benstjohn · January 14, 2019 16:20
diff --git a/index.php b/index.php
 <?

 	require_once( dirname(__FILE__) . "/DB/config.php" );

 	//phpinfo(); exit;

 	function strFix($str)
 	{
 	   $str = str_replace("\\'", "'", $str);
 	   $str = str_replace("'''''", "'", $str);
 	   $str = str_replace("'''", "'", $str);
 	   $str = str_replace("''", "'", $str);
 	   return str_replace("'", "''", $str);
 	}

 	function formText($var, $row, $size=20)
 	{
 		return "<INPUT TYPE=text NAME=$var VALUE='" . $row->$var . "' SIZE='$size'>";
 	}

 	function formCheck($var, $row)
 	{
 		if ($row->$var) { $checked = " CHECKED "; }
 		return "
 	      <INPUT TYPE=checkbox $checked NAME='$var' VALUE='1'>";
 	}

 	$database = "timec_main";
 	$mainDatabase = "timec_main";
 	$sdb->select( $mainDatabase );

 	//$usernameD = explode( ".", $SERVER_NAME );
 	//$usernameD = $usernameD[0];
 	//This is where we get the username
 	$usernameD = "ljcc";

 	//get main user id, put this in before I saw the $account->ID, will remove this and use $account->ID
 	$sqlString = "SELECT ID FROM users WHERE username = '$usernameD' LIMIT 1";
 	$row = $sdb->get_row( $sqlString, ARRAY_A );
 	$mainUserID = $row['ID'];

 	if ($HTTP_HOST == "www.janitime.com" || $HTTP_HOST == "janitime.com" )
 	{
 		header( "Location: home.php" );
 		die();
 	}

 	//getting main/account ID here... $account->ID
 	$sqlString = "SELECT * FROM users WHERE username = '$usernameD'";
 	$account = $sdb->get_row( $sqlString );

 	if ( $account ) { } else { echo "****"; die(); }

 	if ($payEndDate || $payEndTime || $payOften || $payDate || $time1 || $time2 || $setting_timezone)
 	{

 		$t= explode(":", $time1);
 		$t = $t[0] * 60 *60 + $t[1] * 60 + 59;
 		if ($time2) { $t += 43200; }
 		$payEndTime = $t;
 		$payDate = strtotime($payDate);
 		$settingsUpdated = 1;
 		$sqlString = "UPDATE settings SET payEndDay = '$payEndDay', payEndTime = '$payEndTime', payOften = '$payOften', payDate = '$payDate', timezone = '$setting_timezone' WHERE userID = '$account->ID'";
 		$sdb->query( $sqlString );
 	}
 	if ($budgetHours || $costPerHour)
 	{
 		$sqlString = "UPDATE settings SET budgetHours = '$budgetHours', costPerHour = '$costPerHour' WHERE userID = '$account->ID'";
 		$sdb->query( $sqlString );
 	}

 	//getting settings
 	$sqlString = "SELECT * FROM settings WHERE userID = '$account->ID'";
 	$US = $sdb->get_row( $sqlString );

 	if ( $US ) { } else {
 		$sqlString = "INSERT INTO `timec_main`.`settings` (`userID`, `payEndDay`, `payEndTime`, `payOften`, `payDate`, `timezone`, `showCostPerBuilding`) VALUES
 																			('$account->ID', '0', '86399', '14', '1278219600', '1', '0');";
 		$sdb->query( $sqlString );
 	}
 	
 	//mysql_connect("localhost", "timec_$account->ID", "$account->password");
 	$database = "timec_$account->ID";
 	if ( $account->ID ) { $sdb->select( $database ); }

 	if ($logout == 1)
 	{
 		setcookie( "username", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
 		setcookie( "password", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
 		setcookie( "timezone", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
 		$username = '';
 		redir( "/" );
 	}

 	if ($username1)
 	{
 		$username = $username1;
 		$password = $password1;
 	}


 	if ($username && $password)
 	{
 		$sqlString = "SELECT * FROM users WHERE username = '$username' AND password = '$password' AND `access` < 10";
 		$row = $sdb->get_row( $sqlString );
 		if ( $row )
 		{
 			if ( !$US->timezone ) { $tz = 0; }
 			else { $tz = $US->timezone - 1; }
 			$loggedIn = 1;
 			$user = $row;
 			setcookie( "username", "$username", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );
 			setcookie( "password", "$password", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );
 			setcookie( "timezone", "$tz hour", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );

 			if ( $row->access > 4 )
 			{
 				$managerWhere = " (manager = '$row->ID' OR manager2 = '$row->ID' )";
 				$employeesManagerWhere = " (employees.manager = '$row->ID' OR employees.manager2 = '$row->ID') ";
 				$buildingsManagerWhere = " buildings.manager = '$row->ID' ";
 				$userWhere = " ID = '$row->ID' ";
 			} else {
 				$accessWhere = " 1 ";
 				$managerWhere = " 1 ";
 				$buildingsManagerWhere = " 1 ";
 				$employeesManagerWhere = " 1 ";
 				$userWhere = " 1 ";
 			}	

