<?php
// widgets/textlink/admin_action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer, admin
if (gcms::isReferer() && gcms::isAdmin() && (empty($_SESSION['login']['account']) || $_SESSION['login']['account'] != 'demo')) {
// ค่าที่ส่งมา
$action = gcms::getVars($_POST, 'action', '');
$id = gcms::getVars($_POST, 'id', '');
$value = gcms::getVars($_POST, 'value', 0);
if ($action == 'delete') {
$sql = "SELECT `logo` FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id}) AND logo != ''";
foreach ($db->customQuery($sql) as $item) {
@unlink(DATA_PATH . 'image/' . $item['logo']);
}
$db->query("DELETE FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id})");
} elseif ($action == 'published') {
$db->query("UPDATE `" . DB_TEXTLINK . "` SET `published`='{$value}' WHERE `id` IN({$id})");
} elseif ($action == 'move') {
// move menu
$max = 1;
foreach (explode(',', str_replace('user-', '', $_POST['data'])) as $i) {
$db->query("UPDATE `" . DB_TEXTLINK . "` SET `link_order`=" . $max . " WHERE `id`=" . (int) $i . " LIMIT 1");
$max++;
}
} elseif ($action == 'styles') {
// styles
include ROOT_PATH . 'widgets/textlink/styles.php';
// template
<?php
// admin/import.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
// ไฟล์ที่ส่งมา
$file = $_FILES['import_file'];
// แอดมินเท่านั้น
if (gcms::isReferer() && gcms::isAdmin() && $file['tmp_name'] != '') {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
echo gcms::array2json(array('error' => 'EX_MODE_ERROR'));
} else {
// long time
set_time_limit(0);
// อัปโหลด
$fr = file($file['tmp_name']);
// query ทีละบรรทัด
foreach ($fr as $value) {
$sql = str_replace(array('\\r', '\\n', '{prefix}', '/{WEBMASTER}/', '/{WEBURL}/'), array("\r", "\n", PREFIX, $_SESSION['login']['email'], WEB_URL), trim($value));
if ($sql != '') {
$db->query($sql);
}
}
}
}
<?php
// modal.php
header("content-type: text/html; charset=UTF-8");
// inint
include dirname(__FILE__) . '/bin/inint.php';
// ตรวจสอบ referer
if (gcms::isReferer() && preg_match('/^([a-z]+)$/', $_POST['module'], $match)) {
if (is_file(ROOT_PATH . SKIN . "{$match['1']}.html")) {
$patt = array('/{(LNG_[A-Z0-9_]+)}/e', '/{SKIN}/', '/{WEBURL}/', '/{TITLE}/', '/{DESCRIPTION}/', '/{LANGUAGE}/');
$replace = array(OLD_PHP ? '$lng[\'$1\']' : 'gcms::getLng', SKIN, WEB_URL, $config['web_title'], $config['web_description'], LANGUAGE);
echo gcms::pregReplace($patt, $replace, gcms::loadfile(ROOT_PATH . SKIN . "{$match['1']}.html"));
} else {
echo '<div class=error>' . $lng['PAGE_NOT_FOUND'] . '</div>';
}
}
<?php
// widgets/relate/getnews.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// ตรวจสอบ referer
if (gcms::isReferer() && preg_match('/^widget_([0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)_(list|icon|thumb)$/', $_POST['id'], $match)) {
// วันนี้
$c_date = date('Y-m-d', $mmktime);
// อ่านโมดูล
$sql = "SELECT M.`config`,M.`module`,D.`relate`,Q.`id`,Q.`module_id`";
$sql .= " FROM `" . DB_INDEX . "` AS Q";
$sql .= " INNER JOIN `" . DB_INDEX_DETAIL . "` AS D ON D.`id`=Q.`id` AND D.`module_id`=Q.`module_id` AND D.`language` IN ('" . LANGUAGE . "','')";
$sql .= " INNER JOIN " . DB_MODULES . " AS M ON M.`id`=D.`module_id`";
