<?php include './../../../config.php'; include './../../../lib.php'; if (!b_antisqlinjection($_GET['id_kelompok'])) { die; } if (!empty($_GET['nomor_id'])) { $csql = "select * from kegiatan where id_kelompok=" . $_GET['nid']; if ($nresult = gcms_query($csql)) { $row = gcms_fetch_object($nresult); ?> document.getElementById('nid').value="<?php echo $row->id_kelompok; ?> "; <?php } } else { ?> document.getElementById('nid').value=''; <?php }
/** * Login * * @param string $cuser * @param string $cuser * @param boolean $bcookies * * @return boolean * */ function b_login($cuser, $cpass) { $breturn = false; if (b_antisqlinjection($cuser) and b_antisqlinjection($cpass)) { /* if(b_cookies_check()) $csql='select nid from '.PREFIX .'users where cuser=\''.base64_decode($_COOKIE['b']).'\' and cpass=\''.md5(base64_decode($_COOKIE['a'])).'\''; else */ $csql = 'select nid from ' . PREFIX . 'users where cuser=\'' . $cuser . '\' and cpass=\'' . md5($cpass) . '\''; $nid = b_fetch($csql); if (trim($nid) != '') { if (isset($_SESSION['nid_login'])) { unset($_SESSION['nid_login']); } $_SESSION['nid_login'] = $nid; $csql = "insert into " . PREFIX . "history (nid_users, dlogin, cip) " . "values ('{$nid}', " . gcms_now() . ", '" . $_SERVER["REMOTE_ADDR"] . "')"; gcms_query($csql); $breturn = true; } // if(REMEMBER) b_cookies_create(); } return $breturn; }
<?php //experiment ob_start("ob_gzhandler"); session_start(); session_regenerate_id(); include "./../config.php"; include "./../lib.php"; b_startup(); if (!b_antisqlinjection($_REQUEST['csub'])) { die; } include 'header-admin.php'; if (!b_logged()) { include 'login.php'; } else { include 'menu.php'; if ($_REQUEST['cact'] == 0) { include 'dashboard.php'; } else { if ($bdash) { include 'extension.php'; } else { if (isset($cpath)) { ?> <div class="judul"><?php echo $ainfo['name']; ?> </div> <?php $ainfo = b_readinit(str_replace(".php", ".init.php", $cpath));
/** * Mendapatkan title berdasarkan menu yang dipilih * * @param string $cpage * @return unknown */ function menu_get_title($cpage) { if (b_antisqlinjection($cpage) and $cpage != "") { if (b_admin(b_getuserlogin())) { $csql = "select * from " . PREFIX . "frontmenus where nid='" . $cpage . "'"; } else { $csql = "select a.* from " . PREFIX . "frontmenus as a\r\n\t\t left join " . PREFIX . "grantedfrontmenus as b on a.nid=b.nid_frontmenus\r\n\t\t where a.nid='" . $cpage . "' and \r\n\t\t (b.nid_users='" . b_getuserlogin() . "' or a.bsecure=0)"; } $nresult = gcms_query($csql); $opage = gcms_fetch_object($nresult); $csql = "select cgroup from " . PREFIX . "groupfrontmenus where nid='" . $opage->nid_groupfrontmenus . "'"; $creturn = b_fetch($csql) . " - " . $opage->cmenu; return $creturn; } }
} /* ubah id data yang dihapus ke dalam bentuk array */ ${$daftar . '_deleted'} = array(); $ds = explode(",", $_REQUEST[$daftar . '_deleted']); foreach ($ds as $d) { if ($d) { ${$daftar . '_deleted'}[] = $d; } } } } /* pada awalnya, untuk konek ke ekstensi disini, yaitu melalui 'page' yang akan menuju ke fungsi terkait di ekstensi * ke depan perlu mekanisme baru yang memungkinkan suatu ekstensi diakses tanpa lewat menu seperti terjadi di request data, * buka pilihan dari modul lain, dll * * --------------- PERLU DIPIKIRKAN DAN DIBENAHI LAGI ------------------ */ /* perlu reverse untuk pemanggilan menggunakan nama modul dan fungsi - backward compatibility */ if (!$_REQUEST['page'] && $_REQUEST['mod'] && $_REQUEST['func']) { if (b_antisqlinjection($_REQUEST['mod']) && b_antisqlinjection($_REQUEST['func'])) { $func = $_REQUEST['func']; $csql = "select * from g_frontmenus where cfunction = '" . $func . "'"; $page = gcms_fetch_object(gcms_query($csql))->nid; if (!$page) { $func = "m_" . $_REQUEST['mod'] . "_" . $_REQUEST['func']; $csql = "select * from g_frontmenus where cfunction = '" . $func . "'"; $page = gcms_fetch_object(gcms_query($csql))->nid; } $_REQUEST['page'] = $page; } }