_extend('call', 'mod.messages.new', array('receiver' => $rq['usr_id'], 'subject' => &$subject, 'text' => &$text)); // vlozeni do pm tabulky DB::query('INSERT INTO `' . _mysql_prefix . '-pm` (sender,sender_readtime,sender_deleted,receiver,receiver_readtime,receiver_deleted,update_time) VALUES(' . _loginid . ',UNIX_TIMESTAMP(),0,' . $rq['usr_id'] . ',0,0,UNIX_TIMESTAMP())'); $pm_id = DB::insertID(); // vlozeni do posts tabulky DB::query("INSERT INTO `" . _mysql_prefix . "-posts` (type,home,xhome,subject,text,author,guest,time,ip,bumptime) VALUES (6," . $pm_id . ",-1,'" . DB::esc($subject) . "','" . DB::esc($text) . "'," . _loginid . ",''," . time() . ",'" . _userip . "',0)"); // presmerovani a konec define('_redirect_to', _url . '/' . _indexOutput_url . '&a=list&read=' . $pm_id); return; } while (false); } // formular if (isset($message)) { $module .= $message . "\n"; } $module .= "<form action='' method='post' name='newmsg'" . _jsCheckForm('newmsg', array('receiver')) . ">\n<table>\n\n<tr>\n <td><strong>" . $_lang['mod.messages.receiver'] . "</strong></td>\n <td><input type='text' name='receiver' class='inputsmall' maxlength='24'" . _restorePostValue("receiver", _get('receiver')) . " /></td>\n</tr>\n\n<tr>\n <td><strong>" . $_lang['posts.subject'] . "</strong></td>\n <td><input type='text' name='subject' class='inputsmall' maxlength='22'" . _restorePostValue("subject", _get('subject')) . " /></td>\n</tr>\n\n<tr class='valign-top'>\n <td><strong>" . $_lang['mod.messages.message'] . "</strong></td>\n <td><textarea name='text' class='areamedium' rows='5' cols='33'>" . _restorePostValue("text", null, true) . "</textarea></td>\n</tr>\n\n<tr>\n <td></td>\n <td><input type='submit' value='" . $_lang['global.send'] . "' />" . _getPostFormControls('newmsg', 'text') . "</td>\n</tr>\n\n</table>\n\n" . _jsLimitLength(16384, 'newmsg', 'text') . "\n\n" . _xsrfProtect() . "</form>\n"; break; /* --- vypis --- */ /* --- vypis --- */ default: // cteni vzkazu if (isset($_GET['read'])) { // promenne $id = intval($_GET['read']); // nacist data $q = DB::query_row('SELECT pm.*,post.subject,post.time FROM `' . _mysql_prefix . '-pm` AS pm JOIN `' . _mysql_prefix . '-posts` AS post ON (post.type=6 AND post.home=pm.id AND post.xhome=-1) WHERE pm.id=' . $id . ' AND (sender=' . _loginid . ' AND sender_deleted=0 OR receiver=' . _loginid . ' AND receiver_deleted=0)'); if ($q === false) { $module .= _formMessage(3, $_lang['global.badinput']); break; } // titulek
// titulek if (_template_autoheadings == 1) { $module .= "<h1>" . $_lang['mod.editpost'] . "</h1><div class='hr'><hr /></div>"; } // zpetny odkaz $module .= "<p><a href='" . $backlink . "'>< " . $_lang['global.return'] . "</a></p>"; // zprava if (isset($_GET['saved']) and $message == "") { $message = _formMessage(1, $_lang['global.saved']); } $module .= $message; // formular if ($continue) { // pole $inputs = array(); $module .= _jsLimitLength($query['type'] != 4 ? 16384 : 255, "postform", "text"); if ($query['guest'] != "") { $inputs[] = array($_lang['posts.guestname'], "<input type='text' name='guest' class='inputsmall' value='" . $query['guest'] . "' />"); } if ($query['xhome'] == -1 and $query['type'] != 4) { $inputs[] = array($_lang[$query['type'] != 5 ? 'posts.subject' : 'posts.topic'], "<input type='text' name='subject' class='input" . ($query['type'] == 5 ? 'medium' : 'small') . "' maxlength='" . ($query['type'] == 5 ? 48 : 22) . "' value='" . $query['subject'] . "' />"); } $inputs[] = array($_lang['posts.text'], "<textarea name='text' class='areamedium' rows='5' cols='33'>" . $query['text'] . "</textarea>", true); // formoutput $module .= _formOutput('postform', 'index.php?m=editpost&id=' . $id, $inputs, null, $_lang['global.save'], _getPostformControls("postform", "text", $nobbcode) . ($query['type'] != 6 || $query['xhome'] != -1 ? "<br /><br /><label><input type='checkbox' name='delete' value='1' /> " . $_lang['mod.editpost.delete'] . "</label>" : '')); } else { /*neplatny vstup*/ if (!$scriptbreak) { $module .= _formMessage(3, $_lang['global.badinput']); $found = false; }
