if (isset($_SESSION[$skey])) {
$receiver = $_SESSION[$skey];
unset($_SESSION[$skey], $skey);
} else {
die($_lang['global.badinput']);
}
// casove omezeni
if (_iplogCheck(5)) {
_iplogUpdate(5);
} else {
// prekroceno
echo str_replace('*postsendexpire*', _postsendexpire, $_lang['misc.requestlimit']);
die;
}
// odeslani
if (_xsrfCheck()) {
if (_validateEmail($sender) and $text != "" and _captchaCheck()) {
// pridani informacniho textu do tela
$info_ip = _userip;
if (_loginindicator) {
$info_ip .= ' (' . _loginname . ')';
}
$info_from = array("*domain*", "*time*", "*ip*", "*sender*");
$info_to = array(_getDomain(), _formatTime(time()), $info_ip, $sender);
$text .= "\n\n" . str_repeat("-", 16) . "\n" . str_replace($info_from, $info_to, $_lang['hcm.mailform.info']);
// prilozeni souboru
if (isset($_FILES['att']['tmp_name']) and is_uploaded_file($_FILES['att']['tmp_name'])) {
$att = true;
$att_name = $_FILES['att']['name'];
$att_tmpname = $_FILES['att']['tmp_name'];
$att_content = @file_get_contents($att_tmpname);
exit;
}
/* --- hodnoceni --- */
// nacteni promennych
_checkKeys('_POST', array('id'));
$id = intval($_POST['id']);
$article_exists = false;
// kontrola promennych a pristupu
$continue = false;
$query = DB::query("SELECT art.id,art.title_seo,art.time,art.confirmed,art.public,art.home1,art.home2,art.home3,art.rateon,cat.title_seo AS cat_title_seo FROM `" . _mysql_prefix . "-articles` AS art JOIN `" . _mysql_prefix . "-root` AS cat ON(cat.id=art.home1) WHERE art.id=" . $id);
if (DB::size($query) != 0) {
$article_exists = true;
$query = DB::row($query);
if (isset($_POST['r'])) {
$r = round($_POST['r'] / 10) * 10;
if (_iplogCheck(3, $id) and _xsrfCheck() and $query['rateon'] == 1 and _articleAccess($query) == 1 and $r <= 100 and $r >= 0) {
$continue = true;
}
}
}
// zapocteni hodnoceni
if ($continue) {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET ratenum=ratenum+1,ratesum=ratesum+" . $r . " WHERE id=" . $id);
_iplogUpdate(3, $id);
}
// presmerovani
if ($article_exists) {
$aurl = _linkArticle($id, $query['title_seo']) . "#ainfo";
} else {
$aurl = "";
}
$post = isset($_GET['post']) ? '1' : '0';
$image = isset($_GET['img']) ? '1' : '0';
} else {
$search_query = '';
$root = 1;
$art = 1;
$post = 1;
$image = 0;
}
/* --- modul --- */
if (_template_autoheadings == 1) {
$module .= "<h1>" . $_lang['mod.search'] . "</h1>";
}
$module .= "\n<p class='bborder'>" . $_lang['mod.search.p'] . "</p>\n\n<form action='index.php' method='get'>\n<input type='hidden' name='m' value='search' />\n" . _xsrfProtect() . "\n<input type='text' name='q' class='inputmedium' value='" . _htmlStr($search_query) . "' /> <input type='submit' value='" . $_lang['mod.search.submit'] . "' /><br />\n" . $_lang['mod.search.where'] . ": \n<label><input type='checkbox' name='root' value='1'" . _checkboxActivate($root) . " /> " . $_lang['mod.search.where.root'] . "</label> \n<label><input type='checkbox' name='art' value='1'" . _checkboxActivate($art) . " /> " . $_lang['mod.search.where.articles'] . "</label> \n<label><input type='checkbox' name='post' value='1'" . _checkboxActivate($post) . " /> " . $_lang['mod.search.where.posts'] . "</label> \n<label><input type='checkbox' name='img' value='1'" . _checkboxActivate($image) . " /> " . $_lang['mod.search.where.images'] . "</label>\n</form>\n\n";
