}
// formular
if (!$done and count($errors) == 0) {
$module .= _formOutput("lostpassform", "index.php?m=lostpass&link&user="******"&hash=" . _htmlStr($hash), array(), array(), $_lang['mod.lostpass.generate'], "<input type='hidden' name='action' value='1' />");
}
}
} else {
$module .= _formMessage(2, str_replace(array("*1*", "*2*"), array(_maxloginattempts, _maxloginexpire / 60), $_lang['login.attemptlimit']));
}
break;
default:
$module .= "<p class='bborder'>" . $_lang['mod.lostpass.p'] . "</p>";
// kontrola promennych, odeslani emailu
$sent = false;
if (isset($_POST['username'])) {
if (_iplogCheck(7)) {
// nacteni promennych
$username = _anchorStr($_POST['username'], false);
$email = DB::esc($_POST['email']);
// kontrola promennych
if (_captchaCheck()) {
$userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'");
if (DB::size($userdata) != 0) {
// odeslani emailu
$userdata = DB::row($userdata);
$link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']);
$text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*");
$text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip);
if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) {
$module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']);
_iplogUpdate(7);
/* --- send --- */
// nacteni promennych
$subject = $_POST['subject'];
$sender = $_POST['sender'];
$text = $_POST['text'];
$fid = intval($_POST['fid']);
// nacteni prijemce
$skey = _sessionprefix . 'hcm_' . $fid . '_mail_receiver';
if (isset($_SESSION[$skey])) {
$receiver = $_SESSION[$skey];
unset($_SESSION[$skey], $skey);
} else {
die($_lang['global.badinput']);
}
// casove omezeni
if (_iplogCheck(5)) {
_iplogUpdate(5);
} else {
// prekroceno
echo str_replace('*postsendexpire*', _postsendexpire, $_lang['misc.requestlimit']);
die;
}
// odeslani
if (_xsrfCheck()) {
if (_validateEmail($sender) and $text != "" and _captchaCheck()) {
// pridani informacniho textu do tela
$info_ip = _userip;
if (_loginindicator) {
$info_ip .= ' (' . _loginname . ')';
}
$info_from = array("*domain*", "*time*", "*ip*", "*sender*");
exit;
}
/* --- hodnoceni --- */
// nacteni promennych
_checkKeys('_POST', array('id'));
$id = intval($_POST['id']);
$article_exists = false;
// kontrola promennych a pristupu
$continue = false;
$query = DB::query("SELECT art.id,art.title_seo,art.time,art.confirmed,art.public,art.home1,art.home2,art.home3,art.rateon,cat.title_seo AS cat_title_seo FROM `" . _mysql_prefix . "-articles` AS art JOIN `" . _mysql_prefix . "-root` AS cat ON(cat.id=art.home1) WHERE art.id=" . $id);
if (DB::size($query) != 0) {
$article_exists = true;
$query = DB::row($query);
if (isset($_POST['r'])) {
$r = round($_POST['r'] / 10) * 10;
if (_iplogCheck(3, $id) and _xsrfCheck() and $query['rateon'] == 1 and _articleAccess($query) == 1 and $r <= 100 and $r >= 0) {
$continue = true;
}
}
}
// zapocteni hodnoceni
if ($continue) {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET ratenum=ratenum+1,ratesum=ratesum+" . $r . " WHERE id=" . $id);
_iplogUpdate(3, $id);
}
// presmerovani
if ($article_exists) {
$aurl = _linkArticle($id, $query['title_seo']) . "#ainfo";
} else {
$aurl = "";
}
<?php
/* --- incializace jadra --- */
require '../../require/load.php';
SL::init('../../');
/* --- hlasovani --- */
// nacteni promennych
if (isset($_POST['pid']) and isset($_POST['option']) and _xsrfCheck()) {
$pid = intval($_POST['pid']);
