wwwroot/nodes.php

   1 <?php
   2 //requiring main config file with path/database etc. constants
   3 require_once('config/config.inc');
   4
   5 //Ask for auth if enabled...
   6 //if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php');
   7
   8 //starting timer for benchmarking purposes
   9 $timer_start=Time()+SubStr(MicroTime(),0,8);
  10 //setting PHPSESSID cookie and starting user session
  11 session_start();
  12
  13 @ini_set('magic_quotes_gpc' , 'off');
  14 if(get_magic_quotes_gpc()) {
  15         die("Error: magic_quotes_gpc needs to be disabled! F00K!\n");
  16 }
  17
  18 //Smarty from DB
  19 $smarty_resource = 'kyberia';
  20 //$smarty_resource = ''; //same as 'file' (fallback)
  21 /* I have moved old templates to DB using following lame script:
  22  * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1);
  23    echo UPDATE nodes SET node_content = "'$(php -r
  24    "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE
  25    node_id = "'$j'" COLLATE utf8_bin LIMIT '1;';
  26    done | mysql --user=kyberia --password=PASSSSSSS kyberia
  27  * In future we should have some mechanism for distributing templates
  28  * because they are very important part of kyberia source...
  29  */
  30
  31 //connecting to database and creating universal $db object
  32 //require_once(INCLUDE_DIR.'senate.inc'); // in config already
  33 require_once(INCLUDE_DIR.'log.inc');
  34 require_once(INCLUDE_DIR.'ubik.inc');
  35 require_once(INCLUDE_DIR.'nodes.inc');
  36 require_once(INCLUDE_DIR.'error_messages.inc');
  37 require_once(INCLUDE_DIR.'database.inc');
  38 require_once(INCLUDE_DIR.'transports.inc');
  39
  40 $db = new CLASS_DATABASE();
  41
  42 switch(true) {
  43         case preg_match('/id\/([0-9]+)(?:\/([0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match):
  44                 //      print_r($match);
  45                 $_GET['node_id']=$match[1];
  46                 if (!empty($match[2])) {
  47                         $_GET['template_id']=$match[2];
  48                 }
  49                 //Base36 fascism redirect
  50                 if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack...
  51                         header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
  52                                 (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
  53                         );
  54                         die("Die!!! All Fascists Are Bastards...\n");
  55                 }
  56                 break;
  57         case preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]{1,7}))?/',$_SERVER['PATH_INFO'],$match):
  58                 $_GET['node_id']=base_convert($match[1], 36, 10);
  59                 if (!empty($match[2])) {
  60                         $_GET['template_id']=base_convert($match[2],36,10);
  61                 }
  62                 break;
  63         case preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
  64                 $_GET['node_id']  = nodes::getNodeIdByName($match[1]);
  65                 break;
  66         case preg_match('/search\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
  67                 //$query  = nodes::getNodeIdByName($match[1]);
  68                 //XXX TODO: Predat searchi az bude fungovat
  69                 break;
  70         case preg_match('/\/(.+)\/?$/',$_SERVER['PATH_INFO'],$match):
  71                 $_GET['node_id']  = nodes::getNodeIdByName($match[1]);
  72                 break;
  73         default:
  74                 $_GET['node_id']=1; //WELCOME_NODE
  75                 break;
  76 }
  77
  78 if (!empty($_GET['template_id'])) {
  79         $template_id=$_GET['template_id'];
  80 } else {
  81         $template_id=false;
  82 }
  83
  84 error_reporting(E_ALL | E_STRICT);
  85 //$_SESSION['debugging']=0;
  86 //unset($_SESSION['debugging']);
  87 //Well... we should make some event
  88 //or JavaScript page to turning this on/off...
  89 //exit;
  90 if(isset($_SESSION['debugging']) && $_SESSION['debugging']) {
  91     echo 'GET VARIABLES::<br/>';
  92     print_r($_GET);
  93     echo 'POST VARIABLES::<br/>';
  94     print_r($_POST);
  95     echo '<b>SESSION VARIABLES::</b><br/>';
  96     print_r($_SESSION);
  97 } else {
  98         set_error_handler('logger::error_handler');
  99 }
 100
 101 require_once(INCLUDE_DIR.'logout_idle.inc'); //Logout when idle
 102
 103 //initializing node
 104 $node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
 105
 106 //XXX Paths are wrong (!)
 107 //loading smarty template engine and setting main parameters
 108 require(SMARTY_DIR.'Smarty.class.php');
 109 $smarty = new Smarty;
 110 require(INCLUDE_DIR.'smarty/resource.kyberia.php');
 111 $smarty->default_resource_type=$smarty_resource;
 112
 113 //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
 114 $smarty->template_dir = TEMPLATE_DIR;
 115 //echo TEMPLATE_DIR.TEMPLATE_SET;
 116 //echo $smarty->template_dir;
 117 $smarty->compile_dir = SYSTEM_DATA.'templates_c/';
 118 $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
 119 $smarty->cache_dir = SMARTY_DIR.'cache/';
 120 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
 121 if ($_SESSION['debugging']) $smarty->debugging=true;
 122
 123 // initializing variables
 124 // preg_replace prevents LFI
 125 if (empty($_POST['event'])) $event='display';
 126 else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
 127
 128
 129 if ($_SESSION['debugging']) {
 130         echo "<pre><b>NODE::";
 131         print_r($node);
 132         echo "</pre>";
 133 }
 134
 135 if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
 136         $node['node_permission']='owner';
 137 }
 138
 139 if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
 140         if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
 141                 echo "node::".$node['node_vector'];
 142                 echo "cube_Vector::".$_SESSION['cube_vector'];
 143                 echo "you are out of allowed cwbe. access forbidden";
 144                 die();
 145         }
 146 }
 147
 148 @include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz...
 149
 150 //checking permissions
 151 include_once(BACKEND_DIR.'/'.DB_TYPE.'/permissions.inc');
 152 $permissions=permissions::checkPerms($node);
 153 if ($_SESSION['debugging']) {
 154         print_r($permissions);
 155 }
 156
 157
 158
 159 // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 160 //creating neural network
 161 $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
 162 if (isset($referer_id) && is_numeric($referer_id)) {
 163         $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
 164         $result=$db->update($q);
 165         if (!$result) {
 166                 $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
 167                 $db->query($q);
 168                 }
 169 } else {
 170         logger::log('enter',$node['node_id'],'failed');
 171 }
 172
 173
 174
 175 //entering the node (executing the eventz)
 176 if (($permissions['r']) || ($event != 'register')) {
 177         //performing node_events (based on update/insert/delete db queries)
 178         if ($event) {
 179                 require(INCLUDE_DIR.'eventz.inc');
 180         }
 181 }
 182
 183 ?>