|
Server : Apache/2.2.2 (Fedora) System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686 User : apache ( 48) PHP Version : 5.2.9 Disable Function : NONE Directory : /var/www/html/eoffice/application/document/ |
Upload File : |
<?
//Function สุ่ม ตัวเลข | วิธีใช้งาน : randomstr (ความยาวอักษรที่ต้องการสุ่ม) by Paak
function randomstr ($length)
{
$possible = '0198765432';
$possible.= 'abcdefghijklmnopqrstuvwxyz';
$str=" ";
while ( strlen ($str) <= $length)
{
$str .= substr ($possible, (rand() % strlen($possible)), 1);
}
return ($str);
}
function getAuto_number($gid){
$i = 0;
$chk == true;
do{
if($i > 0){
$gid++;
}
if(chkidnumber($gid) > 0){
$chk = false;
}
$i++;
}while($chk);
return $gid;
}
function chkidnumber($id){
$sql = "SELECT COUNT(*) as cnum FROM document WHERE docid='".$id."'";
$result = mysql_query($sql) ;
$rs = mysql_fetch_assoc($result);
return $rs['cnum'];
}
//Date Change Type
$d = explode("/", $pdate);
$ndate = ($d[2] - 543)."-".$d[1]."-".$d[0];
$d = explode("/", $tdate);
$ndate2 = ($d[2] - 543)."-".$d[1]."-".$d[0];
####-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=PROCESS
//////////////////////// check METHOD POST
$sql = " SELECT staffid, prename, staffname, staffsurname, title FROM epm_staff ";
$result = mysql_query($sql) ;
while($rs = mysql_fetch_assoc($result)){
$arr_staffname[$rs[staffid]] = $rs[prename] . $rs[staffname].' '.$rs[staffsurname];
if($rs[title]){
$arr_staffname[$rs[staffid]].="<br> ตำแหน่ง (". $rs[title] .")";
}
}
if ($_SERVER[REQUEST_METHOD] == "POST"){
//echo "<pre>";
print_r($_POST);
//die;
////////////////// ID ADD
if($action=="add_past"){$action="add";$mode="past";}
if($action == "add"){
if(!$mode){
//ตรวจสอบ max ID
$sql_max_case="select max(docid) as maxcase from document where type='$type' ";
$query = mysql_query($sql_max_case)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$maxrs = mysql_fetch_assoc($query);
if(!$maxrs){
$maxcase="0";
}else{
$maxcase=$maxrs[maxcase];
}
$maxcase++;
if(!is_int($docid)){
$docid=$maxcase;
}
//ตรวจสอบ ID ที่คีย์เข้ามา docregid KEY IN
$sql_max_case="select * from document where docid='$docid' and type='$type' ";
$query = mysql_query($sql_max_case)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$check_id = mysql_fetch_assoc($query);
if($check_id){
$msg = "<li>หมายเลขที่กำหนดซ้ำกับเอกสารที่มีอยู่ในระบบ<li>ระบบจะทำการกำหนดเป็นหมายเลข $maxcase <br> ";
// include('msg_box.php');
$docid=$maxcase;
}
}elseif($mode=="past"){
/*
$sql_max_case="select * from document where number='$number' ";
$query = mysql_query($sql_max_case)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$row_check=mysql_num_rows($query);
if($row_check){
$msg="<li>หมายเลขที่กำหนดซ้ำกับเอกสารที่มีอยู่ในระบบ<li> กรุณาระบุหมายเลขลงรับใหม่ <br> ";
include('msg_box.php');
echo "<meta http-equiv='refresh' content='3;url=$PHP_SELF?type=$type&action=add_past''>" ;
exit;
}else{
$docid_pass=$number;
}
*/
}
$sql_max_case="select max(number) as maxnum from document where type='$type' ";
$query = mysql_query($sql_max_case)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$maxrs = mysql_fetch_assoc($query);
if(!$maxrs){
$maxnum="0";
}else{
$maxnum=$maxrs[maxnum];
}
$maxnum++;
if(!is_int($number)){
$number=$maxnum;
}
//ตรวจสอบ NUM ที่คีย์เข้ามา docregid KEY IN
$sql_max_case="select * from document where number='$number' and type='$type' ";
$query = mysql_query($sql_max_case)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$checkn_id = mysql_fetch_assoc($query);
if($checkn_id){
//include('msg_box.php');
$number=$maxnum;
}
$sql_setting="select * from system";
$result=mysql_query($sql_setting);
while($rs=mysql_fetch_assoc($result)){
