Ejemplo n.º 1
0
<?php

// widgets/textlink/admin_action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer, admin
if (gcms::isReferer() && gcms::isAdmin() && (empty($_SESSION['login']['account']) || $_SESSION['login']['account'] != 'demo')) {
    // ค่าที่ส่งมา
    $action = gcms::getVars($_POST, 'action', '');
    $id = gcms::getVars($_POST, 'id', '');
    $value = gcms::getVars($_POST, 'value', 0);
    if ($action == 'delete') {
        $sql = "SELECT `logo` FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id}) AND logo != ''";
        foreach ($db->customQuery($sql) as $item) {
            @unlink(DATA_PATH . 'image/' . $item['logo']);
        }
        $db->query("DELETE FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id})");
    } elseif ($action == 'published') {
        $db->query("UPDATE `" . DB_TEXTLINK . "` SET `published`='{$value}' WHERE `id` IN({$id})");
    } elseif ($action == 'move') {
        // move menu
        $max = 1;
        foreach (explode(',', str_replace('user-', '', $_POST['data'])) as $i) {
            $db->query("UPDATE `" . DB_TEXTLINK . "` SET `link_order`=" . $max . " WHERE `id`=" . (int) $i . " LIMIT 1");
            $max++;
        }
    } elseif ($action == 'styles') {
        // styles
        include ROOT_PATH . 'widgets/textlink/styles.php';
        // template
Ejemplo n.º 2
0
<?php

// admin/import.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
// ไฟล์ที่ส่งมา
$file = $_FILES['import_file'];
// แอดมินเท่านั้น
if (gcms::isReferer() && gcms::isAdmin() && $file['tmp_name'] != '') {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        echo gcms::array2json(array('error' => 'EX_MODE_ERROR'));
    } else {
        // long time
        set_time_limit(0);
        // อัปโหลด
        $fr = file($file['tmp_name']);
        // query ทีละบรรทัด
        foreach ($fr as $value) {
            $sql = str_replace(array('\\r', '\\n', '{prefix}', '/{WEBMASTER}/', '/{WEBURL}/'), array("\r", "\n", PREFIX, $_SESSION['login']['email'], WEB_URL), trim($value));
            if ($sql != '') {
                $db->query($sql);
            }
        }
    }
}
Ejemplo n.º 3
0
<?php

// modal.php
header("content-type: text/html; charset=UTF-8");
// inint
include dirname(__FILE__) . '/bin/inint.php';
// ตรวจสอบ referer
if (gcms::isReferer() && preg_match('/^([a-z]+)$/', $_POST['module'], $match)) {
    if (is_file(ROOT_PATH . SKIN . "{$match['1']}.html")) {
        $patt = array('/{(LNG_[A-Z0-9_]+)}/e', '/{SKIN}/', '/{WEBURL}/', '/{TITLE}/', '/{DESCRIPTION}/', '/{LANGUAGE}/');
        $replace = array(OLD_PHP ? '$lng[\'$1\']' : 'gcms::getLng', SKIN, WEB_URL, $config['web_title'], $config['web_description'], LANGUAGE);
        echo gcms::pregReplace($patt, $replace, gcms::loadfile(ROOT_PATH . SKIN . "{$match['1']}.html"));
    } else {
        echo '<div class=error>' . $lng['PAGE_NOT_FOUND'] . '</div>';
    }
}
Ejemplo n.º 4
0
<?php

// widgets/relate/getnews.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// ตรวจสอบ referer
if (gcms::isReferer() && preg_match('/^widget_([0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)_(list|icon|thumb)$/', $_POST['id'], $match)) {
    // วันนี้
    $c_date = date('Y-m-d', $mmktime);
    // อ่านโมดูล
    $sql = "SELECT M.`config`,M.`module`,D.`relate`,Q.`id`,Q.`module_id`";
    $sql .= " FROM `" . DB_INDEX . "` AS Q";
    $sql .= " INNER JOIN `" . DB_INDEX_DETAIL . "` AS D ON D.`id`=Q.`id` AND D.`module_id`=Q.`module_id` AND D.`language` IN ('" . LANGUAGE . "','')";
    $sql .= " INNER JOIN " . DB_MODULES . " AS M ON M.`id`=D.`module_id`";
    $sql .= " WHERE D.`id`=" . (int) $match[1] . " AND M.`owner`='document' AND Q.`published`='1' AND Q.`published_date`<='{$c_date}' AND Q.`index` = '0' LIMIT 1";
    $index = $cache->get($sql);
    if (!$index) {
        $index = $db->customQuery($sql);
        if (sizeof($index) == 1) {
            $index = $index[0];
            // อ่าน config
            gcms::r2config($index['config'], $index);
            unset($index['config']);
            // save cached
            $cache->save($sql, $index);
        } else {
            $index = false;
        }
    }
    if ($index && $index['relate'] != '') {
Ejemplo n.º 5
0
<?php

