/** * * @param resource $conn * @param string $tabla * @param string $param * @param string $SQLserverNameBack * @return array */ function insertar($conn, $tabla, $param, $SQLserverName) { global $respError; $existeTabla = existeTabla($conn, $tabla, COMPOROBAR_TABLA); if ($existeTabla === FALSE) { // La tabla no existe $crearTablaDIS = crearTablaDIS($conn, $tabla); /* El resultado de la creación de la tabla nos da igual ya que si hay algún error de creación * y el debug está habilitado, se guardará el error en un fichero.*/ } // La tabla existe $resultadoInsert = queryInsert($conn, $tabla, $param, $SQLserverName); /* El resultado del insert nos da igual, ya que si ha sido correcto está todo OK. * Si el resultado es un error, se almacena la query en un fichero de texto, * pero no interrumpimos la ejecución del método.*/ return array(__FUNCTION__ . "Result" => array("resultadoOperacion" => $respError->sinErrores())); }
if ($_POST['judulBerita'] != '' && $_POST['sumber'] != '' && $_POST['link'] != '' && $_POST['isiBerita'] != '') { $user = $_SESSION['user'][3]; $judulBerita = str_replace('"', "''", $_POST['judulBerita']); $editor = $_POST['editor']; $sumber = $_POST['sumber']; $link = $_POST['link']; $isiBerita = str_replace('"', "''", nl2br($_POST['isiBerita'])); $date = date("Y-m-d H:i:s"); echo $user . '<br>'; echo $judulBerita . '<br>'; echo $editor . '<br>'; echo $sumber . '<br>'; echo $link . '<br>'; echo $isiBerita . '<br>'; echo $date . '<br>'; $insert_berita = queryInsert('berita_umum (id_user, judul, isi_berita, editor, sumber, link, tanggal_upload)', $user . ',"' . $judulBerita . '","' . $isiBerita . '","' . $editor . '","' . $sumber . '","' . $link . '","' . $date . '"'); $dataBerita = querySelect('*', 'berita_umum ORDER BY id_berita_umum DESC', null, null); $idberita = $dataBerita[0]['id_berita_umum']; $targetfile = "../../../View/img/Upload/beritaUmum/"; $allowedExts = array("gif", "jpeg", "jpg", "png", "JPG"); $temp = explode(".", $_FILES["uploadgambarberita"]["name"]); $extension = end($temp); if (($_FILES["uploadgambarberita"]["type"] == "image/gif" || $_FILES["uploadgambarberita"]["type"] == "image/jpeg" || $_FILES["uploadgambarberita"]["type"] == "image/jpg" || $_FILES["uploadgambarberita"]["type"] == "image/JPG" || $_FILES["uploadgambarberita"]["type"] == "image/pjpeg" || $_FILES["uploadgambarberita"]["type"] == "image/x-png" || $_FILES["uploadgambarberita"]["type"] == "image/png") && $_FILES["uploadgambarberita"]["size"] < 8000000 && in_array($extension, $allowedExts)) { if ($_FILES["uploadgambarberita"]["error"] > 0) { echo "Return Code: " . $_FILES["uploadgambarberita"]["error"] . "<br>"; } else { $mime = explode("/", $_FILES["uploadgambarberita"]["type"]); $mime = $mime[1]; $imageName = "BeritaUmum_" . $idberita . "." . $mime; move_uploaded_file($_FILES["uploadgambarberita"]["tmp_name"], $targetfile . $imageName); }
echo $password . '<br>'; echo $wilayah . '<br>'; echo $nama_masjid . '<br>'; echo $alamat . '<br>'; echo $email . '<br>'; echo $rt . '<br>'; echo $rw . '<br>'; echo $kecamatan . '<br>'; echo $no_tp . '<br>'; $insert_user = queryInsert('user (username, password, privilege)', '"' . $username . '","' . md5($password) . '",1'); $query = 'SELECT * FROM user WHERE username="******" AND password="******"'; $sql = mysql_query($query); var_dump($sql); if ($sql) { $result = mysql_fetch_assoc($sql); $insert_masjid = queryInsert('masjid (id_user, id_wilayah, validasi, nama_masjid, alamat, rt, rw, kecamatan, no_telepon,email)', $result['id_user'] . ',' . $wilayah . ',' . $validasi . ',"' . $nama_masjid . '","' . $alamat . '","' . $rt . '","' . $rw . '","' . $kecamatan . '","' . $no_tp . '","' . $email . '"'); $selectMasjid = querySelect('*', 'masjid', 'id_user='******'id_user'], null); $id_masjid = $selectMasjid[0]['id_masjid']; var_dump($selectMasjid); $targetfile = "../../../View/img/Upload/fotoProfil/"; $allowedExts = array("gif", "jpeg", "jpg", "png", "JPG"); $temp = explode(".", $_FILES["uploadfoto"]["name"]); $extension = end($temp); if (($_FILES["uploadfoto"]["type"] == "image/gif" || $_FILES["uploadfoto"]["type"] == "image/jpeg" || $_FILES["uploadfoto"]["type"] == "image/jpg" || $_FILES["uploadfoto"]["type"] == "image/JPG" || $_FILES["uploadfoto"]["type"] == "image/pjpeg" || $_FILES["uploadfoto"]["type"] == "image/x-png" || $_FILES["uploadfoto"]["type"] == "image/png") && $_FILES["uploadfoto"]["size"] < 8000000 && in_array($extension, $allowedExts)) { if ($_FILES["uploadfoto"]["error"] > 0) { echo "Return Code: " . $_FILES["uploadfoto"]["error"] . "<br>"; } else { $mime = explode("/", $_FILES["uploadfoto"]["type"]); $mime = $mime[1]; $imageName = $nama_masjid . $id_masjid . "." . $mime; move_uploaded_file($_FILES["uploadfoto"]["tmp_name"], $targetfile . $imageName);
$allowedExts = array("gif", "jpeg", "jpg", "png", "JPG"); for ($i = 0; $i < $nFile; $i++) { $temp = explode(".", $listGaleri[$i]["name"]); $extension = end($temp); if (in_array($listGaleri[$i]['type'], array('image/gif', 'image/jpeg', 'image/jpg', 'image/JPG', 'image/pjpeg', 'image/x-png', 'image/png')) && $listGaleri[$i]["size"] < 2048000 && in_array($extension, $allowedExts)) { if ($listGaleri[$i]["error"] > 0) { echo "Return Code: " . $listGaleri[$i]["error"] . "<br>"; } else { $mime = explode("/", $listGaleri[$i]["type"]); $mime = $mime[1]; $imageName = $nama_masjid . "_" . $id_masjid . "_" . $listGaleri[$i]["name"]; move_uploaded_file($listGaleri[$i]["tmp_name"], $targetfile . $imageName); } try { $finalImg = ImageHandler::getGalleryPicture($imageName); $insertGallery = queryInsert('galeri (id_masjid, alamat_foto)', $id_masjid . ',"' . $finalImg . '"'); echo "sukses upload"; } catch (Exception $ex) { echo $ex; } } } } $updateFotoGaleri = null; if (isset($_POST['judulGaleri'])) { $judulGaleri = $_POST['judulGaleri']; $idGaleri = $_POST['idGaleri']; for ($j = 0; $j < count($judulGaleri); $j++) { $updateFotoGaleri = queryUpdate('galeri', 'judul_foto="' . $judulGaleri[$j] . '"', 'id_foto=' . $idGaleri[$j]); } }
<?php session_start(); require_once '../../connectDB.php'; if ($_GET['judulVideo'] != '' && $_GET['embed'] != '') { $id_masjid = $_GET['id_masjid']; $judulVideo = str_replace('"', "''", $_GET['judulVideo']); $embed = mysql_real_escape_string($_GET['embed']); $str = explode(" ", $embed); echo $str[3] . '<br>'; $str2 = explode("/", $str[3]); echo $str2[4] . '<br>'; $code = str_replace('\\"', '', $str2[4]); echo $code . '<br>'; $videoImg = "<img src=" . mysql_real_escape_string("https://img.youtube.com/vi/" . $code . "/0.jpg") . ">"; echo $videoImg . '<br>'; $date = date("Y-m-d H:i:s"); echo $id_masjid . '<br>'; echo $judulVideo . '<br>'; echo $date . '<br>'; $insert_video = queryInsert('video_informasi_masjid', '"", ' . $id_masjid . ' , ' . ' "' . $_SESSION['user'][1] . '" ,' . ' "' . $judulVideo . '" ,' . ' "' . $embed . '",' . ' "' . $videoImg . '",' . ' "' . $date . '"'); if ($insert_video) { header('location:http://localhost/SIMasjid/view/AdminMasjid/tambahVideoMasjid.php?status=true'); } } else { header('http://localhost/SIMasjid/view/AdminMasjid/tambahVideoMasjid.php?&status=false'); }
