[mirrors/Kyberia-bloodline.git] / wwwroot / nodes.php

<?php

//requiring main config file with path/database etc. constants
require_once('config/config.inc'); 

//Ask for auth if enabled...
//if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php'); 

//PATH_INFO Debug (usefull when messing with mod_rewrite)
//echo($_SERVER['PATH_INFO']."\n<pre>"); 
//var_dump(preg_split('/\//', $_SERVER['PATH_INFO'])); die();
//output buffering forcing (mx)

if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();

//header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
//echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
//exit;

//starting timer for benchmarking purposes
$timer_start=Time()+SubStr(MicroTime(),0,8);
//setting PHPSESSID cookie and starting user session
session_start();

error_reporting(1);
//$_SESSION['debugging']=1;
//unset($_SESSION['debugging']); 
//Well... we should make some event 
//or JavaScript page to turning this on/off...
//exit;


if ($_SESSION['debugging']) {

    error_reporting(E_ALL);
    echo 'GET VARIABLES::<br/>';
    print_r($_GET);
    echo 'POST VARIABLES::<br/>';
    print_r($_POST);
    echo '<b>SESSION VARIABLES::</b><br/>';
    print_r($_SESSION);
}

@ini_set('magic_quotes_gpc' , 'off');
if(get_magic_quotes_gpc()) {
	die("Error: magic_quotes_gpc needs to be disabled! F00K!\n");
}

//Smarty from DB
$smarty_resource = 'kyberia';
//$smarty_resource = ''; //same as 'file' (fallback)
/* I have moved old templates to DB using following lame script:
 * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1); 
   echo UPDATE nodes SET node_content = "'$(php -r 
   "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE 
   node_id = "'$j'" COLLATE utf8_bin LIMIT '1;';
   done | mysql --user=kyberia --password=PASSSSSSS kyberia
 * In future we should have some mechanism for distributing templates 
 * because they are very important part of kyberia source...
 */

//Path info (Experimental - this replaced most of mod_rewrites...)
@$PATH_INFO=trim($_SERVER[PATH_INFO]);
if($PATH_INFO != '') {
	$PATH_CHUNKS = preg_split('/\//', $PATH_INFO);
	if(isset($PATH_CHUNKS[1])) switch($PATH_CHUNKS[1]) {
		case 'k':
			if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_kid'] = $PATH_CHUNKS[2];
			if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_kid'] = $PATH_CHUNKS[3];
			break;
		case 'id':
			if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_id'] = $PATH_CHUNKS[2];
			if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_id'] = $PATH_CHUNKS[3];

			//Base36 fascism redirect
			if($_GET['template_id'] == 'download') break; //Fix ugly download hack...
			if(!count($_POST)) {
				header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
					(isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
				);
				die("Base36 fascism...\n"); 
				// If you want to be a fascist 
				// you have to die imediatelly...
			}

			break;
		default:
			if($PATH_CHUNKS[1] != '') $_GET['node_name'] = $PATH_CHUNKS[1];
			if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['template_kid'] = $PATH_CHUNKS[2];
			break;
	}
}
if(
	(!isset($_GET['node_kid']) || trim($_GET['node_kid']) == '') &&
	(!isset($_GET['node_id']) || trim($_GET['node_id']) == '')
) $_GET['node_kid'] = 1;

//Base36 http://en.wikipedia.org/wiki/Base_36 (Initial support only :-)
if(isset($_GET['node_kid'])) $_GET['node_id'] = base_convert($_GET['node_kid'], 36, 10);
if(isset($_GET['template_kid'])) $_GET['template_id'] = base_convert($_GET['template_kid'], 36, 10);

if (isset($_SERVER['HTTP_REFERER'])) {
	preg_match('/(k|id)\/([0-9]*)\//',$_SERVER['HTTP_REFERER'],$ref_match);
	$referer_id=$ref_match[1];
}

//connecting to database and creating universal $db object
//require_once(INCLUDE_DIR.'senate.inc'); // in config already
require_once(INCLUDE_DIR.'log.inc');
require_once(INCLUDE_DIR.'ubik.inc');
require_once(INCLUDE_DIR.'nodes.inc');
require_once(INCLUDE_DIR.'error_messages.inc');
require_once(INCLUDE_DIR.'database.inc');
require_once(INCLUDE_DIR.'transports.inc');

