GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Added minor comments, started movil SQL into backed, register update
[mirrors/Kyberia-bloodline.git] / wwwroot / nodes.php
1 <?php
2 // output buffering forcing (mx)
3 if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();
4
5 //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
6 //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
7 //exit;
8
9 //starting timer for benchmarking purposes
10 $timer_start=Time()+SubStr(MicroTime(),0,8);
11
12 //setting PHPSESSID cookie and starting user session
13 session_start();
14
15 error_reporting(1);
16 //$_SESSION['debugging']=1;
17 //exit;
18
19
20 if ($_SESSION['debugging']) {
21
22 error_reporting(E_ALL);
23 echo "GET VARIABLES::<br/>";
24 print_r($_GET);
25 echo "POST VARIABLES::<br/>";
26 print_r($_POST);
27 echo "<b>SESSION VARIABLES::</b><br/>";
28 print_r($_SESSION);
29 }
30
31 //requiring main config file with path/database etc. constants
32 require('config/config.inc');
33 require(INCLUDE_DIR.'senate.inc');
34
35 if (isset($_SERVER['HTTP_REFERER'])) {
36 preg_match("/id\/([0-9]*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
37 $referer_id=$ref_match[1];
38 }
39
40 //connecting to database and creating universal $db object
41 require(INCLUDE_DIR.'log.inc');
42 require(INCLUDE_DIR.'ubik.inc');
43 require(INCLUDE_DIR.'nodes.inc');
44 require(INCLUDE_DIR.'error_messages.inc');
45 require(INCLUDE_DIR.'database.inc');
46
47 $db = new CLASS_DATABASE();
48
49 if (!empty($_GET['template_id'])) {
50 $template_id=$_GET['template_id'];
51 } else {
52 $template_id=false;
53 }
54
55 //initializing node methods
56 if (!empty($_GET['node_name'])) {
57 $node = nodes::redirByName($_GET['node_name']);
58 } elseif (!empty($_GET['node_id'])) {
59 $node = nodes::getNodeById($_GET['node_id'],
60 (isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
61 }
62
63 //XXX Paths are wrong (!)
64 //loading smarty template engine and setting main parameters
65 require(SMARTY_DIR.'Smarty.class.php');
66 $smarty = new Smarty;
67
68 //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
69 $smarty->template_dir = TEMPLATE_DIR;
70 //echo TEMPLATE_DIR.TEMPLATE_SET;
71 //echo $smarty->template_dir;
72 $smarty->compile_dir = SYSTEM_DATA."templates_c/";
73 $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
74 $smarty->cache_dir = SMARTY_DIR.'cache/';
75 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
76 if ($_SESSION['debugging']) $smarty->debugging=true;
77
78 // initializing variables
79 // preg_replace prevents LFI
80 if (empty($_POST['event'])) $event=false;
81 else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
82
83
84 if ($_SESSION['debugging']) {
85 echo "<pre><b>NODE::";
86 print_r($node);
87 echo "</pre>";
88 }
89
90 if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
91 $node['node_permission']='owner';
92 }
93
94 if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
95 if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
96 echo "node::".$node['node_vector'];
97 echo "cube_Vector::".$_SESSION['cube_vector'];
98 echo "you are out of allowed cwbe. access forbidden";
99 die();
100 }
101 }
102
103 //if not existent node show our own 404
104 if (empty($node)) {
105 $nodes= nodes::getNodesByName($_GET['node_name']);
106 if ($nodes) {
107 $smarty->assign('nodes',$nodes);
108 $content=$smarty->display("404.tpl");
109 die();
110 }
111 elseif ($_SESSION['user_id']) {
112 $smarty->assign('node_name',$_GET['node_name']);
113 $content=$smarty->display("modules/addnode.tpl");
114 }
115 }
116
117 //modifying node glass pearl //XXX WTF
118 if (is_array($children_types[$node['node_type']])) {
119 $smarty->assign('children_types',$children_types[$node['node_type']]);
120 }
121 $smarty->assign('types',$types);
122
123
124 //$node['node_type']=$types[$node['node_type']];
125 $node['node_content']= StripSlashes($node['node_content']);
126 $node['node_name']= StripSlashes($node['node_name']);
127
128 //checking permissions
129 function _checkPermissions()
130 {
131 global $permissions, $node;
132
133 require(INCLUDE_DIR.'permissions.inc');
134 $permissions=permissions::checkPermissions($node);
135 $permissions['h']=permissions::isHierarch($node);
136 }
137
138 // mail rss
139 if ($template_id=='rss') //XXX WHAT?
