function add_child($parent, $label, $text)
{
global $db;
try {
$insertQuery = $db->prepare("INSERT INTO agentLogins (parent, label, value, guid) VALUES (:parent, :label, :text, :guid)");
$insertQuery->execute(array(':parent' => $parent, ':label' => $label, ':text' => $text, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
}
function setNotes($employee, $semester, $requested, $registered, $notes)
{
global $db;
try {
$insertQuery = $db->prepare("INSERT INTO scheduleNotes (netID, semester, requestedHours, registeredHours, notes, guid) VALUES (:employee,:semester,:requested,:registered,:notes,:guid) ON DUPLICATE KEY UPDATE requestedHours=:requested1,registeredHours=:registered1,notes=:notes1");
$success = $insertQuery->execute(array(':employee' => $employee, ':semester' => $semester, ':requested' => $requested, ':registered' => $registered, ':notes' => addSlashes($notes), ':guid' => newGuid(), ':requested1' => $requested, ':registered1' => $registered, ':notes1' => addSlashes($notes)));
} catch (PDOException $e) {
exit("error in query");
}
echo $success;
}
/**
* Creates a new level in the database
*/
function createLevel($data)
{
global $db;
try {
$highestLevelQuery = $db->prepare("SELECT level FROM employeeRightsLevels WHERE area = :area ORDER BY level DESC LIMIT 1");
$highestLevelQuery->execute(array(':area' => $data['area']));
} catch (PDOException $e) {
exit("error in query");
}
$result = $highestLevelQuery->fetch();
$highestLevel = $result->level;
try {
$insertQuery = $db->prepare("INSERT INTO employeeRightsLevels (name,level,area,guid) VALUES ('',:highestLevel,:area,:guid)");
$insertQuery->execute(array(':highestLevel' => $highestLevel + 1, ':area' => $data['area'], ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
}
}
// If this is our first entry do not add a coma in front of our values, otherwise add it
if (strtotime($instanceStart) >= strtotime('+7 days', strtotime($periodStart))) {
$instanceQueryString .= ', ';
}
$instanceQueryString .= " (:employee" . $i . ",:startTime" . $i . ",:start" . $i . ",:endTime" . $i . ",:end" . $i . ",:type" . $i . ",:total" . $i . ",:default" . $i . ",:area" . $i . ",:guid" . $i . ") ";
$instanceQueryParams[':employee' . $i] = $employee;
$instanceQueryParams[':startTime' . $i] = $startTime;
$instanceQueryParams[':start' . $i] = $instanceStart;
$instanceQueryParams[':endTime' . $i] = $endTime;
$instanceQueryParams[':end' . $i] = $instanceEnd;
$instanceQueryParams[':type' . $i] = $hourType;
$instanceQueryParams[':total' . $i] = $hourTotal;
$instanceQueryParams[':default' . $i] = $defaultId;
$instanceQueryParams[':area' . $i] = $area;
$instanceQueryParams[':guid' . $i] = newGuid();
$i++;
$instanceStart = date('Y-m-d H:i:00', strtotime('+7 days', strtotime($instanceStart)));
$instanceEnd = date('Y-m-d H:i:00', strtotime('+7 days', strtotime($instanceEnd)));
$executeCheck = true;
}
if ($executeCheck) {
try {
$instanceInsertQuery = $db->prepare($instanceQueryString);
$instanceInsertQuery->execute($instanceQueryParams);
} catch (PDOException $e) {
$db->rollBack();
exit("error in query");
}
}
$db->commit();
$groupid = $userar;
} else {
$groupid = $userorg;
}
}
try {
$contactPriorityQuery = $db->prepare("SELECT * FROM contacts WHERE department=:group ORDER BY contactPriority DESC LIMIT 1");
$contactPriorityQuery->execute(array(':group' => $groupid));
} catch (PDOException $e) {
exit("error in query");
}
$addContactPriority = $contactPriorityQuery->fetch(PDO::FETCH_ASSOC);
$userpriority = $addContactPriority['contactPriority'] + 1;
try {
$addContactQuery = $db->prepare("INSERT INTO contacts (name, phone, address, position, contactPriority, managerFlag, department, guid) VALUES (:user, :phone, :address, :position, :priority, :manager, :group, :guid)");
$addContactQuery->execute(array(':user' => $username, ':phone' => $userphone, ':address' => $useraddress, ':position' => $userposition, ':priority' => $userpriority, ':manager' => $usermanagerFlag, ':group' => $groupid, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
}
if ($edit_contact != "") {
try {
$infoQuery = $db->prepare("SELECT department FROM contacts WHERE id=:id");
$infoQuery->execute(array(':id' => $userid));
} catch (PDOException $e) {
exit("error in query");
}
$oldinfo = $infoQuery->fetch(PDO::FETCH_ASSOC);
if ($oldinfo['department'] != $userdept) {
try {
$maxPriorityQuery = $db->prepare("SELECT * FROM contacts WHERE department=:dept ORDER BY contactPriority DESC");
/**
* Creates a status for the employee and the right in the database
*
* @param $right The id of the right whose status is being created
* @param $employee The employee's netID
* @param $manager The manager's netID
* @param $type The right's type ('EMAIL', 'BASIC')
*/
function createRightStatus($right, $employee, $manager, $type)
{
global $db;
$date = date('Y-m-d');
if ($type == "EMAIL") {
try {
$insertQuery = $db->prepare("INSERT INTO employeeRightsStatus (netID,rightID,rightStatus,requestedBy,requestedDate,guid) VALUES (:employee,:right,'1',:manager,:day,:guid) ON DUPLICATE KEY UPDATE requestedBy=:manager1,requestedDate=:day1,rightStatus='1'");
$insertQuery->execute(array(':employee' => $employee, ':right' => $right, ':manager' => $manager, ':day' => $date, ':guid' => newGuid(), ':manager1' => $manager, ':day1' => $date));
} catch (PDOException $e) {
exit("error in query");
}
} else {
if ($type == "BASIC") {
try {
$insertQuery = $db->prepare("INSERT INTO employeeRightsStatus (netID,rightID,rightStatus,updatedBy,updatedDate,guid) VALUES (:employee,:right,'2',:manager,:day,:guid) ON DUPLICATE KEY UPDATE updatedBy=:manager1,updatedDate=:day1,rightStatus='2'");
$insertQuery->execute(array(':employee' => $employee, ':right' => $right, ':manager' => $manager, ':day' => $date, ':guid' => newGuid(), ':manager1' => $manager, ':day1' => $date));
} catch (PDOException $e) {
exit("error in query");
}
} else {
return;
}
}
}
<?php
/* Name: submitBid.php
* Application: Trade Request
*
* Description: This file is called from displayTrades.php when a user checks a trade.
