From 5b9c0808f40b7b6aa4545625b4dfa6a909f15e4e Mon Sep 17 00:00:00 2001 From: niekt0 Date: Sun, 21 Nov 2010 21:04:02 +0100 Subject: [PATCH] Added minor comments, started movil SQL into backed, register update --- cron/process-images.sh | 3 ++ cron/register.php | 6 ++- data/templates/own_templates/1549839.tpl | 2 +- doc/TODO | 36 ++++++-------- wwwroot/backend/mysql/backend.inc | 34 +++++++++++++ wwwroot/config/config_default.inc | 6 +++ wwwroot/inc/eventz/register_users.inc | 57 +++++++++++---------- wwwroot/inc/eventz/registruj_novych.inc | 14 +++--- wwwroot/nodes.php | 63 ++++++++++++++++-------- 9 files changed, 142 insertions(+), 79 deletions(-) diff --git a/cron/process-images.sh b/cron/process-images.sh index e0f6936..bee85a1 100755 --- a/cron/process-images.sh +++ b/cron/process-images.sh @@ -1,5 +1,8 @@ #!/bin/sh +# XXX do we even need this? +# configure_image_new could resize image itself + # Script na upravu uploadnutych obrazkov k nodes (backend k eventu configure_image_new #2105641) # Spustane z CRONu cca raz za 2 - 5 minut diff --git a/cron/register.php b/cron/register.php index 38bf9ea..43b2bc1 100755 --- a/cron/register.php +++ b/cron/register.php @@ -2,7 +2,9 @@ next()) { mail($mail,"kyberia gate is opened","Vitaj v kyberii"); //VHODNE POSLAT ZACIATOCNIKOVI POSTU -// ubik::ubikMail($params); + ubik::ubikMail($params); } ?> diff --git a/data/templates/own_templates/1549839.tpl b/data/templates/own_templates/1549839.tpl index ff07e4f..bc7f35b 100644 --- a/data/templates/own_templates/1549839.tpl +++ b/data/templates/own_templates/1549839.tpl @@ -27,7 +27,7 @@ {*/if*} - + {* put.Ty hack *} diff --git a/doc/TODO b/doc/TODO index 2ad1c92..8528826 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,15 +1,22 @@ - User mail is not working + (mail seems to be stored in db, + error is probably somewhere in template + 1549888.tpl, 1549887.tpl or 25.tpl ) + Anyway move whole mail handling out of nodes.php (?) - Registration process is not working - (rewrite sending of reg. mails) + (rewrite sending of reg. mails) (TEST) - SQL injections (many fixed, but some should be still there) -- remove absolute paths from all source files (!) (over 50) +- remove absolute paths from all source files (!) + +- User images (icons) seems to be broken somehow - remove hard-coded hostname from: ( registration mails ) ( scripts in "scripts" directory (system paths)) + - Fix https vs http problem (url) - Suspected security holes: @@ -17,22 +24,6 @@ ( ./inc/eventz/spamuj_ubik.inc ) ( ./inc/eventz/upload_own_template.inc ) (is even needed?) -- Remove eventz (and files) that are not used (verify this before removing) - ( ./inc/eventz/login_lockout_test.inc ) - ( ./inc/eventz/add_test.inc ) - ( ./inc/eventz/add_ubik_friend.inc ) - ( ./inc/eventz/cron_test.inc ) - ( ./inc/eventz/login_test.inc ) - ( ./inc/eventz/mail_test.inc ) - ( ./inc/eventz/test_button.inc ) - ( ./inc/eventz/testing_cron.inc ) - ( ./inc/eventz/testm.inc ) - ( ./inc/eventz/send-old.inc ) - ( ./inc/eventz/destroy_synapse2.inc ) - ( ./inc/eventz/login2.inc ) - ( ./inc/eventz/send2.inc ) - ( ./inc/eventz/set_parent2.inc ) - - Remove/fix not working eventz ( ./inc/eventz/addClass.inc ) ( ./inc/eventz/addEvent.inc ) @@ -47,13 +38,16 @@ - keep fixing XSS -- documentation/installation guide (see README) +- Test & scale logarithmic threading + +- some templates are fixed only in .tpl, not in sql database + => synchronize .tpl vs SQL templates (permanently) - Clean code => fix uninitialized variables -- Implement URL handling using PATH_INFO instead of mod_rewrite +- documentation/installation guide (see README) -- some templates are fixed only in .tpl, not in sql database +- Implement URL handling using PATH_INFO instead of mod_rewrite - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) (We can use multiple hash algorithms (so we'll have backward DB compatibility): diff --git a/wwwroot/backend/mysql/backend.inc b/wwwroot/backend/mysql/backend.inc index b3f17dc..cca3d70 100644 --- a/wwwroot/backend/mysql/backend.inc +++ b/wwwroot/backend/mysql/backend.inc @@ -1,3 +1,37 @@ update("update nodes set node_views=node_views+1 where". + "node_id='".$node_id."'"); + if (is_numeric($referer_id) && ($referer_id)) { + $q="update neurons set synapse=synapse+1 where ". + "dst='".$node_id."' and src='$referer_id'"; + $result=$db->update($q); + if (!$result) { + $q="insert into neurons set synapse_creator='". + $user_id."',dst='".$node_id. + "',src='$referer_id',synapse=1"; + $db->query($q); + } + } + + // LEVENSHTEIN + + // these 4 lines are not the source of kyberia lagging problems. + // leave them. started on the 10.4. + // data gained will be used for scientific purposes + if ($user_id) { + $q="insert delayed into levenshtein set user_id='". + $user_id."',node_id='".$node_id."'"; + $db->update($q); + } +} + ?