<?php
/** ensure this file is being included by a parent file */
defined( '_VALID_' ) or die( 'Direct Access to this location is not allowed.' );
?>
<?php
//print_r($_REQUEST);
//print_r($_FILES);
//print_r($_SESSION);
foreach($_REQUEST as $key=>$value)
{
$$key=$value;
}
//$predoc_id ="";
$workgroup = "";//$_SESSION['workgroup'];
/*$content1 = htmlspecialchars($content1);
$content2 = htmlspecialchars($content2);
$content3 = htmlspecialchars($content3);*/
//เช็คบุคลากร
$sql_person = "select * from person_main where person_id='$officer'";
$dbquery_person = mysqli_query($connect,$sql_person);
$result_person = mysqli_fetch_array($dbquery_person);
$total_pid = mysqli_num_rows($dbquery_person);
$position_code = $result_person['position_code'];
$department = $result_person['department'];
$fullname=$result_person['prename'].$result_person['name']." ".$result_person['surname'];
$book_year = $_SESSION['bookregister_year'];
$book_number = $id;
$book_no = $book_number ."/". $book_year;
$book_date = date("Y-m-d");
//$book_status = $book_status;
//เช็คค่าว่าง
//echo $bookto_id;
if($predoc_id == 1 and $bookto_id == ''){ //เมนอทันที แต่ไม่เลือกผู้ผ่านเรื่อง
echo" <br><br><center>กรุณาเลือก ผอ.กลุ่ม หรือ รอง ผอ.สพท. หรือ ผอ.สพท. ในช่อง <b>ส่งบันทึกข้อความถึง</b> ก่อนบันทึกเสนอ - <br>";
?>
<form><br> <input type="button" class="btn btn-danger" value="กลับไปแก้ไข" onclick="history.back()"></form></center>
<?php
exit();
}else{ //จบเช็คค่าว่าง
$sql = "UPDATE `idocument_main` SET
`workgroup` = '$department',
`workgroup_txt` = '$workgroup_txt',
`book_year` = '$book_year',
`book_date` = '$book_date',
`subject` = '$subject',
`pre_doc_id` = '1',
`book_to` = '$book_to',
`content1` = '$content1',
`content2` = '$content2',
`content3`= '$content3',
`officer` = '$officer',
`officer_name` = '$officer_name',
`officer_position`= '$officer_position',
`book_status` = '1',
`book_type` = '$book_type'
WHERE id = $id ";
/*
$sql = "UPDATE `idocument_main` SET
`workgroup` = '$department',
`workgroup_txt` = '$workgroup_txt',
`book_year` = '$book_year',
`book_number` = '$book_number',
`book_no` = '$book_no',
`book_date` = '$book_date',
`subject` = '$subject',
`pre_doc_id` = '1',
`book_to` = '$book_to',
`content1` = '$content1',
`content2` = '$content2',
`content3`= '$content3',
`officer` = '$officer',
`officer_name` = '$officer_name',
`officer_position`= '$officer_position',
`book_status` = '1',
`book_type` = '$book_type'
WHERE id = $id ";
*/
//echo $sql."<br>";
$dbquery = mysqli_query($connect,$sql);
if ($dbquery){
$last_id = mysqli_insert_id($connect);
$book_status1 = (get_magic_quotes_gpc()) ? $_GET["book_status1"] : addslashes($_GET["book_status1"]);
$send_time = date("Y-m-d H:i:s");
if($book_status1==99){
