$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('category');
$tabledel->deleteBy('id_category', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'category' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('category');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_category', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'category' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$title = $val->validasi($_POST['title'], 'xss');
$seotitle = seo_title($title);
$table = new PoTable('category');
$table->save(array('title' => $title, 'seotitle' => $seotitle));
header('location:../../admin.php?mod=' . $mod);
$tabledel->deleteBy('id_gallery', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
}
// Delete Album
if ($mod == 'gallery' and $act == 'deletealbum') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('album');
$tabledel->deleteBy('id_album', $id);
header('location:../../admin.php?mod=' . $mod . '&act=album');
} else {
header('location:../../404.php');
}
} elseif ($mod == 'gallery' and $act == 'inputgallery') {
if ($currentRoleAccess->write_access == "Y") {
$id_album = $val->validasi($_POST['id_album'], 'xss');
$title = $val->validasi($_POST['title'], 'xss');
if (!empty($_POST['picture'])) {
$picture = $_POST['picture'];
$table = new PoTable('gallery');
$table->save(array('id_album' => $id_album, 'title' => $title, 'picture' => $picture));
header('location:../../admin.php?mod=' . $mod);
} else {
$table = new PoTable('gallery');
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('tag');
$tabledel->deleteBy('id_tag', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'tag' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('tag');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_tag', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'tag' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
if (empty($_POST['tag'])) {
header('location:../../404.php');
} else {
$post = $val->validasi($_POST['tag'], 'xss');
$pecah = explode(",", $post);
header('location:../../404.php');
}
} elseif ($mod == 'user' and $act == 'deleteuserlevel') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('user_level');
$tabledel->deleteBy('id_level', $id);
header('location:../../admin.php?mod=' . $mod . '&act=userlevel');
} else {
header('location:../../404.php');
}
} elseif ($mod == 'user' and $act == 'deleteuserrole') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('user_role');
$tabledel->deleteBy('id_role', $id);
header('location:../../admin.php?mod=' . $mod . '&act=userrole');
} else {
header('location:../../404.php');
}
} elseif ($mod == 'user' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$username = $val->validasi($_POST['username'], 'xss');
$pass = md5($_POST[password]);
$namalengkap = $val->validasi($_POST['nama_lengkap'], 'xss');
$email = $val->validasi($_POST['email'], 'xss');
$telp = $val->validasi($_POST['no_telp'], 'xss');
$level = $val->validasi($_POST['level'], 'xss');
$tableuser = new PoTable('users');
$users = $tableuser->findAll('id_user', 'ASC');
foreach ($users as $user) {
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('siswa');
$tabledel->deleteBy('id_siswa', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'siswa' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('siswa');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_siswa', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'siswa' and $act == 'delimage') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$picture = '';
$data = array('picture' => $picture);
$table = new PoTable('siswa');
$table->updateBy('id_siswa', $id, $data);
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('contact');
$tabledel->deleteBy('id_contact', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'contact' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('contact');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_contact', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'contact' and $act == 'viewdata') {
if ($currentRoleAccess->read_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$tablecontact = new PoTable('contact');
$currentContact = $tablecontact->findBy('id_contact', $id);
$currentContact = $currentContact->current();
echo "{$currentContact->message_contact}";
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('kelas');
$tabledel->deleteBy('id_kelas', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'kelas' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('kelas');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_kelas', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'kelas' and $act == 'delimage') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$picture = '';
$data = array('picture' => $picture);
$table = new PoTable('kelas');
$table->updateBy('id_kelas', $id, $data);
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('comment');
$tabledel->deleteBy('id_comment', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'comment' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('comment');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_comment', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'comment' and $act == 'approve') {
if ($currentRoleAccess->modify_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$active = $val->validasi($_POST['active'], 'xss');
$data = array('active' => $active);
$table = new PoTable('comment');
$table->updateBy('id_comment', $id, $data);
} else {
