/** Đăng nhập admin cp */
function admin_cp_login()
{
global $hmuser;
$hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET);
hook_action('admin_cp_login');
$user_login = hm_post('login');
$password = hm_post('password');
$logmein = hm_post('log-me-in');
if (is_numeric($logmein)) {
$tableName = DB_PREFIX . "users";
$whereArray = array('user_login' => MySQL::SQLValue($user_login));
$hmdb->SelectRows($tableName, $whereArray);
if ($hmdb->HasRecords()) {
$row = $hmdb->Row();
$salt = $row->salt;
$user_pass = $row->user_pass;
$password_encode = hm_encode_str(md5($password . $salt));
if ($password_encode == $user_pass) {
$time = time();
$ip = hm_ip();
$cookie_array = array('time' => $time, 'ip' => $ip, 'user_login' => $user_login, 'admincp' => 'yes');
$cookie_user = hm_encode_str($cookie_array);
setcookie('admin_login', $cookie_user, time() + COOKIE_EXPIRES, '/');
$_SESSION['admin_login'] = $cookie_user;
return json_encode(array('status' => 'success', 'mes' => _('Đăng nhập thành công')));
} else {
return json_encode(array('status' => 'error', 'mes' => _('Sai mật khẩu')));
}
} else {
return json_encode(array('status' => 'error', 'mes' => _('Không có tài khoản này')));
}
}
}
function active_theme()
{
$theme = hm_post('theme');
if (is_dir(BASEPATH . HM_THEME_DIR . '/' . $theme) and is_file(BASEPATH . HM_THEME_DIR . '/' . $theme . '/init.php')) {
$args = array('section' => 'system_setting', 'key' => 'theme', 'value' => $theme);
set_option($args);
}
}
function request_suggest($key)
{
$hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET);
global $hmtaxonomy;
global $hmcontent;
$return = '';
$input_name = hm_post('input', '');
$key = trim($key);
$key = str_replace(' ', '-', $key);
if ($key != '') {
$tableName = DB_PREFIX . 'request_uri';
$hmdb->Query("SELECT * FROM `" . $tableName . "` WHERE `uri` LIKE '%" . $key . "%' LIMIT 10");
while ($row = $hmdb->Row()) {
$id = $row->id;
$object_id = $row->object_id;
$object_type = $row->object_type;
$uri = $row->uri;
$suggest_label = '';
$object_name = '';
switch ($object_type) {
case 'taxonomy':
$tax_data = taxonomy_data_by_id($object_id);
$tax_key = $tax_data['taxonomy']->key;
$taxonomy = $hmtaxonomy->hmtaxonomy;
$suggest_label = $taxonomy[$tax_key]['taxonomy_name'];
$object_name = get_tax_val('name=name&id=' . $object_id);
break;
case 'content':
$con_data = content_data_by_id($object_id);
$con_key = $con_data['content']->key;
$content = $hmcontent->hmcontent;
$suggest_label = $content[$con_key]['content_name'];
$object_name = get_con_val('name=name&id=' . $object_id);
break;
}
$return .= '<li>';
$return .= '<p data-id="' . $id . '" data-input="' . $input_name . '" data-name="' . $object_name . '" object_id="' . $object_id . '" object_type="' . $object_type . '">';
$return .= '<span class="suggest_label">' . $suggest_label . ': </span><b>' . $object_name . '</b>';
$return .= '</p>';
$return .= '</li>';
}
}
return $return;
}
/** gọi model xử lý menu */
require_once dirname(__FILE__) . '/menu/menu_model.php';
$key = hm_get('key');
$id = hm_get('id');
$action = hm_get('action');
switch ($action) {
case 'add':
echo add_menu();
break;
case 'edit':
echo edit_menu($id);
break;
case 'delete':
$menu_id = hm_post('id');
echo delete_menu($menu_id);
break;
case 'delete_item':
$item_id = hm_post('id');
echo delete_menu_item($item_id);
break;
case 'edit_item':
echo edit_menu_item($id);
break;
case 'save_order':
echo save_menu_item_order($id);
break;
case 'location':
