<?php
global $TIMECARD_CONFIG;
$m = $AppUI->checkFileName(dPgetParam($_GET, 'm', getReadableModule()));
$denyEdit = getDenyEdit($m);
if ($denyEdit) {
$AppUI->setMsg('Access denied', UI_MSG_ERROR);
$AppUI->redirect();
}
//grab hours per day from config
$min_hours_day = $AppUI->cfg['daily_working_hours'];
$can_edit_other_timesheets = $TIMECARD_CONFIG['minimum_edit_level'] >= $AppUI->user_type;
$show_other_worksheets = $TIMECARD_CONFIG['minimum_see_level'] >= $AppUI->user_type;
$show_possible_hours_worked = $TIMECARD_CONFIG['show_possible_hours_worked'];
//print "<pre>";
//print_r($AppUI);
//print "</pre>";
//compute hours/week from config
$min_hours_week = count(explode(",", dPgetConfig("cal_working_days"))) * $min_hours_day;
// get date format
$df = $AppUI->getPref('SHDATEFORMAT');
if (isset($_GET['user_id'])) {
$sql = "SELECT user_company FROM users WHERE user_id = " . $_GET['user_id'];
$company_id = db_loadResult($sql);
if (getDenyRead("companies", $company_id)) {
$AppUI->setMsg('Access denied', UI_MSG_ERROR);
$AppUI->redirect();
}
$AppUI->setState('TimecardSelectedUser', $_GET['user_id']);
}
$user_id = $AppUI->getState('TimecardSelectedUser') ? $AppUI->getState('TimecardSelectedUser') : $AppUI->user_id;
$AppUI->setUserLocale();
// bring in the rest of the support and localisation files
$perms =& $AppUI->acl();
$def_a = 'index';
if (!isset($_GET['m']) && !empty($w2Pconfig['default_view_m'])) {
if (!$perms->checkModule($w2Pconfig['default_view_m'], 'view', $AppUI->user_id)) {
$m = 'public';
$def_a = 'welcome';
} else {
$m = $w2Pconfig['default_view_m'];
$def_a = !empty($w2Pconfig['default_view_a']) ? $w2Pconfig['default_view_a'] : $def_a;
$tab = $w2Pconfig['default_view_tab'];
}
} else {
// set the module from the url
$m = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'm', getReadableModule()));
}
// set the action from the url
$a = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'a', $def_a));
if ($m == 'projects' && $a == 'view' && $w2Pconfig['projectdesigner_view_project'] && !w2PgetParam($_GET, 'bypass') && !isset($_GET['tab'])) {
if ($AppUI->isActiveModule('projectdesigner')) {
$m = 'projectdesigner';
$a = 'index';
}
}
/* This check for $u implies that a file located in a subdirectory of higher depth than 1
* in relation to the module base can't be executed. So it would'nt be possible to
* run for example the file module/directory1/directory2/file.php
* Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are
* not allowed in the request parameters.
*/
* installed & active. If not, we should go back to the defaults.
*/
$def_a = 'index';
if (!isset($_GET['m']) && !empty($w2Pconfig['default_view_m'])) {
if (!$perms->checkModule($w2Pconfig['default_view_m'], 'view', $AppUI->user_id)) {
$m = 'public';
$def_a = 'welcome';
} else {
$m = $w2Pconfig['default_view_m'];
$def_a = !empty($w2Pconfig['default_view_a']) ? $w2Pconfig['default_view_a'] : $def_a;
$tab = $w2Pconfig['default_view_tab'];
$_GET['tab'] = $tab;
}
} else {
// set the module from the url
$m = $loader->checkFileName(w2PgetParam($_GET, 'm', getReadableModule()));
}
$m = preg_replace("/[^a-z0-9_]/", "", $m);
// set the action from the url
$a = $loader->checkFileName(w2PgetParam($_GET, 'a', $def_a));
$a = preg_replace("/[^a-z0-9_]/", "", $a);
if ($m == 'projects' && $a == 'view' && $w2Pconfig['projectdesigner_view_project'] && !w2PgetParam($_GET, 'bypass') && !isset($_GET['tab'])) {
if ($AppUI->isActiveModule('projectdesigner')) {
$m = 'projectdesigner';
$a = 'index';
}
}
/* This check for $u implies that a file located in a subdirectory of higher depth than 1
* in relation to the module base can't be executed. So it would'nt be possible to
* run for example the file module/directory1/directory2/file.php
* Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are
