Example #1
0
 public static function getStatusUser($user_id)
 {
     if (DB::query_row("SELECT * FROM `online_tb` WHERE `user_id` = '" . $user_id . "' && `date` >= '" . date("Y-m-d H:i:s", time() - 60 * 10) . "'")) {
         return true;
     }
     return false;
 }
Example #2
0
 function getCount($aResultSQL)
 {
     $ex = explode("FROM ", $aResultSQL);
     unset($ex['0']);
     $count = DB::query_row("SELECT COUNT(DISTINCT(" . $this->count_field . ")) as count FROM " . implode(" ", $ex));
     return $count['count'];
 }
Example #3
0
 public static function getMeta($parentID, $table)
 {
     if ($meta = DB::query_row("SELECT * FROM `meta_tb` WHERE `parentID` = '" . DB::escape($parentID) . "' && `table` = '" . DB::escape($table) . "'")) {
         return $meta;
     }
     return false;
 }
Example #4
0
 function actionEdit()
 {
     $obj = DB::query_row("SELECT * FROM `" . $_GET['table'] . "` WHERE `id` = '" . $_GET['id'] . "'");
     $class = new $_GET['class']();
     $oForm = call_user_func(array($class, "form"), $obj);
     $oForm->setFunctionPostBack($this, "editForm");
     //echo $oForm->getForm("", "");die();
     return $this->InIndex("Редактирование " . $oForm->getFormName(), $oForm->getForm("", ""), 1);
 }
function _HCM_recentposts($limit = null, $stranky = "", $typ = null)
{
    // priprava
    $result = "";
    if (isset($limit) and intval($limit) >= 1) {
        $limit = abs(intval($limit));
    } else {
        $limit = 10;
    }
    // filtr cisel sekci, knih nebo clanku
    if (isset($stranky) and isset($typ)) {
        $rtype = intval($typ);
        if ($rtype < 1 or $rtype > 3) {
            $rtype = 1;
        }
        $rroots = "(" . _sqlWhereColumn("home", $stranky) . ") AND type=" . $rtype;
    } else {
        $rroots = "type!=4 AND type!=6 AND type!=7";
    }
    $query = DB::query("SELECT id,type,home,xhome,subject,author,guest,time,text FROM `" . _mysql_prefix . "-posts` WHERE " . $rroots . " ORDER BY id DESC LIMIT " . $limit);
    while ($item = DB::row($query)) {
        // nacteni titulku a odkazu na stranku
        switch ($item['type']) {
            case 1:
            case 3:
                $hometitle = DB::query_row("SELECT title,title_seo FROM `" . _mysql_prefix . "-root` WHERE id=" . $item['home']);
                $homelink = _linkRoot($item['home'], $hometitle['title_seo']);
                break;
            case 2:
                $hometitle = DB::query_row("SELECT art.title,art.title_seo,cat.title_seo AS cat_title_seo FROM `" . _mysql_prefix . "-articles` AS art JOIN `" . _mysql_prefix . "-root` AS cat ON(cat.id=art.home1) WHERE art.id=" . $item['home']);
                $homelink = _linkArticle($item['home'], $hometitle['title_seo'], $hometitle['cat_title_seo']);
                break;
            case 5:
                if ($item['xhome'] == -1) {
                    $tid = $item['id'];
                    $hometitle = array("title" => $item['subject']);
                } else {
                    $tid = $item['xhome'];
                    $hometitle = DB::query_row("SELECT subject FROM `" . _mysql_prefix . "-posts` WHERE id=" . $item['xhome']);
                    $hometitle = array("title" => $hometitle['subject']);
                }
                $homelink = "index.php?m=topic&amp;id=" . $tid;
                break;
        }
        // nacteni jmena autora
        if ($item['author'] != -1) {
            $authorname = _linkUser($item['author'], null, true, true);
        } else {
            $authorname = $item['guest'];
        }
        $hometitle = $hometitle['title'];
        $result .= "\n<h2 class='list-title'><a href='" . $homelink . "'>" . $hometitle . "</a></h2>\n<p class='list-perex'>" . _cutStr(strip_tags(_parsePost($item['text'])), 256) . "</p>\n<div class='list-info'>\n<span>" . $GLOBALS['_lang']['global.postauthor'] . ":</span> " . $authorname . _template_listinfoseparator . "\n<span>" . $GLOBALS['_lang']['global.time'] . ":</span> " . _formatTime($item['time']) . "\n</div>\n\n";
    }
    return $result;
}
Example #6
0
 function table($aRow)
 {
     $photo = Photo::getPhotoById($aRow['main']);
     $aRow['main'] = "<img src='" . $photo['path'] . "/thumb/" . $photo['name'] . "'>";
     if ($parent = DB::query_row("SELECT * FROM `category_tb` WHERE `id` = '" . DB::escape($aRow['categoryID']) . "'")) {
         $aRow['categoryID'] = $parent['name'];
     } else {
         $aRow['categoryID'] = "нет";
     }
     return $aRow;
 }
Example #7
0
 public static function authorized($email, $password)
 {
     self::$user = DB::query_row('SELECT * FROM `user_tb` WHERE `email`="' . mysqli_real_escape_string(DB::$desc, $email) . '" && `passwd` = "' . mysqli_real_escape_string(DB::$desc, $password) . '" ');
     if (!self::$user) {
         return FALSE;
     }
     if (self::$user['isactive'] == 1) {
         return FALSE;
     }
     $_SESSION['session_id'] = self::$user['id'];
     return TRUE;
 }
Example #8
0
 function table($aRow)
 {
     if ($parent = DB::query_row("SELECT * FROM `category_tb` WHERE `id` = '" . DB::escape($aRow['categoryID']) . "'")) {
         $aRow['categoryID'] = $parent['name'];
     } else {
         $aRow['categoryID'] = "нет";
     }
     if (DB::query_row("SELECT * FROM `category_tb` WHERE `categoryID` = '" . $aRow['id'] . "'")) {
