.htaccess
.htpasswd
+robots.txt
*.exe
*.EXE
- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite)
- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...)
-- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
- (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)
-
- Rename all files&directories that should not be rewrited to PATH_INFO to start with "_" (and if they should be also ignored by git they should start with "-")
(Rename images to _images - and fix hardcoded stuff...)
(Mark all nodes that should become part of distribution of kyberia software)
(Delete unused tables)
(Replace duplicit tables with VIEWs)
+
+- Image uploading not working (?)
+
+- put "setParent" everywhere
global $db,$error;
// 2110364 >> debug user
+// XXX remove ?
+
// XXX hardcoded, rewrite
$q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes
left join users on nodes.node_creator=users.user_id where node_name!='request for access' and node_parent=".REGISTRATION_REQUEST_NODE." and
echo $q;
$db->update($q);
echo "<br>";
-$q="update nodes set node_vector='0$noda' where node_id=$noda";
+$q="update nodes set node_vector='0$noda' where node_id=$noda"; // XXX setParent
echo $q;
$db->update($q);
}
- function getUserByLogin($login) {
- global $error, $error_messages;
- $q2="select user_id from users where login='".$login."'";
- $userset=$db->query($q2);
- $userset->next();
- $id=$userset->getString('user_id');
- if (is_numeric($id)) return $id;
- else {
- $error = $error_messages['USER_NOT_FOUND'];
- return false;
- }
- }
+function getUserByLogin($login) {
+ global $error, $error_messages;
+ $q2="select user_id from users where login='".$login."'";
+ $userset=$db->query($q2);
+ $userset->next();
+ $id=$userset->getString('user_id');
+ if (is_numeric($id)) return $id;
+ else {
+ $error = $error_messages['USER_NOT_FOUND'];
+ return false;
+ }
+}
- function getNodeIdByName($name, $external_link=false) {
- global $db;
+static function getNodeIdByName($name, $external_link=false) {
+ global $db;
- $qh = sprintf('select node_id from nodes where node_name = "%s"', mysql_real_escape_string($name));
- if ($external_link)
- $qh .= sprintf(' and external_link="%s"', mysql_real_escape_string($external_link));
+ $qh = sprintf('select node_id from nodes where node_name = "%s"', mysql_real_escape_string($name));
+ if ($external_link)
+ $qh .= sprintf(' and external_link="%s"', mysql_real_escape_string($external_link));
- $set = $db->query($qh);
- $set->next();
- return $set->getString('node_id');
- }
+ $set = $db->query($qh);
+ $set->next();
+ return $set->getString('node_id');
+}
- function getNodeById($node_handle,$user_id, $table_name="nodes") {
- global $db, $error;
- $q="select length(concat($table_name.node_vector)) as
+function getNodeById($node_handle,$user_id, $table_name="nodes") {
+ global $db, $error;
+ $q="select length(concat($table_name.node_vector)) as
vector_depth,$table_name.*,$table_name.node_creator as
node_owner_id,creator.node_name as owner,node_access.*,$table_name.node_id as
node_id,node_parent.node_name as node_parent_name
left join node_access on (node_access.node_id='$node_handle' and node_access.user_id='$user_id')
where $table_name.node_id='$node_handle'";
- $result=$db->query($q);
- if (!$result->next()) {
- return false;
- }
- else {
- $node=addBase36id($result->getRecord());
- $node['node_vector']=trim($node['node_vector'],"z");
- $ancestors=str_split($node['node_vector'],VECTOR_CHARS);
- foreach ($ancestors as $ancestor) {
- $node['ancestors'][]=array("name"=>"","link"=>ltrim($ancestor,"0"));
- }
- }
- transport_process_node($node);
- return $node;
+ $result=$db->query($q);
+ if (!$result->next()) {
+ return false;
+ }
+ else {
+ $node=addBase36id($result->getRecord());
+ $node['node_vector']=trim($node['node_vector'],"z");
+ $ancestors=str_split($node['node_vector'],VECTOR_CHARS);
+ foreach ($ancestors as $ancestor) {
+ $node['ancestors'][]=array("name"=>"","link"=>ltrim($ancestor,"0"));
+ }
+ }
+ transport_process_node($node);
+ return $node;
- }
+}
- function redirByName($node_handle) {
- global $db, $error;
- $user_id=$_SESSION['user_id'];
- $set=$db->query("select node_id from nodes where node_name='$node_handle' and node_creator='$user_id'");
- if ($set->next()) {
- $node_id=$set->getString('node_id');
- if (!empty($node_id)) {
- return nodes::getNodeById($node_id,$_SESSION['user_id']);
- }
+function redirByName($node_handle) {
+ global $db, $error;
+ $user_id=$_SESSION['user_id'];
+ $set=$db->query("select node_id from nodes where node_name='$node_handle' and node_creator='$user_id'");
+ if ($set->next()) {
