function createArray(&$ret, $query, $position)
{
if (!($o = Db::query($query, Db::FETCH_OBJ))) {
$ret[$position] = -1;
} else {
$ret[$position] = $o->cc;
}
}
/* BEGIN BLACKLIST_STUFF */
if ($logged) {
$jsonIdiots = [];
if ($blist = $user->getBlacklist()) {
$blistcss = '<style type="text/css">';
foreach ($blist as $b_id) {
$blistcss .= ".bluser{$b_id},";
$jsonIdiots[] = User::getUsername($b_id);
}
}
?>
N.idiots=<?php
echo json_encode($jsonIdiots);
?>
,
N.tplVars=<?php
echo $user->getTemplateVariables();
?>
;
<?php
}
?>
</script>
<?php
if ($logged && isset($blistcss)) {
echo substr($blistcss, 0, -1), '{border:1px solid #FF0000}</style>';
}
/* END BLACKLIST_STUFF */
if ($logged && ($o = Db::query(array('SELECT "userscript" FROM "profiles" WHERE "counter" = ?', array($_SESSION['id'])), Db::FETCH_OBJ)) && !empty($o->userscript)) {
echo '<script src="', html_entity_decode($o->userscript, ENT_QUOTES, 'UTF-8'), '"></script>';
}
while (1) {
$newNotifications = $user->count(false, true);
if ($newNotifications != $notification) {
$notification = $newNotifications;
$push('notification', 'ok', $notification);
}
$newPm = $user->countPms();
if ($newPm != $pm) {
$pm = $newPm;
$push('pm', 'ok', $pm);
}
Db::query(['UPDATE "users" SET "last" = NOW(), "viewonline" = :on WHERE "counter" = :id', [':on' => $viewonline, ':id' => $_SESSION['id']]], Db::NO_RETURN);
if ($o = Db::query(['SELECT "remote_addr","http_user_agent" FROM "users" WHERE "counter" = :id', [':id' => $_SESSION['id']]], Db::FETCH_OBJ)) {
if (empty($o->remote_addr) || empty($_SESSION['remote_addr']) || $o->remote_addr != $_SERVER['REMOTE_ADDR']) {
Db::query(['UPDATE "users" SET "remote_addr" = :addr WHERE "counter" = :id', [':addr' => $_SERVER['REMOTE_ADDR'], ':id' => $_SESSION['id']]], Db::NO_RETURN);
$dontSendCacheLimiter();
$_SESSION['remote_addr'] = $_SERVER['REMOTE_ADDR'];
session_write_close();
}
if (empty($o->http_user_agent) || empty($_SESSION['http_user_agent']) || $o->http_user_agent != $_SERVER['HTTP_USER_AGENT']) {
Db::query(['UPDATE "users" SET "http_user_agent" = :uag WHERE "counter" = :id', [':uag' => htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8'), ':id' => $_SESSION['id']]], Db::NO_RETURN);
$dontSendCacheLimiter();
$_SESSION['http_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
session_write_close();
}
}
sleep(5);
}
//while 1
}
// else
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (isset($_GET['action']) && $_GET['action'] == 'vars') {
if (isset($_POST['vars']) && is_array($_POST['vars'])) {
$user->setTemplateVariables($_POST['vars']);
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': JSON'));
}
} else {
$theme = isset($_POST['theme']) && is_string($_POST['theme']) ? trim($_POST['theme']) : '';
$shorts = [];
$templates = System::getAvailableTemplates();
foreach ($templates as $val) {
$shorts[] = $val['number'];
}
if (!in_array($theme, $shorts)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$column = (Config\MOBILE_HOST == $_SERVER['HTTP_HOST'] ? 'mobile_' : '') . 'template';
if (Db::NO_ERRNO != Db::query(['UPDATE "profiles" SET "' . $column . '" = :theme WHERE "counter" = :id', [':theme' => $theme, ':id' => $_SESSION['id']]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Update: ' . $user->lang('ERROR')));
}
$_SESSION['template'] = $theme;
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
$validFields = ['name', 'description'];
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC';
$q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8');
$orderby = isset($_GET['orderby']) ? NERDZ\Core\Security::fieldControl($_GET['orderby'], $validFields, 'name') : 'name';
$vals = [];
$query = empty($q) ? "SELECT name, description,counter\n FROM groups\n ORDER BY {$orderby} {$order} LIMIT {$limit}" : ["SELECT name,description, counter\n FROM groups WHERE CAST({$orderby} AS TEXT) ILIKE ?\n ORDER BY {$orderby} {$order} LIMIT {$limit}", ["%{$q}%"]];
