function audit($chkrecent = true) { if (isset($_POST[$this->pagename . "YYYY"])) { $this->YYYY = COM_input_edit($this->pagename . "YYYY", 4); } if (isset($_POST[$this->pagename . "MM"])) { $this->MM = COM_input_edit($this->pagename . "MM", 2); } if (isset($_POST[$this->pagename . "DD"])) { $this->DD = COM_input_edit($this->pagename . "DD", 2); } if ($this->YYYY . $this->MM . $this->DD == "") { if ($this->required) { return "entry required"; } $this->value = NULL; return true; } if ($this->YYYY == "" || $this->MM == "" || $this->DD == "") { return "incomplete date"; } if (!is_numeric($this->YYYY) || !is_numeric($this->MM) || !is_numeric($this->DD)) { return "dates must be all numeric"; } if ($chkrecent) { $now = COM_NOW(); if ($this->YYYY < $now->format('Y') - 1 || $this->YYYY > $now->format('Y') + 1) { return "date must be recent"; } } if ($this->MM < 1 || $this->MM > 12) { return "invalid month"; } $m = array(0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31); if ($this->YYYY % 4 == 0) { $m[2] = 29; } if ($this->DD < 1 || $this->DD > $m[intval($this->MM)]) { return "invalid day of month"; } $this->value = new DateTime($this->YYYY . "-" . $this->MM . "-" . $this->DD); return true; }
function update_activity(&$state) { global $_DB; $activity = COM_input_edit("act"); $sql = "UPDATE " . $_DB->prefix . "b02_activity SET description=:desc\n\t\t\tWHERE activity_id=" . $_POST["actupd"] . ";"; $stmt = $_DB->prepare($sql); $stmt->bindValue(':desc', $activity, PDO::PARAM_STR); $stmt->execute(); $state->msgStatus = "."; //tell server_call we're done return true; }
function entry_audit() { global $_DB, $_STATE, $_PERMITS; $_STATE->fields["txtName"] = COM_input_edit("txtName", 32); $_STATE->fields["txtPswd"] = $_POST["txtPswd"]; // Note: "txtPswd" does not need input_edit since it is never used in SQL nor is it displayed in // HTML; and it should NOT be subjected to input_edit since that function limits the chars used. $sql = "SELECT c00.*, c10.*, a00.organization_id, a00.timezone\n\t\t\tFROM " . $_DB->prefix . "c00_person AS c00\n\t\t\tLEFT OUTER JOIN " . $_DB->prefix . "c10_person_organization AS c10\n\t\t\tON (c00.person_id = c10.person_idref)\n\t\t\tLEFT OUTER JOIN " . $_DB->prefix . "a00_organization AS a00\n\t\t\tON (c10.organization_idref = a00.organization_id)\n\t\t\tWHERE c00.loginname=:user;"; $stmt = $_DB->prepare($sql); $stmt->bindValue(':user', $_STATE->fields["txtName"], PDO::PARAM_STR); $stmt->execute(); $_STATE->msgStatus = "Invalid login"; if (!($row = $stmt->fetchObject())) { $_STATE->msgStatus .= " x"; return false; //nobody there } //only super-duper user has no organization (even other superusers must have one) if (is_null($row->person_idref) && $row->person_id != 0) { $_STATE->msgStatus .= " 0"; return false; } if (PHP_VERSION_ID < 50500) { require_once "password.php"; } if (!password_verify($_STATE->fields["txtPswd"], $row->password)) { $_STATE->msgStatus .= " -"; return false; } $_SESSION["person_id"] = $row->person_id; if (is_null($row->organization_idref)) { //should be the super-duper user $_SESSION["person_organization_id"] = 0; $_SESSION["organization_id"] = 1; //better be a record there $stmt->closeCursor(); $sql = "SELECT timezone FROM " . $_DB->prefix . "a00_organization WHERE organization_id=1;"; $stmt = $_DB->query($sql); $row = $stmt->fetchObject(); } else { $today = new DateTime(); //can't do TZO offset until org set - may be a few hours off while (1 == 1) { if (new DateTime($row->inactive_asof) >= $today) { break; } if (!($row = $stmt->fetchObject())) { $_STATE->msgStatus .= " +"; return false; } } $_SESSION["person_organization_id"] = $row->person_organization_id; $_SESSION["organization_id"] = $row->organization_id; } $_SESSION["org_TZO"] = $row->timezone; $_STATE->msgStatus = ""; $stmt->closeCursor(); $_SESSION["UserPermits"] = $_PERMITS->get_permits($_SESSION["person_id"]); //set the users's permissions $_SESSION["UserPermits"]["_LEGAL_"] = TRUE; //can now pass the 'logged in' gate error_log("Login: by " . $_STATE->fields["txtName"] . "; id=" . $_SESSION["person_id"]); //not an error but the best place to put it return true; }
function add_activity(&$state) { global $_DB; $activity = COM_input_edit("act"); $hash = md5($activity); $sql = "INSERT INTO " . $_DB->prefix . "b02_activity (description) VALUES (:hash);"; $stmt = $_DB->prepare($sql); $stmt->bindValue(':hash', $hash, PDO::PARAM_STR); $stmt->execute(); $sql = "SELECT activity_id FROM " . $_DB->prefix . "b02_activity WHERE description=:hash;"; $stmt = $_DB->prepare($sql); $stmt->bindValue(':hash', $hash, PDO::PARAM_STR); $stmt->execute(); $state->activity_id = $stmt->fetchObject()->activity_id; $stmt->closeCursor(); $sql = "UPDATE " . $_DB->prefix . "b02_activity SET description=:desc WHERE activity_id=" . $state->activity_id . ";"; $stmt = $_DB->prepare($sql); $stmt->bindValue(':desc', $activity, PDO::PARAM_STR); $stmt->execute(); }
function update_log(&$state) { global $_DB; $sql = "UPDATE " . $_DB->prefix . "b10_eventlog\n\t\t\tSET session_count=" . $_POST["sessions"] . ", attendance=" . $_POST["attendance"] . ",\n\t\t\tcomments=:comments\n\t\t\tWHERE eventlog_id=" . $state->recID . ";"; $stmt = $_DB->prepare($sql); $stmt->bindValue(':comments', COM_input_edit("comments"), PDO::PARAM_STR); $stmt->execute(); $state->msgStatus = "-"; //tell server_call to reset page }
function input_edit($fldname, $length = -1) { return COM_input_edit($fldname, $length); }