PHP Timeclock Version 1.04 http://sourceforge.net/projects/timeclock Copyright (C) 2006 Ken Papizan PHP Timeclock Changelog 1.04 11/15/07 ----------------------- --- BUG #1510062: Modified sysedit.php and config.inc.php to fix allowed_networks bug. --- BUG #1532762: Modified SHOW TABLE statements to correct typo. Also modified (but didn't test) the upgrade script to account for wildcards. --- BUG #1544207: Modified report files to fix bad cancel link. --- BUG #1713146: Modified files using gmdate to prevent possible race condition. 1.03 6/20/06 ----------------------- --- Fixed a bug in the Audit Log report where incorrect dates and times were being displayed. (Thanks to Brett Moss for finding this bug.) --- Fixed a bug in the Total Hours report where incorrect dates were being displayed. (Thanks to Brett Moss for finding this bug.) --- Fixed numerous other bugs in the Total Hours report. (Thanks to Brett Moss for finding these bugs.) 1.02 6/5/06 ----------------------- --- Fixed numerous bugs in the Edit Time page concerning European style dates. The times would not always be edited if $calendar_style = "euro" in config.inc.php. --- Fixed a bug in the Delete Time page concerning European style dates. The times would not always delete if $calendar_style = "euro" in config.inc.php. --- Fixed a bug in the Add Time page concerning European style dates. The time would not always add if $calendar_style = "euro" in config.inc.php. And if by chance it DID add, it would not add it for the day specified. --- Fixed a bug in the Change Password and Create User pages concerning the eregi functions included within those pages. On some installs, this error message would appear while attempting to change passwords or create users: "Warning: eregi(): Invalid content of \{\}". (Thanks to Jim Blansett for finding this bug.) --- Fixed bugs in the Total Hours and Daily Time reports concerning European style dates. The reports would not display the expected correct results if $calendar_style = "euro" in config.inc.php. --- Fixed a bug in the Upgrade Database page. If magic_quotes_runtime was turned on in php.ini, the script would tell you that your mysql user did not have the appropriate privileges to the PHP Timeclock database, even if the user did. --- Fixed a bug where if the "Remember Me" checkbox is checked on the main page and output_buffering is set to "Off" in php.ini, a php error would display and the "Remember Me" functionality would not work. --- Added a 'disabled' property to the employees table, this allows for users to be marked as disabled instead of deleting them entirely from the database. --- Added the ability to track a user's ip address when they sign-in/out, and to therefore report on it. This ip information is available for each report. There are two variables in config.inc.php dealing with this. One is to turn on ip_logging, and the other is a default setting for the reports if ip_logging is turned on. (Thanks for the idea Jason Mortensen.) --- Added a report entitled "Audit Log". This report details each addition, deletion, or edit of a person's time. It does NOT display the individual punch-ins/outs that are performed via the main page, but it does display the details of all additions, deletions, and edits of a person's time for a given date range when it's done via the Add/Edit/Delete Time pages. --- Added the ability to allow only certain networks or ip addresses to connect to PHP Timeclock. (Thanks for the idea Jim Blansett.) --- Added the option to utilize table prefixes within PHP Timeclock. This can be helpful if you have an existing mysql database that you would like to use with this app. (Thanks for the idea Fred.) --- Added an option to export the reports in csv format. --- Removed the Admin user from the dropdown on the main page and from displaying it's punch-in/out details on the main page. This user should not be punching-in/out anyways. Also removed it from the dropdowns for the reports (except for the Audit Log), and from displaying it's punch-in/out details in the reports. --- Added the "Notes" column heading in the Time Report as it was mistakenly omitted in prior releases. --- Removed the Email Address column from the User Summary and User Search (just the results on this page) pages. To view or change a person's email address, simply click on their username or the edit icon that corresponds with their username. 1.01 3/23/06 ----------------------- --- Fixed the Hours Worked report so it would calculate the correct number of hours worked. The hours were not always correct if a user was currently punched in. --- Fixed a bug where if there was a multiple of 40 names listed on the front page, the footer would not correctly align to the right of the page. --- Fixed a bug where if $display_current_users = "yes", $display_office = "all", and $display_group = "all" in config.inc.php, the main page of the application would unexpectantly print out the last query that was run, then exit and die. --- Fixed a bug on the Edit Office page where if there were identical group names that were affiliated with different parent offices, the number of users displayed for one of these groups for the current office being edited would not be correct. --- Fixed the Edit System Settings page to display distinct groups in the