function _HCM_mailform($adresa = "", $priloha = false, $predmet = null) { // priprava $result = ""; $_SESSION[_sessionprefix . 'hcm_' . SL::$hcmUid . '_mail_receiver'] = @implode(",", _arrayRemoveValue(@explode(";", trim($adresa)), "")); if (_boolean($priloha)) { $rfile = array($GLOBALS['_lang']['hcm.mailform.att'], "<input type='file' name='att' />"); $att = true; } else { $rfile = array(''); $att = false; } if (isset($predmet)) { $rsubject = " value='" . _htmlStr($predmet) . "'"; } else { $rsubject = ""; } $rcaptcha = _captchaInit(); // zprava $msg = ''; if (isset($_GET['hcm_mr_' . SL::$hcmUid])) { switch ($_GET['hcm_mr_' . SL::$hcmUid]) { case 1: $msg = _formMessage(1, $GLOBALS['_lang']['hcm.mailform.msg.done']); break; case 2: $msg = _formMessage(2, $GLOBALS['_lang']['hcm.mailform.msg.failure']); break; case 3: $msg = _formMessage(3, $GLOBALS['_lang']['hcm.mailform.msg.failure2']); break; case 4: $msg = _formMessage(3, $GLOBALS['_lang']['xsrf.msg']); break; } } // predvyplneni odesilatele if (_loginindicator) { $sender = _loginemail; } else { $sender = "@"; } $result .= "<div class='anchor'><a name='hcm_mform_" . SL::$hcmUid . "'></a></div>\n" . $msg . _formOutput("mform" . SL::$hcmUid, _indexroot . "remote/hcm/mform.php?_return=" . urlencode(_indexOutput_url) . ($att ? "' enctype='multipart/form-data" : ''), array(array($GLOBALS['_lang']['hcm.mailform.sender'], "<input type='text' class='inputsmall' name='sender' value='" . $sender . "' /><input type='hidden' name='fid' value='" . SL::$hcmUid . "' />"), array($GLOBALS['_lang']['posts.subject'], "<input type='text' class='inputsmall' name='subject'" . $rsubject . " />"), $rcaptcha, array($GLOBALS['_lang']['hcm.mailform.text'], "<textarea class='areasmall' name='text' rows='9' cols='33'></textarea>", true), $rfile), array("text", "sender"), $GLOBALS['_lang']['hcm.mailform.send']); return $result; }
/** * Sestavit kod systemoveho formulare * * $id Popis $vars * * login prihlasovaci formular - * notpublic prihlasovaci formular (neverejny obsah) [wholesite 1/0] * postform formular pro zaslani prispevku/komentare [posttype => viz fce _postsOutput, posttarget => id_home, xhome => id_xhome, [pluginflag(pouze pro typ 7)] => xx)] * * @param string $id identifikator formulare * @param array $vars promenne dle typu * @param bool $notitle nevkladat titulek do formulare 1/0 * @param bool $extend volat extend udalosti 1/0 * @return array array(content, title) */ function _uniForm($id, $vars = array(), $notitle = false, $extend = true) { // priprava global $_lang; $content = ""; $title = ""; // extend if ($extend) { _extend('call', 'sys.form', array('id' => $id, 'vars' => $vars, 'notitle' => &$notitle, 'content' => &$content)); } // typ if ('' === $content) { switch ($id) { /* --- prihlaseni --- */ case "login": // titulek $title = $_lang['login.title']; // zpravy if (isset($_GET['_mlr'])) { switch ($_GET['_mlr']) { case 0: $content .= _formMessage(2, $_lang['login.failure']); break; case 1: if (_loginindicator and !_administration) { $content .= _formMessage(1, $_lang['login.success']); } break; case 2: if (!_loginindicator) { $content .= _formMessage(2, $_lang['login.blocked.message']); } break; case 3: if (!_loginindicator) { $content .= _formMessage(3, $_lang['login.securitylogout']); } break; case 4: if (!_loginindicator) { $content .= _formMessage(1, $_lang['login.selfremove']); } break; case 5: if (!_loginindicator) { $content .= _formMessage(2, str_replace(array("*1*", "*2*"), array(_maxloginattempts, _maxloginexpire / 60), $_lang['login.attemptlimit'])); } break; case 6: $content .= _formMessage(3, $_lang['xsrf.msg']); break; } } // obsah if (!_loginindicator) { // adresa pro navrat if (isset($_GET['login_form_return'])) { $return = $_GET['login_form_return']; } else { $return = $_SERVER['REQUEST_URI']; } // adresa formulare $form_url = parse_url($_SERVER['REQUEST_URI']); if (isset($form_url['query'])) { parse_str($form_url['query'], $form_url['query']); unset($form_url['query']['_formData'], $form_url['query']['_mlr']); $form_url = _buildURL($form_url); } else { $form_url = $_SERVER['REQUEST_URI']; } // kod formulare $callArgs = array("login_form", _indexroot . "remote/login.php?_return=" . urlencode($return), array(array($_lang['login.username'], "<input type='text' name='username' class='inputmedium'" . _restoreGetFdValue("username") . " maxlength='24' />"), array($_lang['login.password'], "<input type='password' name='password' class='inputmedium' />")), null, $_lang['global.login'], " <label><input type='checkbox' name='persistent' value='1' /> " . $_lang['login.persistent'] . "</label><input type='hidden' name='form_url' value='" . _htmlStr($form_url) . "' />\n <label><input type='checkbox' name='ipbound' value='1' checked='checked' /> " . (isset($_lang['login.ipbound']) ? $_lang['login.ipbound'] : 'zabezpečené') . "</label>"); if ($extend) { _extend('call', 'sys.form.login', array('call' => &$callArgs)); } $content .= call_user_func_array('_formOutput', $callArgs); // odkazy if (_registration or _lostpass) { $content .= "\n\n<p>\n" . ((_registration and !_administration) ? "<a href='" . _indexroot . "index.php?m=reg'>" . $_lang['mod.reg'] . " ></a>\n" : '') . (_lostpass ? ((_registration and !_administration) ? "<br />" : '') . "<a href='" . _indexroot . "index.php?m=lostpass'>" . $_lang['mod.lostpass'] . " ></a>\n" : '') . "</p>"; } } else { $content .= "<p>" . $_lang['login.ininfo'] . " <em>" . _loginname . "</em> - <a href='" . _xsrfLink(_indexroot . "remote/logout.php") . "'>" . $_lang['usermenu.logout'] . "</a>.</p>"; } break; /* --- zprava o neverejnosti obsahu (0-notpublicsite) --- */ /* --- zprava o neverejnosti obsahu (0-notpublicsite) --- */ case "notpublic": $form = _uniForm("login", array(), true); if (!isset($vars[0])) { $vars[0] = false; } $content = "<p>" . $_lang['notpublic.p' . ($vars[0] == true ? '2' : '')] . "</p>" . $form[0]; $title = $_lang['notpublic.title']; break; /* --- formular pro zaslani prispevku / komentare (posttype,posttarget,xhome,url) --- */ /* --- formular pro zaslani prispevku / komentare (posttype,posttarget,xhome,url) --- */ case "postform": $title = ""; $notitle = true; // pole $inputs = array(); $captcha = _captchaInit(); $content = _jsLimitLength(16384, "postform", "text"); if (_loginindicator == 0) { $inputs[] = array($_lang['posts.guestname'], "<input type='text' name='guest' maxlength='24' class='inputsmall'" . _restoreGetFdValue("guest") . " />"); } if ($vars['xhome'] == -1) { $inputs[] = array($_lang[$vars['posttype'] != 5 ? 'posts.subject' : 'posts.topic'], "<input type='text' name='subject' class='input" . ($vars['posttype'] != 5 ? 'small' : 'medium') . "' maxlength='" . ($vars['posttype'] != 5 ? 22 : 48) . "'" . _restoreGetFdValue("subject") . " />"); } $inputs[] = $captcha; $inputs[] = array($_lang['posts.text'], "<textarea name='text' class='areamedium' rows='5' cols='33'>" . _restoreGetFdValue("text", null, true) . "</textarea><input type='hidden' name='_posttype' value='" . $vars['posttype'] . "' /><input type='hidden' name='_posttarget' value='" . $vars['posttarget'] . "' /><input type='hidden' name='_xhome' value='" . $vars['xhome'] . "' />" . (isset($vars['pluginflag']) ? "<input type='hidden' name='_pluginflag' value='" . $vars['pluginflag'] . "' />" : ''), true); // formular $callArgs = array('postform', _addGetToLink(_indexroot . "remote/post.php", "_return=" . urlencode($vars['url']), false), $inputs, array("text"), null, _getPostformControls("postform", "text")); if ($extend) { _extend('call', 'sys.form.postform', array('call' => &$callArgs, 'vars' => $vars)); } $content .= call_user_func_array('_formOutput', $callArgs); break; } } // return if ((_template_autoheadings == 1 or _administration == 1) and $notitle == false) { $content = "<h1>{$title}</h1>\n" . $content; } return array($content, $title); }
$continue = true; } /* --- akce --- */ if ($continue && isset($_POST['do'])) { foreach ($_POST as $id => $title) { if ($id == "do") { continue; } $id = intval($id); $title = DB::esc(_htmlStr(trim($title))); if ($title == "") { $title = $_lang['global.novalue']; } DB::query("UPDATE `" . _mysql_prefix . "-root` SET title='" . $title . "' WHERE id=" . $id); } $message = _formMessage(1, $_lang['global.saved']); } /* --- vystup --- */ if ($continue) { $output .= "<p class='bborder'>" . $_lang['admin.content.titles.p'] . "</p>" . $message . "\n\n<form action='index.php?p=content-titles' method='post'>\n<input type='hidden' name='do' value='1' />\n\n<table>\n<tr><td><strong>" . $_lang['global.item'] . "</strong></td><td class='lpad'><strong>" . $_lang['global.type'] . "</strong></td></tr>\n"; // funkce function _admin_titleListItem($item, $ipad = false) { global $_lang; $type_array = _admin_getTypeArray(); if ($ipad == true) { $ipad = " class='intersecpad'"; } else { $ipad = ""; } return "<tr><td" . $ipad . "><input class='inputmedium' type='text' maxlength='96' name='" . $item['id'] . "' value='" . $item['title'] . "' /></td><td class='lpad'>" . $_lang['admin.content.' . $type_array[$item['type']]] . "</td></tr>\n";
