$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_tag', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'tag' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
if (empty($_POST['tag'])) {
header('location:../../404.php');
} else {
$post = $val->validasi($_POST['tag'], 'xss');
$pecah = explode(",", $post);
$total = count($pecah);
$table = new PoTable('tag');
for ($i = 0; $i < $total; $i++) {
$tag_title = $pecah[$i];
$tag_seo = seo_title($tag_title);
$table->save(array('tag_title' => $tag_title, 'tag_seo' => $tag_seo));
}
header('location:../../admin.php?mod=' . $mod);
}
} else {
header('location:../../404.php');
}
}
}
} elseif ($mod == 'siswa' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$siswa = $val->validasi($_POST['siswa'], 'xss');
$table = new PoTable('siswa');
$nis = $_POST['nis'];
$nama_siswa = $_POST['nama'];
$jk = $_POST['jk'];
$alamat = $_POST['alamat'];
$idk = $_POST['idk'];
$tlp = $_POST['tlp'];
$ayah = $_POST['ayah'];
$p_ayah = $_POST['p_ayah'];
$ibu = $_POST['ibu'];
$p_ibu = $_POST['p_ibu'];
$pass = $_POST['pass'];
$table->save(array('id_siswa' => '', 'nis' => $nis, 'nama' => $nama_siswa, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'tlp' => $tlp, 'ayah' => $ayah, 'p_ayah' => $p_ayah, 'ibu' => $ibu, 'p_ibu' => $p_ibu, 'pass' => $pass));
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'siswa' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id_siswa'], 'sql');
$nis = $_POST['nis'];
$nama_siswa = $_POST['nama'];
$jk = $_POST['jk'];
$alamat = $_POST['alamat'];
$idk = $_POST['idk'];
$tlp = $_POST['tlp'];
$ayah = $_POST['ayah'];
$p_ayah = $_POST['p_ayah'];
$website_url = $currentSet->website_url;
$meta_description = $currentSet->meta_description;
$meta_keyword = $currentSet->meta_keyword;
$favicon = $currentSet->favicon;
$mode_maintenance = $currentSet->website_maintenance;
$website_cache = $currentSet->website_cache;
$website_cache_time = $currentSet->website_cache_time;
$member_register = $currentSet->member_register;
$ipstat = $_SERVER['REMOTE_ADDR'];
$tanggalstat = date("Ymd");
$waktustat = time();
$tablestat = new PoTable('traffic');
$totalstat = $tablestat->numRowByAnd(ip, $ipstat, tanggal, $tanggalstat);
if ($totalstat == 0) {
$tablestatp = new PoTable('traffic');
$tablestatp->save(array('ip' => $ipstat, 'tanggal' => $tanggalstat, 'hits' => 1, 'online' => $waktustat));
} else {
$tablestatp2 = new PoTable('traffic');
$statpro = $tablestatp2->findByAnd(ip, $ipstat, tanggal, $tanggalstat);
$statpro = $statpro->current();
$hitspro = $statpro->hits;
$hitspro = $hitspro + 1;
$datastat = array('hits' => $hitspro, 'online' => $waktustat);
$tablestat2 = new PoTable('traffic');
$tablestat2->updateByAnd('ip', $ipstat, 'tanggal', $tanggalstat, $datastat);
}
/*--- hapus baris ini dan ubah urlnya jika web Anda sudah di hosting
function facebook_shares($url){
$fql = "SELECT url, normalized_url, share_count, like_count, comment_count, ";
$fql .= "total_count, commentsbox_count, comments_fbid, click_count FROM ";
$fql .= "link_stat WHERE url = '".$url."'";
@unlink($_FILES['file']['tmp_name']);
} else {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
} else {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
}
} else {
// Open temp file
$out = fopen($targetDir . DIRECTORY_SEPARATOR . $fileName, $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = fopen("php://input", "rb");
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
$table = new PoTable('media');
$table->save(array('file_name' => $fileName, 'file_type' => $fileType, 'file_size' => $fileSize, 'date' => $tgl_sekarang));
} else {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
fclose($in);
fclose($out);
} else {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
}
// Return JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
}
$seotitle = $val->validasi($_POST['seotitle'], 'xss');
$name = $val->validasi($_POST['name'], 'xss');
$email = $val->validasi($_POST['email'], 'xss');
$url = $val->validasi($_POST['url'], 'xss');
