��JFIF��%%�� }!1AQa"q2��#B��R��$3br� %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz�� w!1AQaq"2�B�� #3R�br� $4�%�&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz��?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��O��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��/�?��ߵE_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ ?�z��goڢ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?��=[�Qg��o��Q@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y��[��TP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��|-��v��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ��;~��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��?�_��j�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��/�?��ߵE_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ ?�z��goڢ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?��=[�Qg��o��Q@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y��[��TP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��|-��v��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ��;~��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��?�_��j�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��/�?��ߵE_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ ?�z��goڢ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?��=[�Qg��o��Q@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y��[��TP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��ο�O�P��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��(��g��Y�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��V��Y|��Y��UP��@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P��,��,��u�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j��h�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� @��o�E��?�?��ο�U_�P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ _�z��g_ڪ�?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��?�/�=[�Qe��g��U@��P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��k�w��~��v�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��տ�_��:��T�~�@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@��/��?��j�?�5o�%��?�� g��U@��&O3��a�;�^=�wH��D��/��*� �fX�I��,��k?g_��?�5o�%��?�� g��U@�F��*��?�o�}��Τ~g��ʀ�#V��Y��~ο�T�j��K/� ��z��#;�~��A�;�� w�F��*��տ��_�@�o��5��EU��u�誠��W��[��O��?jW��@��տ��@�o��5��EM��v�訠�#V��Y��V��Zv��~��vw�~��c�Q@��,��~��kgo��?�5o�%��/�� o��Q@��o�%�>�ߤ��߳��S��?��o�%�~�ߠ�d�߳��S��g�P��j��K?� _��[� g�D��[�;�TP7��'Ѿ��=��;/�P��j��K?� _��[� g�D��[�;�TP��,��~��kgo��a��۔��B{��ea�`T�+ �n%Ц ��j��K?� _��[� g�D��[�;�TP��,��~��kgo��?��%�/�~��#��x��c�~�q�v�t`ȫ��_'h��'�]�;{s� Pp=N= 5��%��ڜs��=��J��A@��Kp�b��}��X��4g v+:�Բ�+60�ʩ,� @��I �uO��ToUv��bgUl�cP�T?�#V��Y��j��K?� _��!��X��]��TK�|4��`� ��#��P\y��aa >NgL��j��K?� _��[� g�D��[�;�TP��,��~��kgo��o�F��$��ہ�� vݞr6��S�q''*02��[� g�D��[�;�TP��,��~��kgo��?�5o�%��/�� o��Q@�F��*(��տ��@�o��5��EE��v�訠��~1�o��}G�L��5o�%��/�� o��Q@�F��*(��տ��@�o��5��EE5��%�˷��r�v��y�\~�͹��)(?0��=[� i��>��gc��N=��5o�%��/�� o��Q@�F��*(��W��Z�l��m#��X�wn_�j`0C6윅��5o�%��/�� o��Q@��տ��y9��gbO�G�5@�n�>��#V��Y��~ο�T��V��Y��9�gc��s�T.�?Z_��[� e�D��Y�:��UP��,��k?g_��_�=_� n�~~�rI��w�,"~ԓ�!72��)( u��#V��Y��~ο�T�j��K/� ��K��Kr_��}�De>~��Z=��pjX�n[p(�"� �a,Ub�/�×�<��;��<��K>��o��[�:��V��,��$��ϧ�*��5O��տ��_�@�o��5��EU5��o�%��?�ꜜm�_�;>Gbs�S��@��տ��_�@�o��5��EU ��տ��}�~��v?��-��o�l��~�ȥ�v��r��B1��@��տ��A�?��ggP��c�S�`@%�*��տ��_�@�o��5��EU��u�誠7�� O��!c�|0��ёv��4�+�X�Vx�RX3��8��K>��o��[�:��u#�x��#V��Y��~ο�T�j��K/� ��[� e�D��Y�:��UP��,��k?g_��O��[� g�D��[�:��T��=_� k��~��k��c�;��.8��c��z��Ͽ�/��zc�o��F?Z_��[� e�D��Y�:��UP��,��k?g_��C��,�v��v�o��H��(�z��w�/��v ��T.G��Ϡ��տ��_�@�o��5��EU��u�誠��W��[��'��%��o��:�Cڕ�R̀��j��?�o��[�;��g0q�?��o�%�>o�_��>�gf��~4��u�誠�z��7�/��o��_��[� e�D��Y�:��UP��,��k?g_��C��,�|��o��;�Ԟ��9�l�z��ؠ3|��O�X�~��;~԰�q��Z�F��*��տ��_�@�o��5��EU!��տ��}�~��-��G��I�T��u�誠�#V��Y��~ο�T�j��K/� ��#�=_� n|��KbB�gtdM��"�ڒA#n�63�6�m�P��,��/��gS�u��#�9��5o�%��?�� g��U@��o�%�o�_��u��'��?��o�� 3��?go��|m�ڇ��-S�O��x��>��^��7��x�]_�>�qke>��m��4��7P�Yހ��0byt3m1n1

0byt3m1n1

Path: /var/www/html/gaikaisaidoun.com/manage/ [ Home ]

File: action.php

<?php
session_start();
//ini_set('display_errors', 1);

$action = $_GET['action'];
require_once('../Tool/Connect.php');

// if(isset($_SESSION['user'])) {
// 	$userid = mysqli_real_escape_string($dbc, $_SESSION['user']['userid']);
// }elseif($action !== "Login" && $action !== 'Register'){
// 	header('location: Login/index.php');
// }
require_once('../Tool/function.php');
require_once('../Tool/class.upload.php');
header('Content-Type: text/html; charset=utf-8');
date_default_timezone_set("Asia/Bangkok");

switch($action){

	case 'test' : {

		ini_set('display_errors', 1);
		error_reporting(E_ALL);

		$arr_province = array();
		$arr_district = array();
		$q = mysqli_query($dbc, "SELECT * FROM Area");
		while ($rs = mysqli_fetch_assoc($q)) {
			if (empty($rs['District'])) goto District;
			if (isset($arr_province[$rs['Province']]) && in_array($rs['District'], $arr_province[$rs['Province']])) goto District;
			$arr_province[$rs['Province']][] = $rs['District'];

			District :
			if (empty($rs['Sub_district'])) continue;
			$arr_district[$rs['District']][] = $rs['Sub_district'];
		}

		echo "<h1>จังหวัด => อำเภอ</h1>";
		PRINTR($arr_province);
		echo "<hr><h1>อำเภอ => ตำบล</h1>";
		PRINTR($arr_district);

		break;
	}

	case 'pay_stat_change':

		$order_id = $_POST['stat_order_id'];
		$stat =  $_POST['stat'];

		$sql = mysqli_query($dbc , "UPDATE Orders SET pay_stat = '$stat' WHERE ID = '$order_id'");

		if($sql){
			$data['success'] = true;
		}else{
			$data['success'] = false;
		}
		echo json_encode($data);
		break;


	case 'withdraw':
		$number = mysqli_real_escape_string($dbc , $_POST['number']);
		$bank = $_POST['bank'];
		$bank_number = $_POST['bank_number'];
		$id = $_POST['id'];
		$query = mysqli_query($dbc ,"SELECT Cash FROM Users WHERE ID = '$id'");
		$re = mysqli_fetch_assoc($query);
		try {
			if($re['Cash'] >= $number){
						$SQL = mysqli_query($dbc , "INSERT INTO withdraw (`user_id`, `amount`, `bank`, `bank_number`) VALUES ('$id' , '$number' , '$bank' , '$bank_number')");
			}else{
						throw new Exception("ขออภัย จำนวนเงินของคุณไม่พอ");

			}

			$success['success'] = true ;
		} catch (Exception $e) {
			$success = array('success' => false, 'code' => $e->getMessage() );
			$success['success'] = false;
		}



		echo json_encode($success);
		break;

	case 'bankpost':

	$number = mysqli_real_escape_string($dbc , $_POST['number']);
	$bank = mysqli_real_escape_string($dbc , $_POST['bank']);
	$id = $_POST['id'];

	$update = mysqli_query($dbc , "UPDATE Users SET Bank = '$bank' , number_bank = '$number' WHERE ID = '$id'");

	if($update){
		$success['success'] = true ;
	}else{
		$success['success'] = false ;
	}

	echo json_encode($success);
	break;


	case 'order_delete':
	$id = mysqli_real_escape_string($dbc, $_POST['id']);
	$select = mysqli_fetch_assoc(mysqli_query($dbc , "SELECT * , u.Cash User_cash ,u.ID uid FROM Orders o
																				LEFT JOIN Users u ON o.User_ID = u.ID WHERE o.ID = '$id'"));
	if($select['pay_stat'] == 1){
		$cash = $select['User_cash'];
		$price = $select['price'];
		$uid = $select['uid'];
		$sum = $cash + $price;
	 	$update = mysqli_query($dbc , "UPDATE Users SET Cash = '$sum' WHERE ID = '$uid'");
	}


	$sql = mysqli_query($dbc , "DELETE FROM Orders WHERE ID = '$id'");
	$sql2 = mysqli_query($dbc , "DELETE FROM Order_Detail WHERE Order_ID = '$id'");
	if($sql && $sql2 ){
			$export = array('success' => true );
	}else{
			$export = array('success' => false );
	}

echo json_encode($export);
		break;

	case 'limitchange':
		$id = $_POST['id'];
	  $userid = $_POST['userid'];
		$sql = mysqli_query($dbc , "SELECT * FROM Limit_Cycle WHERE Cycle_ID = '$id' AND User_ID = '$userid'");
		$re = mysqli_fetch_assoc($sql);
		if(mysqli_num_rows($sql) >= 1){
			if($re['Status'] == 0){
				$status = "1";
			}else{
				$status = "0";
			}
			$update = mysqli_query($dbc , "UPDATE Limit_Cycle SET Status = '$status' WHERE Cycle_ID  = '$id' AND User_ID = '$userid'");
		}else{
			$insert = mysqli_query($dbc , "INSERT INTO  Limit_Cycle (`Cycle_ID`, `User_ID`, `User_Limit`, `Status`) VALUES ('$id' , '$userid' , '0' , 1)");
		}
		if($insert OR $update){
			$export = array('success' => true );
		}else{
			$export = array('success' => false );
		}

		echo json_encode($export);
	break;

	case 'limituser_change':
		$userid = $_POST['userid'];
		$limit = $_POST['limit'];
		$update = mysqli_query($dbc , "UPDATE Users SET User_Limit = '$limit' WHERE ID = '$userid'");
		if($update){
			$export = array('success' => true );
		}else{
			$export = array('success' => false );
		}
		echo json_encode($export);
	break;

	case 'limituser':
		$userid = $_POST['userid'];

