function _HCM_mailform($adresa = "", $priloha = false, $predmet = null)
{
// priprava
$result = "";
$_SESSION[_sessionprefix . 'hcm_' . SL::$hcmUid . '_mail_receiver'] = @implode(",", _arrayRemoveValue(@explode(";", trim($adresa)), ""));
if (_boolean($priloha)) {
$rfile = array($GLOBALS['_lang']['hcm.mailform.att'], "<input type='file' name='att' />");
$att = true;
} else {
$rfile = array('');
$att = false;
}
if (isset($predmet)) {
$rsubject = " value='" . _htmlStr($predmet) . "'";
} else {
$rsubject = "";
}
$rcaptcha = _captchaInit();
// zprava
$msg = '';
if (isset($_GET['hcm_mr_' . SL::$hcmUid])) {
switch ($_GET['hcm_mr_' . SL::$hcmUid]) {
case 1:
$msg = _formMessage(1, $GLOBALS['_lang']['hcm.mailform.msg.done']);
break;
case 2:
$msg = _formMessage(2, $GLOBALS['_lang']['hcm.mailform.msg.failure']);
break;
case 3:
$msg = _formMessage(3, $GLOBALS['_lang']['hcm.mailform.msg.failure2']);
break;
case 4:
$msg = _formMessage(3, $GLOBALS['_lang']['xsrf.msg']);
break;
}
}
// predvyplneni odesilatele
if (_loginindicator) {
$sender = _loginemail;
} else {
$sender = "@";
}
$result .= "<div class='anchor'><a name='hcm_mform_" . SL::$hcmUid . "'></a></div>\n" . $msg . _formOutput("mform" . SL::$hcmUid, _indexroot . "remote/hcm/mform.php?_return=" . urlencode(_indexOutput_url) . ($att ? "' enctype='multipart/form-data" : ''), array(array($GLOBALS['_lang']['hcm.mailform.sender'], "<input type='text' class='inputsmall' name='sender' value='" . $sender . "' /><input type='hidden' name='fid' value='" . SL::$hcmUid . "' />"), array($GLOBALS['_lang']['posts.subject'], "<input type='text' class='inputsmall' name='subject'" . $rsubject . " />"), $rcaptcha, array($GLOBALS['_lang']['hcm.mailform.text'], "<textarea class='areasmall' name='text' rows='9' cols='33'></textarea>", true), $rfile), array("text", "sender"), $GLOBALS['_lang']['hcm.mailform.send']);
return $result;
}
/**
* Sestavit kod systemoveho formulare
*
* $id Popis $vars
*
* login prihlasovaci formular -
* notpublic prihlasovaci formular (neverejny obsah) [wholesite 1/0]
* postform formular pro zaslani prispevku/komentare [posttype => viz fce _postsOutput, posttarget => id_home, xhome => id_xhome, [pluginflag(pouze pro typ 7)] => xx)]
*
* @param string $id identifikator formulare
* @param array $vars promenne dle typu
* @param bool $notitle nevkladat titulek do formulare 1/0
* @param bool $extend volat extend udalosti 1/0
* @return array array(content, title)
*/
function _uniForm($id, $vars = array(), $notitle = false, $extend = true)
{
// priprava
global $_lang;
$content = "";
$title = "";
// extend
if ($extend) {
_extend('call', 'sys.form', array('id' => $id, 'vars' => $vars, 'notitle' => &$notitle, 'content' => &$content));
}
// typ
if ('' === $content) {
switch ($id) {
/* --- prihlaseni --- */
case "login":
// titulek
$title = $_lang['login.title'];
// zpravy
if (isset($_GET['_mlr'])) {
switch ($_GET['_mlr']) {
case 0:
$content .= _formMessage(2, $_lang['login.failure']);
break;
case 1:
if (_loginindicator and !_administration) {
$content .= _formMessage(1, $_lang['login.success']);
}
break;
case 2:
if (!_loginindicator) {
$content .= _formMessage(2, $_lang['login.blocked.message']);
}
break;
case 3:
if (!_loginindicator) {
$content .= _formMessage(3, $_lang['login.securitylogout']);
}
break;
case 4:
if (!_loginindicator) {
$content .= _formMessage(1, $_lang['login.selfremove']);
}
break;
case 5:
if (!_loginindicator) {
$content .= _formMessage(2, str_replace(array("*1*", "*2*"), array(_maxloginattempts, _maxloginexpire / 60), $_lang['login.attemptlimit']));
}
break;
case 6:
$content .= _formMessage(3, $_lang['xsrf.msg']);
break;
}
}
// obsah
if (!_loginindicator) {
// adresa pro navrat
if (isset($_GET['login_form_return'])) {
$return = $_GET['login_form_return'];
} else {
$return = $_SERVER['REQUEST_URI'];
}
// adresa formulare
$form_url = parse_url($_SERVER['REQUEST_URI']);
if (isset($form_url['query'])) {
parse_str($form_url['query'], $form_url['query']);
unset($form_url['query']['_formData'], $form_url['query']['_mlr']);
$form_url = _buildURL($form_url);
} else {
$form_url = $_SERVER['REQUEST_URI'];
}
// kod formulare
$callArgs = array("login_form", _indexroot . "remote/login.php?_return=" . urlencode($return), array(array($_lang['login.username'], "<input type='text' name='username' class='inputmedium'" . _restoreGetFdValue("username") . " maxlength='24' />"), array($_lang['login.password'], "<input type='password' name='password' class='inputmedium' />")), null, $_lang['global.login'], " <label><input type='checkbox' name='persistent' value='1' /> " . $_lang['login.persistent'] . "</label><input type='hidden' name='form_url' value='" . _htmlStr($form_url) . "' />\n <label><input type='checkbox' name='ipbound' value='1' checked='checked' /> " . (isset($_lang['login.ipbound']) ? $_lang['login.ipbound'] : 'zabezpečené') . "</label>");
if ($extend) {
_extend('call', 'sys.form.login', array('call' => &$callArgs));
}
$content .= call_user_func_array('_formOutput', $callArgs);
// odkazy
if (_registration or _lostpass) {
$content .= "\n\n<p>\n" . ((_registration and !_administration) ? "<a href='" . _indexroot . "index.php?m=reg'>" . $_lang['mod.reg'] . " ></a>\n" : '') . (_lostpass ? ((_registration and !_administration) ? "<br />" : '') . "<a href='" . _indexroot . "index.php?m=lostpass'>" . $_lang['mod.lostpass'] . " ></a>\n" : '') . "</p>";
}
} else {
$content .= "<p>" . $_lang['login.ininfo'] . " <em>" . _loginname . "</em> - <a href='" . _xsrfLink(_indexroot . "remote/logout.php") . "'>" . $_lang['usermenu.logout'] . "</a>.</p>";
}
break;
/* --- zprava o neverejnosti obsahu (0-notpublicsite) --- */
/* --- zprava o neverejnosti obsahu (0-notpublicsite) --- */
case "notpublic":
$form = _uniForm("login", array(), true);
if (!isset($vars[0])) {
$vars[0] = false;
}
$content = "<p>" . $_lang['notpublic.p' . ($vars[0] == true ? '2' : '')] . "</p>" . $form[0];
$title = $_lang['notpublic.title'];
break;
/* --- formular pro zaslani prispevku / komentare (posttype,posttarget,xhome,url) --- */
/* --- formular pro zaslani prispevku / komentare (posttype,posttarget,xhome,url) --- */
case "postform":
$title = "";
$notitle = true;
// pole
$inputs = array();
$captcha = _captchaInit();
$content = _jsLimitLength(16384, "postform", "text");
if (_loginindicator == 0) {
$inputs[] = array($_lang['posts.guestname'], "<input type='text' name='guest' maxlength='24' class='inputsmall'" . _restoreGetFdValue("guest") . " />");
}
if ($vars['xhome'] == -1) {
$inputs[] = array($_lang[$vars['posttype'] != 5 ? 'posts.subject' : 'posts.topic'], "<input type='text' name='subject' class='input" . ($vars['posttype'] != 5 ? 'small' : 'medium') . "' maxlength='" . ($vars['posttype'] != 5 ? 22 : 48) . "'" . _restoreGetFdValue("subject") . " />");
}
$inputs[] = $captcha;
$inputs[] = array($_lang['posts.text'], "<textarea name='text' class='areamedium' rows='5' cols='33'>" . _restoreGetFdValue("text", null, true) . "</textarea><input type='hidden' name='_posttype' value='" . $vars['posttype'] . "' /><input type='hidden' name='_posttarget' value='" . $vars['posttarget'] . "' /><input type='hidden' name='_xhome' value='" . $vars['xhome'] . "' />" . (isset($vars['pluginflag']) ? "<input type='hidden' name='_pluginflag' value='" . $vars['pluginflag'] . "' />" : ''), true);
// formular
$callArgs = array('postform', _addGetToLink(_indexroot . "remote/post.php", "_return=" . urlencode($vars['url']), false), $inputs, array("text"), null, _getPostformControls("postform", "text"));
if ($extend) {
_extend('call', 'sys.form.postform', array('call' => &$callArgs, 'vars' => $vars));
}
$content .= call_user_func_array('_formOutput', $callArgs);
break;
}
}
// return
if ((_template_autoheadings == 1 or _administration == 1) and $notitle == false) {
$content = "<h1>{$title}</h1>\n" . $content;
}
return array($content, $title);
}
$continue = true;
}
/* --- akce --- */
if ($continue && isset($_POST['do'])) {
foreach ($_POST as $id => $title) {
if ($id == "do") {
continue;
}
$id = intval($id);
$title = DB::esc(_htmlStr(trim($title)));
if ($title == "") {
$title = $_lang['global.novalue'];
}
DB::query("UPDATE `" . _mysql_prefix . "-root` SET title='" . $title . "' WHERE id=" . $id);
}
$message = _formMessage(1, $_lang['global.saved']);
}
/* --- vystup --- */
if ($continue) {
$output .= "<p class='bborder'>" . $_lang['admin.content.titles.p'] . "</p>" . $message . "\n\n<form action='index.php?p=content-titles' method='post'>\n<input type='hidden' name='do' value='1' />\n\n<table>\n<tr><td><strong>" . $_lang['global.item'] . "</strong></td><td class='lpad'><strong>" . $_lang['global.type'] . "</strong></td></tr>\n";
// funkce
function _admin_titleListItem($item, $ipad = false)
{
global $_lang;
$type_array = _admin_getTypeArray();
if ($ipad == true) {
$ipad = " class='intersecpad'";
} else {
$ipad = "";
}
return "<tr><td" . $ipad . "><input class='inputmedium' type='text' maxlength='96' name='" . $item['id'] . "' value='" . $item['title'] . "' /></td><td class='lpad'>" . $_lang['admin.content.' . $type_array[$item['type']]] . "</td></tr>\n";
define('_redirect_to', 'index.php?p=content-polls-edit&id=' . $id . '&saved');
return;
} else {
DB::query("INSERT INTO `" . _mysql_prefix . "-polls` (author,question,answers,locked,votes) VALUES (" . $author . ",'" . $question . "','" . $answers . "'," . $locked . ",'" . trim(str_repeat("0-", $answers_count), "-") . "')");
$newid = DB::insertID();
define('_redirect_to', 'index.php?p=content-polls-edit&id=' . $newid . '&created');
return;
}
} else {
$message = _formMessage(2, _eventList($errors, 'errors'));
}
}
/* --- vystup --- */
if ($continue) {
// vyber autora
if (_loginright_adminpollall) {
$author_select = "\n <tr>\n <td class='rpad'><strong>" . $_lang['article.author'] . "</strong></td>\n <td>" . _admin_authorSelect("author", $query['author'], "adminpoll=1", "selectmedium") . "</td></tr>\n ";
} else {
$author_select = "";
}
// zprava
if (isset($_GET['saved'])) {
$message = _formMessage(1, $_lang['global.saved']);
}
if (isset($_GET['created'])) {
$message = _formMessage(1, $_lang['global.created']);
