/** * @param $DependentID * @return Dependent */ public static function getDependent($DependentID) { try { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php"; $sql = "SELECT * FROM Dependents WHERE DependentID = ?"; $stmt = Conn::get()->prepare($sql); $stmt->execute(array($DependentID)); return $stmt->fetchObject(__CLASS__); } catch (Exception $e) { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php"; ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true); return false; } }
public function getNumUsers() { try { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php"; $sql = "SELECT count(UID) AS numUsers FROM User WHERE CID = :CID"; $stmt = Conn::get()->prepare($sql); $stmt->bindParam(":CID", $this->CID, PDO::PARAM_INT); $stmt->execute(); return $stmt->fetch()["numUsers"]; } catch (Exception $e) { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php"; ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true); return -1; } }
public static function getEmployeeList() { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php"; $sql = "SELECT BFID, Fname, Lname, PhoneNum, LastModified\n FROM BossFlexEmployee ORDER BY LastModified"; try { $stmt = Conn::get()->query($sql); $employees = array(); while ($employee = $stmt->fetchObject(__CLASS__)) { $employees[] = $employee; } return $employees; } catch (Exception $e) { ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true); return false; } }
/** * @param $User User * @param $Password * @return bool */ public static function changePassword($User, $Password) { try { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php"; include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Models/User.php"; $sql = "UPDATE Auth SET Password = :Pass WHERE UID = :UID"; $cost = 10; $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.'); $salt = sprintf("\$2a\$%02d\$", $cost) . $salt; $Password = crypt($Password, $salt); $stmt = Conn::get()->prepare($sql); $stmt->bindParam(":UID", $User->getUID()); $stmt->bindParam(":Pass", $Password); $stmt->execute(); return true; } catch (Exception $e) { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php"; ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true); return false; } }
if (isset($_GET['Email']) || isset($_GET['id'])) { /** @var User $User */ if (isset($_GET['Email'])) { $Email = urldecode($_GET['Email']); $User = User::getUserByEmail($Email); } else { $User = User::getUserByEmpInfo($_GET['id'], $_SESSION['hradmin']['CID']); } if (!$User) { echo "<h3>User does not exist</h3>"; } else { if ($User->getCID() != $_SESSION['hradmin']['CID'] && $_SESSION['hradmin']['CID'] != 1) { include_once "../../bossflex/Helpers/ErrorReport.php"; $curUser = $_SESSION['hradmin']['UID']; $error = "Attempt to access invalid data by UserID: " . $curUser; ErrorReport::send($_SERVER["SCRIPT_NAME"], $error, $_SERVER['REMOTE_ADDR'], true); //Act like an user doesn't exist in the system and turn into Add User page echo "<h3>User does not exist</h3>"; } else { /** @var Employee $Employee */ $Employee = Employee::getEmployeeByUID($User->getUID()); $_SESSION['EditUser'] = serialize($User); $_SESSION['EditEmployee'] = serialize($Employee); $newUser = false; } } } // If no user is specified, reuse as Add User Form if ($newUser) { $User = new User(); $Employee = new Employee();
public static function unFlagUser($UID) { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php"; $notFlagged = 0; try { $delete = "DELETE From FlaggedUsers WHERE UID= :UID"; $stmt = Conn::get()->prepare($delete); $stmt->bindParam(":UID", $UID, PDO::PARAM_INT); $stmt->execute(); $sql = "UPDATE User SET Flagged = :zero WHERE UID= :UID"; $stmt = Conn::get()->prepare($sql); $stmt->bindParam(":UID", $UID, PDO::PARAM_INT); $stmt->bindParam(":zero", $notFlagged, PDO::PARAM_INT); $stmt->execute(); return true; } catch (Exception $e) { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php"; ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true); return false; } }
public static function getEmployeeListForCompany($CID) { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Conn.php"; $sql = "SELECT EID, CID, Fname, Lname, PhoneNum, AccountNum, Adr_Street, Adr_City, Adr_State, Adr_Zip, LastModified\n FROM Employee \n WHERE CID = ? \n ORDER BY LastModified"; try { $stmt = Conn::get()->prepare($sql); $stmt->execute(array($CID)); return $stmt->fetchAll(PDO::FETCH_CLASS, __CLASS__); } catch (Exception $e) { include_once $_SERVER['DOCUMENT_ROOT'] . "/bossflex/Helpers/ErrorReport.php"; ErrorReport::send($_SERVER["SCRIPT_NAME"], $e->getMessage(), $_SERVER['REMOTE_ADDR'], true); return false; } }