[mirrors/Kyberia-bloodline.git] / wwwroot / nodes.php

<?php
// output buffering forcing (mx)
if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();

//header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
//echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
//exit;

//starting timer for benchmarking purposes
$timer_start=Time()+SubStr(MicroTime(),0,8);

//setting PHPSESSID cookie and starting user session
session_start();

error_reporting(1);
//$_SESSION['debugging']=1;
//exit;


if ($_SESSION['debugging']) {

    error_reporting(E_ALL);
    echo "GET VARIABLES::<br/>";
    print_r($_GET);
    echo "POST VARIABLES::<br/>";
    print_r($_POST);
    echo "<b>SESSION VARIABLES::</b><br/>";
    print_r($_SESSION);
}

//Base36 http://en.wikipedia.org/wiki/Base_36 (Initial support only :-)
if(isset($_GET['node_kid'])) $_GET['node_id'] = base_convert($_GET['node_kid'], 36, 10);
if(isset($_GET['template_kid'])) $_GET['template_id'] = base_convert($_GET['template_kid'], 36, 10);

//requiring main config file with path/database etc. constants
require('config/config.inc');
require(INCLUDE_DIR.'senate.inc');

if (isset($_SERVER['HTTP_REFERER'])) {
	preg_match("/id\/([0-9]*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
	$referer_id=$ref_match[1];
}

//connecting to database and creating universal $db object
require(INCLUDE_DIR.'log.inc');
require(INCLUDE_DIR.'ubik.inc');
require(INCLUDE_DIR.'nodes.inc');
require(INCLUDE_DIR.'error_messages.inc');
require(INCLUDE_DIR.'database.inc');

$db = new CLASS_DATABASE();

if (!empty($_GET['template_id'])) {
	$template_id=$_GET['template_id'];
} else {
	$template_id=false;
}

//initializing node methods
if (!empty($_GET['node_name'])) {
	$node  = nodes::redirByName($_GET['node_name']);
} elseif (!empty($_GET['node_id'])) {
	$node = nodes::getNodeById($_GET['node_id'],
		(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
}

//XXX Paths are wrong (!)
//loading smarty template engine and setting main parameters
require(SMARTY_DIR.'Smarty.class.php');
$smarty = new Smarty;

//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
$smarty->template_dir = TEMPLATE_DIR;
//echo TEMPLATE_DIR.TEMPLATE_SET;
//echo $smarty->template_dir;
$smarty->compile_dir = SYSTEM_DATA."templates_c/";
$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
$smarty->cache_dir = SMARTY_DIR.'cache/';
$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
if ($_SESSION['debugging']) $smarty->debugging=true;

// initializing variables
// preg_replace prevents LFI
if (empty($_POST['event'])) $event=false;
else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);


if ($_SESSION['debugging']) {
	echo "<pre><b>NODE::";
	print_r($node);
	echo "</pre>";
}

if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
	$node['node_permission']='owner';
}

if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
	if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
		echo "node::".$node['node_vector'];
		echo "cube_Vector::".$_SESSION['cube_vector'];
		echo "you are out of allowed cwbe. access forbidden";
		die();
	}
}

//if not existent node show our own 404
if (empty($node)) {
	$nodes= nodes::getNodesByName($_GET['node_name']);
	if ($nodes) {
		$smarty->assign('nodes',$nodes);
		$content=$smarty->display("404.tpl");
		die();
	}
	elseif ($_SESSION['user_id']) {
		$smarty->assign('node_name',$_GET['node_name']);
		$content=$smarty->display("modules/addnode.tpl");
	}
}

//modifying node glass pearl //XXX WTF
if (is_array($children_types[$node['node_type']])) {
	$smarty->assign('children_types',$children_types[$node['node_type']]);
}
$smarty->assign('types',$types);


//$node['node_type']=$types[$node['node_type']];
$node['node_content']= StripSlashes($node['node_content']);
$node['node_name']= StripSlashes($node['node_name']);

//checking permissions
function _checkPermissions()
{
	global $permissions, $node;

	require(INCLUDE_DIR.'permissions.inc');
	$permissions=permissions::checkPermissions($node);
	$permissions['h']=permissions::isHierarch($node);
}

// mail rss
if ($template_id=='rss') //XXX WHAT?
{
	$_feedType = "RSS0.91";
	if (!is_numeric($_SESSION['user_id']))
	{
		if (!isset($_SERVER['PHP_AUTH_USER'])) {
			header('WWW-Authenticate: Basic realm="Kyberia"');
			header('HTTP/1.0 401 Unauthorized');
			echo 'Cancel button';
			exit;
		}
		else
		{
			require_once(EVENT_DIR.'/login.inc');
			$_POST['login'] = $_SERVER['PHP_AUTH_USER'];
			$_POST['password'] = $_SERVER['PHP_AUTH_PW'];
			$_POST['login_type'] = "name";
			if (!login())
			{
				echo "Zle meno/heslo.";
				exit();
			}
		}
	}

	_checkPermissions();

	// Mail
	if ($_GET['node_id']==='24' && $permissions['r'])
	{
	   require_once(INCLUDE_DIR.'/feedcreator.class.php');

	   $rss = new UniversalFeedCreator();
	   $rss->title = "Kyberia mail";
	   $rss->description = "";
	   $rss->link = "https://". SYSTEM_URL . "/id/24";

		//XXX into function
	   $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas,
   userfrom.user_action as locationfrom_action,
   userfrom.user_action_id as locationfrom_action_id,
   userto.user_action as locationto_action,
   userto.user_action_id as locationto_action_id,
   userto.login as mail_to_name, userfrom.login as mail_from_name,
   mail.* from mail left join users as userfrom on
   mail_from=userfrom.user_id left join users as userto on mail_to=userto.user_id
   where mail_user='$_SESSION[user_id]' and mail_to='$_SESSION[user_id]' order by mail_id desc limit 0,10";

	   $set = $db->query($query);

	   while($set->next()) {
		   $m = $set->getRecord();
		   if ($m['mail_to'] != $_SESSION['user_id'])
			   continue;
		   $item = new FeedItem();
		   $item->title = $m['mail_from_name'];
		   $item->link = "https://".SYSTEM_URL."/id/24";
		   $item->description = $m['mail_text'];
		   $rss->addItem($item);
	   }
	}
	// bookmarks
	elseif ($_GET['node_id']=='19' && $permissions['r'])
	{
		require_once(INCLUDE_DIR.'/feedcreator.class.php');

		$rss = new UniversalFeedCreator();
		$rss->title = "Kyberia bookmarks";
		$rss->link = "http://".SYSTEM_URL."/id/19"; //XXX https ?

		require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php');
		smarty_function_get_bookmarks(array(), $smarty);
		$_items = $smarty->get_template_vars('get_bookmarks');
		foreach ($_items as $_item)
		{
			if (is_array($_item['children']))
				foreach ($_item['children'] as $_b)
				{
					$item = new FeedItem();
					$item->title = $_b['node_name'];
					$item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss";
					$rss->addItem($item);
				}
		}
		$_feedType = 'OPML';
	}
	elseif ($permissions['r'])
	{
		require_once(INCLUDE_DIR.'/feedcreator.class.php');

		$rss = new UniversalFeedCreator();
		$rss->title = $node['node_name'];
		$rss->description = "";
		$rss->link = "http://".SYSTEM_URL."/id/".$node['node_id'];

		// K list
		if ($_GET['node_id']=='15')
		{
			require_once(SMARTY_PLUGIN_DIR.'/function.get_k.php');
			smarty_function_get_k(array(), $smarty);
			$_items = $smarty->get_template_vars('get_k');
		}
		else
		{
			require_once(SMARTY_PLUGIN_DIR.'/function.get_children.php');
			smarty_function_get_children(
				array('orderby' => 'desc', 'orderby_type' => 'time'), $smarty);
			$_items = $smarty->get_template_vars('get_children');
		}

		foreach ($_items as $_item)
		{
			$item = new FeedItem();
			$item->title = $_item['node_name'];
			$item->link = "http://".SYSTEM_URL."/id/".$_item['node_id'];
			$item->description = $_item['node_content'];
			$rss->addItem($item);
		}
	}

	if ($permissions['r']) $rss->showFeed($_feedType);
	exit();
}

_checkPermissions();

//entering the node

//sventest
if (($permissions['r']) || ($event != 'register')) {

	//performing node_events (based on update/insert/delete db queries)
	if ($event) {
		require(INCLUDE_DIR.'eventz.inc');
	}

	elseif ($transaction) {
		require(INCLUDE_DIR.'transaction.inc');
	}
	//end of performing node events

	//sventest
}


if ($permissions['r']) {

// these 4 lines are not the source of kyberia lagging problems.
// leave them. started on the 10.4. 
// data gained will be used for scientific purposes

// if (isset($_SESSION['user_id']) {
//	log_levenshtein($_SESSION['user_id'],$node['node_id']);
// }

if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) {
	$q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
	$db->update($q);
}

//if node is css
//XXX into function
if ($node['template_id']!='2019721'){

	logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
	if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) {
		$q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
//		echo $q;
		$result=$db->update($q);

		if (!$result) {
			$q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()";
			$db->query($q);
		}
	}//end of if node os css
}

}

//XXX into function
// if (isset($_SESSION['user_id']) {
//	if (isset($referer_id)) {
//		update_nodes($_SESSION['user_id'],$node['node_id'],$referer_id);
//	} else {
//		update_nodes($_SESSION['user_id'],$node['node_id'],0);	
//	}
// }

// DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//creating neural network
$db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
if (isset($referer_id) && is_numeric($referer_id)) {
	$q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
	$result=$db->update($q);
	if (!$result) {
		$q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
		$db->query($q);
		}
}


elseif (!$permissions['r'] && $_GET['magic_word']) {
	$magic_word_big=$_GET['magic_word'];

	if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) {
		$magic_uid=$mu['1'];
		$magic_word=addslashes($mu['2']);
		// XXX WTF column magic_word does not exists
		$q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'";
		$set=$db->query($q);
		if ($set->getNumRows()) {
			$permissions['r']=true;
		}
	}
}


else {
	logger::log('enter',$node['node_id'],'failed');
}


//assigning user data to smarty if user logged in
if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
	$smarty->assign('_POST',$_POST);
	$smarty->assign('bookmarks',$_SESSION['bookmarks']);
	$smarty->assign('ignore',$_SESSION['ignore']);
	$smarty->assign('bookstyl',$_SESSION['bookstyl']);
	$smarty->assign('fook',$_SESSION['fook']);
	$smarty->assign('user_id',$_SESSION['user_id']);
	if (!empty($_SESSION['cube_vector'])) 
		$smarty->assign('cube_vector',$_SESSION['cube_vector']);
        $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
	$smarty->assign('user_quota',$_SESSION['user_quota']);

	// XXX into function
	$newmail_q = sprintf('select u.user_mail_id
				, u.user_k
				, u.k_wallet
				, u.user_mail
				, ms.user_id as mail_sender_id
				, ms.login as mail_sender
				from users u
				left join users ms on ms.user_id = u.user_mail_id
				where u.user_id = %d',
				$user_id);
	$newmailset = $db->query($newmail_q);


	$newmailset->next();
	$new_mail=$newmailset->getString('user_mail');
	// XXX into function
	$newmailset2 = $db->query("select users.user_mail_id,mailsender.login
 from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
	$newmailset2->next();
	$smarty->assign('new_mail',$new_mail);
	$smarty->assign('new_mail_name',$newmailset->getString('mail_sender'));
	$smarty->assign('new_mail_name2',$newmailset2->getString('login'));
	$user_k=$newmailset->getString('user_k');
	$smarty->assign('user_k',$user_k);
	$k_wallet=$newmailset->getString('k_wallet');
	$smarty->assign('k_wallet',$k_wallet);
	$user_id=$_SESSION['user_id'];

	//mail node
	if ($node['node_name']=='mail') {

		//clear new mail message
		
		if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'");

		//set messages as delivered to recipient
		$set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'");
		while($set->next()) {
			$db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'");
			$db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'");

			$new_messages[$set->getString('mail_id')]=true;
		}
/*
		if (count($new_messages)) {
			$db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'");
			$smarty->assign('new_messages',$new_messages);

        	}
*/
	}
}


if ($node['node_system_access']=='crypto') {
	$smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]);
}

$smarty->assign('error',$error);
$smarty->assign('permissions',$permissions);
$smarty->assign('current_vector',$node['node_vector']);
if ($permissions['r']) $smarty->assign('node',$node);
else {

	$smarty->assign('node',$node);
	//new templates by Dark matter
	$smarty->template_dir=OWN_TEMPLATE_DIR;

	$smarty->display('1549864.tpl');
	$smarty->display('1549885.tpl');
	$smarty->display('630526.tpl');
	die();

	//redirect to mainpage
// looks like poeple totaly hate this redirect!
//	header("Location: /id/1");
}


// XXX into function
if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){
//setting user location
$q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
$db->executequery($q);
}

$whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
$smarty->assign('whole_time',$whole_time);


if ($template_id=='download' OR $template_id=='download.jpg') {
	if ($permissions['r']) {
	$linkname = SYSTEM_ROOT."/files/".$node['node_id'];
	$filename= readlink($linkname);
	$suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename);

	$ext = substr( $filename,-3 );
	if( $filename == "" ) {
	   echo "ERROR: Empty file to download. ";
	   exit;
	} elseif ( ! file_exists( $filename ) ) {
	 	exit;
	};
	switch( strtolower($ext) ){
	   case "pdf": $ctype="application/pdf";              break;
	   case "exe": $ctype="application/octet-stream";      break;
	   case "zip": $ctype="application/zip";              break;
	   case "doc": $ctype="application/msword";            break;
	   case "xls": $ctype="application/vnd.ms-excel";      break;
	   case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
	   case "gif": $ctype="image/gif";                    break;
	   case "png": $ctype="image/png";                    break;
	   case "jpg": $ctype="image/jpg";                    break;
	   default:    $ctype="application/force-download";
	}
	$file=str_replace(" ","_",$node['node_name']).".$ext";
	header("Pragma: public");
	header("Expires: 0");
	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
	header("Content-Type: $ctype");
	$user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]);
	if ((is_integer (strpos($user_agent, "msie"))) && (is_integer
	(strpos($user_agent, "win")))) {
	   header( "Content-Disposition: filename=$file;" );
	} else 	{
	   header( "Content-Disposition: attachment;
	filename=$file;" );
	}
	header("Content-Transfer-Encoding: binary");
	header("Content-Length: ".filesize($filename));
	readfile("$filename");
	exit();
	}
	else { echo "you don't have permissions for downloading this data"; die(); }
}

if ($node['template_id']=='2019721'){
Header("Cache-control: max-age=3600");
}else{
Header("Cache-control: no-cache");
Header("Expires:".gmdate("D, d M Y H:i:s")." GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
}


