function _HCM_linkuser($jmeno = "")
{
$name = DB::esc(_anchorStr($jmeno, false));
$query = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
return _linkUser($query['id']);
}
}
if (!$done and count($errors) == 0) {
$module .= _formOutput("lostpassform", "index.php?m=lostpass&link&user="******"&hash=" . _htmlStr($hash), array(), array(), $_lang['mod.lostpass.generate'], "<input type='hidden' name='action' value='1' />");
}
}
} else {
$module .= _formMessage(2, str_replace(array("*1*", "*2*"), array(_maxloginattempts, _maxloginexpire / 60), $_lang['login.attemptlimit']));
}
break;
default:
$module .= "<p class='bborder'>" . $_lang['mod.lostpass.p'] . "</p>";
// kontrola promennych, odeslani emailu
$sent = false;
if (isset($_POST['username'])) {
if (_iplogCheck(7)) {
// nacteni promennych
$username = _anchorStr($_POST['username'], false);
$email = DB::esc($_POST['email']);
// kontrola promennych
if (_captchaCheck()) {
$userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'");
if (DB::size($userdata) != 0) {
// odeslani emailu
$userdata = DB::row($userdata);
$link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']);
$text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*");
$text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip);
if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) {
$module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']);
_iplogUpdate(7);
$sent = true;
} else {
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- akce --- */
$message = "";
if (isset($_POST['user'])) {
$user = DB::esc(_anchorStr(trim($_POST['user'])));
$query = DB::query("SELECT id,password FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
_userLogout(false);
$_SESSION[_sessionprefix . "user"] = $query['id'];
$_SESSION[_sessionprefix . "password"] = $query['password'];
$_SESSION[_sessionprefix . "ip"] = _userip;
$_SESSION[_sessionprefix . "ipbound"] = true;
define('_redirect_to', _indexroot . 'index.php?m=login');
return;
} else {
$message = _formMessage(2, $_lang['global.baduser']);
}
}
/* --- vystup --- */
$output .= "\n<p class='bborder'>" . $_lang['admin.other.transm.p'] . "</p>\n" . $message . "\n<form action='index.php?p=other-transm' method='post'>\n<strong>" . $_lang['global.user'] . ":</strong> <input type='text' name='user' class='inputsmall' /> <input type='submit' value='" . $_lang['global.login'] . "' />\n" . _xsrfProtect() . "</form>\n";
// text a menu
$output .= "<p class='bborder'>" . $_lang['admin.content.redir.p'] . "</p>\n<p>\n <a href='index.php?p=content-redir&new'><img src='images/icons/new.png' alt='new' class='icon' /> " . $_lang['admin.content.redir.act.new'] . "</a> \n <a href='index.php?p=content-redir&wipe'><img src='images/icons/delete.png' alt='wipe' class='icon' /> " . $_lang['admin.content.redir.act.wipe'] . "</a>\n</p>\n";
// akce - uprava / vytvoreni
if (isset($_GET['new']) || isset($_GET['edit'])) {
do {
// priprava
$new = isset($_GET['new']);
if (!$new) {
$edit_id = intval($_GET['edit']);
}
// zpracovani
if (isset($_POST['old'])) {
// nacteni dat
$q = array();
$q['old'] = _anchorStr(trim($_POST['old']), true, array('/' => 0));
$q['new'] = _anchorStr(trim($_POST['new']), true, array('/' => 0));
$q['active'] = _checkboxLoad('act');
// kontrola
if ($q['old'] === '' || $q['new'] === '') {
$message = _formMessage(2, $_lang['admin.content.redir.emptyidt']);
} elseif ($new) {
// vytvoreni
DB::query('INSERT INTO `' . _mysql_prefix . '-redir` (old,new,active) VALUES (\'' . DB::esc($q['old']) . '\',\'' . DB::esc($q['new']) . '\',' . $q['active'] . ')');
$new = false;
$message = _formMessage(1, $_lang['global.created']);
