function _HCM_linkuser($jmeno = "") { $name = DB::esc(_anchorStr($jmeno, false)); $query = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE username='******'"); if (DB::size($query) != 0) { $query = DB::row($query); return _linkUser($query['id']); } }
if (!$done and count($errors) == 0) { $module .= _formOutput("lostpassform", "index.php?m=lostpass&link&user="******"&hash=" . _htmlStr($hash), array(), array(), $_lang['mod.lostpass.generate'], "<input type='hidden' name='action' value='1' />"); } } } else { $module .= _formMessage(2, str_replace(array("*1*", "*2*"), array(_maxloginattempts, _maxloginexpire / 60), $_lang['login.attemptlimit'])); } break; default: $module .= "<p class='bborder'>" . $_lang['mod.lostpass.p'] . "</p>"; // kontrola promennych, odeslani emailu $sent = false; if (isset($_POST['username'])) { if (_iplogCheck(7)) { // nacteni promennych $username = _anchorStr($_POST['username'], false); $email = DB::esc($_POST['email']); // kontrola promennych if (_captchaCheck()) { $userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'"); if (DB::size($userdata) != 0) { // odeslani emailu $userdata = DB::row($userdata); $link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']); $text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*"); $text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip); if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) { $module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']); _iplogUpdate(7); $sent = true; } else {
<?php /* --- kontrola jadra --- */ if (!defined('_core')) { exit; } /* --- akce --- */ $message = ""; if (isset($_POST['user'])) { $user = DB::esc(_anchorStr(trim($_POST['user']))); $query = DB::query("SELECT id,password FROM `" . _mysql_prefix . "-users` WHERE username='******'"); if (DB::size($query) != 0) { $query = DB::row($query); _userLogout(false); $_SESSION[_sessionprefix . "user"] = $query['id']; $_SESSION[_sessionprefix . "password"] = $query['password']; $_SESSION[_sessionprefix . "ip"] = _userip; $_SESSION[_sessionprefix . "ipbound"] = true; define('_redirect_to', _indexroot . 'index.php?m=login'); return; } else { $message = _formMessage(2, $_lang['global.baduser']); } } /* --- vystup --- */ $output .= "\n<p class='bborder'>" . $_lang['admin.other.transm.p'] . "</p>\n" . $message . "\n<form action='index.php?p=other-transm' method='post'>\n<strong>" . $_lang['global.user'] . ":</strong> <input type='text' name='user' class='inputsmall' /> <input type='submit' value='" . $_lang['global.login'] . "' />\n" . _xsrfProtect() . "</form>\n";
// text a menu $output .= "<p class='bborder'>" . $_lang['admin.content.redir.p'] . "</p>\n<p>\n <a href='index.php?p=content-redir&new'><img src='images/icons/new.png' alt='new' class='icon' /> " . $_lang['admin.content.redir.act.new'] . "</a> \n <a href='index.php?p=content-redir&wipe'><img src='images/icons/delete.png' alt='wipe' class='icon' /> " . $_lang['admin.content.redir.act.wipe'] . "</a>\n</p>\n"; // akce - uprava / vytvoreni if (isset($_GET['new']) || isset($_GET['edit'])) { do { // priprava $new = isset($_GET['new']); if (!$new) { $edit_id = intval($_GET['edit']); } // zpracovani if (isset($_POST['old'])) { // nacteni dat $q = array(); $q['old'] = _anchorStr(trim($_POST['old']), true, array('/' => 0)); $q['new'] = _anchorStr(trim($_POST['new']), true, array('/' => 0)); $q['active'] = _checkboxLoad('act'); // kontrola if ($q['old'] === '' || $q['new'] === '') { $message = _formMessage(2, $_lang['admin.content.redir.emptyidt']); } elseif ($new) { // vytvoreni DB::query('INSERT INTO `' . _mysql_prefix . '-redir` (old,new,active) VALUES (\'' . DB::esc($q['old']) . '\',\'' . DB::esc($q['new']) . '\',' . $q['active'] . ')'); $new = false; $message = _formMessage(1, $_lang['global.created']); break; } else { // ulozeni DB::query('UPDATE `' . _mysql_prefix . '-redir` SET old=\'' . DB::esc($q['old']) . '\',new=\'' . DB::esc($q['new']) . '\',active=' . $q['active'] . ' WHERE id=' . $edit_id); $message = _formMessage(1, $_lang['global.saved']); }
