From 233544e1f97c1115cbeb267ef9ec64e55d370cb5 Mon Sep 17 00:00:00 2001 From: niekt0 Date: Mon, 26 Sep 2011 17:31:57 +0200 Subject: [PATCH] Cleared upload_data , commented out "gallery" feature, commented out jabber from login --- wwwroot/inc/eventz/login.inc | 39 ++++++++++-------- wwwroot/inc/eventz/upload_data_file.inc | 53 ++++++++++++------------- wwwroot/inc/filez.inc | 48 ++-------------------- wwwroot/inc/senate.inc | 3 ++ 4 files changed, 53 insertions(+), 90 deletions(-) diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc index 8f33e55..46252a3 100644 --- a/wwwroot/inc/eventz/login.inc +++ b/wwwroot/inc/eventz/login.inc @@ -12,22 +12,24 @@ function jabberctl($command, $args) { //XXXTODO Move to some .inc file... function login_check($login, $password, $login_type='id') { - global $db,$error,$node_id; - $login = db_escape_string($login); //Not SQLi in $password but be carefull - $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());' - - $hash_query='('; - foreach($password_hash_algos as $algo) { - $hash_query.="password='".hash($algo, $password)."' OR "; - } - $hash_query.='false )'; + global $db,$error,$node_id; + $login = db_escape_string($login); + //Not SQLi in $password but be carefull + $password_hash_algos=array('sha256','sha1','md5'); + //List of supported algos can be obtained using: php -r 'print_r(hash_algos());' + + $hash_query='('; + foreach($password_hash_algos as $algo) { + $hash_query.="password='".hash($algo, $password)."' OR "; + } + $hash_query.='false )'; - $referer = $_SERVER['HTTP_REFERER']; + $referer = $_SERVER['HTTP_REFERER']; - if (!session_id()) { - $error='asi nemas zapnute cookies alebo co'; - return false; - } + if (!session_id()) { + $error='asi nemas zapnute cookies alebo co'; + return false; + } switch ($login_type) { case "name": @@ -130,9 +132,12 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name" $xmpp_pass=hash('md5', 'jabber:'.$_POST['password']); setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain $xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!) - jabberctl('register', array($xmpp, $xmpp_domain, $xmpp_pass)); - jabberctl('change_password', array($xmpp, $xmpp_domain, $xmpp_pass)); - jabberctl('push_alltoall', array($xmpp_domain, $xmpp_domain)); + + # XXX dissabled, was causing 20+ sec. delay while logging in +# jabberctl('register', array($xmpp, $xmpp_domain, $xmpp_pass)); +# jabberctl('change_password', array($xmpp, $xmpp_domain, $xmpp_pass)); +# jabberctl('push_alltoall', array($xmpp_domain, $xmpp_domain)); + if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector; if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set'); if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width']; diff --git a/wwwroot/inc/eventz/upload_data_file.inc b/wwwroot/inc/eventz/upload_data_file.inc index 09aa33e..7c21f3a 100644 --- a/wwwroot/inc/eventz/upload_data_file.inc +++ b/wwwroot/inc/eventz/upload_data_file.inc @@ -1,7 +1,5 @@ ".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif"; - } - elseif (stristr($image_name,".gif")) { - $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTE_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif"; - } - if ($cmd) { - shell_exec($cmd); - } - // XXX WTF - echo $cmd; - } +# Removed for now, need complete rewrite + +# if ($_POST['gallery']) { +# $node_params['template_id']=DEF_GALLERY_TEMPLATE; +# $image=TMP."/".$_FILES['data_file']['name']."/".$file; +# $image_name=$file; +# $width=NODE_IMAGE_WIDTH; +# +# if (stristr($image_name,".jpg") || +# stristr($image_name,".jpeg") ){ +# +# /// XXX UTILZ_DIR is not set. remove? +# $cmd=UTILZ_DIR."/jpegtopnm $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif"; +# } +# elseif (stristr($image_name,".gif")) { +# $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTE_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif"; +# } +# if ($cmd) { +# shell_exec($cmd); +# } +# // XXX WTF +# echo $cmd; +# } } } closedir($handle); @@ -94,8 +94,5 @@ function upload_data_file() { symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix", SYSTEM_ROOT.'/files/'.$node['node_id']); } - - } - ?> diff --git a/wwwroot/inc/filez.inc b/wwwroot/inc/filez.inc index 5ca65c9..a7fcd39 100644 --- a/wwwroot/inc/filez.inc +++ b/wwwroot/inc/filez.inc @@ -1,27 +1,17 @@ 0) { return false; } @@ -29,36 +19,4 @@ public static function filename_secure($name){ } } - -/* -* Returns disk usage in bytes of directory $d. Limit depth level with $depth. -* Updates, documentation and examples: http://daniel.lorch.cc/projects/disk_usage/ -* -* Revision: 1.00 -*/ - -function disk_usage($d, $depth = NULL) { - if(is_file($d)) - return filesize($d); - - if(isset($depth) && $depth < 0) - return 0; - - if($d[strlen($d)-1] != '\\' || $d[strlen($d)-1] != '/') - $d .= '/'; - - $dh=@opendir($d); - if(!$dh) - return 0; - - while($e = readdir($dh)) - if($e != '.' && $e != '..') - $usage += disk_usage($d.$e, isset($depth) ? $depth - 1 : NULL); - - closedir($dh); - - return $usage; -} - - ?> diff --git a/wwwroot/inc/senate.inc b/wwwroot/inc/senate.inc index 3dd4976..7fa7c8b 100644 --- a/wwwroot/inc/senate.inc +++ b/wwwroot/inc/senate.inc @@ -10,6 +10,9 @@ define('REGISTRATION_TEXT_NODE',791946); define('REGISTRATION_REQUEST_NODE',2091448); define('UNVERIFIED_REGISTRATIONS_NODE',1836516); +define('DEF_DATA_TEMPLATE',12); +define('DEF_GALLERY_TEMPLATE',1041658); + // 1961061 citizens? // 1061495 citizens? // 1961070 citizens? -- 2.30.2