}
$output .= "\n <p class='bborder'>" . $_lang['admin.content.polls.edit.p'] . "</p>\n " . $message . "\n <form action='index.php?p=content-polls-edit" . $actionbonus . "' method='post'>\n <table class='formtable'>\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.question'] . "</strong></td>\n <td><input type='text' name='question' class='inputmedium' value='" . $query['question'] . "' maxlength='64' /></td>\n </tr>\n\n " . $author_select . "\n\n <tr class='valign-top'>\n <td class='rpad'><strong>" . $_lang['admin.content.form.answers'] . "</strong></td>\n <td><textarea name='answers' rows='25' cols='94' class='areamedium'>" . $query['answers'] . "</textarea></td>\n </tr>\n\n " . (!$new ? "<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.hcm'] . "</strong></td>\n <td><input type='text' name='hcm' value='[hcm]poll," . $id . ",150[/hcm]' readonly='readonly' onclick='this.select();' class='inputmedium' /></td>\n </tr>" : '') . "\n\n <tr>\n <td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n <td>\n <label><input type='checkbox' name='locked' value='1'" . _checkboxActivate($query['locked']) . " /> " . $_lang['admin.content.form.locked'] . "</label> \n " . (!$new ? "<label><input type='checkbox' name='reset' value='1' /> " . $_lang['admin.content.polls.reset'] . "</label>" : '') . "\n </td>\n </tr>\n\n <tr><td></td>\n <td><input type='submit' value='" . $submitcaption . "' />" . (!$new ? " <small>" . $_lang['admin.content.form.thisid'] . " " . $id . "</small> <span class='customsettings'><a href='index.php?p=content-polls&del=" . $id . "' onclick='return _sysConfirm();'><span><img src='images/icons/delete.png' class='icon' alt='del' /> " . $_lang['global.delete'] . "</span></a>" : '') . "</span></td>\n </tr>\n\n </table>\n " . _xsrfProtect() . "</form>\n ";
} else {
$output .= _formMessage(3, $_lang['global.badinput']);
}
// podminky
$sql .= ' WHERE gal.visible=1';
if ($public) {
$sql .= ' AND gal.public=1';
}
$sql .= ' AND ' . _tmpSearchQuery('img', array('title'));
// vykonani a nacteni vysledku
$q = DB::query($sql . ' LIMIT 20');
while ($r = DB::row($q)) {
$link = _addGetToLink(_linkRoot($r['home'], $r['title_seo']), 'page=' . _resultPagingGetItemPage($r['var2'], "images", "ord<" . $r['ord'] . " AND home=" . $r['home']));
$results[] = array($link, $r['gal_title'], ($r['title'] !== '' ? $r['title'] . '<br />' : '') . _galleryImage($r, 'search', 128, 128));
}
DB::free($q);
}
// extend
_extend('call', 'mod.search.results', array('results' => &$results, 'query' => $search_query, 'query_sql' => $search_query_sql));
// vypis vysledku
if (count($results) != 0) {
foreach ($results as $item) {
$module .= "\n<h2 class='list-title'><a href='" . $item[0] . "'>" . $item[1] . "</a></h2>\n<p class='list-perex'>" . $item[2] . "</p>\n";
if (isset($item[3])) {
$module .= "<div class='list-info'>" . $item[3] . "</div>\n";
}
}
} else {
$module .= "<br />" . _formMessage(1, $_lang['mod.search.noresult']);
}
} else {
$module .= "<br />" . _formMessage(2, $_lang['mod.search.minlength']);
}
}
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- akce --- */
$message = "";
if (isset($_POST['user'])) {
$user = DB::esc(_anchorStr(trim($_POST['user'])));
$query = DB::query("SELECT id,password FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
_userLogout(false);
$_SESSION[_sessionprefix . "user"] = $query['id'];
$_SESSION[_sessionprefix . "password"] = $query['password'];
$_SESSION[_sessionprefix . "ip"] = _userip;
$_SESSION[_sessionprefix . "ipbound"] = true;
define('_redirect_to', _indexroot . 'index.php?m=login');
return;
} else {
$message = _formMessage(2, $_lang['global.baduser']);
}
}
/* --- vystup --- */
$output .= "\n<p class='bborder'>" . $_lang['admin.other.transm.p'] . "</p>\n" . $message . "\n<form action='index.php?p=other-transm' method='post'>\n<strong>" . $_lang['global.user'] . ":</strong> <input type='text' name='user' class='inputsmall' /> <input type='submit' value='" . $_lang['global.login'] . "' />\n" . _xsrfProtect() . "</form>\n";
}
if (isset($_GET['created'])) {
$message = _formMessage(1, $_lang['global.created']);
}
// wysiwyg editor
$output .= _admin_wysiwyg();
// vypocet hodnoceni
if (!$new) {
if ($query['ratenum'] != 0) {
$rate = DB::result(DB::query("SELECT ROUND(ratesum/ratenum) FROM `" . _mysql_prefix . "-articles` WHERE id=" . $query['id']), 0) . "%, " . $query['ratenum'] . "x";
} else {
$rate = $_lang['article.rate.nodata'];
}
} else {
$rate = "";
}
// seo title input
$seo_input = "<input type='text' name='title_seo' value='" . $query['title_seo'] . "' maxlength='255' class='input" . ($author_select != '' ? 'medium' : 'big') . "' />";
// obrazek
$picture = '';
if (isset($query['picture_uid'])) {
$picture .= "<img src='" . _pictureStorageGet(_indexroot . 'pictures/articles/', null, $query['picture_uid'], 'jpg') . "' alt='article picture' id='is-picture-file' />\n<label id='is-picture-delete'><input type='checkbox' name='picture-delete' value='1' /> <img src='images/icons/delete3.png' class='icon' alt='" . $_lang['global.delete'] . "' /></label>";
} else {
$picture .= "<img src='images/art-no-pic.png' alt='no picture' />\n";
}
$picture .= "<input type='file' name='picture' id='is-picture-upload' />\n";
// formular
$output .= "\n<a href='" . $backlink . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.articles.edit.title'] . "</h1>\n<p class='bborder'>" . $_lang['admin.content.articles.edit.p'] . "</p>" . $message . "\n\n" . (($new == true and _loginright_adminneedconfirm) ? _admin_smallNote($_lang['admin.content.articles.edit.newconfnote']) : '') . "\n" . ($query['confirmed'] != 1 ? _admin_smallNote($_lang['admin.content.articles.edit.confnote']) : '') . "\n\n" . (!$new && DB::result(DB::query('SELECT COUNT(*) FROM `' . _mysql_prefix . '-articles` WHERE `id`!=' . $query['id'] . ' AND `home1`=' . $query['home1'] . ' AND `title_seo`=\'' . $query['title_seo'] . '\''), 0) != 0 ? _formMessage(2, $_lang['admin.content.form.title_seo.collision']) : '') . "\n\n<form class='cform' action='index.php?p=content-articles-edit" . $actionplus . "' method='post' enctype='multipart/form-data' name='artform'" . _jsCheckForm("artform", array("title")) . ">\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['article.category'] . "</strong></td>\n<td>" . _admin_rootSelect("home1", 2, $query['home1'], false) . " " . _admin_rootSelect("home2", 2, $query['home2'], true) . " " . _admin_rootSelect("home3", 2, $query['home3'], true) . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' value='" . $query['title'] . "' class='inputbig' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title_seo'] . "</strong></td>\n<td>" . ($author_select == '' ? $seo_input : "\n <table class='ae-twoi'><tr>\n <td>" . $seo_input . "</td>\n <td class='rpad'><strong>" . $_lang['article.author'] . "</strong></td>\n <td>" . $author_select . "</td>\n </tr></table>\n") . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.description'] . "</strong></td>\n<td>\n <table class='ae-twoi'><tr>\n <td><input type='text' name='description' value='" . $query['description'] . "' maxlength='128' class='inputmedium' /></td>\n <td class='rpad'><strong>" . $_lang['admin.content.form.keywords'] . "</strong></td>\n <td><input type='text' name='keywords' value='" . $query['keywords'] . "' maxlength='128' class='inputmedium' /></td>\n </tr></table>\n</td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.perex'] . "</strong></td>\n<td><textarea name='perex' rows='9' cols='94' class='areabigperex codemirror'>" . _htmlStr($query['perex']) . "</textarea></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.content'] . "</strong>" . $artlink . "</td>\n<td>\n\n <table id='ae-table'>\n <tr class='valign-top'>\n <td id='content-cell'>\n <textarea name='content' rows='25' cols='68' class='wysiwyg_editor" . (!_wysiwyg || !_loginwysiwyg ? ' codemirror' : '') . "'>" . _htmlStr($query['content']) . "</textarea>\n </td>\n <td id='is-cell'>\n <div id='is-cell-wrapper'>\n <div id='is-cell-content'>\n\n <h2>" . $_lang['admin.content.form.picture'] . "</h2>\n <div id='is-picture'>" . $picture . "</div>\n\n <h2>" . $_lang['admin.content.form.settings'] . "</h2>\n <p id='is-settings'>\n <label><input type='checkbox' name='public' value='1'" . _checkboxActivate($query['public']) . " /> " . $_lang['admin.content.form.public'] . "</label>\n <label><input type='checkbox' name='visible' value='1'" . _checkboxActivate($query['visible']) . " /> " . $_lang['admin.content.form.visible'] . "</label>\n " . (_loginright_adminconfirm || !_loginright_adminneedconfirm && $query['author'] == _loginid ? "<label><input type='checkbox' name='confirmed' value='1'" . _checkboxActivate($query['confirmed']) . " /> " . $_lang['admin.content.form.confirmed'] . "</label>" : '') . "\n <label><input type='checkbox' name='comments' value='1'" . _checkboxActivate($query['comments']) . " /> " . $_lang['admin.content.form.comments'] . "</label>\n <label><input type='checkbox' name='commentslocked' value='1'" . _checkboxActivate($query['commentslocked']) . " /> " . $_lang['admin.content.form.commentslocked'] . "</label>\n <label><input type='checkbox' name='rateon' value='1'" . _checkboxActivate($query['rateon']) . " /> " . $_lang['admin.content.form.artrate'] . "</label>\n <label><input type='checkbox' name='showinfo' value='1'" . _checkboxActivate($query['showinfo']) . " /> " . $_lang['admin.content.form.showinfo'] . "</label>\n " . (!$new ? "<label><input type='checkbox' name='resetrate' value='1' /> " . $_lang['admin.content.form.resetartrate'] . " <small>(" . $rate . ")</small></label>" : '') . "\n " . (!$new ? "<label><input type='checkbox' name='delcomments' value='1' /> " . $_lang['admin.content.form.delcomments'] . " <small>(" . DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-posts` WHERE home=" . $query['id'] . " AND type=2"), 0) . ")</small></label>" : '') . "\n " . (!$new ? "<label><input type='checkbox' name='resetread' value='1' /> " . $_lang['admin.content.form.resetartread'] . " <small>(" . $readed_counter . ")</small></label>" : '') . "\n </p>\n\n <h2>" . $_lang['admin.content.form.infobox'] . "</h2>\n <div id='infobox-wrapper'>\n <textarea name='infobox' rows='10' cols='20' class='codemirror'>" . _htmlStr($query['infobox']) . "</textarea>\n </div>\n\n </div>\n </div>\n </td>\n </tr>\n </table>\n\n</td>\n</tr>\n\n<tr id='time-cell'>\n<td class='rpad'><strong>" . $_lang['article.posted'] . "</strong></td>\n<td>" . _editTime('time', $query['time'], true, $new) . "</td>\n</tr>\n\n<tr>\n<td></td>\n<td id='ae-lastrow'><br /><input type='submit' value='" . $_lang[$submittext] . "' />\n" . (!$new ? "\n \n<span class='customsettings'><a href='index.php?p=content-articles-delete&id=" . $query['id'] . "&returnid=" . $query['home1'] . "&returnpage=1'><span><img src='images/icons/delete.png' alt='del' class='icon' />" . $_lang['global.delete'] . "</span></a></span> \n<span class='customsettings'><small>" . $_lang['admin.content.form.thisid'] . " " . $query['id'] . "</small></span>\n" : '') . "\n\n</td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n\n";
