<?php
session_start();
//memulai session
include "lib/koneksi.php";
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter_sql;
}
$passwordlama = antiinjection($_POST['oldPass']);
$passwordbaru1 = antiinjection($_POST['newPass1']);
$passwordbaru2 = antiinjection($_POST['newPass2']);
$username = $_SESSION['username'];
$nip = $_SESSION['nip_baru'];
// cek benar tidaknya password yang lama
$query = "select * from user where username='******' and status_user='******'";
$hasil = mysql_query($query);
$data = mysql_fetch_array($hasil);
$tglkini = date('Y-m-d');
//cek kesesuain password
$pengacak = "AJWKXLAJSCLWLW";
$passwordbaruenkrip = md5($pengacak . md5($passwordbaru1) . $pengacak);
$query = "UPDATE user SET password = '******' WHERE username = '******' and nip_baru='{$nip}' ";
$hasil = mysql_query($query);
mysql_query("INSERT INTO historybcf15(namaaksi,tanggalaksi,nama_user,nip_user,userdiupdate,nipuserdiupdate)VALUES('updatepassword','{$tglkini}','" . $_SESSION['nm_lengkap'] . "','" . $_SESSION['nip_baru'] . "','" . $_SESSION['nm_lengkap'] . "','" . $_SESSION['nip_baru'] . "')");
if ($hasil) {
echo "<div><img src='images/new/warning.png'/> <font color='blue' size='4'>Reset Password Sukses</font></div> ";
}
echo '<script type="text/javascript">window.location="index.php?hal=home"</script>';
$keterangan = antiinjection($_POST['keterangan']);
mysqli_query($connecDB, "INSERT INTO submenu (idMenu, namaSubMenu, modul, keterangan) \n VALUES ('{$idMenu}', '{$namaSubMenu}', '{$modul}', '{$keterangan}')");
header('Location: ./menu/');
}
if (isset($_POST['editSubMenu'])) {
header('Content-Type: text/plain');
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES, 'UTF-8'))));
return $filter_sql;
}
$id = antiinjection($_POST['id']);
$idMenu = antiinjection($_POST['idMenu']);
$namaSubMenu = antiinjection($_POST['namaSubMenu']);
$modul = antiinjection($_POST['modul']);
$keterangan = antiinjection($_POST['keterangan']);
mysqli_query($connecDB, "UPDATE submenu SET idMenu = '{$idMenu}',\n namaSubMenu = '{$namaSubMenu}',\n modul = '{$modul}',\n keterangan = '{$keterangan}' WHERE idSubmenu = '{$id}'");
header('Location: ./menu/');
}
if (isset($_POST['bannerAdd'])) {
$target_dir = "../images/";
$target_file = $target_dir . basename($_FILES["banner"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if (isset($_POST["submit"])) {
$check = getimagesize($_FILES["banner"]["tmp_name"]);
if ($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
<head>
<title></title>
</head>
<body>
<?php
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter_sql;
}
if (isset($_POST['submit'])) {
$passbaru = antiinjection($_POST['passbaru']);
$id = $_POST['iduser'];
$pengacak = "AJWKXLAJSCLWLW";
$passwordbaruenkrip = md5($pengacak . md5($passbaru) . $pengacak);
$query = "UPDATE user SET password = '******' WHERE iduser='******' ";
$hasil = mysql_query($query);
echo "<div><img src='images/new/warning.png'/> <font color='blue' size='4'>Reset Password Sukses</font></div> ";
echo "<script type='text/javascript'>window.location='index.php?hal=user&pilih=manajemenuserresetpass&id={$id}'</script>";
} else {
$id = $_GET['id'];
// menangkap id
$sql = "SELECT * FROM user WHERE iduser={$id}";
// memanggil data dengan id yang ditangkap tadi
$query = mysql_query($sql);
$data = mysql_fetch_array($query);
?>
$komentar = trim($_POST['isi_komentar']);
if (empty($nama)) {
echo "Anda belum mengisikan NAMA<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>";
} elseif (empty($komentar)) {
echo "Anda belum mengisikan KOMENTAR<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>";
} elseif (strlen($_POST['isi_komentar']) > 1000) {
echo "KOMENTAR Anda kepanjangan, dikurangin atau dibagi jadi beberapa bagian.<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>";
} else {
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter_sql;
}
$nama_komentar = antiinjection($_POST['nama_komentar']);
$url = antiinjection($_POST['url']);
