Current Directory:
/home/webapp68.cm.in.th/u68319090014/final
Upload
Create File
File Name
Size
Actions
📁 data
Folder
Edit
|
Delete
|
Rename
|
Download
index.php
16273 bytes
Edit
|
Delete
|
Rename
|
Download
<?php // index.php — School News Portal (Login + Roles) — ใช้ตัวแปร $servername / $dbname / $userdb / $passdb // ====== SIMPLE CONFIG (แก้ค่านี้ให้ตรงกับโฮสต์ของโชค) ====== $servername = 'localhost'; $userdb = 'u68319090014'; $passdb = '@6814'; $dbname = 'u68319090014'; // หมวดหมู่ข่าว $CATEGORIES = [ 'public' => 'ข่าวประชาสัมพันธ์', 'students' => 'ข่าวสำหรับนักเรียน', 'teachers' => 'ข่าวสำหรับอาจารย์', 'procurement' => 'ข่าวจัดซื้อจัดจ้าง', ]; // ====== BOOTSTRAP ====== session_start(); header('Content-Type: text/html; charset=UTF-8'); function e($s) { return htmlspecialchars($s ?? '', ENT_QUOTES, 'UTF-8'); } function isLoggedIn() { return !empty($_SESSION['uid']); } function currentUser() { return isLoggedIn() ? ['id'=>$_SESSION['uid'], 'username'=>$_SESSION['username'], 'role'=>$_SESSION['role']] : null; } function forbid() { header('HTTP/1.1 403 Forbidden'); echo layout('Forbidden', '<div class="card alert">ไม่มีสิทธิ์เข้าถึงหน้านี้</div>'); exit; } function requireRole($role) { $u=currentUser(); if(!$u || $u['role']!==$role) forbid(); } function canViewCategory($category, $role) { if (in_array($category, ['public','procurement'], true)) return true; // สาธารณะ if ($role === 'admin') return true; if ($category === 'students' && $role === 'student') return true; if ($category === 'teachers' && $role === 'teacher') return true; return false; } // ====== LAYOUT ====== function layout($title, $bodyHtml) { global $SITE_NAME, $CATEGORIES; $u = currentUser(); $nav = ''; foreach ($CATEGORIES as $k=>$v) { $nav .= '<a class="chip" href="?cat='.e($k).'">'.e($v).'</a>'; } $auth = $u ? '<span class="me">👤 '.e($u['username']).' ('.e($u['role']).')</span> <a class="btn" href="?action=logout">ออกจากระบบ</a>' : '<a class="btn" href="?action=login">เข้าสู่ระบบ</a>'; $admin = ($u && $u['role']==='admin') ? '<a class="btn primary" href="?action=dashboard">แดชบอร์ดผู้ดูแล</a>' : ''; $head = '<!doctype html><html lang="th"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">' .'<title>'.e($SITE_NAME.' - '.$title).'</title>' .'<style>' .'body{margin:0;background:#0b1020;color:#eef2ff;font-family:system-ui,Arial,sans-serif}' .'.container{max-width:960px;margin:24px auto;padding:0 16px}' .'.header{display:flex;gap:12px;align-items:center;justify-content:space-between;margin-bottom:16px}' .'.brand{font-weight:800;letter-spacing:.3px}' .'.btn{padding:8px 12px;border:1px solid #334;border-radius:8px;text-decoration:none;color:#eef2ff;display:inline-block}' .'.btn.primary{background:#3b82f6;border-color:#3b82f6;color:#fff}' .'.btn.danger{background:#ef4444;border-color:#ef4444;color:#fff}' .'.chip{padding:6px 10px;border:1px solid #334;border-radius:999px;text-decoration:none;color:#eef2ff;margin-right:6px;display:inline-block}' .'.card{background:#101935;border:1px solid #334;padding:16px;border-radius:12px;margin-bottom:12px}' .'.grid{display:grid;gap:12px}' .'.grid.cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}' .'.input{width:100%;padding:10px;border-radius:8px;border:1px solid #334;background:#0a1428;color:#eef2ff}' .'.label{font-size:14px;color:#9fb3c8;margin-bottom:6px}' .'