// modules/personnel/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'personnel_can_write')) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        $error = false;
        // ค่าที่ส่งมา
        $save = array();
        $save['name'] = $db->sql_trim_str($_POST, 'write_name');
        $save['email'] = $db->sql_trim_str($_POST, 'write_email');
        $save['position'] = $db->sql_trim_str($_POST, 'write_position');
        $save['phone'] = $db->sql_trim_str($_POST, 'write_phone');
        $save['address'] = $db->sql_trim_str($_POST, 'write_address');
        $save['detail'] = $db->sql_trim_str($_POST, 'write_detail');
        $save['category_id'] = gcms::getVars($_POST, 'write_category', 0);
        $save['order'] = min(99, max(0, (int) $_POST['write_order']));
        $icon = $_FILES['write_picture'];
        $id = gcms::getVars($_POST, 'write_id', 0);
        // ตรวจสอบค่าที่ส่งมา
        if ($id > 0) {
            $sql = "SELECT C.*,M.`module` FROM `" . DB_MODULES . "` AS M";
            $sql .= " INNER JOIN `" . DB_PERSONNEL . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}";
        } else {
            $sql1 = "SELECT MAX(`id`)+1 FROM `" . DB_PERSONNEL . "` WHERE `module_id`=M.`id`";
Ejemplo n.º 6
0
<?php

// modules/member/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer
if (gcms::isReferer() && $db->sql_trim_str($_POST, 'value') != $_SESSION[$_POST['antispam']]) {
    echo 'ANTISPAM_INCORRECT';
}
// inint
include '../bin/inint.php';
// action
$action = gcms::getVars($_POST, 'action', '');
// ตรวจสอบ id
$ids = array();
foreach (explode(',', $_POST['id']) as $id) {
    // ไม่สามารถแก้ไขตัวเองได้
    if ($_SESSION['login']['id'] != $id) {
        $ids[] = (int) $id;
    }
}
// id ของ สมาชิกทั้งหมดที่ส่งมา
$ids = implode(',', $ids);
// ตรวจสอบ referer และ admin
if (gcms::isReferer() && gcms::isAdmin() && $ids != '') {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        echo $lng['ACTION_FORBIDDEN'];
    } else {
        if ($action == 'delete') {
            // ลบสมาชิกที่เลือก
            $sql = "SELECT `icon` FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `id`!=1 AND `icon`!=''";
            foreach ($db->customQuery($sql) as $item) {
                // ลบรูปภาพสมาชิก
                @unlink(USERICON_FULLPATH . $item['icon']);
            }
            // ลบสมาชิก
            $db->query("DELETE FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `id`!=1");
        } elseif ($action == 'activate' || $action == 'sendpassword') {
            // ส่งอีเมล์ยืนยันสมาชิก อีกครั้ง
            $sql = "SELECT `id`,`email`,`activatecode` FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `fb`='0'";
Ejemplo n.º 8
0
<?php

// modules/gallery/admin_action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'gallery_can_write')) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        $action = gcms::getVars($_POST, 'action', '');
        $ids = array();
        foreach (explode(',', $_POST['id']) as $id) {
            $ids[] = (int) $id;
        }
        if (sizeof($ids) > 0) {
            $ids = implode(',', $ids);
            if ($action == 'delete') {
                // ลบอัลบัม, ตรวจสอบ id
                $sql = "SELECT `id` FROM `" . DB_GALLERY_ALBUM . "` WHERE `id` IN ({$ids}) AND `module_id`=(SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='gallery')";
                $ids = array();
                foreach ($db->customQuery($sql) as $item) {
                    // ลบโฟลเดอร์และรูป
                    gcms::rm_dir(DATA_PATH . "gallery/{$item['id']}/");
                    // id ที่ลบ
                    $ids[] = $item['id'];
                }
                if (sizeof($ids) > 0) {
                    $ids = implode(',', $ids);
Ejemplo n.º 9
0
<?php

