GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob
? search:


5da40699896fcf9320aba1ff09bf213e8aa80bb5
[mirrors/Kyberia-bloodline.git] / wwwroot / nodes.php
1 <?php
2 // output buffering forcing (mx)
3 if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();
4
5 //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
6 //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
7 //exit;
8
9 //starting timer for benchmarking purposes
10 $timer_start=Time()+SubStr(MicroTime(),0,8);
11
12 //setting PHPSESSID cookie and starting user session
13 session_start();
14
15 error_reporting(1);
16 //$_SESSION['debugging']=1;
17 //exit;
18
19
20 if ($_SESSION['debugging']) {
21
22 error_reporting(E_ALL);
23 echo "GET VARIABLES::<br/>";
24 print_r($_GET);
25 echo "POST VARIABLES::<br/>";
26 print_r($_POST);
27 echo "<b>SESSION VARIABLES::</b><br/>";
28 print_r($_SESSION);
29 }
30
31 //Base36 http://en.wikipedia.org/wiki/Base_36 (Initial support only :-)
32 if(isset($_GET['node_kid'])) $_GET['node_id'] = base_convert($_GET['node_kid'], 36, 10);
33 if(isset($_GET['template_kid'])) $_GET['template_id'] = base_convert($_GET['template_kid'], 36, 10);
34
35 //requiring main config file with path/database etc. constants
36 require('config/config.inc');
37 require(INCLUDE_DIR.'senate.inc');
38
39 if (isset($_SERVER['HTTP_REFERER'])) {
40 preg_match("/id\/([0-9]*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
41 $referer_id=$ref_match[1];
42 }
43
44 //connecting to database and creating universal $db object
45 require(INCLUDE_DIR.'log.inc');
46 require(INCLUDE_DIR.'ubik.inc');
47 require(INCLUDE_DIR.'nodes.inc');
48 require(INCLUDE_DIR.'error_messages.inc');
49 require(INCLUDE_DIR.'database.inc');
50
51 $db = new CLASS_DATABASE();
52
53 if (!empty($_GET['template_id'])) {
54 $template_id=$_GET['template_id'];
55 } else {
56 $template_id=false;
57 }
58
59 //initializing node methods
60 if (!empty($_GET['node_name'])) {
61 $node = nodes::redirByName($_GET['node_name']);
62 } elseif (!empty($_GET['node_id'])) {
63 $node = nodes::getNodeById($_GET['node_id'],
64 (isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
65 }
66
67 //XXX Paths are wrong (!)
68 //loading smarty template engine and setting main parameters
69 require(SMARTY_DIR.'Smarty.class.php');
70 $smarty = new Smarty;
71
72 //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
73 $smarty->template_dir = TEMPLATE_DIR;
74 //echo TEMPLATE_DIR.TEMPLATE_SET;
75 //echo $smarty->template_dir;
76 $smarty->compile_dir = SYSTEM_DATA."templates_c/";
77 $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
78 $smarty->cache_dir = SMARTY_DIR.'cache/';
79 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
80 if ($_SESSION['debugging']) $smarty->debugging=true;
81
82 // initializing variables
83 // preg_replace prevents LFI
84 if (empty($_POST['event'])) $event=false;
85 else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
86
87
88 if ($_SESSION['debugging']) {
89 echo "<pre><b>NODE::";
90 print_r($node);
91 echo "</pre>";
92 }
93
94 if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
95 $node['node_permission']='owner';
96 }
97
98 if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
99 if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
100 echo "node::".$node['node_vector'];
101 echo "cube_Vector::".$_SESSION['cube_vector'];
102 echo "you are out of allowed cwbe. access forbidden";
103 die();
104 }
105 }
106
107 //if not existent node show our own 404
108 if (empty($node)) {
109 $nodes= nodes::getNodesByName($_GET['node_name']);
110 if ($nodes) {
111 $smarty->assign('nodes',$nodes);
112 $content=$smarty->display("404.tpl");
113 die();
114 }
115 elseif ($_SESSION['user_id']) {
116 $smarty->assign('node_name',$_GET['node_name']);
117 $content=$smarty->display("modules/addnode.tpl");
118 }
119 }
120
121 //modifying node glass pearl //XXX WTF
122 if (is_array($children_types[$node['node_type']])) {
123 $smarty->assign('children_types',$children_types[$node['node_type']]);
124 }
125 $smarty->assign('types',$types);
126
127
128 //$node['node_type']=$types[$node['node_type']];
129 $node['node_content']= StripSlashes($node['node_content']);
130 $node['node_name']= StripSlashes($node['node_name']);
131
132 //checking permissions
133 function _checkPermissions()
134 {
135 global $permissions, $node;
136
137 require(INCLUDE_DIR.'permissions.inc');
138 $permissions=permissions::checkPermissions($node);
139 $permissions['h']=permissions::isHierarch($node);
140 }
141
142 // mail rss
143 if ($template_id=='rss') //XXX WHAT?