define('_redirect_to', 'index.php?p=content-polls-edit&id=' . $id . '&saved'); return; } else { DB::query("INSERT INTO `" . _mysql_prefix . "-polls` (author,question,answers,locked,votes) VALUES (" . $author . ",'" . $question . "','" . $answers . "'," . $locked . ",'" . trim(str_repeat("0-", $answers_count), "-") . "')"); $newid = DB::insertID(); define('_redirect_to', 'index.php?p=content-polls-edit&id=' . $newid . '&created'); return; } } else { $message = _formMessage(2, _eventList($errors, 'errors')); } } /* --- vystup --- */ if ($continue) { // vyber autora if (_loginright_adminpollall) { $author_select = "\n <tr>\n <td class='rpad'><strong>" . $_lang['article.author'] . "</strong></td>\n <td>" . _admin_authorSelect("author", $query['author'], "adminpoll=1", "selectmedium") . "</td></tr>\n "; } else { $author_select = ""; } // zprava if (isset($_GET['saved'])) { $message = _formMessage(1, $_lang['global.saved']); } if (isset($_GET['created'])) { $message = _formMessage(1, $_lang['global.created']); } $output .= "\n <p class='bborder'>" . $_lang['admin.content.polls.edit.p'] . "</p>\n " . $message . "\n <form action='index.php?p=content-polls-edit" . $actionbonus . "' method='post'>\n <table class='formtable'>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.question'] . "</strong></td>\n <td><input type='text' name='question' class='inputmedium' value='" . $query['question'] . "' maxlength='64' /></td>\n </tr>\n\n " . $author_select . "\n\n <tr class='valign-top'>\n <td class='rpad'><strong>" . $_lang['admin.content.form.answers'] . "</strong></td>\n <td><textarea name='answers' rows='25' cols='94' class='areamedium'>" . $query['answers'] . "</textarea></td>\n </tr>\n\n " . (!$new ? "<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.hcm'] . "</strong></td>\n <td><input type='text' name='hcm' value='[hcm]poll," . $id . ",150[/hcm]' readonly='readonly' onclick='this.select();' class='inputmedium' /></td>\n </tr>" : '') . "\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n <td>\n <label><input type='checkbox' name='locked' value='1'" . _checkboxActivate($query['locked']) . " /> " . $_lang['admin.content.form.locked'] . "</label> \n " . (!$new ? "<label><input type='checkbox' name='reset' value='1' /> " . $_lang['admin.content.polls.reset'] . "</label>" : '') . "\n </td>\n </tr>\n\n <tr><td></td>\n <td><input type='submit' value='" . $submitcaption . "' />" . (!$new ? " <small>" . $_lang['admin.content.form.thisid'] . " " . $id . "</small> <span class='customsettings'><a href='index.php?p=content-polls&del=" . $id . "' onclick='return _sysConfirm();'><span><img src='images/icons/delete.png' class='icon' alt='del' /> " . $_lang['global.delete'] . "</span></a>" : '') . "</span></td>\n </tr>\n\n </table>\n " . _xsrfProtect() . "</form>\n "; } else { $output .= _formMessage(3, $_lang['global.badinput']); }
// podminky $sql .= ' WHERE gal.visible=1'; if ($public) { $sql .= ' AND gal.public=1'; } $sql .= ' AND ' . _tmpSearchQuery('img', array('title')); // vykonani a nacteni vysledku $q = DB::query($sql . ' LIMIT 20'); while ($r = DB::row($q)) { $link = _addGetToLink(_linkRoot($r['home'], $r['title_seo']), 'page=' . _resultPagingGetItemPage($r['var2'], "images", "ord<" . $r['ord'] . " AND home=" . $r['home'])); $results[] = array($link, $r['gal_title'], ($r['title'] !== '' ? $r['title'] . '<br />' : '') . _galleryImage($r, 'search', 128, 128)); } DB::free($q); } // extend _extend('call', 'mod.search.results', array('results' => &$results, 'query' => $search_query, 'query_sql' => $search_query_sql)); // vypis vysledku if (count($results) != 0) { foreach ($results as $item) { $module .= "\n<h2 class='list-title'><a href='" . $item[0] . "'>" . $item[1] . "</a></h2>\n<p class='list-perex'>" . $item[2] . "</p>\n"; if (isset($item[3])) { $module .= "<div class='list-info'>" . $item[3] . "</div>\n"; } } } else { $module .= "<br />" . _formMessage(1, $_lang['mod.search.noresult']); } } else { $module .= "<br />" . _formMessage(2, $_lang['mod.search.minlength']); } }
<?php /* --- kontrola jadra --- */ if (!defined('_core')) { exit; } /* --- akce --- */ $message = ""; if (isset($_POST['user'])) { $user = DB::esc(_anchorStr(trim($_POST['user']))); $query = DB::query("SELECT id,password FROM `" . _mysql_prefix . "-users` WHERE username='******'"); if (DB::size($query) != 0) { $query = DB::row($query); _userLogout(false); $_SESSION[_sessionprefix . "user"] = $query['id']; $_SESSION[_sessionprefix . "password"] = $query['password']; $_SESSION[_sessionprefix . "ip"] = _userip; $_SESSION[_sessionprefix . "ipbound"] = true; define('_redirect_to', _indexroot . 'index.php?m=login'); return; } else { $message = _formMessage(2, $_lang['global.baduser']); } } /* --- vystup --- */ $output .= "\n<p class='bborder'>" . $_lang['admin.other.transm.p'] . "</p>\n" . $message . "\n<form action='index.php?p=other-transm' method='post'>\n<strong>" . $_lang['global.user'] . ":</strong> <input type='text' name='user' class='inputsmall' /> <input type='submit' value='" . $_lang['global.login'] . "' />\n" . _xsrfProtect() . "</form>\n";
} if (isset($_GET['created'])) { $message = _formMessage(1, $_lang['global.created']); } // wysiwyg editor $output .= _admin_wysiwyg(); // vypocet hodnoceni if (!$new) { if ($query['ratenum'] != 0) { $rate = DB::result(DB::query("SELECT ROUND(ratesum/ratenum) FROM `" . _mysql_prefix . "-articles` WHERE id=" . $query['id']), 0) . "%, " . $query['ratenum'] . "x"; } else { $rate = $_lang['article.rate.nodata']; } } else { $rate = ""; } // seo title input $seo_input = "<input type='text' name='title_seo' value='" . $query['title_seo'] . "' maxlength='255' class='input" . ($author_select != '' ? 'medium' : 'big') . "' />"; // obrazek $picture = ''; if (isset($query['picture_uid'])) { $picture .= "<img src='" . _pictureStorageGet(_indexroot . 'pictures/articles/', null, $query['picture_uid'], 'jpg') . "' alt='article picture' id='is-picture-file' />\n<label id='is-picture-delete'><input type='checkbox' name='picture-delete' value='1' /> <img src='images/icons/delete3.png' class='icon' alt='" . $_lang['global.delete'] . "' /></label>"; } else { $picture .= "<img src='images/art-no-pic.png' alt='no picture' />\n"; } $picture .= "<input type='file' name='picture' id='is-picture-upload' />\n"; // formular $output .= "\n<a href='" . $backlink . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.articles.edit.title'] . "</h1>\n<p class='bborder'>" . $_lang['admin.content.articles.edit.p'] . "</p>" . $message . "\n\n" . (($new == true and _loginright_adminneedconfirm) ? _admin_smallNote($_lang['admin.content.articles.edit.newconfnote']) : '') . "\n" . ($query['confirmed'] != 1 ? _admin_smallNote($_lang['admin.content.articles.edit.confnote']) : '') . "\n\n" . (!$new && DB::result(DB::query('SELECT COUNT(*) FROM `' . _mysql_prefix . '-articles` WHERE `id`!=' . $query['id'] . ' AND `home1`=' . $query['home1'] . ' AND `title_seo`=\'' . $query['title_seo'] . '\''), 0) != 0 ? _formMessage(2, $_lang['admin.content.form.title_seo.collision']) : '') . "\n\n<form class='cform' action='index.php?p=content-articles-edit" . $actionplus . "' method='post' enctype='multipart/form-data' name='artform'" . _jsCheckForm("artform", array("title")) . ">\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['article.category'] . "</strong></td>\n<td>" . _admin_rootSelect("home1", 2, $query['home1'], false) . " " . _admin_rootSelect("home2", 2, $query['home2'], true) . " " . _admin_rootSelect("home3", 2, $query['home3'], true) . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' value='" . $query['title'] . "' class='inputbig' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title_seo'] . "</strong></td>\n<td>" . ($author_select == '' ? $seo_input : "\n <table class='ae-twoi'><tr>\n <td>" . $seo_input . "</td>\n <td class='rpad'><strong>" . $_lang['article.author'] . "</strong></td>\n <td>" . $author_select . "</td>\n </tr></table>\n") . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.description'] . "</strong></td>\n<td>\n <table class='ae-twoi'><tr>\n <td><input type='text' name='description' value='" . $query['description'] . "' maxlength='128' class='inputmedium' /></td>\n <td class='rpad'><strong>" . $_lang['admin.content.form.keywords'] . "</strong></td>\n <td><input type='text' name='keywords' value='" . $query['keywords'] . "' maxlength='128' class='inputmedium' /></td>\n </tr></table>\n</td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.perex'] . "</strong></td>\n<td><textarea name='perex' rows='9' cols='94' class='areabigperex codemirror'>" . _htmlStr($query['perex']) . "</textarea></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.content'] . "</strong>" . $artlink . "</td>\n<td>\n\n <table id='ae-table'>\n <tr class='valign-top'>\n <td id='content-cell'>\n <textarea name='content' rows='25' cols='68' class='wysiwyg_editor" . (!_wysiwyg || !_loginwysiwyg ? ' codemirror' : '') . "'>" . _htmlStr($query['content']) . "</textarea>\n </td>\n <td id='is-cell'>\n <div id='is-cell-wrapper'>\n <div id='is-cell-content'>\n\n <h2>" . $_lang['admin.content.form.picture'] . "</h2>\n <div id='is-picture'>" . $picture . "</div>\n\n <h2>" . $_lang['admin.content.form.settings'] . "</h2>\n <p id='is-settings'>\n <label><input type='checkbox' name='public' value='1'" . _checkboxActivate($query['public']) . " /> " . $_lang['admin.content.form.public'] . "</label>\n <label><input type='checkbox' name='visible' value='1'" . _checkboxActivate($query['visible']) . " /> " . $_lang['admin.content.form.visible'] . "</label>\n " . (_loginright_adminconfirm || !_loginright_adminneedconfirm && $query['author'] == _loginid ? "<label><input type='checkbox' name='confirmed' value='1'" . _checkboxActivate($query['confirmed']) . " /> " . $_lang['admin.content.form.confirmed'] . "</label>" : '') . "\n <label><input type='checkbox' name='comments' value='1'" . _checkboxActivate($query['comments']) . " /> " . $_lang['admin.content.form.comments'] . "</label>\n <label><input type='checkbox' name='commentslocked' value='1'" . _checkboxActivate($query['commentslocked']) . " /> " . $_lang['admin.content.form.commentslocked'] . "</label>\n <label><input type='checkbox' name='rateon' value='1'" . _checkboxActivate($query['rateon']) . " /> " . $_lang['admin.content.form.artrate'] . "</label>\n <label><input type='checkbox' name='showinfo' value='1'" . _checkboxActivate($query['showinfo']) . " /> " . $_lang['admin.content.form.showinfo'] . "</label>\n " . (!$new ? "<label><input type='checkbox' name='resetrate' value='1' /> " . $_lang['admin.content.form.resetartrate'] . " <small>(" . $rate . ")</small></label>" : '') . "\n " . (!