X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Fnodes.php;h=7bb46aec4bba225eae8a025f10e6f1acc8fd45ec;hb=9823a4d3a94132e008b8a65eadf695827d1994ee;hp=6429521d8bb398acee450d3c081c438b3f86039d;hpb=12824f2c472ce7c2e3586b1eb9d92a36fcbf86c2;p=mirrors%2FKyberia-bloodline.git
diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php
index 6429521..7bb46ae 100644
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -1,87 +1,143 @@
";
- print_r($_GET);
- echo "POST VARIABLES::
";
- print_r($_POST);
- echo "SESSION VARIABLES::
";
- print_r($_SESSION);
+@ini_set('magic_quotes_gpc' , 'off');
+if(get_magic_quotes_gpc()) {
+ die("Error: magic_quotes_gpc needs to be disabled! F00K!\n");
}
-//requiring main config file with path/database etc. constants
-require('config/config.inc');
-require(INCLUDE_DIR.'senate.inc');
-
-preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
-$referer_id=$ref_match[1];
+//Smarty from DB
+$smarty_resource = 'kyberia';
+//$smarty_resource = ''; //same as 'file' (fallback)
+/* I have moved old templates to DB using following lame script:
+ * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1);
+ echo UPDATE nodes SET node_content = "'$(php -r
+ "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE
+ node_id = "'$j'" COLLATE utf8_bin LIMIT '1;';
+ done | mysql --user=kyberia --password=PASSSSSSS kyberia
+ * In future we should have some mechanism for distributing templates
+ * because they are very important part of kyberia source...
+ */
//connecting to database and creating universal $db object
-require(INCLUDE_DIR.'log.inc');
-require(INCLUDE_DIR.'ubik.inc');
-require(INCLUDE_DIR.'nodes.inc');
-require(INCLUDE_DIR.'error_messages.inc');
-require(INCLUDE_DIR.'database.inc');
-
-$db=new CLASS_DATABASE();
+//require_once(INCLUDE_DIR.'senate.inc'); // in config already
+require_once(INCLUDE_DIR.'log.inc');
+require_once(INCLUDE_DIR.'ubik.inc');
+require_once(INCLUDE_DIR.'nodes.inc');
+require_once(INCLUDE_DIR.'error_messages.inc');
+require_once(INCLUDE_DIR.'database.inc');
+require_once(INCLUDE_DIR.'transports.inc');
+
+$db = new CLASS_DATABASE();
+
+switch(true) {
+ case preg_match('/id\/([0-9]+)(?:\/([0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match):
+ // print_r($match);
+ $_GET['node_id']=$match[1];
+ if (!empty($match[2])) {
+ $_GET['template_id']=$match[2];
+ }
+ //Base36 fascism redirect
+ if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack...
+ header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
+ (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
+ );
+ die("Die!!! All Fascists Are Bastards...\n");
+ }
+ break;
+ case preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]{1,7}))?/',$_SERVER['PATH_INFO'],$match):
+ $_GET['node_id']=base_convert($match[1], 36, 10);
+ if (!empty($match[2])) {
+ $_GET['template_id']=base_convert($match[2],36,10);
+ }
+ break;
+ case preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
+ $_GET['node_id'] = nodes::getNodeIdByName($match[1]);
+ break;
+ case preg_match('/search\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
+ //$query = nodes::getNodeIdByName($match[1]);
+ //XXX TODO: Predat searchi az bude fungovat
+ break;
+ case preg_match('/\/(.+)\/?$/',$_SERVER['PATH_INFO'],$match):
+ $_GET['node_id'] = nodes::getNodeIdByName($match[1]);
+ break;
+ default:
+ $_GET['node_id']=1; //WELCOME_NODE
+ break;
+}
if (!empty($_GET['template_id'])) {
$template_id=$_GET['template_id'];
+} else {
+ $template_id=false;
}
-else $template_id=false;
-//initializing node methods
-if (!empty($_GET['node_name'])) {
- $node = nodes::redirByName($_GET['node_name']);
-}
-elseif (!empty($_GET['node_id'])) {
- $node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']);
+error_reporting(E_ALL | E_STRICT);
+//$_SESSION['debugging']=0;
+//unset($_SESSION['debugging']);
+//Well... we should make some event
+//or JavaScript page to turning this on/off...
+//exit;
+if(isset($_SESSION['debugging']) && $_SESSION['debugging']) {
+ echo 'GET VARIABLES::
';
+ print_r($_GET);
+ echo 'POST VARIABLES::
';
+ print_r($_POST);
+ echo 'SESSION VARIABLES::
';
+ print_r($_SESSION);
+} else {
+ $_SESSION['debugging']=false;
+ set_error_handler('logger::error_handler');
}
+require_once(INCLUDE_DIR.'logout_idle.inc'); //Logout when idle
+
+//initializing node
+$node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
+
+//XXX Paths are wrong (!)