144 {
145 $_feedType = "RSS0.91";
146 if (!is_numeric($_SESSION['user_id']))
147 {
148 if (!isset($_SERVER['PHP_AUTH_USER'])) {
149 header('WWW-Authenticate: Basic realm="Kyberia"');
150 header('HTTP/1.0 401 Unauthorized');
151 echo 'Cancel button';
152 exit;
153 }
154 else
155 {
156 require_once(EVENT_DIR.'/login.inc');
157 $_POST['login'] = $_SERVER['PHP_AUTH_USER'];
158 $_POST['password'] = $_SERVER['PHP_AUTH_PW'];
159 $_POST['login_type'] = "name";
160 if (!login())
161 {
162 echo "Zle meno/heslo.";
163 exit();
164 }
165 }
166 }
167
168 _checkPermissions();
169
170 // Mail
171 if ($_GET['node_id']==='24' && $permissions['r'])
172 {
173 require_once(INCLUDE_DIR.'/feedcreator.class.php');
174
175 $rss = new UniversalFeedCreator();
176 $rss->title = "Kyberia mail";
177 $rss->description = "";
178 $rss->link = "https://". SYSTEM_URL . "/id/24";
179
180 //XXX into function
181 $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas,
182 userfrom.user_action as locationfrom_action,
183 userfrom.user_action_id as locationfrom_action_id,
184 userto.user_action as locationto_action,
185 userto.user_action_id as locationto_action_id,
186 userto.login as mail_to_name, userfrom.login as mail_from_name,
187 mail.* from mail left join users as userfrom on
188 mail_from=userfrom.user_id left join users as userto on mail_to=userto.user_id
189 where mail_user='$_SESSION[user_id]' and mail_to='$_SESSION[user_id]' order by mail_id desc limit 0,10";
190
191 $set = $db->query($query);
192
193 while($set->next()) {
194 $m = $set->getRecord();
195 if ($m['mail_to'] != $_SESSION['user_id'])
196 continue;
197 $item = new FeedItem();
198 $item->title = $m['mail_from_name'];
199 $item->link = "https://".SYSTEM_URL."/id/24";
200 $item->description = $m['mail_text'];
201 $rss->addItem($item);
202 }
203 }
204 // bookmarks
205 elseif ($_GET['node_id']=='19' && $permissions['r'])
206 {
207 require_once(INCLUDE_DIR.'/feedcreator.class.php');
208
209 $rss = new UniversalFeedCreator();
210 $rss->title = "Kyberia bookmarks";
211 $rss->link = "http://".SYSTEM_URL."/id/19"; //XXX https ?
