benstjohn/index.php

## index.php
<?

	require_once( dirname(__FILE__) . "/DB/config.php" );

	//phpinfo(); exit;

	function strFix($str)
	{
	   $str = str_replace("\\'", "'", $str);
	   $str = str_replace("'''''", "'", $str);
	   $str = str_replace("'''", "'", $str);
	   $str = str_replace("''", "'", $str);
	   return str_replace("'", "''", $str);
	}

	function formText($var, $row, $size=20)
	{
		return "<INPUT TYPE=text NAME=$var VALUE='" . $row->$var . "' SIZE='$size'>";
	}

	function formCheck($var, $row)
	{
		if ($row->$var) { $checked = " CHECKED "; }
		return "
	      <INPUT TYPE=checkbox $checked NAME='$var' VALUE='1'>";
	}

	$database = "timec_main";
	$mainDatabase = "timec_main";
	$sdb->select( $mainDatabase );

	//$usernameD = explode( ".", $SERVER_NAME );
	//$usernameD = $usernameD[0];
	//This is where we get the username
	$usernameD = "ljcc";

	//get main user id, put this in before I saw the $account->ID, will remove this and use $account->ID
	$sqlString = "SELECT ID FROM users WHERE username = '$usernameD' LIMIT 1";
	$row = $sdb->get_row( $sqlString, ARRAY_A );
	$mainUserID = $row['ID'];

	if ($HTTP_HOST == "www.janitime.com" || $HTTP_HOST == "janitime.com" )
	{
		header( "Location: home.php" );
		die();
	}

	//getting main/account ID here... $account->ID
	$sqlString = "SELECT * FROM users WHERE username = '$usernameD'";
	$account = $sdb->get_row( $sqlString );

	if ( $account ) { } else { echo "****"; die(); }

	if ($payEndDate || $payEndTime || $payOften || $payDate || $time1 || $time2 || $setting_timezone)
	{

		$t= explode(":", $time1);
		$t = $t[0] * 60 *60 + $t[1] * 60 + 59;
		if ($time2) { $t += 43200; }
		$payEndTime = $t;
		$payDate = strtotime($payDate);
		$settingsUpdated = 1;
		$sqlString = "UPDATE settings SET payEndDay = '$payEndDay', payEndTime = '$payEndTime', payOften = '$payOften', payDate = '$payDate', timezone = '$setting_timezone' WHERE userID = '$account->ID'";
		$sdb->query( $sqlString );
	}
	if ($budgetHours || $costPerHour)
	{
		$sqlString = "UPDATE settings SET budgetHours = '$budgetHours', costPerHour = '$costPerHour' WHERE userID = '$account->ID'";
		$sdb->query( $sqlString );
	}

	//getting settings
	$sqlString = "SELECT * FROM settings WHERE userID = '$account->ID'";
	$US = $sdb->get_row( $sqlString );

	if ( $US ) { } else {
		$sqlString = "INSERT INTO `timec_main`.`settings` (`userID`, `payEndDay`, `payEndTime`, `payOften`, `payDate`, `timezone`, `showCostPerBuilding`) VALUES
																			('$account->ID', '0', '86399', '14', '1278219600', '1', '0');";
		$sdb->query( $sqlString );
	}

	//mysql_connect("localhost", "timec_$account->ID", "$account->password");
	$database = "timec_$account->ID";
	if ( $account->ID ) { $sdb->select( $database ); }

	if ($logout == 1)
	{
		setcookie( "username", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
		setcookie( "password", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
		setcookie( "timezone", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
		$username = '';
		redir( "/" );
	}

	if ($username1)
	{
		$username = $username1;
		$password = $password1;
	}


	if ($username && $password)
	{
		$sqlString = "SELECT * FROM users WHERE username = '$username' AND password = '$password' AND `access` < 10";
		$row = $sdb->get_row( $sqlString );
		if ( $row )
		{
			if ( !$US->timezone ) { $tz = 0; }
			else { $tz = $US->timezone - 1; }
			$loggedIn = 1;
			$user = $row;
			setcookie( "username", "$username", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );
			setcookie( "password", "$password", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );
			setcookie( "timezone", "$tz hour", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );

			if ( $row->access > 4 )
			{
				$managerWhere = " (manager = '$row->ID' OR manager2 = '$row->ID' )";
				$employeesManagerWhere = " (employees.manager = '$row->ID' OR employees.manager2 = '$row->ID') ";
				$buildingsManagerWhere = " buildings.manager = '$row->ID' ";
				$userWhere = " ID = '$row->ID' ";
			} else {
				$accessWhere = " 1 ";
				$managerWhere = " 1 ";
				$buildingsManagerWhere = " 1 ";
				$employeesManagerWhere = " 1 ";
				$userWhere = " 1 ";
			}

