403WebShell

403Webshell

Server IP : 172.67.187.206 / Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : /Inetpub/www/supply_system/requisitions/

Upload File :

[ Back ]

Current File : /Inetpub/www/supply_system/requisitions/action_head_reject.php

<?php
include_once __DIR__ . '/../config.php';
include_once __DIR__ . '/../functions.php';
include_once __DIR__ . '/../includes/auth_check.php';
// requireRole(['head_of_department']);

$message = '';
$message_type = 'danger';

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['requisition_id'])) {
    $req_id = intval($_POST['requisition_id']);
    $head_remarks = isset($_POST['head_remarks']) ? sanitize_input($conn, $_POST['head_remarks']) : '';
    $user_id = getUserData('user_id');
    $user_dept_id = getUserData('department_id');
    $now_datetime = date('Y-m-d H:i:s');

    // --- Validate if the user can reject this request ---
     $sql_check = "SELECT id, status, department_id, requisition_no, requested_by FROM requisitions WHERE id = $req_id";
    $result_check = mysqli_query($conn, $sql_check);

    if ($result_check && $req = mysqli_fetch_assoc($result_check)) {
        if ($req['status'] == 'pending' && $req['department_id'] == $user_dept_id) {
             // --- Update Status and Remarks ---
            $sql_update = "UPDATE requisitions
                           SET status = 'head_rejected',
                               head_approved_by = $user_id,    -- Still record who rejected it
                               head_approved_date = '$now_datetime', -- Record rejection time
                               head_remarks = '$head_remarks'  -- Store rejection reason
                           WHERE id = $req_id";

            if (mysqli_query($conn, $sql_update)) {
                // --- TODO: Notification Logic ---
                // Notify Original Requester (user_id = $req['requested_by']) about the rejection and reason

                $message = "ปฏิเสธ/ตีกลับ คำขอเบิกเลขที่ " . htmlspecialchars($req['requisition_no']) . " เรียบร้อยแล้ว";
                $message_type = 'success'; // Or 'info'
                $_SESSION['message'] = $message;
                $_SESSION['message_type'] = $message_type;
                mysqli_close($conn);
                redirect('list_pending_head.php'); // Redirect back to the pending list

            } else {
                 $message = "เกิดข้อผิดพลาดในการอัปเดตสถานะ: " . mysqli_error($conn);
            }
        } else {
             $message = "ไม่สามารถดำเนินการได้ สถานะปัจจุบันไม่ใช่ 'รอรับทราบ' หรือคุณไม่ใช่ ผอ.กลุ่ม ของคำขอนี้";
        }
        mysqli_free_result($result_check);
    } else {
        $message = "ไม่พบคำขอเบิก ID: $req_id";
    }

} else {
    // Redirect if accessed incorrectly
    redirect('../index.php');
}

// --- Display Error Message if Redirect Failed ---
if (!empty($message) && $message_type == 'danger') {
     $page_title = "ผลการดำเนินการ";
    include_once __DIR__ . '/../includes/header.php';
    include_once __DIR__ . '/../includes/sidebar_head.php';
    ?>
    <div class="container-fluid">
        <h1 class="mt-4">ผลการดำเนินการ</h1>
        <div class="alert alert-<?php echo $message_type; ?>" role="alert">
            <?php echo $message; ?>
        </div>
        <a href="list_pending_head.php" class="btn btn-secondary"><i class="bi bi-arrow-left"></i> กลับ</a>
    </div>
    <?php
    include_once __DIR__ . '/../includes/footer.php';
     if (isset($conn) && $conn) mysqli_close($conn);
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit