public function read($fromid, $toid, $time, $pmid)
{
$ret = [];
if (!is_numeric($fromid) || !is_numeric($toid) || !is_numeric($pmid) || !in_array($_SESSION['id'], array($fromid, $toid)) || !($res = Db::query(array('SELECT "message","to_read" FROM "pms" WHERE "from" = :from AND "to" = :to AND "pmid" = :pmid', array(':from' => $fromid, ':to' => $toid, ':pmid' => $pmid)), Db::FETCH_STMT))) {
return false;
}
if ($o = $res->fetch(PDO::FETCH_OBJ)) {
$from = User::getUsername($fromid);
$ret['from4link_n'] = \NERDZ\Core\Utils::userLink($from);
$ret['from_n'] = $from;
$ret['datetime_n'] = $this->user->getDateTime($time);
$ret['fromid_n'] = $fromid;
$ret['toid_n'] = $toid;
$ret['message_n'] = parent::bbcode($o->message);
$ret['read_b'] = $o->to_read;
$ret['pmid_n'] = $pmid;
$ret['timestamp_n'] = $time;
}
return $ret;
}
if (!$user->isLogged() || !$id || !($info = $project->getObject($id)) || $project->getOwner($id) != $_SESSION['id']) {
die($user->lang('ERROR'));
}
$vals = [];
function sortbyusername($a, $b)
{
return strtolower($a) < strtolower($b) ? -1 : 1;
}
$vals['photo_n'] = $info->photo;
$vals['website_n'] = $info->website;
$vals['name_n'] = $info->name;
$mem = $project->getMembers($info->counter);
$vals['members_n'] = count($mem);
$vals['members_a'] = [];
foreach ($mem as &$uid) {
$uid = User::getUsername($uid);
}
$vals['members_a'] = $mem;
usort($vals['members_a'], 'sortbyusername');
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit');
$vals['id_n'] = $info->counter;
$vals['description_a'] = explode("\n", $info->description);
foreach ($vals['description_a'] as &$val) {
$val = trim($val);
}
$vals['goal_a'] = explode("\n", $info->goal);
foreach ($vals['goal_a'] as &$val) {
$val = trim($val);
}
$vals['openproject_b'] = $project->isOpen($info->counter);
$vals['visibleproject_b'] = $info->visible;
$conv = null;
if (isset($_POST['start']) && isset($_POST['num']) && is_numeric($_POST['start']) && is_numeric($_POST['num'])) {
$conv = $pms->readConversation($from, $to, false, $_POST['num'], $_POST['start']);
} else {
if (isset($_POST['pmid']) && is_numeric($_POST['pmid'])) {
$conv = $pms->readConversation($from, $to, $_POST['pmid']);
} else {
$conv = $pms->readConversation($from, $to);
}
}
$doShowForm = !isset($_POST['pmid']) && (!isset($_POST['start']) || $_POST['start'] == 0) && !isset($_POST['forceNoForm']);
if (!$doShowForm && empty($conv)) {
die;
}
$vals['toid_n'] = $_SESSION['id'] != $to ? $to : $from;
$vals['to_n'] = User::getUsername($vals['toid_n']);
if (!$vals['to_n']) {
die($user->lang('ERROR'));
}
$vals['list_a'] = $conv;
$vals['pmcount_n'] = $pms->count($from, $to);
$vals['needmorebtn_b'] = $doShowForm && $vals['pmcount_n'] > 10;
$vals['needeverymsgbtn_b'] = $doShowForm && $vals['pmcount_n'] > 20;
$vals['showform_b'] = $doShowForm;
$user->getTPL()->assign($vals);
$user->getTPL()->draw('pm/conversation');
break;
default:
die($user->lang('ERROR'));
break;
}
private static function getURLFromCid($hcid, $project = false)
{
$prefix = $project ? 'groups_' : '';
if (!($o = Db::query(['SELECT p.to, p.pid FROM "' . $prefix . 'posts" p INNER JOIN "' . $prefix . 'comments" c ON c."hcid" = :hcid AND c.hpid = p.hpid', [':hcid' => $hcid]], Db::FETCH_OBJ))) {
return System::getCurrentHostAddress();
}
return System::getCurrentHostAddress() . ($project ? Utils::projectLink(Project::getName($o->to)) : Utils::userLink(User::getUsername($o->to))) . $o->pid . '#c' . $hcid;
}
}
$vals = [];
$vals['interests_a'] = explode("\n", $obj->interests);
foreach ($vals['interests_a'] as &$val) {
$val = trim($val);
