123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420 |
- <?php
-
- /* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
- /**
- * Make things happen when buttons are pressed and forms submitted.
- */
- require_once __DIR__ . "/required.php";
- require_once __DIR__ . "/lib/login.php";
-
- if ($VARS['action'] !== "signout") {
- dieifnotloggedin();
- }
-
- if (account_has_permission($_SESSION['username'], "QWIKCLOCK") == FALSE) {
- die("You don't have permission to be here.");
- }
-
- /**
- * Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.
- * The message will be displayed by the app.
- * @param string $msg message ID (see lang/messages.php)
- * @param string $arg If set, replaces "{arg}" in the message string when displayed to the user.
- */
- function returnToSender($msg, $arg = "") {
- global $VARS;
- if ($arg == "") {
- header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);
- } else {
- header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");
- }
- die();
- }
-
- switch ($VARS['action']) {
- case "punchin":
- if ($database->has('punches', ['AND' => ['uid' => $_SESSION['uid'], 'out' => null]])) {
- returnToSender("already_in");
- }
-
- $shiftid = null;
- if ($database->has('assigned_shifts', ['uid' => $_SESSION['uid']])) {
- $minclockintime = strtotime("now + 5 minutes");
- $shifts = $database->select('shifts', ["[>]assigned_shifts" => ['shiftid' => 'shiftid']], ["shifts.shiftid", "start", "end", "days"], ["AND" => ['uid' => $_SESSION['uid'], 'start[<=]' => date("H:i:s", $minclockintime)]]);
- foreach ($shifts as $shift) {
- $curday = substr(date("D"), 0, 2);
- if (strpos($shift['days'], $curday) === FALSE) {
- continue;
- }
- if (strtotime($shift['end']) >= strtotime($shift['start'])) {
- if (strtotime("now") >= strtotime($shift['end'])) {
- continue; // shift is already over
- }
- }
- $shiftid = $shift['shiftid'];
- }
- if (is_null($shiftid)) {
- returnToSender("not_assigned_to_work");
- }
- }
-
- $database->insert('punches', ['uid' => $_SESSION['uid'], 'in' => date("Y-m-d H:i:s"), 'out' => null, 'notes' => '', 'shiftid' => $shiftid]);
- returnToSender("punched_in");
- case "punchout":
- if (!$database->has('punches', ['AND' => ['uid' => $_SESSION['uid'], 'out' => null]])) {
- returnToSender("already_out");
- }
- // Stop active job
- $database->update('job_tracking', ['end' => date("Y-m-d H:i:s")], ['AND' => ['uid' => $_SESSION['uid'], 'end' => null]]);
- $database->update('punches', ['uid' => $_SESSION['uid'], 'out' => date("Y-m-d H:i:s")], ['out' => null]);
- returnToSender("punched_out");
- case "gettime":
- $out = ["status" => "OK", "time" => date(TIME_FORMAT), "date" => date(LONG_DATE_FORMAT), "seconds" => date("s")];
- header('Content-Type: application/json');
- exit(json_encode($out));
- case "getinoutstatus":
- $in = $database->has('punches', ['AND' => ['uid' => $_SESSION['uid'], 'out' => null]]) === TRUE;
- $out = ["status" => "OK", "in" => $in];
- header('Content-Type: application/json');
- exit(json_encode($out));
- case "editpunch":
- require_once __DIR__ . "/lib/userinfo.php";
- if (user_exists($VARS['user'])) {
- $uid = getUserByUsername($VARS['user'])['uid'];
- } else {
- returnToSender("invalid_user");
- }
-
- $in = strtotime($VARS['in']);
- $out = strtotime($VARS['out']);
- if ($in === false) {
- returnToSender("invalid_datetime");
- }
- if ($out === false) {
- returnToSender("invalid_datetime");
- }
- if ($out < $in) {
- returnToSender("in_before_out");
- }
-
- if (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN") || (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && isManagerOf($_SESSION['uid'], $uid)
- ) || (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_EDITSELF") && $_SESSION['uid'] == $uid
- )
- ) {
- $data = [
- "uid" => $uid,
- "in" => date('Y-m-d H:i:s', $in),
- "out" => date('Y-m-d H:i:s', $out),
- "notes" => $VARS['notes']
- ];
- if ($database->has("punches", ["punchid" => $VARS['punchid']])) {
- $database->update("punches", $data, ["punchid" => $VARS['punchid']]);
- } else {
- $database->insert("punches", $data);
- }
- returnToSender("punch_saved");
- } else {
- returnToSender("no_permission");
- }
- case "deletepunch":
- require_once __DIR__ . "/lib/userinfo.php";
-
- if (!$database->has("punches", ["punchid" => $VARS['punchid']])) {
- returnToSender("invalid_parameters");
- }
-
- $pid = $VARS['punchid'];
- $uid = $database->get("punches", "uid", ["punchid" => $pid]);
-
- if (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN") || (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && isManagerOf($_SESSION['uid'], $uid)
