function KiemTraQuyen($p)
{
$group1 = array("home", "tv-xem", "tv-den", "tv-chua", "tv-sua", "tv-them", "tk-doi", "tk-sua", "tt-xem");
$group2 = array("home", "tt-xem", "tt-sua", "tt-add", "tt-them", "tk-doi", "tk-sua");
$group3 = array("tv-xoa", "tt-xoa", "tk-xem", "tk-them", "tk-mk", "tk-cv", "tk-tt", "tk-xoa", "to-tv-xem", "to-tt-xem", "catalog-xem", "catalog-them", "catalog-sua", "catalog-xoa", "kv-xem", "kv-them", "kv-sua", "kv-xoa", "nv-tv-xem", "nv-tv-them", "nv-tv-sua", "nv-tv-xoa", "nv-tt-xem", "nv-tt-them", "nv-tt-sua", "nv-tt-xoa");
$this_fun = new quantri();
if ($_SESSION['kt_login_level'] == 1) {
if (!in_array($p, $group1)) {
$this_fun->KichUser();
}
}
if ($_SESSION['kt_login_level'] == 2) {
if (!in_array($p, $group2)) {
$this_fun->KichUser();
}
}
if ($_SESSION['kt_login_level'] == 3) {
if (!in_array($p, $group1)) {
if (!in_array($p, $group2)) {
if (!in_array($p, $group3)) {
$this_fun->KichUser();
}
}
}
}
}
function KiemTraQuyen($p)
{
$group1 = array("home", "contacts-xem", "contacts-chitiet", "orders-xem", "support-xem", "support-chitiet", "hoithao-xem", "gopy-xem", "tk-doi", "tk-sua");
$group2 = array("pa-xem", "pa-sua", "pa-them", "pa-xoa", "ch-xem", "ch-sua", "ch-them", "product-xem", "product-them", "product-xoa", "product-sua", "product2-xem", "product2-them", "product2-sua", "ser-xem", "ser-them", "ser-sua");
$group3 = array("contacts-xoa", "support-xoa", "gopy-xoa", "tk-xem", "tk-them", "tk-mk", "tk-cv", "tk-tt", "tk-xoa", "catalog-xem", "catalog-them", "catalog-xoa", "catalog-sua");
$this_fun = new quantri();
if ($_SESSION['kt_login_level'] == 1) {
if (!in_array($p, $group1)) {
$this_fun->KichUser();
}
}
if ($_SESSION['kt_login_level'] == 2) {
if (!in_array($p, $group1)) {
if (!in_array($p, $group2)) {
$this_fun->KichUser();
}
}
}
if ($_SESSION['kt_login_level'] == 3) {
if (!in_array($p, $group1)) {
if (!in_array($p, $group2)) {
if (!in_array($p, $group3)) {
$this_fun->KichUser();
}
}
}
}
}
public function SuaPA($idSP)
{
$TieuDe = $_POST['TieuDe'];
$UrlHinh = isset($_POST['UrlHinh']) ? $_POST['UrlHinh'] : '';
$TomTat = isset($_POST['TomTat']) ? $_POST['TomTat'] : '';
$NoiDung = isset($_POST['NoiDung']) ? $_POST['NoiDung'] : '';
$Title = isset($_POST['Title']) ? $_POST['Title'] : '';
$Des = isset($_POST['Des']) ? $_POST['Des'] : '';
$Keyword = isset($_POST['Keyword']) ? $_POST['Keyword'] : '';
$Parent = isset($_POST['Parent']) ? $_POST['Parent'] : '';
$Lang = isset($_POST['Lang']) ? $_POST['Lang'] : 'vi';
settype($Parent, 'int');
settype($idGroup, 'int');
$TieuDe = parent::XoaDinhDang($TieuDe);
$Title = parent::XoaDinhDang($Title);
$Des = parent::XoaDinhDang($Des);
$Keyword = parent::XoaDinhDang($Keyword);
$UrlHinh = parent::XoaDinhDang($UrlHinh);
$TomTat = parent::XoaDinhDang($TomTat);
$Des = parent::XoaDinhDang($Des);
if ($Title == '') {
$Title = $TieuDe;
}
$TieuDeKD = parent::stripUnicode($TieuDe);
if ($idGroup == 2) {
$TieuDeKD = $TieuDeKD . "-" . $idSP;
}
if ($idGroup == 4) {
