$content .= '<div class="border"><center><a href="admin.php?pilih=calendar&mod=yes">Back</a></center></div>'; } else { $content .= '<div class="border"><table width="100%" class="bodyline"><tr><td align="left"><img src="images/warning.gif" border="0"></td><td align="center"><div class="error">Data gagal di Hapus</div></td><td align="right"><img src="images/warning.gif" border="0"></td></tr></table></div>'; $content .= '<div class="border"><center><a href="admin.php?pilih=calendar&mod=yes">Back</a></center></div>'; } break; default: $limit = 10; if (empty($_GET['offset']) and !isset($_GET['offset'])) { $offset = 0; } else { $offset = int_filter($_GET['offset']); } $query_add = ''; if (!empty($_GET['waktu'])) { $query_add = "WHERE `waktu_mulai` LIKE '%" . cleantext($_GET['waktu']) . "%'"; } $num = mysql_query("SELECT COUNT(id) as t FROM `tbl_kalender` {$query_add}"); $rows = mysql_fetch_row($num); $jumlah = $rows[0]; mysql_free_result($num); $a = new paging($limit); // Pembagian halaman dimulai if (!isset($_GET['pg'], $_GET['stg'])) { $_GET['pg'] = 1; $_GET['stg'] = 1; } $waktu_value = !isset($_GET['waktu']) ? date('Y-m-d') : $_GET['waktu']; $content .= '<div class="border">'; $content .= '<form method="get" action="#">Waktu Mulai : <input type="text" name="waktu" value="' . $waktu_value . '" /> <input type="submit" name="submit_kal" value="cari" /><input type="hidden" name="pilih" value="calendar" /><input type="hidden" name="mod" value="yes" /><br />Format : YYYY-mm-dd / YYYY-mm / YYYY / mm-dd</form>'; $content .= '</div><br />';
$admin .= '<div class="border">'; $admin .= 'List Photo Lainnya: <b> <a href=admin.php?pilih=photo&mod=yes&aksi=editperistiwa&id=' . $idperistiwa . '> ' . $judulperistiwa . '</a></b> - <a href=admin.php?pilih=photo&mod=yes&aksi=addphoto&id=' . $idperistiwa . '><b>Tambah Foto</b></a>'; $admin .= '<table><tr>'; $no = 0; $s = mysql_query("SELECT * FROM `photo`where peristiwa='{$idperistiwa}' order by id asc"); $jumlah = mysql_num_rows($s); if ($jumlah < 1) { $admin .= "\n<img src='{$url_situs}/mod/photo/images/normal/photo-default.jpg'>"; } else { while ($datas = mysql_fetch_array($s)) { $idphoto = $datas['id']; $gambars = $datas['gambar']; $urutan = $no + 1; $keterangan = cleantext($datas['keterangan']); $editphoto = '<a href=admin.php?pilih=photo&mod=yes&aksi=editphoto&id=' . $idphoto . '><img src="images/edit.gif"></a>'; $deletephoto = '<a href=admin.php?pilih=photo&mod=yes&aksi=delphoto&id=' . $idphoto . '><img src="images/delete.gif"></a>'; $admin .= '<td align="left" style="border:1px solid #dddddd;"> <a href="' . $url_situs . '/mod/photo/images/normal/' . $gambars . '" onclick="return hs.expand(this)"> <img src="' . $url_situs . '/mod/photo/images/normal/' . $gambars . '" alt="" border="0" width="150px"height="auto"title="' . $keterangan . '"></a><br> <table width="100%"><tr><td align="center"> ' . $editphoto . ' </td><td align="center"> ' . $deletephoto . ' </td></tr></table> </td>'; if ($urutan % 6 == 0) { $admin .= '</tr></tr>'; } $no++;
