employee_admin.php

这是一个用于资产管理的源码工具包

<?
/*****************************************************************************
*	SimpleAssets - an online web based asset management application.
*	Copyright (C) 2002 Jeff Gordon (jgordon81@users.sourceforge.net). All rights reserved.
*	Public Works and Government Services Canada (PWGSC)
*   Architecture and Standards Directorate
*
*	Released July 2002
*
*  	This program is free software licensed under the 
* 	GNU General Public License (GPL).
*
*	This file is part of SimpleAssets.
*
*	SimpleAssets is free software; you can redistribute it and/or modify
*	it under the terms of the GNU General Public License as published by
*	the Free Software Foundation; either version 2 of the License, or
*	(at your option) any later version.
*
*	SimpleAssets is distributed in the hope that it will be useful,
*	but WITHOUT ANY WARRANTY; without even the implied warranty of
*	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*	GNU General Public License for more details.
*
*	You should have received a copy of the GNU General Public License
*	along with SimpleAssets; if not, write to the Free Software
*	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*******************************************************************************/

// contains functions:
// employee_admin_rules($empid, $insert, $lastname, $firstname, $tel, $organization, $dept, $building, $floor, $workstation, $accesslevel, $active, $loginname, $password, $passwordagain, $email)
// employee_admin($key, $insert, $complete)
// employee_admin_change_password($key)
// employee_admin_erase($key)

// validate the data
function employee_admin_rules($empid, $insert, $lastname, $firstname, $tel, $organization, $dept, $building, $floor, $workstation, $accesslevel, $active, $loginname, $password, $passwordagain, $email) {
	global $my_access_level;
	global $my_emp_id;
	global $emp_db;
	
	// check duplicate login
	if ($insert == true) $sql = "SELECT " . $emp_db . "Employees.Id AS " . $emp_db . "Employees_ID FROM " . $emp_db . "Employees WHERE " . $emp_db . "Employees.LoginName='" . q_replace(dehtml($loginname)) . "';";
	else $sql = "SELECT " . $emp_db . "Employees.Id AS Employees_ID FROM " . $emp_db . "Employees WHERE " . $emp_db . "Employees.LoginName='" . q_replace(dehtml($loginname)) . "' AND " . $emp_db . "Employees.Id <> " . $empid . ";";
	if (($result = doSql($sql)) && (mysql_num_rows($result))) $errcode = "1";
	else $errcode = "0";
	
	// check login
	if (strlen($loginname) < 1) $errcode = $errcode . "1";
	else $errcode = $errcode . "0";
	
	// check password
	if ($insert == true) {
		if (strcmp($password,$passwordagain) != 0) $errcode = $errcode . "1";
		else $errcode = $errcode . "0";
	} else {
		$errcode = $errcode . "0";
	}

	// check password alpha
	if (is_alphanum_str(stripslashes($password))) $errcode = $errcode . "1";
	else $errcode = $errcode . "0";

	// check first name
	if (strlen($firstname) < 1) $errcode = $errcode . "1";
	else $errcode = $errcode . "0";

	// check last name
	if (strlen($lastname) < 1) $errcode = $errcode . "1";
	else $errcode = $errcode . "0";

	
	// check access level change
	if (($my_access_level > 1) && ($my_access_level != $accesslevel) && ($my_emp_id == $empid)) $errcode = $errcode . "1";
	else $errcode = $errcode . "0";
	
	return $errcode;
}

// inserts or updates an employee
function employee_admin($key, $insert, $register) {
	global $action, $key, $lastaction, $lastkey;
	global $my_access_level;
	global $my_emp_id;
	global $complete;
	global $print_screen;
	global $hrcolor;
	global $activelogin;
	global $activepass;
	global $emp_db;
	global $demo_mode;
	
	$PHP_SELF = $_SERVER['PHP_SELF'];
	// Set Page Title Based On Insert/Update/Register	
	if ($insert == true) $insertupdatetext = "New Employee";
	else $insertupdatetext = "Update";
	if ($register == true) $insertupdatetext = "Register";

