| Server IP : 172.67.187.206 / Your IP : 172.71.28.156 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Inetpub/www/supply_system/requisitions/ |
Upload File : |
<?php
include_once __DIR__ . '/../config.php';
include_once __DIR__ . '/../functions.php';
include_once __DIR__ . '/../includes/auth_check.php';
// requireRole(['admin', 'supply_manager']);
$message = '';
$message_type = 'danger';
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['requisition_id'])) {
$req_id = intval($_POST['requisition_id']);
// Re-use the 'remarks' field for supply manager's rejection reason
$supply_remarks = isset($_POST['supply_remarks']) ? sanitize_input($conn, $_POST['supply_remarks']) : '';
$user_id = getUserData('user_id');
$now_datetime = date('Y-m-d H:i:s');
// --- Validate reason ---
if (empty($supply_remarks)) {
$message = "กรุณาระบุเหตุผลที่ไม่อนุมัติ";
} else {
// --- Validate if the user can reject this request ---
$sql_check = "SELECT id, status, requisition_no, requested_by, head_approved_by FROM requisitions WHERE id = $req_id";
$result_check = mysqli_query($conn, $sql_check);
if ($result_check && $req = mysqli_fetch_assoc($result_check)) {
if ($req['status'] == 'head_approved') {
// --- Update Status and Remarks ---
$sql_update = "UPDATE requisitions
SET status = 'rejected',
approved_by = $user_id, -- Record who rejected
approved_date = '$now_datetime', -- Record rejection time
remarks = '$supply_remarks' -- Store rejection reason (overwriting original if any)
WHERE id = $req_id";
if (mysqli_query($conn, $sql_update)) {
// --- TODO: Notification Logic ---
// Notify Original Requester (user_id = $req['requested_by'])
// Notify Head of Department (user_id = $req['head_approved_by'])
$message = "ไม่อนุมัติ คำขอเบิกเลขที่ " . htmlspecialchars($req['requisition_no']) . " เรียบร้อยแล้ว";
$message_type = 'success'; // Or 'info'
$_SESSION['message'] = $message;
$_SESSION['message_type'] = $message_type;
mysqli_close($conn);
redirect('list_pending_supply.php'); // Redirect back to the pending list
} else {
$message = "เกิดข้อผิดพลาดในการอัปเดตสถานะ: " . mysqli_error($conn);
}
} else {
$message = "ไม่สามารถดำเนินการได้ สถานะปัจจุบันไม่ใช่ 'รอฝ่ายพัสดุอนุมัติ'";
}
mysqli_free_result($result_check);
} else {
$message = "ไม่พบคำขอเบิก ID: $req_id";
}
}
} else {
// Redirect if accessed incorrectly
redirect('../index.php');
}
// --- Display Error Message if Redirect Failed ---
if (!empty($message)) {
$page_title = "ผลการดำเนินการ";
include_once __DIR__ . '/../includes/header.php';
include_once __DIR__ . '/../includes/sidebar_supply.php';
?>
<div class="container-fluid">
<h1 class="mt-4">ผลการดำเนินการ</h1>
<div class="alert alert-<?php echo $message_type; ?>" role="alert">
<?php echo $message; ?>
</div>
<a href="list_pending_supply.php" class="btn btn-secondary"><i class="bi bi-arrow-left"></i> กลับ</a>
</div>
<?php
include_once __DIR__ . '/../includes/footer.php';
if (isset($conn) && $conn) mysqli_close($conn);
}
?>