+ $node_id=$set->getString('node_id');
+ if (!empty($node_id)) {
+ return nodes::getNodeById($node_id,$_SESSION['user_id']);
+ }
- }
- $set=$db->query("select node_id from nodes where node_name='$node_handle' ");
- $set->next();
- $node_id=$set->getString('node_id');
- if (!empty($node_id)) {
- return nodes::getNodeById($node_id,$_SESSION['user_id']);
- }
+ }
+ $set=$db->query("select node_id from nodes where node_name='$node_handle' ");
+ $set->next();
+ $node_id=$set->getString('node_id');
+ if (!empty($node_id)) {
+ return nodes::getNodeById($node_id,$_SESSION['user_id']);
+ }
- }
+}
- function getNodesByName($node_handle) {
- global $db, $error;
- $q="select nodes.* from nodes where node_name='$node_handle%'";
+function getNodesByName($node_handle) {
+ global $db, $error;
+ $q="select nodes.* from nodes where node_name='$node_handle%'";
- $result=$db->query($q);
+ $result=$db->query($q);
- while ($result->next()){
- $record[]=addBase36id($result->getRecord());
- }
- return $record;
+ while ($result->next()){
+ $record[]=addBase36id($result->getRecord());
+ }
+ return $record;
- }
+}
- function getChildrenNodes($orderby="desc",$offset=0,$limit=DEFAULT_LISTING_AMOUNT) {
- global $db, $error, $node;
- $node_handle=$node['node_id'];
+function getChildrenNodes($orderby="desc",$offset=0,$limit=DEFAULT_LISTING_AMOUNT) {
+ global $db, $error, $node;
+ $node_handle=$node['node_id'];
- $q="select users.*,nodes.* from nodes
+ $q="select users.*,nodes.* from nodes
left join users on users.user_id=nodes.node_creator where
node_parent='$node_handle' order by node_created $orderby LIMIT $offset,$limit";
- echo $q;
- $result=$db->query($q);
+ echo $q;
+ $result=$db->query($q);
- while ($result->next()) {
- $array[]=addBase36id($result->getRecord());
- }
+ while ($result->next()) {
+ $array[]=addBase36id($result->getRecord());
+ }
- return $array;
+ return $array;
- }
+}
- function getThreadedChildrenNodes($orderby="desc",$offset=0,$limit=DEFAULT_LISTING_AMOUNT) {
- global $db, $error, $node;
- $node_handle=$node['node_id'];
+function getThreadedChildrenNodes($orderby="desc",$offset=0,$limit=DEFAULT_LISTING_AMOUNT) {
+ global $db, $error, $node;
+ $node_handle=$node['node_id'];
- $q="select length(node_vector) as depth,users.login,nodes.* from nodes left join users on users.user_id=nodes.node_creator where node_vector like '".$node['node_vector'].";".$node['node_id']."%' and node_type=3 order by concat(node_vector,';',nodes.node_id,';z') desc,depth LIMIT $offset,$limit";
+ $q="select length(node_vector) as depth,users.login,nodes.* from nodes left join users on users.user_id=nodes.node_creator where node_vector like '".$node['node_vector'].";".$node['node_id']."%' and node_type=3 order by concat(node_vector,';',nodes.node_id,';z') desc,depth LIMIT $offset,$limit";
- $result=$db->query($q);
+ $result=$db->query($q);
- while ($result->next()) {
- $children_array[]=addBase36id($result->getRecord());
- }
+ while ($result->next()) {
+ $children_array[]=addBase36id($result->getRecord());
+ }
- return $children_array;
+ return $children_array;
- }
+}
- function getNodeAccessData() {
- global $node,$db;
- $q="select users.login,node_access.* from node_access left join users on users.user_id=node_access.user_id where node_id='".$node['node_id']."' and node_permission!=''";
- $result=$db->query($q);
+function getNodeAccessData() {
+ global $node,$db;
+ $q="select users.login,node_access.* from node_access left join users on users.user_id=node_access.user_id where node_id='".$node['node_id']."' and node_permission!=''";
+ $result=$db->query($q);
- while ($result->next()) {
- $access_data[]=$result->getRecord();
- }
+ while ($result->next()) {
+ $access_data[]=$result->getRecord();
+ }
- return $access_data;
+ return $access_data;
- }
+}
// Simple internal function to set node parrent
-function setParent($params) {
- global $db,$node,$error,$error_messages;
- $parent_id=$params['node_parent'];
- $node_id=$params['node_id'];
+function setParent($node_id,$parent_id) {
+ global $db,$node,$error,$error_messages;
+
+ if (!is_numeric($parent_id)) {
+ return false;
+ }
- if (!is_numeric($parent_id)) {
- return false;
- }
$q="select node_vector from nodes where node_id='$parent_id'";
- $parent_vector=$db->query($q);
+ $set=$db->query($q);
+ $set->next();
+ $parent_vector=$set->getString('node_vector');
+ $new_vector=$parent_vector.str_pad($node_id,VECTOR_CHARS,"0",STR_PAD_LEFT);
- $new_vector=$parent_vector.str_pad($node_id,VECTOR_CHARS,"0",STR_PAD_LEFT);
- $q="update nodes set node_parent='$parent_id',node_vector='".$new_vector."
