<?php session_start(); //memulai session include "lib/koneksi.php"; function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)))); return $filter_sql; } $passwordlama = antiinjection($_POST['oldPass']); $passwordbaru1 = antiinjection($_POST['newPass1']); $passwordbaru2 = antiinjection($_POST['newPass2']); $username = $_SESSION['username']; $nip = $_SESSION['nip_baru']; // cek benar tidaknya password yang lama $query = "select * from user where username='******' and status_user='******'"; $hasil = mysql_query($query); $data = mysql_fetch_array($hasil); $tglkini = date('Y-m-d'); //cek kesesuain password $pengacak = "AJWKXLAJSCLWLW"; $passwordbaruenkrip = md5($pengacak . md5($passwordbaru1) . $pengacak); $query = "UPDATE user SET password = '******' WHERE username = '******' and nip_baru='{$nip}' "; $hasil = mysql_query($query); mysql_query("INSERT INTO historybcf15(namaaksi,tanggalaksi,nama_user,nip_user,userdiupdate,nipuserdiupdate)VALUES('updatepassword','{$tglkini}','" . $_SESSION['nm_lengkap'] . "','" . $_SESSION['nip_baru'] . "','" . $_SESSION['nm_lengkap'] . "','" . $_SESSION['nip_baru'] . "')"); if ($hasil) { echo "<div><img src='images/new/warning.png'/> <font color='blue' size='4'>Reset Password Sukses</font></div> "; } echo '<script type="text/javascript">window.location="index.php?hal=home"</script>';
$keterangan = antiinjection($_POST['keterangan']); mysqli_query($connecDB, "INSERT INTO submenu (idMenu, namaSubMenu, modul, keterangan) \n VALUES ('{$idMenu}', '{$namaSubMenu}', '{$modul}', '{$keterangan}')"); header('Location: ./menu/'); } if (isset($_POST['editSubMenu'])) { header('Content-Type: text/plain'); function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES, 'UTF-8')))); return $filter_sql; } $id = antiinjection($_POST['id']); $idMenu = antiinjection($_POST['idMenu']); $namaSubMenu = antiinjection($_POST['namaSubMenu']); $modul = antiinjection($_POST['modul']); $keterangan = antiinjection($_POST['keterangan']); mysqli_query($connecDB, "UPDATE submenu SET idMenu = '{$idMenu}',\n namaSubMenu = '{$namaSubMenu}',\n modul = '{$modul}',\n keterangan = '{$keterangan}' WHERE idSubmenu = '{$id}'"); header('Location: ./menu/'); } if (isset($_POST['bannerAdd'])) { $target_dir = "../images/"; $target_file = $target_dir . basename($_FILES["banner"]["name"]); $uploadOk = 1; $imageFileType = pathinfo($target_file, PATHINFO_EXTENSION); // Check if image file is a actual image or fake image if (isset($_POST["submit"])) { $check = getimagesize($_FILES["banner"]["tmp_name"]); if ($check !== false) { echo "File is an image - " . $check["mime"] . "."; $uploadOk = 1; } else {
<head> <title></title> </head> <body> <?php function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)))); return $filter_sql; } if (isset($_POST['submit'])) { $passbaru = antiinjection($_POST['passbaru']); $id = $_POST['iduser']; $pengacak = "AJWKXLAJSCLWLW"; $passwordbaruenkrip = md5($pengacak . md5($passbaru) . $pengacak); $query = "UPDATE user SET password = '******' WHERE iduser='******' "; $hasil = mysql_query($query); echo "<div><img src='images/new/warning.png'/> <font color='blue' size='4'>Reset Password Sukses</font></div> "; echo "<script type='text/javascript'>window.location='index.php?hal=user&pilih=manajemenuserresetpass&id={$id}'</script>"; } else { $id = $_GET['id']; // menangkap id $sql = "SELECT * FROM user WHERE iduser={$id}"; // memanggil data dengan id yang ditangkap tadi $query = mysql_query($sql); $data = mysql_fetch_array($query); ?>
