<?php
include "../classes/Config.php";
include "functions.php";
$checkout = new Checkout();
$cadastros = new Cadastros();
if (isset($_POST) && !empty($_POST)) {
if (isset($_POST['notificationCode']) && !empty($_POST['notificationCode'])) {
$transaction_id = anti_injection($_POST['notificationCode']);
$content = $checkout->CheckNotification($transaction_id);
/////////// INICIA VERIFICAÇÃO DE CRÉDITO ///////////
$transaction_info = $vendas->getRegistro($content->code);
if ($transaction_info['vnd_venda_entregue'] == '0') {
if ($transaction_info['vnd_produtos_id'] == '0') {
$cnt_credit = $transaction_info['vnd_item_count'];
} else {
$info = $produtos_info->getRegistro($transaction_info['vnd_produtos_id']);
$cnt_credit = $info['pro_produto_credit'];
}
if ($cadastros->CheckCreditExists($transaction_info['vnd_accounts_id'])) {
$cnt_credit_act = $cadastros->GetCreditCount($transaction_info['vnd_accounts_id']);
$cnt_credit = $cnt_credit + $cnt_credit_act;
$result = $cadastros->UpdateCredit($transaction_info['vnd_accounts_id'], $cnt_credit);
if ($result) {
$vendas->UpdateEntregue($content->code);
}
} else {
$result = $cadastros->AddCredit($transaction_info['vnd_accounts_id'], $cnt_credit);
if ($result) {
$vendas->UpdateEntregue($content->code);
}
<?php
session_start();
include "koneksi.php";
include "fungsi.php";
$pesan = 0;
selesaiDispSK($_POST["id_disposisi"]);
if (isset($_POST["terima"])) {
$ds_sk = mysql_fetch_array(mysql_query("SELECT * FROM myapp_maintable_suratkeluar WHERE id='" . $_POST["id_surat_keluar"] . "'"));
$peneken_nota = $_SESSION["id_level"];
if ($ds_sk["id_ttd"] == 1 || $ds_sk["id_ttd"] == 4) {
mysql_query("UPDATE myapp_maintable_suratkeluar SET no_nodin='" . nomor_nodin($peneken_nota, date("Y")) . "', tgl_nodin=CURDATE() WHERE id='" . $_POST["id_surat_keluar"] . "'");
}
if ($ds_sk["id_ttd"] == 4) {
mysql_query("UPDATE myapp_maintable_suratkeluar SET status=2 WHERE id='" . $_POST["id_surat_keluar"] . "'");
} else {
pushDispSK(anti_injection($_POST["id_surat_keluar"]), $_SESSION["id_level"], 2, anti_injection($_POST["catatan"]), 1);
}
header("location:../?mod=inform&pesan=30&redir=posisi_surat_keluar_kabid");
} else {
if (isset($_POST["tolak"])) {
$ds_id_dis = mysql_fetch_array(mysql_query("SELECT * FROM myapp_disptable_suratkeluar WHERE id='" . $_POST["id_disposisi"] . "'"));
pushDispSK(anti_injection($_POST["id_surat_keluar"]), $_SESSION["id_level"], levelBawahan(anti_injection($_POST["id_surat_keluar"]), 3), anti_injection($_POST["catatan"]), 2);
header("location:../?mod=inform&pesan=31&redir=posisi_surat_keluar_kabid");
}
}
<?php
error_reporting(0);
include "config/koneksi.php";
function anti_injection($data)
{
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter;
}
$user = anti_injection($_POST['username']);
$pass = anti_injection(md5($_POST['password']));
if (!ctype_alnum($user) or !ctype_alnum($pass)) {
echo "<div id='gagal' class='alert alert-danger'>Maaf anda bukan Administrator</div>";
}
// pastikan username dan password adalah berupa huruf atau angka.