$admin .= '<label class="col-sm-2 control-label">'; $admin .= '</label>'; $admin .= '<input type="submit" name="submit" value="Simpan" class="btn btn-success" />'; $admin .= '</div></div>'; $admin .= '</form></div>'; $admin .= '</section>'; } break; case 'add': if (isset($_POST['submit'])) { define("GIS_GIF", 1); define("GIS_JPG", 2); define("GIS_PNG", 3); define("GIS_SWF", 4); include "includes/hft_image.php"; $judul = cleantext($_POST['judul']); $konten = hapuspetik($_POST['konten']); $seftitle = AuraCMSSEO($judul); $error = ''; if (empty($judul)) { $error .= '- Error: Judul harus Diisi<br />'; } if ($error != '') { $admin .= '<div class="alert alert-warning fade in"> <button data-dismiss="alert" class="close close-sm" type="button"> <i class="icon-remove"></i> </button> <strong>Error !</strong> <br>' . $error . '. </div>'; } else { $files = $_FILES['gambar']['name'];
} } fclose($fp); // add 1 to max id to get new id $id++; if ($zeilen) { if (strlen($id) == 1) { $id = '00' . $id; } if (strlen($id) == 2) { $id = '0' . $id; } } else { $id = 1; } $_POST['user'] = cleantext($_POST['user']); $_POST['pwd'] = crypt($_POST['pwd'], 'lala'); $nl = chr(13) . chr(10); $fp = fopen($datafile, "w+"); flock($fp, 2); fwrite($fp, '<?php' . $nl); fwrite($fp, '/*' . $nl); for ($i = 2; $i < $zeilen - 2; $i++) { fwrite($fp, $zeile[$i]); } fwrite($fp, my_nl2br(implode(array($_POST['user'], $_POST['level'], $_POST['pwd'], $id, ''), '§')) . $nl); fwrite($fp, '*/' . $nl); fwrite($fp, '?>'); flock($fp, 3); fclose($fp); echo '<br />
$hits = $hits + 1; $tengah .= '<br><br><h4 class="katphoto">' . $judulnya . '</h4>'; $tanggal = datetimes($data['tgl']); $tengah .= '<div class="border"><span class="date">' . $tanggal . '</span></div>'; $tengah .= '<div class="border"><table> <tr><td>' . $gambar . '</td></tr> <tr><td>' . $konten . '</td></tr></table></div>'; $no = 0; $query = $koneksi_db->sql_query("SELECT * FROM video_peristiwa WHERE id!= {$idperistiwa} order by id desc limit 3"); $jumlah = $koneksi_db->sql_numrows($query); $tengah .= '<h4 class="katphoto">Video Lainnya</h4>'; $tengah .= '<table border="0" cellpadding="0" cellspacing="5"><tr align="left">'; while ($data2 = $koneksi_db->sql_fetchrow($query)) { $urutan = $no + 1; $idperistiwa = $data2['id']; $judulnya = cleantext($data2['judul']); $konten = $data2['konten']; $link = $data2['link']; $gambar2 = ' <img src="http://img.youtube.com/vi/' . $link . '/mqdefault.jpg"/>'; $tengah .= '<td valign="top"> <div class="imgkatalog"><a href="detailvideo-' . AuraCMSSEO($judulnya) . '.html">' . $gambar2 . '<br>' . $judulnya . '</a></div> </td>'; if ($urutan % 3 == 0) { $tengah .= '</tr>'; } $no++; } $tengah .= '</table>'; //end if empty }
$hasil = $koneksi_db->sql_query("UPDATE artikel SET judul='{$judul}', konten='{$konten}', seftitle='{$seftitle}', topik='{$topik}', tags='{$tags}',gambar='{$namagambar}',tgl='{$tgl}',caption='{$caption}' WHERE id='{$id}'"); if ($hasil) { $admin .= '<div class="sukses">Berhasil memasukkan berita dg judul <u>' . stripslashes($_POST['judul']) . ' </u></div>'; header("location:?pilih=news&mod=yes&aksi=editnews&id={$id}"); exit; } } else { $seftitle = AuraCMSSEO($judul); $jumlah = ''; $total = $koneksi_db->sql_query("SELECT * FROM artikel WHERE seftitle like '%{$seftitle}%'"); $jumlah = $koneksi_db->sql_numrows($total); if ($jumlah) { $seftitle = $seftitle . $jumlah; } // $topik = $_POST['topik']; $tags = cleantext($_POST['tags']); $tot = $_POST['tot']; $ppil = ''; for ($i = 1; $i <= $tot; $i++) { $pil = $_POST['pil' . $i]; if ($pil != "") { $ppil .= $pil . ","; } } $ppil = substr_replace($ppil, "", -1, 1); // $topik = $_POST['topik']; $topik = $ppil; //masukkan data $hasil = $koneksi_db->sql_query("UPDATE artikel SET judul='{$judul}', konten='{$konten}', seftitle='{$seftitle}', topik='{$topik}', tags='{$tags}',tgl='{$tgl}',caption='{$caption}' WHERE id='{$id}'"); if ($hasil) { $admin .= '<div class="sukses">Berhasil memasukkan berita dg judul <u>' . stripslashes($_POST['judul']) . ' </u></div>';
