function PrintEmployeeAreaPermissions($emp)
{
global $db;
$returnVal = "";
$areas = getAreas();
$permAreas = array();
try {
$areaQuery = $db->prepare("SELECT area FROM employeeAreaPermissions WHERE netID = :employee");
$areaQuery->execute(array(':employee' => $emp));
} catch (PDOException $e) {
exit("error in query");
}
while ($cur = $areaQuery->fetch()) {
$permAreas[] = $cur->area;
}
foreach ($areas as $curArea) {
$returnVal .= "<td>";
if ($curArea == getEmployeeAreaByNetId($emp)) {
$returnVal .= "Default";
} else {
if (in_array($curArea, $permAreas)) {
$returnVal .= "<input type='checkbox' value='" . $emp . "_" . $curArea . "' id='" . $emp . "_" . $curArea . "' onclick='if(this.checked){grantAreaPerm(this.value);}else{revokeAreaPerm(this.value);}' checked />";
} else {
$returnVal .= "<input type='checkbox' value='" . $emp . "_" . $curArea . "' id='" . $emp . "_" . $curArea . "' onclick='if(this.checked){grantAreaPerm(this.value);}else{revokeAreaPerm(this.value);}' />";
}
}
$returnVal .= "</td>";
}
return $returnVal;
}
function addPos($aPostData, $iUID)
{
global $db;
// first, check if passed in user owns area
$oAreas = getAreas($iUID, $aPostData['hdArea']);
if (!$oAreas) {
accessDenied("Invalid user and area combination!");
}
// now we're clean
// grab area pos
$oAreaPos = getAreaPos($aPostData['hdArea']);
foreach ($oAreaPos as $Pos) {
$db->query("update positions" . " set pos_name=" . sanitizeInput($aPostData['tbName' . $Pos->pos_id]) . ", pos_desc=" . sanitizeInput($aPostData['taDesc' . $Pos->pos_id]) . " where pos_id=" . $Pos->pos_id);
}
// now do an add if not null
if ($aPostData['tbNName'] && $aPostData['taNDesc']) {
$db->query("insert into positions values(null, " . $aPostData['hdArea'] . ", " . sanitizeInput($aPostData['tbNName']) . "," . sanitizeInput($aPostData['taNDesc']) . ")");
}
}
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: assignEmps.php,v 1.6 2005/10/30 22:37:19 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
doHeader("Please choose an area");
// get the areas the user is assigned to
$oAreas = getAreas($_SESSION['USERID']);
// check for postback
if ($_POST['isPostback']) {
addArea($_POST);
redirect("assignEmps.php");
}
?>
This is the first step in assigning an employee. Please select the area that you wish to assign employees to.<br \>
<?php
// display the areas assigned to the user and have them make their selections
if (count($oAreas) == 0) {
// they have no areas assigned to them
?>
<span class="contactInfoName">You currently have no areas assigned to you!</span>
<?php
}
<?php
//silentMonitorLog.php
require '../includes/includeme.php';
// Get current user's available areas
$employeeAreas = getAreas();
$tempArea = $area;
// Set the current area variable to be temporarily interpreted as the area the silent monitor was originally done in
// This is undone at the bottom of this page
if (isset($_GET['arg']) && in_array($_GET['arg'], $employeeAreas)) {
$area = $_GET['arg'];
}
// Ensure user has permissions for the app in the current area.
$admin = can("read", "86755385-4a09-45ce-81b9-049b660210df");
//performanceSummary resource
if (isset($_GET['smID'])) {
$smID = $_GET['smID'];
try {
$silentMonitorQuery = $db->prepare("SELECT * FROM `silentMonitor` WHERE `index` = :id");
$silentMonitorQuery->execute(array(':id' => $smID));
} catch (PDOException $e) {
exit("error in query");
}
$silentMonitor = $silentMonitorQuery->fetch(PDO::FETCH_ASSOC);
$employee = $silentMonitor['netID'];
$date = $silentMonitor['submitDate'];
if ($admin || $netID == $employee) {
echo '<script type="text/javascript">
function printLogFromEmail()
{
var page = "printLog.php?employee=' . $employee . '&start=' . $date . '&end=' . $date . '&type=silentMonitor&smID=' . $smID . '";
$area = check_string($_REQUEST["area"], 'digits');
} else {
$proxy = rtrim($_SERVER['HTTP_VIA']);
$area = $AREAS_IP[$proxy];
}
// print_r($_SERVER);
$users = getUsers();
$permissions = getPermissions($admin_login["uid"], $users);
if ($permissions["bills"] == 'deny') {
unset($TITLE["bills"]);
}
if ($permissions["users"] == 'deny') {
unset($TITLE["users"]);
}
$area = $permissions["area"] ?: $area;
$areas = getAreas();
$areas[0] = "Все";
ksort($areas);
$btn_back = "<a class='button red' href='javascript: window.history.back()'>« Вернуться</a>";
$btn_home = "<a class='button red' href='./'>« Вернуться</a>";
$btn_new_supply = "<a class='button green' href='./index.php?stage=new'>Добавить</a>";
$btn_remove_supply = "<a class='button red' href='javascript: if (confirm(\"Удалить этот картридж?\")) document.del_supply.submit();'>Удалить</a>";
$btn_save_supply = "<a class='button green' href='javascript: document.edit_supply.submit();'>Сохранить</a>";
$admin_fio = $admin_login["lastname"] . " " . $admin_login["firstname"];
$admin_id = $admin_login["uid"];
$rows_in_page = $CNF["rows_in_page"];
// Количество строк на странице
$id = isset($_REQUEST["id"]) ? check_string($_REQUEST["id"], "digits") : null;
// id-картриджа
$model = isset($_REQUEST["model"]) ? check_string($_REQUEST["model"], "digits") : 0;
// Модель картриджи
function printArea($iArea)
{
// displays the area schedule
$oAreaDetails = getAreas($_SESSION['USERID'], $iArea);
// make sure a row is returned, if not, user is being bad
if (!count($oAreaDetails)) {
// no areas, tried to circumvent sec, yell at them
accessDenied("You tried to access an area you aren't assigned to!");
}
$oAreaSched = getAreaSched($_REQUEST['area']);
if (!count($oAreaSched)) {
// let user know we have no rows
print "You haven't created a schedule for this area yet.";
}
?>
<html>
<head>
<title>Viewing Schedule for <?php
echo $oAreaDetails[0]->area_name;
?>
</title>
<link href="global.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="100%" cellpadding="2" cellspacing="0">
<tr>
<td width="50%">
Below are the events for <?php
echo $oAreaDetails[0]->area_name;
?>
.
<?php
// Area events go to the left
foreach ($oAreaSched as $Sched) {
// get area positions
$oAreaPos = getAreaPos($_REQUEST['area']);
?>
<br>
<hr align="left">
<?php
echo $Sched->event_name;
?>
<table width="100%" border="0" cellpadding="2" class="contactInfo">
<tr>
<td class="contactInfoName"><?php
print date("D, n/d/y", strtotime($Sched->event_date));
?>
</td>
</tr>
<tr>
<td>Start: <?php
echo date("g:i a", strtotime($Sched->event_start));
?>
<div align="left"></div></td>
<td>End: <?php