$login = sprintf("SELECT * FROM digilib_admin WHERE username='******' AND password='******'", mysql_real_escape_string($user), mysql_real_escape_string($pass));
$cek_lagi = mysql_query($login);
$ketemu = mysql_num_rows($cek_lagi);
$r = mysql_fetch_array($cek_lagi);
// Apabila username dan password ditemukan
if ($ketemu > 0) {
session_start();
$_SESSION['id_admin'] = $r['id_admin'];
$_SESSION['nama'] = $r['nama'];
$_SESSION['username'] = $r['username'];
$_SESSION['password'] = $r['password'];
$_SESSION['telphp'] = $r['telphp'];
$_SESSION['delete'] = $r['delete'];
if ($_SESSION['username'] !== '') {
echo "<div id='sukses' class='alert alert-info'><strong>BERHASIL...</strong><button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div><script>window.location ='media.php?home'</script>";
}
$password = $_POST['password'];
function anti_injection($data)
{
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter;
}
if (!ctype_alnum($username) or !ctype_alnum($password)) {
header('Content-Type: application/json');
echo json_encode(array('cek' => 'false'));
//echo 'false';
$user = $_POST['username'];
$aksi = "Melakukan percobaan tindakan sql injection";
catat($user, $aksi);
} else {
$username = anti_injection($username);
$password = anti_injection($password);
$login = mysql_query("SELECT * FROM petugas WHERE USERNAME_LOGIN='******' AND PASSWORD_LOGIN='******' ");
$ada = mysql_num_rows($login);
$r = mysql_fetch_array($login);
if ($ada > 0) {
session_start();
$_SESSION['KODE_PETUGAS'] = $r['KODE_PETUGAS'];
$_SESSION['NAMA_PETUGAS'] = $r['NAMA_PETUGAS'];
$_SESSION['EMAIL'] = $r['EMAIL'];
$_SESSION['USERNAME_LOGIN'] = $r['USERNAME_LOGIN'];
$_SESSION['STATE_ID'] = $r['STATE_ID'];
$_SESSION['AKSES'] = $r['AKSES'];
$user = $_SESSION['KODE_PETUGAS'];
$aksi = "Melakukan login sistem";
catat($user, $aksi);
header('Content-Type: application/json');
<?php
include "../php/koneksi.php";
include "../php/fungsi.php";
$id_surat = anti_injection($_GET["id"]);
$id_disposisi = anti_injection($_GET["id_disposisi"]);
bacaDispSK($id_disposisi);
$ds = mysql_fetch_array(mysql_query("SELECT \n \ta.*, b.unit_kerja, CONCAT('(', c.kode_masalah, ') ', c.masalah) AS masalah,\n \tCONCAT('(', d.kode, ') ', d.jenis_surat) AS jenis_surat\n FROM \n \tmyapp_maintable_suratkeluar a\n \tLEFT JOIN myapp_reftable_unitkerja b ON a.id_skpd_tujuan = b.id_unit_kerja\n \tLEFT JOIN myapp_reftable_masalah c ON a.id_masalah = c.id_masalah\n \tLEFT JOIN myapp_reftable_jenissurat d ON a.id_jenis_surat = d.id_jenis_surat\n WHERE \n \ta.id='" . $id_surat . "'"));
?>
<fieldset>
<legend><h3>EDIT SURAT KELUAR</h3></legend>
<form name="frm" action="../php/edit_surat_keluar.php" method="POST">
<input type="hidden" name="id" value="<?php
echo $_GET["id"];
?>
" />
<table border="0px" cellspacing='0' cellpadding='0' width='100%'>
<tr>
<td width='20%'>Nomor Surat</td>
<td width='10px'>:</td>
<td><b><?php
echo $ds["no_surat"];
?>
</b></td>
</tr>
<tr>
<td width='20%'>Tanggal Surat</td>
<td width='10px'>:</td>
<td><b><?php
echo $ds["tgl_surat"];
<?php
include "koneksi.php";
include "fungsi.php";
$ids = anti_injection($_GET["id"]);
$sql = "DELETE FROM myapp_maintable_suratmasuk WHERE id='" . $ids . "'";
mysql_query($sql);
//echo($sql);
header("location:../?mod=inform&pesan=2&redir=manajemen_surat_masuk_1");
?>
<?php
getSubTitulo('Formulário de Cadastro');
?>
<p>
<span style="font-weight:bold;">OBS:</span> Ao excluir um bloco, será excluido tudo o que estiver vinculado à ela (igreja, líderes, tribos, jovens, etc...).
