shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
dev.delv-in.com
/
models
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
m_users.php
<?php /* Users Class * handles all get and set functions for the users table */ class Users { private $Database; private $db_table = 'users_gen_info'; function __construct(){ global $Database; $this->Database = $Database; } // returns all user accounts for active practice public function get_all($prID, $sortOrder){ if ($sortOrder == ''){ $sortOrder = "`lName`, `fName`"; } else { $sortOrder = str_replace('_', ' ', $sortOrder); } $data = array(); if ($prID > 0){ //=== FETCH ALL USER ACCOUNTS EXCEPT CONSULTANTS AND SUPERUSERS ===== //==== get practice preferences for all users in active practice =====// $User_Practice_Prefs = new User_Practice_Prefs(); $pr_pref_arr = $User_Practice_Prefs->search('', '', $prID); // echo __line__.": m_users get_all: prID = " . $prID . ", <pre>" . count($pr_pref_arr) . " rows, "; print_r($pr_pref_arr); echo "</pre>"; // echo __line__.": m_users: practiceID=" . $prID . "<br>"; $query = "SELECT * FROM `" . $this->db_table . "` ORDER BY " . $sortOrder; // echo __line__ . ": " . $query . "<br>"; // ====== GET ALL USER ACCOUNTS FROM THE users TABLE =========== // if ($stmt = $this->Database->prepare($query)){ $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $prefix, $fName, $alt_fName, $lName, $profDesig, $username, $pass, $dobTS, $phone1, $phone2, $email, $prefLang, $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $lastUpdaterID, $lastUpdateTS); while ($stmt->fetch()){ // echo __line__." m_users: <pre>"; print_r($pr_pref_arr[$userID][$_SESSION['PID']]); echo "</pre>"; if (isset($pr_pref_arr[$userID])){ $data[$userID] = array('userID'=>$userID, 'prefix'=>$prefix, 'fName'=>$fName, 'alt_fName'=>$alt_fName, 'lName'=>$lName, 'profDesig'=>$profDesig, 'username'=>$username, 'pass'=>$pass, 'dobTS'=>$dobTS, 'phone1'=>$phone1, 'phone2'=>$phone2, 'email'=>$email, 'prefLang'=>$prefLang, 'loginStatus'=>$loginStatus, 'firstDayTS'=>$firstDayTS, 'lastDayTS'=>$lastDayTS, 'creatorID'=>$creatorID, 'createdTS'=>$createdTS, 'lastUpdaterID'=>$lastUpdaterID, 'lastUpdateTS' => $lastUpdateTS); if (isset($pr_pref_arr[$userID][$prID])){ // echo __line__.": " . $loginStatus . "<br>"; // === practice prefs not wanted for consultants & superUsers if ($loginStatus != 'consultant' && $loginStatus != 'superUser'){ $data[$userID] = array_merge($data[$userID], $pr_pref_arr[$userID][$prID]); } else { $data[$userID]['practiceID'] = 0; $data[$userID]['jobID'] = ''; } } } } $stmt->close(); } foreach ($data as $userID => $d){ if ($prID == 0 && $d['loginStatus'] != 'consultant' && $d['loginStatus'] != 'superUser'){ unset($data[$userID]); } } // echo __line__." m_users " . count($data) ." rows<pre>"; print_r($data); echo "</pre>"; $Practices = new Practices(); $practices_menu = $Practices->get_4_select(''); foreach ($pr_pref_arr as $uid => $rows){ if (isset($data[$uid]['fName'])){ foreach ($rows as $key => $row){ //=== practices the user is affiliated with ============ if (isset($practices_menu[$key])){ $data[$uid]['practiceIDarr'][$key] = $practices_menu[$key]; } } } } } // echo __line__." m_users " . count($data) ." rows<pre>"; print_r($data); echo "</pre>"; return $data; } /* active status: [string: current, future, past] based on current date t1: [int: person active on date] t2: [int: person active across timespan t1 -> t2] */ public function search ($practiceID, $userID, $fName, $lName, $loginStatus, $active_status, $jobAreaID, $t1, $t2, $pay_basis, $punch_shift, $sortOrder){ date_default_timezone_set($_SESSION['timeZone']); if ($active_status == 'current'){ $t1 = strtotime('today'); $t2 = strtotime('tomorrow'); } else if ($active_status == 'past'){ $t1 = strtotime('yesterday'); $t2 = ''; } else if ($active_status == 'future'){ $t1 = strtotime('now'); $t2 = ''; } else if ($active_status == 'onLeave'){ $t1 = ''; $t2 = ''; } // echo __line__.": m_users: practiceID=" . $practiceID . ", userID=" . $userID . ", fName=". $fName .", lName=". $lName .", loginStatus=". $loginStatus .", active_status=". $active_status .", jobAreaID="; print_r($jobAreaID); echo ", t1=". $t1 . ", t2=". $t2 .", pay_basis=" . $pay_basis . ", punch_shift=" . $punch_shift .", sortOrder= " . $sortOrder ."<br>"; // if ($t1 > 0){ // echo __line__.": t1=" . date('His M j Y', $t1) . "<br>"; // } // if ($t2 > 0){ // echo __line__.": t2=" . date('His M j Y', $t2) . "<br>"; // } $rows = $this->get_all($practiceID, $sortOrder); // echo __line__.": " . count($rows) ." rows<br>"; // echo "<pre>"; print_r($rows); echo "</pre>"; date_default_timezone_set($_SESSION['timeZone']); $tomorrowTS = strtotime('tomorrow'); $todayTS = strtotime('today'); $search_arr = array('''); $replace_arr = array("'"); $Pr_jobs = new Pr_jobs(); $jobTitle_arr = $Pr_jobs->get_4_menu($practiceID, '', 'jobName'); $jobTitle_arrFlip = array_flip($jobTitle_arr); // echo __line__.": <pre>"; print_r($jobTitle_arr); echo "</pre>"; // $notJobAreaID = 0; // get all except Doctors // if (is_array($jobAreaID) && strpos($jobAreaID[0], 'x') !== false){ // $notJobAreaID = intval(substr($jobAreaID[0], 1)); // } // echo __line__.": " . $notJobAreaID . "<br>"; if (!is_array($userID)){ if (strpos($userID, '|') !== false){ $userID = explode('|', $userID); } } foreach ($rows as $uID => $row){ if (isset($row['jobID'])){ // not a superUser or consultant if ($row['alt_fName'] != ''){ $firstName = $row['alt_fName']; } else { $firstName = $row['fName']; } if ($row['jobID'] > 0){ if ($jobTitle_arr[$row['jobID']] == 'Dentist' || $jobTitle_arr[$row['jobID']] == 'Associate'){ $rows[$row['userID']]['name'] = $row['prefix'] . " " .$row['fName'] ." ".$row['lName']; $rows[$row['userID']]['altName'] = $row['prefix'] . " " . $firstName . " " . $row['lName']; } else { $rows[$row['userID']]['name'] = $row['fName']." ".$row['lName']; $rows[$row['userID']]['altName'] = $firstName . " " . $row['lName']; } } } //== append policies IF there is 1 policy for the time period === // $User_Pay_Rate = new User_Pay_Rate(); $payRateRows = $User_Pay_Rate->search($practiceID, $row['userID'], $t1, $t2, '', 'effectiveTS DESC'); if (isset($payRateRows[0])){ $payRow = $payRateRows[0]; $rows[$row['userID']]['baseRate'] = $payRow['baseRate']; $rows[$row['userID']]['topupRate'] = $payRow['topupRate']; $rows[$row['userID']]['totalPayRate'] = $payRow['baseRate'] + $payRow['topupRate']; $rows[$row['userID']]['payNote'] = $payRow['note']; $OT_pay_rate = $payRow['baseRate'] + $payRow['topupRate']; if ($_SESSION['prov'] == 'NL' && $OT_pay_rate < ($_SESSION['minWage'] * 1.5)){ $OT_pay_rate = $_SESSION['minWage'] * 1.5; } $rows[$row['userID']]['OT_pay_rate'] = $OT_pay_rate; } else { $rows[$row['userID']]['baseRate'] = 0; $rows[$row['userID']]['topupRate'] = 0; $rows[$row['userID']]['totalPayRate'] = 0; $rows[$row['userID']]['payNote'] = ''; $rows[$row['userID']]['OT_pay_rate'] = ''; } $User_Overtime_Pay = new User_Overtime_Pay(); $otpayRows = $User_Overtime_Pay->search($practiceID, $row['userID'], $t1, $t2, "`effectiveTS` DESC"); // echo __line__."