function GetTeamInfo($tn)
{
$loc = "teamlib.php->GetTeamInfo";
$tn = intval($tn);
if ($tn < 1 || $tn > 9999) {
DieWithMsg($loc, "illegal tn value.");
}
$loc = "teamlib.php->GetTeamInfo";
$sql = "SELECT * from Teams WHERE TeamNumber=" . intval($tn);
$result = SqlQuery($loc, $sql);
if ($result == false) {
return false;
}
if ($result->num_rows <= 0) {
return false;
}
$row = $result->fetch_assoc();
return $row;
}
$error_msg = "";
$success_msg = "";
$userid = GetUserID();
$username = GetUserName();
$userIPT = GetUserIPT($userid);
$pagetitle = "Work Order";
$doform = true;
$wid = "";
$ap = array();
$assigned_workers = array();
$primarypic_url = "";
$primarypic_ref = "";
$override = false;
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (empty($_GET["wid"])) {
DieWithMsg($loc, "No WID given.");
}
$wid = $_GET["wid"];
if (isset($_GET["override"])) {
$override = $_GET["override"];
}
$wo = GetWO($wid, $override);
if (!$wo) {
$doform = false;
$error_msg = "This Work Order doesn't seem to exist.";
goto GenerateHtml;
}
$pagetabtitle = "Epic " . $wo["WIDStr"];
$pagetitle = "Work Order";
$ap = GetAppendedData($wid);
$assigned_workers = GetAssignedWorkers($wid);
function SaveSheetImg($folder, $img, $fname)
{
$loc = 'badgelib.php->SaveSheetImg';
global $config;
$pt = $config["UploadDir"] . $folder . '/';
if (!file_exists($pt)) {
$result = @mkdir($pt, 0764);
if ($result === false) {
DieWithMsg($loc, "Unable to Create Folder: " . $pt);
}
}
$pt .= $fname;
$result = imagejpeg($img, $pt, 100);
if ($result === false) {
$msg = 'imagejpeg() failed for ' . $pt;
log_error($loc, $msg);
}
}
function CheckPicDirs()
{
global $config;
$loc = "piclib.php->CheckPicDirs";
$pt = $config["UploadDir"];
if (!file_exists($pt)) {
$result = @mkdir($pt, 0764);
if ($result === false) {
DieWithMsg($loc, "Unable to Create Folder: " . $pt);
}
}
$pt = $config["UploadDir"] . 'pics/';
if (!file_exists($pt)) {
$result = @mkdir($pt, 0764);
if ($result === false) {
DieWithMsg($loc, "Unable to Create Folder: " . $pt);
}
}
$folders = PicFolderList();
foreach ($folders as $f) {
$p = $config["UploadDir"] . 'pics/' . $f;
if (!file_exists($p)) {
$result = mkdir($p, 0764);
if ($result == false) {
DieWithMsg($loc, "Unable to Create Folder: " . $p);
}
}
}
}
function AddPictureToUser($username, $source)
{
$loc = "members_bulkpics.php->AddPIctureToUser";
$userid = GetUserIDFromName($username);
$userinfo = GetUserInfo($userid);
if ($userinfo === false) {
DieWithMsg($loc, 'User with ID=' . $userid . ' not found, but should be there.');
}
// Copy the file into our website.
$target = GetTempDir() . "temppic.jpg";
$result = @copy($source, $target);
if ($result == false) {
log_msg($loc, array('Picture not added. Unable to copy file.', 'External File=' . $source, 'Internal Target=' . $target));
return false;
}
$id = StoreUserPic($target, $userid);
return true;
}
$timer = new timer();
$error_msg = "";
$success_msg = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
$action = "";
if (isset($_GET["action"])) {
$action = $_GET["action"];
}
if ($action == 'makeall') {
$success_msg = MakeAllBadges();
}
if ($action == 'makegif') {
$success_msg = MakeGifImages();
}
} else {
DieWithMsg($loc, "Page should not be invoked by POST.");
}
include "forms/header.php";
include "forms/navform.php";
include "forms/badges_menubar.php";
echo '<div class="content_area">' . "\n";
echo '<h2 class="page_title">All Badges</h2>';
if (!empty($success_msg)) {
echo '<div class="inputform_msg" id="inputform_success_msg" >' . $success_msg . "</div>";
}
if (!empty($error_msg)) {
echo '<div class="inputform_msg" id="inputform_error_msg" >' . $error_msg . "</div>";
}
$sql = 'SELECT * FROM UserView ORDER BY BadgeID';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
function GenerateSqlInsert($data, $fields)
{
$loc = "database.php->GenerateSqlInsert";
// First make an array that is an intersection of the two inputs.