//for cases like search & preview
	$smarty->assign('post_vars',$_POST);
if (!empty($_POST['template_event'])) {
	$smarty->assign('template_event',$_POST['template_event']);

}

//setting listing parameters
        $children_count=$node['node_children_count'];
	$descendant_count=$node['node_descendant_count'];

        if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { 
		$listing_amount=mysql_real_escape_string($_POST['listing_amount']);
	}elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
        else $listing_amount=DEFAULT_LISTING_AMOUNT;
	$smarty->assign('listing_amount',$listing_amount);

	if (isset($_POST['listing_order']) && $_POST['listing_order']) {
		$listing_order=mysql_real_escape_string($_POST['listing_order']);
	} elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
	else $listing_order=DEFAULT_LISTING_ORDER;
	$smarty->assign('listing_order',$listing_order);

	if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) {
		$offset=$_POST['get_children_offset'];
	} else { $offset=0; }


        //movement forward and backward
//	if ($listing_order=='asc' && !$offset) $offset=$descendant_count-$listing_amount;

        if ($_POST['get_children_move']=='<') {
	        $offset=$offset-$listing_amount;
       	      if ($offset<0) $offset=0;
        }
        elseif ($_POST['get_children_move']=='>') {
		$offset=$offset+$listing_amount;
        }
	elseif ($_POST['get_children_move']=='>>') {
        	$offset=$descendant_count-$listing_amount;
       	}

        elseif ($_POST['get_children_move']=='<<') {
               $offset=0;
        }
        if ($offset<0) $offset=0;
        $_POST['offset']=$offset;
        $smarty->assign('offset',$offset);


if ($node['external_link']=='header://svg' && !is_numeric($template_id)) {
	header("Content-Type: image/svg+xml");
}

//show own header
elseif (isset($_SESSION['header_id']) && ($_SESSION['header_id']==true)) {
	$smarty->assign('header_id',$_SESSION['header_id']);
	$smarty->template_dir=OWN_TEMPLATE_DIR;
	$content=$smarty->fetch($_SESSION['header_id'].".tpl");
	$smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET;
	//not registered user
	if ($_SESSION['header_id']==2091520) {
		echo $content;
		session_destroy();
		die();
	}
}

$smarty->template_dir=OWN_TEMPLATE_DIR;

if (is_numeric($template_id)) {
	$content.=$smarty->fetch($template_id.".tpl");
}

else {
	$template_id=$node['template_id'];
	$content.=$smarty->fetch($node['template_id'].".tpl");
}

if ($template_id=='2019721'){
	$content=$smarty->fetch($template_id.".tpl");
	echo $content;
}else{
	$time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
	echo $content;
//	echo "<center>page generation took: $time second</center>";
}
//end of displaying

// output buffering forcing (mx)
if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_end_flush();