$com[$rs[command]]=$rs[value];
}
if($type=="send"){
$type_running="runningout";
}elseif($type=="circular"){
$type_running="runningcircular";
}
if($com[$type_running]>$number){
$number=$com[$type_running]+1;
$sql_setting="UPDATE `system` SET `value`='0' WHERE (command = '$type_running' ) ";
#$result=mysql_query($sql_setting);
}
if(($type=="send")||($type=="circular")){
// หาชื่อผู้ส่ง
if(intval($sending_select)=="0"){
$sending=$wordingset[intval($sending_select)];
$sector="0";
}else{
// ใช้กรณีที่มีการแทนแค่ 1 กรณี
$selected=$sid1;
$select1=explode('.',$sending_select);
$sql_group="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title
FROM
$table_staff
WHERE
$table_staff.username NOT LIKE 'admin_%'
AND $table_staff.username NOT LIKE 'root%'
AND $table_staff.staffid = '$selected'
order by $table_staff.staffid
";
$result = mysql_query($sql_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$hrs = mysql_fetch_assoc($result);
$sending=$hrs[prename].$hrs[staffname]." ".$hrs[staffsurname];
if($sending){$sending="(".$sending.")";}
$sending.=" ".$hrs[title];
#if($position_show=="show"){$sending.=$hrs[title];}
$sending.=" ".$wordingset[$select1[0]][$select1[1]].$wordingset[0];
$sector=$sending_select;
}
}
//echo $sending;
////// DOC REG ADD
/*
$refid="";
if($digit){
foreach($digit as $num => $val){
if($val=="autonumber"){
$val=zerofill($number,$digit_char[$num]);
}
$refid.=$val;
}
}
*/
$getting = $gid_show;
$comment = trim($comment);
if(!$speed){ $speed="NULL"; }
if(!$secret){ $secret="NULL"; }
if( ($type=="get") ){ $getting=$_POST[getting]; $refid=$_POST[refid]; }
if( ($type=="send") ){ $getting=$_POST[getting]; }
if($mode=="pass"){ $number=$docid_pass; }
if(($mode=="past")){
$number='';
if( ($type=="send") ){$getting=$_POST[getting]; $sending=$_POST[sending]; $refid=$_POST[refid]; }
if( ($type=="circular") ){$getting=$_POST[getting]; $sending=$_POST[sending]; $refid=$_POST[refid]; }
}
// if($act){$sending.=" ".$act."ผู้ว่าราชการจังหวัด".$provincename;}
$phpsessid=session_id( );
####
$docid=$_POST['docid'];
####
if(($mode=="past")){
$sqldocreg = "
INSERT INTO document
(`id`,`type`,`docid`,`number`,`refid`,`pdate`,`sending`,`getting`,`title`,`comment`,`owner`,`status`,`time_rec`,`speed`,`secret`,`sector`,`phpsessid`) VALUES
(NULL,'$type','$docid','$docid','$refid','$ndate','$sending','$getting','$title','$comment','$user','0','$sql_time','$speed','$secret','$sector','$phpsessid')
";
}else{
/*
AND
document.`owner` ='$session_staffid'
AND
document.`phpsessid` ='$phpsessid'
*/
// echo "<pre>";
if(($type!="get")&&($mode!="past")){
if($type=="circular"){
$ct="ว";
}else{
$ct="";
}
$refid=$refid."/".$ct.$docid;
}
$sqldocreg = "
UPDATE document
SET
document.docid= '$docid',
document.pdate= '$ndate',
document.tdate= '$ndate2',
document.refid= '$refid',
document.sending='$sending',
document.getting= '$getting',
document.sector= '$sector',
document.title= '$title',
document.`comment`= '$comment',
document.owner= '$user',
document.speed='$speed',
document.secret='$secret',
document.mission='$mission',
document.doc_status=NULL
WHERE
document.`id` ='$id'
LIMIT 1 ;
";
//echo $sqldocreg;die;
}
$query = mysql_query($sqldocreg)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
if(($mode=="past")){
$docid = mysql_insert_id();
}else{
$docid = $id;
}
$doc_history="สร้างเอกสาร $docid";
doclog($docid,'',$sid_sub,$session_fullname_title,$session_staffid,$session_fullname_title,'',$doc_history ,'input');
if($type=="circular"){
############################################CIRCULAR ADD
# PID check
$pid_array = explode("," , $pid);
$u=0;
$where_code_G="";
foreach($pid_array as $gg => $g_num ){
