<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
$pms = new Pms();
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
if (empty($_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if (!($toid = $user->getId(trim($_POST['to'])))) {
//getId DON'T what htmlspecialchars in parameter
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
foreach ($_POST as &$val) {
$val = htmlspecialchars(trim($val), ENT_QUOTES, 'UTF-8');
}
die(NERDZ\Core\Utils::jsonDbResponse($pms->send($toid, $_POST['message'])));
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Config;
$messages = new Messages();
$user = new User();
$tplcfg = $user->getTemplateCfg();
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false;
// intval below
$pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false;
$action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false);
$found = true;
if ($id) {
$id = intval($id);
//intval here, so we can display the user not found message
if (false === ($info = $user->getObject($id))) {
$username = $user->lang('USER_NOT_FOUND');
$found = false;
$post = new stdClass();
$post->message = '';
} else {
$username = $info->username;
if ($pid && !$user->hasInBlacklist($id)) {
if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) {
$post = new stdClass();
$post->message = '';
}
} else {
$post = new stdClass();
$post->message = '';
}
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Notification;
use NERDZ\Core\User;
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
$user = new User();
$notification = new Notification();
// group notification by default
if ($user->isLogged()) {
$vals = [];
$vals['list_a'] = $notification->show('all', !isset($_POST['doNotDelete']));
if (!count($vals['list_a'])) {
$vals['list_a'] = $notification->story();
} else {
$notification->updateStory($vals['list_a']);
}
$user->getTPL()->assign($vals);
$user->getTPL()->draw('profile/notify');
} else {
echo $user->lang('REGISTER');
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$id = $_SESSION['id'];
if (!($obj = Db::query(array('SELECT "private" FROM "users" WHERE "counter" = ?', array($id)), Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'public':
if ($obj->private == 1) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = FALSE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
}
break;
case 'private':
if (!$obj->private) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = TRUE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Project;
use NERDZ\Core\User;
use NERDZ\Core\Utils;
$user = new User();
$project = new Project();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
$id = isset($_POST['id']) && is_numeric($_POST['id']) ? $_POST['id'] : false;
if (!$user->isLogged() || !$id || !($info = $project->getObject($id)) || $project->getOwner($id) != $_SESSION['id']) {
die($user->lang('ERROR'));
}
$vals = [];
function sortbyusername($a, $b)
{
return strtolower($a) < strtolower($b) ? -1 : 1;
}
$vals['photo_n'] = $info->photo;
$vals['website_n'] = $info->website;
$vals['name_n'] = $info->name;
$mem = $project->getMembers($info->counter);
$vals['members_n'] = count($mem);
$vals['members_a'] = [];
foreach ($mem as &$uid) {
$uid = User::getUsername($uid);
}
$vals['members_a'] = $mem;
usort($vals['members_a'], 'sortbyusername');
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit');
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Search;
$search = new Search();
if (!isset($searchMethod) || !method_exists($search, $searchMethod)) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No-sense error'));
}
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('LOGIN')));
}
$count = isset($_GET['count']) && is_numeric($_GET['count']) ? (int) $_GET['count'] : 10;
$q = isset($_GET['q']) && is_string($_GET['q']) ? $_GET['q'] : '';
if ($q === '') {
die(NERDZ\Core\Utils::jsonResponse('error', 'Invalid search'));
}
die(NERDZ\Core\Utils::jsonResponse($search->{$searchMethod}($q, $count)));
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
ob_start('ob_gzhandler');
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No spam or spam-bot here'));
}
$pms = new Pms();