$sql .= " WHERE D.`id`=" . (int) $match[1] . " AND M.`owner`='document' AND Q.`published`='1' AND Q.`published_date`<='{$c_date}' AND Q.`index` = '0' LIMIT 1";
$index = $cache->get($sql);
if (!$index) {
$index = $db->customQuery($sql);
if (sizeof($index) == 1) {
$index = $index[0];
// อ่าน config
gcms::r2config($index['config'], $index);
unset($index['config']);
// save cached
$cache->save($sql, $index);
} else {
$index = false;
}
}
if ($index && $index['relate'] != '') {
<?php
// modules/personnel/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'personnel_can_write')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
$error = false;
// ค่าที่ส่งมา
$save = array();
$save['name'] = $db->sql_trim_str($_POST, 'write_name');
$save['email'] = $db->sql_trim_str($_POST, 'write_email');
$save['position'] = $db->sql_trim_str($_POST, 'write_position');
$save['phone'] = $db->sql_trim_str($_POST, 'write_phone');
$save['address'] = $db->sql_trim_str($_POST, 'write_address');
$save['detail'] = $db->sql_trim_str($_POST, 'write_detail');
$save['category_id'] = gcms::getVars($_POST, 'write_category', 0);
$save['order'] = min(99, max(0, (int) $_POST['write_order']));
$icon = $_FILES['write_picture'];
$id = gcms::getVars($_POST, 'write_id', 0);
// ตรวจสอบค่าที่ส่งมา
if ($id > 0) {
$sql = "SELECT C.*,M.`module` FROM `" . DB_MODULES . "` AS M";
$sql .= " INNER JOIN `" . DB_PERSONNEL . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}";
} else {
$sql1 = "SELECT MAX(`id`)+1 FROM `" . DB_PERSONNEL . "` WHERE `module_id`=M.`id`";
<?php
// modules/member/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer
if (gcms::isReferer() && $db->sql_trim_str($_POST, 'value') != $_SESSION[$_POST['antispam']]) {
echo 'ANTISPAM_INCORRECT';
}
// inint
include '../bin/inint.php';
// action
$action = gcms::getVars($_POST, 'action', '');
// ตรวจสอบ id
$ids = array();
foreach (explode(',', $_POST['id']) as $id) {
// ไม่สามารถแก้ไขตัวเองได้
if ($_SESSION['login']['id'] != $id) {
$ids[] = (int) $id;
}
}
// id ของ สมาชิกทั้งหมดที่ส่งมา
$ids = implode(',', $ids);
// ตรวจสอบ referer และ admin
if (gcms::isReferer() && gcms::isAdmin() && $ids != '') {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
echo $lng['ACTION_FORBIDDEN'];
} else {
if ($action == 'delete') {
// ลบสมาชิกที่เลือก
$sql = "SELECT `icon` FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `id`!=1 AND `icon`!=''";
foreach ($db->customQuery($sql) as $item) {
// ลบรูปภาพสมาชิก
@unlink(USERICON_FULLPATH . $item['icon']);
}
// ลบสมาชิก
$db->query("DELETE FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `id`!=1");
} elseif ($action == 'activate' || $action == 'sendpassword') {
// ส่งอีเมล์ยืนยันสมาชิก อีกครั้ง
$sql = "SELECT `id`,`email`,`activatecode` FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `fb`='0'";
<?php
// modules/gallery/admin_action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'gallery_can_write')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
$action = gcms::getVars($_POST, 'action', '');
$ids = array();
foreach (explode(',', $_POST['id']) as $id) {
$ids[] = (int) $id;
}
if (sizeof($ids) > 0) {
$ids = implode(',', $ids);
if ($action == 'delete') {
// ลบอัลบัม, ตรวจสอบ id
