wwwroot/nodes.php

   1 <?php
   2 //requiring main config file with path/database etc. constants
   3 require_once('config/config.inc');
   4
   5 //Ask for auth if enabled...
   6 //if(isset($realm) && isset($users)) require_once(INCLUDE_DIR.'http_auth.php');
   7
   8 //starting timer for benchmarking purposes
   9 $timer_start=Time()+SubStr(MicroTime(),0,8);
  10 //setting PHPSESSID cookie and starting user session
  11
  12 //error reporting has to be before session_start
  13 error_reporting(-1);
  14 ini_set('display_errors','On');
  15 session_start();
  16
  17 @ini_set('magic_quotes_gpc' , 'off');
  18 if(get_magic_quotes_gpc()) {
  19         die("Error: magic_quotes_gpc needs to be disabled! F00K!\n");
  20 }
  21
  22 //Smarty from DB
  23 $smarty_resource = 'kyberia';
  24
  25 //connecting to database and creating universal $db object
  26 //require_once(INCLUDE_DIR.'senate.inc'); // in config already
  27 require_once(INCLUDE_DIR.'log.inc');
  28 require_once(INCLUDE_DIR.'ubik.inc');
  29 require_once(INCLUDE_DIR.'nodes.inc');
  30 require_once(INCLUDE_DIR.'error_messages.inc');
  31 require_once(INCLUDE_DIR.'database.inc');
  32 require_once(INCLUDE_DIR.'transports.inc');
  33
  34 $db = new CLASS_DATABASE();
  35
  36 switch(true) {
  37         case preg_match('/id\/([0-9]+)(?:\/([a-zA-Z0-9]+)\/?)?/',$_SERVER['PATH_INFO'],$match):
  38                 //      print_r($match);
  39                 $_GET['node_id']=$match[1];
  40                 if (!empty($match[2])) {
  41                         $_GET['template_id']=$match[2];
  42                 }
  43                 //Base36
  44 /*
  45                 if(!count($_POST) && !(isset($_GET['template_id']) && $_GET['template_id'] == 'download')) { //Fix ugly download hack...
  46                         header('Location: /k/'.base_convert($_GET['node_id'], 10, 36).
  47                                 (isset($_GET['template_id'])?'/'.base_convert($_GET['template_id'], 10, 36):'')
  48                         );
  49                         die("Die!!! All Fascists Are Bastards...\n")
  50                 }
  51 */
  52                 break;
  53
  54         case preg_match('/k\/([a-z0-9]{1,7})(?:\/([a-z0-9]+))?/',$_SERVER['PATH_INFO'],$match):
  55                 echo "picic";
  56                 $_GET['node_id']=base_convert($match[1], 36, 10);
  57                 if (!empty($match[2])) {
  58                         $_GET['template_id']=$match[2];
  59                 }
  60                 break;
  61         case preg_match('/name\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
  62                 $_GET['node_id']  = nodes::getNodeIdByName($match[1]);
  63                 break;
  64         case preg_match('/search\/(.*?)\/?$/',$_SERVER['PATH_INFO'],$match):
  65                 //$query  = nodes::getNodeIdByName($match[1]);
  66                 //XXX TODO: Predat searchi az bude fungovat
  67                 break;
  68         case preg_match('/\/(.+)\/?$/',$_SERVER['PATH_INFO'],$match):
  69                 $_GET['node_id']  = nodes::getNodeIdByName($match[1]);
  70                 break;
  71         default:
  72                 $_GET['node_id']=1; //WELCOME_NODE
  73                 break;
  74 }
  75
  76 if (!empty($_GET['template_id'])) {
  77         $template_id=$_GET['template_id'];
  78 } else {
  79         $template_id=false;
  80 }
  81
  82 error_reporting(E_ALL);
  83 //use wwwroot/debugswitch.php (from Your browser) to switch debugging on/off
  84 if(isset($_SESSION['debugging']) && $_SESSION['debugging']) {
  85     ini_set('display_errors','On');
  86     echo 'GET VARIABLES::<br/>';
  87     print_r($_GET);
  88     echo 'POST VARIABLES::<br/>';
  89     print_r($_POST);
  90     echo 'FILES VARIABLES::<br/>';
  91     print_r($_FILES);
  92     echo '<b>SESSION VARIABLES::</b><br/>';
  93     print_r($_SESSION);
  94 } else {
  95         $_SESSION['debugging']=false;
  96         set_error_handler('logger::error_handler');
  97 }
  98
  99 require_once(INCLUDE_DIR.'logout_idle.inc'); //Logout when idle
 100
 101 //initializing node
 102 $node = nodes::getNodeById($_GET['node_id'],(isset($_SESSION['user_id']))?$_SESSION['user_id']:'');
 103
 104 //XXX Paths are wrong (!)
 105 //loading smarty template engine and setting main parameters
 106 require(SMARTY_DIR.'Smarty.class.php');
 107 $smarty = new Smarty;
 108 require(INCLUDE_DIR.'smarty/resource.kyberia.php');
 109 $smarty->default_resource_type=$smarty_resource;
 110
 111 //$smarty->php_handling = SMARTY_PHP_REMOVE; //XXX
 112 $smarty->template_dir = TEMPLATE_DIR;
 113 //echo TEMPLATE_DIR.TEMPLATE_SET;
 114 //echo $smarty->template_dir;
 115 $smarty->compile_dir = SYSTEM_DATA.'templates_c/';
 116 $smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
 117 $smarty->cache_dir = SMARTY_DIR.'cache/';
 118 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
 119 if (isset($_SESSION['debugging']) && $_SESSION['debugging']) $smarty->debugging=true;
 120
 121 // initializing variables
 122 // preg_replace prevents LFI
 123 if (empty($_POST['event'])) $event='display';
 124 else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
 125
 126
 127 if (isset($_SESSION['debugging']) && $_SESSION['debugging']) {
 128         echo "<pre><b>NODE::";
 129         print_r($node);
 130         echo "</pre>";
 131 }
 132
 133 if ((isset($_SESSION['user_id']) && ($node['node_creator']==$_SESSION['user_id']))) {
 134         $node['node_permission']='owner';
 135 }
 136
 137 if (isset($_SESSION['cube_vector']) && ($_SESSION['cube_vector'])) {
 138         if (strpos($node['node_vector'],$_SESSION['cube_vector'])===false) {
 139                 echo "node::".$node['node_vector'];
 140                 echo "cube_Vector::".$_SESSION['cube_vector'];
 141                 echo "you are out of allowed cwbe. access forbidden";
 142                 die();
 143         }
 144 }
 145
 146 #@include_once(INCLUDE_DIR.'mail_rss.inc'); //haluz...
 147
 148 //checking permissions
 149 include_once(BACKEND_DIR.'/'.DB_TYPE.'/permissions.inc');
 150 $permissions=permissions::checkPerms($node);
 151 if (!empty($_SESSION['debugging']) && $_SESSION['debugging']) {
 152         print_r($permissions);
 153 }
 154
 155
 156
 157 // DO NOT MESS WITH THIS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 158 //creating neural network
 159 $db->update("update nodes set node_views=node_views+1 where node_id='".$node['node_id']."'");
 160 if (isset($referer_id) && is_numeric($referer_id)) {
 161         $q="update neurons set synapse=synapse+1 where dst='".$node['node_id']."' and src='$referer_id'";
 162         $result=$db->update($q);
 163         if (!$result) {
 164                 $q="insert into neurons set synapse_creator='".$_SESSION['user_id']."',dst='".$node['node_id']."',src='$referer_id',synapse=1";
 165                 $db->query($q);
 166                 }
 167 } else {
 168         logger::log('enter',$node['node_id'],'failed');
 169 }
 170
 171
 172
 173 //entering the node (executing the eventz)
 174 if (($permissions['r']) || ($event != 'register')) {
 175         //performing node_events (based on update/insert/delete db queries)
 176         if ($event) {
 177                 require(INCLUDE_DIR.'eventz.inc');
 178         }
 179 }
 180
 181 ?>