first commit
This commit is contained in:
@@ -0,0 +1,188 @@
|
||||
<?php
|
||||
include $require_path.'main-config.php' ;
|
||||
|
||||
//set language
|
||||
$language = [
|
||||
'-' => 'English',
|
||||
"_zh" => "Chinese",
|
||||
"_my" => "Malay",
|
||||
'_np' => "Nepali",
|
||||
'_md' => "Burmese",
|
||||
];
|
||||
|
||||
if ( $_GET['app_view'] != "yes" ){
|
||||
// check login status
|
||||
$system_login_cookies = $_COOKIE['system_login_cookies'] ;
|
||||
if ($_SESSION['system_id'] != '' && $_SESSION['system_name'] != '' && $_SESSION['system_branch'] != '' && $_SESSION["system_permission"] != ""){
|
||||
$mysqli_user = $mysqli->query("SELECT * FROM system_user
|
||||
WHERE user_id = '".$_SESSION['system_id']."' AND user_name = '".$_SESSION['system_name']."' AND user_permission = '".$_SESSION['system_permission']."' AND user_branch = '".$_SESSION['system_branch']."' AND user_login_cookies = '".$system_login_cookies."' AND user_trash = '0' LIMIT 1") ;
|
||||
if ($mysqli_user->num_rows == 0 || trim($system_login_cookies) == ''){
|
||||
// unset user session
|
||||
$all_session = array_keys($_SESSION);
|
||||
foreach ($all_session as $key){
|
||||
unset($_SESSION[$key]);
|
||||
}
|
||||
// unset user cookie
|
||||
$expired_time = (time() - 3600) ;
|
||||
setcookie("system_id", $_SESSION['system_id'], $expired_time, "/") ;
|
||||
setcookie("system_name", $_SESSION['system_name'], $expired_time, "/") ;
|
||||
setcookie("system_branch", $_SESSION['system_branch'], $expired_time, "/") ;
|
||||
setcookie("system_permission", $_SESSION['system_permission'], $expired_time, "/") ;
|
||||
setcookie("system_login_cookies", '', $expired_time, "/") ;
|
||||
}else{
|
||||
$check_user = true ;
|
||||
$row_user = $mysqli_user->fetch_array(MYSQLI_ASSOC) ;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// check user permission
|
||||
$system_permission = $_SESSION['system_permission'] ;
|
||||
$boolean_admin = ($system_permission == 'admin' ? true : false) ;
|
||||
$boolean_purchasing = ($system_permission == 'purchasing' ? true : false) ;
|
||||
$boolean_account = ($system_permission == 'account' ? true : false) ;
|
||||
$boolean_hr = ($system_permission == 'hr' ? true : false) ;
|
||||
$boolean_office_marketing = ($system_permission == 'office-marketing' ? true : false) ;
|
||||
$boolean_marketing = ($system_permission == 'marketing' ? true : false) ;
|
||||
$boolean_store = ($system_permission == 'store' ? true : false) ;
|
||||
$boolean_programmer = ($system_permission == 'programmer' ? true : false) ;
|
||||
$boolean_customer = ($system_permission == 'customer' ? true : false) ;
|
||||
|
||||
// include file
|
||||
$get_lang = ( $_COOKIE['Lang'] != '' ? $_COOKIE['Lang'] : 'en' ) ;
|
||||
include __DIR__.'/../languages/'.$get_lang.'.php' ;
|
||||
|
||||
if($row_user['user_permission'] == 'user'){
|
||||
|
||||
$array_staff_branch_123 = json_decode($row_user['user_permission_branch'],true);
|
||||
|
||||
$user_branch_permission_sql_123 = ' and branch_id IN ('.implode(',', $array_staff_branch_123).') ';
|
||||
|
||||
$user_branch_permission_sql = ' and branch_id IN ('.implode(',', $array_staff_branch_123).') ';
|
||||
$user_branch_permission_sql_a = ' and a.branch_id IN ('.implode(',', $array_staff_branch_123).') ';
|
||||
$user_branch_permission_sql_b = ' and b.branch_id IN ('.implode(',', $array_staff_branch_123).') ';
|
||||
|
||||
// $staff_list = [] ;
|
||||
|
||||
// $mysqli_staff = $mysqli->query( "SELECT staff_id, staff_name, staff_idno FROM staff
|
||||
// WHERE deleted_at IS NULL ".$user_branch_permission_sql_123) ;
|
||||
// if ( $mysqli_staff->num_rows > 0 ){
|
||||
// while ( $row_staff = $mysqli_staff->fetch_assoc() ){
|
||||
// $staff_list[] = $row_staff['staff_id'];
|
||||
// }
|
||||
// }
|
||||
|
||||
// $user_branch_permission_sql_task = ' and a.created_by IN ('.implode(", ",$staff_list).') ';
|
||||
|
||||
if(empty($_SESSION['url_get_branch_admin'])){
|
||||
if (strpos($url_branch_ori, '&') == true || strpos($url_branch_ori, '?') == true || (strpos($url_branch_ori, '?') == true && strpos($url_branch_ori, '&') == true )) {
|
||||
$echo_script_url = '
|
||||
<script>
|
||||
window.location.replace("'.$url_branch_ori.'&url_get_branch_admin_get='.$array_staff_branch_123[0].'");
