<?php// error_reporting(E_ALL);
//ini_set("display_errors", 1);
// Load Module Database
require_once('include/_define.inc.php');
require_once(_INCLUDE.'/common.inc.php');
require_once(_INCLUDE.'/function.inc.php');
require_once(_INCLUDE.'/function_select.inc.php');
require_once(_INCLUDE.'/io.inc.php');


require_once(BASEDIR . '/_configure.inc.php');

$ObjDB = new sql_db($DBHost, $DBUser, $DBPasswd, $DBName);
if(!$ObjDB->db_connect_id) { message_die(CRITICAL_ERROR, "Could not connect to the database"); }

require_once(_MODULE.'/class.session-user.php');
$clsSession = new user( true );

require_once(_INCLUDE.'/_variable.inc.php');

	
	$Condition = array();
	$Condition[] = '(`published` =1 )';
	//$Condition[] = '(`Type_News` =2 )';
	if(count($Condition)==0) $Condition[] = '1';
	$strCond = implode(' AND ', $Condition);
			$query = 'SELECT a.*,Image_Name,Image_Width,Image_Height,Thumb_Name,Thumb_Width,Thumb_Height ';
		$query.= 'FROM '.T_BANNER.' AS a  ';
		
		$query.= 'LEFT JOIN '.T_IMAGE.' AS `d` ON (`d`.`Group`=\'Banner_Image\' AND `d`.`ContentId`=`a`.`Id`) ';
		$query.= 'WHERE '.$strCond ;
		$query.= 'ORDER BY a.`Id` DESC ';
		// $query.= 'LIMIT 0,20 ';


		if ( !($result = $ObjDB->sql_query($query)) ) {message_die(GENERAL_ERROR, 'Couldnot query category information', '', __LINE__, __FILE__, $query);}
			while( $data = $ObjDB->sql_fetchrow($result) ) {
				$data['title'] = unHtmlEntities($data['title']);
				$data['description'] = unHtmlEntities($data['description']);
			
				if(CheckFileExists(BASEDIR_BANNER, $data['Image_Name'])) {
					//$_arr = IO::autoSize( $data['Thumb_Width'], $data['Thumb_Height'], 300, 250, false );
					//print_r($_arr);
					$Image = '<img src="'.BASEURL_BANNER.'/'.$data['Image_Name'].'"  border="0" border="0"  class="w-100" alt="Image" style="width:100%;"/>';

				} 
				$data['image']=$Image;
				$Banner[] = $data;

			}




if (isset($_GET['p'])) {
		$_GET['p'] = htmlspecialchars($_GET['p'], ENT_QUOTES, 'UTF-8');
		if (!filter_var($_GET['p'], FILTER_VALIDATE_INT)) {
			  
				error_log("Blocked GET request: " . $_SERVER['REQUEST_URI'] . " from IP: " . $_SERVER['REMOTE_ADDR']);

                // Send a 405 response and exit
                header("HTTP/1.1 405 Method Not Allowed");
                header("Content-Type: application/json");
                echo json_encode(["error" => "GET not allowed for this request."]);
				exit;
		}else{
			$_GET['p']=(int)$_GET['p'];
			//header("HTTP/1.1 405 Method Not Allowed");
		//	die("Invalid input");
		//	exit;

		}
}else{


		if(empty($_GET['p'])){	$_GET['p']=19; }
		

}




if (isset($_GET['id'])) {

$_GET['id'] = htmlspecialchars($_GET['id'], ENT_QUOTES, 'UTF-8');
			if (!empty($_GET['id']) ) {
				if (ctype_digit($_GET['id'])){
				
					$id = (int)$_GET['id'];  // แปลงเป็นตัวเลข
				
				} else {
					   error_log("Blocked GET request: " . $_SERVER['REQUEST_URI'] . " from IP: " . $_SERVER['REMOTE_ADDR']);

                // Send a 405 response and exit
					  header("HTTP/1.1 405 Method Not Allowed");
						header("Content-Type: application/json");
					  echo json_encode(["error" => "GET not allowed for this request."]);
					 exit;
				}
			}
}



include('mm_head.php');	
if ($_SERVER["REQUEST_METHOD"] == "GET" ) {
		
		 if (isset($_GET['p'])) {
				
				switch ($_GET['p']) {
				  case 1:
					include('page/p1.php');
					break;
				 case 2:
					include('page/p2.php');
					break;
				 case 3:
					include('page/p3.php');
					break;
				 case 4:
					include('page/p4.php');
					break;
				case 5:
					include('page/p5.php');
					break;
				case 6:
					include('page/p6.php');
					break;
				case 7:
					include('page/p7.php');
					break;
				case 8:
					include('page/p8.php');
					break;
				case 9:
					include('page/p9.php');
					
				case 10:
					include('page/p10.php');
					break;
				case 11:
					include('page/p11.php');
					break;
				case 12:
					include('page/p12.php');
					break;
				case 16:
					include('page/p16.php');
					break;
				case 17:
					include('page/p17.php');
					break;
					
				case 18:
					include('page/p18.php');
					break;
				case 19:
					include('page/main.php');
					break;
				default:
				   error_log("Blocked GET request: " . $_SERVER['REQUEST_URI'] . " from IP: " . $_SERVER['REMOTE_ADDR']);

                // Send a 405 response and exit
                header("HTTP/1.1 405 Method Not Allowed");
                header("Content-Type: application/json");
                echo json_encode(["error" => "GET not allowed for this request."]);
				break;

				}
				//echo is_login_data($user);

		 }else{
				include('page/main.php');
				exit;
		 }

		
}else{
  error_log("Blocked GET request: " . $_SERVER['REQUEST_URI'] . " from IP: " . $_SERVER['REMOTE_ADDR']);

                // Send a 405 response and exit
                header("HTTP/1.1 405 Method Not Allowed");
                header("Content-Type: application/json");
                echo json_encode(["error" => "GET not allowed for this request."]);
exit;
}




// Call the function at the start of execution

function applicationPreRequestHandlerExecute() {
    // Check if the request method is GET
    if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        // Define an array of parameters that should not be present in a GET request
        $postParams = [
            '__EVENTTARGET',
            '__VIEWSTATE',
            '__EVENTARGUMENT',
            'txt_usr',
            'remember_me',
            'txt_pass',
            'cmdLogin',
            'Login',
            '__EVENTVALIDATION'
        ];

        // Check if any of these parameters exist in the query string
        foreach ($postParams as $param) {
            if (isset($_GET[$param])) {
                // Log the blocked request (optional: adjust logging as needed)
                error_log("Blocked GET request: " . $_SERVER['REQUEST_URI'] . " from IP: " . $_SERVER['REMOTE_ADDR']);

                // Send a 405 response and exit
                header("HTTP/1.1 405 Method Not Allowed");
                header("Content-Type: application/json");
                echo json_encode(["error" => "GET not allowed for this request."]);
                exit;
            }
        }
    }
}

// Call the function at the start of execution
applicationPreRequestHandlerExecute();


include('mm_foot.php');
	?>