if (!defined('AURACMS_admin')) { Header("Location: ../index.php"); exit; } $script_include[] = $JS_SCRIPT; $admin = ''; if (!cek_login()) { $admin .= '<h4 class="bg">Access Denied !!!!!!</h4>'; } else { global $koneksi_db, $PHP_SELF, $theme, $error; if ($_GET['aksi'] == "") { $admin .= '<div class="panel panel-info"> <div class="panel-heading"><b>Edit Password</b></div>'; if (isset($_POST["submit"])) { $user = text_filter($_POST['user']); $password0 = md5($_POST["password0"]); $password1 = $_POST["password1"]; $password2 = $_POST["password2"]; $hasil = $koneksi_db->sql_query("SELECT password FROM useraura WHERE user='******'"); while ($data = $koneksi_db->sql_fetchrow($hasil)) { $password = $data['password']; } $error = ''; if (!$password0) { $error .= "Error: Please enter your Old Password!<br />"; } if (!$password1) { $error .= "Error: Please enter new password!<br />"; } if (!$password2) {
$files = $_FILES['gambar']['name']; $tmp_files = $_FILES['gambar']['tmp_name']; $namagambar = md5(rand(1, 100) . $files) . '.jpg'; $tempnews = 'mod/photo/images/temp/'; $uploaddir = $tempnews . $namagambar; $uploads = move_uploaded_file($tmp_files, $uploaddir); if (file_exists($uploaddir)) { @chmod($uploaddir, 0644); } $tnews = 'mod/photo/images/thumb/'; $gnews = 'mod/photo/images/normal/'; $small = $tnews . $namagambar; $nsmall = $gnews . $namagambar; create_thumbnail($uploaddir, $nsmall, $new_width = 520, $new_height = 'auto', $quality = 100); $judul = text_filter($_POST['judul']); $kategori = text_filter($_POST['kategori']); $namafile_name = $_FILES['gambar']['name']; $gambar = $_POST['gambarlama']; $desc = $_POST['desc']; unlink($uploaddir); unlink($tnews . $gambar); unlink($gnews . $gambar); $hasil = $koneksi_db->sql_query("UPDATE photo SET judul='{$judul}',ket='{$desc}',kategori='{$kategori}', gambar='{$namagambar}' WHERE id='{$id}'"); if ($hasil) { $admin .= '<div class="alert alert-success fade in"> <button data-dismiss="alert" class="close close-sm" type="button"> <i class="icon-remove"></i> </button> <strong>Wall Done !</strong> <br>Photo berhasil di Edit. </div>'; $style_include[] = '<meta http-equiv="refresh" content="1; url=?pilih=photo&mod=yes" />';
/** * Edit a document based on $_POST and $_GET parameters 'dir' and 'path' * * @param array $_course array * @return void */ function edit_document($_course) { global $_configuration; $dir = isset($_GET['dir']) ? $_GET['dir'] : $_POST['dir']; // please do not modify this dirname formatting if (strstr($dir, '..')) { $dir = '/'; } if ($dir[0] == '.') { $dir = substr($dir, 1); } if ($dir[0] != '/') { $dir = '/' . $dir; } if ($dir[strlen($dir) - 1] != '/') { $dir .= '/'; } $filepath = api_get_path('SYS_COURSE_PATH') . $_course['path'] . '/document' . $dir; if (!is_dir($filepath)) { $filepath = api_get_path('SYS_COURSE_PATH') . $_course['path'] . '/document/'; $dir = '/'; } $table_doc = Database::get_course_table(TABLE_DOCUMENT); if (isset($_POST['path']) && !empty($_POST['path'])) { $sql = "SELECT path\n\t\t\t\t\t\tFROM " . $table_doc . "\n\t\t\t\t\t\tWHERE id = " . Database::escape_string($_POST['path']); $res = Database::query($sql, __FILE__, __LINE__); $row = Database::fetch_array($res); $content = stripslashes($_POST['content_lp']); $file = $filepath . $row['path']; if ($fp = @fopen($file, 'w')) { $content = text_filter($content); $content = str_replace(api_get_path('WEB_COURSE_PATH'), $_configuration['url_append'] . '/courses/', $content); // change the path of mp3 to absolute // first regexp deals with ../../../ urls $content = preg_replace("|(flashvars=\"file=)(\\.+/)+|", "\$1" . api_get_path(REL_COURSE_PATH) . $_course['path'] . '/document/', $content); //second regexp deals with audio/ urls $content = preg_replace("|(flashvars=\"file=)([^/]+)/|", "\$1" . api_get_path(REL_COURSE_PATH) . $_course['path'] . '/document/$2/', $content); fputs($fp, $content); fclose($fp); } } }
} $admin .= ' </select>*/ $admin .= '<br /> <label>Keterangan</label><br /><textarea rows="10" cols="40" name="url">' . $url . '</textarea><br /> <input type="submit" name="submit" value="Buat"> </form> '; $admin .= '</div>'; } if ($_GET['aksi'] == "edittopic") { $id = int_filter($_GET['id']); $admin .= '<div class="border">'; $admin .= '<b>Edit Topik Baru dengan Id = ' . $id . '</b>'; $admin .= '</div>'; if (isset($_POST['submit'])) { $menu = text_filter($_POST['menu']); $url = $_POST['url']; $seftitle = AuraCMSSEO($menu); $parentid = $_POST['parentid']; $parentid = '0'; $total = $koneksi_db->sql_query("SELECT * FROM topik WHERE topik = '" . $_POST['menu'] . "' and id != '" . $id . "'"); $jumlah = $koneksi_db->sql_numrows($total); $error = ''; if ($jumlah) { $error .= "Error: Duplicate Title of Topic {$judul}!<br />"; } if (!$menu) { $error .= "Error: Please enter Title of Topic!<br />"; } if (!$url) { $error .= "Error: Please enter Description of Topic!<br />";
public static function listLinksAndCategories($course_id, $session_id, $categoryId, $show = 'none', $token = null) { $tbl_link = Database::get_course_table(TABLE_LINK); $_user = api_get_user_info(); $categoryId = intval($categoryId); /* Action Links */ echo '<div class="actions">'; if (api_is_allowed_to_edit(null, true)) { echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&action=addlink&category_id=' . $categoryId . '">' . Display::return_icon('new_link.png', get_lang('LinkAdd'), '', ICON_SIZE_MEDIUM) . '</a>'; echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&action=addcategory&category_id=' . $categoryId . '">' . Display::return_icon('new_folder.png', get_lang('CategoryAdd'), '', ICON_SIZE_MEDIUM) . '</a>'; } $categories = Link::getLinkCategories($course_id, $session_id); $count = count($categories); if (!empty($count)) { echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&action=list&show=none">'; echo Display::return_icon('view_remove.png', get_lang('shownone'), '', ICON_SIZE_MEDIUM) . '</a>'; echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&action=list&show=all">'; echo Display::return_icon('view_tree.png', get_lang('showall'), '', ICON_SIZE_MEDIUM) . '</a>'; } echo '</div>'; // Displaying the links which have no category (thus category = 0 or NULL), // if none present this will not be displayed $sql = "SELECT * FROM {$tbl_link}\n WHERE c_id = {$course_id} AND category_id=0 OR category_id IS NULL"; $result = Database::query($sql); $count = Database::num_rows($result); if ($count !