echo date("g:i a", strtotime($Sched->event_end));
?>
</td>
</tr>
<tr valign="top">
<?php
// now we go through each pos and list the scheduled emps
foreach ($oAreaPos as $Pos) {
?>
<td><table border="0" cellpadding="2" class="contactInfo">
<tr><td colspan=2><strong><?php
echo $Pos->pos_name;
?>
</strong></td></tr><?php
$bRow = true;
$oEventEmps = getEventEmps($Sched->event_id, $Pos->pos_id);
if (count($oEventEmps)) {
// we have emps, display them
foreach ($oEventEmps as $Emp) {
$bRow = !$bRow;
?>
<tr<?php
if ($bRow) {
print " class=evenRow";
}
?>
>
<td colspan=2><?php
echo $Emp->user_first . ' ' . $Emp->user_last;
?>
</td>
</tr>
<?php
}
} else {
//we don't, display msg
print "<tr><td colspan=2><i>No employees scheduled yet</i></td></tr>";
}
?>
</table></td><?php
}
?>
</tr>
</table>
<?php
}
?>
</td>
</tr>
</table>
<?php
}
$c['filters'][$id]['count'] = getListRowCount($filter['filter']);
}
$result['filters_block'] = $twig->render('filters_block.twig', $c);
$result['success'] = true;
unset($result['msg']);
break;
case 'getTicketInfo':
require_once "../vendor/autoload.php";
// Twig инициализация
Twig_Autoloader::register();
$loader = new Twig_Loader_Filesystem("../templates/helpdesk");
// Twig папка с шаблонами
$twig = new Twig_Environment($loader, array("cache" => ""));
// Twig no cache
$id = $_POST['ticket_id'];
$AREAS = getAreas();
$ADMINS = getAdmins();
$query_info = "SELECT\r\n `id`,\r\n `title`,\r\n `creator`,\r\n `contractor`,\r\n `performers`,\r\n `area`,\r\n `description`,\r\n DATE_FORMAT(`created`, '%d.%m.%Y') as `created`,\r\n DATE_FORMAT(`changed`, '%d.%m.%Y') as `changed`,\r\n DATE_FORMAT(`deadline`,'%d.%m.%Y') as `deadline`,\r\n `type`,\r\n `status`,\r\n `parent`,\r\n `tags`,\r\n `comments`,\r\n `category`,\r\n `access`\r\n FROM helpdesk WHERE `id`={$id}";
if ($query_info_res = $db->query($query_info)) {
$info_data = $db->fetch_assoc($query_info_res);
$info_data['statuses'] = getTicketsStatuses();
$info_data['types'] = getTicketsTypes();
$info_data['categories'] = getTicketsCategories();
$info_data['admins'] = $ADMINS;
$info_data['comments'] = getTicketComments($id);
$info_data['areas'] = $AREAS;
$result['ticket_info'] = $twig->render('ticket_info.twig', $info_data);
unset($result['msg']);
}
break;
case "saveNewComment":
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: editSched.php,v 1.17 2006/02/03 20:24:34 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
// get the area attributes
$oAreaDetails = getAreas($_SESSION['USERID'], $_REQUEST['area']);
// make sure a row is returned, if not, user is being bad
if (!count($oAreaDetails)) {
// no areas, tried to circumvent sec, yell at them
accessDenied("You tried to access an area you aren't assigned to!");
} elseif (!$_REQUEST['area']) {
// force people through assignEmps
accessDenied("Please choose an area to edit first through Manage Schedules");
}
if ($_POST['confirmDelete']) {
deleteEvent($_POST['event']);
redirect("editSched.php?area=" . $_POST['area']);
}
function deleteConfirm($iArea, $iEvent)
{
$aEventDetails = getEventDetails($iEvent);
function displaySearchForm()
{
global $bedsBaths;
global $resultsPage;
global $showAreas;
global $showSubtypes;
global $locationsJSON;
global $typesJSON;
global $searchType;
global $resultSearchType;
global $currencies;
global $energyRatings;
global $showCurrency;
