NG_JUN_KAI/worknova.manus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
worknova.manus/connect/cms-config.php
LAPTOP-V9RRD1TL\Michelle's Computer f8f8fcaf96 first commit
2025-07-21 21:38:17 +08:00

189 lines
7.4 KiB
PHP
Raw Permalink Blame History

<?php
include $require_path.'main-config.php' ;
//set language
$language = [
'-' => 'English',
"_zh" => "Chinese",
"_my" => "Malay",
'_np' => "Nepali",
'_md' => "Burmese",
];
if ( $_GET['app_view'] != "yes" ){
// check login status
$system_login_cookies = $_COOKIE['system_login_cookies'] ;
if ($_SESSION['system_id'] != '' && $_SESSION['system_name'] != '' && $_SESSION['system_branch'] != '' && $_SESSION["system_permission"] != ""){
$mysqli_user = $mysqli->query("SELECT * FROM system_user
WHERE user_id = '".$_SESSION['system_id']."' AND user_name = '".$_SESSION['system_name']."' AND user_permission = '".$_SESSION['system_permission']."' AND user_branch = '".$_SESSION['system_branch']."' AND user_login_cookies = '".$system_login_cookies."' AND user_trash = '0' LIMIT 1") ;
if ($mysqli_user->num_rows == 0 || trim($system_login_cookies) == ''){
// unset user session
$all_session = array_keys($_SESSION);
foreach ($all_session as $key){
unset($_SESSION[$key]);
}
// unset user cookie
$expired_time = (time() - 3600) ;
setcookie("system_id", $_SESSION['system_id'], $expired_time, "/") ;
setcookie("system_name", $_SESSION['system_name'], $expired_time, "/") ;
setcookie("system_branch", $_SESSION['system_branch'], $expired_time, "/") ;
setcookie("system_permission", $_SESSION['system_permission'], $expired_time, "/") ;
setcookie("system_login_cookies", '', $expired_time, "/") ;
}else{
$check_user = true ;
$row_user = $mysqli_user->fetch_array(MYSQLI_ASSOC) ;
}
}
}
// check user permission
$system_permission = $_SESSION['system_permission'] ;
$boolean_admin = ($system_permission == 'admin' ? true : false) ;
$boolean_purchasing = ($system_permission == 'purchasing' ? true : false) ;
$boolean_account = ($system_permission == 'account' ? true : false) ;
$boolean_hr = ($system_permission == 'hr' ? true : false) ;
$boolean_office_marketing = ($system_permission == 'office-marketing' ? true : false) ;
$boolean_marketing = ($system_permission == 'marketing' ? true : false) ;
$boolean_store = ($system_permission == 'store' ? true : false) ;
$boolean_programmer = ($system_permission == 'programmer' ? true : false) ;
$boolean_customer = ($system_permission == 'customer' ? true : false) ;
// include file
$get_lang = ( $_COOKIE['Lang'] != '' ? $_COOKIE['Lang'] : 'en' ) ;
include __DIR__.'/../languages/'.$get_lang.'.php' ;
if($row_user['user_permission'] == 'user'){
$array_staff_branch_123 = json_decode($row_user['user_permission_branch'],true);
$user_branch_permission_sql_123 = ' and branch_id IN ('.implode(',', $array_staff_branch_123).') ';
$user_branch_permission_sql = ' and branch_id IN ('.implode(',', $array_staff_branch_123).') ';
$user_branch_permission_sql_a = ' and a.branch_id IN ('.implode(',', $array_staff_branch_123).') ';
$user_branch_permission_sql_b = ' and b.branch_id IN ('.implode(',', $array_staff_branch_123).') ';
// $staff_list = [] ;
// $mysqli_staff = $mysqli->query( "SELECT staff_id, staff_name, staff_idno FROM staff
// WHERE deleted_at IS NULL ".$user_branch_permission_sql_123) ;
// if ( $mysqli_staff->num_rows > 0 ){
// while ( $row_staff = $mysqli_staff->fetch_assoc() ){
// $staff_list[] = $row_staff['staff_id'];
// }
// }
// $user_branch_permission_sql_task = ' and a.created_by IN ('.implode(", ",$staff_list).') ';
if(empty($_SESSION['url_get_branch_admin'])){
if (strpos($url_branch_ori, '&') == true || strpos($url_branch_ori, '?') == true || (strpos($url_branch_ori, '?') == true && strpos($url_branch_ori, '&') == true )) {
