include "../../bossflex/DB/Models/Company.php"; include "../../bossflex/DB/Models/Employee.php"; include "../../bossflex/DB/Models/UserRole.php"; include "../../bossflex/DB/Models/DisableCode.php"; $newUser = true; $User = null; $Company = Company::getCompanyByID($_SESSION['hradmin']['CID']); $Employee = null; $AdminCname = $Company->getCname(); if (isset($_GET['Email']) || isset($_GET['id'])) { /** @var User $User */ if (isset($_GET['Email'])) { $Email = urldecode($_GET['Email']); $User = User::getUserByEmail($Email); } else { $User = User::getUserByEmpInfo($_GET['id'], $_SESSION['hradmin']['CID']); } if (!$User) { echo "<h3>User does not exist</h3>"; } else { if ($User->getCID() != $_SESSION['hradmin']['CID'] && $_SESSION['hradmin']['CID'] != 1) { include_once "../../bossflex/Helpers/ErrorReport.php"; $curUser = $_SESSION['hradmin']['UID']; $error = "Attempt to access invalid data by UserID: " . $curUser; ErrorReport::send($_SERVER["SCRIPT_NAME"], $error, $_SERVER['REMOTE_ADDR'], true); //Act like an user doesn't exist in the system and turn into Add User page echo "<h3>User does not exist</h3>"; } else { /** @var Employee $Employee */ $Employee = Employee::getEmployeeByUID($User->getUID()); $_SESSION['EditUser'] = serialize($User);
header('Location:https://' . $_SESSION['redir'] . "?result=Error: Invalid Form Post. Please Try Again"); exit; } $User = new User(); $User->setEmail($_POST["Email"]); $User->setRoleID($_POST["RoleID"]); $User->setEID($_POST["EID"]); if ($_SESSION['hradmin']['CID'] == 1) { $User->setCID($_POST['CID']); } else { $User->setCID($_SESSION['hradmin']['CID']); } if (!$User->addUser($User)) { header('Location:https://' . $_SESSION['redir'] . "?result=Error: User with this information already exists"); exit; } $Employee = new Employee(); $Employee->setEID($_POST["EID"]); $Employee->setCID($_POST["CID"]); $Employee->setFname($_POST["Fname"]); $Employee->setLname($_POST["Lname"]); $Employee->setPhoneNum($_POST["PhoneNum"]); Employee::addEmployee($Employee); include_once "../../bossflex/DB/Models/Company.php"; /** @var Company $Company */ $Company = Company::getCompanyByID($User->getCID()); /** @var User $addedUser */ $addedUser = User::getUserByEmpInfo($_POST["EID"], $_POST["CID"]); include_once "../../bossflex/Helpers/Email.php"; Email::sendVerificationEmail($addedUser->getEmail(), $Employee->getFname(), $Company->getCname(), $addedUser->getUID(), $addedUser->getVarString()); header('Location:https://' . $_SESSION['redir'] . "?result=User created");
$flagForRemoval = $employee[5]; /** @var User $User */ $User = User::getUserByEmpInfo($EID, $CID); if ($User && $flagForRemoval == 1) { //Remove User::flagUser($User->getUID()); } elseif (!$User) { //Add $newUser = new User(); $newUser->setEID($EID); $newUser->setCID($CID); $newUser->setEmail($Email); //Assume that the added employees are normal staff, and can have privileges promoted later if needed $newUser->setRoleID(4); User::addUser($newUser); $User = User::getUserByEmpInfo($EID, $CID); $newEmployee = new BossFlexEmployee(); $newEmployee->setBFID($EID); $newEmployee->setFname($Fname); $newEmployee->setLname($Lname); $newEmployee->setPhoneNum($PhoneNum); BossFlexEmployee::addEmployee($newEmployee); } else { //Update $User->setEmail($Email); $User->saveToDB(); $employee = BossFlexEmployee::getEmployeeByBFID($User->getEID()); $employee->setFname($Fname); $employee->setLname($Lname); $employee->setPhoneNum($PhoneNum); $employee->saveToDB();
if (isset($_POST["Adr_City"]) && !$isBossFlex) { $Employee->setAdrCity($_POST["Adr_City"]); } if (isset($_POST["Adr_State"]) && !$isBossFlex) { $Employee->setAdrState($_POST["Adr_State"]); } if (isset($_POST["Adr_Zip"]) && !$isBossFlex) { $Employee->setAdrZip($_POST["Adr_Zip"]); } $Employee->saveToDB(); include "DB/Models/User.php"; /** @var User $User */ if ($isBossFlex) { $User = User::getUserByEmpInfo($Employee->getBFID(), 1); } else { $User = User::getUserByEmpInfo($Employee->getEID(), $Employee->getCID()); } $User->regenVarString(); //Reset VarString to invalidate old emailed link $User->setAccountEnabled(1); $User->setDisableCode(1); $User->saveToDB(); include_once "DB/Models/Auth.php"; Auth::setPassword($User, $_POST["Password"]); session_destroy(); ?> <html> <body> <h2>Success!</h2> <a href="Login.php"><h3>Please Login</h3></a>