small events cleanup

diff --git a/data/templates/own_templates/1549839.tpl b/data/templates/own_templates/1549839.tpl
index bc7f35b6489cded8bf8c15f81228a53ec58f8f5e..66a060e5abed6fcfca6d8e060dd4a92fa51fa732 100644 (file)
--- a/data/templates/own_templates/1549839.tpl
+++ b/data/templates/own_templates/1549839.tpl
@@ -28,7 +28,7 @@
 {*/if*}
   <tr>
 <!--XXX test oflogarithmic threading (original (x-y)-8 ) XXX TODO fit to resolutions-->
-    <td width='{math equation="5*log((x-y))-8" x=$child.depth y=$node.vector_depth}%'></td>
+    <td width='{math equation="10*log((x-y))-18" x=$child.depth y=$node.vector_depth}%'></td>
     <td valign='top' rowspan='2'>
 {* put.Ty hack *}
 {if $child.synapse_creator neq ''}
@@ -39,7 +39,7 @@
 {*end of put.Ty hack *}
     </td>
     <!--XXX orig: 100-(x-y)-->
-    <td width='{math equation="100-(5*log(x-y))" x=$child.depth y=$node.vector_depth}%'>
+    <td width='{math equation="100-(10*log(x-y))+10" x=$child.depth y=$node.vector_depth}%'>
       <table class='bordered' width='100%'><tr class='header'>
         <td>
           &nbsp;<a href='/id/{$child.node_creator}'>{$child.login}</a>

diff --git a/wwwroot/inc/eventz/F.inc b/wwwroot/inc/eventz/F.inc
index 6e5ec5c9a1abbf9d721cdf73c3cf3ce0feb89eae..1ddf3a30ef4424b35877a19a0d054d8713d72683 100644 (file)
--- a/wwwroot/inc/eventz/F.inc
+++ b/wwwroot/inc/eventz/F.inc
@@ -7,6 +7,7 @@ $kset=$db->query("select user_k from users where user_id='$user_id'");
 $kset->next();
 $user_k=$kset->getString('user_k');
 
+// XXX hard-coded
 $senat_id = 876611;
 $K_id = 1961061;
 $comms = getCommanders($K_id);

diff --git a/wwwroot/inc/eventz/banlist.inc b/wwwroot/inc/eventz/banlist.inc
index d817840602ddba28b6674bfb6a0c1646643e40f2..b806cb1c939b511f460801f88ca621a6ade24995 100644 (file)
--- a/wwwroot/inc/eventz/banlist.inc
+++ b/wwwroot/inc/eventz/banlist.inc
@@ -8,7 +8,7 @@ if ($node['node_permission']!=('owner' || 'master' || 'op')) {
 $error=$error_messages['EVENT_PERMISSION_ERROR'];
 return false;
 }
-               $bans=explode(";",$_POST['bans']);
+               $bans=explode(";",$_POST['bans']); // XXX sqli?
 
                $db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'");
                foreach ($bans as $ban) {

diff --git a/wwwroot/inc/eventz/book.inc b/wwwroot/inc/eventz/book.inc
index d223a7ea12bc52602908353ebf4a6f41300a3b16..292bd77b394e739b93153870f9fca56100a8bb56 100644 (file)
--- a/wwwroot/inc/eventz/book.inc
+++ b/wwwroot/inc/eventz/book.inc
@@ -1,18 +1,21 @@
 <?php
-       function book() {
-               global $db,$error,$node;
-               $q="update neurons set link='bookmark',synapse_creator='".$_SESSION['user_id']."',synapse=synapse+1 where dst='".$_SESSION['user_id']."' and src='".$node['node_id']."'";
-               $result=$db->update($q);
-               if (!$result) {
-                       $q="insert into neurons set synapse_created=NOW(),dst='".$_SESSION['user_id']."',src='".$node['node_id']."',synapse_creator='".$_SESSION['user_id']."',link='bookmark'";
-                       $db->query($q);
-               }
-               $q="update node_access set node_bookmark='yes' where user_id='".$_SESSION['user_id']."' and node_id='".$node['node_id']."'";
-               $result=$db->query($q);
- $_SESSION['bookmarks'][$node['node_id']]=$node['node_name'];
-return true;
 
