Business
/
QwikClock
Слідкувати 1
В обрані 0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 2 Вікі Активність
QwikClock is an employee time tracking app.
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
180 Коміти
1 Гілка
Гілка: master
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'master'
${ noResults }
QwikClock/action.php

action.php 17KB
Неформатований Постійне посилання Blame Історія

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420 
  1. <?php

  2. 

  3. /* This Source Code Form is subject to the terms of the Mozilla Public

  4.  * License, v. 2.0. If a copy of the MPL was not distributed with this

  5.  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

  6. 

  7. /**

  8.  * Make things happen when buttons are pressed and forms submitted.

  9.  */

  10. require_once __DIR__ . "/required.php";

  11. require_once __DIR__ . "/lib/login.php";

  12. 

  13. if ($VARS['action'] !== "signout") {

  14.     dieifnotloggedin();

  15. }

  16. 

  17. if (account_has_permission($_SESSION['username'], "QWIKCLOCK") == FALSE) {

  18.     die("You don't have permission to be here.");

  19. }

  20. 

  21. /**

  22.  * Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.

  23.  * The message will be displayed by the app.

  24.  * @param string $msg message ID (see lang/messages.php)

  25.  * @param string $arg If set, replaces "{arg}" in the message string when displayed to the user.

  26.  */

  27. function returnToSender($msg, $arg = "") {

  28.     global $VARS;

  29.     if ($arg == "") {

  30.         header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);

  31.     } else {

  32.         header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");

  33.     }

  34.     die();

  35. }

  36. 

  37. switch ($VARS['action']) {

  38.     case "punchin":

  39.         if ($database->has('punches', ['AND' => ['uid' => $_SESSION['uid'], 'out' => null]])) {

  40.             returnToSender("already_in");

  41.         }

  42. 

  43.         $shiftid = null;

  44.         if ($database->has('assigned_shifts', ['uid' => $_SESSION['uid']])) {

  45.             $minclockintime = strtotime("now + 5 minutes");

  46.             $shifts = $database->select('shifts', ["[>]assigned_shifts" => ['shiftid' => 'shiftid']], ["shifts.shiftid", "start", "end", "days"], ["AND" => ['uid' => $_SESSION['uid'], 'start[<=]' => date("H:i:s", $minclockintime)]]);

  47.             foreach ($shifts as $shift) {

  48.                 $curday = substr(date("D"), 0, 2);

  49.                 if (strpos($shift['days'], $curday) === FALSE) {

  50.                     continue;

  51.                 }

  52.                 if (strtotime($shift['end']) >= strtotime($shift['start'])) {

  53.                     if (strtotime("now") >= strtotime($shift['end'])) {

  54.                         continue; // shift is already over

  55.                     }

  56.                 }

  57.                 $shiftid = $shift['shiftid'];

  58.             }

  59.             if (is_null($shiftid)) {

  60.                 returnToSender("not_assigned_to_work");

  61.             }

  62.         }

  63. 

  64.         $database->insert('punches', ['uid' => $_SESSION['uid'], 'in' => date("Y-m-d H:i:s"), 'out' => null, 'notes' => '', 'shiftid' => $shiftid]);

  65.         returnToSender("punched_in");

  66.     case "punchout":

  67.         if (!$database->has('punches', ['AND' => ['uid' => $_SESSION['uid'], 'out' => null]])) {

  68.             returnToSender("already_out");

  69.         }

  70.         // Stop active job

  71.         $database->update('job_tracking', ['end' => date("Y-m-d H:i:s")], ['AND' => ['uid' => $_SESSION['uid'], 'end' => null]]);

  72.         $database->update('punches', ['uid' => $_SESSION['uid'], 'out' => date("Y-m-d H:i:s")], ['out' => null]);

  73.         returnToSender("punched_out");

  74.     case "gettime":

  75.         $out = ["status" => "OK", "time" => date(TIME_FORMAT), "date" => date(LONG_DATE_FORMAT), "seconds" => date("s")];

  76.         header('Content-Type: application/json');

  77.         exit(json_encode($out));

  78.     case "getinoutstatus":

  79.         $in = $database->has('punches', ['AND' => ['uid' => $_SESSION['uid'], 'out' => null]]) === TRUE;

  80.         $out = ["status" => "OK", "in" => $in];

  81.         header('Content-Type: application/json');

  82.         exit(json_encode($out));

  83.     case "editpunch":

  84.         require_once __DIR__ . "/lib/userinfo.php";

  85.         if (user_exists($VARS['user'])) {

  86.             $uid = getUserByUsername($VARS['user'])['uid'];

  87.         } else {

  88.             returnToSender("invalid_user");

  89.         }

  90. 

