<?php
// useronline.php
if (defined('MAIN_INIT')) {
// บอกว่ายังไม่มีคนเปลี่ยนแปลงไว้ก่อน
$validtime = $mmktime - COUNTER_GAP;
// แอเรย์เก็บ id ที่ต้องการลบ
$session_id = session_id();
$login = gcms::getVars($_SESSION, 'login', array('id' => 0, 'status' => -1, 'displayname' => '', 'email' => '', 'password' => ''));
// ลบคนที่หมดเวลาและตัวเอง
$db->query("DELETE FROM `" . DB_USERONLINE . "` WHERE `time`<{$validtime} OR `session`='{$session_id}'");
// เพิ่มตัวเอง
$save = array();
$save['member_id'] = (int) $login['id'];
$save['displayname'] = trim(gcms::cutstring(empty($login['displayname']) ? $login['email'] : $login['displayname'], 10));
$save['time'] = $mmktime;
$save['session'] = $session_id;
$db->add(DB_USERONLINE, $save);
}
$error = false;
$tab = false;
// details
$details = array();
$alias_topic = '';
foreach ($config['languages'] as $value) {
$topic = $db->sql_trim_str($_POST, "write_topic_{$value}");
$alias = gcms::aliasName($_POST["write_topic_{$value}"]);
$relate = $db->sql_trim($_POST, "write_relate_{$value}");
$keywords = gcms::getTags($_POST["write_keywords_{$value}"]);
$description = $db->sql_trim($_POST, "write_description_{$value}");
if ($topic != '') {
$save = array();
$save['topic'] = $topic;
$save['keywords'] = $db->sql_clean(gcms::cutstring(preg_replace('/[\'\\"\\r\\n\\s]{1,}/isu', ' ', $keywords == '' ? gcms::getTags($_POST["write_topic_{$value}"]) : $keywords), 255));
$save['description'] = gcms::cutstring(gcms::html2txt($description == '' ? $_POST["write_detail_{$value}"] : $description), 255);
$save['detail'] = gcms::ckDetail($_POST["write_detail_{$value}"]);
$save['language'] = $value;
$save['relate'] = $relate == '' ? $save['keywords'] : $relate;
$details[$value] = $save;
$alias_topic = $alias_topic == '' ? $alias : $alias_topic;
}
}
$save = array();
$save['alias'] = gcms::aliasName($_POST['write_alias']);
// id ที่แก้ไข
$id = gcms::getVars($_POST, 'write_id', 0);
$module_id = gcms::getVars($_POST, 'module_id', 0);
if ($id > 0) {
// ตรวจสอบโมดูล หรือ เรื่องที่เลือก (แก้ไข)
$sql = "SELECT I.`id`,I.`module_id`,M.`module`,M.`config`,I.`picture`,I.`member_id`";
$id = $item['id'];
$tr = '<tr id=M_' . $id . '>';
$tr .= '<th headers=c0 id=r' . $id . ' class=topic scope=row><a href="../index.php?module=' . $index['module'] . '&id=' . $id . '" title="{LNG_PREVIEW}" target=_blank>' . $item['topic'] . '</a></th>';
$tr .= '<td headers="r' . $id . ' c1" class=check-column><a id=check_' . $id . ' class=icon-uncheck></a></td>';
if (!empty($index['img_typies']) && is_file(DATA_PATH . "document/{$item['picture']}")) {
$tr .= '<td headers="r' . $id . ' c2" class="menu mobile"><img src="' . DATA_URL . 'document/' . $item['picture'] . '" title="' . $lng['LNG_THUMBNAILS'][1] . '" width=22 height=22 alt=thumbnail>';
} else {
$tr .= '<td headers="r' . $id . ' c2" class="menu mobile"><span class=icon-thumbnail title="' . $lng['LNG_THUMBNAILS'][0] . '"></span>';
}
$tr .= '<td headers="r' . $id . ' c2" class="menu mobile"><span class="icon-reply reply' . $item['can_reply'] . '" title="' . $lng['LNG_CAN_REPLIES'][$item['can_reply']] . '"></span></td>';
$tr .= '<td headers="r' . $id . ' c2" class="menu mobile"><span class="icon-published' . $item['published'] . '" title="' . $lng['LNG_PUBLISHEDS'][$item['published']] . '"></span></td>';
$tr .= '<td headers="r' . $id . ' c2" class="menu mobile"><span class="icon-widgets reply' . (preg_match('/news=1/', $item['show_news']) ? 1 : 0) . '"></span></td>';
$tr .= '<td headers="r' . $id . ' c5" class=mobile>';
if (isset($categories[$item['category_id']])) {
$category = $categories[$item['category_id']];
$tr .= '<a href="{URLQUERY?cat=' . $item['category_id'] . '}" title="{LNG_SELECT_ITEM}">' . gcms::cutstring($category, 10) . '</a>';
}
$tr .= '</td>';
$tr .= '<td headers="r' . $id . ' c6" class="username tablet"><a href="index.php?module=editprofile&id=' . $item['member_id'] . '" class=status' . $item['status'] . ' title="{LNG_MEMBER_PROFILE}">' . $item['sender'] . '</a></td>';
$tr .= '<td headers="r' . $id . ' c7" class="date tablet">' . gcms::mktime2date($item['create_date'], 'd M Y H:i') . '</td>';
$tr .= '<td headers="r' . $id . ' c8" class="date tablet">' . gcms::mktime2date($item['last_update'], 'd M Y H:i') . '</td>';
$tr .= '<td headers="r' . $id . ' c9" class="visited tablet">' . $item['visited'] . '</td>';
$tr .= '<td headers="r' . $id . ' c10" class=menu><a href="{URLQUERY?module=document-write&src=document-setup&spage=' . $page . '&qid=' . $item['id'] . '}" title="{LNG_EDIT}" class=icon-edit></a></td>';
$tr .= '</tr>';
$content[] = $tr;
}
}
$content[] = '</tbody>';
$content[] = '<tfoot>';
$content[] = '<tr>';
$content[] = '<td headers=c0> </td>';
}
foreach ($words as $a => $word) {
if (mb_stripos($item['topic'], $word) !== false) {
$v = $v + (90 - $a);
}
if (mb_stripos($item['detail'], $word) !== false) {
$v = $v + (85 - $a);
}
}
$search_result[$i]['id'] = $item['id'];
$search_result[$i]['category_id'] = gcms::getVars($item, 'category_id', 0);
$search_result[$i]['topic'] = $item['topic'];
$search_result[$i]['alias'] = $item['alias'];
$search_result[$i]['index'] = $item['index'];
if ($item['description'] == '') {
$search_result[$i]['detail'] = gcms::cutstring(gcms::html2txt($item['detail']), 149);
} else {
$search_result[$i]['detail'] = $item['description'];
}
$search_result[$i]['module'] = $item['module'];
$search_result[$i]['owner'] = $item['owner'];
$search_result[$i]['value'] = $v * ($item['level'] + $item['index']);
}
if (sizeof($search_result) > 0) {
// เรียงลำดับผลลัพท์ตาม score
gcms::sortby($search_result, 'value', false);
// จัดรูปแบบข้อความ
$searchitem = gcms::loadtemplate('search', 'search', 'searchitem');
$match = array('/{URL}/', '/{TOPIC}/', '/{DETAIL}/', '/{LINK}/');
foreach ($search_result as $item) {
unset($data);
$id = $db->add(DB_DOWNLOAD, $save);
$ret['action'] = 'new';
} else {
// แก้ไข
$db->edit(DB_DOWNLOAD, $id, $save);
$ret['action'] = 'edit';
}
// id
$ret['id'] = $id;
// รายการที่ส่งกลับ
$tr = '<tr id="M_' . $id . '">';
$tr .= '<th headers="c0" id="r' . $id . '" scope="row"><a id="edit-' . $id . '" href="' . WEB_URL . '/admin/index.php?module=download-setup" title="' . $lng['LNG_EDIT'] . '">' . $save['name'] . '.' . $save['ext'] . '</a></th>';
$tr .= '<td headers="r' . $id . ' c0" class="menu"><img src="' . $icon . '" alt="thumbnail" width="16" height="16"></td>';
$tr .= '<td headers="r' . $id . ' c1" class="check-column"><a id="check_' . $id . '" class="uncheck"></a></td>';
$tr .= '<td headers="r' . $id . ' c2" class="no">{WIDGET_DOWNLOAD_' . $id . '}</td>';
$tr .= '<td headers="r' . $id . ' c3">' . gcms::cutstring($save['description'], 50) . '</td>';