$sql = "SELECT `id` FROM `" . DB_GALLERY_ALBUM . "` WHERE `id` IN ({$ids}) AND `module_id`=(SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='gallery')";
$ids = array();
foreach ($db->customQuery($sql) as $item) {
// ลบโฟลเดอร์และรูป
gcms::rm_dir(DATA_PATH . "gallery/{$item['id']}/");
// id ที่ลบ
$ids[] = $item['id'];
}
if (sizeof($ids) > 0) {
$ids = implode(',', $ids);
<?php
// widgets/board/getnews.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// ตรวจสอบ referer
if (gcms::isReferer() && preg_match('/^widget_([a-z0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)_([0-9]+)$/', $_POST['id'], $match)) {
// อ่านโมดูล
$sql = "SELECT `id`,`config`,`module` FROM `" . DB_MODULES . "` WHERE `id`=" . (int) $match[2] . " LIMIT 1";
$index = $cache->get($sql);
if (!$index) {
$index = $db->customQuery($sql);
if (sizeof($index) == 1) {
$index = $index[0];
// อ่าน config
gcms::r2config($index['config'], $index);
unset($index['config']);
// save cached
$cache->save($sql, $index);
} else {
$index = false;
}
}
if ($index && $match[4] > 0) {
// query
$sql = "SELECT Q.`id`,Q.`topic`,Q.`picture`,Q.`last_update`,Q.`comment_date`,Q.`create_date`,Q.`detail`,U.`status`,U.`id` AS `member_id`";
$sql .= ",(CASE WHEN ISNULL(U.`id`) THEN (CASE WHEN Q.`comment_date`>0 THEN Q.`commentator` ELSE Q.`email` END) ELSE (CASE WHEN U.`displayname`='' THEN U.`email` ELSE U.`displayname` END) END) AS `displayname`";
$sql .= " FROM `" . DB_BOARD_Q . "` AS Q";
$sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=(CASE WHEN Q.`comment_date`>0 THEN Q.`commentator_id` ELSE Q.`member_id` END)";
$sql .= " WHERE Q.`module_id`={$index['id']}";
<?php
// admin/savewrite.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ แอดมิน
if (gcms::isReferer() && gcms::isAdmin() && (isset($_POST['intro']) || isset($_POST['maintenance']))) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ภาษาทีต้องการบันทึก
$lang = gcms::getVars($_POST, 'write_language', '');
$lang = in_array($lang, $config['languages']) ? $lang : LANGUAGE;
$patt = array();
$replace = array();
// ตัด /r/n
$patt[] = '/[\\r\\n]{1,}/su';
$replace[] = '';
// หน้าว่างๆ
$patt[] = '/^( |\\s){0,}<br[\\s\\/]+?>( |\\s){0,}$/iu';
$replace[] = '';
// ตัด PHP
$patt[] = '/<\\?(.*?)\\?>/su';
$replace[] = '';
$save = array();
$detail = $db->sql_quote(preg_replace($patt, $replace, $_POST['write_detail']));
// ตรวจสอบ ข้อความเดิม
$key = isset($_POST['intro']) && $_POST['intro'] == 1 ? 'INTRO_PAGE_DETAIL' : 'MAINTENANCE_DETAIL';
$search = $db->basicSearch(DB_LANGUAGE, 'key', $key);
<?php
// modules/video/admin_config_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::canConfig($config, 'video_can_config')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// โหลด config ใหม่
$config = array();
if (is_file(CONFIG)) {
include CONFIG;
}
// ค่าที่ส่งมา
$config['google_api_key'] = gcms::getVars($_POST, 'google_api_key', '');
$config['video_cols'] = gcms::getVars($_POST, 'config_cols', 0);
$config['video_rows'] = gcms::getVars($_POST, 'config_rows', 0);
$config['video_can_write'] = isset($_POST['config_can_write']) ? $_POST['config_can_write'] : array();
$config['video_can_write'][] = 1;
