function execute() { /* Check that the employee can be deleted */ $obj_employee = new hr_staff(); $obj_employee->id = $this->id; $this->locked = $obj_employee->check_lock(); unset($obj_employee); /* Define form structure */ $this->obj_form = new form_input(); $this->obj_form->formname = "staff_delete"; $this->obj_form->language = $_SESSION["user"]["lang"]; $this->obj_form->action = "hr/staff-delete-process.php"; $this->obj_form->method = "post"; // general $structure = NULL; $structure["fieldname"] = "name_staff"; $structure["type"] = "text"; $this->obj_form->add_input($structure); // hidden $structure = NULL; $structure["fieldname"] = "id_staff"; $structure["type"] = "hidden"; $structure["defaultvalue"] = $this->id; $this->obj_form->add_input($structure); // confirm delete $structure = NULL; $structure["fieldname"] = "delete_confirm"; $structure["type"] = "checkbox"; $structure["options"]["label"] = "Yes, I wish to delete this employee and realise that once deleted the data can not be recovered."; $this->obj_form->add_input($structure); // define submit field $structure = NULL; $structure["fieldname"] = "submit"; $structure["type"] = "submit"; $structure["defaultvalue"] = "delete"; $this->obj_form->add_input($structure); // define subforms $this->obj_form->subforms["staff_delete"] = array("name_staff"); $this->obj_form->subforms["hidden"] = array("id_staff"); if ($this->locked) { $this->obj_form->subforms["submit"] = array(); } else { $this->obj_form->subforms["submit"] = array("delete_confirm", "submit"); } // fetch the form data $this->obj_form->sql_query = "SELECT name_staff FROM `staff` WHERE id='" . $this->id . "' LIMIT 1"; $this->obj_form->load_data(); }
function delete_employee($id) { log_debug("hr_staff_manager", "Executing delete_employee_details({$id}, values...)"); if (user_permissions_get("staff_write")) { $obj_employee = new hr_staff(); /* Load POST Data */ $obj_employee->id = @security_script_input_predefined("int", $id); if (!$obj_employee || $obj_employee == "error") { throw new SoapFault("Sender", "INVALID_INPUT"); } /* Error Handling */ // verify employee ID (if editing an existing employee) if (!$obj_employee->verify_id()) { throw new SoapFault("Sender", "INVALID_ID"); } // make sure employee is not locked if ($obj_employee->check_lock()) { throw new SoapFault("Sender", "LOCKED"); } /* Perform Changes */ if ($obj_employee->action_delete()) { return 1; } else { throw new SoapFault("Sender", "UNEXPECTED_ACTION_ERROR"); } } else { throw new SoapFault("Sender", "ACCESS DENIED"); } }
Load POST data */ $obj_employee->id = @security_form_input_predefined("int", "id_staff", 1, ""); // these exist to make error handling work right $data["name_staff"] = @security_form_input_predefined("any", "name_staff", 0, ""); // confirm deletion $data["delete_confirm"] = @security_form_input_predefined("any", "delete_confirm", 1, "You must confirm the deletion"); /* Error Handling */ // make sure the employee actually exists if (!$obj_employee->verify_id()) { log_write("error", "staff-edit-process", "The employee you have attempted to delete - " . $obj_employee->id . " - does not exist in this system."); } // make sure employee is not locked if ($obj_employee->check_lock()) { log_write("error", "staff-delete-process", "You are not able to delete this employee because they have made postings to the billing system."); } // return to entry page in event of an error if ($_SESSION["error"]["message"]) { $_SESSION["error"]["form"]["staff_delete"] = "failed"; header("Location: ../index.php?page=hr/staff-delete.php&id=" . $obj_employee->id . ""); exit(0); } else { /* Delete Employee */ $obj_employee->action_delete(); // return to products list header("Location: ../index.php?page=hr/staff.php"); exit(0);