-m_user: <pre>"; print_r($otpayRows) . "</pre>"; if (isset($otpayRows[0])){ $otpayRow = $otpayRows[0]; if ($_SESSION['prov'] == 'NL'){ if ($rows[$row['userID']]['totalPayRate'] >= $_SESSION['minWage'] * 1.5){ if ($otpayRow['OT_pay_rate'] == 'normal_rate'){ $OT_pay_rate = $rows[$row['userID']]['totalPayRate']; } else if ($otpayRow['OT_pay_rate'] == 'normal15'){ $OT_pay_rate = $rows[$row['userID']]['totalPayRate'] * 1.5; } else { // OT_pay_rate = minWage $OT_pay_rate = $_SESSION['minWage'] * 1.5; } } else { // totalPayRate < minWage * 1.5 $OT_pay_rate = $_SESSION['minWage'] * 1.5; } } else { $OT_pay_rate = $rows[$row['userID']]['totalPayRate'] * 1.5; } $rows[$row['userID']]['OT_pay_rate'] = $OT_pay_rate; } $User_Prod_Rate = new User_Prod_Rate(); $prodRateRows = $User_Prod_Rate->search($practiceID, $row['userID'], $t1, $t2, '', 'effectiveTS DESC'); if (isset($prodRateRows[0])){ $prRow = $prodRateRows[0]; $rows[$row['userID']]['prodRate'] = $prRow['rate']; } else { $rows[$row['userID']]['prodRate'] = ''; } $User_Punch_Pay = new User_Punch_Pay(); $ppRows = $User_Punch_Pay->search($practiceID, $row['userID'], $t1, $t2, '', '`effectiveTS` DESC'); // echo __line__.": <pre>"; print_r($ppRows); echo "</pre>"; if (isset($ppRows[0])){ $ppRow = $ppRows[0]; $rows[$row['userID']]['pay_basis'] = $ppRow['pay_basis']; $rows[$row['userID']]['punch_shift'] = $ppRow['punch_shift']; $rows[$row['userID']]['punch_meal'] = $ppRow['punch_meal']; $rows[$row['userID']]['num_brks'] = $ppRow['num_brks']; $rows[$row['userID']]['paid_brk'] = $ppRow['paid_brk']; $rows[$row['userID']]['salary'] = $ppRow['salary']; $rows[$row['userID']]['percent'] = $ppRow['percent']; } else { $rows[$row['userID']]['pay_basis'] = ''; $rows[$row['userID']]['punch_shift'] = ''; $rows[$row['userID']]['punch_meal'] = ''; $rows[$row['userID']]['num_brks'] = ''; $rows[$row['userID']]['paid_brk'] = ''; $rows[$row['userID']]['salary'] = ''; $rows[$row['userID']]['percent'] = ''; } $User_Vacation = new User_Vacation; $vRows = $User_Vacation->search($practiceID, $row['userID'], $t1, $t2, '', '`effectiveTS` DESC'); if (isset($vRows[0])){ $vRow = $vRows[0]; $rows[$row['userID']]['vacRate'] = $vRow['rate']; $rows[$row['userID']]['vacationCycle'] = $vRow['vacationCycle']; $rows[$row['userID']]['inclPaidVac'] = $vRow['inclPaidVac']; $rows[$row['userID']]['inclPaidAway'] = $vRow['inclPaidAway']; $rows[$row['userID']]['inclVacInCmsion'] = $vRow['inclInCmsion']; $rows[$row['userID']]['way2payVac'] = $vRow['way2pay']; // $rows[$row['userID']]['when2payVac'] = $vRow['when2pay']; } else { $rows[$row['userID']]['vacRate'] = ''; $rows[$row['userID']]['vacationCycle'] = ''; $rows[$row['userID']]['inclPaidVac'] = ''; $rows[$row['userID']]['inclPaidAway'] = ''; $rows[$row['userID']]['inclVacInCmsion'] = ''; $rows[$row['userID']]['way2payVac'] = ''; } $User_Stat_Pay = new User_Stat_Pay(); $spRows = $User_Stat_Pay->search($practiceID, $row['userID'], $t1, $t2, '', '`effectiveTS` DESC'); // echo __line__.": m_users <pre>"; print_r($spRows); echo "</pre>"; if (isset($spRows[0])){ $spRow = $spRows[0]; $rows[$row['userID']]['way2payStat'] = $spRow['way2pay']; $rows[$row['userID']]['when2payStat'] = $spRow['when2pay']; $rows[$row['userID']]['inclInHrs'] = $spRow['includeInHrs']; $rows[$row['userID']]['inclStatInCmsion'] = $spRow['includeInCmsion']; $rows[$row['userID']]['alwaysPayStat'] = $spRow['pay']; $rows[$row['userID']]['minStatHrs'] = $spRow['hours']; } else { $rows[$row['userID']]['way2payStat'] = ''; $rows[$row['userID']]['when2payStat'] = ''; $rows[$row['userID']]['inclInHrs'] = ''; $rows[$row['userID']]['inclStatInCmsion'] = ''; $rows[$row['userID']]['alwaysPayStat'] = ''; $rows[$row['userID']]['minStatHrs'] = 0; } $User_Grace_Period = new User_Grace_Period(); $graceRows = $User_Grace_Period->search($practiceID, $row['userID'], $t1, $t2, '', 'effectiveTS DESC'); if (isset($graceRows[0])){ $graceRow = $graceRows[0]; $rows[$row['userID']]['shiftStartGrace'] = $graceRow['shiftStart']; $rows[$row['userID']]['cxShiftStartGrace'] = $graceRow['cxShiftStart']; $rows[$row['userID']]['alertShiftStartGrace'] = $graceRow['alertShiftStart']; $rows[$row['userID']]['shiftEndGrace'] = $graceRow['shiftEnd']; $rows[$row['userID']]['cxShiftEndGrace'] = $graceRow['cxShiftEnd']; $rows[$row['userID']]['alertShiftEndGrace'] = $graceRow['alertShiftEnd']; } else { $rows[$row['userID']]['shiftStartGrace'] = ''; $rows[$row['userID']]['cxShiftStartGrace'] = ''; $rows[$row['userID']]['alertShiftStartGrace'] = ''; $rows[$row['userID']]['shiftEndGrace'] = ''; $rows[$row['userID']]['cxShiftEndGrace'] = ''; $rows[$row['userID']]['alertShiftEndGrace'] = ''; } $User_PMS_ID = new User_PMS_ID(); $pmsRows = $User_PMS_ID->search($practiceID, $row['userID'], $t1, $t2, '', 'effectiveTS DESC'); if (isset($pmsRows[0])){ $pmsRow = $pmsRows[0]; } else { $pmsRow = $pmsRows; } $rows[$row['userID']]['PMS_IDstr'] = ''; if (isset($pmsRow['PMS_IDstr']) && strpos($pmsRow['PMS_IDstr'], ":") !== false){ $rows[$row['userID']]['PMS_IDstr'] = unserialize($pmsRow['PMS_IDstr']); } else if (isset($pmsRow['PMS_IDstr']) && strpos($pmsRow['PMS_IDstr'], ":") !== true){ $rows[$row['userID']]['PMS_IDstr'] = $pmsRow['PMS_IDstr']; } } // echo __line__.": " . count($rows) ." rows<br>"; // echo __line__ . "m_users<pre>"; print_r($rows[784]); echo "</pre>"; foreach ($rows as $key => $row){ if (!is_array($userID) && $userID != '' && $row['userID'] != $userID){ unset($rows[$key]); } else if (is_array($userID) && !in_array($row['userID'], $userID)){ unset($rows[$key]); } if ($fName != '' && stripos(str_replace($search_arr, $replace_arr, $row['fName']), $fName) === false && ($row['alt_fName'] == '' || ($row['alt_fName'] != '' && stripos(str_replace($search_arr, $replace_arr, $row['alt_fName']), $fName) === false))){ unset($rows[$key]); } if ($lName != '' && stripos(str_replace($search_arr, $replace_arr, $row['lName']), $lName) === false){ unset($rows[$key]); } // echo __line__.": " . $row['jobAreaID'] . " | " . $row['jobAreaID2'] . "<br>"; if (!is_array($jobAreaID) && $jobAreaID > 0 && isset($row['jobAreaID2'])){ if ($row['jobAreaID'] != $jobAreaID){ unset($rows[$key]); } if ($row['jobAreaID2'] != ''){ if (!in_array($jobAreaID, explode('|', $row['jobAreaID2']))){ unset($row[$key]); } } } else if (is_array($jobAreaID) && count($jobAreaID) > 0){ if (!in_array($row['jobAreaID'], $jobAreaID)){ unset($rows[$key]); } } if ($row['loginStatus'] != ''){ $row['loginStatus'] = strtolower($row['loginStatus']); } if (is_string($loginStatus) && $loginStatus != '' && strtolower($loginStatus) != $row['loginStatus']){ unset($rows[$key]); } if ($pay_basis != '' && $row['pay_basis'] != '' && strpos($pay_basis, $row['pay_basis']) === false ){ unset($rows[$key]); } if ($punch_shift != '' && $punch_shift !