<?php // kontrola jadra if (!defined('_core')) { exit; } // titulek if (_template_autoheadings == 1) { $output .= "<h1>" . $_lang['xsrf.title'] . "</h1>\n"; } // zprava + formular $output .= _formMessage(3, $_lang['xsrf.msg'] . '<ul><li>' . str_replace('*domain*', _getDomain(), $_lang['xsrf.warning']) . '</li></ul>'); $output .= "<form method='post'>\n" . _getPostdata(false, null, array('_security_token')) . _xsrfProtect() . "\n<p><input type='submit' value='" . $_lang['xsrf.button'] . "' /></p>\n</form>\n";
$output .= _formMessage(2, $_lang['admin.moduleunavailable']); } } else { $output .= "<h1>" . $_lang['global.error'] . "</h1>" . _formMessage(3, $_lang['global.accessdenied']); } } else { $output .= "<h1>" . $_lang['global.error404.title'] . "</h1>" . _formMessage(2, $_lang['global.error404']); } } } else { // prihlasovaci formular if (empty($_POST)) { $login = _uniForm("login"); $output .= $login[0]; } else { $output .= "<h1>" . $_lang['admin.postrestore.title'] . "</h1>\n<p class='bborder'>" . $_lang['admin.postrestore.p'] . "</p>\n" . _formMessage(2, $_lang['admin.postrestore.msg']) . "\n<form action='' method='post'>\n<input type='submit' name='' value='" . $_lang['admin.postrestore.button'] . "' />\n" . _getPostdata(false, null, array('_security_token')) . "\n" . _xsrfProtect() . "</form>\n"; } } /* --- paticka, vypis vystupu --- */ // paticka $output .= ' <div class="cleaner"></div> </div> <hr class="hidden" /> <div id="copyright"> <div>' . ((_loginindicator and _loginright_administration) ? '<a href="' . _url . '/" target="_blank">' . $_lang['admin.link.site'] . '</a> • <a href="./" target="_blank">' . $_lang['admin.link.newwin'] . '</a>' : '<a href="../">< ' . $_lang['admin.link.home'] . '</a>') . '</div> '; // vypis if (!($redir = defined('_redirect_to'))) { echo $output;
$paramvar = "new_" . $param; $paramval = ${$paramvar}; if ($paramval == 0 or $paramval == 1) { DB::query("UPDATE `" . _mysql_prefix . "-articles` SET " . $param . "=" . $paramval . " WHERE id=" . $item['id']); } } } $message = _formMessage(1, $_lang['global.done']); } } else { $message = _formMessage(2, $_lang['admin.content.artfilter.f1.noresult']); } } /* --- vystup --- */ $output .= "\n<p class='bborder'>" . $_lang['admin.content.artfilter.p'] . "</p>\n" . $message . "\n<form action='index.php?p=content-artfilter' method='post'>\n"; if (!$infopage) { $output .= "\n<h2>" . $_lang['admin.content.artfilter.f1.title'] . "</h2>\n<p>" . $_lang['admin.content.artfilter.f1.p'] . "</p>\n<table>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['article.category'] . "</strong></td>\n<td>" . _admin_rootSelect("category", 2, -1, true, $_lang['global.any2']) . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['article.author'] . "</strong></td>\n<td>" . _admin_authorSelect("author", -1, "adminart=1", "selectmedium", $_lang['global.any']) . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['article.posted'] . "</strong></td>\n<td>\n\n<select name='ba'>\n<option value='0'>" . $_lang['admin.content.artfilter.f1.time0'] . "</option>\n<option value='1'>" . $_lang['admin.content.artfilter.f1.time1'] . "</option>\n<option value='2'>" . $_lang['admin.content.artfilter.f1.time2'] . "</option>\n<option value='3'>" . $_lang['admin.content.artfilter.f1.time3'] . "</option>\n</select>\n\n" . _editTime('time', -1) . "\n\n</td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n<td>\n" . _admin_boolSelect("public") . $_lang['admin.content.form.public'] . "<br />\n" . _admin_boolSelect("visible") . $_lang['admin.content.form.visible'] . "<br />\n" . _admin_boolSelect("confirmed") . $_lang['admin.content.form.confirmed'] . "<br />\n" . _admin_boolSelect("comments") . $_lang['admin.content.form.comments'] . "<br />\n" . _admin_boolSelect("rateon") . $_lang['admin.content.form.artrate'] . "<br />\n" . _admin_boolSelect("showinfo") . $_lang['admin.content.form.showinfo'] . "\n</td>\n</tr>\n\n</table>\n\n<br /><div class='hr'><hr /></div><br />\n\n<h2>" . $_lang['admin.content.artfilter.f2.title'] . "</h2>\n<p>" . $_lang['admin.content.artfilter.f2.p'] . "</p>\n<table>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['article.category'] . "</strong></td>\n<td>" . _admin_rootSelect("new_category", 2, -1, true, $_lang['global.nochange']) . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['article.author'] . "</strong></td>\n<td>" . _admin_authorSelect("new_author", -1, "adminart=1", "selectmedium", $_lang['global.nochange']) . "</td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n<td>\n" . _admin_boolSelect("new_public", true) . $_lang['admin.content.form.public'] . "<br />\n" . _admin_boolSelect("new_visible", true) . $_lang['admin.content.form.visible'] . "<br />\n" . (_loginright_adminconfirm ? _admin_boolSelect("new_confirmed", true) . $_lang['admin.content.form.confirmed'] . "<br />" : '') . "\n" . _admin_boolSelect("new_comments", true) . $_lang['admin.content.form.comments'] . "<br />\n" . _admin_boolSelect("new_rateon", true) . $_lang['admin.content.form.artrate'] . "<br />\n" . _admin_boolSelect("new_showinfo", true) . $_lang['admin.content.form.showinfo'] . "\n</td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['global.action'] . "</strong></td>\n<td>\n<label><input type='checkbox' name='new_delete' value='1' /> " . $_lang['global.delete'] . "</label><br />\n<label><input type='checkbox' name='new_resetrate' value='1' /> " . $_lang['admin.content.form.resetartrate'] . "</label><br />\n<label><input type='checkbox' name='new_delcomments' value='1' /> " . $_lang['admin.content.form.delcomments'] . "</label><br />\n<label><input type='checkbox' name='new_resetread' value='1' /> " . $_lang['admin.content.form.resetartread'] . "</label>\n</td>\n</tr>\n\n</table>\n\n<br /><div class='hr'><hr /></div><br />\n\n<input type='submit' value='" . $_lang['mod.search.submit'] . "' />\n"; } else { $output .= _getPostdata() . "\n<input type='hidden' name='_process' value='1' />\n" . _formMessage(1, str_replace("*found*", $found, $_lang['admin.content.artfilter.f1.infotext'])) . "\n<ul>"; $counter = 0; while ($r = DB::row($query)) { if ($counter >= 30) { $output .= "<li><em>... (+" . ($found - $counter) . ")</em></li>\n"; break; } $output .= "<li><a href='" . _indexroot . _linkArticle($r['id'], $r['title_seo'], $r['cat_title_seo']) . "' target='_blank'>" . $r['title'] . "</a></li>\n"; ++$counter; } $output .= "</ul>\n<input type='submit' value='" . $_lang['global.do2'] . "' /> <a href='index.php?p=content-artfilter'>" . $_lang['global.cancel'] . "</a>\n"; } $output .= _xsrfProtect() . "</form>";
