MINI SHELL

<?php
	session_start();
	$nochecklogin= true;
	include_once("../../config/usermanagerConfig.inc.php");
	include_once("common/function.php");
	session_destroy();
	
	function check_login($id){// ฟังชั่นเช็ค ช่วงเวลา
		//date_default_timezone_set('Asia/Bangkok');
		$xh = date("H");
		$xm = date("i");
		$xsc = date("s");
		$xdate = date("d");
		$xmonth = date("m");
		$xyear = date("Y");
		$xmktime = mktime($xh,$xm,$xsc,$xmonth,$xdate,$xyear);
		$sql = "SELECT main_menu.NID,main_menu.date_start,main_menu.date_end,main_menu.time_start,main_menu.time_end FROM main_menu
											Inner Join epm_staffgroup ON main_menu.NID = epm_staffgroup.org_id
											Inner Join epm_groupmember ON epm_groupmember.gid = epm_staffgroup.gid WHERE epm_groupmember.staffid='".$id."' ";
		$xresult = mysql_query( $sql );
		$xrs = mysql_fetch_assoc( $xresult );
		
		$arr_t_s= explode(":",$xrs["time_start"]);
		$arr_d_s = explode("-",$xrs["date_start"]);
		$arr_t_e = explode(":",$xrs["time_end"]);
		$arr_d_e = explode("-",$xrs["date_end"]);
			$year_s = ((!empty($arr_d_s[0]))?$arr_d_s[0]:'0000');
			$year_e = ((!empty($arr_d_e[0]))?$arr_d_e[0]:'0000');
			$Date_mktime_start = @mktime($xh,$xm,$xsc, $arr_d_s[1], $arr_d_s[2],$year_s);//วันที่เริ่มต้น
			$Date_mktime_end = @mktime($xh,$xm,$xsc, $arr_d_e[1], $arr_d_e[2],$year_e);//วันที่เริ่มสิ้นสุด
			$Time_mktime_start = @mktime( $arr_t_s[0], $arr_t_s[1],$arr_t_s[2],$xmonth, $xdate, $xyear );//เวลาเริ่มต้น
			
			if($xrs["time_start"] > $xrs["time_end"]){//ถ้ากำหนดเวลาเกินเที่ยงคืน
				$Time_mktime_end = @mktime( $arr_t_e[0], $arr_t_e[1], $arr_t_e[2],$xmonth, ($xdate+1), $xyear);//เวลาเริ่มสิ้นสุด
			}else{
				$Time_mktime_end = @mktime( $arr_t_e[0], $arr_t_e[1], $arr_t_e[2],$xmonth, $xdate, $xyear);//เวลาเริ่มสิ้นสุด
			}
			
			if( ($xrs["date_start"] == "0000-00-00" && $xrs["date_end"] == "0000-00-00") || ($xrs["date_start"] == "" && $xrs["date_end"] == "") and 
			 ($xrs["time_start"] == "00:00:00" && $xrs["time_end"] == "00:00:00") || ($xrs["time_start"] == "" && $xrs["time_end"] == "") ){
				$re_value = true;
			}else
			if( ($xrs["date_start"] == "0000-00-00" && $xrs["date_end"] == "0000-00-00") || ($xrs["date_start"] == "" && $xrs["date_end"] == "")){
				if( 	(($xmktime >= $Time_mktime_start ) && ($xmktime <= $Time_mktime_end)) ){
					$re_value = true;
				}else{
					$re_value = false;
				}
			}else
			if( ($xrs["time_start"] == "00:00:00" && $xrs["time_end"] == "00:00:00") || ($xrs["time_start"] == "" && $xrs["time_end"] == "") ){
				if( 	(($xmktime >= $Date_mktime_start ) && ($xmktime <= $Date_mktime_end)) ){
					$re_value = true;
				}else{
					$re_value = false;
				}
			}else{
				if( (($xmktime >= $Date_mktime_start ) && ($xmktime <= $Date_mktime_end)) && 
					(($xmktime >= $Time_mktime_start ) && ($xmktime <= $Time_mktime_end)) ){
					$re_value = true;
					