	// load incoming form data and set some flags
	global $empid, $lastname, $firstname, $tel, $organization, $dept, $building, $floor, $workstation, $accesslevel, $active, $loginname, $password, $passwordagain, $resetpassword, $email;
	if ((strcmp($active,"on") == 0) || ($complete != "1")) $active = "1";
	else $active = "0";

	// if this is an update and it's not complete, load the information from the database
	if (($insert == false) && ($complete != "1")) {
		$sql = "SELECT " . $emp_db . "Employees.Id, " . $emp_db . "Employees.LastName, " . $emp_db . "Employees.FirstName, " . $emp_db . "Employees.Tel, " . $emp_db . "Employees.Organization, " . $emp_db . "Employees.Dept, " . $emp_db . "Employees.Building, " . $emp_db . "Employees.Floor, " . $emp_db . "Employees.Workstation, " . $emp_db . "Employees.AccessLevel, " . $emp_db . "Employees.Active, " . $emp_db . "Employees.EMail, " . $emp_db . "Employees.LoginName FROM " . $emp_db . "Employees WHERE " . $emp_db . "Employees.Id=" . $key . ";";
		if (($result = doSql($sql)) && (mysql_num_rows($result)) && ($query_data = mysql_fetch_array($result))) {
			$empid = $query_data["Id"];
			$lastname = $query_data["LastName"];
			$firstname = $query_data["FirstName"];
			$tel = $query_data["Tel"];
			$organization = $query_data["Organization"]; 
			$dept = $query_data["Dept"]; 
			$building = $query_data["Building"]; 
			$floor = $query_data["Floor"]; 
			$workstation = $query_data["Workstation"];	
			$accesslevel = $query_data["AccessLevel"];
			$active = $query_data["Active"];
			$loginname = $query_data["LoginName"];
			$email = $query_data["EMail"];
		}
	}

	// preset the access level checkbox
	switch ($accesslevel) {
		case 0:
			$user_select = " SELECTED";
			break;
		case 2:
			$admin_select = " SELECTED";
			break;
	}

	// preset the active checkbox
	if ($active == "1") $active_text = " CHECKED";
	else $active_text = "";

	// validate the data for any errors
	$errcode = employee_admin_rules($empid, $insert, $lastname, $firstname, $tel, $organization, $dept, $building, $floor, $workstation, $accesslevel, $active, $loginname, $password, $passwordagain, $email);
	if (($complete == "1") && ($errcode > 0)) {
		// print error messages
		$complete = "0";
		employee_menu_header(true,$insertupdatetext, "<font class=text18bold color='#ff0033'>ERROR: Incomplete or Invalid Data.</font>", $key);
		echo "<p><font class='text12bold' color='#ff0033'>";
		if ($errcode[0] == "1") echo "The login name you have entered is the same as another login name previously entered. ";
		if ($errcode[1] == "1") echo "A login name must be entered. ";
		if ($errcode[2] == "1") echo "The password box must match the retyped password box. ";
		if ($errcode[3] == "1") echo "Password must only use letters A to Z and digits 0 to 9. ";
		if ($errcode[4] == "1") echo "A first name must be entered. ";
		if ($errcode[5] == "1") echo "A last name must be entered. ";
		if ($errcode[6] == "1") echo "You cannot change your own access level. ";
		echo "</font><p>";
	} else {
		if ($complete != "1") employee_menu_header(true,"", $insertupdatetext, $key);
	}

	// reset the accesslevel if none exists
	if (is_numeric($accesslevel) == false) $accesslevel = "0";