== $row['punch_shift']){ unset($rows[$key]); } // echo __line__. "<br>"; if ($active_status == 'current' && ($row['firstDayTS'] > $t2 || ($row['lastDayTS'] > 0 && $row['lastDayTS'] < $t1))) { // ======== unset any accounts not current ======== unset($rows[$key]); } else if ($active_status == 'past' && ($row['lastDayTS'] == 0 || $row['lastDayTS'] > $t1)){ //======= unset people not in the past unset ($rows[$key]); } else if ($active_status == 'future' && $row['firstDayTS'] < $t1){ // ========= not future ========= unset($rows[$key]); } else if ($active_status == '' || $active_status == 'no'){ if ($t1 > 0 && $row['lastDayTS'] > 0 && $row['lastDayTS'] < $t1){ // echo __line__." userID = " . $row['userID'] . " t1=" . date('His M j, Y', $t1) . " - " . $row['lastDayTS'] . "<br>"; unset($rows[$key]); } if ($t2 > 0 && $row['firstDayTS'] > $t2){ unset($rows[$key]); } } // ======== remove all accounts not on leave ========= // echo __line__.": " . $row['fName'] . ", " . $row['onLeave'] . "<br>"; if (!isset($row['onLeave'])){ $row['onLeave'] = 'no'; } if (($active_status == 'onLeave' && $row['onLeave'] == 'no') || ($active_status != 'onLeave' && $row['onLeave'] == 'yes')){ unset($rows[$key]); } } // echo __line__.": m_users: ". count($rows) . " rows<br>"; // echo __line__. "<pre>"; print_r($rows); echo "</pre>"; if (count($rows) == 1 && $userID > 0){ $rows = $rows[array_key_first($rows)]; } // echo __line__."-m_users: " . count($rows) ." rows<br>"; // echo "<pre>"; print_r($rows); echo "</pre>"; return $rows; } /* CHECKS FOR VALID EMAIL ADDRESS AT PRACTICE */ function validate_pass_reset($uname, $pnum){ $data = array(); $zero = 0; $nowTS = strtotime("now"); if ($uname != '' && strlen(trim($pnum)) == 6){ // not consultant / superuser $User_Practice_Prefs = new User_Practice_Prefs(); $pnum = '%' . substr($pnum,1); // get userID from users_gen_info $query = "SELECT * FROM `" . $this->db_table . "` WHERE `username` = '". $uname . "'"; // echo __line__.": ".$query."<br>"; if ($stmt = $this->Database->prepare("SELECT * FROM `" . $this->db_table . "` WHERE `username` = ?")){ $stmt->bind_param('s', $uname); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $prefix, $fName, $alt_fName, $lName, $profDesig, $username, $pass, $dobTS, $phone1, $phone2, $email, $prefLang, $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $lastUpdaterID, $lastUpdateTS); while ($stmt->fetch()){ // query usrs_pr_prefs for a current account $row = $User_Practice_Prefs->get4authentication($userID, $pnum); if ($row['lastDayTS'] <= 0 || $row['lastDayTS'] > $nowTS){ $data = array('practiceID'=> $row['practiceID'], 'userID'=>$userID, 'fName'=>$fName, 'alt_fName'=>$alt_fName, 'lName'=>$lName, 'email'=>$email, 'loginStatus'=>$loginStatus); } // echo __line__.": m_users <pre>"; print_r($row); print_r($data); echo "</pre>"; } $stmt->close(); return $data; } else { return false; } } else if ($uname != '' && $pnum == 'P0'){ // consultants and superusers $query = "SELECT * FROM `" . $this->db_table . "` WHERE `username` = '" . $username . "' AND (`lastDayTS` <= 0 OR `lastDayTS` is NULL OR `lastDayTS` > '" . $nowTS . "')"; // echo __line__ . ": " . $query . "<br>"; if ($stmt = $this->Database->prepare("SELECT * FROM `" . $this->db_table . "` WHERE `username` = ? AND (`lastDayTS` <= ? OR `lastDayTS` is NULL OR `lastDayTS` > ?)")){ $stmt->bind_param('sii', $uname, $zero, $nowTS); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $prefix, $fName, $lName, $profDesig, $username, $pass, $dobTS, $phone1, $phone2, $email, $prefLang, $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $lastUpdaterID, $lastUpdateTS); if ($stmt->num_rows() > 0){ $stmt->fetch(); $data = array('practiceID'=> 0, 'userID'=>$userID, 'fName'=>$fName, 'lName'=>$lName, 'email'=>$email, 'loginStatus'=>$loginStatus); } } $stmt->close(); return $data; } } /* * Retrieve users current for time specified * * @access public * @param string * @return array [name],[jobID] */ function get_4_menu($practiceID, $loginStatus, $empl_status, $jobAreaID, $t1, $t2, $pay_basis, $punch_shift, $sortOrder){ $data = array(); // echo __LINE__.": m_users: practiceID=" . $practiceID .", loginStatus=". $loginStatus .", empl_status=" .$empl_status .", jobAreaID = "; print_r($jobAreaID); echo ", pay_basis=" . $pay_basis . ", punch_shift=" . $punch_shift . " | t1=" . $t2 . " | t1=".$t2 . "sortOrder=" . $sortOrder . "<br>"; // if ($t1 > 0 && $t2 > 0){ // echo __line__.": t1=" . date('His M j Y', $t1) . " - " . date('His M j Y', $t2) . "<br>"; // } $rows = $this->search($practiceID, '', '', '', '', $empl_status, $jobAreaID, $t1, $t2, $pay_basis, $punch_shift, $sortOrder); $Pr_jobs = new Pr_jobs(); $jobTitle_arr = $Pr_jobs->get_4_menu($practiceID, '', 'jobName'); $jobTitle_arrFlip = array_flip($jobTitle_arr); // echo __LINE__.": get_4_menu: ". count($rows) ."<br>"; // echo __LINE__." <pre>"; print_r($rows); echo "</pre>"; foreach ($rows as $userID => $row){ // if (!isset($jobTitle_arr[$row['jobID']])){ // echo __LINE__.": UPDATE `users_gen_info` SET `jobID` = '" . $jobTitle_arrFlip[$row['jobID']] . "' WHERE `jobID` = '" . $row['jobID'] . "' AND `practiceID` = '" . $practiceID . "' <BR>"; // } $name = ''; if (isset($row['jobID'])){ $fName = $row['fName']; if ($row['alt_fName'] != ''){ $fName = $row['alt_fName']; } if ($jobTitle_arr[$row['jobID']] == 'Dentist' || $jobTitle_arr[$row['jobID']] == 'Associate'){ $name = $row['prefix'] .' '.substr($fName,0,1).". ".$row['lName']; } else { $name = $fName ." " . $row['lName']; if ($row['lastDayTS'] < strtotime('today') && $row['lastDayTS'] > 0){ $name .= "*"; } } // echo __LINE__.": " . $name . "<br>"; } // echo __line__ . ": " . $name . '<br>'; $data[$userID] = $name; } return $data; } function add_mod($userID, $pr_prefs_arr){ // echo __line__.": m_users<pre>"; print_r($pr_prefs_arr); echo "</pre>"; $Template = new Template; $User_Practice_Prefs = new User_Practice_Prefs(); $prefix = $_POST['prefix']; $fName = trim(str_replace("'", "'", $_POST['fName'])); $lName = trim(str_replace("'", "'", $_POST['lName'])); $alt_fName = trim(str_replace("'", "'", $_POST['alt_fName'])); // USED FOR MESSAGES ========== $firstName = $_POST['fName']; if ($_POST['alt_fName'] != ''){ $firstName = $_POST['alt_fName']; } if (strlen($_POST['phone1_1']) == 3 && strlen($_POST['phone1_2']) == 3 && strlen($_POST['phone1_3']) == 4){ $phone1 = $_POST['phone1_1']. "-".