Location: PHPKode > projects > Son of Service > sos-0.1.6/volunteer/workhistory.php
<?php

/*
 * Son of Service
 * Copyright (C) 2003-2009 by Andrew Ziem.  All rights reserved.
 * Licensed under the GNU General Public License.  See COPYING for details.
 *
 * $Id: workhistory.php,v 1.28 2009/02/12 04:11:20 andrewziem Exp $
 *
 */
 
if (preg_match('/workhistory.php/i', $_SERVER['PHP_SELF']))
{
    die('Do not access this page directly.');
}

require_once(SOS_PATH . 'functions/stat.php');
require_once(SOS_PATH . 'functions/table.php');

function volunteer_work_history_delete()
{
    global $db;
    
    
    $vid = intval($_POST['vid']);
    $errors_found = 0;

    if (!has_permission(PC_VOLUNTEER, PT_WRITE, $vid, NULL))
    {
	$errors_found++;
	save_message(MSG_SYSTEM_ERROR, _("Insufficient permissions."), __FILE__, __LINE__);
    }    
    
    if (!is_numeric($_POST['vid']) or 0 == $vid)
    {
	save_message(MSG_SYSTEM_ERROR, _("Bad form input:").' vid', __FILE__, __LINE__);
	$errors_found++;
    }
        
    $work_ids = find_values_in_request($_POST, 'work_id');
        
    if (0 == count($work_ids))    
    {
	save_message(MSG_USER_ERROR, _("You must make a selection."));    
	$errors_found++;
    }
    
    if ($errors_found)
    {
	redirect("?vid=$vid&menu=workhistory");
    }
    
    foreach ($work_ids as $work_id)
    {
	// todo: could be faster with SQL binding
	$sql = "DELETE FROM work WHERE work_id = $work_id AND volunteer_id = $vid";
    
	$result = $db->Execute($sql);

	if (!$result)
	{
	    save_message(MSG_SYSTEM_ERROR, _("Error deleting data from database."), __FILE__, __LINE__, $sql);
	    $errors_found++;
	}
    }
    
    if (!$errors_found)
    {
	save_message(MSG_USER_NOTICE, _("Deleted."));
	stats_update_volunteer($db, $vid);
    }
    
    // redirect user to non-POST page
    redirect("?vid=$vid&menu=workhistory");

}


function volunteer_work_history_save($mode)
// mode: either 'update' or 'add';
// return: nothing
{
    global $db;


    // check form input        
    $category_id = intval($_POST['category_id']);
    $date = sanitize_date($_POST['date']);
    $quality = intval($_POST['quality']);
    $vid = intval($_POST['vid']);
    $errors_found = 0;

    if (!has_permission(PC_VOLUNTEER, PT_WRITE, $vid, NULL))
    {
	$errors_found++;
	save_message(MSG_SYSTEM_ERROR, _("Insufficient permissions."));
    }    
    
    if ('update' == $mode)
    {
	$work_id = intval($_POST['work_id']);
    }
    elseif ('add' == $mode)
    {
    
    }
    else
    {
	save_message(MSG_SYSTEM_ERROR, 'volunteers_work_history_save(): '._("Unexpected parameter."));
	$errors_found++;
    } 
    
    if (0 == strlen(trim($_POST['hours'])))
    {
       save_message(MSG_USER_ERROR, _("Add a number to the Hours Credit of Work field."));
       $errors_found++;
    }
    
    if (preg_match('/(\d{1,2}):(\d{1,2})/',$_POST['hours'], $matches))
    {
	$hours = $matches[1] + ($matches[2]/60);
    }
    else if ($_POST['hours'] < 0.00 or !preg_match("/^[0-9\.]+$/", $_POST['hours']))
    {
       save_message(MSG_USER_ERROR, _("Please add more hours to the Hours Credit of Work field."));
       $errors_found++;       
    }
    else
    {
	$hours = (float) $_POST['hours'];
    }

    if (!$date)
    {
	save_message(MSG_USER_ERROR, _("You must give a date."));
	save_message(MSG_USER_ERROR, _("Use the date format YYYY-MM-DD or MM/DD/YYYY."));
	$errors_found++;       
    }
        
    $memo = $db->qstr(sos_strip_tags($_POST['memo']), get_magic_quotes_gpc());