global $showBeds;
global $showBaths;
global $showRating;
global $languageArr;
global $datePickerLanguages;
global $language;
global $showFeature;
global $featuresLanguage;
global $showChosen;
$currencies = array('EUR', 'GBP', 'USD');
$energyRatings = array();
$rateKeys = array();
for ($i = 1; $i <= 16; $i++) {
$rateKeys[] = $i;
}
$energyRatings = getEnergyRatingLanguage($rateKeys);
$bedsBaths = array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
$bedsData = getBedBathLanguage(array('1', '2', '3', '4', '5', '6', '7', '8', '9'));
$bathsData = getBedBathLanguage(array('1', '2', '3', '4', '5', '6', '7', '8'), 'bathrooms');
$currencyIcon = array('EUR' => '€', 'GBP' => '£', 'USD' => '$');
$priceRange = generateRange(10000, 10000000, 5000);
$priceRangeRentalLT = generateRange(450, 5000, 50);
$priceRangeRentalST = generateRange(300, 5000, 50);
$locationsList = formatSelectOptions(getLocations());
$featureCategories = groupCategory();
$featureList = '';
$featureArrs = array_map("trim", explode(",", $showFeature));
$currentCategoryName = '';
$tmpText = '';
foreach ($featureCategories['groupCategoryData'] as $k => $v) {
foreach ($v as $item) {
if (in_array($item['ConfigCategoryName'], $featureArrs)) {
if ($item['CategoryName'] != $currentCategoryName) {
if ($currentCategoryName != '') {
$featureList .= TemplateHelper::render('templates/featureListItem.html', array('Search.Feature.More.Title' => $currentCategoryName, 'Search.Feature.More.Items' => $tmpText));
}
$currentCategoryName = $item['CategoryName'];
$tmpText = '';
}
$tmpText .= '<div class="col-xs-6"><input class="feature-more text-nowrap" type="checkbox" value="' . $item['OptionName'] . '" /> ' . $item['FeatureName'] . '</div>';
}
}
}
if ($tmpText != '') {
$featureList .= TemplateHelper::render('templates/featureListItem.html', array('Search.Feature.More.Title' => $currentCategoryName, 'Search.Feature.More.Items' => $tmpText));
}
$searchForm = TemplateHelper::render('templates/searchForm.html', array('Search.Form.Action' => $resultsPage, 'Search.PropertyId' => $languageArr['field_Headings']['prop_Id'], 'Search.SearchType.ForSale' => $languageArr['search_Types']['for_Sale'], 'Search.SearchType.LongTerm' => $languageArr['search_Types']['longTerm_Rent'], 'Search.SearchType.ShortTerm' => $languageArr['search_Types']['shortTerm_Rent'], 'Search.Rental.From' => $languageArr['field_Headings']['rental_From'], 'Search.Rental.To' => $languageArr['field_Headings']['rental_To'], 'Search.Area.Options' => formatAreaSelectOptions(getAreas()), 'Search.Location.Placeholder' => $languageArr['field_Headings']['select_Locations'], 'Search.Location.NoRef' => $languageArr['field_Headings']['option_NoPref'], 'Search.Location.Options' => $locationsList, 'Search.PropertyType.Placeholder' => $languageArr['field_Headings']['select_Types'], 'Search.PropertyType.NoRef' => $languageArr['field_Headings']['option_NoPref'], 'Search.PropertyType.Options' => formatSearchTypeGroupOption(getAllPropertyTypes()), 'Search.Feature.Placeholder' => $languageArr['field_Headings']['select_Features'], 'Search.Feature.NoRef' => $languageArr['field_Headings']['option_NoPref'], 'Search.Feature.Options' => formatFeatureOption($featureCategories['groupCategoryData']), 'Search.Feature.More.List' => $featureList, 'Search.Beds.NoRef' => $languageArr['field_Headings']['bedrooms']['header'], 