140 {
141 $_feedType = "RSS0.91";
142 if (!is_numeric($_SESSION['user_id']))
143 {
144 if (!isset($_SERVER['PHP_AUTH_USER'])) {
145 header('WWW-Authenticate: Basic realm="Kyberia"');
146 header('HTTP/1.0 401 Unauthorized');
147 echo 'Cancel button';
148 exit;
149 }
150 else
151 {
152 require_once(EVENT_DIR.'/login.inc');
153 $_POST['login'] = $_SERVER['PHP_AUTH_USER'];
154 $_POST['password'] = $_SERVER['PHP_AUTH_PW'];
155 $_POST['login_type'] = "name";
156 if (!login())
157 {
158 echo "Zle meno/heslo.";
159 exit();
160 }
161 }
162 }
163
164 _checkPermissions();
165
166 // Mail
167 if ($_GET['node_id']==='24' && $permissions['r'])
168 {
169 require_once(INCLUDE_DIR.'/feedcreator.class.php');
170
171 $rss = new UniversalFeedCreator();
172 $rss->title = "Kyberia mail";
173 $rss->description = "";
174 $rss->link = "https://". SYSTEM_URL . "/id/24";
175
176 //XXX into function
177 $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas,
178 userfrom.user_action as locationfrom_action,
179 userfrom.user_action_id as locationfrom_action_id,
180 userto.user_action as locationto_action,
181 userto.user_action_id as locationto_action_id,
182 userto.login as mail_to_name, userfrom.login as mail_from_name,
183 mail.* from mail left join users as userfrom on
184 mail_from=userfrom.user_id left join users as userto on mail_to=userto.user_id
185 where mail_user='$_SESSION[user_id]' and mail_to='$_SESSION[user_id]' order by mail_id desc limit 0,10";
186
187 $set = $db->query($query);
188
189 while($set->next()) {
190 $m = $set->getRecord();
191 if ($m['mail_to'] != $_SESSION['user_id'])
192 continue;
193 $item = new FeedItem();
194 $item->title = $m['mail_from_name'];
195 $item->link = "https://".SYSTEM_URL."/id/24";
196 $item->description = $m['mail_text'];
197 $rss->addItem($item);
198 }
199 }
200 // bookmarks
201 elseif ($_GET['node_id']=='19' && $permissions['r'])
202 {
203 require_once(INCLUDE_DIR.'/feedcreator.class.php');
204
205 $rss = new UniversalFeedCreator();
206 $rss->title = "Kyberia bookmarks";
207 $rss->link = "http://".SYSTEM_URL."/id/19"; //XXX https ?
