if (!(_loginright_adminsection or _loginright_admincategory or _loginright_adminbook or _loginright_adminseparator or _loginright_admingallery or _loginright_adminintersection or _loginright_adminpluginpage)) {
$continue = false;
$output .= _formMessage(3, $_lang['global.accessdenied']);
} else {
$continue = true;
}
/* --- akce --- */
if ($continue && isset($_POST['action'])) {
// nacteni promennych
$action = intval($_POST['action']);
$zonedir = intval($_POST['zonedir']);
$zone = floatval($_POST['zone']);
$offset = floatval($_POST['offset']);
// aplikace
if ($action == 1) {
$sign = "+";
} else {
$sign = "-";
}
if ($zonedir == 1) {
$zonedir = ">";
} else {
$zonedir = "<";
}
DB::query("UPDATE `" . _mysql_prefix . "-root` SET ord=ord" . $sign . $offset . " WHERE ord" . $zonedir . "=" . $zone . " AND intersection=-1");
$message = _formMessage(1, $_lang['global.done']);
}
/* --- vystup --- */
if ($continue) {
$output .= "<p class='bborder'>" . $_lang['admin.content.move.p'] . "</p>" . $message . "\n<form class='cform' action='index.php?p=content-move' method='post'>\n<select name='action'><option value='1'>" . $_lang['admin.content.move.choice1'] . "</option><option value='2'>" . $_lang['admin.content.move.choice2'] . "</option></select> \n" . $_lang['admin.content.move.text1'] . " \n<select name='zonedir'><option value='1'>" . $_lang['admin.content.move.choice3'] . "</option><option value='2'>" . $_lang['admin.content.move.choice4'] . "</option></select> \n" . $_lang['admin.content.move.text2'] . " \n<input type='text' name='zone' value='1' class='inputmini' maxlength='5' /> ,\n" . $_lang['admin.content.move.text3'] . " \n<input type='text' name='offset' value='1' class='inputmini' maxlength='5' />. \n<input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n" . _xsrfProtect() . "</form>\n";
}
define('_redirect_to', 'index.php?p=content-polls-edit&id=' . $id . '&saved');
return;
} else {
DB::query("INSERT INTO `" . _mysql_prefix . "-polls` (author,question,answers,locked,votes) VALUES (" . $author . ",'" . $question . "','" . $answers . "'," . $locked . ",'" . trim(str_repeat("0-", $answers_count), "-") . "')");
$newid = DB::insertID();
define('_redirect_to', 'index.php?p=content-polls-edit&id=' . $newid . '&created');
return;
}
} else {
$message = _formMessage(2, _eventList($errors, 'errors'));
}
}
/* --- vystup --- */
if ($continue) {
// vyber autora
if (_loginright_adminpollall) {
$author_select = "\n <tr>\n <td class='rpad'><strong>" . $_lang['article.author'] . "</strong></td>\n <td>" . _admin_authorSelect("author", $query['author'], "adminpoll=1", "selectmedium") . "</td></tr>\n ";
} else {
$author_select = "";
}
// zprava
if (isset($_GET['saved'])) {
$message = _formMessage(1, $_lang['global.saved']);
}
if (isset($_GET['created'])) {
$message = _formMessage(1, $_lang['global.created']);
}
$output .= "\n <p class='bborder'>" . $_lang['admin.content.polls.edit.p'] . "</p>\n " . $message . "\n <form action='index.php?p=content-polls-edit" . $actionbonus . "' method='post'>\n <table class='formtable'>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.question'] . "</strong></td>\n <td><input type='text' name='question' class='inputmedium' value='" . $query['question'] . "' maxlength='64' /></td>\n </tr>\n\n " . $author_select . "\n\n <tr class='valign-top'>\n <td class='rpad'><strong>" . $_lang['admin.content.form.answers'] . "</strong></td>\n <td><textarea name='answers' rows='25' cols='94' class='areamedium'>" . $query['answers'] . "</textarea></td>\n </tr>\n\n " . (!$new ? "<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.hcm'] . "</strong></td>\n <td><input type='text' name='hcm' value='[hcm]poll," . $id . ",150[/hcm]' readonly='readonly' onclick='this.select();' class='inputmedium' /></td>\n </tr>" : '') . "\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n <td>\n <label><input type='checkbox' name='locked' value='1'" . _checkboxActivate($query['locked']) . " /> " . $_lang['admin.content.form.locked'] . "</label> \n " . (!$new ? "<label><input type='checkbox' name='reset' value='1' /> " . $_lang['admin.content.polls.reset'] . "</label>" : '') . "\n </td>\n </tr>\n\n <tr><td></td>\n <td><input type='submit' value='" . $submitcaption . "' />" . (!$new ? " <small>" . $_lang['admin.content.form.thisid'] . " " . $id . "</small> <span class='customsettings'><a href='index.php?p=content-polls&del=" . $id . "' onclick='return _sysConfirm();'><span><img src='images/icons/delete.png' class='icon' alt='del' /> " . $_lang['global.delete'] . "</span></a>" : '') . "</span></td>\n </tr>\n\n </table>\n " . _xsrfProtect() . "</form>\n ";
} else {
$output .= _formMessage(3, $_lang['global.badinput']);
}
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- ulozeni --- */
$message = "";
if (isset($_POST['sourcegroup'])) {
$source = intval($_POST['sourcegroup']);
$target = intval($_POST['targetgroup']);
$source_data = DB::query("SELECT level FROM `" . _mysql_prefix . "-groups` WHERE id=" . $source);
$target_data = DB::query("SELECT level FROM `" . _mysql_prefix . "-groups` WHERE id=" . $target);
if (DB::size($source_data) != 0 and DB::size($target_data) != 0 and $source != 2 and $target != 2) {
if ($source != $target) {
$source_data = DB::row($source_data);
$target_data = DB::row($target_data);
if (_loginright_level > $source_data['level'] and _loginright_level > $target_data['level']) {
DB::query("UPDATE `" . _mysql_prefix . "-users` SET `group`=" . $target . " WHERE `group`=" . $source . " AND id!=0");
$message = _formMessage(1, $_lang['global.done']);
} else {
$message = _formMessage(2, $_lang['admin.users.move.failed']);
}
} else {
$message = _formMessage(2, $_lang['admin.users.move.same']);
}
} else {
$message = _formMessage(3, $_lang['global.badinput']);
}
}
/* --- vystup --- */
$output .= "<p class='bborder'>" . $_lang['admin.users.move.p'] . "</p>\n" . $message . "\n<form class='cform' action='index.php?p=users-move' method='post'>\n" . $_lang['admin.users.move.text1'] . " " . _admin_authorSelect("sourcegroup", -1, "id!=2", null, null, true) . " " . $_lang['admin.users.move.text2'] . " " . _admin_authorSelect("targetgroup", -1, "id!=2", null, null, true) . " <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n" . _xsrfProtect() . "</form>\n";
$root = isset($_GET['root']) ? '1' : '0';
$art = isset($_GET['art']) ? '1' : '0';
$post = isset($_GET['post']) ? '1' : '0';
$image = isset($_GET['img']) ? '1' : '0';
} else {
$search_query = '';
$root = 1;
$art = 1;
$post = 1;
$image = 0;
}
/* --- modul --- */
if (_template_autoheadings == 1) {
$module .= "<h1>" . $_lang['mod.search'] . "</h1>";
}
$module .= "\n<p class='bborder'>" . $_lang['mod.search.p'] . "</p>\n\n<form action='index.php' method='get'>\n<input type='hidden' name='m' value='search' />\n" . _xsrfProtect() . "\n<input type='text' name='q' class='inputmedium' value='" . _htmlStr($search_query) . "' /> <input type='submit' value='" . $_lang['mod.search.submit'] . "' /><br />\n" . $_lang['mod.search.where'] . ": \n<label><input type='checkbox' name='root' value='1'" . _checkboxActivate($root) . " /> " . $_lang['mod.search.where.root'] . "</label> \n<label><input type='checkbox' name='art' value='1'" . _checkboxActivate($art) . " /> " . $_lang['mod.search.where.articles'] . "</label> \n<label><input type='checkbox' name='post' value='1'" . _checkboxActivate($post) . " /> " . $_lang['mod.search.where.posts'] . "</label> \n<label><input type='checkbox' name='img' value='1'" . _checkboxActivate($image) . " /> " . $_lang['mod.search.where.images'] . "</label>\n</form>\n\n";
/* --- vyhledavani --- */
if ($search_query != '' && _xsrfCheck(true)) {
if (mb_strlen($search_query) >= 3) {
// priprava
$search_query_sql = DB::esc('%' . $search_query . '%');
$results = array();
// polozka: array(link, titulek, perex)
$public = !_loginindicator;
// funkce na skladani vyhledavaciho dotazu
function _tmpSearchQuery($alias, $cols)
{
$output = '(';
for ($i = 0, $last = sizeof($cols) - 1; isset($cols[$i]); ++$i) {
$output .= $alias . '.' . $cols[$i] . ' LIKE \'' . $GLOBALS['search_query_sql'] . '\'';
if ($i !== $last) {
<?php
// kontrola jadra
if (!defined('_core')) {
exit;
}
// titulek
if (_template_autoheadings == 1) {
$output .= "<h1>" . $_lang['xsrf.title'] . "</h1>\n";
}
// zprava + formular
$output .= _formMessage(3, $_lang['xsrf.msg'] . '<ul><li>' . str_replace('*domain*', _getDomain(), $_lang['xsrf.warning']) . '</li></ul>');
$output .= "<form method='post'>\n" . _getPostdata(false, null, array('_security_token')) . _xsrfProtect() . "\n<p><input type='submit' value='" . $_lang['xsrf.button'] . "' /></p>\n</form>\n";
}
}
// formular
$output .= $message . "\n<form action='' method='post'>\n<table class='formtable'>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.old'] . "</strong></td>\n <td><input type='text' name='old' value='" . $q['old'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.new'] . "</strong></td>\n <td><input type='text' name='new' value='" . $q['new'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.act'] . "</strong></td>\n <td><input type='checkbox' name='act' value='1'" . _checkboxActivate($q['active']) . " /></td>\n</tr>\n\n<tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.' . ($new ? 'create' : 'save')] . "' /></td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>";
} while (false);
} elseif (isset($_GET['del']) && _xsrfCheck(true)) {
// smazani
DB::query('DELETE FROM `' . _mysql_prefix . '-redir` WHERE id=' . intval($_GET['del']));
$output .= _formMessage(1, $_lang['global.done']);
} elseif (isset($_GET['wipe'])) {
// smazani vsech
if (isset($_POST['wipe_confirm'])) {
DB::query('TRUNCATE TABLE `' . _mysql_prefix . '-redir`');
$output .= _formMessage(1, $_lang['global.done']);
} else {
$output .= "\n<form action='' method='post' class='formbox'>\n" . _formMessage(2, $_lang['admin.content.redir.act.wipe.confirm']) . "\n<input type='submit' name='wipe_confirm' value='" . $_lang['admin.content.redir.act.wipe.submit'] . "' />\n" . _xsrfProtect() . "</form>\n";
}
}
// tabulka
$output .= "<table class='list'>\n<thead><tr><td>" . $_lang['admin.content.redir.old'] . "</td><td>" . $_lang['admin.content.redir.new'] . "</td><td>" . $_lang['admin.content.redir.act'] . "</td><td>" . $_lang['global.action'] . "</td></tr></thead>\n<tbody>\n";
// vypis
$counter = 0;
$q = DB::query('SELECT * FROM `' . _mysql_prefix . '-redir`');
while ($r = DB::row($q)) {
$output .= "<tr><td><code>" . $r['old'] . "</code></td><td><code>" . $r['new'] . "</code></td><td class='text-" . ($r['active'] ? 'green' : 'red') . "'>" . $_lang['global.' . ($r['active'] ? 'yes' : 'no')] . "</td><td><a href='index.php?p=content-redir&edit=" . $r['id'] . "'><img src='images/icons/edit.png' alt='edit' class='icon' /></a> <a href='" . _xsrfLink("index.php?p=content-redir&del=" . $r['id']) . "' onclick='return _sysConfirm();'><img src='images/icons/delete.png' alt='del' class='icon' /></a></td></tr>";
++$counter;
}
// zadna data?