function _tmp_installer_install() { global $_lang, $self, $is_clean; // krok static $steps = 3; if (isset($_POST['step'])) { $step = intval($_POST['step']); if ($step < 1 || $step > $steps) { $step = 1; } } else { $step = 1; } $fname = basename(__FILE__); if (!empty($_POST)) { echo '<a href="./' . $fname . '" id="cancelink">' . $_lang['global.cancel'] . '</a>'; } ?> <h2><?php echo str_replace(array('*step*', '*steps*', '*name*'), array($step, $steps, $_lang['step.' . $step]), $_lang['install']); ?> </h2> <form action="./<?php echo $fname; ?> " method="post" name="instform" autocomplete="off"> <?php switch ($step) { // kontrola case 1: if (isset($_POST['check'])) { // nacteni a kontrola existence souboru $a_files = $self->listFilesOnPath('/files/'); $conflicts = array(); $counter = 0; $err_limit = 10; for ($i = 0; isset($a_files[$i]); ++$i) { $path = './' . substr($a_files[$i], 7); if (file_exists($path)) { ++$counter; if ($counter <= $err_limit) { $conflicts[] = str_replace('*path*', $path, $_lang['step.1.err.file']); } } } if ($counter > $err_limit) { $conflicts[] = str_replace('*n*', $counter - $err_limit, $_lang['step.1.err.file.etc']); } // zprava nebo pokracovani if (empty($conflicts)) { // vse je ok $step = 2; echo '<p class="green center">' . $_lang['step.1.ok'] . '</p>'; echo '<p class="center"><input type="submit" value="' . $_lang['global.continue'] . '"></p>'; break; } else { // jsou chyby echo '<p class="red">' . $_lang['step.1.err'] . ':</p>'; echo "<ul>\n"; for ($i = 0; isset($conflicts[$i]); ++$i) { echo "<li>" . $conflicts[$i] . "</li>\n"; } echo "</ul>"; } } echo '<p class="center"><input type="submit" name="check" value="' . $_lang['step.1.submit'] . '"></p>'; break; // konfigurace & instalace // konfigurace & instalace case 2: case 3: // navrat z kroku 3 if (isset($_POST['return_to_cfg'])) { $step = 2; unset($_POST['return_to_cfg']); } // instalace $install = $step == 3; if (isset($_POST['sys_url'])) { // zpracovat url $_POST['sys_url'] = _removeSlashesFromEnd($_POST['sys_url']); // kontroly $err = null; do { // prefix $prefix = trim($_POST['db_prefix']); if ($prefix === '') { $err = str_replace('*input*', $_lang['step.2.db.prefix'], $_lang['step.2.err.empty']); break; } // ucet administratora $_POST['admin_name'] = _anchorStr(trim($_POST['admin_name']), false); $_POST['admin_email'] = trim($_POST['admin_email']); // pouze pro cistou instalaci if ($is_clean) { // vynutit ucet administratora if ($_POST['admin_name'] === '') { $err = str_replace('*input*', $_lang['step.2.admin.name'], $_lang['step.2.err.empty']); break; } if ($_POST['admin_pwd'] === '') { $err = str_replace('*input*', $_lang['step.2.admin.pwd'], $_lang['step.2.err.empty']); break; } if ($_POST['admin_email'] === '' || $_POST['admin_email'] === '@') { $err = str_replace('*input*', $_lang['step.2.admin.email'], $_lang['step.2.err.empty']); break; } // titulek stranek $_POST['sys_title'] = trim($_POST['sys_title']); if ($_POST['sys_title'] === '') { $err = str_replace('*input*', $_lang['step.2.sys.title'], $_lang['step.2.err.empty']); break; } // popis, klicova slova $_POST['sys_descr'] = trim($_POST['sys_descr']); $_POST['sys_kwrds'] = trim($_POST['sys_kwrds']); } // email administratora if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@' && !_validateEmail($_POST['admin_email'])) { $err = $_lang['step.2.err.admin.email']; break; } // heslo administratora if ($_POST['admin_pwd'] !== '' && $_POST['admin_pwd'] !== $_POST['admin_pwd2']) { $err = $_lang['step.2.err.admin.pwd']; break; } // DB port $server = $_POST['db_server']; if (false !