?>
Commit	Line	Data
	1	<?php
	2	// output buffering forcing (mx)
	3	if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();
	4
	5	//header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
	6	//echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
	7	//exit;
	8
	9	//starting timer for benchmarking purposes
	10	$timer_start=Time()+SubStr(MicroTime(),0,8);
	11
	12	//setting PHPSESSID cookie and starting user session
	13	session_start();
	14
	15	error_reporting(1);
	16	//$_SESSION['debugging']=1;
	17	//exit;
	18
	19
	20	if ($_SESSION['debugging']) {
	21
	22	error_reporting(E_ALL);
	23	echo "GET VARIABLES::<br/>";
	24	print_r($_GET);
	25	echo "POST VARIABLES::<br/>";
	26	print_r($_POST);
	27	echo "<b>SESSION VARIABLES::</b><br/>";
	28	print_r($_SESSION);
	29	}
	30
	31	//Base36 http://en.wikipedia.org/wiki/Base_36 (Initial support only :-)
	32	if(isset($_GET['node_kid'])) $_GET['node_id'] = base_convert($_GET['node_kid'], 36, 10);
	33	if(isset($_GET['template_kid'])) $_GET['template_id'] = base_convert($_GET['template_kid'], 36, 10);
	34
	35	//requiring main config file with path/database etc. constants
	36	require('config/config.inc');
	37	require(INCLUDE_DIR.'senate.inc');
	38
	39	if (isset($_SERVER['HTTP_REFERER'])) {
	40	preg_match("/id\/([0-9]*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
	41	$referer_id=$ref_match[1];
	42	}
	43
	44	//connecting to database and creating universal $db object
	45	require(INCLUDE_DIR.'log.inc');
	46	require(INCLUDE_DIR.'ubik.inc');
	47	require(INCLUDE_DIR.'nodes.inc');
	48	require(INCLUDE_DIR.'error_messages.inc');
	49	require(INCLUDE_DIR.'database.inc');
	50
	51	$db = new CLASS_DATABASE();
	52
	53	if (!empty($_GET['template_id'])) {
	54	$template_id=$_GET['template_id'];
	55	} else {
	56	$template_id=false;
	57	}
	58
	59	//initializing node methods
	60	if (!empty($_GET['node_name'])) {
	61	$node = nodes::redirByName($_GET['node_name']);
	62	} elseif (!empty($_GET['node_id'])) {
	63	$node = nodes::getNodeById($_GET['node_id'],
	64	(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
	65	}
	66
	67	//XXX Paths are wrong (!)
	68	//loading smarty template engine and setting main parameters
	69	require(SMARTY_DIR.'Smarty.class.php');
	70	$smarty = new Smarty;
	71
	72	//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
	73	$smarty->template_dir = TEMPLATE_DIR;
	74	//echo TEMPLATE_DIR.TEMPLATE_SET;
	75	//echo $smarty->template_dir;
	76	$smarty->compile_dir = SYSTEM_DATA."templates_c/";
	77	$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
	78	$smarty->cache_dir = SMARTY_DIR.'cache/';
	79	$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
	80	if ($_SESSION['debugging']) $smarty->debugging=true;
	81
	82	// initializing variables
	83	// preg_replace prevents LFI
	84	if (empty($_POST['event'])) $event=false;
	85	else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
	86
	87
	88	if ($_SESSION['debugging']) {
	89	echo "<pre><b>NODE::";
	90	print_r($node);
	91	echo "</pre>";
	92	}
	93
	94	if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
	95	$node['node_permission']='owner';
	96	}
	97
	98	if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
	99	if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
	100	echo "node::".$node['node_vector'];
	101	echo "cube_Vector::".$_SESSION['cube_vector'];
	102	echo "you are out of allowed cwbe. access forbidden";
	103	die();
	104	}
	105	}
	106
	107	//if not existent node show our own 404
	108	if (empty($node)) {
	109	$nodes= nodes::getNodesByName($_GET['node_name']);
	110	if ($nodes) {
	111	$smarty->assign('nodes',$nodes);
	112	$content=$smarty->display("404.tpl");
	113	die();
	114	}
	115	elseif ($_SESSION['user_id']) {
	116	$smarty->assign('node_name',$_GET['node_name']);
	117	$content=$smarty->display("modules/addnode.tpl");
	118	}
	119	}
	120
	121	//modifying node glass pearl //XXX WTF
	122	if (is_array($children_types[$node['node_type']])) {
	123	$smarty->assign('children_types',$children_types[$node['node_type']]);
	124	}
	125	$smarty->assign('types',$types);
	126
	127
	128	//$node['node_type']=$types[$node['node_type']];
	129	$node['node_content']= StripSlashes($node['node_content']);
	130	$node['node_name']= StripSlashes($node['node_name']);
	131
	132	//checking permissions
	133	function _checkPermissions()
	134	{
	135	global $permissions, $node;
	136
	137	require(INCLUDE_DIR.'permissions.inc');
	138	$permissions=permissions::checkPermissions($node);
	139	$permissions['h']=permissions::isHierarch($node);
	140	}
	141
	142	// mail rss
	143	if ($template_id=='rss') //XXX WHAT?
	144	{
	145	$_feedType = "RSS0.91";
	146	if (!is_numeric($_SESSION['user_id']))
	147	{
	148	if (!isset($_SERVER['PHP_AUTH_USER'])) {
	149	header('WWW-Authenticate: Basic realm="Kyberia"');
	150	header('HTTP/1.0 401 Unauthorized');
	151	echo 'Cancel button';
	152	exit;
	153	}
	154	else
	155	{
	156	require_once(EVENT_DIR.'/login.inc');
	157	$_POST['login'] = $_SERVER['PHP_AUTH_USER'];