$readed_counter = 0; $query = array("id" => -1, "title" => "", "title_seo" => "", "keywords" => "", "description" => "", "perex" => "", "picture_uid" => null, "content" => "", "infobox" => "", "author" => _loginid, "home1" => -2, "home2" => -1, "home3" => -1, "time" => time(), "visible" => 1, "public" => 1, "comments" => 1, "commentslocked" => 0, "showinfo" => 1, "confirmed" => 0, "rateon" => 1, "readed" => 0); _extend('call', 'admin.article.default', array('data' => &$query)); if (isset($_GET['new_cat'])) { $query['home1'] = (int) $_GET['new_cat']; } $continue = true; } /* --- ulozeni --- */ if (isset($_POST['title'])) { // nacteni promennych $newdata['title'] = DB::esc(_htmlStr($_POST['title'])); if ($_POST['title_seo'] === '') { $_POST['title_seo'] = $_POST['title']; } $newdata['title_seo'] = _anchorStr($_POST['title_seo'], true); $newdata['keywords'] = DB::esc(_htmlStr(trim($_POST['keywords']))); $newdata['description'] = DB::esc(_htmlStr(trim($_POST['description']))); $newdata['home1'] = intval($_POST['home1']); $newdata['home2'] = intval($_POST['home2']); $newdata['home3'] = intval($_POST['home3']); if (_loginright_adminchangeartauthor) { $newdata['author'] = intval($_POST['author']); } else { $newdata['author'] = $query['author']; } $newdata['perex'] = DB::esc($_POST['perex']); $newdata['content'] = DB::esc(_filtrateHCM($_POST['content'])); $newdata['infobox'] = DB::esc(_filtrateHCM(trim($_POST['infobox']))); $newdata['public'] = _checkboxLoad('public'); $newdata['visible'] = _checkboxLoad('visible');
$output .= "\n<form method='post' action='remote/backup.php' target='_blank' onsubmit=\"setTimeout(function(){window.location = 'index.php?p=other-backup';}, 1000);\">\n<input type='hidden' name='type' value='" . $type . "' />\n\n<p class='bborder'>" . $_lang['admin.other.backup.backup.' . $type_name . '.info'] . "</p>\n\n<table class='formtable'>\n\n<tr>\n <td><strong>" . $_lang['admin.other.backup.backup.type'] . "</strong></td>\n <td>" . $_lang['admin.other.backup.backup.' . $type_name] . " <small class='note'>(" . $_lang['admin.other.backup.backup.' . $type_name . '.hint'] . ")</small></td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['admin.other.backup.backup.fname'] . "</strong></td>\n <td><input type='text' name='fname' class='inputmedium' value='{$fname}' /><em>.{$type_ext}</em></td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['global.note'] . "</strong></td>\n <td><input type='text' name='note' class='inputmedium' maxlength='48' /></td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['admin.other.backup.backup.compress'] . "</strong></td>\n <td><select class='inputmedium' name='compress'>\n <option value='0'>" . $_lang['admin.other.backup.backup.compress.0'] . "</option>\n <option value='1'" . ($can_compress && $should_compress ? " selected='selected'" : '') . _inputDisable($can_compress) . ">" . $_lang['admin.other.backup.backup.compress.1'] . (!$should_compress ? ' (' . $_lang['global.notrecommended'] . ')' : '') . "</option>\n <option value='2'" . _inputDisable($can_compress) . ">" . $_lang['admin.other.backup.backup.compress.2'] . (!