Beispiel #1
0
                $table->updateBy('id_gallery', $id, $data);
                header('location:../../admin.php?mod=' . $mod);
            }
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'gallery' and $act == 'editalbum') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id'], 'sql');
            $title = $val->validasi($_POST['title'], 'xss');
            $seotitle = seo_title($title);
            $data = array('title' => $title, 'seotitle' => $seotitle);
            $table = new PoTable('album');
            $table->updateBy('id_album', $id, $data);
            header('location:../../admin.php?mod=' . $mod . '&act=album');
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'gallery' and $act == 'activealbum') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id'], 'sql');
            $active = $val->validasi($_POST['active'], 'xss');
            $data = array('active' => $active);
            $table = new PoTable('album');
            $table->updateBy('id_album', $id, $data);
            echo "{$active}";
        } else {
            echo "404 Not Found Access";
        }
    }
}
Beispiel #2
0
            header('location:../../404.php');
        }
    } elseif ($mod == 'user' and $act == 'edituserlevel') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id'], 'sql');
            $title = $val->validasi($_POST['title'], 'xss');
            $data = array('level' => $title);
            $table = new PoTable('user_level');
            $table->updateBy('id_level', $id, $data);
            header('location:../../admin.php?mod=' . $mod . '&act=userlevel');
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'user' and $act == 'edituserrole') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id'], 'sql');
            $title = $val->validasi($_POST['title'], 'xss');
            $level = $val->validasi($_POST['level'], 'xss');
            $read_access = $val->validasi($_POST['read_access'], 'xss');
            $write_access = $val->validasi($_POST['write_access'], 'xss');
            $modify_access = $val->validasi($_POST['modify_access'], 'xss');
            $delete_access = $val->validasi($_POST['delete_access'], 'xss');
            $data = array('id_level' => $level, 'module' => $title, 'read_access' => $read_access, 'write_access' => $write_access, 'modify_access' => $modify_access, 'delete_access' => $delete_access);
            $table = new PoTable('user_role');
            $table->updateBy('id_role', $id, $data);
            header('location:../../admin.php?mod=' . $mod . '&act=userrole');
        } else {
            header('location:../../404.php');
        }
    }
}
Beispiel #3
0
            } else {
                header('location:../../404.php');
            }
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'category' and $act == 'input') {
        if ($currentRoleAccess->write_access == "Y") {
            $title = $val->validasi($_POST['title'], 'xss');
            $seotitle = seo_title($title);
            $table = new PoTable('category');
            $table->save(array('title' => $title, 'seotitle' => $seotitle));
            header('location:../../admin.php?mod=' . $mod);
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'category' and $act == 'update') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id'], 'sql');
            $title = $val->validasi($_POST['title'], 'xss');
            $seotitle = seo_title($title);
            $active = $val->validasi($_POST['active'], 'xss');
            $data = array('title' => $title, 'seotitle' => $seotitle, 'active' => $active);
            $table = new PoTable('category');
            $table->updateBy('id_category', $id, $data);
            header('location:../../admin.php?mod=' . $mod);
        } else {
            header('location:../../404.php');
        }
    }
}
Beispiel #4
0
     if ($currentRoleAccess->read_access == "Y") {
         $id = $val->validasi($_POST['id'], 'sql');
         $tablecontact = new PoTable('contact');
         $currentContact = $tablecontact->findBy('id_contact', $id);
         $currentContact = $currentContact->current();
         echo "{$currentContact->message_contact}";
     } else {
         echo "404 Not Found Access";
     }
 } elseif ($mod == 'contact' and $act == 'readdata') {
     if ($currentRoleAccess->modify_access == "Y") {
         $id = $val->validasi($_POST['id'], 'sql');
         $status = "Y";
         $data = array('status' => $status);
         $table = new PoTable('contact');
         $table->updateBy('id_contact', $id, $data);
     } else {
         echo "404 Not Found Access";
     }
 } elseif ($mod == 'contact' and $act == 'reply') {
     if ($currentRoleAccess->write_access == "Y") {