$sqlSento = "UPDATE idocument_sendto SET send_time = '$send_time', document_from = '$officer', status = 1 Where document_id = '$id' and document_from = '$officer'";
mysqli_query($connect, $sqlSento);
}else{
//if($bookto_id > 0){ //ต้องเลือกคนผ่าน
$sqlSento = "UPDATE idocument_sendto SET rec_id = md5('$last_id'), send_time='$send_time', person_id = '$bookto_id',document_from = '$officer', status = 1 Where document_id = '$id' ";
//} //จบเช็คคนผ่านเรื่อง
mysqli_query($connect, $sqlSento);
}
//echo $sqlSento."<br>";
//if($predoc_id == 1){ //ถ้าบันทึกเสนอให้ส่ง line
//แจ้งเตือน line ///
/*
$officer_name; //เจ้าของเรื่อง
$officer_position //ตำแหน่งเจ้าของเรื่อง
$predoc_id //สถานะบันทึก 0=ร่าง 1=เสนอ
$subject //ชื่อเรื่อง
$book_type //ความเร่งด่วน 0=ปกติ 1=ด่วน 2=ด่วนที่สุด 3=ลับ
$book_no //เลขที่
$book_date //ลงวันที่
$workgroup_txt //กลุ่ม
*/
$person_id=$bookto_id; //เลข ปชช. ของ ผอ.กลุ่มหรือรอง หรือผู้ที่เราจะเสนอบันทึก
if($book_type==0){
$book_type_name ="ปกติ";
}elseif($book_type==1){
$book_type_name ="ด่วน";
}elseif($book_type==2){
$book_type_name ="ด่วนที่สุด";
}elseif($book_type==3){
$book_type_name ="ลับ";
}
//สร้าง url สั้น
//index.php?option=idocument&task=book_pass&action=comment&id=376
$link1 = "/index.php?option=idocument";
$link2 = "&task=book_pass";
$link3 = "&id=$id";
$link4 = "&action=comment";
$url_permis = "$url"."$folder"."$link1"."$link2"."$link3"."$link4";
//สุ่ม ref_id
function generateRandomString($length = 20) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
$url_id = generateRandomString();
$url_id2 = generateRandomString();
//
//บันทึก url ของบันทึกข้อความ
$user = $_SESSION['login_user_id'];
$sql = "insert into urlshort (person_id, url_id, url_name) values ('$user', '$url_id','$url_permis')";
$dbquery = mysqli_query($connect,$sql);
$result = mysqli_fetch_array($dbquery);
$urlshort = "$url$folder/shortlink.php?url_id=$url_id"; // //ลิ้งค์สั้น
$url_id_data = $result['url_id'];
//จบสร้าง url ของบันทึกข้อความ
//บันทึก url ของหน้า login จาก line
$link11 = "/?p=$person_id";
$link21 = "&url_id=$url_id";
$url_permis = "$url"."$folder"."$link11"."$link21";
$sql = "insert into urlshort (person_id, url_id, url_name) values ('$user', '$url_id2','$url_permis')";
$dbquery = mysqli_query($connect,$sql);
$result = mysqli_fetch_array($dbquery);
$urlshort = "$url$folder/shortlink.php?url_id=$url_id2"; // //ลิ้งค์สั้น
//จบสร้าง url ของหน้า login จาก line
//send line
$message = "มีการแก้ไขบันทึกข้อความ ($book_type_name) เสนอท่าน: \n";
$subject = "เรื่อง: $subject \nเลขที่: $book_no \nลงวันที่: $book_date \nเสนอโดย: $officer_name $officer_position \n$workgroup_txt\n\nตรวจสอบ/อนุมัติ: $urlshort";
//require_once "linenotify.php"; //นำเข้าคำสั่งส่งไลน์
//จบแจ้งเตือน line ///
//} //จบการเช็คสถานะบันทึก
/*
//Upload file Ref Doc.
