RewriteCond %{REQUEST_URI} ^/kbase.*
RewriteRule ^(.+) - [L]
- RewriteCond %{REQUEST_URI} ^/~zden/.*
- RewriteRule ^(.+) - [L]
-
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteRule ^id/([0-9]+)/?$ /nodes.php?node_id=$1 [L]
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteRule ^id/([0-9]+)/([0-9]+)/(.+)/?$ /nodes.php?node_id=$1&template_id=$2&magic_word=$3 [L]
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteRule ^id/([0-9]+)/(.+)/?$ /nodes.php?node_id=$1&template_id=$2 [L]
RewriteCond %{REQUEST_FILENAME} !-f
- RewriteRule ^([^/]+)/?$ /nodes.php?node_name=$1 [L]
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteRule ^([^/]+)/([^/]+)/?$ /nodes.php?node_name=$1&template_id=$2 [L]
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteRule ^$ /nodes.php?node_id=1
+ RewriteRule ^(.*) /nodes.php/$1 [L]
+
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteRule ^id/([0-9]+)/?$ /nodes.php?node_id=$1 [L]
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteRule ^id/([0-9]+)/([0-9]+)/(.+)/?$ /nodes.php?node_id=$1&template_id=$2&magic_word=$3 [L]
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteRule ^id/([0-9]+)/(.+)/?$ /nodes.php?node_id=$1&template_id=$2 [L]
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteRule ^([^/]+)/?$ /nodes.php?node_name=$1 [L]
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteRule ^([^/]+)/([^/]+)/?$ /nodes.php?node_name=$1&template_id=$2 [L]
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteRule ^$ /nodes.php?node_id=1
+#
+# #base36
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteRule ^k/([0-9a-zA-Z]+)/?$ /nodes.php?node_kid=$1 [L]
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteRule ^k/([0-9a-zA-Z]+)/([0-9a-zA-Z]+)/(.+)/?$ /nodes.php?node_kid=$1&template_kid=$2&magic_word=$3 [L]
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteRule ^k/([0-9a-zA-Z]+)/(.+)/?$ /nodes.php?node_kid=$1&template_kid=$2 [L]
+
Options Indexes FollowSymLinks
AllowOverride All #None
#!/bin/sh
+# XXX do we even need this?
+# configure_image_new could resize image itself
+
# Script na upravu uploadnutych obrazkov k nodes (backend k eventu configure_image_new #2105641)
# Spustane z CRONu cca raz za 2 - 5 minut
<?php
/*
* Script that register new users who gaind enough K (votes)
- * Called XXX
+ * Called once a day at 0:42
+ *
+ * TODO: ? call only function from eventz ?
*/
mail($mail,"kyberia gate is opened","Vitaj v kyberii");
//VHODNE POSLAT ZACIATOCNIKOVI POSTU
-// ubik::ubikMail($params);
+ ubik::ubikMail($params);
}
?>
</tr>
{*/if*}
<tr>
- <td width='{math equation="(x-y)-8" x=$child.depth y=$node.vector_depth}%'></td>
+<!--XXX test oflogarithmic threading (original (x-y)-8 ) XXX TODO fit to resolutions-->
+ <td width='{math equation="10*log((x-y))-18" x=$child.depth y=$node.vector_depth}%'></td>
<td valign='top' rowspan='2'>
{* put.Ty hack *}
{if $child.synapse_creator neq ''}
{/if}
{*end of put.Ty hack *}
</td>
- <td width='{math equation="100-(x-y)" x=$child.depth y=$node.vector_depth}%'>
+ <!--XXX orig: 100-(x-y)-->
+ <td width='{math equation="100-(10*log(x-y))+10" x=$child.depth y=$node.vector_depth}%'>
<table class='bordered' width='100%'><tr class='header'>
<td>
<a href='/id/{$child.node_creator}'>{$child.login}</a>
<td><input type='submit' name='get_children_move' value='<<'></td>
<td><input name='get_children_move' type='submit' value='>>'></td>
<td><input type='submit' name='get_children_move' value='>'></td>
-</tr></table>
\ No newline at end of file
+</tr></table>
- User mail is not working
+ (seems to be fixed, but we still can't delete the mails...)
+ Anyway move whole mail handling out of nodes.php (?)
- Registration process is not working
- (rewrite sending of reg. mails)
+ (rewrite sending of reg. mails) (TEST)
+ (during registration we should generate GnuPG keypair to user_gpg_prv and user_gpg_pub fields in table users)
- SQL injections (many fixed, but some should be still there)
-- remove absolute paths from all source files (!) (over 50)
+- remove absolute paths from all source files (!)
+
+- User images (icons) seems to be broken somehow
- remove hard-coded hostname from:
( registration mails )
( scripts in "scripts" directory (system paths))
+
- Fix https vs http problem (url)
- Suspected security holes:
( ./inc/eventz/spamuj_ubik.inc )
( ./inc/eventz/upload_own_template.inc ) (is even needed?)
-- Remove eventz (and files) that are not used (verify this before removing)
- ( ./inc/eventz/login_lockout_test.inc )
- ( ./inc/eventz/add_test.inc )
- ( ./inc/eventz/add_ubik_friend.inc )
- ( ./inc/eventz/cron_test.inc )
- ( ./inc/eventz/login_test.inc )
- ( ./inc/eventz/mail_test.inc )
- ( ./inc/eventz/test_button.inc )
- ( ./inc/eventz/testing_cron.inc )
- ( ./inc/eventz/testm.inc )
- ( ./inc/eventz/send-old.inc )
- ( ./inc/eventz/destroy_synapse2.inc )
- ( ./inc/eventz/login2.inc )
- ( ./inc/eventz/send2.inc )
- ( ./inc/eventz/set_parent2.inc )
-
- Remove/fix not working eventz
( ./inc/eventz/addClass.inc )
( ./inc/eventz/addEvent.inc )
- keep fixing XSS
-- documentation/installation guide (see README)
+- Test & scale logarithmic threading
+
+- some templates are fixed only in .tpl, not in sql database
+ => synchronize .tpl vs SQL templates (permanently)
- Clean code => fix uninitialized variables
-- Implement URL handling using PATH_INFO instead of mod_rewrite
+- documentation/installation guide (see README)
-- some templates are fixed only in .tpl, not in sql database
+- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite)
+- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...)
- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
- (We can use multiple hash algorithms (so we'll have backward DB compatibility):
- {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e
- {SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735
- 5b077a0ab90992d9763c5b120b22c9d7
- ) Harvie
-
+ (We really need this... I've cracked Hromi's password in few seconds (even when it was relatively secure))
+ (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)
--- /dev/null
+<?php
+function register() {
+ global $error;
+ $error = 'Rozhodne nechceme, aby se nasim clenem stal uzivatel '.$_POST['reg_login'].' pouzivajici email '.$_POST['reg_email'].
+ ' a vyzadujici heslo '.$_POST['reg_pass'].' jenom protoze rika <pre>'."\n".$_POST['reg_content']."\n</pre>;-)";
+ return false;
+}
+?>
--- /dev/null
+<?
