$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('category'); $tabledel->deleteBy('id_category', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'category' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('category'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_category', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'category' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $title = $val->validasi($_POST['title'], 'xss'); $seotitle = seo_title($title); $table = new PoTable('category'); $table->save(array('title' => $title, 'seotitle' => $seotitle)); header('location:../../admin.php?mod=' . $mod);
$tabledel->deleteBy('id_gallery', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } // Delete Album if ($mod == 'gallery' and $act == 'deletealbum') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('album'); $tabledel->deleteBy('id_album', $id); header('location:../../admin.php?mod=' . $mod . '&act=album'); } else { header('location:../../404.php'); } } elseif ($mod == 'gallery' and $act == 'inputgallery') { if ($currentRoleAccess->write_access == "Y") { $id_album = $val->validasi($_POST['id_album'], 'xss'); $title = $val->validasi($_POST['title'], 'xss'); if (!empty($_POST['picture'])) { $picture = $_POST['picture']; $table = new PoTable('gallery'); $table->save(array('id_album' => $id_album, 'title' => $title, 'picture' => $picture)); header('location:../../admin.php?mod=' . $mod); } else { $table = new PoTable('gallery');
$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('tag'); $tabledel->deleteBy('id_tag', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'tag' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('tag'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_tag', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'tag' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { if (empty($_POST['tag'])) { header('location:../../404.php'); } else { $post = $val->validasi($_POST['tag'], 'xss'); $pecah = explode(",", $post);
header('location:../../404.php'); } } elseif ($mod == 'user' and $act == 'deleteuserlevel') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('user_level'); $tabledel->deleteBy('id_level', $id); header('location:../../admin.php?mod=' . $mod . '&act=userlevel'); } else { header('location:../../404.php'); } } elseif ($mod == 'user' and $act == 'deleteuserrole') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('user_role'); $tabledel->deleteBy('id_role', $id); header('location:../../admin.php?mod=' . $mod . '&act=userrole'); } else { header('location:../../404.php'); } } elseif ($mod == 'user' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $username = $val->validasi($_POST['username'], 'xss'); $pass = md5($_POST[password]); $namalengkap = $val->validasi($_POST['nama_lengkap'], 'xss'); $email = $val->validasi($_POST['email'], 'xss'); $telp = $val->validasi($_POST['no_telp'], 'xss'); $level = $val->validasi($_POST['level'], 'xss'); $tableuser = new PoTable('users'); $users = $tableuser->findAll('id_user', 'ASC'); foreach ($users as $user) {
$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('siswa'); $tabledel->deleteBy('id_siswa', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'siswa' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('siswa'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_siswa', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'siswa' and $act == 'delimage') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $picture = ''; $data = array('picture' => $picture); $table = new PoTable('siswa'); $table->updateBy('id_siswa', $id, $data);
$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('contact'); $tabledel->deleteBy('id_contact', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'contact' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('contact'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_contact', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'contact' and $act == 'viewdata') { if ($currentRoleAccess->read_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $tablecontact = new PoTable('contact'); $currentContact = $tablecontact->findBy('id_contact', $id); $currentContact = $currentContact->current(); echo "{$currentContact->message_contact}";
$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('kelas'); $tabledel->deleteBy('id_kelas', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'kelas' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('kelas'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_kelas', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'kelas' and $act == 'delimage') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $picture = ''; $data = array('picture' => $picture); $table = new PoTable('kelas'); $table->updateBy('id_kelas', $id, $data);
$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('comment'); $tabledel->deleteBy('id_comment', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'comment' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('comment'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_comment', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'comment' and $act == 'approve') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $active = $val->validasi($_POST['active'], 'xss'); $data = array('active' => $active); $table = new PoTable('comment'); $table->updateBy('id_comment', $id, $data);