}
$vals['biography_n'] = $obj->biography;
$vals['quotes_a'] = explode("\n", $obj->quotes);
foreach ($vals['quotes_a'] as &$val) {
$val = trim($val);
}
$vals['website_n'] = $obj->website;
$vals['jabber_n'] = $obj->jabber;
$vals['yahoo_n'] = $obj->yahoo;
$vals['facebook_n'] = $obj->facebook;
$vals['twitter_n'] = $obj->twitter;
$vals['steam_n'] = $obj->steam;
$vals['skype_n'] = $obj->skype;
$vals['github_n'] = $obj->github;
$vals['userscript_n'] = $obj->userscript;
$vals['closedprofile_b'] = $user->hasClosedProfile($_SESSION['id']);
$vals['canshowwhitelist_b'] = $vals['closedprofile_b'];
$wl = $user->getWhitelist($_SESSION['id']);
$i = 0;
foreach ($wl as &$val) {
$vals['whitelist_a'][$i++] = User::getUsername($val);
}
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit');
$vals['dateformat_n'] = $obj->dateformat;
$user->getTPL()->assign($vals);
$user->getTPL()->draw('preferences/profile');
public function getPost($dbPost, $options = [])
{
extract($options);
$project = !empty($project);
$truncate = !empty($truncate);
if (is_object($dbPost)) {
$dbPost = (array) $dbPost;
} else {
if (is_numeric($dbPost)) {
$table = ($project ? 'groups_' : '') . 'posts';
if (!($o = Db::query(['SELECT p.*, EXTRACT(EPOCH FROM p."time") AS time FROM "' . $table . '" p WHERE p."hpid" = :hpid', [':hpid' => $dbPost]], Db::FETCH_OBJ))) {
return new \StdClass();
}
$dbPost = (array) $o;
}
}
$logged = $this->user->isLogged();
if (!($from = User::getUsername($dbPost['from']))) {
$from = '';
}
$toFunc = $project ? [__NAMESPACE__ . '\\Project', 'getName'] : [__NAMESPACE__ . '\\User', 'getUsername'];
$toFuncLink = [__NAMESPACE__ . '\\Utils', ($project ? 'project' : 'user') . 'Link'];
if (!($to = $toFunc($dbPost['to']))) {
$to = '';
}
$ret = [];
$ret['thumbs_n'] = $this->getThumbs($dbPost['hpid'], $project);
$ret['revisions_n'] = $this->getRevisionsNumber($dbPost['hpid'], $project);
$ret['uthumb_n'] = $this->getUserThumb($dbPost['hpid'], $project);
$ret['pid_n'] = $dbPost['pid'];
$ret['news_b'] = $dbPost['news'];
$ret['language_n'] = $dbPost['lang'];
$ret['from4link_n'] = Utils::userLink($from);
$ret['to4link_n'] = $toFuncLink($to);
$ret['fromid_n'] = $dbPost['from'];
$ret['toid_n'] = $dbPost['to'];
$ret['from_n'] = $from;
$ret['to_n'] = $to;
$ret['datetime_n'] = $this->user->getDateTime($dbPost['time']);
$ret['timestamp_n'] = $dbPost['time'];
$ret['canclosepost_b'] = $this->canClose($dbPost, $project);
$ret['closed_b'] = $dbPost['closed'];
$ret['canremovepost_b'] = $this->canRemove($dbPost, $project);
$ret['caneditpost_b'] = $this->canEdit($dbPost, $project);
$ret['canshowlock_b'] = $this->canShowLock($dbPost, $project);
$ret['lock_b'] = $this->user->hasLocked($dbPost, $project);
$ret['canshowlurk_b'] = $logged ? !$ret['canshowlock_b'] : false;
$ret['lurk_b'] = $this->user->hasLurked($dbPost, $project);
$ret['canshowbookmark_b'] = $logged;
$ret['bookmark_b'] = $this->user->hasBookmarked($dbPost, $project);
$ret['message_n'] = $this->bbcode($dbPost['message'], $truncate, $project ? 'g' : 'u', $ret['pid_n'], $ret['toid_n']);
if (!$project && $dbPost['to'] == Config\USERS_NEWS) {
$ret['message_n'] = $this->parseNews($ret['message_n']);
}
$ret['postcomments_n'] = $this->countComments($dbPost['hpid'], $project);
$ret['hpid_n'] = $dbPost['hpid'];
return $ret;
}
if (isset($_POST['start']) && isset($_POST['num']) && is_numeric($_POST['start']) && is_numeric($_POST['num'])) {
$_list = $comments->getLastComments($hpid, $_POST['num'], $_POST['start'], $prj);
} else {
if (isset($_POST['hcid']) && is_numeric($_POST['hcid'])) {
