Added a new admin login form and elevated user access.

application/config/application.ini

@@ -40,7 +40,7 @@ controller = 'accountController'
 authtable = 'accounts'
 uidfield = 'username'
 pwfield = 'password'
-rolefield = 'accountType'
+rolefield = 'authLevel'
 pinfield = 'pin'
 pwenctype = 'SHA1'
 allowedRoute[] = 'index'

application/controllers/accountController.php

@@ -6,6 +6,7 @@ class accountController extends Staple_AuthController
 	public function _start()
 	{
 		$this->_setLayout("account");
+		$this->_openMethod('admin');
 	}
 	
 	public function index()
@@ -52,7 +53,44 @@ class accountController extends Staple_AuthController
 	{
 		echo Staple_Auth::get()->getAuthLevel();
 	}
-	
+
+	public function admin()
+	{
+		$form = new adminAccountForm();
+		if($form->wasSubmitted())
+		{
+			$form->addData($_POST);
+			if($form->validate())
+			{
+				$password = $_POST['password'];
+				$account = $_POST['username'];
+
+				$auth = Staple_Auth::get();
+
+				$granted = $auth->doAuth(array('username'=>$account,'password'=>$password));
+
+				if($granted === true)
+				{
+					header('Location: '.$this->_link(array('timesheet','index')));
+				}
+				else
+				{
+					$this->view->message = "Invalid login";
+					$this->view->form = $form;
+				}
+			}
+			else
+			{
+				$this->view->form = $form;
+			}
+		}
+		else
+		{
+			$this->view->form = $form;
+		}
+
+	}
+
 	public function logout()
 	{
 		$auth = Staple_Auth::get();

application/controllers/accountsController.php

@@ -0,0 +1,23 @@
+<?php
+
+class accountsController extends Staple_Controller
+{
+    private $authLevel;
+
+    public function _start()
+    {
+        $auth = Staple_Auth::get();
+        $this->authLevel = $auth->getAuthLevel();
+        if($this->authLevel < 900)
+        {
+            header("location:".$this->_link(array('index','index'))."");
+        }
+    }
+
+    public function index()
+    {
+        echo "Accounts";
+    }
+}
+
+?>

application/controllers/reportsController.php

@@ -0,0 +1,21 @@
+<?php
+
+class reportsController extends Staple_Controller
+{
+    private $authLevel;
+
+    public function _start()
+    {
+        $auth = Staple_Auth::get();
+        $this->authLevel = $auth->getAuthLevel();
+        if($this->authLevel < 900)
+        {
+            header("location:".$this->_link(array('index','index'))."");
+        }
+    }
+
+    public function index()
+    {
+        echo "Reports";
+    }
+}

application/forms/adminAccountForm.php

@@ -0,0 +1,27 @@
+<?php
+
+class adminAccountForm extends Staple_Form
+{
+	public function _start()
+	{
+		//$this->setLayout('accountFormLayout');
+
+		$this->setName('adminAuth')
+			->setAction($this->link(array('account','admin')));
+
+		$user = new Staple_Form_FoundationTextElement('username','Account');
+		$user->setRequired()
+			->addValidator(new Staple_Form_Validate_Length(1,50));
+
+		$password = new Staple_Form_FoundationPasswordElement('password','Password');
+		$password->setRequired()
+			->addValidator(new Staple_Form_Validate_Length(1,50));
+
+		$submit = new Staple_Form_FoundationSubmitElement('submit','Submit');
+		$submit->addClass('button expand');
+
+		$this->addField($user, $password, $submit);
+	}	
+}
+
+?>

application/layouts/account.phtml

@@ -15,8 +15,17 @@
     <body>
         <div class="header">
             <div class="row">
-                <div class="small-12 column text-center">
-                    <h1><i class="fa fa-clock-o"></i> TimeTracker</h1>
+                <div class="show-for-medium-up medium-2 columns">
+                    &nbsp;
+                </div>
+                <div class="small-8 medium-8 columns text-center">
+                    <h1><i class="fa fa-clock-o"></i> Time Tracker</h1>
+                </div>
+                <div class="small-4 medium-2 columns text-right">
+
+                    <ul class="inline-list right">
+                        <li><a class="button tiny radius" href="<?php echo $this->link(array("account","admin"))?>">Admin</a></li>
+                    </ul>
                 </div>
             </div>
         </div>