				}else{
					$re_value = false;
				}
				
			}
		return $re_value;
	}// end function

	if ($_SERVER[REQUEST_METHOD] == "POST"){ 
		$sql ="select * from epm_staff where username='".$_POST['uname']."'";
		$result = mysql_query($sql);	
		$rs = mysql_fetch_assoc($result);  #echo $sql ;
		if ($rs && $pwd  == $rs["password"]){
		
		//echo $rs." == ".$pwd;die;
			session_register("session_username");
			session_register("session_staffid");
			session_register("session_dev_id");
			session_register("session_depusername");
			session_register("session_fullname");
			session_register("session_depname");
			session_register("session_lastlogin");
			session_register("session_dev_parent_id");
			session_register("session_group");
			
			$_SESSION[session_username] = $uname;
			$_SESSION[session_password] = $pwd;
			$_SESSION[session_staffid] = $rs[staffid];
			$_SESSION[session_dev_id] = $rs[org_id];
			$_SESSION[session_depusername] = $rs[username];
			$_SESSION[session_fullname] = $rs[prename] . " " . $rs[staffname] . " " . $rs[staffsurname];
			$_SESSION[session_depname] = mysql_fetch_assoc(mysql_query("select NLABEL from main_menu where NID='$rs[org_id]';"));
			$_SESSION[session_lastlogin] = mysql_fetch_assoc(mysql_query("select max(logtime) from epm_log where staffid='$rs[staffid]';"));
			$_SESSION[session_dev_parent_id] = mysql_fetch_assoc(mysql_query("select PARENT_ID from main_menu where NID='$rs[org_id]';"));
			$_SESSION[session_main_areaid] = mysql_fetch_assoc(mysql_query("select areaid from main_menu where NID='$rs[org_id]';"));
			// session การกำหนดสิทธิการเข้าถึงโปรแกรม เพิ่มเติม Kidsana
			session_register("session_apppermit");
			session_register("SS_PERMISSION");
			session_register("SS_USER_VIEW_ID");
				$SQL_PERMISSION = " 
				SELECT
				app_provision.pro_caption,
				app_authority_staff.appid,
				app_authority_staff.authority,
				app_authority_staff.view,
				app_authority_staff.`add`,
				app_authority_staff.edit,
				app_authority_staff.`delete`,
				app_authority_staff.sub_view
				FROM
				app_provision
				Inner Join app_authority_staff ON app_authority_staff.appid = app_provision.pro_id
				WHERE app_authority_staff.staffid ='".$rs["staffid"]."'
				"; 
				$RESULT = mysql_query($SQL_PERMISSION);	
				while( $PERMIS = mysql_fetch_array($RESULT)){
					//App_ID
					$_SESSION['SS_PERMISSION'][$PERMIS["appid"]]["VIEW"] = $PERMIS["view"];
					$_SESSION['SS_PERMISSION'][$PERMIS["appid"]]["ADD"] = $PERMIS["add"];
					$_SESSION['SS_PERMISSION'][$PERMIS["appid"]]["EDIT"] = $PERMIS["edit"];
					$_SESSION['SS_PERMISSION'][$PERMIS["appid"]]["DELETE"] = $PERMIS["delete"];
					$_SESSION['SS_PERMISSION'][$PERMIS["appid"]]["SUB_VIEW"] = $PERMIS["sub_view"];
					//App_Name
					$_SESSION['SS_PERMISSION'][$PERMIS["pro_caption"]]["VIEW"] = $PERMIS["view"];
					$_SESSION['SS_PERMISSION'][$PERMIS["pro_caption"]]["ADD"] = $PERMIS["add"];
					$_SESSION['SS_PERMISSION'][$PERMIS["pro_caption"]]["EDIT"] = $PERMIS["edit"];
					$_SESSION['SS_PERMISSION'][$PERMIS["pro_caption"]]["DELETE"] = $PERMIS["delete"];
					$_SESSION['SS_PERMISSION'][$PERMIS["pro_caption"]]["SUB_VIEW"] = $PERMIS["sub_view"];
					
