/
home
/
efamember
/
domains
/
efa-member.com
/
public_html
/
backoffice
/
ajax
/
worker
/
up file
home
<?php include('../../../config/main_function.php'); $secure = "cAh3DrJACzw4RbU"; $connection = connectDB($secure); function changeDate($date) { if ($date != null) { list($day, $month, $year) = explode('/', $date); if ($year > 2300) { $year -= 543; } $newDate = "$year-$month-$day"; } else { $newDate = null; } return $newDate; } function imageUpload($image, $imagename) { $maxWidth = 1200; $maxHeight = 800; $status = ""; if (getimagesize($image)) { // Open the original image $originalImage = imagecreatefromjpeg($image); // Get the dimensions of the original image $originalWidth = imagesx($originalImage); $originalHeight = imagesy($originalImage); // Calculate the new dimensions to maintain the 4:3 aspect ratio $aspectRatio = 4 / 3; $newWidth = min($maxWidth, $originalWidth); $newHeight = min($maxHeight, $originalHeight); if ($newWidth / $newHeight > $aspectRatio) { $newWidth = $newHeight * $aspectRatio; } else { $newHeight = $newWidth / $aspectRatio; } // Create a blank canvas for the resized image $resizedImage = imagecreatetruecolor($newWidth, $newHeight); // Resize and crop the image imagecopyresampled( $resizedImage, $originalImage, 0, 0, // Destination coordinates (top-left corner) 0, 0, // Source coordinates (top-left corner) $newWidth, $newHeight, // Destination dimensions $originalWidth, $originalHeight // Source dimensions ); // Save the resized image (you can change the format as needed) $outputFile = "../../../main/upload/join/" . $imagename; imagejpeg($resizedImage, $outputFile); // Free up memory imagedestroy($originalImage); imagedestroy($resizedImage); $status = 200; } else { $status = 500; } return $status; } // Encrypt $randomNumber = rand(5, 10); $secure_text = randomCode($randomNumber); $secure_pointer = rand(0, 9); $secure_text2 = $secure_text; // $mypassword = stringInsert($password, $secure_text, $secure_pointer); // Input $member_id = mysqli_real_escape_string($connection, $_POST['member_id']); $title_name = mysqli_real_escape_string($connection, $_POST['title_name']); $member_name = mysqli_real_escape_string($connection, $_POST['member_name']); $member_name_en = mysqli_real_escape_string($connection, $_POST['member_name_en']); $race = mysqli_real_escape_string($connection, $_POST['country']); $birth_date = changeDate(mysqli_real_escape_string($connection, $_POST['birth_date'])); $citizen_no = mysqli_real_escape_string($connection, $_POST['citizen_no']); $card_expire_date = changeDate(mysqli_real_escape_string($connection, $_POST['card_expire_date'])); $work_permit = mysqli_real_escape_string($connection, $_POST['work_permit']); $work_expire_date = changeDate(mysqli_real_escape_string($connection, $_POST['work_expire_date'])); $visa_no = mysqli_real_escape_string($connection, $_POST['visa_no']); $visa_expire_date = changeDate(mysqli_real_escape_string($connection, $_POST['visa_expire_date'])); $card_address = mysqli_real_escape_string($connection, $_POST['card_address']); $card_district_id = mysqli_real_escape_string($connection, $_POST['card_district_id']); $phone = mysqli_real_escape_string($connection, $_POST['phone']); $email = mysqli_real_escape_string($connection, $_POST['email']); ///company $company_name = mysqli_real_escape_string($connection, $_POST['company_name']); $company_tax_no = mysqli_real_escape_string($connection, $_POST['company_tax_no']); $position = mysqli_real_escape_string($connection, $_POST['position']); $company_address = mysqli_real_escape_string($connection, $_POST['company_address']); $company_district_id = mysqli_real_escape_string($connection, $_POST['company_district_id']); $company_phone = mysqli_real_escape_string($connection, $_POST['company_phone']); $company_email = mysqli_real_escape_string($connection, $_POST['company_email']); $company_line = mysqli_real_escape_string($connection, $_POST['company_line']); $company_web = mysqli_real_escape_string($connection, $_POST['company_web']); /// invoice $invoice_name = mysqli_real_escape_string($connection, $_POST['invoice_name']); $invoice_tax = mysqli_real_escape_string($connection, $_POST['invoice_tax']); $invoice_address = mysqli_real_escape_string($connection, $_POST['invoice_address']); $invoice_district = mysqli_real_escape_string($connection, $_POST['invoice_district']); $invoice_phone = mysqli_real_escape_string($connection, $_POST['invoice_phone']); $invoice_email = mysqli_real_escape_string($connection, $_POST['invoice_email']); $register_status = mysqli_real_escape_string($connection, $_POST['register_status']); $register_type = mysqli_real_escape_string($connection, $_POST['register_type']); $register_id = mysqli_real_escape_string($connection, $_POST['register_id']); $change_level = mysqli_real_escape_string($connection, $_POST['change_level']); $member_level = ""; if ($register_id == 1) { $member_level = "g9k1s"; } // ทั่วไป else if ($register_id == 2) { $member_level = "x9fkq"; } // สมาชิกสามัญ else if ($register_id == 3) { $member_level = "kki22"; } // วิสมาชิกสามัญ else if ($register_id == 4) { $member_level = "6foes"; } // กิติมาศักดิ์ if (@$_POST['checkboxaddress'] == "on") { $company_district_id = $card_district_id; } $sql_system = "SELECT * FROM tbl_system_setting WHERE setting_id = '1';"; $rs_system = mysqli_query($connection, $sql_system); $row_system = mysqli_fetch_array($rs_system); $key = $row_system['secure_text']; $pointer = $row_system['secure_pointer']; if ($_FILES['profile_image'] != "") { $tmpFilePath_1 = $_FILES['profile_image']['tmp_name']; $file_1 = explode(".", $_FILES['profile_image']['name']); $count1 = count($file_1) - 1; $file_surname_1 = $file_1[$count1]; $profile_image = md5(date('mds') . rand(111, 999) . date("hsid") . rand(111, 999)) . "." . $file_surname_1; $target_file = "../../../main/upload/join/" . $profile_image; if (move_uploaded_file($_FILES["profile_image"]["tmp_name"], $target_file)) { $update_image = ",profile_image = '$profile_image'"; } else { $update_image = ""; } // if ($file_surname_1 == 'jpg' || $file_surname_1 == 'jpeg' || $file_surname_1 == 'gif' || $file_surname_1 == 'png' || $file_surname_1 == 'JPG' || $file_surname_1 == 'JPEG' || $file_surname_1 == 'GIF' || $file_surname_1 == 'PNG') { // $data_image = imageUpload($tmpFilePath_1, $profile_image); // if ($data_image != 200) { // $profile_image = ""; // } else if ($data_image == 200) { // $update_image = ",profile_image = '$profile_image'"; // } // } } else { $update_image = ""; } if (empty($birth_date)) { $birthDate = ""; } else { $birthDate = ",birth_date = '$birth_date'"; } if (empty($card_district_id)) { $card_district = ""; } else { $card_district = ",card_district_id = '$card_district_id'"; } if (empty($card_register_date)) { $card_register = ""; } else { $card_register = ",card_register_date = '$card_register_date'"; } if (empty($card_expire_date)) { $card_expire = ""; } else { $card_expire = ",card_expire_date = '$card_expire_date'"; } if (empty($company_district_id)) { $company_district = ""; } else { $company_district = ",company_district_id = '$company_district_id'"; } if (empty($license_expire_date)) { $license_expire = ""; } else { $license_expire = ",license_expire_date = '$license_expire_date'"; } if (empty($work_register_date)) { $work_register = ""; } else { $work_register = ",work_register_date = '$work_register_date'"; } if (empty($work_expire_date)) { $work_expire = ""; } else { $work_expire = ",work_expire_date = '$work_expire_date'"; } if (empty($visa_expire_date)) { $visa_expire = ""; } else { $visa_expire = ",visa_expire_date = '$visa_expire_date'"; } if (!empty($_POST['signature'])) { // $signature = base64_decode($_POST['signature']); $signature_name = md5(date('mds') . rand(111, 999) . date("hsid") . rand(111, 999)) . '.png'; // $sig_path = '../../upload/join/signature/' . $signature_name; // file_put_contents($sig_path, $signature); $base64ImageData = $_POST['signature']; list(, $base64ImageData) = explode(';', $base64ImageData); list(, $base64ImageData) = explode(',', $base64ImageData); $decodedImageData = base64_decode($base64ImageData); $image = imagecreatefromstring($decodedImageData); $width = imagesx($image); $height = imagesy($image); $outputImage = imagecreatetruecolor($width, $height); $transparentColor = imagecolorallocatealpha($outputImage, 0, 0, 0, 127); imagefill($outputImage, 0, 0, $transparentColor); imagesavealpha($outputImage, true); $whiteColor = imagecolorallocate($image, 255, 255, 255); for ($x = 0; $x < $width; $x++) { for ($y = 0; $y < $height; $y++) { $pixelColor = imagecolorat($image, $x, $y); if ($pixelColor !