$id = $val->validasi($item['deldata'], 'xss'); $tabledel->deleteBy('id_tag', $id); } header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'tag' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { if (empty($_POST['tag'])) { header('location:../../404.php'); } else { $post = $val->validasi($_POST['tag'], 'xss'); $pecah = explode(",", $post); $total = count($pecah); $table = new PoTable('tag'); for ($i = 0; $i < $total; $i++) { $tag_title = $pecah[$i]; $tag_seo = seo_title($tag_title); $table->save(array('tag_title' => $tag_title, 'tag_seo' => $tag_seo)); } header('location:../../admin.php?mod=' . $mod); } } else { header('location:../../404.php'); } } }
} elseif ($mod == 'siswa' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $siswa = $val->validasi($_POST['siswa'], 'xss'); $table = new PoTable('siswa'); $nis = $_POST['nis']; $nama_siswa = $_POST['nama']; $jk = $_POST['jk']; $alamat = $_POST['alamat']; $idk = $_POST['idk']; $tlp = $_POST['tlp']; $ayah = $_POST['ayah']; $p_ayah = $_POST['p_ayah']; $ibu = $_POST['ibu']; $p_ibu = $_POST['p_ibu']; $pass = $_POST['pass']; $table->save(array('id_siswa' => '', 'nis' => $nis, 'nama' => $nama_siswa, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'tlp' => $tlp, 'ayah' => $ayah, 'p_ayah' => $p_ayah, 'ibu' => $ibu, 'p_ibu' => $p_ibu, 'pass' => $pass)); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'siswa' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id_siswa'], 'sql'); $nis = $_POST['nis']; $nama_siswa = $_POST['nama']; $jk = $_POST['jk']; $alamat = $_POST['alamat']; $idk = $_POST['idk']; $tlp = $_POST['tlp']; $ayah = $_POST['ayah']; $p_ayah = $_POST['p_ayah'];
$website_url = $currentSet->website_url; $meta_description = $currentSet->meta_description; $meta_keyword = $currentSet->meta_keyword; $favicon = $currentSet->favicon; $mode_maintenance = $currentSet->website_maintenance; $website_cache = $currentSet->website_cache; $website_cache_time = $currentSet->website_cache_time; $member_register = $currentSet->member_register; $ipstat = $_SERVER['REMOTE_ADDR']; $tanggalstat = date("Ymd"); $waktustat = time(); $tablestat = new PoTable('traffic'); $totalstat = $tablestat->numRowByAnd(ip, $ipstat, tanggal, $tanggalstat); if ($totalstat == 0) { $tablestatp = new PoTable('traffic'); $tablestatp->save(array('ip' => $ipstat, 'tanggal' => $tanggalstat, 'hits' => 1, 'online' => $waktustat)); } else { $tablestatp2 = new PoTable('traffic'); $statpro = $tablestatp2->findByAnd(ip, $ipstat, tanggal, $tanggalstat); $statpro = $statpro->current(); $hitspro = $statpro->hits; $hitspro = $hitspro + 1; $datastat = array('hits' => $hitspro, 'online' => $waktustat); $tablestat2 = new PoTable('traffic'); $tablestat2->updateByAnd('ip', $ipstat, 'tanggal', $tanggalstat, $datastat); } /*--- hapus baris ini dan ubah urlnya jika web Anda sudah di hosting function facebook_shares($url){ $fql = "SELECT url, normalized_url, share_count, like_count, comment_count, "; $fql .= "total_count, commentsbox_count, comments_fbid, click_count FROM "; $fql .= "link_stat WHERE url = '".$url."'";
@unlink($_FILES['file']['tmp_name']); } else { die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}'); } } else { die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}'); } } else { // Open temp file $out = fopen($targetDir . DIRECTORY_SEPARATOR . $fileName, $chunk == 0 ? "wb" : "ab"); if ($out) { // Read binary input stream and append it to temp file $in = fopen("php://input", "rb"); if ($in) { while ($buff = fread($in, 4096)) { fwrite($out, $buff); } $table = new PoTable('media'); $table->save(array('file_name' => $fileName, 'file_type' => $fileType, 'file_size' => $fileSize, 'date' => $tgl_sekarang)); } else { die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}'); } fclose($in); fclose($out); } else { die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}'); } } // Return JSON-RPC response die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}'); }
