function mainLogic() { global $debugMode, $option, $requestCategory, $optionValue, $serverName; //$category = $data[4]; switch ($option) { case "newEntry": if ($debugMode == "on") { echo "Calling newEntryPass()"; } newEntryForm(); break; case "newEntryForm": if ($debugMode == "on") { echo "Calling newEntryForm()"; } newEntryForm(); break; case "newEntrySubmit": newEntrySubmit(); break; case "newEntrySuccess": newEntrySuccess(); break; case "mainPage": $requestCategory = ''; listPosts(); $referrer = $serverName . $_SERVER['REQUEST_URI']; $_SESSION['referrer'] = $referrer; break; case "adminPage": adminPage(); break; case "adminPageBasic": if ($debugMode == "on") { echo "adminPageBasic " . $_POST['process'] . "<br>"; } adminPageBasic(); break; case "adminPageBasicSubmit": if ($debugMode == "on") { echo "adminPageBasicSubmit " . $_POST['process'] . "<br>"; } adminPageBasicSubmit(); break; case "adminPageAdvanced": if ($debugMode == "on") { echo "adminPageAdvanced " . $_POST['process'] . "<br>"; } adminPageAdvanced(); break; case "adminPageAdvancedSubmit": if ($debugMode == "on") { echo "adminPageAdvancedSubmit " . $_POST['process'] . "<br>"; } adminPageAdvancedSubmit(); break; case "adminPageAuthors": if ($debugMode == "on") { echo "adminPageAuthors " . $_POST['process'] . "<br>"; } adminPageAuthors(); break; case "adminAuthorsAdd": if ($debugMode == "on") { echo "adminAuthorsAdd " . $_POST['process'] . "<br>"; } adminAuthorsAdd(); break; case "adminAuthorsEdit": if ($debugMode == "on") { echo "adminAuthorsEdit " . $_POST['process'] . "<br>"; } adminAuthorsEdit(); break; case "adminPluginsSubmit": case "adminPagePlugins": adminPagePlugins(); break; case "adminPageModerate": case "adminModerateSubmit": adminPageModerate(); break; case "deleteEntry": if ($debugMode == "on") { echo "deleteEntry " . $_POST['process'] . "<br>"; } //deleteEntrySubmit(); if ($_POST['process'] !== "deleteEntrySubmit") { deleteEntryForm(); } else { deleteEntrySubmit(); } break; case "editEntry": if ($debugMode == "on") { echo "editEntry " . $_POST['process'] . "<br>"; } editEntryForm(); $referrer = $serverName . $_SERVER['REQUEST_URI']; $_SESSION['referrer'] = $referrer; break; case "editEntryForm": editEntryForm(); break; case "editEntrySubmit": editEntrySubmit(); break; case "posts": viewEntry(); break; case "archives": viewArchive(); break; case "month": viewArchiveMonth(); break; case "category": $requestCategory = $optionValue; listPosts(); $referrer = $serverName . $_SERVER['REQUEST_URI']; $_SESSION['referrer'] = $referrer; break; case "searchPosts": searchPosts(); break; case "sendComment": sendComment(); break; case "sendCommentSuccess": sendCommentSuccess(); break; case "listAllComments": listAllComments(); break; case "deleteComment": if ($debugMode == "on") { echo "deleteEntry " . $_POST['process'] . "<br>"; } $process = isset($_POST['process']) ? $_POST['process'] : ""; if ($process !== "deleteCommentSubmit") { deleteCommentForm(); } else { deleteCommentSubmit(); } break; case "loginPage": loginPage(); break; case "logoutPage": logoutPage(); break; case "registerPage": registerPage(); break; case "registerPageSubmit": registerPageSubmit(); break; case "forgotPass": forgotPass(); break; case "forgotPassSubmit": forgotPassSubmit(); break; case "activation": activation(); break; case "myProfile": myProfile(); break; case "myProfileSubmit": myProfileSubmit(); break; case "pluginFunction1": pluginFunction1(); break; case "pluginFunction2": pluginFunction2(); break; case "pluginFunction3": pluginFunction3(); break; case "pluginFunction4": pluginFunction4(); break; case "pluginFunction5": pluginFunction5(); break; } }