if($u>0){$where_code_G.=" or "; }else{ $where_code_G.=" where "; }
if($u==0){ $where_code_G.=" ( "; }
$u++;
$where_code_G.=" $profile_groupmember.gid = '$g_num' ";
}
if($u>0){$where_code_G.=" ) "; }
# SID check
$sid_array = explode("," , $sid);
$u=0;
$where_code_S="";
foreach($sid_array as $gg => $g_num ){
if($u>0){
$where_code_S.=" or ";
}else{
$where_code_S.=" where ";
}
if($u==0){ $where_code_S.=" ( "; }
$u++;
$where_code_S.=" $table_staff.staffid = '$g_num' ";
}
if($u>0){ $where_code_S.=" ) "; }
//echo "<pre>";
$sql_list="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title,
$profile_groupmember.gid
FROM
$table_staff
LEFT Join $profile_groupmember ON $table_staff.staffid =$profile_groupmember.staffid
$where_code_G
UNION
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title,
'' as gid
FROM
$table_staff
$where_code_S
";
//echo "== ".$sql_list;
$result = mysql_query($sql_list)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($li = mysql_fetch_assoc($result)){
#$staff_fullname_title = $li[prename] . " " . $li[staffname] . " " . $li[staffsurname]." (".$li[title].")";
// print_r($li);
if($li[gid]){ $party_txt="p$li[gid]"; }else{ $party_txt=""; }
$comment=trim($comment);
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timerec`,`comment`)
VALUES
(NULL,'$docid','$party_txt',$li[staffid],'0',$session_staffid,'$sql_time','$comment')
";
if($take_out){
foreach($take_out as $num => $val){
if($val==$li[staffid]){$cross="ture";}else{$cross="";}
}
} ######### END if($take_out)
if($cross!="ture"){
#echo $li[staffid]."<br>";
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$doc_reciveid=mysql_insert_id();
$doc_history="เวียนเอกสาร";
doclog($docid,$doc_reciveid,$li[staffid],$arr_staffname[$li[staffid]],$session_staffid,$staff_fullname_title,'',$doc_history ,$action);
}
$cross=""; ########END if($cross!="ture")
}############# END
// die;
################################################
}
// กรณีหนังสือส่ง
if($type=="send"){
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timesend`,`comment`)
VALUES
(NULL,'$docid',NULL,'$sid','0','$session_staffid',now( ),'$comment')
";
//echo " == ".$sqlgetting;die;
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
if($minister){ //$comment.="รักษาการ / รักษาราชการ แทน";
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timesend`,`comment`)
VALUES
(NULL,'$docid',NULL,'$sid_sub','1100',$session_staffid,now( ),'$comment')
";
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
}
}
/*
////// PERSON RECEIVE ADD
$sqlgetting="
INSERT INTO `doc_receive`
(`id`,`docid`,`group_id`,`staff_id`,`status`,`timerec`)
VALUES
(NULL,'$docid','$gid','$staffid','0',now( ))
";
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
////// END PERSON RECEIVE ADD
*/
////// ATTACH ADD
if($_FILES){
$num_f=0;
foreach($file as $arr_num => $arr_name){
$attach_name[$arr_num]=$arr_name;$num_f++; $descript[$arr_num]=$description[$arr_num];
}
for($f=0;$f<$num_f;$f++){
if($file_name[$f]){
$name_random=randomstr(16);
$name_random=str_replace(" ",'',$name_random);
$f_ext[$f] = getFileExtension($file_name[$f]);
$attach_name=explode(".",$file_name[$f]);
$namepath="$name_random.$f_ext[$f]";
$namepath=str_replace(" ",'',$namepath);
$name="$file_name[$f]";
$save_path = "../../files/document/".$namepath;
$des="$descript[$f]";
if(!$des){$des=$name;}
if(file_exists($save_path)){
$name_random=randomstr(32);
$name_random=str_replace(" ",'',$name_random);
$namepath="$name_random.$f_ext[$f]";
$name="$file_name[$f]";
}
$sqlins = "
insert into doc_attach
( id , docid , name , attach , description)
values
(null , '$docid', '$name' , '$namepath' , '$des')
";