- ' where node_id='$node_id'";
+ $q="update nodes set node_parent='$parent_id',node_vector='$new_vector' where node_id='$node_id'";
$db->query($q);
+
+ return 0;
}
+// Get nodes sorted by weight_k specific to user
+
+function getKNeurons($user_id,$interval) {
+ global $db,$node,$error,$error_messages;
+
+ $q="call k_neurons('$user_id','$interval')";
+ $set=$db->query($q);
+
+ while ($set->next()) {
+ $k_array[]=$set->getRecord();
+ }
+
+ return $k_array;
}
+}
drop procedure if exists k_neurons;
drop function if exists k_get_node_weigth;
-
delimiter //
-
create function k_get_node_weigth (node INT, user INT) returns DOUBLE
BEGIN
- declare vector,node2,len,n_owner,offset int;
+ declare node2,len,n_owner,offset int;
declare final,n_weight,o_weight,s_weight double;
+ declare vector varchar(240);
select node_vector into vector from nodes where node_id = node;
-
set final = 1;
/* select k from nodes into final where node_id = node;*/
set len = length(vector);
set offset = 1;
WHILE offset < len DO
-
/* XXX node length is hardcoded */
- set node2 = substring(node2,offset,8);
+ set node2 = substring(vector,offset,8);
set offset = offset + 8;
/* weigths from user to:
- all nodes from node to root node
select synapse_weight into s_weight from neurons where src=user and dst=node2;
select synapse_weight into o_weight from neurons where src=user and dst=n_owner;
- if o_weight = NULL then set o_weight=1; end if;
- if s_weight = NULL then set s_weight=1; end if;
- if n_weight = NULL then set n_weight=1; end if;
+ if o_weight = NULL or o_weight=0 then set o_weight=1; end if;
+ if s_weight = NULL or s_weight=0 then set s_weight=1; end if;
+ if n_weight = NULL or n_weight=0 then set n_weight=1; end if;
set final = final * s_weight * o_weight * n_weight;
END WHILE;
-
RETURN final;
END//
-create procedure k_neurons ()
-begin
- select k,node_id,node_name from nodes where k>0
- and node_created>now()-interval 20 day order by k_get_node_weigth(node_id,904) desc;
-end//
-
+/* Procedure itself with additional informations (parent name and owner name)*/
+create procedure k_neurons ( IN user_id INT, IN day_int INT)
+BEGIN
+ if day_int = NULL or day_int = 0 then set day_int=20; end if;
+ select nodes.node_id,
+ nodes.node_name,
+ nodes.node_creator,
+ nodes.node_content,
+ nodes.node_parent,(k_get_node_weigth(nodes.node_id,user_id)*nodes.k) as weight_k,
+ users.login as creator_name,
+ parent.node_name as parent_name
+ from nodes
+ left join users on users.user_id=nodes.node_creator
+ left join nodes as parent on nodes.node_parent=parent.node_id
+ where nodes.k>0 and nodes.node_created>now()-interval day_int day
+ order by weight_k desc;
+
+END//
delimiter ;
--- /dev/null
+drop procedure if exists fix_all_vectors;
+drop function if exists get_fix_vector;
+delimiter //
+/* compute correct vector for node */
+create function get_fix_vector (node INT) returns varchar(230)
+BEGIN
+ declare np,mynode,safe int;
+ declare vector varchar(80);
+
+ set safe=100; /* loop detection, max tree depth*/
+ set mynode=node;
+ set vector='';
+ REPEAT
+ select node_parent into np from nodes where node_id = mynode;
+ select concat(lpad(mynode,8,'00000000'),vector) into vector;
+ set mynode=np;
+ set safe=safe - 1;
+ UNTIL np = NULL or np = 0 or safe = 0 or np = node
+ END REPEAT;
+
+ if safe = 0 then
+ return '';
+ end if;
+ return vector;
+
+END//
+
+/* fix vector for all the nodes*/
+create procedure fix_all_vectors ()
+begin
+ update nodes set node_vector=get_fix_vector(node_id);
+end//
+delimiter ;
$this->_queryId = mysql_query($sql,$this->_linkId);
- if ($_SESSION['debugging']) {