'Search.Beds.Options' => formatOptions($bedsData), 'Search.Baths.NoRef' => $languageArr['field_Headings']['bathrooms']['header'], 'Search.Baths.Options' => formatOptions($bathsData), 'Search.MinPrice.Title' => $languageArr['field_Headings']['price_Min'], 'Search.MinPrice.Placeholder' => $languageArr['field_Headings']['price_Min'], 'Search.MaxPrice.Title' => $languageArr['field_Headings']['price_Max'], 'Search.MaxPrice.Placeholder' => $languageArr['field_Headings']['price_Max'], 'Search.Currency.NoRef' => $languageArr['field_Headings']['currency'], 'Search.Currency.Options' => formatOptions($currencies, false), 'Search.EnergyRating.NoRef' => $languageArr['field_Headings']['energyRating']['header'], 'Search.EnergyRating.Options' => formatOptions($energyRatings), 'Search.Button.Submit' => $languageArr['field_Headings']['search_Button'], 'Search.Location.JSON' => $locationsJSON, 'Search.Types.JSON' => $typesJSON, 'Search.Price.RangeData' => json_encode($priceRange), 'Search.Price.RangeRentalLongTermData' => json_encode($priceRangeRentalLT), 'Search.Price.RangeRentalShortTermData' => json_encode($priceRangeRentalST), 'Search.TypeData' => $searchType, 'Search.ResultPage' => $resultsPage, 'Search.Currency.Old' => isset($_SESSION["currency"]) ? $_SESSION["currency"] : 'EUR', 'Search.LanguageCode' => $datePickerLanguages[$language], 'Search.ShowChosen' => $showChosen), array('showAreas' => $showAreas, 'showBeds' => $showBeds, 'showBaths' => $showBaths, 'showCurrency' => $showCurrency, 'showRating' => $showRating, 'showChosen' => $showChosen));
echo $searchForm;
}
function pullSubMenus()
{
global $area, $env, $netID, $db;
echo "<ul>";
//quicklinks
if ($area != null) {
echo "<li><a href=\"#\">Quick links</a>";
echo "<div class=\"sub links\">";
try {
$stmt = $db->prepare("SELECT * FROM quicklinks WHERE netId=:netId");
$stmt->execute(array(":netId" => $netID));
} catch (\PDOException $e) {
}
while ($quicklink = $stmt->fetch()) {
echo "<a target='_blank' href='" . $quicklink->url . "'>" . $quicklink->name . "</a>";
}
echo "<a href='/quicklinks/index'><strong>Edit Quick links</strong></a>";
echo "</div>";
echo "</li>";
}
// area
$areas = getAreas();
if (count($areas) > 1) {
echo "<li><a href=\"#\">Area</a>";
echo "<div class=\"sub links\">";
for ($i = 0; $i < count($areas); $i++) {
echo "<a href=\"\" onclick=\"document.cookie='area=" . $areas[$i] . "; path=/';\">";
if ($area == $areas[$i]) {
echo "* ";
}
echo getAreaNameById($areas[$i]) . "</a>";
}
echo "</div>";
echo "</li>";
}
// environment
if (isSuperuser()) {
echo "<li><a href=\"#\">Environment</a>";
echo "<div class=\"sub links\">";
echo "<a href=\"\" onclick=\"document.cookie='environment=0; path=/';\">";
if ($env == 0) {
echo "* ";
}
echo "Development</a>";
echo "<a href=\"\" onclick=\"document.cookie='environment=1; path=/';\">";
if ($env == 1) {
echo "* ";
}
echo "Stage</a>";
echo "<a href=\"\" onclick=\"document.cookie='environment=2; path=/';\">";
if ($env == 2) {
echo "* ";
}
echo "Production</a>";
echo "</div>";
echo "</li>";