$option = intval($_POST['option']);
// ulozeni hlasu
$query = DB::query("SELECT locked,answers,votes FROM `" . _mysql_prefix . "-polls` WHERE id=" . $pid);
if (DB::size($query) != 0) {
$query = DB::row($query);
$answers = explode("#", $query['answers']);
$votes = explode("-", $query['votes']);
if (_loginright_pollvote and $query['locked'] == 0 and _iplogCheck(4, $pid) and isset($votes[$option])) {
$votes[$option] += 1;
$votes = implode("-", $votes);
DB::query("UPDATE `" . _mysql_prefix . "-polls` SET votes='" . $votes . "' WHERE id=" . $pid);
_iplogUpdate(4, $pid);
}
}
}
// presmerovani
_returnHeader();
define('_session_regenerate', true);
SL::init('../');
/* --- prihlaseni --- */
_checkKeys('_POST', array('form_url'));
if (!isset($_POST['username'])) {
$_POST['username'] = '';
}
if (!isset($_POST['password'])) {
$_POST['password'] = '';
}
$result = 0;
$username = "";
$ipbound = isset($_POST['ipbound']);
if (!_loginindicator) {
if (_xsrfCheck()) {
if (_iplogCheck(1)) {
// nacteni promennych
$username = DB::esc($_POST['username']);
$email = strpos($_POST['username'], '@') !== false;
$password = $_POST['password'];
$persistent = _checkboxLoad('persistent');
// nalezeni uzivatele
$query = DB::query("SELECT * FROM `" . _mysql_prefix . "-users` WHERE `" . ($email ? 'email' : 'username') . "`='" . $username . "'" . (!$email && $username !== '' ? ' OR publicname=\'' . $username . '\'' : ''));
if (DB::size($query) != 0) {
$query = DB::row($query);
if (empty($username)) {
$username = $query['username'];
}
$groupblock = DB::query_row("SELECT blocked FROM `" . _mysql_prefix . "-groups` WHERE id=" . $query['group']);
if ($query['blocked'] == 0 and $groupblock['blocked'] == 0) {
if (_md5Salt($password, $query['salt']) == $query['password']) {
}
// prijemce
if ($receiver !== '') {
$rq = DB::query_row('SELECT usr.id AS usr_id,usr.blocked AS usr_blocked, ugrp.blocked AS ugrp_blocked FROM `' . _mysql_prefix . '-users` AS usr JOIN `' . _mysql_prefix . '-groups` AS ugrp ON (usr.group=ugrp.id) WHERE usr.username=\'' . DB::esc($receiver) . '\' OR usr.publicname=\'' . DB::esc($receiver) . '\'');
} else {
$rq = false;
}
if ($rq === false || $rq['usr_id'] == _loginid) {
$message = _formMessage(2, $_lang['mod.messages.error.badreceiver']);
break;
} elseif ($rq['usr_blocked'] || $rq['ugrp_blocked']) {
$message = _formMessage(2, $_lang['mod.messages.error.blockedreceiver']);
break;
}
// anti spam limit
if (!_iplogCheck(5)) {
$message = _formMessage(2, str_replace('*postsendexpire*', _postsendexpire, $_lang['misc.requestlimit']));
break;
}
/* --- vse ok, odeslani --- */
// zaznam v logu
if (!_loginright_unlimitedpostaccess) {
_iplogUpdate(5);
}
// extend
_extend('call', 'mod.messages.new', array('receiver' => $rq['usr_id'], 'subject' => &$subject, 'text' => &$text));
// vlozeni do pm tabulky
DB::query('INSERT INTO `' . _mysql_prefix . '-pm` (sender,sender_readtime,sender_deleted,receiver,receiver_readtime,receiver_deleted,update_time) VALUES(' . _loginid . ',UNIX_TIMESTAMP(),0,' . $rq['usr_id'] . ',0,0,UNIX_TIMESTAMP())');
$pm_id = DB::insertID();
// vlozeni do posts tabulky
DB::query("INSERT INTO `" . _mysql_prefix . "-posts` (type,home,xhome,subject,text,author,guest,time,ip,bumptime) VALUES (6," . $pm_id . ",-1,'" . DB::esc($subject) . "','" . DB::esc($text) . "'," . _loginid . ",''," . time() . ",'" . _userip . "',0)");
