if (_iplogCheck(1)) {
// nacteni promennych
$username = DB::esc($_POST['username']);
$email = strpos($_POST['username'], '@') !== false;
$password = $_POST['password'];
$persistent = _checkboxLoad('persistent');
// nalezeni uzivatele
$query = DB::query("SELECT * FROM `" . _mysql_prefix . "-users` WHERE `" . ($email ? 'email' : 'username') . "`='" . $username . "'" . (!$email && $username !== '' ? ' OR publicname=\'' . $username . '\'' : ''));
if (DB::size($query) != 0) {
$query = DB::row($query);
if (empty($username)) {
$username = $query['username'];
}
$groupblock = DB::query_row("SELECT blocked FROM `" . _mysql_prefix . "-groups` WHERE id=" . $query['group']);
if ($query['blocked'] == 0 and $groupblock['blocked'] == 0) {
if (_md5Salt($password, $query['salt']) == $query['password']) {
// navyseni poctu prihlaseni
DB::query("UPDATE `" . _mysql_prefix . "-users` SET logincounter=logincounter+1 WHERE id=" . $query['id']);
// zaslani cookie pro stale prihlaseni
if ($persistent) {
$persistent_cookie_data = array();
$persistent_cookie_data[] = $query['id'];
$persistent_cookie_data[] = $ipbound ? '1' : '0';
$persistent_cookie_data[] = _md5HMAC($query['password'] . '$' . $query['email'], $ipbound ? _userip : _sessionprefix);
setcookie(_sessionprefix . "persistent_key", implode('$', $persistent_cookie_data), time() + 2592000, "/");
}
// ulozeni dat pro session
$_SESSION[_sessionprefix . "user"] = $query['id'];
$_SESSION[_sessionprefix . "password"] = $query['password'];
$_SESSION[_sessionprefix . "ip"] = _userip;
$_SESSION[_sessionprefix . "ipbound"] = $ipbound;
// uzivatelske jmeno and otisk
$badlink = false;
$userdata = DB::query("SELECT id,email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($userdata) == 0) {
$errors[] = $_lang['mod.lostpass.badlink'];
$badlink = true;
} else {
$userdata = DB::row($userdata);
if ($hash != md5($userdata['email'] . $userdata['salt'] . $userdata['password'])) {
$errors[] = $_lang['mod.lostpass.badlink'];
$badlink = true;
}
}
// zmena a odeslani emailu nebo vypis chyb
if (count($errors) == 0) {
$newpass = _md5Salt(_wordGen());
$text_tags = array("*domain*", "*username*", "*newpass*", "*date*", "*ip*");
$text_contents = array(_getDomain(), $userdata['username'], $newpass[2], _formatTime(time()), _userip);
if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text2']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) {
DB::query("UPDATE `" . _mysql_prefix . "-users` SET password='******', salt='" . $newpass[1] . "' WHERE id=" . $userdata['id']);
$module .= _formMessage(1, $_lang['mod.lostpass.generated']);
} else {
$module .= _formMessage(3, $_lang['hcm.mailform.msg.failure2']);
}
$done = true;
} else {
$module .= _formMessage(2, _eventList($errors, "errors"));
if ($badlink) {
_iplogUpdate(1);
}
}
} else {
$errors[] = $_lang['global.avatar'] . ' - ' . $avatarError;
}
}
}
// password
$passwordchange = false;
if ($_POST['currentpassword'] != "" or $_POST['newpassword'] != "" or $_POST['newpassword-confirm'] != "") {
$currentpassword = _md5Salt($_POST['currentpassword'], $query['salt']);
$newpassword = $_POST['newpassword'];
$newpassword_confirm = $_POST['newpassword-confirm'];
if ($currentpassword == $query['password']) {
if ($newpassword == $newpassword_confirm) {
if ($newpassword != "") {
$passwordchange = true;
$newpassword = _md5Salt($newpassword);
} else {
$errors[] = $_lang['mod.settings.error.badnewpass'];
}
} else {
$errors[] = $_lang['mod.settings.error.newpassnosame'];
}
} else {
$errors[] = $_lang['mod.settings.error.badcurrentpass'];
