$error_msg .= "Name was not recognized. Please re-enter your name.\n"; unset($_SESSION['authenticated']); } } if ($empfullname) { $u_empfullname = rawurlencode($empfullname); $h_empfullname = htmlentities($empfullname); $h_name_header = $show_display_name == 'yes' ? htmlentities(get_employee_name($empfullname)) : $h_empfullname; } // Authorize employee $authorized = isset($_SESSION['authenticated']) ? $_SESSION['authenticated'] == $empfullname : false; if (!$authorized) { $_SESSION['login_title'] = ""; $_SESSION['login_error_msg'] = $error_msg; $_SESSION['login_return_url'] = $_SERVER['REQUEST_URI']; exit_next("login.php" . ($u_empfullname ? "?emp={$u_empfullname}" : '')); } //////////////////////////////////////// if ($authorized && isset($_POST['inout'])) { // Post employee time. $inout = $_POST['inout']; $q_inout = mysql_real_escape_string($inout); $h_inout = htmlentities($inout); $notes = isset($_POST['notes']) ? $_POST['notes'] : ''; $q_notes = mysql_real_escape_string($notes); $h_notes = htmlentities($notes); $q_empfullname = mysql_real_escape_string($empfullname); // Validate and get inout display color. $query = "select color from " . $db_prefix . "punchlist where punchitems = '{$q_inout}'"; $punchlist_result = mysql_query($query); $inout_color = mysql_result($punchlist_result, 0, 0);
// no employee specified $h_empfullname = htmlentities($empfullname); $u_empfullname = rawurlencode($empfullname); $displayname = get_employee_name($empfullname); $h_displayname = htmlentities($displayname); $name_header = $show_display_name == 'yes' ? $h_displayname : $h_empfullname; // Process form submission. if ($old_password) { // Validate password if (is_valid_password($empfullname, $old_password)) { // Check if new password is same as confirm password entry if ($new_password === $confirm_password) { // Save password. if (save_employee_password($empfullname, $new_password)) { $_SESSION['authenticated'] = $empfullname; exit_next("entry.ajax.php?emp={$u_empfullname}"); } else { print error_msg("Cannot save your new password. " . mysql_error()); } } else { print error_msg("Your new password and the confirm password do not match.<br/>Please re-enter and confirm your new password."); } } else { print error_msg("Password is incorrect. Please try again."); } } // Forgot password form. if ($forgot_password) { print <<<End_Of_HTML <div id="password_change_form">
<tr><td class=table_rows height=25 width=20% style='padding-left:32px;' nowrap>Password:</td> <td colspan=2 width=80% style='color:red;font-family:Tahoma;font-size:10px;'> \t <input type='password' size='25' maxlength='50' name='password' value="" /> *</td></tr> <tr><td class=table_rows height=25 width=20% style='padding-left:32px;' nowrap colspan="3"> \t<a href="password.php?forgot_password&emp={$u_empfullname}">Forgot your password</a> \t<a href="password.php?emp={$u_empfullname}">Change your password</a></td></tr> <tr><td height=15 colspan="3"> </td></tr> <tr><td class=table_rows align=right colspan=3 style='color:red;font-family:Tahoma;font-size:10px;'>* required </td></tr> </table> <table align=center width=100% border=0 cellpadding=0 cellspacing=3 class="buttons"> <tr><td width=30><input type='image' name='submit' value='Next' align='middle' src='{$TIMECLOCK_URL}/images/buttons/next_button.png' /></td> <td><a href='?emp='><img src='{$TIMECLOCK_URL}/images/buttons/cancel_button.png' border='0' /></a></td></tr> </table> <input type="hidden" name="empfullname" value="{$h_empfullname}" /> </form> </div> End_Of_HTML; include 'footer.php'; exit; } } //////////////////////////////////////// // Successful login $_SESSION['authenticated'] = $empfullname; $return_url = preg_replace('/\\bemp(fullname)?=.*?&(.*)$/', '$2', $return_url); // remove possible emp= from url $return_url .= (preg_match('/[?]/', $return_url) ? '&' : '?') . "emp=" . rawurlencode($empfullname); // add emp= argument to url exit_next($return_url);