From: niekt0 <niekt0@kyberia.cz>
Date: Sun, 21 Nov 2010 20:04:02 +0000 (+0100)
Subject: Added minor comments, started movil SQL into backed, register update
X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=5b9c0808f40b7b6aa4545625b4dfa6a909f15e4e;hp=c1e246383b7cd790e135b447e4ad8d49a071747e;p=mirrors%2FKyberia-bloodline.git

Added minor comments, started movil SQL into backed, register update
---

diff --git a/cron/process-images.sh b/cron/process-images.sh
index e0f6936..bee85a1 100755
--- a/cron/process-images.sh
+++ b/cron/process-images.sh
@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# XXX do we even need this? 
+# configure_image_new could resize image itself
+
 # Script na upravu uploadnutych obrazkov k nodes (backend k eventu configure_image_new #2105641)
 # Spustane z CRONu cca raz za 2 - 5 minut
 
diff --git a/cron/register.php b/cron/register.php
index 38bf9ea..43b2bc1 100755
--- a/cron/register.php
+++ b/cron/register.php
@@ -2,7 +2,9 @@
 <?php
 /*
  * Script that register new users who gaind enough K (votes)
- * Called XXX
+ * Called once a day at 0:42
+ * 
+ * TODO: ? call only function from eventz ? 
  */
 
 
@@ -49,7 +51,7 @@ while ($set->next()) {
       mail($mail,"kyberia gate is opened","Vitaj v kyberii");
 
       //VHODNE POSLAT ZACIATOCNIKOVI POSTU
-//      ubik::ubikMail($params);
+      ubik::ubikMail($params);
 }
 
 ?>
diff --git a/data/templates/own_templates/1549839.tpl b/data/templates/own_templates/1549839.tpl
index ff07e4f..bc7f35b 100644
--- a/data/templates/own_templates/1549839.tpl
+++ b/data/templates/own_templates/1549839.tpl
@@ -27,7 +27,7 @@
   </tr>
 {*/if*}
   <tr>
-<!--XXX test oflogarithmic threading (original (x-y)-8 )-->
+<!--XXX test oflogarithmic threading (original (x-y)-8 ) XXX TODO fit to resolutions-->
     <td width='{math equation="5*log((x-y))-8" x=$child.depth y=$node.vector_depth}%'></td>
     <td valign='top' rowspan='2'>
 {* put.Ty hack *}
diff --git a/doc/TODO b/doc/TODO
index 2ad1c92..8528826 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,15 +1,22 @@
 - User mail is not working
+ (mail seems to be stored in db,
+  error is probably somewhere in template
+  1549888.tpl, 1549887.tpl or 25.tpl )
+  Anyway move whole mail handling out of nodes.php (?)
 
 - Registration process is not working
-  (rewrite sending of reg. mails)
+  (rewrite sending of reg. mails) (TEST)
 
 - SQL injections (many fixed, but some should be still there)
 
-- remove absolute paths from all source files (!) (over 50)
+- remove absolute paths from all source files (!)
+
+- User images (icons) seems to be broken somehow
 
 - remove hard-coded hostname from:
   ( registration mails )
   ( scripts in "scripts" directory (system paths))
+
 - Fix https vs http problem (url) 
 
 - Suspected security holes:
@@ -17,22 +24,6 @@
   ( ./inc/eventz/spamuj_ubik.inc )
   ( ./inc/eventz/upload_own_template.inc ) (is even needed?)
 
