$module = $match[1];
$value = gcms::getVars($_POST, 'value', 0);
} else {
$action = gcms::getVars($_POST, 'action', '');
$id = gcms::getVars($_POST, 'id', '');
$value = gcms::getVars($_POST, 'value', 0);
$module = gcms::getVars($_POST, 'module', 0);
}
// โมดูลที่เรียก
$index = $db->getRec(DB_MODULES, $module);
if ($index) {
// config
gcms::r2config($index['config'], $index);
// ตรวจสอบ เจ้าของ แอดมิน
$sql = "SELECT `id`,`picture` FROM `" . DB_INDEX . "` WHERE `id` IN({$id}) AND `module_id`='{$index['id']}'";
if (!gcms::canConfig($index, 'moderator') && !gcms::isAdmin()) {
$sql .= ' AND `member_id`=' . (int) $_SESSION['login']['id'];
}
$ids = array();
foreach ($db->customQuery($sql) as $item) {
$ids[$item['id']] = $item['picture'];
}
if (sizeof($ids) > 0) {
$id = implode(',', array_keys($ids));
if ($action == 'delete') {
// ลบ (บทความ)
foreach ($ids as $i => $item) {
@unlink(DATA_PATH . "document/{$item}");
}
$db->query("DELETE FROM `" . DB_COMMENT . "` WHERE `index_id` IN ({$id}) AND `module_id`='{$index['id']}'");
$db->query("DELETE FROM `" . DB_INDEX . "` WHERE `id` IN ({$id}) AND `module_id`='{$index['id']}'");
$list = array();
if ($cat_count > 0 || $index['categories'] == 0 || $index['category_display'] == 0) {
// เลือกหมวดมา หรือไม่มีหมวด หรือปิดการแสดงผลหมวดหมู่ แสดงรายการเรื่อง
include ROOT_PATH . 'modules/document/stories.php';
$template = 'list';
} else {
// ลิสต์รายชื่อหมวด
include ROOT_PATH . 'modules/document/categories.php';
$template = 'category';
}
// แสดงผลหน้าเว็บ
$patt = array('/{BREADCRUMS}/', '/{LIST}/', '/{NEWTOPIC}/', '/{CATEGORY}/', '/{TOPIC}/', '/{DETAIL}/', '/{SPLITPAGE}/', '/{LANGUAGE}/', '/{MODULE}/');
$replace = array();
$replace[] = implode("\n", $breadcrumbs);
$replace[] = sizeof($list) > 0 ? '<div class="row iconview">' . implode("\n", $list) . '</div>' : '';
$replace[] = is_file(ROOT_PATH . 'modules/document/write.php') && gcms::canConfig($index, 'can_write') ? '' : 'hidden';
$replace[] = $cat;
$replace[] = $index['topic'];
$replace[] = gcms::getVars($index, 'detail', '');
$replace[] = $splitpage;
$replace[] = LANGUAGE;
$replace[] = $index['module'];
if (sizeof($list) > 0) {
$content = preg_replace($patt, $replace, gcms::loadtemplate($index['module'], 'document', $template));
} else {
$content = preg_replace($patt, $replace, gcms::loadtemplate($index['module'], 'document', 'empty'));
}
// title,keywords,description
$title = $index['topic'];
$keywords = $index['keywords'];
$description = $index['description'];
<?php
// modules/board/admin_config.php
if (MAIN_INIT == 'admin' && $isMember) {
// ตรวจสอบโมดูลที่เรียก
$sql = "SELECT `id`,`module`,`config` FROM `" . DB_MODULES . "` WHERE `id`=" . (int) $_GET['id'] . " AND `owner`='board' LIMIT 1";
$index = $db->customQuery($sql);
$index = sizeof($index) == 1 ? $index[0] : false;
if ($index) {
// อ่าน config ของโมดูล
gcms::r2config($index['config'], $index);
// ตรวจสอบสถานะที่สามารถเข้าหน้านี้ได้
if (!gcms::canConfig($index, 'can_config')) {
$index = false;
}
}
if (!$index) {
$title = $lng['LNG_DATA_NOT_FOUND'];
$content[] = '<aside class=error>' . $title . '</aside>';
} else {
// title
$m = ucwords($index['module']);
$title = "{$lng['LNG_CONFIG']} {$m}";
$a = array();
$a[] = '<span class=icon-board>{LNG_MODULES}</span>';
$a[] = $m;
$a[] = '{LNG_CONFIG}';
// แสดงผล
$content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>';
$content[] = '<section>';
$content[] = '<header><h1 class=icon-config>' . $title . '</h1></header>';
<?php
// modules/gallery/admin_action.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'gallery_can_write')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
$action = gcms::getVars($_POST, 'action', '');