212
213 require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php');
214 smarty_function_get_bookmarks(array(), $smarty);
215 $_items = $smarty->get_template_vars('get_bookmarks');
216 foreach ($_items as $_item)
217 {
218 if (is_array($_item['children']))
219 foreach ($_item['children'] as $_b)
220 {
221 $item = new FeedItem();
222 $item->title = $_b['node_name'];
223 $item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss";
224 $rss->addItem($item);
225 }
226 }
227 $_feedType = 'OPML';
228 }
229 elseif ($permissions['r'])
230 {
231 require_once(INCLUDE_DIR.'/feedcreator.class.php');
232
233 $rss = new UniversalFeedCreator();
234 $rss->title = $node['node_name'];
235 $rss->description = "";
236 $rss->link = "http://".SYSTEM_URL."/id/".$node['node_id'];
237
238 // K list
239 if ($_GET['node_id']=='15')
240 {
241 require_once(SMARTY_PLUGIN_DIR.'/function.get_k.php');
242 smarty_function_get_k(array(), $smarty);
243 $_items = $smarty->get_template_vars('get_k');
244 }
245 else
246 {
247 require_once(SMARTY_PLUGIN_DIR.'/function.get_children.php');
248 smarty_function_get_children(
249 array('orderby' => 'desc', 'orderby_type' => 'time'), $smarty);
250 $_items = $smarty->get_template_vars('get_children');
251 }
252
253 foreach ($_items as $_item)
254 {
255 $item = new FeedItem();
256 $item->title = $_item['node_name'];
257 $item->link = "http://".SYSTEM_URL."/id/".$_item['node_id'];
258 $item->description = $_item['node_content'];
259 $rss->addItem($item);
260 }
261 }
262
263 if ($permissions['r']) $rss->showFeed($_feedType);
264 exit();
265 }
266
267 _checkPermissions();
268
269 //entering the node
270
271 //sventest
272 if (($permissions['r']) || ($event != 'register')) {
273
274 //performing node_events (based on update/insert/delete db queries)
275 if ($event) {
276 require(INCLUDE_DIR.'eventz.inc');
277 }
278
279 elseif ($transaction) {
280 require(INCLUDE_DIR.'transaction.inc');
281 }
282 //end of performing node events
283
284 //sventest
285 }
286
287
288 if ($permissions['r']) {
289
290 // these 4 lines are not the source of kyberia lagging problems.
291 // leave them. started on the 10.4.
292 // data gained will be used for scientific purposes
293
294 // if (isset($_SESSION['user_id']) {
295 // log_levenshtein($_SESSION['user_id'],$node['node_id']);
296 // }
297
298 if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) {
299 $q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
300 $db->update($q);
301 }
302
303 //if node is css
304 //XXX into function
305 if ($node['template_id']!='2019721'){
306
307 logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
308 if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) {
309 $q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
310 // echo $q;
311 $result=$db->update($q);
312
313 if (!$result) {
314 $q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()";
315 $db->query($q);
316 }
317 }//end of if node os css
318 }
319
320 }
321
322 //XXX into function
323 // if (isset($_SESSION['user_id']) {
324 // if (isset($referer_id)) {
325 // update_nodes($_SESSION['user_id'],$node['node_id'],$referer_id);
326 // } else {
327 // update_nodes($_SESSION['user_id'],$node['node_id'],0);
328 // }
329 // }
330
331 // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
332 //creating neural network
333 $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
334 if (isset($referer_id) && is_numeric($referer_id)) {
335 $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
336 $result=$db->update($q);
337 if (!$result) {
338 $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
339 $db->query($q);
340 }
341 }
342
343
344 elseif (!$permissions['r'] && $_GET['magic_word']) {
345 $magic_word_big=$_GET['magic_word'];
346
347 if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) {
348 $magic_uid=$mu['1'];
349 $magic_word=addslashes($mu['2']);
350 // XXX WTF column magic_word does not exists
351 $q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'";
352 $set=$db->query($q);
353 if ($set->getNumRows()) {
354 $permissions['r']=true;
355 }
356 }
357 }
358
359
360
361
362
363 else {
364 logger::log('enter',$node['node_id'],'failed');
365 }
366
367
368
369 //assigning user data to smarty if user logged in