$query = mysql_query($sqlins )or die("Query line " . __LINE__ . " error<hr>".mysql_error());
copy($file[$f],$save_path);
if(PHP_OS=='Linux'){ chmod("$save_path",0777);}
}
} //end for
} //end if file
////// END DOC REG ADD
$refid_show=$refid;
if($auto_check=="on"){
//if($type=="circular"){$refid_show.="/ว$number ";}
//if($type=="send"){$refid_show.="/$number ";}
}
if(($type=="send")||($type=="send")){
$sent_text.="
<br> ได้รับหมายเลขเอกสาร <b>$refid_show</b>
<br> กรุณาตรวจสอบ เลขที่เอกสารอีกครั้ง <br> อาจมีการเปลี่ยนแปลงเมื่อบันทึกเอกสารแล้ว";
}
$msg.= "บันทึกข้อมูลเรียบร้อย $sent_text";
//// die;
//include('msg_box.php');
echo "<meta http-equiv='refresh' content='0;url=$PHP_SELF?type=$type&action=confirm&id=$docid''>" ;
exit;
?>
<br><br><center>
<!-- <input type='button' name='กลับหน้าหลัก' value='กลับหน้าหลัก' onclick="window.location.href='<?=$PHP_SELF?>?page=<?=$page?>&type=<?=$type?>' "> -->
</center>
<?
//echo "<meta http-equiv='refresh' content='1;url=$PHP_SELF?page=$page&type=$type'>" ;
exit;
}
////////////////// END ID ADD
////////////////// EDIT
if($action == "edit"){
$comment=trim($comment);
//echo "<pre>";
//print_r($_POST);
//die;
if($type=="send"){
// หาชื่อผู้ส่ง
$status_comment="";
// if($minister){$status_comment=" รักษาการแทน";}
if($sid_sub){$selected=$sid_sub;}else{$selected=$sid;}
$sql_group="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname
FROM
$table_staff
WHERE
$table_staff.username NOT LIKE 'admin_%'
AND $table_staff.username NOT LIKE 'root%'
AND $table_staff.staffid = '$selected'
order by $table_staff.staffid
";
$result = mysql_query($sql_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$hrs = mysql_fetch_assoc($result);
$sending=$hrs[prename].$hrs[staffname]." ".$hrs[staffsurname].$status_comment;
$sql_record_1st="select * from document where id=$id limit 1";
$result=mysql_query($sql_record_1st);
$rs_1st=mysql_fetch_assoc($result);
foreach($rs_1st as $col => $val){
$insert_code.="`$col`,";
$value_code.="'$val',";
}
$insert_code=substr($insert_code,0,-1);
$value_code=substr($value_code,0,-1);
$sql_record_2nd="
INSERT INTO `doc_edit` ($insert_code) VALUES ($value_code)
";
$result=mysql_query($sql_record_2nd);
$sql_del_circular="DELETE FROM `doc_receive` WHERE (`docid`='$id') ";
//$result = mysql_query($sql_del_circular)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timesend`,`comment`)
VALUES
(NULL,'$id',NULL,'$sid1','0','$session_staffid',now( ),'$comment')
";
//echo $sqlgetting;
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
//echo "sadd ==";die;
$doc_history="แก้ไขเอกสาร $docid";
doclog($id,'',$sid_sub,$session_fullname_title,$session_staffid,$session_fullname_title,'',$doc_history ,'send');
// หาชื่อผู้ส่ง
if(intval($sending_select)=="0"){
$sending=$wordingset[intval($sending_select)];
}else{
// ใช้กรณีที่มีการแทนแค่ 1 กรณี
$selected=$sid1;
$select1=explode('.',$sending_select);
// print_r($select1);
$sql_group="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title
FROM
$table_staff
WHERE
$table_staff.username NOT LIKE 'admin_%'
AND $table_staff.username NOT LIKE 'root%'
AND $table_staff.staffid = '$selected'
order by $table_staff.staffid
";
$result = mysql_query($sql_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$hrs = mysql_fetch_assoc($result);
$sending=$hrs[prename].$hrs[staffname]." ".$hrs[staffsurname];
if($position_show=="show"){$sending.=" (".$hrs[title].")";}
$sending.=" ".$wordingset[$select1[0]][$select1[1]].$wordingset[0];
$sector=$sending_select;
}
} // END SEND
if($type=="circular"){
$getting=$gid_show;
$sending=$_POST['sending'];
//echo " copy record $id to history log";
$sql_record_1st="select * from document where id=$id limit 1";