			$sqlString = "SELECT * FROM employees WHERE $managerWhere order by name";
			$rows = $sdb->get_results( $sqlString );
			foreach ( $rows as $row )
			{
				$employees[] = $row;
			}

			$sqlString = "SELECT * FROM buildings WHERE $managerWhere order by name";
			$rows = $sdb->get_results( $sqlString );
			foreach ( $rows as $row )
			{
				$buildings[] = $row;
			}

			$sqlString = "SELECT * FROM users WHERE $userWhere order by username";
			$rows = $sdb->get_results( $sqlString );
			foreach ( $rows as $row )
			{
				$row->password = '';
				$users[] = $row;
			}

			if ( $_POST['flogin'] ) { redir( "/?report=daily" ); }

		} else {
			$error = "Bad username or password.";
		}
	}


	include("header.php");

	if (!$loggedIn)
	{
		echo '<CENTER>
		<table width=400px><tr><td align=center>
		<table width=300px border=0 align=center><FORM METHOD="POST" ACTION="index.php" ><input type="hidden" name="flogin" value="1" />
		<TR><TD colspan=2 align=center>
		<CENTER>  <H2>Administration Login</H2>
		</TD></TR>
		';
		if ($error)
		{
			echo "<TR><TD COLSPAN=5><FONT COLOR=red>$error</FONT></TD></TR>";
		}
		echo '
		<tr><td><b>Username</b>:</td><td align=right><INPUT TYPE="text" NAME="username1" VALUE="" size=15>
		</td></tr><tr><td><b>Password</b>:</td><td align=right><INPUT  TYPE="password" NAME="password1" size=15>
		</td></tr><tr><td colspan=2 align=center><INPUT CLASS="submit" TYPE="submit" VALUE="Login">
		</td></tr></table></FORM>
		</td></TR></TABLE>

		</div>

		</body>
		</html>
		';
	}
	else {

		require_once( "update_payweek_date.php" );

		if (substr(strtolower($_SERVER['HTTP_USER_AGENT']),10) == "blackberry")
		{
			if (!$report)
			{
				echo "
				<A HREF=?report=daily>Daily</A><BR>
				<A HREF=?report=quality>Quality Check</A><BR>";
			}

			if ($report == "quality") { include("quality.php"); }
			if ($report == "daily") { include("daily.php"); }

		}
		else {
			//include("header.php");

			echo '
			<script language="jscript" type="text/javascript">
			function Confirm()
			{
				return confirm ("Are you sure you want to do this?");
			}
			</script>

			<link rel="stylesheet" href="/css/main.css" type="text/css" />

			<TABLE width="100%">
				<TR>
			';
	/*
			<TD VALIGN=TOP>';

	//Menu
echo "
<BR>
<A HREF=?report=employees>Employees</A><BR>
<A HREF=?report=buildings>Buildings</A><BR>
<A HREF=?report=callerid>Caller ID Report</A><BR>
<A HREF=?report=daily>Daily</A><BR>
<A HREF=?report=schedule>Schedule</A><BR>
<A HREF=?report=timeCards>Time Cards</A><BR>
<A HREF=?report=quality>Quality Check</A><BR>
<A HREF=?report=view>View Quality Check</A><BR>
<A HREF=?report=settings>Settings</A><BR>
";
if ($user->access < 5)
{
	echo "
<A HREF=?report=users>Users</A><BR>
		";
}
echo "
</TD>
*/

echo "<TD>";

switch ($US->timezone){
	case 1:
		$timeDifference = 0;
		$zoneName = 'Eastern';
		break;
	case 2:
		$timeDifference = 3600;
		$zoneName = 'Central';
		break;
	case 3:
		$timeDifference = 7200;
		$zoneName = 'Mountain';
		break;
	case 4:
		$timeDifference = 10800;
		$zoneName = 'Pacific';
		break;
}

	if ( !$report ) { $report = "intro"; }
	include( $report .".php" );