+// XXX not used at all. Registration is performed from cron
+function register_users() {
+global $permissions,$node,$db,$error;
+$user_id=$_SESSION['user_id'];
+$user_name=$_SESSION['user_name'];
+$hello="ahoj, tymto ta vitam v systeme ".SYSTEM_URL.". do systemu ta zaregistrovala moja malickost. v pripade ze budes mat akykolvek problem, kontaktuj ma prosim cez postunnako prve by si mal navstivit forum Zaciname s kyberiou\n\ntoto je automaticky vygenerovana sprava";
+require(INCLUDE_DIR."phpmailer.inc");
+$mail = new PHPMailer();
+$mail->IsSMTP(); // send via SMTP // XXX use constants from config file
+$mail->Host = "molly.kyberia.cz"; // SMTP servers
+$mail->From = "root@kyberia.cz";
+$mail->FromName = "kyberia.cz admin";
+$mail->WordWrap = 50; // set word wrap
+$mail->Subject = "kyberia.cz uspesna registracia";
+
+
+if (!$permissions['w']) {
+ $error="you don't have permissions for performing this event";
+ return false;
+}
+
+foreach ($_POST['waiting'] as $user =>$value) { //XXX SQLi
+ $set=$db->query("select email,login,node_creator from users".
+ "left join nodes on nodes.node_id=users.user_id".
+ "where user_id='$user'");
+ $set->next();
+ $email=$set->getString('email');
+ $login=$set->getString('login');
+
+ $application_id=$set->getString('node_creator');
+
+ $params['node_creator']=$user_id;
+ $params['node_parent']=$application_id;
+ $params['node_name']="$login registered";
+ $params['node_content']="user $login successfully registered by $user_name";
+ nodes::addNode($params);
+
+ $db->query("update nodes set node_creator=node_id where node_id='$user'");
+ $db->query("insert into mail set mail_user='$user',mail_to='$user',mail_from='$user_id',mail_text='$hello'");
+ $db->query("insert into mail set mail_user='$user_id',mail_to='$user',mail_from='$user_id',mail_text='$hello'");
+ $db->query("update users set user_mail='1',user_mail_name='$user_name' where user_id='$user'");
+ $mail->ClearAddresses();
+ $mail->AddAddress($email); // optional name
+ $mail->AltBody = "bol si uspesne zaregistrovany do komunity "
+ .SYSTEM_URL." s loginom $login . njoy";
+ if(!$mail->Send()){
+ $error="could not sent mail";
+ return false;
+ }
+}
+return true;
+}
+?>
<?php
+
+// XXX is this even used?
+
function registruj_novych() {
global $db,$error;
-// 2110364 >> debug user
-$q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes
-left join users on nodes.node_creator=users.user_id where node_name='request for access' and node_parent=2091448 and
-k>=5";
+// XXX parametrize
-/*
$q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes
-left join users on nodes.node_creator=users.user_id where node_name!='request for access' and node_parent=2091448 and
-k>=3 and user_id=2110364";
-*/
+left join users on nodes.node_creator=users.user_id where
+node_name='request for access' and node_parent=2091448 and k>=5";
$set=$db->query($q);
while ($set->next()) {
-<?
+<?php
+
+global $node,$db,$error;
// All mysql code should go here
+// Split into multiple files if needed
+
+
+// Called for every node view. Updates node views, neurons,
+function update_nodes(user_id,node_id,referer_id) {
+
+ $db->update("update nodes set node_views=node_views+1 where".
+ "node_id='".$node_id."'");
+ if (is_numeric($referer_id) && ($referer_id)) {
+ $q="update neurons set synapse=synapse+1 where ".
+ "dst='".$node_id."' and src='$referer_id'";
+ $result=$db->update($q);
+ if (!$result) {
+ $q="insert into neurons set synapse_creator='".
+ $user_id."',dst='".$node_id.
+ "',src='$referer_id',synapse=1";
+ $db->query($q);
+ }
+ }
+
+ // LEVENSHTEIN
+
+ // these 4 lines are not the source of kyberia lagging problems.
+ // leave them. started on the 10.4.
+ // data gained will be used for scientific purposes
+ if ($user_id) {
+ $q="insert delayed into levenshtein set user_id='".
+ $user_id."',node_id='".$node_id."'";
+ $db->update($q);
+ }
+}
+
?>
-<?
+<?php
// All psql code should go here
?>
// Default kyberia configuration file.
// This runs kyberia on localhost with single database.
+define('DB_TYPE', 'mysql'); // mysql of psql so far.
define('DB_HOST', 'localhost');
define('DB_USER', 'kyberia');
define('DB_PASS', 'levenshtein');
define('DB_DATABASE', 'kyberia');
+date_default_timezone_set('Europe/Prague');
define('SYSTEM_ROOT', '/srv/kyberia/');
define('SYSTEM_DATA', SYSTEM_ROOT . '/wwwroot/data/');
define('AJAX_DIR', SYSTEM_ROOT . 'wwwroot/ajax/');
define('INCLUDE_DIR', SYSTEM_ROOT . 'wwwroot/inc/');
+/*
+//Uncomment this to enable Basic HTTP Auth:
+$realm = 'kyberia'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)
+$users = array( //You can specify multiple users in this array
+ 'kyberia' => 'passw'
+);
+*/
+
define('SMARTY_DIR', SYSTEM_ROOT . 'wwwroot/smarty/libs/');
define('SMARTY_PLUGIN_DIR', SYSTEM_ROOT . 'wwwroot/inc/smarty/node_methodz/');
define('TEMPLATE_DIR', SYSTEM_DATA . 'templates/');
define('EVENT_DIR', INCLUDE_DIR . 'eventz/');
define('SYSTEM_URL', 'kyberia.cz:8023');
+define('SYSTEM_SMTP', 'molly.kyberia.cz');
+define('SYSTEM_EMAIL', 'admin@kyberia.cz');
+define('SYSTEM_EMAIL_NAME', 'Ubik osobne');
+
+
define('UBIK_ID', '332');
define('DEFAULT_LISTING_AMOUNT','32');
define('DEFAULT_LISTING_ORDER', 'desc');
--- /dev/null
+<?php
+
+function addBase36id($node) {
+ $node['node_kid']=base_convert($node['node_id'],10,36);
+ return $node;
+}
$kset->next();
$user_k=$kset->getString('user_k');
+// XXX hard-coded
$senat_id = 876611;
$K_id = 1961061;
$comms = getCommanders($K_id);
$error=$error_messages['EVENT_PERMISSION_ERROR'];
return false;
}
- $bans=explode(";",$_POST['bans']);
+ $bans=explode(";",$_POST['bans']); // XXX sqli?
