$receiver = $_SESSION[$skey];
unset($_SESSION[$skey], $skey);
} else {
die($_lang['global.badinput']);
}
// casove omezeni
if (_iplogCheck(5)) {
_iplogUpdate(5);
} else {
// prekroceno
echo str_replace('*postsendexpire*', _postsendexpire, $_lang['misc.requestlimit']);
die;
}
// odeslani
if (_xsrfCheck()) {
if (_validateEmail($sender) and $text != "" and _captchaCheck()) {
// pridani informacniho textu do tela
$info_ip = _userip;
if (_loginindicator) {
$info_ip .= ' (' . _loginname . ')';
}
$info_from = array("*domain*", "*time*", "*ip*", "*sender*");
$info_to = array(_getDomain(), _formatTime(time()), $info_ip, $sender);
$text .= "\n\n" . str_repeat("-", 16) . "\n" . str_replace($info_from, $info_to, $_lang['hcm.mailform.info']);
// prilozeni souboru
if (isset($_FILES['att']['tmp_name']) and is_uploaded_file($_FILES['att']['tmp_name'])) {
$att = true;
$att_name = $_FILES['att']['name'];
$att_tmpname = $_FILES['att']['tmp_name'];
$att_content = @file_get_contents($att_tmpname);
$att_content = @chunk_split(@base64_encode($att_content));
}
}
// send error to our error function
if (isset($missing_field_list)) {
print_error($missing_field_list, "missing");
}
}
/**
* Validate email fields
*/
if (isset($EMAIL) || isset($email)) {
$email = trim($email);
if (isset($EMAIL)) {
$email = trim($EMAIL);
}
if (_validateEmail($email) === FALSE) {
print_error("<li>your <b>email address</b>: {$email} - is invalid</li>");
}
}
if (!isset($email)) {
$email = $recipient;
}
/**
* Validate Zipcode or Postal Code
*/
if (isset($ZIP_CODE) || isset($zip_code)) {
$zip_code = trim($zip_code);
if (isset($ZIP_CODE)) {
$zip_code = trim($ZIP_CODE);
}
if (!ereg("(^[0-9]{5})-([0-9]{4}\$)", trim($zip_code)) && !ereg("^[a-zA-Z][0-9][a-zA-Z][[:space:]][0-9][a-zA-Z][0-9]\$", trim($zip_code)) && !ereg("(^[0-9]{5})", trim($zip_code))) {
$receivers = array();
}
$ctype = $_POST['ctype'];
$maillist = _checkboxLoad("maillist");
// kontrola promennych
$errors = array();
if ($text == "" and !$maillist) {
$errors[] = $_lang['admin.other.massemail.notext'];
}
if (count($receivers) == 0) {
$errors[] = $_lang['admin.other.massemail.noreceivers'];
}
if ($subject == "" and !$maillist) {
$errors[] = $_lang['admin.other.massemail.nosubject'];
}
if (!_validateEmail($sender) and !$maillist) {
$errors[] = $_lang['admin.other.massemail.badsender'];
}
if (count($errors) == 0) {
// sestaveni casti sql dotazu - 'where'
$groups = _sqlWhereColumn("`group`", implode("-", $receivers));
// hlavicky
$headers = "Content-Type: " . ($ctype == 1 ? 'text/plain' : 'text/html') . "; charset=UTF-8\n" . (_mailerusefrom ? "From: " . mb_substr($sender, 0, mb_strpos($sender, "@")) . " <" . $sender . ">" : "Reply-To: " . $sender . "") . "\n";
// nacteni prijemcu
$query = DB::query("SELECT email FROM `" . _mysql_prefix . "-users` WHERE massemail=1 AND (" . $groups . ")");
// odeslani nebo zobrazeni adres
if (!$maillist) {
// priprava
$rec_buffer = array();
$rec_buffer_size = 20;
$rec_buffer_counter = 0;
$icq = intval(str_replace("-", "", $_POST['icq']));
// skype
$skype = trim($_POST['skype']);
if ($skype != "" and !preg_match('|[a-zA-Z0-9._-]{6,62}|', $skype)) {
$errors[] = $_lang['global.skype.bad'];
}
$skype = DB::esc($skype);
// msn
$msn = trim($_POST['msn']);
if ($msn != "" and !_validateEmail($msn)) {
$errors[] = $_lang['global.msn.bad'];
}
$msn = DB::esc($msn);
// jabber
$jabber = trim($_POST['jabber']);
if ($jabber != "" and !_validateEmail($jabber)) {
$errors[] = $_lang['global.jabber.bad'];
}
$jabber = DB::esc($jabber);
// web
$web = _htmlStr(trim($_POST['web']));
