function GenerateDownload()
{
$loc = rmabs(__FILE__ . ".GenerateDownload");
$sql = 'SELECT * FROM Users';
$result = SqlQuery($loc, $sql);
$first = true;
header('Content-Type: application/csv');
header('Content-Disposition: attachment; filename="Users_' . date("Y-m-d") . '.csv";');
$ff = fopen('php://memory', 'w');
//rewind($f);
$fieldnames = array();
while ($row = $result->fetch_assoc()) {
if ($first) {
$fieldnames = array_keys($row);
fputcsv($ff, $fieldnames, ",");
$first = false;
}
$data = array();
foreach ($fieldnames as $k) {
if (isset($row[$k])) {
$data[] = $row[$k];
} else {
$data[] = "";
}
}
fputcsv($ff, $data);
}
fseek($ff, 0);
header('Content-Type: application/csv');
header('Content-Disposition: attachment; filename="Users_' . date("Y-m-d") . '.csv";');
fpassthru($ff);
}
function up()
{
$sql = "CREATE TABLE priority\n\t\t\t\t(\n\t\t\t\t\tid int2 primary key,\n\t\t\t\t\tname text\n\t\t\t\t)";
SqlAlterSchema($sql);
SqlQuery("insert into priority (id, name) values (1, 'Low')", array());
SqlQuery("insert into priority (id, name) values (2, 'Medium')", array());
SqlQuery("insert into priority (id, name) values (3, 'High')", array());
$sql = "ALTER TABLE request add column priority_id int2 references priority not null default 1";
SqlAlterSchema($sql);
}
function get_all_accounts()
{
$loc = rmabs(__FILE__ . ".get_all_accounts");
$sql = "SELECT UserID from Users";
$result = SqlQuery($loc, $sql);
while ($row = $result->fetch_assoc()) {
$aws[] = intval($row["UserID"]);
}
return $aws;
}
function GetWorkOrderPrereqInfo($userid)
{
$loc = "userlib.php->GetUserInfo";
$sql = 'SELECT * FROM UserView WHERE UserID=' . SqlClean($userid);
$result = SqlQuery($loc, $sql);
if ($result->num_rows != 1) {
return false;
}
$row = $result->fetch_assoc();
return $row;
}
function changeactive($wid, $active)
{
global $username;
$loc = rmabs(__FILE__ . ".changeactive");
$sql = 'UPDATE WorkOrders SET Active=' . intval($active) . ' WHERE WID=' . intval($wid);
$result = SqlQuery($loc, $sql);
$action = "archvied";
if ($active) {
$action = "resurrected";
}
return 'Work Order ' . intval($wid) . ' has been ' . $action . ' by ' . $username . '.';
}
function GetPicCaption($wid, $picid)
{
$loc = rmabs(__FILE__ . ".GetPicCaption");
if (empty($wid) || empty($picid)) {
return "";
}
$sql = 'SELECT * From AppendedData Where WID=' . intval($wid) . ' AND PicID=' . intval($picid);
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
return "";
}
$row = $result->fetch_assoc();
return $row["TextInfo"];
}
function delete_workorder($woinfo)
{
global $username;
$loc = rmabs(__FILE__ . ".delete_workorder");
$wid = $woinfo["WID"];
$sql = "DELETE FROM Assignments WHERE WID=" . intval($wid);
SqlQuery($loc, $sql);
$sql = "DELETE FROM AppendedData WHERE WID=" . intval($wid);
SqlQuery($loc, $sql);
$sql = "DELETE FROM WorkOrders WHERE WID=" . intval($wid);
SqlQuery($loc, $sql);
$widstr = WIDStr($wid, $woinfo["Revision"], $woinfo["IsApproved"]);
$msg = "Work Order " . $widstr . " deleted by " . $username . ".";
log_msg($loc, $msg);
return $msg;
}
function GetAllWorkers()
{
$loc = rmabs(__FILE__ . "GetAllWorkers");
$sql = 'SELECT * FROM AllActiveUsersView ORDER BY LastName, FirstName';
$result = SqlQuery($loc, $sql);
$d = array();
while ($row = $result->fetch_assoc()) {
$tags = ArrayFromSlashStr($row["Tags"]);
if (CheckArrayForEasyMatch($tags, "worker")) {
$row["AbbrivatedName"] = MakeAbbrivatedName($row);
$d[] = $row;
}
}
return $d;
}
function DeleteAllPrefsForUser($userid)
{
$loc = "preflib.php->DeleteAllPrefsForUser";
$sql = 'DELETE FROM Prefs WHERE UserID=' . intval($userid);
$result = SqlQuery($loc, $sql);
log_msg($loc, 'All preferences deleted successfully for user ' . intval($userid));
}
function graphsGetRanges($name) {
global $is_lbf, $pid, $table;
if ($is_lbf) {
// Like below, but for LBF data.