         $aRow['name'] = '<a href="/admin/ru/Category/Show/?categoryID=' . $aRow['id'] . '">' . $aRow['name'] . '</a>';
     }
     return $aRow;
 }
Example #9
0
function _HCM_linkart($id = null, $text = null, $nove_okno = false)
{
    if (null === $text) {
        $query = DB::query_row('SELECT art.title,art.title_seo,cat.title_seo AS cat_title_seo FROM `' . _mysql_prefix . '-articles` AS art JOIN `' . _mysql_prefix . '-root` AS cat ON(cat.id=art.home1) WHERE art.' . (is_numeric($id) ? 'id' : 'title_seo') . '=' . DB::val($id));
        if (false === $query) {
            return '{' . _htmlStr($id) . '}';
        }
        $text = $query['title'];
    } else {
        $query = array('title_seo' => null, 'cat_title_seo' => null);
    }
    return "<a href='" . _linkArticle($id, $query['title_seo'], $query['cat_title_seo']) . "'" . ($nove_okno ? ' target="_blank"' : '') . ">" . $text . "</a>";
}
Example #10
0
 function actionNews()
 {
     if (isset($_GET['all'])) {
         DB::query("UPDATE `user_tb` SET `news` = '0' WHERE `id` = '" . $_SESSION['session_id'] . "'");
         $this->redirectTo("/news/");
     }
     $limit = ($_GET['page'] - 1) * $this->count . ", " . $this->count;
     $news = DB::query_array("SELECT * FROM `news_tb` ORDER BY `id` DESC LIMIT " . $limit);
     $cpartners = DB::query_row("SELECT COUNT(id) as count FROM `news_tb` ");
     if (ceil($cpartners['count'] / $this->count) > 1) {
         $this->oSmarty->assign("pagination", $this->getNavigationIndex($cpartners['count'], $this->count, "/news/", $_GET['page'], 10));
     }
     return $this->oSmarty->assign("news", $news)->fetch($_GET['region'] . "/Body/News.tpl");
 }
         $message = "<br /><ul>\n";
         foreach ($prev_count as $key => $val) {
             $message .= "<li><strong>" . $_lang[$key] . ":</strong> <code>" . $val . "</code></li>\n";
         }
         $message .= "</ul>";
     } else {
         $message = _formMessage(1, $_lang['global.done']);
     }
     break;
     // deinstalace
 // deinstalace
 case 2:
     $pass = $_POST['pass'];
     $confirm = _checkboxLoad("confirm");
     if ($confirm) {
         $right_pass = DB::query_row("SELECT password,salt FROM `" . _mysql_prefix . "-users` WHERE id=0");
         if (_md5Salt($pass, $right_pass['salt']) == $right_pass['password']) {
             // ziskani tabulek
             $tables = array();
             $q = DB::query('SHOW TABLES LIKE \'' . _mysql_prefix . '-%\'');
             while ($r = DB::rown($q)) {
                 $tables[] = $r[0];
             }
             // odstraneni tabulek
             foreach ($tables as $table) {
                 DB::query("DROP TABLE `" . $table . "`");
             }
             // zprava
             _userLogout();
             echo "<h1>" . $_lang['global.done'] . "</h1>\n<p>" . $_lang['admin.other.cleanup.uninstall.done'] . "</p>";
             exit;
Example #12
0
    $oBaseModule->oSmarty->assign("user", Auth::getUser());
}
if (!isset($menu['class'])) {
    $oBaseModule->redirectTo("/404/");
}
$oProcess = new $menu['class']();
$action = $menu['method'] == "" ? "action" : "action" . $menu['method'];
call_user_func(array($oProcess, "init"), &$oBaseModule->oSmarty);
$CONTENT = call_user_func(array($oProcess, $action));
//echo $_SERVER['HTTP_ACCEPT'];die();
if (mb_strpos($_SERVER['HTTP_ACCEPT'], "json")) {
    echo json_encode(array('result' => $CONTENT));
    die;
} else {
    if ($CONTENT == null) {
        $oBaseModule->redirectTo("/404/");
    }
    $oBaseModule->oSmarty->assign("text", $CONTENT);
    header('Content-type: text/html; charset=utf-8');
    header("HTTP/1.1 200 OK", TRUE, 200);
    if (isset($_SESSION['session_id']) && is_file("i/profile/" . $_SESSION['session_id'] . ".jpg")) {
        $oBaseModule->oSmarty->assign("photo_profile", "/i/profile/" . $_SESSION['session_id'] . ".jpg");
    }
    $active = call_user_func(array($oProcess, "getActive"), &$oBaseModule->oSmarty);
    $oBaseModule->oSmarty->assign("active", $active);
    if (isset($_SESSION['session_id']) && $_SESSION['session_id'] != '') {
        echo $oBaseModule->oSmarty->assign("user_amount", number_format(Config::userAmount($_SESSION['session_id']), 0, ',', ' '))->assign("count_message", DB::query_row("SELECT COUNT(id) as count FROM `pmessage_tb` WHERE `status` = '1' && `user_id` = '" . $_SESSION['session_id'] . "'"))->assign("count_news", Auth::getUser("news"))->fetch($_GET['region'] . "/IndexFrontend.tpl");
    } else {
        echo $oBaseModule->oSmarty->fetch($_GET['region'] . "/IndexAuth.tpl");
    }
}
 /**
  * Delete action
  * @param  array      $params
  * @param  array      $action
  * @param  AdminBread $bread
  * @return array
  */
 public static function deleteAction(array $params, array $action, AdminBread $bread)
 {
     $messages = array();
     $trigger = "_del_{$bread->uid}";
     /* ----- load data ----- */
     // verify ID
     if (!isset($params[1])) {
         return array(array('msg' => 'Missing parameter 1 for ' . __METHOD__), self::ACTION_ERR);
     }
     // process ID
     $id = (int) $params[1];
     // load data
     $sql = $bread->formatSql("SELECT %columns% FROM `" . $bread->formatTable($bread->table) . "` {$bread->tableAlias} WHERE {$bread->tableAlias}.{$bread->primary}=@id@", array('columns' => array_merge(array($bread->primary), $action['extra_columns']), 'id' => $id));
