$table->updateBy('id_gallery', $id, $data);
header('location:../../admin.php?mod=' . $mod);
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'gallery' and $act == 'editalbum') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
$seotitle = seo_title($title);
$data = array('title' => $title, 'seotitle' => $seotitle);
$table = new PoTable('album');
$table->updateBy('id_album', $id, $data);
header('location:../../admin.php?mod=' . $mod . '&act=album');
} else {
header('location:../../404.php');
}
} elseif ($mod == 'gallery' and $act == 'activealbum') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$active = $val->validasi($_POST['active'], 'xss');
$data = array('active' => $active);
$table = new PoTable('album');
$table->updateBy('id_album', $id, $data);
echo "{$active}";
} else {
echo "404 Not Found Access";
}
}
}
header('location:../../404.php');
}
} elseif ($mod == 'user' and $act == 'edituserlevel') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
$data = array('level' => $title);
$table = new PoTable('user_level');
$table->updateBy('id_level', $id, $data);
header('location:../../admin.php?mod=' . $mod . '&act=userlevel');
} else {
header('location:../../404.php');
}
} elseif ($mod == 'user' and $act == 'edituserrole') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
$level = $val->validasi($_POST['level'], 'xss');
$read_access = $val->validasi($_POST['read_access'], 'xss');
$write_access = $val->validasi($_POST['write_access'], 'xss');
$modify_access = $val->validasi($_POST['modify_access'], 'xss');
$delete_access = $val->validasi($_POST['delete_access'], 'xss');
$data = array('id_level' => $level, 'module' => $title, 'read_access' => $read_access, 'write_access' => $write_access, 'modify_access' => $modify_access, 'delete_access' => $delete_access);
$table = new PoTable('user_role');
$table->updateBy('id_role', $id, $data);
header('location:../../admin.php?mod=' . $mod . '&act=userrole');
} else {
header('location:../../404.php');
}
}
}
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'category' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$title = $val->validasi($_POST['title'], 'xss');
$seotitle = seo_title($title);
$table = new PoTable('category');
$table->save(array('title' => $title, 'seotitle' => $seotitle));
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'category' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
$seotitle = seo_title($title);
$active = $val->validasi($_POST['active'], 'xss');
$data = array('title' => $title, 'seotitle' => $seotitle, 'active' => $active);
$table = new PoTable('category');
$table->updateBy('id_category', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
}
}
if ($currentRoleAccess->read_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$tablecontact = new PoTable('contact');
$currentContact = $tablecontact->findBy('id_contact', $id);
$currentContact = $currentContact->current();
echo "{$currentContact->message_contact}";
} else {
echo "404 Not Found Access";
}
} elseif ($mod == 'contact' and $act == 'readdata') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$status = "Y";
$data = array('status' => $status);
$table = new PoTable('contact');
$table->updateBy('id_contact', $id, $data);
} else {
echo "404 Not Found Access";
}
} elseif ($mod == 'contact' and $act == 'reply') {
if ($currentRoleAccess->write_access == "Y") {
$name_contact = $val->validasi($_POST['name_contact'], 'xss');
$email_contact = $val->validasi($_POST['email_contact'], 'xss');
$subject_contact = $val->validasi($_POST['subjek_contact'], 'xss');
$message_contact = $val->validasi($_POST['message_contact'], 'xss');
$tableset = new PoTable('setting');
$currentSet = $tableset->findBy(id_setting, '1');
$currentSet = $currentSet->current();
$website_name = $currentSet->website_name;
$website_url = $currentSet->website_url;
$website_email = $currentSet->website_email;
<?php
session_start();
if (empty($_SESSION['namauser']) and empty($_SESSION['passuser'])) {
header('location:../../../404.php');
} else {
include_once '../../../../po-library/po-database.php';
include_once '../../../../po-library/po-function.php';
$val = new Povalidasi();
$fb_type = $_POST['fbtype'];
if ($fb_type == "user") {
$oauth_id = $_POST['fbid'];
$oauth_user = $_POST['fbusername'];
$oauth_token1 = $_POST['fbtoken'];
$oauth_fbtype = $_POST['fbtype'];
$data = array('oauth_id' => $oauth_id, 'oauth_user' => $oauth_user, 'oauth_token1' => $oauth_token1, 'oauth_fbtype' => $oauth_fbtype);
$table = new PoTable('oauth');
