| 1 | <?php |
| 2 | /* This program is free software. It comes without any warranty, to |
| 3 | * the extent permitted by applicable law. You can redistribute it |
| 4 | * and/or modify it under the terms of the Do What The Fuck You Want |
| 5 | * To Public License, Version 2, as published by Sam Hocevar. See |
| 6 | * http://sam.zoy.org/wtfpl/COPYING for more details. */ |
| 7 | |
| 8 | //die("kyberia maintenance<br>please be patient<br>thanks<br>stab"); |
| 9 | //error_reporting(0); |
| 10 | |
| 11 | //starting timer for benchmarking purposes |
| 12 | $timer_start=Time()+SubStr(MicroTime(),0,8); |
| 13 | |
| 14 | //setting PHPSESSID cookie and starting user session |
| 15 | session_start(); |
| 16 | |
| 17 | $devel_ids = array(548); |
| 18 | |
| 19 | if (array_search($_SESSION['user_id'], $devel_ids)) { |
| 20 | |
| 21 | error_reporting(E_ALL); |
| 22 | print_r($_GET); |
| 23 | print_r($_POST); |
| 24 | print_r($_SESSION); |
| 25 | |
| 26 | } |
| 27 | |
| 28 | |
| 29 | //requiring main config file with path/database etc. constants |
| 30 | require('config/config.inc'); |
| 31 | |
| 32 | //getting referer id for synaptic connection |
| 33 | preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match); |
| 34 | $referer_id=$ref_match[1]; |
| 35 | |
| 36 | //connecting to database and creating universal $db object |
| 37 | require(SYSTEM_ROOT.'inc/log.inc'); |
| 38 | require(SYSTEM_ROOT.'inc/ubik.inc'); |
| 39 | require(SYSTEM_ROOT.'inc/nodes.inc'); |
| 40 | require(SYSTEM_ROOT.'inc/error_messages.inc'); |
| 41 | require(SYSTEM_ROOT.'inc/database.inc'); |
| 42 | |
| 43 | $db=new CLASS_DATABASE(); |
| 44 | |
| 45 | //loading smarty template engine and setting main parameters |
| 46 | require(SMARTY_DIR.'Smarty.class.php'); |
| 47 | $smarty = new Smarty; |
| 48 | |
| 49 | $smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET; |
| 50 | $smarty->compile_dir = SYSTEM_ROOT."/data/templates_c/".TEMPLATE_SET; |
| 51 | $smarty->config_dir = SMARTY_DIR.'/configs/'; |
| 52 | $smarty->cache_dir = SMARTY_DIR.'/cache/'; |
| 53 | $smarty->plugins_dir = SMARTY_DIR.'/node_methodz/'; |
| 54 | |
| 55 | if (array_search($_SESSION['user_id'], $devel_ids)) |
| 56 | $smarty->debugging=true; |
| 57 | |
| 58 | //initializing variables |
| 59 | if (empty($_POST['event'])) |
| 60 | $event=false; |
| 61 | else |
| 62 | $event=$_POST['event']; |
| 63 | |
| 64 | if (empty($_POST['transaction'])) |
| 65 | $transaction=false; |
| 66 | else |
| 67 | $event=$_POST['transaction']; |
| 68 | |
| 69 | //initializing node methods |
| 70 | if (!empty($_GET['node_name'])) { |
| 71 | //omfg what's this! jail , jail, penalty of death! |
| 72 | // reopened by [CENSORED], keep this in secret, then you can benefit from it.. |
| 73 | if(strpos($_GET['node_name'],'0')===0) { |
| 74 | $numbah=$_GET['node_name']; |
| 75 | $db->query("set character_set_connection=latin2"); |
| 76 | $set=$db->query("select * from tz.gts where full_number='$numbah'"); |
| 77 | $set->next(); |
| 78 | echo $set->getString('full_name')."<br>"; |
| 79 | echo $set->getString('full_street')."<br>"; |
| 80 | echo $set->getString('city')."<br>"; |
| 81 | echo $set->getString('psc')."<br>"; |
| 82 | echo $set->getString('company')."<br>"; |
| 83 | |
| 84 | die(); |
| 85 | } |
| 86 | |
| 87 | else nodes::redirByName($_GET['node_name']); |
| 88 | // END OF JAIL ;) |
| 89 | nodes::redirByName($_GET['node_name']); |
| 90 | } |