$TomTat = nl2br($TomTat, TRUE);
$NoiDung = nl2br($NoiDung, TRUE);
}
//Cập nhật vào db
$sql = "UPDATE mk_pages\n\t\t\t\tSET TieuDe = '{$TieuDe}',\n\t\t\t\t\tTieuDeKD = '{$TieuDeKD}',\n Title = '{$Title}',\n Des = '{$Des}',\n Keyword = '{$Keyword}',\n TomTat ='{$TomTat}',\n NoiDung = '{$NoiDung}',\n UrlHinh = '{$UrlHinh}',\n Parent = '{$Parent}',\n Lang ='{$Lang}'\n WHERE idPa = {$idSP}\n ";
mysql_query($sql) or die(mysql_error());
}
public function SuaSU($idSP)
{
$HoTen = isset($_POST['HoTen']) ? $_POST['HoTen'] : '';
$DiaChi = isset($_POST['DiaChi']) ? $_POST['DiaChi'] : '';
$NoiDung = isset($_POST['NoiDung']) ? $_POST['NoiDung'] : '';
$HoTen = parent::XoaDinhDang($HoTen);
$DiaChi = parent::XoaDinhDang($DiaChi);
//Cập nhật vào db
$sql = "UPDATE mk_support\n\t\t\t\tSET HoTen = '{$HoTen}',\n\t\t\t\t\tDiaChi = '{$DiaChi}',\n NoiDung = '{$NoiDung}'\n WHERE idSU = {$idSP}\n ";
mysql_query($sql) or die(mysql_error());
}
public function ThemSLLoai($idLoai)
{
$UrlHinh = $_POST['UrlHinh'];
$idGroup = $_POST['idGroup'];
$idLoai = $_POST['idLoai'];
settype($idLoai, 'int');
settype($idGroup, 'int');
$UrlHinh = parent::XoaDinhDang($UrlHinh);
//Chèn dữ liệu vào database
$sql = "INSERT INTO mk_ads (UrlHinh, idGroup, idLoai)\n\t\t\t\tVALUES ('{$UrlHinh}', '{$idGroup}', '{$idLoai}')";
mysql_query($sql) or die(mysql_error());
}
public function SuaDM($idSP)
{
$TieuDe = isset($_POST['TieuDe']) ? $_POST['TieuDe'] : '';
$TomTat = isset($_POST['TomTat']) ? $_POST['TomTat'] : '';
$Title = isset($_POST['Title']) ? $_POST['Title'] : '';
$Des = isset($_POST['Des']) ? $_POST['Des'] : '';
$Parent = isset($_POST['Parent']) ? $_POST['Parent'] : '';
$Keyword = isset($_POST['Keyword']) ? $_POST['Keyword'] : '';
$idGroup = isset($_POST['idGroup']) ? $_POST['idGroup'] : '';
settype($Parent, "int");
$TieuDe = parent::XoaDinhDang($TieuDe);
$Title = parent::XoaDinhDang($Title);
$Keyword = parent::XoaDinhDang($Keyword);
$Des = parent::XoaDinhDang($Des);
if ($Title == '') {
$Title = $TieuDe;
}
$TieuDeKD = parent::stripUnicode($TieuDe) . "-" . $idSP;
//Cập nhật vào db
$sql = "UPDATE mk_catalog\n\t\t\t\tSET TieuDe = '{$TieuDe}',\n TieuDeKD = '{$TieuDeKD}',\n\t\t\t\t\tTitle = '{$Title}',\n\t\t\t\t\tDes = '{$Des}',\n\t\t\t\t\tParent = '{$Parent}',\n\t\t\t\t\tTomTat = '{$TomTat}',\n\t\t\t\t\tKeyword = '{$Keyword}'\n WHERE idLoai = {$idSP}\n ";
mysql_query($sql) or die(mysql_error());
}
<?php
require_once "../lib/class_quantri.php";
$qt = new quantri();
$bang = $_GET['bang'];
$ma = $_GET['ma'];
$id = $_GET['id'];
$value = $_GET['value'];
settype($id, "int");
$bang = $qt->XoaDinhDang($bang);
$ma = $qt->XoaDinhDang($ma);
$value = $qt->XoaDinhDang($value);
$get = $qt->ValueHienTai($bang, $ma, $id, $value);
if ($get == 0) {
$get = 1;
} else {
$get = 0;
}
$qt->ValueThayDoi($bang, $ma, $id, $value, $get);
echo $get;
<?php
require_once "../lib/class_quantri.php";
$qt = new quantri();
$table = $_GET['bang'];
$ma = $_GET['ma'];
$id = $_GET['id'];