$table->updateBy('id_oauth', '1', $data);
} else {
$oauth_id = $_POST['fbpagesid'];
$oauth_user = $_POST['fbpagesname'];
$oauth_token1 = $_POST['fbtoken'];
$oauth_fbtype = $_POST['fbtype'];
$data = array('oauth_id' => $oauth_id, 'oauth_user' => $oauth_user, 'oauth_token1' => $oauth_token1, 'oauth_fbtype' => $oauth_fbtype);
$table = new PoTable('oauth');
$table->updateBy('id_oauth', '1', $data);
}
header('location:../../../admin.php?mod=setting');
}
if ($currentRoleAccess->read_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$tablecomment = new PoTable('comment');
$currentComment = $tablecomment->findBy('id_comment', $id);
$currentComment = $currentComment->current();
echo "{$currentComment->comment}";
} else {
echo "404 Not Found Access";
}
} elseif ($mod == 'comment' and $act == 'readdata') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$status = "Y";
$data = array('status' => $status);
$table = new PoTable('comment');
$table->updateBy('id_comment', $id, $data);
} else {
echo "404 Not Found Access";
}
} elseif ($mod == 'comment' and $act == 'setting1') {
if ($currentRoleAccess->modify_access == "Y") {
$dbhostsql = DATABASE_HOST;
$dbusersql = DATABASE_USER;
$dbpasswordsql = DATABASE_PASS;
$dbnamesql = DATABASE_NAME;
$connection = mysqli_connect($dbhostsql, $dbusersql, $dbpasswordsql, $dbnamesql) or die(mysqli_connect_error());
//mysqli_select_db($dbnamesql, $connection) or die(mysqli_error());
mysqli_query("ALTER TABLE comment ALTER COLUMN active SET DEFAULT 'Y'");
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
$ibu = $_POST['ibu'];
$p_ibu = $_POST['p_ibu'];
$pass = $_POST['pass'];
$table->save(array('id_siswa' => '', 'nis' => $nis, 'nama' => $nama_siswa, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'tlp' => $tlp, 'ayah' => $ayah, 'p_ayah' => $p_ayah, 'ibu' => $ibu, 'p_ibu' => $p_ibu, 'pass' => $pass));
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'siswa' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id_siswa'], 'sql');
$nis = $_POST['nis'];
$nama_siswa = $_POST['nama'];
$jk = $_POST['jk'];
$alamat = $_POST['alamat'];
$idk = $_POST['idk'];
$tlp = $_POST['tlp'];
$ayah = $_POST['ayah'];
$p_ayah = $_POST['p_ayah'];
$ibu = $_POST['ibu'];
$p_ibu = $_POST['p_ibu'];
$pass = $_POST['pass'];
$data = array('id_siswa' => $id, 'nis' => $nis, 'nama' => $nama_siswa, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'tlp' => $tlp, 'ayah' => $ayah, 'p_ayah' => $p_ayah, 'ibu' => $ibu, 'p_ibu' => $p_ibu, 'pass' => $pass);
$table = new PoTable('siswa');
$table->updateBy('id_siswa', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
}
}
}
} elseif ($mod == 'theme' and $act == 'active') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$active = $val->validasi($_POST['active'], 'xss');
$tableS = new PoTable('theme');
$currentSearch = $tableS->findBy(active, 'Y');
$currentSearch = $currentSearch->current();
$id_theme = $currentSearch->id_theme;
$actives = 'N';
$datas = array('active' => $actives);
$table = new PoTable('theme');
$table->updateBy('id_theme', $id_theme, $datas);
$data = array('active' => $active);
$table = new PoTable('theme');
$table->updateBy('id_theme', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'theme' and $act == 'edit') {
if ($currentRoleAccess->modify_access == "Y") {
$folder = $val->validasi($_POST['folder'], 'xss');
$valid = $val->validasi($_POST['file'], 'xss');
$filename = "../../../po-content/{$folder}/{$valid}";
if (file_exists("{$filename}")) {
$data = $_POST['code_content'];
$data = str_replace("textareapopojicms", "textarea", $data);
$newdata = stripslashes($data);
if ($newdata != '') {
$fw = fopen($filename, 'w') or die('Could not open file!');
$picture = '';
$data = array('picture' => $picture);
$table = new PoTable('kelas');
$table->updateBy('id_kelas', $id, $data);
} else {
echo "404 Not Found Access";
}
} elseif ($mod == 'kelas' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$kelas = $val->validasi($_POST['kelas'], 'xss');
$table = new PoTable('kelas');
$nama_kelas = $_POST['nama'];
$table->save(array('id_kelas' => '', 'nama' => $nama_kelas, 'kelas' => $kelas));
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'kelas' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$kelas = $val->validasi($_POST['kelas'], 'xss');
$nama = $val->validasi($_POST['nama'], 'xss');
$data = array('id_kelas' => $id, 'nama' => $nama, 'kelas' => $kelas);
$table = new PoTable('kelas');
$table->updateBy('id_kelas', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