break;
} else {
// ulozeni
DB::query('UPDATE `' . _mysql_prefix . '-redir` SET old=\'' . DB::esc($q['old']) . '\',new=\'' . DB::esc($q['new']) . '\',active=' . $q['active'] . ' WHERE id=' . $edit_id);
$message = _formMessage(1, $_lang['global.saved']);
}
$readed_counter = 0;
$query = array("id" => -1, "title" => "", "title_seo" => "", "keywords" => "", "description" => "", "perex" => "", "picture_uid" => null, "content" => "", "infobox" => "", "author" => _loginid, "home1" => -2, "home2" => -1, "home3" => -1, "time" => time(), "visible" => 1, "public" => 1, "comments" => 1, "commentslocked" => 0, "showinfo" => 1, "confirmed" => 0, "rateon" => 1, "readed" => 0);
_extend('call', 'admin.article.default', array('data' => &$query));
if (isset($_GET['new_cat'])) {
$query['home1'] = (int) $_GET['new_cat'];
}
$continue = true;
}
/* --- ulozeni --- */
if (isset($_POST['title'])) {
// nacteni promennych
$newdata['title'] = DB::esc(_htmlStr($_POST['title']));
if ($_POST['title_seo'] === '') {
$_POST['title_seo'] = $_POST['title'];
}
$newdata['title_seo'] = _anchorStr($_POST['title_seo'], true);
$newdata['keywords'] = DB::esc(_htmlStr(trim($_POST['keywords'])));
$newdata['description'] = DB::esc(_htmlStr(trim($_POST['description'])));
$newdata['home1'] = intval($_POST['home1']);
$newdata['home2'] = intval($_POST['home2']);
$newdata['home3'] = intval($_POST['home3']);
if (_loginright_adminchangeartauthor) {
$newdata['author'] = intval($_POST['author']);
} else {
$newdata['author'] = $query['author'];
}
$newdata['perex'] = DB::esc($_POST['perex']);
$newdata['content'] = DB::esc(_filtrateHCM($_POST['content']));
$newdata['infobox'] = DB::esc(_filtrateHCM(trim($_POST['infobox'])));
$newdata['public'] = _checkboxLoad('public');
$newdata['visible'] = _checkboxLoad('visible');
$output .= "\n<form method='post' action='remote/backup.php' target='_blank' onsubmit=\"setTimeout(function(){window.location = 'index.php?p=other-backup';}, 1000);\">\n<input type='hidden' name='type' value='" . $type . "' />\n\n<p class='bborder'>" . $_lang['admin.other.backup.backup.' . $type_name . '.info'] . "</p>\n\n<table class='formtable'>\n\n<tr>\n <td><strong>" . $_lang['admin.other.backup.backup.type'] . "</strong></td>\n <td>" . $_lang['admin.other.backup.backup.' . $type_name] . " <small class='note'>(" . $_lang['admin.other.backup.backup.' . $type_name . '.hint'] . ")</small></td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['admin.other.backup.backup.fname'] . "</strong></td>\n <td><input type='text' name='fname' class='inputmedium' value='{$fname}' /><em>.{$type_ext}</em></td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['global.note'] . "</strong></td>\n <td><input type='text' name='note' class='inputmedium' maxlength='48' /></td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['admin.other.backup.backup.compress'] . "</strong></td>\n <td><select class='inputmedium' name='compress'>\n <option value='0'>" . $_lang['admin.other.backup.backup.compress.0'] . "</option>\n <option value='1'" . ($can_compress && $should_compress ? " selected='selected'" : '') . _inputDisable($can_compress) . ">" . $_lang['admin.other.backup.backup.compress.1'] . (!$should_compress ? ' (' . $_lang['global.notrecommended'] . ')' : '') . "</option>\n <option value='2'" . _inputDisable($can_compress) . ">" . $_lang['admin.other.backup.backup.compress.2'] . (!$should_compress ? ' (' . $_lang['global.notrecommended'] . ')' : '') . "</option>\n </select></td>\n</tr>\n\n<tr class='valign-top'>\n <td><strong>" . $_lang['admin.other.backup.backup.items'] . "</strong></td>\n <td>\n <label><input type='checkbox' name='item_database' disabled='disabled' checked='checked' /> " . $_lang['admin.other.backup.backup.items.db'] . ' - ' . $sizes['db'] . "</label><br />\n " . $dir_items . "\n </td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['admin.other.backup.backup.sizesum'] . "</strong></td>\n <td><code class='text-" . $sizes_sum_class . "'>" . $sizes['sum'] . '</code>' . ($can_compress ? ' <small class="note">(' . $_lang['admin.other.backup.backup.sizesum.note'] . ')</small>' : '') . "</td>\n</tr>\n\n<tr>\n <td></td>\n <td>\n <br />\n <input type='submit' name='target_down' value='" . $_lang['admin.other.backup.backup.submit.down'] . "' />\n " . ($type !== _backup_full ? "<input type='submit' name='target_store' value='" . $_lang['admin.other.backup.backup.submit.store'] . "' />" : '') . "\n <a href='index.php?p=other-backup'><img src='images/icons/delete2.png' alt='cancel' class='icon' />" . $_lang['global.cancel'] . "</a>\n </td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n";
} elseif (isset($_POST['do_restore']) && _loginright_adminrestore) {
/* ----- obnova zalohy ----- */
$msg = '';
// akce
if (isset($_POST['action'])) {
switch ($_POST['action']) {
// upload
case 1:
// kontrola nahrani
if (!isset($_FILES['backup']) || !is_uploaded_file($_FILES['backup']['tmp_name'])) {
$msg = _formMessage(2, $_lang['global.noupload']);
break;
}
// nazev souboru
$fname = _anchorStr($_FILES['backup']['name']);
if (($dot = strrpos($fname, '.')) !== false) {
$fname = substr($fname, 0, $dot) . '_' . uniqid('', false) . substr($fname, $dot);
} else {
$fname .= '_' . uniqid('', false);
}
$move_to = _indexroot . 'data/backup/' . $fname;
// kontrola souboru
if (($check = _backupCheckFile($_FILES['backup']['tmp_name'], array(_backup_db, _backup_partial))) !== true) {
$msg = _formMessage(3, $check);
break;
}
// presun souboru
if (!@move_uploaded_file($_FILES['backup']['tmp_name'], $move_to)) {
$msg = _formMessage(1, $_lang['admin.other.backup.restore.upload.err.move']);
break;
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- priprava --- */
$list = false;
$message = "";
$id = null;
if (isset($_GET['id'])) {
$id = DB::esc(_anchorStr($_GET['id'], false));
$query = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
$list = true;
} else {
$message = _formMessage(2, $_lang['global.baduser']);
$found = false;
}
}
/* --- modul --- */
// titulek
if (_template_autoheadings == 1) {
$module .= "<h1>" . $_lang['mod.profile.posts'] . "</h1><br />";
}
// vyhledavaci pole
// odkaz zpet na profil
if ($list) {
$module .= "\n<a href='index.php?m=profile&id=" . $id . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n";
}
$newpassword = _md5Salt($newpassword);
} else {
$errors[] = $_lang['mod.settings.error.badnewpass'];
}
} else {
$errors[] = $_lang['mod.settings.error.newpassnosame'];
}
} else {
$errors[] = $_lang['mod.settings.error.badcurrentpass'];
}
}
// note
$note = DB::esc(_htmlStr(_wsTrim(mb_substr($_POST['note'], 0, 1024))));
// language
if (_language_allowcustom) {
$language = DB::esc(_anchorStr($_POST['language'], false));
if (!@file_exists(_indexroot . "plugins/languages/" . $language . ".php")) {
$language = "";
}
}
// extend
$extra = array();
_extend('call', 'mod.settings.submit', array('query' => &$extra, 'current_query' => $query, 'errors' => &$errors));
/* -- ulozeni nebo seznam chyb -- */
if (count($errors) == 0) {
// extra polozky
if (_loginright_administration) {
$extra['wysiwyg'] = $wysiwyg;
}
if (_language_allowcustom) {
$extra['language'] = $language;
<?php
/* ---- inicializace jadra ---- */
require '../require/load.php';
