| 1 | <?php |
| 2 | require_once('config/config.inc'); //requiring main config file with path/database etc. constants |
| 3 | if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php'); //Ask for auth if enabled... |
| 4 | //echo($_SERVER['PATH_INFO']."\n<pre>"); var_dump(preg_split('/\//', $_SERVER['PATH_INFO'])); die(); //PATH_INFO Debug (usefull when messing with mod_rewrite) |
| 5 | // output buffering forcing (mx) |
| 6 | if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start(); |
| 7 | |
| 8 | //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk"); |
| 9 | //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)"; |
| 10 | //exit; |
| 11 | |
| 12 | //starting timer for benchmarking purposes |
| 13 | $timer_start=Time()+SubStr(MicroTime(),0,8); |
| 14 | //setting PHPSESSID cookie and starting user session |
| 15 | session_start(); |
| 16 | |
| 17 | error_reporting(1); |
| 18 | //$_SESSION['debugging']=1; |
| 19 | //unset($_SESSION['debugging']); //Well... we should make some event or JavaScript page to turning this on/off... |
| 20 | //exit; |
| 21 | |
| 22 | |
| 23 | if ($_SESSION['debugging']) { |
| 24 | |
| 25 | error_reporting(E_ALL); |
| 26 | echo 'GET VARIABLES::<br/>'; |
| 27 | print_r($_GET); |
| 28 | echo 'POST VARIABLES::<br/>'; |
| 29 | print_r($_POST); |
| 30 | echo '<b>SESSION VARIABLES::</b><br/>'; |
| 31 | print_r($_SESSION); |
| 32 | } |
| 33 | |
| 34 | @ini_set('magic_quotes_gpc' , 'off'); |
| 35 | if(get_magic_quotes_gpc()) die("Error: magic_quotes_gpc needs to be disabled! F00K!\n"); |
| 36 | |
| 37 | //Smarty from DB |
| 38 | $smarty_resource = 'kyberia'; |
| 39 | //$smarty_resource = ''; //same as 'file' (fallback) |
| 40 | /* I have moved old templates to DB using following lame script: |
| 41 | * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1); echo UPDATE nodes SET node_content = "'$(php -r "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE node_id = "'$j'" COLLATE utf8_bin LIMIT '1;'; done | mysql --user=kyberia --password=PASSSSSSS kyberia |
| 42 | * In future we should have some mechanism for distributing templates because they are very important part of kyberia source... |
| 43 | */ |
| 44 | |
| 45 | //Path info (Experimental - this replaced most of mod_rewrites...) |
| 46 | @$PATH_INFO=trim($_SERVER[PATH_INFO]); |
| 47 | if($PATH_INFO != '') { |
| 48 | $PATH_CHUNKS = preg_split('/\//', $PATH_INFO); |
| 49 | if(isset($PATH_CHUNKS[1])) switch($PATH_CHUNKS[1]) { |
| 50 | case 'k': |
| 51 | if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_kid'] = $PATH_CHUNKS[2]; |
| 52 | if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_kid'] = $PATH_CHUNKS[3]; |
| 53 | break; |
| 54 | case 'id': |
| 55 | if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_id'] = $PATH_CHUNKS[2]; |
| 56 | if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_id'] = $PATH_CHUNKS[3]; |
| 57 | |
| 58 | //Base36 fascism redirect |
| 59 | if($_GET['template_id'] == 'download') break; //Fix ugly download hack... |
| 60 | if(!count($_POST)) { |
| 61 | header('Location: /k/'.base_convert($_GET['node_id'], 10, 36). |
| 62 | (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'') |
| 63 | ); |
| 64 | die("Base36 fascism...\n"); //If you want to be a fascist you have to die imediatelly... |
| 65 | } |
| 66 | |
| 67 | break; |
| 68 | default: |
| 69 | if($PATH_CHUNKS[1] != '') $_GET['node_name'] = $PATH_CHUNKS[1]; |
| 70 | if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['template_kid'] = $PATH_CHUNKS[2]; |
| 71 | break; |
| 72 | } |
| 73 | } |
| 74 | if( |
| 75 | (!isset($_GET['node_kid']) || trim($_GET['node_kid']) == '') && |
| 76 | (!isset($_GET['node_id']) || trim($_GET['node_id']) == '') |