	158	$_POST['password'] = $_SERVER['PHP_AUTH_PW'];
	159	$_POST['login_type'] = "name";
	160	if (!login())
	161	{
	162	echo "Zle meno/heslo.";
	163	exit();
	164	}
	165	}
	166	}
	167
	168	_checkPermissions();
	169
	170	// Mail
	171	if ($_GET['node_id']==='24' && $permissions['r'])
	172	{
	173	require_once(INCLUDE_DIR.'/feedcreator.class.php');
	174
	175	$rss = new UniversalFeedCreator();
	176	$rss->title = "Kyberia mail";
	177	$rss->description = "";
	178	$rss->link = "https://". SYSTEM_URL . "/id/24";
	179
	180	//XXX into function
	181	$query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas,
	182	userfrom.user_action as locationfrom_action,
	183	userfrom.user_action_id as locationfrom_action_id,
	184	userto.user_action as locationto_action,
	185	userto.user_action_id as locationto_action_id,
	186	userto.login as mail_to_name, userfrom.login as mail_from_name,
	187	mail.* from mail left join users as userfrom on
	188	mail_from=userfrom.user_id left join users as userto on mail_to=userto.user_id
	189	where mail_user='$_SESSION[user_id]' and mail_to='$_SESSION[user_id]' order by mail_id desc limit 0,10";
	190
	191	$set = $db->query($query);
	192
	193	while($set->next()) {
	194	$m = $set->getRecord();
	195	if ($m['mail_to'] != $_SESSION['user_id'])
	196	continue;
	197	$item = new FeedItem();
	198	$item->title = $m['mail_from_name'];
	199	$item->link = "https://".SYSTEM_URL."/id/24";
	200	$item->description = $m['mail_text'];
	201	$rss->addItem($item);
	202	}
	203	}
	204	// bookmarks
	205	elseif ($_GET['node_id']=='19' && $permissions['r'])
	206	{
	207	require_once(INCLUDE_DIR.'/feedcreator.class.php');
	208
	209	$rss = new UniversalFeedCreator();
	210	$rss->title = "Kyberia bookmarks";
	211	$rss->link = "http://".SYSTEM_URL."/id/19"; //XXX https ?
	212
	213	require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php');
	214	smarty_function_get_bookmarks(array(), $smarty);
	215	$_items = $smarty->get_template_vars('get_bookmarks');
	216	foreach ($_items as $_item)
	217	{
	218	if (is_array($_item['children']))
	219	foreach ($_item['children'] as $_b)
	220	{
	221	$item = new FeedItem();
	222	$item->title = $_b['node_name'];
	223	$item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss";
	224	$rss->addItem($item);
	225	}
	226	}
	227	$_feedType = 'OPML';
	228	}
	229	elseif ($permissions['r'])
	230	{
	231	require_once(INCLUDE_DIR.'/feedcreator.class.php');
	232
	233	$rss = new UniversalFeedCreator();
	234	$rss->title = $node['node_name'];
	235	$rss->description = "";
	236	$rss->link = "http://".SYSTEM_URL."/id/".$node['node_id'];
	237
	238	// K list
	239	if ($_GET['node_id']=='15')
	240	{
	241	require_once(SMARTY_PLUGIN_DIR.'/function.get_k.php');
	242	smarty_function_get_k(array(), $smarty);
	243	$_items = $smarty->get_template_vars('get_k');
	244	}
	245	else
	246	{
	247	require_once(SMARTY_PLUGIN_DIR.'/function.get_children.php');
	248	smarty_function_get_children(
	249	array('orderby' => 'desc', 'orderby_type' => 'time'), $smarty);
	250	$_items = $smarty->get_template_vars('get_children');
	251	}
	252
	253	foreach ($_items as $_item)
	254	{
	255	$item = new FeedItem();
	256	$item->title = $_item['node_name'];
	257	$item->link = "http://".SYSTEM_URL."/id/".$_item['node_id'];
	258	$item->description = $_item['node_content'];
	259	$rss->addItem($item);
	260	}
	261	}
	262
	263	if ($permissions['r']) $rss->showFeed($_feedType);
	264	exit();
	265	}
	266
	267	_checkPermissions();
	268
	269	//entering the node
	270
	271	//sventest
	272	if (($permissions['r']) \|\| ($event != 'register')) {
	273
	274	//performing node_events (based on update/insert/delete db queries)
	275	if ($event) {
	276	require(INCLUDE_DIR.'eventz.inc');
	277	}
	278
	279	elseif ($transaction) {
	280	require(INCLUDE_DIR.'transaction.inc');
	281	}
	282	//end of performing node events
	283
	284	//sventest
	285	}
	286
	287
	288	if ($permissions['r']) {
	289
	290	// these 4 lines are not the source of kyberia lagging problems.
	291	// leave them. started on the 10.4.
	292	// data gained will be used for scientific purposes
	293
	294	// if (isset($_SESSION['user_id']) {
	295	// log_levenshtein($_SESSION['user_id'],$node['node_id']);
	296	// }
	297
	298	if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) {
	299	$q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
	300	$db->update($q);
	301	}
	302
	303	//if node is css
	304	//XXX into function
	305	if ($node['template_id']!='2019721'){
	306
	307	logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
	308	if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) {
	309	$q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
	310	// echo $q;
	311	$result=$db->update($q);
	312
	313	if (!$result) {
	314	$q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()";
	315	$db->query($q);
	316	}
	317	}//end of if node os css
	318	}
	319
	320	}
	321
	322	//XXX into function
	323	// if (isset($_SESSION['user_id']) {
