function displayUpdateProfile($config) { //Get pass search results //var_dump($_POST); //DEBUG $foundUserFNAME = ''; $foundUserLNAME = ''; $foundUserName = ''; $foundUserID = $_SESSION['userIDnum']; $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0; if ($totalRows > 0) { //get post info providied from search results for ($i = 0; $i <= $totalRows; $i++) { if (isset($_POST['foundUser' . $i])) { $foundUserID = $_POST['foundUserID' . $i]; break; } //end if } //end for } //end If Nothing passed $mysqli = $config->mysqli; if (isset($_POST['updateBtn'])) { $fname = isset($_POST['fname']) ? $mysqli->real_escape_string(strtoupper($_POST['fname'])) : false; $lname = isset($_POST['lname']) ? $mysqli->real_escape_string(strtoupper($_POST['lname'])) : false; $rankID = isset($_POST['rankID']) ? $mysqli->real_escape_string($_POST['rankID']) : ''; $divisionID = isset($_POST['divisionID']) ? $mysqli->real_escape_string($_POST['divisionID']) : false; $assignID = isset($_POST['assignID']) ? $mysqli->real_escape_string($_POST['assignID']) : false; $supvID = isset($_POST['supvID']) ? $mysqli->real_escape_string($_POST['supvID']) : false; $hireDate = isset($_POST['hireDate']) ? $mysqli->real_escape_string($_POST['hireDate']) : false; $radioID = isset($_POST['radioID']) ? $mysqli->real_escape_string($_POST['radioID']) : false; $munisID = isset($_POST['munisID']) ? $mysqli->real_escape_string($_POST['munisID']) : false; $userID = isset($_POST['userID']) ? $mysqli->real_escape_string($_POST['userID']) : false; $address = isset($_POST['address']) ? $mysqli->real_escape_string($_POST['address']) : false; $hphone = isset($_POST['hphone']) ? $mysqli->real_escape_string($_POST['hphone']) : false; $cphone = isset($_POST['cphone']) ? $mysqli->real_escape_string($_POST['cphone']) : false; $wphone = isset($_POST['wphone']) ? $mysqli->real_escape_string($_POST['wphone']) : false; $dob = isset($_POST['dob']) ? $mysqli->real_escape_string($_POST['dob']) : false; $emergency = isset($_POST['emergency']) ? $mysqli->real_escape_string($_POST['emergency']) : false; $postAminLvl = isset($_POST['adminLvl']) ? $mysqli->real_escape_string($_POST['adminLvl']) : "0"; $email = isset($_POST['empEmail']) ? $mysqli->real_escape_string($_POST['empEmail']) : false; if ($config->adminLvl >= 50) { $myq = "UPDATE `EMPLOYEE` SET \n `MUNIS` = '" . $munisID . "',\n `LNAME` = '" . $lname . "',\n `FNAME` = '" . $fname . "',\n `GRADE` = '" . $rankID . "',\n `DIVISIONID` = '" . $divisionID . "',\n `SUPV` = '" . $supvID . "',\n `ASSIGN` = '" . $assignID . "',\n `TIS` = '" . Date('Y-m-d', strtotime($hireDate)) . "', \n `RADIO` = '" . $radioID . "',\n ADDRESS = '" . $address . "',\n HOMEPH = '" . $hphone . "',\n CELLPH = '" . $cphone . "',\n WORKPH = '" . $wphone . "',\n EMAIL = '" . $email . "',\n DOB = '" . Date('Y-m-d', strtotime($dob)) . "',\n EMERGCON = '" . $emergency . "',\n ADMINLVL = '" . $postAminLvl . "',\n IS_VERIFY = 1,\n AUDITID = '" . $_SESSION['userIDnum'] . "',\n AUDIT_TIME = NOW(),\n AUDIT_IP = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "')\n WHERE IDNUM = '" . $userID . "'"; } else { $myq = "UPDATE `EMPLOYEE` SET \n `MUNIS` = '" . $munisID . "',\n `LNAME` = '" . $lname . "',\n `FNAME` = '" . $fname . "',\n `GRADE` = '" . $rankID . "',\n `DIVISIONID` = '" . $divisionID . "',\n `SUPV` = '" . $supvID . "',\n `ASSIGN` = '" . $assignID . "', \n AUDITID = '" . $_SESSION['userIDnum'] . "',\n AUDIT_TIME = NOW(),\n AUDIT_IP = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "')\n WHERE IDNUM = '" . $userID . "'"; } //popUpMessage($myq); //DEBUG //Perform SQL Query $result = $mysqli->query($myq); //show SQL error msg if query failed if (!SQLerrorCatch($mysqli, $result)) { echo "Successfully Updated Profile<br />"; } else { echo "Did not Update<br />"; } $fromVerify = strcmp(isset($_POST['formName']) ? $_POST['formName'] : false, "userVerify") == 0 ? true : false; if ($fromVerify) { echo '<form method="POST"><input type="button" name="backToVerify" value="Back To Users To Verify List" onClick="this.form.action=' . "'?userVerify=true'" . ';this.form.submit()" /></form>'; } } else { //Get stored information (first view) $sql_user = strtoupper($mysqli->real_escape_string($foundUserID)); $myq = "SELECT * FROM EMPLOYEE WHERE IDNUM=" . $foundUserID; $result = $mysqli->query($myq); //show SQL error msg if query failed if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } //no loop, should be exactly one result $resultAssoc = $result->fetch_assoc(); $fname = $resultAssoc['FNAME']; $lname = $resultAssoc['LNAME']; $rankID = $resultAssoc['GRADE']; $divisionID = $resultAssoc['DIVISIONID']; $assignID = $resultAssoc['ASSIGN']; $supvID = $resultAssoc['SUPV']; $hireDate = $resultAssoc['TIS']; $radioID = $resultAssoc['RADIO']; $munisID = $resultAssoc['MUNIS']; $address = $resultAssoc['ADDRESS']; $hphone = $resultAssoc['HOMEPH']; $cphone = $resultAssoc['CELLPH']; $wphone = $resultAssoc['WORKPH']; $email = $resultAssoc['EMAIL']; $dob = $resultAssoc['DOB']; $emergency = $resultAssoc['EMERGCON']; $adminLvl = $resultAssoc['ADMINLVL']; $username = strtoupper($_SESSION['userName']); ?> <form name="update" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?> "> <input type="hidden" name="formName" value="updateProfile" /> <?php //how does this double overloaded call work!!!! $fromVerify = strcmp(isset($_POST['formName']) ? $_POST['formName'] : false, "userVerify") == 0 ? true : false; if ($fromVerify) { echo '<input type="button" name="backToVerify" value="Back To Users To Verify List" onClick="this.form.action=' . "'?userVerify=true'" . ';this.form.submit()" /> <input type="hidden" name="formName" value="userVerify" />'; } ?> </div><div align="center" class="login"> <table> <?php if ($_SESSION['admin'] >= 25) { echo "<tr><td>User: </td><td>"; if ($totalRows > 0) { echo $lname . ', ' . $fname . ' '; echo '<input type="hidden" name="userID" value="' . $foundUserID . '" />'; echo '<input type="hidden" name="totalRows" value="1" />'; echo '<input type="hidden" name="foundUserName1" value="' . $foundUserID . '" />'; } else { echo $_SESSION['userName'] . " "; echo '<input type="hidden" name="userID" value="' . $_SESSION['userIDnum'] . '" />'; } displayUserLookup($config); echo '<input type="hidden" name="searchReserves" value="false" />'; echo '</td></tr>'; } else { ?> <h3>Username: <?php echo $username; ?> </h3> <input type="hidden" name="userID" value="<?php echo $foundUserID; ?> " /> <?php } ?> <tr><td>First Name: </td><td><input name="fname" type="text" <?php if (!$fname) { showInputBoxError(); } else { echo 'value="' . $fname . '"'; } ?> /></td></tr> <tr><td>Last Name: </td><td><input name="lname" type="text" <?php if (!$lname) { showInputBoxError(); } else { echo 'value="' . $lname . '"'; } ?> /></td></tr> <?php echo "<tr><td>Division:</td><td>"; displayDivisionID("divisionID", $divisionID); echo "</td></tr>"; echo "<tr><td>Supervisor:</td><td>"; displaySUPVDropDown("supvID", $supvID); echo "</td></tr>"; //Payrate dependent if ($config->adminLvl >= 50) { echo "<tr><td>Rank:</td><td>"; displayRanks("rankID", $rankID); echo "</td></tr>"; echo "<tr><td>Assigned Shift:</td><td>"; displayAssign("assignID", $assignID); echo "</td></tr>"; ?> <tr><td>MUNIS ID: </td><td><input name="munisID" type="text" <?php if (!$munisID) { showInputBoxError(); } else { echo 'value="' . $munisID . '"'; } ?> /></td></tr> <?php } else { ?> <input type="hidden" name="rankID" value="<?php echo $rankID; ?> " /> <input type="hidden" name="assignID" value="<?php echo $assignID; ?> " /> <input type="hidden" name="munisID" value="<?php echo $munisID; ?> " /> <?php } if ($config->adminLvl >= 50) { ?> <tr><td>Hire Date: </td><td><?php displayDateSelect("hireDate", "date_1", $hireDate, $required = true); ?> </td></tr> <tr><td>Radio Number: </td><td><input name="radioID" type="text" <?php if (!$radioID) { showInputBoxError(); } else { echo 'value="' . $radioID . '"'; } ?> /></td></tr> <tr><td >Address: </td><td><textarea rows="3" cols="40" name="address" <?php if (!$address) { showInputBoxError(); } ?> ><?php echo $address; ?> </textarea></td></tr> <tr><td>Home Phone: </td><td><input name="hphone" type="text" <?php if (!$hphone && !$cphone && !$wphone) { showInputBoxError(); } else { echo 'value="' . $hphone . '"'; } ?> /></td></tr> <tr><td>Cell Phone: </td><td><input name="cphone" type="text" <?php if (!$hphone && !$cphone && !$wphone) { showInputBoxError(); } else { echo 'value="' . $cphone . '"'; } ?> /></td></tr> <tr><td>Work Phone: </td><td><input name="wphone" type="text" <?php if (!$hphone && !$cphone && !$wphone) { showInputBoxError(); } else { echo 'value="' . $wphone . '"'; } ?> /></td></tr> <tr><td>Email: </td><td><input size="40" name="empEmail" type="text" <?php if (!