156 lines
6.5 KiB
PHP
156 lines
6.5 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
require_once __DIR__ . '/archive_bootstrap.php';
|
|
ensure_archive_table();
|
|
$user = require_login();
|
|
verify_csrf_or_fail();
|
|
|
|
$id = isset($_POST['id']) ? (int) $_POST['id'] : 0;
|
|
$referenceCode = trim((string) ($_POST['reference_code'] ?? ''));
|
|
$title = trim((string) ($_POST['title'] ?? ''));
|
|
$mainMenu = trim((string) ($_POST['main_menu'] ?? ''));
|
|
$folderPath = trim((string) ($_POST['folder_path'] ?? ''));
|
|
$countryTag = trim((string) ($_POST['country_tag'] ?? ''));
|
|
$recordDay = (int) ($_POST['record_day'] ?? 0);
|
|
$recordMonth = (int) ($_POST['record_month'] ?? 0);
|
|
$recordYear = (int) ($_POST['record_year'] ?? 0);
|
|
$confidentiality = trim((string) ($_POST['confidentiality'] ?? ''));
|
|
$keywords = trim((string) ($_POST['keywords'] ?? ''));
|
|
$description = trim((string) ($_POST['description'] ?? ''));
|
|
|
|
if ($referenceCode === '' || $title === '' || $folderPath === '' || $description === '' || $mainMenu === '' || $countryTag === '' || $confidentiality === '') {
|
|
flash('error', 'Semua field wajib harus diisi sebelum menyimpan arsip.');
|
|
header('Location: index.php#arsip-form');
|
|
exit;
|
|
}
|
|
|
|
$folderInfo = normalize_folder_path($folderPath);
|
|
if (!$folderInfo || $folderInfo['has_children']) {
|
|
flash('error', 'Pilih folder terdalam yang valid.');
|
|
header('Location: index.php#arsip-form');
|
|
exit;
|
|
}
|
|
if ($folderInfo['main_menu'] !== $mainMenu) {
|
|
flash('error', 'Menu utama tidak sesuai dengan folder yang dipilih.');
|
|
header('Location: index.php#arsip-form');
|
|
exit;
|
|
}
|
|
if (!can_access_menu($user, $mainMenu)) {
|
|
flash('error', 'Akun ini tidak memiliki izin untuk folder tersebut.');
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
$documentDate = validate_record_date($recordDay, $recordMonth, $recordYear);
|
|
if (!$documentDate) {
|
|
flash('error', 'Tanggal arsip tidak valid.');
|
|
header('Location: index.php#arsip-form');
|
|
exit;
|
|
}
|
|
|
|
$existing = null;
|
|
if ($id > 0) {
|
|
$existing = fetch_record_by_id($id);
|
|
if (!$existing || !can_edit_record($user, $existing)) {
|
|
flash('error', 'Arsip tidak ditemukan atau tidak dapat diedit.');
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
$attachmentName = $existing['attachment_name'] ?? null;
|
|
$attachmentPath = $existing['attachment_path'] ?? null;
|
|
if (!empty($_FILES['attachment']['name'])) {
|
|
if (!isset($_FILES['attachment']['error']) || $_FILES['attachment']['error'] !== UPLOAD_ERR_OK) {
|
|
flash('error', 'Lampiran gagal diunggah.');
|
|
header('Location: index.php#arsip-form');
|
|
exit;
|
|
}
|
|
if ((int) $_FILES['attachment']['size'] > 8 * 1024 * 1024) {
|
|
flash('error', 'Ukuran file maksimal 8 MB.');
|
|
header('Location: index.php#arsip-form');
|
|
exit;
|
|
}
|
|
$originalName = basename((string) $_FILES['attachment']['name']);
|
|
$extension = strtolower((string) pathinfo($originalName, PATHINFO_EXTENSION));
|
|
if (!in_array($extension, allowed_file_extensions(), true)) {
|
|
flash('error', 'Format lampiran belum didukung.');
|
|
header('Location: index.php#arsip-form');
|
|
exit;
|
|
}
|
|
$safeName = date('YmdHis') . '-' . bin2hex(random_bytes(6)) . '.' . $extension;
|
|
$relativePath = 'uploads/archives/' . $safeName;
|
|
$destination = __DIR__ . '/' . $relativePath;
|
