<?php // widgets/textlink/admin_action.php header("content-type: text/html; charset=UTF-8"); // inint include '../../bin/inint.php'; // referer, admin if (gcms::isReferer() && gcms::isAdmin() && (empty($_SESSION['login']['account']) || $_SESSION['login']['account'] != 'demo')) { // ค่าที่ส่งมา $action = gcms::getVars($_POST, 'action', ''); $id = gcms::getVars($_POST, 'id', ''); $value = gcms::getVars($_POST, 'value', 0); if ($action == 'delete') { $sql = "SELECT `logo` FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id}) AND logo != ''"; foreach ($db->customQuery($sql) as $item) { @unlink(DATA_PATH . 'image/' . $item['logo']); } $db->query("DELETE FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id})"); } elseif ($action == 'published') { $db->query("UPDATE `" . DB_TEXTLINK . "` SET `published`='{$value}' WHERE `id` IN({$id})"); } elseif ($action == 'move') { // move menu $max = 1; foreach (explode(',', str_replace('user-', '', $_POST['data'])) as $i) { $db->query("UPDATE `" . DB_TEXTLINK . "` SET `link_order`=" . $max . " WHERE `id`=" . (int) $i . " LIMIT 1"); $max++; } } elseif ($action == 'styles') { // styles include ROOT_PATH . 'widgets/textlink/styles.php'; // template
<?php // admin/savestatus.php header("content-type: text/html; charset=UTF-8"); // inint include '../bin/inint.php'; $ret = array(); // referer, admin if (gcms::isReferer() && gcms::isAdmin()) { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { // action $action = gcms::getVars($_POST, 'action', ''); // โหลด config ใหม่ $config = array(); if (is_file(CONFIG)) { include CONFIG; } if ($action == 'config_status_add') { if (!isset($config['member_status'][0])) { $config['member_status'][0] = 'สมาชิก'; $config['color_status'][0] = '#006600'; } if (!isset($config['member_status'][1])) { $config['member_status'][1] = 'ผู้ดูแลระบบ'; $config['color_status'][1] = '#FF0000'; } // เพิ่มสถานะสมาชิกใหม่ $config['member_status'][] = "{$lng['LNG_CLICK_TO']} {$lng['LNG_EDIT']}"; $config['color_status'][] = '#000000';
} // ค้นหาจาก printable_name และ iso $search = $db->sql_trim_str($_GET, 'search'); if ($search != '') { $qs[] = "(`printable_name` LIKE '%{$search}%' OR `iso` LIKE '%{$search}%')"; $url_query['search'] = urlencode($search); } $where = sizeof($qs) == 0 ? '' : ' WHERE ' . implode(' AND ', $qs); // จำนวนสมาชิกทั้งหมด $sql = "SELECT COUNT(*) AS `count` FROM `" . DB_COUNTRY . "`{$where}"; $count = $db->customQuery($sql); // รายการต่อหน้า $list_per_page = gcms::getVars('GET,COOKIE', 'count,country_listperpage', 30); $list_per_page = max(10, $list_per_page); // หน้าที่เลือก $page = max(1, gcms::getVars($_GET, 'page', 1)); // ตรวจสอบหน้าที่เลือกสูงสุด $totalpage = round($count[0]['count'] / $list_per_page); $totalpage += $totalpage * $list_per_page < $count[0]['count'] ? 1 : 0; $page = max(1, $page > $totalpage ? $totalpage : $page); $start = $list_per_page * ($page - 1); // คำนวณรายการที่แสดง $s = $start < 0 ? 0 : $start + 1; $e = min($count[0]['count'], $s + $list_per_page - 1); $patt2 = array('/{SEARCH}/', '/{COUNT}/', '/{PAGE}/', '/{TOTALPAGE}/', '/{START}/', '/{END}/'); $replace2 = array($search, $count[0]['count'], $page, $totalpage, $s, $e); // save ฟิลเตอร์ลง cookie setCookie('country_order', $order, time() + 3600 * 24 * 365); setCookie('country_zone', $zone, time() + 3600 * 24 * 365); setCookie('country_listperpage', $list_per_page, time() + 3600 * 24 * 365); // title
$ret = array(); // referer, member if (gcms::isReferer() && gcms::canConfig($config, 'gallery_can_write')) { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { $save = array(); $save2 = array(); $error = false; $input = false; // ค่าที่ส่งมา $save['topic'] = $db->sql_trim_str($_POST, 'gallery_topic'); $save['detail'] = $db->sql_trim_str($_POST, 'gallery_detail'); $file = $_FILES['gallery_pic']; // แก้ไขอัลบัม $id = gcms::getVars($_POST, 'galleryId', 0); // ตรวจสอบรายการและโมดูลที่เลือก if ($id > 0) { $sql = "SELECT C.`id`,C.`module_id`,M.`module`,G.`id` AS `image_id`,G.`image`"; $sql .= " FROM `" . DB_MODULES . "` AS M"; $sql .= " INNER JOIN `" . DB_GALLERY_ALBUM . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}"; $sql .= " INNER JOIN `" . DB_GALLERY . "` AS G ON G.`album_id`=C.`id` AND G.`module_id`=M.`id` AND G.`count`='0'"; } else { $sql1 = "SELECT MAX(`id`) FROM `" . DB_GALLERY_ALBUM . "` WHERE `module_id`=M.`id`"; $sql = "SELECT 0 AS `image_id`,M.`id` AS `module_id`,M.`module`,1+COALESCE(({$sql1}),0) AS `id` FROM `" . DB_MODULES . "` AS M"; } $sql .= " WHERE M.`owner`='gallery' LIMIT 1"; $index = $db->customQuery($sql); if (sizeof($index) == 1) { $index = $index[0]; // ตรวจสอบค่าที่ส่งมา