$tr .= '<td headers="r' . $id . ' c4" class="size">' . gcms::formatFileSize($save['size']) . '</td>';
$tr .= '<td headers="r' . $id . ' c5" class="date">' . gcms::mktime2date($save['last_update']) . '</td>';
$tr .= '<td headers="r' . $id . ' c6" class="visited">' . $save['count'] . '</td>';
$icon = "modules/download/icons/{$save['ext']}.png";
$icon = WEB_URL . (is_file(ROOT_PATH . $icon) ? "/{$icon}" : "/modules/download/icons/file.png");
$tr .= '<td headers="r' . $id . ' c7" class="menu">';
$tr .= '<a href="' . WEB_URL . '/modules/download/admin_download.php?file=' . $save['file'] . '&size=' . $save['size'] . '" target="_blank" title="' . $lng['LNG_CLICK_TO'] . ' ' . $lng['LNG_DOWNLOAD'] . '"><img src="' . $icon . '" alt="' . $save['ext'] . '" width="16" height="16"></a>';
$tr .= '</td>';
$tr .= '</tr>';
$ret['content'] = rawurlencode($tr);
}
}
}
// คืนค่าเป็น JSON
echo gcms::array2json($ret);
// modules/event/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ สมาชิก
if (gcms::isReferer() && gcms::canConfig($config, 'event_can_write')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$save['topic'] = gcms::getTags($_POST['write_topic']);
$keywords = gcms::getTags($_POST['write_keywords']);
$save['keywords'] = $db->sql_clean(gcms::cutstring(preg_replace('/[\'\\"\\r\\n\\s]{1,}/isu', ' ', $keywords == '' ? $save['topic'] : $keywords), 149));
$description = trim(gcms::getVars($_POST, 'write_description', ''));
$save['description'] = $db->sql_trim_str(gcms::cutstring(gcms::html2txt($description == '' ? $_POST['write_detail'] : $description), 149));
$save['detail'] = gcms::ckDetail($_POST['write_detail']);
$save['published_date'] = $db->sql_trim_str($_POST, 'write_published_date');
$save['published'] = $_POST['write_published'] == '1' ? '1' : '0';
$save['begin_date'] = "{$_POST['write_d']} {$_POST['write_h']}:{$_POST['write_m']}:00";
$save['color'] = $db->sql_trim_str($_POST, 'write_color');
$id = gcms::getVars($_POST, 'write_id', 0);
if ($id > 0) {
// ตรวจสอบโมดูล หรือ เรื่องที่เลือก (แก้ไข)
$sql = "SELECT I.`module_id`,M.`module`";
$sql .= " FROM `" . DB_EVENTCALENDAR . "` AS I";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`owner`='event' AND M.`id`=I.`module_id`";
$sql .= " WHERE I.`id`='{$id}'";
$sql .= " LIMIT 1";
} else {
// ตรวจสอบโมดูล (ใหม่)
<?php
// modules/gallery/feed.php
if (isset($modules)) {
// ค่าที่ีส่งมา
$aid = gcms::getVars($_GET, 'album', 0);
// query
$sql = "SELECT C.`id`,C.`topic`,C.`detail`,C.`last_update`,G.`image` FROM `" . DB_GALLERY . "` AS G";
$sql .= " INNER JOIN `" . DB_GALLERY_ALBUM . "` AS C ON C.`module_id`='{$modules['id']}' AND C.`id`=G.`album_id`";
$sql .= " WHERE G.`module_id`='{$modules['id']}'";
if ($aid == -1) {
$sql .= " AND G.`count`='0'";
} elseif ($aid > 0) {
$sql .= " AND G.`album_id`={$aid}";
}
$sql .= ' ORDER BY ' . (isset($_GET['rnd']) ? 'RAND()' : 'G.`id` DESC');
$sql .= " LIMIT {$count}";
foreach ($db->customQuery($sql) as $item) {
$link = gcms::getURL($modules['module'], '', 0, 0, "id={$item['id']}");
echo '<item>';
echo '<title>' . $item['topic'] . '</title>';
echo '<link>' . $link . '</link>';
echo '<description><![CDATA[' . gcms::cutstring(gcms::html2txt($item['detail']), 50) . ']]></description>';
echo '<enclosure url="' . urldecode(DATA_URL . "gallery/{$item['id']}/thumb_{$item['image']}") . '" type="image/jpeg"></enclosure>';
echo '<guid isPermaLink="true">' . $link . '</guid>';
