| Server IP : 104.21.80.248 / Your IP : 172.71.28.156 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Inetpub/www/news/datacenter/admin/core/ |
Upload File : |
<?php
require_once "../config.php";
require_once ABSPATH."/core/checklogin.php";
require_once ABSPATH."/core/functions.php";
require_once ABSPATH."/core/PasswordHash.php";
require_once ABSPATH."/core/resize-class.php";
//สร้างรูป
if(isset($_POST['imageBase64'])){
//print_r($_POST);
$fname = base64_to_jpeg($_POST['imageBase64'], "../uploads/IDcard/". $_POST['cid'].".jpg");
}
function base64_to_jpeg( $base64_url, $output_file ) {
$bb = explode(";", $base64_url);
$b1 = explode(":", $bb[0]);
$b2 = explode(",", $bb[1]);
$contentType = $b1[1];
$base64img = $b2[1];
$ifp = fopen( $output_file, "wb" );
fwrite( $ifp, base64_decode( $base64img) );
fclose( $ifp );
return( $output_file );
}
// จบการสร้างรูป
$idcard = filter_input(INPUT_POST, 'cid', FILTER_SANITIZE_STRING);
$prefix = filter_input(INPUT_POST, 'prefix', FILTER_SANITIZE_STRING);
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
$sname = filter_input(INPUT_POST, 'sname', FILTER_SANITIZE_STRING);
$ennamep = filter_input(INPUT_POST, 'ennamep', FILTER_SANITIZE_STRING);
$ennamef = filter_input(INPUT_POST, 'ennamef', FILTER_SANITIZE_STRING);
$ennamel = filter_input(INPUT_POST, 'ennamel', FILTER_SANITIZE_STRING);
$expcard = filter_input(INPUT_POST, 'expcard', FILTER_SANITIZE_STRING);
$dday = filter_input(INPUT_POST, 'dday', FILTER_SANITIZE_STRING);
$mday = filter_input(INPUT_POST, 'mday', FILTER_SANITIZE_STRING);
$yday = filter_input(INPUT_POST, 'yday', FILTER_SANITIZE_STRING);
$addressn = filter_input(INPUT_POST, 'no', FILTER_SANITIZE_STRING);
$addressm = filter_input(INPUT_POST, 'moo', FILTER_SANITIZE_STRING);
$addresst = filter_input(INPUT_POST, 'tambol', FILTER_SANITIZE_STRING);
$addressa = filter_input(INPUT_POST, 'ampher', FILTER_SANITIZE_STRING);
$addressp = filter_input(INPUT_POST, 'province', FILTER_SANITIZE_STRING);
$address2 = filter_input(INPUT_POST, 'address2', FILTER_SANITIZE_STRING);
$address3 = filter_input(INPUT_POST, 'address3', FILTER_SANITIZE_STRING);
$address4 = filter_input(INPUT_POST, 'address4', FILTER_SANITIZE_STRING);
$group = filter_input(INPUT_POST, 'group', FILTER_SANITIZE_STRING);
$class = filter_input(INPUT_POST, 'class', FILTER_SANITIZE_STRING);
$pgroup = filter_input(INPUT_POST, 'pgroup', FILTER_SANITIZE_STRING);
$no1 = filter_input(INPUT_POST, 'no1', FILTER_SANITIZE_STRING);
$moo1 = filter_input(INPUT_POST, 'moo1', FILTER_SANITIZE_STRING);
$tambol1 = filter_input(INPUT_POST, 'tambol1', FILTER_SANITIZE_STRING);
$ampher1 = filter_input(INPUT_POST, 'ampher1', FILTER_SANITIZE_STRING);
$province1 = filter_input(INPUT_POST, 'province1', FILTER_SANITIZE_STRING);
$zipcode = filter_input(INPUT_POST, 'zipcode', FILTER_SANITIZE_STRING);
$education = filter_input(INPUT_POST, 'education', FILTER_SANITIZE_STRING);
$eclass = filter_input(INPUT_POST, 'eclass', FILTER_SANITIZE_STRING);
$sc = filter_input(INPUT_POST, 'sc', FILTER_SANITIZE_STRING);
$sct = filter_input(INPUT_POST, 'sct', FILTER_SANITIZE_STRING);
$sca = filter_input(INPUT_POST, 'sca', FILTER_SANITIZE_STRING);
$scp = filter_input(INPUT_POST, 'scp', FILTER_SANITIZE_STRING);
$code = filter_input(INPUT_POST, 'code', FILTER_SANITIZE_STRING);
$fn = filter_input(INPUT_POST, 'fn', FILTER_SANITIZE_STRING);
$fs = filter_input(INPUT_POST, 'fs', FILTER_SANITIZE_STRING);
