Untitled

<?php

session_start();

if (!isset($_SESSION['StaffID'])) {
  header("Location: index.php");
}

if ($_SESSION['Admin'] != 1) {
  header("Location: index.php");
}

require "database.php";
$db = new Database();

$staffid = $_GET['staffid'];
$currenttime = time();

$sql = $db->prepare("SELECT StaffID, Present, CurrentRecord FROM staffinfo WHERE StaffID=:StaffID");
$sql->bindValue(':StaffID', $staffid, SQLITE3_INTEGER);
$queryresult = $sql->execute();
$newarray = $queryresult->fetchArray();
$storedpresent = $newarray['Present'];
$storedrecord = $newarray['CurrentRecord'];

if ($storedpresent == 0) {
  //use sign in code
  $sql = $db->prepare("UPDATE staffinfo SET Present=1 WHERE StaffID=:StaffID");
  $sql->bindValue(':StaffID', $staffid, SQLITE3_INTEGER);
  $sql->execute();

  $sql = $db->prepare("INSERT INTO signinrecord VALUES (NULL, :StaffID, :currenttime, NULL)");
  $sql->bindValue(':StaffID', $staffid, SQLITE3_INTEGER);
  $sql->bindValue(':currenttime', $currenttime, SQLITE3_INTEGER);
  $sql->execute();

  $sql = $db->prepare("SELECT * FROM signinrecord ORDER BY SignInID");
  $queryresult = $sql->execute();
  $newarray = $queryresult->fetchArray();
  $signinid = $newarray['SignInID'];

  $sql = $db->prepare("UPDATE staffinfo SET CurrentRecord=:SignInID WHERE StaffID=:StaffID");
  $sql->bindValue(':StaffID', $staffid, SQLITE3_INTEGER);
  $sql->bindValue(':SignInID', $signinid, SQLITE3_INTEGER);
  $sql->execute();

  header("Location: markattendance.php");
} else {
  //use sign out code

  $sql = $db->prepare("UPDATE signinrecord SET TimeOut=:currenttime WHERE SignInID=:storedrecord");
  $sql->bindValue(':currenttime', $currenttime, SQLITE3_INTEGER);
  $sql->bindValue(':storedrecord', $storedrecord, SQLITE3_INTEGER);
  $sql->execute();

  $sql = $db->prepare("UPDATE staffinfo SET Present=0 WHERE StaffID=:StaffID");
  $sql->bindValue(':StaffID', $staffid, SQLITE3_INTEGER);
  $sql->execute();
  header("Location: markattendance.php");
}

 ?>