* It creates a bid for the given hour on the given trade.
*/
//Standard include file
require "../includes/includeMeBlank.php";
//Common php functions used in the Trade Request app
include "tradesFunctions.php";
if (isset($_GET['id'])) {
//Declare variable
$trade = explode("_", $_GET['id']);
//This will be an array with each element being a string in the form {netID}_{tradeID}_{hour}
try {
//Submit trade bid
$insertQuery = $db->prepare("INSERT INTO `scheduleTradeBids` (tradeID, employee, hour, guid) \n\t\t\t\tVALUES (:id, :employee, :hour, :guid)\n\t\t\t\tON DUPLICATE KEY UPDATE deleted = 0");
$insertQuery->execute(array(':id' => $trade[1], ':employee' => $trade[0], ':hour' => $trade[2], ':guid' => newGuid()));
//Update trade in scheduleTrades
$updateQuery = $db->prepare("UPDATE `scheduleTrades` SET bids = '1' WHERE ID = :id");
$updateQuery->execute(array(':id' => $trade[1]));
} catch (PDOException $e) {
exit("error in query");
}
}
//if
echo 1;
$tasksQuery = $db->prepare("SELECT * FROM routineTasks WHERE ID=:id");
$tasksQuery->execute(array(':id' => $_REQUEST['id']));
} catch (PDOException $e) {
exit("error in query");
}
$task = $tasksQuery->fetch(PDO::FETCH_ASSOC);
//------------SET VARIABLES---------------------
$title = $task['title'];
$timeDue = $task['timeDue'];
$area = $task['area'];
$completed = '1';
$timeCompleted = date('G:i');
$dateCompleted = date('Y-m-d');
$completedBy = nameByNetId($netID);
//------------------------------------------------
//Query to test whether this task is in the log already ie. its been muted.
try {
$logQuery = $db->prepare("SELECT * FROM routineTaskLog WHERE taskId =:taskId AND (dateMuted IS NOT NULL AND dateCompleted IS NULL)");
$logQuery->execute(array(':taskId' => $taskId));
} catch (PDOException $e) {
exit("error in query");
}
$mutedTask = $logQuery->fetch(PDO::FETCH_ASSOC);
$logID = $mutedTask['ID'];
//queries the database and then add or updates an entry to the TaskLog
try {
$insertQuery = $db->prepare("INSERT INTO routineTaskLog (ID,title,taskId,timeDue,dateDue,area,completed,completedBy,timeCompleted,dateCompleted,comments,guid) VALUES (:id,:title,:taskId,:timeDue,:dateDue,:area,:completed,:by,:timeCompleted,:dateCompleted,:comments,:guid) ON DUPLICATE KEY UPDATE title=:title2,taskId=:taskId2,timeDue=:timeDue2,area=:area2,completed=:completed2,completedBy=:by2,timeCompleted=:timeCompleted2,dateCompleted=:dateCompleted2,comments=:comments2");
$insertQuery->execute(array(':id' => $logID, ':title' => $title, ':taskId' => $taskId, ':timeDue' => $timeDue, ':dateDue' => $dateDue, ':area' => $area, ':completed' => $completed, ':by' => $completedBy, ':timeCompleted' => $timeCompleted, ':dateCompleted' => $dateCompleted, ':comments' => $comments, ':guid' => newGuid(), ':title2' => $title, ':taskId2' => $taskId, ':timeDue2' => $timeDue, ':area2' => $area, ':completed2' => $completed, ':by2' => $completedBy, ':timeCompleted2' => $timeCompleted, ':dateCompleted2' => $dateCompleted, ':comments2' => $comments));
} catch (PDOException $e) {
exit("error in query");
}
$third = 'None to report.';
}
$fourth = trim($_POST['fourth']);
if ($fourth == '') {
$fourth = 'None to report.';
}
$checkList = $_POST['checkList'];
$start = $_POST['start'];
$end = $_POST['end'];
$reportDate = $_POST['reportDate'];
$employeeName = $_POST['employeeName'];
$employeeEmail = $_POST['employeeEmail'];
//insert them into the database.
