function PrintEmployeeAreaPermissions($emp) { global $db; $returnVal = ""; $areas = getAreas(); $permAreas = array(); try { $areaQuery = $db->prepare("SELECT area FROM employeeAreaPermissions WHERE netID = :employee"); $areaQuery->execute(array(':employee' => $emp)); } catch (PDOException $e) { exit("error in query"); } while ($cur = $areaQuery->fetch()) { $permAreas[] = $cur->area; } foreach ($areas as $curArea) { $returnVal .= "<td>"; if ($curArea == getEmployeeAreaByNetId($emp)) { $returnVal .= "Default"; } else { if (in_array($curArea, $permAreas)) { $returnVal .= "<input type='checkbox' value='" . $emp . "_" . $curArea . "' id='" . $emp . "_" . $curArea . "' onclick='if(this.checked){grantAreaPerm(this.value);}else{revokeAreaPerm(this.value);}' checked />"; } else { $returnVal .= "<input type='checkbox' value='" . $emp . "_" . $curArea . "' id='" . $emp . "_" . $curArea . "' onclick='if(this.checked){grantAreaPerm(this.value);}else{revokeAreaPerm(this.value);}' />"; } } $returnVal .= "</td>"; } return $returnVal; }
function addPos($aPostData, $iUID) { global $db; // first, check if passed in user owns area $oAreas = getAreas($iUID, $aPostData['hdArea']); if (!$oAreas) { accessDenied("Invalid user and area combination!"); } // now we're clean // grab area pos $oAreaPos = getAreaPos($aPostData['hdArea']); foreach ($oAreaPos as $Pos) { $db->query("update positions" . " set pos_name=" . sanitizeInput($aPostData['tbName' . $Pos->pos_id]) . ", pos_desc=" . sanitizeInput($aPostData['taDesc' . $Pos->pos_id]) . " where pos_id=" . $Pos->pos_id); } // now do an add if not null if ($aPostData['tbNName'] && $aPostData['taNDesc']) { $db->query("insert into positions values(null, " . $aPostData['hdArea'] . ", " . sanitizeInput($aPostData['tbNName']) . "," . sanitizeInput($aPostData['taNDesc']) . ")"); } }
* (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ // $Id: assignEmps.php,v 1.6 2005/10/30 22:37:19 atrommer Exp $ checkUser($_SESSION['USERTYPE'], 2); doHeader("Please choose an area"); // get the areas the user is assigned to $oAreas = getAreas($_SESSION['USERID']); // check for postback if ($_POST['isPostback']) { addArea($_POST); redirect("assignEmps.php"); } ?> This is the first step in assigning an employee. Please select the area that you wish to assign employees to.<br \> <?php // display the areas assigned to the user and have them make their selections if (count($oAreas) == 0) { // they have no areas assigned to them ?> <span class="contactInfoName">You currently have no areas assigned to you!</span> <?php }
<?php //silentMonitorLog.php require '../includes/includeme.php'; // Get current user's available areas $employeeAreas = getAreas(); $tempArea = $area; // Set the current area variable to be temporarily interpreted as the area the silent monitor was originally done in // This is undone at the bottom of this page if (isset($_GET['arg']) && in_array($_GET['arg'], $employeeAreas)) { $area = $_GET['arg']; } // Ensure user has permissions for the app in the current area. $admin = can("read", "86755385-4a09-45ce-81b9-049b660210df"); //performanceSummary resource if (isset($_GET['smID'])) { $smID = $_GET['smID']; try { $silentMonitorQuery = $db->prepare("SELECT * FROM `silentMonitor` WHERE `index` = :id"); $silentMonitorQuery->execute(array(':id' => $smID)); } catch (PDOException $e) { exit("error in query"); } $silentMonitor = $silentMonitorQuery->fetch(PDO::FETCH_ASSOC); $employee = $silentMonitor['netID']; $date = $silentMonitor['submitDate']; if ($admin || $netID == $employee) { echo '<script type="text/javascript"> function printLogFromEmail() { var page = "printLog.php?employee=' . $employee . '&start=' . $date . '&end=' . $date . '&type=silentMonitor&smID=' . $smID . '";
