Beispiel #1
3
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
$pms = new Pms();
$user = new User();
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
if (empty($_POST['to'])) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if (!($toid = $user->getId(trim($_POST['to'])))) {
    //getId DON'T what htmlspecialchars in parameter
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
foreach ($_POST as &$val) {
    $val = htmlspecialchars(trim($val), ENT_QUOTES, 'UTF-8');
}
die(NERDZ\Core\Utils::jsonDbResponse($pms->send($toid, $_POST['message'])));
Beispiel #2
0
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Config;
$messages = new Messages();
$user = new User();
$tplcfg = $user->getTemplateCfg();
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false;
// intval below
$pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false;
$action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false);
$found = true;
if ($id) {
    $id = intval($id);
    //intval here, so we can display the user not found message
    if (false === ($info = $user->getObject($id))) {
        $username = $user->lang('USER_NOT_FOUND');
        $found = false;
        $post = new stdClass();
        $post->message = '';
    } else {
        $username = $info->username;
        if ($pid && !$user->hasInBlacklist($id)) {
            if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) {
                $post = new stdClass();
                $post->message = '';
            }
        } else {
            $post = new stdClass();
            $post->message = '';
        }
    }
Beispiel #3
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Notification;
use NERDZ\Core\User;
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
$user = new User();
$notification = new Notification();
// group notification by default
if ($user->isLogged()) {
    $vals = [];
    $vals['list_a'] = $notification->show('all', !isset($_POST['doNotDelete']));
    if (!count($vals['list_a'])) {
        $vals['list_a'] = $notification->story();
    } else {
        $notification->updateStory($vals['list_a']);
    }
    $user->getTPL()->assign($vals);
    $user->getTPL()->draw('profile/notify');
} else {
    echo $user->lang('REGISTER');
}
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$id = $_SESSION['id'];
if (!($obj = Db::query(array('SELECT "private" FROM "users" WHERE "counter" = ?', array($id)), Db::FETCH_OBJ))) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
    case 'public':
        if ($obj->private == 1) {
            if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = FALSE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
                die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
            }
        }
        break;
    case 'private':
        if (!$obj->private) {
            if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = TRUE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Project;
use NERDZ\Core\User;
use NERDZ\Core\Utils;
$user = new User();
$project = new Project();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
$id = isset($_POST['id']) && is_numeric($_POST['id']) ? $_POST['id'] : false;
if (!$user->isLogged() || !$id || !($info = $project->getObject($id)) || $project->getOwner($id) != $_SESSION['id']) {
    die($user->lang('ERROR'));
}
$vals = [];
function sortbyusername($a, $b)
{
    return strtolower($a) < strtolower($b) ? -1 : 1;
}
$vals['photo_n'] = $info->photo;
$vals['website_n'] = $info->website;
$vals['name_n'] = $info->name;
$mem = $project->getMembers($info->counter);
$vals['members_n'] = count($mem);
$vals['members_a'] = [];
foreach ($mem as &$uid) {
    $uid = User::getUsername($uid);
}
$vals['members_a'] = $mem;
usort($vals['members_a'], 'sortbyusername');
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit');
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Search;
$search = new Search();
if (!isset($searchMethod) || !method_exists($search, $searchMethod)) {
    die(NERDZ\Core\Utils::jsonResponse('error', 'No-sense error'));
}
$user = new User();
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('LOGIN')));
}
$count = isset($_GET['count']) && is_numeric($_GET['count']) ? (int) $_GET['count'] : 10;
$q = isset($_GET['q']) && is_string($_GET['q']) ? $_GET['q'] : '';
if ($q === '') {
    die(NERDZ\Core\Utils::jsonResponse('error', 'Invalid search'));
}
die(NERDZ\Core\Utils::jsonResponse($search->{$searchMethod}($q, $count)));
Beispiel #7
0
<?php

require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
ob_start('ob_gzhandler');
$user = new User();
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', 'No spam or spam-bot here'));
}
$pms = new Pms();