| 91 | |
| 92 | elseif (!empty($_GET['node_id'])) { |
| 93 | $node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']); |
| 94 | } |
| 95 | |
| 96 | if ($node['node_creator']==$_SESSION['user_id']) $node['node_permission']='owner'; |
| 97 | |
| 98 | if ($_SESSION['cube_vector']) { |
| 99 | if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) { |
| 100 | echo "node::".$node['node_vector']; |
| 101 | echo "cube_Vector::".$_SESSION['cube_vector']; |
| 102 | echo "you are out of allowed cwbe. access forbidden"; |
| 103 | die(); |
| 104 | } |
| 105 | } |
| 106 | |
| 107 | //if not existent node show our own 404 |
| 108 | if (empty($node)) { |
| 109 | $nodes= nodes::getNodesByName($_GET['node_name']); |
| 110 | if ($nodes) { |
| 111 | $smarty->assign('nodes',$nodes); |
| 112 | $content=$smarty->display("404.tpl"); |
| 113 | die(); |
| 114 | } |
| 115 | elseif ($_SESSION['user_id']) { |
| 116 | $smarty->assign('node_name',$_GET['node_name']); |
| 117 | $content=$smarty->display("modules/addnode.tpl"); |
| 118 | } |
| 119 | } |
| 120 | |
| 121 | |
| 122 | |
| 123 | //modifying node glass pearl |
| 124 | if (is_array($children_types[$node['node_type']])) |
| 125 | $smarty->assign('children_types',$children_types[$node['node_type']]); |
| 126 | |
| 127 | $smarty->assign('types',$types); |
| 128 | |
| 129 | |
| 130 | $node['node_type']=$types[$node['node_type']]; |
| 131 | $node['node_content']=StripSlashes($node['node_content']); |
| 132 | $node['node_name']=StripSlashes($node['node_name']); |
| 133 | |
| 134 | //checking permissions |
| 135 | require(SYSTEM_ROOT.'inc/permissions.inc'); |
| 136 | $permissions=permissions::checkPermissions($node); |
| 137 | $permissions['h']=permissions::isHierarch($node); |
| 138 | |
| 139 | |
| 140 | //entering the node |
| 141 | |
| 142 | //sventest |
| 143 | if (($permissions['r']) || ($event != 'register')) { |
| 144 | |
| 145 | //performing node_events (based on update/insert/delete db queries) |
| 146 | if ($event) { |
| 147 | require(SYSTEM_ROOT.'inc/eventz.inc'); |
| 148 | } |
| 149 | |
| 150 | elseif ($transaction) { |
| 151 | require(SYSTEM_ROOT.'inc/transaction.inc'); |
| 152 | } |
| 153 | //end of performing node events |
| 154 | |
| 155 | //sventest |
| 156 | } |
| 157 | |
| 158 | |
| 159 | if ($permissions['r']) { |
| 160 | log::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']); |
| 161 | if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) { |
| 162 | $q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'"; |
| 163 | // echo $q; |
| 164 | $result=$db->update($q); |
| 165 | |
| 166 | if (!$result) { |
| 167 | $q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()"; |
| 168 | $db->query($q); |
| 169 | } |
| 170 | |
| 171 | |
| 172 | } |
| 173 | //creating neural network |
| 174 | $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'"); |
| 175 | if (is_numeric($referer_id)) { |
| 176 | $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'"; |
| 177 | $result=$db->update($q); |
| 178 | if (!$result) { |
| 179 | $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1"; |
| 180 | $db->query($q); |
| 181 | } |
| 182 | } |
| 183 | |
| 184 | } |
| 185 | |
| 186 | |
| 187 | |
| 188 | elseif (!$permissions['r'] && $_GET['magic_word']) { |
| 189 | $magic_word_big=$_GET['magic_word']; |
| 190 | |
| 191 | if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) { |
| 192 | $magic_uid=$mu['1']; |