/* --- vyhledavani --- */
if ($search_query != '' && _xsrfCheck(true)) {
if (mb_strlen($search_query) >= 3) {
// priprava
$search_query_sql = DB::esc('%' . $search_query . '%');
$results = array();
// polozka: array(link, titulek, perex)
$public = !_loginindicator;
// funkce na skladani vyhledavaciho dotazu
function _tmpSearchQuery($alias, $cols)
{
$output = '(';
for ($i = 0, $last = sizeof($cols) - 1; isset($cols[$i]); ++$i) {
$output .= $alias . '.' . $cols[$i] . ' LIKE \'' . $GLOBALS['search_query_sql'] . '\'';
if ($i !== $last) {
$output .= ' OR ';
}
if ($i !== $last) {
$sql .= ',';
}
++$ord;
}
$sql .= '';
DB::query($sql);
}
// message
$done = isset($last) ? $last + 1 : count($done);
$message = _formMessage($done === $total ? 1 : 2, sprintf($_lang['admin.content.manageimgs.upload.msg'], $done, $total));
break;
}
}
/* --- odstraneni obrazku --- */
if (isset($_GET['del']) && _xsrfCheck(true) && $continue) {
$del = intval($_GET['del']);
_tmpGalStorageCleanOnDel('id=' . $del . ' AND home=' . $g);
DB::query("DELETE FROM `" . _mysql_prefix . "-images` WHERE id=" . $del . " AND home=" . $g);
if (DB::affectedRows() === 1) {
$message = _formMessage(1, $_lang['global.done']);
}
}
/* --- vystup --- */
if ($continue) {
$output .= "\n<a href='index.php?p=content-editgallery&id=" . $g . "' class='backlink'>< návrat zpět</a>\n<h1>" . $_lang['admin.content.manageimgs.title'] . "</h1>\n<p class='bborder'>" . str_replace("*galtitle*", $galdata['title'], $_lang['admin.content.manageimgs.p']) . "</p>\n\n" . $message . "\n\n<script type='text/javascript'>\n/* <![CDATA[ */\n\$(document).ready(function(){\n \$('.hs_fieldset').each(function(){\n var fieldset = this;\n var link = \$(fieldset).find('legend > a').get(0);\n var form = \$(fieldset).children('form');\n \$(form).hide();\n \$(link).click(function(){\n \$(form).slideToggle('fast');\n\n return false;\n });\n });\n});\n/* ]]> */\n</script>\n\n<fieldset>\n<legend>" . $_lang['admin.content.manageimgs.upload'] . "</legend>\n<form action='index.php?p=content-manageimgs&g=" . $g . "' method='post' enctype='multipart/form-data'>\n <p>" . sprintf($_lang['admin.content.manageimgs.upload.text'], _galuploadresize_w, _galuploadresize_h) . "</p>\n <input type='hidden' name='xaction' value='7' />\n <div id='fmanFiles'><input type='file' name='uf0[]' multiple='multiple' /> <a href='#' onclick='return _sysFmanAddFile();'>" . $_lang['admin.fman.upload.addfile'] . "</a></div>\n <div class='hr'><hr /></div>\n <p>\n <input type='submit' value='" . $_lang['admin.content.manageimgs.upload.submit'] . "' />" . (($uplimit = _getUploadLimit(true)) !== null ? " <small>" . $_lang['global.uploadlimit'] . ": <em>" . _getUploadLimit() . "MB</em>, " . $_lang['global.uploadext'] . ": <em>" . implode(', ', SL::$imageExt) . "</em></small>" : '') . "<br />\n <label><input type='checkbox' value='1' name='moveords' checked='checked' /> " . $_lang['admin.content.manageimgs.moveords'] . "</label>\n </p>\n" . _xsrfProtect() . "</form>\n</fieldset>\n\n<fieldset class='hs_fieldset'>\n<legend><a href='#'>" . $_lang['admin.content.manageimgs.insert'] . "</a> <small>(" . $_lang['admin.content.manageimgs.insert.tip'] . ")</small></legend>\n<form action='index.php?p=content-manageimgs&g=" . $g . "' method='post' name='addform' onsubmit='_sysGalTransferPath(this);'>\n<input