		$sql =  mysqli_query($dbc , "SELECT Limit_status FROM Users WHERE ID = '$userid'");
		$re = mysqli_fetch_assoc($sql);
		if($re['Limit_status'] == 0){
				$update = mysqli_query($dbc , "UPDATE Users SET Limit_status = '1' WHERE ID = '$userid'");
		}else{
				$update = mysqli_query($dbc , "UPDATE Users SET Limit_status = '0' WHERE ID = '$userid'");
		}


		if($update){
			$export = array('success' => true );
		}else{
			$export = array('success' => false );
		}
		echo json_encode($export);

	break;

	case 'limitinput':
		$id = $_POST['id'];
		$userid = $_POST['userid'];
		$val = $_POST['val'];
		$update = mysqli_query($dbc , "UPDATE Limit_Cycle SET User_Limit = '$val' WHERE Cycle_ID = '$id' AND User_ID = '$userid'");

		if($update){
			$export = array('success' => true );
		}else{
			$export = array('success' => false );
		}
		echo json_encode($export);

		break;

	case 'EditRoute' : {

		$ID = mysqli_real_escape_string($dbc,$_POST["ID"]);
		$Cycle_ID = mysqli_real_escape_string($dbc,$_POST["Cycle_ID"]);
		$Area_Code = mysqli_real_escape_string($dbc,$_POST["Area_Code"]);
		$Route_Name = mysqli_real_escape_string($dbc,$_POST["Route_Name"]);

		$output = $errorlist = array();

		try{
			$sql = "UPDATE Routes SET
						Cycle_ID = '$Cycle_ID',
						Route_Name = '$Area_Code'
					WHERE
						ID = '$ID' ";
			$q = mysqli_query($dbc, $sql);
			if(!$q) {
				$errorlist[] = '$q FAILED: '.mysqli_error($dbc);
				throw new Exception('พบข้อบกพร่องในการดำเนินการ โปรดติดต่อฝ่าย Support');
			}

			$sql2 = "UPDATE Route_Area SET
						Area_Code = '$Area_Code'
					WHERE
						Route_ID = '$ID'";
			$q2 = mysqli_query($dbc, $sql2);
			if(!$q2) {
				$errorlist[] = '$q2 FAILED: '.mysqli_error($dbc);
				throw new Exception('พบข้อบกพร่องในการดำเนินการ โปรดติดต่อฝ่าย Support');
			}

			echo "<script>alert('แก้ไขเส้นทางการขายสำเร็จ'); location.replace('sell.php');</script>";
		}catch(Exception $e) {
			echo "<script>alert('{$e->getMessage()}');</script>";
			echo "พบข้อผิดพลาดดังนี้:<hr>";
			PRINTR($errorlist);
		}

		break;
	}

	case 'cycledelete':{
		$ID = $_POST['ID'];
		$q = mysqli_query($dbc, "DELETE FROM Sales_Cycle WHERE ID = '$ID' ");
		if($q){
				$export = array('success' => true );
		}
		echo json_encode($export);
	}
		break;

		case 'DeleteRoute':{
			$ID = $_POST['ID'];
			$q = mysqli_query($dbc, "DELETE FROM Routes WHERE ID = '$ID' ");
			if($q){
					$export = array('success' => true );
			}
			echo json_encode($export);
		}
			break;
	// ----------- EditAreaCodeCode ----------- //
	case 'EditAreaCodeCode' : {

		$ID = mysqli_real_escape_string($dbc, $_POST["ID"]);
		$Area_Code = mysqli_real_escape_string($dbc, $_POST["Area_Code"]);

		$q = mysqli_query($dbc, "UPDATE Area_Code SET Code = '$Area_Code' WHERE ID = '$ID' ");
		if($q) {
			$output = array('success' => true);
		}else {
			$output = array(
				'success' => false,
				'text' => "พบข้อบกพร่องในการดำเนินการ โปรดติดต่อฝ่าย Support",
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	// ----------- AddAreaCode ----------- //
	case 'AddAreaCode' : {

		$Area_Code = mysqli_real_escape_string($dbc, $_POST["Area_Code"]);

		$q = mysqli_query($dbc, "INSERT INTO Area_Code (Code) VALUES ('$Area_Code')");
		if($q) {
			$output = array('success' => true);
		}else {
			$output = array(
				'success' => false,
				'text' => "พบข้อบกพร่องในการดำเนินการ โปรดติดต่อฝ่าย Support",
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------ EditSalesCycle ------------ //
	case 'EditSalesCycle' : {

		$ID = mysqli_real_escape_string($dbc,$_POST["ID"]);
		$Product_ID = mysqli_real_escape_string($dbc,$_POST["Product_ID"]);
		$Cycle_Name = mysqli_real_escape_string($dbc,$_POST["Cycle_Name"]);
		$Amount = mysqli_real_escape_string($dbc,$_POST["Amount"]);
		$AmountSQL = !empty($Amount) ? "'$Amount'" : "NULL";
		$Date = mysqli_real_escape_string($dbc, $_POST["Date"]);
		$Status = isset($_POST["Status"]) ? 1 : 0;
		$sql = "UPDATE Sales_Cycle SET
					Product_ID = '$Product_ID',
					Cycle_Name = '$Cycle_Name',
					Amount = $AmountSQL,
					Date = '$Date',
					Status = '$Status'
				WHERE ID = '$ID' ";
		$q = mysqli_query($dbc, $sql);

		if($q) {
			echo "<script>alert('แก้ไขข้อมูลรอบขายสินค้าสำเร็จ'); location.replace('sell.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// ------------- EditArea --------------- //
	case 'EditArea' : {

		$Area_ID = mysqli_real_escape_string($dbc,$_POST["Area_ID"]);
		$Area_Code = mysqli_real_escape_string($dbc,$_POST["Area_Code"]);
		$Province = mysqli_real_escape_string($dbc,$_POST["Province"]);
		$District = mysqli_real_escape_string($dbc,$_POST["District"]);
		$Sub_district = mysqli_real_escape_string($dbc,$_POST["Sub_District"]);

		$output = $errorlist = array();

		try {
			$check = mysqli_query($dbc, "SELECT ID FROM Area WHERE Area_Code = '$Area_Code' AND Province = '$Province' AND District = '$District' AND ID != '$Area_ID' ");
			if(mysqli_num_rows($check) > 0) {
				$errorlist[] = 'duplicate data';
				throw new Exception('มีข้อมูลนี้มีอยู่ในระบบแล้ว ไม่สามารถแก้ไขข้อมูลทับซ้ำอีกได้');
			}

			$sql = "UPDATE Area SET Area_Code = '$Area_Code', Province = '$Province', District = '$District' , Sub_district = '$Sub_district'	WHERE ID = '$Area_ID' ";
			$q = mysqli_query($dbc, $sql);
			if(!$q) {
				$errorlist[] = '$q FAILED: '.mysqli_error($dbc);
				throw new Exception('ไม่สามารถแก้ไขข้อมูลพื้นที่ได้ โปรดลองอีกครั้ง หรือติดต่อฝ่าย Support');
			}
			$output = array('success' => true);
		} catch(Exception $e) {
			$output = array(
				'success' => false,
				'text' => $e->getMessage(),
				'log' => $errorlist
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------- AddArea --------------- //
	case 'AddArea' : {

		$Area_Code = mysqli_real_escape_string($dbc,$_POST["Area_Code"]);
		$Province = mysqli_real_escape_string($dbc,$_POST["Province"]);
		$District = mysqli_real_escape_string($dbc,$_POST["District"]);
		$Sub_District = mysqli_real_escape_string($dbc,$_POST["Sub_District"]);

		$output = $errorlist = array();

		try {
			$check = mysqli_query($dbc, "SELECT ID FROM Area WHERE Area_Code = '$Area_Code' AND Province = '$Province' AND District = '$District'  AND Sub_district = '$Sub_District'");
			if(mysqli_num_rows($check) > 0) {
				$errorlist[] = 'duplicate data';
				throw new Exception('มีข้อมูลนี้มีอยู่ในระบบแล้ว ไม่สามารถเพิ่มข้อมูลซ้ำอีกได้');
			}

			$sql = "INSERT INTO Area	(`Area_Code`, Province, District , Sub_district) VALUES ('$Area_Code', '$Province', '$District' , '$Sub_District')";
			$q = mysqli_query($dbc, $sql);
			if(!$q) {
				$errorlist[] = '$q FAILED: '.mysqli_error($dbc);
				throw new Exception('ไม่สามารถเพิ่มข้อมูลพื้นที่ได้ โปรดลองอีกครั้ง หรือติดต่อฝ่าย Support');
			}

			$output = array('success' => true);
		} catch(Exception $e) {
			$output = array(
				'success' => false,
				'text' => $e->getMessage(),
				'log' => $errorlist
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------- Register1 ---------------- //
	case 'Register_normal' :

		$Firstname = mysqli_real_escape_string($dbc,$_POST["Firstname"]);
		$Lastname = mysqli_real_escape_string($dbc,$_POST["Lastname"]);
		$Address = mysqli_real_escape_string($dbc,$_POST["Address"]);
		$Email = mysqli_real_escape_string($dbc,$_POST["Email"]);
		$Password = mysqli_real_escape_string($dbc,$_POST["Password"]);
		$Line = mysqli_real_escape_string($dbc,$_POST["line"]);
		$Phone = mysqli_real_escape_string($dbc,$_POST["Phone"]);
		$Nickname = mysqli_real_escape_string($dbc,$_POST["nickname"]);
		$Username = mysqli_real_escape_string($dbc,$_POST["Username"]);
		$num_card = mysqli_real_escape_string($dbc,$_POST["num_card"]);
		$Phone2 = mysqli_real_escape_string($dbc,$_POST["Phone2"]);


