_extend('call', 'mod.messages.new', array('receiver' => $rq['usr_id'], 'subject' => &$subject, 'text' => &$text));
// vlozeni do pm tabulky
DB::query('INSERT INTO `' . _mysql_prefix . '-pm` (sender,sender_readtime,sender_deleted,receiver,receiver_readtime,receiver_deleted,update_time) VALUES(' . _loginid . ',UNIX_TIMESTAMP(),0,' . $rq['usr_id'] . ',0,0,UNIX_TIMESTAMP())');
$pm_id = DB::insertID();
// vlozeni do posts tabulky
DB::query("INSERT INTO `" . _mysql_prefix . "-posts` (type,home,xhome,subject,text,author,guest,time,ip,bumptime) VALUES (6," . $pm_id . ",-1,'" . DB::esc($subject) . "','" . DB::esc($text) . "'," . _loginid . ",''," . time() . ",'" . _userip . "',0)");
// presmerovani a konec
define('_redirect_to', _url . '/' . _indexOutput_url . '&a=list&read=' . $pm_id);
return;
} while (false);
}
// formular
if (isset($message)) {
$module .= $message . "\n";
}
$module .= "<form action='' method='post' name='newmsg'" . _jsCheckForm('newmsg', array('receiver')) . ">\n<table>\n\n<tr>\n <td><strong>" . $_lang['mod.messages.receiver'] . "</strong></td>\n <td><input type='text' name='receiver' class='inputsmall' maxlength='24'" . _restorePostValue("receiver", _get('receiver')) . " /></td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['posts.subject'] . "</strong></td>\n <td><input type='text' name='subject' class='inputsmall' maxlength='22'" . _restorePostValue("subject", _get('subject')) . " /></td>\n</tr>\n\n<tr class='valign-top'>\n <td><strong>" . $_lang['mod.messages.message'] . "</strong></td>\n <td><textarea name='text' class='areamedium' rows='5' cols='33'>" . _restorePostValue("text", null, true) . "</textarea></td>\n</tr>\n\n<tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.send'] . "' />" . _getPostFormControls('newmsg', 'text') . "</td>\n</tr>\n\n</table>\n\n" . _jsLimitLength(16384, 'newmsg', 'text') . "\n\n" . _xsrfProtect() . "</form>\n";
break;
/* --- vypis --- */
/* --- vypis --- */
default:
// cteni vzkazu
if (isset($_GET['read'])) {
// promenne
$id = intval($_GET['read']);
// nacist data
$q = DB::query_row('SELECT pm.*,post.subject,post.time FROM `' . _mysql_prefix . '-pm` AS pm JOIN `' . _mysql_prefix . '-posts` AS post ON (post.type=6 AND post.home=pm.id AND post.xhome=-1) WHERE pm.id=' . $id . ' AND (sender=' . _loginid . ' AND sender_deleted=0 OR receiver=' . _loginid . ' AND receiver_deleted=0)');
if ($q === false) {
$module .= _formMessage(3, $_lang['global.badinput']);
break;
}
// titulek
// titulek
if (_template_autoheadings == 1) {
$module .= "<h1>" . $_lang['mod.editpost'] . "</h1><div class='hr'><hr /></div>";
}
// zpetny odkaz
$module .= "<p><a href='" . $backlink . "'>< " . $_lang['global.return'] . "</a></p>";
// zprava
if (isset($_GET['saved']) and $message == "") {
$message = _formMessage(1, $_lang['global.saved']);
}
$module .= $message;
// formular
if ($continue) {
// pole
$inputs = array();
$module .= _jsLimitLength($query['type'] != 4 ? 16384 : 255, "postform", "text");
if ($query['guest'] != "") {
$inputs[] = array($_lang['posts.guestname'], "<input type='text' name='guest' class='inputsmall' value='" . $query['guest'] . "' />");
}
if ($query['xhome'] == -1 and $query['type'] != 4) {
$inputs[] = array($_lang[$query['type'] != 5 ? 'posts.subject' : 'posts.topic'], "<input type='text' name='subject' class='input" . ($query['type'] == 5 ? 'medium' : 'small') . "' maxlength='" . ($query['type'] == 5 ? 48 : 22) . "' value='" . $query['subject'] . "' />");
}
$inputs[] = array($_lang['posts.text'], "<textarea name='text' class='areamedium' rows='5' cols='33'>" . $query['text'] . "</textarea>", true);
// formoutput
$module .= _formOutput('postform', 'index.php?m=editpost&id=' . $id, $inputs, null, $_lang['global.save'], _getPostformControls("postform", "text", $nobbcode) . ($query['type'] != 6 || $query['xhome'] != -1 ? "<br /><br /><label><input type='checkbox' name='delete' value='1' /> " . $_lang['mod.editpost.delete'] . "</label>" : ''));
} else {
/*neplatny vstup*/
if (!$scriptbreak) {