</p><br />
<?php
/** Verifica, insere, etc, tudo aqui */
$form_id_cidade = isset($_POST['form-cidade']) ? $_POST['form-cidade'] : '';
$form_nome_bloco = isset($_POST['form-bloco']) ? $_POST['form-bloco'] : '';
$form_id_cidade = anti_injection($form_id_cidade);
$form_nome_bloco = anti_injection($form_nome_bloco);
$form_id_estado = $_SESSION['estado'];
//Verifica se usuario digitou alguma coisa
if (!empty($form_nome_bloco) && !empty($form_id_cidade)) {
try {
//Verifica se registro ja existe
$rs = $conx->prepare('SELECT id FROM fj_bloco WHERE nome_bloco=?');
$rs->bindParam(1, $form_nome_bloco);
$rs->execute();
$row = $rs->fetchAll(PDO::FETCH_ASSOC);
//Conta as linhas para verificação logo abaixo
$numRows = count($row);
} catch (PDOException $e) {
getDivResult(PAG_QUERY_ERR, DIV_ERR);
}
//Se não existe registro, insere, se existe, mostra erro de duplicidade
<?php
error_reporting(0);
include "config/koneksi.php";
function anti_injection($data)
{
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter;
}
$username = anti_injection($_POST['username2']);
$password = anti_injection($_POST['password2']);
$email = anti_injection($_POST['email2']);
$enkrip_pass = md5($password2);
$nip = anti_injection($_POST['nip']);
$cek_username = mysql_num_rows(mysql_query("SELECT username FROM tbl_user\n WHERE username='******'"));
$ceknipdaftar = mysql_num_rows(mysql_query("SELECT nip FROM tbl_user\n WHERE nip='{$nip}'"));
$cek_email = mysql_num_rows(mysql_query("SELECT email FROM tbl_user\n WHERE email='{$email}'"));
$cek_nip = mysql_num_rows(mysql_query("SELECT nip FROM pegawai\n WHERE nip='{$nip}'"));
if ($cek_username > 0) {
echo "<div id='gagal' class='alert alert-danger'>Maaf Username sudah terdaftar<button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div>";
} else {
if ($cek_nip == 0) {
echo "<div id='gagal' class='alert alert-danger'>Mohon maaf NIP anda tidak terdaftar mohon menghubungi HRD<button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div>";
} else {
if ($cek_email > 0) {
echo "<div id='gagal' class='alert alert-danger'>Mohon maaf Email anda tidak terdaftar<button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div>";
} else {
if ($ceknipdaftar > 0) {
echo "<div id='gagal' class='alert alert-danger'>Mohon maaf NIP anda sudah terdaftar<button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div>";
} else {
mysql_query("INSERT INTO tbl_user(id_user,username,\n pass,\n email,\n level_user,w_daftar,nip,photo)\n VALUES('','{$username}',\n '{$enkrip_pass}',\n '{$email}',\n '5',NOW(),'{$nip}','../assets/avatars/avatar5.png')");
<?php
$nama = anti_injection($_POST["nama"]);
$kode = anti_injection($_POST["kode"]);
if ((int) $_GET["mode"] == 1) {
if ($nama == '') {
?>
<script type="text/javascript">
alert('nama tidak boleh kosong');
document.location.href='./index.php?mod=home&opt=jurusan&opts=tambah';
</script>
<?php
} else {
$d = mysql_query("insert into tbl_jurusan (nama) values ('{$nama}')");
if ($d) {
benar("./index.php?mod=home&opt=jurusan&opts=list");
} else {
salah("./index.php?mod=home&opt=jurusan&opts=tambah");
}
}
} else {
if ((int) $_GET["mode"] == 2) {
if ((int) $_GET["id_jurusan"] != 0) {
if ($nama == '') {
?>
<script type="text/javascript">
alert('nama tidak boleh kosong');
document.location.href='./index.php?mod=home&opt=jurusan&opts=edit&id_user=<?php
echo (int) $_GET["id_user"];
?>
';
public function addUserAct($user, $pass, $nama)
{
$data = array('IdUser' => '', 'uidUser' => anti_injection($user), 'passUser' => password_generator($pass), 'nameUser' => $nama);
$query = $this->db->insert('tuser', $data);
}
?>
<?php
getSubTitulo('Registro de eventos');
?>
<?php
/** Verifica, insere, etc, tudo aqui */
$form_nome_evento = isset($_POST['form-nome-evento']) ? $_POST['form-nome-evento'] : '';
$form_descricao = isset($_POST['form-descricao']) ? $_POST['form-descricao'] : '';
$form_data_evento = isset($_POST['form-data-evento']) ? $_POST['form-data-evento'] : '';
$form_qtd_jovens = isset($_POST['form-qtd-jovens']) ? $_POST['form-qtd-jovens'] : '';
$form_nome_evento = anti_injection($form_nome_evento);
$form_descricao = anti_injection($form_descricao);
$form_data_evento = anti_injection($form_data_evento);
$form_qtd_jovens = anti_injection($form_qtd_jovens);
$form_data_cad_evento = date('Y-m-d');
$form_id_estado = $_SESSION['estado'];
