<?php
// widgets/textlink/admin_action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer, admin
if (gcms::isReferer() && gcms::isAdmin() && (empty($_SESSION['login']['account']) || $_SESSION['login']['account'] != 'demo')) {
// ค่าที่ส่งมา
$action = gcms::getVars($_POST, 'action', '');
$id = gcms::getVars($_POST, 'id', '');
$value = gcms::getVars($_POST, 'value', 0);
if ($action == 'delete') {
$sql = "SELECT `logo` FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id}) AND logo != ''";
foreach ($db->customQuery($sql) as $item) {
@unlink(DATA_PATH . 'image/' . $item['logo']);
}
$db->query("DELETE FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id})");
} elseif ($action == 'published') {
$db->query("UPDATE `" . DB_TEXTLINK . "` SET `published`='{$value}' WHERE `id` IN({$id})");
} elseif ($action == 'move') {
// move menu
$max = 1;
foreach (explode(',', str_replace('user-', '', $_POST['data'])) as $i) {
$db->query("UPDATE `" . DB_TEXTLINK . "` SET `link_order`=" . $max . " WHERE `id`=" . (int) $i . " LIMIT 1");
$max++;
}
} elseif ($action == 'styles') {
// styles
include ROOT_PATH . 'widgets/textlink/styles.php';
// template
<?php
// admin/savestatus.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::isAdmin()) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// action
$action = gcms::getVars($_POST, 'action', '');
// โหลด config ใหม่
$config = array();
if (is_file(CONFIG)) {
include CONFIG;
}
if ($action == 'config_status_add') {
if (!isset($config['member_status'][0])) {
$config['member_status'][0] = 'สมาชิก';
$config['color_status'][0] = '#006600';
}
if (!isset($config['member_status'][1])) {
$config['member_status'][1] = 'ผู้ดูแลระบบ';
$config['color_status'][1] = '#FF0000';
}
// เพิ่มสถานะสมาชิกใหม่
$config['member_status'][] = "{$lng['LNG_CLICK_TO']} {$lng['LNG_EDIT']}";
$config['color_status'][] = '#000000';
}
// ค้นหาจาก printable_name และ iso
$search = $db->sql_trim_str($_GET, 'search');
if ($search != '') {
$qs[] = "(`printable_name` LIKE '%{$search}%' OR `iso` LIKE '%{$search}%')";
$url_query['search'] = urlencode($search);
}
$where = sizeof($qs) == 0 ? '' : ' WHERE ' . implode(' AND ', $qs);
// จำนวนสมาชิกทั้งหมด
$sql = "SELECT COUNT(*) AS `count` FROM `" . DB_COUNTRY . "`{$where}";
$count = $db->customQuery($sql);
// รายการต่อหน้า
$list_per_page = gcms::getVars('GET,COOKIE', 'count,country_listperpage', 30);
$list_per_page = max(10, $list_per_page);
// หน้าที่เลือก
$page = max(1, gcms::getVars($_GET, 'page', 1));
// ตรวจสอบหน้าที่เลือกสูงสุด
$totalpage = round($count[0]['count'] / $list_per_page);
$totalpage += $totalpage * $list_per_page < $count[0]['count'] ? 1 : 0;
$page = max(1, $page > $totalpage ? $totalpage : $page);
$start = $list_per_page * ($page - 1);
// คำนวณรายการที่แสดง
$s = $start < 0 ? 0 : $start + 1;
$e = min($count[0]['count'], $s + $list_per_page - 1);
$patt2 = array('/{SEARCH}/', '/{COUNT}/', '/{PAGE}/', '/{TOTALPAGE}/', '/{START}/', '/{END}/');
$replace2 = array($search, $count[0]['count'], $page, $totalpage, $s, $e);
// save ฟิลเตอร์ลง cookie
setCookie('country_order', $order, time() + 3600 * 24 * 365);
setCookie('country_zone', $zone, time() + 3600 * 24 * 365);
setCookie('country_listperpage', $list_per_page, time() + 3600 * 24 * 365);
// title
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'gallery_can_write')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
$save = array();
$save2 = array();
$error = false;
$input = false;
// ค่าที่ส่งมา
$save['topic'] = $db->sql_trim_str($_POST, 'gallery_topic');
$save['detail'] = $db->sql_trim_str($_POST, 'gallery_detail');
$file = $_FILES['gallery_pic'];
// แก้ไขอัลบัม
$id = gcms::getVars($_POST, 'galleryId', 0);
// ตรวจสอบรายการและโมดูลที่เลือก
if ($id > 0) {
$sql = "SELECT C.`id`,C.`module_id`,M.`module`,G.`id` AS `image_id`,G.`image`";
$sql .= " FROM `" . DB_MODULES . "` AS M";
$sql .= " INNER JOIN `" . DB_GALLERY_ALBUM . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}";
$sql .= " INNER JOIN `" . DB_GALLERY . "` AS G ON G.`album_id`=C.`id` AND G.`module_id`=M.`id` AND G.`count`='0'";
} else {
$sql1 = "SELECT MAX(`id`) FROM `" . DB_GALLERY_ALBUM . "` WHERE `module_id`=M.`id`";
$sql = "SELECT 0 AS `image_id`,M.`id` AS `module_id`,M.`module`,1+COALESCE(({$sql1}),0) AS `id` FROM `" . DB_MODULES . "` AS M";
}
$sql .= " WHERE M.`owner`='gallery' LIMIT 1";
$index = $db->customQuery($sql);
if (sizeof($index) == 1) {
$index = $index[0];
// ตรวจสอบค่าที่ส่งมา
// id ที่ลบ
$ids[] = $item['id'];
}
if (sizeof($ids) > 0) {
$ids = implode(',', $ids);
// ลบอัลบัม
$db->query("DELETE FROM `" . DB_GALLERY_ALBUM . "` WHERE `id` IN ({$ids})");
// ลบรูปภาพ
$db->query("DELETE FROM `" . DB_GALLERY . "` WHERE `album_id` IN ({$ids})");
}
// กลับไปหน้าอัลบัม
$ret['error'] = 'DELETE_SUCCESS';
$ret['location'] = rawurlencode('index.php?module=gallery-album');
} elseif ($action == 'deletep') {
// ลบรูปในอัลบัม
$album_id = gcms::getVars($_POST, 'album', 0);
// ลบรูปภาพ
$sql = "SELECT `id`,`album_id`,`image` FROM `" . DB_GALLERY . "` WHERE `id` IN ({$ids}) AND `album_id`={$album_id}";
foreach ($db->customQuery($sql) as $item) {
// ลบรูปภาพ
@unlink(DATA_PATH . "gallery/{$item['album_id']}/{$item['image']}");
@unlink(DATA_PATH . "gallery/{$item['album_id']}/thumb_{$item['image']}");
$ret['remove' . $item['id']] = 'L_' . $item['id'];
}
// ลบ
$db->query("DELETE FROM `" . DB_GALLERY . "` WHERE `id` IN ({$ids}) AND `album_id`={$album_id}");
// อัปเดทจำนวนรูปภาพในอัลบัม
$sql = "SELECT COUNT(*) FROM `" . DB_GALLERY . "` WHERE `module_id`=C.`module_id` AND `album_id`={$album_id}";
$sql = "UPDATE `" . DB_GALLERY_ALBUM . "` AS C SET C.`count`=({$sql}) WHERE C.`id`={$album_id}";
$db->query($sql);
// คืนค่า
<?php
// widgets/twitter/admin_setup_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// ตรวจสอบ referer และ admin
if (gcms::isReferer() && gcms::isAdmin()) {
// โหลด config ใหม่
$config = array();
if (is_file(CONFIG)) {
include CONFIG;
}
// ค่าที่ส่งมา
$config['twitter_height'] = max(100, gcms::getVars($_POST, 'twitter_height', 0));
$config['twitter_id'] = $db->sql_trim_str($_POST, 'twitter_id');
$config['twitter_name'] = $db->sql_trim_str($_POST, 'twitter_name');
$config['twitter_theme'] = $db->sql_trim_str($_POST, 'twitter_theme');
$config['twitter_border_color'] = strtoupper(trim($_POST['twitter_border_color']));
$config['twitter_link_color'] = strtoupper(trim($_POST['twitter_link_color']));
$config['twitter_count'] = gcms::getVars($_POST, 'twitter_count', 0);
// บันทึก config.php
if (gcms::saveconfig(CONFIG, $config)) {
$ret['error'] = 'SAVE_COMPLETE';
$ret['location'] = 'reload';
} else {
$ret['error'] = 'DO_NOT_SAVE';
}
// คืนค่า JSON
echo gcms::array2json($ret);
}
<?php
// widgets/shoutbox/index.php
if (defined('MAIN_INIT')) {
// default
$config['shoutbox_time'] = gcms::getVars($config, 'shoutbox_time', 5);
$config['shoutbox_lines'] = gcms::getVars($config, 'shoutbox_lines', 10);
$emoticon_dir = WEB_URL . '/widgets/shoutbox/smile';
$shoutbox = array();
$shoutbox[] = '<div id=shoutbox_div>';
$shoutbox[] = '<dl id=shoutbox_list></dl>';
$shoutbox[] = '<form id=shoutbox_frm method=post action=' . WEB_URL . '>';
$shoutbox[] = '<fieldset>';
$shoutbox[] = '<p><label for=shoutbox_sender>{LNG_FNAME}:</label><span><input type=text id=shoutbox_sender name=shoutbox_sender maxlength=20 size=15></span></p>';
$shoutbox[] = '<p><label for=shoutbox_txt>{LNG_SHOUTBOX_MESSAGE}:</label><span><input type=text id=shoutbox_txt name=shoutbox_txt maxlength=100 size=15 title="{LNG_SHOUTBOX_TEXT_TITLE}"></span></p>';
$shoutbox[] = '<p><label for=shoutbox_submit> </label><span><input class="button send" id=shoutbox_submit type=submit value="{LNG_SHOUTBOX_SEND}"><img src=' . $emoticon_dir . '/0.gif alt=emoticon class=nozoom></span></p>';
$shoutbox[] = '</fieldset>';
$shoutbox[] = '<p id=shoutbox_emoticon>';
$f = @opendir(ROOT_PATH . 'widgets/shoutbox/smile/');
if ($f) {
while (false !== ($text = readdir($f))) {
if (preg_match('/^([0-9]+)\\.gif$/', $text, $match)) {
$shoutbox[] = "<img src={$emoticon_dir}/{$match['1']}.gif alt={$match['1']} class=nozoom>";
}
}
closedir($f);
}
$shoutbox[] = '</p>';
$shoutbox[] = '</form>';
$shoutbox[] = '</div>';
$shoutbox[] = '<script>';
// admin/mailwrite_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ แอดมิน
if (gcms::isReferer() && gcms::isAdmin()) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
$error = false;
$input = false;
$save = array();
// id ของอีเมล์ (0 = ใหม่)
$id = gcms::getVars($_POST, 'email_id', 0);
if ($id > 0) {
// email ที่แก้ไข
$email = $db->getRec(DB_EMAIL_TEMPLATE, $id);
} else {
// อีเมล์ที่สร้างใหม่ สำหรับระบบจดหมายเวียน
$save['module'] = 'mailmerge';
$save['email_id'] = 0;
}
if ($id > 0 && !$email) {
$ret['error'] = 'ACTION_ERROR';
} else {
// ค่าที่ส่งมา
$save['language'] = $db->sql_trim_str($_POST, 'email_language');
$save['from_email'] = $db->sql_trim_str($_POST, 'email_from_email');
$save['subject'] = $db->sql_trim_str($_POST, 'email_subject');
<?php
// widgets/search/index.php
if (defined('MAIN_INIT')) {
$patt = array('/[\\t\\r]/', '/{(LNG_[A-Z0-9_]+)}/e', '/{WEBURL}/', '/{SEARCH}/', '/{ID}/');
$replace = array();