$ids = array();
foreach (explode(',', $_POST['id']) as $id) {
$ids[] = (int) $id;
}
if (sizeof($ids) > 0) {
$ids = implode(',', $ids);
if ($action == 'delete') {
// ลบอัลบัม, ตรวจสอบ id
$sql = "SELECT `id` FROM `" . DB_GALLERY_ALBUM . "` WHERE `id` IN ({$ids}) AND `module_id`=(SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='gallery')";
$ids = array();
foreach ($db->customQuery($sql) as $item) {
// ลบโฟลเดอร์และรูป
gcms::rm_dir(DATA_PATH . "gallery/{$item['id']}/");
// id ที่ลบ
$ids[] = $item['id'];
}
if (sizeof($ids) > 0) {
$ids = implode(',', $ids);
<?php
// modules/personnel/admin_category.php
if (MAIN_INIT == 'admin' && gcms::canConfig($config, 'personnel_can_config')) {
// ตรวจสอบโมดูลที่เรียก
$sql = "SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='personnel' LIMIT 1";
$index = $db->customQuery($sql);
if (sizeof($index) == 1) {
$index = $index[0];
// title
$title = "{$lng['LNG_CREATE']} - {$lng['LNG_EDIT']} {$lng['LNG_PERSONNEL_CATEGORY']}";
$a = array();
$a[] = '<span class=icon-modules>{LNG_MODULES}</span>';
$a[] = '<a href="{URLQUERY?module=personnel-config&id=0}">{LNG_PERSONNEL}</a>';
$a[] = '<a href="{URLQUERY?module=personnel-category&id=0}">{LNG_PERSONNEL_CATEGORY}</a>';
// แสดงผล
$content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>';
$content[] = '<section>';
$content[] = '<header><h1 class=icon-customer>' . $title . '</h1></header>';
// หมวดหมู่
$content[] = '<div class=subtitle>{LNG_PERSONNEL_CATEGORY_COMMENT}</div>';
$content[] = '<dl id=config_category class=editinplace_list>';
$sql = "SELECT `id`,`category_id`,`topic` FROM `" . DB_CATEGORY . "` WHERE `module_id`='{$index['id']}' ORDER BY `category_id`";
foreach ($db->customQuery($sql) as $item) {
$id = $item['id'];
$row = '<dd id=config_category_' . $id . '>';
$row .= '<span class=no>[' . $item['category_id'] . ']</span>';
$row .= '<span class=icon-delete id=config_category_delete_' . $id . ' title="{LNG_DELETE} {LNG_CATEGORY}"></span>';
$row .= '{LNG_CATEGORY} <span id=config_category_name_' . $id . ' title="{LNG_CLICK_TO} {LNG_EDIT}">' . htmlspecialchars(gcms::ser2Str($item, 'topic')) . '</span>';
$row .= '</dd>';
$content[] = $row;
<?php
// modules/download/admin_category.php
if (MAIN_INIT == 'admin' && gcms::canConfig($config, 'download_can_config')) {
// ตรวจสอบโมดูลที่เรียก
$sql = "SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='download' LIMIT 1";
$index = $db->customQuery($sql);
if (sizeof($index) == 1) {
$index = $index[0];
// title
$title = "{$lng['LNG_CREATE']} - {$lng['LNG_EDIT']} {$lng['LNG_CATEGORY']}";
$a = array();
$a[] = '<span class=icon-download>{LNG_MODULES}</span>';
$a[] = '<a href="{URLQUERY?module=download-config}">{LNG_DOWNLOAD}</a>';
$a[] = '{LNG_CATEGORY}';
// แสดงผล
$content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>';
$content[] = '<section>';
$content[] = '<header><h1 class=icon-category>' . $title . '</h1></header>';
// หมวดหมู่
$content[] = '<div class=subtitle>{LNG_DOWNLOAD_CATEGORY_DETAIL}</div>';
$content[] = '<dl id=config_category class=editinplace_list>';
$sql = "SELECT `id`,`category_id`,`topic` FROM `" . DB_CATEGORY . "` WHERE `module_id`='{$index['id']}' ORDER BY `category_id`";
foreach ($db->customQuery($sql) as $item) {
$id = $item['id'];
$row = '<dd id=config_category_' . $id . '>';
$row .= '<span class=no>[' . $item['category_id'] . ']</span>';
$row .= '<span class=icon-delete id=config_category_delete_' . $id . ' title="{LNG_DELETE} {LNG_CATEGORY}"></span>';
$row .= '{LNG_CATEGORY} <span id=config_category_name_' . $id . ' title="{LNG_CLICK_TO} {LNG_EDIT}">' . htmlspecialchars(gcms::ser2Str($item, 'topic')) . '</span>';
$row .= '</dd>';