$comment = $val->validasi($_POST['comment'], 'xss');
$split_text = explode(" ", $comment);
$split_count = count($split_text);
$max = 57;
for ($i = 0; $i <= $split_count; $i++) {
if (strlen($split_text[$i]) >= $max) {
for ($j = 0; $j <= strlen($split_text[$i]); $j++) {
$char[$j] = substr($split_text[$i], $j, 1);
if ($j % $max == 0 && $j != 0) {
$v_text .= $char[$j] . ' ';
} else {
$v_text .= $char[$j];
}
}
} else {
$v_text .= " " . $split_text[$i] . " ";
}
}
$table = new PoTable('comment');
$table->save(array('id_post' => $id, 'name' => $name, 'email' => $email, 'url' => $url, 'comment' => $v_text, 'date' => $tgl_sekarang, 'time' => $jam_sekarang));
unset($_POST);
echo "<script language='javascript'>\r\n window.alert('Terima kasih atas komentar yang Anda berikan \n Komentar Anda akan diperiksa terlebih dahulu sebelum di tampilkan')\r\n window.location.href='detailpost/{$seotitle}';\r\n </script>";
}
/* }else{
header("location:404.php");
}*/
//}
}
file_put_contents($dirpath . "/proses.php", $dumpingproses21, FILE_APPEND | LOCK_EX);
}
$dumpingproseslast = <<<EOS
}
?>
EOS;
file_put_contents($dirpath . "/proses.php", $dumpingproseslast, FILE_APPEND | LOCK_EX);
echo "<li class='list-group-item'>- WRITE CODE INTO `proses.php`</li>";
// Registration new component to component list
$regcomponent = "po-" . $compo_name;
$tablereg = new PoTable('component');
$currentReg = $tablereg->findByAnd(component, $regcomponent, table_name, $compo_table);
$currentReg = $currentReg->current();
if ($currentReg == "0") {
$tablereg->save(array('component' => $regcomponent, 'table_name' => $compo_table, 'date' => $tgl_sekarang));
}
// Finish all step
echo "<li class='list-group-item'>- SUCCESSFULLY GENERATE NEW COMPONENT</li>";
?>
</ul>
</div>
<div class="panel-footer">
<a class="btn btn-sm btn-primary" href="../../admin.php?mod=<?php
echo $compo_name;
?>
">Go To <?php
echo $ucompo_name;
?>
Component</a>
<a class="btn btn-sm btn-danger pull-right" href="../../admin.php?mod=cogen">Back To CompoGen</a>
<?php
session_start();
include_once 'po-library/po-database.php';
include_once 'po-library/po-function.php';
$val = new Povalidasi();
if (!$_SESSION['submit']) {
header("location:404.php");
} else {
if (empty($_POST['name_contact']) || empty($_POST['email_contact']) || empty($_POST['subject_contact']) || empty($_POST['message_contact'])) {
header("location:404.php");
} else {
$name_contact = $val->validasi($_POST['name_contact'], 'xss');
$email_contact = $val->validasi($_POST['email_contact'], 'xss');
$subject_contact = $val->validasi($_POST['subject_contact'], 'xss');
$message_contact = $val->validasi($_POST['message_contact'], 'xss');
$message = "<html>\r\n\t\t\t<body>\r\n\t\t\t\tName : {$name_contact}<br />\r\n\t\t\t\tEmail : {$email_contact}<br />\r\n\t\t\t\tMessage : {$message_contact}<br /><br />\r\n\t\t\t\tSend Date : {$hari_ini}, {$tgl_skrg}-{$bln_sekarang}-{$thn_sekarang} ({$jam_sekarang} WIB)\r\n\t\t\t</body>\r\n\t\t\t</html>";
$table = new PoTable('contact');
$table->save(array('name_contact' => $name_contact, 'email_contact' => $email_contact, 'subjek_contact' => $subject_contact, 'message_contact' => $message));
unset($_POST);
echo "<script language='javascript'>\r\n window.alert('Succesfully Send Message')\r\n window.location.href='contact';\r\n </script>";
}
}
<?php
session_start();
include_once 'po-library/po-database.php';
include_once 'po-library/po-function.php';
$val = new Povalidasi();
if (!$_SESSION['submit']) {
header("location:404.php");
} else {
if (empty($_POST['email_address'])) {
header("location:404.php");
} else {
$tablecari = new PoTable('subscribe');
$currentCari = $tablecari->numRowBy(email, $_POST['email_address']);
if ($currentCari > 0) {
header("location:404.php");
} else {
$email = $val->validasi($_POST['email_address'], 'xss');
$table = new PoTable('subscribe');
$table->save(array('email' => $email));
unset($_POST);
echo "<script language='javascript'>\r\n window.alert('Succesfully Email Subscribe')\r\n window.location.href='./';\r\n </script>";