$seotitle = $val->validasi($_POST['seotitle'], 'xss'); $name = $val->validasi($_POST['name'], 'xss'); $email = $val->validasi($_POST['email'], 'xss'); $url = $val->validasi($_POST['url'], 'xss'); $comment = $val->validasi($_POST['comment'], 'xss'); $split_text = explode(" ", $comment); $split_count = count($split_text); $max = 57; for ($i = 0; $i <= $split_count; $i++) { if (strlen($split_text[$i]) >= $max) { for ($j = 0; $j <= strlen($split_text[$i]); $j++) { $char[$j] = substr($split_text[$i], $j, 1); if ($j % $max == 0 && $j != 0) { $v_text .= $char[$j] . ' '; } else { $v_text .= $char[$j]; } } } else { $v_text .= " " . $split_text[$i] . " "; } } $table = new PoTable('comment'); $table->save(array('id_post' => $id, 'name' => $name, 'email' => $email, 'url' => $url, 'comment' => $v_text, 'date' => $tgl_sekarang, 'time' => $jam_sekarang)); unset($_POST); echo "<script language='javascript'>\r\n window.alert('Terima kasih atas komentar yang Anda berikan \n Komentar Anda akan diperiksa terlebih dahulu sebelum di tampilkan')\r\n window.location.href='detailpost/{$seotitle}';\r\n </script>"; } /* }else{ header("location:404.php"); }*/ //}
} file_put_contents($dirpath . "/proses.php", $dumpingproses21, FILE_APPEND | LOCK_EX); } $dumpingproseslast = <<<EOS } ?> EOS; file_put_contents($dirpath . "/proses.php", $dumpingproseslast, FILE_APPEND | LOCK_EX); echo "<li class='list-group-item'>- WRITE CODE INTO `proses.php`</li>"; // Registration new component to component list $regcomponent = "po-" . $compo_name; $tablereg = new PoTable('component'); $currentReg = $tablereg->findByAnd(component, $regcomponent, table_name, $compo_table); $currentReg = $currentReg->current(); if ($currentReg == "0") { $tablereg->save(array('component' => $regcomponent, 'table_name' => $compo_table, 'date' => $tgl_sekarang)); } // Finish all step echo "<li class='list-group-item'>- SUCCESSFULLY GENERATE NEW COMPONENT</li>"; ?> </ul> </div> <div class="panel-footer"> <a class="btn btn-sm btn-primary" href="../../admin.php?mod=<?php echo $compo_name; ?> ">Go To <?php echo $ucompo_name; ?> Component</a> <a class="btn btn-sm btn-danger pull-right" href="../../admin.php?mod=cogen">Back To CompoGen</a>
<?php session_start(); include_once 'po-library/po-database.php'; include_once 'po-library/po-function.php'; $val = new Povalidasi(); if (!$_SESSION['submit']) { header("location:404.php"); } else { if (empty($_POST['name_contact']) || empty($_POST['email_contact']) || empty($_POST['subject_contact']) || empty($_POST['message_contact'])) { header("location:404.php"); } else { $name_contact = $val->validasi($_POST['name_contact'], 'xss'); $email_contact = $val->validasi($_POST['email_contact'], 'xss'); $subject_contact = $val->validasi($_POST['subject_contact'], 'xss'); $message_contact = $val->validasi($_POST['message_contact'], 'xss'); $message = "<html>\r\n\t\t\t<body>\r\n\t\t\t\tName : {$name_contact}<br />\r\n\t\t\t\tEmail : {$email_contact}<br />\r\n\t\t\t\tMessage : {$message_contact}<br /><br />\r\n\t\t\t\tSend Date : {$hari_ini}, {$tgl_skrg}-{$bln_sekarang}-{$thn_sekarang} ({$jam_sekarang} WIB)\r\n\t\t\t</body>\r\n\t\t\t</html>"; $table = new PoTable('contact'); $table->save(array('name_contact' => $name_contact, 'email_contact' => $email_contact, 'subjek_contact' => $subject_contact, 'message_contact' => $message)); unset($_POST); echo "<script language='javascript'>\r\n window.alert('Succesfully Send Message')\r\n window.location.href='contact';\r\n </script>"; } }
<?php session_start(); include_once 'po-library/po-database.php'; include_once 'po-library/po-function.php'; $val = new Povalidasi(); if (!$_SESSION['submit']) { header("location:404.php"); } else { if (empty($_POST['email_address'])) { header("location:404.php"); } else { $tablecari = new PoTable('subscribe'); $currentCari = $tablecari->numRowBy(email, $_POST['email_address']); if ($currentCari > 0) { header("location:404.php"); } else { $email = $val->validasi($_POST['email_address'], 'xss'); $table = new PoTable('subscribe'); $table->save(array('email' => $email)); unset($_POST); echo "<script language='javascript'>\r\n window.alert('Succesfully Email Subscribe')\r\n window.location.href='./';\r\n </script>"; } } }