|
||||
</script>
|
||||
';
|
||||
}else{
|
||||
$echo_script_url = '
|
||||
<script>
|
||||
window.location.replace("'.$url_branch_ori.'?url_get_branch_admin_get='.$array_staff_branch_123[0].'");
|
||||
</script>
|
||||
';
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$url_get_branch_admin_get = $_GET['url_get_branch_admin_get'];
|
||||
|
||||
$Current_Url = sprintf(
|
||||
'%s://%s/%s',
|
||||
isset($_SERVER['HTTPS']) ? 'https' : 'http',
|
||||
$_SERVER['HTTP_HOST'],
|
||||
trim($_SERVER['REQUEST_URI'],'/\\')
|
||||
);
|
||||
|
||||
$url_branch_ori = strip_param_from_url( $Current_Url, 'url_get_branch_admin_get' );
|
||||
|
||||
$mysqli_branch = $mysqli->query( "SELECT branch_id, branch_hq FROM branch
|
||||
WHERE deleted_at IS NULL ORDER BY branch_id DESC") ;
|
||||
if ( $mysqli_branch->num_rows > 0 ){
|
||||
while ( $row_branch = $mysqli_branch->fetch_assoc() ){
|
||||
if($row_branch['branch_hq'] >= 1 ){
|
||||
$count_branch_selected++;
|
||||
$HQ_branch = $row_branch['branch_id'];
|
||||
}
|
||||
if($count_branch_selected <= 0){
|
||||
$HQ_branch = $row_branch['branch_id'];
|
||||
}
|
||||
}
|
||||
}
|
||||
if($row_user['user_permission'] == 'admin'){
|
||||
if(empty($_SESSION['url_get_branch_admin'])){
|
||||
if (strpos($url_branch_ori, '&') == true || strpos($url_branch_ori, '?') == true || (strpos($url_branch_ori, '?') == true && strpos($url_branch_ori, '&') == true )) {
|
||||
$echo_script_url = '
|
||||
<script>
|
||||
window.location.replace("'.$url_branch_ori.'&url_get_branch_admin_get='.$HQ_branch.'");
|
||||
</script>
|
||||
';
|
||||
}else{
|
||||
$echo_script_url = '
|
||||
<script>
|
||||
window.location.replace("'.$url_branch_ori.'?url_get_branch_admin_get='.$HQ_branch.'");
|
||||
</script>
|
||||
';
|
||||
}
|
||||
}
|
||||
}
|
||||
if($url_get_branch_admin_get != ''){
|
||||
$_SESSION['url_get_branch_admin'] = $url_get_branch_admin_get;
|
||||
$echo_script_url = '
|
||||
<script>
|
||||
window.location.replace("'.$url_branch_ori.'");
|
||||
</script>
|
||||
';
|
||||
}
|
||||
|
||||
function strip_param_from_url( $url, $param ) {
|
||||
$base_url = strtok($url, '?'); // Get the base url
|
||||
$parsed_url = parse_url($url); // Parse it
|
||||
$query = $parsed_url['query']; // Get the query string
|
||||
parse_str( $query, $parameters ); // Convert Parameters into array
|
||||
unset( $parameters[$param] ); // Delete the one you want
|
||||
$new_query = http_build_query($parameters); // Rebuilt query string
|
||||
return $base_url.'?'.$new_query; // Finally url is ready
|
||||
}
|
||||
|
||||
// if($row_user['user_permission'] == 'admin'){
|
||||
$user_branch_permission_sql = ' and branch_id = "'.$_SESSION['url_get_branch_admin'].'" ';
|
||||
$user_branch_permission_sql_a = ' and a.branch_id = "'.$_SESSION['url_get_branch_admin'].'" ';
|
||||
$user_branch_permission_sql_b = ' and b.branch_id = "'.$_SESSION['url_get_branch_admin'].'" ';
|
||||
$user_branch_permission_sql_d = ' and d.branch_id = "'.$_SESSION['url_get_branch_admin'].'" ';
|
||||
$user_branch_permission_sql_symbol = ' and branch like "%/'.$_SESSION['url_get_branch_admin'].'/%" ';
|
||||
|
||||
if($_SESSION['url_get_branch_admin'] == 1){
|
||||
$url_get_branch_admin_name = 'muar';
|
||||
}elseif($_SESSION['url_get_branch_admin'] == 2){
|
||||
$url_get_branch_admin_name = 'iskandar';
|
||||
}elseif($_SESSION['url_get_branch_admin'] == 3){
|
||||
$url_get_branch_admin_name = 'penan1';
|
||||
}elseif($_SESSION['url_get_branch_admin'] == 4){
|
||||
$url_get_branch_admin_name = 'asa';
|
||||
}
|
||||
|
||||
$user_branch_permission_sql_branch_name = ' and branch = "'.$url_get_branch_admin_name.'" ';
|
||||
|
||||
$staff_list = [] ;
|
||||
|
||||
$mysqli_staff = $mysqli->query( "SELECT staff_id, staff_name, staff_idno FROM staff
|
||||
WHERE deleted_at IS NULL ".$user_branch_permission_sql) ;
|
||||
if ( $mysqli_staff->num_rows > 0 ){
|
||||
while ( $row_staff = $mysqli_staff->fetch_assoc() ){
|
||||
$staff_list[] = $row_staff['staff_id'];
|
||||
}
|
||||
}
|
||||
|
||||
$user_branch_permission_sql_task = ' and a.created_by IN ('.implode(", ",$staff_list).') ';
|
||||
// }
|
||||
|
||||
// print_r($_SESSION['url_get_branch_admin']);exit();
|
||||
?>
|
||||
Reference in New Issue
Block a user