}
}
}
$currentRoleAccess = $tableroleaccess->findByAnd(id_level, $_SESSION['leveluser'], module, $mod);
$currentRoleAccess = $currentRoleAccess->current();
// Input absen
if ($mod == 'absen' and $act == 'view_data') {
if ($currentRoleAccess->write_access == "Y") {
$_SESSION['idk'] = $_POST['idk'];
$_SESSION['jam'] = $_POST['jam'];
header('location:../../admin.php?mod=' . $mod . '&act=addnew');
} else {
header('location:../../404.php');
}
}
// Input absen
if ($mod == 'absen' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$absen = $val->validasi($_POST['absen'], 'xss');
$table = new PoTable('absen');
$id_siswa = $_POST['id_siswa'];
$kelas = $_POST['kelas'];
$tgl = $_POST['tgl'];
$ket = $_POST['ket'];
$jam = $_POST['jam'];
for ($i = 0; $i < count($id_siswa); $i++) {
$table->save(array('ida' => '', 'id_siswa' => $id_siswa[$i], 'kelas' => $kelas[$i], 'tgl' => $tgl[$i], 'ket' => $ket[$i], 'jam' => $jam[$i]));
}
header('location:../../admin.php?mod=home');
} else {
header('location:../../404.php');
}
}
}
if ($_POST['seotitle'] != "") {
$seotitle = $_POST['seotitle'];
} else {
$seotitle = seo_title($title);
}
$data = $_POST['content'];
$data = stripslashes($data);
$eutf = htmlspecialchars($data, ENT_QUOTES);
if (!empty($_POST['picture'])) {
$picture = $_POST['picture'];
$table = new PoTable('pages');
$table->save(array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'picture' => $picture));
header('location:../../admin.php?mod=' . $mod);
} else {
$table = new PoTable('pages');
$table->save(array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle));
header('location:../../admin.php?mod=' . $mod);
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'pages' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
if ($_POST['seotitle'] != "") {
$seotitle = $_POST['seotitle'];
} else {
$seotitle = seo_title($title);
}
$data = $_POST['content'];
if (!empty($tmpName)) {
if (in_array($ekstensi, $extensionList)) {
move_uploaded_file($tmpName, $pathFile);
$destination_dir = "../../po-component/{$component}";
if (file_exists($destination_dir)) {
unlink("../../../po-content/po-upload/{$nama_file_unik}");
header('location:../../404.php');
} else {
$file = "../../../po-content/po-upload/{$nama_file_unik}";
$archive = new PclZip($file);
if ($archive->extract(PCLZIP_OPT_PATH, $destination_dir) == 0) {
unlink("../../../po-content/po-upload/{$nama_file_unik}");
header('location:../../404.php');
}
$table = new PoTable('component');
$table->save(array('component' => $component, 'table_name' => $table_name, 'date' => $tgl_sekarang));
unlink("../../../po-content/po-upload/{$nama_file_unik}");
header('location:../../admin.php?mod=' . $mod);
}
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'component' and $act == 'importtable') {
if ($currentRoleAccess->modify_access == "Y") {
$extensionList = array("sql");
$table = new PoTable('guru');
$table->updateBy('id_guru', $id, $data);
} else {
echo "404 Not Found Access";
}
} elseif ($mod == 'guru' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$guru = $val->validasi($_POST['guru'], 'xss');
$table = new PoTable('guru');
$nip = $_POST['nip'];
$nama_guru = $_POST['nama'];
$jk = $_POST['jk'];
$alamat = $_POST['alamat'];
$idk = $_POST['idk'];
$pass = $_POST['pass'];
$table->save(array('id_guru' => '', 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass));
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'guru' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id_guru'], 'sql');
$nip = $_POST['nip'];
$nama_guru = $_POST['nama'];
$jk = $_POST['jk'];
$alamat = $_POST['alamat'];
$idk = $_POST['idk'];
$pass = $_POST['pass'];
$data = array('id_guru' => $id, 'nip' => $nip, 'nama' => $nama_guru, 'jk' => $jk, 'alamat' => $alamat, 'idk' => $idk, 'pass' => $pass);
$table = new PoTable('guru');
$resultdata[$x]['start'] = $resultdata[$x]['date'] . ' 00:00';
$resultdata[$x]['end'] = $resultdata[$x]['date'] . ' 00:00';
} else {
$resultdata[$x]['allday'] = 'false';
$resultdata[$x]['starttime'] = $realtime[0];
