function KiemTraQuyen($p) { $group1 = array("home", "tv-xem", "tv-den", "tv-chua", "tv-sua", "tv-them", "tk-doi", "tk-sua", "tt-xem"); $group2 = array("home", "tt-xem", "tt-sua", "tt-add", "tt-them", "tk-doi", "tk-sua"); $group3 = array("tv-xoa", "tt-xoa", "tk-xem", "tk-them", "tk-mk", "tk-cv", "tk-tt", "tk-xoa", "to-tv-xem", "to-tt-xem", "catalog-xem", "catalog-them", "catalog-sua", "catalog-xoa", "kv-xem", "kv-them", "kv-sua", "kv-xoa", "nv-tv-xem", "nv-tv-them", "nv-tv-sua", "nv-tv-xoa", "nv-tt-xem", "nv-tt-them", "nv-tt-sua", "nv-tt-xoa"); $this_fun = new quantri(); if ($_SESSION['kt_login_level'] == 1) { if (!in_array($p, $group1)) { $this_fun->KichUser(); } } if ($_SESSION['kt_login_level'] == 2) { if (!in_array($p, $group2)) { $this_fun->KichUser(); } } if ($_SESSION['kt_login_level'] == 3) { if (!in_array($p, $group1)) { if (!in_array($p, $group2)) { if (!in_array($p, $group3)) { $this_fun->KichUser(); } } } } }
function KiemTraQuyen($p) { $group1 = array("home", "contacts-xem", "contacts-chitiet", "orders-xem", "support-xem", "support-chitiet", "hoithao-xem", "gopy-xem", "tk-doi", "tk-sua"); $group2 = array("pa-xem", "pa-sua", "pa-them", "pa-xoa", "ch-xem", "ch-sua", "ch-them", "product-xem", "product-them", "product-xoa", "product-sua", "product2-xem", "product2-them", "product2-sua", "ser-xem", "ser-them", "ser-sua"); $group3 = array("contacts-xoa", "support-xoa", "gopy-xoa", "tk-xem", "tk-them", "tk-mk", "tk-cv", "tk-tt", "tk-xoa", "catalog-xem", "catalog-them", "catalog-xoa", "catalog-sua"); $this_fun = new quantri(); if ($_SESSION['kt_login_level'] == 1) { if (!in_array($p, $group1)) { $this_fun->KichUser(); } } if ($_SESSION['kt_login_level'] == 2) { if (!in_array($p, $group1)) { if (!in_array($p, $group2)) { $this_fun->KichUser(); } } } if ($_SESSION['kt_login_level'] == 3) { if (!in_array($p, $group1)) { if (!in_array($p, $group2)) { if (!in_array($p, $group3)) { $this_fun->KichUser(); } } } } }
public function SuaPA($idSP) { $TieuDe = $_POST['TieuDe']; $UrlHinh = isset($_POST['UrlHinh']) ? $_POST['UrlHinh'] : ''; $TomTat = isset($_POST['TomTat']) ? $_POST['TomTat'] : ''; $NoiDung = isset($_POST['NoiDung']) ? $_POST['NoiDung'] : ''; $Title = isset($_POST['Title']) ? $_POST['Title'] : ''; $Des = isset($_POST['Des']) ? $_POST['Des'] : ''; $Keyword = isset($_POST['Keyword']) ? $_POST['Keyword'] : ''; $Parent = isset($_POST['Parent']) ? $_POST['Parent'] : ''; $Lang = isset($_POST['Lang']) ? $_POST['Lang'] : 'vi'; settype($Parent, 'int'); settype($idGroup, 'int'); $TieuDe = parent::XoaDinhDang($TieuDe); $Title = parent::XoaDinhDang($Title); $Des = parent::XoaDinhDang($Des); $Keyword = parent::XoaDinhDang($Keyword); $UrlHinh = parent::XoaDinhDang($UrlHinh); $TomTat = parent::XoaDinhDang($TomTat); $Des = parent::XoaDinhDang($Des); if ($Title == '') { $Title = $TieuDe; } $TieuDeKD = parent::stripUnicode($TieuDe); if ($idGroup == 2) { $TieuDeKD = $TieuDeKD . "-" . $idSP; } if ($idGroup == 4) { $TomTat = nl2br($TomTat, TRUE); $NoiDung = nl2br($NoiDung, TRUE); } //Cập nhật vào db $sql = "UPDATE mk_pages\n\t\t\t\tSET TieuDe = '{$TieuDe}',\n\t\t\t\t\tTieuDeKD = '{$TieuDeKD}',\n Title = '{$Title}',\n Des = '{$Des}',\n Keyword = '{$Keyword}',\n TomTat ='{$TomTat}',\n NoiDung = '{$NoiDung}',\n UrlHinh = '{$UrlHinh}',\n Parent = '{$Parent}',\n Lang ='{$Lang}'\n WHERE idPa = {$idSP}\n "; mysql_query($sql) or die(mysql_error()); }
public function SuaSU($idSP) { $HoTen = isset($_POST['HoTen']) ? $_POST['HoTen'] : ''; $DiaChi = isset($_POST['DiaChi']) ? $_POST['DiaChi'] : ''; $NoiDung = isset($_POST['NoiDung']) ? $_POST['NoiDung'] : ''; $HoTen = parent::XoaDinhDang($HoTen); $DiaChi = parent::XoaDinhDang($DiaChi); //Cập nhật vào db $sql = "UPDATE mk_support\n\t\t\t\tSET HoTen = '{$HoTen}',\n\t\t\t\t\tDiaChi = '{$DiaChi}',\n NoiDung = '{$NoiDung}'\n WHERE idSU = {$idSP}\n "; mysql_query($sql) or die(mysql_error()); }
public function ThemSLLoai($idLoai) { $UrlHinh = $_POST['UrlHinh']; $idGroup = $_POST['idGroup']; $idLoai = $_POST['idLoai']; settype($idLoai, 'int'); settype($idGroup, 'int'); $UrlHinh = parent::XoaDinhDang($UrlHinh); //Chèn dữ liệu vào database $sql = "INSERT INTO mk_ads (UrlHinh, idGroup, idLoai)\n\t\t\t\tVALUES ('{$UrlHinh}', '{$idGroup}', '{$idLoai}')"; mysql_query($sql) or die(mysql_error()); }
public function SuaDM($idSP) { $TieuDe = isset($_POST['TieuDe']) ? $_POST['TieuDe'] : ''; $TomTat = isset($_POST['TomTat']) ? $_POST['TomTat'] : ''; $Title = isset($_POST['Title']) ? $_POST['Title'] : ''; $Des = isset($_POST['Des']) ? $_POST['Des'] : ''; $Parent = isset($_POST['Parent']) ? $_POST['Parent'] : ''; $Keyword = isset($_POST['Keyword']) ? $_POST['Keyword'] : ''; $idGroup = isset($_POST['idGroup']) ? $_POST['idGroup'] : ''; settype($Parent, "int"); $TieuDe = parent::XoaDinhDang($TieuDe); $Title = parent::XoaDinhDang($Title); $Keyword = parent::XoaDinhDang($Keyword); $Des = parent::XoaDinhDang($Des); if ($Title == '') { $Title = $TieuDe; } $TieuDeKD = parent::stripUnicode($TieuDe) . "-" . $idSP; //Cập nhật vào db $sql = "UPDATE mk_catalog\n\t\t\t\tSET TieuDe = '{$TieuDe}',\n TieuDeKD = '{$TieuDeKD}',\n\t\t\t\t\tTitle = '{$Title}',\n\t\t\t\t\tDes = '{$Des}',\n\t\t\t\t\tParent = '{$Parent}',\n\t\t\t\t\tTomTat = '{$TomTat}',\n\t\t\t\t\tKeyword = '{$Keyword}'\n WHERE idLoai = {$idSP}\n "; mysql_query($sql) or die(mysql_error()); }
<?php require_once "../lib/class_quantri.php"; $qt = new quantri(); $bang = $_GET['bang']; $ma = $_GET['ma']; $id = $_GET['id']; $value = $_GET['value']; settype($id, "int"); $bang = $qt->XoaDinhDang($bang); $ma = $qt->XoaDinhDang($ma); $value = $qt->XoaDinhDang($value); $get = $qt->ValueHienTai($bang, $ma, $id, $value); if ($get == 0) { $get = 1; } else { $get = 0; } $qt->ValueThayDoi($bang, $ma, $id, $value, $get); echo $get;