$item = pathinfo($item); if (!isset($item['extension']) or $item['extension'] != "php") { continue; } $item = mb_substr($item['basename'], 0, mb_strrpos($item['basename'], ".")); if ($item == _loginlanguage) { $selected = ' selected="selected"'; } else { $selected = ""; } $language_select .= '<option value="' . $item . '"' . $selected . '>' . $item . '</option>'; } closedir($handle); $language_select .= '</select></td></tr>'; } else { $language_select = ""; } // wysiwyg if (_loginright_administration) { $admin = "\n\n\n\n <tr>\n <td><strong>" . $_lang['mod.settings.wysiwyg'] . "</strong></td>\n <td><label><input type='checkbox' name='wysiwyg' value='1'" . _checkboxActivate($query['wysiwyg']) . " /> " . $_lang['mod.settings.wysiwyg.label'] . "</label></td>\n </tr>\n\n "; } else { $admin = ""; } $module .= "\n<p><a href='index.php?m=profile&id=" . _loginname . "'>" . $_lang['mod.settings.profilelink'] . " ></a></p>\n<p>" . $_lang['mod.settings.p'] . "</p>" . $message . "\n<form action='index.php?m=settings' method='post' name='setform' enctype='multipart/form-data'>\n\n" . _jsLimitLength(1024, "setform", "note") . "\n\n <fieldset>\n <legend>" . $_lang['mod.settings.userdata'] . "</legend>\n <table class='profiletable'>\n\n <tr>\n <td><strong>" . $_lang['login.username'] . "</strong> <span class='important'>*</span></td>\n <td><input type='text' name='username'" . _restorePostValue('username', _loginname) . " class='inputsmall' maxlength='24' />" . (!_loginright_changeusername ? "<span class='hint'>(" . $_lang['mod.settings.namechangenote'] . ")</span>" : '') . "</td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.publicname'] . "</strong></td>\n <td><input type='text' name='publicname'" . _restorePostValue('publicname', $query['publicname']) . " class='inputsmall' maxlength='24' /></td>\n </tr>\n\n <tr class='valign-top'>\n <td><strong>" . $_lang['global.email'] . "</strong> <span class='important'>*</span></td>\n <td><input type='text' name='email'" . _restorePostValue('email', $query['email']) . " class='inputsmall'/></td>\n </tr>\n\n " . $language_select . "\n\n <tr>\n <td><strong>" . $_lang['mod.settings.massemail'] . "</strong></td>\n <td><label><input type='checkbox' name='massemail' value='1'" . _checkboxActivate($query['massemail']) . " /> " . $_lang['mod.settings.massemail.label'] . "</label></td>\n </tr>\n\n " . $admin . "\n </table>\n </fieldset>\n\n\n <fieldset>\n <legend>" . $_lang['mod.settings.password'] . "</legend>\n <p class='minip'>" . $_lang['mod.settings.password.hint'] . "</p>\n <table class='profiletable'>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.password.current'] . "</strong></td>\n <td><input type='password' name='currentpassword' class='inputsmall' autocomplete='off' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.password.new'] . "</strong></td>\n <td><input type='password' name='newpassword' class='inputsmall' autocomplete='off' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['mod.settings.password.new'] . " (" . $_lang['global.check'] . ")</strong></td>\n <td><input type='password' name='newpassword-confirm' class='inputsmall' autocomplete='off' /></td>\n </tr>\n\n </table>\n </fieldset>\n\n " . _extend('buffer', 'mod.settings.form') . "\n\n\n <fieldset>\n <legend>" . $_lang['mod.settings.info'] . "</legend>\n\n <table class='profiletable'>\n\n <tr>\n <td><strong>" . $_lang['global.icq'] . "</strong></td>\n <td><input type='text' name='icq'" . _restorePostValue('icq', $query['icq']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.skype'] . "</strong></td>\n <td><input type='text' name='skype'" . _restorePostValue('skype', $query['skype']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.msn'] . "</strong></td>\n <td><input type='text' name='msn'" . _restorePostValue('msn', $query['msn']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.jabber'] . "</strong></td>\n <td><input