$echo_script_url = '
<script>
window.location.replace("'.$url_branch_ori.'&url_get_branch_admin_get='.$array_staff_branch_123[0].'");
</script>
';
}else{
$echo_script_url = '
<script>
window.location.replace("'.$url_branch_ori.'?url_get_branch_admin_get='.$array_staff_branch_123[0].'");
</script>
';
}
}
}
$url_get_branch_admin_get = $_GET['url_get_branch_admin_get'];
$Current_Url = sprintf(
'%s://%s/%s',
isset($_SERVER['HTTPS']) ? 'https' : 'http',
$_SERVER['HTTP_HOST'],
trim($_SERVER['REQUEST_URI'],'/\\')
);
$url_branch_ori = strip_param_from_url( $Current_Url, 'url_get_branch_admin_get' );
$mysqli_branch = $mysqli->query( "SELECT branch_id, branch_hq FROM branch
WHERE deleted_at IS NULL ORDER BY branch_id DESC") ;
if ( $mysqli_branch->num_rows > 0 ){
while ( $row_branch = $mysqli_branch->fetch_assoc() ){
if($row_branch['branch_hq'] >= 1 ){
$count_branch_selected++;
$HQ_branch = $row_branch['branch_id'];
}
if($count_branch_selected <= 0){
$HQ_branch = $row_branch['branch_id'];
}
}
}
if($row_user['user_permission'] == 'admin'){
if(empty($_SESSION['url_get_branch_admin'])){
if (strpos($url_branch_ori, '&') == true || strpos($url_branch_ori, '?') == true || (strpos($url_branch_ori, '?') == true && strpos($url_branch_ori, '&') == true )) {
$echo_script_url = '
<script>
window.location.replace("'.$url_branch_ori.'&url_get_branch_admin_get='.$HQ_branch.'");
</script>
';
}else{
$echo_script_url = '
<script>
window.location.replace("'.$url_branch_ori.'?url_get_branch_admin_get='.$HQ_branch.'");
</script>
';
}
}
}
if($url_get_branch_admin_get != ''){
$_SESSION['url_get_branch_admin'] = $url_get_branch_admin_get;
$echo_script_url = '
<script>
window.location.replace("'.$url_branch_ori.'");
</script>
';
}
function strip_param_from_url( $url, $param ) {
$base_url = strtok($url, '?'); // Get the base url
$parsed_url = parse_url($url); // Parse it
$query = $parsed_url['query']; // Get the query string
parse_str( $query, $parameters ); // Convert Parameters into array
unset( $parameters[$param] ); // Delete the one you want
$new_query = http_build_query($parameters); // Rebuilt query string
return $base_url.'?'.$new_query; // Finally url is ready
}
// if($row_user['user_permission'] == 'admin'){
$user_branch_permission_sql = ' and branch_id = "'.$_SESSION['url_get_branch_admin'].'" ';
$user_branch_permission_sql_a = ' and a.branch_id = "'.$_SESSION['url_get_branch_admin'].'" ';
$user_branch_permission_sql_b = ' and b.branch_id = "'.$_SESSION['url_get_branch_admin'].'" ';
$user_branch_permission_sql_d = ' and d.branch_id = "'.$_SESSION['url_get_branch_admin'].'" ';
$user_branch_permission_sql_symbol = ' and branch like "%/'.$_SESSION['url_get_branch_admin'].'/%" ';
if($_SESSION['url_get_branch_admin'] == 1){
$url_get_branch_admin_name = 'muar';
}elseif($_SESSION['url_get_branch_admin'] == 2){
$url_get_branch_admin_name = 'iskandar';
}elseif($_SESSION['url_get_branch_admin'] == 3){
$url_get_branch_admin_name = 'penan1';
}elseif($_SESSION['url_get_branch_admin'] == 4){
$url_get_branch_admin_name = 'asa';
}
$user_branch_permission_sql_branch_name = ' and branch = "'.$url_get_branch_admin_name.'" ';
$staff_list = [] ;
$mysqli_staff = $mysqli->query( "SELECT staff_id, staff_name, staff_idno FROM staff
WHERE deleted_at IS NULL ".$user_branch_permission_sql) ;
if ( $mysqli_staff->num_rows > 0 ){
while ( $row_staff = $mysqli_staff->fetch_assoc() ){
$staff_list[] = $row_staff['staff_id'];
}
}
$user_branch_permission_sql_task = ' and a.created_by IN ('.implode(", ",$staff_list).') ';
// }
// print_r($_SESSION['url_get_branch_admin']);exit();
?>
Reference in New Issue View Git Blame Copy Permalink