Exemple #1
0
<?php

// modules/document/reply.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer
if (gcms::isReferer()) {
    // ค่าที่ส่งมา
    $email = $db->sql_trim_str($_POST, 'reply_email');
    $password = $db->sql_trim_str($_POST, 'reply_password');
    $detail = gcms::txtClean($_POST['reply_detail']);
    $index_id = gcms::getVars($_POST, 'index_id', 0);
    $module_id = gcms::getVars($_POST, 'module_id', 0);
    // แก้ไขคำตอบ
    $id = gcms::getVars($_POST, 'reply_id', 0);
    if ($id > 0) {
        // แก้ไขคำตอบ อ่านข้อมูลจาก คำตอบ
        $sql = "SELECT R.`member_id`,Q.`id`,Q.`comments`,Q.`can_reply`,R.`module_id`,M.`module`,M.`config`,C.`category_id`";
        $sql .= ",(CASE WHEN ISNULL(U.`id`) THEN R.`email` ELSE (CASE WHEN U.`displayname`='' THEN U.`email` ELSE U.`displayname` END) END) AS `commentator`";
        $sql .= " FROM `" . DB_COMMENT . "` AS R";
        $sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=R.`member_id`";
        $sql .= " INNER JOIN `" . DB_INDEX . "` AS Q ON Q.`id`='{$index_id}'";
        $sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`='{$module_id}'";
        $sql .= " LEFT JOIN `" . DB_CATEGORY . "` AS C ON C.`category_id`=Q.`category_id`";
        $sql .= " WHERE R.`id`='{$id}' AND R.`index_id`='{$index_id}' LIMIT 1";
    } else {
        // ตอบคำถามใหม่ ตรวจสอบคำถาม
        $sql = "SELECT Q.`id`,Q.`comments`,Q.`module_id`,Q.`can_reply`,M.`module`,M.`config`,C.`category_id`";
        $sql .= " FROM `" . DB_INDEX . "` AS Q";
Exemple #2
0
 } else {
     $emails = array();
 }
 if ($_POST['mail_reciever'] == 'admin') {
     $reciever = array();
     $sql = "SELECT `email` FROM `" . DB_USER . "` WHERE `status`='1'";
     foreach ($db->customQuery($sql) as $item) {
         $reciever[] = $item['email'];
     }
     $reciever = implode(',', $reciever);
 } else {
     $reciever = $emails[(int) $_POST['mail_reciever']];
 }
 // ค่าที่ส่งมา
 $topic = htmlspecialchars(trim($_POST['mail_topic']));
 $detail = gcms::txtClean($_POST['mail_detail']);
 $sender = gcms::getVars($_POST, 'mail_sender', '');
 // ตรวจสอบค่าที่ส่งมา
 if ($sender == '') {
     $ret['error'] = 'SENDER_EMPTY';
     $ret['input'] = 'mail_sender';
 } elseif (!gcms::validMail($sender)) {
     $ret['error'] = 'REGISTER_INVALID_EMAIL';
     $ret['input'] = 'mail_sender';
 } elseif ($reciever == '') {
     $ret['error'] = 'ACTION_ERROR';
     $ret['input'] = 'mail_reciever';
 } elseif ($sender == $reciever) {
     $ret['error'] = 'EMAIL_SEND_SELF';
     $ret['input'] = 'mail_sender';
 } elseif ($topic == '') {
Exemple #3
0
<?php

// modules/board/post.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// ตรวจสอบ referer
if (gcms::isReferer()) {
    $ret = array();
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        // ค่าที่ส่งมา
        $save = array();
        $save['topic'] = $db->sql_trim_str($_POST, 'board_topic');
        $save['detail'] = gcms::txtClean($_POST['board_detail']);
        $password = $db->sql_trim_str($_POST, 'board_password');
        $email = $db->sql_trim_str($_POST, 'board_email');
        $category_id = gcms::getVars($_POST, 'board_category', 0);
        $board_id = gcms::getVars($_POST, 'board_id', 0);
        $module_id = gcms::getVars($_POST, 'module_id', 0);
        $picture = gcms::getVars($_FILES, 'board_picture', array('tmp_name' => ''));
        // login
        $login = gcms::getVars($_SESSION, 'login', array('id' => 0, 'status' => -1, 'email' => '', 'password' => ''));
        // อ่านโมดูลและ config
        if ($board_id > 0) {
            // แก้ไขคำถาม อ่านข้อมูลจาก $board_id
            $sql = "SELECT Q.`picture`,Q.`module_id`,Q.`member_id`,M.`module`,C.`category_id`";
            $sql .= ",(CASE WHEN ISNULL(C.`config`) THEN M.`config` ELSE CONCAT(M.`config`,'\n',C.`config`) END) AS `config`";
            $sql .= ",(SELECT COUNT(*) FROM `" . DB_CATEGORY . "` WHERE `module_id`=Q.`module_id`) AS `categories`";
            $sql .= " FROM `" . DB_BOARD_Q . "` AS Q";