$final = array();
foreach ($fields as $f) {
$fn = $f[0];
// Field name
$ft = $f[1];
// Field type
if (!isset($data[$fn])) {
continue;
}
if (is_null($data[$fn])) {
continue;
}
$v = $data[$fn];
$final[] = array("FieldName" => $fn, "FieldType" => $ft, "Value" => $v);
}
if (count($final) <= 0) {
return false;
}
// First, list the columns...
$sql = ' (';
$c = 0;
foreach ($final as $f) {
if ($c != 0) {
$sql .= ', ';
}
$sql .= $f["FieldName"];
$c++;
}
$sql .= ') VALUES (';
$c = 0;
foreach ($final as $f) {
if ($c != 0) {
$sql .= ', ';
}
if ($f["FieldType"] == 'int') {
$sql .= intval($f["Value"]);
} else {
if ($f["FieldType"] == 'str') {
$sql .= '"' . SqlClean($f["Value"]) . '"';
} else {
if ($f["FieldType"] == 'bool') {
$sql .= TFstr($f["Value"]);
} else {
DieWithMsg($loc, "Bad Sql type: " . $f["FieldType"] . " for field " . $f["FieldName"] . '.');
}
}
}
$c++;
}
$sql .= ') ';
return $sql;
}
//
// Created: 11/14/15 NG
//--------------------------
require_once "libs/all.php";
session_start();
log_page();
CheckLogin();
CheckEditor();
$loc = 'workorders_showworkorder.php';
$timer = new Timer();
$action = "";
$error_msg = "";
$success_msg = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (empty($_GET["IPTGroup"])) {
DieWithMsg($loc, "Bad Page Invoke. No IPTGroup given.");
}
$ReceivingIPTGroup = $_GET["IPTGroup"];
}
include "forms/header.php";
include "forms/navform.php";
include "forms/workorders_menubar.php";
echo '<div class="content_area">';
echo '<h2>List of Known Work Order IDs</h2>';
echo '<br>';
echo '<h2>Completed Work Orders</h2>';
$sql = 'SELECT * FROM WorkOrders WHERE ReceivingIPTGroup= "' . $ReceivingIPTGroup . '" AND Completed = 1 ORDER BY DateNeeded';
//$sql = 'SELECT * FROM WorkOrders';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
// output data of each row
goto SetupForm;
}
$workername = $_POST["Workers"];
$workerid = FindUser("FullName", $workername);
$workerinfo = GetUserInfo($workerid);
if (!$workerinfo) {
$error_msg = "Worker not in database! Cannot remove.";
log_error($loc, array($error_msg, "Worker Name: " . $_POST["Workers"]));
goto SetupForm;
}
RemoveAssignment($wid, $workerid);
$msg = 'Deleted Assignment: "' . $workername . '" unassigned by ' . $username;
AttachSystemNote($wid, $msg);
goto SetupForm;
}
DieWithMsg($loc, "Incorrect Post.");
}
SetupForm:
$pagetabtitle = "Epic " . $wo["WIDStr"];
$all_workers = GetAllWorkers();
$cur_workers = GetAssignedWorkers($wid);
$possible_workers = RemoveWorkers($all_workers, $cur_workers);
$possible_workers = SortForIPTTeam($possible_workers, $wo["Receiver"]);
$workers = array();
foreach ($possible_workers as $w) {
$workers[] = $w["FirstName"] . ' ' . $w["LastName"];
}
$currentworkers = array();
foreach ($cur_workers as $w) {
$currentworkers[] = $w["FirstName"] . ' ' . $w["LastName"];
}
log_msg($loc, $success_msg);
$doform = false;
goto GenerateHtml;
}
if (!empty($_POST["UnArchive"])) {
$widunarchivestr = $_POST["WIDUnArchive"];
$wo = fixupwid($widunarchivestr);
if ($wo === false) {
goto GenerateHtml;
}
$success_msg = changeactive($wo["WID"], 1);
log_msg($loc, $success_msg);
$doform = false;
goto GenerateHtml;
}
DieWithMsg($loc, "Unknown post back.");
}
GenerateHtml:
$stylesheet = array("../css/global.css", "../css/nav.css", "../css/utils_archive.css");