/*
if ($report == "users") { include("users.php"); }
if ($report == "buildings") { include("buildings.php"); }
if ($report == "employees") { include("employees.php"); }
if ($report == "callerid") { include("callerid.php"); }
if ($report == "weekly") { include("weekly.php"); }
if ($report == "viewIndiv") { include("viewIndiv.php"); }
if ($report == "schedule") { include("schedule.php"); }
if ($report == "scheduleEmployee") { include("scheduleEmployee.php"); }
if ($report == "scheduleBuilding") { include("scheduleBuilding.php"); }
if ($report == "timeCards") { include("timeCards.php"); }
if ($report == "quality") { include("quality.php"); }
if ($report == "daily") { include("daily.php"); }
if ($report == "qthanks") { include("qthanks.php"); }
if ($report == "qthanks2") { include("qthanks2.php"); }
if ($report == "view") { include("view.php"); }
if ($report == "settings") { include("settings.php"); }
if ($report == "voicemail") { include("voicemail.php"); }
if ($report == "voicemessage") { include("voicemessage.php"); }
if (!$report) { include("intro.php"); }
*/

}
}
?>
<script type="text/javascript">
	$(document).ready(function(){

		$(".submit, #divButton, .divButton, #linkButton").button();
		$(".divButtonSmall > span").attr('style','padding-top: 2px; padding-bottom: 2px; font-size: 8pt;');

		$(".calendar-toggle").button({
			icons: { primary: 'ui-icon-calendar' }
		});
		//$(".calendar-toggle > span").attr('style','padding-top: 2px; padding-bottom: 2px; font-size: 8pt;');

		$(".calendar-toggle").click(function(){
			$("#calendar").toggle();
		});
		$("#calendar-div").datepicker();

	});
</script>
<div id="dialog-form" class="hidden font10"></div>
<div id="dialog-message" class="hidden font10"></div>
<div id="dialog-confirm" title="Confirm Delete Action" class="hidden font10">
	<p>
		<span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span>
		This will be permanently deleted and cannot be recovered. Are you sure?
	</p>
</div>
	<?

	require_once( dirname(__FILE__) . "/DB/config.php" );

	//phpinfo(); exit;

	function strFix($str)
	{
	$str = str_replace("\\'", "'", $str);
	$str = str_replace("'''''", "'", $str);
	$str = str_replace("'''", "'", $str);
	$str = str_replace("''", "'", $str);
	return str_replace("'", "''", $str);
	}

	function formText($var, $row, $size=20)
	{
	return "<INPUT TYPE=text NAME=$var VALUE='" . $row->$var . "' SIZE='$size'>";
	}

	function formCheck($var, $row)
	{
	if ($row->$var) { $checked = " CHECKED "; }
	return "
	<INPUT TYPE=checkbox $checked NAME='$var' VALUE='1'>";
	}

	$database = "timec_main";
	$mainDatabase = "timec_main";
	$sdb->select( $mainDatabase );

	//$usernameD = explode( ".", $SERVER_NAME );
	//$usernameD = $usernameD[0];
	//This is where we get the username
	$usernameD = "ljcc";

	//get main user id, put this in before I saw the $account->ID, will remove this and use $account->ID
	$sqlString = "SELECT ID FROM users WHERE username = '$usernameD' LIMIT 1";
	$row = $sdb->get_row( $sqlString, ARRAY_A );
	$mainUserID = $row['ID'];

	if ($HTTP_HOST == "www.janitime.com" \|\| $HTTP_HOST == "janitime.com" )
	{
	header( "Location: home.php" );
	die();
	}

	//getting main/account ID here... $account->ID
	$sqlString = "SELECT * FROM users WHERE username = '$usernameD'";
	$account = $sdb->get_row( $sqlString );

	if ( $account ) { } else { echo "****"; die(); }

	if ($payEndDate \|\| $payEndTime \|\| $payOften \|\| $payDate \|\| $time1 \|\| $time2 \|\| $setting_timezone)
	{

	$t= explode(":", $time1);
	$t = $t[0] * 60 60 + $t[1] 60 + 59;
	if ($time2) { $t += 43200; }
	$payEndTime = $t;
	$payDate = strtotime($payDate);
	$settingsUpdated = 1;
	$sqlString = "UPDATE settings SET payEndDay = '$payEndDay', payEndTime = '$payEndTime', payOften = '$payOften', payDate = '$payDate', timezone = '$setting_timezone' WHERE userID = '$account->ID'";
	$sdb->query( $sqlString );
	}
	if ($budgetHours \|\| $costPerHour)
	{
	$sqlString = "UPDATE settings SET budgetHours = '$budgetHours', costPerHour = '$costPerHour' WHERE userID = '$account->ID'";
	$sdb->query( $sqlString );
	}

