Tryag File Manager

/home/thebestprx/public_html/admin/product/fn_product.php

<? @session_start();

include("../include/chksession.php"); 
include ("../include/connect.php");
include ("../include/function.php");

mysql_query("SET NAMES UTF8");
mysql_select_db($dbname, $cn);

//id
$id=$_POST['id'];

//product
$code=$_POST['code'];

$name=$_POST['name'];
$detail=$_POST['detail'];
$layout=$_POST['layout'];
$location=$_POST['location'];
$contact=$_POST['contact'];

$status=$_POST['status'];
$status2=$_POST['status2'];
$maincate=$_POST['main-cate'];
$subcate=$_POST['sub-cate'];
$vdo=$_POST["vdo"];

if(is_array($maincate))
	$maincate=implode(",", $maincate);
if(is_array($subcate))
	$subcate=implode(",", $subcate);

$needcut = array("\r\n", "\n", "\r");
$detail = str_replace($needcut, "", $detail);

//cate
$cate_name=$_POST['cate_name'];
$main_cate=$_POST['main_cate'];

$date_today = date("Y-m-d");

if(strncmp($vdo, "https:", 6) == 0 || strncmp($vdo, "http:", 5) == 0 || strncmp($vdo, "www.", 4) == 0  ){
	$vdo_link = getYouTubeIdFromURL($vdo);
}else{
	$vdo_link = $vdo;
}

//PDF	
$docsave = 0;
for( $x=0 ; $x < 1 ; $x++ )
{
	$fileloadid = $x+1;
	 $newfile = sprintf("file_array%d", ($x+1));
	if( $_FILES[$newfile]['name'] != '' )
	{
		$fileidArrload[$x] = $fileloadid;
		$filenameArrload[$x] = $_FILES[$newfile]['name'];
		$filecontentArrload[$x] = $_FILES[$newfile]['tmp_name'];
		$docsave = 1;
	}
}
	
	switch ($_POST['action']) {
    case "add":
			echo"<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />";
			
			$sql="INSERT INTO tb_product (prod_id,prod_name_th,prod_detail,prod_layout,prod_location,prod_contact,prod_main_cate,prod_status,prod_status2,prod_sort,prod_vdo,prod_date) 
			value ('$id','$name','$detail','$layout','$location','$contact',',$maincate,','$status','$status2','0','$vdo_link','$date_today') ON DUPLICATE KEY UPDATE
			prod_name_th='$name', 
			prod_detail='$detail', 
			prod_layout='$layout', 
			prod_location='$location', 
			prod_contact='$contact', 
			prod_main_cate=',$maincate,', 
			prod_status='$status', 
			prod_status2='$status2', 
			prod_vdo='$vdo_link', 
			prod_date='$date_today'  ";
					
			if(mysql_query($sql) == true)
			{
				if($id=="")
					$lastID = mysql_insert_id();
				else
					$lastID =$id;
					
				if( $docsave == 1 )
				{
					for( $x=0 ; $x < 1 ; $x++ )
					{
						$id = $fileidArrload[$x];
						$file_data = "";
				
						if($filecontentArrload[$x] != '')
						{
							$ext = pathinfo($filenameArrload[$x], PATHINFO_EXTENSION);
							$ext=strtolower($ext);
							$newFileName = md5($filecontentArrload[$x].date("d-m-Y H:i:s")).'.'.$ext;
							
								if($ext == "pdf") //ตรวจสอบนามสกุล
								{
									if( move_uploaded_file($filecontentArrload[$x], "../../album/product/pdf/$newFileName") == TRUE )
									{
										$sql = "UPDATE tb_product SET prod_pdf ='$newFileName' WHERE prod_id ='$lastID' ";						
										if( mysql_query($sql) == false )
										$err = 2;				
									}
								}
								
						}
					}
				}
				
				foreach ($_FILES["add_image"]["error"] as $key => $error){
	
				$newfile = 'add_image';
				$filename = $_FILES[$newfile]['name'][$key];
				$filecontent = $_FILES[$newfile]['tmp_name'][$key];
				
				if( $filename != '' )// ถ้ามีภาพคือ ถ้าไม่ใช่ค่าว่าง
					{			
						$sql="INSERT INTO tb_product_images (imag_id,imag_productID,imag_sort) VALUES ('', '$lastID','0')";
						
						if( mysql_query($sql) == true ) 
						{
							$new_galid = mysql_insert_id();

$ext = pathinfo($filename, PATHINFO_EXTENSION);
							$ext = strtolower($ext );
							$newFileName = md5($filecontent.date("d-m-Y H:i:s")).'.'.$ext;
							
							if( move_uploaded_file($filecontent, "../../album/product/$newFileName") == TRUE )
							{
								
								$img= "../../album/product/$newFileName";
								$new_img= "../../album/product/small/$newFileName";
								$new_largeimg = "../../album/product/large/$newFileName";
								