// id ที่ลบ $ids[] = $item['id']; } if (sizeof($ids) > 0) { $ids = implode(',', $ids); // ลบอัลบัม $db->query("DELETE FROM `" . DB_GALLERY_ALBUM . "` WHERE `id` IN ({$ids})"); // ลบรูปภาพ $db->query("DELETE FROM `" . DB_GALLERY . "` WHERE `album_id` IN ({$ids})"); } // กลับไปหน้าอัลบัม $ret['error'] = 'DELETE_SUCCESS'; $ret['location'] = rawurlencode('index.php?module=gallery-album'); } elseif ($action == 'deletep') { // ลบรูปในอัลบัม $album_id = gcms::getVars($_POST, 'album', 0); // ลบรูปภาพ $sql = "SELECT `id`,`album_id`,`image` FROM `" . DB_GALLERY . "` WHERE `id` IN ({$ids}) AND `album_id`={$album_id}"; foreach ($db->customQuery($sql) as $item) { // ลบรูปภาพ @unlink(DATA_PATH . "gallery/{$item['album_id']}/{$item['image']}"); @unlink(DATA_PATH . "gallery/{$item['album_id']}/thumb_{$item['image']}"); $ret['remove' . $item['id']] = 'L_' . $item['id']; } // ลบ $db->query("DELETE FROM `" . DB_GALLERY . "` WHERE `id` IN ({$ids}) AND `album_id`={$album_id}"); // อัปเดทจำนวนรูปภาพในอัลบัม $sql = "SELECT COUNT(*) FROM `" . DB_GALLERY . "` WHERE `module_id`=C.`module_id` AND `album_id`={$album_id}"; $sql = "UPDATE `" . DB_GALLERY_ALBUM . "` AS C SET C.`count`=({$sql}) WHERE C.`id`={$album_id}"; $db->query($sql); // คืนค่า
<?php // widgets/twitter/admin_setup_save.php header("content-type: text/html; charset=UTF-8"); // inint include '../../bin/inint.php'; // ตรวจสอบ referer และ admin if (gcms::isReferer() && gcms::isAdmin()) { // โหลด config ใหม่ $config = array(); if (is_file(CONFIG)) { include CONFIG; } // ค่าที่ส่งมา $config['twitter_height'] = max(100, gcms::getVars($_POST, 'twitter_height', 0)); $config['twitter_id'] = $db->sql_trim_str($_POST, 'twitter_id'); $config['twitter_name'] = $db->sql_trim_str($_POST, 'twitter_name'); $config['twitter_theme'] = $db->sql_trim_str($_POST, 'twitter_theme'); $config['twitter_border_color'] = strtoupper(trim($_POST['twitter_border_color'])); $config['twitter_link_color'] = strtoupper(trim($_POST['twitter_link_color'])); $config['twitter_count'] = gcms::getVars($_POST, 'twitter_count', 0); // บันทึก config.php if (gcms::saveconfig(CONFIG, $config)) { $ret['error'] = 'SAVE_COMPLETE'; $ret['location'] = 'reload'; } else { $ret['error'] = 'DO_NOT_SAVE'; } // คืนค่า JSON echo gcms::array2json($ret); }
<?php // widgets/shoutbox/index.php if (defined('MAIN_INIT')) { // default $config['shoutbox_time'] = gcms::getVars($config, 'shoutbox_time', 5); $config['shoutbox_lines'] = gcms::getVars($config, 'shoutbox_lines', 10); $emoticon_dir = WEB_URL . '/widgets/shoutbox/smile'; $shoutbox = array(); $shoutbox[] = '<div id=shoutbox_div>'; $shoutbox[] = '<dl id=shoutbox_list></dl>'; $shoutbox[] = '<form id=shoutbox_frm method=post action=' . WEB_URL . '>'; $shoutbox[] = '<fieldset>'; $shoutbox[] = '<p><label for=shoutbox_sender>{LNG_FNAME}:</label><span><input type=text id=shoutbox_sender name=shoutbox_sender maxlength=20 size=15></span></p>'; $shoutbox[] = '<p><label for=shoutbox_txt>{LNG_SHOUTBOX_MESSAGE}:</label><span><input type=text id=shoutbox_txt name=shoutbox_txt maxlength=100 size=15 title="{LNG_SHOUTBOX_TEXT_TITLE}"></span></p>'; $shoutbox[] = '<p><label for=shoutbox_submit> </label><span><input class="button send" id=shoutbox_submit type=submit value="{LNG_SHOUTBOX_SEND}"><img src=' . $emoticon_dir . '/0.gif alt=emoticon class=nozoom></span></p>'; $shoutbox[] = '</fieldset>'; $shoutbox[] = '<p id=shoutbox_emoticon>'; $f = @opendir(ROOT_PATH . 'widgets/shoutbox/smile/'); if ($f) { while (false !== ($text = readdir($f))) { if (preg_match('/^([0-9]+)\\.gif$/', $text, $match)) { $shoutbox[] = "<img src={$emoticon_dir}/{$match['1']}.gif alt={$match['1']} class=nozoom>"; } } closedir($f); } $shoutbox[] = '</p>'; $shoutbox[] = '</form>'; $shoutbox[] = '</div>'; $shoutbox[] = '<script>';
// admin/mailwrite_save.php header("content-type: text/html; charset=UTF-8"); // inint include '../bin/inint.php'; $ret = array(); // ตรวจสอบ referer และ แอดมิน if (gcms::isReferer() && gcms::isAdmin()) { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { $error = false; $input = false; $save = array(); // id ของอีเมล์ (0 = ใหม่) $id = gcms::getVars($_POST, 'email_id', 0); if ($id > 0) { // email ที่แก้ไข $email = $db->getRec(DB_EMAIL_TEMPLATE, $id); } else { // อีเมล์ที่สร้างใหม่ สำหรับระบบจดหมายเวียน $save['module'] = 'mailmerge'; $save['email_id'] = 0; } if ($id > 0 && !$email) { $ret['error'] = 'ACTION_ERROR'; } else { // ค่าที่ส่งมา $save['language'] = $db->sql_trim_str($_POST, 'email_language'); $save['from_email'] = $db->sql_trim_str($_POST, 'email_from_email'); $save['subject'] = $db->sql_trim_str($_POST, 'email_subject');
