if ($auto == 0) { if ($_SESSION['USER_LEVEL'] == 1 or $_SESSION['USER_LEVEL'] == 2) { $auto = 1; } else { $auto = null; } } $no = null; $_POST['web'] = str_replace("<", "<", $_POST['web']); $_POST['web'] = str_replace(">", ">", $_POST['web']); $_POST['web'] = str_replace(" ", "", $_POST['web']); $_POST['web'] = str_replace(" ", "", $_POST['web']); $text = htmlentities($_POST['com']); $parent = 1; $apps = app_param(); $com = $db->insert(FDBPrefix . 'comment', array("", "{$link}", $_SESSION['USER_ID'], "{$_POST['name']}", "{$_POST['email']}", "{$_POST['web']}", date("Y-m-d H:i:s", time()), "{$text}", "{$auto}", "{$apps}", "{$parent}", "{$parent}", "{$parent}")); if ($com and $auto) { $notice = alert("info", comment_Notice_Info, true); } else { $notice = alert("info", comment_Notice_Info2, true); } if (empty($no)) { $no = 1; } //Comment will appear after page reload $link = "{$go_link}#comment-{$no}"; } } } else { $notice = alert("error", comment_Notice_Error5, true); }
$mod = explode("--", $file); $go = null; foreach ($mod as $val) { $val = str_replace("db_prefix_", FDBPrefix, $val); $val = str_replace("_site_title", "{$_POST['site']}", $val); $val = str_replace("_site_desc", "{$_POST['desc']}", $val); $go = $db->query("{$val}"); } fclose($open_file); } if ($go) { notice('success', "SQL Query successfully!", 3); refresh(); } if (preg_match('/^.+@.+\\..+$/', $_POST['email'])) { $qr = $db->insert(FDBPrefix . 'user', array("", "{$_POST['username']}", "Administrator", MD5("{$_POST['userpass']}"), "{$_POST['email']}", "1", "1", date('Y-m-d H:i:s'), date('Y-m-d H:i:s'), "")); if ($qr) { $_SESSION['user'] = "******"; $_SESSION['host'] = ""; $_SESSION['success'] = 1; } } else { notice('error', "Email or User are invalid!", 2); } } else { notice('error', "Please fill the fields correctly!", 2); } } if (isset($_POST['admin'])) { session_destroy(); rename("_config.php", "config.php");
} else { notice('error', Status_Fail); } } } else { notice('error', Status_Invalid); } } /****************************************/ /* Add New contact */ /****************************************/ if (isset($_POST['save_add']) or isset($_POST['apply_add'])) { $db = new FQuery(); $db->connect(); if (!empty($_POST['name']) and !empty($_POST['gender']) and !empty($_POST['group'])) { $qr = $db->insert(FDBPrefix . 'contact', array("", "{$_POST['name']}", "{$_POST['gender']}", "{$_POST['email']}", "{$_POST['address']}", "{$_POST['city']}", "{$_POST['state']}", "{$_POST['country']}", "{$_POST['zip']}", "{$_POST['phone']}", "{$_POST['fax']}", "{$_POST['job']}", "{$_POST['photo']}", "{$_POST['web']}", "{$_POST['ym']}", "{$_POST['fb']}", "{$_POST['tw']}", "{$_POST['desc']}", "{$_POST['group']}", 1)); if ($qr and isset($_POST['apply_add'])) { $sql = $db->select(FDBPrefix . 'contact', 'id', '', 'id DESC'); $qr = mysql_fetch_array($sql); notice('success', Contact_Saved); redirect('?app=contact&act=edit&id=' . $qr['id'], 2); } elseif ($qr and isset($_POST['save_add'])) { notice('success', Contact_Saved); redirect('?app=contact', 2); } else { notice('error', Status_Fail); } } else { notice('error', Status_Invalid); } }