if (empty($_POST['from']) || !is_numeric($_POST['from']) || empty($_POST['to']) || !is_numeric($_POST['to'])) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if ($pms->deleteConversation($_POST['from'], $_POST['to'])) {
    die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
Beispiel #8
0
$user = new User();
$tplcfg = $user->getTemplateCfg();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
?>
    <!DOCTYPE html>
    <html lang="<?php 
echo $user->getBoardLanguage();
?>
">
    <head>
    <meta name="author" content="Paolo Galeone" />
    <title><?php 
echo NERDZ\Core\Utils::getSiteName();
?>
 - <?php 
echo $user->lang('DELETED');
?>
</title>
<?php 
$headers = $tplcfg->getTemplateVars('deleted');
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/jscssheaders.php';
?>
    </head>
    <?php 
ob_flush();
?>
<body>
    <div id="body">
<?php 
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/header.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/deleted.php';
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Project;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
$user = new User();
$project = new Project();
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$id = $_POST['id'] = isset($_POST['id']) && is_numeric($_POST['id']) ? trim($_POST['id']) : false;
if ($_SESSION['id'] != $project->getOwner($id) || !NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
    case 'del':
        $capt = new Captcha();
        if (!$capt->check(isset($_POST['captcha']) ? $_POST['captcha'] : '')) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': ' . $user->lang('CAPTCHA')));
        }
        if (Db::NO_ERRNO != Db::query(['DELETE FROM "groups" WHERE "counter" = :id', [':id' => $id]], Db::FETCH_ERRNO)) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
        }
        break;
    case 'update':
Beispiel #10
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\Utils;
use NERDZ\Core\User;
$user = new User();
$messages = new Messages();
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
$url = empty($_POST['url']) ? false : trim($_POST['url']);
$comment = empty($_POST['comment']) ? false : trim($_POST['comment']);
$to = empty($_POST['to']) ? false : trim($_POST['to']);
if (!$url || !Utils::isValidURL($url)) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('INVALID_URL')));
}
if ($to) {
    if (!User::getUsername($to)) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
    }
} else {
    $to = $_SESSION['id'];
}
if ($_SESSION['id'] != $to) {
    if ($user->hasClosedProfile($to)) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('CLOSED_PROFILE_DESCR')));
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Utils;
use NERDZ\Core\User;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$userData['interests'] = isset($_POST['interests']) ? trim($_POST['interests']) : '';
$userData['biography'] = isset($_POST['biography']) ? trim($_POST['biography']) : '';
$userData['quotes'] = isset($_POST['quotes']) ? trim($_POST['quotes']) : '';
$userData['website'] = isset($_POST['website']) ? strip_tags(trim($_POST['website'])) : '';
$userData['jabber'] = isset($_POST['jabber']) ? trim($_POST['jabber']) : '';
$userData['yahoo'] = isset($_POST['yahoo']) ? trim($_POST['yahoo']) : '';
$userData['facebook'] = isset($_POST['facebook']) ? trim($_POST['facebook']) : '';
$userData['twitter'] = isset($_POST['twitter']) ? trim($_POST['twitter']) : '';
$userData['steam'] = isset($_POST['steam']) ? trim($_POST['steam']) : '';
$userData['skype'] = isset($_POST['skype']) ? trim($_POST['skype']) : '';
$userData['github'] = isset($_POST['github']) ? trim($_POST['github']) : '';
$userData['userscript'] = isset($_POST['userscript']) ? strip_tags(trim($_POST['userscript'])) : '';
$userData['dateformat'] = isset($_POST['dateformat']) ? trim($_POST['dateformat']) : '';
foreach ($userData as $key => $val) {
Beispiel #12
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Notification;
use NERDZ\Core\User;
$notification = new Notification();
$user = new User();
if ($user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('ok', $notification->count(false, true)));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
Beispiel #13
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
Beispiel #14
0
<?php

require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
$user = new User();
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . "\n" . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
$create = true;
//required by validateproject.php
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateproject.php';
try {
    Db::getDb()->beginTransaction();
    Db::query(['INSERT INTO groups ("description","name") VALUES (:description,:name)', [':description' => $projectData['description'], ':name' => $projectData['name']]], Db::NO_RETURN);
