function get_frontmenu_all() { $query = 'select a.nid,nid_parent,cmenu,ci_path,ci_controller,ci_func_controller,icon_class,is_main from ' . $this->frontmenu . ' as a '; $cwhere = ' a.bhide=0 '; if (b_admin(b_getuserlogin())) { } else { $query .= 'join ' . $this->granted . ' as d on d.nid_frontmenus=a.nid '; $cwhere .= ' and d.nid_users=' . $this->db->escape($this->session->userdata('SESS_USER_ID')); } $query .= ' where ' . $cwhere; $query .= ' order by a.nurut '; $result = $this->db->query($query); return $result; }
echo ucfirst($GLOBALS['bva_levelname'][$ii]); ?> </option> <?php } ?> </select> </td> </tr> </table> </td> </tr> <?php } ?> <tr> <td colspan="2"><br><input type="submit" name="csub" value="Update User"> <?php b_admin($_POST['nid']) ? $cdisabled = "disabled" : ($cdisabled = ""); ?> <input type="submit" name="csub" value="Delete User" onclick="return confirm('Are you sure to delete this user?')" <?php echo $cdisabled; ?> > <input type="submit" name="csub" value="Cancel"> </td> </tr> </table></form> <?php }
$creff = "<a href=\"?cact=" . $_REQUEST['cact'] . "&csub=0\">Extensions</a>\n"; } else { $creff = "<a href=\"?cact=" . $_REQUEST['cact'] . "&csub=0\" class=\"current\">Extensions</a>\n"; } } $csubmenu .= "<li " . $ccurrent . ">" . $creff . "</li>"; if (b_admin(b_getuserlogin())) { $csql = "select * from " . PREFIX . "moduls"; } else { $csql = "select a.nid, a.cpath, b.nstatus from " . PREFIX . "moduls as a\r\n inner join " . PREFIX . "granted as b on \r\n a.nid=b.nid_moduls and b.nid_users='" . $_SESSION['nid_login'] . "'"; } $nresult = gcms_query($csql); $agroup[] = ""; while ($omoduls = gcms_fetch_object($nresult)) { $ainfo_menu = b_readinit(str_replace(".php", ".init.php", strtolower($omoduls->cpath))); if ($omoduls->nstatus >= $ainfo_menu['level'] or b_admin(b_getuserlogin())) { $ccurrent = ""; $creff = ""; if (!in_array($ainfo_menu['group'], $agroup)) { $agroup[] = $ainfo_menu['group']; } if (trim(strtolower($ainfo_menu['type'])) == "admin" and trim(strtolower($ainfo_menu['group'])) == strtolower($cgroup) and $ainfo_menu['grant'] <= $bv_level) { if ($_REQUEST['csub'] == $omoduls->nid) { $creff = "<a href=\"?cact=" . $_REQUEST['cact'] . "&csub={$omoduls->nid}\" class=\"current\">" . trim($ainfo_menu['name']) . "</a>"; } else { $creff = "<a href=\"?cact=" . $_REQUEST['cact'] . "&csub={$omoduls->nid}\">" . trim($ainfo_menu['name']) . "</a>"; } } $csubmenu .= "<li " . $ccurrent . ">" . $creff . "</li>\r\n"; } }
/** * Mendapatkan title berdasarkan menu yang dipilih * * @param string $cpage * @return unknown */ function menu_get_title($cpage) { if (b_antisqlinjection($cpage) and $cpage != "") { if (b_admin(b_getuserlogin())) { $csql = "select * from " . PREFIX . "frontmenus where nid='" . $cpage . "'"; } else { $csql = "select a.* from " . PREFIX . "frontmenus as a\r\n\t\t left join " . PREFIX . "grantedfrontmenus as b on a.nid=b.nid_frontmenus\r\n\t\t where a.nid='" . $cpage . "' and \r\n\t\t (b.nid_users='" . b_getuserlogin() . "' or a.bsecure=0)"; } $nresult = gcms_query($csql); $opage = gcms_fetch_object($nresult); $csql = "select cgroup from " . PREFIX . "groupfrontmenus where nid='" . $opage->nid_groupfrontmenus . "'"; $creturn = b_fetch($csql) . " - " . $opage->cmenu; return $creturn; } }
} include 'header-admin.php'; if (!b_logged()) { include 'login.php'; } else { include 'menu.php'; if ($_REQUEST['cact'] == 0) { include 'dashboard.php'; } else { if ($bdash) { include 'extension.php'; } else { if (isset($cpath)) { ?> <div class="judul"><?php echo $ainfo['name']; ?> </div> <?php $ainfo = b_readinit(str_replace(".php", ".init.php", $cpath)); $csql = "select nstatus from " . PREFIX . "granted where nid_users='" . $_SESSION['nid_login'] . "' and nid_moduls='" . $_REQUEST['csub'] . "'"; if (b_fetch($csql) >= $ainfo['level'] or b_admin(b_getuserlogin())) { if (file_exists($cpath)) { include $cpath; } } } } } } include 'footer-admin.php';
<?php if ($bedit) { ?> <br> <form action="<?php echo b_urlact() . "&cpage=" . $_REQUEST['cpage']; ?> " method="POST" name="myform" id="formedit"> <table class="table_admin2"> <input type="hidden" name="nid" value="<?php echo $_POST['nid']; ?> "> <?php if (USERLEVEL >= bc_supervisor and !b_admin($_POST['nid']) and $_SESSION['nid_login'] != $_POST['nid']) { ?> <tr> <td colspan="2"><h2>Grant Menu</h2></td> </tr> <tr> <td colspan="2"> <table> <?php $csql = "select a.nid, a.cmenu, b.cgroup from " . PREFIX . "frontmenus as a\n inner join " . PREFIX . "groupfrontmenus as b on a.nid_groupfrontmenus=b.nid\n order by b.nurut, b.cgroup, a.nurut, a.cmenu"; $nresult = gcms_query($csql); $i = 0; while ($omenus = gcms_fetch_object($nresult)) { b_fetch("select count(nid) from " . PREFIX . "grantedfrontmenus where nid_users='" . $_POST['nid'] . "' and nid_frontmenus='{$omenus->nid}'") > 0 ? $ccheck = "checked" : ($ccheck = ""); ?> <tr>
?> <br> by: <?php echo $cby; ?> <br> Source: <?php echo $csource; ?> </td> <td align="left" valign="middle" bgcolor="<?php echo $ccolor; ?> " width="20%"> <?php b_admin(b_getuserlogin()) ? $cdisabled = "" : ($cdisabled = "disabled"); $cremove = str_replace('dummy', $cdisabled, $cremove); ?> <input type="submit" name="submit" value="<?php echo $cvalue; ?> " <?php echo $cdisabled; ?> ><?php echo $cremove; ?> </td> </tr> </form> <?php