function alert_PostPayrollValidation($config)
{
if ($config->adminLvl == 50) {
$dismiss = isset($_POST['dismissPostValidBtn']) ? true : false;
$dismiss = isset($_GET['postPayrollValid']) ? true : $dismiss;
//No dismissal session variable for real time alerting
$dismissTime = isset($_SESSION['dismissPayrollValid']) ? $_SESSION['dismissPayrollValid'] : false;
if (!$dismiss) {
$current_timestamp = strtotime(date('Y-m-d H:i'));
$compare_timestamp = strtotime("-30 minute", $current_timestamp);
if (strtotime($dismissTime) >= $compare_timestamp) {
//popUpMessage('Will not display message '.strtotime($dismissTime). ' vs '.$compare_timestamp);
} else {
$mysqli = $config->mysqli;
//Get approved time request submitted to HR if date of use is prior to last pay period and
//current date is after end of payperiod
//determine last day of last approved pay period
$today = date('Y-m-d');
$myq = "SELECT COUNT(REFER), MAX(USEDATE) 'endDate', MIN(USEDATE) 'startDate'\r\n FROM REQUEST\r\n WHERE (STATUS='APPROVED' OR STATUS='DENIED')\r\n AND HRAPP_IS = '0'\r\n AND USEDATE <= (SELECT PPEND FROM PAYPERIOD WHERE PPEND = (SELECT PPBEG-1 FROM PAYPERIOD WHERE '" . $today . "' BETWEEN PPBEG AND PPEND))";
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result, $myq);
if ($result->num_rows > 0) {
$_SESSION['dismissPayrollValid'] = date('Y-m-d H:i');
$row = $result->fetch_assoc();
popUpMessage('<div align="center"><form name="verifyAlert" method="POST" action="?hrEmpRep=true&cust=true&postPayrollValid=true">
New Time Request after validation!
<input type="submit" name="dismissPostValidBtn" value="Go to Alert" />
<input type="hidden" name="start" value="' . $row['startDate'] . '" />
<input type="hidden" name="end" value="' . $row['endDate'] . '" />
</form></div>', 'ALERT');
}
}
} else {
$_SESSION['dismissPayrollValid'] = date('Y-m-d H:i');
}
}
}
function expungeRequest($mysqli, $referNum, $unExpunge = false, $delBtnIndex = false, $totalRows = false, $extraInputs = '')
{
$confirmBtn = isset($_POST['confirmBtn']) ? true : false;
if ($unExpunge) {
if (!isset($_POST['okBtn'])) {
$myq = "UPDATE REQUEST \r\n SET STATUS='PENDING'\r\n WHERE REFER=" . $mysqli->real_escape_string($referNum);
$result = $mysqli->query($myq);
if (!SQLerrorCatch($mysqli, $result, $myq, $debug = false)) {
$configNew = new Config();
$configNew->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1);
popUpMessage('Request ' . $referNum . ' Has been placed back into PENDING State.
<div align="center"><form method="POST">
' . $extraInputs . '
<input type="submit" name="okBtn" value="OK" />
</form></div>');
addLog($configNew->mysqli, 'UnExpunged Time Request with Ref# ' . $referNum);
}
}
} else {
if ($confirmBtn && !empty($_POST['expungedReason']) && $_SESSION['admin']) {
$myq = "UPDATE REQUEST \r\n SET STATUS='EXPUNGED',\r\n HRAPP_ID='0',\r\n EX_REASON='" . $mysqli->real_escape_string($_POST['expungedReason']) . "',\r\n AUDITID='" . $mysqli->real_escape_string($_SESSION['userIDnum']) . "',\r\n IP= INET_ATON('" . $mysqli->real_escape_string($_SERVER['REMOTE_ADDR']) . "')\r\n WHERE REFER='" . $mysqli->real_escape_string($referNum) . "'";
$result = $mysqli->query($myq);
if (!SQLerrorCatch($mysqli, $result, $myq, $debug = false)) {
$configNew = new Config();
$configNew->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1);
addLog($configNew, 'Expunged Time Request with Ref# ' . $referNum);
popUpMessage('Request ' . $referNum . ' expunged.