								 $imgsmall = resize($img,$new_img,'400',$ext);
								 $imglarge = resize($img,$new_largeimg,'900',$ext) ;
			
									if ( $imglarge== true && $imgsmall == true)
									{
										
										$sql = "UPDATE tb_product_images SET imag_file ='$newFileName' WHERE imag_id ='$new_galid' ";						
										
										//if( mysql_query($sql) == true ) 
										//$sql="delete from tb_product_images where imag_productID ='0' ";
										mysql_query($sql) ;
										
										//ลบ buffer
										$bufferfile = $img;
										if( file_exists($bufferfile)==TRUE )
										unlink($bufferfile);
										
										$err = 0;
									} 	
									else
									{
										//ลบ buffer
										$bufferfile = $img;
										if( file_exists($bufferfile)==TRUE )
										unlink($bufferfile);
									}
							}
							
						}
						else
							$err = 3;
					}
				}// close $filename != "" ไม่เท่ากับค่า null	
					
					
				foreach ($_FILES["add_pic"]["error"] as $key => $error) {
					
					$newfile = 'add_pic';
					$filename = $_FILES[$newfile]['name'][$key] ;
					$filecontent = $_FILES[$newfile]['tmp_name'][$key] ;
					
					if( $filename != '' )// ถ้ามีภาพคือ ถ้าไม่ใช่ค่าว่าง
					{			
						$ext = pathinfo($filename, PATHINFO_EXTENSION);
						$ext = strtolower($ext );
						$newFileName = md5($filecontent.date("d-m-Y H:i:s")).'.'.$ext;
					
						if( move_uploaded_file($filecontent, "../../album/product/$newFileName") == TRUE )
						{
							$img= "../../album/product/$newFileName";
							$new_img= "../../album/product/small/$newFileName";
							$new_largeimg = "../../album/product/large/$newFileName";
						
							$imgsmall = resize($img,$new_img,'500',$ext);
							$imglarge = resize($img,$new_largeimg,'770',$ext) ;
					
							if($imglarge== true && $imgsmall == true)
							{
								$sql = "UPDATE tb_product SET prod_pic ='$newFileName' WHERE prod_id ='$lastID' ";					
								if(mysql_query($sql) == true ) 
									//ลบ buffer
									$bufferfile = $img;
									if( file_exists($bufferfile)==TRUE )
									unlink($bufferfile);
									
									$err = 0;
							} 	
							else
							{
								//ลบ buffer
								$bufferfile = $img;
								if( file_exists($bufferfile)==TRUE )
								unlink($bufferfile);
							}
						}
					
					}
				}
						
		
					
					echo "<script language='javascript'>alert('บันทึกลงฐานข้อมูลเรียบร้อยแล้วค่ะ');</script> <meta http-equiv=\"refresh\" content=\"0;URL=index.php?id=$lastID\" />";
			}
			
			
			
			
        break;
    case "del-image":
			
			$file=$_POST['file'];
			
			$sql="DELETE FROM tb_product_images WHERE imag_id ='$id'";
				if( mysql_query($sql) == true )
				{
					$bufferfile = "../../album/product/small/".$file;
					if( file_exists($bufferfile)==TRUE )
					unlink($bufferfile);
					
					$bufferfile = "../../album/product/large/".$file;
					if( file_exists($bufferfile)==TRUE )
					unlink($bufferfile);
					
				}
			die(msg("1","ลบรูปภาพสำเร็จค่ะ"));
			
			
        break;
	case "del-pic":
			
			$file=$_POST['file'];
			
			$sql="UPDATE tb_product SET prod_pic =''  WHERE prod_id ='$id' ";
				if( mysql_query($sql) == true )
				{
					$bufferfile = "../../album/product/small/".$file;
					if( file_exists($bufferfile)==TRUE )
					unlink($bufferfile);
					
					$bufferfile = "../../album/product/large/".$file;
					if( file_exists($bufferfile)==TRUE )
					unlink($bufferfile);
					
				}
			die(msg("1","ลบรูปภาพสำเร็จค่ะ"));
			
			
			
        break;
    case "del-pdf":
			
			$file=$_POST['file'];
			
			$sql="update tb_product set prod_pdf ='' where prod_id ='$id' ";
				if( mysql_query($sql) == true )
				{
					$bufferfile = "../../album/product/pdf/".$file;
					if( file_exists($bufferfile)==TRUE )
					unlink($bufferfile);
					
				}
			die(msg("1","ลบไฟล์ PDF สำเร็จค่ะ"));
			
			
        break;
    case "add-cate":
			echo"<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />";
			
			$sql="INSERT INTO tb_product_cate (cate_id,cate_name_th,cate_sort,cate_main) VALUE ('$id','$cate_name','0','$main_cate') ON DUPLICATE KEY UPDATE
					cate_name_th='$cate_name', cate_main='$main_cate' ";
			
			if(mysql_query($sql) == true)
				echo "<script language='javascript'>alert('บันทึกลงฐานข้อมูลเรียบร้อยแล้วค่ะ');</script> <meta http-equiv=\"refresh\" content=\"0;URL=category.php\" />";
			else
				echo "<script language='javascript'>alert('เกิดความผิดพลาดบางประการเกี่ยวกับการบันทึกลงฐานข้อมูล #$err'); javascript:history.back();</script>";
			
			
        break;
	 case "add-cate-sub":
			echo"<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />";

