function createArray(&$ret, $query, $position) { if (!($o = Db::query($query, Db::FETCH_OBJ))) { $ret[$position] = -1; } else { $ret[$position] = $o->cc; } }
/* BEGIN BLACKLIST_STUFF */ if ($logged) { $jsonIdiots = []; if ($blist = $user->getBlacklist()) { $blistcss = '<style type="text/css">'; foreach ($blist as $b_id) { $blistcss .= ".bluser{$b_id},"; $jsonIdiots[] = User::getUsername($b_id); } } ?> N.idiots=<?php echo json_encode($jsonIdiots); ?> , N.tplVars=<?php echo $user->getTemplateVariables(); ?> ; <?php } ?> </script> <?php if ($logged && isset($blistcss)) { echo substr($blistcss, 0, -1), '{border:1px solid #FF0000}</style>'; } /* END BLACKLIST_STUFF */ if ($logged && ($o = Db::query(array('SELECT "userscript" FROM "profiles" WHERE "counter" = ?', array($_SESSION['id'])), Db::FETCH_OBJ)) && !empty($o->userscript)) { echo '<script src="', html_entity_decode($o->userscript, ENT_QUOTES, 'UTF-8'), '"></script>'; }
while (1) { $newNotifications = $user->count(false, true); if ($newNotifications != $notification) { $notification = $newNotifications; $push('notification', 'ok', $notification); } $newPm = $user->countPms(); if ($newPm != $pm) { $pm = $newPm; $push('pm', 'ok', $pm); } Db::query(['UPDATE "users" SET "last" = NOW(), "viewonline" = :on WHERE "counter" = :id', [':on' => $viewonline, ':id' => $_SESSION['id']]], Db::NO_RETURN); if ($o = Db::query(['SELECT "remote_addr","http_user_agent" FROM "users" WHERE "counter" = :id', [':id' => $_SESSION['id']]], Db::FETCH_OBJ)) { if (empty($o->remote_addr) || empty($_SESSION['remote_addr']) || $o->remote_addr != $_SERVER['REMOTE_ADDR']) { Db::query(['UPDATE "users" SET "remote_addr" = :addr WHERE "counter" = :id', [':addr' => $_SERVER['REMOTE_ADDR'], ':id' => $_SESSION['id']]], Db::NO_RETURN); $dontSendCacheLimiter(); $_SESSION['remote_addr'] = $_SERVER['REMOTE_ADDR']; session_write_close(); } if (empty($o->http_user_agent) || empty($_SESSION['http_user_agent']) || $o->http_user_agent != $_SERVER['HTTP_USER_AGENT']) { Db::query(['UPDATE "users" SET "http_user_agent" = :uag WHERE "counter" = :id', [':uag' => htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8'), ':id' => $_SESSION['id']]], Db::NO_RETURN); $dontSendCacheLimiter(); $_SESSION['http_user_agent'] = $_SERVER['HTTP_USER_AGENT']; session_write_close(); } } sleep(5); } //while 1 } // else
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer')); } if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token')); } if (!$user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER'))); } if (isset($_GET['action']) && $_GET['action'] == 'vars') { if (isset($_POST['vars']) && is_array($_POST['vars'])) { $user->setTemplateVariables($_POST['vars']); } else { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': JSON')); } } else { $theme = isset($_POST['theme']) && is_string($_POST['theme']) ? trim($_POST['theme']) : ''; $shorts = []; $templates = System::getAvailableTemplates(); foreach ($templates as $val) { $shorts[] = $val['number']; } if (!in_array($theme, $shorts)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } $column = (Config\MOBILE_HOST == $_SERVER['HTTP_HOST'] ? 'mobile_' : '') . 'template'; if (Db::NO_ERRNO != Db::query(['UPDATE "profiles" SET "' . $column . '" = :theme WHERE "counter" = :id', [':theme' => $theme, ':id' => $_SESSION['id']]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', 'Update: ' . $user->lang('ERROR'))); } $_SESSION['template'] = $theme; } die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; $validFields = ['name', 'description']; $limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20; $order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC'; $q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8'); $orderby = isset($_GET['orderby']) ? NERDZ\Core\Security::fieldControl($_GET['orderby'], $validFields, 'name') : 'name'; $vals = []; $query = empty($q) ? "SELECT name, description,counter\n FROM groups\n ORDER BY {$orderby} {$order} LIMIT {$limit}" : ["SELECT name,description, counter\n FROM groups WHERE CAST({$orderby} AS TEXT) ILIKE ?