| Server IP : 119.59.102.212 / Your IP : 18.117.136.239 Web Server : Apache/2 System : Linux narin 2.6.32-042stab142.1 #1 SMP Tue Jan 28 23:44:17 MSK 2020 x86_64 User : yangkam ( 1022) PHP Version : 5.6.40 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /home/yangkam/domains/yangkam.go.th/private_html/coremain/module/user/ |
Upload File : |
<?php
// Status Package Module
$status_module=select_query("status_module","cms_status_module","id","9");
if($status_module[0]!=1) {
fieldset_no_module();
}
// permssion
if($_SESSION[admin_web]!="admin"){
permission_fail();
}
import_request_variables('pG', 'p_');
if($p_id_user!="") { $id_user=trim($p_id_user); }
if($p_access!="") { $access=trim($p_access); }
if($p_hide!="") { $access=trim($p_hide); }
if($p_get_type!="") { $get_type=trim($p_get_type); }
if($p_h_!="") { $h_=trim($p_h_); }
if($p_n!="") { $n=trim($p_n); }
if($get_type=="") $get_type=1;
$navig['manage_user']="จัดการระบบสมาชิก";
$navig['manage_user_permision']="จัดการสิทธิ์การเข้าถึง";
navigator($navig);
echo "<br>";
bar_header("จัดการสิทธิ์การเข้าถึง");
fieldset_top("จัดการสิทธิ์การเข้าถึง");
// CHECK ว่าเป็นผู้ดูแลระบบหรือว่าสมาชิกทั่วไป
$sql_="SELECT levels FROM cms_main_user WHERE id_user='$id_user'";
$re_=mysql_query($sql_);
$data_=mysql_fetch_array($re_);
if($data_[0]=="admin"){
echo "<font color='000000'><center><b>ไม่สามารถจัดการสิทธิ์ของ USER นี้ได้<br><br>เนื่องจากเป็นสิทธิ์ของผู้ดูแลระบบสูงสุด</b></font><br><br>";
fieldset_down();
//include("coremain/footer.php");
//exit;
}else{
// ############# สิทธินายก #################
if($h_==0 and $id_user!="" and $n=="na"){
$xx="UPDATE cms_main_user SET levels='member' WHERE id_user='$id_user'";
mysql_query($xx);
}if($h_==1 and $id_user!="" and $n=="na"){
$xx="UPDATE cms_main_user SET levels='na' WHERE id_user='$id_user'";
mysql_query($xx);
}
// ############# สิทธิปลัด #################
if($h_==0 and $id_user!="" and $n=="pa"){
$xx="UPDATE cms_main_user SET levels='member' WHERE id_user='$id_user'";
mysql_query($xx);
}if($h_==1 and $id_user!="" and $n=="pa"){
$xx="UPDATE cms_main_user SET levels='pa' WHERE id_user='$id_user'";
mysql_query($xx);
}
// Bar_Header
//get array of permission from database
$array_permission = select_query_data("module_access","cms_main_user","id_user",$id_user);
if($array_permission!="")
$array_permission = explode(",",$array_permission);
else
$array_permission = array();
// open-closed module access
if($access!=""){
if($_GET[status]==1)
{ // prevent duplicate data
if(!in_array($access,$array_permission))
{
array_push($array_permission,$access);
}
}
else if($_GET[status]==0)
{
if(is_numeric($access)){
unset($array_permission[$access]);
}
else
{
$key_to_del = array_keys($array_permission,$access);
//print_r ($key_to_del);
$key_to_del[0];
unset($array_permission[$key_to_del[0]]);
}
}
$str_input = implode(",",$array_permission);
$sql = "UPDATE cms_main_user SET module_access='$str_input' WHERE id_user = $id_user";
query("UPDATE cms_main_user SET module_access='$str_input' WHERE id_user = $id_user");
}
// Menu
$sql="SELECT b.name,b.surname FROM cms_main_user AS a INNER JOIN cms_user_profile AS b ON a.id_user = b.id_user WHERE b.id_user='$id_user'";
$re=mysql_query($sql);
$data=mysql_fetch_array($re);
echo "<center>";
echo "<b>จัดการสิทธิ์ คุณ <font color='ff0000'>".$data[0]." ".$data[1]."</font><br>";
echo "<br>";
// ################## WEB #############
if($get_type==1){
echo "<table width='460' border='0' align='center' cellpadding='1' cellspacing='1' bgcolor='$_SESSION[tb_bgcolor]'>";
echo "<tr height='20' bgcolor='$_SESSION[tb_head_bgcolor]'>";
echo "<td align='center' width='60'>";
echo "<b>ลำดับ</b>";
echo "</td>";
echo "<td align='center' width='190'>";
echo "<b>ชื่อโมดูล</b>";
echo "</td>";
echo "<td align='center' width='200'>";
echo "<b>สิทธิ์</b>";
echo "</td>";
echo "</tr>";
// where course for add menu admin only (not show)
// ################################ TOP BLOG MENU MANAGE #########################################
// get list module
echo" <tr height='20' bgcolor='dddddd'>";
echo "<td colspan=3> <b>ผู้บริหาร</b></td>";
echo "</tr>";
$x="SELECT levels FROM cms_main_user WHERE id_user='$id_user'";
$x1=mysql_query($x);
$x2=mysql_fetch_array($x1);
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>1 </td>";
echo "<td>นายก ฯ</td>";