echo '<pubDate>' . date("D, d M Y H:M", $item['last_update']) . ':00 +0700</pubDate>';
echo '</item>';
}
}
$sql .= " ORDER BY " . $orders[$order][1];
$sql .= " LIMIT {$start}, {$list_per_page}";
foreach ($db->customQuery($sql) as $item) {
$id = $item['id'];
$tr = '<tr id=L_' . $id . '>';
$tr .= '<th headers=c0 id=r' . $id . ' scope=row class=topic>' . $item['key'] . '</th>';
foreach ($install_languages as $k) {
if ($item[$k] == '') {
$t = '';
} elseif ($item['type'] == 'array') {
$datas = unserialize($item[$k]);
$t = implode(', ', $datas);
} else {
$t = strip_tags(str_replace(array("\r", "\n"), array('', ' '), $item[$k]));
}
$tr .= '<td headers="r' . $id . ' c' . $k . '" class="' . ($k == LANGUAGE ? 'mobile' : 'tablet') . '" title="' . gcms::detail2TXT($t) . '">' . gcms::detail2TXT(gcms::cutstring($t, 50)) . '</td>';
}
$tr .= '<td headers="r' . $id . ' c1" class="center tablet">' . $item['owner'] . '</td>';
$tr .= '<td headers="r' . $id . ' c2" class="center tablet">' . $item['type'] . '</td>';
$tr .= '<td headers="r' . $id . ' c3" class=menu><a class=icon-edit href="{URLQUERY?src=language&module=languageedit&id=' . $id . '&spage=' . $page . '}" title="{LNG_EDIT}"></a></td>';
$tr .= '<td headers="r' . $id . ' c3" class=menu><a class=icon-delete id=delete_language_' . $id . ' title="{LNG_DELETE}"></a></td>';
$tr .= '</tr>';
$content[] = $tr;
}
$content[] = '</tbody>';
$content[] = '</table>';
// แบ่งหน้า
$url = '<a href="{URLQUERY?module=language&page=%d}" title="{LNG_DISPLAY_PAGE} %d">%d</a>';
$content[] = '<div class=splitpage>' . gcms::pagination($totalpage, $page, $url) . '</div>';
$content[] = '<div class=table_nav>';
// เพิ่มข้อความ
} elseif (preg_match('/^(https?:\\/\\/(www.)?google[\\.a-z]+\\/url\\?).*&url=(.*)($|\\&.*)/iU', $item['referer'], $match) && $match[3] != '') {
// จาก google cached
$a = rawurldecode(rawurldecode($match[3]));
$text = gcms::cutstring($match[1] . 'url=' . htmlspecialchars($a), 170);
$name = '<a href="' . $a . '" target=_blank>' . $text . '</a>';
$graphs['Google Cached'] += $item['total'];
} elseif ($item['referer'] == '') {
$name = ' ';
$graphs['Direct'] += $item['total'];
} elseif (preg_match('/' . preg_quote(WEB_URL, '/') . '/', $item['referer'], $match)) {
$graphs['Inbound'] += $item['total'];
$text = gcms::cutstring(htmlspecialchars(rawurldecode(rawurldecode($item['referer']))), 170);
$name = '<a href="' . htmlspecialchars($item['referer']) . '" target=_blank>' . $text . '</a>';
} else {
$graphs['other'] += $item['total'];
$text = gcms::cutstring(htmlspecialchars(rawurldecode(rawurldecode($item['referer']))), 170);
$name = '<a href="' . htmlspecialchars($item['referer']) . '" target=_blank>' . $text . '</a>';
}
$bg = $bg == 'bg1' ? 'bg2' : 'bg1';
$row = '<tr class=' . $bg . '><td class="center mobile">' . $i . '</td>';
if ($ip == '') {
$row .= '<td><a href="index.php?module=report&date=' . $date . '&ip=' . $item['ip'] . '">' . $item['ip'] . '</a></td><td class="center tablet">' . $item['total'] . '</td>';
} else {
$row .= '<td>' . $item['time'] . '</td>';
}
$row .= '<td>' . $name . '</td></tr>';
$list[] = $row;
}
// รวม bot
foreach ($agents as $a => $b) {
$total = $total + $b;
$content[] = '</thead>';
$content[] = '<tbody>';
// เรียกสมาชิกทั้งหมด
$sql = "SELECT * FROM `" . DB_PERSONNEL . "`";
$sql .= " {$where} ORDER BY `order` ASC,`id` ASC";