\n ORDER BY {$orderby} {$order} LIMIT {$limit}", ["%{$q}%"]]; $vals['list_a'] = []; if ($r = Db::query($query, Db::FETCH_STMT)) { $i = 0; while ($o = $r->fetch(PDO::FETCH_OBJ)) { $vals['list_a'][$i]['id_n'] = $o->counter; $vals['list_a'][$i]['name_n'] = $o->name; $vals['list_a'][$i]['description_n'] = $o->description; $vals['list_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name); ++$i; } } \NERDZ\Core\Security::setNextAndPrevURLs($vals, $limit, ['order' => $order, 'query' => $q, 'field' => empty($_GET['orderby']) ? '' : $_GET['orderby'], 'validFields' => $validFields]); require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php'; $user->getTPL()->assign($vals); $user->getTPL()->draw('base/projectslist');
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\User; use NERDZ\Core\Db; $user = new User(); ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML')); if (!NERDZ\Core\Security::refererControl()) { die($user->lang('ERROR')); } if (!$user->isLogged()) { die($user->lang('REGISTER')); } $vals = []; $vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit'); if (!($r = Db::query(['SELECT g."name", g.counter FROM "groups" g INNER JOIN "groups_owners" go ON go."to" = g.counter WHERE go."from" = :id', [':id' => $_SESSION['id']]], Db::FETCH_STMT))) { $vals['myprojects_a'] = []; } else { $i = 0; while ($o = $r->fetch(PDO::FETCH_OBJ)) { $vals['myprojects_a'][$i]['name_n'] = $o->name; $vals['myprojects_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name); $vals['myprojects_a'][$i]['id_n'] = $o->counter; ++$i; } } $user->getTPL()->assign($vals); $user->getTPL()->draw('preferences/projects');
// intval below $pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false; $action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false); $found = true; if ($id) { $id = intval($id); //intval here, so we can display the user not found message if (false === ($info = $user->getObject($id))) { $username = $user->lang('USER_NOT_FOUND'); $found = false; $post = new stdClass(); $post->message = ''; } else { $username = $info->username; if ($pid && !$user->hasInBlacklist($id)) { if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) { $post = new stdClass(); $post->message = ''; } } else { $post = new stdClass(); $post->message = ''; } } /*else abbiamo la variabili $info con tutti i dati dell'utente in un oggetto */ } else { die(header('Location: /index.php')); } ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML')); $a = explode(' ', $messages->parseNews(Messages::stripTags(str_replace("\n", ' ', $post->message)))); $i = 25;
<?php if (!isset($gid, $user, $project)) { die('$id & user required'); } require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; $limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20; $users = $project->getMembers($gid, $limit); $total = $project->getMembersCount($gid); $type = 'members'; $dateExtractor = function ($memberId) use($gid, $user) { $projectId = $gid; $since = Db::query(['SELECT EXTRACT(EPOCH FROM time) AS time FROM "groups_members" WHERE "from" = :fid AND "to" = :id', [':id' => $projectId, ':fid' => $memberId]], Db::FETCH_OBJ); if (!$since) { $since = new StdClass(); $since->time = 0; } return $user->getDateTime($since->time); }; return require $_SERVER['DOCUMENT_ROOT'] . '/pages/common/userslist.html.php';
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\User; use NERDZ\Core\Db; $user = new User(); if (!$user->isLogged() || empty($_POST['id']) || !is_numeric($_POST['id'])) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('LOGIN'))); } switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') { case 'del': if (Db::NO_ERRNO != Db::query(['DELETE FROM "blacklist" WHERE "from" = :me AND "to" = :to', [':me' => $_SESSION['id'], ':to' => $_POST['id']]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } break; case 'add': $motivation = empty($_POST['motivation']) ? '' : htmlspecialchars(trim($_POST['motivation']), ENT_QUOTES, 'UTF-8'); if (!$user->hasInBlacklist($_POST['id'])) { if (Db::NO_ERRNO != Db::query(['INSERT INTO "blacklist"("from","to","motivation") VALUES (:me,:to,:motivation)', [':me' => $_SESSION['id'], ':to' => $_POST['id'], ':motivation' => $motivation]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } } else { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1')); } break; default: die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '2')); break; } die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