}
}
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'absen' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$idk = $val->validasi($_POST['idk'], 'xss');
$jam = $val->validasi($_POST['jam'], 'xss');
$_SESSION['idk'] = $idk;
$_SESSION['jam'] = $jam;
echo $_SESSION['idk'] . "<br>";
echo $_SESSION['jam'] . "<br>";
header('location:../../admin.php?mod=' . $mod . '&act=addnew');
} else {
header('location:../../404.php');
}
} elseif ($mod == 'absen' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
$seotitle = seo_title($title);
$active = $val->validasi($_POST['active'], 'xss');
$data = array('title' => $title, 'seotitle' => $seotitle, 'active' => $active);
$table = new PoTable('absen');
$table->updateBy('id_absen', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
}
}
$website_url = $currentSet->website_url;
$website_email = $currentSet->website_email;
$tablesubs = new PoTable('subscribe');
$subs = $tablesubs->findAll(id_subscribe, ASC);
foreach ($subs as $sub) {
$emailto = $sub->email;
$to = "{$emailto}";
$from = "{$website_name} <{$website_email}>";
$subject = "News Update - {$titlesub}";
$message = "<html>\n\t\t\t\t\t\t<body>\n\t\t\t\t\t\t\tHi {$sub->email}<br />\n\t\t\t\t\t\t\tWe have the latest updates for you!<br />\n\t\t\t\t\t\t\tPlease click on the link below to begin reading :<br />\n\t\t\t\t\t\t\t<a href='{$website_url}/detailpost/{$seotitlesub}'>{$titlesub}</a><br /><br />\n\t\t\t\t\t\t\tThank you for subscribing,<br />\n\t\t\t\t\t\t\t{$website_name}\n\t\t\t\t\t\t</body>\n\t\t\t\t\t</html>";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
$headers .= "From: " . $from . "\r\n";
mail($to, $subject, $message, $headers);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'post' and $act == 'setheadline') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$headline = $val->validasi($_POST['headline'], 'xss');
$data = array('headline' => $headline);
$table = new PoTable('post');
$table->updateBy('id_post', $id, $data);
} else {
echo "404 Not Found Access";
}
}
}
function anti_injection($data)
{
$filter = stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)));
return $filter;
}
$emailforgot = anti_injection($_POST['email']);
if (!preg_match("/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}\$/", $emailforgot)) {
header('location:404.php');
} else {
$table = new PoTable('users');
$currentUser = $table->findBy(email, $emailforgot);
$currentUser = $currentUser->current();
if ($currentUser > 0) {
$forgotkey = md5(microtime() . $_SERVER['REMOTE_ADDR'] . '#$&^%$#' . mt_rand());
$data = array('forget_key' => $forgotkey);
$table->updateBy('email', $emailforgot, $data);
$tableset = new PoTable('setting');
$currentSet = $tableset->findBy(id_setting, '1');
$currentSet = $currentSet->current();
$website_name = $currentSet->website_name;
$website_url = $currentSet->website_url;
$website_email = $currentSet->website_email;
$username = $currentUser->username;
$nama_lengkap = $currentUser->nama_lengkap;
$to = "{$nama_lengkap} <{$emailforgot}>";
$from = "{$website_name} <{$website_email}>";
$subject = "Forgot Password For {$website_name}";
$message = "<html>\r\n\t\t\t\t<body>\r\n\t\t\t\t\tIndonesia :<br />\r\n\t\t\t\t\t-----------<br />\r\n\t\t\t\t\tHi {$nama_lengkap},<br />\r\n\t\t\t\t\tJika anda tidak pernah meminta pesan informasi tentang lupa password di {$website_name}, silahkan untuk menghiraukan email ini.<br />\r\n\t\t\t\t\tTetapi jika anda memang yang meminta pesan informasi ini, maka silahkan untuk mengklik tautan (link) di bawah ini :<br /><br />\r\n\t\t\t\t\t<a href=\"{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}\" title=\"Recover Password\">{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}</a><br /><br />\r\n\t\t\t\t\tKemudian secara otomatis setelah anda mengklik tautan (link) di atas, password anda akan diganti menjadi password default yaitu : <b>123456</b>.<br />\r\n\t\t\t\t\tSilahkan untuk login dengan password tersebut kemudian ganti password default ini dengan password yang lebih aman.<br /><br />\r\n\t\t\t\t\tSalam hangat,<br />\r\n\t\t\t\t\t{$website_name}.<br /><br /><br />\r\n\t\t\t\t\tEnglish :<br />\r\n\t\t\t\t\t-----------<br />\r\n\t\t\t\t\tHi {$nama_lengkap},<br />\r\n\t\t\t\t\tIf you have never requested message information about forgotten password in {$website_name}, please to ignore this email.<br />\r\n\t\t\t\t\tBut if you really are asking for messages of this information, then please to click on a link below :<br /><br />\r\n\t\t\t\t\t<a href=\"{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}\" title=\"Recover Password\">{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}</a><br /><br />\r\n\t\t\t\t\tThen automatically after you click a link above, your password will be changed to the default password is : <b>123456</b>.<br />\r\n\t\t\t\t\tPlease to log in with the password and then change the default password to a more secure password.<br /><br />\r\n\t\t\t\t\tWarm regards,<br />\r\n\t\t\t\t\t{$website_name}.\r\n\t\t\t\t</body>\r\n\t\t\t</html>";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