208
209 require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php');
210 smarty_function_get_bookmarks(array(), $smarty);
211 $_items = $smarty->get_template_vars('get_bookmarks');
212 foreach ($_items as $_item)
213 {
214 if (is_array($_item['children']))
215 foreach ($_item['children'] as $_b)
216 {
217 $item = new FeedItem();
218 $item->title = $_b['node_name'];
219 $item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss";
220 $rss->addItem($item);
221 }
222 }
223 $_feedType = 'OPML';
224 }
225 elseif ($permissions['r'])
226 {
227 require_once(INCLUDE_DIR.'/feedcreator.class.php');
228
229 $rss = new UniversalFeedCreator();
230 $rss->title = $node['node_name'];
231 $rss->description = "";
232 $rss->link = "http://".SYSTEM_URL."/id/".$node['node_id'];
233
234 // K list
235 if ($_GET['node_id']=='15')
236 {
237 require_once(SMARTY_PLUGIN_DIR.'/function.get_k.php');
238 smarty_function_get_k(array(), $smarty);
239 $_items = $smarty->get_template_vars('get_k');
240 }
241 else
242 {
243 require_once(SMARTY_PLUGIN_DIR.'/function.get_children.php');
244 smarty_function_get_children(
245 array('orderby' => 'desc', 'orderby_type' => 'time'), $smarty);
246 $_items = $smarty->get_template_vars('get_children');
247 }
248
249 foreach ($_items as $_item)
250 {
251 $item = new FeedItem();
252 $item->title = $_item['node_name'];
253 $item->link = "http://".SYSTEM_URL."/id/".$_item['node_id'];
254 $item->description = $_item['node_content'];
255 $rss->addItem($item);
256 }
257 }
258
259 if ($permissions['r']) $rss->showFeed($_feedType);
260 exit();
261 }
262
263 _checkPermissions();
264
265 //entering the node
266
267 //sventest
268 if (($permissions['r']) || ($event != 'register')) {
269
270 //performing node_events (based on update/insert/delete db queries)
271 if ($event) {
272 require(INCLUDE_DIR.'eventz.inc');
273 }
274
275 elseif ($transaction) {
276 require(INCLUDE_DIR.'transaction.inc');
277 }
278 //end of performing node events
279
280 //sventest
281 }
282
283
284 if ($permissions['r']) {
285
286 // these 4 lines are not the source of kyberia lagging problems.
287 // leave them. started on the 10.4.
288 // data gained will be used for scientific purposes
289
290 // if (isset($_SESSION['user_id']) {
291 // log_levenshtein($_SESSION['user_id'],$node['node_id']);
292 // }
293
294 if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) {
295 $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
296 $db->update($q);
297 }
298
299 //if node is css
300 //XXX into function
301 if ($node['template_id']!='2019721'){
302
303 logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
304 if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) {
305 $q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
306 // echo $q;
307 $result=$db->update($q);
308
309 if (!$result) {
310 $q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()";
311 $db->query($q);
312 }
313 }//end of if node os css
314 }
315
316 }
317
318 //XXX into function
319 // if (isset($_SESSION['user_id']) {
320 // if (isset($referer_id)) {
321 // update_nodes($_SESSION['user_id'],$node['node_id'],$referer_id);
322 // } else {
323 // update_nodes($_SESSION['user_id'],$node['node_id'],0);
324 // }
325 // }
326
327 // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
328 //creating neural network
329 $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
330 if (isset($referer_id) && is_numeric($referer_id)) {
331 $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
332 $result=$db->update($q);
333 if (!$result) {
334 $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
335 $db->query($q);
336 }
337 }
338
339
340 elseif (!$permissions['r'] && $_GET['magic_word']) {
341 $magic_word_big=$_GET['magic_word'];
342
343 if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) {
344 $magic_uid=$mu['1'];
345 $magic_word=addslashes($mu['2']);
346 // XXX WTF column magic_word does not exists
347 $q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'";
348 $set=$db->query($q);
349 if ($set->getNumRows()) {
350 $permissions['r']=true;
351 }
352 }
353 }
354
355
356
357
358
359 else {
360 logger::log('enter',$node['node_id'],'failed');
361 }
362
363
364
365 //assigning user data to smarty if user logged in
