function alert_PostPayrollValidation($config) { if ($config->adminLvl == 50) { $dismiss = isset($_POST['dismissPostValidBtn']) ? true : false; $dismiss = isset($_GET['postPayrollValid']) ? true : $dismiss; //No dismissal session variable for real time alerting $dismissTime = isset($_SESSION['dismissPayrollValid']) ? $_SESSION['dismissPayrollValid'] : false; if (!$dismiss) { $current_timestamp = strtotime(date('Y-m-d H:i')); $compare_timestamp = strtotime("-30 minute", $current_timestamp); if (strtotime($dismissTime) >= $compare_timestamp) { //popUpMessage('Will not display message '.strtotime($dismissTime). ' vs '.$compare_timestamp); } else { $mysqli = $config->mysqli; //Get approved time request submitted to HR if date of use is prior to last pay period and //current date is after end of payperiod //determine last day of last approved pay period $today = date('Y-m-d'); $myq = "SELECT COUNT(REFER), MAX(USEDATE) 'endDate', MIN(USEDATE) 'startDate'\r\n FROM REQUEST\r\n WHERE (STATUS='APPROVED' OR STATUS='DENIED')\r\n AND HRAPP_IS = '0'\r\n AND USEDATE <= (SELECT PPEND FROM PAYPERIOD WHERE PPEND = (SELECT PPBEG-1 FROM PAYPERIOD WHERE '" . $today . "' BETWEEN PPBEG AND PPEND))"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result, $myq); if ($result->num_rows > 0) { $_SESSION['dismissPayrollValid'] = date('Y-m-d H:i'); $row = $result->fetch_assoc(); popUpMessage('<div align="center"><form name="verifyAlert" method="POST" action="?hrEmpRep=true&cust=true&postPayrollValid=true"> New Time Request after validation! <input type="submit" name="dismissPostValidBtn" value="Go to Alert" /> <input type="hidden" name="start" value="' . $row['startDate'] . '" /> <input type="hidden" name="end" value="' . $row['endDate'] . '" /> </form></div>', 'ALERT'); } } } else { $_SESSION['dismissPayrollValid'] = date('Y-m-d H:i'); } } }
function getEmpByName($lName) { $listOfResults = array(array()); $myq = "SELECT IDNUM FROM EMPLOYEE WHERE LNAME='" . $lName . "';"; $result = $this->mysqli->query($myq); if (!SQLerrorCatch($this->mysqli, $result)) { //$error = "Successfully Disabled Employee"; $x = 0; while ($row = $result->fetch_assoc()) { $listOfResults[$x] = wts_employee::getEmpByID($row['IDNUM']); $x++; } } else { $error = "Failed to Find Employee with Last Name of " . $lName; } return $listOfResults; }
function viewClandar($config, $month, $year) { $day = date('j'); $short = date('y'); if ($month > 12) { $month = $month - 12; $year = $year + 1; } if ($month < 1) { $month = $month + 12; $year = $year - 1; } $next_month = $month + 1; $prev_month = $month - 1; $days_in_month = cal_days_in_month(CAL_GREGORIAN, $month, $year); //Here we generate the first day of the month $first_day = mktime(0, 0, 0, $month, 1, $year); $dtFirstDay = date('F', mktime(0, 0, 0, $month - 1, 1, $year)); $dtLastDay = date('F', mktime(0, 0, 0, $month + 1, 1, $year)); //This gets us the month name $title = date('F', $first_day); //Here we find out what day of the week the first day of the month falls on $day_of_first_day = date('w', mktime(0, 0, 0, $month, 1, $year)); $myDivID = ""; if (isset($_POST['divisionID'])) { $myDivID = $_POST['divisionID']; } // Navigation for the monthly calender view $Prenavigation = "<input type=\"submit\" name=\"prevMonth\" value=\"<< " . $dtFirstDay . "\" />"; $Nextnavigation = "<input type=\"submit\" name=\"nextMonth\" value=\"" . $dtLastDay . " >>\" />"; $mysqli = $config->mysqli; //Here we start building the table heads echo "</div><div class=\"cal\"><table width=720>"; echo "<tr><th colspan=7> "; echo "<br/><h3>Approved Requests<br/></h3><br/>"; echo '<form name="divisionForm" method="POST">'; echo "<input type=\"hidden\" name=\"prevMon\" value=\"{$prev_month}\">\r\n <input type=\"hidden\" name=\"curMon\" value=\"{$month}\">\r\n <input type=\"hidden\" name=\"nextMon\" value=\"{$next_month}\">\r\n <input type=\"hidden\" name=\"year\" value=\"{$year}\">\r\n <table border=\"0\" width=\"700\" cellspacing=\"0\" cellpadding=\"0\">\r\n <tr>\r\n <td width=10> </td>\r\n <td width=\"8\" height=\"5\" align=\"center\" valign=\"middle\">" . $Prenavigation . "</td>\r\n <td height='8' width=\"100\" align=\"center\" valign=\"middle\" style=\"padding:0px 0px 0px 0px;\"> " . $title . " " . $year . " </td>\r\n <td width=\"8\" height=\"5\" align=\"center\" valign=\"middle\">" . $Nextnavigation . "</td>\r\n <td align=\"right\" valign=\"middle\">"; $requestReport = new request_reports($config); $requestReport->config = $config; $requestReport->showDivisionDropDown(); $myDivID = $requestReport->divisionID; //echo 'Show for division: //<select name="divisionID" onchange="this.form.submit()">'; // if(isset($_POST['divisionID'])){ // $myDivID = $_POST['divisionID']; // } // else{ // if($admin >= 50){ // $myDivID = "All"; // } // else{ // $mydivq = "SELECT DIVISIONID FROM EMPLOYEE E WHERE E.IDNUM='" . $_SESSION['userIDnum']."'"; // $myDivResult = $mysqli->query($mydivq); // SQLerrorCatch($mysqli, $myDivResult); // $temp = $myDivResult->fetch_assoc(); // $myDivID = $temp['DIVISIONID']; // } // } // // $alldivq = "SELECT * FROM `DIVISION` WHERE 1"; // $allDivResult = $mysqli->query($alldivq); // SQLerrorCatch($mysqli, $allDivResult); // while($Divrow = $allDivResult->fetch_assoc()) { // echo '<option value="'.$Divrow['DIVISIONID'].'"'; // if($Divrow['DIVISIONID']==$myDivID) // echo ' SELECTED '; // echo '>'.$Divrow['DESCR'].'</option>'; // } // if(isset($_POST['divisionID'])){ // if($myDivID == "All") // echo '<option value="All" SELECTED>All</option>'; // else // echo '<option value="All">All</option>'; // } // else // echo '<option value="All">All</option>'; // echo '</select></form></div>'; echo " </td>\r\n </tr>\r\n </form></table></td>"; $myq = "SELECT COUNT(REQUEST.REFER) AS 'RequestNumbers',\r\n IF(REQUEST.TIMETYPEID IS NULL, SUB.DESCR, OLDT.DESCR) 'Subtype',\r\n DATE_FORMAT(USEDATE,'%d') 'Used'\r\n FROM REQUEST \r\n LEFT JOIN EMPLOYEE AS REQ ON REQ.IDNUM=REQUEST.IDNUM\r\n LEFT JOIN TIMETYPE AS OLDT ON OLDT.TIMETYPEID = REQUEST.TIMETYPEID\r\n LEFT JOIN SUBTYPE AS OLDSUB ON OLDSUB.IDNUM=REQUEST.SUBTYPE\r\n LEFT JOIN WTS_TIMETYPES AS T ON T.IDNUM=REQUEST.TIMETYPES_ID\r\n LEFT JOIN WTS_SUBTIMETYPES AS SUB ON SUB.IDNUM=REQUEST.SUBTYPE_ID\r\n\r\n WHERE 1 " . $requestReport->filters . "\r\n AND DATE_FORMAT(USEDATE,'%m-%Y') = '" . date('m-Y', mktime(0, 0, 0, $month, 1, $year)) . "'\r\n AND REQUEST.STATUS = 'APPROVED'\r\n GROUP BY REQUEST.USEDATE, IF(REQUEST.TIMETYPEID IS NULL, SUB.IDNUM, NEWTYPE_ID)\r\n ORDER BY REQUEST.USEDATE"; // } $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result, $myq, $debug = false); echo "</th></tr>"; echo "<tr><td align=\"center\" width=102>Sunday</td>\r\n <td align=\"center\" width=102>Monday</td>\r\n <td align=\"center\" width=102>Tuesday</td>\r\n <td align=\"center\" width=102>Wednesday</td>\r\n <td align=\"center\" width=102>Thurday</td>\r\n <td align=\"center\" width=102>Friday</td>\r\n <td align=\"center\" width=102>Saturday</td>\r\n </tr>"; //This counts the days in the week, up to 7 $day_count = 1; $blank = $day_of_first_day; echo "<tr height='25'>"; //first we take care of those blank days while ($blank > 0) { echo "<td ></td>"; $blank = $blank - 1; $day_count++; } //sets the first day of the month to 1 $day_num = "01"; // $timetype[0] = "OT"; // $timetype[1] = "SK"; // $timetype[2] = "PR"; // $timetype[3] = "VA"; // $timetype[4] = "5";//overtime // $timetype[5] = "6";//overtime // $timetype[6] = "3";//sick // $timetype[7] = "2";//personal // $timetype[8] = "1";//vacation //count up the days, untill we've done all of them in the month while ($day_num <= $days_in_month) { // for($i=0;$i<count($timetype);$i++){ // if($myDivID == "All"){ // $myq = "SELECT `REFER` , `IDNUM` , `TIMETYPEID` , `USEDATE` , `STATUS` // FROM `REQUEST` // WHERE `TIMETYPEID` = '".