if ($counter === 0) {
$output .= "<tr><td colspan='4'>" . $_lang['global.nokit'] . "</td></tr>\n";
}
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- akce --- */
$message = "";
if (isset($_POST['user'])) {
$user = DB::esc(_anchorStr(trim($_POST['user'])));
$query = DB::query("SELECT id,password FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
_userLogout(false);
$_SESSION[_sessionprefix . "user"] = $query['id'];
$_SESSION[_sessionprefix . "password"] = $query['password'];
$_SESSION[_sessionprefix . "ip"] = _userip;
$_SESSION[_sessionprefix . "ipbound"] = true;
define('_redirect_to', _indexroot . 'index.php?m=login');
return;
} else {
$message = _formMessage(2, $_lang['global.baduser']);
}
}
/* --- vystup --- */
$output .= "\n<p class='bborder'>" . $_lang['admin.other.transm.p'] . "</p>\n" . $message . "\n<form action='index.php?p=other-transm' method='post'>\n<strong>" . $_lang['global.user'] . ":</strong> <input type='text' name='user' class='inputsmall' /> <input type='submit' value='" . $_lang['global.login'] . "' />\n" . _xsrfProtect() . "</form>\n";
if (!isset($item['extension']) or $item['extension'] != "php") {
continue;
}
$item = mb_substr($item['basename'], 0, mb_strrpos($item['basename'], "."));
if ($item == _loginlanguage) {
$selected = ' selected="selected"';
} else {
$selected = "";
}
$language_select .= '<option value="' . $item . '"' . $selected . '>' . $item . '</option>';
}
closedir($handle);
$language_select .= '</select></td></tr>';
} else {
$language_select = "";
}
// wysiwyg
if (_loginright_administration) {
$admin = "\n\n\n\n <tr>\n <td><strong>" . $_lang['mod.settings.wysiwyg'] . "</strong></td>\n <td><label><input type='checkbox' name='wysiwyg' value='1'" . _checkboxActivate($query['wysiwyg']) . " /> " . $_lang['mod.settings.wysiwyg.label'] . "</label></td>\n </tr>\n\n ";
} else {
$admin = "";
}
$module .= "\n<p><a href='index.php?m=profile&id=" . _loginname . "'>" . $_lang['mod.settings.profilelink'] . " ></a></p>\n<p>" . $_lang['mod.settings.p'] . "</p>" . $message . "\n<form action='index.php?m=settings' method='post' name='setform' enctype='multipart/form-data'>\n\n" . _jsLimitLength(1024, "setform", "note") . "\n\n <fieldset>\n <legend>" . $_lang['mod.settings.userdata'] . "</legend>\n <table class='profiletable'>\n\n <tr>\n <td><strong>" . $_lang['login.username'] . "</strong> <span class='important'>*</span></td>\n <td><input type='text' name='username'" . _restorePostValue('username', _loginname) . " class='inputsmall' maxlength='24' />" . (!_loginright_changeusername ? "<span class='hint'>(" . $_lang['mod.settings.namechangenote'] . ")</span>" : '') . "</td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.publicname'] . "</strong></td>\n <td><input type='text' name='publicname'" . _restorePostValue('publicname', $query['publicname']) . " class='inputsmall' maxlength='24' /></td>\n </tr>\n\n <tr class='valign-top'>\n <td><strong>" . $_lang['global.email'] . "</strong> <span class='important'>*</span></td>\n <td><input type='text' name='email'" . _restorePostValue('email', $query['email']) . " class='inputsmall'/></td>\n </tr>\n\n " . $language_select . "\n\n <tr>\n <td><strong>" . $_lang['mod.settings.massemail'] . "</strong></td>\n <td><label><input type='checkbox' name='massemail' value='1'" . _checkboxActivate($query['massemail']) . " /> " . $_lang['mod.settings.massemail.label'] . "</label></td>\n </tr>\n\n " . $admin . "\n </table>\n </fieldset>\n\n\n <fieldset>\n <legend>" . $_lang['mod.settings.password'] . "</legend>\n <p class='minip'>" . $_lang['mod.settings.password.hint'] . "</p>\n <table class='profiletable'>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.password.current'] . "</strong></td>\n <td><input type='password' name='currentpassword' class='inputsmall' autocomplete='off' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.password.new'] . "</strong></td>\n <td><input type='password' name='newpassword' class='inputsmall' autocomplete='off' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.password.new'] . " (" . $_lang['global.check'] . ")</strong></td>\n <td><input type='password' name='newpassword-confirm' class='inputsmall' autocomplete='off' /></td>\n </tr>\n\n </table>\n </fieldset>\n\n " . _extend('buffer', 'mod.settings.form') . "\n\n\n <fieldset>\n <legend>" . $_lang['mod.settings.info'] . "</legend>\n\n <table class='profiletable'>\n\n <tr>\n <td><strong>" . $_lang['global.icq'] . "</strong></td>\n <td><input type='text' name='icq'" . _restorePostValue('icq', $query['icq']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.skype'] . "</strong></td>\n <td><input type='text' name='skype'" . _restorePostValue('skype', $query['skype']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.msn'] . "</strong></td>\n <td><input type='text' name='msn'" . _restorePostValue('msn', $query['msn']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.jabber'] . "</strong></td>\n <td><input type='text' name='jabber'" . _restorePostValue('jabber', $query['jabber']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.web'] . "</strong></td>\n <td><input type='text' name='web' value='" . $query['web'] . "' class='inputsmall' /><span class='hint'>" . $_lang['mod.settings.web.hint'] . "</span></td>\n </tr>\n\n <tr class='valign-top'>\n <td><strong>" . $_lang['global.note'] . "</strong></td>\n <td><textarea name='note' class='areasmall' rows='9' cols='33'>" . _restorePostValue('note', $query['note'], true) . "</textarea></td>\n </tr>\n\n <tr><td></td>\n <td>" . _getPostFormControls("setform", "note") . "</td>\n </tr>\n\n </table>\n\n </fieldset>\n";
if (_uploadavatar) {
$module .= "\n <fieldset>\n <legend>" . $_lang['mod.settings.avatar'] . "</legend>\n " . _extend('buffer', 'mod.settings.avatar', array('extra' => array('query' => $query))) . "\n <p><strong>" . $_lang['mod.settings.avatar.upload'] . ":</strong> <input type='file' name='avatar' /></p>\n <table>\n <tr class='valign-top'>\n <td width='106'><div class='avatar'><img src='" . $avatar_path . "' alt='avatar' /></div></td>\n <td><p class='minip'>" . $_lang['mod.settings.avatar.hint'] . "</p><p><label><input type='checkbox' name='removeavatar' value='1' /> " . $_lang['mod.settings.avatar.remove'] . "</label></p></td>\n </tr>\n </table>\n </fieldset>\n";
}
if (_loginright_selfdestruction and _loginid != 0) {
$module .= "\n\n <fieldset>\n <legend>" . $_lang['mod.settings.selfremove'] . "</legend>\n <label><input type='checkbox' name='selfremove' value='1' onclick='if (this.checked==true) {return _sysConfirm();}' /> " . $_lang['mod.settings.selfremove.box'] . "</label><br /><br />\n <div class='lpad'><strong>" . $_lang['mod.settings.selfremove.confirm'] . ":</strong> <input type='password' name='selfremove-confirm' class='inputsmall' /></div>\n </fieldset>\n\n";
}
$module .= "\n<br />\n<input type='submit' value='" . $_lang['mod.settings.submit'] . "' />\n<input type='reset' value='" . $_lang['global.reset'] . "' onclick='return _sysConfirm();' />\n\n" . _xsrfProtect() . "</form>\n";
function _HCM_search()
{
if (_search) {
return "<form action='index.php' method='get' class='searchform'>\n<input type='hidden' name='m' value='search' />\n<input type='hidden' name='root' value='1' />\n<input type='hidden' name='art' value='1' />\n<input type='hidden' name='post' value='1' />\n" . _xsrfProtect() . "\n<input type='text' name='q' class='q' /> <input type='submit' value='" . $GLOBALS['_lang']['mod.search.submit'] . "' />\n</form>\n";
}
}
// deinstalace
case 2:
$pass = $_POST['pass'];
$confirm = _checkboxLoad("confirm");
if ($confirm) {
$right_pass = DB::query_row("SELECT password,salt FROM `" . _mysql_prefix . "-users` WHERE id=0");
if (_md5Salt($pass, $right_pass['salt']) == $right_pass['password']) {
// ziskani tabulek
$tables = array();
$q = DB::query('SHOW TABLES LIKE \'' . _mysql_prefix . '-%\'');
while ($r = DB::rown($q)) {
$tables[] = $r[0];
}
// odstraneni tabulek
foreach ($tables as $table) {
DB::query("DROP TABLE `" . $table . "`");
}
// zprava
_userLogout();
echo "<h1>" . $_lang['global.done'] . "</h1>\n<p>" . $_lang['admin.other.cleanup.uninstall.done'] . "</p>";
exit;
} else {
$message = _formMessage(2, $_lang['admin.other.cleanup.uninstall.badpass']);
}
}
break;
}
}
/* --- vystup --- */