	324	// if (isset($referer_id)) {
	325	// update_nodes($_SESSION['user_id'],$node['node_id'],$referer_id);
	326	// } else {
	327	// update_nodes($_SESSION['user_id'],$node['node_id'],0);
	328	// }
	329	// }
	330
	331	// DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
	332	//creating neural network
	333	$db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
	334	if (isset($referer_id) && is_numeric($referer_id)) {
	335	$q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
	336	$result=$db->update($q);
	337	if (!$result) {
	338	$q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
	339	$db->query($q);
	340	}
	341	}
	342
	343
	344	elseif (!$permissions['r'] && $_GET['magic_word']) {
	345	$magic_word_big=$_GET['magic_word'];
	346
	347	if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) {
	348	$magic_uid=$mu['1'];
	349	$magic_word=addslashes($mu['2']);
	350	// XXX WTF column magic_word does not exists
	351	$q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'";
	352	$set=$db->query($q);
	353	if ($set->getNumRows()) {
	354	$permissions['r']=true;
	355	}
	356	}
	357	}
	358
	359
	360
	361
	362
	363	else {
	364	logger::log('enter',$node['node_id'],'failed');
	365	}
	366
	367
	368
	369	//assigning user data to smarty if user logged in
	370	if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
	371	$smarty->assign('_POST',$_POST);
	372	$smarty->assign('bookmarks',$_SESSION['bookmarks']);
	373	$smarty->assign('ignore',$_SESSION['ignore']);
	374	$smarty->assign('bookstyl',$_SESSION['bookstyl']);
	375	$smarty->assign('fook',$_SESSION['fook']);
	376	$smarty->assign('user_id',$_SESSION['user_id']);
	377	if (!empty($_SESSION['cube_vector']))
	378	$smarty->assign('cube_vector',$_SESSION['cube_vector']);
	379	$smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
	380	$smarty->assign('user_quota',$_SESSION['user_quota']);
	381
	382	// XXX into function
	383	$newmail_q = sprintf('select u.user_mail_id
	384	, u.user_k
	385	, u.k_wallet
	386	, u.user_mail
	387	, ms.user_id as mail_sender_id
	388	, ms.login as mail_sender
	389	from users u
	390	left join users ms on ms.user_id = u.user_mail_id
	391	where u.user_id = %d',
	392	$user_id);
	393	$newmailset = $db->query($newmail_q);
	394
	395
	396	$newmailset->next();
	397	$new_mail=$newmailset->getString('user_mail');
	398	// XXX into function
	399	$newmailset2 = $db->query("select users.user_mail_id,mailsender.login
	400	from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
	401	$newmailset2->next();
	402	$smarty->assign('new_mail',$new_mail);
	403	$smarty->assign('new_mail_name',$newmailset->getString('mail_sender'));
	404	$smarty->assign('new_mail_name2',$newmailset2->getString('login'));
	405	$user_k=$newmailset->getString('user_k');
	406	$smarty->assign('user_k',$user_k);
	407	$k_wallet=$newmailset->getString('k_wallet');
	408	$smarty->assign('k_wallet',$k_wallet);
	409	$user_id=$_SESSION['user_id'];
	410
	411	//mail node
	412	if ($node['node_name']=='mail') {
	413
	414	//clear new mail message
	415
	416	if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'");
	417
	418	//set messages as delivered to recipient
	419	$set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'");
	420	while($set->next()) {
	421	$db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'");
	422	$db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'");
	423
	424	$new_messages[$set->getString('mail_id')]=true;
	425	}
	426	/*
	427	if (count($new_messages)) {
	428	$db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'");
	429	$smarty->assign('new_messages',$new_messages);
	430
	431	}
	432	*/
	433	}
	434	}
	435
	436
	437
	438	if ($node['node_system_access']=='crypto') {
	439	$smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]);
	440	}
	441
	442	$smarty->assign('error',$error);
	443	$smarty->assign('permissions',$permissions);
	444	$smarty->assign('current_vector',$node['node_vector']);
	445	if ($permissions['r']) $smarty->assign('node',$node);
	446	else {
	447
	448	$smarty->assign('node',$node);
	449	//new templates by Dark matter
	450	$smarty->template_dir=OWN_TEMPLATE_DIR;
	451
	452	$smarty->display('1549864.tpl');
	453	$smarty->display('1549885.tpl');
	454	$smarty->display('630526.tpl');
	455	die();
	456
	457	//redirect to mainpage
	458	// looks like poeple totaly hate this redirect!
	459	// header("Location: /id/1");
	460	}
	461
	462
	463	// XXX into function
	464	if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){
	465	//setting user location
	466	$q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
	467	$db->executequery($q);
	468	}
	469
	470	$whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
	471	$smarty->assign('whole_time',$whole_time);
	472
	473
	474	if ($template_id=='download' OR $template_id=='download.jpg') {
	475	if ($permissions['r']) {
	476	$linkname = SYSTEM_ROOT."/files/".$node['node_id'];
	477	$filename= readlink($linkname);