echo "<td align='center'>";
if($x2['levels']=="na") echo "<a href='index.php?mod=manage_user_permission&path=user&id_user=$id_user&h_=0&n=na'><img src='coremain/images/show.gif' border=0></a>";
else echo "<a href='index.php?mod=manage_user_permission&path=user&id_user=$id_user&h_=1&n=na'><img src='coremain/images/hide.gif' border=0></a>";
echo "</td>";
echo "</tr>";
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>1 </td>";
echo "<td>ปลัด ฯ</td>";
echo "<td align='center'>";
if($x2['levels']=="pa") echo "<a href='index.php?mod=manage_user_permission&path=user&id_user=$id_user&h_=0&n=pa'><img src='coremain/images/show.gif' border=0></a>";
else echo "<a href='index.php?mod=manage_user_permission&path=user&id_user=$id_user&h_=1&n=pa'><img src='coremain/images/hide.gif' border=0></a>";
echo "</td>";
echo "</tr>";
echo" <tr height='20' bgcolor='dddddd'>";
echo "<td colspan=3> <b>เมนูด้านบน</b></td>";
echo "</tr>";
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>";
echo "1";
echo "</td>";
echo "<td>";
echo "ผลงานของเรา";
echo "</td>";
echo "<td align='center'>";
if(in_array("a",$array_permission))
{
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=a&status=0"); }
else
box_show("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=a&status=1");
echo "</td>";
echo "</tr>";
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>";
echo "2";
echo "</td>";
echo "<td>";
echo "ภาพกิจกรรม";
echo "</td>";
echo "<td align='center'>";
if(in_array("b",$array_permission))
{
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=b&status=0"); }
else
box_show("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=b&status=1");
echo "</td>";
echo "</tr>";
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>";
echo "3";
echo "</td>";
echo "<td>";
echo "ร้องทุกข์";
echo "</td>";
echo "<td align='center'>";
if(in_array("c",$array_permission))
{
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=c&status=0"); }
else
box_show("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=c&status=1");
echo "</td>";
echo "</tr>";
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>";
echo "4";
echo "</td>";
echo "<td>";
echo "กระดานสนทนา";
echo "</td>";
echo "<td align='center'>";
if(in_array("d",$array_permission))
{
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=d&status=0"); }
else
box_show("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=d&status=1");
echo "</td>";
echo "</tr>";
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>";
echo "5";
echo "</td>";
echo "<td>";
echo "ติดต่อเรา";
echo "</td>";
echo "<td align='center'>";
if(in_array("e",$array_permission))
{
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=e&status=0"); }
else
box_show("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=e&status=1");
echo "</td>";
echo "</tr>";
// ################################ LEFT BLOG MENU MANAGE ####################################
// get list module
$wclause = " WHERE left_right=1 and module_type!='other' and `lock`='1'";
$sql_list_module = "SELECT id_top , name FROM cms_menu_top $wclause ORDER BY position ASC";
$result_module = query ($sql_list_module);
// counter
$count_blog_menu = 1;
echo" <tr height='20' bgcolor='dddddd'>";
echo "<td colspan=3> <b>เมนูด้านซ้าย</b></td>";
echo "</tr>";
while ($menu_list = mysql_fetch_array ($result_module)){
$menu_name = strpos($menu_list['name'], '.gif') > -1 || strpos($menu_list['name'], '.jpg') > -1 || strpos($menu_list['name'], '.png') > -1 ? '' : $menu_list['name'];
$menu_bg = $menu_name == '' ? $menu_list['name'] : 'menu_bg.jpg';
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>";
echo $count_blog_menu;
echo "</td>";
echo "<td width='190' valign=center style='background: url(coremain/images/menu/$_SESSION[themes_]/1/$menu_bg) no-repeat; width: 180px;' class='$_SESSION[themes_]'>$menu_name</td>";
echo "<td align='center'>";
if($menu_list[id_top]==1){
echo "<font color='ff0000'>สำหรับผู้ดูแลระบบสูงสุดเท่านั้น</font>";
}else{
if(in_array($menu_list["id_top"],$array_permission))
{
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=$access[0]&status=0"); }
else
box_show("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=$menu_list[id_top]&status=1");
}
echo "</td>";
echo "</tr>";
$count_blog_menu++;
}
// ################################ RIGHT BLOG MENU MANAGE ###########################