    $o = Db::query(['SELECT counter FROM groups WHERE name = :name', [':name' => $projectData['name']]], Db::FETCH_OBJ);
    Db::query(['INSERT INTO groups_owners("from", "to")  VALUES(:owner, :group)', [':owner' => $projectData['owner'], ':group' => $o->counter]], Db::NO_RETURN);
    Db::getDb()->commit();
} catch (\PDOException $e) {
    Db::getDb()->rollBack();
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
Beispiel #15
0
<?php

require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Comments;
use NERDZ\Core\User;
$user = new User();
$message = new Comments();
if (!$user->isLogged() || empty($_GET['message'])) {
    $_GET['message'] = $user->lang('ERROR');
}
$vals = [];
$vals['message_n'] = $message->bbcode($message->parseQuote(htmlspecialchars($_GET['message'], ENT_QUOTES, 'UTF-8')));
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/preview');
Beispiel #16
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
use NERDZ\Core\Comments;
use NERDZ\Core\Messages;
use NERDZ\Core\Gravatar;
use NERDZ\Core\System;
use NERDZ\Core\User;
$prj = isset($prj);
$user = new User();
$comments = new Comments();
if (!$user->isLogged()) {
    die($user->lang('REGISTER'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
    case 'get':
        $hcid = isset($_POST['hcid']) && is_numeric($_POST['hcid']) ? $_POST['hcid'] : false;
        if (!$hcid) {
            die($user->lang('ERROR') . ': no hcid');
        }
        $vals = [];
        $vals['list_a'] = $comments->get($hcid, $prj);
        $vals['showform_b'] = false;
        $vals['needmorebtn_b'] = false;
        $vals['commentcount_n'] = 0;
        $vals['hpid_n'] = 0;
        $vals['onerrorimgurl_n'] = System::getResourceDomain() . '/static/images/red_x.png';
        $user->getTPL()->assign($vals);
        $user->getTPL()->draw(($prj ? 'project' : 'profile') . '/comments');
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$capt = new Captcha();
if (!$capt->check(isset($_POST['captcha']) ? $_POST['captcha'] : '')) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if (Db::NO_ERRNO != Db::query(array('DELETE FROM "users" WHERE "counter" = ?', array($_SESSION['id'])), Db::FETCH_ERRNO)) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$motivation = !empty($_POST['motivation']) ? htmlentities($_POST['motivation'], ENT_QUOTES, 'UTF-8') : false;
if ($motivation) {
    Db::query(['UPDATE "deleted_users" SET "motivation" = :motivation WHERE "counter" = :counter', [':motivation' => $motivation, ':counter' => $_SESSION['id']]], Db::NO_RETURN);
}
$user->logout();
die(NERDZ\Core\Utils::jsonResponse('ok', 'Bye :('));
Beispiel #18
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!$user->isLogged() || empty($_POST['id']) || !is_numeric($_POST['id'])) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('LOGIN')));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
    case 'del':
        if (Db::NO_ERRNO != Db::query(['DELETE FROM "blacklist" WHERE "from" = :me AND "to" = :to', [':me' => $_SESSION['id'], ':to' => $_POST['id']]], Db::FETCH_ERRNO)) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
        }
        break;
    case 'add':
        $motivation = empty($_POST['motivation']) ? '' : htmlspecialchars(trim($_POST['motivation']), ENT_QUOTES, 'UTF-8');
        if (!$user->hasInBlacklist($_POST['id'])) {
            if (Db::NO_ERRNO != Db::query(['INSERT INTO "blacklist"("from","to","motivation") VALUES (:me,:to,:motivation)', [':me' => $_SESSION['id'], ':to' => $_POST['id'], ':motivation' => $motivation]], Db::FETCH_ERRNO)) {
                die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
            }
        } else {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1'));
        }
        break;
    default:
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '2'));
        break;
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
Beispiel #19
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\User;
$messages = new Messages();
$user = new User();
$prj = isset($prj);
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', 'CSRF'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
    case 'add':
        if (empty($_POST['to'])) {
            if ($prj) {
                die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . 'a'));
            } else {
                $_POST['to'] = $_SESSION['id'];
            }
        }
        die(NERDZ\Core\Utils::jsonDbResponse($messages->add($_POST['to'], isset($_POST['message']) ? $_POST['message'] : '', ['news' => !empty($_POST['news']), 'issue' => !empty($_POST['issue']), 'project' => $prj, 'language' => !empty($_POST['language']) ? $_POST['language'] : false])));