$ranges = sqlQuery("SELECT " .
"MAX(CONVERT(ld.field_value, SIGNED)) AS max_" . add_escape_custom($name) . ", " .
"MAX(UNIX_TIMESTAMP(f.date)) AS max_date, " .
"MIN(UNIX_TIMESTAMP(f.date)) AS min_date " .
"FROM forms AS f, lbf_data AS ld WHERE " .
"f.pid = ? AND " .
"f.formdir = ? AND " .
"f.deleted = 0 AND " .
"ld.form_id = f.form_id AND " .
"ld.field_id = ? AND " .
"ld.field_value != '0'",
array($pid, $table, $name));
}
else {
$ranges = SqlQuery("SELECT " .
"MAX(CONVERT(" . add_escape_custom($name) . ",SIGNED)) AS " .
"max_" . add_escape_custom($name) . ", " .
"MAX(UNIX_TIMESTAMP(date)) as max_date, " .
"MIN(UNIX_TIMESTAMP(date)) as min_date " .
"FROM " . add_escape_custom($table) . " " .
"WHERE " . add_escape_custom($name) . " != 0 " .
"AND pid = ?", array($pid));
}
return $ranges;
}
function GetPicIDForUserID($userid)
{
$loc = 'piclib.php->GetPicIDForUserID';
$sql = 'SELECT PicID From UserPics WHERE UserID=' . intval($userid);
$result = SqlQuery($loc, $sql);
while ($row = $result->fetch_assoc()) {
$picid = $row["PicID"];
return $picid;
}
return 0;
}
function MakeGifImages()
{
$loc = 'badges_showall.php->MakeAllBadges';
$sql = 'SELECT * FROM UserView ORDER BY BadgeID';
$result = SqlQuery($loc, $sql);
$nempty = 0;
$nmade = 0;
$nfail = 0;
while ($row = $result->fetch_assoc()) {
if ($row["Active"] == false) {
continue;
}
$tags = ArrayFromSlashStr($row["Tags"]);
if (!in_array("member", $tags)) {
continue;
}
$badgeid = $row["BadgeID"];
if (empty($badgeid)) {
$nempty++;
continue;
}
$r = MakeGif($row);
if ($r === true) {
$nmade++;
} else {
$nfail++;
}
}
$status = 'Images Made: ' . $nmade . ', Members without BadgeIDs: ' . $nempty;
if ($nfail > 0) {
$status .= ', Failures: ' . $nfail . '. (See sys log!)';
}
log_msg($loc, array('All gif images made!', $status));
return $status;
}
function ShowRawScans($badgeid)
{
$loc = "attendance_user.php->ShowRawScans()";
$sql = 'SELECT * from RawScans WHERE BadgeID="' . $badgeid . '"';
$result = SqlQuery($loc, $sql);
while ($row = $result->fetch_assoc()) {
echo '<div style="display: block; height: 20px; ">';
echo '<br>' . "\n";
echo '<div style="float: left; width: 180px;">';
echo $row["ScanTime"];
echo '</div>' . "\n";
$dir = "";
if ($row["Direction"] == 0) {
$dir = "Scan In";
}
if ($row["Direction"] == 1) {
$dir = "Scan Out";
}
if ($row["Direction"] == 2) {
$dir = "?";
}
echo '<div style="float: left; width: 100px;">';
echo $dir;
echo '</div>' . "\n";
echo '<div style="float: left; width: 80px;">';
echo $row["Flags"];
echo '</div>' . "\n";
echo '<div style="clear: both;"></div>' . "\n";
echo '</div>';
}
}
function down()
{
SqlQuery("drop table entry");
SqlQuery("drop table project");
SqlQuery("drop table person");
}
exit;
}
// If blood pressure, then collect the other reading to allow graphing both in same graph
$isBP = 0;
if ($name == "bps" || $name == "bpd") {
// Set BP flag and collect other pressure reading
$isBP = 1;
if ($name == "bps") {
$name_alt = "bpd";
}
if ($name == "bpd") {
$name_alt = "bps";
}
// Collect the pertinent vitals and ranges.