if (!$disabled && isset($_COOKIE[_sessionprefix . "persistent_key"])) {
// nacist data
$persistent_cookie = $_COOKIE[_sessionprefix . "persistent_key"];
$persistent_cookie = explode('$', $persistent_cookie);
if (count($persistent_cookie) == 3) {
$persistent_cookie[0] = intval($persistent_cookie[0]);
$persistent_cookie[1] = _boolean($persistent_cookie[1]);
$persistent_cookie_found = true;
}
}
// kontrola existence session
if (!$disabled && ($persistent_cookie_found or isset($_SESSION[_sessionprefix . "user"]) and isset($_SESSION[_sessionprefix . "password"]) and isset($_SESSION[_sessionprefix . "ip"]))) {
// pouziti cookie pro nastaveni dat session (pokud neexistuji)
$persistent_cookie_used = false;
$persistent_cookie_bad = false;
if ($persistent_cookie_found and !(isset($_SESSION[_sessionprefix . "user"]) and isset($_SESSION[_sessionprefix . "password"]) and isset($_SESSION[_sessionprefix . "ip"])) and _iplogCheck(1)) {
$persistent_cookie_bad = true;
$uquery = DB::query("SELECT * FROM `" . _mysql_prefix . "-users` WHERE id=" . $persistent_cookie[0]);
if (DB::size($uquery) != 0) {
$uquery = DB::row($uquery);
$persistent_cookie_used = true;
if ($persistent_cookie[2] == _md5HMAC($uquery['password'] . '$' . $uquery['email'], $persistent_cookie[1] ? _userip : _sessionprefix)) {
// platna cooke
$_SESSION[_sessionprefix . "user"] = $persistent_cookie[0];
$_SESSION[_sessionprefix . "password"] = $uquery['password'];
$_SESSION[_sessionprefix . "ip"] = _userip;
$_SESSION[_sessionprefix . "ipbound"] = true;
$persistent_cookie_bad = false;
} else {
// neplatna cookie - zaznam v ip logu
_iplogUpdate(1);
if ($xhome != -1 && $posttype != 6) {
$continue2 = false;
$tdata = DB::query("SELECT xhome FROM `" . _mysql_prefix . "-posts` WHERE id=" . $xhome . " AND home=" . $posttarget . " AND locked=0");
if (DB::size($tdata) != 0) {
$tdata = DB::row($tdata);
if ($tdata['xhome'] == -1) {
$continue2 = true;
}
}
} else {
$continue2 = true;
}
/* -- ulozeni prispevku -- */
if ($continue and $continue2 and $text != "" and $posttype == 4 || _captchaCheck()) {
if (_xsrfCheck()) {
if ($posttype == 4 or _loginright_unlimitedpostaccess or _iplogCheck(5)) {
if ($guest === '' || DB::result(DB::query('SELECT COUNT(*) FROM `' . _mysql_prefix . '-users` WHERE username=\'' . DB::esc($guest) . '\' OR publicname=\'' . DB::esc($guest) . '\''), 0) == 0) {
// zpracovani pluginem
$allow = true;
_extend('call', 'posts.submit', array('allow' => &$allow, 'posttype' => $posttype, 'posttarget' => $posttarget, 'xhome' => $xhome, 'subject' => &$subject, 'text' => &$text, 'author' => $author, 'guest' => $guest));
if ($allow) {
// ulozeni
DB::query("INSERT INTO `" . _mysql_prefix . "-posts` (type,home,xhome,subject,text,author,guest,time,ip,bumptime,flag) VALUES (" . $posttype . "," . $posttarget . "," . $xhome . ",'" . $subject . "','" . $text . "'," . $author . ",'" . $guest . "'," . time() . ",'" . _userip . "'," . ($posttype == 5 && $xhome == -1 ? 'UNIX_TIMESTAMP()' : '0') . "," . $pluginflag . ")");
$insert_id = DB::insertID();
if (!_loginright_unlimitedpostaccess and $posttype != 4) {
_iplogUpdate(5);
}
$return = 1;
_extend('call', 'posts.new', array('id' => $insert_id, 'posttype' => $posttype));
// topicy - aktualizace bumptime
if ($posttype == 5 && $xhome != -1) {
}
// druha bunka
if ($info['infobox'] != null or $rateform_used == false and $info['rateform'] != null) {
$content .= "<td>";