define('_administration', '1');
SL::init('../');
/* ---- vystup ---- */
// priprava
$xsrf_protect = true;
$admintitle = $_lang['admin.title'];
if (isset($_GET['p'])) {
$getp = _anchorStr($_GET['p']);
} else {
$getp = "index";
}
$output = '';
$admin_base_css_path = 'remote/style.css.php';
$admin_extra_css = array();
$admin_extra_js = array();
/* --- hlavicka --- */
/* -- vlozeni funkci administrace -- */
require _indexroot . "admin/functions.php";
// priprava uzivatelskeho menu
$usermenu = '<span id="usermenu">';
if (_loginindicator and _loginright_administration) {
$avatar = _getAvatar(_loginid, true, true);
if (isset($avatar)) {
$usermenu .= '<a id="header-avatar" href="' . _indexroot . 'index.php?m=profile&id=' . _loginname . '"><img src="' . $avatar . '" alt="' . _loginname . '" /></a>';
}
$usermenu .= _loginpublicname . ' [';
if (_messages) {
SL::init('../');
/* -- nacteni promennych -- */
// kontrola zvoleni
_checkKeys('_POST', array('_posttarget', '_posttype', 'text'));
_checkKeys('_GET', array('_return'));
// jmeno hosta nebo ID uzivatele
if (_loginindicator) {
$guest = "";
$author = _loginid;
} else {
if (isset($_POST['guest'])) {
$guest = $_POST['guest'];
if (mb_strlen($guest) > 24) {
$guest = mb_substr($guest, 0, 24);
}
$guest = _anchorStr($guest, false);
} else {
$guest = "";
}
$author = -1;
}
// typ, domov, text
$posttarget = intval($_POST['_posttarget']);
$posttype = intval($_POST['_posttype']);
$text = DB::esc(_htmlStr(_wsTrim(_cutStr($_POST['text'], $posttype != 4 ? 16384 : 255, false))));
// domovsky prispevek
if ($posttype != 4) {
_checkKeys('_POST', array('_xhome'));
$xhome = intval($_POST['_xhome']);
} else {
$xhome = -1;
}
/* --- registrace --- */
$phase = 0;
$message = "";
if (isset($_POST['username'])) {
$errors = array();
// kontrola iplogu
if (!_iplogCheck(5)) {
$errors[] = str_replace("*postsendexpire*", _postsendexpire, $_lang['misc.requestlimit']);
}
// nacteni a kontrola promennych
$username = $_POST['username'];
if (mb_strlen($username) > 24) {
$username = mb_substr($username, 0, 24);
}
$username = DB::esc(_anchorStr($username, false));
if ($username == "") {
$errors[] = $_lang['admin.users.edit.badusername'];
} elseif (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-users` WHERE username='******' OR publicname='" . $username . "'"), 0) != 0) {
$errors[] = $_lang['admin.users.edit.userexists'];
}
$password = $_POST['password'];
$password2 = $_POST['password2'];
if ($password != $password2) {
$errors[] = $_lang['mod.reg.nosame'];
}
if ($password != "") {
$password = _md5Salt($password);
} else {
$errors[] = $_lang['mod.reg.passwordneeded'];
}
function _tmp_installer_install()
{
global $_lang, $self, $is_clean;
// krok
static $steps = 3;
if (isset($_POST['step'])) {
$step = intval($_POST['step']);
if ($step < 1 || $step > $steps) {
$step = 1;
}
} else {
$step = 1;
}
$fname = basename(__FILE__);
if (!empty($_POST)) {
echo '<a href="./' . $fname . '" id="cancelink">' . $_lang['global.cancel'] . '</a>';
}
?>
<h2><?php
echo str_replace(array('*step*', '*steps*', '*name*'), array($step, $steps, $_lang['step.' . $step]), $_lang['install']);
?>
</h2>
<form action="./<?php
echo $fname;
?>
" method="post" name="instform" autocomplete="off">
<?php
switch ($step) {
// kontrola
case 1:
if (isset($_POST['check'])) {
// nacteni a kontrola existence souboru
$a_files = $self->listFilesOnPath('/files/');
$conflicts = array();
$counter = 0;
$err_limit = 10;
for ($i = 0; isset($a_files[$i]); ++$i) {
$path = './' . substr($a_files[$i], 7);
if (file_exists($path)) {
++$counter;
if ($counter <= $err_limit) {
