[mirrors/Kyberia-bloodline.git] / wwwroot / nodes.php

<?php
//requiring main config file with path/database etc. constants
require_once('config/config.inc'); 

//Ask for auth if enabled...
//if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php'); 

//starting timer for benchmarking purposes
$timer_start=Time()+SubStr(MicroTime(),0,8);
//setting PHPSESSID cookie and starting user session
session_start();

@ini_set('magic_quotes_gpc' , 'off');
if(get_magic_quotes_gpc()) {
	die("Error: magic_quotes_gpc needs to be disabled! F00K!\n");
}

//Smarty from DB
$smarty_resource = 'kyberia';
//$smarty_resource = ''; //same as 'file' (fallback)
/* I have moved old templates to DB using following lame script:
 * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1); 
   echo UPDATE nodes SET node_content = "'$(php -r 
   "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE 
   node_id = "'$j'" COLLATE utf8_bin LIMIT '1;';
   done | mysql --user=kyberia --password=PASSSSSSS kyberia
 * In future we should have some mechanism for distributing templates 
 * because they are very important part of kyberia source...
 */

//connecting to database and creating universal $db object
//require_once(INCLUDE_DIR.'senate.inc'); // in config already
require_once(INCLUDE_DIR.'log.inc');
require_once(INCLUDE_DIR.'ubik.inc');
require_once(INCLUDE_DIR.'nodes.inc');
require_once(INCLUDE_DIR.'error_messages.inc');
require_once(INCLUDE_DIR.'database.inc');
require_once(INCLUDE_DIR.'transports.inc');

$db = new CLASS_DATABASE();

if (preg_match('/id\/([0-9]+)(?:\/([0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match)) {
//	print_r($match);
	$_GET['node_id']=$match[1];
	if (!empty($match[2])) {
		$_GET['template_id']=$match[2];
	}
	//Base36 fascism redirect
	if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack...
		header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
			(isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
		);
		die("Die!!! All Fascists Are Bastards...\n");
	}
} elseif (preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]{1,7}))?/',$_SERVER['PATH_INFO'],$match)) {
	$_GET['node_id']=base_convert($match[1], 36, 10);
	if (!empty($match[2])) {
		$_GET['template_id']=base_convert($match[2],36,10);	
	}
} elseif (preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match)) {
	$_GET['node_id']  = nodes::getNodeIdByName($match[1]);
}

if (!empty($_GET['template_id'])) {
	$template_id=$_GET['template_id'];
} else {
	$template_id=false;
}

error_reporting(1);
//$_SESSION['debugging']=0;
//unset($_SESSION['debugging']); 
//Well... we should make some event 
//or JavaScript page to turning this on/off...
//exit;
if ($_SESSION['debugging']) {
    error_reporting(E_ALL);
    echo 'GET VARIABLES::<br/>';
    print_r($_GET);
    echo 'POST VARIABLES::<br/>';
    print_r($_POST);
    echo '<b>SESSION VARIABLES::</b><br/>';
    print_r($_SESSION);
}


//initializing node
if (!is_numeric($_GET['node_id'])) {
	$_GET['node_id']=WELCOME_NODE;
}

$node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');

//XXX Paths are wrong (!)
//loading smarty template engine and setting main parameters
require(SMARTY_DIR.'Smarty.class.php');
$smarty = new Smarty;
require(INCLUDE_DIR.'smarty/resource.kyberia.php');
$smarty->default_resource_type=$smarty_resource;

//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
$smarty->template_dir = TEMPLATE_DIR;
//echo TEMPLATE_DIR.TEMPLATE_SET;
//echo $smarty->template_dir;
$smarty->compile_dir = SYSTEM_DATA.'templates_c/';
$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
$smarty->cache_dir = SMARTY_DIR.'cache/';
$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
if ($_SESSION['debugging']) $smarty->debugging=true;

// initializing variables
// preg_replace prevents LFI
if (empty($_POST['event'])) $event='display';
else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);


if ($_SESSION['debugging']) {
	echo "<pre><b>NODE::";
	print_r($node);
	echo "</pre>";
}

if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
	$node['node_permission']='owner';
}

if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
	if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
		echo "node::".$node['node_vector'];
		echo "cube_Vector::".$_SESSION['cube_vector'];
		echo "you are out of allowed cwbe. access forbidden";
		die();
	}
}

@include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz...

//checking permissions
include_once(BACKEND_DIR.'/'.DB_TYPE.'/permissions.inc');
$permissions=permissions::checkPerms($node);
if ($_SESSION['debugging']) {
	print_r($permissions);
}


// DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//creating neural network
$db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
if (isset($referer_id) && is_numeric($referer_id)) {
	$q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
	$result=$db->update($q);
	if (!$result) {
		$q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
		$db->query($q);
		}
} else {
	logger::log('enter',$node['node_id'],'failed');
}


//entering the node (executing the eventz)
if (($permissions['r']) || ($event != 'register')) {
	//performing node_events (based on update/insert/delete db queries)
	if ($event) {
		require(INCLUDE_DIR.'eventz.inc');
	}
}

?>
Commit	Line	Data
	1	<?php
	2	//requiring main config file with path/database etc. constants
	3	require_once('config/config.inc');
	4
	5	//Ask for auth if enabled...
	6	//if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php');
	7
	8	//starting timer for benchmarking purposes
	9	$timer_start=Time()+SubStr(MicroTime(),0,8);
	10	//setting PHPSESSID cookie and starting user session
	11	session_start();
	12
	13	@ini_set('magic_quotes_gpc' , 'off');
	14	if(get_magic_quotes_gpc()) {
	15	die("Error: magic_quotes_gpc needs to be disabled! F00K!\n");
	16	}
	17
	18	//Smarty from DB
	19	$smarty_resource = 'kyberia';
	20	//$smarty_resource = ''; //same as 'file' (fallback)
	21	/* I have moved old templates to DB using following lame script:
	22	* for i in *.tpl; do j=$(echo "$i" \| cut -d . -f 1);
	23	echo UPDATE nodes SET node_content = "'$(php -r
	24	"echo mysql_escape_string(file_get_contents('$i'));")'" WHERE
	25	node_id = "'$j'" COLLATE utf8_bin LIMIT '1;';
	26	done \| mysql --user=kyberia --password=PASSSSSSS kyberia
	27	* In future we should have some mechanism for distributing templates
	28	* because they are very important part of kyberia source...
	29	*/
	30
	31	//connecting to database and creating universal $db object
	32	//require_once(INCLUDE_DIR.'senate.inc'); // in config already
	33	require_once(INCLUDE_DIR.'log.inc');
	34	require_once(INCLUDE_DIR.'ubik.inc');
	35	require_once(INCLUDE_DIR.'nodes.inc');
	36	require_once(INCLUDE_DIR.'error_messages.inc');
	37	require_once(INCLUDE_DIR.'database.inc');
	38	require_once(INCLUDE_DIR.'transports.inc');
	39
	40	$db = new CLASS_DATABASE();
	41
	42	if (preg_match('/id\/([0-9]+)(?:\/([0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match)) {
	43	// print_r($match);
	44	$_GET['node_id']=$match[1];
	45	if (!empty($match[2])) {
	46	$_GET['template_id']=$match[2];
	47	}
	48	//Base36 fascism redirect
	49	if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack...
	50	header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
	51	(isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
	52	);
	53	die("Die!!! All Fascists Are Bastards...\n");
	54	}
	55	} elseif (preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]{1,7}))?/',$_SERVER['PATH_INFO'],$match)) {
	56	$_GET['node_id']=base_convert($match[1], 36, 10);
	57	if (!empty($match[2])) {
	58	$_GET['template_id']=base_convert($match[2],36,10);
	59	}
	60	} elseif (preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match)) {
	61	$_GET['node_id'] = nodes::getNodeIdByName($match[1]);
	62	}
	63
	64	if (!empty($_GET['template_id'])) {
	65	$template_id=$_GET['template_id'];
	66	} else {
	67	$template_id=false;
	68	}
	69
	70	error_reporting(1);
	71	//$_SESSION['debugging']=0;
	72	//unset($_SESSION['debugging']);
	73	//Well... we should make some event
	74	//or JavaScript page to turning this on/off...
	75	//exit;
	76	if ($_SESSION['debugging']) {
	77	error_reporting(E_ALL);
	78	echo 'GET VARIABLES::<br/>';
	79	print_r($_GET);
	80	echo 'POST VARIABLES::<br/>';
	81	print_r($_POST);
	82	echo '<b>SESSION VARIABLES::</b><br/>';
	83	print_r($_SESSION);
	84	}
	85
	86
	87
	88	//initializing node
	89	if (!is_numeric($_GET['node_id'])) {
	90	$_GET['node_id']=WELCOME_NODE;
	91	}
	92
	93	$node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
	94
	95	//XXX Paths are wrong (!)
	96	//loading smarty template engine and setting main parameters
	97	require(SMARTY_DIR.'Smarty.class.php');
	98	$smarty = new Smarty;
	99	require(INCLUDE_DIR.'smarty/resource.kyberia.php');
	100	$smarty->default_resource_type=$smarty_resource;
	101
	102	//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
	103	$smarty->template_dir = TEMPLATE_DIR;
	104	//echo TEMPLATE_DIR.TEMPLATE_SET;
	105	//echo $smarty->template_dir;
	106	$smarty->compile_dir = SYSTEM_DATA.'templates_c/';
	107	$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
	108	$smarty->cache_dir = SMARTY_DIR.'cache/';
	109	$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
	110	if ($_SESSION['debugging']) $smarty->debugging=true;
	111
	112	// initializing variables
	113	// preg_replace prevents LFI
	114	if (empty($_POST['event'])) $event='display';
	115	else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
	116
	117
	118	if ($_SESSION['debugging']) {
	119	echo "<pre><b>NODE::";
	120	print_r($node);
	121	echo "</pre>";
	122	}
	123
	124	if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
	125	$node['node_permission']='owner';
	126	}
	127
	128	if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
	129	if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
	130	echo "node::".$node['node_vector'];
	131	echo "cube_Vector::".$_SESSION['cube_vector'];
	132	echo "you are out of allowed cwbe. access forbidden";
	133	die();
	134	}
	135	}
	136
	137	@include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz...
	138
	139	//checking permissions
	140	include_once(BACKEND_DIR.'/'.DB_TYPE.'/permissions.inc');
	141	$permissions=permissions::checkPerms($node);
	142	if ($_SESSION['debugging']) {
	143	print_r($permissions);
	144	}
	145
	146
	147
	148	// DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
	149	//creating neural network
	150	$db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
	151	if (isset($referer_id) && is_numeric($referer_id)) {
	152	$q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
	153	$result=$db->update($q);
	154	if (!$result) {
	155	$q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
	156	$db->query($q);
	157	}
	158	} else {
	159	logger::log('enter',$node['node_id'],'failed');
	160	}
	161
	162
	163
	164	//entering the node (executing the eventz)
	165	if (($permissions['r']) \|\| ($event != 'register')) {
	166	//performing node_events (based on update/insert/delete db queries)
	167	if ($event) {
	168	require(INCLUDE_DIR.'eventz.inc');
	169	}
	170	}
	171
	172	?>