$timetype[$i]."' // AND USEDATE = '".$year."-".$month."-".$day_num."' // AND `STATUS` = 'APPROVED'"; // } // else{ echo "<td height='100' valign = \"top\" align=\"center\"><div style=\"background-color:grey\">"; echo '<form name="goToDetails" method="POST" action="?submittedRequestsNEW=true&cust=true"> <input type="hidden" name="divisionID" value="' . $myDivID . '" /> <input type="hidden" name="customDate" value="true" /> <input name="start" type="hidden" value="' . $month . '/' . $day_num . '/' . $year . '" /> <input name="end" type="hidden" value="' . $month . '/' . $day_num . '/' . $year . '" /> <input type="submit" name="goToDetails" value="' . $day_num . '" /></form></div>'; $overTime = 0; $sick = 0; $personal = 0; $vacation = 0; $result->data_seek(0); while ($row = $result->fetch_assoc()) { //popupmessage($row['Used'].' day '. $day_num); if ($row['Used'] == $day_num) { echo $row['Subtype'] . ': ' . $row['RequestNumbers'] . '<br/>'; } } // if($i == 0) // $overTime = $result->num_rows; // if($i == 1) // $sick = $result->num_rows; // if($i == 2) // $personal = $result->num_rows; // if($i == 3) // $vacation = $result->num_rows; // } if ($overTime > 0) { echo 'Overtime: ' . $overTime . '<br/>'; } if ($sick > 0) { echo 'Sick: ' . $sick . '<br/>'; } if ($personal > 0) { echo 'Personal: ' . $personal . '<br/>'; } if ($vacation > 0) { echo 'Vacation: ' . $vacation . '<br/>'; } echo "<div>"; $day_count++; //Make sure we start a new row every week if ($day_count > 7) { echo "</tr><tr height='25'>"; $day_count = 1; } $day_num++; if (strlen((string) $day_num) == 1) { $day_num = "0" . (string) $day_num; } } //Finaly we finish out the table with some blank details if needed while ($day_count > 2 && $day_count <= 7) { echo "<td> </td>"; $day_count++; } echo "</tr></table></div>"; }
function showItemExchange($config, $radioLogID) { $mysqli = $config->mysqli; $dbgTrace = debug_backtrace(); $dbgMsg = "<table><tr><th>Debug backtrace begin:</th></tr>"; foreach ($dbgTrace as $dbgIndex => $dbgInfo) { $dbgMsg .= '<tr width=300><td>' . $dbgInfo['file'] . ' (line ' . $dbgInfo['line'] . ') -> ' . $dbgInfo['function'] . '</td></tr>'; } $dbgMsg .= "<tr><td> </td></tr><tr><th>Debug backtrace end</th></tr></table>"; //popUpMessage($dbgMsg); //get radioLog duplicating information $myq = "SELECT R.RADIOID, R.TYPE, INV.OTHER_SN, ITYPE.IDNUM 'itemTypeID',\r\n ITYPE.DESCR 'itemType', CONCAT_WS(', ', EMP.LNAME, EMP.FNAME) 'deputyName',\r\n R.DIVISIONID 'invDIV'\r\n FROM WTS_RADIOLOG R\r\n LEFT JOIN EMPLOYEE AS EMP ON R.DEPUTYID=EMP.IDNUM\r\n LEFT JOIN WTS_INVENTORY AS INV ON R.RADIOID=INV.IDNUM\r\n LEFT JOIN WTS_INV_TYPE AS ITYPE ON INV.TYPE=ITYPE.IDNUM\r\n WHERE R.REFNUM = '" . $radioLogID . "' LIMIT 1;"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result, $myq); $item = $result->fetch_assoc(); $radioID = $item['RADIOID']; $divID = $item['invDIV']; echo '<input type="hidden" name="divisionID" value="' . $_POST['divisionID'] . '" />'; echo '<br/>' . $item['itemType'] . ' ' . $item['OTHER_SN'] . ' will be exchanged from ' . $item['deputyName'] . ' to: <br/>'; //debug //var_dump($_POST); //Show previously added deputies $isExchanged = false; $deputyCount = 0; $num_deputies = isset($_POST['num_deputies']) ? $_POST['num_deputies'] : 0; $exchangeBtn = isset($_POST['exchangeItemBtn']) ? true : false; $removeBtn = false; if ($num_deputies > 0) { for ($i = 0; $i < $num_deputies; $i++) { if (!isset($_POST['removeDeputyBtn' . $i])) { $deputyID[$i] = isset($_POST['deputyID' . $i]) ? $mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : ''; $isReserve[$i] = isset($_POST['isReserve' . $i]) ? true : false; //get this user's information if ($isReserve[$i]) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $deputyID[$i]; $result = $mysqliReserve->query($myq); SQLerrorCatch($mysqliReserve, $result, $myq); $row = $result->fetch_assoc(); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME, DIVISIONID FROM EMPLOYEE WHERE IDNUM=' . $deputyID[$i]; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result, $myq); $row = $result->fetch_assoc(); } if ($i == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $deputyID[$i] . '" />'; if ($isReserve[$i] == 1) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio Call #: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<br/>'; if ($exchangeBtn) { $hiddenInputs = '<input type="hidden" value="' . $_POST['dateSelect'] . '" name="dateSelect"> <input type="hidden" name="divisionID" value="' . $row['DIVISIONID'] . '" /> <input type="hidden" value="' . $_POST['exchangeLogID'] . '" name="exchangeLogID"> <input type="hidden" value="' . $_POST['itemID'] . '" name="itemID"> <input type="hidden" value="' . $deputyID[$i] . '" name="deputyID0"> <input type="hidden" value="' . $_POST['radioCallNum0'] . '" name="radioCallNum0"> <input type="hidden" value="1" name="num_deputies"> <input type="hidden" value="0" name="finalRows"> <input type="hidden" value="true" name="exchangeItemBtn">'; $wasCheckedIn = checkInRadioLog($config, $radioLogID, $noLog = true, $hiddenInputs); if ($wasCheckedIn) { $noteq = "UPDATE WTS_RADIOLOG SET EXCHANGEID = '" . $deputyID[$i] . "' WHERE REFNUM='" . $radioLogID . "';"; $noteResult = $mysqli->query($noteq); SQLerrorCatch($mysqli, $noteResult); $tempReserve = isset($_POST['isReserve' . $i]) ? '1' : '0'; $insertLogID = checkOutItem($config, $deputyID[$i], $row['RADIO'], $radioID, $item['itemTypeID'], "SHIFT", $tempReserve, "0", $row['DIVISIONID'], $noLog = true); addLog($config, 'Exchanged Log Ref #' . $radioLogID . ' with Ref #' . $insertLogID); echo '<br/><font color="red">Exchanged Ref #' . $radioLogID . ' with Ref #' . $insertLogID . '</font><br/>'; $isExchanged = true; } } $deputyCount++; } else { $removeBtn = true; } } //End for loop of previously added deputies } //End check for multiple deputies if (!$isExchanged) { echo '<input type="hidden" name="exchangeLogID" value="' . $radioLogID . '" />'; echo '<input type="hidden" name="itemID" value="' . $radioID . '" />'; } //Get added Deputy $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0; $foundUserFNAME = ''; $foundUserLNAME = ''; $foundUserName = ''; $foundUserID = ''; if ($totalRows > 0) { //get post info providied from search results for ($i = 0; $i <= $totalRows; $i++) { if (isset($_POST['foundUser' . $i])) { $foundUserFNAME = $_POST['foundUserFNAME' . $i]; $foundUserLNAME = $_POST['foundUserLNAME' . $i]; $foundUserName = $_POST['foundUserName' . $i]; $foundUserID = $_POST['foundUserID' . $i]; if (isset($_POST['isReserve' . $i])) { $foundUserIsReserve = true; } else { $foundUserIsReserve = false; } break; } //end if } //end for } //Defaut First User - Default keep disabled for this type of exchange // if(empty($foundUserID) && $num_deputies == 0){ // //security check for central control computer // if($_SERVER['REMOTE_ADDR'] != nslookup('mcjcbcast.sheriff.mahoning.local')){ // //Default first deputy to logged in user on first load // $foundUserID = $_SESSION['userIDnum']; // $foundUserIsReserve = false; // } // } //Start to display information if (empty($foundUserID) && !$removeBtn && $_SERVER['REMOTE_ADDR'] != nslookup('WSRF14900.mahoningcountyoh.gov')) { //'10.1.32.72' //default to logged in deputy if remove button was not pressed and this is not the central computer $foundUserID = $_SESSION['userIDnum']; $foundUserIsReserve = false; } if (!empty($foundUserID) && !$exchangeBtn) { if ($foundUserIsReserve) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $foundUserID; $result = $mysqliReserve->query($myq); SQLerrorCatch($mysqliReserve, $result); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $foundUserID; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); } $row = $result->fetch_assoc(); if ($deputyCount == 0) { $phone = $row['CELLPH']; } echo '<br/>Deputy: <font color="red"><input type="hidden" name="deputyID' . $deputyCount . '" value="' . $foundUserID . '" />'; if ($foundUserIsReserve) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '</font>; Radio Call#: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } if ($deputyCount < 1) { //default to logged in deputy echo 'Add Deputy: '; displayUserLookup($config); } echo '<input type="hidden" name="num_deputies" value="' . $deputyCount . '" />'; if (isset($_POST['exchangeItemBtn'])) { echo '<br/><input type="submit" name="goBtn" value="Back to Logs" />'; } else { echo '<br/><br/>'; if ($deputyCount > 0) { echo '<input type="submit" name="exchangeItemBtn" value="Exchange Equipment" />'; } echo '<input type="submit" name="cancelBtn" value="Cancel" />'; } }
