if ($auto == 0) {
if ($_SESSION['USER_LEVEL'] == 1 or $_SESSION['USER_LEVEL'] == 2) {
$auto = 1;
} else {
$auto = null;
}
}
$no = null;
$_POST['web'] = str_replace("<", "<", $_POST['web']);
$_POST['web'] = str_replace(">", ">", $_POST['web']);
$_POST['web'] = str_replace(" ", "", $_POST['web']);
$_POST['web'] = str_replace(" ", "", $_POST['web']);
$text = htmlentities($_POST['com']);
$parent = 1;
$apps = app_param();
$com = $db->insert(FDBPrefix . 'comment', array("", "{$link}", $_SESSION['USER_ID'], "{$_POST['name']}", "{$_POST['email']}", "{$_POST['web']}", date("Y-m-d H:i:s", time()), "{$text}", "{$auto}", "{$apps}", "{$parent}", "{$parent}", "{$parent}"));
if ($com and $auto) {
$notice = alert("info", comment_Notice_Info, true);
} else {
$notice = alert("info", comment_Notice_Info2, true);
}
if (empty($no)) {
$no = 1;
}
//Comment will appear after page reload
$link = "{$go_link}#comment-{$no}";
}
}
} else {
$notice = alert("error", comment_Notice_Error5, true);
}
$mod = explode("--", $file);
$go = null;
foreach ($mod as $val) {
$val = str_replace("db_prefix_", FDBPrefix, $val);
$val = str_replace("_site_title", "{$_POST['site']}", $val);
$val = str_replace("_site_desc", "{$_POST['desc']}", $val);
$go = $db->query("{$val}");
}
fclose($open_file);
}
if ($go) {
notice('success', "SQL Query successfully!", 3);
refresh();
}
if (preg_match('/^.+@.+\\..+$/', $_POST['email'])) {
$qr = $db->insert(FDBPrefix . 'user', array("", "{$_POST['username']}", "Administrator", MD5("{$_POST['userpass']}"), "{$_POST['email']}", "1", "1", date('Y-m-d H:i:s'), date('Y-m-d H:i:s'), ""));
if ($qr) {
$_SESSION['user'] = "******";
$_SESSION['host'] = "";
$_SESSION['success'] = 1;
}
} else {
notice('error', "Email or User are invalid!", 2);
}
} else {
notice('error', "Please fill the fields correctly!", 2);
}
}
if (isset($_POST['admin'])) {
session_destroy();
rename("_config.php", "config.php");
} else {
notice('error', Status_Fail);
}
}
} else {
notice('error', Status_Invalid);
}
}
/****************************************/
/* Add New contact */
/****************************************/
if (isset($_POST['save_add']) or isset($_POST['apply_add'])) {
$db = new FQuery();
$db->connect();
if (!empty($_POST['name']) and !empty($_POST['gender']) and !empty($_POST['group'])) {
$qr = $db->insert(FDBPrefix . 'contact', array("", "{$_POST['name']}", "{$_POST['gender']}", "{$_POST['email']}", "{$_POST['address']}", "{$_POST['city']}", "{$_POST['state']}", "{$_POST['country']}", "{$_POST['zip']}", "{$_POST['phone']}", "{$_POST['fax']}", "{$_POST['job']}", "{$_POST['photo']}", "{$_POST['web']}", "{$_POST['ym']}", "{$_POST['fb']}", "{$_POST['tw']}", "{$_POST['desc']}", "{$_POST['group']}", 1));
if ($qr and isset($_POST['apply_add'])) {
$sql = $db->select(FDBPrefix . 'contact', 'id', '', 'id DESC');
$qr = mysql_fetch_array($sql);
notice('success', Contact_Saved);
redirect('?app=contact&act=edit&id=' . $qr['id'], 2);
} elseif ($qr and isset($_POST['save_add'])) {
notice('success', Contact_Saved);
redirect('?app=contact', 2);
} else {
notice('error', Status_Fail);
}
} else {
notice('error', Status_Invalid);
}
}
if (!empty($_POST['name']) and !empty($_POST['cat']) and !empty($_POST['apps']) and !empty($_POST['link'])) {
$param = '';
// first value from $param
if (isset($_POST['totalParam'])) {
for ($p = 1; $p <= $_POST['totalParam']; $p++) {
if ($p != $_POST['totalParam']) {
@($param = $param . $_POST["nameParam{$p}"] . "=" . $_POST['param' . $p] . ';\\n');
} else {