     $data = DB::query_row($sql);
     if (false === $data) {
         return array(null, self::ACTION_NOT_FOUND);
     }
     /* ----- delete ----- */
     if (isset($_POST[$trigger])) {
         // handler or simple delete
         if (null !== $action['handler']) {
             // use handler
             $success = call_user_func($action['handler'], array('data' => $data, 'params' => $params, 'action' => $action, 'bread' => $bread, 'messages' => &$messages));
         } else {
             // simple delete
             $success = DB::query($bread->formatSql("DELETE FROM `" . $bread->formatTable($bread->table) . "` WHERE {$bread->primary}=@id@ LIMIT 1", array('id' => $id)));
         }
         // handle result
         if ($success) {
             return array(array('messages' => $messages), self::ACTION_DONE);
         } else {
             $messages[] = array(2, $GLOBALS['_lang']['global.error']);
         }
     }
     /* ----- render ----- */
     return array(array('messages' => $messages), $bread->render($action['template'], array('data' => $data, 'self' => $params['action'], 'submit_text' => $GLOBALS['_lang']['admin.content.redir.act.wipe.submit'], 'submit_trigger' => $trigger)));
 }
Example #14
0
     // forum
 // forum
 case 5:
     $tdata = DB::query("SELECT public,var2,var3,level FROM `" . _mysql_prefix . "-root` WHERE id=" . $posttarget . " AND type=8");
     if (DB::size($tdata) != 0) {
         $tdata = DB::row($tdata);
         if (_publicAccess($tdata['public'], $tdata['level']) and _publicAccess($tdata['var3']) and $tdata['var2'] != 1) {
             $continue = true;
         }
     }
     break;
     // zprava
 // zprava
 case 6:
     if (_messages && _loginindicator) {
         $tdata = DB::query_row('SELECT sender,receiver FROM `' . _mysql_prefix . '-pm` WHERE id=' . $posttarget . ' AND (sender=' . _loginid . ' OR receiver=' . _loginid . ') AND sender_deleted=0 AND receiver_deleted=0');
         if ($tdata !== false) {
             $continue = true;
             $xhome = $posttarget;
         }
     }
     break;
     // plugin post
 // plugin post
 case 7:
     _extend('call', 'posts.' . $pluginflag . '.validate', array('home' => $posttarget, 'valid' => &$continue));
     break;
     // blbost
 // blbost
 default:
     die;
<?php

/* ---  kontrola jadra  --- */
if (!defined('_core')) {
    exit;
}
/* ---  nacteni promennych  --- */
$continue = false;
if (isset($_GET['cat'])) {
    $cid = intval($_GET['cat']);
    if (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-root` WHERE id=" . $cid . " AND type=2"), 0) != 0) {
        $catdata = DB::query_row("SELECT title,var1,var2 FROM `" . _mysql_prefix . "-root` WHERE id=" . $cid);
        $continue = true;
    }
}
/* ---  vystup --- */
if ($continue) {
    $output .= "\n<p class='bborder'>" . $_lang['admin.content.articles.list.p'] . "</p>\n";
    // nastaveni strankovani podle kategorie
    $artsperpage = $catdata['var2'];
    switch ($catdata['var1']) {
        case 1:
            $artorder = "art.time DESC";
            break;
        case 2:
            $artorder = "art.id DESC";
            break;
        case 3:
            $artorder = "art.title";
            break;
        case 4:
Example #16
0
    define('LOCAL_SERVER', TRUE);
} else {
    $db_host = "jgiven79.mydomaincommysql.com";
    $db_name = "ezonsync";
    $db_username = "******";
    $db_pass = "******";
    define('LOCAL_SERVER', FALSE);
}
foreach (glob('lib/autoload/*.php') as $lib) {
    require_once $lib;
}
$db = new DB($db_name, $db_host, $db_username, $db_pass);
if (isset($_SESSION['user_id'])) {
    $active_user = $_SESSION['user_id'];
    $sql = "SELECT * FROM ebay_users WHERE user_id = {$active_user}";
    $user = array_map('trim', DB::query_row($sql));
    $DEVNAME = $user['dev_name'];
    $APPNAME = $user['app_name'];
    $CERTNAME = $user['cert_name'];
    //$token = encrypt('AgAAAA**AQAAAA**aAAAAA**G+62VA**nY+sHZ2PrBmdj6wVnY+sEZ2PrA2dj6AFmYKiAZODqAidj6x9nY+seQ**D5kCAA**AAMAAA**hBTDbwVBZQzRd1eWo+Q6GpIKHswi1M0LpELsFw3mMBz1rTRu6YbK++5EW9jfeOEaP47160L+pM3DonYI+9x0IRUrCGa5A+KARGCZsAtv9ahZO/SNw0zdKEqGQjU2gDbEtniyRYGhRXmyNBadHTQjnl21gsCGRyIO3IJDiMkdm8pxl/lTax4XaNr2lvrCD4zzBSFVScyKxnJAIFnFhuhMij3vagg452WSHApVajCe4STr9yatb9VX1Rleo2jVHQdWX5XrAV3HXvAP3MsVVu4LXAvtXvmbOAmM6c/FS6yqrC1k1dS7ODqTFxSgaDPwJxJxJ/FVmpKlkgOyRC2n9MMXqY2GCe+3uPa4CsosCnKduTryU1BSsw2wmizaG/uDoX7w8ci6D17ot3OJbhQQUFfO0RaGFQuSHTq1T0qSnhRzpHQrdHuX6iHWYTYt9/aP/rONApXk7Y5zGx9AKjwxyfPPWztyrG1Xo8v+WVySrQ6DN6yY4KYFDzjR/ENhy2Hnd/gxIMkQXmLrq4gzgJ9RPG3V6kBxoGrqOJ5tT45SBNp3gvxe9lpeTSRrwr8LGKTLHc/ukq3eTdLiQoXTyCBOp8EyU9J/7oz9/+b1mRLNq2zkCZkTyicST0TB+TmyEgnvzxtIqWv5Ho3ULbKYd0UcQo43CMpEuU88OA+uAZCCBGsY77YKnA3lKl7G7p+HOM7nAoWd20eVCsACmNhSDhRkVn+l4m+48gPxGTGJh107N7GqM+ExG1nXYS/cqFo0EXpgVyGr');
    //xd(encrypt("AgAAAA**AQAAAA**aAAAAA**JPnJVA**nY+sHZ2PrBmdj6wVnY+sEZ2PrA2dj6wFk4GhDZGLpwudj6x9nY+seQ**TzUDAA**AAMAAA**vKXXPTO6jEoyGt+tEaOoay7uhUawF5n7YMuRajXR2Oq3NtXE2aFumryVj0iOkFogNf/0DxW2iffHyLUv93eRc/AMZFXyGBJb470GEGm6hh9ou7gUsIPN4Q7frHQgtl7yqrJ6RMBsYw4xuVVrqaTJ0Ud4gIaKFpxwV7KxJE20H2/MVUOFv4d/OhG8Y9pJJFITFQguWiMHB1amGPBugHADrYc97/wF/i3f5AZ+/6pjFGNAR2nmRA0NunJrqCHT4z0ckjB/aE0eRFOtFv35MIKyCSGMhVNzuv94p4OUFUAfEv2ojjf1/Qla8ufpnPigmfSjLVWaSGMqNu2nOPZL0Ul8j9MTCKI0MMxk5USC+gduMCKu2AIvLzd089heFPCwGH7MeNSlRdFEq0BshHNdzBXS+sGgvfHArIg0TIXzqq7Kn85F90F2HL9rFgfDaywZmk5lvMv0W7DjpbsoSsSQv9H8AmivtBsQN7J0KovenEKmOF1AK7U7MIC/evDRFzWyu2B6B3I7ylkMd+P9nygw3/a/eQMVGtt5kIJVByoLjVY5KMlrBZ1xSqALsvmaS2xG5PWAq8077oB5U3y1iUZwH1941wkMgE2tB3NQVBGuLe5drIvt5ODvCkNxewP6aLmMInGOqwvgWE20+uWZQhiqWtcqMSScHGxIO5poyIAARlwlmsiqcBwwCHPJoo4+1y9C34nSFvvcDSMNJCP3of4j4EsrMNcVsMv0OtywBIR1y1VQ54N7MPRvInqXwCYZKpQuyDOq")); // TESTUSER_seeker1983
