GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob
? search:


22ec5fc1dbe0da8e42de021ce7f53e2c9665df51
[mirrors/Kyberia-bloodline.git] / wwwroot / nodes.php
1 <?php
2 // output buffering forcing (mx)
3 if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();
4
5 //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
6 //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
7 //exit;
8 error_reporting(1);
9 $_SESSION['debugging']=1;
10 //exit;
11
12 //starting timer for benchmarking purposes
13 $timer_start=Time()+SubStr(MicroTime(),0,8);
14
15 //setting PHPSESSID cookie and starting user session
16 session_start();
17
18
19 if ($_SESSION['debugging']) {
20
21 error_reporting(E_ALL);
22 echo "GET VARIABLES::<br/>";
23 print_r($_GET);
24 echo "POST VARIABLES::<br/>";
25 print_r($_POST);
26 echo "<b>SESSION VARIABLES::</b><br/>";
27 print_r($_SESSION);
28 }
29
30 //requiring main config file with path/database etc. constants
31 require('config/config.inc');
32 require(INCLUDE_DIR.'senate.inc');
33
34 preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
35 $referer_id=$ref_match[1];
36
37 //connecting to database and creating universal $db object
38 require(INCLUDE_DIR.'log.inc');
39 require(INCLUDE_DIR.'ubik.inc');
40 require(INCLUDE_DIR.'nodes.inc');
41 require(INCLUDE_DIR.'error_messages.inc');
42 require(INCLUDE_DIR.'database.inc');
43
44 $db = new CLASS_DATABASE();
45 //$logger = new logger; //XXX
46
47 if (!empty($_GET['template_id'])) {
48 $template_id=$_GET['template_id'];
49 }
50 else $template_id=false;
51
52 //initializing node methods
53 if (!empty($_GET['node_name'])) {
54 $node = nodes::redirByName($_GET['node_name']);
55 }
56 elseif (!empty($_GET['node_id'])) {
57 $node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']);
58 }
59
60 //XXX Paths are wrong (!)
61 //loading smarty template engine and setting main parameters
62 require(SMARTY_DIR.'Smarty.class.php');
63 $smarty = new Smarty;
64
65 //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
66 $smarty->template_dir = TEMPLATE_DIR;
67 //echo TEMPLATE_DIR.TEMPLATE_SET;
68 //echo $smarty->template_dir;
69 $smarty->compile_dir = SYSTEM_DATA."templates_c/";
70 $smarty->config_dir = SMARTY_DIR.'configs/'; #XXX neexistuje
71 $smarty->cache_dir = SMARTY_DIR.'cache/';
72 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
73 if ($_SESSION['debugging']) $smarty->debugging=true;
74
75 // initializing variables
76 // preg_replace prevents LFI
77 if (empty($_POST['event'])) $event=false;
78 else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
79
80
81 if ($_SESSION['debugging']) {
82 echo "<pre><b>NODE::";
83 print_r($node);
84 echo "</pre>";
85 }
86
87 if ($node['node_creator']==$_SESSION['user_id']) $node['node_permission']='owner';
88
89 if ($_SESSION['cube_vector']) {
90 if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
91 echo "node::".$node['node_vector'];
92 echo "cube_Vector::".$_SESSION['cube_vector'];
93 echo "you are out of allowed cwbe. access forbidden";
94 die();
95 }
96 }
97
98 //if not existent node show our own 404
99 if (empty($node)) {
100 $nodes= nodes::getNodesByName($_GET['node_name']);
101 if ($nodes) {
102 $smarty->assign('nodes',$nodes);
103 $content=$smarty->display("404.tpl");
104 die();
105 }
106 elseif ($_SESSION['user_id']) {
107 $smarty->assign('node_name',$_GET['node_name']);
108 $content=$smarty->display("modules/addnode.tpl");
109 }
110 }
111
112 //modifying node glass pearl
113 if (is_array($children_types[$node['node_type']])) $smarty->assign('children_types',$children_types[$node['node_type']]);
114 $smarty->assign('types',$types);
115
116
117 //$node['node_type']=$types[$node['node_type']];
118 $node['node_content']=StripSlashes($node['node_content']);
119 $node['node_name']=StripSlashes($node['node_name']);
120
121 //checking permissions
122 function _checkPermissions()
123 {
124 global $permissions, $node;
125
126 require(INCLUDE_DIR.'permissions.inc');
127 $permissions=permissions::checkPermissions($node);
128 $permissions['h']=permissions::isHierarch($node);
129 }
130
131 // mail rss
132 if ($template_id=='rss')
133 {
134 $_feedType = "RSS0.91";
135 if (!is_numeric($_SESSION['user_id']))
136 {
137 if (!isset($_SERVER['PHP_AUTH_USER'])) {