@($param = $param . $_POST['param' . $p]);
}
}
}
@($param = str_replace('"', "'", "{$_POST['editor']}"));
@($parameter .= $param);
$param = str_replace('"', "'", $param);
$qr = $db->insert(FDBPrefix . 'menu', array("", "{$_POST['cat']}", "{$_POST['name']}", "{$_POST['link']}", "{$_POST['apps']}", "{$_POST['parent_id']}", "{$_POST['status']}", "{$_POST['short']}", "{$_POST['level']}", "0", "{$_POST['title']}", "{$_POST['show_title']}", "{$_POST['sub_name']}", "{$_POST['class']}", "{$_POST['style']}", "{$parameter}", ""));
if ($qr and isset($_POST['apply_add'])) {
$sql = $db->select(FDBPrefix . 'menu', 'id', '', 'id DESC');
$qr = mysql_fetch_array($sql);
notice('success', Menu_Saved, 2);
redirect('?app=menu&view=edit&id=' . $qr['id']);
} elseif ($qr and isset($_POST['save_add'])) {
notice('success', Menu_Saved, 2);
redirect('?app=menu');
} else {
notice('error', Status_Invalid);
}
} else {
notice('error', Status_Invalid);
}
}
if (@multipleSelect($pars)) {
@($pars = multipleSelect($pars));
} else {
@($pars = $pars);
}
@($param .= $_POST["nameParam{$p}"] . "=" . $pars . ';\\n');
}
}
$page = @$_POST['page'];
$page = @multipleSelect($page);
@($parameter = str_replace('"', "'", "{$_POST['editor']}"));
@($parameter = $parameter . $param);
if (checkLocalhost()) {
$parameter = str_replace(FLocal . "media/", "media/", $parameter);
}
$qr = $db->insert(FDBPrefix . 'module', array("", "{$_POST['title']}", "{$_POST['folder']}", "{$_POST['position']}", "{$_POST['short']}", "{$_POST['level']}", "{$_POST['status']}", "{$page}", "{$parameter}", "{$_POST['class']}", "{$_POST['style']}", "{$_POST['show_title']}"));
if ($qr and isset($_POST['apply_add'])) {
$db = new FQuery();
$db->connect();
$sql = $db->select(FDBPrefix . 'module', 'id', '', 'id DESC');
$qr = mysql_fetch_array($sql);
$_SESSION['NOTICE'] = alert('success', New_Module_Saved);
redirect('?app=module&act=edit&id=' . $qr['id']);
} elseif ($qr and isset($_POST['save_add'])) {
alert('success', New_Module_Saved, 0, 0, 'NOTICE_REF');
if ($qr) {
redirect('?app=module', 1);
}
} else {
$_SESSION['NOTICE_ADD'] = alert('error', Status_Invalid, 0, 0, 'NOTICE');
}
* @copyright Copyright (C) 2014 Fiyo CMS.
* @license GNU/GPL, see LICENSE.
**/
if (!isset($_POST['user'])) {
die('Access Denied!');
}
session_start();
define('_FINDEX_', 1);
require '../../../system/jscore.php';
$db = new FQuery();
$user = mysql_real_escape_string($_POST['user']);
$sql = $db->select(FDBPrefix . "user", "*", "status=1 AND user='******' AND password='******'pass']) . "'");
$qr = mysql_fetch_array($sql);
$jml = mysql_affected_rows();
if ($jml > 0) {
$_SESSION['USER_ID'] = $qr['id'];
$_SESSION['USER'] = $qr['user'];
$_SESSION['USER_NAME'] = $qr['name'];
$_SESSION['USER_EMAIL'] = $qr['email'];
$_SESSION['USER_LEVEL'] = $qr['level'];
$_SESSION['USER_LOG'] = $qr['time_log'];
$time_log = date('Y-m-d H:i:s');
$db->update(FDBPrefix . 'user', array("time_log" => "{$time_log}"), "id={$qr['id']}");
$db->delete(FDBPrefix . "session_login", "user_id={$qr['id']}");
$qr = $db->insert(FDBPrefix . "session_login", array("{$qr['id']}", "{$qr['user']}", "{$qr['level']}", date('Y-m-d H:i:s')));
}
if ($qr or !empty($_SESSION['USER_ID']) and $_SESSION['USER_LEVEL'] <= 3 and userInfo()) {
echo "{ \"status\":\"1\" , \"alert\":\"" . alert('success', Login_Success) . "\"}";
} else {
echo "{ \"status\":\"0\" , \"alert\":\"" . alert('error', Login_Error) . "\"}";
}
/**
* @version 2.0
* @package Fiyo CMS
* @copyright Copyright (C) 2014 Fiyo CMS.
