function mainLogic()
{
global $debugMode, $option, $requestCategory, $optionValue, $serverName;
//$category = $data[4];
switch ($option) {
case "newEntry":
if ($debugMode == "on") {
echo "Calling newEntryPass()";
}
newEntryForm();
break;
case "newEntryForm":
if ($debugMode == "on") {
echo "Calling newEntryForm()";
}
newEntryForm();
break;
case "newEntrySubmit":
newEntrySubmit();
break;
case "newEntrySuccess":
newEntrySuccess();
break;
case "mainPage":
$requestCategory = '';
listPosts();
$referrer = $serverName . $_SERVER['REQUEST_URI'];
$_SESSION['referrer'] = $referrer;
break;
case "adminPage":
adminPage();
break;
case "adminPageBasic":
if ($debugMode == "on") {
echo "adminPageBasic " . $_POST['process'] . "<br>";
}
adminPageBasic();
break;
case "adminPageBasicSubmit":
if ($debugMode == "on") {
echo "adminPageBasicSubmit " . $_POST['process'] . "<br>";
}
adminPageBasicSubmit();
break;
case "adminPageAdvanced":
if ($debugMode == "on") {
echo "adminPageAdvanced " . $_POST['process'] . "<br>";
}
adminPageAdvanced();
break;
case "adminPageAdvancedSubmit":
if ($debugMode == "on") {
echo "adminPageAdvancedSubmit " . $_POST['process'] . "<br>";
}
adminPageAdvancedSubmit();
break;
case "adminPageAuthors":
if ($debugMode == "on") {
echo "adminPageAuthors " . $_POST['process'] . "<br>";
}
adminPageAuthors();
break;
case "adminAuthorsAdd":
if ($debugMode == "on") {
echo "adminAuthorsAdd " . $_POST['process'] . "<br>";
}
adminAuthorsAdd();
break;
case "adminAuthorsEdit":
if ($debugMode == "on") {
echo "adminAuthorsEdit " . $_POST['process'] . "<br>";
}
adminAuthorsEdit();
break;
case "adminPluginsSubmit":
case "adminPagePlugins":
adminPagePlugins();
break;
case "adminPageModerate":
case "adminModerateSubmit":
adminPageModerate();
break;
case "deleteEntry":
if ($debugMode == "on") {
echo "deleteEntry " . $_POST['process'] . "<br>";
}
//deleteEntrySubmit();
if ($_POST['process'] !== "deleteEntrySubmit") {
deleteEntryForm();
} else {
deleteEntrySubmit();
}
break;
case "editEntry":
if ($debugMode == "on") {
echo "editEntry " . $_POST['process'] . "<br>";
}
editEntryForm();
$referrer = $serverName . $_SERVER['REQUEST_URI'];
$_SESSION['referrer'] = $referrer;
break;
case "editEntryForm":
editEntryForm();
break;
case "editEntrySubmit":
editEntrySubmit();
break;
case "posts":
viewEntry();
break;
case "archives":
viewArchive();
break;
case "month":
viewArchiveMonth();
break;
case "category":
$requestCategory = $optionValue;
listPosts();
$referrer = $serverName . $_SERVER['REQUEST_URI'];
$_SESSION['referrer'] = $referrer;
break;
case "searchPosts":
searchPosts();
break;
case "sendComment":
sendComment();
break;
case "sendCommentSuccess":
sendCommentSuccess();
break;
case "listAllComments":
listAllComments();
break;
case "deleteComment":
if ($debugMode == "on") {
echo "deleteEntry " . $_POST['process'] . "<br>";
}
$process = isset($_POST['process']) ? $_POST['process'] : "";
if ($process !== "deleteCommentSubmit") {
deleteCommentForm();
} else {
deleteCommentSubmit();
}
break;
case "loginPage":
loginPage();
break;
case "logoutPage":
logoutPage();
break;
case "registerPage":
registerPage();
break;
case "registerPageSubmit":
registerPageSubmit();
break;
case "forgotPass":
forgotPass();
break;
case "forgotPassSubmit":
forgotPassSubmit();
break;
case "activation":
activation();
break;
case "myProfile":
myProfile();
break;
case "myProfileSubmit":
myProfileSubmit();
break;
case "pluginFunction1":
pluginFunction1();
break;
case "pluginFunction2":
pluginFunction2();
break;
case "pluginFunction3":
pluginFunction3();
break;
case "pluginFunction4":
pluginFunction4();
break;
case "pluginFunction5":
pluginFunction5();
break;
}
}
function employeePage()
{
// User is not logging out
if (!isset($_POST['logout_button'])) {
$name = $_SESSION['username'];
print "<div style='text-align:right'>Welcome {$name} </div>";
//Separate Form, Logout button would be prioritized for enter after typing into fields.