}
}
// note
$note = DB::esc(_htmlStr(_wsTrim(mb_substr($_POST['note'], 0, 1024))));
// language
if (_language_allowcustom) {
$language = DB::esc(_anchorStr($_POST['language'], false));
if (mb_strlen($username) > 24) {
$username = mb_substr($username, 0, 24);
}
$username = DB::esc(_anchorStr($username, false));
if ($username == "") {
$errors[] = $_lang['admin.users.edit.badusername'];
} elseif (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-users` WHERE username='******' OR publicname='" . $username . "'"), 0) != 0) {
$errors[] = $_lang['admin.users.edit.userexists'];
}
$password = $_POST['password'];
$password2 = $_POST['password2'];
if ($password != $password2) {
$errors[] = $_lang['mod.reg.nosame'];
}
if ($password != "") {
$password = _md5Salt($password);
} else {
$errors[] = $_lang['mod.reg.passwordneeded'];
}
$email = DB::esc(trim($_POST['email']));
if (!_validateEmail($email)) {
$errors[] = $_lang['admin.users.edit.bademail'];
}
if (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-users` WHERE email='" . $email . "'"), 0) != 0) {
$errors[] = $_lang['admin.users.edit.emailexists'];
}
if (!_captchaCheck()) {
$errors[] = $_lang['captcha.failure'];
}
$massemail = _checkboxLoad('massemail');
if (_registration_grouplist and isset($_POST['group'])) {
function _tmp_installer_install()
{
global $_lang, $self, $is_clean;
// krok
static $steps = 3;
if (isset($_POST['step'])) {
$step = intval($_POST['step']);
if ($step < 1 || $step > $steps) {
$step = 1;
}
} else {
$step = 1;
}
$fname = basename(__FILE__);
if (!empty($_POST)) {
echo '<a href="./' . $fname . '" id="cancelink">' . $_lang['global.cancel'] . '</a>';
}
?>
<h2><?php
echo str_replace(array('*step*', '*steps*', '*name*'), array($step, $steps, $_lang['step.' . $step]), $_lang['install']);
?>
</h2>
<form action="./<?php
echo $fname;
?>
" method="post" name="instform" autocomplete="off">
<?php
switch ($step) {
// kontrola
case 1:
if (isset($_POST['check'])) {
// nacteni a kontrola existence souboru
$a_files = $self->listFilesOnPath('/files/');
$conflicts = array();
$counter = 0;
$err_limit = 10;
for ($i = 0; isset($a_files[$i]); ++$i) {
$path = './' . substr($a_files[$i], 7);
if (file_exists($path)) {
++$counter;
if ($counter <= $err_limit) {
$conflicts[] = str_replace('*path*', $path, $_lang['step.1.err.file']);
}
}
}
if ($counter > $err_limit) {
$conflicts[] = str_replace('*n*', $counter - $err_limit, $_lang['step.1.err.file.etc']);
}
// zprava nebo pokracovani
if (empty($conflicts)) {
// vse je ok
$step = 2;
echo '<p class="green center">' . $_lang['step.1.ok'] . '</p>';
echo '<p class="center"><input type="submit" value="' . $_lang['global.continue'] . '"></p>';
break;
} else {
// jsou chyby
echo '<p class="red">' . $_lang['step.1.err'] . ':</p>';
echo "<ul>\n";
for ($i = 0; isset($conflicts[$i]); ++$i) {
echo "<li>" . $conflicts[$i] . "</li>\n";
}
echo "</ul>";
}
}
echo '<p class="center"><input type="submit" name="check" value="' . $_lang['step.1.submit'] . '"></p>';
break;
// konfigurace & instalace
// konfigurace & instalace
case 2:
case 3:
// navrat z kroku 3
if (isset($_POST['return_to_cfg'])) {
$step = 2;
unset($_POST['return_to_cfg']);
}
// instalace
$install = $step == 3;
if (isset($_POST['sys_url'])) {
// zpracovat url
$_POST['sys_url'] = _removeSlashesFromEnd($_POST['sys_url']);
// kontroly
$err = null;
do {
// prefix
$prefix = trim($_POST['db_prefix']);
if ($prefix === '') {
$err = str_replace('*input*', $_lang['step.2.db.prefix'], $_lang['step.2.err.empty']);
break;
}