| 193 | $magic_word=addslashes($mu['2']); |
| 194 | $q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'"; |
| 195 | $set=$db->query($q); |
| 196 | if ($set->getNumRows()) { |
| 197 | $permissions['r']=true; |
| 198 | } |
| 199 | } |
| 200 | } |
| 201 | |
| 202 | |
| 203 | |
| 204 | |
| 205 | |
| 206 | else { |
| 207 | log::log('enter',$node['node_id'],'failed'); |
| 208 | } |
| 209 | |
| 210 | |
| 211 | |
| 212 | //assigning user data to smarty if user logged in |
| 213 | if ($user_id=$_SESSION['user_id']) { |
| 214 | $smarty->assign('bookmarks',$_SESSION['bookmarks']); |
| 215 | $smarty->assign('user_id',$_SESSION['user_id']); |
| 216 | if (!empty($_SESSION['cube_vector'])) $smarty->assign('cube_vector',$_SESSION['cube_vector']); |
| 217 | $smarty->assign('user_quota',$_SESSION['user_quota']); |
| 218 | $newmailset=$db->query("select user_mail,user_mail_name,user_k from users where user_id='$user_id'"); |
| 219 | $newmailset->next(); |
| 220 | $new_mail=$newmailset->getString('user_mail'); |
| 221 | $smarty->assign('new_mail',$new_mail); |
| 222 | $smarty->assign('new_mail_name',$newmailset->getString('user_mail_name')); |
| 223 | $user_k=$newmailset->getString('user_k'); |
| 224 | $smarty->assign('user_k',$user_k); |
| 225 | $user_id=$_SESSION['user_id']; |
| 226 | |
| 227 | //mail node |
| 228 | if ($node['node_name']=='mail') { |
| 229 | |
| 230 | //clear new mail message |
| 231 | if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'"); |
| 232 | |
| 233 | //set messages as delivered to recipient |
| 234 | $set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'"); |
| 235 | while($set->next()) { |
| 236 | $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'"); |
| 237 | $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'"); |
| 238 | |
| 239 | $new_messages[$set->getString('mail_id')]=true; |
| 240 | } |
| 241 | /* |
| 242 | if (count($new_messages)) { |
| 243 | $db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'"); |
| 244 | $smarty->assign('new_messages',$new_messages); |
| 245 | |
| 246 | } |
| 247 | */ |
| 248 | } |
| 249 | } |
| 250 | |
| 251 | |
| 252 | |
| 253 | if ($node['node_system_access']=='crypto') { |
| 254 | $smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]); |
| 255 | } |
| 256 | |
| 257 | |
| 258 | Header("Cache-control: no-cache"); |
| 259 | Header("Expires:".gmdate("D, d M Y H:i:s")." GMT"); |
| 260 | header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); |
| 261 | |
| 262 | //assigning node data to smarty |
| 263 | $smarty->assign('error',$error); |
| 264 | $smarty->assign('permissions',$permissions); |
| 265 | $smarty->assign('current_vector',$node['node_vector']); |
| 266 | if ($permissions['r']) $smarty->assign('node',$node); |
| 267 | else { |
| 268 | |
| 269 | $smarty->assign('node',$node); |
| 270 | $smarty->display('modules/header.tpl'); |
| 271 | $smarty->display('modules/loginbox.tpl'); |
| 272 | die(); |
| 273 | } |
| 274 | |
| 275 | //setting user location |
| 276 | $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'"; |
| 277 | $db->executequery($q); |
| 278 | |
| 279 | $whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); |
| 280 | $smarty->assign('whole_time',$whole_time); |
| 281 | |
| 282 | if (!empty($_GET['template_id'])) { |
| 283 | $template_id=$_GET['template_id']; |
| 284 | } |
| 285 | else $template_id=false; |
| 286 | |
| 287 | if ($template_id=='download') { |