$config['video_can_config'] = isset($_POST['config_can_config']) ? $_POST['config_can_config'] : array();
$config['video_can_config'][] = 1;
// บันทึก config.php
if (gcms::saveconfig(CONFIG, $config)) {
$ret['error'] = 'SAVE_COMPLETE';
$ret['location'] = 'reload';
} else {
$ret['error'] = 'DO_NOT_SAVE';
<?php
// modules/edocument/admin_config_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::canConfig($config, 'edocument_can_config')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
$error = false;
// ตรวจสอบชนิดของไฟล์
$file_typies = strtolower(preg_replace('/[\\s]/', '', $_POST['config_file_typies']));
if ($file_typies != '') {
foreach (explode(',', $file_typies) as $item) {
if (!preg_match('/^[a-z0-9]{2,6}$/u', $item)) {
$error = true;
}
}
}
$edocument_format_no = $db->sql_trim_str($_POST, 'config_format_no');
// ตรวจสอบค่าที่ส่งมา
$ret['ret_config_format_no'] = '';
$ret['ret_config_file_typies'] = '';
if ($edocument_format_no == '') {
$ret['error'] = 'EDOCUMENT_FORMAT_NO_EMPTY';
$ret['input'] = 'config_format_no';
$ret['ret_config_format_no'] = 'EDOCUMENT_FORMAT_NO_EMPTY';
} elseif ($file_typies == '') {
<?php
// modules/edocument/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer
if (gcms::isReferer() && preg_match('/^(icon\\-)?(download|downloading|delete)\\s([0-9]+)$/', $_POST['id'], $match)) {
// ค่าที่ส่งมา
$action = $match[2];
$id = $match[3];
// login
$login = gcms::getVars($_SESSION, 'login', array('id' => 0, 'status' => -1, 'email' => '', 'password' => ''));
// guest = -1
$status = isset($login['status']) ? $login['status'] : -1;
if ($action == 'download' || $action == 'downloading') {
// ไฟล์ดาวน์โหลด
$sql = "SELECT D.*,N.`id` AS `download_id`,N.`downloads` FROM `" . DB_EDOCUMENT . "` AS D";
$sql .= " LEFT JOIN `" . DB_EDOCUMENT_DOWNLOAD . "` AS N ON N.`document_id`=D.`id` AND N.`member_id`=" . (int) $login['id'];
$sql .= " WHERE D.`id`=" . (int) $id . " LIMIT 1";
$download = $db->customQuery($sql);
$download = sizeof($download) == 1 ? $download[0] : false;
$file_path = DATA_PATH . "edocument/{$download['file']}";
// ตรวจสอบสถานะการดาวน์โหลด
if (!$download || !is_file($file_path)) {
$ret['error'] = 'DOWNLOAD_FILE_NOT_FOUND';
} elseif (!in_array($status, explode(',', $download['reciever']))) {
$ret['error'] = 'DO_NOT_DOWNLOAD';
} elseif ($action == 'download') {
$ret['confirm'] = 'CONFIRM_DOWNLOAD';
} elseif ($action == 'downloading') {
<?php
// modules/download/admin_config_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'download_can_config')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ตรวจสอบชนิดของไฟล์
$error = false;
$file_typies = strtolower(preg_replace('/[\\s]/', '', $_POST['config_file_typies']));
if ($file_typies != '') {
foreach (explode(',', $file_typies) as $item) {
if (!preg_match('/^[a-z0-9]{2,6}$/u', $item)) {
$error = true;
}
}
}
// ตรวจสอบค่าที่ส่งมา
$ret['ret_config_file_typies'] = '';
if ($file_typies == '') {
$ret['error'] = 'DOWNLOAD_FILE_TYPIES_EMPTY';
$ret['input'] = 'config_file_typies';
$ret['ret_config_file_typies'] = 'DOWNLOAD_FILE_TYPIES_EMPTY';
} elseif ($error) {
$ret['error'] = 'DOWNLOAD_FILE_TYPIES_INVALID';
$ret['input'] = 'config_file_typies';
<?php