$conflicts[] = str_replace('*path*', $path, $_lang['step.1.err.file']);
}
}
}
if ($counter > $err_limit) {
$conflicts[] = str_replace('*n*', $counter - $err_limit, $_lang['step.1.err.file.etc']);
}
// zprava nebo pokracovani
if (empty($conflicts)) {
// vse je ok
$step = 2;
echo '<p class="green center">' . $_lang['step.1.ok'] . '</p>';
echo '<p class="center"><input type="submit" value="' . $_lang['global.continue'] . '"></p>';
break;
} else {
// jsou chyby
echo '<p class="red">' . $_lang['step.1.err'] . ':</p>';
echo "<ul>\n";
for ($i = 0; isset($conflicts[$i]); ++$i) {
echo "<li>" . $conflicts[$i] . "</li>\n";
}
echo "</ul>";
}
}
echo '<p class="center"><input type="submit" name="check" value="' . $_lang['step.1.submit'] . '"></p>';
break;
// konfigurace & instalace
// konfigurace & instalace
case 2:
case 3:
// navrat z kroku 3
if (isset($_POST['return_to_cfg'])) {
$step = 2;
unset($_POST['return_to_cfg']);
}
// instalace
$install = $step == 3;
if (isset($_POST['sys_url'])) {
// zpracovat url
$_POST['sys_url'] = _removeSlashesFromEnd($_POST['sys_url']);
// kontroly
$err = null;
do {
// prefix
$prefix = trim($_POST['db_prefix']);
if ($prefix === '') {
$err = str_replace('*input*', $_lang['step.2.db.prefix'], $_lang['step.2.err.empty']);
break;
}
// ucet administratora
$_POST['admin_name'] = _anchorStr(trim($_POST['admin_name']), false);
$_POST['admin_email'] = trim($_POST['admin_email']);
// pouze pro cistou instalaci
if ($is_clean) {
// vynutit ucet administratora
if ($_POST['admin_name'] === '') {
$err = str_replace('*input*', $_lang['step.2.admin.name'], $_lang['step.2.err.empty']);
break;
}
if ($_POST['admin_pwd'] === '') {
$err = str_replace('*input*', $_lang['step.2.admin.pwd'], $_lang['step.2.err.empty']);
break;
}
if ($_POST['admin_email'] === '' || $_POST['admin_email'] === '@') {
$err = str_replace('*input*', $_lang['step.2.admin.email'], $_lang['step.2.err.empty']);
break;
}
// titulek stranek
$_POST['sys_title'] = trim($_POST['sys_title']);
if ($_POST['sys_title'] === '') {
$err = str_replace('*input*', $_lang['step.2.sys.title'], $_lang['step.2.err.empty']);
break;
}
// popis, klicova slova
$_POST['sys_descr'] = trim($_POST['sys_descr']);
$_POST['sys_kwrds'] = trim($_POST['sys_kwrds']);
}
// email administratora
if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@' && !_validateEmail($_POST['admin_email'])) {
$err = $_lang['step.2.err.admin.email'];
break;
}
// heslo administratora
if ($_POST['admin_pwd'] !== '' && $_POST['admin_pwd'] !== $_POST['admin_pwd2']) {
$err = $_lang['step.2.err.admin.pwd'];
break;
}
// DB port
$server = $_POST['db_server'];
if (false !== ($serverColonPos = strpos($server, ':'))) {
$port = (int) substr($server, $serverColonPos + 1);
$server = substr($server, 0, $serverColonPos);
} else {
$port = ini_get('mysqli.default_port');
}
// pripojeni
$con = @mysqli_connect($server, $_POST['db_user'], $_POST['db_pwd'], $_POST['db_name'], $port);
if (!is_object($con)) {
$err = $_lang['step.2.err.con'] . '<br><code>' . _htmlStr(mysqli_connect_error()) . '</code>';
break;
}
// kodovani a konstanty
DB::$con = $con;
DB::$con->set_charset('utf8');
DB::query('SET sql_mode=\'\'');
define('_mysql_prefix', $prefix);
// existence tabulek
$prefix = DB::esc($prefix);
$q = DB::query('SHOW TABLES LIKE \'' . $prefix . '-%\'');
$tables = array();
while ($r = DB::rown($q)) {
$tables[] = $r[0];
}
if (!empty($tables) && !isset($_POST['db_overwrite'])) {
$err = $_lang['step.2.err.tables'] . ':<br><br>• ' . implode("<br>\n• ", $tables);
break;
}
// vse ok
if ($install) {
if (!isset($_POST['do_install'])) {
// potvrzeni
echo _getPostdata(false, null, array('step'));