$resultdata[$x]['endtime'] = !empty($realtime[1]) ? $realtime[1] : $realtime[0];
$resultdata[$x]['start'] = $resultdata[$x]['date'] . ' ' . $resultdata[$x]['starttime'];
$resultdata[$x]['end'] = $resultdata[$x]['date'] . ' ' . $resultdata[$x]['endtime'];
}
}
$resultdata[$x]['time'] = $value2;
}
$data = trim($value);
$data = stripslashes($data);
$eutf = htmlspecialchars($data, ENT_QUOTES);
$resultdata[$x]['content'] = $eutf;
//Overall content
}
}
}
$copyfile = $dir['con'] . 'event/success/';
if (!is_readable($copyfile . $_FILES['eventfile']['name'])) {
$table = new PoTable('event');
foreach ($resultdata as $key => $value) {
$table->save(array('title' => $value['title'], 'startevt' => $value['start'], 'endevt' => $value['end'], 'allday' => $value['allday'], 'content' => $value['content'], 'seotitle' => $value['seotitle'], 'color' => $color));
}
}
move_uploaded_file($_FILES['eventfile']['tmp_name'], $copyfile . $_FILES['eventfile']['name']);
header('location:../../admin.php?mod=' . $mod);
}
}
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('event');
$tabledel->deleteBy('id_event', $id);
header('location:../../admin.php?mod=' . $mod);
} elseif ($mod == 'event' and $act == 'input') {
$title = $val->validasi($_POST['title'], 'xss');
$seotitle = seo_title($title);
$start = $val->validasi($_POST['start'], 'xss');
$end = $val->validasi($_POST['end'], 'xss');
$allday = $val->validasi($_POST['allday'], 'xss');
$data = $_POST['content'];
$data = stripslashes($data);
$eutf = htmlspecialchars($data, ENT_QUOTES);
$color = $val->validasi($_POST['color'], 'xss');
$table = new PoTable('event');
$table->save(array('title' => $title, 'start' => $start, 'end' => $end, 'allday' => $allday, 'content' => $eutf, 'seotitle' => $seotitle, 'color' => $color));
header('location:../../admin.php?mod=' . $mod);
} elseif ($mod == 'event' and $act == 'update') {
$id = $val->validasi($_POST['id'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
$seotitle = seo_title($title);
$data = $_POST['content'];
$data = stripslashes($data);
$eutf = htmlspecialchars($data, ENT_QUOTES);
$color = $val->validasi($_POST['color'], 'xss');
$active = $val->validasi($_POST['active'], 'xss');
$data = array('title' => $title, 'content' => $eutf, 'seotitle' => $seotitle, 'color' => $color, 'active' => $active);
$table = new PoTable('event');
$table->updateBy('id_event', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} elseif ($mod == 'event' and $act == 'updatedrag') {
} else {
if (strlen($pass) >= 6) {
if ($pass == $repass) {
$currentUser = $table->findBy(username, $username);
$currentUser = $currentUser->current();
if ($currentUser > 0) {
header('location:register.php?errormsg=6');
} else {
$tableuser = new PoTable('users');
$users = $tableuser->findAll('id_user', 'ASC');
foreach ($users as $user) {
$user = $user->id_user;
}
$id_user = $user + 1;
$table = new PoTable('users');
$table->save(array('id_user' => $id_user, 'username' => $username, 'password' => $passmd5, 'nama_lengkap' => 'Your Name', 'email' => $email, 'no_telp' => '08xxxxxxxxxx', 'bio' => "No matter how exciting or significant a person''s life is, a poorly written biography will make it seem like a snore. On the other hand, a good biographer can draw insight from an ordinary life-because they recognize that even the most exciting life is an ordinary life! After all, a biography isn''t supposed to be a collection of facts assembled in chronological order; it''s the biographer''s interpretation of how that life was different and important.", 'userpicture' => '', 'level' => '3', 'tgl_daftar' => $tgl_sekarang, 'blokir' => 'Y', 'id_session' => $passmd5));
$tableset = new PoTable('setting');
$currentSet = $tableset->findBy(id_setting, '1');
$currentSet = $currentSet->current();
$website_name = $currentSet->website_name;
$website_url = $currentSet->website_url;
$website_email = $currentSet->website_email;
$to = "{$username} <{$email}>";
$from = "{$website_name} <{$website_email}>";
