From: niekt0 <niekt0@kyberia.cz>
Date: Wed, 28 Sep 2011 21:44:36 +0000 (+0200)
Subject: get_nodes_by_type and logout moved to backend, warnings cleanup
X-Git-Url: https://git.harvie.cz/?p=mirrors%2FKyberia-bloodline.git;a=commitdiff_plain;h=d69b37e1bc784d7510f587add2a6b9b14ba3b2fe

get_nodes_by_type and logout moved to backend, warnings cleanup
---

diff --git a/wwwroot/backend/mysql/backend.inc b/wwwroot/backend/mysql/backend.inc
index a9b4915..f72a102 100644
--- a/wwwroot/backend/mysql/backend.inc
+++ b/wwwroot/backend/mysql/backend.inc
@@ -511,9 +511,12 @@ public static function getNodeUserlist($node_id) {
 // Secure.
 // Returns list of (node_permission, login)
 
-
 public static function getNodeCommanders($node_id) {
 	global $db;
+
+	if (!is_numeric($node_id))
+		 { return -1; }
+
 	$set=$db->query("select node_permission,users.login from node_access 
 			left join users on node_access.user_id=users.user_id where 
 			node_id='$node_id' and node_permission!='' order by node_permission");
@@ -524,6 +527,52 @@ public static function getNodeCommanders($node_id) {
 
 	return $commanders;
 }
-	
+
+// logout
+
+// Log out user.
+// Secure
+
+public static function logout() {
+        global $db;
+        $q="update users set user_action_id=null where user_id='".$_SESSION['user_id']."'";
+        $db->query($q);
+}
+
+// getNodesByType
+
+//
+// Secure
+// returns xxx
+ 
+public static function getNodesByType($vector,$user_id,$type,$orderby,$offset,$listing_amount) {
+	global $db;
+
+	if ((!is_numeric($user_id))
+		or (!is_numeric($offset))
+		or (!is_numeric($listing_amount))
+		or ($vector && !is_numeric($vector))
+		or (!is_numeric($type)))
+		{ return -1; }
+
+	$orderby=db_escape_string($orderby);
+
+
+	$q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes 
+		left join nodes as parent on parent.node_id=nodes.node_parent 
+		left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id'
+		left  join users on users.user_id=nodes.node_creator where ";
+	if ($vector) $q.="nodes.node_vector like '$vector%' and";
+	$q.=" nodes.template_id='$type' and nodes.node_system_access!='private'";
+	if ($orderby) $q.=" order by $orderby ";
+	else $q.=" order by nodes.node_id desc ";
+	$q.= " LIMIT $offset,$listing_amount ";
+	$set=$db->query($q);
+
+	while ($set->next()) $result[]=$set->getRecord();
+
+	return $result;
+}
+
 }
 ?>
diff --git a/wwwroot/inc/eventz.inc b/wwwroot/inc/eventz.inc
index d79ea22..1801b29 100644
--- a/wwwroot/inc/eventz.inc
+++ b/wwwroot/inc/eventz.inc
@@ -21,7 +21,7 @@ if (!empty($_SESSION['eventz'][$event]) && ($_SESSION['eventz'][$event])) {
 
 elseif (is_file(INCLUDE_DIR."eventz/$event.inc")) {
 	$event_id=nodes::getNodeIdByName($event,"event://$event");
-	$event_node=nodes::getNodeById($event_id,$_SESSION['user_id']);
+	$event_node=nodes::getNodeById($event_id,isset($_SESSION['user_id']) ? $_SESSION['user_id'] : "");
 	if (
 		($event_node['node_system_access']=='public')
 		|| (!empty($_SESSION['user_id']) && ($event_node['node_creator']==$_SESSION['user_id']))
diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc
index 46252a3..30d4378 100644
--- a/wwwroot/inc/eventz/login.inc
+++ b/wwwroot/inc/eventz/login.inc
@@ -128,7 +128,8 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
 
