Location: PHPKode > projects > Time Recording System > validation.php
<?
/*
	################################################################
	# >>> Time Recording System											#
	################################################################
	# > Authors:  Lucian Pricop and David Sturtevant					#
	# > E-mail:  hide@address.com						#
	# > Date: 	 17 April 2007											#
	#																			#
	# This web application allows your staff to submit their time	#
	# sheets on line 														#
	################################################################
	#	Copyright (C) 2007  Oxford Archaeology							#
	#																			#
	# This program is free software; you can redistribute 			#
	# it and/or modify it under the terms of the GNU General 		#
	# Public License as published by the Free Software 				#
	# Foundation; either version 2 of the License, or (at your	 	#
	# option) any later version.											#
	#																			#
	# This program is distributed in the hope that it will be 		#
	# useful, but WITHOUT ANY WARRANTY; without even the 				#
	# implied warranty of MERCHANTABILITY or FITNESS FOR A 			#
	# PARTICULAR PURPOSE.  See the GNU General Public License 		#
	# for more details.														#
	#																			#
	# You should have received a copy of the GNU General 				#
	# Public License along with this program; if not, write to 		#
	# the Free Software Foundation, Inc., 59 Temple Place - 			#
	# Suite 330, Boston, MA  02111-1307, USA.							#
	################################################################
*/
	function __autoload($class_name) {
		require_once $class_name . '.php';
	}
	$dbconn = new dbcontrol();
	$connectionStatus = $dbconn->connectdb();

	
	$xml= new DOMDocument();
	$xml->preserveWhiteSpace = false;
	$xml->loadXML(urldecode($_POST["xmlResponse"]));
//   	$xml->loadXML(urldecode("%3C?xml%20version=%221.0%22%20encoding=%22UTF-8%22?%3E%0A%3CVALIDATE%20TYPE=%22invoicecode%22%3E%0A%09%09%3CCODE%3EV&amp;ABS%3C/CODE%3E%0A%3C/VALIDATE%3E"));

	$string = $_POST["xmlResponse"];
// 	$string = "%3C?xml%20version=%221.0%22%20encoding=%22UTF-8%22?%3E%0A%3CVALIDATE%20TYPE=%22invoicecode%22%3E%0A%09%09%3CCODE%3EV&amp;ABS%3C/CODE%3E%0A%3C/VALIDATE%3E";
 
	$validates = $xml->getElementsByTagName("VALIDATE");
	$validate = $validates->item(0);
	$type = $validate->getAttribute("TYPE");
	$entryIds = $xml->getElementsByTagName("ID");
	if($entryIds->length != 0)
		$entryId = $entryIds->item(0)->nodeValue;
	$refIds = $xml->getElementsByTagName("REFID");
	if($refIds->length != 0)
		$refid = $refIds->item(0)->nodeValue;

	$status = "invalid";
	$statusText = "Please contact the web developer";
	$debugString = "";

	switch($type)
	{
		case "invoicecode":
			$codes = $xml->getElementsByTagName("CODE");
			$invoiceCode = $codes->item(0)->nodeValue;
			$queryString="SELECT * FROM tbl_invoice_code_lookup WHERE invoicecode = '".pg_escape_string($invoiceCode)."' OR invoicecode = '".pg_escape_string(strtoupper($invoiceCode))."'";
			$queryResult = $dbconn->sendquery2($queryString);
			$rowNr=pg_num_rows($queryResult);
			if($rowNr == 0)
			{
				$statusText = "Invoice code not found. \n Please choose a valid invoice code from the list.";
				break;
			}
			$rowarray = pg_fetch_array($queryResult,null,PGSQL_ASSOC);
			$projectName = "".$rowarray["projectname"];
			$taskNeeded = "".$rowarray["taskneeded"];
			if(strcmp($rowarray["completed"],"t")==0)
			{
				$status = "completed";
				$statusText = "Invoice code completed. \n Are you sure you want to use this invoice code?";
				break;
			}			
			$status = "valid";
			$statusText = "";
			break;
		case "taskcode":
			$codes = $xml->getElementsByTagName("CODE");
			$taskCode = $codes->item(0)->nodeValue;
			$icodes = $xml->getElementsByTagName("ICODE");
			$invoiceCode = strtoupper($icodes->item(0)->nodeValue);
			