 			$sqlString = "SELECT * FROM employees WHERE $managerWhere order by name";
 			$rows = $sdb->get_results( $sqlString );
 			foreach ( $rows as $row )
 			{
 				$employees[] = $row;
 			}
 	
 			$sqlString = "SELECT * FROM buildings WHERE $managerWhere order by name";
 			$rows = $sdb->get_results( $sqlString );
 			foreach ( $rows as $row )
 			{
 				$buildings[] = $row;
 			}
 	
 			$sqlString = "SELECT * FROM users WHERE $userWhere order by username";
 			$rows = $sdb->get_results( $sqlString );
 			foreach ( $rows as $row )
 			{
 				$row->password = '';
 				$users[] = $row;
 			}

 			if ( $_POST['flogin'] ) { redir( "/?report=daily" ); }

 		} else {
 			$error = "Bad username or password.";
 		}
 	}


 	include("header.php");

 	if (!$loggedIn)
 	{
 		echo '<CENTER>
 		<table width=400px><tr><td align=center>
 		<table width=300px border=0 align=center><FORM METHOD="POST" ACTION="index.php" ><input type="hidden" name="flogin" value="1" />
 		<TR><TD colspan=2 align=center>
 		<CENTER>  <H2>Administration Login</H2>
 		</TD></TR>
 		';
 		if ($error)
 		{
 			echo "<TR><TD COLSPAN=5><FONT COLOR=red>$error</FONT></TD></TR>";
 		}
 		echo '
 		<tr><td><b>Username</b>:</td><td align=right><INPUT TYPE="text" NAME="username1" VALUE="" size=15>
 		</td></tr><tr><td><b>Password</b>:</td><td align=right><INPUT  TYPE="password" NAME="password1" size=15>
 		</td></tr><tr><td colspan=2 align=center><INPUT CLASS="submit" TYPE="submit" VALUE="Login">
 		</td></tr></table></FORM>
 		</td></TR></TABLE>
 		
 		</div>
 		
 		</body>
 		</html>
 		';
 	}
 	else {

 		require_once( "update_payweek_date.php" );

 		if (substr(strtolower($_SERVER['HTTP_USER_AGENT']),10) == "blackberry")
 		{
 			if (!$report)
 			{
 				echo "
 				<A HREF=?report=daily>Daily</A><BR>
 				<A HREF=?report=quality>Quality Check</A><BR>";
 			}	
 	
 			if ($report == "quality") { include("quality.php"); }
 			if ($report == "daily") { include("daily.php"); }

 		}
 		else {
 			//include("header.php");

 			echo '
 			<script language="jscript" type="text/javascript">	
 			function Confirm()
 			{
 				return confirm ("Are you sure you want to do this?");
 			}	
 			</script>

 			<link rel="stylesheet" href="/css/main.css" type="text/css" />
 	
 			<TABLE width="100%">
 				<TR>
 			';
 	/*
 			<TD VALIGN=TOP>';

 	//Menu
 echo "
 <BR>
 <A HREF=?report=employees>Employees</A><BR>
 <A HREF=?report=buildings>Buildings</A><BR>
 <A HREF=?report=callerid>Caller ID Report</A><BR>
 <A HREF=?report=daily>Daily</A><BR>
 <A HREF=?report=schedule>Schedule</A><BR>
 <A HREF=?report=timeCards>Time Cards</A><BR>
 <A HREF=?report=quality>Quality Check</A><BR>
 <A HREF=?report=view>View Quality Check</A><BR>
 <A HREF=?report=settings>Settings</A><BR>
 ";
 if ($user->access < 5)
 {
 	echo "
 <A HREF=?report=users>Users</A><BR>
 		";
 }
 echo "
 </TD>
 */

 echo "<TD>";

 switch ($US->timezone){
 	case 1:
 		$timeDifference = 0;
 		$zoneName = 'Eastern';
 		break;
 	case 2:
 		$timeDifference = 3600;
 		$zoneName = 'Central';
 		break;
 	case 3:
 		$timeDifference = 7200;
 		$zoneName = 'Mountain';
 		break;
 	case 4:
 		$timeDifference = 10800;
 		$zoneName = 'Pacific';
 		break;
 }

 	if ( !$report ) { $report = "intro"; }
 	include( $report .".php" );

