function alert_PostPayrollValidation($config) { if ($config->adminLvl == 50) { $dismiss = isset($_POST['dismissPostValidBtn']) ? true : false; $dismiss = isset($_GET['postPayrollValid']) ? true : $dismiss; //No dismissal session variable for real time alerting $dismissTime = isset($_SESSION['dismissPayrollValid']) ? $_SESSION['dismissPayrollValid'] : false; if (!$dismiss) { $current_timestamp = strtotime(date('Y-m-d H:i')); $compare_timestamp = strtotime("-30 minute", $current_timestamp); if (strtotime($dismissTime) >= $compare_timestamp) { //popUpMessage('Will not display message '.strtotime($dismissTime). ' vs '.$compare_timestamp); } else { $mysqli = $config->mysqli; //Get approved time request submitted to HR if date of use is prior to last pay period and //current date is after end of payperiod //determine last day of last approved pay period $today = date('Y-m-d'); $myq = "SELECT COUNT(REFER), MAX(USEDATE) 'endDate', MIN(USEDATE) 'startDate'\r\n FROM REQUEST\r\n WHERE (STATUS='APPROVED' OR STATUS='DENIED')\r\n AND HRAPP_IS = '0'\r\n AND USEDATE <= (SELECT PPEND FROM PAYPERIOD WHERE PPEND = (SELECT PPBEG-1 FROM PAYPERIOD WHERE '" . $today . "' BETWEEN PPBEG AND PPEND))"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result, $myq); if ($result->num_rows > 0) { $_SESSION['dismissPayrollValid'] = date('Y-m-d H:i'); $row = $result->fetch_assoc(); popUpMessage('<div align="center"><form name="verifyAlert" method="POST" action="?hrEmpRep=true&cust=true&postPayrollValid=true"> New Time Request after validation! <input type="submit" name="dismissPostValidBtn" value="Go to Alert" /> <input type="hidden" name="start" value="' . $row['startDate'] . '" /> <input type="hidden" name="end" value="' . $row['endDate'] . '" /> </form></div>', 'ALERT'); } } } else { $_SESSION['dismissPayrollValid'] = date('Y-m-d H:i'); } } }
function expungeRequest($mysqli, $referNum, $unExpunge = false, $delBtnIndex = false, $totalRows = false, $extraInputs = '') { $confirmBtn = isset($_POST['confirmBtn']) ? true : false; if ($unExpunge) { if (!isset($_POST['okBtn'])) { $myq = "UPDATE REQUEST \r\n SET STATUS='PENDING'\r\n WHERE REFER=" . $mysqli->real_escape_string($referNum); $result = $mysqli->query($myq); if (!SQLerrorCatch($mysqli, $result, $myq, $debug = false)) { $configNew = new Config(); $configNew->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1); popUpMessage('Request ' . $referNum . ' Has been placed back into PENDING State. <div align="center"><form method="POST"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); addLog($configNew->mysqli, 'UnExpunged Time Request with Ref# ' . $referNum); } } } else { if ($confirmBtn && !empty($_POST['expungedReason']) && $_SESSION['admin']) { $myq = "UPDATE REQUEST \r\n SET STATUS='EXPUNGED',\r\n HRAPP_ID='0',\r\n EX_REASON='" . $mysqli->real_escape_string($_POST['expungedReason']) . "',\r\n AUDITID='" . $mysqli->real_escape_string($_SESSION['userIDnum']) . "',\r\n IP= INET_ATON('" . $mysqli->real_escape_string($_SERVER['REMOTE_ADDR']) . "')\r\n WHERE REFER='" . $mysqli->real_escape_string($referNum) . "'"; $result = $mysqli->query($myq); if (!SQLerrorCatch($mysqli, $result, $myq, $debug = false)) { $configNew = new Config(); $configNew->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1); addLog($configNew, 'Expunged Time Request with Ref# ' . $referNum); popUpMessage('Request ' . $referNum . ' expunged. <div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); } } else { if (!isset($_POST['okBtn'])) { $result = ""; if (isset($_POST['expungedReason'])) { if (empty($_POST['expungedReason'])) { $result = '<font color="red">Requires a Reason</font><br/>'; } } $echo = '<div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '"> <input name="deleteBtn' . $delBtnIndex . '" type="hidden" value="' . $referNum . '" /> <input type="hidden" name="totalRows" value="' . $totalRows . '" /> Request ' . $referNum . ' to be expunged<br/> ' . $result . ' Reason:<textarea name="expungedReason"></textarea><br/> <input type="submit" name="confirmBtn" value="CONFIRM EXPUNGE" /> <input type="submit" name="okBtn" value="CANCEL" /> ' . $extraInputs . ' </form></div>'; popUpMessage($echo); } } } }
