/**
* @param $DependentID
* @return Dependent
*/
public static function getDependent($DependentID)
{
try {
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php";
$sql = "SELECT * FROM Dependents WHERE DependentID = ?";
$stmt = Conn::get()->prepare($sql);
$stmt->execute(array($DependentID));
return $stmt->fetchObject(__CLASS__);
} catch (Exception $e) {
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php";
ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true);
return false;
}
}
public function getNumUsers()
{
try {
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php";
$sql = "SELECT count(UID) AS numUsers FROM User WHERE CID = :CID";
$stmt = Conn::get()->prepare($sql);
$stmt->bindParam(":CID", $this->CID, PDO::PARAM_INT);
$stmt->execute();
return $stmt->fetch()["numUsers"];
} catch (Exception $e) {
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php";
ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true);
return -1;
}
}
public static function getEmployeeList()
{
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php";
$sql = "SELECT BFID, Fname, Lname, PhoneNum, LastModified\n FROM BossFlexEmployee ORDER BY LastModified";
try {
$stmt = Conn::get()->query($sql);
$employees = array();
while ($employee = $stmt->fetchObject(__CLASS__)) {
$employees[] = $employee;
}
return $employees;
} catch (Exception $e) {
ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true);
return false;
}
}
/**
* @param $User User
* @param $Password
* @return bool
*/
public static function changePassword($User, $Password)
{
try {
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Models/User.php";
$sql = "UPDATE Auth SET Password = :Pass WHERE UID = :UID";
$cost = 10;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
$Password = crypt($Password, $salt);
$stmt = Conn::get()->prepare($sql);
$stmt->bindParam(":UID", $User->getUID());
$stmt->bindParam(":Pass", $Password);
$stmt->execute();
return true;
} catch (Exception $e) {
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php";
ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true);
return false;
}
}
if (isset($_GET['Email']) || isset($_GET['id'])) {
/** @var User $User */
if (isset($_GET['Email'])) {
$Email = urldecode($_GET['Email']);
$User = User::getUserByEmail($Email);
} else {
$User = User::getUserByEmpInfo($_GET['id'], $_SESSION['hradmin']['CID']);
}
if (!$User) {
echo "<h3>User does not exist</h3>";
} else {
if ($User->getCID() != $_SESSION['hradmin']['CID'] && $_SESSION['hradmin']['CID'] != 1) {
include_once "../../bossflex/Helpers/ErrorReport.php";
$curUser = $_SESSION['hradmin']['UID'];
$error = "Attempt to access invalid data by UserID: " . $curUser;
ErrorReport::send($_SERVER["SCRIPT_NAME"], $error, $_SERVER['REMOTE_ADDR'], true);
//Act like an user doesn't exist in the system and turn into Add User page
echo "<h3>User does not exist</h3>";
} else {
/** @var Employee $Employee */
$Employee = Employee::getEmployeeByUID($User->getUID());
$_SESSION['EditUser'] = serialize($User);
$_SESSION['EditEmployee'] = serialize($Employee);
$newUser = false;
}
}
}
// If no user is specified, reuse as Add User Form
if ($newUser) {
$User = new User();
$Employee = new Employee();
<?php
session_start();
include "../../bossflex/Helpers/Reject.php";
Reject::permission($_SESSION['admin']);
if ($_SESSION['admin']['CID'] != 1) {
exit;
}
include "../../bossflex/Helpers/ErrorReport.php";
$Errors = ErrorReport::getReport();
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.10/css/jquery.dataTables.min.css">
<script type="text/javascript" language="javascript" src="//code.jquery.com/jquery-1.12.0.min.js">
</script>
<script type="text/javascript" language="javascript" src="https://cdn.datatables.net/1.10.10/js/jquery.dataTables.min.js">
</script>
<script type="text/javascript" class="init">
$(document).ready(function() {
$('#table').DataTable( {
order: [[ 0, "desc" ]]
} );
} );
</script>
public static function unFlagUser($UID)
{
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php";
$notFlagged = 0;
try {
$delete = "DELETE From FlaggedUsers WHERE UID= :UID";
$stmt = Conn::get()->prepare($delete);
$stmt->bindParam(":UID", $UID, PDO::PARAM_INT);
$stmt->execute();
$sql = "UPDATE User SET Flagged = :zero WHERE UID= :UID";
$stmt = Conn::get()->prepare($sql);
$stmt->bindParam(":UID", $UID, PDO::PARAM_INT);
$stmt->bindParam(":zero", $notFlagged, PDO::PARAM_INT);
$stmt->execute();
return true;
} catch (Exception $e) {
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php";
ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true);
return false;
}
}
public static function getEmployeeListForCompany($CID)
{
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php";
$sql = "SELECT EID, CID, Fname, Lname, PhoneNum, AccountNum, Adr_Street, Adr_City, Adr_State, Adr_Zip, LastModified\n FROM Employee \n WHERE CID = ? \n ORDER BY LastModified";
try {
$stmt = Conn::get()->prepare($sql);
$stmt->execute(array($CID));
return $stmt->fetchAll(PDO::FETCH_CLASS, __CLASS__);
} catch (Exception $e) {
include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php";
ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true);
return false;
}
}
