Commit | Line | Data |
---|---|---|
51ff3226 | 1 | <?php |
cae06914 | 2 | |
3 | //requiring main config file with path/database etc. constants | |
4 | require_once('config/config.inc'); | |
5 | ||
6 | //Ask for auth if enabled... | |
7 | //if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php'); | |
8 | ||
9 | //PATH_INFO Debug (usefull when messing with mod_rewrite) | |
10 | //echo($_SERVER['PATH_INFO']."\n<pre>"); | |
11 | //var_dump(preg_split('/\//', $_SERVER['PATH_INFO'])); die(); | |
12 | //output buffering forcing (mx) | |
13 | ||
51ff3226 | 14 | if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start(); |
15 | ||
51ff3226 | 16 | //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk"); |
51ff3226 | 17 | //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)"; |
18 | //exit; | |
ab8ec5e5 | 19 | |
51ff3226 | 20 | //starting timer for benchmarking purposes |
21 | $timer_start=Time()+SubStr(MicroTime(),0,8); | |
51ff3226 | 22 | //setting PHPSESSID cookie and starting user session |
23 | session_start(); | |
24 | ||
45a1b870 | 25 | error_reporting(1); |
cb4300b2 | 26 | //$_SESSION['debugging']=1; |
cae06914 | 27 | //unset($_SESSION['debugging']); |
28 | //Well... we should make some event | |
29 | //or JavaScript page to turning this on/off... | |
45a1b870 | 30 | //exit; |
31 | ||
51ff3226 | 32 | |
33 | if ($_SESSION['debugging']) { | |
34 | ||
35 | error_reporting(E_ALL); | |
a81e2af2 | 36 | echo 'GET VARIABLES::<br/>'; |
51ff3226 | 37 | print_r($_GET); |
a81e2af2 | 38 | echo 'POST VARIABLES::<br/>'; |
51ff3226 | 39 | print_r($_POST); |
a81e2af2 | 40 | echo '<b>SESSION VARIABLES::</b><br/>'; |
51ff3226 | 41 | print_r($_SESSION); |
42 | } | |
43 | ||
5c9aff9f | 44 | @ini_set('magic_quotes_gpc' , 'off'); |
cae06914 | 45 | if(get_magic_quotes_gpc()) { |
46 | die("Error: magic_quotes_gpc needs to be disabled! F00K!\n"); | |
47 | } | |
5c9aff9f | 48 | |
4dd26acd | 49 | //Smarty from DB |
00be2b5c H |
50 | $smarty_resource = 'kyberia'; |
51 | //$smarty_resource = ''; //same as 'file' (fallback) | |
52 | /* I have moved old templates to DB using following lame script: | |
cae06914 | 53 | * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1); |
54 | echo UPDATE nodes SET node_content = "'$(php -r | |
55 | "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE | |
56 | node_id = "'$j'" COLLATE utf8_bin LIMIT '1;'; | |
57 | done | mysql --user=kyberia --password=PASSSSSSS kyberia | |
58 | * In future we should have some mechanism for distributing templates | |
59 | * because they are very important part of kyberia source... | |
00be2b5c | 60 | */ |
822594dc | 61 | |
a81e2af2 | 62 | //Path info (Experimental - this replaced most of mod_rewrites...) |
822594dc H |
63 | @$PATH_INFO=trim($_SERVER[PATH_INFO]); |
64 | if($PATH_INFO != '') { | |
a81e2af2 | 65 | $PATH_CHUNKS = preg_split('/\//', $PATH_INFO); |
20b73641 | 66 | if(isset($PATH_CHUNKS[1])) switch($PATH_CHUNKS[1]) { |
822594dc H |
67 | case 'k': |
68 | if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_kid'] = $PATH_CHUNKS[2]; | |
69 | if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_kid'] = $PATH_CHUNKS[3]; | |
70 | break; | |
71 | case 'id': | |
