|
Server : Apache/2.2.2 (Fedora) System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686 User : apache ( 48) PHP Version : 5.2.9 Disable Function : NONE Directory : /var/www/html/pathumthani_eoffice/application/ |
Upload File : |
<?
session_start();
ob_start();
$nochecklogin= true;
include("../config/config.inc.php");
include("../common/function.php");
function check_login($id){// ฟังชั่นเช็ค ช่วงเวลา
//date_default_timezone_set('Asia/Bangkok');
$setc = 8;
$xh = date("H");
$xm = date("i");
$xsc = date("s");
$xdate = date("d");
$xmonth = date("m");
$xyear = date("Y");
$xmktime = mktime($xh,$xm,$xsc,$xmonth,$xdate,$xyear);
$xresult = mysql_query("select * from epm_staff where staffid='$id';");
$xrs = mysql_fetch_assoc($xresult);
$arr_t_s= explode(":",$xrs[time_start]);
$arr_d_s = explode("-",$xrs[date_start]);
$arr_t_e = explode(":",$xrs[time_end]);
$arr_d_e = explode("-",$xrs[date_end]);
$year_s = $arr_d_s[0] - 543;
$year_e = $arr_d_e[0] - 543;
$xmktime_start = mktime($arr_t_s[0],$arr_t_s[1],$arr_t_s[2],$arr_d_s[1],$arr_d_s[2],$year_s);
$xmktime_end = mktime($arr_t_e[0],$arr_t_e[1],$arr_t_e[2],$arr_d_e[1],$arr_d_e[2],$year_e);
/*$xresult = mysql_query("SELECT day(date_start) as d_start, month(date_start) as m_start, year(date_start) as y_start,
day(date_end) as d_end, month(date_end) as m_end, year(date_end) as y_end,
hour(time_start) as h_start, minute(time_start) as min_start, second(time_start) as sec_start,
hour(time_end) as h_end, minute(time_end) as min_end, second(time_end) as sec_end
FROM epm_staff
WHERE staffid='$id'");
$xrs = mysql_fetch_assoc($xresult);
//$arr_t_s= explode(":",$xrs[time_start]);
//$arr_d_s = explode("-",$xrs[date_start]);
//$arr_t_e = explode(":",$xrs[time_end]);
//$arr_d_e = explode("-",$xrs[date_end]);
$year_s = $xrs[y_start] - 543;
$year_e = $xrs[y_end] - 543;
$xmktime_start = mktime($xrs[h_start],$xrs[min_start],$xrs[sec_start],$xrs[m_start],$xrs[d_start],$year_s);
$xmktime_end = mktime($xrs[h_end],$xrs[min_end],$xrs[sec_end],$xrs[m_end],$xrs[d_end],$year_e);*/
if($xrs[date_start] == "" or $xrs[date_start] == NULL){
$re_value = true;
}else if($xrs[date_end] == "" or $xrs[date_end] == NULL){
$re_value = true;
}else{
if(($xmktime >= $xmktime_start ) and ($xmktime <= $xmktime_end)){
$re_value = true;
}else{
$re_value = false;
}
}
return $re_value;
}// end function
if($action=="login"){
$sql ="select * from epm_staff where staffid='".$getstaffid."'";
$result = mysql_query($sql);
$rs = mysql_fetch_assoc($result); // print_r($rs);
if ($rs[password] != ""){
session_register("session_username");
session_register("session_staffid");
session_register("session_dev_id");
session_register("session_depusername");
session_register("session_fullname");
session_register("session_mode");
session_register("session_title");
session_register("session_gid");
session_register("session_fullname_title");
session_register("session_group");
## session จากระบบร้องเรียน
session_register("session_staffname");
session_register("session_staffsurname");
session_register("session_username");
session_register("session_office");
session_register("session_pws");
session_register("session_status_pri");
session_register("session_org");
session_register("session_orgname");
## session ระบบหนังสือรับส่ง
session_register("session_permit");
session_register("session_appid");
$sql_gcheck = "SELECT
permission_status.app_id,
permission_status.`status`,
permission_status.pid
FROM
app_admin
Inner Join permission_status ON app_admin.app_id = permission_status.permit_id
WHERE
app_admin.staff_id = '$rs[staffid]'";
$sql_gcheck_premit = "SELECT
permission_status.pid,
permission_status.app_id
FROM
mission_group
Inner Join app_permit ON mission_group.mission_id = app_permit.mission_id
Inner Join mission_groupmenber ON mission_group.mission_id = mission_groupmenber.mission_id
Inner Join permission_status ON app_permit.permit_id = permission_status.permit_id
WHERE
mission_groupmenber.staffid = '$rs[staffid]'";
$sql = "select t2.* from org_groupmember t1 inner join org_staffgroup t2 on t1.gid=t2.gid where t1.staffid='$rs[staffid]';";