* @license GNU/GPL, see LICENSE.
**/
defined('_FINDEX_') or die('Access Denied');
$db = new FQuery();
/****************************************/
/* Add category article */
/****************************************/
if (isset($_POST['save_category']) or isset($_POST['add_category'])) {
if (!empty($_POST['name'])) {
$_POST['name'] = str_replace('"', '', $_POST['name']);
$_POST['name'] = str_replace("'", '', $_POST['name']);
$qr = $db->insert(FDBPrefix . 'article_category', array("", "{$_POST['name']}", "{$_POST['parent_id']}", "{$_POST['desc']}", "{$_POST['keys']}", "{$_POST['level']}"));
if ($qr and isset($_POST['add_category'])) {
notice('success', Category_Added, 2);
redirect('?app=article&view=category');
} else {
if ($qr and isset($_POST['save_category'])) {
$sql2 = $db->select(FDBPrefix . 'article_category', 'id', '', 'id DESC LIMIT 1');
notice('success', Category_Added, 2);
$qrs = mysql_fetch_array($sql2);
redirect("?app=article&view=category&act=edit&id={$qrs['id']}");
} else {
$_SESSION['NOTICE_ERROR'] = alert('error', Status_Invalid);
}
}
} else {
$_SESSION['NOTICE_ERROR'] = alert('error', Status_Invalid);
function add_permalink($title, $cat = NULL, $pid = null, $ext = null, $next = null)
{
$page = _Page;
if (!preg_match("/[0-9]/", $page)) {
$page = null;
}
if (SEF_URL and !checkHomePage() and !$page) {
$db = new FQuery();
$db->connect();
$eqpos = strpos($_SERVER['REQUEST_URI'], "=");
$tapos = strpos($_SERVER['REQUEST_URI'], "?");
if ($eqpos > 0 and $tapos > 0 and empty($_GET['page'])) {
$permalink = str_replace(" ", "-", strtolower($title));
if (app_param('app') == 'article' and app_param('view') == 'item') {
while (substr_count($permalink, '/')) {
$permalink = str_replace("/", "-", $permalink);
}
}
$category = str_replace(" ", "-", strtolower($cat));
if (!empty($cat)) {
$permalink = strtolower($category) . "/" . $permalink;
} else {
$permalink = $permalink;
}
while (substr_count($permalink, "[")) {
$permalink = str_replace("[", "", $permalink);
}
while (substr_count($permalink, "]")) {
$permalink = str_replace("]", "", $permalink);
}
while (substr_count($permalink, "(")) {
$permalink = str_replace("(", "", $permalink);
}
while (substr_count($permalink, ")")) {
$permalink = str_replace(")", "", $permalink);
}
while (substr_count($permalink, "{")) {
$permalink = str_replace("{", "", $permalink);
}
while (substr_count($permalink, "}")) {
$permalink = str_replace("}", "", $permalink);
}
while (substr_count($permalink, "&")) {
$permalink = str_replace("&", "", $permalink);
}
while (substr_count($permalink, "&")) {
$permalink = str_replace("&", "", $permalink);
}
/************ ? removal **************/
while (substr_count($permalink, "?")) {
$permalink = str_replace("?", "", $permalink);
}
/************ + removal **************/
while (substr_count($permalink, "+")) {
$permalink = str_replace("+", "", $permalink);
}
/************ # removal **************/
while (substr_count($permalink, "#")) {
$permalink = str_replace("#", "", $permalink);
}
/************ & removal **************/
while (substr_count($permalink, "\\&")) {
$permalink = str_replace("\\&", "", $permalink);
}
/************ . removal **************/
while (substr_count($permalink, ".")) {
$permalink = str_replace(".", "-", $permalink);
}
/************ ! removal **************/
while (substr_count($permalink, "!")) {
$permalink = str_replace("!", "", $permalink);
}
/************ ` removal **************/
while (substr_count($permalink, "`")) {
$permalink = str_replace("`", "", $permalink);
}
/************ ' removal **************/
while (substr_count($permalink, "'")) {
$permalink = str_replace("'", "", $permalink);
}
/************ " removal **************/
while (substr_count($permalink, "\"")) {