public static function getUsername($id = null) { if (isset($_SESSION['logged']) && $_SESSION['logged'] && ($id === null || $id == $_SESSION['id'])) { return $_SESSION['username']; } $field = is_numeric($id) ? 'counter' : 'email'; if (!($o = Db::query(['SELECT "username" FROM "users" WHERE "' . $field . '" = :id', [':id' => $id]], Db::FETCH_OBJ))) { return false; } return $o->username; }
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\User; use NERDZ\Core\Db; $user = new User(); ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML')); if (!$user->isLogged()) { die($user->lang('REGISTER')); } if (!($o = Db::query(['SELECT "private" FROM "users" WHERE "counter" = :id', [':id' => $_SESSION['id']]], Db::FETCH_OBJ))) { die($user->lang('ERROR')); } $vals['private_b'] = $o->private; $vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit'); $user->getTPL()->assign($vals); $user->getTPL()->draw('preferences/guests');
<?php if (!isset($id)) { die('$id required'); } require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Project; use NERDZ\Core\User; use NERDZ\Core\Db; $prj = isset($prj); $entity = $prj ? new Project() : new User(); $limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20; $users = $entity->getFollowers($id, $limit); $total = $entity->getFollowersCount($id); $type = 'followers'; $user = new User(); $dateExtractor = function ($friendId) use($id, $user, $prj) { $profileId = $id; $since = Db::query(['SELECT EXTRACT(EPOCH FROM time) AS time FROM "' . ($prj ? 'groups_' : '') . 'followers" WHERE "to" = :id AND "from" = :fid', [':id' => $profileId, ':fid' => $friendId]], Db::FETCH_OBJ); if (!$since) { $since = new StdClass(); $since->time = 0; } return $user->getDateTime($since->time); }; return require $_SERVER['DOCUMENT_ROOT'] . '/pages/common/userslist.html.php';
$newmem[] = $uid; $userMap[$uid] = $username; } else { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid member - ' . $v)); } } //members to add $toadd = array_diff($newmem, $oldmem); foreach ($toadd as $uid) { $ret = Db::query(['INSERT INTO "groups_members"("to","from") VALUES(:project,:user)', [':project' => $id, ':user' => $uid]], Db::FETCH_ERRSTR); if ($ret != Db::NO_ERRSTR) { die(NERDZ\Core\Utils::jsonDbResponse($ret, $userMap[$uid])); } } // members to remove $toremove = array_diff($oldmem, $newmem); foreach ($toremove as $val) { if (Db::NO_ERRNO != Db::query(['DELETE FROM groups_members WHERE "to" = :project AND "from" = :user', [':project' => $id, ':user' => $val]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '4')); } } if (Db::NO_ERRNO != Db::query(['UPDATE "groups" SET "description" = :desc, "website" = :website, "photo" = :photo, "private" = :private, "open" = :open, "goal" = :goal, "visible" = :visible WHERE "counter" = :id', [':desc' => $projectData['description'], ':website' => $projectData['website'], ':photo' => $projectData['photo'], ':private' => $projectData['private'], ':open' => $projectData['open'], ':goal' => $projectData['goal'], ':visible' => $projectData['visible'], ':id' => $id]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } break; default: die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); break; } die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