type='hidden' name='xaction' value='1' />\n\n<table>\n<tr class='valign-top'>\n\n<td>\n <table>\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n <td><input type='text' name='title' class='inputmedium' maxlength='64' /></td>\n </tr>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n <td><input type='text' name='ord' class='inputsmall' disabled='disabled' /> <label><input type='checkbox' name='moveords' value='1' checked='checked' onclick=\"_sysDisableField(this.checked, 'addform', 'ord');\" /> " . $_lang['admin.content.manageimgs.moveords'] . "</label></td>\n </tr>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.manageimgs.prev'] . "</strong></td>\n <td><input type='text' name='prev' class='inputsmall' disabled='disabled' /> <label><input type='checkbox' name='autoprev' value='1' checked='checked' onclick=\"_sysDisableField(this.checked, 'addform', 'prev');\" /> " . $_lang['admin.content.manageimgs.autoprev'] . "</label></td>\n </tr>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.manageimgs.full'] . "</strong></td>\n <td><input type='text' name='full' class='inputmedium' /></td>\n </tr>\n\n <tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.insert'] . "' /></td>\n </tr>\n\n </table>\n</td>\n\n<td>\n" . (_loginright_adminfman ? "<div id='gallery-browser'>\n " . (!isset($_GET['browserpath']) ? "<a href='#' onclick=\"return _sysGalBrowse('" . urlencode(_upload_dir) . (_loginright_adminfmanlimit ? _loginname . '%2F' : '') . "');\"><img src='images/icons/loupe.png' alt='browse' class='icon' />" . $_lang['admin.content.manageimgs.insert.browser.link'] . "</a>" : "<script type='text/javascript'>_sysGalBrowse('" . _htmlStr($_GET['browserpath']) . "');</script>") . "\n</div>" : '') . "\n</td>\n\n</tr>\n</table>\n\n" . _xsrfProtect() . "</form>\n</fieldset>\n\n";
// strankovani
$paging = _resultPaging("index.php?p=content-manageimgs&g=" . $g, $galdata['var2'], "images", "home=" . $g);
$s = $paging[2];
$output .= "\n<fieldset>\n<legend>" . $_lang['admin.content.manageimgs.current'] . "</legend>\n<form action='index.php?p=content-manageimgs&g=" . $g . "&page=" . $s . "' method='post' name='editform'>\n<input type='hidden' name='xaction' value='4' />\n\n<input type='submit' value='" . $_lang['admin.content.manageimgs.savechanges'] . "' class='gallery-savebutton' />\n" . $paging[0] . "\n<div class='cleaner'></div>";
// vypis obrazku
<?php
/* --- incializace jadra --- */
require '../../require/load.php';
SL::init('../../');
/* --- hlasovani --- */
// nacteni promennych
if (isset($_POST['pid']) and isset($_POST['option']) and _xsrfCheck()) {
$pid = intval($_POST['pid']);
$option = intval($_POST['option']);
// ulozeni hlasu
$query = DB::query("SELECT locked,answers,votes FROM `" . _mysql_prefix . "-polls` WHERE id=" . $pid);
if (DB::size($query) != 0) {
$query = DB::row($query);
$answers = explode("#", $query['answers']);
$votes = explode("-", $query['votes']);
if (_loginright_pollvote and $query['locked'] == 0 and _iplogCheck(4, $pid) and isset($votes[$option])) {
$votes[$option] += 1;
$votes = implode("-", $votes);
DB::query("UPDATE `" . _mysql_prefix . "-polls` SET votes='" . $votes . "' WHERE id=" . $pid);
_iplogUpdate(4, $pid);
}
}
}
// presmerovani
_returnHeader();
// nacteni dat
if ($new) {
if (!isset($q)) {
$q = array();
}
