public static function logout()
{
DB::query("DELETE FROM webchat_users WHERE name = '" . DB::esc($_SESSION['user']['name']) . "'");
$_SESSION = array();
unset($_SESSION);
return array('status' => 1);
}
function _HCM_linkuser($jmeno = "")
{
$name = DB::esc(_anchorStr($jmeno, false));
$query = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
return _linkUser($query['id']);
}
}
function action_show()
{
if (isset($_GET['id']) && $_GET['id'] > 0) {
$id = DB::esc(intval($_GET['id']));
$this->data = $this->model->getAdvert($id);
$this->view->setData($this->data);
$this->view->setTitle($this->data['title']);
$this->view->display('advert_view.php');
} else {
$this->action_404();
}
}
function action_category()
{
if (isset($_GET['id']) && $_GET['id'] > 0) {
$id = DB::esc(intval($_GET['id']));
$category = new Category($id, $this->model);
$this->view->setData(array("category" => $category));
$this->view->setTitle($category->getName());
$this->view->display('category_view.php');
} else {
$this->action_404();
}
}
private static function explodeParameters($paramsArray)
{
if (!empty($paramsArray)) {
$params = $paramsArray;
$pairs = explode('&', $params);
foreach ($pairs as $pair) {
$part = explode('=', $pair);
// SQL Injection protection !!!
self::$params[$part[0]] = DB::esc(urldecode($part[1]));
}
}
}
public function getDetails()
{
$q = "SELECT r.id AS id, u.username AS user1, v.username AS user2, w.name AS grp, title, text, completed, begin, end, created, modified\n FROM reminders AS r \n LEFT OUTER JOIN users AS u ON r.user_id = u.id\n LEFT OUTER JOIN users AS v ON r.backup_user_id = v.id\n LEFT OUTER JOIN roles AS w ON r.group_id = w.id\n WHERE r.id = " . DB::esc($this->id);
$results = DB::query($q);
if (!$results) {
throw new Exception(DB::getMySQLiObject()->error);
}
$output = null;
if ($results) {
while ($output[] = mysqli_fetch_assoc($results)) {
}
}
if (!is_null($output) && end($output) == null) {
array_pop($output);
}
return $output;
}
/**
* Export database data
* @param array|null $tables array of table names (with prefix) or null (= all)
* @return array temporary file array(handle, path) containing the data
*/
public function exportData($tables = null)
{
// find all tables
if (!isset($tables)) {
$tables = $this->_get_tables();
}
// get temporary file
$file = _tmpFile();
// vars
$null = chr(0);
$nullv = chr(1);
$prefix_len = strlen(_mysql_prefix) + 1;
// headers
$ver = _checkVersion('database', null, true);
$ver = end($ver);
fwrite($file[0], $ver . $null);
// data
for ($i = 0; isset($tables[$i]); ++$i) {
// query
$q = DB::query('SELECT * FROM `' . $tables[$i] . '`');
if (DB::size($q) === 0) {
// skip empty tables
DB::free($q);
continue;
}
// table header
$collist = true;
fwrite($file[0], substr($tables[$i], $prefix_len) . $null);
while ($r = DB::row($q)) {
// column list for table header (once)
if ($collist) {
$collist = false;
fwrite($file[0], implode($null, array_keys($r)) . $null . $null);
}
// row data
foreach ($r as $c) {
fwrite($file[0], (isset($c) ? DB::esc($c) : $nullv) . $null);
}
}
fwrite($file[0], $null);
DB::free($q);
$r = null;
}
// return
return $file;
}
public function get($group = null)
{
if (is_null($group)) {
$results = DB::query("\n SELECT id, handle_number, handle_name, description, gps_status\n FROM handles\n ORDER BY handle_name ASC\n ");
} elseif (is_numeric($group)) {
$group_id = DB::esc($group);
$results = DB::query("\n SELECT id, handle_number, handle_name, description, gps_status\n FROM handles\n WHERE group_id = {$group_id}\n ORDER BY handle_name ASC\n ");
} else {
return false;
}
while ($data[] = mysqli_fetch_assoc($results)) {
}
if (!is_null($data) && end($data) == null) {