$area = check_string($_REQUEST["area"], 'digits'); } else { $proxy = rtrim($_SERVER['HTTP_VIA']); $area = $AREAS_IP[$proxy]; } // print_r($_SERVER); $users = getUsers(); $permissions = getPermissions($admin_login["uid"], $users); if ($permissions["bills"] == 'deny') { unset($TITLE["bills"]); } if ($permissions["users"] == 'deny') { unset($TITLE["users"]); } $area = $permissions["area"] ?: $area; $areas = getAreas(); $areas[0] = "Все"; ksort($areas); $btn_back = "<a class='button red' href='javascript: window.history.back()'>« Вернуться</a>"; $btn_home = "<a class='button red' href='./'>« Вернуться</a>"; $btn_new_supply = "<a class='button green' href='./index.php?stage=new'>Добавить</a>"; $btn_remove_supply = "<a class='button red' href='javascript: if (confirm(\"Удалить этот картридж?\")) document.del_supply.submit();'>Удалить</a>"; $btn_save_supply = "<a class='button green' href='javascript: document.edit_supply.submit();'>Сохранить</a>"; $admin_fio = $admin_login["lastname"] . " " . $admin_login["firstname"]; $admin_id = $admin_login["uid"]; $rows_in_page = $CNF["rows_in_page"]; // Количество строк на странице $id = isset($_REQUEST["id"]) ? check_string($_REQUEST["id"], "digits") : null; // id-картриджа $model = isset($_REQUEST["model"]) ? check_string($_REQUEST["model"], "digits") : 0; // Модель картриджи
function printArea($iArea) { // displays the area schedule $oAreaDetails = getAreas($_SESSION['USERID'], $iArea); // make sure a row is returned, if not, user is being bad if (!count($oAreaDetails)) { // no areas, tried to circumvent sec, yell at them accessDenied("You tried to access an area you aren't assigned to!"); } $oAreaSched = getAreaSched($_REQUEST['area']); if (!count($oAreaSched)) { // let user know we have no rows print "You haven't created a schedule for this area yet."; } ?> <html> <head> <title>Viewing Schedule for <?php echo $oAreaDetails[0]->area_name; ?> </title> <link href="global.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" cellpadding="2" cellspacing="0"> <tr> <td width="50%"> Below are the events for <?php echo $oAreaDetails[0]->area_name; ?> . <?php // Area events go to the left foreach ($oAreaSched as $Sched) { // get area positions $oAreaPos = getAreaPos($_REQUEST['area']); ?> <br> <hr align="left"> <?php echo $Sched->event_name; ?> <table width="100%" border="0" cellpadding="2" class="contactInfo"> <tr> <td class="contactInfoName"><?php print date("D, n/d/y", strtotime($Sched->event_date)); ?> </td> </tr> <tr> <td>Start: <?php echo date("g:i a", strtotime($Sched->event_start)); ?> <div align="left"></div></td> <td>End: <?php echo date("g:i a", strtotime($Sched->event_end)); ?> </td> </tr> <tr valign="top"> <?php // now we go through each pos and list the scheduled emps foreach ($oAreaPos as $Pos) { ?> <td><table border="0" cellpadding="2" class="contactInfo"> <tr><td colspan=2><strong><?php echo $Pos->pos_name; ?> </strong></td></tr><?php $bRow = true; $oEventEmps = getEventEmps($Sched->event_id, $Pos->pos_id); if (count($oEventEmps)) { // we have emps, display them foreach ($oEventEmps as $Emp) { $bRow = !$bRow; ?> <tr<?php if ($bRow) { print " class=evenRow"; } ?> > <td colspan=2><?php echo $Emp->user_first . ' ' . $Emp->user_last; ?> </td> </tr> <?php } } else { //we don't, display msg print "<tr><td colspan=2><i>No employees scheduled yet</i></td></tr>"; } ?> </table></td><?php } ?> </tr> </table> <?php } ?> </td> </tr> </table> <?php }
$c['filters'][$id]['count'] = getListRowCount($filter['filter']); } $result['filters_block'] = $twig->render('filters_block.twig', $c); $result['success'] = true; unset($result['msg']); break; case 'getTicketInfo': require_once "../vendor/autoload.php"; // Twig инициализация Twig_Autoloader::register(); $loader = new Twig_Loader_Filesystem("../templates/helpdesk"); // Twig папка с шаблонами $twig = new Twig_Environment($loader, array("cache" => "")); // Twig no cache $id = $_POST['ticket_id']; $AREAS = getAreas(); $ADMINS = getAdmins(); $query_info = "SELECT\r\n `id`,\r\n `title`,\r\n `creator`,\r\n `contractor`,\r\n `performers`,\r\n `area`,\r\n `description`,\r\n DATE_FORMAT(`created`, '%d.