/**
*
* @param resource $conn
* @param string $tabla
* @param string $param
* @param string $SQLserverNameBack
* @return array
*/
function insertar($conn, $tabla, $param, $SQLserverName)
{
global $respError;
$existeTabla = existeTabla($conn, $tabla, COMPOROBAR_TABLA);
if ($existeTabla === FALSE) {
// La tabla no existe
$crearTablaDIS = crearTablaDIS($conn, $tabla);
/* El resultado de la creación de la tabla nos da igual ya que si hay algún error de creación
* y el debug está habilitado, se guardará el error en un fichero.*/
}
// La tabla existe
$resultadoInsert = queryInsert($conn, $tabla, $param, $SQLserverName);
/* El resultado del insert nos da igual, ya que si ha sido correcto está todo OK.
* Si el resultado es un error, se almacena la query en un fichero de texto,
* pero no interrumpimos la ejecución del método.*/
return array(__FUNCTION__ . "Result" => array("resultadoOperacion" => $respError->sinErrores()));
}
if ($_POST['judulBerita'] != '' && $_POST['sumber'] != '' && $_POST['link'] != '' && $_POST['isiBerita'] != '') {
$user = $_SESSION['user'][3];
$judulBerita = str_replace('"', "''", $_POST['judulBerita']);
$editor = $_POST['editor'];
$sumber = $_POST['sumber'];
$link = $_POST['link'];
$isiBerita = str_replace('"', "''", nl2br($_POST['isiBerita']));
$date = date("Y-m-d H:i:s");
echo $user . '<br>';
echo $judulBerita . '<br>';
echo $editor . '<br>';
echo $sumber . '<br>';
echo $link . '<br>';
echo $isiBerita . '<br>';
echo $date . '<br>';
$insert_berita = queryInsert('berita_umum (id_user, judul, isi_berita, editor, sumber, link, tanggal_upload)', $user . ',"' . $judulBerita . '","' . $isiBerita . '","' . $editor . '","' . $sumber . '","' . $link . '","' . $date . '"');
$dataBerita = querySelect('*', 'berita_umum ORDER BY id_berita_umum DESC', null, null);
$idberita = $dataBerita[0]['id_berita_umum'];
$targetfile = "../../../View/img/Upload/beritaUmum/";
$allowedExts = array("gif", "jpeg", "jpg", "png", "JPG");
$temp = explode(".", $_FILES["uploadgambarberita"]["name"]);
$extension = end($temp);
if (($_FILES["uploadgambarberita"]["type"] == "image/gif" || $_FILES["uploadgambarberita"]["type"] == "image/jpeg" || $_FILES["uploadgambarberita"]["type"] == "image/jpg" || $_FILES["uploadgambarberita"]["type"] == "image/JPG" || $_FILES["uploadgambarberita"]["type"] == "image/pjpeg" || $_FILES["uploadgambarberita"]["type"] == "image/x-png" || $_FILES["uploadgambarberita"]["type"] == "image/png") && $_FILES["uploadgambarberita"]["size"] < 8000000 && in_array($extension, $allowedExts)) {
if ($_FILES["uploadgambarberita"]["error"] > 0) {
echo "Return Code: " . $_FILES["uploadgambarberita"]["error"] . "<br>";
} else {
$mime = explode("/", $_FILES["uploadgambarberita"]["type"]);
$mime = $mime[1];
$imageName = "BeritaUmum_" . $idberita . "." . $mime;
move_uploaded_file($_FILES["uploadgambarberita"]["tmp_name"], $targetfile . $imageName);
}
echo $password . '<br>';
echo $wilayah . '<br>';
echo $nama_masjid . '<br>';
echo $alamat . '<br>';
echo $email . '<br>';
echo $rt . '<br>';
echo $rw . '<br>';
echo $kecamatan . '<br>';
echo $no_tp . '<br>';
$insert_user = queryInsert('user (username, password, privilege)', '"' . $username . '","' . md5($password) . '",1');
$query = 'SELECT * FROM user WHERE username="******" AND password="******"';
$sql = mysql_query($query);
var_dump($sql);
if ($sql) {
$result = mysql_fetch_assoc($sql);
$insert_masjid = queryInsert('masjid (id_user, id_wilayah, validasi, nama_masjid, alamat, rt, rw, kecamatan, no_telepon,email)', $result['id_user'] . ',' . $wilayah . ',' . $validasi . ',"' . $nama_masjid . '","' . $alamat . '","' . $rt . '","' . $rw . '","' . $kecamatan . '","' . $no_tp . '","' . $email . '"');
$selectMasjid = querySelect('*', 'masjid', 'id_user='******'id_user'], null);
$id_masjid = $selectMasjid[0]['id_masjid'];
var_dump($selectMasjid);
$targetfile = "../../../View/img/Upload/fotoProfil/";
$allowedExts = array("gif", "jpeg", "jpg", "png", "JPG");
$temp = explode(".", $_FILES["uploadfoto"]["name"]);
$extension = end($temp);
if (($_FILES["uploadfoto"]["type"] == "image/gif" || $_FILES["uploadfoto"]["type"] == "image/jpeg" || $_FILES["uploadfoto"]["type"] == "image/jpg" || $_FILES["uploadfoto"]["type"] == "image/JPG" || $_FILES["uploadfoto"]["type"] == "image/pjpeg" || $_FILES["uploadfoto"]["type"] == "image/x-png" || $_FILES["uploadfoto"]["type"] == "image/png") && $_FILES["uploadfoto"]["size"] < 8000000 && in_array($extension, $allowedExts)) {
if ($_FILES["uploadfoto"]["error"] > 0) {
echo "Return Code: " . $_FILES["uploadfoto"]["error"] . "<br>";
} else {
$mime = explode("/", $_FILES["uploadfoto"]["type"]);
$mime = $mime[1];
$imageName = $nama_masjid . $id_masjid . "." . $mime;
move_uploaded_file($_FILES["uploadfoto"]["tmp_name"], $targetfile . $imageName);
$allowedExts = array("gif", "jpeg", "jpg", "png", "JPG");
for ($i = 0; $i < $nFile; $i++) {
$temp = explode(".", $listGaleri[$i]["name"]);
$extension = end($temp);
if (in_array($listGaleri[$i]['type'], array('image/gif', 'image/jpeg', 'image/jpg', 'image/JPG', 'image/pjpeg', 'image/x-png', 'image/png')) && $listGaleri[$i]["size"] < 2048000 && in_array($extension, $allowedExts)) {
if ($listGaleri[$i]["error"] > 0) {
echo "Return Code: " . $listGaleri[$i]["error"] . "<br>";
} else {
$mime = explode("/", $listGaleri[$i]["type"]);
$mime = $mime[1];
$imageName = $nama_masjid . "_" . $id_masjid . "_" . $listGaleri[$i]["name"];
move_uploaded_file($listGaleri[$i]["tmp_name"], $targetfile . $imageName);
}
try {
$finalImg = ImageHandler::getGalleryPicture($imageName);
$insertGallery = queryInsert('galeri (id_masjid, alamat_foto)', $id_masjid . ',"' . $finalImg . '"');
echo "sukses upload";
} catch (Exception $ex) {
echo $ex;
}
}
}
}
$updateFotoGaleri = null;
if (isset($_POST['judulGaleri'])) {
$judulGaleri = $_POST['judulGaleri'];
$idGaleri = $_POST['idGaleri'];
for ($j = 0; $j < count($judulGaleri); $j++) {
$updateFotoGaleri = queryUpdate('galeri', 'judul_foto="' . $judulGaleri[$j] . '"', 'id_foto=' . $idGaleri[$j]);
}
}
<?php
session_start();
require_once '../../connectDB.php';
if ($_GET['judulVideo'] != '' && $_GET['embed'] != '') {
$id_masjid = $_GET['id_masjid'];
$judulVideo = str_replace('"', "''", $_GET['judulVideo']);
$embed = mysql_real_escape_string($_GET['embed']);
$str = explode(" ", $embed);
echo $str[3] . '<br>';
$str2 = explode("/", $str[3]);
echo $str2[4] . '<br>';
$code = str_replace('\\"', '', $str2[4]);
echo $code . '<br>';
$videoImg = "<img src=" . mysql_real_escape_string("https://img.youtube.com/vi/" . $code . "/0.jpg") . ">";
echo $videoImg . '<br>';
$date = date("Y-m-d H:i:s");
echo $id_masjid . '<br>';
echo $judulVideo . '<br>';
echo $date . '<br>';
$insert_video = queryInsert('video_informasi_masjid', '"", ' . $id_masjid . ' , ' . ' "' . $_SESSION['user'][1] . '" ,' . ' "' . $judulVideo . '" ,' . ' "' . $embed . '",' . ' "' . $videoImg . '",' . ' "' . $date . '"');
if ($insert_video) {
header('location:http://localhost/SIMasjid/view/AdminMasjid/tambahVideoMasjid.php?status=true');
}
} else {
header('http://localhost/SIMasjid/view/AdminMasjid/tambahVideoMasjid.php?&status=false');