$new ? "<label><input type='checkbox' name='delcomments' value='1' /> " . $_lang['admin.content.form.delcomments'] . " <small>(" . DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-posts` WHERE home=" . $query['id'] . " AND type=2"), 0) . ")</small></label>" : '') . "\n " . (!$new ? "<label><input type='checkbox' name='resetread' value='1' /> " . $_lang['admin.content.form.resetartread'] . " <small>(" . $readed_counter . ")</small></label>" : '') . "\n </p>\n\n <h2>" . $_lang['admin.content.form.infobox'] . "</h2>\n <div id='infobox-wrapper'>\n <textarea name='infobox' rows='10' cols='20' class='codemirror'>" . _htmlStr($query['infobox']) . "</textarea>\n </div>\n\n </div>\n </div>\n </td>\n </tr>\n </table>\n\n</td>\n</tr>\n\n<tr id='time-cell'>\n<td class='rpad'><strong>" . $_lang['article.posted'] . "</strong></td>\n<td>" . _editTime('time', $query['time'], true, $new) . "</td>\n</tr>\n\n<tr>\n<td></td>\n<td id='ae-lastrow'><br /><input type='submit' value='" . $_lang[$submittext] . "' />\n" . (!$new ? "\n \n<span class='customsettings'><a href='index.php?p=content-articles-delete&id=" . $query['id'] . "&returnid=" . $query['home1'] . "&returnpage=1'><span><img src='images/icons/delete.png' alt='del' class='icon' />" . $_lang['global.delete'] . "</span></a></span> \n<span class='customsettings'><small>" . $_lang['admin.content.form.thisid'] . " " . $query['id'] . "</small></span>\n" : '') . "\n\n</td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n\n"; } else { $output .= "<a href='index.php?p=content-articles' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.articles.edit.title'] . "</h1>\n" . _formMessage(3, $_lang['global.badinput']); }
$module .= "<p><a href='" . $backlink . "'>< " . $_lang['global.return'] . "</a></p>"; // zprava $module .= $message; // formular if ($continue) { $furl = 'index.php?m=movetopic&id=' . $id; $module .= ' <form action="' . $furl . '" method="post"> ' . _formMessage(2, sprintf($_lang['mod.movetopic.text'], $query['subject'])) . ' <p> <select name="new_forum"' . (empty($forums) ? " disabled='disabled'" : '') . '> '; if (empty($forums)) { $module .= "<option value='-1'>" . $_lang['mod.movetopic.noforums'] . "</option>\n"; } else { foreach ($forums as $fid => $ftitle) { $module .= "<option value='" . $fid . "'>" . $ftitle . "</option>\n"; } } $module .= '</select> <input type="submit" value="' . $_lang['mod.movetopic.submit'] . '" /> </p> ' . _xsrfProtect() . '</form> '; } else { /*neplatny vstup*/ if (!$scriptbreak) { $module .= _formMessage(3, $_lang['global.badinput']); $found = false; } }
// deinstalace // deinstalace case 2: $pass = $_POST['pass']; $confirm = _checkboxLoad("confirm"); if ($confirm) { $right_pass = DB::query_row("SELECT password,salt FROM `" . _mysql_prefix . "-users` WHERE id=0"); if (_md5Salt($pass, $right_pass['salt']) == $right_pass['password']) { // ziskani tabulek $tables = array(); $q = DB::query('SHOW TABLES LIKE \'' . _mysql_prefix . '-%\''); while ($r = DB::rown($q)) { $tables[] = $r[0]; } // odstraneni tabulek foreach ($tables as $table) { DB::query("DROP TABLE `" . $table . "`"); } // zprava _userLogout(); echo "<h1>" . $_lang['global.done'] . "</h1>\n<p>" . $_lang['admin.other.cleanup.uninstall.done'] . "</p>"; exit; } else { $message = _formMessage(2, $_lang['admin.other.cleanup.uninstall.badpass']); } } break; } } /* --- vystup --- */ $output .= $message . "\n<br />\n<fieldset>\n<legend>" . $_lang['admin.other.cleanup.cleanup'] . "</legend>\n<form class='cform' action='index.php?p=other-cleanup' method='post'>\n<input type='hidden' name='action' value='1' />\n<p>" . $_lang['admin.other.cleanup.cleanup.p'] . "</p>\n\n<table>\n<tr class='valign-top'>\n\n<td rowspan='2'>\n <fieldset>\n <legend>" . $_lang['mod.messages'] . "</legend>\n <label><input type='radio' name='messages' value='0'" . _checkboxActivate(!isset($_POST['messages']) || $_POST['messages'] == 0) . " /> " . $_lang['global.noaction'] . "</label><br />\n <label><input type='radio' name='messages' value='1'" . _checkboxActivate(isset($_POST['messages']) && $_POST['messages'] == 1) . " /> " . $_lang['admin.other.cleanup.messages.1'] . "</label> " . _tmp_selectTime("messages-time") . "<br />\n <label><input type='radio' name='messages' value='2'" . _checkboxActivate(isset($_POST['messages']) && $_POST['messages'] == 2) . " /> " . $_lang['admin.other.cleanup.messages.2'] . "</label>\n </fieldset>\n\n <fieldset>\n <legend>" . $_lang['admin.users.users'] . "</legend>\n <p class='bborder'><label><input type='checkbox' name='users' value='1'" . _checkboxActivate(isset($_POST['users'])) . " /> " . $_lang['admin.other.cleanup.users'] . "</label></p>\n <table>\n\n <tr>\n <td><strong>" . $_lang['admin.other.cleanup.users.time'] . "</strong></td>\n <td>" . _tmp_selectTime("users-time") . "</td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['admin.other.cleanup.users.group'] . "</strong></td>\n <td>" . _admin_authorSelect("users-group", isset($_POST['users-group']) ? intval($_POST['users-group']) : -1, "1", null, $_lang['global.all'], true) . "</td>\n </tr>\n\n </table>\n </fieldset>\n</td>\n\n<td>\n <fieldset>\n <legend>" . $_lang['global.other'] . "</legend>\n <label><input type='checkbox' name='maintenance' value='1' checked='checked' /> " . $_lang['admin.other.cleanup.other.maintenance'] . "</label><br />\n <label><input type='checkbox' name='optimize' value='1' checked='checked' /> " . $_lang['admin.other.cleanup.other.optimize'] . "</label><br />\n <label><input type='checkbox' name='comments' value='1'" . _checkboxActivate(isset($_POST['comments'])) . " /> " . $_lang['admin.other.cleanup.other.comments'] . "</label><br />\n <label><input type='checkbox' name='posts' value='1'" . _checkboxActivate(isset($_POST['posts'])) . " /> " . $_lang['admin.other.cleanup.other.posts'] . "</label><br />\n <label><input type='checkbox' name='iplog' value='1'" . _checkboxActivate(isset($_POST['iplog'])) . " /> " . $_lang['admin.other.cleanup.other.iplog'] . "</label>\n </fieldset>\n</td>\n\n</tr>\n\n<tr class='valign-top'>\n\n<td align='center'><p>\n<input type='submit' value='" . $_lang['admin.other.cleanup.prev'] . "' /><br /><br />\n<input type='submit' name='do_cleanup' value='" . $_lang['admin.other.cleanup.do'] . "' onclick='return _sysConfirm();' />\n</p></td>\n\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n</fieldset>\n<br />\n\n<fieldset>\n<legend>" . $_lang['admin.other.cleanup.uninstall'] . "</legend>\n<form class='cform' action='index.php?p=other-cleanup' method='post'>\n<input type='hidden' name='action' value='2' />\n<p class='bborder'>" . $_lang['admin.other.cleanup.uninstall.p'] . "</p>\n" . _admin_smallNote(str_replace('*prefix*', _mysql_prefix, $_lang['admin.other.cleanup.uninstall.note']), true) . "\n<p><label><input type='checkbox' name='confirm' value='1' /> " . str_replace('*dbname*', _mysql_db, $_lang['admin.other.cleanup.uninstall.confirm']) . "</label></p>\n<p><strong>" . $_lang['admin.other.cleanup.uninstall.pass'] . ":</strong> <input type='password' class='inputsmall' name='pass' autocomplete='off' /></p>\n<input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n" . _xsrfProtect() . "</form>\n</fieldset>\n";
<?php /* --- kontrola jadra --- */ if (!defined('_core')) { exit; } /* --- zpracovani ulozeni --- */ if (isset($_POST['text'])) { DB::query('UPDATE `' . _mysql_prefix . '-settings` SET `val`=\'' . DB::esc(trim($_POST['text'])) . '\' WHERE `var`=\'.admin_index_custom\''); DB::query('UPDATE `' . _mysql_prefix . '-settings` SET `val`=\'' . ($_POST['pos'] == 0 ? '0' : '1') . '\' WHERE `var`=\'.admin_index_custom_pos\''); define('_redirect_to', 'index.php?p=index-edit&saved'); return; } /* --- vystup --- */ $output .= "\n\n<p class='bborder'>" . $_lang['admin.menu.index.edit.p'] . "</p>\n\n" . _admin_wysiwyg() . "\n" . (isset($_GET['saved']) ? _formMessage(1, $_lang['global.saved']) : '') . "\n\n<form action='' method='post'>\n\n<table class='formtable'>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.menu.index.edit.pos'] . "</strong></td>\n <td><select name='pos'>\n <option value='0'" . (SL::$settings['admin_index_custom_pos'] == 0 ? " selected='selected'" : '') . ">" . $_lang['admin.menu.index.edit.pos.0'] . "</option>\n <option value='1'" . (SL::$settings['admin_index_custom_pos'] == 1 ? " selected='selected'" : '') . ">" . $_lang['admin.menu.index.edit.pos.1'] . "</option>\n </select></td>\n</tr>\n\n<tr class='valign-top'>\n <td class='rpad'><strong>" . $_lang['admin.menu.index.edit.text'] . "</strong></td>\n <td class='minwidth'><textarea name='text' rows='25' cols='94' class='areabig wysiwyg_editor" . (!_wysiwyg || !_loginwysiwyg ? ' codemirror' : '') . "'>" . _htmlStr(SL::$settings['admin_index_custom']) . "</textarea></td>\n</tr>\n\n<tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.savechanges'] . "' /></td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n";
// vyber zpusobu hodnoceni clanku $ratemode_select = '<select name="ratemode">'; for ($x = 0; $x < 3; $x++) { if ($x == _ratemode) { $selected = " selected='selected'"; } else { $selected = ""; } $ratemode_select .= "<option value='" . $x . "'" . $selected . ">" . $_lang['admin.settings.mods.ratemode.' . $x] . "</option>"; } $ratemode_select .= '</select>'; /* --- vystup --- */ $output .= ' <p class="bborder">' . $_lang['admin.settings.p'] . '</p> ' . (isset($_GET['r']) ? _formMessage(1, $_lang['admin.settings.saved']) : '') . ' <form action="index.php?p=settings" method="post"> <div id="settingsnav"> <div> <input type="submit" value="' . $_lang['global.savechanges'] . '" /> <ul> <li><a href="#settings_main">' . $_lang['admin.settings.main'] . '</a></li> <li><a href="#settings_info">' . $_lang['admin.settings.info'] . '</a></li> <li><a href="#settings_admin">' . $_lang['admin.settings.admin'] . '</a></li> <li><a href="#settings_rewrite">' . $_lang['admin.settings.rewrite'] . '</a></li> <li><a href="#settings_users">' . $_lang['admin.settings.users'] . '</a></li> <li><a href="#settings_emails">' . $_lang['admin.settings.emails'] . '</a></li> <li><a href="#settings_articles">' . $_lang['admin.settings.articles'] . '</a></li> <li><a href="#settings_forum">' . $_lang['admin.settings.forum'] . '</a></li>