$_POST['phone1_2']."-" . $_POST['phone1_3']; } else { $phone1 = ''; } if (strlen($_POST['phone2_1']) == 3 && strlen($_POST['phone2_2']) == 3 && strlen($_POST['phone2_3']) == 4){ $phone2 = $_POST['phone2_1']. "-".$_POST['phone2_2']."-" . $_POST['phone2_3']; } else { $phone2 = ''; } $email = trim(htmlspecialchars($_POST['email'])); $profDesig = trim(htmlspecialchars($_POST['profDesig'])); $dobTS = ''; if ($_POST['dobMonth'] > 0 && $_POST['dobDate'] > 0 ){ $dobTS = mktime(12,0,0,$_POST['dobMonth'], $_POST['dobDate'], date('Y')); } if (!isset($_POST['prefLang']) || $_POST['prefLang'] == ''){ $prefLang = 'En'; } else { $prefLang = $_POST['prefLang']; } $error = false; if ($userID <= 0){ // == add new user // ======== for consultants only ================ if (isset($_POST['firstDay'])){ if ($_POST['firstDay'] > 0){ $firstDayTS = strtotime($_POST['firstDay']); } $lastDayTS = ''; if ($_POST['lastDay'] > 0){ $lastDayTS = strtotime($_POST['lastDay']); } $loginStatus = $_POST['loginStatus']; $practiceID = 0; } // ========= end for consultants only =========== $practiceID = $_SESSION['PID'] ; $pass = md5(strtotime('now').P_SALT); $search_arr = array("'", "-", " "); $replace_arr = array("", "", ""); $username = strtolower(substr(str_replace($search_arr, $replace_arr, $_POST['fName']), 0,3)); $remainder = 8 - strlen($username); $username .= strtolower(substr(str_replace($search_arr, $replace_arr, $_POST['lName']), 0, $remainder)); $append = rand(111,999); $append = str_replace('0', rand(1, 9), $append); $username .= $append; $creatorID = $_SESSION['LID']; $createdTS = strtotime('now'); $lastUpdateTS = ''; $lastUpdaterID = ''; //echo __line__.": practiceID=".$_SESSION['PID'].", pass=".$pass."<br>"; $query = "INSERT INTO `".$this->db_table."` (`prefix`, `fName`, `alt_fName`, `lName`, `profDesig`, `username`, `pass`, `dobTS`, `phone1`, `phone2`, `email`, `prefLang`, `loginStatus`, `firstDayTS`, `lastDayTS`, `creatorID`, `createdTS`, `lastUpdaterID`, `lastUpdateTS`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; // echo __line__.": ".$query."<br>"; if ($stmt = $this->Database->prepare($query)){ $stmt->bind_param('sssssssisssssiiiiii', $prefix, $fName, $alt_fName, $lName, $profDesig, $username, $pass, $dobTS, $phone1, $phone2, $email, $prefLang, $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $lastUpdaterID, $lastUpdateTS, ); if ($stmt->execute()){ // == get userID of user just added $userID = $this->Database->insert_id; $_SESSION['edit_id'] = $userID; foreach ($pr_prefs_arr as $prID =>$pr_prefs){ // default sched, grace, punch, vacation, stat hrs etc. set up in User_Practice_Prefs // $result = $User_Practice_Prefs->add_mod($prID, $_SESSION['edit_id'], $pr_prefs); } if (isset($_POST['setReminder'])){ $User_Remind = new User_Remind; $title = 'Probation Ending'; $type = 'remind'; $content = "<p>The probation period for ". $firstName." ". $lName . " ends on " . date('D, F j, Y', $probEndTS)."."; $date = date('F j, Y', $probEndTS - 60*60*24*7); $User_Remind->add_mod('', $userID, $type, $title, $content, $date, 'marked', 'no'); } $alert = "An account was created for " . $firstName ." " . $lName . " "; } else { $error = true; $alert = "ERROR: The user account was not added"; $alert_status = 'error'; } $stmt->close(); } } else { // update user account; $User_Prod_Rate = new User_Prod_Rate; $User_Punch_Pay = new User_Punch_Pay; $User_Stat_Pay = new User_Stat_Pay; $User_Schedule = new User_Schedule; $username = $_POST['username']; $lastUpdaterID = $_SESSION['LID']; $lastUpdateTS = strtotime("now"); $lastDayTS = ''; // ======== for consultants only ====== if (isset($_POST['lastDay'])){ $lastDayTS = strtotime($_POST['lastDay']); } else { $lastDayTS = 0; } if (isset($_POST['loginStatus'])){ $loginStatus = $_POST['loginStatus']; } if ($_POST['pass1'] != ''){ // password is updated $pass = md5($_POST['pass1'].P_SALT); // echo $pass." ".$_POST['pass1']." ".P_SALT."<br>"; $query = "UPDATE `".$this->db_table."` SET `prefix` = '" . $prefix . "', `fName` = '" . $fName . "', `alt_fName` = '" . $alt_fName . "', `lName` = '" . $lName . "', `profDesig` = '" . $profDesig . "', `pass` = '" . $pass . "', `dobTS` = '" . $dobTS . "', `phone1` = '" . $phone1 . "', `phone2` = '" . $phone2 . "', `email` = '" . $email . "', `prefLang` = '" . $prefLang . "', `loginStatus` = '". $loginStatus . "', `lastDayTS` = '" . $lastDayTS . "', `lastUpdaterID` = '" . $lastUpdaterID . "', `lastUpdateTS` = '" . $lastUpdateTS . "' WHERE `userID` = '" . $_SESSION['edit_id'] . "'"; // echo __line__.": " . $query . "<br>"; if ($stmt = $this->Database->prepare ("UPDATE `".$this->db_table."` SET `prefix` = ?, `fName` = ?, `alt_fName` = ?, `lName` = ?, `profDesig` = ?, `pass` = ?, `dobTS` = ?, `phone1` = ?, `phone2` = ?, `email` = ?, `prefLang` = ?, `loginStatus` = ?, `lastDayTS` = ?, `lastUpdaterID` = ?, `lastUpdateTS` = ? WHERE `userID` = ?")){ $stmt->bind_param('ssssssisssssiiii', $prefix, $fName, $alt_fName, $lName, $profDesig, $pass, $dobTS, $phone1, $phone2, $email, $prefLang, $loginStatus, $lastDayTS, $lastUpdaterID, $lastUpdateTS, $_SESSION['edit_id']); if ($stmt->execute()){ foreach ($pr_prefs_arr as $prID =>$pr_prefs){ if ($pr_prefs['usr_pr_prefID'] > 0 && $pr_prefs['loginStatus'] == ''){ $User_Practice_Prefs->del($pr_prefs['usr_pr_prefID']); } else { $result = $User_Practice_Prefs->add_mod($prID, $_SESSION['edit_id'], $pr_prefs); } } //=== expire all policies for closed team accounts if ($_POST['loginStatus'] != 'superUser' && $lastDayTS > 0){ $User_Prod_Rate->update_expire('', $lastDayTS); $User_Punch_Pay->update_expire('', $lastDayTS); $User_Stat_Pay->update_expire('', $lastDayTS); $User_Schedule->update_expire('', $_SESSION['edit_id'], $lastDayTS); } $alert = "Changes save -- Password updated"; $alert_status = 'success'; } else { $error = true; $alert = "ERROR: Changes NOT saved"; $alert_status = 'error'; } } } else { // password does not change // $query = "UPDATE `".$this->db_table."` SET `prefix` = '" . $prefix . "', `fName` = '" . $fName . "', `alt_fName` = '" . $alt_fName . "', `lName` = '" . $lName . "', `profDesig` = '" . $profDesig . "', `dobTS` = '" . $dobTS . "', `phone1` = '" . $phone1 . "', `phone2` = '" . $phone2 . "', `email` = '" . $email . "', `prefLang` = '" . $prefLang . "' WHERE `userID` = '" . $_SESSION['edit_id'] . "'"; // echo __line__.": " . $query . "<br>"; // echo __line__."-m_users: ".$userID." ".$dobTS." ".date('M j Y', $dobTS)."<br>"; if ($stmt = $this->Database->prepare ("UPDATE `".$this->db_table."