$values_alt = SqlStatement("SELECT " . add_escape_custom($name_alt) . ", " . "UNIX_TIMESTAMP(date) as unix_date " . "FROM " . add_escape_custom($table) . " " . "WHERE pid=? ORDER BY date", array($pid));
$ranges_alt = SqlQuery("SELECT MAX(CONVERT(" . add_escape_custom($name_alt) . ",SIGNED)) AS " . "max_" . add_escape_custom($name_alt) . ", " . "MAX(UNIX_TIMESTAMP(date)) as max_date, " . "MIN(UNIX_TIMESTAMP(date)) as min_date " . "FROM " . add_escape_custom($table) . " " . "WHERE pid=?", array($pid));
}
// Prepare look and feel of data points
$s = new scatter_line('#DB1750', 2);
$def = new hollow_dot();
$def->size(4)->halo_size(3)->tooltip('#val#<br>#date:Y-m-d H:i#');
$s->set_default_dot_style($def);
if ($isBP) {
//set up the other blood pressure line
$s_alt = new scatter_line('#0000FF', 2);
$s_alt->set_default_dot_style($def);
}
// Prepare and insert data
$data = array();
while ($row = sqlFetchArray($values)) {
if ($row["{$name}"]) {
<?php
if ($_POST['add']) {
//validate
$pat = "^[a-z]{2}\$";
if (!check_pattern($_POST['lang_code'], $pat)) {
echo htmlspecialchars(xl("Code must be two letter lowercase"), ENT_NOQUOTES) . '<br>';
$err = 'y';
}
$sql = "SELECT * FROM lang_languages WHERE lang_code LIKE ? or lang_description LIKE ? limit 1";
$res = SqlQuery($sql, array("%" . $_POST['lang_code'] . "%", "%" . $_POST['lang_name']));
if ($res) {
echo htmlspecialchars(xl("Data Alike is already in database, please change code and/or description"), ENT_NOQUOTES) . '<br>';
$err = 'y';
}
if ($err == 'y') {
$val_lang_code = $_POST['lang_code'];
$val_lang_name = $_POST['lang_name'];
} else {
//insert into the main table
$sql = "INSERT INTO lang_languages SET lang_code=?, lang_description=?";
SqlStatement($sql, array($_POST['lang_code'], $_POST['lang_name']));
//insert into the log table - to allow persistant customizations
insert_language_log($_POST['lang_name'], $_POST['lang_code'], '', '');
echo htmlspecialchars(xl('Language definition added'), ENT_NOQUOTES) . '<br>';
}
}
?>
<TABLE>
<FORM name="lang_form" METHOD=POST ACTION="?m=language" onsubmit="return top.restoreSession()">
function down()
{
SqlQuery("drop table session_exercise");
SqlQuery("drop table session");
SqlQuery("drop table exercise");
}
function GetSqlTable($tablename, $filter = "")
{
$loc = "databaselib.php->GetSqlTable";
$sql = "SELECT * FROM " . $tablename;
if (!empty($filter)) {
$sql .= ' ' . $filter;
}
$result = SqlQuery($loc, $sql);
$table = array();
while ($row = $result->fetch_assoc()) {
$table[] = $row;
}
return $table;
}
}
a:visited {
color: <?php
echo $font_color;
?>
;
}
a:active {
color: <?php
echo $font_color;
?>
;
}
a:hover {
color: <?php
echo $font_color;
?>
;
}
</style>
</head>
<body bgcolor = "<?php
echo $bgcolor;
?>
">
<?php
SqlQuery();
?>
</body>
</html>
function StoreEvent($fields)
{
$loc = 'readerlib.php=>StoreEvent';
$sql = 'INSERT INTO EventTimes (Name, StartTime, EndTime, Type, Purpose) ';
$sql .= 'VALUES (';
$sql .= ' "' . SqlClean($fields["Name"]) . '"';
$sql .= ', "' . SqlClean($fields["StartTime"]) . '"';
$sql .= ', "' . SqlClean($fields["EndTime"]) . '"';
$sql .= ', "' . SqlClean($fields["Type"]) . '"';
$sql .= ', "' . SqlClean($fields["Purpose"]) . '"';
$sql .= ')';
SqlQuery($loc, $sql);
}
<?php
