$content .= '<div class="border"><center><a href="admin.php?pilih=calendar&mod=yes">Back</a></center></div>';
} else {
$content .= '<div class="border"><table width="100%" class="bodyline"><tr><td align="left"><img src="images/warning.gif" border="0"></td><td align="center"><div class="error">Data gagal di Hapus</div></td><td align="right"><img src="images/warning.gif" border="0"></td></tr></table></div>';
$content .= '<div class="border"><center><a href="admin.php?pilih=calendar&mod=yes">Back</a></center></div>';
}
break;
default:
$limit = 10;
if (empty($_GET['offset']) and !isset($_GET['offset'])) {
$offset = 0;
} else {
$offset = int_filter($_GET['offset']);
}
$query_add = '';
if (!empty($_GET['waktu'])) {
$query_add = "WHERE `waktu_mulai` LIKE '%" . cleantext($_GET['waktu']) . "%'";
}
$num = mysql_query("SELECT COUNT(id) as t FROM `tbl_kalender` {$query_add}");
$rows = mysql_fetch_row($num);
$jumlah = $rows[0];
mysql_free_result($num);
$a = new paging($limit);
// Pembagian halaman dimulai
if (!isset($_GET['pg'], $_GET['stg'])) {
$_GET['pg'] = 1;
$_GET['stg'] = 1;
}
$waktu_value = !isset($_GET['waktu']) ? date('Y-m-d') : $_GET['waktu'];
$content .= '<div class="border">';
$content .= '<form method="get" action="#">Waktu Mulai : <input type="text" name="waktu" value="' . $waktu_value . '" /> <input type="submit" name="submit_kal" value="cari" /><input type="hidden" name="pilih" value="calendar" /><input type="hidden" name="mod" value="yes" /><br />Format : YYYY-mm-dd / YYYY-mm / YYYY / mm-dd</form>';
$content .= '</div><br />';
$admin .= '<div class="border">';
$admin .= 'List Photo Lainnya: <b>
<a href=admin.php?pilih=photo&mod=yes&aksi=editperistiwa&id=' . $idperistiwa . '>
' . $judulperistiwa . '</a></b> - <a href=admin.php?pilih=photo&mod=yes&aksi=addphoto&id=' . $idperistiwa . '><b>Tambah Foto</b></a>';
$admin .= '<table><tr>';
$no = 0;
$s = mysql_query("SELECT * FROM `photo`where peristiwa='{$idperistiwa}' order by id asc");
$jumlah = mysql_num_rows($s);
if ($jumlah < 1) {
$admin .= "\n<img src='{$url_situs}/mod/photo/images/normal/photo-default.jpg'>";
} else {
while ($datas = mysql_fetch_array($s)) {
$idphoto = $datas['id'];
$gambars = $datas['gambar'];
$urutan = $no + 1;
$keterangan = cleantext($datas['keterangan']);
$editphoto = '<a href=admin.php?pilih=photo&mod=yes&aksi=editphoto&id=' . $idphoto . '><img src="images/edit.gif"></a>';
$deletephoto = '<a href=admin.php?pilih=photo&mod=yes&aksi=delphoto&id=' . $idphoto . '><img src="images/delete.gif"></a>';
$admin .= '<td align="left" style="border:1px solid #dddddd;">
<a href="' . $url_situs . '/mod/photo/images/normal/' . $gambars . '" onclick="return hs.expand(this)">
<img src="' . $url_situs . '/mod/photo/images/normal/' . $gambars . '" alt="" border="0" width="150px"height="auto"title="' . $keterangan . '"></a><br>
<table width="100%"><tr><td align="center">
' . $editphoto . '
</td><td align="center">
' . $deletephoto . '
</td></tr></table>
</td>';
if ($urutan % 6 == 0) {
$admin .= '</tr></tr>';
}
$no++;
$admin .= '<label class="col-sm-2 control-label">';
$admin .= '</label>';
$admin .= '<input type="submit" name="submit" value="Simpan" class="btn btn-success" />';
$admin .= '</div></div>';
$admin .= '</form></div>';
$admin .= '</section>';
}
break;
case 'add':
if (isset($_POST['submit'])) {
define("GIS_GIF", 1);
define("GIS_JPG", 2);
define("GIS_PNG", 3);
define("GIS_SWF", 4);
include "includes/hft_image.php";
$judul = cleantext($_POST['judul']);
$konten = hapuspetik($_POST['konten']);
$seftitle = AuraCMSSEO($judul);
$error = '';
if (empty($judul)) {
$error .= '- Error: Judul harus Diisi<br />';
}
if ($error != '') {
$admin .= '<div class="alert alert-warning fade in">
<button data-dismiss="alert" class="close close-sm" type="button">
<i class="icon-remove"></i>
</button>
<strong>Error !</strong> <br>' . $error . '.