$tabledel->deleteBy('id_post', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'post' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('post');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_post', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'post' and $act == 'delimage') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$picture = '';
$data = array('picture' => $picture);
$table = new PoTable('post');
$table->updateBy('id_post', $id, $data);
$act = $_POST['act'];
$tableroleaccess = new PoTable('user_role');
$currentRoleAccess = $tableroleaccess->findByAnd(id_level, $_SESSION['leveluser'], module, $mod);
$currentRoleAccess = $currentRoleAccess->current();
// Hapus Theme
if ($mod == 'theme' and $act == 'delete') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('theme');
$currentSearch = $tabledel->findBy(id_theme, $id);
$currentSearch = $currentSearch->current();
$folder = $currentSearch->folder;
$dirPath = "../../../po-content/{$folder}";
$deletef = deleteDir($dirPath);
if ($deletef) {
$tabledel->deleteBy('id_theme', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'theme' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$extensionList = array("zip");
$fileName = $_FILES['fupload']['name'];
$tmpName = $_FILES['fupload']['tmp_name'];
$fileType = $_FILES['fupload']['type'];
$fileSize = $_FILES['fupload']['size'];
$pecah = explode(".", $fileName);
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('media');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel = new PoTable('media');
$currentSearch = $tabledel->findBy(id_media, $id);
$currentSearch = $currentSearch->current();
$picture = $currentSearch->file_name;
$pecah = explode(".", $picture);
$ekstensi = $pecah[1];
if ($ekstensi == 'jpg') {
unlink("../../../po-content/po-upload/{$picture}");
unlink("../../../po-content/po-upload/medium-{$picture}");
$tabledel->deleteBy('id_media', $id);
} else {
unlink("../../../po-content/po-upload/{$picture}");
$tabledel->deleteBy('id_media', $id);
}
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'library' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$extensionList = array("jpg", "png", "xls", "xlsx", "ppt", "pptx", "txt", "doc", "docx", "pdf", "psd");
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('absen');
$tabledel->deleteBy('id_absen', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'absen' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('absen');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_absen', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'absen' and $act == 'input') {
if ($currentRoleAccess->write_access == "Y") {
$idk = $val->validasi($_POST['idk'], 'xss');
$jam = $val->validasi($_POST['jam'], 'xss');
$_SESSION['idk'] = $idk;
$_SESSION['jam'] = $jam;
echo $_SESSION['idk'] . "<br>";
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('pages');
$tabledel->deleteBy('id_pages', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'pages' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('pages');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_pages', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'pages' and $act == 'delimage') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$picture = '';
$data = array('picture' => $picture);
$table = new PoTable('pages');
$table->updateBy('id_pages', $id, $data);
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('guru');
$tabledel->deleteBy('id_guru', $id);
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} elseif ($mod == 'guru' and $act == 'multidelete') {
if ($currentRoleAccess->delete_access == "Y") {
$totaldata = $val->validasi($_POST['totaldata'], 'xss');
if ($totaldata != "0") {
$itemdel = $_POST['item'];
$tabledel = new PoTable('guru');
foreach ($itemdel as $item) {
$id = $val->validasi($item['deldata'], 'xss');
$tabledel->deleteBy('id_guru', $id);
}
header('location:../../admin.php?mod=' . $mod);
} else {
header('location:../../404.php');
}
} else {
header('location:../../404.php');
}
} elseif ($mod == 'guru' and $act == 'delimage') {
if ($currentRoleAccess->delete_access == "Y") {
$id = $val->validasi($_POST['id'], 'sql');
$picture = '';
$data = array('picture' => $picture);
$table = new PoTable('guru');
$table->updateBy('id_guru', $id, $data);
<?php
session_start();
if (empty($_SESSION['namauser']) and empty($_SESSION['passuser'])) {
header('location:../../404.php');
} else {
include_once '../../../po-library/po-database.php';
include_once '../../../po-library/po-function.php';
$val = new Povalidasi();
$mod = $_POST['mod'];
$act = $_POST['act'];
// Delete Event
if ($mod == 'event' and $act == 'delete') {
$id = $val->validasi($_POST['id'], 'sql');
$tabledel = new PoTable('event');
$tabledel->deleteBy('id_event', $id);
header('location:../../admin.php?mod=' . $mod);
} elseif ($mod == 'event' and $act == 'input') {
$title = $val->validasi($_POST['title'], 'xss');
$seotitle = seo_title($title);
$start = $val->validasi($_POST['start'], 'xss');
$end = $val->validasi($_POST['end'], 'xss');
$allday = $val->validasi($_POST['allday'], 'xss');
$data = $_POST['content'];
$data = stripslashes($data);
$eutf = htmlspecialchars($data, ENT_QUOTES);
$color = $val->validasi($_POST['color'], 'xss');
$table = new PoTable('event');
$table->save(array('title' => $title, 'startevt' => $start, 'endevt' => $end, 'allday' => $allday, 'content' => $eutf, 'seotitle' => $seotitle, 'color' => $color));
header('location:../../admin.php?mod=' . $mod);
} elseif ($mod == 'event' and $act == 'update') {