// ucet administratora
$_POST['admin_name'] = _anchorStr(trim($_POST['admin_name']), false);
$_POST['admin_email'] = trim($_POST['admin_email']);
// pouze pro cistou instalaci
if ($is_clean) {
// vynutit ucet administratora
if ($_POST['admin_name'] === '') {
$err = str_replace('*input*', $_lang['step.2.admin.name'], $_lang['step.2.err.empty']);
break;
}
if ($_POST['admin_pwd'] === '') {
$err = str_replace('*input*', $_lang['step.2.admin.pwd'], $_lang['step.2.err.empty']);
break;
}
if ($_POST['admin_email'] === '' || $_POST['admin_email'] === '@') {
$err = str_replace('*input*', $_lang['step.2.admin.email'], $_lang['step.2.err.empty']);
break;
}
// titulek stranek
$_POST['sys_title'] = trim($_POST['sys_title']);
if ($_POST['sys_title'] === '') {
$err = str_replace('*input*', $_lang['step.2.sys.title'], $_lang['step.2.err.empty']);
break;
}
// popis, klicova slova
$_POST['sys_descr'] = trim($_POST['sys_descr']);
$_POST['sys_kwrds'] = trim($_POST['sys_kwrds']);
}
// email administratora
if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@' && !_validateEmail($_POST['admin_email'])) {
$err = $_lang['step.2.err.admin.email'];
break;
}
// heslo administratora
if ($_POST['admin_pwd'] !== '' && $_POST['admin_pwd'] !== $_POST['admin_pwd2']) {
$err = $_lang['step.2.err.admin.pwd'];
break;
}
// DB port
$server = $_POST['db_server'];
if (false !== ($serverColonPos = strpos($server, ':'))) {
$port = (int) substr($server, $serverColonPos + 1);
$server = substr($server, 0, $serverColonPos);
} else {
$port = ini_get('mysqli.default_port');
}
// pripojeni
$con = @mysqli_connect($server, $_POST['db_user'], $_POST['db_pwd'], $_POST['db_name'], $port);
if (!is_object($con)) {
$err = $_lang['step.2.err.con'] . '<br><code>' . _htmlStr(mysqli_connect_error()) . '</code>';
break;
}
// kodovani a konstanty
DB::$con = $con;
DB::$con->set_charset('utf8');
DB::query('SET sql_mode=\'\'');
define('_mysql_prefix', $prefix);
// existence tabulek
$prefix = DB::esc($prefix);
$q = DB::query('SHOW TABLES LIKE \'' . $prefix . '-%\'');
$tables = array();
while ($r = DB::rown($q)) {
$tables[] = $r[0];
}
if (!empty($tables) && !isset($_POST['db_overwrite'])) {
$err = $_lang['step.2.err.tables'] . ':<br><br>• ' . implode("<br>\n• ", $tables);
break;
}
// vse ok
if ($install) {
if (!isset($_POST['do_install'])) {
// potvrzeni
echo _getPostdata(false, null, array('step'));
echo '<p class="green center">' . $_lang['step.3.text'] . '</p>';
echo '<p class="center">
<input type="submit" name="do_install" value="' . $_lang['step.3.submit'] . '" onclick="if (window.sl_install_process) return false; else {window.sl_install_process = true; this.value=\'' . $_lang['step.3.wait'] . '\'}">
<input type="submit" name="return_to_cfg" value="' . $_lang['step.3.return'] . '">
</p>';
} else {
// provedeni
$err = null;
try {
// rozbalit soubory
$self->extractFiles('./', '/files/', false, true, array($self->vars['void']));
// vytvorit konfiguracni soubor
global $cfg_locale, $cfg_timezone;
file_put_contents('./config.php', str_replace(array('/* @@@server@@@ */', '/* @@@user@@@ */', '/* @@@password@@@ */', '/* @@@database@@@ */', '/* @@@prefix@@@ */', '/* @@@locale@@@ */', '/* @@@timezone@@@ */'), array(var_export($_POST['db_server'], true), var_export($_POST['db_user'], true), var_export($_POST['db_pwd'], true), var_export($_POST['db_name'], true), var_export($prefix, true), var_export($cfg_locale, true), var_export($cfg_timezone, true)), $self->getFile('/files/data/installer/config.php.tpl')));
// smazat tabulky z databaze?