// modules/edocument/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::canConfig($config, 'edocument_moderator')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$save = array();
$save['document_no'] = $db->sql_trim_str($_POST, 'edocument_no');
$save['topic'] = $db->sql_trim_str($_POST, 'edocument_topic');
$save['detail'] = gcms::ckClean($_POST['edocument_detail']);
if (isset($_POST['edocument_reciever'])) {
$save['reciever'] = implode(',', $_POST['edocument_reciever']);
}
$id = gcms::getVars($_POST, 'write_id', 0);
$file = $_FILES['edocument_file'];
// ตรวจสอบค่าที่ส่งมา
$error = false;
$input = false;
if ($id > 0) {
// แก้ไข
$sql = "SELECT D.*,M.`module`";
$sql .= " FROM `" . DB_EDOCUMENT . "` AS D";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=D.`module_id`";
$sql .= " WHERE D.`id`='{$id}' AND M.`owner`='edocument' LIMIT 1";
<?php
// admin/mailto.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ สมาชิก
if (gcms::isReferer() && gcms::isMember()) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$topic = htmlspecialchars(trim($_POST['email_subject']));
$detail = gcms::ckClean($_POST['email_detail']);
$reciever = htmlspecialchars(trim($_POST['email_reciever']));
if (gcms::isAdmin()) {
$sender = $db->getRec(DB_USER, $_POST['email_from']);
} else {
$sender = $_SESSION['login'];
}
// ตรวจสอบค่าที่ส่งมา
if ($sender['email'] == '') {
$ret['error'] = 'ACTION_ERROR';
} elseif ($reciever == '') {
$ret['error'] = 'RECIEVER_EMPTY';
$ret['input'] = 'email_reciever';
} elseif ($sender == $reciever) {
$ret['error'] = 'ACTION_ERROR';
} elseif ($topic == '') {
$ret['error'] = 'TOPIC_EMPTY';
<?php
// modules/video/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer, member
if (gcms::isReferer() && preg_match('/^youtube_([0-9]+)_([a-zA-Z0-9\\-_]{11,11})$/', $_POST['id'], $match)) {
$mv = $db->getRec(DB_VIDEO, $match[1]);
// get video info
$url = 'https://www.googleapis.com/youtube/v3/videos?part=statistics&id=' . $mv['youtube'] . '&key=' . gcms::getVars($config, 'google_api_key', '');
if (function_exists('curl_init') && ($ch = @curl_init())) {
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$feed = curl_exec($ch);
curl_close($ch);
} else {
$feed = file_get_contents($url);
}
if ($feed != '') {
$datas = json_decode($feed);
$items = $datas->{'items'};
if (sizeof($items) == 1) {
$viewCount = (int) $items[0]->{'statistics'}->{'viewCount'};
if ($viewCount != $mv['views']) {
$db->edit(DB_VIDEO, $mv['id'], array('views' => $viewCount));
}
}
}
echo '<figure class=mv>';
echo '<div class=youtube><iframe width=560 height=315 src="//www.youtube.com/embed/' . $mv['youtube'] . '?wmode=transparent" frameborder=0></iframe></div>';
<?php
// admin/savestatus.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::isAdmin()) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// action
$action = gcms::getVars($_POST, 'action', '');
// โหลด config ใหม่
$config = array();
if (is_file(CONFIG)) {
include CONFIG;
}
if ($action == 'config_status_add') {
if (!isset($config['member_status'][0])) {
$config['member_status'][0] = 'สมาชิก';
$config['color_status'][0] = '#006600';
}
if (!isset($config['member_status'][1])) {
$config['member_status'][1] = 'ผู้ดูแลระบบ';
$config['color_status'][1] = '#FF0000';
