Exemplo n.º 1
0
<?php

// admin/mailto.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ สมาชิก
if (gcms::isReferer() && gcms::isMember()) {
    if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
        $ret['error'] = 'EX_MODE_ERROR';
    } else {
        // ค่าที่ส่งมา
        $topic = htmlspecialchars(trim($_POST['email_subject']));
        $detail = gcms::ckClean($_POST['email_detail']);
        $reciever = htmlspecialchars(trim($_POST['email_reciever']));
        if (gcms::isAdmin()) {
            $sender = $db->getRec(DB_USER, $_POST['email_from']);
        } else {
            $sender = $_SESSION['login'];
        }
        // ตรวจสอบค่าที่ส่งมา
        if ($sender['email'] == '') {
            $ret['error'] = 'ACTION_ERROR';
        } elseif ($reciever == '') {
            $ret['error'] = 'RECIEVER_EMPTY';
            $ret['input'] = 'email_reciever';
        } elseif ($sender == $reciever) {
            $ret['error'] = 'ACTION_ERROR';
        } elseif ($topic == '') {
            $ret['error'] = 'TOPIC_EMPTY';
Exemplo n.º 2
0
<?php

// modules/edocument/write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer
if (gcms::isReferer() && gcms::isMember()) {
    // ค่าที่ส่งมา
    $save['document_no'] = $db->sql_trim_str($_POST, 'edocument_no');
    $save['topic'] = $db->sql_trim_str($_POST, 'edocument_topic');
    $save['detail'] = gcms::ckClean($_POST['edocument_detail']);
    if (isset($_POST['edocument_reciever'])) {
        $save['reciever'] = implode(',', $_POST['edocument_reciever']);
    }
    $id = gcms::getVars($_POST, 'write_id', 0);
    $file = $_FILES['edocument_file'];
    // ตรวจสอบค่าที่ส่งมา
    $error = false;
    $input = false;
    if ($id > 0) {
        // แก้ไข
        $sql = "SELECT D.*,M.`module`";
        $sql .= " FROM `" . DB_EDOCUMENT . "` AS D";
        $sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=D.`module_id`";
        $sql .= " WHERE D.`id`='{$id}' AND M.`owner`='edocument' LIMIT 1";
    } else {
        // ใหม่
        $sql = "SELECT M.`module`,M.`id` AS `module_id`";
        $sql .= ",(SELECT MAX(`id`) FROM `" . DB_EDOCUMENT . "` WHERE `module_id`=M.`id`) AS `id`";