138 header('WWW-Authenticate: Basic realm="Kyberia"');
139 header('HTTP/1.0 401 Unauthorized');
140 echo 'Cancel button';
141 exit;
142 }
143 else
144 {
145 require_once(EVENT_DIR.'/login.inc');
146 $_POST['login'] = $_SERVER['PHP_AUTH_USER'];
147 $_POST['password'] = $_SERVER['PHP_AUTH_PW'];
148 $_POST['login_type'] = "name";
149 if (!login())
150 {
151 echo "Zle meno/heslo.";
152 exit();
153 }
154 }
155 }
156
157 _checkPermissions();
158
159 // Mail
160 if ($_GET['node_id']==='24' && $permissions['r'])
161 {
162 require_once(INCLUDE_DIR.'/feedcreator.class.php');
163
164 $rss = new UniversalFeedCreator();
165 $rss->title = "Kyberia mail";
166 $rss->description = "";
167 $rss->link = "https://". SYSTEM_URL . "/id/24";
168
169 $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas,
170 userfrom.user_action as locationfrom_action,
171 userfrom.user_action_id as locationfrom_action_id,
172 userto.user_action as locationto_action,
173 userto.user_action_id as locationto_action_id,
174 userto.login as mail_to_name, userfrom.login as mail_from_name,
175 mail.* from mail left join users as userfrom on
176 mail_from=userfrom.user_id left join users as userto on mail_to=userto.user_id
177 where mail_user='$_SESSION[user_id]' and mail_to='$_SESSION[user_id]' order by mail_id desc limit 0,10";
178
179 $set = $db->query($query);
180
181 while($set->next()) {
182 $m = $set->getRecord();
183 if ($m['mail_to'] != $_SESSION['user_id'])
184 continue;
185 $item = new FeedItem();
186 $item->title = $m['mail_from_name'];
187 $item->link = "https://".SYSTEM_URL."/id/24";
188 $item->description = $m['mail_text'];
189 $rss->addItem($item);
190 }
191 }
192 // bookmarks
193 elseif ($_GET['node_id']=='19' && $permissions['r'])
194 {
195 require_once(INCLUDE_DIR.'/feedcreator.class.php');
196
197 $rss = new UniversalFeedCreator();
198 $rss->title = "Kyberia bookmarks";
199 $rss->link = "http://".SYSTEM_URL."/id/19";
200
201 require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php');
202 smarty_function_get_bookmarks(array(), $smarty);
203 $_items = $smarty->get_template_vars('get_bookmarks');
204 foreach ($_items as $_item)
205 {
206 if (is_array($_item['children']))
207 foreach ($_item['children'] as $_b)
208 {
209 $item = new FeedItem();
210 $item->title = $_b['node_name'];
211 $item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss";
212 $rss->addItem($item);
213 }
214 }
215 $_feedType = 'OPML';
216 }
217 elseif ($permissions['r'])
218 {
219 require_once(INCLUDE_DIR.'/feedcreator.class.php');
220
221 $rss = new UniversalFeedCreator();
222 $rss->title = $node['node_name'];
223 $rss->description = "";
224 $rss->link = "http://".SYSTEM_URL."/id/".$node['node_id'];
225
226 // K list
227 if ($_GET['node_id']=='15')
228 {
229 require_once(SMARTY_PLUGIN_DIR.'/function.get_k.php');
230 smarty_function_get_k(array(), $smarty);
231 $_items = $smarty->get_template_vars('get_k');
232 }
233 else
234 {
235 require_once(SMARTY_PLUGIN_DIR.'/function.get_children.php');
236 smarty_function_get_children(
237 array('orderby' => 'desc', 'orderby_type' => 'time'), $smarty);
238 $_items = $smarty->get_template_vars('get_children');
239 }
240
241 foreach ($_items as $_item)
242 {
243 $item = new FeedItem();
244 $item->title = $_item['node_name'];
245 $item->link = "http://".SYSTEM_URL."/id/".$_item['node_id'];
246 $item->description = $_item['node_content'];
247 $rss->addItem($item);
248 }
249 }
250
251 if ($permissions['r']) $rss->showFeed($_feedType);
252 exit();
253 }
254
255 _checkPermissions();
256
257 //entering the node
258
259 //sventest
260 if (($permissions['r']) || ($event != 'register')) {
261
262 //performing node_events (based on update/insert/delete db queries)
263 if ($event) {
264 require(INCLUDE_DIR.'eventz.inc');
265 }
266
267 elseif ($transaction) {
268 require(INCLUDE_DIR.'transaction.inc');
269 }
270 //end of performing node events
271
272 //sventest
273 }
274
275
276 if ($permissions['r']) {
277
278 //these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes
279 if ($_SESSION['user_id']) {
280 $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
281 $db->update($q);
282 }
283
284 //if node is css
285 if ($node['template_id']!='2019721'){
286