$output .= $message . "\n<br />\n<fieldset>\n<legend>" . $_lang['admin.other.cleanup.cleanup'] . "</legend>\n<form class='cform' action='index.php?p=other-cleanup' method='post'>\n<input type='hidden' name='action' value='1' />\n<p>" . $_lang['admin.other.cleanup.cleanup.p'] . "</p>\n\n<table>\n<tr class='valign-top'>\n\n<td rowspan='2'>\n <fieldset>\n <legend>" . $_lang['mod.messages'] . "</legend>\n <label><input type='radio' name='messages' value='0'" . _checkboxActivate(!isset($_POST['messages']) || $_POST['messages'] == 0) . " /> " . $_lang['global.noaction'] . "</label><br />\n <label><input type='radio' name='messages' value='1'" . _checkboxActivate(isset($_POST['messages']) && $_POST['messages'] == 1) . " /> " . $_lang['admin.other.cleanup.messages.1'] . "</label> " . _tmp_selectTime("messages-time") . "<br />\n <label><input type='radio' name='messages' value='2'" . _checkboxActivate(isset($_POST['messages']) && $_POST['messages'] == 2) . " /> " . $_lang['admin.other.cleanup.messages.2'] . "</label>\n </fieldset>\n\n <fieldset>\n <legend>" . $_lang['admin.users.users'] . "</legend>\n <p class='bborder'><label><input type='checkbox' name='users' value='1'" . _checkboxActivate(isset($_POST['users'])) . " /> " . $_lang['admin.other.cleanup.users'] . "</label></p>\n <table>\n\n <tr>\n <td><strong>" . $_lang['admin.other.cleanup.users.time'] . "</strong></td>\n <td>" . _tmp_selectTime("users-time") . "</td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['admin.other.cleanup.users.group'] . "</strong></td>\n <td>" . _admin_authorSelect("users-group", isset($_POST['users-group']) ? intval($_POST['users-group']) : -1, "1", null, $_lang['global.all'], true) . "</td>\n </tr>\n\n </table>\n </fieldset>\n</td>\n\n<td>\n <fieldset>\n <legend>" . $_lang['global.other'] . "</legend>\n <label><input type='checkbox' name='maintenance' value='1' checked='checked' /> " . $_lang['admin.other.cleanup.other.maintenance'] . "</label><br />\n <label><input type='checkbox' name='optimize' value='1' checked='checked' /> " . $_lang['admin.other.cleanup.other.optimize'] . "</label><br />\n <label><input type='checkbox' name='comments' value='1'" . _checkboxActivate(isset($_POST['comments'])) . " /> " . $_lang['admin.other.cleanup.other.comments'] . "</label><br />\n <label><input type='checkbox' name='posts' value='1'" . _checkboxActivate(isset($_POST['posts'])) . " /> " . $_lang['admin.other.cleanup.other.posts'] . "</label><br />\n <label><input type='checkbox' name='iplog' value='1'" . _checkboxActivate(isset($_POST['iplog'])) . " /> " . $_lang['admin.other.cleanup.other.iplog'] . "</label>\n </fieldset>\n</td>\n\n</tr>\n\n<tr class='valign-top'>\n\n<td align='center'><p>\n<input type='submit' value='" . $_lang['admin.other.cleanup.prev'] . "' /><br /><br />\n<input type='submit' name='do_cleanup' value='" . $_lang['admin.other.cleanup.do'] . "' onclick='return _sysConfirm();' />\n</p></td>\n\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n</fieldset>\n<br />\n\n<fieldset>\n<legend>" . $_lang['admin.other.cleanup.uninstall'] . "</legend>\n<form class='cform' action='index.php?p=other-cleanup' method='post'>\n<input type='hidden' name='action' value='2' />\n<p class='bborder'>" . $_lang['admin.other.cleanup.uninstall.p'] . "</p>\n" . _admin_smallNote(str_replace('*prefix*', _mysql_prefix, $_lang['admin.other.cleanup.uninstall.note']), true) . "\n<p><label><input type='checkbox' name='confirm' value='1' /> " . str_replace('*dbname*', _mysql_db, $_lang['admin.other.cleanup.uninstall.confirm']) . "</label></p>\n<p><strong>" . $_lang['admin.other.cleanup.uninstall.pass'] . ":</strong> <input type='password' class='inputsmall' name='pass' autocomplete='off' /></p>\n<input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n" . _xsrfProtect() . "</form>\n</fieldset>\n";
$output .= _formMessage(2, $_lang['admin.moduleunavailable']);
}
} else {
$output .= "<h1>" . $_lang['global.error'] . "</h1>" . _formMessage(3, $_lang['global.accessdenied']);
}
} else {
$output .= "<h1>" . $_lang['global.error404.title'] . "</h1>" . _formMessage(2, $_lang['global.error404']);
}
}
} else {
// prihlasovaci formular
if (empty($_POST)) {
$login = _uniForm("login");
$output .= $login[0];
} else {
$output .= "<h1>" . $_lang['admin.postrestore.title'] . "</h1>\n<p class='bborder'>" . $_lang['admin.postrestore.p'] . "</p>\n" . _formMessage(2, $_lang['admin.postrestore.msg']) . "\n<form action='' method='post'>\n<input type='submit' name='' value='" . $_lang['admin.postrestore.button'] . "' />\n" . _getPostdata(false, null, array('_security_token')) . "\n" . _xsrfProtect() . "</form>\n";
}
}
/* --- paticka, vypis vystupu --- */
// paticka
$output .= '
<div class="cleaner"></div>
</div>
<hr class="hidden" />
<div id="copyright">
<div>' . ((_loginindicator and _loginright_administration) ? '<a href="' . _url . '/" target="_blank">' . $_lang['admin.link.site'] . '</a> • <a href="./" target="_blank">' . $_lang['admin.link.newwin'] . '</a>' : '<a href="../">< ' . $_lang['admin.link.home'] . '</a>') . '</div>
';
// vypis
if (!($redir = defined('_redirect_to'))) {
echo $output;
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- zpracovani ulozeni --- */
if (isset($_POST['text'])) {
DB::query('UPDATE `' . _mysql_prefix . '-settings` SET `val`=\'' . DB::esc(trim($_POST['text'])) . '\' WHERE `var`=\'.admin_index_custom\'');
DB::query('UPDATE `' . _mysql_prefix . '-settings` SET `val`=\'' . ($_POST['pos'] == 0 ? '0' : '1') . '\' WHERE `var`=\'.admin_index_custom_pos\'');
define('_redirect_to', 'index.php?p=index-edit&saved');
return;
}
/* --- vystup --- */
$output .= "\n\n<p class='bborder'>" . $_lang['admin.menu.index.edit.p'] . "</p>\n\n" . _admin_wysiwyg() . "\n" . (isset($_GET['saved']) ? _formMessage(1, $_lang['global.saved']) : '') . "\n\n<form action='' method='post'>\n\n<table class='formtable'>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.menu.index.edit.pos'] . "</strong></td>\n <td><select name='pos'>\n <option value='0'" . (SL::$settings['admin_index_custom_pos'] == 0 ? " selected='selected'" : '') . ">" . $_lang['admin.menu.index.edit.pos.0'] . "</option>\n <option value='1'" . (SL::$settings['admin_index_custom_pos'] == 1 ? " selected='selected'" : '') . ">" . $_lang['admin.menu.index.edit.pos.1'] . "</option>\n </select></td>\n</tr>\n\n<tr class='valign-top'>\n <td class='rpad'><strong>" . $_lang['admin.menu.index.edit.text'] . "</strong></td>\n <td class='minwidth'><textarea name='text' rows='25' cols='94' class='areabig wysiwyg_editor" . (!_wysiwyg || !_loginwysiwyg ? ' codemirror' : '') . "'>" . _htmlStr(SL::$settings['admin_index_custom']) . "</textarea></td>\n</tr>\n\n<tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.savechanges'] . "' /></td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n";
/* --- vystup --- */
if ($continue != true) {
$output .= _formMessage(3, $_lang['global.badinput']);
} else {
// vyber rozcestniku
if ($type != 7) {
$intersection_select = "<select name='intersection' class='selectmedium'><option value='-1' class='special'>" . $_lang['admin.content.form.intersection.none'] . "</option>";
$isquery = DB::query("SELECT id,title FROM `" . _mysql_prefix . "-root` WHERE type=7 ORDER BY ord");
while ($item = DB::row($isquery)) {
if ($item['id'] == $query['intersection']) {
$selected = " selected='selected'";
} else {
$selected = "";
}
$intersection_select .= "<option value='" . $item['id'] . "'" . $selected . ">" . _cutStr($item['title'], 22) . "</option>";
}
$intersection_select .= "</select>";
$intersection_row = "<td class='rpad'><strong>" . $_lang['admin.content.form.intersection'] . "</strong></td><td>" . $intersection_select . "</td>";
} else {
$intersection_select = "";
$intersection_row = "";
}
// wysiwyg editor
$output .= _admin_wysiwyg();
// stylove oddeleni individualniho nastaveni
if ($custom_settings != "") {
$custom_settings = "<span class='customsettings'>" . $custom_settings . "</span>";
}
// formular
$output .= "<div class='hr'><hr /></div><br />" . (isset($_GET['saved']) ? _formMessage(1, $_lang['global.saved'] . " <small>(" . _formatTime(time()) . ")</small>") : '') . "\n\n" . (!$new && $type != 4 && DB::result(DB::query('SELECT COUNT(*) FROM `' . _mysql_prefix . '-root` WHERE `id`!=' . $query['id'] . ' AND `title_seo`=\'' . $query['title_seo'] . '\''), 0) != 0 ? _formMessage(2, $_lang['admin.content.form.title_seo.collision']) : '') . "\n" . (!$new && $id == _index_page_id ? _admin_smallNote($_lang['admin.content.form.indexnote']) : '') . "\n<form" . ($type != 4 ? " class='cform'" : '') . " action='index.php?p=content-edit" . $type_array[$type] . (!$new ? "&id=" . $id : '') . ($type == 9 && $new ? '&idt=' . $type_idt : '') . "' method='post'>\n\n\n" . $editscript_extra . "\n" . (!$new && $type == 5 ? "<p><a href='index.php?p=content-manageimgs&g=" . $id . "'><img src='images/icons/edit.png' alt='edit' class='icon' /><big>" . $_lang['admin.content.form.manageimgs'] . " ></big></a></p>" : '') . "\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' value='" . $query['title'] . "' class='inputmedium' maxlength='96' /></td>\n\n" . ($type != 4 ? "<td class='rpad'><strong>" . $_lang['admin.content.form.title_seo'] . "</strong></td>\n<td><input type='text' name='title_seo' value='" . $query['title_seo'] . "' maxlength='255' class='inputmedium' /></td>" : $intersection_row) . "\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n<td><input type='text' name='ord' value='" . $query['ord'] . "' class='inputmedium' /></td>\n\n" . ($type != 4 ? $intersection_row : '') . "\n</tr>\n\n" . ($type != 4 ? "\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.description'] . "</strong></td>\n<td><input type='text' name='description' value='" . $query['description'] . "' maxlength='128' class='inputmedium' /></td>\n\n<td class='rpad'><strong>" . $_lang['admin.content.form.keywords'] . "</strong></td>\n<td><input type='text' name='keywords' value='" . $query['keywords'] . "' maxlength='128' class='inputmedium' /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.intersectionperex'] . "</strong></td>\n<td colspan='3'><textarea name='intersectionperex' rows='2' cols='94' class='arealine codemirror'>" . _htmlStr($query['intersectionperex']) . "</textarea></td>\n</tr>\n\n" . ($editscript_enable_content ? "\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.' . ($type != 6 ? 'content' : 'url')] . "</strong>" . (!$new ? " <a href='" . _indexroot . _linkRoot($query['id'], $query['title_seo']) . "' target='_blank'><img src='images/icons/loupe.png' alt='prev' /></a>" : '') . "</td>\n<td colspan='3'>\n" . ($type != 6 ? "<textarea name='content' rows='25' cols='94' class='areabig wysiwyg_editor" . (!