} else { $tabledel->deleteBy('id_post', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'post' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('post'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_post', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'post' and $act == 'delimage') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $picture = ''; $data = array('picture' => $picture); $table = new PoTable('post'); $table->updateBy('id_post', $id, $data);
$act = $_POST['act']; $tableroleaccess = new PoTable('user_role'); $currentRoleAccess = $tableroleaccess->findByAnd(id_level, $_SESSION['leveluser'], module, $mod); $currentRoleAccess = $currentRoleAccess->current(); // Hapus Theme if ($mod == 'theme' and $act == 'delete') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('theme'); $currentSearch = $tabledel->findBy(id_theme, $id); $currentSearch = $currentSearch->current(); $folder = $currentSearch->folder; $dirPath = "../../../po-content/{$folder}"; $deletef = deleteDir($dirPath); if ($deletef) { $tabledel->deleteBy('id_theme', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'theme' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $extensionList = array("zip"); $fileName = $_FILES['fupload']['name']; $tmpName = $_FILES['fupload']['tmp_name']; $fileType = $_FILES['fupload']['type']; $fileSize = $_FILES['fupload']['size']; $pecah = explode(".", $fileName);
$totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('media'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel = new PoTable('media'); $currentSearch = $tabledel->findBy(id_media, $id); $currentSearch = $currentSearch->current(); $picture = $currentSearch->file_name; $pecah = explode(".", $picture); $ekstensi = $pecah[1]; if ($ekstensi == 'jpg') { unlink("../../../po-content/po-upload/{$picture}"); unlink("../../../po-content/po-upload/medium-{$picture}"); $tabledel->deleteBy('id_media', $id); } else { unlink("../../../po-content/po-upload/{$picture}"); $tabledel->deleteBy('id_media', $id); } } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'library' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $extensionList = array("jpg", "png", "xls", "xlsx", "ppt", "pptx", "txt", "doc", "docx", "pdf", "psd");
$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('absen'); $tabledel->deleteBy('id_absen', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'absen' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('absen'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_absen', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'absen' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $idk = $val->validasi($_POST['idk'], 'xss'); $jam = $val->validasi($_POST['jam'], 'xss'); $_SESSION['idk'] = $idk; $_SESSION['jam'] = $jam; echo $_SESSION['idk'] . "<br>";
$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('pages'); $tabledel->deleteBy('id_pages', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'pages' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('pages'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_pages', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'pages' and $act == 'delimage') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $picture = ''; $data = array('picture' => $picture); $table = new PoTable('pages'); $table->updateBy('id_pages', $id, $data);
$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('guru'); $tabledel->deleteBy('id_guru', $id); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'guru' and $act == 'multidelete') { if ($currentRoleAccess->delete_access == "Y") { $totaldata = $val->validasi($_POST['totaldata'], 'xss'); if ($totaldata != "0") { $itemdel = $_POST['item']; $tabledel = new PoTable('guru'); foreach ($itemdel as $item) { $id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_guru', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'guru' and $act == 'delimage') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $picture = ''; $data = array('picture' => $picture); $table = new PoTable('guru'); $table->updateBy('id_guru', $id, $data);
<?php session_start(); if (empty($_SESSION['namauser']) and empty($_SESSION['passuser'])) { header('location:../../404.php'); } else { include_once '../../../po-library/po-database.php'; include_once '../../../po-library/po-function.php'; $val = new Povalidasi(); $mod = $_POST['mod']; $act = $_POST['act']; // Delete Event if ($mod == 'event' and $act == 'delete') { $id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('event'); $tabledel->deleteBy('id_event', $id); header('location:../../admin.php?mod=' . $mod); } elseif ($mod == 'event' and $act == 'input') { $title = $val->validasi($_POST['title'], 'xss'); $seotitle = seo_title($title); $start = $val->validasi($_POST['start'], 'xss'); $end = $val->validasi($_POST['end'], 'xss'); $allday = $val->validasi($_POST['allday'], 'xss'); $data = $_POST['content']; $data = stripslashes($data); $eutf = htmlspecialchars($data, ENT_QUOTES); $color = $val->validasi($_POST['color'], 'xss'); $table = new PoTable('event'); $table->save(array('title' => $title, 'startevt' => $start, 'endevt' => $end, 'allday' => $allday, 'content' => $eutf, 'seotitle' => $seotitle, 'color' => $color)); header('location:../../admin.php?mod=' . $mod); } elseif ($mod == 'event' and $act == 'update') {