function alert_PostPayrollValidation($config)
{
if ($config->adminLvl == 50) {
$dismiss = isset($_POST['dismissPostValidBtn']) ? true : false;
$dismiss = isset($_GET['postPayrollValid']) ? true : $dismiss;
//No dismissal session variable for real time alerting
$dismissTime = isset($_SESSION['dismissPayrollValid']) ? $_SESSION['dismissPayrollValid'] : false;
if (!$dismiss) {
$current_timestamp = strtotime(date('Y-m-d H:i'));
$compare_timestamp = strtotime("-30 minute", $current_timestamp);
if (strtotime($dismissTime) >= $compare_timestamp) {
//popUpMessage('Will not display message '.strtotime($dismissTime). ' vs '.$compare_timestamp);
} else {
$mysqli = $config->mysqli;
//Get approved time request submitted to HR if date of use is prior to last pay period and
//current date is after end of payperiod
//determine last day of last approved pay period
$today = date('Y-m-d');
$myq = "SELECT COUNT(REFER), MAX(USEDATE) 'endDate', MIN(USEDATE) 'startDate'\r\n FROM REQUEST\r\n WHERE (STATUS='APPROVED' OR STATUS='DENIED')\r\n AND HRAPP_IS = '0'\r\n AND USEDATE <= (SELECT PPEND FROM PAYPERIOD WHERE PPEND = (SELECT PPBEG-1 FROM PAYPERIOD WHERE '" . $today . "' BETWEEN PPBEG AND PPEND))";
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result, $myq);
if ($result->num_rows > 0) {
$_SESSION['dismissPayrollValid'] = date('Y-m-d H:i');
$row = $result->fetch_assoc();
popUpMessage('<div align="center"><form name="verifyAlert" method="POST" action="?hrEmpRep=true&cust=true&postPayrollValid=true">
New Time Request after validation!
<input type="submit" name="dismissPostValidBtn" value="Go to Alert" />
<input type="hidden" name="start" value="' . $row['startDate'] . '" />
<input type="hidden" name="end" value="' . $row['endDate'] . '" />
</form></div>', 'ALERT');
}
}
} else {
$_SESSION['dismissPayrollValid'] = date('Y-m-d H:i');
}
}
}
function getEmpByName($lName)
{
$listOfResults = array(array());
$myq = "SELECT IDNUM FROM EMPLOYEE WHERE LNAME='" . $lName . "';";
$result = $this->mysqli->query($myq);
if (!SQLerrorCatch($this->mysqli, $result)) {
//$error = "Successfully Disabled Employee";
$x = 0;
while ($row = $result->fetch_assoc()) {
$listOfResults[$x] = wts_employee::getEmpByID($row['IDNUM']);
$x++;
}
} else {
$error = "Failed to Find Employee with Last Name of " . $lName;
}
return $listOfResults;
}
function viewClandar($config, $month, $year)
{
$day = date('j');
$short = date('y');
if ($month > 12) {
$month = $month - 12;
$year = $year + 1;
}
if ($month < 1) {
$month = $month + 12;
$year = $year - 1;
}
$next_month = $month + 1;
$prev_month = $month - 1;
$days_in_month = cal_days_in_month(CAL_GREGORIAN, $month, $year);
//Here we generate the first day of the month
$first_day = mktime(0, 0, 0, $month, 1, $year);
$dtFirstDay = date('F', mktime(0, 0, 0, $month - 1, 1, $year));
$dtLastDay = date('F', mktime(0, 0, 0, $month + 1, 1, $year));
//This gets us the month name
$title = date('F', $first_day);
//Here we find out what day of the week the first day of the month falls on
$day_of_first_day = date('w', mktime(0, 0, 0, $month, 1, $year));
$myDivID = "";
if (isset($_POST['divisionID'])) {
$myDivID = $_POST['divisionID'];
}
// Navigation for the monthly calender view
$Prenavigation = "<input type=\"submit\" name=\"prevMonth\" value=\"<< " . $dtFirstDay . "\" />";
$Nextnavigation = "<input type=\"submit\" name=\"nextMonth\" value=\"" . $dtLastDay . " >>\" />";
$mysqli = $config->mysqli;
//Here we start building the table heads
echo "</div><div class=\"cal\"><table width=720>";
echo "<tr><th colspan=7> ";
echo "<br/><h3>Approved Requests<br/></h3><br/>";
echo '<form name="divisionForm" method="POST">';
echo "<input type=\"hidden\" name=\"prevMon\" value=\"{$prev_month}\">\r\n <input type=\"hidden\" name=\"curMon\" value=\"{$month}\">\r\n <input type=\"hidden\" name=\"nextMon\" value=\"{$next_month}\">\r\n <input type=\"hidden\" name=\"year\" value=\"{$year}\">\r\n <table border=\"0\" width=\"700\" cellspacing=\"0\" cellpadding=\"0\">\r\n <tr>\r\n <td width=10> </td>\r\n <td width=\"8\" height=\"5\" align=\"center\" valign=\"middle\">" . $Prenavigation . "</td>\r\n <td height='8' width=\"100\" align=\"center\" valign=\"middle\" style=\"padding:0px 0px 0px 0px;\"> " . $title . " " . $year . " </td>\r\n <td width=\"8\" height=\"5\" align=\"center\" valign=\"middle\">" . $Nextnavigation . "</td>\r\n <td align=\"right\" valign=\"middle\">";
$requestReport = new request_reports($config);
$requestReport->config = $config;
$requestReport->showDivisionDropDown();
$myDivID = $requestReport->divisionID;
//echo 'Show for division:
//<select name="divisionID" onchange="this.form.submit()">';
// if(isset($_POST['divisionID'])){
// $myDivID = $_POST['divisionID'];
// }
// else{
// if($admin >= 50){
// $myDivID = "All";
// }
// else{
// $mydivq = "SELECT DIVISIONID FROM EMPLOYEE E WHERE E.IDNUM='" . $_SESSION['userIDnum']."'";
// $myDivResult = $mysqli->query($mydivq);
// SQLerrorCatch($mysqli, $myDivResult);
// $temp = $myDivResult->fetch_assoc();
// $myDivID = $temp['DIVISIONID'];
// }
// }
//
// $alldivq = "SELECT * FROM `DIVISION` WHERE 1";
// $allDivResult = $mysqli->query($alldivq);
// SQLerrorCatch($mysqli, $allDivResult);
// while($Divrow = $allDivResult->fetch_assoc()) {
// echo '<option value="'.$Divrow['DIVISIONID'].'"';
// if($Divrow['DIVISIONID']==$myDivID)
// echo ' SELECTED ';
// echo '>'.$Divrow['DESCR'].'</option>';
// }
// if(isset($_POST['divisionID'])){
// if($myDivID == "All")
// echo '<option value="All" SELECTED>All</option>';
// else
// echo '<option value="All">All</option>';
// }
// else
// echo '<option value="All">All</option>';
// echo '</select></form></div>';
echo " </td>\r\n </tr>\r\n </form></table></td>";
$myq = "SELECT COUNT(REQUEST.REFER) AS 'RequestNumbers',\r\n IF(REQUEST.TIMETYPEID IS NULL, SUB.DESCR, OLDT.DESCR) 'Subtype',\r\n DATE_FORMAT(USEDATE,'%d') 'Used'\r\n FROM REQUEST \r\n LEFT JOIN EMPLOYEE AS REQ ON REQ.IDNUM=REQUEST.IDNUM\r\n LEFT JOIN TIMETYPE AS OLDT ON OLDT.TIMETYPEID = REQUEST.TIMETYPEID\r\n LEFT JOIN SUBTYPE AS OLDSUB ON OLDSUB.IDNUM=REQUEST.SUBTYPE\r\n LEFT JOIN WTS_TIMETYPES AS T ON T.IDNUM=REQUEST.TIMETYPES_ID\r\n LEFT JOIN WTS_SUBTIMETYPES AS SUB ON SUB.IDNUM=REQUEST.SUBTYPE_ID\r\n\r\n WHERE 1 " . $requestReport->filters . "\r\n AND DATE_FORMAT(USEDATE,'%m-%Y') = '" . date('m-Y', mktime(0, 0, 0, $month, 1, $year)) . "'\r\n AND REQUEST.STATUS = 'APPROVED'\r\n GROUP BY REQUEST.USEDATE, IF(REQUEST.TIMETYPEID IS NULL, SUB.IDNUM, NEWTYPE_ID)\r\n ORDER BY REQUEST.USEDATE";
// }
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result, $myq, $debug = false);
echo "</th></tr>";
echo "<tr><td align=\"center\" width=102>Sunday</td>\r\n <td align=\"center\" width=102>Monday</td>\r\n <td align=\"center\" width=102>Tuesday</td>\r\n <td align=\"center\" width=102>Wednesday</td>\r\n <td align=\"center\" width=102>Thurday</td>\r\n <td align=\"center\" width=102>Friday</td>\r\n <td align=\"center\" width=102>Saturday</td>\r\n </tr>";
//This counts the days in the week, up to 7
$day_count = 1;
$blank = $day_of_first_day;
echo "<tr height='25'>";
//first we take care of those blank days
while ($blank > 0) {
echo "<td ></td>";
$blank = $blank - 1;
$day_count++;
}
//sets the first day of the month to 1
$day_num = "01";
// $timetype[0] = "OT";
// $timetype[1] = "SK";
// $timetype[2] = "PR";
// $timetype[3] = "VA";
// $timetype[4] = "5";//overtime
// $timetype[5] = "6";//overtime
// $timetype[6] = "3";//sick
// $timetype[7] = "2";//personal
// $timetype[8] = "1";//vacation
//count up the days, untill we've done all of them in the month
while ($day_num <= $days_in_month) {
// for($i=0;$i<count($timetype);$i++){
// if($myDivID == "All"){
// $myq = "SELECT `REFER` , `IDNUM` , `TIMETYPEID` , `USEDATE` , `STATUS`
// FROM `REQUEST`
// WHERE `TIMETYPEID` = '".$timetype[$i]."'