$isi_komentar = antiinjection($_POST['isi_komentar']);
if (!empty($_POST['kode'])) {
if ($_POST['kode'] == $_SESSION['captcha_session']) {
// Mengatasi input komentar tanpa spasi
$split_text = explode(" ", $isi_komentar);
$split_count = count($split_text);
$max = 57;
for ($i = 0; $i <= $split_count; $i++) {
if (strlen($split_text[$i]) >= $max) {
for ($j = 0; $j <= strlen($split_text[$i]); $j++) {
$char[$j] = substr($split_text[$i], $j, 1);
if ($j % $max == 0 && $j != 0) {
$v_text .= $char[$j] . ' ';
} else {
$v_text .= $char[$j];
}
<?php
require "../config/config.php";
require '../function/antiinjection.php';
if (isset($_POST['input'])) {
$nama_partner = antiinjection($_POST['nama_partner']);
if (isset($_FILES['logo'])) {
$logo = "";
$sumber = $_FILES['logo']['tmp_name'];
$tujuan = "../../images/partner/" . $_FILES['logo']['name'];
$tujuan1 = "/images/partner/" . $_FILES['logo']['name'];
//////////////////////
$logo = $_FILES['logo']['name'];
//////////////////////
move_uploaded_file($sumber, $tujuan);
/////////////////////
}
$insertquery = "insert into t_partner (id_partner, nama_partner, logo, tgl) values ('','{$nama_partner}','{$logo}',now())";
$sql = mysql_query($insertquery);
if ($sql) {
echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong>Successfully Saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
} else {
echo "\n\t\t\t\t<div class='alert alert-error'> \n\t\t\t\t<strong>Error !</strong> Failed to Save\n\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
}
}
?>
<script type='text/javascript' src='../assets/js/validationengine/languages/jquery.validationEngine-en.js'></script>
<script type='text/javascript' src='../assets/js/validationengine/jquery.validationEngine.js'></script>
<script type='text/javascript' src='../assets/js/maskedinput/jquery.maskedinput.min.js'></script>
<?php
if (isset($_POST['createAccount'])) {
include "config/connection.php";
header('Content-Type: text/plain');
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES, 'UTF-8'))));
return $filter_sql;
}
$namaLengkap = $_POST['namaLengkap'];
$username = $_POST['username'];
$password = antiinjection($_POST['password']);
$repassword = antiinjection($_POST['repassword']);
$salt = '~!@#$%^&*(1111)_+ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$pass = sha1(md5($salt . $password));
$repass = sha1(md5($salt . $repassword));
if ($pass !== $repass) {
header('Location: installation/3/errorpassword');
die;
} else {
mysqli_query($connecDB, "INSERT INTO administrator (namaAuthor, profesi, linkGoogle, username, password) \r\n\t\t\t\t\t\t\t VALUES ('{$namaLengkap}', '', '', '{$username}', '{$pass}')") or die(mysql_error());
rename('statusInstallation.txt', 'config/statusInstallation.txt');
header('Location: installation/finish');
}
}
<?php
session_start();
require 'config/config.php';
require 'function/antiinjection.php';
if (isset($_POST['login'])) {
$ket_admin = "admin";
$ket_user = "******";
$user = antiinjection($_POST['user']);
$pass = antiinjection($_POST['pass']);
$query = "select id_admin, username, password from t_admin where username = '******' and password = '******' ";
$sql = mysql_query($query);
$hasil = mysql_fetch_array($sql);
$id = $hasil['id_admin'];
$username = $hasil['username'];
$password = $hasil['password'];
if ($user == $username && $pass == $password) {
//menciptakan session
$_SESSION['login'] = $user;
//menuju ke halaman pemerikasaan session
header('Location:dashboard/index.php');
} else {
if ($user == $username && $pass == $password) {
//menciptakan session
$_SESSION['login'] = $user;
//menuju ke halaman pemerikasaan session
header('Location:dashboard/home_db.php');
} else {
if ($user == $username && $pass == $password) {
//menciptakan session
$_SESSION['login'] = $user;
<?php
include "../config/koneksi.php";
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter_sql;
}
$username = antiinjection($_POST['username']);
$pass = antiinjection($_POST['password']);