$content[] = $row;
// ไม่พบรายการหรือยังไม่ได้ติดตั้ง
$title = $lng['LNG_DATA_NOT_FOUND'];
$content = '<div class=error>' . $title . '</div>';
} elseif (empty($config['edocument_can_upload']) || !gcms::canConfig($config, 'edocument_can_upload')) {
// ไม่สามารถอัปโหลดได้
$title = $lng['ACTION_FORBIDDEN'];
$content = '<div class=error>' . $title . '</div>';
} else {
$index = $index[0];
// login
$login = gcms::getVars($_SESSION, 'login', array('id' => 0, 'status' => -1, 'email' => '', 'password' => ''));
if ($id > 0) {
// เจ้าของ
$canEdit = $index['sender_id'] == $login['id'];
// ผู้ดูแล
$moderator = gcms::canConfig($config, 'edocument_moderator');
// เจ้าของหรือผู้ดูแล แก้ไขได้
$canEdit = $canEdit || $moderator;
// ผู้รับเอกสาร
$reciever = explode(',', $index['reciever']);
} else {
$index['document_no'] = sprintf($config['edocument_format_no'], (int) $index['document_no'] + 1);
$index['topic'] = '';
$index['detail'] = '';
$index['ext'] = '';
$index['id'] = 0;
$reciever = array();
}
if ($id == 0 || $canEdit) {
// antispam
$antispam = gcms::rndname(32);
// modules/document/admin_setup.php
if (MAIN_INIT == 'admin' && $isMember) {
unset($url_query['qid']);
// โมดูลที่เรียก
$id = gcms::getVars($_GET, 'id', 0);
// ตรวจสอบโมดูลที่เรียก
$sql = "SELECT * FROM `" . DB_MODULES . "` WHERE `id`={$id} AND `owner`='document' LIMIT 1";
$index = $db->customQuery($sql);
$index = sizeof($index) == 1 ? $index[0] : false;
if ($index) {
// อ่าน config ของโมดูล
gcms::r2config($index['config'], $index);
// ตรวจสอบสถานะที่สามารถเข้าหน้านี้ได้
$can_write = gcms::canConfig($index, 'can_write');
$moderator = gcms::canConfig($index, 'moderator');
if (!$moderator && !$can_write) {
$index = false;
}
}
if (!$index) {
$title = $lng['LNG_DATA_NOT_FOUND'];
$content[] = '<aside class=error>' . $title . '</aside>';
} else {
// ค่าที่ส่งมา
$q = array();
// หมวดที่เลือก
$cat = gcms::getVars($_GET, 'cat', 0);
if ($cat > 0) {
$q[] = "P.`category_id`={$cat}";
}
<?php
// modules/personnel/admin_inint.php
if (MAIN_INIT == 'admin' && $isAdmin && (sizeof($install_owners['personnel']) == 0 || !defined('DB_PERSONNEL'))) {
// เมนูติดตั้ง
$admin_menus['tools']['install']['personnel'] = '<a href="index.php?module=install&modules=personnel"><span>Personnel</span></a>';
} else {
// เมนูแอดมิน
if (gcms::canConfig($config, 'personnel_can_config')) {
$admin_menus['modules']['personnel']['category'] = '<a href="index.php?module=personnel-category"><span>{LNG_PERSONNEL_CATEGORY}</span></a>';
} else {
unset($admin_menus['modules']['personnel']['config']);
unset($admin_menus['modules']['personnel']['category']);
}
if (gcms::canConfig($config, 'personnel_can_config')) {
$admin_menus['modules']['personnel']['setup'] = '<a href="index.php?module=personnel-setup"><span>{LNG_PERSONNEL_LIST}</span></a>';
$admin_menus['modules']['personnel']['write'] = '<a href="index.php?module=personnel-write"><span>{LNG_ADD_NEW} {LNG_PERSONNEL}</span></a>';
} else {
unset($admin_menus['modules']['personnel']['setup']);
}
}
if (isset($_POST['id'])) {
foreach (explode(',', $_POST['id']) as $id) {
$ids[] = (int) $id;
}
$id = implode(',', $ids);
}
}
// ตรวจสอบ module
$index = $db->getRec(DB_MODULES, $module);
if ($index) {
if (in_array($index['owner'], array('document', 'board'))) {
// config
gcms::r2config($index['config'], $index);
$admin = gcms::canConfig($index, 'can_config');
} else {
$admin = gcms::canConfig($config, $index['owner'] . '_can_config');
}
if ($admin && $action == 'delete') {
// ลบหมวดหมู่, ตรวจสอบรายการที่เลือก และลบ icon ของหมวด
$ids = array();
$categories = array();
$sql = "SELECT `id`,`icon` FROM `" . DB_CATEGORY . "` WHERE `id` IN ({$id}) AND `module_id`='{$index['id']}'";