				}
				$SQL_PERMISSION2 = " 
					SELECT
					app_provision.pro_caption,
					app_authority_staff.appid
					FROM
					app_provision
					Inner Join app_authority_staff ON app_authority_staff.appid = app_provision.pro_id
					WHERE app_authority_staff.staffid ='".$rs["staffid"]."'
				"; 
				$RESULT2 = mysql_query($SQL_PERMISSION2);	
				while( $PERMIS2 = mysql_fetch_array($RESULT2)){
						$_SESSION['SS_USER_VIEW_ID'][$PERMIS2["pro_caption"]] = getUserViewID($PERMIS2["appid"]);
				}
				
			// End session การกำหนดสิทธิการเข้าถึงโปรแกรม เพิ่มเติม Kidsana
			
			# CCAA Session : Modified by Aussy - + - + - + - + - + -
			/*if ( !$_SESSION['CCAA'] ) {
				$strSQL = "SELECT * FROM tbl_ccaa";
				$rsConn = mysql_query($strSQL);
				while ( $Result = mysql_fetch_object($rsConn) ) {
					$ccName = ( $Result->ccType == "Changwat" ) ? str_replace("จังหวัด", "", $Result->ccName) : $Result->ccName ;
					$ccName = ( $Result->ccType == "Aumpur" ) ? str_replace("อำเภอ", "", $Result->ccName) : $Result->ccName ;
					$ccName = ( $Result->ccType == "Tamboon" ) ? str_replace("ตำบล", "", $Result->ccName) : $Result->ccName ;
					$_SESSION['CCAA'][$Result->ccDigi] = $ccName;
				}
			}*/
			# End CCAA Session - + - + - + - + - + - + - + - + - + -
			# SESSION FOR PERMISSION by jessada@sapphire.co.th; ##########################
			$strSQL = "SELECT
								main_menu.SITEID,
								main_menu.NID,
								main_menu.NLABEL,
								epm_staff.prename,
								epm_staff.staffname,
								epm_staff.staffsurname
							FROM
								epm_staff
								INNER JOIN epm_groupmember ON epm_staff.staffid = epm_groupmember.staffid
								INNER JOIN epm_staffgroup ON epm_groupmember.gid = epm_staffgroup.gid
								INNER JOIN main_menu ON main_menu.NID = epm_staffgroup.org_id
							WHERE epm_staff.staffid =  '".$rs['staffid']."' AND main_menu.SITEID IS NOT NULL";
			$rsConn = mysql_query($strSQL);
			$Result = mysql_fetch_assoc($rsConn);
			session_register("session_org");
			$session_org = $Result['NID'];
			$_SESSION['SS_SITEID'] = $Result['SITEID'];
			
			$_SESSION['SS_SITEID_IDEN'] = $Result['SITEID'];
			$_SESSION['SS_YEAR'] = date("Y") + 543;
			$_SESSION['SS_MONTH'] = date("m");
			
			addLog("",9,"Login เป็น $uname");
			$monthname = array("", "ม.ค.", "ก.พ.", "มี.ค.", "เม.ย.", "พ.ค.", "มิ.ย.", "ก.ค.", "ส.ค.", "ก.ย.", "ต.ค.", "พ.ย.", "ธ.ค.");
			if ($uname == "root" ){ # ADMIN #
				if(check_login($session_staffid)){
					echo "<SCRIPT>window.location='user/index.php'</SCRIPT>";
					$xmsg = "Y";
				}else{
					$sql_check_login = "SELECT main_menu.NID,main_menu.date_start,main_menu.date_end,main_menu.time_start,main_menu.time_end FROM main_menu
											Inner Join epm_staffgroup ON main_menu.NID = epm_staffgroup.org_id
											Inner Join epm_groupmember ON epm_groupmember.gid = epm_staffgroup.gid WHERE epm_groupmember.staffid='".$_SESSION[session_staffid]."' ";
					$xresult1 = mysql_query($sql_check_login);
					$xrs1 = mysql_fetch_assoc($xresult1);
					$d_arr = explode("-",$xrs1["date_start"]);
					$t_arr = explode("-",$xrs1["date_end"]);
					$date_st = intval($d_arr[2])."  ". $monthname[intval($d_arr[1])]."  ".$d_arr[0];
					$date_et = intval($t_arr[2])."  ". $monthname[intval($t_arr[1])]."  ".$t_arr[0];
		