$form_id_cidade = $_SESSION['cidade'];
$form_id_regiao = $_SESSION['regiao'];
$form_id_bairro = $_SESSION['bairro'];
$form_id_igreja = $_SESSION['igreja'];
$form_id_lider_equipe = $_SESSION['lider_equipe'];
//Verifica se usuario digitou alguma coisa
if (!empty($form_nome_evento) && !empty($form_descricao) && !empty($form_data_evento) && !empty($form_qtd_jovens)) {
try {
//Verifica se registro ja existe
$rs = $conx->prepare('SELECT id FROM fj_eventos WHERE fk_q_igreja_id=? AND fk_bairro_id=? AND fk_estado_id=? AND fk_cidade_id=? AND fk_regiao_id=? AND data_evento=? AND nome_evento=?');
$rs->bindParam(1, $form_id_igreja);
$rs->bindParam(2, $form_id_bairro);
$rs->bindParam(3, $form_id_estado);
<?php
include "config/koneksi.php";
include "config/library.php";
$nama = trim($_POST['nama']);
$pesan = trim($_POST['pesan']);
if (empty($nama)) {
echo "Anda belum mengisikan NAMA<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>";
} elseif (empty($pesan)) {
echo "Anda belum mengisikan PESAN<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>";
} elseif (strlen($_POST['pesan']) > 100) {
echo "PESAN Anda kepanjangan, dikurangin atau dibagi jadi beberapa bagian.<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>";
} else {
function anti_injection($data)
{
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter;
}
$nama = anti_injection($_POST['nama']);
$website = anti_injection($_POST['website']);
$pesan = anti_injection($_POST['pesan']);
$kueri = mysql_query("INSERT INTO shoutbox(nama, website, pesan, tanggal, jam)\n VALUES('{$nama}', '{$website}', '{$pesan}', '{$tgl_sekarang}','{$jam_sekarang}')");
echo "<meta http-equiv='refresh' content='0; url=index.php'>";
}
<title>Cetak Lembar Disposisi</title>
</head>
<body onload="window.print();">
<table border='1' style="border-collapse: collapse; width:100%;">
<tr>
<td width='5%' align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">No.</td>
<td width='20%' align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">Asal</td>
<td width='20%' align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">Tujuan</td>
<td width='20%' align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">Catatan</td>
<td align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">Paraf</td>
</tr>
<?php
include "../php/koneksi.php";
include "../php/fungsi.php";
bacaDisp($_GET["id_disposisi"]);
$id_surat = anti_injection($_GET['id']);
$sql = "SELECT\n \tb.level AS level_asal, c.level AS level_tujuan, a.catatan, a.tgl_disposisi, c.urutan, d.nama\n FROM\n \tmyapp_disptable_suratmasuk a\n \tLEFT JOIN myapp_reftable_levelpengguna b ON a.id_level_asal = b.id\n \tLEFT JOIN myapp_reftable_levelpengguna c ON a.id_level_tujuan = c.id\n LEFT JOIN myapp_maintable_pengguna d ON a.id_pengguna_tujuan = d.id\n WHERE\n \tMD5(MD5(a.id_surat_masuk )) = '" . $id_surat . "'";
$res = mysql_query($sql);
$ctr = 0;
while ($ds = mysql_fetch_array($res)) {
$ctr++;
$nama = "";
if ($ds["urutan"] == 4) {
$nama = " [[ " . $ds["nama"] . " ]]";
}
?>
<tr>
<td align='center' style="padding: 10px;"><?php
echo $ctr;
?>
</td>
<IMG SRC="images/menu/textmenu_member.gif" BORDER="0">
<TABLE width="740" align=center cellSpacing=0 cellPadding=0 border=0>
<TR>
<TD height="1" class="dotline" ></TD>
</TR>
<TR><td>
<?php
$user_login = stripslashes($_POST['user_login']);
$user_login = mysql_real_escape_string($_POST['user_login']);
$pwd_login = stripslashes($_POST['pwd_login']);
$pwd_login = mysql_real_escape_string($_POST['pwd_login']);
if (is_valid($user_login) == true && is_valid($pwd_login) == true) {
$Username = preg_replace('/"/i', '\\"', $user_login);
$Password = preg_replace("/'/i", "\\'", $pwd_login);
anti_injection($Username, $Password, $IPADDRESS);
//ÃкºÊÁÒªÔ¡àÊÃÔÁ maxsite 1.10 ¾Ñ²¹Òâ´Â www.narongrit.net
if (USE_CAPCHA) {
if ($_SESSION['security_code'] != $_POST['security_code'] or empty($_POST['security_code'])) {
echo "<script language='javascript'>";
echo "alert('" . _JAVA_CAPTCHA_NOACC . "')";
echo "</script>";
echo "<script language='javascript'>javascript:history.go(-1)</script>";
// echo " if(".$_SESSION['security_code']." != ".$_POST['security_code']." OR empty(".$_POST['security_code'].")) {";
exit;
}
}
if (isset($Username) and isset($Password)) {
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$res['admin'] = $db->select_query("SELECT * FROM " . TB_ADMIN . " WHERE username='******' AND password='******' ");