if (!empty($_POST['name']) and !empty($_POST['cat']) and !empty($_POST['apps']) and !empty($_POST['link'])) { $param = ''; // first value from $param if (isset($_POST['totalParam'])) { for ($p = 1; $p <= $_POST['totalParam']; $p++) { if ($p != $_POST['totalParam']) { @($param = $param . $_POST["nameParam{$p}"] . "=" . $_POST['param' . $p] . ';\\n'); } else { @($param = $param . $_POST['param' . $p]); } } } @($param = str_replace('"', "'", "{$_POST['editor']}")); @($parameter .= $param); $param = str_replace('"', "'", $param); $qr = $db->insert(FDBPrefix . 'menu', array("", "{$_POST['cat']}", "{$_POST['name']}", "{$_POST['link']}", "{$_POST['apps']}", "{$_POST['parent_id']}", "{$_POST['status']}", "{$_POST['short']}", "{$_POST['level']}", "0", "{$_POST['title']}", "{$_POST['show_title']}", "{$_POST['sub_name']}", "{$_POST['class']}", "{$_POST['style']}", "{$parameter}", "")); if ($qr and isset($_POST['apply_add'])) { $sql = $db->select(FDBPrefix . 'menu', 'id', '', 'id DESC'); $qr = mysql_fetch_array($sql); notice('success', Menu_Saved, 2); redirect('?app=menu&view=edit&id=' . $qr['id']); } elseif ($qr and isset($_POST['save_add'])) { notice('success', Menu_Saved, 2); redirect('?app=menu'); } else { notice('error', Status_Invalid); } } else { notice('error', Status_Invalid); } }
if (@multipleSelect($pars)) { @($pars = multipleSelect($pars)); } else { @($pars = $pars); } @($param .= $_POST["nameParam{$p}"] . "=" . $pars . ';\\n'); } } $page = @$_POST['page']; $page = @multipleSelect($page); @($parameter = str_replace('"', "'", "{$_POST['editor']}")); @($parameter = $parameter . $param); if (checkLocalhost()) { $parameter = str_replace(FLocal . "media/", "media/", $parameter); } $qr = $db->insert(FDBPrefix . 'module', array("", "{$_POST['title']}", "{$_POST['folder']}", "{$_POST['position']}", "{$_POST['short']}", "{$_POST['level']}", "{$_POST['status']}", "{$page}", "{$parameter}", "{$_POST['class']}", "{$_POST['style']}", "{$_POST['show_title']}")); if ($qr and isset($_POST['apply_add'])) { $db = new FQuery(); $db->connect(); $sql = $db->select(FDBPrefix . 'module', 'id', '', 'id DESC'); $qr = mysql_fetch_array($sql); $_SESSION['NOTICE'] = alert('success', New_Module_Saved); redirect('?app=module&act=edit&id=' . $qr['id']); } elseif ($qr and isset($_POST['save_add'])) { alert('success', New_Module_Saved, 0, 0, 'NOTICE_REF'); if ($qr) { redirect('?app=module', 1); } } else { $_SESSION['NOTICE_ADD'] = alert('error', Status_Invalid, 0, 0, 'NOTICE'); }
* @copyright Copyright (C) 2014 Fiyo CMS. * @license GNU/GPL, see LICENSE. **/ if (!isset($_POST['user'])) { die('Access Denied!'); } session_start(); define('_FINDEX_', 1); require '../../../system/jscore.php'; $db = new FQuery(); $user = mysql_real_escape_string($_POST['user']); $sql = $db->select(FDBPrefix . "user", "*", "status=1 AND user='******' AND password='******'pass']) . "'"); $qr = mysql_fetch_array($sql); $jml = mysql_affected_rows(); if ($jml > 0) { $_SESSION['USER_ID'] = $qr['id']; $_SESSION['USER'] = $qr['user']; $_SESSION['USER_NAME'] = $qr['name']; $_SESSION['USER_EMAIL'] = $qr['email']; $_SESSION['USER_LEVEL'] = $qr['level']; $_SESSION['USER_LOG'] = $qr['time_log']; $time_log = date('Y-m-d H:i:s'); $db->update(FDBPrefix . 'user', array("time_log" => "{$time_log}"), "id={$qr['id']}"); $db->delete(FDBPrefix . "session_login", "user_id={$qr['id']}"); $qr = $db->insert(FDBPrefix . "session_login", array("{$qr['id']}", "{$qr['user']}", "{$qr['level']}", date('Y-m-d H:i:s'))); } if ($qr or !empty($_SESSION['USER_ID']) and $_SESSION['USER_LEVEL'] <= 3 and userInfo()) { echo "{ \"status\":\"1\" , \"alert\":\"" . alert('success', Login_Success) . "\"}"; } else { echo "{ \"status\":\"0\" , \"alert\":\"" . alert('error', Login_Error) . "\"}"; }