    //xd(encrypt("AgAAAA**AQAAAA**aAAAAA**bajSVA**nY+sHZ2PrBmdj6wVnY+sEZ2PrA2dj6wFk4GhDZKKpwydj6x9nY+seQ**zjgDAA**AAMAAA**xN7nAFSZwy0OULgz4hYVevvVk4DmgZp38S0PkqCtN0v2eNAviRrZuoYFbNWzXuyGc+ebcPkWaL1hY7IKm0BUCiFShZQo+p70ZObH0cotvF9xu9jg8Oj8M/Tr7ocaRf3JYqwL9igtJb6RXM7F0r69OcN3G/mu4iOSSIWjMeDmG7WbkjzVlQwidWAJlne8nMviZpTakBXweGIX3AdpfM9MSVO2mPpJZwQZiIqqEOIvHnTn1lFgKIkPU66jFCeeFv1ykWmkad1rKCJjOzpMKSB3gpf2wr3CG6voueYvt6gYzJ/+6Xb0vuYLV34cr8bX7QQPfQx/xdIFuCW1ZLrXaEvsMsojBgHwvIdUYZDMf3cK0P+XQN8yIALKYKnRDMXCuGtskYhNcswtDKu1kCtx9RAEt+JN28nj7dv2VfMsrt2E4OoZeZ29eQdT/mCXEFAyDz9HlUU5TtiVtRh/3N6wIgLT7/J169iLpDmEDKAp6W6F6MiQ82jeNxq/khUEdfOAZnkR73CyZ4ZatY1JvKJeo5XIgOuB6DkT7frMJltKIedqzSeDz+nBL/kRdNzyW5asaR0H1qg02C+3jaYRHURLiReBGN7YnGBxgVsiBzilMuz2D3m6n3veQAZWXf92QIBR2XVqcR2Ie/qw4L2eJtmFxUc75ZwQSOZgsyuHb1I+XBpdhHY0IDxrpBhnujlizZ3D0FUJWsACK1F9hte28XzlvSirWlmEPiK8T6YbWNz2SHU7C+ap+0PXSs7xgZ0JTLI706/2")); // TESTUSER_jgiven
    //mysql_query("UPDATE ebay_users set `token`='$token' WHERE user_id = $active_user");
    $token = decrypt($user['token']);
    $ebayusername = $user['ebay_name'];
    if ($user['sandbox']) {
        $eBayAPIURL = "https://api.sandbox.ebay.com/ws/api.dll";
    } else {
        $eBayAPIURL = "https://api.ebay.com/ws/api.dll";
    }
}
Example #17
0
<?php

/* ---  kontrola jadra  --- */
if (!defined('_core')) {
    exit;
}
/* ---  priprava  --- */
$form = false;
$message = "";
$id = null;
if (isset($_GET['id'])) {
    $id = DB::esc($_GET['id']);
    $query = DB::query("SELECT * FROM `" . _mysql_prefix . "-users` WHERE username='******'");
    if (DB::size($query) != 0) {
        $query = DB::row($query);
        $groupdata = DB::query_row("SELECT title,descr,icon,color,blocked FROM `" . _mysql_prefix . "-groups` WHERE id=" . $query['group']);
        $form = true;
        // promenne
        if ($query['note'] == "") {
            $note = "";
        } else {
            $note = "<tr class='valign-top'><td><strong>" . $_lang['global.note'] . "</strong></td><td><div class='note'>" . _parsePost($query['note']) . "</div></td></tr>";
        }
        // cesta k avataru
        $query['avatar'] = _getAvatar($query['id'], true, false, true);
        // clanky autora
        $arts = DB::result(DB::query("SELECT COUNT(*) FROM `" . _mysql_prefix . "-articles` AS art WHERE author=" . $query['id'] . " AND " . _sqlArticleFilter()), 0);
        if ($arts != 0) {
            // zjisteni prumerneho hodnoceni
            $avgrate = DB::result(DB::query("SELECT ROUND(SUM(ratesum)/SUM(ratenum)) FROM `" . _mysql_prefix . "-articles` WHERE rateon=1 AND ratenum!=0 AND confirmed=1 AND author=" . $query['id']), 0);
            if ($avgrate === null) {
Example #18
0
$oProcess = new Admin();
call_user_func(array($oProcess, "init"), &$oBaseModule->oSmarty);
$CONTENT = call_user_func(array($oProcess, $sAct));
if (isset($_GET['class'])) {
    if (is_file("assets/backend/js/" . $_GET['class'] . ".js")) {
        $oBaseModule->oSmarty->assign("jsfile", "/assets/backend/js/" . $_GET['class'] . ".js");
    }
    if (is_file("assets/backend/css/" . $_GET['class'] . ".css")) {
        $oBaseModule->oSmarty->assign("cssfile", "/assets/backend/css/" . $_GET['class'] . ".css");
    }
}
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    $usr = $_SERVER['PHP_AUTH_USER'];
    $pwd = $_SERVER['PHP_AUTH_PW'];
    //echo $usr."|".$pwd;die();
    if (DB::query_row("SELECT * FROM `user_tb` WHERE `email` = '" . DB::escape($usr) . "' AND `passwd` = '" . DB::escape($pwd) . "' && `status` = '2'")) {
        $login_successful = true;
    }
}
if (!$login_successful) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    print "Login failed!n";
} else {
    $oMenu = new Menu();
    $oMenu->setMenuParent("Информация", '/admin/' . $_GET['region'] . '/');
    $oMenu->setMenuParent("Пользователи", "/admin/" . $_GET['region'] . "/Users/Show/", null);
    $oMenu->setMenuParent("Товары", "/admin/" . $_GET['region'] . "/Product/Show/", null);
    $oMenu->setMenuParent("Категории", "/admin/" . $_GET['region'] . "/Category/Show/", null);
    $parent_id = $oMenu->setMenuParent("Тех поддержка", "/admin/" . $_GET['region'] . "/Support/Show/", null);
    $oBaseModule->oSmarty->assign("menu", $oMenu->getMenu());
            switch ($post['type']) {
                case 1:
                case 3:
                    $hometitle = DB::query_row("SELECT title,title_seo FROM `" . _mysql_prefix . "-root` WHERE id=" . $post['home']);
                    $homelink = _linkRoot($post['home'], $hometitle['title_seo']);
                    $hometitle = $hometitle['title'];
                    break;
                case 2:
                    $hometitle = DB::query_row("SELECT art.title,art.title_seo,cat.title_seo AS cat_title_seo FROM `" . _mysql_prefix . "-articles` AS art JOIN `" . _mysql_prefix . "-root` AS cat ON(cat.id=art.home1) WHERE art.id=" . $post['home']);