include "forms/header.php";
include "forms/nav_form.php";
include "forms/utils_menubar.php";
include "forms/utils_archive_form.php";
include "forms/footer.php";
// --------------------------------------------------------------------
function changeactive($wid, $active)
{
global $username;
$loc = rmabs(__FILE__ . ".changeactive");
$sql = 'UPDATE WorkOrders SET Active=' . intval($active) . ' WHERE WID=' . intval($wid);
$result = SqlQuery($loc, $sql);
$timer = new timer();
$error_msg = "";
$success_msg = "";
$userid = GetUserID();
$username = GetUserName();
$userIPT = GetUserIPT($userid);
$pagetitle = "Work Order";
$wid = 0;
$picid = 0;
$picurl = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (empty($_GET["wid"])) {
DieWithMsg($loc, "No WID given.");
}
if (empty($_GET["picid"])) {
DieWithMsg($loc, "No picid given.");
}
$wid = intval($_GET["wid"]);
$wo = GetWO($wid);
$picid = intval($_GET["picid"]);
$pagetabtitle = "Epic " . $wo["WIDStr"];
$pagetitle = "Picture for Work Order";
$piccaption = GetPicCaption($wid, $picid);
if ($picid > 0) {
$picfile = PicPathName($picid, "orig");
if (file_exists($picfile)) {
$picurl = PicUrl($picid, "orig");
}
}
if (empty($picurl)) {
$error_msg = "Unable to find Pic... Sorry.";
$IsAuthor = false;
}
// Don't allow authors to changed approved WOs.
if (!IsAdmin() && !IsCaptain() && !IsEditor() && !IsIPTLead() && !$IsAuthor) {
$success_msg = "You do not seem to have privilege to edit this work order.";
$doform = false;
goto GenerateHtml;
}
PopulateParamList($param_list, $wo);
$pagetabtitle = "Epic " . $wo["WIDStr"];
$doform = true;
goto GenerateHtml;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["WID"])) {
DieWithMsg($loc, "No WID in POST.");
}
$wid = intval($_POST["WID"]);
$wo = GetWO($wid);
PopulateParamList($param_list, $_POST);
// Check for required inputs:
$sEmpty = array();
if (empty($_POST["Title"])) {
$sEmpty[] = "Title";
}
if (empty($_POST["Priority"])) {
$sEmpty[] = "Priority";
}
if (empty($_POST["Project"])) {
$sEmpty[] = "Project";
}
CheckEditor();
$loc = 'badges_print.php';
$ins_file = "docs/printing_onebadge.txt";
if (file_exists($ins_file)) {
$instructions = file_get_contents($ins_file);
}
if ($_SERVER["REQUEST_METHOD"] != "GET") {
DieWithMsg($loc, 'Bad Page Invoke. Only GET request allowed.');
}
if (empty($_GET["BadgeID"])) {
DieWithMsg($loc, "Bad Page Invoke. No BadgeID given.");
}
$badgeid = $_GET["BadgeID"];
$havebadge = BadgeExists($badgeid);
if (!$havebadge) {
DieWithMsg($loc, "Badge does not exist.");
}
$badge_front_url = GetBadgeUrl($badgeid, 'front');
$badge_back_url = GetBadgeUrl($badgeid, 'back');
$urls = MakePrintImageForOneBadge($badgeid);
include "forms/header.php";
include "forms/navform.php";
include "forms/badges_menubar.php";
echo '<div class="content_area">' . "\n";
echo '<h2 class="page_title">JPG Image for Printing Badge</h2>';
echo '<img class="badges_showbadge_badge" src="' . $badge_front_url . '" style="width: 100px; heigth: auto; margin-left: 10px;">';
echo '<img class="badges_showbadge_badge" src="' . $badge_back_url . '" style="width: 100px; height: auto; margin-left: 10px;">';
echo '<div style="float: left; width: 300px; ">';
echo '<div style="font-size: 16pt; margin-left: 100px; margin-top: 20px;">';