application/layouts/main.phtml

@@ -43,7 +43,25 @@
                 <ul class="left">
                     <li><a href="<?php echo $this->link(array('index')) ?>"><i class="fa fa-dashboard"></i> Dashboard</a></li>
                     <li><a href="<?php echo $this->link(array('timesheet')) ?>"><i class="fa fa-clock-o"></i> Timesheet</a></li>
-                    <li><a href="<?php echo $this->link(array('index','reports')) ?>"><i class="fa fa-file"></i> Reports</a></li>
+                    <?php
+
+                    //Supervisor Accounts
+                    if($user->getAuthLevel() >= 500)
+                    {
+                        echo "
+                            <li><a href=\"".$this->link(array('reports')) ."\"><i class=\"fa fa-file\"></i> Reports</a></li>
+                        ";
+                    }
+
+                    //Administrative Accounts
+                    if($user->getAuthLevel() >= 900)
+                    {
+                        echo "
+                            <li><a href=\"".$this->link(array('accounts')) ."\"><i class=\"fa fa-users\"></i> Accounts</a></li>
+                        ";
+                    }
+
+                    ?>
                 </ul>
 
                 <!-- Right Nav Section -->

application/models/userModel.php

@@ -8,8 +8,11 @@
 		private $username;
 		private $firstName;
 		private $lastName;
-		private $accountType;
+		private $type;
+		private $authLevel;
+		private $supervisorId;
 		private $batchId;
+		private $pin;
 
 		/**
 		 * @return mixed
@@ -78,17 +81,49 @@
 		/**
 		 * @return mixed
 		 */
-		public function getAccountType()
+		public function getType()
 		{
-			return $this->accountType;
+			return $this->type;
 		}
 
 		/**
-		 * @param mixed $accountType
+		 * @param mixed $type
 		 */
-		public function setAccountType($accountType)
+		public function setType($type)
 		{
-			$this->accountType = $accountType;
+			$this->type = $type;
+		}
+
+		/**
+		 * @return mixed
+		 */
+		public function getAuthLevel()
+		{
+			return $this->authLevel;
+		}
+
+		/**
+		 * @param mixed $authLevel
+		 */
+		public function setAuthLevel($authLevel)
+		{
+			$this->authLevel = $authLevel;
+		}
+
+		/**
+		 * @return mixed
+		 */
+		public function getSupervisorId()
+		{
+			return $this->supervisorId;
+		}
+
+		/**
+		 * @param mixed $supervisorId
+		 */
+		public function setSupervisorId($supervisorId)
+		{
+			$this->supervisorId = $supervisorId;
 		}
 
 		/**
@@ -107,6 +142,22 @@
 			$this->batchId = $batchId;
 		}
 
+		/**
+		 * @return mixed
+		 */
+		public function getPin()
+		{
+			return $this->pin;
+		}
+
+		/**
+		 * @param mixed $pin
+		 */
+		public function setPin($pin)
+		{
+			$this->pin = $pin;
+		}
+
 		function __construct()
 		{
 			$this->db = Staple_DB::get();
@@ -114,7 +165,7 @@
 			$auth = Staple_Auth::get();
 			$username = $auth->getAuthId();
 
-			$sql = "SELECT id, username, firstName, lastName, accountType, batchId FROM accounts WHERE username = '".$this->db->real_escape_string($username)."'";
+			$sql = "SELECT id, username, firstName, lastName, authLevel, batchId FROM accounts WHERE username = '".$this->db->real_escape_string($username)."'";
 			if($this->db->query($sql)->fetch_row() > 0)
 			{
 				$query = $this->db->query($sql);
@@ -124,7 +175,7 @@
 				$this->setUsername($result['username']);
 				$this->setFirstName($result['firstName']);
 				$this->setLastName($result['lastName']);
-				$this->setAccountType($result['accountType']);
+				$this->setAuthLevel($result['authLevel']);
 				$this->setBatchId($result['batchId']);
 			}
 			else

application/views/account/admin.phtml

@@ -0,0 +1,8 @@
+<div class="row">
+    <div class="small-12 medium-6 medium-centered columns text-center">
+        <?php echo $this->message ?>
+    </div>
+    <div class="small-12 medium-6 medium-centered columns">
+        <?php echo $this->form ?>
+    </div>
+</div>

library/Staple/ExtendedDBAuthAdapter.class.php

@@ -163,7 +163,7 @@ WHERE ' . $db->real_escape_string($this->_settings['pinfield']) . ' = ' .
 			}
 
 
-			if (array_key_exists('username', $cred) AND array_key_exists('password', $cred))
+			if (array_key_exists('username', $cred) && array_key_exists('password', $cred))
 			{
 				$db = Staple_DB::get();
 				$this->uid = $cred['username'];