$module .= _formMessage(3, $_lang['global.badinput']);
$found = false;
}
$item = pathinfo($item);
if (!isset($item['extension']) or $item['extension'] != "php") {
continue;
}
$item = mb_substr($item['basename'], 0, mb_strrpos($item['basename'], "."));
if ($item == _loginlanguage) {
$selected = ' selected="selected"';
} else {
$selected = "";
}
$language_select .= '<option value="' . $item . '"' . $selected . '>' . $item . '</option>';
}
closedir($handle);
$language_select .= '</select></td></tr>';
} else {
$language_select = "";
}
// wysiwyg
if (_loginright_administration) {
$admin = "\n\n\n\n <tr>\n <td><strong>" . $_lang['mod.settings.wysiwyg'] . "</strong></td>\n <td><label><input type='checkbox' name='wysiwyg' value='1'" . _checkboxActivate($query['wysiwyg']) . " /> " . $_lang['mod.settings.wysiwyg.label'] . "</label></td>\n </tr>\n\n ";
} else {
$admin = "";
}
$module .= "\n<p><a href='index.php?m=profile&id=" . _loginname . "'>" . $_lang['mod.settings.profilelink'] . " ></a></p>\n<p>" . $_lang['mod.settings.p'] . "</p>" . $message . "\n<form action='index.php?m=settings' method='post' name='setform' enctype='multipart/form-data'>\n\n" . _jsLimitLength(1024, "setform", "note") . "\n\n <fieldset>\n <legend>" . $_lang['mod.settings.userdata'] . "</legend>\n <table class='profiletable'>\n\n <tr>\n <td><strong>" . $_lang['login.username'] . "</strong> <span class='important'>*</span></td>\n <td><input type='text' name='username'" . _restorePostValue('username', _loginname) . " class='inputsmall' maxlength='24' />" . (!_loginright_changeusername ? "<span class='hint'>(" . $_lang['mod.settings.namechangenote'] . ")</span>" : '') . "</td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.publicname'] . "</strong></td>\n <td><input type='text' name='publicname'" . _restorePostValue('publicname', $query['publicname']) . " class='inputsmall' maxlength='24' /></td>\n </tr>\n\n <tr class='valign-top'>\n <td><strong>" . $_lang['global.email'] . "</strong> <span class='important'>*</span></td>\n <td><input type='text' name='email'" . _restorePostValue('email', $query['email']) . " class='inputsmall'/></td>\n </tr>\n\n " . $language_select . "\n\n <tr>\n <td><strong>" . $_lang['mod.settings.massemail'] . "</strong></td>\n <td><label><input type='checkbox' name='massemail' value='1'" . _checkboxActivate($query['massemail']) . " /> " . $_lang['mod.settings.massemail.label'] . "</label></td>\n </tr>\n\n " . $admin . "\n </table>\n </fieldset>\n\n\n <fieldset>\n <legend>" . $_lang['mod.settings.password'] . "</legend>\n <p class='minip'>" . $_lang['mod.settings.password.hint'] . "</p>\n <table class='profiletable'>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.password.current'] . "</strong></td>\n <td><input type='password' name='currentpassword' class='inputsmall' autocomplete='off' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.password.new'] . "</strong></td>\n <td><input type='password' name='newpassword' class='inputsmall' autocomplete='off' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.password.new'] . " (" . $_lang['global.check'] . ")</strong></td>\n <td><input type='password' name='newpassword-confirm' class='inputsmall' autocomplete='off' /></td>\n </tr>\n\n </table>\n </fieldset>\n\n " . _extend('buffer', 'mod.settings.form') . "\n\n\n <fieldset>\n <legend>" . $_lang['mod.settings.info'] . "</legend>\n\n <table class='profiletable'>\n\n <tr>\n <td><strong>" . $_lang['global.icq'] . "</strong></td>\n <td><input type='text' name='icq'" . _restorePostValue('icq', $query['icq']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.skype'] . "</strong></td>\n <td><input type='text' name='skype'" . _restorePostValue('skype', $query['skype']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.msn'] . "</strong></td>\n <td><input type='text' name='msn'" . _restorePostValue('msn', $query['msn']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.jabber'] . "</strong></td>\n <td><input