$vals['list_a'] = [];
if ($r = Db::query($query, Db::FETCH_STMT)) {
$i = 0;
while ($o = $r->fetch(PDO::FETCH_OBJ)) {
$vals['list_a'][$i]['id_n'] = $o->counter;
$vals['list_a'][$i]['name_n'] = $o->name;
$vals['list_a'][$i]['description_n'] = $o->description;
$vals['list_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name);
++$i;
}
}
\NERDZ\Core\Security::setNextAndPrevURLs($vals, $limit, ['order' => $order, 'query' => $q, 'field' => empty($_GET['orderby']) ? '' : $_GET['orderby'], 'validFields' => $validFields]);
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/projectslist');
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
if (!NERDZ\Core\Security::refererControl()) {
die($user->lang('ERROR'));
}
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
$vals = [];
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit');
if (!($r = Db::query(['SELECT g."name", g.counter FROM "groups" g INNER JOIN "groups_owners" go
ON go."to" = g.counter
WHERE go."from" = :id', [':id' => $_SESSION['id']]], Db::FETCH_STMT))) {
$vals['myprojects_a'] = [];
} else {
$i = 0;
while ($o = $r->fetch(PDO::FETCH_OBJ)) {
$vals['myprojects_a'][$i]['name_n'] = $o->name;
$vals['myprojects_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name);
$vals['myprojects_a'][$i]['id_n'] = $o->counter;
++$i;
}
}
$user->getTPL()->assign($vals);
$user->getTPL()->draw('preferences/projects');
// intval below
$pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false;
$action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false);
$found = true;
if ($id) {
$id = intval($id);
//intval here, so we can display the user not found message
if (false === ($info = $user->getObject($id))) {
$username = $user->lang('USER_NOT_FOUND');
$found = false;
$post = new stdClass();
$post->message = '';
} else {
$username = $info->username;
if ($pid && !$user->hasInBlacklist($id)) {
if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) {
$post = new stdClass();
$post->message = '';
}
} else {
$post = new stdClass();
$post->message = '';
}
}
/*else abbiamo la variabili $info con tutti i dati dell'utente in un oggetto */
} else {
die(header('Location: /index.php'));
}
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
$a = explode(' ', $messages->parseNews(Messages::stripTags(str_replace("\n", ' ', $post->message))));
$i = 25;
<?php
if (!isset($gid, $user, $project)) {
die('$id & user required');
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$users = $project->getMembers($gid, $limit);
$total = $project->getMembersCount($gid);
$type = 'members';
$dateExtractor = function ($memberId) use($gid, $user) {
$projectId = $gid;
$since = Db::query(['SELECT EXTRACT(EPOCH FROM time) AS time
FROM "groups_members"
WHERE "from" = :fid AND "to" = :id', [':id' => $projectId, ':fid' => $memberId]], Db::FETCH_OBJ);
if (!$since) {
$since = new StdClass();
$since->time = 0;
}
return $user->getDateTime($since->time);
};
return require $_SERVER['DOCUMENT_ROOT'] . '/pages/common/userslist.html.php';
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!$user->isLogged() || empty($_POST['id']) || !is_numeric($_POST['id'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('LOGIN')));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'del':
if (Db::NO_ERRNO != Db::query(['DELETE FROM "blacklist" WHERE "from" = :me AND "to" = :to', [':me' => $_SESSION['id'], ':to' => $_POST['id']]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
break;
case 'add':
$motivation = empty($_POST['motivation']) ? '' : htmlspecialchars(trim($_POST['motivation']), ENT_QUOTES, 'UTF-8');
if (!$user->hasInBlacklist($_POST['id'])) {