function displaySecLogReport($config) { echo '<h2>Secondary Employement Logs Reports By Date</h2>'; if ($config->adminLvl >= 25) { $dateFrom = isset($_POST['dateFrom']) ? $_POST['dateFrom'] : false; $dateTo = isset($_POST['dateTo']) ? $_POST['dateTo'] : false; echo '<form method="POST" name="secLog">'; if (!$dateFrom) { $dateFrom = Date('m/d/Y', time()); $dateTo = Date('m/d/Y', time()); echo 'Date From '; //echo '<input name="dateSelect" type="text" value="'.$dateSelect.'" />'; displayDateSelect("dateFrom", "dateSel", false, false, true, false); echo ' To '; displayDateSelect("dateTo", "dateSel2", false, false, true, false); echo ' <input id="goBtn" type=submit name="goBtn" value="Go" /><br />'; } else { if ($dateTo < $dateFrom) { echo '<font color="red">Invalid Entry! "To" Date must be greater than or equal to "From" Date</font></br></br>'; } echo '<h3>Date: '; displayDateSelect("dateFrom", "dateSel", $dateFrom, false, false, false); echo ' To '; if ($dateTo < $dateFrom) { $dateTo = $dateFrom; displayDateSelect("dateTo", "dateSel2", $dateTo, true, false, false); } else { displayDateSelect("dateTo", "dateSel2", $dateTo, false, false, false); } echo ' <input id="goBtn" type=submit name="goBtn" value="Go" /><br />'; } $mysqli = $config->mysqli; /*query unions the results of joins on two different tables (EMPLOYEE and RESERVE) depending on the value of SECLOG.IS_RESERVE */ $myq = "SELECT S.GPNUM 'gpID', CONCAT_WS(', ',SEC.LNAME,SEC.FNAME) 'DEPUTYID', S.RADIO, \r\n TIME_FORMAT(TIMEIN,'%H%i') 'TIMEIN',\r\n CONCAT_WS(', ',LOGIN.LNAME,LOGIN.FNAME) 'AUDIT_IN_ID', LOCATION, S.CITY,\r\n TIME_FORMAT(SHIFTSTART,'%H%i') 'SHIFTSTART', TIME_FORMAT(SHIFTEND,'%H%i') 'SHIFTEND',\r\n DRESS, TIME_FORMAT(TIMEOUT,'%H%i') 'TIMEOUT', \r\n CONCAT_WS(', ',LOGOUT.LNAME,LOGOUT.FNAME) 'AUDIT_OUT_ID', \r\n CONCAT_WS(', ',SUP.LNAME,SUP.FNAME) 'SUP_ID', DATE_FORMAT(SUP_TIME,'%m/%d/%y %H%i') 'SUP_TIME',\r\n PHONE, S.IDNUM\r\n FROM SECLOG S\r\n INNER JOIN EMPLOYEE AS SEC ON S.DEPUTYID=SEC.IDNUM\r\n LEFT JOIN EMPLOYEE AS LOGIN ON S.AUDIT_IN_ID=LOGIN.IDNUM\r\n LEFT JOIN EMPLOYEE AS LOGOUT ON S.AUDIT_OUT_ID=LOGOUT.IDNUM\r\n LEFT JOIN EMPLOYEE AS SUP ON S.SUP_ID=SUP.IDNUM\r\n WHERE `SHIFTDATE` BETWEEN '" . Date('Y-m-d', strtotime($dateFrom)) . "'\r\n AND '" . Date('Y-m-d', strtotime($dateTo)) . "'\r\n AND S.IS_RESERVE=0\r\n\r\n UNION\r\n\r\n SELECT S.GPNUM 'gpID', CONCAT_WS(', ',SEC.LNAME,SEC.FNAME) 'DEPUTYID', S.RADIO,\r\n TIME_FORMAT(TIMEIN,'%H%i') 'TIMEIN',\r\n CONCAT_WS(', ',LOGIN.LNAME,LOGIN.FNAME) 'AUDIT_IN_ID', LOCATION, S.CITY,\r\n TIME_FORMAT(SHIFTSTART,'%H%i') 'SHIFTSTART', TIME_FORMAT(SHIFTEND,'%H%i') 'SHIFTEND',\r\n DRESS, TIME_FORMAT(TIMEOUT,'%H%i') 'TIMEOUT', \r\n CONCAT_WS(', ',LOGOUT.LNAME,LOGOUT.FNAME) 'AUDIT_OUT_ID', \r\n CONCAT_WS(', ',SUP.LNAME,SUP.FNAME) 'SUP_ID', DATE_FORMAT(SUP_TIME,'%m/%d/%y %H%i') 'SUP_TIME',\r\n PHONE, S.IDNUM\r\n FROM SECLOG S\r\n INNER JOIN RESERVE AS SEC ON S.DEPUTYID=SEC.IDNUM\r\n LEFT JOIN EMPLOYEE AS LOGIN ON S.AUDIT_IN_ID=LOGIN.IDNUM\r\n LEFT JOIN EMPLOYEE AS LOGOUT ON S.AUDIT_OUT_ID=LOGOUT.IDNUM\r\n LEFT JOIN EMPLOYEE AS SUP ON S.SUP_ID=SUP.IDNUM\r\n WHERE `SHIFTDATE` BETWEEN '" . Date('Y-m-d', strtotime($dateFrom)) . "'\r\n AND '" . Date('Y-m-d', strtotime($dateTo)) . "'\r\n AND S.IS_RESERVE=1\r\n ORDER BY 'gpID'"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result, $myq, $debug = false); $echo = ''; $x = 0; $y = 0; //resultTable($mysqli, $result, 'false'); $showAll = true; $theTable = array(array()); $theTable[$x][$y] = "Action"; $y++; $theTable[$x][$y] = "# in Group"; $y++; $theTable[$x][$y] = "Deputy"; $y++; $theTable[$x][$y] = "Radio#"; $y++; $theTable[$x][$y] = "Log In"; $y++; $theTable[$x][$y] = "C/Deputy"; $y++; $theTable[$x][$y] = "Site Name/Address"; $y++; $theTable[$x][$y] = "City/Twp"; $y++; $theTable[$x][$y] = "Contact#"; $y++; $theTable[$x][$y] = "Shift Start"; $y++; $theTable[$x][$y] = "Shift End"; $y++; $theTable[$x][$y] = "Dress"; $y++; $theTable[$x][$y] = "Log Off"; $y++; $theTable[$x][$y] = "C/Deputy"; $y++; $theTable[$x][$y] = "Supervisor"; $y++; $theTable[$x][$y] = "Sign Off"; $y++; $lastGroupID = ''; $groupCounter = 0; while ($row = $result->fetch_assoc()) { if ($row['gpID'] == $lastGroupID && $lastGroupID != 0) { $gpCountSQL = $config->mysqli; $gpCountq = "SELECT GPNUM FROM SECLOG WHERE GPNUM='" . $row['gpID'] . "'"; $gpCountresult = $mysqli->query($gpCountq); SQLerrorCatch($gpCountSQL, $gpCountresult); $theTable[$x][0] .= ', ' . $row['IDNUM']; $theTable[$x][2] = $gpCountresult->num_rows; } else { $groupCounter = 1; if (strcmp($row['TIMEOUT'], "0000") == 0 || $showAll || strcmp($row['SUP_TIME'], "00/00/00 0000") == 0) { $x++; if (strcmp($row['SUP_TIME'], "00/00/00 0000") == 0) { // $theTable[$x][0] = '<input type="submit" name="secLogApproved'.$x.'" value="Approve" /> // <input type="hidden" name="secLogID'.$x.'" value="'.$row['IDNUM'].'" /> // <input type="submit" value="Edit/View" name="secLogRadio'.$x.'" />'; $theTable[$x][0] = 'Ref# ' . $row['IDNUM']; } else { $theTable[$x][0] = 'Ref# ' . $row['IDNUM']; //$theTable[$x][0] .= '<input type="submit" value="Edit/View" name="secLogRadio'.$x.'" /> //<input type="hidden" name="secLogID'.$x.'" value="'.$row['IDNUM'].'" />'; } $y = 1; $theTable[$x][$y] = $groupCounter; $y++; $theTable[$x][$y] = $row['DEPUTYID']; $y++; $theTable[$x][$y] = $row['RADIO']; $y++; $theTable[$x][$y] = $row['TIMEIN']; $y++; $theTable[$x][$y] = $row['AUDIT_IN_ID']; $y++; $theTable[$x][$y] = $row['LOCATION']; $y++; $theTable[$x][$y] = $row['CITY']; $y++; $theTable[$x][$y] = $row['PHONE']; $y++; $theTable[$x][$y] = $row['SHIFTSTART']; $y++; $theTable[$x][$y] = $row['SHIFTEND']; $y++; $theTable[$x][$y] = $row['DRESS']; $y++; $theTable[$x][$y] = $row['TIMEOUT']; $y++; $theTable[$x][$y] = $row['AUDIT_OUT_ID']; $y++; $theTable[$x][$y] = $row['SUP_ID']; $y++; $theTable[$x][$y] = $row['SUP_TIME']; $y++; $lastGroupID = $row['gpID']; } } } //end while loop showSortableTable($theTable, 3); $echo .= '<input type="hidden" name="editRows" value="' . $x . '" />'; echo $echo; } else { echo 'Access Denied'; } }