<div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '">
' . $extraInputs . '
<input type="submit" name="okBtn" value="OK" />
</form></div>');
}
} else {
if (!isset($_POST['okBtn'])) {
$result = "";
if (isset($_POST['expungedReason'])) {
if (empty($_POST['expungedReason'])) {
$result = '<font color="red">Requires a Reason</font><br/>';
}
}
$echo = '<div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '">
<input name="deleteBtn' . $delBtnIndex . '" type="hidden" value="' . $referNum . '" />
<input type="hidden" name="totalRows" value="' . $totalRows . '" />
Request ' . $referNum . ' to be expunged<br/> ' . $result . '
Reason:<textarea name="expungedReason"></textarea><br/>
<input type="submit" name="confirmBtn" value="CONFIRM EXPUNGE" />
<input type="submit" name="okBtn" value="CANCEL" />
' . $extraInputs . '
</form></div>';
popUpMessage($echo);
}
}
}
}
function checkInRadioLog($config, $radioLogID, $noLog = false, $hiddenInputs = '')
{
$mysqli = $config->mysqli;
$checkq = "SELECT PRIORITY_TYPE, TYPE.DESCR 'Type', I.IDNUM 'IDNUM'\r\n FROM WTS_INVENTORY I\r\n LEFT JOIN WTS_INV_TYPE TYPE ON TYPE.IDNUM=I.TYPE\r\n WHERE I.IDNUM=(SELECT RADIOID FROM WTS_RADIOLOG WHERE REFNUM='" . $radioLogID . "')";
$checkResult = $mysqli->query($checkq);
SQLerrorCatch($mysqli, $checkResult, $checkq);
$row = $checkResult->fetch_assoc();
$validInputs = true;
$wasCheckedIn = false;
$ereason = isset($_POST['ereason']) ? $_POST['ereason'] : '';
if ($row['PRIORITY_TYPE'] == "EMERGENCY") {
$ereaesonBtn = isset($_POST['ereaesonBtn']) ? true : false;
if (!$ereaesonBtn) {
popUpMessage('Emergency Reason: <br/>
<form method="POST"><input name="ereason"/><br/>
<input type="submit" name="ereaesonBtn" value="Submit Reason" />' . $hiddenInputs . '
</form>');
$validInputs = false;
}
} else {
if ($row['Type'] == "VEHICLE") {
$vStatusBtn = isset($_POST['vStatusBtn']) ? true : false;
$showPopUp = true;
$error = '';
if ($vStatusBtn) {
$vmilage = isset($_POST['vmilage']) ? $_POST['vmilage'] : '';
$vIssues = isset($_POST['vIssues']) ? $_POST['vIssues'] : '';
if (!empty($vmilage)) {
$error = vehUpdateHistory($config, $row['IDNUM'], $vmilage, $vIssues);
if (!$error) {
$showPopUp = false;
$validInputs = true;
} else {
$error .= '<br/>';
$showPopUp = true;
}
} else {
$showPopUp = true;
}
}
if ($showPopUp) {
popUpMessage('</form><div align="center"><form method="POST">
' . $error . '
Ending Milage: <input type="text" name="vmilage"/><br/>
New Maintenance Issues:<textarea name="vIssues"></textarea><br/>
<input type="submit" name="vStatusBtn" value="Submit Vehilce Report" />' . $hiddenInputs . '
</form></div><form method="POST">', "Update Vehicle History");
$validInputs = false;
}
}
}
if ($validInputs) {
$myq = "UPDATE WTS_RADIOLOG SET CHECKEDOUT = '0', `AUDIT_IN_ID` = '" . $_SESSION['userIDnum'] . "',\r\n `AUDIT_IN_TS` = NOW(), `EREASON` = '" . $ereason . "',\r\n `AUDIT_IN_IP` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "') WHERE WTS_RADIOLOG.REFNUM = '" . $radioLogID . "' LIMIT 1";
$myUpdate = "UPDATE `WTS_INVENTORY` SET `QUANTITY_AVAILABLE`=`QUANTITY_AVAILABLE` + 1 \r\n WHERE IDNUM = (SELECT RADIOID FROM WTS_RADIOLOG WHERE WTS_RADIOLOG.REFNUM = '" . $radioLogID . "') LIMIT 1;";