} else {
$output .= "<a href='index.php?p=content-articles' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.articles.edit.title'] . "</h1>\n" . _formMessage(3, $_lang['global.badinput']);
}
$module .= "<p><a href='" . $backlink . "'>< " . $_lang['global.return'] . "</a></p>";
// zprava
$module .= $message;
// formular
if ($continue) {
$furl = 'index.php?m=movetopic&id=' . $id;
$module .= '
<form action="' . $furl . '" method="post">
' . _formMessage(2, sprintf($_lang['mod.movetopic.text'], $query['subject'])) . '
<p>
<select name="new_forum"' . (empty($forums) ? " disabled='disabled'" : '') . '>
';
if (empty($forums)) {
$module .= "<option value='-1'>" . $_lang['mod.movetopic.noforums'] . "</option>\n";
} else {
foreach ($forums as $fid => $ftitle) {
$module .= "<option value='" . $fid . "'>" . $ftitle . "</option>\n";
}
}
$module .= '</select>
<input type="submit" value="' . $_lang['mod.movetopic.submit'] . '" />
</p>
' . _xsrfProtect() . '</form>
';
} else {
/*neplatny vstup*/
if (!$scriptbreak) {
$module .= _formMessage(3, $_lang['global.badinput']);
$found = false;
}
}
// deinstalace
// deinstalace
case 2:
$pass = $_POST['pass'];
$confirm = _checkboxLoad("confirm");
if ($confirm) {
$right_pass = DB::query_row("SELECT password,salt FROM `" . _mysql_prefix . "-users` WHERE id=0");
if (_md5Salt($pass, $right_pass['salt']) == $right_pass['password']) {
// ziskani tabulek
$tables = array();
$q = DB::query('SHOW TABLES LIKE \'' . _mysql_prefix . '-%\'');
while ($r = DB::rown($q)) {
$tables[] = $r[0];
}
// odstraneni tabulek
foreach ($tables as $table) {
DB::query("DROP TABLE `" . $table . "`");
}
// zprava
_userLogout();
echo "<h1>" . $_lang['global.done'] . "</h1>\n<p>" . $_lang['admin.other.cleanup.uninstall.done'] . "</p>";
exit;
} else {
$message = _formMessage(2, $_lang['admin.other.cleanup.uninstall.badpass']);
}
}
break;
}
}
/* --- vystup --- */
$output .= $message . "\n<br />\n<fieldset>\n<legend>" . $_lang['admin.other.cleanup.cleanup'] . "</legend>\n<form class='cform' action='index.php?p=other-cleanup' method='post'>\n<input type='hidden' name='action' value='1' />\n<p>" . $_lang['admin.other.cleanup.cleanup.p'] . "</p>\n\n<table>\n<tr class='valign-top'>\n\n<td rowspan='2'>\n <fieldset>\n <legend>" . $_lang['mod.messages'] . "</legend>\n <label><input type='radio' name='messages' value='0'" . _checkboxActivate(!isset($_POST['messages']) || $_POST['messages'] == 0) . " /> " . $_lang['global.noaction'] . "</label><br />\n <label><input type='radio' name='messages' value='1'" . _checkboxActivate(isset($_POST['messages']) && $_POST['messages'] == 1) . " /> " . $_lang['admin.other.cleanup.messages.1'] . "</label> " . _tmp_selectTime("messages-time") . "<br />\n <label><input type='radio' name='messages' value='2'" . _checkboxActivate(isset($_POST['messages']) && $_POST['messages'] == 2) . " /> " . $_lang['admin.other.cleanup.messages.2'] . "</label>\n </fieldset>\n\n <fieldset>\n <legend>" . $_lang['admin.users.users'] . "</legend>\n <p class='bborder'><label><input type='checkbox' name='users' value='1'" . _checkboxActivate(isset($_POST['users'])) . " /> " . $_lang['admin.other.cleanup.users'] . "</label></p>\n <table>\n\n <tr>\n <td><strong>" . $_lang['admin.other.cleanup.users.time'] . "</strong></td>\n <td>" . _tmp_selectTime("users-time") . "</td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['admin.other.cleanup.users.group'] . "</strong></td>\n <td>" . _admin_authorSelect("users-group", isset($_POST['users-group']) ? intval($_POST['users-group']) : -1, "1", null, $_lang['global.all'], true) . "</td>\n </tr>\n\n </table>\n </fieldset>\n</td>\n\n<td>\n <fieldset>\n <legend>" . $_lang['global.other'] . "</legend>\n <label><input type='checkbox' name='maintenance' value='1' checked='checked' /> " . $_lang['admin.other.cleanup.other.maintenance'] . "</label><br />\n <label><input type='checkbox' name='optimize' value='1' checked='checked' /> " . $_lang['admin.other.cleanup.other.optimize'] . "</label><br />\n <label><input type='checkbox' name='comments' value='1'" . _checkboxActivate(isset($_POST['comments'])) . " /> " . $_lang['admin.other.cleanup.other.comments'] . "</label><br />\n <label><input type='checkbox' name='posts' value='1'" . _checkboxActivate(isset($_POST['posts'])) . " /> " . $_lang['admin.other.cleanup.other.posts'] . "</label><br />\n <label><input type='checkbox' name='iplog' value='1'" . _checkboxActivate(isset($_POST['iplog'])) . " /> " . $_lang['admin.other.cleanup.other.iplog'] . "</label>\n </fieldset>\n</td>\n\n</tr>\n\n<tr class='valign-top'>\n\n<td align='center'><p>\n<input type='submit' value='" . $_lang['admin.other.cleanup.prev'] . "' /><br /><br />\n<input type='submit' name='do_cleanup' value='" . $_lang['admin.other.cleanup.do'] . "' onclick='return _sysConfirm();' />\n</p></td>\n\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n</fieldset>\n<br />\n\n<fieldset>\n<legend>" . $_lang['admin.other.cleanup.uninstall'] . "</legend>\n<form class='cform' action='index.php?p=other-cleanup' method='post'>\n<input type='hidden' name='action' value='2' />\n<p class='bborder'>" . $_lang['admin.other.cleanup.uninstall.p'] . "</p>\n" . _admin_smallNote(str_replace('*prefix*', _mysql_prefix, $_lang['admin.other.cleanup.uninstall.note']), true) . "\n<p><label><input type='checkbox' name='confirm' value='1' /> " . str_replace('*dbname*', _mysql_db, $_lang['admin.other.cleanup.uninstall.confirm']) . "</label></p>\n<p><strong>" . $_lang['admin.other.cleanup.uninstall.pass'] . ":</strong> <input type='password' class='inputsmall' name='pass' autocomplete='off' /></p>\n<input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n" . _xsrfProtect() . "</form>\n</fieldset>\n";
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- zpracovani ulozeni --- */
if (isset($_POST['text'])) {
DB::query('UPDATE `' . _mysql_prefix . '-settings` SET `val`=\'' . DB::esc(trim($_POST['text'])) . '\' WHERE `var`=\'.admin_index_custom\'');
DB::query('UPDATE `' . _mysql_prefix . '-settings` SET `val`=\'' . ($_POST['pos'] == 0 ? '0' : '1') . '\' WHERE `var`=\'.admin_index_custom_pos\'');
define('_redirect_to', 'index.php?p=index-edit&saved');
return;
}
/* --- vystup --- */
$output .= "\n\n<p class='bborder'>" . $_lang['admin.menu.index.edit.p'] . "</p>\n\n" . _admin_wysiwyg() . "\n" . (isset($_GET['saved']) ? _formMessage(1, $_lang['global.saved']) : '') . "\n\n<form action='' method='post'>\n\n<table class='formtable'>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.menu.index.edit.pos'] . "</strong></td>\n <td><select name='pos'>\n <option value='0'" . (SL::$settings['admin_index_custom_pos'] == 0 ? " selected='selected'" : '') . ">" . $_lang['admin.menu.index.edit.pos.0'] . "</option>\n <option value='1'" . (SL::$settings['admin_index_custom_pos'] == 1 ? " selected='selected'" : '') . ">" . $_lang['admin.menu.index.edit.pos.1'] . "</option>\n </select></td>\n</tr>\n\n<tr class='valign-top'>\n <td class='rpad'><strong>" . $_lang['admin.menu.index.edit.text'] . "</strong></td>\n <td class='minwidth'><textarea name='text' rows='25' cols='94' class='areabig wysiwyg_editor" . (!_wysiwyg || !_loginwysiwyg ? ' codemirror' : '') . "'>" . _htmlStr(SL::$settings['admin_index_custom']) . "</textarea></td>\n</tr>\n\n<tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.savechanges'] . "' /></td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n";
// vyber zpusobu hodnoceni clanku
$ratemode_select = '<select name="ratemode">';
for ($x = 0; $x < 3; $x++) {
if ($x == _ratemode) {
$selected = " selected='selected'";
} else {
$selected = "";
}
$ratemode_select .= "<option value='" . $x . "'" . $selected . ">" . $_lang['admin.settings.mods.ratemode.' . $x] . "</option>";
}
$ratemode_select .= '</select>';
/* --- vystup --- */
$output .= '
<p class="bborder">' . $_lang['admin.settings.p'] . '</p>
' . (isset($_GET['r']) ? _formMessage(1, $_lang['admin.settings.saved']) : '') . '
<form action="index.php?p=settings" method="post">
<div id="settingsnav">
<div>
<input type="submit" value="' . $_lang['global.savechanges'] . '" />
<ul>
<li><a href="#settings_main">' . $_lang['admin.settings.main'] . '</a></li>
<li><a href="#settings_info">' . $_lang['admin.settings.info'] . '</a></li>
<li><a href="#settings_admin">' . $_lang['admin.settings.admin'] . '</a></li>
<li><a href="#settings_rewrite">' . $_lang['admin.settings.rewrite'] . '</a></li>
<li><a href="#settings_users">' . $_lang['admin.settings.users'] . '</a></li>
<li><a href="#settings_emails">' . $_lang['admin.settings.emails'] . '</a></li>
<li><a href="#settings_articles">' . $_lang['admin.settings.articles'] . '</a></li>
<li><a href="#settings_forum">' . $_lang['admin.settings.forum'] . '</a></li>
/* --- vystup --- */
if ($continue != true) {
$output .= _formMessage(3, $_lang['global.badinput']);
} else {
// vyber rozcestniku
if ($type != 7) {
$intersection_select = "<select name='intersection' class='selectmedium'><option value='-1' class='special'>" . $_lang['admin.content.form.intersection.none'] . "</option>";