function BersihkanData($v) { return sensor(cleantext($v)); }
$admin .= '<div class="error">' . $error . '</div>'; } else { $up = mysql_query("UPDATE `useraura` SET `level`='{$level}',`tipe`='{$tipe}',`email`='{$email}' WHERE `UserId`='{$id}' AND `user`!='admin'"); $admin .= '<div class="sukses">Data Berhasil Diupdate Dengan ID = ' . $id . '</div>'; } } ###################################### # Tambah User ###################################### if ($_GET['aksi'] == 'tambah_user') { if (isset($_POST['add_users'])) { $user = cleantext($_POST['user']); $level = cleantext($_POST['level']); $tipe = cleantext($_POST['tipe']); $password = cleantext($_POST['password']); $email = cleantext($_POST['email']); if (empty($_POST['user'])) { $error .= "Error: Formulir user belum diisi , silahkan ulangi.<br />"; } if (empty($_POST['email'])) { $error .= "Error: Formulir email belum diisi , silahkan ulangi.<br />"; } if (empty($_POST['password'])) { $error .= "Error: Formulir Password belum diisi , silahkan ulangi.<br />"; } if (!$user || preg_match("/[^a-zA-Z0-9_-]/", $user)) { $error .= "Error: Karakter Username tidak diizinkan kecuali a-z,A-Z,0-9,-, dan _<br />"; } if (strlen($user) > 20) { $error .= "Username Terlalu Panjang Maksimal 20 Karakter<br />"; }
function csvProdTexts($new = 'no', $newarray = '', $folder = '') { $csv_file = '"PRODUCT_ID";"LANGUAGE_ID";"NAME";"DESCRIPTION";"TAG";"META_TITLE";"META_DESCRIPTION";"META_KEYWORD";"SPECIFICATION"' . "\r\n"; if ($new == 'yes') { $query = $this->db->query("SELECT product_id, full_product_name, overview, specification, meta_keyword, meta_description FROM cv_products WHERE product_id IN ({$newarray})"); } else { $query = $this->db->query("SELECT product_id, full_product_name, overview, specification, meta_keyword, meta_description FROM cv_products"); } if ($query->num_rows() > 0) { foreach ($query->result() as $row) { $csv_file .= '"' . $row->product_id . '";"1";"' . cleantitle($row->full_product_name) . '";"' . cleantext(removebaflk($row->overview)) . '";"";"Buy cheap online at discounted prices ' . cleantitle($row->full_product_name) . '";"Buy online chinese ' . cleantext($row->meta_description) . '";"' . cleantext($row->meta_keyword) . '";"' . cleantext(removebaflk($row->specification)) . '"' . "\r\n"; } // $csv_file .= 'FINISH'."\r\n"; $file_name = 'oc__product_description.csv'; $file_path = $_SERVER["DOCUMENT_ROOT"] . '/upload/opencart/' . $folder; $file_path_name = $file_path . $file_name; array_map("unlink", glob($_SERVER["DOCUMENT_ROOT"] . "/upload/opencart/*.csv")); $file = fopen($file_path_name, "w"); fwrite($file, trim($csv_file)); fclose($file); return $file_name; } }
