GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fixed TODO
[mirrors/Kyberia-bloodline.git] / wwwroot / nodes.php
1 <?php
2 // output buffering forcing (mx)
3 if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();
4
5 //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
6 //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
7 //exit;
8
9 //starting timer for benchmarking purposes
10 $timer_start=Time()+SubStr(MicroTime(),0,8);
11
12 //setting PHPSESSID cookie and starting user session
13 session_start();
14
15 error_reporting(1);
16 $_SESSION['debugging']=1;
17 //exit;
18
19
20 if ($_SESSION['debugging']) {
21
22 error_reporting(E_ALL);
23 echo "GET VARIABLES::<br/>";
24 print_r($_GET);
25 echo "POST VARIABLES::<br/>";
26 print_r($_POST);
27 echo "<b>SESSION VARIABLES::</b><br/>";
28 print_r($_SESSION);
29 }
30
31 //requiring main config file with path/database etc. constants
32 require('config/config.inc');
33 require(INCLUDE_DIR.'senate.inc');
34
35 preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
36 $referer_id=$ref_match[1];
37
38 //connecting to database and creating universal $db object
39 require(INCLUDE_DIR.'log.inc');
40 require(INCLUDE_DIR.'ubik.inc');
41 require(INCLUDE_DIR.'nodes.inc');
42 require(INCLUDE_DIR.'error_messages.inc');
43 require(INCLUDE_DIR.'database.inc');
44
45 $db = new CLASS_DATABASE();
46 //$logger = new logger; //XXX
47
48 if (!empty($_GET['template_id'])) {
49 $template_id=$_GET['template_id'];
50 }
51 else $template_id=false;
52
53 //initializing node methods
54 if (!empty($_GET['node_name'])) {
55 $node = nodes::redirByName($_GET['node_name']);
56 }
57 elseif (!empty($_GET['node_id'])) {
58 $node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']);
59 }
60
61 //XXX Paths are wrong (!)
62 //loading smarty template engine and setting main parameters
63 require(SMARTY_DIR.'Smarty.class.php');
64 $smarty = new Smarty;
65
66 //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
67 $smarty->template_dir = TEMPLATE_DIR;
68 //echo TEMPLATE_DIR.TEMPLATE_SET;
69 //echo $smarty->template_dir;
70 $smarty->compile_dir = SYSTEM_DATA."templates_c/";
71 $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
72 $smarty->cache_dir = SMARTY_DIR.'cache/';
73 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
74 if ($_SESSION['debugging']) $smarty->debugging=true;
75
76 // initializing variables
77 // preg_replace prevents LFI
78 if (empty($_POST['event'])) $event=false;
79 else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
80
81
82 if ($_SESSION['debugging']) {
83 echo "<pre><b>NODE::";
84 print_r($node);
85 echo "</pre>";
86 }
87
88 if ($node['node_creator']==$_SESSION['user_id']) $node['node_permission']='owner';
89
90 if ($_SESSION['cube_vector']) {
91 if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
92 echo "node::".$node['node_vector'];
93 echo "cube_Vector::".$_SESSION['cube_vector'];
94 echo "you are out of allowed cwbe. access forbidden";
95 die();
96 }
97 }
98
99 //if not existent node show our own 404
100 if (empty($node)) {
101 $nodes= nodes::getNodesByName($_GET['node_name']);
102 if ($nodes) {
103 $smarty->assign('nodes',$nodes);
104 $content=$smarty->display("404.tpl");
105 die();
106 }
107 elseif ($_SESSION['user_id']) {
108 $smarty->assign('node_name',$_GET['node_name']);
109 $content=$smarty->display("modules/addnode.tpl");
110 }
111 }
112
113 //modifying node glass pearl
114 if (is_array($children_types[$node['node_type']])) $smarty->assign('children_types',$children_types[$node['node_type']]);
115 $smarty->assign('types',$types);
116
117
118 //$node['node_type']=$types[$node['node_type']];
119 $node['node_content']=StripSlashes($node['node_content']);
120 $node['node_name']=StripSlashes($node['node_name']);
121
122 //checking permissions
123 function _checkPermissions()
124 {
125 global $permissions, $node;
126
127 require(INCLUDE_DIR.'permissions.inc');
128 $permissions=permissions::checkPermissions($node);
129 $permissions['h']=permissions::isHierarch($node);
130 }
131
132 // mail rss
133 if ($template_id=='rss')
134 {
135 $_feedType = "RSS0.91";
136 if (!is_numeric($_SESSION['user_id']))
137 {
138 if (!isset($_SERVER['PHP_AUTH_USER'])) {
139 header('WWW-Authenticate: Basic realm="Kyberia"');
