X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;ds=sidebyside;f=wwwroot%2Finc%2Feventz%2Fdisplay.inc;h=7a7cfc76e98eb6204e9a4b338b1436382996c86e;hb=387da281967a2415804f59c471d5c871baa61e83;hp=8b4a883957cc667348a93ff4aa3080279cd864d5;hpb=d068d94b5e62de2f80164fd8062adce6e0ad93ae;p=mirrors%2FKyberia-bloodline.git diff --git a/wwwroot/inc/eventz/display.inc b/wwwroot/inc/eventz/display.inc index 8b4a883..7a7cfc7 100644 --- a/wwwroot/inc/eventz/display.inc +++ b/wwwroot/inc/eventz/display.inc @@ -3,9 +3,10 @@ function display() { global $node,$db,$error,$referer_id,$smarty,$permissions,$template_id; global $timer_start; if (!$referer_id) $referer_id=1; + $content=''; $node_id=$node['node_id']; - $user_id=$_SESSION['user_id']; + $user_id=(empty($_SESSION['user_id'])) ? "" : $_SESSION['user_id']; if ($permissions['r']) { @@ -94,28 +95,16 @@ if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) { $smarty->assign('k_wallet',$k_wallet); $user_id=$_SESSION['user_id']; - //mail node - if ($node['node_name']=='mail') { + //mail node //OMG remove constant + if ($node['node_id']==MAIL_NODE) { //clear new mail message - - if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'"); - - //set messages as delivered to recipient - $set=$db->query("select mail_id,mail_duplicate_id from mail where mail_user='$user_id' and mail_to='$user_id' and mail_read='no'"); - while($set->next()) { - $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_duplicate_id')."'"); - $db->query("update mail set mail_read='yes' where mail_id='".$set->getString('mail_id')."'"); - - $new_messages[$set->getString('mail_id')]=true; + if ($new_mail) { + //set messages as delivered + $db->query("update users set user_mail=0 where user_id='$user_id'"); + $db->query("update mail set mail_read='yes' where mail_to='$user_id' and mail_read='no'"); } -/* - if (count($new_messages)) { - $db->query("update mail set mail_read='yes' where mail_user='$user_id' and mail_user=mail_to and mail_read='no'"); - $smarty->assign('new_messages',$new_messages); - } -*/ } } @@ -149,28 +138,28 @@ else { // XXX into function -if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){ +if (isset($_SESSION['user_id'])){ //setting user location -$q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'"; -$db->query($q); + $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'"; + $db->query($q); } $whole_time=SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); $smarty->assign('whole_time',$whole_time); -if ($template_id=='download' OR $template_id=='download.jpg') { +if ($template_id=='data') { if ($permissions['r']) { - $linkname = SYSTEM_ROOT."/files/".$node['node_id']; - $filename= readlink($linkname); - $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename); - - $ext = substr( $filename,-3 ); - if( $filename == "" ) { - echo "ERROR: Empty file to download. "; - exit; - } elseif ( ! file_exists( $filename ) ) { - exit; + $linkname = FILE_DIR."/".$node['node_id']; + $filename= readlink($linkname); + $suffix=preg_replace("/(.*?)\.(.*?)/i","$2",$filename); + + $ext = substr( $filename,-3 ); + if( $filename == "" ) { + echo "ERROR: Empty file to download. "; + exit; + } elseif ( ! file_exists( $filename ) ) { + exit; }; switch( strtolower($ext) ){ case "pdf": $ctype="application/pdf"; break; @@ -202,16 +191,12 @@ if ($template_id=='download' OR $template_id=='download.jpg') { readfile("$filename"); exit(); } - else { echo "you don't have permissions for downloading this data"; die(); } + else { + echo "you don't have permissions for downloading this data"; + die(); + } } -if ($node['template_id']=='2019721'){ -Header("Cache-control: max-age=3600"); -}else{ -Header("Cache-control: no-cache"); -Header("Expires:".gmdate("D, d M Y H:i:s")." GMT"); -header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); -} //for cases like search & preview @@ -226,13 +211,13 @@ if (!empty($_POST['template_event'])) { $descendant_count=$node['node_descendant_count']; if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { - $listing_amount=mysql_real_escape_string($_POST['listing_amount']); + $listing_amount=db_escape_string($_POST['listing_amount']); }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount']; else $listing_amount=DEFAULT_LISTING_AMOUNT; $smarty->assign('listing_amount',$listing_amount); if (isset($_POST['listing_order']) && $_POST['listing_order']) { - $listing_order=mysql_real_escape_string($_POST['listing_order']); + $listing_order=db_escape_string($_POST['listing_order']); } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order']; else $listing_order=DEFAULT_LISTING_ORDER; $smarty->assign('listing_order',$listing_order); @@ -265,7 +250,6 @@ if (!empty($_POST['template_event'])) { $_POST['offset']=$offset; // XXX sqli? $smarty->assign('offset',$offset); - if ($node['external_link']=='header://svg' && !is_numeric($template_id)) { header("Content-Type: image/svg+xml"); }