array_pop($data);
}
return $data;
}
public function addAdvert($title, $type, $tel, $email, $content, $category, $holder)
{
$title = DB::esc($_POST["title"]);
$tel = DB::esc($_POST["tel"]);
$email = DB::esc($_POST["email"]);
$content = DB::esc($_POST["content"]);
$category = DB::esc($_POST["category"]);
$holder = DB::esc($_POST["holder"]);
$type = DB::esc($_POST["type"]);
$date = date("Y-m-d");
$res = DB::query("INSERT INTO adverts (id_holder,title,content,type,category_id,date,tel,email) " . "VALUES({$holder},'{$title}','{$content}',{$type},{$category},'{$date}','{$tel}','{$email}')");
if ($res) {
$json_data = array("result" => TRUE, "msg" => "Оголошення додано.");
} else {
$json_data = array("result" => FALSE, "msg" => "Виникла помилка. Спробуйте ще раз");
}
echo json_encode($json_data);
}
protected function handlerForm()
{
$login = strip_tags(DB::esc($_POST['login']));
$password = strip_tags(DB::esc($_POST['password']));
if (!empty($login) && !empty($password)) {
$password = md5($password);
$query = "SELECT id FROM users WHERE login='******' AND password= '******'";
$result = DB::query($query);
$this->getMessageQueryErr($result, __FUNCTION__);
if ($result->num_rows == 1) {
$_SESSION['user'] = TRUE;
header("Location:?option=admin");
} else {
exit("Такого пользователя нет");
}
} else {
exit("Поля не заполнены");
}
}
public function get($options = 'empty')
{
if (is_array($options)) {
$dbresult = DB::query("SELECT id,name FROM roles WHERE name = '" . DB::esc($options['role']) . "'");
if ($dbresult->num_rows == 1) {
$role_result = $dbresult->fetch_array();
$this->role_id = $role_result['id'];
} else {
throw new Exception('unknown chat');
}
$q = "SELECT * FROM (\r\n \t\t\tSELECT t.id, t.text, t.created, users.username, users.avatar\r\n \tFROM chatlines AS t INNER JOIN users ON t.user_id = users.id";
if ($options['first_id'] && is_numeric($options['first_id'])) {
$first_id = DB::esc($options['first_id']);
$limit_paging = DB::esc($options['limit_paging']);
$q .= " WHERE t.id < {$first_id}";
$q .= " AND t.role_id = " . $this->role_id;
$q .= " ORDER BY t.id DESC LIMIT {$limit_paging}) t";
$q .= " ORDER BY id ASC";
} else {
$since = DB::esc($options['since']);
$q .= $since ? " WHERE t.created >= '" . $since . "'" : "";
$q .= " AND t.role_id = " . $this->role_id;
$q .= " ORDER BY t.id DESC LIMIT 20) t";
$q .= " ORDER BY id ASC";
}
$results = DB::query($q);
} else {
throw new Exception('Invalid arguments for getChats');
}
$data[] = array('timestamp' => date('Y-m-d G:i:s'), 'limit' => 'true');
while ($data[] = mysqli_fetch_assoc($results)) {
}
if (!is_null($data) && end($data) == null) {
array_pop($data);
}
if ($limit_paging && count($data) < $limit_paging + 1) {
$data[0]['limit'] = 'false';
}
$data[0]['query'] = $q;
return $data;
}
public function setTicket($tick_no)
{
$q = "UPDATE messages SET ticket_id = " . DB::esc($tick_no) . "\n WHERE id = " . DB::esc($this->id);
$res = DB::query($q);
if (!$res) {
throw new Exception(DB::getMySQLiObject()->error);
}
}
// filtr skupiny
$grouplimit = "";
$grouplimit2 = "1";
if (isset($_GET['group'])) {
$group = intval($_GET['group']);
if ($group != -1) {
$grouplimit = " AND `" . _mysql_prefix . "-groups`.id=" . $group;
$grouplimit2 = "`group`=" . $group;
}
} else {
$group = -1;
}
// aktivace vyhledavani
if (isset($_GET['search']) and $_GET['search'] != "") {
$search = true;
$searchword = DB::esc($_GET['search']);
} else {
$search = false;
}
// filtry - vyber skupiny, vyhledavani
$output .= '
<table class="wintable">
<tr>
<td>
<form class="cform" action="index.php" method="get">
<input type="hidden" name="p" value="users-list" />
<input type="hidden" name="search"' . _restoreGetValue('search', '') . ' />
