X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fdisplay.inc;h=7a7cfc76e98eb6204e9a4b338b1436382996c86e;hb=d2cf0fe02b06534a460bd8f9dc814007dc66ac41;hp=fdfa0fdca68d15146aac5ae148559cd8dff45595;hpb=cc43b45fab7f638979d74c53b8eb28c1f37ff62a;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/display.inc b/wwwroot/inc/eventz/display.inc
index fdfa0fd..7a7cfc7 100644
--- a/wwwroot/inc/eventz/display.inc
+++ b/wwwroot/inc/eventz/display.inc
@@ -1,10 +1,12 @@
 <?php
 function display() {
 	global $node,$db,$error,$referer_id,$smarty,$permissions,$template_id;
+	global $timer_start;
 	if (!$referer_id) $referer_id=1;
+	$content='';
 
 	$node_id=$node['node_id'];
-	$user_id=$_SESSION['user_id'];
+	$user_id=(empty($_SESSION['user_id'])) ? "" : $_SESSION['user_id'];
 
 if ($permissions['r']) {
 
@@ -54,15 +56,15 @@ if ($node['template_id']!='2019721'){
 if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
 	$smarty->assign('_POST',$_POST);
 	$smarty->assign('bookmarks',$_SESSION['bookmarks']);
-	$smarty->assign('ignore',$_SESSION['ignore']);
+	if (isset($_SESSION['ignore'])) { $smarty->assign('ignore',$_SESSION['ignore']); };
 	$smarty->assign('bookstyl',$_SESSION['bookstyl']);
-	$smarty->assign('fook',$_SESSION['fook']);
+	if (isset($_SESSION['fook'])) {$smarty->assign('fook',$_SESSION['fook']); };
 	$smarty->assign('user_id',$_SESSION['user_id']);
 	$smarty->assign('user_name',$_SESSION['user_name']);
 	if (!empty($_SESSION['cube_vector'])) 
 		$smarty->assign('cube_vector',$_SESSION['cube_vector']);
         $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
-	$smarty->assign('user_quota',$_SESSION['user_quota']);
+	if (isset($_SESSION['user_quota'])) {$smarty->assign('user_quota',$_SESSION['user_quota']);};
 
 	// XXX into function
 	$newmail_q = sprintf('select u.user_mail_id
@@ -93,28 +95,16 @@ if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
 	$smarty->assign('k_wallet',$k_wallet);
 	$user_id=$_SESSION['user_id'];
 
-	//mail node
-	if ($node['node_name']=='mail') {
+	//mail node //OMG remove constant
+	if ($node['node_id']==MAIL_NODE) {
 
 		//clear new mail message
-		
-		if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'");
-
-		//set messages as delivered to recipient
-		$set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'");
-		while($set->next()) {
-			$db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'");
-			$db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'");
-
-			$new_messages[$set->getString('mail_id')]=true;
+		if ($new_mail) {
+			//set messages as delivered 
+			$db->query("update users set user_mail=0 where user_id='$user_id'");
+			$db->query("update mail set mail_read='yes' where mail_to='$user_id' and mail_read='no'");
 		}
-/*
-		if (count($new_messages)) {
-			$db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'");
-			$smarty->assign('new_messages',$new_messages);
 
-        	}
-*/
 	}
 }
 
@@ -148,28 +138,28 @@ else {
 
 
 // XXX into function
-if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){
+if (isset($_SESSION['user_id'])){
 //setting user location
-$q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
-$db->executequery($q);
+	$q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
+	$db->query($q);
 }
 
 $whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
 $smarty->assign('whole_time',$whole_time);
 
 
-if ($template_id=='download' OR $template_id=='download.jpg') {
+if ($template_id=='data') {
 	if ($permissions['r']) {
-	$linkname = SYSTEM_ROOT."/files/".$node['node_id'];
-	$filename= readlink($linkname);
-	$suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename);
-
-	$ext = substr( $filename,-3 );
-	if( $filename == "" ) {
-	   echo "ERROR: Empty file to download. ";
-	   exit;
-	} elseif ( ! file_exists( $filename ) ) {
-	 	exit;
+		$linkname = FILE_DIR."/".$node['node_id'];
+		$filename= readlink($linkname);
+		$suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename);
+
+		$ext = substr( $filename,-3 );
+		if( $filename == "" ) {
+		   echo "ERROR: Empty file to download. ";
+		   exit;
+		} elseif ( ! file_exists( $filename ) ) {
+		 	exit;
 	};
 	switch( strtolower($ext) ){
 	   case "pdf": $ctype="application/pdf";              break;
@@ -201,16 +191,12 @@ if ($template_id=='download' OR $template_id=='download.jpg') {
 	readfile("$filename");
 	exit();
 	}
-	else { echo "you don't have permissions for downloading this data"; die(); }
+	else { 
+		echo "you don't have permissions for downloading this data"; 
+		die(); 
+	}
 }
 
-if ($node['template_id']=='2019721'){
-Header("Cache-control: max-age=3600");
-}else{
-Header("Cache-control: no-cache");
-Header("Expires:".gmdate("D, d M Y H:i:s")." GMT");
-header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
-}
 
 
 //for cases like search & preview
@@ -225,13 +211,13 @@ if (!empty($_POST['template_event'])) {
 	$descendant_count=$node['node_descendant_count'];
 
         if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { 
-		$listing_amount=mysql_real_escape_string($_POST['listing_amount']);
+		$listing_amount=db_escape_string($_POST['listing_amount']);
 	}elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
         else $listing_amount=DEFAULT_LISTING_AMOUNT;
 	$smarty->assign('listing_amount',$listing_amount);
 
 	if (isset($_POST['listing_order']) && $_POST['listing_order']) {
-		$listing_order=mysql_real_escape_string($_POST['listing_order']);
+		$listing_order=db_escape_string($_POST['listing_order']);
 	} elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
 	else $listing_order=DEFAULT_LISTING_ORDER;
 	$smarty->assign('listing_order',$listing_order);
@@ -244,24 +230,25 @@ if (!empty($_POST['template_event'])) {
         //movement forward and backward
 //	if ($listing_order=='asc' && !$offset) $offset=$descendant_count-$listing_amount;
 
-        if ($_POST['get_children_move']=='<') {
-	        $offset=$offset-$listing_amount;
-       	      if ($offset<0) $offset=0;
-        }
-        elseif ($_POST['get_children_move']=='>') {
-		$offset=$offset+$listing_amount;
-        }
-	elseif ($_POST['get_children_move']=='>>') {
-        	$offset=$descendant_count-$listing_amount;
-       	}
-
-        elseif ($_POST['get_children_move']=='<<') {
-               $offset=0;
-        }
-        if ($offset<0) $offset=0;
-        $_POST['offset']=$offset;
-        $smarty->assign('offset',$offset);
+	if (isset($_POST['get_children_move'])) { 
+		if ($_POST['get_children_move']=='<') {
+			$offset=$offset-$listing_amount;
+	 		if ($offset<0) $offset=0;
+		}
+		elseif ($_POST['get_children_move']=='>') {
+			$offset=$offset+$listing_amount;
+		}
+		elseif ($_POST['get_children_move']=='>>') {
+			$offset=$descendant_count-$listing_amount;
+	 	}
 
+		elseif ($_POST['get_children_move']=='<<') {
+			$offset=0;
+		}
+	}
+	if ($offset<0) $offset=0;
+	$_POST['offset']=$offset; // XXX sqli?
+	$smarty->assign('offset',$offset);
 
 if ($node['external_link']=='header://svg' && !is_numeric($template_id)) {
 	header("Content-Type: image/svg+xml");
@@ -292,6 +279,7 @@ else {
 	$content.=$smarty->fetch($node['template_id'].".tpl");
 }
 
+// XXX remove constant
 if ($template_id=='2019721'){
 	$content=$smarty->fetch($template_id.".tpl");
 	echo $content;