        break;
    case 'del':
        if (!isset($_SESSION['delpost']) || empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || $_SESSION['delpost'] != $_POST['hpid'] || !$messages->delete($_POST['hpid'], $prj)) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
        }
        unset($_SESSION['delpost']);
Beispiel #20
0
use NERDZ\Core\Config;
use NERDZ\Core\User;
use NERDZ\Core\Messages;
use NERDZ\Core\Security;
$user = new User();
$l = "\t\n\r\v ����� ­";
$userData = [];
$userData['name'] = isset($_POST['name']) ? trim($_POST['name'], $l) : false;
$userData['surname'] = isset($_POST['surname']) ? trim($_POST['surname'], $l) : false;
$userData['email'] = isset($_POST['email']) ? trim($_POST['email'], $l) : false;
$userData['timezone'] = isset($_POST['timezone']) ? trim($_POST['timezone'], $l) : false;
if ($user->isLogged()) {
    $updatedPassword = false;
    if (empty($_POST['password'])) {
        if (!($obj = Db::query(['SELECT "password" FROM "users" WHERE counter = :id', [':id' => $_SESSION['id']]], Db::FETCH_OBJ))) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
        }
        $userData['password'] = $obj->password;
        //saved hashed password
    } else {
        $userData['password'] = $_POST['password'];
        $updatedPassword = true;
    }
} else {
    $userData['password'] = isset($_POST['password']) ? $_POST['password'] : false;
    $userData['username'] = isset($_POST['username']) ? trim($_POST['username'], $l) : false;
}
$userData['gender'] = isset($_POST['gender']) && is_numeric($_POST['gender']) && $_POST['gender'] > 0 && $_POST['gender'] <= 2 ? $_POST['gender'] : false;
$birth['birth_day'] = isset($_POST['birth_day']) && is_numeric($_POST['birth_day']) && $_POST['birth_day'] > 0 ? $_POST['birth_day'] : false;
$birth['birth_month'] = isset($_POST['birth_month']) && is_numeric($_POST['birth_month']) && $_POST['birth_month'] > 0 ? $_POST['birth_month'] : false;
$birth['birth_year'] = isset($_POST['birth_year']) && is_numeric($_POST['birth_year']) && $_POST['birth_year'] > 0 ? $_POST['birth_year'] : false;
Beispiel #21
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
$user = new User();
if (isset($_POST['comment'])) {
    $message = new NERDZ\Core\Comments();
    if (!isset($_POST['hcid']) || !is_numeric($_POST['hcid'])) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hcid'));
    }
    $id = $_POST['hcid'];
} else {
    $message = new NERDZ\Core\Messages();
    if (!isset($_POST['hpid']) || !is_numeric($_POST['hpid'])) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hpid'));
    }
    $id = $_POST['hpid'];
}
$revNo = isset($_POST['revNo']) && is_numeric($_POST['revNo']) && $_POST['revNo'] >= 1 ? $_POST['revNo'] : 0;
if (!$revNo) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': invalid revNo'));
}
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$rev = $message->getRevision($id, $revNo, isset($prj));
die(is_object($rev) ? NERDZ\Core\Utils::jsonResponse(['datetime' => $user->getDateTime($rev->time), 'message' => $message->bbcode($rev->message)]) : NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
Beispiel #22
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (isset($_POST['comment'])) {
    $message = new NERDZ\Core\Comments();
    if (!isset($_POST['hcid']) || !is_numeric($_POST['hcid'])) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hcid'));
    }
    $id = $_POST['hcid'];
} else {
    $message = new NERDZ\Core\Messages();
    if (!isset($_POST['hpid']) || !is_numeric($_POST['hpid'])) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hpid'));
    }
    $id = $_POST['hpid'];
}
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (isset($_POST['thumb']) && is_numeric($_POST['thumb'])) {
    $thumb = (int) $_POST['thumb'];
    $dbResponse = $message->setThumbs($id, $thumb, isset($prj));
    if ($dbResponse != Db::NO_ERRSTR) {
        die(NERDZ\Core\Utils::jsonDbResponse($dbResponse));
    }
} else {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': 3'));
Beispiel #23
0
$user = new User();
$tplcfg = $user->getTemplateCfg();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
?>
    <!DOCTYPE html>
    <html lang="<?php 
echo $user->getBoardLanguage();
?>
">
    <head>
    <meta name="author" content="Paolo Galeone" />
    <title><?php 
echo NERDZ\Core\Utils::getSiteName();
?>
 - <?php 
echo $user->lang('BANNED');
?>
</title>
<?php 
$headers = $tplcfg->getTemplateVars('banned');
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/jscssheaders.php';
?>
    </head>
    <?php 
ob_flush();
?>
<body>
    <div id="body">
<?php 
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/header.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/banned.php';
<?php

