| Server IP : 172.67.187.206 / Your IP : 172.71.28.155 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Inetpub/www/supply_system/supplies/ |
Upload File : |
<?php
include_once __DIR__ . '/../config.php';
include_once __DIR__ . '/../functions.php';
include_once __DIR__ . '/../includes/auth_check.php';
// requireRole(['admin', 'supply_manager']);
$message = '';
$message_type = 'danger';
$supply_id = 0; // Initialize
// --- Define Upload Directory ---
// Assumes 'uploads/supplies/' exists in the root directory
$upload_dir = __DIR__ . '/../uploads/supplies/';
$upload_url_base = BASE_URL . '/uploads/supplies/'; // For constructing URLs
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['supply_id'])) {
$supply_id = intval($_POST['supply_id']);
// --- Get and Sanitize Data ---
$supply_code = isset($_POST['supply_code']) ? sanitize_input($conn, strtoupper($_POST['supply_code'])) : ''; // Usually read-only, but sanitize anyway
$supply_name = isset($_POST['supply_name']) ? sanitize_input($conn, $_POST['supply_name']) : '';
$category_id = isset($_POST['category_id']) ? intval($_POST['category_id']) : 0;
$unit = isset($_POST['unit']) ? sanitize_input($conn, $_POST['unit']) : '';
$min_stock_level = isset($_POST['min_stock_level']) ? intval($_POST['min_stock_level']) : 0;
$description = isset($_POST['description']) ? sanitize_input($conn, $_POST['description']) : '';
$status = isset($_POST['status']) && in_array($_POST['status'], ['active', 'inactive']) ? sanitize_input($conn, $_POST['status']) : 'inactive';
$delete_image = isset($_POST['delete_image']) ? true : false;
$existing_image = isset($_POST['existing_image']) ? $_POST['existing_image'] : ''; // Get current filename
// --- Validate Data ---
if ($supply_id <= 0 || empty($supply_code) || empty($supply_name) || $category_id <= 0 || empty($unit)) {
$message = "ข้อมูลไม่ถูกต้อง กรุณากรอกข้อมูลที่จำเป็นให้ครบ";
} elseif ($min_stock_level < 0) {
$message = "จุดสั่งซื้อขั้นต่ำต้องไม่ติดลบ";
} else {
$image_filename_to_update = $existing_image; // Start with the existing image name
$old_image_to_delete = null; // Track if we need to delete the old file later
// --- Image Handling ---
// 1. Check for Delete Request
if ($delete_image && !empty($existing_image)) {
$old_image_path = $upload_dir . $existing_image;
if (file_exists($old_image_path)) {
if (@unlink($old_image_path)) { // Try to delete
$image_filename_to_update = NULL; // Set to NULL in DB
} else {
$message = "คำเตือน: ไม่สามารถลบรูปภาพเก่า ($existing_image) ได้ กรุณาตรวจสอบสิทธิ์ของโฟลเดอร์";
// Continue with DB update but keep old filename for now
$image_filename_to_update = $existing_image;
}
} else {
$image_filename_to_update = NULL; // File doesn't exist, just update DB to NULL
}
$existing_image = ''; // Clear existing image variable as it's marked for deletion
}
// 2. Check for New Upload
if (isset($_FILES['supply_image']) && $_FILES['supply_image']['error'] == UPLOAD_ERR_OK) {
$file_info = $_FILES['supply_image'];
$file_name = basename($file_info['name']);
$file_tmp = $file_info['tmp_name'];
$file_size = $file_info['size'];
$file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
$allowed_ext = ['jpg', 'jpeg', 'png', 'gif'];
// Basic Validation
if (!in_array($file_ext, $allowed_ext)) {
$message = "รูปแบบไฟล์รูปภาพไม่ถูกต้อง (อนุญาตเฉพาะ JPG, PNG, GIF)";
} elseif ($file_size > 2 * 1024 * 1024) { // Max 2MB
$message = "ขนาดไฟล์รูปภาพเกิน 2MB";
} else {
// Generate a unique filename (e.g., supplyID_timestamp.ext)
$new_filename = "supply_" . $supply_id . "_" . time() . "." . $file_ext;
$destination = $upload_dir . $new_filename;
if (move_uploaded_file($file_tmp, $destination)) {
// Upload successful
$image_filename_to_update = $new_filename; // Set new filename for DB update
// If there was an old image that wasn't marked for deletion, delete it now
if (!empty($existing_image) && !$delete_image) {
$old_image_path = $upload_dir . $existing_image;
if (file_exists($old_image_path)) {
@unlink($old_image_path); // Try deleting old file
}
}
} else {
$message = "เกิดข้อผิดพลาดในการอัปโหลดไฟล์รูปภาพ";
}
}
}
// End Image Handling
// --- Proceed with DB Update only if no critical file errors occurred ---
if (empty($message) || strpos($message, 'คำเตือน:') === 0) { // Allow update even if old file deletion failed
// Prepare SQL UPDATE Statement
$image_sql_part = ($image_filename_to_update === NULL) ? "NULL" : "'". mysqli_real_escape_string($conn, $image_filename_to_update) ."'";
$sql_update = "UPDATE supplies SET
supply_name = '$supply_name',
category_id = $category_id,
unit = '$unit',
min_stock_level = $min_stock_level,
description = '$description',
image_filename = $image_sql_part,
status = '$status',
updated_at = NOW() -- Update timestamp
WHERE id = $supply_id AND supply_code = '$supply_code'"; // Use code as extra check
if (mysqli_query($conn, $sql_update)) {
if (mysqli_affected_rows($conn) > 0) {
$message = "แก้ไขข้อมูลพัสดุ '" . htmlspecialchars($supply_name) . "' สำเร็จแล้ว. " . $message; // Append warning if any
$message_type = 'success';
} else {
// Check if the record exists with the specific code, maybe data wasn't changed
$sql_verify = "SELECT id FROM supplies WHERE id = $supply_id AND supply_code = '$supply_code'";
$res_verify = mysqli_query($conn, $sql_verify);
if(mysqli_num_rows($res_verify) > 0){
$message = "ไม่มีข้อมูลที่เปลี่ยนแปลง หรือ ไม่พบรายการที่ตรงกัน. " . $message;
$message_type = 'warning';
} else {
$message = "ไม่พบรายการพัสดุ ID: $supply_id หรือรหัส $supply_code ไม่ถูกต้อง.";
$message_type = 'danger';
}
if($res_verify) mysqli_free_result($res_verify);
}
$_SESSION['message'] = $message;
$_SESSION['message_type'] = $message_type;
mysqli_close($conn);
redirect('index.php'); // Redirect back to list
} else {
$message = "เกิดข้อผิดพลาดในการบันทึกข้อมูล: " . mysqli_error($conn);
$message_type = 'danger';
}
}
} // End validation check
} else {
// If accessed directly without POST or supply_id, redirect
$message = 'ข้อมูลไม่ถูกต้อง';
$_SESSION['message'] = $message;
$_SESSION['message_type'] = $message_type;
redirect('index.php');
}
// --- Display Error Message if Redirect Failed ---
if (!empty($message)) {
$_SESSION['message'] = $message;
$_SESSION['message_type'] = $message_type;
// Attempt to redirect back to the edit form with the ID
if ($supply_id > 0) {
redirect('supply_edit.php?id=' . $supply_id);
} else {
redirect('index.php'); // Fallback redirect
}
}
?>