Major multi-purpose update.

README.md

@@ -1,64 +1,82 @@
-About
-=====
+# About
 
-This project is PHP Timeclock v1.04 with the Punchclock v0.8 add-on already installed.
+This project is PHP Timeclock with the Punchclock add-on already installed.
 
+# This Fork
 
-Timeclock - What Is It?
-=======================
+I replaced the phpweather in the left hand sidebar with the saratoga-weather display, which works, and just looks nicer. 
+See (http://saratoga-weather.org/metars.php) for examples, the original code can be downloaded from 
+(http://saratoga-weather.org/scripts-metar.php#metar).   
+
+Added two variables in `config.inc.php` to support the improved weather display `$WxTimeZone` and `$WxList`. 
+
+All calls to the various *mysql_* functions have been replaced with calls to *mysqli* functions 
+where they are compatible, or re-written where nessesary. 
+
+The various problems with un-initialized variables have been fixed. 
+
+All calls to ereg() have been replaced with calls to preg_match and 
+the regular expressions edited as needed. 
+
+Function calls in the `lib.timeclock.php` which were passing functions as parameters were not quoting 
+the function names being passed, resulting in "Undefined constant" errors.  All of those have been fixed. 
+
+As of 25 January 2017, the system now works in PHP 5.6 and mysql 5.7. 
+
+
+# Timeclock - What Is It?
 
 (from http://timeclock.sf.net/ ...)
 
-It is a simple yet effective web-based timeclock system. It allows you to track all employee time as well as upcoming vacations and more, and it can replace manual sign-in/sign-out sheets.
+It is a simple yet effective web-based timeclock system. It allows you to track all employee time 
+as well as upcoming vacations and more, and it can replace manual sign-in/sign-out sheets.
 
-An administration piece is included which allows an administrator to add or delete users, change a user's time or password (if using passwords is enabled), and hide the reports from your users where only an admin or a reports user has access to them. These reports can be run to show daily activitiy or for a range of dates, and can be run for all users, or individually for each user.
+An administration piece is included which allows an administrator to add or delete users, change a 
+user's time or password (if using passwords is enabled), and hide the reports from your users where 
+only an admin or a reports user has access to them. These reports can be run to show daily activitiy 
+or for a range of dates, and can be run for all users, or individually for each user.
 
-This product is distributed under the GPL. This program is free software; you can redistribute it and/or modify it under the terms of the GNU GeneralPublic License version 2, as published by the Free Software Foundation.
+This product is distributed under the GPL. This program is free software; you can redistribute it and/or 
+modify it under the terms of the GNU GeneralPublic License version 2, as published by the 
+Free Software Foundation.
 
 
-Punchclock - What Is It?
-========================
+# Punchclock - What Is It?
 
 (from http://www.acmebase.org/punchclock/ ...)
 
 Punchclock is a drop-in enhancement to the Open Source PHP Timeclock software. 
 
 Punchclock enhances PHP Timeclock with 5 extra features:
 
-    Computes overtime hours.
-    Keeps time cards for each employee.
-    Punchclock entry intended to replace your punchclock at the door.
-    Personal data entry screen for office personnel and mobile devices.
-    Flexible export to your spreadsheet or business software.
+ - Computes overtime hours.
+ - Keeps time cards for each employee.
+ - Punchclock entry intended to replace your punchclock at the door.
+ - Personal data entry screen for office personnel and mobile devices.
+ - Flexible export to your spreadsheet or business software.
 
-PHP Timeclock
-Version 1.04
-http://sourceforge.net/projects/timeclock
-Copyright (C) 2006 Ken Papizan <pappyzan_at_users.sourceforge.net>
+## PHP Timeclock source credits
+- Copyright (C) 2006 Ken Papizan <pappyzan_at_users.sourceforge.net>
 
 
-REQUIREMENTS:
+### REQUIREMENTS:
 
- -  at least PHP 4.1.x, with mysql support
+ -  at least PHP 5.3.x, with mysqli support
  -  MySQL
  -  Webserver
 
-TESTED:
-
- -  PHP 4.34, 5.1.2 with mysql support
- -  MySQL 3.23.49, 4.0.17, 5.0.18
- -  Apache 1.3.22, 1.3.29, 2.2.0
- -  Firefox 1.0 - 1.5.0.4, Firefox 1.0 Preview Release, IE 6.0 SP1, IE 6.0 SP2 for XP, IE 7.0 beta 2
+### TESTED:
 
+ -  PHP 5.6.19 with mysqli support
+ -  MySQL 5.7.22
+ -  Apache 2.4.18
+
 Any version of mysql or webserver software that supports php, whether it's an earlier 
 version than what's tested or later, will probably work fine.
 