$result = $mysqli->query($myq);
if (!SQLerrorCatch($mysqli, $result, $myq)) {
$resultUpdate = $mysqli->query($myUpdate);
if (!SQLerrorCatch($mysqli, $resultUpdate, $myUpdate)) {
$wasCheckedIn = true;
if (!$noLog) {
echo '<font color="red">Successfully checked item back in with Reference Number: ' . $radioLogID . '</font><br /><br/>';
addLog($config, 'Radio log #' . $radioLogID . ' checked back in');
}
} else {
//Attempt to fix ALL QUANTITY Errors
$myupdate = "UPDATE `WTS_INVENTORY` \r\n SET `QUANTITY_AVAILABLE`=`QUANTITY` - \r\n (SELECT COUNT(CHECKEDOUT) FROM WTS_RADIOLOG WHERE CHECKEDOUT = 1 AND WTS_RADIOLOG.RADIOID = `WTS_INVENTORY`.IDNUM)";
$result = $mysqli->query($myupdate);
SQLerrorCatch($mysqli, $result, $myupdate);
echo '<h2>Results</h2><font color="red">ERROR - Failed to update quantities, attempted Global Fix</font><br /><Br />';
}
} else {
echo '<h2>Results</h2><font color="red">Failed to check radio back in, try again.</font><br /><Br />';
}
}
return $wasCheckedIn;
}
function selectUserSearch($config, $userToFind, $rowCount, $select = false)
{
//LDAP Search
$cnx = ldap_connect($config->ldap_server);
$user = $config->ldapUser;
$pass = $config->ldapPass;
$ldaprdn = $user . '@' . $config->domain;
ldap_set_option($cnx, LDAP_OPT_PROTOCOL_VERSION, 3);
//Set the LDAP Protocol used by your AD service
ldap_set_option($cnx, LDAP_OPT_REFERRALS, 0);
//This was necessary for my AD to do anything
if ($ldapbind = ldap_bind($cnx, $ldaprdn, $pass)) {
//Split given domain into LDAP Base DN
$temp = explode(".", $config->domain);
$dn = null;
foreach ($temp as $dc) {
if (empty($dn)) {
$dn = "DC=" . $dc;
} else {
$dn = $dn . ",DC=" . $dc;
}
}
error_reporting(E_ALL ^ E_NOTICE);
//Suppress some unnecessary messages
$filter = "(&(objectCategory=person)(objectClass=user)";
$filter .= "(|(samaccountname=*" . $userToFind . "*)(sn=*" . $userToFind . "*)(displayname=*" . $userToFind . "*)";
$filter .= "(mail=*" . $userToFind . "*)(department=*" . $userToFind . "*)(title=*" . $userToFind . "*)))";
//Search fields
$res = ldap_search($cnx, $dn, $filter);
$totalRows = ldap_count_entries($cnx, $res);
$info = ldap_get_entries($cnx, $res);
echo "Number of entries in Active Directory returned is " . $totalRows . "<br /><br /><hr />";
for ($i = 0; $i < $info["count"]; $i++) {
//echo "dn is: " . $info[$i]["dn"] . "<br />";
echo '<div align="center"><table width="400"><tr><td>';
if ($select) {
echo '<input name="foundUser' . $rowCount . '" type="radio" onClick="this.form.action=\'?' . $_POST['formName'] . "=true'" . ';this.form.submit()" />Select</td><td>';
}
echo "Display Name: " . $info[$i]["displayname"][0] . "<br />";
echo '<input type="hidden" name="foundUserFNAME' . $rowCount . '" value="' . $info[$i]["givenname"][0] . '" />First name: ' . $info[$i]["givenname"][0] . "<br />";
echo '<input type="hidden" name="foundUserLNAME' . $rowCount . '" value="' . $info[$i]["sn"][0] . '" /> Last Name: ' . $info[$i]["sn"][0] . "<br />";
echo '<input type="hidden" name="foundUserName' . $rowCount . '" value="' . $info[$i]["samaccountname"][0] . '" /> Username: '******'<br />';
//Check user in Employee Database and output IDNUM if found