}
$lastname = testvalues($lastname);
$password = testvalues($password);
$email = testvalues($email);
$user = testvalues($user);
date_default_timezone_set("UTC");
$date = new DateTime('now');
$date = $date->format('Y-m-d H:i:s');
//determines usertype i.e. whether an admin or a user is being signed up
if (isset($_SESSION["usertype"])) {
$usertype = "Admin";
} else {
$usertype = "User";
}
$passEncrypt = hash('ripemd160', $password);
$insertuser = "******";
queryInsert($conn, $insertuser);
//if it is an admin who added the admin, they are returned to the admin page, otherwise the user is returned to the homepage
if (isset($_SESSION["usertype"])) {
header('Location: ../admin.php');
} else {
header('Location: ../index.php');
}
}
//checks to make sure email value is unique
if (isset($_POST['checkemail'])) {
$email = $_POST['email'];
$sql = "select Email from users where Email = '{$email}'";
$rs = query($conn, $sql);
if ($rs->num_rows > 0) {
echo 0;
} else {
$isiBerita = str_replace('"', "''", nl2br($_POST['isiBerita']));
$date = date("Y-m-d H:i:s");
echo $wilayahMasjid . '<br>';
echo $id_masjid . '<br>';
echo $judulBerita . '<br>';
echo $isiBerita . '<br>';
echo $date . '<br>';
$_SESSION['user'][1];
if ($_SESSION['user'][2] == 0) {
$jenis = "Admin Utama";
} else {
$idmsjd = $_SESSION['user'][3];
$nama_masjid = querySelect('*', 'masjid', 'id_user ='******'nama_masjid'];
}
$insert_berita = queryInsert('berita_masjid (id_masjid, jenis_admin, judul, isi_berita, tanggal_upload)', $id_masjid . ',"' . $jenis . '","' . $judulBerita . '","' . $isiBerita . '","' . $date . '"');
$selectMasjid = querySelect('*', 'masjid', 'id_masjid=' . $id_masjid, null);
$nama = $selectMasjid[0]['nama_masjid'];
$dataBerita = querySelect('*', 'berita_masjid ORDER BY id_berita_masjid DESC', null, null);
$idberita = $dataBerita[0]['id_berita_masjid'];
$targetfile = "../../../View/img/Upload/beritaMasjid/";
$allowedExts = array("gif", "jpeg", "jpg", "png", "JPG");
$temp = explode(".", $_FILES["uploadgambarberita"]["name"]);
$extension = end($temp);
if (($_FILES["uploadgambarberita"]["type"] == "image/gif" || $_FILES["uploadgambarberita"]["type"] == "image/jpeg" || $_FILES["uploadgambarberita"]["type"] == "image/jpg" || $_FILES["uploadgambarberita"]["type"] == "image/JPG" || $_FILES["uploadgambarberita"]["type"] == "image/pjpeg" || $_FILES["uploadgambarberita"]["type"] == "image/x-png" || $_FILES["uploadgambarberita"]["type"] == "image/png") && $_FILES["uploadgambarberita"]["size"] < 8000000 && in_array($extension, $allowedExts)) {
if ($_FILES["uploadgambarberita"]["error"] > 0) {
echo "Return Code: " . $_FILES["uploadgambarberita"]["error"] . "<br>";
} else {
$mime = explode("/", $_FILES["uploadgambarberita"]["type"]);
$mime = $mime[1];
$imageName = $nama . "_" . $id_masjid . "_" . $idberita . "." . $mime;
$urlFile = split('http://localhost/SIMasjid/', $temp2);
echo 'url =' . $urlFile[1];
unlink("../../../" . $urlFile[1]);
queryDelete("file", "id_file=" . $listHapusFile[$i]);
}
}
$deleteKegiatanRutin = queryDelete('kegiatan_rutin', 'id_masjid=' . $id_masjid);
if (isset($_POST['kegiatanRutin']) && isset($_POST['hari']) && isset($_POST['jamAwal']) && isset($_POST['jamAkhir'])) {
$kegiatanRutin = $_POST['kegiatanRutin'];
$hari = $_POST['hari'];
$jamAwal = $_POST['jamAwal'];
$jamAkhir = $_POST['jamAkhir'];
for ($i = 0; $i < count($kegiatanRutin); $i++) {
$insertKegiatanRutin = queryInsert('kegiatan_rutin (id_masjid, nama, hari, jam_mulai, jam_selesai)', $id_masjid . ',"' . $kegiatanRutin[$i] . '","' . $hari[$i] . '","' . $jamAwal[$i] . '","' . $jamAkhir[$i] . '"');