echo "<li>\n\t\t\t\t<a href=\"#\">Development Tools</a>\n\t\t\t\t<div class=\"sub links\">\n\t\t\t\t\t<a href=\"/resources/index\">Resources</a>\n\t\t\t\t\t<a href=\"/notifications/types\">Notification Types</a>\n\t\t\t\t\t<a href=\"/tools/addLink\">Add link</a>\n\t\t\t\t\t<a href=\"/tools/editLink\">Edit link</a>\n\t\t\t\t\t<a href=\"/areaCreator\">Area Creator</a>\n\t\t\t\t\t<a href=\"/areaAdmin\">Area Admin</a>\n\t\t\t\t\t<a href=\"/areaCreator/apps.php\">App Editor</a>\n\t\t\t\t\t<a href=\"/areaCreator/permissions.php\">Old Permission Editor</a>\n\t\t\t\t\t<a href=\"/areaCreator/appPermissions.php\">Old App Permission Editor</a>\n\t\t\t\t\t<a href=\"/heimdall\">Heimdall</a>\n\t\t\t\t</div>\n\t\t\t</li>";
}
if (count($areas) > 1) {
// Notifications
echo "<li><a id='notificationsDropdownHeader' href='#'>Notifications</a>";
echo "<div id='notificationsDropdown' class='sub links'>";
echo "</div>";
echo "</li>";
}
echo "</ul>";
}
$content['dir'] = basename(__DIR__);
$content['notify'] = getBurnedCounts($admin_login["uid"]);
$users = getUsers();
$permissions = getPermissions($admin_login["uid"], $users);
if ($permissions["bills"] == 'deny') {
unset($TITLE["bills"]);
}
if ($permissions["users"] == 'deny') {
unset($TITLE["users"]);
}
if (isset($permissions["area"])) {
$area_sql = " AND `area_id`='" . $permissions["area"] . "'";
}
$content['permissions'] = $permissions;
$content['sections'] = $TITLE;
$content['areas'] = getAreas();
unset($content['areas'][2]);
if (!isset($page_title)) {
$page_title = $TITLE[$content['dir']];
}
$query_statuses = $db->query("SELECT `id`,`name` FROM users_statuses WHERE `deleted` is null ORDER BY `order`");
while ($statuses_res = $db->fetch_row($query_statuses)) {
$content['user_statuses'][$statuses_res[0]] = $statuses_res[1];
}
foreach ($content['user_statuses'] as $k => $v) {
$query_cnt = $db->query("SELECT SQL_NO_CACHE COUNT(*) AS `cnt` FROM users WHERE `status_id`='{$k}'" . $area_sql);
$content['users_cnt'][$k] = $db->result($query_cnt);
}
$query_index = "SELECT\r\n `id`,\r\n `model`,\r\n (SELECT `name` FROM `supply_models` WHERE supply_models.`id`=`model`) AS `model_name`,\r\n (SELECT `cartridge4u_id` FROM `supply_models` WHERE supply_models.`id`=`model`) AS `buy_id`,\r\n `area`,\r\n `use`,\r\n `full` FROM supply WHERE `deleted`!=1";
if ($query_index_res = $db->query($query_index)) {
while ($index_res = $db->fetch_assoc($query_index_res)) {
$default_order = '`status_order`,(CASE WHEN `deadline`=0 THEN 1 ELSE 0 END), deadline';
if (!isset($page_title)) {
$page_title = $TITLE[$c['dir']];
}
$c['users'] = getUsers();
$permissions = getPermissions($admin_login["uid"], $c['users']);
if ($permissions["bills"] == 'deny') {
unset($TITLE["bills"]);
}
if ($permissions["users"] == 'deny') {
unset($TITLE["users"]);
}
$c['permissions'] = $permissions;
$c['sections'] = $TITLE;
$c['admins'] = getAdmins();
$c['areas'] = getAreas();
$c['posts'] = getPosts();
$c['tags'] = getTicketsTags();
$c['filters'] = getUserFilters($admin_login["uid"]);
foreach ($c['filters'] as $id => $filter) {
$c['filters'][$id]['count'] = getListRowCount($filter['filter']);
}
if (!isset($stage) or in_array($stage, ['', 'search'])) {
$c['r'] = isset($_REQUEST['r']) ? checkRequest("r") : $CNF["rows_in_page"];
//Rows (per page)
$c['page'] = checkRequest("page");
// № текущей страницы
$c['ob'] = checkRequest("ob");
// order_by
$c['od'] = checkRequest("od");
// order_desc
<?php
require '../../includes/includeMeBlank.php';
$areaNames = array();
$curAreas = getAreas();
foreach ($curAreas as $cur) {
$areaNames[] = getAreaShortNameById($cur);
}
$data = json_encode($areaNames);
echo $data;
