403Webshell
Server IP : 104.21.80.248  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  E:/Inetpub/www/supply_system/requisitions/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : E:/Inetpub/www/supply_system/requisitions/action_save.php
<?php
include_once __DIR__ . '/../config.php';
include_once __DIR__ . '/../functions.php';
include_once __DIR__ . '/../includes/auth_check.php';
// requireRole(['department']);

$message = '';
$message_type = 'danger';

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['requisition_cart']) && !empty($_SESSION['requisition_cart'])) {
    $cart = $_SESSION['requisition_cart'];
    $department_id = isset($_POST['department_id']) ? intval($_POST['department_id']) : 0;
    $requested_by = isset($_POST['requested_by']) ? intval($_POST['requested_by']) : 0;
    $remarks = isset($_POST['remarks']) ? sanitize_input($conn, $_POST['remarks']) : '';
    $request_date = date('Y-m-d'); // Current date

    // --- Validate Basic Info ---
    if ($department_id <= 0 || $requested_by <= 0) {
        $message = "ข้อมูลผู้ขอเบิกหรือกลุ่มงานไม่ถูกต้อง";
    } else {
        // --- Generate Requisition Number ---
        // Example: REQ + YYYYMMDD + Random 4 digits
        $requisition_no = 'REQ' . date('Ymd') . str_pad(mt_rand(1, 9999), 4, '0', STR_PAD_LEFT);

        // --- Start Transaction ---
        mysqli_begin_transaction($conn);

        try {
            // --- Insert into requisitions table ---
            $sql_req = "INSERT INTO requisitions (requisition_no, department_id, requested_by, request_date, status, remarks)
                        VALUES ('$requisition_no', $department_id, $requested_by, '$request_date', 'pending', '$remarks')";

            if (mysqli_query($conn, $sql_req)) {
                $requisition_id = mysqli_insert_id($conn); // Get the ID of the new requisition

                // --- Insert into requisition_details table ---
                $all_details_inserted = true;
                foreach ($cart as $item_id => $item) {
                    $supply_id = intval($item['supply_id']);
                    $req_qty = intval($item['requested_quantity']);
                    // We don't know the price yet, supply manager will determine it based on FIFO batch
                    // approved_quantity, unit_price, total_value default to 0

                    $sql_detail = "INSERT INTO requisition_details (requisition_id, supply_id, requested_quantity)
                                   VALUES ($requisition_id, $supply_id, $req_qty)";

                    if (!mysqli_query($conn, $sql_detail)) {
                        $all_details_inserted = false;
                        $message = "เกิดข้อผิดพลาดในการบันทึกรายการพัสดุ: " . mysqli_error($conn);
                        break; // Exit loop on error
                    }
                }

                if ($all_details_inserted) {
                    // --- Commit Transaction ---
                    mysqli_commit($conn);

                    // --- Clear Cart ---
                    unset($_SESSION['requisition_cart']);

                    // --- TODO: Add Notification Logic ---
                    // Find head_of_department for $department_id
                    // Insert into notifications table for the head

                    $message = "ส่งคำขอเบิก เลขที่ $requisition_no สำเร็จแล้ว";
                    $message_type = 'success';
                    $_SESSION['message'] = $message;
                    $_SESSION['message_type'] = $message_type;
                    mysqli_close($conn);
                    redirect('list_my.php'); // Redirect to user's requisition list

                } else {
                    // --- Rollback Transaction if detail insert failed ---
                    mysqli_rollback($conn);
                    // $message is already set from the detail insert error
                }
            } else {
                // --- Rollback Transaction if main requisition insert failed ---
                mysqli_rollback($conn);
                $message = "เกิดข้อผิดพลาดในการสร้างคำขอเบิกหลัก: " . mysqli_error($conn);
            }

        } catch (Exception $e) {
            mysqli_rollback($conn);
            $message = "เกิดข้อผิดพลาดร้ายแรง: " . $e->getMessage();
        }
    }
} elseif ($_SERVER["REQUEST_METHOD"] == "POST" && empty($_SESSION['requisition_cart'])) {
     $message = "ตะกร้าสินค้าว่างเปล่า ไม่สามารถส่งคำขอเบิกได้";
     $_SESSION['message'] = $message;
     $_SESSION['message_type'] = $message_type;
     redirect('create.php');
} else {
    // If accessed directly or cart is empty, redirect back
    redirect('create.php');
}

// --- Display Error Message if Redirect Failed ---
if (!empty($message) && $message_type == 'danger') {
    $page_title = "ผลการบันทึกคำขอเบิก";
    include_once __DIR__ . '/../includes/header.php';
    include_once __DIR__ . '/../includes/sidebar_dept.php'; // Or appropriate sidebar
    ?>
    <div class="container-fluid">
        <h1 class="mt-4">ผลการบันทึกคำขอเบิก</h1>
        <div class="alert alert-<?php echo $message_type; ?>" role="alert">
            <?php echo $message; ?>
        </div>
        <a href="create.php" class="btn btn-primary">กลับไปหน้าสร้างคำขอ</a>
        <a href="list_my.php" class="btn btn-secondary">ดูรายการคำขอของฉัน</a>
    </div>
    <?php
    include_once __DIR__ . '/../includes/footer.php';
    if (isset($conn) && $conn) mysqli_close($conn);
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit