// title
$title = $lng['LNG_REGISTER_TITLE'];
// breadcrumbs
$breadcrumb = gcms::loadtemplate('', '', 'breadcrumb');
$breadcrumbs = array();
// หน้าหลัก
$breadcrumbs['HOME'] = gcms::breadcrumb('icon-home', WEB_URL . '/index.php', $install_modules[$module_list[0]]['menu_tooltip'], $install_modules[$module_list[0]]['menu_text'], $breadcrumb);
// url ของหน้านี้
$breadcrumbs['MODULE'] = gcms::breadcrumb('', gcms::getURL('register'), $lng['LNG_REGISTER_TITLE'], $lng['LNG_REGISTER_TITLE'], $breadcrumb);
if (isset($config['custom_register']) && is_file(ROOT_PATH . $config['custom_register'])) {
// custom register form
include ROOT_PATH . $config['custom_register'];
} else {
// antispam
$register_antispamchar = gcms::rndname(32);
$_SESSION[$register_antispamchar] = gcms::rndname(4);
// แสดงฟอร์ม registerfrm.html
$patt = array('/{BREADCRUMS}/', '/<PHONE>(.*)<\\/PHONE>/isu', '/<IDCARD>(.*)<\\/IDCARD>/isu', '/<INVITE>(.*)<\\/INVITE>/isu', '/{(LNG_[A-Z0-9_]+)}/e', '/{ANTISPAM}/', '/{WEBURL}/', '/{MODAL}/', '/{INVITE}/');
$replace = array();
$replace[] = implode("\n", $breadcrumbs);
$replace[] = empty($config['member_phone']) ? '' : '\\1';
$replace[] = empty($config['member_idcard']) ? '' : '\\1';
$replace[] = empty($config['member_invitation']) ? '' : '\\1';
$replace[] = OLD_PHP ? '$lng[\'$1\']' : 'gcms::getLng';
$replace[] = $register_antispamchar;
$replace[] = WEB_URL;
$replace[] = gcms::getVars($_POST, 'action', '') != 'modal' ? 'false' : 'true';
$replace[] = gcms::getVars($_COOKIE, PREFIX . '_invite', '');
$content = gcms::pregReplace($patt, $replace, gcms::loadtemplate('member', 'member', 'registerfrm'));
}
}
<?php
// widgets/search/index.php
if (defined('MAIN_INIT')) {
$patt = array('/[\\t\\r]/', '/{(LNG_[A-Z0-9_]+)}/e', '/{WEBURL}/', '/{SEARCH}/', '/{ID}/');
$replace = array();
$replace[] = '';
$replace[] = OLD_PHP ? '$lng[\'$1\']' : 'gcms::getLng';
$replace[] = WEB_URL;
$replace[] = preg_replace('/[\\+\\s]+/u', ' ', gcms::getVars($_GET, 'q', ''));
$replace[] = gcms::rndname(10);
$widget = gcms::pregReplace($patt, $replace, file_get_contents(ROOT_PATH . 'widgets/search/search.html'));
}
<?php
// widgets/contact/index.php
if (defined('MAIN_INIT')) {
// antispam
$antispam = gcms::rndname(32);
$_SESSION[$antispam] = gcms::rndname(4);
// contact form
$widget[] = '<form id=contact_frm class=mainform method=post action=index.php>';
$widget[] = '<div class=item><label for=mail_sender>{LNG_EMAIL_SEND} {LNG_TO}</label><span class="g-input icon-email-sent"><select name=mail_reciever id=mail_reciever>';
$emails = array();
$subject = '';
if (!empty($module)) {
foreach (explode(',', $module) as $item) {
if (gcms::validMail($item)) {
$emails = explode(',', $module);
} else {
$subject = $item;
}
}
$_SESSION['emails'] = implode(',', $emails);
}
$widget[] = '<option value=admin>{LNG_ADMIN}</option>';
foreach ($emails as $i => $email) {
$widget[] = '<option value=' . $i . '>' . $email . '</option>';
}
$widget[] = '</select></span></div>';
// sender