$isquery = DB::query("SELECT id,title FROM `" . _mysql_prefix . "-root` WHERE type=7 ORDER BY ord");
while ($item = DB::row($isquery)) {
if ($item['id'] == $query['intersection']) {
$selected = " selected='selected'";
} else {
$selected = "";
}
$intersection_select .= "<option value='" . $item['id'] . "'" . $selected . ">" . _cutStr($item['title'], 22) . "</option>";
}
$intersection_select .= "</select>";
$intersection_row = "<td class='rpad'><strong>" . $_lang['admin.content.form.intersection'] . "</strong></td><td>" . $intersection_select . "</td>";
} else {
$intersection_select = "";
$intersection_row = "";
}
// wysiwyg editor
$output .= _admin_wysiwyg();
// stylove oddeleni individualniho nastaveni
if ($custom_settings != "") {
$custom_settings = "<span class='customsettings'>" . $custom_settings . "</span>";
}
// formular
$output .= "<div class='hr'><hr /></div><br />" . (isset($_GET['saved']) ? _formMessage(1, $_lang['global.saved'] . " <small>(" . _formatTime(time()) . ")</small>") : '') . "\n\n" . (!$new && $type != 4 && DB::result(DB::query('SELECT COUNT(*) FROM `' . _mysql_prefix . '-root` WHERE `id`!=' . $query['id'] . ' AND `title_seo`=\'' . $query['title_seo'] . '\''), 0) != 0 ? _formMessage(2, $_lang['admin.content.form.title_seo.collision']) : '') . "\n" . (!$new && $id == _index_page_id ? _admin_smallNote($_lang['admin.content.form.indexnote']) : '') . "\n<form" . ($type != 4 ? " class='cform'" : '') . " action='index.php?p=content-edit" . $type_array[$type] . (!$new ? "&id=" . $id : '') . ($type == 9 && $new ? '&idt=' . $type_idt : '') . "' method='post'>\n\n\n" . $editscript_extra . "\n" . (!$new && $type == 5 ? "<p><a href='index.php?p=content-manageimgs&g=" . $id . "'><img src='images/icons/edit.png' alt='edit' class='icon' /><big>" . $_lang['admin.content.form.manageimgs'] . " ></big></a></p>" : '') . "\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' value='" . $query['title'] . "' class='inputmedium' maxlength='96' /></td>\n\n" . ($type != 4 ? "<td class='rpad'><strong>" . $_lang['admin.content.form.title_seo'] . "</strong></td>\n<td><input type='text' name='title_seo' value='" . $query['title_seo'] . "' maxlength='255' class='inputmedium' /></td>" : $intersection_row) . "\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n<td><input type='text' name='ord' value='" . $query['ord'] . "' class='inputmedium' /></td>\n\n" . ($type != 4 ? $intersection_row : '') . "\n</tr>\n\n" . ($type != 4 ? "\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.description'] . "</strong></td>\n<td><input type='text' name='description' value='" . $query['description'] . "' maxlength='128' class='inputmedium' /></td>\n\n<td class='rpad'><strong>" . $_lang['admin.content.form.keywords'] . "</strong></td>\n<td><input type='text' name='keywords' value='" . $query['keywords'] . "' maxlength='128' class='inputmedium' /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.intersectionperex'] . "</strong></td>\n<td colspan='3'><textarea name='intersectionperex' rows='2' cols='94' class='arealine codemirror'>" . _htmlStr($query['intersectionperex']) . "</textarea></td>\n</tr>\n\n" . ($editscript_enable_content ? "\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.' . ($type != 6 ? 'content' : 'url')] . "</strong>" . (!$new ? " <a href='" . _indexroot . _linkRoot($query['id'], $query['title_seo']) . "' target='_blank'><img src='images/icons/loupe.png' alt='prev' /></a>" : '') . "</td>\n<td colspan='3'>\n" . ($type != 6 ? "<textarea name='content' rows='25' cols='94' class='areabig wysiwyg_editor" . (!_wysiwyg || !_loginwysiwyg ? ' codemirror' : '') . "'>" . _htmlStr($query['content']) . "</textarea>" : "<input type='text' name='content' value='" . _htmlStr($query['content']) . "' class='inputbig' />") . "\n</td>\n</tr>\n" : '') . "\n\n" . $editscript_extra_row . "\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n<td colspan='3'>\n<label><input type='checkbox' name='visible' value='1'" . _checkboxActivate($query['visible']) . " /> " . $_lang['admin.content.form.visible'] . "</label> \n" . ($type != 6 ? "<label><input type='checkbox' name='autotitle' value='1'" . _checkboxActivate($query['autotitle']) . " /> " . $_lang['admin.content.form.autotitle'] . "</label> " : '') . "\n" . $custom_settings . "\n</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['global.access'] . "</strong></td>\n<td>\n<label><input type='checkbox' name='public' value='1'" . _checkboxActivate($query['public']) . " /> " . $_lang['admin.content.form.public'] . "</label> \n<input type='text' name='level' value='" . $query['level'] . "' class='inputsmaller' maxlength='5' /> " . $_lang['admin.content.form.level'] . "\n</td>\n\n" . ($type != 4 ? "<td class='rpad'><strong>" . $_lang['admin.content.form.events'] . "</strong></td>\n<td><input type='text' name='events' value='" . (isset($query['events']) ? _htmlStr($query['events']) : '') . "' class='inputmedium' maxlength='255' /></td>" : '') . "\n</tr>\n\n" : '') . "\n\n\n<tr><td></td><td colspan='3'><br />\n<input type='submit' value='" . ($new ? $_lang['global.create'] : $_lang['global.savechanges']) . "' />" . (!$new ? " <small>" . $_lang['admin.content.form.thisid'] . " " . $query['id'] . "</small>" : '') . "\n</td></tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n";
}
if ($item['home2'] == $source) {
$homeid = 2;
$homecheck = array(1, 3);
}
if ($item['home3'] == $source) {
$homeid = 3;
$homecheck = array(1, 2);
}
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home" . $homeid . "=" . $target . " WHERE id=" . $item['id']);
foreach ($homecheck as $hc) {
if ($item['home' . $hc] == $target) {
if ($hc != 1) {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home" . $hc . "=-1 WHERE id=" . $item['id']);
} else {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home" . $homeid . "=-1 WHERE id=" . $item['id']);
}
}
}
$counter++;
}
} else {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET home1=" . $target . ",home2=-1,home3=-1 WHERE home1=" . $source . " OR home2=" . $source . " OR home3=" . $source);
$counter = DB::affectedRows();
}
$message = _formMessage(1, str_replace("*moved*", $counter, $_lang['admin.content.movearts.done']));
} else {
$message = _formMessage(2, _eventList($error_log, 'errors'));
}
}
/* --- vystup --- */
$output .= "\n<p class='bborder'>" . $_lang['admin.content.movearts.p'] . "</p>\n" . $message . "\n<form class='cform' action='index.php?p=content-movearts' method='post'>\n" . $_lang['admin.content.movearts.text1'] . " " . _admin_rootSelect("source", 2, -1, false) . " " . $_lang['admin.content.movearts.text2'] . " " . _admin_rootSelect("target", 2, -1, false) . " <input type='submit' value='" . $_lang['global.do'] . "' />\n<br /><br />\n<label><input type='checkbox' name='fullmove' value='1' /> " . $_lang['admin.content.movearts.fullmove'] . "</label>\n" . _xsrfProtect() . "</form>\n";
if (!defined('_indexOutput_pid')) {
define('_indexOutput_pid', -1);
}
if (!defined('_indexOutput_ptype')) {
define('_indexOutput_ptype', 'none');
}
if (!defined('_indexOutput_url')) {
define('_indexOutput_url', _indexroot);
}
if (!defined('_path')) {
define('_path', $base_path);
}
/* -- nenalezeno nebo pozadovani prihlaseni pro neverejny obsah -- */
if (!defined('_indexOutput_content')) {
if (!$notpublic_form) {
$content_404 = (_template_autoheadings ? "<h1>" . $_lang['global.error404.title'] . "</h1>" : '') . _formMessage(2, $_lang['global.error404']);
_extend('call', 'index.notfound', _extendArgs($content_404));
define('_indexOutput_content', $content_404);
define('_indexOutput_title', $_lang['global.error404.title']);
$found = false;
} else {
$form = _uniForm("notpublic", array($notpublic_form_wholesite));
_extend('call', 'index.notpublic', _extendArgs($form[0]));
define('_indexOutput_content', $form[0]);
define('_indexOutput_title', $form[1]);
}
}
/* -- vlozeni sablony motivu nebo presmerovani -- */
if (!defined('_redirect_to')) {
if (!$found) {
header('HTTP/1.1 404 Not Found');
$author_name = $author_name['username'];
}
$avatar = "<img src='" . $avatar . "' alt='" . $author_name . "' class='topic-avatar' />";
}
}
} else {
$author = "<span class='post-author-guest' title='" . _showIP($query['ip']) . "'>" . $query['guest'] . "</span>";
}
// vystup
$module .= "\n<h2>" . $_lang['posts.topic'] . ": " . $query['subject'] . _linkRSS($id, 6) . "</h2>\n<p><small>" . $_lang['global.postauthor'] . " " . $author . " " . _formatTime($query['time']) . "</small>" . $editlink . "</p>\n<p>" . $avatar . _parsePost($query['text']) . "</p>\n<div class='cleaner'></div>\n";
// odpovedi
require_once _indexroot . 'require/functions-posts.php';
$module .= _postsOutput(6, $homedata['id'], array(_commentsperpage, _publicAccess($homedata['var3']), $homedata['var2'], $id), $query['locked'] == 1);
} else {
$form = _uniForm("notpublic");
$module .= $form[0];
}
} else {
define('_indexOutput_url', "index.php?m=topic");
if (_template_autoheadings) {
$module .= "<h1>" . $_lang['global.error404.title'] . "</h1>\n";
}
$module .= _formMessage(2, $_lang['posts.topic.notfound']);
$found = false;
}
/* --- titulek --- */
if ($forumtitle != "" and $topictitle != "") {
define('_indexOutput_title', $forumtitle . " " . _titleseparator . " " . $topictitle);
} else {
define('_indexOutput_title', $_lang['mod.topic']);
}
}
// zprava
if ($done != 0) {
$output .= _formMessage(1, str_replace(array("*done*", "*total*"), array($done, $item_total), $_lang['admin.other.massemail.send']));
} else {
$output .= _formMessage(2, $_lang['admin.other.massemail.noreceiversfound']);
}
} else {
// vypis emailu
$emails_total = DB::size($query);
if ($emails_total != 0) {
$emails = '';
$email_counter = 0;
while ($item = DB::row($query)) {
++$email_counter;
$emails .= $item['email'];
if ($email_counter !== $emails_total) {
$emails .= ',';
}
}
$output .= _formMessage(1, "<textarea class='areasmallwide' rows='9' cols='33' name='list'>" . $emails . "</textarea>");
} else {
$output .= _formMessage(2, $_lang['admin.other.massemail.noreceiversfound']);
}
}
} else {
$output .= _formMessage(2, _eventList($errors, 'errors'));
}
}
/* --- vystup --- */
