File manager - Edit - /home/autoph/public_html/data03252025consolidation/api/reports/reports_action.php
Back
<?php include_once("../../cfg/db.php"); include_once("../../app/notification/notification.php"); include_once("../../app/sms/send_sms.php"); include_once("../../app/mail/send_mail.php"); include_once("../../app/language/en-US.php"); /** * apiKey * action * reportID * userID -> asaID * notes * */ $apiKey= $_REQUEST['apiKey']; if ($_SERVER["REQUEST_METHOD"] == "POST") { //change get to post later if($apiKey === 'TUMATABA_SI_DAN_PROMISE_100kilo_target'){ //change api key as per asa if(isset($_REQUEST['action']) && isset($_REQUEST['reportID']) && isset($_REQUEST['userID']) ){ if(isset($_REQUEST['notes'])){ $notes = $db -> escape(trim($_REQUEST['notes'])); }else{ $notes = ""; } //must added asa ID $status = $db -> escape(trim($_REQUEST['action'])); if(intval($status) <> 1 && intval($status) <> 2 ){ $return_arr["message"]=" Action can be 1 and 2 only. 1 for Approve & 2 for Decline"; echo $return_arr["message"]; return; } $record_id = $db -> escape(trim($_REQUEST['reportID'])); // $approver_employee_id = $db -> escape(trim($_REQUEST['userID'])); $asa_id = $_REQUEST['userID']; $approver_employee_id = $db -> select("SELECT id FROM employee WHERE asa_id = '$asa_id' "); if($db -> select("SELECT COUNT(1) FROM `report_status` WHERE `report_id` = '$record_id' AND `employee_id` = '$approver_employee_id' AND status =0 ") < 1){ $return_arr["message"]=" You are not allowed to do this action."; echo $return_arr["message"]; return; } $db -> sql_query("UPDATE `report_status` SET `status`='$status',`notes`='$notes',`date` = NOW() WHERE `report_id` = '$record_id' AND employee_id='$approver_employee_id' "); $control_number = $db -> select("SELECT `control_number` FROM `report` WHERE `id` = '$record_id' "); switch($status){ case "1": $report_message = $_GLOBALS['report_approved_messsage']; break; case "2": $report_message = $_GLOBALS['report_declined_messsage']; break; } $employee_id = $db -> select("SELECT employee_id FROM report WHERE id = '$record_id' "); $approver_employee_name = $db -> select("SELECT concat(e.first_name,' ',e.last_name) FROM employee e WHERE id = '$approver_employee_id' "); // echo $employee_id.' '; // echo ""; // exit; $notification = new Notification(); $notification::insertNotification('2', $record_id/*record id of specific record */ , $employee_id, /*employee_id of person who recieve the notif*/ $approver_employee_id, sprintf($report_message,$approver_employee_name,'',"",'',''), $db); $employee_contact_owner = ""; $employee_email_owner = ""; $employee_contact = $db -> sql_query("SELECT ec.`email_address`,ec.`contact_number` FROM `employee_contact` ec INNER JOIN employee e ON ec.employee_id=e.employee_id WHERE e.id = '$employee_id'"); while($row1 = $employee_contact->fetch_assoc()) { $employee_contact_owner = $row1['contact_number']; $employee_email_owner = $row1['email_address']; } // echo $employee_contact_owner;exit; // // echo "SELECT ec.`email_address`,ec.`contact_number` FROM `employee_contact` ec // // INNER JOIN employee e // // ON ec.employee_id=e.employee_id WHERE e.id = '$employee_id'"; // echo $approver_employee_name.$report_message.$variable['site_link'].'requested_reports.php'; // // exit; $send_sms = new SMS(); $send_sms::sendSMS( $employee_contact_owner, sprintf($report_message,$approver_employee_name,$control_number,"\r\nClick to view: ",$variable['site_link'].'requested_reports.php',$_GLOBALS['sms_footer']), $_GLOBALS['sms_footer'],$variable); $send_mail = new Mail(); $send_mail::sendMail( $employee_email_owner, $variable['site_name'], sprintf($report_message,$approver_employee_name,$control_number,'<br>Click to view: ',$variable['site_link'].'requested_reports.php',$_GLOBALS['email_footer']), $variable); if(intval($status) === 1){ $return_arr["status"]= 1; $return_arr["message"]=" Approved."; }else if(intval($status) === 2){ $return_arr["status"]= 2; $return_arr["message"]=" Declined."; } echo json_encode($return_arr); return; }else{ $return_arr["message"]=" You are not allowed to do this action."; echo $return_arr["message"]; return; } }else{ $return_arr["message"]=" You are not allowed to do this action."; echo $return_arr["message"]; return; } }else{ $return_arr["message"]=" You are not allowed to do this action."; echo $return_arr["message"]; return; } ?>
| ver. 1.4 |
.
| PHP 7.3.33 | Generation time: 0 |
proxy
|
phpinfo
|
Settings