//header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
//echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
//exit;
-error_reporting(1);
-//exit;
//starting timer for benchmarking purposes
$timer_start=Time()+SubStr(MicroTime(),0,8);
//setting PHPSESSID cookie and starting user session
session_start();
+error_reporting(1);
+//$_SESSION['debugging']=1;
+//exit;
+
if ($_SESSION['debugging']) {
require('config/config.inc');
require(INCLUDE_DIR.'senate.inc');
-preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
-$referer_id=$ref_match[1];
+if (isset($_SERVER['HTTP_REFERER'])) {
+ preg_match("/id\/([0-9]*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
+ $referer_id=$ref_match[1];
+}
//connecting to database and creating universal $db object
require(INCLUDE_DIR.'log.inc');
require(INCLUDE_DIR.'database.inc');
$db = new CLASS_DATABASE();
-$log = new log; //XXX
if (!empty($_GET['template_id'])) {
$template_id=$_GET['template_id'];
$node = nodes::redirByName($_GET['node_name']);
}
elseif (!empty($_GET['node_id'])) {
- $node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']);
+ $node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
}
//XXX Paths are wrong (!)
$smarty = new Smarty;
//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
-$smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET;
+$smarty->template_dir = TEMPLATE_DIR;
//echo TEMPLATE_DIR.TEMPLATE_SET;
//echo $smarty->template_dir;
-$smarty->compile_dir = SYSTEM_ROOT."data/templates_c/".TEMPLATE_SET;
-$smarty->config_dir = SMARTY_DIR.'configs/';
+$smarty->compile_dir = SYSTEM_DATA."templates_c/";
+$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
$smarty->cache_dir = SMARTY_DIR.'cache/';
$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
if ($_SESSION['debugging']) $smarty->debugging=true;
-//initializing variables
+// initializing variables
+// preg_replace prevents LFI
if (empty($_POST['event'])) $event=false;
-else $event=$_POST['event'];
+else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
if ($_SESSION['debugging']) {
echo "</pre>";
}
-if ($node['node_creator']==$_SESSION['user_id']) $node['node_permission']='owner';
+if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
+ $node['node_permission']='owner';
+}
-if ($_SESSION['cube_vector']) {
+if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
echo "node::".$node['node_vector'];
echo "cube_Vector::".$_SESSION['cube_vector'];
}
}
-//modifying node glass pearl
-if (is_array($children_types[$node['node_type']])) $smarty->assign('children_types',$children_types[$node['node_type']]);
+//modifying node glass pearl //XXX WTF
+if (is_array($children_types[$node['node_type']])) {
+ $smarty->assign('children_types',$children_types[$node['node_type']]);
+}
$smarty->assign('types',$types);
//$node['node_type']=$types[$node['node_type']];
-$node['node_content']=StripSlashes($node['node_content']);
-$node['node_name']=StripSlashes($node['node_name']);
+$node['node_content']= StripSlashes($node['node_content']);
+$node['node_name']= StripSlashes($node['node_name']);
//checking permissions
function _checkPermissions()
{
require_once(INCLUDE_DIR.'/feedcreator.class.php');
- $rss =& new UniversalFeedCreator();
+ $rss = new UniversalFeedCreator();
$rss->title = "Kyberia mail";
$rss->description = "";
$rss->link = "https://". SYSTEM_URL . "/id/24";
$m = $set->getRecord();
if ($m['mail_to'] != $_SESSION['user_id'])
continue;
- $item =& new FeedItem();
+ $item = new FeedItem();
$item->title = $m['mail_from_name'];
$item->link = "https://".SYSTEM_URL."/id/24";
$item->description = $m['mail_text'];
{
require_once(INCLUDE_DIR.'/feedcreator.class.php');
- $rss =& new UniversalFeedCreator();
+ $rss = new UniversalFeedCreator();
$rss->title = "Kyberia bookmarks";
$rss->link = "http://".SYSTEM_URL."/id/19";
if (is_array($_item['children']))
foreach ($_item['children'] as $_b)
{
- $item =& new FeedItem();
+ $item = new FeedItem();
$item->title = $_b['node_name'];
$item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss";
$rss->addItem($item);
{
require_once(INCLUDE_DIR.'/feedcreator.class.php');
- $rss =& new UniversalFeedCreator();
+ $rss = new UniversalFeedCreator();
$rss->title = $node['node_name'];
$rss->description = "";
$rss->link = "http://".SYSTEM_URL."/id/".$node['node_id'];
foreach ($_items as $_item)
{
- $item =& new FeedItem();
+ $item = new FeedItem();
$item->title = $_item['node_name'];
$item->link = "http://".SYSTEM_URL."/id/".$_item['node_id'];
$item->description = $_item['node_content'];
if ($permissions['r']) {
//these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes
-if ($_SESSION['user_id']) {
+if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) {
$q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
$db->update($q);
}
//if node is css
if ($node['template_id']!='2019721'){
- $log->log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
+ logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) {
$q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
// echo $q;
else {
- $log->log('enter',$node['node_id'],'failed');
+ logger::log('enter',$node['node_id'],'failed');
}
//assigning user data to smarty if user logged in
-if ($user_id=$_SESSION['user_id']) {
+if (isset($_SESSION['user_id'])&($user_id=$_SESSION['user_id'])) {
$smarty->assign('_POST',$_POST);
$smarty->assign('bookmarks',$_SESSION['bookmarks']);
$smarty->assign('ignore',$_SESSION['ignore']);
$smarty->assign('bookstyl',$_SESSION['bookstyl']);
$smarty->assign('fook',$_SESSION['fook']);
$smarty->assign('user_id',$_SESSION['user_id']);
- if (!empty($_SESSION['cube_vector'])) $smarty->assign('cube_vector',$_SESSION['cube_vector']);
+ if (!empty($_SESSION['cube_vector']))
+ $smarty->assign('cube_vector',$_SESSION['cube_vector']);
$smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
$smarty->assign('user_quota',$_SESSION['user_quota']);
- $newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
+
+ $newmail_q = sprintf('select u.user_mail_id
+ , u.user_k
+ , u.k_wallet
+ , u.user_mail
+ , ms.user_id as mail_sender_id
+ , ms.login as mail_sender
+ from users u
+ left join users ms on ms.user_id = u.user_mail_id
+ where u.user_id = %d',
+ $user_id);
+ $newmailset = $db->query($newmail_q);
+
+//$newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
+
$newmailset->next();
$new_mail=$newmailset->getString('user_mail');
$newmailset2 = $db->query("select users.user_mail_id,mailsender.login
from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
$newmailset2->next();
$smarty->assign('new_mail',$new_mail);
- $smarty->assign('new_mail_name',$newmailset->getString('user_mail_name'));
+ $smarty->assign('new_mail_name',$newmailset->getString('mail_sender'));
$smarty->assign('new_mail_name2',$newmailset2->getString('login'));
$user_k=$newmailset->getString('user_k');
$smarty->assign('user_k',$user_k);
}
-if ($node['template_id']!='2019721'){
+if (($node['template_id']!='2019721') & (isset($_SESSION['user_id']))){
//setting user location
$q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
$db->executequery($q);
}
//show own header
-elseif ($_SESSION['header_id']==true) {
+elseif (isset($_SESSION['header_id']) & ($_SESSION['header_id']==true)) {
$smarty->assign('header_id',$_SESSION['header_id']);
$smarty->template_dir=OWN_TEMPLATE_DIR;
$content=$smarty->fetch($_SESSION['header_id'].".tpl");