| 77 | ) $_GET['node_kid'] = 1; |
| 78 | |
| 79 | //Base36 http://en.wikipedia.org/wiki/Base_36 (Initial support only :-) |
| 80 | if(isset($_GET['node_kid'])) $_GET['node_id'] = base_convert($_GET['node_kid'], 36, 10); |
| 81 | if(isset($_GET['template_kid'])) $_GET['template_id'] = base_convert($_GET['template_kid'], 36, 10); |
| 82 | |
| 83 | require(INCLUDE_DIR.'senate.inc'); |
| 84 | |
| 85 | if (isset($_SERVER['HTTP_REFERER'])) { |
| 86 | preg_match('/(k|id)\/([0-9]*)\//',$_SERVER['HTTP_REFERER'],$ref_match); |
| 87 | $referer_id=$ref_match[1]; |
| 88 | } |
| 89 | |
| 90 | //connecting to database and creating universal $db object |
| 91 | require_once(INCLUDE_DIR.'log.inc'); |
| 92 | require_once(INCLUDE_DIR.'ubik.inc'); |
| 93 | require_once(INCLUDE_DIR.'nodes.inc'); |
| 94 | require_once(INCLUDE_DIR.'error_messages.inc'); |
| 95 | require_once(INCLUDE_DIR.'database.inc'); |
| 96 | require_once(INCLUDE_DIR.'transports.inc'); |
| 97 | |
| 98 | $db = new CLASS_DATABASE(); |
| 99 | |
| 100 | if (!empty($_GET['template_id'])) { |
| 101 | $template_id=$_GET['template_id']; |
| 102 | } else { |
| 103 | $template_id=false; |
| 104 | } |
| 105 | |
| 106 | //initializing node methods |
| 107 | if (!empty($_GET['node_name'])) { |
| 108 | $node = nodes::redirByName($_GET['node_name']); |
| 109 | } elseif (!empty($_GET['node_id'])) { |
| 110 | $node = nodes::getNodeById($_GET['node_id'], |
| 111 | (isset($_SESSION['user_id']))?$_SESSION['user_id']:''); |
| 112 | } |
| 113 | |
| 114 | //XXX Paths are wrong (!) |
| 115 | //loading smarty template engine and setting main parameters |
| 116 | require(SMARTY_DIR.'Smarty.class.php'); |
| 117 | $smarty = new Smarty; |
| 118 | require(INCLUDE_DIR.'smarty/resource.kyberia.php'); |
| 119 | $smarty->default_resource_type=$smarty_resource; |
| 120 | |
| 121 | //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX |
| 122 | $smarty->template_dir = TEMPLATE_DIR; |
| 123 | //echo TEMPLATE_DIR.TEMPLATE_SET; |
| 124 | //echo $smarty->template_dir; |
| 125 | $smarty->compile_dir = SYSTEM_DATA.'templates_c/'; |
| 126 | $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje |
| 127 | $smarty->cache_dir = SMARTY_DIR.'cache/'; |
| 128 | $smarty->plugins_dir = SMARTY_PLUGIN_DIR ; |
| 129 | if ($_SESSION['debugging']) $smarty->debugging=true; |
| 130 | |
| 131 | // initializing variables |
| 132 | // preg_replace prevents LFI |
| 133 | if (empty($_POST['event'])) $event=false; |
| 134 | else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']); |
| 135 | |
| 136 | |
| 137 | if ($_SESSION['debugging']) { |
| 138 | echo "<pre><b>NODE::"; |
| 139 | print_r($node); |
| 140 | echo "</pre>"; |
| 141 | } |
| 142 | |
| 143 | if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) { |
| 144 | $node['node_permission']='owner'; |
| 145 | } |
| 146 | |
| 147 | if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) { |
| 148 | if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) { |
| 149 | echo "node::".$node['node_vector']; |
| 150 | echo "cube_Vector::".$_SESSION['cube_vector']; |
| 151 | echo "you are out of allowed cwbe. access forbidden"; |
| 152 | die(); |
| 153 | } |
| 154 | } |
| 155 | |
| 156 | //if not existent node show our own 404 |
| 157 | if (empty($node)) { |
| 158 | $nodes= nodes::getNodesByName($_GET['node_name']); |
| 159 | if ($nodes) { |
| 160 | $smarty->assign('nodes',$nodes); |
| 161 | $content=$smarty->display('404.tpl'); |
| 162 | die(); |
| 163 | } |
| 164 | elseif ($_SESSION['user_id']) { |
| 165 | $smarty->assign('node_name',$_GET['node_name']); |
| 166 | $content=$smarty->display("modules/addnode.tpl"); |
| 167 | } |
| 168 | } |
| 169 | |
| 170 | //modifying node glass pearl //XXX WTF |