$db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'");
foreach ($bans as $ban) {
<?php
- function book() {
- global $db,$error,$node;
- $q="update neurons set link='bookmark',synapse_creator='".$_SESSION['user_id']."',synapse=synapse+1 where dst='".$_SESSION['user_id']."' and src='".$node['node_id']."'";
- $result=$db->update($q);
- if (!$result) {
- $q="insert into neurons set synapse_created=NOW(),dst='".$_SESSION['user_id']."',src='".$node['node_id']."',synapse_creator='".$_SESSION['user_id']."',link='bookmark'";
- $db->query($q);
- }
- $q="update node_access set node_bookmark='yes' where user_id='".$_SESSION['user_id']."' and node_id='".$node['node_id']."'";
- $result=$db->query($q);
- $_SESSION['bookmarks'][$node['node_id']]=$node['node_name'];
-return true;
+function book() {
+ global $db,$error,$node;
+
+ $q="update neurons set link='bookmark',synapse_creator='".$_SESSION['user_id']."',synapse=synapse+1 where dst='".$_SESSION['user_id']."' and src='".$node['node_id']."'";
+ $result=$db->update($q);
+ if (!$result) {
+ $q="insert into neurons set synapse_created=NOW(),dst='".$_SESSION['user_id']."',src='".$node['node_id']."',synapse_creator='".$_SESSION['user_id']."',link='bookmark'";
+ $db->query($q);
}
+ $q="update node_access set node_bookmark='yes' where user_id='".$_SESSION['user_id']."' and node_id='".$node['node_id']."'";
+ $result=$db->query($q);
+
+ $_SESSION['bookmarks'][$node['node_id']]=$node['node_name'];
+
+ return true;
+}
?>
global $error,$node,$db;
$user_id = $_SESSION['user_id'];
- $bookstyl = $_POST['bookstyl'];
+ $bookstyl = $_POST['bookstyl']; //XXX sqli
$set=$db->query("select * from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'");
if($set->getNumRows() == 0) {
$_SESSION['bookstyl']= $bookstyl;
}
-?>
\ No newline at end of file
+?>
// XXX permision check?
function debugging() {
-if ($_SESSION['debugging']) unset($_SESSION['debugging']);
-else $_SESSION['debugging']=true;
+ if ($_SESSION['debugging']) unset($_SESSION['debugging']);
+ else $_SESSION['debugging']=true;
}
+
?>
-<?
+<?php
function destroy_synapse() {
global $error_messages,$db,$node,$error;
//echo $q;
}
}else{
-global $error;
-$error="Nemas pravomoci na vykonanie daneho skutku....viac ku tomu nemam co dodat:-)";
-return false;
+ global $error;
+ $error="Nemas pravomoci na vykonanie daneho skutku....";
+ return false;
}
-
-
}
return true;
-}?>
\ No newline at end of file
+}?>
<?php
- function executorlist() {
- global $db,$error,$node;
- $node_id=$node['node_id'];
- if ($node['node_permission']!='owner') {
- $error=$error_messages['EVENT_PERMISSION_ERROR'];
- return false;
- }
+function executorlist() {
+ global $db,$error,$node;
+ $node_id=$node['node_id'];
+ if ($node['node_permission']!='owner') {
+ $error=$error_messages['EVENT_PERMISSION_ERROR'];
+ return false;
+ }
- $executors=explode(";",$_POST['executorlist']);
- $db->query("update node_access set node_permission='' where
- node_id=$node_id and node_permission='exec'");
- foreach ($executors as $execitpr) {
- $set=$db->query("select user_id from users where login='$executor'");
- $set->next();
- if ($set->getString('user_id')) {
- $q="update node_access set node_permission='exec' where node_id=$node_id and
+ $executors=explode(";",$_POST['executorlist']); // XXX sqli
+ $db->query("update node_access set node_permission='' where
+ node_id=$node_id and node_permission='exec'");
+ foreach ($executors as $execitpr) {
+ $set=$db->query("select user_id from users where login='$executor'");
+ $set->next();
+ if ($set->getString('user_id')) {
+ $q="update node_access set node_permission='exec' where node_id=$node_id and
user_id='".$set->getString('user_id')."'";
- $changed=$db->update($q);
- if (!$changed) {
- $q="insert into node_access set
+ $changed=$db->update($q);
+ if (!$changed) {
+ $q="insert into node_access set
node_permission='exec',node_id=$node_id,user_id=".$set->getString('user_id');
- $db->query($q);
- $logger::log('add exec',$node_id,'ok',$executor);
+ $db->query($q);
+ $logger::log('add exec',$node_id,'ok',$executor);
- }
}
- else { $error .= "$executor does not exist..."; }
}
+ else { $error .= "$executor does not exist..."; }
}
+}
?>
-<?
+<?php
function get_templates() {
$sql = "select * from `nodes` where `external_link` LIKE 'template://%'";
$q = mysql_query($sql);
$count = mysql_num_rows($q);
while($res = mysql_fetch_object($q)) {
-$content = mysql_fetch_object(mysql_query("select * from `node_content` where `node_id` = '{$res->node_id}'"));
-print $res->node_id;
-print ">>>";
-print $content->node_content;
-print "<br>";
-
-
-
-
+ $content = mysql_fetch_object(mysql_query("select * from `node_content` where `node_id` = '{$res->node_id}'"));
+ print $res->node_id;
+ print ">>>";
+ print $content->node_content;
+ print "<br>";
}
}
-
}
-?>
\ No newline at end of file
+?>
if (($k_wallet+(-1*$k_request)) < 0 or ($user_k-(-1*$k_request)) < 0 or (!$k_request)) {
-$error="Chybne zadanie alebo na to proste nemas:-)";
-return false;
+ $error="Chybne zadanie alebo na to proste nemas:-)";
+ return false;
}
$db->query("update users set k_wallet=k_wallet+(-1*$k_request) , user_k=user_k-(-1*$k_request) where user_id='$user_id'");
global $db,$error,$node_id;
$login = mysql_real_escape_string($_POST['login']);
$password = $_POST['password']; // Not SQLi but be carefull
- $hash = md5($password);
+ $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
+
+ $hash_query='(';
+ foreach($password_hash_algos as $algo) {
+ $hash_query.="password='".hash($algo, $password)."' OR ";
+ }
+ $hash_query.='false )';
+
$login_type = $_POST['login_type'];
$referer = $_SERVER['HTTP_REFERER'];
switch ($login_type) {
case "name":
- $q = "select * from users where login='$login' and password='$hash'";
+ $q = "select * from users where login='$login' and $hash_query";
$set = $db->query($q);
$set->next();
$user_id = $set->getString('user_id');
$user_name = $set->getString('login');
break;
+ case "base36id":
+ $login = base_convert($login, 36, 10);
case "id":
// HA! if it is number, escape_string is not enough
$login=intval($login);
- $q="select * from users where user_id='$login' and password='$hash'";
+ $q="select * from users where user_id='$login' and $hash_query";