// AND USEDATE = '".$year."-".$month."-".$day_num."'
// AND `STATUS` = 'APPROVED'";
// }
// else{
echo "<td height='100' valign = \"top\" align=\"center\"><div style=\"background-color:grey\">";
echo '<form name="goToDetails" method="POST" action="?submittedRequestsNEW=true&cust=true">
<input type="hidden" name="divisionID" value="' . $myDivID . '" />
<input type="hidden" name="customDate" value="true" />
<input name="start" type="hidden" value="' . $month . '/' . $day_num . '/' . $year . '" />
<input name="end" type="hidden" value="' . $month . '/' . $day_num . '/' . $year . '" />
<input type="submit" name="goToDetails" value="' . $day_num . '" /></form></div>';
$overTime = 0;
$sick = 0;
$personal = 0;
$vacation = 0;
$result->data_seek(0);
while ($row = $result->fetch_assoc()) {
//popupmessage($row['Used'].' day '. $day_num);
if ($row['Used'] == $day_num) {
echo $row['Subtype'] . ': ' . $row['RequestNumbers'] . '<br/>';
}
}
// if($i == 0)
// $overTime = $result->num_rows;
// if($i == 1)
// $sick = $result->num_rows;
// if($i == 2)
// $personal = $result->num_rows;
// if($i == 3)
// $vacation = $result->num_rows;
// }
if ($overTime > 0) {
echo 'Overtime: ' . $overTime . '<br/>';
}
if ($sick > 0) {
echo 'Sick: ' . $sick . '<br/>';
}
if ($personal > 0) {
echo 'Personal: ' . $personal . '<br/>';
}
if ($vacation > 0) {
echo 'Vacation: ' . $vacation . '<br/>';
}
echo "<div>";
$day_count++;
//Make sure we start a new row every week
if ($day_count > 7) {
echo "</tr><tr height='25'>";
$day_count = 1;
}
$day_num++;
if (strlen((string) $day_num) == 1) {
$day_num = "0" . (string) $day_num;
}
}
//Finaly we finish out the table with some blank details if needed
while ($day_count > 2 && $day_count <= 7) {
echo "<td> </td>";
$day_count++;
}
echo "</tr></table></div>";
}
function showItemExchange($config, $radioLogID)
{
$mysqli = $config->mysqli;
$dbgTrace = debug_backtrace();
$dbgMsg = "<table><tr><th>Debug backtrace begin:</th></tr>";
foreach ($dbgTrace as $dbgIndex => $dbgInfo) {
$dbgMsg .= '<tr width=300><td>' . $dbgInfo['file'] . ' (line ' . $dbgInfo['line'] . ') -> ' . $dbgInfo['function'] . '</td></tr>';
}
$dbgMsg .= "<tr><td> </td></tr><tr><th>Debug backtrace end</th></tr></table>";
//popUpMessage($dbgMsg);
//get radioLog duplicating information
$myq = "SELECT R.RADIOID, R.TYPE, INV.OTHER_SN, ITYPE.IDNUM 'itemTypeID',\r\n ITYPE.DESCR 'itemType', CONCAT_WS(', ', EMP.LNAME, EMP.FNAME) 'deputyName',\r\n R.DIVISIONID 'invDIV'\r\n FROM WTS_RADIOLOG R\r\n LEFT JOIN EMPLOYEE AS EMP ON R.DEPUTYID=EMP.IDNUM\r\n LEFT JOIN WTS_INVENTORY AS INV ON R.RADIOID=INV.IDNUM\r\n LEFT JOIN WTS_INV_TYPE AS ITYPE ON INV.TYPE=ITYPE.IDNUM\r\n WHERE R.REFNUM = '" . $radioLogID . "' LIMIT 1;";
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result, $myq);
$item = $result->fetch_assoc();
$radioID = $item['RADIOID'];
$divID = $item['invDIV'];
echo '<input type="hidden" name="divisionID" value="' . $_POST['divisionID'] . '" />';
echo '<br/>' . $item['itemType'] . ' ' . $item['OTHER_SN'] . ' will be exchanged from ' . $item['deputyName'] . ' to: <br/>';
//debug
//var_dump($_POST);
//Show previously added deputies
$isExchanged = false;
$deputyCount = 0;
$num_deputies = isset($_POST['num_deputies']) ? $_POST['num_deputies'] : 0;
$exchangeBtn = isset($_POST['exchangeItemBtn']) ? true : false;
$removeBtn = false;
if ($num_deputies > 0) {
for ($i = 0; $i < $num_deputies; $i++) {
if (!isset($_POST['removeDeputyBtn' . $i])) {
$deputyID[$i] = isset($_POST['deputyID' . $i]) ? $mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : '';
$isReserve[$i] = isset($_POST['isReserve' . $i]) ? true : false;
//get this user's information
if ($isReserve[$i]) {
$myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $deputyID[$i];
$result = $mysqliReserve->query($myq);
SQLerrorCatch($mysqliReserve, $result, $myq);
$row = $result->fetch_assoc();
} else {
$myq = 'SELECT RADIO, CELLPH, LNAME, FNAME, DIVISIONID FROM EMPLOYEE WHERE IDNUM=' . $deputyID[$i];
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result, $myq);
$row = $result->fetch_assoc();
}
if ($i == 0) {
$phone = $row['CELLPH'];
}
echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $deputyID[$i] . '" />';
if ($isReserve[$i] == 1) {
echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />';
}
echo $row['LNAME'] . ', ' . $row['FNAME'];
echo '; Radio Call #: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO'];
echo '<br/>';
if ($exchangeBtn) {
$hiddenInputs = '<input type="hidden" value="' . $_POST['dateSelect'] . '" name="dateSelect">
<input type="hidden" name="divisionID" value="' . $row['DIVISIONID'] . '" />
<input type="hidden" value="' . $_POST['exchangeLogID'] . '" name="exchangeLogID">
<input type="hidden" value="' . $_POST['itemID'] . '" name="itemID">
<input type="hidden" value="' . $deputyID[$i] . '" name="deputyID0">
<input type="hidden" value="' . $_POST['radioCallNum0'] . '" name="radioCallNum0">
<input type="hidden" value="1" name="num_deputies">
<input type="hidden" value="0" name="finalRows">
<input type="hidden" value="true" name="exchangeItemBtn">';
$wasCheckedIn = checkInRadioLog($config, $radioLogID, $noLog = true, $hiddenInputs);
if ($wasCheckedIn) {
$noteq = "UPDATE WTS_RADIOLOG SET EXCHANGEID = '" . $deputyID[$i] . "' WHERE REFNUM='" . $radioLogID . "';";
$noteResult = $mysqli->query($noteq);
SQLerrorCatch($mysqli, $noteResult);
$tempReserve = isset($_POST['isReserve' . $i]) ? '1' : '0';
$insertLogID = checkOutItem($config, $deputyID[$i], $row['RADIO'], $radioID, $item['itemTypeID'], "SHIFT", $tempReserve, "0", $row['DIVISIONID'], $noLog = true);
addLog($config, 'Exchanged Log Ref #' . $radioLogID . ' with Ref #' . $insertLogID);
echo '<br/><font color="red">Exchanged Ref #' . $radioLogID . ' with Ref #' . $insertLogID . '</font><br/>';
$isExchanged = true;
}
}
$deputyCount++;
} else {
$removeBtn = true;
}
}
//End for loop of previously added deputies
}
//End check for multiple deputies
if (!$isExchanged) {
echo '<input type="hidden" name="exchangeLogID" value="' . $radioLogID . '" />';
echo '<input type="hidden" name="itemID" value="' . $radioID . '" />';
}
//Get added Deputy
$totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0;
$foundUserFNAME = '';
$foundUserLNAME = '';
$foundUserName = '';
$foundUserID = '';
if ($totalRows > 0) {
//get post info providied from search results
for ($i = 0; $i <= $totalRows; $i++) {
if (isset($_POST['foundUser' . $i])) {
$foundUserFNAME = $_POST['foundUserFNAME' . $i];
$foundUserLNAME = $_POST['foundUserLNAME' . $i];
$foundUserName = $_POST['foundUserName' . $i];
$foundUserID = $_POST['foundUserID' . $i];
if (isset($_POST['isReserve' . $i])) {
$foundUserIsReserve = true;
} else {
$foundUserIsReserve = false;
}
break;
}
//end if
}
//end for
}
//Defaut First User - Default keep disabled for this type of exchange
// if(empty($foundUserID) && $num_deputies == 0){
// //security check for central control computer
// if($_SERVER['REMOTE_ADDR'] != nslookup('mcjcbcast.sheriff.mahoning.local')){
// //Default first deputy to logged in user on first load
// $foundUserID = $_SESSION['userIDnum'];
// $foundUserIsReserve = false;
// }
// }
//Start to display information
if (empty($foundUserID) && !$removeBtn && $_SERVER['REMOTE_ADDR'] != nslookup('WSRF14900.mahoningcountyoh.gov')) {
//'10.1.32.72'
//default to logged in deputy if remove button was not pressed and this is not the central computer
$foundUserID = $_SESSION['userIDnum'];
$foundUserIsReserve = false;