$should_compress ? ' (' . $_lang['global.notrecommended'] . ')' : '') . "</option>\n </select></td>\n</tr>\n\n<tr class='valign-top'>\n <td><strong>" . $_lang['admin.other.backup.backup.items'] . "</strong></td>\n <td>\n <label><input type='checkbox' name='item_database' disabled='disabled' checked='checked' /> " . $_lang['admin.other.backup.backup.items.db'] . ' - ' . $sizes['db'] . "</label><br />\n " . $dir_items . "\n </td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['admin.other.backup.backup.sizesum'] . "</strong></td>\n <td><code class='text-" . $sizes_sum_class . "'>" . $sizes['sum'] . '</code>' . ($can_compress ? ' <small class="note">(' . $_lang['admin.other.backup.backup.sizesum.note'] . ')</small>' : '') . "</td>\n</tr>\n\n<tr>\n <td></td>\n <td>\n <br />\n <input type='submit' name='target_down' value='" . $_lang['admin.other.backup.backup.submit.down'] . "' />\n " . ($type !== _backup_full ? "<input type='submit' name='target_store' value='" . $_lang['admin.other.backup.backup.submit.store'] . "' />" : '') . "\n <a href='index.php?p=other-backup'><img src='images/icons/delete2.png' alt='cancel' class='icon' />" . $_lang['global.cancel'] . "</a>\n </td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n"; } elseif (isset($_POST['do_restore']) && _loginright_adminrestore) { /* ----- obnova zalohy ----- */ $msg = ''; // akce if (isset($_POST['action'])) { switch ($_POST['action']) { // upload case 1: // kontrola nahrani if (!isset($_FILES['backup']) || !is_uploaded_file($_FILES['backup']['tmp_name'])) { $msg = _formMessage(2, $_lang['global.noupload']); break; } // nazev souboru $fname = _anchorStr($_FILES['backup']['name']); if (($dot = strrpos($fname, '.')) !== false) { $fname = substr($fname, 0, $dot) . '_' . uniqid('', false) . substr($fname, $dot); } else { $fname .= '_' . uniqid('', false); } $move_to = _indexroot . 'data/backup/' . $fname; // kontrola souboru if (($check = _backupCheckFile($_FILES['backup']['tmp_name'], array(_backup_db, _backup_partial))) !== true) { $msg = _formMessage(3, $check); break; } // presun souboru if (!@move_uploaded_file($_FILES['backup']['tmp_name'], $move_to)) { $msg = _formMessage(1, $_lang['admin.other.backup.restore.upload.err.move']); break;
<?php /* --- kontrola jadra --- */ if (!defined('_core')) { exit; } /* --- priprava --- */ $list = false; $message = ""; $id = null; if (isset($_GET['id'])) { $id = DB::esc(_anchorStr($_GET['id'], false)); $query = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE username='******'"); if (DB::size($query) != 0) { $query = DB::row($query); $list = true; } else { $message = _formMessage(2, $_lang['global.baduser']); $found = false; } } /* --- modul --- */ // titulek if (_template_autoheadings == 1) { $module .= "<h1>" . $_lang['mod.profile.posts'] . "</h1><br />"; } // vyhledavaci pole // odkaz zpet na profil if ($list) { $module .= "\n<a href='index.php?m=profile&id=" . $id . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n"; }
$newpassword = _md5Salt($newpassword); } else { $errors[] = $_lang['mod.settings.error.badnewpass']; } } else { $errors[] = $_lang['mod.settings.error.newpassnosame']; } } else { $errors[] = $_lang['mod.settings.error.badcurrentpass']; } } // note $note = DB::esc(_htmlStr(_wsTrim(mb_substr($_POST['note'], 0, 1024)))); // language if (_language_allowcustom) { $language = DB::esc(_anchorStr($_POST['language'], false)); if (!@file_exists(_indexroot . "plugins/languages/" . $language . ".php")) { $language = ""; } } // extend $extra = array(); _extend('call', 'mod.settings.submit', array('query' => &$extra, 'current_query' => $query, 'errors' => &$errors)); /* -- ulozeni nebo seznam chyb -- */ if (count($errors) == 0) { // extra polozky if (_loginright_administration) { $extra['wysiwyg'] = $wysiwyg; } if (_language_allowcustom) { $extra['language'] = $language;
