wwwroot/nodes.php

   1 <?php
   2 //requiring main config file with path/database etc. constants
   3 require_once('config/config.inc');
   4
   5 //Ask for auth if enabled...
   6 //if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php');
   7
   8 //starting timer for benchmarking purposes
   9 $timer_start=Time()+SubStr(MicroTime(),0,8);
  10 //setting PHPSESSID cookie and starting user session
  11 session_start();
  12
  13 @ini_set('magic_quotes_gpc' , 'off');
  14 if(get_magic_quotes_gpc()) {
  15         die("Error: magic_quotes_gpc needs to be disabled! F00K!\n");
  16 }
  17
  18 //Smarty from DB
  19 $smarty_resource = 'kyberia';
  20 //$smarty_resource = ''; //same as 'file' (fallback)
  21 /* I have moved old templates to DB using following lame script:
  22  * for i in *.tpl; do j=$(echo "$i" | cut -d . -f 1);
  23    echo UPDATE nodes SET node_content = "'$(php -r
  24    "echo mysql_escape_string(file_get_contents('$i'));")'" WHERE
  25    node_id = "'$j'" COLLATE utf8_bin LIMIT '1;';
  26    done | mysql --user=kyberia --password=PASSSSSSS kyberia
  27  * In future we should have some mechanism for distributing templates
  28  * because they are very important part of kyberia source...
  29  */
  30
  31 //connecting to database and creating universal $db object
  32 //require_once(INCLUDE_DIR.'senate.inc'); // in config already
  33 require_once(INCLUDE_DIR.'log.inc');
  34 require_once(INCLUDE_DIR.'ubik.inc');
  35 require_once(INCLUDE_DIR.'nodes.inc');
  36 require_once(INCLUDE_DIR.'error_messages.inc');
  37 require_once(INCLUDE_DIR.'database.inc');
  38 require_once(INCLUDE_DIR.'transports.inc');
  39
  40 $db = new CLASS_DATABASE();
  41
  42 switch(true) {
  43         case preg_match('/id\/([0-9]+)(?:\/([0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match):
  44                 //      print_r($match);
  45                 $_GET['node_id']=$match[1];
  46                 if (!empty($match[2])) {
  47                         $_GET['template_id']=$match[2];
  48                 }
  49                 //Base36 fascism redirect
  50                 if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack...
  51                         header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
  52                                 (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
  53                         );
  54                         die("Die!!! All Fascists Are Bastards...\n");
  55                 }
  56                 break;
  57         case preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]{1,7}))?/',$_SERVER['PATH_INFO'],$match):
  58                 $_GET['node_id']=base_convert($match[1], 36, 10);
  59                 if (!empty($match[2])) {
  60                         $_GET['template_id']=base_convert($match[2],36,10);
  61                 }
  62                 break;
  63         case preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
  64                 $_GET['node_id']  = nodes::getNodeIdByName($match[1]);
  65                 break;
  66         case preg_match('/\/(.+)\/?$/',$_SERVER['PATH_INFO'],$match):
  67                 $_GET['node_id']  = nodes::getNodeIdByName($match[1]);
  68                 break;
  69         default:
  70                 $_GET['node_id']=1;
  71                 break;
  72 }
  73
  74 if (!empty($_GET['template_id'])) {
  75         $template_id=$_GET['template_id'];
  76 } else {
  77         $template_id=false;
  78 }
  79
  80 error_reporting(1);
  81 //$_SESSION['debugging']=0;
  82 //unset($_SESSION['debugging']);
  83 //Well... we should make some event
  84 //or JavaScript page to turning this on/off...
  85 //exit;
  86 if ($_SESSION['debugging']) {
  87     error_reporting(E_ALL);
  88     echo 'GET VARIABLES::<br/>';
  89     print_r($_GET);
  90     echo 'POST VARIABLES::<br/>';
  91     print_r($_POST);
  92     echo '<b>SESSION VARIABLES::</b><br/>';
  93     print_r($_SESSION);
  94 }
  95
  96
  97
  98 //initializing node
  99 if (!is_numeric($_GET['node_id'])) {
 100         $_GET['node_id']=WELCOME_NODE; //Tohle uz je v PHP rewritech!!!!
 101 }
 102
 103 require_once(INCLUDE_DIR.'logout_idle.inc'); //Logout when idle
 104
 105 $node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
 106
 107 //XXX Paths are wrong (!)
 108 //loading smarty template engine and setting main parameters
 109 require(SMARTY_DIR.'Smarty.class.php');
 110 $smarty = new Smarty;
 111 require(INCLUDE_DIR.'smarty/resource.kyberia.php');
 112 $smarty->default_resource_type=$smarty_resource;
 113
 114 //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
 115 $smarty->template_dir = TEMPLATE_DIR;
 116 //echo TEMPLATE_DIR.TEMPLATE_SET;
 117 //echo $smarty->template_dir;
 118 $smarty->compile_dir = SYSTEM_DATA.'templates_c/';
 119 $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
 120 $smarty->cache_dir = SMARTY_DIR.'cache/';
 121 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
 122 if ($_SESSION['debugging']) $smarty->debugging=true;
 123
 124 // initializing variables
 125 // preg_replace prevents LFI
 126 if (empty($_POST['event'])) $event='display';
 127 else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
 128
 129
 130 if ($_SESSION['debugging']) {
 131         echo "<pre><b>NODE::";
 132         print_r($node);
 133         echo "</pre>";
 134 }
 135
 136 if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
 137         $node['node_permission']='owner';
 138 }
 139
 140 if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
 141         if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
 142                 echo "node::".$node['node_vector'];
 143                 echo "cube_Vector::".$_SESSION['cube_vector'];
 144                 echo "you are out of allowed cwbe. access forbidden";
 145                 die();
 146         }
 147 }
 148
 149 @include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz...
 150
 151 //checking permissions
 152 include_once(BACKEND_DIR.'/'.DB_TYPE.'/permissions.inc');
 153 $permissions=permissions::checkPerms($node);
 154 if ($_SESSION['debugging']) {
 155         print_r($permissions);
 156 }
 157
 158
 159
 160 // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 161 //creating neural network
 162 $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
 163 if (isset($referer_id) && is_numeric($referer_id)) {
 164         $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
 165         $result=$db->update($q);
 166         if (!$result) {
 167                 $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
 168                 $db->query($q);
 169                 }
 170 } else {
 171         logger::log('enter',$node['node_id'],'failed');
 172 }
 173
 174
 175
 176 //entering the node (executing the eventz)
 177 if (($permissions['r']) || ($event != 'register')) {
 178         //performing node_events (based on update/insert/delete db queries)
 179         if ($event) {
 180                 require(INCLUDE_DIR.'eventz.inc');
 181         }
 182 }
 183
 184 ?>