X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Fnodes.php;h=96926f58272f9e9fb68b091e956a880da12f30b4;hb=6a967e24d43f3d23244c21104e6a3f09d5923cb9;hp=6429521d8bb398acee450d3c081c438b3f86039d;hpb=12824f2c472ce7c2e3586b1eb9d92a36fcbf86c2;p=mirrors%2FKyberia-bloodline.git diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php index 6429521..96926f5 100644 --- a/wwwroot/nodes.php +++ b/wwwroot/nodes.php @@ -1,12 +1,11 @@ "); var_dump(preg_split('/\//', $_SERVER['PATH_INFO'])); die(); //PATH_INFO Debug (usefull when messing with mod_rewrite) // output buffering forcing (mx) if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start(); //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk"); //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)"; //exit; -error_reporting(1); -//exit; //starting timer for benchmarking purposes $timer_start=Time()+SubStr(MicroTime(),0,8); @@ -14,24 +13,59 @@ $timer_start=Time()+SubStr(MicroTime(),0,8); //setting PHPSESSID cookie and starting user session session_start(); +error_reporting(1); +//$_SESSION['debugging']=1; +//exit; + if ($_SESSION['debugging']) { error_reporting(E_ALL); - echo "GET VARIABLES::
"; + echo 'GET VARIABLES::
'; print_r($_GET); - echo "POST VARIABLES::
"; + echo 'POST VARIABLES::
'; print_r($_POST); - echo "SESSION VARIABLES::
"; + echo 'SESSION VARIABLES::
'; print_r($_SESSION); } + +//Path info (Experimental - this replaced most of mod_rewrites...) +@$PATH_INFO=trim($_SERVER[PATH_INFO]); +if($PATH_INFO != '') { + $PATH_CHUNKS = preg_split('/\//', $PATH_INFO); + if(isset($PATH_CHUNKS[1])) switch($PATH_CHUNKS[1]) { + case 'k': + if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_kid'] = $PATH_CHUNKS[2]; + if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_kid'] = $PATH_CHUNKS[3]; + break; + case 'id': + if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_id'] = $PATH_CHUNKS[2]; + if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_id'] = $PATH_CHUNKS[3]; + break; + default: + if($PATH_CHUNKS[1] != '') $_GET['node_name'] = $PATH_CHUNKS[1]; + if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['template_kid'] = $PATH_CHUNKS[2]; + break; + } +} +if( + (!isset($_GET['node_kid']) || trim($_GET['node_kid']) == '') && + (!isset($_GET['node_id']) || trim($_GET['node_id']) == '') +) $_GET['node_kid'] = 1; + +//Base36 http://en.wikipedia.org/wiki/Base_36 (Initial support only :-) +if(isset($_GET['node_kid'])) $_GET['node_id'] = base_convert($_GET['node_kid'], 36, 10); +if(isset($_GET['template_kid'])) $_GET['template_id'] = base_convert($_GET['template_kid'], 36, 10); + //requiring main config file with path/database etc. constants require('config/config.inc'); require(INCLUDE_DIR.'senate.inc'); -preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match); -$referer_id=$ref_match[1]; +if (isset($_SERVER['HTTP_REFERER'])) { + preg_match('/(k|id)\/([0-9]*)\//',$_SERVER['HTTP_REFERER'],$ref_match); + $referer_id=$ref_match[1]; +} //connecting to database and creating universal $db object require(INCLUDE_DIR.'log.inc'); @@ -40,37 +74,42 @@ require(INCLUDE_DIR.'nodes.inc'); require(INCLUDE_DIR.'error_messages.inc'); require(INCLUDE_DIR.'database.inc'); -$db=new CLASS_DATABASE(); +$db = new CLASS_DATABASE(); if (!empty($_GET['template_id'])) { $template_id=$_GET['template_id']; +} else { + $template_id=false; } -else $template_id=false; //initializing node methods if (!empty($_GET['node_name'])) { $node = nodes::redirByName($_GET['node_name']); -} -elseif (!empty($_GET['node_id'])) { - $node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']); +} elseif (!empty($_GET['node_id'])) { + $node = nodes::getNodeById($_GET['node_id'], + (isset($_SESSION['user_id']))?