		$file_extension = pathinfo($_FILES["img_upload"]["name"], PATHINFO_EXTENSION);
		$file_name = rand() . '_' . date("Y-m-d") . '.' . $file_extension;
		$target = "../upload/" . $file_name;
		move_uploaded_file($_FILES["img_upload"]["tmp_name"], $target);

		$check = mysqli_query($dbc, "SELECT ID FROM Users WHERE Email = '$Email' ");
		if(mysqli_num_rows($check) > 0) {
			echo "<script>
						alert('อีเมลนี้มีผู้ใช้งานแล้ว โปรดใช้อีเมลอื่น');
						history.back();
						</script>";
		}else{
			$sql = "INSERT INTO Users
						(Username ,Firstname, Lastname, Nickname , Address, Email, Password, Line , Phone, Pic , num_card , type_person , company , num_tax , phone2)
					VALUES
						('$Username','$Firstname', '$Lastname', '$Nickname' ,'$Address', '$Email', '$Password', '$Line', '$Phone' , '$file_name', '$num_card','nm','NULL','NULL','$Phone2')";
			$q = mysqli_query($dbc, $sql);
			if($q) {
				echo "<script type='text/javascript'>";
				echo "alert('สมัครสมาชิกสำเร็จ');";
				echo "window.location = './Login/index.php'; ";
				echo "</script>";
			}else{
				echo  "<script>
							alert('สมัครสมาชิกไม่สำเร็จ กรุณาลองใหม่อีกครั้ง');
							</script>";
			}
		}

		break;


		// ------------- Register2 ---------------- //
		case 'Register_niti' :

			$Address = mysqli_real_escape_string($dbc,$_POST["Address"]);
			$Email = mysqli_real_escape_string($dbc,$_POST["Email"]);
			$Password = mysqli_real_escape_string($dbc,$_POST["Password"]);
			$Line = mysqli_real_escape_string($dbc,$_POST["line"]);
			$Phone = mysqli_real_escape_string($dbc,$_POST["Phone"]);
			$Username = mysqli_real_escape_string($dbc,$_POST["Username"]);
			$company = mysqli_real_escape_string($dbc,$_POST["company"]);
			$num_tax = mysqli_real_escape_string($dbc,$_POST["num_tax"]);
			$phone2 = mysqli_real_escape_string($dbc,$_POST["Phone2"]);



			$file_extension = pathinfo($_FILES["img_upload"]["name"], PATHINFO_EXTENSION);
			$file_name = rand() . '_' . date("Y-m-d") . '.' . $file_extension;
			$target = "../upload/" . $file_name;
			move_uploaded_file($_FILES["img_upload"]["tmp_name"], $target);

			$check = mysqli_query($dbc, "SELECT ID FROM Users WHERE Email = '$Email' ");
			if(mysqli_num_rows($check) > 0) {
				echo "<script>alert('อีเมลนี้มีผู้ใช้งานแล้ว โปรดใช้อีเมลอื่น'); history.back();</script>";
			}else{
				$sql = "INSERT INTO Users
							(Username ,Firstname, Lastname, Nickname , Address, Email, Password,Line, Phone, Pic , num_card , type_person,company,num_tax,phone2)
						VALUES
							('$Username','NULL', 'NULL', 'NULL' ,'$Address', '$Email', '$Password', '$Line', '$Phone' , '$file_name', 'NULL','niti','$company','$num_tax','$phone2')";
				$q = mysqli_query($dbc, $sql);
				if($q) {
					echo "<script>";
					echo "alert('สมัครสมาชิกสำเร็จ');";
					//echo "window.location = './Login/index.php'; ";
					echo "</script>";
				}else{
					"<script>
								alert('สมัครสมาชิกไม่สำเร็จ กรุณาลองใหม่อีกครั้ง');
								</script>";
				}
			}

			break;






	// ------------- AddRoute ---------------- //
	case 'AddRoute' : {

		$Cycle_ID = mysqli_real_escape_string($dbc, $_POST["Cycle_ID"]);
		$Area_Code = mysqli_real_escape_string($dbc, $_POST["Area_Code"]);
		$Route_Name = mysqli_real_escape_string($dbc, $_POST["Route_Name"]);

		$output = $errorlist = array();

		try{
			$sql = "INSERT INTO Routes
						(`Cycle_ID`, `Route_Name`)
					VALUES
						('$Cycle_ID', '$Area_Code')";
			$q = mysqli_query($dbc, $sql);
			if(!$q) {
				$errorlist[] = '$q FAILED: '.mysqli_error($dbc);
				throw new Exception('พบข้อบกพร่องในการดำเนินการ โปรดติดต่อฝ่าย Support');
			}

			$route_id = mysqli_insert_id($dbc);

			$sql2 = "INSERT INTO Route_Area
						(`Route_ID`, `Area_Code`)
					VALUES
						('$route_id', '$Area_Code')";
			$q2 = mysqli_query($dbc, $sql2);
			if(!$q2) {
				$errorlist[] = '$q2 FAILED: '.mysqli_error($dbc);
				throw new Exception('พบข้อบกพร่องในการดำเนินการ โปรดติดต่อฝ่าย Support');
			}

			echo "<script>alert('เพิ่มเส้นทางการขายสำเร็จ'); location.replace('sell.php');</script>";
		}catch(Exception $e) {
			echo "<script>alert('{$e->getMessage()}');</script>";
			echo "พบข้อผิดพลาดดังนี้:<hr>";
			PRINTR($errorlist);
		}

		break;
	}

	// ------------- DeleteUser ---------------- //
	case 'DeleteUser' : {

		$ID = mysqli_real_escape_string($dbc,$_POST["ID"]);

		$q = mysqli_query($dbc, "DELETE FROM Users WHERE ID = '$ID' ");
		if($q) {
			$output = array('success' => true);
		} else {
			$output = array(
				'success' => false,
				'text' => 'ไม่สามารถลบข้อมูลสมาชิกได้ โปรดติดต่อฝ่าย Support',
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------- EditUser ---------------- //
	case 'EditUser' : {

		$ID = mysqli_real_escape_string($dbc,$_POST["ID"]);
		$Email = mysqli_real_escape_string($dbc,$_POST["Email"]);
		$Password = mysqli_real_escape_string($dbc,$_POST["Password"]);
		$Firstname = mysqli_real_escape_string($dbc,$_POST["Firstname"]);
		$Lastname = mysqli_real_escape_string($dbc,$_POST["Lastname"]);
		// $Birthday = !empty($_POST["Birthday"]) ? "'".mysqli_real_escape_string($dbc,$_POST["Birthday"])."'" : "NULL";
		$Phone = mysqli_real_escape_string($dbc,$_POST["Phone"]);
		$Line = mysqli_real_escape_string($dbc,$_POST["Line"]);
		$Address = mysqli_real_escape_string($dbc,$_POST["Address"]);

		if(!empty($Password)) {
			$passSQL = "Password = '$Password',";
		}else{
			$passSQL = "";
		}
		$sql = "UPDATE Users SET
					Email = '$Email',
					$passSQL
					Firstname = '$Firstname',
					Lastname = '$Lastname',
					Phone = '$Phone',
					Line = '$Line',
					Address = '$Address'
				WHERE
					ID = '$ID' ";
		$q = mysqli_query($dbc, $sql);

		if($q) {
			$output = array('success' => true);
		} else {
			$output = array(
				'success' => false,
				'text' => 'ไม่สามารถแก้ไขข้อมูลสมาชิกได้ โปรดติดต่อฝ่าย Support',
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------- AddUser ---------------- //
	case 'AddUser' : {

		$Email = mysqli_real_escape_string($dbc,$_POST["Email"]);
		$Password = mysqli_real_escape_string($dbc,$_POST["Password"]);
		$Firstname = mysqli_real_escape_string($dbc,$_POST["Firstname"]);
		$Lastname = mysqli_real_escape_string($dbc,$_POST["Lastname"]);
		// $Birthday = !empty($_POST["Birthday"]) ? "'".mysqli_real_escape_string($dbc,$_POST["Birthday"])."'" : "NULL";
		$Phone = mysqli_real_escape_string($dbc,$_POST["Phone"]);
		$Line = mysqli_real_escape_string($dbc,$_POST["Line"]);
		$Address = mysqli_real_escape_string($dbc,$_POST["Address"]);


		$sql = "INSERT INTO Users
					(Email, Password, Firstname, Lastname, Phone, Line, Address)
				VALUES
					('$Email', '$Password', '$Firstname', '$Lastname', '$Phone', '$Line', '$Address')";
		$q = mysqli_query($dbc, $sql);

		if($q) {
			$output = array('success' => true);
		} else {
			$output = array(
				'success' => false,
				'text' => 'ไม่สามารถเพิ่มข้อมูลสมาชิกใหม่ได้ โปรดติดต่อฝ่าย Support',
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------- AddStockAmount ---------------- //
	case 'AddStockAmount' : {

		$id = mysqli_real_escape_string($dbc, $_POST["ID"]);
		$amount = mysqli_real_escape_string($dbc, $_POST["Amount"]);

		$sql = "UPDATE Product SET Amount = Amount + '$amount' WHERE ID = '$id' ";
		$q = mysqli_query($dbc, $sql);

		if($q) {
			$output = array('success' => true);
		}else{
			$output = array(
				'success' => false,
				'text' => 'ไม่สามารถเพิ่มจำนวนสินค้าได้ โปรดติดต่อฝ่าย Support',
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------- EnterReceivedAmount ---------------- //
	case 'EnterReceivedAmount' : {

		$id = mysqli_real_escape_string($dbc, $_POST["id"]);
		$amount = mysqli_real_escape_string($dbc, $_POST["amount"]);

		$sql = "UPDATE Order_Detail SET Received = '$amount' WHERE ID = '$id' ";
		$q = mysqli_query($dbc, $sql);

		if($q) {
			$output = array('success' => true);
		}else{
			$output = array(
				'success' => false,
				'text' => 'ไม่สามารถแก้ไขจำนวนสินค้าที่ส่งแล้วได้ โปรดติดต่อฝ่าย Support',
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------- ApproveOrder -------------- //
	case 'ApproveOrder' : {

		$order_id = mysqli_real_escape_string($dbc, $_POST["order_id"]);
		$status = mysqli_real_escape_string($dbc, $_POST["status"]);
		$ban_reason = !empty($_POST['ban_reason']) ? "'".mysqli_real_escape_string($dbc, $_POST['ban_reason'])."'" : "NULL";