_wysiwyg || !_loginwysiwyg ? ' codemirror' : '') . "'>" . _htmlStr($query['content']) . "</textarea>" : "<input type='text' name='content' value='" . _htmlStr($query['content']) . "' class='inputbig' />") . "\n</td>\n</tr>\n" : '') . "\n\n" . $editscript_extra_row . "\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n<td colspan='3'>\n<label><input type='checkbox' name='visible' value='1'" . _checkboxActivate($query['visible']) . " /> " . $_lang['admin.content.form.visible'] . "</label> \n" . ($type != 6 ? "<label><input type='checkbox' name='autotitle' value='1'" . _checkboxActivate($query['autotitle']) . " /> " . $_lang['admin.content.form.autotitle'] . "</label> " : '') . "\n" . $custom_settings . "\n</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.access'] . "</strong></td>\n<td>\n<label><input type='checkbox' name='public' value='1'" . _checkboxActivate($query['public']) . " /> " . $_lang['admin.content.form.public'] . "</label> \n<input type='text' name='level' value='" . $query['level'] . "' class='inputsmaller' maxlength='5' /> " . $_lang['admin.content.form.level'] . "\n</td>\n\n" . ($type != 4 ? "<td class='rpad'><strong>" . $_lang['admin.content.form.events'] . "</strong></td>\n<td><input type='text' name='events' value='" . (isset($query['events']) ? _htmlStr($query['events']) : '') . "' class='inputmedium' maxlength='255' /></td>" : '') . "\n</tr>\n\n" : '') . "\n\n\n<tr><td></td><td colspan='3'><br />\n<input type='submit' value='" . ($new ? $_lang['global.create'] : $_lang['global.savechanges']) . "' />" . (!$new ? " <small>" . $_lang['admin.content.form.thisid'] . " " . $query['id'] . "</small>" : '') . "\n</td></tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n";
}
// zpravy
$messages_code = "";
if (isset($_GET['r'])) {
switch ($_GET['r']) {
case 1:
$messages_code .= _formMessage(1, $_lang['global.saved']);
break;
case 2:
$messages_code .= _formMessage(1, $_lang['global.created']);
break;
}
}
if ($message != "") {
$messages_code .= _formMessage(2, $message);
}
$output .= "\n<p class='bborder'>" . $_lang['admin.users.edit.p'] . "</p>\n" . $messages_code . "\n<form autocomplete='off' action='index.php?p=users-edit" . ($id != null ? "&id=" . $id : '') . "' method='post' name='userform'" . _jsCheckForm("userform", $id != null ? array("username", "email") : array("username", "email", "password")) . ">\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['login.username'] . "</strong></td>\n<td><input type='text' name='username' class='inputsmall'" . _restorePostValue('username', $query['username']) . " maxlength='24' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['mod.settings.publicname'] . "</strong></td>\n<td><input type='text' name='publicname' class='inputsmall'" . _restorePostValue('publicname', $query['publicname'], false, true, false) . " maxlength='24' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang[$id == null ? 'login.password' : 'mod.settings.password.new'] . "</strong></td>\n<td><input type='password' name='password' class='inputsmall' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.group'] . "</strong></td>\n<td>" . $group_select . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['login.blocked'] . "</strong></td>\n<td><input type='checkbox' name='blocked' value='1'" . _checkboxActivate($query['blocked'] || isset($_POST['blocked'])) . " /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.levelshift'] . "</strong></td>\n<td><input type='checkbox' name='levelshift' value='1'" . _checkboxActivate($query['levelshift'] || isset($_POST['levelshift'])) . _inputDisable(_loginid == 0) . " /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.email'] . "</strong></td>\n<td><input type='text' name='email' class='inputsmall'" . _restorePostValue('email', $query['email']) . " /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.icq'] . "</strong></td>\n<td><input type='text' name='icq' class='inputsmall' value='" . (($val = _restorePostValue('icq', $query['icq'], true)) != 0 ? $val : '') . "' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.skype'] . "</strong></td>\n<td><input type='text' name='skype' class='inputsmall'" . _restorePostValue('skype', $query['skype']) . " /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.msn'] . "</strong></td>\n<td><input type='text' name='msn' class='inputsmall'" . _restorePostValue('msn', $query['msn']) . " /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.jabber'] . "</strong></td>\n<td><input type='text' name='jabber' class='inputsmall' value='" . $query['jabber'] . "' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.web'] . "</strong></td>\n<td><input type='text' name='web' class='inputsmall'" . _restorePostValue('web', $query['web'], false, true, false) . " /> <small>" . $_lang['mod.settings.web.hint'] . "</small></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.avatar'] . "</strong></td>\n<td><label><input type='checkbox' name='removeavatar' value='1' /> " . $_lang['mod.settings.avatar.remove'] . "</label></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['global.note'] . "</strong></td>\n<td><textarea name='note' class='areasmall' rows='9' cols='33'>" . _restorePostValue('note', $query['note'], true, true, false) . "</textarea></td>\n</tr>\n\n<tr><td></td>\n<td><input type='submit' value='" . $_lang[isset($_GET['id']) ? 'global.save' : 'global.create'] . "' />" . ($id != null ? " <small>" . $_lang['admin.content.form.thisid'] . " " . $query['id'] . "</small>" : '') . "</td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n";
// odkaz na profil a zjisteni ip
if ($id != null) {
$output .= "\n <p>\n <a href='" . _indexroot . "index.php?m=profile&id=" . $query['username'] . "' target='_blank'>" . $_lang['mod.settings.profilelink'] . " ></a>\n " . (_loginright_adminbans ? "<br /><a href='index.php?p=other-bans&getip=" . $query['username'] . "'>" . $_lang['admin.other.bans.getuserip'] . " ></a>" : '') . "\n </p>\n ";
}
} else {
switch ($errno) {
case 1:
$output .= _formMessage(2, $_lang['global.baduser']);
break;
case 2:
$output .= _formMessage(2, $_lang['global.rootnote']);
break;
default:
$output .= _formMessage(3, $_lang['global.disallowed']);
break;
}
/* --- vystup --- */
// pole souvisejicich polozek
$content_array = array();
switch ($query['type']) {
case 1:
$content_array[] = DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-posts` WHERE type=1 AND home=" . $id), 0) . " " . $_lang['admin.content.delete.comments'];
break;
case 2:
$content_array[] = DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-articles` WHERE home1=" . $id . " AND home2=-1 AND home3=-1"), 0) . " " . $_lang['admin.content.delete.articles'];
break;
case 3:
$content_array[] = DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-posts` WHERE type=3 AND home=" . $id), 0) . " " . $_lang['admin.content.delete.posts'];
break;
case 5:
case 3:
$content_array[] = DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-images` WHERE home=" . $id), 0) . " " . $_lang['admin.content.delete.images'];
break;
case 8:
$content_array[] = DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-posts` WHERE type=5 AND home=" . $id), 0) . " " . $_lang['admin.content.delete.posts'];
break;
case 9:
_extend('call', 'ppage.' . $query['type_idt'] . '.delete.confirm', array('contents' => &$content_array, 'query' => $query));
break;
default:
$content_array[] = $_lang['admin.content.delete.norelated'];
}
$output .= "\n <p class='bborder'>" . $_lang['admin.content.delete.p'] . "</p>\n <h2>" . $_lang['global.item'] . " <em>" . $query['title'] . "</em></h2><br />\n " . (!empty($content_array) ? "<p>" . $_lang['admin.content.delete.contentlist'] . ":</p>" . _eventList($content_array) . "<div class='hr'><hr /></div>" : '') . "\n\n <form class='cform' action='index.php?p=content-delete&id=" . $id . "' method='post'>\n <input type='hidden' name='confirm' value='1' />\n <input type='submit' value='" . $_lang['admin.content.delete.confirm'] . "' />\n " . _xsrfProtect() . "</form>\n ";
} else {
$output .= _formMessage(3, $_lang['global.badinput']);
}
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- priprava, kontrola pristupovych prav --- */
$message = "";
if (!(_loginright_adminsection or _loginright_admincategory or _loginright_adminbook or _loginright_adminseparator or _loginright_admingallery or _loginright_adminintersection or _loginright_adminpluginpage)) {
$continue = false;
$output .= _formMessage(3, $_lang['global.accessdenied']);
} else {
$continue = true;
}
/* --- akce --- */
if ($continue && isset($_POST['index'])) {
DB::query("UPDATE `" . _mysql_prefix . "-settings` SET `val`=" . ($index_id = intval($_POST['index'])) . ' WHERE `var`=\'index_page_id\'');
$message = _formMessage(1, $_lang['global.done']);
} else {
$index_id = _index_page_id;
}
/* --- vystup --- */
if ($continue) {
$output .= "<p class='bborder'>" . $_lang['admin.content.setindex.p'] . "</p>" . $message . "\n<form class='cform' action='index.php?p=content-setindex' method='post'>\n" . _admin_rootSelect('index', null, $index_id, false) . "\n<input type='submit' value='" . $_lang['global.do'] . "' />\n" . _xsrfProtect() . "</form>\n";
}
}
if (isset($_GET['created'])) {
$message = _formMessage(1, $_lang['global.created']);
}
// wysiwyg editor
$output .= _admin_wysiwyg();
