public function loadSession($username, $password) { $verify = Database::execQuery("SELECT EXISTS(SELECT id FROM users WHERE username = '******' and pass = md5('{$password}')) as 'asshole'")[0][0]; if ($verify) { // jika sudah benar error_log($verify); session_start(); // maka simpan data ID ke dalam session $_SESSION['userID'] = Database::execQuery("SELECT id from users where username = '******' and pass = md5('{$password}') and role != 5")[0]['id']; header("Location: " . \Turner\System\App::$information['serverAddr'] . "/index"); // dan arahkan ke halaman indeks } else { $wrongData = true; // jika tidak, tampilkan halaman login kembali dengan error salah data include "magician/login.php"; exit; // keluar return 0; } }
public static function rewriteFunction() { $conn = new Database(); $conn->connect(); if (!($conn->execQuery("SELECT user_id FROM post WHERE id = '" . $_POST['POSTID'] . "'")[0][0] == \Turner\System\User::getID()) && !(\Turner\System\User::getRole() == 'editor' || \Turner\System\User::getRole() == 'admin')) { header("Location: " . \Turner\System\App::$information['serverAddr'] . "/post"); return; } if (isset($_POST['PostTitle']) && isset($_POST['PostContent']) && isset($_POST['slug']) && $_POST['PostTitle'] != '' && $_POST['slug'] != '') { $execStatus = false; if (\Turner\System\User::getRole() == 'contributor') { $_POST['publish'] = false; } echo $conn->beginTransaction(); try { $query = $conn->query("UPDATE post SET title = '" . htmlspecialchars($_POST['PostTitle'], ENT_QUOTES) . "', content = '" . htmlspecialchars($_POST['PostContent'], ENT_QUOTES) . "', pass = md5('" . htmlspecialchars($_POST['post_password'], ENT_QUOTES) . "'), slug = '" . $_POST['slug'] . "', post_status = " . intval($_POST['publish']) . ", comment_status = " . intval($_POST['comment_status']) . " WHERE id = " . intval($_POST['POSTID'])); $conn->query("DELETE FROM post_category WHERE post_id = " . intval($_POST['POSTID'])); foreach ($_POST['category'] as $catData) { $conn->query("INSERT INTO post_category(post_id, category_id) VALUES(" . intval($_POST['POSTID']) . ", " . intval($catData) . ")"); } $execStatus = true; header("Location: " . \Turner\System\App::$information['serverAddr'] . "/post"); } catch (\PDOException $e) { echo "<form id=formtemp action='" . \Turner\System\App::$information['serverAddr'] . "/post/edit' method=POST>"; foreach ($_POST as $key => $data) { echo "<input type=hidden name='" . $key . "' value='" . htmlspecialchars(is_array($data) ? implode(',', $data) : $data, ENT_QUOTES) . "'>"; } echo "<input type=hidden name=errorInfo value='" . htmlspecialchars($e->getMessage()) . "'>"; echo "</form>"; ?> <script> document.getElementById("formtemp").submit(); </script> <?php $execStatus = false; } if ($execStatus) { $conn->commit(); } else { $conn->rollBack(); } } }