366 if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
367 $smarty->assign('_POST',$_POST);
368 $smarty->assign('bookmarks',$_SESSION['bookmarks']);
369 $smarty->assign('ignore',$_SESSION['ignore']);
370 $smarty->assign('bookstyl',$_SESSION['bookstyl']);
371 $smarty->assign('fook',$_SESSION['fook']);
372 $smarty->assign('user_id',$_SESSION['user_id']);
373 if (!empty($_SESSION['cube_vector']))
374 $smarty->assign('cube_vector',$_SESSION['cube_vector']);
375 $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
376 $smarty->assign('user_quota',$_SESSION['user_quota']);
377
378 // XXX into function
379 $newmail_q = sprintf('select u.user_mail_id
380 , u.user_k
381 , u.k_wallet
382 , u.user_mail
383 , ms.user_id as mail_sender_id
384 , ms.login as mail_sender
385 from users u
386 left join users ms on ms.user_id = u.user_mail_id
387 where u.user_id = %d',
388 $user_id);
389 $newmailset = $db->query($newmail_q);
390
391
392 $newmailset->next();
393 $new_mail=$newmailset->getString('user_mail');
394 // XXX into function
395 $newmailset2 = $db->query("select users.user_mail_id,mailsender.login
396 from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
397 $newmailset2->next();
398 $smarty->assign('new_mail',$new_mail);
399 $smarty->assign('new_mail_name',$newmailset->getString('mail_sender'));
400 $smarty->assign('new_mail_name2',$newmailset2->getString('login'));
401 $user_k=$newmailset->getString('user_k');
402 $smarty->assign('user_k',$user_k);
403 $k_wallet=$newmailset->getString('k_wallet');
404 $smarty->assign('k_wallet',$k_wallet);
405 $user_id=$_SESSION['user_id'];
406
407 //mail node
408 if ($node['node_name']=='mail') {
409
410 //clear new mail message
411
412 if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'");
413
414 //set messages as delivered to recipient
415 $set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'");
416 while($set->next()) {
417 $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'");
418 $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'");
419
420 $new_messages[$set->getString('mail_id')]=true;
421 }
422 /*
423 if (count($new_messages)) {
424 $db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'");
425 $smarty->assign('new_messages',$new_messages);
426
427 }
428 */
429 }
430 }
431
432
433
434 if ($node['node_system_access']=='crypto') {
435 $smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]);
436 }
437
438 $smarty->assign('error',$error);
439 $smarty->assign('permissions',$permissions);
440 $smarty->assign('current_vector',$node['node_vector']);
441 if ($permissions['r']) $smarty->assign('node',$node);
442 else {
443
444 $smarty->assign('node',$node);
445 //new templates by Dark matter
446 $smarty->template_dir=OWN_TEMPLATE_DIR;
447
448 $smarty->display('1549864.tpl');
449 $smarty->display('1549885.tpl');
450 $smarty->display('630526.tpl');
451 die();
452
453 //redirect to mainpage
454 // looks like poeple totaly hate this redirect!
455 // header("Location: /id/1");
456 }
457
458
459 // XXX into function
460 if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){
461 //setting user location
462 $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
463 $db->executequery($q);
464 }
465
466 $whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
467 $smarty->assign('whole_time',$whole_time);
468
469
470 if ($template_id=='download' OR $template_id=='download.jpg') {
471 if ($permissions['r']) {
472 $linkname = SYSTEM_ROOT."/files/".$node['node_id'];
473 $filename= readlink($linkname);
474 $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename);
475
476 $ext = substr( $filename,-3 );
477 if( $filename == "" ) {
478 echo "ERROR: Empty file to download. ";
479 exit;
480 } elseif ( ! file_exists( $filename ) ) {
481 exit;
482 };
483 switch( strtolower($ext) ){
484 case "pdf": $ctype="application/pdf"; break;
485 case "exe": $ctype="application/octet-stream"; break;
486 case "zip": $ctype="application/zip"; break;
487 case "doc": $ctype="application/msword"; break;
488 case "xls": $ctype="application/vnd.ms-excel"; break;
489 case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
490 case "gif": $ctype="image/gif"; break;
491 case "png": $ctype="image/png"; break;