| 171 | //if (is_array($children_types[$node['node_type']])) { |
| 172 | // $smarty->assign('children_types',$children_types[$node['node_type']]); |
| 173 | //} |
| 174 | |
| 175 | //smarty->assign('types',$types); |
| 176 | |
| 177 | |
| 178 | //$node['node_type']=$types[$node['node_type']]; |
| 179 | /* This should NOT BE HANDLED HERE! This breaks things... |
| 180 | $node['node_content']= StripSlashes($node['node_content']); |
| 181 | $node['node_name']= StripSlashes($node['node_name']); |
| 182 | */ |
| 183 | |
| 184 | //checking permissions |
| 185 | function _checkPermissions() |
| 186 | { |
| 187 | global $permissions, $node; |
| 188 | |
| 189 | require(INCLUDE_DIR.'permissions.inc'); |
| 190 | $permissions=permissions::checkPermissions($node); |
| 191 | $permissions['h']=permissions::isHierarch($node); |
| 192 | } |
| 193 | |
| 194 | // mail rss |
| 195 | if ($template_id=='rss') //XXX WHAT? |
| 196 | { |
| 197 | $_feedType = "RSS0.91"; |
| 198 | if (!is_numeric($_SESSION['user_id'])) |
| 199 | { |
| 200 | if (!isset($_SERVER['PHP_AUTH_USER'])) { |
| 201 | header('WWW-Authenticate: Basic realm="Kyberia"'); |
| 202 | header('HTTP/1.0 401 Unauthorized'); |
| 203 | echo 'Cancel button'; |
| 204 | exit; |
| 205 | } |
| 206 | else |
| 207 | { |
| 208 | require_once(EVENT_DIR.'/login.inc'); |
| 209 | $_POST['login'] = $_SERVER['PHP_AUTH_USER']; |
| 210 | $_POST['password'] = $_SERVER['PHP_AUTH_PW']; |
| 211 | $_POST['login_type'] = "name"; |
| 212 | if (!login()) |
| 213 | { |
| 214 | echo "Zle meno/heslo."; |
| 215 | exit(); |
| 216 | } |
| 217 | } |
| 218 | } |
| 219 | |
| 220 | _checkPermissions(); |
| 221 | |
| 222 | // Mail |
| 223 | if ($_GET['node_id']==='24' && $permissions['r']) |
| 224 | { |
| 225 | require_once(INCLUDE_DIR.'/feedcreator.class.php'); |
| 226 | |
| 227 | $rss = new UniversalFeedCreator(); |
| 228 | $rss->title = "Kyberia mail"; |
| 229 | $rss->description = ""; |
| 230 | $rss->link = "https://". SYSTEM_URL . "/id/24"; |
| 231 | |
| 232 | //XXX into function |
| 233 | $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas, |
| 234 | userfrom.user_action as locationfrom_action, |
| 235 | userfrom.user_action_id as locationfrom_action_id, |
| 236 | userto.user_action as locationto_action, |
| 237 | userto.user_action_id as locationto_action_id, |
| 238 | userto.login as mail_to_name, userfrom.login as mail_from_name, |
| 239 | mail.* from mail left join users as userfrom on |
| 240 | mail_from=userfrom.user_id left join users as userto on mail_to=userto.user_id |
| 241 | where mail_user='$_SESSION[user_id]' and mail_to='$_SESSION[user_id]' order by mail_id desc limit 0,10"; |
| 242 | |
| 243 | $set = $db->query($query); |
| 244 | |
| 245 | while($set->next()) { |
| 246 | $m = $set->getRecord(); |
| 247 | if ($m['mail_to'] != $_SESSION['user_id']) |
| 248 | continue; |
| 249 | $item = new FeedItem(); |
| 250 | $item->title = $m['mail_from_name']; |
| 251 | $item->link = "https://".SYSTEM_URL."/id/24"; |
| 252 | $item->description = $m['mail_text']; |
| 253 | $rss->addItem($item); |
| 254 | } |
| 255 | } |
| 256 | // bookmarks |
| 257 | elseif ($_GET['node_id']=='19' && $permissions['r']) |
| 258 | { |
| 259 | require_once(INCLUDE_DIR.'/feedcreator.class.php'); |
| 260 | |
| 261 | $rss = new UniversalFeedCreator(); |
| 262 | $rss->title = "Kyberia bookmarks"; |
| 263 | $rss->link = "http://".SYSTEM_URL."/id/19"; //XXX https ? |
| 264 | |
| 265 | require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php'); |
| 266 | smarty_function_get_bookmarks(array(), $smarty); |
| 267 | $_items = $smarty->get_template_vars('get_bookmarks'); |
| 268 | foreach ($_items as $_item) |
| 269 | { |
| 270 | if (is_array($_item['children'])) |
| 271 | foreach ($_item['children'] as $_b) |
| 272 | { |
| 273 | $item = new FeedItem(); |
| 274 | $item->title = $_b['node_name']; |
| 275 | $item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss"; |
| 276 | $rss->addItem($item); |
| 277 | } |
| 278 | } |
| 279 | $_feedType = 'OPML'; |
| 280 | } |
| 281 | elseif ($permissions['r']) |
| 282 | { |
| 283 | require_once(INCLUDE_DIR.'/feedcreator.class.php'); |
| 284 | |
| 285 | $rss = new UniversalFeedCreator(); |
| 286 | $rss->title = $node['node_name']; |
| 287 | $rss->description = ""; |
| 288 | $rss->link = "http://".SYSTEM_URL."/id/".$node['node_id']; |
| 289 | |
| 290 | // K list |
| 291 | if ($_GET['node_id']=='15') |
| 292 | { |
| 293 | require_once(SMARTY_PLUGIN_DIR.'/function.get_k.php'); |
| 294 | smarty_function_get_k(array(), $smarty); |
| 295 | $_items = $smarty->get_template_vars('get_k'); |
| 296 | } |
| 297 | else |
| 298 | { |
| 299 | require_once(SMARTY_PLUGIN_DIR.'/function.get_children.php'); |
| 300 | smarty_function_get_children( |
| 301 | array('orderby' => 'desc', 'orderby_type' => 'time'), $smarty); |
| 302 | $_items = $smarty->get_template_vars('get_children'); |
| 303 | } |
| 304 | |
| 305 | foreach ($_items as $_item) |
| 306 | { |
| 307 | $item = new FeedItem(); |
| 308 | $item->title = $_item['node_name']; |
| 309 | $item->link = "http://".SYSTEM_URL."/id/".$_item['node_id']; |
| 310 | $item->description = $_item['node_content']; |
| 311 | $rss->addItem($item); |
| 312 | } |
| 313 | } |
| 314 | |
| 315 | if ($permissions['r']) $rss->showFeed($_feedType); |
| 316 | exit(); |
| 317 | } |
| 318 | |
| 319 | _checkPermissions(); |
| 320 | |
| 321 | //entering the node |
| 322 | |
| 323 | //sventest |
| 324 | if (($permissions['r']) || ($event != 'register')) { |
| 325 | |
| 326 | //performing node_events (based on update/insert/delete db queries) |
| 327 | if ($event) { |
| 328 | require(INCLUDE_DIR.'eventz.inc'); |
| 329 | } |
| 330 | |
| 331 | elseif ($transaction) { |
| 332 | require(INCLUDE_DIR.'transaction.inc'); |
| 333 | } |
| 334 | //end of performing node events |
| 335 | |
| 336 | //sventest |
| 337 | } |
| 338 | |
| 339 | |
| 340 | if ($permissions['r']) { |
| 341 | |
| 342 | // these 4 lines are not the source of kyberia lagging problems. |
| 343 | // leave them. started on the 10.4. |
| 344 | // data gained will be used for scientific purposes |
| 345 | |
| 346 | // if (isset($_SESSION['user_id']) { |
| 347 | // log_levenshtein($_SESSION['user_id'],$node['node_id']); |
| 348 | // } |
| 349 | |
| 350 | if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) { |
| 351 | $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'"; |
| 352 | $db->update($q); |
| 353 | } |
| 354 | |
| 355 | //if node is css |
| 356 | //XXX into function |
| 357 | if ($node['template_id']!='2019721'){ |
| 358 | |
| 359 | logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']); |
| 360 | if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) { |
| 361 | $q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'"; |
| 362 | // echo $q; |
| 363 | $result=$db->update($q); |
| 364 | |
| 365 | if (!$result) { |
| 366 | $q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()"; |
| 367 | $db->query($q); |
| 368 | } |
| 369 | }//end of if node os css |
| 370 | } |
| 371 | |
| 372 | } |
| 373 | |
| 374 | //XXX into function |
| 375 | // if (isset($_SESSION['user_id']) { |
| 376 | // if (isset($referer_id)) { |
| 377 | // update_nodes($_SESSION['user_id'],$node['node_id'],$referer_id); |
| 378 | // } else { |
| 379 | // update_nodes($_SESSION['user_id'],$node['node_id'],0); |
| 380 | // } |
| 381 | // } |
| 382 | |
| 383 | // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |
| 384 | //creating neural network |
| 385 | $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'"); |
| 386 | if (isset($referer_id) && is_numeric($referer_id)) { |
| 387 | $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'"; |
| 388 | $result=$db->update($q); |
| 389 | if (!$result) { |
| 390 | $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1"; |
| 391 | $db->query($q); |
| 392 | } |
| 393 | } |
| 394 | |
| 395 | |
| 396 | elseif (!$permissions['r'] && $_GET['magic_word']) { |
| 397 | $magic_word_big=$_GET['magic_word']; |
| 398 | |
| 399 | if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) { |
| 400 | $magic_uid=$mu['1']; |
| 401 | $magic_word=addslashes($mu['2']); |
| 402 | // XXX WTF column magic_word does not exists |
| 403 | $q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'"; |
| 404 | $set=$db->query($q); |
| 405 | if ($set->getNumRows()) { |
| 406 | $permissions['r']=true; |
| 407 | } |
| 408 | } |
| 409 | } |
| 410 | |
| 411 | |
| 412 | |
| 413 | |
| 414 | |
| 415 | else { |
| 416 | logger::log('enter',$node['node_id'],'failed'); |
| 417 | } |
| 418 | |
| 419 | |
| 420 | |
| 421 | //assigning user data to smarty if user logged in |
| 422 | if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) { |
| 423 | $smarty->assign('_POST',$_POST); |
| 424 | $smarty->assign('bookmarks',$_SESSION['bookmarks']); |
| 425 | $smarty->assign('ignore',$_SESSION['ignore']); |
| 426 | $smarty->assign('bookstyl',$_SESSION['bookstyl']); |
| 427 | $smarty->assign('fook',$_SESSION['fook']); |
| 428 | $smarty->assign('user_id',$_SESSION['user_id']); |
| 429 | if (!empty($_SESSION['cube_vector'])) |
| 430 | $smarty->assign('cube_vector',$_SESSION['cube_vector']); |
| 431 | $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural |
| 432 | $smarty->assign('user_quota',$_SESSION['user_quota']); |
| 433 | |
| 434 | // XXX into function |
| 435 | $newmail_q = sprintf('select u.user_mail_id |
| 436 | , u.user_k |
| 437 | , u.k_wallet |
| 438 | , u.user_mail |
| 439 | , ms.user_id as mail_sender_id |
| 440 | , ms.login as mail_sender |
| 441 | from users u |
| 442 | left join users ms on ms.user_id = u.user_mail_id |
| 443 | where u.user_id = %d', |
| 444 | $user_id); |
| 445 | $newmailset = $db->query($newmail_q); |
| 446 | |
| 447 | |
| 448 | $newmailset->next(); |
| 449 | $new_mail=$newmailset->getString('user_mail'); |
| 450 | // XXX into function |
| 451 | $newmailset2 = $db->query("select users.user_mail_id,mailsender.login |
| 452 | from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'"); |
| 453 | $newmailset2->next(); |
| 454 | $smarty->assign('new_mail',$new_mail); |
| 455 | $smarty->assign('new_mail_name',$newmailset->getString('mail_sender')); |
| 456 | $smarty->assign('new_mail_name2',$newmailset2->getString('login')); |
| 457 | $user_k=$newmailset->getString('user_k'); |
| 458 | $smarty->assign('user_k',$user_k); |
| 459 | $k_wallet=$newmailset->getString('k_wallet'); |
| 460 | $smarty->assign('k_wallet',$k_wallet); |
| 461 | $user_id=$_SESSION['user_id']; |
| 462 | |
| 463 | //mail node |
| 464 | if ($node['node_name']=='mail') { |
| 465 | |
| 466 | //clear new mail message |
| 467 | |
| 468 | if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'"); |
| 469 | |
| 470 | //set messages as delivered to recipient |
| 471 | $set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'"); |
| 472 | while($set->next()) { |
| 473 | $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'"); |
| 474 | $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'"); |
| 475 | |
| 476 | $new_messages[$set->getString('mail_id')]=true; |
| 477 | } |
| 478 | /* |
| 479 | if (count($new_messages)) { |
| 480 | $db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'"); |