> diff --git a/wwwroot/config/config_default.inc b/wwwroot/config/config_default.inc index 8acfcba..4eaaa88 100644 --- a/wwwroot/config/config_default.inc +++ b/wwwroot/config/config_default.inc @@ -2,6 +2,7 @@ // Default kyberia configuration file. // This runs kyberia on localhost with single database. +define('DB_TYPE', 'mysql'); // mysql of psql so far. define('DB_HOST', 'localhost'); define('DB_USER', 'kyberia'); define('DB_PASS', 'levenshtein'); @@ -25,6 +26,11 @@ define('CLASS_DIR', INCLUDE_DIR . 'class/'); define('EVENT_DIR', INCLUDE_DIR . 'eventz/'); define('SYSTEM_URL', 'kyberia.cz:8023'); +define('SYSTEM_SMTP', 'molly.kyberia.cz'); +define('SYSTEM_EMAIL', 'admin@kyberia.cz'); +define('SYSTEM_EMAIL_NAME', 'Ubik osobne'); + + define('UBIK_ID', '332'); define('DEFAULT_LISTING_AMOUNT','32'); define('DEFAULT_LISTING_ORDER', 'desc'); diff --git a/wwwroot/inc/eventz/register_users.inc b/wwwroot/inc/eventz/register_users.inc index dba5088..ebb06a6 100644 --- a/wwwroot/inc/eventz/register_users.inc +++ b/wwwroot/inc/eventz/register_users.inc @@ -1,3 +1,5 @@ +IsSMTP(); // send via SMTP +$mail->IsSMTP(); // send via SMTP // XXX use constants from config file $mail->Host = "molly.kyberia.cz"; // SMTP servers $mail->From = "root@kyberia.cz"; $mail->FromName = "kyberia.cz admin"; @@ -14,37 +16,38 @@ $mail->Subject = "kyberia.cz uspesna registracia"; if (!$permissions['w']) { -$error="you don't have permissions for performing this event"; -return false; + $error="you don't have permissions for performing this event"; + return false; } -foreach ($_POST['waiting'] as $user =>$value) { -$set=$db->query("select email,login,node_creator from users left join nodes on nodes.node_id=users.user_id where user_id='$user'"); -$set->next(); -$email=$set->getString('email'); -$login=$set->getString('login'); +foreach ($_POST['waiting'] as $user =>$value) { //XXX SQLi + $set=$db->query("select email,login,node_creator from users". + "left join nodes on nodes.node_id=users.user_id". + "where user_id='$user'"); + $set->next(); + $email=$set->getString('email'); + $login=$set->getString('login'); -$application_id=$set->getString('node_creator'); + $application_id=$set->getString('node_creator'); -$params['node_creator']=$user_id; -$params['node_parent']=$application_id; -$params['node_name']="$login registered"; -$params['node_content']="user $login successfully registered by $user_name"; -nodes::addNode($params); - -$db->query("update nodes set node_creator=node_id where node_id='$user'"); -$db->query("insert into mail set mail_user='$user',mail_to='$user',mail_from='$user_id',mail_text='$hello'"); -$db->query("insert into mail set mail_user='$user_id',mail_to='$user',mail_from='$user_id',mail_text='$hello'"); -$db->query("update users set user_mail='1',user_mail_name='$user_name' where user_id='$user'"); -$mail->ClearAddresses(); -$mail->AddAddress($email); // optional name -$mail->AltBody = "bol si uspesne zaregistrovany do komunity ".SYSTEM_URL." s loginom $login . njoy"; -if(!$mail->Send()) -{ -$error="could not sent mail"; -return false; -} + $params['node_creator']=$user_id; + $params['node_parent']=$application_id; + $params['node_name']="$login registered"; + $params['node_content']="user $login successfully registered by $user_name"; + nodes::addNode($params); + $db->query("update nodes set node_creator=node_id where node_id='$user'"); + $db->query("insert into mail set mail_user='$user',mail_to='$user',mail_from='$user_id',mail_text='$hello'"); + $db->query("insert into mail set mail_user='$user_id',mail_to='$user',mail_from='$user_id',mail_text='$hello'"); + $db->query("update users set user_mail='1',user_mail_name='$user_name' where user_id='$user'"); + $mail->ClearAddresses(); + $mail->AddAddress($email); // optional name + $mail->AltBody = "bol si uspesne zaregistrovany do komunity " + .SYSTEM_URL." s loginom $login . njoy"; + if(!$mail->Send()){ + $error="could not sent mail"; + return false; + } } return true; } diff --git a/wwwroot/inc/eventz/registruj_novych.inc b/wwwroot/inc/eventz/registruj_novych.inc index ed08bd7..bda9f25 100644 --- a/wwwroot/inc/eventz/registruj_novych.inc +++ b/wwwroot/inc/eventz/registruj_novych.inc @@ -1,17 +1,15 @@ > debug user -$q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes -left join users on nodes.node_creator=users.user_id where node_name='request for access' and node_parent=2091448 and -k>=5"; +// XXX parametrize -/* $q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes -left join users on nodes.node_creator=users.user_id where node_name!