$result=mysql_query($sql_record_1st);
$rs_1st=mysql_fetch_assoc($result);
foreach($rs_1st as $col => $val){
$insert_code.="`$col`,";
$value_code.="'$val',";
}
$insert_code=substr($insert_code,0,-1);
$value_code=substr($value_code,0,-1);
$sql_record_2nd="INSERT INTO `doc_edit` ($insert_code) VALUES ($value_code)";
$result=mysql_query($sql_record_2nd);
$sql_del_circular="DELETE FROM `doc_receive` WHERE (`docid`='$id') ";
$result = mysql_query($sql_del_circular)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
################################################################
############################################CIRCULAR ADD
/*echo "<pre>";
echo $pid;
echo $sid;
die;*/
# PID check
$pid_array = explode("," , $pid);
$u=0;
$where_code_G="";
foreach($pid_array as $gg => $g_num ){
if($u>0){ $where_code_G.=" or "; }else{ $where_code_G.=" where "; }
if($u==0){ $where_code_G.=" ( "; }
$u++;
$where_code_G.=" $profile_groupmember.gid = '$g_num' ";
}
if($u>0){$where_code_G.=" ) "; }
# SID check
$sid_array = explode("," , $sid);
$u=0;
$where_code_S="";
foreach($sid_array as $gg => $g_num ){
if($u>0){$where_code_S.=" or "; }else{ $where_code_S.=" where "; }
if($u==0){ $where_code_S.=" ( "; }$u++;
$where_code_S.=" $table_staff.staffid = '$g_num' ";
}
if($u>0){$where_code_S.=" ) "; }
//echo "<pre>";
$sql_list="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title,
$profile_groupmember.gid
FROM
$table_staff
LEFT Join $profile_groupmember ON $table_staff.staffid =$profile_groupmember.staffid
$where_code_G
UNION
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title,
'' as gid
FROM
$table_staff
$where_code_S
";
//echo "== ".$sql_list;
$result = mysql_query($sql_list)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($li = mysql_fetch_assoc($result)){
#$staff_fullname_title = $li[prename] . " " . $li[staffname] . " " . $li[staffsurname]." (".$li[title].")";
// print_r($li);
if($li[gid]){ $party_txt="p$li[gid]"; }else{ $party_txt=""; }
$comment=trim($comment);
//echo "<pre>";
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timerec`,`comment`)
VALUES
(NULL,'$id','$party_txt',$li[staffid],'0',$session_staffid,'$sql_time','$comment')
";
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$doc_reciveid=mysql_insert_id();
$action="activity";
$doc_history="แก้ไขเอกสารเวียน";
doclog($id,$doc_reciveid,$li[staffid],$arr_staffname[$li[staffid]],$session_staffid,$staff_fullname_title,'',$doc_history ,$action);
}############# END if($pid)
// die;
################################################
// หาชื่อผู้ส่ง
if(intval($sending_select)=="0"){
$sending=$wordingset[intval($sending_select)];
$sector="0";
}else{
// ใช้กรณีที่มีการแทนแค่ 1 กรณี
$selected=$sid1;
$select1=explode('.',$sending_select);
// print_r($select1);
$sql_group="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title
FROM
$table_staff
WHERE
$table_staff.username NOT LIKE 'admin_%'
AND $table_staff.username NOT LIKE 'root%'
AND $table_staff.staffid = '$selected'
order by $table_staff.staffid
";
$result = mysql_query($sql_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$hrs = mysql_fetch_assoc($result);
$sending=$hrs[prename].$hrs[staffname]." ".$hrs[staffsurname];
if($sending){$sending="(".$sending.")";}
$sending.=" ".$hrs[title];
#if($position_show=="show"){$sending.=$hrs[title];}
$sending.=" ".$wordingset[$select1[0]][$select1[1]].$wordingset[0];
$sector=$sending_select;
}
}
if($type=="get"){
$update_get="document.getting= '$getting',";
$update_send="document.sending= '$sending',";
$update_refid="document.refid= '$refid',";
//echo $update_get."<br>";// die;
}
if((($type=="send")||($type=="circular"))&&($sid1)){