if (Db::NO_ERRNO != Db::query(['INSERT INTO "blacklist"("from","to","motivation") VALUES (:me,:to,:motivation)', [':me' => $_SESSION['id'], ':to' => $_POST['id'], ':motivation' => $motivation]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1'));
}
break;
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '2'));
break;
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
public static function getUsername($id = null)
{
if (isset($_SESSION['logged']) && $_SESSION['logged'] && ($id === null || $id == $_SESSION['id'])) {
return $_SESSION['username'];
}
$field = is_numeric($id) ? 'counter' : 'email';
if (!($o = Db::query(['SELECT "username" FROM "users" WHERE "' . $field . '" = :id', [':id' => $id]], Db::FETCH_OBJ))) {
return false;
}
return $o->username;
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
if (!($o = Db::query(['SELECT "private" FROM "users" WHERE "counter" = :id', [':id' => $_SESSION['id']]], Db::FETCH_OBJ))) {
die($user->lang('ERROR'));
}
$vals['private_b'] = $o->private;
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit');
$user->getTPL()->assign($vals);
$user->getTPL()->draw('preferences/guests');
<?php
if (!isset($id)) {
die('$id required');
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Project;
use NERDZ\Core\User;
use NERDZ\Core\Db;
$prj = isset($prj);
$entity = $prj ? new Project() : new User();
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$users = $entity->getFollowers($id, $limit);
$total = $entity->getFollowersCount($id);
$type = 'followers';
$user = new User();
$dateExtractor = function ($friendId) use($id, $user, $prj) {
$profileId = $id;
$since = Db::query(['SELECT EXTRACT(EPOCH FROM time) AS time
FROM "' . ($prj ? 'groups_' : '') . 'followers"
WHERE "to" = :id AND "from" = :fid', [':id' => $profileId, ':fid' => $friendId]], Db::FETCH_OBJ);
if (!$since) {
$since = new StdClass();
$since->time = 0;
}
return $user->getDateTime($since->time);
};
return require $_SERVER['DOCUMENT_ROOT'] . '/pages/common/userslist.html.php';
$newmem[] = $uid;
$userMap[$uid] = $username;
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid member - ' . $v));
}
}
//members to add
$toadd = array_diff($newmem, $oldmem);
foreach ($toadd as $uid) {
$ret = Db::query(['INSERT INTO "groups_members"("to","from") VALUES(:project,:user)', [':project' => $id, ':user' => $uid]], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret, $userMap[$uid]));
}
}
// members to remove
$toremove = array_diff($oldmem, $newmem);
foreach ($toremove as $val) {
if (Db::NO_ERRNO != Db::query(['DELETE FROM groups_members WHERE "to" = :project AND "from" = :user', [':project' => $id, ':user' => $val]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '4'));
}
}
if (Db::NO_ERRNO != Db::query(['UPDATE "groups" SET "description" = :desc, "website" = :website, "photo" = :photo,
"private" = :private, "open" = :open, "goal" = :goal, "visible" = :visible WHERE "counter" = :id', [':desc' => $projectData['description'], ':website' => $projectData['website'], ':photo' => $projectData['photo'], ':private' => $projectData['private'], ':open' => $projectData['open'], ':goal' => $projectData['goal'], ':visible' => $projectData['visible'], ':id' => $id]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
break;
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
break;
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
$_SESSION['dateformat'] = $userData['dateformat'];
if (isset($_POST['whitelist'])) {
$oldlist = $user->getWhitelist($_SESSION['id']);
$m = array_filter(array_unique(explode("\n", $_POST['whitelist'])));
$newlist = [];
foreach ($m as $v) {
$uid = $user->getId(trim($v));
if (is_numeric($uid) && $uid > 0) {
if (Db::NO_ERRNO != Db::query(['INSERT INTO "whitelist"("from","to")
SELECT :id, :uid