         $name_contact = $val->validasi($_POST['name_contact'], 'xss');
         $email_contact = $val->validasi($_POST['email_contact'], 'xss');
         $subject_contact = $val->validasi($_POST['subjek_contact'], 'xss');
         $message_contact = $val->validasi($_POST['message_contact'], 'xss');
         $tableset = new PoTable('setting');
         $currentSet = $tableset->findBy(id_setting, '1');
         $currentSet = $currentSet->current();
         $website_name = $currentSet->website_name;
         $website_url = $currentSet->website_url;
         $website_email = $currentSet->website_email;
Beispiel #5
0
<?php

session_start();
if (empty($_SESSION['namauser']) and empty($_SESSION['passuser'])) {
    header('location:../../../404.php');
} else {
    include_once '../../../../po-library/po-database.php';
    include_once '../../../../po-library/po-function.php';
    $val = new Povalidasi();
    $fb_type = $_POST['fbtype'];
    if ($fb_type == "user") {
        $oauth_id = $_POST['fbid'];
        $oauth_user = $_POST['fbusername'];
        $oauth_token1 = $_POST['fbtoken'];
        $oauth_fbtype = $_POST['fbtype'];
        $data = array('oauth_id' => $oauth_id, 'oauth_user' => $oauth_user, 'oauth_token1' => $oauth_token1, 'oauth_fbtype' => $oauth_fbtype);
        $table = new PoTable('oauth');
        $table->updateBy('id_oauth', '1', $data);
    } else {
        $oauth_id = $_POST['fbpagesid'];
        $oauth_user = $_POST['fbpagesname'];
        $oauth_token1 = $_POST['fbtoken'];
        $oauth_fbtype = $_POST['fbtype'];
        $data = array('oauth_id' => $oauth_id, 'oauth_user' => $oauth_user, 'oauth_token1' => $oauth_token1, 'oauth_fbtype' => $oauth_fbtype);
        $table = new PoTable('oauth');
        $table->updateBy('id_oauth', '1', $data);
    }
    header('location:../../../admin.php?mod=setting');
}
Beispiel #6
0
     if ($currentRoleAccess->read_access == "Y") {
         $id = $val->validasi($_POST['id'], 'sql');
         $tablecomment = new PoTable('comment');
         $currentComment = $tablecomment->findBy('id_comment', $id);
         $currentComment = $currentComment->current();
         echo "{$currentComment->comment}";
     } else {
         echo "404 Not Found Access";
     }
 } elseif ($mod == 'comment' and $act == 'readdata') {
     if ($currentRoleAccess->modify_access == "Y") {
         $id = $val->validasi($_POST['id'], 'sql');
         $status = "Y";
         $data = array('status' => $status);
         $table = new PoTable('comment');
         $table->updateBy('id_comment', $id, $data);
     } else {
         echo "404 Not Found Access";
     }
 } elseif ($mod == 'comment' and $act == 'setting1') {
     if ($currentRoleAccess->modify_access == "Y") {
         $dbhostsql = DATABASE_HOST;
         $dbusersql = DATABASE_USER;
         $dbpasswordsql = DATABASE_PASS;
         $dbnamesql = DATABASE_NAME;
         $connection = mysqli_connect($dbhostsql, $dbusersql, $dbpasswordsql, $dbnamesql) or die(mysqli_connect_error());
         //mysqli_select_db($dbnamesql, $connection) or die(mysqli_error());
         mysqli_query("ALTER TABLE comment ALTER COLUMN active SET DEFAULT 'Y'");
         header('location:../../admin.php?mod=' . $mod);
     } else {
         header('location:../../404.php');
Beispiel #7
0
            $ibu = $_POST['ibu'];
            $p_ibu = $_POST['p_ibu'];
            $pass = $_POST['pass'];
            $table->save(array('id_siswa' => '', 'nis' => $nis, 'nama' => $nama_siswa, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'tlp' => $tlp, 'ayah' => $ayah, 'p_ayah' => $p_ayah, 'ibu' => $ibu, 'p_ibu' => $p_ibu, 'pass' => $pass));
            header('location:../../admin.php?mod=' . $mod);
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'siswa' and $act == 'update') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id_siswa'], 'sql');
            $nis = $_POST['nis'];
            $nama_siswa = $_POST['nama'];
            $jk = $_POST['jk'];
            $alamat = $_POST['alamat'];
            $idk = $_POST['idk'];
            $tlp = $_POST['tlp'];
            $ayah = $_POST['ayah'];
            $p_ayah = $_POST['p_ayah'];
            $ibu = $_POST['ibu'];
            $p_ibu = $_POST['p_ibu'];
            $pass = $_POST['pass'];
            $data = array('id_siswa' => $id, 'nis' => $nis, 'nama' => $nama_siswa, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'tlp' => $tlp, 'ayah' => $ayah, 'p_ayah' => $p_ayah, 'ibu' => $ibu, 'p_ibu' => $p_ibu, 'pass' => $pass);
            $table = new PoTable('siswa');
            $table->updateBy('id_siswa', $id, $data);
            header('location:../../admin.php?mod=' . $mod);
        } else {
            header('location:../../404.php');
        }