$widget[] = '<div class=item><label for=mail_sender>{LNG_EMAIL_SENDER}</label><span class="g-input icon-email"><input type=text name=mail_sender id=mail_sender value="' . (isset($_SESSION['login']['email']) ? $_SESSION['login']['email'] : '') . '"></span></div>';
// subject
$widget[] = '<div class=item><label for=mail_topic>{LNG_EMAIL_SUBJECT}</label><span class="g-input icon-edit"><input type=text name=mail_topic id=mail_topic value="' . $subject . '"></span></div>';
<?php
// widgets/download/index.php
if (defined('MAIN_INIT')) {
$id = gcms::rndname(10);
$widget = array();
$widget[] = '<div id=widget_' . $id . ' class="document-list download"><div class="row listview">';
$sql = "SELECT * FROM `" . DB_DOWNLOAD . "` WHERE `module_id`=(SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='download' LIMIT 1)";
if (!empty($cat)) {
$sql .= ' AND `category_id`=' . (int) $cat;
}
$sql .= " ORDER BY `last_update` DESC LIMIT {$config['download_news_count']}";
$list = $cache->get($sql);
if (!$list) {
$list = $db->customQuery($sql);
$cache->save($sql, $list);
}
// template
$skin = gcms::loadtemplate($module, 'download', 'widgetitem');
$patt = array('/{BG}/', '/{NAME}/', '/{EXT}/', '/{DETAIL}/', '/{DATE}/', '/{ICON}/', '/{ID}/', '/{DOWNLOADS}/');
$bg = 'bg2';
foreach ($list as $item) {
$bg = $bg == 'bg1' ? 'bg2' : 'bg1';
$replace = array();
$replace[] = "{$bg} background" . rand(0, 5);
$replace[] = $item['name'];
$replace[] = $item['ext'];
$replace[] = $item['detail'];
$replace[] = gcms::mktime2date($item['last_update'], 'd M Y');
$replace[] = WEB_URL . '/skin/ext/' . (is_file(ROOT_PATH . "skin/ext/{$item['ext']}.png") ? $item['ext'] : 'file') . '.png';
$replace[] = $item['id'];
<?php
// widgets/rss/index.php
if (defined('MAIN_INIT')) {
$widget = array();
$tab = gcms::rndname(10);
if (preg_match('/([0-9]+)(_([0-9]+))?/', $module, $match)) {
$id = $match[1] == 0 ? '' : $match[1];
$interval = $match[3] == '' ? 30 : $match[3];
} else {
$id = '';
$interval = 30;
}
if (is_array($config['rss_tabs'])) {
$widget[] = '<div class="rss_widget widget widget_bg_color">';
$widget[] = '<div id=rss_tab_' . $tab . ' class=rss_tab></div>';
$widget[] = '<div id=rss_div_' . $tab . ' class=rss_div></div>';
$widget[] = '</div>';
$widget[] = '<script>';
$widget[] = "var rss = new GRSSTab('rss_tab_{$tab}','rss_div_{$tab}', {$interval});";
foreach ($config['rss_tabs'] as $item) {
if ($id == $item[2]) {
$widget[] = "rss.add('{$item['0']}', '{$item['1']}', {rows:{$item['3']},cols:{$item['4']}});";
}
}
$widget[] = 'rss.show(0);';
$widget[] = '</script>';
}
$widget = implode('', $widget);
}
if (gcms::isReferer()) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$email = $db->sql_trim_str($_POST, 'forgot_email');
if ($email == '') {
$ret['input'] = 'forgot_email';
$ret['error'] = 'EMAIL_EMPTY';
} else {
$sql = "SELECT * FROM `" . DB_USER . "` WHERE (`email`='{$email}' OR (`phone1`!='' AND `phone1`='{$email}')) AND `fb`='0' LIMIT 1";
$user = $db->customQuery($sql);
if (sizeof($user) == 1) {
$user = $user[0];
// สุ่มและอัปเดทรหัสผ่านใหม่
$password = gcms::rndname(6);
$save['password'] = md5($password . $user['email']);
