Business/QwikClock
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add basic permission check to exporter

Browse Source
This commit is contained in:
Skylar Ittner 2017-11-19 01:05:48 -07:00
parent 29fa41666d
commit 6719ef1b3d
1 changed files with 49 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
pages/export.php
View File

@ -2,47 +2,55 @@
require_once __DIR__ . '/../required.php';
redirectifnotloggedin();
?>
<form action="lib/reports.php" method="GET" target="_BLANK">
<div class="row">
<div class="col-xs-12 col-sm-6 col-md-4">
<label for="type"><?php lang("report type"); ?></label>
<select name="type" class="form-control" required>
<option value="shifts"><?php lang("shifts") ?></option>
</select>
</div>
<div class="col-xs-12 col-sm-6 col-md-4">
<label for="users"><?php lang("filter"); ?></label>
<div class="radio">
<label>
<input name="users" value="all" checked="" type="radio"> <i class="fa fa-users fa-fw"></i>
<?php lang("all users") ?>
</label>
</div>
<div class="radio">
<label>
<input name="users" value="one" type="radio"> <i class="fa fa-user fa-fw"></i>
<?php lang("one user") ?>
<input type="text" name="user" class="form-control" id="user-box" placeholder="<?php lang("choose user") ?>" />
</label>
</div>
</div>
<div class="col-xs-12 col-sm-6 col-md-4">
<label for="type"><?php lang("format"); ?></label>
<select name="format" class="form-control" required>
<option value="csv"><?php lang("csv file") ?></option>
<option value="ods"><?php lang("ods file") ?></option>
<option value="html"><?php lang("html file") ?></option>
</select>
</div>
</div>
<br />
<?php
$code = uniqid(rand(10000000, 99999999), true);
$database->insert('report_access_codes', ['code' => $code, 'expires' => date("Y-m-d H:i:s", strtotime("+5 minutes"))]);
if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE")) {
?>
<input type="hidden" name="code" value="<?php echo $code; ?>" />
<div class="alert alert-danger"><?php lang("missing permission") ?></div>
<?php
} else {
?>
<form action="lib/reports.php" method="GET" target="_BLANK">
<div class="row">
<div class="col-xs-12 col-sm-6 col-md-4">
<label for="type"><?php lang("report type"); ?></label>
<select name="type" class="form-control" required>
<option value="shifts"><?php lang("shifts") ?></option>
</select>
</div>
<div class="col-xs-12 col-sm-6 col-md-4">
<label for="users"><?php lang("filter"); ?></label>
<div class="radio">
<label>
<input name="users" value="all" checked="" type="radio"> <i class="fa fa-users fa-fw"></i>
<?php lang("all users") ?>
</label>
</div>
<div class="radio">
<label>
<input name="users" value="one" type="radio"> <i class="fa fa-user fa-fw"></i>
<?php lang("one user") ?>
<input type="text" name="user" class="form-control" id="user-box" placeholder="<?php lang("choose user") ?>" />
</label>
</div>
</div>
<div class="col-xs-12 col-sm-6 col-md-4">
<label for="type"><?php lang("format"); ?></label>
<select name="format" class="form-control" required>
<option value="csv"><?php lang("csv file") ?></option>
<option value="ods"><?php lang("ods file") ?></option>
<option value="html"><?php lang("html file") ?></option>
</select>
</div>
</div>
<br />
<?php
$code = uniqid(rand(10000000, 99999999), true);
$database->insert('report_access_codes', ['code' => $code, 'expires' => date("Y-m-d H:i:s", strtotime("+5 minutes"))]);
?>
<input type="hidden" name="code" value="<?php echo $code; ?>" />
<button type="submit" class="btn btn-success" id="genrptbtn"><i class="fa fa-download"></i> <?php lang("generate report"); ?></button>
</form>
<button type="submit" class="btn btn-success" id="genrptbtn"><i class="fa fa-download"></i> <?php lang("generate report"); ?></button>
</form>
<?php
}
?>