if (empty($_POST['from']) || !is_numeric($_POST['from']) || empty($_POST['to']) || !is_numeric($_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if ($pms->deleteConversation($_POST['from'], $_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
$user = new User();
$tplcfg = $user->getTemplateCfg();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
?>
<!DOCTYPE html>
<html lang="<?php
echo $user->getBoardLanguage();
?>
">
<head>
<meta name="author" content="Paolo Galeone" />
<title><?php
echo NERDZ\Core\Utils::getSiteName();
?>
- <?php
echo $user->lang('DELETED');
?>
</title>
<?php
$headers = $tplcfg->getTemplateVars('deleted');
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/jscssheaders.php';
?>
</head>
<?php
ob_flush();
?>
<body>
<div id="body">
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/header.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/deleted.php';
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Project;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
$user = new User();
$project = new Project();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$id = $_POST['id'] = isset($_POST['id']) && is_numeric($_POST['id']) ? trim($_POST['id']) : false;
if ($_SESSION['id'] != $project->getOwner($id) || !NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'del':
$capt = new Captcha();
if (!$capt->check(isset($_POST['captcha']) ? $_POST['captcha'] : '')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': ' . $user->lang('CAPTCHA')));
}
if (Db::NO_ERRNO != Db::query(['DELETE FROM "groups" WHERE "counter" = :id', [':id' => $id]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
break;
case 'update':
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\Utils;
use NERDZ\Core\User;
$user = new User();
$messages = new Messages();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
$url = empty($_POST['url']) ? false : trim($_POST['url']);
$comment = empty($_POST['comment']) ? false : trim($_POST['comment']);
$to = empty($_POST['to']) ? false : trim($_POST['to']);
if (!$url || !Utils::isValidURL($url)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('INVALID_URL')));
}
if ($to) {
if (!User::getUsername($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
} else {
$to = $_SESSION['id'];
}
if ($_SESSION['id'] != $to) {
if ($user->hasClosedProfile($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('CLOSED_PROFILE_DESCR')));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Utils;
use NERDZ\Core\User;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$userData['interests'] = isset($_POST['interests']) ? trim($_POST['interests']) : '';
$userData['biography'] = isset($_POST['biography']) ? trim($_POST['biography']) : '';
$userData['quotes'] = isset($_POST['quotes']) ? trim($_POST['quotes']) : '';
$userData['website'] = isset($_POST['website']) ? strip_tags(trim($_POST['website'])) : '';
$userData['jabber'] = isset($_POST['jabber']) ? trim($_POST['jabber']) : '';
$userData['yahoo'] = isset($_POST['yahoo']) ? trim($_POST['yahoo']) : '';
$userData['facebook'] = isset($_POST['facebook']) ? trim($_POST['facebook']) : '';
$userData['twitter'] = isset($_POST['twitter']) ? trim($_POST['twitter']) : '';
$userData['steam'] = isset($_POST['steam']) ? trim($_POST['steam']) : '';
$userData['skype'] = isset($_POST['skype']) ? trim($_POST['skype']) : '';
$userData['github'] = isset($_POST['github']) ? trim($_POST['github']) : '';
$userData['userscript'] = isset($_POST['userscript']) ? strip_tags(trim($_POST['userscript'])) : '';
$userData['dateformat'] = isset($_POST['dateformat']) ? trim($_POST['dateformat']) : '';
foreach ($userData as $key => $val) {
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Notification;
use NERDZ\Core\User;
$notification = new Notification();
$user = new User();
if ($user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('ok', $notification->count(false, true)));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . "\n" . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
$create = true;
//required by validateproject.php
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateproject.php';
try {
Db::getDb()->beginTransaction();