-
-
 ##Installation
 
-New Install
-___
+### New Install
 
  - Unpack the distribution into your webserver's document root directory. 
  - Create a database named "timeclock" or whatever you wish to name it.
@@ -82,20 +100,27 @@ ___
     certain users can run them, then give these users reports level access. 
 
 
-Migration from another verison of 1.04 (ie: old official release)
-___
+### Migration from another verison (ie: old official release)
 
  -  Backup your current install directory and database.
  -  Delete all files in your current install directory.
- -  Copy all files from a zip of this repo's master branch (https://github.com/andrew867/timeclock/archive/master.zip) into your install directory.
- -  Modify the new `config.inc.php` file to match your old settings, make sure you correctly set your timezone in php.ini (recommended) or `config.inc.php`.
+ -  Copy all files from a zip of this repo's master branch 
+ (https://github.com/boatright/timeclock/archive/master.zip) into your install directory.
+ -  Modify the new `config.inc.php` file to match your old settings, make sure you correctly 
+ set your timezone in php.ini (recommended) or `config.inc.php`.
+ - See the notes in config.inc.php about entering the new variables for weather display. 
 
+# FAQs
 
 ##Roles
-Admin level access and reports level access are completely separate from each other. Just because a user has admin level access does not give that user reports level access. You must specifically give them reports level access when you are creating or editing the users, if you choose to secure these reports for these users. To make PHP Timeclock lock down the reports to only these users, set the use_reports_password setting in config.inc.php to "yes".
+
+Admin level access and reports level access are completely separate from each other. 
+Just because a user has admin level access does not give that user reports level access. 
+You must specifically give them reports level access when you are creating or editing the users, 
+if you choose to secure these reports for these users. To make PHP Timeclock lock down the 
+reports to only these users, set the use_reports_password setting in config.inc.php to "yes".
 
 
 ##License
-________
 
 This software and changes made are licensed under the GNU GENERAL PUBLIC LICENSE 2 as found in docs/LICENSE

admin/chngpasswd.php

@@ -102,23 +102,23 @@
     $get_user = addslashes($get_user);
 
     $query = "select empfullname from " . $db_prefix . "employees where empfullname = '" . $get_user . "'";
-    $result = mysql_query($query);
-    while ($row = mysql_fetch_array($result)) {
+    $result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
+    while ($row = mysqli_fetch_array($result)) {
         $username = stripslashes("" . $row['empfullname'] . "");
     }
-    mysql_free_result($result);
+    ((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
     if (!isset($username)) {
         echo "username is not defined for this user.\n";
         exit;
     }
 
     if (!empty($get_office)) {
         $query = "select * from " . $db_prefix . "offices where officename = '" . $get_office . "'";
-        $result = mysql_query($query);
-        while ($row = mysql_fetch_array($result)) {
+        $result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
+        while ($row = mysqli_fetch_array($result)) {
             $getoffice = "" . $row['officename'] . "";
         }
-        mysql_free_result($result);
+        ((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
     }
     if (!isset($getoffice)) {
         echo "Office is not defined for this user. Go back and associate this user with an office.\n";
@@ -158,11 +158,11 @@
 
     if (!empty($get_office)) {
         $query = "select * from " . $db_prefix . "offices where officename = '" . $get_office . "'";
-        $result = mysql_query($query);
-        while ($row = mysql_fetch_array($result)) {
+        $result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
+        while ($row = mysqli_fetch_array($result)) {
             $getoffice = "" . $row['officename'] . "";
         }
-        mysql_free_result($result);
+        ((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
     }
     if (!isset($getoffice)) {
         echo "Office is not defined for this user. Go back and associate this user with an office.\n";
@@ -229,11 +229,11 @@
 
     if (!empty($post_username)) {
         $query = "select * from " . $db_prefix . "employees where empfullname = '" . $post_username . "'";
-        $result = mysql_query($query);
-        while ($row = mysql_fetch_array($result)) {
+        $result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
+        while ($row = mysqli_fetch_array($result)) {
             $username = "" . $row['empfullname'] . "";
         }
-        mysql_free_result($result);
+        ((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
         if (!isset($username)) {
             echo "username is not defined for this user.\n";
             exit;
@@ -292,7 +292,7 @@
         $post_username = addslashes($post_username);
 
         $query = "update " . $db_prefix . "employees set employee_passwd = ('" . $new_password . "') where empfullname = ('" . $post_username . "')";
-        $result = mysql_query($query);
+        $result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
 
         $post_username = stripslashes($post_username);