- ) || (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_EDITSELF") && $_SESSION['uid'] == $uid
- )
- ) {
-
- $database->delete("punches", ["punchid" => $VARS['punchid']]);
- returnToSender("punch_deleted");
- } else {
- returnToSender("no_permission");
- }
- case "editshift":
- if (account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {
- $valid_daycodes = ["Su", "Mo", "Tu", "We", "Th", "Fr", "Sa"];
-
- $name = htmlentities($VARS['shiftname']);
- $start = $VARS['start'];
- $end = $VARS['end'];
- $days = $VARS['days'];
-
- $startepoch = strtotime($start);
- if ($startepoch === false) {
- returnToSender("invalid_time");
- }
- $startformatted = date("H:i:s", $startepoch);
-
- $endepoch = strtotime($end);
- if ($endepoch === false) {
- returnToSender("invalid_time");
- }
- $endformatted = date("H:i:s", $endepoch);
-
- // Parse days into string, validating along the way
- $daystring = "";
- foreach ($days as $d) {
- if (in_array($d, $valid_daycodes)) {
- if (strpos($daystring, $d) === FALSE) {
- $daystring .= $d;
- }
- }
- }
-
- if (is_empty($VARS['shiftid'])) {
- if ($database->has('shifts', ['shiftname' => $name])) {
- returnToSender("shift_name_used");
- }
- $database->insert('shifts', ["shiftname" => $name, "start" => $startformatted, "end" => $endformatted, "days" => $daystring]);
- returnToSender("shift_added");
- } else if ($database->has('shifts', ['shiftid' => $VARS['shiftid']])) {
- $database->update('shifts', ["shiftname" => $name, "start" => $startformatted, "end" => $endformatted, "days" => $daystring], ["shiftid" => $VARS['shiftid']]);
- returnToSender("shift_saved");
- } else {
- returnToSender("invalid_shiftid");
- }
- } else {
- returnToSender("no_permission");
- }
- case "deleteshift":
- if (!$database->has('shifts', ['shiftid' => $VARS['shiftid']])) {
- returnToSender("invalid_shiftid");
- }
- if (account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {
- if ($database->has('assigned_shifts', ['shiftid' => $VARS['shiftid']])) {
- returnToSender('shift_has_users');
- }
- $database->delete('shifts', ['shiftid' => $VARS['shiftid']]);
- returnToSender("shift_deleted");
- } else {
- returnToSender("no_permission");
- }
- case "assignshift":
- if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && !account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {
- returnToSender("no_permission");
- }
- if (!$database->has('shifts', ['shiftid' => $VARS['shift']])) {
- returnToSender("invalid_shiftid");
- }
- $already_assigned = $database->select('assigned_shifts', 'uid', ['shiftid' => $VARS['shift']]);
- require_once __DIR__ . "/lib/userinfo.php";
- $managedusers = getManagedUsernames($_SESSION['uid']);
- $manageduids = getManagedUIDs($_SESSION['uid']);
- foreach ($VARS['users'] as $u) {
- if (!user_exists($u)) {
- returnToSender("user_not_exists", htmlentities($u));
- }
- $uid = getUserByUsername($u)['uid'];
- if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {
- if (!in_array($u, $managedusers) && !in_array($uid, $already_assigned)) {
- returnToSender("you_arent_my_supervisor", htmlentities($u));
- }
- }
- if (!in_array($uid, $already_assigned)) {
- $database->insert('assigned_shifts', ['uid' => $uid, 'shiftid' => $VARS['shift']]);
- }
- $already_assigned = array_diff($already_assigned, [$uid]); // Remove user from old list
- }
- // $already_assigned now only has removed users
- $removefailed = false;
- foreach ($already_assigned as $uid) {
- if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {
- if (!in_array($uid, $manageduids)) {
- $removefailed = true;
- continue;
- }
- }
- $database->delete('assigned_shifts', ["AND" => ['uid' => $uid, 'shiftid' => $VARS['shift']]]);
- }
- returnToSender($removefailed ? "shift_assigned_removefailed" : "shift_assigned");
- break;
- case "setjob":
- if ($database->count("job_groups") > 0) {
- require_once __DIR__ . "/lib/userinfo.php";
- $groups = getGroupsByUID($_SESSION['uid']);
- $gids = [];
- foreach ($groups as $g) {
- $gids[] = $g['id'];
- }
- $job = $database->has('jobs', ['[>]job_groups' => ['jobid']], ["AND" => ["OR" => ['groupid' => $gids, 'groupid #-1' => -1], 'deleted' => 0, 'jobs.jobid' => $VARS['job']]]);
- } else {
- $job = $database->has('jobs', 'jobid', ['jobid' => $VARS['job']]);
- }
- if ($job) {
- // Stop other jobs
- $database->update('job_tracking', ['end' => date("Y-m-d H:i:s")], ['AND' => ['uid' => $_SESSION['uid'], 'end' => null]]);
- $database->insert('job_tracking', ['uid' => $_SESSION['uid'], 'jobid' => $VARS['job'], 'start' => date("Y-m-d H:i:s")]);
- returnToSender("job_changed");
- } else if ($VARS['job'] == "-1") {