require_once "language.inc.php";
if ($_POST['add']) {
//validate
if ($_POST['constant_name'] == "") {
echo htmlspecialchars(xl('Constant name is blank'), ENT_NOQUOTES) . '<br>';
$err = 'y';
}
$sql = "SELECT * FROM lang_constants WHERE constant_name=? limit 1";
$res = SqlQuery($sql, array($_POST['constant_name']));
if ($res) {
echo htmlspecialchars(xl('Data Alike is already in database, please change constant name'), ENT_NOQUOTES) . '<br>';
$err = 'y';
}
if ($err == 'y') {
$val_constant = $_POST['constant_name'];
} else {
//insert into the main table
$sql = "INSERT INTO lang_constants SET constant_name=?";
SqlStatement($sql, array($_POST['constant_name']));
//insert into the log table - to allow persistant customizations
insert_language_log('', '', $_POST['constant_name'], '');
echo htmlspecialchars(xl('Constant', '', '', ' ') . $_POST['constant_name'] . xl('added', '', ' '), ENT_NOQUOTES) . '<br>';
}
// echo "$sql here ";
}
?>
<TABLE>
<FORM name="cons_form" METHOD=POST ACTION="?m=constant" onsubmit="return top.restoreSession()">
if ($author != "") {
$sql = "SELECT FirstName, LastName FROM Users WHERE UserID = " . $author;
$result = SqlQuery($loc, $sql);
if ($row = $result->fetch_assoc()) {
$authorName = $row["FirstName"] . " " . $row["LastName"];
}
}
if (isset($_SESSION["ERROR"])) {
$error_msg = $_SESSION["ERROR"];
$sql = "SELECT * FROM ActiveWorkOrders";
} else {
$sql = CreateFilterSQL($filters);
}
/* lib function that returns filtering SQL Query */
//print $sql; /*used for testing*/
$filterresult = SqlQuery($loc, $sql);
$pagetitle = "";
$pagetext = "";
if ($sql != "") {
if ($view == "full") {
$tableheader = array("WO", "Title", "Receiving IPT", "DateNeeded", "CAP", "AP", "AS", "F ", "C");
} else {
$tableheader = array("WO", "Title", "Receiving IPT", "DateNeeded");
}
$tabledata = array();
while ($row = $filterresult->fetch_assoc()) {
$wid = $row["WID"];
$rev = $row["Revision"];
$app = $row["Approved"] || $row["ApprovedByCap"];
$woname = WIDStrHtml($wid, $rev, $app);
unset($dd);
function UpdateUser($param_list, $userid = 0)
{
global $config;
$loc = "userlib.php->UpdateUser";
$pwchanged = false;
$fields = array(array("LastName", "str"), array("FirstName", "str"), array("PasswordHash", "str"), array("NickName", "str"), array("Title", "str"), array("BadgeID", "str"), array("Email", "str"), array("Tags", "str"), array("Active", "bool"));
if ($userid != 0) {
$sql = "SELECT * FROM Users WHERE UserID=" . intval($userid);
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
$error_msg = "Unable to update user. UserID=" . intval($userid) . " not found.";
log_msg($loc, $error_msg);
return $error_msg;
}
} else {
if (!IsFieldInParamList("UserName", $param_list)) {
$error_msg = 'Unable to update user. No UserName or UserID Given.';
log_msg($loc, $error_msg);
return $error_msg;
}
$username = GetValueFromParamList($param_list, "UserName");
$sql = 'SELECT * FROM Users WHERE UserName="******"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
$error_msg = 'Unable to update user. UserName="******" not found.';
log_msg($loc, $error_msg);
return $error_msg;
}
$row = $result->fetch_assoc();
$userid = intval($row["UserID"]);
}
// If the BadgeID is being changed we need to make sure its not a duplicate.