<?php // widgets/search/index.php if (defined('MAIN_INIT')) { $patt = array('/[\\t\\r]/', '/{(LNG_[A-Z0-9_]+)}/e', '/{WEBURL}/', '/{SEARCH}/', '/{ID}/'); $replace = array(); $replace[] = ''; $replace[] = OLD_PHP ? '$lng[\'$1\']' : 'gcms::getLng'; $replace[] = WEB_URL; $replace[] = preg_replace('/[\\+\\s]+/u', ' ', gcms::getVars($_GET, 'q', '')); $replace[] = gcms::rndname(10); $widget = gcms::pregReplace($patt, $replace, file_get_contents(ROOT_PATH . 'widgets/search/search.html')); }
$ret['ret_config_image_type'] = 'UPLOAD_TYPE_EMPTY'; $ret['input'] = 'config_image_type'; } else { $ret['ret_config_image_type'] = ''; // โหลด config ใหม่ $config = array(); if (is_file(CONFIG)) { include CONFIG; } // ค่าที่ส่งมา $config['gallery_image_type'] = $_POST['config_image_type']; $config['gallery_thumb_w'] = max(200, (int) $_POST['config_thumb_w']); $config['gallery_thumb_h'] = max(200, (int) $_POST['config_thumb_h']); $config['gallery_image_w'] = max(600, (int) $_POST['config_image_w']); $config['gallery_cols'] = gcms::getVars($_POST, 'config_cols', 0); $config['gallery_rows'] = gcms::getVars($_POST, 'config_rows', 0); $config['gallery_can_write'] = isset($_POST['config_can_write']) ? $_POST['config_can_write'] : array(); $config['gallery_can_write'][] = 1; $config['gallery_can_config'] = isset($_POST['config_can_config']) ? $_POST['config_can_config'] : array(); $config['gallery_can_config'][] = 1; // บันทึก config.php if (gcms::saveconfig(CONFIG, $config)) { $ret['error'] = 'SAVE_COMPLETE'; $ret['location'] = 'reload'; } else { $ret['error'] = 'DO_NOT_SAVE'; } } } } else { $ret['error'] = 'ACTION_ERROR';
<?php // widgets/chat/admin_setup.php if (MAIN_INIT == 'admin' && $isAdmin) { // default $config['chat_time'] = gcms::getVars($config, 'chat_time', 5); $config['chat_history'] = gcms::getVars($config, 'chat_history', 7); $config['chat_lines'] = gcms::getVars($config, 'chat_lines', 10); // title $title = $lng['LNG_CHAT_SETUP']; $a = array(); $a[] = '<span class=icon-widgets>{LNG_WIDGETS}</span>'; $a[] = '{LNG_CHAT}'; // แสดงผล $content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>'; $content[] = '<section>'; $content[] = '<header><h1 class=icon-chat>' . $title . '</h1></header>'; $content[] = '<form id=setup_frm class=setup_frm method=post action=index.php>'; $content[] = '<fieldset>'; $content[] = '<legend><span>{LNG_CHAT}</span></legend>'; // chat_time $content[] = '<div class=item>'; $content[] = '<label for=chat_time>{LNG_CHAT_TIME}</label>'; $content[] = '<span class="g-input icon-clock"><input type=number id=chat_time name=chat_time title="{LNG_CHAT_TIME_COMMENT}" value=' . $config['chat_time'] . '></span>'; $content[] = '<div class=comment id=result_chat_time>{LNG_CHAT_TIME_COMMENT}</div>'; $content[] = '</div>'; // chat_history $content[] = '<div class=item>'; $content[] = '<label for=chat_history>{LNG_CHAT_HISTORY}</label>'; $content[] = '<span class="g-input icon-history"><input type=number id=chat_history name=chat_history title="{LNG_CHAT_HISTORY_COMMENT}" value=' . $config['chat_history'] . '></span>'; $content[] = '<div class=comment id=result_chat_history>{LNG_CHAT_HISTORY_COMMENT}</div>';
$save['type'] = $db->sql_trim_str($_POST, 'textlink_type'); $save['text'] = $db->sql_trim($_POST, 'textlink_text'); $save['url'] = trim(gcms::getVars($_POST, 'textlink_url', '')); $save['target'] = trim(gcms::getVars($_POST, 'textlink_target', '')); if (isset($_POST['textlink_template']) && $_POST['textlink_type'] == 'custom') { $save['template'] = preg_replace('/<\\?(.*?)\\?>/', '', trim($_POST['textlink_template'])); } list($y, $m, $d) = explode('-', $_POST['textlink_publish_start']); $save['publish_start'] = mktime(0, 0, 0, (int) $m, (int) $d, (int) $y); if (isset($_POST['textlink_dateless']) && $_POST['textlink_dateless'] == 1) { $save['publish_end'] = 0; } else { list($y, $m, $d) = explode('-', gcms::getVars($_POST, 'textlink_publish_end', '0-0-0')); $save['publish_end'] = mktime(23, 59, 59, (int) $m, (int) $d, (int) $y); } $id = gcms::getVars($_POST, 'textlink_id', 0); $logo = $_FILES['textlink_file']; if ($id > 0) { $sql = "SELECT `id` FROM `" . DB_TEXTLINK . "` WHERE `id`='{$id}' LIMIT 1"; } else { $sql = "SELECT 1+COALESCE(MAX(`link_order`),0) FROM `" . DB_TEXTLINK . "`"; $sql = "SELECT ({$sql}) AS `link_order`,(1+COALESCE(MAX(`id`),0)) AS `id` FROM `" . DB_TEXTLINK . "`"; } $textlink = $db->customQuery($sql); if (sizeof($textlink) == 0) { $ret['error'] = 'ACTION_ERROR'; $error = true; } elseif (!preg_match('/^[a-z0-9]{1,}$/u', $save['name'])) { $ret['ret_textlink_name'] = 'this'; $ret['input'] = 'textlink_name'; $error = true;