	// either this is the first time or an error occurred during submitting, reprint the form
	if ($complete != "1") {	
		// html encode data for the form
		$lastname = q_replace($lastname);
		$firstname = q_replace($firstname);
		$loginname = q_replace($loginname);
		$tel = q_replace($tel);
		$organization = q_replace($organization); 
		$dept = q_replace($dept); 
		$building = q_replace($building); 
		$floor = q_replace($floor); 
		$workstation = q_replace($workstation);	
		$accesslevel = q_replace($accesslevel);
		$email = q_replace($email);

		employee_tabs($key);
		echo "<table width=100% bgcolor='#ffeeee' class='employeeborder'><tr><td>";
		echo "<table cellspacing=0 cellpadding=0 border=0><tr><td><form action='" . $PHP_SELF . "' method='get'></td></tr></table>";
		echo "<input type='hidden' name='action' value='" . $action . "'>";
		echo "<input type='hidden' name='complete' value='1'>";
		echo "<input type='hidden' name='key' value=" . $key . ">";
		echo "<input type='hidden' name='empid' value='" . $empid . "'>";
		echo "<table width=100%>";
		echo "<tr><td valign='top'>";
		echo "<table><tr>";

		// first name
		echo "<td class='text13bold' align='right'><font class='text13bold'><b>First Name:&nbsp;</b></font></td>";
		echo "<td class='text13bold'><input name='firstname' type='text' size='20' class='boxtext13bold' size=30 value=\"" . $firstname . "\"><font color='#ff0033' face='arial' size='4'><b> *</b></font></td>";
		echo "</tr><tr>";

		// last name
		echo "<td class='text13bold' align='right'><font class='text13bold'><b>Last Name:&nbsp;</b></font></td>";
		echo "<td class='text13bold'><input name='lastname' type='text' size='20' class='boxtext13bold' size=30 value=\"" . $lastname . "\"><font color='#ff0033' face='arial' size='4'><b> *</b></font></td>";
		echo "</tr><tr>";

		// login name
		echo "<td class='text13bold' align='right'><font class='text13bold'><b>Login Name:&nbsp;</b></font></td>";
		echo "<td class='text13bold'><input name='loginname' type='text' size='20' class='boxtext13bold' size=30 value=\"" . $loginname . "\"><font color='#ff0033' face='arial' size='4'><b> *</b></font></td>";
		echo "</tr><tr>";

		// email
		echo "<td class='text13bold' align='right'><font class='text13bold'><b>E-Mail:&nbsp;</b></font></td>";
		echo "<td class='text13bold'><input name='email' type='text' size='20' class='boxtext13bold' size=30 value=\"" . $email . "\"></td>";
		echo "</tr><tr>";

		// password options
		if ($insert == true) {
			// password
			echo "<td class='text13bold' align='right'><font class='text13bold'><b>Password:&nbsp;</b></font></td>";
			echo "<td class='text13bold'><input name='password' type='password' class='boxtext13bold' size='20' class='text13bold' size=30></td>";
			echo "</tr><tr>";

			// password again
			echo "<td class='text13bold' align='right'><font class='text13bold'><b>Retype Password:&nbsp;</b></font></td>";
			echo "<td class='text13bold'><input name='passwordagain' type='password' size='20' class='boxtext13bold' size=30></td>";
		} else {
			if ($my_access_level > 1) {
				// reset password checkbox
				echo "<td class='text13bold' align='right' rowspan=2><font class='text12bold'><b>New Password:&nbsp;</b></font></td>";
				echo "<td class='text13bold' rowspan=2><input name='password' type='password' size='10' class='boxtext13bold'><font class='text12bold'><b><input type='checkbox' name='resetpassword'> Reset</b></font></td>";
			} else {
				echo "<td class='text13bold' align='center' colspan=2>&nbsp;</td>";
				echo "</tr><tr>";
				echo "<td class='text13bold' align='right'>&nbsp;</td>";
				echo "<td class='text13bold'>&nbsp;</td>";
			}
		}
		echo "</tr>";
		echo "</table>";
		echo "</td><td valign='top'>";
		echo "<table><tr>";