			$queryString = "SELECT * FROM tbl_invoice_code_lookup WHERE (invoicecode = '".pg_escape_string($invoiceCode)."' OR invoicecode = '".pg_escape_string(strtoupper($invoiceCode))."') AND department in ('PX')";
			$queryResult = $dbconn->sendquery2($queryString);
			$rowNr = pg_num_rows($queryResult);
			$allowedNewTaskCodes = false;
			if($rowNr != 0 || (strlen($invoiceCode) >= 3 && strcmp(substr($invoiceCode,0,3),"BID")==0))
				$allowedNewTaskCodes = true;
			$debugString .= $invoiceCode." - ".$rowNr;
			$queryString="SELECT * FROM tbl_task_code_lookup WHERE taskcode = '".pg_escape_string($taskCode)."' OR taskcode = '".pg_escape_string(strtoupper($taskCode))."'";
			$queryResult = $dbconn->sendquery2($queryString);
			$rowNr=pg_num_rows($queryResult);
			if($rowNr == 0 && !$allowedNewTaskCodes)
			{
				$statusText = "Task code not found. \n Please choose a valid task code from the list.";
				break;
			}
			if($rowNr == 0 && $allowedNewTaskCodes)
			{
				$status = "allowednew";
				$statusText = "Your task code has not been found, but you are allowed to add a new one.";
				break;
			}
			if($allowedNewTaskCodes)
			{
				$status = "valid";
				$statusText = "";
				break;
			}
			//checking if this task code is related to the given invoice code
			$queryString="SELECT tsk.taskcode,tsk.taskname FROM tbl_invoice_code_lookup i LEFT JOIN tbl_invoice_group_matrix g ON i.invoicecode = g.invoicecoderefid LEFT JOIN tbl_invoice_task_group it ON g.groupnamerefid = it.groupname LEFT JOIN tbl_task_group_matrix t ON it.groupname = t.groupnamerefid LEFT JOIN tbl_task_code_lookup tsk ON t.taskcoderefid = tsk.taskcode WHERE (i.invoicecode = '".pg_escape_string($invoiceCode)."' OR i.invoicecode = '".pg_escape_string(strtoupper($invoiceCode))."') AND ( tsk.taskcode = '".pg_escape_string($taskCode)."' OR tsk.taskcode = '".pg_escape_string(strtoupper($taskCode))."')";
			$queryResult = $dbconn->sendquery2($queryString);
			$rowNr=pg_num_rows($queryResult);
			if($rowNr == 0)
			{
				$statusText = "The task code you selected is invalid for the '".$invoiceCode."' invoice code. \n Please choose a valid task code from the list.";
				break;
			}
			$status = "valid";
			$statusText = "";
			break;
		case "weekendingday":
			$nrOfWeeksAheadAllowed = 4;
			$dates = $xml->getElementsByTagName("DATE");
			$weekEndingDate = $dates->item(0)->nodeValue;
			
			if(ereg("^(([0-2]{0,1}[0-9]{1}|3[0-1]{1}){1}\/([1-9]{1}|1[0-2]{1}){1}\/[1-2]{1}[0-9]{3}){1}$",$weekEndingDate)===FALSE)
			{
				$statusText = "The date you entered is not valid!";
				break;
			}
			//transforming the english date in US date
			$dateArr = split("/",$weekEndingDate);
			$usDate = $dateArr[1]."/".$dateArr[0]."/".$dateArr[2];
			
			//verifing that the user is not giving a date in the future
			$seconds = 60 * 60 * 24 * 7 * ($nrOfWeeksAheadAllowed-1);
	
			if(strtotime($usDate) > strtotime("next Friday")+$seconds)
			{
				$statusText = "Sorry, you are not allowed to add time sheets for the following weeks.";
				break;
			}
			//checking if the given date is a friday
			$attributes = getdate(strtotime($usDate));
			if($attributes["wday"] != 5)
			{
				$statusText = "Sorry, the end date must be a friday.";
				break;
			}
			//checking if there is another timesheet for the same date
			$queryString="SELECT * FROM tbl_office_time_sheet WHERE staffrefid = ".$refid." AND startdate = '".date("Y-m-d",strtotime($usDate))."'";
			$debugString .= "\n".$queryString."\n".$weekEndingDate;
			$queryResult = $dbconn->sendquery2($queryString);
			$rowNr=pg_num_rows($queryResult);
			$rowarray = pg_fetch_array($queryResult,null,PGSQL_ASSOC);
			$submitted = $rowarray["submitted"];
			if($rowNr != 0)
			{
				if(strcmp($submitted,"f")==0)
					$statusText = "You have already started filling out your time sheet for this week.";
				else
					$statusText = "The time sheet for this week is already submitted and you can not make changes to it.";
				break;
			}
			//checking if there is no timesheet submitted for the previous week
			$queryString="SELECT * FROM tbl_office_time_sheet WHERE staffrefid = ".$refid." AND startdate = '".date("Y-m-d",strtotime("-7days",strtotime($usDate)))."'";
			$debugString .= "\n".$queryString;
			$queryResult = $dbconn->sendquery2($queryString);
			$rowNr=pg_num_rows($queryResult);
			if($rowNr == 0)
			{
				$status = "gap";
				$statusText = "No submitted timesheet for the previous week";
				break;
			}
			$status = "valid";
			$statusText = "";
			break;
	}

	$response = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
	$response.= "<RESPONSE>\n";
	$response .="\t<STATUS>".$status."</STATUS>\n";
	$response .="\t<STATUSTEXT>".$statusText."</STATUSTEXT>\n";
	if(isset($projectName))//this will return the projectname in case the invoice code is valid
		$response .="\t<PROJECTNAME>".htmlspecialchars(stripslashes($projectName))."</PROJECTNAME>\n";
	if(isset($taskNeeded))
		$response .="\t<TASKNEEDED>".(strcmp($taskNeeded,"t")==0 ? "true" : "false")."</TASKNEEDED>\n";
	if(isset($entryId))
		$response .="\t<ID>".$entryId."</ID>\n";
	$response.= "</RESPONSE>";
	header("Content-type: application/xml");
	echo $response;

//for debugging purposes
/*
$filename = 'log.txt';

if (is_writable($filename)) {

   if (!$handle = fopen($filename, 'w')) {
         echo "Cannot open file ($filename)";
         exit;
   }
	if (fwrite($handle, $_POST["xmlResponse"]) === FALSE) {
		echo "Cannot write to file ($filename)";
		exit;
	} 
    if (fwrite($handle, $response) === FALSE) {
		echo "Cannot write to file ($filename)";
		exit;
	}
	if (fwrite($handle, $debugString) === FALSE) {
		echo "Cannot write to file ($filename)";
		exit;
	}
	fclose($handle);

} else {
   echo "The file $filename is not writable";
}  */
?>
Return current item: Time Recording System