  91.         $in = strtotime($VARS['in']);

  92.         $out = strtotime($VARS['out']);

  93.         if ($in === false) {

  94.             returnToSender("invalid_datetime");

  95.         }

  96.         if ($out === false) {

  97.             returnToSender("invalid_datetime");

  98.         }

  99.         if ($out < $in) {

  100.             returnToSender("in_before_out");

  101.         }

  102. 

  103.         if (

  104.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN") || (

  105.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && isManagerOf($_SESSION['uid'], $uid)

  106.                 ) || (

  107.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_EDITSELF") && $_SESSION['uid'] == $uid

  108.                 )

  109.         ) {

  110.             $data = [

  111.                 "uid" => $uid,

  112.                 "in" => date('Y-m-d H:i:s', $in),

  113.                 "out" => date('Y-m-d H:i:s', $out),

  114.                 "notes" => $VARS['notes']

  115.             ];

  116.             if ($database->has("punches", ["punchid" => $VARS['punchid']])) {

  117.                 $database->update("punches", $data, ["punchid" => $VARS['punchid']]);

  118.             } else {

  119.                 $database->insert("punches", $data);

  120.             }

  121.             returnToSender("punch_saved");

  122.         } else {

  123.             returnToSender("no_permission");

  124.         }

  125.     case "deletepunch":

  126.         require_once __DIR__ . "/lib/userinfo.php";

  127. 

  128.         if (!$database->has("punches", ["punchid" => $VARS['punchid']])) {

  129.             returnToSender("invalid_parameters");

  130.         }

  131. 

  132.         $pid = $VARS['punchid'];

  133.         $uid = $database->get("punches", "uid", ["punchid" => $pid]);

  134. 

  135.         if (

  136.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN") || (

  137.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && isManagerOf($_SESSION['uid'], $uid)

  138.                 ) || (

  139.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_EDITSELF") && $_SESSION['uid'] == $uid

  140.                 )

  141.         ) {

  142. 

  143.             $database->delete("punches", ["punchid" => $VARS['punchid']]);

  144.             returnToSender("punch_deleted");

  145.         } else {

  146.             returnToSender("no_permission");

  147.         }

  148.     case "editshift":

  149.         if (account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {

  150.             $valid_daycodes = ["Su", "Mo", "Tu", "We", "Th", "Fr", "Sa"];

  151. 

  152.             $name = htmlentities($VARS['shiftname']);

  153.             $start = $VARS['start'];

  154.             $end = $VARS['end'];

  155.             $days = $VARS['days'];

  156. 

  157.             $startepoch = strtotime($start);

  158.             if ($startepoch === false) {

  159.                 returnToSender("invalid_time");

  160.             }

  161.             $startformatted = date("H:i:s", $startepoch);

  162. 

  163.             $endepoch = strtotime($end);

  164.             if ($endepoch === false) {

  165.                 returnToSender("invalid_time");

  166.             }

  167.             $endformatted = date("H:i:s", $endepoch);

  168. 

  169.             // Parse days into string, validating along the way

  170.             $daystring = "";

  171.             foreach ($days as $d) {

  172.                 if (in_array($d, $valid_daycodes)) {

  173.                     if (strpos($daystring, $d) === FALSE) {

  174.                         $daystring .= $d;

  175.                     }

  176.                 }

  177.             }

  178. 

  179.             if (is_empty($VARS['shiftid'])) {

  180.                 if ($database->has('shifts', ['shiftname' => $name])) {

  181.                     returnToSender("shift_name_used");

  182.                 }

  183.                 $database->insert('shifts', ["shiftname" => $name, "start" => $startformatted, "end" => $endformatted, "days" => $daystring]);

  184.                 returnToSender("shift_added");

  185.             } else if ($database->has('shifts', ['shiftid' => $VARS['shiftid']])) {

  186.                 $database->update('shifts', ["shiftname" => $name, "start" => $startformatted, "end" => $endformatted, "days" => $daystring], ["shiftid" => $VARS['shiftid']]);

  187.                 returnToSender("shift_saved");

  188.             } else {

  189.                 returnToSender("invalid_shiftid");

  190.             }

  191.         } else {

  192.             returnToSender("no_permission");

  193.         }

  194.     case "deleteshift":

  195.         if (!$database->has('shifts', ['shiftid' => $VARS['shiftid']])) {

  196.             returnToSender("invalid_shiftid");

  197.         }

  198.         if (account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {

  199.             if ($database->has('assigned_shifts', ['shiftid' => $VARS['shiftid']])) {

  200.                 returnToSender('shift_has_users');

  201.             }

  202.             $database->delete('shifts', ['shiftid' => $VARS['shiftid']]);

  203.             returnToSender("shift_deleted");

  204.         } else {

  205.             returnToSender("no_permission");

  206.         }

  207.     case "assignshift":

  208.         if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && !account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {

  209.             returnToSender("no_permission");