.row{display:flex;gap:10px;align-items:center;flex-wrap:wrap}' .'.table{width:100%;border-collapse:collapse}' .'.table th,.table td{border-bottom:1px solid #334;text-align:left;padding:8px;color:#eef2ff}' .'.me{color:#9fb3c8}' .'.footer{margin-top:24px;color:#9fb3c8;font-size:13px}' .'.alert{background:#1f2a44;border:1px solid #3b4a6b;padding:12px;border-radius:10px}' .'</style></head><body>'; $header = '<div class="container"><div class="header">' .'<div class="brand">🗞️ '.e($SITE_NAME).'</div><div>'.$nav.'</div>' .'<div>'.$admin.$auth.'</div>' .'</div>'; $footer = '<div class="footer">ทำด้วย ❤️ ด้วย PHP + MySQL | ตัวอย่างเพื่อการเรียนรู้</div></div></body></html>'; return $head.$header.$bodyHtml.$footer; } // ====== PDO CONNECT (ใช้ $servername / $dbname / $userdb / $passdb) ====== function pdo() { global $servername, $dbname, $userdb, $passdb; static $pdo = null; if ($pdo !== null) return $pdo; $dsnWithDb = "mysql:host={$servername};dbname={$dbname};charset=utf8mb4"; try { // ต่อเข้าฐานโดยตรง $pdo = new PDO($dsnWithDb, $userdb, $passdb, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, ]); return $pdo; } catch (PDOException $e) { // หากเป็น Unknown database (1049) — พยายามสร้าง DB ให้อัตโนมัติ if (strpos($e->getMessage(), '1049') !== false) { try { $dsnNoDb = "mysql:host={$servername};charset=utf8mb4"; $pdoTmp = new PDO($dsnNoDb, $userdb, $passdb, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, ]); $safe = preg_replace('/[^a-zA-Z0-9_]/', '_', $dbname); $pdoTmp->exec("CREATE DATABASE IF NOT EXISTS `{$safe}` CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"); // ต่อใหม่เข้าฐานที่เพิ่งสร้าง $pdo = new PDO($dsnWithDb, $userdb, $passdb, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, ]); return $pdo; } catch (PDOException $e2) { echo layout('เชื่อมต่อฐานข้อมูลไม่สำเร็จ', '<div class="card alert"><b>ไม่สามารถสร้าง/เชื่อมต่อฐานข้อมูลได้</b><br>' . e($e2->getMessage()) . '<br>ตรวจสอบสิทธิ์ผู้ใช้ MySQL หรือสร้างฐานข้อมูลด้วยตนเองใน phpMyAdmin</div>'); exit; } } // ข้อผิดพลาดอื่น ๆ echo layout('เชื่อมต่อฐานข้อมูลไม่สำเร็จ', '<div class="card alert"><b>เชื่อมต่อฐานข้อมูลไม่สำเร็จ</b><br>'.e($e->getMessage()).'</div>'); exit; } } // ====== SCHEMA GUARD ====== function ensure_schema() { $pdo = pdo(); $pdo->exec("CREATE TABLE IF NOT EXISTS users ( id INT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) UNIQUE NOT NULL, password_hash VARCHAR(255) NOT NULL, role ENUM('admin','student','teacher') NOT NULL DEFAULT 'student', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;"); $pdo->exec("CREATE TABLE IF NOT EXISTS news ( id INT AUTO_INCREMENT PRIMARY KEY, title VARCHAR(200) NOT NULL, body TEXT NOT NULL, category ENUM('public','students','teachers','procurement') NOT NULL, author_id INT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, INDEX(category), FOREIGN KEY (author_id) REFERENCES users(id) ON DELETE SET NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;"); // ถ้ายังไม่มี admin ให้สร้างอัตโนมัติ $st = $pdo->query("SELECT COUNT(*) c FROM users WHERE role='admin'"); $c = ($st && ($row=$st->fetch())) ? (int)$row['c'] : 0; if ($c === 0) { $hash = password_hash('admin123', PASSWORD_DEFAULT); $stmt = $pdo->prepare("INSERT INTO users(username,password_hash,role) VALUES(?,?, 'admin')"); $stmt->execute(['admin', $hash]); } } ensure_schema(); // ====== ACTIONS ====== $action = $_GET['action'] ?? ''; if ($action === 'login') { if ($_SERVER['REQUEST_METHOD'] === 'POST') { $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; $stmt = pdo()->prepare('SELECT * FROM users WHERE username = ? LIMIT 1'); $stmt->execute([$username]); $u = $stmt->fetch(); if ($u && password_verify($password, $u['password_hash'])) { $_SESSION['uid'] = $u['id']; $_SESSION['username'] = $u['username']; $_SESSION['role'] = $u['role']; header('Location: ./'); exit; } else { $error = '<div class="alert">❌ ชื่อผู้ใช้หรือรหัสผ่านไม่ถูกต้อง</div>'; } } $form = '<div class="grid cols-2">'; $form .= ' <div class="card">'; $form .= ' <h2>เข้าสู่ระบบ</h2>'; $form .= ' <form method="post">'; $form .= ' <div class="label">ชื่อผู้ใช้</div>'; $form .= ' <input class="input" name="username" required>'; $form .= ' <div class="label" style="margin-top:10px">รหัสผ่าน</div>'; $form .= ' <input class="input" type="password" name="password" required>'; $form .= ' <div style="margin-top:12px" class="row">'; $form .= ' <button class="btn primary" type="submit">เข้าสู่ระบบ</button>'; $form .= ' <a class="btn" href="./">ยกเลิก</a>'; $form .= ' </div>'; $form .= ' </form>'; $form .= ($error ?? ''); $form .= ' <div class="me">ทดลอง: admin / admin123</div>'; $form .= ' </div>'; $form .= ' <div class="card">'; $form .= ' <h3>บทบาทผู้ใช้</h3>'; $form .= ' <p class="me">student เห็นข่าวนักเรียน • teacher เห็นข่าวอาจารย์ • admin จัดการข่าวทั้งหมด</p>'; $form .= ' </div>'; $form .= '</div>'; echo layout('เข้าสู่ระบบ', $form); exit; } if ($action === 'logout') { session_destroy(); header('Location: ./'); exit; } if ($action === 'dashboard') { requireRole('admin'); $rows = pdo()->query('SELECT n.*, u.username FROM news n LEFT JOIN users u ON u.id=n.author_id ORDER BY n.created_at DESC LIMIT 200')->fetchAll(); ob_start(); echo '<div class="card">'; echo '<div class="row" style="justify-content:space-between;align-items:center"><h2>แดชบอร์ดผู้ดูแล</h2><a class="btn primary" href="?action=edit">+ เพิ่มข่าว</a></div>'; echo '<table class="table"><thead><tr><th>ID</th><th>หัวข้อ</th><th>หมวด</th><th>ผู้เขียน</th><th>วันที่</th><th></th></tr></thead><tbody>'; foreach ($rows as $r) { echo '<tr>'; echo '<td>'.e($r['id']).'</td>'; echo '<td>'.e($r['title']).'</td>'; echo '<td><span class="chip">'.e($GLOBALS['CATEGORIES'][$r['category']] ?? $r['category']).'</span></td>'; echo '<td>'.e($r['username'] ?? '-').'</td>'; echo '<td>'.e($r['created_at']).'</td>'; echo '<td class="row"><a class="btn" href="?action=edit&id='.e($r['id']).'">แก้ไข</a> <a class="btn danger" onclick="return confirm(\'ลบรายการนี้?\')" href="?action=delete&id='.e($r['id']).'">ลบ</a></td>'; echo '</tr>'; } echo '</tbody></table></div>'; $html = ob_get_clean(); echo layout('แดชบอร์ด', $html); exit; } if ($action === 'edit') { requireRole('admin'); $id = isset($_GET['id']) ? (int)$_GET['id'] : 0; $row = ['id'=>0, 'title'=>'', 'body'=>'', 'category'=>'public']; if ($id) { $stmt = pdo()->prepare('SELECT * FROM news WHERE id = ?'); $stmt->execute([$id]); $row = $stmt->fetch() ?: $row; } $catOpts = ''; foreach ($GLOBALS['CATEGORIES'] as $k=>$v) { $sel = ($row['category'] === $k) ? 'selected' : ''; $catOpts .= "<option value='".e($k)."' $sel>".e($v)."</option>"; } $form = '<div class="card">'; $form .= '<h2>'.($id ? ('แก้ไขข่าว #'.e((string)$id)) : 'เพิ่มข่าวใหม่').'