                    $homelink = _linkArticle($post['home'], $hometitle['title_seo']);
                    $hometitle = $hometitle['title'];
                    break;
                case 5:
                    $homelink = 'index.php?m=topic&amp;id=' . $post[$post['xhome'] == '-1' ? 'id' : 'xhome'];
                    if ($post['xhome'] == '-1') {
                        $hometitle = $post['subject'];
                    } else {
                        $hometitle = DB::query_row("SELECT subject FROM `" . _mysql_prefix . "-posts` WHERE id=" . $post['xhome']);
                        $hometitle = $hometitle['subject'];
                    }
                    break;
            }
            $module .= "<div class='post-head'><a href='" . $homelink . "#post-" . $post['id'] . "' class='post-author'>" . $hometitle . "</a> <span class='post-info'>(" . _formatTime($post['time']) . ")</span></div><p class='post-body'>" . _parsePost($post['text']) . "</p>\n";
        }
        if (_pagingmode == 2 or _pagingmode == 3) {
            $module .= '<br />' . $paging[0];
        }
    } else {
        $module .= $_lang['global.nokit'];
    }
}
Example #20
0
 public function revise($options)
 {
     $sql = "UPDATE `user_products` SET `VendorPrice` = '{$options['vendor-price']}',\n            `VendorQty` = '{$options['vendor_quantity']}',\n            `ProfitRatio` = '" . $options['profit-pc'] * 100 . "',\n            `Qty` = '{$options['ebay_quantity']}',\n            `price` = '{$options['price']}',\n            `max_quantity` = '{$options['max_quantity']}'\n       WHERE `user_products`.`ItemID` ='{$this->item_id}'";
     $this->query($sql);
     if ($options['price'] != $this->local_data['Price'] || $options['max_quantity'] != $options['ebay_quantity']) {
         $response = Ebay::revise_item($this->item_id, array('quantity' => $options['max_quantity'], 'price' => $options['price']));
         $this->log("Updated: price: {$options['price']}, quantity: {$options['max_quantity']}");
     }
     $this->local_data = DB::query_row("SELECT * from `user_products` where ItemID='{$this->item_id}'");
 }
Example #21
0
<?php

set_time_limit(0);
$start_time = time("now");
require_once 'lib/config.php';
if ($user['group'] !== 'admin') {
    $user_info = $user;
} else {
    if (!empty($_GET['add'])) {
        $user_info = array('user_id' => 'NULL', 'first_name' => '', 'name' => 'John Doe', 'username' => 'new_user', 'password' => '', 'email' => '', 'paypal_address' => '', 'ebay_name' => '', 'dev_name' => '', 'app_name' => '', 'cert_name' => '', 'token' => '', 'sandbox' => '0', 'postal_code' => '00000', 'location' => 'New york', 'payment_methods' => 'PayPal');
        $user_info = array('user_id' => '', 'first_name' => '', 'name' => 'Justin Given', 'username' => 'jgiven', 'password' => '332532dcfaa1cbf61e2a266bd723612c', 'email' => '*****@*****.**', 'paypal_address' => '*****@*****.**', 'ebay_name' => 'mnmerchant2014', 'dev_name' => '47d6fc1b-0e74-4627-b281-be45b8a2191f', 'app_name' => 'MnMercha-6e1f-4d7e-88b9-9954f3aab846', 'cert_name' => 'd5d6cf0c-f5c2-4baa-9196-4cb3db9e0f5d', 'eBayReady' => 'Yes', 'token' => decrypt('+D9KBgPFHvVdaH5I3o1HixlIfEANKhJT7Ti9kyBFwUqIW7ZN3zrBGBVL2javkhM1uxPb9HNz639EiuVfeWoAFdHWx0tuFk8ZGWqbrTFcFueKHLnYr31rUt07AzEoHI7qIDnURm+dwqdm1GEF7tGQ50nHemh1yQ9JkyW6i9UsvRC4v4AVYATzFahcKRFfzkKChwYJ9OlmbklwRvze/9hskWyHLv0eLsVzNhP8mm4n34V6p1iBuzasnHeP6Ipj+n7jAHYhCcs4q5+rJvAD37Cs9mOgUfjCRnWXezhGYM7PzSom68p7dmWGPpOSbBWDScTKp9jlkbDtCFuWrxiyK9SqWIS7SjK7fFb+cX+cGpxm2zfFHz3TnU0p7+J0eXyQFl0Z1H1ScHBZS6yFqcJKI3xfgrPtWG93AuBAYCBpGrCxdXo/PTz4b+dUru1HGUkSAgtS18Fjoef2sTS2MhJIufkmZgrRVV1UaGriuifFM45trj9D2UKFDuT50Y7ssEL8JrRO+1WaUyUrYSgFxW9CmOaCUcOTIIsHa47OmYrq0KdHCLpvEgeLhxvbsyq0clA6d0OksUxhzEbdxAyTXB3n+iA+xeRuz6NtbsREGYy8jTl6PuSr9AAPNuYxhlU2Eg5M8ECxVLwN3LKUdtsviZ0ai8iJKZd6sFWdKEGYEyhbJmfg0j5B+AmNNTRKyFSFKl53UFvKtQkkLolit90ZAxO1dxHWUGOWFjThgQhQUEu8XkrRkIN2RDbRSkOOP3rwNAa9JBXhbo6sbE0uvlE981Uk12WZ7Km9Sx+KFtxpjuk5h2+kQfCMmYpZJJHF6YzObZBfRHyj7m+5/RkYf5LTMzdAptkPwWl+zLiUrw/syDX3px7k+/D3gmde29G/MgI99xCvIFE00iHL40VnU29HdX1R4MpSeRCXB404wJDJ91Y9UXC3m7nWSC7jCpZPkuTatX86xDUpUgezDIMu5OdDTqze3STS+z2VL51fSi75qSvEgXYMMyQPhEt/eY8cg4BGQsVrC8FsZsZNMfD5aWv91yisap/Qg7AJNsxl0HV4jIlsTNWdCNZUENp3ifmEdhnYNw/weeV9Kt2LZKLAfVJOt5XlWj/n87GmtJz8DJWH7SW7Conu9vYVy/LHbWe0vlc0Y1x1KFfRq9UA5DOLEPo='), 'Token_exp_date' => '', 'amazon_username' => '', 'amazon_publickey' => '', 'amazon_privatekey' => '', 'sandbox' => '0', 'postal_code' => '55317', 'location' => 'Mines Chanhassen', 'payment_methods' => 'PayPal', 'footer' => '0');
    } else {
        $user_id = empty($_GET['user_id']) ? $user['user_id'] : intval($_GET['user_id']);
        $user_info = DB::query_row("SELECT * from ebay_users where `user_id` = '{$user_id}'");
    }
}
if (isset($_POST['do'])) {