$index = $cache->get($sql); if (!$index) { $index = $db->customQuery($sql); if (sizeof($index) > 0) { $cache->save($sql, $index); } } if (sizeof($index) == 0) { $title = $lng['LNG_DATA_NOT_FOUND']; $content = '<div class=error>' . $title . '</div>'; } else { $index = $index[0]; // config gcms::r2config($index['config'], $index); // login $login = gcms::getVars($_SESSION, 'login', array('id' => 0, 'status' => -1, 'email' => '', 'password' => '')); // breadcrumbs $breadcrumb = gcms::loadtemplate($index['module'], '', 'breadcrumb'); $breadcrumbs = array(); // หน้าหลัก $breadcrumbs['HOME'] = gcms::breadcrumb('icon-home', WEB_URL . '/index.php', $install_modules[$module_list[0]]['menu_tooltip'], $install_modules[$module_list[0]]['menu_text'], $breadcrumb); // breadcrumb ของ โมดูล $m = $install_modules[$index['module']]['menu_text']; $breadcrumbs['MODULE'] = gcms::breadcrumb('', gcms::getURL($index['module']), $install_modules[$index['module']]['menu_tooltip'], $m == '' ? $index['module'] : $m, $breadcrumb); // หมวด $categories = array(); $categories[0] = '<option value=0>{LNG_NO_CATEGORY}</option>'; $sql = "SELECT `category_id`,`topic` FROM `" . DB_CATEGORY . "` WHERE `module_id`='{$index['module_id']}' ORDER BY `category_id`"; $list = $cache->get($sql); if (!$list) { $list = $db->customQuery($sql);
<?php // modules/gallery/admin_upload_save.php header("content-type: text/html; charset=UTF-8"); // inint include '../../bin/inint.php'; $ret = array(); // referer, member if (gcms::isReferer() && gcms::canConfig($config, 'gallery_can_write')) { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { // อัลบัมที่อัปโหลด $id = gcms::getVars($_POST, 'albumId', 0); $sql = "SELECT MAX(`count`) FROM `" . DB_GALLERY . "` WHERE `module_id`=M.`id` AND `album_id`=C.`id`"; $sql = "SELECT C.`id`,C.`module_id`,({$sql}) AS `count` FROM `" . DB_MODULES . "` AS M"; $sql .= " INNER JOIN `" . DB_GALLERY_ALBUM . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}"; $sql .= " WHERE M.`owner`='gallery' LIMIT 1"; $index = $db->customQuery($sql); if (sizeof($index) == 1) { $index = $index[0]; $save = array(); $save['module_id'] = $index['module_id']; $save['album_id'] = $index['id']; $save['last_update'] = $mmktime; $save['count'] = (int) $index['count'] + 1; // path เก็บไฟล์ $dir = DATA_PATH . "gallery/{$save['album_id']}/"; foreach ($_FILES as $file) { // ตรวจสอบไฟล์อัปโหลด $info = gcms::isValidImage($config['gallery_image_type'], $file);
// title $title = $lng['LNG_REGISTER_TITLE']; // breadcrumbs $breadcrumb = gcms::loadtemplate('', '', 'breadcrumb'); $breadcrumbs = array(); // หน้าหลัก $breadcrumbs['HOME'] = gcms::breadcrumb('icon-home', WEB_URL . '/index.php', $install_modules[$module_list[0]]['menu_tooltip'], $install_modules[$module_list[0]]['menu_text'], $breadcrumb); // url ของหน้านี้ $breadcrumbs['MODULE'] = gcms::breadcrumb('', gcms::getURL('register'), $lng['LNG_REGISTER_TITLE'], $lng['LNG_REGISTER_TITLE'], $breadcrumb); if (isset($config['custom_register']) && is_file(ROOT_PATH . $config['custom_register'])) { // custom register form include ROOT_PATH . $config['custom_register']; } else { // antispam $register_antispamchar = gcms::rndname(32); $_SESSION[$register_antispamchar] = gcms::rndname(4); // แสดงฟอร์ม registerfrm.html $patt = array('/{BREADCRUMS}/', '/<PHONE>(.*)<\\/PHONE>/isu', '/<IDCARD>(.*)<\\/IDCARD>/isu', '/<INVITE>(.*)<\\/INVITE>/isu', '/{(LNG_[A-Z0-9_]+)}/e', '/{ANTISPAM}/', '/{WEBURL}/', '/{MODAL}/', '/{INVITE}/'); $replace = array(); $replace[] = implode("\n", $breadcrumbs); $replace[] = empty($config['member_phone']) ? '' : '\\1'; $replace[] = empty($config['member_idcard']) ? '' : '\\1'; $replace[] = empty($config['member_invitation']) ? '' : '\\1'; $replace[] = OLD_PHP ? '$lng[\'$1\']' : 'gcms::getLng'; $replace[] = $register_antispamchar; $replace[] = WEB_URL; $replace[] = gcms::getVars($_POST, 'action', '') != 'modal' ? 'false' : 'true'; $replace[] = gcms::getVars($_COOKIE, PREFIX . '_invite', ''); $content = gcms::pregReplace($patt, $replace, gcms::loadtemplate('member', 'member', 'registerfrm')); } }