287 logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
288 if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) {
289 $q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
290 // echo $q;
291 $result=$db->update($q);
292
293 if (!$result) {
294 $q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()";
295 $db->query($q);
296 }
297 }//end of if node os css
298 }
299
300
301 }
302 // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
303 //creating neural network
304 $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
305 if (is_numeric($referer_id)) {
306 $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
307 $result=$db->update($q);
308 if (!$result) {
309 $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
310 $db->query($q);
311 }
312 }
313
314
315 elseif (!$permissions['r'] && $_GET['magic_word']) {
316 $magic_word_big=$_GET['magic_word'];
317
318 if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) {
319 $magic_uid=$mu['1'];
320 $magic_word=addslashes($mu['2']);
321 $q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'";
322 $set=$db->query($q);
323 if ($set->getNumRows()) {
324 $permissions['r']=true;
325 }
326 }
327 }
328
329
330
331
332
333 else {
334 logger::log('enter',$node['node_id'],'failed');
335 }
336
337
338
339 //assigning user data to smarty if user logged in
340 if ($user_id=$_SESSION['user_id']) {
341 $smarty->assign('_POST',$_POST);
342 $smarty->assign('bookmarks',$_SESSION['bookmarks']);
343 $smarty->assign('ignore',$_SESSION['ignore']);
344 $smarty->assign('bookstyl',$_SESSION['bookstyl']);
345 $smarty->assign('fook',$_SESSION['fook']);
346 $smarty->assign('user_id',$_SESSION['user_id']);
347 if (!empty($_SESSION['cube_vector']))
348 $smarty->assign('cube_vector',$_SESSION['cube_vector']);
349 $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
350 $smarty->assign('user_quota',$_SESSION['user_quota']);
351
352 $newmail_q = sprintf('select u.user_mail_id
353 , u.user_k
354 , u.k_wallet
355 , u.user_mail
356 , ms.user_id as mail_sender_id
357 , ms.login as mail_sender
358 from users u
359 left join users ms on ms.user_id = u.user_mail_id
360 where u.user_id = %d',
361 $user_id);
362 $newmailset = $db->query($newmail_q);
363
364 # $newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
365
366 $newmailset->next();
367 $new_mail=$newmailset->getString('user_mail');
368 $newmailset2 = $db->query("select users.user_mail_id,mailsender.login
369 from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
370 $newmailset2->next();
371 $smarty->assign('new_mail',$new_mail);
372 $smarty->assign('new_mail_name',$newmailset->getString('mail_sender'));
373 $smarty->assign('new_mail_name2',$newmailset2->getString('login'));
374 $user_k=$newmailset->getString('user_k');
375 $smarty->assign('user_k',$user_k);
376 $k_wallet=$newmailset->getString('k_wallet');
377 $smarty->assign('k_wallet',$k_wallet);
378 $user_id=$_SESSION['user_id'];
379
380 //mail node
381 if ($node['node_name']=='mail') {
382
383 //clear new mail message
384 if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'");
385
386 //set messages as delivered to recipient
387 $set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'");
388 while($set->next()) {
389 $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'");
390 $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'");
391
392 $new_messages[$set->getString('mail_id')]=true;
393 }
394 /*
395 if (count($new_messages)) {
396 $db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'");
397 $smarty->assign('new_messages',$new_messages);
398
399 }
400 */
401 }
402 }
403
404
405
406 if ($node['node_system_access']=='crypto') {
407 $smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]);
408 }
409
410 $smarty->assign('error',$error);
411 $smarty->assign('permissions',$permissions);
412 $smarty->assign('current_vector',$node['node_vector']);
413 if ($permissions['r']) $smarty->assign('node',$node);
414 else {
415
416 $smarty->assign('node',$node);
417 //new templates by Dark matter
418 $smarty->template_dir=OWN_TEMPLATE_DIR;
419
420 $smarty->display('1549864.tpl');
421 $smarty->display('1549885.tpl');
422 $smarty->display('630526.tpl');
423 die();
424
425 //redirect to mainpage
426 // looks like poeple totaly hate this redirect!
