X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Fnodes.php;h=cbbed84728818af6f8f6910b6685b401fdbabc58;hb=202718bca35eeaf186bb5cfc412731b25aa04c8f;hp=8fe0e587cffb3d57dece77ce0039232533785065;hpb=2bda541f45eca3abddb70ad9121b81742b53cb02;p=mirrors%2FKyberia-bloodline.git diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php index 8fe0e58..cbbed84 100644 --- a/wwwroot/nodes.php +++ b/wwwroot/nodes.php @@ -13,7 +13,7 @@ $timer_start=Time()+SubStr(MicroTime(),0,8); session_start(); error_reporting(1); -$_SESSION['debugging']=1; +//$_SESSION['debugging']=1; //exit; @@ -32,8 +32,10 @@ if ($_SESSION['debugging']) { require('config/config.inc'); require(INCLUDE_DIR.'senate.inc'); -preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match); -$referer_id=$ref_match[1]; +if (isset($_SERVER['HTTP_REFERER'])) { + preg_match("/id\/([0-9]*)\//",$_SERVER['HTTP_REFERER'],$ref_match); + $referer_id=$ref_match[1]; +} //connecting to database and creating universal $db object require(INCLUDE_DIR.'log.inc'); @@ -54,7 +56,7 @@ if (!empty($_GET['node_name'])) { $node = nodes::redirByName($_GET['node_name']); } elseif (!empty($_GET['node_id'])) { - $node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']); + $node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:''); } //XXX Paths are wrong (!) @@ -84,9 +86,11 @@ if ($_SESSION['debugging']) { echo ""; } -if ($node['node_creator']==$_SESSION['user_id']) $node['node_permission']='owner'; +if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) { + $node['node_permission']='owner'; +} -if ($_SESSION['cube_vector']) { +if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) { if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) { echo "node::".$node['node_vector']; echo "cube_Vector::".$_SESSION['cube_vector']; @@ -109,14 +113,16 @@ if (empty($node)) { } } -//modifying node glass pearl -if (is_array($children_types[$node['node_type']])) $smarty->assign('children_types',$children_types[$node['node_type']]); +//modifying node glass pearl //XXX WTF +if (is_array($children_types[$node['node_type']])) { + $smarty->assign('children_types',$children_types[$node['node_type']]); +} $smarty->assign('types',$types); //$node['node_type']=$types[$node['node_type']]; -$node['node_content']=StripSlashes($node['node_content']); -$node['node_name']=StripSlashes($node['node_name']); +$node['node_content']= StripSlashes($node['node_content']); +$node['node_name']= StripSlashes($node['node_name']); //checking permissions function _checkPermissions() @@ -276,7 +282,7 @@ elseif ($transaction) { if ($permissions['r']) { //these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes -if ($_SESSION['user_id']) { +if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) { $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'"; $db->update($q); } @@ -302,7 +308,7 @@ if ($node['template_id']!='2019721'){ // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! //creating neural network $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'"); -if (is_numeric($referer_id)) { +if (isset($referer_id) && is_numeric($referer_id)) { $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'"; $result=$db->update($q); if (!$result) { @@ -337,7 +343,7 @@ else { //assigning user data to smarty if user logged in -if ($user_id=$_SESSION['user_id']) { +if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) { $smarty->assign('_POST',$_POST); $smarty->assign('bookmarks',$_SESSION['bookmarks']); $smarty->assign('ignore',$_SESSION['ignore']); @@ -428,7 +434,7 @@ else { } -if ($node['template_id']!='2019721'){ +if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){ //setting user location $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'"; $db->executequery($q); @@ -504,18 +510,21 @@ if (!empty($_POST['template_event'])) { $children_count=$node['node_children_count']; $descendant_count=$node['node_descendant_count']; - if (is_numeric($_POST['listing_amount'])) $listing_amount=$_POST['listing_amount']; - elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount']; + if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { + $listing_amount=mysql_real_escape_string($_POST['listing_amount']); + }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount']; else $listing_amount=DEFAULT_LISTING_AMOUNT; $smarty->assign('listing_amount',$listing_amount); - if ($_POST['listing_order']) $listing_order=$_POST['listing_order']; - elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order']; + if (isset($_POST['listing_order']) && $_POST['listing_order']) { + $listing_order=mysql_real_escape_string($_POST['listing_order']); + } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order']; else $listing_order=DEFAULT_LISTING_ORDER; $smarty->assign('listing_order',$listing_order); - if (is_numeric($_POST['get_children_offset'])) $offset=$_POST['get_children_offset']; - else $offset=0; + if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) { + $offset=$_POST['get_children_offset']; + } else { $offset=0; } //movement forward and backward @@ -545,7 +554,7 @@ if ($node['external_link']=='header://svg' && !is_numeric($template_id)) { } //show own header -elseif ($_SESSION['header_id']==true) { +elseif (isset($_SESSION['header_id']) && ($_SESSION['header_id']==true)) { $smarty->assign('header_id',$_SESSION['header_id']); $smarty->template_dir=OWN_TEMPLATE_DIR; $content=$smarty->fetch($_SESSION['header_id'].".tpl");