 /*
 if ($report == "users") { include("users.php"); }
 if ($report == "buildings") { include("buildings.php"); }
 if ($report == "employees") { include("employees.php"); }
 if ($report == "callerid") { include("callerid.php"); }
 if ($report == "weekly") { include("weekly.php"); }
 if ($report == "viewIndiv") { include("viewIndiv.php"); }
 if ($report == "schedule") { include("schedule.php"); }
 if ($report == "scheduleEmployee") { include("scheduleEmployee.php"); }
 if ($report == "scheduleBuilding") { include("scheduleBuilding.php"); }
 if ($report == "timeCards") { include("timeCards.php"); }
 if ($report == "quality") { include("quality.php"); }
 if ($report == "daily") { include("daily.php"); }
 if ($report == "qthanks") { include("qthanks.php"); }
 if ($report == "qthanks2") { include("qthanks2.php"); }
 if ($report == "view") { include("view.php"); }
 if ($report == "settings") { include("settings.php"); }
 if ($report == "voicemail") { include("voicemail.php"); }
 if ($report == "voicemessage") { include("voicemessage.php"); }
 if (!$report) { include("intro.php"); }
 */

 }
 }
 ?>
 <script type="text/javascript">
 	$(document).ready(function(){

 		$(".submit, #divButton, .divButton, #linkButton").button();
 		$(".divButtonSmall > span").attr('style','padding-top: 2px; padding-bottom: 2px; font-size: 8pt;');

 		$(".calendar-toggle").button({
 			icons: { primary: 'ui-icon-calendar' }
 		});
 		//$(".calendar-toggle > span").attr('style','padding-top: 2px; padding-bottom: 2px; font-size: 8pt;');

 		$(".calendar-toggle").click(function(){
 			$("#calendar").toggle();
 		});
 		$("#calendar-div").datepicker();

 	});
 </script>
 <div id="dialog-form" class="hidden font10"></div>
 <div id="dialog-message" class="hidden font10"></div>
 <div id="dialog-confirm" title="Confirm Delete Action" class="hidden font10">
 	<p>
 		<span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span>
 		This will be permanently deleted and cannot be recovered. Are you sure?
 	</p>
 </div>
	<?

	require_once( dirname(__FILE__) . "/DB/config.php" );

	//phpinfo(); exit;

	function strFix($str)
	{
	$str = str_replace("\\'", "'", $str);
	$str = str_replace("'''''", "'", $str);
	$str = str_replace("'''", "'", $str);
	$str = str_replace("''", "'", $str);
	return str_replace("'", "''", $str);
	}

	function formText($var, $row, $size=20)
	{
	return "<INPUT TYPE=text NAME=$var VALUE='" . $row->$var . "' SIZE='$size'>";
	}

	function formCheck($var, $row)
	{
	if ($row->$var) { $checked = " CHECKED "; }
	return "
	<INPUT TYPE=checkbox $checked NAME='$var' VALUE='1'>";
	}

	$database = "timec_main";
	$mainDatabase = "timec_main";
	$sdb->select( $mainDatabase );

	//$usernameD = explode( ".", $SERVER_NAME );
	//$usernameD = $usernameD[0];
	//This is where we get the username
	$usernameD = "ljcc";

	//get main user id, put this in before I saw the $account->ID, will remove this and use $account->ID
	$sqlString = "SELECT ID FROM users WHERE username = '$usernameD' LIMIT 1";
	$row = $sdb->get_row( $sqlString, ARRAY_A );
	$mainUserID = $row['ID'];

	if ($HTTP_HOST == "www.janitime.com" \|\| $HTTP_HOST == "janitime.com" )
	{
	header( "Location: home.php" );
	die();
	}

	//getting main/account ID here... $account->ID
	$sqlString = "SELECT * FROM users WHERE username = '$usernameD'";
	$account = $sdb->get_row( $sqlString );

	if ( $account ) { } else { echo "****"; die(); }

	if ($payEndDate \|\| $payEndTime \|\| $payOften \|\| $payDate \|\| $time1 \|\| $time2 \|\| $setting_timezone)
	{