</div>';
} else {
$files = $_FILES['gambar']['name'];
}
}
fclose($fp);
// add 1 to max id to get new id
$id++;
if ($zeilen) {
if (strlen($id) == 1) {
$id = '00' . $id;
}
if (strlen($id) == 2) {
$id = '0' . $id;
}
} else {
$id = 1;
}
$_POST['user'] = cleantext($_POST['user']);
$_POST['pwd'] = crypt($_POST['pwd'], 'lala');
$nl = chr(13) . chr(10);
$fp = fopen($datafile, "w+");
flock($fp, 2);
fwrite($fp, '<?php' . $nl);
fwrite($fp, '/*' . $nl);
for ($i = 2; $i < $zeilen - 2; $i++) {
fwrite($fp, $zeile[$i]);
}
fwrite($fp, my_nl2br(implode(array($_POST['user'], $_POST['level'], $_POST['pwd'], $id, ''), '§')) . $nl);
fwrite($fp, '*/' . $nl);
fwrite($fp, '?>');
flock($fp, 3);
fclose($fp);
echo '<br />
$hits = $hits + 1;
$tengah .= '<br><br><h4 class="katphoto">' . $judulnya . '</h4>';
$tanggal = datetimes($data['tgl']);
$tengah .= '<div class="border"><span class="date">' . $tanggal . '</span></div>';
$tengah .= '<div class="border"><table>
<tr><td>' . $gambar . '</td></tr>
<tr><td>' . $konten . '</td></tr></table></div>';
$no = 0;
$query = $koneksi_db->sql_query("SELECT * FROM video_peristiwa WHERE id!= {$idperistiwa} order by id desc limit 3");
$jumlah = $koneksi_db->sql_numrows($query);
$tengah .= '<h4 class="katphoto">Video Lainnya</h4>';
$tengah .= '<table border="0" cellpadding="0" cellspacing="5"><tr align="left">';
while ($data2 = $koneksi_db->sql_fetchrow($query)) {
$urutan = $no + 1;
$idperistiwa = $data2['id'];
$judulnya = cleantext($data2['judul']);
$konten = $data2['konten'];
$link = $data2['link'];
$gambar2 = '
<img src="http://img.youtube.com/vi/' . $link . '/mqdefault.jpg"/>';
$tengah .= '<td valign="top">
<div class="imgkatalog"><a href="detailvideo-' . AuraCMSSEO($judulnya) . '.html">' . $gambar2 . '<br>' . $judulnya . '</a></div>
</td>';
if ($urutan % 3 == 0) {
$tengah .= '</tr>';
}
$no++;
}
$tengah .= '</table>';
//end if empty
}
$hasil = $koneksi_db->sql_query("UPDATE artikel SET judul='{$judul}', konten='{$konten}', seftitle='{$seftitle}', topik='{$topik}', tags='{$tags}',gambar='{$namagambar}',tgl='{$tgl}',caption='{$caption}' WHERE id='{$id}'");
if ($hasil) {
$admin .= '<div class="sukses">Berhasil memasukkan berita dg judul <u>' . stripslashes($_POST['judul']) . ' </u></div>';
header("location:?pilih=news&mod=yes&aksi=editnews&id={$id}");
exit;
}
} else {
$seftitle = AuraCMSSEO($judul);
$jumlah = '';
$total = $koneksi_db->sql_query("SELECT * FROM artikel WHERE seftitle like '%{$seftitle}%'");
$jumlah = $koneksi_db->sql_numrows($total);
if ($jumlah) {
$seftitle = $seftitle . $jumlah;
}
// $topik = $_POST['topik'];
$tags = cleantext($_POST['tags']);
$tot = $_POST['tot'];
$ppil = '';
for ($i = 1; $i <= $tot; $i++) {
$pil = $_POST['pil' . $i];
if ($pil != "") {
$ppil .= $pil . ",";
}
}
$ppil = substr_replace($ppil, "", -1, 1);
// $topik = $_POST['topik'];
$topik = $ppil;
//masukkan data
$hasil = $koneksi_db->sql_query("UPDATE artikel SET judul='{$judul}', konten='{$konten}', seftitle='{$seftitle}', topik='{$topik}', tags='{$tags}',tgl='{$tgl}',caption='{$caption}' WHERE id='{$id}'");
if ($hasil) {