$komentar = trim($_POST['isi_komentar']); if (empty($nama)) { echo "Anda belum mengisikan NAMA<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>"; } elseif (empty($komentar)) { echo "Anda belum mengisikan KOMENTAR<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>"; } elseif (strlen($_POST['isi_komentar']) > 1000) { echo "KOMENTAR Anda kepanjangan, dikurangin atau dibagi jadi beberapa bagian.<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>"; } else { function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)))); return $filter_sql; } $nama_komentar = antiinjection($_POST['nama_komentar']); $url = antiinjection($_POST['url']); $isi_komentar = antiinjection($_POST['isi_komentar']); if (!empty($_POST['kode'])) { if ($_POST['kode'] == $_SESSION['captcha_session']) { // Mengatasi input komentar tanpa spasi $split_text = explode(" ", $isi_komentar); $split_count = count($split_text); $max = 57; for ($i = 0; $i <= $split_count; $i++) { if (strlen($split_text[$i]) >= $max) { for ($j = 0; $j <= strlen($split_text[$i]); $j++) { $char[$j] = substr($split_text[$i], $j, 1); if ($j % $max == 0 && $j != 0) { $v_text .= $char[$j] . ' '; } else { $v_text .= $char[$j]; }
<?php require "../config/config.php"; require '../function/antiinjection.php'; if (isset($_POST['input'])) { $nama_partner = antiinjection($_POST['nama_partner']); if (isset($_FILES['logo'])) { $logo = ""; $sumber = $_FILES['logo']['tmp_name']; $tujuan = "../../images/partner/" . $_FILES['logo']['name']; $tujuan1 = "/images/partner/" . $_FILES['logo']['name']; ////////////////////// $logo = $_FILES['logo']['name']; ////////////////////// move_uploaded_file($sumber, $tujuan); ///////////////////// } $insertquery = "insert into t_partner (id_partner, nama_partner, logo, tgl) values ('','{$nama_partner}','{$logo}',now())"; $sql = mysql_query($insertquery); if ($sql) { echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong>Successfully Saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t"; } else { echo "\n\t\t\t\t<div class='alert alert-error'> \n\t\t\t\t<strong>Error !</strong> Failed to Save\n\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t"; } } ?> <script type='text/javascript' src='../assets/js/validationengine/languages/jquery.validationEngine-en.js'></script> <script type='text/javascript' src='../assets/js/validationengine/jquery.validationEngine.js'></script> <script type='text/javascript' src='../assets/js/maskedinput/jquery.maskedinput.min.js'></script>
<?php if (isset($_POST['createAccount'])) { include "config/connection.php"; header('Content-Type: text/plain'); function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES, 'UTF-8')))); return $filter_sql; } $namaLengkap = $_POST['namaLengkap']; $username = $_POST['username']; $password = antiinjection($_POST['password']); $repassword = antiinjection($_POST['repassword']); $salt = '~!@#$%^&*(1111)_+ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890'; $pass = sha1(md5($salt . $password)); $repass = sha1(md5($salt . $repassword)); if ($pass !== $repass) { header('Location: installation/3/errorpassword'); die; } else { mysqli_query($connecDB, "INSERT INTO administrator (namaAuthor, profesi, linkGoogle, username, password) \r\n\t\t\t\t\t\t\t VALUES ('{$namaLengkap}', '', '', '{$username}', '{$pass}')") or die(mysql_error()); rename('statusInstallation.txt', 'config/statusInstallation.txt'); header('Location: installation/finish'); } }
<?php session_start(); require 'config/config.php'; require 'function/antiinjection.php'; if (isset($_POST['login'])) { $ket_admin = "admin"; $ket_user = "******"; $user = antiinjection($_POST['user']); $pass = antiinjection($_POST['pass']); $query = "select id_admin, username, password from t_admin where username = '******' and password = '******' "; $sql = mysql_query($query); $hasil = mysql_fetch_array($sql); $id = $hasil['id_admin']; $username = $hasil['username']; $password = $hasil['password']; if ($user == $username && $pass == $password) { //menciptakan session $_SESSION['login'] = $user; //menuju ke halaman pemerikasaan session header('Location:dashboard/index.php'); } else { if ($user == $username && $pass == $password) { //menciptakan session $_SESSION['login'] = $user; //menuju ke halaman pemerikasaan session header('Location:dashboard/home_db.php'); } else { if ($user == $username && $pass == $password) { //menciptakan session $_SESSION['login'] = $user;
