if (_iplogCheck(7)) { // nacteni promennych $username = _anchorStr($_POST['username'], false); $email = DB::esc($_POST['email']); // kontrola promennych if (_captchaCheck()) { $userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'"); if (DB::size($userdata) != 0) { // odeslani emailu $userdata = DB::row($userdata); $link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']); $text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*"); $text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip); if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) { $module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']); _iplogUpdate(7); $sent = true; } else { $module .= _formMessage(3, $_lang['hcm.mailform.msg.failure2']); } } else { $module .= _formMessage(2, $_lang['mod.lostpass.notfound']); } } else { $module .= _formMessage(2, $_lang['captcha.failure2']); } } else { $module .= _formMessage(3, str_replace('*limit*', _lostpassexpire / 60, $_lang['mod.lostpass.limit'])); } } // formular
} /* --- hodnoceni --- */ // nacteni promennych _checkKeys('_POST', array('id')); $id = intval($_POST['id']); $article_exists = false; // kontrola promennych a pristupu $continue = false; $query = DB::query("SELECT art.id,art.title_seo,art.time,art.confirmed,art.public,art.home1,art.home2,art.home3,art.rateon,cat.title_seo AS cat_title_seo FROM `" . _mysql_prefix . "-articles` AS art JOIN `" . _mysql_prefix . "-root` AS cat ON(cat.id=art.home1) WHERE art.id=" . $id); if (DB::size($query) != 0) { $article_exists = true; $query = DB::row($query); if (isset($_POST['r'])) { $r = round($_POST['r'] / 10) * 10; if (_iplogCheck(3, $id) and _xsrfCheck() and $query['rateon'] == 1 and _articleAccess($query) == 1 and $r <= 100 and $r >= 0) { $continue = true; } } } // zapocteni hodnoceni if ($continue) { DB::query("UPDATE `" . _mysql_prefix . "-articles` SET ratenum=ratenum+1,ratesum=ratesum+" . $r . " WHERE id=" . $id); _iplogUpdate(3, $id); } // presmerovani if ($article_exists) { $aurl = _linkArticle($id, $query['title_seo']) . "#ainfo"; } else { $aurl = ""; } header("location: " . _url . '/' . $aurl);
// nacteni promennych $subject = $_POST['subject']; $sender = $_POST['sender']; $text = $_POST['text']; $fid = intval($_POST['fid']); // nacteni prijemce $skey = _sessionprefix . 'hcm_' . $fid . '_mail_receiver'; if (isset($_SESSION[$skey])) { $receiver = $_SESSION[$skey]; unset($_SESSION[$skey], $skey); } else { die($_lang['global.badinput']); } // casove omezeni if (_iplogCheck(5)) { _iplogUpdate(5); } else { // prekroceno echo str_replace('*postsendexpire*', _postsendexpire, $_lang['misc.requestlimit']); die; } // odeslani if (_xsrfCheck()) { if (_validateEmail($sender) and $text != "" and _captchaCheck()) { // pridani informacniho textu do tela $info_ip = _userip; if (_loginindicator) { $info_ip .= ' (' . _loginname . ')'; } $info_from = array("*domain*", "*time*", "*ip*", "*sender*"); $info_to = array(_getDomain(), _formatTime(time()), $info_ip, $sender);
// zaslani cookie pro stale prihlaseni if ($persistent) { $persistent_cookie_data = array(); $persistent_cookie_data[] = $query['id']; $persistent_cookie_data[] = $ipbound ? '1' : '0'; $persistent_cookie_data[] = _md5HMAC($query['password'] . '$' . $query['email'], $ipbound ? _userip : _sessionprefix); setcookie(_sessionprefix . "persistent_key", implode('$', $persistent_cookie_data), time() + 2592000, "/"); } // ulozeni dat pro session $_SESSION[_sessionprefix . "user"] = $query['id']; $_SESSION[_sessionprefix . "password"] = $query['password']; $_SESSION[_sessionprefix . "ip"] = _userip; $_SESSION[_sessionprefix . "ipbound"] = $ipbound; $result = 1; } else { _iplogUpdate(1); } } else { $result = 2; } } } else { $result = 5; } } else { $result = 6; } } /* --- presmerovani --- */ if ($result != 1) { $_GET['_return'] = _addFdGetToLink(_addGetToLink($_POST['form_url'], '_mlr=' . $result, false), array('username' => $username));
<?php /* --- incializace jadra --- */ require '../../require/load.php'; SL::init('../../'); /* --- hlasovani --- */ // nacteni promennych if (isset($_POST['pid']) and isset($_POST['option']) and _xsrfCheck()) { $pid = intval($_POST['pid']); $option = intval($_POST['option']); // ulozeni hlasu $query = DB::query("SELECT locked,answers,votes FROM `" . _mysql_prefix . "-polls` WHERE id=" . $pid); if (DB::size($query) != 0) { $query = DB::row($query); $answers = explode("#", $query['answers']); $votes = explode("-", $query['votes']); if (_loginright_pollvote and $query['locked'] == 0 and _iplogCheck(4, $pid) and isset($votes[$option])) { $votes[$option] += 1; $votes = implode("-", $votes); DB::query("UPDATE `" . _mysql_prefix . "-polls` SET votes='" . $votes . "' WHERE id=" . $pid); _iplogUpdate(4, $pid); } } } // presmerovani _returnHeader();
} // druha bunka if ($info['infobox'] != null or $rateform_used == false and $info['rateform'] != null) { $content .= "<td>"; if ($info['infobox'] != null) { $content .= $info['infobox']; } if ($rateform_used == false) { $content .= $info['rateform']; } $content .= "</td>"; } // konec tabulky $content .= "\n</tr>\n</table>\n"; } // odkaz na tisk if (_printart) { $content .= "\n<p><a href='" . _indexroot . "printart.php?id=" . $id . "' target='_blank'><img src='" . _templateImage("icons/print.png") . "' alt='print' class='icon' /> " . $_lang['article.print'] . "</a></p>\n"; } // rozsireni pred komentari _extend('call', 'article.comments', $extend_args); // komentare if ($query['comments'] == 1 and _comments) { require_once _indexroot . 'require/functions-posts.php'; $content .= _postsOutput(2, $id, $query['commentslocked']); } // zapocteni precteni if ($query['confirmed'] == 1 and $query['time'] <= time() and _iplogCheck(2, $id)) { DB::query("UPDATE `" . _mysql_prefix . "-articles` SET readed=" . ($query['readed'] + 1) . " WHERE id=" . $id); _iplogUpdate(2, $id); }