type='text' name='jabber'" . _restorePostValue('jabber', $query['jabber']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.web'] . "</strong></td>\n <td><input type='text' name='web' value='" . $query['web'] . "' class='inputsmall' /><span class='hint'>" . $_lang['mod.settings.web.hint'] . "</span></td>\n </tr>\n\n <tr class='valign-top'>\n <td><strong>" . $_lang['global.note'] . "</strong></td>\n <td><textarea name='note' class='areasmall' rows='9' cols='33'>" . _restorePostValue('note', $query['note'], true) . "</textarea></td>\n </tr>\n\n <tr><td></td>\n <td>" . _getPostFormControls("setform", "note") . "</td>\n </tr>\n\n </table>\n\n </fieldset>\n";
if (_uploadavatar) {
$module .= "\n <fieldset>\n <legend>" . $_lang['mod.settings.avatar'] . "</legend>\n " . _extend('buffer', 'mod.settings.avatar', array('extra' => array('query' => $query))) . "\n <p><strong>" . $_lang['mod.settings.avatar.upload'] . ":</strong> <input type='file' name='avatar' /></p>\n <table>\n <tr class='valign-top'>\n <td width='106'><div class='avatar'><img src='" . $avatar_path . "' alt='avatar' /></div></td>\n <td><p class='minip'>" . $_lang['mod.settings.avatar.hint'] . "</p><p><label><input type='checkbox' name='removeavatar' value='1' /> " . $_lang['mod.settings.avatar.remove'] . "</label></p></td>\n </tr>\n </table>\n </fieldset>\n";
}
if (_loginright_selfdestruction and _loginid != 0) {
$module .= "\n\n <fieldset>\n <legend>" . $_lang['mod.settings.selfremove'] . "</legend>\n <label><input type='checkbox' name='selfremove' value='1' onclick='if (this.checked==true) {return _sysConfirm();}' /> " . $_lang['mod.settings.selfremove.box'] . "</label><br /><br />\n <div class='lpad'><strong>" . $_lang['mod.settings.selfremove.confirm'] . ":</strong> <input type='password' name='selfremove-confirm' class='inputsmall' /></div>\n </fieldset>\n\n";
}
$module .= "\n<br />\n<input type='submit' value='" . $_lang['mod.settings.submit'] . "' />\n<input type='reset' value='" . $_lang['global.reset'] . "' onclick='return _sysConfirm();' />\n\n" . _xsrfProtect() . "</form>\n";
/**
* Sestavit kod systemoveho formulare
*
* $id Popis $vars
*
* login prihlasovaci formular -
* notpublic prihlasovaci formular (neverejny obsah) [wholesite 1/0]
* postform formular pro zaslani prispevku/komentare [posttype => viz fce _postsOutput, posttarget => id_home, xhome => id_xhome, [pluginflag(pouze pro typ 7)] => xx)]
*
* @param string $id identifikator formulare
* @param array $vars promenne dle typu
* @param bool $notitle nevkladat titulek do formulare 1/0
* @param bool $extend volat extend udalosti 1/0
* @return array array(content, title)
*/
function _uniForm($id, $vars = array(), $notitle = false, $extend = true)
{
// priprava
global $_lang;
$content = "";
$title = "";
// extend
if ($extend) {
_extend('call', 'sys.form', array('id' => $id, 'vars' => $vars, 'notitle' => &$notitle, 'content' => &$content));
}
// typ
if ('' === $content) {
switch ($id) {
/* --- prihlaseni --- */
case "login":
// titulek
$title = $_lang['login.title'];
// zpravy
if (isset($_GET['_mlr'])) {
switch ($_GET['_mlr']) {
case 0:
$content .= _formMessage(2, $_lang['login.failure']);
break;
case 1:
if (_loginindicator and !_administration) {
$content .= _formMessage(1, $_lang['login.success']);
}
break;
case 2:
if (!_loginindicator) {
$content .= _formMessage(2, $_lang['login.blocked.message']);
}
break;
case 3:
if (!_loginindicator) {
$content .= _formMessage(3, $_lang['login.securitylogout']);
}
break;
case 4:
if (!_loginindicator) {
$content .= _formMessage(1, $_lang['login.selfremove']);
}
break;
case 5:
if (!_loginindicator) {
$content .= _formMessage(2, str_replace(array("*1*", "*2*"), array(_maxloginattempts, _maxloginexpire / 60), $_lang['login.attemptlimit']));
}
break;
case 6:
$content .= _formMessage(3, $_lang['xsrf.msg']);
break;
}
}
// obsah
if (!_loginindicator) {
// adresa pro navrat
if (isset($_GET['login_form_return'])) {
$return = $_GET['login_form_return'];
} else {
$return = $_SERVER['REQUEST_URI'];
}
// adresa formulare