    $data = array('first_name' => mysql_real_escape_string(isset($_POST['first_name']) ? $_POST['first_name'] : ''), 'name' => mysql_real_escape_string(isset($_POST['name']) ? $_POST['name'] : ''), 'username' => mysql_real_escape_string(isset($_POST['username']) ? $_POST['username'] : ''), 'email' => mysql_real_escape_string(isset($_POST['email']) ? $_POST['email'] : ''), 'paypal_address' => mysql_real_escape_string(isset($_POST['paypal_address']) ? $_POST['paypal_address'] : ''), 'ebay_name' => mysql_real_escape_string(isset($_POST['ebay_name']) ? $_POST['ebay_name'] : ''), 'dev_name' => mysql_real_escape_string(isset($_POST['dev_name']) ? $_POST['dev_name'] : ''), 'app_name' => mysql_real_escape_string(isset($_POST['app_name']) ? $_POST['app_name'] : ''), 'cert_name' => mysql_real_escape_string(isset($_POST['cert_name']) ? $_POST['cert_name'] : ''), 'token' => encrypt($_POST['token']), 'sandbox' => empty($_POST['sandbox']) ? 0 : 1, 'postal_code' => mysql_real_escape_string(isset($_POST['postal_code']) ? $_POST['postal_code'] : ''), 'location' => mysql_real_escape_string(isset($_POST['location']) ? $_POST['location'] : ''), 'payment_methods' => mysql_real_escape_string(isset($_POST['payment_methods']) ? $_POST['payment_methods'] : ''));
    if ($user['group'] == 'admin') {
        if (!empty($_POST['add']) || isset($_GET['add'])) {
            $data['user_id'] = '';
        } else {
            if (!empty($_POST['user_id'])) {
                $data['user_id'] = intval($_POST['user_id']);
            } elseif (!empty($_GET['user_id'])) {
                $data['user_id'] = intval($_GET['user_id']);
            }
        }
    } else {
        $data['user_id'] = $user['user_id'];
    }
Example #22
0
<?php

/* ---  kontrola jadra  --- */
if (!defined('_core')) {
    exit;
}
/* ---  pripava promennych  --- */
$message = "";
$query = DB::query_row("SELECT * FROM `" . _mysql_prefix . "-users` WHERE id=" . _loginid);
if ($query['icq'] == 0) {
    $query['icq'] = "";
}
// cesta k avataru
$avatar_path = _getAvatar(_loginid, true, false, true, true);
/* ---  ulozeni  --- */
if (isset($_POST['username'])) {
    $errors = array();
    /* --  nacteni a kontrola promennych  -- */
    // sebedestrukce
    if (_loginright_selfdestruction and _checkboxLoad("selfremove")) {
        $selfremove_confirm = _md5Salt($_POST['selfremove-confirm'], $query['salt']);
        if ($selfremove_confirm == $query['password']) {
            if (_loginid != 0) {
                _deleteUser(_loginid);
                $_SESSION = array();
                session_destroy();
                define('_redirect_to', 'index.php?m=login&_mlr=4');
                return;
            } else {
                $errors[] = $_lang['mod.settings.selfremove.denied'];
            }
Example #23
0
 $query = DB::row($query);
 if (_postAccess($query)) {
     $continue = true;
     $nobbcode = false;
     $backlink = null;
     _extend('call', 'mod.editpost.backlink', array('backlink' => &$backlink, 'query' => $query));
     if (null === $backlink) {
         switch ($query['type']) {
             case 1:
                 $backlink = _addGetToLink(_linkRoot($query['home']), "page=" . _resultPagingGetItemPage(_commentsperpage, "posts", "id>" . $query['id'] . " AND type=1 AND xhome=-1 AND home=" . $query['home'])) . "#post-" . $query['id'];
                 break;
             case 2:
                 $backlink = _addGetToLink(_linkArticle($query['home']), "page=" . _resultPagingGetItemPage(_commentsperpage, "posts", "id>" . $query['id'] . " AND type=2 AND xhome=-1 AND home=" . $query['home'])) . "#post-" . $query['id'];
                 break;
             case 3:
                 $postsperpage = DB::query_row("SELECT var2 FROM `" . _mysql_prefix . "-root` WHERE id=" . $query['home']);
                 $backlink = _addGetToLink(_linkRoot($query['home']), "page=" . _resultPagingGetItemPage($postsperpage['var2'], "posts", "id>" . $query['id'] . " AND type=3 AND xhome=-1 AND home=" . $query['home'])) . "#post-" . $query['id'];
                 break;
             case 4:
                 $nobbcode = true;
                 break;
             case 5:
                 if ($query['xhome'] == -1) {
                     if (!_checkboxLoad("delete")) {
                         $backlink = "index.php?m=topic&amp;id=" . $query['id'];
                     } else {
                         $backlink = _linkRoot($query['home']);
                     }
                 } else {
                     $backlink = _addGetToLink("index.php?m=topic&amp;id=" . $query['xhome'], "page=" . _resultPagingGetItemPage(_commentsperpage, "posts", "id<" . $query['id'] . " AND type=5 AND xhome=" . $query['xhome'] . " AND home=" . $query['home'])) . "#post-" . $query['id'];
                 }
Example #24
0
            $gquery['level'] += 1;
        }
        // konstanty opravneni
        foreach ($rights_array as $item) {
            define('_loginright_' . $item, $gquery[$item]);
        }
        // zaznamenani casu aktivity (max 1x za 30 sekund)
        if (time() - $uquery['activitytime'] > 30) {
            DB::query("UPDATE `" . _mysql_prefix . "-users` SET activitytime='" . time() . "', ip='" . _userip . "' WHERE id=" . _loginid);
        }
    }
}
if (1 !== $result) {
    // konstanty hosta
    define('_loginid', -1);
    define('_loginname', '');
    define('_loginpublicname', '');
    define('_loginemail', '');
    define('_loginwysiwyg', 0);
    define('_loginlanguage', '');
    define('_logincounter', 0);
    // konstanty skupiny
    $gquery = DB::query_row("SELECT * FROM `" . _mysql_prefix . "-groups` WHERE id=2");
    define('_loginright_group', $gquery['id']);
    define('_loginright_groupname', $gquery['title']);
    foreach ($rights_array as $item) {
        define('_loginright_' . $item, $gquery[$item]);
    }
}