// vypocet hodnoceni
if (!$new) {
if ($query['ratenum'] != 0) {
$rate = DB::result(DB::query("SELECT ROUND(ratesum/ratenum) FROM `" . _mysql_prefix . "-articles` WHERE id=" . $query['id']), 0) . "%, " . $query['ratenum'] . "x";
} else {
$rate = $_lang['article.rate.nodata'];
}
} else {
$rate = "";
}
// seo title input
$seo_input = "<input type='text' name='title_seo' value='" . $query['title_seo'] . "' maxlength='255' class='input" . ($author_select != '' ? 'medium' : 'big') . "' />";
// obrazek
$picture = '';
if (isset($query['picture_uid'])) {
$picture .= "<img src='" . _pictureStorageGet(_indexroot . 'pictures/articles/', null, $query['picture_uid'], 'jpg') . "' alt='article picture' id='is-picture-file' />\n<label id='is-picture-delete'><input type='checkbox' name='picture-delete' value='1' /> <img src='images/icons/delete3.png' class='icon' alt='" . $_lang['global.delete'] . "' /></label>";
} else {
$picture .= "<img src='images/art-no-pic.png' alt='no picture' />\n";
}
$picture .= "<input type='file' name='picture' id='is-picture-upload' />\n";
// formular
$output .= "\n<a href='" . $backlink . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.articles.edit.title'] . "</h1>\n<p class='bborder'>" . $_lang['admin.content.articles.edit.p'] . "</p>" . $message . "\n\n" . (($new == true and _loginright_adminneedconfirm) ? _admin_smallNote($_lang['admin.content.articles.edit.newconfnote']) : '') . "\n" . ($query['confirmed'] != 1 ? _admin_smallNote($_lang['admin.content.articles.edit.confnote']) : '') . "\n\n" . (!$new && DB::result(DB::query('SELECT COUNT(*) FROM `' . _mysql_prefix . '-articles` WHERE `id`!=' . $query['id'] . ' AND `home1`=' . $query['home1'] . ' AND `title_seo`=\'' . $query['title_seo'] . '\''), 0) != 0 ? _formMessage(2, $_lang['admin.content.form.title_seo.collision']) : '') . "\n\n<form class='cform' action='index.php?p=content-articles-edit" . $actionplus . "' method='post' enctype='multipart/form-data' name='artform'" . _jsCheckForm("artform", array("title")) . ">\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['article.category'] . "</strong></td>\n<td>" . _admin_rootSelect("home1", 2, $query['home1'], false) . " " . _admin_rootSelect("home2", 2, $query['home2'], true) . " " . _admin_rootSelect("home3", 2, $query['home3'], true) . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' value='" . $query['title'] . "' class='inputbig' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title_seo'] . "</strong></td>\n<td>" . ($author_select == '' ? $seo_input : "\n <table class='ae-twoi'><tr>\n <td>" . $seo_input . "</td>\n <td class='rpad'><strong>" . $_lang['article.author'] . "</strong></td>\n <td>" . $author_select . "</td>\n </tr></table>\n") . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.description'] . "</strong></td>\n<td>\n <table class='ae-twoi'><tr>\n <td><input type='text' name='description' value='" . $query['description'] . "' maxlength='128' class='inputmedium' /></td>\n <td class='rpad'><strong>" . $_lang['admin.content.form.keywords'] . "</strong></td>\n <td><input type='text' name='keywords' value='" . $query['keywords'] . "' maxlength='128' class='inputmedium' /></td>\n </tr></table>\n</td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.perex'] . "</strong></td>\n<td><textarea name='perex' rows='9' cols='94' class='areabigperex codemirror'>" . _htmlStr($query['perex']) . "</textarea></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.content'] . "</strong>" . $artlink . "</td>\n<td>\n\n <table id='ae-table'>\n <tr class='valign-top'>\n <td id='content-cell'>\n <textarea name='content' rows='25' cols='68' class='wysiwyg_editor" . (!_wysiwyg || !_loginwysiwyg ? ' codemirror' : '') . "'>" . _htmlStr($query['content']) . "</textarea>\n </td>\n <td id='is-cell'>\n <div id='is-cell-wrapper'>\n <div id='is-cell-content'>\n\n <h2>" . $_lang['admin.content.form.picture'] . "</h2>\n <div id='is-picture'>" . $picture . "</div>\n\n <h2>" . $_lang['admin.content.form.settings'] . "</h2>\n <p id='is-settings'>\n <label><input type='checkbox' name='public' value='1'" . _checkboxActivate($query['public']) . " /> " . $_lang['admin.content.form.public'] . "</label>\n <label><input type='checkbox' name='visible' value='1'" . _checkboxActivate($query['visible']) . " /> " . $_lang['admin.content.form.visible'] . "</label>\n " . (_loginright_adminconfirm || !_loginright_adminneedconfirm && $query['author'] == _loginid ? "<label><input type='checkbox' name='confirmed' value='1'" . _checkboxActivate($query['confirmed']) . " /> " . $_lang['admin.content.form.confirmed'] . "</label>" : '') . "\n <label><input type='checkbox' name='comments' value='1'" . _checkboxActivate($query['comments']) . " /> " . $_lang['admin.content.form.comments'] . "</label>\n <label><input type='checkbox' name='commentslocked' value='1'" . _checkboxActivate($query['commentslocked']) . " /> " . $_lang['admin.content.form.commentslocked'] . "</label>\n <label><input type='checkbox' name='rateon' value='1'" . _checkboxActivate($query['rateon']) . " /> " . $_lang['admin.content.form.artrate'] . "</label>\n <label><input type='checkbox' name='showinfo' value='1'" . _checkboxActivate($query['showinfo']) . " /> " . $_lang['admin.content.form.showinfo'] . "</label>\n " . (!$new ? "<label><input type='checkbox' name='resetrate' value='1' /> " . $_lang['admin.content.form.resetartrate'] . " <small>(" . $rate . ")</small></label>" : '') . "\n " . (!$new ? "<label><input type='checkbox' name='delcomments' value='1' /> " . $_lang['admin.content.form.delcomments'] . " <small>(" . DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-posts` WHERE home=" . $query['id'] . " AND type=2"), 0) . ")</small></label>" : '') . "\n " . (!$new ? "<label><input type='checkbox' name='resetread' value='1' /> " . $_lang['admin.content.form.resetartread'] . " <small>(" . $readed_counter . ")</small></label>" : '') . "\n </p>\n\n <h2>" . $_lang['admin.content.form.infobox'] . "</h2>\n <div id='infobox-wrapper'>\n <textarea name='infobox' rows='10' cols='20' class='codemirror'>" . _htmlStr($query['infobox']) . "</textarea>\n </div>\n\n </div>\n </div>\n </td>\n </tr>\n </table>\n\n</td>\n</tr>\n\n<tr id='time-cell'>\n<td class='rpad'><strong>" . $_lang['article.posted'] . "</strong></td>\n<td>" . _editTime('time', $query['time'], true, $new) . "</td>\n</tr>\n\n<tr>\n<td></td>\n<td id='ae-lastrow'><br /><input type='submit' value='" . $_lang[$submittext] . "' />\n" . (!$new ? "\n \n<span class='customsettings'><a href='index.php?p=content-articles-delete&id=" . $query['id'] . "&returnid=" . $query['home1'] . "&returnpage=1'><span><img src='images/icons/delete.png' alt='del' class='icon' />" . $_lang['global.delete'] . "</span></a></span> \n<span class='customsettings'><small>" . $_lang['admin.content.form.thisid'] . " " . $query['id'] . "</small></span>\n" : '') . "\n\n</td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n\n";
} else {
$output .= "<a href='index.php?p=content-articles' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.articles.edit.title'] . "</h1>\n" . _formMessage(3, $_lang['global.badinput']);
}
// strankovani
$paging = _resultPaging(_indexOutput_url, _messagesperpage, 'pm', 'sender=' . _loginid . ' OR receiver=' . _loginid, '&a=' . $a);
if (_pagingmode == 1 or _pagingmode == 2) {
$module .= $paging[0];
}
// tabulka
$module .= "\n <form method='post' action=''>\n<p class='messages-menu'>\n <img src='" . _templateImage('icons/bubble.png') . "' alt='new' class='icon' /><a href='" . _indexOutput_url . "&a=new'>" . $_lang['mod.messages.new'] . "</a>\n</p>\n\n<table class='messages-table'>\n<tr><td width='10'><input type='checkbox' name='selector' onchange=\"var that=this;\$('table.messages-table input').each(function(){this.checked=that.checked;});\" /></td><td><strong>" . $_lang['mod.messages.message'] . "</strong></td><td><strong>" . $_lang['global.user'] . "</strong></td><td><strong>" . $_lang['mod.messages.time.update'] . "</strong></td></tr>\n";
$q = DB::query('SELECT pm.id,pm.sender,pm.receiver,pm.sender_readtime,pm.receiver_readtime,pm.update_time,post.subject,(SELECT COUNT(*) FROM `' . _mysql_prefix . '-posts` AS countpost WHERE countpost.home=pm.id AND countpost.type=6 AND (pm.sender=' . _loginid . ' AND countpost.time>pm.receiver_readtime OR pm.receiver=' . _loginid . ' AND countpost.time>pm.sender_readtime)) AS unread_counter FROM `' . _mysql_prefix . '-pm` AS pm JOIN `' . _mysql_prefix . '-posts` AS post ON (post.home=pm.id AND post.type=6 AND post.xhome=-1) WHERE pm.sender=' . _loginid . ' AND pm.sender_deleted=0 OR pm.receiver=' . _loginid . ' AND pm.receiver_deleted=0 ORDER BY pm.update_time DESC ' . $paging[1]);
while ($r = DB::row($q)) {
$read = $r['sender'] == _loginid && $r['sender_readtime'] >= $r['update_time'] || $r['receiver'] == _loginid && $r['receiver_readtime'] >= $r['update_time'];
$module .= "<tr><td><input type='checkbox' name='msg[]' value='" . $r['id'] . "' /></td><td><a href='" . _indexOutput_url . "&a=list&read=" . $r['id'] . "'" . ($read ? '' : ' class="notreaded"') . ">" . $r['subject'] . "</a></td><td>" . _linkUser($r['sender'] == _loginid ? $r['receiver'] : $r['sender']) . " <small>(" . $r['unread_counter'] . ")</small></td><td>" . _formatTime($r['update_time']) . "</td></tr>\n";
}
if (!isset($read)) {
$module .= "<tr><td colspan='4'>" . $_lang['mod.messages.nokit'] . "</td></tr>\n";
}