}
}
$deleteAngkot = queryDelete('rute_angkot', 'id_masjid=' . $id_masjid);
if (isset($_POST['angkot']) && isset($_POST['jalan'])) {
$angkot = $_POST['angkot'];
$jalan = $_POST['jalan'];
for ($i = 0; $i < count($angkot); $i++) {
$insertAngkot = queryInsert('rute_angkot (id_masjid, nama_jalan, id_angkot)', $id_masjid . ',"' . $jalan[$i] . '",' . $angkot[$i] . '');
}
}
$update_masjid = queryUpdate('masjid', 'id_wilayah=' . $wilayah . ', foto="' . $foto . '", nama_masjid="' . $nama_masjid . '", alamat="' . $alamat . '", rt="' . $rt . '", rw="' . $rw . '", kecamatan="' . $kecamatan . '", no_telepon="' . $no_tp . '", email="' . $email . '", peresmian_bangunan="' . $tanggalPeresmian . '", luas_tanah="' . $luasTanah . '", luas_bangunan="' . $luasBangunan . '", daya_tampung_dalam_masjid="' . $dayaTampungDalam . '", daya_tampung_luar_masjid="' . $dayaTampungLuar . '", deskripsi_masjid="' . $deskripsi . '", keunikan="' . $keunikan . '", latitude="' . $latitude . '", longitude="' . $longitude . '", struktur_organisasi="' . $struktur . '"', 'id_masjid= "' . $id_masjid . '"');
if ($update_masjid) {
header('location:http://localhost/SIMasjid/view/AdminUtama/isiAturDataMasjid.php?ubah=true&id_user='******'&id_masjid=' . $id_masjid . '&status=true');
}
} else {
header('location:http://localhost/SIMasjid/view/AdminUtama/isiAturDataMasjid.php?ubah=true&id_user='******'id_user'] . '&id_masjid=' . $_REQUEST['id_masjid'] . '&status=false');
}
if (isset($_GET['adminutama_tambahvideomusik_submit'])) {
if ($_GET['judulVideoMusik'] != '' && $_GET['embedVideoMusik'] != '') {
$user = $_SESSION['user'][3];
$judulVideoMusik = str_replace('"', "''", $_GET['judulVideoMusik']);
$penyanyi = $_GET['penyanyi'];
$embedVideoMusik = mysql_real_escape_string($_GET['embedVideoMusik']);
$str = explode(" ", $embedVideoMusik);
echo $str[3] . '<br>';
$str2 = explode("/", $str[3]);
echo $str2[4] . '<br>';
$code = str_replace('\\"', '', $str2[4]);
echo $code . '<br>';
$videoImg = "<img src=" . mysql_real_escape_string("https://img.youtube.com/vi/" . $code . "/0.jpg") . ">";
echo $videoImg . '<br>';
$date = date("Y-m-d H:i:s");
echo $user . '<br>';
echo $judulVideoMusik . '<br>';
echo $penyanyi . '<br>';
echo $embedVideoMusik . '<br>';
echo $date . '<br>';
$insert_video = queryInsert('video_musik', '"", ' . ' "' . $user . '",' . ' "' . $judulVideoMusik . '",' . ' "' . $penyanyi . '",' . ' "' . $embedVideoMusik . '" ,' . ' "' . $videoImg . '",' . ' "' . $date . '"');
if ($insert_video) {
header('location:http://localhost/SIMasjid/view/AdminUtama/tambahVideo.php?status=true');
}
echo '<br>';
} else {
header('location:http://localhost/SIMasjid/view/AdminUtama/tambahVideo.php?&status=false');
}
}
}
}
<?php
session_start();
include "../config/connection.php";
include "helperFunctionsDatabase.php";
$username = $_SESSION['username'];
//if the user has a lock on a file it is removed
if (isset($_SESSION['recordlocked'])) {
$id = $_SESSION['recordlocked'];
$changelock = "UPDATE files SET `Lock` = '' WHERE FileID = '{$id}'";
queryInsert($conn, $changelock);
}
//sets LoggedIn value to 0
$logout = "UPDATE users SET LoggedIn = 0 WHERE UserName = '******'";
queryInsert($conn, $logout);
//destroys all the session values and session cookie
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy();
//returns user to homepage
header('Location: ../index.php');
unset($_SESSION['loggedintries']);
$sqlupdate = "UPDATE users SET LoginAttempts = 5 WHERE UserName = '******'";
