function audit($chkrecent = true)
{
if (isset($_POST[$this->pagename . "YYYY"])) {
$this->YYYY = COM_input_edit($this->pagename . "YYYY", 4);
}
if (isset($_POST[$this->pagename . "MM"])) {
$this->MM = COM_input_edit($this->pagename . "MM", 2);
}
if (isset($_POST[$this->pagename . "DD"])) {
$this->DD = COM_input_edit($this->pagename . "DD", 2);
}
if ($this->YYYY . $this->MM . $this->DD == "") {
if ($this->required) {
return "entry required";
}
$this->value = NULL;
return true;
}
if ($this->YYYY == "" || $this->MM == "" || $this->DD == "") {
return "incomplete date";
}
if (!is_numeric($this->YYYY) || !is_numeric($this->MM) || !is_numeric($this->DD)) {
return "dates must be all numeric";
}
if ($chkrecent) {
$now = COM_NOW();
if ($this->YYYY < $now->format('Y') - 1 || $this->YYYY > $now->format('Y') + 1) {
return "date must be recent";
}
}
if ($this->MM < 1 || $this->MM > 12) {
return "invalid month";
}
$m = array(0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
if ($this->YYYY % 4 == 0) {
$m[2] = 29;
}
if ($this->DD < 1 || $this->DD > $m[intval($this->MM)]) {
return "invalid day of month";
}
$this->value = new DateTime($this->YYYY . "-" . $this->MM . "-" . $this->DD);
return true;
}
function update_activity(&$state)
{
global $_DB;
$activity = COM_input_edit("act");
$sql = "UPDATE " . $_DB->prefix . "b02_activity SET description=:desc\n\t\t\tWHERE activity_id=" . $_POST["actupd"] . ";";
$stmt = $_DB->prepare($sql);
$stmt->bindValue(':desc', $activity, PDO::PARAM_STR);
$stmt->execute();
$state->msgStatus = ".";
//tell server_call we're done
return true;
}
function entry_audit()
{
global $_DB, $_STATE, $_PERMITS;
$_STATE->fields["txtName"] = COM_input_edit("txtName", 32);
$_STATE->fields["txtPswd"] = $_POST["txtPswd"];
// Note: "txtPswd" does not need input_edit since it is never used in SQL nor is it displayed in
// HTML; and it should NOT be subjected to input_edit since that function limits the chars used.
$sql = "SELECT c00.*, c10.*, a00.organization_id, a00.timezone\n\t\t\tFROM " . $_DB->prefix . "c00_person AS c00\n\t\t\tLEFT OUTER JOIN " . $_DB->prefix . "c10_person_organization AS c10\n\t\t\tON (c00.person_id = c10.person_idref)\n\t\t\tLEFT OUTER JOIN " . $_DB->prefix . "a00_organization AS a00\n\t\t\tON (c10.organization_idref = a00.organization_id)\n\t\t\tWHERE c00.loginname=:user;";
$stmt = $_DB->prepare($sql);
$stmt->bindValue(':user', $_STATE->fields["txtName"], PDO::PARAM_STR);
$stmt->execute();
$_STATE->msgStatus = "Invalid login";
if (!($row = $stmt->fetchObject())) {
$_STATE->msgStatus .= " x";
return false;
//nobody there
}
//only super-duper user has no organization (even other superusers must have one)
if (is_null($row->person_idref) && $row->person_id != 0) {
$_STATE->msgStatus .= " 0";
return false;
}
if (PHP_VERSION_ID < 50500) {
require_once "password.php";
}
if (!password_verify($_STATE->fields["txtPswd"], $row->password)) {
$_STATE->msgStatus .= " -";
return false;
}
$_SESSION["person_id"] = $row->person_id;
if (is_null($row->organization_idref)) {
//should be the super-duper user
$_SESSION["person_organization_id"] = 0;
$_SESSION["organization_id"] = 1;
//better be a record there
$stmt->closeCursor();
$sql = "SELECT timezone FROM " . $_DB->prefix . "a00_organization WHERE organization_id=1;";
$stmt = $_DB->query($sql);
$row = $stmt->fetchObject();
} else {
$today = new DateTime();
//can't do TZO offset until org set - may be a few hours off
while (1 == 1) {
if (new DateTime($row->inactive_asof) >= $today) {
break;
}
if (!($row = $stmt->fetchObject())) {
$_STATE->msgStatus .= " +";
return false;
}
}
$_SESSION["person_organization_id"] = $row->person_organization_id;
$_SESSION["organization_id"] = $row->organization_id;
}
$_SESSION["org_TZO"] = $row->timezone;
$_STATE->msgStatus = "";
$stmt->closeCursor();
$_SESSION["UserPermits"] = $_PERMITS->get_permits($_SESSION["person_id"]);
//set the users's permissions
$_SESSION["UserPermits"]["_LEGAL_"] = TRUE;
//can now pass the 'logged in' gate
error_log("Login: by " . $_STATE->fields["txtName"] . "; id=" . $_SESSION["person_id"]);
//not an error but the best place to put it
return true;
}
function add_activity(&$state)
{
global $_DB;
$activity = COM_input_edit("act");
$hash = md5($activity);
$sql = "INSERT INTO " . $_DB->prefix . "b02_activity (description) VALUES (:hash);";
$stmt = $_DB->prepare($sql);
$stmt->bindValue(':hash', $hash, PDO::PARAM_STR);
$stmt->execute();
$sql = "SELECT activity_id FROM " . $_DB->prefix . "b02_activity WHERE description=:hash;";
$stmt = $_DB->prepare($sql);
$stmt->bindValue(':hash', $hash, PDO::PARAM_STR);
$stmt->execute();
$state->activity_id = $stmt->fetchObject()->activity_id;
$stmt->closeCursor();
$sql = "UPDATE " . $_DB->prefix . "b02_activity SET description=:desc WHERE activity_id=" . $state->activity_id . ";";
$stmt = $_DB->prepare($sql);
$stmt->bindValue(':desc', $activity, PDO::PARAM_STR);
$stmt->execute();
}
function update_log(&$state)
{
global $_DB;
$sql = "UPDATE " . $_DB->prefix . "b10_eventlog\n\t\t\tSET session_count=" . $_POST["sessions"] . ", attendance=" . $_POST["attendance"] . ",\n\t\t\tcomments=:comments\n\t\t\tWHERE eventlog_id=" . $state->recID . ";";
$stmt = $_DB->prepare($sql);
$stmt->bindValue(':comments', COM_input_edit("comments"), PDO::PARAM_STR);
$stmt->execute();
$state->msgStatus = "-";
//tell server_call to reset page
}
function input_edit($fldname, $length = -1)
{
return COM_input_edit($fldname, $length);
}