/* --- vystup --- */ if ($continue != true) { $output .= _formMessage(3, $_lang['global.badinput']); } else { // vyber rozcestniku if ($type != 7) { $intersection_select = "<select name='intersection' class='selectmedium'><option value='-1' class='special'>" . $_lang['admin.content.form.intersection.none'] . "</option>"; $isquery = DB::query("SELECT id,title FROM `" . _mysql_prefix . "-root` WHERE type=7 ORDER BY ord"); while ($item = DB::row($isquery)) { if ($item['id'] == $query['intersection']) { $selected = " selected='selected'"; } else { $selected = ""; } $intersection_select .= "<option value='" . $item['id'] . "'" . $selected . ">" . _cutStr($item['title'], 22) . "</option>"; } $intersection_select .= "</select>"; $intersection_row = "<td class='rpad'><strong>" . $_lang['admin.content.form.intersection'] . "</strong></td><td>" . $intersection_select . "</td>"; } else { $intersection_select = ""; $intersection_row = ""; } // wysiwyg editor $output .= _admin_wysiwyg(); // stylove oddeleni individualniho nastaveni if ($custom_settings != "") { $custom_settings = "<span class='customsettings'>" . $custom_settings . "</span>"; } // formular $output .= "<div class='hr'><hr /></div><br />" . (isset($_GET['saved']) ? _formMessage(1, $_lang['global.saved'] . " <small>(" . _formatTime(time()) . ")</small>") : '') . "\n\n" . (!$new && $type != 4 && DB::result(DB::query('SELECT COUNT(*) FROM `' . _mysql_prefix . '-root` WHERE `id`!=' . $query['id'] . ' AND `title_seo`=\'' . $query['title_seo'] . '\''), 0) != 0 ? _formMessage(2, $_lang['admin.content.form.title_seo.collision']) : '') . "\n" . (!$new && $id == _index_page_id ? _admin_smallNote($_lang['admin.content.form.indexnote']) : '') . "\n<form" . ($type != 4 ? " class='cform'" : '') . " action='index.php?p=content-edit" . $type_array[$type] . (!$new ? "&id=" . $id : '') . ($type == 9 && $new ? '&idt=' . $type_idt : '') . "' method='post'>\n\n\n" . $editscript_extra . "\n" . (!$new && $type == 5 ? "<p><a href='index.php?p=content-manageimgs&g=" . $id . "'><img src='images/icons/edit.png' alt='edit' class='icon' /><big>" . $_lang['admin.content.form.manageimgs'] . " ></big></a></p>" : '') . "\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' value='" . $query['title'] . "' class='inputmedium' maxlength='96' /></td>\n\n" . ($type != 4 ? "<td class='rpad'><strong>" . $_lang['admin.content.form.title_seo'] . "</strong></td>\n<td><input type='text' name='title_seo' value='" . $query['title_seo'] . "' maxlength='255' class='inputmedium' /></td>" : $intersection_row) . "\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n<td><input type='text' name='ord' value='" . $query['ord'] . "' class='inputmedium' /></td>\n\n" . ($type != 4 ? $intersection_row : '') . "\n</tr>\n\n" . ($type != 4 ? "\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.description'] . "</strong></td>\n<td><input type='text' name='description' value='" . $query['description'] . "' maxlength='128' class='inputmedium' /></td>\n\n<td class='rpad'><strong>" . $_lang['admin.content.form.keywords'] . "</strong></td>\n<td><input type='text' name='keywords' value='" . $query['keywords'] . "' maxlength='128' class='inputmedium' /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.intersectionperex'] . "</strong></td>\n<td colspan='3'><textarea name='intersectionperex' rows='2' cols='94' class='arealine codemirror'>" . _htmlStr($query['intersectionperex']) . "</textarea></td>\n</tr>\n\n" . ($editscript_enable_content ? "\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.' . ($type != 6 ? 'content' : 'url')] . "</strong>" . (!$new ? " <a href='" . _indexroot . _linkRoot($query['id'], $query['title_seo']) . "' target='_blank'><img src='images/icons/loupe.png' alt='prev' /></a>" : '') . "</td>\n<td colspan='3'>\n" . ($type != 6 ? "<textarea name='content' rows='25' cols='94' class='areabig wysiwyg_editor" . (!_wysiwyg || !_loginwysiwyg ? ' codemirror' : '') . "'>" . _htmlStr($query['content']) . "</textarea>" : "<input type='text' name='content' value='" . _htmlStr($query['content']) . "' class='inputbig' />") . "\n</td>\n</tr>\n" : '') . "\n\n" . $editscript_extra_row . "\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n<td colspan='3'>\n<label><input type='checkbox' name='visible' value='1'" . _checkboxActivate($query['visible']) . " /> " . $_lang['admin.content.form.visible'] . "</label> \n" . ($type != 6 ? "<label><input type='checkbox' name='autotitle' value='1'" . _checkboxActivate($query['autotitle']) . " /> " . $_lang['admin.content.form.autotitle'] . "</label> " : '') . "\n" . $custom_settings . "\n</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.access'] . "</strong></td>\n<td>\n<label><input type='checkbox' name='public' value='1'" . _checkboxActivate($query['public']) . " /> " . $_lang['admin.content.form.public'] . "</label> \n<input type='text' name='level' value='" . $query['level'] . "' class='inputsmaller' maxlength='5' /> " . $_lang['admin.content.form.level'] . "\n</td>\n\n" . ($type != 4 ? "<td class='rpad'><strong>" . $_lang['admin.content.form.events'] . "</strong></td>\n<td><input type='text' name='events' value='" . (isset($query['events']) ? _htmlStr($query['events']) : '') . "' class='inputmedium' maxlength='255' /></td>" : '') . "\n</tr>\n\n" : '') . "\n\n\n<tr><td></td><td colspan='3'><br />\n<input type='submit' value='" . ($new ? $_lang['global.create'] : $_lang['global.savechanges']) . "' />" . (!$new ? " <small>" . $_lang['admin.content.form.thisid'] . " " . $query['id'] . "</small>" : '') . "\n</td></tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n"; }
if ($item['home2'] == $source) { $homeid = 2; $homecheck = array(1, 3); } if ($item['home3'] == $source) { $homeid = 3; $homecheck = array(1, 2); } DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home" . $homeid . "=" . $target . " WHERE id=" . $item['id']); foreach ($homecheck as $hc) { if ($item['home' . $hc] == $target) { if ($hc != 1) { DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home" . $hc . "=-1 WHERE id=" . $item['id']); } else { DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home" . $homeid . "=-1 WHERE id=" . $item['id']); } } } $counter++; } } else { DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home1=" . $target . ",home2=-1,home3=-1 WHERE home1=" . $source . " OR home2=" . $source . " OR home3=" . $source); $counter = DB::affectedRows(); } $message = _formMessage(1, str_replace("*moved*", $counter, $_lang['admin.content.movearts.done'])); } else { $message = _formMessage(2, _eventList($error_log, 'errors')); } } /* --- vystup --- */ $output .= "\n<p class='bborder'>" . $_lang['admin.content.movearts.p'] . "</p>\n" . $message . "\n<form class='cform' action='index.php?p=content-movearts' method='post'>\n" . $_lang['admin.content.movearts.text1'] . " " . _admin_rootSelect("source", 2, -1, false) . " " . $_lang['admin.content.movearts.text2'] . " " . _admin_rootSelect("target", 2, -1, false) . " <input type='submit' value='" . $_lang['global.do'] . "' />\n<br /><br />\n<label><input type='checkbox' name='fullmove' value='1' /> " . $_lang['admin.content.movearts.fullmove'] . "</label>\n" . _xsrfProtect() . "</form>\n";
if (!defined('_indexOutput_pid')) { define('_indexOutput_pid', -1); } if (!defined('_indexOutput_ptype')) { define('_indexOutput_ptype', 'none'); } if (!defined('_indexOutput_url')) { define('_indexOutput_url', _indexroot); } if (!defined('_path')) { define('_path', $base_path); } /* -- nenalezeno nebo pozadovani prihlaseni pro neverejny obsah -- */ if (!defined('_indexOutput_content')) { if (!$notpublic_form) { $content_404 = (_template_autoheadings ? "<h1>" . $_lang['global.error404.title'] . "</h1>" : '') . _formMessage(2, $_lang['global.error404']); _extend('call', 'index.notfound', _extendArgs($content_404)); define('_indexOutput_content', $content_404); define('_indexOutput_title', $_lang['global.error404.title']); $found = false; } else { $form = _uniForm("notpublic", array($notpublic_form_wholesite)); _extend('call', 'index.notpublic', _extendArgs($form[0])); define('_indexOutput_content', $form[0]); define('_indexOutput_title', $form[1]); } } /* -- vlozeni sablony motivu nebo presmerovani -- */ if (!defined('_redirect_to')) { if (!$found) { header('HTTP/1.1 404 Not Found');
$author_name = $author_name['username']; } $avatar = "<img src='" . $avatar . "' alt='" . $author_name . "' class='topic-avatar' />"; } } } else { $author = "<span class='post-author-guest' title='" . _showIP($query['ip']) . "'>" . $query['guest'] . "</span>"; } // vystup $module .= "\n<h2>" . $_lang['posts.topic'] . ": " . $query['subject'] . _linkRSS($id, 6) . "</h2>\n<p><small>" . $_lang['global.postauthor'] . " " . $author . " " . _formatTime($query['time']) . "</small>" . $editlink . "</p>\n<p>" . $avatar . _parsePost($query['text']) . "</p>\n<div class='cleaner'></div>\n"; // odpovedi require_once _indexroot . 'require/functions-posts.php'; $module .= _postsOutput(6, $homedata['id'], array(_commentsperpage, _publicAccess($homedata['var3']), $homedata['var2'], $id), $query['locked'] == 1); } else { $form = _uniForm("notpublic"); $module .= $form[0]; } } else { define('_indexOutput_url', "index.php?m=topic"); if (_template_autoheadings) { $module .= "<h1>" . $_lang['global.error404.title'] . "</h1>\n"; } $module .= _formMessage(2, $_lang['posts.topic.notfound']); $found = false; } /* --- titulek --- */ if ($forumtitle != "" and $topictitle != "") { define('_indexOutput_title', $forumtitle . " " . _titleseparator . " " . $topictitle); } else { define('_indexOutput_title', $_lang['mod.topic']); }
} // zprava if ($done != 0) { $output .= _formMessage(1, str_replace(array("*done*", "*total*"), array($done, $item_total), $_lang['admin.other.massemail.send'])); } else { $output .= _formMessage(2, $_lang['admin.other.massemail.noreceiversfound']); } } else { // vypis emailu $emails_total = DB::size($query); if ($emails_total != 0) { $emails = ''; $email_counter = 0; while ($item = DB::row($query)) { ++$email_counter; $emails .= $item['email']; if ($email_counter !== $emails_total) { $emails .= ','; } } $output .= _formMessage(1, "<textarea class='areasmallwide' rows='9' cols='33' name='list'>" . $emails . "</textarea>"); } else { $output .= _formMessage(2, $_lang['admin.other.massemail.noreceiversfound']); } } } else { $output .= _formMessage(2, _eventList($errors, 'errors')); } } /* --- vystup --- */ $output .= "\n<br />\n<form class='cform' action='index.php?p=other-massemail' method='post'>\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.sender'] . "</strong></td>\n<td><input type='text' name='sender'" . _restorePostValue("sender", _sysmail) . " class='inputbig' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['posts.subject'] . "</strong></td>\n<td><input type='text' name='subject' class='inputbig'" . _restorePostValue("subject") . " /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.receivers'] . "</strong></td>\n<td>" . _admin_authorSelect("receivers", -1, "1", "selectbig", null, true, 4) . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.ctype'] . "</strong></td>\n<td>\n <select name='ctype' class='selectbig'>\n <option value='1'>" . $_lang['admin.other.massemail.ctype.1'] . "</option>\n <option value='2'" . ((isset($_POST['ctype']) and $_POST['ctype'] == 2) ? " selected='selected'" : '') . ">" . $_lang['admin.other.massemail.ctype.2'] . "</option>\n </select>\n</td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.text'] . "</strong></td>\n<td><textarea name='text' class='areabig' rows='9' cols='94'>" . _restorePostValue("text", null, true) . "</textarea></td>\n</tr>\n\n<tr><td></td>\n<td><input type='submit' value='" . $_lang['global.send'] . "' /> <label><input type='checkbox' name='maillist' value='1'" . _checkboxActivate(_checkboxLoad("maillist")) . " /> " . $_lang['admin.other.massemail.maillist'] . "</label></td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n";
return; } break; // smazani // smazani case 2: if (unlink($fname)) { $msg = _formMessage(1, $_lang['global.done']); } else { $msg = _formMessage(2, $_lang['global.fileerr']); } break; // nezvoleno // nezvoleno default: $msg = _formMessage(2, $_lang['global.noaction']); break; } break; } } // formulare $output .= "\n<p class='bborder'>" . $_lang['admin.other.backup.restore.info'] . "</p>\n<p><a href='index.php?p=other-backup'><img src='images/icons/delete2.png' alt='cancel' class='icon' />" . $_lang['global.cancel2'] . "</a></p>\n\n" . $msg . "\n<form method='post' enctype='multipart/form-data' action='index.php?p=other-backup'>\n<fieldset>\n<legend>1) " . $_lang['admin.other.backup.restore.upload'] . "</legend>\n\n<input type='hidden' name='action' value='1' />\n<input type='hidden' name='do_restore' value='1' />\n\n<p>\n <input type='file' name='backup' />\n <input type='submit' value='" . $_lang['admin.other.backup.restore.upload.submit'] . "' /> " . (($uplimit = _getUploadLimit(true)) !== null ? "<small>(" . $_lang['global.uploadlimit'] . ": <em>" . $uplimit . "MB</em>)</small>" : '') . "\n</p>\n\n" . _admin_smallNote(str_replace('*dir*', 'data/backup/', $_lang['admin.other.backup.restore.upload.hint']), true) . "\n\n</fieldset>\n" . _xsrfProtect() . "</form>\n\n<br />\n\n<form method='post' action='index.php?p=other-backup'>\n<fieldset>\n<legend>2) " . $_lang['admin.other.backup.restore.use'] . "</legend>\n\n<input type='hidden' name='action' value='2' />\n<input type='hidden' name='do_restore' value='1' />\n"; // nacteni zaloh $backups = array(); $handle = opendir($backup_dir); while (false !== ($item = readdir($handle))) { if ($item === '.' || $item === '..' || !is_file($backup_dir . $item)) { continue; } $backups[] = $item;
$groupselect_items = DB::query("SELECT id,title FROM `" . _mysql_prefix . "-groups` WHERE `blocked`=0 AND reglist=1 ORDER BY title"); if (DB::size($groupselect_items) != 0) { $groupselect_content = ""; while ($groupselect_item = DB::row($groupselect_items)) { $groupselect_content .= "<option value='" . $groupselect_item['id'] . "'" . ($groupselect_item['id'] == _defaultgroup ? " selected='selected'" : '') . ">" . $groupselect_item['title'] . "</option>\n"; } $groupselect = array($_lang['global.group'], "<select name='group'>" . $groupselect_content . "</select>"); } } // priprava podminek if (SL::$settings['rules'] != "") { $rules = array("<div class='hr'><hr /></div><h2>" . $_lang['mod.reg.rules'] . "</h2>" . SL::$settings['rules'] . "<br /><label><input type='checkbox' name='agreement' value='1'" . _checkboxActivate(isset($_POST['agreement'])) . " /> " . $_lang['mod.reg.rules.agreement'] . "</label><div class='hr'><hr /></div><br />", "", true); } else { $rules = array(null); } // formular $captcha = _captchaInit(); $module .= "<p class='bborder'>" . $_lang['mod.reg.p'] . (_registration_confirm ? ' ' . $_lang['mod.reg.confirm.extratext'] : '') . "</p>"; $module .= $message . _formOutput("regform", "index.php?m=reg", array(array($_lang['login.username'], "<input type='text' name='username' class='inputsmall' maxlength='24'" . _restorePostValue('username') . " />"), array($_lang['login.password'], "<input type='password' name='password' class='inputsmall' />"), array($_lang['login.password'] . " (" . $_lang['global.check'] . ")", "<input type='password' name='password2' class='inputsmall' />"), array($_lang['global.email'], "<input type='text' name='email' class='inputsmall' " . _restorePostValue('email', '@') . " />"), array($_lang['mod.settings.massemail'], "<input type='checkbox' name='massemail' value='1' checked='checked' /> " . $_lang['mod.settings.massemail.label']), $groupselect, $captcha, $rules), array("username", "email", "password", "password2"), $_lang['mod.reg.submit' . (_registration_confirm ? '2' : '')]); break; // uspesna registrace // uspesna registrace case 1: $module .= "<p>" . str_replace("*username*", $username, $_lang['mod.reg.done']) . "</p>"; break; // odeslano potvrzeni // odeslano potvrzeni case 2: $module .= _formMessage(1, str_replace('*email*', $email, $_lang['mod.reg.confirm.sent'])); break; }
if (mb_substr($dir, 0, mb_strlen($defdir)) != $defdir) { $dir = $defdir; } } if (!@file_exists($dir) or !@is_dir($dir)) { $dir = $defdir; } } else { $dir = $defdir; } // vytvoreni vychoziho adresare if (!(@file_exists($defdir) and @is_dir($defdir))) { $test = @mkdir($defdir, 0777, true); if (!$test) { $continue = false; print _formMessage(3, $_lang['admin.fman.msg.defdircreationfailure']); } else { @chmod($defdir, 0777); } } $highlight = false; // vypis adresaru $handle = @opendir($dir); $items = array(); while (false !== ($item = @readdir($handle))) { if (@is_dir($dir . $item) and $item != "." and $item != "..") { $items[] = $item; } } natsort($items); $items = array_merge(array(".."), $items);
$output .= _formMessage(2, $_lang['admin.moduleunavailable']); } } else { $output .= "<h1>" . $_lang['global.error'] . "</h1>" . _formMessage(3, $_lang['global.accessdenied']); } } else { $output .= "<h1>" . $_lang['global.error404.title'] . "</h1>" . _formMessage(2, $_lang['global.error404']); } } } else { // prihlasovaci formular if (empty($_POST)) { $login = _uniForm("login"); $output .= $login[0]; } else { $output .= "<h1>" . $_lang['admin.postrestore.title'] . "</h1>\n<p class='bborder'>" . $_lang['admin.postrestore.p'] . "</p>\n" . _formMessage(2, $_lang['admin.postrestore.msg']) . "\n<form action='' method='post'>\n<input type='submit' name='' value='" . $_lang['admin.postrestore.button'] . "' />\n" . _getPostdata(false, null, array('_security_token')) . "\n" . _xsrfProtect() . "</form>\n"; } } /* --- paticka, vypis vystupu --- */ // paticka $output .= ' <div class="cleaner"></div> </div> <hr class="hidden" /> <div id="copyright"> <div>' . ((_loginindicator and _loginright_administration) ? '<a href="' . _url . '/" target="_blank">' . $_lang['admin.link.site'] . '</a> • <a href="./" target="_blank">' . $_lang['admin.link.newwin'] . '</a>' : '<a href="../">< ' . $_lang['admin.link.home'] . '</a>') . '</div> '; // vypis if (!($redir = defined('_redirect_to'))) { echo $output;
} } // formular $output .= $message . "\n<form action='' method='post'>\n<table class='formtable'>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.old'] . "</strong></td>\n <td><input type='text' name='old' value='" . $q['old'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.new'] . "</strong></td>\n <td><input type='text' name='new' value='" . $q['new'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.act'] . "</strong></td>\n <td><input type='checkbox' name='act' value='1'" . _checkboxActivate($q['active']) . " /></td>\n</tr>\n\n<tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.' . ($new ? 'create' : 'save')] . "' /></td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>"; } while (false); } elseif (isset($_GET['del']) && _xsrfCheck(true)) { // smazani DB::query('DELETE FROM `' . _mysql_prefix . '-redir` WHERE id=' . intval($_GET['del'])); $output .= _formMessage(1, $_lang['global.done']); } elseif (isset($_GET['wipe'])) { // smazani vsech if (isset($_POST['wipe_confirm'])) { DB::query('TRUNCATE TABLE `' . _mysql_prefix . '-redir`'); $output .= _formMessage(1, $_lang['global.done']); } else { $output .= "\n<form action='' method='post' class='formbox'>\n" . _formMessage(2, $_lang['admin.content.redir.act.wipe.confirm']) . "\n<input type='submit' name='wipe_confirm' value='" . $_lang['admin.content.redir.act.wipe.submit'] . "' />\n" . _xsrfProtect() . "</form>\n"; } } // tabulka $output .= "<table class='list'>\n<thead><tr><td>" . $_lang['admin.content.redir.old'] . "</td><td>" . $_lang['admin.content.redir.new'] . "</td><td>" . $_lang['admin.content.redir.act'] . "</td><td>" . $_lang['global.action'] . "</td></tr></thead>\n<tbody>\n"; // vypis $counter = 0; $q = DB::query('SELECT * FROM `' . _mysql_prefix . '-redir`'); while ($r = DB::row($q)) { $output .= "<tr><td><code>" . $r['old'] . "</code></td><td><code>" . $r['new'] . "</code></td><td class='text-" . ($r['active'] ? 'green' : 'red') . "'>" . $_lang['global.' . ($r['active'] ? 'yes' : 'no')] . "</td><td><a href='index.php?p=content-redir&edit=" . $r['id'] . "'><img src='images/icons/edit.png' alt='edit' class='icon' /></a> <a href='" . _xsrfLink("index.php?p=content-redir&del=" . $r['id']) . "' onclick='return _sysConfirm();'><img src='images/icons/delete.png' alt='del' class='icon' /></a></td></tr>"; ++$counter; } // zadna data? if ($counter === 0) { $output .= "<tr><td colspan='4'>" . $_lang['global.nokit'] . "</td></tr>\n"; }