== 0) { echo '<table class="data_table">'; echo '<tr><th style="font-weight: bold; text-align:left;padding-left: 10px;">' . get_lang('General') . '</th></tr>'; echo '</table>'; self::showlinksofcategory(0); } $i = 0; $view = '0'; $counter = 0; foreach ($categories as $myrow) { // Student don't see invisible categories. if (!api_is_allowed_to_edit(null, true)) { if ($myrow['visibility'] == 0) { continue; } } // Validation when belongs to a session $showChildren = $categoryId == $myrow['id'] || $show == 'all'; $session_img = api_get_session_image($myrow['session_id'], $_user['status']); $myrow['description'] = text_filter($myrow['description']); $strVisibility = ''; $visibilityClass = null; if ($myrow['visibility'] == '1') { $strVisibility = '<a href="link.php?' . api_get_cidreq() . '&sec_token=' . $token . '&action=invisible&id=' . $myrow['id'] . '&scope=' . TOOL_LINK_CATEGORY . '" title="' . get_lang('Hide') . '">' . Display::return_icon('visible.png', get_lang('Hide'), array(), ICON_SIZE_SMALL) . '</a>'; } elseif ($myrow['visibility'] == '0') { $visibilityClass = 'invisible'; $strVisibility = ' <a href="link.php?' . api_get_cidreq() . '&sec_token=' . $token . '&action=visible&id=' . $myrow['id'] . '&scope=' . TOOL_LINK_CATEGORY . '" title="' . get_lang('Show') . '">' . Display::return_icon('invisible.png', get_lang('Show'), array(), ICON_SIZE_SMALL) . '</a>'; } echo '<tr>'; echo '<table class="data_table">'; echo '<tr>'; echo '<th width="81%" style="font-weight: bold; text-align:left;padding-left: 5px;">'; if ($showChildren) { echo '<a class="' . $visibilityClass . '" href="' . api_get_self() . '?' . api_get_cidreq() . '&category_id=">'; echo Display::return_icon('view_remove.png'); } else { echo '<a class="' . $visibilityClass . '" href="' . api_get_self() . '?' . api_get_cidreq() . '&category_id=' . $myrow['id'] . '">'; echo Display::return_icon('view_tree.png'); } echo ' ' . Security::remove_XSS($myrow['category_title']) . '</a> <br /> ' . $myrow['description']; echo '</th>'; if (api_is_allowed_to_edit(null, true)) { if ($session_id == $myrow['session_id']) { echo '<th>'; echo $strVisibility; Link::showCategoryAdminTools($myrow, $counter, count($categories)); echo '</th>'; } else { echo '<th>' . get_lang('EditionNotAvailableFromSession'); } } echo '</tr>'; echo '</table>'; if ($showChildren) { echo Link::showlinksofcategory($myrow['id']); } echo '</tr>'; echo '</th>'; echo '</tr>'; echo '</table>'; echo '</tr>'; $counter++; /* if ($myrow['visibility'] == '1') { if (isset($urlview[$i]) && $urlview[$i] == '1') { $newurlview = $urlview; $newurlview[$i] = '0'; echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&urlview='.Security::remove_XSS($newurlview).'">'; echo '<img src="../img/icons/22/view_remove.png" /> '.Security::remove_XSS($myrow['category_title']).'</a> <br /> '.$myrow['description']; echo '</th>'; if (api_is_allowed_to_edit(null, true)) { if ($session_id == $myrow['session_id']) { echo '<th>'; echo $strVisibility; Link::showcategoryadmintools($myrow['id']); echo '</th>'; } else { echo '<th>'.get_lang('EditionNotAvailableFromSession'); } } echo '</tr>'; echo '</table>'; echo Link::showlinksofcategory($myrow['id']); echo '</tr>'; } else { echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&urlview='; echo is_array($view) ? implode('', $view) : $view; echo '"><img src="../img/icons/22/view_tree.png" /> '. Security::remove_XSS($myrow['category_title']).$session_img; echo'</a><br /> '; echo $myrow['description']; if (api_is_allowed_to_edit(null, true)) { if ($session_id == $myrow['session_id']) { echo '<th style="text-align:center;">'; echo $strVisibility; Link::showcategoryadmintools($myrow['id']); echo '</th>'; } } echo '</th>'; echo '</tr>'; echo '</table>'; echo '</tr>'; } } else { // NO VISIBLE if (api_is_allowed_to_edit(null, true)) { if (isset($urlview[$i]) && $urlview[$i] == '1') { $newurlview = $urlview; $newurlview[$i] = '0'; echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&urlview='.Security::remove_XSS($newurlview).'">'; echo '<img src="../img/icons/22/view_remove_na.png" /> '.Security::remove_XSS($myrow['category_title']).'</a><br /> '.$myrow['description']; echo '</th>'; if (api_is_allowed_to_edit(null, true)) { if ($session_id == $myrow['session_id']) { echo '<th>'; echo $strVisibility; Link::showcategoryadmintools($myrow['id']); echo '</th>'; } else { echo '<th>'.get_lang('EditionNotAvailableFromSession'); } } echo '</tr>'; echo '</table>'; echo Link::showlinksofcategory($myrow['id']); echo '</tr>'; } else { echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&urlview='; echo is_array($view) ? implode('', $view) : $view; echo '"><img src="../img/icons/22/view_tree_na.png" /> '.Security::remove_XSS($myrow['category_title']).$session_img; echo'</a><br /> '; echo $myrow['description']; if (api_is_allowed_to_edit(null, true)) { if ($session_id == $myrow['session_id']) { echo '<th style="text-align:center;">'; echo $strVisibility; Link::showcategoryadmintools($myrow['id']); echo '</th>'; } } echo '</th>'; echo '</tr>'; echo '</table>'; echo '</tr>'; } }*/ //} // Displaying the link of the category } echo '</table>'; }
$admin .= "\n</select><br />\n<label>Isi keterangan</label><br /><textarea name='message' cols='40' rows='20' id='textarea1'>{$konten}</textarea><br />\n<label>Dokumen</label><br /><input type='file' name='dokumen' size='53'><br />\n<input type='submit' value='Kirim' name='submit'>\n</form></div>"; } if ($_GET['aksi'] == "editnews") { $id = int_filter($_GET['id']); $topik = int_filter($_GET['topik']); $admin .= '<div class="border">'; $admin .= '<b>Edit Download Dengan Id =' . $id . '</b>'; $admin .= '</div>'; if (isset($_POST['submit'])) { define("GIS_GIF", 1); define("GIS_JPG", 2); define("GIS_PNG", 3); define("GIS_SWF", 4); include "includes/hft_image.php"; $judul = text_filter($_POST['judul']); $konten = text_filter($_POST['message']); $dokumen_name = $_FILES['dokumen']['name']; $error = ''; if (!$judul) { $error .= "Error: Please enter Title of Download!<br />"; } //if (!$konten) $error .= "Error: Please enter Content of Download!<br />"; if ($error) { $admin .= '<div class="error">' . $error . '</div>'; } else { if (!empty($dokumen_name)) { $dokumen = $_FILES['dokumen']['name']; $type_dokumen = $_FILES['dokumen']['type']; $tmp_dokumen = $_FILES['dokumen']['tmp_name']; $tempdokumen = 'mod/download/dokumen/'; $namadokumen = $dokumen;
function kirim_mail($email, $smail, $subject, $message, $id = "", $pr = "") { $email = text_filter($email); $smail = text_filter($smail); $subject = text_filter($subject); $id = intval($id); $pr = !$pr ? "3" : "" . intval($pr) . ""; $mheader = "MIME-Version: 1.0\n" . "Content-Type: text/html; charset=utf-8\n" . "Reply-To: \"{$smail}\" <{$smail}>\n" . "From: \"{$smail}\" <{$smail}>\n" . "Return-Path: <{$smail}>\n" . "X-Priority: {$pr}\n" . "X-Mailer: Teamworks v2.3 Mailer\n"; @mail($email, $subject, $message, $mheader); }
/** * returns the question description * * @author Olivier Brouckaert * @return string - question description */ function selectDescription() { $this->description = text_filter($this->description); return $this->description; }
<td style="padding-right:5px;padding-bottom:5px;"></td> <td style="padding-left:5px;padding-bottom:5px;"></td> <td style="padding-left:5px;padding-bottom:5px;"><input type="submit" name="submit" value="Submit" class="button"></td> </tr> </table> </form> </div>'; } ########################## # EDIT ONGKIR ########################## if ($_GET['aksi'] == 'edit_ongkir') { $idk = int_filter($_GET['idk']); if (isset($_POST['submit'])) { $kota = text_filter($_POST['kota']); $ongkir = text_filter($_POST['ongkir']); $error = ''; if (!$kota) { $error .= "Error: Silahkan isi kota tujuan!<br />"; } if (!$ongkir) { $error .= "Error: Silahkan isi harga pengiriman!<br />"; } if ($error) { $tengah .= '<div class="error">' . $error . '</div>'; } else { $hasil = $koneksi_db->sql_query("UPDATE ongkir SET kota='{$kota}',ongkir='{$ongkir}' WHERE idk='{$idk}'"); if ($hasil) { $tengah .= '<div class="sukses">Ongkos Kirim berhasil di update</div>'; $style_include[] = '<meta http-equiv="refresh" content="1; url=?pilih=ongkir&mod=yes" />'; } else {