	478	$suffix=preg_replace("/(.?)\.(.?)/i","$2",$filename);
	479
	480	$ext = substr( $filename,-3 );
	481	if( $filename == "" ) {
	482	echo "ERROR: Empty file to download. ";
	483	exit;
	484	} elseif ( ! file_exists( $filename ) ) {
	485	exit;
	486	};
	487	switch( strtolower($ext) ){
	488	case "pdf": $ctype="application/pdf"; break;
	489	case "exe": $ctype="application/octet-stream"; break;
	490	case "zip": $ctype="application/zip"; break;
	491	case "doc": $ctype="application/msword"; break;
	492	case "xls": $ctype="application/vnd.ms-excel"; break;
	493	case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
	494	case "gif": $ctype="image/gif"; break;
	495	case "png": $ctype="image/png"; break;
	496	case "jpg": $ctype="image/jpg"; break;
	497	default: $ctype="application/force-download";
	498	}
	499	$file=str_replace(" ","_",$node['node_name']).".$ext";
	500	header("Pragma: public");
	501	header("Expires: 0");
	502	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
	503	header("Content-Type: $ctype");
	504	$user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]);
	505	if ((is_integer (strpos($user_agent, "msie"))) && (is_integer
	506	(strpos($user_agent, "win")))) {
	507	header( "Content-Disposition: filename=$file;" );
	508	} else {
	509	header( "Content-Disposition: attachment;
	510	filename=$file;" );
	511	}
	512	header("Content-Transfer-Encoding: binary");
	513	header("Content-Length: ".filesize($filename));
	514	readfile("$filename");
	515	exit();
	516	}
	517	else { echo "you don't have permissions for downloading this data"; die(); }
	518	}
	519
	520	if ($node['template_id']=='2019721'){
	521	Header("Cache-control: max-age=3600");
	522	}else{
	523	Header("Cache-control: no-cache");
	524	Header("Expires:".gmdate("D, d M Y H:i:s")." GMT");
	525	header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
	526	}
	527
	528
	529	//for cases like search & preview
	530	$smarty->assign('post_vars',$_POST);
	531	if (!empty($_POST['template_event'])) {
	532	$smarty->assign('template_event',$_POST['template_event']);
	533
	534	}
	535
	536	//setting listing parameters
	537	$children_count=$node['node_children_count'];
	538	$descendant_count=$node['node_descendant_count'];
	539
	540	if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) {
	541	$listing_amount=mysql_real_escape_string($_POST['listing_amount']);
	542	}elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
	543	else $listing_amount=DEFAULT_LISTING_AMOUNT;
	544	$smarty->assign('listing_amount',$listing_amount);
	545
	546	if (isset($_POST['listing_order']) && $_POST['listing_order']) {
	547	$listing_order=mysql_real_escape_string($_POST['listing_order']);
	548	} elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
	549	else $listing_order=DEFAULT_LISTING_ORDER;
	550	$smarty->assign('listing_order',$listing_order);
	551
	552	if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) {
	553	$offset=$_POST['get_children_offset'];
	554	} else { $offset=0; }
	555
	556
	557	//movement forward and backward
	558	// if ($listing_order=='asc' && !$offset) $offset=$descendant_count-$listing_amount;
	559
	560	if ($_POST['get_children_move']=='<') {
	561	$offset=$offset-$listing_amount;
	562	if ($offset<0) $offset=0;
	563	}
	564	elseif ($_POST['get_children_move']=='>') {
	565	$offset=$offset+$listing_amount;
	566	}
	567	elseif ($_POST['get_children_move']=='>>') {
	568	$offset=$descendant_count-$listing_amount;
	569	}
	570
	571	elseif ($_POST['get_children_move']=='<<') {
	572	$offset=0;
	573	}
	574	if ($offset<0) $offset=0;
	575	$_POST['offset']=$offset;
	576	$smarty->assign('offset',$offset);
	577
	578
	579	if ($node['external_link']=='header://svg' && !is_numeric($template_id)) {
	580	header("Content-Type: image/svg+xml");
	581	}
	582
	583	//show own header
	584	elseif (isset($_SESSION['header_id']) && ($_SESSION['header_id']==true)) {
	585	$smarty->assign('header_id',$_SESSION['header_id']);
	586	$smarty->template_dir=OWN_TEMPLATE_DIR;
	587	$content=$smarty->fetch($_SESSION['header_id'].".tpl");
	588	$smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET;
	589	//not registered user
	590	if ($_SESSION['header_id']==2091520) {
	591	echo $content;
	592	session_destroy();
	593	die();
	594	}
	595	}
	596
	597	$smarty->template_dir=OWN_TEMPLATE_DIR;
	598
	599	if (is_numeric($template_id)) {
	600	$content.=$smarty->fetch($template_id.".tpl");
	601	}
	602
	603	else {
	604	$template_id=$node['template_id'];
	605	$content.=$smarty->fetch($node['template_id'].".tpl");
	606	}
	607
	608	if ($template_id=='2019721'){
	609	$content=$smarty->fetch($template_id.".tpl");
	610	echo $content;
	611	}else{
	612	$time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
	613	echo $content;
	614	// echo "<center>page generation took: $time second</center>";
	615	}
	616	//end of displaying
	617
	618	// output buffering forcing (mx)
	619	if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_end_flush();
	620
	621	?>