if (gcms::isReferer() && gcms::canConfig($config, 'personnel_can_write')) { if (empty($_SESSION['login']['account']) || $_SESSION['login']['account'] != 'demo') { // ตรวจสอบ id $ids = array(); foreach (explode(',', $_POST['id']) as $id) { $ids[] = (int) $id; } // id ของ สมาชิกทั้งหมดที่ส่งมา $ids = implode(',', $ids); if ($_POST['action'] == 'delete' && $ids != '') { $sql = "SELECT `picture` FROM `" . DB_PERSONNEL . "` WHERE `id` IN ({$ids}) AND `module_id`="; $sql .= "(SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='personnel')"; foreach ($db->customQuery($sql) as $item) { @unlink(DATA_PATH . "personnel/{$item['picture']}"); } // ลบ db $sql = "DELETE FROM `" . DB_PERSONNEL . "` WHERE `id` IN ({$ids}) AND `module_id`="; $sql .= "(SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='personnel')"; $db->query($sql); } elseif (preg_match('/^order_([0-9]+)$/', $_POST['id'], $match)) { $ret["order_{$match['1']}"] = gcms::getVars($_POST, 'value', 0); $db->edit(DB_PERSONNEL, $match[1], array('order' => $ret["order_{$match['1']}"])); } else { print_r($_POST); } } } else { $ret['error'] = 'ACTION_ERROR'; } // คืนค่าเป็น JSON echo gcms::array2json($ret);
<?php // modules/personnel/admin_category_action.php header("content-type: text/html; charset=UTF-8"); // inint include '../../bin/inint.php'; $ret = array(); // referer, member if (gcms::isReferer() && gcms::canConfig($config, 'personnel_can_config')) { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { // ค่าที่ส่งมา $action = gcms::getVars($_POST, 'action', ''); $module_id = gcms::getVars($_POST, 'mid', 0); if (preg_match('/^config_(category)_add$/', $action, $match)) { // add category $save = array(); $save_detail = array(); // new row $text = $lng['LNG_CATEGORY']; $save['group_id'] = 0; $save['module_id'] = $module_id; $topic[LANGUAGE] = "{$lng['LNG_CLICK_TO']} {$lng['LNG_EDIT']}"; // id ของ หมวดใหม่ $sql = "SELECT MAX(`category_id`) AS `category` FROM `" . DB_CATEGORY . "` WHERE `module_id`='{$module_id}'"; $category = $db->customQuery($sql); $save['category_id'] = (int) $category[0]['category'] + 1; $save['topic'] = gcms::array2Ser($topic); // add $id = $db->add(DB_CATEGORY, $save);
<?php // widgets/shoutbox/send.php header("content-type: text/html; charset=UTF-8"); // inint include '../../bin/inint.php'; // referer if (gcms::isReferer()) { // ค่าที่ส่งมา $save = array(); $save['text'] = $db->sql_trim_str($_POST, 'val'); $save['time'] = gcms::getVars($_POST, 'time', 0); $save['sender'] = $db->sql_trim_str($_POST, 'sender'); // save message $db->add(DB_SHOUTBOX, $save); }
$breadcrumbs['MODULE'] = gcms::breadcrumb('', $canonical, $t, $m, $breadcrumb); } // แก้ไข $breadcrumbs['EDIT'] = gcms::breadcrumb('', WEB_URL . "/index.php?module={$index['module']}-write&id={$index['id']}", "{$index['topic']}.{$index['ext']}", "{$index['topic']}.{$index['ext']}", $breadcrumb); // default query $where = " WHERE D.`module_id`='{$index['module_id']}' AND D.`document_id`='{$index['id']}'"; // จำนวนทั้งหมด $sql = "SELECT COUNT(*) AS `count` FROM `" . DB_EDOCUMENT_DOWNLOAD . "` AS D {$where}"; $count = $cache->get($sql); if (!$count) { $count = $db->customQuery($sql); $count = $count[0]; $cache->save($sql, $count); } // หน้าที่เรียก $page = gcms::getVars($_REQUEST, 'page', 0); $totalpage = round($count['count'] / $config['edocument_listperpage']); $totalpage += $totalpage * $config['edocument_listperpage'] < $count['count'] ? 1 : 0; $page = $page > $totalpage ? $totalpage : $page; $page = $page < 1 ? 1 : $page; $start = $config['edocument_listperpage'] * ($page - 1); // list รายการ $sql = "SELECT D.*,U.`fname`,U.`lname`,U.`email`,U.`status` FROM `" . DB_EDOCUMENT_DOWNLOAD . "` AS D"; $sql .= " LEFT JOIN `" . DB_USER . "` AS U ON U.`id`=D.`member_id`"; $sql .= " {$where} ORDER BY D.`last_update` DESC LIMIT {$start},{$config['edocument_listperpage']}"; $datas = $cache->get($sql); if (!$datas) { $datas = $db->customQuery($sql); $cache->save($sql, $datas); } // อ่านรายการลงใน $list
$text = gcms::getVars($lng, 'LNG_' . strtoupper($key), ''); $menus[] = '<li class="' . $key . '"><a class=menu-arrow tabindex=0><span>' . ($text == '' ? ucfirst($key) : $text) . '</span></a><ul>'; foreach ($value as $key2 => $value2) { $menus[] = '<li class="' . $key2 . '">' . $value2 . '</li>'; } $menus[] = '</ul></li>'; } else { $menus[] = '<li class="' . $key . '">' . $value . '</li>'; } } $menus[] = '</ul>'; } $menus[] = '</li>'; } // โมดูลที่เรียก $module = preg_replace('/[\\.\\/]/', '', gcms::getVars($_GET, 'module', '')); if (is_file(ROOT_PATH . "admin/{$module}.php")) { require_once ROOT_PATH . "admin/{$module}.php"; } elseif (preg_match('/^(' . implode('|', array_keys($install_owners)) . ')(-(.*))?$/ui', $module, $modules)) { if (is_file(ROOT_PATH . "modules/{$modules['1']}/admin_{$modules['3']}.php")) { // โมดูลที่เรียก require_once ROOT_PATH . "modules/{$modules['1']}/admin_{$modules['3']}.php"; } elseif (is_file(ROOT_PATH . "widgets/{$modules['1']}/admin_{$modules['3']}.php")) { // เรียก widget ชื่อเดียวกับโมดูล require_once ROOT_PATH . "widgets/{$modules['1']}/admin_{$modules['3']}.php"; } else { require_once ROOT_PATH . "admin/dashboard.php"; } } elseif (preg_match('/^(' . implode('|', $setup_widgets) . ')(-(.*))?$/ui', $module, $modules)) { // เรียก widget if (isset($modules[3]) && is_file(ROOT_PATH . "widgets/{$modules['1']}/admin_{$modules['3']}.php")) {