/** * Edit a document based on $_POST and $_GET parameters 'dir' and 'path' * @param array $_course array * @return void */ public function edit_document($_course) { $course_id = api_get_course_int_id(); global $_configuration; $dir = isset($_GET['dir']) ? $_GET['dir'] : $_POST['dir']; // Please, do not modify this dirname formatting. if (strstr($dir, '..')) { $dir = '/'; } if ($dir[0] == '.') { $dir = substr($dir, 1); } if ($dir[0] != '/') { $dir = '/' . $dir; } if ($dir[strlen($dir) - 1] != '/') { $dir .= '/'; } $filepath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document' . $dir; if (!is_dir($filepath)) { $filepath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document/'; $dir = '/'; } $table_doc = Database::get_course_table(TABLE_DOCUMENT); if (isset($_POST['path']) && !empty($_POST['path'])) { $document_id = intval($_POST['path']); $sql = "SELECT path FROM " . $table_doc . " WHERE c_id = {$course_id} AND id = " . $document_id; $res = Database::query($sql); $row = Database::fetch_array($res); $content = stripslashes($_POST['content_lp']); $file = $filepath . $row['path']; if ($fp = @fopen($file, 'w')) { $content = text_filter($content); $content = str_replace(api_get_path(WEB_COURSE_PATH), $_configuration['url_append'] . '/courses/', $content); // Change the path of mp3 to absolute. // The first regexp deals with ../../../ urls. $content = preg_replace("|(flashvars=\"file=)(\\.+/)+|", "\$1" . api_get_path(REL_COURSE_PATH) . $_course['path'] . '/document/', $content); // The second regexp deals with audio/ urls. $content = preg_replace("|(flashvars=\"file=)([^/]+)/|", "\$1" . api_get_path(REL_COURSE_PATH) . $_course['path'] . '/document/$2/', $content); fputs($fp, $content); fclose($fp); $sql_update = "UPDATE " . $table_doc . " SET title='" . Database::escape_string($_POST['title']) . "' WHERE c_id = " . $course_id . " AND id = " . $document_id; Database::query($sql_update); } } }
########################## # EDIT PRODUK ########################## if ($_GET['aksi'] == 'edit_produk') { $id = int_filter($_GET['id']); if (isset($_POST['submit'])) { define("GIS_GIF", 1); define("GIS_JPG", 2); define("GIS_PNG", 3); define("GIS_SWF", 4); include "includes/hft_image.php"; $judul = text_filter($_POST['judul']); $kategori = text_filter($_POST['kategori']); $desc = $_POST['desc']; $gambar = $_FILES['gambar']['name']; $gambar_lama = text_filter($_POST['gambar_lama']); $gambartambahan = $_FILES['gambartambahan']['name']; $tgl = $_POST['tgl']; $client = $_POST['client']; $kota = $_POST['kota']; $jenis = $_POST['jenis']; $error = ''; if (!$judul) { $error .= "Error: Silahkan Isi Nama Produknya!<br />"; } if (!$desc) { $error .= "Error: Silahkan Isi Keterangannya!<br />"; } if ($error) { $tengah .= '<div class="error">' . $error . '</div>'; } else {
</tr> </table> </form> </div>'; } ########################## # EDIT BANK ########################## if ($_GET['aksi'] == 'edit_bank') { $id = int_filter($_GET['id']); if (isset($_POST['submit'])) { $bank = text_filter($_POST['bank']); $nama = text_filter($_POST['nama']); $rekening = $_POST['rekening']; $logo = $_FILES['logo']['name']; $logo_lama = text_filter($_POST['gambar_logo']); $error = ''; if (!$bank) { $error .= "Error: Silahkan Isi Nama Bank Anda!<br />"; } if (!$nama) { $error .= "Error: Silahkan Isi Nama Akun Bank Anda!<br />"; } if (!$rekening) { $error .= "Error: Silahkan Isi Nomor Rekening Bank Anda!<br />"; } if ($error) { $tengah .= '<div class="error">' . $error . '</div>'; } $hasil = $koneksi_db->sql_query("UPDATE bank SET bank='{$bank}',nama='{$nama}',rekening='{$rekening}' WHERE id='{$id}'"); if ($hasil) {
/** * This function exports the given item * @param integer Id from learnpath_items table * @param integer Item id * @param string Itm type * @param boolean Shall the SCORM communications features be added? (true). Default: false. * @return void (outputs a zip file) * @todo Try using the SCORM communications addition (adding a button and several javascript calls to the SCORM API) elsewhere than just in the export feature, so it doesn't look like an incoherent feature */ function exportitem($id, $item_id, $item_type, $add_scorm_communications = false) { $course_id = api_get_course_int_id(); global $circle1_files, $expdir, $_course, $_SESSION, $GLOBALS; global $timeNoSecFormat, $dateFormatLong, $language_interface, $langPubl, $langDone, $langThisCourseDescriptionIsEmpty, $lg_course_description, $lg_introduction_text, $_cid, $langHotPotatoesFinished, $lg_author, $lg_date, $lg_groups, $lg_users, $lg_ass, $lg_dropbox, $test, $langQuestion; $libp = api_get_path(SYS_CODE_PAH); include_once $libp.'exercice/exercise.class.php'; include_once $libp.'question.class.php'; include_once $libp.'answer.class.php'; include_once $libp.'exercise.lib.php'; $langLasting = '';//avoid code parser warning include_once $libp.'lang/english/announcements.inc.php'; //this line is here only for $langPubl in announcements include_once $libp.'lang/'.$language_interface.'/announcements.inc.php'; //this line is here only for $langPubl in announcements include_once $libp.'lang/english/agenda.inc.php'; //this line is here only for $langLasting include_once $libp.'lang/'.$language_interface.'/agenda.inc.php'; //this line is here only for $langLasting include_once $libp.'lang/english/course_description.inc.php'; //this line is here only for $langThisCourseDescriptionIsEmpty include_once $libp.'lang/'.$language_interface.'/course_description.inc.php'; // -||- include_once $libp.'lang/english/resourcelinker.inc.php'; include_once $libp.'lang/'.$language_interface.'/resourcelinker.inc.php'; include_once $libp.'lang/english/learnpath.inc.php'; include_once $libp.'lang/'.$language_interface.'/learnpath.inc.php'; include_once $libp.'lang/english/exercice.inc.php'; include_once $libp.'lang/'.$language_interface.'/exercice.inc.php'; include_once '../resourcelinker/resourcelinker.inc.php'; $LPname = display_addedresource_link_in_learnpath($item_type, $item_id, '', $id, 'builder', 'nolink'); $expcontent = "<!-- This is an exported file from Chamilo Learning Path belonging to a Scorm compliant content package. Do not modify or replace individually. Export module author : Denes Nagy <*****@*****.**> --> "; // Files needed for communicating with the scos. $scocomfiles = "<script type='text/javascript' src='../js/APIWrapper.js'></script>"."<script type='text/javascript' src='../js/SCOFunctions.js'></script>"; $expcontent .= '<html><head><link rel="stylesheet" href="../css/default.css" type="text/css" media="screen,projection" />'.$scocomfiles.'</head><body>'; $donebutton .