if ($_POST['kode'] != $_SESSION['Var_session'] or !isset($_SESSION['Var_session'])) { $error .= 'Error: Security Code not Match<br \\>'; } if (time() < @$_SESSION['posted_link']) { $selisih = @$_SESSION['posted_link'] - time(); $error .= "Please Wait " . (int) date('i', $selisih) . " Menit, " . date('s', $selisih) . " detik"; } if ($error != '') { $open['error'] = true; $open['pesanError'] = $error; } else { $open['error'] = false; $judul = cleantext($_POST['judul']); $url = cleantext($_POST['url']); $kategori = cleantext($_POST['kategori']); $keterangan = cleantext($_POST['keterangan']); //is_valid_email if (validate_url($url)) { $url = 'http://' . eregi_replace('http://', '', $url); } else { $url = ''; } $query = mysql_query("INSERT INTO `mod_link` (`judul`,`url`,`kid`,`keterangan`,`public`,`date`) VALUES ('{$judul}','{$url}','{$kategori}','{$keterangan}',0,'" . time() . "')"); if ($query) { $open['error'] = false; $open['pesanError'] = ''; session_register('posted_link'); $_SESSION['posted_link'] = time() + 60 * 10; } else { $open['error'] = true; $open['pesanError'] = 'Gagal Memasukkan Data Kedalam Database';
/** * New page * * New page description * * @access public * @param none * @return redirect * @route n/a */ function parse_earned_palladium($message) { if (is_numeric($message)) { $palladium = ceil($message / 30); if ($palladium > 20) { $palladium = 20; } // Max gold amount cap if ($palladium < 1) { $palladium = 1; } // Min gold amount cap return $palladium; } else { $palladium = ceil(cleantext($message) / 30); if ($palladium > 20) { $palladium = 20; } // Max gold amount cap if ($palladium < 1) { $palladium = 1; } // Min gold amount cap return $palladium; } }
exit; } else{ $admin .='<legend>KOSONGKAN TABEL</legend>'; $admin .= '<div class="border2"> <table width="25%"><tr align="center"> <td> <a href="admin.php?pilih=kosongkan&mod=yes&aksi=transaksi">TRANSAKSI</a> </td> <td> <a href="admin.php?pilih=kosongkan&mod=yes&aksi=stokawal">STOK AWAL</a> </td> </tr></table> </div>'; if ($_GET['aksi'] == 'transaksi'){ if(isset($_POST['submit'])){ $tabel = cleantext($_POST['tabel']); if ($error){ $admin.='<div class="error">'.$error.'</div>'; }else{ $query = $koneksi_db->sql_query ("TRUNCATE TABLE $tabel"); $admin .= '<div class="sukses">Berhasil menghapus tabel '.$tabel.'</div>'; } } $admin .= '<div class="panel panel-info"> <div class="panel-heading"><h3 class="panel-title">Kosongkan Transaksi</h3></div>'; $admin.='<div class="border">'; $admin.='<form method="post" action="#"> <table width="100%" border="0" cellspacing="0" cellpadding="0">'; $sel2 = '<select name="tabel" class="form-control">'; $arr2 = array ('pos_po','pos_podetail','pos_popenjualan','pos_popenjualandetail','pos_pembelian','pos_pembeliandetail','pos_pembelianretur','pos_pembelianreturdetail','pos_penjualan','pos_penjualanbiaya','pos_penjualanbiayadetail','pos_penjualandetail','pos_penjualanjasa','pos_penjualanjasadetail','pos_penjualanretur','pos_penjualanreturdetail');
} $zeile = file($catfile); $zeilen = sizeof($zeile); $eintrag = explode("§", $zeile[$zeilen - 1]); $id = $eintrag[0] + 1; if ($zeilen) { if (strlen($id) == 1) { $id = '00' . $id; } if (strlen($id) == 2) { $id = '0' . $id; } } else { $id = 1; } $_POST['name'] = cleantext($_POST['name']); if ($_FILES['file']['name'] != '') { /* Datei-Upload */ $dir = "../catpics/"; // chmod 777! if ($_FILES['file']['size'] > $maxsize) { echo 'Die Datei ' . $_FILES['file']['name'] . ' ist zu gross! <br /><br />'; drawfooter($version); exit; } if (move_uploaded_file($_FILES['file']['tmp_name'], $dir . $_FILES['file']['name'])) { echo $_FILES['file']['name'] . ' wurde hochgeladen!<br />'; $upflname = $_FILES['file']['name']; } else { echo 'Fehler! Die Datei konnte nicht hochgeladen werden!<br /><br />'; drawfooter($version);