$replace[] = '';
$replace[] = OLD_PHP ? '$lng[\'$1\']' : 'gcms::getLng';
$replace[] = WEB_URL;
$replace[] = preg_replace('/[\\+\\s]+/u', ' ', gcms::getVars($_GET, 'q', ''));
$replace[] = gcms::rndname(10);
$widget = gcms::pregReplace($patt, $replace, file_get_contents(ROOT_PATH . 'widgets/search/search.html'));
}
$ret['ret_config_image_type'] = 'UPLOAD_TYPE_EMPTY';
$ret['input'] = 'config_image_type';
} else {
$ret['ret_config_image_type'] = '';
// โหลด config ใหม่
$config = array();
if (is_file(CONFIG)) {
include CONFIG;
}
// ค่าที่ส่งมา
$config['gallery_image_type'] = $_POST['config_image_type'];
$config['gallery_thumb_w'] = max(200, (int) $_POST['config_thumb_w']);
$config['gallery_thumb_h'] = max(200, (int) $_POST['config_thumb_h']);
$config['gallery_image_w'] = max(600, (int) $_POST['config_image_w']);
$config['gallery_cols'] = gcms::getVars($_POST, 'config_cols', 0);
$config['gallery_rows'] = gcms::getVars($_POST, 'config_rows', 0);
$config['gallery_can_write'] = isset($_POST['config_can_write']) ? $_POST['config_can_write'] : array();
$config['gallery_can_write'][] = 1;
$config['gallery_can_config'] = isset($_POST['config_can_config']) ? $_POST['config_can_config'] : array();
$config['gallery_can_config'][] = 1;
// บันทึก config.php
if (gcms::saveconfig(CONFIG, $config)) {
$ret['error'] = 'SAVE_COMPLETE';
$ret['location'] = 'reload';
} else {
$ret['error'] = 'DO_NOT_SAVE';
}
}
}
} else {
$ret['error'] = 'ACTION_ERROR';
<?php
// widgets/chat/admin_setup.php
if (MAIN_INIT == 'admin' && $isAdmin) {
// default
$config['chat_time'] = gcms::getVars($config, 'chat_time', 5);
$config['chat_history'] = gcms::getVars($config, 'chat_history', 7);
$config['chat_lines'] = gcms::getVars($config, 'chat_lines', 10);
// title
$title = $lng['LNG_CHAT_SETUP'];
$a = array();
$a[] = '<span class=icon-widgets>{LNG_WIDGETS}</span>';
$a[] = '{LNG_CHAT}';
// แสดงผล
$content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>';
$content[] = '<section>';
$content[] = '<header><h1 class=icon-chat>' . $title . '</h1></header>';
$content[] = '<form id=setup_frm class=setup_frm method=post action=index.php>';
$content[] = '<fieldset>';
$content[] = '<legend><span>{LNG_CHAT}</span></legend>';
// chat_time
$content[] = '<div class=item>';
$content[] = '<label for=chat_time>{LNG_CHAT_TIME}</label>';
$content[] = '<span class="g-input icon-clock"><input type=number id=chat_time name=chat_time title="{LNG_CHAT_TIME_COMMENT}" value=' . $config['chat_time'] . '></span>';
$content[] = '<div class=comment id=result_chat_time>{LNG_CHAT_TIME_COMMENT}</div>';
$content[] = '</div>';
// chat_history
$content[] = '<div class=item>';
$content[] = '<label for=chat_history>{LNG_CHAT_HISTORY}</label>';
$content[] = '<span class="g-input icon-history"><input type=number id=chat_history name=chat_history title="{LNG_CHAT_HISTORY_COMMENT}" value=' . $config['chat_history'] . '></span>';
$content[] = '<div class=comment id=result_chat_history>{LNG_CHAT_HISTORY_COMMENT}</div>';
$save['type'] = $db->sql_trim_str($_POST, 'textlink_type');
$save['text'] = $db->sql_trim($_POST, 'textlink_text');
$save['url'] = trim(gcms::getVars($_POST, 'textlink_url', ''));
$save['target'] = trim(gcms::getVars($_POST, 'textlink_target', ''));
if (isset($_POST['textlink_template']) && $_POST['textlink_type'] == 'custom') {
$save['template'] = preg_replace('/<\\?(.*?)\\?>/', '', trim($_POST['textlink_template']));
}
list($y, $m, $d) = explode('-', $_POST['textlink_publish_start']);
$save['publish_start'] = mktime(0, 0, 0, (int) $m, (int) $d, (int) $y);
if (isset($_POST['textlink_dateless']) && $_POST['textlink_dateless'] == 1) {
$save['publish_end'] = 0;
} else {
list($y, $m, $d) = explode('-', gcms::getVars($_POST, 'textlink_publish_end', '0-0-0'));
$save['publish_end'] = mktime(23, 59, 59, (int) $m, (int) $d, (int) $y);
}
$id = gcms::getVars($_POST, 'textlink_id', 0);
$logo = $_FILES['textlink_file'];
if ($id > 0) {
$sql = "SELECT `id` FROM `" . DB_TEXTLINK . "` WHERE `id`='{$id}' LIMIT 1";
} else {
$sql = "SELECT 1+COALESCE(MAX(`link_order`),0) FROM `" . DB_TEXTLINK . "`";
$sql = "SELECT ({$sql}) AS `link_order`,(1+COALESCE(MAX(`id`),0)) AS `id` FROM `" . DB_TEXTLINK . "`";
}
$textlink = $db->customQuery($sql);
if (sizeof($textlink) == 0) {
$ret['error'] = 'ACTION_ERROR';
$error = true;
} elseif (!preg_match('/^[a-z0-9]{1,}$/u', $save['name'])) {
$ret['ret_textlink_name'] = 'this';
$ret['input'] = 'textlink_name';
$error = true;
$index = $cache->get($sql);
if (!$index) {
$index = $db->customQuery($sql);
if (sizeof($index) > 0) {