` SET `prefix` = ?, `fName` = ?, `alt_fName` = ?, `lName` = ?, `profDesig` = ?, `dobTS` = ?, `phone1` = ?, `phone2` = ?, `email` = ?, `prefLang` = ?, `loginStatus` = ?, `lastDayTS` = ?, `lastUpdaterID` = ?, `lastUpdateTS` = ? WHERE `userID` = ?")){ $stmt->bind_param('sssssisssssiiii', $prefix, $fName, $alt_fName, $lName, $profDesig, $dobTS, $phone1, $phone2, $email, $prefLang, $loginStatus, $lastDayTS, $lastUpdaterID, $lastUpdateTS, $_SESSION['edit_id']); if ($stmt->execute()){ if ($loginStatus != 'superUser' && $loginStatus != 'consultant' && $lastDayTS > 0){ $User_Prod_Rate->update_expire('', $lastDayTS); $User_Punch_Pay->update_expire('', $lastDayTS); $User_Stat_Pay->update_expire('', $lastDayTS); $User_Schedule->update_expire('', $_SESSION['edit_id'], $lastDayTS); } $alert = "Changes saved -- Password unchanged"; foreach ($pr_prefs_arr as $prID =>$pr_prefs){ // echo __line__.": prID = " . $prID . "<pre>"; print_r($pr_prefs); echo "</pre>"; // echo __line__.": " . $pr_prefs['usr_pr_prefID'] . " , " . $pr_prefs['loginStatus'] . "<br>"; if ($pr_prefs['usr_pr_prefID'] > 0 && $pr_prefs['loginStatus'] == ''){ $User_Practice_Prefs->del($pr_prefs['usr_pr_prefID']); //when a person is unlinked from a practice, their practice schedules, punch policies, //stat policy, vacation policy, etc are not deleted. //If they are re-linked to the practice, their old policies will re-appear. $_SESSION['eView'] = 'Return to List'; $alert = $firstName . " " . $lName . " was removed from " . $_SESSION['practiceIDarr'][$prID]; } else if ($pr_prefs['loginStatus'] != ''){ $result = $User_Practice_Prefs->add_mod($prID, $_SESSION['edit_id'], $pr_prefs); } } } else { $error = true; $Template->set_alert("ERROR: Changes NOT saved", 'error'); } $stmt->close(); } } } if (isset($_POST['send_welcome_email']) && $error == false){ $subject = ''; $numPractices = 0; foreach ($_SESSION['practiceIDarr'] as $PID => $prName){ if ($_POST['loginStatus-' . $PID] =='staff' || $_POST['loginStatus-' . $PID] == 'owner/manager' || $_POST['loginStatus-' . $PID] == 'admin_assistant'){ $numPractices++; if ($subject != ''){ $subject .= " & "; } $subject .= strtoupper(substr($prName, 0, strpos($prName, ","))); $message = file_get_contents('views/lang/' . $_SESSION['prefLang'] ."/welcome_email1.txt"); if (strpos(substr($_SESSION['PID'], -5), '0') !== false){ $message .= file_get_contents('views/lang/'. $_SESSION['prefLang'] ."/welcome_email2.txt"); } $message .= file_get_contents('views/lang/' . $_SESSION['prefLang'] ."/welcome_email3.txt"); $message = str_replace("[#fName]", $firstName, $message); $message = str_replace("[#username]", $username, $message); // echo $message; // email superUsers to advise of account creation if ($_POST['userID'] > 0){ $subject2 = 'DELVIN Welcome Email Resent'; $message2 = "<p>".$_SESSION['prName']."</p> <p>The user account ".$_POST['userID']." for ".$firstName." ".$lName." updated and the user was sent a welcome email to ".$_POST['email']."."; } else { $subject2 = 'DELVIN Account Created & Welcome Email Sent'; $message2 = "<p>".$_SESSION['prName']."</p> <p>The user account ".$_POST['userID']." was created ".date('g:i M j, Y')." for ". $firstName . " " . $lName . " and the user was sent a welcome email to ".$_POST['email']."."; } $alert .= " and the user was sent a welcome email to ".$_POST['email'].". You may view a copy of the email in the Email Log."; } } if ($numPractices > 1){ $message .= file_get_contents('views/lang/' . $_SESSION['prefLang'] . "/welcome_email4.txt"); $message = str_replace("[#numPr]", $numPractices, $message); } $message .= file_get_contents('views/lang/' . $_SESSION['prefLang'] . "/welcome_email5.txt"); $message = str_replace("[#prName]", $subject, $message); if ($subject != ''){ $subject .= "/DELVIN User Account Information"; } if (isset($_POST['loginStatus']) && $_POST['loginStatus'] == 'consultant'){ $subject = "DELVIN Consultant Account Created"; $message = file_get_contents('views/lang/' . $_SESSION['lang'] ."/welcome_consultant.txt"); $message = str_replace("[#fName]", $firstName, $message); $message = str_replace("[#username]", $username, $message); $message = str_replace("[SITE_PATH]", SITE_PATH, $message); $alert .= " and the user was sent a welcome email to ".$_POST['email'].". You may view a copy of the email in the Email Log."; } if ($Auto_Email_Staff = new Auto_Email_Staff($userID, $subject, $message)){ // add the email to the Email Log $Email_Log = new Email_Log; $Email_Log->add_mod('', $_POST['email'], $subject, strtotime('now'), $message, $_SESSION['PID']); $Email_Cindy = new Email_Cindy($subject2, $message2); } } else if (!isset($_POST['send_welcome_email']) && substr($alert, 0, 5) != 'ERROR' && strpos($alert, "was removed rom") !== false){ $alert .= ". Welcome email was not sent, but can be sent at a later time by clicking the checkbox and saving."; } $Template->set_alert($alert, 'success'); } public function copy2new($oldUserID, $practiceID){ $uRow = $this->search($practiceID, $oldUserID, '', '', '', '', '', '', '', '', ''); // echo __line__.": <pre>"; print_r($uRow); echo "</pre>"; // USED FOR MESSAGES ========== $firstName = $uRow['fName']; if ($uRow['alt_fName'] != ''){ $firstName = $uRow['alt_fName']; } $pass = md5(strtotime('now').P_SALT); $search_arr = array("'", "-", " "); $replace_arr = array("", "", ""); $username = strtolower(substr(str_replace($search_arr, $replace_arr, $uRow['fName']), 0,3)); $remainder = 8 - strlen($username); $username .= strtolower(substr(str_replace($search_arr, $replace_arr, $uRow['lName']), 0, $remainder)); $append = rand(111,999); $append = str_replace('0', rand(1, 9), $append); $username .= $append; $lastDayTS = 0; $creatorID = $_SESSION['LID']; $createdTS = strtotime('now'); if ($uRow['loginStatus'] == 'consultant' || $uRow['loginStatus'] == 'superUser'){ $loginStatus = $uRow['loginStatus']; $firstDayTS = strtotime("today"); } else { $loginStatus = ''; $firstDayTS = 0; } $lastUpdaterID = ''; $lastUpdateTS = 0; $query = "INSERT INTO `".$this->db_table."` (`prefix`, `fName`, `alt_fName`, `lName`, `profDesig`, `username`, `pass`, `dobTS`, `phone1`, `phone2`, `email`, `prefLang`, `loginStatus`, `firstDayTS`, `lastDayTS`, `creatorID`, `createdTS`, `lastUpdaterID`, `lastUpdateTS`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; // echo __line__.": ".$query."