$sql="INSERT INTO tb_product_cate (cate_id,cate_name_th,cate_sort,cate_main) VALUE ('$id','$cate_name','0','$main_cate') ON DUPLICATE KEY UPDATE
					cate_name='$cate_name_th', cate_main='$main_cate' ";
			
			if(mysql_query($sql) == true)
				echo "<script language='javascript'>alert('บันทึกลงฐานข้อมูลเรียบร้อยแล้วค่ะ');</script> <meta http-equiv=\"refresh\" content=\"0;URL=category_sub.php?id=$main_cate\" />";
			else
				echo "<script language='javascript'>alert('เกิดความผิดพลาดบางประการเกี่ยวกับการบันทึกลงฐานข้อมูล #$err'); javascript:history.back();</script>";
			
			
        break;
    case "edit-cate":
			
			$sort=$_POST['no'];
			$name=$_POST['name'];
	
			$sql="UPDATE tb_product_cate
					SET cate_sort='$sort'
					WHERE cate_id=$id  ";
			if( mysql_query($sql) == true )
				die(msg("1","บันทึกลงฐานข้อมูลเรียบร้อยแล้วค่ะ"));
			
        break;
    case "del-cate":
	
			$delall  = $_POST["del"];
			$delid = explode(",", $delall);
			
			$x = 0;
			while( $delid[$x] != "" )
			{
				$sql="DELETE FROM tb_product_cate WHERE cate_id ='$delid[$x]'";
				if( mysql_query($sql) == false )
					die(msg("2","เกิดความผิดพลาดบางประการเกี่ยวกับการบันทึกลงฐานข้อมูล"));
			$x++;
			}
			die(msg("1","ลบหมวดหมู่สำเร็จค่ะ"));
			
        break;
    case "del-list":
	
			$delall  = $_POST["del"];
			$delid = explode(",", $delall);
			
			$x = 0;
			while( $delid[$x] != "" )
			{
				$sqlfind = "SELECT * FROM tb_product_images WHERE imag_productID ='$delid[$x]'";
				$resfind = mysql_query($sqlfind);
				while($resfind && $rfind=mysql_fetch_array($resfind))
				{
						$delfile = "../../album/product/small/$rfind[imag_file]"; 
						if( file_exists($delfile)==true && $rfind[imag_file] !="")
						unlink($delfile);
						
						$delfile = "../../album/product/large/$rfind[imag_file]"; 
						if( file_exists($delfile)==true && $rfind[imag_file] !="")
						unlink($delfile);
						
						$sql="delete from tb_product_images where imag_productID ='$delid[$x]'";
						if( mysql_query($sql) == false )
							die(msg("2","เกิดความผิดพลาดบางประการเกี่ยวกับการบันทึกลงฐานข้อมูล"));
				}
				$sql="delete from tb_product where prod_id ='$delid[$x]'";
				if( mysql_query($sql) == false )
						die(msg("2","เกิดความผิดพลาดบางประการเกี่ยวกับการบันทึกลงฐานข้อมูล"));
				$x++;
			}
			die(msg("1","ลบรายการสินค้าสำเร็จค่ะ"));
			
			
        break;
    case "save-list":
			
			$save=$_POST["save"];
			$save = urldecode($save);
			$rec = explode("||", $save);
			
			$i = 0;
			while( $rec[$i] )
			{
				$each = $rec[$i];
				$arr = explode(";;", $each);
				
				$sql = "UPDATE tb_product SET ";
				
				$sql .= " prod_sort='$arr[1]',";
				$sql .= " prod_status='$arr[2]'"; //สุดท้าย
				$sql .= " where prod_id ='$arr[0]' ";
				
				if( mysql_query($sql) == false )
					die(msg("2","เกิดความผิดพลาดบางประการเกี่ยวกับการบันทึกลงฐานข้อมูล"));
		
				$i++;
			}
			die(msg("1","บันทึกลงฐานข้อมูลเรียบร้อยแล้วค่ะ"));
			
        break;
    case "move":
			
			$data=$_POST["data"];
			
			$err = 0;
			$i = 0;
			
			$rec_arr = explode("||",$data);
			$count =0;
			while($rec_arr[$count]){
				$arr = explode(",",$rec_arr[$count]);
				
				$sql = "update tb_product_images set";
				$sql .= " imag_sort='$arr[1]'  WHERE imag_id = '$arr[0]'  ";	
				if( mysql_query($sql) == false )
					$err = 1;
					
				$count ++;
			}
			
        break;
	}

mysql_close($cn);

function getYouTubeIdFromURL($url)
{
  $url_string = parse_url($url, PHP_URL_QUERY);
  parse_str($url_string, $args);
  return isset($args['v']) ? $args['v'] : false;
}
?>