if (mb_strlen($web) > 255) {
$web = mb_substr($web, 0, 255);
}
if ($web != "" and !_validateURL("http://" . $web)) {
$web = "";
} else {
$web = DB::esc($web);
}
// avatar
$avatar = $query['avatar'];
$errors[] = $_lang['admin.users.edit.badusername'];
} elseif (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-users` WHERE username='******' OR publicname='" . $username . "'"), 0) != 0) {
$errors[] = $_lang['admin.users.edit.userexists'];
}
$password = $_POST['password'];
$password2 = $_POST['password2'];
if ($password != $password2) {
$errors[] = $_lang['mod.reg.nosame'];
}
if ($password != "") {
$password = _md5Salt($password);
} else {
$errors[] = $_lang['mod.reg.passwordneeded'];
}
$email = DB::esc(trim($_POST['email']));
if (!_validateEmail($email)) {
$errors[] = $_lang['admin.users.edit.bademail'];
}
if (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-users` WHERE email='" . $email . "'"), 0) != 0) {
$errors[] = $_lang['admin.users.edit.emailexists'];
}
if (!_captchaCheck()) {
$errors[] = $_lang['captcha.failure'];
}
$massemail = _checkboxLoad('massemail');
if (_registration_grouplist and isset($_POST['group'])) {
$group = intval($_POST['group']);
$groupdata = DB::query("SELECT id FROM `" . _mysql_prefix . "-groups` WHERE id=" . $group . " AND blocked=0 AND reglist=1");
if (DB::size($groupdata) == 0) {
$errors[] = $_lang['global.badinput'];
}
function _tmp_installer_install()
{
global $_lang, $self, $is_clean;
// krok
static $steps = 3;
if (isset($_POST['step'])) {
$step = intval($_POST['step']);
if ($step < 1 || $step > $steps) {
$step = 1;
}
} else {
$step = 1;
}
$fname = basename(__FILE__);
if (!empty($_POST)) {
echo '<a href="./' . $fname . '" id="cancelink">' . $_lang['global.cancel'] . '</a>';
}
?>
<h2><?php
echo str_replace(array('*step*', '*steps*', '*name*'), array($step, $steps, $_lang['step.' . $step]), $_lang['install']);
?>
</h2>
<form action="./<?php
echo $fname;
?>
" method="post" name="instform" autocomplete="off">
<?php
switch ($step) {
// kontrola
case 1:
if (isset($_POST['check'])) {
// nacteni a kontrola existence souboru
$a_files = $self->listFilesOnPath('/files/');
$conflicts = array();
$counter = 0;
$err_limit = 10;
for ($i = 0; isset($a_files[$i]); ++$i) {
$path = './' . substr($a_files[$i], 7);
if (file_exists($path)) {
++$counter;
if ($counter <= $err_limit) {
$conflicts[] = str_replace('*path*', $path, $_lang['step.1.err.file']);
}
}
}
if ($counter > $err_limit) {
$conflicts[] = str_replace('*n*', $counter - $err_limit, $_lang['step.1.err.file.etc']);
}
// zprava nebo pokracovani
if (empty($conflicts)) {
// vse je ok
$step = 2;
echo '<p class="green center">' . $_lang['step.1.ok'] . '</p>';
echo '<p class="center"><input type="submit" value="' . $_lang['global.continue'] . '"></p>';
break;
} else {
// jsou chyby
echo '<p class="red">' . $_lang['step.1.err'] . ':</p>';
echo "<ul>\n";
for ($i = 0; isset($conflicts[$i]); ++$i) {
echo "<li>" . $conflicts[$i] . "</li>\n";
}
echo "</ul>";
}
}
echo '<p class="center"><input type="submit" name="check" value="' . $_lang['step.1.submit'] . '"></p>';
break;
// konfigurace & instalace
// konfigurace & instalace
case 2:
case 3:
// navrat z kroku 3
if (isset($_POST['return_to_cfg'])) {
$step = 2;
unset($_POST['return_to_cfg']);
}
// instalace
$install = $step == 3;
if (isset($_POST['sys_url'])) {
// zpracovat url
$_POST['sys_url'] = _removeSlashesFromEnd($_POST['sys_url']);
// kontroly
$err = null;
do {
// prefix
$prefix = trim($_POST['db_prefix']);
if ($prefix === '') {
$err = str_replace('*input*', $_lang['step.2.db.prefix'], $_lang['step.2.err.empty']);