$searchResult = searchDatabase($config, $info[$i]["samaccountname"][0], $i, false);
if ($searchResult < 1) {
//User not in database, so register the user
registerUser($info[$i]["samaccountname"][0], "temp01", "temp01", 0, 1);
}
//Get user's IDNUM
$mysqli = $config->mysqli;
$myq = "SELECT *\r\n FROM `EMPLOYEE`\r\n WHERE `ID` = '" . strtoupper($info[$i]["samaccountname"][0]) . "'";
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
$row = $result->fetch_assoc();
echo "Rank: " . $row['GRADE'] . "<br />";
//echo "Department: " . $row['DESCR'] . "<br />";
if ($searchResult < 1) {
//Update newly created user's information with their Active Directory Info
$myq = "UPDATE `PAYROLL`.`EMPLOYEE` SET \r\n `LNAME` = '" . strtoupper($info[$i]["sn"][0]) . "',\r\n `FNAME` = '" . strtoupper($info[$i]["givenname"][0]) . "'\r\n WHERE EMPLOYEE.IDNUM = '" . $row['IDNUM'] . "'";
//Perform SQL Query
$result = $mysqli->query($myq);
//show SQL error msg if query failed
if (!SQLerrorCatch($mysqli, $result)) {
$result = "Successfully Updated Profile";
}
}
echo "Title: " . $info[$i]["title"][0] . "<br />";
echo "Department: " . $info[$i]["department"][0] . "<br />";
echo "Email: " . $info[$i]["mail"][0] . "<br />";
echo '<input type="hidden" name="foundUserID' . $rowCount . '" value="' . $row['IDNUM'] . '" />';
echo "</td></tr></table></div><br /><hr />";
$rowCount++;
}
} else {
popUpMessage("Could Not Bind to LDAP to perform search");
}
return $totalRows;
}
function isValidUser($config)
{
if (!isset($_SESSION['validUser']) || $_SESSION['validUser'] != true) {
return false;
} else {
$timeout = 60;
//minutes
if ($_SESSION['timeout'] + $timeout * 60 < time()) {
//User has been inactive for 30 minutes
popUpMessage("Your Session has Timed Out. Please log back in");
logoutUser($config, "Session Timeout after " . $timeout . " Minutes");
return false;
} else {
return true;
}
}
}
function SQLerrorCatch($mysqli, $result, $myq = '', $debug = false)
{
$dbgTrace = debug_backtrace();
$dbgMsg = "<table><tr><th>Debug backtrace begin:</th></tr>";
foreach ($dbgTrace as $dbgIndex => $dbgInfo) {
$dbgMsg .= '<tr width=300><td>' . $dbgInfo['file'] . ' (line ' . $dbgInfo['line'] . ') -> ' . $dbgInfo['function'] . '</td></tr>';
}
$dbgMsg .= '<tr><td>Querey Used:</td></tr><tr><td>' . $myq . '</td></tr>';
$dbgMsg .= "<tr><td> </td></tr><tr><th>Debug backtrace end</th></tr></table>";
$isError = false;
try {
if (!$result) {
throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}");
}
} catch (Exception $e) {
$message = $e->getMessage();
$isError = true;
popUpMessage($dbgMsg . '<br/><br/> ' . $message, "Error Message", $width = '800');
return true;
}
if ($debug && !$isError) {
popUpMessage($dbgMsg, "Debug Message", $width = '800');
}
return $isError;
}
function displayReserves($config)
{
echo '<h3>Reserves Manager</h3>';
if ($config->adminLvl >= 75) {
//get passed variables
$addBtn = isset($_POST['addBtn']) ? true : false;
$editSelect = isset($_POST['totalRows']) ? $_POST['totalRows'] : false;
$reserveID = isset($_POST['reserveID']) ? $_POST['reserveID'] : false;
$goBackBtn = isset($_POST['goBackBtn']) ? true : false;
$delBtn = isset($_POST['delBtn']) ? true : false;
$delBtn = isset($_POST['noBtn']) ? false : $delBtn;