== $whiteColor) { imagesetpixel($outputImage, $x, $y, $pixelColor); } } } $sig_path = '../../../main/upload/join/signature/' . $signature_name; // $outputFile = 'upload/join/signature/output.png'; if (imagepng($outputImage, $sig_path)) { $member_signature = ",member_signature = '$signature_name'"; } // Free up memory by destroying the image resources imagedestroy($image); imagedestroy($outputImage); } else { $member_signature = ""; } $username = mysqli_real_escape_string($connection, $_POST['username']); $password = mysqli_real_escape_string($connection, md5($_POST['password'])); //////////////////////////////////////////////////////////////////////////////// // Encrypt $sql_member = "SELECT * FROM tbl_member WHERE member_id = '$member_id'"; $res_member = mysqli_query($connection, $sql_member); $row_member = mysqli_fetch_assoc($res_member); $secure_text = $row_member['secure_text']; $secure_pointer = $row_member['secure_pointer']; $mypassword = stringInsert($password, $secure_text, $secure_pointer); //////////////////////////////////////////////////////////////////////////////// if (empty($username)) { $username = null; } else { $username = "username = '$username'"; } if (empty($password)) { $mypassword = null; } else { $mypassword = ",password = '$mypassword'"; } // Update Member $member_update = "UPDATE tbl_member SET $username $mypassword WHERE member_id = '$member_id'"; mysqli_query($connection, $member_update); $update = "UPDATE tbl_member_detail SET title_name = '$title_name' ,member_name = '$member_name' ,member_name_en = '$member_name_en' ,race = '$race' $birthDate $update_image ,citizen_no = '$citizen_no' ,card_address = '$card_address' $card_district $card_register $card_expire ,phone = '$phone' ,email = '$email' ,education_level = '$education_level' ,company_name = '$company_name' ,company_tax_no = '$company_tax_no' ,position = '$position' ,company_address = '$company_address' $company_district ,company_phone = '$company_phone' ,company_email = '$company_email' ,company_line = '$company_line' ,company_web = '$company_web' $license_expire ,work_permit = '$work_permit' $work_register $work_expire ,visa_no ='$visa_no' $visa_expire $member_signature WHERE member_id = '$member_id' ;"; $no = 1; for ($i = 0; $i < count($_FILES["document_file"]["name"]); $i++) { $file = explode(".", $_FILES['document_file']['name'][$i]); $file_num = count($file) - 1; $file_surname = $file[$file_num]; $document = md5(date('mds') . rand(111, 999) . date("hsid") . rand(111, 999)) . "." . $file_surname; $target_file = "../../../main/upload/join/file/" . $document; if (move_uploaded_file($_FILES["document_file"]["tmp_name"][$i], $target_file)) { // $document_file = ",document_file".$no." = '$document'"; $update = "UPDATE tbl_member_detail_worker SET document_file" . $no . " = '$document' WHERE member_id = '$member_id'"; $res_update = mysqli_query($connection, $update); } else { //$document_file = ""; } $no++; } $sql_pay = "SELECT * FROM tbl_package_price WHERE member_type = '$change_level'"; $res_pay = mysqli_query($connection, $sql_pay); $row_pay = mysqli_fetch_assoc($res_pay); $payment_update = "UPDATE tbl_member_payment SET invoice_name = '$invoice_name' ,invoice_taxnumber = '$invoice_tax' ,invoice_address = '$invoice_address' ,invoice_district = '$invoice_district' ,invoice_phone = '$invoice_phone' ,invoice_email = '$invoice_email' ,member_level = '$change_level' ,payment_amount = '{$row_pay['unit_price']}' WHERE member_id = '$member_id' ;"; $rs_payment_update = mysqli_query($connection, $payment_update); $rs_update = mysqli_query($connection, $update); $update_user = mysqli_real_escape_string($connection, $_POST['update_user']); $temp_update_id = explode(".", $update_user); $update_user = bigsara_decode($temp_update_id[0], $temp_update_id[1]); $member_update = "UPDATE tbl_member SET update_user = '$update_user' ,register_level = '$change_level' WHERE member_id = '$member_id'"; mysqli_query($connection, $member_update); if ($rs_update) { $arr['status'] = 200; $arr['message'] = "ดำเนินการสำเร็จ"; } else { $arr['status'] = 500; $arr['message'] = "เกิดข้อผิดพลาด ไม่สามารถทำรายการได้"; } echo json_encode($arr);