WHERE NOT EXISTS (SELECT 1 FROM "whitelist" WHERE "from" = :id AND "to" = :uid)', [':id' => $_SESSION['id'], ':uid' => $uid]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1'));
}
$newlist[] = $uid;
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid user - ' . $v));
}
}
$toremove = [];
foreach ($oldlist as $val) {
if (!in_array($val, $newlist)) {
$toremove[] = $val;
}
}
foreach ($toremove as $val) {
if (Db::NO_ERRNO != Db::query(['DELETE FROM "whitelist" WHERE "from" = :id AND "to" = :val', [':id' => $_SESSION['id'], ':val' => $val]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '4'));
}
}
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
usort($vals['userof_a'], '\\NERDZ\\Core\\Utils::sortByUsername');
$vals['github_n'] = $info->github;
$vals['yahoo_n'] = $vals['logged_b'] ? $info->yahoo : '';
$vals['jabber_n'] = $vals['logged_b'] ? $info->jabber : '';
$vals['skype_n'] = $vals['logged_b'] ? $info->skype : '';
$vals['steam_n'] = $vals['logged_b'] ? $info->steam : '';
$vals['facebook_n'] = $vals['logged_b'] ? $info->facebook : '';
$vals['twitter_n'] = $vals['logged_b'] ? $info->twitter : '';
$vals['id_n'] = $id;
// single post like nessuno.1
$found = false;
if ($vals['singlepost_b']) {
if ($user->hasInBlacklist($id)) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->draw('profile/postnotfound');
} elseif (!($post = Db::query(['SELECT "hpid" FROM "posts" WHERE "pid" = :pid AND "to" = :id', array_merge([':pid' => $pid], $ida)], Db::FETCH_OBJ))) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->draw('profile/postnotfound');
} else {
// required for singlepost
$hpid = $post->hpid;
$vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/singlepost.html.php');
$found = true;
}
} elseif ($vals['friends_b']) {
$vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/friends.html.php');
} elseif ($vals['following_b']) {
$vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/following.html.php');
} elseif ($vals['followers_b']) {
$vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/profile/followers.html.php');
} elseif ($vals['interactions_b']) {
<?php
if (!isset($id, $user)) {
die('$id & user required');
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$users = $user->getFriends($id, $limit);
$total = $user->getFriendsCount($id);
$type = 'friends';
$dateExtractor = function ($friendId) use($id, $user) {
$profileId = $id;
$since = Db::query(['SELECT EXTRACT(EPOCH FROM T.cc) AS time
FROM (
SELECT MAX("time") AS cc FROM "followers"
WHERE ("from" = :id AND "to" = :fid) OR ("from" = :fid AND "to" = :id)
) AS T', [':id' => $profileId, ':fid' => $friendId]], Db::FETCH_OBJ);
if (!$since) {
$since = new StdClass();
$since->time = 0;
}
return $user->getDateTime($since->time);
};
return require $_SERVER['DOCUMENT_ROOT'] . '/pages/common/userslist.html.php';
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
if (!($obj = Db::query(array('SELECT * FROM "profiles" WHERE "counter" = ?', array($_SESSION['id'])), Db::FETCH_OBJ))) {
die($user->lang('ERROR'));
}
$vals = [];
$vals['interests_a'] = explode("\n", $obj->interests);
foreach ($vals['interests_a'] as &$val) {
$val = trim($val);
}
$vals['biography_n'] = $obj->biography;
$vals['quotes_a'] = explode("\n", $obj->quotes);
foreach ($vals['quotes_a'] as &$val) {
$val = trim($val);
}
$vals['website_n'] = $obj->website;
$vals['jabber_n'] = $obj->jabber;
$vals['yahoo_n'] = $obj->yahoo;
$vals['facebook_n'] = $obj->facebook;
$vals['twitter_n'] = $obj->twitter;
$vals['steam_n'] = $obj->steam;
$vals['skype_n'] = $obj->skype;
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
$validFields = ['username', 'name', 'surname', 'birth_date', 'last', 'counter', 'registration_time'];
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC';
$q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8');