/** * Vytvoreni vypisu prispevku * * Type Popis Vars * 1 komentare sekce zamknute komentare 1/0 * 2 komentare článku zamknute komentare 1/0 * 3 prispevky v knize [polozek na stranu, povoleno prispivani 1/0, zamknuto 1/0] * 5 temata ve foru [polozek na stranu, povoleno prispivani 1/0, zamknuto 1/0] * 6 odpovedi na tema [polozek na stranu, povoleno prispivani 1/0, zamknuto 1/0, id tematu] * 7 vypis vzkazu [zamknuto 1/0] * 8 vypis pluginpostu [polozek na stranu, povoleno prispivani 1/0, zamknuto 1/0, plugin flag, radit sestupne 1/0, [titulek / null]] * * @param int $type typ prispevku * @param int $home id polozky asociovane s komentari * @param mixed $vars promenna nastaveni podle typu * @param bool $force_locked vynutit zamknuty stav * @param string|null $url vlastni url nebo null (= automaticky) * @return string */ function _postsOutput($type, $home, $vars, $force_locked = false, $url = null) { global $_lang; /* --- typ --- */ // vychozi hodnoty $desc = "DESC "; $ordercol = 'id'; $countcond = "type=" . $type . " AND xhome=-1 AND home=" . $home; $locked_textid = ''; $autolast = false; $postlink = false; $pluginflag = null; // url if (!isset($url)) { $url = _indexOutput_url; } $url_html = _htmlStr($url); switch ($type) { // komentare v sekci case 1: $posttype = 1; $xhome = -1; $subclass = "comments"; $title = $_lang['posts.comments']; $addlink = $_lang['posts.addcomment']; $nopostsmessage = $_lang['posts.nocomments']; $postsperpage = _commentsperpage; $canpost = _loginright_postcomments; $locked = _boolean($vars); $replynote = true; break; // komentare u clanku // komentare u clanku case 2: $posttype = 2; $xhome = -1; $subclass = "comments"; $title = $_lang['posts.comments']; $addlink = $_lang['posts.addcomment']; $nopostsmessage = $_lang['posts.nocomments']; $postsperpage = _commentsperpage; $canpost = _loginright_postcomments; $locked = _boolean($vars); $replynote = true; break; // prispevky v knize // prispevky v knize case 3: $posttype = 3; $xhome = -1; $subclass = "book"; $title = null; $addlink = $_lang['posts.addpost']; $nopostsmessage = $_lang['posts.noposts']; $postsperpage = $vars[0]; $canpost = $vars[1]; $locked = _boolean($vars[2]); $replynote = true; break; // temata ve foru // temata ve foru case 5: $posttype = 5; $xhome = -1; $subclass = "book"; $title = null; $addlink = $_lang['posts.addtopic']; $nopostsmessage = $_lang['posts.notopics']; $postsperpage = $vars[0]; $canpost = $vars[1]; $locked = _boolean($vars[2]); $replynote = true; $ordercol = 'bumptime'; $locked_textid = '3'; break; // odpovedi v tematu // odpovedi v tematu case 6: $posttype = 5; $xhome = $vars[3]; $subclass = "book"; $title = null; $addlink = $_lang['posts.addanswer']; $nopostsmessage = $_lang['posts.noanswers']; $postsperpage = $vars[0]; $canpost = $vars[1]; $locked = _boolean($vars[2]); $replynote = false; $desc = ""; $countcond = "type=5 AND xhome=" . $xhome . " AND home=" . $home; $autolast = isset($_GET['autolast']); $postlink = true; break; // odpovedi v konverzaci // odpovedi v konverzaci case 7: $posttype = 6; $xhome = null; $subclass = "book"; $title = null; $addlink = $_lang['posts.addanswer']; $nopostsmessage = $_lang['posts.noanswers']; $postsperpage = _messagesperpage; $canpost = true; $locked = _boolean($vars[0]); $replynote = false; $desc = ""; $countcond = "type=6 AND home=" . $home; $locked_textid = '4'; $autolast = true; break; // plugin posty // plugin posty case 8: $posttype = 7; $xhome = -1; $subclass = "book"; $title = isset($vars[5]) ? $vars[5] : null; $addlink = $_lang['posts.addpost']; $nopostsmessage = $_lang['posts.noposts']; $postsperpage = $vars[0]; $canpost = $vars[1]; $locked = _boolean($vars[2]); $replynote = true; $pluginflag = $vars[3]; $countcond .= " AND flag=" . $pluginflag; if (!$vars[4]) { $desc = ''; } break; } // vynutit uzamceni parametrem if ($force_locked) { $locked = true; } // extend $callback = null; _extend('call', 'posts.output', array('type' => $type, 'home' => $home, 'xhome' => $xhome, 'vars' => $vars, 'post_type' => $posttype, 'plugin_flag' => $pluginflag, 'canpost' => &$canpost, 'locked' => &$locked, 'autolast' => &$autolast, 'post_link' => &$postlink, 'posts_per_page' => &$postsperpage, 'sql_desc' => &$desc, 'sql_ordercol' => &$ordercol, 'sql_countcond' => &$countcond, 'callback' => &$callback)); /* --- vystup --- */ $output = "\n <div class='anchor'><a name='posts'></a></div>\n <div class='posts-" . $subclass . "'>\n "; if ($title != null) { $output .= "<h2>" . $title . _linkRss($home, $posttype) . "</h2>\n"; } $output .= "<div class='posts-form' id='post-form'>\n"; /* --- priprava strankovani --- */ $paging = _resultPaging($url_html, $postsperpage, "posts", $countcond, "#posts", null, $autolast); /* --- zprava --- */ if (isset($_GET['r'])) { switch ($_GET['r']) { case 0: $output .= _formMessage(2, $_lang['posts.failed']); break; case 1: $output .= _formMessage(1, $_lang[$type != 5 ? 'posts.added' : 'posts.topicadded']); break; case 2: $output .= _formMessage(2, str_replace("*postsendexpire*", _postsendexpire, $_lang['misc.requestlimit'])); break; case 3: $output .= _formMessage(2, $_lang['posts.guestnamedenied']); break; case 4: $output .= _formMessage(2, $_lang['xsrf.msg']); break; } } /* --- formular nebo odkaz na pridani --- */ if (!$locked and (isset($_GET['addpost']) or isset($_GET['replyto']))) { // nacteni cisla prispevku pro odpoved if ($xhome == -1) { if (isset($_GET['replyto']) and $_GET['replyto'] != -1) { $reply = intval($_GET['replyto']); if ($replynote) { $output .= "<p>" . $_lang['posts.replynote'] . " (<a href='" . $url_html . "#posts'>" . $_lang['global.cancel'] . "</a>).</p>"; } } else { $reply = -1; } } else { $reply = $xhome; } // formular nebo prihlaseni if ($canpost) { $form = _uniForm("postform", array('posttype' => $type, 'pluginflag' => $pluginflag, 'posttarget' => $home, 'xhome' => $reply, 'url' => $url)); $output .= $form[0]; } else { $loginform = _uniForm("login", array(), true); $output .= "<p>" . $_lang['posts.loginrequired'] . "</p>" . $loginform[0]; } } else { if (!$locked) { $output .= "<a href='" . _addGetToLink($url_html, "addpost&page=" . $paging[2]) . "#posts'><strong>" . $addlink . " ></strong></a>"; } else { $output .= "<img src='" . _templateImage("icons/lock.png") . "' alt='stop' class='icon' /> <strong>" . $_lang['posts.locked' . $locked_textid] . "</strong>"; } } $output .= "</div>\n<div class='hr'><hr /></div>\n\n"; /* --- vypis --- */ if (_pagingmode == 1 or _pagingmode == 2) { $output .= $paging[0]; } // zaklad query if ($type == 5) { $sql = "SELECT id,author,guest,subject,time,ip,locked,bumptime,sticky,(SELECT COUNT(id) FROM `" . _mysql_prefix . "-posts` WHERE type=5 AND xhome=post.id) AS answer_count"; } else { $sql = "SELECT id,xhome,subject,text,author,guest,time,ip" . _extend('buffer', 'posts.columns'); } $sql .= " FROM `" . _mysql_prefix . "-posts` AS post"; // podminky a razeni $sql .= " WHERE post.type=" . $posttype . (isset($xhome) ? " AND post.xhome=" . $xhome : '') . " AND post.home=" . $home . (isset($pluginflag) ? " AND post.flag=" . $pluginflag : ''); $sql .= " ORDER BY " . ($type == 5 ? 'sticky DESC,' : '') . $ordercol . ' ' . $desc . $paging[1]; // dotaz $query = DB::query($sql); unset($sql); // nacteni prispevku do pole $items = array(); if ($type == 5) { $item_ids_with_answers = array(); } while ($item = DB::row($query)) { $items[$item['id']] = $item; if ($type == 5 && $item['answer_count'] != 0) { $item_ids_with_answers[] = $item['id']; } } // uvolneni dotazu DB::free($query); if ($type == 5) { // posledni prispevek (pro vypis temat) if (!empty($item_ids_with_answers)) { $topicextra = DB::query("SELECT * FROM (SELECT id,xhome,author,guest FROM `" . _mysql_prefix . "-posts` AS reply WHERE type=5 AND home=" . $home . " AND xhome IN(" . implode(',', $item_ids_with_answers) . ") ORDER BY reply.id DESC) AS replies GROUP BY xhome"); while ($item = DB::row($topicextra)) { if (!isset($items[$item['xhome']])) { if (_dev) { trigger_error('Nenalezen domovsky prispevek pro odpoved #' . $item['id'], E_USER_WARNING); } continue; } $items[$item['xhome']]['_lastpost'] = $item; } } } elseif (!empty($items)) { // odpovedi (pro komentare) $answers = DB::query("SELECT id,xhome,text,author,guest,time,ip FROM `" . _mysql_prefix . "-posts` WHERE type=" . $posttype . " AND home=" . $home . (isset($pluginflag) ? " AND flag=" . $pluginflag : '') . " AND xhome IN(" . implode(',', array_keys($items)) . ") ORDER BY id"); while ($item = DB::row($answers)) { if (!isset($items[$item['xhome']])) { if (_dev) { trigger_error('Nenalezen domovsky prispevek pro odpoved #' . $item['id'], E_USER_WARNING); } continue; } if (!isset($items[$item['xhome']]['_answers'])) { $items[$item['xhome']]['_answers'] = array(); } $items[$item['xhome']]['_answers'][] = $item; } DB::free($answers); } // vypis if (!empty($items)) { // vypis prispevku nebo temat if ($type != 5) { $hl = true; foreach ($items as $item) { // nacteni autora if ($item['guest'] == "") { $author = _linkUser($item['author'], "post-author"); } else { $author = "<span class='post-author-guest' title='" . _showIP($item['ip']) . "'>" . $item['guest'] . "</span>"; } // odkazy pro spravu $post_access = _postAccess($item); if ($type < 6 or $type > 7 or $post_access) { $actlinks = " <span class='post-actions'>"; if (($type < 6 or $type > 7) && !