$module .= "\n<tr><td colspan='4'>\n <div class='hr'><hr /></div>\n <select name='action'>\n <option value='1'>" . $_lang['mod.messages.delete.selected'] . "</option>\n <option value='2'>" . $_lang['mod.messages.delete.readed'] . "</option>\n <option value='3'>" . $_lang['mod.messages.delete.all'] . "</option>\n </select>\n <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n</td></tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n";
// strankovani dole
if (_pagingmode == 2 or _pagingmode == 3) {
$module .= '<br />' . $paging[0];
}
break;
}
// zpetny odkaz, titulek
$start = '';
if (!$list) {
$start .= "<a href='" . _indexOutput_url . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n";
}
if (_template_autoheadings == 1) {
$start .= "<h1>" . $_lang[$mod_title] . "</h1>\n";
}
if (!$list) {
if ($id == 2 and !in_array($item, $unregistered_useable) or _userHasNotRight($item)) {
continue;
}
$newdata[$item] = _checkboxLoad($item);
}
}
// ulozeni
$sql = '';
$last = sizeof($newdata) - 1;
$counter = 0;
foreach ($newdata as $col => $val) {
$sql .= '`' . $col . '`=\'' . $val . '\'';
if ($counter !== $last) {
$sql .= ',';
}
++$counter;
}
DB::query('UPDATE `' . _mysql_prefix . '-groups` SET ' . $sql . ' WHERE id=' . $id);
// reload stranky
define('_redirect_to', 'index.php?p=users-editgroup&id=' . $id . '&saved');
return;
}
/* --- vystup --- */
$output .= "\n <p class='bborder'>" . $_lang['admin.users.groups.editp'] . "</p>\n " . (isset($_GET['saved']) ? _formMessage(1, $_lang['global.saved']) : '') . "\n " . ($systemitem ? _admin_smallNote($_lang['admin.users.groups.specialgroup.editnotice']) : '') . "\n <form action='index.php?p=users-editgroup&id=" . $id . "' method='post'>\n <table>\n\n <tr>\n <td><strong>" . $_lang['global.name'] . "</strong></td>\n <td><input type='text' name='title' class='inputmedium' value='" . $query['title'] . "' maxlength='32' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.descr'] . "</strong></td>\n <td><input type='text' name='descr' class='inputmedium' value='" . $query['descr'] . "' maxlength='128' /></td>\n </tr>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.users.groups.level'] . "</strong></td>\n <td><input type='text' name='level' class='inputmedium' value='" . $query['level'] . "'" . _inputDisable(!$systemitem) . " /></td>\n </tr>\n\n " . ($id != 2 ? "\n <tr><td><strong>" . $_lang['admin.users.groups.icon'] . "</strong></td><td><input type='text' name='icon' class='inputsmall' value='" . $query['icon'] . "' maxlength='16' /></td></tr>\n <tr><td><strong>" . $_lang['admin.users.groups.color'] . "</strong></td><td><input type='text' name='color' class='inputsmall' value='" . $query['color'] . "' maxlength='16' /></td></tr>\n <tr><td class='rpad'><strong>" . $_lang['admin.users.groups.reglist'] . "</strong></td><td><input type='checkbox' name='reglist' value='1'" . _checkboxActivate($query['reglist']) . " /></td></tr>\n " : '') . "\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.users.groups.blocked'] . "</strong></td>\n <td><input type='checkbox' name='blocked' value='1'" . _checkboxActivate($query['blocked']) . _inputDisable($id != 1 and $id != 2) . " /></td>\n </tr>\n\n </table><br />\n\n <fieldset>\n <legend>" . $_lang['admin.users.groups.commonrights'] . "</legend>\n <table>\n\n " . $rights . "\n\n\n </table></fieldset><br />\n\n\n <br />\n <input type='submit' value='" . $_lang['global.save'] . "' /> <small>" . $_lang['admin.content.form.thisid'] . " " . $id . "</small>\n\n " . _xsrfProtect() . "</form>\n ";
} else {
if ($levelconflict == false) {
$output .= _formMessage(3, $_lang['global.badinput']);
} else {
$output .= _formMessage(3, $_lang['global.disallowed']);
}
}
$nokit = false;
// zprava
if (isset($_GET['created'])) {
$message = _formMessage(1, $_lang['global.created']);
}
$output .= "<div class='hr'><hr /></div><br />" . $message . "\n<form class='cform' action='index.php?p=content-boxes-edit&c=" . urlencode($c) . "&saved' method='post'>\n<input type='hidden' name='do' value='1' />\n<p><input type='submit' value='" . $_lang['admin.content.boxes.saveboxeschanges'] . "' /> <a href='index.php?p=content-boxes-new&c=" . urlencode($c) . "'><img src='images/icons/new.png' alt='new' class='icon' />" . $_lang['admin.content.boxes.create'] . "</a></p>\n<table id='boxesedit'>\n";
$query = DB::query("SELECT * FROM `" . _mysql_prefix . "-boxes` WHERE `column`='" . DB::esc($c) . "' ORDER BY ord");
if (DB::size($query) != 0) {
$isfirst = true;
while ($item = DB::row($query)) {
if ($isfirst) {
$output .= "\n\n\n\n<tr>\n\n\n\n";
}
$output .= "\n <td class='cell'>\n <div>\n <table class='formtable'>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n <td><input type='text' name='" . $item['id'] . "-title' value='" . $item['title'] . "' class='inputmedium' maxlength='96' /></td>\n </tr>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.boxes.column'] . "</strong></td>\n <td><input type='text' maxlength='64' name='" . $item['id'] . "-column' value='" . _htmlStr($item['column']) . "' class='inputmedium' /></td>\n </tr>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n <td><input type='text' name='" . $item['id'] . "-ord' value='" . $item['ord'] . "' class='inputmedium' /></td>\n </tr>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.class'] . "</strong></td>\n <td><input type='text' name='" . $item['id'] . "-class' value='" . $item['class'] . "' class='inputmedium' maxlength='24' /></td>\n </tr>\n\n <tr class='valign-top'>\n <td class='rpad'><strong>" . $_lang['admin.content.form.content'] . "</strong></td>\n <td><textarea name='" . $item['id'] . "-content' class='areasmall_100pwidth codemirror' rows='9' cols='33'>" . _htmlStr($item['content']) . "</textarea></td>\n </tr>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n <td>\n <label><input type='checkbox' name='" . $item['id'] . "-visiblenew' value='1'" . _checkboxActivate($item['visible']) . " /> " . $_lang['admin.content.form.visible'] . "</label> \n <label><input type='checkbox' name='" . $item['id'] . "-publicnew' value='1'" . _checkboxActivate($item['public']) . " /> " . $_lang['admin.content.form.public'] . "</label>\n <input type='hidden' name='" . $item['id'] . "-visible' value='1' />\n <input type='hidden' name='" . $item['id'] . "-public' value='1' />\n <a href='" . _xsrfLink("index.php?p=content-boxes-edit&c=" . urlencode($c) . "&del=" . $item['id']) . "' onclick='return _sysConfirm();'><img src='images/icons/delete.png' alt='del' class='icon' />" . $_lang['admin.content.boxes.delete'] . "</a>\n </td>\n </tr>\n\n </table>\n </div>\n </td>\n ";
if (!$isfirst) {
$output .= "\n\n\n\n</tr>\n\n\n\n";
}
$isfirst = !$isfirst;
}
// dodatecne uzavreni radku tabulky (pri lichem poctu boxu)
if (!$isfirst) {
$output .= "\n\n\n\n</tr>\n\n\n\n";
}
} else {
$nokit = true;
$output .= '<tr><td>' . $_lang['global.nokit'] . '</td></tr>';
}
$output .= "</table>\n" . ($nokit ? '' : "<p><input type='submit' value='" . $_lang['admin.content.boxes.saveboxeschanges'] . "' /></p>") . "\n" . _xsrfProtect() . "</form>";
} else {
$output .= _formMessage(3, $_lang['global.badinput']);
}
/* --- odstraneni --- */
$done = false;
if (isset($_POST['doit'])) {
// smazani skupiny
if (!$systemgroup) {
DB::query("DELETE FROM `" . _mysql_prefix . "-groups` WHERE id=" . $id);
}
// zmena vychozi skupiny
if (!$systemgroup and $id == _defaultgroup) {
DB::query("UPDATE `" . _mysql_prefix . "-settings` SET val='3' WHERE var='defaultgroup'");
}
// smazani uzivatelu
$users = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE `group`=" . $id . " AND id!=0");
while ($user = DB::row($users)) {
_deleteUser($user['id']);
}
$done = true;
}
/* --- vystup --- */
if ($done != true) {
$output .= "\n <p class='bborder'>" . $_lang['admin.users.groups.delp'] . "</p>\n " . ($systemgroup ? _admin_smallNote($_lang['admin.users.groups.specialgroup.delnotice']) : '') . "\n <form class='cform' action='index.php?p=users-delgroup&id=" . $id . "' method='post'>\n <input type='hidden' name='doit' value='1' />\n <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n " . _xsrfProtect() . "</form>\n ";
} else {
$output .= _formMessage(1, $_lang['global.done']);
}
} else {
if ($levelconflict == false) {
$output .= _formMessage(3, $_lang['global.badinput']);
} else {
$output .= _formMessage(3, $_lang['global.disallowed']);
}
}
// zprava
if ($done != 0) {
$output .= _formMessage(1, str_replace(array("*done*", "*total*"), array($done, $item_total), $_lang['admin.other.massemail.send']));
} else {
$output .= _formMessage(2, $_lang['admin.other.massemail.noreceiversfound']);
}
} else {
// vypis emailu
$emails_total = DB::size($query);
if ($emails_total != 0) {
$emails = '';
$email_counter = 0;
while ($item = DB::row($query)) {
++$email_counter;
$emails .= $item['email'];
if ($email_counter !== $emails_total) {
$emails .= ',';
}
}
$output .= _formMessage(1, "<textarea class='areasmallwide' rows='9' cols='33' name='list'>" . $emails . "</textarea>");
} else {
$output .= _formMessage(2, $_lang['admin.other.massemail.noreceiversfound']);
}
}
} else {
$output .= _formMessage(2, _eventList($errors, 'errors'));
}
}
/* --- vystup --- */