		$q = mysqli_query($dbc, "UPDATE Orders SET   Note = $ban_reason , Status = '$status' WHERE ID = '$order_id' ");

		if($q) {
			if($status == 9){
				$sql = mysqli_query($dbc , "SELECT *  , od.Amount odAM ,  sc.Product_ID ProductID , sc.Amount sc_Amount , sc.ID Cycle_ID , p.Amount Product_Amount FROM Orders o
					 													LEFT JOIN Order_Detail od ON o.ID = od.Order_ID
																		LEFT JOIN Routes r  ON od.Route_ID = r.ID
																		LEFT JOIN Sales_Cycle sc ON r.Cycle_ID = sc.ID
																		LEFT JOIN Product p ON sc.Product_ID = p.ID
																		WHERE o.ID = '$order_id'");

				$re = mysqli_fetch_assoc($sql);
				$product_id = $re['ProductID'];
				$Product_Amount = $re['Product_Amount'];
				$scamount = $re['sc_Amount'];
				$Cycle_ID = $re['Cycle_ID'];
				$Detail_Am = $re['odAM'];

				$SC_Amount = $Detail_Am + $scamount;
				$Product_Amount = $Detail_Am + $Product_Amount;
				$sql_a = mysqli_query($dbc, "UPDATE Product SET Amount = '$Product_Amount' WHERE ID = '$product_id'");
				$sql_a2 = mysqli_query($dbc, "UPDATE Sales_Cycle SET Amount = '$SC_Amount' WHERE ID = '$Cycle_ID'");

				$output = array('success' => true , 'ban' => $ban_reason);
			}




			$output = array('success' => true, 'ban' => $ban_reason);
		}else{
			$output = array(
				'success' => false,
				'ban' => $ban_reason ,
				'text' => "ไม่สามารถดำเนินการได้เนื่องจากพบข้อบกพร่อง โปรดติดต่อฝ่าย Support",
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------- EditPassword -------------- //
	case 'EditPassword' : {

		$Old_Password = mysqli_real_escape_string($dbc, $_POST["Old_Password"]);
		$New_Password = mysqli_real_escape_string($dbc, $_POST["New_Password"]);

		$check = mysqli_query($dbc, "SELECT ID FROM Users WHERE Password = '$Old_Password' AND ID = '$userid'");
		if(mysqli_num_rows($check) > 0) {
			$q = mysqli_query($dbc, "UPDATE Users SET Password = '$New_Password' WHERE ID = '$userid' ");
			if($q) {
				echo "<script>alert('แก้ไขรหัสผ่านสำเร็จ'); location.replace('profile.php');</script>";
			}else{
				echo "FAILED: ".mysqli_error($dbc);
			}
		} else {
			echo "<script>alert('รหัสผ่านเดิมไม่ถูกต้อง โปรดลตรวจสอบอีกครั้ง'); location.replace('profile.php');</script>";
		}

		break;
	}

	// ------------- EditProfile -------------- //
	case 'EditProfile' : {

		$Firstname = mysqli_real_escape_string($dbc, $_POST["Firstname"]);
		$Lastname = mysqli_real_escape_string($dbc, $_POST["Lastname"]);
		$Phone = mysqli_real_escape_string($dbc, $_POST["Phone"]);
		$Phone2 = mysqli_real_escape_string($dbc, $_POST["Phone2"]);
		$num_card = mysqli_real_escape_string($dbc, $_POST["num_card"]);
		$Line = mysqli_real_escape_string($dbc, $_POST["Line"]);
		$Address = mysqli_real_escape_string($dbc, $_POST["Address"]);
		//
		// $file_extension = pathinfo($_FILES["img_upload"]["name"], PATHINFO_EXTENSION);
		// $file_name = rand() . '_' . date("Y-m-d") . '.' . $file_extension;
		// $target = "../upload/" . $file_name;
		// if(!move_uploaded_file($_FILES["img_upload"]["tmp_name"], $target)){ throw new Exception("ไม่สามารถอัพโหลดไฟล์ได้: ".$file_name); }

		$sql = "UPDATE Users SET Firstname = '$Firstname', Lastname = '$Lastname', Phone = '$Phone', Line = '$Line' , Address = '$Address' , num_card = '$num_card', phone2 = '$Phone2'  WHERE ID = '$userid' ";
		$q = mysqli_query($dbc, $sql);

		if($q) {
			echo "<script>alert('แก้ไขข้อมูลส่วนตัวสำเร็จ'); location.replace('profile.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}
case 'EditImg':
{
	$file_extension = pathinfo($_FILES["img_upload"]["name"], PATHINFO_EXTENSION);
	$file_name = rand() . '_' . date("Y-m-d") . '.' . $file_extension;
	$target = "../upload/" . $file_name;
	if(!move_uploaded_file($_FILES["img_upload"]["tmp_name"], $target)){ throw new Exception("ไม่สามารถอัพโหลดไฟล์ได้: ".$file_name); }
	$sql = "UPDATE Users SET Pic = '$file_name'  WHERE ID = '$userid' ";
	$q = mysqli_query($dbc, $sql);
	if($q){
			$export = array('success' => true );
	}
	echo json_encode($export);
	break;
}

	// ------------- SubmitOrder -------------- //
	case 'SubmitOrder' : {




		$Product_ID = $_POST["Product_ID"];
		$Cycle_ID = $_POST["Cycle_ID"];
		$userpost = $_POST["username_post"];
		$Route_ID = $_POST["Route_ID"];
		$owerid = $_POST["ownername"];
		$Amount = $_POST["Amount"];
		$correct = $_POST["correct"];

		$Customer_Name = mysqli_real_escape_string($dbc,$_POST["Customer_Name"]);
		$Phone = mysqli_real_escape_string($dbc,$_POST["Phone"]);
		$Line = mysqli_real_escape_string($dbc,$_POST["Line"]);
		$Note = mysqli_real_escape_string($dbc,$_POST["Note"]);
		$pay = mysqli_real_escape_string($dbc,$_POST["pay"]);
		$userid = mysqli_real_escape_string($dbc,$_POST["userid"]);
		$sumprice = mysqli_real_escape_string($dbc,$_POST["sumprice"]);
		$errorlist = array();
		mysqli_begin_transaction($dbc, MYSQLI_TRANS_START_READ_WRITE);


		foreach($Product_ID as $index2 => $product_id2){
				$Cycle_IDx = mysqli_real_escape_string($dbc, $_POST["Cycle_ID"][$index2]);
				$Amountxd = mysqli_real_escape_string($dbc, $_POST["Amount"][$index2]);
		}
					$select = mysqli_query($dbc , "SELECT Cash , User_Limit , Limit_status FROM Users WHERE ID = '$userid'");
					$result = mysqli_fetch_assoc($select);
					$chklimit = $result['Limit_status'];

					if($chklimit == "1"){
								$chksup = mysqli_query($dbc, "SELECT * FROM Orders WHERE User_ID = '$userid'");
								$resub = mysqli_num_rows($chksup);
								$chksup2 = mysqli_query($dbc, "SELECT * FROM `Limit_Cycle` WHERE User_ID = '$userid' AND Cycle_ID = '$Cycle_IDx'");
								$rechk2 = mysqli_fetch_assoc($chksup2);
								$chksup3 = mysqli_query($dbc, "SELECT sum(Amount) am FROM `Order_Detail` od LEFT JOIN Orders o ON od.Order_ID = o.ID WHERE o.User_ID = '$userid'");
								$sum = mysqli_fetch_assoc($chksup3);

								$suma = $result['User_Limit'] - $sum['am'];

								$chk3 = mysqli_query($dbc ,"SELECT sum(od.Amount) am FROM Orders o
										LEFT JOIN Order_Detail od on o.ID = od.Order_ID
										LEFT JOIN Routes r on od.Route_ID = r.ID
										LEFT JOIN Sales_Cycle sc on r.Cycle_ID = sc.ID
										WHERE o.User_ID = '$userid' AND sc.ID = '$Cycle_IDx' ");
							 $re3 = mysqli_fetch_assoc($chk3);

							 $suma2 = $rechk2['User_Limit'] - $re3['am'];
								if(mysqli_num_rows($chksup2) > 0){
										if($rechk2['Status'] == 1){
											if($Amountxd > $suma2){
												echo "<script>alert('ขีดจำกัดในการซื้อสินค้า ของคุณในรอบนี้หมดแล้ว'); location.replace('history.php');</script>";
												exit();
											}
										}
								}
							}


					if($pay == "wallet"){
						if($result['Cash'] < $sumprice){
							echo "<script>alert('จำนวนเงินคงเหลือของคุณไม่พอ'); location.replace('req_user.php');</script>";
							exit();
							}else{

									$sumcash = $result['Cash'] - $sumprice;
									$update_cash = mysqli_query($dbc , "UPDATE Users SET Cash = '$sumcash' WHERE ID = '$userid'");

									$sql = "INSERT INTO Orders	(`User_ID`,`Username`,`Ownername`, `Customer_Name`,`Phone`, `Line` ,`correct`, `Address` , `pay_stat` , `price`) VALUES
												('$userid', '$userpost' , '$owerid', '$Customer_Name', '$Phone', '$Line', '$correct', '$Note' , 1 ,'$sumprice')";
									$q = mysqli_query($dbc, $sql);
									if(!$q){
										$errorlist[] = '$q FAILED: '.mysqli_error($dbc);
										throw new Exception('ไม่สามารถทำรายการสั่งซื้อได้ โปรดติดต่อเจ้าหน้าที่');
									}



