function init() { $formx = new form(); global $error; $formx->set_error(0); if (!$error) { $formx->reset(); } }
$formix->init(); $formix->serialize_form(); $formix->validate('', 'p_uname,p_pwdx'); if ($formix->is_error()) { $msgx->build_msg(); header("location: index.php"); exit; } if ($dbu->anti_sql_injection($_POST['p_uname']) and $dbu->anti_sql_injection($_POST['p_uname'])) { // lakukan proses login $passwordhash = md5(serialize($p_pwdx)); $sql = "select *\n\t\t\t\tfrom " . $app['table']['pengguna'] . "\n\t\t\t\twhere username = '******'\n\t\t\t\t\t and password = '******' and status = 'aktif'\n\t\t\t\tlimit 1"; $dbu->query($sql, $rs['login'], $nr['login']); //echo $nr['login'];exit; if ($nr['login']) { $formix->reset(); // $_SESSION['inline_edit'] = "on"; $_SESSION['adminsession'] = $appx->serialize64($dbu->fetch($rs['login'])); header("location: " . $app['webmin'] . "/index.php?act=home"); exit; } else { //echo "masuk jeh nang kene";exit; $msgx->set_msg($app[lang][error]['invalid_login']); $msgx->build_msg(); header("location: index.php"); exit; } } else { $msgx->set_msg($app[lang][error]['invalid_login']); $msgx->build_msg(); header("location: index.php");
**************************************************/ // menu echo table::open(); echo table::tds(array(array('class' => 'tableb', 'text' => html::button('forum.php?c=admin', Lang::item('admin.home')) . NBSP . html::button('forum.php?c=admin&m=newcat', Lang::item('admin.new_category')) . NBSP . html::button('forum.php?c=admin&m=setting', Lang::item('admin.setting'))))); echo table::close(); echo table::open(); echo form::open('forum.php?c=admin&m=setting'); echo table::td('Forum Setting', 2); if (count($errors) > 0) { echo table::tds(array(array('class' => 'tableh2', 'colspan' => '2', 'text' => table::error($errors)))); } echo table::td(html::b(Lang::item('admin.basic_features')), 2, 'tableh2'); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.title')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_title', Config::item('fr_title'))))); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.allow_guest_browse')), array('class' => 'tableb', 'width' => '50%', 'text' => form::yesno('fr_guest_browse', Config::item('fr_guest_browse'))))); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.allow_guest_post')), array('class' => 'tableb', 'width' => '50%', 'text' => form::yesno('fr_guest_post', Config::item('fr_guest_post'))))); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.enable_message_icons')), array('class' => 'tableb', 'width' => '50%', 'text' => form::yesno('fr_msg_icons', Config::item('fr_msg_icons'))))); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.time_online_checking')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_time_online_checking', Config::item('fr_time_online_checking'))))); echo table::td(html::b(Lang::item('admin.topic_features')), 2, 'tableh2'); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.topic_per_page')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_topic_per_page', Config::item('fr_topic_per_page'))))); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.hot_topic_msg')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_hot_topic_msg', Config::item('fr_hot_topic_msg'))))); echo table::td(html::b(Lang::item('admin.message_features')), 2, 'tableh2'); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.msg_per_page')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_msg_per_page', Config::item('fr_msg_per_page'))))); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.max_msg_size')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_msg_max_size', Config::item('fr_msg_max_size'))))); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.max_word_length')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_max_word_length', Config::item('fr_max_word_length'))))); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.gap_time')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_gap_time', Config::item('fr_gap_time'))))); echo table::td(html::b(Lang::item('admin.profile_features')), 2, 'tableh2'); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.avatar_size')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_avatar_size', Config::item('fr_avatar_size'))))); echo table::tds(array(array('class' => 'tableb', 'width' => '50%', 'text' => Lang::item('admin.signature_max_size')), array('class' => 'tableb', 'width' => '50%', 'text' => form::text('fr_signature_max_size', Config::item('fr_signature_max_size'))))); echo table::tds(array(array('class' => 'tablef', 'colspan' => '2', 'text' => form::submit(Lang::item('common.modify'), 'submit') . form::reset(Lang::item('common.reset'), 'reset')))); echo form::close(); echo table::close();
<?php if (!defined('PROPER_START')) { header("HTTP/1.0 403 Forbidden"); exit; } if (preg_match("/^[0-9]{2,30}\$/", $_POST['id']) != 1) { raise(new SecurityException(iSeverity::CRITICAL, $lang['ABNORMAL_PARAMETER_VALUE'])); } $form = new form('edit_domain'); $form->checkReferer(); $form->reset(); $form->importValues($_POST); $form->setCheck('dir', $lang['check_dir'], formCheck::ALLTEXT, 2, 30, true); if (preg_match("/(^\\/?\\.\\.|\\/\\.\\.\\/?\$|\\/\\.\\.\\/|\\\\|\\s)/", $_POST['dir']) > 0) { $form->setError('dir', $lang['check_dir']); } $form->validate(); $home = '/dns/com/olympe-network/' . security::get('user') . '/' . $form->getValue('dir'); $sql = "UPDATE domain SET homeDirectory = '" . security::encode($home, false) . "' WHERE uid = '{$_POST['id']}'"; $userapi->query($sql, iDatabase::NO_ROW); // LOG ACTION IN HISTORY $sql = "SELECT Hostname FROM domain WHERE uid = '{$_POST['id']}'"; $domain = $userapi->query($sql); $data = array('domain' => $domain['Hostname'], 'dir' => $form->getValue('dir')); $logger = new logger(); $logger->log($data); $form->cleanup(); $template->redirect('/panel/domains/edit?done&id=' . $_POST['id']);