try {
$insertQuery = $db->prepare("INSERT INTO supervisorReportSD (date,submitter,startTime,endTime,area,outages,problems,misc,supTasks,guid) VALUES (:reportDate,:netId,:start,:end,:area,:first,:second,:third,:fourth,:guid)");
$insertQuery->execute(array(':reportDate' => $reportDate, ':netId' => $netID, ':start' => $start, ':end' => $end, ':area' => $area, ':first' => $first, ':second' => $second, ':third' => $third, ':fourth' => $fourth, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
if (isset($_POST['openingList'])) {
echo "<br/>Opening List<br/>";
try {
$tasksQuery = $db->prepare("SELECT `ID`,`text` FROM supervisorReportSDTasks WHERE area= :area AND checklist = '0'");
$tasksQuery->execute(array(':area' => $area));
} catch (PDOException $e) {
exit("error in query");
}
while ($cur = $tasksQuery->fetch(PDO::FETCH_ASSOC)) {
if (!isset($_POST['task' . $cur['ID']])) {
echo "<br/>Not Complete: " . $cur['text'] . "<br/>";
}
<?php
/* Name: submitEntry.php
* Application: Manager Report
*
* Description: This php file takes the manager entry submitted on the index.php page and saves it to the DB.
*/
//Include file to include common functions used throughout the site
require '../includes/includeMeBlank.php';
//Declare variables
global $netID;
global $area;
$comment = $_POST["comment"];
$category = $_POST["category"];
//Update DB
try {
$insertQuery = $db->prepare("INSERT INTO `managerReports` (`netID`, `comments`, `category`, `area`, `guid`) VALUES (:netId,:comment,:category,:area,:guid)");
$success = $insertQuery->execute(array(':netId' => $netID, ':comment' => $comment, ':category' => $category, ':area' => $area, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
//Return result
if ($success) {
echo json_encode(array('status' => $success));
} else {
echo json_encode(array('status' => $success, 'error' => "error in query"));
}
//if-else
require '../includes/includeme.php';
if (isset($_POST['absence'])) {
if ($_POST['employee'] == '' || $_POST['date'] == '' || $_POST['reason'] == '') {
echo "<font color='red' size='3'>Oops, You missed something.</font>";
} else {
$flagWarning = false;
$employee = $_POST['employee'];
$reason = $_POST['reason'];
$noCall = $_POST['noCall'];
$date = $_POST['date'];
$start = date("H:i", strtotime($_POST['start']));
$end = date("H:i", strtotime($_POST['end']));
try {
$insertQuery = $db->prepare("INSERT INTO reportAbsence (employee, date, shiftStart, shiftEnd, reason, noCall,submitter,area,guid) VALUES (:employee,:day,:start,:end,:reason,:call,:netId,:area,:guid)");
$insertQuery->execute(array(':employee' => $_POST['employee'], ':day' => $_POST['date'], ':start' => $start, ':end' => $end, ':reason' => $_POST['reason'], ':call' => $_POST['noCall'], ':netId' => $netID, ':area' => $area, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
$flagCheck = date("Y-m-d", strtotime(date('m') . '/01/' . date('Y') . ' 00:00:00'));
try {
$countQuery = $db->prepare("SELECT COUNT(ID) FROM reportAbsence WHERE employee = :employee AND date > :day");
$countQuery->execute(array(':employee' => $_POST['employee'], ':day' => $flagCheck));
} catch (PDOException $e) {
exit("error in query");
}
$result = $countQuery->fetch(PDO::FETCH_NUM);
$flag = $result[0];
if ($flag >= 3) {
$flagWarning = true;
}
<?php
//insertType.php
//used to insert a type via ajax
require '../../includes/includeMeBlank.php';
if (can("update", "6db1ee4f-4d80-424d-a062-97dc4cc22936")) {
try {
$insertQuery = $db->prepare("INSERT INTO tag (area,typeName,color,`mustApprove`,guid) VALUES (:area,'','',0,:guid)");
$insertQuery->execute(array(':area' => $area, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
}
}
// If this is our first entry do not add a coma in front of our values, otherwise add it
if (strtotime($instanceStart) >= strtotime('+7 days', strtotime($periodStart))) {
$insertQueryString .= ', ';
}
$insertQueryString .= " (:employee" . $i . ",:startTime" . $i . ",:start" . $i . ",:endTime" . $i . ",:end" . $i . ",:type" . $i . ",:total" . $i . ",:default" . $i . ",:area" . $i . ",:guid" . $i . ") ";
$insertQueryParams[':employee' . $i] = $employee;
$insertQueryParams[':startTime' . $i] = $startTime;
$insertQueryParams[':start' . $i] = $instanceStart;