foreach ($db->customQuery($sql) as $item) {
foreach (gcms::ser2Array($item, 'icon') as $icon) {
if (is_file(DATA_PATH . "{$index['owner']}/{$icon}")) {
// ลบไอคอนของหมวด
unlink(DATA_PATH . "{$index['owner']}/{$icon}");
}
}
// รายการที่ลบ category_detail
$ids[] = $item['id'];
<?php
// modules/video/admin_config_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::canConfig($config, 'video_can_config')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// โหลด config ใหม่
$config = array();
if (is_file(CONFIG)) {
include CONFIG;
}
// ค่าที่ส่งมา
$config['google_api_key'] = gcms::getVars($_POST, 'google_api_key', '');
$config['video_cols'] = gcms::getVars($_POST, 'config_cols', 0);
$config['video_rows'] = gcms::getVars($_POST, 'config_rows', 0);
$config['video_can_write'] = isset($_POST['config_can_write']) ? $_POST['config_can_write'] : array();
$config['video_can_write'][] = 1;
$config['video_can_config'] = isset($_POST['config_can_config']) ? $_POST['config_can_config'] : array();
$config['video_can_config'][] = 1;
// บันทึก config.php
if (gcms::saveconfig(CONFIG, $config)) {
$ret['error'] = 'SAVE_COMPLETE';
$ret['location'] = 'reload';
} else {
$ret['error'] = 'DO_NOT_SAVE';
<?php
// modules/event/admin_inint.php
if (MAIN_INIT == 'admin' && $isAdmin && (sizeof($install_owners['event']) == 0 || !defined('DB_EVENTCALENDAR'))) {
// เมนูติดตั้ง
$admin_menus['tools']['install']['event'] = '<a href="index.php?module=install&modules=event"><span>Event Calendar</span></a>';
} else {
// เมนูแอดมิน
if (!gcms::canConfig($config, 'event_can_config')) {
unset($admin_menus['modules']['event']['config']);
}
if (gcms::canConfig($config, 'event_can_write')) {
$admin_menus['modules']['event']['setup'] = '<a href="index.php?module=event-setup"><span>{LNG_EVENT_LIST}</span></a>';
} else {
unset($admin_menus['modules']['event']['setup']);
}
}
<?php
// modules/edocument/admin_config_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::canConfig($config, 'edocument_can_config')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
$error = false;
// ตรวจสอบชนิดของไฟล์
$file_typies = strtolower(preg_replace('/[\\s]/', '', $_POST['config_file_typies']));
if ($file_typies != '') {
foreach (explode(',', $file_typies) as $item) {
if (!preg_match('/^[a-z0-9]{2,6}$/u', $item)) {
$error = true;
}
}
}
$edocument_format_no = $db->sql_trim_str($_POST, 'config_format_no');
// ตรวจสอบค่าที่ส่งมา
$ret['ret_config_format_no'] = '';
$ret['ret_config_file_typies'] = '';
if ($edocument_format_no == '') {
$ret['error'] = 'EDOCUMENT_FORMAT_NO_EMPTY';
$ret['input'] = 'config_format_no';
$ret['ret_config_format_no'] = 'EDOCUMENT_FORMAT_NO_EMPTY';
} elseif ($file_typies == '') {
<?php
// modules/download/admin_inint.php
if (MAIN_INIT == 'admin' && $isAdmin && (sizeof($install_owners['download']) == 0 || !defined('DB_DOWNLOAD'))) {
// เมนูติดตั้ง
$admin_menus['tools']['install']['download'] = '<a href="index.php?module=install&modules=download"><span>Download</span></a>';
} else {
// เมนูแอดมิน
if (!gcms::canConfig($config, 'download_can_config')) {
unset($admin_menus['modules']['download']['config']);
unset($admin_menus['modules']['download']['category']);
}
if (gcms::canConfig($config, 'download_can_upload')) {
$admin_menus['modules']['download']['setup'] = '<a href="index.php?module=download-setup"><span>{LNG_DOWNLOAD_FILES}</span></a>';
$admin_menus['modules']['download']['write'] = '<a href="index.php?module=download-write"><span>{LNG_UPLOAD}</span></a>';
} else {
unset($admin_menus['modules']['download']['setup']);
}
}
<?php
// modules/edocument/admin_config.php
if (MAIN_INIT == 'admin' && gcms::canConfig($config, 'edocument_can_config')) {