print "<form method=\"POST\">";
print "<div align=\"right\"><input type=\"submit\" name=\"logout_button\" value=\"Logout\" /></div>";
print "</form>";
// open connection
$con = mysqli_connect($GLOBALS['host'], $GLOBALS['user'], $GLOBALS['pass'], $GLOBALS['db']);
$result = NULL;
// handle various different buttons
if (isset($_POST['addButton'])) {
// Generate a unique employee id
$EmpID;
$temp_result;
do {
$empID = rand(10000000, 99999999);
$temp_result = mysqli_query($con, "SELECT * FROM `employees` WHERE `Employee_ID`=" . $empID);
} while (mysqli_fetch_array($temp_result) == TRUE);
// Display text boxes
print "<h1>Add New Employee</h1>";
print "</br><form method=\"POST\"><div align=\"left\">";
print "Employee ID: " . $empID;
print "<input name=\"id\" type=\"hidden\" value=" . $empID . " /> </br>";
print "First Name: <input name=\"first\" type=\"text\" /></br>";
print "Last Name: <input name=\"last\" type=\"text\" /> </br>";
print "Gender (M/F): <input name=\"gender\" type=\"text\" maxlength=\"1\" size=\"1\" /> </br>";
print "Date Started: <input name=\"s_year\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"YYYY\" /> - " . "<input name=\"s_month\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"MM\" /> - " . "<input name=\"s_day\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"DD\" /> </br>";
print "Date Ended: <input name=\"e_year\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"YYYY\" /> - " . "<input name=\"e_month\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"MM\" /> - " . "<input name=\"e_day\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"DD\" /> </br>";
print "Social Security Number: <input name=\"ssn1\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"123\" /> - " . "<input name=\"ssn2\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"45\" /> - " . "<input name=\"ssn3\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"6789\" /> </br>";
print "Bank Number: <input name=\"bank\" type=\"text\" maxlength=\"9\" size=\"9\" /> </br>";
print "Address: <input name=\"address\" type=\"text\" /> </br>";
print "Phone Number (<input name=\"phone1\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"000\" />) " . "<input name=\"phone2\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"123\" /> - " . "<input name=\"phone3\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"4567\" /> </br>";
print "<input type=\"submit\" name=\"createSubmit\" value=\"Submit\" />";
print "<input type=\"submit\" name=\"cancel\" value=\"Cancel\" /></div></form>";
print "<hr></br>";
} elseif (isset($_POST['createSubmit'])) {
// format date, ssn and phone number for insertion
$start = $_POST['s_year'] . "-" . $_POST['s_month'] . "-" . $_POST['s_day'];
$end = $_POST['e_year'] . "-" . $_POST['e_month'] . "-" . $_POST['e_day'];
$ssn = $_POST['ssn1'] . "-" . $_POST['ssn2'] . "-" . $_POST['ssn3'];
$phone = "(" . $_POST['phone1'] . ") " . $_POST['phone2'] . "-" . $_POST['phone3'];
// generate username and password from name
$userpass = $_POST['last'] . $_POST['first'][0];
$query1 = "INSERT INTO `employees`(`Employee_ID`, `First_Name`, `Last_Name`, `Gender`, ";
$query1 .= "`Date_Started_Employment`, `Date_Left_Employment`) VALUES ('" . $_POST['id'] . "', '" . $_POST['first'] . "', '" . $_POST['last'];
$query1 .= "', '" . $_POST['gender'] . "', '" . $start . "', '" . $end . "')";
$query2 = "INSERT INTO `employee_private`(`Employee_ID`, `Employee_Username`, `Employee_Password`, ";
$query2 .= "`Employee_SSN`, `Employee_Bank`, `Employee_Address`, `Employee_Phone`) VALUES ";
$query2 .= "('" . $_POST['id'] . "', '" . $userpass . "', '" . $userpass . "', '" . $ssn . "', '" . $_POST['bank'];
$query2 .= "', '" . $_POST['address'] . "', '" . $phone . "')";
if (mysqli_query($con, $query1) && mysqli_query($con, $query2)) {
print "Successfully Created Information. </BR>";
} else {
print mysqli_error($con) . "</BR>";
print "Error! Unsuccessful Creation.</BR>";
}
} elseif (isset($_POST['editButton'])) {
$result1 = mysqli_query($con, "Select * FROM `employees` WHERE `Employee_ID`='" . $_POST['editButton'] . "'");