$permalink = str_replace('"', "", $permalink);
}
/************ ; removal **************/
while (substr_count($permalink, ";")) {
$permalink = str_replace(';', "", $permalink);
}
/************ " removal **************/
while (substr_count($permalink, '|')) {
$permalink = str_replace('|', "", $permalink);
}
/************ % removal **************/
while (substr_count($permalink, '%')) {
$permalink = str_replace('%', "", $permalink);
}
/************ * removal **************/
while (substr_count($permalink, '*')) {
$permalink = str_replace('*', "", $permalink);
}
/************ ^ removal **************/
while (substr_count($permalink, '^')) {
$permalink = str_replace('^', "", $permalink);
}
/************ \ removal **************/
while (substr_count($permalink, '\\')) {
$permalink = str_replace("\\", "", $permalink);
}
/************ \ removal **************/
/************ , removal **************/
while (substr_count($permalink, ',')) {
$permalink = str_replace(",", "", $permalink);
}
/************ $ removal **************/
while (substr_count($permalink, '$')) {
$permalink = str_replace("\$", "", $permalink);
}
/************ @ removal **************/
while (substr_count($permalink, '@')) {
$permalink = str_replace("@", "", $permalink);
}
while (substr_count($permalink, "--")) {
$permalink = str_replace("--", "-", $permalink);
}
if (empty($pid)) {
$pid = Page_ID;
}
$link = getLink();
if (!empty($category) and empty($ext)) {
$permalink = $permalink . SEF_EXT;
} else {
if (!empty($ext)) {
$ext = str_replace(".", "", $ext);
$permalink = "{$permalink}.{$ext}";
}
}
if (check_permalink('link', $link)) {
redirect(FUrl . $permalink);
} else {
if (!empty($permalink)) {
if ($c = check_permalink('permalink', $permalink)) {
$x = 2;
$permalink = str_replace(SEF_EXT, "", $permalink);
while ($c) {
$p = "{$permalink}-{$x}";
$c = check_permalink('permalink', $p . SEF_EXT);
$x++;
}
$permalink = $p . SEF_EXT;
}
if (!empty($permalink) and $permalink != "-" and !empty($link)) {
$qr = $db->insert(FDBPrefix . 'permalink', array("", "{$link}", "{$permalink}", $pid, 1, 0));
}
if (isset($qr)) {
redirect(FUrl . $permalink);
}
}
}
}
}
}
$webmail = "noreply@{$domain}";
if ($activator == 0) {
$pass = MD5($_POST['password']);
$s = 0;
} else {
if ($activator == 1) {
$pass = MD5($_POST['password']);
$s = 1;
} else {
if ($activator == 2) {
$pass = MD5($_POST['password']);
$s = 0;
}
}
}
$qr = $db->insert(FDBPrefix . 'user', array("", "{$_POST['user']}", "{$_POST['user']}", $pass, "{$_POST['email']}", "{$s}", "{$group}", date('Y-m-d H:i:s'), date('Y-m-d H:i:s'), "{$key}"));
if ($qr) {
if ($activator == 2) {
if ($siteLang == 'id') {
$subject = "Aktifasi Akun Baru";
$message = "<p>Hi, {$_POST['user']},</p> \n\t\t\t\t\t\t<p>Terimakasih sudah bergabung bersama kami di {$siteName}.</p>\n\t\t\t\t\t\t<p>Kami perlu melakukan konfirmasi untuk mengaktifkan akun Anda.<br>Klik link berikut untuk mengaktifkan akun Anda. :</p>\n\t\t\t\t\t\t<p><a href='" . FUrl . "?{$keys}' {$btnClass}> Aktifasi Akun </a></p>\n\t\t\t\t\t\t<p>Jaga selalu data Anda dari segala sesuatu yang tidak diinginkan.<br>Terimakasih.</p>\n\t\t\t\t\t\t<p> </p>\n\t\t\t\t\t\t<p><b>{$siteName}.</b><br>\n\t\t\t\t\t\t" . FUrl . "</p>";
} else {
$subject = "New Account Activation";
$message = "<p>Hi, {$_POST['user']},</p>\n\t\t\t\t\t\t<p>Thank you, you have to register and join us on {$siteName}.</p>\n\t\t\t\t\t\t<p>We need to confirm to activate your account.<br>Click the following link to activate your account:</p>\n\t\t\t\t\t\t<p><a href='" . FUrl . "?{$keys}' {$btnClass}> Account Activation </a></p>\n\t\t\t\t\t\t<p>Please save your data account carefully.<br>Thankyou.</p>\n\t\t\t\t\t\t<p> </p>\n\t\t\t\t\t\t<p><b>{$siteName}.</b><br>\n\t\t\t\t\t\t" . FUrl . "</p>";