- $database->update('job_tracking', ['end' => date("Y-m-d H:i:s")], ['AND' => ['uid' => $_SESSION['uid'], 'end' => null]]);
- returnToSender("job_changed");
- } else {
- returnToSender("job_invalid");
- }
- break;
- case "editjob":
- if (account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {
- $name = htmlentities($VARS['jobname']);
- $code = $VARS['jobcode'];
- $color = $VARS['color'];
- $groups = $VARS['groups'];
-
- if (is_empty($VARS['jobid'])) {
- if ($database->has('jobs', ['jobname' => $name])) {
- returnToSender("job_name_used");
- }
- $database->insert('jobs', ["jobname" => $name, "jobcode" => $code, "color" => $color]);
- $jobid = $database->id();
- $database->delete('job_groups', ['jobid' => $jobid]);
- foreach ($groups as $g) {
- $database->insert('job_groups', ['jobid' => $jobid, 'groupid' => $g]);
- }
- returnToSender("job_added");
- } else if ($database->has('jobs', ['jobid' => $VARS['jobid']])) {
- $database->update('jobs', ["jobname" => $name, "jobcode" => $code, "color" => $color], ["jobid" => $VARS['jobid']]);
- $database->delete('job_groups', ['jobid' => $VARS['jobid']]);
- foreach ($groups as $g) {
- $database->insert('job_groups', ['jobid' => $VARS['jobid'], 'groupid' => $g]);
- }
- returnToSender("job_saved");
- } else {
- returnToSender("invalid_jobid");
- }
- } else {
- returnToSender("no_permission");
- }
- break;
- case "deletejob":
- if (account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {
- if (is_empty($VARS['jobid'])) {
- returnToSender("invalid_jobid");
- } else if ($database->has('jobs', ['jobid' => $VARS['jobid']])) {
- $database->update('jobs', ["deleted" => 1], ["jobid" => $VARS['jobid']]);
- returnToSender("job_deleted");
- } else {
- returnToSender("invalid_jobid");
- }
- } else {
- returnToSender("no_permission");
- }
- break;
- case "editjobhistory":
- require_once __DIR__ . "/lib/userinfo.php";
-
- if ($database->has('job_tracking', ['id' => $VARS['jobid']])) {
- $uid = $database->get('job_tracking', 'uid', ['id' => $VARS['jobid']]);
- } else {
- returnToSender("invalid_parameters");
- }
-
- if (!$database->has("jobs", ['jobid' => $VARS['job']])) {
- returnToSender("invalid_jobid");
- }
-
- $start = strtotime($VARS['start']);
- $end = strtotime($VARS['end']);
- if ($start === false) {
- returnToSender("invalid_datetime");
- }
- if ($end === false) {
- returnToSender("invalid_datetime");
- }
- if ($end < $start) {
- returnToSender("in_before_out");
- }
-
- if (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN") || (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && isManagerOf($_SESSION['uid'], $uid)
- ) || (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_EDITSELF") && $_SESSION['uid'] == $uid
- )
- ) {
- $data = [
- "jobid" => $VARS['job'],
- "start" => date('Y-m-d H:i:s', $start),
- "end" => date('Y-m-d H:i:s', $end)
- ];
- $database->update("job_tracking", $data, ["id" => $VARS['jobid']]);
- returnToSender("job_saved");
- } else {
- returnToSender("no_permission");
- }
- case "deletejobhistory":
- require_once __DIR__ . "/lib/userinfo.php";
-
- if ($database->has('job_tracking', ['id' => $VARS['jobid']])) {
- $uid = $database->get('job_tracking', 'uid', ['id' => $VARS['jobid']]);
- } else {
- returnToSender("invalid_parameters");
- }
-
- if (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN") || (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE") && isManagerOf($_SESSION['uid'], $uid)
- ) || (
- account_has_permission($_SESSION['username'], "QWIKCLOCK_EDITSELF") && $_SESSION['uid'] == $uid
- )
- ) {
-
- $database->delete("job_tracking", ["id" => $VARS['jobid']]);
- returnToSender("job_deleted");
- } else {
- returnToSender("no_permission");
- }
- case "autocomplete_user":
- header("Content-Type: application/json");
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', PORTAL_API, [
- 'form_params' => [
- 'key' => PORTAL_KEY,
- 'action' => "usersearch",
- 'search' => $VARS['q']
- ]
- ]);
-
- if ($response->getStatusCode() != 200) {
- exit("[]");
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- if ($resp['status'] == "OK") {
- if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) {
- require_once __DIR__ . "/lib/userinfo.php";
- $managed = getManagedUIDs($_SESSION['uid']);
- $result = $resp['result'];
- for ($i = 0; $i < count($result); $i++) {
- if (!in_array($result[$i]['uid'], $managed)) {
- $result[$i]['managed'] = 0;
- }
- }
- exit(json_encode($result));
- } else {
- exit(json_encode($resp['result']));
- }
- } else {
- exit("[]");
- }
- break;
- case "signout":
- session_destroy();
- header('Location: index.php');
- die("Logged out.");
- }
|