function get_frontmenu_all() { $query = 'select a.nid,nid_parent,cmenu,ci_path,ci_controller,ci_func_controller,icon_class,is_main from ' . $this->frontmenu . ' as a '; $cwhere = ' a.bhide=0 '; if (b_admin(b_getuserlogin())) { } else { $query .= 'join ' . $this->granted . ' as d on d.nid_frontmenus=a.nid '; $cwhere .= ' and d.nid_users=' . $this->db->escape($this->session->userdata('SESS_USER_ID')); } $query .= ' where ' . $cwhere; $query .= ' order by a.nurut '; $result = $this->db->query($query); return $result; }
if (USERLEVEL >= bc_supervisor and !b_admin($_POST['nid']) and b_getuserlogin() != $_POST['nid']) { ?> <tr> <td colspan="2"><h2>Grant Modul</h2></td> </tr> <tr> <td colspan="2"> <table> <?php $csql = "select * from " . PREFIX . "moduls order by nid"; $nresult = gcms_query($csql); $i = 0; while ($omoduls = gcms_fetch_object($nresult)) { b_fetch("select count(nid) from " . PREFIX . "granted where nid_users='" . $_POST['nid'] . "' and nid_moduls='{$omoduls->nid}'") > 0 ? $ccheck = "checked" : ($ccheck = ""); $ainfo = b_readinit(str_replace(".php", ".init.php", $omoduls->cpath)); if (($ainfo['level'] <= USERLEVEL or b_admin(b_getuserlogin())) and $ainfo['type'] != "lib") { //(strtolower($ainfo['type'])=="admin")?$ctype="(Admin)":$ctype="(Frontend)"; if (strtolower($ainfo['type']) == "admin") { ?> <tr> <td><input type="checkbox" name="modul[<?php echo $i; ?> ]" value="<?php echo $omoduls->nid; ?> " <?php echo $ccheck; ?> > <?php
$creff = "<a href=\"?cact=" . $_REQUEST['cact'] . "&csub=0\">Extensions</a>\n"; } else { $creff = "<a href=\"?cact=" . $_REQUEST['cact'] . "&csub=0\" class=\"current\">Extensions</a>\n"; } } $csubmenu .= "<li " . $ccurrent . ">" . $creff . "</li>"; if (b_admin(b_getuserlogin())) { $csql = "select * from " . PREFIX . "moduls"; } else { $csql = "select a.nid, a.cpath, b.nstatus from " . PREFIX . "moduls as a\r\n inner join " . PREFIX . "granted as b on \r\n a.nid=b.nid_moduls and b.nid_users='" . $_SESSION['nid_login'] . "'"; } $nresult = gcms_query($csql); $agroup[] = ""; while ($omoduls = gcms_fetch_object($nresult)) { $ainfo_menu = b_readinit(str_replace(".php", ".init.php", strtolower($omoduls->cpath))); if ($omoduls->nstatus >= $ainfo_menu['level'] or b_admin(b_getuserlogin())) { $ccurrent = ""; $creff = ""; if (!in_array($ainfo_menu['group'], $agroup)) { $agroup[] = $ainfo_menu['group']; } if (trim(strtolower($ainfo_menu['type'])) == "admin" and trim(strtolower($ainfo_menu['group'])) == strtolower($cgroup) and $ainfo_menu['grant'] <= $bv_level) { if ($_REQUEST['csub'] == $omoduls->nid) { $creff = "<a href=\"?cact=" . $_REQUEST['cact'] . "&csub={$omoduls->nid}\" class=\"current\">" . trim($ainfo_menu['name']) . "</a>"; } else { $creff = "<a href=\"?cact=" . $_REQUEST['cact'] . "&csub={$omoduls->nid}\">" . trim($ainfo_menu['name']) . "</a>"; } } $csubmenu .= "<li " . $ccurrent . ">" . $creff . "</li>\r\n"; } }
/** * Mendapatkan title berdasarkan menu yang dipilih * * @param string $cpage * @return unknown */ function menu_get_title($cpage) { if (b_antisqlinjection($cpage) and $cpage != "") { if (b_admin(b_getuserlogin())) { $csql = "select * from " . PREFIX . "frontmenus where nid='" . $cpage . "'"; } else { $csql = "select a.* from " . PREFIX . "frontmenus as a\r\n\t\t left join " . PREFIX . "grantedfrontmenus as b on a.nid=b.nid_frontmenus\r\n\t\t where a.nid='" . $cpage . "' and \r\n\t\t (b.nid_users='" . b_getuserlogin() . "' or a.bsecure=0)"; } $nresult = gcms_query($csql); $opage = gcms_fetch_object($nresult); $csql = "select cgroup from " . PREFIX . "groupfrontmenus where nid='" . $opage->nid_groupfrontmenus . "'"; $creturn = b_fetch($csql) . " - " . $opage->cmenu; return $creturn; } }
