$table->updateBy('id_gallery', $id, $data); header('location:../../admin.php?mod=' . $mod); } } else { header('location:../../404.php'); } } elseif ($mod == 'gallery' and $act == 'editalbum') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); $seotitle = seo_title($title); $data = array('title' => $title, 'seotitle' => $seotitle); $table = new PoTable('album'); $table->updateBy('id_album', $id, $data); header('location:../../admin.php?mod=' . $mod . '&act=album'); } else { header('location:../../404.php'); } } elseif ($mod == 'gallery' and $act == 'activealbum') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $active = $val->validasi($_POST['active'], 'xss'); $data = array('active' => $active); $table = new PoTable('album'); $table->updateBy('id_album', $id, $data); echo "{$active}"; } else { echo "404 Not Found Access"; } } }
header('location:../../404.php'); } } elseif ($mod == 'user' and $act == 'edituserlevel') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); $data = array('level' => $title); $table = new PoTable('user_level'); $table->updateBy('id_level', $id, $data); header('location:../../admin.php?mod=' . $mod . '&act=userlevel'); } else { header('location:../../404.php'); } } elseif ($mod == 'user' and $act == 'edituserrole') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); $level = $val->validasi($_POST['level'], 'xss'); $read_access = $val->validasi($_POST['read_access'], 'xss'); $write_access = $val->validasi($_POST['write_access'], 'xss'); $modify_access = $val->validasi($_POST['modify_access'], 'xss'); $delete_access = $val->validasi($_POST['delete_access'], 'xss'); $data = array('id_level' => $level, 'module' => $title, 'read_access' => $read_access, 'write_access' => $write_access, 'modify_access' => $modify_access, 'delete_access' => $delete_access); $table = new PoTable('user_role'); $table->updateBy('id_role', $id, $data); header('location:../../admin.php?mod=' . $mod . '&act=userrole'); } else { header('location:../../404.php'); } } }
} else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'category' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $title = $val->validasi($_POST['title'], 'xss'); $seotitle = seo_title($title); $table = new PoTable('category'); $table->save(array('title' => $title, 'seotitle' => $seotitle)); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'category' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); $seotitle = seo_title($title); $active = $val->validasi($_POST['active'], 'xss'); $data = array('title' => $title, 'seotitle' => $seotitle, 'active' => $active); $table = new PoTable('category'); $table->updateBy('id_category', $id, $data); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } }
if ($currentRoleAccess->read_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $tablecontact = new PoTable('contact'); $currentContact = $tablecontact->findBy('id_contact', $id); $currentContact = $currentContact->current(); echo "{$currentContact->message_contact}"; } else { echo "404 Not Found Access"; } } elseif ($mod == 'contact' and $act == 'readdata') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $status = "Y"; $data = array('status' => $status); $table = new PoTable('contact'); $table->updateBy('id_contact', $id, $data); } else { echo "404 Not Found Access"; } } elseif ($mod == 'contact' and $act == 'reply') { if ($currentRoleAccess->write_access == "Y") { $name_contact = $val->validasi($_POST['name_contact'], 'xss'); $email_contact = $val->validasi($_POST['email_contact'], 'xss'); $subject_contact = $val->validasi($_POST['subjek_contact'], 'xss'); $message_contact = $val->validasi($_POST['message_contact'], 'xss'); $tableset = new PoTable('setting'); $currentSet = $tableset->findBy(id_setting, '1'); $currentSet = $currentSet->current(); $website_name = $currentSet->website_name; $website_url = $currentSet->website_url; $website_email = $currentSet->website_email;
<?php session_start(); if (empty($_SESSION['namauser']) and empty($_SESSION['passuser'])) { header('location:../../../404.php'); } else { include_once '../../../../po-library/po-database.php'; include_once '../../../../po-library/po-function.php'; $val = new Povalidasi(); $fb_type = $_POST['fbtype']; if ($fb_type == "user") { $oauth_id = $_POST['fbid']; $oauth_user = $_POST['fbusername']; $oauth_token1 = $_POST['fbtoken']; $oauth_fbtype = $_POST['fbtype']; $data = array('oauth_id' => $oauth_id, 'oauth_user' => $oauth_user, 'oauth_token1' => $oauth_token1, 'oauth_fbtype' => $oauth_fbtype); $table = new PoTable('oauth'); $table->updateBy('id_oauth', '1', $data); } else { $oauth_id = $_POST['fbpagesid']; $oauth_user = $_POST['fbpagesname']; $oauth_token1 = $_POST['fbtoken']; $oauth_fbtype = $_POST['fbtype']; $data = array('oauth_id' => $oauth_id, 'oauth_user' => $oauth_user, 'oauth_token1' => $oauth_token1, 'oauth_fbtype' => $oauth_fbtype); $table = new PoTable('oauth'); $table->updateBy('id_oauth', '1', $data); } header('location:../../../admin.php?mod=setting'); }