$lastname = testvalues($lastname); $password = testvalues($password); $email = testvalues($email); $user = testvalues($user); date_default_timezone_set("UTC"); $date = new DateTime('now'); $date = $date->format('Y-m-d H:i:s'); //determines usertype i.e. whether an admin or a user is being signed up if (isset($_SESSION["usertype"])) { $usertype = "Admin"; } else { $usertype = "User"; } $passEncrypt = hash('ripemd160', $password); $insertuser = "******"; queryInsert($conn, $insertuser); //if it is an admin who added the admin, they are returned to the admin page, otherwise the user is returned to the homepage if (isset($_SESSION["usertype"])) { header('Location: ../admin.php'); } else { header('Location: ../index.php'); } } //checks to make sure email value is unique if (isset($_POST['checkemail'])) { $email = $_POST['email']; $sql = "select Email from users where Email = '{$email}'"; $rs = query($conn, $sql); if ($rs->num_rows > 0) { echo 0; } else {
$isiBerita = str_replace('"', "''", nl2br($_POST['isiBerita'])); $date = date("Y-m-d H:i:s"); echo $wilayahMasjid . '<br>'; echo $id_masjid . '<br>'; echo $judulBerita . '<br>'; echo $isiBerita . '<br>'; echo $date . '<br>'; $_SESSION['user'][1]; if ($_SESSION['user'][2] == 0) { $jenis = "Admin Utama"; } else { $idmsjd = $_SESSION['user'][3]; $nama_masjid = querySelect('*', 'masjid', 'id_user ='******'nama_masjid']; } $insert_berita = queryInsert('berita_masjid (id_masjid, jenis_admin, judul, isi_berita, tanggal_upload)', $id_masjid . ',"' . $jenis . '","' . $judulBerita . '","' . $isiBerita . '","' . $date . '"'); $selectMasjid = querySelect('*', 'masjid', 'id_masjid=' . $id_masjid, null); $nama = $selectMasjid[0]['nama_masjid']; $dataBerita = querySelect('*', 'berita_masjid ORDER BY id_berita_masjid DESC', null, null); $idberita = $dataBerita[0]['id_berita_masjid']; $targetfile = "../../../View/img/Upload/beritaMasjid/"; $allowedExts = array("gif", "jpeg", "jpg", "png", "JPG"); $temp = explode(".", $_FILES["uploadgambarberita"]["name"]); $extension = end($temp); if (($_FILES["uploadgambarberita"]["type"] == "image/gif" || $_FILES["uploadgambarberita"]["type"] == "image/jpeg" || $_FILES["uploadgambarberita"]["type"] == "image/jpg" || $_FILES["uploadgambarberita"]["type"] == "image/JPG" || $_FILES["uploadgambarberita"]["type"] == "image/pjpeg" || $_FILES["uploadgambarberita"]["type"] == "image/x-png" || $_FILES["uploadgambarberita"]["type"] == "image/png") && $_FILES["uploadgambarberita"]["size"] < 8000000 && in_array($extension, $allowedExts)) { if ($_FILES["uploadgambarberita"]["error"] > 0) { echo "Return Code: " . $_FILES["uploadgambarberita"]["error"] . "<br>"; } else { $mime = explode("/", $_FILES["uploadgambarberita"]["type"]); $mime = $mime[1]; $imageName = $nama . "_" . $id_masjid . "_" . $idberita . "." . $mime;
$urlFile = split('http://localhost/SIMasjid/', $temp2); echo 'url =' . $urlFile[1]; unlink("../../../" . $urlFile[1]); queryDelete("file", "id_file=" . $listHapusFile[$i]); } } $deleteKegiatanRutin = queryDelete('kegiatan_rutin', 'id_masjid=' . $id_masjid); if (isset($_POST['kegiatanRutin']) && isset($_POST['hari']) && isset($_POST['jamAwal']) && isset($_POST['jamAkhir'])) { $kegiatanRutin = $_POST['kegiatanRutin']; $hari = $_POST['hari']; $jamAwal = $_POST['jamAwal']; $jamAkhir = $_POST['jamAkhir']; for ($i = 0; $i < count($kegiatanRutin); $i++) { $insertKegiatanRutin = queryInsert('kegiatan_rutin (id_masjid, nama, hari, jam_mulai, jam_selesai)', $id_masjid . ',"' . $kegiatanRutin[$i] . '","' . $hari[$i] . '","' . $jamAwal[$i] . '","' . $jamAkhir[$i] . '"'); } } $deleteAngkot = queryDelete('rute_angkot', 'id_masjid=' . $id_masjid); if (isset($_POST['angkot']) && isset($_POST['jalan'])) { $angkot = $_POST['angkot']; $jalan = $_POST['jalan']; for ($i = 0; $i < count($angkot); $i++) { $insertAngkot = queryInsert('rute_angkot (id_masjid, nama_jalan, id_angkot)', $id_masjid . ',"' . $jalan[$i] . '",' . $angkot[$i] . ''); } } $update_masjid = queryUpdate('masjid', 'id_wilayah=' . $wilayah . ', foto="' . $foto . '", nama_masjid="' . $nama_masjid . '", alamat="' . $alamat . '", rt="' . $rt . '", rw="' . $rw . '", kecamatan="' . $kecamatan . '", no_telepon="' . $no_tp . '", email="' . $email . '", peresmian_bangunan="' . $tanggalPeresmian . '", luas_tanah="' . $luasTanah . '", luas_bangunan="' . $luasBangunan . '", daya_tampung_dalam_masjid="' . $dayaTampungDalam . '", daya_tampung_luar_masjid="' . $dayaTampungLuar . '", deskripsi_masjid="' . $deskripsi . '", keunikan="' . $keunikan . '", latitude="' . $latitude . '", longitude="' . $longitude . '", struktur_organisasi="' . $struktur . '"', 'id_masjid= "' . $id_masjid . '"'); if ($update_masjid) { header('location:http://localhost/SIMasjid/view/AdminUtama/isiAturDataMasjid.php?ubah=true&id_user='******'&id_masjid=' . $id_masjid . '&status=true'); } } else { header('location:http://localhost/SIMasjid/view/AdminUtama/isiAturDataMasjid.php?ubah=true&id_user='******'id_user'] . '&id_masjid=' . $_REQUEST['id_masjid'] . '&status=false'); }
if (isset($_GET['adminutama_tambahvideomusik_submit'])) { if ($_GET['judulVideoMusik'] != '' && $_GET['embedVideoMusik'] != '') { $user = $_SESSION['user'][3]; $judulVideoMusik = str_replace('"', "''", $_GET['judulVideoMusik']); $penyanyi = $_GET['penyanyi']; $embedVideoMusik = mysql_real_escape_string($_GET['embedVideoMusik']); $str = explode(" ", $embedVideoMusik); echo $str[3] . '<br>'; $str2 = explode("/", $str[3]); echo $str2[4] . '<br>'; $code = str_replace('\\"', '', $str2[4]); echo $code . '<br>'; $videoImg = "<img src=" . mysql_real_escape_string("https://img.youtube.com/vi/" . $code . "/0.jpg") . ">"; echo $videoImg . '<br>'; $date = date("Y-m-d H:i:s"); echo $user . '<br>'; echo $judulVideoMusik . '<br>'; echo $penyanyi . '<br>'; echo $embedVideoMusik . '<br>'; echo $date . '<br>'; $insert_video = queryInsert('video_musik', '"", ' . ' "' . $user . '",' . ' "' . $judulVideoMusik . '",' . ' "' . $penyanyi . '",' . ' "' . $embedVideoMusik . '" ,' . ' "' . $videoImg . '",' . ' "' . $date . '"'); if ($insert_video) { header('location:http://localhost/SIMasjid/view/AdminUtama/tambahVideo.php?status=true'); } echo '<br>'; } else { header('location:http://localhost/SIMasjid/view/AdminUtama/tambahVideo.php?&status=false'); } } } }
<?php session_start(); include "../config/connection.php"; include "helperFunctionsDatabase.php"; $username = $_SESSION['username']; //if the user has a lock on a file it is removed if (isset($_SESSION['recordlocked'])) { $id = $_SESSION['recordlocked']; $changelock = "UPDATE files SET `Lock` = '' WHERE FileID = '{$id}'"; queryInsert($conn, $changelock); } //sets LoggedIn value to 0 $logout = "UPDATE users SET LoggedIn = 0 WHERE UserName = '******'"; queryInsert($conn, $logout); //destroys all the session values and session cookie $_SESSION = array(); if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); } session_destroy(); //returns user to homepage header('Location: ../index.php');