settype($id, "int");
$bang = $qt->XoaDinhDang($table);
$ma = $qt->XoaDinhDang($ma);
$anhien = $qt->LayAnHien($table, $ma, $id);
if ($anhien == 0) {
$anhien = 1;
} else {
$anhien = 0;
}
$qt->DoiAnHien($table, $ma, $id, $anhien);
echo $anhien;
<?php
session_start();
ob_start();
$idUser = $_SESSION["idUser"];
$idGroup = $_SESSION["idGroup"];
$user = $_SESSION["Username"];
$quyen_xem = $_SESSION['quyen_xem'];
$quyen_action = $_SESSION['quyen_action'];
if (@$user) {
require_once 'config.php';
require_once 'layout.php';
require_once DIR . 'class.form.php';
$form = new form();
require_once DIR . 'class.quantri.php';
$qt = new quantri();
require_once DIR . 'class.sql.php';
$sql = new sql();
$p = $_GET["p"];
if ($p == 'thoat') {
session_destroy();
header("location:index.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Trang quản trị</title>
<link href="img/css.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../../library/jquery.js"></script>
<?php require_once "../lib/class_quantri.php"; $qt = new quantri(); $table = $_GET['bang']; $ma = $_GET['ma']; $id = $_GET['id']; $thutu = $_GET['thutu']; settype($id, "int"); settype($thutu, "int"); $qt->SuaThuTu($table, $ma, $id, $thutu); echo $anhien;
<?php
session_start();
if (@$_SESSION["id_admin"]) {
$user = $_SESSION["user_admin"];
require_once 'config.php';
require_once DIR . 'class.quantri.php';
$qt = new quantri();
require_once DIR . 'class.sql.php';
$sql = new sql();
if (@$_POST['delete']) {
$type = 3;
$table = $_POST['page'];
$id = $_POST['id'];
$sql->get_sql($type, $table, $user, $id);
$sql->executable();
}
if (@$_POST['status']) {
$type = 7;
$table = $_POST['page'];
$set = $_POST['set'];
$id = $_POST['id'];
$sql->get_sql($type, $table, $user, $set, $id);
echo $sql->executable();
}
if (isset($_POST['KiemTraUser'])) {
$user = $_POST['KiemTraUser'];
$total = mysql_result($qt->Users_KiemTraUser($user), 0);
if ($total == 0 & eregi("^[[:alnum:]]+\$", $user)) {
echo '<font color="#00CC00">Username hợp lệ</font>';
} else {
<?php
require_once "../lib/class_quantri.php";
if (isset($qt) == false) {
$qt = new quantri();
}
$idTL = $_GET['idTL'];
$loaitin = $qt->DanhMucSua(-1, $idTL, 1);
while ($row_loaitin = mysql_fetch_assoc($loaitin)) {
?>
<option value="<?php
echo $row_loaitin['idLoai'];
?>
"><?php
echo $row_loaitin['TieuDe'];
?>
</option>
<?php
}
<?php
session_start();
//ob_start();
if (@$_SESSION["Username"]) {
header('location: administrator.php');
}
require 'config.php';
require DIR . 'class.quantri.php';
$qt = new quantri();
if (isset($_POST["btnLogin"])) {
$un = $_POST["un"];
$pa = $_POST["pa"];
$kiemtra = $qt->KiemTraLogin($un, $pa);
if ($kiemtra == true) {
header("location:administrator.php");
} else {
$error = "Tên đăng nhập hoặc mật khẩu sai.<br />";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<div style="width:240px; height:260px; background:url(img/bg-dangnhap.gif) repeat-x; padding:10px; border:solid 1px #a9c1d4; margin-left:auto; margin-right:auto">