}
} else {
if ($siteLang == 'id') {
$subject = "Informasi Data Login";
$message = "<p>Hi, {$_POST['user']},</p> \n\t\t\t\t\t\t<p>Terimakasih sudah bergabung bersama kami di {$siteName}.</p>";
if ($activator == 0) {
$message = $message . "<p>Akun anda masih menunggu persetujuan untuk diaktifkan.</p>";
}
} else {
notice('error', Status_Invalid);
}
}
/****************************************/
/* Add User */
/****************************************/
if (isset($_POST['save']) or isset($_POST['apply'])) {
$us = strlen("{$_POST['user']}");
$ps = strlen("{$_POST['password']}");
$user = $_POST['user'];
$name = $_POST['name'];
preg_match('/[^a-zA-Z0-9]+/', $user, $matches);
if (!empty($_POST['password']) and !empty($_POST['user']) and !empty($_POST['name']) and !empty($_POST['email']) and !empty($_POST['level']) and $_POST['password'] == $_POST['kpassword'] and $us > 2 and $ps > 3 and @ereg("^.+@.+\\..+\$", $_POST['email']) and !$matches) {
$qr = $db->insert(FDBPrefix . 'user', array("", "{$user}", "{$name}", MD5("{$_POST['password']}"), "{$_POST['email']}", "{$_POST['status']}", "{$_POST['level']}", date('Y-m-d H:i:s'), '', "{$_POST['bio']}"));
if ($qr and isset($_POST['save'])) {
notice('success', User_Added);
redirect('?app=user');
} else {
if ($qr and isset($_POST['apply'])) {
$sql = $db->select(FDBPrefix . 'user', 'id', '', 'id DESC');
$qr = mysql_fetch_array($sql);
notice('success', User_Added);
redirect('?app=user&act=edit&id=' . $qr['id']);
} else {
notice('error', Status_Fail);
}
}
} else {
notice('error', Status_Invalid);
/**
* @version 2.0
* @package Fiyo CMS
* @copyright Copyright (C) 2014 Fiyo CMS.
* @license GNU/GPL, see LICENSE.
**/
defined('_FINDEX_') or die('Access Denied');
$db = new FQuery();
$db->connect();
/****************************************/
/* Add permalink */
/****************************************/
if (isset($_POST['save_new']) or isset($_POST['apply_new'])) {
if (!empty($_POST['permalink']) and !empty($_POST['link'])) {
$qr = $db->insert(FDBPrefix . 'permalink', array("", "{$_POST['link']}", "{$_POST['permalink']}", "{$_POST['page']}", "{$_POST['status']}", "{$_POST['lock']}"));
if ($qr and isset($_POST['save_new'])) {
notice('success', Status_Added);
redirect('?app=permalink');
} else {
if ($qr and isset($_POST['apply_new'])) {
$sql = $db->select(FDBPrefix . 'permalink', 'id', '', 'id DESC');
$qr = mysql_fetch_array($sql);
notice('success', Status_Added);
redirect('?app=permalink&act=edit&id=' . $qr['id']);
} else {
notice('error', Status_Fail, 2);
}
}
} else {
notice('error', Status_Invalid, 2);
function load_login()
{
if (isset($_POST['fiyo_login'])) {
$db = new FQuery();
$user = mysql_real_escape_string($_POST['user']);
$sql = $db->select(FDBPrefix . "user", "*", "status=1 AND user='******' AND password='******'pass']) . "'");
$qr = mysql_fetch_array($sql);
$jml = mysql_affected_rows();
if ($jml > 0) {
$_SESSION['USER_ID'] = $qr['id'];
$_SESSION['USER'] = $qr['user'];
$_SESSION['USER_NAME'] = $qr['name'];
$_SESSION['USER_EMAIL'] = $qr['email'];
$_SESSION['USER_LEVEL'] = $qr['level'];
$_SESSION['USER_LOG'] = $qr['time_log'];
$time_log = date('Y-m-d H:i:s');
$db->update(FDBPrefix . 'user', array("time_log" => "{$time_log}"), "id={$qr['id']}");
$db->delete(FDBPrefix . "session_login", "user_id={$qr['id']}");
$qr = $db->insert(FDBPrefix . "session_login", array("{$qr['id']}", "{$qr['user']}", "{$qr['level']}", date('Y-m-d H:i:s')));
}
if ($qr or !empty($_SESSION['USER_ID']) and $_SESSION['USER_LEVEL'] <= 3 and userInfo()) {
redirect(getUrl());
} else {
select_themes('login');
alert('error', Login_Error);
}
} else {
if (isset($_GET['theme']) and $_GET['theme'] == 'blank') {
echo "Redirecting...";
} else {
select_themes('login');
}
}
}