	//getting settings
	$sqlString = "SELECT * FROM settings WHERE userID = '$account->ID'";
	$US = $sdb->get_row( $sqlString );

	if ( $US ) { } else {
	$sqlString = "INSERT INTO `timec_main`.`settings` (`userID`, `payEndDay`, `payEndTime`, `payOften`, `payDate`, `timezone`, `showCostPerBuilding`) VALUES
	('$account->ID', '0', '86399', '14', '1278219600', '1', '0');";
	$sdb->query( $sqlString );
	}

	//mysql_connect("localhost", "timec_$account->ID", "$account->password");
	$database = "timec_$account->ID";
	if ( $account->ID ) { $sdb->select( $database ); }

	if ($logout == 1)
	{
	setcookie( "username", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
	setcookie( "password", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
	setcookie( "timezone", "", strtotime("-1 day"), "/", getenv("SERVER_NAME"), false, true );
	$username = '';
	redir( "/" );
	}

	if ($username1)
	{
	$username = $username1;
	$password = $password1;
	}


	if ($username && $password)
	{
	$sqlString = "SELECT * FROM users WHERE username = '$username' AND password = '$password' AND `access` < 10";
	$row = $sdb->get_row( $sqlString );
	if ( $row )
	{
	if ( !$US->timezone ) { $tz = 0; }
	else { $tz = $US->timezone - 1; }
	$loggedIn = 1;
	$user = $row;
	setcookie( "username", "$username", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );
	setcookie( "password", "$password", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );
	setcookie( "timezone", "$tz hour", strtotime("+1 day"), "/", getenv("SERVER_NAME"), false, true );

	if ( $row->access > 4 )
	{
	$managerWhere = " (manager = '$row->ID' OR manager2 = '$row->ID' )";
	$employeesManagerWhere = " (employees.manager = '$row->ID' OR employees.manager2 = '$row->ID') ";
	$buildingsManagerWhere = " buildings.manager = '$row->ID' ";
	$userWhere = " ID = '$row->ID' ";
	} else {
	$accessWhere = " 1 ";
	$managerWhere = " 1 ";
	$buildingsManagerWhere = " 1 ";
	$employeesManagerWhere = " 1 ";
	$userWhere = " 1 ";
	}

	$sqlString = "SELECT * FROM employees WHERE $managerWhere order by name";
	$rows = $sdb->get_results( $sqlString );
	foreach ( $rows as $row )
	{
	$employees[] = $row;
	}

	$sqlString = "SELECT * FROM buildings WHERE $managerWhere order by name";
	$rows = $sdb->get_results( $sqlString );
	foreach ( $rows as $row )
	{
	$buildings[] = $row;
	}

	$sqlString = "SELECT * FROM users WHERE $userWhere order by username";
	$rows = $sdb->get_results( $sqlString );
	foreach ( $rows as $row )
	{
	$row->password = '';
	$users[] = $row;
	}

	if ( $_POST['flogin'] ) { redir( "/?report=daily" ); }

	} else {
	$error = "Bad username or password.";
	}
	}


	include("header.php");

	if (!$loggedIn)
	{
	echo '<CENTER>
	<table width=400px><tr><td align=center>
	<table width=300px border=0 align=center><FORM METHOD="POST" ACTION="index.php" ><input type="hidden" name="flogin" value="1" />
	<TR><TD colspan=2 align=center>
	<CENTER> <H2>Administration Login</H2>
	</TD></TR>
	';
	if ($error)
	{
	echo "<TR><TD COLSPAN=5><FONT COLOR=red>$error</FONT></TD></TR>";
	}
	echo '
	<tr><td><b>Username</b>:</td><td align=right><INPUT TYPE="text" NAME="username1" VALUE="" size=15>
	</td></tr><tr><td><b>Password</b>:</td><td align=right><INPUT TYPE="password" NAME="password1" size=15>
	</td></tr><tr><td colspan=2 align=center><INPUT CLASS="submit" TYPE="submit" VALUE="Login">
	</td></tr></table></FORM>
	</td></TR></TABLE>