$set=$db->query($q);
$set->next();
$user_id=$set->getString('user_id');
+++ /dev/null
-/modules
-
-
-announcment by bad admin:
-<font class='most_important'>
-POZOR POZOR POZOR. V PRIEBEHU NAJBLIZSIEHO MESIACA DOJDE K ODMAZANIU
-ADRESARA MODULES, PRETO JE ODPORUCANE UPRAVIT VSETKY VAM PATRIACE SABLONY A ODSTRANIT Z NICH ZAPISY {include file="modules/nazovsuboru.tpl"}
-je treba zadavat
-{include file="cislosablony.tpl"}
-</font>
\ No newline at end of file
-<?php
-function register() {
- global $error;
- $error = 'Registracie su docasne pozastavene.';
- return false;
-}
-?>
\ No newline at end of file
+<?php\r
+function register() {\r
+ global $db, $error;\r
+\r
+ $content = mysql_real_escape_string(strip_tags(trim($_POST['reg_content'])));\r
+ $email = mysql_real_escape_string(strip_tags(trim($_POST['reg_email'])));\r
+ $login = mysql_real_escape_string(strip_tags(trim($_POST['reg_login'])));\r
+ $pass = mysql_real_escape_string($_POST['reg_pass']);\r
+ $pass2 = mysql_real_escape_string($_POST['reg_pass2']);\r
+ \r
+ if (empty($login)) {\r
+ $error = 'please enter your nick name';\r
+ return false;\r
+ }\r
+ elseif (empty($email)) {\r
+ $error = 'please enter your email address';\r
+ return false;\r
+ }\r
+ elseif (preg_match('/^(.+?)@(.+?)\.([a-z]{2,4})$/', $email) == false) {\r
+ $error = 'please enter correct mail';\r
+ return false;\r
+ }\r
+ elseif (empty($content)) {\r
+ $error = 'please write something about you';\r
+ return false;\r
+ }\r
+ elseif (strlen($pass) < 5) {\r
+ $error = 'password toooooooo short, (<5)';\r
+ return false;\r
+ }\r
+ elseif ($pass != $pass2) {\r
+ $error = 'passwords do not match';\r
+ return false;\r
+ }\r
+\r
+ $set = $db->query(sprintf('select login from users where \r
+ login = "%s" or email = "%s"', $login, $email));\r
+ if ($set->getNumRows() > 0) {\r
+ $error = sprintf('No-no, user with this email is already registered');\r
+ return false;\r
+ }\r
+\r
+ // registration clause // XXX hard coded\r
+ $qr_rc = $db->query('select node_content from nodes where node_id = 791946');\r
+ $qr_rc->next();\r
+\r
+ $params['node_content'] = sprintf('<i>%s</i><br />%s<br />\r
+ E-mail address:: %s',\r
+ $qr_rc->getString('node_content'),\r
+ $content,\r
+ $email);\r
+ // XXX hard-coded\r
+ $params['node_parent'] = 1836516; // registrations_noverified forum\r
+ $params['node_name'] = 'request for access';\r
+ $params['flag'] = 'registration';\r
+ $user_id = nodes::addNode($params);\r
+ $q = sprintf('update nodes set node_system_access = "private" where node_id = %d', $user_id);\r
+ $db->update($q);\r
+\r
+ $pass = md5($pass);\r
+ $vercode = substr( md5( uniqid( rand() ) ), rand(0, 7), 23);\r
+ $q = sprintf('insert into users set password = "%s", user_id = %d,\r
+ header_id = 2091520, login = "%s", email = "%s",\r
+ hash = "%s"',\r
+ $pass, $user_id, $login, $email, $vercode);\r
+ $db->query($q); // XXX rewrite\r
+ $emailtext = sprintf(\r
+'Vitaj %s! Prave som sa s radostou dozvedel, ze si vyplnil(a)\r
+registracny formular na stranke kyberia.sk a chces sa stat\r
+clenom tejto komunity.\r
+Budem sa snazit urobit tento pokec trosku dlhsi,\r
+lebo v povodnej kratkej forme ho pohlcuju spamfiltre, takze\r
+ospravedln nasledujuce blabla a moj typicky atypicky zmysel\r
+pre cierny humor, kedze sluzi ku dobrej veci :)\r
+Pri registracii ti bol prideleny verifikacny kod.\r
+Ten kod znie "%s" [bez uvodzoviek].\r
+Ten musis zadat na adresu https://kyberia.sk/id/1976899/, kde \r
+vyplnis formular s tvojim nickom a verifkacnym kodom.\r
+Od tej chvile bude tvoja ziadost volne pristupna\r
+uz zaregistrovanym clenom, ktori o nej budu hlasovat.\r
+Pocet hlasov aby sa ziadosti vyhovelo je 5.\r
+Deadline na nazbieranie je 1 tyzden.\r
+Takze fakticky dufam ze si o sebe napisal(a) nieco inteligentne :)\r
+\r
+Prajem pekny zvysok dna',\r
+ $login, $vercode);\r
+ // edit by br\r
+ $headers = 'From: kyberia@'. SYSTEM_URL . "\r\n" . 'X-Mailer: PHP';\r
+ mail($email, SYSTEM_URL.' verification code', $emailtext, $headers);\r
+ $error = '<h2>Request saved, verification code sent, please check your e-mail.<h2>';\r
+\r
+ return false;\r
+}\r
+?>\r
+++ /dev/null
-function register_users() {
-global $permissions,$node,$db,$error;
-$user_id=$_SESSION['user_id'];
-$user_name=$_SESSION['user_name'];
-$hello="ahoj, tymto ta vitam v systeme ".SYSTEM_URL.". do systemu ta zaregistrovala moja malickost. v pripade ze budes mat akykolvek problem, kontaktuj ma prosim cez postunnako prve by si mal navstivit forum Zaciname s kyberiou\n\ntoto je automaticky vygenerovana sprava";
-require(INCLUDE_DIR."phpmailer.inc");
-$mail = new PHPMailer();
-$mail->IsSMTP(); // send via SMTP
-$mail->Host = "molly.kyberia.cz"; // SMTP servers
-$mail->From = "root@kyberia.cz";
-$mail->FromName = "kyberia.cz admin";
-$mail->WordWrap = 50; // set word wrap
-$mail->Subject = "kyberia.cz uspesna registracia";
-
-
-if (!$permissions['w']) {
-$error="you don't have permissions for performing this event";
-return false;
-}
-
-foreach ($_POST['waiting'] as $user =>$value) {
-$set=$db->query("select email,login,node_creator from users left join nodes on nodes.node_id=users.user_id where user_id='$user'");
-$set->next();
-$email=$set->getString('email');
-$login=$set->getString('login');
-
-$application_id=$set->getString('node_creator');
-
-$params['node_creator']=$user_id;
-$params['node_parent']=$application_id;
-$params['node_name']="$login registered";
-$params['node_content']="user $login successfully registered by $user_name";
-nodes::addNode($params);
-
-$db->query("update nodes set node_creator=node_id where node_id='$user'");
-$db->query("insert into mail set mail_user='$user',mail_to='$user',mail_from='$user_id',mail_text='$hello'");
-$db->query("insert into mail set mail_user='$user_id',mail_to='$user',mail_from='$user_id',mail_text='$hello'");
-$db->query("update users set user_mail='1',user_mail_name='$user_name' where user_id='$user'");
-$mail->ClearAddresses();
-$mail->AddAddress($email); // optional name
-$mail->AltBody = "bol si uspesne zaregistrovany do komunity ".SYSTEM_URL." s loginom $login . njoy";
-if(!$mail->Send())
-{
-$error="could not sent mail";
-return false;
-}
-
-}
-return true;
-}
-?>
-<?