$_list = $comments->getCommentsAfterHcid($hpid, $_POST['hcid'], $prj);
} else {
$_list = $comments->getAll($hpid, $prj);
}
}
$doShowForm = !isset($_POST['hcid']) && (!isset($_POST['start']) || $_POST['start'] == 0) && !isset($_POST['forceNoForm']);
if (empty($_list) && !$doShowForm) {
die;
}
$vals = [];
$vals['currentuserprofile_n'] = \NERDZ\Core\Utils::userLink($_SESSION['id']);
$vals['currentusergravatar_n'] = $user->getGravatar($_SESSION['id']);
$vals['currentusername_n'] = User::getUsername();
$vals['onerrorimgurl_n'] = System::getResourceDomain() . '/static/images/red_x.png';
$vals['list_a'] = $_list;
$vals['showform_b'] = $doShowForm;
$vals['hpid_n'] = $hpid;
$vals['commentcount_n'] = (new Messages())->countComments($hpid, $prj);
$vals['needmorebtn_b'] = $doShowForm && $vals['commentcount_n'] > 10;
$vals['needeverycommentbtn_b'] = $doShowForm && $vals['commentcount_n'] > 20;
$user->getTPL()->assign($vals);
$user->getTPL()->draw(($prj ? 'project' : 'profile') . '/comments');
break;
default:
die($user->lang('ERROR'));
break;
}
$user = new User();
$messages = new Messages();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
$url = empty($_POST['url']) ? false : trim($_POST['url']);
$comment = empty($_POST['comment']) ? false : trim($_POST['comment']);
$to = empty($_POST['to']) ? false : trim($_POST['to']);
if (!$url || !Utils::isValidURL($url)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('INVALID_URL')));
}
if ($to) {
if (!User::getUsername($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
} else {
$to = $_SESSION['id'];
}
if ($_SESSION['id'] != $to) {
if ($user->hasClosedProfile($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('CLOSED_PROFILE_DESCR')));
}
}
$share = function ($to, $url, $message = NULL) use($user, $messages) {
if (!preg_match('#(^http:\\/\\/|^https:\\/\\/|^ftp:\\/\\/)#i', $url)) {
$url = "http://{$url}";
}
if (preg_match('#(.*)youtube.com\\/watch\\?v=(.{11})#Usim', $url) || preg_match('#http:\\/\\/youtu.be\\/(.{11})#Usim', $url)) {
/* BEGIN NERDZ_STATIC_DATA */
?>
var Nstatic = <?php
echo json_encode(isset($headers['js']['staticData']) ? $headers['js']['staticData'] : [], JSON_HEX_TAG);
?>
;
<?php
/* END NERDZ_STATIC_DATA */
/* BEGIN BLACKLIST_STUFF */
if ($logged) {
$jsonIdiots = [];
if ($blist = $user->getBlacklist()) {
$blistcss = '<style type="text/css">';
foreach ($blist as $b_id) {
$blistcss .= ".bluser{$b_id},";
$jsonIdiots[] = User::getUsername($b_id);
}
}
?>
N.idiots=<?php
echo json_encode($jsonIdiots);
?>
,
N.tplVars=<?php
echo $user->getTemplateVariables();
?>
;
<?php
}
?>
</script>
}
usort($vals['members_a'], 'NERDZ\\Core\\Utils::sortByUsername');
$fol = $project->getFollowers($info->counter);
$vals['users_n'] = count($fol);
$vals['users_a'] = [];
$i = 0;
foreach ($fol as $uid) {
if (!($uname = User::getUsername($uid))) {
continue;
}
$vals['users_a'][$i]['username_n'] = $uname;
$vals['users_a'][$i]['username4link_n'] = \NERDZ\Core\Utils::userLink($uname);
++$i;
}
usort($vals['users_a'], 'NERDZ\\Core\\Utils::sortByUsername');
$vals['owner_n'] = User::getUsername($project->getOwner());
$vals['owner4link_n'] = \NERDZ\Core\Utils::userLink($vals['owner_n']);
$vals['description_n'] = $messages->bbcode($info->description);
$vals['goal_n'] = $messages->bbcode($info->goal);
$vals['website_n'] = $vals['website4link_n'] = empty($info->website) ? 'http://' . Config\SITE_HOST . '/' : $info->website;
$vals['openproject_b'] = $project->isOpen($info->counter);
$vals['canifollow_b'] = $vals['logged_b'] && !in_array($_SESSION['id'], array_merge($mem, $fol));