$cache->save($sql, $index);
}
}
if (sizeof($index) == 0) {
$title = $lng['LNG_DATA_NOT_FOUND'];
$content = '<div class=error>' . $title . '</div>';
} else {
$index = $index[0];
// config
gcms::r2config($index['config'], $index);
// login
$login = gcms::getVars($_SESSION, 'login', array('id' => 0, 'status' => -1, 'email' => '', 'password' => ''));
// breadcrumbs
$breadcrumb = gcms::loadtemplate($index['module'], '', 'breadcrumb');
$breadcrumbs = array();
// หน้าหลัก
$breadcrumbs['HOME'] = gcms::breadcrumb('icon-home', WEB_URL . '/index.php', $install_modules[$module_list[0]]['menu_tooltip'], $install_modules[$module_list[0]]['menu_text'], $breadcrumb);
// breadcrumb ของ โมดูล
$m = $install_modules[$index['module']]['menu_text'];
$breadcrumbs['MODULE'] = gcms::breadcrumb('', gcms::getURL($index['module']), $install_modules[$index['module']]['menu_tooltip'], $m == '' ? $index['module'] : $m, $breadcrumb);
// หมวด
$categories = array();
$categories[0] = '<option value=0>{LNG_NO_CATEGORY}</option>';
$sql = "SELECT `category_id`,`topic` FROM `" . DB_CATEGORY . "` WHERE `module_id`='{$index['module_id']}' ORDER BY `category_id`";
$list = $cache->get($sql);
if (!$list) {
$list = $db->customQuery($sql);
<?php
// modules/gallery/admin_upload_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'gallery_can_write')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// อัลบัมที่อัปโหลด
$id = gcms::getVars($_POST, 'albumId', 0);
$sql = "SELECT MAX(`count`) FROM `" . DB_GALLERY . "` WHERE `module_id`=M.`id` AND `album_id`=C.`id`";
$sql = "SELECT C.`id`,C.`module_id`,({$sql}) AS `count` FROM `" . DB_MODULES . "` AS M";
$sql .= " INNER JOIN `" . DB_GALLERY_ALBUM . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}";
$sql .= " WHERE M.`owner`='gallery' LIMIT 1";
$index = $db->customQuery($sql);
if (sizeof($index) == 1) {
$index = $index[0];
$save = array();
$save['module_id'] = $index['module_id'];
$save['album_id'] = $index['id'];
$save['last_update'] = $mmktime;
$save['count'] = (int) $index['count'] + 1;
// path เก็บไฟล์
$dir = DATA_PATH . "gallery/{$save['album_id']}/";
foreach ($_FILES as $file) {
// ตรวจสอบไฟล์อัปโหลด
$info = gcms::isValidImage($config['gallery_image_type'], $file);
// title
$title = $lng['LNG_REGISTER_TITLE'];
// breadcrumbs
$breadcrumb = gcms::loadtemplate('', '', 'breadcrumb');
$breadcrumbs = array();
// หน้าหลัก
$breadcrumbs['HOME'] = gcms::breadcrumb('icon-home', WEB_URL . '/index.php', $install_modules[$module_list[0]]['menu_tooltip'], $install_modules[$module_list[0]]['menu_text'], $breadcrumb);
// url ของหน้านี้
$breadcrumbs['MODULE'] = gcms::breadcrumb('', gcms::getURL('register'), $lng['LNG_REGISTER_TITLE'], $lng['LNG_REGISTER_TITLE'], $breadcrumb);
if (isset($config['custom_register']) && is_file(ROOT_PATH . $config['custom_register'])) {
// custom register form
include ROOT_PATH . $config['custom_register'];
} else {
// antispam
$register_antispamchar = gcms::rndname(32);
$_SESSION[$register_antispamchar] = gcms::rndname(4);
// แสดงฟอร์ม registerfrm.html
$patt = array('/{BREADCRUMS}/', '/<PHONE>(.*)<\\/PHONE>/isu', '/<IDCARD>(.*)<\\/IDCARD>/isu', '/<INVITE>(.*)<\\/INVITE>/isu', '/{(LNG_[A-Z0-9_]+)}/e', '/{ANTISPAM}/', '/{WEBURL}/', '/{MODAL}/', '/{INVITE}/');
$replace = array();
$replace[] = implode("\n", $breadcrumbs);
$replace[] = empty($config['member_phone']) ? '' : '\\1';
$replace[] = empty($config['member_idcard']) ? '' : '\\1';
$replace[] = empty($config['member_invitation']) ? '' : '\\1';
$replace[] = OLD_PHP ? '$lng[\'$1\']' : 'gcms::getLng';
$replace[] = $register_antispamchar;
$replace[] = WEB_URL;
$replace[] = gcms::getVars($_POST, 'action', '') != 'modal' ? 'false' : 'true';
$replace[] = gcms::getVars($_COOKIE, PREFIX . '_invite', '');
$content = gcms::pregReplace($patt, $replace, gcms::loadtemplate('member', 'member', 'registerfrm'));
}
}
if (gcms::isReferer() && gcms::canConfig($config, 'personnel_can_write')) {
if (empty($_SESSION['login']['account']) || $_SESSION['login']['account'] != 'demo') {
// ตรวจสอบ id
$ids = array();
foreach (explode(',', $_POST['id']) as $id) {
$ids[] = (int) $id;
}
// id ของ สมาชิกทั้งหมดที่ส่งมา
$ids = implode(',', $ids);
if ($_POST['action'] == 'delete' && $ids != '') {
$sql = "SELECT `picture` FROM `" . DB_PERSONNEL . "` WHERE `id` IN ({$ids}) AND `module_id`=";
$sql .= "(SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='personnel')";
foreach ($db->customQuery($sql) as $item) {
@unlink(DATA_PATH . "personnel/{$item['picture']}");
}
// ลบ db
$sql = "DELETE FROM `" . DB_PERSONNEL . "` WHERE `id` IN ({$ids}) AND `module_id`=";