$update_send="document.sending= '$sending',";
}
if(($type=="circular")&&(($pid)||($sid))){
$refid=$refid."/ว".$docid;
$update_get="document.getting= '$getting',";
$update_refid="document.refid= '$refid',";
}elseif($type=="send"){
$refid=$refid."/".$docid;
$update_refid="document.refid= '$refid',";
$update_get="document.getting= '$getting',";
}
// echo "<pre>";
$sql_update="
UPDATE document
SET
document.pdate= '$ndate',
document.tdate= '$ndate2',
$update_refid
$update_send
$update_get
document.title= '$title',
document.comment= '$comment',
document.owner= '$user',
document.speed='$speed',
document.secret='$secret',
document.mission='$mission'
WHERE
document.`id` =$id
LIMIT 1 ;
";
$query = mysql_query($sql_update)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$docid=$id;
$doc_history="แก้ไขหนังสือ ";
doclog($docid,'',$session_staffid,$session_fullname_title ,$session_staffid,$session_fullname_title,'',$doc_history ,$action);
// กรณีหนังสือส่ง
if($type=="send"){
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timesend`,`comment`)
VALUES
(NULL,'$docid',NULL,'$sid1','0','$session_staffid',now( ),'$comment')
";
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
if($minister){
// $comment.="รักษาการ / รักษาราชการ แทน";
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timesend`,`comment`)
VALUES
(NULL,'$docid',NULL,$sid_sub,'1100',$session_staffid,now( ),'$comment')
";
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
}
}
//status = '$status',
if(!$status){$status="0";}
if($status=="100"){$code_status=",`timeknow` = now( )";}
if($status=="200"){$code_status=",`timepaid` = now( )";}
if($staffid){$gid="NULL";}else{$staffid="NULL";}
////////////////// END EDIT
////// ATTACH ADD
if($_FILES){
$num_f=0;
foreach($file as $arr_num => $arr_name){
$attach_name[$arr_num]=$arr_name;
$num_f++;
$descript[$arr_num]=$description[$arr_num];
}
for($f=0;$f<$num_f;$f++){
if($file_name[$f]){
$name_random=randomstr(16);
$name_random=str_replace(" ",'',$name_random);
$f_ext[$f] = getFileExtension($file_name[$f]);
$attach_name=explode(".",$file_name[$f]);
$namepath="$name_random.$f_ext[$f]";
$namepath=str_replace(" ",'',$namepath);
$name="$file_name[$f]";
$save_path = "../../files/document/".$namepath;
$des="$descript[$f]";
if(!$des){$des=$name;}
if(file_exists($save_path)){
$name_random=randomstr(32);
$name_random=str_replace(" ",'',$name_random);
$namepath="$name_random.$f_ext[$f]";
$name="$file_name[$f]";
}
$sqlins = "
insert into doc_attach
( id , docid , name , attach , description)
values
(null , '$docid', '$name' , '$namepath' , '$des')
";
$query = mysql_query($sqlins )or die("Query line " . __LINE__ . " error<hr>".mysql_error());
copy($file[$f],$save_path);
if(PHP_OS=='Linux'){ chmod("$save_path",0777);}
}
} //end for
} //end if file
// die;
$msg.= "ปรับปรุงข้อมูลเรียบร้อย";
include('msg_box.php');
echo "<meta http-equiv='refresh' content='2;url=$PHP_SELF?page=$page&type=$type'>" ;
exit;
///// END EDIT
}
////////////////// ACTIVITY
if($action == "activity"){
$time_now=mysql_query("select now( )")or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$sql_history_rp="
SELECT
doc_receive.staff_id
FROM
doc_receive
Inner Join document ON doc_receive.docid = document.id
Inner Join $table_staff ON doc_receive.staff_id = $table_staff.staffid
WHERE
document.id = $id
OR (username LIKE 'root' or username LIKE 'admin_%')
Group by $table_staff.staffid
";
$i=0;
$resultrp = mysql_query($sql_history_rp)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($rprs = mysql_fetch_assoc($resultrp)){
$take_out[$i]=$rprs[staff_id];$i++;
}
$d = explode("/", $deadline);