<?php include "../config/koneksi.php"; function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)))); return $filter_sql; } $username = antiinjection($_POST['username']); $pass = antiinjection($_POST['password']); $login = mysql_query("SELECT * FROM admins WHERE username='******' AND password='******'"); $ketemu = mysql_num_rows($login); $r = mysql_fetch_array($login); // Apabila username dan password ditemukan if ($ketemu > 0) { session_start(); "namauser"; "namalengkap"; "passuser"; "leveluser"; $_SESSION[namauser] = $r[username]; $_SESSION[namalengkap] = $r[nama_lengkap]; $_SESSION[passuser] = $r[password]; $_SESSION[leveluser] = $r[level]; header('location:media.php?module=home'); } else { echo "<link href=../config/adminstyle.css rel=stylesheet type=text/css>"; echo "<center>LOGIN GAGAL! <br> \n Username atau Password Anda tidak benar.<br>\n Atau account Anda sedang diblokir.<br>"; echo "<a href=index.php><b>ULANGI LAGI</b></a></center>"; }
<?php require "../config/config.php"; require '../function/antiinjection.php'; if (isset($_POST['input'])) { $nama = antiinjection($_POST['nama']); $jabatan = antiinjection($_POST['jabatan']); $pesan = antiinjection($_POST['pesan']); if (isset($_FILES['foto'])) { $foto = ""; $sumber = $_FILES['foto']['tmp_name']; $tujuan = "../../images/testimonial/" . $_FILES['foto']['name']; $tujuan1 = "/images/testimonial/" . $_FILES['foto']['name']; ////////////////////// $foto = $_FILES['foto']['name']; ////////////////////// move_uploaded_file($sumber, $tujuan); ///////////////////// } $insertquery = "insert into t_testimoni (id_testimoni, foto, nama, jabatan, pesan, tgl) values ('','{$foto}','{$nama}','{$jabatan}','{$pesan}',now())"; $sql = mysql_query($insertquery); if ($sql) { echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong> Successfully Saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t"; } else { echo "\n\t\t\t\t<div class='alert alert-error'> \n\t\t\t\t<strong>Error !</strong> Failed to Save\n\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t"; } } ?> <script type='text/javascript' src='../assets/js/validationengine/languages/jquery.validationEngine-en.js'></script>
external_link_list_url : "lists/link_list.js", external_image_list_url : "lists/image_list.js", media_external_list_url : "lists/media_list.js", template_replace_values : { username : "******", staffid : "991234" } }); </script> <?php require "../config/config.php"; require '../function/antiinjection.php'; if (isset($_POST['input'])) { $judul = antiinjection($_POST['judul']); $deskripsi = antiinjection($_POST['deskripsi']); if (isset($_FILES['foto'])) { $foto = ""; $sumber = $_FILES['foto']['tmp_name']; $tujuan = "../../images/slider/" . $_FILES['foto']['name']; $tujuan1 = "/images/slider/" . $_FILES['foto']['name']; ////////////////////// $foto = $_FILES['foto']['name']; ////////////////////// move_uploaded_file($sumber, $tujuan); ///////////////////// } $insertquery = "insert into t_slider (id_slider, foto, judul, deskripsi, tgl) values ('','{$foto}','{$judul}','{$deskripsi}',now())"; $sql = mysql_query($insertquery); if ($sql) { echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong> Successfully saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
<?php include "../config/koneksi.php"; function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)))); return $filter_sql; } $username = antiinjection($_POST[username]); $pass = antiinjection(md5($_POST[password])); $login = mysql_query("SELECT * FROM admins WHERE username='******' AND password='******' AND blokir='N'"); $ketemu = mysql_num_rows($login); $r = mysql_fetch_array($login); // Apabila username dan password ditemukan if ($ketemu > 0) { session_start(); session_register("namauser"); session_register("namalengkap"); session_register("passuser"); session_register("leveluser"); $_SESSION[namauser] = $r[username]; $_SESSION[namalengkap] = $r[nama_lengkap]; $_SESSION[passuser] = $r[password]; $_SESSION[leveluser] = $r[level]; header('location:media.php?module=home'); } else { echo "<link href=../config/adminstyle.css rel=stylesheet type=text/css>"; echo "<center>LOGIN GAGAL! <br> \n Username atau Password Anda tidak benar.<br>\n Atau account Anda sedang diblokir.<br>"; echo "<a href=index.php><b>ULANGI LAGI</b></a></center>"; }
