File: /home/imensosw/public_html/imenso.co/timesheet/api/admin.php
<?php
ob_start();
require_once '../lib/lib.inc.php';
logit(INFO, 'starting admin');
$resp = new stdClass();
$resp->error = false;
$resp->msg = [];
if(!dbConnect()){
$resp->error = "Database error";
}
$admin = new ADMIN();
//logit(INFO, "REQUEST: " . print_r($_REQUEST,1));
switch ($_REQUEST["action"]) {
case "getuser":
if($admin->checkAuth()){
$admin->makeUser();
$admin->getUser();
}
break;
case "saveuser":
if($admin->checkAuth()){
$admin->makeUser();
if($admin->checkUser())
{
$admin->saveUser();
}
}
break;
case "deleteuser":
if($admin->checkAuth()){
$admin->makeUser();
$admin->deleteUser();
}
break;
case "getreport":
if($admin->checkAuth()){
$admin->makeReport();
$admin->getReport();
}
break;
case "getreportform":
if($admin->checkAuth()){
$admin->getReportForm();
}
break;
default:
$admin->resp->error = "No command found";
logit(INFO, "GOT TO DEFAULT");
} //-es
if ($resp->error) {
error();
} else {
respond();
}
class ADMIN
{
public function __construct()
{
global $resp;
$this->resp = &$resp;
$this->init();
} //- ef
private function init() {
} //- init
public function checkAuth()
{
if(tokenTimeout($_REQUEST["token"]) || !isAdmin($_REQUEST["token"]))
{
$this->resp->error = true;
$this->resp->msg = "timeout out";
return false;
}
return true;
}
public function getUser(){
//access_level NOT IN(3) and
global $config;
$resultsperpage=$config['resultsperpage'];
$search_title=$this->user['search_title'];
$page=$this->user['page'];
$sorting=$this->user['sorting'];
$sortingby=$this->user['sortingby'];
if($sorting=="")
{
$sorting="";
$sortingby="";
}
$offset = $resultsperpage * ($page-1) ;
$in = array (
":firstname" => "%".$this->user['search_title']."%",
":email" => "%".$this->user['search_title']."%"
);
$sql = "SELECT SQL_CALC_FOUND_ROWS id,firstname,lastname,email,token,usertype FROM users where firstname like :firstname or email like :email order by $sorting $sortingby limit $offset,$resultsperpage";
if ($rc=dbPdoQuery($sql,$in)) {
while ($row = dbPdoFetch($rc)) {
$this->resp->users[] = $row;
}
$this->paginationResult($this->user['page']);
} else {
logit(WARN,"Did not get User List");
$this->resp->msg[] = "not found.";
}
} //- getUser
public function makeUser()
{
$this->user=$_REQUEST["user"];
}
public function checkUser()
{
if(!trim(strlen($this->user['fname'])))
{
$this->resp->msg[] = 'Please enter first name';
}
if(!trim(strlen($this->user['lname'])))
{
$this->resp->msg[] = 'Please enter last name';
}
if(!trim(strlen($this->user['email'])))
{
$this->resp->msg[] = 'Please enter e-mail address';
}
else if(!filter_var($this->user['email'], FILTER_VALIDATE_EMAIL))
{
$this->resp->msg[] = 'Invalid e-mail address';
}
if($this->user['id']==""){
if(!trim(strlen($this->user['password'])))
{
$this->resp->msg[] = 'Please enter password';
}
else if(strlen(trim($this->user['password']))<6)
{
$this->resp->msg[] = 'Password must be at least 6 digits!';
}
}
if(!trim(strlen($this->user['usertype'])) )
{
$this->resp->msg[] = 'Please select user type';
}
if(count($this->resp->msg)>0)
{
return false;
}
return true;
}
public function saveUser()
{
if(is_numeric($this->user['id']) AND $this->user['id'] > 0)
{
$this->updateUser();
}
else
{
$in = array (
":firstname" => $this->user['fname'],
":lastname" => $this->user['lname'],
":email" => $this->user['email'],
":password" => hashPassword($this->user['password']),
":usertype"=>$this->user['usertype'],
":created_at"=>date('Y-m-d H:i:s'),