<?php // widgets/facebook/admin_setup.php if (MAIN_INIT == 'admin' && $isAdmin) { // ตรวจสอบค่า default $config['facebook_width'] = gcms::getVars($config, 'facebook_width', 500); $config['facebook_height'] = gcms::getVars($config, 'facebook_height', 0); $config['facebook_user'] = gcms::getVars($config, 'facebook_user', 'gcmscms'); $config['facebook_show_facepile'] = gcms::getVars($config, 'facebook_show_facepile', 1); $config['facebook_show_posts'] = gcms::getVars($config, 'facebook_show_posts', 0); $config['facebook_hide_cover'] = gcms::getVars($config, 'facebook_hide_cover', 0); // title $title = $lng['LNG_FACEBOOK_SETTINGS']; $a = array(); $a[] = '<span class=icon-widgets>{LNG_WIDGETS}</span>'; $a[] = '{LNG_FACEBOOK_LIKE_BOX}'; // แสดงผล $content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>'; $content[] = '<section>'; $content[] = '<header><h1 class=icon-facebook>' . $title . '</h1></header>'; $content[] = '<div class=setup_frm>'; $content[] = '<form id=setup_frm class=paper method=post action=index.php>'; $content[] = '<fieldset>'; $content[] = '<legend><span>{LNG_FACEBOOK_LIKE_BOX}</span></legend>'; // width, height $content[] = '<div class=item>'; $content[] = '<div class=input-groups>'; $content[] = '<div class=width50>'; $content[] = '<label for=facebook_width>{LNG_WIDTH}</label>'; $content[] = '<span class="g-input icon-width"><input type=number name=facebook_width id=facebook_width value="' . $config['facebook_width'] . '" title="{LNG_FACEBOOK_SIZE_COMMENT}"></span>'; $content[] = '</div>';
$a[] = '<span class=icon-settings>{LNG_SITE_SETTINGS}</span>'; $a[] = '{LNG_INTRO_PAGE}'; // แสดงผล $content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>'; $content[] = '<section>'; $content[] = '<header><h1 class=icon-write>' . $title . '</h1></header>'; $content[] = '<form id=write_frm class=setup_frm method=post action=index.php>'; $content[] = '<fieldset>'; $content[] = '<legend><span>{LNG_INTRO_PAGE}</span></legend>'; $content[] = '<aside class=message>{LNG_INTRO_PAGE_COMMENT}</aside>'; // intro $content[] = '<div class=item>'; $content[] = '<div class="table collapse">'; $content[] = '<label for=write_mode>{LNG_SETTINGS}</label>'; $content[] = '<span class="g-input icon-config"><select name=write_mode id=write_mode title="{LNG_PLEASE_SELECT} {LNG_INTRO_PAGE}">'; $show_intro = gcms::getVars($config, 'show_intro', ''); foreach ($lng['OPEN_CLOSE'] as $i => $item) { $sel = $show_intro == $i ? ' selected' : ''; $content[] = '<option value=' . $i . $sel . '>' . $item . '</option>'; } $content[] = '</select></span>'; $content[] = '</div>'; $content[] = '</div>'; // language $content[] = '<div class=item>'; $content[] = '<label for=write_language>{LNG_LANGUAGE}</label>'; $content[] = '<div class="table collapse">'; $content[] = '<div class=td>'; $content[] = '<span class="g-input icon-language"><select name=write_language id=write_language title="{LNG_PLEASE_SELECT} {LNG_LANGUAGE}">'; foreach ($install_languages as $item) { $sel = $lang == $item ? ' selected' : '';
<?php // widgets/tags/admin_setup.php if (MAIN_INIT == 'admin' && $isAdmin && defined('DB_TAGS')) { // รายการที่แก้ไข $id = gcms::getVars($_GET, 'id', 0); $tags = ''; $tag = array('id' => 0, 'tag' => ''); // query $sql = "SELECT * FROM " . DB_TAGS . " ORDER BY `count` ASC, `id` DESC"; foreach ($db->customQuery($sql) as $item) { if ($id == $item['id']) { $tag = $item; } $tags .= '<tr id=L_' . $item['id'] . '>'; $tags .= '<th headers=c1 id=r' . $item['id'] . ' scope=row class=topic><a id=edit_' . $item['id'] . ' href="' . WEB_URL . '/admin/index.php?module=tags-setup&id=' . $item['id'] . '">' . htmlspecialchars($item['tag']) . '</a></th>'; $tags .= '<td headers="r' . $item['id'] . ' c2" class=check-column><a id=check_' . $item['id'] . ' class=icon-uncheck></a></td>'; $tags .= '<td headers="r' . $item['id'] . ' c3" class=visited>' . $item['count'] . '</td>'; $tags .= '</tr>'; } // title $title = $lng['LNG_TAGS_TITLE']; $a = array(); $a[] = '<span class=icon-widgets>{LNG_WIDGETS}</span>'; $a[] = '{LNG_TAGS}'; // แสดงผล $content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>'; $content[] = '<section>'; $content[] = '<header><h1 class=icon-tags>' . $title . '</h1></header>'; $content[] = '<div class=setup_frm>'; $content[] = '<form id=setup_frm class=paper method=post action=index.php>';