<?php /* ---- inicializace jadra ---- */ require '../require/load.php'; define('_administration', '1'); SL::init('../'); /* ---- vystup ---- */ // priprava $xsrf_protect = true; $admintitle = $_lang['admin.title']; if (isset($_GET['p'])) { $getp = _anchorStr($_GET['p']); } else { $getp = "index"; } $output = ''; $admin_base_css_path = 'remote/style.css.php'; $admin_extra_css = array(); $admin_extra_js = array(); /* --- hlavicka --- */ /* -- vlozeni funkci administrace -- */ require _indexroot . "admin/functions.php"; // priprava uzivatelskeho menu $usermenu = '<span id="usermenu">'; if (_loginindicator and _loginright_administration) { $avatar = _getAvatar(_loginid, true, true); if (isset($avatar)) { $usermenu .= '<a id="header-avatar" href="' . _indexroot . 'index.php?m=profile&id=' . _loginname . '"><img src="' . $avatar . '" alt="' . _loginname . '" /></a>'; } $usermenu .= _loginpublicname . ' ['; if (_messages) {
SL::init('../'); /* -- nacteni promennych -- */ // kontrola zvoleni _checkKeys('_POST', array('_posttarget', '_posttype', 'text')); _checkKeys('_GET', array('_return')); // jmeno hosta nebo ID uzivatele if (_loginindicator) { $guest = ""; $author = _loginid; } else { if (isset($_POST['guest'])) { $guest = $_POST['guest']; if (mb_strlen($guest) > 24) { $guest = mb_substr($guest, 0, 24); } $guest = _anchorStr($guest, false); } else { $guest = ""; } $author = -1; } // typ, domov, text $posttarget = intval($_POST['_posttarget']); $posttype = intval($_POST['_posttype']); $text = DB::esc(_htmlStr(_wsTrim(_cutStr($_POST['text'], $posttype != 4 ? 16384 : 255, false)))); // domovsky prispevek if ($posttype != 4) { _checkKeys('_POST', array('_xhome')); $xhome = intval($_POST['_xhome']); } else { $xhome = -1;
} /* --- registrace --- */ $phase = 0; $message = ""; if (isset($_POST['username'])) { $errors = array(); // kontrola iplogu if (!_iplogCheck(5)) { $errors[] = str_replace("*postsendexpire*", _postsendexpire, $_lang['misc.requestlimit']); } // nacteni a kontrola promennych $username = $_POST['username']; if (mb_strlen($username) > 24) { $username = mb_substr($username, 0, 24); } $username = DB::esc(_anchorStr($username, false)); if ($username == "") { $errors[] = $_lang['admin.users.edit.badusername']; } elseif (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-users` WHERE username='******' OR publicname='" . $username . "'"), 0) != 0) { $errors[] = $_lang['admin.users.edit.userexists']; } $password = $_POST['password']; $password2 = $_POST['password2']; if ($password != $password2) { $errors[] = $_lang['mod.reg.nosame']; } if ($password != "") { $password = _md5Salt($password); } else { $errors[] = $_lang['mod.reg.passwordneeded']; }
function _tmp_installer_install() { global $_lang, $self, $is_clean; // krok static $steps = 3; if (isset($_POST['step'])) { $step = intval($_POST['step']); if ($step < 1 || $step > $steps) { $step = 1; } } else { $step = 1; } $fname = basename(__FILE__); if (!empty($_POST)) { echo '<a href="./' . $fname . '" id="cancelink">' . $_lang['global.cancel'] . '</a>'; } ?> <h2><?php echo str_replace(array('*step*', '*steps*', '*name*'), array($step, $steps, $_lang['step.' . $step]), $_lang['install']); ?> </h2> <form action="./<?php echo $fname; ?