function employeePage() { // User is not logging out if (!isset($_POST['logout_button'])) { $name = $_SESSION['username']; print "<div style='text-align:right'>Welcome {$name} </div>"; //Separate Form, Logout button would be prioritized for enter after typing into fields. print "<form method=\"POST\">"; print "<div align=\"right\"><input type=\"submit\" name=\"logout_button\" value=\"Logout\" /></div>"; print "</form>"; // open connection $con = mysqli_connect($GLOBALS['host'], $GLOBALS['user'], $GLOBALS['pass'], $GLOBALS['db']); $result = NULL; // handle various different buttons if (isset($_POST['addButton'])) { // Generate a unique employee id $EmpID; $temp_result; do { $empID = rand(10000000, 99999999); $temp_result = mysqli_query($con, "SELECT * FROM `employees` WHERE `Employee_ID`=" . $empID); } while (mysqli_fetch_array($temp_result) == TRUE); // Display text boxes print "<h1>Add New Employee</h1>"; print "</br><form method=\"POST\"><div align=\"left\">"; print "Employee ID: " . $empID; print "<input name=\"id\" type=\"hidden\" value=" . $empID . " /> </br>"; print "First Name: <input name=\"first\" type=\"text\" /></br>"; print "Last Name: <input name=\"last\" type=\"text\" /> </br>"; print "Gender (M/F): <input name=\"gender\" type=\"text\" maxlength=\"1\" size=\"1\" /> </br>"; print "Date Started: <input name=\"s_year\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"YYYY\" /> - " . "<input name=\"s_month\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"MM\" /> - " . "<input name=\"s_day\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"DD\" /> </br>"; print "Date Ended: <input name=\"e_year\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"YYYY\" /> - " . "<input name=\"e_month\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"MM\" /> - " . "<input name=\"e_day\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"DD\" /> </br>"; print "Social Security Number: <input name=\"ssn1\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"123\" /> - " . "<input name=\"ssn2\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"45\" /> - " . "<input name=\"ssn3\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"6789\" /> </br>"; print "Bank Number: <input name=\"bank\" type=\"text\" maxlength=\"9\" size=\"9\" /> </br>"; print "Address: <input name=\"address\" type=\"text\" /> </br>"; print "Phone Number (<input name=\"phone1\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"000\" />) " . "<input name=\"phone2\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"123\" /> - " . "<input name=\"phone3\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"4567\" /> </br>"; print "<input type=\"submit\" name=\"createSubmit\" value=\"Submit\" />"; print "<input type=\"submit\" name=\"cancel\" value=\"Cancel\" /></div></form>"; print "<hr></br>"; } elseif (isset($_POST['createSubmit'])) { // format date, ssn and phone number for insertion $start = $_POST['s_year'] . "-" . $_POST['s_month'] . "-" . $_POST['s_day']; $end = $_POST['e_year'] . "-" . $_POST['e_month'] . "-" . $_POST['e_day']; $ssn = $_POST['ssn1'] . "-" . $_POST['ssn2'] . "-" . $_POST['ssn3']; $phone = "(" . $_POST['phone1'] . ") " . $_POST['phone2'] . "-" . $_POST['phone3']; // generate username and password from name $userpass = $_POST['last'] . $_POST['first'][0]; $query1 = "INSERT INTO `employees`(`Employee_ID`, `First_Name`, `Last_Name`, `Gender`, "; $query1 .= "`Date_Started_Employment`, `Date_Left_Employment`) VALUES ('" . $_POST['id'] . "', '" . $_POST['first'] . "', '" . $_POST['last']; $query1 .= "', '" . $_POST['gender'] . "', '" . $start . "', '" . $end . "')"; $query2 = "INSERT INTO `employee_private`(`Employee_ID`, `Employee_Username`, `Employee_Password`, "; $query2 .= "`Employee_SSN`, `Employee_Bank`, `Employee_Address`, `Employee_Phone`) VALUES "; $query2 .= "('" . $_POST['id'] . "', '" . $userpass . "', '" . $userpass . "', '" . $ssn . "', '" . $_POST['bank']; $query2 .= "', '" . $_POST['address'] . "', '" . $phone . "')"; if (mysqli_query($con, $query1) && mysqli_query($con, $query2)) { print "Successfully Created Information. </BR>"; } else { print mysqli_error($con) . "</BR>"; print "Error! Unsuccessful Creation.