140 header('HTTP/1.0 401 Unauthorized');
141 echo 'Cancel button';
142 exit;
143 }
144 else
145 {
146 require_once(EVENT_DIR.'/login.inc');
147 $_POST['login'] = $_SERVER['PHP_AUTH_USER'];
148 $_POST['password'] = $_SERVER['PHP_AUTH_PW'];
149 $_POST['login_type'] = "name";
150 if (!login())
151 {
152 echo "Zle meno/heslo.";
153 exit();
154 }
155 }
156 }
157
158 _checkPermissions();
159
160 // Mail
161 if ($_GET['node_id']==='24' && $permissions['r'])
162 {
163 require_once(INCLUDE_DIR.'/feedcreator.class.php');
164
165 $rss = new UniversalFeedCreator();
166 $rss->title = "Kyberia mail";
167 $rss->description = "";
168 $rss->link = "https://". SYSTEM_URL . "/id/24";
169
170 $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas,
171 userfrom.user_action as locationfrom_action,
172 userfrom.user_action_id as locationfrom_action_id,
173 userto.user_action as locationto_action,
174 userto.user_action_id as locationto_action_id,
175 userto.login as mail_to_name, userfrom.login as mail_from_name,
176 mail.* from mail left join users as userfrom on
177 mail_from=userfrom.user_id left join users as userto on mail_to=userto.user_id
178 where mail_user='$_SESSION[user_id]' and mail_to='$_SESSION[user_id]' order by mail_id desc limit 0,10";
179
180 $set = $db->query($query);
181
182 while($set->next()) {
183 $m = $set->getRecord();
184 if ($m['mail_to'] != $_SESSION['user_id'])
185 continue;
186 $item = new FeedItem();
187 $item->title = $m['mail_from_name'];
188 $item->link = "https://".SYSTEM_URL."/id/24";
189 $item->description = $m['mail_text'];
190 $rss->addItem($item);
191 }
192 }
193 // bookmarks
194 elseif ($_GET['node_id']=='19' && $permissions['r'])
195 {
196 require_once(INCLUDE_DIR.'/feedcreator.class.php');
197
198 $rss = new UniversalFeedCreator();
199 $rss->title = "Kyberia bookmarks";
200 $rss->link = "http://".SYSTEM_URL."/id/19";
201
202 require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php');
203 smarty_function_get_bookmarks(array(), $smarty);
204 $_items = $smarty->get_template_vars('get_bookmarks');
205 foreach ($_items as $_item)
206 {
207 if (is_array($_item['children']))
208 foreach ($_item['children'] as $_b)
209 {
210 $item = new FeedItem();
211 $item->title = $_b['node_name'];
212 $item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss";
213 $rss->addItem($item);
214 }
215 }
216 $_feedType = 'OPML';
217 }
218 elseif ($permissions['r'])
219 {
220 require_once(INCLUDE_DIR.'/feedcreator.class.php');
221
222 $rss = new UniversalFeedCreator();
223 $rss->title = $node['node_name'];
224 $rss->description = "";
225 $rss->link = "http://".SYSTEM_URL."/id/".$node['node_id'];
226
227 // K list
228 if ($_GET['node_id']=='15')
229 {
230 require_once(SMARTY_PLUGIN_DIR.'/function.get_k.php');
231 smarty_function_get_k(array(), $smarty);
232 $_items = $smarty->get_template_vars('get_k');
233 }
234 else
235 {
236 require_once(SMARTY_PLUGIN_DIR.'/function.get_children.php');
237 smarty_function_get_children(
238 array('orderby' => 'desc', 'orderby_type' => 'time'), $smarty);
239 $_items = $smarty->get_template_vars('get_children');
240 }
241
242 foreach ($_items as $_item)
243 {
244 $item = new FeedItem();
245 $item->title = $_item['node_name'];
246 $item->link = "http://".SYSTEM_URL."/id/".$_item['node_id'];
247 $item->description = $_item['node_content'];
248 $rss->addItem($item);
249 }
250 }
251
252 if ($permissions['r']) $rss->showFeed($_feedType);
253 exit();
254 }
255
256 _checkPermissions();
257
258 //entering the node
259
260 //sventest
261 if (($permissions['r']) || ($event != 'register')) {
262
263 //performing node_events (based on update/insert/delete db queries)
264 if ($event) {
265 require(INCLUDE_DIR.'eventz.inc');
266 }
267
268 elseif ($transaction) {
269 require(INCLUDE_DIR.'transaction.inc');
270 }
271 //end of performing node events
272
273 //sventest
274 }
275
276
277 if ($permissions['r']) {
278
279 //these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes
280 if ($_SESSION['user_id']) {
281 $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
282 $db->update($q);
283 }
284
285 //if node is css
286 if ($node['template_id']!='2019721'){
287
288 logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