== ($serverColonPos = strpos($server, ':'))) { $port = (int) substr($server, $serverColonPos + 1); $server = substr($server, 0, $serverColonPos); } else { $port = ini_get('mysqli.default_port'); } // pripojeni $con = @mysqli_connect($server, $_POST['db_user'], $_POST['db_pwd'], $_POST['db_name'], $port); if (!is_object($con)) { $err = $_lang['step.2.err.con'] . '<br><code>' . _htmlStr(mysqli_connect_error()) . '</code>'; break; } // kodovani a konstanty DB::$con = $con; DB::$con->set_charset('utf8'); DB::query('SET sql_mode=\'\''); define('_mysql_prefix', $prefix); // existence tabulek $prefix = DB::esc($prefix); $q = DB::query('SHOW TABLES LIKE \'' . $prefix . '-%\''); $tables = array(); while ($r = DB::rown($q)) { $tables[] = $r[0]; } if (!empty($tables) && !isset($_POST['db_overwrite'])) { $err = $_lang['step.2.err.tables'] . ':<br><br>• ' . implode("<br>\n• ", $tables); break; } // vse ok if ($install) { if (!isset($_POST['do_install'])) { // potvrzeni echo _getPostdata(false, null, array('step')); echo '<p class="green center">' . $_lang['step.3.text'] . '</p>'; echo '<p class="center"> <input type="submit" name="do_install" value="' . $_lang['step.3.submit'] . '" onclick="if (window.sl_install_process) return false; else {window.sl_install_process = true; this.value=\'' . $_lang['step.3.wait'] . '\'}"> <input type="submit" name="return_to_cfg" value="' . $_lang['step.3.return'] . '"> </p>'; } else { // provedeni $err = null; try { // rozbalit soubory $self->extractFiles('./', '/files/', false, true, array($self->vars['void'])); // vytvorit konfiguracni soubor global $cfg_locale, $cfg_timezone; file_put_contents('./config.php', str_replace(array('/* @@@server@@@ */', '/* @@@user@@@ */', '/* @@@password@@@ */', '/* @@@database@@@ */', '/* @@@prefix@@@ */', '/* @@@locale@@@ */', '/* @@@timezone@@@ */'), array(var_export($_POST['db_server'], true), var_export($_POST['db_user'], true), var_export($_POST['db_pwd'], true), var_export($_POST['db_name'], true), var_export($prefix, true), var_export($cfg_locale, true), var_export($cfg_timezone, true)), $self->getFile('/files/data/installer/config.php.tpl'))); // smazat tabulky z databaze? if (!empty($tables)) { for ($i = 0; isset($tables[$i]); ++$i) { DB::query('DROP TABLE `' . $tables[$i] . '`', true); if (($sql_err = DB::error()) !== '') { throw new _InstallException($_lang['step.3.err.drop'] . '<br><code>' . $sql_err . '</code>'); } } } // deaktivovat kontrolu verze function _checkVersion() { return true; } // vytvorit strukturu databaze $dbdump = new DBDump(); $dbdump->importTables($self->getFile('/database/struct')); // nacist data $data_stream = $self->getFileStream('/database/data'); $dbdump->importData($data_stream); $data_stream->free(); // aktualizovat url DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val($_POST['sys_url']) . ' WHERE `var`=\'url\''); // vypnout mod rewrite pokud neexistuje .htaccess if (!file_exists(_indexroot . '.htaccess')) { DB::query('UPDATE `' . $prefix . '-settings` SET `val`=0 WHERE `var`=\'modrewrite\''); } // upravit ucet administratora $admin_upd = array(); if ($_POST['admin_name'] !== '') { $admin_upd['username'] = $_POST['admin_name']; if (!$is_clean) { $admin_upd['publicname'] = ''; } } if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@') { $admin_upd['email'] = $_POST['admin_email']; } if ($_POST['admin_pwd'] !== '') { $admin_pwd = _md5Salt($_POST['admin_pwd']); $admin_upd['password'] = $admin_pwd[0]; $admin_upd['salt'] = $admin_pwd[1]; } if ($is_clean) { $admin_upd['registertime'] = time(); $admin_upd['activitytime'] = time(); } if (!empty($admin_upd)) { $admin_upd_sql = ''; $counter = 0; foreach ($admin_upd as $col => $val) { if ($counter !