// admin/mailto.php header("content-type: text/html; charset=UTF-8"); // inint include '../bin/inint.php'; $ret = array(); // ตรวจสอบ referer และ สมาชิก if (gcms::isReferer() && gcms::isMember()) { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { // ค่าที่ส่งมา $topic = htmlspecialchars(trim($_POST['email_subject'])); $detail = gcms::ckClean($_POST['email_detail']); $reciever = htmlspecialchars(trim($_POST['email_reciever'])); if (gcms::isAdmin()) { $sender = $db->getRec(DB_USER, $_POST['email_from']); } else { $sender = $_SESSION['login']; } // ตรวจสอบค่าที่ส่งมา if ($sender['email'] == '') { $ret['error'] = 'ACTION_ERROR'; } elseif ($reciever == '') { $ret['error'] = 'RECIEVER_EMPTY'; $ret['input'] = 'email_reciever'; } elseif ($sender == $reciever) { $ret['error'] = 'ACTION_ERROR'; } elseif ($topic == '') { $ret['error'] = 'TOPIC_EMPTY'; $ret['input'] = 'email_subject';
<?php // admin/savestatus.php header("content-type: text/html; charset=UTF-8"); // inint include '../bin/inint.php'; $ret = array(); // referer, admin if (gcms::isReferer() && gcms::isAdmin()) { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { // action $action = gcms::getVars($_POST, 'action', ''); // โหลด config ใหม่ $config = array(); if (is_file(CONFIG)) { include CONFIG; } if ($action == 'config_status_add') { if (!isset($config['member_status'][0])) { $config['member_status'][0] = 'สมาชิก'; $config['color_status'][0] = '#006600'; } if (!isset($config['member_status'][1])) { $config['member_status'][1] = 'ผู้ดูแลระบบ'; $config['color_status'][1] = '#FF0000'; } // เพิ่มสถานะสมาชิกใหม่ $config['member_status'][] = "{$lng['LNG_CLICK_TO']} {$lng['LNG_EDIT']}"; $config['color_status'][] = '#000000';
} } $_SESSION['emails'] = implode(',', $emails); } $widget[] = '<option value=admin>{LNG_ADMIN}</option>'; foreach ($emails as $i => $email) { $widget[] = '<option value=' . $i . '>' . $email . '</option>'; } $widget[] = '</select></span></div>'; // sender $widget[] = '<div class=item><label for=mail_sender>{LNG_EMAIL_SENDER}</label><span class="g-input icon-email"><input type=text name=mail_sender id=mail_sender value="' . (isset($_SESSION['login']['email']) ? $_SESSION['login']['email'] : '') . '"></span></div>'; // subject $widget[] = '<div class=item><label for=mail_topic>{LNG_EMAIL_SUBJECT}</label><span class="g-input icon-edit"><input type=text name=mail_topic id=mail_topic value="' . $subject . '"></span></div>'; // detail $widget[] = '<div class=item><label for=mail_detail>{LNG_DETAIL}</label><span class="g-input icon-file"><textarea id=mail_detail name=mail_detail rows=10></textarea></span></div>'; // anti spam $widget[] = '<div class=item><label class="g-input antispam"><span><img src="' . WEB_URL . '/antispamimage.php?id=' . $antispam . '" alt=Antispam></span>'; $widget[] = '<input type=text name=mail_antispam id=mail_antispam maxlength=4 value="' . (gcms::isAdmin() ? $_SESSION[$antispam] : '') . '" placeholder="{LNG_ANTISPAM_COMMENT}">'; $widget[] = '</span></div>'; $widget[] = '<div class=item>'; $widget[] = '<input type=submit id=mail_submit class="button large send" value="{LNG_SEND_MESSAGE}">'; $widget[] = '<input type=hidden name=antispam value="' . $antispam . '">'; $widget[] = '</div>'; $widget[] = '</form>'; $widget[] = '<script>'; $widget[] = '$G(window).Ready(function(){'; $widget[] = 'new GForm("contact_frm", "' . WEB_URL . '/widgets/contact/sendmail.php", null, false).onsubmit(doFormSubmit);'; $widget[] = '});'; $widget[] = '</script>'; $widget = implode("\n", $widget); }
<?php // admin/import.php header("content-type: text/html; charset=UTF-8"); // inint include '../bin/inint.php'; // ไฟล์ที่ส่งมา $file = $_FILES['import_file']; // แอดมินเท่านั้น if (gcms::isReferer() && gcms::isAdmin() && $file['tmp_name'] != '') { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { echo gcms::array2json(array('error' => 'EX_MODE_ERROR')); } else { // long time set_time_limit(0); // อัปโหลด $fr = file($file['tmp_name']); // query ทีละบรรทัด foreach ($fr as $value) { $sql = str_replace(array('\\r', '\\n', '{prefix}', '/{WEBMASTER}/', '/{WEBURL}/'), array("\r", "\n", PREFIX, $_SESSION['login']['email'], WEB_URL), trim($value)); if ($sql != '') { $db->query($sql); } } } }