function overtimeReport($config) { echo '<h3>Employee Overtime Reports</h3>'; if ($config->adminLvl >= 25) { $mysqli = $config->mysqli; //Get variables $repYear = isset($_POST['repYear']) ? $_POST['repYear'] : $config->installYear; //Select year echo '<form method=POST>'; echo '</div><div class="login"><table><tr><td>Report Year: <select name="repYear" onchange="this.form.submit()">'; for ($i = $config->installYear; $i <= date('Y'); $i++) { echo '<option value="' . $i . '"'; if ($repYear == $i) { echo ' SELECTED'; } echo '>' . $i . '</option>'; } echo '</select></td>'; $startDate = new DateTime($repYear . '-01-01'); $endDate = new DateTime($repYear . '-12-31'); if (isset($_POST['viewDetailsBtn']) && !isset($_POST['backBtn'])) { $empID = $_POST['empID']; echo '<td width=470 align=right><input type="submit" name="backBtn" value="Back to List" /> <input type="hidden" name="viewDetailsBtn" value="true" /> <input type="hidden" name="empID" value="' . $empID . '" /> </td></tr></table></div><div class="post">'; empTimeReportByPay($config, $startDate, $endDate, $empID); echo '</form>'; } else { if ($config->adminLvl >= 25) { echo '<td width=470 align=right>Choose a Division: <select name="divisionID" onchange="this.form.submit()">'; if (isset($_POST['divisionID'])) { $myDivID = $_POST['divisionID']; } else { if ($config->adminLvl >= 50) { $myDivID = "All"; } else { $mydivq = "SELECT DIVISIONID FROM EMPLOYEE E WHERE E.IDNUM='" . $_SESSION['userIDnum'] . "'"; $myDivResult = $mysqli->query($mydivq); SQLerrorCatch($mysqli, $myDivResult); $temp = $myDivResult->fetch_assoc(); $myDivID = $temp['DIVISIONID']; } } $alldivq = "SELECT * FROM `DIVISION` WHERE 1"; $allDivResult = $mysqli->query($alldivq); SQLerrorCatch($mysqli, $allDivResult); while ($Divrow = $allDivResult->fetch_assoc()) { echo '<option value="' . $Divrow['DIVISIONID'] . '"'; if ($Divrow['DIVISIONID'] == $myDivID) { echo ' SELECTED '; } echo '>' . $Divrow['DESCR'] . '</option>'; } if ($config->adminLvl >= 25) { if (isset($_POST['divisionID'])) { if ($myDivID == "All") { echo '<option value="All" SELECTED>All</option>'; } else { echo '<option value="All">All</option>'; } } else { if ($myDivID == "All") { echo '<option value="All" SELECTED>All</option>'; } else { echo '<option value="All">All</option>'; } } } echo '</select></td>'; } echo '</tr></table>'; $isApproveStatus = isset($_POST['approvedStatus']) ? true : false; if (!isset($_POST['clicked'])) { $isApproveStatus = true; } $isPendingStatus = isset($_POST['pendingStatus']) ? true : false; echo '<div align=right><form method=POST><input type="hidden" name="clicked" value="true" />'; //Status = approved echo '<input onChange="this.form.submit()" type="checkbox" value="true" name="approvedStatus"'; if ($isApproveStatus) { echo ' CHECKED'; } echo ' />Status: Approved<Br/>'; //status = pending echo '<input onChange="this.form.submit()" type="checkbox" value="true" name="pendingStatus"'; if ($isPendingStatus) { echo ' CHECKED'; } echo ' />Status: Pending<br/>'; echo '</form></div></div><div class="post">'; if ($myDivID == "All") { $myDivID = ""; } else { $myDivID = "AND REQ.DIVISIONID='" . $myDivID . "'"; } $status = ''; if ($isApproveStatus && $isPendingStatus) { $status = "AND (STATUS = 'APPROVED' OR STATUS = 'PENDING')"; } else { if ($isApproveStatus) { $status = "AND STATUS = 'APPROVED'"; } else { if ($isPendingStatus) { $status = "AND STATUS = 'PENDING'"; } else { $status = "AND STATUS=''"; } } } $myq = "SELECT REFER 'RefNo', REQ.IDNUM 'REQID', REQ.MUNIS 'Munis', CONCAT_WS(', ',REQ.LNAME,REQ.FNAME) 'Name', \r\n DATE_FORMAT(USEDATE,'%a %d %b %Y') 'Used', STATUS 'Status',\r\n DATE_FORMAT(BEGTIME,'%H%i') 'Start',\r\n DATE_FORMAT(ENDTIME,'%H%i') 'End', HOURS 'Hrs',\r\n T.DESCR 'Type', SUBTYPE 'Subtype', CALLOFF 'Calloff', NOTE 'Comment', \r\n HRAPP_IS 'HR_Approved', HR.LNAME 'HRLName', HR.FNAME 'HRFName'\r\n FROM REQUEST\r\n LEFT JOIN EMPLOYEE AS REQ ON REQ.IDNUM=REQUEST.IDNUM\r\n LEFT JOIN EMPLOYEE AS HR ON HR.IDNUM=REQUEST.IDNUM\r\n INNER JOIN TIMETYPE AS T ON T.TIMETYPEID=REQUEST.TIMETYPEID\r\n WHERE USEDATE BETWEEN '" . $startDate->format('Y-m-d') . "' AND '" . $endDate->format('Y-m-d') . "'\r\n AND REQUEST.TIMETYPEID='OT'\r\n " . $myDivID . "\r\n " . $status . "\r\n ORDER BY REQ.LNAME"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $theTable = array(array()); $x = 0; $theTable[$x][0] = "View"; $theTable[$x][1] = "Munis #"; $theTable[$x][2] = "Employee"; $theTable[$x][3] = "Number of Overtime Requests"; $lastUser = ''; $lastUserRow = 0; $recordCounter = 0; while ($row = $result->fetch_assoc()) { if (strcmp($lastUser, $row['Name']) == 0) { $recordCounter++; $theTable[$x][3] = $recordCounter; } else { $x++; $recordCounter = 1; $lastUser = $row['Name']; $theTable[$x][0] = '<form method="POST"> <input type="submit" name="viewDetailsBtn" value="View" /> <input type="hidden" name="empID" value="' . $row['REQID'] . '" /> </form>'; $theTable[$x][1] = $row['Munis']; $theTable[$x][2] = $lastUser; $theTable[$x][3] = $recordCounter; } } //end While loop echo 'number of rows: ' . $x; showSortableTable($theTable, 1); } } else { echo 'Access Denied'; } }
function searchReserves($config, $userToFind, $rowCount, $isSelect = true) { $mysqli = connectToSQL($reserveDB = TRUE); if ($config->adminLvl < 75) { $myq = "SELECT * FROM `RESERVE` WHERE `GRP` != 5 AND `LNAME` LIKE CONVERT(_utf8 '%" . $userToFind . "%' USING latin1) COLLATE latin1_swedish_ci "; } else { $myq = "SELECT * FROM `RESERVE` WHERE `LNAME` LIKE CONVERT(_utf8 '%" . $userToFind . "%' USING latin1) COLLATE latin1_swedish_ci "; } $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $begin = $rowCount; $echo = ""; while ($row = $result->fetch_assoc()) { $rowCount++; $echo .= '<div align="center"><table width="400"><tr><td>'; if ($isSelect) { $echo .= '<input name="foundUser' . $rowCount . '" type="radio" onClick="this.form.action=\'?' . $_POST['formName'] . "=true'" . ';this.form.submit()" />Select</td><td>'; } $echo .= '<input type="hidden" name="foundUserFNAME' . $rowCount . '" value="' . $row['FNAME'] . '" /> First name: ' . $row['FNAME'] . "<br />"; $echo .= '<input type="hidden" name="foundUserLNAME' . $rowCount . '" value="' . $row['LNAME'] . '" /> Last Name: ' . $row['LNAME'] . "<br />"; $echo .= '<input type="hidden" name="foundUserID' . $rowCount . '" value="' . $row['IDNUM'] . '" /> Username: '******'FNAME'] . "." . $row['LNAME'] . '<br />'; $echo .= '<input type="hidden" name="foundUserName' . $rowCount . '" value="' . $row['FNAME'] . "." . $row['LNAME'] . '" />'; $echo .= "Rank: Reserve Group " . $row['GRP'] . "<br />"; $echo .= '<input type="hidden" name="isReserve' . $rowCount . '" value="true" />"'; $echo .= "</td></tr></table></div><br /><hr />"; } //end While Loop $rowsAdded = $rowCount - $begin; if ($rowsAdded > 0) { echo "Number of entries found in the reserve database is " . $rowsAdded . "<br /><br /><hr />"; echo $echo; } return $rowsAdded; }
public function expungeRequest($extraInputs = '') { $confirmBtn = isset($_POST['confirmBtn']) ? true : false; if ($this->toUnExpunge) { if (!isset($_POST['okBtn'])) { $myq = "UPDATE REQUEST \r\n SET STATUS='PENDING'\r\n WHERE REFER=" . $this->config->mysqli->real_escape_string($this->toExpungeRefNo); $result = $this->mysqli->query($myq); if (!SQLerrorCatch($this->config->mysqli, $result, $myq, $debug = false)) { popUpMessage('Request ' . $this->toExpungeRefNo . ' Has been placed back into PENDING State. <div align="center"><form method="POST"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); addLog($this->config, 'UnExpunged Time Request with Ref# ' . $this->toExpungeRefNo); } } } else { if ($confirmBtn && !empty($_POST['expungedReason'])) { $tempRequestForm = new time_request_form($this->config); $tempRequestForm->reqID = $this->toExpungeRefNo; if ($_SESSION['admin'] || $_SESSION['userIDnum'] == $tempRequestForm->empID) { $myq = "UPDATE REQUEST \r\n SET STATUS='EXPUNGED',\r\n HRAPP_ID='0',\r\n EX_REASON='" . $this->config->mysqli->real_escape_string($_POST['expungedReason']) . "',\r\n AUDITID='" . $this->config->mysqli->real_escape_string($_SESSION['userIDnum']) . "',\r\n IP= INET_ATON('" . $this->config->mysqli->real_escape_string($_SERVER['REMOTE_ADDR']) . "')\r\n WHERE REFER='" . $this->config->mysqli->real_escape_string($this->toExpungeRefNo) . "'"; $result = $this->config->mysqli->query($myq); if (!SQLerrorCatch($this->config->mysqli, $result, $myq, $debug = false)) { addLog($this->config, 'Expunged Time Request with Ref# ' . $this->toExpungeRefNo); popUpMessage('Request ' . $this->toExpungeRefNo . ' expunged. <div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); } } else { popUpMessage('Cannot Expunge request, please see a supervisor <div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); } } else { if (!isset($_POST['okBtn'])) { $result = ""; if (isset($_POST['expungedReason'])) { if (empty($_POST['expungedReason'])) { $result = '<font color="red">Requires a Reason</font><br/>'; } } $echo = '<div align="center"><form method="POST"> <input name="deleteBtn' . $this->toExpungeIndex . '" type="hidden" value="' . $this->toExpungeRefNo . '" /> <input type="hidden" name="totalRows" value="' . $this->toExpungeTotalRows . '" /> Request ' . $this->toExpungeRefNo . ' to be expunged<br/> ' . $result . ' Reason:<textarea name="expungedReason"></textarea><br/> <input type="submit" name="confirmBtn" value="CONFIRM EXPUNGE" /> <input type="submit" name="okBtn" value="CANCEL" /> ' . $extraInputs . ' </form></div>'; popUpMessage($echo); } } } }
function getQueryResult($config, $myq, $debug = false) { $result = $config->mysqli->query($myq); if (!SQLerrorCatch($config->mysqli, $result, $myq, $debug)) { return $result; } else { return false; } }
function reserveDetails($config, $reserveID) { $mysqli = connectToSQL($reserveDB = TRUE); echo 'Details for: ' . $reserveID . '<input type="hidden" name="reserveID" value="' . $reserveID . '" />'; if ($config->adminLvl >= 75) { $updateBtn = isset($_POST['updateBtn']) ? true : false; if ($updateBtn) { $group = isset($_POST['resGroup']) ? $mysqli->real_escape_string($_POST['resGroup']) : ""; $fName = isset($_POST['foundUserFNAME']) ? $mysqli->real_escape_string($_POST['foundUserFNAME']) : ""; $lName = isset($_POST['foundUserLNAME']) ? $mysqli->real_escape_string($_POST['foundUserLNAME']) : ""; $radio = isset($_POST['radioNum']) ? $mysqli->real_escape_string($_POST['radioNum']) : ""; $address = isset($_POST['address']) ? $mysqli->real_escape_string($_POST['address']) : ""; $city = isset($_POST['city']) ? $mysqli->real_escape_string($_POST['city']) : ""; $state = isset($_POST['state']) ? $mysqli->real_escape_string($_POST['state']) : ""; $zip = isset($_POST['zip']) ? $mysqli->real_escape_string($_POST['zip']) : ""; $hPhone = isset($_POST['hPhone']) ? $mysqli->real_escape_string($_POST['hPhone']) : ""; $cPhone = isset($_POST['cPhone']) ? $mysqli->real_escape_string($_POST['cPhone']) : ""; $wPhone = isset($_POST['wPhone']) ? $mysqli->real_escape_string($_POST['wPhone']) : ""; $tis = isset($_POST['tis']) ? $mysqli->real_escape_string($_POST['tis']) : ""; $agency = isset($_POST['agency']) ? $mysqli->real_escape_string($_POST['agency']) : ""; $notes = isset($_POST['notes']) ? $mysqli->real_escape_string($_POST['notes']) : ""; if (empty($fName) || empty($lName) || empty($group)) { echo '<br />Must provide all the highlighted items<br /> Did not Save<br />'; } else { //Update Fields $myq = "UPDATE `RESERVE`.`RESERVE` SET\r\n `GRP` = " . $group . ",\r\n `LNAME` = '" . $lName . "',\r\n `FNAME` = '" . $fName . "',\r\n `RADIO` = '" . $radio . "',\r\n `ADDRESS` = '" . $address . "',\r\n `CITY` = '" . $city . "',\r\n `ST` = '" . $state . "',\r\n `ZIP` = '" . $zip . "',\r\n `HOMEPH` = '" . $hPhone . "',\r\n `CELLPH` = '" . $cPhone . "',\r\n `WORKPH` = '" . $wPhone . "',\r\n `TIS` = '" . $tis . "',\r\n `AGENCY` = '" . $agency . "',\r\n `NOTES` = '" . $notes . "' \r\n WHERE `IDNUM` = " . $reserveID; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); addLog($config, 'Reserve with ID ' . $reserveID . ' Updated'); echo 'Reserve Successfully Updated.<br/>'; } } else { $myq = "SELECT * FROM `RESERVE` WHERE `IDNUM` = " . $reserveID; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $row = $result->fetch_assoc(); $group = $row['GRP']; $fName = $row['FNAME']; $lName = $row['LNAME']; $radio = $row['RADIO']; $address = $row['ADDRESS']; $city = $row['CITY']; $state = $row['ST']; $zip = $row['ZIP']; $hPhone = $row['HOMEPH']; $cPhone = $row['CELLPH']; $wPhone = $row['WORKPH']; $tis = $row['TIS']; $agency = $row['AGENCY']; $notes = $row['NOTES']; } echo '</div><div align="left" class="login"><table>'; echo '<tr><td> </td><td>First Name: </td><td><input type="text" name="foundUserFNAME" value="' . $fName . '" /></td></tr>'; echo '<tr><td></td><td>Last Name: </td><td><input type="text" name="foundUserLNAME" value="' . $lName . '" /></td></tr>'; echo '<tr><td></td><td>Group: </td><td><select name="resGroup"> <option value="">Select Group</option> <option value="1"'; if ($group == "1") { echo " SELECTED"; } echo '>Group 1</option> <option value="2"'; if ($group == "2") { echo " SELECTED"; } echo '>Group 2</option> <option value="3"'; if ($group == "3") { echo " SELECTED"; } echo '>Group 3</option> <option value="4"'; if ($group == "4") { echo " SELECTED"; } echo '>Group 4</option> <option value="5"'; if ($group == "5") { echo " SELECTED"; } echo '>Group 5</option> </select></td></tr>'; echo '<tr><td></td><td>Radio#: </td><td><input type="text" name="radioNum" value="' . $radio . '" /></td></tr>'; echo '<tr><td></td><td>Address: </td><td><input type="text" name="address" value="' . $address . '" /></td></tr>'; echo '<tr><td></td><td>City: </td><td><input type="text" name="city" value="' . $city . '" /></td></tr>'; echo '<tr><td></td><td>State: </td><td><input type="text" name="state" value="' . $state . '" /></td></tr>'; echo '<tr><td></td><td>ZIP: </td><td><input type="text" name="zip" value="' . $zip . '" /></td></tr>'; echo '<tr><td></td><td>Home Phone: </td><td><input type="text" name="hPhone" value="' . $hPhone . '" /></td></tr>'; echo '<tr><td></td><td>Cell Phone: </td><td><input type="text" name="cPhone" value="' . $cPhone . '" /></td></tr>'; echo '<tr><td></td><td>Work Phone: </td><td><input type="text" name="wPhone" value="' . $wPhone . '" /></td></tr>'; echo '<tr><td></td><td>Time in Service: </td><td>'; displayDateSelect("tis", "tis", $tis, false, false); echo '</td></tr>'; echo '<tr><td></td><td>Agency: </td><td><input type="text" name="agency" value="' . $agency . '" /></td></tr>'; echo '<tr><td></td><td>Additional Notes: </td><td><input type="text" name="notes" value="' . $notes . '" /></td></tr><tr><td></td></tr>'; echo '<tr><td></td><td><input type="submit" name="updateBtn" value="Update and Save" /></td><td>'; echo '<input type="submit" name="delBtn" value="Delete Reserve" /> <input type="submit" name="goBackBtn" value="Back To Reserves" /></td></tr>'; echo '</table></div>'; } }
private function searchReserves() { $mysqli = connectToSQL($reserveDB = TRUE); if ($this->config->adminLvl < 75) { $myq = "SELECT * FROM `RESERVE` WHERE `GRP` != 5 AND \r\n `LNAME` LIKE CONVERT(_utf8 '%" . $this->config->mysqli->real_escape_string($this->searchUser) . "%' USING latin1) \r\n COLLATE latin1_swedish_ci "; } else { $myq = "SELECT * FROM `RESERVE` WHERE \r\n `LNAME` LIKE CONVERT(_utf8 '%" . $this->config->mysqli->real_escape_string($this->searchUser) . "%' USING latin1) \r\n COLLATE latin1_swedish_ci "; } $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result, $myq); $begin = $this->rowCount; $echo = ""; while ($row = $result->fetch_assoc()) { $this->rowCount++; $echo .= '<div align="center"><table width="400"><tr><td>'; $echo .= '<input name="foundUser' . $this->rowCount . '" type="submit" value="Select" /></td><td>'; $echo .= '<input type="hidden" name="foundUserFNAME' . $this->rowCount . '" value="' . $row['FNAME'] . '" /> First name: ' . $row['FNAME'] . "<br />"; $echo .= '<input type="hidden" name="foundUserLNAME' . $this->rowCount . '" value="' . $row['LNAME'] . '" /> Last Name: ' . $row['LNAME'] . "<br />"; $echo .= '<input type="hidden" name="foundUserID' . $this->rowCount . '" value="' . $row['IDNUM'] . '" /> Username: '******'FNAME'] . "." . $row['LNAME'] . '<br />'; $echo .= '<input type="hidden" name="foundUserName' . $this->rowCount . '" value="' . $row['FNAME'] . "." . $row['LNAME'] . '" />'; $echo .= "Rank: Reserve Group " . $row['GRP'] . "<br />"; $echo .= '<input type="hidden" name="isReserve' . $this->rowCount . '" value="true" />"'; $echo .= "</td></tr></table></div><br /><hr />"; } //end While Loop $rowsAdded = $this->rowCount - $begin; echo "Number of entries found in the reserve database is " . $rowsAdded . "<br /><br /><hr />"; if ($rowsAdded > 0) { echo $echo; } }