+ if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
echo $sql;
global $timer_start;
echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
system($cmd);
}
-function login() {
+function login_check($login, $password, $login_type='id') {
global $db,$error,$node_id;
- $login = mysql_real_escape_string($_POST['login']);
- $password = $_POST['password']; // Not SQLi but be carefull
+ $login = mysql_real_escape_string($login); //Not SQLi in $password but be carefull
$password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
$hash_query='(';
}
$hash_query.='false )';
- $login_type = $_POST['login_type'];
$referer = $_SERVER['HTTP_REFERER'];
if (!session_id()) {
// header("Location: $referer");
return true;
}
-?>
+
+function login() {
+ $login = $_POST['login'];
+ $password = $_POST['password'];
+ $login_type = $_POST['login_type'];
+ return login_check($login, $password, $login_type);
+}
$q = sprintf('update nodes set node_system_access = "private" where node_id = %d', $user_id);\r
$db->update($q);\r
\r
- $pass = md5($pass);\r
- $vercode = substr( md5( uniqid( rand() ) ), rand(0, 7), 23);\r
- $q = sprintf('insert into users set password = "%s", user_id = %d,\r
- header_id = 2091520, login = "%s", email = "%s",\r
- hash = "%s", xmpp="%s, guild_id="%s""',\r
- $pass, $user_id, $login, $email, $vercode, $xmpp, $guild_id);\r
- $db->query($q); // XXX rewrite\r
- $emailtext = sprintf(\r
+ $pass = md5($pass);\r
+ $vercode = substr( md5( uniqid( rand() ) ), rand(0, 7), 23);\r
+ $q = sprintf('insert into users set password = "%s", user_id = %d,\r
+ header_id = 2091520, login = "%s", email = "%s",\r
+ hash = "%s", xmpp="%s", guild_id="%s"',\r
+ $pass, $user_id, $login, $email, $vercode, $xmpp, $guild_id);\r
+ $db->query($q); // XXX rewrite\r
+ $emailtext = sprintf(\r
'Vitaj %s! Prave som sa s radostou dozvedel, ze si vyplnil(a)\r
registracny formular na stranke '.SYSTEM_URL.' a chces sa stat\r
clenom tejto komunity.\r
$user_id=$_SESSION['user_id'];
$user_name=$_SESSION['user_name'];
+// XXX rewrite
+
require(INCLUDE_DIR."phpmailer.inc");
$mail = new PHPMailer();
$mail->IsSMTP(); // send via SMTP
$login=$set->getString('login');
$application_id=$set->getString('node_creator');
-/*
- $application=$db->query("select * from nodes where node_id='$application_id'");
- $application->next();
- $application_vector=$application->getString('node_vector').";".$application_id;
- $application_parent=$application->getString('node_parent');
- $db->query("insert into nodes set node_created=NOW(),node_name='$login refused',node_vector='$application_vector',node_creator='$user_id',node_type='4',node_parent='$application_parent'");
- $id=$db->getLastInsertId();
- $db->query("insert into node_content set node_id='$id',node_content='user $login was refused by by $user_name'");
-*/
$params['node_creator']=$user_id;
$params['node_parent']=$application_id;
}
//old password check
-
- $q="select * from users where login='$login'";
- $set=$db->query($q);
- $set->next();
- if ($set->getString('password')!=md5($old_password)) {
- $error="bad password";
+ require_once(INCLUDE_DIR."eventz/login.inc");
+ if(!login_check($user_id, $old_password)) {
+ $error="bad password";
return false;
}
-
//changing in MySQL
- $password=md5($new_password1);
+ $password=sha1($new_password1);
$db->query("update users set password='$password' where user_id='$user_id'");
+ login_check($user_id, $new_password1); //znova se zalogujeme po zmene hesla (kvuli jabberu)
}
-
-?>
// ouch!! this is gonna be dirty!!!!! will be revised later:-)
// XXX hardcoded, rewrite