$orderby = isset($_GET['orderby']) ? NERDZ\Core\Security::fieldControl($_GET['orderby'], $validFields, 'username') : 'username';
$query = empty($q) ? "SELECT counter\n FROM users\n ORDER BY {$orderby} {$order} LIMIT {$limit}" : ["SELECT counter\n FROM users\n WHERE CAST({$orderby} AS TEXT) ILIKE ?\n ORDER BY {$orderby} {$order} LIMIT {$limit}", ["%{$q}%"]];
$vals = [];
$users = !($stmt = Db::query($query, Db::FETCH_STMT)) ? [] : $stmt->fetchAll(PDO::FETCH_COLUMN);
$type = 'list';
$dateExtractor = function ($friendId, $registrationDate) {
return $registrationDate;
};
// Fetch total users number (from cache if present)
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/stats.php';
// assign $vals['totusers_n'] to $total, required by userslist.html.php
$total = $vals['totusers_n'];
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/userslist.html.php';
$user->getTPL()->draw('base/userslist');
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if ($user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ALREADY_LOGGED')));
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php';
$ret = Db::query(['INSERT INTO users ("username","password","name","surname","email","gender","birth_date","lang","board_lang","timezone","remote_addr", "http_user_agent")
VALUES (:username, crypt(:password, gen_salt(\'bf\', 7)) , :name, :surname, :email, :gender, :date, :lang, :lang, :timezone, :remote_addr, :http_user_agent)', [':username' => $userData['username'], ':password' => $userData['password'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':timezone' => $userData['timezone'], ':date' => $birth['date'], ':lang' => $user->getLanguage(), ':remote_addr' => $_SERVER['REMOTE_ADDR'], ':http_user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') : '']], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret));
}
if (!$user->login($userData['username'], $userData['password'], $setCookie = true)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('LOGIN_OK')));
public function countComments($hpid, $project = false)
{
$table = ($project ? 'groups_' : '') . 'comments';
if ($this->user->isLogged()) {
if (!($o = Db::query(['SELECT COUNT("hcid") AS cc FROM "' . $table . '" WHERE "hpid" = :hpid AND "from" NOT IN (SELECT "to" FROM "blacklist" WHERE "from" = :id)' . ($project ? '' : ' AND "to" NOT IN (SELECT "to" FROM "blacklist" WHERE "from" = :id)'), [':hpid' => $hpid, ':id' => $_SESSION['id']]], Db::FETCH_OBJ))) {
return 0;
}
} else {
if (!($o = Db::query(['SELECT COUNT("hcid") AS cc FROM "' . $table . '" WHERE "hpid" = :hpid', [':hpid' => $hpid]], Db::FETCH_OBJ))) {
return 0;
}
}
return $o->cc;
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$capt = new Captcha();
if (!$capt->check(isset($_POST['captcha']) ? $_POST['captcha'] : '')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if (Db::NO_ERRNO != Db::query(array('DELETE FROM "users" WHERE "counter" = ?', array($_SESSION['id'])), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$motivation = !empty($_POST['motivation']) ? htmlentities($_POST['motivation'], ENT_QUOTES, 'UTF-8') : false;
if ($motivation) {
Db::query(['UPDATE "deleted_users" SET "motivation" = :motivation WHERE "counter" = :counter', [':motivation' => $motivation, ':counter' => $_SESSION['id']]], Db::NO_RETURN);
}
$user->logout();
die(NERDZ\Core\Utils::jsonResponse('ok', 'Bye :('));
use NERDZ\Core\Db;
use NERDZ\Core\Config;
use NERDZ\Core\User;
use NERDZ\Core\Messages;
use NERDZ\Core\Security;
$user = new User();
$l = "\t\n\r\v ����� ";
$userData = [];
$userData['name'] = isset($_POST['name']) ? trim($_POST['name'], $l) : false;
$userData['surname'] = isset($_POST['surname']) ? trim($_POST['surname'], $l) : false;
$userData['email'] = isset($_POST['email']) ? trim($_POST['email'], $l) : false;