$_SESSION['dateformat'] = $userData['dateformat']; if (isset($_POST['whitelist'])) { $oldlist = $user->getWhitelist($_SESSION['id']); $m = array_filter(array_unique(explode("\n", $_POST['whitelist']))); $newlist = []; foreach ($m as $v) { $uid = $user->getId(trim($v)); if (is_numeric($uid) && $uid > 0) { if (Db::NO_ERRNO != Db::query(['INSERT INTO "whitelist"("from","to") SELECT :id, :uid WHERE NOT EXISTS (SELECT 1 FROM "whitelist" WHERE "from" = :id AND "to" = :uid)', [':id' => $_SESSION['id'], ':uid' => $uid]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1')); } $newlist[] = $uid; } else { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid user - ' . $v)); } } $toremove = []; foreach ($oldlist as $val) { if (!in_array($val, $newlist)) { $toremove[] = $val; } } foreach ($toremove as $val) { if (Db::NO_ERRNO != Db::query(['DELETE FROM "whitelist" WHERE "from" = :id AND "to" = :val', [':id' => $_SESSION['id'], ':val' => $val]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '4')); } } } die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
usort($vals['userof_a'], '\\NERDZ\\Core\\Utils::sortByUsername'); $vals['github_n'] = $info->github; $vals['yahoo_n'] = $vals['logged_b'] ? $info->yahoo : ''; $vals['jabber_n'] = $vals['logged_b'] ? $info->jabber : ''; $vals['skype_n'] = $vals['logged_b'] ? $info->skype : ''; $vals['steam_n'] = $vals['logged_b'] ? $info->steam : ''; $vals['facebook_n'] = $vals['logged_b'] ? $info->facebook : ''; $vals['twitter_n'] = $vals['logged_b'] ? $info->twitter : ''; $vals['id_n'] = $id; // single post like nessuno.1 $found = false; if ($vals['singlepost_b']) { if ($user->hasInBlacklist($id)) { require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php'; $user->getTPL()->draw('profile/postnotfound'); } elseif (!($post = Db::query(['SELECT "hpid" FROM "posts" WHERE "pid" = :pid AND "to" = :id', array_merge([':pid' => $pid], $ida)], Db::FETCH_OBJ))) { require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php'; $user->getTPL()->draw('profile/postnotfound'); } else { // required for singlepost $hpid = $post->hpid; $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/singlepost.html.php'); $found = true; } } elseif ($vals['friends_b']) { $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/friends.html.php'); } elseif ($vals['following_b']) { $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/following.html.php'); } elseif ($vals['followers_b']) { $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/followers.html.php'); } elseif ($vals['interactions_b']) {
<?php if (!isset($id, $user)) { die('$id & user required'); } require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; $limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20; $users = $user->getFriends($id, $limit); $total = $user->getFriendsCount($id); $type = 'friends'; $dateExtractor = function ($friendId) use($id, $user) { $profileId = $id; $since = Db::query(['SELECT EXTRACT(EPOCH FROM T.cc) AS time FROM ( SELECT MAX("time") AS cc FROM "followers" WHERE ("from" = :id AND "to" = :fid) OR ("from" = :fid AND "to" = :id) ) AS T', [':id' => $profileId, ':fid' => $friendId]], Db::FETCH_OBJ); if (!$since) { $since = new StdClass(); $since->time = 0; } return $user->getDateTime($since->time); }; return require $_SERVER['DOCUMENT_ROOT'] . '/pages/common/userslist.html.php';
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; use NERDZ\Core\User; $user = new User(); ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML')); if (!$user->isLogged()) { die($user->lang('REGISTER')); } if (!($obj = Db::query(array('SELECT * FROM "profiles" WHERE "counter" = ?', array($_SESSION['id'])), Db::FETCH_OBJ))) { die($user->lang('ERROR')); } $vals = []; $vals['interests_a'] = explode("\n", $obj->interests); foreach ($vals['interests_a'] as &$val) { $val = trim($val); } $vals['biography_n'] = $obj->biography; $vals['quotes_a'] = explode("\n", $obj->quotes); foreach ($vals['quotes_a'] as &$val) { $val = trim($val); } $vals['website_n'] = $obj->website; $vals['jabber_n'] = $obj->jabber; $vals['yahoo_n'] = $obj->yahoo; $vals['facebook_n'] = $obj->facebook; $vals['twitter_n'] = $obj->twitter; $vals['steam_n'] = $obj->steam; $vals['skype_n'] = $obj->skype;