					echo "<script language=\"javascript\">
								alert(\"ไม่สามารถเข้าระบบได้เนื่องจากระบบได้กำหนดช่วงเวลาของท่านไว้\\nช่วงวันที่ของท่านคือ $date_st ถึง $date_et\\n ช่วงเวลา $xrs1[time_start] ถึง $xrs1[time_end]\");
								</script>";
					$xmsg = "N";
				}
			} else { # USER #
				if(check_login($session_staffid)){
				    
					$query_check = mysql_query("SELECT * FROM epm_groupmember AS mem JOIN epm_staffgroup AS gro  ON mem.gid = gro.gid 
					                            WHERE mem.staffid = '$session_staffid' AND gro.groupname = 'Senior' ");
												
					$num_check = mysql_num_rows($query_check);
					if($num_check > 0){
					  $rows = mysql_fetch_array($query_check);
					  $_SESSION['org_id'] = $rows['org_id'];
					  $_SESSION['senior'] = '1';
					}							
				    
					echo "<SCRIPT>window.location='../face_members/index.php'</SCRIPT>";
                    $xmsg = "Y";
				}else{
				
				$sql_check_login = "SELECT main_menu.NID,main_menu.date_start,main_menu.date_end,main_menu.time_start,main_menu.time_end FROM main_menu
											Inner Join epm_staffgroup ON main_menu.NID = epm_staffgroup.org_id
											Inner Join epm_groupmember ON epm_groupmember.gid = epm_staffgroup.gid WHERE epm_groupmember.staffid='".$_SESSION[session_staffid]."' ";
					$xresult1 = mysql_query($sql_check_login);
					$xrs1 = mysql_fetch_assoc($xresult1);
					$d_arr = explode("-",$xrs1[date_start]);
					$t_arr = explode("-",$xrs1[date_end]);
					$date_st = intval($d_arr[2])."  ". $monthname[intval($d_arr[1])]."  ".$d_arr[0];
					$date_et = intval($t_arr[2])."  ". $monthname[intval($t_arr[1])]."  ".$t_arr[0];
		
					echo "<script language=\"javascript\">
								alert(\"ไม่สามารถเข้าระบบได้เนื่องจากระบบได้กำหนดช่วงเวลาของท่านไว้\\nช่วงวันที่ของท่านคือ $date_st ถึง $date_et\\n ช่วงเวลา $xrs1[time_start] ถึง $xrs1[time_end]\");
							</script>"; 	
					$xmsg = "N";
				}
			}
		}
		//8=login fail, 9 = login , 10 = logout
		addLog("",8,"พยายาม login เป็น $uname ด้วยรหัสผ่าน $pwd");
		if($xmsg == "N"){
			$msg = "";
			echo "<SCRIPT>window.location='logout.php'</SCRIPT>";
		}else{
			$msg = "Username หรือ Password ไม่ถูกต้อง ";
			echo "<SCRIPT>alert('Username หรือ Password ไม่ถูกต้อง');window.location='logout.php'</SCRIPT>";
		}
	}