$deadline = "'".($d[2] - 543)."-".$d[1]."-".$d[0]."'";
if($deadline_check=="none"){ $deadline="NULL"; }
// ทั้งหมด
if($activity_select=="all"){
$sql_all_select=" SELECT $table_staff.staffid FROM $table_staff ";
$result = mysql_query($sql_all_select)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$i=0;
while($all_staff = mysql_fetch_assoc($result)){
$i++;
$st_all[$i]=$all_staff[staffid];
$comment=trim($comment);
$sql_fw="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timerec`,`comment`,`deadline`,`deadline_alert`)
VALUES
(NULL,'$id',NULL,'$all_staff[staffid]','0','$session_staffid','$sql_time','$comment',$deadline,'$deadline_alert')
";
$recive_staffid = $all_staff[staffid] ;
if($take_out){
foreach($take_out as $num => $val){
if($val==$all_staff[staffid]){$cross="ture";}
}
} ######### if($take_out)
if($cross!="ture"){
$result_fw = mysql_query($sql_fw)or die("Query line " . __LINE__ . " error<hr> $sql_fw ".mysql_error());
$recive_staffname = $arr_staffname[$all_staff[staffid]] ;
$doc_history="แก้ไขเวียนเอกสาร ";
doclog($id,'',$all_staff[staffid],$recive_staffname ,$session_staffid,$session_fullname_title,'',$doc_history ,$action);
}$cross=""; #### if($cross!="ture")
} ## end while($all_staff = mysql_fetch_assoc($result))
} ## end if($activity_select=="all")
// ระบุ
if($activity_select=="private"){
# DEL OLD RECEIVE
$sqldelactivity="
DELETE FROM `doc_receive` WHERE `doc_receive`.`docid` = '$id' AND `doc_receive`.`timeknow`= NULL AND `doc_receive`.`timepaid`= NULL
";
$query = mysql_query($sqldelactivity)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
if($sid){
$sid_array = explode("," , $sid);
$u=0;
$where_code="";
foreach($sid_array as $gg => $g_num ){
$comment=trim($comment);
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timerec`,`comment`,`deadline`,`deadline_alert`)
VALUES
(NULL,'$id',NULL,$g_num,'0',$session_staffid,'$sql_time','$comment',$deadline,'$deadline_alert')
";
$doc_history="ส่งต่อเอกสาร $docid";
$xstaff_label = $arr_staffname[$g_num] ;
doclog($id,'',$g_num,$xstaff_label,$session_staffid,$session_fullname_title,'',$doc_history ,$action);
//echo " <hr> gnum = $g_num <hr> ";
if($take_out){
foreach($take_out as $num => $val){
if($val==$g_num){$cross="ture";}
} ###### END foreach($take_out as $num => $val)
} ######## END if($take_out)
if($cross!="ture"){
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
}
$cross="";
$doc_reciveid=mysql_insert_id();
} ######### END foreach($sid_array as $gg => $g_num )
} ########### END if($sid)
if($gid){
$gid_array = explode("," , $gid);
$u=0;
$where_code="";
foreach($gid_array as $gg => $g_num ){
if($u>0){$where_code.=" or "; }else{ $where_code.=" where "; }$u++;
$where_code.=" $table_groupmember.gid = '$g_num' ";
}
$sql_list="
SELECT
$table_staff.staffid,
$table_groupmember.gid
FROM
$table_groupmember
Inner Join $table_staff ON $table_groupmember.staffid =$table_staff.staffid
$where_code
ORDER by $table_staff.staffid
";
$result = mysql_query($sql_list)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($li = mysql_fetch_assoc($result)){
$comment=trim($comment);
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timerec`,`comment`,`deadline`,`deadline_alert`)
VALUES
(NULL,'$id','g$li[gid]',$li[staffid],'0',$session_staffid,'$sql_time','$comment',$deadline,'$deadline_alert')
";
if($take_out){
foreach($take_out as $num => $val){
if($val==$li[staffid]){$cross="ture";}
}
}
if($cross!="ture"){
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$doc_history="ส่งต่อเอกสาร $docid";
$xstaffid = $li[staffid] ;
doclog($id,$doc_reciveid,$xstaffid,'',$arr_staffname[$xstaffid],$session_fullname_title,'',$doc_history ,$action);