    }
}
Beispiel #8
0
     }
 } elseif ($mod == 'theme' and $act == 'active') {
     if ($currentRoleAccess->modify_access == "Y") {
         $id = $val->validasi($_POST['id'], 'sql');
         $active = $val->validasi($_POST['active'], 'xss');
         $tableS = new PoTable('theme');
         $currentSearch = $tableS->findBy(active, 'Y');
         $currentSearch = $currentSearch->current();
         $id_theme = $currentSearch->id_theme;
         $actives = 'N';
         $datas = array('active' => $actives);
         $table = new PoTable('theme');
         $table->updateBy('id_theme', $id_theme, $datas);
         $data = array('active' => $active);
         $table = new PoTable('theme');
         $table->updateBy('id_theme', $id, $data);
         header('location:../../admin.php?mod=' . $mod);
     } else {
         header('location:../../404.php');
     }
 } elseif ($mod == 'theme' and $act == 'edit') {
     if ($currentRoleAccess->modify_access == "Y") {
         $folder = $val->validasi($_POST['folder'], 'xss');
         $valid = $val->validasi($_POST['file'], 'xss');
         $filename = "../../../po-content/{$folder}/{$valid}";
         if (file_exists("{$filename}")) {
             $data = $_POST['code_content'];
             $data = str_replace("textareapopojicms", "textarea", $data);
             $newdata = stripslashes($data);
             if ($newdata != '') {
                 $fw = fopen($filename, 'w') or die('Could not open file!');
Beispiel #9
0
            $picture = '';
            $data = array('picture' => $picture);
            $table = new PoTable('kelas');
            $table->updateBy('id_kelas', $id, $data);
        } else {
            echo "404 Not Found Access";
        }
    } elseif ($mod == 'kelas' and $act == 'input') {
        if ($currentRoleAccess->write_access == "Y") {
            $kelas = $val->validasi($_POST['kelas'], 'xss');
            $table = new PoTable('kelas');
            $nama_kelas = $_POST['nama'];
            $table->save(array('id_kelas' => '', 'nama' => $nama_kelas, 'kelas' => $kelas));
            header('location:../../admin.php?mod=' . $mod);
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'kelas' and $act == 'update') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id'], 'sql');
            $kelas = $val->validasi($_POST['kelas'], 'xss');
            $nama = $val->validasi($_POST['nama'], 'xss');
            $data = array('id_kelas' => $id, 'nama' => $nama, 'kelas' => $kelas);
            $table = new PoTable('kelas');
            $table->updateBy('id_kelas', $id, $data);
            header('location:../../admin.php?mod=' . $mod);
        } else {
            header('location:../../404.php');
        }
    }
}
Beispiel #10
0
            }
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'absen' and $act == 'input') {
        if ($currentRoleAccess->write_access == "Y") {
            $idk = $val->validasi($_POST['idk'], 'xss');
            $jam = $val->validasi($_POST['jam'], 'xss');
            $_SESSION['idk'] = $idk;
            $_SESSION['jam'] = $jam;
            echo $_SESSION['idk'] . "<br>";
            echo $_SESSION['jam'] . "<br>";
            header('location:../../admin.php?mod=' . $mod . '&act=addnew');
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'absen' and $act == 'update') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id'], 'sql');
            $title = $val->validasi($_POST['title'], 'xss');
            $seotitle = seo_title($title);
            $active = $val->validasi($_POST['active'], 'xss');
            $data = array('title' => $title, 'seotitle' => $seotitle, 'active' => $active);
            $table = new PoTable('absen');
            $table->updateBy('id_absen', $id, $data);
            header('location:../../admin.php?mod=' . $mod);
        } else {
            header('location:../../404.php');
        }
    }
}
Beispiel #11
0
            $website_url = $currentSet->website_url;
            $website_email = $currentSet->website_email;
            $tablesubs = new PoTable('subscribe');
            $subs = $tablesubs->findAll(id_subscribe, ASC);
            foreach ($subs as $sub) {
                $emailto = $sub->email;
                $to = "{$emailto}";
                $from = "{$website_name} <{$website_email}>";
                $subject = "News Update - {$titlesub}";
                $message = "<html>\n\t\t\t\t\t\t<body>\n\t\t\t\t\t\t\tHi {$sub->email}<br />\n\t\t\t\t\t\t\tWe have the latest updates for you!<br />\n\t\t\t\t\t\t\tPlease click on the link below to begin reading :<br />\n\t\t\t\t\t\t\t<a href='{$website_url}/detailpost/{$seotitlesub}'>{$titlesub}</a><br /><br />\n\t\t\t\t\t\t\tThank you for subscribing,<br />\n\t\t\t\t\t\t\t{$website_name}\n\t\t\t\t\t\t</body>\n\t\t\t\t\t</html>";
