public function loadSession($username, $password)
{
$verify = Database::execQuery("SELECT EXISTS(SELECT id FROM users WHERE username = '******' and pass = md5('{$password}')) as 'asshole'")[0][0];
if ($verify) {
// jika sudah benar
error_log($verify);
session_start();
// maka simpan data ID ke dalam session
$_SESSION['userID'] = Database::execQuery("SELECT id from users where username = '******' and pass = md5('{$password}') and role != 5")[0]['id'];
header("Location: " . \Turner\System\App::$information['serverAddr'] . "/index");
// dan arahkan ke halaman indeks
} else {
$wrongData = true;
// jika tidak, tampilkan halaman login kembali dengan error salah data
include "magician/login.php";
exit;
// keluar
return 0;
}
}
public static function rewriteFunction()
{
$conn = new Database();
$conn->connect();
if (!($conn->execQuery("SELECT user_id FROM post WHERE id = '" . $_POST['POSTID'] . "'")[0][0] == \Turner\System\User::getID()) && !(\Turner\System\User::getRole() == 'editor' || \Turner\System\User::getRole() == 'admin')) {
header("Location: " . \Turner\System\App::$information['serverAddr'] . "/post");
return;
}
if (isset($_POST['PostTitle']) && isset($_POST['PostContent']) && isset($_POST['slug']) && $_POST['PostTitle'] != '' && $_POST['slug'] != '') {
$execStatus = false;
if (\Turner\System\User::getRole() == 'contributor') {
$_POST['publish'] = false;
}
echo $conn->beginTransaction();
try {
$query = $conn->query("UPDATE post SET title = '" . htmlspecialchars($_POST['PostTitle'], ENT_QUOTES) . "', content = '" . htmlspecialchars($_POST['PostContent'], ENT_QUOTES) . "', pass = md5('" . htmlspecialchars($_POST['post_password'], ENT_QUOTES) . "'), slug = '" . $_POST['slug'] . "', post_status = " . intval($_POST['publish']) . ", comment_status = " . intval($_POST['comment_status']) . " WHERE id = " . intval($_POST['POSTID']));
$conn->query("DELETE FROM post_category WHERE post_id = " . intval($_POST['POSTID']));
foreach ($_POST['category'] as $catData) {
$conn->query("INSERT INTO post_category(post_id, category_id) VALUES(" . intval($_POST['POSTID']) . ", " . intval($catData) . ")");
}
$execStatus = true;
header("Location: " . \Turner\System\App::$information['serverAddr'] . "/post");
} catch (\PDOException $e) {
echo "<form id=formtemp action='" . \Turner\System\App::$information['serverAddr'] . "/post/edit' method=POST>";
foreach ($_POST as $key => $data) {
echo "<input type=hidden name='" . $key . "' value='" . htmlspecialchars(is_array($data) ? implode(',', $data) : $data, ENT_QUOTES) . "'>";
}
echo "<input type=hidden name=errorInfo value='" . htmlspecialchars($e->getMessage()) . "'>";
echo "</form>";
?>
<script>
document.getElementById("formtemp").submit();
</script>
<?php
$execStatus = false;
}
if ($execStatus) {
$conn->commit();
} else {
$conn->rollBack();
}
}
}