} else { $error = true; } } } if ($error) { $ret['ret_email_copy_to'] = 'REGISTER_INVALID_EMAIL'; $input = !$error ? 'email_copy_to' : $input; $error = !$error ? 'REGISTER_INVALID_EMAIL' : $error; } else { $save['copy_to'] = implode(',', $emails); $ret['ret_email_copy_to'] = ''; } } // from_email if ($save['from_email'] != '' && !gcms::validMail($save['from_email'])) { $ret['ret_email_from_email'] = 'REGISTER_INVALID_EMAIL'; $input = !$error ? 'email_from_email' : $input; $error = !$error ? 'REGISTER_INVALID_EMAIL' : $error; } else { $ret['ret_email_from_email'] = ''; } // subject if ($save['subject'] == '') { $ret['ret_email_subject'] = 'TOPIC_EMPTY'; $input = !$error ? 'email_subject' : $input; $error = !$error ? 'TOPIC_EMPTY' : $error; } else { $ret['ret_email_subject'] = ''; } }
<?php // widgets/contact/index.php if (defined('MAIN_INIT')) { // antispam $antispam = gcms::rndname(32); $_SESSION[$antispam] = gcms::rndname(4); // contact form $widget[] = '<form id=contact_frm class=mainform method=post action=index.php>'; $widget[] = '<div class=item><label for=mail_sender>{LNG_EMAIL_SEND} {LNG_TO}</label><span class="g-input icon-email-sent"><select name=mail_reciever id=mail_reciever>'; $emails = array(); $subject = ''; if (!empty($module)) { foreach (explode(',', $module) as $item) { if (gcms::validMail($item)) { $emails = explode(',', $module); } else { $subject = $item; } } $_SESSION['emails'] = implode(',', $emails); } $widget[] = '<option value=admin>{LNG_ADMIN}</option>'; foreach ($emails as $i => $email) { $widget[] = '<option value=' . $i . '>' . $email . '</option>'; } $widget[] = '</select></span></div>'; // sender $widget[] = '<div class=item><label for=mail_sender>{LNG_EMAIL_SENDER}</label><span class="g-input icon-email"><input type=text name=mail_sender id=mail_sender value="' . (isset($_SESSION['login']['email']) ? $_SESSION['login']['email'] : '') . '"></span></div>'; // subject $widget[] = '<div class=item><label for=mail_topic>{LNG_EMAIL_SUBJECT}</label><span class="g-input icon-edit"><input type=text name=mail_topic id=mail_topic value="' . $subject . '"></span></div>';
foreach ($db->customQuery($sql) as $item) { $reciever[] = $item['email']; } $reciever = implode(',', $reciever); } else { $reciever = $emails[(int) $_POST['mail_reciever']]; } // ค่าที่ส่งมา $topic = htmlspecialchars(trim($_POST['mail_topic'])); $detail = gcms::txtClean($_POST['mail_detail']); $sender = gcms::getVars($_POST, 'mail_sender', ''); // ตรวจสอบค่าที่ส่งมา if ($sender == '') { $ret['error'] = 'SENDER_EMPTY'; $ret['input'] = 'mail_sender'; } elseif (!gcms::validMail($sender)) { $ret['error'] = 'REGISTER_INVALID_EMAIL'; $ret['input'] = 'mail_sender'; } elseif ($reciever == '') { $ret['error'] = 'ACTION_ERROR'; $ret['input'] = 'mail_reciever'; } elseif ($sender == $reciever) { $ret['error'] = 'EMAIL_SEND_SELF'; $ret['input'] = 'mail_sender'; } elseif ($topic == '') { $ret['error'] = 'TOPIC_EMPTY'; $ret['input'] = 'mail_topic'; } elseif ($detail == '') { $ret['error'] = 'DETAIL_EMPTY'; } elseif ($_POST['mail_antispam'] != $_SESSION[$_POST['antispam']]) { $ret['ret_mail_antispam'] = 'this';