unset($_SESSION['loggedintries']); $sqlupdate = "UPDATE users SET LoginAttempts = 5 WHERE UserName = '******'"; //resets loginAttempts to 5 $login = "******"; //updates database to say user is logged in queryInsert($conn, $sqlupdate); queryInsert($conn, $login); $_SESSION['usertype'] = $row['UserType']; //sets session variable for usertype $_SESSION['username'] = $row['UserName']; //sets session variable for username } else { header('Location: ../index.php'); $attemptsleft = --$_SESSION['loggedintries']; $sqlupdate = "UPDATE users SET LoginAttempts = {$attemptsleft} WHERE UserName = '******'"; queryInsert($conn, $sqlupdate); $_SESSION["Login.Error"] = 'Invalid credentials. You have ' . $_SESSION['loggedintries'] . ' log in attempts left'; //redirect back to your login page } //used to check usertpye i.e. user or admin if ($_SESSION['loggedin'] === 1) { if ($_SESSION['usertype'] === 'User') { header('Location: ../application.php'); } else { if ($_SESSION['usertype'] === 'Admin') { header('Location: ../admin.php'); } } } } catch (Exception $e) { echo "Message: " . $e->getMessage();
} } //updates name for notebook $sqlupdate = "UPDATE notebooks SET notebookname = '{$name}', shared = {$isshared} WHERE NotebookID = '{$notebookid}'"; query($conn, $sqlupdate); //removes all current read and write users $sqldelete = "DELETE FROM users_has_notebooks WHERE NoteBookID = '{$notebookid}'"; query($conn, $sqldelete); //adds write users foreach ($userswrite as $user) { $sqladd = "CALL add_shared_notebook('{$user}', '{$notebookid}', 1)"; queryInsert($conn, $sqladd); } //adds read users foreach ($usersread as $user) { $sqladd = "CALL add_shared_notebook('{$user}', '{$notebookid}', 0)"; queryInsert($conn, $sqladd); } echo "success"; } //used to remove a lock from a file if ($_POST['action'] === 'removelock') { $id = $_SESSION['recordlocked']; unlockfile($conn, $id); } //removes a notebook shared with the user if ($_POST['action'] === 'removenotebook') { $id = $_POST['notebookid']; $sqlremove = "DELETE FROM users_has_notebooks WHERE NoteBookID = '{$id}' AND UserName = '******'"; query($conn, $sqlremove); }
} if ($ke == 1) { $nama_ke = "Admin Utama"; } else { $masjid = querySelect('*', 'masjid', 'id_user ='******'nama_masjid']; } echo $dari . '<br>'; echo $ke . '<br>'; echo $nama_dari . '<br>'; echo $nama_ke . '<br>'; echo $judulPesan . '<br>'; echo $isiPesan . '<br>'; echo $date . '<br>'; $insert_pesan = queryInsert('pesan (id_user, ke, nama_dari, nama_ke, judul, isi_pesan,status, tanggal_upload)', $dari . ',' . $ke . ',"' . $nama_dari . '","' . $nama_ke . '","' . $judulPesan . '","' . $isiPesan . '","' . $inbox . '","' . $date . '"'); $balas_pesan = queryInsert('pesan (id_user, ke, nama_dari, nama_ke, judul, isi_pesan,status , tanggal_upload)', $dari . ',' . $ke . ',"' . $nama_dari . '","' . $nama_ke . '","' . $judulPesan . '","' . $isiPesan . '","' . $sent . '","' . $date . '"'); $dataPesan = querySelect('*', 'pesan', 'id_user='******' ORDER BY id_pesan DESC', null); $id_pesan = $dataPesan[0]['id_pesan']; if (isset($_FILES['uploadfile'])) { $files = $_FILES['uploadfile']; $nFile = count($files['name']); $targetDir = '../../../View/img/Upload/filePesan/'; $temp = explode('.', $files['name']); $mime = end($temp); if (in_array($mime, array('pdf', 'zip')) && ($files['size'] >= 30000 && $files['size'] <= 8000000)) { $fileNameOri = $files['name']; $fileName = "FilePesan_" . $nama_dari . "_" . $dari . "_" . $id_pesan . "." . $mime; $finalFile = 'http://localhost/SIMasjid/View/img/Upload/filePesan/' . $fileName; if (move_uploaded_file($files['tmp_name'], $targetDir . $fileName)) { echo 'sukses upload ' . $fileName; } else {