// konstanta pro indikaci prihlaseni
define('_loginindicator', $result);
                 $message = _formMessage(1, $_lang['global.created']);
                 break;
             } else {
                 // ulozeni
                 DB::query('UPDATE `' . _mysql_prefix . '-redir` SET old=\'' . DB::esc($q['old']) . '\',new=\'' . DB::esc($q['new']) . '\',active=' . $q['active'] . ' WHERE id=' . $edit_id);
                 $message = _formMessage(1, $_lang['global.saved']);
             }
         }
         // nacteni dat
         if ($new) {
             if (!isset($q)) {
                 $q = array();
             }
             $q += array('id' => null, 'old' => '', 'new' => '', 'active' => '1');
         } else {
             $q = DB::query_row('SELECT * FROM `' . _mysql_prefix . '-redir` WHERE id=' . $edit_id);
             if ($q === false) {
                 break;
             }
         }
         // formular
         $output .= $message . "\n<form action='' method='post'>\n<table class='formtable'>\n\n<tr>\n    <td class='rpad'><strong>" . $_lang['admin.content.redir.old'] . "</strong></td>\n    <td><input type='text' name='old' value='" . $q['old'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n    <td class='rpad'><strong>" . $_lang['admin.content.redir.new'] . "</strong></td>\n    <td><input type='text' name='new' value='" . $q['new'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n    <td class='rpad'><strong>" . $_lang['admin.content.redir.act'] . "</strong></td>\n    <td><input type='checkbox' name='act' value='1'" . _checkboxActivate($q['active']) . " /></td>\n</tr>\n\n<tr>\n    <td></td>\n    <td><input type='submit' value='" . $_lang['global.' . ($new ? 'create' : 'save')] . "' /></td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>";
     } while (false);
 } elseif (isset($_GET['del']) && _xsrfCheck(true)) {
     // smazani
     DB::query('DELETE FROM `' . _mysql_prefix . '-redir` WHERE id=' . intval($_GET['del']));
     $output .= _formMessage(1, $_lang['global.done']);
 } elseif (isset($_GET['wipe'])) {
     // smazani vsech
     if (isset($_POST['wipe_confirm'])) {
         DB::query('TRUNCATE TABLE `' . _mysql_prefix . '-redir`');
Example #26
0
     }
     // formular
     if (isset($message)) {
         $module .= $message . "\n";
     }
     $module .= "<form action='' method='post' name='newmsg'" . _jsCheckForm('newmsg', array('receiver')) . ">\n<table>\n\n<tr>\n    <td><strong>" . $_lang['mod.messages.receiver'] . "</strong></td>\n    <td><input type='text' name='receiver' class='inputsmall' maxlength='24'" . _restorePostValue("receiver", _get('receiver')) . " /></td>\n</tr>\n\n<tr>\n    <td><strong>" . $_lang['posts.subject'] . "</strong></td>\n    <td><input type='text' name='subject' class='inputsmall' maxlength='22'" . _restorePostValue("subject", _get('subject')) . " /></td>\n</tr>\n\n<tr class='valign-top'>\n    <td><strong>" . $_lang['mod.messages.message'] . "</strong></td>\n    <td><textarea name='text' class='areamedium' rows='5' cols='33'>" . _restorePostValue("text", null, true) . "</textarea></td>\n</tr>\n\n<tr>\n    <td></td>\n    <td><input type='submit' value='" . $_lang['global.send'] . "' />" . _getPostFormControls('newmsg', 'text') . "</td>\n</tr>\n\n</table>\n\n" . _jsLimitLength(16384, 'newmsg', 'text') . "\n\n" . _xsrfProtect() . "</form>\n";
     break;
     /* ---  vypis  --- */
 /* ---  vypis  --- */
 default:
     // cteni vzkazu
     if (isset($_GET['read'])) {
         // promenne
         $id = intval($_GET['read']);
         // nacist data
         $q = DB::query_row('SELECT pm.*,post.subject,post.time FROM `' . _mysql_prefix . '-pm` AS pm JOIN `' . _mysql_prefix . '-posts` AS post ON (post.type=6 AND post.home=pm.id AND post.xhome=-1) WHERE pm.id=' . $id . ' AND (sender=' . _loginid . ' AND sender_deleted=0 OR receiver=' . _loginid . ' AND receiver_deleted=0)');
         if ($q === false) {
             $module .= _formMessage(3, $_lang['global.badinput']);
             break;
         }
         // titulek
         $mod_title = 'mod.messages.read';
         // stavy
         $locked = $q['sender_deleted'] || $q['receiver_deleted'];
         list($role, $role_other) = $q['sender'] == _loginid ? array('sender', 'receiver') : array('receiver', 'sender');
         // citace neprectenych zprav
         $counter = DB::result(DB::query('SELECT COUNT(*) FROM `' . _mysql_prefix . '-posts` WHERE home=' . $q['id'] . ' AND type=6 AND time>' . $q[$role_other . '_readtime']), 0);
         $counter_s = array('', '');
         $counter_s[$role === 'sender' ? 1 : 0] = ' (' . $counter . ')';
         // vystup
         require_once _indexroot . 'require/functions-posts.php';
Example #27
0
if (!_loginindicator) {
    if (_xsrfCheck()) {
        if (_iplogCheck(1)) {
            // nacteni promennych
            $username = DB::esc($_POST['username']);
            $email = strpos($_POST['username'], '@') !== false;
            $password = $_POST['password'];
            $persistent = _checkboxLoad('persistent');
            // nalezeni uzivatele
            $query = DB::query("SELECT * FROM `" . _mysql_prefix . "-users` WHERE `" . ($email ? 'email' : 'username') . "`='" . $username . "'" . (!$email && $username !== '' ? ' OR publicname=\'' . $username . '\'' : ''));