// widgets/board/getnews.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// ตรวจสอบ referer
if (gcms::isReferer() && preg_match('/^widget_([a-z0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)$/', $_POST['id'], $match)) {
    // อ่านโมดูล
    $sql = "SELECT `id`,`config`,`module` FROM `" . DB_MODULES . "` WHERE `id`=" . (int) $match[2] . " LIMIT 1";
    $index = $cache->get($sql);
    if (!$index) {
        $index = $db->customQuery($sql);
        if (sizeof($index) == 1) {
            $index = $index[0];
            // อ่าน config
            gcms::r2config($index['config'], $index);
            unset($index['config']);
            // save cached
            $cache->save($sql, $index);
        } else {
            $index = false;
        }
    }
    if ($index && $match[4] > 0) {
        // query
        $sql = "SELECT Q.`id`,Q.`topic`,Q.`picture`,Q.`last_update`,Q.`comment_date`,Q.`create_date`,Q.`detail`,U.`status`,U.`id` AS `member_id`";
        $sql .= ",(CASE WHEN ISNULL(U.`id`) THEN (CASE WHEN Q.`comment_date`>0 THEN Q.`commentator` ELSE Q.`email` END) ELSE (CASE WHEN U.`displayname`='' THEN U.`email` ELSE U.`displayname` END) END) AS `displayname`";
        $sql .= " FROM `" . DB_BOARD_Q . "` AS Q";
        $sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=(CASE WHEN Q.`comment_date`>0 THEN Q.`commentator_id` ELSE Q.`member_id` END)";
        $sql .= " WHERE Q.`module_id`={$index['id']}";
Ejemplo n.º 10
0
<?php

// admin/savewrite.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ แอดมิน
if (gcms::isReferer() && gcms::isAdmin() && (isset($_POST['intro']) || isset($_POST['maintenance']))) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        // ภาษาทีต้องการบันทึก
        $lang = gcms::getVars($_POST, 'write_language', '');
        $lang = in_array($lang, $config['languages']) ? $lang : LANGUAGE;
        $patt = array();
        $replace = array();
        // ตัด /r/n
        $patt[] = '/[\\r\\n]{1,}/su';
        $replace[] = '';
        // หน้าว่างๆ
        $patt[] = '/^(&nbsp;|\\s){0,}<br[\\s\\/]+?>(&nbsp;|\\s){0,}$/iu';
        $replace[] = '';
        // ตัด PHP
        $patt[] = '/<\\?(.*?)\\?>/su';
        $replace[] = '';
        $save = array();
        $detail = $db->sql_quote(preg_replace($patt, $replace, $_POST['write_detail']));
        // ตรวจสอบ ข้อความเดิม
        $key = isset($_POST['intro']) && $_POST['intro'] == 1 ? 'INTRO_PAGE_DETAIL' : 'MAINTENANCE_DETAIL';
        $search = $db->basicSearch(DB_LANGUAGE, 'key', $key);
Ejemplo n.º 11
0
<?php

// modules/video/admin_config_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::canConfig($config, 'video_can_config')) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        // โหลด config ใหม่
        $config = array();
        if (is_file(CONFIG)) {
            include CONFIG;
        }
        // ค่าที่ส่งมา
        $config['google_api_key'] = gcms::getVars($_POST, 'google_api_key', '');
        $config['video_cols'] = gcms::getVars($_POST, 'config_cols', 0);
        $config['video_rows'] = gcms::getVars($_POST, 'config_rows', 0);
        $config['video_can_write'] = isset($_POST['config_can_write']) ? $_POST['config_can_write'] : array();
        $config['video_can_write'][] = 1;
        $config['video_can_config'] = isset($_POST['config_can_config']) ? $_POST['config_can_config'] : array();
        $config['video_can_config'][] = 1;
        // บันทึก config.php
        if (gcms::saveconfig(CONFIG, $config)) {
            $ret['error'] = 'SAVE_COMPLETE';
            $ret['location'] = 'reload';
        } else {
            $ret['error'] = 'DO_NOT_SAVE';
Ejemplo n.º 12
0
<?php