//Check Ref doc
$sql = "Select * From idocument_files Where document_id = '$id' and docType = 'ref' ";
$result = mysqli_query($connect,$sql);
$row = $result->fetch_assoc();
$file_name = $row['file_name'];
$file_des = $row['file_des'];
$target_dir = "./modules/".$_GET['option']."/upload_files/";
$file_no = 0;
//for($j=0;$j<count($_FILES['UploadedFile']['tmp_name']);$j++) {
$commentFile = $UploadedFileComment1;
if(!empty($_FILES['UploadedFile1']['tmp_name'])) {
++$file_no;
$target_file = $target_dir . basename($_FILES["UploadedFile1"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
//เช็คนามสกุล
// $allow_lastname = array("doc","docx","xlsx","xls","pdf","zip","rar","ppt","pptx");
if(in_array($imageFileType, $allow_lastname)) { //เริ่มเช็คนามสกุล
$rename_file = $target_dir . $id . '-ref-' . round(microtime(true)) . '_'.$file_no.'.'. strtolower($imageFileType);
if (move_uploaded_file($_FILES["UploadedFile1"]["tmp_name"], $rename_file)) {
//echo "The file ". basename( $_FILES["UploadedFile"]["name"][$j]). " has been uploaded.";
}else{
$rename_file = "";
$imageFileType = "";
}
if($commentFile != $file_des){
$sql = "INSERT INTO idocument_files(id, document_id, file_name,file_des,filetype, docType) VALUE('', $id,'$rename_file', '$commentFile', '$imageFileType', 'ref')";
$result = mysqli_query($connect,$sql);
echo $sql."<br>";
}
if($file_name != $rename_file){
$sql = "UPDATE idocument_files SET file_name = '$rename_file', file_des = '$commentFile', filetype = '$imageFileType' Where document_id = '$id' and docType = 'ref' ";
$result = mysqli_query($connect,$sql);
}
}else{ //ถ้าไม่ใช้ไฟล์ที่อนุญาตไม่ให้ผ่าน
echo "<br><br><center><font color=red>-รูปแบบไฟล์ไม่ถูกต้อง-</font></center>";
} //จบการเช็คนามสกุล
// echo $sql."<br>";
}
//Upload file
//Upload file Attach Doc.
$sql = "Select * From idocument_files Where document_id = '$id' and docType = 'attach' ";
$result = mysqli_query($connect,$sql);
$row = $result->fetch_assoc();
$file_name = $row['file_name'];
$file_des = $row['file_des'];
$target_dir = "./modules/".$_GET['option']."/upload_files/";
$file_no = 0;
$commentFile = $UploadedFileComment2;
if(!empty($_FILES['UploadedFile2']['tmp_name'])) {
++$file_no;
$target_file = $target_dir . basename($_FILES["UploadedFile2"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
//เช็คนามสกุล
// $allow_lastname = array("doc","docx","xlsx","xls","pdf","zip","rar","ppt","pptx");
if(in_array($imageFileType, $allow_lastname)) { //เริ่มเช็คนามสกุล
$rename_file = $target_dir . $id . '-attach-' . round(microtime(true)) . '_'.$file_no.'.'. strtolower($imageFileType);
if (move_uploaded_file($_FILES["UploadedFile2"]["tmp_name"], $rename_file)) {
//echo "The file ". basename( $_FILES["UploadedFile"]["name"][$j]). " has been uploaded."
}else{
$rename_file = "";
$imageFileType = "";
}
if($commentFile != $file_des){
$sql = "INSERT INTO idocument_files(document_id, file_name, file_des, filetype, docType) VALUE('$id','$rename_file', '$commentFile', '$imageFileType', 'attach')";
$result = mysqli_query($connect,$sql);
echo $sql."<br>";
}
if($file_name != $rename_file){
$sql = "UPDATE idocument_files SET file_name = '$rename_file', file_des = '$commentFile', filetype = '$imageFileType' Where document_id = '$id' and docType = 'attach' ";
$result = mysqli_query($connect,$sql);
}
}else{ //ถ้าไม่ใช้ไฟล์ที่อนุญาตไม่ให้ผ่าน
echo "<br><br><center><font color=red>-รูปแบบไฟล์ไม่ถูกต้อง-</font></center>";
} //จบการเช็คนามสกุล
//echo $sql."<br>";
}
//Upload file
*/
}
}
echo "<script language='javascript'>window.location.href ='?option=".$option."&task=view'</script>";
?>