$result2 = mysqli_query($con, "Select * FROM `employee_private` WHERE `Employee_ID`='" . $_POST['editButton'] . "'");
if (($info1 = mysqli_fetch_array($result1)) && ($info2 = mysqli_fetch_array($result2))) {
// prepare dates, ssn and phone numbers for multiple html text boxes
$start = $info1['Date_Started_Employment'];
$s_year = substr($start, 0, 4);
$s_month = substr($start, 5, 2);
$s_day = substr($start, 8, 2);
$end = $info1['Date_Left_Employment'];
$e_year = substr($end, 0, 4);
$e_month = substr($end, 5, 2);
$e_day = substr($end, 8, 2);
$ssn = $info2['Employee_SSN'];
$ssn1 = substr($ssn, 0, 3);
$ssn2 = substr($ssn, 4, 2);
$ssn3 = substr($ssn, 7, 4);
$phone = $info2['Employee_Phone'];
$phone1 = substr($phone, 1, 3);
$phone2 = substr($phone, 6, 3);
$phone3 = substr($phone, 10, 4);
print "<h1>Edit Employee</h1>";
print "</br><form method=\"POST\"><div align=\"left\">";
print "Employee ID: " . $info1['Employee_ID'];
print "<input name=\"id\" type=\"hidden\" value=" . $info1['Employee_ID'] . " /> </br>";
print "First Name: <input name=\"first\" type=\"text\" value=\"" . $info1['First_Name'] . "\" /> </br>";
print "Last Name: <input name=\"last\" type=\"text\" value=\"" . $info1['Last_Name'] . "\" /> </br>";
print "Gender (M/F): <input name=\"gender\" type=\"text\" maxlength=\"1\" size=\"1\" value=\"" . $info1['Gender'] . "\" /> </br>";
print "Date Started: <input name=\"s_year\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"YYYY\" value=\"" . $s_year . "\" /> - " . "<input name=\"s_month\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"MM\" value=\"" . $s_month . "\" /> - " . "<input name=\"s_day\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"DD\" value=\"" . $s_day . "\" /> </br>";
print "Date Ended: <input name=\"e_year\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"YYYY\" value=\"" . $e_year . "\" /> - " . "<input name=\"e_month\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"MM\" value=\"" . $e_month . "\" /> - " . "<input name=\"e_day\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"DD\" value=\"" . $e_day . "\" /> </br>";
print "Social Security Number: <input name=\"ssn1\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"123\" value=\"" . $ssn1 . "\" /> - " . "<input name=\"ssn2\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"45\" value=\"" . $ssn2 . "\" /> - " . "<input name=\"ssn3\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"6789\" value=\"" . $ssn3 . "\" /> </br>";
print "Bank Number: <input name=\"bank\" type=\"text\" maxlength=\"9\" size=\"9\" value=\"" . $info2['Employee_Bank'] . "\" /> </br>";
print "Address: <input name=\"address\" type=\"text\" value=\"" . $info2['Employee_Address'] . "\" /> </br>";
print "Phone Number (<input name=\"phone1\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"000\" value=\"" . $phone1 . "\" />) " . "<input name=\"phone2\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"123\" value=\"" . $phone2 . "\" /> - " . "<input name=\"phone3\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"4567\" value=\"" . $phone3 . "\" /> </br>";
print "<input type=\"submit\" name=\"editSubmit\" value=\"Submit\" />";
print "<input type=\"submit\" name=\"cancel\" value=\"Cancel\" /></div></form>";
print "<hr></br>";
}
} elseif (isset($_POST['editSubmit'])) {
// prepare dates, ssn and phone number
$start = $_POST['s_year'] . "-" . $_POST['s_month'] . "-" . $_POST['s_day'];
$end = $_POST['e_year'] . "-" . $_POST['e_month'] . "-" . $_POST['e_day'];
$ssn = $_POST['ssn1'] . "-" . $_POST['ssn2'] . "-" . $_POST['ssn3'];
$phone = "(" . $_POST['phone1'] . ") " . $_POST['phone2'] . "-" . $_POST['phone3'];
//prepare update query for employees table
$query1 = "UPDATE `employees` SET `First_Name`='" . $_POST['first'] . "',`Last_Name`='" . $_POST['last'] . "'";
$query1 .= ",`Gender`='" . $_POST['gender'] . "',`Date_Started_Employment`='" . $start . "'";
$query1 .= ",`Date_Left_Employment`='" . $end . "' WHERE `Employee_ID`='" . $_POST['id'] . "'";
//prepare update query for employee_private table
$query2 = "UPDATE `employee_private` SET `Employee_SSN`='" . $ssn . "',`Employee_Bank`='" . $_POST['bank'] . "',";