<?php require_once "../lib/class_quantri.php"; $qt = new quantri(); $table = $_GET['bang']; $ma = $_GET['ma']; $id = $_GET['id']; settype($id, "int"); $bang = $qt->XoaDinhDang($table); $ma = $qt->XoaDinhDang($ma); $anhien = $qt->LayAnHien($table, $ma, $id); if ($anhien == 0) { $anhien = 1; } else { $anhien = 0; } $qt->DoiAnHien($table, $ma, $id, $anhien); echo $anhien;
<?php session_start(); ob_start(); $idUser = $_SESSION["idUser"]; $idGroup = $_SESSION["idGroup"]; $user = $_SESSION["Username"]; $quyen_xem = $_SESSION['quyen_xem']; $quyen_action = $_SESSION['quyen_action']; if (@$user) { require_once 'config.php'; require_once 'layout.php'; require_once DIR . 'class.form.php'; $form = new form(); require_once DIR . 'class.quantri.php'; $qt = new quantri(); require_once DIR . 'class.sql.php'; $sql = new sql(); $p = $_GET["p"]; if ($p == 'thoat') { session_destroy(); header("location:index.php"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Trang quản trị</title> <link href="img/css.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="../../library/jquery.js"></script>
<?php require_once "../lib/class_quantri.php"; $qt = new quantri(); $table = $_GET['bang']; $ma = $_GET['ma']; $id = $_GET['id']; $thutu = $_GET['thutu']; settype($id, "int"); settype($thutu, "int"); $qt->SuaThuTu($table, $ma, $id, $thutu); echo $anhien;
<?php session_start(); if (@$_SESSION["id_admin"]) { $user = $_SESSION["user_admin"]; require_once 'config.php'; require_once DIR . 'class.quantri.php'; $qt = new quantri(); require_once DIR . 'class.sql.php'; $sql = new sql(); if (@$_POST['delete']) { $type = 3; $table = $_POST['page']; $id = $_POST['id']; $sql->get_sql($type, $table, $user, $id); $sql->executable(); } if (@$_POST['status']) { $type = 7; $table = $_POST['page']; $set = $_POST['set']; $id = $_POST['id']; $sql->get_sql($type, $table, $user, $set, $id); echo $sql->executable(); } if (isset($_POST['KiemTraUser'])) { $user = $_POST['KiemTraUser']; $total = mysql_result($qt->Users_KiemTraUser($user), 0); if ($total == 0 & eregi("^[[:alnum:]]+\$", $user)) { echo '<font color="#00CC00">Username hợp lệ</font>'; } else {
<?php require_once "../lib/class_quantri.php"; if (isset($qt) == false) { $qt = new quantri(); } $idTL = $_GET['idTL']; $loaitin = $qt->DanhMucSua(-1, $idTL, 1); while ($row_loaitin = mysql_fetch_assoc($loaitin)) { ?> <option value="<?php echo $row_loaitin['idLoai']; ?> "><?php echo $row_loaitin['TieuDe']; ?> </option> <?php }