break;
}
// ucet administratora
$_POST['admin_name'] = _anchorStr(trim($_POST['admin_name']), false);
$_POST['admin_email'] = trim($_POST['admin_email']);
// pouze pro cistou instalaci
if ($is_clean) {
// vynutit ucet administratora
if ($_POST['admin_name'] === '') {
$err = str_replace('*input*', $_lang['step.2.admin.name'], $_lang['step.2.err.empty']);
break;
}
if ($_POST['admin_pwd'] === '') {
$err = str_replace('*input*', $_lang['step.2.admin.pwd'], $_lang['step.2.err.empty']);
break;
}
if ($_POST['admin_email'] === '' || $_POST['admin_email'] === '@') {
$err = str_replace('*input*', $_lang['step.2.admin.email'], $_lang['step.2.err.empty']);
break;
}
// titulek stranek
$_POST['sys_title'] = trim($_POST['sys_title']);
if ($_POST['sys_title'] === '') {
$err = str_replace('*input*', $_lang['step.2.sys.title'], $_lang['step.2.err.empty']);
break;
}
// popis, klicova slova
$_POST['sys_descr'] = trim($_POST['sys_descr']);
$_POST['sys_kwrds'] = trim($_POST['sys_kwrds']);
}
// email administratora
if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@' && !_validateEmail($_POST['admin_email'])) {
$err = $_lang['step.2.err.admin.email'];
break;
}
// heslo administratora
if ($_POST['admin_pwd'] !== '' && $_POST['admin_pwd'] !== $_POST['admin_pwd2']) {
$err = $_lang['step.2.err.admin.pwd'];
break;
}
// DB port
$server = $_POST['db_server'];
if (false !== ($serverColonPos = strpos($server, ':'))) {
$port = (int) substr($server, $serverColonPos + 1);
$server = substr($server, 0, $serverColonPos);
} else {
$port = ini_get('mysqli.default_port');
}
// pripojeni
$con = @mysqli_connect($server, $_POST['db_user'], $_POST['db_pwd'], $_POST['db_name'], $port);
if (!is_object($con)) {
$err = $_lang['step.2.err.con'] . '<br><code>' . _htmlStr(mysqli_connect_error()) . '</code>';
break;
}
// kodovani a konstanty
DB::$con = $con;
DB::$con->set_charset('utf8');
DB::query('SET sql_mode=\'\'');
define('_mysql_prefix', $prefix);
// existence tabulek
$prefix = DB::esc($prefix);
$q = DB::query('SHOW TABLES LIKE \'' . $prefix . '-%\'');
$tables = array();
while ($r = DB::rown($q)) {
$tables[] = $r[0];
}
if (!empty($tables) && !isset($_POST['db_overwrite'])) {
$err = $_lang['step.2.err.tables'] . ':<br><br>• ' . implode("<br>\n• ", $tables);
break;
}
// vse ok
if ($install) {
if (!isset($_POST['do_install'])) {
// potvrzeni
echo _getPostdata(false, null, array('step'));
echo '<p class="green center">' . $_lang['step.3.text'] . '</p>';
echo '<p class="center">
<input type="submit" name="do_install" value="' . $_lang['step.3.submit'] . '" onclick="if (window.sl_install_process) return false; else {window.sl_install_process = true; this.value=\'' . $_lang['step.3.wait'] . '\'}">
<input type="submit" name="return_to_cfg" value="' . $_lang['step.3.return'] . '">
</p>';
} else {
// provedeni
$err = null;
try {
// rozbalit soubory
$self->extractFiles('./', '/files/', false, true, array($self->vars['void']));
// vytvorit konfiguracni soubor
global $cfg_locale, $cfg_timezone;
file_put_contents('./config.php', str_replace(array('/* @@@server@@@ */', '/* @@@user@@@ */', '/* @@@password@@@ */', '/* @@@database@@@ */', '/* @@@prefix@@@ */', '/* @@@locale@@@ */', '/* @@@timezone@@@ */'), array(var_export($_POST['db_server'], true), var_export($_POST['db_user'], true), var_export($_POST['db_pwd'], true), var_export($_POST['db_name'], true), var_export($prefix, true), var_export($cfg_locale, true), var_export($cfg_timezone, true)), $self->getFile('/files/data/installer/config.php.tpl')));
// smazat tabulky z databaze?