| 288 | if ($permissions['r']) { |
| 289 | $linkname = SYSTEM_ROOT."/files/".$node['node_id']; |
| 290 | $filename= readlink($linkname); |
| 291 | $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename); |
| 292 | |
| 293 | $ext = substr( $filename,-3 ); |
| 294 | if( $filename == "" ) { |
| 295 | echo "ERROR: Empty file to download. "; |
| 296 | exit; |
| 297 | } elseif ( ! file_exists( $filename ) ) { |
| 298 | exit; |
| 299 | }; |
| 300 | switch( $ext ){ |
| 301 | case "pdf": $ctype="application/pdf"; break; |
| 302 | case "exe": $ctype="application/octet-stream"; break; |
| 303 | case "zip": $ctype="application/zip"; break; |
| 304 | case "doc": $ctype="application/msword"; break; |
| 305 | case "xls": $ctype="application/vnd.ms-excel"; break; |
| 306 | case "ppt": $ctype="application/vnd.ms-powerpoint"; break; |
| 307 | case "gif": $ctype="image/gif"; break; |
| 308 | case "png": $ctype="image/png"; break; |
| 309 | case "jpg": $ctype="image/jpg"; break; |
| 310 | default: $ctype="application/force-download"; |
| 311 | } |
| 312 | header("Pragma: public"); |
| 313 | header("Expires: 0"); |
| 314 | header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); |
| 315 | header("Content-Type: $ctype"); |
| 316 | $user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]); |
| 317 | $file=str_replace(" ","_",$node['node_name']).".$ext"; |
| 318 | if ((is_integer (strpos($user_agent, "msie"))) && (is_integer |
| 319 | (strpos($user_agent, "win")))) { |
| 320 | header( "Content-Disposition: filename=$file;" ); |
| 321 | } else { |
| 322 | header( "Content-Disposition: attachment; |
| 323 | filename=$file;" ); |
| 324 | } |
| 325 | header("Content-Transfer-Encoding: binary"); |
| 326 | header("Content-Length: ".filesize($filename)); |
| 327 | readfile("$filename"); |
| 328 | exit(); |
| 329 | } |
| 330 | else { echo "you don't have permissions for downloading this data"; die(); } |
| 331 | } |
| 332 | |
| 333 | $smarty->assign('action',$template_id); |
| 334 | |
| 335 | //for cases like search & preview |
| 336 | $smarty->assign('post_vars',$_POST); |
| 337 | if (!empty($_POST['template_event'])) { |
| 338 | $smarty->assign('template_event',$_POST['template_event']); |
| 339 | |
| 340 | } |
| 341 | |
| 342 | //setting listing parameters |
| 343 | $children_count=$node['node_children_count']; |
| 344 | $descendant_count=$node['node_descendant_count']; |
| 345 | |
| 346 | if (is_numeric($_POST['listing_amount'])) $listing_amount=$_POST['listing_amount']; |
| 347 | elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount']; |
| 348 | else $listing_amount=DEFAULT_LISTING_AMOUNT; |
| 349 | $smarty->assign('listing_amount',$listing_amount); |
| 350 | |
| 351 | if ($_POST['listing_order']) $listing_order=$_POST['listing_order']; |
| 352 | elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order']; |
| 353 | else $listing_order=DEFAULT_LISTING_ORDER; |
| 354 | $smarty->assign('listing_order',$listing_order); |
| 355 | |
| 356 | if (is_numeric($_POST['get_children_offset'])) $offset=$_POST['get_children_offset']; |
| 357 | else $offset=0; |
| 358 | |
| 359 | |
| 360 | //movement forward and backward |
| 361 | // if ($listing_order=='asc' && !$offset) $offset=$descendant_count-$listing_amount; |
| 362 | |
| 363 | if ($_POST['get_children_move']=='<') { |
| 364 | $offset=$offset-$listing_amount; |
| 365 | if ($offset<0) $offset=0; |
| 366 | } |