$rows['admin'] = $db->rows($res['admin']);
<?php
session_start();
include "../koneksi.php";
include "../../method/function.php";
// set the post variabel securely
$username = anti_injection($_POST['username']);
$password = anti_injection($_POST['password']);
$res = mysql_query("SELECT \n \ta.*, b.atasan AS atasan, b.level as level \n FROM \n \tmyapp_maintable_pengguna a\n LEFT JOIN \n \tmyapp_reftable_levelpengguna b ON a.id_level = b.id\n WHERE \n \tusername = '******' AND password = '******'");
if (mysql_num_rows($res) == 1) {
$ds = mysql_fetch_array($res);
$_SESSION["password"] = $ds["password"];
$_SESSION["id_pengguna"] = $ds["id"];
$_SESSION["id_level"] = $ds["id_level"];
$_SESSION["username"] = $ds["username"];
$_SESSION["nama"] = $ds["nama"];
$_SESSION["atasan"] = $ds["atasan"];
$_SESSION["level"] = $ds["level"];
// set login act depend on id level of user
// rules
switch ($ds['id_level']) {
case 18:
header("location:../../?mod=main_loket");
break;
case 1:
header("location:../../?mod=main_kaban");
break;
case 2:
header("location:../../?mod=main_sekretaris");
break;
case 3:
</label>
<label>
<span>Mensagem</span>
<textarea required title="Digite a sua mensagem" name="mensagem"></textarea>
</label>
<input class="enviar" type="submit" value="enviar" name="conf">
</form>
</div>
<?php
} else {
include "funcoes.php";
$con = connect();
$nome = htmlentities(anti_injection($_POST['nome']));
$email = anti_injection($_POST['email']);
$assunto = htmlentities(anti_injection($_POST['assunto']));
$mensagem = htmlentities(anti_injection($_POST['mensagem']));
$ins = "INSERT INTO contato (nome, email, assunto, mensagem) VALUES (\n \"" . $nome . "\", \"" . $email . "\", \"" . $assunto . "\", \"" . $mensagem . "\"\n )";
mysql_query($ins, $con) or die("Erro ao enviar mensagem. Verifique a conexão com o banco de dados.");
unset($_POST);
?>
<script>
alert('Mensagem enviada com sucesso. Aguarde nosso contato em breve!')
</script>
<form class="form" action="#contato" method="post">
<p>Mensagem enviada com sucesso.</p>
<input class="enviar" type="submit" value="voltar" name="volt">
</form>
<?php
}
?>
<div class="fechar" id="fechamapa"><a class="close" onclick="hidemap()">Fechar mapa</a></div>
<?php
$nama = anti_injection($_POST["nama"]);
$wilayah = anti_injection($_POST["wilayah"]);
if ((int) $_GET["mode"] == 1) {
if ($nama == '') {
?>
<script type="text/javascript">
alert('nama tidak boleh kosong');
document.location.href='./index.php?mod=home&opt=kel&opts=tambah';
</script>
<?php
} else {
$id_prov = $wilayah;
$qry_id = "select id_kelurahan from ref_kelurahan where id_kecamatan ='{$id_prov}' order by kode_kelurahan desc limit 1";
$exec_qry = mysql_query($qry_id);
$get_id = mysql_fetch_array($exec_qry);
$last_id = $get_id["kode_kelurahan"];
$last_id = (int) $last_id + 1;
$l_id = strval($last_id);
if (strlen($last_id) == 1) {
$kd_wil = '00' . $l_id;
$id_wil = $id_prov . '00' . $l_id;
} elseif (strlen($last_id) == 2) {
$kd_wil = '0' . $l_id;
$id_wil = $id_prov . '0' . $l_id;
} else {
$kd_wil = $l_id;
$id_wil = $id_prov . $l_id;
}
//echo $qry_id;
<?php
function anti_injection($data)
{
$filter = stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)));
return $filter;
}
$activeuser = anti_injection($_GET['activeuser']);
$key = anti_injection($_GET['key']);
if (!empty($activeuser) and !empty($key)) {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="robots" content="index, follow" />
<meta name="description" content="Activation PopojiCMS" />
<meta name="keywords" content="activation popojicms, popojicms" />
<meta http-equiv="Copyright" content="popojicms" />
<meta name="author" content="Dwira Survivor" />
<meta http-equiv="imagetoolbar" content="no" />
<meta name="language" content="Indonesia" />
<meta name="revisit-after" content="7" />
<meta name="webcrawlers" content="all" />
<meta name="rating" content="general" />
<meta name="spiders" content="all" />
<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1.0" />
<!--[if gt IE 8]>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
?>
<?php
getSubTitulo('Formulário de Cadastro');
?>
<p>
<span style="font-weight:bold;">OBS:</span> Não é possível excluir um bairro se existirem dados vinculados à ele (igreja, líderes, tribos, jovens, etc...).
