Gecko [ 122.154.134.11 ]

Name	Size	Permission
detail.php	3.16 KB	-rw-r--r--
indicator.php	30.6 KB	-rw-r--r--
livesearch1.php	795 B	-rw-r--r--
livesearch2.php	1.03 KB	-rw-r--r--
livesearch3.php	787 B	-rw-r--r--
livesearch4.php	1.02 KB	-rw-r--r--
livesearch_101.php	17.73 KB	-rw-r--r--
permission.php	11.16 KB	-rw-r--r--
report_1.php	31.11 KB	-rw-r--r--
report_2.php	29.43 KB	-rw-r--r--
report_3.php	21.18 KB	-rw-r--r--
report_4.php	5.9 KB	-rw-r--r--
report_5.php	4.04 KB	-rw-r--r--
sp1.php	62.26 KB	-rw-r--r--
sp1_mobile.php	50.04 KB	-rw-r--r--
sp2.php	6.59 KB	-rw-r--r--
sp3.php	5.75 KB	-rw-r--r--
sp4.php	5.23 KB	-rw-r--r--
standard.php	7.89 KB	-rw-r--r--
std_detail.php	8.18 KB	-rw-r--r--
std_detail2.php	9.22 KB	-rw-r--r--
supervision_activity.php	11.1 KB	-rw-r--r--
supervision_activity_number.ph...	10.05 KB	-rw-r--r--
supervision_activity_rate.php	5.49 KB	-rw-r--r--
supervision_item.php	11.3 KB	-rw-r--r--
supervision_year.php	11.12 KB	-rw-r--r--
teach_table.php	13.48 KB	-rw-r--r--

Code Editor : sp2.php

<?php
/** ensure this file is being included by a parent file */
//defined( '_VALID_' ) or die( 'Direct Access to this location is not allowed.' );

if(!(isset($_SESSION['login_user_id']))){
session_start();
}

if(!($_SESSION['login_user_id']==$_REQUEST['officer'])){
exit();
}

if(!(isset($_GET['subject_code']))){
$_GET['subject_code']="";
}

//กลับ
if(isset($_GET['return'])){
$return=$_GET['return'];
}
else{
$return=0;
}

if(isset($_GET['page'])){
$page=$_GET['page'];
}
else{
$page="";
}

if(isset($_POST['ref_id'])){
$rec_date = date("Y-m-d");
		if($_POST['comment']!=""){
		$sql = "insert into supervision_comment(ref_id,person_id,subject_code,comment,rec_date) values ('$_POST[ref_id]', '$_POST[person_index]', '$_POST[subject_code]', '$_POST[comment]' ,'$rec_date')";
		$dbquery = mysqli_query($connect,$sql);
		}
		
			function file_upload() {
					$uploaddir = 'modules/supervision/upload_files/';      //ที่เก็บไไฟล์
					$uploadfile = $uploaddir.$_FILES['userfile']['name'];
					
					$file_name = $_FILES['userfile']['name'] ;
					$array_last = explode("." ,$file_name) ;
					$lastname = strtolower ($array_last[1]) ;
					$lastname_2=".".$lastname;  
					 
					$rand_number=rand();
					$file_name=$_POST['ref_id'].$rand_number;
					
					if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile))
						{
							$before_name  = $uploadfile;
							$name = $file_name.$lastname_2;
							$changed_name = $uploaddir.$file_name.$lastname_2;
							rename("$before_name" , "$changed_name");
					
							//ลดขนาดภาพ
								if(($lastname =="JPG") or ($lastname=="jpg")){		
									$ori_file=$changed_name;
									$ori_size=getimagesize($ori_file);
									$ori_w=$ori_size[0];
									$ori_h=$ori_size[1];
												if($ori_w>800){
												$new_w=800;
												$new_h=round(($new_w/$ori_w)*$ori_h);
												$ori_img=imagecreatefromjpeg($ori_file);
												$new_img=imagecreatetruecolor($new_w, $new_h);
												imagecopyresized($new_img, $ori_img,0,0, 0,0, $new_w, $new_h, $ori_w, $ori_h);
												$new_file=$ori_file;
												imagejpeg($new_img, $new_file);
												imagedestroy($ori_img);
												imagedestroy($new_img);
												}	
									}						
							
						return  $name;
						}
			}
		
		
		if($_FILES['userfile']['name']!=""){
		/*
			echo "<script>alert('Password ไม่ถูกต้อง');</script>\n";
		*/	
				$myfile1_name = $_FILES ['userfile'] ['name'] ;
				 $array_last1 = explode("." ,$myfile1_name) ;
				 $c1 =count ($array_last1) - 1 ;
				 $lastname1 = strtolower ($array_last1 [$c1] ) ;
				 if($lastname1 =="doc" or $lastname1 =="docx" or $lastname1 =="rar" or $lastname1 =="pdf" or $lastname1 =="xls" or $lastname1 =="xlsx" or $lastname1 =="zip" or $lastname1 =="jpg" or $lastname1 =="gif" ) { 
		