<br>"; if ($stmt = $this->Database->prepare($query)){ $stmt->bind_param('sssssssisssssiiiiii', $$uRow['prefix'], $uRow['fName'], $uRow['alt_fName'], $uRow['lName'], $profDesig, $username, $pass, $uRow['dobTS'], $uRow['phone1'], $uRow['phone2'], $uRow['email'], $uRow['prefLang'], $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $lastUpdaterID, $lastUpdateTS ); if ($stmt->execute()){ $_POST['f_empl_status'] = 'current'; // == get userID of user just added $userID = $this->Database->insert_id; $_SESSION['edit_id'] = $userID; $User_Practice_Prefs = new User_Practice_Prefs(); $pr_prefs_arr = $User_Practice_Prefs->search('', $oldUserID, $practiceID); $pr_prefs_arr[$oldUserID][$practiceID]['lastDay'] = ''; $pr_prefs_arr[$oldUserID][$practiceID]['probEnds'] = date('F j, Y', strtotime("today + 3 months")); // echo __line__ . " m_users pr_prefs_arr: <pre>"; print_r($pr_prefs_arr[$oldUserID][$practiceID]); echo "</pre>"; if (is_array($pr_prefs_arr[$oldUserID][$practiceID])){ // default sched, grace, punch, vacation, overtime pay, stat hrs etc. set up in User_Practice_Prefs // $result = $User_Practice_Prefs->add_mod($practiceID, $userID, $pr_prefs_arr[$oldUserID][$practiceID]); } // ======== SEND WELCOME EMAIL ===================== $subject = strtoupper($_SESSION['prName'])."/DELVIN User Account Information"; $message = file_get_contents('views/lang/' . $_SESSION['prefLang'] ."/welcome_email1.txt"); if (strpos($_SESSION['PID'], '0') !== false){ $message .= file_get_contents('views/lang/'. $_SESSION['prefLang'] ."/welcome_email2.txt"); } $message .= file_get_contents('views/lang/' . $_SESSION['prefLang'] ."/welcome_email3.txt"); $message = str_replace("[#fName]", $firstName, $message); $message = str_replace("[#username]", $uRow['username'], $message); $message = str_replace("[#prName]", $_SESSION['prName'], $message); // echo $message; // email superUsers to advise of account creation if ($uRow['userID'] > 0){ $subject2 = 'DELVIN Welcome Email Resent'; $message2 = "<p>".$_SESSION['prName']."</p> <p>The user account ".$uRow['userID']." for ". $firstName ." ".$uRow['lName']." updated and the user was sent a welcome email to ".$uRow['email']."."; } else { $subject2 = 'DELVIN Account Created & Welcome Email Sent'; $message2 = "<p>".$_SESSION['prName']."</p> <p>The user account ".$uRow['userID']." was created ".date('g:i M j, Y')." for " . $firstName . " " . $uRow['lName'] . " and the user was sent a welcome email to ".$uRow['email']."."; } $alert .= " and the user was sent a welcome email to ".$uRow['email'].". You may view a copy of the email in the Email Log."; if ($Auto_Email_Staff = new Auto_Email_Staff($userID, $subject, $message)){ // add the email to the Email Log $Email_Log = new Email_Log; $Email_Log->add_mod('', $uRow['email'], $subject, strtotime('now'), $message, $_SESSION['PID']); $Email_Cindy = new Email_Cindy($subject2, $message2); } else { $Email_Cindy = new Email_Cindy("Copy 2 New Error", $message2); } return true; } else { return false; } } } /* * Staff update their account details * * @access public * @param none * @return NULL (error message) */ public function staff_mod($userID){ $Template = new Template; $Parse_Lang = new Parse_Lang; date_default_timezone_set($_SESSION['timeZone']); $fName = str_replace("'", "’", $_POST['fName']); $alt_fName = str_replace("'", "&rsquo", $_POST['alt_fName']); $lName = str_replace("'", "’", $_POST['lName']); $profDesig = htmlspecialchars($_POST['profDesig']); if ($_SESSION['prefLang'] != 'En' && $_SESSION['prefLang'] != ''){ $lang_arr = $Parse_Lang->get_alt_lang($_SESSION['prefLang'], 'monthsF'); } else { $lang_arr = $Parse_Lang->get_en('monthsF'); } if ($_POST['dobMonth'] > 0 && $_POST['dobDate'] > 0 ){ $dobTS = mktime(12,0,0,$_POST['dobMonth'], $_POST['dobDate'], date('Y')); } else { $dobTS = '0'; } if (strlen($_POST['phone1_1']) == 3 && strlen($_POST['phone1_2']) == 3 && strlen($_POST['phone1_3']) == 4){ $phone1 = $_POST['phone1_1']. "-".$_POST['phone1_2']."-" . $_POST['phone1_3']; } else { $phone1 = ''; } if (strlen($_POST['phone2_1']) == 3 && strlen($_POST['phone2_2']) == 3 && strlen($_POST['phone2_3']) == 4){ $phone2 = $_POST['phone2_1']. "-".$_POST['phone2_2']."-" . $_POST['phone2_3']; } else { $phone2 = ''; } $email = htmlspecialchars($_POST['email']); if (!isset($_POST['prefLang'])){ $prefLang = 'En'; } else { $prefLang = $_POST['prefLang']; } // echo $dob." ".$dobTS." ".date('M j, Y', $dobTS)."<br>"; if (strlen($_POST['pass1']) > 5){ // update staff details AND update password $pass = md5($_POST['pass1'] . P_SALT); // echo __line__.": " . $_POST['pass1']." | ". $pass ."<br>"; if ($stmt = $this->Database->prepare("UPDATE `" . $this->db_table . "` SET `prefix` = ?, `fName` = ?, `alt_fName`=?, `lName` = ?, `profDesig` = ?, `pass` = ?, `dobTS` = ?, `phone1` = ?, `phone2` = ?, `email` = ?, `prefLang` = ? WHERE `userID` = ?")){ $stmt->bind_param('ssssssissssi', $prefix, $fName, $alt_fName, $lName, $profDesig, $pass, $dobTS, $phone1, $phone2, $email, $prefLang, $_POST['userID']); if ($stmt->execute()){ $Template->set_alert("Changes saved. (Password changed)", 'success'); } else { $Template->set_alert("ERROR: Changes NOT saved", 'error'); } $stmt->close(); } } else { $query = "UPDATE `".$this->db_table."` SET `prefix` = ?, `fName` = '" . $fName . "', `alt_fName` = '". $alt_fName . "', `lName` = '" . $lName . "', `profDesig` = '" . $profDesig . "', `dobTS` = ?, `phone1` = ?, `phone2` = ?, `email` = '" . $email . "', `prefLang` = ? WHERE `userID` = '" . $_POST['userID'] . "'"; // echo __line__.": " . $query . "<br>"; // update staff details -- RETAIN EXISTING PASSWORD if ($stmt = $this->Database->prepare("UPDATE `" . $this->db_table."` SET `prefix` = ?, `fName` = ?, `alt_fName` = ?, `lName` = ?, `profDesig` = ?, `dobTS` = ?, `phone1` = ?, `phone2` = ?, `email` = ?, `prefLang` = ? WHERE `userID` = ?")){ $stmt->bind_param('sssssissssi', $prefix, $fName, $alt_fName, $lName, $profDesig, $dobTS, $phone1, $phone2, $email, $prefLang, $_POST['userID']); if ($stmt->execute()){ $Template->set_alert("Changes saved. (Password NOT changed)", 'success'); } else { $Template->set_alert("ERROR: Changes NOT saved", 'error'); } $stmt->close(); } } } public function get_associates() { $uRows = $this->search ($_SESSION['PID'], $userID, $fName, $lName, $loginStatus, $active_status, $jobAreaID, $t1, $t2, $punch_shift, $sortOrder); $Pr_Jobs = new Pr_Jobs; $jobsArr = $Pr_Jobs->get_4_menu($_SESSION['PID'], '', ''); $jobsArr = array_flip($jobsArr); $data = array(); foreach ($uRows as $uRow){ if ($row['jobID'] == $jobsArr['Associate']){ $data[$uRow['userID']] = $uRow['userID']; } } return $data; } public function get_producers_4_menu($practiceID, $active_status, $t1, $t2, $sortOrder){ $User_Prod_Rate = new User_Prod_Rate; $producerID_arr = $User_Prod_Rate->search($practiceID, '', $t1, $t2, '', ''); $data = array(); $uRows = $this->search ($_SESSION['PID'], '', '', '', '', $active_status, '', $t1, $t2, '', '', $sortOrder); // echo "<pre>"; print_r($producerID_arr); echo "</pre>"; foreach ($producerID_arr as $key => $prodRow){ if ($prodRow['rate'] > 0 && isset($uRows[$prodRow['userID']])){ $firstName = $uRows[$prodRow['userID']]['fName']; if ($uRows[$prodRow['userID']]['alt_fName'] != ''){ $firstName = $uRows[$prodRow['userID']]['alt_fName']; } $data[$prodRow['userID']] = $firstName . " " . $uRows[$prodRow['userID']]['lName']; } } return $data; } /* * Retrieve dentists (not Associates) from database * * @access public * @param none * @return indexed array of all dentist IDs=name in the practice */ function get_dentists($f_startTS, $f_endTS){ $Pr_Job_Areas = new Pr_Job_Areas; $jobsAreas_arr = $Pr_Job_Areas->get_4_menu($_SESSION['PID'], '', ''); $jobsAreas_arr = array_flip($jobsAreas_arr); $this->dentists = array(); $rows = $this->search($_SESSION['PID'], '', '', '', '', '', $jobsAreas_arr['Dentists'], $f_startTS, $f_endTS, '', '', '`lName`'); // echo __LINE__."