-- Remove eventz (and files) that are not used (verify this before removing)
-  ( ./inc/eventz/login_lockout_test.inc )
-  ( ./inc/eventz/add_test.inc )
-  ( ./inc/eventz/add_ubik_friend.inc )
-  ( ./inc/eventz/cron_test.inc )
-  ( ./inc/eventz/login_test.inc )
-  ( ./inc/eventz/mail_test.inc )
-  ( ./inc/eventz/test_button.inc )
-  ( ./inc/eventz/testing_cron.inc )
-  ( ./inc/eventz/testm.inc )
-  ( ./inc/eventz/send-old.inc )
-  ( ./inc/eventz/destroy_synapse2.inc )
-  ( ./inc/eventz/login2.inc )
-  ( ./inc/eventz/send2.inc )
-  ( ./inc/eventz/set_parent2.inc )
-
 - Remove/fix not working eventz
   ( ./inc/eventz/addClass.inc  )
   ( ./inc/eventz/addEvent.inc )
@@ -47,13 +38,16 @@
 
 - keep fixing XSS
 
-- documentation/installation guide (see README)
+- Test & scale logarithmic threading
+
+- some templates are fixed only in .tpl, not in sql database
+  => synchronize .tpl vs SQL templates (permanently)
 
 - Clean code => fix uninitialized variables
 
-- Implement URL handling using PATH_INFO instead of mod_rewrite
+- documentation/installation guide (see README)
 
-- some templates are fixed only in .tpl, not in sql database
+- Implement URL handling using PATH_INFO instead of mod_rewrite
 
 - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
   (We can use multiple hash algorithms (so we'll have backward DB compatibility):
diff --git a/wwwroot/backend/mysql/backend.inc b/wwwroot/backend/mysql/backend.inc
index b3f17dc..cca3d70 100644
--- a/wwwroot/backend/mysql/backend.inc
+++ b/wwwroot/backend/mysql/backend.inc
@@ -1,3 +1,37 @@
 <?
+
+global $node,$db,$error;
 // All mysql code should go here
+// Split into multiple files if needed
+
+
+// Called for every node view. Updates node views, neurons, 
+function update_nodes(user_id,node_id,referer_id) {
+
+	$db->update("update nodes set node_views=node_views+1 where".
+		     "node_id='".$node_id."'");
+	if (is_numeric($referer_id) && ($referer_id)) {
+		$q="update neurons set synapse=synapse+1 where ".
+		    "dst='".$node_id."' and src='$referer_id'";
+		$result=$db->update($q);
+		if (!$result) {
+			$q="insert into neurons set synapse_creator='".
+			   $user_id."',dst='".$node_id.
+			   "',src='$referer_id',synapse=1";
+			$db->query($q);
+		}
+	}
+
+	// LEVENSHTEIN
+
+	// these 4 lines are not the source of kyberia lagging problems.
+	// leave them. started on the 10.4. 
+	// data gained will be used for scientific purposes
+	if ($user_id) {
+	        $q="insert delayed into levenshtein set user_id='".
+		    $user_id."',node_id='".$node_id."'";
+	        $db->update($q);
+	}
+}
+
 ?>
diff --git a/wwwroot/config/config_default.inc b/wwwroot/config/config_default.inc
index 8acfcba..4eaaa88 100644
--- a/wwwroot/config/config_default.inc
+++ b/wwwroot/config/config_default.inc
@@ -2,6 +2,7 @@
 // Default kyberia configuration file.
 // This runs kyberia on localhost with single database.
 
+define('DB_TYPE',		'mysql');	// mysql of psql so far.
 define('DB_HOST',		'localhost');
 define('DB_USER',		'kyberia');
 define('DB_PASS',		'levenshtein');
@@ -25,6 +26,11 @@ define('CLASS_DIR',		INCLUDE_DIR . 'class/');
 define('EVENT_DIR',		INCLUDE_DIR . 'eventz/');
 define('SYSTEM_URL',		'kyberia.cz:8023');
 