									$order_id = mysqli_insert_id($dbc);
									foreach($Product_ID as $index => $product_id){
										$Product_ID = mysqli_real_escape_string($dbc, $product_id);
										$Cycle_ID = mysqli_real_escape_string($dbc, $_POST["Cycle_ID"][$index]);
										$Route_ID = mysqli_real_escape_string($dbc, $_POST["Route_ID"][$index]);
										$Amount = mysqli_real_escape_string($dbc, $_POST["Amount"][$index]);
										$County = mysqli_real_escape_string($dbc,$_POST["Province_ID"][$index]);
										$District = mysqli_real_escape_string($dbc,$_POST["District_ID"][$index]);
										$SubDistrict = mysqli_real_escape_string($dbc,$_POST["SubDistrict_ID"][$index]);
										$Location  = $County.' '.$District.' '.$SubDistrict;
										$sql_detail = "INSERT INTO Order_Detail (`Order_ID`, `Route_ID`, Amount , `Location`) VALUES ('$order_id', '$Route_ID', '$Amount' , '$Location')";
										$q_detail = mysqli_query($dbc, $sql_detail);
										if(!$q_detail){
										$errorlist[] = '$q_detail FAILED: '.mysqli_error($dbc);
										throw new Exception('ไม่สามารถเพิ่มรายละเอียดการสั่งซื้อได้ โปรดติดต่อเจ้าหน้าที่');
										}
										if($q_detail){
											$qcal = mysqli_query($dbc, "SELECT * FROM Product WHERE ID = '$Product_ID'");
											$rq = mysqli_fetch_assoc($qcal);
											$qcal2 = mysqli_query($dbc, "SELECT * FROM SalesCycle WHERE ID = '$Cycle_ID'");
											$rq2 = mysqli_fetch_assoc($qcal2);

											$amount_stock = $rq['Amount'];
											$Amountcal = $amount_stock - $Amount;

											$qcalup = mysqli_query($dbc, "UPDATE Product SET Amount = '$Amountcal' WHERE ID = '$Product_ID'");
											if($rq2['Amount'] > 0){
												$qcalup2 = mysqli_query($dbc, "UPDATE SalesCycle SET Amount = '$Amountcal' WHERE ID = '$Cycle_ID'");
											}
										}
									}



						}
					}else{
						$sql = "INSERT INTO Orders	(`User_ID`,`Username`,`Ownername`, `Customer_Name`,`Phone`, `Line` ,`correct`, `Address` , `pay_stat` , `price`) VALUES
									('$userid', '$userpost' , '$owerid', '$Customer_Name', '$Phone', '$Line', '$correct', '$Note' , 0 ,'$sumprice')";
						$q = mysqli_query($dbc, $sql);
						if(!$q){
							$errorlist[] = '$q FAILED: '.mysqli_error($dbc);
							throw new Exception('ไม่สามารถทำรายการสั่งซื้อได้ โปรดติดต่อเจ้าหน้าที่');
						}

						$order_id = mysqli_insert_id($dbc);
						foreach($Product_ID as $index => $product_id){
							$Product_ID = mysqli_real_escape_string($dbc, $product_id);
							$Cycle_ID = mysqli_real_escape_string($dbc, $_POST["Cycle_ID"][$index]);
							$Route_ID = mysqli_real_escape_string($dbc, $_POST["Route_ID"][$index]);
							$Amount = mysqli_real_escape_string($dbc, $_POST["Amount"][$index]);
							$County = mysqli_real_escape_string($dbc,$_POST["Province_ID"][$index]);
							$District = mysqli_real_escape_string($dbc,$_POST["District_ID"][$index]);
							$SubDistrict = mysqli_real_escape_string($dbc,$_POST["SubDistrict_ID"][$index]);
							$Location  = $County.' '.$District.' '.$SubDistrict;
							$sql_detail = "INSERT INTO Order_Detail (`Order_ID`, `Route_ID`, Amount , `Location`) VALUES ('$order_id', '$Route_ID', '$Amount' , '$Location')";
							$q_detail = mysqli_query($dbc, $sql_detail);
							if(!$q_detail){
							$errorlist[] = '$q_detail FAILED: '.mysqli_error($dbc);
							throw new Exception('ไม่สามารถเพิ่มรายละเอียดการสั่งซื้อได้ โปรดติดต่อเจ้าหน้าที่');
							}
							if($q_detail){
								$qcal = mysqli_query($dbc, "SELECT * FROM Product WHERE ID = '$Product_ID'");
								$rq = mysqli_fetch_assoc($qcal);
								$qcal2 = mysqli_query($dbc, "SELECT * FROM SalesCycle WHERE ID = '$Cycle_ID'");
								$rq2 = mysqli_fetch_assoc($qcal2);

								$amount_stock = $rq['Amount'];
								$Amountcal = $amount_stock - $Amount;

								$qcalup = mysqli_query($dbc, "UPDATE Product SET Amount = '$Amountcal' WHERE ID = '$Product_ID'");
								if($rq2['Amount'] > 0){
									$qcalup2 = mysqli_query($dbc, "UPDATE SalesCycle SET Amount = '$Amountcal' WHERE ID = '$Cycle_ID'");
								}
							}
						}
					}
					if(mysqli_commit($dbc)) {
						echo "<script>alert('สำเร็จ! ทำรายการสั่งซื้อสินค้าเรียบร้อยแล้ว โปรดรอการยืนยันจากทางเจ้าหน้าที่'); location.replace('history.php');</script>";
					}else{
						echo "<script>alert('ขออภัย พบข้อบกพร่องในการดำเนินการ โปรดติดต่อเจ้าหน้าที่');</script>";
					}
		break;
	}

	// ------------- User_ID -------------- //
	case 'update_order' : {

		$Product_ID = $_POST["Product_ID"];
		$Cycle_ID = $_POST["Cycle_ID"];
		$userpost = $_POST["username_post"];
		$Route_ID = $_POST["Route_ID"];
		$owerid = $_POST["ownername"];
		$Amount = $_POST["Amount"];
		$correct = $_POST["correct"];
		$location = mysqli_real_escape_string($dbc ,$_POST["location"]);
		$Note = mysqli_real_escape_string($dbc , $_POST['Note']);
		$cyclex = mysqli_real_escape_string($dbc , $_GET['cycle']);
		$id_order = mysqli_real_escape_string($dbc , $_GET['idorder']);
		$detail = mysqli_real_escape_string($dbc, $_GET['detail']);
		$Customer_Name = mysqli_real_escape_string($dbc,$_POST["Customer_Name"]);
		$Phone = mysqli_real_escape_string($dbc,$_POST["Phone"]);
		$Line = mysqli_real_escape_string($dbc,$_POST["Line"]);
		$oidx = mysqli_real_escape_string($dbc,$_POST["oidx"]);
		$errorlist = array();
		mysqli_begin_transaction($dbc, MYSQLI_TRANS_START_READ_WRITE);



		try {
					$sql = "UPDATE Orders SET Customer_Name = '$Customer_Name' , Phone = '$Phone' , Line = '$Line' , correct = '$correct' , Address = '$Note' WHERE ID = '$id_order'";
					$sql_detail1 = "UPDATE Order_Detail SET Location = '$location' WHERE ID = '$detail'";
					$q2 = mysqli_query($dbc, $sql_detail1);
			$q = mysqli_query($dbc, $sql);
			if(!$q && !$q2){
				$errorlist[] = '$q FAILED: '.mysqli_error($dbc);
				throw new Exception('ไม่สามารถทำรายการแก้ไขได้ โปรดติดต่อเจ้าหน้าที่');
			}

			$order_id = mysqli_insert_id($dbc);
			foreach($Product_ID as $index => $product_id){
				$Product_ID = mysqli_real_escape_string($dbc, $product_id);
				$Cycle_ID = mysqli_real_escape_string($dbc, $_POST["Cycle_ID"][$index]);
				$Route_ID = mysqli_real_escape_string($dbc, $_POST["Route_ID"][$index]);
				$Amount = mysqli_real_escape_string($dbc, $_POST["Amount"][$index]);


				$qcal3 = mysqli_query($dbc, "SELECT Amount FROM Order_Detail WHERE ID = '$detail'");
				$rq23 = mysqli_fetch_assoc($qcal3);
				///////////////////////////

				$sql_detail = "UPDATE Order_Detail SET Route_ID = '$Route_ID' , Amount = '$Amount' WHERE ID = '$detail'";


				$q_detail = mysqli_query($dbc, $sql_detail);
				if(!$q_detail){
					$errorlist[] = '$q_detail FAILED: '.mysqli_error($dbc);
					throw new Exception('ไม่สามารถแก้ไขเพิ่มรายละเอียดการสั่งซื้อได้ โปรดติดต่อเจ้าหน้าที่');
				}
				///////////////////////////
				$qcal = mysqli_query($dbc, "SELECT * FROM Product WHERE ID = '$Product_ID'");
				$rq = mysqli_fetch_assoc($qcal);
				///////////////////////////
				$qcal2 = mysqli_query($dbc, "SELECT Amount FROM Sales_Cycle WHERE ID = '$cyclex'");
				$rq2x = mysqli_fetch_assoc($qcal2);
				///////////////////////////
			 	 $amount_stock = $rq['Amount'];




				$amount_cycle = $rq2x['Amount'];
				$amount_detail = $rq23['Amount'];
				$sum_cycle = $amount_detail - $Amount;
				$sql_cal = "UPDATE Product SET Amount = Amount + $sum_cycle  WHERE ID = '$Product_ID'";
				$qcalup = mysqli_query($dbc, $sql_cal);
				if($rq2x['Amount'] > 0){
					$qcalup2 = mysqli_query($dbc, "UPDATE Sales_Cycle SET Amount = Amount + $sum_cycle WHERE ID = '$cyclex'");
				}

			}


			if(mysqli_commit($dbc)) {
				echo "<script>alert('สำเร็จ! ทำรายการแก้ไขคำสั่งซื้อสินค้าเรียบร้อยแล้ว'); location.replace('history.php');</script>";
			}else{
				echo "<script>alert('ขออภัย พบข้อบกพร่องในการดำเนินการ โปรดติดต่อเจ้าหน้าที่');</script>";
			}

		}catch(Exception $e) {
			echo "<script>alert('{$e->getMessage()}');</script>";
			PRINTR($errorlist);
		}

		break;
	}


	// ------------- AddSalesCycle --------------- //
	case 'AddSalesCycle' : {

		$Product_ID = mysqli_real_escape_string($dbc, $_POST["Product_ID"]);
		$Name = mysqli_real_escape_string($dbc, $_POST["Cycle_Name"]);
		$Amount = mysqli_real_escape_string($dbc, $_POST["Amount"]);
		$AmountSQL = !empty($Amount) ? "'$Amount'" : "NULL";
		$Date = mysqli_real_escape_string($dbc, $_POST["Date"]);
		$Status = isset($_POST["Status"]) ? 1 : 0;

