| Server IP : 172.67.187.206 / Your IP : 172.71.28.155 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : E:/Inetpub/www/work/ |
Upload File : |
<?php
require_once 'config.php';
require_once 'security.php';
require_once 'functions.php';
// รับค่า Action จากทั้ง GET และ POST
$action = isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : '');
// --- ระบบ Login ---
if ($action == 'login') {
$user = mysqli_real_escape_string($conn, $_POST['username']);
$pass = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$user'";
$res = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($res);
// ตรวจสอบรหัสผ่านโดยใช้ฟังก์ชันถอดรหัส
if ($row && decrypt_password($row['password']) == $pass) {
$_SESSION['u_id'] = $row['u_id'];
$_SESSION['fullname'] = $row['fullname'];
$_SESSION['type'] = $row['type'];
if ($row['type'] == 'admin') {
header("Location: admin_dashboard.php");
} else {
header("Location: user_dashboard.php");
}
} else {
header("Location: index.php?error=1");
}
exit();
}
// --- บันทึกสถานที่และภารกิจ (User) ---
if ($action == 'save_work') {
$att_id = (int)$_POST['att_id'];
$work_location = isset($_POST['work_location']) ? mysqli_real_escape_string($conn, $_POST['work_location']) : '';
if ($work_location == 'office') {
$detail = "ปฏิบัติงานในสำนักงาน";
} else {
$detail = mysqli_real_escape_string($conn, $_POST['work_detail']);
}
if (!empty($work_location) && !empty($att_id)) {
$sql = "UPDATE attendance SET
work_location = '$work_location',
work_detail = '$detail'
WHERE att_id = '$att_id'";
if (mysqli_query($conn, $sql)) {
header("Location: user_dashboard.php?save=success");
} else {
die("Error updating record: " . mysqli_error($conn));
}
} else {
header("Location: user_dashboard.php?error=missing_data");
}
exit();
}
// --- ลงเวลาเข้างาน (User) ---
if ($action == 'checkin') {
$u_id = $_SESSION['u_id'];
$date = date('Y-m-d');
$time = date('H:i:s');
$check = mysqli_query($conn, "SELECT * FROM attendance WHERE u_id = '$u_id' AND att_date = '$date'");
if (mysqli_num_rows($check) == 0) {
mysqli_query($conn, "INSERT INTO attendance (u_id, att_date, time_in) VALUES ('$u_id', '$date', '$time')");
}
header("Location: user_dashboard.php");
exit();
}
// --- ลงเวลากลับ (User) ---
if ($action == 'checkout') {
$att_id = (int)$_POST['att_id'];
$time_out = $_POST['time_out'];
mysqli_query($conn, "UPDATE attendance SET time_out = '$time_out' WHERE att_id = '$att_id'");
header("Location: user_dashboard.php");
exit();
}
// --- แก้ไขข้อมูลการลงเวลา (Admin) ---
if ($action == 'edit_attendance') {
$att_id = (int)$_POST['att_id'];
$att_date = mysqli_real_escape_string($conn, $_POST['att_date']);
$time_in = mysqli_real_escape_string($conn, $_POST['time_in']);
$time_out = mysqli_real_escape_string($conn, $_POST['time_out']);
if ($att_id > 0) {
$sql = "UPDATE attendance SET
att_date = '$att_date',
time_in = '$time_in',
time_out = '$time_out'
WHERE att_id = '$att_id'";
if (mysqli_query($conn, $sql)) {
header("Location: admin_dashboard.php?view_date=$att_date&msg=updated");
} else {
die("SQL Error: " . mysqli_error($conn));
}
}
exit();
}
// --- ลงเวลาแทนบุคลากร (Admin Force Check-in) [NEW] ---
if ($action == 'admin_force_checkin') {
$u_id = (int)$_POST['u_id'];
$att_date = mysqli_real_escape_string($conn, $_POST['att_date']);
$time_in = mysqli_real_escape_string($conn, $_POST['time_in']);
$time_out = mysqli_real_escape_string($conn, $_POST['time_out']);
$work_location = mysqli_real_escape_string($conn, $_POST['work_location']);
// หากช่องเวลากลับว่าง ให้บันทึกเป็น 00:00:00
if (empty($time_out)) {
$time_out = "00:00:00";
}
if ($work_location == 'office') {
$work_detail = "ปฏิบัติงานในสำนักงาน";
} else {
$work_detail = mysqli_real_escape_string($conn, $_POST['work_detail']);
}
if ($u_id > 0) {
$sql = "INSERT INTO attendance (u_id, att_date, time_in, time_out, work_location, work_detail)