<strong>' . $_lang['admin.users.list.groupfilter'] . ':</strong> ' . _admin_authorSelect("group", $group, "id!=2", null, $_lang['global.all'], true) . '
</select> <input type="submit" value="' . $_lang['global.apply'] . '" />
</form>
$search_query = '';
$root = 1;
$art = 1;
$post = 1;
$image = 0;
}
/* --- modul --- */
if (_template_autoheadings == 1) {
$module .= "<h1>" . $_lang['mod.search'] . "</h1>";
}
$module .= "\n<p class='bborder'>" . $_lang['mod.search.p'] . "</p>\n\n<form action='index.php' method='get'>\n<input type='hidden' name='m' value='search' />\n" . _xsrfProtect() . "\n<input type='text' name='q' class='inputmedium' value='" . _htmlStr($search_query) . "' /> <input type='submit' value='" . $_lang['mod.search.submit'] . "' /><br />\n" . $_lang['mod.search.where'] . ": \n<label><input type='checkbox' name='root' value='1'" . _checkboxActivate($root) . " /> " . $_lang['mod.search.where.root'] . "</label> \n<label><input type='checkbox' name='art' value='1'" . _checkboxActivate($art) . " /> " . $_lang['mod.search.where.articles'] . "</label> \n<label><input type='checkbox' name='post' value='1'" . _checkboxActivate($post) . " /> " . $_lang['mod.search.where.posts'] . "</label> \n<label><input type='checkbox' name='img' value='1'" . _checkboxActivate($image) . " /> " . $_lang['mod.search.where.images'] . "</label>\n</form>\n\n";
/* --- vyhledavani --- */
if ($search_query != '' && _xsrfCheck(true)) {
if (mb_strlen($search_query) >= 3) {
// priprava
$search_query_sql = DB::esc('%' . $search_query . '%');
$results = array();
// polozka: array(link, titulek, perex)
$public = !_loginindicator;
// funkce na skladani vyhledavaciho dotazu
function _tmpSearchQuery($alias, $cols)
{
$output = '(';
for ($i = 0, $last = sizeof($cols) - 1; isset($cols[$i]); ++$i) {
$output .= $alias . '.' . $cols[$i] . ' LIKE \'' . $GLOBALS['search_query_sql'] . '\'';
if ($i !== $last) {
$output .= ' OR ';
}
}
$output .= ')';
return $output;
public function save()
{
DB::query("\n\t\t\tINSERT INTO webchat_lines (author, gravatar, text, room, room_do, tss, czyt)\n\t\t\tVALUES (\n\t\t\t\t'" . DB::esc($this->author) . "',\n\t\t\t\t'" . DB::esc($this->gravatar) . "',\n\t\t\t\t'" . DB::esc($this->text) . "',\n\t\t\t\t'" . $this->room . "',\n\t\t\t\t'" . $this->room_od . "',\n\t\t\t\t'" . time() . "',\n\t\t\t\t'" . $this->czyt . "'\n\t\t)");
// Returns the MySQLi object of the DB class
return DB::getMySQLiObject();
}
} else {
$module .= _formMessage(2, str_replace(array("*1*", "*2*"), array(_maxloginattempts, _maxloginexpire / 60), $_lang['login.attemptlimit']));
}
break;
default:
$module .= "<p class='bborder'>" . $_lang['mod.lostpass.p'] . "</p>";
// kontrola promennych, odeslani emailu
$sent = false;
if (isset($_POST['username'])) {
if (_iplogCheck(7)) {
// nacteni promennych
$username = _anchorStr($_POST['username'], false);
$email = DB::esc($_POST['email']);
// kontrola promennych
if (_captchaCheck()) {
$userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'");
if (DB::size($userdata) != 0) {
// odeslani emailu
$userdata = DB::row($userdata);
$link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']);
$text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*");
$text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip);
if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) {
$module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']);
_iplogUpdate(7);
$sent = true;
} else {
$module .= _formMessage(3, $_lang['hcm.mailform.msg.failure2']);
}
} else {
$module .= _formMessage(2, $_lang['mod.lostpass.notfound']);
public static function getUsers()
{
if ($_SESSION['user']['name']) {