== 0) { $admin_upd_sql .= ','; } $admin_upd_sql .= '`' . $col . '`=' . DB::val($val); ++$counter; } DB::query('UPDATE `' . $prefix . '-users` SET ' . $admin_upd_sql . ' WHERE id=0'); } // aktualizovat titulek, klic. slova a popis if ($is_clean) { DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_title'])) . ' WHERE `var`=\'title\''); DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_kwrds'])) . ' WHERE `var`=\'keywords\''); DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_descr'])) . ' WHERE `var`=\'description\''); } // vypnout mod_rewrite DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'0\' WHERE `var`=\'mod_rewrite\''); // vynutit kontrolu instalace DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'1\' WHERE `var`=\'install_check\''); } catch (_InstallException $e) { $err = $e->getMessage(); } catch (Exception $e) { $err = _htmlStr($e->getMessage()); } // uspech ci chyba if (isset($err)) { echo '<p class="red">' . $err . '</p>'; echo '<p class="red">' . $_lang['step.3.err.warning'] . '</p>'; } else { echo '<p class="green center">' . str_replace('*fname*', $fname, $_lang['step.3.fin']) . '</p>'; } } break 2; } else { $step = 3; echo '<p class="green center">' . $_lang['step.2.ok'] . '</p>'; } } while (false); // chyba if (isset($err)) { echo '<p class="red">' . $err . '</p>'; } } ?> <table> <thead><th colspan="2"><?php echo $_lang['step.2.sys']; ?> </th></thead> <tbody> <tr> <th><?php echo $_lang['step.2.sys.url']; ?> </th> <td><input type="text" name="sys_url"<?php echo _restorePostValue('sys_url'); ?> ></td> </tr> <?php if ($is_clean) { ?> <tr> <th><?php echo $_lang['step.2.sys.title']; ?> </th> <td><input type="text" name="sys_title"<?php echo _restorePostValue('sys_title'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.sys.descr']; ?> </th> <td><input type="text" name="sys_descr"<?php echo _restorePostValue('sys_descr'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.sys.kwrds']; ?> </th> <td><input type="text" name="sys_kwrds"<?php echo _restorePostValue('sys_kwrds'); ?> ></td> </tr> <?php } ?> </tbody> </table> <script type="text/javascript"> // predvyplneni adresy if (document.instform.sys_url.value === '') { var loc = new String(document.location); var slash; var slash_last = 0; var limit = 0; while (true) { slash = loc.indexOf('/', slash_last); if (slash === -1) break; slash_last = slash + 1; } loc = loc.substr(0, slash_last); document.instform.sys_url.value = loc; } </script> <table> <thead> <tr><th colspan="2"><?php echo $_lang['step.2.admin']; ?> </th></tr> <?php if (!$is_clean) { ?> <tr><th colspan="2"><small><?php echo $_lang['step.2.admin.notice']; ?> </small></th></tr><?php } ?> </thead> <tbody> <tr> <th><?php echo $_lang['step.2.admin.name']; ?> </th> <td><input type="text" maxlength="24" name="admin_name"<?php echo _restorePostValue('admin_name'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.admin.email']; ?> </th> <td><input type="text" maxlength="100" name="admin_email"<?php echo _restorePostValue('admin_email', $is_clean ? '@' : null); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.admin.pwd']; ?> </th> <td><input type="password" name="admin_pwd"<?php echo _restorePostValue('admin_pwd'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.admin.pwd2']; ?> </th> <td><input type="password" name="admin_pwd2"<?php echo _restorePostValue('admin_pwd2'); ?