// get list module
$wclause = " WHERE id_top!=0 and left_right=2 and module_type!='other' and `lock`='1'";
$sql_list_module = "SELECT id_top , name FROM cms_menu_top $wclause ORDER BY position ASC";
$result_module = query ($sql_list_module);
// counter
$count_blog_menu = 1;
echo" <tr height='20' bgcolor='dddddd'>";
echo "<td colspan=3> <b>เมนูด้านขวา</b></td>";
echo "</tr>";
while ($menu_list = mysql_fetch_array ($result_module)){
$menu_name = strpos($menu_list['name'], '.gif') > -1 || strpos($menu_list['name'], '.jpg') > -1 || strpos($menu_list['name'], '.png') > -1 ? '' : $menu_list['name'];
$menu_bg = $menu_name == '' ? $menu_list['name'] : 'menu_bg.jpg';
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>";
echo $count_blog_menu;
echo "</td>";
echo "<td width='190' valign=center style='background: url(coremain/images/menu/$_SESSION[themes_]/1/$menu_bg) no-repeat; width: 180px;' class='$_SESSION[themes_]'>$menu_name</td>";
echo "<td align='center'>";
if(in_array($menu_list["id_top"],$array_permission))
{
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=$access[0]&status=0"); }
else
box_show("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=$menu_list[id_top]&status=1");
echo "</td>";
echo "</tr>";
$count_blog_menu++;
}
// ############## เมนูส่วนกลาง ##############
echo" <tr height='20' bgcolor='dddddd'>";
echo "<td colspan=3> <b>เมนูตรงกลาง</b></td>";
echo "</tr>";
// get list module
$wclause = " WHERE status_module=1 and id>='2' and id<='7'";
$sql_list_module = "SELECT * FROM cms_status_module $wclause ORDER BY id ASC";
$result_module = query ($sql_list_module);
$count=1;
while ($menu_list = mysql_fetch_array ($result_module)){
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>";
echo $count;
echo "</td>";
echo "<td>";
if($menu_list[0]==2) echo "ข่าวประชาสัมพันธ์ (ภายในหน่วยงาน)";
if($menu_list[0]==3) echo "ข่าวจัดซื้อจัดจ้าง (ภายในหน่วยงาน)";
if($menu_list[0]==4) echo "ข่าวประชาสัมพันธ์ (ภายนอกหน่วยงาน)";
if($menu_list[0]==5) echo "ข่าวจัดซื้อจัดจ้าง (ภายนอกหน่วยงาน)";
if($menu_list[0]==7) echo "ข้อมูลทั่วไป";
echo "</td>";
echo "<td align='center'>";
if(in_array($menu_list["name_module"],$array_permission))
{
$access = array_keys($array_permission,$menu_list["name_module"]);
box_hide("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=$access[0]&status=0"); }
else
box_show("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=$menu_list[name_module]&status=1");
echo "</td>";
echo "</tr>";
$count++;
}
// ########################################### END #################################
// ################################ CENTER BLOG MENU MANAGE ###########################
// get list module
$wclause = " WHERE id_top!=0 and left_right=3 and module_type!='other' and `lock`='1'";
$sql_list_module = "SELECT id_top , name FROM cms_menu_top $wclause ORDER BY position ASC";
$result_module = query ($sql_list_module);
while ($menu_list = mysql_fetch_array ($result_module)){
$menu_name = strpos($menu_list['name'], '.gif') > -1 || strpos($menu_list['name'], '.jpg') > -1 || strpos($menu_list['name'], '.png') > -1 ? '' : $menu_list['name'];
$menu_bg = $menu_name == '' ? $menu_list['name'] : 'menu_bg.jpg';
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'>";
echo $count;
echo "</td>";
echo "<td width='190' valign=center style='background: url(coremain/images/menu/$_SESSION[themes_]/1/$menu_bg) no-repeat; width: 180px;' class='$_SESSION[themes_]'>$menu_name</td>";
echo "<td align='center'>";
if(in_array($menu_list["id_top"],$array_permission))
{
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=$access[0]&status=0"); }
else
box_show("index.php?mod=manage_user_permission&path=user&id_user=$id_user&access=$menu_list[id_top]&status=1");
echo "</td>";
echo "</tr>";
$count++;
}
echo "</table>";
}
// ################## MIS #############
if($get_type==2){
echo "<table width='100%' border='0' align='center' cellpadding='1' cellspacing='1' bgcolor='$_SESSION[tb_bgcolor]'>";
echo "<tr height='20' bgcolor='$_SESSION[tb_head_bgcolor]'>";
echo "<td align='center' width='10%'>";
echo "<b>ลำดับ</b>";
echo "</td>";
echo "<td align='center'>";
echo "<b>ชื่อโมดูล</b>";
echo "</td>";
echo "<td align='center'>";
echo "<b>สิทธิ์</b>";
echo "</td>";
echo "</tr>";