$admin .= '<div class="sukses">Berhasil memasukkan berita dg judul <u>' . stripslashes($_POST['judul']) . ' </u></div>';
function BersihkanData($v)
{
return sensor(cleantext($v));
}
$admin .= '<div class="error">' . $error . '</div>';
} else {
$up = mysql_query("UPDATE `useraura` SET `level`='{$level}',`tipe`='{$tipe}',`email`='{$email}' WHERE `UserId`='{$id}' AND `user`!='admin'");
$admin .= '<div class="sukses">Data Berhasil Diupdate Dengan ID = ' . $id . '</div>';
}
}
######################################
# Tambah User
######################################
if ($_GET['aksi'] == 'tambah_user') {
if (isset($_POST['add_users'])) {
$user = cleantext($_POST['user']);
$level = cleantext($_POST['level']);
$tipe = cleantext($_POST['tipe']);
$password = cleantext($_POST['password']);
$email = cleantext($_POST['email']);
if (empty($_POST['user'])) {
$error .= "Error: Formulir user belum diisi , silahkan ulangi.<br />";
}
if (empty($_POST['email'])) {
$error .= "Error: Formulir email belum diisi , silahkan ulangi.<br />";
}
if (empty($_POST['password'])) {
$error .= "Error: Formulir Password belum diisi , silahkan ulangi.<br />";
}
if (!$user || preg_match("/[^a-zA-Z0-9_-]/", $user)) {
$error .= "Error: Karakter Username tidak diizinkan kecuali a-z,A-Z,0-9,-, dan _<br />";
}
if (strlen($user) > 20) {
$error .= "Username Terlalu Panjang Maksimal 20 Karakter<br />";
}
function csvProdTexts($new = 'no', $newarray = '', $folder = '')
{
$csv_file = '"PRODUCT_ID";"LANGUAGE_ID";"NAME";"DESCRIPTION";"TAG";"META_TITLE";"META_DESCRIPTION";"META_KEYWORD";"SPECIFICATION"' . "\r\n";
if ($new == 'yes') {
$query = $this->db->query("SELECT product_id, full_product_name, overview, specification, meta_keyword, meta_description FROM cv_products WHERE product_id IN ({$newarray})");
} else {
$query = $this->db->query("SELECT product_id, full_product_name, overview, specification, meta_keyword, meta_description FROM cv_products");
}
if ($query->num_rows() > 0) {
foreach ($query->result() as $row) {
$csv_file .= '"' . $row->product_id . '";"1";"' . cleantitle($row->full_product_name) . '";"' . cleantext(removebaflk($row->overview)) . '";"";"Buy cheap online at discounted prices ' . cleantitle($row->full_product_name) . '";"Buy online chinese ' . cleantext($row->meta_description) . '";"' . cleantext($row->meta_keyword) . '";"' . cleantext(removebaflk($row->specification)) . '"' . "\r\n";
}
// $csv_file .= 'FINISH'."\r\n";
$file_name = 'oc__product_description.csv';
$file_path = $_SERVER["DOCUMENT_ROOT"] . '/upload/opencart/' . $folder;
$file_path_name = $file_path . $file_name;
array_map("unlink", glob($_SERVER["DOCUMENT_ROOT"] . "/upload/opencart/*.csv"));
$file = fopen($file_path_name, "w");
fwrite($file, trim($csv_file));
fclose($file);
return $file_name;
}
}
if ($_POST['kode'] != $_SESSION['Var_session'] or !isset($_SESSION['Var_session'])) {
$error .= 'Error: Security Code not Match<br \\>';
}
if (time() < @$_SESSION['posted_link']) {
$selisih = @$_SESSION['posted_link'] - time();
$error .= "Please Wait " . (int) date('i', $selisih) . " Menit, " . date('s', $selisih) . " detik";