if (!empty($tables)) {
for ($i = 0; isset($tables[$i]); ++$i) {
DB::query('DROP TABLE `' . $tables[$i] . '`', true);
if (($sql_err = DB::error()) !== '') {
throw new _InstallException($_lang['step.3.err.drop'] . '<br><code>' . $sql_err . '</code>');
}
}
}
// deaktivovat kontrolu verze
function _checkVersion()
{
return true;
}
// vytvorit strukturu databaze
$dbdump = new DBDump();
$dbdump->importTables($self->getFile('/database/struct'));
// nacist data
$data_stream = $self->getFileStream('/database/data');
$dbdump->importData($data_stream);
$data_stream->free();
// aktualizovat url
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val($_POST['sys_url']) . ' WHERE `var`=\'url\'');
// vypnout mod rewrite pokud neexistuje .htaccess
if (!file_exists(_indexroot . '.htaccess')) {
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=0 WHERE `var`=\'modrewrite\'');
}
// upravit ucet administratora
$admin_upd = array();
if ($_POST['admin_name'] !== '') {
$admin_upd['username'] = $_POST['admin_name'];
if (!$is_clean) {
$admin_upd['publicname'] = '';
}
}
if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@') {
$admin_upd['email'] = $_POST['admin_email'];
}
if ($_POST['admin_pwd'] !== '') {
$admin_pwd = _md5Salt($_POST['admin_pwd']);
$admin_upd['password'] = $admin_pwd[0];
$admin_upd['salt'] = $admin_pwd[1];
}
if ($is_clean) {
$admin_upd['registertime'] = time();
$admin_upd['activitytime'] = time();
}
if (!empty($admin_upd)) {
$admin_upd_sql = '';
$counter = 0;
foreach ($admin_upd as $col => $val) {
if ($counter !== 0) {
$admin_upd_sql .= ',';
}
$admin_upd_sql .= '`' . $col . '`=' . DB::val($val);
++$counter;
}
DB::query('UPDATE `' . $prefix . '-users` SET ' . $admin_upd_sql . ' WHERE id=0');
}
// aktualizovat titulek, klic. slova a popis
if ($is_clean) {
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_title'])) . ' WHERE `var`=\'title\'');
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_kwrds'])) . ' WHERE `var`=\'keywords\'');
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_descr'])) . ' WHERE `var`=\'description\'');
}
// vypnout mod_rewrite
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'0\' WHERE `var`=\'mod_rewrite\'');
// vynutit kontrolu instalace
DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'1\' WHERE `var`=\'install_check\'');
} catch (_InstallException $e) {
$err = $e->getMessage();
} catch (Exception $e) {
$err = _htmlStr($e->getMessage());
}
// uspech ci chyba
if (isset($err)) {
echo '<p class="red">' . $err . '</p>';
echo '<p class="red">' . $_lang['step.3.err.warning'] . '</p>';
} else {
echo '<p class="green center">' . str_replace('*fname*', $fname, $_lang['step.3.fin']) . '</p>';
}
}
break 2;
} else {
$step = 3;
echo '<p class="green center">' . $_lang['step.2.ok'] . '</p>';
}
} while (false);
// chyba
if (isset($err)) {
echo '<p class="red">' . $err . '</p>';
}
}
?>
<table>
<thead><th colspan="2"><?php
echo $_lang['step.2.sys'];
?>
</th></thead>
<tbody>
<tr>
<th><?php
echo $_lang['step.2.sys.url'];
?>
</th>
<td><input type="text" name="sys_url"<?php
echo _restorePostValue('sys_url');
?>
></td>
</tr>
<?php
if ($is_clean) {
?>
<tr>
<th><?php
echo $_lang['step.2.sys.title'];
?>
</th>
<td><input type="text" name="sys_title"<?php