<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; $validFields = ['username', 'name', 'surname', 'birth_date', 'last', 'counter', 'registration_time']; $limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20; $order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC'; $q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8'); $orderby = isset($_GET['orderby']) ? NERDZ\Core\Security::fieldControl($_GET['orderby'], $validFields, 'username') : 'username'; $query = empty($q) ? "SELECT counter\n FROM users\n ORDER BY {$orderby} {$order} LIMIT {$limit}" : ["SELECT counter\n FROM users\n WHERE CAST({$orderby} AS TEXT) ILIKE ?\n ORDER BY {$orderby} {$order} LIMIT {$limit}", ["%{$q}%"]]; $vals = []; $users = !($stmt = Db::query($query, Db::FETCH_STMT)) ? [] : $stmt->fetchAll(PDO::FETCH_COLUMN); $type = 'list'; $dateExtractor = function ($friendId, $registrationDate) { return $registrationDate; }; // Fetch total users number (from cache if present) require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/stats.php'; // assign $vals['totusers_n'] to $total, required by userslist.html.php $total = $vals['totusers_n']; require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/userslist.html.php'; $user->getTPL()->draw('base/userslist');
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; use NERDZ\Core\User; use NERDZ\Core\Captcha; $user = new User(); $cptcka = new Captcha(); $captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false; if (!$captcha) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA'))); } if (!$cptcka->check($captcha)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA'))); } if ($user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ALREADY_LOGGED'))); } require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php'; $ret = Db::query(['INSERT INTO users ("username","password","name","surname","email","gender","birth_date","lang","board_lang","timezone","remote_addr", "http_user_agent") VALUES (:username, crypt(:password, gen_salt(\'bf\', 7)) , :name, :surname, :email, :gender, :date, :lang, :lang, :timezone, :remote_addr, :http_user_agent)', [':username' => $userData['username'], ':password' => $userData['password'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':timezone' => $userData['timezone'], ':date' => $birth['date'], ':lang' => $user->getLanguage(), ':remote_addr' => $_SERVER['REMOTE_ADDR'], ':http_user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') : '']], Db::FETCH_ERRSTR); if ($ret != Db::NO_ERRSTR) { die(NERDZ\Core\Utils::jsonDbResponse($ret)); } if (!$user->login($userData['username'], $userData['password'], $setCookie = true)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login')); } die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('LOGIN_OK')));
public function countComments($hpid, $project = false) { $table = ($project ? 'groups_' : '') . 'comments'; if ($this->user->isLogged()) { if (!($o = Db::query(['SELECT COUNT("hcid") AS cc FROM "' . $table . '" WHERE "hpid" = :hpid AND "from" NOT IN (SELECT "to" FROM "blacklist" WHERE "from" = :id)' . ($project ? '' : ' AND "to" NOT IN (SELECT "to" FROM "blacklist" WHERE "from" = :id)'), [':hpid' => $hpid, ':id' => $_SESSION['id']]], Db::FETCH_OBJ))) { return 0; } } else { if (!($o = Db::query(['SELECT COUNT("hcid") AS cc FROM "' . $table . '" WHERE "hpid" = :hpid', [':hpid' => $hpid]], Db::FETCH_OBJ))) { return 0; } } return $o->cc; }
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Captcha; use NERDZ\Core\Db; use NERDZ\Core\User; $user = new User(); if (!NERDZ\Core\Security::refererControl()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer')); } if (!$user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER'))); } $capt = new Captcha(); if (!$capt->check(isset($_POST['captcha']) ? $_POST['captcha'] : '')) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA'))); } if (Db::NO_ERRNO != Db::query(array('DELETE FROM "users" WHERE "counter" = ?', array($_SESSION['id'])), Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } $motivation = !empty($_POST['motivation']) ? htmlentities($_POST['motivation'], ENT_QUOTES, 'UTF-8') : false; if ($motivation) { Db::query(['UPDATE "deleted_users" SET "motivation" = :motivation WHERE "counter" = :counter', [':motivation' => $motivation, ':counter' => $_SESSION['id']]], Db::NO_RETURN); } $user->logout(); die(NERDZ\Core\Utils::jsonResponse('ok', 'Bye :('));