<?php if (INSTALL_INIT == 'install') { if (isset($_POST['email'])) { $_SESSION['password'] = trim($_POST['password']); $_SESSION['email'] = trim($_POST['email']); } if (empty($_SESSION['email'])) { $error = 'กรุณากรอก ที่อยู่อีเมล์'; } elseif (!gcms::validMail($_SESSION['email'])) { $error = 'ที่อยู่อีเมล์ ไม่ถูกต้อง'; } elseif (empty($_SESSION['password'])) { $error = 'กรุณากรอก รหัสผ่าน'; } elseif (!preg_match('/^[A-Za-z0-9]{4,}$/u', $_SESSION['password'])) { $error = 'รหัสผ่าน ภาษาอังกฤษและตัวเลข ไม่น้อยกว่า 4 หลัก'; } $prefix = isset($_SESSION['prefix']) ? $_SESSION['prefix'] : 'gcms'; if (!empty($error)) { include ROOT_PATH . 'admin/install/install3.php'; } else { $db_weburl = empty($_SESSION['db_weburl']) ? WEB_URL : $_SESSION['db_weburl']; $hostname = empty($_SESSION['hostname']) ? str_replace(array('http://', 'www.'), '', WEB_URL) : $_SESSION['hostname']; $db_username = empty($_SESSION['db_username']) ? $config['db_username'] : $_SESSION['db_username']; $db_password = empty($_SESSION['db_password']) ? $config['db_password'] : $_SESSION['db_password']; $db_server = empty($_SESSION['db_server']) ? $config['db_server'] : $_SESSION['db_server']; $db_name = empty($_SESSION['db_name']) ? $config['db_name'] : $_SESSION['db_name']; $reply = empty($_SESSION['reply']) ? "no-reply@{$baseurl}" : $_SESSION['reply']; echo '<h2>ค่ากำหนดของฐานข้อมูล</h2>'; echo '<form method=post action=index.php autocomplete=off>'; echo '<p>ระบุที่อยู่โดเมนที่ถูกต้องของเว็บไซต์</p>'; echo '<p class=row><label for=db_weburl>ที่อยู่โดเมน</label><input type=text size=50 id=db_weburl name=db_weburl value="' . $db_weburl . '"> <a href="http://gcms.in.th/index.php?module=howto&id=72" target=_blank><img src="' . WEB_URL . '/admin/install/img/help.png" alt=help></a></p>';
<?php // admin/checkemail.php header("content-type: text/html; charset=UTF-8"); // inint include '../bin/inint.php'; // referer if (gcms::isReferer()) { $id = gcms::getVars($_POST, 'id', 0); $value = $db->sql_trim_str($_POST, 'value'); // email if ($value == '') { echo 'EMAIL_EMPTY'; } elseif (!gcms::validMail($value)) { echo 'REGISTER_INVALID_EMAIL'; } else { // ตรวจสอบอีเมล์ซ้ำ $sql = "SELECT `id` FROM `" . DB_USER . "` WHERE `email`='" . addslashes($value) . "' AND `fb`='0' LIMIT 1"; $search = $db->customQuery($sql); if (sizeof($search) == 1 && ($id == 0 || $id != $search[0]['id'])) { echo 'EMAIL_EXISTS'; } } }
} else { // ชื่อสมาชิกใช้งานได้ $sender = empty($user['displayname']) ? $user['email'] : $user['displayname']; $post['member_id'] = $user['id']; $post['email'] = $user['email']; } } elseif ($guest) { // ตรวจสอบอีเมล์ซ้ำกับสมาชิก สำหรับบุคคลทั่วไป $sql = "SELECT `id` FROM `" . DB_USER . "` WHERE `email`='{$email}' LIMIT 1"; $user2 = $db->customQuery($sql); if (sizeof($user2) > 0) { // ต้องการรหัสผ่าน $ret['error'] = 'PASSWORD_EMPTY'; $ret['input'] = 'reply_password'; $ret['ret_reply_email'] = 'PASSWORD_EMPTY'; } elseif (!gcms::validMail($email)) { // อีเมล์ที่กรอกไม่ถูกต้อง $ret['error'] = 'REGISTER_INVALID_EMAIL'; $ret['input'] = 'reply_email'; $ret['ret_reply_email'] = 'REGISTER_INVALID_EMAIL'; } else { // ผู้มาเยือน $sender = $email; $post['member_id'] = 0; $post['email'] = $email; } } else { $ret['error'] = 'MEMBER_ONLY'; } } elseif (!($index['member_id'] == $login['id'] || $moderator)) { // แก้ไขความคิดเห็น ตรวจสอบ เจ้าของหรือผู้ดูแล