///// fungsi hightlight ////////////////////////////////////////////////////////////////////////////////////////////////////////// $highlight = $search; if (isset($search)) { // Split words and phrases $words = explode(' ', trim(htmlspecialchars(urldecode($search)))); $highlight_match = ''; for ($i = 0; $i < sizeof($words); $i++) { if (trim($words[$i]) != '') { $highlight_match .= ($highlight_match != '' ? '|' : '') . str_replace('*', '\\w*', phpbb_preg_quote($words[$i], '#')); } } unset($words); } $JUDUL = $row['judul']; $KETERANGAN = cleantext($row['keterangan']); $URL = $row['url']; $ID = $row['id']; $DATE = transCAL($row['date'], 'id', true); $HIT = $row['hit']; $kid = $row['kid']; $JUDUL = str_replace('\\"', '"', substr(preg_replace('#(\\>(((?>([^><]+|(?R)))*)\\<))#se', "preg_replace('#(" . $highlight_match . ")#i', '<span class=\\'pencarian\\'>\\\\1</span>', '\\0')", '>' . $JUDUL . '<'), 1, -1)); $KETERANGAN = str_replace('\\"', '"', substr(preg_replace('#(\\>(((?>([^><]+|(?R)))*)\\<))#se', "preg_replace('#(" . $highlight_match . ")#i', '<span class=\\'pencarian\\'>\\\\1</span>', '\\0')", '>' . $KETERANGAN . '<'), 1, -1)); $dl .= '<input type="hidden" name="judul_array[]" value="' . $JUDUL . '" />'; $dl .= "<input type=\"checkbox\" name=\"links[]\" value=\"{$ID}\" style=\"border:none\" /> <b><a href='{$URL}' title='{$URL}' target='_blank'>{$JUDUL}</a></b>" . cek_baru_links($ID, $CONFIG['new_update'], 'id', $GLOBALS['tabel']['link']) . "\n<br />{$KETERANGAN}<br />\n<b>Added on:</b> {$DATE} <b>View:</b> {$HIT} <br /><br />\n"; } mysql_free_result($hasil4); $dl .= '<br /><a href="javascript:checkall(\'links\', \'links[]\')" title=\'Select All\'>Check All</a> '; $dl .= ' <input type="submit" name="edit_form" value="Edit" /> <input type="submit" name="hapus_form" value="Hapus" />';
$admin .= '</table>'; } if ($_GET['aksi'] == 'hapushint' && is_numeric($_GET['id'])) { $id = int_filter($_GET['id']); $hapus = mysql_query("DELETE FROM `hint` WHERE `id`='{$id}'"); if ($hapus) { $admin .= '<div class="sukses">Data Berhasil Dihapus Dengan ID = ' . $id . '</div>'; $admin .= '<meta http-equiv="refresh" content="3; url=admin.php?pilih=admin_users&aksi=hint">'; } else { $admin .= '<div class="error">Data Gagal dihapus Dengan ID = ' . $id . '</div>'; $admin .= '<meta http-equiv="refresh" content="3; url=admin.php?pilih=admin_users&aksi=hint">'; } } if ($_GET['aksi'] == 'addhint') { if (isset($_POST['add_hint'])) { $hint = cleantext($_POST['hint']); if (empty($_POST['hint'])) { $error .= "Error: Formulir hint belum diisi , silahkan ulangi.<br />"; } if ($error) { $admin .= '<div class="error">' . $error . '</div>'; } else { $query = mysql_query("INSERT INTO `hint` (`hint`) VALUES ('{$hint}')"); $admin .= '<div class="sukses">Data Hint Berhasil di Add</div>'; $admin .= '<meta http-equiv="refresh" content="3; url=admin.php?pilih=admin_users&aksi=hint">'; } } $admin .= '<div class="border"><b>Add Hint</b></div>'; $admin .= '<div class="border">'; $admin .= "<form method='post' action='#'>\n<table cellspacing=\"3\" cellpadding=\"1\" style='width:100%'>\n <tr>\n <td valign='top'>Hint </td>\n <td width='1%' valign='top'>:</td>\n <td valign='top'><input type='text' name='hint' size='30' /></td>\n </tr> "; $admin .= "<tr>\n\t<td> </td>\n <td width='1%'> </td>\n <td ><input type='submit' value='Add' name='add_hint' /></td>\n </tr>\n</table></form>";