$currentRoleAccess = $tableroleaccess->findByAnd(id_level, $_SESSION['leveluser'], module, $mod); $currentRoleAccess = $currentRoleAccess->current(); // Input absen if ($mod == 'absen' and $act == 'view_data') { if ($currentRoleAccess->write_access == "Y") { $_SESSION['idk'] = $_POST['idk']; $_SESSION['jam'] = $_POST['jam']; header('location:../../admin.php?mod=' . $mod . '&act=addnew'); } else { header('location:../../404.php'); } } // Input absen if ($mod == 'absen' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $absen = $val->validasi($_POST['absen'], 'xss'); $table = new PoTable('absen'); $id_siswa = $_POST['id_siswa']; $kelas = $_POST['kelas']; $tgl = $_POST['tgl']; $ket = $_POST['ket']; $jam = $_POST['jam']; for ($i = 0; $i < count($id_siswa); $i++) { $table->save(array('ida' => '', 'id_siswa' => $id_siswa[$i], 'kelas' => $kelas[$i], 'tgl' => $tgl[$i], 'ket' => $ket[$i], 'jam' => $jam[$i])); } header('location:../../admin.php?mod=home'); } else { header('location:../../404.php'); } } }
if ($_POST['seotitle'] != "") { $seotitle = $_POST['seotitle']; } else { $seotitle = seo_title($title); } $data = $_POST['content']; $data = stripslashes($data); $eutf = htmlspecialchars($data, ENT_QUOTES); if (!empty($_POST['picture'])) { $picture = $_POST['picture']; $table = new PoTable('pages'); $table->save(array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'picture' => $picture)); header('location:../../admin.php?mod=' . $mod); } else { $table = new PoTable('pages'); $table->save(array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle)); header('location:../../admin.php?mod=' . $mod); } } else { header('location:../../404.php'); } } elseif ($mod == 'pages' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); if ($_POST['seotitle'] != "") { $seotitle = $_POST['seotitle']; } else { $seotitle = seo_title($title); } $data = $_POST['content'];
if (!empty($tmpName)) { if (in_array($ekstensi, $extensionList)) { move_uploaded_file($tmpName, $pathFile); $destination_dir = "../../po-component/{$component}"; if (file_exists($destination_dir)) { unlink("../../../po-content/po-upload/{$nama_file_unik}"); header('location:../../404.php'); } else { $file = "../../../po-content/po-upload/{$nama_file_unik}"; $archive = new PclZip($file); if ($archive->extract(PCLZIP_OPT_PATH, $destination_dir) == 0) { unlink("../../../po-content/po-upload/{$nama_file_unik}"); header('location:../../404.php'); } $table = new PoTable('component'); $table->save(array('component' => $component, 'table_name' => $table_name, 'date' => $tgl_sekarang)); unlink("../../../po-content/po-upload/{$nama_file_unik}"); header('location:../../admin.php?mod=' . $mod); } } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } else { header('location:../../404.php'); } } elseif ($mod == 'component' and $act == 'importtable') { if ($currentRoleAccess->modify_access == "Y") { $extensionList = array("sql");
$table = new PoTable('guru'); $table->updateBy('id_guru', $id, $data); } else { echo "404 Not Found Access"; } } elseif ($mod == 'guru' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $guru = $val->validasi($_POST['guru'], 'xss'); $table = new PoTable('guru'); $nip = $_POST['nip']; $nama_guru = $_POST['nama']; $jk = $_POST['jk']; $alamat = $_POST['alamat']; $idk = $_POST['idk']; $pass = $_POST['pass']; $table->save(array('id_guru' => '', 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass)); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'guru' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id_guru'], 'sql'); $nip = $_POST['nip']; $nama_guru = $_POST['nama']; $jk = $_POST['jk']; $alamat = $_POST['alamat']; $idk = $_POST['idk']; $pass = $_POST['pass']; $data = array('id_guru' => $id, 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass); $table = new PoTable('guru');