$user = new ChatUser(array('name' => $_SESSION['user']['name']));
$user->update();
}
// Deleting chats older than 5 minutes and users inactive for 30 seconds
//DB::query("DELETE FROM webchat_lines WHERE ts < SUBTIME(NOW(),'0:25:0')");
DB::query("DELETE FROM webchat_users WHERE last_activity < SUBTIME(NOW(),'0:15:30')");
$result = DB::query('SELECT * FROM webchat_users WHERE gravatar<>"' . $_SESSION['user_id'] . '" ORDER BY name ASC LIMIT 18');
$users = array();
$us = array();
while ($user = $result->fetch_object()) {
$user->gravatar = $user->gravatar;
$ilejest = 0;
if ($_COOKIE['chat_0'] != "off") {
$ilejest = DB::query('SELECT COUNT(*) as asd FROM webchat_lines WHERE tss>"' . DB::esc($_COOKIE['chat_' . $user->gravatar . '']) . '" and room_do="' . $user->gravatar . '" and room="' . $_SESSION['user_id'] . '" and czyt="0"')->fetch_object()->asd;
if ($ilejest >= 1) {
$user->ile_a = '<span class="ilejest" id="user_ile_' . $user->gravatar . '">(' . $ilejest . ')</span>';
} else {
$user->ile_a = '';
}
}
$us[] = $user->gravatar;
$users[] = $user;
}
$ile_u = DB::query('SELECT COUNT(*) as cnt FROM webchat_users')->fetch_object()->cnt;
if ($ile_u >= 1) {
$ile_u = $ile_u - 1;
}
$result = DB::query('SELECT * FROM webchat_lines WHERE czyt=0 and room="' . $_SESSION['user_id'] . '" GROUP by author');
while ($use = $result->fetch_object()) {
if (!in_array($use->room_do, $us)) {
$user->gravatar = $use->room_do;
$user->name = $use->author;
$ilejest = 0;
if ($_COOKIE['chat_0'] != "off") {
$ilejest = DB::query('SELECT COUNT(*) as asd FROM webchat_lines WHERE room_do="' . $user->gravatar . '" and room="' . $_SESSION['user_id'] . '" and czyt="0"')->fetch_object()->asd;
if ($ilejest >= 1) {
$user->ile_a = '<span class="ilejest" id="user_ile_' . $user->gravatar . '">(' . $ilejest . ')</span>';
} else {
$user->ile_a = '';
}
}
$users[] = $user;
}
}
return array('users' => $users, 'ile_a' => $ile_a, 'total' => $ile_u);
}
}
/* --- priprava --- */
if (isset($_GET['c'])) {
$c = _get('c');
$returntolist = true;
} else {
$c = '1';
$returntolist = false;
}
/* --- ulozeni --- */
if (isset($_POST['title'])) {
// nacteni promennych
$title = DB::esc(_htmlStr($_POST['title']));
$column = _post('column');
$ord = floatval($_POST['ord']);
$content = DB::esc(_filtrateHCM($_POST['content']));
$visible = _checkboxLoad('visible');
$public = _checkboxLoad('public');
$class = trim($_POST['class']);
if ($class === '') {
$class = null;
} else {
$class = DB::esc(_htmlStr($class));
}
// vlozeni
DB::query("INSERT INTO `" . _mysql_prefix . "-boxes` (ord,title,content,visible,public,`column`,class) VALUES (" . $ord . ",'" . $title . "','" . $content . "'," . $visible . "," . $public . ",'" . DB::esc($column) . "'," . (isset($class) ? '\'' . $class . '\'' : 'NULL') . ")");
define('_redirect_to', 'index.php?p=content-boxes-edit&c=' . urlencode($column) . '&created');
return;
}
/* --- vystup --- */
$output .= "\n<a href='index.php?p=" . ($returntolist ? "content-boxes-edit&c=" . urlencode($c) : "content-boxes") . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.boxes.new.title'] . "</h1>\n<p class='bborder'></p>\n\n<form class='cform' action='index.php?p=content-boxes-new&c=" . urlencode($c) . "' method='post'>\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' class='inputmedium' maxlength='96' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.boxes.column'] . "</strong></td>\n<td><input type='text' maxlength='64' name='column' value='" . _htmlStr($c) . "' class='inputmedium' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n<td><input type='text' name='ord' value='1' class='inputmedium' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.class'] . "</strong></td>\n<td><input