function vehUpdateHistory($config, $vehID, $vmilage, $vIssues, $vDate = '') { if (!empty($vDate)) { $vDate = "'" . $vDate . "'"; } else { $vDate = "NOW()"; } $myq = "INSERT INTO `WTS_VEH_MILAGE`(\r\n `IDNUM`, `INV_ID`, `MILAGE`, `DATE`, `AUDIT_ID`, `AUDIT_TS`, `AUDIT_IP`) \r\n VALUES ('','" . $vehID . "','" . $vmilage . "', " . $vDate . " ,\r\n '" . $_SESSION['userIDnum'] . "',NOW(),INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "')); "; $result = $config->mysqli->query($myq); SQLerrorCatch($config->mysqli, $result, $myq, $debug = false); if (!empty($vIssues)) { $myq = "INSERT INTO `WTS_VEH_NOTES`(\r\n `IDNUM`, `INV_ID`, `NOTES`, `DATE`, `AUDIT_ID`, `AUDIT_TS`, `AUDIT_IP`) \r\n VALUES ('','" . $vehID . "','" . $vIssues . "'," . $vDate . ",\r\n '" . $_SESSION['userIDnum'] . "',NOW(),INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "'));"; $result = $config->mysqli->query($myq); SQLerrorCatch($config->mysqli, $result, $myq); } }
public function showRadioLogDetails($config, $radioLogID, $isEditing = false, $isApprove = false) { if ($this->checkOutRadio) { //get passed values echo '<h2><font color="red">Results</font></h2>'; if ($this->num_deputies > 0) { for ($i = 0; $i < $this->num_deputies; $i++) { $this->deputyID[$i] = isset($_POST['deputyID' . $i]) ? $this->config->mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : false; $this->radioCallNum[$i] = isset($_POST['radioCallNum' . $i]) ? $this->config->real_escape_string(strtoupper($_POST['radioCallNum' . $i])) : ''; $this->isReserve[$i] = isset($_POST['isReserve' . $i]) ? '1' : '0'; } $this->radioID = isset($_POST['radioID']) ? $this->config->real_escape_string(strtoupper($_POST['radioID'])) : ''; $this->podID = isset($_POST['podID']) ? $this->config->real_escape_string(strtoupper($_POST['podID'])) : ''; $this->checkOutType = isset($_POST['checkOutType']) ? $this->config->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; $this->gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0; for ($i = 0; $i < $this->num_deputies; $i++) { $gpIDq = "SELECT MAX( GPNUM ) 'gpID' FROM WTS_RADIOLOG"; $gpResult = $this->config->query($gpIDq); SQLerrorCatch($this->config->mysqli, $gpResult); $row = $gpResult->fetch_assoc(); if ($this->gpID != 0) { $groupID = $this->gpID; } else { $groupID = 0; if ($num_deputies == 1) { //Set Group ID to 0 or Individual } else { if ($i == 0) { $groupID = $row['gpID'] + 1; } else { $groupID = $row['gpID']; } } } checkOutItem($this->config, $this->deputyID[$i], $this->radioCallNum[$i], $this->radioID, $this->checkOutType, $this->isReserve[$i], $this->groupID); } } else { echo 'Must select a user.<br />'; } echo '<br />'; //display results and get secLogID just added } if ($this->checkInRadio) { $this->radioLogID = isset($_POST['radioLogID']) ? $_POST['radioLogID'] : ''; checkInRadioLog($this->config, $this->radioLogID); $this->isEditing = true; } if ($this->updateRadioLog) { ////get posted values $this->radioLogID = isset($_POST['radioLogID']) ? $this->config->real_escape_string($_POST['radioLogID']) : ''; $this->radioID = isset($_POST['radioID']) ? $this->config->real_escape_string(strtoupper($_POST['radioID'])) : ''; $this->podID = isset($_POST['podID']) ? $this->config->real_escape_string(strtoupper($_POST['podID'])) : ''; $this->radioCallNum = isset($_POST['radioCallNum']) ? $this->config->real_escape_string(strtoupper($_POST['radioCallNum'])) : ''; $this->checkOutType = isset($_POST['checkOutType']) ? $this->config->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; updateRadioLog($this->config, $this->radioLogID, $this->radioCallNum, $this->radioID, $this->podID, $this->checkOutType); $this->isEditing = true; } if ($this->isEditing) { if ($this->config->adminLvl >= 0) { $myq = "SELECT R.REFNUM, R.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.REFNUM = '" . $radioLogID . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT R.REFNUM, R.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.REFNUM = '" . $radioLogID . "' AND IS_RESERVE=1\r\n "; $result = $this->config->mysqli->query($myq); SQLerrorCatch($this->config->mysqli, $result); $row = $result->fetch_assoc(); if ($row['gpID'] != 0) { //get all users echo '<div align="center">Group Reference #: ' . $row['gpID'] . ' <input type="hidden" name="gpID" value="' . $row['gpID'] . '" /></div>'; $newq = "SELECT R.REFNUM 'refNum', R.GPNUM 'gpID', \r\n CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT R.REFNUM 'refNum', R.GPNUM 'gpID', \r\n CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=1\r\n ORDER BY R.REFNUM"; $newResult = $this->config->mysqli->query($newq); SQLerrorCatch($this->config->mysqli, $newResult); $x = 0; $y = 0; $depTable = array(array()); $depTable[$x][$y] = "Reference#"; $y++; $depTable[$x][$y] = "Deputy"; $y++; $depTable[$x][$y] = "Radio#"; $y++; $depTable[$x][$y] = "Action"; $y++; $x++; while ($newRow = $newResult->fetch_assoc()) { $y = 0; $depTable[$x][$y] = $newRow['refNum'] . ' <input type="hidden" name="radioLogID' . $x . '" value="' . $newRow['refNum'] . '" />'; $y++; $depTable[$x][$y] = $newRow['DEPUTYNAME']; $y++; $depTable[$x][$y] = '<input type="text" name="radioCallNum' . $x . '" value="' . $newRow['RADIO_CALLNUM'] . '" />'; $y++; if (strcmp($newRow['inTime'], "00/00/000 0000") == 0) { $depTable[$x][$y] = '<input type="submit" value="Update" name="updateRadioLog' . $x . '" /> <input type="submit" value="LogOut" name="logoutRadioLog' . $x . '" /><br/>'; $y++; } else { if ($config->adminLvl >= 25) { $depTable[$x][$y] = '<input type="submit" value="Update" name="updateRadioLog' . $x . '" /> Checked in at ' . $newRow['inTime']; $y++; } else { $depTable[$x][$y] = 'Checked in at ' . $newRow['inTime']; $y++; } } $x++; } showSortableTable($depTable, 1); } else { echo '<br/>Reference #: ' . $radioLogID . '<input type="hidden" name="radioLogID" value="' . $radioLogID . '" /><br /> Deputy: ' . $row['DEPUTYNAME'] . '<br/> Radio#: <input type="text" name="radioCallNum" value="' . $row['RADIO_CALLNUM'] . '" /><br/>'; } echo '<div align="left">Add Deputy: <button type="button" name="searchBtn" value="Lookup Employee" onClick="this.form.action=' . "'?userLookup=true'" . ';this.form.submit()" > Lookup Employee</button></div><br/>'; echo '<br/> Radio Number: '; selectRadioInventory($this->config, "radioID", $row['RADIOID']); echo '<br/><br/>'; if ($row['TYPE'] == "LOANER") { echo '<input type="radio" name="checkOutType" value="LOANER" CHECKED>LOANER</input>'; } else { echo '<input type="radio" name="checkOutType" value="LOANER">LOANER</input>'; } if ($row['TYPE'] == "PERM") { echo '<input type="radio" name="checkOutType" value="PERM" CHECKED>PERMANENT</input>'; } else { echo '<input type="radio" name="checkOutType" value="PERM">PERMANENT</input>'; } if ($row['TYPE'] == "POD") { echo '<input type="radio" name="checkOutType" value="POD" CHECKED>SHIFT ASSIGNMENT</input><br/>'; } else { echo '<input type="radio" name="checkOutType" value="POD">SHIFT ASSIGNMENT</input><br/>'; } echo '<br/>Checked in time: '; if (strcmp($row['inTime'], "00/00/00 0000") == 0) { echo "<font color=red><b>Not Checked back in Yet</b></font><br /><br />"; if ($row['gpID'] != 0) { echo '<input type="submit" name="checkInAllRadio" value="Check in All" />'; } else { echo '<input type="submit" name="checkInRadio" value="Check Back In" />'; } } else { echo $row['inTime'] . '<br /><br />'; } if (strcmp($row['inTime'], "00/00/0000 0000") == 0 || $config->adminLvl >= 25) { if ($row['gpID'] != 0) { echo '<input type="submit" name="updateRadioLogAll" value="Update All" />'; } else { echo '<input type="submit" name="updateRadioLog" value="Update" />'; } } if ($isApprove) { echo '<input type="submit" name="backToApprove" value="Back To Approvals" />'; } else { echo '<input type="submit" name="goBtn" value="Back To Logs" />'; } } else { echo 'Access Denied'; } } if (!