display_group dropdown box if there were multiple groups with the same groupname in the database. This would only happen if display_office was set to "all", and groups with the same groupname, but affiliated with different officenames, existed in the database. --- Added report_start_time and report_end_time variables for the Hours Worked report. These variables have been added if the report needs to be run from a certain start time on the starting day of the report to a certain end time on the ending day of the report. These are configurable in config.inc.php. --- Provided the option to print the Display Names on the reports, also configurable in config.inc.php. --- Provided the option to view a triple dropdown consisting of Offices, Groups, and Usernames, or a single dropdown consisting of Usernames when setting the paramaters of the report for ALL reports. --- The currently logged in username is now displayed in the top left of each page just under the logo. (Thanks for the idea Jason Mortensen.) --- Added a 'Remember Me?' option to the main page of the app that automatically selects the last username that logged in from a particular computer. This is done via a cookie, so cookies must be enabled within the user's browser for this to work as expected. (Thanks for the idea Jason Mortensen.) --- Took out the code in display.php that had anything to do with timerpt.php, and stuffed that code into timerpt.php. --- Replaced the transparent pngs provided by Mark James with updated, compressed transparent pngs from Mark James. 1.0 3/6/06 ----------------------- --- Added a report to tally a user's hours. This was done with a little help from Adam Woodbeck. He was nice enough to provide a working report he had written, so we utilized some of his code to create this report. --- Added the ability to display times in 24-hour format. --- Added the ability to display dates in many various formats. --- Added a way to logout of the admin section. Had to change the way the admin user logged on, seeing as how there is no way to TRUELY logout when using http-auth, or even login at all if php is running in cgi mode. Sessions are now being utilized for logging in and out of the admin and reporting sections. --- Added a way to edit user properties. --- Added pages to allow for adding, deleting, and editing of punch-in/out statuses. --- Allowed for the ability for more than one login to have administrative access. Authentication is performed via mysql now, instead of a plaintext name and password in config.inc.php. $admin_username and $admin_password have been removed from config.inc.php. --- Allowed for the ability for more than one login to have access to ONLY add, edit, or delete a user's time. This is a separate permission that any user can be given. If a user has Time Admin access, it does not mean that user will have Sys Admin permission or access to the reports. It simply means that the specified user has permission to add, edit, or delete a user's time. --- Allowed for the ability for more than one login to have reporting access. Authentication is performed via mysql now, instead of a plaintext name and password in config.inc.php. $reports_username and $reports_password have been removed from config.inc.php. --- Each user can now be assigned as a Sys Admin user, Time Admin user, and/or a reports user. Just because a user has admin access does not mean that user can view the reports. In order for a user to have access to the reports, you must give them that access via the admin section or globally set $use_reports_password to "no" within config.inc.php. --- Added some property fields to the usernames. Now when creating or editing a username, the following user properties are required: Username, Display Name, Email Address, Office, and Group. The email address field is currently not used for anything in this release, but it will be utilized in a future release in some way. --- Added a User Search page, for if you have many users and wish to find the properties of a user without scrolling through the entire user list. --- Added Offices to which each username in the database MUST be a member of. --- Added Groups, which are also mandatory for a user to be a member of, that are subcategories of the Offices. Basically, think of Groups as being departments of a company, and Offices as being the different office locations of a company. If you have only one office location within your company, you might want to setup only one office. And the same goes for Groups. --- Added the option to display punch-in/out times for only users of a certain office, or office/group combination on the main page. --- Added the ability to add or delete an individual punch-in/out time. --- All statuses are now determined to be either "in" or "out" in the database. This makes for more useful reporting. --- Added a page to display the current options (system settings) configured within config.inc.php. --- Added a page where you can edit the current options (system settings) within config.inc.php. --- Added a printer friendly page for the main page. If you need to print out the current listing on the main page, simply click on the link titled "printer friendly page" in the top right of the main page, then print it. --- The Upgrade Database page within the admin section has been