		$q = mysqli_query($dbc, "INSERT INTO Sales_Cycle (`Product_ID`, `Cycle_Name`, Amount, Date, Status) VALUES ('$Product_ID', '$Name', $AmountSQL, '$Date', '$Status')");

		if($q) {
			echo "<script>alert('เพิ่มข้อมูลสำเร็จ'); location.replace('stock.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}


	// ------------- ApproveUser --------------- //
	case 'req_moneyuser' : {

		$Name = mysqli_real_escape_string($dbc, $_POST['name']);
		$user = mysqli_real_escape_string($dbc, $_POST['user']);
		$bank = mysqli_real_escape_string($dbc, $_POST['bank']);
		$amount = mysqli_real_escape_string($dbc, $_POST['amount']);
		$time = mysqli_real_escape_string($dbc, $_POST['time']);



		$file_extension = pathinfo($_FILES["img"]["name"], PATHINFO_EXTENSION);
		$file_name = rand() . '_' . date("Y-m-d") . '.' . $file_extension;
		$target = "../upload/" . $file_name;
		move_uploaded_file($_FILES["img"]["tmp_name"], $target);

		$q = mysqli_query($dbc, "INSERT INTO req_money (`Amount`, `User`, `Name`, `Bank`, `Img`, `Time` ) VALUES ('$amount', '$user', '$Name', '$bank' , '$file_name', '$time')");

		if($q){
				echo "<script>alert('แจ้งชำระเงินสำเร็จ'); location.replace('req_user.php');</script>";
		}else{
				echo "<script>alert('แจ้งชำระเงินไม่สำเร็จ กรุณาติดต่อผู้พัฒนา'); location.replace('req_user.php');</script>";
		}
		break;
	}

	// ------------- ApproveUser --------------- //
	case 'ApproveUser' : {

		$id = mysqli_real_escape_string($dbc, $_POST['id']);
		$status = mysqli_real_escape_string($dbc, $_POST['status']);
		$ban_reason = !empty($_POST['ban_reason']) ? "'".mysqli_real_escape_string($dbc, $_POST['ban_reason'])."'" : "NULL";

		$q = mysqli_query($dbc, "UPDATE Users SET Status = '$status', ban_reason = $ban_reason WHERE ID = '$id' ");
		if($q) {
			$output = array('success' => true);
		}else{
			$output = array(
				'success' => false,
				'text' => "ไม่สามารถดำเนินการได้ โปรดลองอีกครั้ง หรือติดต่อฝ่าย Support",
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	case 'ApproveMoney' : {

		$id = mysqli_real_escape_string($dbc, $_POST['id']);
		$cash = mysqli_real_escape_string($dbc, $_POST['cash']);
		$status = mysqli_real_escape_string($dbc, $_POST['status']);
		$chk = mysqli_query($dbc , "SELECT * , u.ID uid FROM req_money rm LEFT JOIN Users u ON u.Username = User WHERE rm.ID = '$id'");
		$r = mysqli_fetch_assoc($chk);
		$uid = $r['uid'];
		$cashsum =  $cash + $r['Cash'];
		if($status == 1){
				$q = mysqli_query($dbc, "UPDATE req_money SET Status = '$status' WHERE ID = '$id' ");
				$q2 = mysqli_query($dbc, "UPDATE Users SET Cash = '$cashsum' WHERE ID = '$uid' ");
		} else {
				$q = mysqli_query($dbc, "DELETE FROM req_money WHERE ID = '$id' ");
		}


			$output = array('success' => true , 'uid' => $uid);

		echo json_encode($output);

		break;
	}


		case 'confirm_withdraw' : {

			$id = mysqli_real_escape_string($dbc, $_POST['id']);
			$cash = mysqli_real_escape_string($dbc, $_POST['cash']);
			$status = mysqli_real_escape_string($dbc, $_POST['status']);
			$sql = mysqli_query($dbc,"SELECT * FROM Users u LEFT JOIN withdraw wd ON u.ID = wd.user_id WHERE wd.id = '$id' ");
			$re = mysqli_fetch_assoc($sql);
			$uid = $re['ID'];
			$cashsum =   $re['Cash'] - $cash;
			if($status == 1){
					$q = mysqli_query($dbc, "UPDATE withdraw SET status = '1' WHERE id = '$id' ");
					$q2 = mysqli_query($dbc, "UPDATE Users SET Cash = '$cashsum' WHERE ID = '$uid' ");
			} else {
					$q = mysqli_query($dbc, "DELETE FROM withdraw WHERE id = '$id' ");
			}

			if($q) {
				$output = array('success' => true);
			}else{
				$output = array(
					'success' => false,
					'text' => $id,
					'log' => mysqli_error($dbc)
				);
			}

			echo json_encode($output);
			break;
		}

		case 'Approve_withdraw' : {

			$id = mysqli_real_escape_string($dbc, $_POST['id']);
			$status = mysqli_real_escape_string($dbc, $_POST['status']);

			$delete = mysqli_query($dbc , "DELETE FROM withdraw WHERE id = '$id'");

			if($delete) {
				$output = array('success' => true );
			}else{
				$output = array(
					'success' => false,
					'text' => "ไม่สามารถดำเนินการได้ โปรดลองอีกครั้ง หรือติดต่อฝ่าย Support",
					'log' => mysqli_error($dbc)
				);
			}

			echo json_encode($output);

			break;
		}

	// ------------- ToggleCycleStatus --------------- //
	case 'ToggleCycleStatus' : {

		$ID = mysqli_real_escape_string($dbc, $_POST['ID']);
		$Status = mysqli_real_escape_string($dbc, $_POST['Status']);

		$q = mysqli_query($dbc, "UPDATE Sales_Cycle SET Status = '$Status' WHERE ID = '$ID' ");
		if($q) {
			$output = array('success' => true);
		}else{
			$output = array(
				'success' => false,
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	//-----------  RemoveAreaCode ---------//
	case 'DeleteArea':{
		$ID = $_POST['ID'];
		$q = mysqli_query($dbc, "DELETE FROM Area WHERE ID = '$ID' ");
		if($q){
				$export = array('success' => true );
		}
		echo json_encode($export);
		break;
	}

 	//-----------  RemoveAreaCode ---------//
	case 'DeleteAreaCode':{
		$ID = $_POST['ID'];
		$q = mysqli_query($dbc, "DELETE FROM Area_Code WHERE ID = '$ID' ");
		if($q){
				$export = array('success' => true );
		}
		echo json_encode($export);
		break;
	}
  // ---------- RemoveUser ------------ //
  case 'RemoveUser' : {

	$userid = mysqli_real_escape_string($dbc, $_POST['userid']);
	$q = mysqli_query($dbc, "DELETE FROM Users WHERE ID = '$userid' AND Position = 'Customer' ");
	if($q) {
		$output = array('success' => true);
	}else{
		$output = array(
			'success' => false,
			'text' => 'ไม่สามารถดำเนินการลบข้อมูลคนขับรถได้ โปรดติดต่อฝ่าย Support',
			'log' => mysqli_error($dbc)
		);
	}

	echo json_encode($output);

	break;
  }

  // ----------- Logout ------------- //
	case 'Logout' : {

		session_destroy();
		header('location: ../');

		break;
	}

	// --------------- AddProductType ----------------- //
	case 'AddProductType' : {

		$Product_Type = mysqli_real_escape_string($dbc,$_POST["Product_Type"]);
		$TH_Name = mysqli_real_escape_string($dbc,$_POST["TH_Name"]);
		$EN_Name = mysqli_real_escape_string($dbc,$_POST["EN_Name"]);
		$TH_Title_Collapse_1 = mysqli_real_escape_string($dbc,$_POST["TH_Title_Collapse_1"]);
		$EN_Title_Collapse_1 = mysqli_real_escape_string($dbc,$_POST["EN_Title_Collapse_1"]);
		$TH_Collapse_1 = mysqli_real_escape_string($dbc,$_POST["TH_Collapse_1"]);
		$EN_Collapse_1 = mysqli_real_escape_string($dbc,$_POST["EN_Collapse_1"]);
		$TH_Title_Collapse_2 = mysqli_real_escape_string($dbc,$_POST["TH_Title_Collapse_2"]);
		$EN_Title_Collapse_2 = mysqli_real_escape_string($dbc,$_POST["EN_Title_Collapse_2"]);
		$TH_Collapse_2 = mysqli_real_escape_string($dbc,$_POST["TH_Collapse_2"]);
		$EN_Collapse_2 = mysqli_real_escape_string($dbc,$_POST["EN_Collapse_2"]);
		$TH_Title_Collapse_3 = mysqli_real_escape_string($dbc,$_POST["TH_Title_Collapse_3"]);
		$EN_Title_Collapse_3 = mysqli_real_escape_string($dbc,$_POST["EN_Title_Collapse_3"]);
		$TH_Collapse_3 = mysqli_real_escape_string($dbc,$_POST["TH_Collapse_3"]);
		$EN_Collapse_3 = mysqli_real_escape_string($dbc,$_POST["EN_Collapse_3"]);

		$q = mysqli_query($dbc, "INSERT INTO Product_Type VALUES (NULL, '$TH_Name', '$EN_Name', '$TH_Title_Collapse_1', '$TH_Title_Collapse_2', '$TH_Title_Collapse_3', '$EN_Title_Collapse_1', '$EN_Title_Collapse_2', '$EN_Title_Collapse_3', '$TH_Collapse_1', '$TH_Collapse_2', '$TH_Collapse_3', '$EN_Collapse_1', '$EN_Collapse_2', '$EN_Collapse_3') ");

		if($q) {
			echo "<script>alert('เพิ่มข้อมูลสำเร็จ'); location.replace('product_type.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// ----------------- EditIndex ------------------- //
	case 'EditIndex' : {

		$Link = $_POST["Link"];
		$Pic = $_FILES["Pic"];

		$errorlist = array();

