Commit | Line | Data |
---|---|---|
51ff3226 | 1 | <?php |
cae06914 | 2 | //requiring main config file with path/database etc. constants |
3 | require_once('config/config.inc'); | |
4 | ||
5 | //Ask for auth if enabled... | |
6 | //if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php'); | |
7 | ||
51ff3226 | 8 | //starting timer for benchmarking purposes |
9 | $timer_start=Time()+SubStr(MicroTime(),0,8); | |
51ff3226 | 10 | //setting PHPSESSID cookie and starting user session |
11 | session_start(); | |
12 | ||
5c9aff9f | 13 | @ini_set('magic_quotes_gpc' , 'off'); |
cae06914 | 14 | if(get_magic_quotes_gpc()) { |
15 | die("Error: magic_quotes_gpc needs to be disabled! F00K!\n"); | |
16 | } | |
5c9aff9f | 17 | |
4dd26acd | 18 | //Smarty from DB |
00be2b5c H |
19 | $smarty_resource = 'kyberia'; |
20 | //$smarty_resource = ''; //same as 'file' (fallback) | |
21 | /* I have moved old templates to DB using following lame script: | |
cae06914 | 22 | * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1); |
23 | echo UPDATE nodes SET node_content = "'$(php -r | |
24 | "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE | |
25 | node_id = "'$j'" COLLATE utf8_bin LIMIT '1;'; | |
26 | done | mysql --user=kyberia --password=PASSSSSSS kyberia | |
27 | * In future we should have some mechanism for distributing templates | |
28 | * because they are very important part of kyberia source... | |
00be2b5c | 29 | */ |
822594dc | 30 | |
51ff3226 | 31 | //connecting to database and creating universal $db object |
1675d71f | 32 | //require_once(INCLUDE_DIR.'senate.inc'); // in config already |
cb5cd120 H |
33 | require_once(INCLUDE_DIR.'log.inc'); |
34 | require_once(INCLUDE_DIR.'ubik.inc'); | |
35 | require_once(INCLUDE_DIR.'nodes.inc'); | |
36 | require_once(INCLUDE_DIR.'error_messages.inc'); | |
37 | require_once(INCLUDE_DIR.'database.inc'); | |
38 | require_once(INCLUDE_DIR.'transports.inc'); | |
51ff3226 | 39 | |
e23557a6 | 40 | $db = new CLASS_DATABASE(); |
51ff3226 | 41 | |
08f5f7a7 DH |
42 | if (preg_match('/id\/([0-9]+)(?:\/([0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match)) { |
43 | // print_r($match); | |
44 | $_GET['node_id']=$match[1]; | |
5996a28e | 45 | if (!empty($match[2])) { |
08f5f7a7 DH |
46 | $_GET['template_id']=$match[2]; |
47 | } | |
207a7d7d | 48 | //Base36 fascism redirect |
bb882df8 | 49 | if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack... |
207a7d7d H |
50 | header('Location: /k/'.base_convert($_GET['node_id'], 10, 36). |
51 | (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'') | |
52 | ); | |
53 | die("Die!!! All Fascists Are Bastards...\n"); | |
54 | } | |
5996a28e | 55 | } elseif (preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]{1,7}))?/',$_SERVER['PATH_INFO'],$match)) { |
08f5f7a7 | 56 | $_GET['node_id']=base_convert($match[1], 36, 10); |
5996a28e DH |
57 | if (!empty($match[2])) { |
58 | $_GET['template_id']=base_convert($match[2],36,10); | |
08f5f7a7 DH |
59 | } |
60 | } elseif (preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match)) { | |
61 | $_GET['node_id'] = nodes::getNodeIdByName($match[1]); | |
62 | } | |
63 | ||
51ff3226 | 64 | if (!empty($_GET['template_id'])) { |
65 | $template_id=$_GET['template_id']; | |
5b9c0808 | 66 | } else { |
67 | $template_id=false; | |
51ff3226 | 68 | } |
51ff3226 | 69 | |
08f5f7a7 | 70 | error_reporting(1); |
5f73d0e7 | 71 | //$_SESSION['debugging']=0; |
08f5f7a7 DH |
72 | //unset($_SESSION['debugging']); |
73 | //Well... we should make some event | |
74 | //or JavaScript page to turning this on/off... | |
75 | //exit; | |
76 | if ($_SESSION['debugging']) { | |
77 | error_reporting(E_ALL); | |
78 | echo 'GET VARIABLES::<br/>'; | |
79 | print_r($_GET); | |
80 | echo 'POST VARIABLES::<br/>'; | |
81 | print_r($_POST); | |
82 | echo '<b>SESSION VARIABLES::</b><br/>'; | |
83 | print_r($_SESSION); | |
84 | } | |
85 | ||
86 | ||
87 | ||
88 | //initializing node | |
89 | if (!is_numeric($_GET['node_id'])) { | |
90 | $_GET['node_id']=WELCOME_NODE; | |
51ff3226 | 91 | } |
92 | ||
08f5f7a7 DH |
93 | $node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:''); |
94 | ||
065440d5 | 95 | //XXX Paths are wrong (!) |
51ff3226 | 96 | //loading smarty template engine and setting main parameters |
97 | require(SMARTY_DIR.'Smarty.class.php'); | |
98 | $smarty = new Smarty; | |
6a967e24 | 99 | require(INCLUDE_DIR.'smarty/resource.kyberia.php'); |
00be2b5c | 100 | $smarty->default_resource_type=$smarty_resource; |
51ff3226 | 101 | |
065440d5 | 102 | //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX |
39244cfc | 103 | $smarty->template_dir = TEMPLATE_DIR; |
51ff3226 | 104 | //echo TEMPLATE_DIR.TEMPLATE_SET; |
105 | //echo $smarty->template_dir; | |
a81e2af2 | 106 | $smarty->compile_dir = SYSTEM_DATA.'templates_c/'; |
175043f4 | 107 | $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje |
51ff3226 | 108 | $smarty->cache_dir = SMARTY_DIR.'cache/'; |
109 | $smarty->plugins_dir = SMARTY_PLUGIN_DIR ; | |
110 | if ($_SESSION['debugging']) $smarty->debugging=true; | |
111 | ||
9850bdc4 | 112 | // initializing variables |
113 | // preg_replace prevents LFI | |
65c78def | 114 | if (empty($_POST['event'])) $event='display'; |
9850bdc4 | 115 | else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']); |
51ff3226 | 116 | |
117 | ||
118 | if ($_SESSION['debugging']) { | |
119 | echo "<pre><b>NODE::"; | |
120 | print_r($node); | |
121 | echo "</pre>"; | |
122 | } | |
123 | ||
12425f11 | 124 | if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) { |
006bd683 | 125 | $node['node_permission']='owner'; |
126 | } | |
51ff3226 | 127 | |
006bd683 | 128 | if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) { |
51ff3226 | 129 | if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) { |
130 | echo "node::".$node['node_vector']; | |
131 | echo "cube_Vector::".$_SESSION['cube_vector']; | |
132 | echo "you are out of allowed cwbe. access forbidden"; | |
133 | die(); | |
134 | } | |
135 | } | |
136 | ||
570ab4b6 | 137 | @include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz... |
51ff3226 | 138 | |
139 | //checking permissions | |
140 | function _checkPermissions() | |
141 | { | |
142 | global $permissions, $node; | |
e909f81b | 143 | require(INCLUDE_DIR.'permissions.inc'); |
51ff3226 | 144 | $permissions=permissions::checkPermissions($node); |
145 | $permissions['h']=permissions::isHierarch($node); | |
146 | } | |
51ff3226 | 147 | _checkPermissions(); |
148 | ||
08f5f7a7 DH |
149 | |
150 | // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
151 | //creating neural network | |
152 | $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'"); | |
153 | if (isset($referer_id) && is_numeric($referer_id)) { | |
154 | $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'"; | |
155 | $result=$db->update($q); | |
156 | if (!$result) { | |
157 | $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1"; | |
158 | $db->query($q); | |
159 | } | |
160 | } else { | |
161 | logger::log('enter',$node['node_id'],'failed'); | |
162 | } | |
163 | ||
164 | ||
165 | ||
570ab4b6 | 166 | //entering the node (executing the eventz) |
51ff3226 | 167 | if (($permissions['r']) || ($event != 'register')) { |
5b9c0808 | 168 | //performing node_events (based on update/insert/delete db queries) |
169 | if ($event) { | |
170 | require(INCLUDE_DIR.'eventz.inc'); | |
171 | } | |
51ff3226 | 172 | } |
173 | ||
51ff3226 | 174 | ?> |