}
if (!empty($foundUserID) && !$exchangeBtn) {
if ($foundUserIsReserve) {
$myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $foundUserID;
$result = $mysqliReserve->query($myq);
SQLerrorCatch($mysqliReserve, $result);
} else {
$myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $foundUserID;
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
}
$row = $result->fetch_assoc();
if ($deputyCount == 0) {
$phone = $row['CELLPH'];
}
echo '<br/>Deputy: <font color="red"><input type="hidden" name="deputyID' . $deputyCount . '" value="' . $foundUserID . '" />';
if ($foundUserIsReserve) {
echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />';
}
echo $row['LNAME'] . ', ' . $row['FNAME'];
echo '</font>; Radio Call#: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO'];
echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />';
echo '<br/>';
$deputyCount++;
}
if ($deputyCount < 1) {
//default to logged in deputy
echo 'Add Deputy: ';
displayUserLookup($config);
}
echo '<input type="hidden" name="num_deputies" value="' . $deputyCount . '" />';
if (isset($_POST['exchangeItemBtn'])) {
echo '<br/><input type="submit" name="goBtn" value="Back to Logs" />';
} else {
echo '<br/><br/>';
if ($deputyCount > 0) {
echo '<input type="submit" name="exchangeItemBtn" value="Exchange Equipment" />';
}
echo '<input type="submit" name="cancelBtn" value="Cancel" />';
}
}
function displaySecLogReport($config)
{
echo '<h2>Secondary Employement Logs Reports By Date</h2>';
if ($config->adminLvl >= 25) {
$dateFrom = isset($_POST['dateFrom']) ? $_POST['dateFrom'] : false;
$dateTo = isset($_POST['dateTo']) ? $_POST['dateTo'] : false;
echo '<form method="POST" name="secLog">';
if (!$dateFrom) {
$dateFrom = Date('m/d/Y', time());
$dateTo = Date('m/d/Y', time());
echo 'Date From ';
//echo '<input name="dateSelect" type="text" value="'.$dateSelect.'" />';
displayDateSelect("dateFrom", "dateSel", false, false, true, false);
echo ' To ';
displayDateSelect("dateTo", "dateSel2", false, false, true, false);
echo ' <input id="goBtn" type=submit name="goBtn" value="Go" /><br />';
} else {
if ($dateTo < $dateFrom) {
echo '<font color="red">Invalid Entry! "To" Date must be greater than or equal to "From" Date</font></br></br>';
}
echo '<h3>Date: ';
displayDateSelect("dateFrom", "dateSel", $dateFrom, false, false, false);
echo ' To ';
if ($dateTo < $dateFrom) {
$dateTo = $dateFrom;
displayDateSelect("dateTo", "dateSel2", $dateTo, true, false, false);
} else {
displayDateSelect("dateTo", "dateSel2", $dateTo, false, false, false);
}
echo ' <input id="goBtn" type=submit name="goBtn" value="Go" /><br />';
}
$mysqli = $config->mysqli;
/*query unions the results of joins on two different tables (EMPLOYEE and RESERVE)
depending on the value of SECLOG.IS_RESERVE */
$myq = "SELECT S.GPNUM 'gpID', CONCAT_WS(', ',SEC.LNAME,SEC.FNAME) 'DEPUTYID', S.RADIO, \r\n TIME_FORMAT(TIMEIN,'%H%i') 'TIMEIN',\r\n CONCAT_WS(', ',LOGIN.LNAME,LOGIN.FNAME) 'AUDIT_IN_ID', LOCATION, S.CITY,\r\n TIME_FORMAT(SHIFTSTART,'%H%i') 'SHIFTSTART', TIME_FORMAT(SHIFTEND,'%H%i') 'SHIFTEND',\r\n DRESS, TIME_FORMAT(TIMEOUT,'%H%i') 'TIMEOUT', \r\n CONCAT_WS(', ',LOGOUT.LNAME,LOGOUT.FNAME) 'AUDIT_OUT_ID', \r\n CONCAT_WS(', ',SUP.LNAME,SUP.FNAME) 'SUP_ID', DATE_FORMAT(SUP_TIME,'%m/%d/%y %H%i') 'SUP_TIME',\r\n PHONE, S.IDNUM\r\n FROM SECLOG S\r\n INNER JOIN EMPLOYEE AS SEC ON S.DEPUTYID=SEC.IDNUM\r\n LEFT JOIN EMPLOYEE AS LOGIN ON S.AUDIT_IN_ID=LOGIN.IDNUM\r\n LEFT JOIN EMPLOYEE AS LOGOUT ON S.AUDIT_OUT_ID=LOGOUT.IDNUM\r\n LEFT JOIN EMPLOYEE AS SUP ON S.SUP_ID=SUP.IDNUM\r\n WHERE `SHIFTDATE` BETWEEN '" . Date('Y-m-d', strtotime($dateFrom)) . "'\r\n AND '" . Date('Y-m-d', strtotime($dateTo)) . "'\r\n AND S.IS_RESERVE=0\r\n\r\n UNION\r\n\r\n SELECT S.GPNUM 'gpID', CONCAT_WS(', ',SEC.LNAME,SEC.FNAME) 'DEPUTYID', S.RADIO,\r\n TIME_FORMAT(TIMEIN,'%H%i') 'TIMEIN',\r\n CONCAT_WS(', ',LOGIN.LNAME,LOGIN.FNAME) 'AUDIT_IN_ID', LOCATION, S.CITY,\r\n TIME_FORMAT(SHIFTSTART,'%H%i') 'SHIFTSTART', TIME_FORMAT(SHIFTEND,'%H%i') 'SHIFTEND',\r\n DRESS, TIME_FORMAT(TIMEOUT,'%H%i') 'TIMEOUT', \r\n CONCAT_WS(', ',LOGOUT.LNAME,LOGOUT.FNAME) 'AUDIT_OUT_ID', \r\n CONCAT_WS(', ',SUP.LNAME,SUP.FNAME) 'SUP_ID', DATE_FORMAT(SUP_TIME,'%m/%d/%y %H%i') 'SUP_TIME',\r\n PHONE, S.IDNUM\r\n FROM SECLOG S\r\n INNER JOIN RESERVE AS SEC ON S.DEPUTYID=SEC.IDNUM\r\n LEFT JOIN EMPLOYEE AS LOGIN ON S.AUDIT_IN_ID=LOGIN.IDNUM\r\n LEFT JOIN EMPLOYEE AS LOGOUT ON S.AUDIT_OUT_ID=LOGOUT.IDNUM\r\n LEFT JOIN EMPLOYEE AS SUP ON S.SUP_ID=SUP.IDNUM\r\n WHERE `SHIFTDATE` BETWEEN '" . Date('Y-m-d', strtotime($dateFrom)) . "'\r\n AND '" . Date('Y-m-d', strtotime($dateTo)) . "'\r\n AND S.IS_RESERVE=1\r\n ORDER BY 'gpID'";
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result, $myq, $debug = false);
$echo = '';
$x = 0;
$y = 0;
//resultTable($mysqli, $result, 'false');
$showAll = true;
$theTable = array(array());
$theTable[$x][$y] = "Action";
$y++;
$theTable[$x][$y] = "# in Group";
$y++;
$theTable[$x][$y] = "Deputy";
$y++;
$theTable[$x][$y] = "Radio#";
$y++;
$theTable[$x][$y] = "Log In";
$y++;
$theTable[$x][$y] = "C/Deputy";
$y++;
$theTable[$x][$y] = "Site Name/Address";
$y++;
$theTable[$x][$y] = "City/Twp";
$y++;
$theTable[$x][$y] = "Contact#";
$y++;
$theTable[$x][$y] = "Shift Start";
$y++;
$theTable[$x][$y] = "Shift End";
$y++;
$theTable[$x][$y] = "Dress";
$y++;
$theTable[$x][$y] = "Log Off";
$y++;
$theTable[$x][$y] = "C/Deputy";
$y++;
$theTable[$x][$y] = "Supervisor";
$y++;
$theTable[$x][$y] = "Sign Off";
$y++;
$lastGroupID = '';
$groupCounter = 0;
while ($row = $result->fetch_assoc()) {
if ($row['gpID'] == $lastGroupID && $lastGroupID != 0) {
$gpCountSQL = $config->mysqli;
$gpCountq = "SELECT GPNUM FROM SECLOG WHERE GPNUM='" . $row['gpID'] . "'";
$gpCountresult = $mysqli->query($gpCountq);
SQLerrorCatch($gpCountSQL, $gpCountresult);
$theTable[$x][0] .= ', ' . $row['IDNUM'];
$theTable[$x][2] = $gpCountresult->num_rows;
} else {
$groupCounter = 1;
if (strcmp($row['TIMEOUT'], "0000") == 0 || $showAll || strcmp($row['SUP_TIME'], "00/00/00 0000") == 0) {
$x++;
if (strcmp($row['SUP_TIME'], "00/00/00 0000") == 0) {
// $theTable[$x][0] = '<input type="submit" name="secLogApproved'.$x.'" value="Approve" />
// <input type="hidden" name="secLogID'.$x.'" value="'.$row['IDNUM'].'" />
// <input type="submit" value="Edit/View" name="secLogRadio'.$x.'" />';
$theTable[$x][0] = 'Ref# ' . $row['IDNUM'];
} else {
$theTable[$x][0] = 'Ref# ' . $row['IDNUM'];
//$theTable[$x][0] .= '<input type="submit" value="Edit/View" name="secLogRadio'.$x.'" />
//<input type="hidden" name="secLogID'.$x.'" value="'.$row['IDNUM'].'" />';
}
$y = 1;
$theTable[$x][$y] = $groupCounter;
$y++;
$theTable[$x][$y] = $row['DEPUTYID'];
$y++;
$theTable[$x][$y] = $row['RADIO'];
$y++;
$theTable[$x][$y] = $row['TIMEIN'];
$y++;
$theTable[$x][$y] = $row['AUDIT_IN_ID'];
$y++;
$theTable[$x][$y] = $row['LOCATION'];
$y++;
$theTable[$x][$y] = $row['CITY'];
$y++;
$theTable[$x][$y] = $row['PHONE'];
$y++;
$theTable[$x][$y] = $row['SHIFTSTART'];
$y++;
$theTable[$x][$y] = $row['SHIFTEND'];
$y++;
$theTable[$x][$y] = $row['DRESS'];
$y++;
$theTable[$x][$y] = $row['TIMEOUT'];
$y++;
$theTable[$x][$y] = $row['AUDIT_OUT_ID'];
$y++;
$theTable[$x][$y] = $row['SUP_ID'];
$y++;
$theTable[$x][$y] = $row['SUP_TIME'];
$y++;
$lastGroupID = $row['gpID'];
}
}
}
//end while loop
showSortableTable($theTable, 3);
$echo .= '<input type="hidden" name="editRows" value="' . $x . '" />';
echo $echo;
} else {
echo 'Access Denied';