}
// เพิ่มสถานะสมาชิกใหม่
$config['member_status'][] = "{$lng['LNG_CLICK_TO']} {$lng['LNG_EDIT']}";
$config['color_status'][] = '#000000';
<?php
// modules/event/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ สมาชิก
if (gcms::isReferer() && gcms::canConfig($config, 'event_can_write')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$save['topic'] = gcms::getTags($_POST['write_topic']);
$keywords = gcms::getTags($_POST['write_keywords']);
$save['keywords'] = $db->sql_clean(gcms::cutstring(preg_replace('/[\'\\"\\r\\n\\s]{1,}/isu', ' ', $keywords == '' ? $save['topic'] : $keywords), 149));
$description = trim(gcms::getVars($_POST, 'write_description', ''));
$save['description'] = $db->sql_trim_str(gcms::cutstring(gcms::html2txt($description == '' ? $_POST['write_detail'] : $description), 149));
$save['detail'] = gcms::ckDetail($_POST['write_detail']);
$save['published_date'] = $db->sql_trim_str($_POST, 'write_published_date');
$save['published'] = $_POST['write_published'] == '1' ? '1' : '0';
$save['begin_date'] = "{$_POST['write_d']} {$_POST['write_h']}:{$_POST['write_m']}:00";
$save['color'] = $db->sql_trim_str($_POST, 'write_color');
$id = gcms::getVars($_POST, 'write_id', 0);
if ($id > 0) {
// ตรวจสอบโมดูล หรือ เรื่องที่เลือก (แก้ไข)
$sql = "SELECT I.`module_id`,M.`module`";
$sql .= " FROM `" . DB_EVENTCALENDAR . "` AS I";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`owner`='event' AND M.`id`=I.`module_id`";
$sql .= " WHERE I.`id`='{$id}'";
$sql .= " LIMIT 1";
<?php
// widgets/tags/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
// referer
if (gcms::isReferer()) {
// อัปเดทการคลิก
list($action, $id) = explode('-', $_POST['id']);
if ($action == 'tags') {
$sql = "UPDATE `" . DB_TAGS . "` SET `count`=`count`+1 WHERE `id`=" . (int) $id . " LIMIT 1";
$db->query($sql);
}
}
<?php
// modules/document/action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer
if (gcms::isReferer() && preg_match('/(quote|edit|delete|deleting|pin|lock|print|pdf)-([0-9]+)-([0-9]+)-([0-9]+)-(.*)$/', $_POST['id'], $match)) {
$action = $match[1];
$qid = (int) $match[2];
$rid = (int) $match[3];
$no = (int) $match[4];
$module = $match[5];
if ($rid > 0) {
// คำตอบ
$sql = "SELECT C.`detail`,Q.`category_id`,C.`member_id`,U.`status`,M.`id` AS `module_id`,M.`module`,M.`config`";
$sql .= " FROM `" . DB_COMMENT . "` AS C";
$sql .= " INNER JOIN `" . DB_INDEX . "` AS Q ON Q.`id`=C.`index_id` AND Q.`module_id`=C.`module_id` AND Q.`index`='0'";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=C.`module_id`";
$sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=C.`member_id`";
$sql .= " WHERE C.`id`='{$rid}'";
$sql .= " LIMIT 1";
} else {
// คำถาม
$sql = "SELECT D.`topic`,D.`detail`,Q.`category_id`,Q.`member_id`,U.`status`,M.`id` AS `module_id`,M.`module`,M.`config`";
$sql .= " FROM `" . DB_INDEX . "` AS Q";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=Q.`module_id`";
$sql .= " INNER JOIN `" . DB_INDEX_DETAIL . "` AS D ON D.`id`=Q.`id` AND D.`module_id`=Q.`module_id` AND D.`language` IN ('" . LANGUAGE . "','')";
$sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=Q.`member_id`";
$sql .= " WHERE Q.`id`='{$qid}'";