//resets loginAttempts to 5
$login = "******";
//updates database to say user is logged in
queryInsert($conn, $sqlupdate);
queryInsert($conn, $login);
$_SESSION['usertype'] = $row['UserType'];
//sets session variable for usertype
$_SESSION['username'] = $row['UserName'];
//sets session variable for username
} else {
header('Location: ../index.php');
$attemptsleft = --$_SESSION['loggedintries'];
$sqlupdate = "UPDATE users SET LoginAttempts = {$attemptsleft} WHERE UserName = '******'";
queryInsert($conn, $sqlupdate);
$_SESSION["Login.Error"] = 'Invalid credentials. You have ' . $_SESSION['loggedintries'] . ' log in attempts left';
//redirect back to your login page
}
//used to check usertpye i.e. user or admin
if ($_SESSION['loggedin'] === 1) {
if ($_SESSION['usertype'] === 'User') {
header('Location: ../application.php');
} else {
if ($_SESSION['usertype'] === 'Admin') {
header('Location: ../admin.php');
}
}
}
} catch (Exception $e) {
echo "Message: " . $e->getMessage();
}
}
//updates name for notebook
$sqlupdate = "UPDATE notebooks SET notebookname = '{$name}', shared = {$isshared} WHERE NotebookID = '{$notebookid}'";
query($conn, $sqlupdate);
//removes all current read and write users
$sqldelete = "DELETE FROM users_has_notebooks WHERE NoteBookID = '{$notebookid}'";
query($conn, $sqldelete);
//adds write users
foreach ($userswrite as $user) {
$sqladd = "CALL add_shared_notebook('{$user}', '{$notebookid}', 1)";
queryInsert($conn, $sqladd);
}
//adds read users
foreach ($usersread as $user) {
$sqladd = "CALL add_shared_notebook('{$user}', '{$notebookid}', 0)";
queryInsert($conn, $sqladd);
}
echo "success";
}
//used to remove a lock from a file
if ($_POST['action'] === 'removelock') {
$id = $_SESSION['recordlocked'];
unlockfile($conn, $id);
}
//removes a notebook shared with the user
if ($_POST['action'] === 'removenotebook') {
$id = $_POST['notebookid'];
$sqlremove = "DELETE FROM users_has_notebooks WHERE NoteBookID = '{$id}' AND UserName = '******'";
query($conn, $sqlremove);
}
}
if ($ke == 1) {
$nama_ke = "Admin Utama";
} else {
$masjid = querySelect('*', 'masjid', 'id_user ='******'nama_masjid'];
}
echo $dari . '<br>';
echo $ke . '<br>';
echo $nama_dari . '<br>';
echo $nama_ke . '<br>';
echo $judulPesan . '<br>';
echo $isiPesan . '<br>';
echo $date . '<br>';
$insert_pesan = queryInsert('pesan (id_user, ke, nama_dari, nama_ke, judul, isi_pesan,status, tanggal_upload)', $dari . ',' . $ke . ',"' . $nama_dari . '","' . $nama_ke . '","' . $judulPesan . '","' . $isiPesan . '","' . $inbox . '","' . $date . '"');
$balas_pesan = queryInsert('pesan (id_user, ke, nama_dari, nama_ke, judul, isi_pesan,status , tanggal_upload)', $dari . ',' . $ke . ',"' . $nama_dari . '","' . $nama_ke . '","' . $judulPesan . '","' . $isiPesan . '","' . $sent . '","' . $date . '"');
$dataPesan = querySelect('*', 'pesan', 'id_user='******' ORDER BY id_pesan DESC', null);
$id_pesan = $dataPesan[0]['id_pesan'];
if (isset($_FILES['uploadfile'])) {
$files = $_FILES['uploadfile'];
$nFile = count($files['name']);
$targetDir = '../../../View/img/Upload/filePesan/';
$temp = explode('.', $files['name']);
$mime = end($temp);
if (in_array($mime, array('pdf', 'zip')) && ($files['size'] >= 30000 && $files['size'] <= 8000000)) {
$fileNameOri = $files['name'];
$fileName = "FilePesan_" . $nama_dari . "_" . $dari . "_" . $id_pesan . "." . $mime;
$finalFile = 'http://localhost/SIMasjid/View/img/Upload/filePesan/' . $fileName;
if (move_uploaded_file($files['tmp_name'], $targetDir . $fileName)) {
echo 'sukses upload ' . $fileName;
} else {