+function book() {
+       global $db,$error,$node;
+
+       $q="update neurons set link='bookmark',synapse_creator='".$_SESSION['user_id']."',synapse=synapse+1 where dst='".$_SESSION['user_id']."' and src='".$node['node_id']."'";
+       $result=$db->update($q);
+       if (!$result) {
+               $q="insert into neurons set synapse_created=NOW(),dst='".$_SESSION['user_id']."',src='".$node['node_id']."',synapse_creator='".$_SESSION['user_id']."',link='bookmark'";
+               $db->query($q);
        }
+       $q="update node_access set node_bookmark='yes' where user_id='".$_SESSION['user_id']."' and node_id='".$node['node_id']."'";
+       $result=$db->query($q);
+
+       $_SESSION['bookmarks'][$node['node_id']]=$node['node_name'];
+
+       return true;
+}
 ?>
 
 

diff --git a/wwwroot/inc/eventz/bookstyl.inc b/wwwroot/inc/eventz/bookstyl.inc
index e9b3456c96eb9fbe428d964b9628e2236ea7fa44..6398b8723367e99b9a663afb0565e3bca927d817 100644 (file)
--- a/wwwroot/inc/eventz/bookstyl.inc
+++ b/wwwroot/inc/eventz/bookstyl.inc
@@ -3,7 +3,7 @@
        global $error,$node,$db;
 
        $user_id = $_SESSION['user_id'];
-       $bookstyl = $_POST['bookstyl'];
+       $bookstyl = $_POST['bookstyl']; //XXX sqli
 
        $set=$db->query("select * from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'");
        if($set->getNumRows() == 0) {
@@ -27,4 +27,4 @@
        $_SESSION['bookstyl']= $bookstyl;
 
 }
-?>
\ No newline at end of file
+?>

diff --git a/wwwroot/inc/eventz/debugging.inc b/wwwroot/inc/eventz/debugging.inc
index 6a1de8fd7cd843ad7c7fd9ae78d7ef98b9655173..ff834ec1a058cad2d0b4273245826410e11ea23c 100644 (file)
--- a/wwwroot/inc/eventz/debugging.inc
+++ b/wwwroot/inc/eventz/debugging.inc
@@ -3,7 +3,8 @@
 // XXX permision check?
 
 function debugging() {
-if ($_SESSION['debugging']) unset($_SESSION['debugging']);
-else $_SESSION['debugging']=true;
+       if ($_SESSION['debugging']) unset($_SESSION['debugging']);
+       else $_SESSION['debugging']=true;
 }
+
 ?>

diff --git a/wwwroot/inc/eventz/destroy_synapse.inc b/wwwroot/inc/eventz/destroy_synapse.inc
index 8b0410bdc84792f7f6fc9ff65f91ebc3d9635178..f1e66db3de99cffe694e67e3c81d90fc32eca22c 100644 (file)
--- a/wwwroot/inc/eventz/destroy_synapse.inc
+++ b/wwwroot/inc/eventz/destroy_synapse.inc
@@ -28,15 +28,13 @@ $db->update($q);
 //echo $q;
 }
 }else{
-global $error;
-$error="Nemas pravomoci na vykonanie daneho skutku....viac ku tomu nemam co dodat:-)";
-return false;
+       global $error;
+       $error="Nemas pravomoci na vykonanie daneho skutku....";
+       return false;
 }
 
-
-
 }
 
 return true;
 
-}?>
\ No newline at end of file
+}?>

diff --git a/wwwroot/inc/eventz/executorlist.inc b/wwwroot/inc/eventz/executorlist.inc
index 8a0714fde3b19a9abd51a98efe9278e75573dc62..04231bbf3a1e61b1fcb32084b2f1f4e26fc02ec3 100644 (file)
--- a/wwwroot/inc/eventz/executorlist.inc
+++ b/wwwroot/inc/eventz/executorlist.inc
@@ -1,32 +1,32 @@
 <?php
 