if ($currentRoleAccess->read_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $tablecomment = new PoTable('comment'); $currentComment = $tablecomment->findBy('id_comment', $id); $currentComment = $currentComment->current(); echo "{$currentComment->comment}"; } else { echo "404 Not Found Access"; } } elseif ($mod == 'comment' and $act == 'readdata') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $status = "Y"; $data = array('status' => $status); $table = new PoTable('comment'); $table->updateBy('id_comment', $id, $data); } else { echo "404 Not Found Access"; } } elseif ($mod == 'comment' and $act == 'setting1') { if ($currentRoleAccess->modify_access == "Y") { $dbhostsql = DATABASE_HOST; $dbusersql = DATABASE_USER; $dbpasswordsql = DATABASE_PASS; $dbnamesql = DATABASE_NAME; $connection = mysqli_connect($dbhostsql, $dbusersql, $dbpasswordsql, $dbnamesql) or die(mysqli_connect_error()); //mysqli_select_db($dbnamesql, $connection) or die(mysqli_error()); mysqli_query("ALTER TABLE comment ALTER COLUMN active SET DEFAULT 'Y'"); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php');
$ibu = $_POST['ibu']; $p_ibu = $_POST['p_ibu']; $pass = $_POST['pass']; $table->save(array('id_siswa' => '', 'nis' => $nis, 'nama' => $nama_siswa, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'tlp' => $tlp, 'ayah' => $ayah, 'p_ayah' => $p_ayah, 'ibu' => $ibu, 'p_ibu' => $p_ibu, 'pass' => $pass)); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'siswa' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id_siswa'], 'sql'); $nis = $_POST['nis']; $nama_siswa = $_POST['nama']; $jk = $_POST['jk']; $alamat = $_POST['alamat']; $idk = $_POST['idk']; $tlp = $_POST['tlp']; $ayah = $_POST['ayah']; $p_ayah = $_POST['p_ayah']; $ibu = $_POST['ibu']; $p_ibu = $_POST['p_ibu']; $pass = $_POST['pass']; $data = array('id_siswa' => $id, 'nis' => $nis, 'nama' => $nama_siswa, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'tlp' => $tlp, 'ayah' => $ayah, 'p_ayah' => $p_ayah, 'ibu' => $ibu, 'p_ibu' => $p_ibu, 'pass' => $pass); $table = new PoTable('siswa'); $table->updateBy('id_siswa', $id, $data); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } }
} } elseif ($mod == 'theme' and $act == 'active') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $active = $val->validasi($_POST['active'], 'xss'); $tableS = new PoTable('theme'); $currentSearch = $tableS->findBy(active, 'Y'); $currentSearch = $currentSearch->current(); $id_theme = $currentSearch->id_theme; $actives = 'N'; $datas = array('active' => $actives); $table = new PoTable('theme'); $table->updateBy('id_theme', $id_theme, $datas); $data = array('active' => $active); $table = new PoTable('theme'); $table->updateBy('id_theme', $id, $data); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'theme' and $act == 'edit') { if ($currentRoleAccess->modify_access == "Y") { $folder = $val->validasi($_POST['folder'], 'xss'); $valid = $val->validasi($_POST['file'], 'xss'); $filename = "../../../po-content/{$folder}/{$valid}"; if (file_exists("{$filename}")) { $data = $_POST['code_content']; $data = str_replace("textareapopojicms", "textarea", $data); $newdata = stripslashes($data); if ($newdata != '') { $fw = fopen($filename, 'w') or die('Could not open file!');
$picture = ''; $data = array('picture' => $picture); $table = new PoTable('kelas'); $table->updateBy('id_kelas', $id, $data); } else { echo "404 Not Found Access"; } } elseif ($mod == 'kelas' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $kelas = $val->validasi($_POST['kelas'], 'xss'); $table = new PoTable('kelas'); $nama_kelas = $_POST['nama']; $table->save(array('id_kelas' => '', 'nama' => $nama_kelas, 'kelas' => $kelas)); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'kelas' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $kelas = $val->validasi($_POST['kelas'], 'xss'); $nama = $val->validasi($_POST['nama'], 'xss'); $data = array('id_kelas' => $id, 'nama' => $nama, 'kelas' => $kelas); $table = new PoTable('kelas'); $table->updateBy('id_kelas', $id, $data); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } }
} } else { header('location:../../404.php'); } } elseif ($mod == 'absen' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $idk = $val->validasi($_POST['idk'], 'xss'); $jam = $val->validasi($_POST['jam'], 'xss'); $_SESSION['idk'] = $idk; $_SESSION['jam'] = $jam; echo $_SESSION['idk'] . "<br>"; echo $_SESSION['jam'] . "<br>"; header('location:../../admin.php?mod=' . $mod . '&act=addnew'); } else { header('location:../../404.php'); } } elseif ($mod == 'absen' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); $seotitle = seo_title($title); $active = $val->validasi($_POST['active'], 'xss'); $data = array('title' => $title, 'seotitle' => $seotitle, 'active' => $active); $table = new PoTable('absen'); $table->updateBy('id_absen', $id, $data); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } }
$website_url = $currentSet->website_url; $website_email = $currentSet->website_email; $tablesubs = new PoTable('subscribe'); $subs = $tablesubs->findAll(id_subscribe, ASC); foreach ($subs as $sub) { $emailto = $sub->email; $to = "{$emailto}"; $from = "{$website_name} <{$website_email}>"; $subject = "News Update - {$titlesub}"; $message = "<html>\n\t\t\t\t\t\t<body>\n\t\t\t\t\t\t\tHi {$sub->email}<br />\n\t\t\t\t\t\t\tWe have the latest updates for you!<br />\n\t\t\t\t\t\t\tPlease click on the link below to begin reading :<br />\n\t\t\t\t\t\t\t<a href='{$website_url}/detailpost/{$seotitlesub}'>{$titlesub}</a><br /><br />\n\t\t\t\t\t\t\tThank you for subscribing,<br />\n\t\t\t\t\t\t\t{$website_name}\n\t\t\t\t\t\t</body>\n\t\t\t\t\t</html>"; $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n"; $headers .= "From: " . $from . "\r\n"; mail($to, $subject, $message, $headers); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'post' and $act == 'setheadline') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $headline = $val->validasi($_POST['headline'], 'xss'); $data = array('headline' => $headline); $table = new PoTable('post'); $table->updateBy('id_post', $id, $data); } else { echo "404 Not Found Access"; } } }
function anti_injection($data) { $filter = stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))); return $filter; } $emailforgot = anti_injection($_POST['email']); if (!preg_match("/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}\$/", $emailforgot)) { header('location:404.php'); } else { $table = new PoTable('users'); $currentUser = $table->findBy(email, $emailforgot); $currentUser = $currentUser->current(); if ($currentUser > 0) { $forgotkey = md5(microtime() . $_SERVER['REMOTE_ADDR'] . '#$&^%$#' . mt_rand()); $data = array('forget_key' => $forgotkey); $table->updateBy('email', $emailforgot, $data); $tableset = new PoTable('setting'); $currentSet = $tableset->findBy(id_setting, '1'); $currentSet = $currentSet->current(); $website_name = $currentSet->website_name; $website_url = $currentSet->website_url; $website_email = $currentSet->website_email; $username = $currentUser->username; $nama_lengkap = $currentUser->nama_lengkap; $to = "{$nama_lengkap} <{$emailforgot}>"; $from = "{$website_name} <{$website_email}>"; $subject = "Forgot Password For {$website_name}"; $message = "<html>\r\n\t\t\t\t<body>\r\n\t\t\t\t\tIndonesia :<br />\r\n\t\t\t\t\t-----------<br />\r\n\t\t\t\t\tHi {$nama_lengkap},<br />\r\n\t\t\t\t\tJika anda tidak pernah meminta pesan informasi tentang lupa password di {$website_name}, silahkan untuk menghiraukan email ini.<br />\r\n\t\t\t\t\tTetapi jika anda memang yang meminta pesan informasi ini, maka silahkan untuk mengklik tautan (link) di bawah ini :<br /><br />\r\n\t\t\t\t\t<a href=\"{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}\" title=\"Recover Password\">{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}</a><br /><br />\r\n\t\t\t\t\tKemudian secara otomatis setelah anda mengklik tautan (link) di atas, password anda akan diganti menjadi password default yaitu : <b>123456</b>.<br />\r\n\t\t\t\t\tSilahkan untuk login dengan password tersebut kemudian ganti password default ini dengan password yang lebih aman.<br /><br />\r\n\t\t\t\t\tSalam hangat,<br />\r\n\t\t\t\t\t{$website_name}.<br /><br /><br />\r\n\t\t\t\t\tEnglish :<br />\r\n\t\t\t\t\t-----------<br />\r\n\t\t\t\t\tHi {$nama_lengkap},<br />\r\n\t\t\t\t\tIf you have never requested message information about forgotten password in {$website_name}, please to ignore this email.<br />\r\n\t\t\t\t\tBut if you really are asking for messages of this information, then please to click on a link below :<br /><br />\r\n\t\t\t\t\t<a href=\"{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}\" title=\"Recover Password\">{$website_url}/po-admin/recover.php?forgetuser={$username}&forgetkey={$forgotkey}</a><br /><br />\r\n\t\t\t\t\tThen automatically after you click a link above, your password will be changed to the default password is : <b>123456</b>.<br />\r\n\t\t\t\t\tPlease to log in with the password and then change the default password to a more secure password.<br /><br />\r\n\t\t\t\t\tWarm regards,<br />\r\n\t\t\t\t\t{$website_name}.\r\n\t\t\t\t</body>\r\n\t\t\t</html>"; $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n"; $headers .= "From: " . $from . "\r\n";