</p><br />
<?php
/** Verifica, insere, etc, tudo aqui */
$form_id_cidade = isset($_POST['form-cidade']) ? $_POST['form-cidade'] : '';
$form_nome_bairro = isset($_POST['form-bairro']) ? $_POST['form-bairro'] : '';
$form_id_cidade = anti_injection($form_id_cidade);
$form_nome_bairro = anti_injection($form_nome_bairro);
$form_id_estado = $_SESSION['estado'];
//Verifica se usuario digitou alguma coisa
if (!empty($form_nome_bairro) && !empty($form_id_cidade)) {
try {
//Verifica se registro ja existe
$rs = $conx->prepare('SELECT id FROM fj_bairro WHERE nome_bairro=? AND fk_cidade_id=?');
$rs->bindParam(1, $form_nome_bairro);
$rs->bindParam(2, $form_id_cidade);
$rs->execute();
$row = $rs->fetchAll(PDO::FETCH_ASSOC);
//Conta as linhas para verificação logo abaixo
$numRows = count($row);
} catch (PDOException $e) {
getDivResult(PAG_QUERY_ERR, DIV_ERR);
}
<?php
include '../../header.php';
if (isset($_GET['sor_sorteios_id']) && !empty($_GET['sor_sorteios_id']) && is_numeric($_GET['sor_sorteios_id'])) {
$_GET['sor_sorteios_id'] = anti_injection($_GET['sor_sorteios_id']);
$date_counter = $sorteios->getValue('sor_sorteio_data', $_GET['sor_sorteios_id']);
if (!$user->CheckLogin($session->data)) {
echo "<script>document.location.href='" . DIR_DOCS . "logout/'</script>";
}
$gan_registro = $ganhadores->CheckGanhador($_GET['sor_sorteios_id']);
$count_participantes = count($participantes->getCountSorteios($_GET['sor_sorteios_id']));
} else {
echo "<script>document.location.href='" . DIR_DOCS . "sorteios/index.php?type=1'</script>";
}
?>
<?php
if (isset($date_counter) && !empty($date_counter)) {
$date_counter = GetTimeInterval(date('d/m/Y H:i:s', strtotime($date_counter)));
$registro = $sorteios->getRegistro($_GET['sor_sorteios_id']);
if ($registro['sor_sorteio_status'] == '0') {
?>
<section id="top-a" class="grid-block">
<div class="grid-box width100 grid-h">
<div class="module deepest">
<div id="block-main">
<div class="wrapper clearfix">
<div class="text-center">
<div class="quote">
<div id="counter"> </div>
<div class="desc">
<?php
require_once "koneksi.php";
error_reporting(0);
function anti_injection($data)
{
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter;
}
$username = anti_injection($_POST[username]);
$pass = anti_injection(md5($_POST[password]));
if (!ctype_alnum($username) or !ctype_alnum($pass)) {
echo "<script>window.alert('isi username dan password anda');\n window.location=('index.php')</script>";
} else {
$login = mysql_query("SELECT * FROM users WHERE username='******' AND password='******' AND blokir='N'");
$ketemu = mysql_num_rows($login);
$r = mysql_fetch_array($login);
$tgl = date("d-m-Y");
$jam = date("H:i:s");
if ($ketemu > 0) {
session_start();
$_SESSION[namauser] = $user = $r[username];
$_SESSION[namalengkap] = $r[nama_lengkap];
$_SESSION[passuser] = $pass = $r[password];
$_SESSION[leveluser] = $r[level];
$_SESSION[notelp] = $r[no_telp];
$_SESSION[tgl] = $r[login];
$_SESSION[jamin] = $r[jamin];
$_SESSION[status] = online;
$sid_lama = session_id();
session_regenerate_id();
<?php
session_start();
include "koneksi.php";
include "fungsi.php";
/*$sql = "INSERT INTO myapp_maintable_suratmasuk (id, no_surat, tgl_surat, tgl_terima, perihal_surat, pengirim_surat, alamat_pengirim, judul_surat, deskripsi_surat, catatan, id_skpd_pengirim, id_masalah, id_jenis_surat, harus_selesai, indeks, kode, status, asal_disposisi, tujuan_disposisi) VALUES
(NULL, '$_POST[no_surat]', '$_POST[tgl_surat]', '$_POST[tgl_terima]', '$_POST[perihal_surat]', '$_POST[pengirim_surat]', '$_POST[alamat_pengirim]', '$_POST[judul_surat]', '$_POST[deskripsi_surat]', '$_POST[catatan]', '$_POST[id_skpd_pengirim]', '$_POST[id_masalah]', '$_POST[id_jenis_surat]', '$_POST[harus_selesai]', '$_POST[indeks]', '$_POST[kode]', 1, 0, 0)";*/