Db::query(['INSERT INTO groups ("description","name") VALUES (:description,:name)', [':description' => $projectData['description'], ':name' => $projectData['name']]], Db::NO_RETURN);
$o = Db::query(['SELECT counter FROM groups WHERE name = :name', [':name' => $projectData['name']]], Db::FETCH_OBJ);
Db::query(['INSERT INTO groups_owners("from", "to") VALUES(:owner, :group)', [':owner' => $projectData['owner'], ':group' => $o->counter]], Db::NO_RETURN);
Db::getDb()->commit();
} catch (\PDOException $e) {
Db::getDb()->rollBack();
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Comments;
use NERDZ\Core\User;
$user = new User();
$message = new Comments();
if (!$user->isLogged() || empty($_GET['message'])) {
$_GET['message'] = $user->lang('ERROR');
}
$vals = [];
$vals['message_n'] = $message->bbcode($message->parseQuote(htmlspecialchars($_GET['message'], ENT_QUOTES, 'UTF-8')));
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/preview');
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
use NERDZ\Core\Comments;
use NERDZ\Core\Messages;
use NERDZ\Core\Gravatar;
use NERDZ\Core\System;
use NERDZ\Core\User;
$prj = isset($prj);
$user = new User();
$comments = new Comments();
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'get':
$hcid = isset($_POST['hcid']) && is_numeric($_POST['hcid']) ? $_POST['hcid'] : false;
if (!$hcid) {
die($user->lang('ERROR') . ': no hcid');
}
$vals = [];
$vals['list_a'] = $comments->get($hcid, $prj);
$vals['showform_b'] = false;
$vals['needmorebtn_b'] = false;
$vals['commentcount_n'] = 0;
$vals['hpid_n'] = 0;
$vals['onerrorimgurl_n'] = System::getResourceDomain() . '/static/images/red_x.png';
$user->getTPL()->assign($vals);
$user->getTPL()->draw(($prj ? 'project' : 'profile') . '/comments');
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$capt = new Captcha();
if (!$capt->check(isset($_POST['captcha']) ? $_POST['captcha'] : '')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if (Db::NO_ERRNO != Db::query(array('DELETE FROM "users" WHERE "counter" = ?', array($_SESSION['id'])), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$motivation = !empty($_POST['motivation']) ? htmlentities($_POST['motivation'], ENT_QUOTES, 'UTF-8') : false;
if ($motivation) {
Db::query(['UPDATE "deleted_users" SET "motivation" = :motivation WHERE "counter" = :counter', [':motivation' => $motivation, ':counter' => $_SESSION['id']]], Db::NO_RETURN);
}
$user->logout();
die(NERDZ\Core\Utils::jsonResponse('ok', 'Bye :('));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!$user->isLogged() || empty($_POST['id']) || !is_numeric($_POST['id'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('LOGIN')));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'del':
if (Db::NO_ERRNO != Db::query(['DELETE FROM "blacklist" WHERE "from" = :me AND "to" = :to', [':me' => $_SESSION['id'], ':to' => $_POST['id']]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
break;
case 'add':
$motivation = empty($_POST['motivation']) ? '' : htmlspecialchars(trim($_POST['motivation']), ENT_QUOTES, 'UTF-8');
if (!$user->hasInBlacklist($_POST['id'])) {
if (Db::NO_ERRNO != Db::query(['INSERT INTO "blacklist"("from","to","motivation") VALUES (:me,:to,:motivation)', [':me' => $_SESSION['id'], ':to' => $_POST['id'], ':motivation' => $motivation]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1'));
}
break;
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '2'));
break;
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\User;
$messages = new Messages();
$user = new User();
$prj = isset($prj);
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'CSRF'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'add':
if (empty($_POST['to'])) {
if ($prj) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . 'a'));
} else {
$_POST['to'] = $_SESSION['id'];
}
}
die(NERDZ\Core\Utils::jsonDbResponse($messages->add($_POST['to'], isset($_POST['message']) ? $_POST['message'] : '', ['news' => !empty($_POST['news']), 'issue' => !empty($_POST['issue']), 'project' => $prj, 'language' => !empty($_POST['language']) ? $_POST['language'] : false])));
break;
case 'del':
if (!isset($_SESSION['delpost']) || empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || $_SESSION['delpost'] != $_POST['hpid'] || !$messages->delete($_POST['hpid'], $prj)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
