<?php
// modules/document/reply.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer
if (gcms::isReferer()) {
// ค่าที่ส่งมา
$email = $db->sql_trim_str($_POST, 'reply_email');
$password = $db->sql_trim_str($_POST, 'reply_password');
$detail = gcms::txtClean($_POST['reply_detail']);
$index_id = gcms::getVars($_POST, 'index_id', 0);
$module_id = gcms::getVars($_POST, 'module_id', 0);
// แก้ไขคำตอบ
$id = gcms::getVars($_POST, 'reply_id', 0);
if ($id > 0) {
// แก้ไขคำตอบ อ่านข้อมูลจาก คำตอบ
$sql = "SELECT R.`member_id`,Q.`id`,Q.`comments`,Q.`can_reply`,R.`module_id`,M.`module`,M.`config`,C.`category_id`";
$sql .= ",(CASE WHEN ISNULL(U.`id`) THEN R.`email` ELSE (CASE WHEN U.`displayname`='' THEN U.`email` ELSE U.`displayname` END) END) AS `commentator`";
$sql .= " FROM `" . DB_COMMENT . "` AS R";
$sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=R.`member_id`";
$sql .= " INNER JOIN `" . DB_INDEX . "` AS Q ON Q.`id`='{$index_id}'";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`='{$module_id}'";
$sql .= " LEFT JOIN `" . DB_CATEGORY . "` AS C ON C.`category_id`=Q.`category_id`";
$sql .= " WHERE R.`id`='{$id}' AND R.`index_id`='{$index_id}' LIMIT 1";
} else {
// ตอบคำถามใหม่ ตรวจสอบคำถาม
$sql = "SELECT Q.`id`,Q.`comments`,Q.`module_id`,Q.`can_reply`,M.`module`,M.`config`,C.`category_id`";
$sql .= " FROM `" . DB_INDEX . "` AS Q";
} else {
$emails = array();
}
if ($_POST['mail_reciever'] == 'admin') {
$reciever = array();
$sql = "SELECT `email` FROM `" . DB_USER . "` WHERE `status`='1'";
foreach ($db->customQuery($sql) as $item) {
$reciever[] = $item['email'];
}
$reciever = implode(',', $reciever);
} else {
$reciever = $emails[(int) $_POST['mail_reciever']];
}
// ค่าที่ส่งมา
$topic = htmlspecialchars(trim($_POST['mail_topic']));
$detail = gcms::txtClean($_POST['mail_detail']);
$sender = gcms::getVars($_POST, 'mail_sender', '');
// ตรวจสอบค่าที่ส่งมา
if ($sender == '') {
$ret['error'] = 'SENDER_EMPTY';
$ret['input'] = 'mail_sender';
} elseif (!gcms::validMail($sender)) {
$ret['error'] = 'REGISTER_INVALID_EMAIL';
$ret['input'] = 'mail_sender';
} elseif ($reciever == '') {
$ret['error'] = 'ACTION_ERROR';
$ret['input'] = 'mail_reciever';
} elseif ($sender == $reciever) {
$ret['error'] = 'EMAIL_SEND_SELF';
$ret['input'] = 'mail_sender';
} elseif ($topic == '') {
<?php
// modules/board/post.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// ตรวจสอบ referer
if (gcms::isReferer()) {
$ret = array();
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$save = array();
$save['topic'] = $db->sql_trim_str($_POST, 'board_topic');
$save['detail'] = gcms::txtClean($_POST['board_detail']);
$password = $db->sql_trim_str($_POST, 'board_password');
$email = $db->sql_trim_str($_POST, 'board_email');
$category_id = gcms::getVars($_POST, 'board_category', 0);
$board_id = gcms::getVars($_POST, 'board_id', 0);
$module_id = gcms::getVars($_POST, 'module_id', 0);
$picture = gcms::getVars($_FILES, 'board_picture', array('tmp_name' => ''));
// login
$login = gcms::getVars($_SESSION, 'login', array('id' => 0, 'status' => -1, 'email' => '', 'password' => ''));
// อ่านโมดูลและ config
if ($board_id > 0) {
// แก้ไขคำถาม อ่านข้อมูลจาก $board_id
$sql = "SELECT Q.`picture`,Q.`module_id`,Q.`member_id`,M.`module`,C.`category_id`";
$sql .= ",(CASE WHEN ISNULL(C.`config`) THEN M.`config` ELSE CONCAT(M.`config`,'\n',C.`config`) END) AS `config`";
$sql .= ",(SELECT COUNT(*) FROM `" . DB_CATEGORY . "` WHERE `module_id`=Q.`module_id`) AS `categories`";
$sql .= " FROM `" . DB_BOARD_Q . "` AS Q";