function checkInRadioLog($config, $radioLogID, $noLog = false, $hiddenInputs = '') { $mysqli = $config->mysqli; $checkq = "SELECT PRIORITY_TYPE, TYPE.DESCR 'Type', I.IDNUM 'IDNUM'\r\n FROM WTS_INVENTORY I\r\n LEFT JOIN WTS_INV_TYPE TYPE ON TYPE.IDNUM=I.TYPE\r\n WHERE I.IDNUM=(SELECT RADIOID FROM WTS_RADIOLOG WHERE REFNUM='" . $radioLogID . "')"; $checkResult = $mysqli->query($checkq); SQLerrorCatch($mysqli, $checkResult, $checkq); $row = $checkResult->fetch_assoc(); $validInputs = true; $wasCheckedIn = false; $ereason = isset($_POST['ereason']) ? $_POST['ereason'] : ''; if ($row['PRIORITY_TYPE'] == "EMERGENCY") { $ereaesonBtn = isset($_POST['ereaesonBtn']) ? true : false; if (!$ereaesonBtn) { popUpMessage('Emergency Reason: <br/> <form method="POST"><input name="ereason"/><br/> <input type="submit" name="ereaesonBtn" value="Submit Reason" />' . $hiddenInputs . ' </form>'); $validInputs = false; } } else { if ($row['Type'] == "VEHICLE") { $vStatusBtn = isset($_POST['vStatusBtn']) ? true : false; $showPopUp = true; $error = ''; if ($vStatusBtn) { $vmilage = isset($_POST['vmilage']) ? $_POST['vmilage'] : ''; $vIssues = isset($_POST['vIssues']) ? $_POST['vIssues'] : ''; if (!empty($vmilage)) { $error = vehUpdateHistory($config, $row['IDNUM'], $vmilage, $vIssues); if (!$error) { $showPopUp = false; $validInputs = true; } else { $error .= '<br/>'; $showPopUp = true; } } else { $showPopUp = true; } } if ($showPopUp) { popUpMessage('</form><div align="center"><form method="POST"> ' . $error . ' Ending Milage: <input type="text" name="vmilage"/><br/> New Maintenance Issues:<textarea name="vIssues"></textarea><br/> <input type="submit" name="vStatusBtn" value="Submit Vehilce Report" />' . $hiddenInputs . ' </form></div><form method="POST">', "Update Vehicle History"); $validInputs = false; } } } if ($validInputs) { $myq = "UPDATE WTS_RADIOLOG SET CHECKEDOUT = '0', `AUDIT_IN_ID` = '" . $_SESSION['userIDnum'] . "',\r\n `AUDIT_IN_TS` = NOW(), `EREASON` = '" . $ereason . "',\r\n `AUDIT_IN_IP` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "') WHERE WTS_RADIOLOG.REFNUM = '" . $radioLogID . "' LIMIT 1"; $myUpdate = "UPDATE `WTS_INVENTORY` SET `QUANTITY_AVAILABLE`=`QUANTITY_AVAILABLE` + 1 \r\n WHERE IDNUM = (SELECT RADIOID FROM WTS_RADIOLOG WHERE WTS_RADIOLOG.REFNUM = '" . $radioLogID . "') LIMIT 1;"; $result = $mysqli->query($myq); if (!SQLerrorCatch($mysqli, $result, $myq)) { $resultUpdate = $mysqli->query($myUpdate); if (!SQLerrorCatch($mysqli, $resultUpdate, $myUpdate)) { $wasCheckedIn = true; if (!$noLog) { echo '<font color="red">Successfully checked item back in with Reference Number: ' . $radioLogID . '</font><br /><br/>'; addLog($config, 'Radio log #' . $radioLogID . ' checked back in'); } } else { //Attempt to fix ALL QUANTITY Errors $myupdate = "UPDATE `WTS_INVENTORY` \r\n SET `QUANTITY_AVAILABLE`=`QUANTITY` - \r\n (SELECT COUNT(CHECKEDOUT) FROM WTS_RADIOLOG WHERE CHECKEDOUT = 1 AND WTS_RADIOLOG.RADIOID = `WTS_INVENTORY`.IDNUM)"; $result = $mysqli->query($myupdate); SQLerrorCatch($mysqli, $result, $myupdate); echo '<h2>Results</h2><font color="red">ERROR - Failed to update quantities, attempted Global Fix</font><br /><Br />'; } } else { echo '<h2>Results</h2><font color="red">Failed to check radio back in, try again.</font><br /><Br />'; } } return $wasCheckedIn; }