$isEditing && !isset($_POST['goBtn'])) { echo '<br/><br/>'; $radioLogID = isset($_POST['secLogID']) ? $this->config->real_escape_string($_POST['secLogID']) : ''; $radioID = isset($_POST['radioID']) ? $this->config->real_escape_string(strtoupper($_POST['radioID'])) : ''; $podID = isset($_POST['podID']) ? $this->config->real_escape_string(strtoupper($_POST['podID'])) : ''; $checkOutType = isset($_POST['checkOutType']) ? $this->config->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; //debug //var_dump($_POST); //Show previously added deputies $deputyCount = 0; if ($num_deputies > 0) { for ($i = 0; $i < $num_deputies; $i++) { if (!isset($_POST['removeDeputyBtn' . $i])) { $deputyID[$i] = isset($_POST['deputyID' . $i]) ? $this->config->real_escape_string(strtoupper($_POST['deputyID' . $i])) : ''; $isReserve[$i] = isset($_POST['isReserve' . $i]) ? true : false; //get this user's information if ($isReserve[$i]) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $deputyID[$i]; $result = $this->mysqliReserve->query($myq); SQLerrorCatch($this->mysqliReserve, $result); $row = $result->fetch_assoc(); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $deputyID[$i]; $result = $this->config->query($myq); SQLerrorCatch($mysqli, $result); $row = $result->fetch_assoc(); } if ($i == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $deputyID[$i] . '" />'; if ($isReserve[$i] == 1) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio Call #: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } } //End for loop of previously added deputies } //End check for multiple deputies //Get added Deputy $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0; $foundUserFNAME = ''; $foundUserLNAME = ''; $foundUserName = ''; $foundUserID = ''; if ($totalRows > 0) { //get post info providied from search results for ($i = 0; $i <= $totalRows; $i++) { if (isset($_POST['foundUser' . $i])) { $foundUserFNAME = $_POST['foundUserFNAME' . $i]; $foundUserLNAME = $_POST['foundUserLNAME' . $i]; $foundUserName = $_POST['foundUserName' . $i]; $foundUserID = $_POST['foundUserID' . $i]; if (isset($_POST['isReserve' . $i])) { $foundUserIsReserve = true; } else { $foundUserIsReserve = false; } break; } //end if } //end for } if (empty($foundUserID) && $num_deputies == 0) { //security check for central control computer if ($_SERVER['REMOTE_ADDR'] != nslookup('WSRF14900.mahoningcountyoh.gov')) { //'10.1.32.72' //Default first deputy to logged in user on first load $foundUserID = $_SESSION['userIDnum']; $foundUserIsReserve = false; } } if (!empty($foundUserID)) { if ($foundUserIsReserve) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $foundUserID; $result = $this->mysqliReserve->query($myq); SQLerrorCatch($this->mysqliReserve, $result); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $foundUserID; $result = $this->config->query($myq); SQLerrorCatch($mysqli, $result); } $row = $result->fetch_assoc(); if ($deputyCount == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $foundUserID . '" />'; if ($foundUserIsReserve) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio Call#: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } echo 'Add Deputy: '; displayUserLookup($config); echo '<input type="hidden" name="num_deputies" value="' . $deputyCount . '" />'; $gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0; echo '<br/><br/><input type="hidden" name="gpID" value="' . $gpID . '" /> Radio Number: '; selectRadioInventory($config, "radioID", $radioID); echo '<br/><br/>'; if ($checkOutType == "LOANER") { echo '<input type="radio" name="checkOutType" value="LOANER" CHECKED>LOANER</input>'; } else { echo '<input type="radio" name="checkOutType" value="LOANER">LOANER</input>'; } if ($checkOutType == "PERM") { echo '<input type="radio" name="checkOutType" value="PERM" CHECKED>PERMANENT</input>'; } else { echo '<input type="radio" name="checkOutType" value="PERM">PERMANENT</input>'; } if ($checkOutType == "POD") { echo '<input type="radio" name="checkOutType" value="POD" CHECKED>SHIFT ASSIGNMENT</input><br/>'; } else { echo '<input type="radio" name="checkOutType" value="POD">SHIFT ASSIGNMENT</input><br/>'; } echo '<br/><input type="hidden" name="addBtn" value="true" /> <input type="submit" name="addRadioLog" value="Check Out Radio" /> <input type="submit" name="goBtn" value="Cancel" />'; } }
function displayLogs($config) { if ($config->adminLvl > 75) { echo "<form name='custRange' action='" . $_SERVER['REQUEST_URI'] . "' method='post'>"; echo 'Date Range to Display (Blank will use today\'s Date)'; echo "<p> Start"; if (isset($_POST['start']) && isset($_POST['end'])) { displayDateSelect('start', 'date_1', $_POST['start'], false, false); echo "End"; displayDateSelect('end', 'date_2', $_POST['end'], false, false); } else { displayDateSelect('start', 'date_1', false, false, true); echo "End"; displayDateSelect('end', 'date_2', false, false, true); } echo "<input type='submit' value='Go' /></p>"; //overwrite current period date variables with //those provided by user if (isset($_POST['start']) && isset($_POST['end'])) { $startDate = new DateTime($_POST['start']); $startDate = $startDate->format('Y-m-d'); $endDate = new DateTime($_POST['end']); $endDate = $endDate->format('Y-m-d'); } else { $startDate = date("Y-m-d"); $endDate = date("Y-m-d"); } if ($startDate == $endDate) { $dateQ = "WHERE DATE = '" . $startDate . "'"; } else { $dateQ = "WHERE DATE BETWEEN '" . $startDate . "' AND '" . $endDate . "'"; } $x = 0; $y = 0; $theTable = array(array()); $theTable[$x][$y] = "Event#"; $y++; $theTable[$x][$y] = "User"; $y++; $theTable[$x][$y] = "User IP"; $y++; $theTable[$x][$y] = "Time of Event"; $y++; $theTable[$x][$y] = "Description of Event"; $y++; $mysqli = $config->mysqli; $myq = "SELECT EMP.LNAME 'LName', EMP.FNAME 'FName', WTS_EVENTS.IDNUM 'refNo', \r\n DATE_FORMAT(DATE,'%a %d %b %Y') 'Date',\r\n DATE_FORMAT(TIME,'%H%i') 'Time', \r\n DESCR 'Descr', INET_NTOA(USERIP) 'UserIP'\r\n FROM WTS_EVENTS\r\n LEFT JOIN EMPLOYEE AS EMP ON EMP.IDNUM=WTS_EVENTS.USERID\r\n " . $dateQ; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); while ($row = $result->fetch_assoc()) { $x++; $y = 0; $theTable[$x][$y] = $row['refNo']; $y++; $theTable[$x][$y] = $row['LName'] . ', ' . $row['FName']; $y++; $theTable[$x][$y] = $row['UserIP']; $y++; $theTable[$x][$y] = $row['Date'] . ' ' . $row['Time']; $y++; $theTable[$x][$y] = $row['Descr']; $y++; } echo '<h3>User Event Logs</h3>'; echo 'Showing events between ' . $startDate . ' and ' . $endDate; showSortableTable($theTable, 1); } else { echo '<h3>User Event Logs</h3>Access Denied!'; } }
