X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Fnodes.php;h=a1e6456c3c5f89eaf78542503faaf1a26ce0ae34;hb=5586f4ec30ee38861b0a9135cdd88cf2b07e03c4;hp=8b3e1506ae110a40362c5cc156234cb92a0cfad7;hpb=1757f0605245ff7157155bff6491650f386eb3a5;p=mirrors%2FKyberia-bloodline.git diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php index 8b3e150..a1e6456 100644 --- a/wwwroot/nodes.php +++ b/wwwroot/nodes.php @@ -2,29 +2,13 @@ // output buffering forcing (mx) if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start(); -//header("Location: http://kyberia.sk"); -// just a little joke:-))) darkaural -//header("Location: http://kenny.in-the-hell.org/albums/album22/HPIM1443.sized.jpg"); -//header("Location: http://zoznamka.azet.sk/inzeraty.phtml?&kat=8"); //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk"); -//echo "este posledna pauza :)"; -//exit; -//die("tak este nie ;o)
uplatky posielajte postovou poukazkou ;-p
prajem pekny den
stab
"); //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)"; //exit; -error_reporting(0); -// echo "
prvy april presiel ale ja nechcem byt koderom azetu takze ring volny
"; -//echo "ehm, roztiekla sa databaza, zachovajte paniku, snad sme o hodinku spat ;)
br"; -//echo "establishing artificial environment

healing database inconsistency.comeback today
"; -//echo '

je mi luto, ale nachvilku to musim sundat ;). s pozdravom brrrrr
'; -//echo '

je mi luto, ale nachvilku to musim sundat ;). s pozdravom br
'; -//session_start(); -//if ($_GET['node_id'] != 2334 && $_SESSION['user_id'] != '2334' && $_SESSION['user_id'] != 2095638 && $_SESSION['user_id'] != 2088 && $_GET['node_id'] != 1478235) { -//echo "


"; -//echo "

snazime sa nieco spravit s rychlostou, stay tuned.