    // add to database
    if ('add' == $mode)
    {
	$sql = "INSERT INTO work ".
	    "(date, hours, volunteer_id, category_id, uid_added, dt_added, dt_modified, uid_modified, memo, quality) ".
	    "VALUES ('$date', '$hours', $vid, $category_id, ".get_user_id().", now(), now(), uid_added, $memo, $quality)"; 
    }
    else
    {
	$sql = "UPDATE work ".
	"SET date = '$date', " .
	"hours = '$hours', " .
	"category_id = $category_id, " .
	"memo = $memo, " .
	"quality = '$quality', " .
	"uid_modified = ".get_user_id().", " .
	"dt_modified = now() " .
	"WHERE work_id = $work_id AND volunteer_id = $vid LIMIT 1";
    }
    
    if (!$errors_found)
	// todo: show form again, already filled out    
    {
    
	$result = $db->Execute($sql);

	if ($result)
	{
	    save_message(MSG_USER_NOTICE, _("Saved."));
	    stats_update_volunteer($db, $vid);
        }
        else
        {
            save_message(MSG_SYSTEM_ERROR, _("Error saving data to database."), __FILE__, __LINE__, $sql);
        }
     }
     
     // redirect client to non-POST page
     
     redirect("?vid=$vid&menu=workhistory");
     
  } /* volunteer_work_history_save() */


function volunteer_view_work_history($brief = FALSE)
{
    global $db;

    
    display_messages();
    
    $vid = intval($_GET['vid']);
    
    if (!has_permission(PC_VOLUNTEER, PT_READ, $vid, NULL))
    {
	process_system_error(_("Insufficient permissions."), MSG_SYSTEM_ERROR);
	return FALSE;
    }    
    
    $column_names = array('hours', 'quality', 'date', 'memo', 'category');
    $orderby = make_orderby($_GET, $column_names, 'date', 'DESC');
        
    $sql = "SELECT work.work_id AS work_id, work.hours AS hours, work.quality AS quality, work.date AS date, work.memo AS memo, strings.s AS category ".
	"FROM work ".
	"LEFT JOIN strings ON work.category_id = strings.string_id ".
	"WHERE volunteer_id = $vid ".
	$orderby;
	
    $result = $db->Execute($sql);

    if (!$result)
    {
	die_message(MSG_SYSTEM_ERROR, _("Error querying database."), __FILE__, __LINE__, $sql);
    }

    if (!$brief or 0 < $result->RecordCount())
    {
	echo ("<H3>"._("Work history")."</H3>\n");
    }

    if (0 == $result->RecordCount())
    {
	if (!$brief)
	{
	    process_user_notice(_("None found."));
	}
    }
    else
    { 
	// display work history
	
	$dtp = new DataTablePager();
	if ($brief)
	{
	    // show last ten	    
	    $dtp->setPrintable(TRUE);
	    $dtp->setPagination(10, $result->RecordCount() > 10 ? $result->RecordCount() - 10 : 0);
	}
	else
	{
	    $dtp->setPagination(10);
	    echo ("<FORM method=\"post\" action=\".\">\n");
	    echo ("<INPUT type=\"hidden\" name=\"vid\" value=\"$vid\">\n");
	}
	$headers = array();
	$headers['work_id'] = array('checkbox' => TRUE, 'label' => _("Select"));
	$headers['date'] =  array('label' => _("Date"), 'type' => TT_DATE, 'sortable' => TRUE);	
	$headers['hours'] = array('label' => _("Hours"), 'type' => TT_NUMBER, 'sortable' => TRUE);
	$headers['category'] = array('label' => _("Category"), 'sortable' => TRUE);		
	$headers['quality'] = array('label' => _("Quality"), 'sortable' => TRUE);			
	$headers['memo'] = array('label' => _("Memo"), 'sortable' => TRUE);	
	$dtp->setHeaders($headers);
	$dtp->setDatabase($db, $result);
	$dtp->render();
	if (!$brief)
	{
	    echo ("<INPUT type=\"submit\" name=\"button_delete_work_history\" value=\""._("Delete")."\">\n");
	    echo ("<INPUT type=\"submit\" name=\"button_edit_work_history\" value=\""._("Edit")."\">\n");
	    echo ("</FORM>\n");
	}
    }
}     /* volunteer_view_work_history() */


function work_history_addedit($mode)
// creates a form
{
    global $db;
    

    assert('add' == $mode or 'edit' == $mode);