                $headers = "MIME-Version: 1.0" . "\r\n";
                $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
                $headers .= "From: " . $from . "\r\n";
                mail($to, $subject, $message, $headers);
            }
            header('location:../../admin.php?mod=' . $mod);
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'post' and $act == 'setheadline') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id'], 'sql');
            $headline = $val->validasi($_POST['headline'], 'xss');
            $data = array('headline' => $headline);
            $table = new PoTable('post');
            $table->updateBy('id_post', $id, $data);
        } else {
            echo "404 Not Found Access";
        }
    }
}
Beispiel #12
0
function anti_injection($data)
{
    $filter = stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)));
    return $filter;
}
$emailforgot = anti_injection($_POST['email']);
if (!preg_match("/^([0-9a-zA-Z]+[-._+&amp;])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}\$/", $emailforgot)) {
    header('location:404.php');
} else {
    $table = new PoTable('users');
    $currentUser = $table->findBy(email, $emailforgot);
    $currentUser = $currentUser->current();
    if ($currentUser > 0) {
        $forgotkey = md5(microtime() . $_SERVER['REMOTE_ADDR'] . '#$&^%$#' . mt_rand());
        $data = array('forget_key' => $forgotkey);
        $table->updateBy('email', $emailforgot, $data);
        $tableset = new PoTable('setting');
        $currentSet = $tableset->findBy(id_setting, '1');
        $currentSet = $currentSet->current();
        $website_name = $currentSet->website_name;
        $website_url = $currentSet->website_url;
        $website_email = $currentSet->website_email;
        $username = $currentUser->username;
        $nama_lengkap = $currentUser->nama_lengkap;
        $to = "{$nama_lengkap} <{$emailforgot}>";
        $from = "{$website_name} <{$website_email}>";
        $subject = "Forgot Password For {$website_name}";
        $message = "<html>\r\n\t\t\t\t<body>\r\n\t\t\t\t\tIndonesia :<br />\r\n\t\t\t\t\t-----------<br />\r\n\t\t\t\t\tHi {$nama_lengkap},<br />\r\n\t\t\t\t\tJika anda tidak pernah meminta pesan informasi tentang lupa password di {$website_name}, silahkan untuk menghiraukan email ini.<br />\r\n\t\t\t\t\tTetapi jika anda memang yang meminta pesan informasi ini, maka silahkan untuk mengklik tautan (link) di bawah ini :<br /><br />\r\n\t\t\t\t\t<a href=\"{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}\" title=\"Recover Password\">{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}</a><br /><br />\r\n\t\t\t\t\tKemudian secara otomatis setelah anda mengklik tautan (link) di atas, password anda akan diganti menjadi password default yaitu : <b>123456</b>.<br />\r\n\t\t\t\t\tSilahkan untuk login dengan password tersebut kemudian ganti password default ini dengan password yang lebih aman.<br /><br />\r\n\t\t\t\t\tSalam hangat,<br />\r\n\t\t\t\t\t{$website_name}.<br /><br /><br />\r\n\t\t\t\t\tEnglish :<br />\r\n\t\t\t\t\t-----------<br />\r\n\t\t\t\t\tHi {$nama_lengkap},<br />\r\n\t\t\t\t\tIf you have never requested message information about forgotten password in {$website_name}, please to ignore this email.<br />\r\n\t\t\t\t\tBut if you really are asking for messages of this information, then please to click on a link below :<br /><br />\r\n\t\t\t\t\t<a href=\"{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}\" title=\"Recover Password\">{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}</a><br /><br />\r\n\t\t\t\t\tThen automatically after you click a link above, your password will be changed to the default password is : <b>123456</b>.<br />\r\n\t\t\t\t\tPlease to log in with the password and then change the default password to a more secure password.<br /><br />\r\n\t\t\t\t\tWarm regards,<br />\r\n\t\t\t\t\t{$website_name}.\r\n\t\t\t\t</body>\r\n\t\t\t</html>";
        $headers = "MIME-Version: 1.0" . "\r\n";
        $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
        $headers .= "From: " . $from . "\r\n";
Beispiel #13
0
        }
    } elseif ($mod == 'pages' and $act == 'update') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id'], 'sql');
            $title = $val->validasi($_POST['title'], 'xss');
            if ($_POST['seotitle'] != "") {
                $seotitle = $_POST['seotitle'];
            } else {
                $seotitle = seo_title($title);
            }
            $data = $_POST['content'];
            $data = stripslashes($data);
            $eutf = htmlspecialchars($data, ENT_QUOTES);
            $active = $val->validasi($_POST['active'], 'xss');
