function _HCM_path($absolutni = false) { if ($absolutni) { return 'http' . (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || 443 == $_SERVER['SERVER_PORT'] ? 's' : '') . '://' . _getDomain() . (80 != $_SERVER['SERVER_PORT'] ? ":{$_SERVER['SERVER_PORT']}" : '') . _path; } else { return _path; } }
$sent = false; if (isset($_POST['username'])) { if (_iplogCheck(7)) { // nacteni promennych $username = _anchorStr($_POST['username'], false); $email = DB::esc($_POST['email']); // kontrola promennych if (_captchaCheck()) { $userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'"); if (DB::size($userdata) != 0) { // odeslani emailu $userdata = DB::row($userdata); $link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']); $text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*"); $text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip); if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) { $module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']); _iplogUpdate(7); $sent = true; } else { $module .= _formMessage(3, $_lang['hcm.mailform.msg.failure2']); } } else { $module .= _formMessage(2, $_lang['mod.lostpass.notfound']); } } else { $module .= _formMessage(2, $_lang['captcha.failure2']); } } else { $module .= _formMessage(3, str_replace('*limit*', _lostpassexpire / 60, $_lang['mod.lostpass.limit'])); }
_iplogUpdate(5); } else { // prekroceno echo str_replace('*postsendexpire*', _postsendexpire, $_lang['misc.requestlimit']); die; } // odeslani if (_xsrfCheck()) { if (_validateEmail($sender) and $text != "" and _captchaCheck()) { // pridani informacniho textu do tela $info_ip = _userip; if (_loginindicator) { $info_ip .= ' (' . _loginname . ')'; } $info_from = array("*domain*", "*time*", "*ip*", "*sender*"); $info_to = array(_getDomain(), _formatTime(time()), $info_ip, $sender); $text .= "\n\n" . str_repeat("-", 16) . "\n" . str_replace($info_from, $info_to, $_lang['hcm.mailform.info']); // prilozeni souboru if (isset($_FILES['att']['tmp_name']) and is_uploaded_file($_FILES['att']['tmp_name'])) { $att = true; $att_name = $_FILES['att']['name']; $att_tmpname = $_FILES['att']['tmp_name']; $att_content = @file_get_contents($att_tmpname); $att_content = @chunk_split(@base64_encode($att_content)); } else { $att = false; } // sestaveni emailu // hlavicka, kodovani, odesilatel, boundary // odesilatel if (!_mailerusefrom) {
<?php // kontrola jadra if (!defined('_core')) { exit; } // titulek if (_template_autoheadings == 1) { $output .= "<h1>" . $_lang['xsrf.title'] . "</h1>\n"; } // zprava + formular $output .= _formMessage(3, $_lang['xsrf.msg'] . '<ul><li>' . str_replace('*domain*', _getDomain(), $_lang['xsrf.warning']) . '</li></ul>'); $output .= "<form method='post'>\n" . _getPostdata(false, null, array('_security_token')) . _xsrfProtect() . "\n<p><input type='submit' value='" . $_lang['xsrf.button'] . "' /></p>\n</form>\n";
if (isset($_POST['do_backup']) && _loginright_adminbackup) { /* ----- tvorba zalohy ----- */ // typ zalohy (0 = db, 1 = partial, 2 = full) if (isset($_POST['type_full'])) { $type = _backup_full; $type_name = 'full'; } elseif (isset($_POST['type_partial'])) { $type = _backup_partial; $type_name = 'partial'; } else { $type = _backup_db; $type_name = 'db'; } $type_ext = _backupExt($type); // nazev souboru $fname = @str_replace('.', '_', _getDomain()); if ($fname == '') { $fname = _mysql_db; } $fname .= '_' . date("Y_m_d"); // komprese $can_compress = extension_loaded('zlib'); $memlimit = _phpIniLimit('memory_limit'); $should_compress = !isset($memlimit) || $memlimit > 10485760; // velikosti $sizes = array(); // velikost databaze $sizes['db'] = 10240; // +- 10kB struktura databaze $q = DB::query('SHOW TABLE STATUS LIKE \'' . _mysql_prefix . '-%\''); while ($r = DB::row($q)) {
// sestaveni casti sql dotazu - 'where' $groups = _sqlWhereColumn("`group`", implode("-", $receivers)); // hlavicky $headers = "Content-Type: " . ($ctype == 1 ? 'text/plain' : 'text/html') . "; charset=UTF-8\n" . (_mailerusefrom ? "From: " . mb_substr($sender, 0, mb_strpos($sender, "@")) . " <" . $sender . ">" : "Reply-To: " . $sender . "") . "\n"; // nacteni prijemcu $query = DB::query("SELECT email FROM `" . _mysql_prefix . "-users` WHERE massemail=1 AND (" . $groups . ")"); // odeslani nebo zobrazeni adres if (!$maillist) { // priprava $rec_buffer = array(); $rec_buffer_size = 20; $rec_buffer_counter = 0; $item_counter = 0; $item_total = DB::size($query); // poznamka na konci zpravy $notice = str_replace('*domain*', _getDomain(), $_lang['admin.other.massemail.emailnotice']); if ($ctype == 1) { $notice = "\n\n\n-------------------------------------\n" . $notice; } else { $notice = "<br><br><hr><p><small>" . _htmlStr($notice) . "</small></p>"; } $text .= $notice; // postupne odesilani po skupinach $done = 0; while ($item = DB::row($query)) { $rec_buffer[] = $item['email']; ++$rec_buffer_counter; ++$item_counter; if ($rec_buffer_counter === $rec_buffer_size || $item_counter === $item_total) { // odeslani emailu if (_mail('', $subject, $text, "Bcc: " . implode(",", $rec_buffer) . "\n" . $headers)) {
$errors[] = $_lang['global.badinput']; } } else { $group = _defaultgroup; } if (SL::$settings['rules'] != "" and !_checkboxLoad("agreement")) { $errors[] = $_lang['mod.reg.rules.disagreed']; } // vlozeni do databaze nebo seznam chyb if (count($errors) == 0) { _iplogUpdate(5); $code = _tmpRegister(_registration_confirm, $group, $username, $password, $massemail, _userip, $email); if (isset($code)) { // poslat potvrzeni $phase = 2; $domain = _getDomain(); $mail = _mail($email, str_replace('*domain*', $domain, $_lang['mod.reg.confirm.subject']), str_replace(array('*username*', '*domain*', '*url*', '*ip*', '*date*', '*code*'), array($username, $domain, _url, _userip, _formatTime(time()), $code), $_lang['mod.reg.confirm.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader()); } else { // registrace ok $phase = 1; } } else { $message = _formMessage(2, _eventList($errors, 'errors')); } } /* --- modul --- */ if (_template_autoheadings == 1) { $module .= "<h1>" . $_lang['mod.reg'] . "</h1>"; } switch ($phase) { // registracni formular
/** * Navrat na predchozi stranku * Zarizeno pomoci $_GET['_return'] nebo $_SERVER['HTTP_REFERER'] */ function _returnHeader() { // odeslani headeru if (isset($_GET['_return']) and $_GET['_return'] != "") { $url = $_GET['_return']; if ($url[0] === '/') { $url = 'http://' . _getDomain() . $url; } else { $url = _url . '/' . $url; } header("Location: " . $url); exit; } // alternativa pomoci refereru anebo zakladni url if (isset($_SERVER['HTTP_REFERER']) and $_SERVER['HTTP_REFERER'] != "") { header("Location: " . $_SERVER['HTTP_REFERER']); } else { header("Location: " . _url . '/'); } exit; }