echo '<p class="green center">' . $_lang['step.3.text'] . '</p>';
echo '<p class="center">
<input type="submit" name="do_install" value="' . $_lang['step.3.submit'] . '" onclick="if (window.sl_install_process) return false; else {window.sl_install_process = true; this.value=\'' . $_lang['step.3.wait'] . '\'}">
<input type="submit" name="return_to_cfg" value="' . $_lang['step.3.return'] . '">
</p>';
} else {
// provedeni
$err = null;
try {
// rozbalit soubory
$self->extractFiles('./', '/files/', false, true, array($self->vars['void']));
// vytvorit konfiguracni soubor
global $cfg_locale, $cfg_timezone;
file_put_contents('./config.php', str_replace(array('/* @@@server@@@ */', '/* @@@user@@@ */', '/* @@@password@@@ */', '/* @@@database@@@ */', '/* @@@prefix@@@ */', '/* @@@locale@@@ */', '/* @@@timezone@@@ */'), array(var_export($_POST['db_server'], true), var_export($_POST['db_user'], true), var_export($_POST['db_pwd'], true), var_export($_POST['db_name'], true), var_export($prefix, true), var_export($cfg_locale, true), var_export($cfg_timezone, true)), $self->getFile('/files/data/installer/config.php.tpl')));
// smazat tabulky z databaze?
if (!empty($tables)) {
for ($i = 0; isset($tables[$i]); ++$i) {
DB::query('DROP TABLE `' . $tables[$i] . '`', true);
if (($sql_err = DB::error()) !== '') {
throw new _InstallException($_lang['step.3.err.drop'] . '<br><code>' . $sql_err . '</code>');
}
}
}
// deaktivovat kontrolu verze
function _checkVersion()
{
return true;
}
// vytvorit strukturu databaze
$dbdump = new DBDump();
$dbdump->importTables($self->getFile('/database/struct'));
// nacist data
$data_stream = $self->getFileStream('/database/data');
$dbdump->importData($data_stream);
$data_stream->free();
// aktualizovat url
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val($_POST['sys_url']) . ' WHERE `var`=\'url\'');
// vypnout mod rewrite pokud neexistuje .htaccess
if (!file_exists(_indexroot . '.htaccess')) {
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=0 WHERE `var`=\'modrewrite\'');
}
// upravit ucet administratora
$admin_upd = array();
if ($_POST['admin_name'] !== '') {
$admin_upd['username'] = $_POST['admin_name'];
if (!$is_clean) {
$admin_upd['publicname'] = '';
}
}
if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@') {
$admin_upd['email'] = $_POST['admin_email'];
}
if ($_POST['admin_pwd'] !== '') {
$admin_pwd = _md5Salt($_POST['admin_pwd']);
$admin_upd['password'] = $admin_pwd[0];
$admin_upd['salt'] = $admin_pwd[1];
}
if ($is_clean) {
$admin_upd['registertime'] = time();
$admin_upd['activitytime'] = time();
}
if (!empty($admin_upd)) {
$admin_upd_sql = '';
$counter = 0;
foreach ($admin_upd as $col => $val) {
if ($counter !== 0) {
$admin_upd_sql .= ',';
}
$admin_upd_sql .= '`' . $col . '`=' . DB::val($val);
++$counter;
}
DB::query('UPDATE `' . $prefix . '-users` SET ' . $admin_upd_sql . ' WHERE id=0');
}
// aktualizovat titulek, klic. slova a popis
if ($is_clean) {
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_title'])) . ' WHERE `var`=\'title\'');
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_kwrds'])) . ' WHERE `var`=\'keywords\'');
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_descr'])) . ' WHERE `var`=\'description\'');
}
// vypnout mod_rewrite
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'0\' WHERE `var`=\'mod_rewrite\'');
// vynutit kontrolu instalace
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'1\' WHERE `var`=\'install_check\'');
} catch (_InstallException $e) {
$err = $e->getMessage();
} catch (Exception $e) {
$err = _htmlStr($e->getMessage());
}
// uspech ci chyba