$login = mysql_query("SELECT * FROM admins WHERE username='******' AND password='******'");
$ketemu = mysql_num_rows($login);
$r = mysql_fetch_array($login);
// Apabila username dan password ditemukan
if ($ketemu > 0) {
session_start();
"namauser";
"namalengkap";
"passuser";
"leveluser";
$_SESSION[namauser] = $r[username];
$_SESSION[namalengkap] = $r[nama_lengkap];
$_SESSION[passuser] = $r[password];
$_SESSION[leveluser] = $r[level];
header('location:media.php?module=home');
} else {
echo "<link href=../config/adminstyle.css rel=stylesheet type=text/css>";
echo "<center>LOGIN GAGAL! <br> \n Username atau Password Anda tidak benar.<br>\n Atau account Anda sedang diblokir.<br>";
echo "<a href=index.php><b>ULANGI LAGI</b></a></center>";
}
<?php
require "../config/config.php";
require '../function/antiinjection.php';
if (isset($_POST['input'])) {
$nama = antiinjection($_POST['nama']);
$jabatan = antiinjection($_POST['jabatan']);
$pesan = antiinjection($_POST['pesan']);
if (isset($_FILES['foto'])) {
$foto = "";
$sumber = $_FILES['foto']['tmp_name'];
$tujuan = "../../images/testimonial/" . $_FILES['foto']['name'];
$tujuan1 = "/images/testimonial/" . $_FILES['foto']['name'];
//////////////////////
$foto = $_FILES['foto']['name'];
//////////////////////
move_uploaded_file($sumber, $tujuan);
/////////////////////
}
$insertquery = "insert into t_testimoni (id_testimoni, foto, nama, jabatan, pesan, tgl) values ('','{$foto}','{$nama}','{$jabatan}','{$pesan}',now())";
$sql = mysql_query($insertquery);
if ($sql) {
echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong> Successfully Saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
} else {
echo "\n\t\t\t\t<div class='alert alert-error'> \n\t\t\t\t<strong>Error !</strong> Failed to Save\n\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
}
}
?>
<script type='text/javascript' src='../assets/js/validationengine/languages/jquery.validationEngine-en.js'></script>
external_link_list_url : "lists/link_list.js",
external_image_list_url : "lists/image_list.js",
media_external_list_url : "lists/media_list.js",
template_replace_values : {
username : "******",
staffid : "991234"
}
});
</script>
<?php
require "../config/config.php";
require '../function/antiinjection.php';
if (isset($_POST['input'])) {
$judul = antiinjection($_POST['judul']);
$deskripsi = antiinjection($_POST['deskripsi']);
if (isset($_FILES['foto'])) {
$foto = "";
$sumber = $_FILES['foto']['tmp_name'];
$tujuan = "../../images/slider/" . $_FILES['foto']['name'];
$tujuan1 = "/images/slider/" . $_FILES['foto']['name'];
//////////////////////
$foto = $_FILES['foto']['name'];
//////////////////////
move_uploaded_file($sumber, $tujuan);
/////////////////////
}
$insertquery = "insert into t_slider (id_slider, foto, judul, deskripsi, tgl) values ('','{$foto}','{$judul}','{$deskripsi}',now())";
$sql = mysql_query($insertquery);
if ($sql) {
echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong> Successfully saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
<?php
include "../config/koneksi.php";
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter_sql;
}
$username = antiinjection($_POST[username]);
$pass = antiinjection(md5($_POST[password]));
$login = mysql_query("SELECT * FROM admins WHERE username='******' AND password='******' AND blokir='N'");
$ketemu = mysql_num_rows($login);
$r = mysql_fetch_array($login);
// Apabila username dan password ditemukan
if ($ketemu > 0) {
session_start();
session_register("namauser");
session_register("namalengkap");
session_register("passuser");
session_register("leveluser");
$_SESSION[namauser] = $r[username];
$_SESSION[namalengkap] = $r[nama_lengkap];
$_SESSION[passuser] = $r[password];
$_SESSION[leveluser] = $r[level];
header('location:media.php?module=home');
} else {
echo "<link href=../config/adminstyle.css rel=stylesheet type=text/css>";
echo "<center>LOGIN GAGAL! <br> \n Username atau Password Anda tidak benar.<br>\n Atau account Anda sedang diblokir.<br>";