$insertQueryParams[':endTime' . $i] = $endTime;
$insertQueryParams[':end' . $i] = $instanceEnd;
$insertQueryParams[':type' . $i] = $hourType;
$insertQueryParams[':total' . $i] = $hourTotal;
$insertQueryParams[':default' . $i] = $defaultId;
$insertQueryParams[':area' . $i] = $area;
$insertQueryParams[':guid' . $i] = newGuid();
$instanceStart = date('Y-m-d H:i:00', strtotime('+7 days', strtotime($instanceStart)));
$instanceEnd = date('Y-m-d H:i:00', strtotime('+7 days', strtotime($instanceEnd)));
$i++;
}
try {
$insertQuery = $db->prepare($insertQueryString);
$success = $insertQuery->execute($insertQueryParams);
} catch (PDOException $e) {
$failure = true;
$db->rollBack();
}
if (!$failure) {
$db->commit();
}
}
<?php
require "../../includes/includeMeBlank.php";
$year = $_GET['year'];
$posts = explode(",", $_GET['posts']);
try {
$scheduleQuery = $db->prepare("SELECT `weekStart` FROM `schedulePosting` WHERE `area` = :area AND `weekStart` >= :year AND `weekStart` <= :year1 ORDER BY `weekStart` ASC");
$scheduleQuery->execute(array(':area' => $area, ':year' => $year . '-01-01', ':year1' => $year . '-12-31'));
} catch (PDOException $e) {
exit("error in query");
}
// loop through and set any that in the list, clear any that aren't
while ($row = $scheduleQuery->fetch(PDO::FETCH_ASSOC)) {
$value = 1;
if (!in_array($row['weekStart'], $posts)) {
$value = 0;
}
try {
$insertQuery = $db->prepare("INSERT INTO `schedulePosting` (`weekStart`,`area`,`post`,`guid`) VALUES (:start,:area,:value,:guid) ON DUPLICATE KEY UPDATE `post`=:value1");
$insertQuery->execute(array(':start' => $row['weekStart'], ':area' => $area, ':value' => $value, ':value1' => $value, ':guid' => newGuid()));
$updateQuery = $db->prepare("UPDATE `scheduleWeekly` SET `posted` = :value WHERE `area` = :area AND `startDate` >= :start AND `startDate` < DATE_ADD(:start1, INTERVAL 1 WEEK)");
$updateQuery->execute(array(':value' => $value, ':area' => $area, ':start' => $row['weekStart'], ':start1' => $row['weekStart']));
} catch (PDOException $e) {
exit("error in query");
}
}
echo "Success!";
function grantGroupPermissionByIndex($index, $groupID)
{
global $db;
try {
$insertQuery = $db->prepare("INSERT INTO permissionsGroupMembers (permID,groupID,guid) VALUES (:index,:groupID,:guid)");
$success = $insertQuery->execute(array(':index' => $index, ':groupID' => $groupID, ':guid' => newGuid()));
} catch (PDOException $e) {
$success = false;
}
return $success;
}
$oldAreasString = implode(',', $oldEntryArray);
try {
$updateQuery = $db->prepare("UPDATE `whiteboardAreas` SET `deleted` = 1, `deletedBy` = :netId, `deletedOn` = NOW() WHERE `whiteboardId` = :id AND `areaId` IN (:areas)");
$updateQuery->execute(array(':netId' => $netID, ':id' => $whiteboardId, ':areas' => $oldAreasString));
} catch (PDOException $e) {
$db->rollBack();
exit("error in query");
}
}
$approvedBy = $approvedBy == '' || '0000-00-00 00:00:00' ? NULL : $approvedBy;
$approvedOn = $approvedOn == '' || '0000-00-00 00:00:00' ? NULL : "'{$approvedOn}'";
// Insert related `whiteboardAreas` entries
foreach ($_POST['areas'] as $areaId) {
try {
$insertQuery = $db->prepare("INSERT INTO `whiteboardAreas` (`whiteboardId`, `areaId`, `approved`, `approvedBy`, `approvedOn`, `guid`) VALUES (:id, :area, :approved, :by, :on, :guid)\n\t\t\t\tON DUPLICATE KEY UPDATE `approved` = :approved1, `approvedBy` = :by1, `approvedOn` = :on1, `deleted` = 0, `deletedBy` = NULL, `deletedOn` = NULL");
$insertQuery->execute(array(':id' => $whiteboardId, ':area' => $areaId, ':approved' => $approved, ':by' => $approvedBy, ':on' => $approvedOn, ':guid' => newGuid(), ':approved1' => $approved, ':by1' => $approvedBy, ':on1' => $approvedOn));
} catch (PDOException $e) {
$db->rollBack();
exit("error in query");
}
}
// If all queries were successful, commit.
$db->commit();
?>
<script>
// Fist parameter should be an array, all parameters after that are values in the array that you would like removed.
function remove(arr)
{
var what, a = arguments, L = a.length, ax;
while (L > 1 && arr.length)
{
/**
* Forces an onsite notification to all people in the area regardless of preferences, or to one person, if the fourth
* parameter is filled.