VALUES ('$u_id', '$att_date', '$time_in', '$time_out', '$work_location', '$work_detail')";
if (mysqli_query($conn, $sql)) {
header("Location: admin_dashboard.php?view_date=$att_date&status=success");
} else {
die("SQL Error: " . mysqli_error($conn));
}
}
exit();
}
// --- จัดการบุคลากร (Admin) ---
if ($action == 'add_user') {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = encrypt_password($_POST['password']);
$fullname = mysqli_real_escape_string($conn, $_POST['fullname']);
$position = mysqli_real_escape_string($conn, $_POST['position']);
$g_id = (int)$_POST['g_id'];
$p_id = (int)$_POST['p_id'];
$type = $_POST['type'];
$sig_name = "";
if ($_FILES['signature']['name']) {
$ext = pathinfo($_FILES['signature']['name'], PATHINFO_EXTENSION);
$sig_name = "sig_" . time() . "." . $ext;
move_uploaded_file($_FILES['signature']['tmp_name'], "uploads/" . $sig_name);
}
$sql = "INSERT INTO users (username, password, fullname, position, g_id, p_id, type, signature)
VALUES ('$username', '$password', '$fullname', '$position', '$g_id', '$p_id', '$type', '$sig_name')";
mysqli_query($conn, $sql);
header("Location: admin_users.php");
exit();
}
if ($action == 'edit_user') {
$u_id = (int)$_POST['u_id'];
$fullname = mysqli_real_escape_string($conn, $_POST['fullname']);
$position = mysqli_real_escape_string($conn, $_POST['position']);
$g_id = (int)$_POST['g_id'];
$p_id = (int)$_POST['p_id'];
$type = $_POST['type'];
mysqli_query($conn, "UPDATE users SET fullname='$fullname', position='$position', g_id='$g_id', p_id='$p_id', type='$type' WHERE u_id='$u_id'");
if (!empty($_POST['password'])) {
$password = encrypt_password($_POST['password']);
mysqli_query($conn, "UPDATE users SET password='$password' WHERE u_id='$u_id'");
}
if ($_FILES['signature']['name']) {
$old_res = mysqli_query($conn, "SELECT signature FROM users WHERE u_id='$u_id'");
$old = mysqli_fetch_assoc($old_res);
if ($old['signature'] && file_exists("uploads/".$old['signature'])) unlink("uploads/".$old['signature']);
$ext = pathinfo($_FILES['signature']['name'], PATHINFO_EXTENSION);
$sig_name = "sig_" . time() . "." . $ext;
move_uploaded_file($_FILES['signature']['tmp_name'], "uploads/" . $sig_name);
mysqli_query($conn, "UPDATE users SET signature='$sig_name' WHERE u_id='$u_id'");
}
header("Location: admin_users.php");
exit();
}
if ($action == 'del_user') {
$u_id = secure_id($_GET['id']);
$res = mysqli_query($conn, "SELECT signature FROM users WHERE u_id = '$u_id'");
$row = mysqli_fetch_assoc($res);
if ($row['signature'] && file_exists("uploads/".$row['signature'])) unlink("uploads/".$row['signature']);
mysqli_query($conn, "DELETE FROM users WHERE u_id = '$u_id'");
header("Location: admin_users.php");
exit();
}
// --- จัดการกลุ่มงาน (เพิ่ม Backticks ครอบชื่อตาราง) ---
if ($action == 'add_group') {
$g_name = mysqli_real_escape_string($conn, $_POST['g_name']);
mysqli_query($conn, "INSERT INTO `groups` (g_name) VALUES ('$g_name')");
header("Location: admin_groups.php");
exit();
}
if ($action == 'del_group') {
$g_id = secure_id($_GET['id']);
mysqli_query($conn, "DELETE FROM `groups` WHERE g_id = '$g_id'");
header("Location: admin_groups.php");
exit();
}
// --- จัดการประเภทบุคลากร ---
if ($action == 'add_type') {
$p_name = mysqli_real_escape_string($conn, $_POST['p_name']);
mysqli_query($conn, "INSERT INTO personnel_types (p_name) VALUES ('$p_name')");
header("Location: admin_types.php");
exit();
}
if ($action == 'edit_type') {
$p_id = (int)$_POST['p_id'];
$p_name = mysqli_real_escape_string($conn, $_POST['p_name']);
mysqli_query($conn, "UPDATE personnel_types SET p_name='$p_name' WHERE p_id='$p_id'");
header("Location: admin_types.php");
exit();
}
if ($action == 'del_type') {
$id = secure_id($_GET['id']);
mysqli_query($conn, "DELETE FROM personnel_types WHERE p_id='$id'");
header("Location: admin_types.php");
exit();
}
if ($action == 'logout') {
session_destroy();
header("Location: index.php");
exit();
}
?>