type='text' name='jabber'" . _restorePostValue('jabber', $query['jabber']) . " class='inputsmall' /></td>\n </tr>\n\n <tr>\n <td><strong>" . $_lang['global.web'] . "</strong></td>\n <td><input type='text' name='web' value='" . $query['web'] . "' class='inputsmall' /><span class='hint'>" . $_lang['mod.settings.web.hint'] . "</span></td>\n </tr>\n\n <tr class='valign-top'>\n <td><strong>" . $_lang['global.note'] . "</strong></td>\n <td><textarea name='note' class='areasmall' rows='9' cols='33'>" . _restorePostValue('note', $query['note'], true) . "</textarea></td>\n </tr>\n\n <tr><td></td>\n <td>" . _getPostFormControls("setform", "note") . "</td>\n </tr>\n\n </table>\n\n </fieldset>\n"; if (_uploadavatar) { $module .= "\n <fieldset>\n <legend>" . $_lang['mod.settings.avatar'] . "</legend>\n " . _extend('buffer', 'mod.settings.avatar', array('extra' => array('query' => $query))) . "\n <p><strong>" . $_lang['mod.settings.avatar.upload'] . ":</strong> <input type='file' name='avatar' /></p>\n <table>\n <tr class='valign-top'>\n <td width='106'><div class='avatar'><img src='" . $avatar_path . "' alt='avatar' /></div></td>\n <td><p class='minip'>" . $_lang['mod.settings.avatar.hint'] . "</p><p><label><input type='checkbox' name='removeavatar' value='1' /> " . $_lang['mod.settings.avatar.remove'] . "</label></p></td>\n </tr>\n </table>\n </fieldset>\n"; } if (_loginright_selfdestruction and _loginid != 0) { $module .= "\n\n <fieldset>\n <legend>" . $_lang['mod.settings.selfremove'] . "</legend>\n <label><input type='checkbox' name='selfremove' value='1' onclick='if (this.checked==true) {return _sysConfirm();}' /> " . $_lang['mod.settings.selfremove.box'] . "</label><br /><br />\n <div class='lpad'><strong>" . $_lang['mod.settings.selfremove.confirm'] . ":</strong> <input type='password' name='selfremove-confirm' class='inputsmall' /></div>\n </fieldset>\n\n"; } $module .= "\n<br />\n<input type='submit' value='" . $_lang['mod.settings.submit'] . "' />\n<input type='reset' value='" . $_lang['global.reset'] . "' onclick='return _sysConfirm();' />\n\n" . _xsrfProtect() . "</form>\n";
/** * Sestavit kod systemoveho formulare * * $id Popis $vars * * login prihlasovaci formular - * notpublic prihlasovaci formular (neverejny obsah) [wholesite 1/0] * postform formular pro zaslani prispevku/komentare [posttype => viz fce _postsOutput, posttarget => id_home, xhome => id_xhome, [pluginflag(pouze pro typ 7)] => xx)] * * @param string $id identifikator formulare * @param array $vars promenne dle typu * @param bool $notitle nevkladat titulek do formulare 1/0 * @param bool $extend volat extend udalosti 1/0 * @return array array(content, title) */ function _uniForm($id, $vars = array(), $notitle = false, $extend = true) { // priprava global $_lang; $content = ""; $title = ""; // extend if ($extend) { _extend('call', 'sys.form', array('id' => $id, 'vars' => $vars, 'notitle' => &$notitle, 'content' => &$content)); } // typ if ('' === $content) { switch ($id) { /* --- prihlaseni --- */ case "login": // titulek $title = $_lang['login.title']; // zpravy if (isset($_GET['_mlr'])) { switch ($_GET['_mlr']) { case 0: $content .= _formMessage(2, $_lang['login.failure']); break; case 1: if (_loginindicator and !_administration) { $content .= _formMessage(1, $_lang['login.success']); } break; case 2: if (!_loginindicator) { $content .= _formMessage(2, $_lang['login.blocked.message']); } break; case 3: if (!_loginindicator) { $content .= _formMessage(3, $_lang['login.securitylogout']); } break; case 4: if (!_loginindicator) { $content .= _formMessage(1, $_lang['login.selfremove']); } break; case 5: if (!_loginindicator) { $content .= _formMessage(2, str_replace(array("*1*", "*2*"), array(_maxloginattempts, _maxloginexpire / 60), $_lang['login.attemptlimit'])); } break; case 6: $content .= _formMessage(3, $_lang['xsrf.msg']); break; } } // obsah if (!