            if (!empty($_POST['picture'])) {
                $picture = $_POST['picture'];
                $data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'picture' => $picture, 'active' => $active);
                $table = new PoTable('pages');
                $table->updateBy('id_pages', $id, $data);
                header('location:../../admin.php?mod=' . $mod);
            } else {
                $data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'active' => $active);
                $table = new PoTable('pages');
                $table->updateBy('id_pages', $id, $data);
                header('location:../../admin.php?mod=' . $mod);
            }
        } else {
            header('location:../../404.php');
        }
    }
}
Beispiel #14
0
            $nama_guru = $_POST['nama'];
            $jk = $_POST['jk'];
            $alamat = $_POST['alamat'];
            $idk = $_POST['idk'];
            $pass = $_POST['pass'];
            $table->save(array('id_guru' => '', 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass));
            header('location:../../admin.php?mod=' . $mod);
        } else {
            header('location:../../404.php');
        }
    } elseif ($mod == 'guru' and $act == 'update') {
        if ($currentRoleAccess->modify_access == "Y") {
            $id = $val->validasi($_POST['id_guru'], 'sql');
            $nip = $_POST['nip'];
            $nama_guru = $_POST['nama'];
            $jk = $_POST['jk'];
            $alamat = $_POST['alamat'];
            $idk = $_POST['idk'];
            $pass = $_POST['pass'];
            $data = array('id_guru' => $id, 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass);
            $table = new PoTable('guru');
            $table->updateBy('id_guru', $id, $data);
            header('location:../../admin.php?mod=' . $mod);
            // echo $id." ".$nip." ".$nama_guru;
        } else {
            echo "gagal";
        }
    } else {
        header('location:../../404.php');
    }
}
     $data = stripslashes($data);
     $eutf = htmlspecialchars($data, ENT_QUOTES);
     $color = $val->validasi($_POST['color'], 'xss');
     $active = $val->validasi($_POST['active'], 'xss');
     $data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'color' => $color, 'active' => $active);
     $table = new PoTable('event');
     $table->updateBy('id_event', $id, $data);
     header('location:../../admin.php?mod=' . $mod);
 } elseif ($mod == 'event' and $act == 'updatedrag') {
     $id = $val->validasi($_POST['id'], 'sql');
     $start = $val->validasi($_POST['start'], 'xss');
     $end = $val->validasi($_POST['end'], 'xss');
     $allday = 'true';
     $data = array('startevt' => $start, 'endevt' => $end, 'allday' => $allday);
     $table = new PoTable('event');
     $table->updateBy('id_event', $id, $data);
     header('location:../../admin.php?mod=' . $mod);
 } elseif ($mod == 'event' and $act == 'uploadgroupevent') {
     $filename = $_FILES['eventfile']['tmp_name'];
     $color = $val->validasi($_POST['color'], 'xss');
     /*
      * Upload facebook group event
      */
     for ($i = 1; $i <= 12; $i++) {
         /*
          * Get event month
          * Locale : EN
          */
         $monthlong[$i] = date("F", mktime(0, 0, 0, $i + 1, 0, 0, 0));
         $monthshort[$i] = date("M", mktime(0, 0, 0, $i + 1, 0, 0, 0));
     }
Beispiel #16
0
    echo $currentUser->locktype;
} elseif ($mod == 'login' and $act == 'proclogin') {
    $username = anti_injection($_POST['username']);
    $pass = anti_injection(md5($_POST['password']));
    if (!ctype_alnum($username) or !ctype_alnum($pass)) {
        header('location:index.php?errormsg=1');
    } else {
        $table = new PoTable('users');
        $currentUser = $table->findByLogin(username, $username, password, $pass, blokir, "N");
        $currentUser = $currentUser->current();
        if ($currentUser > 0) {
            session_start();
            include_once "timeout.php";
            $_SESSION['iduser'] = $currentUser->id_user;
            $_SESSION['namauser'] = $currentUser->username;
            $_SESSION['namalengkap'] = $currentUser->nama_lengkap;
            $_SESSION['passuser'] = $currentUser->password;
            $_SESSION['leveluser'] = $currentUser->level;
            $_SESSION['login'] = 1;
            timer();
            $sid_lama = session_id();
            session_regenerate_id();
            $sid_baru = session_id();
            $sesi = array('id_session' => $sid_baru);
            $table->updateBy('username', $username, $sesi);
            header('location:admin.php?mod=home');
        } else {
            header('location:index.php?errormsg=2');
        }
    }
}