require_once 'config.php';

checkAuth();

if(!isGuard()) die('Unauthorized Access');

$error = '';

if($_SERVER['REQUEST_METHOD'] == 'POST') {

if (!validateCsrf($_POST['csrf_token'])) {

$error = 'Invalid CSRF token.';

} else {

$fullname = $_POST['fullname'];

$id_card = $_POST['id_card'];

$phone = $_POST['phone'];

$dept = $_POST['department'];

$obj = $_POST['objective'];

$image = '';

if(isset($_FILES['photo']) && $_FILES['photo']['error'] == 0) {

$allowed_ext = ['jpg', 'jpeg', 'png'];

$file_info = pathinfo($_FILES['photo']['name']);

$ext = strtolower($file_info['extension']);

$mime = mime_content_type($_FILES['photo']['tmp_name']);

if(in_array($ext, $allowed_ext) && strpos($mime, 'image/') === 0) {

if (!is_dir('uploads')) mkdir('uploads', 0755, true);

$image = 'uploads/' . uniqid() . '.' . $ext;

move_uploaded_file($_FILES['photo']['tmp_name'], $image);

} else {

$error = 'รูปแบบไฟล์ไม่ถูกต้อง (อนุญาตเฉพาะ JPG, PNG)';

}

}

if (!$error) {

$stmt = $pdo->prepare("INSERT INTO visitor_logs (fullname, id_card, phone, department, objective, image_path, recorded_by) VALUES (?,?,?,?,?,?,?)");

$stmt->execute([$fullname, $id_card, $phone, $dept, $obj, $image, $_SESSION['user_id']]);

header("Location: dashboard.php");

exit;

}

}

}

<!DOCTYPE html>

<html lang="th">

<head>

<meta charset="UTF-8">

<title>บันทึกการเข้า</title>

<script src="https://cdn.tailwindcss.com"></script>

</head>

<body class="bg-gray-50">

<div class="max-w-2xl mx-auto p-6 bg-white shadow-md mt-10 rounded">

<h2 class="text-2xl font-bold mb-4">แบบฟอร์มบันทึกการเข้า</h2>

<?php if($error): ?><div class="bg-red-100 text-red-700 p-2 mb-4 rounded"><?php echo htmlspecialchars($error); ?></div><?php endif; ?>

<form method="POST" enctype="multipart/form-data">

<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">

<div class="grid grid-cols-2 gap-4 mb-4">

<div>

<label class="block">เลขบัตรประชาชน</label>

<input type="text" name="id_card" required class="w-full border p-2 rounded">

</div>

<div>

<label class="block">ชื่อ-นามสกุล</label>

<input type="text" name="fullname" required class="w-full border p-2 rounded">

</div>

</div>

<div class="grid grid-cols-2 gap-4 mb-4">

<div>

<label class="block">เบอร์โทรศัพท์</label>

<input type="text" name="phone" class="w-full border p-2 rounded">

</div>

<div>

<label class="block">แผนกที่ติดต่อ</label>

<input type="text" name="department" class="w-full border p-2 rounded">

</div>

</div>

<div class="mb-4">

<label class="block">วัตถุประสงค์</label>

<textarea name="objective" class="w-full border p-2 rounded"></textarea>

</div>

<div class="mb-6">

<label class="block">อัปโหลดรูปผู้ติดต่อ</label>

<input type="file" name="photo" accept="image/*" class="w-full">

</div>

<div class="flex justify-between">

<a href="dashboard.php" class="bg-gray-400 text-white px-4 py-2 rounded">ยกเลิก</a>

<button type="submit" class="bg-blue-600 text-white px-6 py-2 rounded">บันทึกข้อมูลเข้า</button>

</div>

</form>

</div>

</body>

</html>