$_SESSION['user_id']:''); } +//XXX Paths are wrong (!) //loading smarty template engine and setting main parameters require(SMARTY_DIR.'Smarty.class.php'); $smarty = new Smarty; +require(INCLUDE_DIR.'smarty/resource.kyberia.php'); -$smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET; +//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX +$smarty->template_dir = TEMPLATE_DIR; //echo TEMPLATE_DIR.TEMPLATE_SET; //echo $smarty->template_dir; -$smarty->compile_dir = SYSTEM_ROOT."data/templates_c/".TEMPLATE_SET; -$smarty->config_dir = SMARTY_DIR.'configs/'; +$smarty->compile_dir = SYSTEM_DATA.'templates_c/'; +$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje $smarty->cache_dir = SMARTY_DIR.'cache/'; $smarty->plugins_dir = SMARTY_PLUGIN_DIR ; if ($_SESSION['debugging']) $smarty->debugging=true; -//initializing variables +// initializing variables +// preg_replace prevents LFI if (empty($_POST['event'])) $event=false; -else $event=$_POST['event']; +else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']); if ($_SESSION['debugging']) { @@ -79,9 +118,11 @@ if ($_SESSION['debugging']) { echo ""; } -if ($node['node_creator']==$_SESSION['user_id']) $node['node_permission']='owner'; +if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) { + $node['node_permission']='owner'; +} -if ($_SESSION['cube_vector']) { +if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) { if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) { echo "node::".$node['node_vector']; echo "cube_Vector::".$_SESSION['cube_vector']; @@ -104,27 +145,29 @@ if (empty($node)) { } } -//modifying node glass pearl -if (is_array($children_types[$node['node_type']])) $smarty->assign('children_types',$children_types[$node['node_type']]); +//modifying node glass pearl //XXX WTF +if (is_array($children_types[$node['node_type']])) { + $smarty->assign('children_types',$children_types[$node['node_type']]); +} $smarty->assign('types',$types); //$node['node_type']=$types[$node['node_type']]; -$node['node_content']=StripSlashes($node['node_content']); -$node['node_name']=StripSlashes($node['node_name']); +$node['node_content']= StripSlashes($node['node_content']); +$node['node_name']= StripSlashes($node['node_name']); //checking permissions function _checkPermissions() { global $permissions, $node; - require(SYSTEM_ROOT.'inc/permissions.inc'); + require(INCLUDE_DIR.'permissions.inc'); $permissions=permissions::checkPermissions($node); $permissions['h']=permissions::isHierarch($node); } // mail rss -if ($template_id=='rss') +if ($template_id=='rss') //XXX WHAT? { $_feedType = "RSS0.91"; if (!is_numeric($_SESSION['user_id'])) @@ -156,11 +199,12 @@ if ($template_id=='rss') { require_once(INCLUDE_DIR.'/feedcreator.class.php'); - $rss =& new UniversalFeedCreator(); + $rss = new UniversalFeedCreator(); $rss->title = "Kyberia mail"; $rss->description = ""; - $rss->link = "https://kyberia.sk/id/24"; + $rss->link = "https://". SYSTEM_URL . "/id/24"; + //XXX into function $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas, userfrom.user_action as locationfrom_action, userfrom.user_action_id as locationfrom_action_id, @@ -177,9 +221,9 @@ if ($template_id=='rss') $m = $set->getRecord(); if ($m['mail_to'] != $_SESSION['user_id']) continue; - $item =& new FeedItem(); + $item = new FeedItem(); $item->title = $m['mail_from_name']; - $item->link = "https://kyberia.sk/id/24"; + $item->link = "https://".SYSTEM_URL."/id/24"; $item->description = $m['mail_text']; $rss->addItem($item); } @@ -189,9 +233,9 @@ if ($template_id=='rss') { require_once(INCLUDE_DIR.'/feedcreator.class.php'); - $rss =& new UniversalFeedCreator(); + $rss = new UniversalFeedCreator(); $rss->title = "Kyberia bookmarks"; - $rss->link = "http://kyberia.sk/id/19"; + $rss->link = "http://".SYSTEM_URL."/id/19"; //XXX https ? require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php'); smarty_function_get_bookmarks(array(), $smarty); @@ -201,9 +245,9 @@ if ($template_id=='rss') if (is_array($_item['children'])) foreach ($_item['children'] as $_b) { - $item =& new FeedItem(); + $item = new FeedItem(); $item->title = $_b['node_name']; - $item->link = "http://kyberia.sk/id/".