function sendRequestToPending($config, $refNo, $hrNotes = '') { if (!empty($hrNotes)) { $updateNotes = "`HR_NOTES` = '" . $config->mysqli->real_escape_string($hrNotes) . "',"; } $myq = $myq = "UPDATE REQUEST \r\n SET STATUS='PENDING',\r\n `HRAPP_IS` = '0',\r\n " . $hrNotes . "\r\n APPROVEDBY=''\r\n WHERE REFER=" . $config->mysqli->real_escape_string($refNo); $result = $config->mysqli->query($myq); SQLerrorCatch($config->mysqli, $result, $myq, $debug = false); addLog($config, 'Ref# ' . $refNo . ' status was changed to pending'); }
function selectAdminLevel($config, $adminLvl = "0") { $mysqli = $config->mysqli; $myq = "SELECT * FROM `ADMINLVL` ORDER BY IDNUM"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); echo '<select name="adminLvl">'; while ($row = $result->fetch_assoc()) { echo '<option value="' . $row['IDNUM'] . '"'; if (strcmp($adminLvl, $row['IDNUM']) == 0) { echo ' selected="selected"'; } echo '>' . $row['DESCR'] . '</option>'; } echo '</select>'; }
function displayAdminAnnounce($config) { echo '<div align="center"><h2>Announcement Manager</h3></div> '; if ($config->adminLvl >= 30) { $editorDisplay = isset($_GET['editAnnounce']) ? $_GET['editAnnounce'] : false; if (!$editorDisplay && !isset($_POST['addAnnounce'])) { //Show available announcements to edit (or add new) $mysqli = connectToSQL(); $myq = "SELECT * FROM `NEWS` WHERE 1"; $result = $mysqli->query($myq); if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } $result->data_seek(0); while ($row = $result->fetch_assoc()) { echo '<a href="' . $_SERVER['REQUEST_URI'] . '&editAnnounce=' . $row['IDNUM'] . '" >' . $row['TITLE'] . '</a><br /> Published: ' . $row['TSTAMP'] . ' <br />by ' . $row['AUDITID'] . '<br /><br />'; } ?> <form action="<?php echo $_SERVER['REQUEST_URI']; ?> " method="post" name="registerform"> <input type="submit" name="addAnnounce" value="Add Announcement" /> </form> <?php } if (isset($_GET['editAnnounce'])) { //User attempting to edit, get passed form fields $editorID = isset($_POST['editorID']) ? $_POST['editorID'] : $_GET['editAnnounce']; $editorTitle = isset($_POST['editorTitle']) ? $_POST['editorTitle'] : ''; $editorShort = isset($_POST['editorShort']) ? $_POST['editorShort'] : ''; $editorDivID = isset($_POST['editorDivID']) ? $_POST['editorDivID'] : ''; $editorOldShort = isset($_POST['editorOldShort']) ? $_POST['editorOldShort'] : ''; $editorPublish = isset($_POST['editorPublish']) ? $_POST['editorPublish'] : '1'; $editorData = isset($_POST['editor110']) ? $_POST['editor110'] : ''; if (isset($_POST['editor110']) && !isset($_POST['editorPublish'])) { $editorPublish = 0; } if (!isset($_POST['editorOldShort'])) { //no valid announcement was passed so get data within SQL $mysqli = connectToSQL(); $myq = "SELECT `SHORTNAME` , `TITLE` , `BODY` , `PUBLISH`, `DIVID` FROM `NEWS` \r\n WHERE `IDNUM` = '" . $editorID . "'"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $result->data_seek(0); $row = $result->fetch_assoc(); $editorTitle = $row['TITLE']; $editorShort = $row['SHORTNAME']; $editorDivID = $row['DIVID']; $editorPublish = $row['PUBLISH']; $editorData = $row['BODY']; } ?> <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?isAnounceAdmin=true" >Back</a> <script type="text/javascript" src="ckeditor/ckeditor.js"></script> <form action ="<?php echo $_SERVER['REQUEST_URI']; ?> " method="post"> <p> <?php echo '<input type="hidden" name="editorID" value="' . $editorID . '" />'; ?> Announcement Title: <input type="text" name="editorTitle" value="<?php if (isset($editorTitle)) { echo $editorTitle; } ?> "/><br /><br /> Short Name: <?php if (isset($editorShort)) { echo $editorShort; } ?> <br /><br /> Publish to Division: <?php displayDivisionID("editorDivID", $editorDivID, $showAllOpt = true); ?> <br/><Br/> <input type="hidden" name="editorOldShort" value="<?php echo $editorShort; ?> " /> Publish Announcement: <input type="checkbox" name="editorPublish" value="1" <?php if ($editorPublish == 0) { } else { echo 'checked="checked"'; } ?> /><br /><br /> <textarea id="editor1" name="editor110"><?php echo $editorData; ?> </textarea> <script type="text/javascript"> CKEDITOR.replace( 'editor110' ); </script> </p> <p> <input type="submit" name="saveBtn" value="Save" /> </p> </form> <?php if (isset($_POST['saveBtn'])) { //User pressed Save Button, so update with presented information $mysqli = connectToSQL(); $myq = "UPDATE `PAYROLL`.`NEWS` SET \r\n `SHORTNAME` = '" . $editorOldShort . "',\r\n `TITLE` = '" . $editorTitle . "',\r\n `BODY` = '" . $editorData . "',\r\n `PUBLISH` = '" . $editorPublish . "',\r\n `DIVID` = '" . $editorDivID . "',\r\n `TSTAMP` = NOW( ),\r\n `AUDITID` = '" . strtoupper($_SESSION['userName']) . "',\r\n `IP` = 'INET_ATON(\\'" . $_SERVER['REMOTE_ADDR'] . "\\')' \r\n WHERE IDNUM= '" . $editorID . "' LIMIT 1 ;"; $result = $mysqli->query($myq); if (!SQLerrorCatch($mysqli, $result)) { addLog($config, 'Announcement Updated with title ' . $editorTitle); echo '<h3>Successful Save</h3>'; } } } if (isset($_POST['addAnnounce'])) { //User pressed Add an Announcement $editorTitle = isset($_POST['editorTitle']) ? $_POST['editorTitle'] : ''; $editorShort = isset($_POST['editorShort']) ? $_POST['editorShort'] : ''; $editorDivID = isset($_POST['editorDivID']) ? $_POST['editorDivID'] : '1'; $editorPublish = isset($_POST['editorPublish']) ? $_POST['editorPublish'] : '1'; $editorData = isset($_POST['editor110']) ? $_POST['editor110'] : ''; if (isset($_POST['editor110']) && !isset($_POST['editorPublish'])) { $editorPublish = 0; } $isShort = false; if (isset($_POST['saveBtn']) && empty($editorShort)) { $isShort = true; } ?> <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?isAnounceAdmin=true" >Back</a> <script type="text/javascript" src="ckeditor/ckeditor.js"></script> <form action ="<?php echo $_SERVER['REQUEST_URI']; ?> " method="post"> <p> Announcement Title: <input type="text" name="editorTitle" value="<?php if (isset($editorTitle)) { echo $editorTitle; } ?> "/><br /><br /> Short Name: <input type="text" name="editorShort" value="<?php if (isset($editorShort)) { echo $editorShort; } ?> " <?php if ($isShort) { echo "style=\"background:#FFFFFF;border:1px solid #FF0000;\""; } ?> /><br /><br /> Publish to Division: <?php displayDivisionID("editorDivID", $editorDivID, $showAllOpt = true); ?> <br/><Br/> Publish Announcement: <input type="checkbox" name="editorPublish" value="1" <?php if ($editorPublish == 0) { } else { echo 'checked="checked"'; } ?> /><br /><br /> <textarea id="editor1" name="editor110"><?php echo $editorData; ?> </textarea> <script type="text/javascript"> CKEDITOR.replace( 'editor110' ); </script> </p> <p> <input type="hidden" name="addAnnounce" value="Add Announcement" /> <input type="submit" name="saveBtn" value="Save" /> </p> </form> <?php if (isset($_POST['saveBtn'])) { //Save button pressed, save data to database $mysqli = connectToSQL(); //$myq = "INSERT INTO `PAYROLL`.`NEWS` (`SHORTNAME`, `TITLE`, `BODY`, `PUBLISH`, `TSTAMP`, `AUDITID`, 'IP') VALUES ('".$editorShort."', '".$editorTitle."', '".$editorData."', '".$editorPublish."', NOW(), 'awturner', '10.1.30.57');"; $myq = "INSERT INTO `NEWS` (`SHORTNAME`, `TITLE`, `BODY`, DIVID, `PUBLISH`, `TSTAMP`, `AUDITID`, `IP`) \r\n VALUES ('" . $editorShort . "', '" . $editorTitle . "', '" . $editorData . "', '" . $editorDivID . "', '" . $editorPublish . "', NOW(), '" . strtoupper($_SESSION['userName']) . "', INET_ATON('{$_SERVER['REMOTE_ADDR']}'))"; $result = $mysqli->query($myq); if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } else { addLog($config, 'Announcement Added with title ' . $editorTitle); echo '<h3>Successful Save</h3>'; } } } echo '<div align="center">Note: No Announcement is private to the selected division.<br/> All users may see the announcement if published</div><Br/>'; } else { echo 'Access Denied'; } }