}
}
function overtimeReport($config)
{
echo '<h3>Employee Overtime Reports</h3>';
if ($config->adminLvl >= 25) {
$mysqli = $config->mysqli;
//Get variables
$repYear = isset($_POST['repYear']) ? $_POST['repYear'] : $config->installYear;
//Select year
echo '<form method=POST>';
echo '</div><div class="login"><table><tr><td>Report Year: <select name="repYear" onchange="this.form.submit()">';
for ($i = $config->installYear; $i <= date('Y'); $i++) {
echo '<option value="' . $i . '"';
if ($repYear == $i) {
echo ' SELECTED';
}
echo '>' . $i . '</option>';
}
echo '</select></td>';
$startDate = new DateTime($repYear . '-01-01');
$endDate = new DateTime($repYear . '-12-31');
if (isset($_POST['viewDetailsBtn']) && !isset($_POST['backBtn'])) {
$empID = $_POST['empID'];
echo '<td width=470 align=right><input type="submit" name="backBtn" value="Back to List" />
<input type="hidden" name="viewDetailsBtn" value="true" />
<input type="hidden" name="empID" value="' . $empID . '" />
</td></tr></table></div><div class="post">';
empTimeReportByPay($config, $startDate, $endDate, $empID);
echo '</form>';
} else {
if ($config->adminLvl >= 25) {
echo '<td width=470 align=right>Choose a Division:
<select name="divisionID" onchange="this.form.submit()">';
if (isset($_POST['divisionID'])) {
$myDivID = $_POST['divisionID'];
} else {
if ($config->adminLvl >= 50) {
$myDivID = "All";
} else {
$mydivq = "SELECT DIVISIONID FROM EMPLOYEE E WHERE E.IDNUM='" . $_SESSION['userIDnum'] . "'";
$myDivResult = $mysqli->query($mydivq);
SQLerrorCatch($mysqli, $myDivResult);
$temp = $myDivResult->fetch_assoc();
$myDivID = $temp['DIVISIONID'];
}
}
$alldivq = "SELECT * FROM `DIVISION` WHERE 1";
$allDivResult = $mysqli->query($alldivq);
SQLerrorCatch($mysqli, $allDivResult);
while ($Divrow = $allDivResult->fetch_assoc()) {
echo '<option value="' . $Divrow['DIVISIONID'] . '"';
if ($Divrow['DIVISIONID'] == $myDivID) {
echo ' SELECTED ';
}
echo '>' . $Divrow['DESCR'] . '</option>';
}
if ($config->adminLvl >= 25) {
if (isset($_POST['divisionID'])) {
if ($myDivID == "All") {
echo '<option value="All" SELECTED>All</option>';
} else {
echo '<option value="All">All</option>';
}
} else {
if ($myDivID == "All") {
echo '<option value="All" SELECTED>All</option>';
} else {
echo '<option value="All">All</option>';
}
}
}
echo '</select></td>';
}
echo '</tr></table>';
$isApproveStatus = isset($_POST['approvedStatus']) ? true : false;
if (!isset($_POST['clicked'])) {
$isApproveStatus = true;
}
$isPendingStatus = isset($_POST['pendingStatus']) ? true : false;
echo '<div align=right><form method=POST><input type="hidden" name="clicked" value="true" />';
//Status = approved
echo '<input onChange="this.form.submit()" type="checkbox" value="true" name="approvedStatus"';
if ($isApproveStatus) {
echo ' CHECKED';
}
echo ' />Status: Approved<Br/>';
//status = pending
echo '<input onChange="this.form.submit()" type="checkbox" value="true" name="pendingStatus"';
if ($isPendingStatus) {
echo ' CHECKED';
}
echo ' />Status: Pending<br/>';
echo '</form></div></div><div class="post">';
if ($myDivID == "All") {
$myDivID = "";
} else {
$myDivID = "AND REQ.DIVISIONID='" . $myDivID . "'";
}
$status = '';
if ($isApproveStatus && $isPendingStatus) {
$status = "AND (STATUS = 'APPROVED' OR STATUS = 'PENDING')";
} else {
if ($isApproveStatus) {
$status = "AND STATUS = 'APPROVED'";
} else {
if ($isPendingStatus) {
$status = "AND STATUS = 'PENDING'";
} else {
$status = "AND STATUS=''";
}
}
}
$myq = "SELECT REFER 'RefNo', REQ.IDNUM 'REQID', REQ.MUNIS 'Munis', CONCAT_WS(', ',REQ.LNAME,REQ.FNAME) 'Name', \r\n DATE_FORMAT(USEDATE,'%a %d %b %Y') 'Used', STATUS 'Status',\r\n DATE_FORMAT(BEGTIME,'%H%i') 'Start',\r\n DATE_FORMAT(ENDTIME,'%H%i') 'End', HOURS 'Hrs',\r\n T.DESCR 'Type', SUBTYPE 'Subtype', CALLOFF 'Calloff', NOTE 'Comment', \r\n HRAPP_IS 'HR_Approved', HR.LNAME 'HRLName', HR.FNAME 'HRFName'\r\n FROM REQUEST\r\n LEFT JOIN EMPLOYEE AS REQ ON REQ.IDNUM=REQUEST.IDNUM\r\n LEFT JOIN EMPLOYEE AS HR ON HR.IDNUM=REQUEST.IDNUM\r\n INNER JOIN TIMETYPE AS T ON T.TIMETYPEID=REQUEST.TIMETYPEID\r\n WHERE USEDATE BETWEEN '" . $startDate->format('Y-m-d') . "' AND '" . $endDate->format('Y-m-d') . "'\r\n AND REQUEST.TIMETYPEID='OT'\r\n " . $myDivID . "\r\n " . $status . "\r\n ORDER BY REQ.LNAME";
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
$theTable = array(array());
$x = 0;
$theTable[$x][0] = "View";
$theTable[$x][1] = "Munis #";
$theTable[$x][2] = "Employee";
$theTable[$x][3] = "Number of Overtime Requests";
$lastUser = '';
$lastUserRow = 0;
$recordCounter = 0;
while ($row = $result->fetch_assoc()) {
if (strcmp($lastUser, $row['Name']) == 0) {
$recordCounter++;
$theTable[$x][3] = $recordCounter;
} else {
$x++;
$recordCounter = 1;
$lastUser = $row['Name'];
$theTable[$x][0] = '<form method="POST">
<input type="submit" name="viewDetailsBtn" value="View" />
<input type="hidden" name="empID" value="' . $row['REQID'] . '" />
</form>';
$theTable[$x][1] = $row['Munis'];
$theTable[$x][2] = $lastUser;
$theTable[$x][3] = $recordCounter;
}
}
//end While loop
echo 'number of rows: ' . $x;
showSortableTable($theTable, 1);
}
} else {
echo 'Access Denied';
}
}
function searchReserves($config, $userToFind, $rowCount, $isSelect = true)
{
$mysqli = connectToSQL($reserveDB = TRUE);
if ($config->adminLvl < 75) {
$myq = "SELECT * FROM `RESERVE` WHERE `GRP` != 5 AND `LNAME` LIKE CONVERT(_utf8 '%" . $userToFind . "%' USING latin1) COLLATE latin1_swedish_ci ";
} else {
$myq = "SELECT * FROM `RESERVE` WHERE `LNAME` LIKE CONVERT(_utf8 '%" . $userToFind . "%' USING latin1) COLLATE latin1_swedish_ci ";
}
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
$begin = $rowCount;
$echo = "";
while ($row = $result->fetch_assoc()) {
$rowCount++;
$echo .= '<div align="center"><table width="400"><tr><td>';
if ($isSelect) {
$echo .= '<input name="foundUser' . $rowCount . '" type="radio" onClick="this.form.action=\'?' . $_POST['formName'] . "=true'" . ';this.form.submit()" />Select</td><td>';
}
$echo .= '<input type="hidden" name="foundUserFNAME' . $rowCount . '" value="' . $row['FNAME'] . '" /> First name: ' . $row['FNAME'] . "<br />";
$echo .= '<input type="hidden" name="foundUserLNAME' . $rowCount . '" value="' . $row['LNAME'] . '" /> Last Name: ' . $row['LNAME'] . "<br />";
$echo .= '<input type="hidden" name="foundUserID' . $rowCount . '" value="' . $row['IDNUM'] . '" /> Username: '******'FNAME'] . "." . $row['LNAME'] . '<br />';
$echo .= '<input type="hidden" name="foundUserName' . $rowCount . '" value="' . $row['FNAME'] . "." . $row['LNAME'] . '" />';
$echo .= "Rank: Reserve Group " . $row['GRP'] . "<br />";
$echo .= '<input type="hidden" name="isReserve' . $rowCount . '" value="true" />"';
$echo .= "</td></tr></table></div><br /><hr />";
}
//end While Loop
$rowsAdded = $rowCount - $begin;
if ($rowsAdded > 0) {
echo "Number of entries found in the reserve database is " . $rowsAdded . "<br /><br /><hr />";
echo $echo;
}
return $rowsAdded;
}
public function expungeRequest($extraInputs = '')
{
$confirmBtn = isset($_POST['confirmBtn']) ? true : false;
if ($this->toUnExpunge) {
if (!isset($_POST['okBtn'])) {
$myq = "UPDATE REQUEST \r\n SET STATUS='PENDING'\r\n WHERE REFER=" . $this->config->mysqli->real_escape_string($this->toExpungeRefNo);
$result = $this->mysqli->query($myq);
if (!SQLerrorCatch($this->config->mysqli, $result, $myq, $debug = false)) {
popUpMessage('Request ' . $this->toExpungeRefNo . ' Has been placed back into PENDING State.