$email) { showInputBoxError(); } else { echo 'value="' . $email . '"'; } ?> /></td></tr> <tr><td>Date of Birth: </td><td><?php displayDateSelect("dob", "date_2", $dob, $required = true); ?> </td></tr> <tr><td>Emergency Contact: </td><td><textarea rows="2" cols="40" name="emergency" <?php if (!$emergency) { showInputBoxError(); } ?> ><?php echo $emergency; ?> </textarea></td></tr> <tr><td>Admin Level:</td><td><?php selectAdminLevel($config, $adminLvl); ?> </td></tr> <tr><td></td><td><input type="submit" name="updateBtn" value="Update Profile" /></td></tr> <?php } else { ?> <tr><td>Hire Date: </td><td><?php echo $hireDate; ?> </td></tr> <tr><td>Radio Number: </td><td> <?php echo $radioID; ?> </td></tr> <tr><td>Address: </td><td> <?php echo $address; ?> </td></tr> <tr><td>Home Phone: </td><td> <?php echo $hphone; ?> </td></tr> <tr><td>Cell Phone: </td><td> <?php echo $cphone; ?> </td></tr> <tr><td>Work Phone: </td><td> <?php echo $wphone; ?> </td></tr> <tr><td>Email: </td><td><?php echo $email; ?> </td></tr> <tr><td>Date of Birth: </td><td><?php echo $dob; ?> </td></tr> <tr><td>Emergency Contact: </td><td> <?php echo $emergency; ?> </td></tr> <tr><td></td><td><?php if ($_SESSION['userIDnum'] == $foundUserID || $config->adminLvl >= 25) { echo '<input type="submit" name="updateBtn" value="Update Profile" />'; } ?> </td></tr> <?php } ?> </table> </div><div class="clear"></div> </form> <div class="divider"></div> <?php } }
function showItemExchange($config, $radioLogID) { $mysqli = $config->mysqli; $dbgTrace = debug_backtrace(); $dbgMsg = "<table><tr><th>Debug backtrace begin:</th></tr>"; foreach ($dbgTrace as $dbgIndex => $dbgInfo) { $dbgMsg .= '<tr width=300><td>' . $dbgInfo['file'] . ' (line ' . $dbgInfo['line'] . ') -> ' . $dbgInfo['function'] . '</td></tr>'; } $dbgMsg .= "<tr><td> </td></tr><tr><th>Debug backtrace end</th></tr></table>"; //popUpMessage($dbgMsg); //get radioLog duplicating information $myq = "SELECT R.RADIOID, R.TYPE, INV.OTHER_SN, ITYPE.IDNUM 'itemTypeID',\r\n ITYPE.DESCR 'itemType', CONCAT_WS(', ', EMP.LNAME, EMP.FNAME) 'deputyName',\r\n R.DIVISIONID 'invDIV'\r\n FROM WTS_RADIOLOG R\r\n LEFT JOIN EMPLOYEE AS EMP ON R.DEPUTYID=EMP.IDNUM\r\n LEFT JOIN WTS_INVENTORY AS INV ON R.RADIOID=INV.IDNUM\r\n LEFT JOIN WTS_INV_TYPE AS ITYPE ON INV.TYPE=ITYPE.IDNUM\r\n WHERE R.REFNUM = '" . $radioLogID . "' LIMIT 1;"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result, $myq); $item = $result->fetch_assoc(); $radioID = $item['RADIOID']; $divID = $item['invDIV']; echo '<input type="hidden" name="divisionID" value="' . $_POST['divisionID'] . '" />'; echo '<br/>' . $item['itemType'] . ' ' . $item['OTHER_SN'] . ' will be exchanged from ' . $item['deputyName'] . ' to: <br/>'; //debug //var_dump($_POST); //Show previously added deputies $isExchanged = false; $deputyCount = 0; $num_deputies = isset($_POST['num_deputies']) ? $_POST['num_deputies'] : 0; $exchangeBtn = isset($_POST['exchangeItemBtn']) ? true : false; $removeBtn = false; if ($num_deputies > 0) { for ($i = 0; $i < $num_deputies; $i++) { if (!isset($_POST['removeDeputyBtn' . $i])) { $deputyID[$i] = isset($_POST['deputyID' . $i]) ? $mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : ''; $isReserve[$i] = isset($_POST['isReserve' . $i]) ? true : false; //get this user's information if ($isReserve[$i]) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $deputyID[$i]; $result = $mysqliReserve->query($myq); SQLerrorCatch($mysqliReserve, $result, $myq); $row = $result->fetch_assoc(); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME, DIVISIONID FROM EMPLOYEE WHERE IDNUM=' . $deputyID[$i]; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result, $myq); $row = $result->fetch_assoc(); } if ($i == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $deputyID[$i] . '" />'; if ($isReserve[$i] == 1) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio Call #: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<br/>'; if ($exchangeBtn) { $hiddenInputs = '<input type="hidden" value="' . $_POST['dateSelect'] . '" name="dateSelect"> <input type="hidden" name="divisionID" value="' . $row['DIVISIONID'] . '" /> <input type="hidden" value="' . $_POST['exchangeLogID'] . '" name="exchangeLogID"> <input type="hidden" value="' . $_POST['itemID'] . '" name="itemID"> <input type="hidden" value="' . $deputyID[$i] . '" name="deputyID0"> <input type="hidden" value="' . $_POST['radioCallNum0'] . '" name="radioCallNum0"> <input type="hidden" value="1" name="num_deputies"> <input type="hidden" value="0" name="finalRows"> <input type="hidden" value="true" name="exchangeItemBtn">'; $wasCheckedIn = checkInRadioLog($config, $radioLogID, $noLog = true, $hiddenInputs); if ($wasCheckedIn) { $noteq = "UPDATE WTS_RADIOLOG SET EXCHANGEID = '" . $deputyID[$i] . "' WHERE REFNUM='" . $radioLogID . "';"; $noteResult = $mysqli->query($noteq); SQLerrorCatch($mysqli, $noteResult); $tempReserve = isset($_POST['isReserve' . $i]) ? '1' : '0'; $insertLogID = checkOutItem($config, $deputyID[$i], $row['RADIO'], $radioID, $item['itemTypeID'], "SHIFT", $tempReserve, "0", $row['DIVISIONID'], $noLog = true); addLog($config, 'Exchanged Log Ref #' . $radioLogID . ' with Ref #' . $insertLogID); echo '<br/><font color="red">Exchanged Ref #' . $radioLogID . ' with Ref #' . $insertLogID . '</font><br/>'; $isExchanged = true; } } $deputyCount++; } else { $removeBtn = true; } } //End for loop of previously added deputies } //End check for multiple deputies if (!$isExchanged) { echo '<input type="hidden" name="exchangeLogID" value="' . $radioLogID . '" />'; echo '<input type="hidden" name="itemID" value="' . $radioID . '" />'; } //Get added Deputy $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0; $foundUserFNAME = ''; $foundUserLNAME = ''; $foundUserName = ''; $foundUserID = ''; if ($totalRows > 0) { //get post info providied from search results for ($i = 0; $i <= $totalRows; $i++) { if (isset($_POST['foundUser' . $i])) { $foundUserFNAME = $_POST['foundUserFNAME' . $i]; $foundUserLNAME = $_POST['foundUserLNAME' . $i]; $foundUserName = $_POST['foundUserName' . $i]; $foundUserID = $_POST['foundUserID' . $i]; if (isset($_POST['isReserve' . $i])) { $foundUserIsReserve = true; } else { $foundUserIsReserve = false; } break; } //end if } //end for } //Defaut First User - Default keep disabled for this type of exchange // if(empty($foundUserID) && $num_deputies == 0){ // //security check for central control computer // if($_SERVER['REMOTE_ADDR'] != nslookup('mcjcbcast.sheriff.mahoning.local')){ // //Default first deputy to logged in user on first load // $foundUserID = $_SESSION['userIDnum']; // $foundUserIsReserve = false; // } // } //Start to display information if (empty($foundUserID) && !$removeBtn && $_SERVER['REMOTE_ADDR'] != nslookup('WSRF14900.mahoningcountyoh.gov')) { //'10.1.32.72' //default to logged in deputy if remove button was not pressed and this is not the central computer $foundUserID = $_SESSION['userIDnum']; $foundUserIsReserve = false; } if (!empty($foundUserID) && !$exchangeBtn) { if ($foundUserIsReserve) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $foundUserID; $result = $mysqliReserve->query($myq); SQLerrorCatch($mysqliReserve, $result); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $foundUserID; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); } $row = $result->fetch_assoc(); if ($deputyCount == 0) { $phone = $row['CELLPH']; } echo '<br/>Deputy: <font color="red"><input type="hidden" name="deputyID' . $deputyCount . '" value="' . $foundUserID . '" />'; if ($foundUserIsReserve) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '</font>; Radio Call#: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } if ($deputyCount < 1) { //default to logged in deputy echo 'Add Deputy: '; displayUserLookup($config); } echo '<input type="hidden" name="num_deputies" value="' . $deputyCount . '" />'; if (isset($_POST['exchangeItemBtn'])) { echo '<br/><input type="submit" name="goBtn" value="Back to Logs" />'; } else { echo '<br/><br/>'; if ($deputyCount > 0) { echo '<input type="submit" name="exchangeItemBtn" value="Exchange Equipment" />'; } echo '<input type="submit" name="cancelBtn" value="Cancel" />'; } }