= "<script type='text/javascript'> /* <![CDATA[ */ loadPage(); var studentName = '!'; var lmsStudentName = doLMSGetValue( 'cmi.core.student_name' ); if ( lmsStudentName != '' ) { studentName = ' ' + lmsStudentName + '!'; } /* ]]> */ </script> <br /><br /> <form><input type=\"hidden\" name=\"SQMSESSID\" value=\"36812c2dea7d8d6e708d5e6a2f09b0b9\" /> <table cols='3' width='100%' align='center'> <tr> <td align='middle'><input type = 'button' value = ' ".$langDone." ' onclick = \"javascript: doQuit('completed');\" id='button2' name='button2'></td> </tr> </table> </form>"; /** * Switch between the different element types, namely: * - Agenda * - Ad_Valvas * - Course_description * - Document * - Introduction_text * - HotPotatoes * - Exercise * - Post * - Forum ] * - Thread ] * - Dropbox ] * - Assignments ] These elements are all replaced by a simple message in the exported document. * - Groups ] * - Users ] * - Link _self * - Link _blank */ switch ($item_type) { // AGENDA BEGIN case 'Agenda': // 1. Get agenda event data from the database table. $TABLEAGENDA = Database :: get_course_table(TABLE_AGENDA); $sql = "SELECT * FROM ".$TABLEAGENDA." where c_id = $course_id AND (id=$item_id)"; $result = Database::query($sql); // 2. Prepare table output. $expcontent .= "<table class=\"data_table\" >"; $barreMois = ''; // 3. For each event corresponding to this agenda, do the following: while ($myrow = Database::fetch_array($result)) { $start_date_local = api_get_local_time($myrow['start_date'], null, date_default_timezone_get()); //3.1 Make the blue month bar appear only once. if ($barreMois != api_format_date($start_date_local, "%m")) { // 3.1.1 Update the check value for the month bar. $barreMois = api_format_date($start_date_local, "%m"); // 3.1.2 Display the month bar. $expcontent .= "<tr><td id=\"title\" colspan=\"2\" class=\"month\" valign=\"top\">".api_format_date($start_date_local, "%B %Y")."</td></tr>"; } // 3.2 Display the agenda items (of this month): the date, hour and title. $db_date = (int) api_format_date($start_date_local, "%d"); if ($_GET['day'] != $db_date) { // 3.2.1.a If the day given in the URL (might not be set) is different from this element's day, use style 'data'. $expcontent .= "<tr><td class=\"data\" colspan='2'>"; } else { // 3.2.1.b Else (same day) use style 'datanow'. $expcontent .= "<tr><td class=\"datanow\" colspan='2'>"; } // 3.2.2 Mark an anchor for this date. $expcontent .= "<a name=\"".$db_date."\"></a>"; // anchoring // 3.2.3 Write the date and time of this event to the export string. $expcontent .= api_format_date($start_date_local); // 3.2.4 If a duration is set, write it, otherwise ignore. if ($myrow['duration'] == '') { $expcontent .= "<br />"; } else { $expcontent .= " / ".$langLasting." ".$myrow['duration']."<br />"; //langLasting comes from lang/x/agenda.inc.php } // 3.2.5 Write the title. $expcontent .= $myrow['title']; $expcontent .= "</td></tr>"; // 3.2.6 Prepare the content of the agenda item. $content = $myrow['content']; // 3.2.7 Make clickable??? $content = make_clickable($content); $content = text_filter($content); // 3.2.8 Write the prepared content to the export string. $expcontent .= "<tr><td class=\"text\" colspan='2'>"; $expcontent .= $content; $expcontent .= "</td></tr>"; // Displaying the agenda item of this month: the added resources. // This part is not included into LP export. /*if (check_added_resources("Agenda", $myrow['id'])) { $content.= "<tr><td colspan='2'>"; $content.= "<i>".get_lang('AddedResources')."</i><br />"; display_added_resources("Agenda", $myrow['id']); $content.= "</td></tr>"; }*/ } // 4. Finish the export string. $expcontent .= "<tr></table>"; break; // ANNOUNCEMENT BEGIN case 'Ad_Valvas': // 1. Get the announcement data from the database $tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT); $sql = "SELECT * FROM $tbl_announcement WHERE c_id = $course_id AND id='$item_id'"; $result = Database::query($sql); // 2. Initialise export string $expcontent .= "<table class=\"data_table\">"; // 3. For each announcement matching the query while ($myrow = Database::fetch_array($result)) { // 3.1 Get the __ field data. $content = $myrow[1]; //$content = nl2br($content); // 3.2 Prepare the data for export. $content = make_clickable($content); $content = text_filter($content); // 3.3 Get a UNIX(?<-mktime) Timestamp of the end_date for this announcement. $last_post_datetime = $myrow['end_date']; // post time format datetime of database layer (MySQL is assumed) list ($last_post_date, $last_post_time) = split(' ', $last_post_datetime); list ($year, $month, $day) = explode('-', $last_post_date); list ($hour, $min) = explode(':', $last_post_time); $announceDate = mktime($hour, $min, 0, $month, $day, $year); // 3.4 Compare the end date to the last login date of the user (mark it in red if he has not already read it). if ($announceDate > $_SESSION['user_last_login_datetime']) { $colorBecauseNew = " color=\"red\" "; } else { $colorBecauseNew = ' '; } // 3.5 Write this content to the export string (formatted HTML array). $expcontent .= "<tr>\n"."<td class=\"cell_header\">\n"."<font ".$colorBecauseNew.">".$langPubl." : ".api_convert_and_format_date($last_post_datetime, null, date_default_timezone_get())."</font>\n"."</td>\n"."</tr>\n"."<tr>\n"."<td>\n".$content."</td>\n"."</tr>\n"; } // while loop // 4 Finish the export string. $expcontent .= "</table>"; break; // Course_description BEGIN case 'Course_description': // 1. Get course description data from database. $tbl_course_description = Database :: get_course_table(TABLE_COURSE_DESCRIPTION); $result = Database::query("SELECT id, title, content FROM ".$tbl_course_description." WHERE c_id = $course_id ORDER BY id"); // 2. Check this element. if (Database::num_rows($result)) { // 2.a This course has one (or more) description in the database. $expcontent .= "<hr noshade=\"noshade\" size=\"1\" />"; // 2.a.1 For each description available for this course. while ($row = Database::fetch_array($result)) { // 2.a.1.1 Write title to export string. $expcontent .= "<h4>".$row['title']."</h4>"; // 2.a.1.2 Prepare content. $content = make_clickable(nl2br($row['content'])); $content = text_filter($content); // 2.a.1.3 Write content to the export string. $expcontent .= $content; } } else { // 2.b This course has no description available. $expcontent .= "<br /><h4>$langThisCourseDescriptionIsEmpty</h4>"; } break; // DOCUMENT BEGIN case 'Document': // 1. Get the document data from the database. $tbl_document = Database::get_course_table(TABLE_DOCUMENT); $sql_query = "SELECT * FROM $tbl_document WHERE c_id = $course_id AND id=$item_id"; $sql_result = Database::query($sql_query); $myrow = Database::fetch_array($sql_result); // 2. Get the origin path of the document to treat it internally. $orig = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.$myrow['path']; // 3. Make some kind of strange transformation to get the destination filepath ??? $pathname = explode('/', $myrow['path']); $last = count($pathname) - 1; $filename = 'data/'.$filename.$pathname[$last]; $copyneeded = true; // Html files do not need to be copied as the ok button is inserted into them, // so don't copy directly. $extension = explode('.', $pathname[$last]); // This old condition was WRONG for names like design.html.old. Instead, we now get the extension // by using preg_match to match case-insensitive (probably faster than 4 conditions). //if (($extension[1]=='htm') or ($extension[1]=='html') or ($extension[1]=='HTM') or ($extension[1]=='HTML')) { // 4. Check the file extension. if (preg_match('/.