$subject = "Email Account Activation For {$website_name}";
$message = "<html>\n\t\t\t\t\t\t\t<body>\n\t\t\t\t\t\t\t\tIndonesia :<br />\n\t\t\t\t\t\t\t\t-----------<br />\n\t\t\t\t\t\t\t\tHi {$username},<br />\n\t\t\t\t\t\t\t\tJika anda tidak pernah mendaftarkan akun di {$website_name}, silahkan untuk menghiraukan email ini.<br />\n\t\t\t\t\t\t\t\tTetapi jika benar Anda telah membuat akun di {$website_name}, maka silahkan untuk mengklik tautan (link) di bawah ini untuk mengaktifkan akun Anda :<br /><br />\n\t\t\t\t\t\t\t\t<a href=\"{$website_url}/po-admin/activation.php?activeuser={$username}&key={$passmd5}\" title=\"Account Activation\">{$website_url}/po-admin/activation.php?activeuser={$username}&key={$passmd5}</a><br /><br />\n\t\t\t\t\t\t\t\tSetelah link tersebut diklik maka akun Anda telah diaktifkan dan telah terverifikasi, silahkan login dengan data berikut :<br /><br />\n\t\t\t\t\t\t\t\t--------------------<br />\n\t\t\t\t\t\t\t\tUsername : {$username}<br />\n\t\t\t\t\t\t\t\tPassword : {$pass}<br />\n\t\t\t\t\t\t\t\t--------------------<br /><br />\n\t\t\t\t\t\t\t\tSalam hangat,<br />\n\t\t\t\t\t\t\t\t{$website_name}.<br /><br /><br />\n\t\t\t\t\t\t\t\tEnglish :<br />\n\t\t\t\t\t\t\t\t-----------<br />\n\t\t\t\t\t\t\t\tHi {$username},<br />\n\t\t\t\t\t\t\t\tIf you have never registered account in {$website_name}, please to ignore this email.<br />\n\t\t\t\t\t\t\t\tBut if you really are registered account in {$website_name}, please to click on a link below to activated yout account :<br /><br />\n\t\t\t\t\t\t\t\t<a href=\"{$website_url}/po-admin/activation.php?activeuser={$username}&key={$passmd5}\" title=\"Account Activation\">{$website_url}/po-admin/activation.php?activeuser={$username}&key={$passmd5}</a><br /><br />\n\t\t\t\t\t\t\t\tThen automatically after you click a link above, your account have registered and verificated, please login with data :<br /><br />\n\t\t\t\t\t\t\t\t--------------------<br />\n\t\t\t\t\t\t\t\tUsername : {$username}<br />\n\t\t\t\t\t\t\t\tPassword : {$pass}<br />\n\t\t\t\t\t\t\t\t--------------------<br /><br />\n\t\t\t\t\t\t\t\tWarm regards,<br />\n\t\t\t\t\t\t\t\t{$website_name}.\n\t\t\t\t\t\t\t</body>\n\t\t\t\t\t\t</html>";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
$headers .= "From: " . $from . "\r\n";
mail($to, $subject, $message, $headers);
header('location:200.php');
}
} else {
header('location:../../404.php');
}
} else {
$destination_dir = "../../../po-content/{$folder}";
if (file_exists($destination_dir)) {
header('location:../../404.php');
} else {
$file = "po-blank-theme.zip";
$archive = new PclZip($file);
if ($archive->extract(PCLZIP_OPT_PATH, $destination_dir) == 0) {
header('location:../../404.php');
}
$table = new PoTable('theme');
$table->save(array('title' => $title, 'author' => $author, 'folder' => $folder));
header('location:../../admin.php?mod=' . $mod);
}
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'theme' and $act == 'active') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$active = $val->validasi($_POST['active'], 'xss');
$tableS = new PoTable('theme');
$currentSearch = $tableS->findBy(active, 'Y');
$currentSearch = $currentSearch->current();
$id_theme = $currentSearch->id_theme;
$actives = 'N';
$table = new PoTable('user_level');
$table->save(array('level' => $title));
header('location:../../admin.php?mod=' . $mod . '&act=userlevel');
} else {
header('location:../../404.php');
}
} elseif ($mod == 'user' and $act == 'adduserrole') {
if ($currentRoleAccess->write_access == "Y") {
$title = $val->validasi($_POST['title'], 'xss');
$level = $val->validasi($_POST['level'], 'xss');
$read_access = $val->validasi($_POST['read_access'], 'xss');
$write_access = $val->validasi($_POST['write_access'], 'xss');
$modify_access = $val->validasi($_POST['modify_access'], 'xss');
$delete_access = $val->validasi($_POST['delete_access'], 'xss');
$table = new PoTable('user_role');
$table->save(array('id_level' => $level, 'module' => $title, 'read_access' => $read_access, 'write_access' => $write_access, 'modify_access' => $modify_access, 'delete_access' => $delete_access));