$sql .= " LIMIT {$start}, {$list_per_page}";
foreach ($db->customQuery($sql) as $item) {
$id = $item['id'];
$tr = '<tr id=L_' . $id . '>';
$tr .= '<th headers=c0 id=r' . $id . ' scope=row class=topic>' . $item['name'] . '</th>';
$icon = is_file(DATA_PATH . "personnel/{$item['picture']}") ? DATA_URL . "personnel/{$item['picture']}" : WEB_URL . '/modules/personnel/img/noicon.jpg';
$tr .= '<td headers="r' . $id . ' c0" class=thumb><img src=' . $icon . ' alt=personnel></td>';
$tr .= '<td headers="r' . $id . '" class=check-column><a id=check_' . $id . ' class=icon-uncheck></a></td>';
$tr .= '<td headers="r' . $id . ' c2"><a href="{URLQUERY?cat=' . $item['category_id'] . '}">' . $categories[$item['category_id']] . '</a></td>';
$tr .= '<td headers="r' . $id . ' c3" class="center tablet"><label><input type=text size=5 id=order_' . $id . ' value="' . $item['order'] . '"></label></td>';
$tr .= '<td headers="r' . $id . ' c4" class="email mobile"><a href="{URLQUERY?module=sendmail&src=personnel-setup&spage=' . $page . '&mail=' . $item['email'] . '}" title="{LNG_EMAIL_SEND} {LNG_TO} ' . $item['email'] . '">' . gcms::cutstring($item['email'], 20) . '</a></td>';
$tr .= '<td headers="r' . $id . ' c5" class=mobile>' . $item['position'] . '</td>';
$tr .= '<td headers="r' . $id . ' c6" class="center mobile">' . $item['phone'] . '</td>';
$tr .= '<td headers="r' . $id . ' c7" class=menu><a title="{LNG_EDIT}" href="{URLQUERY?module=personnel-write&src=personnel-setup&spage=' . $page . '&id=' . $id . '}" class=icon-edit></a></td>';
$tr .= '</tr>';
$content[] = $tr;
}
$content[] = '</tbody>';
$content[] = '<tfoot>';
$content[] = '<tr>';
$content[] = '<td headers=c0 colspan=2> </td>';
$content[] = '<td headers=c1 class=check-column><a class="checkall icon-uncheck"></a></td>';
$content[] = '<td headers=c2 colspan=6> </td>';
$content[] = '</tr>';
$content[] = '</tfoot>';
$content[] = '</table>';
$replace[] = gcms::mktime2date($index['create_date']);
$replace[] = date(DATE_ISO8601, $index['create_date']);
$replace[] = number_format($index['visited']);
$replace[] = number_format($index['comments']);
$replace[] = !$canReply || $index['locked'] == 1 ? '' : gcms::loadtemplate($index['module'], 'board', 'reply');
$replace[] = $isMember ? '' : '$1';
$replace[] = $index['img_upload_type'] == '' ? '' : '$1';
$replace[] = $login['password'];
$replace[] = $login['email'];
$replace[] = $register_antispamchar;
$replace[] = $isAdmin ? $_SESSION[$register_antispamchar] : '';
$replace[] = $index['id'];
$replace[] = $moderator ? '{LNG_DELETE}' : '{LNG_SEND_DELETE}';
$content = gcms::pregReplace($patt, $replace, gcms::loadtemplate($index['module'], 'board', 'view'));
// ตัวแปรหลังจากแสดงผลแล้ว
$custom_patt['/{MODULE}/'] = $index['module'];
$custom_patt['/{MODULEID}/'] = $index['module_id'];
$custom_patt['/{SIZE}/'] = $index['img_upload_size'];
$custom_patt['/{TYPE}/'] = $index['img_upload_type'];
// title,keywords,description
$title = $index['topic'];
$keywords = $index['topic'];
$description = gcms::cutstring(strip_tags(preg_replace('/[\\r\\n\\{\\}]+/', ' ', $detail)), 149);
} else {
$title = $lng['LNG_NOT_LOGIN'];
$content = '<div class=error>' . $title . '</div>';
}
// เลือกเมนู
$menu = empty($install_modules[$index['module']]['alias']) ? $index['module'] : $install_modules[$index['module']]['alias'];
}
}