*(\.htm(l)?)$/i', $pathname[$last])) { // 4.a If this file ends with ".htm(l)", we consider it's an HTML file. // src tag check begin // We now check if there is any src attribute in htm(l) files, if yes, we have to also export // the target file (swf, mp3, video,...) of that src tag. // In case of absolute links (http://) this is not neccessary, but makes no error. // However still missing : relative links case with subdirs -> the necessary dirs are not created in the exported package. // 4.a.1 Get the file contents into $file. $file = file_get_contents($orig); // 4.a.2 Get all the src links in this file. //preg_match_all("|((?i)src=\".*\" )|U",$file,$match); $match = GetSRCTags($orig); // 4.a.3 For each src tag found, do the following: for ($i = 0; $i < count($match); $i ++) { // 4.a.3.1 Get the tag (split from the key). list ($key, $srctag) = each($match); $src = $srctag; // 4.a.3.2 Check the link kind (web or absolute/relative). if (stristr($src, 'http') === false) { // 4.a.3.2.a Do something only if relative (otherwise the user will be able to see it too anyway). // 4.a.3.2.a.1 Get a proper URL and remove all './' $src = urldecode($src); //mp3 //$src=str_replace('./','',$src); $src = preg_replace('/^\.\//', '', $src); // 4.a.3.2.a.2 Remove the player link from the URL (only use the mp3 file). $src = str_replace('mp3player.swf?son=', '', $src); //mp3 // 4.a.3.2.a.3 Remove funny link parts. $src = str_replace('?0', '', $src); //mp3 // The previous lines are used when creating docs with Chamilo Document tool's htmlarea // Rows marked by 'mp3' are needed because the mp3 plugin inserts the swf-mp3 links in a very strange way // and we can decode them with those 3 lines, hoping this will not cause errors in case of other htmls, // created by any other software. // 4.a.3.2.a.4 Prepare source and destination paths. $source = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.dirname($myrow['path']).'/'.$src; $dest = $expdir.'/data/'.$src; //CopyNCreate($source,$dest); rcopy($source, $dest); } //else...? } // src tag check end // sco communication insertion begin // 4.a.4 If we want to add SCORM actions and a "Done" button, do the following: if ($add_scorm_communications === true) { if ($bodyclose = strpos($file, '</body>')) { $file = substr_replace($file, $scocomfiles.$donebutton, $bodyclose, 7); } elseif ($htmlclose = strpos($file, '</html>')) { $file = substr_replace($file, $scocomfiles.$donebutton, $htmlclose, 7); $file .= '</html>'; } else { $file .= $scocomfiles.$donebutton; } } //sco communication insertion end // 4.a.5 Replace the file's name by adding the element's ID before htm. // This will not work with uppercase HTML though. Maybe use the preg_replace syntax proposed... $filename = str_replace('.htm', $id.'.htm', $filename); //$filename=preg_replace('/.*(\.htm(l)?)$/i',$id.$1,$filename); // 4.a.6 Export these contents to a file and set the circle1_files array for later reuse. exporttofile($filename, $LPname, $id, $file); // The file has been copied, so ask not to copy it again. $copyneeded = false; } //if (htm(l) files) end // 5. If we still need to copy the file (e.g. it was not an HTML file), then copy and set circle1_files for later reuse. if ($copyneeded) { copy($orig, $expdir.'/'.$filename); $circle1_files[0][] = $filename; $circle1_files[1][] = $LPname; $circle1_files[2][] = $id; } //echo $orig; return; // Introduction_text BEGIN case 'Introduction_text': // 1 Get the introduction text data from the database. $TBL_INTRO = Database :: get_course_tool_intro_table(); // Modified by Ivan Tcholakov, 15-SEP-2008. //$result = Database::query("SELECT * FROM ".$TBL_INTRO." WHERE id=1"); $result = Database::query("SELECT * FROM ".$TBL_INTRO." WHERE c_id = $course_id AND id='course_homepage'"); // $myrow = Database::fetch_array($result); $intro = $myrow['intro_text']; // 2 Write introduction text to the export string. $expcontent .= '<br />'.$intro; break; // HotPotatoes BEGIN case 'HotPotatoes': // 1. Get HotPotatoes data from the document table. $tbl_document = Database::get_course_table(TABLE_DOCUMENT); $result = Database::query("SELECT * FROM $tbl_document WHERE c_id = $course_id AND id=$item_id"); $myrow = Database::fetch_array($result); // 2. Get the document path. $testfile = api_get_path(SYS_COURSE_PATH).$_course['path']."/document".urldecode($myrow['path']); // 3. Get the document contents into a string. $content = file_get_contents($testfile); // 4. Get the document filename (just the file, no path) - would probably be better to use PHP native function. $pathname = explode('/', $myrow['path']); $last = count($pathname) - 1; $filename = 'data/'.$filename.$pathname[$last]; // 4beta - get all linked files and copy them (procedure copied from documents type). // Get all the src links in this file. $match = GetSRCTags($testfile); // For each src tag found, do the following: foreach ($match as $src) { //Check the link kind (web or absolute/relative) if (stristr($src, 'http') === false) { // Do something only if relative (otherwise the user will be able to see it too anyway). // Get a proper URL and remove all './' $src = urldecode($src); //mp3 $src = str_replace('./', '', $src); // Remove the player link from the URL (only use the mp3 file). $src = str_replace('mp3player.swf?son=', '', $src); //mp3 // Remove funny link parts. $src = str_replace('?0', '', $src); //mp3 // The previous lines are used when creating docs with Chamilo Document tool's htmlarea. // Rows marked by 'mp3' are needed because the mp3 plugin inserts the swf-mp3 links in a very strange way // and we can decode them with those 3 lines, hoping this will not cause errors in case of other htmls, // created by any other software. // Prepare source and destination paths. $source = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.dirname($myrow['path']).'/'.$src; $dest = $expdir.'/data/'.$src; //CopyNCreate($source,$dest); rcopy($source, $dest); } //else...? } // 5. Prepare the special "close window" for this test. $closewindow = "<html><head><link rel='stylesheet' type='text/css' href='../css/default.css'></head><body>"."<br /><div class='message'>$langHotPotatoesFinished</div></body></html>"; // Finish is the function of HP to save scores, we insert our scorm function calls to its beginning // 'Score' is the variable that tracks the score in HP tests. // 6. $mit = "function Finish(){"; $js_content = "var SaveScoreVariable = 0; // This variable is included by Chamilo LP export\n"."function mySaveScore() // This function is included by Chamilo LP export\n"."{\n"." if (SaveScoreVariable==0)\n"." {\n"." SaveScoreVariable = 1;\n". //the following function are implemented in SCOFunctions.js " exitPageStatus = true;\n"." computeTime();\n"." doLMSSetValue( 'cmi.core.score.raw', Score );\n"." doLMSSetValue( 'cmi.core.lesson_status', 'completed' );\n"." doLMSCommit();\n"." doLMSFinish();\n". // " document.write('".