+define('SYSTEM_SMTP',		'molly.kyberia.cz');
+define('SYSTEM_EMAIL',		'admin@kyberia.cz');
+define('SYSTEM_EMAIL_NAME',	'Ubik osobne');
+
+
 define('UBIK_ID',		'332');
 define('DEFAULT_LISTING_AMOUNT','32');
 define('DEFAULT_LISTING_ORDER',	'desc');
diff --git a/wwwroot/inc/eventz/register_users.inc b/wwwroot/inc/eventz/register_users.inc
index dba5088..ebb06a6 100644
--- a/wwwroot/inc/eventz/register_users.inc
+++ b/wwwroot/inc/eventz/register_users.inc
@@ -1,3 +1,5 @@
+<?
+// XXX not used at all. Registration is performed from cron
 function register_users() {
 global $permissions,$node,$db,$error;
 $user_id=$_SESSION['user_id'];
@@ -5,7 +7,7 @@ $user_name=$_SESSION['user_name'];
 $hello="ahoj, tymto ta vitam v systeme ".SYSTEM_URL.". do systemu ta zaregistrovala moja malickost. v pripade ze budes mat akykolvek problem, kontaktuj ma prosim cez postunnako prve by si mal navstivit forum Zaciname s kyberiou\n\ntoto je automaticky vygenerovana sprava";
 require(INCLUDE_DIR."phpmailer.inc");
 $mail = new PHPMailer();
-$mail->IsSMTP(); // send via SMTP
+$mail->IsSMTP(); // send via SMTP // XXX use constants from config file
 $mail->Host = "molly.kyberia.cz"; // SMTP servers
 $mail->From = "root@kyberia.cz";
 $mail->FromName = "kyberia.cz admin";
@@ -14,37 +16,38 @@ $mail->Subject = "kyberia.cz uspesna registracia";
 
 
 if (!$permissions['w']) {
-$error="you don't have permissions for performing this event";
-return false;
+	$error="you don't have permissions for performing this event";
+	return false;
 }
 
-foreach ($_POST['waiting'] as $user =>$value) {
-$set=$db->query("select email,login,node_creator from users left join nodes on nodes.node_id=users.user_id where user_id='$user'");
-$set->next();
-$email=$set->getString('email');
-$login=$set->getString('login');
+foreach ($_POST['waiting'] as $user =>$value) { //XXX SQLi
+	$set=$db->query("select email,login,node_creator from users".
+			"left join nodes on nodes.node_id=users.user_id".
+			"where user_id='$user'");
+	$set->next();
+	$email=$set->getString('email');
+	$login=$set->getString('login');
 
-$application_id=$set->getString('node_creator');
+	$application_id=$set->getString('node_creator');
 
-$params['node_creator']=$user_id;
-$params['node_parent']=$application_id;
-$params['node_name']="$login registered";
-$params['node_content']="user $login successfully registered by $user_name";
-nodes::addNode($params);
-
-$db->query("update nodes set node_creator=node_id where node_id='$user'");
-$db->query("insert into mail set mail_user='$user',mail_to='$user',mail_from='$user_id',mail_text='$hello'");
-$db->query("insert into mail set mail_user='$user_id',mail_to='$user',mail_from='$user_id',mail_text='$hello'");
-$db->query("update users set user_mail='1',user_mail_name='$user_name' where user_id='$user'");
-$mail->ClearAddresses();
-$mail->AddAddress($email); // optional name
-$mail->AltBody = "bol si uspesne zaregistrovany do komunity ".SYSTEM_URL." s loginom $login . njoy";
-if(!$mail->Send())
-{
-$error="could not sent mail";
-return false;
-}
+	$params['node_creator']=$user_id;
+	$params['node_parent']=$application_id;
+	$params['node_name']="$login registered";
+	$params['node_content']="user $login successfully registered by $user_name";
+	nodes::addNode($params);
 