$sql .= "(SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='personnel')";
$db->query($sql);
} elseif (preg_match('/^order_([0-9]+)$/', $_POST['id'], $match)) {
$ret["order_{$match['1']}"] = gcms::getVars($_POST, 'value', 0);
$db->edit(DB_PERSONNEL, $match[1], array('order' => $ret["order_{$match['1']}"]));
} else {
print_r($_POST);
}
}
} else {
$ret['error'] = 'ACTION_ERROR';
}
// คืนค่าเป็น JSON
echo gcms::array2json($ret);
<?php
// modules/personnel/admin_category_action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'personnel_can_config')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$action = gcms::getVars($_POST, 'action', '');
$module_id = gcms::getVars($_POST, 'mid', 0);
if (preg_match('/^config_(category)_add$/', $action, $match)) {
// add category
$save = array();
$save_detail = array();
// new row
$text = $lng['LNG_CATEGORY'];
$save['group_id'] = 0;
$save['module_id'] = $module_id;
$topic[LANGUAGE] = "{$lng['LNG_CLICK_TO']} {$lng['LNG_EDIT']}";
// id ของ หมวดใหม่
$sql = "SELECT MAX(`category_id`) AS `category` FROM `" . DB_CATEGORY . "` WHERE `module_id`='{$module_id}'";
$category = $db->customQuery($sql);
$save['category_id'] = (int) $category[0]['category'] + 1;
$save['topic'] = gcms::array2Ser($topic);
// add
$id = $db->add(DB_CATEGORY, $save);
<?php
// widgets/shoutbox/send.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer
if (gcms::isReferer()) {
// ค่าที่ส่งมา
$save = array();
$save['text'] = $db->sql_trim_str($_POST, 'val');
$save['time'] = gcms::getVars($_POST, 'time', 0);
$save['sender'] = $db->sql_trim_str($_POST, 'sender');
// save message
$db->add(DB_SHOUTBOX, $save);
}
$breadcrumbs['MODULE'] = gcms::breadcrumb('', $canonical, $t, $m, $breadcrumb);
}
// แก้ไข
$breadcrumbs['EDIT'] = gcms::breadcrumb('', WEB_URL . "/index.php?module={$index['module']}-write&id={$index['id']}", "{$index['topic']}.{$index['ext']}", "{$index['topic']}.{$index['ext']}", $breadcrumb);
// default query
$where = " WHERE D.`module_id`='{$index['module_id']}' AND D.`document_id`='{$index['id']}'";
// จำนวนทั้งหมด
$sql = "SELECT COUNT(*) AS `count` FROM `" . DB_EDOCUMENT_DOWNLOAD . "` AS D {$where}";
$count = $cache->get($sql);
if (!$count) {
$count = $db->customQuery($sql);
$count = $count[0];
$cache->save($sql, $count);
}
// หน้าที่เรียก
$page = gcms::getVars($_REQUEST, 'page', 0);
$totalpage = round($count['count'] / $config['edocument_listperpage']);
$totalpage += $totalpage * $config['edocument_listperpage'] < $count['count'] ? 1 : 0;
$page = $page > $totalpage ? $totalpage : $page;
$page = $page < 1 ? 1 : $page;
$start = $config['edocument_listperpage'] * ($page - 1);
// list รายการ
$sql = "SELECT D.*,U.`fname`,U.`lname`,U.`email`,U.`status` FROM `" . DB_EDOCUMENT_DOWNLOAD . "` AS D";
$sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=D.`member_id`";
$sql .= " {$where} ORDER BY D.`last_update` DESC LIMIT {$start},{$config['edocument_listperpage']}";
$datas = $cache->get($sql);
if (!$datas) {
$datas = $db->customQuery($sql);
$cache->save($sql, $datas);
}
// อ่านรายการลงใน $list
$text = gcms::getVars($lng, 'LNG_' . strtoupper($key), '');
$menus[] = '<li class="' . $key . '"><a class=menu-arrow tabindex=0><span>' . ($text == '' ? ucfirst($key) : $text) . '</span></a><ul>';
foreach ($value as $key2 => $value2) {
$menus[] = '<li class="' . $key2 . '">' . $value2 . '</li>';
}
$menus[] = '</ul></li>';
} else {
$menus[] = '<li class="' . $key . '">' . $value . '</li>';
}
}
$menus[] = '</ul>';
}
$menus[] = '</li>';
}
// โมดูลที่เรียก
$module = preg_replace('/[\\.\\/]/', '', gcms::getVars($_GET, 'module', ''));
if (is_file(ROOT_PATH . "admin/{$module}.php")) {
require_once ROOT_PATH . "admin/{$module}.php";
} elseif (preg_match('/^(' . implode('|', array_keys($install_owners)) . ')(-(.*))?$/ui', $module, $modules)) {
if (is_file(ROOT_PATH . "modules/{$modules['1']}/admin_{$modules['3']}.php")) {
// โมดูลที่เรียก
require_once ROOT_PATH . "modules/{$modules['1']}/admin_{$modules['3']}.php";
} elseif (is_file(ROOT_PATH . "widgets/{$modules['1']}/admin_{$modules['3']}.php")) {
// เรียก widget ชื่อเดียวกับโมดูล
require_once ROOT_PATH . "widgets/{$modules['1']}/admin_{$modules['3']}.php";
} else {
require_once ROOT_PATH . "admin/dashboard.php";
}
} elseif (preg_match('/^(' . implode('|', $setup_widgets) . ')(-(.*))?$/ui', $module, $modules)) {
// เรียก widget
if (isset($modules[3]) && is_file(ROOT_PATH . "widgets/{$modules['1']}/admin_{$modules['3']}.php")) {
<?php
// widgets/facebook/admin_setup.php
if (MAIN_INIT == 'admin' && $isAdmin) {