if (!empty($tables)) {
for ($i = 0; isset($tables[$i]); ++$i) {
DB::query('DROP TABLE `' . $tables[$i] . '`', true);
if (($sql_err = DB::error()) !== '') {
throw new _InstallException($_lang['step.3.err.drop'] . '<br><code>' . $sql_err . '</code>');
}
}
}
// deaktivovat kontrolu verze
function _checkVersion()
{
return true;
}
// vytvorit strukturu databaze
$dbdump = new DBDump();
$dbdump->importTables($self->getFile('/database/struct'));
// nacist data
$data_stream = $self->getFileStream('/database/data');
$dbdump->importData($data_stream);
$data_stream->free();
// aktualizovat url
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val($_POST['sys_url']) . ' WHERE `var`=\'url\'');
// vypnout mod rewrite pokud neexistuje .htaccess
if (!file_exists(_indexroot . '.htaccess')) {
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=0 WHERE `var`=\'modrewrite\'');
}
// upravit ucet administratora
$admin_upd = array();
if ($_POST['admin_name'] !== '') {
$admin_upd['username'] = $_POST['admin_name'];
if (!$is_clean) {
$admin_upd['publicname'] = '';
}
}
if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@') {
$admin_upd['email'] = $_POST['admin_email'];
}
if ($_POST['admin_pwd'] !== '') {
$admin_pwd = _md5Salt($_POST['admin_pwd']);
$admin_upd['password'] = $admin_pwd[0];
$admin_upd['salt'] = $admin_pwd[1];
}
if ($is_clean) {
$admin_upd['registertime'] = time();
$admin_upd['activitytime'] = time();
}
if (!empty($admin_upd)) {
$admin_upd_sql = '';
$counter = 0;
foreach ($admin_upd as $col => $val) {
if ($counter !== 0) {
$admin_upd_sql .= ',';
}
$admin_upd_sql .= '`' . $col . '`=' . DB::val($val);
++$counter;
}
DB::query('UPDATE `' . $prefix . '-users` SET ' . $admin_upd_sql . ' WHERE id=0');
}
// aktualizovat titulek, klic. slova a popis
if ($is_clean) {
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_title'])) . ' WHERE `var`=\'title\'');
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_kwrds'])) . ' WHERE `var`=\'keywords\'');
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_descr'])) . ' WHERE `var`=\'description\'');
}
// vypnout mod_rewrite
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'0\' WHERE `var`=\'mod_rewrite\'');
// vynutit kontrolu instalace
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'1\' WHERE `var`=\'install_check\'');
} catch (_InstallException $e) {
$err = $e->getMessage();
} catch (Exception $e) {
$err = _htmlStr($e->getMessage());
}
// uspech ci chyba
if (isset($err)) {
echo '<p class="red">' . $err . '</p>';
echo '<p class="red">' . $_lang['step.3.err.warning'] . '</p>';
} else {
echo '<p class="green center">' . str_replace('*fname*', $fname, $_lang['step.3.fin']) . '</p>';
}
}
break 2;
} else {
$step = 3;
echo '<p class="green center">' . $_lang['step.2.ok'] . '</p>';
}
} while (false);
// chyba
if (isset($err)) {
echo '<p class="red">' . $err . '</p>';
}
}
?>
<table>
<thead><th colspan="2"><?php
echo $_lang['step.2.sys'];
?>
</th></thead>
<tbody>
<tr>
<th><?php
echo $_lang['step.2.sys.url'];
?>
</th>
<td><input type="text" name="sys_url"<?php
echo _restorePostValue('sys_url');
?>
></td>
</tr>
<?php
if ($is_clean) {
?>
<tr>
<th><?php
echo $_lang['step.2.sys.title'];
?>
</th>
<td><input type="text" name="sys_title"<?php
echo _restorePostValue('sys_title');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.sys.descr'];
?>
</th>
<td><input type="text" name="sys_descr"<?php
echo _restorePostValue('sys_descr');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.sys.kwrds'];
?>
</th>
<td><input type="text" name="sys_kwrds"<?php
echo _restorePostValue('sys_kwrds');
?>
></td>
</tr>
<?php
}
?>
</tbody>
</table>
<script type="text/javascript">
// predvyplneni adresy
if (document.instform.sys_url.value === '') {
var loc = new String(document.location);
var slash;
var slash_last = 0;
var limit = 0;
while (true) {
slash = loc.indexOf('/', slash_last);
if (slash === -1) break;
slash_last = slash + 1;
}
loc = loc.substr(0, slash_last);
document.instform.sys_url.value = loc;
}
</script>
<table>
<thead>
<tr><th colspan="2"><?php
echo $_lang['step.2.admin'];
?>
</th></tr>
<?php
if (!$is_clean) {
?>
<tr><th colspan="2"><small><?php
echo $_lang['step.2.admin.notice'];
?>
</small></th></tr><?php
}
?>
</thead>
<tbody>
<tr>
<th><?php