$resultdata[$x]['start'] = $resultdata[$x]['date'] . ' 00:00'; $resultdata[$x]['end'] = $resultdata[$x]['date'] . ' 00:00'; } else { $resultdata[$x]['allday'] = 'false'; $resultdata[$x]['starttime'] = $realtime[0]; $resultdata[$x]['endtime'] = !empty($realtime[1]) ? $realtime[1] : $realtime[0]; $resultdata[$x]['start'] = $resultdata[$x]['date'] . ' ' . $resultdata[$x]['starttime']; $resultdata[$x]['end'] = $resultdata[$x]['date'] . ' ' . $resultdata[$x]['endtime']; } } $resultdata[$x]['time'] = $value2; } $data = trim($value); $data = stripslashes($data); $eutf = htmlspecialchars($data, ENT_QUOTES); $resultdata[$x]['content'] = $eutf; //Overall content } } } $copyfile = $dir['con'] . 'event/success/'; if (!is_readable($copyfile . $_FILES['eventfile']['name'])) { $table = new PoTable('event'); foreach ($resultdata as $key => $value) { $table->save(array('title' => $value['title'], 'startevt' => $value['start'], 'endevt' => $value['end'], 'allday' => $value['allday'], 'content' => $value['content'], 'seotitle' => $value['seotitle'], 'color' => $color)); } } move_uploaded_file($_FILES['eventfile']['tmp_name'], $copyfile . $_FILES['eventfile']['name']); header('location:../../admin.php?mod=' . $mod); } }
$id = $val->validasi($_POST['id'], 'sql'); $tabledel = new PoTable('event'); $tabledel->deleteBy('id_event', $id); header('location:../../admin.php?mod=' . $mod); } elseif ($mod == 'event' and $act == 'input') { $title = $val->validasi($_POST['title'], 'xss'); $seotitle = seo_title($title); $start = $val->validasi($_POST['start'], 'xss'); $end = $val->validasi($_POST['end'], 'xss'); $allday = $val->validasi($_POST['allday'], 'xss'); $data = $_POST['content']; $data = stripslashes($data); $eutf = htmlspecialchars($data, ENT_QUOTES); $color = $val->validasi($_POST['color'], 'xss'); $table = new PoTable('event'); $table->save(array('title' => $title, 'start' => $start, 'end' => $end, 'allday' => $allday, 'content' => $eutf, 'seotitle' => $seotitle, 'color' => $color)); header('location:../../admin.php?mod=' . $mod); } elseif ($mod == 'event' and $act == 'update') { $id = $val->validasi($_POST['id'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); $seotitle = seo_title($title); $data = $_POST['content']; $data = stripslashes($data); $eutf = htmlspecialchars($data, ENT_QUOTES); $color = $val->validasi($_POST['color'], 'xss'); $active = $val->validasi($_POST['active'], 'xss'); $data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'color' => $color, 'active' => $active); $table = new PoTable('event'); $table->updateBy('id_event', $id, $data); header('location:../../admin.php?mod=' . $mod); } elseif ($mod == 'event' and $act == 'updatedrag') {
} else { if (strlen($pass) >= 6) { if ($pass == $repass) { $currentUser = $table->findBy(username, $username); $currentUser = $currentUser->current(); if ($currentUser > 0) { header('location:register.php?errormsg=6'); } else { $tableuser = new PoTable('users'); $users = $tableuser->findAll('id_user', 'ASC'); foreach ($users as $user) { $user = $user->id_user; } $id_user = $user + 1; $table = new PoTable('users'); $table->save(array('id_user' => $id_user, 'username' => $username, 'password' => $passmd5, 'nama_lengkap' => 'Your Name', 'email' => $email, 'no_telp' => '08xxxxxxxxxx', 'bio' => "No matter how exciting or significant a person''s life is, a poorly written biography will make it seem like a snore. On the other hand, a good biographer can draw insight from an ordinary life-because they recognize that even the most exciting life is an ordinary life! After all, a biography isn''t supposed to be a collection of facts assembled in chronological order; it''s the biographer''s interpretation of how that life was different and important.", 'userpicture' => '', 'level' => '3', 'tgl_daftar' => $tgl_sekarang, 'blokir' => 'Y', 'id_session' => $passmd5)); $tableset = new PoTable('setting'); $currentSet = $tableset->findBy(id_setting, '1'); $currentSet = $currentSet->current(); $website_name = $currentSet->website_name; $website_url = $currentSet->website_url; $website_email = $currentSet->website_email; $to = "{$username} <{$email}>"; $from = "{$website_name} <{$website_email}>"; $subject = "Email Account Activation For {$website_name}"; $message = "<html>\n\t\t\t\t\t\t\t<body>\n\t\t\t\t\t\t\t\tIndonesia :<br />\n\t\t\t\t\t\t\t\t-----------<br />\n\t\t\t\t\t\t\t\tHi {$username},<br />\n\t\t\t\t\t\t\t\tJika anda tidak pernah mendaftarkan akun di {$website_name}, silahkan untuk menghiraukan email ini.