  210.         }

  211.         if (!$database->has('shifts', ['shiftid' => $VARS['shift']])) {

  212.             returnToSender("invalid_shiftid");

  213.         }

  214.         $already_assigned = $database->select('assigned_shifts', 'uid', ['shiftid' => $VARS['shift']]);

  215.         require_once __DIR__ . "/lib/userinfo.php";

  216.         $managedusers = getManagedUsernames($_SESSION['uid']);

  217.         $manageduids = getManagedUIDs($_SESSION['uid']);

  218.         foreach ($VARS['users'] as $u) {

  219.             if (!user_exists($u)) {

  220.                 returnToSender("user_not_exists", htmlentities($u));

  221.             }

  222.             $uid = getUserByUsername($u)['uid'];

  223.             if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {

  224.                 if (!in_array($u, $managedusers) && !in_array($uid, $already_assigned)) {

  225.                     returnToSender("you_arent_my_supervisor", htmlentities($u));

  226.                 }

  227.             }

  228.             if (!in_array($uid, $already_assigned)) {

  229.                 $database->insert('assigned_shifts', ['uid' => $uid, 'shiftid' => $VARS['shift']]);

  230.             }

  231.             $already_assigned = array_diff($already_assigned, [$uid]); // Remove user from old list

  232.         }

  233.         // $already_assigned now only has removed users

  234.         $removefailed = false;

  235.         foreach ($already_assigned as $uid) {

  236.             if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {

  237.                 if (!in_array($uid, $manageduids)) {

  238.                     $removefailed = true;

  239.                     continue;

  240.                 }

  241.             }

  242.             $database->delete('assigned_shifts', ["AND" => ['uid' => $uid, 'shiftid' => $VARS['shift']]]);

  243.         }

  244.         returnToSender($removefailed ? "shift_assigned_removefailed" : "shift_assigned");

  245.         break;

  246.     case "setjob":

  247.         if ($database->count("job_groups") > 0) {

  248.             require_once __DIR__ . "/lib/userinfo.php";

  249.             $groups = getGroupsByUID($_SESSION['uid']);

  250.             $gids = [];

  251.             foreach ($groups as $g) {

  252.                 $gids[] = $g['id'];

  253.             }

  254.             $job = $database->has('jobs', ['[>]job_groups' => ['jobid']], ["AND" => ["OR" => ['groupid' => $gids, 'groupid #-1' => -1], 'deleted' => 0, 'jobs.jobid' => $VARS['job']]]);

  255.         } else {

  256.             $job = $database->has('jobs', 'jobid', ['jobid' => $VARS['job']]);

  257.         }

  258.         if ($job) {

  259.             // Stop other jobs

  260.             $database->update('job_tracking', ['end' => date("Y-m-d H:i:s")], ['AND' => ['uid' => $_SESSION['uid'], 'end' => null]]);

  261.             $database->insert('job_tracking', ['uid' => $_SESSION['uid'], 'jobid' => $VARS['job'], 'start' => date("Y-m-d H:i:s")]);

  262.             returnToSender("job_changed");

  263.         } else if ($VARS['job'] == "-1") {

  264.             $database->update('job_tracking', ['end' => date("Y-m-d H:i:s")], ['AND' => ['uid' => $_SESSION['uid'], 'end' => null]]);

  265.             returnToSender("job_changed");

  266.         } else {

  267.             returnToSender("job_invalid");

  268.         }

  269.         break;

  270.     case "editjob":

  271.         if (account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {

  272.             $name = htmlentities($VARS['jobname']);

  273.             $code = $VARS['jobcode'];

  274.             $color = $VARS['color'];

  275.             $groups = $VARS['groups'];

  276. 

  277.             if (is_empty($VARS['jobid'])) {

  278.                 if ($database->has('jobs', ['jobname' => $name])) {

  279.                     returnToSender("job_name_used");

  280.                 }

  281.                 $database->insert('jobs', ["jobname" => $name, "jobcode" => $code, "color" => $color]);

  282.                 $jobid = $database->id();

  283.                 $database->delete('job_groups', ['jobid' => $jobid]);

  284.                 foreach ($groups as $g) {

  285.                     $database->insert('job_groups', ['jobid' => $jobid, 'groupid' => $g]);

  286.                 }

  287.                 returnToSender("job_added");

  288.             } else if ($database->has('jobs', ['jobid' => $VARS['jobid']])) {

  289.                 $database->update('jobs', ["jobname" => $name, "jobcode" => $code, "color" => $color], ["jobid" => $VARS['jobid']]);

  290.                 $database->delete('job_groups', ['jobid' => $VARS['jobid']]);

  291.                 foreach ($groups as $g) {

  292.                     $database->insert('job_groups', ['jobid' => $VARS['jobid'], 'groupid' => $g]);

  293.                 }

  294.                 returnToSender("job_saved");