function displayRequestLookup($config) { $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : ''; $foundUserFNAME = ''; $foundUserLNAME = ''; $foundUserName = ''; $foundUserID = ''; if ($totalRows > 0) { //get post info providied from search results for ($i = 1; $i <= $totalRows; $i++) { if (isset($_POST['foundUser' . $i])) { $foundUserFNAME = $_POST['foundUserFNAME' . $i]; $foundUserLNAME = $_POST['foundUserLNAME' . $i]; $foundUserName = $_POST['foundUserName' . $i]; $foundUserID = $_POST['foundUserID' . $i]; if (isset($_POST['isReserve' . $i])) { echo '<input type="hidden" name="isReserve" value="true" />'; } break; } //end if } //end for } if (isValidUser($config) && (isset($_POST['lname']) || isset($_POST['editBtn']))) { if (isset($_POST['lname'])) { $lname = $_SESSION['lname'] = strtoupper($_POST['lname']); $startDate = $_SESSION['start'] = new DateTime($_POST['start']); $endDate = $_SESSION['end'] = new DateTime($_POST['end']); } else { $lname = $_SESSION['lname']; $startDate = $_SESSION['start']; $endDate = $_SESSION['end']; } $mysqli = $config->mysqli; //query for all time requests if no date selected if (!empty($_POST['start']) && !empty($_POST['end'])) { $myq = "SELECT DISTINCT REFER 'RefNo', CONCAT_WS(', ', REQ.LNAME, REQ.FNAME) 'Employee', DATE_FORMAT(REQDATE,'%a %b %d %Y') 'Requested',\r\n DATE_FORMAT(USEDATE,'%a %b %d %Y') 'Used', BEGTIME 'Start',\r\n ENDTIME 'End', HOURS 'Hrs',\r\n T.DESCR 'Type', SUBTYPE 'Subtype', CALLOFF 'Calloff', NOTE 'Comment', STATUS 'Status', \r\n APR.LNAME 'ApprovedBy', REASON 'Reason' \r\n FROM REQUEST R\r\n INNER JOIN TIMETYPE AS T ON R.TIMETYPEID=T.TIMETYPEID\r\n LEFT JOIN EMPLOYEE AS REQ ON REQ.IDNUM=R.IDNUM\r\n LEFT JOIN EMPLOYEE AS APR ON APR.IDNUM=R.APPROVEDBY\r\n WHERE USEDATE BETWEEN '" . $config->mysqli->real_escape_string($startDate->format('Y-m-d')) . "' \r\n AND '" . $config->mysqli->real_escape_string($endDate->format('Y-m-d')) . "' \r\n AND REQ.LNAME LIKE '%" . $config->mysqli->real_escape_string($lname) . "%'"; } else { $myq = "SELECT DISTINCT REFER 'RefNo', CONCAT_WS(', ', REQ.LNAME, REQ.FNAME) 'Employee', DATE_FORMAT(REQDATE,'%a %b %d %Y') 'Requested',\r\n DATE_FORMAT(USEDATE,'%a %b %d %Y') 'Used', BEGTIME 'Start',\r\n ENDTIME 'End', HOURS 'Hrs',\r\n T.DESCR 'Type', SUBTYPE 'Subtype', CALLOFF 'Calloff', NOTE 'Comment', STATUS 'Status', \r\n APR.LNAME 'ApprovedBy', REASON 'Reason' \r\n FROM REQUEST R\r\n INNER JOIN TIMETYPE AS T ON R.TIMETYPEID=T.TIMETYPEID\r\n LEFT JOIN EMPLOYEE AS REQ ON REQ.IDNUM=R.IDNUM\r\n LEFT JOIN EMPLOYEE AS APR ON APR.IDNUM=R.APPROVEDBY \r\n WHERE REQ.LNAME LIKE '%" . $config->mysqli->real_escape_string($lname) . "%'"; } //popUpMessage($myq); //DEBUG $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); resultTable($mysqli, $result); echo "<a href='" . $_SERVER['REQUEST_URI'] . "'>Back to Search</a>"; } else { ?> <form name="lookup" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?> "> <input type="hidden" name="formName" value="lookup" /> <input type="hidden" name="searchReserves" value="false" /> <h1>Lookup Requests by Employee</h1> <p>Search by last name: <input type="text" name="lname" value="<?php echo $foundUserLNAME; ?> " /> or <?php displayUserLookup($config); ?> </p> <p>Date range: From <?php displayDateSelect('start', 'date_1'); ?> to <?php displayDateSelect('end', 'date_2'); ?> </p> <p>(Leave date range blank to show requests for all time.)</p> <p><input type="submit" name="Submit" value="Search"></p> </form> <?php } }
function showSecLogDetails($config, $secLogID, $isEditing = false, $isApprove = false) { $addSecLog = isset($_POST['addSecLog']) ? true : false; $logoutSecLog = isset($_POST['logoutSecLog']) ? true : false; $updateSecLog = isset($_POST['updateSecLog']) ? true : false; $num_deputies = isset($_POST['num_deputies']) ? $_POST['num_deputies'] : 0; $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0; $mysqli = $config->mysqli; $mysqliReserve = connectToSQL($reserveDB = TRUE); if ($addSecLog) { //get passed values if ($num_deputies > 0) { for ($i = 0; $i < $num_deputies; $i++) { $deputyID[$i] = isset($_POST['deputyID' . $i]) ? $mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : false; $radioNum[$i] = isset($_POST['radioNum' . $i]) ? $mysqli->real_escape_string(strtoupper($_POST['radioNum' . $i])) : ''; $isReserve[$i] = isset($_POST['isReserve' . $i]) ? '1' : '0'; } } $address = isset($_POST['address']) ? $mysqli->real_escape_string(strtoupper($_POST['address'])) : ''; $city = isset($_POST['city']) ? $mysqli->real_escape_string(strtoupper($_POST['city'])) : ''; $phone = isset($_POST['phone']) ? $mysqli->real_escape_string($_POST['phone']) : ''; $shiftStart1 = !empty($_POST['shiftStart1']) ? $mysqli->real_escape_string($_POST['shiftStart1']) : '00'; $shiftStart2 = !empty($_POST['shiftStart2']) ? $mysqli->real_escape_string($_POST['shiftStart2']) : '00'; $shiftStart = $shiftStart1 . $shiftStart2 . "00"; $shiftEnd1 = !empty($_POST['shiftEnd1']) ? $mysqli->real_escape_string($_POST['shiftEnd1']) : '00'; $shiftEnd2 = !empty($_POST['shiftEnd2']) ? $mysqli->real_escape_string($_POST['shiftEnd2']) : '00'; $shiftEnd = $shiftEnd1 . $shiftEnd2 . "00"; $dress = isset($_POST['dress']) ? $mysqli->real_escape_string($_POST['dress']) : ''; $gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0; //add to database echo '<h2>Results</h2>'; if ($num_deputies > 0) { for ($i = 0; $i < $num_deputies; $i++) { $gpIDq = "SELECT MAX( GPNUM ) 'gpID' FROM SECLOG"; $gpResult = $mysqli->query($gpIDq); SQLerrorCatch($mysqli, $gpResult); $row = $gpResult->fetch_assoc(); if ($gpID != 0) { $groupID = $gpID; } else { $groupID = 0; if ($num_deputies == 1) { //Set Group ID to 0 or Individual } else { if ($i == 0) { $groupID = $row['gpID'] + 1; } else { $groupID = $row['gpID']; } } } $myq = "INSERT INTO `SECLOG` ( `IDNUM` ,`DEPUTYID` ,`RADIO` ,`TIMEIN` ,`AUDIT_IN_ID` ,\r\n `AUDIT_IN_TIME` ,`AUDIT_IN_IP` ,`LOCATION` ,`CITY` ,`PHONE` ,`SHIFTDATE` ,`SHIFTSTART` ,\r\n `SHIFTEND` ,`DRESS` ,`TIMEOUT` ,`AUDIT_OUT_ID` ,`AUDIT_OUT_TIME` ,`AUDIT_OUT_IP` ,`SUP_ID` ,\r\n `SUP_TIME` ,`SUP_IP`, IS_RESERVE, GPNUM) VALUES (\r\n NULL , '" . $deputyID[$i] . "', '" . $radioNum[$i] . "', NOW(), '" . $_SESSION['userIDnum'] . "', NOW(), INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "'), \r\n '" . $address . "', '" . $city . "', '" . $phone . "', '" . Date('Y-m-d', strtotime($_POST['dateSelect'])) . "', \r\n '" . $shiftStart . "', '" . $shiftEnd . "', '" . $dress . "', '', '', '', '', '', '', ''," . $isReserve[$i] . ",\r\n '" . $groupID . "');"; $result = $mysqli->query($myq); if (!SQLerrorCatch($mysqli, $result)) { $secLogID = $mysqli->insert_id; addLog($config, 'Secondary Log #' . $secLogID . ' Added'); echo 'Successfully Added Secondary Employment Log, Reference Number: ' . $secLogID . '<br />'; $isEditing = true; } else { echo 'Failed to add Secondary Employment Log, try again.<br />'; } } } else { echo 'Must select a user.<br />'; } echo '<br />'; //display results and get secLogID just added } if ($logoutSecLog) { $secLogID = isset($_POST['secLogID']) ? $_POST['secLogID'] : ''; logOutSecLog($config, $secLogID); $isEditing = true; } if ($updateSecLog) { ////get posted values $secLogID = isset($_POST['secLogID']) ? $mysqli->real_escape_string($_POST['secLogID']) : ''; $radioNum = isset($_POST['radioNum']) ? $mysqli->real_escape_string($_POST['radioNum']) : ''; $address = isset($_POST['address']) ? $mysqli->real_escape_string($_POST['address']) : ''; $city = isset($_POST['city']) ? $mysqli->real_escape_string($_POST['city']) : ''; $phone = isset($_POST['phone']) ? $mysqli->real_escape_string($_POST['phone']) : ''; $shiftStart1 = isset($_POST['shiftStart1']) ? $mysqli->real_escape_string($_POST['shiftStart1']) : ''; $shiftStart2 = isset($_POST['shiftStart2']) ? $mysqli->real_escape_string($_POST['shiftStart2']) : ''; $shiftStart = $shiftStart1 . $shiftStart2 . "00"; $shiftEnd1 = isset($_POST['shiftEnd1']) ? $mysqli->real_escape_string($_POST['shiftEnd1']) : ''; $shiftEnd2 = isset($_POST['shiftEnd2']) ? $mysqli->real_escape_string($_POST['shiftEnd2']) : ''; $shiftEnd = $shiftEnd1 . $shiftEnd2 . "00"; $dress = isset($_POST['dress']) ? $mysqli->real_escape_string($_POST['dress']) : ''; updateSecLog($config, $secLogID, $radioNum, $address, $city, $phone, $shiftStart1, $shiftStart2, $shiftEnd1, $shiftEnd2, $dress); $isEditing = true; } if ($isEditing) { if ($config->adminLvl >= 0) { $mysqli = $config->mysqli; $myq = "SELECT S.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', S.RADIO, LOCATION, S.CITY, PHONE,\r\n SHIFTSTART, SHIFTEND, DRESS, S.IDNUM, S.TIMEOUT\r\n FROM SECLOG S\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=S.DEPUTYID\r\n WHERE S.IDNUM = '" . $secLogID . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT S.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', S.RADIO, LOCATION, S.CITY, PHONE,\r\n SHIFTSTART, SHIFTEND, DRESS, S.IDNUM, S.TIMEOUT\r\n FROM SECLOG S\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=S.DEPUTYID\r\n WHERE S.IDNUM = '" . $secLogID . "' AND IS_RESERVE=1\r\n ORDER BY IDNUM"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $row = $result->fetch_assoc(); if ($row['gpID'] != 0) { //get all users echo '<div align="center">Group Reference #: ' . $row['gpID'] . ' <input type="hidden" name="gpID" value="' . $row['gpID'] . '" /></div>'; $newq = "SELECT S.IDNUM 'refNum', S.