$locked) { $actlinks .= "<a href='" . _addGetToLink($url_html, "replyto=" . $item['id']) . "#posts'>" . $_lang['posts.reply'] . "</a>"; } if ($post_access) { $actlinks .= (($type < 6 or $type > 7) ? " " : '') . "<a href='index.php?m=editpost&id=" . $item['id'] . "'>" . $_lang['global.edit'] . "</a>"; } $actlinks .= "</span>"; } else { $actlinks = ""; } // avatar if (_show_avatars) { $avatar = _getAvatar($item['author']); } else { $avatar = null; } // prispevek $hl = !$hl; _extend('call', 'posts.post', array('item' => &$item, 'avatar' => &$avatar, 'type' => $type)); if (null === $callback) { $output .= "<div id='post-" . $item['id'] . "' class='post" . ($hl ? ' post-hl' : '') . (isset($avatar) ? ' post-withavatar' : '') . "'><div class='post-head'>" . $author; if ($type < 6 || $type > 7) { $output .= ", <span class='post-subject'>" . $item['subject'] . "</span> "; } $output .= "<span class='post-info'>(" . _formatTime($item['time']) . ")</span>" . $actlinks . ($postlink ? "<a class='post-postlink' href='" . _addGetToLink($url_html, 'page=' . $paging[2]) . "#post-" . $item['id'] . "'><span>#" . str_pad($item['id'], 6, '0', STR_PAD_LEFT) . "</span></a>" : '') . "</div><div class='post-body" . (isset($avatar) ? ' post-body-withavatar' : '') . "'>" . $avatar . '<div class="post-body-text">' . _parsePost($item['text']) . "</div></div></div>\n"; } else { $output .= call_user_func($callback, array('item' => $item, 'avatar' => $avatar, 'author' => $author, 'actlinks' => $actlinks, 'page' => $paging[2], 'postlink' => $postlink)); } // odpovedi if (($type < 6 || $type > 7) && isset($item['_answers'])) { foreach ($item['_answers'] as $answer) { // jmeno autora if ($answer['guest'] == "") { $author = _linkUser($answer['author'], "post-author"); } else { $author = "<span class='post-author-guest' title='" . _showIP($answer['ip']) . "'>" . $answer['guest'] . "</span>"; } // odkazy pro spravu if (_postAccess($answer)) { $actlinks = " <span class='post-actions'><a href='index.php?m=editpost&id=" . $answer['id'] . "'>" . $_lang['global.edit'] . "</a></span>"; } else { $actlinks = ""; } // avatar if (_show_avatars) { $avatar = _getAvatar($answer['author']); } else { $avatar = null; } _extend('call', 'posts.post', array('item' => &$answer, 'avatar' => &$avatar, 'type' => $type)); if (null === $callback) { $output .= "<div id='post-" . $answer['id'] . "' class='post-answer" . (isset($avatar) ? ' post-answer-withavatar' : '') . "'><div class='post-head'>" . $author . " " . $_lang['posts.replied'] . " <span class='post-info'>(" . _formatTime($answer['time']) . ")</span>" . $actlinks . "</div><div class='post-body" . (isset($avatar) ? ' post-body-withavatar' : '') . "'>" . $avatar . '<div class="post-body-text">' . _parsePost($answer['text']) . "</div></div></div>\n"; } else { $output .= call_user_func($callback, array('item' => $answer, 'avatar' => $avatar, 'author' => $author, 'actlinks' => $actlinks, 'page' => $paging[2], 'postlink' => $postlink)); } } } } if (_pagingmode == 2 or _pagingmode == 3) { $output .= "<br />" . $paging[0]; } } else { // tabulka s tematy $hl = false; $output .= "\n<table class='topic-table'>\n<thead><tr><td colspan='2'><strong>" . $_lang['posts.topic'] . "</strong></td><td><strong>" . $_lang['global.answersnum'] . "</strong></td><td><strong>" . $_lang['global.lastanswer'] . "</strong></td></tr></thead>\n<tbody>\n"; foreach ($items as $item) { // nacteni autora if ($item['guest'] == "") { $author = _linkUser($item['author'], "post-author", false, false, 16); } else { $author = "<span class='post-author-guest' title='" . _showIP($item['ip']) . "'>" . _cutStr($item['guest'], 16) . "</span>"; } // nacteni jmena autora posledniho prispevku if (isset($item['_lastpost'])) { if ($item['_lastpost']['author'] != -1) { $lastpost = _linkUser($item['_lastpost']['author'], "post-author", false, false, 16); } else { $lastpost = "<span class='post-author-guest'>" . _cutStr($item['_lastpost']['guest'], 16) . "</span>"; } } else { $lastpost = "-"; } // vyber ikony if ($item['sticky']) { $icon = 'sticky'; } elseif ($item['locked']) { $icon = 'locked'; } elseif ($item['answer_count'] == 0) { $icon = 'new'; } elseif ($item['answer_count'] < _topic_hot_ratio) { $icon = 'normal'; } else { $icon = 'hot'; } // mini strankovani $tpages = ''; $tpages_num = ceil($item['answer_count'] / _commentsperpage); if ($tpages_num == 0) { $tpages_num = 1; } if ($tpages_num > 1) { $tpages .= '<span class=\'topic-pages\'>'; for ($i = 1; $i <= 3 && $i <= $tpages_num; ++$i) { $tpages .= "<a href='index.php?m=topic&id=" . $item['id'] . "&page=" . $i . "#posts'>" . $i . '</a>'; } if ($tpages_num > 3) { $tpages .= "<a href='index.php?m=topic&id=" . $item['id'] . "&page=" . $tpages_num . "'>" . $tpages_num . ' →</a>'; } $tpages .= '</span>'; } // vystup radku $output .= "<tr class='topic-" . $icon . ($hl ? ' topic-hl' : '') . "'><td class='topic-icon-cell'><a href='index.php?m=topic&id=" . $item['id'] . "'><img src='" . _templateImage('icons/topic-' . $icon . '.png') . "' alt='" . $_lang['posts.topic.' . $icon] . "' /></a></td><td class='topic-main-cell'><a href='index.php?m=topic&id=" . $item['id'] . "'>" . $item['subject'] . "</a>" . $tpages . "<br />" . $author . " <small class='post-info'>(" . _formatTime($item['time']) . ")</small></td><td>" . $item['answer_count'] . "</td><td>" . $lastpost . ($item['answer_count'] != 0 ? "<br /><small class='post-info'>(" . _formatTime($item['bumptime']) . ")</small>" : '') . "</td></tr>\n"; $hl = !$hl; } $output .= "</tbody></table><br />\n\n"; if (_pagingmode == 2 or _pagingmode == 3) { $output .= $paging[0] . "<br />"; } // posledni odpovedi $output .= "\n<div class='hr'><hr /></div><br />\n<h3>" . $_lang['posts.forum.lastact'] . "</h3>\n"; $query = DB::query("SELECT topic.id AS topic_id,topic.subject AS topic_subject,answer.author,answer.guest,answer.time FROM `" . _mysql_prefix . "-posts` AS answer JOIN `" . _mysql_prefix . "-posts` AS topic ON(topic.type=5 AND topic.id=answer.xhome) WHERE answer.type=5 AND answer.home=" . $home . " AND answer.xhome!=-1 ORDER BY answer.id DESC LIMIT " . _extratopicslimit); if (DB::size($query) != 0) { $output .= "<ul>\n"; while ($item = DB::row($query)) { if ($item['guest'] == "") { $author = _linkUser($item['author']); } else { $author = "<span class='post-author-guest'>" . $item['guest'] . "</span>"; } $output .= "<li><a href='index.php?m=topic&id=" . $item['topic_id'] . "'>" . $item['topic_subject'] . "</a> <small>(" . $_lang['global.postauthor'] . " " . $author . " " . _formatTime($item['time']) . ")</small></li>\n"; } $output .= "</ul>\n\n"; } else { $output .= "<p>" . $_lang['global.nokit'] . "</p>"; } } } else { $output .= "<p>" . $nopostsmessage . "</p>"; } $output .= "</div>"; return $output; }
/* --- odstraneni --- */ $done = false; if (isset($_POST['doit'])) { // smazani skupiny if (!$systemgroup) { DB::query("DELETE FROM `" . _mysql_prefix . "-groups` WHERE id=" . $id); } // zmena vychozi skupiny if (!$systemgroup and $id == _defaultgroup) { DB::query("UPDATE `" . _mysql_prefix . "-settings` SET val='3' WHERE var='defaultgroup'"); } // smazani uzivatelu $users = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE `group`=" . $id . " AND id!=0"); while ($user = DB::row($users)) { _deleteUser($user['id']); } $done = true; } /* --- vystup --- */ if ($done != true) { $output .= "\n <p class='bborder'>" . $_lang['admin.users.groups.delp'] . "</p>\n " . ($systemgroup ? _admin_smallNote($_lang['admin.users.groups.specialgroup.delnotice']) : '') . "\n <form class='cform' action='index.php?p=users-delgroup&id=" . $id . "' method='post'>\n <input type='hidden' name='doit' value='1' />\n <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n " . _xsrfProtect() . "</form>\n "; } else { $output .= _formMessage(1, $_lang['global.done']); } } else { if ($levelconflict == false) { $output .= _formMessage(3, $_lang['global.badinput']); } else { $output .= _formMessage(3, $_lang['global.disallowed']); } }
<?php /* --- kontrola jadra --- */ if (!defined('_core')) { exit; } /* --- priprava, kontrola pristupovych prav --- */ $message = ""; if (!(_loginright_adminsection or _loginright_admincategory or _loginright_adminbook or _loginright_adminseparator or _loginright_admingallery or _loginright_adminintersection or _loginright_adminpluginpage)) { $continue = false; $output .= _formMessage(3, $_lang['global.accessdenied']); } else { $continue = true; } /* --- akce --- */ if ($continue && isset($_POST['index'])) { DB::query("UPDATE `" . _mysql_prefix . "-settings` SET `val`=" . ($index_id = intval($_POST['index'])) . ' WHERE `var`=\'index_page_id\''); $message = _formMessage(1, $_lang['global.done']); } else { $index_id = _index_page_id; } /* --- vystup --- */ if ($continue) { $output .= "<p class='bborder'>" . $_lang['admin.content.setindex.p'] . "</p>" . $message . "\n<form class='cform' action='index.php?p=content-setindex' method='post'>\n" . _admin_rootSelect('index', null, $index_id, false) . "\n<input type='submit' value='" . $_lang['global.do'] . "' />\n" . _xsrfProtect() . "</form>\n"; }
<?php // kontrola jadra if (!defined('_core')) { exit; } // titulek if (_template_autoheadings == 1) { $output .= "<h1>" . $_lang['xsrf.title'] . "</h1>\n"; } // zprava + formular $output .= _formMessage(3, $_lang['xsrf.msg'] . '<ul><li>' . str_replace('*domain*', _getDomain(), $_lang['xsrf.warning']) . '</li></ul>'); $output .= "<form method='post'>\n" . _getPostdata(false, null, array('_security_token')) . _xsrfProtect() . "\n<p><input type='submit' value='" . $_lang['xsrf.button'] . "' /></p>\n</form>\n";