<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td><form method="post" action=""> <table width="100%" border="0" cellspacing="4" cellpadding="0"> <tr> <td colspan="3"><strong>Sign up</strong></td> </tr> <tr> <td>Username</td> <td>:</td> <td><input name="username" type="text" size="30" value="' . cleantext(stripslashes(@$_POST['username'])) . '" required /></td> </tr> <tr> <td>E-mail</td> <td>:</td> <td><input name="email" type="text" size="30" value="' . cleantext(stripslashes(@$_POST['email'])) . '" required /></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" size="30" required /></td> </tr> <tr> <td>ReType Password</td> <td>:</td> <td><input name="rpassword" type="password" size="30" required /></td> </tr> <tr> <td>Nama</td> <td>:</td> <td><input name="nama" type="text" size="30" value="' . $_POST['nama'] . '" required /></td>
if ($widgetpenulis == 2) { $tengah .= '<h4 class="bg">Tentang Penulis</h4>'; $hasil = $koneksi_db->sql_query("SELECT * FROM useraura where user='******'"); $data = $koneksi_db->sql_fetchrow($hasil); $user = $data['user']; $biodata = $data['biodata']; $avatar = '<img src="mod/profile/images/' . $data['avatar'] . '">'; $avatar = $data['avatar'] == '' ? '' : '<div style="float:left; padding:3px; border:1px solid #cccccc; background:#f2f2f2; margin-right:10px;"><img src="mod/profile/images/' . $data['avatar'] . '" width="50" border="0" alt="' . $user . '" /></div>'; $tengah .= '<div class="border"><table><tr><td>' . $avatar . '' . $biodata . '</td></tr></table></div>'; } ////////////Komentar//////////////////////////////////// if ($widgetkomentar == 2) { // Komentar Berita if ($_POST['submit'] == 'comment') { $nama = cleantext(hapuspetik($_POST['nama'])); $kontenkomentar = cleantext(hapuspetik($_POST['kontenkomentar'])); $emailkomentar = $_POST['emailkomentar']; $tgl = date('Y-m-d'); $artikelid = $_POST['artikelid']; $ip = getenv("REMOTE_ADDR"); checkemail($emailkomentar); $gfx_check = $_POST['gfx_check']; if ($gfx_check != $_SESSION['Var_session'] or !isset($_SESSION['Var_session'])) { $error .= "Error: Security Code Invalid<br />"; } if (!$nama) { $error .= "Error: Silahkan isi Namanya<br />"; } if (!$emailkomentar) { $error .= "Error: Silahkan isi Emailnya<br />"; }
<?php
if (isset($_GET['id'])){ if ($_SESSION['LevelAkses'] == 'User'){ $open['error'] = true; $open['errorpesan'] = 'Tidak Diizinkan'; $j = new JSON_obj(); echo $j->encode($open); exit; } $open['error'] = false; $open['errorpesan'] = ''; $id = $_GET['id']; $topik = cleantext(rawurldecode($_POST['topik'])); $ket = cleantext(rawurldecode($_POST['ket'])); $update = mysql_query ("UPDATE `topik` SET `topik`='$topik',`ket`='$ket' WHERE `id` = '$id'"); if (!$update){ $open['error'] = true; $open['errorpesan'] = 'Error: '.mysql_error(); } $j = new JSON_obj(); echo $j->encode($open); } break; case 'delTopik': if (isset($_GET['id'])){
