www.dev2.delv-in.com - UnknownSec 403

upload mass deface mass delete console info server
name : m_open_time.php
 <?php

/*
	User Open Time Class
	Handles all tasks related to retrieving and displaying employee open time
*/

class Open_Time {

	private $Database;
	private $db_table = 'open_time';

	function __construct(){
		global $Database;
		$this->Database = $Database;
	}

	public function get_all($sortOrder){

		$data = array();

		if ($sortOrder == ''){
			$sortOrder = 'dateTS';
		}

		if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table ." WHERE practiceID = ? ORDER BY ". $sortOrder)){
			$stmt->bind_param('i', $_SESSION['PID']);
			$stmt->execute();
			$stmt->store_result();
			$stmt->bind_result($openTimeID, $practiceID, $userID, $dateTS, $reason, $minutes, $otCatID, $enteredByID, $lastUpdateTS, $deleted);
			while($stmt->fetch()){
				$data[] = array('openTimeID'=>$openTimeID, 'practiceID'=>$practiceID, 'userID'=>$userID, 'dateTS'=>$dateTS, 'reason'=>$reason, 'minutes'=>$minutes, 'otCatID'=>$otCatID,'enteredByID'=>$enteredByID, 'lastUpdateTS'=>$lastUpdateTS, 'deleted'=>$deleted);
			}

			return $data;
			$stmt->close();

		}
	}

	public function search($userID, $t1, $t2, $otCatID, $jobAreaID, $reason, $enteredByID, $openTimeID, $deleted, $sortOrder){

		$rows = $this->get_all($sortOrder);

		$Users = new Users();
		
		$uRows = $Users->search($_SESSION['PID'], '', '', '', '', $jobAreaID, $t1, $t2, '', '', '', '');
		foreach ($uRows as $uRow){
			if (isset($uRow['jobAreaID'])){
				$jobAreaIDarr[$uRow['userID']] = $uRow['jobAreaID'];
			} else {
				$jobAreaIDarr[$uRow['userID']] = '';
			}
			
		}

		foreach ($rows as $key => $row){

			if ($userID > 0 && $row['userID'] != $userID){
				unset($rows[$key]);
			}
			if ($t1 > 0 && $t2 <= 0 && $row['dateTS'] < $t1){
				//filter all entries that come before t1
				unset($rows[$key]);
			} else if ($t1 > 0 && $t2 > 0 && ($row['dateTS'] < $t1 || $row['dateTS'] > $t2)){
				// filter all entries outside of date range t1 - t2
				// echo __LINE__.": " . date('M j, Y', $dateTS) ."<br>";
				unset($rows[$key]);
			}
			if ($otCatID != '' && $row['otCatID'] != $otCatID){
				unset($rows[$key]);
			}
			if ($reason != '' && strpos($row['reason'], $reason) === false){
				unset($rows[$key]);
			}
			if ($enteredByID > 0 && $row['enteredByID'] != $enteredByID){
				unset($rows[$key]);
			}
			if ($openTimeID > 0 && $row['openTimeID'] != $openTimeID){
				unset($rows[$key]);
			}
			if ($jobAreaID > 0 && !isset($jobAreaIDarr[$row['userID']])){
				unset($rows[$key]);
			}
			if ($deleted != $row['deleted']){
				unset($rows[$key]);
			}

		}
		// echo __LINE__.": m_open_time: " . count($rows) ." rows<br>";
		// echo "<pre>"; print_r($rows); echo "</pre>";


		if ($openTimeID > 0){
			$rows = $rows[array_key_first($rows)];
		} else {
			$rows = array_values($rows);
		}

		return $rows;
	}



	public function add_mod($openTimeID, $userID, $dateTS, $reason, $minutes, $otCatID, $enteredByID){
		$Template = new Template;
		$Users = new Users;
		// update existing meal/punch policy record
		$dateTS = strtotime($_POST['date'].", 12:00 PM");
		$lastUpdateTS = strtotime('now');

		$deleted = '';
		if (isset($_POST['undelete'])){
			if ($_POST['undelete'] == 'no'){
				$deleted = 'Y';
			} else if ($_POST['undelete'] == 'yes'){
				$deleted = '';
			}
		}
		

		if ($openTimeID > 0){
		    $query = "UPDATE ".$this->db_table." SET userID = '".$userID."', dateTS = '".$dateTS."', reason ='".$reason."', minutes = '".$minutes."', otCatID = '".$otCatID."', enteredByID =  '".$enteredByID."', `lastUpdateTS` = '" . $lastUpdateTS . "', `deleted`='" . $deleted ."' WHERE openTimeID = '".$openTimeID."' and practiceID = '".$_SESSION['PID']."'";
		    // echo __line__."-m_open_time: ".$query."<br>";