echo '<a href="' . $urls[0] . '" download>Download Front</a>';
echo '</div>';
$AssignedIPTLeadApproval = $data["AssignedIPTLeadApproval"];
$Project = $data["Project"];
$Priority = $data["Priority"];
$RequestingIPTGroup = $data["RequestingIPTGroup"];
$ReceivingIPTGroup = $data["ReceivingIPTGroup"];
$ProjectOfficeApproval = $data["ProjectOfficeApproval"];
$ReviewedBy = $data["ReviewedBy"];
$AssignedTo = $data["AssignedTo"];
$Completed = $data["Completed"];
$CompletedOn = $data["CompletedOn"];
$data = GetWorkOrderTasksInfo($WorkOrderID);
if ($data === false) {
DieWithMsg($loc, 'Work Order Task with ID=' . $WorkOrderID . ' not found.');
}
$TaskID = $data["TaskID"];
$Quantity = $data["Quantity"];
$Description = $data["Description"];
$UnitPrice = $data["UnitPrice"];
$data = GetWorkOrderPrereqInfo($WorkOrderID);
if ($data === false) {
DieWithMsg($loc, 'Work Order Prerequisite for ID=' . $WorkOrderID . ' not found.');
}
$PrereqID = $data["PrereqID"];
$PrevWorkOrderID = $data["PrevWorkOrderID"];
}
GenerateHtml:
include "forms/header.php";
include "forms/nav_form.php";
include "forms/wo_menubar.php";
include "forms/wo_showworkorder_form.php";
include "forms/footer.php";
log_page();
CheckLogin();
CheckEditor();
$loc = 'workorder_showworkorder.php';
$timer = new Timer();
$action = "";
$error_msg = "";
$success_msg = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (empty($_GET["WorkOrderID"])) {
DieWithMsg($loc, "Bad Page Invoke. No WorkOrderID given.");
}
$WorkOrderID = $_GET["WorkOrderID"];
$data = GetWorkOrderInfo($WorkOrderID);
if ($data === false) {
DieWithMsg($loc, 'Work Order with ID=' . $WorkOrderID . ' not found.');
}
$WorkOrderID = $data["WorkOrderID"];
$WorkOrderName = $data["WorkOrderName"];
$Description = $data["Description"];
$DateRequested = $data["DateRequested"];
$DateNeeded = $data["DateNeeded"];
$DayEstimate = $data["DayEstimate"];
$Revision = $data["Revision"];
$Requestor = $data["Requestor"];
$RequestingIPTLeadApproval = $data["RequestingIPTLeadApproval"];
$AssignedIPTLeadApproval = $data["AssignedIPTLeadApproval"];
$Project = $data["Project"];
$Priority = $data["Priority"];
$RequestingIPTGroup = $data["RequestingIPTGroup"];
$ReceivingIPTGroup = $data["ReceivingIPTGroup"];
// Find the user we are dealing with...
if (!isset($_POST["UserID"])) {
DieWithMsg($loc, "Bad Post, no UserID.");
}
$userid = $_POST["UserID"];
$data = GetUserInfo($userid);
if ($data === false) {
DieWithMsg($loc, 'User with ID=' . $userid . ' not found.');
}
$username = $data['UserName'];
PopulateParamList($param_list, $_POST);
if (GetValueFromParamList($param_list, "UserName") != $username) {
DieWithMsg($loc, "Logic error... UserName mismatch.");
}
if (GetValueFromParamList($param_list, "UserID") != $userid) {
DieWithMsg($loc, "Logic error... UserID mismatch.");
}
// Check for illegal input...
if (!IsSqlTextOkay($_POST)) {
$error_msg = "Illegal characters in input... Do not use quotes and control chars.";
goto GenerateHtml;
}
$update = false;
if (!empty($_POST["Password"]) || !empty($_POST["Password2"])) {
if ($_POST["Password"] != $_POST["Password2"]) {
$error_msg = "Error: new passwords do not match.";
goto GenerateHtml;
}
$update = true;
}
// Check for changes.