<pre>"; print_r($rows); echo "</pre>"; foreach ($rows as $userID => $row){ if ($row['jobAreaID'] == $jobsAreas_arr['Dentists']){ $firstName = $row['fName']; if ($row['alt_fName'] != ''){ $firstName = $row['alt_fName']; } $this->dentists[$userID]['name'] = $firstName . " " . $row['lName']; $this->dentists[$userID]['drName'] = $row['prefix']." " . substr($firstName,0,1).". " . $row['lName']; $this->dentists[$userID]['userID'] = $userID; } } // echo __LINE__." m_users<pre>";print_r($this->dentists); echo "</pre>"; return $this->dentists; } function get_dentists4menu($f_startTS, $f_endTS){ $data = array(); $rows = $this->get_dentists($f_startTS, $f_endTS); // echo __LINE__.": <pre>"; print_r($rows); echo "</pre>"; foreach ($rows as $userID => $row){ $data[$userID] = $row['drName'] ; } return $data; } function get_consultant($userID){ $data = array(); $loginStatus = 'consultant'; $query = "SELECT * FROM `" . $this->db_table . "` WHERE `userID` = '". $userID . "' and `loginStatus` = '" . $loginStatus . "'"; // echo __line__ . ": " . $query . "<br>"; if ($stmt = $this->Database->prepare("SELECT * FROM `" . $this->db_table . "` WHERE `userID` = ? and `loginStatus` = ?")){ $stmt->bind_param('is', $userID, $loginStatus); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $prefix, $fName, $alt_fName, $lName, $profDesig, $username, $pass, $dobTS, $phone1, $phone2, $email, $prefLang, $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $lastUpdaterID, $lastUpdateTS); while ($stmt->fetch()){ $data = array('userID'=>$userID, 'prefix'=>$prefix, 'fName'=>$fName, 'alt_fName'=>$alt_fName, 'lName'=>$lName, 'profDesig'=>$profDesig, 'username'=>$username, 'pass'=>$pass, 'dobTS'=>$dobTS, 'phone1'=>$phone1, 'phone2'=>$phone2, 'email'=>$email, 'prefLang'=>$prefLang, 'loginStatus'=>$loginStatus, 'firstDayTS'=>$firstDayTS, 'lastDayTS'=>$lastDayTS, 'creatorID'=>$creatorID, 'createdTS'=>$createdTS, 'lastUpdaterID'=>$lastUpdaterID, 'lastUpdateTS' => $lastUpdateTS); } $stmt->close(); return $data; } } function add_mod_consultant($userID){ $Template = new Template(); $prefix = str_replace("'", "’", $_POST['prefix']); $fName = str_replace("'", "’", $_POST['fName']); $lName = str_replace("'", "’", $_POST['lName']); $alt_fName = ""; $loginStatus = 'consultant'; if (strlen($_POST['phone1_1']) == 3 && strlen($_POST['phone1_2']) == 3 && strlen($_POST['phone1_3']) == 4){ $phone1 = $_POST['phone1_1']. "-".$_POST['phone1_2']."-" . $_POST['phone1_3']; } else { $phone1 = ''; } if (strlen($_POST['phone2_1']) == 3 && strlen($_POST['phone2_2']) == 3 && strlen($_POST['phone2_3']) == 4){ $phone2 = $_POST['phone2_1']. "-".$_POST['phone2_2']."-" . $_POST['phone2_3']; } else { $phone2 = ''; } $email = htmlspecialchars($_POST['email']); $prefLang = 'En'; $firstDayTS = strtotime ($_POST['firstDay']); $lastDayTS = ''; if ($_POST['lastDay'] != ''){ $lastDayTS = strtotime($_POST['lastDay']); } $pass = ''; if ($userID > 0){ $nowTS = strtotime('now'); if (strlen($_POST['pass1']) > 5){ $pass = md5($_POST['pass1'] . P_SALT); $query = "UPDATE `".$this->db_table. "` SET `prefix` = ?, `fName` = '" . $fName . "', `lName` = '". $lName . "', `pass` = '" . $pass . "', `phone1` = '" . $phone1 . "', `phone2` = ?, `email` = '" . $email . "', `prefLang` = ?, `firstDayTS` = ?, `lastDayTS` = ?, `lastUpdaterID` = ?, `lastUpdateTS` = ? WHERE `userID` = '" . $userID . "'"; // echo __line__.': ' . $query . "<br>"; if ($stmt = $this->Database->prepare("UPDATE `".$this->db_table. "` SET `prefix` = ?, `fName` = ?, `lName` = ?, `pass` = ?, `phone1` = ?, `phone2` = ?, `email` = ?, `prefLang` = ?, `firstDayTS` = ?, `lastDayTS` = ?, `lastUpdaterID` = ?, `lastUpdateTS` = ? WHERE `userID` = ?")){ $stmt->bind_param('ssssssssiiiii', $prefix, $fName, $lName, $pass, $phone1, $phone2, $email, $prefLang, $firstDayTS, $_lastDayTS, $_SESSION['LID'], $nowTS, $userID); if ($stmt->execute()){ $Template->set_alert("Changes saved. (Password changed)", 'success'); if (isset($_POST['send_welcome_email'])){ $this->send_Consultant_email($userID); } } else { $Template->set_alert("ERROR: Changes NOT saved", 'error'); } $stmt->close(); } } else { if ($stmt = $this->Database->prepare("UPDATE `" . $this->db_table . "` SET `prefix` = ?, `fName` = ?, `lName` = ?, `phone1` = ?, `phone2` = ?, `email` = ?, `prefLang` = ?, `firstDayTS` = ?, `lastDayTS` = ?, `lastUpdaterID` = ?, `lastUpdateTS` = ? WHERE `userID` = ?")){ $stmt->bind_param('sssssssiiiii', $prefix, $fName, $lName, $phone1, $phone2, $email, $prefLang, $firstDayTS, $lastDayTS, $_SESSION['LID'], $nowTS, $userID); if ($stmt->execute()){ $Template->set_alert("Changes saved. (Password unchanged)", 'success'); if (isset($_POST['send_welcome_email'])){ $this->send_Consultant_email($userID); } } else { $Template->set_alert("ERROR: Changes NOT saved", 'error'); } $stmt->close(); } } } else { // add new consultant account if (isset($_POST['firstDay'])){ if ($_POST['firstDay'] > 0){ $firstDayTS = strtotime($_POST['firstDay']); } $lastDayTS = ''; if ($_POST['lastDay'] > 0){ $lastDayTS = strtotime($_POST['lastDay']); } $loginStatus = $_POST['loginStatus']; $practiceID = 0; } $creatorID = $_SESSION['LID']; $createdTS = strtotime("now"); $pass = md5(strtotime('now').P_SALT); $search_arr = array("'", "-", " ", "é"); $replace_arr = array("", "", "", "e"); $username = strtolower(substr(str_replace($search_arr, $replace_arr, $_POST['fName']), 0,3)); $remainder = 8 - strlen($username); $username .= strtolower(substr(str_replace($search_arr, $replace_arr, $_POST['lName']), 0, $remainder)); $append = rand(111,999); $append = str_replace('0', rand(1, 9), $append); $username .= $append; $null = ''; $zero = 0; $query = "INSERT INTO `" . $this->db_table ."` (`prefix`, `fName`, `alt_fName`, `lName`, `profDesig`, `username`, `pass`, `dobTS`, `phone1`, `phone2`, `email`, `prefLang`, `loginStatus`, `firstDayTS`, `lastDayTS`, `creatorID`, `createdTS`, `lastUpdaterID`, `lastUpdateTS`) VALUES ($prefix, $fName, $alt_fName, $lName, $null, $username, $pass, $null, $phone1, $phone1, $email, $prefLang, $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $zero, $zero)"; // echo __line__ . " query = " . $query . "<br>"; if ($stmt = $this->Database->prepare("INSERT INTO `" . $this->db_table ."