www.dev2.delv-in.com - UnknownSec 403

upload mass deface mass delete console info server
name : awayRequest.php
 <?php
/*
	Delvin Request Time Away
*/
include('ini.php');
$Template = new Template;
$Staff_Away = new Staff_Away;

if ((isset($_SESSION['LID']) && $_SESSION['LID'] <= 0) || !isset($_SESSION['LID'])){
    $Template->redirect("index.php");
}

if (!isset($_POST['submitBut'])){
    $_POST['submitBut'] = '';
}

if (isset($_POST['f_start']) && isset($_POST['f_endTS'])){
    
    if (strtotime($_POST['f_start']) > $_POST['f_endTS']){
        $Template->set_alert("ERROR: Please select a 'From' date that comes before or is the same the 'Until' date", "error");
    }
}


	$error = FALSE;
	// -- VALIDATE FORMS - UPDATE DATABASE

    if (isset($_POST['submitBut']) && $_POST['submitBut'] == 'Submit Request'){
        // staff time-off request

        if ($_POST['start'] == '' || $_POST['end'] == '' || strtotime($_POST['start']) > strtotime($_POST['end'].", 11:59:59 PM")){
            $error == TRUE;

            $Template->set_alert("ERROR: There are some errors in your submission.  Please check the form and try again.", "error");
        } else if ($_POST['awayTypeID'] <= 0){

            $error == TRUE;
            $Template->set_alert('ERROR: Please select the type of leave you are requesting', 'error');

        } else if (isset($_POST['bankedTimeUsed']) && isset($_POST['balance']) && $_POST['bankedTimeUsed'] > $_POST['balance']){

            $Template->set_alert("ERROR: You cannot request to use more banked time than you have in your account", "error");

        } else {
            // check for conflict
            $conflict = $Staff_Away->search($_SESSION['LID'], strtotime($_POST['start']), strtotime($_POST['end'].", 11:59:59 PM"), '', '', '', '','startTS DESC');

            // echo __line__."-awayRequest: <pre>"; print_r($rows); echo "</pre>";

            if (count($conflict) <= 0){

                $note = '';
                if (isset($_POST['note']) && $_POST['note'] != ''){
                    $note = htmlentities($_POST['note']);
                }

                $bankedTimeUsed = 0;
                if (isset($_POST['bankedTimeUsed']) && $_POST['bankedTimeUsed'] != ''){
                    $bankedTimeUsed = htmlentities($_POST['bankedTimeUsed']);
                }

                $hours = '';
                if (isset($_POST['hours']) && $_POST['hours'] != ''){
                    $hours = htmlentities($_POST['hours']);
                }

                $Staff_Away->add_mod('', $_SESSION['LID'], $_POST['awayTypeID'], $_POST['start'], $_POST['end'], 'requested', $note, $hours, $bankedTimeUsed);

            } else {

                $Template->set_alert("ERROR: You have time away (ID# ". $conflict[0]['stAwayID']." " . date('M j, Y', $conflict[0]['startTS'])." - ".date('M j, Y', $conflict[0]['endTS']).") that conflicts with this request." . count($conflict), "error");

            }

        }

    }


include('includes/private_header.php');

    echo $Template->get_alerts();

    if ($_SESSION['LID'] > 0 ){ // user is logged in

        // -- LOAD VIEWS

        $Template->load('views/v_awayRequest.php');


    } else {

        include('views/v_sess_exp.php');
    }

include('includes/private_footer.php');
?>
UnknownSec Shell