}
$cross="";
$doc_reciveid=mysql_insert_id();
}
} ########## END if($gid)
if($pid){
$pid_array = explode("," , $pid);
$u=0;
$where_code="";
foreach($pid_array as $gg => $g_num ){
if($u>0){$where_code.=" or "; }else{ $where_code.=" where "; }
$u++;
$where_code.=" $profile_groupmember.gid = '$g_num' ";
}
$sql_list="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title,
$profile_groupmember.gid
FROM
$profile_groupmember
Inner Join $table_staff ON $profile_groupmember.staffid =$table_staff.staffid
$where_code
ORDER by $table_staff.staffid
";
$result = mysql_query($sql_list)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($li = mysql_fetch_assoc($result)){
#$staff_fullname_title = $li[prename] . " " . $li[staffname] . " " . $li[staffsurname]." (".$li[title].")";
$comment=trim($comment);
$sqlgetting="
INSERT INTO doc_receive
(`id`,`docid`,`group_id`,`staff_id`,`status`,`owner`,`timerec`,`comment`,`deadline`,`deadline_alert`)
VALUES
(NULL,'$id','p$li[gid]',$li[staffid],'0',$session_staffid,'$sql_time','$comment',$deadline,'$deadline_alert')
";
if($take_out){
foreach($take_out as $num => $val){
if($val==$li[staffid]){$cross="ture";}
}
} ######### END if($take_out)
if($cross!="ture"){
$query = mysql_query($sqlgetting)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$doc_history="ส่งต่อเอกสาร $docid";
doclog($id,$doc_reciveid,$li[staffid],$arr_staffname[$li[staffid]],$session_staffid,$staff_fullname_title,'',$doc_history ,$action);
$doc_reciveid=mysql_insert_id();
}$cross=""; ########END if($cross!="ture")
}
} ############# END if($pid)
}
// die;
$msg.= "ดำเนินการเรียบร้อย";
include('msg_box.php');
echo "<meta http-equiv='refresh' content='1;url=$PHP_SELF?page=$page&type=$type'>" ;
exit;
}////////////////// END ACTIVITY
} ///END POST METHOD
if($action == "del"){
# $sql_doc_del="delete from document where id = '$id' and type='$type' ";
$sql_doc_del="UPDATE document SET document.doc_status= 'w' where id = '$id' and type='$type'";
$sql = mysql_query($sql_doc_del)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$sql_doc_del="delete from doc_receive where docid = '$id' ";
$sql = mysql_query($sql_doc_del)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$sql_doc_del="delete from doc_attach where docid = '$id'";
$sql = mysql_query($sql_doc_del)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$sql_doc_del="delete from doc_take where docid = '$id'";
$sql = mysql_query($sql_doc_del)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$sql_doc_del="delete from doc_history where docid = '$id'";
# $sql = mysql_query($sql_doc_del)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$sql_doc_del="delete from doc_edit where id = '$id'";
# $sql = mysql_query($sql_doc_del)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$msg = "<font class=\"normal_blue\">Complete</font><br>ทำการลบข้อมูลเรียบร้อยแล้ว</div>";
include('msg_box.php');
echo "<meta http-equiv='refresh' content='1;url=?page=$page&type=$type'>" ;
$doc_history="ลบเอกสาร $docid";
doclog($id,'','',$session_fullname_title,$session_staffid,$session_fullname_title,'',$doc_history ,"del");
exit();
}
if($action == "del_attach"){
$sql_doc_del="delete from doc_attach where id = '$file_id' and docid='$id' ";
$sql = mysql_query($sql_doc_del)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$msg = "<font class=\"normal_blue\">Complete</font><br>ทำการลบเอกสารแนบเรียบร้อยแล้ว</div>";
include('msg_box.php');
echo "<meta http-equiv='refresh' content='1;url=?action=edit&id=$id&type=$type'>" ;
$doc_history="ลบไฟล์แนบ $docid";
doclog($id,'','','',$session_staffid,$session_fullname_title,'',$doc_history ,$action);
exit;
}
?>