From d69b37e1bc784d7510f587add2a6b9b14ba3b2fe Mon Sep 17 00:00:00 2001 From: niekt0 Date: Wed, 28 Sep 2011 23:44:36 +0200 Subject: [PATCH] get_nodes_by_type and logout moved to backend, warnings cleanup --- wwwroot/backend/mysql/backend.inc | 53 ++++++++++++++++++- wwwroot/inc/eventz.inc | 2 +- wwwroot/inc/eventz/login.inc | 9 ++-- wwwroot/inc/eventz/logout.inc | 17 +++--- wwwroot/inc/senate.inc | 2 +- .../function.get_nodes_by_type.php | 47 +++++++--------- 6 files changed, 88 insertions(+), 42 deletions(-) diff --git a/wwwroot/backend/mysql/backend.inc b/wwwroot/backend/mysql/backend.inc index a9b4915..f72a102 100644 --- a/wwwroot/backend/mysql/backend.inc +++ b/wwwroot/backend/mysql/backend.inc @@ -511,9 +511,12 @@ public static function getNodeUserlist($node_id) { // Secure. // Returns list of (node_permission, login) - public static function getNodeCommanders($node_id) { global $db; + + if (!is_numeric($node_id)) + { return -1; } + $set=$db->query("select node_permission,users.login from node_access left join users on node_access.user_id=users.user_id where node_id='$node_id' and node_permission!='' order by node_permission"); @@ -524,6 +527,52 @@ public static function getNodeCommanders($node_id) { return $commanders; } - + +// logout + +// Log out user. +// Secure + +public static function logout() { + global $db; + $q="update users set user_action_id=null where user_id='".$_SESSION['user_id']."'"; + $db->query($q); +} + +// getNodesByType + +// +// Secure +// returns xxx + +public static function getNodesByType($vector,$user_id,$type,$orderby,$offset,$listing_amount) { + global $db; + + if ((!is_numeric($user_id)) + or (!is_numeric($offset)) + or (!is_numeric($listing_amount)) + or ($vector && !is_numeric($vector)) + or (!is_numeric($type))) + { return -1; } + + $orderby=db_escape_string($orderby); + + + $q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes + left join nodes as parent on parent.node_id=nodes.node_parent + left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id' + left join users on users.user_id=nodes.node_creator where "; + if ($vector) $q.="nodes.node_vector like '$vector%' and"; + $q.=" nodes.template_id='$type' and nodes.node_system_access!='private'"; + if ($orderby) $q.=" order by $orderby "; + else $q.=" order by nodes.node_id desc "; + $q.= " LIMIT $offset,$listing_amount "; + $set=$db->query($q); + + while ($set->next()) $result[]=$set->getRecord(); + + return $result; +} + } ?> diff --git a/wwwroot/inc/eventz.inc b/wwwroot/inc/eventz.inc index d79ea22..1801b29 100644 --- a/wwwroot/inc/eventz.inc +++ b/wwwroot/inc/eventz.inc @@ -21,7 +21,7 @@ if (!empty($_SESSION['eventz'][$event]) && ($_SESSION['eventz'][$event])) { elseif (is_file(INCLUDE_DIR."eventz/$event.inc")) { $event_id=nodes::getNodeIdByName($event,"event://$event"); - $event_node=nodes::getNodeById($event_id,$_SESSION['user_id']); + $event_node=nodes::getNodeById($event_id,isset($_SESSION['user_id']) ? $_SESSION['user_id'] : ""); if ( ($event_node['node_system_access']=='public') || (!empty($_SESSION['user_id']) && ($event_node['node_creator']==$_SESSION['user_id'])) diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc index 46252a3..30d4378 100644 --- a/wwwroot/inc/eventz/login.inc +++ b/wwwroot/inc/eventz/login.inc @@ -128,7 +128,8 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name" $_SESSION['user_id']=$user_id; $_SESSION['user_name']=addslashes($user_name); - setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future... + setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); + //10days on whole domain - should have persistent username in future... $xmpp_pass=hash('md5', 'jabber:'.$_POST['password']); setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain $xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!) @@ -140,8 +141,10 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name" if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector; if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set'); - if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width']; - if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height']; + if (!empty($_POST['screen_width']) && is_numeric($_POST['screen_width'])) + { $_SESSION['browser']['screen_width']=$_POST['screen_width']; } + if (!empty($_POST['screen_height']) && is_numeric($_POST['screen_height'])) + { $_SESSION['browser']['screen_height']=$_POST['screen_height']; } $_SESSION['listing_amount']=$set->getString('listing_amount'); $_SESSION['listing_order']=$set->getString('listing_order'); $_SESSION['header_id']=$set->getString('header_id'); diff --git a/wwwroot/inc/eventz/logout.inc b/wwwroot/inc/eventz/logout.inc index c9708aa..b027d6c 100644 --- a/wwwroot/inc/eventz/logout.inc +++ b/wwwroot/inc/eventz/logout.inc @@ -1,12 +1,13 @@ query($q); - logger::log('logout',$node['node_id'],'ok',$_SESSION['user_name']); - session_unset(); - Header("Location: /main"); - } +// log out user + +function logout() { + + nodes::logout(); + logger::log('logout',empty($node['node_id']) ? "" : $node['node_id'],'ok',$_SESSION['user_name']); + session_unset(); + Header("Location: /"); +} ?> diff --git a/wwwroot/inc/senate.inc b/wwwroot/inc/senate.inc index 1acd0f2..95761c5 100644 --- a/wwwroot/inc/senate.inc +++ b/wwwroot/inc/senate.inc @@ -14,7 +14,7 @@ define('DEF_DATA_TEMPLATE',12); define('DEF_GALLERY_TEMPLATE',1041658); define('DEF_LAST_NODE',23); -define('DEF_MAX_LISTING_AMMOUNT',100); +define('DEF_MAX_LISTING_AMMOUNT',333); // 1961061 citizens? // 1061495 citizens? diff --git a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_type.php b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_type.php index e72b975..136500c 100644 --- a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_type.php +++ b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_type.php @@ -1,32 +1,25 @@ query($q); + $type=$params['type']; + if ($params['listing_amount']=='all') $listing_amount=DEF_MAX_LISTING_AMMOUNT; + else $listing_amount=$params['listing_amount']; + if (empty($params['offset'])) $offset=0; + else $offset=$params['offset']; + if ($params['vector']) { + $vector=$params['vector']; + } + if ($params['orderby']) { + $orderby=$params['orderby']; + } + $node_id=$node['node_id']; + $user_id=$_SESSION['user_id']; - while ($set->next()) $pole[]=$set->getRecord(); - $smarty->assign('get_nodes_by_type',$pole); + $result=nodes::getNodesByType(isset($vector)?$vector:"",$user_id,$type,isset($orderby)?$orderby:"",$offset,$listing_amount); - } -?> \ No newline at end of file + $smarty->assign('get_nodes_by_type',$result); + +} +?> -- 2.30.2