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', S.RADIO, LOCATION, S.CITY, PHONE,\r\n SHIFTSTART, SHIFTEND, DRESS, S.IDNUM, S.TIMEOUT\r\n FROM SECLOG S\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=S.DEPUTYID\r\n WHERE S.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT S.IDNUM 'refNum', S.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', S.RADIO, LOCATION, S.CITY, PHONE,\r\n SHIFTSTART, SHIFTEND, DRESS, S.IDNUM, S.TIMEOUT\r\n FROM SECLOG S\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=S.DEPUTYID\r\n WHERE S.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=1\r\n ORDER BY IDNUM"; $newResult = $mysqli->query($newq); SQLerrorCatch($mysqli, $newResult); $x = 0; $y = 0; $depTable = array(array()); $depTable[$x][$y] = "Reference#"; $y++; $depTable[$x][$y] = "Deputy"; $y++; $depTable[$x][$y] = "Radio#"; $y++; $depTable[$x][$y] = "Action"; $y++; $x++; while ($newRow = $newResult->fetch_assoc()) { $y = 0; $depTable[$x][$y] = $newRow['refNum'] . ' <input type="hidden" name="secLogID' . $x . '" value="' . $newRow['refNum'] . '" />'; $y++; $depTable[$x][$y] = $newRow['DEPUTYNAME']; $y++; $depTable[$x][$y] = '<input type="text" name="radioNum' . $x . '" value="' . $newRow['RADIO'] . '" />'; $y++; if (strcmp($newRow['TIMEOUT'], "00:00:00") == 0) { $depTable[$x][$y] = '<input type="submit" value="Update" name="updateSecLog' . $x . '" /> <input type="submit" value="LogOut" name="logoutSecLog' . $x . '" /><br/>'; if ($config->adminLvl >= 25) { $depTable[$x][$y] .= '<input type="submit" name="changeDeputy' . $x . '" value="Change Deputy" />'; } $y++; } else { if ($config->adminLvl >= 25) { $depTable[$x][$y] = '<input type="submit" value="Update" name="updateSecLog' . $x . '" /> Logged Out at ' . $newRow['TIMEOUT']; $y++; } else { $depTable[$x][$y] = 'Logged Out at ' . $newRow['TIMEOUT']; $y++; } } $x++; } showSortableTable($depTable, 1); } else { $x = 0; $y = 0; $depTable = array(array()); $depTable[$x][$y] = "Reference#"; $y++; $depTable[$x][$y] = "Deputy"; $y++; $depTable[$x][$y] = "Radio#"; $y++; $depTable[$x][$y] = "Action"; $y++; $x++; $y = 0; $depTable[$x][$y] = $secLogID . '<input type="hidden" name="secLogID" value="' . $secLogID . '" />'; $y++; $depTable[$x][$y] = $row['DEPUTYNAME']; $y++; $depTable[$x][$y] = $row['DEPUTYNAME']; $y++; if ($config->adminLvl >= 25) { $depTable[$x][$y] = '<input type="submit" name="changeDeputy1" value="Change Deputy" />'; } else { $depTable[$x][$y] = ''; } $y++; showSortableTable($depTable, 1); // echo 'Reference #: '.$secLogID.'<input type="hidden" name="secLogID" value="'.$secLogID.'" /><br /> // Deputy: '.$row['DEPUTYNAME'].'<br/> // Radio#: <input type="text" name="radioNum" value="'.$row['RADIO'].'" /> // <input type="submit" name="changeDeputy1" value="Change Deputy" /><br/>'; } echo '<div align="left">Add Deputy: <button type="button" name="searchBtn" value="Lookup Employee" onClick="this.form.action=' . "'?userLookup=true'" . ';this.form.submit()" > Lookup Employee</button></div><br/>'; echo 'Site Name or Address: <input type="text" name="address" value="' . $row['LOCATION'] . '" /><br/> City/Twp: <input type="text" name="city" value="' . $row['CITY'] . '" /><br/> Contact#: <input type="text" name="phone" value="' . $row['PHONE'] . '" /><br/> Shift Start Time: '; $temp = explode(":", $row['SHIFTSTART']); showTimeSelector("shiftStart", $temp[0], $temp[1], false); echo ' <br/> Shift End Time: '; $temp = explode(":", $row['SHIFTEND']); showTimeSelector("shiftEnd", $temp[0], $temp[1], false); echo '<br/> Dress: <select name="dress"> <option value=""></option> <option value="U"'; if (strcmp($row['DRESS'], "U") == 0) { echo ' SELECTED '; } echo '>Uniform</option> <option value="PC"'; if (strcmp($row['DRESS'], "PC") == 0) { echo ' SELECTED '; } echo '>Plain Clothes</option> </select><br/>'; echo 'Logged Off Time: '; if (strcmp($row['TIMEOUT'], "00:00:00") == 0) { echo "Not Logged Off Yet<br /><br />"; if ($row['gpID'] != 0) { echo '<input type="submit" name="logoutSecLogAll" value="LogOut All" />'; } else { echo '<input type="submit" name="logoutSecLog" value="LogOut" />'; } } else { echo $row['TIMEOUT'] . '<br /><br />'; } if (strcmp($row['TIMEOUT'], "00:00:00") == 0 || $config->adminLvl >= 25) { if ($row['gpID'] != 0) { echo '<input type="submit" name="updateSecLogAll" value="Update All" />'; } else { echo '<input type="submit" name="updateSecLog" value="Update" />'; } } if ($isApprove) { echo '<input type="submit" name="backToApprove" value="Back To Approvals" />'; } else { echo '<input type="submit" name="goBtn" value="Back To Logs" />'; } } else { echo 'Access Denied'; } } if (!$isEditing && !isset($_POST['goBtn'])) { $secLogID = isset($_POST['secLogID']) ? $_POST['secLogID'] : $_SESSION['userIDnum']; $radioNum = isset($_POST['radioNum']) ? $_POST['radioNum'] : ''; $address = isset($_POST['address']) ? $_POST['address'] : ''; $city = isset($_POST['city']) ? $_POST['city'] : ''; $phone = isset($_POST['phone']) ? $_POST['phone'] : ''; $shiftStart1 = isset($_POST['shiftStart1']) ? $_POST['shiftStart1'] : ''; $shiftStart2 = isset($_POST['shiftStart2']) ? $_POST['shiftStart2'] : ''; $shiftEnd1 = isset($_POST['shiftEnd1']) ? $_POST['shiftEnd1'] : ''; $shiftEnd2 = isset($_POST['shiftEnd2']) ? $_POST['shiftEnd2'] : ''; $dress = isset($_POST['dress']) ? $_POST['dress'] : ''; $dateSelect = isset($_POST['dateSelect']) ? $_POST['dateSelect'] : ''; //debug //var_dump($_POST); //Show previously added deputies $deputyCount = 0; if ($num_deputies > 0) { for ($i = 0; $i < $num_deputies; $i++) { if (!isset($_POST['removeDeputyBtn' . $i])) { $deputyID[$i] = isset($_POST['deputyID' . $i]) ? $mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : ''; $isReserve[$i] = isset($_POST['isReserve' . $i]) ? true : false; //get this user's information if ($isReserve[$i]) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $deputyID[$i]; $result = $mysqliReserve->query($myq); SQLerrorCatch($mysqliReserve, $result); $row = $result->fetch_assoc(); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $deputyID[$i]; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $row = $result->fetch_assoc(); } if ($i == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $deputyID[$i] . '" />'; if ($isReserve[$i] == 1) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio#: <input type="hidden" name="radioNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } } //End for loop of previously added deputies } //End check for multiple deputies //Get added Deputy $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0; $foundUserFNAME = ''; $foundUserLNAME = ''; $foundUserName = ''; $foundUserID = ''; if ($totalRows > 0) { //get post info providied from search results for ($i = 0; $i <= $totalRows; $i++) { if (isset($_POST['foundUser' . $i])) { $foundUserFNAME = $_POST['foundUserFNAME' . $i]; $foundUserLNAME = $_POST['foundUserLNAME' . $i]; $foundUserName = $_POST['foundUserName' . $i]; $foundUserID = $_POST['foundUserID' . $i]; if (isset($_POST['isReserve' . $i])) { $foundUserIsReserve = true; } else { $foundUserIsReserve = false; } break; } //end if } //end for } if (empty($foundUserID) && $num_deputies == 0) { if ($_SERVER['REMOTE_ADDR'] != nslookup('WSRF14900.mahoningcountyoh.gov')) { //'10.1.32.72' $foundUserID = $_SESSION['userIDnum']; $foundUserIsReserve = false; } } if (!empty($foundUserID)) { if ($foundUserIsReserve) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $foundUserID; $result = $mysqliReserve->query($myq); SQLerrorCatch($mysqliReserve, $result); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $foundUserID; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); } $row = $result->fetch_assoc(); if ($deputyCount == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $foundUserID . '" />'; if ($foundUserIsReserve) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio#: <input type="hidden" name="radioNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } echo 'Add Deputy: '; displayUserLookup($config); echo '<br />'; echo '<input type="hidden" name="num_deputies" value="' . $deputyCount . '" />'; $gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0; echo '<input type="hidden" name="gpID" value="' . $gpID . '" />'; echo 'Site Name or Address: <input type="text" name="address" value="' . $address . '" /><br/> City/Twp: <input type="text" name="city" value="' . $city . '" /><br/> Contact#: <input type="text" name="phone" value="' . $phone . '" /><br/> Shift Start Time: '; showTimeSelector("shiftStart", $shiftStart1, $shiftStart2, false); echo ' <br/> Shift End Time: '; showTimeSelector("shiftEnd", $shiftEnd1, $shiftEnd2, false); echo '<br/> Dress: <select name="dress"> <option value=""></option> <option value="U"'; if ($dress == 'U') { echo ' selected '; } echo '>Uniform</option> <option value="PC"'; if ($dress == 'PC') { echo ' selected '; } echo '>Plain Clothes</option> </select><br/><br /> <input type="hidden" name="addBtn" value="true" /> <input type="submit" name="addSecLog" value="Add" /> <input type="submit" name="goBtn" value="Cancel" />'; } }