list($role, $role_other) = $r['sender'] == _loginid ? array('sender', 'receiver') : array('receiver', 'sender'); // smazani nebo oznaceni if ($r[$role_other . '_deleted']) { // druha strana j*z smazala, smazat uplne $del_list[] = $r['id']; } else { // pouze oznacit DB::query('UPDATE `' . _mysql_prefix . '-pm` SET ' . $role . '_deleted=1 WHERE id=' . $r['id']); } } // fyzicke vymazani if (!empty($del_list)) { DB::query('DELETE `' . _mysql_prefix . '-pm`,post FROM `' . _mysql_prefix . '-pm` JOIN `' . _mysql_prefix . '-posts` AS post ON (post.type=6 AND post.home=`' . _mysql_prefix . '-pm`.id) WHERE `' . _mysql_prefix . '-pm`.id IN(' . implode(',', $del_list) . ')'); } // info $module .= _formMessage(1, $_lang['mod.messages.delete.done']); } } // strankovani $paging = _resultPaging(_indexOutput_url, _messagesperpage, 'pm', 'sender=' . _loginid . ' OR receiver=' . _loginid, '&a=' . $a); if (_pagingmode == 1 or _pagingmode == 2) { $module .= $paging[0]; } // tabulka $module .= "\n <form method='post' action=''>\n<p class='messages-menu'>\n <img src='" . _templateImage('icons/bubble.png') . "' alt='new' class='icon' /><a href='" . _indexOutput_url . "&a=new'>" . $_lang['mod.messages.new'] . "</a>\n</p>\n\n<table class='messages-table'>\n<tr><td width='10'><input type='checkbox' name='selector' onchange=\"var that=this;\$('table.messages-table input').each(function(){this.checked=that.checked;});\" /></td><td><strong>" . $_lang['mod.messages.message'] . "</strong></td><td><strong>" . $_lang['global.user'] . "</strong></td><td><strong>" . $_lang['mod.messages.time.update'] . "</strong></td></tr>\n"; $q = DB::query('SELECT pm.id,pm.sender,pm.receiver,pm.sender_readtime,pm.receiver_readtime,pm.update_time,post.subject,(SELECT COUNT(*) FROM `' . _mysql_prefix . '-posts` AS countpost WHERE countpost.home=pm.id AND countpost.type=6 AND (pm.sender=' . _loginid . ' AND countpost.time>pm.receiver_readtime OR pm.receiver=' . _loginid . ' AND countpost.time>pm.sender_readtime)) AS unread_counter FROM `' . _mysql_prefix . '-pm` AS pm JOIN `' . _mysql_prefix . '-posts` AS post ON (post.home=pm.id AND post.type=6 AND post.xhome=-1) WHERE pm.sender=' . _loginid . ' AND pm.sender_deleted=0 OR pm.receiver=' . _loginid . ' AND pm.receiver_deleted=0 ORDER BY pm.update_time DESC ' . $paging[1]); while ($r = DB::row($q)) { $read = $r['sender'] == _loginid && $r['sender_readtime'] >= $r['update_time'] || $r['receiver'] == _loginid && $r['receiver_readtime'] >= $r['update_time']; $module .= "<tr><td><input type='checkbox' name='msg[]' value='" . $r['id'] . "' /></td><td><a href='" . _indexOutput_url . "&a=list&read=" . $r['id'] . "'" . ($read ? '' : ' class="notreaded"') . ">" . $r['subject'] . "</a></td><td>" . _linkUser($r['sender'] == _loginid ? $r['receiver'] : $r['sender']) . " <small>(" . $r['unread_counter'] . ")</small></td><td>" . _formatTime($r['update_time']) . "</td></tr>\n"; } if (!isset($read)) {
/* --- kontrola jadra --- */ if (!defined('_core')) { exit; } /* --- ulozeni --- */ $message = ""; if (isset($_POST['sourcegroup'])) { $source = intval($_POST['sourcegroup']); $target = intval($_POST['targetgroup']); $source_data = DB::query("SELECT level FROM `" . _mysql_prefix . "-groups` WHERE id=" . $source); $target_data = DB::query("SELECT level FROM `" . _mysql_prefix . "-groups` WHERE id=" . $target); if (DB::size($source_data) != 0 and DB::size($target_data) != 0 and $source != 2 and $target != 2) { if ($source != $target) { $source_data = DB::row($source_data); $target_data = DB::row($target_data); if (_loginright_level > $source_data['level'] and _loginright_level > $target_data['level']) { DB::query("UPDATE `" . _mysql_prefix . "-users` SET `group`=" . $target . " WHERE `group`=" . $source . " AND id!=0"); $message = _formMessage(1, $_lang['global.done']); } else { $message = _formMessage(2, $_lang['admin.users.move.failed']); } } else { $message = _formMessage(2, $_lang['admin.users.move.same']); } } else { $message = _formMessage(3, $_lang['global.badinput']); } } /* --- vystup --- */ $output .= "<p class='bborder'>" . $_lang['admin.users.move.p'] . "</p>\n" . $message . "\n<form class='cform' action='index.php?p=users-move' method='post'>\n" . $_lang['admin.users.move.text1'] . " " . _admin_authorSelect("sourcegroup", -1, "id!=2", null, null, true) . " " . $_lang['admin.users.move.text2'] . " " . _admin_authorSelect("targetgroup", -1, "id!=2", null, null, true) . " <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n" . _xsrfProtect() . "</form>\n";
/** * Wrap action response in layout * * Supported parameters: * ---------------------- * backlink url to use for backlink * backlink_action action to use for backlink * backlink_action_params backlink action parameters or null * backlink_action_prev previous action string for the backlink action or null * * title non-translated title to use * title_params parameters for title translations * item_name item name for the default action title (surpressed by 'title' param) * * info html for paragraph after the title * info_border add 'bborder' class to the paragraph * messages array of messages - array(array(type1, text1, [trans_params1], [raw 1/0]), ...)/ * * @param string $content * @param array $params * @param string|null $itemName * @return string */ protected function wrap($content, array $params) { $out = ''; global $_lang; // compose title if (isset($params['title'])) { $title = $this->trans($params['title'], isset($params['title_params']) ? $params['title_params'] : null); } else { $title = $this->trans($this->actions[$params[0]]['title'], array($this->trans(isset($params['item_name']) ? $params['item_name'] : 'item'))); } // determine backlink if (isset($params['backlink'])) { // provided url $backlink = $params['backlink']; } elseif (isset($params['backlink_action'])) { // link to action $backlink = $this->url($params['backlink_action'], isset($params['backlink_action_params']) ? $params['backlink_action_params'] : null, isset($params['backlink_action_prev']) ? $params['backlink_action_prev'] : null); } elseif (!empty($_GET[$this->prevActionParam])) { // link to prev action from request $backlink = $this->rawUrl($_GET[$this->prevActionParam], null); } else { // no link $backlink = null; } // add backlink if (null !== $backlink) { $out .= "<a class='backlink' href='" . _htmlStr($backlink) . "'>< {$_lang['global.return']}</a>\n"; } // add title $out .= "<h1>" . _htmlStr($title) . "</h1>\n"; // add info if (isset($params['info'])) { $out .= "<p" . (!isset($params['info_border']) || true === $params['info_border'] ? " class='bborder'" : '') . ">{$params['info']}</p>\n"; } // add messages if (!empty($params['messages'])) { foreach ($params['messages'] as $message) { if (!isset($message[3]) || !$message[3]) { $messageText = _htmlStr($this->trans($message[1], isset($message[2]) ? $message[2] : null)); } else { $messageText = $message[1]; } $out .= _formMessage($message[0], $messageText); } } // add content $out .= "\n{$content}\n"; // return return $out; }
$userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'"); if (DB::size($userdata) != 0) { // odeslani emailu $userdata = DB::row($userdata); $link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']); $text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*"); $text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip); if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) { $module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']); _iplogUpdate(7); $sent = true; } else { $module .= _formMessage(3, $_lang['hcm.mailform.msg.failure2']); } } else { $module .= _formMessage(2, $_lang['mod.lostpass.notfound']); } } else { $module .= _formMessage(2, $_lang['captcha.failure2']); } } else { $module .= _formMessage(3, str_replace('*limit*', _lostpassexpire / 60, $_lang['mod.lostpass.limit'])); } } // formular if (!$sent) { $captcha = _captchaInit(); $module .= _formOutput("lostpassform", "index.php?m=lostpass", array(array($_lang['login.username'], "<input type='text' name='username' class='inputsmall' maxlength='24'" . _restorePostValue('username') . " />"), array($_lang['global.email'], "<input type='text' name='email' class='inputsmall' " . _restorePostValue('email', '@') . " />"), $captcha), array("username", "email"), $_lang['global.send']); } break; }
} /* --- vystup --- */ $output .= "\n<p>" . $_lang['admin.other.bans.p'] . "</p>\n" . $message . "\n\n<table class='wintable'>\n<tr class='valign-top'>\n\n<td>\n<form action='index.php?p=other-bans' method='post'>\n<textarea rows='25' cols='94' class='areamedium' name='banned'>" . $data . "</textarea><br /><br />\n<input type='submit' value='" . $_lang['global.save'] . "' />\n" . _xsrfProtect() . "</form>\n</td>\n\n<td>\n<h2>" . $_lang['admin.other.bans.getuserip'] . "</h2><br />\n<form action='index.php' method='get'>\n<input type='hidden' name='p' value='other-bans' />\n" . $_lang['global.user'] . ": <input type='text' name='getip' class='inputsmall'" . _restoreGetValue("getip") . " /> <input type='submit' value='" . $_lang['global.do'] . "' />\n</form>\n"; // zjisteni ip adres uzivatele if (isset($_GET['getip'])) { $user = _anchorStr(trim($_GET['getip']), false); $query = DB::query("SELECT ip,id FROM `" . _mysql_prefix . "-users` WHERE username='******'"); if (DB::size($query) != 0) { $query = DB::row($query); // vyhledani adres $ips = array(); $iquery = DB::query("SELECT DISTINCT ip FROM `" . _mysql_prefix . "-posts` WHERE author=" . $query['id']); while ($iip = DB::row($iquery)) { $ips[] = $iip['ip']; } // pridani naposledy pouzite if (!in_array($query['ip'], $ips)) { $ips[] = $query['ip']; } // vypis $output .= "<br /><h2>" . $_lang['global.result'] . "</h2>\n<ul>\n"; foreach ($ips as $ip) { $output .= "<li>" . $ip . "</li>\n"; } $output .= "\n</ul>\n"; } else { $output .= _formMessage(2, $_lang['global.baduser']); } } // dokonceni tabulky $output .= "\n</td>\n\n</tr>\n</table>\n";