}
if ($error != '') {
$open['error'] = true;
$open['pesanError'] = $error;
} else {
$open['error'] = false;
$judul = cleantext($_POST['judul']);
$url = cleantext($_POST['url']);
$kategori = cleantext($_POST['kategori']);
$keterangan = cleantext($_POST['keterangan']);
//is_valid_email
if (validate_url($url)) {
$url = 'http://' . eregi_replace('http://', '', $url);
} else {
$url = '';
}
$query = mysql_query("INSERT INTO `mod_link` (`judul`,`url`,`kid`,`keterangan`,`public`,`date`) VALUES ('{$judul}','{$url}','{$kategori}','{$keterangan}',0,'" . time() . "')");
if ($query) {
$open['error'] = false;
$open['pesanError'] = '';
session_register('posted_link');
$_SESSION['posted_link'] = time() + 60 * 10;
} else {
$open['error'] = true;
$open['pesanError'] = 'Gagal Memasukkan Data Kedalam Database';
/**
* New page
*
* New page description
*
* @access public
* @param none
* @return redirect
* @route n/a
*/
function parse_earned_palladium($message)
{
if (is_numeric($message)) {
$palladium = ceil($message / 30);
if ($palladium > 20) {
$palladium = 20;
}
// Max gold amount cap
if ($palladium < 1) {
$palladium = 1;
}
// Min gold amount cap
return $palladium;
} else {
$palladium = ceil(cleantext($message) / 30);
if ($palladium > 20) {
$palladium = 20;
}
// Max gold amount cap
if ($palladium < 1) {
$palladium = 1;
}
// Min gold amount cap
return $palladium;
}
}
exit;
} else{
$admin .='<legend>KOSONGKAN TABEL</legend>';
$admin .= '<div class="border2">
<table width="25%"><tr align="center">
<td>
<a href="admin.php?pilih=kosongkan&mod=yes&aksi=transaksi">TRANSAKSI</a>
</td>
<td>
<a href="admin.php?pilih=kosongkan&mod=yes&aksi=stokawal">STOK AWAL</a>
</td>
</tr></table>
</div>';
if ($_GET['aksi'] == 'transaksi'){
if(isset($_POST['submit'])){
$tabel = cleantext($_POST['tabel']);
if ($error){
$admin.='<div class="error">'.$error.'</div>';
}else{
$query = $koneksi_db->sql_query ("TRUNCATE TABLE $tabel");
$admin .= '<div class="sukses">Berhasil menghapus tabel '.$tabel.'</div>';
}
}
$admin .= '<div class="panel panel-info">
<div class="panel-heading"><h3 class="panel-title">Kosongkan Transaksi</h3></div>';
$admin.='<div class="border">';
$admin.='<form method="post" action="#">
<table width="100%" border="0" cellspacing="0" cellpadding="0">';
$sel2 = '<select name="tabel" class="form-control">';
$arr2 = array ('pos_po','pos_podetail','pos_popenjualan','pos_popenjualandetail','pos_pembelian','pos_pembeliandetail','pos_pembelianretur','pos_pembelianreturdetail','pos_penjualan','pos_penjualanbiaya','pos_penjualanbiayadetail','pos_penjualandetail','pos_penjualanjasa','pos_penjualanjasadetail','pos_penjualanretur','pos_penjualanreturdetail');
}
$zeile = file($catfile);
$zeilen = sizeof($zeile);
$eintrag = explode("§", $zeile[$zeilen - 1]);
$id = $eintrag[0] + 1;
if ($zeilen) {
if (strlen($id) == 1) {
$id = '00' . $id;
}
if (strlen($id) == 2) {
$id = '0' . $id;
}
} else {
$id = 1;
}
$_POST['name'] = cleantext($_POST['name']);
if ($_FILES['file']['name'] != '') {
/* Datei-Upload */
$dir = "../catpics/";
// chmod 777!