$db = new CLASS_DATABASE();

if (!empty($_GET['template_id'])) {
	$template_id=$_GET['template_id'];
} else {
	$template_id=false;
}

//initializing node methods
if (!empty($_GET['node_name'])) {
	$node  = nodes::redirByName($_GET['node_name']);
} elseif (!empty($_GET['node_id'])) {
	$node = nodes::getNodeById($_GET['node_id'],
		(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
}

//XXX Paths are wrong (!)
//loading smarty template engine and setting main parameters
require(SMARTY_DIR.'Smarty.class.php');
$smarty = new Smarty;
require(INCLUDE_DIR.'smarty/resource.kyberia.php');
$smarty->default_resource_type=$smarty_resource;

//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
$smarty->template_dir = TEMPLATE_DIR;
//echo TEMPLATE_DIR.TEMPLATE_SET;
//echo $smarty->template_dir;
$smarty->compile_dir = SYSTEM_DATA.'templates_c/';
$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
$smarty->cache_dir = SMARTY_DIR.'cache/';
$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
if ($_SESSION['debugging']) $smarty->debugging=true;

// initializing variables
// preg_replace prevents LFI
if (empty($_POST['event'])) $event='display';
else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);


if ($_SESSION['debugging']) {
	echo "<pre><b>NODE::";
	print_r($node);
	echo "</pre>";
}

if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
	$node['node_permission']='owner';
}

if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
	if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
		echo "node::".$node['node_vector'];
		echo "cube_Vector::".$_SESSION['cube_vector'];
		echo "you are out of allowed cwbe. access forbidden";
		die();
	}
}

//if not existent node show our own 404
if (empty($node)) {
	$nodes= nodes::getNodesByName($_GET['node_name']);
	if ($nodes) {
		$smarty->assign('nodes',$nodes);
		$content=$smarty->display('404.tpl');
		die();
	}
	elseif ($_SESSION['user_id']) {
		$smarty->assign('node_name',$_GET['node_name']);
		$content=$smarty->display("modules/addnode.tpl");
	}
}

//modifying node glass pearl //XXX WTF
//if (is_array($children_types[$node['node_type']])) {
//	$smarty->assign('children_types',$children_types[$node['node_type']]);
//}

//smarty->assign('types',$types);
//$node['node_type']=$types[$node['node_type']];

@include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz...

//checking permissions
function _checkPermissions()
{
	global $permissions, $node;
	require(INCLUDE_DIR.'permissions.inc');
	$permissions=permissions::checkPermissions($node);
	$permissions['h']=permissions::isHierarch($node);
}
_checkPermissions();

//entering the node (executing the eventz)
if (($permissions['r']) || ($event != 'register')) {
	//performing node_events (based on update/insert/delete db queries)
	if ($event) {
		require(INCLUDE_DIR.'eventz.inc');
	}
}

if (isset($_POST['FORCE_OB'])) ob_end_flush(); //output buffering forcing (mx)

?>
Commit	Line	Data
51ff3226	1	<?php
cae06914	2
	3	//requiring main config file with path/database etc. constants
	4	require_once('config/config.inc');
	5
	6	//Ask for auth if enabled...
	7	//if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php');
	8
	9	//PATH_INFO Debug (usefull when messing with mod_rewrite)
	10	//echo($_SERVER['PATH_INFO']."\n<pre>");
	11	//var_dump(preg_split('/\//', $_SERVER['PATH_INFO'])); die();
	12	//output buffering forcing (mx)
	13
51ff3226	14	if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();
51ff3226	15
51ff3226	16	//header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
51ff3226	17	//echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
51ff3226	18	//exit;
ab8ec5e5	19
51ff3226	20	//starting timer for benchmarking purposes
51ff3226	21	$timer_start=Time()+SubStr(MicroTime(),0,8);
51ff3226	22	//setting PHPSESSID cookie and starting user session
	23	session_start();
	24
45a1b870	25	error_reporting(1);
cb4300b2	26	//$_SESSION['debugging']=1;
cae06914	27	//unset($_SESSION['debugging']);
	28	//Well... we should make some event
	29	//or JavaScript page to turning this on/off...
45a1b870	30	//exit;
45a1b870	31
51ff3226	32
	33	if ($_SESSION['debugging']) {
	34
	35	error_reporting(E_ALL);
a81e2af2	36	echo 'GET VARIABLES::<br/>';
51ff3226	37	print_r($_GET);
a81e2af2	38	echo 'POST VARIABLES::<br/>';
51ff3226	39	print_r($_POST);
a81e2af2	40	echo '<b>SESSION VARIABLES::</b><br/>';
51ff3226	41	print_r($_SESSION);
	42	}
	43
5c9aff9f	44	@ini_set('magic_quotes_gpc' , 'off');
cae06914	45	if(get_magic_quotes_gpc()) {
	46	die("Error: magic_quotes_gpc needs to be disabled! F00K!\n");
	47	}
5c9aff9f	48
4dd26acd	49	//Smarty from DB
00be2b5c H	50	$smarty_resource = 'kyberia';
	51	//$smarty_resource = ''; //same as 'file' (fallback)
	52	/* I have moved old templates to DB using following lame script:
cae06914	53	* for i in *.tpl; do j=$(echo "$i" \| cut -d . -f 1);
	54	echo UPDATE nodes SET node_content = "'$(php -r
	55	"echo mysql_escape_string(file_get_contents('$i'));")'" WHERE
	56	node_id = "'$j'" COLLATE utf8_bin LIMIT '1;';
	57	done \| mysql --user=kyberia --password=PASSSSSSS kyberia
	58	* In future we should have some mechanism for distributing templates
	59	* because they are very important part of kyberia source...
00be2b5c	60	*/
822594dc	61
a81e2af2	62	//Path info (Experimental - this replaced most of mod_rewrites...)
822594dc H	63	@$PATH_INFO=trim($_SERVER[PATH_INFO]);
822594dc H	64	if($PATH_INFO != '') {
a81e2af2	65	$PATH_CHUNKS = preg_split('/\//', $PATH_INFO);
20b73641	66	if(isset($PATH_CHUNKS[1])) switch($PATH_CHUNKS[1]) {
822594dc H	67	case 'k':
	68	if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_kid'] = $PATH_CHUNKS[2];
	69	if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_kid'] = $PATH_CHUNKS[3];
	70	break;
	71	case 'id':
	72	if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_id'] = $PATH_CHUNKS[2];
	73	if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_id'] = $PATH_CHUNKS[3];
692f2b82 H	74
692f2b82 H	75	//Base36 fascism redirect
93748c08	76	if($_GET['template_id'] == 'download') break; //Fix ugly download hack...
692f2b82 H	77	if(!count($_POST)) {
	78	header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
	79	(isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
	80	);
cae06914	81	die("Base36 fascism...\n");
	82	// If you want to be a fascist
	83	// you have to die imediatelly...
692f2b82 H	84	}
692f2b82 H	85
822594dc	86	break;
20b73641 H	87	default:
	88	if($PATH_CHUNKS[1] != '') $_GET['node_name'] = $PATH_CHUNKS[1];
	89	if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['template_kid'] = $PATH_CHUNKS[2];
	90	break;
822594dc H	91	}
822594dc H	92	}
15de3e32 H	93	if(
	94	(!isset($_GET['node_kid']) \|\| trim($_GET['node_kid']) == '') &&
	95	(!isset($_GET['node_id']) \|\| trim($_GET['node_id']) == '')
	96	) $_GET['node_kid'] = 1;
822594dc	97
96a2b554 H	98	//Base36 http://en.wikipedia.org/wiki/Base_36 (Initial support only :-)
	99	if(isset($_GET['node_kid'])) $_GET['node_id'] = base_convert($_GET['node_kid'], 36, 10);
	100	if(isset($_GET['template_kid'])) $_GET['template_id'] = base_convert($_GET['template_kid'], 36, 10);
	101
2bcd35a6	102	if (isset($_SERVER['HTTP_REFERER'])) {
a81e2af2	103	preg_match('/(k\|id)\/([0-9]*)\//',$_SERVER['HTTP_REFERER'],$ref_match);