+	$db->query("update nodes set node_creator=node_id where node_id='$user'");
+	$db->query("insert into mail set mail_user='$user',mail_to='$user',mail_from='$user_id',mail_text='$hello'");
+	$db->query("insert into mail set mail_user='$user_id',mail_to='$user',mail_from='$user_id',mail_text='$hello'");
+	$db->query("update users set user_mail='1',user_mail_name='$user_name' where user_id='$user'");
+	$mail->ClearAddresses();
+	$mail->AddAddress($email); // optional name
+	$mail->AltBody = "bol si uspesne zaregistrovany do komunity "
+			.SYSTEM_URL." s loginom $login . njoy";
+	if(!$mail->Send()){
+		$error="could not sent mail";
+		return false;
+	}
 }
 return true;
 }
diff --git a/wwwroot/inc/eventz/registruj_novych.inc b/wwwroot/inc/eventz/registruj_novych.inc
index ed08bd7..bda9f25 100644
--- a/wwwroot/inc/eventz/registruj_novych.inc
+++ b/wwwroot/inc/eventz/registruj_novych.inc
@@ -1,17 +1,15 @@
 <?php
+
+// XXX is this even used?
+
 function registruj_novych() {
 global $db,$error;
-// 2110364 >> debug user
 
-$q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes
-left join users on nodes.node_creator=users.user_id where node_name='request for access' and node_parent=2091448 and
-k>=5";
+// XXX parametrize
 
-/*
 $q="select users.login as persona,users.email as email,k,node_id,node_creator,login from nodes
-left join users on nodes.node_creator=users.user_id where node_name!='request for access' and node_parent=2091448 and
-k>=3 and user_id=2110364";
-*/
+left join users on nodes.node_creator=users.user_id where 
+node_name='request for access' and node_parent=2091448 and k>=5";
 
 $set=$db->query($q);
 while ($set->next()) {
diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php
index cbbed84..9a5ff1b 100644
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -48,15 +48,16 @@ $db = new CLASS_DATABASE();
 
 if (!empty($_GET['template_id'])) {
 	$template_id=$_GET['template_id'];
+} else {
+	$template_id=false;
 }
-else $template_id=false;
 
 //initializing node methods
 if (!empty($_GET['node_name'])) {
 	$node  = nodes::redirByName($_GET['node_name']);
-}
-elseif (!empty($_GET['node_id'])) {
-	$node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
+} elseif (!empty($_GET['node_id'])) {
+	$node = nodes::getNodeById($_GET['node_id'],
+		(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
 }
 
 //XXX Paths are wrong (!)
@@ -135,7 +136,7 @@ function _checkPermissions()
 }
 
 // mail rss
-if ($template_id=='rss')
+if ($template_id=='rss') //XXX WHAT?
 {
 	$_feedType = "RSS0.91";
 	if (!is_numeric($_SESSION['user_id']))
@@ -172,6 +173,7 @@ if ($template_id=='rss')
 	   $rss->description = "";
 	   $rss->link = "https://". SYSTEM_URL . "/id/24";
 
+		//XXX into function
 	   $query = "select date_format(mail.mail_timestamp,\"%e.%c. %k:%i:%s\") as cas,
    userfrom.user_action as locationfrom_action,
    userfrom.user_action_id as locationfrom_action_id,
@@ -202,7 +204,7 @@ if ($template_id=='rss')
 
 		$rss = new UniversalFeedCreator();
 		$rss->title = "Kyberia bookmarks";
-		$rss->link = "http://".SYSTEM_URL."/id/19";
+		$rss->link = "http://".SYSTEM_URL."/id/19"; //XXX https ?
 
 		require_once(SMARTY_PLUGIN_DIR.'/function.get_bookmarks.php');
 		smarty_function_get_bookmarks(array(), $smarty);
@@ -265,29 +267,37 @@ _checkPermissions();
 //sventest
 if (($permissions['r']) || ($event != 'register')) {
 
-//performing node_events (based on update/insert/delete db queries)
-if ($event) {
-	require(INCLUDE_DIR.'eventz.inc');
-}
+	//performing node_events (based on update/insert/delete db queries)
+	if ($event) {
+		require(INCLUDE_DIR.'eventz.inc');
+	}
 