> " method="post" name="instform" autocomplete="off"> <?php switch ($step) { // kontrola case 1: if (isset($_POST['check'])) { // nacteni a kontrola existence souboru $a_files = $self->listFilesOnPath('/files/'); $conflicts = array(); $counter = 0; $err_limit = 10; for ($i = 0; isset($a_files[$i]); ++$i) { $path = './' . substr($a_files[$i], 7); if (file_exists($path)) { ++$counter; if ($counter <= $err_limit) { $conflicts[] = str_replace('*path*', $path, $_lang['step.1.err.file']); } } } if ($counter > $err_limit) { $conflicts[] = str_replace('*n*', $counter - $err_limit, $_lang['step.1.err.file.etc']); } // zprava nebo pokracovani if (empty($conflicts)) { // vse je ok $step = 2; echo '<p class="green center">' . $_lang['step.1.ok'] . '</p>'; echo '<p class="center"><input type="submit" value="' . $_lang['global.continue'] . '"></p>'; break; } else { // jsou chyby echo '<p class="red">' . $_lang['step.1.err'] . ':</p>'; echo "<ul>\n"; for ($i = 0; isset($conflicts[$i]); ++$i) { echo "<li>" . $conflicts[$i] . "</li>\n"; } echo "</ul>"; } } echo '<p class="center"><input type="submit" name="check" value="' . $_lang['step.1.submit'] . '"></p>'; break; // konfigurace & instalace // konfigurace & instalace case 2: case 3: // navrat z kroku 3 if (isset($_POST['return_to_cfg'])) { $step = 2; unset($_POST['return_to_cfg']); } // instalace $install = $step == 3; if (isset($_POST['sys_url'])) { // zpracovat url $_POST['sys_url'] = _removeSlashesFromEnd($_POST['sys_url']); // kontroly $err = null; do { // prefix $prefix = trim($_POST['db_prefix']); if ($prefix === '') { $err = str_replace('*input*', $_lang['step.2.db.prefix'], $_lang['step.2.err.empty']); break; } // ucet administratora $_POST['admin_name'] = _anchorStr(trim($_POST['admin_name']), false); $_POST['admin_email'] = trim($_POST['admin_email']); // pouze pro cistou instalaci if ($is_clean) { // vynutit ucet administratora if ($_POST['admin_name'] === '') { $err = str_replace('*input*', $_lang['step.2.admin.name'], $_lang['step.2.err.empty']); break; } if ($_POST['admin_pwd'] === '') { $err = str_replace('*input*', $_lang['step.2.admin.pwd'], $_lang['step.2.err.empty']); break; } if ($_POST['admin_email'] === '' || $_POST['admin_email'] === '@') { $err = str_replace('*input*', $_lang['step.2.admin.email'], $_lang['step.2.err.empty']); break; } // titulek stranek $_POST['sys_title'] = trim($_POST['sys_title']); if ($_POST['sys_title'] === '') { $err = str_replace('*input*', $_lang['step.2.sys.title'], $_lang['step.2.err.empty']); break; } // popis, klicova slova $_POST['sys_descr'] = trim($_POST['sys_descr']); $_POST['sys_kwrds'] = trim($_POST['sys_kwrds']); } // email administratora if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@' && !_validateEmail($_POST['admin_email'])) { $err = $_lang['step.2.err.admin.email']; break; } // heslo administratora if ($_POST['admin_pwd'] !== '' && $_POST['admin_pwd'] !== $_POST['admin_pwd2']) { $err = $_lang['step.2.err.admin.pwd']; break; } // DB port $server = $_POST['db_server']; if (false !== ($serverColonPos = strpos($server, ':'))) { $port = (int) substr($server, $serverColonPos + 1); $server = substr($server, 0, $serverColonPos); } else { $port = ini_get('mysqli.default_port'); } // pripojeni $con = @mysqli_connect($server, $_POST['db_user'], $_POST['db_pwd'], $_POST['db_name'], $port); if (!is_object($con)) { $err = $_lang['step.2.err.con'] . '<br><code>' . _htmlStr(mysqli_connect_error()) . '</code>'; break; } // kodovani a konstanty DB::$con = $con; DB::$con->set_charset('utf8'); DB::query('SET sql_mode=\'\''); define('_mysql_prefix', $prefix); // existence tabulek $prefix = DB::esc($prefix); $q = DB::query('SHOW TABLES LIKE \'' . $prefix . '-%\''); $tables = array(); while ($r = DB::rown($q)) { $tables[] = $r[0]; } if (!empty($tables) && !isset($_POST['db_overwrite'])) { $err = $_lang['step.2.err.tables'] . ':<br><br>• ' . implode("<br>\n• ", $tables); break; } // vse ok if ($install) { if (!isset($_POST['do_install'])) { // potvrzeni echo _getPostdata(false, null, array('step')); echo '<p class="green center">' . $_lang['step.3.text'] . '</p>'; echo '<p class="center"> <input type="submit" name="do_install" value="' . $_lang['step.3.submit'] . '" onclick="if (window.sl_install_process) return false; else {window.sl_install_process = true; this.value=\'' . $_lang['step.3.wait'] . '\'}"> <input type="submit" name="return_to_cfg" value="' . $_lang['step.3.return'] . '"> </p>'; } else { // provedeni $err = null; try { // rozbalit soubory $self->extractFiles('./', '/files/', false, true, array($self->vars['void'])); // vytvorit konfiguracni soubor global $cfg_locale, $cfg_timezone; file_put_contents('./config.php', str_replace(array('/* @@@server@@@ */', '/* @@@user@@@ */', '/* @@@password@@@ */', '/* @@@database@@@ */', '/* @@@prefix@@@ */', '/* @@@locale@@@ */', '/* @@@timezone@@@ */'), array(var_export($_POST['db_server'], true), var_export($_POST['db_user'], true), var_export($_POST['db_pwd'], true), var_export($_POST['db_name'], true), var_export($prefix, true), var_export($cfg_locale, true), var_export($cfg_timezone, true)), $self->getFile('/files/data/installer/config.php.tpl'))); // smazat tabulky z databaze? if (!empty($tables)) { for ($i = 0; isset($tables[$i]); ++$i) { DB::query('DROP TABLE `' . $tables[$i] . '`', true); if (($sql_err = DB::error()) !== '') { throw new _InstallException($_lang['step.3.err.drop'] . '<br><code>' . $sql_err . '</code>'); } } } // deaktivovat kontrolu verze function _checkVersion() { return true; } // vytvorit strukturu databaze $dbdump = new DBDump(); $dbdump->importTables($self->getFile('/database/struct')); // nacist data $data_stream = $self->getFileStream('/database/data'); $dbdump->importData($data_stream); $data_stream->free(); // aktualizovat url DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val($_POST['sys_url']) . ' WHERE `var`=\'url\''); // vypnout mod rewrite pokud neexistuje .htaccess if (!file_exists(_indexroot . '.htaccess')) { DB::query('UPDATE `' . $prefix . '-settings` SET `val`=0 WHERE `var`=\'modrewrite\''); } // upravit ucet administratora $admin_upd = array(); if ($_POST['admin_name'] !== '') { $admin_upd['username'] = $_POST['admin_name']; if (!$is_clean) { $admin_upd['publicname'] = ''; } } if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@') { $admin_upd['email'] = $_POST['admin_email']; } if ($_POST['admin_pwd'] !== '') { $admin_pwd = _md5Salt($_POST['admin_pwd']); $admin_upd['password'] = $admin_pwd[0]; $admin_upd['salt'] = $admin_pwd[1]; } if ($is_clean) { $admin_upd['registertime'] = time(); $admin_upd['activitytime'] = time(); } if (!empty($admin_upd)) { $admin_upd_sql = ''; $counter = 0; foreach ($admin_upd as $col => $val) { if ($counter !== 0) { $admin_upd_sql .= ','; } $admin_upd_sql .= '`' . $col . '`=' . DB::val($val); ++$counter; } DB::query('UPDATE `' . $prefix . '-users` SET ' . $admin_upd_sql . ' WHERE id=0'); } // aktualizovat titulek, klic. slova a popis if ($is_clean) { DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_title'])) . ' WHERE `var`=\'title\''); DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_kwrds'])) . ' WHERE `var`=\'keywords\''); DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_descr'])) . ' WHERE `var`=\'description\''); } // vypnout mod_rewrite DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'0\' WHERE `var`=\'mod_rewrite\''); // vynutit kontrolu instalace DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'1\' WHERE `var`=\'install_check\''); } catch (_InstallException $e) { $err = $e->getMessage(); } catch (Exception $e) { $err = _htmlStr($e->getMessage()); } // uspech ci chyba if (isset($err)) { echo '<p class="red">' . $err . '</p>'; echo '<p class="red">' . $_lang['step.3.err.warning'] . '</p>'; } else { echo '<p class="green center">' . str_replace('*fname*', $fname, $_lang['step.3.fin']) . '</p>'; } } break 2; } else { $step = 3; echo '<p class="green center">' . $_lang['step.2.ok'] . '</p>'; } } while (false); // chyba if (isset($err)) { echo '<p class="red">' . $err . '</p>'; } } ?