* @param $type string The notification type GUID
* @param $message string The message to send
* @param $persons (object)array The NetId, method, and email addres of a specific person(s) to receive the message,
* usually the person to whom the message is referring (i.e. performance logs)
*/
function forceNotify($type, $message, $persons = null)
{
global $area, $areaGuid, $db;
// Get notifications url
$url = getEnv('NOTIFICATIONSURL');
$receivers = array();
if ($persons !== NULL) {
foreach ($persons as $person) {
$receivers[] = (object) array("netId" => $person->netId, "method" => "onsite", "email" => $person->email);
}
} else {
// Get recipients
try {
$stmt = $db->prepare("SELECT netID, email FROM employee WHERE area=:area AND active=1");
$stmt->execute(array(':area' => $area));
} catch (PDOException $e) {
exit("error in query");
}
while ($recipient = $stmt->fetch()) {
$receivers[] = (object) array("netId" => $recipient->netID, "method" => "onsite", "email" => $recipient->email);
}
}
$guid = newGuid();
try {
$stmt3 = $db->prepare("INSERT INTO notifications (message, type, area, guid) VALUES (:message, :type, :area, :guid)");
$stmt3->execute(array(":message" => $message, ":type" => $type, ":area" => $areaGuid, ":guid" => $guid));
} catch (PDOException $e) {
exit("error in query");
}
if (count($receivers) > 0) {
sendAuthenticatedRequest("POST", "https://" . $url . "/notify", array("message" => $message, "receivers" => json_encode($receivers)));
foreach ($receivers as $receiver) {
try {
$stmt4 = $db->prepare("INSERT INTO userNotifications (netId, notificationGuid) VALUES (:netId, :guid)");
$stmt4->execute(array(":netId" => $receiver->netId, ":guid" => $guid));
} catch (PDOException $e) {
}
// catch exceptions if they arise, but try to add as many as possible
}
}
}
exit("error in query");
}
if ($request = $requestsQuery->fetch(PDO::FETCH_ASSOC)) {
try {
$updateQuery = $db->prepare("UPDATE scheduleHourRequests SET notes = :notes, deleted = '0' WHERE netId LIKE :netId AND area = :area");
$updateQuery->execute(array(':notes' => $_POST['reason'], ':netId' => $netID, ':area' => $area));
} catch (PDOException $e) {
exit("error in query");
}
//Print page content
echo "\t<div align='center'>\n\t\t\t\t\t\t<h2>Thank you, your request has been submitted!</h2>\n\t\t\t\t\t\t<a href='displayTrades.php'>Return to Trade Requests</a>\n\t\t\t\t\t</div>";
} else {
//Declare variables
try {
$insertQuery = $db->prepare("INSERT INTO scheduleHourRequests (netID, notes, area, guid) VALUES (:netId,:notes,:area,:guid)");
$insertQuery->execute(array(':netId' => $netID, ':notes' => $_POST['reason'], ':area' => $area, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
//Print page content
echo "\t<div align='center'>\n\t\t\t\t\t\t<h2>Thank you, your request has been submitted!</h2>\n\t\t\t\t\t\t<a href='displayTrades.php'>Return to Trade Requests</a>\n\t\t\t\t\t</div>";
}
//else
} else {
//Print page content
echo ' <div align="center">
<p>Please write a description of why you want more hours.</p>
<form method="post">
<textarea id="reason" name="reason" cols="40" rows="3"></textarea>
<br /><br /><input type="submit" id="submit" name="submit" value="Submit" />
</form>
<?php
require '../../includes/includeMeBlank.php';
$info = $_GET['data'];
$info = explode('_', $info);
try {
$insertQuery = $db->prepare("INSERT INTO employeeAreaPermissions (netID,area,guid) VALUES (:netID,:area,:guid)");
$insertQuery->execute(array(':netID' => $info[0], ':area' => $info[1], ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
<?php
require '../../includes/includeMeBlank.php';
$type = $_GET['type'];
$employee = $_GET['employee'];
$teamId = $_GET['team'];
if ($type == "add") {
try {
$insertQuery = $db->prepare("INSERT INTO teamMembers (netID,teamID,area,guid) VALUES (:employee,:teamId,:area,:guid)");
$insertQuery->execute(array(':employee' => $employee, ':teamId' => $teamId, ':area' => $area, ':guid' => newGuid()));
$teamsQuery = $db->prepare("SELECT * FROM teams WHERE ID = :teamId");
$teamsQuery->execute(array(':teamId' => $teamId));
} catch (PDOException $e) {
exit("error in query");
}
$teamInfo = $teamsQuery->fetch(PDO::FETCH_ASSOC);
if ($teamInfo['isShift']) {
try {
$updateQuery = $db->prepare("UPDATE employee SET supervisor = :lead WHERE netID = :employee");
$updateQuery->execute(array(':lead' => $teamInfo['lead'], ':employee' => $employee));
} catch (PDOException $e) {
exit("error in query");
}
}
} else {
if ($type == "remove") {
