1d6e20c..d929c7a 100755
--- a/config.inc.php.example
+++ b/config.inc.php.example
@@ -16,4 +16,27 @@
   $yaptc_incweb = $yaptc_webpath . 'includes/';
   $yaptc_lib = $yaptc_dirpath . 'lib/';
   $yaptc_libweb = $yaptc_webpath . 'lib/';
+
+function getSessionStatus(){
+  if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
+  {
+    return false;
+  } else {
+    return true;
+  }
+}
+
+function getSessionAccess($sql){
+  if (isset($_SESSION['user_id']))
+  {
+    $query3 = "SELECT users.id as userid, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id";
+    $stmt3 = $sql->prepare($query3);
+    $stmt3->execute(array(':id' => $_SESSION['user_id']));
+    $user3 = $stmt3->fetchObject();
+    return $user3->usertype;
+  }
+}
+
+
+
 ?>
diff --git a/includes/menu.inc.php b/includes/menu.inc.php
index 3aa7b12..3ea0cdf 100755
--- a/includes/menu.inc.php
+++ b/includes/menu.inc.php
@@ -10,27 +10,41 @@
           <a class="pure-menu-heading" href="index.php"><?php echo $yaptc_company; ?></a>
           <ul>
             <?php
-// eventually i should go back here and oiinly allow menu options to open based on the user type details...
 
-  // If user is not logged in, only show login option
-  if (!isset($_SESSION['user_id']) || !isset($_SESSION['signature']) || !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != true || $_SESSION['signature'] != md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
-  {
-
-
-              echo '<li'; if ($yaptc_pagename=='Login') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="login.php">Login</a></li>';
+// Get login status and access level
+if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($sql); } else { $userLogged = false; $userAccess = ""; }
 
+// All menu options - only ones with permissions allowed are shown to logged-in users.
+// Home
+if ($userLogged == true) {
+  echo '<li'; if ($yaptc_pagename=='Home') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="index.php">Home</a></li>';
+  }
+// Profile
+if ($userLogged == true) {
+  echo '<li'; if ($yaptc_pagename=='Profile') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="profile.php">Profile</a></li>';
+  }
+// Punch Log
+if ($userLogged == true) {
+  echo '<li'; if ($yaptc_pagename=='Punch Log') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="punchlog.php">Punch Log</a></li>';
+  }
+// Users
+if ($userLogged == true && $userAccess == "Administrator") {
+  echo '<li'; if ($yaptc_pagename=='Users') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="users.php">Users</a></li>';
+  }
+// Reports
+if ($userLogged == true && $userAccess == "Administrator") {
+  echo '<li'; if ($yaptc_pagename=='Reports') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="reports.php">Reports</a></li>';
+  }       
+// Logout
+if ($userLogged == true) {
+  echo '<li'; if ($yaptc_pagename=='Logout') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="logout.php">Logout</a></li>';
+  }
+// Login
+if ($userLogged == false) {
+  echo '<li'; if ($yaptc_pagename=='Login') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="login.php">Login</a></li>';
   }
-  else
-  {
 
-              echo '<li'; if ($yaptc_pagename=='Home') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="index.php">Home</a></li>';
-              echo '<li'; if ($yaptc_pagename=='Profile') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="profile.php">Profile</a></li>';
-              echo '<li'; if ($yaptc_pagename=='Punch Log') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="punchlog.php">Punch Log</a></li>';
-              echo '<li'; if ($yaptc_pagename=='Users') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="users.php">Users</a></li>';
-              echo '<li'; if ($yaptc_pagename=='Reports') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="reports.php">Reports</a></li>';
-              echo '<li'; if ($yaptc_pagename=='Logout') {echo ' class="pure-menu-selected">';} else {echo '>';} echo '<a href="logout.php">Logout</a></li>';
-}
-            ?>
+?>
           </ul>
         </div>
       </div>
diff --git a/schema.mysql b/schema.mysql
index 3c9e987..3ed7c05 100755
--- a/schema.mysql
+++ b/schema.mysql
@@ -1,6 +1,8 @@
+CREATE DATABASE  IF NOT EXISTS `yaptc` /*!40100 DEFAULT CHARACTER SET latin1 */;
+USE `yaptc`;
 -- MySQL dump 10.13  Distrib 5.5.41, for debian-linux-gnu (i686)
 --
--- Host: localhost    Database: yaptc
+-- Host: 127.0.0.1    Database: yaptc
 -- ------------------------------------------------------
 -- Server version	5.5.41-0ubuntu0.14.04.1
 
@@ -63,7 +65,7 @@ CREATE TABLE `users` (
   PRIMARY KEY (`id`),
   KEY `usertype` (`usertype`),
   CONSTRAINT `users_ibfk_1` FOREIGN KEY (`usertype`) REFERENCES `usertypes` (`id`)
-) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
 --
@@ -72,7 +74,7 @@ CREATE TABLE `users` (
 
 LOCK TABLES `users` WRITE;
 /*!40000 ALTER TABLE `users` DISABLE KEYS */;
-INSERT INTO `users` VALUES (00000000001,'jnorth','$2a$08$XNSfZQrDFRvQBwhAbt1t1.sq1DujMbcsaueWVczN8Jgb/VynnBHE6','josh.north@point808.com','2015-02-10 23:09:48','Josh','North',00000000001),(00000000003,'testuser','$2a$08$9Q7brl4YuNY9nwTD4L00Te6FKvXbjDRwNIMbVEUG0dSCVgKYatLO2','test@point808.com','2015-02-12 08:27:48','Test','User',00000000001);
+INSERT INTO `users` VALUES (00000000001,'admin','$2a$08$6WUE0S4UEYJO5.GMoCzjAO.W8y4Gage/tC7.SWEppWxwQO2ccjMgy','admin@example.com','2015-02-18 19:50:31','System','Administrator',00000000001);
 /*!40000 ALTER TABLE `users` ENABLE KEYS */;
 UNLOCK TABLES;
 
@@ -99,6 +101,10 @@ LOCK TABLES `usertypes` WRITE;
 INSERT INTO `usertypes` VALUES (00000000001,'Administrator'),(00000000002,'User');
 /*!40000 ALTER TABLE `usertypes` ENABLE KEYS */;
 UNLOCK TABLES;
+
+--
+-- Dumping routines for database 'yaptc'
+--
 /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
 
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
@@ -109,4 +115,4 @@ UNLOCK TABLES;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
--- Dump completed on 2015-02-12 15:25:09
+-- Dump completed on 2015-02-18 19:57:14