if ($_FILES['file']['size'] > $maxsize) {
echo 'Die Datei ' . $_FILES['file']['name'] . ' ist zu gross! <br /><br />';
drawfooter($version);
exit;
}
if (move_uploaded_file($_FILES['file']['tmp_name'], $dir . $_FILES['file']['name'])) {
echo $_FILES['file']['name'] . ' wurde hochgeladen!<br />';
$upflname = $_FILES['file']['name'];
} else {
echo 'Fehler! Die Datei konnte nicht hochgeladen werden!<br /><br />';
drawfooter($version);
///// fungsi hightlight
//////////////////////////////////////////////////////////////////////////////////////////////////////////
$highlight = $search;
if (isset($search)) {
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($search))));
$highlight_match = '';
for ($i = 0; $i < sizeof($words); $i++) {
if (trim($words[$i]) != '') {
$highlight_match .= ($highlight_match != '' ? '|' : '') . str_replace('*', '\\w*', phpbb_preg_quote($words[$i], '#'));
}
}
unset($words);
}
$JUDUL = $row['judul'];
$KETERANGAN = cleantext($row['keterangan']);
$URL = $row['url'];
$ID = $row['id'];
$DATE = transCAL($row['date'], 'id', true);
$HIT = $row['hit'];
$kid = $row['kid'];
$JUDUL = str_replace('\\"', '"', substr(preg_replace('#(\\>(((?>([^><]+|(?R)))*)\\<))#se', "preg_replace('#(" . $highlight_match . ")#i', '<span class=\\'pencarian\\'>\\\\1</span>', '\\0')", '>' . $JUDUL . '<'), 1, -1));
$KETERANGAN = str_replace('\\"', '"', substr(preg_replace('#(\\>(((?>([^><]+|(?R)))*)\\<))#se', "preg_replace('#(" . $highlight_match . ")#i', '<span class=\\'pencarian\\'>\\\\1</span>', '\\0')", '>' . $KETERANGAN . '<'), 1, -1));
$dl .= '<input type="hidden" name="judul_array[]" value="' . $JUDUL . '" />';
$dl .= "<input type=\"checkbox\" name=\"links[]\" value=\"{$ID}\" style=\"border:none\" /> <b><a href='{$URL}' title='{$URL}' target='_blank'>{$JUDUL}</a></b>" . cek_baru_links($ID, $CONFIG['new_update'], 'id', $GLOBALS['tabel']['link']) . "\n<br />{$KETERANGAN}<br />\n<b>Added on:</b> {$DATE} <b>View:</b> {$HIT} <br /><br />\n";
}
mysql_free_result($hasil4);
$dl .= '<br /><a href="javascript:checkall(\'links\', \'links[]\')" title=\'Select All\'>Check All</a> ';
$dl .= '
<input type="submit" name="edit_form" value="Edit" /> <input type="submit" name="hapus_form" value="Hapus" />';
$admin .= '</table>';
}
if ($_GET['aksi'] == 'hapushint' && is_numeric($_GET['id'])) {
$id = int_filter($_GET['id']);
$hapus = mysql_query("DELETE FROM `hint` WHERE `id`='{$id}'");
if ($hapus) {
$admin .= '<div class="sukses">Data Berhasil Dihapus Dengan ID = ' . $id . '</div>';
$admin .= '<meta http-equiv="refresh" content="3; url=admin.php?pilih=admin_users&aksi=hint">';
} else {
$admin .= '<div class="error">Data Gagal dihapus Dengan ID = ' . $id . '</div>';
$admin .= '<meta http-equiv="refresh" content="3; url=admin.php?pilih=admin_users&aksi=hint">';
}
}
if ($_GET['aksi'] == 'addhint') {
if (isset($_POST['add_hint'])) {
$hint = cleantext($_POST['hint']);
if (empty($_POST['hint'])) {
$error .= "Error: Formulir hint belum diisi , silahkan ulangi.<br />";
}
if ($error) {
$admin .= '<div class="error">' . $error . '</div>';
} else {
$query = mysql_query("INSERT INTO `hint` (`hint`) VALUES ('{$hint}')");
$admin .= '<div class="sukses">Data Hint Berhasil di Add</div>';
$admin .= '<meta http-equiv="refresh" content="3; url=admin.php?pilih=admin_users&aksi=hint">';
}
}