$fa = filter_input(INPUT_POST, 'fa', FILTER_SANITIZE_STRING);
$ft = filter_input(INPUT_POST, 'ft', FILTER_SANITIZE_STRING);
$mn = filter_input(INPUT_POST, 'mn', FILTER_SANITIZE_STRING);
$ms = filter_input(INPUT_POST, 'ms', FILTER_SANITIZE_STRING);
$ma = filter_input(INPUT_POST, 'ma', FILTER_SANITIZE_STRING);
$mt = filter_input(INPUT_POST, 'mt', FILTER_SANITIZE_STRING);
$educ1 = filter_input(INPUT_POST, 'educ1', FILTER_SANITIZE_STRING);
$edusc1 = filter_input(INPUT_POST, 'edusc1', FILTER_SANITIZE_STRING);
$educ2 = filter_input(INPUT_POST, 'educ2', FILTER_SANITIZE_STRING);
$edusc2 = filter_input(INPUT_POST, 'edusc2', FILTER_SANITIZE_STRING);
$educ3 = filter_input(INPUT_POST, 'educ3', FILTER_SANITIZE_STRING);
$edusc3 = filter_input(INPUT_POST, 'edusc3', FILTER_SANITIZE_STRING);
$plan1 = filter_input(INPUT_POST, 'plan1', FILTER_SANITIZE_STRING);
$plan2 = filter_input(INPUT_POST, 'plan2', FILTER_SANITIZE_STRING);
$plan3 = filter_input(INPUT_POST, 'plan3', FILTER_SANITIZE_STRING);
$school1 = filter_input(INPUT_POST, 'school1', FILTER_SANITIZE_STRING);
$school2 = filter_input(INPUT_POST, 'school2', FILTER_SANITIZE_STRING);
$school3 = filter_input(INPUT_POST, 'school3', FILTER_SANITIZE_STRING);
$m1gpx = filter_input(INPUT_POST, 'm1gpx', FILTER_SANITIZE_STRING);
$m1math = filter_input(INPUT_POST, 'm1math', FILTER_SANITIZE_STRING);
$m1sci = filter_input(INPUT_POST, 'm1sci', FILTER_SANITIZE_STRING);
$m1en = filter_input(INPUT_POST, 'm1en', FILTER_SANITIZE_STRING);
$vip1 = filter_input(INPUT_POST, 'vip1', FILTER_SANITIZE_STRING);
$vip2 = filter_input(INPUT_POST, 'vip2', FILTER_SANITIZE_STRING);
$vip3 = filter_input(INPUT_POST, 'vip3', FILTER_SANITIZE_STRING);
$m4gpx = filter_input(INPUT_POST, 'm4gpx', FILTER_SANITIZE_STRING);
$m4thai = filter_input(INPUT_POST, 'm4thai', FILTER_SANITIZE_STRING);
$m4math = filter_input(INPUT_POST, 'm4math', FILTER_SANITIZE_STRING);
$m4sci = filter_input(INPUT_POST, 'm4sci', FILTER_SANITIZE_STRING);
$m4en = filter_input(INPUT_POST, 'm4en', FILTER_SANITIZE_STRING);
$status = filter_input(INPUT_GET, 'status', FILTER_SANITIZE_STRING);
$create = $logged_username;
$SQL1 = $mysqli->query("SELECT * FROM users WHERE username ='$create'");
$Row1 = mysqli_fetch_array($SQL1);
$school = $Row1['gset'];
$SQL2 = $mysqli->query("SELECT * FROM setting_year WHERE `active` ='yes'");
$Row2 = mysqli_fetch_array($SQL2);
$year = $Row2['year'];
$sql= $mysqli->query("SELECT * FROM read_data where cid='$idcard'");
$totalcid=mysqli_num_rows($sql);
if ($totalcid > 0) {
header("Location: ../account.php?page=student_rms&op3=1&msg=error_name");
}else {
$query = "INSERT INTO ".DB_PREFIX."read_data (cid,thnamep,thnamef,thnamel,dday,mday,yday,ennamep,ennamef,ennamel,addressn,addressm,address2,address3,address4,addresst,addressa,addressp,expire,status,createby,sc) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$stmt = $conn->prepare($query);
$stmt->bindParam(1, $idcard, PDO::PARAM_STR);
$stmt->bindParam(2, $prefix, PDO::PARAM_STR);
$stmt->bindParam(3, $name, PDO::PARAM_STR);
$stmt->bindParam(4, $sname, PDO::PARAM_STR);
$stmt->bindParam(5, $dday, PDO::PARAM_STR);
$stmt->bindParam(6, $mday, PDO::PARAM_STR);
$stmt->bindParam(7, $yday, PDO::PARAM_STR);
$stmt->bindParam(8, $ennamep, PDO::PARAM_STR);
$stmt->bindParam(9, $ennamef, PDO::PARAM_STR);
$stmt->bindParam(10, $ennamel, PDO::PARAM_STR);
$stmt->bindParam(11, $addressn, PDO::PARAM_STR);
$stmt->bindParam(12, $addressm, PDO::PARAM_STR);
$stmt->bindParam(13, $address2, PDO::PARAM_STR);