$userData['timezone'] = isset($_POST['timezone']) ? trim($_POST['timezone'], $l) : false;
if ($user->isLogged()) {
$updatedPassword = false;
if (empty($_POST['password'])) {
if (!($obj = Db::query(['SELECT "password" FROM "users" WHERE counter = :id', [':id' => $_SESSION['id']]], Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$userData['password'] = $obj->password;
//saved hashed password
} else {
$userData['password'] = $_POST['password'];
$updatedPassword = true;
}
} else {
$userData['password'] = isset($_POST['password']) ? $_POST['password'] : false;
$userData['username'] = isset($_POST['username']) ? trim($_POST['username'], $l) : false;
}
$userData['gender'] = isset($_POST['gender']) && is_numeric($_POST['gender']) && $_POST['gender'] > 0 && $_POST['gender'] <= 2 ? $_POST['gender'] : false;
$birth['birth_day'] = isset($_POST['birth_day']) && is_numeric($_POST['birth_day']) && $_POST['birth_day'] > 0 ? $_POST['birth_day'] : false;
$birth['birth_month'] = isset($_POST['birth_month']) && is_numeric($_POST['birth_month']) && $_POST['birth_month'] > 0 ? $_POST['birth_month'] : false;
<?php
use NERDZ\Core\Db;
if ($user->isLogged()) {
die(header('Location: /home.php'));
}
$token = isset($_GET['tok']) && is_string($_GET['tok']) && strlen($_GET['tok']) == 32 ? $_GET['tok'] : '';
$id = isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0 ? $_GET['id'] : false;
if (!$token || !$id) {
$user->getTPL()->draw('base/reset');
} else {
if (!is_object($obj = Db::query(['SELECT u.username FROM reset_requests r INNER JOIN users u ON u.counter = r."to" WHERE r."counter" = :id AND r.token = :token', [':id' => $id, ':token' => $token]], Db::FETCH_OBJ))) {
echo 'Invalid request';
} else {
$vals = [];
$vals['username_n'] = $obj->username;
$vals['resettoken_n'] = $token;
$vals['resetkey_n'] = $id;
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/reset-token');
}
}
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Utils;
if (!($o = Db::query('SELECT "username" FROM "users" ORDER BY "counter" DESC', Db::FETCH_OBJ))) {
die('Db error');
}
die(header('Location: /' . Utils::userLink($o->username)));
public function setThumbs($hcid, $vote, $project = false)
{
if (!$this->user->isLogged()) {
return Utils::$REGISTER_DB_MESSAGE;
}
$table = ($project ? 'groups_' : '') . 'comment_thumbs';
return Db::query(['INSERT INTO ' . $table . ' (hcid, "from", vote) VALUES(:hcid, :from, :vote)', [':hcid' => (int) $hcid, ':from' => (int) $_SESSION['id'], ':vote' => (int) $vote]], Db::FETCH_ERRSTR);
}
public static function upsertGuest()
{
try {
Db::getDb()->beginTransaction();
$stmt = Db::getDb()->prepare('UPDATE guests SET last = NOW() WHERE remote_addr = :ip');
$stmt->execute([':ip' => $_SERVER['REMOTE_ADDR']]);
$stmt = Db::getDb()->prepare('INSERT INTO guests(remote_addr, http_user_agent)
SELECT :ip, :ua
WHERE NOT EXISTS (SELECT 1 FROM guests WHERE remote_addr = :ip)');
$stmt->execute([':ip' => $_SERVER['REMOTE_ADDR'], ':ua' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '']);
Db::getDb()->commit();
} catch (PDOException $e) {
Db::dumpException($e);
}
}
}
if (isset($_GET['gcid']) && is_numeric($_GET['gcid'])) {
$gcid = intval($_GET['gcid']);
}
}
if ((isset($id) || isset($gid)) && isset($_GET['pid']) && is_numeric($_GET['pid'])) {
$pid = intval($_GET['pid']);
}
if ((isset($id) || isset($gid)) && isset($pid)) {
$new = isset($id) ? $id : $gid;
if (!($o = Db::query(['SELECT "message" FROM "' . (isset($id) ? '' : 'groups_') . 'posts" WHERE "pid" = :pid AND "to" = :new', [':pid' => $pid, ':new' => $new]], Db::FETCH_OBJ))) {
die('Error');
}
} elseif (isset($pcid) || isset($gcid)) {
$new = isset($pcid) ? $pcid : $gcid;
if (!($o = Db::query(['SELECT "message" FROM "' . (isset($pcid) ? '' : 'groups_') . 'comments" WHERE "hcid" = :hcid', [':hcid' => $new]], Db::FETCH_OBJ))) {