// ตรวจสอบค่า default
$config['facebook_width'] = gcms::getVars($config, 'facebook_width', 500);
$config['facebook_height'] = gcms::getVars($config, 'facebook_height', 0);
$config['facebook_user'] = gcms::getVars($config, 'facebook_user', 'gcmscms');
$config['facebook_show_facepile'] = gcms::getVars($config, 'facebook_show_facepile', 1);
$config['facebook_show_posts'] = gcms::getVars($config, 'facebook_show_posts', 0);
$config['facebook_hide_cover'] = gcms::getVars($config, 'facebook_hide_cover', 0);
// title
$title = $lng['LNG_FACEBOOK_SETTINGS'];
$a = array();
$a[] = '<span class=icon-widgets>{LNG_WIDGETS}</span>';
$a[] = '{LNG_FACEBOOK_LIKE_BOX}';
// แสดงผล
$content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>';
$content[] = '<section>';
$content[] = '<header><h1 class=icon-facebook>' . $title . '</h1></header>';
$content[] = '<div class=setup_frm>';
$content[] = '<form id=setup_frm class=paper method=post action=index.php>';
$content[] = '<fieldset>';
$content[] = '<legend><span>{LNG_FACEBOOK_LIKE_BOX}</span></legend>';
// width, height
$content[] = '<div class=item>';
$content[] = '<div class=input-groups>';
$content[] = '<div class=width50>';
$content[] = '<label for=facebook_width>{LNG_WIDTH}</label>';
$content[] = '<span class="g-input icon-width"><input type=number name=facebook_width id=facebook_width value="' . $config['facebook_width'] . '" title="{LNG_FACEBOOK_SIZE_COMMENT}"></span>';
$content[] = '</div>';
$a[] = '<span class=icon-settings>{LNG_SITE_SETTINGS}</span>';
$a[] = '{LNG_INTRO_PAGE}';
// แสดงผล
$content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>';
$content[] = '<section>';
$content[] = '<header><h1 class=icon-write>' . $title . '</h1></header>';
$content[] = '<form id=write_frm class=setup_frm method=post action=index.php>';
$content[] = '<fieldset>';
$content[] = '<legend><span>{LNG_INTRO_PAGE}</span></legend>';
$content[] = '<aside class=message>{LNG_INTRO_PAGE_COMMENT}</aside>';
// intro
$content[] = '<div class=item>';
$content[] = '<div class="table collapse">';
$content[] = '<label for=write_mode>{LNG_SETTINGS}</label>';
$content[] = '<span class="g-input icon-config"><select name=write_mode id=write_mode title="{LNG_PLEASE_SELECT} {LNG_INTRO_PAGE}">';
$show_intro = gcms::getVars($config, 'show_intro', '');
foreach ($lng['OPEN_CLOSE'] as $i => $item) {
$sel = $show_intro == $i ? ' selected' : '';
$content[] = '<option value=' . $i . $sel . '>' . $item . '</option>';
}
$content[] = '</select></span>';
$content[] = '</div>';
$content[] = '</div>';
// language
$content[] = '<div class=item>';
$content[] = '<label for=write_language>{LNG_LANGUAGE}</label>';
$content[] = '<div class="table collapse">';
$content[] = '<div class=td>';
$content[] = '<span class="g-input icon-language"><select name=write_language id=write_language title="{LNG_PLEASE_SELECT} {LNG_LANGUAGE}">';
foreach ($install_languages as $item) {
$sel = $lang == $item ? ' selected' : '';
<?php
// widgets/tags/admin_setup.php
if (MAIN_INIT == 'admin' && $isAdmin && defined('DB_TAGS')) {
// รายการที่แก้ไข
$id = gcms::getVars($_GET, 'id', 0);
$tags = '';
$tag = array('id' => 0, 'tag' => '');
// query
$sql = "SELECT * FROM " . DB_TAGS . " ORDER BY `count` ASC, `id` DESC";
foreach ($db->customQuery($sql) as $item) {
if ($id == $item['id']) {
$tag = $item;
}
$tags .= '<tr id=L_' . $item['id'] . '>';
$tags .= '<th headers=c1 id=r' . $item['id'] . ' scope=row class=topic><a id=edit_' . $item['id'] . ' href="' . WEB_URL . '/admin/index.php?module=tags-setup&id=' . $item['id'] . '">' . htmlspecialchars($item['tag']) . '</a></th>';
$tags .= '<td headers="r' . $item['id'] . ' c2" class=check-column><a id=check_' . $item['id'] . ' class=icon-uncheck></a></td>';
$tags .= '<td headers="r' . $item['id'] . ' c3" class=visited>' . $item['count'] . '</td>';
$tags .= '</tr>';
}
// title
$title = $lng['LNG_TAGS_TITLE'];
$a = array();
$a[] = '<span class=icon-widgets>{LNG_WIDGETS}</span>';
$a[] = '{LNG_TAGS}';
// แสดงผล
$content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>';
$content[] = '<section>';
$content[] = '<header><h1 class=icon-tags>' . $title . '</h1></header>';
$content[] = '<div class=setup_frm>';
$content[] = '<form id=setup_frm class=paper method=post action=index.php>';
$save[$k . 'H'] = $index['icon_height'];
// ลบรูปภาพเดิม
if (isset($index[$k]) && $index[$k] != $save[$k]) {
@unlink(DATA_PATH . "document/{$index[$k]}");
}
}
}
}
}
}
if (!$error) {
// บันทึก
$save['create_date'] = $db->sql_datetime2mktime("{$_POST['write_create_date']} {$_POST['write_create_hour']}:{$_POST['write_create_minute']}:00");