$db->edit(DB_USER, $user['id'], $save);
// ส่งเมล์แจ้งสมาชิก
$replace = array();
$replace['/%PASSWORD%/'] = $password;
$replace['/%EMAIL%/'] = $user['email'];
if ($user['activatecode'] != '') {
$replace['/%ID%/'] = $user['activatecode'];
// send mail
$err = gcms::sendMail(1, 'member', $replace, $user['email']);
} else {
// send mail
$err = gcms::sendMail(3, 'member', $replace, $user['email']);
}
$ret['alert'] = rawurlencode(sprintf($lng['FORGOT_SUCCESS'], $user['email']));
$sql = "SELECT C.`id`,C.`topic`,C.`youtube` FROM `" . DB_VIDEO . "` AS C";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`owner`='video' AND M.`id`=C.`module_id` {$where}";
$list = $cache->get($sql);
if (!$list) {
$list = $db->customQuery($sql);
$cache->save($sql, $list);
}
if (empty($cols) && sizeof($list) == 1) {
$youtube = $list[0]['youtube'];
}
}
$widget = array();
if (empty($youtube)) {
$patt = array('/{ID}/', '/{THUMB}/', '/{YOUTUBE}/', '/{TOPIC}/', '/{DESCRIPTION}/', '/{VIEWS}/', '/{COLS}/');
$skin = gcms::loadtemplate('video', 'video', 'listitem');
$a = gcms::rndname(5);
$widget[] = '<div class=video_list id=video_list_' . $a . '><div class="ggrid margin-box">';
foreach ($list as $i => $item) {
$replace = array();
$replace[] = $item['id'];
$replace[] = is_file(DATA_PATH . "video/{$item['youtube']}.jpg") ? DATA_URL . "video/{$item['youtube']}.jpg" : WEB_URL . '/modules/video/img/nopicture.jpg';
$replace[] = $item['youtube'];
$replace[] = $item['topic'];
$replace[] = gcms::getVars($item, 'description', '');
$replace[] = gcms::getVars($item, 'views', '');
$replace[] = $cols;
$widget[] = preg_replace($patt, $replace, $skin);
}
$widget[] = '</div></div>';
$widget[] = '<script>';
$widget[] = "inintVideoList('video_list_{$a}');";
// ลบสมาชิก
$db->query("DELETE FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `id`!=1");
} elseif ($action == 'activate' || $action == 'sendpassword') {
// ส่งอีเมล์ยืนยันสมาชิก อีกครั้ง
$sql = "SELECT `id`,`email`,`activatecode` FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `fb`='0'";
foreach ($db->customQuery($sql) as $item) {
unset($replace);
// สุ่มรหัสผ่านใหม่
$password = gcms::rndname(6);
// ข้อมูลอีเมล์
$replace = array();
$replace['/%PASSWORD%/'] = $password;
$replace['/%EMAIL%/'] = $item['email'];
if ($action == 'activate' || $item['activatecode'] != '') {
// activate หรือ ยังไม่ได้ activate
$save['activatecode'] = $item['activatecode'] == '' ? gcms::rndname(32) : $item['activatecode'];
$replace['/%ID%/'] = $save['activatecode'];
// send mail
$err = gcms::sendMail(1, 'member', $replace, $item['email']);
} else {
// send mail
$err = gcms::sendMail(3, 'member', $replace, $item['email']);
}
if ($err == '') {
// อัปเดทรหัสผ่านใหม่
$save['password'] = md5($password . $item['email']);
// บันทึก
$db->edit(DB_USER, $item['id'], $save);
} else {
echo $err;
}
function writeVar($defines)
{
global $version, $prefix;
foreach (array(ROOT_PATH . 'admin/install/vars.php', ROOT_PATH . 'bin/vars.php') as $_var) {
if (is_file($_var)) {
$fr = file($_var);
foreach ($fr as $value) {