//loading smarty template engine and setting main parameters
require(SMARTY_DIR.'Smarty.class.php');
$smarty = new Smarty;
+require(INCLUDE_DIR.'smarty/resource.kyberia.php');
+$smarty->default_resource_type=$smarty_resource;
-$smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET;
+//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
+$smarty->template_dir = TEMPLATE_DIR;
//echo TEMPLATE_DIR.TEMPLATE_SET;
//echo $smarty->template_dir;
-$smarty->compile_dir = SYSTEM_ROOT."data/templates_c/".TEMPLATE_SET;
-$smarty->config_dir = SMARTY_DIR.'configs/';
+$smarty->compile_dir = SYSTEM_DATA.'templates_c/';
+$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
$smarty->cache_dir = SMARTY_DIR.'cache/';
$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
-if ($_SESSION['debugging']) $smarty->debugging=true;
+if (isset($_SESSION['debugging']) && $_SESSION['debugging']) $smarty->debugging=true;
-//initializing variables
-if (empty($_POST['event'])) $event=false;
-else $event=$_POST['event'];
+// initializing variables
+// preg_replace prevents LFI
+if (empty($_POST['event'])) $event='display';
+else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
-if ($_SESSION['debugging']) {
+if (isset($_SESSION['debugging']) && $_SESSION['debugging']) {
echo "
NODE::"; print_r($node); echo ""; } -if ($node['node_creator']==$_SESSION['user_id']) $node['node_permission']='owner'; +if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) { + $node['node_permission']='owner'; +} -if ($_SESSION['cube_vector']) { +if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) { if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) { echo "node::".$node['node_vector']; echo "cube_Vector::".$_SESSION['cube_vector']; @@ -90,481 +146,39 @@ if ($_SESSION['cube_vector']) { } } -//if not existent node show our own 404 -if (empty($node)) { - $nodes= nodes::getNodesByName($_GET['node_name']); - if ($nodes) { - $smarty->assign('nodes',$nodes); - $content=$smarty->display("404.tpl"); - die(); - } - elseif ($_SESSION['user_id']) { - $smarty->assign('node_name',$_GET['node_name']); - $content=$smarty->display("modules/addnode.tpl"); - } -} - -//modifying node glass pearl -if (is_array($children_types[$node['node_type']])) $smarty->assign('children_types',$children_types[$node['node_type']]); -$smarty->assign('types',$types); - - -//$node['node_type']=$types[$node['node_type']]; -$node['node_content']=StripSlashes($node['node_content']); -$node['node_name']=StripSlashes($node['node_name']); +#@include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz... //checking permissions -function _checkPermissions() -{ - global $permissions, $node; - - require(SYSTEM_ROOT.'inc/permissions.inc'); - $permissions=permissions::checkPermissions($node); - $permissions['h']=permissions::isHierarch($node); -} - -// mail rss -if ($template_id=='rss') -{ - $_feedType = "RSS0.91"; - if (!is_numeric($_SESSION['user_id'])) - { - if (!isset($_SERVER['PHP_AUTH_USER'])) { - header('WWW-Authenticate: Basic realm="Kyberia"'); - header('HTTP/1.0 401 Unauthorized'); - echo 'Cancel button'; - exit; - } - else - { - require_once(EVENT_DIR.'/login.inc'); - $_POST['login'] = $_SERVER['PHP_AUTH_USER']; - $_POST['password'] = $_SERVER['PHP_AUTH_PW']; - $_POST['login_type'] = "name"; - if (!login()) - { - echo "Zle meno/heslo."; - exit(); - } - } - } - - _checkPermissions(); - - // Mail - if ($_GET['node_id']==='24' && $permissions['r']) - { - require_once(INCLUDE_DIR.'/feedcreator.class.php'); - - $rss =& new UniversalFeedCreator(); - $rss->title = "Kyberia mail"; - $rss->description = ""; - $rss->link = "https://kyberia.sk/id/24"; - - $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas, - userfrom.user_action as locationfrom_action, - userfrom.user_action_id as locationfrom_action_id, - userto.user_action as locationto_action, - userto.user_action_id as locationto_action_id, - userto.login as mail_to_name, userfrom.login as mail_from_name, - mail.* from mail left join users as userfrom on - mail_from=userfrom.user_id left join users as userto on mail_to=userto.user_id - where mail_user='$_SESSION[user_id]' and mail_to='$_SESSION[user_id]' order by mail_id desc limit 0,10"; - - $set = $db->query($query); - - while($set->next()) { - $m = $set->getRecord(); - if ($m['mail_to'] != $_SESSION['user_id']) - continue; - $item =& new FeedItem(); - $item->title = $m['mail_from_name']; - $item->link = "https://kyberia.sk/id/24"; - $item->description = $m['mail_text']; - $rss->addItem($item); - } - } - // bookmarks - elseif ($_GET['node_id']=='19' && $permissions['r']) - { - require_once(INCLUDE_DIR.'/feedcreator.class.php'); - - $rss =& new UniversalFeedCreator(); - $rss->title = "Kyberia bookmarks"; - $rss->link = "http://kyberia.sk/id/19"; - - require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php'); - smarty_function_get_bookmarks(array(), $smarty); - $_items = $smarty->get_template_vars('get_bookmarks'); - foreach ($_items as $_item) - { - if (is_array($_item['children'])) - foreach ($_item['children'] as $_b) - { - $item =& new FeedItem(); - $item->title = $_b['node_name']; - $item->link = "http://kyberia.sk/id/".$_b['node_id']."