$save['last_update'] = $mmktime;
$save['index'] = 0;
$save['category_id'] = gcms::getVars($_POST, 'write_category', 0);
$save['ip'] = gcms::getip();
$save['published'] = $_POST['write_published'] == '1' ? '1' : '0';
$save['published_date'] = $db->sql_trim_str($_POST, 'write_published_date');
$save['show_news'] = '';
if (isset($_POST['write_show_news'])) {
$write_show_news = array();
foreach ($_POST['write_show_news'] as $item) {
$write_show_news[] = "{$item}=1";
}
$save['show_news'] = implode("\n", $write_show_news);
}
if ($id == 0) {
// ใหม่
$save['module_id'] = $index['module_id'];
$save['member_id'] = $login['id'];
<?php
// modules/index/main.php
if (defined('MAIN_INIT')) {
$id = gcms::getVars('REQUEST,REQUEST', 'mid,id', 0);
// อ่านโมดูล ตามภาษา
$sql = "SELECT M.`module`,I.`id`,D.`topic`,D.`description`,D.`keywords`,D.`detail`,I.`visited`";
if ($id > 0) {
$sql .= " FROM `" . DB_INDEX . "` AS I";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=I.`module_id`";
$sql .= " INNER JOIN `" . DB_INDEX_DETAIL . "` AS D ON D.`id`=I.`id` AND D.`module_id`=I.`module_id` AND D.`language`=I.`language`";
$sql .= " WHERE I.`id`='{$id}' AND I.`index`='1' AND I.`published`='1' AND I.`published_date`<='" . date('Y-m-d', $mmktime) . "' LIMIT 1";
} else {
$sql .= " FROM `" . DB_INDEX_DETAIL . "` AS D ";
$sql .= " INNER JOIN `" . DB_INDEX . "` AS I ON I.`id`=D.`id` AND I.`index`='1' AND I.`published`='1' AND I.`published_date`<='" . date('Y-m-d', $mmktime) . "' AND I.`language`=D.`language`";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=D.`module_id` AND M.`module`='{$module}'";
$sql .= " WHERE D.`language` IN ('" . LANGUAGE . "','') LIMIT 1";
}
// ตรวจสอบข้อมูลจาก cache
$index = $cache->get($sql);
if (!$index) {
$index = $db->customQuery($sql);
$index = sizeof($index) == 0 ? false : $index[0];
}
if (!$index) {
$title = $lng['PAGE_NOT_FOUND'];
$content = '<div class=error>' . $title . '</div>';
} else {
// breadcrumbs
$breadcrumb = gcms::loadtemplate($index['module'], '', 'breadcrumb');
$breadcrumbs = array();
$page = $match[1];
$modules[4] = $match[2];
}
// ชื่อโมดูลที่ติดตั้งแล้ว
$modules[2] = $install_modules[$modules[1]]['owner'];
}
if (empty($modules[3])) {
$modules[3] = 'main';
} elseif (is_file(ROOT_PATH . "modules/{$modules['1']}/{$modules['3']}.php")) {
// เรียกโมดูลตรงๆ
$modules[2] = $modules[1];
} elseif (!empty($page) && is_file(ROOT_PATH . "modules/{$modules['1']}/{$page}.php")) {
$modules[3] = $page;
} elseif (!is_file(ROOT_PATH . "modules/{$modules['2']}/{$modules['3']}.php")) {
$modules[4] = $modules[3];
$modules[3] = 'view';
}
} else {
// ไม่ได้ส่งชื่อโมดูลมา เช่น ข้อความ.html
// ให้แสดงเรื่องจากโมดูล document
unset($modules[1]);
$modules[2] = 'document';
$modules[3] = 'view';
$modules[4] = $module;
}
unset($modules[0]);
// โมดูลที่เรียก
$module = gcms::getVars($modules, 1, '');
// เลือกเมนู
$menu = empty($install_modules[$module]['alias']) ? $module : $install_modules[$module]['alias'];
}
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
$error = false;
// ค่าที่ส่งมา
$save = array();
$save['name'] = $db->sql_trim_str($_POST, 'write_name');
$save['email'] = $db->sql_trim_str($_POST, 'write_email');
$save['position'] = $db->sql_trim_str($_POST, 'write_position');
$save['phone'] = $db->sql_trim_str($_POST, 'write_phone');
$save['address'] = $db->sql_trim_str($_POST, 'write_address');
$save['detail'] = $db->sql_trim_str($_POST, 'write_detail');
$save['category_id'] = gcms::getVars($_POST, 'write_category', 0);
$save['order'] = min(99, max(0, (int) $_POST['write_order']));
$icon = $_FILES['write_picture'];
$id = gcms::getVars($_POST, 'write_id', 0);
// ตรวจสอบค่าที่ส่งมา
if ($id > 0) {
$sql = "SELECT C.*,M.`module` FROM `" . DB_MODULES . "` AS M";
$sql .= " INNER JOIN `" . DB_PERSONNEL . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}";
} else {
$sql1 = "SELECT MAX(`id`)+1 FROM `" . DB_PERSONNEL . "` WHERE `module_id`=M.`id`";
$sql = "SELECT IFNULL(({$sql1}),1) AS `id`,M.`id` AS `module_id`,M.`module` FROM `" . DB_MODULES . "` AS M";
}
$sql .= " WHERE M.`owner`='personnel' LIMIT 1";
$index = $db->customQuery($sql);
// ตรวจสอบค่าที่ส่งมา
if (sizeof($index) == 0) {
$ret['error'] = 'ACTION_ERROR';
} elseif ($save['name'] == '') {
$ret['ret_write_name'] = 'FNAME_EMPTY';
$config['mimeTypes'] = $typies;
}
if (!isset($ret['error'])) {
if (isset($_POST['config_can_download'])) {
$config['download_can_download'] = gcms::getVars($_POST, 'config_can_download', '');
} else {
unset($config['download_can_download']);
