function genSetNewBatch() { $this->db = Staple_DB::get(); $user = new userModel(); $userId = $user->getId(); $oldKey = $user->getBatchId(); $key = sha1(time() . $user->getUsername() . rand(999, 9999999999.0)); //Check if key exists $sql = "SELECT id FROM accounts WHERE batchId = '" . $this->db->real_escape_string($key) . "'"; if ($this->db->query($sql)->fetch_row() > 0) { //Key already in use return false; } else { //Set new key in user account $sql = "UPDATE accounts SET batchId='" . $this->db->real_escape_string($key) . "' WHERE id={$userId}"; if ($this->db->query($sql)) { //Log Audit $audit = new auditModel(); $audit->setAction('Timesheet Validation'); $audit->setUserId($userId); $audit->setItem('Batch: ' . $oldKey); $audit->save(); return true; } else { return false; } } }
function adminSave() { if (isset($this->userId)) { //Check for current account. $currentUser = new userModel(); if ($this->userId != $currentUser->getId()) { $inTime = strtotime($this->getDate() . " " . $this->getInTime()); $outTime = strtotime($this->getDate() . " " . $this->getOutTime()); $sql = "\n INSERT INTO timeEntries\n (userId,inTime,outTime,lessTime,codeId,note,batchId)\n VALUES (\n '" . $this->db->real_escape_string($this->userId) . "',\n '" . $this->db->real_escape_string($inTime) . "',\n '" . $this->db->real_escape_string($outTime) . "',\n '" . $this->db->real_escape_string($this->lessTime) . "',\n '" . $this->db->real_escape_string($this->codeId) . "',\n '" . $this->db->real_escape_string($this->note) . "',\n '" . $this->db->real_escape_string("ADMIN ADD") . "'\n )\n "; if ($this->db->query($sql)) { $user = new userModel(); $audit = new auditModel(); $audit->setUserId($this->userId); $audit->setAction('Admin Entry Add'); $audit->setItem($user->getUsername() . " added entry for " . $this->getDate() . ". In Time: " . $this->inTime . "/Out Time: " . $this->outTime . ""); $audit->save(); return true; } } } }
function resetPin($id) { $pin = $this->generatePin(); $this->tempPin = $pin; $sql = "UPDATE accounts SET pin='" . $this->db->real_escape_string(sha1($pin)) . "' WHERE id = '" . $this->db->real_escape_string($id) . "'"; if ($this->db->query($sql)) { $account = new userModel(); $userInfo = $account->userInfo($id); $audit = new auditModel(); $audit->setUserId($userInfo['id']); $audit->setAction('PIN Reset'); $audit->setItem($account->getUsername() . " reset users PIN."); $audit->save(); return true; } }
function save() { if (isset($this->accountId) && isset($this->payPeriodYear) && isset($this->payPeriodMonth)) { //Get current users ID. $user = new userModel(); $supervisorId = $user->getId(); $supervisorName = $user->getUsername(); $sql = "INSERT INTO timesheetReview (accountId, payPeriodMonth, payPeriodYear, supervisorId) VALUES ('" . $this->db->real_escape_string($this->accountId) . "','" . $this->db->real_escape_string($this->payPeriodMonth) . "','" . $this->db->real_escape_string($this->payPeriodYear) . "','" . $this->db->real_escape_string($supervisorId) . "')"; if ($this->db->query($sql)) { $employeeUser = new userModel(); $details = $employeeUser->userInfo($this->accountId); $month = $this->payPeriodMonth; $dateObj = DateTime::createFromFormat('!m', $month); $monthName = $dateObj->format('F'); $audit = new auditModel(); $audit->setUserId($this->accountId); $audit->setAction('Timesheet Review'); $audit->setItem($supervisorName . " reviewed " . $details['username'] . " timesheet for " . $monthName . " " . $this->payPeriodYear); $audit->save(); return true; } } }
function loadExpired() { $user = new userModel(); $uid = $user->getId(); $sql = "SELECT * FROM privateMessages WHERE sentId = '" . $this->db->real_escape_string($uid) . "' AND expireDate <= CURRENT_TIMESTAMP ORDER BY postDate DESC"; $query = $this->db->query($sql); $data = array(); while ($row = $query->fetch_assoc()) { $message = array(); $message['id'] = $row['id']; $message['message'] = $row['message']; $message['expireDate'] = $row['expireDate']; $message['postDate'] = $row['postDate']; $user = new userModel(); $message['sendId'] = $user->getUsername(); $sentTo = $user->userInfo($row['userId']); $message['sentTo'] = $sentTo['firstName'] . " " . $sentTo['lastName']; $message['reviewDate'] = $row['reviewDate']; $message['reviewed'] = $row['reviewed']; $data[] = $message; } return $data; }