</BR>"; } } elseif (isset($_POST['editButton'])) { $result1 = mysqli_query($con, "Select * FROM `employees` WHERE `Employee_ID`='" . $_POST['editButton'] . "'"); $result2 = mysqli_query($con, "Select * FROM `employee_private` WHERE `Employee_ID`='" . $_POST['editButton'] . "'"); if (($info1 = mysqli_fetch_array($result1)) && ($info2 = mysqli_fetch_array($result2))) { // prepare dates, ssn and phone numbers for multiple html text boxes $start = $info1['Date_Started_Employment']; $s_year = substr($start, 0, 4); $s_month = substr($start, 5, 2); $s_day = substr($start, 8, 2); $end = $info1['Date_Left_Employment']; $e_year = substr($end, 0, 4); $e_month = substr($end, 5, 2); $e_day = substr($end, 8, 2); $ssn = $info2['Employee_SSN']; $ssn1 = substr($ssn, 0, 3); $ssn2 = substr($ssn, 4, 2); $ssn3 = substr($ssn, 7, 4); $phone = $info2['Employee_Phone']; $phone1 = substr($phone, 1, 3); $phone2 = substr($phone, 6, 3); $phone3 = substr($phone, 10, 4); print "<h1>Edit Employee</h1>"; print "</br><form method=\"POST\"><div align=\"left\">"; print "Employee ID: " . $info1['Employee_ID']; print "<input name=\"id\" type=\"hidden\" value=" . $info1['Employee_ID'] . " /> </br>"; print "First Name: <input name=\"first\" type=\"text\" value=\"" . $info1['First_Name'] . "\" /> </br>"; print "Last Name: <input name=\"last\" type=\"text\" value=\"" . $info1['Last_Name'] . "\" /> </br>"; print "Gender (M/F): <input name=\"gender\" type=\"text\" maxlength=\"1\" size=\"1\" value=\"" . $info1['Gender'] . "\" /> </br>"; print "Date Started: <input name=\"s_year\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"YYYY\" value=\"" . $s_year . "\" /> - " . "<input name=\"s_month\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"MM\" value=\"" . $s_month . "\" /> - " . "<input name=\"s_day\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"DD\" value=\"" . $s_day . "\" /> </br>"; print "Date Ended: <input name=\"e_year\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"YYYY\" value=\"" . $e_year . "\" /> - " . "<input name=\"e_month\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"MM\" value=\"" . $e_month . "\" /> - " . "<input name=\"e_day\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"DD\" value=\"" . $e_day . "\" /> </br>"; print "Social Security Number: <input name=\"ssn1\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"123\" value=\"" . $ssn1 . "\" /> - " . "<input name=\"ssn2\" type=\"text\" maxlength=\"2\" size=\"2\" placeholder=\"45\" value=\"" . $ssn2 . "\" /> - " . "<input name=\"ssn3\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"6789\" value=\"" . $ssn3 . "\" /> </br>"; print "Bank Number: <input name=\"bank\" type=\"text\" maxlength=\"9\" size=\"9\" value=\"" . $info2['Employee_Bank'] . "\" /> </br>"; print "Address: <input name=\"address\" type=\"text\" value=\"" . $info2['Employee_Address'] . "\" /> </br>"; print "Phone Number (<input name=\"phone1\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"000\" value=\"" . $phone1 . "\" />) " . "<input name=\"phone2\" type=\"text\" maxlength=\"3\" size=\"3\" placeholder=\"123\" value=\"" . $phone2 . "\" /> - " . "<input name=\"phone3\" type=\"text\" maxlength=\"4\" size=\"4\" placeholder=\"4567\" value=\"" . $phone3 . "\" /> </br>"; print "<input type=\"submit\" name=\"editSubmit\" value=\"Submit\" />"; print "<input type=\"submit\" name=\"cancel\" value=\"Cancel\" /></div></form>"; print "<hr></br>"; } } elseif (isset($_POST['editSubmit'])) { // prepare dates, ssn and phone number $start = $_POST['s_year'] . "-" . $_POST['s_month'] . "-" . $_POST['s_day']; $end = $_POST['e_year'] . "-" . $_POST['e_month'] . "-" . $_POST['e_day']; $ssn = $_POST['ssn1'] . "-" . $_POST['ssn2'] . "-" . $_POST['ssn3']; $phone = "(" . $_POST['phone1'] . ") " . $_POST['phone2'] . "-" . $_POST['phone3']; //prepare update query for employees table $query1 = "UPDATE `employees` SET `First_Name`='" . $_POST['first'] . "',`Last_Name`='" . $_POST['last'] . "'"; $query1 .= ",`Gender`='" . $_POST['gender'] . "',`Date_Started_Employment`='" . $start . "'"; $query1 .= ",`Date_Left_Employment`='" . $end . "' WHERE `Employee_ID`='" . $_POST['id'] . "'"; //prepare update query for employee_private table $query2 = "UPDATE `employee_private` SET `Employee_SSN`='" . $ssn . "',`Employee_Bank`='" . $_POST['bank'] . "',"; $query2 .