$vals['canshowmenu_b'] = $vals['logged_b'] && $_SESSION['id'] != $project->getOwner();
if (!$vals['singlepost_b'] && !$vals['followers_b'] && !$vals['interactions_b'] && !$vals['members_b']) {
$vals['canwrite_b'] = $vals['logged_b'] && ($project->isOpen($gid) || in_array($_SESSION['id'], $mem) || $_SESSION['id'] == $project->getOwner());
$vals['canwriteissue_b'] = $vals['logged_b'] && $info->counter == Config\ISSUE_BOARD;
$vals['canwritenews_b'] = !$vals['canwriteissue_b'] && $vals['logged_b'] && (in_array($_SESSION['id'], $mem) || $_SESSION['id'] == $project->getOwner());
} else {
// don't show textarea when in a singlepost
$vals['canwritenews_b'] = $vals['canwrite_b'] = $vals['canwriteissue_b'] = false;
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php';
//include $updatedPassword
$params = [':timezone' => $userData['timezone'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':date' => $birth['date'], ':id' => $_SESSION['id']];
if ($updatedPassword) {
$params[':password'] = $userData['password'];
}
$ret = Db::query(['UPDATE users SET "timezone" = :timezone, "name" = :name,
"surname" = :surname,"email" = :email,"gender" = :gender, "birth_date" = :date
' . ($updatedPassword ? ', "password" = crypt(:password, gen_salt(\'bf\', 7))' : '') . ' WHERE counter = :id', $params], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret));
}
if ($updatedPassword && ($cookie = isset($_COOKIE['nerdz_u']))) {
if (!$user->login(User::getUsername(), $userData['password'], $cookie, $_SESSION['mark_offline'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
}
die(NERDZ\Core\Utils::jsonResponse('error', 'OK'));
use NERDZ\Core\Stuff;
use NERDZ\Core\Db;
use NERDZ\Core\User;
$mo = empty($_GET['top']);
$path = Config\SITE_HOST . ($mo ? 'r_month.json' : 'rank.json');
if (!($ret = Utils::apc_get($path))) {
$ret = Utils::apc_set($path, function () use($mo) {
$un_ti = ' AND ("time" + INTERVAL \'28 days\') > NOW()';
$res = Db::query('SELECT COUNT("hcid") AS cc,"from"
FROM "comments"
WHERE "from" <> (SELECT counter FROM special_users WHERE role = \'DELETED\')' . (!$mo ? $un_ti : '') . ' GROUP BY "from"
ORDER BY cc DESC LIMIT 100', Db::FETCH_STMT);
$rank = [];
while ($o = $res->fetch(PDO::FETCH_OBJ)) {
$gc = Db::query(['SELECT COUNT("hcid") AS cc FROM "groups_comments" WHERE "from" = :from ' . (!$mo ? $un_ti : ''), [':from' => $o->from]], Db::FETCH_OBJ);
$us = User::getUsername($o->from);
$n = $o->cc + $gc->cc;
$rank[$us] = $n;
$stupid = Stuff::stupid($n);
$ss[$us] = $stupid['now'];
}
asort($rank);
$rank = array_reverse($rank, true);
$i = 0;
$ret = [];
foreach ($rank as $username => $val) {
$ret[$i]['position_n'] = $i + 1;
$ret[$i]['username4link_n'] = Utils::userLink($username);
$ret[$i]['username_n'] = $username;
$ret[$i]['comments_n'] = $val;
$ret[$i]['stupidstuff_n'] = $ss[$username];
private function getUserPosts($del)
{
$ret = [];
$i = 0;
$result = Db::query(['SELECT p."pid",n."hpid", n."from", n."to", EXTRACT(EPOCH FROM n."time") AS time
FROM "posts_notify" n JOIN "posts" p
ON p.hpid = n.hpid WHERE n."to" = :id', [':id' => $_SESSION['id']]], Db::FETCH_STMT);
$to = User::getUsername($_SESSION['id']);
while (($o = $result->fetch(PDO::FETCH_OBJ)) && ($p = Db::query(['SELECT "from","to","pid" FROM "posts" WHERE "hpid" = :hpid', [':hpid' => $o->hpid]], Db::FETCH_OBJ))) {
$ret[$i++] = $this->get(['row' => $o, 'post' => $p], static::USER_POST);
}
if ($del) {
Db::query(['DELETE FROM "posts_notify" WHERE "to" = :id', [':id' => $_SESSION['id']]], Db::NO_RETURN);
}
return $ret;
}