type='text' name='class' class='inputmedium' maxlength='24' /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.content'] . "</strong></td>\n<td><textarea name='content' class='areasmall_100pwidth codemirror' rows='9' cols='33'></textarea></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n<td>\n<label><input type='checkbox' name='visible' value='1' checked='checked' /> " . $_lang['admin.content.form.visible'] . "</label> \n<label><input type='checkbox' name='public' value='1' checked='checked' /> " . $_lang['admin.content.form.public'] . "</label>\n</td>\n</tr>\n\n<tr>\n<td></td>\n<td><input type='submit' value='" . $_lang['global.create'] . "' /></td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n\n";
public function handle()
{
$q = "UPDATE sms SET handled_at = NOW(), handled_by = " . DB::esc($this->handled_by) . " WHERE id = " . DB::esc($this->id);
$res = DB::query($q);
if (!$res) {
throw new Exception(DB::getMySQLiObject()->error);
}
}
$lastid = $id;
}
$quotes = "'";
$skip = false;
switch ($var) {
case "title":
$val = DB::esc(_htmlStr($val));
break;
case "full":
$val = 'IF(in_storage,full,\'' . DB::esc(_htmlStr($val)) . '\')';
$quotes = '';
break;
case "prevtrigger":
$var = "prev";
if (!_checkboxLoad('i' . $id . '_autoprev')) {
$val = DB::esc(_htmlStr($_POST['i' . $id . '_prev']));
} else {
$val = "";
}
break;
case "ord":
$val = intval($val);
$quotes = '';
break;
default:
$skip = true;
break;
}
// ukladani a cachovani
if (!$skip) {
// ulozeni
public function save()
{
DB::query("\r\n\t\t\tINSERT INTO webchat_lines (author, gravatar, text)\r\n\t\t\tVALUES (\r\n\t\t\t\t'" . DB::esc($this->author) . "',\r\n\t\t\t\t'" . DB::esc($this->gravatar) . "',\r\n\t\t\t\t'" . DB::esc($this->text) . "'\r\n\t\t)");
// Returns the MySQLi object of the DB class
return DB::getMySQLiObject();
}
/**
* make a WHERE clause with the current filter and search
*
* @param array $replace (optional) replace wildcards in SQL
* @param array $columns (optional) string database columns to search in
* @param array $columns_integer (optional) integer database columns to search in
* @return string
*/
public function where(array $replace=array(), array $columns=array(), array $columns_integer=array()) {
$where = array();
// filter
foreach ( $this->filter as $key => $filtersql ) {
if (!$filtersql) continue;
// check for manipulations
if (!isset($this->filters[$key][$filtersql])) continue;
$where[] = strtr($filtersql, $replace);
}
// search
if ( $this->search ) {
$where_search = array();
foreach ( $columns as $column ) {
$where_search[] = $column." ILIKE ".DB::esc("%".$this->search."%");
}
// search in integer values only when searching for a non-zero integer
if (intval($this->search)) {
foreach ( $columns_integer as $column ) {
$where_search[] = $column."=".intval($this->search);
}
}
if ($where_search) {
if (count($where_search)==1) $where[] = $where_search[0]; else $where[] = "(".join(" OR ", $where_search).")";
}
}
if ($where) {
if (count($where)==1) return $where[0]; else return "(".join(" AND ", $where).")";
}
return "";
}
$continue = true;
}
} else {
$id = -1;
$query = array('author' => _loginid, 'question' => "", 'answers' => "", 'locked' => 0);
$new = true;
$actionbonus = "";
$submitcaption = $_lang['global.create'];
$continue = true;
}
/* --- ulozeni / vytvoreni --- */
if (isset($_POST['question'])) {
// nacteni promennych
$question = _htmlStr(trim($_POST['question']));
$query['question'] = $question;
$question = DB::esc($question);
// odpovedi
$answers = @explode("\n", $_POST['answers']);
$answers_new = array();
foreach ($answers as $answer) {
$answers_new[] = _htmlStr(trim($answer));
}
$answers = _arrayRemoveValue($answers_new, "");
$answers_count = count($answers);
$answers = @implode("\n", $answers);
$query['answers'] = $answers;
if (_loginright_adminpollall) {
$author = intval($_POST['author']);
} else {
$author = _loginid;
}
/* --- prihlaseni --- */
_checkKeys('_POST', array('form_url'));
if (!isset($_POST['username'])) {
$_POST['username'] = '';
}
if (!isset($_POST['password'])) {
$_POST['password'] = '';
}
$result = 0;
$username = "";
$ipbound = isset($_POST['ipbound']);
if (!_loginindicator) {
if (_xsrfCheck()) {
if (_iplogCheck(1)) {
// nacteni promennych
$username = DB::esc($_POST['username']);
$email = strpos($_POST['username'], '@') !== false;
$password = $_POST['password'];
$persistent = _checkboxLoad('persistent');
// nalezeni uzivatele
$query = DB::query("SELECT * FROM `" . _mysql_prefix . "-users` WHERE `" . ($email ? 'email' : 'username') . "`='" . $username . "'" . (!$email && $username !== '' ? ' OR publicname=\'' . $username . '\'' : ''));
if (DB::size($query) != 0) {
$query = DB::row($query);
if (empty($username)) {
$username = $query['username'];
}
$groupblock = DB::query_row("SELECT blocked FROM `" . _mysql_prefix . "-groups` WHERE id=" . $query['group']);
if ($query['blocked'] == 0 and $groupblock['blocked'] == 0) {
if (_md5Salt($password, $query['salt']) == $query['password']) {
// navyseni poctu prihlaseni
DB::query("UPDATE `" . _mysql_prefix . "-users` SET logincounter=logincounter+1 WHERE id=" . $query['id']);
/* --- priprava, kontrola pristupovych prav --- */
$message = "";
if (!(_loginright_adminsection or _loginright_admincategory or _loginright_adminbook or _loginright_adminseparator or _loginright_admingallery or _loginright_adminintersection or _loginright_adminpluginpage)) {
$continue = false;
$output .= _formMessage(3, $_lang['global.accessdenied']);
} else {
$continue = true;
}
/* --- akce --- */
if ($continue && isset($_POST['do'])) {
foreach ($_POST as $id => $title) {
if ($id == "do") {
continue;
}
$id = intval($id);
$title = DB::esc(_htmlStr(trim($title)));
if ($title == "") {
$title = $_lang['global.novalue'];
}
DB::query("UPDATE `" . _mysql_prefix . "-root` SET title='" . $title . "' WHERE id=" . $id);
}
$message = _formMessage(1, $_lang['global.saved']);
}
/* --- vystup --- */
if ($continue) {
$output .= "<p class='bborder'>" . $_lang['admin.content.titles.p'] . "</p>" . $message . "\n\n<form action='index.php?p=content-titles' method='post'>\n<input type='hidden' name='do' value='1' />\n\n<table>\n<tr><td><strong>" . $_lang['global.item'] . "</strong></td><td class='lpad'><strong>" . $_lang['global.type'] . "</strong></td></tr>\n";
// funkce
function _admin_titleListItem($item, $ipad = false)
{
global $_lang;
$type_array = _admin_getTypeArray();
$rights .= "</table></fieldset><fieldset><legend>" . mb_substr($item, 1) . "</legend><table>";
}
}
/* --- ulozeni --- */
if (isset($_POST['title'])) {
$newdata = array();
// zakladni atributy
$newdata['title'] = DB::esc(_htmlStr(trim($_POST['title'])));
if ($newdata['title'] == "") {
$newdata['title'] = DB::esc($_lang['global.novalue']);
}
$newdata['descr'] = DB::esc(_htmlStr(trim($_POST['descr'])));
if ($id != 2) {
$newdata['icon'] = DB::esc(_htmlStr(trim($_POST['icon'])));
}
$newdata['color'] = DB::esc(preg_replace('/([^0-9a-zA-Z#])/s', '', trim($_POST['color'])));
if ($id > 2) {
$newdata['blocked'] = _checkboxLoad("blocked");
}
if ($id != 2) {
$newdata['reglist'] = _checkboxLoad("reglist");
}
// uroven, blokovani
if ($id > 2) {
$newdata['level'] = intval($_POST['level']);
if ($newdata['level'] > _loginright_level) {
$newdata['level'] = _loginright_level - 1;
}
if ($newdata['level'] >= 10000) {
$newdata['level'] = 9999;
}
