Example #1
0
        $error_msg .= "Name was not recognized. Please re-enter your name.\n";
        unset($_SESSION['authenticated']);
    }
}
if ($empfullname) {
    $u_empfullname = rawurlencode($empfullname);
    $h_empfullname = htmlentities($empfullname);
    $h_name_header = $show_display_name == 'yes' ? htmlentities(get_employee_name($empfullname)) : $h_empfullname;
}
// Authorize employee
$authorized = isset($_SESSION['authenticated']) ? $_SESSION['authenticated'] == $empfullname : false;
if (!$authorized) {
    $_SESSION['login_title'] = "";
    $_SESSION['login_error_msg'] = $error_msg;
    $_SESSION['login_return_url'] = $_SERVER['REQUEST_URI'];
    exit_next("login.php" . ($u_empfullname ? "?emp={$u_empfullname}" : ''));
}
////////////////////////////////////////
if ($authorized && isset($_POST['inout'])) {
    // Post employee time.
    $inout = $_POST['inout'];
    $q_inout = mysql_real_escape_string($inout);
    $h_inout = htmlentities($inout);
    $notes = isset($_POST['notes']) ? $_POST['notes'] : '';
    $q_notes = mysql_real_escape_string($notes);
    $h_notes = htmlentities($notes);
    $q_empfullname = mysql_real_escape_string($empfullname);
    // Validate and get inout display color.
    $query = "select color from " . $db_prefix . "punchlist where punchitems = '{$q_inout}'";
    $punchlist_result = mysql_query($query);
    $inout_color = mysql_result($punchlist_result, 0, 0);
Example #2
0
// no employee specified
$h_empfullname = htmlentities($empfullname);
$u_empfullname = rawurlencode($empfullname);
$displayname = get_employee_name($empfullname);
$h_displayname = htmlentities($displayname);
$name_header = $show_display_name == 'yes' ? $h_displayname : $h_empfullname;
// Process form submission.
if ($old_password) {
    // Validate password
    if (is_valid_password($empfullname, $old_password)) {
        // Check if new password is same as confirm password entry
        if ($new_password === $confirm_password) {
            // Save password.
            if (save_employee_password($empfullname, $new_password)) {
                $_SESSION['authenticated'] = $empfullname;
                exit_next("entry.ajax.php?emp={$u_empfullname}");
            } else {
                print error_msg("Cannot save your new password. " . mysql_error());
            }
        } else {
            print error_msg("Your new password and the confirm password do not match.<br/>Please re-enter and confirm your new password.");
        }
    } else {
        print error_msg("Password is incorrect. Please try again.");
    }
}
// Forgot password form.
if ($forgot_password) {
    print <<<End_Of_HTML

<div id="password_change_form">
Example #3
0
  <tr><td class=table_rows height=25 width=20% style='padding-left:32px;' nowrap>Password:</td>
      <td colspan=2 width=80% style='color:red;font-family:Tahoma;font-size:10px;'>
\t  <input type='password' size='25' maxlength='50' name='password' value="" />&nbsp;*</td></tr>
  <tr><td class=table_rows height=25 width=20% style='padding-left:32px;' nowrap colspan="3">
\t<a href="password.php?forgot_password&emp={$u_empfullname}">Forgot your password</a>
        &nbsp;&nbsp;
\t<a href="password.php?emp={$u_empfullname}">Change your password</a></td></tr>
  <tr><td height=15 colspan="3">&nbsp;</td></tr>
  <tr><td class=table_rows align=right colspan=3 style='color:red;font-family:Tahoma;font-size:10px;'>*&nbsp;required&nbsp;</td></tr>
</table>
<table align=center width=100% border=0 cellpadding=0 cellspacing=3 class="buttons">
  <tr><td width=30><input type='image' name='submit' value='Next' align='middle' src='{$TIMECLOCK_URL}/images/buttons/next_button.png' /></td>
      <td><a href='?emp='><img src='{$TIMECLOCK_URL}/images/buttons/cancel_button.png' border='0' /></a></td></tr>
</table>
<input type="hidden" name="empfullname" value="{$h_empfullname}" />
</form>
</div>
End_Of_HTML;
        include 'footer.php';
        exit;
    }
}
////////////////////////////////////////
// Successful login
$_SESSION['authenticated'] = $empfullname;
$return_url = preg_replace('/\\bemp(fullname)?=.*?&(.*)$/', '$2', $return_url);
// remove possible emp= from url
$return_url .= (preg_match('/[?]/', $return_url) ? '&' : '?') . "emp=" . rawurlencode($empfullname);
// add emp= argument to url
exit_next($return_url);