improved, and should work more reliably in most environments. --- Fixed the reports so they now paginate correctly when printed from web browsers that are not Internet Explorer. In previous releases, the reports paginated ONLY if your browser was IE. --- Added a few nice little icons provided by Mark James from http://www.famfamfam.com/lab/icons/silk/. --- Added a couple of javascript scripts provided by Matt Kruse from http://mattkruse.com. One is a color picker so a color can be given for individual punch-in/out statuses, and the other one is a calendar popup which is utilized in several places within this app. --- Added a javascript script provided by Joshua Paine from http://demo.fairsky.us/javascript/png.html It renders the transparent pngs (provided by Mark James) for Internet Explorer versions 6 and below. --- Added a number of security fixes throughout thie app. --- Performed general code cleanup on a number of files. 0.9.4-1 5/27/05 ----------------------- --- Fixed a bug in the time report - if the "To" and "From" dates were the same, either no punch-in/out times would display, or just some of the times would display. --- Fixed a bug in displaying the punch-in/out times on the main page if $show_current_users_only was set to "yes" in config.inc.php. Either none of the times would display, or just some of the times would display. --- This bug was also found when attempting to change a user's time. --- Added "This script also makes other minor changes to the database." to the database upgrade script description in dbupgrade.php. 0.9.4 5/24/05 ----------------------- --- Required the use of at least version 4.1.0 of PHP. This was done to move from the use of long PHP predefined variable arrays ($HTTP_*_VARS) to PHP superglobal variable arrays ($_*), which were introduced in PHP 4.1.0. With PHP5's ability to disable the ($HTTP_*_VARS) arrays using 'register_long_arrays=Off' in php.ini, i felt it was time to make the switch everywhere in the code. --- Changed the way time was being stored in the database from a mysql timestamp to a unix timestamp. This provides the ability to utilize timezone functionalities and quite possibly other functions for future use. --- Added a database upgrade script within the app, dbupgrade.php. You can now choose to upgrade the database via the command line using the mysql statments included in upgrade_database.sql (as you could have always done), or go to the administration section of the app and choose to upgrade the db from there. FOR THIS RELEASE, YOU WILL NEED TO USE THE UPGRADE SCRIPT, dbupgrade.php. This is because of the need to convert all of your current mysql timestamps into unix timestamps. Yes, you CAN do this without the script, but the script also takes into account the timezone of the server so the new unix timestamps will be stored in GMT. --- Added the ability to display punch-in/out times in 3 different ways: 1) times can now be displayed according to the end user's timezone. This is done with the use of javascript and the addition of a cookie to the user's system. 2) times can be displayed according to the web server's timezone. This is the way times in all previous versions of the distribution have been displayed (it is also the default setting of this release). 3) times will be displayed in GMT if neither of the two above options are chosen. This is set in config.inc.php. --- Added an option to display current, local weather stats. This is done with code from the PHP Weather project by Martin Geisler and others. PHP Weather is licensed under the GPL. --- When printing the main page or the time report, the date and time it is run is reflected according to how you chose to display your punch-in/out times via config.inc.php, instead of just assuming you want to use the timezone of the webserver. This affects ONLY the printouts of these pages. --- Removed the $time_entry_title variable in config.inc.php and stuffed it into timereport.php. All this variable did was provide an easy way to change the time report title. --- Removed the $left_side_width variable in config.inc.php. This variable set the width for the left side of each page. The value for this variable has now been hard-coded into leftmain.php. --- Combined leftmain.php and timeclack.php into one file, leftmain.php. --- Fixed a bug where the wrong time and date were being reported in an error message when a user's time was changed. --- Performed general code cleanup on a number of files. 0.9.3 3/21/05 ----------------------- --- Added the ability to change a user's time entry in the administration section. --- When notes are included in a user's time entry, they are input into the database in all lowercase, instead of just being displayed on the screen as lowercase. They were being strung to lowercase on the screen after they were entered into the database, but they are now instead initially input into the database as lowercase. This is almost not worth mentioning, but it is a minor change, thus it's here in the changelog. --- Renamed the Employee Report to Time Report, and added the option to run this report for all usernames. Doing this negated the need for having the Monthly Report, Today's Report, and Date Report. These reports have been removed. --- Moved the Timeclock Admin link to from the left side of the page