+<?php
function set_time_lock(){
global $db,$error;
$user_id = $_SESSION['user_id'];
-<?
+<?php
function spamuj_ubik() {
global $db,$node,$error;
+
+/* XXX TODO Rewrite (insecure)
+
$sprava="Ahoj! tak s radostou ta mozem poinformovat o par zmenach v systeme<br>";
// oznamovanie niektorych ficur z newlistu via ubik vsem userom
echo "sprava $sprava <br> bola odoslana $pocitadlo userom";
+*/
return false;
-}?>
\ No newline at end of file
+}?>
-<?
+<?php
function unset_time_lock(){
global $db,$error;
$user_id = $_SESSION['user_id'];
$error="ok. tvoj timelock bol zruseny.";
return false;
}
-?>
\ No newline at end of file
+?>
global $db,$error;
// 2110364 >> debug user
+// XXX hardcoded, rewrite
$q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes
left join users on nodes.node_creator=users.user_id where node_name!='request for access' and node_parent=2091448 and
k>=3";
-/*
-$q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes
-left join users on nodes.node_creator=users.user_id where node_name!='request for access' and node_parent=2091448 and
-k>=3 and user_id=2110364";
-*/
-
$set=$db->query($q);
while ($set->next()) {
$noda=$set->getString('node_id');
return false;
}
-?>
\ No newline at end of file
+?>
-<?
-function verify() {
+<?php
+function verify(){
global $db;
$uvercode=mysql_real_escape_string($_POST['vc']);
$kset->next();$vercode=$kset->getString('hash');
if($uvercode!=$vercode) {
-global $error;
-$error="Wrong verification code or username";
-return false;
-}
-
-else {
+ global $error;
+ $error="Wrong verification code or username";
+ return false;
+} else {
// ouch!! this is gonna be dirty!!!!! will be revised later:-)
+// XXX hardcoded, rewrite
$q="update nodes set node_parent=2091448, node_vector='00876611020914480$userid' where node_id='$userid'";
$db->update($q);
$q="update nodes set node_children_count=node_children_count+1 where node_id=2091448";
// and now the happy news:-))
-
-
echo "<center>Verification successfull.<br><h3>from now on your registration is in the hands of kyberians</h3></center>";
-
-die();
+ die();
}
+
}
-?>
\ No newline at end of file
+?>
<?php
// pokus urobit neco z anketami:-))nerehocte sa moc hlasno:-))
- function vote() {
- global $node,$db,$error,$referer_id;
- if (!$referer_id) $referer_id=1;
+function vote() {
+ global $node,$db,$error,$referer_id;
+ if (!$referer_id) $referer_id=1;
- $node_id=$node['node_id'];
- $user_id=$_SESSION['user_id'];
+ $node_id=$node['node_id'];
+ $user_id=$_SESSION['user_id'];
- $set=$db->query("select * from node_access where node_id='$node_id' and user_id='$user_id' and node_permission='ban'");
- if($set->getNumRows()>0) {
- global $error;
- $error="F ankete si uz hlasoval. nene..uz sa to neda viackrat...dufam:-)";
- return false; }
+ $set=$db->query("select * from node_access where node_id='$node_id'
+ and user_id='$user_id' and node_permission='ban'");
+ if($set->getNumRows()>0) {
+ global $error;
+ $error="One vote is enough for everyone";
+ return false;
+ }
-$option=$_POST['poll_option'];
+ $option=$_POST['poll_option'];
+ $option--;
-$option--;
+ if (!is_numeric($option)) {
+ $error="incorrect poll_option. fck";
+ }
-if (!is_numeric($option)) {
- $error="incorrect poll_option. fck";
- }
+ $poll=unserialize($node['node_content']);
+ ++$poll[$option]['number'];
+ $node_content=serialize($poll);
+ $db->query("update nodes set node_content='$node_content'
+ where node_id='$node_id'");
- $poll=unserialize($node['node_content']);
- ++$poll[$option]['number'];
- $node_content=serialize($poll);
- $db->query("update nodes set node_content='$node_content'
-where node_id='$node_id'");
+ $db->query("update node_access set node_permission='ban' where
+ node_id='$node_id' and user_id='$user_id'");
+ Header("Location: /id/".$node['node_parent']."/");
+}
-$db->query("update node_access set node_permission='ban' where
-node_id='$node_id' and user_id='$user_id'");
- Header("Location: /id/".$node['node_parent']."/");
-
- }
-?>
\ No newline at end of file
+?>
echo $q;
$db->update($q);
echo "<br>";
+// XXX hard coded, fix
$q="delete from nodes where node_vector like '020914480$noda%'";
echo $q;
$db->update($q);
--- /dev/null
+<?php
+//Harvie's PHP HTTP-Auth script (2oo7-2o1o)
+//CopyLefted4U ;)
+///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////
+//Login
+/*$realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)
+$users = array( //You can specify multiple users in this array
+ 'music' => 'passw'
+);*/
+//Misc
+$require_login = true; //Require login? (if false, no login needed) - WARNING!!!
+$location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION])
+//CopyLeft
+$ver = '2o1o-3.9';
+$link = '<a href="https://blog.harvie.cz/">blog.harvie.cz</a>';
+$banner = "Harvie's PHP HTTP-Auth script (v$ver)";
+$hbanner = "<hr /><i>$banner\n-\n$link</i>\n";
+$cbanner = "<!-- $banner -->\n";
+//Config file
+@include('./_config.php');
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
+/* HOWTO
+ * To each file, you want to lock add this line (at begin of first line - Header-safe):
+ * <?php require_once('http_auth.php'); ?> //Password Protection 8')
+ * Protected file have to be php script (if it's html, simply rename it to .php)
+ * Server needs to have PHP as module (not CGI).
+ * You need HTTP Basic auth enabled on server and php.
+ */
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
+ function send_auth_headers($realm='') {
+ Header('WWW-Authenticate: Basic realm="'.$realm.'"');
+ Header('HTTP/1.0 401 Unauthorized');
+ }
+
+ function check_auth($PHP_AUTH_USER, $PHP_AUTH_PW) { //Check if login is succesfull (U can modify this to use DB, or anything else)
+ return (isset($GLOBALS['users'][$PHP_AUTH_USER]) && ($GLOBALS['users'][$PHP_AUTH_USER] == $PHP_AUTH_PW));
+ }
+
+ function unauth() { //Do this when login fails
+ $cbanner = $GLOBALS['cbanner'];
+ $hbanner = $GLOBALS['hbanner'];
+ die("$cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$hbanner"); //Show warning and die
+ die(); //Don't forget!!!