$admin .= '<div class="border"><b>Add Hint</b></div>';
$admin .= '<div class="border">';
$admin .= "<form method='post' action='#'>\n<table cellspacing=\"3\" cellpadding=\"1\" style='width:100%'>\n <tr>\n <td valign='top'>Hint </td>\n <td width='1%' valign='top'>:</td>\n <td valign='top'><input type='text' name='hint' size='30' /></td>\n </tr> ";
$admin .= "<tr>\n\t<td> </td>\n <td width='1%'> </td>\n <td ><input type='submit' value='Add' name='add_hint' /></td>\n </tr>\n</table></form>";
<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td><form method="post" action=""> <table width="100%" border="0" cellspacing="4" cellpadding="0"> <tr> <td colspan="3"><strong>Sign up</strong></td> </tr> <tr> <td>Username</td> <td>:</td> <td><input name="username" type="text" size="30" value="' . cleantext(stripslashes(@$_POST['username'])) . '" required /></td> </tr> <tr> <td>E-mail</td> <td>:</td> <td><input name="email" type="text" size="30" value="' . cleantext(stripslashes(@$_POST['email'])) . '" required /></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" size="30" required /></td> </tr> <tr> <td>ReType Password</td> <td>:</td> <td><input name="rpassword" type="password" size="30" required /></td> </tr> <tr> <td>Nama</td> <td>:</td> <td><input name="nama" type="text" size="30" value="' . $_POST['nama'] . '" required /></td>
if ($widgetpenulis == 2) {
$tengah .= '<h4 class="bg">Tentang Penulis</h4>';
$hasil = $koneksi_db->sql_query("SELECT * FROM useraura where user='******'");
$data = $koneksi_db->sql_fetchrow($hasil);
$user = $data['user'];
$biodata = $data['biodata'];
$avatar = '<img src="mod/profile/images/' . $data['avatar'] . '">';
$avatar = $data['avatar'] == '' ? '' : '<div style="float:left; padding:3px; border:1px solid #cccccc; background:#f2f2f2; margin-right:10px;"><img src="mod/profile/images/' . $data['avatar'] . '" width="50" border="0" alt="' . $user . '" /></div>';
$tengah .= '<div class="border"><table><tr><td>' . $avatar . '' . $biodata . '</td></tr></table></div>';
}
////////////Komentar////////////////////////////////////
if ($widgetkomentar == 2) {
// Komentar Berita
if ($_POST['submit'] == 'comment') {
$nama = cleantext(hapuspetik($_POST['nama']));
$kontenkomentar = cleantext(hapuspetik($_POST['kontenkomentar']));
$emailkomentar = $_POST['emailkomentar'];
$tgl = date('Y-m-d');
$artikelid = $_POST['artikelid'];
$ip = getenv("REMOTE_ADDR");
checkemail($emailkomentar);
$gfx_check = $_POST['gfx_check'];
if ($gfx_check != $_SESSION['Var_session'] or !isset($_SESSION['Var_session'])) {
$error .= "Error: Security Code Invalid<br />";
}
if (!$nama) {
$error .= "Error: Silahkan isi Namanya<br />";
}
if (!$emailkomentar) {
$error .= "Error: Silahkan isi Emailnya<br />";
}
<?php
if (isset($_GET['id'])){
if ($_SESSION['LevelAkses'] == 'User'){
$open['error'] = true;
$open['errorpesan'] = 'Tidak Diizinkan';
$j = new JSON_obj();
echo $j->encode($open);
exit;
}
$open['error'] = false;
$open['errorpesan'] = '';
$id = $_GET['id'];
$topik = cleantext(rawurldecode($_POST['topik']));
$ket = cleantext(rawurldecode($_POST['ket']));
$update = mysql_query ("UPDATE `topik` SET `topik`='$topik',`ket`='$ket' WHERE `id` = '$id'");
if (!$update){
$open['error'] = true;
$open['errorpesan'] = 'Error: '.mysql_error();
}
$j = new JSON_obj();
echo $j->encode($open);
}
break;
case 'delTopik':