| 367 | elseif ($_POST['get_children_move']=='>') { |
| 368 | $offset=$offset+$listing_amount; |
| 369 | } |
| 370 | elseif ($_POST['get_children_move']=='>>') { |
| 371 | $offset=$descendant_count-$listing_amount; |
| 372 | } |
| 373 | |
| 374 | elseif ($_POST['get_children_move']=='<<') { |
| 375 | $offset=0; |
| 376 | } |
| 377 | if ($offset<0) $offset=0; |
| 378 | $smarty->assign('offset',$offset); |
| 379 | |
| 380 | |
| 381 | //show own header |
| 382 | if ($_SESSION['header_id']==true) { |
| 383 | $smarty->assign('header_id',$_SESSION['header_id']); |
| 384 | $smarty->template_dir=OWN_TEMPLATE_DIR; |
| 385 | $content=$smarty->fetch($_SESSION['header_id'].".tpl"); |
| 386 | $smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET; |
| 387 | } |
| 388 | |
| 389 | //setting which template to use and displaying |
| 390 | /* |
| 391 | if ($node['$template_id']) { |
| 392 | if (!empty($template_id)) { |
| 393 | if (is_numeric($template_id)) { |
| 394 | $smarty->template_dir=OWN_TEMPLATE_DIR; |
| 395 | $content.=$smarty->fetch($node['$template_id'].".tpl"); |
| 396 | |
| 397 | } |
| 398 | elseif (strrpos($template_id,";")) { |
| 399 | $smarty->template_dir=OWN_TEMPLATE_DIR; |
| 400 | $content.=$smarty->fetch($node['$template_id'].".tpl"); |
| 401 | } |
| 402 | else { |
| 403 | $content.=$smarty->fetch($template_id.".tpl"); |
| 404 | } |
| 405 | } |
| 406 | else { |
| 407 | $smarty->template_dir=OWN_TEMPLATE_DIR; |
| 408 | $content.=$smarty->fetch($node['$template_id'].".tpl"); |
| 409 | } |
| 410 | } |
| 411 | |
| 412 | else { |
| 413 | if ($node['node_type']==$types[$node['node_id']]) { |
| 414 | if (is_numeric($template_id)) { |
| 415 | require(SYSTEM_ROOT.'/inc/actions.inc'); |
| 416 | $content.=$smarty->fetch($node['node_type'].".tpl"); |
| 417 | } |
| 418 | elseif (strrpos($template_id,";")) { |
| 419 | $content.=$smarty->fetch($node['node_type'].".tpl"); |
| 420 | } |
| 421 | elseif (empty($template_id)) { |
| 422 | $smarty->template_dir=OWN_TEMPLATE_DIR; |
| 423 | $content=$smarty->fetch($node['template_id'].".tpl"); |
| 424 | |
| 425 | } |
| 426 | else { |
| 427 | $content.=$smarty->fetch($template_id.".tpl"); |
| 428 | } |
| 429 | } |
| 430 | |
| 431 | else { |
| 432 | |
| 433 | if (is_numeric($template_id) or strpos(";",$template_id)) { |
| 434 | require(SYSTEM_ROOT.'/inc/actions.inc'); |
| 435 | $content.=$smarty->fetch($node['node_type'].".tpl"); |
| 436 | } |
| 437 | elseif (empty($template_id)) { |
| 438 | $content.=$smarty->fetch($node['node_type'].".tpl"); |
| 439 | } |
| 440 | else { |
| 441 | $content.=$smarty->fetch($template_id.".tpl"); |
| 442 | } |
| 443 | } |
| 444 | |
| 445 | } |
| 446 | */ |
| 447 | |
| 448 | $smarty->template_dir=OWN_TEMPLATE_DIR; |
| 449 | if (is_numeric($template_id)) { |
| 450 | $content.=$smarty->fetch($template_id.".tpl"); |
| 451 | } |
| 452 | |
| 453 | else { |
| 454 | $content.=$smarty->fetch($node['template_id'].".tpl"); |
| 455 | } |
| 456 | |
| 457 | $time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); |
| 458 | echo $content; |
| 459 | echo "<center>page generation took: $time second</center>"; |
| 460 | |
| 461 | $query = "insert delayed into load_times values (now(), '$time')"; |
| 462 | //$db->executequery($query); |
| 463 | |
| 464 | //end of displaying |
| 465 | |
| 466 | // dake vypisi pre kybu |
| 467 | if ($_SESSION['user_id'] == 342) { |
| 468 | |
| 469 | } |
| 470 | |
| 471 | ?> |