fixed bug in permissions (node was displayed even with external_access=no)
[mirrors/Kyberia-bloodline.git] / wwwroot / nodes.php
CommitLineData
51ff3226 1<?php
cae06914 2//requiring main config file with path/database etc. constants
3require_once('config/config.inc');
4
5//Ask for auth if enabled...
6//if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php');
7
51ff3226 8//starting timer for benchmarking purposes
9$timer_start=Time()+SubStr(MicroTime(),0,8);
51ff3226 10//setting PHPSESSID cookie and starting user session
91b49c82
DH
11
12//error reporting has to be before session_start
13error_reporting(-1);
14ini_set('display_errors','On');
51ff3226 15session_start();
16
5c9aff9f 17@ini_set('magic_quotes_gpc' , 'off');
cae06914 18if(get_magic_quotes_gpc()) {
19 die("Error: magic_quotes_gpc needs to be disabled! F00K!\n");
20}
5c9aff9f 21
4dd26acd 22//Smarty from DB
00be2b5c 23$smarty_resource = 'kyberia';
822594dc 24
51ff3226 25//connecting to database and creating universal $db object
1675d71f 26//require_once(INCLUDE_DIR.'senate.inc'); // in config already
cb5cd120
H
27require_once(INCLUDE_DIR.'log.inc');
28require_once(INCLUDE_DIR.'ubik.inc');
29require_once(INCLUDE_DIR.'nodes.inc');
30require_once(INCLUDE_DIR.'error_messages.inc');
31require_once(INCLUDE_DIR.'database.inc');
32require_once(INCLUDE_DIR.'transports.inc');
51ff3226 33
e23557a6 34$db = new CLASS_DATABASE();
51ff3226 35
bc85490b 36switch(true) {
91b49c82 37 case preg_match('/id\/([0-9]+)(?:\/([a-zA-Z0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match):
bc85490b
H
38 $_GET['node_id']=$match[1];
39 if (!empty($match[2])) {
40 $_GET['template_id']=$match[2];
41 }
91b49c82
DH
42 //Base36
43/*
bc85490b
H
44 if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack...
45 header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
46 (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
47 );
91b49c82 48 die("Die!!! All Fascists Are Bastards...\n")
bc85490b 49 }
91b49c82 50*/
bc85490b 51 break;
91b49c82
DH
52
53 case preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]+))?/',$_SERVER['PATH_INFO'],$match):
bc85490b
H
54 $_GET['node_id']=base_convert($match[1], 36, 10);
55 if (!empty($match[2])) {
91b49c82 56 $_GET['template_id']=$match[2];
bc85490b
H
57 }
58 break;
59 case preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
60 $_GET['node_id'] = nodes::getNodeIdByName($match[1]);
61 break;
de8e1dde
H
62 case preg_match('/search\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
63 //$query = nodes::getNodeIdByName($match[1]);
64 //XXX TODO: Predat searchi az bude fungovat
65 break;
bc85490b
H
66 case preg_match('/\/(.+)\/?$/',$_SERVER['PATH_INFO'],$match):
67 $_GET['node_id'] = nodes::getNodeIdByName($match[1]);
68 break;
69 default:
de8e1dde 70 $_GET['node_id']=1; //WELCOME_NODE
bc85490b 71 break;
08f5f7a7
DH
72}
73
e7c3a55a
DH
74
75
51ff3226 76if (!empty($_GET['template_id'])) {
77 $template_id=$_GET['template_id'];
5b9c0808 78} else {
79 $template_id=false;
51ff3226 80}
51ff3226 81
91b49c82
DH
82error_reporting(E_ALL);
83//use wwwroot/debugswitch.php (from Your browser) to switch debugging on/off
8f03b4ac 84if(isset($_SESSION['debugging']) && $_SESSION['debugging']) {
91b49c82 85 ini_set('display_errors','On');
08f5f7a7
DH
86 echo 'GET VARIABLES::<br/>';
87 print_r($_GET);
88 echo 'POST VARIABLES::<br/>';
89 print_r($_POST);
91b49c82
DH
90 echo 'FILES VARIABLES::<br/>';
91 print_r($_FILES);
08f5f7a7
DH
92 echo '<b>SESSION VARIABLES::</b><br/>';
93 print_r($_SESSION);
8f03b4ac 94} else {
fee499b9 95 $_SESSION['debugging']=false;
8f03b4ac 96 set_error_handler('logger::error_handler');
08f5f7a7
DH
97}
98
f046f788
H
99require_once(INCLUDE_DIR.'logout_idle.inc'); //Logout when idle
100
de8e1dde 101//initializing node
08f5f7a7
DH
102$node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
103
065440d5 104//XXX Paths are wrong (!)
