<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Config;
$messages = new Messages();
$user = new User();
$tplcfg = $user->getTemplateCfg();
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false;
// intval below
$pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false;
$action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false);
$found = true;
if ($id) {
$id = intval($id);
//intval here, so we can display the user not found message
if (false === ($info = $user->getObject($id))) {
$username = $user->lang('USER_NOT_FOUND');
$found = false;
$post = new stdClass();
$post->message = '';
} else {
$username = $info->username;
if ($pid && !$user->hasInBlacklist($id)) {
if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) {
$post = new stdClass();
$post->message = '';
}