+ }
+
+//Backward compatibility
+if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
+if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
+
+//Logout
+if(isset($_GET['logout'])) { //script.php?logout
+ if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) {
+ Header('WWW-Authenticate: Basic realm="'.$realm.'"');
+ Header('HTTP/1.0 401 Unauthorized');
+ } else {
+ if($_GET['logout'] != '') $location = $_GET['logout'];
+ if(trim($location) != '401') Header('Location: '.$location);
+ die("$cbanner<title>401 - Log out successfull</title>\n<h1>401 - Log out successfull</h1>\n<a href=\"?\">Continue...</a>\n$hbanner");
+ }
+}
+
+if($require_login) {
+ if(!isset($PHP_AUTH_USER)) { //Storno or first visit of page
+ send_auth_headers($realm);
+ unauth();
+ } else { //Login sent
+
+ if (check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) { //Login succesfull - probably do nothing
+ } else { //Bad login
+ send_auth_headers($realm);
+ unauth();
+ }
+
+ }
+}
+//Rest of file will be displayed only if login is correct
}
}
-class nodes {
-
+require_once(INCLUDE_DIR.'base36.inc');
+class nodes {
function addNode($params) {
global $db,$node,$error,$error_messages;
return false;
}
else {
- $node=$result->getRecord();
+ $node=addBase36id($result->getRecord());
$node['node_vector']=trim($node['node_vector'],"z");
$ancestors=str_split($node['node_vector'],VECTOR_CHARS);
foreach ($ancestors as $ancestor) {
$result=$db->query($q);
while ($result->next()){
- $record[]=$result->getRecord();
+ $record[]=addBase36id($result->getRecord());
}
return $record;
$result=$db->query($q);
while ($result->next()) {
- $array[]=$result->getRecord();
+ $array[]=addBase36id($result->getRecord());
}
return $array;
$result=$db->query($q);
while ($result->next()) {
- $children_array[]=$result->getRecord();
+ $children_array[]=addBase36id($result->getRecord());
}
return $children_array;
function isHierarch($node) {
global $db;
- $user_id=$_SESSION['user_id'];
+ if (IsSet($_SESSION['user_id'])) {
+ $user_id=$_SESSION['user_id'];
+ } else {
+ $user_id=0;
+ }
if (!$user_id) return false;
+
$node_vector=chunk_split($node['node_vector'],VECTOR_CHARS,';');
$hierarchy=explode(';',$node_vector);
foreach ($hierarchy as $hierarch) {
$hierarch=ltrim($hierarch,0);
- $q="select nodes.node_creator,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$_SESSION['user_id']."' where nodes.node_id='$hierarch'";
+ $q="select nodes.node_creator,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$user_id."' where nodes.node_id='$hierarch'";
$result=$db->query($q);
$result->next();
if ($result->getString('node_creator')==$user_id)
return true;
if ($result->getString('node_creator')=='operator')
return true;
- if ($user_id == 2045)
- return true;
+// if ($user_id == 2045) // OMG
+// return true;
}
return false;
function checkPermissions($node) {
global $db;
-$user_id=$_SESSION['user_id'];
+if (IsSet($_SESSION['user_id'])) {
+ $user_id=$_SESSION['user_id'];
+} else {
+ $user_id=0;
+}
/*
-thousand lights to Hierarchy!
+thousand lights // OMGto Hierarchy!
(check&set procedure for giving permissions for non-public subnodes according
to bottom-top Hierarchy
*/
$hierarchy=array_reverse(explode(';',$node_vector));
foreach ($hierarchy as $hierarch) {
$hierarch=ltrim($hierarch,0);
- $q="select nodes.node_creator,nodes.node_system_access,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$_SESSION['user_id']."' where nodes.node_id='$hierarch'";
+ $q="select nodes.node_creator,nodes.node_system_access,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$user_id."' where nodes.node_id='$hierarch'";
$result=$db->query($q);
$result->next();
$hierarchy_bounce[]=$hierarch;
elseif ($result->getString('node_permission')!='') {
array_pop($hierarchy_bounce);
$node['node_permission']=$result->getString('node_permission');
- $q="update node_access set node_permission='".$result->getString('node_permission')."' where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
+ $q="update node_access set node_permission='".$result->getString('node_permission')."' where node_id='".$node['node_id']."' and user_id='".$user_id."'";
$updated=$db->update($q);
if (!$updated && IsSet($_SESSION['user_id'])) {
- $q="insert into node_access set node_permission='".$result->getString('node_permission')."', node_id='".$node['node_id']."',user_id='".$_SESSION['user_id']."'";
+ $q="insert into node_access set node_permission='".$result->getString('node_permission')."', node_id='".$node['node_id']."',user_id='".$user_id."'";
$db->query($q);
}
break;
elseif ($result->getString('node_creator')==$user_id) {
array_pop($hierarchy_bounce);
$node['node_permission']='access';
- $q="update node_access set node_permission='access' where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
+ $q="update node_access set node_permission='access' where node_id='".$node['node_id']."' and user_id='".$user_id."'";
$updated=$db->update($q);
if (!$updated && IsSet($_SESSION['user_id'])) {
- $q="insert into node_access set node_permission='access', node_id='".$node['node_id']."',user_id='".$_SESSION['user_id']."'";
+ $q="insert into node_access set node_permission='access', node_id='".$node['node_id']."',user_id='".$user_id."'";
$db->query($q);
}
break;
//setting permissions for not logged in users
-if ($_SESSION['user_id']==$node['node_creator']) {
- $permissions['r']=true;
- $permissions['w']=true;
+if ($user_id==$node['node_creator']) {
+ $permissions['r']=true;
+ $permissions['w']=true;
}
-elseif (!$_SESSION['user_id']) {
+elseif (!$user_id) {
if ($node['node_external_access']=='yes' AND ($node['node_system_access']=='public' OR $node['node_system_access']=='moderated' OR $node['node_system_access']=='cube')) {
$permissions['r']=true;
--- /dev/null
+<?php
+ function smarty_function_base_convert($params,&$smarty) {
+ return(base_convert($params['n'],$params['f'],$params['t']));
+ }
-<?
+<?php
function smarty_function_get_banner(&$smarty) {
$banners_directory = $_SERVER['DOCUMENT_ROOT']."/banners/";
<?php
+require_once(INCLUDE_DIR.'base36.inc');
+
function smarty_function_get_children($params,&$smarty) {
global $db,$node;
$set=$db->query($q);
while ($set->next()) {
- $get_children_array[]=$set->getRecord();
+ $get_children_array[]=addBase36id($set->getRecord());
}
$smarty->assign('get_children',$get_children_array);
-<?
+<?php
+
function smarty_function_get_mail($params, &$smarty) {
global $db, $node;
-<?
+<?php
function smarty_function_get_nodes_by_external_link($params,&$smarty) {
if ($params['orderby']=='desc') $orderby="desc"; else $orderby="asc";
while ($set->next()) $pole[]=$set->getRecord();
$smarty->assign('get_nodes_by_external_link',$pole);
}
-?>
\ No newline at end of file
+?>
--- /dev/null
+<?php
+
+function db_get_template ($tpl_name, &$tpl_source, &$smarty_obj) {
+
+ global $db,$error,$node, $error_messages;
+ $add_template_id = preg_replace('/\.tpl$/', '', $tpl_name);
+
+ if (!is_numeric($add_template_id)) {
+ $error = $error_messages['NOT_NUMERIC'];
+ return false;
+ }
+
+ /*
+ //logging of every template for security reasons FIXME!!! TODO!!!