public function SuaPO($idSP)
{
//Tiếp nhận dữ liệu từ form
$UrlHinh = isset($_POST['UrlHinh']) ? $_POST['UrlHinh'] : "";
$TieuDe = isset($_POST['TieuDe']) ? $_POST['TieuDe'] : "";
$Des = isset($_POST['Des']) ? $_POST['Des'] : "";
$Keyword = isset($_POST['Keyword']) ? $_POST['Keyword'] : "";
$Title = isset($_POST['Title']) ? $_POST['Title'] : "";
$NoiDung = isset($_POST['NoiDung']) ? $_POST['NoiDung'] : "";
$TomTat = isset($_POST['TomTat']) ? $_POST['TomTat'] : "";
$idLoai = isset($_POST['idLoai']) ? $_POST['idLoai'] : "";
$idCL = isset($_POST['idCL']) ? $_POST['idCL'] : "";
$idGroup = isset($_POST['idGroup']) ? $_POST['idGroup'] : "";
//Kiểm tra dữ liệu đã nhận
settype($idLoai, "int");
settype($idCL, "int");
$UrlHinh = parent::XoaDinhDang($UrlHinh);
$TieuDe = parent::XoaDinhDang($TieuDe);
$Des = parent::XoaDinhDang($Des);
$Keyword = parent::XoaDinhDang($Keyword);
$Title = parent::XoaDinhDang($Title);
if ($Title == '') {
$Title = $TieuDe;
}
$TieuDeKD = parent::stripUnicode($TieuDe) . "-" . $idSP;
//chèn vào db
$sql = "UPDATE mk_post\n SET TieuDe = '{$TieuDe}',\n TieuDeKD = '{$TieuDeKD}',\n UrlHinh = '{$UrlHinh}',\n Des = '{$Des}',\n Keyword = '{$Keyword}',\n Title = '{$Title}',\n NoiDung = '{$NoiDung}',\n idLoai = '{$idLoai}',\n TomTat = '{$TomTat}',\n idCL = '{$idCL}'\n WHERE idPO = {$idSP}\n ";
mysql_query($sql) or die(mysql_error());
}
<?php
session_start();
if (@$_SESSION["username_admin"]) {
$user = $_SESSION["username_admin"];
require_once 'config.php';
require_once DIR . 'class.quantri.php';
$qt = new quantri();
require_once DIR . 'class.sql.php';
$sql = new sql();
if (@$_POST['delete']) {
$type = 3;
$table = $_POST['page'];
$id = $_POST['id'];
if ($user == 'admin') {
$sql->get_sql($type, $table, $user, $id);
$sql->executable();
} else {
$qr = mysql_query("SELECT user_create FROM {$table} WHERE id='{$id}'");
$row = mysql_fetch_array($qr);
if ($row['user_create'] == $user) {
$sql->get_sql($type, $table, $user, $id);
$sql->executable();
}
}
}
if (@$_POST['status']) {
$type = 7;
$table = $_POST['page'];
$set = $_POST['set'];
$id = $_POST['id'];
}
$lang = $_SESSION['language'];
if (@$_SESSION["id_admin"]) {
$idUser = $_SESSION["id_admin"];
$idGroup = $_SESSION["group_admin"];
$user = $_SESSION["user_admin"];
$quyen_xem = $_SESSION['quyen_xem'];
$quyen_action = $_SESSION['quyen_action'];
}
if (@$user) {
require_once 'config.php';
require_once 'layout.php';
require_once DIR . 'class.form.php';
$form = new form();
require_once DIR . 'class.quantri.php';
$qt = new quantri();
require_once DIR . 'class.sql.php';
$sql = new sql();
$p = $_GET["p"];
if ($p == 'thoat') {
session_destroy();
header("location:index.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Trang quản trị</title>
<meta name="robots" content="nofollow" />
<link href="img/css.css" rel="stylesheet" type="text/css" />
public function SuaTKMK($idSP)
{
$Pass = $_POST['PassNew'];
$Pass = parent::XoaDinhDang($Pass);
$Pass = md5($Pass);