$closewindow."');\n". //if you insert the previous row, the test does not appear correctly !!!! " }\n"."}\n"."function Finish(){\n"." mySaveScore();"; $start = "<script type='text/javascript'> loadPage(); </script>"; // 7. Replace the current MIT function call by our set of functions. In clear, transform HP to SCORM. $content = str_replace($mit, $js_content, $content); // 8. Finally, add the API loading calls (although that might have been done first). $content = str_replace("</script>", "</script>".$scocomfiles.$start, $content); // 9. Change the filename to add the database ID and export to a new file, // setting the circle1_files array for later reuse. $filename = str_replace('.htm', $id.'.htm', $filename); exporttofile($filename, $LPname, $id, $content); return; // Chamilo test BEGIN case 'Exercise': //1 Use the export_exercise() function to do the job of constructing the question's HTML table $expcontent .= export_exercise($item_id); break; // POST BEGIN case 'Post': // 1. Get the forum post data from the database. $tbl_posts =Database::get_course_table(TABLE_FORUM_POST); $tbl_posts_text =Database::get_course_table(TOOL_FORUM_POST_TEXT_TABLE); $result = Database::query("SELECT * FROM $tbl_posts where c_id = $course_id AND post_id=$item_id"); $myrow = Database::fetch_array($result); // Grabbing the title of the post. $sql_titel = "SELECT * FROM $tbl_posts_text WHERE c_id = $course_id AND post_id=".$myrow['post_id']; $result_titel = Database::query($sql_titel); $myrow_titel = Database::fetch_array($result_titel); $posternom = $myrow['nom']; $posterprenom = $myrow['prenom']; $posttime = $myrow['post_time']; $posttext = $myrow_titel['post_text']; $posttitle = $myrow_titel['post_title']; $posttext = str_replace('"', "'", $posttext); //2 Export contents as an HTML table $expcontent .= "<table border='0' cellpadding='3' cellspacing='1' width='100%'> <tr> <td colspan='2' bgcolor='#e6e6e6'><b>$posttitle</b><br />$posttext</td> </tr> <tr> <td colspan='2'></td> </tr> <tr> <td bgcolor='#cccccc' align='left'>$lg_author : $posterprenom $posternom</td> <td align='right' bgcolor='#cccccc'>$lg_date : $posttime</td> </tr> <tr><td colspan='2' height='10'></td></tr> </table>"; break; // NOT IMPLEMENTED ITEMS BEGIN case 'Forum': case 'Thread': case 'Dropbox': case 'Assignments': case 'Groups': case 'Users': // 1. Instead of building something, put an info message. $langItemMissing1 = "There was a "; $langItemMissing2 = "page (step) here in the original Chamilo Learning Path."; $expcontent .= "<div class='message'>$langItemMissing1 $item_type $langItemMissing2</div>"; break; // Link BEGIN case 'Link _self': case 'Link _blank': // 1. Get the link data from the database. $TABLETOOLLINK = Database :: get_course_link_table(); $result = Database::query("SELECT * FROM $TABLETOOLLINK WHERE c_id = $course_id AND id=$item_id"); $myrow = Database::fetch_array($result); $thelink = $myrow['url']; // 2. Check the link type (open in blank page or in current page). if ($item_type == 'Link _blank') { $target = '_blank'; } // 3. Write the link to the export string. $expcontent .= "<a href='$thelink?SQMSESSID=36812c2dea7d8d6e708d5e6a2f09b0b9' target='".$target."'>$LPname</a>"; // 4. Change the element type for later changes (this is lost, however, so useless here). $item_type = 'Link'; // To put this to the filename. //$LPname="<a href='$thelink?SQMSESSID=36812c2dea7d8d6e708d5e6a2f09b0b9' target=".$target.">$LPname</a>"; // I am still not sure about Link export : to export them as files or they can appear in the TOC at once ? // To enable the second possibility, unrem the row $LPname=... break; } // Now we add the Done button and the initialize function : loadpage() // not in the case of Documents, HotP if ($item_type != 'Exercise' and ($add_scorm_communications === true)) { $expcontent .= $donebutton; } // End the export string with valid HTML tags. $expcontent .= "</body></html>"; // Prepare new file name. $filename = $item_type.$id.".htm"; // Write the export content to the new file. exporttofile('data/'.$filename, $LPname, $id, $expcontent); }
foreach ($resultcategories as $myrow) { // Validation when belongs to a session $session_img = api_get_session_image($myrow['session_id'], $_user['status']); //if (!isset($urlview)) { if ($urlview == '') { // No $view set in the url, thus for each category link it should be all zeros except it's own makedefaultviewcode($i); } else { $view = $urlview; $view[$i] = '1'; } // If the $urlview has a 1 for this categorie, this means it is expanded and should be desplayed as a // - instead of a +, the category is no longer clickable and all the links of this category are displayed $myrow['description'] = text_filter($myrow['description']); $strVisibility = ''; if ($myrow['visibility'] == '1') { $strVisibility = '<a href="link.php?' . api_get_cidreq() . '&sec_token='.$token.'&action=invisible&id=' . $myrow['id'] . '&scope=' . TOOL_LINK_CATEGORY . '" title="' . get_lang('Hide') . '">' . Display :: return_icon('visible.png', get_lang('Hide'), array (), ICON_SIZE_SMALL) . '</a>'; } elseif ($myrow['visibility'] == '0') { $strVisibility = ' <a href="link.php?' . api_get_cidreq() . '&sec_token='.$token.'&action=visible&id=' . $myrow['id'] . '&scope=' . TOOL_LINK_CATEGORY . '" title="' . get_lang('Show') . '">' . Display :: return_icon('invisible.png', get_lang('Show'), array (), ICON_SIZE_SMALL) . '</a>'; } if ($myrow['visibility'] == '1') { if (isset($urlview[$i]) && $urlview[$i] == '1') { $newurlview = $urlview; $newurlview[$i] = '0'; echo '<tr>';
/** * Teamworks v2.3 * http://www.teamworks.co.id * December 03, 2007 07:29:56 AM * Author: Teamworks Creative - reky@teamworks.co.id - +6285732037068 - pin 25b7edd4 */ if (!defined('AURACMS_CONTENT')) { Header("Location: ../index.php"); exit; } global $koneksi_db, $email_master, $judul_situs, $alamatkantor; $index_hal = 1; if (isset($_POST['submit'])) { $nama = text_filter($_POST['nama']); $email = text_filter($_POST['email']); $pesan = nl2br(text_filter($_POST['pesan'], 2)); $error = ''; if (!is_valid_email($email)) { $error .= "Error: E-Mail address invalid!<br />"; } $gfx_check = $_POST['gfx_check']; if (!$nama) { $error .= "Error: Please enter your name!<br />"; } if (!$pesan) { $error .= "Error: Please enter a message!<br />"; } // $code = substr(hexdec(md5("".date("F j")."".$_POST['random_num']."".$sitekey."")), 2, 6); if ($gfx_check != $_SESSION['Var_session'] or !isset($_SESSION['Var_session'])) { $error .= "Security Code Invalid <br />"; }
if ($hasil) { $admin .= '<div class="sukses">Mata Pelajaran berhasil dihapus! .</div>'; $style_include[] = '<meta http-equiv="refresh" content="1; url=admin.php?pilih=mapel&mod=yes" />'; } } if ($_GET['aksi'] == 'edit') { $id = int_filter($_GET['id']); if (isset($_POST['submit'])) { define("GIS_GIF", 1); define("GIS_JPG", 2); define("GIS_PNG", 3); define("GIS_SWF", 4); include "includes/hft_image.php"; $mapel = $_POST['mapel']; $icon = $_FILES['icon']['name']; $icon_lama = text_filter($_POST['icon_lama']); $error = ''; if (!$mapel) { $error .= "Error: Silahkan Isi Nama mapel<br />"; } if (!$tunjangan) { $tunjangan = '0'; } if ($koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT mapel FROM mapel WHERE mapel='{$mapel}' and id<>'{$id}'")) > 0) { $error .= "Error: mapel " . $mapel . " sudah terdaftar , silahkan ulangi.<br />"; } if ($error) { $tengah .= '<div class="error">' . $error . '</div>'; } else { if (!empty($icon)) { $files = $_FILES['icon']['name'];
