<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\User; use NERDZ\Core\Db; $user = new User(); if (!$user->isLogged() || empty($_POST['id']) || !is_numeric($_POST['id'])) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('LOGIN'))); } switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') { case 'del': if (Db::NO_ERRNO != Db::query(['DELETE FROM "blacklist" WHERE "from" = :me AND "to" = :to', [':me' => $_SESSION['id'], ':to' => $_POST['id']]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } break; case 'add': $motivation = empty($_POST['motivation']) ? '' : htmlspecialchars(trim($_POST['motivation']), ENT_QUOTES, 'UTF-8'); if (!$user->hasInBlacklist($_POST['id'])) { if (Db::NO_ERRNO != Db::query(['INSERT INTO "blacklist"("from","to","motivation") VALUES (:me,:to,:motivation)', [':me' => $_SESSION['id'], ':to' => $_POST['id'], ':motivation' => $motivation]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } } else { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1')); } break; default: die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '2')); break; } die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false; // intval below $pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false; $action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false); $found = true; if ($id) { $id = intval($id); //intval here, so we can display the user not found message if (false === ($info = $user->getObject($id))) { $username = $user->lang('USER_NOT_FOUND'); $found = false; $post = new stdClass(); $post->message = ''; } else { $username = $info->username; if ($pid && !$user->hasInBlacklist($id)) { if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) { $post = new stdClass(); $post->message = ''; } } else { $post = new stdClass(); $post->message = ''; } } /*else abbiamo la variabili $info con tutti i dati dell'utente in un oggetto */ } else { die(header('Location: /index.php')); } ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML')); $a = explode(' ', $messages->parseNews(Messages::stripTags(str_replace("\n", ' ', $post->message))));
$vals['website_n'] = $vals['website4link_n'] = empty($info->website) ? 'http://' . Config\SITE_HOST . '/' : $info->website; $vals['openproject_b'] = $project->isOpen($info->counter); $vals['canifollow_b'] = $vals['logged_b'] && !in_array($_SESSION['id'], array_merge($mem, $fol)); $vals['canshowmenu_b'] = $vals['logged_b'] && $_SESSION['id'] != $project->getOwner(); if (!$vals['singlepost_b'] && !$vals['followers_b'] && !$vals['interactions_b'] && !$vals['members_b']) { $vals['canwrite_b'] = $vals['logged_b'] && ($project->isOpen($gid) || in_array($_SESSION['id'], $mem) || $_SESSION['id'] == $project->getOwner()); $vals['canwriteissue_b'] = $vals['logged_b'] && $info->counter == Config\ISSUE_BOARD; $vals['canwritenews_b'] = !$vals['canwriteissue_b'] && $vals['logged_b'] && (in_array($_SESSION['id'], $mem) || $_SESSION['id'] == $project->getOwner()); } else { // don't show textarea when in a singlepost $vals['canwritenews_b'] = $vals['canwrite_b'] = $vals['canwriteissue_b'] = false; } // single post handling $found = false; if ($vals['singlepost_b']) { if (!($post = Db::query(['SELECT "hpid","from" FROM "groups_posts" WHERE "pid" = :pid AND "to" = :gid', [':pid' => $pid, ':gid' => $gid]], Db::FETCH_OBJ)) || $user->hasInBlacklist($post->from)) { require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php'; $user->getTPL()->draw('project/postnotfound'); } else { // requiired by singlepost $hpid = $post->hpid; $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/project/singlepost.html.php'); $found = true; } } elseif ($vals['followers_b']) { $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/project/followers.html.php'); } elseif ($vals['interactions_b']) { $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/project/interactions.html.php'); } elseif ($vals['members_b']) { $vals['post_n'] = (require $_SERVER['DOCUMENT_ROOT'] . '/pages/project/members.html.php'); }