		$files = array();
		foreach ($Pic as $k => $l) {
			foreach ($l as $i => $v) {
				if (!array_key_exists($i, $files)) $files[$i] = array();
				$files[$i][$k] = $v;
			}
		}

		foreach ($files as $i => $file) {
			$link = mysqli_real_escape_string($dbc, $Link[$i]);
			if(!empty($file['size'])){
				$handle = new upload($file);
				if ($handle->uploaded) {
					$handle->file_new_name_body = uniqid(true);
					$handle->image_convert = 'png';
					$handle->process('../upload');
					if ($handle->processed) {
						$imgname = $handle->file_dst_name;
						$q = mysqli_query($dbc, "UPDATE Misc SET Pic = '$imgname', Detail = '$link' WHERE Name = 'Index_$i' ");
						if(!$q){
							$errorlist[] = "UPDATE Misc Pic_$i ERROR: ".mysqli_error($dbc);
							break;
						}
						$handle->clean();
					} else {
						echo 'error : ' . $handle->error;
						break;
					}
				}
			}else{
				$q = mysqli_query($dbc, "UPDATE Misc SET Detail = '$link' WHERE Name = 'Index_$i' ");
				if(!$q){
					$errorlist[] = "UPDATE Misc Pic_$i ERROR: ".mysqli_error($dbc);
					break;
				}
			}
		}

		if(count($errorlist) == 0) {
			echo "<script>alert('แก้ไขข้อมูลสำเร็จ'); location.replace('edit_index.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// --------------- DeleteProduct ----------------- //
	case 'DeleteProduct' : {

		$ID = mysqli_real_escape_string($dbc, $_POST["ID"]);

		$check = mysqli_fetch_assoc(mysqli_query($dbc, "SELECT Pic FROM Product WHERE ID = '$ID' "));

		$q = mysqli_query($dbc, "DELETE FROM Product WHERE ID = '$ID' ");

		if($q) {
			$output = array('success' => true);
			if(!empty($check['Pic'])) {
				unlink('../upload/'.$check['Pic']);
			}
		}else{
			$output = array(
				'success' => false,
				'text' => 'เกิดปัญหาในการลบข้อมูลสินค้า โปรดติดต่อฝ่าย Support',
				'log' => mysqli_error($dbc)
			);
		}

		echo json_encode($output);

		break;
	}

	// --------------- DeleteProductType ----------------- //
	case 'DeleteProductType' : {

		$ID = mysqli_real_escape_string($dbc,$_GET["ID"]);

		$q = mysqli_query($dbc, "DELETE FROM Product_Type WHERE ID = '$ID' ");

		if($q) {
			echo "<script>alert('ลบข้อมูลสำเร็จ'); location.replace('product_type.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// --------------- EditProductType ----------------- //
	case 'EditProductType' : {

		$ID = mysqli_real_escape_string($dbc,$_GET["ID"]);
		$TH_Name = mysqli_real_escape_string($dbc,$_POST["TH_Name"]);
		$EN_Name = mysqli_real_escape_string($dbc,$_POST["EN_Name"]);
		$TH_Title_Collapse_1 = mysqli_real_escape_string($dbc,$_POST["TH_Title_Collapse_1"]);
		$EN_Title_Collapse_1 = mysqli_real_escape_string($dbc,$_POST["EN_Title_Collapse_1"]);
		$TH_Collapse_1 = mysqli_real_escape_string($dbc,$_POST["TH_Collapse_1"]);
		$EN_Collapse_1 = mysqli_real_escape_string($dbc,$_POST["EN_Collapse_1"]);
		$TH_Title_Collapse_2 = mysqli_real_escape_string($dbc,$_POST["TH_Title_Collapse_2"]);
		$EN_Title_Collapse_2 = mysqli_real_escape_string($dbc,$_POST["EN_Title_Collapse_2"]);
		$TH_Collapse_2 = mysqli_real_escape_string($dbc,$_POST["TH_Collapse_2"]);
		$EN_Collapse_2 = mysqli_real_escape_string($dbc,$_POST["EN_Collapse_2"]);
		$TH_Title_Collapse_3 = mysqli_real_escape_string($dbc,$_POST["TH_Title_Collapse_3"]);
		$EN_Title_Collapse_3 = mysqli_real_escape_string($dbc,$_POST["EN_Title_Collapse_3"]);
		$TH_Collapse_3 = mysqli_real_escape_string($dbc,$_POST["TH_Collapse_3"]);
		$EN_Collapse_3 = mysqli_real_escape_string($dbc,$_POST["EN_Collapse_3"]);

		$q = mysqli_query($dbc, "UPDATE Product_Type SET TH_Name = '$TH_Name', EN_Name = '$EN_Name', TH_Title_Collapse_1 = '$TH_Title_Collapse_1', TH_Title_Collapse_2 = '$TH_Title_Collapse_2', TH_Title_Collapse_3 = '$TH_Title_Collapse_3', EN_Title_Collapse_1 = '$EN_Title_Collapse_1', EN_Title_Collapse_2 = '$EN_Title_Collapse_2', EN_Title_Collapse_3 = '$EN_Title_Collapse_3', TH_Collapse_1 = '$TH_Collapse_1', TH_Collapse_2 = '$TH_Collapse_2', TH_Collapse_3 = '$TH_Collapse_3', EN_Collapse_1 = '$EN_Collapse_1', EN_Collapse_2 = '$EN_Collapse_2', EN_Collapse_3 = '$EN_Collapse_3' WHERE ID = '$ID' ");

		if($q) {
			echo "<script>alert('แก้ไขข้อมูลสำเร็จ'); location.replace('product_type.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// --------------- AddReview ----------------- //
	case 'AddReview' : {

		$Name = mysqli_real_escape_string($dbc,$_POST["Name"]);
		$Title = mysqli_real_escape_string($dbc,$_POST["Title"]);
		$Review = mysqli_real_escape_string($dbc,$_POST["Review"]);

		$errorlist = array();

		if(isset($_FILES['Pic']) && $_FILES['Pic']['size'] !== 0){
			$handle = new upload($_FILES['Pic']);
			if ($handle->uploaded) {
				$handle->file_new_name_body = uniqid(rand());
				$handle->image_convert = 'png';
				$handle->process('../upload/review/');
				if ($handle->processed) {
					$imgname = " '".$handle->file_dst_name."' ";
					$handle->clean();
				} else {
					$errorlist[] = $handle->error;
				}
			}
		}else{
			$imgname = " NULL ";
		}

		if(count($errorlist) == 0) {
			$sql = "INSERT INTO Review (`Name`, `Title`, `Review`, `Pic`) VALUES ('$Name', '$Title', '$Review', $imgname) ";
			$q = mysqli_query($dbc, $sql);
			if(!$q){
				$errorlist[] = '$q failed: '.mysqli_error($dbc);
				$errorlist[] = '$q = '.$sql;
			}
		}

		if(count($errorlist) == 0) {
			$output = array('success' => true);
		}else{
			$output = array(
				'success' => false,
				'text' => 'พบปัญหาในการเพิ่มข้อมูล โปรดติดต่อฝ่าย Support',
				'log' => $errorlist
			);
		}

		echo json_encode($output);

		break;
	}

	// --------------- EditReview ----------------- //
	case 'EditReview' : {

		$ID = mysqli_real_escape_string($dbc,$_GET["ID"]);
		$Name = mysqli_real_escape_string($dbc,$_POST["Name"]);
		$Review = mysqli_real_escape_string($dbc,$_POST["Review"]);

		$oldpic = mysqli_fetch_assoc(mysqli_query($dbc, "SELECT Pic FROM Review WHERE ID = '$ID' "));

		if(!empty($_FILES['Pic']['size'])) {
			$handle = new upload($_FILES['Pic']);
			if ($handle->uploaded) {
				$handle->file_new_name_body = uniqid(true);
				$handle->image_convert = 'png';
				$handle->process('../upload');
				if ($handle->processed) {
					$imgname = ", Pic = '".$handle->file_dst_name."' ";
					$handle->clean();
				} else {
					echo 'error : ' . $handle->error;
				}
			}
		}else{
			$imgname = "";
		}

		$q = mysqli_query($dbc, "UPDATE Review SET Name = '$Name', Review = '$Review' $imgname WHERE ID = '$ID' ");

		if($q) {
			unlink('../upload/'.$oldpic['Pic']);
			echo "<script>alert('แก้ไขข้อมูลสำเร็จ'); location.replace('index.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// --------------- DeleteReview ----------------- //
	case 'DeleteReview' : {

		$ID = mysqli_real_escape_string($dbc, $_GET["ID"]);

		$oldpic = mysqli_fetch_assoc(mysqli_query($dbc, "SELECT Pic FROM Review WHERE ID = '$ID' "));
		unlink('../upload/review/'.$oldpic['Pic']);

		$q = mysqli_query($dbc, "DELETE FROM Review WHERE ID = '$ID' ");

		if($q) {
			echo "<script>alert('ลบข้อมูลสำเร็จ'); location.replace('index.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// --------------- AddProductCat ----------------- //
	case 'AddProductCat' : {

		$Product_Type = mysqli_real_escape_string($dbc,$_POST["Product_Type"]);
		$TH_Name = mysqli_real_escape_string($dbc,$_POST["TH_Name"]);
		$EN_Name = mysqli_real_escape_string($dbc,$_POST["EN_Name"]);
		$TH_Info = mysqli_real_escape_string($dbc,$_POST["TH_Info"]);
		$EN_Info = mysqli_real_escape_string($dbc,$_POST["EN_Info"]);
		$Tags = mysqli_real_escape_string($dbc,$_POST["Tags"]);

		$q = mysqli_query($dbc, "INSERT INTO Product_Cat VALUES (NULL, '$Product_Type', '$TH_Name', '$EN_Name', '$TH_Info', '$EN_Info', '$Tags') ");

		if($q) {
			echo "<script>alert('เพิ่มข้อมูลสำเร็จ'); location.replace('product_cat.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// --------------- EditProductCat ----------------- //
	case 'EditProductCat' : {

		$ID = mysqli_real_escape_string($dbc,$_GET["ID"]);
		$Product_Type = mysqli_real_escape_string($dbc,$_POST["Product_Type"]);
		$TH_Name = mysqli_real_escape_string($dbc,$_POST["TH_Name"]);
		$EN_Name = mysqli_real_escape_string($dbc,$_POST["EN_Name"]);
		$TH_Info = mysqli_real_escape_string($dbc,$_POST["TH_Info"]);
		$EN_Info = mysqli_real_escape_string($dbc,$_POST["EN_Info"]);
		$Tags = mysqli_real_escape_string($dbc,$_POST["Tags"]);