= "`Employee_Address`='" . $_POST['address'] . "',`Employee_Phone`='" . $phone . "' WHERE `Employee_ID`='" . $_POST['id'] . "'"; if (mysqli_query($con, $query1) && mysqli_query($con, $query2)) { print "Successfully Edited Information. </BR>"; } else { print mysqli_error($con) . "</BR>"; print "Error! Unsuccessful Edit.</BR>"; } } elseif (isset($_POST['cancel'])) { } elseif (isset($_POST['deleteButton'])) { if (mysqli_query($con, "DELETE FROM employees WHERE `Employee_ID`='" . $_POST['deleteButton'] . "'") == TRUE) { print "Employee with ID " . $_POST['deleteButton'] . " has been removed. <BR>"; } } // Create search bar and drop down for category of search print "<h1>Employee Database</h1>"; print "<form method=\"POST\">"; print "Search By: </br>"; print "<select name=\"formChoice\"> "; print "<option value=\"\">Select</option>"; print "<option value=\"Employee_ID\">ID</option>"; print "<option value=\"First_Name\">First Name</option>"; print "<option value=\"Last_Name\">Last Name</option>"; print "<option value=\"Gender\">Gender</option>"; print "<option value=\"Date_Started_Employment\">Start Date</option>"; print "<option value=\"Date_Left_Employment\">Left Date</option></select>"; print "<input type=\"text\" name=\"Value\">"; print "<input type=\"submit\" name=\"query_submit\" value=\"Submit\" default/>"; print "<input type=\"submit\" name=\"query_submit\" value=\"Reset\" default/>"; print "</form>"; print "<div align=\"left\"><form method=\"POST\"><input type=\"submit\" name=\"addButton\" value=\"Add A New Employee\"></form></div>"; // Logout and Reset button not pressed and form dropdown is not 'select' on employee page if (isset($_POST['query_submit']) && $_POST['query_submit'] != "Reset" && isset($_POST['formChoice']) && $_POST['formChoice'] != "" && isset($_POST['Value'])) { $formChoice = $_POST['formChoice']; $value = $_POST['Value']; print "SELECT * FROM employees WHERE {$formChoice}='{$value}'"; $result = mysqli_query($con, "SELECT * FROM employees WHERE {$formChoice}='{$value}'"); printResult($result); } else { print "SELECT * FROM Employees<BR>"; $result = mysqli_query($con, "(SELECT * FROM employees)"); printResult($result); } //closing the connection mysqli_close($con); } else { session_unset(); session_destroy(); print "You have been logged out."; loginPage(); } }
<!doctype html> <html lang="en"> <head> <meta charset="UTF-8"/> <title>Tecuno</title> <link rel="stylesheet" href="cms.css"> </head> <body> <div class="outerWrapper"> <?php if (isset($_GET['a']) && $_GET['a'] == 'login' or !isset($_GET['a'])) { loginPage(); } if (isset($_GET['a']) && $_GET['a'] == 'dash') { dashboard(); } function loginPage() { ?> <h1 class="heading">Login</h1> <div class="wrapper login"> <form id="login" action="?a=dash" method="post"> <input type="text" name="username" placeholder="Username"> <input type="password" name="password" placeholder="Password"> <input type="submit" value="Log In"> </form> </div> <?php } function dashboard()
// we add it to ensure that a user is always logged in at chris/? or chris/experimental/? // if not, in collaboration mode it can happend that // user 1 is at: chris/ // user 2 is at: chris/? // then the collaboration is buggy if ($_SERVER["REQUEST_URI"][strlen($_SERVER["REQUEST_URI"]) - 1] !== '?') { header("Location: ?"); exit; } // update user-specific configuration // BACKGROUND if (isset($_SESSION['userconf']['general']) && isset($_SESSION['userconf']['general']['background'])) { $prefix = ''; if (dirname($_SESSION['userconf']['general']['background']) == '.') { $prefix .= 'users/' . $_SESSION['username'] . '/' . CHRIS_USERS_CONFIG_DIR . '/'; } $_SESSION['userconf']['general']['background'] = $prefix . $_SESSION['userconf']['general']['background']; } else { $_SESSION['userconf']['general']['background'] = "view/gfx/fnndsc_1920x1200.jpg"; } // EMAIL ADDRESS if (isset($_SESSION['userconf']['general']) && isset($_SESSION['userconf']['general']['email'])) { UserC::setEmail($_SESSION['userid'], $_SESSION['userconf']['general']['email']); } // show the homepage echo homePage(); exit; } // otherwise show the login screen echo loginPage();