$save[$k . 'H'] = $index['icon_height']; // ลบรูปภาพเดิม if (isset($index[$k]) && $index[$k] != $save[$k]) { @unlink(DATA_PATH . "document/{$index[$k]}"); } } } } } } if (!$error) { // บันทึก $save['create_date'] = $db->sql_datetime2mktime("{$_POST['write_create_date']} {$_POST['write_create_hour']}:{$_POST['write_create_minute']}:00"); $save['last_update'] = $mmktime; $save['index'] = 0; $save['category_id'] = gcms::getVars($_POST, 'write_category', 0); $save['ip'] = gcms::getip(); $save['published'] = $_POST['write_published'] == '1' ? '1' : '0'; $save['published_date'] = $db->sql_trim_str($_POST, 'write_published_date'); $save['show_news'] = ''; if (isset($_POST['write_show_news'])) { $write_show_news = array(); foreach ($_POST['write_show_news'] as $item) { $write_show_news[] = "{$item}=1"; } $save['show_news'] = implode("\n", $write_show_news); } if ($id == 0) { // ใหม่ $save['module_id'] = $index['module_id']; $save['member_id'] = $login['id'];
<?php // modules/index/main.php if (defined('MAIN_INIT')) { $id = gcms::getVars('REQUEST,REQUEST', 'mid,id', 0); // อ่านโมดูล ตามภาษา $sql = "SELECT M.`module`,I.`id`,D.`topic`,D.`description`,D.`keywords`,D.`detail`,I.`visited`"; if ($id > 0) { $sql .= " FROM `" . DB_INDEX . "` AS I"; $sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=I.`module_id`"; $sql .= " INNER JOIN `" . DB_INDEX_DETAIL . "` AS D ON D.`id`=I.`id` AND D.`module_id`=I.`module_id` AND D.`language`=I.`language`"; $sql .= " WHERE I.`id`='{$id}' AND I.`index`='1' AND I.`published`='1' AND I.`published_date`<='" . date('Y-m-d', $mmktime) . "' LIMIT 1"; } else { $sql .= " FROM `" . DB_INDEX_DETAIL . "` AS D "; $sql .= " INNER JOIN `" . DB_INDEX . "` AS I ON I.`id`=D.`id` AND I.`index`='1' AND I.`published`='1' AND I.`published_date`<='" . date('Y-m-d', $mmktime) . "' AND I.`language`=D.`language`"; $sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=D.`module_id` AND M.`module`='{$module}'"; $sql .= " WHERE D.`language` IN ('" . LANGUAGE . "','') LIMIT 1"; } // ตรวจสอบข้อมูลจาก cache $index = $cache->get($sql); if (!$index) { $index = $db->customQuery($sql); $index = sizeof($index) == 0 ? false : $index[0]; } if (!$index) { $title = $lng['PAGE_NOT_FOUND']; $content = '<div class=error>' . $title . '</div>'; } else { // breadcrumbs $breadcrumb = gcms::loadtemplate($index['module'], '', 'breadcrumb'); $breadcrumbs = array();
$page = $match[1]; $modules[4] = $match[2]; } // ชื่อโมดูลที่ติดตั้งแล้ว $modules[2] = $install_modules[$modules[1]]['owner']; } if (empty($modules[3])) { $modules[3] = 'main'; } elseif (is_file(ROOT_PATH . "modules/{$modules['1']}/{$modules['3']}.php")) { // เรียกโมดูลตรงๆ $modules[2] = $modules[1]; } elseif (!empty($page) && is_file(ROOT_PATH . "modules/{$modules['1']}/{$page}.php")) { $modules[3] = $page; } elseif (!is_file(ROOT_PATH . "modules/{$modules['2']}/{$modules['3']}.php")) { $modules[4] = $modules[3]; $modules[3] = 'view'; } } else { // ไม่ได้ส่งชื่อโมดูลมา เช่น ข้อความ.html // ให้แสดงเรื่องจากโมดูล document unset($modules[1]); $modules[2] = 'document'; $modules[3] = 'view'; $modules[4] = $module; } unset($modules[0]); // โมดูลที่เรียก $module = gcms::getVars($modules, 1, ''); // เลือกเมนู $menu = empty($install_modules[$module]['alias']) ? $module : $install_modules[$module]['alias']; }
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { $error = false; // ค่าที่ส่งมา $save = array(); $save['name'] = $db->sql_trim_str($_POST, 'write_name'); $save['email'] = $db->sql_trim_str($_POST, 'write_email'); $save['position'] = $db->sql_trim_str($_POST, 'write_position'); $save['phone'] = $db->sql_trim_str($_POST, 'write_phone'); $save['address'] = $db->sql_trim_str($_POST, 'write_address'); $save['detail'] = $db->sql_trim_str($_POST, 'write_detail'); $save['category_id'] = gcms::getVars($_POST, 'write_category', 0); $save['order'] = min(99, max(0, (int) $_POST['write_order'])); $icon = $_FILES['write_picture']; $id = gcms::getVars($_POST, 'write_id', 0); // ตรวจสอบค่าที่ส่งมา if ($id > 0) { $sql = "SELECT C.*,M.`module` FROM `" . DB_MODULES . "` AS M"; $sql .= " INNER JOIN `" . DB_PERSONNEL . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}"; } else { $sql1 = "SELECT MAX(`id`)+1 FROM `" . DB_PERSONNEL . "` WHERE `module_id`=M.`id`"; $sql = "SELECT IFNULL(({$sql1}),1) AS `id`,M.`id` AS `module_id`,M.`module` FROM `" . DB_MODULES . "` AS M"; } $sql .= " WHERE M.`owner`='personnel' LIMIT 1"; $index = $db->customQuery($sql); // ตรวจสอบค่าที่ส่งมา if (sizeof($index) == 0) { $ret['error'] = 'ACTION_ERROR'; } elseif ($save['name'] == '') { $ret['ret_write_name'] = 'FNAME_EMPTY';