function selectUserSearch($config, $userToFind, $rowCount, $select = false) { //LDAP Search $cnx = ldap_connect($config->ldap_server); $user = $config->ldapUser; $pass = $config->ldapPass; $ldaprdn = $user . '@' . $config->domain; ldap_set_option($cnx, LDAP_OPT_PROTOCOL_VERSION, 3); //Set the LDAP Protocol used by your AD service ldap_set_option($cnx, LDAP_OPT_REFERRALS, 0); //This was necessary for my AD to do anything if ($ldapbind = ldap_bind($cnx, $ldaprdn, $pass)) { //Split given domain into LDAP Base DN $temp = explode(".", $config->domain); $dn = null; foreach ($temp as $dc) { if (empty($dn)) { $dn = "DC=" . $dc; } else { $dn = $dn . ",DC=" . $dc; } } error_reporting(E_ALL ^ E_NOTICE); //Suppress some unnecessary messages $filter = "(&(objectCategory=person)(objectClass=user)"; $filter .= "(|(samaccountname=*" . $userToFind . "*)(sn=*" . $userToFind . "*)(displayname=*" . $userToFind . "*)"; $filter .= "(mail=*" . $userToFind . "*)(department=*" . $userToFind . "*)(title=*" . $userToFind . "*)))"; //Search fields $res = ldap_search($cnx, $dn, $filter); $totalRows = ldap_count_entries($cnx, $res); $info = ldap_get_entries($cnx, $res); echo "Number of entries in Active Directory returned is " . $totalRows . "<br /><br /><hr />"; for ($i = 0; $i < $info["count"]; $i++) { //echo "dn is: " . $info[$i]["dn"] . "<br />"; echo '<div align="center"><table width="400"><tr><td>'; if ($select) { echo '<input name="foundUser' . $rowCount . '" type="radio" onClick="this.form.action=\'?' . $_POST['formName'] . "=true'" . ';this.form.submit()" />Select</td><td>'; } echo "Display Name: " . $info[$i]["displayname"][0] . "<br />"; echo '<input type="hidden" name="foundUserFNAME' . $rowCount . '" value="' . $info[$i]["givenname"][0] . '" />First name: ' . $info[$i]["givenname"][0] . "<br />"; echo '<input type="hidden" name="foundUserLNAME' . $rowCount . '" value="' . $info[$i]["sn"][0] . '" /> Last Name: ' . $info[$i]["sn"][0] . "<br />"; echo '<input type="hidden" name="foundUserName' . $rowCount . '" value="' . $info[$i]["samaccountname"][0] . '" /> Username: '******'<br />'; //Check user in Employee Database and output IDNUM if found $searchResult = searchDatabase($config, $info[$i]["samaccountname"][0], $i, false); if ($searchResult < 1) { //User not in database, so register the user registerUser($info[$i]["samaccountname"][0], "temp01", "temp01", 0, 1); } //Get user's IDNUM $mysqli = $config->mysqli; $myq = "SELECT *\r\n FROM `EMPLOYEE`\r\n WHERE `ID` = '" . strtoupper($info[$i]["samaccountname"][0]) . "'"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $row = $result->fetch_assoc(); echo "Rank: " . $row['GRADE'] . "<br />"; //echo "Department: " . $row['DESCR'] . "<br />"; if ($searchResult < 1) { //Update newly created user's information with their Active Directory Info $myq = "UPDATE `PAYROLL`.`EMPLOYEE` SET \r\n `LNAME` = '" . strtoupper($info[$i]["sn"][0]) . "',\r\n `FNAME` = '" . strtoupper($info[$i]["givenname"][0]) . "'\r\n WHERE EMPLOYEE.IDNUM = '" . $row['IDNUM'] . "'"; //Perform SQL Query $result = $mysqli->query($myq); //show SQL error msg if query failed if (!SQLerrorCatch($mysqli, $result)) { $result = "Successfully Updated Profile"; } } echo "Title: " . $info[$i]["title"][0] . "<br />"; echo "Department: " . $info[$i]["department"][0] . "<br />"; echo "Email: " . $info[$i]["mail"][0] . "<br />"; echo '<input type="hidden" name="foundUserID' . $rowCount . '" value="' . $row['IDNUM'] . '" />'; echo "</td></tr></table></div><br /><hr />"; $rowCount++; } } else { popUpMessage("Could Not Bind to LDAP to perform search"); } return $totalRows; }
function isValidUser($config) { if (!isset($_SESSION['validUser']) || $_SESSION['validUser'] != true) { return false; } else { $timeout = 60; //minutes if ($_SESSION['timeout'] + $timeout * 60 < time()) { //User has been inactive for 30 minutes popUpMessage("Your Session has Timed Out. Please log back in"); logoutUser($config, "Session Timeout after " . $timeout . " Minutes"); return false; } else { return true; } } }