username : "******", staffid : "991234" } }); </script> <?php require "../config/config.php"; require '../function/antiinjection.php'; if (isset($_POST['input'])) { $nama = antiinjection($_POST['nama']); $jabatan = antiinjection($_POST['jabatan']); $deskripsi = antiinjection($_POST['deskripsi']); $fb = antiinjection($_POST['fb']); $twitter = antiinjection($_POST['twitter']); $google = antiinjection($_POST['google']); $link_in = antiinjection($_POST['link_in']); if (isset($_FILES['foto'])) { $foto = ""; $sumber = $_FILES['foto']['tmp_name']; $tujuan = "../../images/team/" . $_FILES['foto']['name']; $tujuan1 = "/images/team/" . $_FILES['foto']['name']; ////////////////////// $foto = $_FILES['foto']['name']; ////////////////////// move_uploaded_file($sumber, $tujuan); ///////////////////// } $insertquery = "insert into t_team (id_team, nama, jabatan, foto, deskripsi, fb, twitter, google, link_in, tgl) values ('','{$nama}','{$jabatan}','{$foto}','{$deskripsi}','{$fb}','{$twitter}','{$google}','{$link_in}',now())"; $sql = mysql_query($insertquery); if ($sql) { echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong>Successfully Saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t";
<?php include 'inc/koneksi.php'; function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)))); return $filter_sql; } session_start(); //tangkap data dari form login $username = $_POST['username']; $password = md5($_POST['password']); //untuk mencegah sql injection $username = antiinjection($username); $password = antiinjection($password); $loginadmin = mysql_query("select * from admin where username='******' and password='******'"); $q = mysql_fetch_array($loginadmin); if (mysql_num_rows($loginadmin) == 1) { //kalau user dan password sudah terdaftar di database //buat session dengan username dengan isi nama user yang login $_SESSION['username'] = $q['username']; $_SESSION['password'] = $q['password']; $_SESSION['nama'] = $q['nama']; //redirect ke halaman index header('location:admin/index.php'); } else { //kalau username ataupun password tidak terdaftar di database header('location:index.php?error=4'); }
$sql = mysql_query("SELECT * FROM orders_temp WHERE id_session='{$sid}'"); while ($r = mysql_fetch_array($sql)) { $isikeranjang[] = $r; } return $isikeranjang; } $tgl_skrg = date("Ymd"); $jam_skrg = date("H:i:s"); if (!empty($_POST['kode'])) { if ($_POST['kode'] == $_SESSION['captcha_session']) { function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)))); return $filter_sql; } $nama = antiinjection($_POST['nama']); $alamat = antiinjection($_POST['alamat']); $telpon = antiinjection($_POST['telpon']); $email = antiinjection($_POST['email']); $password = md5($_POST['password']); // simpan data kustomer mysql_query("INSERT INTO kustomer(nama_lengkap, password, alamat, telpon, email, id_kota) \n VALUES('{$nama}','{$password}','{$alamat}','{$telpon}','{$email}','{$_POST['kota']}')"); echo "<script>window.alert('Pendaftaran Berhasil, Klok OK untuk melanjtkan')</script>"; echo "<meta http-equiv='refresh' content='0; url=index.php?hal=daftar'>"; } } } ?> </body> </html>
function protect($vA) { $v = antiinjection($vA); $v = mysql_real_escape_string($v); $v = htmlentities($v, ENT_QUOTES); $v = trim($v); return $v; }
<?php include "config/koneksi.php"; include "config/library.php"; $username = antiinjection($_POST['username']); $pass = antiinjection(md5(md5($_POST['password']))); $login = mysql_query("SELECT * FROM users WHERE username='******' AND password='******' AND blokir='N'"); mysql_close(); $ketemu = mysql_num_rows($login); $r = mysql_fetch_array($login); if ($ketemu > 0) { session_start(); $_SESSION['namauser'] = $r['username']; $_SESSION['namalengkap'] = $r['nama_lengkap']; $_SESSION['passuser'] = $r['password']; $_SESSION['leveluser'] = $r['level']; $_SESSION['kode'] = $r['kode']; $_SESSION['nik'] = $r['nik']; header('location:media.php?module=home'); } else { echo "<link href=../config/adminstyle.css rel=stylesheet type=text/css>"; echo "<center>LOGIN GAGAL! <br> \n Username atau Password Anda tidak benar.<br>\n Atau account Anda sedang diblokir.<br>"; echo "<a href=index.php><b>ULANGI LAGI </b></a></center>"; }