427 // header("Location: /id/1");
428 }
429
430
431 if ($node['template_id']!='2019721'){
432 //setting user location
433 $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
434 $db->executequery($q);
435 }
436
437 $whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
438 $smarty->assign('whole_time',$whole_time);
439
440
441 if ($template_id=='download' OR $template_id=='download.jpg') {
442 if ($permissions['r']) {
443 $linkname = SYSTEM_ROOT."/files/".$node['node_id'];
444 $filename= readlink($linkname);
445 $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename);
446
447 $ext = substr( $filename,-3 );
448 if( $filename == "" ) {
449 echo "ERROR: Empty file to download. ";
450 exit;
451 } elseif ( ! file_exists( $filename ) ) {
452 exit;
453 };
454 switch( strtolower($ext) ){
455 case "pdf": $ctype="application/pdf"; break;
456 case "exe": $ctype="application/octet-stream"; break;
457 case "zip": $ctype="application/zip"; break;
458 case "doc": $ctype="application/msword"; break;
459 case "xls": $ctype="application/vnd.ms-excel"; break;
460 case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
461 case "gif": $ctype="image/gif"; break;
462 case "png": $ctype="image/png"; break;
463 case "jpg": $ctype="image/jpg"; break;
464 default: $ctype="application/force-download";
465 }
466 $file=str_replace(" ","_",$node['node_name']).".$ext";
467 header("Pragma: public");
468 header("Expires: 0");
469 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
470 header("Content-Type: $ctype");
471 $user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]);
472 if ((is_integer (strpos($user_agent, "msie"))) && (is_integer
473 (strpos($user_agent, "win")))) {
474 header( "Content-Disposition: filename=$file;" );
475 } else {
476 header( "Content-Disposition: attachment;
477 filename=$file;" );
478 }
479 header("Content-Transfer-Encoding: binary");
480 header("Content-Length: ".filesize($filename));
481 readfile("$filename");
482 exit();
483 }
484 else { echo "you don't have permissions for downloading this data"; die(); }
485 }
486
487 if ($node['template_id']=='2019721'){
488 Header("Cache-control: max-age=3600");
489 }else{
490 Header("Cache-control: no-cache");
491 Header("Expires:".gmdate("D, d M Y H:i:s")." GMT");
492 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
493 }
494
495
496 //for cases like search & preview
497 $smarty->assign('post_vars',$_POST);
498 if (!empty($_POST['template_event'])) {
499 $smarty->assign('template_event',$_POST['template_event']);
500
501 }
502
503 //setting listing parameters
504 $children_count=$node['node_children_count'];
505 $descendant_count=$node['node_descendant_count'];
506
507 if (is_numeric($_POST['listing_amount'])) $listing_amount=$_POST['listing_amount'];
508 elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
509 else $listing_amount=DEFAULT_LISTING_AMOUNT;
510 $smarty->assign('listing_amount',$listing_amount);
511
512 if ($_POST['listing_order']) $listing_order=$_POST['listing_order'];
513 elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
514 else $listing_order=DEFAULT_LISTING_ORDER;
515 $smarty->assign('listing_order',$listing_order);
516
517 if (is_numeric($_POST['get_children_offset'])) $offset=$_POST['get_children_offset'];
518 else $offset=0;
519
520
521 //movement forward and backward
522 // if ($listing_order=='asc' && !$offset) $offset=$descendant_count-$listing_amount;
523
524 if ($_POST['get_children_move']=='<') {
525 $offset=$offset-$listing_amount;
526 if ($offset<0) $offset=0;
527 }
528 elseif ($_POST['get_children_move']=='>') {
529 $offset=$offset+$listing_amount;
530 }
531 elseif ($_POST['get_children_move']=='>>') {
532 $offset=$descendant_count-$listing_amount;
533 }
534
535 elseif ($_POST['get_children_move']=='<<') {
536 $offset=0;
537 }
538 if ($offset<0) $offset=0;
539 $_POST['offset']=$offset;
540 $smarty->assign('offset',$offset);
541
542
543 if ($node['external_link']=='header://svg' && !is_numeric($template_id)) {
544 header("Content-Type: image/svg+xml");
545 }
546
547 //show own header
548 elseif ($_SESSION['header_id']==true) {
549 $smarty->assign('header_id',$_SESSION['header_id']);
550 $smarty->template_dir=OWN_TEMPLATE_DIR;
551 $content=$smarty->fetch($_SESSION['header_id'].".tpl");
552 $smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET;
553 //not registered user
554 if ($_SESSION['header_id']==2091520) {
555 echo $content;
556 session_destroy();
557 die();
558 }
559 }
560
561 $smarty->template_dir=OWN_TEMPLATE_DIR;
562
563 if (is_numeric($template_id)) {
564 $content.=$smarty->fetch($template_id.".tpl");
565 }
566
567 else {
568 $template_id=$node['template_id'];
569 $content.=$smarty->fetch($node['template_id'].".tpl");
570 }
571
572 if ($template_id=='2019721'){
573 $content=$smarty->fetch($template_id.".tpl");
574 echo $content;
575 }else{
576 $time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
577 echo $content;
578 // echo "<center>page generation took: $time second</center>";
579 }
580 //end of displaying
581
582 // output buffering forcing (mx)
583 if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_end_flush();
584
585 ?>
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Wed, 29 May 2024 12:20:09 +0200)
This page took 0.929329 seconds and 3 git commands to generate.