	$t= explode(":", $time1);
	$t = $t[0] * 60 60 + $t[1] 60 + 59;
	if ($time2) { $t += 43200; }
	$payEndTime = $t;
	$payDate = strtotime($payDate);
	$settingsUpdated = 1;
	$sqlString = "UPDATE settings SET payEndDay = '$payEndDay', payEndTime = '$payEndTime', payOften = '$payOften', payDate = '$payDate', timezone = '$setting_timezone' WHERE userID = '$account->ID'";
	$sdb->query( $sqlString );
	}
	if ($budgetHours \|\| $costPerHour)
	{
	$sqlString = "UPDATE settings SET budgetHours = '$budgetHours', costPerHour = '$costPerHour' WHERE userID = '$account->ID'";
	$sdb->query( $sqlString );
	}

	//getting settings
	$sqlString = "SELECT * FROM settings WHERE userID = '$account->ID'";
	$US = $sdb->get_row( $sqlString );

	if ( $US ) { } else {
	$sqlString = "INSERT INTO `timec_main`.`settings` (`userID`, `payEndDay`, `payEndTime`, `payOften`, `payDate`, `timezone`, `showCostPerBuilding`) VALUES
	('$account->ID', '0', '86399', '14', '1278219600', '1', '0');";
	$sdb->query( $sqlString );
	}

	//mysql_connect("localhost", "timec_$account->ID", "$account->password");
	$database = "timec_$account->ID";
	if ( $account->ID ) { $sdb->select( $database ); }

	if ($logout == 1)
	{
	setcookie( "username", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
	setcookie( "password", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
	setcookie( "timezone", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
	$username = '';
	redir( "/" );
	}

	if ($username1)
	{
	$username = $username1;
	$password = $password1;
	}


	if ($username && $password)
	{
	$sqlString = "SELECT * FROM users WHERE username = '$username' AND password = '$password' AND `access` < 10";
	$row = $sdb->get_row( $sqlString );
	if ( $row )
	{
	if ( !$US->timezone ) { $tz = 0; }
	else { $tz = $US->timezone - 1; }
	$loggedIn = 1;
	$user = $row;
	setcookie( "username", "$username", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );
	setcookie( "password", "$password", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );
	setcookie( "timezone", "$tz hour", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );

	if ( $row->access > 4 )
	{
	$managerWhere = " (manager = '$row->ID' OR manager2 = '$row->ID' )";
	$employeesManagerWhere = " (employees.manager = '$row->ID' OR employees.manager2 = '$row->ID') ";
	$buildingsManagerWhere = " buildings.manager = '$row->ID' ";
	$userWhere = " ID = '$row->ID' ";
	} else {
	$accessWhere = " 1 ";
	$managerWhere = " 1 ";
	$buildingsManagerWhere = " 1 ";
	$employeesManagerWhere = " 1 ";
	$userWhere = " 1 ";
	}

	$sqlString = "SELECT * FROM employees WHERE $managerWhere order by name";
	$rows = $sdb->get_results( $sqlString );
	foreach ( $rows as $row )
	{
	$employees[] = $row;
	}

	$sqlString = "SELECT * FROM buildings WHERE $managerWhere order by name";
	$rows = $sdb->get_results( $sqlString );
	foreach ( $rows as $row )
	{
	$buildings[] = $row;
	}

	$sqlString = "SELECT * FROM users WHERE $userWhere order by username";
	$rows = $sdb->get_results( $sqlString );
	foreach ( $rows as $row )
	{
	$row->password = '';
	$users[] = $row;
	}

	if ( $_POST['flogin'] ) { redir( "/?report=daily" ); }

	} else {
	$error = "Bad username or password.";
	}
	}


	include("header.php");

	if (!$loggedIn)
	{
	echo '<CENTER>
	<table width=400px><tr><td align=center>
	<table width=300px border=0 align=center><FORM METHOD="POST" ACTION="index.php" ><input type="hidden" name="flogin" value="1" />
	<TR><TD colspan=2 align=center>
	<CENTER> <H2>Administration Login</H2>
	</TD></TR>
	';
	if ($error)
	{
	echo "<TR><TD COLSPAN=5><FONT COLOR=red>$error</FONT></TD></TR>";
	}
	echo '
	<tr><td><b>Username</b>:</td><td align=right><INPUT TYPE="text" NAME="username1" VALUE="" size=15>
	</td></tr><tr><td><b>Password</b>:</td><td align=right><INPUT TYPE="password" NAME="password1" size=15>
	</td></tr><tr><td colspan=2 align=center><INPUT CLASS="submit" TYPE="submit" VALUE="Login">
	</td></tr></table></FORM>
	</td></TR></TABLE>