"; -//echo "PS: my sme to odpojili z vonka
"; +error_reporting(1); +$_SESSION['debugging']=1; //exit; -//} + //starting timer for benchmarking purposes $timer_start=Time()+SubStr(MicroTime(),0,8); @@ -44,7 +28,7 @@ if ($_SESSION['debugging']) { } //requiring main config file with path/database etc. constants -require('../config/config.inc'); +require('config/config.inc'); require(INCLUDE_DIR.'senate.inc'); preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match); @@ -57,7 +41,8 @@ require(INCLUDE_DIR.'nodes.inc'); require(INCLUDE_DIR.'error_messages.inc'); require(INCLUDE_DIR.'database.inc'); -$db=new CLASS_DATABASE(); +$db = new CLASS_DATABASE(); +//$logger = new logger; //XXX if (!empty($_GET['template_id'])) { $template_id=$_GET['template_id']; @@ -66,46 +51,31 @@ else $template_id=false; //initializing node methods if (!empty($_GET['node_name'])) { - //omfg what's this! jail , jail, penalty of death! - // reopened by [CENSORED], keep this in secret, then you can benefit from it.. - if(strpos($_GET['node_name'],'0')===0) { - $numbah=$_GET['node_name']; - $db->query("set character_set_connection=latin2"); - $set=$db->query("select * from tz.gts where full_number='$numbah'"); - $set->next(); - echo $set->getString('full_name')."
"; - echo $set->getString('full_street')."
"; - echo $set->getString('city')."
"; - echo $set->getString('psc')."
"; - echo $set->getString('company')."
"; - - die(); - } - - else $node = nodes::redirByName($_GET['node_name']); - // END OF JAIL ;) $node = nodes::redirByName($_GET['node_name']); } elseif (!empty($_GET['node_id'])) { $node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']); } +//XXX Paths are wrong (!) //loading smarty template engine and setting main parameters require(SMARTY_DIR.'Smarty.class.php'); $smarty = new Smarty; -$smarty->template_dir = TEMPLATE_DIR.TEMPLATE_SET; +//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX +$smarty->template_dir = TEMPLATE_DIR; //echo TEMPLATE_DIR.TEMPLATE_SET; //echo $smarty->template_dir; -$smarty->compile_dir = SYSTEM_ROOT."data/templates_c/".TEMPLATE_SET; -$smarty->config_dir = SMARTY_DIR.'configs/'; +$smarty->compile_dir = SYSTEM_DATA."templates_c/"; +$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje $smarty->cache_dir = SMARTY_DIR.'cache/'; $smarty->plugins_dir = SMARTY_PLUGIN_DIR ; if ($_SESSION['debugging']) $smarty->debugging=true; -//initializing variables +// initializing variables +// preg_replace prevents LFI if (empty($_POST['event'])) $event=false; -else $event=$_POST['event']; +else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']); if ($_SESSION['debugging']) { @@ -153,7 +123,7 @@ function _checkPermissions() { global $permissions, $node; - require(SYSTEM_ROOT.'inc/permissions.inc'); + require(INCLUDE_DIR.'permissions.inc'); $permissions=permissions::checkPermissions($node); $permissions['h']=permissions::isHierarch($node); } @@ -191,10 +161,10 @@ if ($template_id=='rss') { require_once(INCLUDE_DIR.'/feedcreator.class.php'); - $rss =& new UniversalFeedCreator(); + $rss = new UniversalFeedCreator(); $rss->title = "Kyberia mail"; $rss->description = ""; - $rss->link = "https://kyberia.sk/id/24"; + $rss->link = "https://". SYSTEM_URL . "/id/24"; $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas, userfrom.user_action as locationfrom_action, @@ -212,9 +182,9 @@ if ($template_id=='rss') $m = $set->getRecord(); if ($m['mail_to'] != $_SESSION['user_id']) continue; - $item =& new FeedItem(); + $item = new FeedItem(); $item->title = $m['mail_from_name']; - $item->link = "https://kyberia.sk/id/24"; + $item->link = "https://".SYSTEM_URL."/id/24"; $item->description = $m['mail_text']; $rss->addItem($item); } @@ -224,9 +194,9 @@ if ($template_id=='rss') { require_once(INCLUDE_DIR.'/feedcreator.class.php'); - $rss =& new UniversalFeedCreator(); + $rss = new UniversalFeedCreator(); $rss->title = "Kyberia bookmarks"; - $rss->link = "http://kyberia.sk/id/19"; + $rss->link = "http://".SYSTEM_URL."/id/19"; require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php'); smarty_function_get_bookmarks(array(), $smarty); @@ -236,9 +206,9 @@ if ($template_id=='rss') if (is_array($_item['children'])) foreach ($_item['children'] as $_b) { - $item =& new FeedItem(); + $item = new FeedItem(); $item->title = $_b['node_name']; - $item->link = "http://kyberia.sk/id/".$_b['node_id']."/rss"; + $item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss"; $rss->addItem($item); } } @@ -248,10 +218,10 @@ if ($template_id=='rss') { require_once(INCLUDE_DIR.'/feedcreator.class.php'); - $rss =& new UniversalFeedCreator(); + $rss = new UniversalFeedCreator(); $rss->title = $node['node_name']; $rss->description = ""; - $rss->link = "http://kyberia.sk/id/".$node['node_id']; + $rss->link = "http://".SYSTEM_URL."/id/".$node['node_id']; // K list if ($_GET['node_id']=='15') @@ -270,9 +240,9 @@ if ($template_id=='rss') foreach ($_items as $_item) { - $item =& new FeedItem(); + $item = new FeedItem(); $item->title = $_item['node_name']; - $item->link = "http://kyberia.sk/id/".$_item['node_id']; + $item->link = "http://".SYSTEM_URL."/id/".$_item['node_id']; $item->description = $_item['node_content']; $rss->addItem($item); } @@ -291,11 +261,11 @@ if (($permissions['r']) || ($event != 'register')) { //performing node_events (based on update/insert/delete db queries) if ($event) { - require(SYSTEM_ROOT.'inc/eventz.inc'); + require(INCLUDE_DIR.'eventz.inc'); } elseif ($transaction) { - require(SYSTEM_ROOT.'inc/transaction.inc'); + require(INCLUDE_DIR.'transaction.inc'); } //end of performing node events @@ -314,7 +284,7 @@ if ($_SESSION['user_id']) { //if node is css if ($node['template_id']!='2019721'){ - log::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']); + logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']); if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) { $q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'"; // echo $q; @@ -361,7 +331,7 @@ elseif (!$permissions['r'] && $_GET['magic_word']) { else { - log::log('enter',$node['node_id'],'failed'); + logger::log('enter',$node['node_id'],'failed'); } @@ -374,17 +344,32 @@ if ($user_id=$_SESSION['user_id']) { $smarty->assign('bookstyl',$_SESSION['bookstyl']); $smarty->assign('fook',$_SESSION['fook']); $smarty->assign('user_id',$_SESSION['user_id']); - if (!empty($_SESSION['cube_vector'])) $smarty->assign('cube_vector',$_SESSION['cube_vector']); + if (!empty($_SESSION['cube_vector'])) + $smarty->assign('cube_vector',$_SESSION['cube_vector']); $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural $smarty->assign('user_quota',$_SESSION['user_quota']); - $newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'"); + + $newmail_q = sprintf('select u.user_mail_id + , u.user_k + , u.k_wallet + , u.user_mail + , ms.user_id as mail_sender_id + , ms.login as mail_sender + from users u + left join users ms on ms.user_id = u.user_mail_id + where u.user_id = %d', + $user_id); + $newmailset = $db->query($newmail_q); + +//$newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'"); + $newmailset->next(); $new_mail=$newmailset->getString('user_mail'); $newmailset2 = $db->query("select users.user_mail_id,mailsender.login from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'"); $newmailset2->next(); $smarty->assign('new_mail',$new_mail); - $smarty->assign('new_mail_name',$newmailset->getString('user_mail_name')); + $smarty->assign('new_mail_name',$newmailset->getString('mail_sender')); $smarty->assign('new_mail_name2',$newmailset2->getString('login')); $user_k=$newmailset->getString('user_k'); $smarty->assign('user_k',$user_k); @@ -422,11 +407,6 @@ if ($node['node_system_access']=='crypto') { $smarty->assign('crypto_pass',$_SESSION['crypto'][$node['node_id']]); } -//hlaska -//$error .= "ocakavajte planovany vypadok okolo 6 hodiny
-//s pozdravom br .)"; -//$error .= "dnes od 22:00 zurka v subclube! ucast povinna!"; - $smarty->assign('error',$error); $smarty->assign('permissions',$permissions); $smarty->assign('current_vector',$node['node_vector']);