';
} else {
// article edit
if (!ctype_digit($_GET['edit'])) {
redirect("/");
}
if (dbcount("(article_id)", "bg_articles", " article_id='" . (int) $_GET['edit'] . "'") == "0") {
redirect("/");
}
$editresult = dbquery("SELECT * FROM bg_articles WHERE article_id='" . $_GET["edit"] . "'");
$edata = dbarray($editresult);
if (isset($_POST["savearticle"]) and $_POST["nazov"] != "" and $_POST["text"] != "") {
$nazov = dbescape(strip_tags($_POST["nazov"]));
$kat = $_POST["kat"];
$img = $_POST["img"];
$target = dbescape(strip_tags($_POST["target"]));
$text = addslashes($_POST["text"]);
$mtext = addslashes($_POST["minitext"]);
$navrh = isset($_POST["suggestion"]) ? $_POST["suggestion"] : $edata["article_suggestion"];
$redate = $_POST["redate"];
if ($redate) {
dbquery("UPDATE bg_articles SET article_date='" . time() . "' WHERE article_id='" . (int) $_GET["edit"] . "'");
}
dbquery("UPDATE bg_articles SET article_minitxt='" . $mtext . "',article_img='" . $img . "',article_name='" . $nazov . "',article_cat='" . $kat . "',article_txt='" . $text . "',article_suggestion='" . $navrh . "',article_target='" . $target . "' WHERE article_id='" . (int) $_GET["edit"] . "'");
echo '<div class="alert alert-success">Článok <b><a class="alert-link" href="/clanok/' . $_GET["edit"] . '/">' . $nazov . '</a></b> bol Upravený.</div>';
}
if ($userinfo["user_perm"] == 4) {
$mojclanok = $edata["article_author"] == $userinfo["user_id"] ? true : false;
} else {
$mojclanok = true;
}
<?php
if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')) {
die("bad request");
}
require "../settings.php";
if (!MEMBER) {
redirect("/");
}
$touserid = (int) $_POST["touserid"];
$text = dbescape(htmlspecialchars($_POST["chatboxtext"], ENT_QUOTES));
$puserr = dbquery("SELECT * FROM bg_users WHERE user_id='" . $touserid . "'");
$puser = dbarray($puserr);
$validuser = dbrows($puserr);
if ($validuser == 0) {
echo "Error.";
}
if ($touserid == "") {
redirect("/");
}
if ($text != "") {
dbquery("INSERT INTO bg_messages (mes_userid, mes_touserid, mes_text, mes_time) VALUES('" . $userinfo["user_id"] . "', '" . $touserid . "', '" . $text . "', '" . time() . "') ");
}
function sanitizeIntoDB($text)
{
// dbescape checks the database type and escapes appropriately.
// fifers: we could roll the functionality into here...
$text = dbescape(stripslashes($text));
$text = $this->oopsAddSlashes($text);
return $text;
}
<?php
if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')) {
die("bad request");
}
require "../settings.php";
if (!MEMBER) {
redirect("/");
}
$searchuser = htmlspecialchars(dbescape($_GET["s"]));
if (!isset($searchuser)) {
redirect("/");
}
if ($searchuser != "") {
$result = dbquery("SELECT * FROM bg_users WHERE user_id<>'" . $userinfo["user_id"] . "' AND user_nick LIKE '" . $searchuser . "%' ORDER BY user_nick ASC");
$rows1 = dbrows($result);
if ($rows1 >= "1") {
while ($data = dbarray($result)) {
$unreadmessel = dbcount("(mes_id)", "bg_messages", "mes_touserid='" . $userinfo["user_id"] . "' AND mes_userid='" . $data["user_id"] . "' AND mes_read='0'");
$unreadmes = '<span class="gtipred" data-target="' . $data["user_id"] . '">' . $unreadmessel . '</span>';
echo '<a class="list-group-item userlistid" title="Online ' . timeago($data["user_lastactivity"]) . '" id="' . $data["user_id"] . '">' . $data["user_nick"] . '<span class="badge">' . $adminprava[$data["user_perm"]] . '</span></a>';
}
} else {
echo "Žiadni užívatelia.";
}
} else {
$resultchati = dbquery("SELECT DISTINCT(mes_userid) FROM bg_messages WHERE mes_touserid='" . $userinfo["user_id"] . "' AND mes_time>'" . strtotime('-1 month') . "' ORDER BY mes_time");
$rows1 = dbrows($resultchati);
if ($rows1 >= "1") {
while ($data = dbarray($resultchati)) {
$unreadmessel = dbcount("(mes_id)", "bg_messages", "mes_touserid='" . $userinfo["user_id"] . "' AND mes_userid='" . $data["mes_userid"] . "' AND mes_read='0'");
$logged = 1;
} else {
$logged = 0;
redirect("?logout");
}
} else {
$logged = 0;
redirect("?logout");
}
}
// login odoslany
if (isset($_POST["user_email"]) && isset($_POST["user_password"])) {
$passwordhash = md5(md5(md5($_POST["user_password"])));
if ($_POST["user_email"] != "" && $_POST["user_password"] != "") {
if (filter_var($_POST["user_email"], FILTER_VALIDATE_EMAIL)) {
$bb = dbquery("SELECT * FROM bg_users WHERE user_email='" . dbescape($_POST["user_email"]) . "'");
$userinfo = dbarray($bb);
if (dbrows($bb) == 1 && $userinfo["user_active"] == 0) {
$notifdeactive = 1;
}
$detectban = dbrows(dbquery("SELECT * FROM da_bans WHERE ban_userid='" . $userinfo["user_id"] . "' AND ban_durationtime>'" . time() . "' "));
if ($detectban == 0) {
if ($userinfo["user_email"] != htmlspecialchars($_POST["user_email"])) {
$bademail = 1;
}
if ($userinfo["user_password"] == $passwordhash) {
setcookie("log", $userinfo["user_id"] . "." . $passwordhash, time() + 3600 * 24 * 12 * 24, "/", "", "0");
$logged = 1;
$notiflogin = 1;
} else {
$badpassword = 1;
<h5>Vytvorenie nového účtu</h5>
Prosím vyplňte <b>všetky</b> údaje - viac údajov si môžete doplniť po prihlásení.