  295.             } else {

  296.                 returnToSender("invalid_jobid");

  297.             }

  298.         } else {

  299.             returnToSender("no_permission");

  300.         }

  301.         break;

  302.     case "deletejob":

  303.         if (account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {

  304.             if (is_empty($VARS['jobid'])) {

  305.                 returnToSender("invalid_jobid");

  306.             } else if ($database->has('jobs', ['jobid' => $VARS['jobid']])) {

  307.                 $database->update('jobs', ["deleted" => 1], ["jobid" => $VARS['jobid']]);

  308.                 returnToSender("job_deleted");

  309.             } else {

  310.                 returnToSender("invalid_jobid");

  311.             }

  312.         } else {

  313.             returnToSender("no_permission");

  314.         }

  315.         break;

  316.     case "editjobhistory":

  317.         require_once __DIR__ . "/lib/userinfo.php";

  318. 

  319.         if ($database->has('job_tracking', ['id' => $VARS['jobid']])) {

  320.             $uid = $database->get('job_tracking', 'uid', ['id' => $VARS['jobid']]);

  321.         } else {

  322.             returnToSender("invalid_parameters");

  323.         }

  324. 

  325.         if (!$database->has("jobs", ['jobid' => $VARS['job']])) {

  326.             returnToSender("invalid_jobid");

  327.         }

  328. 

  329.         $start = strtotime($VARS['start']);

  330.         $end = strtotime($VARS['end']);

  331.         if ($start === false) {

  332.             returnToSender("invalid_datetime");

  333.         }

  334.         if ($end === false) {

  335.             returnToSender("invalid_datetime");

  336.         }

  337.         if ($end < $start) {

  338.             returnToSender("in_before_out");

  339.         }

  340. 

  341.         if (

  342.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN") || (

  343.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && isManagerOf($_SESSION['uid'], $uid)

  344.                 ) || (

  345.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_EDITSELF") && $_SESSION['uid'] == $uid

  346.                 )

  347.         ) {

  348.             $data = [

  349.                 "jobid" => $VARS['job'],

  350.                 "start" => date('Y-m-d H:i:s', $start),

  351.                 "end" => date('Y-m-d H:i:s', $end)

  352.             ];

  353.             $database->update("job_tracking", $data, ["id" => $VARS['jobid']]);

  354.             returnToSender("job_saved");

  355.         } else {

  356.             returnToSender("no_permission");

  357.         }

  358.     case "deletejobhistory":

  359.         require_once __DIR__ . "/lib/userinfo.php";

  360. 

  361.         if ($database->has('job_tracking', ['id' => $VARS['jobid']])) {

  362.             $uid = $database->get('job_tracking', 'uid', ['id' => $VARS['jobid']]);

  363.         } else {

  364.             returnToSender("invalid_parameters");

  365.         }

  366. 

  367.         if (

  368.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN") || (

  369.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && isManagerOf($_SESSION['uid'], $uid)

  370.                 ) || (

  371.                 account_has_permission($_SESSION['username'], "QWIKCLOCK_EDITSELF") && $_SESSION['uid'] == $uid

  372.                 )

  373.         ) {

  374. 

  375.             $database->delete("job_tracking", ["id" => $VARS['jobid']]);

  376.             returnToSender("job_deleted");

  377.         } else {

  378.             returnToSender("no_permission");

  379.         }

  380.     case "autocomplete_user":

  381.         header("Content-Type: application/json");

  382.         $client = new GuzzleHttp\Client();

  383. 

  384.         $response = $client

  385.                 ->request('POST', PORTAL_API, [

  386.             'form_params' => [

  387.                 'key' => PORTAL_KEY,

  388.                 'action' => "usersearch",

  389.                 'search' => $VARS['q']

  390.             ]

  391.         ]);

  392. 

  393.         if ($response->getStatusCode() != 200) {

  394.             exit("[]");

  395.         }

  396. 

  397.         $resp = json_decode($response->getBody(), TRUE);

  398.         if ($resp['status'] == "OK") {

  399.             if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {

  400.                 require_once __DIR__ . "/lib/userinfo.php";

  401.                 $managed = getManagedUIDs($_SESSION['uid']);

  402.                 $result = $resp['result'];

  403.                 for ($i = 0; $i < count($result); $i++) {

  404.                     if (!in_array($result[$i]['uid'], $managed)) {

  405.                         $result[$i]['managed'] = 0;

  406.                     }

  407.                 }

  408.                 exit(json_encode($result));

  409.             } else {

  410.                 exit(json_encode($resp['result']));

  411.             }

  412.         } else {

  413.             exit("[]");

  414.         }

  415.         break;

  416.     case "signout":

  417.         session_destroy();

  418.         header('Location: index.php');

  419.         die("Logged out.");

  420. }