='request for access' and node_parent=2091448 and -k>=3 and user_id=2110364"; -*/ +left join users on nodes.node_creator=users.user_id where +node_name='request for access' and node_parent=2091448 and k>=5"; $set=$db->query($q); while ($set->next()) { diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php index cbbed84..9a5ff1b 100644 --- a/wwwroot/nodes.php +++ b/wwwroot/nodes.php @@ -48,15 +48,16 @@ $db = new CLASS_DATABASE(); if (!empty($_GET['template_id'])) { $template_id=$_GET['template_id']; +} else { + $template_id=false; } -else $template_id=false; //initializing node methods if (!empty($_GET['node_name'])) { $node = nodes::redirByName($_GET['node_name']); -} -elseif (!empty($_GET['node_id'])) { - $node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:''); +} elseif (!empty($_GET['node_id'])) { + $node = nodes::getNodeById($_GET['node_id'], + (isset($_SESSION['user_id']))?$_SESSION['user_id']:''); } //XXX Paths are wrong (!) @@ -135,7 +136,7 @@ function _checkPermissions() } // mail rss -if ($template_id=='rss') +if ($template_id=='rss') //XXX WHAT? { $_feedType = "RSS0.91"; if (!is_numeric($_SESSION['user_id'])) @@ -172,6 +173,7 @@ if ($template_id=='rss') $rss->description = ""; $rss->link = "https://". SYSTEM_URL . "/id/24"; + //XXX into function $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas, userfrom.user_action as locationfrom_action, userfrom.user_action_id as locationfrom_action_id, @@ -202,7 +204,7 @@ if ($template_id=='rss') $rss = new UniversalFeedCreator(); $rss->title = "Kyberia bookmarks"; - $rss->link = "http://".SYSTEM_URL."/id/19"; + $rss->link = "http://".SYSTEM_URL."/id/19"; //XXX https ? require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php'); smarty_function_get_bookmarks(array(), $smarty); @@ -265,29 +267,37 @@ _checkPermissions(); //sventest if (($permissions['r']) || ($event != 'register')) { -//performing node_events (based on update/insert/delete db queries) -if ($event) { - require(INCLUDE_DIR.'eventz.inc'); -} + //performing node_events (based on update/insert/delete db queries) + if ($event) { + require(INCLUDE_DIR.'eventz.inc'); + } -elseif ($transaction) { - require(INCLUDE_DIR.'transaction.inc'); -} -//end of performing node events + elseif ($transaction) { + require(INCLUDE_DIR.'transaction.inc'); + } + //end of performing node events -//sventest + //sventest } if ($permissions['r']) { -//these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes +// these 4 lines are not the source of kyberia lagging problems. +// leave them. started on the 10.4. +// data gained will be used for scientific purposes + +// if (isset($_SESSION['user_id']) { +// log_levenshtein($_SESSION['user_id'],$node['node_id']); +// } + if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) { $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'"; $db->update($q); } //if node is css +//XXX into function if ($node['template_id']!='2019721'){ logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']); @@ -299,12 +309,21 @@ if ($node['template_id']!='2019721'){ if (!$result) { $q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()"; $db->query($q); - } -}//end of if node os css + } + }//end of if node os css } +} + +//XXX into function +// if (isset($_SESSION['user_id']) { +// if (isset($referer_id)) { +// update_nodes($_SESSION['user_id'],$node['node_id'],$referer_id); +// } else { +// update_nodes($_SESSION['user_id'],$node['node_id'],0); +// } +// } - } // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! //creating neural network $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'"); @@ -324,6 +343,7 @@ elseif (!$permissions['r'] && $_GET['magic_word']) { if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) { $magic_uid=$mu['1']; $magic_word=addslashes($mu['2']); + // XXX WTF column magic_word does not exists $q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'"; $set=$db->query($q); if ($set->getNumRows()) { @@ -355,6 +375,7 @@ if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) { $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural $smarty->assign('user_quota',$_SESSION['user_quota']); + // XXX into function $newmail_q = sprintf('select u.user_mail_id , u.user_k , u.k_wallet @@ -367,10 +388,10 @@ if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) { $user_id); $newmailset = $db->query($newmail_q); -//$newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'"); $newmailset->next(); $new_mail=$newmailset->getString('user_mail'); + // XXX into function $newmailset2 = $db->query("select users.user_mail_id,mailsender.login from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'"); $newmailset2->next(); @@ -387,6 +408,7 @@ if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) { if ($node['node_name']=='mail') { //clear new mail message + if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'"); //set messages as delivered to recipient @@ -434,6 +456,7 @@ else { } +// XXX into function if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){ //setting user location $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'"; -- 2.30.2