try {
$deleteQuery = $db->prepare("DELETE FROM teamMembers WHERE netID = :employee AND teamID = :teamId AND area = :area");
$deleteQuery->execute(array(':employee' => $employee, ':teamId' => $teamId, ':area' => $area));
$teamsQuery = $db->prepare("SELECT * FROM teams WHERE ID = :teamId");
$teamsQuery->execute(array(':teamId' => $teamId));
} else {
$view = 0;
}
if (isset($_POST[$hourType['ID'] . 'ss'])) {
$ss = 1;
} else {
$ss = 0;
}
if (isset($_POST[$hourType['ID'] . 'nw'])) {
$nw = 1;
} else {
$nw = 0;
}
try {
$insertQuery = $db->prepare("INSERT INTO scheduleHourTypes (ID,area,value,name,color,longName,permission,tradable,defaultView,selfSchedulable, `nonwork`,guid) \n\t\t\t\tVALUES (:id, :area, :value, :typeId, :color, :long, :permission, :trade, :view, :ss, :nw, :guid)\n\t\t\t\tON DUPLICATE KEY UPDATE value=:value1, name=:name1, color=:color1, longName=:long1, permission=:permission1, tradable=:trade1, defaultView=:view1, selfSchedulable=:ss1, `nonwork`=:nw1");
$insertQuery->execute(array(':id' => $hourType['ID'], ':area' => $area, ':value' => $_POST[$hourType['ID'] . 'value'], ':typeId' => $_POST[$hourType['ID']], ':color' => $_POST[$hourType['ID'] . 'color'], ':long' => $_POST[$hourType['ID'] . 'longName'], ':permission' => $_POST['permission'][$hourType['ID']], ':trade' => $trade, ':view' => $view, ':ss' => $ss, ':nw' => $nw, ':guid' => newGuid(), ':value1' => $_POST[$hourType['ID'] . 'value'], ':name1' => $_POST[$hourType['ID']], ':color1' => $_POST[$hourType['ID'] . 'color'], ':long1' => $_POST[$hourType['ID'] . 'longName'], ':permission1' => $_POST['permission'][$hourType['ID']], ':trade1' => $trade, ':view1' => $view, ':ss1' => $ss, ':nw1' => $nw));
} catch (PDOException $e) {
exit("error in query");
}
}
}
?>
<script type='text/javascript'>
window.onload = function()
{
printShifts();
}
function printShifts()
<?php
//comments.php
//used to add a comment to a performance review
require '../includes/includeme.php';
if (isset($_POST['submit'])) {
try {
$insertQuery = $db->prepare("INSERT INTO reportComments (netID,comments,date,meetingRequest,submitter,area,guid) VALUES (:employee,:comments,:day,:request,:netId,:area,:guid)");
$insertQuery->execute(array(':employee' => $_POST['employee'], ':comments' => $_POST['comments'], ':day' => $_POST['date'], ':request' => $_POST['meetingRequest'], ':netId' => $netID, ':area' => $area, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
echo "<script>alert('Comment Submitted');window.close();</script>";
}
?>
<script language="JavaScript" src="../includes/templates/scripts/calendar_db.js"></script>
<link rel="stylesheet" href="../includes/templates/styles/calendar.css">
<style>
#commentTable{
width: 70%;
margin-right: 15%;
margin-left: 15%;
}
</style>
<h1 style='text-align:center'>Post a Comment on Performance Summary</h1>
<p style='text-align:center'><a href='commentsLog.php'>Return to Log</a></p>
<!---------------------------employee------------------------------- -->
<form name='comment' method='post'>
<table id='commentTable'>
<tr>
<td>
try {
$wageQuery = $db->prepare("SELECT wage FROM employeeWages WHERE netID=:netId");
$wageQuery->execute(array(':netId' => $employeeNetId));
} catch (PDOException $e) {
exit("error in query");
}
$result = $wageQuery->fetch(PDO::FETCH_ASSOC);
$newWage = $result['wage'] + $raise;
if ($date == "") {
//This accounts for no date being given, so we have to manually time stamp it
$date = date("Y-m-d H:i:s", strtotime("now"));
try {
$insertQuery = $db->prepare("INSERT INTO employeeRaiseLog (netID,raise,newWage,submitter,comments,date,guid)\n\t\t\t\t\tVALUES (:employee,:raise,:wage,:netId,:comments,:day,:guid)");
$insertQuery->execute(array(':employee' => $employeeNetId, ':raise' => $raise, ':wage' => $newWage, ':netId' => $netID, ':comments' => $comments, ':day' => $date, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
} else {
//This is the normal entry method if all information is normal. the "default case"
$date .= " " . date('H:i:s', strtotime("now"));
try {
$insertQuery = $db->prepare("INSERT INTO employeeRaiseLog (netID,raise,newWage,submitter,comments,date,guid)\n\t\t\t\t\tVALUES (:employee,:raise,:wage,:netId,:comments,:day,:guid)");
$insertQuery->execute(array(':employee' => $employeeNetId, ':raise' => $raise, ':wage' => $newWage, ':netId' => $netID, ':comments' => $comments, ':day' => $date, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
}
echo "Raise is now pending";