// modules/edocument/admin_config_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::canConfig($config, 'edocument_can_config')) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        $error = false;
        // ตรวจสอบชนิดของไฟล์
        $file_typies = strtolower(preg_replace('/[\\s]/', '', $_POST['config_file_typies']));
        if ($file_typies != '') {
            foreach (explode(',', $file_typies) as $item) {
                if (!preg_match('/^[a-z0-9]{2,6}$/u', $item)) {
                    $error = true;
                }
            }
        }
        $edocument_format_no = $db->sql_trim_str($_POST, 'config_format_no');
        // ตรวจสอบค่าที่ส่งมา
        $ret['ret_config_format_no'] = '';
        $ret['ret_config_file_typies'] = '';
        if ($edocument_format_no == '') {
            $ret['error'] = 'EDOCUMENT_FORMAT_NO_EMPTY';
            $ret['input'] = 'config_format_no';
            $ret['ret_config_format_no'] = 'EDOCUMENT_FORMAT_NO_EMPTY';
        } elseif ($file_typies == '') {
Ejemplo n.º 13
0
<?php

// modules/edocument/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer
if (gcms::isReferer() && preg_match('/^(icon\\-)?(download|downloading|delete)\\s([0-9]+)$/', $_POST['id'], $match)) {
    // ค่าที่ส่งมา
    $action = $match[2];
    $id = $match[3];
    // login
    $login = gcms::getVars($_SESSION, 'login', array('id' => 0, 'status' => -1, 'email' => '', 'password' => ''));
    // guest = -1
    $status = isset($login['status']) ? $login['status'] : -1;
    if ($action == 'download' || $action == 'downloading') {
        // ไฟล์ดาวน์โหลด
        $sql = "SELECT D.*,N.`id` AS `download_id`,N.`downloads` FROM `" . DB_EDOCUMENT . "` AS D";
        $sql .= " LEFT JOIN `" . DB_EDOCUMENT_DOWNLOAD . "` AS N ON N.`document_id`=D.`id` AND N.`member_id`=" . (int) $login['id'];
        $sql .= " WHERE D.`id`=" . (int) $id . " LIMIT 1";
        $download = $db->customQuery($sql);
        $download = sizeof($download) == 1 ? $download[0] : false;
        $file_path = DATA_PATH . "edocument/{$download['file']}";
        // ตรวจสอบสถานะการดาวน์โหลด
        if (!$download || !is_file($file_path)) {
            $ret['error'] = 'DOWNLOAD_FILE_NOT_FOUND';
        } elseif (!in_array($status, explode(',', $download['reciever']))) {
            $ret['error'] = 'DO_NOT_DOWNLOAD';
        } elseif ($action == 'download') {
            $ret['confirm'] = 'CONFIRM_DOWNLOAD';
        } elseif ($action == 'downloading') {
Ejemplo n.º 14
0
<?php

// modules/download/admin_config_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'download_can_config')) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        // ตรวจสอบชนิดของไฟล์
        $error = false;
        $file_typies = strtolower(preg_replace('/[\\s]/', '', $_POST['config_file_typies']));
        if ($file_typies != '') {
            foreach (explode(',', $file_typies) as $item) {
                if (!preg_match('/^[a-z0-9]{2,6}$/u', $item)) {
                    $error = true;
                }
            }
        }
        // ตรวจสอบค่าที่ส่งมา
        $ret['ret_config_file_typies'] = '';
        if ($file_typies == '') {
            $ret['error'] = 'DOWNLOAD_FILE_TYPIES_EMPTY';
            $ret['input'] = 'config_file_typies';
            $ret['ret_config_file_typies'] = 'DOWNLOAD_FILE_TYPIES_EMPTY';
        } elseif ($error) {
            $ret['error'] = 'DOWNLOAD_FILE_TYPIES_INVALID';
            $ret['input'] = 'config_file_typies';
Ejemplo n.º 15
0
<?php