+ $params['node_creator'] = UBIK_ID;
+ $params['node_parent'] = 2029360;
+ $params['node_name'] = "addTemplate execute: node $add_template_id";
+ $params['node_content'] = mysql_real_escape_string("addTemplate execute: node <a href='$add_template_id'>$add_template_id</a> by user ".$_SESSION['user_name']);
+ nodes::addNode($params);
+ */
+
+ if(!($set=$db->query("select node_content from nodes where node_id='$add_template_id'"))) return false;
+ $set->next();
+ // populating $tpl_source with actual template contents
+ $tpl_source = stripslashes($set->getString('node_content'));
+ // return true on success, false to generate failure notification
+ return true;
+}
+
+
+function db_get_timestamp($tpl_name, &$tpl_timestamp, &$smarty_obj)
+{
+ // do database call here to populate $tpl_timestamp
+ // with unix epoch time value of last template modification.
+ // This is used to determine if recompile is necessary.
+ $tpl_timestamp = time(); // this example will always recompile! FIXME!!! TODO!!!
+ // return true on success, false to generate failure notification
+ return true;
+}
+
+function db_get_secure($tpl_name, &$smarty_obj)
+{
+ // assume all templates are secure
+ return true; //FIXME!!! TODO!!!
+}
+
+function db_get_trusted($tpl_name, &$smarty_obj)
+{
+ // not used for templates
+}
+
+// register the resource name "kyberia"
+$smarty->register_resource('kyberia', array('db_get_template',
+ 'db_get_timestamp',
+ 'db_get_secure',
+ 'db_get_trusted'));
+
<?php
+require_once('config/config.inc'); //requiring main config file with path/database etc. constants
+if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php'); //Ask for auth if enabled...
+//echo($_SERVER['PATH_INFO']."\n<pre>"); var_dump(preg_split('/\//', $_SERVER['PATH_INFO'])); die(); //PATH_INFO Debug (usefull when messing with mod_rewrite)
// output buffering forcing (mx)
if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();
//starting timer for benchmarking purposes
$timer_start=Time()+SubStr(MicroTime(),0,8);
-
//setting PHPSESSID cookie and starting user session
session_start();
error_reporting(1);
//$_SESSION['debugging']=1;
+//unset($_SESSION['debugging']); //Well... we should make some event or JavaScript page to turning this on/off...
//exit;
if ($_SESSION['debugging']) {
error_reporting(E_ALL);
- echo "GET VARIABLES::<br/>";
+ echo 'GET VARIABLES::<br/>';
print_r($_GET);
- echo "POST VARIABLES::<br/>";
+ echo 'POST VARIABLES::<br/>';
print_r($_POST);
- echo "<b>SESSION VARIABLES::</b><br/>";
+ echo '<b>SESSION VARIABLES::</b><br/>';
print_r($_SESSION);
}
-//requiring main config file with path/database etc. constants
-require('config/config.inc');
+//Smarty from DB
+$smarty_resource = 'kyberia';
+//$smarty_resource = ''; //same as 'file' (fallback)
+/* I have moved old templates to DB using following lame script:
+ * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1); echo UPDATE nodes SET node_content = "'$(php -r "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE node_id = "'$j'" COLLATE utf8_bin LIMIT '1;'; done | mysql --user=kyberia --password=PASSSSSSS kyberia
+ * In future we should have some mechanism for distributing templates because they are very important part of kyberia source...
+ */
+
+//Path info (Experimental - this replaced most of mod_rewrites...)
+@$PATH_INFO=trim($_SERVER[PATH_INFO]);
+if($PATH_INFO != '') {
+ $PATH_CHUNKS = preg_split('/\//', $PATH_INFO);
+ if(isset($PATH_CHUNKS[1])) switch($PATH_CHUNKS[1]) {
+ case 'k':
+ if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_kid'] = $PATH_CHUNKS[2];
+ if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_kid'] = $PATH_CHUNKS[3];
+ break;
+ case 'id':
+ if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['node_id'] = $PATH_CHUNKS[2];
+ if(isset($PATH_CHUNKS[3]) && $PATH_CHUNKS[3] != '') $_GET['template_id'] = $PATH_CHUNKS[3];
+
+ //Base36 fascism redirect
+ if(!count($_POST)) {
+ header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
+ (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
+ );
+ die("Base36 fascism...\n"); //If you want to be a fascist you have to die imediatelly...
+ }
+
+ break;
+ default:
+ if($PATH_CHUNKS[1] != '') $_GET['node_name'] = $PATH_CHUNKS[1];
+ if(isset($PATH_CHUNKS[2]) && $PATH_CHUNKS[2] != '') $_GET['template_kid'] = $PATH_CHUNKS[2];
+ break;
+ }
+}
+if(
+ (!isset($_GET['node_kid']) || trim($_GET['node_kid']) == '') &&
+ (!isset($_GET['node_id']) || trim($_GET['node_id']) == '')
+) $_GET['node_kid'] = 1;
+
+//Base36 http://en.wikipedia.org/wiki/Base_36 (Initial support only :-)
+if(isset($_GET['node_kid'])) $_GET['node_id'] = base_convert($_GET['node_kid'], 36, 10);
+if(isset($_GET['template_kid'])) $_GET['template_id'] = base_convert($_GET['template_kid'], 36, 10);
+
require(INCLUDE_DIR.'senate.inc');
-preg_match("/id\/(.*)\//",$_SERVER['HTTP_REFERER'],$ref_match);
-$referer_id=$ref_match[1];
+if (isset($_SERVER['HTTP_REFERER'])) {
+ preg_match('/(k|id)\/([0-9]*)\//',$_SERVER['HTTP_REFERER'],$ref_match);
+ $referer_id=$ref_match[1];
+}
//connecting to database and creating universal $db object
require(INCLUDE_DIR.'log.inc');
if (!empty($_GET['template_id'])) {
$template_id=$_GET['template_id'];
+} else {
+ $template_id=false;
}
-else $template_id=false;
//initializing node methods
if (!empty($_GET['node_name'])) {
$node = nodes::redirByName($_GET['node_name']);
-}
-elseif (!empty($_GET['node_id'])) {
- $node = nodes::getNodeById($_GET['node_id'],$_SESSION['user_id']);
+} elseif (!empty($_GET['node_id'])) {
+ $node = nodes::getNodeById($_GET['node_id'],
+ (isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
}
//XXX Paths are wrong (!)