} include 'header-admin.php'; if (!b_logged()) { include 'login.php'; } else { include 'menu.php'; if ($_REQUEST['cact'] == 0) { include 'dashboard.php'; } else { if ($bdash) { include 'extension.php'; } else { if (isset($cpath)) { ?> <div class="judul"><?php echo $ainfo['name']; ?> </div> <?php $ainfo = b_readinit(str_replace(".php", ".init.php", $cpath)); $csql = "select nstatus from " . PREFIX . "granted where nid_users='" . $_SESSION['nid_login'] . "' and nid_moduls='" . $_REQUEST['csub'] . "'"; if (b_fetch($csql) >= $ainfo['level'] or b_admin(b_getuserlogin())) { if (file_exists($cpath)) { include $cpath; } } } } } } include 'footer-admin.php';
public function FBUpdate($tableName, $other_request, $exception, $str_where, $intDebug = 0) { $nfield = 0; $nother = 0; $nexception = count($exception); if ($this->isTableExist($tableName)) { $this->erro = 0; $this->erro_msg = ''; $this->rows = 0; if ($this->erro == 0) { $qry_temp = "UPDATE {$tableName} SET "; $sql = "select FIRST 1 SKIP 1 * from {$tableName} "; $intQuery = $this->Query($sql, 0, 1); $coln = $this->GetNumFields($intQuery); $this->setFieldTable($intQuery); for ($i = 0; $i < $coln; $i++) { $col_info = $this->GetFieldInfo($intQuery, $i); $col_info['name'] = strtolower($col_info['name']); if (!in_array($col_info['name'], array_change_key_case($exception, CASE_LOWER))) { if (array_key_exists($col_info['name'], $_REQUEST)) { $nfield++; if ($col_info['type'] == 'DATE') { if ($_REQUEST[$col_info['name']] == '') { $qry_temp .= $col_info['name'] . '=NULL,'; } else { $qry_temp .= $col_info['name'] . '=' . $this->quote_smart($this->formatDate($_REQUEST[$col_info['name']])) . ','; } } elseif (!in_array($col_info['type'], $this->type_string)) { $qry_temp .= $col_info['name'] . '=' . $this->quote_smart(str_replace(',', '', $_REQUEST[$col_info['name']])) . ','; } else { $qry_temp .= $col_info['name'] . '=' . $this->quote_smart($_REQUEST[$col_info['name']]) . ','; } } if (array_key_exists(strtolower($col_info['name']), array_change_key_case($other_request, CASE_LOWER))) { $nother++; if ($col_info['type'] == 'DATE') { if ($other_request[$col_info['name']] == '') { $qry_temp .= $col_info['name'] . '=NULL,'; } else { $qry_temp .= $col_info['name'] . '=' . $this->quote_smart($this->formatDate($other_request[$col_info['name']])) . ','; } } elseif (!in_array($col_info['type'], $this->type_string)) { $qry_temp .= $col_info['name'] . '=' . $this->quote_smart(str_replace(',', '', $other_request[$col_info['name']])) . ','; } else { $qry_temp .= $col_info['name'] . '=' . $this->quote_smart($other_request[$col_info['name']]) . ','; } } if ($col_info['type'] == 'TIMESTAMP') { $qry_temp .= $col_info['name'] . '=' . $this->quote_smart('NOW') . ','; $nfield++; } if ($col_info['name'] == 'user_id') { $qry_temp .= $col_info['name'] . '=' . $this->quote_smart(b_getuserlogin()) . ','; $nfield++; } } } $qry_temp .= ')'; $qry_temp = str_replace(',)', ' ', $qry_temp); $qry_temp .= ' ' . $str_where . ' '; if ($intDebug) { echo $qry_temp; } else { if ($coln - $nexception != $nfield + $nother) { echo '$coln: ' . $coln . "\n"; echo '$nexception: ' . $nexception . "\n"; echo '$nfield: ' . $nfield . "\n"; echo '$nother: ' . $nother . "\n"; echo 'Parameter Query Invalid' . "\n"; } else { //$this->result=@$this->Query($qry_temp,0,1); $this->result = ibase_query($qry_temp); if ($this->result) { $this->erro = 0; $this->erro_msg = 'Executing Insert Query Success !'; } else { $this->erro = ibase_errcode(); $this->erro_msg = ibase_errmsg(); } } } } } else { $this->erro = 99; $this->erro_msg = 'Table doesn\'t exist !'; } return $this->result; }
?> <br> by: <?php echo $cby; ?> <br> Source: <?php echo $csource; ?> </td> <td align="left" valign="middle" bgcolor="<?php echo $ccolor; ?> " width="20%"> <?php b_admin(b_getuserlogin()) ? $cdisabled = "" : ($cdisabled = "disabled"); $cremove = str_replace('dummy', $cdisabled, $cremove); ?> <input type="submit" name="submit" value="<?php echo $cvalue; ?> " <?php echo $cdisabled; ?> ><?php echo $cremove; ?> </td> </tr> </form> <?php