$admin .= '<div class="error">komentar telah di Un Publish</div>'; header("location:?pilih=news&mod=yes&aksi=listkomentar"); exit; } if ($_GET['aksi'] == "tambahsubgambar") { $id = int_filter($_GET['id']); $admin .= '<div class="border">'; $admin .= '<b>Tambah Sub Gambar Id =' . $id . '</b>'; $admin .= '</div>'; if (isset($_POST['submit'])) { define("GIS_GIF", 1); define("GIS_JPG", 2); define("GIS_PNG", 3); define("GIS_SWF", 4); include "includes/hft_image.php"; $judul = text_filter($_POST['subjudul']); $namafile_name = $_FILES['gambar']['name']; $error = ''; //if (!$subnamafile_name) $error .= "Error: Please enter Sub Gambar , Judul : $judul2<br />"; //if ($jumlah) $error .= "Error: Duplicate Title of News $judul!<br />"; if (!$judul) { $error .= "Error: Please enter Title of Sub!<br />"; } if (!$namafile_name) { $error .= "Error: Please enter File!<br />"; } //if (!$konten) $error .= "Error: Please enter Content of News!<br />"; if ($error) { $admin .= '<div class="error">' . $error . '</div>'; } else { if (!empty($namafile_name)) {
header("location:admin.php?pilih=bukuoperasional&mod=yes&aksi=laporanbukuoperasional"); exit; } else { header("location:admin.php?pilih=bukuoperasional&mod=yes"); exit; } } //////////////////////////////////////////////////////////////////////////////// if ($_GET['aksi'] == "addsekolah") { $admin .= '<div class="border">'; $admin .= '<b>Buat Sekolah Baru ' . $LevelAkses . '</b><br> <b>catatan :</b> Anda dapat melakukan editing atau Hapus data pada halaman ini. '; $admin .= '</div>'; if (isset($_POST['submit'])) { $sekolah = text_filter($_POST['sekolah']); $error = ''; if (!$sekolah) { $error .= "Error: sekolah harus diisi !<br />"; } if ($error) { $admin .= '<div class="error">' . $error . '</div>'; } else { $hasil = $koneksi_db->sql_query("INSERT INTO sekolah (sekolah,user,tgl1) VALUES ('{$sekolah}','{$user}','{$tglskrg}')"); $admin .= '<div class="sukses"><b>sekolah Berhasil di Buat.</b></div>'; unset($sekolah); } } $sekolah = !isset($sekolah) ? '' : $sekolah; $admin .= '<div class="border">'; $admin .= '
<?php
<span class="help-block"></span> </div> </div>'; $admin .= '<div class="form-group"> <label class="col-sm-2 control-label"></label> <div class="col-sm-10"><input type="submit" name="submit" value="Simpan" class="btn btn-success" /></div> </div>'; $admin .= '</form></div></section>'; } if ($_GET['aksi'] == 'edit') { if (isset($_POST['submit'])) { $id = int_filter($_GET['id']); $level = $_POST['level']; $tipe = $_POST['tipe']; $email = text_filter($_POST['email']); $nama = text_filter($_POST['nama']); //if (!is_valid_email($email)) $error .= "Error, E-Mail address invalid!<br />"; if ($koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT email FROM useraura WHERE email='{$email}' and UserId!='{$id}'")) > 0) { $error .= "Error: Email " . $email . " sudah terdaftar , silahkan ulangi.<br />"; } if ($error) { $admin .= '<div class="alert alert-warning fade in"> <button data-dismiss="alert" class="close close-sm" type="button"> <i class="icon-remove"></i> </button> <strong>Error !</strong> <br>' . $error . '. </div>'; } else { $up = mysql_query("UPDATE `useraura` SET `level`='{$level}',`tipe`='{$tipe}',`email`='{$email}',`nama`='{$nama}' WHERE `UserId`='{$id}'"); $admin .= '<div class="alert alert-success fade in"> <button data-dismiss="alert" class="close close-sm" type="button">
$admin ='<h4 class="page-header">Pengaturan</h4>'; ###################################### # Edit Password Admin ###################################### if($_GET['aksi']==""){ $admin .='<ol class="breadcrumb"> <li><a href="?pilih=settingwebsite&mod=yes">Pengaturan</a></li> <li class="active">Password</li> </ol>'; if (isset($_POST["submit"])) { $user = text_filter($_POST['user']); $email = text_filter($_POST['email']); $password0 = md5($_POST["password0"]); $password1 = $_POST["password1"]; $password2 = $_POST["password2"]; $hasil = $koneksi_db->sql_query( "SELECT password,email FROM psbcalon_useraura WHERE user='******'" ); while ($data = $koneksi_db->sql_fetchrow($hasil)) { $password=$data['password']; $email0=$data['email']; } $error = ''; if (!$password0) $error .= "Error: Please enter your Old Password!<br />"; if (!$password1) $error .= "Error: Please enter new password!<br />"; if (!$password2) $error .= "Error: Please retype your your new password!<br />"; checkemail($email); if ($password0 != $password) $error .= "Invalid old pasword, silahkan ulangi lagi.<br />";
<td style="padding-left:5px;padding-bottom:5px;"></td> <td style="padding-left:5px;padding-bottom:5px;"><input type="submit" name="submit" value="Submit"></td> </tr> </table> </form> </div>'; } ########################## # EDIT YM ########################## if ($_GET['aksi'] == 'edit_ym') { global $koneksi_db; $id = int_filter($_GET['id']); if (isset($_POST['submit'])) { $nama = text_filter($_POST['nama']); $akun = text_filter($_POST['akun']); $error = ''; if (!$nama) { $error .= "Error: Nama YM tidak boleh kosong!<br />"; } if (!$akun) { $error .= "Error: Akun YM tidak boleh kosong!<br />"; } if ($error) { $tengah .= '<div class="error">' . $error . '</div>'; } else { $hasil = $koneksi_db->sql_query("UPDATE ym SET nama='{$nama}', akun='{$akun}' WHERE id='{$id}'"); if ($hasil) { $tengah .= '<div class="sukses">Yahoo Messenger Berhasil diedit</div>'; $style_include[] = '<meta http-equiv="refresh" content="1; url=?pilih=ym&mod=yes" />'; } else {
$data = mysql_fetch_array(mysql_query("SELECT judul FROM artikel WHERE id='{$id}' AND publikasi=1")); $judul_artikel = $data['judul']; $tengah .= '<div class="left_message"><p>Anda ing memberitahu teman Anda tentang artikel ini yang berjudul : <b>' . $judul_artikel . '</b></p></div>'; if (isset($_POST['submit'])) { $yemail = text_filter($_POST['yemail']); $femail = text_filter($_POST['femail']); $pesan = text_filter($_POST['pesan']); $error = ''; if (!is_valid_email($yemail)) { $error .= "your email invalid, Please use the standard format (admin@domain.com)<br />"; } if (!is_valid_email($femail)) { $error .= "Friend email invalid, Please use the standard format (admin@domain.com)<br />"; } $yname = text_filter($_POST['yname']); $fname = text_filter($_POST['fname']); if (!$fname) { $error .= "Error: Please enter your Frind's Name!<br />"; } if (!$yname) { $error .= "Error: Please enter your Name!<br />"; } $gfx_check = intval($_POST['gfx_check']); if ($_POST['gfx_check'] != $_SESSION['Var_session'] or !isset($_SESSION['Var_session'])) { $error .= "Error: Security Code Invalid <br />"; } if ($error) { $tengah .= '<div class="error">' . $error . '</div>'; } else { $subject = "Ada artikel bagus di {$url_situs}"; $full_pesan = "Hallo,\n\nBerikut ini ada artikel yang bagus untuk dibaca,\n<br />Artikel dengan judul : {$judul_artikel}, silahkan klik aja <a href='{$url_situs}/?pilih=news&mod=yes&aksi=lihat&id={$id}'>{$url_situs}/?pilih=news&mod=yes&aksi=lihat&id={$id}</a>.\n<br />\n<br />\n{$pesan}\n<br />\n<br />Terima kasih.";