function SQLerrorCatch($mysqli, $result, $myq = '', $debug = false) { $dbgTrace = debug_backtrace(); $dbgMsg = "<table><tr><th>Debug backtrace begin:</th></tr>"; foreach ($dbgTrace as $dbgIndex => $dbgInfo) { $dbgMsg .= '<tr width=300><td>' . $dbgInfo['file'] . ' (line ' . $dbgInfo['line'] . ') -> ' . $dbgInfo['function'] . '</td></tr>'; } $dbgMsg .= '<tr><td>Querey Used:</td></tr><tr><td>' . $myq . '</td></tr>'; $dbgMsg .= "<tr><td> </td></tr><tr><th>Debug backtrace end</th></tr></table>"; $isError = false; try { if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } } catch (Exception $e) { $message = $e->getMessage(); $isError = true; popUpMessage($dbgMsg . '<br/><br/> ' . $message, "Error Message", $width = '800'); return true; } if ($debug && !$isError) { popUpMessage($dbgMsg, "Debug Message", $width = '800'); } return $isError; }
function displayReserves($config) { echo '<h3>Reserves Manager</h3>'; if ($config->adminLvl >= 75) { //get passed variables $addBtn = isset($_POST['addBtn']) ? true : false; $editSelect = isset($_POST['totalRows']) ? $_POST['totalRows'] : false; $reserveID = isset($_POST['reserveID']) ? $_POST['reserveID'] : false; $goBackBtn = isset($_POST['goBackBtn']) ? true : false; $delBtn = isset($_POST['delBtn']) ? true : false; $delBtn = isset($_POST['noBtn']) ? false : $delBtn; if ($goBackBtn) { $addBtn = false; $reserveID = false; } if (isset($_POST['totalRows']) && !$reserveID) { for ($i = 0; $i <= $editSelect; $i++) { if (isset($_POST['foundUser' . $i])) { $reserveID = $_POST['foundUserID' . $i]; break; } } } if ($delBtn) { $confirmBtn = isset($_POST['confirmBtn']) ? true : false; $mysqli = connectToSQL($reserveDB = TRUE); if (!$confirmBtn) { //Confirm Delete Record popUpMessage('Are you Sure? <br/> <form method="POST" name="confirmForm"> <input type="submit" name="confirmBtn" value="Yes" /> <input type="submit" name="noBtn" value="Cancel" /> <input type="hidden" name="delBtn" value="true" /> <input type="hidden" name="reserveID" value="' . $reserveID . '" /> </form>'); } else { $myq = "DELETE FROM `RESERVE`\r\n WHERE `IDNUM` = " . $reserveID . " LIMIT 1"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); addLog($config, 'Reserve with ID ' . $reserveID . ' Deleted'); $reserveID = false; echo 'Reserve Successfully Removed.<br/>'; } } //Main Content echo '<form name="resManage" method="POST" action="' . $_SERVER['REQUEST_URI'] . '" >'; echo '<input type="hidden" name="formName" value="resManage" />'; if (!$addBtn && !$reserveID) { reservesTable($config); echo '<input type="submit" name="addBtn" value="Add Reserve" />'; } if ($addBtn) { //get return to location $prevNum = isset($_POST['prevNum']) ? $_POST['prevNum'] : "0"; $nextNum = isset($_POST['nextNum']) ? $_POST['nextNum'] : "25"; $limit = isset($_POST['limit']) ? $_POST['limit'] : "25"; echo '<input type="hidden" name="prevNum" value="' . $prevNum . '" />'; echo '<input type="hidden" name="nextNum" value="' . $nextNum . '" />'; echo '<input type="hidden" name="limit" value="' . $limit . '" />'; showAddReserve($config); } if (!empty($reserveID)) { //get return to location $prevNum = isset($_POST['prevNum']) ? $_POST['prevNum'] : "0"; $nextNum = isset($_POST['nextNum']) ? $_POST['nextNum'] : "25"; $limit = isset($_POST['limit']) ? $_POST['limit'] : "25"; echo '<input type="hidden" name="prevNum" value="' . $prevNum . '" />'; echo '<input type="hidden" name="nextNum" value="' . $nextNum . '" />'; echo '<input type="hidden" name="limit" value="' . $limit . '" />'; reserveDetails($config, $reserveID); } //End Content echo '</form>'; } else { echo '<h3>Access Denied!</h3>'; } }