| 481 | $smarty->assign('new_messages',$new_messages); |
| 482 | |
| 483 | } |
| 484 | */ |
| 485 | } |
| 486 | } |
| 487 | |
| 488 | |
| 489 | |
| 490 | if ($node['node_system_access']=='crypto') { |
| 491 | $smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]); |
| 492 | } |
| 493 | |
| 494 | $smarty->assign('error',$error); |
| 495 | $smarty->assign('permissions',$permissions); |
| 496 | $smarty->assign('current_vector',$node['node_vector']); |
| 497 | if ($permissions['r']) { |
| 498 | $smarty->assign('node',$node); |
| 499 | $smarty->assign('node_json',json_encode($node)); |
| 500 | } |
| 501 | else { |
| 502 | |
| 503 | $smarty->assign('node',$node); |
| 504 | //new templates by Dark matter |
| 505 | $smarty->template_dir=OWN_TEMPLATE_DIR; |
| 506 | |
| 507 | $smarty->display('1549864.tpl'); |
| 508 | $smarty->display('1549885.tpl'); |
| 509 | $smarty->display('630526.tpl'); |
| 510 | die(); |
| 511 | |
| 512 | //redirect to mainpage |
| 513 | // looks like poeple totaly hate this redirect! |
| 514 | // header("Location: /id/1"); |
| 515 | } |
| 516 | |
| 517 | |
| 518 | // XXX into function |
| 519 | if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){ |
| 520 | //setting user location |
| 521 | $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'"; |
| 522 | $db->executequery($q); |
| 523 | } |
| 524 | |
| 525 | $whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); |
| 526 | $smarty->assign('whole_time',$whole_time); |
| 527 | |
| 528 | |
| 529 | if ($template_id=='download' OR $template_id=='download.jpg') { |
| 530 | if ($permissions['r']) { |
| 531 | $linkname = SYSTEM_ROOT."/files/".$node['node_id']; |
| 532 | $filename= readlink($linkname); |
| 533 | $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename); |
| 534 | |
| 535 | $ext = substr( $filename,-3 ); |
| 536 | if( $filename == "" ) { |
| 537 | echo "ERROR: Empty file to download. "; |
| 538 | exit; |
| 539 | } elseif ( ! file_exists( $filename ) ) { |
| 540 | exit; |
| 541 | }; |
| 542 | switch( strtolower($ext) ){ |
| 543 | case "pdf": $ctype="application/pdf"; break; |
| 544 | case "exe": $ctype="application/octet-stream"; break; |
| 545 | case "zip": $ctype="application/zip"; break; |
| 546 | case "doc": $ctype="application/msword"; break; |
| 547 | case "xls": $ctype="application/vnd.ms-excel"; break; |
| 548 | case "ppt": $ctype="application/vnd.ms-powerpoint"; break; |
| 549 | case "gif": $ctype="image/gif"; break; |
| 550 | case "png": $ctype="image/png"; break; |
| 551 | case "jpg": $ctype="image/jpg"; break; |
| 552 | default: $ctype="application/force-download"; |
| 553 | } |
| 554 | $file=str_replace(" ","_",$node['node_name']).".$ext"; |
| 555 | header("Pragma: public"); |
| 556 | header("Expires: 0"); |
| 557 | header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); |
| 558 | header("Content-Type: $ctype"); |
| 559 | $user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]); |
| 560 | if ((is_integer (strpos($user_agent, "msie"))) && (is_integer |
| 561 | (strpos($user_agent, "win")))) { |
| 562 | header( "Content-Disposition: filename=$file;" ); |
| 563 | } else { |
| 564 | header( "Content-Disposition: attachment; |
| 565 | filename=$file;" ); |
| 566 | } |
| 567 | header("Content-Transfer-Encoding: binary"); |
| 568 | header("Content-Length: ".filesize($filename)); |
| 569 | readfile("$filename"); |
| 570 | exit(); |
| 571 | } |
| 572 | else { echo "you don't have permissions for downloading this data"; die(); } |
| 573 | } |
| 574 | |
| 575 | if ($node['template_id']=='2019721'){ |
| 576 | Header("Cache-control: max-age=3600"); |
| 577 | }else{ |
| 578 | Header("Cache-control: no-cache"); |