    $vid = intval($_REQUEST['vid']);

    if (!has_permission(PC_VOLUNTEER, PT_WRITE, $vid, NULL))
    {
//	process_system_error(_("Insufficient permissions."), MSG_SYSTEM_ERROR);
	return FALSE;
    }    
    
    if ('edit' == $mode)
    {
	$work_ids = find_values_in_request($_POST, 'work_id');
	if (0 == count($work_ids))
	{
	    save_message(MSG_USER_ERROR, _("You must make a selection."));
	    redirect("?vid=$vid&menu=workhistory");
	    return FALSE;
	}
	
	if (1 < count($work_ids))
	{
	    process_user_warning(_("You may only edit one at a time."));
	}
	$work_id = $work_ids[0];    
	$sql = "SELECT * FROM work WHERE work_id = $work_id";
	$result = $db->SelectLimit($sql, 1);
	if (!$result)
	{
	    die_message(MSG_SYSTEM_ERROR, _("Error querying database."), __FILE__, __LINE__, $sql);
	}
	$work = $result->fields;
	$date = $work['date'];
	$hours = $work['hours'];	
	$memo = $work['memo'];		
	$quality = $work['quality'];			
    }
    else
    {
	$hours = $memo = '';
	$quality = 0;
	$date = date('Y-m-d');
    }

    echo ("<H4>".('add' == $mode ? _("Add work history") : _("Edit work history"))."</H4>\n");
    echo ("<FORM method=\"post\" action=\".\">\n");
    echo ("<INPUT type=\"hidden\" name=\"vid\" value=\"$vid\">\n");
    if ('edit' == $mode)
    {

	echo ("<INPUT type=\"hidden\" name=\"work_id\" value=\"$work_id\">\n");
    }
    echo ("<TABLE border=\"1\" class=\"form\">\n");
?>
    <tr>
 <TH class="vert"><?php echo _("Date"); ?></TH>
 <td>
 <INPUT TYPE="text" NAME="date" SIZE="10" VALUE="<?php echo $date; ?>">
 </td>
 </tr>

<tr>
<?php // todo: allow subtraction and addition 
 ?>
 <TH class="vert"><?php echo _("Hours"); ?></TH>
 <td> <INPUT TYPE="text" NAME="hours" SIZE="7" value="<?php echo $hours;?>"></td>
 </tr>
<TR>
 <TH class="vert"><?php echo _("Category"); ?></TH>
 <TD> 
 <?php
 
 // get a list of categories
 
 $sql = "SELECT string_id, s FROM strings WHERE type = 'work' ORDER BY s";
 
 $result = $db->Execute($sql);
 
 if (!$result)
 {
    process_system_error(_("Error querying database."));    
 }
 else if (0 == $result->RecordCount())
 {
    process_user_error(_("None found."));
 }
 else
 {
    echo ("<SELECT name=\"category_id\">\n");
    while (!$result->EOF)
    {
	$row = $result->fields;
	echo ("<OPTION value=\"".$row['string_id']."\">".$row['s']."</OPTION>\n");
	$result->MoveNext();
    }
    echo ("</SELECT>\n");
 }
 ?>
  <TD>
<TR>
 <TH class="vert"><?php echo _("Quality"); ?></TH>
 <TD>
  <SELECT name="quality">
  <OPTION <?php echo display_position_option(-1, $quality);?>><?php echo _("Negative"); ?></OPTION>
  <OPTION <?php echo display_position_option(0, $quality);?>><?php echo _("Neutral"); ?></OPTION>
  <OPTION <?php echo display_position_option(1, $quality);?>><?php echo _("Positive"); ?></OPTION>
  </SELECT>
<tr>
 <TH class="vert"><?php echo ("Memo"); ?></TH>
 <td><TEXTAREA name="memo" cols="45" rows="2"><?php echo htmlentities($memo);?></TEXTAREA></td>
 </tr>
 

</table>

<?php

if ('add' == $mode)
{
    echo ("<INPUT type=\"submit\" name=\"button_add_work_history\" value=\""._("Add")."\">\n");
}
else
{
    echo ("<INPUT type=\"submit\" name=\"button_update_work_history\" value=\""._("Update")."\">\n");
}

echo ("</FORM>\n");
}

?>
Return current item: Son of Service