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<title>LOGIN SYSTEM</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">
<LINK href="common/style.css" rel=stylesheet>
<style type="text/css">
<!--
.header1 {	font-family:"MS Sans Serif", Tahoma, Arial;
	font-size:1em;
	font-weight:bold;
	color: #FFFFFF;
}
.main {	font-family:"MS Sans Serif", Tahoma, Arial;
	font-size:0.8em;
	color: #FF0000;
	font-weight:bold;
}
.normal {	font-family:"MS Sans Serif", Tahoma, Arial;
	font-size:0.8em;
}
body {
	margin-left: 0px;
	margin-top: 0px;
	margin-right: 0px;
	margin-bottom: 0px;
}
-->
</style>
</head>
<body  bgcolor="#006699">
<table width="100%" height="500" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td align="center" valign="top">
      <br>
      <br>
	  <br>
	  <table width="500" border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
      <tr>
        <td style="border:#818181 solid 1px; background-color:#EEEEEE  ">
		<P>&nbsp;</P>
		<table width="100%" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td height="178" align="center" style=" padding:10px;"><table width="350" border="0" cellpadding="0" cellspacing="0" bgcolor="#ECECEC">
              <tr>
                <td width="79" valign="top" background="images/emp_main_new_27.gif" style=" background-repeat:repeat-y; background-position:left;"><img src="images/emp_main_new_19.gif" width="79" height="88"></td>
                <td width="264" background="images/emp_main_new_20.gif" style="background-repeat:repeat-x; background-position:top">
				<FORM name="form" METHOD="post" ACTION="login.php">
                  <br>
                  <table border=0 align=center>
                    <tr>
                      <td align="right" style="color:#FFFFFF">&nbsp;</td>
                      <td align="left">&nbsp;</td>
                      <td align="left">&nbsp;</td>
                    </tr>
                    <tr>
                      <td align="right" style="color:#666666"><B>ชื่อผู้ใช้</B></td>
                      <td align="left">&nbsp;</td>
                      <td align="left"><INPUT NAME="uname" id="uname" TYPE="text" class="epm_inputbox" value="" size=20 maxlength=20 onFocus="this.select();"></td>
                    </tr>
                    <tr>
                      <td align="right" style="color:#666666"><B>รหัสผ่าน</B></td>
                      <td align="left">&nbsp;</td>
                      <td align="left"><INPUT NAME="pwd" TYPE="password" class="epm_inputbox" value="" size=20 maxlength=20 onFocus="this.select();"></td>
                    </tr>
                    <tr>
                      <td>&nbsp;</td>
                      <td align="left">&nbsp;</td>
                      <td align="left"><input name="submit" type="submit" class="epm_button" value="   เข้าระบบ   "> <input name="back" type="button" class="epm_button" value="   กลับหน้าหลัก   " onClick="window.location='http://192.168.2.101'"></td>
                    </tr>
                    
                    <tr>
                      <td colspan="3" align="center"><div align="center"><font color="RED"><b>
                          <?=$msg?>
                      </b></font></div></td>
                    </tr>
                  </TABLE>
                </FORM></td>
                <td width="7" align="right" valign="top" background="images/emp_main_new_25.gif" style="background-repeat: repeat-y; background-position:right"><img src="images/emp_main_new_22.gif" width="7" height="15"></td>
              </tr>
              <tr>
                <td valign="bottom" background="images/emp_main_new_27.gif" style=" background-repeat:repeat-y; background-position:left;"><table width="100%" border="0" cellspacing="0" cellpadding="0">
                  <tr>
                    <td valign="bottom" background="images/emp_main_new_31.gif"><img src="images/emp_main_new_30.gif" width="7" height="6"></td>
                  </tr>
                </table></td>
                <td background="images/emp_main_new_31.gif" style="background-repeat:repeat-x; background-position:bottom">&nbsp;</td>
                <td align="right" valign="bottom" background="images/emp_main_new_25.gif" style="background-repeat: repeat-y; background-position:right"><img src="images/emp_main_new_33.gif" width="7" height="6"></td>
              </tr>
              
            </table>
              <P>&nbsp;</P></td>
          </tr>
          <tr>
            <td  align="center"></td>
          </tr>
        </table></td>
      </tr>
      
    </table></td>
  </tr>
</table>
</body>
</html>
<script language="javascript1.2">
	document.getElementById("uname").focus();
</script>