use NERDZ\Core\Db; use NERDZ\Core\Config; use NERDZ\Core\User; use NERDZ\Core\Messages; use NERDZ\Core\Security; $user = new User(); $l = "\t\n\r\v ����� "; $userData = []; $userData['name'] = isset($_POST['name']) ? trim($_POST['name'], $l) : false; $userData['surname'] = isset($_POST['surname']) ? trim($_POST['surname'], $l) : false; $userData['email'] = isset($_POST['email']) ? trim($_POST['email'], $l) : false; $userData['timezone'] = isset($_POST['timezone']) ? trim($_POST['timezone'], $l) : false; if ($user->isLogged()) { $updatedPassword = false; if (empty($_POST['password'])) { if (!($obj = Db::query(['SELECT "password" FROM "users" WHERE counter = :id', [':id' => $_SESSION['id']]], Db::FETCH_OBJ))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } $userData['password'] = $obj->password; //saved hashed password } else { $userData['password'] = $_POST['password']; $updatedPassword = true; } } else { $userData['password'] = isset($_POST['password']) ? $_POST['password'] : false; $userData['username'] = isset($_POST['username']) ? trim($_POST['username'], $l) : false; } $userData['gender'] = isset($_POST['gender']) && is_numeric($_POST['gender']) && $_POST['gender'] > 0 && $_POST['gender'] <= 2 ? $_POST['gender'] : false; $birth['birth_day'] = isset($_POST['birth_day']) && is_numeric($_POST['birth_day']) && $_POST['birth_day'] > 0 ? $_POST['birth_day'] : false; $birth['birth_month'] = isset($_POST['birth_month']) && is_numeric($_POST['birth_month']) && $_POST['birth_month'] > 0 ? $_POST['birth_month'] : false;
<?php use NERDZ\Core\Db; if ($user->isLogged()) { die(header('Location: /home.php')); } $token = isset($_GET['tok']) && is_string($_GET['tok']) && strlen($_GET['tok']) == 32 ? $_GET['tok'] : ''; $id = isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0 ? $_GET['id'] : false; if (!$token || !$id) { $user->getTPL()->draw('base/reset'); } else { if (!is_object($obj = Db::query(['SELECT u.username FROM reset_requests r INNER JOIN users u ON u.counter = r."to" WHERE r."counter" = :id AND r.token = :token', [':id' => $id, ':token' => $token]], Db::FETCH_OBJ))) { echo 'Invalid request'; } else { $vals = []; $vals['username_n'] = $obj->username; $vals['resettoken_n'] = $token; $vals['resetkey_n'] = $id; $user->getTPL()->assign($vals); $user->getTPL()->draw('base/reset-token'); } }
<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; use NERDZ\Core\Utils; if (!($o = Db::query('SELECT "username" FROM "users" ORDER BY "counter" DESC', Db::FETCH_OBJ))) { die('Db error'); } die(header('Location: /' . Utils::userLink($o->username)));
public function setThumbs($hcid, $vote, $project = false) { if (!$this->user->isLogged()) { return Utils::$REGISTER_DB_MESSAGE; } $table = ($project ? 'groups_' : '') . 'comment_thumbs'; return Db::query(['INSERT INTO ' . $table . ' (hcid, "from", vote) VALUES(:hcid, :from, :vote)', [':hcid' => (int) $hcid, ':from' => (int) $_SESSION['id'], ':vote' => (int) $vote]], Db::FETCH_ERRSTR); }
public static function upsertGuest() { try { Db::getDb()->beginTransaction(); $stmt = Db::getDb()->prepare('UPDATE guests SET last = NOW() WHERE remote_addr = :ip'); $stmt->execute([':ip' => $_SERVER['REMOTE_ADDR']]); $stmt = Db::getDb()->prepare('INSERT INTO guests(remote_addr, http_user_agent) SELECT :ip, :ua WHERE NOT EXISTS (SELECT 1 FROM guests WHERE remote_addr = :ip)'); $stmt->execute([':ip' => $_SERVER['REMOTE_ADDR'], ':ua' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '']); Db::getDb()->commit(); } catch (PDOException $e) { Db::dumpException($e); } }
} if (isset($_GET['gcid']) && is_numeric($_GET['gcid'])) { $gcid = intval($_GET['gcid']); } } if ((isset($id) || isset($gid)) && isset($_GET['pid']) && is_numeric($_GET['pid'])) { $pid = intval($_GET['pid']); } if ((isset($id) || isset($gid)) && isset($pid)) { $new = isset($id) ? $id : $gid; if (!($o = Db::query(['SELECT "message" FROM "' . (isset($id) ? '' : 'groups_') . 'posts" WHERE "pid" = :pid AND "to" = :new', [':pid' => $pid, ':new' => $new]], Db::FETCH_OBJ))) { die('Error'); } } elseif (isset($pcid) || isset($gcid)) { $new = isset($pcid) ? $pcid : $gcid; if (!($o = Db::query(['SELECT "message" FROM "' . (isset($pcid) ? '' : 'groups_') . 'comments" WHERE "hcid" = :hcid', [':hcid' => $new]], Db::FETCH_OBJ))) { die('error'); } } else { die; } $codes = $user->getCodes($o->message); if (isset($codes[$ncode]['code']) && isset($codes[$ncode]['lang'])) { switch (strtolower(trim($codes[$ncode]['lang']))) { case 'js': case 'javascript': case 'jquery': header('Content-type: application/javascript; charset=utf-8'); break; case 'css': header('Content-Type: text/css; charset=utf-8');