<?php session_start(); //ob_start(); if (@$_SESSION["Username"]) { header('location: administrator.php'); } require 'config.php'; require DIR . 'class.quantri.php'; $qt = new quantri(); if (isset($_POST["btnLogin"])) { $un = $_POST["un"]; $pa = $_POST["pa"]; $kiemtra = $qt->KiemTraLogin($un, $pa); if ($kiemtra == true) { header("location:administrator.php"); } else { $error = "Tên đăng nhập hoặc mật khẩu sai.<br />"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form id="form1" name="form1" method="post" action=""> <div style="width:240px; height:260px; background:url(img/bg-dangnhap.gif) repeat-x; padding:10px; border:solid 1px #a9c1d4; margin-left:auto; margin-right:auto">
public function SuaPO($idSP) { //Tiếp nhận dữ liệu từ form $UrlHinh = isset($_POST['UrlHinh']) ? $_POST['UrlHinh'] : ""; $TieuDe = isset($_POST['TieuDe']) ? $_POST['TieuDe'] : ""; $Des = isset($_POST['Des']) ? $_POST['Des'] : ""; $Keyword = isset($_POST['Keyword']) ? $_POST['Keyword'] : ""; $Title = isset($_POST['Title']) ? $_POST['Title'] : ""; $NoiDung = isset($_POST['NoiDung']) ? $_POST['NoiDung'] : ""; $TomTat = isset($_POST['TomTat']) ? $_POST['TomTat'] : ""; $idLoai = isset($_POST['idLoai']) ? $_POST['idLoai'] : ""; $idCL = isset($_POST['idCL']) ? $_POST['idCL'] : ""; $idGroup = isset($_POST['idGroup']) ? $_POST['idGroup'] : ""; //Kiểm tra dữ liệu đã nhận settype($idLoai, "int"); settype($idCL, "int"); $UrlHinh = parent::XoaDinhDang($UrlHinh); $TieuDe = parent::XoaDinhDang($TieuDe); $Des = parent::XoaDinhDang($Des); $Keyword = parent::XoaDinhDang($Keyword); $Title = parent::XoaDinhDang($Title); if ($Title == '') { $Title = $TieuDe; } $TieuDeKD = parent::stripUnicode($TieuDe) . "-" . $idSP; //chèn vào db $sql = "UPDATE mk_post\n SET TieuDe = '{$TieuDe}',\n TieuDeKD = '{$TieuDeKD}',\n UrlHinh = '{$UrlHinh}',\n Des = '{$Des}',\n Keyword = '{$Keyword}',\n Title = '{$Title}',\n NoiDung = '{$NoiDung}',\n idLoai = '{$idLoai}',\n TomTat = '{$TomTat}',\n idCL = '{$idCL}'\n WHERE idPO = {$idSP}\n "; mysql_query($sql) or die(mysql_error()); }
<?php session_start(); if (@$_SESSION["username_admin"]) { $user = $_SESSION["username_admin"]; require_once 'config.php'; require_once DIR . 'class.quantri.php'; $qt = new quantri(); require_once DIR . 'class.sql.php'; $sql = new sql(); if (@$_POST['delete']) { $type = 3; $table = $_POST['page']; $id = $_POST['id']; if ($user == 'admin') { $sql->get_sql($type, $table, $user, $id); $sql->executable(); } else { $qr = mysql_query("SELECT user_create FROM {$table} WHERE id='{$id}'"); $row = mysql_fetch_array($qr); if ($row['user_create'] == $user) { $sql->get_sql($type, $table, $user, $id); $sql->executable(); } } } if (@$_POST['status']) { $type = 7; $table = $_POST['page']; $set = $_POST['set']; $id = $_POST['id'];