require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Config;
use NERDZ\Core\Utils;
use NERDZ\Core\Project;
use NERDZ\Core\User;
use NERDZ\Core\Messages;
$user = new User();
$project = new Project();
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
foreach ($_POST as &$val) {
    $val = trim($val);
}
if (empty($_POST['description']) || !is_string($_POST['description'])) {
    //always required
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MUST_COMPLETE_FORM') . "\n\n" . $user->lang('MISSING') . ":\n" . $user->lang('DESCRIPTION')));
}
$projectData = [];
$projectData['description'] = $_POST['description'];
$projectData['owner'] = $_SESSION['id'];
//required for creation
if (isset($create)) {
    if (empty($_POST['name']) || !is_string($_POST['name'])) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MUST_COMPLETE_FORM') . "\n\n" . $user->lang('MISSING') . ":\n" . $user->lang('NAME')));
    }
    $projectData['name'] = $_POST['name'];
    if ($project->getId($projectData['name']) !== 0) {
Beispiel #25
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
use NERDZ\Core\User;
$user = new User();
if (!$user->isLogged()) {
    die($user->lang('REGISTER'));
}
if (!NERDZ\Core\Security::refererControl()) {
    die($user->lang('ERROR'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
    case 'get':
        //fa tutto lei compresa la gestione di $_POST[hpid]
        $hpid = isset($_POST['hpid']) ? $_POST['hpid'] : -1;
        $draw = true;
        require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/singlepost.html.php';
        break;
    default:
        die($user->lang('ERROR'));
        break;
}
Beispiel #26
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if ($user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ALREADY_LOGGED')));
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php';
$ret = Db::query(['INSERT INTO users ("username","password","name","surname","email","gender","birth_date","lang","board_lang","timezone","remote_addr", "http_user_agent")
        VALUES (:username, crypt(:password, gen_salt(\'bf\', 7)) , :name, :surname, :email, :gender, :date, :lang, :lang, :timezone, :remote_addr, :http_user_agent)', [':username' => $userData['username'], ':password' => $userData['password'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':timezone' => $userData['timezone'], ':date' => $birth['date'], ':lang' => $user->getLanguage(), ':remote_addr' => $_SERVER['REMOTE_ADDR'], ':http_user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') : '']], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
    die(NERDZ\Core\Utils::jsonDbResponse($ret));
}
if (!$user->login($userData['username'], $userData['password'], $setCookie = true)) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('LOGIN_OK')));
Beispiel #27
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\System;
$user = new User();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
if (!$user->isLogged()) {
    die($user->lang('REGISTER'));
}
$vals = [];
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit');
$longlangs = System::getAvailableLanguages(1);
$vals['langs_a'] = [];
$i = 0;
foreach ($longlangs as $id => $val) {
    $vals['langs_a'][$i]['longlang_n'] = $val;
    $vals['langs_a'][$i]['shortlang_n'] = $id;
    ++$i;
}
$vals['mylang_n'] = $user->getLanguage($_SESSION['id']);
$vals['myboardlang_n'] = $user->getBoardLanguage($_SESSION['id']);
$user->getTPL()->assign($vals);
$user->getTPL()->draw('preferences/language');
Beispiel #28
0
use NERDZ\Core\User;
use NERDZ\Core\Config;
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
use NERDZ\Core\Security;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
$email = isset($_POST['email']) ? trim($_POST['email']) : false;
$password = isset($_POST['password']) ? $_POST['password'] : false;
$token = isset($_POST['token']) ? $_POST['token'] : false;
$key = isset($_POST['key']) && is_numeric($_POST['key']) ? $_POST['key'] : false;
if ($email !== false && $captcha !== false) {
    // 1st step
    if (!$captcha) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
    }
    if (!$cptcka->check($captcha)) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
    }
    if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MAIL_NOT_VALID')));
    }
    if (!($obj = Db::query(['SELECT "username","counter" FROM "users" WHERE "email" = :email', [':email' => $email]], Db::FETCH_OBJ))) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
    }
    $vals = [];
    $vals['username_n'] = $obj->username;
    $vals['usernamelink_n'] = 'http://' . Config\SITE_HOST . '/' . \NERDZ\Core\Utils::userLink($obj->username);
    $vals['account_n'] = "{$obj->username} - ID: {$obj->counter}";
    $vals['ip_n'] = $_SERVER['REMOTE_ADDR'];