X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Fnodes.php;h=22ec5fc1dbe0da8e42de021ce7f53e2c9665df51;hb=33e10d4c5c188b6afdf78b1cb324277a1e61c4db;hp=88f1b3cc2b3b969b6f88746898f0e668ed093cd0;hpb=51ff32267c4949bad6a8dddc502cbc01ed56edc8;p=mirrors%2FKyberia-bloodline.git
diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php
index 88f1b3c..22ec5fc 100644
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -2,29 +2,13 @@
// output buffering forcing (mx)
if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();
-//header("Location: http://kyberia.sk");
-// just a little joke:-))) darkaural
-//header("Location: http://kenny.in-the-hell.org/albums/album22/HPIM1443.sized.jpg");
-//header("Location: http://zoznamka.azet.sk/inzeraty.phtml?&kat=8");
//header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
-//echo "este posledna pauza :)";
-//exit;
-//die("tak este nie ;o)
uplatky posielajte postovou poukazkou ;-p
prajem pekny den
stab
");
//echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
//exit;
-error_reporting(0);
-// echo "
prvy april presiel ale ja nechcem byt koderom azetu takze ring volny";
-//echo "ehm, roztiekla sa databaza, zachovajte paniku, snad sme o hodinku spat ;)
br";
-//echo "establishing artificial environment
healing database inconsistency.comeback today";
-//echo '
je mi luto, ale nachvilku to musim sundat ;). s pozdravom brrrrr ';
-//echo '
je mi luto, ale nachvilku to musim sundat ;). s pozdravom br ';
-//session_start();
-//if ($_GET['node_id'] != 2334 && $_SESSION['user_id'] != '2334' && $_SESSION['user_id'] != 2095638 && $_SESSION['user_id'] != 2088 && $_GET['node_id'] != 1478235) {
-//echo "
";
-//echo "snazime sa nieco spravit s rychlostou, stay tuned.
";
-//echo "PS: my sme to odpojili z vonka";
+error_reporting(1);
+$_SESSION['debugging']=1;
//exit;
-//}
+
//starting timer for benchmarking purposes
$timer_start=Time()+SubStr(MicroTime(),0,8);
@@ -45,19 +29,20 @@ if ($_SESSION['debugging']) {
//requiring main config file with path/database etc. constants
require('config/config.inc');
-require('inc/senate.inc');
+require(INCLUDE_DIR.'senate.inc');
preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
$referer_id=$ref_match[1];
//connecting to database and creating universal $db object
-require(SYSTEM_ROOT.'inc/log.inc');
-require(SYSTEM_ROOT.'inc/ubik.inc');
-require(SYSTEM_ROOT.'inc/nodes.inc');
-require(SYSTEM_ROOT.'inc/error_messages.inc');
-require(SYSTEM_ROOT.'inc/database.inc');
+require(INCLUDE_DIR.'log.inc');
+require(INCLUDE_DIR.'ubik.inc');
+require(INCLUDE_DIR.'nodes.inc');
+require(INCLUDE_DIR.'error_messages.inc');
+require(INCLUDE_DIR.'database.inc');
-$db=new CLASS_DATABASE();
+$db = new CLASS_DATABASE();
+//$logger = new logger; //XXX
if (!empty($_GET['template_id'])) {
$template_id=$_GET['template_id'];
@@ -66,46 +51,31 @@ else $template_id=false;
//initializing node methods
if (!empty($_GET['node_name'])) {
- //omfg what's this! jail , jail, penalty of death!
- // reopened by [CENSORED], keep this in secret, then you can benefit from it..
- if(strpos($_GET['node_name'],'0')===0) {
- $numbah=$_GET['node_name'];
- $db->query("set character_set_connection=latin2");
- $set=$db->query("select * from tz.gts where full_number='$numbah'");
- $set->next();
- echo $set->getString('full_name')."
";
- echo $set->getString('full_street')."
";
- echo $set->getString('city')."
";
- echo $set->getString('psc')."
";
- echo $set->getString('company')."
";
-
- die();
- }
-
- else $node = nodes::redirByName($_GET['node_name']);
- // END OF JAIL ;)
$node = nodes::redirByName($_GET['node_name']);
}
elseif (!empty($_GET['node_id'])) {
$node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']);
}
+//XXX Paths are wrong (!)