$vals['followedtot_n'] = $tot; $vals['followedonlinetot_n'] = $c; if (!($r = Db::query(['SELECT "name" FROM "groups" g INNER JOIN "groups_owners" go ON go."to" = g.counter WHERE go."from" = :id', [':id' => $_SESSION['id']]], Db::FETCH_STMT))) { die($user->lang('ERROR')); } $vals['ownerof_a'] = []; $i = 0; while ($o = $r->fetch(PDO::FETCH_OBJ)) { $vals['ownerof_a'][$i]['name_n'] = $o->name; $vals['ownerof_a'][$i]['username_n'] = $o->name; $vals['ownerof_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name); ++$i; } usort($vals['ownerof_a'], '\\NERDZ\\Core\\Utils::sortByUsername'); if (!($r = Db::query(array('SELECT "name" FROM "groups" INNER JOIN "groups_members" ON "groups"."counter" = "groups_members"."to" WHERE "from" = :id', array(':id' => $_SESSION['id'])), Db::FETCH_STMT))) { die($user->lang('ERROR')); } $vals['memberof_a'] = []; $i = 0; while ($o = $r->fetch(PDO::FETCH_OBJ)) { $vals['memberof_a'][$i]['name_n'] = $o->name; $vals['memberof_a'][$i]['username_n'] = $o->name; $vals['memberof_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name); ++$i; } usort($vals['memberof_a'], '\\NERDZ\\Core\\Utils::sortByUsername'); require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/trends.html.php'; $user->getTPL()->assign($vals); $user->getTPL()->draw('home/layout');
} if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token')); } if (!$user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER'))); } $id = $_SESSION['id']; if (!($obj = Db::query(array('SELECT "private" FROM "users" WHERE "counter" = ?', array($id)), Db::FETCH_OBJ))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') { case 'public': if ($obj->private == 1) { if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = FALSE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } } break; case 'private': if (!$obj->private) { if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = TRUE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } } break; default: die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); break; } die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; $user = new NERDZ\Core\User(); if (!$user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER'))); } $viewonline = empty($_SESSION['mark_offline']) ? '1' : '0'; if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "last" = NOW(), "viewonline" = :on WHERE "counter" = :id', array(':on' => $viewonline, ':id' => $_SESSION['id'])), Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', 'Time')); } if (!($o = Db::query(array('SELECT "remote_addr","http_user_agent" FROM "users" WHERE "counter" = :id', array(':id' => $_SESSION['id'])), Db::FETCH_OBJ))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } if (empty($o->remote_addr) || empty($_SESSION['remote_addr']) || $o->remote_addr != $_SERVER['REMOTE_ADDR']) { if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "remote_addr" = :addr WHERE "counter" = :id', array(':addr' => $_SERVER['REMOTE_ADDR'], ':id' => $_SESSION['id'])), Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', 'IP')); } $_SESSION['remote_addr'] = $_SERVER['REMOTE_ADDR']; } if (empty($o->http_user_agent) || empty($_SESSION['http_user_agent']) || $o->http_user_agent != $_SERVER['HTTP_USER_AGENT']) { if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "http_user_agent" = :uag WHERE "counter" = :id', array(':uag' => htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8'), ':id' => $_SESSION['id'])), Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', 'UA')); } $_SESSION['http_user_agent'] = $_SERVER['HTTP_USER_AGENT']; } die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));