<?php
// admin/mailto.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ สมาชิก
if (gcms::isReferer() && gcms::isMember()) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$topic = htmlspecialchars(trim($_POST['email_subject']));
$detail = gcms::ckClean($_POST['email_detail']);
$reciever = htmlspecialchars(trim($_POST['email_reciever']));
if (gcms::isAdmin()) {
$sender = $db->getRec(DB_USER, $_POST['email_from']);
} else {
$sender = $_SESSION['login'];
}
// ตรวจสอบค่าที่ส่งมา
if ($sender['email'] == '') {
$ret['error'] = 'ACTION_ERROR';
} elseif ($reciever == '') {
$ret['error'] = 'RECIEVER_EMPTY';
$ret['input'] = 'email_reciever';
} elseif ($sender == $reciever) {
$ret['error'] = 'ACTION_ERROR';
} elseif ($topic == '') {
$ret['error'] = 'TOPIC_EMPTY';
<?php
// modules/edocument/write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer
if (gcms::isReferer() && gcms::isMember()) {
// ค่าที่ส่งมา
$save['document_no'] = $db->sql_trim_str($_POST, 'edocument_no');
$save['topic'] = $db->sql_trim_str($_POST, 'edocument_topic');
$save['detail'] = gcms::ckClean($_POST['edocument_detail']);
if (isset($_POST['edocument_reciever'])) {
$save['reciever'] = implode(',', $_POST['edocument_reciever']);
}
$id = gcms::getVars($_POST, 'write_id', 0);
$file = $_FILES['edocument_file'];
// ตรวจสอบค่าที่ส่งมา
$error = false;
$input = false;
if ($id > 0) {
// แก้ไข
$sql = "SELECT D.*,M.`module`";
$sql .= " FROM `" . DB_EDOCUMENT . "` AS D";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=D.`module_id`";
$sql .= " WHERE D.`id`='{$id}' AND M.`owner`='edocument' LIMIT 1";
} else {
// ใหม่
$sql = "SELECT M.`module`,M.`id` AS `module_id`";
$sql .= ",(SELECT MAX(`id`) FROM `" . DB_EDOCUMENT . "` WHERE `module_id`=M.`id`) AS `id`";