//loading smarty template engine and setting main parameters
require(SMARTY_DIR.'Smarty.class.php');
$smarty = new Smarty;
-$smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET;
+//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
+$smarty->template_dir = TEMPLATE_DIR;
//echo TEMPLATE_DIR.TEMPLATE_SET;
//echo $smarty->template_dir;
-$smarty->compile_dir = SYSTEM_ROOT."data/templates_c/".TEMPLATE_SET;
-$smarty->config_dir = SMARTY_DIR.'configs/';
+$smarty->compile_dir = SYSTEM_DATA."templates_c/";
+$smarty->config_dir = SMARTY_DIR.'configs/'; #XXX neexistuje
$smarty->cache_dir = SMARTY_DIR.'cache/';
$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
if ($_SESSION['debugging']) $smarty->debugging=true;
-//initializing variables
+// initializing variables
+// preg_replace prevents LFI
if (empty($_POST['event'])) $event=false;
-else $event=$_POST['event'];
+else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
if ($_SESSION['debugging']) {
@@ -153,7 +123,7 @@ function _checkPermissions()
{
global $permissions, $node;
- require(SYSTEM_ROOT.'inc/permissions.inc');
+ require(INCLUDE_DIR.'permissions.inc');
$permissions=permissions::checkPermissions($node);
$permissions['h']=permissions::isHierarch($node);
}
@@ -191,10 +161,10 @@ if ($template_id=='rss')
{
require_once(INCLUDE_DIR.'/feedcreator.class.php');
- $rss =& new UniversalFeedCreator();
+ $rss = new UniversalFeedCreator();
$rss->title = "Kyberia mail";
$rss->description = "";
- $rss->link = "https://kyberia.sk/id/24";
+ $rss->link = "https://". SYSTEM_URL . "/id/24";
$query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas,
userfrom.user_action as locationfrom_action,
@@ -212,9 +182,9 @@ if ($template_id=='rss')
$m = $set->getRecord();
if ($m['mail_to'] != $_SESSION['user_id'])
continue;
- $item =& new FeedItem();
+ $item = new FeedItem();
$item->title = $m['mail_from_name'];
- $item->link = "https://kyberia.sk/id/24";
+ $item->link = "https://".SYSTEM_URL."/id/24";
$item->description = $m['mail_text'];
$rss->addItem($item);
}
@@ -224,9 +194,9 @@ if ($template_id=='rss')
{
require_once(INCLUDE_DIR.'/feedcreator.class.php');
- $rss =& new UniversalFeedCreator();
+ $rss = new UniversalFeedCreator();
$rss->title = "Kyberia bookmarks";
- $rss->link = "http://kyberia.sk/id/19";
+ $rss->link = "http://".SYSTEM_URL."/id/19";
require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php');
smarty_function_get_bookmarks(array(), $smarty);
@@ -236,9 +206,9 @@ if ($template_id=='rss')
if (is_array($_item['children']))
foreach ($_item['children'] as $_b)
{
- $item =& new FeedItem();
+ $item = new FeedItem();
$item->title = $_b['node_name'];
- $item->link = "http://kyberia.sk/id/".$_b['node_id']."/rss";
+ $item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss";
$rss->addItem($item);
}
}
@@ -248,10 +218,10 @@ if ($template_id=='rss')
{
require_once(INCLUDE_DIR.'/feedcreator.class.php');
- $rss =& new UniversalFeedCreator();
+ $rss = new UniversalFeedCreator();
$rss->title = $node['node_name'];
$rss->description = "";
- $rss->link = "http://kyberia.sk/id/".$node['node_id'];
+ $rss->link = "http://".SYSTEM_URL."/id/".$node['node_id'];
// K list
if ($_GET['node_id']=='15')
@@ -270,9 +240,9 @@ if ($template_id=='rss')
foreach ($_items as $_item)
{
- $item =& new FeedItem();
+ $item = new FeedItem();
$item->title = $_item['node_name'];
- $item->link = "http://kyberia.sk/id/".$_item['node_id'];
+ $item->link = "http://".SYSTEM_URL."/id/".$_item['node_id'];
$item->description = $_item['node_content'];
$rss->addItem($item);
}
@@ -291,11 +261,11 @@ if (($permissions['r']) || ($event != 'register')) {
//performing node_events (based on update/insert/delete db queries)
if ($event) {
- require(SYSTEM_ROOT.'inc/eventz.inc');
+ require(INCLUDE_DIR.'eventz.inc');
}
elseif ($transaction) {
- require(SYSTEM_ROOT.'inc/transaction.inc');
+ require(INCLUDE_DIR.'transaction.inc');
}
//end of performing node events
@@ -314,7 +284,7 @@ if ($_SESSION['user_id']) {
//if node is css
if ($node['template_id']!='2019721'){
- log::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
+ logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) {
$q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
// echo $q;
@@ -361,7 +331,7 @@ elseif (!$permissions['r'] && $_GET['magic_word']) {
else {
- log::log('enter',$node['node_id'],'failed');
+ logger::log('enter',$node['node_id'],'failed');
}
@@ -374,17 +344,32 @@ if ($user_id=$_SESSION['user_id']) {
$smarty->assign('bookstyl',$_SESSION['bookstyl']);
$smarty->assign('fook',$_SESSION['fook']);
$smarty->assign('user_id',$_SESSION['user_id']);
- if (!empty($_SESSION['cube_vector'])) $smarty->assign('cube_vector',$_SESSION['cube_vector']);
+ if (!empty($_SESSION['cube_vector']))
+ $smarty->assign('cube_vector',$_SESSION['cube_vector']);
$smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
$smarty->assign('user_quota',$_SESSION['user_quota']);
- $newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
+
+ $newmail_q = sprintf('select u.user_mail_id
+ , u.user_k
+ , u.k_wallet
+ , u.user_mail
+ , ms.user_id as mail_sender_id
+ , ms.login as mail_sender
+ from users u
+ left join users ms on ms.user_id = u.user_mail_id
+ where u.user_id = %d',
+ $user_id);
+ $newmailset = $db->query($newmail_q);
+
+# $newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
+
$newmailset->next();
$new_mail=$newmailset->getString('user_mail');
$newmailset2 = $db->query("select users.user_mail_id,mailsender.login
from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
$newmailset2->next();
$smarty->assign('new_mail',$new_mail);
- $smarty->assign('new_mail_name',$newmailset->getString('user_mail_name'));
+ $smarty->assign('new_mail_name',$newmailset->getString('mail_sender'));
$smarty->assign('new_mail_name2',$newmailset2->getString('login'));
$user_k=$newmailset->getString('user_k');
$smarty->assign('user_k',$user_k);
@@ -422,11 +407,6 @@ if ($node['node_system_access']=='crypto') {
$smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]);
}
-//hlaska
-//$error .= "ocakavajte planovany vypadok okolo 6 hodiny
-//s pozdravom br .)";
-//$error .= "dnes od 22:00 zurka v subclube! ucast povinna!";
-
$smarty->assign('error',$error);
$smarty->assign('permissions',$permissions);
$smarty->assign('current_vector',$node['node_vector']);