echo "<a href=index.php><b>ULANGI LAGI</b></a></center>";
}
username : "******",
staffid : "991234"
}
});
</script>
<?php
require "../config/config.php";
require '../function/antiinjection.php';
if (isset($_POST['input'])) {
$nama = antiinjection($_POST['nama']);
$jabatan = antiinjection($_POST['jabatan']);
$deskripsi = antiinjection($_POST['deskripsi']);
$fb = antiinjection($_POST['fb']);
$twitter = antiinjection($_POST['twitter']);
$google = antiinjection($_POST['google']);
$link_in = antiinjection($_POST['link_in']);
if (isset($_FILES['foto'])) {
$foto = "";
$sumber = $_FILES['foto']['tmp_name'];
$tujuan = "../../images/team/" . $_FILES['foto']['name'];
$tujuan1 = "/images/team/" . $_FILES['foto']['name'];
//////////////////////
$foto = $_FILES['foto']['name'];
//////////////////////
move_uploaded_file($sumber, $tujuan);
/////////////////////
}
$insertquery = "insert into t_team (id_team, nama, jabatan, foto, deskripsi, fb, twitter, google, link_in, tgl) values ('','{$nama}','{$jabatan}','{$foto}','{$deskripsi}','{$fb}','{$twitter}','{$google}','{$link_in}',now())";
$sql = mysql_query($insertquery);
if ($sql) {
echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong>Successfully Saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
<?php
include 'inc/koneksi.php';
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter_sql;
}
session_start();
//tangkap data dari form login
$username = $_POST['username'];
$password = md5($_POST['password']);
//untuk mencegah sql injection
$username = antiinjection($username);
$password = antiinjection($password);
$loginadmin = mysql_query("select * from admin where username='******' and password='******'");
$q = mysql_fetch_array($loginadmin);
if (mysql_num_rows($loginadmin) == 1) {
//kalau user dan password sudah terdaftar di database
//buat session dengan username dengan isi nama user yang login
$_SESSION['username'] = $q['username'];
$_SESSION['password'] = $q['password'];
$_SESSION['nama'] = $q['nama'];
//redirect ke halaman index
header('location:admin/index.php');
} else {
//kalau username ataupun password tidak terdaftar di database
header('location:index.php?error=4');
}
$sql = mysql_query("SELECT * FROM orders_temp WHERE id_session='{$sid}'");
while ($r = mysql_fetch_array($sql)) {
$isikeranjang[] = $r;
}
return $isikeranjang;
}
$tgl_skrg = date("Ymd");
$jam_skrg = date("H:i:s");
if (!empty($_POST['kode'])) {
if ($_POST['kode'] == $_SESSION['captcha_session']) {
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter_sql;
}
$nama = antiinjection($_POST['nama']);
$alamat = antiinjection($_POST['alamat']);
$telpon = antiinjection($_POST['telpon']);
$email = antiinjection($_POST['email']);
$password = md5($_POST['password']);
// simpan data kustomer
mysql_query("INSERT INTO kustomer(nama_lengkap, password, alamat, telpon, email, id_kota) \n VALUES('{$nama}','{$password}','{$alamat}','{$telpon}','{$email}','{$_POST['kota']}')");
echo "<script>window.alert('Pendaftaran Berhasil, Klok OK untuk melanjtkan')</script>";
echo "<meta http-equiv='refresh' content='0; url=index.php?hal=daftar'>";
}
}
}
?>
</body>
</html>
function protect($vA)
{
$v = antiinjection($vA);
$v = mysql_real_escape_string($v);
$v = htmlentities($v, ENT_QUOTES);
$v = trim($v);
return $v;
}
<?php
include "config/koneksi.php";
include "config/library.php";
$username = antiinjection($_POST['username']);
$pass = antiinjection(md5(md5($_POST['password'])));
$login = mysql_query("SELECT * FROM users WHERE username='******' AND password='******' AND blokir='N'");
mysql_close();
$ketemu = mysql_num_rows($login);
$r = mysql_fetch_array($login);
if ($ketemu > 0) {
session_start();
$_SESSION['namauser'] = $r['username'];
$_SESSION['namalengkap'] = $r['nama_lengkap'];
$_SESSION['passuser'] = $r['password'];
$_SESSION['leveluser'] = $r['level'];
$_SESSION['kode'] = $r['kode'];
$_SESSION['nik'] = $r['nik'];
header('location:media.php?module=home');
} else {