if (isset($_GET['id'])){
}
if (cek_posted('shoutbox')) {
$error .= '<li>Anda Sudah Memposting, Tunggu beberapa Menit Lagi</li>';
}
if (!empty($_POST['nama']) && !empty($_POST['yousay']) && preg_match('/^[._a-z0-9-]+[._a-z0-9- ]+$/i', $_POST['nama']) && $kkode == false && !cek_posted('shoutbox')) {
global $koneksi_db, $maxadmindata;
$ip_adr = cleartext(@$_SERVER["HTTP_X_FORWARDED_FOR"]);
if (@$_SERVER["HTTP_X_FORWARDED_FOR"] == '') {
$ip_adr = @$_SERVER["REMOTE_ADDR"];
}
$agent_Usr = cleartext(@$_SERVER["HTTP_USER_AGENT"]);
$ket = "{$ip_adr}|{$agent_Usr}";
$DatE = tanggal_simpan_shoutbox();
$name = cleantext($_POST['nama']);
$email = cleantext($_POST['email']);
$yousay = cleantext($_POST['yousay']);
$tglnow = date("Y-m-d");
$tgl = !isset($tgl) ? $tglnow : $tgl;
$valid_mail = "^([._a-z0-9-]+[._a-z0-9-]*)@(([a-z0-9-]+\\.)*([a-z0-9-]+)(\\.[a-z]{2,3}))\$";
if (!preg_match($valid_mail, $email)) {
$email = '';
}
$perintah1 = "INSERT INTO shoutbox (waktu, nama, email, isi, ket,tgl) VALUES ('{$DatE}', '{$name}', '{$email}', '{$yousay}', '{$ket}', '{$tgl}')";
$hasil = @mysql_query($perintah1);
if ($hasil) {
posted('shoutbox');
@header("location: shoutbox.php");
exit;
}
} else {
echo '
}
if ($error) {
$admin .= '<div class="error">' . $error . '</div>';
} else {
$up = mysql_query("UPDATE `useraura` SET `level`='{$level}',`tipe`='{$tipe}',`email`='{$email}',`password`=md5('{$password}') WHERE `UserId`='{$id}' AND `user`!='admin'");
$admin .= '<div class="sukses">Data Berhasil Diupdate Dengan ID = ' . $id . '</div>';
}
}
if ($_GET['aksi'] == 'add') {
if (isset($_POST['submit'])) {
$user = cleantext($_POST['user']);
$level = cleantext($_POST['level']);
$tipe = cleantext($_POST['tipe']);
$password = cleantext($_POST['password']);
$email = cleantext($_POST['email']);
$nama = cleantext($_POST['nama']);
if (empty($_POST['user'])) {
$error .= "Error: Formulir user belum diisi , silahkan ulangi.<br />";
}
//if (empty($_POST['email'])) $error .= "Error: Formulir email belum diisi , silahkan ulangi.<br />";
if (empty($_POST['password'])) {
$error .= "Error: Formulir Password belum diisi , silahkan ulangi.<br />";
}
if (!$user || preg_match("/[^a-zA-Z0-9_-]/", $user)) {
$error .= "Error: Karakter Username tidak diizinkan kecuali a-z,A-Z,0-9,-, dan _<br />";
}
if (strlen($user) > 10) {
$error .= "Username Terlalu Panjang Maksimal 10 Karakter<br />";
}
if (strrpos($user, " ") > 0) {
$error .= "Username Tidak Boleh Menggunakan Spasi";
if ($update) {
$open['error'] = false;
$open['errorpesan'] = '';
} else {
$open['error'] = true;
$open['errorpesan'] = mysql_error();
}
$cek = mysql_query("SELECT `keterangan` FROM `mod_cat_download` WHERE `kid` = '{$id}'");
$data = mysql_fetch_assoc($cek);
$open['keterangan'] = $data['keterangan'];
$j = new JSON_obj();
echo $j->encode($open);
break;
case 'editkat':
$id = $_GET['id'];
$desc = cleantext($_POST['desc']);
$update = mysql_query("UPDATE `mod_cat_download` SET `kategori` = '{$desc}' WHERE `kid` = '{$id}'");
if ($update) {
$open['error'] = false;
$open['errorpesan'] = '';
} else {
$open['error'] = true;
$open['errorpesan'] = mysql_error();
}
$cek = mysql_query("SELECT `kategori` FROM `mod_cat_download` WHERE `kid` = '{$id}'");
$data = mysql_fetch_assoc($cek);
$open['keterangan'] = $data['kategori'];
$j = new JSON_obj();
echo $j->encode($open);