//loading smarty template engine and setting main parameters
require(SMARTY_DIR.'Smarty.class.php');
$smarty = new Smarty;
+require(INCLUDE_DIR.'smarty/resource.kyberia.php');
+$smarty->default_resource_type=$smarty_resource;
//$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
$smarty->template_dir = TEMPLATE_DIR;
//echo TEMPLATE_DIR.TEMPLATE_SET;
//echo $smarty->template_dir;
-$smarty->compile_dir = SYSTEM_DATA."templates_c/";
+$smarty->compile_dir = SYSTEM_DATA.'templates_c/';
$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
$smarty->cache_dir = SMARTY_DIR.'cache/';
$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
echo "</pre>";
}
-if ($node['node_creator']==$_SESSION['user_id']) $node['node_permission']='owner';
+if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
+ $node['node_permission']='owner';
+}
-if ($_SESSION['cube_vector']) {
+if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
echo "node::".$node['node_vector'];
echo "cube_Vector::".$_SESSION['cube_vector'];
$nodes= nodes::getNodesByName($_GET['node_name']);
if ($nodes) {
$smarty->assign('nodes',$nodes);
- $content=$smarty->display("404.tpl");
+ $content=$smarty->display('404.tpl');
die();
}
elseif ($_SESSION['user_id']) {
}
}
-//modifying node glass pearl
-if (is_array($children_types[$node['node_type']])) $smarty->assign('children_types',$children_types[$node['node_type']]);
+//modifying node glass pearl //XXX WTF
+if (is_array($children_types[$node['node_type']])) {
+ $smarty->assign('children_types',$children_types[$node['node_type']]);
+}
$smarty->assign('types',$types);
//$node['node_type']=$types[$node['node_type']];
-$node['node_content']=StripSlashes($node['node_content']);
-$node['node_name']=StripSlashes($node['node_name']);
+$node['node_content']= StripSlashes($node['node_content']);
+$node['node_name']= StripSlashes($node['node_name']);
//checking permissions
function _checkPermissions()
}
// mail rss
-if ($template_id=='rss')
+if ($template_id=='rss') //XXX WHAT?
{
$_feedType = "RSS0.91";
if (!is_numeric($_SESSION['user_id']))
$rss->description = "";
$rss->link = "https://". SYSTEM_URL . "/id/24";
+ //XXX into function
$query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas,
userfrom.user_action as locationfrom_action,
userfrom.user_action_id as locationfrom_action_id,
$rss = new UniversalFeedCreator();
$rss->title = "Kyberia bookmarks";
- $rss->link = "http://".SYSTEM_URL."/id/19";
+ $rss->link = "http://".SYSTEM_URL."/id/19"; //XXX https ?
require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php');
smarty_function_get_bookmarks(array(), $smarty);
//sventest
if (($permissions['r']) || ($event != 'register')) {
-//performing node_events (based on update/insert/delete db queries)
-if ($event) {
- require(INCLUDE_DIR.'eventz.inc');
-}
+ //performing node_events (based on update/insert/delete db queries)
+ if ($event) {
+ require(INCLUDE_DIR.'eventz.inc');
+ }
-elseif ($transaction) {
- require(INCLUDE_DIR.'transaction.inc');
-}
-//end of performing node events
+ elseif ($transaction) {
+ require(INCLUDE_DIR.'transaction.inc');
+ }
+ //end of performing node events
-//sventest
+ //sventest
}
if ($permissions['r']) {
-//these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes
-if ($_SESSION['user_id']) {
+// these 4 lines are not the source of kyberia lagging problems.
+// leave them. started on the 10.4.
+// data gained will be used for scientific purposes
+
+// if (isset($_SESSION['user_id']) {
+// log_levenshtein($_SESSION['user_id'],$node['node_id']);
+// }
+
+if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) {
$q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
$db->update($q);
}
//if node is css
+//XXX into function
if ($node['template_id']!='2019721'){
logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
if (!$result) {
$q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()";
$db->query($q);
- }
-}//end of if node os css
+ }
+ }//end of if node os css
+}
+
}
+//XXX into function
+// if (isset($_SESSION['user_id']) {
+// if (isset($referer_id)) {
+// update_nodes($_SESSION['user_id'],$node['node_id'],$referer_id);
+// } else {
+// update_nodes($_SESSION['user_id'],$node['node_id'],0);
+// }
+// }
- }
// DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//creating neural network
$db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
-if (is_numeric($referer_id)) {
+if (isset($referer_id) && is_numeric($referer_id)) {
$q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
$result=$db->update($q);
if (!$result) {
if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) {
$magic_uid=$mu['1'];
$magic_word=addslashes($mu['2']);
+ // XXX WTF column magic_word does not exists
$q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'";
$set=$db->query($q);
if ($set->getNumRows()) {
//assigning user data to smarty if user logged in
-if ($user_id=$_SESSION['user_id']) {
+if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
$smarty->assign('_POST',$_POST);
$smarty->assign('bookmarks',$_SESSION['bookmarks']);
$smarty->assign('ignore',$_SESSION['ignore']);
$smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
$smarty->assign('user_quota',$_SESSION['user_quota']);
+ // XXX into function
$newmail_q = sprintf('select u.user_mail_id
, u.user_k
, u.k_wallet
$user_id);
$newmailset = $db->query($newmail_q);
-//$newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
$newmailset->next();
$new_mail=$newmailset->getString('user_mail');
+ // XXX into function
$newmailset2 = $db->query("select users.user_mail_id,mailsender.login
from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
$newmailset2->next();
if ($node['node_name']=='mail') {
//clear new mail message
+
if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'");
//set messages as delivered to recipient
}
-if ($node['template_id']!='2019721'){
+// XXX into function
+if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){
//setting user location
$q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";
$db->executequery($q);
$children_count=$node['node_children_count'];
$descendant_count=$node['node_descendant_count'];
- if (is_numeric($_POST['listing_amount'])) $listing_amount=$_POST['listing_amount'];
- elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
+ if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) {
+ $listing_amount=mysql_real_escape_string($_POST['listing_amount']);
+ }elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
else $listing_amount=DEFAULT_LISTING_AMOUNT;
$smarty->assign('listing_amount',$listing_amount);
- if ($_POST['listing_order']) $listing_order=$_POST['listing_order'];
- elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
+ if (isset($_POST['listing_order']) && $_POST['listing_order']) {
+ $listing_order=mysql_real_escape_string($_POST['listing_order']);
+ } elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
else $listing_order=DEFAULT_LISTING_ORDER;
$smarty->assign('listing_order',$listing_order);
- if (is_numeric($_POST['get_children_offset'])) $offset=$_POST['get_children_offset'];
- else $offset=0;
+ if (isset ($_POST['get_children_offset']) && is_numeric($_POST['get_children_offset'])) {
+ $offset=$_POST['get_children_offset'];
+ } else { $offset=0; }
//movement forward and backward
}
//show own header
-elseif ($_SESSION['header_id']==true) {
+elseif (isset($_SESSION['header_id']) && ($_SESSION['header_id']==true)) {
$smarty->assign('header_id',$_SESSION['header_id']);
$smarty->template_dir=OWN_TEMPLATE_DIR;
$content=$smarty->fetch($_SESSION['header_id'].".tpl");