if ($info['infobox'] != null) {
$content .= $info['infobox'];
}
if ($rateform_used == false) {
$content .= $info['rateform'];
}
$content .= "</td>";
}
// konec tabulky
$content .= "\n</tr>\n</table>\n";
}
// odkaz na tisk
if (_printart) {
$content .= "\n<p><a href='" . _indexroot . "printart.php?id=" . $id . "' target='_blank'><img src='" . _templateImage("icons/print.png") . "' alt='print' class='icon' /> " . $_lang['article.print'] . "</a></p>\n";
}
// rozsireni pred komentari
_extend('call', 'article.comments', $extend_args);
// komentare
if ($query['comments'] == 1 and _comments) {
require_once _indexroot . 'require/functions-posts.php';
$content .= _postsOutput(2, $id, $query['commentslocked']);
}
// zapocteni precteni
if ($query['confirmed'] == 1 and $query['time'] <= time() and _iplogCheck(2, $id)) {
DB::query("UPDATE `" . _mysql_prefix . "-articles` SET readed=" . ($query['readed'] + 1) . " WHERE id=" . $id);
_iplogUpdate(2, $id);
}
function _HCM_poll($id = null, $sirka = 150)
{
// nacteni promennych
$id = intval($id);
if (isset($sirka)) {
$sirka = intval($sirka);
} else {
$sirka = 150;
}
if ($sirka < 100) {
$sirka = 100;
}
// nacteni dat ankety
$vpolldata = DB::query("SELECT * FROM `" . _mysql_prefix . "-polls` WHERE id=" . $id);
if (DB::size($vpolldata) != 0) {
$vpolldata = DB::row($vpolldata);
$rcontinue = true;
} else {
$rcontinue = false;
}
// sestaveni kodu
if ($rcontinue) {
// odpovedi
$ranswers = explode("\n", $vpolldata['answers']);
$rvotes = explode("-", $vpolldata['votes']);
$rvotes_sum = array_sum($rvotes);
if (_loginright_pollvote == 1 and $vpolldata['locked'] != 1 and _iplogCheck(4, $id)) {
$rallowvote = true;
} else {
$rallowvote = false;
}
if ($rallowvote) {
$ranswers_code = "<form action='" . _indexroot . "remote/hcm/pvote.php?_return=" . urlencode(_indexOutput_url . "#hcm_poll_" . SL::$hcmUid) . "' method='post'>\n<input type='hidden' name='pid' value='" . $vpolldata['id'] . "' />";
} else {
$ranswers_code = "";
}
$ranswer_id = 0;
foreach ($ranswers as $item) {
if ($rvotes_sum != 0 and $rvotes[$ranswer_id] != 0) {
$rpercent = $rvotes[$ranswer_id] / $rvotes_sum;
$rbarwidth = round($rpercent * ($sirka - _template_votebarwidthreduction));
} else {
$rpercent = 0;
$rbarwidth = 1;
}
if ($rallowvote) {
$item = "<label><input type='radio' name='option' value='" . $ranswer_id . "' /> " . $item . " [" . $rvotes[$ranswer_id] . "/" . round($rpercent * 100) . "%]</label>";
} else {
$item .= " [" . $rvotes[$ranswer_id] . "/" . round($rpercent * 100) . "%]";
}
$ranswers_code .= "<div class='poll-answer'>" . $item . "<div style='width:" . $rbarwidth . "px;'></div></div>\n";
$ranswer_id++;
}
$ranswers_code .= "<div class='poll-answer'>";
if ($rallowvote) {
$ranswers_code .= "<input type='submit' value='" . $GLOBALS['_lang']['hcm.poll.vote'] . "' class='votebutton' />";
}
$ranswers_code .= $GLOBALS['_lang']['hcm.poll.votes'] . ": " . $rvotes_sum . "</div>";
if ($rallowvote) {
$ranswers_code .= _xsrfProtect() . "</form>\n";
}
return "\n<div class='anchor'><a name='hcm_poll_" . SL::$hcmUid . "'></a></div>\n<div class='poll' style='width:" . $sirka . "px;'>\n<div class='poll-content'>\n\n<div class='poll-question'>\n" . $vpolldata['question'] . "\n" . ($vpolldata['locked'] == 1 ? "<div>(" . $GLOBALS['_lang']['hcm.poll.locked'] . ")</div>" : '') . "\n</div>\n\n" . $ranswers_code . "\n\n</div>\n</div>\n\n";
}
}