-        function executorlist() {
-                global $db,$error,$node;
-                $node_id=$node['node_id'];
-                if ($node['node_permission']!='owner') {
-                        $error=$error_messages['EVENT_PERMISSION_ERROR'];
-                        return false;
-                }
+function executorlist() {
+        global $db,$error,$node;
+        $node_id=$node['node_id'];
+        if ($node['node_permission']!='owner') {
+                $error=$error_messages['EVENT_PERMISSION_ERROR'];
+                return false;
+        }
 
-                $executors=explode(";",$_POST['executorlist']);
-                $db->query("update node_access set node_permission='' where
- node_id=$node_id and node_permission='exec'");
-                foreach ($executors as $execitpr) {
-                        $set=$db->query("select user_id from users where login='$executor'");
-                        $set->next();
-                        if ($set->getString('user_id')) {
-                                $q="update node_access set node_permission='exec' where node_id=$node_id and
+        $executors=explode(";",$_POST['executorlist']); // XXX sqli
+        $db->query("update node_access set node_permission='' where
+               node_id=$node_id and node_permission='exec'");
+        foreach ($executors as $execitpr) {
+                 $set=$db->query("select user_id from users where login='$executor'");
+                 $set->next();
+                 if ($set->getString('user_id')) {
+                        $q="update node_access set node_permission='exec' where node_id=$node_id and
 user_id='".$set->getString('user_id')."'";
-                                $changed=$db->update($q);
-                                if (!$changed) {
-                                        $q="insert into node_access set
+                        $changed=$db->update($q);
+                        if (!$changed) {
+                                $q="insert into node_access set
 node_permission='exec',node_id=$node_id,user_id=".$set->getString('user_id');
-                                        $db->query($q);
-                                        $logger::log('add exec',$node_id,'ok',$executor);
+                                $db->query($q);
+                                $logger::log('add exec',$node_id,'ok',$executor);
 
-                                }
                         }
-                        else { $error .= "$executor does not exist..."; }
                 }
+                else { $error .= "$executor does not exist..."; }
         }
+}
 ?>

diff --git a/wwwroot/inc/eventz/get_templates.inc b/wwwroot/inc/eventz/get_templates.inc
index 1279691188301764162518c31c5d634655471139..391bf75e4650a6efcf3654d30124e1422a67379c 100644 (file)
--- a/wwwroot/inc/eventz/get_templates.inc
+++ b/wwwroot/inc/eventz/get_templates.inc
@@ -6,18 +6,13 @@ if(mysql_num_rows($q)) {
 $count = mysql_num_rows($q);
 
 while($res = mysql_fetch_object($q)) {
-$content = mysql_fetch_object(mysql_query("select * from `node_content` where `node_id` = '{$res->node_id}'"));
-print $res->node_id;
-print ">>>";
-print $content->node_content;
-print "<br>";
-
-
-
-
+       $content = mysql_fetch_object(mysql_query("select * from `node_content` where `node_id` = '{$res->node_id}'"));
+       print $res->node_id;
+       print ">>>";
+       print $content->node_content;
+       print "<br>";
 }
 }
-
 }
 
-?>
\ No newline at end of file
+?>

diff --git a/wwwroot/inc/eventz/k_wallet.inc b/wwwroot/inc/eventz/k_wallet.inc
index 6012a4760af42e796c642244ac11e0d8b073b1ac..939ff79028c5819582e90e87c23e4cb6dd4ee749 100644 (file)
--- a/wwwroot/inc/eventz/k_wallet.inc
+++ b/wwwroot/inc/eventz/k_wallet.inc
@@ -19,8 +19,8 @@ $k_request = (int) $k_request; //integer only..
 