$config['mimeTypes'] = $typies; } if (!isset($ret['error'])) { if (isset($_POST['config_can_download'])) { $config['download_can_download'] = gcms::getVars($_POST, 'config_can_download', ''); } else { unset($config['download_can_download']); } $config['download_can_upload'] = gcms::getVars($_POST, 'config_can_upload', array()); $config['download_can_upload'][] = 1; $config['download_can_config'] = gcms::getVars($_POST, 'config_can_config', array()); $config['download_can_config'][] = 1; $config['download_list_per_page'] = gcms::getVars($_POST, 'config_list_per_page', 0); $config['download_upload_size'] = gcms::getVars($_POST, 'config_upload_size', 0); $config['download_file_typies'] = implode(',', array_keys($typies)); $config['download_news_count'] = gcms::getVars($_POST, 'config_news_count', 0); // บันทึก config.php if (gcms::saveconfig(CONFIG, $config)) { $ret['error'] = 'SAVE_COMPLETE'; $ret['location'] = 'reload'; } else { $ret['error'] = 'DO_NOT_SAVE'; } } } } } else { $ret['error'] = 'ACTION_ERROR'; } // คืนค่าเป็น JSON echo gcms::array2json($ret);
$content[] = '<fieldset class=paper>'; $content[] = '<legend><span class=icon-bing>{LNG_BING}</span></legend>'; // msvalidate $content[] = '<div class=item>'; $content[] = '<label for=msvalidate>{LNG_SITE_VERIFICATION_CODE}</label>'; $content[] = '<div><span class=tablet><meta name="msvalidate.01" content="</span><input type=text class=wide id=msvalidate name=msvalidate value="' . gcms::getVars($config, 'msvalidate', '') . '" title="{LNG_SITE_VERIFICATION_CODE_COMMENT}"><span class=tablet>" /></span></div>'; $content[] = '<div class=comment id=result_msvalidate>{LNG_SITE_VERIFICATION_CODE_COMMENT}</div>'; $content[] = '</div>'; $content[] = '</fieldset>'; $content[] = '<fieldset>'; $content[] = '<legend><span class=icon-facebook>{LNG_FACEBOOK}</span></legend>'; // facebook_appId $facebook = gcms::getVars($config, 'facebook', array()); $content[] = '<div class=item>'; $content[] = '<label for=facebook_appId>{LNG_FACEBOOK_APPID}</label>'; $content[] = '<span class="g-input icon-password"><input id=facebook_appId name=facebook_appId type=text value="' . gcms::getVars($facebook, 'appId', '') . '" title="{LNG_FACEBOOK_COMMENT}"></span>'; $content[] = '</div>'; // facebook_picture $content[] = '<div class=item>'; $image = is_file(DATA_PATH . 'image/facebook_photo.jpg') ? DATA_URL . 'image/facebook_photo.jpg' : WEB_URL . '/skin/img/blank.gif'; $content[] = '<div class=usericon><span><img src="' . $image . '" alt="Facebook Picture" id=fbPicture></span></div>'; $content[] = '<label for=facebook_picture>{LNG_BROWSE_FILE}</label>'; $content[] = '<span class="g-input icon-upload"><input class=g-file id=facebook_picture name=facebook_picture type=file title="{LNG_FACEBOOK_PICTURE_COMMENT}" accept="' . gcms::getEccept(array('jpg')) . '" data-preview=fbPicture></span>'; $content[] = '<div class=comment id=result_facebook_picture>{LNG_FACEBOOK_PICTURE_COMMENT}</div>'; $content[] = '</div>'; $content[] = '<aside class=message>{LNG_FACEBOOK_REDIRECT_URL} <em>{WEBURL}/index.php</em></aside>'; $content[] = '</fieldset>'; // submit $content[] = '<fieldset class=submit>'; $content[] = '<input type=submit class="button large save" value="{LNG_SAVE}">'; $content[] = '</fieldset>';
$script[] = '$G(window).Ready(function(){'; $script[] = 'if ($E("logo")) {'; $script[] = "new GMedia('logo_swf', '" . DATA_URL . "image/{$config['logo']}', {$info['width']}, {$info['height']}).write('logo');"; $script[] = '}'; $script[] = '});'; } else { $image_src = DATA_URL . 'image/' . $config['logo']; $image_logo = '<img src="' . $image_src . '" alt="{WEBTITLE}">'; } } // canonical $canonical = WEB_URL . '/index.php'; // โมดูลที่เรียกมา $module = ''; if (isset($_REQUEST['module'])) { $module = gcms::getVars($_REQUEST, 'module', ''); } else { $request_uri = explode('?', rawurldecode($_SERVER['REQUEST_URI'])); if (preg_match('/^\\/(.*)\\.html$/u', str_replace(BASE_PATH, '', $request_uri[0]), $match)) { $module = $match[1]; } } // โหลดเมนูทั้งหมดเรียงตามลำดับเมนู (รายการแรกคือหน้า Home) $sql = "SELECT M.`id` AS `module_id`,M.`module`,M.`owner`,M.`config`,U.`index_id`,U.`parent`,U.`level`,U.`menu_text`,U.`menu_tooltip`,U.`accesskey`,U.`menu_url`,U.`menu_target`,U.`alias`,U.`published`"; $sql .= ",(CASE U.`parent` WHEN 'MAINMENU' THEN 0 WHEN 'BOTTOMMENU' THEN 1 WHEN 'SIDEMENU' THEN 2 ELSE 3 END ) AS `pos`"; $sql .= " FROM `" . DB_MENUS . "` AS U"; $sql .= " LEFT JOIN `" . DB_INDEX . "` AS I ON I.`id`=U.`index_id` AND I.`index`='1' AND I.`language` IN ('" . LANGUAGE . "','')"; $sql .= " LEFT JOIN `" . DB_MODULES . "` AS M ON M.`id`=I.`module_id`"; $sql .= " WHERE U.`language` IN ('" . LANGUAGE . "','')"; $sql .= " ORDER BY `pos` ASC,U.`parent` ASC ,U.`menu_order` ASC"; $menus = $cache->get($sql);