<div align="center"><form method="POST">
' . $extraInputs . '
<input type="submit" name="okBtn" value="OK" />
</form></div>');
addLog($this->config, 'UnExpunged Time Request with Ref# ' . $this->toExpungeRefNo);
}
}
} else {
if ($confirmBtn && !empty($_POST['expungedReason'])) {
$tempRequestForm = new time_request_form($this->config);
$tempRequestForm->reqID = $this->toExpungeRefNo;
if ($_SESSION['admin'] || $_SESSION['userIDnum'] == $tempRequestForm->empID) {
$myq = "UPDATE REQUEST \r\n SET STATUS='EXPUNGED',\r\n HRAPP_ID='0',\r\n EX_REASON='" . $this->config->mysqli->real_escape_string($_POST['expungedReason']) . "',\r\n AUDITID='" . $this->config->mysqli->real_escape_string($_SESSION['userIDnum']) . "',\r\n IP= INET_ATON('" . $this->config->mysqli->real_escape_string($_SERVER['REMOTE_ADDR']) . "')\r\n WHERE REFER='" . $this->config->mysqli->real_escape_string($this->toExpungeRefNo) . "'";
$result = $this->config->mysqli->query($myq);
if (!SQLerrorCatch($this->config->mysqli, $result, $myq, $debug = false)) {
addLog($this->config, 'Expunged Time Request with Ref# ' . $this->toExpungeRefNo);
popUpMessage('Request ' . $this->toExpungeRefNo . ' expunged.
<div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '">
' . $extraInputs . '
<input type="submit" name="okBtn" value="OK" />
</form></div>');
}
} else {
popUpMessage('Cannot Expunge request, please see a supervisor
<div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '">
' . $extraInputs . '
<input type="submit" name="okBtn" value="OK" />
</form></div>');
}
} else {
if (!isset($_POST['okBtn'])) {
$result = "";
if (isset($_POST['expungedReason'])) {
if (empty($_POST['expungedReason'])) {
$result = '<font color="red">Requires a Reason</font><br/>';
}
}
$echo = '<div align="center"><form method="POST">
<input name="deleteBtn' . $this->toExpungeIndex . '" type="hidden" value="' . $this->toExpungeRefNo . '" />
<input type="hidden" name="totalRows" value="' . $this->toExpungeTotalRows . '" />
Request ' . $this->toExpungeRefNo . ' to be expunged<br/> ' . $result . '
Reason:<textarea name="expungedReason"></textarea><br/>
<input type="submit" name="confirmBtn" value="CONFIRM EXPUNGE" />
<input type="submit" name="okBtn" value="CANCEL" />
' . $extraInputs . '
</form></div>';
popUpMessage($echo);
}
}
}
}
function getQueryResult($config, $myq, $debug = false)
{
$result = $config->mysqli->query($myq);
if (!SQLerrorCatch($config->mysqli, $result, $myq, $debug)) {
return $result;
} else {
return false;
}
}
function reserveDetails($config, $reserveID)
{
$mysqli = connectToSQL($reserveDB = TRUE);
echo 'Details for: ' . $reserveID . '<input type="hidden" name="reserveID" value="' . $reserveID . '" />';
if ($config->adminLvl >= 75) {
$updateBtn = isset($_POST['updateBtn']) ? true : false;
if ($updateBtn) {
$group = isset($_POST['resGroup']) ? $mysqli->real_escape_string($_POST['resGroup']) : "";
$fName = isset($_POST['foundUserFNAME']) ? $mysqli->real_escape_string($_POST['foundUserFNAME']) : "";
$lName = isset($_POST['foundUserLNAME']) ? $mysqli->real_escape_string($_POST['foundUserLNAME']) : "";
$radio = isset($_POST['radioNum']) ? $mysqli->real_escape_string($_POST['radioNum']) : "";
$address = isset($_POST['address']) ? $mysqli->real_escape_string($_POST['address']) : "";
$city = isset($_POST['city']) ? $mysqli->real_escape_string($_POST['city']) : "";
$state = isset($_POST['state']) ? $mysqli->real_escape_string($_POST['state']) : "";
$zip = isset($_POST['zip']) ? $mysqli->real_escape_string($_POST['zip']) : "";
$hPhone = isset($_POST['hPhone']) ? $mysqli->real_escape_string($_POST['hPhone']) : "";
$cPhone = isset($_POST['cPhone']) ? $mysqli->real_escape_string($_POST['cPhone']) : "";
$wPhone = isset($_POST['wPhone']) ? $mysqli->real_escape_string($_POST['wPhone']) : "";
$tis = isset($_POST['tis']) ? $mysqli->real_escape_string($_POST['tis']) : "";
$agency = isset($_POST['agency']) ? $mysqli->real_escape_string($_POST['agency']) : "";
$notes = isset($_POST['notes']) ? $mysqli->real_escape_string($_POST['notes']) : "";
if (empty($fName) || empty($lName) || empty($group)) {
echo '<br />Must provide all the highlighted items<br /> Did not Save<br />';
} else {
//Update Fields
$myq = "UPDATE `RESERVE`.`RESERVE` SET\r\n `GRP` = " . $group . ",\r\n `LNAME` = '" . $lName . "',\r\n `FNAME` = '" . $fName . "',\r\n `RADIO` = '" . $radio . "',\r\n `ADDRESS` = '" . $address . "',\r\n `CITY` = '" . $city . "',\r\n `ST` = '" . $state . "',\r\n `ZIP` = '" . $zip . "',\r\n `HOMEPH` = '" . $hPhone . "',\r\n `CELLPH` = '" . $cPhone . "',\r\n `WORKPH` = '" . $wPhone . "',\r\n `TIS` = '" . $tis . "',\r\n `AGENCY` = '" . $agency . "',\r\n `NOTES` = '" . $notes . "' \r\n WHERE `IDNUM` = " . $reserveID;
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
addLog($config, 'Reserve with ID ' . $reserveID . ' Updated');
echo 'Reserve Successfully Updated.<br/>';
}
} else {
$myq = "SELECT * FROM `RESERVE` WHERE `IDNUM` = " . $reserveID;
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
$row = $result->fetch_assoc();
$group = $row['GRP'];
$fName = $row['FNAME'];
$lName = $row['LNAME'];
$radio = $row['RADIO'];
$address = $row['ADDRESS'];
$city = $row['CITY'];
$state = $row['ST'];
$zip = $row['ZIP'];
$hPhone = $row['HOMEPH'];
$cPhone = $row['CELLPH'];
$wPhone = $row['WORKPH'];
$tis = $row['TIS'];
$agency = $row['AGENCY'];
$notes = $row['NOTES'];
}
echo '</div><div align="left" class="login"><table>';
echo '<tr><td> </td><td>First Name: </td><td><input type="text" name="foundUserFNAME" value="' . $fName . '" /></td></tr>';
echo '<tr><td></td><td>Last Name: </td><td><input type="text" name="foundUserLNAME" value="' . $lName . '" /></td></tr>';
echo '<tr><td></td><td>Group: </td><td><select name="resGroup">
<option value="">Select Group</option>
<option value="1"';
if ($group == "1") {
echo " SELECTED";
}
echo '>Group 1</option>
<option value="2"';
if ($group == "2") {
echo " SELECTED";
}
echo '>Group 2</option>
<option value="3"';
if ($group == "3") {
echo " SELECTED";
}
echo '>Group 3</option>
<option value="4"';
if ($group == "4") {
echo " SELECTED";
}
echo '>Group 4</option>
<option value="5"';
if ($group == "5") {
echo " SELECTED";
}
echo '>Group 5</option>
</select></td></tr>';
echo '<tr><td></td><td>Radio#: </td><td><input type="text" name="radioNum" value="' . $radio . '" /></td></tr>';
echo '<tr><td></td><td>Address: </td><td><input type="text" name="address" value="' . $address . '" /></td></tr>';
echo '<tr><td></td><td>City: </td><td><input type="text" name="city" value="' . $city . '" /></td></tr>';
echo '<tr><td></td><td>State: </td><td><input type="text" name="state" value="' . $state . '" /></td></tr>';
echo '<tr><td></td><td>ZIP: </td><td><input type="text" name="zip" value="' . $zip . '" /></td></tr>';
echo '<tr><td></td><td>Home Phone: </td><td><input type="text" name="hPhone" value="' . $hPhone . '" /></td></tr>';
echo '<tr><td></td><td>Cell Phone: </td><td><input type="text" name="cPhone" value="' . $cPhone . '" /></td></tr>';
echo '<tr><td></td><td>Work Phone: </td><td><input type="text" name="wPhone" value="' . $wPhone . '" /></td></tr>';
echo '<tr><td></td><td>Time in Service: </td><td>';
displayDateSelect("tis", "tis", $tis, false, false);
echo '</td></tr>';
echo '<tr><td></td><td>Agency: </td><td><input type="text" name="agency" value="' . $agency . '" /></td></tr>';
echo '<tr><td></td><td>Additional Notes: </td><td><input type="text" name="notes" value="' . $notes . '" /></td></tr><tr><td></td></tr>';
echo '<tr><td></td><td><input type="submit" name="updateBtn" value="Update and Save" /></td><td>';
echo '<input type="submit" name="delBtn" value="Delete Reserve" /> <input type="submit" name="goBackBtn" value="Back To Reserves" /></td></tr>';
echo '</table></div>';
}
}
private function searchReserves()
{
$mysqli = connectToSQL($reserveDB = TRUE);
if ($this->config->adminLvl < 75) {
$myq = "SELECT * FROM `RESERVE` WHERE `GRP` != 5 AND \r\n `LNAME` LIKE CONVERT(_utf8 '%" . $this->config->mysqli->real_escape_string($this->searchUser) . "%' USING latin1) \r\n COLLATE latin1_swedish_ci ";
} else {