$output .= "\n<br />\n<form class='cform' action='index.php?p=other-massemail' method='post'>\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.sender'] . "</strong></td>\n<td><input type='text' name='sender'" . _restorePostValue("sender", _sysmail) . " class='inputbig' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['posts.subject'] . "</strong></td>\n<td><input type='text' name='subject' class='inputbig'" . _restorePostValue("subject") . " /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.receivers'] . "</strong></td>\n<td>" . _admin_authorSelect("receivers", -1, "1", "selectbig", null, true, 4) . "</td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.ctype'] . "</strong></td>\n<td>\n <select name='ctype' class='selectbig'>\n <option value='1'>" . $_lang['admin.other.massemail.ctype.1'] . "</option>\n <option value='2'" . ((isset($_POST['ctype']) and $_POST['ctype'] == 2) ? " selected='selected'" : '') . ">" . $_lang['admin.other.massemail.ctype.2'] . "</option>\n </select>\n</td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.other.massemail.text'] . "</strong></td>\n<td><textarea name='text' class='areabig' rows='9' cols='94'>" . _restorePostValue("text", null, true) . "</textarea></td>\n</tr>\n\n<tr><td></td>\n<td><input type='submit' value='" . $_lang['global.send'] . "' /> <label><input type='checkbox' name='maillist' value='1'" . _checkboxActivate(_checkboxLoad("maillist")) . " /> " . $_lang['admin.other.massemail.maillist'] . "</label></td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>\n";
return;
}
break;
// smazani
// smazani
case 2:
if (unlink($fname)) {
$msg = _formMessage(1, $_lang['global.done']);
} else {
$msg = _formMessage(2, $_lang['global.fileerr']);
}
break;
// nezvoleno
// nezvoleno
default:
$msg = _formMessage(2, $_lang['global.noaction']);
break;
}
break;
}
}
// formulare
$output .= "\n<p class='bborder'>" . $_lang['admin.other.backup.restore.info'] . "</p>\n<p><a href='index.php?p=other-backup'><img src='images/icons/delete2.png' alt='cancel' class='icon' />" . $_lang['global.cancel2'] . "</a></p>\n\n" . $msg . "\n<form method='post' enctype='multipart/form-data' action='index.php?p=other-backup'>\n<fieldset>\n<legend>1) " . $_lang['admin.other.backup.restore.upload'] . "</legend>\n\n<input type='hidden' name='action' value='1' />\n<input type='hidden' name='do_restore' value='1' />\n\n<p>\n <input type='file' name='backup' />\n <input type='submit' value='" . $_lang['admin.other.backup.restore.upload.submit'] . "' /> " . (($uplimit = _getUploadLimit(true)) !== null ? "<small>(" . $_lang['global.uploadlimit'] . ": <em>" . $uplimit . "MB</em>)</small>" : '') . "\n</p>\n\n" . _admin_smallNote(str_replace('*dir*', 'data/backup/', $_lang['admin.other.backup.restore.upload.hint']), true) . "\n\n</fieldset>\n" . _xsrfProtect() . "</form>\n\n<br />\n\n<form method='post' action='index.php?p=other-backup'>\n<fieldset>\n<legend>2) " . $_lang['admin.other.backup.restore.use'] . "</legend>\n\n<input type='hidden' name='action' value='2' />\n<input type='hidden' name='do_restore' value='1' />\n";
// nacteni zaloh
$backups = array();
$handle = opendir($backup_dir);
while (false !== ($item = readdir($handle))) {
if ($item === '.' || $item === '..' || !is_file($backup_dir . $item)) {
continue;
}
$backups[] = $item;
$groupselect_items = DB::query("SELECT id,title FROM `" . _mysql_prefix . "-groups` WHERE `blocked`=0 AND reglist=1 ORDER BY title");
if (DB::size($groupselect_items) != 0) {
$groupselect_content = "";
while ($groupselect_item = DB::row($groupselect_items)) {
$groupselect_content .= "<option value='" . $groupselect_item['id'] . "'" . ($groupselect_item['id'] == _defaultgroup ? " selected='selected'" : '') . ">" . $groupselect_item['title'] . "</option>\n";
}
$groupselect = array($_lang['global.group'], "<select name='group'>" . $groupselect_content . "</select>");
}
}
// priprava podminek
if (SL::$settings['rules'] != "") {
$rules = array("<div class='hr'><hr /></div><h2>" . $_lang['mod.reg.rules'] . "</h2>" . SL::$settings['rules'] . "<br /><label><input type='checkbox' name='agreement' value='1'" . _checkboxActivate(isset($_POST['agreement'])) . " /> " . $_lang['mod.reg.rules.agreement'] . "</label><div class='hr'><hr /></div><br />", "", true);
} else {
$rules = array(null);
}
// formular
$captcha = _captchaInit();
$module .= "<p class='bborder'>" . $_lang['mod.reg.p'] . (_registration_confirm ? ' ' . $_lang['mod.reg.confirm.extratext'] : '') . "</p>";
$module .= $message . _formOutput("regform", "index.php?m=reg", array(array($_lang['login.username'], "<input type='text' name='username' class='inputsmall' maxlength='24'" . _restorePostValue('username') . " />"), array($_lang['login.password'], "<input type='password' name='password' class='inputsmall' />"), array($_lang['login.password'] . " (" . $_lang['global.check'] . ")", "<input type='password' name='password2' class='inputsmall' />"), array($_lang['global.email'], "<input type='text' name='email' class='inputsmall' " . _restorePostValue('email', '@') . " />"), array($_lang['mod.settings.massemail'], "<input type='checkbox' name='massemail' value='1' checked='checked' /> " . $_lang['mod.settings.massemail.label']), $groupselect, $captcha, $rules), array("username", "email", "password", "password2"), $_lang['mod.reg.submit' . (_registration_confirm ? '2' : '')]);
break;
// uspesna registrace
// uspesna registrace
case 1:
$module .= "<p>" . str_replace("*username*", $username, $_lang['mod.reg.done']) . "</p>";
break;
// odeslano potvrzeni
// odeslano potvrzeni
case 2:
$module .= _formMessage(1, str_replace('*email*', $email, $_lang['mod.reg.confirm.sent']));
break;
}
if (mb_substr($dir, 0, mb_strlen($defdir)) != $defdir) {
$dir = $defdir;
}
}
if (!@file_exists($dir) or !@is_dir($dir)) {
$dir = $defdir;
}
} else {
$dir = $defdir;
}
// vytvoreni vychoziho adresare
if (!(@file_exists($defdir) and @is_dir($defdir))) {
$test = @mkdir($defdir, 0777, true);
if (!$test) {
$continue = false;
print _formMessage(3, $_lang['admin.fman.msg.defdircreationfailure']);
} else {
@chmod($defdir, 0777);
}
}
$highlight = false;
// vypis adresaru
$handle = @opendir($dir);
$items = array();
while (false !== ($item = @readdir($handle))) {
if (@is_dir($dir . $item) and $item != "." and $item != "..") {
$items[] = $item;
}
}
natsort($items);
$items = array_merge(array(".."), $items);
$output .= _formMessage(2, $_lang['admin.moduleunavailable']);
}
} else {
$output .= "<h1>" . $_lang['global.error'] . "</h1>" . _formMessage(3, $_lang['global.accessdenied']);
}
} else {
$output .= "<h1>" . $_lang['global.error404.title'] . "</h1>" . _formMessage(2, $_lang['global.error404']);
}
}
} else {
// prihlasovaci formular
if (empty($_POST)) {
$login = _uniForm("login");
$output .= $login[0];
} else {
$output .= "<h1>" . $_lang['admin.postrestore.title'] . "</h1>\n<p class='bborder'>" . $_lang['admin.postrestore.p'] . "</p>\n" . _formMessage(2, $_lang['admin.postrestore.msg']) . "\n<form action='' method='post'>\n<input type='submit' name='' value='" . $_lang['admin.postrestore.button'] . "' />\n" . _getPostdata(false, null, array('_security_token')) . "\n" . _xsrfProtect() . "</form>\n";
}
}
/* --- paticka, vypis vystupu --- */
// paticka
$output .= '
<div class="cleaner"></div>
</div>
<hr class="hidden" />
<div id="copyright">
<div>' . ((_loginindicator and _loginright_administration) ? '<a href="' . _url . '/" target="_blank">' . $_lang['admin.link.site'] . '</a> • <a href="./" target="_blank">' . $_lang['admin.link.newwin'] . '</a>' : '<a href="../">< ' . $_lang['admin.link.home'] . '</a>') . '</div>
';
// vypis
if (!($redir = defined('_redirect_to'))) {
echo $output;
}
}
// formular
$output .= $message . "\n<form action='' method='post'>\n<table class='formtable'>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.old'] . "</strong></td>\n <td><input type='text' name='old' value='" . $q['old'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.new'] . "</strong></td>\n <td><input type='text' name='new' value='" . $q['new'] . "' class='inputmedium' maxlength='255' /></td>\n</tr>\n\n<tr>\n <td class='rpad'><strong>" . $_lang['admin.content.redir.act'] . "</strong></td>\n <td><input type='checkbox' name='act' value='1'" . _checkboxActivate($q['active']) . " /></td>\n</tr>\n\n<tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.' . ($new ? 'create' : 'save')] . "' /></td>\n</tr>\n\n</table>\n" . _xsrfProtect() . "</form>";
} while (false);
} elseif (isset($_GET['del']) && _xsrfCheck(true)) {
// smazani
DB::query('DELETE FROM `' . _mysql_prefix . '-redir` WHERE id=' . intval($_GET['del']));
$output .= _formMessage(1, $_lang['global.done']);
} elseif (isset($_GET['wipe'])) {
// smazani vsech
if (isset($_POST['wipe_confirm'])) {
DB::query('TRUNCATE TABLE `' . _mysql_prefix . '-redir`');
$output .= _formMessage(1, $_lang['global.done']);
} else {
$output .= "\n<form action='' method='post' class='formbox'>\n" . _formMessage(2, $_lang['admin.content.redir.act.wipe.confirm']) . "\n<input type='submit' name='wipe_confirm' value='" . $_lang['admin.content.redir.act.wipe.submit'] . "' />\n" . _xsrfProtect() . "</form>\n";
}
}
// tabulka
$output .= "<table class='list'>\n<thead><tr><td>" . $_lang['admin.content.redir.old'] . "</td><td>" . $_lang['admin.content.redir.new'] . "</td><td>" . $_lang['admin.content.redir.act'] . "</td><td>" . $_lang['global.action'] . "</td></tr></thead>\n<tbody>\n";
// vypis
$counter = 0;
$q = DB::query('SELECT * FROM `' . _mysql_prefix . '-redir`');
while ($r = DB::row($q)) {
$output .= "<tr><td><code>" . $r['old'] . "</code></td><td><code>" . $r['new'] . "</code></td><td class='text-" . ($r['active'] ? 'green' : 'red') . "'>" . $_lang['global.' . ($r['active'] ? 'yes' : 'no')] . "</td><td><a href='index.php?p=content-redir&edit=" . $r['id'] . "'><img src='images/icons/edit.png' alt='edit' class='icon' /></a> <a href='" . _xsrfLink("index.php?p=content-redir&del=" . $r['id']) . "' onclick='return _sysConfirm();'><img src='images/icons/delete.png' alt='del' class='icon' /></a></td></tr>";
++$counter;
}
// zadna data?