72 | if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_id'] = $PATH_CHUNKS[2]; | |
73 | if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_id'] = $PATH_CHUNKS[3]; | |
692f2b82 H |
74 | |
75 | //Base36 fascism redirect | |
93748c08 | 76 | if($_GET['template_id'] == 'download') break; //Fix ugly download hack... |
692f2b82 H |
77 | if(!count($_POST)) { |
78 | header('Location: /k/'.base_convert($_GET['node_id'], 10, 36). | |
79 | (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'') | |
80 | ); | |
cae06914 | 81 | die("Base36 fascism...\n"); |
82 | // If you want to be a fascist | |
83 | // you have to die imediatelly... | |
692f2b82 H |
84 | } |
85 | ||
822594dc | 86 | break; |
20b73641 H |
87 | default: |
88 | if($PATH_CHUNKS[1] != '') $_GET['node_name'] = $PATH_CHUNKS[1]; | |
89 | if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['template_kid'] = $PATH_CHUNKS[2]; | |
90 | break; | |
822594dc H |
91 | } |
92 | } | |
15de3e32 H |
93 | if( |
94 | (!isset($_GET['node_kid']) || trim($_GET['node_kid']) == '') && | |
95 | (!isset($_GET['node_id']) || trim($_GET['node_id']) == '') | |
96 | ) $_GET['node_kid'] = 1; | |
822594dc | 97 | |
96a2b554 H |
98 | //Base36 http://en.wikipedia.org/wiki/Base_36 (Initial support only :-) |
99 | if(isset($_GET['node_kid'])) $_GET['node_id'] = base_convert($_GET['node_kid'], 36, 10); | |
100 | if(isset($_GET['template_kid'])) $_GET['template_id'] = base_convert($_GET['template_kid'], 36, 10); | |
101 | ||
2bcd35a6 | 102 | if (isset($_SERVER['HTTP_REFERER'])) { |
a81e2af2 | 103 | preg_match('/(k|id)\/([0-9]*)\//',$_SERVER['HTTP_REFERER'],$ref_match); |
2bcd35a6 | 104 | $referer_id=$ref_match[1]; |
105 | } | |
51ff3226 | 106 | |
107 | //connecting to database and creating universal $db object | |
1675d71f | 108 | //require_once(INCLUDE_DIR.'senate.inc'); // in config already |
cb5cd120 H |
109 | require_once(INCLUDE_DIR.'log.inc'); |
110 | require_once(INCLUDE_DIR.'ubik.inc'); | |
111 | require_once(INCLUDE_DIR.'nodes.inc'); | |
112 | require_once(INCLUDE_DIR.'error_messages.inc'); | |
113 | require_once(INCLUDE_DIR.'database.inc'); | |
114 | require_once(INCLUDE_DIR.'transports.inc'); | |
51ff3226 | 115 | |
e23557a6 | 116 | $db = new CLASS_DATABASE(); |
51ff3226 | 117 | |
118 | if (!empty($_GET['template_id'])) { | |
119 | $template_id=$_GET['template_id']; | |
5b9c0808 | 120 | } else { |
121 | $template_id=false; | |
51ff3226 | 122 | } |
51ff3226 | 123 | |
124 | //initializing node methods | |
125 | if (!empty($_GET['node_name'])) { | |
51ff3226 | 126 | $node = nodes::redirByName($_GET['node_name']); |
5b9c0808 | 127 | } elseif (!empty($_GET['node_id'])) { |
128 | $node = nodes::getNodeById($_GET['node_id'], | |
129 | (isset($_SESSION['user_id']))?$_SESSION['user_id']:''); | |
51ff3226 | 130 | } |
131 | ||
065440d5 | 132 | //XXX Paths are wrong (!) |
51ff3226 | 133 | //loading smarty template engine and setting main parameters |
134 | require(SMARTY_DIR.'Smarty.class.php'); | |
135 | $smarty = new Smarty; | |
6a967e24 | 136 | require(INCLUDE_DIR.'smarty/resource.kyberia.php'); |
00be2b5c | 137 | $smarty->default_resource_type=$smarty_resource; |
51ff3226 | 138 | |
065440d5 | 139 | //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX |
39244cfc | 140 | $smarty->template_dir = TEMPLATE_DIR; |
51ff3226 | 141 | //echo TEMPLATE_DIR.TEMPLATE_SET; |
142 | //echo $smarty->template_dir; | |
a81e2af2 | 143 | $smarty->compile_dir = SYSTEM_DATA.'templates_c/'; |
175043f4 | 144 | $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje |
51ff3226 | 145 | $smarty->cache_dir = SMARTY_DIR.'cache/'; |
146 | $smarty->plugins_dir = SMARTY_PLUGIN_DIR ; | |
147 | if ($_SESSION['debugging']) $smarty->debugging=true; | |
148 | ||
9850bdc4 | 149 | // initializing variables |
150 | // preg_replace prevents LFI | |
65c78def | 151 | if (empty($_POST['event'])) $event='display'; |
9850bdc4 | 152 | else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']); |
51ff3226 | 153 | |
154 | ||
155 | if ($_SESSION['debugging']) { | |
156 | echo "<pre><b>NODE::"; | |
157 | print_r($node); | |
158 | echo "</pre>"; | |
159 | } | |
160 | ||
12425f11 | 161 | if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) { |
006bd683 | 162 | $node['node_permission']='owner'; |
163 | } | |
51ff3226 | 164 | |
006bd683 | 165 | if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) { |
51ff3226 | 166 | if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) { |
167 | echo "node::".$node['node_vector']; | |
168 | echo "cube_Vector::".$_SESSION['cube_vector']; | |
169 | echo "you are out of allowed cwbe. access forbidden"; | |
170 | die(); | |
171 | } | |
172 | } | |
173 | ||
174 | //if not existent node show our own 404 | |
175 | if (empty($node)) { | |
176 | $nodes= nodes::getNodesByName($_GET['node_name']); | |
177 | if ($nodes) { | |
178 | $smarty->assign('nodes',$nodes); | |
00be2b5c | 179 | $content=$smarty->display('404.tpl'); |
51ff3226 | 180 | die(); |
181 | } | |
182 | elseif ($_SESSION['user_id']) { | |
183 | $smarty->assign('node_name',$_GET['node_name']); | |
184 | $content=$smarty->display("modules/addnode.tpl"); | |
185 | } | |
186 | } | |
187 | ||
006bd683 | 188 | //modifying node glass pearl //XXX WTF |
09f0f2fa | 189 | //if (is_array($children_types[$node['node_type']])) { |
190 | // $smarty->assign('children_types',$children_types[$node['node_type']]); | |
191 | //} | |
192 | ||
ac6dff25 | 193 | //smarty->assign('types',$types); |
51ff3226 | 194 | //$node['node_type']=$types[$node['node_type']]; |
570ab4b6 H |
195 | |
196 | @include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz... | |
51ff3226 | 197 | |
198 | //checking permissions | |
199 | function _checkPermissions() | |
200 | { | |
201 | global $permissions, $node; | |
e909f81b | 202 | require(INCLUDE_DIR.'permissions.inc'); |
51ff3226 | 203 | $permissions=permissions::checkPermissions($node); |
204 | $permissions['h']=permissions::isHierarch($node); | |
205 | } | |
51ff3226 | 206 | _checkPermissions(); |
207 | ||
570ab4b6 | 208 | //entering the node (executing the eventz) |
51ff3226 | 209 | if (($permissions['r']) || ($event != 'register')) { |
5b9c0808 | 210 | //performing node_events (based on update/insert/delete db queries) |
211 | if ($event) { | |
212 | require(INCLUDE_DIR.'eventz.inc'); | |
213 | } | |
51ff3226 | 214 | } |
215 | ||
570ab4b6 | 216 | if (isset($_POST['FORCE_OB'])) ob_end_flush(); //output buffering forcing (mx) |
51ff3226 | 217 | |
218 | ?> |