function reservesTable($config) { $prevNum = isset($_POST['prevNum']) ? $_POST['prevNum'] : "0"; $nextNum = isset($_POST['nextNum']) ? $_POST['nextNum'] : "25"; $limit = isset($_POST['limit']) ? $_POST['limit'] : "25"; if (isset($_POST['prevBtn'])) { $prevNum = $prevNum - $limit; $nextNum = $nextNum - $limit; } if (isset($_POST['nextBtn'])) { $prevNum = $prevNum + $limit; $nextNum = $nextNum + $limit; } $mysqli = connectToSQL($reserveDB = TRUE); if ($config->adminLvl >= 75) { $myq = "SELECT * FROM `RESERVE`"; } else { $myq = "SELECT * FROM `RESERVE` WHERE `GRP` != 5"; } $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $totalRows = $result->num_rows; if ($config->adminLvl >= 75) { $myq = "SELECT * FROM `RESERVE` ORDER BY `RESERVE`.`RADIO` ASC LIMIT " . $prevNum . ", " . $limit; } else { $myq = "SELECT * FROM `RESERVE` WHERE `GRP` != 5 ORDER BY `RESERVE`.`RADIO` ASC LIMIT " . $prevNum . ", " . $limit; } $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $rowCount = 0; $echo = ""; $rowCount = 0; $theTable = array(array()); $theTable[$rowCount][0] = "Edit"; $theTable[$rowCount][1] = "First Name"; $theTable[$rowCount][2] = "Last Name"; $theTable[$rowCount][3] = "Username"; $theTable[$rowCount][4] = "Radio"; $theTable[$rowCount][5] = "Group"; while ($row = $result->fetch_assoc()) { $rowCount++; $theTable[$rowCount][0] = $rowCount . '<input name="foundUser' . $rowCount . '" type="submit" value="Edit/View" />'; $theTable[$rowCount][1] = '<input type="hidden" name="foundUserFNAME' . $rowCount . '" value="' . $row['FNAME'] . '" /> ' . $row['FNAME']; $theTable[$rowCount][2] = '<input type="hidden" name="foundUserLNAME' . $rowCount . '" value="' . $row['LNAME'] . '" />' . $row['LNAME']; $theTable[$rowCount][3] = '<input type="hidden" name="foundUserID' . $rowCount . '" value="' . $row['IDNUM'] . '" />' . $row['FNAME'] . "." . $row['LNAME'] . '<input type="hidden" name="foundUserName' . $rowCount . '" value="' . $row['FNAME'] . "." . $row['LNAME'] . '" />'; $theTable[$rowCount][4] = $row['RADIO']; $theTable[$rowCount][5] = $row['GRP']; } //end While Loop echo "Number of entries found in the reserve database is: " . $totalRows; echo ' '; echo ' '; echo '<input type="hidden" name="searchFullTime" value="false" />'; echo '<input type="hidden" name="searchReserves" value="checked" />'; displayUserLookup($config); echo '<br /><br /><hr />'; echo '<input type="hidden" name="prevNum" value="' . $prevNum . '" />'; echo '<input type="hidden" name="nextNum" value="' . $nextNum . '" />'; $lastRec = $prevNum + $limit; echo 'Showing Records ' . $prevNum . ' to ' . $lastRec; //Spacing characters echo ' '; echo ' '; echo ' '; echo ' '; if (!$prevNum > 0) { echo ' '; echo ' '; } echo 'Records: <select name="limit" onChange="this.form.submit()" > <option value="25"'; if (strcmp($limit, "25") == 0) { echo ' SELECTED'; } echo '>25</option> <option value="50"'; if (strcmp($limit, "50") == 0) { echo ' SELECTED'; } echo '>50</option> </select>'; if ($prevNum > 0) { echo '<input type="submit" name="prevBtn" value="Previous" />'; } if ($limit == $rowCount) { echo '<input type="submit" name="nextBtn" value="Next" />'; } //echo $echo; showSortableTable($theTable, 4); }
function displayContent($wts_content, $config) { if ($wts_content->isHome) { ?> <div class="post"><?php displayWelcome($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php displayAnnounce($config); } if ($wts_content->isWelcome()) { ?> <div class="post"><?php displayWelcome($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isAbout) { ?> <div class="post"><?php displayAbout($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if (isValidUser($config)) { if ($wts_content->isAnounceAdmin) { ?> <div class="post"><?php displayAdminAnnounce($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isLeaveForm) { ?> <div class="post"><?php displayLeaveForm($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isTimeRequestForm) { ?> <div class="post"><?php displayNewTimeRequestForm($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isSubmittedRequests) { ?> <div class="post"><?php displaySubmittedRequests($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isSubmittedRequestsNEW) { ?> <div class="post"><?php displaySubmittedRequestsNEW($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isLeaveApproval) { ?> <div class="post"><?php displayLeaveApprovalNEW($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isUserMenu) { ?> <div class="post"><?php displayUserMenu($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isLogout()) { logoutUser($config, "You have logged out"); } if ($wts_content->isSearching) { ?> <div class="post"><?php searchPage($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isUpdateProfile) { ?> <div class="post"><?php displayUpdateProfile($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isLookup) { ?> <div class="post"><?php displayRequestLookup($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isUseReport) { ?> <div class="post"><?php displayTimeUseReport($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isPhpMyEdit) { ?> <div class="post"><?php displayPhpMyEditMenu(); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isMUNIS) { ?> <div class="post"><?php MUNISreport($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isSecLog) { ?> <div class="post"><?php displaySecondaryLog($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isUserLookup) { ?> <div class="post"><?php displayUserLookup($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isSecApprove) { ?> <div class="post"><?php displaySecondaryLog($config, $approve = true); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isResManage) { ?> <div class="post"><?php displayReserves($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isUserVerify) { ?> <div class="post"><?php displayUserVerify($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isMySubmitReq) { ?> <div class="post"><?php displayMySubmittedRequestsNEW($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isReports) { ?> <div class="post"><?php displayReportMenu($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isApprovedUseReport) { ?> <div class="post"><?php approvedTimeUseReport($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->subReqCal) { ?> <div class="post"><?php reportsCal($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->hrEmpRep) { ?> <div class="post"><?php hrPayrolReportByEmployee($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isSickRep) { ?> <div class="post"><?php sickReport($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isEventLogs) { ?> <div class="post"><?php displayLogs($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isOTRep) { ?> <div class="post"><?php overtimeReport($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isRadioLog) { ?> <div class="post"><?php displayRadioLog($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isMyInv) { ?> <div class="post"><?php showMyInventory($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isSecLogRep) { ?> <div class="post"><?php displaySecLogReport($config); ?> <div class="clear"></div></div><div class="divider"></div> <?php } if ($wts_content->isPrintRequestNo) { ?> <div class="post"><?php $requests = new request_class(); $requests->config = $config; $requests->showPrintFriendlyRequest(); ?> <div class="clear"></div></div><div class="divider"></div> <?php } $reqURI = dirname($_SERVER['REQUEST_URI']); if ($reqURI != "/") { $reqURI = $reqURI . "/"; } //popupmessage(str_replace($reqURI, "", $_SERVER['PHP_SELF']).' URI '.$reqURI.' self '.$_SERVER['PHP_SELF'].' showPrintFriendly:'.$config->showPrinterFriendly); if (str_replace($reqURI, "", $_SERVER['PHP_SELF']) != "printFriendly.php" && $config->showPrinterFriendly) { echo '<a target="_blank" href="printFriendly.php?' . str_replace($_SERVER['PHP_SELF'] . "?", "", $_SERVER['REQUEST_URI']) . '"> Print Tables</a>'; } myAlerts($config, $wts_content); } else { if ($wts_content->isSearching) { ?> <div class="post"><h3>Search Results</h3>Must Login First<div class="clear"></div></div><div class="divider"></div> <?php } } }
