<?php // admin/mailto.php header("content-type: text/html; charset=UTF-8"); // inint include '../bin/inint.php'; $ret = array(); // ตรวจสอบ referer และ สมาชิก if (gcms::isReferer() && gcms::isMember()) { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { // ค่าที่ส่งมา $topic = htmlspecialchars(trim($_POST['email_subject'])); $detail = gcms::ckClean($_POST['email_detail']); $reciever = htmlspecialchars(trim($_POST['email_reciever'])); if (gcms::isAdmin()) { $sender = $db->getRec(DB_USER, $_POST['email_from']); } else { $sender = $_SESSION['login']; } // ตรวจสอบค่าที่ส่งมา if ($sender['email'] == '') { $ret['error'] = 'ACTION_ERROR'; } elseif ($reciever == '') { $ret['error'] = 'RECIEVER_EMPTY'; $ret['input'] = 'email_reciever'; } elseif ($sender == $reciever) { $ret['error'] = 'ACTION_ERROR'; } elseif ($topic == '') { $ret['error'] = 'TOPIC_EMPTY';
<?php // modules/edocument/write_save.php header("content-type: text/html; charset=UTF-8"); // inint include '../../bin/inint.php'; $ret = array(); // ตรวจสอบ referer if (gcms::isReferer() && gcms::isMember()) { // ค่าที่ส่งมา $save['document_no'] = $db->sql_trim_str($_POST, 'edocument_no'); $save['topic'] = $db->sql_trim_str($_POST, 'edocument_topic'); $save['detail'] = gcms::ckClean($_POST['edocument_detail']); if (isset($_POST['edocument_reciever'])) { $save['reciever'] = implode(',', $_POST['edocument_reciever']); } $id = gcms::getVars($_POST, 'write_id', 0); $file = $_FILES['edocument_file']; // ตรวจสอบค่าที่ส่งมา $error = false; $input = false; if ($id > 0) { // แก้ไข $sql = "SELECT D.*,M.`module`"; $sql .= " FROM `" . DB_EDOCUMENT . "` AS D"; $sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=D.`module_id`"; $sql .= " WHERE D.`id`='{$id}' AND M.`owner`='edocument' LIMIT 1"; } else { // ใหม่ $sql = "SELECT M.`module`,M.`id` AS `module_id`"; $sql .= ",(SELECT MAX(`id`) FROM `" . DB_EDOCUMENT . "` WHERE `module_id`=M.`id`) AS `id`";