":updated_at"=>date('Y-m-d H:i:s'),
":token"=>sha1(date("Y-M-D s") . $this->user['email'])
);
$in1 = array (
":email" => $this->user['email']
);
$email=$this->user['email'];
$sql = "SELECT * FROM users where email=:email";
if ($rc=dbPdoQuery($sql,$in1) AND $row = dbPdoFetchall($rc)) {
logit(INFO,"User already exist");
$this->resp->msg[] = "User already exist.";
}
else{
$sql="INSERT INTO users (firstname,lastname,email,token,password,usertype,created_at,updated_at) VALUES(:firstname,:lastname,:email,:token,:password,:usertype,:created_at,:updated_at)";
if ($rc = dbPdoQuery($sql,$in)) {
logit(INFO, "SQL ", $sql);
logit(INFO,"Inserted user with ID ");
} else {
logit(WARN," DB Error: $sql in ".__FILE__." on line: ".__LINE__);
error("Database error [db03]");
}
}
}
} //- saveUser
public function updateUser()
{
$in = array (
":firstname" => $this->user['fname'],
":lastname" => $this->user['lname'],
":email" => $this->user['email'],
":usertype"=>$this->user['usertype'],
":id" => $this->user['id'],
":updated_at"=>date('Y-m-d H:i:s'),
);
$in1 = array (
":email" => $this->user['email'],
":id" => $this->user['id'],
);
$sql = "SELECT * FROM users where id not in(:id) and email=:email";
if ($rc=dbPdoQuery($sql,$in1) AND $row = dbPdoFetch($rc)) {
logit(WARN,"Email already exist");
$this->resp->msg[] = "Email already exist.";
}
else
{
$in2 = array (
":token" => $_REQUEST["token"],
":id" => $this->user['id']
);
$sql = "SELECT * FROM users where id=:id and token=:token";
if ($rc=dbPdoQuery($sql,$in2) AND $row = dbPdoFetch($rc)) {
if($row['usertype']!=$this->user['usertype'])
{
logit(INFO,"You can't be change user type");
$this->resp->msg[] = "You can't be change self user type.";
}
}
$sql="UPDATE users SET firstname=:firstname, lastname=:lastname ,email =:email,usertype=:usertype , updated_at=:updated_at WHERE id=:id";
$rc = dbPdoQuery($sql,$in);
logit(INFO, "The user is ", $in);
if($rc = dbPdoQuery($sql,$in)) {
logit(INFO,"Updated user with ID " . $this->user['id']);
} else {
logit(WARN," DB Error: $sql in ".__FILE__." on line: ".__LINE__);
error("Database error [db02]");
}
}
}//- editUser
public function deleteUser()
{
$in = array (
":id" => $this->user['id'],
);
$in1 = array (
":token" => $_REQUEST["token"],
":usertype" =>"admin"
);
$sql = "SELECT * FROM users where token=:token and usertype=:usertype";
if ($rc=dbPdoQuery($sql,$in1) AND $row = dbPdoFetch($rc)) {
if($row['id']!=$this->user['id'])
{
$sql="DELETE FROM users WHERE id=:id";
$rc = dbPdoQuery($sql,$in);
logit(INFO,"deleted user with ID " . $this->user['id']);
}
else
{
logit(INFO,"You can't be delete yourself id ". $this->user['id']);
$this->resp->msg[] = "You can not delete yourself.";
}
}
else {
logit(WARN," DB Error: $sql in ".__FILE__." on line: ".__LINE__);
error("Database error [db02]");
}
}//- deleteUser
public function paginationResult($page)
{
global $config;
$sql_count="SELECT FOUND_ROWS() as total";
if ($rc=dbPdoQuery($sql_count)) {
if(count($row = dbPdoFetch($rc))>0)
{
$total=ceil($row["total"] /$config['resultsperpage']);
$this->resp->paginationresult=array("total"=>$total,"page"=>$page);
}
}
}
public function getReport(){
//access_level NOT IN(3) and
global $config;
$resultsperpage=$config['resultsperpage'];
$search_title=$this->report['project_id'];
$page=$this->report['page'];
$sorting=$this->report['sorting'];
$sortingby=$this->report['sortingby'];
if($sorting=="")
{
$sorting="";
$sortingby="";
}
$offset = $resultsperpage * ($page-1) ;
$in=array();
/* $in = array (