private function showAreYouSureMessage() { if ($this->isShowAreYouSureMessage) { $this->hiddenInputs .= '<input type="hidden" name="reqID" value="' . $this->reqID . '" /> <input type="hidden" name="typeID" value="' . $this->typeID . '" /> <input type="hidden" name="subTypeID" value="' . $this->subTypeID . '" /> <input type="hidden" name="empID" value="' . $this->empID . '" /> <input type="hidden" name="useDate" value="' . $this->useDate . '" /> <input type="hidden" name="endDate" value="' . $this->endDate . '" /> <input type="hidden" name="begTime1" value="' . $this->begTime1 . '" /> <input type="hidden" name="begTime2" value="' . $this->begTime2 . '" /> <input type="hidden" name="endTime1" value="' . $this->endTime1 . '" /> <input type="hidden" name="endTime2" value="' . $this->endTime2 . '" /> <input type="hidden" name="empComment" value="' . $this->empComment . '" /> <input type="hidden" name="shiftHour" value="' . $this->shiftHourRadio . '" /> '; popUpMessage('<div align="center"><form method="POST" name="areYouSure"> ' . $this->reason . '<br/><br/><h4>Are you sure you want to submit another?</h4> <input type="submit" name="confirmBtn" value="Yes" /> <input type="submit" name="noBtn" value="No" /> ' . $this->hiddenInputs . ' </form></div>'); } }
public function expungeRequest($extraInputs = '') { $confirmBtn = isset($_POST['confirmBtn']) ? true : false; if ($this->toUnExpunge) { if (!isset($_POST['okBtn'])) { $myq = "UPDATE REQUEST \r\n SET STATUS='PENDING'\r\n WHERE REFER=" . $this->config->mysqli->real_escape_string($this->toExpungeRefNo); $result = $this->mysqli->query($myq); if (!SQLerrorCatch($this->config->mysqli, $result, $myq, $debug = false)) { popUpMessage('Request ' . $this->toExpungeRefNo . ' Has been placed back into PENDING State. <div align="center"><form method="POST"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); addLog($this->config, 'UnExpunged Time Request with Ref# ' . $this->toExpungeRefNo); } } } else { if ($confirmBtn && !empty($_POST['expungedReason'])) { $tempRequestForm = new time_request_form($this->config); $tempRequestForm->reqID = $this->toExpungeRefNo; if ($_SESSION['admin'] || $_SESSION['userIDnum'] == $tempRequestForm->empID) { $myq = "UPDATE REQUEST \r\n SET STATUS='EXPUNGED',\r\n HRAPP_ID='0',\r\n EX_REASON='" . $this->config->mysqli->real_escape_string($_POST['expungedReason']) . "',\r\n AUDITID='" . $this->config->mysqli->real_escape_string($_SESSION['userIDnum']) . "',\r\n IP= INET_ATON('" . $this->config->mysqli->real_escape_string($_SERVER['REMOTE_ADDR']) . "')\r\n WHERE REFER='" . $this->config->mysqli->real_escape_string($this->toExpungeRefNo) . "'"; $result = $this->config->mysqli->query($myq); if (!SQLerrorCatch($this->config->mysqli, $result, $myq, $debug = false)) { addLog($this->config, 'Expunged Time Request with Ref# ' . $this->toExpungeRefNo); popUpMessage('Request ' . $this->toExpungeRefNo . ' expunged. <div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); } } else { popUpMessage('Cannot Expunge request, please see a supervisor <div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); } } else { if (!isset($_POST['okBtn'])) { $result = ""; if (isset($_POST['expungedReason'])) { if (empty($_POST['expungedReason'])) { $result = '<font color="red">Requires a Reason</font><br/>'; } } $echo = '<div align="center"><form method="POST"> <input name="deleteBtn' . $this->toExpungeIndex . '" type="hidden" value="' . $this->toExpungeRefNo . '" /> <input type="hidden" name="totalRows" value="' . $this->toExpungeTotalRows . '" /> Request ' . $this->toExpungeRefNo . ' to be expunged<br/> ' . $result . ' Reason:<textarea name="expungedReason"></textarea><br/> <input type="submit" name="confirmBtn" value="CONFIRM EXPUNGE" /> <input type="submit" name="okBtn" value="CANCEL" /> ' . $extraInputs . ' </form></div>'; popUpMessage($echo); } } } }