| 1 | <?php |
| 2 | //requiring main config file with path/database etc. constants |
| 3 | require_once('config/config.inc'); |
| 4 | |
| 5 | //Ask for auth if enabled... |
| 6 | //if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php'); |
| 7 | |
| 8 | //starting timer for benchmarking purposes |
| 9 | $timer_start=Time()+SubStr(MicroTime(),0,8); |
| 10 | //setting PHPSESSID cookie and starting user session |
| 11 | session_start(); |
| 12 | |
| 13 | @ini_set('magic_quotes_gpc' , 'off'); |
| 14 | if(get_magic_quotes_gpc()) { |
| 15 | die("Error: magic_quotes_gpc needs to be disabled! F00K!\n"); |
| 16 | } |
| 17 | |
| 18 | //Smarty from DB |
| 19 | $smarty_resource = 'kyberia'; |
| 20 | //$smarty_resource = ''; //same as 'file' (fallback) |
| 21 | /* I have moved old templates to DB using following lame script: |
| 22 | * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1); |
| 23 | echo UPDATE nodes SET node_content = "'$(php -r |
| 24 | "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE |
| 25 | node_id = "'$j'" COLLATE utf8_bin LIMIT '1;'; |
| 26 | done | mysql --user=kyberia --password=PASSSSSSS kyberia |
| 27 | * In future we should have some mechanism for distributing templates |
| 28 | * because they are very important part of kyberia source... |
| 29 | */ |
| 30 | |
| 31 | //connecting to database and creating universal $db object |
| 32 | //require_once(INCLUDE_DIR.'senate.inc'); // in config already |
| 33 | require_once(INCLUDE_DIR.'log.inc'); |
| 34 | require_once(INCLUDE_DIR.'ubik.inc'); |
| 35 | require_once(INCLUDE_DIR.'nodes.inc'); |
| 36 | require_once(INCLUDE_DIR.'error_messages.inc'); |
| 37 | require_once(INCLUDE_DIR.'database.inc'); |
| 38 | require_once(INCLUDE_DIR.'transports.inc'); |
| 39 | |
| 40 | $db = new CLASS_DATABASE(); |
| 41 | |
| 42 | switch(true) { |
| 43 | case preg_match('/id\/([0-9]+)(?:\/([0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match): |
| 44 | // print_r($match); |
| 45 | $_GET['node_id']=$match[1]; |
| 46 | if (!empty($match[2])) { |
| 47 | $_GET['template_id']=$match[2]; |
| 48 | } |
| 49 | //Base36 fascism redirect |
| 50 | if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack... |
| 51 | header('Location: /k/'.base_convert($_GET['node_id'], 10, 36). |
| 52 | (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'') |
| 53 | ); |
| 54 | die("Die!!! All Fascists Are Bastards...\n"); |
| 55 | } |
| 56 | break; |
| 57 | case preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]{1,7}))?/',$_SERVER['PATH_INFO'],$match): |
| 58 | $_GET['node_id']=base_convert($match[1], 36, 10); |
| 59 | if (!empty($match[2])) { |
| 60 | $_GET['template_id']=base_convert($match[2],36,10); |
| 61 | } |
| 62 | break; |
| 63 | case preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match): |
| 64 | $_GET['node_id'] = nodes::getNodeIdByName($match[1]); |
| 65 | break; |
| 66 | case preg_match('/search\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match): |
| 67 | //$query = nodes::getNodeIdByName($match[1]); |
| 68 | //XXX TODO: Predat searchi az bude fungovat |
| 69 | break; |
| 70 | case preg_match('/\/(.+)\/?$/',$_SERVER['PATH_INFO'],$match): |
| 71 | $_GET['node_id'] = nodes::getNodeIdByName($match[1]); |
| 72 | break; |
| 73 | default: |
| 74 | $_GET['node_id']=1; //WELCOME_NODE |
| 75 | break; |
| 76 | } |
| 77 | |
| 78 | if (!empty($_GET['template_id'])) { |
| 79 | $template_id=$_GET['template_id']; |
| 80 | } else { |
| 81 | $template_id=false; |
| 82 | } |
| 83 | |
| 84 | error_reporting(1); |
| 85 | //$_SESSION['debugging']=0; |