$args = hm_post('menu');
echo save_menu_location($args);
break;
}
/** Active / Deactive plugin */
function disable_plugin($status, $plugin_key = FALSE)
{
$hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET);
if ($plugin_key == FALSE) {
$plugin_key = hm_post('plugin');
}
if (is_dir(BASEPATH . HM_PLUGIN_DIR . '/' . $plugin_key) and is_file(BASEPATH . HM_PLUGIN_DIR . '/' . $plugin_key . '/' . $plugin_key . '.php')) {
$tableName = DB_PREFIX . 'plugin';
$values["active"] = MySQL::SQLValue($status);
$values["key"] = MySQL::SQLValue($plugin_key);
$whereArray = array('key' => MySQL::SQLValue($plugin_key));
$hmdb->AutoInsertUpdate($tableName, $values, $whereArray);
$mes = NULL;
if ($status == '1') {
$mes = $plugin_key . ' active';
} elseif ($status == '0') {
$mes = $plugin_key . ' deactive';
}
$args = array('status' => 'success', 'mes' => $mes);
return json_encode($args);
}
}
return FALSE;
}
}
/** lưu thứ tự các menu item trong menu */
function save_menu_item_order($id)
{
hook_action('save_menu_item_order');
global $hmdb;
$json = hm_post('json');
$order_array = json_decode($json, TRUE);
$tableName = DB_PREFIX . "object";
$i = 1;
foreach ($order_array as $menu_item) {
$id_menu_item = $menu_item['id'];
/** cập nhật thứ tự menu item */
$valuesArray = array('order_number' => MySQL::SQLValue($i, MySQL::SQLVALUE_NUMBER), 'parent' => MySQL::SQLValue($id));
$whereArray = array('key' => MySQL::SQLValue('menu_item'), 'id' => MySQL::SQLValue($id_menu_item));
$hmdb->UpdateRows($tableName, $valuesArray, $whereArray);
if (isset($menu_item['children'])) {
$children = $menu_item['children'];
update_menu_item_children($id_menu_item, $children);
}
function admin_cp_newpw()
{
global $hmuser;
$hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET);
hook_action('newpw_checkkey');
$key = hm_post('key');
$password = hm_post('password');
$password2 = hm_post('password2');
if ($password == $password2) {
$tableName = DB_PREFIX . "field";
$whereArray = array('name' => MySQL::SQLValue('lostpw_key'), 'object_type' => MySQL::SQLValue('user'), 'val' => MySQL::SQLValue($key));
$hmdb->SelectRows($tableName, $whereArray);
$row = $hmdb->Row();
$user_id = $row->object_id;
$salt = rand(100000, 999999);
$password_encode = hm_encode_str(md5($password . $salt));
$tableName = DB_PREFIX . "users";
$updateArray = array('user_pass' => MySQL::SQLValue($password_encode), 'salt' => MySQL::SQLValue($salt));
$whereArray = array('id' => MySQL::SQLValue($user_id, MySQL::SQLVALUE_NUMBER));
$hmdb->UpdateRows($tableName, $updateArray, $whereArray);
return json_encode(array('status' => 'success', 'mes' => _('Đã đổi mật khẩu thành công')));
} else {
return json_encode(array('status' => 'error', 'mes' => _('Hai mật khẩu bạn nhập vào không khớp')));
}
}
echo taxonomy_ajax_add($key);
break;
case 'edit':
/** Thực hiện sửa taxonomy */
echo taxonomy_ajax_edit($id);
break;
case 'draft':
/** Thực hiện xóa taxonomy */
taxonomy_update_val(array('id' => hm_post('id'), 'value' => array('status' => MySQL::SQLValue('draft'))));
break;
case 'delete_permanently':
/** Thực hiện xóa vĩnh viễn taxonomy */
taxonomy_delete_permanently(hm_post('id'));
break;
case 'public':
/** Thực hiện khôi phục taxonomy */
taxonomy_update_val(array('id' => hm_post('id'), 'value' => array('status' => MySQL::SQLValue('public'))));
break;
case 'ajax_slug':
/** Thực hiện tạo slug từ chuỗi */
echo taxonomy_ajax_slug();
break;
case 'quick_edit':
/** Tạo form quick edit taxonomy */