if ($goBackBtn) {
$addBtn = false;
$reserveID = false;
}
if (isset($_POST['totalRows']) && !$reserveID) {
for ($i = 0; $i <= $editSelect; $i++) {
if (isset($_POST['foundUser' . $i])) {
$reserveID = $_POST['foundUserID' . $i];
break;
}
}
}
if ($delBtn) {
$confirmBtn = isset($_POST['confirmBtn']) ? true : false;
$mysqli = connectToSQL($reserveDB = TRUE);
if (!$confirmBtn) {
//Confirm Delete Record
popUpMessage('Are you Sure? <br/>
<form method="POST" name="confirmForm">
<input type="submit" name="confirmBtn" value="Yes" />
<input type="submit" name="noBtn" value="Cancel" />
<input type="hidden" name="delBtn" value="true" />
<input type="hidden" name="reserveID" value="' . $reserveID . '" />
</form>');
} else {
$myq = "DELETE FROM `RESERVE`\r\n WHERE `IDNUM` = " . $reserveID . " LIMIT 1";
$result = $mysqli->query($myq);
SQLerrorCatch($mysqli, $result);
addLog($config, 'Reserve with ID ' . $reserveID . ' Deleted');
$reserveID = false;
echo 'Reserve Successfully Removed.<br/>';
}
}
//Main Content
echo '<form name="resManage" method="POST" action="' . $_SERVER['REQUEST_URI'] . '" >';
echo '<input type="hidden" name="formName" value="resManage" />';
if (!$addBtn && !$reserveID) {
reservesTable($config);
echo '<input type="submit" name="addBtn" value="Add Reserve" />';
}
if ($addBtn) {
//get return to location
$prevNum = isset($_POST['prevNum']) ? $_POST['prevNum'] : "0";
$nextNum = isset($_POST['nextNum']) ? $_POST['nextNum'] : "25";
$limit = isset($_POST['limit']) ? $_POST['limit'] : "25";
echo '<input type="hidden" name="prevNum" value="' . $prevNum . '" />';
echo '<input type="hidden" name="nextNum" value="' . $nextNum . '" />';
echo '<input type="hidden" name="limit" value="' . $limit . '" />';
showAddReserve($config);
}
if (!empty($reserveID)) {
//get return to location
$prevNum = isset($_POST['prevNum']) ? $_POST['prevNum'] : "0";
$nextNum = isset($_POST['nextNum']) ? $_POST['nextNum'] : "25";
$limit = isset($_POST['limit']) ? $_POST['limit'] : "25";
echo '<input type="hidden" name="prevNum" value="' . $prevNum . '" />';
echo '<input type="hidden" name="nextNum" value="' . $nextNum . '" />';
echo '<input type="hidden" name="limit" value="' . $limit . '" />';
reserveDetails($config, $reserveID);
}
//End Content
echo '</form>';
} else {
echo '<h3>Access Denied!</h3>';
}
}
private function showAreYouSureMessage()
{
if ($this->isShowAreYouSureMessage) {
$this->hiddenInputs .= '<input type="hidden" name="reqID" value="' . $this->reqID . '" />
<input type="hidden" name="typeID" value="' . $this->typeID . '" />
<input type="hidden" name="subTypeID" value="' . $this->subTypeID . '" />
<input type="hidden" name="empID" value="' . $this->empID . '" />
<input type="hidden" name="useDate" value="' . $this->useDate . '" />
<input type="hidden" name="endDate" value="' . $this->endDate . '" />
<input type="hidden" name="begTime1" value="' . $this->begTime1 . '" />
<input type="hidden" name="begTime2" value="' . $this->begTime2 . '" />
<input type="hidden" name="endTime1" value="' . $this->endTime1 . '" />
<input type="hidden" name="endTime2" value="' . $this->endTime2 . '" />
<input type="hidden" name="empComment" value="' . $this->empComment . '" />