//This gets echo'd back so the page alerts letting the user know it was successful
}
}
try {
$employeeQuery = $db->prepare("SELECT * FROM employee WHERE `netID` = :netId LIMIT 1");
$employeeQuery->execute(array(':netId' => $employeeNetId));
} catch (PDOException $e) {
exit("error in query");
}
$employeeReviewed = $employeeQuery->fetch(PDO::FETCH_ASSOC);
// Table to show what has been submitted:
//PHP code to add ticket review to the database
$entryNum = 1;
while (isset($_POST['ticketNum' . $entryNum])) {
if (isset($_POST['ticketNum' . $entryNum]) || isset($_POST['ticketDate' . $entryNum]) || isset($_POST['requestor' . $entryNum]) || isset($_POST['contactInfo' . $entryNum]) || isset($_POST['serviceOrSymtomCat' . $entryNum]) || isset($_POST['ticketSource' . $entryNum]) || isset($_POST['priority' . $entryNum]) || isset($_POST['kbOrSource' . $entryNum]) || isset($_POST['workOrder' . $entryNum]) || isset($_POST['template' . $entryNum]) || isset($_POST['troubleshooting' . $entryNum]) || isset($_POST['closureCodes' . $entryNum]) || isset($_POST['professionalism' . $entryNum]) || isset($_POST['comment' . $entryNum])) {
//insert user's comments into the database
try {
$insertQuery = $db->prepare("INSERT INTO ticketReview (\n\t\t\t\tticketNum, agentID, submitterID, ticketDate, requestor, contactInfo,\n\t\t\t\tssc, ticketSource, priority, kbOrSource, workOrderNumber, templates, \n\t\t\t\ttroubleshooting, closureCodes, professionalism, comments, sentEmail, area,\n\t\t\t\tguid, reviewDate, viewDate, agentViewed)\n\t\t\t\tValues (\n\t\t\t\t:ticketNum, :employee, :netId, :day, :requestor, :contact,\n\t\t\t\t:service, :source, :priority, :kb, :order, :template,\n\t\t\t\t:troubleshooting,:closure, :professionalism,:comment, '0', :area,\n\t\t\t\t:guid, :reviewDate, :viewDate, :agentViewed)");
$insertQuery->execute(array(':ticketNum' => trim($_POST['ticketNum' . $entryNum]), ':employee' => $_POST['employeeReviewedNetID'], ':netId' => $netID, ':day' => $_POST['ticketDate' . $entryNum], ':requestor' => $_POST['requestor' . $entryNum], ':contact' => $_POST['contactInfo' . $entryNum], ':service' => $_POST['serviceOrSymtomCat' . $entryNum], ':source' => $_POST['ticketSource' . $entryNum], ':priority' => $_POST['priority' . $entryNum], ':kb' => $_POST['kbOrSource' . $entryNum], ':order' => $_POST['workOrder' . $entryNum], ':template' => $_POST['template' . $entryNum], ':troubleshooting' => $_POST['troubleshooting' . $entryNum], ':closure' => $_POST['closureCodes' . $entryNum], ':professionalism' => $_POST['professionalism' . $entryNum], ':comment' => $_POST['comment' . $entryNum], ':area' => $area, ':guid' => newGuid(), ':reviewDate' => '0000-00-00', ':viewDate' => '0000-00-00', ':agentViewed' => 0));
} catch (PDOException $e) {
exit("error in query");
}
$addSuccessfulMes = '<div style="float:right; font-size:119%; margin-right:180px;"> Review recent submissions for this person <a href="#" onClick="showTicketSubmittedSummary();"> here.</a></div><div style="float:right;color:#011948;font-size:123%;font-weight:bold;margin-right:5px;">Success! </div>';
}
$entryNum = $entryNum + 1;
$sendEmailFlag = 1;
}
if ($sendEmailFlag) {
try {
$timestampQuery = $db->prepare("SELECT `timeStamp` FROM `ticketReview` WHERE `timeStamp`=(SELECT MAX(`timeStamp`) FROM `ticketReview` WHERE agentID=:reviewed) AND agentID=:reviewed1 AND sentEmail= 0");
$timestampQuery->execute(array(':reviewed' => $_POST['employeeReviewedNetID'], ':reviewed1' => $_POST['employeeReviewedNetID']));
} catch (PDOException $e) {
exit("error in query");
}
<?php
require '../includes/includeMeSimple.php';
if (isset($_GET['commended'])) {
$commended = $_GET['commended'];
}
if (isset($_POST['commend'])) {
$employee = $_POST['employee'];
$date = $_POST['date'];
$reason = $_POST['reason'];
$public = $_POST['public'];
try {
$insertQuery = $db->prepare("INSERT INTO reportCommendable (employee, date, reason, area, submitter, public, guid) VALUES (:employee,:day,:reason,:area,:netId,:public,:guid)");
$insertQuery->execute(array(':employee' => $_POST['employee'], ':day' => $_POST['date'], ':reason' => $_POST['reason'], ':area' => $area, ':netId' => $netID, ':public' => $_POST['public'], ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
//Create $persons object to be passed in to the notify function.
$persons = getReceivers($_POST['employee'], $areaGuid, "ffb6ffe7-c522-11e5-bdda-0242ac110003");
//Call notify function using the object $persons created above as the third argument.