> <table> <thead><th colspan="2"><?php echo $_lang['step.2.sys']; ?> </th></thead> <tbody> <tr> <th><?php echo $_lang['step.2.sys.url']; ?> </th> <td><input type="text" name="sys_url"<?php echo _restorePostValue('sys_url'); ?> ></td> </tr> <?php if ($is_clean) { ?> <tr> <th><?php echo $_lang['step.2.sys.title']; ?> </th> <td><input type="text" name="sys_title"<?php echo _restorePostValue('sys_title'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.sys.descr']; ?> </th> <td><input type="text" name="sys_descr"<?php echo _restorePostValue('sys_descr'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.sys.kwrds']; ?> </th> <td><input type="text" name="sys_kwrds"<?php echo _restorePostValue('sys_kwrds'); ?> ></td> </tr> <?php } ?> </tbody> </table> <script type="text/javascript"> // predvyplneni adresy if (document.instform.sys_url.value === '') { var loc = new String(document.location); var slash; var slash_last = 0; var limit = 0; while (true) { slash = loc.indexOf('/', slash_last); if (slash === -1) break; slash_last = slash + 1; } loc = loc.substr(0, slash_last); document.instform.sys_url.value = loc; } </script> <table> <thead> <tr><th colspan="2"><?php echo $_lang['step.2.admin']; ?> </th></tr> <?php if (!$is_clean) { ?> <tr><th colspan="2"><small><?php echo $_lang['step.2.admin.notice']; ?> </small></th></tr><?php } ?> </thead> <tbody> <tr> <th><?php echo $_lang['step.2.admin.name']; ?> </th> <td><input type="text" maxlength="24" name="admin_name"<?php echo _restorePostValue('admin_name'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.admin.email']; ?> </th> <td><input type="text" maxlength="100" name="admin_email"<?php echo _restorePostValue('admin_email', $is_clean ? '@' : null); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.admin.pwd']; ?> </th> <td><input type="password" name="admin_pwd"<?php echo _restorePostValue('admin_pwd'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.admin.pwd2']; ?> </th> <td><input type="password" name="admin_pwd2"<?php echo _restorePostValue('admin_pwd2'); ?> ></td> </tr> </tbody> </table> <table> <thead><tr><th colspan="2"><?php echo $_lang['step.2.db']; ?> </th></tr></thead> <tbody> <tr> <th><?php echo $_lang['step.2.db.server']; ?> </th> <td><input type="text" name="db_server"<?php echo _restorePostValue('db_server', 'localhost'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.name']; ?> </th> <td><input type="text" name="db_name"<?php echo _restorePostValue('db_name'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.user']; ?> </th> <td><input type="text" name="db_user"<?php echo _restorePostValue('db_user'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.pwd']; ?> </th> <td><input type="password" name="db_pwd"<?php echo _restorePostValue('db_pwd'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.prefix']; ?> </th> <td><input type="text" maxlength="24" name="db_prefix"<?php echo _restorePostValue('db_prefix', 'sunlight'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.tables']; ?> </th> <td><label><input type="checkbox" name="db_overwrite"<?php echo _checkboxActivate(isset($_POST['db_overwrite'])); ?> value="1" onchange="if (this.checked && !confirm('<?php echo $_lang['step.2.db.tables.overwrite.confirm']; ?> ')) this.checked = false"> <?php echo $_lang['step.2.db.tables.overwrite']; ?> </label></td> </tr> </tbody> </table> <p class="center"><input type="submit" value="<?php echo $_lang[$step != 3 ? 'step.2.submit' : 'global.continue']; ?> "></p> <?php //<p class="warning"><?php echo $_lang['step.2.warning']</p> break; } ?> <input type="hidden" name="step" value="<?php echo $step; ?> "> </form> <?php }