$_b['node_id']."/rss"; + $item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss"; $rss->addItem($item); } } @@ -213,10 +257,10 @@ if ($template_id=='rss') { require_once(INCLUDE_DIR.'/feedcreator.class.php'); - $rss =& new UniversalFeedCreator(); + $rss = new UniversalFeedCreator(); $rss->title = $node['node_name']; $rss->description = ""; - $rss->link = "http://kyberia.sk/id/".$node['node_id']; + $rss->link = "http://".SYSTEM_URL."/id/".$node['node_id']; // K list if ($_GET['node_id']=='15') @@ -235,9 +279,9 @@ if ($template_id=='rss') foreach ($_items as $_item) { - $item =& new FeedItem(); + $item = new FeedItem(); $item->title = $_item['node_name']; - $item->link = "http://kyberia.sk/id/".$_item['node_id']; + $item->link = "http://".SYSTEM_URL."/id/".$_item['node_id']; $item->description = $_item['node_content']; $rss->addItem($item); } @@ -254,32 +298,40 @@ _checkPermissions(); //sventest if (($permissions['r']) || ($event != 'register')) { -//performing node_events (based on update/insert/delete db queries) -if ($event) { - require(SYSTEM_ROOT.'inc/eventz.inc'); -} + //performing node_events (based on update/insert/delete db queries) + if ($event) { + require(INCLUDE_DIR.'eventz.inc'); + } -elseif ($transaction) { - require(SYSTEM_ROOT.'inc/transaction.inc'); -} -//end of performing node events + elseif ($transaction) { + require(INCLUDE_DIR.'transaction.inc'); + } + //end of performing node events -//sventest + //sventest } if ($permissions['r']) { -//these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes -if ($_SESSION['user_id']) { +// these 4 lines are not the source of kyberia lagging problems. +// leave them. started on the 10.4. +// data gained will be used for scientific purposes + +// if (isset($_SESSION['user_id']) { +// log_levenshtein($_SESSION['user_id'],$node['node_id']); +// } + +if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) { $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'"; $db->update($q); } //if node is css +//XXX into function if ($node['template_id']!='2019721'){ - log::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']); + logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']); if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) { $q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'"; // echo $q; @@ -288,16 +340,25 @@ if ($node['template_id']!='2019721'){ if (!$result) { $q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()"; $db->query($q); - } -}//end of if node os css + } + }//end of if node os css } +} + +//XXX into function +// if (isset($_SESSION['user_id']) { +// if (isset($referer_id)) { +// update_nodes($_SESSION['user_id'],$node['node_id'],$referer_id); +// } else { +// update_nodes($_SESSION['user_id'],$node['node_id'],0); +// } +// } - } // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! //creating neural network $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'"); -if (is_numeric($referer_id)) { +if (isset($referer_id) && is_numeric($referer_id)) { $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'"; $result=$db->update($q); if (!$result) { @@ -313,6 +374,7 @@ elseif (!$permissions['r'] && $_GET['magic_word']) { if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) { $magic_uid=$mu['1']; $magic_word=addslashes($mu['2']); + // XXX WTF column magic_word does not exists $q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'"; $set=$db->query($q); if ($set->getNumRows()) { @@ -326,30 +388,46 @@ elseif (!