if (preg_match('/^define\\([\'"]([A-Z_]+)[\'"](.*)\\);$/', trim($value), $match)) {
$defines[$match[1]] = $match[0];
}
}
}
}
// update vars.php
unset($defines['ROOT_PATH']);
unset($defines['BASE_PATH']);
unset($defines['WEB_URL']);
unset($defines['DATA_FOLDER']);
unset($defines['DATA_PATH']);
unset($defines['DATA_URL']);
unset($defines['COUNTER_REFRESH_TIME']);
unset($defines['COUNTER_GAP']);
unset($defines['MODULE_RESERVE']);
unset($defines['LANGUAGE']);
unset($defines['SKIN']);
unset($defines['DB_DISTRICT']);
unset($defines['DB_TAMBON']);
unset($defines['DB_ZIPCODE']);
// vars.php
$datas = array();
$datas[] = '<' . '?php';
$datas[] = '// bin/vars.php';
$datas[] = '// โฟลเดอร์สำหรับเก็บไอคอนของสมาชิก';
$datas[] = getVar($defines, 'USERICON_PATH', "DATA_FOLDER.'member/'");
$datas[] = '// นับจาก root ของ server';
$datas[] = getVar($defines, 'USERICON_FULLPATH', "ROOT_PATH.USERICON_PATH");
$datas[] = '// เวอร์ชั่นของ gcms';
$datas[] = 'define(\'VERSION\', \'' . $version . '\');';
unset($defines['VERSION']);
$datas[] = '// ชื่อตัวแปรสำหรับเติมค่าตัวแปรต่างๆ';
$datas[] = '// เช่น session หรือ db';
$datas[] = '// เพื่อให้เป็นตัวแปรเฉพาะของเว็บไซต์เท่านั้น';
unset($defines['PREFIX']);
$datas[] = 'define(\'PREFIX\', \'' . $prefix . '\');';
$datas[] = '// ชื่อตารางฐานข้อมูลพื้นฐานต่างๆ';
$datas[] = '// ตารางสมาชิก';
$datas[] = getVar($defines, 'DB_USER', 'PREFIX.\'_user\'');
$datas[] = '// ตารางเนื้อหา';
$datas[] = getVar($defines, 'DB_MODULES', 'PREFIX.\'_modules\'');
$datas[] = getVar($defines, 'DB_INDEX', 'PREFIX.\'_index\'');
$datas[] = getVar($defines, 'DB_INDEX_DETAIL', 'PREFIX.\'_index_detail\'');
$datas[] = getVar($defines, 'DB_MENUS', 'PREFIX.\'_menus\'');
$datas[] = getVar($defines, 'DB_COMMENT', 'PREFIX.\'_comment\'');
$datas[] = getVar($defines, 'DB_CATEGORY', 'PREFIX.\'_category\'');
$datas[] = getVar($defines, 'DB_BOARD_R', 'PREFIX.\'_board_r\'');
$datas[] = getVar($defines, 'DB_BOARD_Q', 'PREFIX.\'_board_q\'');
$datas[] = '// ตาราง ภาษา';
$datas[] = getVar($defines, 'DB_LANGUAGE', 'PREFIX.\'_language\'');
$datas[] = '// ตาราง Email';
$datas[] = getVar($defines, 'DB_EMAIL_TEMPLATE', 'PREFIX.\'_emailtemplate\'');
$datas[] = '// ตาราง counter';
$datas[] = getVar($defines, 'DB_COUNTER', 'PREFIX.\'_counter\'');
$datas[] = '// ตาราง useronline';
$datas[] = getVar($defines, 'DB_USERONLINE', 'PREFIX.\'_useronline\'');
$datas[] = '// ตำบล อำเภอ จังหวัด';
$datas[] = getVar($defines, 'DB_PROVINCE', 'PREFIX.\'_province\'');
$datas[] = getVar($defines, 'DB_COUNTRY', 'PREFIX.\'_country\'');
$datas[] = '// ค่าคีย์สำหรับการเข้ารหัส';
$datas[] = getVar($defines, 'EN_KEY', gcms::rndname(4, '123456789'));
$datas[] = '// ตารางอื่นๆ';
foreach ($defines as $define) {
$datas[] = $define;
}
$f = @fopen(ROOT_PATH . 'bin/vars.php', 'wb');
if ($f) {
fwrite($f, implode("\n\t", $datas));
fclose($f);
}
return $f;
}
$ret['confirm'] = 'CONFIRM_DOWNLOAD';
} elseif ($action == 'downloading') {
// อัปเดทดาวน์โหลด
$save = array();
$save['last_update'] = $mmktime;
$save['downloads'] = $download['downloads'] + 1;