":firstname" =>$this->report['project_id'],
":project_name" =>$this->report['project_id']
);*/
$searchSql="";
if($this->report['project_id']>0)
{
$in=array_merge($in,array(":project_id"=>$this->report['project_id']));
if($searchSql!="")
{
$searchSql.=" and";
}
$searchSql.=" projects.id = :project_id";
}
if($this->report['user_id']>0)
{
$in=array_merge($in,array(":user_id"=>$this->report['user_id']));
if($searchSql!="")
{
$searchSql.=" and";
}
$searchSql.=" users.id =:user_id";
}
if($this->report['task_id']>0)
{
$in=array_merge($in,array(":task_id"=>$this->report['task_id']));
if($searchSql!="")
{
$searchSql.=" and";
}
$searchSql.=" timesheet_history.task_id = :task_id";
}
if($this->report['from_date']!="" && $this->report['to_date']=="")
{
$in=array_merge($in,array(":task_date"=>$this->report['from_date']));
if($searchSql!="")
{
$searchSql.=" and";
}
$searchSql.=" timesheet_history.task_date = :task_date";
}
if($this->report['to_date']!="" && $this->report['from_date']=="")
{
$in=array_merge($in,array(":task_date"=>$this->report['to_date']));
if($searchSql!="")
{
$searchSql.=" and";
}
$searchSql.=" timesheet_history.task_date < :task_date";
}
if($this->report['to_date']!="" && $this->report['from_date']!="")
{
$in=array_merge($in,array(":from_date"=>$this->report['from_date'],":to_date"=>$this->report['to_date']));
if($searchSql!="")
{
$searchSql.=" and";
}
$searchSql.=" timesheet_history.task_date BETWEEN :from_date and :to_date";
}
if($searchSql!="")
{
$searchSql=" where ".$searchSql;
}
// print_r($in);
// echo $searchSql;
$downloadsql="";
$downloadsqlGroupBy="";
if($this->report['download']!="")
{
$downloadsql=" , SEC_TO_TIME( SUM( TIME_TO_SEC( `time` ) ) ) AS total_time ";
$downloadsqlGroupBy=" group by timesheet_history.task_id ";
}
$sql = "SELECT SQL_CALC_FOUND_ROWS projects.project_name,timesheet_history.id,Date_Format(timesheet_history.task_date,'%d %b %Y') as task_date,task_master.taskname as task_name,timesheet_history.time as ctime, users.email $downloadsql FROM timesheet_history LEFT JOIN projects ON timesheet_history.project_id=projects.id LEFT JOIN users ON timesheet_history.user_id=users.id LEFT JOIN task_master ON timesheet_history.task_id=task_master.id $searchSql $downloadsqlGroupBy order by $sorting $sortingby ";
if($this->report['download']=="")
{
$sql.=" limit $offset,$resultsperpage";
}
if ($rc=dbPdoQuery($sql,$in)) {
while ($row = dbPdoFetch($rc)) {
$this->resp->reports[] = $row;
}
$this->paginationResult($this->report['page']);
} else {
logit(WARN,"Did not get User List");
$this->resp->msg[] = "not found.";
}
} //- getReport
public function makeReport()
{
$this->report=$_REQUEST["report"];
}
public function getReportForm(){
$sql = "SELECT id, project_name as name FROM projects order by project_name asc";
if ($rc=dbPdoQuery($sql)) {
while ($row = dbPdoFetch($rc)) {
$this->resp->getproject[] = $row;
}
} else {
logit(WARN,"Did not get User List");
$this->resp->msg[] = "not found.";
}
$sql = "SELECT id, taskname as name FROM task_master order by taskname asc";
if ($rc=dbPdoQuery($sql)) {
while ($row = dbPdoFetch($rc)) {
$this->resp->gettask[] = $row;
}
} else {
logit(WARN,"Did not get User List");
$this->resp->msg[] = "not found.";
}
$sql = "SELECT id, firstname as name FROM users order by firstname asc";
if ($rc=dbPdoQuery($sql)) {
while ($row = dbPdoFetch($rc)) {
$this->resp->getuser[] = $row;
}
} else {
logit(WARN,"Did not get User List");
$this->resp->msg[] = "not found.";
}
} //- getAddForm
}
?>