$permissions['r'] && $_GET['magic_word']) { else { - log::log('enter',$node['node_id'],'failed'); + logger::log('enter',$node['node_id'],'failed'); } //assigning user data to smarty if user logged in -if ($user_id=$_SESSION['user_id']) { +if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) { $smarty->assign('_POST',$_POST); $smarty->assign('bookmarks',$_SESSION['bookmarks']); $smarty->assign('ignore',$_SESSION['ignore']); $smarty->assign('bookstyl',$_SESSION['bookstyl']); $smarty->assign('fook',$_SESSION['fook']); $smarty->assign('user_id',$_SESSION['user_id']); - if (!empty($_SESSION['cube_vector'])) $smarty->assign('cube_vector',$_SESSION['cube_vector']); + if (!empty($_SESSION['cube_vector'])) + $smarty->assign('cube_vector',$_SESSION['cube_vector']); $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural $smarty->assign('user_quota',$_SESSION['user_quota']); - $newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'"); + + // XXX into function + $newmail_q = sprintf('select u.user_mail_id + , u.user_k + , u.k_wallet + , u.user_mail + , ms.user_id as mail_sender_id + , ms.login as mail_sender + from users u + left join users ms on ms.user_id = u.user_mail_id + where u.user_id = %d', + $user_id); + $newmailset = $db->query($newmail_q); + + $newmailset->next(); $new_mail=$newmailset->getString('user_mail'); + // XXX into function $newmailset2 = $db->query("select users.user_mail_id,mailsender.login from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'"); $newmailset2->next(); $smarty->assign('new_mail',$new_mail); - $smarty->assign('new_mail_name',$newmailset->getString('user_mail_name')); + $smarty->assign('new_mail_name',$newmailset->getString('mail_sender')); $smarty->assign('new_mail_name2',$newmailset2->getString('login')); $user_k=$newmailset->getString('user_k'); $smarty->assign('user_k',$user_k); @@ -361,6 +439,7 @@ if ($user_id=$_SESSION['user_id']) { if ($node['node_name']=='mail') { //clear new mail message + if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'"); //set messages as delivered to recipient @@ -387,11 +466,6 @@ if ($node['node_system_access']=='crypto') { $smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]); } -//hlaska -//$error .= "ocakavajte planovany vypadok okolo 6 hodiny
-//s pozdravom br .)"; -//$error .= "dnes od 22:00 zurka v subclube! ucast povinna!"; - $smarty->assign('error',$error); $smarty->assign('permissions',$permissions); $smarty->assign('current_vector',$node['node_vector']); @@ -413,7 +487,8 @@ else { } -if ($node['template_id']!='2019721'){ +// XXX into function +if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){ //setting user location $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'"; $db->executequery($q); @@ -489,18 +564,21 @@ if (!empty($_POST['template_event'])) { $children_count=$node['node_children_count']; $descendant_count=$node['node_descendant_count']; - if (is_numeric($_POST['listing_amount'])) $listing_amount=$_POST['listing_amount']; - elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount']; + if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { + $listing_amount=mysql_real_escape_string($_POST['listing_amount']); + }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount']; else $listing_amount=DEFAULT_LISTING_AMOUNT; $smarty->assign('listing_amount',$listing_amount); - if ($_POST['listing_order']) $listing_order=$_POST['listing_order']; - elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order']; + if (isset($_POST['listing_order']) && $_POST['listing_order']) { + $listing_order=mysql_real_escape_string($_POST['listing_order']); + } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order']; else $listing_order=DEFAULT_LISTING_ORDER; $smarty->assign('listing_order',$listing_order); - if (is_numeric($_POST['get_children_offset'])) $offset=$_POST['get_children_offset']; - else $offset=0; + if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) { + $offset=$_POST['get_children_offset']; + } else { $offset=0; } //movement forward and backward @@ -530,7 +608,7 @@ if ($node['external_link']=='header://svg' && !is_numeric($template_id)) { } //show own header -elseif ($_SESSION['header_id']==true) { +elseif (isset($_SESSION['header_id']) && ($_SESSION['header_id']==true)) { $smarty->assign('header_id',$_SESSION['header_id']); $smarty->template_dir=OWN_TEMPLATE_DIR; $content=$smarty->fetch($_SESSION['header_id'].".tpl");