/** * Upload Proccess Function. * This will do the upload proccess. This function need some variables, eg: * @param string $input This is the input field name. * @param string $path This is the path the file will be stored. * @param array $allowed This is the array of the allowed file extension. * @param false $uniq Set to true if want to use a unique name. * @param int $size File size maximum allowed. * @param int $width The width of the dimension. * @param int $height The height of the dimension. * * @return array * * @author Puguh Wijayanto (www.metalgenix.com) * @since 0.0.1 */ public static function go($input, $path, $allowed = '', $uniq = false, $size = '', $width = '', $height = '') { $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if (isset($_FILES[$input]) && $_FILES[$input]['error'] == 0) { if ($uniq == true) { $site = Typo::slugify(Options::get('sitename')); $uniqfile = $site . '-' . sha1(microtime() . $filename) . '-'; } else { $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH . $path . $uniqfile . $filename; if (!in_array(strtolower($extension), $allowed)) { $result['error'] = 'File not allowed'; } else { if (move_uploaded_file($filetmp, $filepath)) { $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile . $filename; $result['path'] = $path . $uniqfile . $filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url . $path . $uniqfile . $filename; } else { $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } } else { //$result['error'] = $_FILES[$input]['error']; $result['error'] = ''; } return $result; }
define('GX_PATH', realpath(__DIR__ . '/')); define('GX_LIB', GX_PATH . '/inc/lib/'); define('GX_MOD', GX_PATH . '/inc/mod/'); define('GX_THEME', GX_PATH . '/inc/themes/'); define('GX_ASSET', GX_PATH . '/assets/'); require "autoload.php"; try { new System(); } catch (Exception $e) { echo $e->getMessage(); } if (isset($_POST['forgotpass'])) { // Check token first if (isset($_POST['token']) && Token::isExist($_POST['token'])) { /*check if username is exist or not */ $username = Typo::cleanX(Typo::strip($_POST['username'])); $sql = sprintf("SELECT `userid`,`email`,`status`,`activation` FROM `user` WHERE `userid` = '%s'", $username); $usr = Db::result($sql); $c = Db::$num_rows; //echo $c; //print_r($usr); if ($c == "1") { //$alertgreen = ""; // check if user is active if ($usr[0]->status == '1') { /* get user password */ $newpass = User::generatePass(); $id = User::id($username); $pass = User::randpass($newpass); $vars = array('id' => $id, 'user' => array('pass' => $pass)); User::update($vars);
Posts::delete($id); } } if (isset($_POST['token'])) { Token::remove($_POST['token']); } break; default: # code... break; } // search query $where = ""; $qpage = ""; if (isset($_GET['q']) && $_GET['q'] != '') { $q = Typo::cleanX($_GET['q']); $where .= "AND (`title` LIKE '%{$q}%' OR `content` LIKE '%{$q}%') "; $qpage .= "&q={$_GET['q']}"; } if (isset($_GET['cat']) && $_GET['cat'] != '') { $cat = Typo::int($_GET['cat']); $where .= "AND `cat` = '{$cat}' "; $qpage .= "&cat={$cat}"; } if (isset($_GET['from']) && $_GET['from'] != '') { $where .= "AND `date` >= '{$_GET['from']}' "; $qpage .= "&from={$_GET['from']}"; } if (isset($_GET['to']) && $_GET['to'] != '') { $where .= "AND `date` <= '{$_GET['to']}' "; $qpage .= "&to={$_GET['to']}";
switch ($submit) { case true: if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { // VALIDATE ALL $alertred[] = TOKEN_NOT_EXIST; } if (!isset($_POST['name']) || $_POST['name'] == '') { $alertred[] = MENU_NAME_CANNOT_EMPTY; } if (!isset($_POST['type']) || $_POST['type'] == '') { $alertred[] = MENU_TYPE_CANNOT_EMPTY; } if (isset($alertred)) { $data['alertred'] = $alertred; } else { $vars = array('parent' => Typo::int($_POST['parent']), 'menuid' => Typo::strip($_POST['id']), 'name' => Typo::cleanX($_POST['name']), 'class' => Typo::cleanX($_POST['class']), 'type' => Typo::strip($_POST['type']), 'value' => Typo::cleanX($_POST[$_POST['type']])); Menus::insert($vars); $data['alertgreen'][] = 'Menu Item Added'; Token::remove($_POST['token']); } break; default: # code... break; } // ADD MENU ITEM END // CHANGE ORDER START if (isset($_POST['changeorder'])) { $submit = true; } else { $submit = false;