// ตรวจสอบโมดูลที่เรียก
$sql = "SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='edocument' LIMIT 1";
$index = $db->customQuery($sql);
if (sizeof($index) == 0) {
$title = $lng['LNG_DATA_NOT_FOUND'];
$content[] = '<aside class=error>' . $title . '</aside>';
} else {
$index = $index[0];
// title
$title = "{$lng['LNG_CONFIG']} {$lng['LNG_EDOCUMENT']}";
$a = array();
$a[] = '<span class=icon-edocument>{LNG_MODULES}</span>';
$a[] = '{LNG_EDOCUMENT}';
$a[] = '{LNG_CONFIG}';
// แสดงผล
$content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>';
$content[] = '<section>';
$content[] = '<header><h1 class=icon-config>' . $title . '</h1></header>';
// form
$content[] = '<form id=setup_frm class=setup_frm method=post action=index.php autocomplete=off>';
$content[] = '<fieldset>';
$content[] = '<legend><span>{LNG_MAIN_CONFIG}</span></legend>';
// edocument_format_no
$content[] = '<div class=item>';
$content[] = '<label for=config_format_no>{LNG_EDOCUMENT_NO} :</label>';
$content[] = '<span class="g-input icon-config"><input type=text id=config_format_no name=config_format_no value="' . $config['edocument_format_no'] . '" size=100 title="{LNG_EDOCUMENT_FORMAT_NO_COMMENT}"></span>';
$content[] = '<div class=comment id=result_config_format_no>{LNG_EDOCUMENT_FORMAT_NO_COMMENT}</div>';
<?php
// modules/event/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// ตรวจสอบ referer และ สมาชิก
if (gcms::isReferer() && gcms::canConfig($config, 'event_can_write')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$save['topic'] = gcms::getTags($_POST['write_topic']);
$keywords = gcms::getTags($_POST['write_keywords']);
$save['keywords'] = $db->sql_clean(gcms::cutstring(preg_replace('/[\'\\"\\r\\n\\s]{1,}/isu', ' ', $keywords == '' ? $save['topic'] : $keywords), 149));
$description = trim(gcms::getVars($_POST, 'write_description', ''));
$save['description'] = $db->sql_trim_str(gcms::cutstring(gcms::html2txt($description == '' ? $_POST['write_detail'] : $description), 149));
$save['detail'] = gcms::ckDetail($_POST['write_detail']);
$save['published_date'] = $db->sql_trim_str($_POST, 'write_published_date');
$save['published'] = $_POST['write_published'] == '1' ? '1' : '0';
$save['begin_date'] = "{$_POST['write_d']} {$_POST['write_h']}:{$_POST['write_m']}:00";
$save['color'] = $db->sql_trim_str($_POST, 'write_color');
$id = gcms::getVars($_POST, 'write_id', 0);
if ($id > 0) {
// ตรวจสอบโมดูล หรือ เรื่องที่เลือก (แก้ไข)
$sql = "SELECT I.`module_id`,M.`module`";
$sql .= " FROM `" . DB_EVENTCALENDAR . "` AS I";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`owner`='event' AND M.`id`=I.`module_id`";
$sql .= " WHERE I.`id`='{$id}'";
$sql .= " LIMIT 1";
<?php
// modules/gallery/admin_upload.php
if (MAIN_INIT == 'admin' && gcms::canConfig($config, 'gallery_can_write')) {
// อัลบัมที่แก้ไข
$id = gcms::getVars($_GET, 'id', 0);
// ตรวจสอบโมดูลที่เรียก
if ($id > 0) {
$sql = "SELECT C.`id`,C.`topic`,M.`module` FROM `" . DB_MODULES . "` AS M";
$sql .= " INNER JOIN `" . DB_GALLERY_ALBUM . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}";
$sql .= " WHERE M.`owner`='gallery' LIMIT 1";
$index = $db->customQuery($sql);
}
if ($id == 0 || sizeof($index) == 0) {
$title = $lng['LNG_DATA_NOT_FOUND'];
$content[] = '<aside class=error>' . $title . '</aside>';
} else {
$index = $index[0];
// guploads
$javascript['guploads'] = '<script src=' . WEB_URL . '/widgets/guploads/script.js></script>';
// title
$title = "{$lng['LNG_ADD']} - {$lng['LNG_DELETE']} {$lng['LNG_IMAGE']}";
$a = array();
$a[] = '<span class=icon-gallery>{LNG_MODULES}</span>';
$a[] = '<a href="{URLQUERY?module=gallery-config&id=0}">{LNG_GALLERY}</a>';
