示例#1
0
    $receiver = $_SESSION[$skey];
    unset($_SESSION[$skey], $skey);
} else {
    die($_lang['global.badinput']);
}
// casove omezeni
if (_iplogCheck(5)) {
    _iplogUpdate(5);
} else {
    // prekroceno
    echo str_replace('*postsendexpire*', _postsendexpire, $_lang['misc.requestlimit']);
    die;
}
// odeslani
if (_xsrfCheck()) {
    if (_validateEmail($sender) and $text != "" and _captchaCheck()) {
        // pridani informacniho textu do tela
        $info_ip = _userip;
        if (_loginindicator) {
            $info_ip .= ' (' . _loginname . ')';
        }
        $info_from = array("*domain*", "*time*", "*ip*", "*sender*");
        $info_to = array(_getDomain(), _formatTime(time()), $info_ip, $sender);
        $text .= "\n\n" . str_repeat("-", 16) . "\n" . str_replace($info_from, $info_to, $_lang['hcm.mailform.info']);
        // prilozeni souboru
        if (isset($_FILES['att']['tmp_name']) and is_uploaded_file($_FILES['att']['tmp_name'])) {
            $att = true;
            $att_name = $_FILES['att']['name'];
            $att_tmpname = $_FILES['att']['tmp_name'];
            $att_content = @file_get_contents($att_tmpname);
            $att_content = @chunk_split(@base64_encode($att_content));
示例#2
0
        }
    }
    // send error to our error function
    if (isset($missing_field_list)) {
        print_error($missing_field_list, "missing");
    }
}
/**
 * Validate email fields
 */
if (isset($EMAIL) || isset($email)) {
    $email = trim($email);
    if (isset($EMAIL)) {
        $email = trim($EMAIL);
    }
    if (_validateEmail($email) === FALSE) {
        print_error("<li>your <b>email address</b>: {$email} - is invalid</li>");
    }
}
if (!isset($email)) {
    $email = $recipient;
}
/**
 * Validate Zipcode or Postal Code
 */
if (isset($ZIP_CODE) || isset($zip_code)) {
    $zip_code = trim($zip_code);
    if (isset($ZIP_CODE)) {
        $zip_code = trim($ZIP_CODE);
    }
    if (!ereg("(^[0-9]{5})-([0-9]{4}\$)", trim($zip_code)) && !ereg("^[a-zA-Z][0-9][a-zA-Z][[:space:]][0-9][a-zA-Z][0-9]\$", trim($zip_code)) && !ereg("(^[0-9]{5})", trim($zip_code))) {
     $receivers = array();
 }
 $ctype = $_POST['ctype'];
 $maillist = _checkboxLoad("maillist");
 // kontrola promennych
 $errors = array();
 if ($text == "" and !$maillist) {
     $errors[] = $_lang['admin.other.massemail.notext'];
 }
 if (count($receivers) == 0) {
     $errors[] = $_lang['admin.other.massemail.noreceivers'];
 }
 if ($subject == "" and !$maillist) {
     $errors[] = $_lang['admin.other.massemail.nosubject'];
 }
 if (!_validateEmail($sender) and !$maillist) {
     $errors[] = $_lang['admin.other.massemail.badsender'];
 }
 if (count($errors) == 0) {
     // sestaveni casti sql dotazu - 'where'
     $groups = _sqlWhereColumn("`group`", implode("-", $receivers));
     // hlavicky
     $headers = "Content-Type: " . ($ctype == 1 ? 'text/plain' : 'text/html') . "; charset=UTF-8\n" . (_mailerusefrom ? "From: " . mb_substr($sender, 0, mb_strpos($sender, "@")) . " <" . $sender . ">" : "Reply-To: " . $sender . "") . "\n";
     // nacteni prijemcu
     $query = DB::query("SELECT email FROM `" . _mysql_prefix . "-users` WHERE massemail=1 AND (" . $groups . ")");
     // odeslani nebo zobrazeni adres
     if (!$maillist) {
         // priprava
         $rec_buffer = array();
         $rec_buffer_size = 20;
         $rec_buffer_counter = 0;
示例#4
0
 $icq = intval(str_replace("-", "", $_POST['icq']));
 // skype
 $skype = trim($_POST['skype']);
 if ($skype != "" and !preg_match('|[a-zA-Z0-9._-]{6,62}|', $skype)) {
     $errors[] = $_lang['global.skype.bad'];
 }
 $skype = DB::esc($skype);
 // msn
 $msn = trim($_POST['msn']);
 if ($msn != "" and !_validateEmail($msn)) {
     $errors[] = $_lang['global.msn.bad'];
 }
 $msn = DB::esc($msn);
 // jabber
 $jabber = trim($_POST['jabber']);
 if ($jabber != "" and !_validateEmail($jabber)) {
     $errors[] = $_lang['global.jabber.bad'];
 }
 $jabber = DB::esc($jabber);
 // web
 $web = _htmlStr(trim($_POST['web']));
 if (mb_strlen($web) > 255) {
     $web = mb_substr($web, 0, 255);
 }
 if ($web != "" and !_validateURL("http://" . $web)) {
     $web = "";
 } else {
     $web = DB::esc($web);
 }
 // avatar
 $avatar = $query['avatar'];
示例#5
0
     $errors[] = $_lang['admin.users.edit.badusername'];
 } elseif (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-users` WHERE username='******' OR publicname='" . $username . "'"), 0) != 0) {
     $errors[] = $_lang['admin.users.edit.userexists'];
 }
 $password = $_POST['password'];
 $password2 = $_POST['password2'];
 if ($password != $password2) {
     $errors[] = $_lang['mod.reg.nosame'];
 }
 if ($password != "") {
     $password = _md5Salt($password);
 } else {
     $errors[] = $_lang['mod.reg.passwordneeded'];
 }
 $email = DB::esc(trim($_POST['email']));
 if (!_validateEmail($email)) {
     $errors[] = $_lang['admin.users.edit.bademail'];
 }
 if (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-users` WHERE email='" . $email . "'"), 0) != 0) {
     $errors[] = $_lang['admin.users.edit.emailexists'];
 }
 if (!_captchaCheck()) {
     $errors[] = $_lang['captcha.failure'];
 }
 $massemail = _checkboxLoad('massemail');
 if (_registration_grouplist and isset($_POST['group'])) {
     $group = intval($_POST['group']);
     $groupdata = DB::query("SELECT id FROM `" . _mysql_prefix . "-groups` WHERE id=" . $group . " AND blocked=0 AND reglist=1");
     if (DB::size($groupdata) == 0) {
         $errors[] = $_lang['global.badinput'];
     }
示例#6
0
function _tmp_installer_install()
{
    global $_lang, $self, $is_clean;
    // krok
    static $steps = 3;
    if (isset($_POST['step'])) {
        $step = intval($_POST['step']);
        if ($step < 1 || $step > $steps) {
            $step = 1;
        }
    } else {
        $step = 1;
    }
    $fname = basename(__FILE__);
    if (!empty($_POST)) {
        echo '<a href="./' . $fname . '" id="cancelink">' . $_lang['global.cancel'] . '</a>';
    }
    ?>

<h2><?php 
    echo str_replace(array('*step*', '*steps*', '*name*'), array($step, $steps, $_lang['step.' . $step]), $_lang['install']);
    ?>
</h2>
<form action="./<?php 
    echo $fname;
    ?>
" method="post" name="instform" autocomplete="off">
    <?php 
    switch ($step) {
        // kontrola
        case 1:
            if (isset($_POST['check'])) {
                // nacteni a kontrola existence souboru
                $a_files = $self->listFilesOnPath('/files/');
                $conflicts = array();
                $counter = 0;
                $err_limit = 10;
                for ($i = 0; isset($a_files[$i]); ++$i) {
                    $path = './' . substr($a_files[$i], 7);
                    if (file_exists($path)) {
                        ++$counter;
                        if ($counter <= $err_limit) {
                            $conflicts[] = str_replace('*path*', $path, $_lang['step.1.err.file']);
                        }
                    }
                }
                if ($counter > $err_limit) {
                    $conflicts[] = str_replace('*n*', $counter - $err_limit, $_lang['step.1.err.file.etc']);
                }
                // zprava nebo pokracovani
                if (empty($conflicts)) {
                    // vse je ok
                    $step = 2;
                    echo '<p class="green center">' . $_lang['step.1.ok'] . '</p>';
                    echo '<p class="center"><input type="submit" value="' . $_lang['global.continue'] . '"></p>';
                    break;
                } else {
                    // jsou chyby
                    echo '<p class="red">' . $_lang['step.1.err'] . ':</p>';
                    echo "<ul>\n";
                    for ($i = 0; isset($conflicts[$i]); ++$i) {
                        echo "<li>" . $conflicts[$i] . "</li>\n";
                    }
                    echo "</ul>";
                }
            }
            echo '<p class="center"><input type="submit" name="check" value="' . $_lang['step.1.submit'] . '"></p>';
            break;
            // konfigurace & instalace
        // konfigurace & instalace
        case 2:
        case 3:
            // navrat z kroku 3
            if (isset($_POST['return_to_cfg'])) {
                $step = 2;
                unset($_POST['return_to_cfg']);
            }
            // instalace
            $install = $step == 3;
            if (isset($_POST['sys_url'])) {
                // zpracovat url
                $_POST['sys_url'] = _removeSlashesFromEnd($_POST['sys_url']);
                // kontroly
                $err = null;
                do {
                    // prefix
                    $prefix = trim($_POST['db_prefix']);
                    if ($prefix === '') {
                        $err = str_replace('*input*', $_lang['step.2.db.prefix'], $_lang['step.2.err.empty']);
                        break;
                    }
                    // ucet administratora
                    $_POST['admin_name'] = _anchorStr(trim($_POST['admin_name']), false);
                    $_POST['admin_email'] = trim($_POST['admin_email']);
                    // pouze pro cistou instalaci
                    if ($is_clean) {
                        // vynutit ucet administratora
                        if ($_POST['admin_name'] === '') {
                            $err = str_replace('*input*', $_lang['step.2.admin.name'], $_lang['step.2.err.empty']);
                            break;
                        }
                        if ($_POST['admin_pwd'] === '') {
                            $err = str_replace('*input*', $_lang['step.2.admin.pwd'], $_lang['step.2.err.empty']);
                            break;
                        }
                        if ($_POST['admin_email'] === '' || $_POST['admin_email'] === '@') {
                            $err = str_replace('*input*', $_lang['step.2.admin.email'], $_lang['step.2.err.empty']);
                            break;
                        }
                        // titulek stranek
                        $_POST['sys_title'] = trim($_POST['sys_title']);
                        if ($_POST['sys_title'] === '') {
                            $err = str_replace('*input*', $_lang['step.2.sys.title'], $_lang['step.2.err.empty']);
                            break;
                        }
                        // popis, klicova slova
                        $_POST['sys_descr'] = trim($_POST['sys_descr']);
                        $_POST['sys_kwrds'] = trim($_POST['sys_kwrds']);
                    }
                    // email administratora
                    if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@' && !_validateEmail($_POST['admin_email'])) {
                        $err = $_lang['step.2.err.admin.email'];
                        break;
                    }
                    // heslo administratora
                    if ($_POST['admin_pwd'] !== '' && $_POST['admin_pwd'] !== $_POST['admin_pwd2']) {
                        $err = $_lang['step.2.err.admin.pwd'];
                        break;
                    }
                    // DB port
                    $server = $_POST['db_server'];
                    if (false !== ($serverColonPos = strpos($server, ':'))) {
                        $port = (int) substr($server, $serverColonPos + 1);
                        $server = substr($server, 0, $serverColonPos);
                    } else {
                        $port = ini_get('mysqli.default_port');
                    }
                    // pripojeni
                    $con = @mysqli_connect($server, $_POST['db_user'], $_POST['db_pwd'], $_POST['db_name'], $port);
                    if (!is_object($con)) {
                        $err = $_lang['step.2.err.con'] . '<br><code>' . _htmlStr(mysqli_connect_error()) . '</code>';
                        break;
                    }
                    // kodovani a konstanty
                    DB::$con = $con;
                    DB::$con->set_charset('utf8');
                    DB::query('SET sql_mode=\'\'');
                    define('_mysql_prefix', $prefix);
                    // existence tabulek
                    $prefix = DB::esc($prefix);
                    $q = DB::query('SHOW TABLES LIKE \'' . $prefix . '-%\'');
                    $tables = array();
                    while ($r = DB::rown($q)) {
                        $tables[] = $r[0];
                    }
                    if (!empty($tables) && !isset($_POST['db_overwrite'])) {
                        $err = $_lang['step.2.err.tables'] . ':<br><br>&bull; ' . implode("<br>\n&bull; ", $tables);
                        break;
                    }
                    // vse ok
                    if ($install) {
                        if (!isset($_POST['do_install'])) {
                            // potvrzeni
                            echo _getPostdata(false, null, array('step'));
                            echo '<p class="green center">' . $_lang['step.3.text'] . '</p>';
                            echo '<p class="center">
<input type="submit" name="do_install" value="' . $_lang['step.3.submit'] . '" onclick="if (window.sl_install_process) return false; else {window.sl_install_process = true; this.value=\'' . $_lang['step.3.wait'] . '\'}">&nbsp;
<input type="submit" name="return_to_cfg" value="' . $_lang['step.3.return'] . '">
</p>';
                        } else {
                            // provedeni
                            $err = null;
                            try {
                                // rozbalit soubory
                                $self->extractFiles('./', '/files/', false, true, array($self->vars['void']));
                                // vytvorit konfiguracni soubor
                                global $cfg_locale, $cfg_timezone;
                                file_put_contents('./config.php', str_replace(array('/* @@@server@@@ */', '/* @@@user@@@ */', '/* @@@password@@@ */', '/* @@@database@@@ */', '/* @@@prefix@@@ */', '/* @@@locale@@@ */', '/* @@@timezone@@@ */'), array(var_export($_POST['db_server'], true), var_export($_POST['db_user'], true), var_export($_POST['db_pwd'], true), var_export($_POST['db_name'], true), var_export($prefix, true), var_export($cfg_locale, true), var_export($cfg_timezone, true)), $self->getFile('/files/data/installer/config.php.tpl')));
                                // smazat tabulky z databaze?
                                if (!empty($tables)) {
                                    for ($i = 0; isset($tables[$i]); ++$i) {
                                        DB::query('DROP TABLE `' . $tables[$i] . '`', true);
                                        if (($sql_err = DB::error()) !== '') {
                                            throw new _InstallException($_lang['step.3.err.drop'] . '<br><code>' . $sql_err . '</code>');
                                        }
                                    }
                                }
                                // deaktivovat kontrolu verze
                                function _checkVersion()
                                {
                                    return true;
                                }
                                // vytvorit strukturu databaze
                                $dbdump = new DBDump();
                                $dbdump->importTables($self->getFile('/database/struct'));
                                // nacist data
                                $data_stream = $self->getFileStream('/database/data');
                                $dbdump->importData($data_stream);
                                $data_stream->free();
                                // aktualizovat url
                                DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val($_POST['sys_url']) . ' WHERE `var`=\'url\'');
                                // vypnout mod rewrite pokud neexistuje .htaccess
                                if (!file_exists(_indexroot . '.htaccess')) {
                                    DB::query('UPDATE `' . $prefix . '-settings` SET `val`=0 WHERE `var`=\'modrewrite\'');
                                }
                                // upravit ucet administratora
                                $admin_upd = array();
                                if ($_POST['admin_name'] !== '') {
                                    $admin_upd['username'] = $_POST['admin_name'];
                                    if (!$is_clean) {
                                        $admin_upd['publicname'] = '';
                                    }
                                }
                                if ($_POST['admin_email'] !== '' && $_POST['admin_email'] !== '@') {
                                    $admin_upd['email'] = $_POST['admin_email'];
                                }
                                if ($_POST['admin_pwd'] !== '') {
                                    $admin_pwd = _md5Salt($_POST['admin_pwd']);
                                    $admin_upd['password'] = $admin_pwd[0];
                                    $admin_upd['salt'] = $admin_pwd[1];
                                }
                                if ($is_clean) {
                                    $admin_upd['registertime'] = time();
                                    $admin_upd['activitytime'] = time();
                                }
                                if (!empty($admin_upd)) {
                                    $admin_upd_sql = '';
                                    $counter = 0;
                                    foreach ($admin_upd as $col => $val) {
                                        if ($counter !== 0) {
                                            $admin_upd_sql .= ',';
                                        }
                                        $admin_upd_sql .= '`' . $col . '`=' . DB::val($val);
                                        ++$counter;
                                    }
                                    DB::query('UPDATE `' . $prefix . '-users` SET ' . $admin_upd_sql . ' WHERE id=0');
                                }
                                // aktualizovat titulek, klic. slova a popis
                                if ($is_clean) {
                                    DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_title'])) . ' WHERE `var`=\'title\'');
                                    DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_kwrds'])) . ' WHERE `var`=\'keywords\'');
                                    DB::query('UPDATE `' . $prefix . '-settings` SET `val`=' . DB::val(_htmlStr($_POST['sys_descr'])) . ' WHERE `var`=\'description\'');
                                }
                                // vypnout mod_rewrite
                                DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'0\' WHERE `var`=\'mod_rewrite\'');
                                // vynutit kontrolu instalace
                                DB::query('UPDATE `' . $prefix . '-settings` SET `val`=\'1\' WHERE `var`=\'install_check\'');
                            } catch (_InstallException $e) {
                                $err = $e->getMessage();
                            } catch (Exception $e) {
                                $err = _htmlStr($e->getMessage());
                            }
                            // uspech ci chyba
                            if (isset($err)) {
                                echo '<p class="red">' . $err . '</p>';
                                echo '<p class="red">' . $_lang['step.3.err.warning'] . '</p>';
                            } else {
                                echo '<p class="green center">' . str_replace('*fname*', $fname, $_lang['step.3.fin']) . '</p>';
                            }
                        }
                        break 2;
                    } else {
                        $step = 3;
                        echo '<p class="green center">' . $_lang['step.2.ok'] . '</p>';
                    }
                } while (false);
                // chyba
                if (isset($err)) {
                    echo '<p class="red">' . $err . '</p>';
                }
            }
            ?>

<table>
<thead><th colspan="2"><?php 
            echo $_lang['step.2.sys'];
            ?>
</th></thead>
<tbody>

    <tr>
        <th><?php 
            echo $_lang['step.2.sys.url'];
            ?>
</th>
        <td><input type="text" name="sys_url"<?php 
            echo _restorePostValue('sys_url');
            ?>
></td>
    </tr>

    <?php 
            if ($is_clean) {
                ?>
    <tr>
        <th><?php 
                echo $_lang['step.2.sys.title'];
                ?>
</th>
        <td><input type="text" name="sys_title"<?php 
                echo _restorePostValue('sys_title');
                ?>
></td>
    </tr>

    <tr>
        <th><?php 
                echo $_lang['step.2.sys.descr'];
                ?>
</th>
        <td><input type="text" name="sys_descr"<?php 
                echo _restorePostValue('sys_descr');
                ?>
></td>
    </tr>

    <tr>
        <th><?php 
                echo $_lang['step.2.sys.kwrds'];
                ?>
</th>
        <td><input type="text" name="sys_kwrds"<?php 
                echo _restorePostValue('sys_kwrds');
                ?>
></td>
    </tr>
    <?php 
            }
            ?>

</tbody>
</table>

<script type="text/javascript">
// predvyplneni adresy
if (document.instform.sys_url.value === '') {
    var loc = new String(document.location);
    var slash;
    var slash_last = 0;
    var limit = 0;
    while (true) {
        slash = loc.indexOf('/', slash_last);
        if (slash === -1) break;
        slash_last = slash + 1;
    }
    loc = loc.substr(0, slash_last);
    document.instform.sys_url.value = loc;
}
</script>