echo "<script>window.alert('Nama tidak boleh berupa simbol atau angka');window.location=('javascript:history.go(-1)');</script>"; } elseif (!ereg("[0-9]", "{$_POST['no_telp']}")) { echo "<script>window.alert('Telpon tidak boleh berupa huruf');window.location=('javascript:history.go(-1)');</script>"; } elseif (strlen($kar1) == 0 or strlen($kar2) == 0) { echo "<script>window.alert('Format email tidak valid');window.location=('javascript:history.go(-1)');</script>"; } else { function antiinjection($data) { $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)))); return $filter_sql; } $nama = antiinjection($_POST['username']); $password = antiinjection(md5($_POST['password'])); $nama_lengkap = antiinjection($_POST['nama_lengkap']); $email = antiinjection($_POST['email']); $telp = antiinjection($_POST['no_telp']); if (!empty($_POST['kode'])) { if ($_POST['kode'] == $_SESSION['captcha_session']) { // Mengatasi input komentar tanpa spasi $split_text = explode(" ", $pesan); $split_count = count($split_text); $max = 100; for ($i = 0; $i <= $split_count; $i++) { if (strlen($split_text[$i]) >= $max) { for ($j = 0; $j <= strlen($split_text[$i]); $j++) { $char[$j] = substr($split_text[$i], $j, 1); if ($j % $max == 0 && $j != 0) { $v_text .= $char[$j] . ' '; } else { $v_text .= $char[$j]; }
<?php require "../config/config.php"; require '../function/antiinjection.php'; if (isset($_POST['input'])) { $judul = antiinjection($_POST['judul']); $deskripsi = antiinjection($_POST['deskripsi']); $video = antiinjection($_POST['video']); $kategori = antiinjection($_POST['kategori']); $insertquery = "insert into t_gallery_foto (id_gallery_foto, judul, deskripsi, tgl, kategori, video) values ('','{$judul}','{$deskripsi}',now(),'{$kategori}','{$video}')"; $sql = mysql_query($insertquery); if ($sql) { echo "\n\t\t\t\t<div class='alert alert-success'> \n\t\t\t\t\t<strong>Success!</strong> Successfully Saved\n\t\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t"; } else { echo "\n\t\t\t\t<div class='alert alert-error'> \n\t\t\t\t<strong>Error !</strong> Failed to Save\n\t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button>\n\t\t\t\t</div>\n\t\t\t\t"; } } ?> <script type='text/javascript' src='../assets/js/validationengine/languages/jquery.validationEngine-en.js'></script> <script type='text/javascript' src='../assets/js/validationengine/jquery.validationEngine.js'></script> <script type='text/javascript' src='../assets/js/maskedinput/jquery.maskedinput.min.js'></script> <div class='alert alert-success'> <a href='gallery.php'> <strong>View Gallery Video !</strong> </a> </div> <div class="row-fluid ">
<?php require "../config/config.php"; require '../function/antiinjection.php'; if (isset($_POST['input'])) { //Get the input result, secured by anti sql injection function $username = antiinjection($_POST['username']); $password = antiinjection($_POST['password']); $email = antiinjection($_POST['email']); $nama = antiinjection($_POST['nama']); //Get the data $select = "select username from admin where username like '{$username}'"; $qselect = mysql_query($select); $r = mysql_fetch_array($qselect); //Check mysql query if ($qselect) { $user = $r['username']; //Check available of field, avoid redundancy of data if ($username != $user) { if (isset($_FILES['gambar'])) { $gambar = ""; $sumber = $_FILES['gambar']['tmp_name']; $tujuan = "../../images/admin/" . $_FILES['gambar']['name']; $tujuan1 = "/images/admin/" . $_FILES['gambar']['name']; ////////////////////// $gambar = $_FILES['gambar']['name']; ////////////////////// move_uploaded_file($sumber, $tujuan); ///////////////////// } $insertquery = "insert into admin (id_admin, nama, email, username, password, foto) values ('','{$nama}', '{$email}','{$username}','{$password}','{$gambar}')";