			if ($stmt = $this->Database->prepare("UPDATE ".$this->db_table." SET userID = ?, dateTS = ?, reason = ?, minutes = ?, otCatID = ?, enteredByID = ?, lastUpdateTS = ?, deleted = ? WHERE openTimeID = ? and practiceID = ?")){
				$stmt->bind_param("iisiiiisii",
					$userID,
					$dateTS,
					$reason,
					$minutes,
					$otCatID,
					$enteredByID,
					$lastUpdateTS,
					$deleted,
					$openTimeID,
					$_SESSION['PID']);

				if ($stmt->execute()){
					return true;
				} else {
					return false;
				}
				$stmt->close();
			} else {
				$Template->set_alert("ERROR: could not prepare SQLi statement.".__LINE__."-m_open_time","error");
			}
		} else {

			$query = "INSERT `" . $this->db_table . "` (`practiceID`, `userID`, `dateTS`, `reason`, `minutes`, `otCatID`, `enteredByID`, `lastUpdateTS`, `deleted`) VALUES (?,?,?,?,?,?,?,?,?)";
			
			if ($stmt = $this->Database->prepare("INSERT `" . $this->db_table . "` (`practiceID`, `userID`, `dateTS`, `reason`, `minutes`, `otCatID`, `enteredByID`, `lastUpdateTS`, `deleted`) VALUES (?,?,?,?,?,?,?,?,?)")){
			
				$stmt->bind_param('iiisiiiis',
					$_SESSION['PID'],
					$userID,
					$dateTS,
					$reason,
					$minutes,
					$otCatID,
					$enteredByID,
					$lastUpdateTS,
					$deleted
				);
				
				if ($stmt->execute()){
					return true;
				} else {
					return false;
				}
				$stmt->close();

			} else {
				echo "ERROR: could not prepare SQL statment.<br>";

			}
		}
	}




	/**
	 * Add Prep/Huddle Open Time
	 *
	 *@access public
	 *@param int
	 *@return TRUE/FALSE
	 */

	public function add_prep_huddle($userID, $minutes){

		// echo __line__.": ".$userID." min=".$minutes."<br>";

		$Template = new Template;
		$Users = new Users;
		date_default_timezone_set($_SESSION['timeZone']);
		$dateTS = strtotime('now');
		$cat = 'Prep/Huddle';
		$reason = 'Prep/Huddle';
		$lastUpdateTS = strtotime('now');

		$row = $Users->search($userID, '', '', '', '', '', $dateTS, '', '', 'lName');
		$job_title = $row['job_title'];
		$deleted = '';

		if ($stmt = $this->Database->prepare("INSERT INTO " . $this->db_table . " (practiceID, userID, dateTS, reason, minutes, otCatID, enteredByID, lastUpdateTS, deleted) VALUES (?,?,?,?,?,?,?,?,?)")){

			$stmt->bind_param('iiisdii', $_SESSION['PID'], $userID, $dateTS, $reason, $minutes, $cat, $userID, $lastUpdateTS, $deleted);
			if ($stmt->execute()){
				return true;
			} else {
				return false;
			}

		}


	}



	/**
	 * MARK AS DELETED 
	 *
	 * @access	public
	 * @param	int
	 * @return	NULL
	 */
	public function delete($openTimeID){


		if ($openTimeID > 0){

			$deleted = 'Y';
			$lastUpdateTS = strtotime('now');
			
			if ($stmt = $this->Database->prepare("UPDATE `".$this->db_table."` SET `deleted` = ?, `lastUpdateTS` = ?, `enteredByID` = ? WHERE `openTimeID` = ? AND `practiceID` = ?")){
				$stmt->bind_param('siiii', 
					$deleted, 
					$lastUpdateTS,
					$_SESSION['LID'],
					$openTimeID, $_SESSION['PID']);
				if ($stmt->execute()){
					return true;
				} else {
					return false;
				}
				$stmt->close();
			} else {
				echo "ERROR: could not cat prepare SQL statment.<br>";
			}
		}
	}


	public function v7update($userID, $userID2, $practiceID){

		$query = "UPDATE `" . $this->db_table . "` SET `userID` = '" . $userID . "' WHERE `userID` = '" . $userID2 . " and `practiceID` = '" . $practiceID . "'";
		// echo __LINE__.": " . $query . "<br>";

		if ($stmt = $this->Database->prepare("UPDATE `" . $this->db_table . "` SET `userID` = ? WHERE `userID` = ? and `practiceID` = ?")){
			$stmt->bind_param('iii', $userID, $userID2, $practiceID);
			if ($stmt->execute()){
				$stmt->close();
				return 'success';
			} else {
				return 'error';
			}

		}

	}
}
UnknownSec Shell