header('location:../../admin.php?mod=' . $mod . '&act=userrole');
} else {
header('location:../../404.php');
}
} elseif ($mod == 'user' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'xss');
$iduser = $val->validasi($_POST['iduser'], 'xss');
$namalengkap = $val->validasi($_POST['nama_lengkap'], 'xss');
$email = $val->validasi($_POST['email'], 'xss');
$telp = $val->validasi($_POST['no_telp'], 'xss');
$level = $val->validasi($_POST['level'], 'xss');
$blokir = $val->validasi($_POST['blokir'], 'xss');
$locktype = $val->validasi($_POST['locktype'], 'xss');
$data = $_POST[bio];
} elseif ($mod == 'kelas' and $act == 'delimage') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$picture = '';
$data = array('picture' => $picture);
$table = new PoTable('kelas');
$table->updateBy('id_kelas', $id, $data);
} else {
echo "404 Not Found Access";
}
} elseif ($mod == 'kelas' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$kelas = $val->validasi($_POST['kelas'], 'xss');
$table = new PoTable('kelas');
$nama_kelas = $_POST['nama'];
$table->save(array('id_kelas' => '', 'nama' => $nama_kelas, 'kelas' => $kelas));
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'kelas' and $act == 'update') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$kelas = $val->validasi($_POST['kelas'], 'xss');
$nama = $val->validasi($_POST['nama'], 'xss');
$data = array('id_kelas' => $id, 'nama' => $nama, 'kelas' => $kelas);
$table = new PoTable('kelas');
$table->updateBy('id_kelas', $id, $data);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
} else {
$table = new PoTable('gallery');
$table->save(array('id_album' => $id_album, 'title' => $title));
header('location:../../admin.php?mod=' . $mod);
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'gallery' and $act == 'inputalbum') {
if ($currentRoleAccess->write_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
$addalb = $val->validasi($_POST['addalb'], 'xss');
$seotitle = seo_title($title);
$table = new PoTable('album');
$table->save(array('title' => $title, 'seotitle' => $seotitle));
if ($id == '') {
header('location:../../admin.php?mod=' . $mod . '&act=' . $addalb);
} else {
header('location:../../admin.php?mod=' . $mod . '&act=edit&id=' . $id);
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'gallery' and $act == 'editgallery') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$id_album = $val->validasi($_POST['id_album'], 'sql');
$title = $val->validasi($_POST['title'], 'xss');
if (!empty($_POST['picture'])) {
$picture = $_POST['picture'];
header('location:404.php');
} else {
if (isset($_REQUEST["name"])) {
include_once '../../../../po-library/po-database.php';
include_once '../../../../po-library/po-function.php';
include_once 'PluploadHandler.php';
PluploadHandler::no_cache_headers();
PluploadHandler::cors_headers();
if (!PluploadHandler::handle(array('target_dir' => '../../../../po-content/po-upload/', 'allow_extensions' => 'jpg,jpeg,gif,png,zip,doc,docx,ppt,pptx,xls,xslx,rar,psd,txt,pdf,mp3,mp4,flv,avi'))) {
die(json_encode(array('OK' => 0, 'error' => array('code' => PluploadHandler::get_error_code(), 'message' => PluploadHandler::get_error_message()))));
} else {
function po_sanitize_file_name($filename)
{
$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "\$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
$filename = str_replace($special_chars, '', $filename);
$filename = preg_replace('/[\\s-]+/', '-', $filename);
$filename = trim($filename, '.-_');
$filename = strtolower($filename);
return $filename;
}
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
$fileType = $_FILES['file']['type'];
$fileSize = $_FILES['file']['size'];
$table = new PoTable('media');
$table->save(array('file_name' => po_sanitize_file_name($fileName), 'file_type' => $fileType, 'file_size' => $fileSize, 'date' => $tgl_sekarang));
die(json_encode(array('OK' => 1)));
}
} else {
header('location:404.php');
}
}
