// admin/mailto.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ สมาชิก
if (gcms::isReferer() && gcms::isMember()) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$topic = htmlspecialchars(trim($_POST['email_subject']));
$detail = gcms::ckClean($_POST['email_detail']);
$reciever = htmlspecialchars(trim($_POST['email_reciever']));
if (gcms::isAdmin()) {
$sender = $db->getRec(DB_USER, $_POST['email_from']);
} else {
$sender = $_SESSION['login'];
}
// ตรวจสอบค่าที่ส่งมา
if ($sender['email'] == '') {
$ret['error'] = 'ACTION_ERROR';
} elseif ($reciever == '') {
$ret['error'] = 'RECIEVER_EMPTY';
$ret['input'] = 'email_reciever';
} elseif ($sender == $reciever) {
$ret['error'] = 'ACTION_ERROR';
} elseif ($topic == '') {
$ret['error'] = 'TOPIC_EMPTY';
$ret['input'] = 'email_subject';
<?php
// admin/savestatus.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::isAdmin()) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// action
$action = gcms::getVars($_POST, 'action', '');
// โหลด config ใหม่
$config = array();
if (is_file(CONFIG)) {
include CONFIG;
}
if ($action == 'config_status_add') {
if (!isset($config['member_status'][0])) {
$config['member_status'][0] = 'สมาชิก';
$config['color_status'][0] = '#006600';
}
if (!isset($config['member_status'][1])) {
$config['member_status'][1] = 'ผู้ดูแลระบบ';
$config['color_status'][1] = '#FF0000';
}
// เพิ่มสถานะสมาชิกใหม่
$config['member_status'][] = "{$lng['LNG_CLICK_TO']} {$lng['LNG_EDIT']}";
$config['color_status'][] = '#000000';
}
}
$_SESSION['emails'] = implode(',', $emails);
}
$widget[] = '<option value=admin>{LNG_ADMIN}</option>';
foreach ($emails as $i => $email) {
$widget[] = '<option value=' . $i . '>' . $email . '</option>';
}
$widget[] = '</select></span></div>';
// sender
$widget[] = '<div class=item><label for=mail_sender>{LNG_EMAIL_SENDER}</label><span class="g-input icon-email"><input type=text name=mail_sender id=mail_sender value="' . (isset($_SESSION['login']['email']) ? $_SESSION['login']['email'] : '') . '"></span></div>';
// subject
$widget[] = '<div class=item><label for=mail_topic>{LNG_EMAIL_SUBJECT}</label><span class="g-input icon-edit"><input type=text name=mail_topic id=mail_topic value="' . $subject . '"></span></div>';
// detail
$widget[] = '<div class=item><label for=mail_detail>{LNG_DETAIL}</label><span class="g-input icon-file"><textarea id=mail_detail name=mail_detail rows=10></textarea></span></div>';
// anti spam
$widget[] = '<div class=item><label class="g-input antispam"><span><img src="' . WEB_URL . '/antispamimage.php?id=' . $antispam . '" alt=Antispam></span>';
$widget[] = '<input type=text name=mail_antispam id=mail_antispam maxlength=4 value="' . (gcms::isAdmin() ? $_SESSION[$antispam] : '') . '" placeholder="{LNG_ANTISPAM_COMMENT}">';
$widget[] = '</span></div>';
$widget[] = '<div class=item>';
$widget[] = '<input type=submit id=mail_submit class="button large send" value="{LNG_SEND_MESSAGE}">';
$widget[] = '<input type=hidden name=antispam value="' . $antispam . '">';
$widget[] = '</div>';
$widget[] = '</form>';
$widget[] = '<script>';
$widget[] = '$G(window).Ready(function(){';
$widget[] = 'new GForm("contact_frm", "' . WEB_URL . '/widgets/contact/sendmail.php", null, false).onsubmit(doFormSubmit);';
$widget[] = '});';
$widget[] = '</script>';
$widget = implode("\n", $widget);
}
<?php
// admin/import.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
// ไฟล์ที่ส่งมา
$file = $_FILES['import_file'];
// แอดมินเท่านั้น
if (gcms::isReferer() && gcms::isAdmin() && $file['tmp_name'] != '') {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
echo gcms::array2json(array('error' => 'EX_MODE_ERROR'));
} else {
// long time
set_time_limit(0);
// อัปโหลด
$fr = file($file['tmp_name']);
// query ทีละบรรทัด
foreach ($fr as $value) {