| 86 | //unset($_SESSION['debugging']); |
| 87 | //Well... we should make some event |
| 88 | //or JavaScript page to turning this on/off... |
| 89 | //exit; |
| 90 | if ($_SESSION['debugging']) { |
| 91 | error_reporting(E_ALL); |
| 92 | echo 'GET VARIABLES::<br/>'; |
| 93 | print_r($_GET); |
| 94 | echo 'POST VARIABLES::<br/>'; |
| 95 | print_r($_POST); |
| 96 | echo '<b>SESSION VARIABLES::</b><br/>'; |
| 97 | print_r($_SESSION); |
| 98 | } |
| 99 | |
| 100 | require_once(INCLUDE_DIR.'logout_idle.inc'); //Logout when idle |
| 101 | |
| 102 | //initializing node |
| 103 | $node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:''); |
| 104 | |
| 105 | //XXX Paths are wrong (!) |
| 106 | //loading smarty template engine and setting main parameters |
| 107 | require(SMARTY_DIR.'Smarty.class.php'); |
| 108 | $smarty = new Smarty; |
| 109 | require(INCLUDE_DIR.'smarty/resource.kyberia.php'); |
| 110 | $smarty->default_resource_type=$smarty_resource; |
| 111 | |
| 112 | //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX |
| 113 | $smarty->template_dir = TEMPLATE_DIR; |
| 114 | //echo TEMPLATE_DIR.TEMPLATE_SET; |
| 115 | //echo $smarty->template_dir; |
| 116 | $smarty->compile_dir = SYSTEM_DATA.'templates_c/'; |
| 117 | $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje |
| 118 | $smarty->cache_dir = SMARTY_DIR.'cache/'; |
| 119 | $smarty->plugins_dir = SMARTY_PLUGIN_DIR ; |
| 120 | if ($_SESSION['debugging']) $smarty->debugging=true; |
| 121 | |
| 122 | // initializing variables |
| 123 | // preg_replace prevents LFI |
| 124 | if (empty($_POST['event'])) $event='display'; |
| 125 | else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']); |
| 126 | |
| 127 | |
| 128 | if ($_SESSION['debugging']) { |
| 129 | echo "<pre><b>NODE::"; |
| 130 | print_r($node); |
| 131 | echo "</pre>"; |
| 132 | } |
| 133 | |
| 134 | if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) { |
| 135 | $node['node_permission']='owner'; |
| 136 | } |
| 137 | |
| 138 | if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) { |
| 139 | if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) { |
| 140 | echo "node::".$node['node_vector']; |
| 141 | echo "cube_Vector::".$_SESSION['cube_vector']; |
| 142 | echo "you are out of allowed cwbe. access forbidden"; |
| 143 | die(); |
| 144 | } |
| 145 | } |
| 146 | |
| 147 | @include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz... |
| 148 | |
| 149 | //checking permissions |
| 150 | include_once(BACKEND_DIR.'/'.DB_TYPE.'/permissions.inc'); |
| 151 | $permissions=permissions::checkPerms($node); |
| 152 | if ($_SESSION['debugging']) { |
| 153 | print_r($permissions); |
| 154 | } |
| 155 | |
| 156 | |
| 157 | |
| 158 | // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |
| 159 | //creating neural network |
| 160 | $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'"); |
| 161 | if (isset($referer_id) && is_numeric($referer_id)) { |
| 162 | $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'"; |
| 163 | $result=$db->update($q); |
| 164 | if (!$result) { |
| 165 | $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1"; |
| 166 | $db->query($q); |
| 167 | } |
| 168 | } else { |
| 169 | logger::log('enter',$node['node_id'],'failed'); |
| 170 | } |
| 171 | |
| 172 | |
| 173 | |
| 174 | //entering the node (executing the eventz) |
| 175 | if (($permissions['r']) || ($event != 'register')) { |
| 176 | //performing node_events (based on update/insert/delete db queries) |
| 177 | if ($event) { |
| 178 | require(INCLUDE_DIR.'eventz.inc'); |
| 179 | } |
| 180 | } |
| 181 | |
| 182 | ?> |