370 if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
371 $smarty->assign('_POST',$_POST);
372 $smarty->assign('bookmarks',$_SESSION['bookmarks']);
373 $smarty->assign('ignore',$_SESSION['ignore']);
374 $smarty->assign('bookstyl',$_SESSION['bookstyl']);
375 $smarty->assign('fook',$_SESSION['fook']);
376 $smarty->assign('user_id',$_SESSION['user_id']);
377 if (!empty($_SESSION['cube_vector']))
378 $smarty->assign('cube_vector',$_SESSION['cube_vector']);
379 $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
380 $smarty->assign('user_quota',$_SESSION['user_quota']);
381
382 // XXX into function
383 $newmail_q = sprintf('select u.user_mail_id
384 , u.user_k
385 , u.k_wallet
386 , u.user_mail
387 , ms.user_id as mail_sender_id
388 , ms.login as mail_sender
389 from users u
390 left join users ms on ms.user_id = u.user_mail_id
391 where u.user_id = %d',
392 $user_id);
393 $newmailset = $db->query($newmail_q);
394
395
396 $newmailset->next();
397 $new_mail=$newmailset->getString('user_mail');
398 // XXX into function
399 $newmailset2 = $db->query("select users.user_mail_id,mailsender.login
400 from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
401 $newmailset2->next();
402 $smarty->assign('new_mail',$new_mail);
403 $smarty->assign('new_mail_name',$newmailset->getString('mail_sender'));
404 $smarty->assign('new_mail_name2',$newmailset2->getString('login'));
405 $user_k=$newmailset->getString('user_k');
406 $smarty->assign('user_k',$user_k);
407 $k_wallet=$newmailset->getString('k_wallet');
408 $smarty->assign('k_wallet',$k_wallet);
409 $user_id=$_SESSION['user_id'];
410
411 //mail node
412 if ($node['node_name']=='mail') {
413
414 //clear new mail message
415
416 if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'");
417
418 //set messages as delivered to recipient
419 $set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'");
420 while($set->next()) {
421 $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'");
422 $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'");
423
424 $new_messages[$set->getString('mail_id')]=true;
425 }
426 /*
427 if (count($new_messages)) {
428 $db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'");
429 $smarty->assign('new_messages',$new_messages);
430
431 }
432 */
433 }
434 }
435
436
437
438 if ($node['node_system_access']=='crypto') {
439 $smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]);
440 }
441
442 $smarty->assign('error',$error);
443 $smarty->assign('permissions',$permissions);
444 $smarty->assign('current_vector',$node['node_vector']);
445 if ($permissions['r']) $smarty->assign('node',$node);
446 else {
447
448 $smarty->assign('node',$node);
449 //new templates by Dark matter
450 $smarty->template_dir=OWN_TEMPLATE_DIR;
451
452 $smarty->display('1549864.tpl');
453 $smarty->display('1549885.tpl');
454 $smarty->display('630526.tpl');
455 die();
456
457 //redirect to mainpage
458 // looks like poeple totaly hate this redirect!
459 // header("Location: /id/1");
460 }
461
462
463 // XXX into function
464 if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){
465 //setting user location
466 $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
467 $db->executequery($q);
468 }
469
470 $whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
471 $smarty->assign('whole_time',$whole_time);
472
473
474 if ($template_id=='download' OR $template_id=='download.jpg') {
475 if ($permissions['r']) {
476 $linkname = SYSTEM_ROOT."/files/".$node['node_id'];
477 $filename= readlink($linkname);
478 $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename);
479
480 $ext = substr( $filename,-3 );
481 if( $filename == "" ) {
482 echo "ERROR: Empty file to download. ";
483 exit;
484 } elseif ( ! file_exists( $filename ) ) {
485 exit;
486 };
487 switch( strtolower($ext) ){
488 case "pdf": $ctype="application/pdf"; break;
489 case "exe": $ctype="application/octet-stream"; break;
490 case "zip": $ctype="application/zip"; break;
491 case "doc": $ctype="application/msword"; break;
492 case "xls": $ctype="application/vnd.ms-excel"; break;
493 case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
494 case "gif": $ctype="image/gif"; break;
495 case "png": $ctype="image/png"; break;