 
 if (($k_wallet+(-1*$k_request)) < 0 or ($user_k-(-1*$k_request)) < 0 or (!$k_request)) {
-$error="Chybne zadanie alebo na to proste nemas:-)";
-return false;
+       $error="Chybne zadanie alebo na to proste nemas:-)";
+       return false;
 }
 
 $db->query("update users set k_wallet=k_wallet+(-1*$k_request) , user_k=user_k-(-1*$k_request) where user_id='$user_id'");

diff --git a/wwwroot/inc/eventz/modules.inc b/wwwroot/inc/eventz/modules.inc
deleted file mode 100644 (file)
index e1be7af..0000000
--- a/wwwroot/inc/eventz/modules.inc
+++ /dev/null
@@ -1,10 +0,0 @@
-/modules
-
-
-announcment by bad admin:
-<font class='most_important'>
-POZOR POZOR POZOR. V PRIEBEHU NAJBLIZSIEHO MESIACA DOJDE K ODMAZANIU
-ADRESARA MODULES, PRETO JE ODPORUCANE UPRAVIT VSETKY VAM PATRIACE SABLONY A ODSTRANIT Z NICH ZAPISY {include file="modules/nazovsuboru.tpl"}
-je treba zadavat
-{include file="cislosablony.tpl"}
-</font>
\ No newline at end of file

diff --git a/wwwroot/inc/eventz/spamuj_ubik.inc b/wwwroot/inc/eventz/spamuj_ubik.inc
index 49bc08b6a61c14f08864a1a2119db2f13f1b5d07..d235761920a4d7ffb7e346b219c6345287dc4327 100644 (file)
--- a/wwwroot/inc/eventz/spamuj_ubik.inc
+++ b/wwwroot/inc/eventz/spamuj_ubik.inc
@@ -1,6 +1,9 @@
 <?
 function spamuj_ubik() {
 global $db,$node,$error;
+
+/* XXX TODO Rewrite (insecure)
+
 $sprava="Ahoj! tak s radostou ta mozem poinformovat o par zmenach v systeme<br>";
 
 // oznamovanie niektorych ficur z newlistu via ubik vsem userom
@@ -31,6 +34,7 @@ $pocitadlo=$pocitadlo+1;
 
 
 echo "sprava $sprava <br> bola odoslana $pocitadlo userom";
+*/
 return false;
 
-}?>
\ No newline at end of file
+}?>

diff --git a/wwwroot/inc/eventz/uprav_zaregistrovanych.inc b/wwwroot/inc/eventz/uprav_zaregistrovanych.inc
index 02d97d752c2ddc7b50bd73b9ab157b164b2e3e51..fed3afaed25b808b050b399f9026a1fd3d321d31 100644 (file)
--- a/wwwroot/inc/eventz/uprav_zaregistrovanych.inc
+++ b/wwwroot/inc/eventz/uprav_zaregistrovanych.inc
@@ -3,16 +3,11 @@ function uprav_zaregistrovanych() {
 global $db,$error;
 // 2110364 >> debug user
 
+// XXX hardcoded, rewrite
 $q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes
 left join users on nodes.node_creator=users.user_id where node_name!='request for access' and node_parent=2091448 and
 k>=3";
 
-/*
-$q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes
-left join users on nodes.node_creator=users.user_id where node_name!='request for access' and node_parent=2091448 and
-k>=3 and user_id=2110364";
-*/
-
 $set=$db->query($q);
 while ($set->next()) {
 $noda=$set->getString('node_id');
@@ -54,4 +49,4 @@ echo "<hr>";
 
 return false;
 }
-?>
\ No newline at end of file
+?>

diff --git a/wwwroot/inc/eventz/verify.inc b/wwwroot/inc/eventz/verify.inc
index c0a42932c504e0f3d209c5631d97882eff0d0499..b19a7ac71932f6bff3f4caf0b55f228e0ef48b42 100644 (file)
--- a/wwwroot/inc/eventz/verify.inc
+++ b/wwwroot/inc/eventz/verify.inc
@@ -27,6 +27,7 @@ return false;
 