$myq = "SELECT * FROM `RESERVE` WHERE \r\n `LNAME` LIKE CONVERT(_utf8 '%" . $this->config->mysqli->real_escape_string($this->searchUser) . "%' USING latin1) \r\n COLLATE latin1_swedish_ci ";
}
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result, $myq);
$begin = $this->rowCount;
$echo = "";
while ($row = $result->fetch_assoc()) {
$this->rowCount++;
$echo .= '<div align="center"><table width="400"><tr><td>';
$echo .= '<input name="foundUser' . $this->rowCount . '" type="submit" value="Select" /></td><td>';
$echo .= '<input type="hidden" name="foundUserFNAME' . $this->rowCount . '" value="' . $row['FNAME'] . '" /> First name: ' . $row['FNAME'] . "<br />";
$echo .= '<input type="hidden" name="foundUserLNAME' . $this->rowCount . '" value="' . $row['LNAME'] . '" /> Last Name: ' . $row['LNAME'] . "<br />";
$echo .= '<input type="hidden" name="foundUserID' . $this->rowCount . '" value="' . $row['IDNUM'] . '" /> Username: '******'FNAME'] . "." . $row['LNAME'] . '<br />';
$echo .= '<input type="hidden" name="foundUserName' . $this->rowCount . '" value="' . $row['FNAME'] . "." . $row['LNAME'] . '" />';
$echo .= "Rank: Reserve Group " . $row['GRP'] . "<br />";
$echo .= '<input type="hidden" name="isReserve' . $this->rowCount . '" value="true" />"';
$echo .= "</td></tr></table></div><br /><hr />";
}
//end While Loop
$rowsAdded = $this->rowCount - $begin;
echo "Number of entries found in the reserve database is " . $rowsAdded . "<br /><br /><hr />";
if ($rowsAdded > 0) {
echo $echo;
}
}
function vehUpdateHistory($config, $vehID, $vmilage, $vIssues, $vDate = '')
{
if (!empty($vDate)) {
$vDate = "'" . $vDate . "'";
} else {
$vDate = "NOW()";
}
$myq = "INSERT INTO `WTS_VEH_MILAGE`(\r\n `IDNUM`, `INV_ID`, `MILAGE`, `DATE`, `AUDIT_ID`, `AUDIT_TS`, `AUDIT_IP`) \r\n VALUES ('','" . $vehID . "','" . $vmilage . "', " . $vDate . " ,\r\n '" . $_SESSION['userIDnum'] . "',NOW(),INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "')); ";
$result = $config->mysqli->query($myq);
SQLerrorCatch($config->mysqli, $result, $myq, $debug = false);
if (!empty($vIssues)) {
$myq = "INSERT INTO `WTS_VEH_NOTES`(\r\n `IDNUM`, `INV_ID`, `NOTES`, `DATE`, `AUDIT_ID`, `AUDIT_TS`, `AUDIT_IP`) \r\n VALUES ('','" . $vehID . "','" . $vIssues . "'," . $vDate . ",\r\n '" . $_SESSION['userIDnum'] . "',NOW(),INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "'));";
$result = $config->mysqli->query($myq);
SQLerrorCatch($config->mysqli, $result, $myq);
}
}
public function showRadioLogDetails($config, $radioLogID, $isEditing = false, $isApprove = false)
{
if ($this->checkOutRadio) {
//get passed values
echo '<h2><font color="red">Results</font></h2>';
if ($this->num_deputies > 0) {
for ($i = 0; $i < $this->num_deputies; $i++) {
$this->deputyID[$i] = isset($_POST['deputyID' . $i]) ? $this->config->mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : false;
$this->radioCallNum[$i] = isset($_POST['radioCallNum' . $i]) ? $this->config->real_escape_string(strtoupper($_POST['radioCallNum' . $i])) : '';
$this->isReserve[$i] = isset($_POST['isReserve' . $i]) ? '1' : '0';
}
$this->radioID = isset($_POST['radioID']) ? $this->config->real_escape_string(strtoupper($_POST['radioID'])) : '';
$this->podID = isset($_POST['podID']) ? $this->config->real_escape_string(strtoupper($_POST['podID'])) : '';
$this->checkOutType = isset($_POST['checkOutType']) ? $this->config->real_escape_string(strtoupper($_POST['checkOutType'])) : '';
$this->gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0;
for ($i = 0; $i < $this->num_deputies; $i++) {
$gpIDq = "SELECT MAX( GPNUM ) 'gpID' FROM WTS_RADIOLOG";
$gpResult = $this->config->query($gpIDq);
SQLerrorCatch($this->config->mysqli, $gpResult);
$row = $gpResult->fetch_assoc();
if ($this->gpID != 0) {
$groupID = $this->gpID;
} else {
$groupID = 0;
if ($num_deputies == 1) {
//Set Group ID to 0 or Individual
} else {
if ($i == 0) {
$groupID = $row['gpID'] + 1;
} else {
$groupID = $row['gpID'];
}
}
}
checkOutItem($this->config, $this->deputyID[$i], $this->radioCallNum[$i], $this->radioID, $this->checkOutType, $this->isReserve[$i], $this->groupID);
}
} else {
echo 'Must select a user.<br />';
}
echo '<br />';
//display results and get secLogID just added
}
if ($this->checkInRadio) {
$this->radioLogID = isset($_POST['radioLogID']) ? $_POST['radioLogID'] : '';
checkInRadioLog($this->config, $this->radioLogID);
$this->isEditing = true;
}
if ($this->updateRadioLog) {
////get posted values
$this->radioLogID = isset($_POST['radioLogID']) ? $this->config->real_escape_string($_POST['radioLogID']) : '';
$this->radioID = isset($_POST['radioID']) ? $this->config->real_escape_string(strtoupper($_POST['radioID'])) : '';
$this->podID = isset($_POST['podID']) ? $this->config->real_escape_string(strtoupper($_POST['podID'])) : '';
$this->radioCallNum = isset($_POST['radioCallNum']) ? $this->config->real_escape_string(strtoupper($_POST['radioCallNum'])) : '';
$this->checkOutType = isset($_POST['checkOutType']) ? $this->config->real_escape_string(strtoupper($_POST['checkOutType'])) : '';
updateRadioLog($this->config, $this->radioLogID, $this->radioCallNum, $this->radioID, $this->podID, $this->checkOutType);
$this->isEditing = true;
}
if ($this->isEditing) {
if ($this->config->adminLvl >= 0) {
$myq = "SELECT R.REFNUM, R.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.REFNUM = '" . $radioLogID . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT R.REFNUM, R.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.REFNUM = '" . $radioLogID . "' AND IS_RESERVE=1\r\n ";
$result = $this->config->mysqli->query($myq);
SQLerrorCatch($this->config->mysqli, $result);
$row = $result->fetch_assoc();
if ($row['gpID'] != 0) {
//get all users
echo '<div align="center">Group Reference #: ' . $row['gpID'] . '
<input type="hidden" name="gpID" value="' . $row['gpID'] . '" /></div>';
$newq = "SELECT R.REFNUM 'refNum', R.GPNUM 'gpID', \r\n CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT R.REFNUM 'refNum', R.GPNUM 'gpID', \r\n CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=1\r\n ORDER BY R.REFNUM";
$newResult = $this->config->mysqli->query($newq);
SQLerrorCatch($this->config->mysqli, $newResult);
$x = 0;
$y = 0;
$depTable = array(array());
$depTable[$x][$y] = "Reference#";
$y++;
$depTable[$x][$y] = "Deputy";
$y++;
$depTable[$x][$y] = "Radio#";
$y++;
$depTable[$x][$y] = "Action";
$y++;
$x++;
while ($newRow = $newResult->fetch_assoc()) {
$y = 0;
$depTable[$x][$y] = $newRow['refNum'] . '
<input type="hidden" name="radioLogID' . $x . '" value="' . $newRow['refNum'] . '" />';
$y++;
$depTable[$x][$y] = $newRow['DEPUTYNAME'];
$y++;
$depTable[$x][$y] = '<input type="text" name="radioCallNum' . $x . '" value="' . $newRow['RADIO_CALLNUM'] . '" />';
$y++;
if (strcmp($newRow['inTime'], "00/00/000 0000") == 0) {
$depTable[$x][$y] = '<input type="submit" value="Update" name="updateRadioLog' . $x . '" />
<input type="submit" value="LogOut" name="logoutRadioLog' . $x . '" /><br/>';
$y++;
} else {
if ($config->adminLvl >= 25) {
$depTable[$x][$y] = '<input type="submit" value="Update" name="updateRadioLog' . $x . '" />
Checked in at ' . $newRow['inTime'];
$y++;
} else {
$depTable[$x][$y] = 'Checked in at ' . $newRow['inTime'];
$y++;
}
}
$x++;
}
showSortableTable($depTable, 1);
} else {
echo '<br/>Reference #: ' . $radioLogID . '<input type="hidden" name="radioLogID" value="' . $radioLogID . '" /><br />
Deputy: ' . $row['DEPUTYNAME'] . '<br/>
Radio#: <input type="text" name="radioCallNum" value="' . $row['RADIO_CALLNUM'] . '" /><br/>';
}
echo '<div align="left">Add Deputy: <button type="button" name="searchBtn"
value="Lookup Employee" onClick="this.form.action=' . "'?userLookup=true'" . ';this.form.submit()" >
Lookup Employee</button></div><br/>';
echo '<br/> Radio Number: ';
selectRadioInventory($this->config, "radioID", $row['RADIOID']);
echo '<br/><br/>';
if ($row['TYPE'] == "LOANER") {
echo '<input type="radio" name="checkOutType" value="LOANER" CHECKED>LOANER</input>';
} else {
echo '<input type="radio" name="checkOutType" value="LOANER">LOANER</input>';
}
if ($row['TYPE'] == "PERM") {