} // numeric $keys = array('hour', 'counter_digit', 'member_phone', 'member_idcard'); foreach ($keys as $key) { if (isset($_POST[$key])) { $config[$key] = (int) $_POST[$key]; } } // noreply_email if (isset($_POST['noreply_email'])) { $config['noreply_email'] = $db->sql_trim($_POST, 'noreply_email'); if (empty($config['noreply_email'])) { $ret['ret_noreply_email'] = 'DO_NOT_EMPTY'; $error = !$error ? 'DO_NOT_EMPTY' : $error; $input = !$input ? 'noreply_email' : $input; } elseif (!gcms::validMail($config['noreply_email'])) { $ret['ret_noreply_email'] = 'REGISTER_INVALID_EMAIL'; $error = !$error ? 'REGISTER_INVALID_EMAIL' : $error; $input = !$input ? 'noreply_email' : $input; } else { $ret['ret_noreply_email'] = ''; } } // email_charset if (isset($_POST['email_charset'])) { $config['email_charset'] = strtolower(trim($_POST['email_charset'])); $config['email_charset'] = empty($config['email_charset']) ? 'tis-620' : $config['email_charset']; $ret['email_charset'] = $config['email_charset']; } // email_Port if (isset($_POST['email_Port'])) {
$to = $db->sql_trim_str($_POST, 'mail_to'); if (!preg_match('/[0-9,]{1,}/', $to)) { $ret['error'] = 'EMAIL_RECIEVER_NOT_FOUND'; } else { // อีเมล์ของผู้รับ $emails = array(); // อ่านและตรวจสอบอีเมล์ของผู้รับ $sql = "SELECT `email` FROM `" . DB_USER . "` WHERE `id` IN ({$to})"; foreach ($db->customQuery($sql) as $item) { $emails[] = $item['email']; } // ตรวจสอบค่าที่ส่งมา if (empty($sender['email'])) { $ret['error'] = 'SENDER_EMPTY'; $ret['input'] = 'mail_sender'; } elseif (!gcms::validMail($sender['email'])) { $ret['error'] = 'REGISTER_INVALID_EMAIL'; $ret['input'] = 'mail_sender'; } elseif (sizeof($emails) == 0) { $ret['error'] = 'EMAIL_RECIEVER_NOT_FOUND'; } elseif ($topic == '') { $ret['error'] = 'TOPIC_EMPTY'; $ret['input'] = 'mail_topic'; } elseif ($detail == '') { $ret['error'] = 'DETAIL_EMPTY'; } elseif ($_POST['mail_antispam'] != $_SESSION[$_POST['antispam']]) { $ret['ret_mail_antispam'] = 'this'; $ret['input'] = 'mail_antispam'; } else { // ส่งอีเมล์ $error = gcms::customMail(implode(',', $emails), "{$sender['email']}<{$sender['displayname']}>", $topic, $detail);
// ค่าที่ส่งมา $password = $db->sql_trim_str($_POST, 'register_password'); $repassword = $db->sql_trim_str($_POST, 'register_repassword'); $save['email'] = $db->sql_trim_str($_POST, 'register_email'); $save['phone1'] = $db->sql_trim_str($_POST, 'register_phone'); $save['idcard'] = $db->sql_trim_str($_POST, 'register_idcard'); // ตรวจสอบข้อมูลที่กรอก $error = false; $input = false; if (isset($_POST['register_accept'])) { // email if ($save['email'] == '') { $ret['ret_register_email'] = 'EMAIL_EMPTY'; $input = !$input ? 'register_email' : $input; $error = !$error ? 'EMAIL_EMPTY' : $error; } elseif (!gcms::validMail($save['email'])) { $ret['ret_register_email'] = 'REGISTER_INVALID_EMAIL'; $input = !$input ? 'register_email' : $input; $error = !$error ? 'REGISTER_INVALID_EMAIL' : $error; } else { // ตรวจสอบ email ซ้ำ $sql = "SELECT `id` FROM `" . DB_USER . "` WHERE `email`='{$save['email']}' AND `fb`='0' LIMIT 1"; $search = $db->customQuery($sql); if (sizeof($search) == 1) { $ret['ret_register_email'] = 'EMAIL_EXISTS'; $input = !$input ? 'register_email' : $input; $error = !$error ? 'EMAIL_EXISTS' : $error; } else { $ret['ret_register_email'] = ''; } }