	</div>

	</body>
	</html>
	';
	}
	else {

	require_once( "update_payweek_date.php" );

	if (substr(strtolower($_SERVER['HTTP_USER_AGENT']),10) == "blackberry")
	{
	if (!$report)
	{
	echo "
	<A HREF=?report=daily>Daily</A><BR>
	<A HREF=?report=quality>Quality Check</A><BR>";
	}

	if ($report == "quality") { include("quality.php"); }
	if ($report == "daily") { include("daily.php"); }

	}
	else {
	//include("header.php");

	echo '
	<script language="jscript" type="text/javascript">
	function Confirm()
	{
	return confirm ("Are you sure you want to do this?");
	}
	</script>

	<link rel="stylesheet" href="/css/main.css" type="text/css" />

	<TABLE width="100%">
	<TR>
	';
	/*
	<TD VALIGN=TOP>';

	//Menu
	echo "
	<BR>
	<A HREF=?report=employees>Employees</A><BR>
	<A HREF=?report=buildings>Buildings</A><BR>
	<A HREF=?report=callerid>Caller ID Report</A><BR>
	<A HREF=?report=daily>Daily</A><BR>
	<A HREF=?report=schedule>Schedule</A><BR>
	<A HREF=?report=timeCards>Time Cards</A><BR>
	<A HREF=?report=quality>Quality Check</A><BR>
	<A HREF=?report=view>View Quality Check</A><BR>
	<A HREF=?report=settings>Settings</A><BR>
	";
	if ($user->access < 5)
	{
	echo "
	<A HREF=?report=users>Users</A><BR>
	";
	}
	echo "
	</TD>
	*/

	echo "<TD>";

	switch ($US->timezone){
	case 1:
	$timeDifference = 0;
	$zoneName = 'Eastern';
	break;
	case 2:
	$timeDifference = 3600;
	$zoneName = 'Central';
	break;
	case 3:
	$timeDifference = 7200;
	$zoneName = 'Mountain';
	break;
	case 4:
	$timeDifference = 10800;
	$zoneName = 'Pacific';
	break;
	}

	if ( !$report ) { $report = "intro"; }
	include( $report .".php" );

	/*
	if ($report == "users") { include("users.php"); }
	if ($report == "buildings") { include("buildings.php"); }
	if ($report == "employees") { include("employees.php"); }
	if ($report == "callerid") { include("callerid.php"); }
	if ($report == "weekly") { include("weekly.php"); }
	if ($report == "viewIndiv") { include("viewIndiv.php"); }
	if ($report == "schedule") { include("schedule.php"); }
	if ($report == "scheduleEmployee") { include("scheduleEmployee.php"); }
	if ($report == "scheduleBuilding") { include("scheduleBuilding.php"); }
	if ($report == "timeCards") { include("timeCards.php"); }
	if ($report == "quality") { include("quality.php"); }
	if ($report == "daily") { include("daily.php"); }
	if ($report == "qthanks") { include("qthanks.php"); }
	if ($report == "qthanks2") { include("qthanks2.php"); }
	if ($report == "view") { include("view.php"); }
	if ($report == "settings") { include("settings.php"); }
	if ($report == "voicemail") { include("voicemail.php"); }
	if ($report == "voicemessage") { include("voicemessage.php"); }
	if (!$report) { include("intro.php"); }
	*/

	}
	}
	?>
	<script type="text/javascript">
	$(document).ready(function(){

	$(".submit, #divButton, .divButton, #linkButton").button();
	$(".divButtonSmall > span").attr('style','padding-top: 2px; padding-bottom: 2px; font-size: 8pt;');

	$(".calendar-toggle").button({
	icons: { primary: 'ui-icon-calendar' }
	});
	//$(".calendar-toggle > span").attr('style','padding-top: 2px; padding-bottom: 2px; font-size: 8pt;');

	$(".calendar-toggle").click(function(){
	$("#calendar").toggle();
	});
	$("#calendar-div").datepicker();

	});
	</script>
	<div id="dialog-form" class="hidden font10"></div>
	<div id="dialog-message" class="hidden font10"></div>
	<div id="dialog-confirm" title="Confirm Delete Action" class="hidden font10">
	<p>
	<span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span>
	This will be permanently deleted and cannot be recovered. Are you sure?
	</p>
	</div>