die('error');
}
} else {
die;
}
$codes = $user->getCodes($o->message);
if (isset($codes[$ncode]['code']) && isset($codes[$ncode]['lang'])) {
switch (strtolower(trim($codes[$ncode]['lang']))) {
case 'js':
case 'javascript':
case 'jquery':
header('Content-type: application/javascript; charset=utf-8');
break;
case 'css':
header('Content-Type: text/css; charset=utf-8');
$vals['followedtot_n'] = $tot;
$vals['followedonlinetot_n'] = $c;
if (!($r = Db::query(['SELECT "name" FROM "groups" g INNER JOIN "groups_owners" go
ON go."to" = g.counter
WHERE go."from" = :id', [':id' => $_SESSION['id']]], Db::FETCH_STMT))) {
die($user->lang('ERROR'));
}
$vals['ownerof_a'] = [];
$i = 0;
while ($o = $r->fetch(PDO::FETCH_OBJ)) {
$vals['ownerof_a'][$i]['name_n'] = $o->name;
$vals['ownerof_a'][$i]['username_n'] = $o->name;
$vals['ownerof_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name);
++$i;
}
usort($vals['ownerof_a'], '\\NERDZ\\Core\\Utils::sortByUsername');
if (!($r = Db::query(array('SELECT "name" FROM "groups" INNER JOIN "groups_members" ON "groups"."counter" = "groups_members"."to" WHERE "from" = :id', array(':id' => $_SESSION['id'])), Db::FETCH_STMT))) {
die($user->lang('ERROR'));
}
$vals['memberof_a'] = [];
$i = 0;
while ($o = $r->fetch(PDO::FETCH_OBJ)) {
$vals['memberof_a'][$i]['name_n'] = $o->name;
$vals['memberof_a'][$i]['username_n'] = $o->name;
$vals['memberof_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name);
++$i;
}
usort($vals['memberof_a'], '\\NERDZ\\Core\\Utils::sortByUsername');
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/trends.html.php';
$user->getTPL()->assign($vals);
$user->getTPL()->draw('home/layout');
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$id = $_SESSION['id'];
if (!($obj = Db::query(array('SELECT "private" FROM "users" WHERE "counter" = ?', array($id)), Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'public':
if ($obj->private == 1) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = FALSE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
}
break;
case 'private':
if (!$obj->private) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = TRUE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
}
break;
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
break;
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
$user = new NERDZ\Core\User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$viewonline = empty($_SESSION['mark_offline']) ? '1' : '0';
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "last" = NOW(), "viewonline" = :on WHERE "counter" = :id', array(':on' => $viewonline, ':id' => $_SESSION['id'])), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Time'));
}
if (!($o = Db::query(array('SELECT "remote_addr","http_user_agent" FROM "users" WHERE "counter" = :id', array(':id' => $_SESSION['id'])), Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
if (empty($o->remote_addr) || empty($_SESSION['remote_addr']) || $o->remote_addr != $_SERVER['REMOTE_ADDR']) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "remote_addr" = :addr WHERE "counter" = :id', array(':addr' => $_SERVER['REMOTE_ADDR'], ':id' => $_SESSION['id'])), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', 'IP'));
}
$_SESSION['remote_addr'] = $_SERVER['REMOTE_ADDR'];
}
if (empty($o->http_user_agent) || empty($_SESSION['http_user_agent']) || $o->http_user_agent != $_SERVER['HTTP_USER_AGENT']) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "http_user_agent" = :uag WHERE "counter" = :id', array(':uag' => htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8'), ':id' => $_SESSION['id'])), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', 'UA'));
}
$_SESSION['http_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