echo '<input type="radio" name="checkOutType" value="PERM" CHECKED>PERMANENT</input>';
} else {
echo '<input type="radio" name="checkOutType" value="PERM">PERMANENT</input>';
}
if ($row['TYPE'] == "POD") {
echo '<input type="radio" name="checkOutType" value="POD" CHECKED>SHIFT ASSIGNMENT</input><br/>';
} else {
echo '<input type="radio" name="checkOutType" value="POD">SHIFT ASSIGNMENT</input><br/>';
}
echo '<br/>Checked in time: ';
if (strcmp($row['inTime'], "00/00/00 0000") == 0) {
echo "<font color=red><b>Not Checked back in Yet</b></font><br /><br />";
if ($row['gpID'] != 0) {
echo '<input type="submit" name="checkInAllRadio" value="Check in All" />';
} else {
echo '<input type="submit" name="checkInRadio" value="Check Back In" />';
}
} else {
echo $row['inTime'] . '<br /><br />';
}
if (strcmp($row['inTime'], "00/00/0000 0000") == 0 || $config->adminLvl >= 25) {
if ($row['gpID'] != 0) {
echo '<input type="submit" name="updateRadioLogAll" value="Update All" />';
} else {
echo '<input type="submit" name="updateRadioLog" value="Update" />';
}
}
if ($isApprove) {
echo '<input type="submit" name="backToApprove" value="Back To Approvals" />';
} else {
echo '<input type="submit" name="goBtn" value="Back To Logs" />';
}
} else {
echo 'Access Denied';
}
}
if (!$isEditing && !isset($_POST['goBtn'])) {
echo '<br/><br/>';
$radioLogID = isset($_POST['secLogID']) ? $this->config->real_escape_string($_POST['secLogID']) : '';
$radioID = isset($_POST['radioID']) ? $this->config->real_escape_string(strtoupper($_POST['radioID'])) : '';
$podID = isset($_POST['podID']) ? $this->config->real_escape_string(strtoupper($_POST['podID'])) : '';
$checkOutType = isset($_POST['checkOutType']) ? $this->config->real_escape_string(strtoupper($_POST['checkOutType'])) : '';
//debug
//var_dump($_POST);
//Show previously added deputies
$deputyCount = 0;
if ($num_deputies > 0) {
for ($i = 0; $i < $num_deputies; $i++) {
if (!isset($_POST['removeDeputyBtn' . $i])) {
$deputyID[$i] = isset($_POST['deputyID' . $i]) ? $this->config->real_escape_string(strtoupper($_POST['deputyID' . $i])) : '';
$isReserve[$i] = isset($_POST['isReserve' . $i]) ? true : false;
//get this user's information
if ($isReserve[$i]) {
$myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $deputyID[$i];
$result = $this->mysqliReserve->query($myq);
SQLerrorCatch($this->mysqliReserve, $result);
$row = $result->fetch_assoc();
} else {
$myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $deputyID[$i];
$result = $this->config->query($myq);
SQLerrorCatch($mysqli, $result);
$row = $result->fetch_assoc();
}
if ($i == 0) {
$phone = $row['CELLPH'];
}
echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $deputyID[$i] . '" />';
if ($isReserve[$i] == 1) {
echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />';
}
echo $row['LNAME'] . ', ' . $row['FNAME'];
echo '; Radio Call #: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO'];
echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />';
echo '<br/>';
$deputyCount++;
}
}
//End for loop of previously added deputies
}
//End check for multiple deputies
//Get added Deputy
$totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0;
$foundUserFNAME = '';
$foundUserLNAME = '';
$foundUserName = '';
$foundUserID = '';
if ($totalRows > 0) {
//get post info providied from search results
for ($i = 0; $i <= $totalRows; $i++) {
if (isset($_POST['foundUser' . $i])) {
$foundUserFNAME = $_POST['foundUserFNAME' . $i];
$foundUserLNAME = $_POST['foundUserLNAME' . $i];
$foundUserName = $_POST['foundUserName' . $i];
$foundUserID = $_POST['foundUserID' . $i];
if (isset($_POST['isReserve' . $i])) {
$foundUserIsReserve = true;
} else {
$foundUserIsReserve = false;
}
break;
}
//end if
}
//end for
}
if (empty($foundUserID) && $num_deputies == 0) {
//security check for central control computer
if ($_SERVER['REMOTE_ADDR'] != nslookup('WSRF14900.mahoningcountyoh.gov')) {
//'10.1.32.72'
//Default first deputy to logged in user on first load
$foundUserID = $_SESSION['userIDnum'];
$foundUserIsReserve = false;
}
}
if (!empty($foundUserID)) {
if ($foundUserIsReserve) {
$myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $foundUserID;
$result = $this->mysqliReserve->query($myq);
SQLerrorCatch($this->mysqliReserve, $result);
} else {
$myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $foundUserID;
$result = $this->config->query($myq);
SQLerrorCatch($mysqli, $result);
}
$row = $result->fetch_assoc();
if ($deputyCount == 0) {
$phone = $row['CELLPH'];
}
echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $foundUserID . '" />';
if ($foundUserIsReserve) {
echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />';
}
echo $row['LNAME'] . ', ' . $row['FNAME'];
echo '; Radio Call#: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO'];
echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />';
echo '<br/>';
$deputyCount++;
}
echo 'Add Deputy: ';
displayUserLookup($config);
echo '<input type="hidden" name="num_deputies" value="' . $deputyCount . '" />';
$gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0;
echo '<br/><br/><input type="hidden" name="gpID" value="' . $gpID . '" /> Radio Number: ';
selectRadioInventory($config, "radioID", $radioID);
echo '<br/><br/>';
if ($checkOutType == "LOANER") {
echo '<input type="radio" name="checkOutType" value="LOANER" CHECKED>LOANER</input>';
} else {
echo '<input type="radio" name="checkOutType" value="LOANER">LOANER</input>';
}
if ($checkOutType == "PERM") {
echo '<input type="radio" name="checkOutType" value="PERM" CHECKED>PERMANENT</input>';
} else {
echo '<input type="radio" name="checkOutType" value="PERM">PERMANENT</input>';
}
if ($checkOutType == "POD") {
echo '<input type="radio" name="checkOutType" value="POD" CHECKED>SHIFT ASSIGNMENT</input><br/>';
} else {
echo '<input type="radio" name="checkOutType" value="POD">SHIFT ASSIGNMENT</input><br/>';
}
echo '<br/><input type="hidden" name="addBtn" value="true" />
<input type="submit" name="addRadioLog" value="Check Out Radio" />
<input type="submit" name="goBtn" value="Cancel" />';
}
}
function displayLogs($config)
{
if ($config->adminLvl > 75) {
echo "<form name='custRange' action='" . $_SERVER['REQUEST_URI'] . "' method='post'>";
echo 'Date Range to Display (Blank will use today\'s Date)';
echo "<p> Start";
if (isset($_POST['start']) && isset($_POST['end'])) {
displayDateSelect('start', 'date_1', $_POST['start'], false, false);
echo "End";
displayDateSelect('end', 'date_2', $_POST['end'], false, false);
} else {
displayDateSelect('start', 'date_1', false, false, true);
echo "End";
displayDateSelect('end', 'date_2', false, false, true);
}
echo "<input type='submit' value='Go' /></p>";
//overwrite current period date variables with
//those provided by user
if (isset($_POST['start']) && isset($_POST['end'])) {
$startDate = new DateTime($_POST['start']);
$startDate = $startDate->format('Y-m-d');
$endDate = new DateTime($_POST['end']);
$endDate = $endDate->format('Y-m-d');
} else {
$startDate = date("Y-m-d");
$endDate = date("Y-m-d");
}
if ($startDate == $endDate) {
$dateQ = "WHERE DATE = '" . $startDate . "'";
} else {
$dateQ = "WHERE DATE BETWEEN '" . $startDate . "' AND '" . $endDate . "'";
}
$x = 0;
$y = 0;
$theTable = array(array());
$theTable[$x][$y] = "Event#";
$y++;
$theTable[$x][$y] = "User";
$y++;
$theTable[$x][$y] = "User IP";
$y++;
$theTable[$x][$y] = "Time of Event";
$y++;
$theTable[$x][$y] = "Description of Event";
$y++;
$mysqli = $config->mysqli;
$myq = "SELECT EMP.LNAME 'LName', EMP.FNAME 'FName', WTS_EVENTS.IDNUM 'refNo', \r\n DATE_FORMAT(DATE,'%a %d %b %Y') 'Date',\r\n DATE_FORMAT(TIME,'%H%i') 'Time', \r\n DESCR 'Descr', INET_NTOA(USERIP) 'UserIP'\r\n FROM WTS_EVENTS\r\n LEFT JOIN EMPLOYEE AS EMP ON EMP.IDNUM=WTS_EVENTS.USERID\r\n " . $dateQ;
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
while ($row = $result->fetch_assoc()) {
$x++;
$y = 0;
$theTable[$x][$y] = $row['refNo'];
$y++;
$theTable[$x][$y] = $row['LName'] . ', ' . $row['FName'];
$y++;
$theTable[$x][$y] = $row['UserIP'];
$y++;
$theTable[$x][$y] = $row['Date'] . ' ' . $row['Time'];
$y++;