` (`prefix`, `fName`, `alt_fName`, `lName`, `profDesig`, `username`, `pass`, `dobTS`, `phone1`, `phone2`, `email`, `prefLang`, `loginStatus`, `firstDayTS`, `lastDayTS`, `creatorID`, `createdTS`, `lastUpdaterID`, `lastUpdateTS`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)")){ $stmt->bind_param('sssssssisssssiiiiii', $prefix, $fName, $alt_fName, $lName, $null, $username, $pass, $null, $phone1, $phone1, $email, $prefLang, $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $zero, $zero ); if ($stmt->execute()){ if (isset($_POST['send_welcome_email'])){ $userID = $this->insert_id(); $this->send_Consultant_email($userID); } return true; } else { return false; } } } } function send_Consultant_email($userID){ $row = $this->get_consultant($userID); $Template = new Template(); $search_arr = array(''); $email = $row['email']; $fName = $row['fName']; $username = $row['username']; $sendTo = $email; $subject = "Your DELVIN login account"; $message = "<p>Dear " . $fName . ",</p> <p>A consultant account has been created for you in DELVIN.</p> <p>Your username is <b>" . $username . "</b></p> <p>Your practice ID is <b>P0</b> (the letter P and the number zero).</p> <p>Please use a web browser to go to the <a href='https://www.secure.delv-in.com'>DELVIN login screen</a>. Click the <b>Reset Password</b> button and then enter your Practice ID and your username, then click the <b>Request Password Reset</b> button. Within a few minutes, you should receive an email with a temporary password. You can use that password to log in. If you don't see an email, check your junk mail folder.</p> <p>Use the main menu to choose <b>My Account</b> to view and edit your account settings. This is also where you can change your password to one that is easier to remember. You can return to this screen at any time to update your email address, phone number and password.</b> <p>At the top of the screen to the left of the main menu is a menu where you can choose to navigate to any practices to which you are linked.</p> <p>If you have any questions or need support please email <a href='mailto:cindy@delv-in.com'>Cindy</a> or send a text to 604-329-3279. <p>Welcome to DELVIN</p>"; if ($Auto_Email_Staff = new Auto_Email_Staff($userID, $subject, $message)){ $Template->set_alert('Welcome email was sent to ' . $email, "success"); // add the email to the Email Log $Email_Log = new Email_Log; $Email_Log->add_mod('', $_POST['email'], $subject, strtotime('now'), $message, $_SESSION['PID']); // $Email_Cindy = new Email_Cindy($subject2, $message2); } else { $Template->set_alert('ERROR: Welcome email was not sent to ' . $email, "error"); } } function get_consultants($status, $sortOrder){ $data = array(); $zero = 0; $loginStatus = 'consultant'; $query = "SELECT * FROM `" . $this->db_table . "` WHERE `loginStatus` = '" . $loginStatus . "'"; // echo __line__ . ": " . $query . "<br>"; if ($stmt = $this->Database->prepare("SELECT * FROM `" . $this->db_table . "` WHERE `loginStatus` = ?")){ $stmt->bind_param('s', $loginStatus); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $prefix, $fName, $alt_fName, $lName, $profDesig, $username, $pass, $dobTS, $phone1, $phone2, $email, $prefLang, $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $lastUpdaterID, $lastUpdateTS); while ($stmt->fetch()){ $data[$userID] = array('userID'=>$userID, 'prefix'=>$prefix, 'fName'=>$fName, 'alt_fName'=>$alt_fName, 'lName'=>$lName, 'profDesig'=>$profDesig, 'username'=>$username, 'pass'=>$pass, 'dobTS'=>$dobTS, 'phone1'=>$phone1, 'phone2'=>$phone2, 'email'=>$email, 'prefLang'=>$prefLang, 'loginStatus'=>$loginStatus, 'firstDayTS'=>$firstDayTS, 'lastDayTS'=>$lastDayTS, 'creatorID'=>$creatorID, 'createdTS'=>$createdTS, 'lastUpdaterID'=>$lastUpdaterID, 'lastUpdateTS' => $lastUpdateTS); } // echo __line__." m_users " . count($data) ." rows<pre>"; print_r($data); echo "</pre>"; } if ($status != ''){ foreach ($data as $uID => $row){ if ($status == 'current' && $row['lastDayTS'] > 0 && $row['lastDayTS'] <= strtotime('now')){ unset($data[$uID]); } else if ($status == 'past' && $row['lastDayTS'] == 0 || $row['lastDayTS'] > strtotime('now')){ unset($data[$uID]); } } } return $data; } public function get_consultants4menu($status, $sortOrder){ $rows = $this->get_consultants($status, $sortOrder); // echo __line__.": rows = " . count($rows) . "<pre>"; print_r($rows); echo "</pre>status=" . $status ."<br>"; $data = array(); foreach ($rows as $uid => $row){ $data[$uid] = $row['fName'] . " " . $row['lName']; } return $data; } /* * Get all users for specified practice with probation ending * *@access public *@param NONE *@return string (alert); */ function get_probation(){ $Template = new Template; $data = array(); if ($stmt = $this->Database->prepare("SELECT * FROM ". $this->db_table . " WHERE practiceID = ? and probEndTS >= ? and probEndTS <= ?")){ $todayTS = strtotime('today'); $twoWeeksTS = strtotime("today + 2 weeks"); $stmt->bind_param('iii', $_SESSION['PID'], $todayTS, $twoWeeksTS); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $practiceID, $prefix, $fName, $lName, $profDesig, $username, $pass, $dobTS, $phone1, $phone2, $email, $prefLang); while ($stmt->fetch()){ $message = ''; if ($prefix != ''){ $message = $prefix." "; } $message .= $fName." ".$lName." (".date('F j, Y', $probEndTS).")"; $data[] = $message; } return $data; } } function delete ($userID){ if ($userID > 0){ if ($stmt = $this->Database->prepare("DELETE FROM `" . $this->db_table . "` WHERE `userID` = ? ")){ $stmt->bind_param('i', $userID); if ($stmt->execute()){ $User_Schedule = new User_Schedule; $User_Schedule->delete('', $userID, $practiceID); $User_Pay_Rate = new User_Pay_Rate(); $User_Pay_Rate->delete('', $userID, $practiceID); $User_Punch_Pay = new User_Punch_Pay(); $User_Punch_Pay->delete('', $userID, $practiceID); $User_Grace_Period = new User_Grace_Period(); $User_Grace_Period->delete('', $userID, $practiceID); $User_Stat_Pay = new User_Stat_Pay(); $User_Stat_Pay->delete('', $userID, $practiceID); $User_Vacation = new User_Vacation(); $User_Vacation->delete('', $userID, $practiceID); $User_Remind = new User_Remind(); $User_Remind->delete('', $userID, $practiceID); $User_Prod_Rate = new User_Prod_Rate(); $User_Prod_Rate->delete('', $userID, $practiceID); $User_PMS_ID = new User_PMS_ID(); $User_PMS_ID->delete('', $userID, $practiceID); $User_Practice_Prefs = new User_Practice_Prefs(); $User_Practice_Prefs->delete($userID); return true; } else { return false; } } } } }
© 2026 UnknownSec