echo $_lang['step.2.admin.name'];
?>
</th>
<td><input type="text" maxlength="24" name="admin_name"<?php
echo _restorePostValue('admin_name');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.admin.email'];
?>
</th>
<td><input type="text" maxlength="100" name="admin_email"<?php
echo _restorePostValue('admin_email', $is_clean ? '@' : null);
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.admin.pwd'];
?>
</th>
<td><input type="password" name="admin_pwd"<?php
echo _restorePostValue('admin_pwd');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.admin.pwd2'];
?>
</th>
<td><input type="password" name="admin_pwd2"<?php
echo _restorePostValue('admin_pwd2');
?>
></td>
</tr>
</tbody>
</table>
<table>
<thead><tr><th colspan="2"><?php
echo $_lang['step.2.db'];
?>
</th></tr></thead>
<tbody>
<tr>
<th><?php
echo $_lang['step.2.db.server'];
?>
</th>
<td><input type="text" name="db_server"<?php
echo _restorePostValue('db_server', 'localhost');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.name'];
?>
</th>
<td><input type="text" name="db_name"<?php
echo _restorePostValue('db_name');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.user'];
?>
</th>
<td><input type="text" name="db_user"<?php
echo _restorePostValue('db_user');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.pwd'];
?>
</th>
<td><input type="password" name="db_pwd"<?php
echo _restorePostValue('db_pwd');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.prefix'];
?>
</th>
<td><input type="text" maxlength="24" name="db_prefix"<?php
echo _restorePostValue('db_prefix', 'sunlight');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.tables'];
?>
</th>
<td><label><input type="checkbox" name="db_overwrite"<?php
echo _checkboxActivate(isset($_POST['db_overwrite']));
?>
value="1" onchange="if (this.checked && !confirm('<?php
echo $_lang['step.2.db.tables.overwrite.confirm'];
?>
')) this.checked = false"> <?php
echo $_lang['step.2.db.tables.overwrite'];
?>
</label></td>
</tr>
</tbody>
</table>
<p class="center"><input type="submit" value="<?php
echo $_lang[$step != 3 ? 'step.2.submit' : 'global.continue'];
?>
"></p>
<?php
//<p class="warning"><?php echo $_lang['step.2.warning']</p>
break;
}
?>
<input type="hidden" name="step" value="<?php
echo $step;
?>
">
</form>
<?php
}
foreach ($prev_count as $key => $val) {
$message .= "<li><strong>" . $_lang[$key] . ":</strong> <code>" . $val . "</code></li>\n";
}
$message .= "</ul>";
} else {
$message = _formMessage(1, $_lang['global.done']);
}
break;
// deinstalace
// deinstalace
case 2:
$pass = $_POST['pass'];
$confirm = _checkboxLoad("confirm");
if ($confirm) {
$right_pass = DB::query_row("SELECT password,salt FROM `" . _mysql_prefix . "-users` WHERE id=0");
if (_md5Salt($pass, $right_pass['salt']) == $right_pass['password']) {
// ziskani tabulek
$tables = array();
$q = DB::query('SHOW TABLES LIKE \'' . _mysql_prefix . '-%\'');
while ($r = DB::rown($q)) {
$tables[] = $r[0];
}
// odstraneni tabulek
foreach ($tables as $table) {
DB::query("DROP TABLE `" . $table . "`");
}
// zprava
_userLogout();
echo "<h1>" . $_lang['global.done'] . "</h1>\n<p>" . $_lang['admin.other.cleanup.uninstall.done'] . "</p>";
exit;
} else {
if (!_validateEmail($email)) {
$errors[] = "E-mailová adresa není platná.";
}
// instalace
if (count($errors) == 0) {
// smazani existujicich tabulek
if ($rewrite) {
$tables = array('articles', 'boxes', 'groups', 'images', 'iplog', 'pm', 'polls', 'posts', 'root', 'sboxes', 'settings', 'users', 'user-activation', 'redir');
foreach ($tables as $table) {
DB::query("DROP TABLE IF EXISTS `" . _mysql_prefix . "-" . $table . "`");
}
}
// vypnuti auto_incrementu pri nulovych hodnotach
DB::query('SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"');
// vytvoreni nove struktury
$pass = _md5Salt($pass);
$url = DB::esc(_htmlStr($url));
$email = DB::esc($email);
require 'data.php';
// zprava
if ($sql_error == false) {
$msg = "<font style='color:green;'>Zdá se, že databáze byla úspěšně nainstalována. Smažte adresář <em>install</em> ze serveru.</font>";
} else {
$msg = "Během vyhodnocování SQL dotazů nastala chyba:<hr />" . _htmlStr($sql_error) . '<hr />SQL dotaz:<br />' . _htmlStr($line);
}
} else {
$msg = _eventList($errors);
}
}
/* -- zprava -- */
if ($msg != "") {