$output .= "\n<br />\n<form class='cform' action='index.php?p=other-massemail' method='post'>\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.sender'] . "</strong></td>\n<td><input type='text' name='sender'" . _restorePostValue("sender", _sysmail) . " class='inputbig' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['posts.subject'] . "</strong></td>\n<td><input type='text' name='subject' class='inputbig'" . _restorePostValue("subject") . " /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.receivers'] . "</strong></td>\n<td>" . _admin_authorSelect("receivers", -1, "1", "selectbig", null, true, 4) . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.ctype'] . "</strong></td>\n<td>\n <select name='ctype' class='selectbig'>\n <option value='1'>" . $_lang['admin.other.massemail.ctype.1'] . "</option>\n <option value='2'" . ((isset($_POST['ctype']) and $_POST['ctype'] == 2) ? " selected='selected'" : '') . ">" . $_lang['admin.other.massemail.ctype.2'] . "</option>\n </select>\n</td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.text'] . "</strong></td>\n<td><textarea name='text' class='areabig' rows='9' cols='94'>" . _restorePostValue("text", null, true) . "</textarea></td>\n</tr>\n\n<tr><td></td>\n<td><input type='submit' value='" . $_lang['global.send'] . "' /> <label><input type='checkbox' name='maillist' value='1'" . _checkboxActivate(_checkboxLoad("maillist")) . " /> " . $_lang['admin.other.massemail.maillist'] . "</label></td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n";
$images_forms = array();
if (DB::size($images) != 0) {
// sestaveni formularu
while ($image = DB::row($images)) {
// kod nahledu
$preview = _galleryImage($image, "1", $galdata['var4'], $galdata['var3']);
// kod formulare
$images_forms[] .= "\n<table>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='i" . $image['id'] . "_title' class='inputmedium' value='" . $image['title'] . "' maxlength='64' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n<td><input type='text' name='i" . $image['id'] . "_ord' class='inputmedium' value='" . $image['ord'] . "' /></td>\n</tr>\n\n" . (!$image['in_storage'] ? "<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.manageimgs.prev'] . "</strong></td>\n<td><input type='hidden' name='i" . $image['id'] . "_prevtrigger' value='1' /><input type='text' name='i" . $image['id'] . "_prev' class='inputsmall' value='" . $image['prev'] . "'" . _inputDisable($image['prev'] != "") . " /> <label><input type='checkbox' name='i" . $image['id'] . "_autoprev' value='1' onclick=\"_sysDisableField(checked, 'editform', 'i" . $image['id'] . "_prev');\"" . _checkboxActivate($image['prev'] == "") . " /> " . $_lang['admin.content.manageimgs.autoprev'] . "</label></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.manageimgs.full'] . "</strong></td>\n<td><input type='text' name='i" . $image['id'] . "_full' class='inputmedium' value='" . $image['full'] . "' /></td>\n</tr>" : '') . "\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['global.preview'] . "</strong></td>\n<td>" . $preview . "<br /><br /><a href='" . _xsrfLink("index.php?p=content-manageimgs&g=" . $g . "&page=" . $s . "&del=" . $image['id']) . "' onclick='return _sysConfirm();'><img src='images/icons/delete.png' alt='del' class='icon' />" . $_lang['admin.content.manageimgs.delete'] . "</a></td>\n</tr>\n\n</table>\n ";
}
// sestaveni tabulky formularu po dvou
$output .= "\n<table id='gallery-edittable'>";
$count = count($images_forms);
for ($i = 0; $i < $count; $i += 2) {
if (isset($images_forms[$i])) {
$output .= "<tr><td" . (0 === $i % 2 && !isset($images_forms[$i + 1]) && 1 !== $count ? ' colspan="2"' : '') . " class='gallery-edittable-td'>\n" . $images_forms[$i] . "\n</td>\n";
if (isset($images_forms[$i + 1])) {
$output .= "<td class='gallery-edittable-td'>\n" . $images_forms[$i + 1] . "\n</td></tr>\n";
} else {
$output .= '</tr>' . _nl;
}
}
}
$output .= '</table>';
$output .= "<input type='submit' value='" . $_lang['admin.content.manageimgs.savechanges'] . "' class='gallery-savebutton' />\n" . $paging[0];
} else {
$output .= '<p>' . $_lang['global.nokit'] . '</p>';
}
$output .= "\n" . _xsrfProtect() . "</form>\n</fieldset>\n\n\n<a id='func'></a>\n<fieldset class='hs_fieldset'>\n<legend><a href='#'>" . $_lang['admin.content.manageimgs.moveallords'] . "</a></legend>\n\n<form class='cform' action='index.php?p=content-manageimgs&g=" . $g . "&page=" . $s . "' method='post'>\n<input type='hidden' name='xaction' value='2' />\n<select name='moveaction'><option value='1'>" . $_lang['admin.content.move.choice1'] . "</option><option value='2'>" . $_lang['admin.content.move.choice2'] . "</option></select> \n" . $_lang['admin.content.move.text1'] . " \n<select name='zonedir'><option value='1'>" . $_lang['admin.content.move.choice3'] . "</option><option value='2'>" . $_lang['admin.content.move.choice4'] . "</option></select> \n" . $_lang['admin.content.move.text2'] . " \n<input type='text' name='zone' value='1' class='inputmini' maxlength='5' /> ,\n" . $_lang['admin.content.move.text3'] . " \n<input type='text' name='offset' value='1' class='inputmini' maxlength='5' />. \n<input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n" . _xsrfProtect() . "</form>\n\n<form class='cform' action='index.php?p=content-manageimgs&g=" . $g . "&page=" . $s . "' method='post'>\n<input type='hidden' name='xaction' value='3' />\n" . $_lang['admin.content.manageimgs.moveallords.cleanup'] . " <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n" . _xsrfProtect() . "</form>\n\n</fieldset>\n\n<table width='100%'>\n<tr class='valign-top'>\n\n<td width='50%'>\n <fieldset class='hs_fieldset'>\n <legend><a href='#'>" . $_lang['admin.content.manageimgs.moveimgs'] . "</a></legend>\n\n <form class='cform' action='index.php?p=content-manageimgs&g=" . $g . "&page=" . $s . "' method='post'>\n <input type='hidden' name='xaction' value='5' />\n " . _admin_rootSelect("newhome", 5, -1, false) . " <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' /><br /><br />\n <label><input type='checkbox' name='moveords' value='1' checked='checked' /> " . $_lang['admin.content.manageimgs.moveords'] . "</label>\n " . _xsrfProtect() . "</form>\n\n </fieldset>\n</td>\n\n<td>\n <fieldset class='hs_fieldset'>\n <legend><a href='#'>" . $_lang['admin.content.manageimgs.delimgs'] . "</a></legend>\n\n <form class='cform' action='index.php?p=content-manageimgs&g=" . $g . "&page=" . $s . "' method='post'>\n <input type='hidden' name='xaction' value='6' />\n <label><input type='checkbox' name='confirm' value='1' /> " . $_lang['admin.content.manageimgs.delimgs.confirm'] . "</label> <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n " . _xsrfProtect() . "</form>\n\n </fieldset>\n</td>\n\n</tr>\n</table>\n\n";
} else {
$output .= _formMessage(3, $_lang['global.badinput']);
}
$handle = opendir($backup_dir);
while (false !== ($item = readdir($handle))) {
if ($item === '.' || $item === '..' || !is_file($backup_dir . $item)) {
continue;
}
$backups[] = $item;
}
// serazeni a vypis
if (!empty($backups)) {
natsort($backups);
$output .= "<table class='list'>\n<thead><tr><td>" . $_lang['admin.other.backup.restore.item'] . "</td><td>" . $_lang['global.type'] . "</td><td>" . $_lang['global.time'] . "</td><td>" . $_lang['global.note'] . "</td><td>" . $_lang['global.size'] . "</td><td>" . $_lang['global.extra'] . "</td></tr></thead>\n<tbody>\n";
foreach ($backups as $file) {
// info o archivu
$file_err = false;
$file_vars = _backupCheckFile($backup_dir . $file, array(_backup_db, _backup_partial), true);
if (!is_array($file_vars)) {
$file_err = true;
}
$file_h = _htmlStr($file);
// polozka
$output .= "<tr>\n<td><label><input type='radio' name='fname' value='" . $file_h . "'" . ($file_err ? " disabled='disabled'" : '') . " /> " . $file_h . "</label></td>\n<td>" . ($file_err ? '-' : $_lang['admin.other.backup.backup.' . ($file_vars['type'] === _backup_db ? 'db' : 'partial')]) . "</td>\n<td>" . ($file_err ? '-' : _formatTime($file_vars['time'])) . "</td>\n<td>" . ($file_err ? "<img src='images/icons/warn.png' alt='err' /> " . $_lang['global.error'] : (empty($file_vars['note']) ? '-' : _htmlStr(_cutStr($file_vars['note'], 48, false)))) . "</td>\n<td>" . number_format(filesize($backup_dir . $file) / 1024, 0, '.', ' ') . "kB</td>\n<td><a href='" . $backup_dir . $file_h . "'>" . $_lang['global.download'] . "</a></td>\n</tr>\n";
}
$output .= "</tbody></table><br />\n\n<p><strong>" . $_lang['global.action'] . ":</strong> \n<select name='sub_action'>\n <option value='-1'>...</option>\n <option value='1'>" . $_lang['admin.other.backup.restore.do'] . "</option>\n <option value='2'>" . $_lang['global.delete'] . "</option>\n</select> \n<input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' /> \n<a href='index.php?p=fman&dir=" . urlencode('../data/backup/') . "'><img src='images/icons/list.png' class='icon' alt='fman' />" . $_lang['admin.other.backup.restore.fman'] . "</a>\n</p>\n\n" . _admin_smallNote($_lang['admin.other.backup.restore.warning'], true, 'warn');
} else {
$output .= '<p>' . $_lang['admin.other.backup.restore.none'] . '</p>';
}
$output .= "\n</fieldset>\n" . _xsrfProtect() . "</form>\n";
} else {
/* ----- volba akce ----- */