$form_url = parse_url($_SERVER['REQUEST_URI']);
if (isset($form_url['query'])) {
parse_str($form_url['query'], $form_url['query']);
unset($form_url['query']['_formData'], $form_url['query']['_mlr']);
$form_url = _buildURL($form_url);
} else {
$form_url = $_SERVER['REQUEST_URI'];
}
// kod formulare
$callArgs = array("login_form", _indexroot . "remote/login.php?_return=" . urlencode($return), array(array($_lang['login.username'], "<input type='text' name='username' class='inputmedium'" . _restoreGetFdValue("username") . " maxlength='24' />"), array($_lang['login.password'], "<input type='password' name='password' class='inputmedium' />")), null, $_lang['global.login'], " <label><input type='checkbox' name='persistent' value='1' /> " . $_lang['login.persistent'] . "</label><input type='hidden' name='form_url' value='" . _htmlStr($form_url) . "' />\n <label><input type='checkbox' name='ipbound' value='1' checked='checked' /> " . (isset($_lang['login.ipbound']) ? $_lang['login.ipbound'] : 'zabezpečené') . "</label>");
if ($extend) {
_extend('call', 'sys.form.login', array('call' => &$callArgs));
}
$content .= call_user_func_array('_formOutput', $callArgs);
// odkazy
if (_registration or _lostpass) {
$content .= "\n\n<p>\n" . ((_registration and !_administration) ? "<a href='" . _indexroot . "index.php?m=reg'>" . $_lang['mod.reg'] . " ></a>\n" : '') . (_lostpass ? ((_registration and !_administration) ? "<br />" : '') . "<a href='" . _indexroot . "index.php?m=lostpass'>" . $_lang['mod.lostpass'] . " ></a>\n" : '') . "</p>";
}
} else {
$content .= "<p>" . $_lang['login.ininfo'] . " <em>" . _loginname . "</em> - <a href='" . _xsrfLink(_indexroot . "remote/logout.php") . "'>" . $_lang['usermenu.logout'] . "</a>.</p>";
}
break;
/* --- zprava o neverejnosti obsahu (0-notpublicsite) --- */
/* --- zprava o neverejnosti obsahu (0-notpublicsite) --- */
case "notpublic":
$form = _uniForm("login", array(), true);
if (!isset($vars[0])) {
$vars[0] = false;
}
$content = "<p>" . $_lang['notpublic.p' . ($vars[0] == true ? '2' : '')] . "</p>" . $form[0];
$title = $_lang['notpublic.title'];
break;
/* --- formular pro zaslani prispevku / komentare (posttype,posttarget,xhome,url) --- */
/* --- formular pro zaslani prispevku / komentare (posttype,posttarget,xhome,url) --- */
case "postform":
$title = "";
$notitle = true;
// pole
$inputs = array();
$captcha = _captchaInit();
$content = _jsLimitLength(16384, "postform", "text");
if (_loginindicator == 0) {
$inputs[] = array($_lang['posts.guestname'], "<input type='text' name='guest' maxlength='24' class='inputsmall'" . _restoreGetFdValue("guest") . " />");
}
if ($vars['xhome'] == -1) {
$inputs[] = array($_lang[$vars['posttype'] != 5 ? 'posts.subject' : 'posts.topic'], "<input type='text' name='subject' class='input" . ($vars['posttype'] != 5 ? 'small' : 'medium') . "' maxlength='" . ($vars['posttype'] != 5 ? 22 : 48) . "'" . _restoreGetFdValue("subject") . " />");
}
$inputs[] = $captcha;
$inputs[] = array($_lang['posts.text'], "<textarea name='text' class='areamedium' rows='5' cols='33'>" . _restoreGetFdValue("text", null, true) . "</textarea><input type='hidden' name='_posttype' value='" . $vars['posttype'] . "' /><input type='hidden' name='_posttarget' value='" . $vars['posttarget'] . "' /><input type='hidden' name='_xhome' value='" . $vars['xhome'] . "' />" . (isset($vars['pluginflag']) ? "<input type='hidden' name='_pluginflag' value='" . $vars['pluginflag'] . "' />" : ''), true);
// formular
$callArgs = array('postform', _addGetToLink(_indexroot . "remote/post.php", "_return=" . urlencode($vars['url']), false), $inputs, array("text"), null, _getPostformControls("postform", "text"));
if ($extend) {
_extend('call', 'sys.form.postform', array('call' => &$callArgs, 'vars' => $vars));
}
$content .= call_user_func_array('_formOutput', $callArgs);
break;
}
}
// return
if ((_template_autoheadings == 1 or _administration == 1) and $notitle == false) {
$content = "<h1>{$title}</h1>\n" . $content;
}
return array($content, $title);
}