/** * @version 2.0 * @package Fiyo CMS * @copyright Copyright (C) 2014 Fiyo CMS. * @license GNU/GPL, see LICENSE. **/ defined('_FINDEX_') or die('Access Denied'); $db = new FQuery(); /****************************************/ /* Add category article */ /****************************************/ if (isset($_POST['save_category']) or isset($_POST['add_category'])) { if (!empty($_POST['name'])) { $_POST['name'] = str_replace('"', '', $_POST['name']); $_POST['name'] = str_replace("'", '', $_POST['name']); $qr = $db->insert(FDBPrefix . 'article_category', array("", "{$_POST['name']}", "{$_POST['parent_id']}", "{$_POST['desc']}", "{$_POST['keys']}", "{$_POST['level']}")); if ($qr and isset($_POST['add_category'])) { notice('success', Category_Added, 2); redirect('?app=article&view=category'); } else { if ($qr and isset($_POST['save_category'])) { $sql2 = $db->select(FDBPrefix . 'article_category', 'id', '', 'id DESC LIMIT 1'); notice('success', Category_Added, 2); $qrs = mysql_fetch_array($sql2); redirect("?app=article&view=category&act=edit&id={$qrs['id']}"); } else { $_SESSION['NOTICE_ERROR'] = alert('error', Status_Invalid); } } } else { $_SESSION['NOTICE_ERROR'] = alert('error', Status_Invalid);
function add_permalink($title, $cat = NULL, $pid = null, $ext = null, $next = null) { $page = _Page; if (!preg_match("/[0-9]/", $page)) { $page = null; } if (SEF_URL and !checkHomePage() and !$page) { $db = new FQuery(); $db->connect(); $eqpos = strpos($_SERVER['REQUEST_URI'], "="); $tapos = strpos($_SERVER['REQUEST_URI'], "?"); if ($eqpos > 0 and $tapos > 0 and empty($_GET['page'])) { $permalink = str_replace(" ", "-", strtolower($title)); if (app_param('app') == 'article' and app_param('view') == 'item') { while (substr_count($permalink, '/')) { $permalink = str_replace("/", "-", $permalink); } } $category = str_replace(" ", "-", strtolower($cat)); if (!empty($cat)) { $permalink = strtolower($category) . "/" . $permalink; } else { $permalink = $permalink; } while (substr_count($permalink, "[")) { $permalink = str_replace("[", "", $permalink); } while (substr_count($permalink, "]")) { $permalink = str_replace("]", "", $permalink); } while (substr_count($permalink, "(")) { $permalink = str_replace("(", "", $permalink); } while (substr_count($permalink, ")")) { $permalink = str_replace(")", "", $permalink); } while (substr_count($permalink, "{")) { $permalink = str_replace("{", "", $permalink); } while (substr_count($permalink, "}")) { $permalink = str_replace("}", "", $permalink); } while (substr_count($permalink, "&")) { $permalink = str_replace("&", "", $permalink); } while (substr_count($permalink, "&")) { $permalink = str_replace("&", "", $permalink); } /************ ? removal **************/ while (substr_count($permalink, "?")) { $permalink = str_replace("?", "", $permalink); } /************ + removal **************/ while (substr_count($permalink, "+")) { $permalink = str_replace("+", "", $permalink); } /************ # removal **************/ while (substr_count($permalink, "#")) { $permalink = str_replace("#", "", $permalink); } /************ & removal **************/ while (substr_count($permalink, "\\&")) { $permalink = str_replace("\\&", "", $permalink); } /************ . removal **************/ while (substr_count($permalink, ".")) { $permalink = str_replace(".", "-", $permalink); } /************ ! removal **************/ while (substr_count($permalink, "!")) { $permalink = str_replace("!", "", $permalink); } /************ ` removal **************/ while (substr_count($permalink, "`")) { $permalink = str_replace("`", "", $permalink); } /************ ' removal **************/ while (substr_count($permalink, "'")) { $permalink = str_replace("'", "", $permalink); } /************ " removal **************/ while (substr_count($permalink, "\"")) { $permalink = str_replace('"', "", $permalink); } /************ ; removal **************/ while (substr_count($permalink, ";")) { $permalink = str_replace(';', "", $permalink); } /************ " removal **************/ while (substr_count($permalink, '|')) { $permalink = str_replace('|', "", $permalink); } /************ % removal **************/ while (substr_count($permalink, '%')) { $permalink = str_replace('%', "", $permalink); } /************ * removal **************/ while (substr_count($permalink, '*')) { $permalink = str_replace('*', "", $permalink); } /************ ^ removal **************/ while (substr_count($permalink, '^')) { $permalink = str_replace('^', "", $permalink); } /************ \ removal **************/ while (substr_count($permalink, '\\')) { $permalink = str_replace("\\", "", $permalink); } /************ \ removal **************/ /************ , removal **************/ while (substr_count($permalink, ',')) { $permalink = str_replace(",", "", $permalink); } /************ $ removal **************/ while (substr_count($permalink, '$')) { $permalink = str_replace("\$", "", $permalink); } /************ @ removal **************/ while (substr_count($permalink, '@')) { $permalink = str_replace("@", "", $permalink); } while (substr_count($permalink, "--")) { $permalink = str_replace("--", "-", $permalink); } if (empty($pid)) { $pid = Page_ID; } $link = getLink(); if (!empty($category) and empty($ext)) { $permalink = $permalink . SEF_EXT; } else { if (!empty($ext)) { $ext = str_replace(".", "", $ext); $permalink = "{$permalink}.{$ext}"; } } if (check_permalink('link', $link)) { redirect(FUrl . $permalink); } else { if (!empty($permalink)) { if ($c = check_permalink('permalink', $permalink)) { $x = 2; $permalink = str_replace(SEF_EXT, "", $permalink); while ($c) { $p = "{$permalink}-{$x}"; $c = check_permalink('permalink', $p . SEF_EXT); $x++; } $permalink = $p . SEF_EXT; } if (!empty($permalink) and $permalink != "-" and !empty($link)) { $qr = $db->insert(FDBPrefix . 'permalink', array("", "{$link}", "{$permalink}", $pid, 1, 0)); } if (isset($qr)) { redirect(FUrl . $permalink); } } } } } }
$webmail = "noreply@{$domain}"; if ($activator == 0) { $pass = MD5($_POST['password']); $s = 0; } else { if ($activator == 1) { $pass = MD5($_POST['password']); $s = 1; } else { if ($activator == 2) { $pass = MD5($_POST['password']); $s = 0; } } } $qr = $db->insert(FDBPrefix . 'user', array("", "{$_POST['user']}", "{$_POST['user']}", $pass, "{$_POST['email']}", "{$s}", "{$group}", date('Y-m-d H:i:s'), date('Y-m-d H:i:s'), "{$key}")); if ($qr) { if ($activator == 2) { if ($siteLang == 'id') { $subject = "Aktifasi Akun Baru"; $message = "<p>Hi, {$_POST['user']},</p> \n\t\t\t\t\t\t<p>Terimakasih sudah bergabung bersama kami di {$siteName}.</p>\n\t\t\t\t\t\t<p>Kami perlu melakukan konfirmasi untuk mengaktifkan akun Anda.<br>Klik link berikut untuk mengaktifkan akun Anda. :</p>\n\t\t\t\t\t\t<p><a href='" . FUrl . "?{$keys}' {$btnClass}> Aktifasi Akun </a></p>\n\t\t\t\t\t\t<p>Jaga selalu data Anda dari segala sesuatu yang tidak diinginkan.<br>Terimakasih.</p>\n\t\t\t\t\t\t<p> </p>\n\t\t\t\t\t\t<p><b>{$siteName}.</b><br>\n\t\t\t\t\t\t" . FUrl . "</p>"; } else { $subject = "New Account Activation"; $message = "<p>Hi, {$_POST['user']},</p>\n\t\t\t\t\t\t<p>Thank you, you have to register and join us on {$siteName}.</p>\n\t\t\t\t\t\t<p>We need to confirm to activate your account.<br>Click the following link to activate your account:</p>\n\t\t\t\t\t\t<p><a href='" . FUrl . "?{$keys}' {$btnClass}> Account Activation </a></p>\n\t\t\t\t\t\t<p>Please save your data account carefully.<br>Thankyou.</p>\n\t\t\t\t\t\t<p> </p>\n\t\t\t\t\t\t<p><b>{$siteName}.</b><br>\n\t\t\t\t\t\t" . FUrl . "</p>"; } } else { if ($siteLang == 'id') { $subject = "Informasi Data Login"; $message = "<p>Hi, {$_POST['user']},</p> \n\t\t\t\t\t\t<p>Terimakasih sudah bergabung bersama kami di {$siteName}.</p>"; if ($activator == 0) { $message = $message . "<p>Akun anda masih menunggu persetujuan untuk diaktifkan.</p>";