$judul_situs = 'Konfirmasi Pembayaran | ' . $judul_situs . ''; $tengah .= '<h4 class="bg">Konfirmasi Pembayaran</h4>'; ####################### # SUBMIT TESTIMONI ####################### if (isset($_POST['submit'])) { $nama = text_filter($_POST['nama']); $email = text_filter($_POST['email']); $telepon = text_filter($_POST['telepon']); $banktujuan = text_filter($_POST['banktujuan']); $bankpengirim = text_filter($_POST['bankpengirim']); $namapengirim = text_filter($_POST['namapengirim']); $jumlah = text_filter($_POST['jumlah']); $catatan = text_filter($_POST['catatan']); $tgl = text_filter($_POST['tgl']); $status = text_filter($_POST['status']); $error = ''; $gfx_check = $_POST['gfx_check']; if (!is_valid_email($email)) { $error .= "Error: Isi E-Mail Anda dengan benar!<br />"; } if (!$nama) { $error .= "Error: Silahkan isi nama Anda!<br />"; } if (!$telepon) { $error .= "Error: Silahkan isi nomor telepon / HP Anda!<br />"; } if (!$bankpengirim) { $error .= "Error: Silahkan isi bank pengirim!<br />"; } if (!$namapengirim) {
function kirim_mail($email, $smail, $subject, $message, $id = "", $pr = "") { $email = text_filter($email); $smail = text_filter($smail); $subject = text_filter($subject); $id = intval($id); $pr = !$pr ? "3" : "" . intval($pr) . ""; $mheader = "MIME-Version: 1.0\n" . "Content-type: text/plain; charset=iso-8859-1\n" . "Reply-To: \"{$smail}\" <{$smail}>\n" . "From: \"{$smail}\" <{$smail}>\n" . "Return-Path: <{$smail}>\n" . "X-Priority: {$pr}\n" . "X-Mailer: PHP's mail() Function\n"; @mail($email, $subject, $message, $mheader); }
} } ########################## # CHECKOUT ########################## if ($_GET['aksi'] == 'checkout') { if (is_array(@$_SESSION['product_id']) && count(@$_SESSION['product_id']) >= 1) { if (isset($_POST['submit'])) { $nama = text_filter($_POST['nama']); $email = text_filter($_POST['email']); $alamat = text_filter($_POST['alamat']); $keterangan = text_filter($_POST['keterangan']); $kota = text_filter($_POST['kota']); $provinsi = text_filter($_POST['provinsi']); $kodepos = text_filter($_POST['kodepos']); $telp = text_filter($_POST['telp']); $keadmin = '<strong> ' . $judul_situs . ' - Pemesanan</strong><br /><br /> Berikut Pemesanan dari ' . $nama; $keadmin .= '<table border="0" cellspacing="0" cellpadding="0"> <tr><td>Nama </td><td style="padding:3px 5px 3px 5px;">:</td><td>' . $nama . '</td></tr> <tr><td>Alamat </td><td style="padding:3px 5px 3px 5px;">:</td><td>' . $alamat . '</td></tr> <tr><td>Keterangan </td><td style="padding:3px 5px 3px 5px;">:</td><td>' . $keterangan . '</td></tr> <tr><td>Kota </td><td style="padding:3px 5px 3px 5px;">:</td><td>' . $kota . '</td></tr> <tr><td>Provinsi </td><td style="padding:3px 5px 3px 5px;">:</td><td>' . $provinsi . '</td></tr> <tr><td>Kodepos </td><td style="padding:3px 5px 3px 5px;">:</td><td>' . $kodepos . '</td></tr> <tr><td>No. Telp </td><td style="padding:3px 5px 3px 5px;">:</td><td>' . $telp . '</td></tr> <tr><td>Email </td><td style="padding:3px 5px 3px 5px;">:</td><td>' . $email . '</td></tr> </table><br /><br />'; $keuser = '' . $pesancheckout . '<br /><br />'; $keuser .= 'Berikut Data Pesanan Anda di ' . $judul_situs . ''; $keuser .= '<br /><br />';
<td>Propinsi</td> <td><input type="text" name="propinsi" value="' . $propinsi . '" size="30" class="form-control"></td> </tr> <tr> <td>Negara</td> <td><input type="text" name="negara" value="' . $negara . '" size="30" class="form-control"></td> </tr> <tr> <td>Telepon</td> <td><input type="text" name="telepon" value="' . $telepon . '" size="30" class="form-control"></td> </tr> <tr> <td>Handphone</td> <td><input type="text" name="handphone" value="' . $handphone . '" size="30" class="form-control"></td> </tr> <tr> <td>Pendidikan Terakhir</td> <td><select name="pendidikan_terakhir" class="form-control">'; $hasil = $koneksi_db->sql_query("SELECT * FROM hrd_pendidikan ORDER BY id"); $admin .= '<option value="-">== Pendidikan Terakhir ==</option>'; while ($datas = $koneksi_db->sql_fetchrow($hasil)) { $pilihan = $datas['id'] == $pendidikan_terakhir ? "selected" : ''; $admin .= '<option value="' . $datas['id'] . '" ' . $pilihan . '>' . $datas['nama'] . '</option>'; } $admin .= '</select></td> </tr> <tr> <td>Foto</td> <td><input type="file" name="foto" size="53"><p class="help-block">Extensi foto harus JPG</p></td> </tr>'; if (!$fotolama) {
$tengah .= '</td></tr>'; } $tengah .= '</table>'; } else { $tengah .= '<div class="error">data Kosong !</div>'; } } ####################### # SUBMIT TESTIMONI ####################### if (isset($_POST['submit'])) { $tgl = date('Y-m-d H:i:s'); $nama = text_filter($_POST['nama']); $email = text_filter($_POST['email']); $website = text_filter($_POST['website']); $testimonial = nl2br(text_filter($_POST['testimonial'], 2)); $error = ''; $gfx_check = $_POST['gfx_check']; if (!$website) { $error .= "Error: Please enter your website!<br />"; } if (!$testimonial) { $error .= "Error: Please enter a testimonial!<br />"; } // $code = substr(hexdec(md5("".date("F j")."".$_POST['random_num']."".$sitekey."")), 2, 6); if ($gfx_check != $_SESSION['Var_session'] or !isset($_SESSION['Var_session'])) { $error .= "Security Code Invalid <br />"; } if (cek_posted('contact')) { $error .= 'Anda Telah Memposting Testimonial, Tunggu beberapa Saat'; }
function mail_send($email, $smail, $subject, $message, $id = "", $pr = "") { $email = text_filter($email); $smail = text_filter($smail); $subject = text_filter($subject); $id = intval($id); $pr = !$pr ? "3" : "" . intval($pr) . ""; $message = !$id ? "" . $message . "" : "" . $message . "<br /><br />IP: " . getenv("REMOTE_ADDR") . "<br />User agent: " . getenv("HTTP_USER_AGENT") . ""; $mheader = "MIME-Version: 1.0\n" . "Content-Type: text/html; charset=utf-8\n" . "Reply-To: \"{$smail}\" <{$smail}>\n" . "From: \"{$smail}\" <{$smail}>\n" . "Return-Path: <{$smail}>\n" . "X-Priority: {$pr}\n" . "X-Mailer: Teamworks v2.3 Mailer\n"; @mail($email, $subject, $message, $mheader); }
//============================= // EDIT BERITA //============================= if ($_GET['aksi'] == "editnews") { $id = int_filter($_GET['id']); $topik = int_filter($_GET['topik']); $admin .= '<h4 class="border">Edit Berita Dengan ID =' . $id . '</h4>'; if (isset($_POST['submit'])) { define("GIS_GIF", 1); define("GIS_JPG", 2); define("GIS_PNG", 3); define("GIS_SWF", 4); include "includes/hft_image.php"; $judul = text_filter($_POST['judul']); $caption = text_filter($_POST['caption']); $konten = text_filter($_POST['konten']); $namafile_name = $_FILES['gambar']['name']; $total = $koneksi_db->sql_query("SELECT * FROM artikel WHERE judul = '" . $_POST['judul'] . "' and id != '" . $id . "'"); $jumlah = $koneksi_db->sql_numrows($total); $error = ''; if ($jumlah) { $error .= "Error: Duplicate Title of News {$judul}!<br />"; } if (!$judul) { $error .= "Error: Please enter Title of News!<br />"; } if (!$konten) { $error .= "Error: Please enter Content of News!<br />"; } if ($error) { $admin .= '<div class="error">' . $error . '</div>';