-elseif ($transaction) {
-	require(INCLUDE_DIR.'transaction.inc');
-}
-//end of performing node events
+	elseif ($transaction) {
+		require(INCLUDE_DIR.'transaction.inc');
+	}
+	//end of performing node events
 
-//sventest
+	//sventest
 }
 
 
 if ($permissions['r']) {
 
-//these 4 lines are not the source of kyberia lagging problems. leave them. started on the 10.4. data gained will be used for scientific purposes
+// these 4 lines are not the source of kyberia lagging problems.
+// leave them. started on the 10.4. 
+// data gained will be used for scientific purposes
+
+// if (isset($_SESSION['user_id']) {
+//	log_levenshtein($_SESSION['user_id'],$node['node_id']);
+// }
+
 if ((isset($_SESSION['user_id'])) && ($_SESSION['user_id'])) {
 	$q="insert delayed into levenshtein set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."'";
 	$db->update($q);
 }
 
 //if node is css
+//XXX into function
 if ($node['template_id']!='2019721'){
 
 	logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
@@ -299,12 +309,21 @@ if ($node['template_id']!='2019721'){
 		if (!$result) {
 			$q="insert into node_access set user_id='".$_SESSION['user_id']."',node_id='".$node['node_id']."',last_visit=NOW()";
 			$db->query($q);
-	}
-}//end of if node os css
+		}
+	}//end of if node os css
 }
 
+}
+
+//XXX into function
+// if (isset($_SESSION['user_id']) {
+//	if (isset($referer_id)) {
+//		update_nodes($_SESSION['user_id'],$node['node_id'],$referer_id);
+//	} else {
+//		update_nodes($_SESSION['user_id'],$node['node_id'],0);	
+//	}
+// }
 
-	}
 // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 //creating neural network
 $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
@@ -324,6 +343,7 @@ elseif (!$permissions['r'] && $_GET['magic_word']) {
 	if ( preg_match("/(\d+)-(.+)/",$_GET['magic_word'],$mu)) {
 		$magic_uid=$mu['1'];
 		$magic_word=addslashes($mu['2']);
+		// XXX WTF column magic_word does not exists
 		$q="select login from users where user_id='$magic_uid' and magic_word='$magic_word'";
 		$set=$db->query($q);
 		if ($set->getNumRows()) {
@@ -355,6 +375,7 @@ if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
         $smarty->assign('friends',$_SESSION['friends']); //req by freezy, done by darkaural
 	$smarty->assign('user_quota',$_SESSION['user_quota']);
 
+	// XXX into function
 	$newmail_q = sprintf('select u.user_mail_id
 				, u.user_k
 				, u.k_wallet
@@ -367,10 +388,10 @@ if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
 				$user_id);
 	$newmailset = $db->query($newmail_q);
 
-//$newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
 
 	$newmailset->next();
 	$new_mail=$newmailset->getString('user_mail');
+	// XXX into function
 	$newmailset2 = $db->query("select users.user_mail_id,mailsender.login
  from users left join users as mailsender on users.user_mail_id = mailsender.user_id where users.user_id = '$user_id'");
 	$newmailset2->next();
@@ -387,6 +408,7 @@ if (isset($_SESSION['user_id'])&&($user_id=$_SESSION['user_id'])) {
 	if ($node['node_name']=='mail') {
 
 		//clear new mail message
+		
 		if ($new_mail) $db->query("update users set user_mail=0 where user_id='$user_id'");
 
 		//set messages as delivered to recipient
@@ -434,6 +456,7 @@ else {
 }
 
 
+// XXX into function
 if (($node['template_id']!='2019721') && (isset($_SESSION['user_id']))){
 //setting user location
 $q="update users set last_action=NOW(),user_location_vector='".$node['node_vector']."',user_action='".addslashes($node['node_name'])."',user_action_id='".$node['node_id']."' where user_id='".$_SESSION['user_id']."'";