| 579 | Header("Expires:".gmdate("D, d M Y H:i:s")." GMT"); |
| 580 | header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); |
| 581 | } |
| 582 | |
| 583 | |
| 584 | //for cases like search & preview |
| 585 | $smarty->assign('post_vars',$_POST); |
| 586 | if (!empty($_POST['template_event'])) { |
| 587 | $smarty->assign('template_event',$_POST['template_event']); |
| 588 | |
| 589 | } |
| 590 | |
| 591 | //setting listing parameters |
| 592 | $children_count=$node['node_children_count']; |
| 593 | $descendant_count=$node['node_descendant_count']; |
| 594 | |
| 595 | if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { |
| 596 | $listing_amount=mysql_real_escape_string($_POST['listing_amount']); |
| 597 | }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount']; |
| 598 | else $listing_amount=DEFAULT_LISTING_AMOUNT; |
| 599 | $smarty->assign('listing_amount',$listing_amount); |
| 600 | |
| 601 | if (isset($_POST['listing_order']) && $_POST['listing_order']) { |
| 602 | $listing_order=mysql_real_escape_string($_POST['listing_order']); |
| 603 | } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order']; |
| 604 | else $listing_order=DEFAULT_LISTING_ORDER; |
| 605 | $smarty->assign('listing_order',$listing_order); |
| 606 | |
| 607 | if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) { |
| 608 | $offset=$_POST['get_children_offset']; |
| 609 | } else { $offset=0; } |
| 610 | |
| 611 | |
| 612 | //movement forward and backward |
| 613 | // if ($listing_order=='asc' && !$offset) $offset=$descendant_count-$listing_amount; |
| 614 | |
| 615 | if ($_POST['get_children_move']=='<') { |
| 616 | $offset=$offset-$listing_amount; |
| 617 | if ($offset<0) $offset=0; |
| 618 | } |
| 619 | elseif ($_POST['get_children_move']=='>') { |
| 620 | $offset=$offset+$listing_amount; |
| 621 | } |
| 622 | elseif ($_POST['get_children_move']=='>>') { |
| 623 | $offset=$descendant_count-$listing_amount; |
| 624 | } |
| 625 | |
| 626 | elseif ($_POST['get_children_move']=='<<') { |
| 627 | $offset=0; |
| 628 | } |
| 629 | if ($offset<0) $offset=0; |
| 630 | $_POST['offset']=$offset; |
| 631 | $smarty->assign('offset',$offset); |
| 632 | |
| 633 | |
| 634 | if ($node['external_link']=='header://svg' && !is_numeric($template_id)) { |
| 635 | header("Content-Type: image/svg+xml"); |
| 636 | } |
| 637 | |
| 638 | //show own header |
| 639 | elseif (isset($_SESSION['header_id']) && ($_SESSION['header_id']==true)) { |
| 640 | $smarty->assign('header_id',$_SESSION['header_id']); |
| 641 | $smarty->template_dir=OWN_TEMPLATE_DIR; |
| 642 | $content=$smarty->fetch($_SESSION['header_id'].".tpl"); |
| 643 | $smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET; |
| 644 | //not registered user |
| 645 | if ($_SESSION['header_id']==2091520) { |
| 646 | echo $content; |
| 647 | session_destroy(); |
| 648 | die(); |
| 649 | } |
| 650 | } |
| 651 | |
| 652 | $smarty->template_dir=OWN_TEMPLATE_DIR; |
| 653 | |
| 654 | if (is_numeric($template_id)) { |
| 655 | $content.=$smarty->fetch($template_id.".tpl"); |
| 656 | } |
| 657 | |
| 658 | else { |
| 659 | $template_id=$node['template_id']; |
| 660 | $content.=$smarty->fetch($node['template_id'].".tpl"); |
| 661 | } |
| 662 | |
| 663 | if ($template_id=='2019721'){ |
| 664 | $content=$smarty->fetch($template_id.".tpl"); |
| 665 | echo $content; |
| 666 | }else{ |
| 667 | $time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); |
| 668 | echo $content; |
| 669 | // echo "<center>page generation took: $time second</center>"; |
| 670 | } |
| 671 | //end of displaying |
| 672 | |
| 673 | // output buffering forcing (mx) |
| 674 | if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_end_flush(); |
| 675 | |
| 676 | ?> |