} } elseif ($mod == 'pages' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); if ($_POST['seotitle'] != "") { $seotitle = $_POST['seotitle']; } else { $seotitle = seo_title($title); } $data = $_POST['content']; $data = stripslashes($data); $eutf = htmlspecialchars($data, ENT_QUOTES); $active = $val->validasi($_POST['active'], 'xss'); if (!empty($_POST['picture'])) { $picture = $_POST['picture']; $data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'picture' => $picture, 'active' => $active); $table = new PoTable('pages'); $table->updateBy('id_pages', $id, $data); header('location:../../admin.php?mod=' . $mod); } else { $data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'active' => $active); $table = new PoTable('pages'); $table->updateBy('id_pages', $id, $data); header('location:../../admin.php?mod=' . $mod); } } else { header('location:../../404.php'); } } }
$nama_guru = $_POST['nama']; $jk = $_POST['jk']; $alamat = $_POST['alamat']; $idk = $_POST['idk']; $pass = $_POST['pass']; $table->save(array('id_guru' => '', 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass)); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'guru' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id_guru'], 'sql'); $nip = $_POST['nip']; $nama_guru = $_POST['nama']; $jk = $_POST['jk']; $alamat = $_POST['alamat']; $idk = $_POST['idk']; $pass = $_POST['pass']; $data = array('id_guru' => $id, 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass); $table = new PoTable('guru'); $table->updateBy('id_guru', $id, $data); header('location:../../admin.php?mod=' . $mod); // echo $id." ".$nip." ".$nama_guru; } else { echo "gagal"; } } else { header('location:../../404.php'); } }
$data = stripslashes($data); $eutf = htmlspecialchars($data, ENT_QUOTES); $color = $val->validasi($_POST['color'], 'xss'); $active = $val->validasi($_POST['active'], 'xss'); $data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'color' => $color, 'active' => $active); $table = new PoTable('event'); $table->updateBy('id_event', $id, $data); header('location:../../admin.php?mod=' . $mod); } elseif ($mod == 'event' and $act == 'updatedrag') { $id = $val->validasi($_POST['id'], 'sql'); $start = $val->validasi($_POST['start'], 'xss'); $end = $val->validasi($_POST['end'], 'xss'); $allday = 'true'; $data = array('startevt' => $start, 'endevt' => $end, 'allday' => $allday); $table = new PoTable('event'); $table->updateBy('id_event', $id, $data); header('location:../../admin.php?mod=' . $mod); } elseif ($mod == 'event' and $act == 'uploadgroupevent') { $filename = $_FILES['eventfile']['tmp_name']; $color = $val->validasi($_POST['color'], 'xss'); /* * Upload facebook group event */ for ($i = 1; $i <= 12; $i++) { /* * Get event month * Locale : EN */ $monthlong[$i] = date("F", mktime(0, 0, 0, $i + 1, 0, 0, 0)); $monthshort[$i] = date("M", mktime(0, 0, 0, $i + 1, 0, 0, 0)); }
echo $currentUser->locktype; } elseif ($mod == 'login' and $act == 'proclogin') { $username = anti_injection($_POST['username']); $pass = anti_injection(md5($_POST['password'])); if (!ctype_alnum($username) or !ctype_alnum($pass)) { header('location:index.php?errormsg=1'); } else { $table = new PoTable('users'); $currentUser = $table->findByLogin(username, $username, password, $pass, blokir, "N"); $currentUser = $currentUser->current(); if ($currentUser > 0) { session_start(); include_once "timeout.php"; $_SESSION['iduser'] = $currentUser->id_user; $_SESSION['namauser'] = $currentUser->username; $_SESSION['namalengkap'] = $currentUser->nama_lengkap; $_SESSION['passuser'] = $currentUser->password; $_SESSION['leveluser'] = $currentUser->level; $_SESSION['login'] = 1; timer(); $sid_lama = session_id(); session_regenerate_id(); $sid_baru = session_id(); $sesi = array('id_session' => $sid_baru); $table->updateBy('username', $username, $sesi); header('location:admin.php?mod=home'); } else { header('location:index.php?errormsg=2'); } } }