-$q="update nodes set node_parent=".REGISTRATION_REQUEST_NODE.", node_vector='000001010473807402091448$userid' where node_id='$userid'";
-$db->update($q);
-
+//$q="update nodes set node_parent=".REGISTRATION_REQUEST_NODE.", node_vector='000001010473807402091448$userid' where node_id='$userid'";
+//$db->update($q);
-// $params['node_parent']=REGISTRATION_REQUEST_NODE;
-// $params['node_id']=$userid;
-// nodes::setParent($params);
+nodes::setParent($userid,REGISTRATION_REQUEST_NODE);
$q="update nodes set node_children_count=node_children_count+1 where node_id=".REGISTRATION_REQUEST_NODE;
function smarty_function_get_image_link($params,&$smarty) {
global $db;
$id = $params['id'];
+
+ if (!is_numeric($id)) { $id=0;}
$img = './'.SYSTEM_IMAGES.'/nodes/'.substr($id,0,1)."/".substr($id,1,1)."/$id.gif";
if (file_exists($img)) {
--- /dev/null
+<?php
+
+function smarty_function_get_k_neurons($params,&$smarty) {
+
+ global $db,$node;
+ if (isset($params['offset']) && (is_numeric($params['offset']))) {
+ $offset=$params['offset'];
+ } else {$offset=20;}
+ if (isset($params['listing_amount']) && (is_numeric($params['listing_amount']))) {
+ $listing_amount=$params['listing_amount'];
+ } else {$listing_amount=DEFAULT_LISTING_AMOUNT;}
+ if (isset($_POST['interval']) && (is_numeric($_POST['interval']))) {
+ $interval= $_POST['interval'];
+ } else {$interval = 1;}
+ if (isset($params['vector']) && ($params['vector'])) {
+ $vector=$params['vector'];
+ $interval=365;
+ } else {$vector="00";}
+
+
+ // XXX other parameters
+ $k_array=nodes::getKNeurons($_SESSION['user_id'],$offset);
+
+
+ $smarty->assign('get_k_neurons',$k_array);
+}
+?>
$db = new CLASS_DATABASE();
-if (preg_match('/id\/([0-9]+)(?:\/([0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match)) {
-// print_r($match);
- $_GET['node_id']=$match[1];
- if (!empty($match[2])) {
- $_GET['template_id']=$match[2];
- }
- //Base36 fascism redirect
- if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack...
- header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
- (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
- );
- die("Die!!! All Fascists Are Bastards...\n");
- }
-} elseif (preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]{1,7}))?/',$_SERVER['PATH_INFO'],$match)) {
- $_GET['node_id']=base_convert($match[1], 36, 10);
- if (!empty($match[2])) {
- $_GET['template_id']=base_convert($match[2],36,10);
- }
-} elseif (preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match)) {
- $_GET['node_id'] = nodes::getNodeIdByName($match[1]);
+switch(true) {
+ case preg_match('/id\/([0-9]+)(?:\/([0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match):
+ // print_r($match);
+ $_GET['node_id']=$match[1];
+ if (!empty($match[2])) {
+ $_GET['template_id']=$match[2];
+ }
+ //Base36 fascism redirect
+ if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack...
+ header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
+ (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
+ );
+ die("Die!!! All Fascists Are Bastards...\n");
+ }
+ break;
+ case preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]{1,7}))?/',$_SERVER['PATH_INFO'],$match):
+ $_GET['node_id']=base_convert($match[1], 36, 10);
+ if (!empty($match[2])) {
+ $_GET['template_id']=base_convert($match[2],36,10);
+ }
+ break;
+ case preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
+ $_GET['node_id'] = nodes::getNodeIdByName($match[1]);
+ break;
+ case preg_match('/\/(.+)\/?$/',$_SERVER['PATH_INFO'],$match):
+ $_GET['node_id'] = nodes::getNodeIdByName($match[1]);
+ break;
+ default:
+ $_GET['node_id']=1;
+ break;
}
if (!empty($_GET['template_id'])) {