<br />\n\t\t\t\t\t\t\t\tTetapi jika benar Anda telah membuat akun di {$website_name}, maka silahkan untuk mengklik tautan (link) di bawah ini untuk mengaktifkan akun Anda :<br /><br />\n\t\t\t\t\t\t\t\t<a href=\"{$website_url}/po-admin/activation.php?activeuser={$username}&key={$passmd5}\" title=\"Account Activation\">{$website_url}/po-admin/activation.php?activeuser={$username}&key={$passmd5}</a><br /><br />\n\t\t\t\t\t\t\t\tSetelah link tersebut diklik maka akun Anda telah diaktifkan dan telah terverifikasi, silahkan login dengan data berikut :<br /><br />\n\t\t\t\t\t\t\t\t--------------------<br />\n\t\t\t\t\t\t\t\tUsername : {$username}<br />\n\t\t\t\t\t\t\t\tPassword : {$pass}<br />\n\t\t\t\t\t\t\t\t--------------------<br /><br />\n\t\t\t\t\t\t\t\tSalam hangat,<br />\n\t\t\t\t\t\t\t\t{$website_name}.<br /><br /><br />\n\t\t\t\t\t\t\t\tEnglish :<br />\n\t\t\t\t\t\t\t\t-----------<br />\n\t\t\t\t\t\t\t\tHi {$username},<br />\n\t\t\t\t\t\t\t\tIf you have never registered account in {$website_name}, please to ignore this email.<br />\n\t\t\t\t\t\t\t\tBut if you really are registered account in {$website_name}, please to click on a link below to activated yout account :<br /><br />\n\t\t\t\t\t\t\t\t<a href=\"{$website_url}/po-admin/activation.php?activeuser={$username}&key={$passmd5}\" title=\"Account Activation\">{$website_url}/po-admin/activation.php?activeuser={$username}&key={$passmd5}</a><br /><br />\n\t\t\t\t\t\t\t\tThen automatically after you click a link above, your account have registered and verificated, please login with data :<br /><br />\n\t\t\t\t\t\t\t\t--------------------<br />\n\t\t\t\t\t\t\t\tUsername : {$username}<br />\n\t\t\t\t\t\t\t\tPassword : {$pass}<br />\n\t\t\t\t\t\t\t\t--------------------<br /><br />\n\t\t\t\t\t\t\t\tWarm regards,<br />\n\t\t\t\t\t\t\t\t{$website_name}.\n\t\t\t\t\t\t\t</body>\n\t\t\t\t\t\t</html>"; $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n"; $headers .= "From: " . $from . "\r\n"; mail($to, $subject, $message, $headers); header('location:200.php');
} } else { header('location:../../404.php'); } } else { $destination_dir = "../../../po-content/{$folder}"; if (file_exists($destination_dir)) { header('location:../../404.php'); } else { $file = "po-blank-theme.zip"; $archive = new PclZip($file); if ($archive->extract(PCLZIP_OPT_PATH, $destination_dir) == 0) { header('location:../../404.php'); } $table = new PoTable('theme'); $table->save(array('title' => $title, 'author' => $author, 'folder' => $folder)); header('location:../../admin.php?mod=' . $mod); } } } else { header('location:../../404.php'); } } elseif ($mod == 'theme' and $act == 'active') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $active = $val->validasi($_POST['active'], 'xss'); $tableS = new PoTable('theme'); $currentSearch = $tableS->findBy(active, 'Y'); $currentSearch = $currentSearch->current(); $id_theme = $currentSearch->id_theme; $actives = 'N';
$table = new PoTable('user_level'); $table->save(array('level' => $title)); header('location:../../admin.php?mod=' . $mod . '&act=userlevel'); } else { header('location:../../404.php'); } } elseif ($mod == 'user' and $act == 'adduserrole') { if ($currentRoleAccess->write_access == "Y") { $title = $val->validasi($_POST['title'], 'xss'); $level = $val->validasi($_POST['level'], 'xss'); $read_access = $val->validasi($_POST['read_access'], 'xss'); $write_access = $val->validasi($_POST['write_access'], 'xss'); $modify_access = $val->validasi($_POST['modify_access'], 'xss'); $delete_access = $val->validasi($_POST['delete_access'], 'xss'); $table = new PoTable('user_role'); $table->save(array('id_level' => $level, 'module' => $title, 'read_access' => $read_access, 'write_access' => $write_access, 'modify_access' => $modify_access, 'delete_access' => $delete_access)); header('location:../../admin.php?mod=' . $mod . '&act=userrole'); } else { header('location:../../404.php'); } } elseif ($mod == 'user' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'xss'); $iduser = $val->validasi($_POST['iduser'], 'xss'); $namalengkap = $val->validasi($_POST['nama_lengkap'], 'xss'); $email = $val->validasi($_POST['email'], 'xss'); $telp = $val->validasi($_POST['no_telp'], 'xss'); $level = $val->validasi($_POST['level'], 'xss'); $blokir = $val->validasi($_POST['blokir'], 'xss'); $locktype = $val->validasi($_POST['locktype'], 'xss'); $data = $_POST[bio];