$a[] = '<a href="{URLQUERY?module=gallery-album&id=0}">{LNG_GALLERY_ALBUM}</a>';
$a[] = '{LNG_GALLERY_UPLOAD}';
// แสดงผล
$content[] = '<div class=breadcrumbs><ul><li>' . implode('</li><li>', $a) . '</li></ul></div>';
$content[] = '<section>';
$content[] = '<header><h1 class=icon-upload>' . $title . ' {LNG_GALLERY_ALBUM} ' . $index['topic'] . '</h1></header>';
$totalpage = round($count['count'] / $config['edocument_listperpage']);
$totalpage += $totalpage * $config['edocument_listperpage'] < $count['count'] ? 1 : 0;
$page = $page > $totalpage ? $totalpage : $page;
$page = $page < 1 ? 1 : $page;
$start = $config['edocument_listperpage'] * ($page - 1);
// list รายการ
$sql = "SELECT D.*,U.`fname`,U.`lname`,U.`email`,U.`status` FROM `" . DB_EDOCUMENT . "` AS D";
$sql .= " INNER JOIN `" . DB_USER . "` AS U ON U.`id`=D.`sender_id`";
$sql .= " {$where} ORDER BY D.`last_update` DESC LIMIT {$start},{$config['edocument_listperpage']}";
$datas = $cache->get($sql);
if (!$datas) {
$datas = $db->customQuery($sql);
$cache->save($sql, $datas);
}
// ผู้ดุแล
$moderator = $isAdmin || gcms::canConfig($config, 'edocument_moderator');
// อ่านรายการลงใน $list
$list = array();
$patt = array('/(edit\\s{ID})/', '/(report\\s{ID})/', '/(delete\\s{ID})/', '/{ID}/', '/{NAME}/', '/{EXT}/', '/{ICON}/', '/{DETAIL}/', '/{DATE}/', '/{NO}/', '/{SIZE}/', '/{SENDER}/', '/{STATUS}/', '/{UID}/');
$listitem = gcms::loadtemplate($index['module'], 'edocument', 'listitem');
foreach ($datas as $item) {
$replace = array();
$replace[] = $moderator || $login_id == $item['sender_id'] ? '\\1' : 'hidden';
$replace[] = $moderator || $login_id == $item['sender_id'] ? '\\1' : 'hidden';
$replace[] = $moderator || $login_id == $item['sender_id'] ? '\\1' : 'hidden';
$replace[] = $item['id'];
$replace[] = $item['topic'];
$replace[] = $item['ext'];
$replace[] = WEB_URL . '/skin/ext/' . (is_file(ROOT_PATH . "skin/ext/{$item['ext']}.png") ? $item['ext'] : 'file') . '.png';
$replace[] = $item['detail'];
$replace[] = gcms::mktime2date($item['last_update'], 'd M Y');
<?php
// modules/video/admin_inint.php
if (MAIN_INIT == 'admin' && $isAdmin && (sizeof($install_owners['video']) == 0 || !defined('DB_VIDEO'))) {
// เมนูติดตั้ง
$admin_menus['tools']['install']['video'] = '<a href="index.php?module=install&modules=video"><span>Video</span></a>';
} else {
// เมนูแอดมิน
if (!gcms::canConfig($config, 'video_can_config')) {
unset($admin_menus['modules']['video']['config']);
}
if (gcms::canConfig($config, 'video_can_write')) {
$admin_menus['modules']['video']['setup'] = '<a href="index.php?module=video-setup"><span>{LNG_VIDEO_LIST}</span></a>';
$admin_menus['modules']['video']['write'] = '<a href="index.php?module=video-write"><span>{LNG_ADD_NEW} {LNG_VIDEO}</span></a>';
} else {
unset($admin_menus['modules']['video']['setup']);
}
}
<?php
// modules/edocument/admin_setup.php
if (MAIN_INIT == 'admin' && gcms::canConfig($config, 'edocument_moderator')) {
unset($url_query['id']);
// ตรวจสอบโมดูลที่เรียก
$sql = "SELECT `id`,`module` FROM `" . DB_MODULES . "` WHERE `owner`='edocument' LIMIT 1";
$index = $db->customQuery($sql);
if (sizeof($index) == 0) {
$title = $lng['LNG_DATA_NOT_FOUND'];
$content[] = '<aside class=error>' . $title . '</aside>';
} else {
$index = $index[0];
// sql
$q = array("D.`module_id`='{$index['id']}'");
// ค้นหาจาก นามสกุลของไฟล์, เลขที่, ชื่อเอกสาร
$search = $db->sql_trim_str($_GET, 'search');
if ($search != '') {
$q[] = "(`ext`='{$search}' OR `document_no` LIKE '%{$search}%' OR `topic` LIKE '%{$search}%')";
$url_query['search'] = urlencode($search);
}
$where = 'WHERE ' . implode(' AND ', $q);
// ทั้งหมด