$xresult = mysql_query($sql);
if($xresult){
while ($xrs=mysql_fetch_assoc($xresult)){
$session_org=$xrs[gid];
}
}
$sql = " SELECT groupname FROM org_staffgroup WHERE gid = '$session_org' ;";
$xresult = mysql_query($sql);
if($xresult){
while ($xrs=mysql_fetch_assoc($xresult)){
$session_orgname=$xrs[groupname];
}
}
//echo " <img src='dtree/img/users.gif' > (ทั่วไป) <BR>";
$sql = "select t2.* from $table_groupmember t1 inner join $table_staffgroup t2 on t1.gid=t2.gid where t1.staffid='$rs[staffid]';";
$xresult = mysql_query($sql);
while ($xrs=mysql_fetch_assoc($xresult)){
$session_gid[$rs[staffid]][$xrs[gid]]=$xrs[gid];
}
//print_r($session_gid);
$result = mysql_query("$sql_gcheck");
while($rsg = mysql_fetch_assoc($result)){
if ($rsg[pid]) { $_SESSION[session_apppermit][$rsg[app_id]][$rsg[pid]]= on; }
}
## เพิ่มเติมสิทธิการเข้าถึงโปรแกรมแต่ละโปรแกรมย่อย
//echo $sql_gcheck_premit;die;
$result_permit = mysql_query($sql_gcheck_premit);
while($rsp = mysql_fetch_assoc($result_permit)){
//echo $rsp[pid]."<br>";
if($rsp[pid]){ $_SESSION[session_apppermit][$rsp[app_id]][$rsp[pid]] = on;}
}// end while($rsp = mysql_fetch_assoc($result_permit))
//print_r($_SESSION[session_permit]);
$_SESSION[session_username] = $uname;
$_SESSION[session_staffid] = $rs[staffid];
$_SESSION[session_gid] = $rs[gid];
$_SESSION[session_dev_id] = $rs[org_id];
$_SESSION[session_title] = $rs[title];
$_SESSION[session_fullname] = $rs[prename] . " " . $rs[staffname] . " " . $rs[staffsurname];
$_SESSION[session_fullname_title] = $rs[prename] . " " . $rs[staffname] . " " . $rs[staffsurname]." (".$rs[title].")";
// สำหรับระบบ ร้องเรียน
$session_staffname=$rs[staffname];
$session_staffsurname=$rs[staffsurname];
$session_office=$rs[staffname];
$session_pws="$pwd";
$session_status_pri="0";
// เลือกกลุ่ม
$sql_group="
SELECT
$table_staffgroup.groupname,
$table_staffgroup.gid
FROM
$table_staff
Inner Join $table_groupmember ON $table_staff.staffid = $table_groupmember.staffid
Inner Join $table_staffgroup ON $table_groupmember.gid = $table_staffgroup.gid
WHERE
$table_staff.staffid = $session_staffid
";
$result=mysql_query($sql_group);
while($rs_g=mysql_fetch_assoc($result)){
$_SESSION[session_group][$rs_g[gid]] = $rs_g[groupname];
}
// เก็บ log login รวม
addlog("login","0");
header("Location: control/index.php");
exit;
}
}
?>
<style type="text/css">
<!--
.sss {
color: #FFF;
}
-->
</style>
<table width="100%" border="1" align="center" cellpadding="0" cellspacing="1">
<tr valign="middle">
<td width="69" height="25" align="center" bgcolor="#0033FF" class="sss">ลำดับ</td>
<td width="400" align="center" bgcolor="#0033FF" class="sss">หน่วยงาน</td>
<td width="120" align="center" bgcolor="#0033FF" class="sss">USERNAME</td>
<td width="120" align="center" bgcolor="#0033FF" class="sss">PASSWORD</td>
<td width="400" align="center" bgcolor="#0033FF" class="sss">ชื่อผู้ใช้</td>
</tr>
<?
$sql = "
SELECT org_staffgroup.groupname, epm_staff.staffid, epm_staff.staffname, epm_staff.staffsurname, epm_staff.username, epm_staff.`password`
FROM epm_staff
Inner Join org_groupmember ON org_groupmember.staffid = epm_staff.staffid
Inner Join org_staffgroup ON org_groupmember.gid = org_staffgroup.gid
WHERE org_staffgroup.groupname <> 'Guest'
ORDER BY org_staffgroup.groupname
";
$result = mysql_query($sql);
while($rs = mysql_fetch_assoc($result)){
$n++;
?>
<tr valign="middle">
<td width="69" height="22" align="center"><?=$n?></td>
<td width="567"> <?=$rs[groupname]?></td>
<td width="567"> <?=$rs[username]?></td>
<td width="567"><?=($debug=="ON")?$rs[password]:"*********";?></td>
<td width="567"> <a href="?action=login&getstaffid=<?=$rs[staffid]?>"> <? echo "$rs[staffname] $rs[staffsurname]";?></a></td>
</tr>
<? } ?>
<tr valign="middle">
<td width="69" height="19" align="center" bgcolor="#0033FF"> </td>
<td width="567" bgcolor="#0033FF"> </td>
<td width="567" bgcolor="#0033FF"> </td>
<td width="567" bgcolor="#0033FF"> </td>
<td width="567" bgcolor="#0033FF"> </td>
</tr>
</table>