} $lang = $_SESSION['language']; if (@$_SESSION["id_admin"]) { $idUser = $_SESSION["id_admin"]; $idGroup = $_SESSION["group_admin"]; $user = $_SESSION["user_admin"]; $quyen_xem = $_SESSION['quyen_xem']; $quyen_action = $_SESSION['quyen_action']; } if (@$user) { require_once 'config.php'; require_once 'layout.php'; require_once DIR . 'class.form.php'; $form = new form(); require_once DIR . 'class.quantri.php'; $qt = new quantri(); require_once DIR . 'class.sql.php'; $sql = new sql(); $p = $_GET["p"]; if ($p == 'thoat') { session_destroy(); header("location:index.php"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Trang quản trị</title> <meta name="robots" content="nofollow" /> <link href="img/css.css" rel="stylesheet" type="text/css" />
public function SuaTKMK($idSP) { $Pass = $_POST['PassNew']; $Pass = parent::XoaDinhDang($Pass); $Pass = md5($Pass); $sql = "UPDATE mk_users\n\t\t\t\tSET Pass = '******'\n WHERE idUser = {$idSP}\n "; mysql_query($sql) or die(mysql_error()); }
public function SuaPO($idSP) { //Tiếp nhận dữ liệu từ form $MaSo = isset($_POST['MaSo']) ? $_POST['MaSo'] : ""; $HoTen = isset($_POST['HoTen']) ? $_POST['HoTen'] : ""; $Tuoi = isset($_POST['Tuoi']) ? $_POST['Tuoi'] : ""; $GioiTinh = isset($_POST['GioiTinh']) ? $_POST['GioiTinh'] : ""; $DacBiet = isset($_POST['DacBiet']) ? $_POST['DacBiet'] : ""; $DienThoai = isset($_POST['DienThoai']) ? $_POST['DienThoai'] : ""; $DiaChi = isset($_POST['DiaChi']) ? $_POST['DiaChi'] : ""; $Khoa = isset($_POST['Khoa']) ? $_POST['Khoa'] : ""; $Benh = isset($_POST['Benh']) ? $_POST['Benh'] : ""; $NgayHenKham = isset($_POST['NgayHenKham']) ? $_POST['NgayHenKham'] : ""; $NgayDenKham = isset($_POST['NgayDenKham']) ? $_POST['NgayDenKham'] : ""; $NguonThongTin = isset($_POST['NguonThongTin']) ? $_POST['NguonThongTin'] : ""; $TuVanTu = isset($_POST['TuVanTu']) ? $_POST['TuVanTu'] : ""; $NguoiNhap = isset($_POST['NguoiNhap']) ? $_POST['NguoiNhap'] : ""; $NoiDung = isset($_POST['NoiDung']) ? $_POST['NoiDung'] : ""; $GhiChu = isset($_POST['GhiChu']) ? $_POST['GhiChu'] : ""; //Kiểm tra dữ liệu đã nhận settype($Tuoi, "int"); settype($GioiTinh, "int"); settype($DacBiet, "int"); $MaSo = parent::XoaDinhDang($MaSo); $HoTen = parent::XoaDinhDang($HoTen); $DienThoai = parent::XoaDinhDang($DienThoai); $DiaChi = parent::XoaDinhDang($DiaChi); $Khoa = parent::XoaDinhDang($Khoa); $Benh = parent::XoaDinhDang($Benh); $NguonThongTin = parent::XoaDinhDang($NguonThongTin); $NguoiNhap = parent::XoaDinhDang($NguoiNhap); //chèn vào db $sql = "UPDATE mk_benh_tv\n SET MaSo = '{$MaSo}',\n HoTen = '{$HoTen}',\n DienThoai = '{$DienThoai}',\n DiaChi = '{$DiaChi}',\n Khoa = '{$Khoa}',\n Benh = '{$Benh}',\n NguonThongTin = '{$NguonThongTin}',\n NguoiNhap = '{$NguoiNhap}',\n NgayDenKham = '{$NgayDenKham}',\n NgayHenKham = '{$NgayHenKham}',\n GioiTinh = '{$GioiTinh}',\n DacBiet = '{$DacBiet}',\n TuVanTu = '{$TuVanTu}',\n GhiChu = '{$GhiChu}',\n NoiDung = '{$NoiDung}',\n Tuoi = '{$Tuoi}'\n WHERE idTV = {$idSP}\n "; mysql_query($sql) or die(mysql_error()); }