if ($counter === 0) {
$output .= "<tr><td colspan='4'>" . $_lang['global.nokit'] . "</td></tr>\n";
}
/**
* Vytvoreni vypisu prispevku
*
* Type Popis Vars
* 1 komentare sekce zamknute komentare 1/0
* 2 komentare článku zamknute komentare 1/0
* 3 prispevky v knize [polozek na stranu, povoleno prispivani 1/0, zamknuto 1/0]
* 5 temata ve foru [polozek na stranu, povoleno prispivani 1/0, zamknuto 1/0]
* 6 odpovedi na tema [polozek na stranu, povoleno prispivani 1/0, zamknuto 1/0, id tematu]
* 7 vypis vzkazu [zamknuto 1/0]
* 8 vypis pluginpostu [polozek na stranu, povoleno prispivani 1/0, zamknuto 1/0, plugin flag, radit sestupne 1/0, [titulek / null]]
*
* @param int $type typ prispevku
* @param int $home id polozky asociovane s komentari
* @param mixed $vars promenna nastaveni podle typu
* @param bool $force_locked vynutit zamknuty stav
* @param string|null $url vlastni url nebo null (= automaticky)
* @return string
*/
function _postsOutput($type, $home, $vars, $force_locked = false, $url = null)
{
global $_lang;
/* --- typ --- */
// vychozi hodnoty
$desc = "DESC ";
$ordercol = 'id';
$countcond = "type=" . $type . " AND xhome=-1 AND home=" . $home;
$locked_textid = '';
$autolast = false;
$postlink = false;
$pluginflag = null;
// url
if (!isset($url)) {
$url = _indexOutput_url;
}
$url_html = _htmlStr($url);
switch ($type) {
// komentare v sekci
case 1:
$posttype = 1;
$xhome = -1;
$subclass = "comments";
$title = $_lang['posts.comments'];
$addlink = $_lang['posts.addcomment'];
$nopostsmessage = $_lang['posts.nocomments'];
$postsperpage = _commentsperpage;
$canpost = _loginright_postcomments;
$locked = _boolean($vars);
$replynote = true;
break;
// komentare u clanku
// komentare u clanku
case 2:
$posttype = 2;
$xhome = -1;
$subclass = "comments";
$title = $_lang['posts.comments'];
$addlink = $_lang['posts.addcomment'];
$nopostsmessage = $_lang['posts.nocomments'];
$postsperpage = _commentsperpage;
$canpost = _loginright_postcomments;
$locked = _boolean($vars);
$replynote = true;
break;
// prispevky v knize
// prispevky v knize
case 3:
$posttype = 3;
$xhome = -1;
$subclass = "book";
$title = null;
$addlink = $_lang['posts.addpost'];
$nopostsmessage = $_lang['posts.noposts'];
$postsperpage = $vars[0];
$canpost = $vars[1];
$locked = _boolean($vars[2]);
$replynote = true;
break;
// temata ve foru
// temata ve foru
case 5:
$posttype = 5;
$xhome = -1;
$subclass = "book";
$title = null;
$addlink = $_lang['posts.addtopic'];
$nopostsmessage = $_lang['posts.notopics'];
$postsperpage = $vars[0];
$canpost = $vars[1];
$locked = _boolean($vars[2]);
$replynote = true;
$ordercol = 'bumptime';
$locked_textid = '3';
break;
// odpovedi v tematu
// odpovedi v tematu
case 6:
$posttype = 5;
$xhome = $vars[3];
$subclass = "book";
$title = null;
$addlink = $_lang['posts.addanswer'];
$nopostsmessage = $_lang['posts.noanswers'];
$postsperpage = $vars[0];
$canpost = $vars[1];
$locked = _boolean($vars[2]);
$replynote = false;
$desc = "";
$countcond = "type=5 AND xhome=" . $xhome . " AND home=" . $home;
$autolast = isset($_GET['autolast']);
$postlink = true;
break;
// odpovedi v konverzaci
// odpovedi v konverzaci
case 7:
$posttype = 6;
$xhome = null;
$subclass = "book";
$title = null;
$addlink = $_lang['posts.addanswer'];
$nopostsmessage = $_lang['posts.noanswers'];
$postsperpage = _messagesperpage;
$canpost = true;
$locked = _boolean($vars[0]);
$replynote = false;
$desc = "";
$countcond = "type=6 AND home=" . $home;
$locked_textid = '4';
$autolast = true;
break;
// plugin posty
// plugin posty
case 8:
$posttype = 7;
$xhome = -1;
$subclass = "book";
$title = isset($vars[5]) ? $vars[5] : null;
$addlink = $_lang['posts.addpost'];
$nopostsmessage = $_lang['posts.noposts'];
$postsperpage = $vars[0];
$canpost = $vars[1];
$locked = _boolean($vars[2]);
$replynote = true;
$pluginflag = $vars[3];
$countcond .= " AND flag=" . $pluginflag;
if (!$vars[4]) {
$desc = '';
}
break;
}
// vynutit uzamceni parametrem
if ($force_locked) {
$locked = true;
}
// extend
$callback = null;
_extend('call', 'posts.output', array('type' => $type, 'home' => $home, 'xhome' => $xhome, 'vars' => $vars, 'post_type' => $posttype, 'plugin_flag' => $pluginflag, 'canpost' => &$canpost, 'locked' => &$locked, 'autolast' => &$autolast, 'post_link' => &$postlink, 'posts_per_page' => &$postsperpage, 'sql_desc' => &$desc, 'sql_ordercol' => &$ordercol, 'sql_countcond' => &$countcond, 'callback' => &$callback));
/* --- vystup --- */
$output = "\n <div class='anchor'><a name='posts'></a></div>\n <div class='posts-" . $subclass . "'>\n ";
if ($title != null) {
$output .= "<h2>" . $title . _linkRss($home, $posttype) . "</h2>\n";
}
$output .= "<div class='posts-form' id='post-form'>\n";
/* --- priprava strankovani --- */
$paging = _resultPaging($url_html, $postsperpage, "posts", $countcond, "#posts", null, $autolast);
/* --- zprava --- */
if (isset($_GET['r'])) {
switch ($_GET['r']) {
case 0:
$output .= _formMessage(2, $_lang['posts.failed']);
break;
case 1:
$output .= _formMessage(1, $_lang[$type != 5 ? 'posts.added' : 'posts.topicadded']);
break;
case 2:
$output .= _formMessage(2, str_replace("*postsendexpire*", _postsendexpire, $_lang['misc.requestlimit']));
break;
case 3:
$output .= _formMessage(2, $_lang['posts.guestnamedenied']);
break;
case 4:
$output .= _formMessage(2, $_lang['xsrf.msg']);
break;
}
}
/* --- formular nebo odkaz na pridani --- */
if (!$locked and (isset($_GET['addpost']) or isset($_GET['replyto']))) {
// nacteni cisla prispevku pro odpoved
if ($xhome == -1) {
if (isset($_GET['replyto']) and $_GET['replyto'] != -1) {
$reply = intval($_GET['replyto']);
if ($replynote) {
$output .= "<p>" . $_lang['posts.replynote'] . " (<a href='" . $url_html . "#posts'>" . $_lang['global.cancel'] . "</a>).</p>";
}
} else {
$reply = -1;
}
} else {
$reply = $xhome;
}
// formular nebo prihlaseni
if ($canpost) {
$form = _uniForm("postform", array('posttype' => $type, 'pluginflag' => $pluginflag, 'posttarget' => $home, 'xhome' => $reply, 'url' => $url));
$output .= $form[0];
} else {
$loginform = _uniForm("login", array(), true);
$output .= "<p>" . $_lang['posts.loginrequired'] . "</p>" . $loginform[0];
}
} else {
if (!$locked) {
$output .= "<a href='" . _addGetToLink($url_html, "addpost&page=" . $paging[2]) . "#posts'><strong>" . $addlink . " ></strong></a>";
} else {
$output .= "<img src='" . _templateImage("icons/lock.png") . "' alt='stop' class='icon' /> <strong>" . $_lang['posts.locked' . $locked_textid] . "</strong>";
}
}
$output .= "</div>\n<div class='hr'><hr /></div>\n\n";
/* --- vypis --- */
if (_pagingmode == 1 or _pagingmode == 2) {
$output .= $paging[0];
}
// zaklad query
if ($type == 5) {
$sql = "SELECT id,author,guest,subject,time,ip,locked,bumptime,sticky,(SELECT COUNT(id) FROM `" . _mysql_prefix . "-posts` WHERE type=5 AND xhome=post.id) AS answer_count";
} else {
$sql = "SELECT id,xhome,subject,text,author,guest,time,ip" . _extend('buffer', 'posts.columns');
}
$sql .= " FROM `" . _mysql_prefix . "-posts` AS post";
// podminky a razeni
$sql .= " WHERE post.type=" . $posttype . (isset($xhome) ? " AND post.xhome=" . $xhome : '') . " AND post.home=" . $home . (isset($pluginflag) ? " AND post.flag=" . $pluginflag : '');
$sql .= " ORDER BY " . ($type == 5 ? 'sticky DESC,' : '') . $ordercol . ' ' . $desc . $paging[1];
// dotaz
$query = DB::query($sql);
unset($sql);
// nacteni prispevku do pole
$items = array();
if ($type == 5) {
$item_ids_with_answers = array();
}
while ($item = DB::row($query)) {
$items[$item['id']] = $item;
if ($type == 5 && $item['answer_count'] != 0) {
$item_ids_with_answers[] = $item['id'];
}
}
// uvolneni dotazu
DB::free($query);
if ($type == 5) {
// posledni prispevek (pro vypis temat)
if (!empty($item_ids_with_answers)) {
$topicextra = DB::query("SELECT * FROM (SELECT id,xhome,author,guest FROM `" . _mysql_prefix . "-posts` AS reply WHERE type=5 AND home=" . $home . " AND xhome IN(" . implode(',', $item_ids_with_answers) . ") ORDER BY reply.id DESC) AS replies GROUP BY xhome");
while ($item = DB::row($topicextra)) {
if (!isset($items[$item['xhome']])) {
if (_dev) {
trigger_error('Nenalezen domovsky prispevek pro odpoved #' . $item['id'], E_USER_WARNING);
}
continue;
}
$items[$item['xhome']]['_lastpost'] = $item;
}
}
} elseif (!empty($items)) {
// odpovedi (pro komentare)
$answers = DB::query("SELECT id,xhome,text,author,guest,time,ip FROM `" . _mysql_prefix . "-posts` WHERE type=" . $posttype . " AND home=" . $home . (isset($pluginflag) ? " AND flag=" . $pluginflag : '') . " AND xhome IN(" . implode(',', array_keys($items)) . ") ORDER BY id");
while ($item = DB::row($answers)) {
if (!isset($items[$item['xhome']])) {
if (_dev) {
trigger_error('Nenalezen domovsky prispevek pro odpoved #' . $item['id'], E_USER_WARNING);
}
continue;
}
if (!isset($items[$item['xhome']]['_answers'])) {
$items[$item['xhome']]['_answers'] = array();
}
$items[$item['xhome']]['_answers'][] = $item;
}
DB::free($answers);
}
// vypis
if (!empty($items)) {
// vypis prispevku nebo temat
if ($type != 5) {
$hl = true;
foreach ($items as $item) {
// nacteni autora
if ($item['guest'] == "") {
$author = _linkUser($item['author'], "post-author");
} else {
$author = "<span class='post-author-guest' title='" . _showIP($item['ip']) . "'>" . $item['guest'] . "</span>";
}
// odkazy pro spravu
$post_access = _postAccess($item);
if ($type < 6 or $type > 7 or $post_access) {
$actlinks = " <span class='post-actions'>";
if (($type < 6 or $type > 7) && !$locked) {
$actlinks .= "<a href='" . _addGetToLink($url_html, "replyto=" . $item['id']) . "#posts'>" . $_lang['posts.reply'] . "</a>";
}
if ($post_access) {
$actlinks .= (($type < 6 or $type > 7) ? " " : '') . "<a href='index.php?m=editpost&id=" . $item['id'] . "'>" . $_lang['global.edit'] . "</a>";
