From ec33bd432725a9e49d1efe8094804e4fdbc4faac Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Sat, 9 Mar 2019 16:57:56 +0000
Subject: [PATCH] Added audit info for timesheet create and modify events.

---
 WEB-INF/lib/ttTimesheetHelper.class.php | 28 ++++++++++++++++++-------
 WEB-INF/templates/footer.tpl            |  2 +-
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/WEB-INF/lib/ttTimesheetHelper.class.php b/WEB-INF/lib/ttTimesheetHelper.class.php
index 240d9131..a00b4b7a 100644
--- a/WEB-INF/lib/ttTimesheetHelper.class.php
+++ b/WEB-INF/lib/ttTimesheetHelper.class.php
@@ -74,9 +74,12 @@ class ttTimesheetHelper {
     $end_date = new DateAndTime($user->date_format, $fields['end_date']);
     $end = $end_date->toString(DB_DATEFORMAT);
 
-    $sql = "insert into tt_timesheets (user_id, group_id, org_id, client_id, project_id, name, comment, start_date, end_date)".
+    $created_part = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id;
+
+    $sql = "insert into tt_timesheets (user_id, group_id, org_id, client_id, project_id, name, comment,".
+      " start_date, end_date, created, created_ip, created_by)".
       " values ($user_id, $group_id, $org_id, ".$mdb2->quote($client_id).", ".$mdb2->quote($project_id).", ".$mdb2->quote($name).
-      ", ".$mdb2->quote($comment).", ".$mdb2->quote($start).", ".$mdb2->quote($end).")";
+      ", ".$mdb2->quote($comment).", ".$mdb2->quote($start).", ".$mdb2->quote($end).$created_part.")";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
@@ -191,8 +194,10 @@ class ttTimesheetHelper {
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error')) return false;
 
+    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
+
     // Delete timesheet.
-    $sql = "update tt_timesheets set status = null".
+    $sql = "update tt_timesheets set status = null".$modified_part.
       " where id = $timesheet_id and user_id = $user_id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     return (!is_a($affected, 'PEAR_Error'));
@@ -212,7 +217,10 @@ class ttTimesheetHelper {
     $comment = $fields['comment'];
     $status = $fields['status']; // Timesheet status.
 
-    $sql = "update tt_timesheets set name = ".$mdb2->quote($name).", comment = ".$mdb2->quote($comment).
+    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
+
+    $sql = "update tt_timesheets set name = ".$mdb2->quote($name).
+      ", comment = ".$mdb2->quote($comment).$modified_part.
       ", status = ".$mdb2->quote($status).
       " where id = $timesheet_id and user_id = $user_id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
@@ -296,8 +304,10 @@ class ttTimesheetHelper {
     $group_id = $user->getGroup();
     $org_id = $user->org_id;
 
+    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
+
     $timesheet_id = $fields['timesheet_id'];
-    $sql = "update tt_timesheets set submit_status = 1".
+    $sql = "update tt_timesheets set submit_status = 1".$modified_part.
       " where id = $timesheet_id and user_id = $user_id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     return (!is_a($affected, 'PEAR_Error'));
@@ -390,7 +400,9 @@ class ttTimesheetHelper {
     $timesheet_id = $fields['timesheet_id'];
     $comment = $fields['comment'];
 
-    $sql = "update tt_timesheets set approve_status = 1, approve_comment = ".$mdb2->quote($comment).
+    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
+
+    $sql = "update tt_timesheets set approve_status = 1, approve_comment = ".$mdb2->quote($comment).$modified_part.
       " where id = $timesheet_id and submit_status = 1 and user_id = $user_id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     return (!is_a($affected, 'PEAR_Error'));
@@ -408,7 +420,9 @@ class ttTimesheetHelper {
     $timesheet_id = $fields['timesheet_id'];
     $comment = $fields['comment'];
 
-    $sql = "update tt_timesheets set approve_status = 0, approve_comment = ".$mdb2->quote($comment).
+    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
+
+    $sql = "update tt_timesheets set approve_status = 0, approve_comment = ".$mdb2->quote($comment).$modified_part.
       " where id = $timesheet_id and submit_status = 1 and user_id = $user_id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     return (!is_a($affected, 'PEAR_Error'));
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 5c320f1c..27f18061 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.56.4851 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.56.4852 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
-- 
2.20.1