Beispiel #1
0
 public function loadSession($username, $password)
 {
     $verify = Database::execQuery("SELECT EXISTS(SELECT id FROM users WHERE username = '******' and pass = md5('{$password}')) as 'asshole'")[0][0];
     if ($verify) {
         // jika sudah benar
         error_log($verify);
         session_start();
         // maka simpan data ID ke dalam session
         $_SESSION['userID'] = Database::execQuery("SELECT id from users where username = '******' and pass = md5('{$password}') and role != 5")[0]['id'];
         header("Location: " . \Turner\System\App::$information['serverAddr'] . "/index");
         // dan arahkan ke halaman indeks
     } else {
         $wrongData = true;
         // jika tidak, tampilkan halaman login kembali dengan error salah data
         include "magician/login.php";
         exit;
         // keluar
         return 0;
     }
 }
Beispiel #2
0
 public static function rewriteFunction()
 {
     $conn = new Database();
     $conn->connect();
     if (!($conn->execQuery("SELECT user_id FROM post WHERE id = '" . $_POST['POSTID'] . "'")[0][0] == \Turner\System\User::getID()) && !(\Turner\System\User::getRole() == 'editor' || \Turner\System\User::getRole() == 'admin')) {
         header("Location: " . \Turner\System\App::$information['serverAddr'] . "/post");
         return;
     }
     if (isset($_POST['PostTitle']) && isset($_POST['PostContent']) && isset($_POST['slug']) && $_POST['PostTitle'] != '' && $_POST['slug'] != '') {
         $execStatus = false;
         if (\Turner\System\User::getRole() == 'contributor') {
             $_POST['publish'] = false;
         }
         echo $conn->beginTransaction();
         try {
             $query = $conn->query("UPDATE post SET title = '" . htmlspecialchars($_POST['PostTitle'], ENT_QUOTES) . "', content = '" . htmlspecialchars($_POST['PostContent'], ENT_QUOTES) . "', pass = md5('" . htmlspecialchars($_POST['post_password'], ENT_QUOTES) . "'), slug = '" . $_POST['slug'] . "', post_status = " . intval($_POST['publish']) . ", comment_status = " . intval($_POST['comment_status']) . " WHERE id = " . intval($_POST['POSTID']));
             $conn->query("DELETE FROM post_category WHERE post_id = " . intval($_POST['POSTID']));
             foreach ($_POST['category'] as $catData) {
                 $conn->query("INSERT INTO post_category(post_id, category_id) VALUES(" . intval($_POST['POSTID']) . ", " . intval($catData) . ")");
             }
             $execStatus = true;
             header("Location: " . \Turner\System\App::$information['serverAddr'] . "/post");
         } catch (\PDOException $e) {
             echo "<form id=formtemp action='" . \Turner\System\App::$information['serverAddr'] . "/post/edit' method=POST>";
             foreach ($_POST as $key => $data) {
                 echo "<input type=hidden name='" . $key . "' value='" . htmlspecialchars(is_array($data) ? implode(',', $data) : $data, ENT_QUOTES) . "'>";
             }
             echo "<input type=hidden name=errorInfo value='" . htmlspecialchars($e->getMessage()) . "'>";
             echo "</form>";
             ?>
                      <script>
                           document.getElementById("formtemp").submit();
                      </script>
                      <?php 
             $execStatus = false;
         }
         if ($execStatus) {
             $conn->commit();
         } else {
             $conn->rollBack();
         }
     }
 }