if (IsFieldInParamList("BadgeID", $param_list)) {
$badgeid = GetValueFromParamList($param_list, "BadgeID");
if (!blank($badgeid)) {
if (!VerifyBadgeFormat($badgeid)) {
$error_msg = 'Unable to update user. Bad Format for BadgeID. Must be in form of "A000".';
log_msg($loc, $error_msg);
return $error_msg;
}
$sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"';
$result = SqlQuery($loc, $sql);
while ($row = $result->fetch_assoc()) {
if ($row["UserID"] != $userid) {
$error_msg = 'Unable to update user. BadgeID ' . $badgeid . ' already in use.';
log_msg($loc, $error_msg);
return $error_msg;
}
}
}
}
// At this point, move all values into a seperate array, but treat password special.
$data = array();
$c = 0;
foreach ($param_list as $param_spec) {
if (!isset($param_spec["FieldName"])) {
continue;
}
if (!isset($param_spec["Value"])) {
continue;
}
if ($param_spec["FieldName"] == "Password") {
$pw = $param_spec["Value"];
if (empty($pw)) {
continue;
}
$v = crypt($pw, $config["Salt"]);
$pwchanged = true;
$fn = "PasswordHash";
$data[$fn] = $v;
$c++;
continue;
}
$fn = $param_spec["FieldName"];
$v = $param_spec["Value"];
$data[$fn] = $v;
$c++;
}
if ($c <= 0) {
$error_msg = "Unable to update user. UserID=" . intval($userid) . ". Nothing to update.";
log_msg($loc, $error_msg);
return $error_msg;
}
// At this point, we have a userid that we can count on, and the data.
$sql = 'UPDATE Users SET ';
$sql .= GenerateSqlSet($data, $fields);
$sql .= " WHERE UserID=" . intval($userid);
SqlQuery($loc, $sql);
$msg = 'Info for User ' . $userid . ' updated by ' . GetUserName() . '. ';
if ($pwchanged) {
$msg .= '(Including a password change.)';
}
log_msg($loc, $msg);
return true;
}
// Created: 11/10/15 SS
// --------------------------------------------------------------------
require_once "libs/all.php";
session_start();
log_page();
CheckLogin();
CheckEditor();
$loc = 'workorders_listids.php';
$timer = new Timer();
include "forms/header.php";
include "forms/navform.php";
include "forms/workorders_menubar.php";
echo '<div class="content_area">';
echo '<h2>List of Known Work Order IDs</h2>';
$sql = 'SELECT * FROM WorkOrders ORDER BY DateNeeded';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
// output data of each row
echo "<br>\n";
echo '<table class="members_userlist">' . "\n<tr>\n";
echo "<th align=left width=80><u>WorkOrder ID</u></th>";
echo "<th align=left width=200><u>Name</u></th>";
echo "<th align=left width=200><u>Due Date</u></th>";
echo "<th align=left width=200><u>Requesting Approval</u></th>";
echo "<th align=left width=200><u>Receiving Approval</u></th>";
echo "<th align=left width=200><u>Office Approval</u></th>";
// echo "<th align=left width=200><u>Completed?</u></th>";
while ($row = $result->fetch_assoc()) {
$WorkOrderID = $row["WorkOrderID"];
$WorkOrderName = $row["WorkOrderName"];
echo "\n<tr>";
public function LoadData($tn)
{
$this->tn = $tn;
$sql = 'SELECT Distinct ScoutID FROM RawTeamInfo WHERE TeamNumber=' . intval($tn);
$result = SqlQuery($this->loc, $sql);
$this->Scouts = array();
while ($row = $result->fetch_assoc()) {
$id = intval($row["ScoutID"]);
$info = GetUserInfo($id);
$this->Scouts[] = $info;
}
$sql = 'SELECT PicID FROM TeamPics WHERE TeamNumber=' . intval($tn);
$result = SqlQuery($this->loc, $sql);
$this->PicIDs = array();
while ($row = $result->fetch_assoc()) {
$this->PicIDs[] = intval($row["PicID"]);
}
$data = GetTeamInfo($tn);
if (isset($data["BestPicID"])) {
$this->BestPicID = $data["BestPicID"];
}
if (isset($data["NickName"])) {
$this->NickName = $data["NickName"];
}
}
