/
home
/
efamember
/
domains
/
efa-member.com
/
public_html
/
efa.or
/
ajax
/
profile
/
up file
home
<?php include('../../../config/main_function.php'); $secure = "cAh3DrJACzw4RbU"; $connection = connectDB($secure); if ($connection) { ///ถอด xapi $password = 'sd32f43q5we'; $xapi = 'CXgvsdf542sdfg'; $decryptedMessage = mysqli_real_escape_string($connection, $_POST['decryptedMessage']); // if ($_SESSION['encryptedMessage'] != $decryptedMessage) { // $arr['result'] = 0; // $arr['message'] = "xapi is used"; // echo json_encode($arr); // exit; // } if (decryptMessage($decryptedMessage, $password) == $xapi) { function changeDate($date) { if ($date != null) { list($day, $month, $year) = explode('/', $date); if ($year > 2300) { $year -= 543; } $newDate = "$year-$month-$day"; } else { $newDate = null; } return $newDate; } $member_id = mysqli_real_escape_string($connection, $_POST['member_id']); $title_name = mysqli_real_escape_string($connection, $_POST['title_name']); $member_name = mysqli_real_escape_string($connection, $_POST['member_name']); $member_name_en = mysqli_real_escape_string($connection, $_POST['member_name_en']); $race = mysqli_real_escape_string($connection, $_POST['country']); $birth_date = changeDate(mysqli_real_escape_string($connection, $_POST['birth_date'])); $citizen_no = mysqli_real_escape_string($connection, $_POST['citizen_no']); $card_expire_date = changeDate(mysqli_real_escape_string($connection, $_POST['card_expire_date'])); $card_address = mysqli_real_escape_string($connection, $_POST['card_address']); $card_district_id = mysqli_real_escape_string($connection, $_POST['card_district_id']); $phone = mysqli_real_escape_string($connection, $_POST['phone']); $email = mysqli_real_escape_string($connection, $_POST['email']); $education_level = mysqli_real_escape_string($connection, $_POST['education_level']); $register_status = mysqli_real_escape_string($connection, $_POST['register_status']); $register_type = mysqli_real_escape_string($connection, $_POST['register_type']); $register_level = mysqli_real_escape_string($connection, $_POST['register_level']); $register_id = mysqli_real_escape_string($connection, $_POST['register_id']); $work_permit = mysqli_real_escape_string($connection, $_POST['work_permit']); $work_expire_date = changeDate(mysqli_real_escape_string($connection, $_POST['work_expire_date'])); $visa_no = mysqli_real_escape_string($connection, $_POST['visa_no']); $visa_expire_date = changeDate(mysqli_real_escape_string($connection, $_POST['visa_expire_date'])); $company_name = mysqli_real_escape_string($connection, $_POST['company_name']); $company_tax_no = mysqli_real_escape_string($connection, $_POST['company_tax_no']); $position = mysqli_real_escape_string($connection, $_POST['position']); $company_address = mysqli_real_escape_string($connection, $_POST['company_address']); $company_district_id = mysqli_real_escape_string($connection, $_POST['company_district_id']); $company_phone = mysqli_real_escape_string($connection, $_POST['company_phone']); $company_email = mysqli_real_escape_string($connection, $_POST['company_email']); $company_line = mysqli_real_escape_string($connection, $_POST['company_line']); $company_web = mysqli_real_escape_string($connection, $_POST['company_web']); $member_level = ""; if ($register_id == 1) { $member_level = "g9k1s"; } // ทั่วไป else if ($register_id == 2) { $member_level = "kki22"; } // สมาชิกสามัญ else if ($register_id == 3) { $member_level = "x9fkq"; } // วิสมาชิกสามัญ else if ($register_id == 4) { $member_level = "6foes"; } // กิติมาศักดิ์ $birthDate = (empty($birth_date) ? "" : ",birth_date = '$birth_date'"); $card_district = (empty($card_district_id) ? "" : ",card_district_id = '$card_district_id'"); $card_register = (empty($card_register_date) ? "" : ",card_register_date = '$card_register_date'"); $card_expire = (empty($card_expire_date) ? "" : ",card_expire_date = '$card_expire_date'"); $company_district = (empty($company_district_id) ? "" : ",company_district_id = '$company_district_id'"); $license_expire = (empty($license_expire_date) ? "" : ",license_expire_date = '$license_expire_date'"); $passport_register = (empty($passport_register_date) ? "" : ",passport_register_date = '$passport_register_date'"); $passport_expire = (empty($passport_expire_date) ? "" : ",passport_expire_date = '$passport_expire_date'"); $work_register = (empty($work_register_date) ? "" : ",work_register_date = '$work_register_date'"); $work_expire = (empty($work_expire_date) ? "" : ",work_expire_date = '$work_expire_date'"); $visa_expire = (empty($visa_expire_date) ? "" : ",visa_expire_date = '$visa_expire_date'"); // $company_district = (empty($company_district_id) ? "" : ",company_district_id = '$company_district_id'"); if ($_FILES['profile_image'] != "") { $tmpFilePath_1 = $_FILES['profile_image']['tmp_name']; $file_1 = explode(".", $_FILES['profile_image']['name']); $count1 = count($file_1) - 1; $file_surname_1 = $file_1[$count1]; $profile_image = md5(date('mds') . rand(111, 999) . date("hsid") . rand(111, 999)) . "." . $file_surname_1; $target_file = "../../../main/upload/join/" . $profile_image; if (move_uploaded_file($_FILES["profile_image"]["tmp_name"], $target_file)) { $insert_image = ",profile_image = '$profile_image'"; } else { $insert_image = ""; } } else { $insert_image = ""; } ///////// Structure /////////// $Structure = "title_name = '$title_name' ,member_name = '$member_name' ,member_name_en = '$member_name_en' ,race = '$race' $birthDate $insert_image ,citizen_no = '$citizen_no' ,card_address = '$card_address' $card_district $card_register $card_expire ,phone = '$phone' ,email = '$email' ,education_level = '$education_level' ,company_name = '$company_name' ,company_tax_no = '$company_tax_no' ,position = '$position' ,company_address = '$company_address' $company_district ,company_phone = '$company_phone' ,company_email = '$company_email' ,company_line = '$company_line' ,company_web = '$company_web' $license_expire $passport_register $passport_expire ,work_permit = '$work_permit' $work_register $work_expire ,visa_no ='$visa_no' $visa_expire "; /////////////////////////////// $sql_chk = "SELECT * FROM tbl_member_detail WHERE member_id = '$member_id'"; $res_chk = mysqli_query($connection, $sql_chk); $num_chk = mysqli_num_rows($res_chk); $year = date('y') + 43; $register_no = getRunNO(6, 'EFA' . $year . '-', 'tbl_member', 'register_no'); if ($num_chk < 1) { $update_member = "UPDATE tbl_member SET register_level ='$register_level' ,register_type = '$register_type' ,register_no='$register_no' WHERE member_id = '$member_id'"; $rs_update = mysqli_query($connection, $update_member); $insert = "INSERT INTO tbl_member_detail SET member_id = '$member_id' ,$Structure"; $rs_insert = mysqli_query($connection, $insert); $payment_id = getRandomID(10, 'tbl_member_payment', 'payment_id'); $gb_ref_no = getRandomID2(15, 'tbl_member_payment', 'gb_ref_no'); $sql_package = "SELECT * FROM tbl_package_price WHERE member_type = '$register_level'"; $rs_package = mysqli_query($connection, $sql_package); $row_package = mysqli_fetch_array($rs_package); $payment_insert = "INSERT INTO tbl_member_payment SET payment_id = '$payment_id' ,member_id = '$member_id' ,gb_ref_no = '$gb_ref_no' ,member_level = '$register_level' ,payment_amount = '{$row_package['unit_price']}' ;"; $rs_payment_insert = mysqli_query($connection, $payment_insert); } else { $update_member = "UPDATE tbl_member SET register_level ='$register_level' ,register_type = '$register_type' WHERE member_id = '$member_id'"; $rs_update = mysqli_query($connection, $update_member); $insert = "UPDATE tbl_member_detail SET $Structure WHERE member_id = '$member_id'"; $rs_insert = mysqli_query($connection, $insert); } if ($rs_insert) { $arr['result'] = 1; } else { $arr['result'] = 0; $arr['message'] = "sql Err."; } } else { $arr['result'] = 0; $arr['message'] = "xapi is valid"; } } else { $arr['result'] = 9; $arr['message'] = "Connection Error"; } echo json_encode($arr);