%m.%Y') as `created`,\r\n DATE_FORMAT(`changed`, '%d.%m.%Y') as `changed`,\r\n DATE_FORMAT(`deadline`,'%d.%m.%Y') as `deadline`,\r\n `type`,\r\n `status`,\r\n `parent`,\r\n `tags`,\r\n `comments`,\r\n `category`,\r\n `access`\r\n FROM helpdesk WHERE `id`={$id}"; if ($query_info_res = $db->query($query_info)) { $info_data = $db->fetch_assoc($query_info_res); $info_data['statuses'] = getTicketsStatuses(); $info_data['types'] = getTicketsTypes(); $info_data['categories'] = getTicketsCategories(); $info_data['admins'] = $ADMINS; $info_data['comments'] = getTicketComments($id); $info_data['areas'] = $AREAS; $result['ticket_info'] = $twig->render('ticket_info.twig', $info_data); unset($result['msg']); } break; case "saveNewComment":
* the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ // $Id: editSched.php,v 1.17 2006/02/03 20:24:34 atrommer Exp $ checkUser($_SESSION['USERTYPE'], 2); // get the area attributes $oAreaDetails = getAreas($_SESSION['USERID'], $_REQUEST['area']); // make sure a row is returned, if not, user is being bad if (!count($oAreaDetails)) { // no areas, tried to circumvent sec, yell at them accessDenied("You tried to access an area you aren't assigned to!"); } elseif (!$_REQUEST['area']) { // force people through assignEmps accessDenied("Please choose an area to edit first through Manage Schedules"); } if ($_POST['confirmDelete']) { deleteEvent($_POST['event']); redirect("editSched.php?area=" . $_POST['area']); } function deleteConfirm($iArea, $iEvent) { $aEventDetails = getEventDetails($iEvent);
function displaySearchForm() { global $bedsBaths; global $resultsPage; global $showAreas; global $showSubtypes; global $locationsJSON; global $typesJSON; global $searchType; global $resultSearchType; global $currencies; global $energyRatings; global $showCurrency; global $showBeds; global $showBaths; global $showRating; global $languageArr; global $datePickerLanguages; global $language; global $showFeature; global $featuresLanguage; global $showChosen; $currencies = array('EUR', 'GBP', 'USD'); $energyRatings = array(); $rateKeys = array(); for ($i = 1; $i <= 16; $i++) { $rateKeys[] = $i; } $energyRatings = getEnergyRatingLanguage($rateKeys); $bedsBaths = array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10); $bedsData = getBedBathLanguage(array('1', '2', '3', '4', '5', '6', '7', '8', '9')); $bathsData = getBedBathLanguage(array('1', '2', '3', '4', '5', '6', '7', '8'), 'bathrooms'); $currencyIcon = array('EUR' => '€', 'GBP' => '£', 'USD' => '$'); $priceRange = generateRange(10000, 10000000, 5000); $priceRangeRentalLT = generateRange(450, 5000, 50); $priceRangeRentalST = generateRange(300, 5000, 50); $locationsList = formatSelectOptions(getLocations()); $featureCategories = groupCategory(); $featureList = ''; $featureArrs = array_map("trim", explode(",", $showFeature)); $currentCategoryName = ''; $tmpText = ''; foreach ($featureCategories['groupCategoryData'] as $k => $v) { foreach ($v as $item) { if (in_array($item['ConfigCategoryName'], $featureArrs)) { if ($item['CategoryName'] != $currentCategoryName) { if ($currentCategoryName != '') { $featureList .= TemplateHelper::render('templates/featureListItem.html', array('Search.Feature.More.Title' => $currentCategoryName, 'Search.Feature.More.Items' => $tmpText)); } $currentCategoryName = $item['CategoryName']; $tmpText = ''; } $tmpText .= '<div class="col-xs-6"><input class="feature-more text-nowrap" type="checkbox" value="' . $item['OptionName'] . '" /> ' . $item['FeatureName'] . '</div>'; } } } if ($tmpText != '') { $featureList .