$sql .= 'Closed=0 AND (Approved=0 AND ApprovedByCap=0)';
$searchtitle = "All Opened and UnApproved Work Orders";
} else {
if ($searchtype == "urgent") {
$sql .= 'Closed=0 AND Finished=0 AND Priority="Urgent"';
$searchtitle = "All Opened, Unfinished and Urgent Work Orders";
} else {
if ($searchtype == "finished") {
$sql .= 'Closed=0 AND Finished=1';
$searchtitle = "All Opened and Finished Work Orders";
} else {
if ($searchtype == "closed") {
$sql .= 'Closed=1';
$searchtitle = "All Closed Work Orders";
} else {
DieWithMsg($loc, "Unknown searchtype given.");
}
}
}
}
}
}
$tableheader = array("WO", "Title", "Pri", "Need BY", "Asgnd", "Aprv", "Fin", "Clsd");
$sql .= ' Limit ' . $nlimit;
$result = SqlQuery($loc, $sql);
$tabledata = array();
$ncount = 0;
while ($row = $result->fetch_assoc()) {
$isapproved = $row["Approved"] || $row["ApprovedByCap"];
$wid = $row["WID"];
$widstr = WIDStr($wid, $row["Revision"], $isapproved);
function DieWithBadSql($loc, $sql)
{
DieWithMsg($loc, array("SQL Querry Failure!", "SQL=" . $sql));
}
function SavePref($PrefName, $PrefValue)
{
if (!IsLoggedIn()) {
DieWithMsg("userlib.php->SavePref", "Call to SavePref while not logged in.");
}
if (!isset($_SESSION["Prefs"])) {
DieWithMsg("userlib.php->SavePref", '$_SESSION["Prefs"] Not set!');
}
$_SESSION["Prefs"][$PrefName] = $PrefValue;
SavePrefsForUser(GetUserID(), $_SESSION["Prefs"]);
}
$userid = 0;
$data = null;
$name = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (empty($_GET["UserID"])) {
DieWithMsg($loc, "Bad Page Invoke. No UserID given.");
}
$userid = $_GET["UserID"];
$data = GetUserInfo($userid);
if ($data === false) {
DieWithMsg($loc, 'User with ID=' . $userid . ' not found.');
}
$name = $data['FirstName'] . ' ' . $data["LastName"];
goto GenerateHtml;
} else {
DieWithMsg($loc, "Bad Page Invoke. Must be by GET.");
}
GenerateHtml:
include "forms/header.php";
include "forms/navform.php";
include "forms/attendance_menubar.php";
echo '<div class="content_area">';
echo '<h2>Detailed Attendance Report for ' . $name . '</h2>';
if (empty($data["BadgeID"])) {
echo '<p>' . $name . ' does not have a badge. Nothing to report. <\\p>';
} else {
GenerateUserReport($data);
}
include "forms/footer.php";
// --------------------------------------------------------------------
// Generate report for a user.
function AppendWorkOrderData($wid, $userid, $textinfo, $picid, $primary)
{
$loc = rmabs(__FILE__ . ".AppendWorkOrderData");
DenyGuest();
// Don't allow Guests to do this...
if (intval($wid) <= 0) {
DieWithMsg($loc, 'Invalid WID. (' . $wid . ')');
}
$date = date("Y-m-d");
// Override primary if no pic to go with it.
if ($picid <= 0) {
$primary = false;
}
// If this record is primary, remove primary flag on others.
if ($primary && $picid > 0) {
$sql = 'UPDATE AppendedData SET PrimaryFile=0 WHERE WID=' . intval($wid);
SqlQuery($loc, $sql);
}
$sql = 'SELECT WID FROM AppendedData WHERE WID=' . intval($wid);
$result = SqlQuery($loc, $sql);
$seq = $result->num_rows + 1;
$sql = 'INSERT INTO AppendedData (WID, UserID, TextInfo, ';
$sql .= 'DateCreated, Sequence, PicID, PrimaryFile, Removed) ';
$sql .= 'VALUES (';
$sql .= ' ' . intval($wid);
$sql .= ', ' . intval($userid);
$sql .= ', ? ';
$sql .= ', "' . $date . '"';
$sql .= ', ' . intval($seq);
$sql .= ', ' . intval($picid);
$sql .= ', ' . TFstr($primary);
$sql .= ', 0';
$sql .= ')';
$args = array($textinfo);
$stmt = SqlPrepareAndExectue($loc, $sql, $args);
$stmt->close();
}
}
$wid = $_GET["wid"];
$wo = GetWO($wid);
if (!$wo) {
$doform = false;
$error_msg = "This Work Order doesn't seem to exist.";
goto GenerateHtml;
}
$pagetabtitle = "Epic " . $wo["WIDStr"];
SetValueInParamList($param_list, "WID", $wid);
$doform = true;
goto GenerateHtml;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["WID"])) {
DieWithMsg($loc, "No WID in post.");
}
PopulateParamList($param_list, $_POST);
$wid = $_POST["WID"];
$wo = GetWO($wid);
$pagetabtitle = "Epic " . $wo["WIDStr"];
SetValueInParamList($param_list, "WID", $wid);
$doform = true;
if (empty($_POST["TextInfo"])) {
$error_msg = "Please enter texutal info, even with a picture.";
goto GenerateHtml;
}
$textinfo = $_POST["TextInfo"];
$primary = $_POST["MainPic"];
$picid = 0;
if (isset($_FILES["PicFile"])) {
<?php
// --------------------------------------------------------------
// index.php -- Default entry page into Epic Admin website.