}
$actlinks .= "</span>";
} else {
$actlinks = "";
}
// avatar
if (_show_avatars) {
$avatar = _getAvatar($item['author']);
} else {
$avatar = null;
}
// prispevek
$hl = !$hl;
_extend('call', 'posts.post', array('item' => &$item, 'avatar' => &$avatar, 'type' => $type));
if (null === $callback) {
$output .= "<div id='post-" . $item['id'] . "' class='post" . ($hl ? ' post-hl' : '') . (isset($avatar) ? ' post-withavatar' : '') . "'><div class='post-head'>" . $author;
if ($type < 6 || $type > 7) {
$output .= ", <span class='post-subject'>" . $item['subject'] . "</span> ";
}
$output .= "<span class='post-info'>(" . _formatTime($item['time']) . ")</span>" . $actlinks . ($postlink ? "<a class='post-postlink' href='" . _addGetToLink($url_html, 'page=' . $paging[2]) . "#post-" . $item['id'] . "'><span>#" . str_pad($item['id'], 6, '0', STR_PAD_LEFT) . "</span></a>" : '') . "</div><div class='post-body" . (isset($avatar) ? ' post-body-withavatar' : '') . "'>" . $avatar . '<div class="post-body-text">' . _parsePost($item['text']) . "</div></div></div>\n";
} else {
$output .= call_user_func($callback, array('item' => $item, 'avatar' => $avatar, 'author' => $author, 'actlinks' => $actlinks, 'page' => $paging[2], 'postlink' => $postlink));
}
// odpovedi
if (($type < 6 || $type > 7) && isset($item['_answers'])) {
foreach ($item['_answers'] as $answer) {
// jmeno autora
if ($answer['guest'] == "") {
$author = _linkUser($answer['author'], "post-author");
} else {
$author = "<span class='post-author-guest' title='" . _showIP($answer['ip']) . "'>" . $answer['guest'] . "</span>";
}
// odkazy pro spravu
if (_postAccess($answer)) {
$actlinks = " <span class='post-actions'><a href='index.php?m=editpost&id=" . $answer['id'] . "'>" . $_lang['global.edit'] . "</a></span>";
} else {
$actlinks = "";
}
// avatar
if (_show_avatars) {
$avatar = _getAvatar($answer['author']);
} else {
$avatar = null;
}
_extend('call', 'posts.post', array('item' => &$answer, 'avatar' => &$avatar, 'type' => $type));
if (null === $callback) {
$output .= "<div id='post-" . $answer['id'] . "' class='post-answer" . (isset($avatar) ? ' post-answer-withavatar' : '') . "'><div class='post-head'>" . $author . " " . $_lang['posts.replied'] . " <span class='post-info'>(" . _formatTime($answer['time']) . ")</span>" . $actlinks . "</div><div class='post-body" . (isset($avatar) ? ' post-body-withavatar' : '') . "'>" . $avatar . '<div class="post-body-text">' . _parsePost($answer['text']) . "</div></div></div>\n";
} else {
$output .= call_user_func($callback, array('item' => $answer, 'avatar' => $avatar, 'author' => $author, 'actlinks' => $actlinks, 'page' => $paging[2], 'postlink' => $postlink));
}
}
}
}
if (_pagingmode == 2 or _pagingmode == 3) {
$output .= "<br />" . $paging[0];
}
} else {
// tabulka s tematy
$hl = false;
$output .= "\n<table class='topic-table'>\n<thead><tr><td colspan='2'><strong>" . $_lang['posts.topic'] . "</strong></td><td><strong>" . $_lang['global.answersnum'] . "</strong></td><td><strong>" . $_lang['global.lastanswer'] . "</strong></td></tr></thead>\n<tbody>\n";
foreach ($items as $item) {
// nacteni autora
if ($item['guest'] == "") {
$author = _linkUser($item['author'], "post-author", false, false, 16);
} else {
$author = "<span class='post-author-guest' title='" . _showIP($item['ip']) . "'>" . _cutStr($item['guest'], 16) . "</span>";
}
// nacteni jmena autora posledniho prispevku
if (isset($item['_lastpost'])) {
if ($item['_lastpost']['author'] != -1) {
$lastpost = _linkUser($item['_lastpost']['author'], "post-author", false, false, 16);
} else {
$lastpost = "<span class='post-author-guest'>" . _cutStr($item['_lastpost']['guest'], 16) . "</span>";
}
} else {
$lastpost = "-";
}
// vyber ikony
if ($item['sticky']) {
$icon = 'sticky';
} elseif ($item['locked']) {
$icon = 'locked';
} elseif ($item['answer_count'] == 0) {
$icon = 'new';
} elseif ($item['answer_count'] < _topic_hot_ratio) {
$icon = 'normal';
} else {
$icon = 'hot';
}
// mini strankovani
$tpages = '';
$tpages_num = ceil($item['answer_count'] / _commentsperpage);
if ($tpages_num == 0) {
$tpages_num = 1;
}
if ($tpages_num > 1) {
$tpages .= '<span class=\'topic-pages\'>';
for ($i = 1; $i <= 3 && $i <= $tpages_num; ++$i) {
$tpages .= "<a href='index.php?m=topic&id=" . $item['id'] . "&page=" . $i . "#posts'>" . $i . '</a>';
}
if ($tpages_num > 3) {
$tpages .= "<a href='index.php?m=topic&id=" . $item['id'] . "&page=" . $tpages_num . "'>" . $tpages_num . ' →</a>';
}
$tpages .= '</span>';
}
// vystup radku
$output .= "<tr class='topic-" . $icon . ($hl ? ' topic-hl' : '') . "'><td class='topic-icon-cell'><a href='index.php?m=topic&id=" . $item['id'] . "'><img src='" . _templateImage('icons/topic-' . $icon . '.png') . "' alt='" . $_lang['posts.topic.' . $icon] . "' /></a></td><td class='topic-main-cell'><a href='index.php?m=topic&id=" . $item['id'] . "'>" . $item['subject'] . "</a>" . $tpages . "<br />" . $author . " <small class='post-info'>(" . _formatTime($item['time']) . ")</small></td><td>" . $item['answer_count'] . "</td><td>" . $lastpost . ($item['answer_count'] != 0 ? "<br /><small class='post-info'>(" . _formatTime($item['bumptime']) . ")</small>" : '') . "</td></tr>\n";
$hl = !$hl;
}
$output .= "</tbody></table><br />\n\n";
if (_pagingmode == 2 or _pagingmode == 3) {
$output .= $paging[0] . "<br />";
}
// posledni odpovedi
$output .= "\n<div class='hr'><hr /></div><br />\n<h3>" . $_lang['posts.forum.lastact'] . "</h3>\n";
$query = DB::query("SELECT topic.id AS topic_id,topic.subject AS topic_subject,answer.author,answer.guest,answer.time FROM `" . _mysql_prefix . "-posts` AS answer JOIN `" . _mysql_prefix . "-posts` AS topic ON(topic.type=5 AND topic.id=answer.xhome) WHERE answer.type=5 AND answer.home=" . $home . " AND answer.xhome!=-1 ORDER BY answer.id DESC LIMIT " . _extratopicslimit);
if (DB::size($query) != 0) {
$output .= "<ul>\n";
while ($item = DB::row($query)) {
if ($item['guest'] == "") {
$author = _linkUser($item['author']);
} else {
$author = "<span class='post-author-guest'>" . $item['guest'] . "</span>";
}
$output .= "<li><a href='index.php?m=topic&id=" . $item['topic_id'] . "'>" . $item['topic_subject'] . "</a> <small>(" . $_lang['global.postauthor'] . " " . $author . " " . _formatTime($item['time']) . ")</small></li>\n";
}
$output .= "</ul>\n\n";
} else {
$output .= "<p>" . $_lang['global.nokit'] . "</p>";
}
}
} else {
$output .= "<p>" . $nopostsmessage . "</p>";
}
$output .= "</div>";
return $output;
}
/* --- odstraneni --- */
$done = false;
if (isset($_POST['doit'])) {
// smazani skupiny
if (!$systemgroup) {
DB::query("DELETE FROM `" . _mysql_prefix . "-groups` WHERE id=" . $id);
}
// zmena vychozi skupiny
if (!$systemgroup and $id == _defaultgroup) {
DB::query("UPDATE `" . _mysql_prefix . "-settings` SET val='3' WHERE var='defaultgroup'");
}
// smazani uzivatelu
$users = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE `group`=" . $id . " AND id!=0");
while ($user = DB::row($users)) {
_deleteUser($user['id']);
}
$done = true;
}
/* --- vystup --- */
if ($done != true) {
$output .= "\n <p class='bborder'>" . $_lang['admin.users.groups.delp'] . "</p>\n " . ($systemgroup ? _admin_smallNote($_lang['admin.users.groups.specialgroup.delnotice']) : '') . "\n <form class='cform' action='index.php?p=users-delgroup&id=" . $id . "' method='post'>\n <input type='hidden' name='doit' value='1' />\n <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n " . _xsrfProtect() . "</form>\n ";
} else {
$output .= _formMessage(1, $_lang['global.done']);
}
} else {
if ($levelconflict == false) {
$output .= _formMessage(3, $_lang['global.badinput']);
} else {
$output .= _formMessage(3, $_lang['global.disallowed']);
}
}
<?php
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- priprava, kontrola pristupovych prav --- */
$message = "";
if (!(_loginright_adminsection or _loginright_admincategory or _loginright_adminbook or _loginright_adminseparator or _loginright_admingallery or _loginright_adminintersection or _loginright_adminpluginpage)) {
$continue = false;
$output .= _formMessage(3, $_lang['global.accessdenied']);
} else {
$continue = true;
}
/* --- akce --- */
if ($continue && isset($_POST['index'])) {
DB::query("UPDATE `" . _mysql_prefix . "-settings` SET `val`=" . ($index_id = intval($_POST['index'])) . ' WHERE `var`=\'index_page_id\'');
$message = _formMessage(1, $_lang['global.done']);
} else {
$index_id = _index_page_id;
}
/* --- vystup --- */
if ($continue) {
$output .= "<p class='bborder'>" . $_lang['admin.content.setindex.p'] . "</p>" . $message . "\n<form class='cform' action='index.php?p=content-setindex' method='post'>\n" . _admin_rootSelect('index', null, $index_id, false) . "\n<input type='submit' value='" . $_lang['global.do'] . "' />\n" . _xsrfProtect() . "</form>\n";
}
<?php
// kontrola jadra
if (!defined('_core')) {
exit;
}
// titulek
if (_template_autoheadings == 1) {
$output .= "<h1>" . $_lang['xsrf.title'] . "</h1>\n";
}
// zprava + formular
$output .= _formMessage(3, $_lang['xsrf.msg'] . '<ul><li>' . str_replace('*domain*', _getDomain(), $_lang['xsrf.warning']) . '</li></ul>');
$output .= "<form method='post'>\n" . _getPostdata(false, null, array('_security_token')) . _xsrfProtect() . "\n<p><input type='submit' value='" . $_lang['xsrf.button'] . "' /></p>\n</form>\n";
list($role, $role_other) = $r['sender'] == _loginid ? array('sender', 'receiver') : array('receiver', 'sender');
// smazani nebo oznaceni
if ($r[$role_other . '_deleted']) {
// druha strana j*z smazala, smazat uplne
$del_list[] = $r['id'];
} else {
// pouze oznacit