|
upload_dir();
|
|
if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $destination)) {
|
|
flash('error', 'Lampiran gagal disimpan ke server.');
|
|
header('Location: index.php#arsip-form');
|
|
exit;
|
|
}
|
|
if ($attachmentPath && is_file(__DIR__ . '/' . $attachmentPath)) {
|
|
@unlink(__DIR__ . '/' . $attachmentPath);
|
|
}
|
|
$attachmentName = $originalName;
|
|
$attachmentPath = $relativePath;
|
|
}
|
|
|
|
$ownerUnit = $user['unit'];
|
|
if ($mainMenu === 'INFORMASI NEGARA' && in_array($user['unit'], ['Politik', 'Pimpinan'], true)) {
|
|
$ownerUnit = 'Politik';
|
|
}
|
|
|
|
if ($id > 0) {
|
|
$stmt = db()->prepare('UPDATE archive_records SET
|
|
reference_code = :reference_code,
|
|
title = :title,
|
|
main_menu = :main_menu,
|
|
folder_path = :folder_path,
|
|
country_tag = :country_tag,
|
|
owner_unit = :owner_unit,
|
|
record_day = :record_day,
|
|
record_month = :record_month,
|
|
record_year = :record_year,
|
|
document_date = :document_date,
|
|
confidentiality = :confidentiality,
|
|
keywords = :keywords,
|
|
description = :description,
|
|
attachment_name = :attachment_name,
|
|
attachment_path = :attachment_path
|
|
WHERE id = :id');
|
|
$stmt->bindValue(':id', $id, PDO::PARAM_INT);
|
|
} else {
|
|
$stmt = db()->prepare('INSERT INTO archive_records (
|
|
reference_code, title, main_menu, folder_path, country_tag, owner_unit,
|
|
created_by_username, created_by_name, record_day, record_month, record_year,
|
|
document_date, confidentiality, keywords, description, attachment_name, attachment_path
|
|
) VALUES (
|
|
:reference_code, :title, :main_menu, :folder_path, :country_tag, :owner_unit,
|
|
:created_by_username, :created_by_name, :record_day, :record_month, :record_year,
|
|
:document_date, :confidentiality, :keywords, :description, :attachment_name, :attachment_path
|
|
)');
|
|
$stmt->bindValue(':created_by_username', $user['username'], PDO::PARAM_STR);
|
|
$stmt->bindValue(':created_by_name', $user['name'], PDO::PARAM_STR);
|
|
}
|
|
|
|
$stmt->bindValue(':reference_code', $referenceCode, PDO::PARAM_STR);
|
|
$stmt->bindValue(':title', $title, PDO::PARAM_STR);
|
|
$stmt->bindValue(':main_menu', $mainMenu, PDO::PARAM_STR);
|
|
$stmt->bindValue(':folder_path', $folderPath, PDO::PARAM_STR);
|
|
$stmt->bindValue(':country_tag', $countryTag, PDO::PARAM_STR);
|
|
$stmt->bindValue(':owner_unit', $ownerUnit, PDO::PARAM_STR);
|
|
$stmt->bindValue(':record_day', $recordDay, PDO::PARAM_INT);
|
|
$stmt->bindValue(':record_month', $recordMonth, PDO::PARAM_INT);
|
|
$stmt->bindValue(':record_year', $recordYear, PDO::PARAM_INT);
|
|
$stmt->bindValue(':document_date', $documentDate, PDO::PARAM_STR);
|
|
$stmt->bindValue(':confidentiality', $confidentiality, PDO::PARAM_STR);
|
|
$stmt->bindValue(':keywords', $keywords !== '' ? $keywords : null, $keywords !== '' ? PDO::PARAM_STR : PDO::PARAM_NULL);
|
|
$stmt->bindValue(':description', $description, PDO::PARAM_STR);
|
|
$stmt->bindValue(':attachment_name', $attachmentName, $attachmentName ? PDO::PARAM_STR : PDO::PARAM_NULL);
|
|
$stmt->bindValue(':attachment_path', $attachmentPath, $attachmentPath ? PDO::PARAM_STR : PDO::PARAM_NULL);
|
|
$stmt->execute();
|
|
|
|
$recordId = $id > 0 ? $id : (int) db()->lastInsertId();
|
|
flash('success', $id > 0 ? 'Perubahan arsip berhasil disimpan.' : 'Arsip baru berhasil ditambahkan ke database.');
|
|
header('Location: archive_detail.php?id=' . $recordId);
|