//
// Created: 12/29/14 DLB
// --------------------------------------------------------------------
require_once "libs/all.php";
session_start();
log_page();
if (IsLoggedIn()) {
JumpToPage("welcome.php");
} else {
JumpToPage("login.php");
}
DieWithMsg("index.php", "Unreachable code reached!");
$dd[] = "--";
}
}
$tabledata[] = $dd;
$ncount++;
}
if ($ncount >= $nlimit) {
$limittext = "Note: Output limited to " . $nlimit . " records.";
}
goto GenerateHtml;
}
$pagetitle = "In Box";
$pagetext = "<p>Here, you can manange the work that has been assigned to your team.</p>";
$pagetext .= "<p>Use the links above to get started.";
goto GenerateHtml;
$data = GetUserInfo($userid);
if ($data === false) {
DieWithMsg($loc, 'User with ID=' . $userid . ' not found.');
}
PopulateParamList($param_list, $data);
goto GenerateHtml;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
}
GenerateHtml:
$stylesheet = array("../css/global.css", "../css/nav.css", "../css/inbox.css", "../css/statuskey.css");
include "forms/header.php";
include "forms/nav_form.php";
include "forms/inbox_menubar.php";
include "forms/inbox_form.php";
include "forms/footer.php";
$instructions = file_get_contents($ins_file);
}
if ($_SERVER["REQUEST_METHOD"] != "GET") {
DieWithMsg($loc, 'Bad Page Invoke. Only GET request allowed.');
}
if (empty($_GET["BadgeID"])) {
DieWithMsg($loc, "Bad Page Invoke. No BadgeID given.");
}
$badgeid = $_GET["BadgeID"];
$havebadge = BadgeExists($badgeid);
if (!$havebadge) {
DieWithMsg($loc, "Badge does not exist.");
}
$userinfo = GetUserInfoFromBadgeID($badgeid);
if ($userinfo === false) {
DieWithMsg($loc, "No user associated with BadgeID = " . $badgeid);
}
$picid = $userinfo["PicID"];
$firstname = $userinfo["FirstName"];
$lastname = $userinfo["LastName"];
$title = $userinfo["Title"];
$url = CreateLabelFile($badgeid, $picid, $firstname, $lastname, $title);
include "forms/header.php";
include "forms/navform.php";
include "forms/badges_menubar.php";
echo '<div class="content_area">' . "\n";
echo '<h2 class="page_title">JPG Image for Printing Sticker</h2>';
echo '<img class="badges_showbadge_badge" src="' . $url . '" style="width: 100px; heigth: auto; margin-left: 10px;">';
echo '<div style="float: left; width: 300px; ">';
echo '<div style="font-size: 16pt; margin-left: 100px; margin-top: 20px;">';
echo '<a href="' . $url . '" download>Download</a>';
session_start();
log_page();
CheckLogin();
CheckAdmin();
$timer = new timer();
$loc = 'reader_uploadcorrections.php';
$ins_file = "docs/corrections.txt";
$error_msg = "";
$success_msg = "";
$instructions = "";
if (file_exists($ins_file)) {
$instructions = file_get_contents($ins_file);
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!isset($_FILES["CorrectionFiles"])) {
DieWithMsg($loc, '$_FILES not set.');
}
$files = $_FILES["CorrectionFiles"];
$filenames = $files["name"];
$filetypes = $files["type"];
$tempnames = $files["tmp_name"];
$fileerrors = $files["error"];
$filesizes = $files["size"];
$nfiles = count($tempnames);
if ($nfiles <= 0) {
$error_msg = "No input file(s) given.";
goto GenerateHTML;
}
DeleteAllCorrections();
$nbadfiles = 0;
$nlines = 0;
function CreateNewUser($params)
{
global $config;
$loc = "userlib.php->CreateNewUser";
// Check inputs
if (!isset($params["LastName"]) || !isset($params["FirstName"]) || !isset($params["UserName"]) || !isset($params["Password"])) {
DieWithMsg($loc, "Required input keys not found.");
}
if (empty($params["LastName"])) {
return "Last name cannot be empty.";
}
if (empty($params["FirstName"])) {
return "First name cannot be empty.";
}
if (empty($params["UserName"])) {
return "Username cannot be empty.";
}
if (empty($params["Password"])) {
return "Password cannot be empty.";
}
$username = SqlClean($params["UserName"]);
$lastname = SqlClean($params["LastName"]);
$firstname = SqlClean($params["FirstName"]);
$nickname = "";
$title = "";
$badgeid = "";
$email = "";
$tags = "";
$active = false;
if (isset($params["NickName"])) {
$nickname = SQLClean($params["NickName"]);
}
if (isset($params["Title"])) {
$title = SQLClean($params["Title"]);
}
if (isset($params["BadgeID"])) {
$badgeid = SQLClean($params["BadgeID"]);
}
if (isset($params["Email"])) {
$email = SQLClean($params["Email"]);
}
if (isset($params["Tags"])) {
$tags = SQLClean($params["Tags"]);
}
if (isset($params["Active"])) {
$active = $params["Active"];
}
// Check for duplicate username.