<table>
<thead>
    <tr><th colspan="2"><?php 
            echo $_lang['step.2.admin'];
            ?>
</th></tr>
    <?php 
            if (!$is_clean) {
                ?>
<tr><th colspan="2"><small><?php 
                echo $_lang['step.2.admin.notice'];
                ?>
</small></th></tr><?php 
            }
            ?>
</thead>
<tbody>

    <tr>
        <th><?php 
            echo $_lang['step.2.admin.name'];
            ?>
</th>
        <td><input type="text" maxlength="24" name="admin_name"<?php 
            echo _restorePostValue('admin_name');
            ?>
></td>
    </tr>

    <tr>
        <th><?php 
            echo $_lang['step.2.admin.email'];
            ?>
</th>
        <td><input type="text" maxlength="100" name="admin_email"<?php 
            echo _restorePostValue('admin_email', $is_clean ? '@' : null);
            ?>
></td>
    </tr>

    <tr>
        <th><?php 
            echo $_lang['step.2.admin.pwd'];
            ?>
</th>
        <td><input type="password" name="admin_pwd"<?php 
            echo _restorePostValue('admin_pwd');
            ?>
></td>
    </tr>

    <tr>
        <th><?php 
            echo $_lang['step.2.admin.pwd2'];
            ?>
</th>
        <td><input type="password" name="admin_pwd2"<?php 
            echo _restorePostValue('admin_pwd2');
            ?>
></td>
    </tr>

</tbody>
</table>

<table>
<thead><tr><th colspan="2"><?php 
            echo $_lang['step.2.db'];
            ?>
</th></tr></thead>
<tbody>

    <tr>
        <th><?php 
            echo $_lang['step.2.db.server'];
            ?>
</th>
        <td><input type="text" name="db_server"<?php 
            echo _restorePostValue('db_server', 'localhost');
            ?>
></td>
    </tr>

    <tr>
        <th><?php 
            echo $_lang['step.2.db.name'];
            ?>
</th>
        <td><input type="text" name="db_name"<?php 
            echo _restorePostValue('db_name');
            ?>
></td>
    </tr>

    <tr>
        <th><?php 
            echo $_lang['step.2.db.user'];
            ?>
</th>
        <td><input type="text" name="db_user"<?php 
            echo _restorePostValue('db_user');
            ?>
></td>
    </tr>

    <tr>
        <th><?php 
            echo $_lang['step.2.db.pwd'];
            ?>
</th>
        <td><input type="password" name="db_pwd"<?php 
            echo _restorePostValue('db_pwd');
            ?>
></td>
    </tr>

    <tr>
        <th><?php 
            echo $_lang['step.2.db.prefix'];
            ?>
</th>
        <td><input type="text" maxlength="24" name="db_prefix"<?php 
            echo _restorePostValue('db_prefix', 'sunlight');
            ?>
></td>
    </tr>

    <tr>
        <th><?php 
            echo $_lang['step.2.db.tables'];
            ?>
</th>
        <td><label><input type="checkbox" name="db_overwrite"<?php 
            echo _checkboxActivate(isset($_POST['db_overwrite']));
            ?>
 value="1" onchange="if (this.checked && !confirm('<?php 
            echo $_lang['step.2.db.tables.overwrite.confirm'];
            ?>
')) this.checked = false"> <?php 
            echo $_lang['step.2.db.tables.overwrite'];
            ?>
</label></td>
    </tr>

</tbody>
</table>

<p class="center"><input type="submit" value="<?php 
            echo $_lang[$step != 3 ? 'step.2.submit' : 'global.continue'];
            ?>
"></p>

        <?php 
            //<p class="warning"><?php echo $_lang['step.2.warning']</p>
            break;
    }
    ?>
<input type="hidden" name="step" value="<?php 
    echo $step;
    ?>
">
</form>
    <?php 
}