492 case "jpg": $ctype="image/jpg"; break;
493 default: $ctype="application/force-download";
494 }
495 $file=str_replace(" ","_",$node['node_name']).".$ext";
496 header("Pragma: public");
497 header("Expires: 0");
498 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
499 header("Content-Type: $ctype");
500 $user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]);
501 if ((is_integer (strpos($user_agent, "msie"))) && (is_integer
502 (strpos($user_agent, "win")))) {
503 header( "Content-Disposition: filename=$file;" );
504 } else {
505 header( "Content-Disposition: attachment;
506 filename=$file;" );
507 }
508 header("Content-Transfer-Encoding: binary");
509 header("Content-Length: ".filesize($filename));
510 readfile("$filename");
511 exit();
512 }
513 else { echo "you don't have permissions for downloading this data"; die(); }
514 }
515
516 if ($node['template_id']=='2019721'){
517 Header("Cache-control: max-age=3600");
518 }else{
519 Header("Cache-control: no-cache");
520 Header("Expires:".gmdate("D, d M Y H:i:s")." GMT");
521 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
522 }
523
524
525 //for cases like search & preview
526 $smarty->assign('post_vars',$_POST);
527 if (!empty($_POST['template_event'])) {
528 $smarty->assign('template_event',$_POST['template_event']);
529
530 }
531
532 //setting listing parameters
533 $children_count=$node['node_children_count'];
534 $descendant_count=$node['node_descendant_count'];
535
536 if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) {
537 $listing_amount=mysql_real_escape_string($_POST['listing_amount']);
538 }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
539 else $listing_amount=DEFAULT_LISTING_AMOUNT;
540 $smarty->assign('listing_amount',$listing_amount);
541
542 if (isset($_POST['listing_order']) && $_POST['listing_order']) {
543 $listing_order=mysql_real_escape_string($_POST['listing_order']);
544 } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
545 else $listing_order=DEFAULT_LISTING_ORDER;
546 $smarty->assign('listing_order',$listing_order);
547
548 if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) {
549 $offset=$_POST['get_children_offset'];
550 } else { $offset=0; }
551
552
553 //movement forward and backward
554 // if ($listing_order=='asc' && !$offset) $offset=$descendant_count-$listing_amount;
555
556 if ($_POST['get_children_move']=='<') {
557 $offset=$offset-$listing_amount;
558 if ($offset<0) $offset=0;
559 }
560 elseif ($_POST['get_children_move']=='>') {
561 $offset=$offset+$listing_amount;
562 }
563 elseif ($_POST['get_children_move']=='>>') {
564 $offset=$descendant_count-$listing_amount;
565 }
566
567 elseif ($_POST['get_children_move']=='<<') {
568 $offset=0;
569 }
570 if ($offset<0) $offset=0;
571 $_POST['offset']=$offset;
572 $smarty->assign('offset',$offset);
573
574
575 if ($node['external_link']=='header://svg' && !is_numeric($template_id)) {
576 header("Content-Type: image/svg+xml");
577 }
578
579 //show own header
580 elseif (isset($_SESSION['header_id']) && ($_SESSION['header_id']==true)) {
581 $smarty->assign('header_id',$_SESSION['header_id']);
582 $smarty->template_dir=OWN_TEMPLATE_DIR;
583 $content=$smarty->fetch($_SESSION['header_id'].".tpl");
584 $smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET;
585 //not registered user
586 if ($_SESSION['header_id']==2091520) {
587 echo $content;
588 session_destroy();
589 die();
590 }
591 }
592
593 $smarty->template_dir=OWN_TEMPLATE_DIR;
594
595 if (is_numeric($template_id)) {
596 $content.=$smarty->fetch($template_id.".tpl");
597 }
598
599 else {
600 $template_id=$node['template_id'];
601 $content.=$smarty->fetch($node['template_id'].".tpl");
602 }
603
604 if ($template_id=='2019721'){
605 $content=$smarty->fetch($template_id.".tpl");
606 echo $content;
607 }else{
608 $time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
609 echo $content;
610 // echo "<center>page generation took: $time second</center>";
611 }
612 //end of displaying
613
614 // output buffering forcing (mx)
615 if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_end_flush();
616
617 ?>
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Sat, 01 Jun 2024 23:40:09 +0200)
This page took 0.76186 seconds and 5 git commands to generate.