289 if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) {
290 $q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
291 // echo $q;
292 $result=$db->update($q);
293
294 if (!$result) {
295 $q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()";
296 $db->query($q);
297 }
298 }//end of if node os css
299 }
300
301
302 }
303 // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
304 //creating neural network
305 $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
306 if (is_numeric($referer_id)) {
307 $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
308 $result=$db->update($q);
309 if (!$result) {
310 $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
311 $db->query($q);
312 }
313 }
314
315
316 elseif (!$permissions['r'] && $_GET['magic_word']) {
317 $magic_word_big=$_GET['magic_word'];
318
319 if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) {
320 $magic_uid=$mu['1'];
321 $magic_word=addslashes($mu['2']);
322 $q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'";
323 $set=$db->query($q);
324 if ($set->getNumRows()) {
325 $permissions['r']=true;
326 }
327 }
328 }
329
330
331
332
333
334 else {
335 logger::log('enter',$node['node_id'],'failed');
336 }
337
338
339
340 //assigning user data to smarty if user logged in
341 if ($user_id=$_SESSION['user_id']) {
342 $smarty->assign('_POST',$_POST);
343 $smarty->assign('bookmarks',$_SESSION['bookmarks']);
344 $smarty->assign('ignore',$_SESSION['ignore']);
345 $smarty->assign('bookstyl',$_SESSION['bookstyl']);
346 $smarty->assign('fook',$_SESSION['fook']);
347 $smarty->assign('user_id',$_SESSION['user_id']);
348 if (!empty($_SESSION['cube_vector']))
349 $smarty->assign('cube_vector',$_SESSION['cube_vector']);
350 $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
351 $smarty->assign('user_quota',$_SESSION['user_quota']);
352
353 $newmail_q = sprintf('select u.user_mail_id
354 , u.user_k
355 , u.k_wallet
356 , u.user_mail
357 , ms.user_id as mail_sender_id
358 , ms.login as mail_sender
359 from users u
360 left join users ms on ms.user_id = u.user_mail_id
361 where u.user_id = %d',
362 $user_id);
363 $newmailset = $db->query($newmail_q);
364
365 //$newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
366
367 $newmailset->next();
368 $new_mail=$newmailset->getString('user_mail');
369 $newmailset2 = $db->query("select users.user_mail_id,mailsender.login
370 from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
371 $newmailset2->next();
372 $smarty->assign('new_mail',$new_mail);
373 $smarty->assign('new_mail_name',$newmailset->getString('mail_sender'));
374 $smarty->assign('new_mail_name2',$newmailset2->getString('login'));
375 $user_k=$newmailset->getString('user_k');
376 $smarty->assign('user_k',$user_k);
377 $k_wallet=$newmailset->getString('k_wallet');
378 $smarty->assign('k_wallet',$k_wallet);
379 $user_id=$_SESSION['user_id'];
380
381 //mail node
382 if ($node['node_name']=='mail') {
383
384 //clear new mail message
385 if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'");
386
387 //set messages as delivered to recipient
388 $set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'");
389 while($set->next()) {
390 $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'");
391 $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'");
392
393 $new_messages[$set->getString('mail_id')]=true;
394 }
395 /*
396 if (count($new_messages)) {
397 $db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'");
398 $smarty->assign('new_messages',$new_messages);
399
400 }
401 */
402 }
403 }
404
405
406
407 if ($node['node_system_access']=='crypto') {
408 $smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]);
409 }
410
411 $smarty->assign('error',$error);
412 $smarty->assign('permissions',$permissions);
413 $smarty->assign('current_vector',$node['node_vector']);
414 if ($permissions['r']) $smarty->assign('node',$node);
415 else {
416
417 $smarty->assign('node',$node);
418 //new templates by Dark matter
419 $smarty->template_dir=OWN_TEMPLATE_DIR;
420
421 $smarty->display('1549864.tpl');
422 $smarty->display('1549885.tpl');
423 $smarty->display('630526.tpl');
424 die();
425
426 //redirect to mainpage
427 // looks like poeple totaly hate this redirect!