$sql = "SELECT COUNT(*) AS `count` FROM `" . DB_EDOCUMENT . "` AS D {$where}";
$count = $db->customQuery($sql);
// รายการต่อหน้า
$list_per_page = gcms::getVars('GET,COOKIE', 'count,edocument_listperpage', 30);
$list_per_page = max(10, $list_per_page);
// หน้าที่เลือก
$page = max(1, gcms::getVars($_GET, 'page', 1));
// ตรวจสอบหน้าที่เลือกสูงสุด
<?php
// modules/edocument/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, admin
if (gcms::isReferer() && gcms::canConfig($config, 'edocument_moderator')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ค่าที่ส่งมา
$save = array();
$save['document_no'] = $db->sql_trim_str($_POST, 'edocument_no');
$save['topic'] = $db->sql_trim_str($_POST, 'edocument_topic');
$save['detail'] = gcms::ckClean($_POST['edocument_detail']);
if (isset($_POST['edocument_reciever'])) {
$save['reciever'] = implode(',', $_POST['edocument_reciever']);
}
$id = gcms::getVars($_POST, 'write_id', 0);
$file = $_FILES['edocument_file'];
// ตรวจสอบค่าที่ส่งมา
$error = false;
$input = false;
if ($id > 0) {
// แก้ไข
$sql = "SELECT D.*,M.`module`";
$sql .= " FROM `" . DB_EDOCUMENT . "` AS D";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`id`=D.`module_id`";
$sql .= " WHERE D.`id`='{$id}' AND M.`owner`='edocument' LIMIT 1";
<?php
// modules/download/admin_config_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'download_can_config')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
// ตรวจสอบชนิดของไฟล์
$error = false;
$file_typies = strtolower(preg_replace('/[\\s]/', '', $_POST['config_file_typies']));
if ($file_typies != '') {
foreach (explode(',', $file_typies) as $item) {
if (!preg_match('/^[a-z0-9]{2,6}$/u', $item)) {
$error = true;
}
}
}
// ตรวจสอบค่าที่ส่งมา
$ret['ret_config_file_typies'] = '';
if ($file_typies == '') {
$ret['error'] = 'DOWNLOAD_FILE_TYPIES_EMPTY';
$ret['input'] = 'config_file_typies';
$ret['ret_config_file_typies'] = 'DOWNLOAD_FILE_TYPIES_EMPTY';
} elseif ($error) {
$ret['error'] = 'DOWNLOAD_FILE_TYPIES_INVALID';
$ret['input'] = 'config_file_typies';
<?php
// modules/video/admin_setup.php
if (MAIN_INIT == 'admin' && gcms::canConfig($config, 'video_can_write')) {
unset($url_query['id']);
// ตรวจสอบโมดูลที่เรียก
$sql = "SELECT `id` FROM `" . DB_MODULES . "` WHERE `owner`='video' LIMIT 1";
$index = $db->customQuery($sql);
if (sizeof($index) == 0) {
$title = $lng['LNG_DATA_NOT_FOUND'];
$content[] = '<aside class=error>' . $title . '</aside>';
} else {
$index = $index[0];
// default query
$q = array();
$q[] = "`module_id`='{$index['id']}'";
// ข้อความค้นหา
$search = preg_replace('/[\\+\\s]+/u', ' ', $db->sql_trim_str($_GET, 'search', ''));
$searchs = array();
foreach (explode(' ', $search) as $item) {
// แยกข้อความค้นหาออกเป็นคำๆ ค้นหาข้อความที่มีความยาวมากกว่า 2 ตัวอักษร
if (mb_strlen($item) > 2) {
$item = addslashes($item);
$searchs[] = "`topic` LIKE '%{$item}%' OR `detail` LIKE '%{$item}%'";
}
}
// ค้นหา สำหรับส่งไปหน้าถัดไป
if (sizeof($searchs) > 0) {
$q[] = '(' . implode(' OR ', $searchs) . ')';
$url_query['search'] = urlencode($search);
}
<?php
// modules/gallery/admin_inint.php
if (MAIN_INIT == 'admin' && $isAdmin && (sizeof($install_owners['gallery']) == 0 || !defined('DB_GALLERY'))) {
// เมนูติดตั้ง
$admin_menus['tools']['install']['gallery'] = '<a href="index.php?module=install&modules=gallery"><span>Gallery</span></a>';
unset($admin_menus['modules']['gallery']['config']);
} else {
// เมนูแอดมิน
if (!gcms::canConfig($config, 'gallery_can_config')) {
unset($admin_menus['modules']['gallery']['config']);
}
if (gcms::canConfig($config, 'gallery_can_write')) {
$admin_menus['modules']['gallery']['album'] = '<a href="index.php?module=gallery-album"><span>{LNG_GALLERY_ALBUM}</span></a>';