$headers .= "From: " . $from . "\r\n";
}
} elseif ($mod == 'pages' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
if ($_POST['seotitle'] != "") {
$seotitle = $_POST['seotitle'];
} else {
$seotitle = seo_title($title);
}
$data = $_POST['content'];
$data = stripslashes($data);
$eutf = htmlspecialchars($data, ENT_QUOTES);
$active = $val->validasi($_POST['active'], 'xss');
if (!empty($_POST['picture'])) {
$picture = $_POST['picture'];
$data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'picture' => $picture, 'active' => $active);
$table = new PoTable('pages');
$table->updateBy('id_pages', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} else {
$data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'active' => $active);
$table = new PoTable('pages');
$table->updateBy('id_pages', $id, $data);
header('location:../../admin.php?mod=' . $mod);
}
} else {
header('location:../../404.php');
}
}
}
$nama_guru = $_POST['nama'];
$jk = $_POST['jk'];
$alamat = $_POST['alamat'];
$idk = $_POST['idk'];
$pass = $_POST['pass'];
$table->save(array('id_guru' => '', 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass));
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'guru' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id_guru'], 'sql');
$nip = $_POST['nip'];
$nama_guru = $_POST['nama'];
$jk = $_POST['jk'];
$alamat = $_POST['alamat'];
$idk = $_POST['idk'];
$pass = $_POST['pass'];
$data = array('id_guru' => $id, 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass);
$table = new PoTable('guru');
$table->updateBy('id_guru', $id, $data);
header('location:../../admin.php?mod=' . $mod);
// echo $id." ".$nip." ".$nama_guru;
} else {
echo "gagal";
}
} else {
header('location:../../404.php');
}
}
$data = stripslashes($data);
$eutf = htmlspecialchars($data, ENT_QUOTES);
$color = $val->validasi($_POST['color'], 'xss');
$active = $val->validasi($_POST['active'], 'xss');
$data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'color' => $color, 'active' => $active);
$table = new PoTable('event');
$table->updateBy('id_event', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} elseif ($mod == 'event' and $act == 'updatedrag') {
$id = $val->validasi($_POST['id'], 'sql');
$start = $val->validasi($_POST['start'], 'xss');
$end = $val->validasi($_POST['end'], 'xss');
$allday = 'true';
$data = array('startevt' => $start, 'endevt' => $end, 'allday' => $allday);
$table = new PoTable('event');
$table->updateBy('id_event', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} elseif ($mod == 'event' and $act == 'uploadgroupevent') {
$filename = $_FILES['eventfile']['tmp_name'];
$color = $val->validasi($_POST['color'], 'xss');
/*
* Upload facebook group event
*/
for ($i = 1; $i <= 12; $i++) {
/*
* Get event month
* Locale : EN
*/
$monthlong[$i] = date("F", mktime(0, 0, 0, $i + 1, 0, 0, 0));
$monthshort[$i] = date("M", mktime(0, 0, 0, $i + 1, 0, 0, 0));
}
echo $currentUser->locktype;
} elseif ($mod == 'login' and $act == 'proclogin') {
$username = anti_injection($_POST['username']);
$pass = anti_injection(md5($_POST['password']));
if (!ctype_alnum($username) or !ctype_alnum($pass)) {
header('location:index.php?errormsg=1');
} else {
$table = new PoTable('users');
$currentUser = $table->findByLogin(username, $username, password, $pass, blokir, "N");
$currentUser = $currentUser->current();
if ($currentUser > 0) {
session_start();
include_once "timeout.php";
$_SESSION['iduser'] = $currentUser->id_user;
$_SESSION['namauser'] = $currentUser->username;
$_SESSION['namalengkap'] = $currentUser->nama_lengkap;
$_SESSION['passuser'] = $currentUser->password;
$_SESSION['leveluser'] = $currentUser->level;
$_SESSION['login'] = 1;
timer();
$sid_lama = session_id();
session_regenerate_id();
$sid_baru = session_id();
$sesi = array('id_session' => $sid_baru);
$table->updateBy('username', $username, $sesi);
header('location:admin.php?mod=home');
} else {
header('location:index.php?errormsg=2');
}
}
}