				$file=file_upload();
				$sql = "insert into supervision_file(ref_id,subject_code,file_name) values ('$_POST[ref_id]','$_POST[subject_code]','$file')";
				$dbquery = mysqli_query($connect,$sql);
				 }
		}
		
			if($_POST['return']==1){		
			echo "<script>document.location.href='?option=supervision&task=main/sp1_mobile&school_index=$_POST[school_index]&person_index=$_POST[person_index]&index=1';</script>\n";
			}
			else if($_POST['return']==1.1){
			$sql = "select id from supervision_main where ref_id='$_POST[ref_id]' ";
			$dbquery = mysqli_query($connect,$sql);
			$result_ref = mysqli_fetch_array($dbquery);
			$id=$result_ref['id']; 
			echo "<script>document.location.href='?option=supervision&task=main/sp1_mobile&school_index=$_POST[school_index]&person_index=$_POST[person_index]&index=5&id=$id&page=$_POST[page]';</script>\n";
			}
			else if($_POST['return']==2){
			$sql = "select id from supervision_main where ref_id='$_POST[ref_id]' ";
			$dbquery = mysqli_query($connect,$sql);
			$result_ref = mysqli_fetch_array($dbquery);
			$id=$result_ref['id']; 
			echo "<script>document.location.href='?option=supervision&task=main/sp1&school_index=$_POST[school_index]&person_index=$_POST[person_index]&index=5&id=$id&page=$_POST[page]';</script>\n";
			}
			else{
			echo "<script>document.location.href='?option=supervision&task=main/sp1&school_index=$_POST[school_index]&person_index=$_POST[person_index]&index=1';</script>\n";
			}
			
}

/*
?>
<script type="text/javascript" >
$(function() {
//$(".submit").click(function() {
$('#frm2').submit(function() {
$.ajax({
type: "POST",
url:"?option=supervision&task=main/sp2&index=4",
enctype: "multipart/form-data",
data: $('#frm2').serialize(),
success: function(){
$('.success').fadeIn(200).show();
$('.success').fadeOut(200).hide();
//$('.error').fadeOut(200).hide();
$("#dialog").dialog("close");
//sleep(1000);
//alert("Save complete");
$('#frm2').trigger('reset');
//$('.success').fadeOut(200).hide();
}
});

return false;
});
});
</script>
<div >
<span class="error" style="display:none"> Please Enter Valid Data</span>
<span class="success" style="display:none"> Successfully</span>
</div>
<?php
*/
echo "<form Enctype = 'multipart/form-data' id='frm2' name='frm2' action='?option=supervision&task=main/sp2&index=4' method=post>";
echo "<Br><Br>";
echo "<Table width='300' Border='0' align='center'>";
echo "<Tr align='left'><Td ></Td><Td align='right'>นิเทศ&nbsp;&nbsp;&nbsp;&nbsp;</Td><Td><textarea rows='10' cols='35' name='comment'></textarea></Td></Tr>";

echo  "<tr align='left'>";
echo  "<Td ></Td><td align='right'>เอกสาร&nbsp;&nbsp;</td>";
echo  "<td align='left'><input name = 'userfile' type = 'file'></td>";
echo  "</tr>";
echo  "<tr align='left' height='70'>";
echo  "<Td ></Td><td></td><td align='left'>";
echo "<INPUT TYPE='submit' name='smb' id='submit' value='ตกลง' class='submit'"; //onclick='goto_upload(1)'>";
echo "</td></tr>";
echo "</Table>";
echo "<INPUT TYPE='Hidden' name='ref_id' value='$_GET[ref_id]'>";
echo "<INPUT TYPE='Hidden' name='subject_code' value='$_GET[subject_code]'>";
echo "<INPUT TYPE='Hidden' name='school_index' value='$_GET[school_index]'>";
echo "<INPUT TYPE='Hidden' name='person_index' value='$_GET[person_index]'>";
echo "<INPUT TYPE='Hidden' name='officer' value='$_GET[officer]'>";
echo "<INPUT TYPE='Hidden' name='return' value='$return'>";
echo "<INPUT TYPE='Hidden' name='page' value='$page'>";
echo "</form>";

?>
<script>
function goto_upload(val){
	if(val==1){
		callfrm2();
	}
}

function callfrm2()
	{
		frm2.target = "_self";
		frm2.method = "POST";
		document.getElementById("frm2").submit();
		//return false;
 	}

</script>

${this.title}

Code Editor : sp2.php