$admin_menus['modules']['gallery']['write'] = '<a href="index.php?module=gallery-write"><span>{LNG_ADD_NEW} {LNG_GALLERY_ALBUM}</span></a>';
}
}
$sql .= " WHERE Q.`id`='{$qid}' LIMIT 1";
}
$index = $db->customQuery($sql);
$ret = array();
if (sizeof($index) == 0) {
$ret['error'] = 'ACTION_ERROR';
} else {
$index = $index[0];
// config
gcms::r2config($index['config'], $index);
// login
$login = gcms::getVars($_SESSION, 'login', array('id' => 0, 'status' => -1, 'email' => '', 'password' => ''));
// สมาชิก
$isMember = gcms::isMember();
// ผู้ดูแล
$moderator = $isMember && gcms::canConfig($index, 'moderator');
if ($action == 'quote') {
// อ้างอิง
if ($index['detail'] == '') {
$ret['detail'] = '';
} else {
$ret['detail'] = rawurlencode('[quote' . ($rid > 0 ? " r={$no}]" : ']') . gcms::txtQuote($index['detail'], true) . '[/quote]');
}
} elseif ($qid > 0 && in_array($action, array('pin', 'lock')) && $moderator) {
if ($action == 'pin') {
$ret['value'] = $index['pin'] == 0 ? 1 : 0;
$db->edit(DB_BOARD_Q, $qid, array('pin' => $ret['value']));
$ret['title'] = $lng['LNG_' . ($ret['value'] == 0 ? '' : 'UN') . 'PIN'];
$ret['error'] = 'BOARD_' . ($ret['value'] == 0 ? 'UN' : '') . 'PIN_SUCCESS';
} elseif ($action == 'lock') {
$ret['value'] = $index['locked'] == 0 ? 1 : 0;
<?php
// modules/personnel/admin_write_save.php
header("content-type: text/html; charset=UTF-8");
// inint
include '../../bin/inint.php';
$ret = array();
// referer, member
if (gcms::isReferer() && gcms::canConfig($config, 'personnel_can_write')) {
if (isset($_SESSION['login']['account']) && $_SESSION['login']['account'] == 'demo') {
$ret['error'] = 'EX_MODE_ERROR';
} else {
$error = false;
// ค่าที่ส่งมา
$save = array();
$save['name'] = $db->sql_trim_str($_POST, 'write_name');
$save['email'] = $db->sql_trim_str($_POST, 'write_email');
$save['position'] = $db->sql_trim_str($_POST, 'write_position');
$save['phone'] = $db->sql_trim_str($_POST, 'write_phone');
$save['address'] = $db->sql_trim_str($_POST, 'write_address');
$save['detail'] = $db->sql_trim_str($_POST, 'write_detail');
$save['category_id'] = gcms::getVars($_POST, 'write_category', 0);
$save['order'] = min(99, max(0, (int) $_POST['write_order']));
$icon = $_FILES['write_picture'];
$id = gcms::getVars($_POST, 'write_id', 0);
// ตรวจสอบค่าที่ส่งมา
if ($id > 0) {
$sql = "SELECT C.*,M.`module` FROM `" . DB_MODULES . "` AS M";
$sql .= " INNER JOIN `" . DB_PERSONNEL . "` AS C ON C.`module_id`=M.`id` AND C.`id`={$id}";
} else {
$sql1 = "SELECT MAX(`id`)+1 FROM `" . DB_PERSONNEL . "` WHERE `module_id`=M.`id`";
<?php
// modules/event/admin_write.php
if (MAIN_INIT == 'admin' && gcms::canConfig($config, 'event_can_write')) {
// รายการที่แก้ไข
$id = gcms::getVars($_GET, 'id', 0);
// หมวดที่เลือก
$cat = gcms::getVars($_GET, 'cat', 0);
if ($id > 0) {
// แก้ไข
$sql = "SELECT D.*,M.`owner`,M.`module`";
$sql .= " FROM `" . DB_EVENTCALENDAR . "` AS D";
$sql .= " INNER JOIN `" . DB_MODULES . "` AS M ON M.`owner`='event' AND M.`id`=D.`module_id`";
$sql .= " WHERE D.`id`='{$id}' LIMIT 1";
} else {
// ใหม่
$sql = "SELECT M.`id` AS `module_id`,M.`module`,M.`owner`,{$cat} AS `category_id`,1 AS `published`";
$sql .= " FROM `" . DB_MODULES . "` AS M";
$sql .= " WHERE M.`owner`='event' LIMIT 1";
}
$index = $db->customQuery($sql);
if (sizeof($index) == 1) {
$index = $index[0];
// title
$a = array();
$a[] = '<span class=icon-event>{LNG_MODULES}</span>';
$a[] = '<a href="{URLQUERY?module=event-config}">' . ucwords($index['module']) . '</a>';
$a[] = '<a href="{URLQUERY?module=event-setup}">{LNG_ALL_ITEMS}</a>';
if ($id > 0) {
$a[] = '{LNG_EDIT}';
$title = "{$lng['LNG_EDIT']} {$lng['LNG_EVENT']} {$index['topic']}";