unset($_SESSION['delpost']);
use NERDZ\Core\Config;
use NERDZ\Core\User;
use NERDZ\Core\Messages;
use NERDZ\Core\Security;
$user = new User();
$l = "\t\n\r\v ����� ";
$userData = [];
$userData['name'] = isset($_POST['name']) ? trim($_POST['name'], $l) : false;
$userData['surname'] = isset($_POST['surname']) ? trim($_POST['surname'], $l) : false;
$userData['email'] = isset($_POST['email']) ? trim($_POST['email'], $l) : false;
$userData['timezone'] = isset($_POST['timezone']) ? trim($_POST['timezone'], $l) : false;
if ($user->isLogged()) {
$updatedPassword = false;
if (empty($_POST['password'])) {
if (!($obj = Db::query(['SELECT "password" FROM "users" WHERE counter = :id', [':id' => $_SESSION['id']]], Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$userData['password'] = $obj->password;
//saved hashed password
} else {
$userData['password'] = $_POST['password'];
$updatedPassword = true;
}
} else {
$userData['password'] = isset($_POST['password']) ? $_POST['password'] : false;
$userData['username'] = isset($_POST['username']) ? trim($_POST['username'], $l) : false;
}
$userData['gender'] = isset($_POST['gender']) && is_numeric($_POST['gender']) && $_POST['gender'] > 0 && $_POST['gender'] <= 2 ? $_POST['gender'] : false;
$birth['birth_day'] = isset($_POST['birth_day']) && is_numeric($_POST['birth_day']) && $_POST['birth_day'] > 0 ? $_POST['birth_day'] : false;
$birth['birth_month'] = isset($_POST['birth_month']) && is_numeric($_POST['birth_month']) && $_POST['birth_month'] > 0 ? $_POST['birth_month'] : false;
$birth['birth_year'] = isset($_POST['birth_year']) && is_numeric($_POST['birth_year']) && $_POST['birth_year'] > 0 ? $_POST['birth_year'] : false;
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
$user = new User();
if (isset($_POST['comment'])) {
$message = new NERDZ\Core\Comments();
if (!isset($_POST['hcid']) || !is_numeric($_POST['hcid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hcid'));
}
$id = $_POST['hcid'];
} else {
$message = new NERDZ\Core\Messages();
if (!isset($_POST['hpid']) || !is_numeric($_POST['hpid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hpid'));
}
$id = $_POST['hpid'];
}
$revNo = isset($_POST['revNo']) && is_numeric($_POST['revNo']) && $_POST['revNo'] >= 1 ? $_POST['revNo'] : 0;
if (!$revNo) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': invalid revNo'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$rev = $message->getRevision($id, $revNo, isset($prj));
die(is_object($rev) ? NERDZ\Core\Utils::jsonResponse(['datetime' => $user->getDateTime($rev->time), 'message' => $message->bbcode($rev->message)]) : NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (isset($_POST['comment'])) {
$message = new NERDZ\Core\Comments();
if (!isset($_POST['hcid']) || !is_numeric($_POST['hcid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hcid'));
}
$id = $_POST['hcid'];
} else {
$message = new NERDZ\Core\Messages();
if (!isset($_POST['hpid']) || !is_numeric($_POST['hpid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hpid'));
}
$id = $_POST['hpid'];
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (isset($_POST['thumb']) && is_numeric($_POST['thumb'])) {
$thumb = (int) $_POST['thumb'];
$dbResponse = $message->setThumbs($id, $thumb, isset($prj));
if ($dbResponse != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($dbResponse));
}
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': 3'));
$user = new User();
$tplcfg = $user->getTemplateCfg();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
?>
<!DOCTYPE html>
<html lang="<?php
echo $user->getBoardLanguage();
?>
">
<head>
<meta name="author" content="Paolo Galeone" />
<title><?php
echo NERDZ\Core\Utils::getSiteName();
?>
- <?php
echo $user->lang('BANNED');
?>
</title>
<?php
$headers = $tplcfg->getTemplateVars('banned');
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/jscssheaders.php';
?>
</head>
<?php
ob_flush();
?>
<body>
<div id="body">
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/header.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/banned.php';
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Config;