</h2>'; $form .= '<form method="post" action="?action=save">'; $form .= '<input type="hidden" name="id" value="'.e((string)$row['id']).'">'; $form .= '<div class="label">หัวข้อ</div>'; $form .= '<input class="input" name="title" value="'.e($row['title']).'" required>'; $form .= '<div class="label" style="margin-top:10px">หมวด</div>'; $form .= '<select class="input" name="category">'.$catOpts.'</select>'; $form .= '<div class="label" style="margin-top:10px">เนื้อหา</div>'; $form .= '<textarea class="input" name="body" rows="8" required>'.e($row['body']).'</textarea>'; $form .= '<div class="row" style="margin-top:12px">'; $form .= '<button class="btn primary" type="submit">บันทึก</button>'; $form .= '<a class="btn" href="?action=dashboard">ยกเลิก</a>'; $form .= '</div>'; $form .= '</form></div>'; echo layout($id ? 'แก้ไขข่าว' : 'เพิ่มข่าว', $form); exit; } if ($action === 'save' && $_SERVER['REQUEST_METHOD']==='POST') { requireRole('admin'); $id = (int)($_POST['id'] ?? 0); $title = trim($_POST['title'] ?? ''); $category = $_POST['category'] ?? 'public'; $body = trim($_POST['body'] ?? ''); if ($title === '' || $body === '' || !array_key_exists($category, $GLOBALS['CATEGORIES'])) { echo layout('ข้อผิดพลาด', '<div class="card alert">ข้อมูลไม่ครบถ้วน</div>'); exit; } if ($id > 0) { $stmt = pdo()->prepare('UPDATE news SET title=?, body=?, category=? WHERE id=?'); $stmt->execute([$title, $body, $category, $id]); } else { $uid = $_SESSION['uid'] ?? null; $stmt = pdo()->prepare('INSERT INTO news(title, body, category, author_id) VALUES(?,?,?,?)'); $stmt->execute([$title, $body, $category, $uid]); } header('Location: ?action=dashboard'); exit; } if ($action === 'delete') { requireRole('admin'); $id = (int)($_GET['id'] ?? 0); if ($id>0) { $stmt = pdo()->prepare('DELETE FROM news WHERE id=?'); $stmt->execute([$id]); } header('Location: ?action=dashboard'); exit; } // ====== HOME (list news by category) ====== $cat = $_GET['cat'] ?? 'public'; if (!array_key_exists($cat, $CATEGORIES)) $cat = 'public'; $u = currentUser(); $role = $u['role'] ?? null; if (!canViewCategory($cat, $role)) { $msg = '<div class="card alert">ต้องเข้าสู่ระบบด้วยบทบาทที่ถูกต้องเพื่อดูหมวดนี้: <b>'.e($CATEGORIES[$cat]).'</b></div>'; echo layout('ต้องเข้าสู่ระบบ', $msg); exit; } $stmt = pdo()->prepare('SELECT n.*, u.username FROM news n LEFT JOIN users u ON u.id=n.author_id WHERE category=? ORDER BY created_at DESC LIMIT 100'); $stmt->execute([$cat]); $rows = $stmt->fetchAll(); ob_start(); echo '<div class="row" style="margin-bottom:10px"><span class="chip">กำลังดู: '.e($CATEGORIES[$cat]).'</span>'; if ($u && $u['role']==='admin') echo '<a class="btn" href="?action=edit">+ เพิ่มข่าว</a>'; echo '</div>'; if (!$rows) { echo '<div class="card">ยังไม่มีข่าวในหมวดนี้</div>'; } else { foreach ($rows as $r) { echo '<div class="card" style="margin-bottom:12px">'; echo '<div class="row" style="justify-content:space-between"><h3 style="margin:0">'.e($r['title']).'</h3><span class="chip">'.e($CATEGORIES[$r['category']]).'</span></div>'; echo '<div style="white-space:pre-wrap;margin-top:8px">'.nl2br(e($r['body'])).'</div>'; echo '<div class="me" style="margin-top:8px">✍️ โดย '.e($r['username'] ?? 'ระบบ').' • 🕒 '.e($r['created_at']).'</div>'; echo '</div>'; } } $homeHtml = ob_get_clean(); echo layout('หน้าแรก', $homeHtml); // EOF
Save Changes