X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fdisplay.inc;h=50b2bafcc151eb902cb049fd66670593f0a9aa43;hb=3c094f62a071292bcedd274d8ca9a402c68da814;hp=24abb01e60b5b6e35ac6d5a4566c623abc4ef8b4;hpb=b17a1e9bc746b7eb0549dfd8dff61e132c9de828;p=mirrors%2FKyberia-bloodline.git diff --git a/wwwroot/inc/eventz/display.inc b/wwwroot/inc/eventz/display.inc index 24abb01..50b2baf 100644 --- a/wwwroot/inc/eventz/display.inc +++ b/wwwroot/inc/eventz/display.inc @@ -3,9 +3,10 @@ function display() { global $node,$db,$error,$referer_id,$smarty,$permissions,$template_id; global $timer_start; if (!$referer_id) $referer_id=1; + $content=''; $node_id=$node['node_id']; - $user_id=$_SESSION['user_id']; + $user_id=(empty($_SESSION['user_id'])) ? "" : $_SESSION['user_id']; if ($permissions['r']) { @@ -94,28 +95,16 @@ if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) { $smarty->assign('k_wallet',$k_wallet); $user_id=$_SESSION['user_id']; - //mail node - if ($node['node_name']=='mail') { + //mail node //OMG remove constant + if ($node['node_id']==MAIL_NODE) { //clear new mail message - - if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'"); - - //set messages as delivered to recipient - $set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'"); - while($set->next()) { - $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'"); - $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'"); - - $new_messages[$set->getString('mail_id')]=true; + if ($new_mail) { + //set messages as delivered + $db->query("update users set user_mail=0 where user_id='$user_id'"); + $db->query("update mail set mail_read='yes' where mail_to='$user_id' and mail_read='no'"); } -/* - if (count($new_messages)) { - $db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'"); - $smarty->assign('new_messages',$new_messages); - } -*/ } } @@ -149,28 +138,30 @@ else { // XXX into function -if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){ -//setting user location -$q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'"; -$db->executequery($q); +if (isset($_SESSION['user_id']) && ($_SESSION['user_id']!='')){ + //setting user location + $q="update users set last_action=NOW(),user_location_vector='". + $node['node_vector']."',user_action='".addslashes($node['node_name']). + "',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'"; + $db->query($q); } $whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); $smarty->assign('whole_time',$whole_time); -if ($template_id=='download' OR $template_id=='download.jpg') { +if ($template_id=='data') { if ($permissions['r']) { - $linkname = SYSTEM_ROOT."/files/".$node['node_id']; - $filename= readlink($linkname); - $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename); - - $ext = substr( $filename,-3 ); - if( $filename == "" ) { - echo "ERROR: Empty file to download. "; - exit; - } elseif ( ! file_exists( $filename ) ) { - exit; + $linkname = FILE_DIR."/".$node['node_id']; + $filename= readlink($linkname); + $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename); + + $ext = substr( $filename,-3 ); + if( $filename == "" ) { + echo "ERROR: Empty file to download. "; + exit; + } elseif ( ! file_exists( $filename ) ) { + exit; }; switch( strtolower($ext) ){ case "pdf": $ctype="application/pdf"; break; @@ -202,16 +193,12 @@ if ($template_id=='download' OR $template_id=='download.jpg') { readfile("$filename"); exit(); } - else { echo "you don't have permissions for downloading this data"; die(); } + else { + echo "you don't have permissions for downloading this data"; + die(); + } } -if ($node['template_id']=='2019721'){ -Header("Cache-control: max-age=3600"); -}else{ -Header("Cache-control: no-cache"); -Header("Expires:".gmdate("D, d M Y H:i:s")." GMT"); -header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); -} //for cases like search & preview @@ -226,13 +213,13 @@ if (!empty($_POST['template_event'])) { $descendant_count=$node['node_descendant_count']; if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { - $listing_amount=mysql_real_escape_string($_POST['listing_amount']); + $listing_amount=db_escape_string($_POST['listing_amount']); }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount']; else $listing_amount=DEFAULT_LISTING_AMOUNT; $smarty->assign('listing_amount',$listing_amount); if (isset($_POST['listing_order']) && $_POST['listing_order']) { - $listing_order=mysql_real_escape_string($_POST['listing_order']); + $listing_order=db_escape_string($_POST['listing_order']); } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order']; else $listing_order=DEFAULT_LISTING_ORDER; $smarty->assign('listing_order',$listing_order); @@ -265,7 +252,6 @@ if (!empty($_POST['template_event'])) { $_POST['offset']=$offset; // XXX sqli? $smarty->assign('offset',$offset); - if ($node['external_link']=='header://svg' && !is_numeric($template_id)) { header("Content-Type: image/svg+xml"); }