} } else { notice('error', Status_Invalid); } } /****************************************/ /* Add User */ /****************************************/ if (isset($_POST['save']) or isset($_POST['apply'])) { $us = strlen("{$_POST['user']}"); $ps = strlen("{$_POST['password']}"); $user = $_POST['user']; $name = $_POST['name']; preg_match('/[^a-zA-Z0-9]+/', $user, $matches); if (!empty($_POST['password']) and !empty($_POST['user']) and !empty($_POST['name']) and !empty($_POST['email']) and !empty($_POST['level']) and $_POST['password'] == $_POST['kpassword'] and $us > 2 and $ps > 3 and @ereg("^.+@.+\\..+\$", $_POST['email']) and !$matches) { $qr = $db->insert(FDBPrefix . 'user', array("", "{$user}", "{$name}", MD5("{$_POST['password']}"), "{$_POST['email']}", "{$_POST['status']}", "{$_POST['level']}", date('Y-m-d H:i:s'), '', "{$_POST['bio']}")); if ($qr and isset($_POST['save'])) { notice('success', User_Added); redirect('?app=user'); } else { if ($qr and isset($_POST['apply'])) { $sql = $db->select(FDBPrefix . 'user', 'id', '', 'id DESC'); $qr = mysql_fetch_array($sql); notice('success', User_Added); redirect('?app=user&act=edit&id=' . $qr['id']); } else { notice('error', Status_Fail); } } } else { notice('error', Status_Invalid);
/** * @version 2.0 * @package Fiyo CMS * @copyright Copyright (C) 2014 Fiyo CMS. * @license GNU/GPL, see LICENSE. **/ defined('_FINDEX_') or die('Access Denied'); $db = new FQuery(); $db->connect(); /****************************************/ /* Add permalink */ /****************************************/ if (isset($_POST['save_new']) or isset($_POST['apply_new'])) { if (!empty($_POST['permalink']) and !empty($_POST['link'])) { $qr = $db->insert(FDBPrefix . 'permalink', array("", "{$_POST['link']}", "{$_POST['permalink']}", "{$_POST['page']}", "{$_POST['status']}", "{$_POST['lock']}")); if ($qr and isset($_POST['save_new'])) { notice('success', Status_Added); redirect('?app=permalink'); } else { if ($qr and isset($_POST['apply_new'])) { $sql = $db->select(FDBPrefix . 'permalink', 'id', '', 'id DESC'); $qr = mysql_fetch_array($sql); notice('success', Status_Added); redirect('?app=permalink&act=edit&id=' . $qr['id']); } else { notice('error', Status_Fail, 2); } } } else { notice('error', Status_Invalid, 2);
function load_login() { if (isset($_POST['fiyo_login'])) { $db = new FQuery(); $user = mysql_real_escape_string($_POST['user']); $sql = $db->select(FDBPrefix . "user", "*", "status=1 AND user='******' AND password='******'pass']) . "'"); $qr = mysql_fetch_array($sql); $jml = mysql_affected_rows(); if ($jml > 0) { $_SESSION['USER_ID'] = $qr['id']; $_SESSION['USER'] = $qr['user']; $_SESSION['USER_NAME'] = $qr['name']; $_SESSION['USER_EMAIL'] = $qr['email']; $_SESSION['USER_LEVEL'] = $qr['level']; $_SESSION['USER_LOG'] = $qr['time_log']; $time_log = date('Y-m-d H:i:s'); $db->update(FDBPrefix . 'user', array("time_log" => "{$time_log}"), "id={$qr['id']}"); $db->delete(FDBPrefix . "session_login", "user_id={$qr['id']}"); $qr = $db->insert(FDBPrefix . "session_login", array("{$qr['id']}", "{$qr['user']}", "{$qr['level']}", date('Y-m-d H:i:s'))); } if ($qr or !empty($_SESSION['USER_ID']) and $_SESSION['USER_LEVEL'] <= 3 and userInfo()) { redirect(getUrl()); } else { select_themes('login'); alert('error', Login_Error); } } else { if (isset($_GET['theme']) and $_GET['theme'] == 'blank') { echo "Redirecting..."; } else { select_themes('login'); } } }