function showKeyLogDetails($config, $keyLogID, $isEditing = false, $isApprove = false, $divID = '') { $checkOutKey = isset($_POST['addKeyLog']) ? true : false; $checkInKey = isset($_POST['checkInKey']) ? true : false; $updateKeyLog = isset($_POST['updateKeyLog']) ? true : false; $itemIDs = ''; $debug = ''; $mysqli = $config->mysqli; $mysqliReserve = connectToSQL($reserveDB = TRUE); $num_deputies = isset($_POST['num_deputies']) ? $mysqli->real_escape_string($_POST['num_deputies']) : 0; $totalRows = isset($_POST['totalRows']) ? $mysqli->real_escape_string($_POST['totalRows']) : 0; $invLogComments = isset($_POST['invLogCommments']) ? $mysqli->real_escape_string(strtoupper($_POST['invLogCommments'])) : ''; if ($checkOutKey) { //get passed values echo '<h2><font color="red">Results</font></h2>'; $debug .= 'checking number of deputies ' . $num_deputies . ' <br/>'; if ($num_deputies > 0) { $podID = isset($_POST['podID']) ? $mysqli->real_escape_string(strtoupper($_POST['podID'])) : ''; $gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0; $checkOutType = isset($_POST['checkOutType']) ? $mysqli->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; $nextGroupID = 0; $gpIDq = "SELECT MAX( GPNUM ) 'gpID' FROM WTS_RADIOLOG"; $gpResult = $mysqli->query($gpIDq); SQLerrorCatch($mysqli, $gpResult); $row = $gpResult->fetch_assoc(); $nextGroupID = $row['gpID'] + 1; for ($i = 0; $i < $num_deputies; $i++) { $debug .= 'adding deputy id ' . $i . '<br/>'; $deputyID[$i] = isset($_POST['deputyID' . $i]) ? $mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : false; $radioCallNum[$i] = isset($_POST['radioCallNum' . $i]) ? $mysqli->real_escape_string(strtoupper($_POST['radioCallNum' . $i])) : ''; $isReserve[$i] = isset($_POST['isReserve' . $i]) ? '1' : '0'; $iCount = 0; for ($z = 0; $z < $totalRows; $z++) { $debug .= 'Checkbox id: ' . $z; $itemCheckbox = isset($_POST['itemIDcheckbox' . $z]) ? true : false; if ($itemCheckbox) { $debug .= ' is checked'; $itemIDs[$iCount] = $mysqli->real_escape_string(strtoupper($_POST['itemID' . $z])); $itemType[$iCount] = isset($_POST['itemType' . $z]) ? $mysqli->real_escape_string(strtoupper($_POST['itemType' . $z])) : ''; $iCount++; $isEditing = true; } $debug .= '<br/>'; } $totalItems = sizeof($itemIDs); if ($gpID != 0) { $groupID = $gpID; } else { if ($num_deputies == 1) { //Set Group ID to 0 or Individual $groupID = 0; } else { if ($i == 0) { $groupID = $nextGroupID; } else { $groupID = $nextGroupID - 1; } } } //if only 1 deputy and multiple items if ($groupID == 0 && $totalItems > 1) { $groupID = $nextGroupID; } for ($z = 0; $z < $totalItems; $z++) { $keyLogID = checkOutItem($config, $deputyID[$i], $radioCallNum[$i], $itemIDs[$z], $itemType[$z], $checkOutType, $isReserve[$i], $groupID, $divID); } echo '<input type="submit" name="goBtn" value="Back To Logs" />'; } } else { if (!empty($invLogComments)) { $gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0; $checkOutType = isset($_POST['checkOutType']) ? $mysqli->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; $nextGroupID = 0; $gpIDq = "SELECT MAX( GPNUM ) 'gpID' FROM WTS_RADIOLOG"; $gpResult = $mysqli->query($gpIDq); SQLerrorCatch($mysqli, $gpResult); $row = $gpResult->fetch_assoc(); $groupID = 0; $nextGroupID = $row['gpID'] + 1; $iCount = 0; for ($z = 0; $z < $totalRows; $z++) { $debug .= 'Checkbox id: ' . $z; $itemCheckbox = isset($_POST['itemIDcheckbox' . $z]) ? true : false; if ($itemCheckbox) { $debug .= ' is checked'; $itemIDs[$iCount] = $mysqli->real_escape_string(strtoupper($_POST['itemID' . $z])); $itemType[$iCount] = isset($_POST['itemType' . $z]) ? $mysqli->real_escape_string(strtoupper($_POST['itemType' . $z])) : ''; $iCount++; $isEditing = true; } $debug .= '<br/>'; } $totalItems = sizeof($itemIDs); //if only 1 deputy and multiple items if ($totalItems > 1) { $groupID = $nextGroupID; } for ($z = 0; $z < $totalItems; $z++) { $keyLogID = checkOutItem($config, '', '', $itemIDs[$z], $itemType[$z], $checkOutType, '0', $groupID, $divID, false, $invLogComments); } echo '<input type="submit" name="goBtn" value="Back To Logs" />'; } else { echo 'Must select a user.<br />'; } } echo '<br />'; //popUpMessage($debug); //display results and get secLogID just added } if ($checkInKey) { $keyLogID = isset($_POST['keyLogID']) ? $_POST['keyLogID'] : ''; $hiddenInputs = '<input type="hidden" value="' . $_POST['dateSelect'] . '" name="dateSelect"> <input type="hidden" name="divisionID" value="' . $_POST['divisionID'] . '" /> <input type="hidden" value="' . $keyLogID . '" name="keyLogID"> <input type="hidden" value="true" name="checkInKey">'; checkInRadioLog($config, $keyLogID, $noLog = false, $hiddenInputs); $isEditing = true; } if ($updateKeyLog) { ////get posted values $keyLogID = isset($_POST['keyLogID']) ? $mysqli->real_escape_string($_POST['keyLogID']) : ''; $podID = isset($_POST['podID']) ? $mysqli->real_escape_string(strtoupper($_POST['podID'])) : ''; $radioCallNum = isset($_POST['radioCallNum']) ? $mysqli->real_escape_string(strtoupper($_POST['radioCallNum'])) : ''; $checkOutType = isset($_POST['checkOutType']) ? $mysqli->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; $debug .= 'Updating KeyLogID ' . $keyLogID; for ($z = 0; $z < $totalRows; $z++) { $debug .= 'Checkbox id: ' . $z; $itemCheckbox = isset($_POST['itemIDcheckbox' . $z]) ? true : false; if ($itemCheckbox) { $debug .= ' is checked'; $itemIDs[$z] = $mysqli->real_escape_string(strtoupper($_POST['itemID' . $z])); $itemType[$z] = isset($_POST['itemType' . $z]) ? $mysqli->real_escape_string(strtoupper($_POST['itemType' . $z])) : ''; updateRadioLog($config, $keyLogID, $radioCallNum, $itemIDs[$z], $checkOutType, $invLogComments); $isEditing = true; } $debug .= '<br/>'; } //popUpMessage($debug); $isEditing = true; } if ($isEditing) { $filters = showSelectDivision($config, $divID, "I."); if ($config->adminLvl >= 0) { $mysqli = $config->mysqli; $myq = "SELECT R.REFNUM, R.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime', R.COMMENTS\r\n FROM WTS_RADIOLOG R\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.REFNUM = '" . $keyLogID . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT R.REFNUM, R.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime', R.COMMENTS\r\n FROM WTS_RADIOLOG R\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.REFNUM = '" . $keyLogID . "' AND IS_RESERVE=1\r\n "; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $row = $result->fetch_assoc(); if ($row['gpID'] != 0 && false) { //get all users echo '<div align="center">Group Reference #: ' . $row['gpID'] . ' <input type="hidden" name="gpID" value="' . $row['gpID'] . '" /></div>'; $newq = "SELECT R.REFNUM 'refNum', R.GPNUM 'gpID', \r\n CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, R.COMMENTS,\r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT R.REFNUM 'refNum', R.GPNUM 'gpID', \r\n CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, R.COMMENTS, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=1"; $newResult = $mysqli->query($newq); SQLerrorCatch($mysqli, $newResult, $newq); $x = 0; $y = 0; $depTable = array(array()); $selectedRows = array(); $sRows = 0; $depTable[$x][$y] = "Deputy"; $y++; $depTable[$x][$y] = "Radio#"; $y++; $x++; while ($newRow = $newResult->fetch_assoc()) { $y = 0; $lastDeputy = false; for ($t = 0; $t < sizeof($depTable); $t++) { if ($newRow['DEPUTYNAME'] == $depTable[$t][0]) { $lastDeputy = true; break; } } if (!$lastDeputy && !empty($newRow['DEPUTYNAME'])) { $depTable[$x][$y] = $newRow['DEPUTYNAME']; $y++; $depTable[$x][$y] = '<input type="text" name="radioCallNum' . $x . '" value="' . $newRow['RADIO_CALLNUM'] . '" />'; $y++; $x++; } //echo '<option value="'.$selectedValue.'" SELECTED>'.$row['SERIAL_NUM'].$itemDesc.'</option>'; $selectedRows[$sRows] = $newRow['refNum']; $sRows++; } if (sizeof($depTable) > 0) { showSortableTable($depTable, 0); } else { echo 'Comments (include person\'s name and company): <input size=50 name="invLogCommments" value="' . $invLogComments . '"/><br/><Br/>'; } selectInventory($config, $selectedRows, $filters); } else { echo '<br/>Reference #: ' . $keyLogID . '<input type="hidden" name="keyLogID" value="' . $keyLogID . '" /><br />'; if ($row['DEPUTYNAME'] == "SYSTEM, USER") { echo ' Comments (include person\'s name and company): <br/><input size=50 name="invLogCommments" value="' . $row['COMMENTS'] . '"/><br/><Br/>'; } else { echo 'Deputy: ' . $row['DEPUTYNAME'] . ' Radio#: <input type="text" name="radioCallNum" value="' . $row['RADIO_CALLNUM'] . '" /><br/> '; } $selectedRows[0] = $keyLogID; selectInventory($config, $selectedRows, $filters); } //selectRadioInventory($config, "radioID", $row['RADIOID']); echo '<br/><br/>'; if ($row['TYPE'] == "LOANER") { echo '<input type="radio" name="checkOutType" value="LOANER" CHECKED>LOANER</input>'; } else { echo '<input type="radio" name="checkOutType" value="LOANER">LOANER</input>'; } if ($row['TYPE'] == "SHIFT") { echo '<input type="radio" name="checkOutType" value="SHIFT" CHECKED>SHIFT ASSIGNMENT</input><br/>'; } else { echo '<input type="radio" name="checkOutType" value="SHIFT">SHIFT ASSIGNMENT</input>'; } if ($config->adminLvl >= 25) { if ($row['TYPE'] == "PERM") { echo '<input type="radio" name="checkOutType" value="PERM" CHECKED>PERMANENT</input>'; } else { echo '<input type="radio" name="checkOutType" value="PERM">PERMANENT</input>'; } } echo '<br/><br/>Checked in time: '; if (strcmp($row['inTime'], "00/00/00 0000") == 0) { echo "<font color=red><b>Not Checked back in Yet</b></font><br /><br />"; echo '<input type="submit" name="checkInKey" value="Check Back In" />'; } else { echo '<font color=red>' . $row['inTime'] . '</font><br /><br />'; } if (strcmp($row['inTime'], "00/00/00 0000") == 0 || $config->adminLvl >= 25) { echo '<input type="submit" name="updateKeyLog" value="Update" />'; } if ($isApprove) { echo '<input type="submit" name="backToApprove" value="Back To Approvals" />'; } else { echo '<input type="submit" name="goBtn" value="Back To Logs" />'; } } else { echo 'Access Denied'; } } if (!