} if (cek_posted('shoutbox')) { $error .= '<li>Anda Sudah Memposting, Tunggu beberapa Menit Lagi</li>'; } if (!empty($_POST['nama']) && !empty($_POST['yousay']) && preg_match('/^[._a-z0-9-]+[._a-z0-9- ]+$/i', $_POST['nama']) && $kkode == false && !cek_posted('shoutbox')) { global $koneksi_db, $maxadmindata; $ip_adr = cleartext(@$_SERVER["HTTP_X_FORWARDED_FOR"]); if (@$_SERVER["HTTP_X_FORWARDED_FOR"] == '') { $ip_adr = @$_SERVER["REMOTE_ADDR"]; } $agent_Usr = cleartext(@$_SERVER["HTTP_USER_AGENT"]); $ket = "{$ip_adr}|{$agent_Usr}"; $DatE = tanggal_simpan_shoutbox(); $name = cleantext($_POST['nama']); $email = cleantext($_POST['email']); $yousay = cleantext($_POST['yousay']); $tglnow = date("Y-m-d"); $tgl = !isset($tgl) ? $tglnow : $tgl; $valid_mail = "^([._a-z0-9-]+[._a-z0-9-]*)@(([a-z0-9-]+\\.)*([a-z0-9-]+)(\\.[a-z]{2,3}))\$"; if (!preg_match($valid_mail, $email)) { $email = ''; } $perintah1 = "INSERT INTO shoutbox (waktu, nama, email, isi, ket,tgl) VALUES ('{$DatE}', '{$name}', '{$email}', '{$yousay}', '{$ket}', '{$tgl}')"; $hasil = @mysql_query($perintah1); if ($hasil) { posted('shoutbox'); @header("location: shoutbox.php"); exit; } } else { echo '
} if ($error) { $admin .= '<div class="error">' . $error . '</div>'; } else { $up = mysql_query("UPDATE `useraura` SET `level`='{$level}',`tipe`='{$tipe}',`email`='{$email}',`password`=md5('{$password}') WHERE `UserId`='{$id}' AND `user`!='admin'"); $admin .= '<div class="sukses">Data Berhasil Diupdate Dengan ID = ' . $id . '</div>'; } } if ($_GET['aksi'] == 'add') { if (isset($_POST['submit'])) { $user = cleantext($_POST['user']); $level = cleantext($_POST['level']); $tipe = cleantext($_POST['tipe']); $password = cleantext($_POST['password']); $email = cleantext($_POST['email']); $nama = cleantext($_POST['nama']); if (empty($_POST['user'])) { $error .= "Error: Formulir user belum diisi , silahkan ulangi.<br />"; } //if (empty($_POST['email'])) $error .= "Error: Formulir email belum diisi , silahkan ulangi.<br />"; if (empty($_POST['password'])) { $error .= "Error: Formulir Password belum diisi , silahkan ulangi.<br />"; } if (!$user || preg_match("/[^a-zA-Z0-9_-]/", $user)) { $error .= "Error: Karakter Username tidak diizinkan kecuali a-z,A-Z,0-9,-, dan _<br />"; } if (strlen($user) > 10) { $error .= "Username Terlalu Panjang Maksimal 10 Karakter<br />"; } if (strrpos($user, " ") > 0) { $error .= "Username Tidak Boleh Menggunakan Spasi";
if ($update) { $open['error'] = false; $open['errorpesan'] = ''; } else { $open['error'] = true; $open['errorpesan'] = mysql_error(); } $cek = mysql_query("SELECT `keterangan` FROM `mod_cat_download` WHERE `kid` = '{$id}'"); $data = mysql_fetch_assoc($cek); $open['keterangan'] = $data['keterangan']; $j = new JSON_obj(); echo $j->encode($open); break; case 'editkat': $id = $_GET['id']; $desc = cleantext($_POST['desc']); $update = mysql_query("UPDATE `mod_cat_download` SET `kategori` = '{$desc}' WHERE `kid` = '{$id}'"); if ($update) { $open['error'] = false; $open['errorpesan'] = ''; } else { $open['error'] = true; $open['errorpesan'] = mysql_error(); } $cek = mysql_query("SELECT `kategori` FROM `mod_cat_download` WHERE `kid` = '{$id}'"); $data = mysql_fetch_assoc($cek); $open['keterangan'] = $data['kategori']; $j = new JSON_obj(); echo $j->encode($open); break; case 'broken':
