/**
* Upload Proccess Function.
* This will do the upload proccess. This function need some variables, eg:
* @param string $input This is the input field name.
* @param string $path This is the path the file will be stored.
* @param array $allowed This is the array of the allowed file extension.
* @param false $uniq Set to true if want to use a unique name.
* @param int $size File size maximum allowed.
* @param int $width The width of the dimension.
* @param int $height The height of the dimension.
*
* @return array
*
* @author Puguh Wijayanto (www.metalgenix.com)
* @since 0.0.1
*/
public static function go($input, $path, $allowed = '', $uniq = false, $size = '', $width = '', $height = '')
{
$filename = Typo::cleanX($_FILES[$input]['name']);
$filename = str_replace(' ', '_', $filename);
if (isset($_FILES[$input]) && $_FILES[$input]['error'] == 0) {
if ($uniq == true) {
$site = Typo::slugify(Options::get('sitename'));
$uniqfile = $site . '-' . sha1(microtime() . $filename) . '-';
} else {
$uniqfile = '';
}
$extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION);
$filetmp = $_FILES[$input]['tmp_name'];
$filepath = GX_PATH . $path . $uniqfile . $filename;
if (!in_array(strtolower($extension), $allowed)) {
$result['error'] = 'File not allowed';
} else {
if (move_uploaded_file($filetmp, $filepath)) {
$result['filesize'] = filesize($filepath);
$result['filename'] = $uniqfile . $filename;
$result['path'] = $path . $uniqfile . $filename;
$result['filepath'] = $filepath;
$result['fileurl'] = Site::$url . $path . $uniqfile . $filename;
} else {
$result['error'] = 'Cannot upload to directory, please check
if directory is exist or You had permission to write it.';
}
}
} else {
//$result['error'] = $_FILES[$input]['error'];
$result['error'] = '';
}
return $result;
}
define('GX_PATH', realpath(__DIR__ . '/'));
define('GX_LIB', GX_PATH . '/inc/lib/');
define('GX_MOD', GX_PATH . '/inc/mod/');
define('GX_THEME', GX_PATH . '/inc/themes/');
define('GX_ASSET', GX_PATH . '/assets/');
require "autoload.php";
try {
new System();
} catch (Exception $e) {
echo $e->getMessage();
}
if (isset($_POST['forgotpass'])) {
// Check token first
if (isset($_POST['token']) && Token::isExist($_POST['token'])) {
/*check if username is exist or not */
$username = Typo::cleanX(Typo::strip($_POST['username']));
$sql = sprintf("SELECT `userid`,`email`,`status`,`activation` FROM `user` WHERE `userid` = '%s'", $username);
$usr = Db::result($sql);
$c = Db::$num_rows;
//echo $c;
//print_r($usr);
if ($c == "1") {
//$alertgreen = "";
// check if user is active
if ($usr[0]->status == '1') {
/* get user password */
$newpass = User::generatePass();
$id = User::id($username);
$pass = User::randpass($newpass);
$vars = array('id' => $id, 'user' => array('pass' => $pass));
User::update($vars);
Posts::delete($id);
}
}
if (isset($_POST['token'])) {
Token::remove($_POST['token']);
}
break;
default:
# code...
break;
}
// search query
$where = "";
$qpage = "";
if (isset($_GET['q']) && $_GET['q'] != '') {
$q = Typo::cleanX($_GET['q']);
$where .= "AND (`title` LIKE '%{$q}%' OR `content` LIKE '%{$q}%') ";
$qpage .= "&q={$_GET['q']}";
}
if (isset($_GET['cat']) && $_GET['cat'] != '') {
$cat = Typo::int($_GET['cat']);
$where .= "AND `cat` = '{$cat}' ";
$qpage .= "&cat={$cat}";
}
if (isset($_GET['from']) && $_GET['from'] != '') {
$where .= "AND `date` >= '{$_GET['from']}' ";
$qpage .= "&from={$_GET['from']}";
}
if (isset($_GET['to']) && $_GET['to'] != '') {
$where .= "AND `date` <= '{$_GET['to']}' ";
$qpage .= "&to={$_GET['to']}";
switch ($submit) {
case true:
if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) {
// VALIDATE ALL
$alertred[] = TOKEN_NOT_EXIST;
}
if (!isset($_POST['name']) || $_POST['name'] == '') {
$alertred[] = MENU_NAME_CANNOT_EMPTY;
}
if (!isset($_POST['type']) || $_POST['type'] == '') {
$alertred[] = MENU_TYPE_CANNOT_EMPTY;
}
if (isset($alertred)) {
$data['alertred'] = $alertred;
} else {
$vars = array('parent' => Typo::int($_POST['parent']), 'menuid' => Typo::strip($_POST['id']), 'name' => Typo::cleanX($_POST['name']), 'class' => Typo::cleanX($_POST['class']), 'type' => Typo::strip($_POST['type']), 'value' => Typo::cleanX($_POST[$_POST['type']]));
Menus::insert($vars);
$data['alertgreen'][] = 'Menu Item Added';
Token::remove($_POST['token']);
}
break;
default:
# code...
break;
}
// ADD MENU ITEM END
// CHANGE ORDER START
if (isset($_POST['changeorder'])) {
$submit = true;
} else {
$submit = false;
if (!Xaptcha::verify($_POST['g-recaptcha-response'])) {
$alertred[] = "Your Captcha is not correct.";
}
}
if (!User::is_exist($_POST['userid'])) {
$alertred[] = MSG_USER_EXIST;
}
if (!User::is_same($_POST['pass1'], $_POST['pass1'])) {
$alertred[] = MSG_USER_PWD_MISMATCH;
}
if (!User::is_email($_POST['email'])) {
$alertred[] = MSG_USER_EMAIL_EXIST;
}
if (!isset($alertred)) {
$activation = Typo::getToken(60);
$vars = array('user' => array('userid' => Typo::cleanX(Typo::strip($_POST['userid'])), 'pass' => User::randpass($_POST['pass1']), 'email' => $_POST['email'], 'group' => '4', 'status' => '0', 'join_date' => date("Y-m-d H:i:s"), 'activation' => $activation), 'user_detail' => array('userid' => Typo::cleanX(Typo::strip($_POST['userid']))));
if (User::create($vars) === true) {
$data['alertgreen'][] = REG_ACTIVATE_ACCOUNT;
} else {
$alertred[] = REG_CANT_CREATE_ACCOUNT;
}
$vars = array('to' => $_POST['email'], 'to_name' => $_POST['userid'], 'subject' => 'Account Activation Needed at ' . Site::$name, 'message' => '
Hi ' . $_POST['userid'] . ',
Thank You for Registering with Us. Please activate your account by clicking this link :
' . Site::$url . '/register.php?activation=' . $activation . '
Sincerely,
{$sitename}
', 'mailtype' => 'text');
$mailsend = Mail::send($vars);
public static function avatar($id)
{
$usr = Db::result(sprintf("SELECT * FROM `user_detail` WHERE `id` = '%d' OR `userid` = '%s' LIMIT 1", Typo::int($id), Typo::cleanX($id)));
return $usr[0]->avatar;
}
* @link https://github.com/semplon/GeniXCMS
* @link http://genixcms.org
* @author Puguh Wijayanto (www.metalgenix.com)
* @copyright 2014-2015 Puguh Wijayanto
* @license http://www.opensource.org/licenses/mit-license.php MIT
*
*/
switch ($_GET['page']) {
case 'sitemap':
# code...
Sitemap::create();
exit;
break;
default:
# code...
$page = Typo::cleanX(Typo::strip($_GET['page']));
$data['posts'] = Db::result(sprintf("SELECT * FROM `posts` \n WHERE (`id` = '%d' OR `slug` = '%s')\n AND `type` = 'page'\n AND `status` = '1'\n LIMIT 1", $page, $page));
if (Db::$num_rows > 0) {
Theme::theme('header', $data);
Theme::theme('page', $data);
Theme::footer();
Stats::addViews($page);
exit;
} else {
Control::error('404');
exit;
}
break;
}
/* End of file page.control.php */
/* Location: ./inc/lib/Control/Frontend/page.control.php */
$flip = array_flip($_POST);
$sql = "SELECT * FROM `options` WHERE `value` = 'on'";
$q = Db::result($sql);
foreach ($q as $ob) {
if (isset($flip[$ob->name])) {
$vars[$ob->name] = 'on';
//echo $ob->name;
} else {
$vars[$ob->name] = 'off';
//echo $ob->name;
}
}
//print_r($ob);
foreach ($_POST as $key => $val) {
# code...
$vars[$key] = Typo::cleanX($val);
}
unset($vars['change']);
//print_r($vars);
Options::update($vars);
$data['alertgreen'][] = MSG_SETTINGS_SAVED;
}
if (isset($_POST['token'])) {
Token::remove($_POST['token']);
}
break;
default:
# code...
//print_r($data);
break;
}
<?php
if (isset($_POST['sendmail'])) {
// check token first
if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) {
# code...
$alertred[] = TOKEN_NOT_EXIST;
}
if (isset($alertred)) {
$data['alertred'] = $alertred;
} else {
$subject = Typo::cleanX($_POST['subject']);
$msg = $_POST['message'];
if ($_POST['type'] == 'text') {
# code...
$msg = str_replace('<br>', "\r\n\r\n", $msg);
$msg = str_replace('</p><p>', "\r\n\r\n", $msg);
$msg = str_replace(' ', " ", $msg);
$msg = strip_tags($msg);
} else {
$msg = $msg;
}
$msg = str_replace('{{sitename}}', Site::$name, $msg);
$msg = str_replace('{{siteurl}}', Site::$url, $msg);
$msg = str_replace('{{sitemail}}', Site::$email, $msg);
if ($_POST['recipient'] == '') {
$usr = Db::result("SELECT * FROM `user`");
foreach ($usr as $u) {
# code...
$msgs = str_replace('{{userid}}', $u->userid, $msg);
$vars = array('to' => $u->email, 'to_name' => $u->userid, 'message' => $msgs, 'subject' => $subject, 'msgtype' => $_POST['type']);
//print_r($cat);
$data['alertgreen'][] = MSG_CATEGORY_ADDED . " " . $_POST['cat'];
}
if (isset($_POST['token'])) {
Token::remove($_POST['token']);
}
break;
default:
# code...
break;
}
switch (isset($_POST['updatecat'])) {
case true:
# code...
// cleanup first
$cat = Typo::cleanX($_POST['cat']);
if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) {
// VALIDATE ALL
$alertred[] = TOKEN_NOT_EXIST;
}
if (isset($alertred)) {
$data['alertred'] = $alertred;
} else {
$vars = array('table' => 'cat', 'id' => Typo::int($_POST['id']), 'key' => array('name' => $cat));
$cat = Db::update($vars);
$data['alertgreen'][] = MSG_CATEGORY_UPDATED . " " . $_POST['cat'];
}
if (isset($_POST['token'])) {
Token::remove($_POST['token']);
}
break;