$sql = "UPDATE myapp_maintable_suratkeluar SET\n tgl_surat = '" . anti_injection($_POST['tgl_surat']) . "',\n perihal_surat = '" . anti_injection($_POST['perihal_surat']) . "',\n tujuan_surat = '" . anti_injection($_POST['tujuan_surat']) . "',\n alamat_tujuan = '" . anti_injection($_POST['alamat_tujuan']) . "',\n judul_surat = '" . anti_injection($_POST['judul_surat']) . "',\n deskripsi_surat = '" . anti_injection($_POST['deskripsi_surat']) . "',\n catatan = '" . anti_injection($_POST['catatan']) . "',\n id_skpd_tujuan = '" . anti_injection($_POST['id_skpd_tujuan']) . "',\n id_masalah = '" . anti_injection($_POST['id_masalah']) . "',\n id_jenis_surat = '" . anti_injection($_POST['id_jenis_surat']) . "',\n id_ttd = '" . anti_injection($_POST['id_ttd']) . "'\n WHERE id = '" . anti_injection($_POST['id']) . "'";
mysql_query($sql);
//echo($sql);
header("location:../?mod=inform&pesan=14&redir=manajemen_surat_keluar_1");
<?php
session_start();
include "koneksi.php";
include "fungsi.php";
$id = anti_injection($_GET['id']);
$tujuan = anti_injection($_GET['tujuan_disposisi']);
$catatan = anti_injection($_GET['catatan']);
// 1. UPDATE surat masuk STATUS = 2 DAN ISIKAN TUJUAN SERTA ASAL DISPOSISI
mysql_query("UPDATE myapp_maintable_suratmasuk SET status=2, asal_disposisi='{$_SESSION['id_level']}', tujuan_disposisi='" . $tujuan . "' WHERE id='" . $id . "'");
// 2. PUSH catatan disposisi surat masuk
mysql_query("INSERT INTO myapp_notetable_disposisisuratmasuk VALUES(null, '" . $id . "', '{$_SESSION['id_level']}', '" . $catatan . "')");
//echo($sql);
header("location:../?mod=inform&pesan=4&redir=disposisi_surat_masuk_1");
<?php
$nama = anti_injection($_POST["nama"]);
$alamat = anti_injection($_POST["alamat"]);
$telepon = anti_injection($_POST["telepon"]);
$email = anti_injection($_POST["email"]);
$username = anti_injection($_POST["username"]);
$password = md5(anti_injection($_POST["password"]));
if ($nama == '' and $username == '') {
?>
<script type="text/javascript">
alert('nama dan username tidak boleh kosong');
document.location.href='./index.php?mod=home&opt=profil&opts=list';
</script>
<?php
exit;
}
if ($email != '') {
cek_email($email, "./index.php?mod=home&opt=profil&opts=list");
}
if ($telepon != '') {
cek_telepon($telepon, "./index.php?mod=home&opt=profil&opts=list");
}
if (${$_POST}["password"] == "") {
$d = mysql_query("update tbl_user set nama='{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******' where username='******'");
} else {
$d = mysql_query("update tbl_user set nama='{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******', password='******' where username='******'");
}
if ($d) {
benar("./index.php?mod=home&opt=profil&opts=list");
$_SESSION["username"] == $username;
<?php
function anti_injection($data)
{
$filter = stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)));
return $filter;
}
$forgetuser = anti_injection($_GET['forgetuser']);
$forgetkey = anti_injection($_GET['forgetkey']);
if (!empty($forgetuser) and !empty($forgetkey)) {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="robots" content="index, follow" />
<meta name="description" content="Recover PopojiCMS" />
<meta name="keywords" content="recover popojicms, popojicms" />
<meta http-equiv="Copyright" content="popojicms" />
<meta name="author" content="Dwira Survivor" />
<meta http-equiv="imagetoolbar" content="no" />
<meta name="language" content="Indonesia" />
<meta name="revisit-after" content="7" />
<meta name="webcrawlers" content="all" />
<meta name="rating" content="general" />
<meta name="spiders" content="all" />
<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1.0" />
<!--[if gt IE 8]>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<?php
session_start();
include "koneksi.php";
include "fungsi.php";
$id = anti_injection($_GET["id"]);
$id_sk = anti_injection($_GET["id_surat_keluar"]);
mysql_query("DELETE FROM myapp_maintable_balasan WHERE id='" . $id . "'");
header("location:../?mod=edit_surat_keluar&id=" . $id_sk);
<?php
session_start();
include "../../../php/koneksi.php";
include "../../../method/function.php";
$id_surat_masuk = anti_injection($_GET['id_surat_masuk']);
$id_disposisi = anti_injection($_GET['id_disposisi']);
?>
<!-- DIALOG -->
<fieldset>
<legend><h3>Lanjutkan Surat Ke Kepala Bidang Yang Dituju</h3></legend>
<form name="frm" action="../../../php/posisi_surat_masuk_kaban.php" method="post">
<table border="0px" cellspacing='0' cellpadding='0' width='100%'>
<input type="hidden" name="id_surat_masuk" value="<?php
echo $id_surat_masuk;
?>