}
$config['download_can_upload'] = gcms::getVars($_POST, 'config_can_upload', array());
$config['download_can_upload'][] = 1;
$config['download_can_config'] = gcms::getVars($_POST, 'config_can_config', array());
$config['download_can_config'][] = 1;
$config['download_list_per_page'] = gcms::getVars($_POST, 'config_list_per_page', 0);
$config['download_upload_size'] = gcms::getVars($_POST, 'config_upload_size', 0);
$config['download_file_typies'] = implode(',', array_keys($typies));
$config['download_news_count'] = gcms::getVars($_POST, 'config_news_count', 0);
// บันทึก config.php
if (gcms::saveconfig(CONFIG, $config)) {
$ret['error'] = 'SAVE_COMPLETE';
$ret['location'] = 'reload';
} else {
$ret['error'] = 'DO_NOT_SAVE';
}
}
}
}
} else {
$ret['error'] = 'ACTION_ERROR';
}
// คืนค่าเป็น JSON
echo gcms::array2json($ret);
$content[] = '<fieldset class=paper>';
$content[] = '<legend><span class=icon-bing>{LNG_BING}</span></legend>';
// msvalidate
$content[] = '<div class=item>';
$content[] = '<label for=msvalidate>{LNG_SITE_VERIFICATION_CODE}</label>';
$content[] = '<div><span class=tablet><meta name="msvalidate.01" content="</span><input type=text class=wide id=msvalidate name=msvalidate value="' . gcms::getVars($config, 'msvalidate', '') . '" title="{LNG_SITE_VERIFICATION_CODE_COMMENT}"><span class=tablet>" /></span></div>';
$content[] = '<div class=comment id=result_msvalidate>{LNG_SITE_VERIFICATION_CODE_COMMENT}</div>';
$content[] = '</div>';
$content[] = '</fieldset>';
$content[] = '<fieldset>';
$content[] = '<legend><span class=icon-facebook>{LNG_FACEBOOK}</span></legend>';
// facebook_appId
$facebook = gcms::getVars($config, 'facebook', array());
$content[] = '<div class=item>';
$content[] = '<label for=facebook_appId>{LNG_FACEBOOK_APPID}</label>';
$content[] = '<span class="g-input icon-password"><input id=facebook_appId name=facebook_appId type=text value="' . gcms::getVars($facebook, 'appId', '') . '" title="{LNG_FACEBOOK_COMMENT}"></span>';
$content[] = '</div>';
// facebook_picture
$content[] = '<div class=item>';
$image = is_file(DATA_PATH . 'image/facebook_photo.jpg') ? DATA_URL . 'image/facebook_photo.jpg' : WEB_URL . '/skin/img/blank.gif';
$content[] = '<div class=usericon><span><img src="' . $image . '" alt="Facebook Picture" id=fbPicture></span></div>';
$content[] = '<label for=facebook_picture>{LNG_BROWSE_FILE}</label>';
$content[] = '<span class="g-input icon-upload"><input class=g-file id=facebook_picture name=facebook_picture type=file title="{LNG_FACEBOOK_PICTURE_COMMENT}" accept="' . gcms::getEccept(array('jpg')) . '" data-preview=fbPicture></span>';
$content[] = '<div class=comment id=result_facebook_picture>{LNG_FACEBOOK_PICTURE_COMMENT}</div>';
$content[] = '</div>';
$content[] = '<aside class=message>{LNG_FACEBOOK_REDIRECT_URL} <em>{WEBURL}/index.php</em></aside>';
$content[] = '</fieldset>';
// submit
$content[] = '<fieldset class=submit>';
$content[] = '<input type=submit class="button large save" value="{LNG_SAVE}">';
$content[] = '</fieldset>';
$script[] = '$G(window).Ready(function(){';
$script[] = 'if ($E("logo")) {';
$script[] = "new GMedia('logo_swf', '" . DATA_URL . "image/{$config['logo']}', {$info['width']}, {$info['height']}).write('logo');";
$script[] = '}';
$script[] = '});';
} else {
$image_src = DATA_URL . 'image/' . $config['logo'];
$image_logo = '<img src="' . $image_src . '" alt="{WEBTITLE}">';
}
}
// canonical
$canonical = WEB_URL . '/index.php';
// โมดูลที่เรียกมา
$module = '';
if (isset($_REQUEST['module'])) {
$module = gcms::getVars($_REQUEST, 'module', '');
} else {
$request_uri = explode('?', rawurldecode($_SERVER['REQUEST_URI']));
if (preg_match('/^\\/(.*)\\.html$/u', str_replace(BASE_PATH, '', $request_uri[0]), $match)) {
$module = $match[1];
}
}
// โหลดเมนูทั้งหมดเรียงตามลำดับเมนู (รายการแรกคือหน้า Home)
$sql = "SELECT M.`id` AS `module_id`,M.`module`,M.`owner`,M.`config`,U.`index_id`,U.`parent`,U.`level`,U.`menu_text`,U.`menu_tooltip`,U.`accesskey`,U.`menu_url`,U.`menu_target`,U.`alias`,U.`published`";
$sql .= ",(CASE U.`parent` WHEN 'MAINMENU' THEN 0 WHEN 'BOTTOMMENU' THEN 1 WHEN 'SIDEMENU' THEN 2 ELSE 3 END ) AS `pos`";
$sql .= " FROM `" . DB_MENUS . "` AS U";
$sql .= " LEFT JOIN `" . DB_INDEX . "` AS I ON I.`id`=U.`index_id` AND I.`index`='1' AND I.`language` IN ('" . LANGUAGE . "','')";
$sql .= " LEFT JOIN `" . DB_MODULES . "` AS M ON M.`id`=I.`module_id`";
$sql .= " WHERE U.`language` IN ('" . LANGUAGE . "','')";
$sql .= " ORDER BY `pos` ASC,U.`parent` ASC ,U.`menu_order` ASC";
$menus = $cache->get($sql);