$theTable[$x][$y] = $row['Descr'];
$y++;
}
echo '<h3>User Event Logs</h3>';
echo 'Showing events between ' . $startDate . ' and ' . $endDate;
showSortableTable($theTable, 1);
} else {
echo '<h3>User Event Logs</h3>Access Denied!';
}
}
function sendRequestToPending($config, $refNo, $hrNotes = '')
{
if (!empty($hrNotes)) {
$updateNotes = "`HR_NOTES` = '" . $config->mysqli->real_escape_string($hrNotes) . "',";
}
$myq = $myq = "UPDATE REQUEST \r\n SET STATUS='PENDING',\r\n `HRAPP_IS` = '0',\r\n " . $hrNotes . "\r\n APPROVEDBY=''\r\n WHERE REFER=" . $config->mysqli->real_escape_string($refNo);
$result = $config->mysqli->query($myq);
SQLerrorCatch($config->mysqli, $result, $myq, $debug = false);
addLog($config, 'Ref# ' . $refNo . ' status was changed to pending');
}
function selectAdminLevel($config, $adminLvl = "0")
{
$mysqli = $config->mysqli;
$myq = "SELECT * FROM `ADMINLVL` ORDER BY IDNUM";
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
echo '<select name="adminLvl">';
while ($row = $result->fetch_assoc()) {
echo '<option value="' . $row['IDNUM'] . '"';
if (strcmp($adminLvl, $row['IDNUM']) == 0) {
echo ' selected="selected"';
}
echo '>' . $row['DESCR'] . '</option>';
}
echo '</select>';
}
function displayAdminAnnounce($config)
{
echo '<div align="center"><h2>Announcement Manager</h3></div> ';
if ($config->adminLvl >= 30) {
$editorDisplay = isset($_GET['editAnnounce']) ? $_GET['editAnnounce'] : false;
if (!$editorDisplay && !isset($_POST['addAnnounce'])) {
//Show available announcements to edit (or add new)
$mysqli = connectToSQL();
$myq = "SELECT * FROM `NEWS` WHERE 1";
$result = $mysqli->query($myq);
if (!$result) {
throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}");
}
$result->data_seek(0);
while ($row = $result->fetch_assoc()) {
echo '<a href="' . $_SERVER['REQUEST_URI'] . '&editAnnounce=' . $row['IDNUM'] . '" >' . $row['TITLE'] . '</a><br />
Published: ' . $row['TSTAMP'] . ' <br />by ' . $row['AUDITID'] . '<br /><br />';
}
?>
<form action="<?php
echo $_SERVER['REQUEST_URI'];
?>
" method="post" name="registerform">
<input type="submit" name="addAnnounce" value="Add Announcement" />
</form>
<?php
}
if (isset($_GET['editAnnounce'])) {
//User attempting to edit, get passed form fields
$editorID = isset($_POST['editorID']) ? $_POST['editorID'] : $_GET['editAnnounce'];
$editorTitle = isset($_POST['editorTitle']) ? $_POST['editorTitle'] : '';
$editorShort = isset($_POST['editorShort']) ? $_POST['editorShort'] : '';
$editorDivID = isset($_POST['editorDivID']) ? $_POST['editorDivID'] : '';
$editorOldShort = isset($_POST['editorOldShort']) ? $_POST['editorOldShort'] : '';
$editorPublish = isset($_POST['editorPublish']) ? $_POST['editorPublish'] : '1';
$editorData = isset($_POST['editor110']) ? $_POST['editor110'] : '';
if (isset($_POST['editor110']) && !isset($_POST['editorPublish'])) {
$editorPublish = 0;
}
if (!isset($_POST['editorOldShort'])) {
//no valid announcement was passed so get data within SQL
$mysqli = connectToSQL();
$myq = "SELECT `SHORTNAME` , `TITLE` , `BODY` , `PUBLISH`, `DIVID` FROM `NEWS` \r\n WHERE `IDNUM` = '" . $editorID . "'";
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
$result->data_seek(0);
$row = $result->fetch_assoc();
$editorTitle = $row['TITLE'];
$editorShort = $row['SHORTNAME'];
$editorDivID = $row['DIVID'];
$editorPublish = $row['PUBLISH'];
$editorData = $row['BODY'];
}
?>
<a href="<?php
echo $_SERVER['PHP_SELF'];
?>
?isAnounceAdmin=true" >Back</a>
<script type="text/javascript" src="ckeditor/ckeditor.js"></script>
<form action ="<?php
echo $_SERVER['REQUEST_URI'];
?>
" method="post">
<p>
<?php
echo '<input type="hidden" name="editorID" value="' . $editorID . '" />';
?>
Announcement Title: <input type="text" name="editorTitle" value="<?php
if (isset($editorTitle)) {
echo $editorTitle;
}
?>
"/><br /><br />
Short Name: <?php
if (isset($editorShort)) {
echo $editorShort;
}
?>
<br /><br />
Publish to Division: <?php
displayDivisionID("editorDivID", $editorDivID, $showAllOpt = true);
?>
<br/><Br/>
<input type="hidden" name="editorOldShort" value="<?php
echo $editorShort;
?>
" />
Publish Announcement: <input type="checkbox" name="editorPublish" value="1" <?php
if ($editorPublish == 0) {
} else {
echo 'checked="checked"';
}
?>
/><br /><br />
<textarea id="editor1" name="editor110"><?php
echo $editorData;
?>
</textarea>
<script type="text/javascript">
CKEDITOR.replace( 'editor110' );
</script>
</p>
<p>
<input type="submit" name="saveBtn" value="Save" />
</p>
</form>
<?php
if (isset($_POST['saveBtn'])) {
//User pressed Save Button, so update with presented information
$mysqli = connectToSQL();
$myq = "UPDATE `PAYROLL`.`NEWS` SET \r\n `SHORTNAME` = '" . $editorOldShort . "',\r\n `TITLE` = '" . $editorTitle . "',\r\n `BODY` = '" . $editorData . "',\r\n `PUBLISH` = '" . $editorPublish . "',\r\n `DIVID` = '" . $editorDivID . "',\r\n `TSTAMP` = NOW( ),\r\n `AUDITID` = '" . strtoupper($_SESSION['userName']) . "',\r\n `IP` = 'INET_ATON(\\'" . $_SERVER['REMOTE_ADDR'] . "\\')' \r\n WHERE IDNUM= '" . $editorID . "' LIMIT 1 ;";
$result = $mysqli->query($myq);
if (!SQLerrorCatch($mysqli, $result)) {
addLog($config, 'Announcement Updated with title ' . $editorTitle);
echo '<h3>Successful Save</h3>';
}
}
}
if (isset($_POST['addAnnounce'])) {
//User pressed Add an Announcement
$editorTitle = isset($_POST['editorTitle']) ? $_POST['editorTitle'] : '';
$editorShort = isset($_POST['editorShort']) ? $_POST['editorShort'] : '';
$editorDivID = isset($_POST['editorDivID']) ? $_POST['editorDivID'] : '1';
$editorPublish = isset($_POST['editorPublish']) ? $_POST['editorPublish'] : '1';
$editorData = isset($_POST['editor110']) ? $_POST['editor110'] : '';
if (isset($_POST['editor110']) && !isset($_POST['editorPublish'])) {
$editorPublish = 0;
}
$isShort = false;
if (isset($_POST['saveBtn']) && empty($editorShort)) {
$isShort = true;
}
?>
<a href="<?php
echo $_SERVER['PHP_SELF'];
?>
?isAnounceAdmin=true" >Back</a>
<script type="text/javascript" src="ckeditor/ckeditor.js"></script>
<form action ="<?php
echo $_SERVER['REQUEST_URI'];
?>
" method="post">
<p>
Announcement Title: <input type="text" name="editorTitle" value="<?php
if (isset($editorTitle)) {
echo $editorTitle;
}
?>
"/><br /><br />
Short Name: <input type="text" name="editorShort" value="<?php
if (isset($editorShort)) {
echo $editorShort;
}
?>
" <?php
if ($isShort) {
echo "style=\"background:#FFFFFF;border:1px solid #FF0000;\"";
}
?>
/><br /><br />
Publish to Division: <?php
displayDivisionID("editorDivID", $editorDivID, $showAllOpt = true);
?>
<br/><Br/>
Publish Announcement: <input type="checkbox" name="editorPublish" value="1" <?php
if ($editorPublish == 0) {
} else {
echo 'checked="checked"';
}
?>
/><br /><br />
<textarea id="editor1" name="editor110"><?php
echo $editorData;
?>
</textarea>
<script type="text/javascript">
CKEDITOR.replace( 'editor110' );
</script>
</p>
<p>
<input type="hidden" name="addAnnounce" value="Add Announcement" />
<input type="submit" name="saveBtn" value="Save" />
</p>
</form>
<?php
if (isset($_POST['saveBtn'])) {
//Save button pressed, save data to database
$mysqli = connectToSQL();
//$myq = "INSERT INTO `PAYROLL`.`NEWS` (`SHORTNAME`, `TITLE`, `BODY`, `PUBLISH`, `TSTAMP`, `AUDITID`, 'IP') VALUES ('".$editorShort."', '".$editorTitle."', '".$editorData."', '".$editorPublish."', NOW(), 'awturner', '10.1.30.57');";
$myq = "INSERT INTO `NEWS` (`SHORTNAME`, `TITLE`, `BODY`, DIVID, `PUBLISH`, `TSTAMP`, `AUDITID`, `IP`) \r\n VALUES ('" . $editorShort . "', '" . $editorTitle . "', '" . $editorData . "', '" . $editorDivID . "', '" . $editorPublish . "', NOW(), '" . strtoupper($_SESSION['userName']) . "', INET_ATON('{$_SERVER['REMOTE_ADDR']}'))";
$result = $mysqli->query($myq);
if (!$result) {
throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}");
} else {
addLog($config, 'Announcement Added with title ' . $editorTitle);
echo '<h3>Successful Save</h3>';
}
}
}
echo '<div align="center">Note: No Announcement is private to the selected division.<br/>
All users may see the announcement if published</div><Br/>';
} else {
echo 'Access Denied';
}
}