" id="id_surat_masuk" />
<input type="hidden" name="id_disposisi" value="<?php
echo $id_disposisi;
?>
" id="id_disposisi" />
<?php
$res_ldb = mysql_query("SELECT * FROM myapp_reftable_levelpengguna WHERE atasan='" . $_SESSION["id_level"] . "' AND id <> 2");
while ($ds_ldb = mysql_fetch_array($res_ldb)) {
?>
<tr>
<td width='5px'><input type="checkbox" name="id_level_tujuan_<?php
echo $ds_ldb["id"];
?>
" /></td>
<?php
include_once '../po-library/po-database.php';
include_once '../po-library/po-function.php';
function anti_injection($data)
{
$filter = stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)));
return $filter;
}
$username = anti_injection($_POST['username']);
$email = anti_injection($_POST['email']);
$pass = anti_injection($_POST['password']);
$passmd5 = anti_injection(md5($_POST['password']));
$repass = anti_injection($_POST['re-password']);
if (!ctype_alnum($username) or !ctype_alnum($pass) or !ctype_alnum($repass)) {
header('location:register.php?errormsg=1');
} else {
if (!preg_match("/^[\\.A-z0-9_\\-\\+]+@((gmail)|(yahoo)|(ymail)|(rocketmail)|(hotmail)|(mail)|(telkom)|(plaza)|(inbox)|(lifedeary)|(aim)|(aol))+.((com)|(co.id)|(edu)|(net))\$/", $email)) {
header('location:register.php?errormsg=2');
} else {
$table = new PoTable('users');
$currentEmail = $table->findBy(email, $email);
$currentEmail = $currentEmail->current();
if ($currentEmail > 0) {
header('location:register.php?errormsg=3');
} else {
if (strlen($pass) >= 6) {
if ($pass == $repass) {
$currentUser = $table->findBy(username, $username);
$currentUser = $currentUser->current();
if ($currentUser > 0) {
<?php
getSubTitulo('Formulário de Cadastro');
?>
<p>
<span style="font-weight:bold;">OBS:</span> Ao excluir uma tribo, será excluido tudo o que estiver vinculado à ela (jovens, etc...).<br />
</p><br />
<?php
/** Verifica, insere, etc, tudo aqui */
$form_id_equipe = isset($_POST['form-equipe']) ? $_POST['form-equipe'] : '';
$form_id_lider_tribo = isset($_POST['form-lider-tribo']) ? $_POST['form-lider-tribo'] : '';
$form_nome_tribo = isset($_POST['form-nome-tribo']) ? $_POST['form-nome-tribo'] : '';
$form_id_equipe = anti_injection($form_id_equipe);
$form_id_lider_tribo = anti_injection($form_id_lider_tribo);
$form_nome_tribo = anti_injection($form_nome_tribo);
$form_id_estado = $_SESSION['estado'];
$form_id_cidade = $_SESSION['cidade'];
$form_id_regiao = $_SESSION['regiao'];
$form_id_bairro = $_SESSION['bairro'];
$form_id_igreja = $_SESSION['igreja'];
//Verifica se usuario digitou alguma coisa
if (!empty($form_id_equipe) && !empty($form_id_lider_tribo) && !empty($form_id_regiao) && !empty($form_id_cidade) && !empty($form_id_bairro) && !empty($form_id_igreja) && !empty($form_nome_tribo)) {
try {
//Verifica se registro ja existe
$rs = $conx->prepare('SELECT id FROM fj_tribo WHERE fk_equipe_id=? AND fk_q_igreja_id=? AND fk_bairro_id=? AND fk_estado_id=? AND fk_cidade_id=? AND fk_regiao_id=? AND nome_tribo=?');
$rs->bindParam(1, $form_id_equipe);
$rs->bindParam(2, $form_id_igreja);
$rs->bindParam(3, $form_id_bairro);
$rs->bindParam(4, $form_id_estado);
$rs->bindParam(5, $form_id_cidade);
if ($tmp <= 0) {
$id = 1;
} else {
$id = (int) ($tmp + 1);
}
mysql_close();
// close the connection stream database
return $id;
}
function anti_injection($data)
{
$data1 = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $data1;
}
echo "TEST";
// all POST VARIABLES from baru_iplk.php file
// CMIIWW
$id_per = anti_injection($_POST["id_per"]);
$nama_pemohon = anti_injection($_POST["nama_pemohon"]);
$alamat_pemohon = anti_injection($_POST["alamat_pemohon"]);
$no_hp = anti_injection($_POST["no_hp"]);
$nama_lembaga = anti_injection($_POST["nama_lembaga"]);
$no_akte = anti_injection($_POST["no_akte"]);
$nama_penanggung_jawab = anti_injection($_POST["nama_penanggung_jawab"]);
$bentuk_usaha = anti_injection($_POST["bentuk_usaha"]);
$sumber_siswa = anti_injection($_POST["sumber_siswa"]);
$sumber_biaya = anti_injection($_POST["sumber_biaya"]);
$sifat = anti_injection($_POST["sifat"]);
$id_urus = setIDTabel("tbl_berkas_iplk", "id_urus_janji");
$id_berkas = setIDTabel("tbl_info_berkas", "id");
echo "ID URUS : " . $id_urus . "<br/>";
