if (_iplogCheck(7)) {
// nacteni promennych
$username = _anchorStr($_POST['username'], false);
$email = DB::esc($_POST['email']);
// kontrola promennych
if (_captchaCheck()) {
$userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'");
if (DB::size($userdata) != 0) {
// odeslani emailu
$userdata = DB::row($userdata);
$link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']);
$text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*");
$text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip);
if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) {
$module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']);
_iplogUpdate(7);
$sent = true;
} else {
$module .= _formMessage(3, $_lang['hcm.mailform.msg.failure2']);
}
} else {
$module .= _formMessage(2, $_lang['mod.lostpass.notfound']);
}
} else {
$module .= _formMessage(2, $_lang['captcha.failure2']);
}
} else {
$module .= _formMessage(3, str_replace('*limit*', _lostpassexpire / 60, $_lang['mod.lostpass.limit']));
}
}
// formular
}
/* --- hodnoceni --- */
// nacteni promennych
_checkKeys('_POST', array('id'));
$id = intval($_POST['id']);
$article_exists = false;
// kontrola promennych a pristupu
$continue = false;
$query = DB::query("SELECT art.id,art.title_seo,art.time,art.confirmed,art.public,art.home1,art.home2,art.home3,art.rateon,cat.title_seo AS cat_title_seo FROM `" . _mysql_prefix . "-articles` AS art JOIN `" . _mysql_prefix . "-root` AS cat ON(cat.id=art.home1) WHERE art.id=" . $id);
if (DB::size($query) != 0) {
$article_exists = true;
$query = DB::row($query);
if (isset($_POST['r'])) {
$r = round($_POST['r'] / 10) * 10;
if (_iplogCheck(3, $id) and _xsrfCheck() and $query['rateon'] == 1 and _articleAccess($query) == 1 and $r <= 100 and $r >= 0) {
$continue = true;
}
}
}
// zapocteni hodnoceni
if ($continue) {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET ratenum=ratenum+1,ratesum=ratesum+" . $r . " WHERE id=" . $id);
_iplogUpdate(3, $id);
}
// presmerovani
if ($article_exists) {
$aurl = _linkArticle($id, $query['title_seo']) . "#ainfo";
} else {
$aurl = "";
}
header("location: " . _url . '/' . $aurl);
// nacteni promennych
$subject = $_POST['subject'];
$sender = $_POST['sender'];
$text = $_POST['text'];
$fid = intval($_POST['fid']);
// nacteni prijemce
$skey = _sessionprefix . 'hcm_' . $fid . '_mail_receiver';
if (isset($_SESSION[$skey])) {
$receiver = $_SESSION[$skey];
unset($_SESSION[$skey], $skey);
} else {
die($_lang['global.badinput']);
}
// casove omezeni
if (_iplogCheck(5)) {
_iplogUpdate(5);
} else {
// prekroceno
echo str_replace('*postsendexpire*', _postsendexpire, $_lang['misc.requestlimit']);
die;
}
// odeslani
if (_xsrfCheck()) {
if (_validateEmail($sender) and $text != "" and _captchaCheck()) {
// pridani informacniho textu do tela
$info_ip = _userip;
if (_loginindicator) {
$info_ip .= ' (' . _loginname . ')';
}
$info_from = array("*domain*", "*time*", "*ip*", "*sender*");
$info_to = array(_getDomain(), _formatTime(time()), $info_ip, $sender);
// zaslani cookie pro stale prihlaseni
if ($persistent) {
$persistent_cookie_data = array();
$persistent_cookie_data[] = $query['id'];
$persistent_cookie_data[] = $ipbound ? '1' : '0';
$persistent_cookie_data[] = _md5HMAC($query['password'] . '$' . $query['email'], $ipbound ? _userip : _sessionprefix);
setcookie(_sessionprefix . "persistent_key", implode('$', $persistent_cookie_data), time() + 2592000, "/");
}
// ulozeni dat pro session
$_SESSION[_sessionprefix . "user"] = $query['id'];
$_SESSION[_sessionprefix . "password"] = $query['password'];
$_SESSION[_sessionprefix . "ip"] = _userip;
$_SESSION[_sessionprefix . "ipbound"] = $ipbound;
$result = 1;
} else {
_iplogUpdate(1);
}
} else {
$result = 2;
}
}
} else {
$result = 5;
}
} else {
$result = 6;
}
}
/* --- presmerovani --- */
if ($result != 1) {
$_GET['_return'] = _addFdGetToLink(_addGetToLink($_POST['form_url'], '_mlr=' . $result, false), array('username' => $username));
<?php
/* --- incializace jadra --- */
require '../../require/load.php';
SL::init('../../');
/* --- hlasovani --- */
// nacteni promennych
if (isset($_POST['pid']) and isset($_POST['option']) and _xsrfCheck()) {
$pid = intval($_POST['pid']);
$option = intval($_POST['option']);
// ulozeni hlasu
$query = DB::query("SELECT locked,answers,votes FROM `" . _mysql_prefix . "-polls` WHERE id=" . $pid);
if (DB::size($query) != 0) {
$query = DB::row($query);
$answers = explode("#", $query['answers']);
$votes = explode("-", $query['votes']);
if (_loginright_pollvote and $query['locked'] == 0 and _iplogCheck(4, $pid) and isset($votes[$option])) {
$votes[$option] += 1;
$votes = implode("-", $votes);
DB::query("UPDATE `" . _mysql_prefix . "-polls` SET votes='" . $votes . "' WHERE id=" . $pid);
_iplogUpdate(4, $pid);
}
}
}
// presmerovani
_returnHeader();
}
// druha bunka
if ($info['infobox'] != null or $rateform_used == false and $info['rateform'] != null) {
$content .= "<td>";
if ($info['infobox'] != null) {
$content .= $info['infobox'];
}
if ($rateform_used == false) {
$content .= $info['rateform'];
}
$content .= "</td>";
}
// konec tabulky
$content .= "\n</tr>\n</table>\n";
}
// odkaz na tisk
if (_printart) {
$content .= "\n<p><a href='" . _indexroot . "printart.php?id=" . $id . "' target='_blank'><img src='" . _templateImage("icons/print.png") . "' alt='print' class='icon' /> " . $_lang['article.print'] . "</a></p>\n";
}
// rozsireni pred komentari
_extend('call', 'article.comments', $extend_args);
// komentare
if ($query['comments'] == 1 and _comments) {
require_once _indexroot . 'require/functions-posts.php';
$content .= _postsOutput(2, $id, $query['commentslocked']);
}
// zapocteni precteni
if ($query['confirmed'] == 1 and $query['time'] <= time() and _iplogCheck(2, $id)) {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET readed=" . ($query['readed'] + 1) . " WHERE id=" . $id);
_iplogUpdate(2, $id);
}