/rss"; - $rss->addItem($item); - } - } - $_feedType = 'OPML'; - } - elseif ($permissions['r']) - { - require_once(INCLUDE_DIR.'/feedcreator.class.php'); - - $rss =& new UniversalFeedCreator(); - $rss->title = $node['node_name']; - $rss->description = ""; - $rss->link = "http://kyberia.sk/id/".$node['node_id']; - - // K list - if ($_GET['node_id']=='15') - { - require_once(SMARTY_PLUGIN_DIR.'/function.get_k.php'); - smarty_function_get_k(array(), $smarty); - $_items = $smarty->get_template_vars('get_k'); - } - else - { - require_once(SMARTY_PLUGIN_DIR.'/function.get_children.php'); - smarty_function_get_children( - array('orderby' => 'desc', 'orderby_type' => 'time'), $smarty); - $_items = $smarty->get_template_vars('get_children'); - } - - foreach ($_items as $_item) - { - $item =& new FeedItem(); - $item->title = $_item['node_name']; - $item->link = "http://kyberia.sk/id/".$_item['node_id']; - $item->description = $_item['node_content']; - $rss->addItem($item); - } - } - - if ($permissions['r']) $rss->showFeed($_feedType); - exit(); -} - -_checkPermissions(); - -//entering the node - -//sventest -if (($permissions['r']) || ($event != 'register')) { - -//performing node_events (based on update/insert/delete db queries) -if ($event) { - require(SYSTEM_ROOT.'inc/eventz.inc'); -} - -elseif ($transaction) { - require(SYSTEM_ROOT.'inc/transaction.inc'); -} -//end of performing node events - -//sventest +include_once(BACKEND_DIR.'/'.DB_TYPE.'/permissions.inc'); +$permissions=permissions::checkPerms($node); +if (!empty($_SESSION['debugging']) && $_SESSION['debugging']) { + print_r($permissions); } -if ($permissions['r']) { - -//these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes -if ($_SESSION['user_id']) { - $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'"; - $db->update($q); -} - -//if node is css -if ($node['template_id']!='2019721'){ - - log::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']); - if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) { - $q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'"; -// echo $q; - $result=$db->update($q); - - if (!$result) { - $q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()"; - $db->query($q); - } -}//end of if node os css -} - - } // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! //creating neural network $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'"); -if (is_numeric($referer_id)) { +if (isset($referer_id) && is_numeric($referer_id)) { $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'"; $result=$db->update($q); if (!$result) { $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1"; $db->query($q); } +} else { + logger::log('enter',$node['node_id'],'failed'); } -elseif (!$permissions['r'] && $_GET['magic_word']) { - $magic_word_big=$_GET['magic_word']; - - if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) { - $magic_uid=$mu['1']; - $magic_word=addslashes($mu['2']); - $q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'"; - $set=$db->query($q); - if ($set->getNumRows()) { - $permissions['r']=true; - } - } -} - - - - - -else { - log::log('enter',$node['node_id'],'failed'); -} - - - -//assigning user data to smarty if user logged in -if ($user_id=$_SESSION['user_id']) { - $smarty->assign('_POST',$_POST); - $smarty->assign('bookmarks',$_SESSION['bookmarks']); - $smarty->assign('ignore',$_SESSION['ignore']); - $smarty->assign('bookstyl',$_SESSION['bookstyl']); - $smarty->assign('fook',$_SESSION['fook']); - $smarty->assign('user_id',$_SESSION['user_id']); - if (!empty($_SESSION['cube_vector'])) $smarty->assign('cube_vector',$_SESSION['cube_vector']); - $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural - $smarty->assign('user_quota',$_SESSION['user_quota']); - $newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'"); - $newmailset->next(); - $new_mail=$newmailset->getString('user_mail'); - $newmailset2 = $db->query("select users.user_mail_id,mailsender.login - from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'"); - $newmailset2->next(); - $smarty->assign('new_mail',$new_mail); - $smarty->assign('new_mail_name',$newmailset->getString('user_mail_name')); - $smarty->assign('new_mail_name2',$newmailset2->getString('login')); - $user_k=$newmailset->getString('user_k'); - $smarty->assign('user_k',$user_k); - $k_wallet=$newmailset->getString('k_wallet'); - $smarty->assign('k_wallet',$k_wallet); - $user_id=$_SESSION['user_id']; - - //mail node - if ($node['node_name']=='mail') { - - //clear new mail message - if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'"); - - //set messages as delivered to recipient - $set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'"); - while($set->next()) { - $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'"); - $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'"); - - $new_messages[$set->getString('mail_id')]=true; - } -/* - if (count($new_messages)) { - $db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'"); - $smarty->assign('new_messages',$new_messages); - - } -*/ - } -} - - - -if ($node['node_system_access']=='crypto') { - $smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]); -} - -//hlaska -//$error .= "ocakavajte planovany vypadok okolo 6 hodiny