quick_edit_tax_form();
break;
case 'multi':
/** Xử lý nhiều danh mục cùng lúc */
echo taxonomy_ajax_multi($key);
break;
}
<?php
/**
* Tệp tin xử lý request uri bằng ajax trong admin
* Vị trí : admin/request_ajax.php
*/
if (!defined('BASEPATH')) {
exit('403');
}
/** gọi tệp tin admin base */
require_once dirname(__FILE__) . '/admin.php';
/** gọi model xử lý taxonomy */
require_once dirname(__FILE__) . '/request/request_model.php';
$key = hm_get('key');
$id = hm_get('id');
$action = hm_get('action');
switch ($action) {
case 'suggest':
$key = hm_post('val');
echo request_suggest($key);
break;
}
/** Load template user box */
function ajax_ban_user()
{
$id = hm_post('id');
if (isset_user($id) == TRUE) {
$hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET);
$tableName = DB_PREFIX . "users";
$whereArray = array('id' => $id);
$values['user_role'] = MySQL::SQLValue(5, MySQL::SQLVALUE_NUMBER);
$hmdb->UpdateRows($tableName, $values, $whereArray);
}
}
break;
case 'add':
/** Thực hiện thêm content */
$args = array('content_key' => $key);
echo content_ajax_add($args);
break;
case 'add_chapter':
/** Thực hiện thêm chapter */
echo content_ajax_add_chapter($id);
break;
case 'edit':
/** Thực hiện sửa content */
echo content_ajax_edit($id);
break;
case 'draft':
/** Thực hiện xóa content */
echo content_update_val(array('id' => hm_post('id'), 'value' => array('status' => MySQL::SQLValue('draft'))));
break;
case 'delete_permanently':
/** Thực hiện xóa vĩnh viễn content */
echo content_delete_permanently(hm_post('id'));
break;
case 'public':
/** Thực hiện khôi phục content */
echo content_update_val(array('id' => hm_post('id'), 'value' => array('status' => MySQL::SQLValue('public'))));
break;
case 'ajax_slug':
/** Thực hiện tạo slug từ chuỗi */
echo content_ajax_slug();
break;
}
function content_ajax_slug()
{
if (isset($_POST['val'])) {
if (isset($_POST['accented']) and $_POST['accented'] == 'true') {
return create_request_uri_with_accented(hm_post('val'), '', hm_post('object'));
} elseif (isset($_POST['accented']) and $_POST['accented'] == 'false') {
return create_request_uri(hm_post('val'), '', hm_post('object'));
}
}
}
function taxonomy_ajax_multi($key)
{
$action = hm_post('action');
switch ($action) {
case 'draft':
$taxonomy_ids = hm_post('taxonomy_ids');
foreach ($taxonomy_ids as $taxonomy_id) {
taxonomy_update_val(array('id' => $taxonomy_id, 'value' => array('status' => MySQL::SQLValue('draft'))));
}
break;
}
}
break;
case 'rename_media_group':
/** Đổi tên nhóm media */
$args = array();
$args['group_name'] = hm_post('group_name');
$args['group_id'] = hm_post('group_id', 0);
echo rename_media_group($args);
break;
case 'del_media_group':
/** Xóa nhóm media */
$args = array();
$args['group_id'] = hm_post('group_id', 0);
echo del_media_group($args);
break;
case 'add_media':
/** Upload media */
echo add_media();
break;
case 'delete_media':
/** Delete media */
delete_media(hm_post('id'));
break;
case 'multi_delete_media':
/** Delete multi media */
multi_delete_media(hm_post('ids'));
break;
case 'thumbnail_media':
/** Trả về link thumbnail của file */
echo thumbnail_media(hm_post('id'));
break;
}
/** Ajax upload */
function add_media()
{
if (isset($_SERVER["CONTENT_LENGTH"])) {
if ($_SERVER["CONTENT_LENGTH"] > (int) ini_get('post_max_size') * 1024 * 1024) {
return json_encode(array('status' => 'error', 'content' => _('Dung lượng tệp tin gửi lên vượt quá giới hạn cho phép của máy chủ')));
hm_exit();
}
}
$hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET);
@($media_group = hm_post('media_group'));
if (!is_numeric($media_group)) {
$media_group = 0;
}
$tableName = DB_PREFIX . 'media_groups';
$whereArray = array('id' => MySQL::SQLValue($media_group));
$hmdb->SelectRows($tableName, $whereArray);
$count = $hmdb->RowCount();
if ($count != '0') {
$row = $hmdb->Row();
$folder = $row->folder;
$folder_part = get_media_group_part($media_group);
$dir = BASEPATH . HM_CONTENT_DIR . '/uploads/' . $folder_part;
if (!file_exists($dir)) {
mkdir($dir);
chmod($dir, 0777);
}
$dir_dest = BASEPATH . HM_CONTENT_DIR . '/uploads/' . $folder_part;
} else {
$folder = "/";
$media_group = 0;
$dir_dest = BASEPATH . HM_CONTENT_DIR . '/uploads';
}
$dir_pics = $dir_dest;
$files = array();
foreach ($_FILES['file'] as $k => $l) {
foreach ($l as $i => $v) {
if (!array_key_exists($i, $files)) {
$files[$i] = array();
}
$files[$i][$k] = $v;
}
}
$status = 'success';
foreach ($files as $file) {
$handle = new Upload($file, LANG);
if ($handle->uploaded) {
$handle->Process($dir_dest);
if ($handle->processed) {
/** tạo .htaccess */
$fp = fopen($dir_dest . '/.htaccess', 'w');
$content_htaccess = 'RemoveHandler .php .phtml .php3' . "\n" . 'RemoveType .php .phtml .php3';
fwrite($fp, $content_htaccess);
fclose($fp);
/** upload thành công, lưu database thông số file */
$file_is_image = 'false';
$file_info = array();
$file_info['file_src_name'] = $handle->file_src_name;
$file_info['file_src_name_body'] = $handle->file_src_name_body;
$file_info['file_src_name_ext'] = $handle->file_src_name_ext;
$file_info['file_src_mime'] = $handle->file_src_mime;
$file_info['file_src_size'] = $handle->file_src_size;
$file_info['file_dst_name'] = $handle->file_dst_name;
$file_info['file_dst_name_body'] = $handle->file_dst_name_body;
$file_info['file_dst_name_ext'] = $handle->file_dst_name_ext;
$file_info['file_is_image'] = $handle->file_is_image;
$file_name = $file_info['file_src_name'];
if ($file_info['file_is_image'] == TRUE) {
$file_is_image = 'true';
$file_info['image_src_x'] = $handle->image_src_x;
$file_info['image_src_y'] = $handle->image_src_y;
$file_info['image_src_bits'] = $handle->image_src_bits;
$file_info['image_src_pixels'] = $handle->image_src_pixels;
$file_info['image_src_type'] = $handle->image_src_type;
$file_info['image_dst_x'] = $handle->image_dst_x;
$file_info['image_dst_y'] = $handle->image_dst_y;
$file_info['image_dst_type'] = $handle->image_dst_type;
$handle->image_resize = true;
$handle->image_ratio_crop = true;
$handle->image_y = 512;
$handle->image_x = 512;
$handle->Process($dir_dest);
$file_info['thumbnail'] = $handle->file_dst_name;
}
$file_info = json_encode($file_info);
$tableName = DB_PREFIX . 'media';
$values["media_group_id"] = MySQL::SQLValue($media_group, MySQL::SQLVALUE_NUMBER);
$values["file_info"] = MySQL::SQLValue($file_info);
$values["file_name"] = MySQL::SQLValue($file_name);
$values["file_folder"] = MySQL::SQLValue($folder);
$values["file_is_image"] = MySQL::SQLValue($file_is_image);
$insert_id = $hmdb->InsertRow($tableName, $values);
unset($values);
$status = 'success';
$content[] = $insert_id;
} else {
$status = 'error';
$content[] = $file_name . ' : ' . $handle->error;
}
} else {
$status = 'error';
$content[] = $file_name . ' : ' . $handle->error;
}
}
if (is_array($content)) {
$content = implode(", ", $content);
}
return json_encode(array('status' => $status, 'content' => $content, 'media_group' => $media_group));
}