$sql = 'SELECT UserID FROM Users WHERE UserName="******"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$msg = 'Unable to add new user. Duplicate username. (' . $username . ')';
log_msg($loc, $msg);
return $msg;
}
// Check for duplicate first/last name
$sql = 'SELECT UserID FROM Users WHERE LastName="' . $lastname . '" AND FirstName="' . $firstname . '"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$msg = 'Unable to add new user. Duplicate first/last name. (' . $lastname . ', ' . $firstname . ')';
log_msg($loc, $msg);
return $msg;
}
// Check for invalid BadgeID.
if (!VerifyBadgeFormat($badgeid)) {
$msg = 'Bad Badge Format. Must be in form of "A000".';
log_msg($loc, $msg);
return $msg;
}
if (!blank($badgeid)) {
// Check for duplicate BadgeID
$sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$msg = 'Unable to add new user. Duplicate BadgeID. (' . $badgeid . ').';
log_msg($loc, $msg);
return $msg;
}
}
// Build the sql to add user.
$pwhash = crypt($params["Password"], $config["Salt"]);
$sql = 'INSERT INTO Users (UserName, PasswordHash, LastName, FirstName, NickName, ' . 'Title, BadgeID, Email, Tags, Active) ';
$sql .= ' VALUES(';
$sql .= ' "' . $username . '"';
$sql .= ', "' . $pwhash . '"';
$sql .= ', "' . $lastname . '"';
$sql .= ', "' . $firstname . '"';
$sql .= ', "' . $nickname . '"';
$sql .= ', "' . $title . '"';
$sql .= ', "' . $badgeid . '"';
$sql .= ', "' . $email . '"';
$sql .= ', "' . $tags . '"';
$sql .= ', ' . TFstr($active);
$sql .= ')';
$result = SqlQuery($loc, $sql);
log_msg($loc, array("New User added! Username="******"Full name= " . $lastname . ', ' . $firstname, "tags=" . $tags . ", Active=" . TFstr($active)));
return true;
}
function GetTempDir()
{
global $config;
$pt = $config["UploadDir"] . 'tmp/';
if (!file_exists($pt)) {
$result = @mkdir($pt, 0764);
if ($result === false) {
DieWithMsg($loc, "Unable to create folder: " . $pt);
}
}
return $pt;
}
$nc++;
}
if (isset($_POST["Unapprove"])) {
ChangeWOStatus($wid, $name, "Approved", false);
$nc++;
}
if (isset($_POST["Captain_Unapprove"])) {
ChangeWOStatus($wid, $name, "ApprovedByCap", false);
$nc++;
}
if (isset($_POST["Reopen"])) {
ChangeWOStatus($wid, $name, "Closed", false);
$nc++;
}
if ($nc == 1) {
$wo = GetWO($wid);
$pagetabtitle = "Epic " . $wo["WIDStr"];
$success_msg = "Status Changed!";
$doform = false;
goto GenerateHtml;
}
DieWithMsg($loc, "Invalid number of status bits changed. nc=" . $nc);
goto GenerateHtml;
}
GenerateHtml:
$stylesheet = array("../css/global.css", "../css/nav.css", "../css/wo_head.css", "../css/wo_change_status.css");
include "forms/header.php";
include "forms/nav_form.php";
include "forms/wo_display_menubar.php";
include "forms/wo_change_status_form.php";
include "forms/footer.php";