$output .= (_loginright_adminbackup ? "\n<fieldset>\n<legend>" . $_lang['admin.other.backup.backup'] . "</legend>\n<form action='index.php?p=other-backup' method='post'>\n<p>" . $_lang['admin.other.backup.backup.p'] . "</p>\n\n<input type='hidden' name='do_backup' value='1' />\n<p><input type='submit' value='" . $_lang['admin.other.backup.backup.db'] . "' name='type_db' /> <small class='note'>(" . $_lang['admin.other.backup.backup.db.hint'] . ")</small></p>\n<p><input type='submit' value='" . $_lang['admin.other.backup.backup.partial'] . "' name='type_partial' /> <small class='note'>(" . $_lang['admin.other.backup.backup.partial.hint'] . ")</small></p>\n<p><input type='submit' value='" . $_lang['admin.other.backup.backup.full'] . "' name='type_full' /> <small class='note'>(" . $_lang['admin.other.backup.backup.full.hint'] . ")</small></p>\n\n" . _xsrfProtect() . "</form>\n</fieldset>" : '') . (_loginright_adminrestore ? "\n\n<fieldset>\n<legend>" . $_lang['admin.other.backup.restore'] . "</legend>\n<form class='cform' method='post'>\n<p>" . $_lang['admin.other.backup.restore.p'] . "</p>\n<p><input type='submit' name='do_restore' value='" . $_lang['global.continue'] . "' /></p>\n" . _xsrfProtect() . "</form>\n</fieldset>\n" : '');
}
echo _htmlStr($code);
}
?>
</textarea><br />
<input type="submit" value="<?php
echo $_lang['global.do'];
?>
" /> <label><input type="checkbox" name="html" value="1"<?php
echo _checkboxActivate(isset($_POST['html']) ? 1 : 0);
?>
/> <?php
echo $_lang['admin.other.php.html'];
?>
</label>
<?php
echo _xsrfProtect();
?>
</form>
<?php
if ($process) {
$html = isset($_POST['html']);
echo '<h2>' . $_lang['global.result'] . '</h2>';
if (!$html) {
echo '<br /><pre>';
ob_start();
} else {
echo '<br />';
}
eval($code);
if (!$html) {
}
/* --- nacteni promennych --- */
$continue = false;
if (isset($_GET['id']) and isset($_GET['returnid']) and isset($_GET['returnpage'])) {
$id = intval($_GET['id']);
$returnid = intval($_GET['returnid']);
$returnpage = intval($_GET['returnpage']);
$query = DB::query("SELECT title FROM `" . _mysql_prefix . "-articles` WHERE id=" . $id . _admin_artAccess());
if (DB::size($query) != 0) {
$query = DB::row($query);
$continue = true;
}
}
/* --- ulozeni --- */
if (isset($_POST['confirm'])) {
// smazani komentaru
DB::query("DELETE FROM `" . _mysql_prefix . "-posts` WHERE type=2 AND home=" . $id);
// smazani clanku
DB::query("DELETE FROM `" . _mysql_prefix . "-articles` WHERE id=" . $id);
// udalost
_extend('call', 'admin.article.delete', array('id' => $id));
// presmerovani
define('_redirect_to', 'index.php?p=content-articles-list&cat=' . $returnid . '&page=' . $returnpage . '&artdeleted');
return;
}
/* --- vystup --- */
if ($continue) {
$output .= "\n<a href='index.php?p=content-articles-list&cat=" . $returnid . "&page=" . $returnpage . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.articles.delete.title'] . "</h1>\n<p class='bborder'>" . str_replace("*arttitle*", $query['title'], $_lang['admin.content.articles.delete.p']) . "</p>\n<form class='cform' action='index.php?p=content-articles-delete&id=" . $id . "&returnid=" . $returnid . "&returnpage=" . $returnpage . "' method='post'>\n<input type='hidden' name='confirm' value='1' />\n<input type='submit' value='" . $_lang['admin.content.articles.delete.confirmbox'] . "' />\n" . _xsrfProtect() . "</form>\n";
} else {
$output .= _formMessage(3, $_lang['global.badinput']);
}
/* --- priprava --- */
if (isset($_GET['c'])) {
$c = _get('c');
$returntolist = true;
} else {
$c = '1';
$returntolist = false;
}
/* --- ulozeni --- */
if (isset($_POST['title'])) {
// nacteni promennych
$title = DB::esc(_htmlStr($_POST['title']));
$column = _post('column');
$ord = floatval($_POST['ord']);
$content = DB::esc(_filtrateHCM($_POST['content']));
$visible = _checkboxLoad('visible');
$public = _checkboxLoad('public');
$class = trim($_POST['class']);
if ($class === '') {
$class = null;
} else {
$class = DB::esc(_htmlStr($class));
}
// vlozeni
DB::query("INSERT INTO `" . _mysql_prefix . "-boxes` (ord,title,content,visible,public,`column`,class) VALUES (" . $ord . ",'" . $title . "','" . $content . "'," . $visible . "," . $public . ",'" . DB::esc($column) . "'," . (isset($class) ? '\'' . $class . '\'' : 'NULL') . ")");
define('_redirect_to', 'index.php?p=content-boxes-edit&c=' . urlencode($column) . '&created');
return;
}
/* --- vystup --- */
$output .= "\n<a href='index.php?p=" . ($returntolist ? "content-boxes-edit&c=" . urlencode($c) : "content-boxes") . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.boxes.new.title'] . "</h1>\n<p class='bborder'></p>\n\n<form class='cform' action='index.php?p=content-boxes-new&c=" . urlencode($c) . "' method='post'>\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' class='inputmedium' maxlength='96' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.boxes.column'] . "</strong></td>\n<td><input type='text' maxlength='64' name='column' value='" . _htmlStr($c) . "' class='inputmedium' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n<td><input type='text' name='ord' value='1' class='inputmedium' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.class'] . "</strong></td>\n<td><input type='text' name='class' class='inputmedium' maxlength='24' /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.content'] . "</strong></td>\n<td><textarea name='content' class='areasmall_100pwidth codemirror' rows='9' cols='33'></textarea></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n<td>\n<label><input type='checkbox' name='visible' value='1' checked='checked' /> " . $_lang['admin.content.form.visible'] . "</label> \n<label><input type='checkbox' name='public' value='1' checked='checked' /> " . $_lang['admin.content.form.public'] . "</label>\n</td>\n</tr>\n\n<tr>\n<td></td>\n<td><input type='submit' value='" . $_lang['global.create'] . "' /></td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n\n";
$module .= "<p><a href='" . $backlink . "'>< " . $_lang['global.return'] . "</a></p>";
// zprava
$module .= $message;
// formular
if ($continue) {
$furl = 'index.php?m=movetopic&id=' . $id;
$module .= '
<form action="' . $furl . '" method="post">
' . _formMessage(2, sprintf($_lang['mod.movetopic.text'], $query['subject'])) . '
<p>
<select name="new_forum"' . (empty($forums) ? " disabled='disabled'" : '') . '>
';
if (empty($forums)) {
$module .= "<option value='-1'>" . $_lang['mod.movetopic.noforums'] . "</option>\n";
} else {
foreach ($forums as $fid => $ftitle) {
$module .= "<option value='" . $fid . "'>" . $ftitle . "</option>\n";
}
}
$module .= '</select>
<input type="submit" value="' . $_lang['mod.movetopic.submit'] . '" />
</p>
' . _xsrfProtect() . '</form>
';
} else {
/*neplatny vstup*/
if (!$scriptbreak) {
$module .= _formMessage(3, $_lang['global.badinput']);
$found = false;
}
}
}
$message = _formMessage(1, $_lang['global.saved']);
}
/* --- vystup --- */
if ($continue) {
$output .= "<p class='bborder'>" . $_lang['admin.content.titles.p'] . "</p>" . $message . "\n\n<form action='index.php?p=content-titles' method='post'>\n<input type='hidden' name='do' value='1' />\n\n<table>\n<tr><td><strong>" . $_lang['global.item'] . "</strong></td><td class='lpad'><strong>" . $_lang['global.type'] . "</strong></td></tr>\n";
// funkce
function _admin_titleListItem($item, $ipad = false)
{
global $_lang;
$type_array = _admin_getTypeArray();
if ($ipad == true) {
$ipad = " class='intersecpad'";
} else {
$ipad = "";
}
return "<tr><td" . $ipad . "><input class='inputmedium' type='text' maxlength='96' name='" . $item['id'] . "' value='" . $item['title'] . "' /></td><td class='lpad'>" . $_lang['admin.content.' . $type_array[$item['type']]] . "</td></tr>\n";
}
// vypis
$query = DB::query("SELECT id,title,type FROM `" . _mysql_prefix . "-root` WHERE intersection=-1 ORDER BY ord");
while ($item = DB::row($query)) {
$output .= _admin_titleListItem($item);
if ($item['type'] == 7) {
$iquery = DB::query("SELECT id,title,type FROM `" . _mysql_prefix . "-root` WHERE intersection=" . $item['id'] . " ORDER BY ord");
while ($iitem = DB::row($iquery)) {
$output .= _admin_titleListItem($iitem, true);
}
}
}
$output .= "\n<tr>\n<td><br /><input type='submit' value='" . $_lang['global.save'] . "' /> <input type='reset' value='" . $_lang['global.reset'] . "' onclick='return _sysConfirm();' /></td>\n<td></td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>";
}
$homeid = 2;
$homecheck = array(1, 3);
}
if ($item['home3'] == $source) {
$homeid = 3;
$homecheck = array(1, 2);
}
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home" . $homeid . "=" . $target . " WHERE id=" . $item['id']);
foreach ($homecheck as $hc) {
if ($item['home' . $hc] == $target) {
if ($hc != 1) {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home" . $hc . "=-1 WHERE id=" . $item['id']);
} else {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home" . $homeid . "=-1 WHERE id=" . $item['id']);
}
}
}
$counter++;
}
} else {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home1=" . $target . ",home2=-1,home3=-1 WHERE home1=" . $source . " OR home2=" . $source . " OR home3=" . $source);
$counter = DB::affectedRows();
}
$message = _formMessage(1, str_replace("*moved*", $counter, $_lang['admin.content.movearts.done']));
} else {
$message = _formMessage(2, _eventList($error_log, 'errors'));
}
}
/* --- vystup --- */
$output .= "\n<p class='bborder'>" . $_lang['admin.content.movearts.p'] . "</p>\n" . $message . "\n<form class='cform' action='index.php?p=content-movearts' method='post'>\n" . $_lang['admin.content.movearts.text1'] . " " . _admin_rootSelect("source", 2, -1, false) . " " . $_lang['admin.content.movearts.text2'] . " " . _admin_rootSelect("target", 2, -1, false) . " <input type='submit' value='" . $_lang['global.do'] . "' />\n<br /><br />\n<label><input type='checkbox' name='fullmove' value='1' /> " . $_lang['admin.content.movearts.fullmove'] . "</label>\n" . _xsrfProtect() . "</form>\n";