DB::query('UPDATE `' . _mysql_prefix . '-pm` SET ' . $role . '_deleted=1 WHERE id=' . $r['id']);
}
}
// fyzicke vymazani
if (!empty($del_list)) {
DB::query('DELETE `' . _mysql_prefix . '-pm`,post FROM `' . _mysql_prefix . '-pm` JOIN `' . _mysql_prefix . '-posts` AS post ON (post.type=6 AND post.home=`' . _mysql_prefix . '-pm`.id) WHERE `' . _mysql_prefix . '-pm`.id IN(' . implode(',', $del_list) . ')');
}
// info
$module .= _formMessage(1, $_lang['mod.messages.delete.done']);
}
}
// strankovani
$paging = _resultPaging(_indexOutput_url, _messagesperpage, 'pm', 'sender=' . _loginid . ' OR receiver=' . _loginid, '&a=' . $a);
if (_pagingmode == 1 or _pagingmode == 2) {
$module .= $paging[0];
}
// tabulka
$module .= "\n <form method='post' action=''>\n<p class='messages-menu'>\n <img src='" . _templateImage('icons/bubble.png') . "' alt='new' class='icon' /><a href='" . _indexOutput_url . "&a=new'>" . $_lang['mod.messages.new'] . "</a>\n</p>\n\n<table class='messages-table'>\n<tr><td width='10'><input type='checkbox' name='selector' onchange=\"var that=this;\$('table.messages-table input').each(function(){this.checked=that.checked;});\" /></td><td><strong>" . $_lang['mod.messages.message'] . "</strong></td><td><strong>" . $_lang['global.user'] . "</strong></td><td><strong>" . $_lang['mod.messages.time.update'] . "</strong></td></tr>\n";
$q = DB::query('SELECT pm.id,pm.sender,pm.receiver,pm.sender_readtime,pm.receiver_readtime,pm.update_time,post.subject,(SELECT COUNT(*) FROM `' . _mysql_prefix . '-posts` AS countpost WHERE countpost.home=pm.id AND countpost.type=6 AND (pm.sender=' . _loginid . ' AND countpost.time>pm.receiver_readtime OR pm.receiver=' . _loginid . ' AND countpost.time>pm.sender_readtime)) AS unread_counter FROM `' . _mysql_prefix . '-pm` AS pm JOIN `' . _mysql_prefix . '-posts` AS post ON (post.home=pm.id AND post.type=6 AND post.xhome=-1) WHERE pm.sender=' . _loginid . ' AND pm.sender_deleted=0 OR pm.receiver=' . _loginid . ' AND pm.receiver_deleted=0 ORDER BY pm.update_time DESC ' . $paging[1]);
while ($r = DB::row($q)) {
$read = $r['sender'] == _loginid && $r['sender_readtime'] >= $r['update_time'] || $r['receiver'] == _loginid && $r['receiver_readtime'] >= $r['update_time'];
$module .= "<tr><td><input type='checkbox' name='msg[]' value='" . $r['id'] . "' /></td><td><a href='" . _indexOutput_url . "&a=list&read=" . $r['id'] . "'" . ($read ? '' : ' class="notreaded"') . ">" . $r['subject'] . "</a></td><td>" . _linkUser($r['sender'] == _loginid ? $r['receiver'] : $r['sender']) . " <small>(" . $r['unread_counter'] . ")</small></td><td>" . _formatTime($r['update_time']) . "</td></tr>\n";
}
if (!isset($read)) {
/* --- kontrola jadra --- */
if (!defined('_core')) {
exit;
}
/* --- ulozeni --- */
$message = "";
if (isset($_POST['sourcegroup'])) {
$source = intval($_POST['sourcegroup']);
$target = intval($_POST['targetgroup']);
$source_data = DB::query("SELECT level FROM `" . _mysql_prefix . "-groups` WHERE id=" . $source);
$target_data = DB::query("SELECT level FROM `" . _mysql_prefix . "-groups` WHERE id=" . $target);
if (DB::size($source_data) != 0 and DB::size($target_data) != 0 and $source != 2 and $target != 2) {
if ($source != $target) {
$source_data = DB::row($source_data);
$target_data = DB::row($target_data);
if (_loginright_level > $source_data['level'] and _loginright_level > $target_data['level']) {
DB::query("UPDATE `" . _mysql_prefix . "-users` SET `group`=" . $target . " WHERE `group`=" . $source . " AND id!=0");
$message = _formMessage(1, $_lang['global.done']);
} else {
$message = _formMessage(2, $_lang['admin.users.move.failed']);
}
} else {
$message = _formMessage(2, $_lang['admin.users.move.same']);
}
} else {
$message = _formMessage(3, $_lang['global.badinput']);
}
}
/* --- vystup --- */
$output .= "<p class='bborder'>" . $_lang['admin.users.move.p'] . "</p>\n" . $message . "\n<form class='cform' action='index.php?p=users-move' method='post'>\n" . $_lang['admin.users.move.text1'] . " " . _admin_authorSelect("sourcegroup", -1, "id!=2", null, null, true) . " " . $_lang['admin.users.move.text2'] . " " . _admin_authorSelect("targetgroup", -1, "id!=2", null, null, true) . " <input type='submit' value='" . $_lang['global.do'] . "' onclick='return _sysConfirm();' />\n" . _xsrfProtect() . "</form>\n";
/**
* Wrap action response in layout
*
* Supported parameters:
* ----------------------
* backlink url to use for backlink
* backlink_action action to use for backlink
* backlink_action_params backlink action parameters or null
* backlink_action_prev previous action string for the backlink action or null
*
* title non-translated title to use
* title_params parameters for title translations
* item_name item name for the default action title (surpressed by 'title' param)
*
* info html for paragraph after the title
* info_border add 'bborder' class to the paragraph
* messages array of messages - array(array(type1, text1, [trans_params1], [raw 1/0]), ...)/
*
* @param string $content
* @param array $params
* @param string|null $itemName
* @return string
*/
protected function wrap($content, array $params)
{
$out = '';
global $_lang;
// compose title
if (isset($params['title'])) {
$title = $this->trans($params['title'], isset($params['title_params']) ? $params['title_params'] : null);
} else {
$title = $this->trans($this->actions[$params[0]]['title'], array($this->trans(isset($params['item_name']) ? $params['item_name'] : 'item')));
}
// determine backlink
if (isset($params['backlink'])) {
// provided url
$backlink = $params['backlink'];
} elseif (isset($params['backlink_action'])) {
// link to action
$backlink = $this->url($params['backlink_action'], isset($params['backlink_action_params']) ? $params['backlink_action_params'] : null, isset($params['backlink_action_prev']) ? $params['backlink_action_prev'] : null);
} elseif (!empty($_GET[$this->prevActionParam])) {
// link to prev action from request
$backlink = $this->rawUrl($_GET[$this->prevActionParam], null);
} else {
// no link
$backlink = null;
}
// add backlink
if (null !== $backlink) {
$out .= "<a class='backlink' href='" . _htmlStr($backlink) . "'>< {$_lang['global.return']}</a>\n";
}
// add title
$out .= "<h1>" . _htmlStr($title) . "</h1>\n";
// add info
if (isset($params['info'])) {
$out .= "<p" . (!isset($params['info_border']) || true === $params['info_border'] ? " class='bborder'" : '') . ">{$params['info']}</p>\n";
}
// add messages
if (!empty($params['messages'])) {
foreach ($params['messages'] as $message) {
if (!isset($message[3]) || !$message[3]) {
$messageText = _htmlStr($this->trans($message[1], isset($message[2]) ? $message[2] : null));
} else {
$messageText = $message[1];
}
$out .= _formMessage($message[0], $messageText);
}
}
// add content
$out .= "\n{$content}\n";
// return
return $out;
}
$userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'");
if (DB::size($userdata) != 0) {
// odeslani emailu
$userdata = DB::row($userdata);
$link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']);
$text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*");
$text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip);
if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) {
$module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']);
_iplogUpdate(7);
$sent = true;
} else {
$module .= _formMessage(3, $_lang['hcm.mailform.msg.failure2']);
}
} else {
$module .= _formMessage(2, $_lang['mod.lostpass.notfound']);
}
} else {
$module .= _formMessage(2, $_lang['captcha.failure2']);
}
} else {
$module .= _formMessage(3, str_replace('*limit*', _lostpassexpire / 60, $_lang['mod.lostpass.limit']));
}
}
// formular
if (!$sent) {
$captcha = _captchaInit();
$module .= _formOutput("lostpassform", "index.php?m=lostpass", array(array($_lang['login.username'], "<input type='text' name='username' class='inputsmall' maxlength='24'" . _restorePostValue('username') . " />"), array($_lang['global.email'], "<input type='text' name='email' class='inputsmall' " . _restorePostValue('email', '@') . " />"), $captcha), array("username", "email"), $_lang['global.send']);
}
break;
}
}
/* --- vystup --- */
$output .= "\n<p>" . $_lang['admin.other.bans.p'] . "</p>\n" . $message . "\n\n<table class='wintable'>\n<tr class='valign-top'>\n\n<td>\n<form action='index.php?p=other-bans' method='post'>\n<textarea rows='25' cols='94' class='areamedium' name='banned'>" . $data . "</textarea><br /><br />\n<input type='submit' value='" . $_lang['global.save'] . "' />\n" . _xsrfProtect() . "</form>\n</td>\n\n<td>\n<h2>" . $_lang['admin.other.bans.getuserip'] . "</h2><br />\n<form action='index.php' method='get'>\n<input type='hidden' name='p' value='other-bans' />\n" . $_lang['global.user'] . ": <input type='text' name='getip' class='inputsmall'" . _restoreGetValue("getip") . " /> <input type='submit' value='" . $_lang['global.do'] . "' />\n</form>\n";
// zjisteni ip adres uzivatele
if (isset($_GET['getip'])) {
$user = _anchorStr(trim($_GET['getip']), false);
$query = DB::query("SELECT ip,id FROM `" . _mysql_prefix . "-users` WHERE username='******'");
if (DB::size($query) != 0) {
$query = DB::row($query);
// vyhledani adres
$ips = array();
$iquery = DB::query("SELECT DISTINCT ip FROM `" . _mysql_prefix . "-posts` WHERE author=" . $query['id']);
while ($iip = DB::row($iquery)) {
$ips[] = $iip['ip'];
}
// pridani naposledy pouzite
if (!in_array($query['ip'], $ips)) {
$ips[] = $query['ip'];
}
// vypis
$output .= "<br /><h2>" . $_lang['global.result'] . "</h2>\n<ul>\n";
foreach ($ips as $ip) {
$output .= "<li>" . $ip . "</li>\n";
}
$output .= "\n</ul>\n";
} else {
$output .= _formMessage(2, $_lang['global.baduser']);
}
}
// dokonceni tabulky
$output .= "\n</td>\n\n</tr>\n</table>\n";