// modules/edocument/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::canConfig($config, 'edocument_moderator')) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        // ค่าที่ส่งมา
        $save = array();
        $save['document_no'] = $db->sql_trim_str($_POST, 'edocument_no');
        $save['topic'] = $db->sql_trim_str($_POST, 'edocument_topic');
        $save['detail'] = gcms::ckClean($_POST['edocument_detail']);
        if (isset($_POST['edocument_reciever'])) {
            $save['reciever'] = implode(',', $_POST['edocument_reciever']);
        }
        $id = gcms::getVars($_POST, 'write_id', 0);
        $file = $_FILES['edocument_file'];
        // ตรวจสอบค่าที่ส่งมา
        $error = false;
        $input = false;
        if ($id > 0) {
            // แก้ไข
            $sql = "SELECT D.*,M.`module`";
            $sql .= " FROM `" . DB_EDOCUMENT . "` AS D";
            $sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=D.`module_id`";
            $sql .= " WHERE D.`id`='{$id}' AND M.`owner`='edocument' LIMIT 1";
Ejemplo n.º 16
0
<?php

// admin/mailto.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ สมาชิก
if (gcms::isReferer() && gcms::isMember()) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        // ค่าที่ส่งมา
        $topic = htmlspecialchars(trim($_POST['email_subject']));
        $detail = gcms::ckClean($_POST['email_detail']);
        $reciever = htmlspecialchars(trim($_POST['email_reciever']));
        if (gcms::isAdmin()) {
            $sender = $db->getRec(DB_USER, $_POST['email_from']);
        } else {
            $sender = $_SESSION['login'];
        }
        // ตรวจสอบค่าที่ส่งมา
        if ($sender['email'] == '') {
            $ret['error'] = 'ACTION_ERROR';
        } elseif ($reciever == '') {
            $ret['error'] = 'RECIEVER_EMPTY';
            $ret['input'] = 'email_reciever';
        } elseif ($sender == $reciever) {
            $ret['error'] = 'ACTION_ERROR';
        } elseif ($topic == '') {
            $ret['error'] = 'TOPIC_EMPTY';
Ejemplo n.º 17
0
<?php

// modules/video/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer, member
if (gcms::isReferer() && preg_match('/^youtube_([0-9]+)_([a-zA-Z0-9\\-_]{11,11})$/', $_POST['id'], $match)) {
    $mv = $db->getRec(DB_VIDEO, $match[1]);
    // get video info
    $url = 'https://www.googleapis.com/youtube/v3/videos?part=statistics&id=' . $mv['youtube'] . '&key=' . gcms::getVars($config, 'google_api_key', '');
    if (function_exists('curl_init') && ($ch = @curl_init())) {
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        $feed = curl_exec($ch);
        curl_close($ch);
    } else {
        $feed = file_get_contents($url);
    }
    if ($feed != '') {
        $datas = json_decode($feed);
        $items = $datas->{'items'};
        if (sizeof($items) == 1) {
            $viewCount = (int) $items[0]->{'statistics'}->{'viewCount'};
            if ($viewCount != $mv['views']) {
                $db->edit(DB_VIDEO, $mv['id'], array('views' => $viewCount));
            }
        }
    }
    echo '<figure class=mv>';
    echo '<div class=youtube><iframe width=560 height=315 src="//www.youtube.com/embed/' . $mv['youtube'] . '?wmode=transparent" frameborder=0></iframe></div>';
Ejemplo n.º 18
0
<?php

// admin/savestatus.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::isAdmin()) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        // action
        $action = gcms::getVars($_POST, 'action', '');
        // โหลด config ใหม่
        $config = array();
        if (is_file(CONFIG)) {
            include CONFIG;
        }
        if ($action == 'config_status_add') {
            if (!isset($config['member_status'][0])) {
                $config['member_status'][0] = 'สมาชิก';
                $config['color_status'][0] = '#006600';
            }
            if (!isset($config['member_status'][1])) {
                $config['member_status'][1] = 'ผู้ดูแลระบบ';
                $config['color_status'][1] = '#FF0000';
            }
            // เพิ่มสถานะสมาชิกใหม่
            $config['member_status'][] = "{$lng['LNG_CLICK_TO']} {$lng['LNG_EDIT']}";
            $config['color_status'][] = '#000000';
Ejemplo n.º 19
0
<?php