if (isset($err)) {
echo '<p class="red">' . $err . '</p>';
echo '<p class="red">' . $_lang['step.3.err.warning'] . '</p>';
} else {
echo '<p class="green center">' . str_replace('*fname*', $fname, $_lang['step.3.fin']) . '</p>';
}
}
break 2;
} else {
$step = 3;
echo '<p class="green center">' . $_lang['step.2.ok'] . '</p>';
}
} while (false);
// chyba
if (isset($err)) {
echo '<p class="red">' . $err . '</p>';
}
}
?>
<table>
<thead><th colspan="2"><?php
echo $_lang['step.2.sys'];
?>
</th></thead>
<tbody>
<tr>
<th><?php
echo $_lang['step.2.sys.url'];
?>
</th>
<td><input type="text" name="sys_url"<?php
echo _restorePostValue('sys_url');
?>
></td>
</tr>
<?php
if ($is_clean) {
?>
<tr>
<th><?php
echo $_lang['step.2.sys.title'];
?>
</th>
<td><input type="text" name="sys_title"<?php
echo _restorePostValue('sys_title');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.sys.descr'];
?>
</th>
<td><input type="text" name="sys_descr"<?php
echo _restorePostValue('sys_descr');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.sys.kwrds'];
?>
</th>
<td><input type="text" name="sys_kwrds"<?php
echo _restorePostValue('sys_kwrds');
?>
></td>
</tr>
<?php
}
?>
</tbody>
</table>
<script type="text/javascript">
// predvyplneni adresy
if (document.instform.sys_url.value === '') {
var loc = new String(document.location);
var slash;
var slash_last = 0;
var limit = 0;
while (true) {
slash = loc.indexOf('/', slash_last);
if (slash === -1) break;
slash_last = slash + 1;
}
loc = loc.substr(0, slash_last);
document.instform.sys_url.value = loc;
}
</script>
<table>
<thead>
<tr><th colspan="2"><?php
echo $_lang['step.2.admin'];
?>
</th></tr>
<?php
if (!$is_clean) {
?>
<tr><th colspan="2"><small><?php
echo $_lang['step.2.admin.notice'];
?>
</small></th></tr><?php
}
?>
</thead>
<tbody>
<tr>
<th><?php
echo $_lang['step.2.admin.name'];
?>
</th>
<td><input type="text" maxlength="24" name="admin_name"<?php
echo _restorePostValue('admin_name');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.admin.email'];
?>
</th>
<td><input type="text" maxlength="100" name="admin_email"<?php
echo _restorePostValue('admin_email', $is_clean ? '@' : null);
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.admin.pwd'];
?>
</th>
<td><input type="password" name="admin_pwd"<?php
echo _restorePostValue('admin_pwd');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.admin.pwd2'];
?>
</th>
<td><input type="password" name="admin_pwd2"<?php
echo _restorePostValue('admin_pwd2');
?>
></td>
</tr>
</tbody>
</table>
<table>
<thead><tr><th colspan="2"><?php
echo $_lang['step.2.db'];
?>
</th></tr></thead>
<tbody>
<tr>
<th><?php
echo $_lang['step.2.db.server'];
?>
</th>
<td><input type="text" name="db_server"<?php
echo _restorePostValue('db_server', 'localhost');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.name'];
?>
</th>
<td><input type="text" name="db_name"<?php
echo _restorePostValue('db_name');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.user'];
?>
</th>
<td><input type="text" name="db_user"<?php
echo _restorePostValue('db_user');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.pwd'];
?>
</th>
<td><input type="password" name="db_pwd"<?php
echo _restorePostValue('db_pwd');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.prefix'];
?>
</th>
<td><input type="text" maxlength="24" name="db_prefix"<?php
echo _restorePostValue('db_prefix', 'sunlight');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.tables'];
?>
</th>
<td><label><input type="checkbox" name="db_overwrite"<?php
echo _checkboxActivate(isset($_POST['db_overwrite']));
?>
value="1" onchange="if (this.checked && !confirm('<?php
