use NERDZ\Core\Messages;
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Config;
$messages = new Messages();
$user = new User();
$tplcfg = $user->getTemplateCfg();
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false;
// intval below
$pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false;
$action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false);
$found = true;
if ($id) {
$id = intval($id);
//intval here, so we can display the user not found message
if (false === ($info = $user->getObject($id))) {
$username = $user->lang('USER_NOT_FOUND');
$found = false;
$post = new stdClass();
$post->message = '';
} else {
$username = $info->username;
if ($pid && !$user->hasInBlacklist($id)) {
if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) {
$post = new stdClass();
$post->message = '';
}
} else {
$post = new stdClass();
$post->message = '';
}
$userData['dateformat'] = isset($_POST['dateformat']) ? trim($_POST['dateformat']) : '';
foreach ($userData as $key => $val) {
$userData[$key] = trim(htmlspecialchars($val, ENT_QUOTES, 'UTF-8'));
}
$closed = isset($_POST['closed']);
$flag = true;
if (!empty($userData['website']) && !Utils::isValidURL($userData['website'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WEBSITE') . ': ' . $user->lang('INVALID_URL')));
}
if (!empty($userData['userscript']) && !Utils::isValidURL($userData['userscript'])) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Userscript: ' . $user->lang('INVALID_URL')));
}
if (!empty($userData['github']) && !preg_match('#^https?://(www\\.)?github\\.com/[a-z0-9]+$#i', $userData['github'])) {
die(NERDZ\Core\Utils::jsonResponse('error', 'GitHub: ' . $user->lang('INVALID_URL')));
}
if (false == ($obj = $user->getObject($_SESSION['id']))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
if (!empty($userData['jabber']) && false == filter_var($userData['jabber'], FILTER_VALIDATE_EMAIL)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('JABBER') . ': ' . $user->lang('MAIL_NOT_VALID')));
}
if (empty($userData['dateformat'])) {
$userData['dateformat'] = 'd/m/Y, H:i';
}
if (!empty($userData['facebook']) && (!preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/people/[^/]+/([a-z0-9_\\-]+)#i', $userData['facebook']) && !preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/profile\\.php\\?id\\=([0-9]+)#i', $userData['facebook']) && !preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/([a-z0-9_\\-\\.]+)#i', $userData['facebook']))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Facebook URL'));
}
if (!empty($userData['twitter']) && !preg_match('#^https?://twitter.com/([a-z0-9_]+)#i', $userData['twitter'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Twitter URL'));
}
if (!empty($userData['steam']) && strlen($userData['steam']) > 35) {