include_once ROOT_PATH . "modules/{$owner}/config.php"; } if (is_file(ROOT_PATH . "modules/{$owner}/inint.php")) { include_once ROOT_PATH . "modules/{$owner}/inint.php"; } if ($cron && is_file(ROOT_PATH . "modules/{$owner}/cron.php")) { include_once ROOT_PATH . "modules/{$owner}/cron.php"; } } // โหลดโมดูล login include ROOT_PATH . 'modules/member/login.php'; $mainlogin = $content; // login $isMember = gcms::isMember(); // admin $isAdmin = gcms::isAdmin(); // บันทึก counter และ useronline include ROOT_PATH . 'counter.php'; include ROOT_PATH . 'useronline.php'; // ค่า title,description และ keyword ของเว็บหลัก $title = $config['web_title']; $description = $config['web_description']; $keywords = $config['web_description']; // แสดงผล template หลัก $main_patt = array(); if (!empty($config['google_site_verification'])) { $meta['google-site-verification'] = '<meta name=google-site-verification content="' . $config['google_site_verification'] . '">'; } if (!empty($config['google_profile'])) { $meta['author'] = '<link rel=author href="https://plus.google.com/' . $config['google_profile'] . '">'; $meta['publisher'] = '<link rel=publisher href="https://plus.google.com/' . $config['google_profile'] . '">';
<?php // widgets/textlink/admin_action.php header("content-type: text/html; charset=UTF-8"); // inint include '../../bin/inint.php'; // referer, admin if (gcms::isReferer() && gcms::isAdmin() && (empty($_SESSION['login']['account']) || $_SESSION['login']['account'] != 'demo')) { // ค่าที่ส่งมา $action = gcms::getVars($_POST, 'action', ''); $id = gcms::getVars($_POST, 'id', ''); $value = gcms::getVars($_POST, 'value', 0); if ($action == 'delete') { $sql = "SELECT `logo` FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id}) AND logo != ''"; foreach ($db->customQuery($sql) as $item) { @unlink(DATA_PATH . 'image/' . $item['logo']); } $db->query("DELETE FROM `" . DB_TEXTLINK . "` WHERE `id` IN({$id})"); } elseif ($action == 'published') { $db->query("UPDATE `" . DB_TEXTLINK . "` SET `published`='{$value}' WHERE `id` IN({$id})"); } elseif ($action == 'move') { // move menu $max = 1; foreach (explode(',', str_replace('user-', '', $_POST['data'])) as $i) { $db->query("UPDATE `" . DB_TEXTLINK . "` SET `link_order`=" . $max . " WHERE `id`=" . (int) $i . " LIMIT 1"); $max++; } } elseif ($action == 'styles') { // styles include ROOT_PATH . 'widgets/textlink/styles.php'; // template
* * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") * http://www.gnu.org/licenses/lgpl.html * * - Mozilla Public License Version 1.1 or later (the "MPL") * http://www.mozilla.org/MPL/MPL-1.1.html * * == END LICENSE == * * Configuration file for the File Manager Connector for PHP. */ global $config; // config ของระบบ include '../../../../bin/load.php'; // ตรวจสอบการ login สำหรับสมาชิกเท่านั้น $config['Enabled'] = gcms::isAdmin() || gcms::isMember() && isset($_SESSION['CKEDITOR']) && $_SESSION['CKEDITOR'] == $_SESSION['login']['id']; // กำหนดการอัปโหลดไฟล์โดยใช้ชื่อเดิม หรือเป็นตัวเลข (เวลา) // true ใช้ชื่อเดิมของไฟล์ (rename ชื่อซ้ำ) // false ใช้ชื่อไฟล์เป็นเวลา (mktime) $config['UploadOrginalFilename'] = false; // โฟลเดอร์ ที่เก็บไฟล์ $config['UserFilesPath'] = DATA_FOLDER; // path ที่เก็บไฟล์ตั้งแต่ root ของ Server $config['UserFilesAbsolutePath'] = DATA_PATH; // Due to security issues with Apache modules, it is recommended to leave the // following setting enabled. $config['ForceSingleExtension'] = true; // Perform additional checks for image files. // If set to true, validate image size (using getimagesize). $config['SecureImageUploads'] = true; // What the user can do with this connector.