// title // title case "title": $val = trim($val); if ($val == "") { $val = $_lang['global.novalue']; } $title = $val; break; // title_seo // title_seo case "title_seo": if ($val === '') { $val = $title; } $val = _anchorStr($val, true, array('/' => 0)); break; // keywords, description, intersectionperex // keywords, description, intersectionperex case "keywords": case "description": case "intersectionperex": $val = trim($val); break; // level // level case "level": if ($val < 0) { $val = 0; } elseif ($val > _loginright_level) { $val = _loginright_level;
$new_banned[] = implode(".", $item); } $new_banned = trim(implode("\n", array_unique($new_banned))); DB::query("UPDATE `" . _mysql_prefix . "-settings` SET val='" . DB::esc($new_banned) . "' WHERE var='banned'"); $message = _formMessage(1, $_lang['global.saved']); $data = $new_banned; unset($new_banned); } else { $data = DB::query_row('SELECT `val` FROM `' . _mysql_prefix . '-settings` WHERE `var`=\'banned\''); $data = $data['val']; } /* --- vystup --- */ $output .= "\n<p>" . $_lang['admin.other.bans.p'] . "</p>\n" . $message . "\n\n<table class='wintable'>\n<tr class='valign-top'>\n\n<td>\n<form action='index.php?p=other-bans' method='post'>\n<textarea rows='25' cols='94' class='areamedium' name='banned'>" . $data . "</textarea><br /><br />\n<input type='submit' value='" . $_lang['global.save'] . "' />\n" . _xsrfProtect() . "</form>\n</td>\n\n<td>\n<h2>" . $_lang['admin.other.bans.getuserip'] . "</h2><br />\n<form action='index.php' method='get'>\n<input type='hidden' name='p' value='other-bans' />\n" . $_lang['global.user'] . ": <input type='text' name='getip' class='inputsmall'" . _restoreGetValue("getip") . " /> <input type='submit' value='" . $_lang['global.do'] . "' />\n</form>\n"; // zjisteni ip adres uzivatele if (isset($_GET['getip'])) { $user = _anchorStr(trim($_GET['getip']), false); $query = DB::query("SELECT ip,id FROM `" . _mysql_prefix . "-users` WHERE username='******'"); if (DB::size($query) != 0) { $query = DB::row($query); // vyhledani adres $ips = array(); $iquery = DB::query("SELECT DISTINCT ip FROM `" . _mysql_prefix . "-posts` WHERE author=" . $query['id']); while ($iip = DB::row($iquery)) { $ips[] = $iip['ip']; } // pridani naposledy pouzite if (!in_array($query['ip'], $ips)) { $ips[] = $query['ip']; } // vypis $output .= "<br /><h2>" . $_lang['global.result'] . "</h2>\n<ul>\n";
$uploaded = array(); /* ---- akce, vystup ---- */ if ($continue) { /* --- post akce --- */ if (isset($_POST['action'])) { switch ($_POST['action']) { // upload case "upload": $total = 0; $done = 0; foreach ($_FILES as $item) { if (!is_array($item['name'])) { continue; } for ($i = 0; isset($item['name'][$i]); ++$i) { $name = _anchorStr(_admin_cparam($item['name'][$i], false), false); $tmp_name = $item['tmp_name'][$i]; $exists = @file_exists($dir . $name); if (@is_uploaded_file($tmp_name) && _admin_issafefile($name) and (!$exists or isset($_POST['upload_rewrite']) and @unlink($dir . $name))) { if (@move_uploaded_file($tmp_name, $dir . $name)) { ++$done; $uploaded[$name] = true; } } ++$total; } } $tfrom = array("*done*", "*total*"); $tto = array($done, $total); if ($done == $total) { $micon = 1;