1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
<?php
include 'config.php';
// Check if the user is logged in
if ((!isSet($_SESSION['loginname'])) || ($loggin <> '1')) {
header("Location: login.php");
exit;
}
require("function_cropimg.php");
require_once("mime_type_lib.php");
$sql = "select max(id) as maxid from company";
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute()) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
$row = $sth->fetch(PDO::FETCH_ASSOC);
$id = $row{"maxid"} + 1;
$message = "";
if((int)$_POST["floor"] != $_POST["floor"]){
$message .= "樓層只可以是數字.\\n\\n";
}else{
$all_disable_floor = explode(",", $disable_floor);
foreach($all_disable_floor as $this_disable_floor){
if($_POST["floor"] == $this_disable_floor){
$message .= "你所輸入的樓層不存在.\\n\\n";
break;
}
}
}
if((int)$_POST["telephone"] != $_POST["telephone"]){
$message .= "電話號碼應是數字組成.\\n\\n";
}
if(!empty($message)){
echo '<script>alert("'.$message.'"); history.back();</script>';
exit;
}
$floor = (int)$_POST["floor"];
$telephone = (int)$_POST["telephone"];
$room_no = $_POST["room_no"];
$fax = $_POST["fax"];
$email = $_POST["email"];
$website = $_POST["website"];
foreach ($arraylangcode as $langcode => $langname) {
$companyname[$langcode] = $_POST["companyname_".$langcode];
$companyaddress[$langcode] = $_POST["companyaddress_".$langcode];
}
// Upload File
if ($_FILES["logo"]['name'] <> '') {
//check if image type is valid or not
$mime = get_file_mime_type($_FILES["logo"]['name']);
if (($mime == "image/gif") || ($mime == "image/jpeg") || ($mime == "image/png")) {
$filename = $_FILES["logo"]['name'];
preg_match("/\.([^\.]+)$/", $filename, $file_ext);
$newfilename = random_string()."_id_".$id.".".$file_ext[1]; // default length 8
move_uploaded_file($_FILES["logo"]['tmp_name'], "../images/company_logo/".$newfilename) or die ("不能上載圖片");
//$companyimg_path = "../images/business_image/".$newfilename;
//createthumb($companyimg_path, $companyimg_path, 680, 350);
$logo = $newfilename;
} else {
echo '<script language="javascript">
alert("圖片格式必須是 JPEG, GIF, or PNG");
history.back();
</script>';
exit;
}
} else {
$logo = "";
}
/*$sql = "update company set sort = sort + 1";
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
exit;
}
if (!$sth->execute()) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
exit;
}*/
$nowdate = date("Y-m-d H:i:s");
$sql = "insert into company (id, companyname_en, companyname_tc, floor, logo,room_no, telephone,fax, email, website, companyaddress_en,companyaddress_tc, createdate, createby, lastupdate, lastupby) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$parameters = array($id, $companyname["en"], $companyname["tc"], $floor, $logo,$room_no, $telephone, $fax, $email, $website, $companyaddress["en"],$companyaddress["tc"], $nowdate, $_SESSION['cmsloginid'], $nowdate, $_SESSION['cmsloginid'] );
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute($parameters)) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
$dbh = null;
header("Location: company_index.php?msg=新增成功");
?>
|