$query2 .= "`Employee_Address`='" . $_POST['address'] . "',`Employee_Phone`='" . $phone . "' WHERE `Employee_ID`='" . $_POST['id'] . "'";
if (mysqli_query($con, $query1) && mysqli_query($con, $query2)) {
print "Successfully Edited Information. </BR>";
} else {
print mysqli_error($con) . "</BR>";
print "Error! Unsuccessful Edit.</BR>";
}
} elseif (isset($_POST['cancel'])) {
} elseif (isset($_POST['deleteButton'])) {
if (mysqli_query($con, "DELETE FROM employees WHERE `Employee_ID`='" . $_POST['deleteButton'] . "'") == TRUE) {
print "Employee with ID " . $_POST['deleteButton'] . " has been removed. <BR>";
}
}
// Create search bar and drop down for category of search
print "<h1>Employee Database</h1>";
print "<form method=\"POST\">";
print "Search By: </br>";
print "<select name=\"formChoice\"> ";
print "<option value=\"\">Select</option>";
print "<option value=\"Employee_ID\">ID</option>";
print "<option value=\"First_Name\">First Name</option>";
print "<option value=\"Last_Name\">Last Name</option>";
print "<option value=\"Gender\">Gender</option>";
print "<option value=\"Date_Started_Employment\">Start Date</option>";
print "<option value=\"Date_Left_Employment\">Left Date</option></select>";
print "<input type=\"text\" name=\"Value\">";
print "<input type=\"submit\" name=\"query_submit\" value=\"Submit\" default/>";
print "<input type=\"submit\" name=\"query_submit\" value=\"Reset\" default/>";
print "</form>";
print "<div align=\"left\"><form method=\"POST\"><input type=\"submit\" name=\"addButton\" value=\"Add A New Employee\"></form></div>";
// Logout and Reset button not pressed and form dropdown is not 'select' on employee page
if (isset($_POST['query_submit']) && $_POST['query_submit'] != "Reset" && isset($_POST['formChoice']) && $_POST['formChoice'] != "" && isset($_POST['Value'])) {
$formChoice = $_POST['formChoice'];
$value = $_POST['Value'];
print "SELECT * FROM employees WHERE {$formChoice}='{$value}'";
$result = mysqli_query($con, "SELECT * FROM employees WHERE {$formChoice}='{$value}'");
printResult($result);
} else {
print "SELECT * FROM Employees<BR>";
$result = mysqli_query($con, "(SELECT * FROM employees)");
printResult($result);
}
//closing the connection
mysqli_close($con);
} else {
session_unset();
session_destroy();
print "You have been logged out.";
loginPage();
}
}
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8"/>
<title>Tecuno</title>
<link rel="stylesheet" href="cms.css">
</head>
<body>
<div class="outerWrapper">
<?php
if (isset($_GET['a']) && $_GET['a'] == 'login' or !isset($_GET['a'])) {
loginPage();
}
if (isset($_GET['a']) && $_GET['a'] == 'dash') {
dashboard();
}
function loginPage()
{
?>
<h1 class="heading">Login</h1>
<div class="wrapper login">
<form id="login" action="?a=dash" method="post">
<input type="text" name="username" placeholder="Username">
<input type="password" name="password" placeholder="Password">
<input type="submit" value="Log In">
</form>
</div>
<?php
}
function dashboard()
// we add it to ensure that a user is always logged in at chris/? or chris/experimental/?
// if not, in collaboration mode it can happend that
// user 1 is at: chris/
// user 2 is at: chris/?
// then the collaboration is buggy
if ($_SERVER["REQUEST_URI"][strlen($_SERVER["REQUEST_URI"]) - 1] !== '?') {
header("Location: ?");
exit;
}
// update user-specific configuration
// BACKGROUND
if (isset($_SESSION['userconf']['general']) && isset($_SESSION['userconf']['general']['background'])) {
$prefix = '';
if (dirname($_SESSION['userconf']['general']['background']) == '.') {
$prefix .= 'users/' . $_SESSION['username'] . '/' . CHRIS_USERS_CONFIG_DIR . '/';
}
$_SESSION['userconf']['general']['background'] = $prefix . $_SESSION['userconf']['general']['background'];
} else {
$_SESSION['userconf']['general']['background'] = "view/gfx/fnndsc_1920x1200.jpg";
}
// EMAIL ADDRESS
if (isset($_SESSION['userconf']['general']) && isset($_SESSION['userconf']['general']['email'])) {
UserC::setEmail($_SESSION['userid'], $_SESSION['userconf']['general']['email']);
}
// show the homepage
echo homePage();
exit;
}
// otherwise show the login screen
echo loginPage();