2bcd35a6	104	$referer_id=$ref_match[1];
2bcd35a6	105	}
51ff3226	106
51ff3226	107	//connecting to database and creating universal $db object
1675d71f	108	//require_once(INCLUDE_DIR.'senate.inc'); // in config already
cb5cd120 H	109	require_once(INCLUDE_DIR.'log.inc');
	110	require_once(INCLUDE_DIR.'ubik.inc');
	111	require_once(INCLUDE_DIR.'nodes.inc');
	112	require_once(INCLUDE_DIR.'error_messages.inc');
	113	require_once(INCLUDE_DIR.'database.inc');
	114	require_once(INCLUDE_DIR.'transports.inc');
51ff3226	115
e23557a6	116	$db = new CLASS_DATABASE();
51ff3226	117
	118	if (!empty($_GET['template_id'])) {
	119	$template_id=$_GET['template_id'];
5b9c0808	120	} else {
5b9c0808	121	$template_id=false;
51ff3226	122	}
51ff3226	123
	124	//initializing node methods
	125	if (!empty($_GET['node_name'])) {
51ff3226	126	$node = nodes::redirByName($_GET['node_name']);
5b9c0808	127	} elseif (!empty($_GET['node_id'])) {
	128	$node = nodes::getNodeById($_GET['node_id'],
	129	(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
51ff3226	130	}
51ff3226	131
065440d5	132	//XXX Paths are wrong (!)
51ff3226	133	//loading smarty template engine and setting main parameters
	134	require(SMARTY_DIR.'Smarty.class.php');
	135	$smarty = new Smarty;
6a967e24	136	require(INCLUDE_DIR.'smarty/resource.kyberia.php');
00be2b5c	137	$smarty->default_resource_type=$smarty_resource;
51ff3226	138
065440d5	139	//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
39244cfc	140	$smarty->template_dir = TEMPLATE_DIR;
51ff3226	141	//echo TEMPLATE_DIR.TEMPLATE_SET;
51ff3226	142	//echo $smarty->template_dir;
a81e2af2	143	$smarty->compile_dir = SYSTEM_DATA.'templates_c/';
175043f4	144	$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
51ff3226	145	$smarty->cache_dir = SMARTY_DIR.'cache/';
	146	$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
	147	if ($_SESSION['debugging']) $smarty->debugging=true;
	148
9850bdc4	149	// initializing variables
9850bdc4	150	// preg_replace prevents LFI
65c78def	151	if (empty($_POST['event'])) $event='display';
9850bdc4	152	else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
51ff3226	153
	154
	155	if ($_SESSION['debugging']) {
	156	echo "<pre><b>NODE::";
	157	print_r($node);
	158	echo "</pre>";
	159	}
	160
12425f11	161	if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
006bd683	162	$node['node_permission']='owner';
006bd683	163	}
51ff3226	164
006bd683	165	if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
51ff3226	166	if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
	167	echo "node::".$node['node_vector'];
	168	echo "cube_Vector::".$_SESSION['cube_vector'];
	169	echo "you are out of allowed cwbe. access forbidden";
	170	die();
	171	}
	172	}
	173
	174	//if not existent node show our own 404
	175	if (empty($node)) {
	176	$nodes= nodes::getNodesByName($_GET['node_name']);
	177	if ($nodes) {
	178	$smarty->assign('nodes',$nodes);
00be2b5c	179	$content=$smarty->display('404.tpl');
51ff3226	180	die();
	181	}
	182	elseif ($_SESSION['user_id']) {
	183	$smarty->assign('node_name',$_GET['node_name']);
	184	$content=$smarty->display("modules/addnode.tpl");
	185	}
	186	}
	187
006bd683	188	//modifying node glass pearl //XXX WTF
09f0f2fa	189	//if (is_array($children_types[$node['node_type']])) {
	190	// $smarty->assign('children_types',$children_types[$node['node_type']]);
	191	//}
	192
ac6dff25	193	//smarty->assign('types',$types);
51ff3226	194	//$node['node_type']=$types[$node['node_type']];
570ab4b6 H	195
570ab4b6 H	196	@include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz...
51ff3226	197
	198	//checking permissions
	199	function _checkPermissions()
	200	{
	201	global $permissions, $node;
e909f81b	202	require(INCLUDE_DIR.'permissions.inc');
51ff3226	203	$permissions=permissions::checkPermissions($node);
	204	$permissions['h']=permissions::isHierarch($node);
	205	}
51ff3226	206	_checkPermissions();
51ff3226	207
570ab4b6	208	//entering the node (executing the eventz)
51ff3226	209	if (($permissions['r']) \|\| ($event != 'register')) {
5b9c0808	210	//performing node_events (based on update/insert/delete db queries)
	211	if ($event) {
	212	require(INCLUDE_DIR.'eventz.inc');
	213	}
51ff3226	214	}
51ff3226	215
570ab4b6	216	if (isset($_POST['FORCE_OB'])) ob_end_flush(); //output buffering forcing (mx)
51ff3226	217
51ff3226	218	?>