428 // header("Location: /id/1");
429 }
430
431
432 if ($node['template_id']!='2019721'){
433 //setting user location
434 $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
435 $db->executequery($q);
436 }
437
438 $whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
439 $smarty->assign('whole_time',$whole_time);
440
441
442 if ($template_id=='download' OR $template_id=='download.jpg') {
443 if ($permissions['r']) {
444 $linkname = SYSTEM_ROOT."/files/".$node['node_id'];
445 $filename= readlink($linkname);
446 $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename);
447
448 $ext = substr( $filename,-3 );
449 if( $filename == "" ) {
450 echo "ERROR: Empty file to download. ";
451 exit;
452 } elseif ( ! file_exists( $filename ) ) {
453 exit;
454 };
455 switch( strtolower($ext) ){
456 case "pdf": $ctype="application/pdf"; break;
457 case "exe": $ctype="application/octet-stream"; break;
458 case "zip": $ctype="application/zip"; break;
459 case "doc": $ctype="application/msword"; break;
460 case "xls": $ctype="application/vnd.ms-excel"; break;
461 case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
462 case "gif": $ctype="image/gif"; break;
463 case "png": $ctype="image/png"; break;
464 case "jpg": $ctype="image/jpg"; break;
465 default: $ctype="application/force-download";
466 }
467 $file=str_replace(" ","_",$node['node_name']).".$ext";
468 header("Pragma: public");
469 header("Expires: 0");
470 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
471 header("Content-Type: $ctype");
472 $user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]);
473 if ((is_integer (strpos($user_agent, "msie"))) && (is_integer
474 (strpos($user_agent, "win")))) {
475 header( "Content-Disposition: filename=$file;" );
476 } else {
477 header( "Content-Disposition: attachment;
478 filename=$file;" );
479 }
480 header("Content-Transfer-Encoding: binary");
481 header("Content-Length: ".filesize($filename));
482 readfile("$filename");
483 exit();
484 }
485 else { echo "you don't have permissions for downloading this data"; die(); }
486 }
487
488 if ($node['template_id']=='2019721'){
489 Header("Cache-control: max-age=3600");
490 }else{
491 Header("Cache-control: no-cache");
492 Header("Expires:".gmdate("D, d M Y H:i:s")." GMT");
493 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
494 }
495
496
497 //for cases like search & preview
498 $smarty->assign('post_vars',$_POST);
499 if (!empty($_POST['template_event'])) {
500 $smarty->assign('template_event',$_POST['template_event']);
501
502 }
503
504 //setting listing parameters
505 $children_count=$node['node_children_count'];
506 $descendant_count=$node['node_descendant_count'];
507
508 if (is_numeric($_POST['listing_amount'])) $listing_amount=$_POST['listing_amount'];
509 elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
510 else $listing_amount=DEFAULT_LISTING_AMOUNT;
511 $smarty->assign('listing_amount',$listing_amount);
512
513 if ($_POST['listing_order']) $listing_order=$_POST['listing_order'];
514 elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
515 else $listing_order=DEFAULT_LISTING_ORDER;
516 $smarty->assign('listing_order',$listing_order);
517
518 if (is_numeric($_POST['get_children_offset'])) $offset=$_POST['get_children_offset'];
519 else $offset=0;
520
521
522 //movement forward and backward
523 // if ($listing_order=='asc' && !$offset) $offset=$descendant_count-$listing_amount;
524
525 if ($_POST['get_children_move']=='<') {
526 $offset=$offset-$listing_amount;
527 if ($offset<0) $offset=0;
528 }
529 elseif ($_POST['get_children_move']=='>') {
530 $offset=$offset+$listing_amount;
531 }
532 elseif ($_POST['get_children_move']=='>>') {
533 $offset=$descendant_count-$listing_amount;
534 }
535
536 elseif ($_POST['get_children_move']=='<<') {
537 $offset=0;
538 }
539 if ($offset<0) $offset=0;
540 $_POST['offset']=$offset;
541 $smarty->assign('offset',$offset);
542
543
544 if ($node['external_link']=='header://svg' && !is_numeric($template_id)) {
545 header("Content-Type: image/svg+xml");
546 }
547
548 //show own header
549 elseif ($_SESSION['header_id']==true) {
550 $smarty->assign('header_id',$_SESSION['header_id']);
551 $smarty->template_dir=OWN_TEMPLATE_DIR;
552 $content=$smarty->fetch($_SESSION['header_id'].".tpl");
553 $smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET;
554 //not registered user
555 if ($_SESSION['header_id']==2091520) {
556 echo $content;
557 session_destroy();
558 die();
559 }
560 }
561
562 $smarty->template_dir=OWN_TEMPLATE_DIR;
563
564 if (is_numeric($template_id)) {
565 $content.=$smarty->fetch($template_id.".tpl");
566 }
567
568 else {
569 $template_id=$node['template_id'];
570 $content.=$smarty->fetch($node['template_id'].".tpl");
571 }
572
573 if ($template_id=='2019721'){
574 $content=$smarty->fetch($template_id.".tpl");
575 echo $content;
576 }else{
577 $time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
578 echo $content;
579 // echo "<center>page generation took: $time second</center>";
580 }
581 //end of displaying
582
583 // output buffering forcing (mx)
584 if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_end_flush();
585
586 ?>
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Thu, 27 Jun 2024 23:20:08 +0200)
This page took 1.698228 seconds and 4 git commands to generate.