// check if admin health or biggest admin
if(in_array("health_system_admin",$array_permission) or $_SESSION[admin_web]=="admin")
{
// ##################### admin health_system_admin
echo" <tr height='20' bgcolor='dddddd'>";
echo "<td colspan=3> <b>สิทธิผู้ดูแลระบบ </b></td>";
echo "</tr>";
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'> 1 </td>";
echo "<td> ผู้ดูแลระบบ </td>";
echo "<td align='center'>";
if(in_array("health_system_admin",$array_permission)){
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=health_system_admin&status=0");
}else
box_show("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=health_system_admin&status=1");
echo "</td>";
echo "</tr>";
//#########################################################
echo" <tr height='20' bgcolor='dddddd'>";
echo "<td> </td><td colspan=2> <b>ระบบการขอใบอนุญาตต่าง ๆ </b></td>";
echo "</tr>";
// ################## Module ##################
// #########################Step1
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'> </td>";
echo "<td> ตรวจสอบเอกสาร </td>";
echo "<td align='center'>";
if(in_array("step1",$array_permission) or in_array("health_system_admin",$array_permission)){
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step1&status=0");
}else
box_show("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step1&status=1");
echo "</td>";
echo "</tr>";
// ###################### Step2
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'> </td>";
echo "<td> ออกใบนัดตรวจ </td>";
echo "<td align='center'>";
if(in_array("step2",$array_permission) or in_array("health_system_admin",$array_permission)){
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step2&status=0");
}else
box_show("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step2&status=1");
echo "</td>";
echo "</tr>";
// ###################### Step3
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'> </td>";
echo "<td> จัดเก็บเอกสาร </td>";
echo "<td align='center'>";
if(in_array("step3",$array_permission) or in_array("health_system_admin",$array_permission)){
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step3&status=0");
}else
box_show("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step3&status=1");
echo "</td>";
echo "</tr>";
// ###################### Step4
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'> </td>";
echo "<td> ออกค่าธรรมเนียม </td>";
echo "<td align='center'>";
if(in_array("step4",$array_permission) or in_array("health_system_admin",$array_permission)){
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step4&status=0");
}else
box_show("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step4&status=1");
echo "</td>";
echo "</tr>";
// ###################### Step5
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'> </td>";
echo "<td> ออกใบอนุญาต </td>";
echo "<td align='center'>";
if(in_array("step5",$array_permission) or in_array("health_system_admin",$array_permission)){
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step5&status=0");
}else
box_show("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step5&status=1");
echo "</td>";
echo "</tr>";
//#####################################################
echo" <tr height='20' bgcolor='dddddd'>";
echo "<td> </td><td colspan=2> <b> รายงาน </b></td>";
echo "</tr>";
// ################## Module ##################
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'> </td>";
echo "<td> รายงานสถานะการขออนุญาต </td>";
echo "<td align='center'>";
if(in_array("step6",$array_permission ) or in_array("health_system_admin",$array_permission)){
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step6&status=0");
}else
box_show("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step6&status=1");
echo "</td>";
echo "</tr>";
echo" <tr height='20' bgcolor='ffffff'>";
echo "<td align='center'> </td>";
echo "<td> ดูรายงานแสดงสถานะรายได้ </td>";
echo "<td align='center'>";
if(in_array("step7",$array_permission) or in_array("health_system_admin",$array_permission)){
$access = array_keys($array_permission,$menu_list["id_top"]);
box_hide("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step7&status=0");
}else
box_show("index.php?get_type=2&mod=manage_user_permission&path=user&id_user=$id_user&access=step7&status=1");
echo "</td>";
echo "</tr>";
}
echo "</table>";
}
}
fieldset_down();
?>