$stmt->bindParam(14, $address3, PDO::PARAM_STR);
$stmt->bindParam(15, $address4, PDO::PARAM_STR);
$stmt->bindParam(16, $addresst, PDO::PARAM_STR);
$stmt->bindParam(17, $addressa, PDO::PARAM_STR);
$stmt->bindParam(18, $addressp, PDO::PARAM_STR);
$stmt->bindParam(19, $expcard, PDO::PARAM_STR);
$stmt->bindParam(20, $status, PDO::PARAM_STR);
$stmt->bindParam(21, $create, PDO::PARAM_STR);
$stmt->bindParam(22, $school, PDO::PARAM_STR);
$stmt->execute();
$query1 = "INSERT INTO ".DB_PREFIX."student_regis (r_idcard,r_class,r_year,r_group,r_pgroup,r_no,r_moo,r_tambol,r_ampher,r_province,r_zipcode,r_education,r_educationc,r_sc,
r_sct,r_sca,r_scp,r_code,r_fn,r_fs,r_fa,r_ft,r_mn,r_ms,r_ma,r_mt,r_educ1,r_edusc1,r_educ2,r_edusc2,r_educ3,r_edusc3,r_plan1,r_plan2,r_plan3,r_nosc1,r_nosc2,r_nosc3,r_m1gpx,
r_m1math,r_m1sci,r_m1en,r_level1,r_level2,r_level3,r_m4pgx,r_m4math,r_m4sci,r_m4en,r_m4th)
VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$stmt1 = $conn->prepare($query1);
$stmt1->bindParam(1, $idcard, PDO::PARAM_STR);
$stmt1->bindParam(2, $class, PDO::PARAM_STR);
$stmt1->bindParam(3, $year, PDO::PARAM_STR);
$stmt1->bindParam(4, $group, PDO::PARAM_STR);
$stmt1->bindParam(5, $pgroup, PDO::PARAM_STR);
$stmt1->bindParam(6, $no1, PDO::PARAM_STR);
$stmt1->bindParam(7, $moo1, PDO::PARAM_STR);
$stmt1->bindParam(8, $tambol1, PDO::PARAM_STR);
$stmt1->bindParam(9, $ampher1, PDO::PARAM_STR);
$stmt1->bindParam(10, $province1, PDO::PARAM_STR);
$stmt1->bindParam(11, $zipcode, PDO::PARAM_STR);
$stmt1->bindParam(12, $education, PDO::PARAM_STR);
$stmt1->bindParam(13, $eclass, PDO::PARAM_STR);
$stmt1->bindParam(14, $sc, PDO::PARAM_STR);
$stmt1->bindParam(15, $sct, PDO::PARAM_STR);
$stmt1->bindParam(16, $sca, PDO::PARAM_STR);
$stmt1->bindParam(17, $scp, PDO::PARAM_STR);
$stmt1->bindParam(18, $code, PDO::PARAM_STR);
$stmt1->bindParam(19, $fn, PDO::PARAM_STR);
$stmt1->bindParam(20, $fs, PDO::PARAM_STR);
$stmt1->bindParam(21, $fa, PDO::PARAM_STR);
$stmt1->bindParam(22, $ft, PDO::PARAM_STR);
$stmt1->bindParam(23, $mn, PDO::PARAM_STR);
$stmt1->bindParam(24, $ms, PDO::PARAM_STR);
$stmt1->bindParam(25, $ma, PDO::PARAM_STR);
$stmt1->bindParam(26, $mt, PDO::PARAM_STR);
$stmt1->bindParam(27, $educ1, PDO::PARAM_STR);
$stmt1->bindParam(28, $edusc1, PDO::PARAM_STR);
$stmt1->bindParam(29, $educ2, PDO::PARAM_STR);
$stmt1->bindParam(30, $edusc2, PDO::PARAM_STR);
$stmt1->bindParam(31, $educ3, PDO::PARAM_STR);
$stmt1->bindParam(32, $edusc3, PDO::PARAM_STR);
$stmt1->bindParam(33, $plan1, PDO::PARAM_STR);
$stmt1->bindParam(34, $plan2, PDO::PARAM_STR);
$stmt1->bindParam(35, $plan3, PDO::PARAM_STR);
$stmt1->bindParam(36, $school1, PDO::PARAM_STR);
$stmt1->bindParam(37, $school2, PDO::PARAM_STR);
$stmt1->bindParam(38, $school3, PDO::PARAM_STR);
$stmt1->bindParam(39, $m1gpx, PDO::PARAM_STR);
$stmt1->bindParam(40, $m1math, PDO::PARAM_STR);
$stmt1->bindParam(41, $m1sci, PDO::PARAM_STR);
$stmt1->bindParam(42, $m1en, PDO::PARAM_STR);
$stmt1->bindParam(43, $vip1, PDO::PARAM_STR);
$stmt1->bindParam(44, $vip2, PDO::PARAM_STR);
$stmt1->bindParam(45, $vip3, PDO::PARAM_STR);
$stmt1->bindParam(46, $m4gpx, PDO::PARAM_STR);
$stmt1->bindParam(47, $m4thai, PDO::PARAM_STR);
$stmt1->bindParam(48, $m4math, PDO::PARAM_STR);
$stmt1->bindParam(49, $m4sci, PDO::PARAM_STR);
$stmt1->bindParam(50, $m4en, PDO::PARAM_STR);
$stmt1->execute();
// form OK:
header("Location: ../account.php?page=student_rms&op3=1&msg=add_ok");
}
exit;