$q += array('id' => null, 'old' => '', 'new' => '', 'active' => '1');
} else {
$q = DB::query_row('SELECT * FROM `' . _mysql_prefix . '-redir` WHERE id=' . $edit_id);
if ($q === false) {
break;
}
}
// formular
$output .= $message . "\n<form action='' method='post'>\n<table class='formtable'>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.old'] . "</strong></td>\n <td><input type='text' name='old' value='" . $q['old'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.new'] . "</strong></td>\n <td><input type='text' name='new' value='" . $q['new'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.act'] . "</strong></td>\n <td><input type='checkbox' name='act' value='1'" . _checkboxActivate($q['active']) . " /></td>\n</tr>\n\n<tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.' . ($new ? 'create' : 'save')] . "' /></td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>";
} while (false);
} elseif (isset($_GET['del']) && _xsrfCheck(true)) {
// smazani
DB::query('DELETE FROM `' . _mysql_prefix . '-redir` WHERE id=' . intval($_GET['del']));
$output .= _formMessage(1, $_lang['global.done']);
} elseif (isset($_GET['wipe'])) {
// smazani vsech
if (isset($_POST['wipe_confirm'])) {
DB::query('TRUNCATE TABLE `' . _mysql_prefix . '-redir`');
$output .= _formMessage(1, $_lang['global.done']);
} else {
$output .= "\n<form action='' method='post' class='formbox'>\n" . _formMessage(2, $_lang['admin.content.redir.act.wipe.confirm']) . "\n<input type='submit' name='wipe_confirm' value='" . $_lang['admin.content.redir.act.wipe.submit'] . "' />\n" . _xsrfProtect() . "</form>\n";
}
}
// tabulka
$output .= "<table class='list'>\n<thead><tr><td>" . $_lang['admin.content.redir.old'] . "</td><td>" . $_lang['admin.content.redir.new'] . "</td><td>" . $_lang['admin.content.redir.act'] . "</td><td>" . $_lang['global.action'] . "</td></tr></thead>\n<tbody>\n";
// vypis
<?php
/* --- incializace jadra --- */
if (!defined('_core')) {
require '../require/load.php';
SL::init('../');
}
/* --- odhlaseni a presmerovani --- */
if (_xsrfCheck(true)) {
_userLogout();
}
_returnHeader();
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- pripava promennych --- */
$levelconflict = false;
// id
$continue = false;
if (isset($_GET['id']) && _xsrfCheck(true)) {
$id = DB::esc(_anchorStr($_GET['id'], false));
$query = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
if (_levelCheck($query['id'])) {
$continue = true;
} else {
$continue = false;
$levelconflict = true;
}
$id = $query['id'];
}
}
if ($continue) {
/* --- odstraneni --- */
if ($query['id'] != 0 and $query['id'] != _loginid) {
if (_deleteUser($id)) {
$output .= _formMessage(1, $_lang['global.done']);
} else {
$output .= _formMessage(2, $_lang['global.error']);
$output .= '
<div id="top">
<div id="header">' . $usermenu . _title . ' - ' . $_lang['admin.title'] . '</div>
<hr class="hidden" />
' . $menu . '
</div>';
$output .= "\n\n<div id='content'>\n";
/* --- zprava o odeprenem pristupu --- */
if (_loginindicator and _loginright_administration != 1) {
$output .= "<h1>" . $_lang['global.error'] . "</h1>" . _formMessage(3, $_lang['admin.denied']);
}
/* --- prihlaseni nebo obsah --- */
if (_loginindicator and _loginright_administration) {
// xsrf ochrana
$xsrf_protect = true;
if (!empty($_POST) && !_xsrfCheck()) {
// neplatny token