// modules/event/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ สมาชิก
if (gcms::isReferer() && gcms::canConfig($config, 'event_can_write')) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        // ค่าที่ส่งมา
        $save['topic'] = gcms::getTags($_POST['write_topic']);
        $keywords = gcms::getTags($_POST['write_keywords']);
        $save['keywords'] = $db->sql_clean(gcms::cutstring(preg_replace('/[\'\\"\\r\\n\\s]{1,}/isu', ' ', $keywords == '' ? $save['topic'] : $keywords), 149));
        $description = trim(gcms::getVars($_POST, 'write_description', ''));
        $save['description'] = $db->sql_trim_str(gcms::cutstring(gcms::html2txt($description == '' ? $_POST['write_detail'] : $description), 149));
        $save['detail'] = gcms::ckDetail($_POST['write_detail']);
        $save['published_date'] = $db->sql_trim_str($_POST, 'write_published_date');
        $save['published'] = $_POST['write_published'] == '1' ? '1' : '0';
        $save['begin_date'] = "{$_POST['write_d']} {$_POST['write_h']}:{$_POST['write_m']}:00";
        $save['color'] = $db->sql_trim_str($_POST, 'write_color');
        $id = gcms::getVars($_POST, 'write_id', 0);
        if ($id > 0) {
            // ตรวจสอบโมดูล หรือ เรื่องที่เลือก (แก้ไข)
            $sql = "SELECT I.`module_id`,M.`module`";
            $sql .= " FROM `" . DB_EVENTCALENDAR . "` AS I";
            $sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`owner`='event' AND M.`id`=I.`module_id`";
            $sql .= " WHERE I.`id`='{$id}'";
            $sql .= " LIMIT 1";
Ejemplo n.º 20
0
<?php

// widgets/tags/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer
if (gcms::isReferer()) {
    // อัปเดทการคลิก
    list($action, $id) = explode('-', $_POST['id']);
    if ($action == 'tags') {
        $sql = "UPDATE `" . DB_TAGS . "` SET `count`=`count`+1 WHERE `id`=" . (int) $id . " LIMIT 1";
        $db->query($sql);
    }
}
Ejemplo n.º 21
0
<?php

// modules/document/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer
if (gcms::isReferer() && preg_match('/(quote|edit|delete|deleting|pin|lock|print|pdf)-([0-9]+)-([0-9]+)-([0-9]+)-(.*)$/', $_POST['id'], $match)) {
    $action = $match[1];
    $qid = (int) $match[2];
    $rid = (int) $match[3];
    $no = (int) $match[4];
    $module = $match[5];
    if ($rid > 0) {
        // คำตอบ
        $sql = "SELECT C.`detail`,Q.`category_id`,C.`member_id`,U.`status`,M.`id` AS `module_id`,M.`module`,M.`config`";
        $sql .= " FROM `" . DB_COMMENT . "` AS C";
        $sql .= " INNER JOIN `" . DB_INDEX . "` AS Q ON Q.`id`=C.`index_id` AND Q.`module_id`=C.`module_id` AND Q.`index`='0'";
        $sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=C.`module_id`";
        $sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=C.`member_id`";
        $sql .= " WHERE C.`id`='{$rid}'";
        $sql .= " LIMIT 1";
    } else {
        // คำถาม
        $sql = "SELECT D.`topic`,D.`detail`,Q.`category_id`,Q.`member_id`,U.`status`,M.`id` AS `module_id`,M.`module`,M.`config`";
        $sql .= " FROM `" . DB_INDEX . "` AS Q";
        $sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=Q.`module_id`";
        $sql .= " INNER JOIN `" . DB_INDEX_DETAIL . "` AS D ON D.`id`=Q.`id` AND D.`module_id`=Q.`module_id` AND D.`language` IN ('" . LANGUAGE . "','')";
        $sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=Q.`member_id`";
        $sql .= " WHERE Q.`id`='{$qid}'";