         $_SESSION['user_id']=$user_id;
         $_SESSION['user_name']=addslashes($user_name);
-	setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future...
+	setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); 
+	//10days on whole domain - should have persistent username in future...
 	$xmpp_pass=hash('md5', 'jabber:'.$_POST['password']);
 	setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain
 	$xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!)
@@ -140,8 +141,10 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
 
         if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
         if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
-        if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
-        if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
+        if (!empty($_POST['screen_width']) && is_numeric($_POST['screen_width'])) 
+		{ $_SESSION['browser']['screen_width']=$_POST['screen_width']; }
+        if (!empty($_POST['screen_height']) && is_numeric($_POST['screen_height'])) 
+		{ $_SESSION['browser']['screen_height']=$_POST['screen_height']; }
         $_SESSION['listing_amount']=$set->getString('listing_amount');
         $_SESSION['listing_order']=$set->getString('listing_order');
         $_SESSION['header_id']=$set->getString('header_id');
diff --git a/wwwroot/inc/eventz/logout.inc b/wwwroot/inc/eventz/logout.inc
index c9708aa..b027d6c 100644
--- a/wwwroot/inc/eventz/logout.inc
+++ b/wwwroot/inc/eventz/logout.inc
@@ -1,12 +1,13 @@
 <?php
 
-	function logout() {
-		global $db;
-		$q="update users set user_action_id=null where user_id='".$_SESSION['user_id']."'";
-		$db->query($q);
-		logger::log('logout',$node['node_id'],'ok',$_SESSION['user_name']); 
-		session_unset();
-		Header("Location: /main");
-	}
+// log out user
+
+function logout() {
+
+	nodes::logout();
+	logger::log('logout',empty($node['node_id']) ? "" : $node['node_id'],'ok',$_SESSION['user_name']); 
+	session_unset();
+	Header("Location: /");
+}
 
 ?>
diff --git a/wwwroot/inc/senate.inc b/wwwroot/inc/senate.inc
index 1acd0f2..95761c5 100644
--- a/wwwroot/inc/senate.inc
+++ b/wwwroot/inc/senate.inc
@@ -14,7 +14,7 @@ define('DEF_DATA_TEMPLATE',12);
 define('DEF_GALLERY_TEMPLATE',1041658);
 define('DEF_LAST_NODE',23);
 
-define('DEF_MAX_LISTING_AMMOUNT',100);
+define('DEF_MAX_LISTING_AMMOUNT',333);
 
 // 1961061 citizens?
 // 1061495 citizens?
diff --git a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_type.php b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_type.php
index e72b975..136500c 100644
--- a/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_type.php
+++ b/wwwroot/inc/smarty/node_methodz/function.get_nodes_by_type.php
@@ -1,32 +1,25 @@
 <?php
 
-	function smarty_function_get_nodes_by_type($params,&$smarty) {
-		global $node;
-		$type=$params['type'];
-		if ($params['listing_amount']=='all') $listing_amount='2323232323232323';
-		else $listing_amount=$params['listing_amount'];
-		if (empty($params['offset'])) $offset=0;
-		else $offset=$params['offset'];
-		if ($params['vector']) {
- 			$vector=addslashes($params['vector']);
-		}
-		if ($params['orderby']) {
- 			$orderby=addslashes($params['orderby']);
-		}
+function smarty_function_get_nodes_by_type($params,&$smarty) {
+	global $node;
 
-		global $db,$node;
-		$node_id=$node['node_id'];
-		$user_id=$_SESSION['user_id'];
-		$q="select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='$user_id'  left  join users on users.user_id=nodes.node_creator where ";
-		if ($vector) $q.="nodes.node_vector like '$vector%' and";
-		$q.=" nodes.template_id='$type' and nodes.node_system_access!='private'";
-		if ($orderby) $q.=" order by $orderby ";
-		else $q.=" order by nodes.node_id desc ";
-		$q.= " LIMIT $offset,$listing_amount ";
-		$set=$db->query($q);
+	$type=$params['type'];
+	if ($params['listing_amount']=='all') $listing_amount=DEF_MAX_LISTING_AMMOUNT;
+	else $listing_amount=$params['listing_amount'];
+	if (empty($params['offset'])) $offset=0;
+	else $offset=$params['offset'];
+	if ($params['vector']) {
+		$vector=$params['vector'];
+	}
+	if ($params['orderby']) {
+		$orderby=$params['orderby'];
+	}
+	$node_id=$node['node_id'];
+	$user_id=$_SESSION['user_id'];
 
-		while ($set->next()) $pole[]=$set->getRecord();
-		$smarty->assign('get_nodes_by_type',$pole);
+	$result=nodes::getNodesByType(isset($vector)?$vector:"",$user_id,$type,isset($orderby)?$orderby:"",$offset,$listing_amount);
 
-	}
-?>
\ No newline at end of file
+	$smarty->assign('get_nodes_by_type',$result);
+
+}
+?>