$this_file='pm.detail.php'; $this_info=''; require_once("lib/template.db.php"); if ((isset($_POST['X'])) && (isset($_POST['action']))) { $action=dekripsi($_POST['action']); if ($action=='login') { $user = lowsecure($_POST['usr']); $hint = lowsecure($_POST['password']); $pm = lowsecure($_POST['pm']); $uid=md5("$user::$hint"); $uid_enc=enkripsi($uid); $perintah="SELECT no_id from tm_users where user='$user' and passwd=old_password('$hint') and uid='$uid'"; $hasil=mysql_query($perintah);// or die("$perintah"); $data=mysql_fetch_array($hasil); $n_data=mysql_num_rows($hasil); if ($hasil) { if ($n_data==1) { define("MAX_IDLE_TIME", 6000); $sid=session_id(); session_start(); $perintah="update tm_users set login_sts=1 where uid='$uid'"; mysql_query($perintah);// or die (mysql_error()); session_register("$uid"); echo(""); } else echo(""); } else echo(""); exit; } } else if (isset($_GET['action'])) { $action=secureinput($_GET['action']); if ($action=='hapus') { $cid=secureinput($_GET['cid']); $perintah="SELECT parent_cid FROM tm_content where cid=$cid"; $hasil=mysql_query($perintah);// OR die(mysql_error()); while ($row=mysql_fetch_array($hasil)) { $parent_cid=$row["parent_cid"]; } $perintah="SELECT judul FROM tm_content where cid=$parent_cid"; $hasil=mysql_query($perintah);// OR die(mysql_error()); while ($row=mysql_fetch_array($hasil)) { $judul_log=addslashes($row["judul"]); } if (isset($_GET['uid'])) $uid_log=dekripsi($_GET['uid']); $perintah="SELECT nama FROM tm_users where uid='$uid_log'"; $hasil=mysql_query($perintah);// OR die(mysql_error()); while ($row=mysql_fetch_array($hasil)) { $nama_log=$row["nama"]; } $perintah="insert into log_delete values('PM DETAIL','Delete PM DETAIL (DISKUSI): $judul_log','$nama_log',now())"; mysql_query($perintah);// or die (mysql_error()); $perintah="delete from tm_content where cid=$cid"; mysql_query($perintah);// or die (mysql_error()); } } $action=enkripsi($this_file); if (isset($_GET['uid'])) $uid=dekripsi($_GET['uid']); else $uid=dekripsi($_POST['uid']); // [2] Validasi GPCS variabel uid $uid = secureinput("$uid"); $is_login=islogin("$uid"); if ($is_login===1) { // [3] Detail data // [4] Start custom code $perintah="SELECT * FROM tm_users where uid='$uid'"; $hasil=mysql_query($perintah);// OR die(mysql_error()); while ($row=mysql_fetch_array($hasil)) { $no_id_tmp=$row["no_id"]; $level_tmp=$row["level"]; } // [4] End custom code // [5] Enkripsi semua variabel $uid=enkripsi("$uid"); } $no_id=lowsecure($_GET["pm"]); if (strlen($no_id)==0) $no_id=0; $perintah="select no_id from tm_users where no_id='$no_id'"; $hasil=mysql_query($perintah);// OR die(mysql_error()); $n_data=mysql_numrows($hasil); if ($n_data==0) $perintah="select * from tm_users order by no_id desc limit 1"; else $perintah="select * from tm_users where no_id='$no_id'"; $hasil=mysql_query($perintah);// OR die(mysql_error()); while ($row=mysql_fetch_array($hasil)) { $no_id=$row["no_id"]; $tgl_gabung=susunTgl($row["tgl_gabung"]); $nama=$row["nama"]; $kota=$row["kota"]; $pica_jenis=pica_jenis($row["pica_jenis"]); $pica_warna=pica_warna($row["pica_warna"]); $pica_alasan=$row["pica_alasan"]; $soc_fb=$row["soc_fb"]; } $this_info="Premium Member : $nama (PiCA $no_id)"; $pica="_pm/" . $no_id . "_pica.jpg"; if (file_exists("$pica")) $pica="_pm/" . $no_id . "_pica.jpg"; else $pica='images/icon_pica.gif'; $mbl="_pm/" . $no_id . "_mobil.jpg"; if (file_exists("$mbl")) $mbl="_pm/" . $no_id . "_mobil.jpg"; else $mbl='images/icon_mobil.jpg'; $perintah="select rid,banner_url from tm_rekanan where banner_code='PM' and now() between banner_tgl_mulai and banner_tgl_selesai"; $hasil=mysql_query($perintah);// OR die(mysql_error()); while ($row=mysql_fetch_array($hasil)) { $rid=$row["rid"]; $banner_url=$row["banner_url"]; } if (strlen($rid)==0) { $img_banner="_iklan/940x32.jpg"; $banner_url='_files/iklan.pdf'; } else $img_banner="_iklan/rekanan$rid.jpg"; ?>