<?php
if(!(isset($_SESSION['remote_user_id']))){
session_start();
}
if(!($_SESSION['remote_user_id']==$_REQUEST['officer'])){
exit();
}
if(!(isset($_GET['subject_code']))){
$_GET['subject_code']="";
}
//กลับ
if(isset($_GET['return'])){
$return=$_GET['return'];
}
else{
$return=0;
}
if(isset($_GET['page'])){
$page=$_GET['page'];
}
else{
$page="";
}
if(isset($_POST['ref_id'])){
$rec_date = date("Y-m-d");
if($_POST['comment']!=""){
$sql = "insert into supervision_comment(ref_id,person_id,subject_code,comment,rec_date) values ('$_POST[ref_id]', '$_POST[person_index]', '$_POST[subject_code]', '$_POST[comment]' ,'$rec_date')";
$dbquery = mysqli_query($connect,$sql);
}
function file_upload() {
$uploaddir = '../upload_files/'; //ที่เก็บไไฟล์
$uploadfile = $uploaddir.$_FILES['userfile']['name'];
$file_name = $_FILES['userfile']['name'] ;
$array_last = explode("." ,$file_name) ;
$lastname = strtolower ($array_last[1]) ;
$lastname_2=".".$lastname;
$rand_number=rand();
$file_name=$_POST['ref_id'].$rand_number;
if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile))
{
$before_name = $uploadfile;
$name = $file_name.$lastname_2;
$changed_name = $uploaddir.$file_name.$lastname_2;
rename("$before_name" , "$changed_name");
//ลดขนาดภาพ
if(($lastname =="JPG") or ($lastname=="jpg")){
$ori_file=$changed_name;
$ori_size=getimagesize($ori_file);
$ori_w=$ori_size[0];
$ori_h=$ori_size[1];
if($ori_w>800){
$new_w=800;
$new_h=round(($new_w/$ori_w)*$ori_h);
$ori_img=imagecreatefromjpeg($ori_file);
$new_img=imagecreatetruecolor($new_w, $new_h);
imagecopyresized($new_img, $ori_img,0,0, 0,0, $new_w, $new_h, $ori_w, $ori_h);
$new_file=$ori_file;
imagejpeg($new_img, $new_file);
imagedestroy($ori_img);
imagedestroy($new_img);
}
}
return $name;
}
}
if($_FILES['userfile']['name']!=""){
$myfile1_name = $_FILES ['userfile'] ['name'] ;
$array_last1 = explode("." ,$myfile1_name) ;
$c1 =count ($array_last1) - 1 ;
$lastname1 = strtolower ($array_last1 [$c1] ) ;
if($lastname1 =="doc" or $lastname1 =="docx" or $lastname1 =="rar" or $lastname1 =="pdf" or $lastname1 =="xls" or $lastname1 =="xlsx" or $lastname1 =="zip" or $lastname1 =="jpg" or $lastname1 =="gif" ) {
$file=file_upload();
$sql = "insert into supervision_file(ref_id,subject_code,file_name) values ('$_POST[ref_id]','$_POST[subject_code]','$file')";
$dbquery = mysqli_query($connect,$sql);
}
}
if($_POST['return']==1){
echo "<script>document.location.href='?file=sp1_mobile&school_index=$_POST[school_index]&person_index=$_POST[person_index]&index=1';</script>\n";
}
else if($_POST['return']==1.1){
$sql = "select id from supervision_main where ref_id='$_POST[ref_id]' ";
$dbquery = mysqli_query($connect,$sql);
$result_ref = mysqli_fetch_array($dbquery);
$id=$result_ref['id'];
echo "<script>document.location.href='?file=sp1_mobile&school_index=$_POST[school_index]&person_index=$_POST[person_index]&index=5&id=$id&page=$_POST[page]';</script>\n";
}
else if($_POST['return']==2){
$sql = "select id from supervision_main where ref_id='$_POST[ref_id]' ";
$dbquery = mysqli_query($connect,$sql);
$result_ref = mysqli_fetch_array($dbquery);
$id=$result_ref['id'];
echo "<script>document.location.href='?file=sp1&school_index=$_POST[school_index]&person_index=$_POST[person_index]&index=5&id=$id&page=$_POST[page]';</script>\n";
}
else{
echo "<script>document.location.href='?file=sp1&school_index=$_POST[school_index]&person_index=$_POST[person_index]&index=1';</script>\n";
}
}
echo "<form Enctype = multipart/form-data id='frm2' name='frm2' action='?file=sp2&index=4' method=post>";
echo "<Br><Br>";
echo "<Table width='300' Border='0' align='center'>";
echo "<Tr align='left'><Td ></Td><Td align='right'>นิเทศ </Td><Td><textarea rows='10' cols='35' name='comment'></textarea></Td></Tr>";
echo "<tr align='left'>";
echo "<Td ></Td><td align='right'>เอกสาร </td>";
echo "<td align='left'><input name = 'userfile' type = 'file'></td>";
echo "</tr>";
echo "<tr align='left' height='70'>";
echo "<Td ></Td><td></td><td align='left'>";
echo "<INPUT TYPE='button' name='smb' value='ตกลง' onclick='goto_upload(1)'>";
echo "</td></tr>";
echo "</Table>";
echo "<INPUT TYPE='Hidden' name='ref_id' value='$_GET[ref_id]'>";
echo "<INPUT TYPE='Hidden' name='subject_code' value='$_GET[subject_code]'>";
echo "<INPUT TYPE='Hidden' name='school_index' value='$_GET[school_index]'>";
echo "<INPUT TYPE='Hidden' name='person_index' value='$_GET[person_index]'>";
echo "<INPUT TYPE='Hidden' name='officer' value='$_GET[officer]'>";
echo "<INPUT TYPE='Hidden' name='return' value='$return'>";
echo "<INPUT TYPE='Hidden' name='page' value='$page'>";
echo "</form>";
?>
<script>
function goto_upload(val){
if(val==1){
callfrm2();
}
}
function callfrm2()
{
frm2.target = "_self";
frm2.method = "POST";
document.getElementById("frm2").submit();
}
</script>