if ($download['download_id'] == 0) {
$save['module_id'] = $download['module_id'];
$save['document_id'] = $download['id'];
$save['member_id'] = $login['id'];
$db->add(DB_EDOCUMENT_DOWNLOAD, $save);
} else {
$db->edit(DB_EDOCUMENT_DOWNLOAD, $download['download_id'], $save);
}
// URL สำหรับดาวน์โหลด
$fid = gcms::rndname(32);
$_SESSION[$fid]['file'] = $file_path;
$_SESSION[$fid]['size'] = $download['size'];
$_SESSION[$fid]['name'] = "{$download['topic']}.{$download['ext']}";
$_SESSION[$fid]['status'] = $status;
// คืนค่า URL สำหรับดาวน์โหลด
$ret['href'] = rawurlencode(WEB_URL . "/modules/edocument/filedownload.php?id={$fid}");
$ret['downloads'] = $save['downloads'];
}
} elseif ($action == 'delete') {
$download = $db->getRec(DB_EDOCUMENT, $id);
if ($download) {
$db->query("DELETE FROM `" . DB_EDOCUMENT . "` WHERE `id`='{$download['id']}' LIMIT 1");
$db->query("DELETE FROM `" . DB_EDOCUMENT_DOWNLOAD . "` WHERE `document_id`='{$download['id']}'");
// ลบสำเร็จ
$ret['error'] = 'DELETE_SUCCESS';
<?php
// modules/member/fb_login.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// ตรวจสอบ referer
if (gcms::isReferer()) {
// ค่าที่ส่งมา
foreach (explode('&', $_POST['data']) as $item) {
list($k, $v) = explode('=', $item);
${$k} = $v;
}
// สุ่มรหัสผ่านใหม่
$login_password = gcms::rndname(6);
// ตรวจสอบสมาชิกกับ db
$sql = "SELECT `id`,`email`,`icon`,`fb`,`visited` FROM `" . DB_USER . "` WHERE `email`='" . addslashes($email) . "' LIMIT 1";
$save = $db->customQuery($sql);
if (sizeof($save) == 0) {
// ยังไม่เคยลงทะเบียน, ลงทะเบียนใหม่
$save = array();
if (preg_match('/^([0-9]+)[\\/\\-]([0-9]+)[\\/\\-]([0-9]+)$/', $birthday, $match)) {
$save['birthday'] = "{$match['3']}-{$match['1']}-{$match['2']}";
}
$save['id'] = 1 + $db->lastId(DB_USER);
$save['email'] = $email;
$save['icon'] = "{$save['id']}.jpg";
$save['sex'] = $gender == 'male' ? 'm' : 'f';
$save['website'] = str_replace(array('http://', 'https://', 'www.'), '', $link);
$save['password'] = md5($login_password . $save['email']);
$save['fname'] = $first_name;
$save['status'] = 0;
list($displayname, $domain) = explode('@', $save['email']);
$save['displayname'] = $displayname;
$a = 0;
while (true) {
if (!$db->basicSearch(DB_USER, 'displayname', $save['displayname'])) {
break;
} else {
$a++;
$save['displayname'] = $displayname . $a;
}
}
// บันทึกลงฐานข้อมูล
if ($config['user_activate'] > 0 && $config['sendmail'] == 1) {
// ต้อง activate และ สามารถส่งเมล์ได้
$save['activatecode'] = gcms::rndname(32);
// บันทึกลงฐานข้อมูล
$lastid = $db->add(DB_USER, $save);
// แสดงข้อความตอบรับการสมัครสมาชิก
$ret['alert'] = sprintf($lng['NEWREGISTER_ACTIVATE_ALERT'], $save['email']);
// กลับไปหน้าหลักเว็บไซต์
$ret['location'] = $_POST['modal'] != 'true' ? rawurlencode(WEB_URL . '/index.php') : 'close';
} else {
// บันทึกลงฐานข้อมูล
$lastid = $db->add(DB_USER, $save);
// login
$_SESSION['login'] = $save;
$_SESSION['login']['id'] = $lastid;
$_SESSION['login']['password'] = $password;
// แสดงข้อความตอบรับการสมัครสมาชิก
$ret['alert'] = sprintf($lng['NEWREGISTER_NOACTIVATE_ALERT'], $save['email']);