$sql = str_replace(array('\\r', '\\n', '{prefix}', '/{WEBMASTER}/', '/{WEBURL}/'), array("\r", "\n", PREFIX, $_SESSION['login']['email'], WEB_URL), trim($value));
if ($sql != '') {
$db->query($sql);
}
}
}
}
include_once ROOT_PATH . "modules/{$owner}/config.php";
}
if (is_file(ROOT_PATH . "modules/{$owner}/inint.php")) {
include_once ROOT_PATH . "modules/{$owner}/inint.php";
}
if ($cron && is_file(ROOT_PATH . "modules/{$owner}/cron.php")) {
include_once ROOT_PATH . "modules/{$owner}/cron.php";
}
}
// โหลดโมดูล login
include ROOT_PATH . 'modules/member/login.php';
$mainlogin = $content;
// login
$isMember = gcms::isMember();
// admin
$isAdmin = gcms::isAdmin();
// บันทึก counter และ useronline
include ROOT_PATH . 'counter.php';
include ROOT_PATH . 'useronline.php';
// ค่า title,description และ keyword ของเว็บหลัก
$title = $config['web_title'];
$description = $config['web_description'];
$keywords = $config['web_description'];
// แสดงผล template หลัก
$main_patt = array();
if (!empty($config['google_site_verification'])) {
$meta['google-site-verification'] = '<meta name=google-site-verification content="' . $config['google_site_verification'] . '">';
}
if (!empty($config['google_profile'])) {
$meta['author'] = '<link rel=author href="https://plus.google.com/' . $config['google_profile'] . '">';
$meta['publisher'] = '<link rel=publisher href="https://plus.google.com/' . $config['google_profile'] . '">';
<?php
// widgets/textlink/admin_action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer, admin
if (gcms::isReferer() && gcms::isAdmin() && (empty($_SESSION['login']['account']) || $_SESSION['login']['account'] != 'demo')) {
// ค่าที่ส่งมา
$action = gcms::getVars($_POST, 'action', '');
$id = gcms::getVars($_POST, 'id', '');
$value = gcms::getVars($_POST, 'value', 0);
if ($action == 'delete') {
$sql = "SELECT `logo` FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id}) AND logo != ''";
foreach ($db->customQuery($sql) as $item) {
@unlink(DATA_PATH . 'image/' . $item['logo']);
}
$db->query("DELETE FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id})");
} elseif ($action == 'published') {
$db->query("UPDATE `" . DB_TEXTLINK . "` SET `published`='{$value}' WHERE `id` IN({$id})");
} elseif ($action == 'move') {
// move menu
$max = 1;
foreach (explode(',', str_replace('user-', '', $_POST['data'])) as $i) {
$db->query("UPDATE `" . DB_TEXTLINK . "` SET `link_order`=" . $max . " WHERE `id`=" . (int) $i . " LIMIT 1");
$max++;
}
} elseif ($action == 'styles') {
// styles
include ROOT_PATH . 'widgets/textlink/styles.php';
// template
* * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") * http://www.gnu.org/licenses/lgpl.html * * - Mozilla Public License Version 1.1 or later (the "MPL") * http://www.mozilla.org/MPL/MPL-1.1.html * * == END LICENSE == * * Configuration file for the File Manager Connector for PHP. */ global $config; // config ของระบบ include '../../../../bin/load.php'; // ตรวจสอบการ login สำหรับสมาชิกเท่านั้น $config['Enabled'] = gcms::isAdmin() || gcms::isMember() && isset($_SESSION['CKEDITOR']) && $_SESSION['CKEDITOR'] == $_SESSION['login']['id']; // กำหนดการอัปโหลดไฟล์โดยใช้ชื่อเดิม หรือเป็นตัวเลข (เวลา) // true ใช้ชื่อเดิมของไฟล์ (rename ชื่อซ้ำ) // false ใช้ชื่อไฟล์เป็นเวลา (mktime) $config['UploadOrginalFilename'] = false; // โฟลเดอร์ ที่เก็บไฟล์ $config['UserFilesPath'] = DATA_FOLDER; // path ที่เก็บไฟล์ตั้งแต่ root ของ Server $config['UserFilesAbsolutePath'] = DATA_PATH; // Due to security issues with Apache modules, it is recommended to leave the // following setting enabled. $config['ForceSingleExtension'] = true; // Perform additional checks for image files. // If set to true, validate image size (using getimagesize). $config['SecureImageUploads'] = true; // What the user can do with this connector.