break;
case 'broken':
}
if (strlen($id) == 3) {
$id = "0000" . $id;
}
if (strlen($id) == 4) {
$id = "000" . $id;
}
if (strlen($id) == 5) {
$id = "00" . $id;
}
if (strlen($id) == 6) {
$id = "0" . $id;
}
} else {
$id = 1;
}
$_POST['name'] = cleantext($_POST['name'], 1);
$_POST['email'] = cleantext($_POST['email'], 1);
$_POST['comment'] = cleantext($_POST['comment']);
$datum = time();
$nl = chr(13) . chr(10);
$fp = fopen($cf, "a");
flock($fp, 2);
fwrite($fp, my_nl2br(implode(array($id, $_POST['commentid'], $_POST['comment'], $_POST['name'], $_POST['email'], $datum), "§")) . $nl);
flock($fp, 3);
fclose($fp);
echo '<br /><br /><br /><div align="center">Dein Kommentar wurde erfolgreich eingetragen. Du wirst in 3 Sekunden weitergeleitet.<br /><a href="' . $_POST['backurl'] . '">Wenn Du nicht länger warten willst, klicke hier</a>.</div>';
echo '<meta http-equiv="refresh" content="3; URL=' . $_POST['backurl'] . '">';
}
}
#########################################
}
}
// Additional security (Union, CLike, XSS)
if (isset($_SERVER['QUERY_STRING']) && !stripos_clone($_SERVER['QUERY_STRING'], "ad_click")) {
$queryString = $_SERVER['QUERY_STRING'];
if (stripos_clone($queryString, '%20union%20') or stripos_clone($queryString, '/*') or stripos_clone($queryString, '*/union/*') or stripos_clone($queryString, 'c2nyaxb0') or stripos_clone($queryString, '+union+') or stripos_clone($queryString, 'cmd=') and !stripos_clone($queryString, '&cmd') or stripos_clone($queryString, 'exec') and !stripos_clone($queryString, 'execu') or stripos_clone($queryString, 'concat')) {
die('Illegal Operation');
}
}
function cek_situs()
{
global $publishwebsite, $koneksi_db;
if ($publishwebsite != '1') {
$query = $koneksi_db->sql_query("SELECT * FROM widget_uc WHERE id='{$publishwebsite}'");
$data = $koneksi_db->sql_fetchrow($query);
$uc = $data[2];
die("\r<div align=center>\r{$uc}\r</div>");
}
}
function forgot_login()
{
global $UserName, $Expire, $koneksi_db;
$user = cleantext($_POST['user']);
$email = cleantext($_POST['email']);
$hint = cleantext($_POST['hint']);
$hintjawab = cleantext($_POST['hintjawab']);
$query = $koneksi_db->sql_query("SELECT * FROM pos_useraura WHERE user='******' and email='{$email}' and hint='{$hint}' and hintjawab='{$hintjawab}' AND tipe='aktif'");
$total = $koneksi_db->sql_numrows($query);
$data = $koneksi_db->sql_fetchrow($query);
$koneksi_db->sql_freeresult($query);
#########################################
#########################################
# Editierten Comment speichern #
#########################################
if ($_GET['go'] == 'savecomment') {
$zeile = file($cf);
$zeilen = sizeof($zeile);
for ($i = 0; $i < $zeilen; $i++) {
$eintrag = explode('§', $zeile[$i]);
if ($eintrag[0] == $_POST['nr']) {
$eintrag[2] = unspecialchars($_POST['comment']);
$eintrag[2] = cleantext($_POST['comment']);
$eintrag[3] = unspecialchars($_POST['author']);
$eintrag[3] = cleantext($_POST['author']);
$eintrag[4] = unspecialchars($_POST['email']);
$eintrag[4] = cleantext($_POST['email']);
}
$zeile[$i] = implode($eintrag, "§");
}
$fp = fopen($cf, "w+");
flock($fp, 2);
for ($i = 0; $i < $zeilen; $i++) {
fwrite($fp, $zeile[$i]);
}
flock($fp, 3);
fclose($fp);
echo 'Comment gespeichert!';
}
#########################################
#########################################
# Eintrag löschen #
