-
Notifications
You must be signed in to change notification settings - Fork 1
/
recordactiontodoc.php
142 lines (83 loc) · 6.06 KB
/
recordactiontodoc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php
session_start();
require_once("db.php");
if(!isset($_SESSION['id'])) {
header("Location: signin.php");
}
if(!isset($_GET['did'])){
echo "Sorry, you are accessing this page with insufficient parameters. Please click back on your browser.";
return;
}
$did = $_GET['did'];
$id = $_SESSION['id'];
document_details_table($did);
// This sequence checks if the Document ID exists.
$checkdid = "select id from document where id = $did";
$proccheckdid = $db->query($checkdid);
if(!mysqli_num_rows($proccheckdid)){
echo "Sorry, this Document ID does not exist.";
return;
}
// This sequence checks that the user is allowed to access this document.
// First test is if the user is the creator.
$checkdidcreator = "select id from document where id = $did and creator = '$id'";
$proccheckcreator = $db->query($checkdidcreator);
if(!mysqli_num_rows($proccheckcreator)){
// Second test is if the user is within the office where the document was created.
$checkofficecreator = "select employeeoffice.id from employeeoffice, document where document.id = $did and document.creatoroffice = employeeoffice.officeid and employeeoffice.employeeid = $id";
$proccheckofficecreator = $db->query($checkofficecreator);
if(!mysqli_num_rows($proccheckofficecreator)){
// Third test is if the user is within the office where the document was routed to.
$checkofficerecipient = "select TrackID from documentindividualtrack where DocumentID = $did and RecipientPerson = $id";
$proccheckofficerecipient = $db->query($checkofficerecipient);
if(!mysqli_num_rows($proccheckofficerecipient)){
// Last test is if the user has been individually identified as recipient of the document.
$checkindividualrecipient = "select TrackID from trackdocumentindividual where DocumentID = $did and RecipientPerson = $id";
$proccheckindividualrecipient = $db->query($checkindividualrecipient);
if(!mysqli_num_rows($proccheckindividualrecipient)){
echo "Sorry, you don't have access to this document.<br /><br />";
echo "<a href='index.php'>View documents you currently have access to</a>";
return;
}
}
}
}
echo "<form action='recordactiontodocprocess.php' method ='post' enctype='multipart/form-data'>";
echo "<input name='documentid' value='$did' hidden readonly=''><br />";
echo "<b>Source Office</b>: <select name='sourceoffice'>";
$selectactiveoffice = "select office.id, office.name from office, employeeoffice where employeeoffice.officeid = office.id and employeeoffice.employeeid = $id and employeeoffice.status = 'Active' order by office.name asc";
$processselectactiveoffice = $db->query($selectactiveoffice);
while ($dbofficeactive = $processselectactiveoffice->fetch_assoc()){
echo "<option value=".$dbofficeactive['id'].">".$dbofficeactive['name']."</option>";
}
echo "</select>";
echo "<br /><br />";
echo "<b>Date of Action</b>: <input name='creationdate' type='date'><br /><br />";
echo "<b>Instruction</b><br /> <textarea rows='3' cols='50' name='message' maxlength='500'></textarea><br /><br />";
echo "<input type='text' name='recipienttype' value='office' hidden readonly=''>";
/*
echo "<b>Recipient Person</b><br />";
echo "<select name='recipientperson'>";
echo "<option value=''></option";
//$fetch_ind = "select employee.id as 'eid', employee.firstname as 'firstname', employee.lastname as 'lastname', employeeoffice.membership as 'membership', office.acronym as 'officeacronym' from employee, employeeoffice, office where employeeoffice.employeeid = employee.id and employeeoffice.officeid = office.id and employee.status = 'Active' and membership = 1 order by lastname";
$fetch_ind = "select distinct(employee.id) as 'eid', employee.firstname as 'firstname', employee.lastname as 'lastname', employeeoffice.membership as 'membership' from employee, employeeoffice, office where employeeoffice.employeeid = employee.id and employeeoffice.officeid = office.id and employee.status = 'Active' and membership = 1 order by lastname";
$profess_fetch_ind = $db->query($fetch_ind);
while($dbactiveemp = $profess_fetch_ind->fetch_assoc()){
// echo "<option value='".$dbactiveemp['eid']."'>".$dbactiveemp['lastname'].", ".$dbactiveemp['firstname']." (".$dbactiveemp['officeacronym'].")</option>"; // This option displays the office in the dropdown
echo "<option value='".$dbactiveemp['eid']."'>".$dbactiveemp['lastname'].", ".$dbactiveemp['firstname']."</option>";
}
echo "</select>";
*/
echo "<i>If this document needs to be routed to multiple officials regardless of their office(s), click <a href='routetoindividual.php?did=$did'>here</a></i>.";
echo "<br /><br />";
echo "<b>Recipient Office/s</b> <br />";
$sql_fetch_office = "select id, name from office where status = 'Active' ORDER BY name asc";
$result3 = $db->query($sql_fetch_office);
while($row = $result3->fetch_assoc()){
//echo '<input type="checkbox" name="receivingoffice[]" value="'.$row["id"].'"> '.$row["name"].'<br />';
echo "<input type='checkbox' name='recipientoffice[]' value='".$row["id"]."'>".$row["name"]."<br />";
}
echo "<br /><br/>";
echo "Please check the details before clicking <b>Record</b> below.<br /><br />";
echo "<input name='Create' type='submit' value='Record'>";
echo "</form> ";