            if (DB::size($query) != 0) {
                $query = DB::row($query);
                if (empty($username)) {
                    $username = $query['username'];
                }
                $groupblock = DB::query_row("SELECT blocked FROM `" . _mysql_prefix . "-groups` WHERE id=" . $query['group']);
                if ($query['blocked'] == 0 and $groupblock['blocked'] == 0) {
                    if (_md5Salt($password, $query['salt']) == $query['password']) {
                        // navyseni poctu prihlaseni
                        DB::query("UPDATE `" . _mysql_prefix . "-users` SET logincounter=logincounter+1 WHERE id=" . $query['id']);
                        // zaslani cookie pro stale prihlaseni
                        if ($persistent) {
                            $persistent_cookie_data = array();
                            $persistent_cookie_data[] = $query['id'];
                            $persistent_cookie_data[] = $ipbound ? '1' : '0';
                            $persistent_cookie_data[] = _md5HMAC($query['password'] . '$' . $query['email'], $ipbound ? _userip : _sessionprefix);
                            setcookie(_sessionprefix . "persistent_key", implode('$', $persistent_cookie_data), time() + 2592000, "/");
                        }
                        // ulozeni dat pro session
                        $_SESSION[_sessionprefix . "user"] = $query['id'];
                        $_SESSION[_sessionprefix . "password"] = $query['password'];
Example #28
0
if (!defined('_core')) {
    exit;
}
// vystup
$title = $query['title'];
// odkazani podle ID
if ($query['content'] !== '') {
    if (mb_substr($query['content'], 0, 1) == "*") {
        // stranka
        $lid = intval(mb_substr($query['content'], 1));
        $query['content'] = "";
        $rootdata = DB::query_row("SELECT id,title_seo FROM `" . _mysql_prefix . "-root` WHERE id=" . $lid);
        if ($rootdata !== false) {
            $query['content'] = _linkRoot($rootdata['id'], $rootdata['title_seo']);
        }
    } else {
        // clanek
        if (mb_substr($query['content'], 0, 1) == "%") {
            $lid = intval(mb_substr($query['content'], 1));
            $query['content'] = "";
            $artdata = DB::query_row("SELECT art.id,art.title_seo,cat.title_seo AS cat_title_seo FROM `" . _mysql_prefix . "-articles` AS art JOIN `" . _mysql_prefix . "-root` AS cat ON(cat.id=art.home1) WHERE art.id=" . $lid);
            if ($artdata !== false) {
                $query['content'] = _linkArticle($artdata['id'], $artdata['title_seo']);
            }
        }
    }
}
// aktivace presmerovani
if ($query['content'] != "") {
    define('_redirect_to', $query['content']);
}
Example #29
0
<?php

/*
 * FIO invoices - API
 * Automatizace zaplacenych faktur 
 * Author <smetka.net>
*/
$ip = "IP ADRESS SERVER";
$fio_token = "FIO TOKEN API";
if ($_SERVER["REMOTE_ADDR"] === $ip) {
    $xml = simplexml_load_file("https://www.fio.cz/ib_api/rest/periods/{$fio_token}/" . date("Y-m-d", strtotime("-2 month")) . "/" . date("Y-m-d") . "/transactions.xml");
    $items = $xml->TransactionList->Transaction;
    foreach ($items as $key => $value) {
        $final_price = $value->column_1;
        $vs = $value->column_5;
        $update = DB::query_row("SELECT vs, final_price, confirm FROM table WHERE confirm='0' AND vs='{$vs}' AND final_price='{$final_price}'");
        if ($update) {
            // E.g. sending a notification email
        }
    }
}
 /**
  * Sestavit a provest dotaz na cestu
  * @param  array    $columns
  * @param  int      $nodeId
  * @param  int|null $nodeLevel
  * @return array
  */
 public function loadPath(array $columns, $nodeId, $nodeLevel = null)
 {
     // zjistit uroven uzlu
     if (null === $nodeLevel) {
         $nodeLevel = DB::query_row('SELECT ' . $this->levelColumn . ' FROM `' . $this->table . '` WHERE ' . $this->idColumn . '=' . DB::val($nodeId));
         if (false === $nodeLevel) {
             throw new RuntimeException(sprintf('Neexistujici uzel "%s"', $nodeId));
         }
         $nodeLevel = $nodeLevel[$this->levelColumn];
     }
     // pripravit sloupce
     $columns = array_merge(array($this->idColumn, $this->parentColumn, $this->levelColumn, $this->depthColumn), $columns);
     $columnCount = sizeof($columns);
     // sestavit dotaz
     $sql = 'SELECT ';
     for ($i = 0; $i <= $nodeLevel; ++$i) {
         for ($j = 0; $j < $columnCount; ++$j) {
             if (0 !== $i || 0 !== $j) {
                 $sql .= ',';
             }
             $sql .= 'n' . $i . '.' . $columns[$j];
         }
     }
     $sql .= ' FROM `' . $this->table . '` n0';
     for ($i = 1; $i <= $nodeLevel; ++$i) {
         $sql .= sprintf(_nl . ' JOIN `%s` n%s ON(n%2$s.%s=n%s.%s)', $this->table, $i, $this->idColumn, $i - 1, $this->parentColumn);
     }
     $sql .= ' WHERE n0.' . $this->idColumn . '=' . DB::val($nodeId);
     // nacist uzly
     $nodes = array();
     $nodeIndex = 0;
     $query = DB::query($sql);
     $row = DB::rown($query);
     for ($i = $nodeLevel * $columnCount; isset($row[$i]); $i -= $columnCount) {
         for ($j = 0; $j < $columnCount; ++$j) {
             $nodes[$nodeIndex][$columns[$j]] = $row[$i + $j];
         }
         ++$nodeIndex;
     }
     DB::free($query);
     return $nodes;
 }