496 case "jpg": $ctype="image/jpg"; break;
497 default: $ctype="application/force-download";
498 }
499 $file=str_replace(" ","_",$node['node_name']).".$ext";
500 header("Pragma: public");
501 header("Expires: 0");
502 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
503 header("Content-Type: $ctype");
504 $user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]);
505 if ((is_integer (strpos($user_agent, "msie"))) && (is_integer
506 (strpos($user_agent, "win")))) {
507 header( "Content-Disposition: filename=$file;" );
508 } else {
509 header( "Content-Disposition: attachment;
510 filename=$file;" );
511 }
512 header("Content-Transfer-Encoding: binary");
513 header("Content-Length: ".filesize($filename));
514 readfile("$filename");
515 exit();
516 }
517 else { echo "you don't have permissions for downloading this data"; die(); }
518 }
519
520 if ($node['template_id']=='2019721'){
521 Header("Cache-control: max-age=3600");
522 }else{
523 Header("Cache-control: no-cache");
524 Header("Expires:".gmdate("D, d M Y H:i:s")." GMT");
525 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
526 }
527
528
529 //for cases like search & preview
530 $smarty->assign('post_vars',$_POST);
531 if (!empty($_POST['template_event'])) {
532 $smarty->assign('template_event',$_POST['template_event']);
533
534 }
535
536 //setting listing parameters
537 $children_count=$node['node_children_count'];
538 $descendant_count=$node['node_descendant_count'];
539
540 if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) {
541 $listing_amount=mysql_real_escape_string($_POST['listing_amount']);
542 }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
543 else $listing_amount=DEFAULT_LISTING_AMOUNT;
544 $smarty->assign('listing_amount',$listing_amount);
545
546 if (isset($_POST['listing_order']) && $_POST['listing_order']) {
547 $listing_order=mysql_real_escape_string($_POST['listing_order']);
548 } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
549 else $listing_order=DEFAULT_LISTING_ORDER;
550 $smarty->assign('listing_order',$listing_order);
551
552 if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) {
553 $offset=$_POST['get_children_offset'];
554 } else { $offset=0; }
555
556
557 //movement forward and backward
558 // if ($listing_order=='asc' && !$offset) $offset=$descendant_count-$listing_amount;
559
560 if ($_POST['get_children_move']=='<') {
561 $offset=$offset-$listing_amount;
562 if ($offset<0) $offset=0;
563 }
564 elseif ($_POST['get_children_move']=='>') {
565 $offset=$offset+$listing_amount;
566 }
567 elseif ($_POST['get_children_move']=='>>') {
568 $offset=$descendant_count-$listing_amount;
569 }
570
571 elseif ($_POST['get_children_move']=='<<') {
572 $offset=0;
573 }
574 if ($offset<0) $offset=0;
575 $_POST['offset']=$offset;
576 $smarty->assign('offset',$offset);
577
578
579 if ($node['external_link']=='header://svg' && !is_numeric($template_id)) {
580 header("Content-Type: image/svg+xml");
581 }
582
583 //show own header
584 elseif (isset($_SESSION['header_id']) && ($_SESSION['header_id']==true)) {
585 $smarty->assign('header_id',$_SESSION['header_id']);
586 $smarty->template_dir=OWN_TEMPLATE_DIR;
587 $content=$smarty->fetch($_SESSION['header_id'].".tpl");
588 $smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET;
589 //not registered user
590 if ($_SESSION['header_id']==2091520) {
591 echo $content;
592 session_destroy();
593 die();
594 }
595 }
596
597 $smarty->template_dir=OWN_TEMPLATE_DIR;
598
599 if (is_numeric($template_id)) {
600 $content.=$smarty->fetch($template_id.".tpl");
601 }
602
603 else {
604 $template_id=$node['template_id'];
605 $content.=$smarty->fetch($node['template_id'].".tpl");
606 }
607
608 if ($template_id=='2019721'){
609 $content=$smarty->fetch($template_id.".tpl");
610 echo $content;
611 }else{
612 $time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
613 echo $content;
614 // echo "<center>page generation took: $time second</center>";
615 }
616 //end of displaying
617
618 // output buffering forcing (mx)
619 if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_end_flush();
620
621 ?>
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Wed, 29 May 2024 07:30:10 +0200)
This page took 0.72823 seconds and 3 git commands to generate.