_loginindicator) { // adresa pro navrat if (isset($_GET['login_form_return'])) { $return = $_GET['login_form_return']; } else { $return = $_SERVER['REQUEST_URI']; } // adresa formulare $form_url = parse_url($_SERVER['REQUEST_URI']); if (isset($form_url['query'])) { parse_str($form_url['query'], $form_url['query']); unset($form_url['query']['_formData'], $form_url['query']['_mlr']); $form_url = _buildURL($form_url); } else { $form_url = $_SERVER['REQUEST_URI']; } // kod formulare $callArgs = array("login_form", _indexroot . "remote/login.php?_return=" . urlencode($return), array(array($_lang['login.username'], "<input type='text' name='username' class='inputmedium'" . _restoreGetFdValue("username") . " maxlength='24' />"), array($_lang['login.password'], "<input type='password' name='password' class='inputmedium' />")), null, $_lang['global.login'], " <label><input type='checkbox' name='persistent' value='1' /> " . $_lang['login.persistent'] . "</label><input type='hidden' name='form_url' value='" . _htmlStr($form_url) . "' />\n <label><input type='checkbox' name='ipbound' value='1' checked='checked' /> " . (isset($_lang['login.ipbound']) ? $_lang['login.ipbound'] : 'zabezpečené') . "</label>"); if ($extend) { _extend('call', 'sys.form.login', array('call' => &$callArgs)); } $content .= call_user_func_array('_formOutput', $callArgs); // odkazy if (_registration or _lostpass) { $content .= "\n\n<p>\n" . ((_registration and !_administration) ? "<a href='" . _indexroot . "index.php?m=reg'>" . $_lang['mod.reg'] . " ></a>\n" : '') . (_lostpass ? ((_registration and !_administration) ? "<br />" : '') . "<a href='" . _indexroot . "index.php?m=lostpass'>" . $_lang['mod.lostpass'] . " ></a>\n" : '') . "</p>"; } } else { $content .= "<p>" . $_lang['login.ininfo'] . " <em>" . _loginname . "</em> - <a href='" . _xsrfLink(_indexroot . "remote/logout.php") . "'>" . $_lang['usermenu.logout'] . "</a>.</p>"; } break; /* --- zprava o neverejnosti obsahu (0-notpublicsite) --- */ /* --- zprava o neverejnosti obsahu (0-notpublicsite) --- */ case "notpublic": $form = _uniForm("login", array(), true); if (!isset($vars[0])) { $vars[0] = false; } $content = "<p>" . $_lang['notpublic.p' . ($vars[0] == true ? '2' : '')] . "</p>" . $form[0]; $title = $_lang['notpublic.title']; break; /* --- formular pro zaslani prispevku / komentare (posttype,posttarget,xhome,url) --- */ /* --- formular pro zaslani prispevku / komentare (posttype,posttarget,xhome,url) --- */ case "postform": $title = ""; $notitle = true; // pole $inputs = array(); $captcha = _captchaInit(); $content = _jsLimitLength(16384, "postform", "text"); if (_loginindicator == 0) { $inputs[] = array($_lang['posts.guestname'], "<input type='text' name='guest' maxlength='24' class='inputsmall'" . _restoreGetFdValue("guest") . " />"); } if ($vars['xhome'] == -1) { $inputs[] = array($_lang[$vars['posttype'] != 5 ? 'posts.subject' : 'posts.topic'], "<input type='text' name='subject' class='input" . ($vars['posttype'] != 5 ? 'small' : 'medium') . "' maxlength='" . ($vars['posttype'] != 5 ? 22 : 48) . "'" . _restoreGetFdValue("subject") . " />"); } $inputs[] = $captcha; $inputs[] = array($_lang['posts.text'], "<textarea name='text' class='areamedium' rows='5' cols='33'>" . _restoreGetFdValue("text", null, true) . "</textarea><input type='hidden' name='_posttype' value='" . $vars['posttype'] . "' /><input type='hidden' name='_posttarget' value='" . $vars['posttarget'] . "' /><input type='hidden' name='_xhome' value='" . $vars['xhome'] . "' />" . (isset($vars['pluginflag']) ? "<input type='hidden' name='_pluginflag' value='" . $vars['pluginflag'] . "' />" : ''), true); // formular $callArgs = array('postform', _addGetToLink(_indexroot . "remote/post.php", "_return=" . urlencode($vars['url']), false), $inputs, array("text"), null, _getPostformControls("postform", "text")); if ($extend) { _extend('call', 'sys.form.postform', array('call' => &$callArgs, 'vars' => $vars)); } $content .= call_user_func_array('_formOutput', $callArgs); break; } } // return if ((_template_autoheadings == 1 or _administration == 1) and $notitle == false) { $content = "<h1>{$title}</h1>\n" . $content; } return array($content, $title); }