 else {
 //  ouch!! this is gonna be dirty!!!!! will be revised later:-)
+// XXX hardcoded, rewrite
 $q="update nodes set node_parent=2091448, node_vector='00876611020914480$userid' where node_id='$userid'";
 $db->update($q);
 $q="update nodes set node_children_count=node_children_count+1 where node_id=2091448";
@@ -47,4 +48,4 @@ echo "<center>Verification successfull.<br><h3>from now on your registration is
 die();
 }
 }
-?>
\ No newline at end of file
+?>

diff --git a/wwwroot/inc/eventz/vote.inc b/wwwroot/inc/eventz/vote.inc
index 31571d7ac3ad1e9deba188b981207e1dcfdb93fc..77d484769304ebf2441d320b44417a8783a856ca 100644 (file)
--- a/wwwroot/inc/eventz/vote.inc
+++ b/wwwroot/inc/eventz/vote.inc
@@ -1,37 +1,38 @@
 <?php
 // pokus urobit neco z anketami:-))nerehocte sa moc hlasno:-))
 
-        function vote() {
-                global $node,$db,$error,$referer_id;
-                if (!$referer_id) $referer_id=1;
+function vote() {
+       global $node,$db,$error,$referer_id;
+       if (!$referer_id) $referer_id=1;
 
-                $node_id=$node['node_id'];
-                $user_id=$_SESSION['user_id'];
+       $node_id=$node['node_id'];
+       $user_id=$_SESSION['user_id'];
 
-        $set=$db->query("select * from node_access where node_id='$node_id' and user_id='$user_id' and node_permission='ban'");
-               if($set->getNumRows()>0) {
-                global $error;
-                $error="F ankete si uz hlasoval. nene..uz sa to neda viackrat...dufam:-)";
-               return false;        }
+       $set=$db->query("select * from node_access where node_id='$node_id' 
+               and user_id='$user_id' and node_permission='ban'");
+       if($set->getNumRows()>0) {
+               global $error;
+               $error="One vote is enough for everyone";
+               return false;
+       }
 
 
-$option=$_POST['poll_option'];
+       $option=$_POST['poll_option'];
+       $option--;
 
-$option--;
+       if (!is_numeric($option)) {
+               $error="incorrect poll_option. fck";
+       }
 
-if (!is_numeric($option)) {
-                        $error="incorrect poll_option. fck";
-                }
+       $poll=unserialize($node['node_content']);
+       ++$poll[$option]['number'];
+       $node_content=serialize($poll);
+       $db->query("update nodes set node_content='$node_content'
+               where node_id='$node_id'");
 
-                $poll=unserialize($node['node_content']);
-                ++$poll[$option]['number'];
-                $node_content=serialize($poll);
-                $db->query("update nodes set node_content='$node_content'
-where node_id='$node_id'");
+       $db->query("update node_access set node_permission='ban' where
+       node_id='$node_id' and user_id='$user_id'");
+       Header("Location: /id/".$node['node_parent']."/");
+}
 
-$db->query("update node_access set node_permission='ban' where
-node_id='$node_id' and user_id='$user_id'");
-              Header("Location: /id/".$node['node_parent']."/");
-
-        }
-?>
\ No newline at end of file
+?>

diff --git a/wwwroot/inc/eventz/vycisti_registracky.inc b/wwwroot/inc/eventz/vycisti_registracky.inc
index abd12c0b592ba3cfc47896eb9a73ca533dca4d7a..553a1a8d0bb649346df4b92c998dc613e3ca5433 100644 (file)
--- a/wwwroot/inc/eventz/vycisti_registracky.inc
+++ b/wwwroot/inc/eventz/vycisti_registracky.inc
@@ -20,6 +20,7 @@ $q="delete from users where user_id=$noda";
 echo $q;
     $db->update($q);
 echo "<br>";
+// XXX hard coded, fix
 $q="delete from nodes where node_vector like '020914480$noda%'";
 echo $q;
     $db->update($q);