= TemplateHelper::render('templates/featureListItem.html', array('Search.Feature.More.Title' => $currentCategoryName, 'Search.Feature.More.Items' => $tmpText)); } $searchForm = TemplateHelper::render('templates/searchForm.html', array('Search.Form.Action' => $resultsPage, 'Search.PropertyId' => $languageArr['field_Headings']['prop_Id'], 'Search.SearchType.ForSale' => $languageArr['search_Types']['for_Sale'], 'Search.SearchType.LongTerm' => $languageArr['search_Types']['longTerm_Rent'], 'Search.SearchType.ShortTerm' => $languageArr['search_Types']['shortTerm_Rent'], 'Search.Rental.From' => $languageArr['field_Headings']['rental_From'], 'Search.Rental.To' => $languageArr['field_Headings']['rental_To'], 'Search.Area.Options' => formatAreaSelectOptions(getAreas()), 'Search.Location.Placeholder' => $languageArr['field_Headings']['select_Locations'], 'Search.Location.NoRef' => $languageArr['field_Headings']['option_NoPref'], 'Search.Location.Options' => $locationsList, 'Search.PropertyType.Placeholder' => $languageArr['field_Headings']['select_Types'], 'Search.PropertyType.NoRef' => $languageArr['field_Headings']['option_NoPref'], 'Search.PropertyType.Options' => formatSearchTypeGroupOption(getAllPropertyTypes()), 'Search.Feature.Placeholder' => $languageArr['field_Headings']['select_Features'], 'Search.Feature.NoRef' => $languageArr['field_Headings']['option_NoPref'], 'Search.Feature.Options' => formatFeatureOption($featureCategories['groupCategoryData']), 'Search.Feature.More.List' => $featureList, 'Search.Beds.NoRef' => $languageArr['field_Headings']['bedrooms']['header'], 'Search.Beds.Options' => formatOptions($bedsData), 'Search.Baths.NoRef' => $languageArr['field_Headings']['bathrooms']['header'], 'Search.Baths.Options' => formatOptions($bathsData), 'Search.MinPrice.Title' => $languageArr['field_Headings']['price_Min'], 'Search.MinPrice.Placeholder' => $languageArr['field_Headings']['price_Min'], 'Search.MaxPrice.Title' => $languageArr['field_Headings']['price_Max'], 'Search.MaxPrice.Placeholder' => $languageArr['field_Headings']['price_Max'], 'Search.Currency.NoRef' => $languageArr['field_Headings']['currency'], 'Search.Currency.Options' => formatOptions($currencies, false), 'Search.EnergyRating.NoRef' => $languageArr['field_Headings']['energyRating']['header'], 'Search.EnergyRating.Options' => formatOptions($energyRatings), 'Search.Button.Submit' => $languageArr['field_Headings']['search_Button'], 'Search.Location.JSON' => $locationsJSON, 'Search.Types.JSON' => $typesJSON, 'Search.Price.RangeData' => json_encode($priceRange), 'Search.Price.RangeRentalLongTermData' => json_encode($priceRangeRentalLT), 'Search.Price.RangeRentalShortTermData' => json_encode($priceRangeRentalST), 'Search.TypeData' => $searchType, 'Search.ResultPage' => $resultsPage, 'Search.Currency.Old' => isset($_SESSION["currency"]) ? $_SESSION["currency"] : 'EUR', 'Search.LanguageCode' => $datePickerLanguages[$language], 'Search.ShowChosen' => $showChosen), array('showAreas' => $showAreas, 'showBeds' => $showBeds, 'showBaths' => $showBaths, 'showCurrency' => $showCurrency, 'showRating' => $showRating, 'showChosen' => $showChosen)); echo $searchForm; }
function pullSubMenus() { global $area, $env, $netID, $db; echo "<ul>"; //quicklinks if ($area != null) { echo "<li><a href=\"#\">Quick links</a>"; echo "<div class=\"sub links\">"; try { $stmt = $db->prepare("SELECT * FROM quicklinks WHERE netId=:netId"); $stmt->execute(array(":netId" => $netID)); } catch (\PDOException $e) { } while ($quicklink = $stmt->fetch()) { echo "<a target='_blank' href='" . $quicklink->url . "'>" . $quicklink->name . "</a>"; } echo "<a href='/quicklinks/index'><strong>Edit Quick links</strong></a>"; echo "</div>"; echo "</li>"; } // area $areas = getAreas(); if (count($areas) > 1) { echo "<li><a href=\"#\">Area</a>"; echo "<div class=\"sub links\">"; for ($i = 0; $i < count($areas); $i++) { echo "<a href=\"\" onclick=\"document.cookie='area=" . $areas[$i] . "; path=/';\">"; if ($area == $areas[$i]) { echo "* "; } echo getAreaNameById($areas[$i]) . "</a>"; } echo "</div>"; echo "</li>"; } // environment if (isSuperuser()) { echo "<li><a href=\"#\">Environment</a>"; echo "<div class=\"sub links\">"; echo "<a href=\"\" onclick=\"document.cookie='environment=0; path=/';\">"; if ($env == 0) { echo "* "; } echo "Development</a>"; echo "<a href=\"\" onclick=\"document.cookie='environment=1; path=/';\">"; if ($env == 1) { echo "* "; } echo "Stage</a>"; echo "<a href=\"\" onclick=\"document.cookie='environment=2; path=/';\">"; if ($env == 2) { echo "* "; } echo "Production</a>"; echo "</div>"; echo "</li>"; echo "<li>\n\t\t\t\t<a href=\"#\">Development Tools</a>\n\t\t\t\t<div class=\"sub links\">\n\t\t\t\t\t<a href=\"/resources/index\">Resources</a>\n\t\t\t\t\t<a href=\"/notifications/types\">Notification Types</a>\n\t\t\t\t\t<a href=\"/tools/addLink\">Add link</a>\n\t\t\t\t\t<a href=\"/tools/editLink\">Edit link</a>\n\t\t\t\t\t<a href=\"/areaCreator\">Area Creator</a>\n\t\t\t\t\t<a href=\"/areaAdmin\">Area Admin</a>\n\t\t\t\t\t<a href=\"/areaCreator/apps.php\">App Editor</a>\n\t\t\t\t\t<a href=\"/areaCreator/permissions.php\">Old Permission Editor</a>\n\t\t\t\t\t<a href=\"/areaCreator/appPermissions.php\">Old App Permission Editor</a>\n\t\t\t\t\t<a href=\"/heimdall\">Heimdall</a>\n\t\t\t\t</div>\n\t\t\t</li>"; } if (count($areas) > 1) { // Notifications echo "<li><a id='notificationsDropdownHeader' href='#'>Notifications</a>"; echo "<div id='notificationsDropdown' class='sub links'>"; echo "</div>"; echo "</li>"; } echo "</ul>"; }
$content['dir'] = basename(__DIR__); $content['notify'] = getBurnedCounts($admin_login["uid"]); $users = getUsers(); $permissions = getPermissions($admin_login["uid"], $users); if ($permissions["bills"] == 'deny') { unset($TITLE["bills"]); } if ($permissions["users"] == 'deny') { unset($TITLE["users"]); } if (isset($permissions["area"])) { $area_sql = " AND `area_id`='" . $permissions["area"] . "'"; } $content['permissions'] = $permissions; $content['sections'] = $TITLE; $content['areas'] = getAreas(); unset($content['areas'][2]); if (!isset($page_title)) { $page_title = $TITLE[$content['dir']]; } $query_statuses = $db->query("SELECT `id`,`name` FROM users_statuses WHERE `deleted` is null ORDER BY `order`"); while ($statuses_res = $db->fetch_row($query_statuses)) { $content['user_statuses'][$statuses_res[0]] = $statuses_res[1]; } foreach ($content['user_statuses'] as $k => $v) { $query_cnt = $db->query("SELECT SQL_NO_CACHE COUNT(*) AS `cnt` FROM users WHERE `status_id`='{$k}'" . $area_sql); $content['users_cnt'][$k] = $db->result($query_cnt); } $query_index = "SELECT\r\n `id`,\r\n `model`,\r\n (SELECT `name` FROM `supply_models` WHERE supply_models.`id`=`model`) AS `model_name`,\r\n (SELECT `cartridge4u_id` FROM `supply_models` WHERE supply_models.`id`=`model`) AS `buy_id`,\r\n `area`,\r\n `use`,\r\n `full` FROM supply WHERE `deleted`!=1"; if ($query_index_res = $db->query($query_index)) { while ($index_res = $db->fetch_assoc($query_index_res)) {
$default_order = '`status_order`,(CASE WHEN `deadline`=0 THEN 1 ELSE 0 END), deadline'; if (!isset($page_title)) { $page_title = $TITLE[$c['dir']]; } $c['users'] = getUsers(); $permissions = getPermissions($admin_login["uid"], $c['users']); if ($permissions["bills"] == 'deny') { unset($TITLE["bills"]); } if ($permissions["users"] == 'deny') { unset($TITLE["users"]); } $c['permissions'] = $permissions; $c['sections'] = $TITLE; $c['admins'] = getAdmins(); $c['areas'] = getAreas(); $c['posts'] = getPosts(); $c['tags'] = getTicketsTags(); $c['filters'] = getUserFilters($admin_login["uid"]); foreach ($c['filters'] as $id => $filter) { $c['filters'][$id]['count'] = getListRowCount($filter['filter']); } if (!isset($stage) or in_array($stage, ['', 'search'])) { $c['r'] = isset($_REQUEST['r']) ? checkRequest("r") : $CNF["rows_in_page"]; //Rows (per page) $c['page'] = checkRequest("page"); // № текущей страницы $c['ob'] = checkRequest("ob"); // order_by $c['od'] = checkRequest("od"); // order_desc
<?php require '../../includes/includeMeBlank.php'; $areaNames = array(); $curAreas = getAreas(); foreach ($curAreas as $cur) { $areaNames[] = getAreaShortNameById($cur); } $data = json_encode($areaNames); echo $data;