$output .= "<h1>" . $_lang['xsrf.title'] . "</h1><br>\n";
$output .= _formMessage(3, $_lang['xsrf.msg'] . '<ul><li>' . str_replace('*domain*', _getDomain(), $_lang['xsrf.warning']) . '</li></ul>');
$output .= "<form action='' method='post'>\n" . _getPostdata(false, null, array('_security_token')) . _xsrfProtect() . "\n<p><input type='submit' value='" . $_lang['xsrf.button'] . "' /></p>\n</form>\n";
} else {
// vlozeni modulu
if (array_key_exists($getp, $modules)) {
if ($modules[$getp][1] == true and ($modules[$getp][2] == null or $modules[$modules[$getp][2]][1] == true)) {
/*zpetny odkaz*/
if ($modules[$getp][2] != null and !(isset($modules[$getp][4]) and $modules[$getp][4] == true)) {
$output .= "<a href='index.php?p=" . $modules[$getp][2] . "' class='backlink'>< " . $_lang['global.return'] . "</a>";
}
/*titulek*/
if (!(isset($modules[$getp][4]) and $modules[$getp][4] == true)) {
$output .= "<h1>" . $modules[$getp][0] . "</h1>";
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- priprava, odstraneni sloupce --- */
$message = "";
if (isset($_GET['delcolumn']) && _xsrfCheck(true)) {
DB::query("DELETE FROM `" . _mysql_prefix . "-boxes` WHERE `column`='" . DB::esc($_GET['delcolumn']) . "'");
$message = _formMessage(1, $_lang['global.done']);
}
/* --- vystup --- */
$output .= "<p class='bborder'>" . $_lang['admin.content.boxes.p'] . "</p>\n<p><a href='index.php?p=content-boxes-new'><img src='images/icons/new.png' alt='new' class='icon' />" . $_lang['admin.content.boxes.create'] . "</a></p>" . $message . "\n\n<table class='listable'>\n<thead><tr><td>" . $_lang['admin.content.boxes.column'] . "</td><td>" . $_lang['admin.content.boxes.totalboxes'] . "</td><td>" . $_lang['global.action'] . "</td></tr></thead>\n<tbody>";
$query = DB::query("SELECT DISTINCT `column` FROM `" . _mysql_prefix . "-boxes` ORDER BY `column`");
while ($item = DB::row($query)) {
$output .= "<tr><td><a href='index.php?p=content-boxes-edit&c=" . urlencode($item['column']) . "' class='block'><img src='images/icons/dir.png' alt='col' class='icon' /><strong>" . _htmlStr($item['column']) . "</strong></a></td><td>" . DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-boxes` WHERE `column`='" . DB::esc($item['column']) . "'"), 0) . "</td><td><a href='" . _xsrfLink("index.php?p=content-boxes&delcolumn=" . urlencode($item['column'])) . "' onclick='return _sysConfirm();'><img src='images/icons/delete.png' alt='del' class='icon' />" . $_lang['global.delete'] . "</a></td></tr>\n";
}
$output .= "</tbody></table>";
<?php
/* --- inicializace jadra --- */
require '../../require/load.php';
require_once '../../admin/functions-backup.php';
define('_header', '');
SL::init('../../');
// podminka spusteni
if (!_loginright_adminbackup || !_xsrfCheck()) {
exit;
}
// nacteni parametru
_checkKeys('_POST', array('type', 'fname', 'compress'));
$type = intval($_POST['type']);
$fname = basename(trim($_POST['fname']));
if (empty($fname)) {
$fname = 'backup';
}
$compress = intval($_POST['compress']);
$extra_dirs = null;
if (in_array($type, array(_backup_partial, _backup_full)) && isset($_POST['dir_upload'])) {
$extra_dirs = array('upload');
}
// ulozeni na serveru?
if ($store = isset($_POST['target_store'])) {
// uplnou zalohu nelze ulozit
if ($type === _backup_full) {
die;
}
// zpracovat nazev souboru a otevrit
$type_ext = _backupExt($type);