		$q = mysqli_query($dbc, "UPDATE Product_Cat SET  Product_Type = '$Product_Type', TH_Name = '$TH_Name', EN_Name = '$EN_Name', TH_Info = '$TH_Info', EN_Info = '$EN_Info', Tags = '$Tags' WHERE ID = '$ID' ");

		if($q) {
			echo "<script>alert('แก้ไขข้อมูลสำเร็จ'); location.replace('edit_product_cat.php?id=$ID');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// --------------- DeleteProductCat ----------------- //
	case 'DeleteProductCat' : {

		$ID = mysqli_real_escape_string($dbc,$_GET["ID"]);

		$q = mysqli_query($dbc, "DELETE FROM Product_Cat WHERE ID = '$ID' ");

		if($q) {
			echo "<script>alert('ลบข้อมูลสำเร็จ'); location.replace('product_cat.php');</script>";
		}else{
			echo "FAILED: ".mysqli_error($dbc);
		}

		break;
	}

	// --------------------- AddProduct ---------------------- //
	case 'AddProduct' : {

		$Product = mysqli_real_escape_string($dbc, $_POST["Product"]);
		$Amount = mysqli_real_escape_string($dbc, $_POST["Amount"]);
		$Details_Amount = mysqli_real_escape_string($dbc, $_POST["Details_Amount"]);
		$Price = mysqli_real_escape_string($dbc, $_POST["Price"]);
		$Pic = $_FILES['Pic']['size'] > 0 ? $_FILES['Pic'] : NULL;

		$errorlist = array();

		mysqli_begin_transaction($dbc, MYSQLI_TRANS_START_READ_WRITE);

		try{
			if(!empty($Pic)){
				$handle = new upload($Pic);
				if ($handle->uploaded) {
					$handle->file_new_name_body = uniqid(rand());
					$handle->image_convert = 'png';
					$handle->process('../upload/');
					if ($handle->processed) {
						$imgname = $handle->file_dst_name;
						$handle->clean();
					} else {
						$errorlist[] = '!$handle->processed : '.$handle->error;
						throw new Exception('ไม่สามารถอัพโหลดไฟล์รูปภาพได้ โปรดลองอีกครั้ง');
					}
				}else{
					$errorlist[] = '!$handle->uploaded : '.$handle->error;
					throw new Exception('ไม่สามารถอัพโหลดไฟล์รูปภาพได้ โปรดลองอีกครั้ง');
				}
			}else{
				$imgname = NULL;
			}

			$imgname = empty($imgname) ? "NULL" : "'$imgname'";
			$q = mysqli_query($dbc, "INSERT INTO Product (Pic, Product, Amount , Price , Details_Amount) VALUES ($imgname, '$Product', '$Amount' , '$Price' , '$Details_Amount') ");
			if(!$q){
				$errorlist[] = '$q FAILED: '.mysqli_error($dbc);
				throw new Exception('ไม่สามารถเพิ่มข้อมูลสินค้าใหม่ได้ โปรดติดต่อฝ่าย Support');
			}

			if(count($errorlist) == 0){
				mysqli_commit($dbc);
				$output['success'] = true;
			}else{
				mysqli_rollback($dbc);
			}
		}catch(Exception $e) {
			$outpu = array(
				'success' => false,
				'text' => $e->getMessage(),
				'log' => $errorlist
			);
		}

		echo json_encode($output);

		break;
	}

	// ---------------- EditProduct ------------------ //
	case 'EditProduct' : {

		$ID = mysqli_real_escape_string($dbc, $_POST["ID"]);
		$Product = mysqli_real_escape_string($dbc, $_POST["Product"]);
		$Amount = mysqli_real_escape_string($dbc, $_POST["Amount"]);
		$Price = mysqli_real_escape_string($dbc, $_POST["Price"]);
		$Details_Amount = mysqli_real_escape_string($dbc, $_POST["Details_Amount"]);
		$Date = mysqli_real_escape_string($dbc, $_POST["Date"]);
		$Pic = $_FILES['Pic']['size'] > 0 ? $_FILES['Pic'] : NULL;

		$errorlist = array();

		mysqli_begin_transaction($dbc, MYSQLI_TRANS_START_READ_WRITE);

		try{
			if(!empty($Pic)){
				$check = mysqli_fetch_assoc(mysqli_query($dbc, "SELECT Pic FROM Product WHERE ID = '$ID' "));
				$handle = new upload($Pic);
				if ($handle->uploaded) {
					$handle->file_new_name_body = uniqid(rand());
					$handle->image_convert = 'png';
					$handle->process('../upload/');
					if ($handle->processed) {
						$imgname = $handle->file_dst_name;
						$handle->clean();
					} else {
						$errorlist[] = '!$handle->processed : '.$handle->error;
						throw new Exception('ไม่สามารถอัพโหลดไฟล์รูปภาพได้ โปรดลองอีกครั้ง');
					}
				}else{
					$errorlist[] = '!$handle->uploaded : '.$handle->error;
					throw new Exception('ไม่สามารถอัพโหลดไฟล์รูปภาพได้ โปรดลองอีกครั้ง');
				}
			}else{
				$imgname = NULL;
			}

			$imgsql = empty($imgname) ? "" : ", Pic = '$imgname' ";
			$q = mysqli_query($dbc, "UPDATE Product SET Product = '$Product', Amount = '$Amount' , Price = '$Price' , Details_Amount = '$Details_Amount' , Edit_write = '$Date' $imgsql WHERE ID = '$ID' ");
			if(!$q){
				$errorlist[] = '$q FAILED: '.mysqli_error($dbc);
				throw new Exception('ไม่สามารถเพิ่มข้อมูลสินค้าใหม่ได้ โปรดติดต่อฝ่าย Support');
			}

			if($q){
				$output = array('success' => true );
				mysqli_commit($dbc);
			}
			// if(count($errorlist) == 0){
			// 	mysqli_commit($dbc);
			// 	$output['success'] = true;
			// 	unlink('../upload/'.$check['Pic']);
			// }else{
			// 	mysqli_rollback($dbc);
			// }
		}catch(Exception $e) {
			$outpu = array(
				'success' => false,
				'text' => $e->getMessage(),
				'log' => $errorlist
			);
		}

		echo json_encode($output);

		break;
	}

	// ------------ AddSlide --------------- //
	case 'AddSlide' : {

		$Pic = mysqli_real_escape_string($dbc,$_POST["Pic"]);
		$TH_Name = mysqli_real_escape_string($dbc,$_POST["TH_Name"]);
		$TH_Info = mysqli_real_escape_string($dbc,$_POST["TH_Info"]);
		$EN_Name = mysqli_real_escape_string($dbc,$_POST["EN_Name"]);
		$EN_Info = mysqli_real_escape_string($dbc,$_POST["EN_Info"]);

		$errorlist = array();

		$handle = new upload($_FILES['Pic']);
		if ($handle->uploaded) {
			$handle->file_new_name_body = uniqid(true);
			$handle->image_convert = 'png';
			$handle->process('../upload');
			if ($handle->processed) {
				$imgname = $handle->file_dst_name;
				$q = mysqli_query($dbc, "INSERT INTO Slide VALUES (NULL, '$imgname', '$TH_Name', '$TH_Info', '$EN_Name', '$EN_Info', '0') ");
				if(!$q){
					$errorlist[] = 'INSERT Slide ERROR: '.mysqli_error($dbc);
					break;
				}
				$handle->clean();
			} else {
				echo 'error : ' . $handle->error;
			}
		}else{

		}

		if(count($errorlist) == 0){
			echo "<script>alert('เพิ่มข้อมูลสำเร็จ'); location.replace('edit_slide.php');</script>";
		}else{
			echo "FAILED: ";
			PRINTR($errorlist);
		}

		break;
	}

	case 'user_info_modal' :
			$ID = $_POST['rowID'];
			$query = mysqli_query($dbc, "SELECT * FROM Users WHERE ID = '$ID'");
			$result = mysqli_fetch_assoc($query);
			if($result['Pic'] == "")
			{
				$result_img = "https://dummyimage.com/150x150/000/fff";
			} else
			{
				$result_img = "../upload/" . $result['Pic'];
			}
			$data_update = array(
						'User' => $result['Username'],
						'Pass' => $result['Password'],
						'firstname' => $result['Firstname'],
						'lastname' => $result['Lastname'],
						'Email' => $result['Email'],
						'Phone' => $result['Phone'],
						'Line' => $result['Line'],
						'Pic' => $result_img,
						'Nickname' => $result['Nickname'],
						'Address' => $result['Address']
					);
			echo json_encode($data_update);
		break;


	// ------------ EditSlide --------------- //
	case 'EditSlide' : {

		$ID = mysqli_real_escape_string($dbc,$_GET["ID"]);
		$TH_Name = mysqli_real_escape_string($dbc,$_POST["TH_Name"]);
		$TH_Info = mysqli_real_escape_string($dbc,$_POST["TH_Info"]);
		$EN_Name = mysqli_real_escape_string($dbc,$_POST["EN_Name"]);
		$EN_Info = mysqli_real_escape_string($dbc,$_POST["EN_Info"]);

		$errorlist = array();

		if($_FILES['Pic']['size'] > 0){
			$oldpic = mysqli_fetch_assoc(mysqli_query($dbc, "SELECT Pic FROM Slide WHERE ID = '$ID' "));
			$handle = new upload($_FILES['Pic']);
			if ($handle->uploaded) {
				$handle->file_new_name_body = uniqid(true);
				$handle->image_convert = 'png';
				$handle->process('../upload');
				if ($handle->processed) {
					$imgname = ", Pic = '".$handle->file_dst_name."' ";
					$handle->clean();
				} else {
					echo 'error : ' . $handle->error;
				}
			}
		}else{
					$imgname = '';
		}

		$q = mysqli_query($dbc, "UPDATE Slide SET TH_Title = '$TH_Name', TH_Text = '$TH_Info', EN_Title = '$EN_Name', EN_Text = '$EN_Info' $imgname WHERE ID = '$ID' ");
		if($q && !empty($imgname)) {
			unlink('../upload/'.$oldpic['Pic']);
		}

		if(count($errorlist) == 0){
			echo "<script>alert('แก้ไขข้อมูลสำเร็จ'); location.replace('edit_slide_img.php?id=$ID');</script>";
		}else{
			echo "FAILED: ";
			PRINTR($errorlist);
		}

		break;
	}
}