// inint include '../bin/inint.php'; // action $action = gcms::getVars($_POST, 'action', ''); // ตรวจสอบ id $ids = array(); foreach (explode(',', $_POST['id']) as $id) { // ไม่สามารถแก้ไขตัวเองได้ if ($_SESSION['login']['id'] != $id) { $ids[] = (int) $id; } } // id ของ สมาชิกทั้งหมดที่ส่งมา $ids = implode(',', $ids); // ตรวจสอบ referer และ admin if (gcms::isReferer() && gcms::isAdmin() && $ids != '') { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { echo $lng['ACTION_FORBIDDEN']; } else { if ($action == 'delete') { // ลบสมาชิกที่เลือก $sql = "SELECT `icon` FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `id`!=1 AND `icon`!=''"; foreach ($db->customQuery($sql) as $item) { // ลบรูปภาพสมาชิก @unlink(USERICON_FULLPATH . $item['icon']); } // ลบสมาชิก $db->query("DELETE FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `id`!=1"); } elseif ($action == 'activate' || $action == 'sendpassword') { // ส่งอีเมล์ยืนยันสมาชิก อีกครั้ง $sql = "SELECT `id`,`email`,`activatecode` FROM `" . DB_USER . "` WHERE `id` IN ({$ids}) AND `fb`='0'";
<?php // admin/savewrite.php header("content-type: text/html; charset=UTF-8"); // inint include '../bin/inint.php'; $ret = array(); // ตรวจสอบ referer และ แอดมิน if (gcms::isReferer() && gcms::isAdmin() && (isset($_POST['intro']) || isset($_POST['maintenance']))) { if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') { $ret['error'] = 'EX_MODE_ERROR'; } else { // ภาษาทีต้องการบันทึก $lang = gcms::getVars($_POST, 'write_language', ''); $lang = in_array($lang, $config['languages']) ? $lang : LANGUAGE; $patt = array(); $replace = array(); // ตัด /r/n $patt[] = '/[\\r\\n]{1,}/su'; $replace[] = ''; // หน้าว่างๆ $patt[] = '/^( |\\s){0,}<br[\\s\\/]+?>( |\\s){0,}$/iu'; $replace[] = ''; // ตัด PHP $patt[] = '/<\\?(.*?)\\?>/su'; $replace[] = ''; $save = array(); $detail = $db->sql_quote(preg_replace($patt, $replace, $_POST['write_detail'])); // ตรวจสอบ ข้อความเดิม $key = isset($_POST['intro']) && $_POST['intro'] == 1 ? 'INTRO_PAGE_DETAIL' : 'MAINTENANCE_DETAIL'; $search = $db->basicSearch(DB_LANGUAGE, 'key', $key);
$login_email = empty($_COOKIE[PREFIX . '_login_email']) ? '' : gcms::decode($_COOKIE[PREFIX . '_login_email']); $login_password = empty($_COOKIE[PREFIX . '_login_password']) ? '' : gcms::decode($_COOKIE[PREFIX . '_login_password']); } $isMember = false; $isAdmin = false; if ($login_email != '' && $login_password != '') { // ตรวจสอบการ login $login_result = gcms::CheckLogin($login_email, $login_password); if (is_array($login_result)) { // login สำเร็จ $_SESSION['login'] = $login_result; $_SESSION['login']['password'] = $login_password; // login $isMember = true; // admin $isAdmin = $isMember && gcms::isAdmin(); // ตรวจสอบการปันทึกการ login if ($login_remember) { // บันทึก user, password setCookie(PREFIX . '_login_email', gcms::encode($login_result['email']), time() + 3600 * 24 * 365, '/'); setCookie(PREFIX . '_login_password', gcms::encode($login_password), time() + 3600 * 24 * 365, '/'); } setCookie(PREFIX . '_login_remember', $login_remember, time() + 3600 * 24 * 365, '/'); } else { // ข้อความผิดพลาด $error = array(); $error[] = $lng['LNG_MEMBER_NOT_FOUND']; $error[] = $lng['LNG_MEMBER_NO_ACTIVATE']; $error[] = $lng['LNG_MEMBER_BAN']; $error[] = $lng['LNG_PASSWORD_INCORRECT']; $error[] = $lng['LNG_MEMBER_LOGIN_EXISTS'];
$module = $match[1]; $value = gcms::getVars($_POST, 'value', 0); } else { $action = gcms::getVars($_POST, 'action', ''); $id = gcms::getVars($_POST, 'id', ''); $value = gcms::getVars($_POST, 'value', 0); $module = gcms::getVars($_POST, 'module', 0); } // โมดูลที่เรียก $index = $db->getRec(DB_MODULES, $module); if ($index) { // config gcms::r2config($index['config'], $index); // ตรวจสอบ เจ้าของ แอดมิน $sql = "SELECT `id`,`picture` FROM `" . DB_INDEX . "` WHERE `id` IN({$id}) AND `module_id`='{$index['id']}'"; if (!gcms::canConfig($index, 'moderator') && !gcms::isAdmin()) { $sql .= ' AND `member_id`=' . (int) $_SESSION['login']['id']; } $ids = array(); foreach ($db->customQuery($sql) as $item) { $ids[$item['id']] = $item['picture']; } if (sizeof($ids) > 0) { $id = implode(',', array_keys($ids)); if ($action == 'delete') { // ลบ (บทความ) foreach ($ids as $i => $item) { @unlink(DATA_PATH . "document/{$item}"); } $db->query("DELETE FROM `" . DB_COMMENT . "` WHERE `index_id` IN ({$id}) AND `module_id`='{$index['id']}'"); $db->query("DELETE FROM `" . DB_INDEX . "` WHERE `id` IN ({$id}) AND `module_id`='{$index['id']}'");