to the far right part of the topbar and renamed it to Administration. --- Combined topmain.php and topmain_alt.php into one file, and removed topmain_alt.php. --- Fixed a formatting problem on the home page and the reports where the rows of data were a couple of spaces more to the left than the column headings. Fixing this also fixed an odd bug where if you refreshed the home page repeatedly, the rows of data would sometimes be extremely out of line with the column headings. --- Added some security to all form fields by disallowing certain characters to be used when filling in the form fields. --- Limited the size of the form fields to match the size of the corresponding fields in the database. --- Removed the $fqdn option in config.inc.php as it was pretty much a useless option anyway. It was a variable to provide a fully qualified domain name for the path to the distribution files. --- Removed the $move_reports option in config.inc.php and replaced it with $use_reports_password, an option to require a username and password to view the reports. --- Added a username and password option in config.inc.php to give some users the ability to view the reports, but not access anything else in the admin section. These variables are set in config.inc.php with the $reports_username and $reports_password variables. This is not the best way to allow authentication when accessing the reports, but it is one of the easiest. Another way of accomplishing the same goal is adding a 'groups' field in the db and assigning everyone to a group and requiring authentication via the users' username and password. I don't care to do it that way just yet. --- Added the ability to display only the current day's activity on the front page instead of the last entry from each user. This is done with the $show_current_users_only option in config.inc.php. 0.9.2 11/15/04 ----------------------- --- Fixed timeclack.php so a php information message wouldn't occur if $use_passwd was set to "no" in config.inc.php. --- Added the option to move all reports to the administration section. If $move_reports is set to "yes" in config.inc.php, then the reports are moved to the administration section of the app. --- Moved the $use_passwd, $admin_username, $admin_passwd options in config.inc.php from the 'required changes' section to the 'optional changes' section. --- Removed the $website and $domain_name variables in config.inc.php. These were variables for your website link and name in the bottom left of each page. They were removed for aesthetic reasons. --- Added the word 'New' to the 'Password(s)' column heading in chngpasswd.php. The heading now reads 'New Password(s)' instead of 'Password(s)'. --- Fixed the 'Notes' column on all pages to align more to the left instead of centering itself in the middle of the column. --- Added better printing functionality for IE (Internet Explorer 4.x and higher) via css for the reports. The reports still print unter Mozilla/Firefox, they're just not formatted as nicely with the column headings on each page. 0.9.1-1 10/31/04 ----------------------- --- Fixed a bug where headers were sometimes being sent twice. 0.9.1 10/26/04 ----------------------- --- Added the option to use passwords for submitting an employee's status. The php crypt() function is used for this. Unfortunately, doing it this way forces you to add users with passwords and/or change passwords using ONLY this app or some other php script using the crypt() function. Adding passwords directly into the mysql database will not work. This option is set in config.inc.php with the $use_passwd variable. --- Added a field named 'employee_password' to the employees table. If "none" is chosen for $use_passwd in config.inc.php, then this field is ignored. --- Added a password blank in leftmain.php if $use_passwd = "yes" in config.inc.php. --- Added a Timeclock Administration section which contains scripts to add/delete users and to change users' passwords. This section is password protected. --- Added an admin username and password for the Timeclock Administration section. These variables are set in config.inc.php with the $admin_username and $admin_password variables. --- Added the option to change the width of leftmain.php (the section where you sign-in). This is added only to make the width easier to change, in case you have a few usernames that are so long that they're wider than the current setting. This option is set in config.inc.php with the $left_side_width variable. --- Removed the $index variable in config.inc.php. This was a variable for your index page. It provided no extra functionality unless you wanted to have a different index page. --- Changed the default example links for the $links variable in config.inc.php to all point to slashdot.org. They were pointing to http://111/, http://222/, up to http://666/. --- Combined daterptinfo.php and daterpt.php into one page, did the same for employeerpt.php and employeerptinfo.php, currmonthrpt.php and currmonthrptinfo.php, todayrpt.php and todayrptinfo.php, current_status.php and timeclock.php. --- Removed alink and avisited classes from default.css, as they were not being used anywhere in the code anyway. --- Rewrote the code so it wouldn't matter if register_globals or magic_quotes_gpc are enabled/disabled in your php.ini.