echo _restorePostValue('sys_title');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.sys.descr'];
?>
</th>
<td><input type="text" name="sys_descr"<?php
echo _restorePostValue('sys_descr');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.sys.kwrds'];
?>
</th>
<td><input type="text" name="sys_kwrds"<?php
echo _restorePostValue('sys_kwrds');
?>
></td>
</tr>
<?php
}
?>
</tbody>
</table>
<script type="text/javascript">
// predvyplneni adresy
if (document.instform.sys_url.value === '') {
var loc = new String(document.location);
var slash;
var slash_last = 0;
var limit = 0;
while (true) {
slash = loc.indexOf('/', slash_last);
if (slash === -1) break;
slash_last = slash + 1;
}
loc = loc.substr(0, slash_last);
document.instform.sys_url.value = loc;
}
</script>
<table>
<thead>
<tr><th colspan="2"><?php
echo $_lang['step.2.admin'];
?>
</th></tr>
<?php
if (!$is_clean) {
?>
<tr><th colspan="2"><small><?php
echo $_lang['step.2.admin.notice'];
?>
</small></th></tr><?php
}
?>
</thead>
<tbody>
<tr>
<th><?php
echo $_lang['step.2.admin.name'];
?>
</th>
<td><input type="text" maxlength="24" name="admin_name"<?php
echo _restorePostValue('admin_name');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.admin.email'];
?>
</th>
<td><input type="text" maxlength="100" name="admin_email"<?php
echo _restorePostValue('admin_email', $is_clean ? '@' : null);
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.admin.pwd'];
?>
</th>
<td><input type="password" name="admin_pwd"<?php
echo _restorePostValue('admin_pwd');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.admin.pwd2'];
?>
</th>
<td><input type="password" name="admin_pwd2"<?php
echo _restorePostValue('admin_pwd2');
?>
></td>
</tr>
</tbody>
</table>
<table>
<thead><tr><th colspan="2"><?php
echo $_lang['step.2.db'];
?>
</th></tr></thead>
<tbody>
<tr>
<th><?php
echo $_lang['step.2.db.server'];
?>
</th>
<td><input type="text" name="db_server"<?php
echo _restorePostValue('db_server', 'localhost');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.name'];
?>
</th>
<td><input type="text" name="db_name"<?php
echo _restorePostValue('db_name');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.user'];
?>
</th>
<td><input type="text" name="db_user"<?php
echo _restorePostValue('db_user');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.pwd'];
?>
</th>
<td><input type="password" name="db_pwd"<?php
echo _restorePostValue('db_pwd');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.prefix'];
?>
</th>
<td><input type="text" maxlength="24" name="db_prefix"<?php
echo _restorePostValue('db_prefix', 'sunlight');
?>
></td>
</tr>
<tr>
<th><?php
echo $_lang['step.2.db.tables'];
?>
</th>
<td><label><input type="checkbox" name="db_overwrite"<?php
echo _checkboxActivate(isset($_POST['db_overwrite']));
?>
value="1" onchange="if (this.checked && !confirm('<?php
echo $_lang['step.2.db.tables.overwrite.confirm'];
?>
')) this.checked = false"> <?php
echo $_lang['step.2.db.tables.overwrite'];
?>
</label></td>
</tr>
</tbody>
</table>
<p class="center"><input type="submit" value="<?php
echo $_lang[$step != 3 ? 'step.2.submit' : 'global.continue'];
?>
"></p>
<?php
//<p class="warning"><?php echo $_lang['step.2.warning']</p>
break;
}
?>
<input type="hidden" name="step" value="<?php
echo $step;
?>
">
</form>
<?php
}