} elseif ($mod == 'kelas' and $act == 'delimage') { if ($currentRoleAccess->delete_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $picture = ''; $data = array('picture' => $picture); $table = new PoTable('kelas'); $table->updateBy('id_kelas', $id, $data); } else { echo "404 Not Found Access"; } } elseif ($mod == 'kelas' and $act == 'input') { if ($currentRoleAccess->write_access == "Y") { $kelas = $val->validasi($_POST['kelas'], 'xss'); $table = new PoTable('kelas'); $nama_kelas = $_POST['nama']; $table->save(array('id_kelas' => '', 'nama' => $nama_kelas, 'kelas' => $kelas)); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php'); } } elseif ($mod == 'kelas' and $act == 'update') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $kelas = $val->validasi($_POST['kelas'], 'xss'); $nama = $val->validasi($_POST['nama'], 'xss'); $data = array('id_kelas' => $id, 'nama' => $nama, 'kelas' => $kelas); $table = new PoTable('kelas'); $table->updateBy('id_kelas', $id, $data); header('location:../../admin.php?mod=' . $mod); } else { header('location:../../404.php');
} else { $table = new PoTable('gallery'); $table->save(array('id_album' => $id_album, 'title' => $title)); header('location:../../admin.php?mod=' . $mod); } } else { header('location:../../404.php'); } } elseif ($mod == 'gallery' and $act == 'inputalbum') { if ($currentRoleAccess->write_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); $addalb = $val->validasi($_POST['addalb'], 'xss'); $seotitle = seo_title($title); $table = new PoTable('album'); $table->save(array('title' => $title, 'seotitle' => $seotitle)); if ($id == '') { header('location:../../admin.php?mod=' . $mod . '&act=' . $addalb); } else { header('location:../../admin.php?mod=' . $mod . '&act=edit&id=' . $id); } } else { header('location:../../404.php'); } } elseif ($mod == 'gallery' and $act == 'editgallery') { if ($currentRoleAccess->modify_access == "Y") { $id = $val->validasi($_POST['id'], 'sql'); $id_album = $val->validasi($_POST['id_album'], 'sql'); $title = $val->validasi($_POST['title'], 'xss'); if (!empty($_POST['picture'])) { $picture = $_POST['picture'];
header('location:404.php'); } else { if (isset($_REQUEST["name"])) { include_once '../../../../po-library/po-database.php'; include_once '../../../../po-library/po-function.php'; include_once 'PluploadHandler.php'; PluploadHandler::no_cache_headers(); PluploadHandler::cors_headers(); if (!PluploadHandler::handle(array('target_dir' => '../../../../po-content/po-upload/', 'allow_extensions' => 'jpg,jpeg,gif,png,zip,doc,docx,ppt,pptx,xls,xslx,rar,psd,txt,pdf,mp3,mp4,flv,avi'))) { die(json_encode(array('OK' => 0, 'error' => array('code' => PluploadHandler::get_error_code(), 'message' => PluploadHandler::get_error_message())))); } else { function po_sanitize_file_name($filename) { $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "\$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}"); $filename = str_replace($special_chars, '', $filename); $filename = preg_replace('/[\\s-]+/', '-', $filename); $filename = trim($filename, '.-_'); $filename = strtolower($filename); return $filename; } $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : ''; $fileType = $_FILES['file']['type']; $fileSize = $_FILES['file']['size']; $table = new PoTable('media'); $table->save(array('file_name' => po_sanitize_file_name($fileName), 'file_type' => $fileType, 'file_size' => $fileSize, 'date' => $tgl_sekarang)); die(json_encode(array('OK' => 1))); } } else { header('location:404.php'); } }