use NERDZ\Core\Utils;
use NERDZ\Core\Project;
use NERDZ\Core\User;
use NERDZ\Core\Messages;
$user = new User();
$project = new Project();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
foreach ($_POST as &$val) {
$val = trim($val);
}
if (empty($_POST['description']) || !is_string($_POST['description'])) {
//always required
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MUST_COMPLETE_FORM') . "\n\n" . $user->lang('MISSING') . ":\n" . $user->lang('DESCRIPTION')));
}
$projectData = [];
$projectData['description'] = $_POST['description'];
$projectData['owner'] = $_SESSION['id'];
//required for creation
if (isset($create)) {
if (empty($_POST['name']) || !is_string($_POST['name'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MUST_COMPLETE_FORM') . "\n\n" . $user->lang('MISSING') . ":\n" . $user->lang('NAME')));
}
$projectData['name'] = $_POST['name'];
if ($project->getId($projectData['name']) !== 0) {
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
use NERDZ\Core\User;
$user = new User();
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
if (!NERDZ\Core\Security::refererControl()) {
die($user->lang('ERROR'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'get':
//fa tutto lei compresa la gestione di $_POST[hpid]
$hpid = isset($_POST['hpid']) ? $_POST['hpid'] : -1;
$draw = true;
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/singlepost.html.php';
break;
default:
die($user->lang('ERROR'));
break;
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if ($user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ALREADY_LOGGED')));
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php';
$ret = Db::query(['INSERT INTO users ("username","password","name","surname","email","gender","birth_date","lang","board_lang","timezone","remote_addr", "http_user_agent")
VALUES (:username, crypt(:password, gen_salt(\'bf\', 7)) , :name, :surname, :email, :gender, :date, :lang, :lang, :timezone, :remote_addr, :http_user_agent)', [':username' => $userData['username'], ':password' => $userData['password'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':timezone' => $userData['timezone'], ':date' => $birth['date'], ':lang' => $user->getLanguage(), ':remote_addr' => $_SERVER['REMOTE_ADDR'], ':http_user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') : '']], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret));
}
if (!$user->login($userData['username'], $userData['password'], $setCookie = true)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('LOGIN_OK')));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\System;
$user = new User();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
$vals = [];
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit');
$longlangs = System::getAvailableLanguages(1);
$vals['langs_a'] = [];
$i = 0;
foreach ($longlangs as $id => $val) {
$vals['langs_a'][$i]['longlang_n'] = $val;
$vals['langs_a'][$i]['shortlang_n'] = $id;
++$i;
}
$vals['mylang_n'] = $user->getLanguage($_SESSION['id']);
$vals['myboardlang_n'] = $user->getBoardLanguage($_SESSION['id']);
$user->getTPL()->assign($vals);
$user->getTPL()->draw('preferences/language');
use NERDZ\Core\User;
use NERDZ\Core\Config;
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
use NERDZ\Core\Security;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
$email = isset($_POST['email']) ? trim($_POST['email']) : false;
$password = isset($_POST['password']) ? $_POST['password'] : false;
$token = isset($_POST['token']) ? $_POST['token'] : false;
$key = isset($_POST['key']) && is_numeric($_POST['key']) ? $_POST['key'] : false;
if ($email !== false && $captcha !== false) {
// 1st step
if (!$captcha) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MAIL_NOT_VALID')));
}
if (!($obj = Db::query(['SELECT "username","counter" FROM "users" WHERE "email" = :email', [':email' => $email]], Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
$vals = [];
$vals['username_n'] = $obj->username;
$vals['usernamelink_n'] = 'http://' . Config\SITE_HOST . '/' . \NERDZ\Core\Utils::userLink($obj->username);
$vals['account_n'] = "{$obj->username} - ID: {$obj->counter}";
$vals['ip_n'] = $_SERVER['REMOTE_ADDR'];