$sql = "UPDATE mk_users\n\t\t\t\tSET Pass = '******'\n WHERE idUser = {$idSP}\n ";
mysql_query($sql) or die(mysql_error());
}
public function SuaPO($idSP)
{
//Tiếp nhận dữ liệu từ form
$MaSo = isset($_POST['MaSo']) ? $_POST['MaSo'] : "";
$HoTen = isset($_POST['HoTen']) ? $_POST['HoTen'] : "";
$Tuoi = isset($_POST['Tuoi']) ? $_POST['Tuoi'] : "";
$GioiTinh = isset($_POST['GioiTinh']) ? $_POST['GioiTinh'] : "";
$DacBiet = isset($_POST['DacBiet']) ? $_POST['DacBiet'] : "";
$DienThoai = isset($_POST['DienThoai']) ? $_POST['DienThoai'] : "";
$DiaChi = isset($_POST['DiaChi']) ? $_POST['DiaChi'] : "";
$Khoa = isset($_POST['Khoa']) ? $_POST['Khoa'] : "";
$Benh = isset($_POST['Benh']) ? $_POST['Benh'] : "";
$NgayHenKham = isset($_POST['NgayHenKham']) ? $_POST['NgayHenKham'] : "";
$NgayDenKham = isset($_POST['NgayDenKham']) ? $_POST['NgayDenKham'] : "";
$NguonThongTin = isset($_POST['NguonThongTin']) ? $_POST['NguonThongTin'] : "";
$TuVanTu = isset($_POST['TuVanTu']) ? $_POST['TuVanTu'] : "";
$NguoiNhap = isset($_POST['NguoiNhap']) ? $_POST['NguoiNhap'] : "";
$NoiDung = isset($_POST['NoiDung']) ? $_POST['NoiDung'] : "";
$GhiChu = isset($_POST['GhiChu']) ? $_POST['GhiChu'] : "";
//Kiểm tra dữ liệu đã nhận
settype($Tuoi, "int");
settype($GioiTinh, "int");
settype($DacBiet, "int");
$MaSo = parent::XoaDinhDang($MaSo);
$HoTen = parent::XoaDinhDang($HoTen);
$DienThoai = parent::XoaDinhDang($DienThoai);
$DiaChi = parent::XoaDinhDang($DiaChi);
$Khoa = parent::XoaDinhDang($Khoa);
$Benh = parent::XoaDinhDang($Benh);
$NguonThongTin = parent::XoaDinhDang($NguonThongTin);
$NguoiNhap = parent::XoaDinhDang($NguoiNhap);
//chèn vào db
$sql = "UPDATE mk_benh_tv\n SET MaSo = '{$MaSo}',\n HoTen = '{$HoTen}',\n DienThoai = '{$DienThoai}',\n DiaChi = '{$DiaChi}',\n Khoa = '{$Khoa}',\n Benh = '{$Benh}',\n NguonThongTin = '{$NguonThongTin}',\n NguoiNhap = '{$NguoiNhap}',\n NgayDenKham = '{$NgayDenKham}',\n NgayHenKham = '{$NgayHenKham}',\n GioiTinh = '{$GioiTinh}',\n DacBiet = '{$DacBiet}',\n TuVanTu = '{$TuVanTu}',\n GhiChu = '{$GhiChu}',\n NoiDung = '{$NoiDung}',\n Tuoi = '{$Tuoi}'\n WHERE idTV = {$idSP}\n ";
mysql_query($sql) or die(mysql_error());
}
<?php
session_start();
if (@$_SESSION["id_admin"]) {
$user = $_SESSION["user_admin"];
require_once 'config.php';
require_once DIR . 'class.quantri.php';
$qt = new quantri();
require_once DIR . 'class.sql.php';
$sql = new sql();
if (@$_POST['delete']) {
$type = 3;
$table = $_POST['page'];
$id = $_POST['id'];
$sql->get_sql($type, $table, $user, $id);
$sql->executable();
}
if (@$_POST['status']) {
$type = 7;
$table = $_POST['page'];
$set = $_POST['set'];
$id = $_POST['id'];
$sql->get_sql($type, $table, $user, $set, $id);
echo $sql->executable();
}
if (isset($_POST['KiemTraUser'])) {
$user = $_POST['KiemTraUser'];
$total = mysql_result($qt->Users_KiemTraUser($user), 0);
if ($total == 0 & eregi("^[[:alnum:]]+\$", $user)) {
echo '<font color="#00CC00">Username hợp lệ</font>';
} else {