// inint
include '../bin/inint.php';
// action
$action = gcms::getVars($_POST, 'action', '');
// ตรวจสอบ id
$ids = array();
foreach (explode(',', $_POST['id']) as $id) {
// ไม่สามารถแก้ไขตัวเองได้
if ($_SESSION['login']['id'] != $id) {
$ids[] = (int) $id;
}
}
// id ของ สมาชิกทั้งหมดที่ส่งมา
$ids = implode(',', $ids);
// ตรวจสอบ referer และ admin
if (gcms::isReferer() && gcms::isAdmin() && $ids != '') {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
echo $lng['ACTION_FORBIDDEN'];
} else {
if ($action == 'delete') {
// ลบสมาชิกที่เลือก
$sql = "SELECT `icon` FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `id`!=1 AND `icon`!=''";
foreach ($db->customQuery($sql) as $item) {
// ลบรูปภาพสมาชิก
@unlink(USERICON_FULLPATH . $item['icon']);
}
// ลบสมาชิก
$db->query("DELETE FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `id`!=1");
} elseif ($action == 'activate' || $action == 'sendpassword') {
// ส่งอีเมล์ยืนยันสมาชิก อีกครั้ง
$sql = "SELECT `id`,`email`,`activatecode` FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `fb`='0'";
<?php
// admin/savewrite.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ แอดมิน
if (gcms::isReferer() && gcms::isAdmin() && (isset($_POST['intro']) || isset($_POST['maintenance']))) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ภาษาทีต้องการบันทึก
$lang = gcms::getVars($_POST, 'write_language', '');
$lang = in_array($lang, $config['languages']) ? $lang : LANGUAGE;
$patt = array();
$replace = array();
// ตัด /r/n
$patt[] = '/[\\r\\n]{1,}/su';
$replace[] = '';
// หน้าว่างๆ
$patt[] = '/^( |\\s){0,}<br[\\s\\/]+?>( |\\s){0,}$/iu';
$replace[] = '';
// ตัด PHP
$patt[] = '/<\\?(.*?)\\?>/su';
$replace[] = '';
$save = array();
$detail = $db->sql_quote(preg_replace($patt, $replace, $_POST['write_detail']));
// ตรวจสอบ ข้อความเดิม
$key = isset($_POST['intro']) && $_POST['intro'] == 1 ? 'INTRO_PAGE_DETAIL' : 'MAINTENANCE_DETAIL';
$search = $db->basicSearch(DB_LANGUAGE, 'key', $key);
$login_email = empty($_COOKIE[PREFIX . '_login_email']) ? '' : gcms::decode($_COOKIE[PREFIX . '_login_email']);
$login_password = empty($_COOKIE[PREFIX . '_login_password']) ? '' : gcms::decode($_COOKIE[PREFIX . '_login_password']);
}
$isMember = false;
$isAdmin = false;
if ($login_email != '' && $login_password != '') {
// ตรวจสอบการ login
$login_result = gcms::CheckLogin($login_email, $login_password);
if (is_array($login_result)) {
// login สำเร็จ
$_SESSION['login'] = $login_result;
$_SESSION['login']['password'] = $login_password;
// login
$isMember = true;
// admin
$isAdmin = $isMember && gcms::isAdmin();
// ตรวจสอบการปันทึกการ login
if ($login_remember) {
// บันทึก user, password
setCookie(PREFIX . '_login_email', gcms::encode($login_result['email']), time() + 3600 * 24 * 365, '/');
setCookie(PREFIX . '_login_password', gcms::encode($login_password), time() + 3600 * 24 * 365, '/');
}
setCookie(PREFIX . '_login_remember', $login_remember, time() + 3600 * 24 * 365, '/');
} else {
// ข้อความผิดพลาด
$error = array();
$error[] = $lng['LNG_MEMBER_NOT_FOUND'];
$error[] = $lng['LNG_MEMBER_NO_ACTIVATE'];
$error[] = $lng['LNG_MEMBER_BAN'];
$error[] = $lng['LNG_PASSWORD_INCORRECT'];
$error[] = $lng['LNG_MEMBER_LOGIN_EXISTS'];
$module = $match[1];
$value = gcms::getVars($_POST, 'value', 0);
} else {
$action = gcms::getVars($_POST, 'action', '');
$id = gcms::getVars($_POST, 'id', '');
$value = gcms::getVars($_POST, 'value', 0);
$module = gcms::getVars($_POST, 'module', 0);
}
// โมดูลที่เรียก
$index = $db->getRec(DB_MODULES, $module);
if ($index) {
// config
gcms::r2config($index['config'], $index);
// ตรวจสอบ เจ้าของ แอดมิน
$sql = "SELECT `id`,`picture` FROM `" . DB_INDEX . "` WHERE `id` IN({$id}) AND `module_id`='{$index['id']}'";
if (!gcms::canConfig($index, 'moderator') && !gcms::isAdmin()) {
$sql .= ' AND `member_id`=' . (int) $_SESSION['login']['id'];
}
$ids = array();
foreach ($db->customQuery($sql) as $item) {
$ids[$item['id']] = $item['picture'];
}
if (sizeof($ids) > 0) {
$id = implode(',', array_keys($ids));
if ($action == 'delete') {
// ลบ (บทความ)
foreach ($ids as $i => $item) {
@unlink(DATA_PATH . "document/{$item}");
}
$db->query("DELETE FROM `" . DB_COMMENT . "` WHERE `index_id` IN ({$id}) AND `module_id`='{$index['id']}'");
$db->query("DELETE FROM `" . DB_INDEX . "` WHERE `id` IN ({$id}) AND `module_id`='{$index['id']}'");