$isEditing && !isset($_POST['goBtn'])) { $filters = showSelectDivision($config, $divID, "I."); echo '<br/>'; $keyLogID = isset($_POST['keyLogID']) ? $mysqli->real_escape_string($_POST['keyLogID']) : ''; $keyID = isset($_POST['keyID']) ? $mysqli->real_escape_string(strtoupper($_POST['keyID'])) : ''; $podID = isset($_POST['podID']) ? $mysqli->real_escape_string(strtoupper($_POST['podID'])) : ''; $checkOutType = isset($_POST['checkOutType']) ? $mysqli->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; $invLogComments = isset($_POST['invLogCommments']) ? $mysqli->real_escape_string(strtoupper($_POST['invLogCommments'])) : ''; //debug //var_dump($_POST); //Show previously added deputies $deputyCount = 0; if ($num_deputies > 0) { for ($i = 0; $i < $num_deputies; $i++) { if (!isset($_POST['removeDeputyBtn' . $i])) { $deputyID[$i] = isset($_POST['deputyID' . $i]) ? $mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : ''; $isReserve[$i] = isset($_POST['isReserve' . $i]) ? true : false; //get this user's information if ($isReserve[$i]) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $deputyID[$i]; $result = $mysqliReserve->query($myq); SQLerrorCatch($mysqliReserve, $result); $row = $result->fetch_assoc(); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $deputyID[$i]; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $row = $result->fetch_assoc(); } if ($i == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $deputyID[$i] . '" />'; if ($isReserve[$i] == 1) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio Call #: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } } //End for loop of previously added deputies } //End check for multiple deputies //Get added Deputy $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0; $foundUserFNAME = ''; $foundUserLNAME = ''; $foundUserName = ''; $foundUserID = ''; if ($totalRows > 0) { //get post info providied from search results for ($i = 0; $i <= $totalRows; $i++) { if (isset($_POST['foundUser' . $i])) { $foundUserFNAME = $_POST['foundUserFNAME' . $i]; $foundUserLNAME = $_POST['foundUserLNAME' . $i]; $foundUserName = $_POST['foundUserName' . $i]; $foundUserID = $_POST['foundUserID' . $i]; if (isset($_POST['isReserve' . $i])) { $foundUserIsReserve = true; } else { $foundUserIsReserve = false; } break; } //end if } //end for } if (empty($foundUserID) && $num_deputies == 0) { //security check for central control computer if ($_SERVER['REMOTE_ADDR'] != nslookup('WSRF14900.mahoningcountyoh.gov')) { //'10.1.32.72' //Default first deputy to logged in user on first load $foundUserID = $_SESSION['userIDnum']; $foundUserIsReserve = false; } } if (!empty($foundUserID)) { if ($foundUserIsReserve) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $foundUserID; $result = $mysqliReserve->query($myq); SQLerrorCatch($mysqliReserve, $result); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $foundUserID; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); } $row = $result->fetch_assoc(); if ($deputyCount == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $foundUserID . '" />'; if ($foundUserIsReserve) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio Call#: <input name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />'; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } if (empty($foundUserID) && $deputyCount == 0) { //If no deputy echo 'Add Deputy: '; displayUserLookup($config); echo ' <br/><br/>or Comments (include person\'s name and company): <input size=50 name="invLogCommments" value="' . $invLogComments . '"/>'; } echo '<input type="hidden" name="num_deputies" value="' . $deputyCount . '" />'; $gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0; echo '<br/><br/><input type="hidden" name="gpID" value="' . $gpID . '" />'; selectInventory($config, $itemIDs, $filters); echo '<br/><br/>'; if ($checkOutType == "LOANER" || empty($checkOutType)) { echo '<input type="radio" name="checkOutType" value="LOANER" CHECKED>LOANER</input>'; } else { echo '<input type="radio" name="checkOutType" value="LOANER">LOANER</input>'; } if ($checkOutType == "SHIFT") { echo '<input type="radio" name="checkOutType" value="SHIFT" CHECKED>SHIFT ASSIGNMENT</input><br/>'; } else { echo '<input type="radio" name="checkOutType" value="SHIFT">SHIFT ASSIGNMENT</input>'; } if ($config->adminLvl >= 25) { if ($checkOutType == "PERM") { echo '<input type="radio" name="checkOutType" value="PERM" CHECKED>PERMANENT</input>'; } else { echo '<input type="radio" name="checkOutType" value="PERM">PERMANENT</input>'; } } echo '<br/><br/><input type="hidden" name="checkoutKeyBtn" value="true" /> <input type="submit" name="addKeyLog" value="Check Out Selected Items" /> <input type="submit" name="goBtn" value="Cancel" />'; } }
public function showRadioLogDetails($config, $radioLogID, $isEditing = false, $isApprove = false) { if ($this->checkOutRadio) { //get passed values echo '<h2><font color="red">Results</font></h2>'; if ($this->num_deputies > 0) { for ($i = 0; $i < $this->num_deputies; $i++) { $this->deputyID[$i] = isset($_POST['deputyID' . $i]) ? $this->config->mysqli->real_escape_string(strtoupper($_POST['deputyID' . $i])) : false; $this->radioCallNum[$i] = isset($_POST['radioCallNum' . $i]) ? $this->config->real_escape_string(strtoupper($_POST['radioCallNum' . $i])) : ''; $this->isReserve[$i] = isset($_POST['isReserve' . $i]) ? '1' : '0'; } $this->radioID = isset($_POST['radioID']) ? $this->config->real_escape_string(strtoupper($_POST['radioID'])) : ''; $this->podID = isset($_POST['podID']) ? $this->config->real_escape_string(strtoupper($_POST['podID'])) : ''; $this->checkOutType = isset($_POST['checkOutType']) ? $this->config->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; $this->gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0; for ($i = 0; $i < $this->num_deputies; $i++) { $gpIDq = "SELECT MAX( GPNUM ) 'gpID' FROM WTS_RADIOLOG"; $gpResult = $this->config->query($gpIDq); SQLerrorCatch($this->config->mysqli, $gpResult); $row = $gpResult->fetch_assoc(); if ($this->gpID != 0) { $groupID = $this->gpID; } else { $groupID = 0; if ($num_deputies == 1) { //Set Group ID to 0 or Individual } else { if ($i == 0) { $groupID = $row['gpID'] + 1; } else { $groupID = $row['gpID']; } } } checkOutItem($this->config, $this->deputyID[$i], $this->radioCallNum[$i], $this->radioID, $this->checkOutType, $this->isReserve[$i], $this->groupID); } } else { echo 'Must select a user.<br />'; } echo '<br />'; //display results and get secLogID just added } if ($this->checkInRadio) { $this->radioLogID = isset($_POST['radioLogID']) ? $_POST['radioLogID'] : ''; checkInRadioLog($this->config, $this->radioLogID); $this->isEditing = true; } if ($this->updateRadioLog) { ////get posted values $this->radioLogID = isset($_POST['radioLogID']) ? $this->config->real_escape_string($_POST['radioLogID']) : ''; $this->radioID = isset($_POST['radioID']) ? $this->config->real_escape_string(strtoupper($_POST['radioID'])) : ''; $this->podID = isset($_POST['podID']) ? $this->config->real_escape_string(strtoupper($_POST['podID'])) : ''; $this->radioCallNum = isset($_POST['radioCallNum']) ? $this->config->real_escape_string(strtoupper($_POST['radioCallNum'])) : ''; $this->checkOutType = isset($_POST['checkOutType']) ? $this->config->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; updateRadioLog($this->config, $this->radioLogID, $this->radioCallNum, $this->radioID, $this->podID, $this->checkOutType); $this->isEditing = true; } if ($this->isEditing) { if ($this->config->adminLvl >= 0) { $myq = "SELECT R.REFNUM, R.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.REFNUM = '" . $radioLogID . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT R.REFNUM, R.GPNUM 'gpID', CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.REFNUM = '" . $radioLogID . "' AND IS_RESERVE=1\r\n "; $result = $this->config->mysqli->query($myq); SQLerrorCatch($this->config->mysqli, $result); $row = $result->fetch_assoc(); if ($row['gpID'] != 0) { //get all users echo '<div align="center">Group Reference #: ' . $row['gpID'] . ' <input type="hidden" name="gpID" value="' . $row['gpID'] . '" /></div>'; $newq = "SELECT R.REFNUM 'refNum', R.GPNUM 'gpID', \r\n CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN EMPLOYEE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=0\r\n UNION\r\n SELECT R.REFNUM 'refNum', R.GPNUM 'gpID', \r\n CONCAT_WS(', ', LNAME, FNAME) 'DEPUTYNAME', R.RADIO_CALLNUM, \r\n R.RADIOID, R.TYPE, DATE_FORMAT (AUDIT_IN_TS, '%m/%d/%y %H%i') 'inTime'\r\n FROM WTS_RADIOLOG R\r\n JOIN RESERVE AS SEC ON SEC.IDNUM=R.DEPUTYID\r\n WHERE R.GPNUM = '" . $row['gpID'] . "' AND IS_RESERVE=1\r\n ORDER BY R.REFNUM"; $newResult = $this->config->mysqli->query($newq); SQLerrorCatch($this->config->mysqli, $newResult); $x = 0; $y = 0; $depTable = array(array()); $depTable[$x][$y] = "Reference#"; $y++; $depTable[$x][$y] = "Deputy"; $y++; $depTable[$x][$y] = "Radio#"; $y++; $depTable[$x][$y] = "Action"; $y++; $x++; while ($newRow = $newResult->fetch_assoc()) { $y = 0; $depTable[$x][$y] = $newRow['refNum'] . ' <input type="hidden" name="radioLogID' . $x . '" value="' . $newRow['refNum'] . '" />'; $y++; $depTable[$x][$y] = $newRow['DEPUTYNAME']; $y++; $depTable[$x][$y] = '<input type="text" name="radioCallNum' . $x . '" value="' . $newRow['RADIO_CALLNUM'] . '" />'; $y++; if (strcmp($newRow['inTime'], "00/00/000 0000") == 0) { $depTable[$x][$y] = '<input type="submit" value="Update" name="updateRadioLog' . $x . '" /> <input type="submit" value="LogOut" name="logoutRadioLog' . $x . '" /><br/>'; $y++; } else { if ($config->adminLvl >= 25) { $depTable[$x][$y] = '<input type="submit" value="Update" name="updateRadioLog' . $x . '" /> Checked in at ' . $newRow['inTime']; $y++; } else { $depTable[$x][$y] = 'Checked in at ' . $newRow['inTime']; $y++; } } $x++; } showSortableTable($depTable, 1); } else { echo '<br/>Reference #: ' . $radioLogID . '<input type="hidden" name="radioLogID" value="' . $radioLogID . '" /><br /> Deputy: ' . $row['DEPUTYNAME'] . '<br/> Radio#: <input type="text" name="radioCallNum" value="' . $row['RADIO_CALLNUM'] . '" /><br/>'; } echo '<div align="left">Add Deputy: <button type="button" name="searchBtn" value="Lookup Employee" onClick="this.form.action=' . "'?userLookup=true'" . ';this.form.submit()" > Lookup Employee</button></div><br/>'; echo '<br/> Radio Number: '; selectRadioInventory($this->config, "radioID", $row['RADIOID']); echo '<br/><br/>'; if ($row['TYPE'] == "LOANER") { echo '<input type="radio" name="checkOutType" value="LOANER" CHECKED>LOANER</input>'; } else { echo '<input type="radio" name="checkOutType" value="LOANER">LOANER</input>'; } if ($row['TYPE'] == "PERM") { echo '<input type="radio" name="checkOutType" value="PERM" CHECKED>PERMANENT</input>'; } else { echo '<input type="radio" name="checkOutType" value="PERM">PERMANENT</input>'; } if ($row['TYPE'] == "POD") { echo '<input type="radio" name="checkOutType" value="POD" CHECKED>SHIFT ASSIGNMENT</input><br/>'; } else { echo '<input type="radio" name="checkOutType" value="POD">SHIFT ASSIGNMENT</input><br/>'; } echo '<br/>Checked in time: '; if (strcmp($row['inTime'], "00/00/00 0000") == 0) { echo "<font color=red><b>Not Checked back in Yet</b></font><br /><br />"; if ($row['gpID'] != 0) { echo '<input type="submit" name="checkInAllRadio" value="Check in All" />'; } else { echo '<input type="submit" name="checkInRadio" value="Check Back In" />'; } } else { echo $row['inTime'] . '<br /><br />'; } if (strcmp($row['inTime'], "00/00/0000 0000") == 0 || $config->adminLvl >= 25) { if ($row['gpID'] != 0) { echo '<input type="submit" name="updateRadioLogAll" value="Update All" />'; } else { echo '<input type="submit" name="updateRadioLog" value="Update" />'; } } if ($isApprove) { echo '<input type="submit" name="backToApprove" value="Back To Approvals" />'; } else { echo '<input type="submit" name="goBtn" value="Back To Logs" />'; } } else { echo 'Access Denied'; } } if (!$isEditing && !isset($_POST['goBtn'])) { echo '<br/><br/>'; $radioLogID = isset($_POST['secLogID']) ? $this->config->real_escape_string($_POST['secLogID']) : ''; $radioID = isset($_POST['radioID']) ? $this->config->real_escape_string(strtoupper($_POST['radioID'])) : ''; $podID = isset($_POST['podID']) ? $this->config->real_escape_string(strtoupper($_POST['podID'])) : ''; $checkOutType = isset($_POST['checkOutType']) ? $this->config->real_escape_string(strtoupper($_POST['checkOutType'])) : ''; //debug //var_dump($_POST); //Show previously added deputies $deputyCount = 0; if ($num_deputies > 0) { for ($i = 0; $i < $num_deputies; $i++) { if (!isset($_POST['removeDeputyBtn' . $i])) { $deputyID[$i] = isset($_POST['deputyID' . $i]) ? $this->config->real_escape_string(strtoupper($_POST['deputyID' . $i])) : ''; $isReserve[$i] = isset($_POST['isReserve' . $i]) ? true : false; //get this user's information if ($isReserve[$i]) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $deputyID[$i]; $result = $this->mysqliReserve->query($myq); SQLerrorCatch($this->mysqliReserve, $result); $row = $result->fetch_assoc(); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $deputyID[$i]; $result = $this->config->query($myq); SQLerrorCatch($mysqli, $result); $row = $result->fetch_assoc(); } if ($i == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $deputyID[$i] . '" />'; if ($isReserve[$i] == 1) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio Call #: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } } //End for loop of previously added deputies } //End check for multiple deputies //Get added Deputy $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0; $foundUserFNAME = ''; $foundUserLNAME = ''; $foundUserName = ''; $foundUserID = ''; if ($totalRows > 0) { //get post info providied from search results for ($i = 0; $i <= $totalRows; $i++) { if (isset($_POST['foundUser' . $i])) { $foundUserFNAME = $_POST['foundUserFNAME' . $i]; $foundUserLNAME = $_POST['foundUserLNAME' . $i]; $foundUserName = $_POST['foundUserName' . $i]; $foundUserID = $_POST['foundUserID' . $i]; if (isset($_POST['isReserve' . $i])) { $foundUserIsReserve = true; } else { $foundUserIsReserve = false; } break; } //end if } //end for } if (empty($foundUserID) && $num_deputies == 0) { //security check for central control computer if ($_SERVER['REMOTE_ADDR'] != nslookup('WSRF14900.mahoningcountyoh.gov')) { //'10.1.32.72' //Default first deputy to logged in user on first load $foundUserID = $_SESSION['userIDnum']; $foundUserIsReserve = false; } } if (!empty($foundUserID)) { if ($foundUserIsReserve) { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM RESERVE WHERE IDNUM=' . $foundUserID; $result = $this->mysqliReserve->query($myq); SQLerrorCatch($this->mysqliReserve, $result); } else { $myq = 'SELECT RADIO, CELLPH, LNAME, FNAME FROM EMPLOYEE WHERE IDNUM=' . $foundUserID; $result = $this->config->query($myq); SQLerrorCatch($mysqli, $result); } $row = $result->fetch_assoc(); if ($deputyCount == 0) { $phone = $row['CELLPH']; } echo 'Deputy: <input type="hidden" name="deputyID' . $deputyCount . '" value="' . $foundUserID . '" />'; if ($foundUserIsReserve) { echo '<input type="hidden" name="isReserve' . $deputyCount . '" value="true" />'; } echo $row['LNAME'] . ', ' . $row['FNAME']; echo '; Radio Call#: <input type="hidden" name="radioCallNum' . $deputyCount . '" value="' . $row['RADIO'] . '" />' . $row['RADIO']; echo '<input type="submit" name="removeDeputyBtn' . $deputyCount . '" value="Remove" />'; echo '<br/>'; $deputyCount++; } echo 'Add Deputy: '; displayUserLookup($config); echo '<input type="hidden" name="num_deputies" value="' . $deputyCount . '" />'; $gpID = isset($_POST['gpID']) ? $_POST['gpID'] : 0; echo '<br/><br/><input type="hidden" name="gpID" value="' . $gpID . '" /> Radio Number: '; selectRadioInventory($config, "radioID", $radioID); echo '<br/><br/>'; if ($checkOutType == "LOANER") { echo '<input type="radio" name="checkOutType" value="LOANER" CHECKED>LOANER</input>'; } else { echo '<input type="radio" name="checkOutType" value="LOANER">LOANER</input>'; } if ($checkOutType == "PERM") { echo '<input type="radio" name="checkOutType" value="PERM" CHECKED>PERMANENT</input>'; } else { echo '<input type="radio" name="checkOutType" value="PERM">PERMANENT</input>'; } if ($checkOutType == "POD") { echo '<input type="radio" name="checkOutType" value="POD" CHECKED>SHIFT ASSIGNMENT</input><br/>'; } else { echo '<input type="radio" name="checkOutType" value="POD">SHIFT ASSIGNMENT</input><br/>'; } echo '<br/><input type="hidden" name="addBtn" value="true" /> <input type="submit" name="addRadioLog" value="Check Out Radio" /> <input type="submit" name="goBtn" value="Cancel" />'; } }