	</div>

	</body>
	</html>
	';
	}
	else {

	require_once( "update_payweek_date.php" );

	if (substr(strtolower($_SERVER['HTTP_USER_AGENT']),10) == "blackberry")
	{
	if (!$report)
	{
	echo "
	<A HREF=?report=daily>Daily</A><BR>
	<A HREF=?report=quality>Quality Check</A><BR>";
	}

	if ($report == "quality") { include("quality.php"); }
	if ($report == "daily") { include("daily.php"); }

	}
	else {
	//include("header.php");

	echo '
	<script language="jscript" type="text/javascript">
	function Confirm()
	{
	return confirm ("Are you sure you want to do this?");
	}
	</script>

	<link rel="stylesheet" href="/css/main.css" type="text/css" />

	<TABLE width="100%">
	<TR>
	';
	/*
	<TD VALIGN=TOP>';

	//Menu
	echo "
	<BR>
	<A HREF=?report=employees>Employees</A><BR>
	<A HREF=?report=buildings>Buildings</A><BR>
	<A HREF=?report=callerid>Caller ID Report</A><BR>
	<A HREF=?report=daily>Daily</A><BR>
	<A HREF=?report=schedule>Schedule</A><BR>
	<A HREF=?report=timeCards>Time Cards</A><BR>
	<A HREF=?report=quality>Quality Check</A><BR>
	<A HREF=?report=view>View Quality Check</A><BR>
	<A HREF=?report=settings>Settings</A><BR>
	";
	if ($user->access < 5)
	{
	echo "
	<A HREF=?report=users>Users</A><BR>
	";
	}
	echo "
	</TD>
	*/

	echo "<TD>";

	switch ($US->timezone){
	case 1:
	$timeDifference = 0;
	$zoneName = 'Eastern';
	break;
	case 2:
	$timeDifference = 3600;
	$zoneName = 'Central';
	break;
	case 3:
	$timeDifference = 7200;
	$zoneName = 'Mountain';
	break;
	case 4:
	$timeDifference = 10800;
	$zoneName = 'Pacific';
	break;
	}

	if ( !$report ) { $report = "intro"; }
	include( $report .".php" );

	/*
	if ($report == "users") { include("users.php"); }
	if ($report == "buildings") { include("buildings.php"); }
	if ($report == "employees") { include("employees.php"); }
	if ($report == "callerid") { include("callerid.php"); }
	if ($report == "weekly") { include("weekly.php"); }
	if ($report == "viewIndiv") { include("viewIndiv.php"); }
	if ($report == "schedule") { include("schedule.php"); }
	if ($report == "scheduleEmployee") { include("scheduleEmployee.php"); }
	if ($report == "scheduleBuilding") { include("scheduleBuilding.php"); }
	if ($report == "timeCards") { include("timeCards.php"); }
	if ($report == "quality") { include("quality.php"); }
	if ($report == "daily") { include("daily.php"); }
	if ($report == "qthanks") { include("qthanks.php"); }
	if ($report == "qthanks2") { include("qthanks2.php"); }
	if ($report == "view") { include("view.php"); }
	if ($report == "settings") { include("settings.php"); }
	if ($report == "voicemail") { include("voicemail.php"); }
	if ($report == "voicemessage") { include("voicemessage.php"); }
	if (!$report) { include("intro.php"); }
	*/

	}
	}
	?>
	<script type="text/javascript">
	$(document).ready(function(){

	$(".submit, #divButton, .divButton, #linkButton").button();
	$(".divButtonSmall > span").attr('style','padding-top: 2px; padding-bottom: 2px; font-size: 8pt;');

	$(".calendar-toggle").button({
	icons: { primary: 'ui-icon-calendar' }
	});
	//$(".calendar-toggle > span").attr('style','padding-top: 2px; padding-bottom: 2px; font-size: 8pt;');

	$(".calendar-toggle").click(function(){
	$("#calendar").toggle();
	});
	$("#calendar-div").datepicker();

	});
	</script>
	<div id="dialog-form" class="hidden font10"></div>
	<div id="dialog-message" class="hidden font10"></div>
	<div id="dialog-confirm" title="Confirm Delete Action" class="hidden font10">
	<p>
	<span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span>
	This will be permanently deleted and cannot be recovered. Are you sure?
	</p>
	</div>