notify("ffb6ffe7-c522-11e5-bdda-0242ac110003", "Congratulations! You have received a commendable performance report! See your report on the Wall of Fame or Commendable Log Page.", $persons);
echo "<script>alert('Commendable Performance Submitted');window.close();</script>";
}
?>
<html>
<script type="text/javascript">
window.onload=function()
{
$("#employee").val(<?php
$tradeArray = json_decode($_POST['JSON'], true);
} else {
$tradeArray = json_decode($_GET['JSON'], true);
}
$tradeMessage = "{$name} put some shifts up for trade. See the available trades page for details.";
foreach ($tradeArray as $trade) {
$postedBy = $trade['postedBy'];
$postedDate = date("Y-m-d", strtotime("today"));
$shiftId = $trade['shiftId'];
$startDate = $trade['startDate'];
$startTime = $trade['startTime'];
$endDate = $trade['endDate'];
$endTime = $trade['endTime'];
$hourType = $trade['hourType'];
if (isset($trade['notes'])) {
$notes = $trade['notes'];
} else {
$notes = '';
}
try {
$insertQuery = $db->prepare("INSERT INTO `scheduleTrades` (postedBy,postedDate,shiftId,startTime,startDate,endTime,endDate,hourType,notes,area,guid)\n\t\t\t\t\tVALUES(:postedBy,:postedDate,:shiftId,:startTime,:startDate,:endTime,:endDate,:hourType,:notes,:area,:guid)");
$insertQuery->execute(array(':postedBy' => $postedBy, ':postedDate' => $postedDate, ':shiftId' => $shiftId, ':startTime' => $startTime, ':startDate' => $startDate, ':endTime' => $endTime, ':endDate' => $endDate, ':hourType' => $hourType, ':notes' => $notes, ':area' => $area, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
if (count($tradeArray) == 1) {
$tradeMessage = "{$name} put a shift up for trade on " . date("D, M jS, Y", strtotime($startDate)) . " from " . date("g:ia", strtotime($startTime)) . " to " . date("g:ia", strtotime($endTime)) . ".";
}
}
notify("59f27b54-ce90-11e5-9646-0242ac110012", $tradeMessage);
echo 1;
function reOpen($post)
{
global $netID, $db;
$time = date('H:i:s', strtotime($post['time']));
try {
$insertQuery = $db->prepare("INSERT INTO executiveNotificationUpdate (execNoteID,updateText,date,time,submitter,type,guid) VALUES (:id,:update,:day,:time,:netId,'Re-open',:guid)");
$insertQuery->execute(array(':id' => $post['id'], ':update' => $post['update'], ':day' => $post['date'], ':time' => $time, ':netId' => $netID, ':guid' => newGuid()));
$updateQuery = $db->prepare("UPDATE executiveNotification set description=:desc, subject = :subject, status = '0', endDate = NULL, endTime = NULL, priority = :priority WHERE ID = :id");
$updateQuery->execute(array(':desc' => $post['desc'], ':subject' => $post['subject'], ':priority' => $post['priority'], ':id' => $post['id']));
} catch (PDOException $e) {
exit("error in query");
}
}
}
}
//give the person who created the association the permissions
try {
$permissionQuery = $db->prepare("SELECT * FROM `permissionArea` WHERE `permissionId`=:permission");
$permissionQuery->execute(array(':permission' => $_POST['permissionId']));
} catch (PDOException $e) {
exit("error in query");
}
while ($row = $permissionQuery->fetch(PDO::FETCH_ASSOC)) {
$permissionIndex = $row['index'];
try {
$permissionCheckQuery = $db->prepare("SELECT COUNT(`index`) FROM `employeePermissions` WHERE `netID`=:netID AND `permission`=:permission");
$permissionCheckQuery->execute(array(':netID' => $netID, ':permission' => $permissionIndex));
} catch (PDOException $e) {
exit("error in query");
}
$result = $permissionCheckQuery->fetch(PDO::FETCH_NUM);
if ($result[0] == 0) {
try {
$insertEmployeePermissionQuery = $db->prepare("INSERT INTO `employeePermissions` (`netID`,`permission`,`guid`) VALUES (:netID,:permission,:guid)");
$insertEmployeePermissionQuery->execute(array(':netID' => $netID, ':permission' => $permissionIndex, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
}
}
} else {
echo json_encode(array('status' => "FAIL", 'error' => "error in query"));
}
}
<?php
//addTeam.php
//adds a team to the database
require '../../includes/includeMeBlank.php';
$name = $_GET['name'];
$email = $_GET['email'];
$lead = $_GET['lead'];
try {
$insertQuery = $db->prepare("INSERT INTO teams (name,lead,email,area,guid) VALUES (:name,:lead,:email,:area,:guid)");
$insertQuery->execute(array(':name' => $name, ':lead' => $lead, ':email' => $email, ':area' => $area, ':guid' => newGuid()));
$id = $db->lastInsertId();
$insertMemberQuery = $db->prepare("INSERT INTO teamMembers (netID,teamID,area,isSupervisor,guid) VALUES (:lead,:id,:area,'1',:guid)");
$insertMemberQuery->execute(array(':lead' => $lead, ':id' => $id, ':area' => $area, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
if (isSuperuser()) {
try {
if ($parent == null) {
$sortQuery = $db->prepare('SELECT sortOrder FROM link WHERE parent IS NULL and area = :area ORDER BY sortOrder DESC LIMIT 1');
$sortQuery->execute(array(':area' => $area));
} else {
$sortQuery = $db->prepare('SELECT sortOrder FROM link WHERE parent = :parent ORDER BY sortOrder DESC LIMIT 1');
$sortQuery->execute(array(':parent' => $parent));
}
if ($sort = $sortQuery->fetch()) {
$order = ++$sort->sortOrder;
} else {
$order = 0;
}
$insertQuery = $db->prepare("INSERT INTO `link` (name,appId,area,permission,parent,newTab,sortOrder,guid) \n VALUES (:name,:appId,:area,:permission,:parent,:new,:sort,:guid)");
$insertQuery->execute(array(':name' => $name, ':appId' => $appId, ':area' => $area, ':permission' => $permissionNeeded, ':parent' => $parent, ':new' => $newtab, ':sort' => $order, ':guid' => newGuid()));
} catch (PDOException $e) {
exit("error in query");
}
}
}
//--------------HTML---------------------------
?>
<h1 align='center'>Add Link to Website</h1>
<div id=editLink float=right>
<a href="../editLink/index.php">Edit Existing Link</a>
</div>
<div class='titleArea'>
<form id='linkData' method="post">