echo $_lang['step.2.db.tables.overwrite.confirm'];
?>
')) this.checked = false"> <?php
echo $_lang['step.2.db.tables.overwrite'];
?>
</label></td>
</tr>
</tbody>
</table>
<p class="center"><input type="submit" value="<?php
echo $_lang[$step != 3 ? 'step.2.submit' : 'global.continue'];
?>
"></p>
<?php
//<p class="warning"><?php echo $_lang['step.2.warning']</p>
break;
}
?>
<input type="hidden" name="step" value="<?php
echo $step;
?>
">
</form>
<?php
}
// title
// title
case "title":
$val = trim($val);
if ($val == "") {
$val = $_lang['global.novalue'];
}
$title = $val;
break;
// title_seo
// title_seo
case "title_seo":
if ($val === '') {
$val = $title;
}
$val = _anchorStr($val, true, array('/' => 0));
break;
// keywords, description, intersectionperex
// keywords, description, intersectionperex
case "keywords":
case "description":
case "intersectionperex":
$val = trim($val);
break;
// level
// level
case "level":
if ($val < 0) {
$val = 0;
} elseif ($val > _loginright_level) {
$val = _loginright_level;
$new_banned[] = implode(".", $item);
}
$new_banned = trim(implode("\n", array_unique($new_banned)));
DB::query("UPDATE `" . _mysql_prefix . "-settings` SET val='" . DB::esc($new_banned) . "' WHERE var='banned'");
$message = _formMessage(1, $_lang['global.saved']);
$data = $new_banned;
unset($new_banned);
} else {
$data = DB::query_row('SELECT `val` FROM `' . _mysql_prefix . '-settings` WHERE `var`=\'banned\'');
$data = $data['val'];
}
/* --- vystup --- */
$output .= "\n<p>" . $_lang['admin.other.bans.p'] . "</p>\n" . $message . "\n\n<table class='wintable'>\n<tr class='valign-top'>\n\n<td>\n<form action='index.php?p=other-bans' method='post'>\n<textarea rows='25' cols='94' class='areamedium' name='banned'>" . $data . "</textarea><br /><br />\n<input type='submit' value='" . $_lang['global.save'] . "' />\n" . _xsrfProtect() . "</form>\n</td>\n\n<td>\n<h2>" . $_lang['admin.other.bans.getuserip'] . "</h2><br />\n<form action='index.php' method='get'>\n<input type='hidden' name='p' value='other-bans' />\n" . $_lang['global.user'] . ": <input type='text' name='getip' class='inputsmall'" . _restoreGetValue("getip") . " /> <input type='submit' value='" . $_lang['global.do'] . "' />\n</form>\n";
// zjisteni ip adres uzivatele
if (isset($_GET['getip'])) {
$user = _anchorStr(trim($_GET['getip']), false);
$query = DB::query("SELECT ip,id FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
// vyhledani adres
$ips = array();
$iquery = DB::query("SELECT DISTINCT ip FROM `" . _mysql_prefix . "-posts` WHERE author=" . $query['id']);
while ($iip = DB::row($iquery)) {
$ips[] = $iip['ip'];
}
// pridani naposledy pouzite
if (!in_array($query['ip'], $ips)) {
$ips[] = $query['ip'];
}
// vypis
$output .= "<br /><h2>" . $_lang['global.result'] . "</h2>\n<ul>\n";
$uploaded = array();
/* ---- akce, vystup ---- */
if ($continue) {
/* --- post akce --- */
if (isset($_POST['action'])) {
switch ($_POST['action']) {
// upload
case "upload":
$total = 0;
$done = 0;
foreach ($_FILES as $item) {
if (!is_array($item['name'])) {
continue;
}
for ($i = 0; isset($item['name'][$i]); ++$i) {
$name = _anchorStr(_admin_cparam($item['name'][$i], false), false);
$tmp_name = $item['tmp_name'][$i];
$exists = @file_exists($dir . $name);
if (@is_uploaded_file($tmp_name) && _admin_issafefile($name) and (!$exists or isset($_POST['upload_rewrite']) and @unlink($dir . $name))) {
if (@move_uploaded_file($tmp_name, $dir . $name)) {
++$done;
$uploaded[$name] = true;
}
}
++$total;
}
}
$tfrom = array("*done*", "*total*");
$tto = array($done, $total);
if ($done == $total) {
$micon = 1;