<input type="hidden" name="shiftHour" value="' . $this->shiftHourRadio . '" />
';
popUpMessage('<div align="center"><form method="POST" name="areYouSure">
' . $this->reason . '<br/><br/><h4>Are you sure you want to submit another?</h4>
<input type="submit" name="confirmBtn" value="Yes" />
<input type="submit" name="noBtn" value="No" />
' . $this->hiddenInputs . '
</form></div>');
}
}
public function expungeRequest($extraInputs = '')
{
$confirmBtn = isset($_POST['confirmBtn']) ? true : false;
if ($this->toUnExpunge) {
if (!isset($_POST['okBtn'])) {
$myq = "UPDATE REQUEST \r\n SET STATUS='PENDING'\r\n WHERE REFER=" . $this->config->mysqli->real_escape_string($this->toExpungeRefNo);
$result = $this->mysqli->query($myq);
if (!SQLerrorCatch($this->config->mysqli, $result, $myq, $debug = false)) {
popUpMessage('Request ' . $this->toExpungeRefNo . ' Has been placed back into PENDING State.
<div align="center"><form method="POST">
' . $extraInputs . '
<input type="submit" name="okBtn" value="OK" />
</form></div>');
addLog($this->config, 'UnExpunged Time Request with Ref# ' . $this->toExpungeRefNo);
}
}
} else {
if ($confirmBtn && !empty($_POST['expungedReason'])) {
$tempRequestForm = new time_request_form($this->config);
$tempRequestForm->reqID = $this->toExpungeRefNo;
if ($_SESSION['admin'] || $_SESSION['userIDnum'] == $tempRequestForm->empID) {
$myq = "UPDATE REQUEST \r\n SET STATUS='EXPUNGED',\r\n HRAPP_ID='0',\r\n EX_REASON='" . $this->config->mysqli->real_escape_string($_POST['expungedReason']) . "',\r\n AUDITID='" . $this->config->mysqli->real_escape_string($_SESSION['userIDnum']) . "',\r\n IP= INET_ATON('" . $this->config->mysqli->real_escape_string($_SERVER['REMOTE_ADDR']) . "')\r\n WHERE REFER='" . $this->config->mysqli->real_escape_string($this->toExpungeRefNo) . "'";
$result = $this->config->mysqli->query($myq);
if (!SQLerrorCatch($this->config->mysqli, $result, $myq, $debug = false)) {
addLog($this->config, 'Expunged Time Request with Ref# ' . $this->toExpungeRefNo);
popUpMessage('Request ' . $this->toExpungeRefNo . ' expunged.
<div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '">
' . $extraInputs . '
<input type="submit" name="okBtn" value="OK" />
</form></div>');
}
} else {
popUpMessage('Cannot Expunge request, please see a supervisor
<div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '">
' . $extraInputs . '
<input type="submit" name="okBtn" value="OK" />
</form></div>');
}
} else {
if (!isset($_POST['okBtn'])) {
$result = "";
if (isset($_POST['expungedReason'])) {
if (empty($_POST['expungedReason'])) {
$result = '<font color="red">Requires a Reason</font><br/>';
}
}
$echo = '<div align="center"><form method="POST">
<input name="deleteBtn' . $this->toExpungeIndex . '" type="hidden" value="' . $this->toExpungeRefNo . '" />
<input type="hidden" name="totalRows" value="' . $this->toExpungeTotalRows . '" />
Request ' . $this->toExpungeRefNo . ' to be expunged<br/> ' . $result . '
Reason:<textarea name="expungedReason"></textarea><br/>
<input type="submit" name="confirmBtn" value="CONFIRM EXPUNGE" />
<input type="submit" name="okBtn" value="CANCEL" />
' . $extraInputs . '
</form></div>';
popUpMessage($echo);
}
}
}
}