Example #1
0
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!$user->isLogged() || empty($_POST['id']) || !is_numeric($_POST['id'])) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('LOGIN')));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
    case 'del':
        if (Db::NO_ERRNO != Db::query(['DELETE FROM "blacklist" WHERE "from" = :me AND "to" = :to', [':me' => $_SESSION['id'], ':to' => $_POST['id']]], Db::FETCH_ERRNO)) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
        }
        break;
    case 'add':
        $motivation = empty($_POST['motivation']) ? '' : htmlspecialchars(trim($_POST['motivation']), ENT_QUOTES, 'UTF-8');
        if (!$user->hasInBlacklist($_POST['id'])) {
            if (Db::NO_ERRNO != Db::query(['INSERT INTO "blacklist"("from","to","motivation") VALUES (:me,:to,:motivation)', [':me' => $_SESSION['id'], ':to' => $_POST['id'], ':motivation' => $motivation]], Db::FETCH_ERRNO)) {
                die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
            }
        } else {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1'));
        }
        break;
    default:
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '2'));
        break;
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
Example #2
0
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false;
// intval below
$pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false;
$action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false);
$found = true;
if ($id) {
    $id = intval($id);
    //intval here, so we can display the user not found message
    if (false === ($info = $user->getObject($id))) {
        $username = $user->lang('USER_NOT_FOUND');
        $found = false;
        $post = new stdClass();
        $post->message = '';
    } else {
        $username = $info->username;
        if ($pid && !$user->hasInBlacklist($id)) {
            if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) {
                $post = new stdClass();
                $post->message = '';
            }
        } else {
            $post = new stdClass();
            $post->message = '';
        }
    }
    /*else abbiamo la variabili $info con tutti i dati dell'utente in un oggetto */
} else {
    die(header('Location: /index.php'));
}
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
$a = explode(' ', $messages->parseNews(Messages::stripTags(str_replace("\n", ' ', $post->message))));
Example #3
0
 $vals['website_n'] = $vals['website4link_n'] = empty($info->website) ? 'http://' . Config\SITE_HOST . '/' : $info->website;
 $vals['openproject_b'] = $project->isOpen($info->counter);
 $vals['canifollow_b'] = $vals['logged_b'] && !in_array($_SESSION['id'], array_merge($mem, $fol));
 $vals['canshowmenu_b'] = $vals['logged_b'] && $_SESSION['id'] != $project->getOwner();
 if (!$vals['singlepost_b'] && !$vals['followers_b'] && !$vals['interactions_b'] && !$vals['members_b']) {
     $vals['canwrite_b'] = $vals['logged_b'] && ($project->isOpen($gid) || in_array($_SESSION['id'], $mem) || $_SESSION['id'] == $project->getOwner());
     $vals['canwriteissue_b'] = $vals['logged_b'] && $info->counter == Config\ISSUE_BOARD;
     $vals['canwritenews_b'] = !$vals['canwriteissue_b'] && $vals['logged_b'] && (in_array($_SESSION['id'], $mem) || $_SESSION['id'] == $project->getOwner());
 } else {
     // don't show textarea when in a singlepost
     $vals['canwritenews_b'] = $vals['canwrite_b'] = $vals['canwriteissue_b'] = false;
 }
 // single post handling
 $found = false;
 if ($vals['singlepost_b']) {
     if (!($post = Db::query(['SELECT "hpid","from" FROM "groups_posts" WHERE "pid" = :pid AND "to" = :gid', [':pid' => $pid, ':gid' => $gid]], Db::FETCH_OBJ)) || $user->hasInBlacklist($post->from)) {
         require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
         $user->getTPL()->draw('project/postnotfound');
     } else {
         // requiired by singlepost
         $hpid = $post->hpid;
         $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/project/singlepost.html.php');
         $found = true;
     }
 } elseif ($vals['followers_b']) {
     $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/project/followers.html.php');
 } elseif ($vals['interactions_b']) {
     $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/project/interactions.html.php');
 } elseif ($vals['members_b']) {
     $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/project/members.html.php');
 }