if (!Xaptcha::verify($_POST['g-recaptcha-response'])) { $alertred[] = "Your Captcha is not correct."; } } if (!User::is_exist($_POST['userid'])) { $alertred[] = MSG_USER_EXIST; } if (!User::is_same($_POST['pass1'], $_POST['pass1'])) { $alertred[] = MSG_USER_PWD_MISMATCH; } if (!User::is_email($_POST['email'])) { $alertred[] = MSG_USER_EMAIL_EXIST; } if (!isset($alertred)) { $activation = Typo::getToken(60); $vars = array('user' => array('userid' => Typo::cleanX(Typo::strip($_POST['userid'])), 'pass' => User::randpass($_POST['pass1']), 'email' => $_POST['email'], 'group' => '4', 'status' => '0', 'join_date' => date("Y-m-d H:i:s"), 'activation' => $activation), 'user_detail' => array('userid' => Typo::cleanX(Typo::strip($_POST['userid'])))); if (User::create($vars) === true) { $data['alertgreen'][] = REG_ACTIVATE_ACCOUNT; } else { $alertred[] = REG_CANT_CREATE_ACCOUNT; } $vars = array('to' => $_POST['email'], 'to_name' => $_POST['userid'], 'subject' => 'Account Activation Needed at ' . Site::$name, 'message' => ' Hi ' . $_POST['userid'] . ', Thank You for Registering with Us. Please activate your account by clicking this link : ' . Site::$url . '/register.php?activation=' . $activation . ' Sincerely, {$sitename} ', 'mailtype' => 'text'); $mailsend = Mail::send($vars);
public static function avatar($id) { $usr = Db::result(sprintf("SELECT * FROM `user_detail` WHERE `id` = '%d' OR `userid` = '%s' LIMIT 1", Typo::int($id), Typo::cleanX($id))); return $usr[0]->avatar; }
* @link https://github.com/semplon/GeniXCMS * @link http://genixcms.org * @author Puguh Wijayanto (www.metalgenix.com) * @copyright 2014-2015 Puguh Wijayanto * @license http://www.opensource.org/licenses/mit-license.php MIT * */ switch ($_GET['page']) { case 'sitemap': # code... Sitemap::create(); exit; break; default: # code... $page = Typo::cleanX(Typo::strip($_GET['page'])); $data['posts'] = Db::result(sprintf("SELECT * FROM `posts` \n WHERE (`id` = '%d' OR `slug` = '%s')\n AND `type` = 'page'\n AND `status` = '1'\n LIMIT 1", $page, $page)); if (Db::$num_rows > 0) { Theme::theme('header', $data); Theme::theme('page', $data); Theme::footer(); Stats::addViews($page); exit; } else { Control::error('404'); exit; } break; } /* End of file page.control.php */ /* Location: ./inc/lib/Control/Frontend/page.control.php */
$flip = array_flip($_POST); $sql = "SELECT * FROM `options` WHERE `value` = 'on'"; $q = Db::result($sql); foreach ($q as $ob) { if (isset($flip[$ob->name])) { $vars[$ob->name] = 'on'; //echo $ob->name; } else { $vars[$ob->name] = 'off'; //echo $ob->name; } } //print_r($ob); foreach ($_POST as $key => $val) { # code... $vars[$key] = Typo::cleanX($val); } unset($vars['change']); //print_r($vars); Options::update($vars); $data['alertgreen'][] = MSG_SETTINGS_SAVED; } if (isset($_POST['token'])) { Token::remove($_POST['token']); } break; default: # code... //print_r($data); break; }
<?php if (isset($_POST['sendmail'])) { // check token first if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { # code... $alertred[] = TOKEN_NOT_EXIST; } if (isset($alertred)) { $data['alertred'] = $alertred; } else { $subject = Typo::cleanX($_POST['subject']); $msg = $_POST['message']; if ($_POST['type'] == 'text') { # code... $msg = str_replace('<br>', "\r\n\r\n", $msg); $msg = str_replace('</p><p>', "\r\n\r\n", $msg); $msg = str_replace(' ', " ", $msg); $msg = strip_tags($msg); } else { $msg = $msg; } $msg = str_replace('{{sitename}}', Site::$name, $msg); $msg = str_replace('{{siteurl}}', Site::$url, $msg); $msg = str_replace('{{sitemail}}', Site::$email, $msg); if ($_POST['recipient'] == '') { $usr = Db::result("SELECT * FROM `user`"); foreach ($usr as $u) { # code... $msgs = str_replace('{{userid}}', $u->userid, $msg); $vars = array('to' => $u->email, 'to_name' => $u->userid, 'message' => $msgs, 'subject' => $subject, 'msgtype' => $_POST['type']);
//print_r($cat); $data['alertgreen'][] = MSG_CATEGORY_ADDED . " " . $_POST['cat']; } if (isset($_POST['token'])) { Token::remove($_POST['token']); } break; default: # code... break; } switch (isset($_POST['updatecat'])) { case true: # code... // cleanup first $cat = Typo::cleanX($_POST['cat']); if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { // VALIDATE ALL $alertred[] = TOKEN_NOT_EXIST; } if (isset($alertred)) { $data['alertred'] = $alertred; } else { $vars = array('table' => 'cat', 'id' => Typo::int($_POST['id']), 'key' => array('name' => $cat)); $cat = Db::update($vars); $data['alertgreen'][] = MSG_CATEGORY_UPDATED . " " . $_POST['cat']; } if (isset($_POST['token'])) { Token::remove($_POST['token']); } break;