public function update()
{
DB::query("\r\n INSERT INTO webchat_users (name, gravatar)\r\n VALUES (\r\n '" . DB::esc($this->name) . "',\r\n '" . DB::esc($this->gravatar) . "'\r\n ) ON DUPLICATE KEY UPDATE last_activity = NOW()");
}
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- akce --- */
$message = "";
if (isset($_POST['user'])) {
$user = DB::esc(_anchorStr(trim($_POST['user'])));
$query = DB::query("SELECT id,password FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
_userLogout(false);
$_SESSION[_sessionprefix . "user"] = $query['id'];
$_SESSION[_sessionprefix . "password"] = $query['password'];
$_SESSION[_sessionprefix . "ip"] = _userip;
$_SESSION[_sessionprefix . "ipbound"] = true;
define('_redirect_to', _indexroot . 'index.php?m=login');
return;
} else {
$message = _formMessage(2, $_lang['global.baduser']);
}
}
/* --- vystup --- */
$output .= "\n<p class='bborder'>" . $_lang['admin.other.transm.p'] . "</p>\n" . $message . "\n<form action='index.php?p=other-transm' method='post'>\n<strong>" . $_lang['global.user'] . ":</strong> <input type='text' name='user' class='inputsmall' /> <input type='submit' value='" . $_lang['global.login'] . "' />\n" . _xsrfProtect() . "</form>\n";
/**
* save not yet confirmed mail address and send confirmation request
*
* @param string $mail
*/
public function set_mail($mail) {
if ( strtotime($this->mail_lock_expiry) > time() ) {
warning(_("We have sent an email with a confirmation code already in the last hour. Please try again later!"));
redirect();
}
$this->mail_unconfirmed = $mail;
DB::transaction_start();
do {
$this->mail_code = Login::generate_token(16);
$sql = "SELECT id FROM member WHERE mail_code=".DB::esc($this->mail_code);
} while ( DB::numrows($sql) );
// The member has 7 days to confirm the email address.
$this->update(['mail_unconfirmed', 'mail_code'], "mail_code_expiry = now() + interval '7 days'");
DB::transaction_commit();
$subject = _("Email confirmation request");
$body = _("Please confirm your email address by clicking the following link:")."\n"
.BASE_URL."confirm_mail.php?code=".$this->mail_code."\n\n"
._("If this link does not work, please open the following URL in your web browser:")."\n"
.BASE_URL."confirm_mail.php\n"
._("On that page enter the code:")."\n"
.$this->mail_code;
if ( send_mail($mail, $subject, $body) ) {
$this->update(array(), "mail_lock_expiry = now() + interval '1 hour'");
success(_("Your email address has been saved. An email with a confirmation code has been sent."));
} else {
warning(sprintf(_("Your email address has been saved, but the email with the confirmation code could not be sent. Try again later or contact %s.")), MAIL_SUPPORT);
}
// notification to old mail address
if ($this->mail) {
$subject = _("Change of your email address");
$body = _("Someone, probably you, changed your email address to:")."\n"
.$this->mail_unconfirmed."\n\n"
._("If this was not you, somebody else got access to your account. In this case please log in as soon as possible and change your password:"******"\n"
.BASE_URL."settings.php\n"
.sprintf(_("Then try to set the email address back to your one and contact %s!"), MAIL_SUPPORT);
send_mail($this->mail, $subject, $body);
}
}
*
* @author Magnus Rosenbaum <*****@*****.**>
* @package Basisentscheid
*/
require "inc/common_http.php";
Login::logout();
if (!empty($_REQUEST['code'])) {
$code = $_REQUEST['code'];
$sql = "SELECT * FROM member WHERE password_reset_code=".DB::esc($code)." AND password_reset_code_expiry > now()";
$result = DB::query($sql);
$member = DB::fetch_object($result, "Member");
if (!$member) {
warning(_("The code is invalid!"));
}
} else {
$code = "";
$member = false;
}
$password = "";