</div>
</div>
<?php
if (MEMBER) {
redirect("/");
}
if (isset($_POST["vytvorit"])) {
if (isset($_POST['sbs']) && $_POST['sbs'] == "") {
// kontrola pred spam botmi
if (isset($_POST['cislo']) && isset($_SESSION['spamkiller']) && $_POST['cislo'] == $_SESSION['spamkiller']) {
if (isset($_POST['podmienky']) == "1") {
$user = dbescape(StrTr(strip_tags($_POST["meno"]), "ÁÄČÇĎÉĚËÍŇÓÖŘŠŤÚŮÜÝŽáäčçďéěëíňóöřšťúůüýž ", "AACCDEEEINOORSTUUUYZaaccdeeeinoorstuuuyz-"));
$email = dbescape(strip_tags($_POST["email"]));
$pass = md5(md5(md5($_POST["heslo"])));
$pass2 = md5(md5(md5($_POST["heslo2"])));
if ($pass == $pass2) {
$result5 = dbquery("SELECT * FROM bg_users WHERE user_nick='" . $user . "'");
$result55 = dbquery("SELECT * FROM bg_users WHERE user_email='" . $email . "'");
$rows5 = dbrows($result5);
$rows55e = dbrows($result55);
if ($rows5 == 0 && $rows55e == 0 && $user != "") {
if (preg_match("/^[^@]*@[^@]*\\.[^@]*\$/", $email)) {
if (strlen($user) >= 4 and strlen($email) >= 4) {
if (strlen($pass) >= 6) {
dbquery("INSERT INTO bg_users(user_nick, user_password,user_email,user_active,user_datereg,user_lastactivity,user_ip,user_browser,user_os)\n VALUES('" . $user . "','" . $pass . "','" . $email . "','1','" . time() . "','" . time() . "','" . $_SERVER["REMOTE_ADDR"] . "','" . getBrowser() . "','" . getOS() . "')");
echo '<div class="alert alert-success">Registrácia prebehla úspešne. Teraz sa môžete prihlásiť.</div>';
} else {
echo '<div class="alert alert-warning">Minimálna dĺžka hesla je 6 znakov.</div>';
<label>
<input class="btn btn-success" name="lostpw2" value="Resetovať heslo" type="submit">
</label>
</div>
</div>
</div>
</form>
';
} else {
redirect("?error=exist");
}
} else {
if (isset($_POST["reset"])) {
if (isset($_POST['cislo']) && $_POST['cislo'] == $_SESSION['control2']) {
if (preg_match("/^[^@]*@[^@]*\\.[^@]*\$/", strip_tags($_POST["email"]))) {
$result8 = dbquery("SELECT * FROM bg_users WHERE user_email='" . strip_tags(dbescape($_POST["email"])) . "' AND user_nick='" . strip_tags(dbescape($_POST["meno"])) . "' AND user_active='1'");
$rows6 = dbrows($result8);
if ($rows6 == 1 && strip_tags($_POST["meno"]) != "") {
$active = dbarray($result8);
$mdcode = md5($active["user_nick"] . rand(10, 99));
$url = "http://desart.sk/noveheslo?resetpass="******"email"]);
$subject = 'Desart - nové heslo';
$message = "<html>Pre nové hesla kliknite sem: " . nl2br($url) . "</html>";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
$headers .= 'From: Desart <*****@*****.**>' . "\r\n";
mail($to, $subject, $message, $headers);
dbquery("UPDATE bg_users SET user_active='0' WHERE user_id='" . $active["user_id"] . "'");
dbquery("UPDATE bg_users SET user_usercode='" . $mdcode . "' WHERE user_id='" . $active["user_id"] . "'");
redirect("?error=send");