> ></td> </tr> </tbody> </table> <table> <thead><tr><th colspan="2"><?php echo $_lang['step.2.db']; ?> </th></tr></thead> <tbody> <tr> <th><?php echo $_lang['step.2.db.server']; ?> </th> <td><input type="text" name="db_server"<?php echo _restorePostValue('db_server', 'localhost'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.name']; ?> </th> <td><input type="text" name="db_name"<?php echo _restorePostValue('db_name'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.user']; ?> </th> <td><input type="text" name="db_user"<?php echo _restorePostValue('db_user'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.pwd']; ?> </th> <td><input type="password" name="db_pwd"<?php echo _restorePostValue('db_pwd'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.prefix']; ?> </th> <td><input type="text" maxlength="24" name="db_prefix"<?php echo _restorePostValue('db_prefix', 'sunlight'); ?> ></td> </tr> <tr> <th><?php echo $_lang['step.2.db.tables']; ?> </th> <td><label><input type="checkbox" name="db_overwrite"<?php echo _checkboxActivate(isset($_POST['db_overwrite'])); ?> value="1" onchange="if (this.checked && !confirm('<?php echo $_lang['step.2.db.tables.overwrite.confirm']; ?> ')) this.checked = false"> <?php echo $_lang['step.2.db.tables.overwrite']; ?> </label></td> </tr> </tbody> </table> <p class="center"><input type="submit" value="<?php echo $_lang[$step != 3 ? 'step.2.submit' : 'global.continue']; ?> "></p> <?php //<p class="warning"><?php echo $_lang['step.2.warning']</p> break; } ?> <input type="hidden" name="step" value="<?php echo $step; ?> "> </form> <?php }
break; // upload // upload case "upload": $action_submit = "global.send"; $action_title = "admin.fman.menu.upload"; $action_code = "\n <tr class='valign-top'>\n <td class='rpad'><strong>" . $_lang['admin.fman.file'] . ":</strong></td>\n <td id='fmanFiles'><input type='file' name='uf0[]' multiple='multiple' /> <a href='#' onclick='return _sysFmanAddFile();'>" . $_lang['admin.fman.upload.addfile'] . "</a></td>\n </tr>\n\n <tr>\n <td></td>\n <td>\n <label><input type='checkbox' name='upload_rewrite' value='1' /> " . $_lang['global.uploadrewrite'] . "</label> \n " . (($uplimit = _getUploadLimit(true)) !== null ? "<small>(" . $_lang['global.uploadlimit'] . ": <em>" . $uplimit . "MB</em>)</small>" : '') . "\n </td>\n </tr>\n "; break; // addtogallery // addtogallery case "addtogallery": $action_submit = "global.insert"; $action_acbonus = ""; $action_title = "admin.fman.menu.addtogallery"; // load and check images $images_load = _getPostdata(true, "f"); $images = ""; $counter = 0; foreach ($images_load as $images_load_image) { $images_load_image = pathinfo(base64_decode($images_load_image[1])); if (isset($images_load_image['extension']) and in_array(mb_strtolower($images_load_image['extension']), SL::$imageExt)) { $images .= "<input type='hidden' name='f" . $counter . "' value='" . base64_encode($images_load_image['basename']) . "' />\n"; $counter++; } } if ($counter != 0) { $action_code = "\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.fman.addtogallery.galllery'] . "</strong></td>\n <td>\n " . _admin_rootSelect("gallery", 5, -1, false, null, null) . "\n " . $images . "\n </td>\n </tr>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.fman.addtogallery.counter'] . "</strong></td>\n <td>" . $counter . "</td>\n </tr>\n "; } else { $message = _formMessage(2, $_lang['admin.fman.addtogallery.noimages']); } break;