/
home
/
efamember
/
domains
/
efa-member.com
/
public_html
/
efa.or
/
ajax
/
profile
/
up file
home
<?php include('../../../config/main_function.php'); $secure = "cAh3DrJACzw4RbU"; $connection = connectDB($secure); $member_id = mysqli_real_escape_string($connection, $_POST['member_id']); $document_id = mysqli_real_escape_string($connection, $_POST['document_id']); if ($connection) { if ($_FILES['document_file']["name"] != "") { ///ถอด xapi $password = 'sd32f43q5we'; $xapi = 'CXgvsdf542sdfg'; $decryptedMessage = mysqli_real_escape_string($connection, $_POST['decryptedMessage']); if (decryptMessage($decryptedMessage, $password) == $xapi) { $file = explode(".", $_FILES['document_file']['name']); $file_num = count($file) - 1; $file_surname = $file[$file_num]; $document = md5(date('mds') . rand(111, 999) . date("hsid") . rand(111, 999)) . "." . $file_surname; $target_file = "../../../main/upload/join/file/" . $document; if (move_uploaded_file($_FILES["document_file"]["tmp_name"], $target_file)) { $sql = "SELECT MAX(document_list_order) AS Max_listorder FROM tbl_member_document WHERE member_id = '$member_id'"; $res = mysqli_query($connection, $sql); $row = mysqli_fetch_assoc($res); if ($row >= 1) { $list_order = $row['Max_listorder'] + 1; } else { $list_order = 1; } $sql_insert = "INSERT INTO tbl_member_document SET document_id = '$document_id', document_file_name = '$document' , document_list_order = '$list_order', member_id = '$member_id'"; $res_insert = mysqli_query($connection, $sql_insert); if ($res_insert) { $arr['result'] = 1; } else { $arr['result'] = 0; $arr['message'] = "sql Err."; } } } else { $arr['result'] = 0; $arr['message'] = "xapi is valid"; } } else { $arr['message'] = "file is valid"; } } else { $arr['result'] = 9; $arr['message'] = "Connection Error"; } echo json_encode($arr);