echo "<link href=../config/adminstyle.css rel=stylesheet type=text/css>";
echo "<center>LOGIN GAGAL! <br> \n Username atau Password Anda tidak benar.<br>\n Atau account Anda sedang diblokir.<br>";
echo "<a href=index.php><b>ULANGI LAGI </b></a></center>";
}
echo "<script>window.alert('Nama tidak boleh berupa simbol atau angka');window.location=('javascript:history.go(-1)');</script>";
} elseif (!ereg("[0-9]", "{$_POST['no_telp']}")) {
echo "<script>window.alert('Telpon tidak boleh berupa huruf');window.location=('javascript:history.go(-1)');</script>";
} elseif (strlen($kar1) == 0 or strlen($kar2) == 0) {
echo "<script>window.alert('Format email tidak valid');window.location=('javascript:history.go(-1)');</script>";
} else {
function antiinjection($data)
{
$filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter_sql;
}
$nama = antiinjection($_POST['username']);
$password = antiinjection(md5($_POST['password']));
$nama_lengkap = antiinjection($_POST['nama_lengkap']);
$email = antiinjection($_POST['email']);
$telp = antiinjection($_POST['no_telp']);
if (!empty($_POST['kode'])) {
if ($_POST['kode'] == $_SESSION['captcha_session']) {
// Mengatasi input komentar tanpa spasi
$split_text = explode(" ", $pesan);
$split_count = count($split_text);
$max = 100;
for ($i = 0; $i <= $split_count; $i++) {
if (strlen($split_text[$i]) >= $max) {
for ($j = 0; $j <= strlen($split_text[$i]); $j++) {
$char[$j] = substr($split_text[$i], $j, 1);
if ($j % $max == 0 && $j != 0) {
$v_text .= $char[$j] . ' ';
} else {
$v_text .= $char[$j];
}
<?php
require "../config/config.php";
require '../function/antiinjection.php';
if (isset($_POST['input'])) {
$judul = antiinjection($_POST['judul']);
$deskripsi = antiinjection($_POST['deskripsi']);
$video = antiinjection($_POST['video']);
$kategori = antiinjection($_POST['kategori']);
$insertquery = "insert into t_gallery_foto (id_gallery_foto, judul, deskripsi, tgl, kategori, video) values ('','{$judul}','{$deskripsi}',now(),'{$kategori}','{$video}')";
$sql = mysql_query($insertquery);
if ($sql) {
echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong> Successfully Saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
} else {
echo "\n\t\t\t\t<div class='alert alert-error'> \n\t\t\t\t<strong>Error !</strong> Failed to Save\n\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
}
}
?>
<script type='text/javascript' src='../assets/js/validationengine/languages/jquery.validationEngine-en.js'></script>
<script type='text/javascript' src='../assets/js/validationengine/jquery.validationEngine.js'></script>
<script type='text/javascript' src='../assets/js/maskedinput/jquery.maskedinput.min.js'></script>
<div class='alert alert-success'>
<a href='gallery.php'>
<strong>View Gallery Video !</strong>
</a>
</div>
<div class="row-fluid ">
<?php
require "../config/config.php";
require '../function/antiinjection.php';
if (isset($_POST['input'])) {
//Get the input result, secured by anti sql injection function
$username = antiinjection($_POST['username']);
$password = antiinjection($_POST['password']);
$email = antiinjection($_POST['email']);
$nama = antiinjection($_POST['nama']);
//Get the data
$select = "select username from admin where username like '{$username}'";
$qselect = mysql_query($select);
$r = mysql_fetch_array($qselect);
//Check mysql query
if ($qselect) {
$user = $r['username'];
//Check available of field, avoid redundancy of data
if ($username != $user) {
if (isset($_FILES['gambar'])) {
$gambar = "";
$sumber = $_FILES['gambar']['tmp_name'];
$tujuan = "../../images/admin/" . $_FILES['gambar']['name'];
$tujuan1 = "/images/admin/" . $_FILES['gambar']['name'];
//////////////////////
$gambar = $_FILES['gambar']['name'];
//////////////////////
move_uploaded_file($sumber, $tujuan);
/////////////////////
}
$insertquery = "insert into admin (id_admin, nama, email, username, password, foto) values ('','{$nama}', '{$email}','{$username}','{$password}','{$gambar}')";