51ff3226 105//loading smarty template engine and setting main parameters
106require(SMARTY_DIR.'Smarty.class.php');
107$smarty = new Smarty;
6a967e24 108require(INCLUDE_DIR.'smarty/resource.kyberia.php');
00be2b5c 109$smarty->default_resource_type=$smarty_resource;
51ff3226 110
065440d5 111//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
39244cfc 112$smarty->template_dir = TEMPLATE_DIR;
51ff3226 113//echo TEMPLATE_DIR.TEMPLATE_SET;
114//echo $smarty->template_dir;
a81e2af2 115$smarty->compile_dir = SYSTEM_DATA.'templates_c/';
175043f4 116$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
51ff3226 117$smarty->cache_dir = SMARTY_DIR.'cache/';
118$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
a0e722be 119if (isset($_SESSION['debugging']) && $_SESSION['debugging']) $smarty->debugging=true;
51ff3226 120
9850bdc4 121// initializing variables
122// preg_replace prevents LFI
65c78def 123if (empty($_POST['event'])) $event='display';
9850bdc4 124else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
51ff3226 125
126
a0e722be 127if (isset($_SESSION['debugging']) && $_SESSION['debugging']) {
51ff3226 128 echo "<pre><b>NODE::";
129 print_r($node);
130 echo "</pre>";
131}
132
12425f11 133if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
006bd683 134 $node['node_permission']='owner';
135}
51ff3226 136
006bd683 137if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
51ff3226 138 if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
139 echo "node::".$node['node_vector'];
140 echo "cube_Vector::".$_SESSION['cube_vector'];
141 echo "you are out of allowed cwbe. access forbidden";
142 die();
143 }
144}
145
13826e4f 146#@include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz...
51ff3226 147
148//checking permissions
7a5cc9b5
DH
149include_once(BACKEND_DIR.'/'.DB_TYPE.'/permissions.inc');
150$permissions=permissions::checkPerms($node);
13826e4f 151if (!empty($_SESSION['debugging']) && $_SESSION['debugging']) {
7a5cc9b5 152 print_r($permissions);
51ff3226 153}
7a5cc9b5 154
51ff3226 155
08f5f7a7
DH
156
157// DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
158//creating neural network
6cfa89c1 159if (preg_match('/id\/(\d+)/',isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER'] : "",$match)) {
e7c3a55a 160 $referer_id=$match[1];
6cfa89c1 161} elseif (preg_match('/k\/([a-z0-9]{1,7})/',isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER'] : "",$match)) {
e7c3a55a 162 $referer_id=base_convert($match[1], 36, 10);
6cfa89c1 163} elseif (preg_match('/name\/(.*?)\/?$/',isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER'] : "",$match)) {
e7c3a55a
DH
164 $referer_id = nodes::getNodeIdByName($match[1]);
165}
166
08f5f7a7
DH
167$db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
168if (isset($referer_id) && is_numeric($referer_id)) {
169 $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
170 $result=$db->update($q);
171 if (!$result) {
172 $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
173 $db->query($q);
174 }
175} else {
176 logger::log('enter',$node['node_id'],'failed');
177}
178
179
180
570ab4b6 181//entering the node (executing the eventz)
51ff3226 182if (($permissions['r']) || ($event != 'register')) {
5b9c0808 183 //performing node_events (based on update/insert/delete db queries)
184 if ($event) {
185 require(INCLUDE_DIR.'eventz.inc');
186 }
51ff3226 187}
188
51ff3226 189?>
This page took 0.818231 seconds and 4 git commands to generate.