function genSetNewBatch()
{
$this->db = Staple_DB::get();
$user = new userModel();
$userId = $user->getId();
$oldKey = $user->getBatchId();
$key = sha1(time() . $user->getUsername() . rand(999, 9999999999.0));
//Check if key exists
$sql = "SELECT id FROM accounts WHERE batchId = '" . $this->db->real_escape_string($key) . "'";
if ($this->db->query($sql)->fetch_row() > 0) {
//Key already in use
return false;
} else {
//Set new key in user account
$sql = "UPDATE accounts SET batchId='" . $this->db->real_escape_string($key) . "' WHERE id={$userId}";
if ($this->db->query($sql)) {
//Log Audit
$audit = new auditModel();
$audit->setAction('Timesheet Validation');
$audit->setUserId($userId);
$audit->setItem('Batch: ' . $oldKey);
$audit->save();
return true;
} else {
return false;
}
}
}
function adminSave()
{
if (isset($this->userId)) {
//Check for current account.
$currentUser = new userModel();
if ($this->userId != $currentUser->getId()) {
$inTime = strtotime($this->getDate() . " " . $this->getInTime());
$outTime = strtotime($this->getDate() . " " . $this->getOutTime());
$sql = "\n INSERT INTO timeEntries\n (userId,inTime,outTime,lessTime,codeId,note,batchId)\n VALUES (\n '" . $this->db->real_escape_string($this->userId) . "',\n '" . $this->db->real_escape_string($inTime) . "',\n '" . $this->db->real_escape_string($outTime) . "',\n '" . $this->db->real_escape_string($this->lessTime) . "',\n '" . $this->db->real_escape_string($this->codeId) . "',\n '" . $this->db->real_escape_string($this->note) . "',\n '" . $this->db->real_escape_string("ADMIN ADD") . "'\n )\n ";
if ($this->db->query($sql)) {
$user = new userModel();
$audit = new auditModel();
$audit->setUserId($this->userId);
$audit->setAction('Admin Entry Add');
$audit->setItem($user->getUsername() . " added entry for " . $this->getDate() . ". In Time: " . $this->inTime . "/Out Time: " . $this->outTime . "");
$audit->save();
return true;
}
}
}
}
function resetPin($id)
{
$pin = $this->generatePin();
$this->tempPin = $pin;
$sql = "UPDATE accounts SET pin='" . $this->db->real_escape_string(sha1($pin)) . "' WHERE id = '" . $this->db->real_escape_string($id) . "'";
if ($this->db->query($sql)) {
$account = new userModel();
$userInfo = $account->userInfo($id);
$audit = new auditModel();
$audit->setUserId($userInfo['id']);
$audit->setAction('PIN Reset');
$audit->setItem($account->getUsername() . " reset users PIN.");
$audit->save();
return true;
}
}
function save()
{
if (isset($this->accountId) && isset($this->payPeriodYear) && isset($this->payPeriodMonth)) {
//Get current users ID.
$user = new userModel();
$supervisorId = $user->getId();
$supervisorName = $user->getUsername();
$sql = "INSERT INTO timesheetReview (accountId, payPeriodMonth, payPeriodYear, supervisorId) VALUES ('" . $this->db->real_escape_string($this->accountId) . "','" . $this->db->real_escape_string($this->payPeriodMonth) . "','" . $this->db->real_escape_string($this->payPeriodYear) . "','" . $this->db->real_escape_string($supervisorId) . "')";
if ($this->db->query($sql)) {
$employeeUser = new userModel();
$details = $employeeUser->userInfo($this->accountId);
$month = $this->payPeriodMonth;
$dateObj = DateTime::createFromFormat('!m', $month);
$monthName = $dateObj->format('F');
$audit = new auditModel();
$audit->setUserId($this->accountId);
$audit->setAction('Timesheet Review');
$audit->setItem($supervisorName . " reviewed " . $details['username'] . " timesheet for " . $monthName . " " . $this->payPeriodYear);
$audit->save();
return true;
}
}
}
function loadExpired()
{
$user = new userModel();
$uid = $user->getId();
$sql = "SELECT * FROM privateMessages WHERE sentId = '" . $this->db->real_escape_string($uid) . "' AND expireDate <= CURRENT_TIMESTAMP ORDER BY postDate DESC";
$query = $this->db->query($sql);
$data = array();
while ($row = $query->fetch_assoc()) {
$message = array();
$message['id'] = $row['id'];
$message['message'] = $row['message'];
$message['expireDate'] = $row['expireDate'];
$message['postDate'] = $row['postDate'];
$user = new userModel();
$message['sendId'] = $user->getUsername();
$sentTo = $user->userInfo($row['userId']);
$message['sentTo'] = $sentTo['firstName'] . " " . $sentTo['lastName'];
$message['reviewDate'] = $row['reviewDate'];
$message['reviewed'] = $row['reviewed'];
$data[] = $message;
}
return $data;
}