} if (strlen($id) == 3) { $id = "0000" . $id; } if (strlen($id) == 4) { $id = "000" . $id; } if (strlen($id) == 5) { $id = "00" . $id; } if (strlen($id) == 6) { $id = "0" . $id; } } else { $id = 1; } $_POST['name'] = cleantext($_POST['name'], 1); $_POST['email'] = cleantext($_POST['email'], 1); $_POST['comment'] = cleantext($_POST['comment']); $datum = time(); $nl = chr(13) . chr(10); $fp = fopen($cf, "a"); flock($fp, 2); fwrite($fp, my_nl2br(implode(array($id, $_POST['commentid'], $_POST['comment'], $_POST['name'], $_POST['email'], $datum), "§")) . $nl); flock($fp, 3); fclose($fp); echo '<br /><br /><br /><div align="center">Dein Kommentar wurde erfolgreich eingetragen. Du wirst in 3 Sekunden weitergeleitet.<br /><a href="' . $_POST['backurl'] . '">Wenn Du nicht länger warten willst, klicke hier</a>.</div>'; echo '<meta http-equiv="refresh" content="3; URL=' . $_POST['backurl'] . '">'; } } #########################################
} } // Additional security (Union, CLike, XSS) if (isset($_SERVER['QUERY_STRING']) && !stripos_clone($_SERVER['QUERY_STRING'], "ad_click")) { $queryString = $_SERVER['QUERY_STRING']; if (stripos_clone($queryString, '%20union%20') or stripos_clone($queryString, '/*') or stripos_clone($queryString, '*/union/*') or stripos_clone($queryString, 'c2nyaxb0') or stripos_clone($queryString, '+union+') or stripos_clone($queryString, 'cmd=') and !stripos_clone($queryString, '&cmd') or stripos_clone($queryString, 'exec') and !stripos_clone($queryString, 'execu') or stripos_clone($queryString, 'concat')) { die('Illegal Operation'); } } function cek_situs() { global $publishwebsite, $koneksi_db; if ($publishwebsite != '1') { $query = $koneksi_db->sql_query("SELECT * FROM widget_uc WHERE id='{$publishwebsite}'"); $data = $koneksi_db->sql_fetchrow($query); $uc = $data[2]; die("\r<div align=center>\r{$uc}\r</div>"); } } function forgot_login() { global $UserName, $Expire, $koneksi_db; $user = cleantext($_POST['user']); $email = cleantext($_POST['email']); $hint = cleantext($_POST['hint']); $hintjawab = cleantext($_POST['hintjawab']); $query = $koneksi_db->sql_query("SELECT * FROM pos_useraura WHERE user='******' and email='{$email}' and hint='{$hint}' and hintjawab='{$hintjawab}' AND tipe='aktif'"); $total = $koneksi_db->sql_numrows($query); $data = $koneksi_db->sql_fetchrow($query); $koneksi_db->sql_freeresult($query);
######################################### ######################################### # Editierten Comment speichern # ######################################### if ($_GET['go'] == 'savecomment') { $zeile = file($cf); $zeilen = sizeof($zeile); for ($i = 0; $i < $zeilen; $i++) { $eintrag = explode('§', $zeile[$i]); if ($eintrag[0] == $_POST['nr']) { $eintrag[2] = unspecialchars($_POST['comment']); $eintrag[2] = cleantext($_POST['comment']); $eintrag[3] = unspecialchars($_POST['author']); $eintrag[3] = cleantext($_POST['author']); $eintrag[4] = unspecialchars($_POST['email']); $eintrag[4] = cleantext($_POST['email']); } $zeile[$i] = implode($eintrag, "§"); } $fp = fopen($cf, "w+"); flock($fp, 2); for ($i = 0; $i < $zeilen; $i++) { fwrite($fp, $zeile[$i]); } flock($fp, 3); fclose($fp); echo 'Comment gespeichert!'; } ######################################### ######################################### # Eintrag löschen #