$_POST['website'] = '';
}
if (!empty($_POST['website']) && !Utils::isValidURL($_POST['website'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WEBSITE') . ': ' . $user->lang('INVALID_URL')));
}
if (!empty($_POST['photo'])) {
if (!Utils::isValidURL($_POST['photo'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PHOTO') . ': ' . $user->lang('INVALID_URL')));
}
if (!($head = get_headers($_POST['photo'], 1)) || !isset($head['Content-Type'])) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Something wrong with your project image'));
}
if (false === strpos($head['Content-Type'], 'image')) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Your project image, is not a photo or is protected, change it'));
}
} else {
$_POST['photo'] = '';
}
foreach ($projectData as &$value) {
$value = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
}
//htmlspecialchars empty return values FIX
if (count(array_filter($projectData)) != count($projectData)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': INVALID UTF-8'));
}
$projectData['photo'] = htmlspecialchars($_POST['photo'], ENT_QUOTES, 'UTF-8');
$projectData['website'] = htmlspecialchars($_POST['website'], ENT_QUOTES, 'UTF-8');
$projectData['goal'] = htmlspecialchars($_POST['goal'], ENT_QUOTES, 'UTF-8');
$projectData['visible'] = isset($_POST['visible']) && $_POST['visible'] == 1 ? '1' : '0';
$projectData['open'] = isset($_POST['open']) && $_POST['open'] == 1 ? '1' : '0';
$projectData['private'] = isset($_POST['private']) && $_POST['private'] == 1 ? '1' : '0';
if (isset($_POST['whitelist'])) {
$oldlist = $user->getWhitelist($_SESSION['id']);
$m = array_filter(array_unique(explode("\n", $_POST['whitelist'])));
$newlist = [];
foreach ($m as $v) {
$uid = $user->getId(trim($v));
if (is_numeric($uid) && $uid > 0) {
if (Db::NO_ERRNO != Db::query(['INSERT INTO "whitelist"("from","to")
SELECT :id, :uid
WHERE NOT EXISTS (SELECT 1 FROM "whitelist" WHERE "from" = :id AND "to" = :uid)', [':id' => $_SESSION['id'], ':uid' => $uid]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1'));
}
$newlist[] = $uid;
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid user - ' . $v));
}
}
$toremove = [];
foreach ($oldlist as $val) {
if (!in_array($val, $newlist)) {
$toremove[] = $val;
}
}
foreach ($toremove as $val) {
if (Db::NO_ERRNO != Db::query(['DELETE FROM "whitelist" WHERE "from" = :id AND "to" = :val', [':id' => $_SESSION['id'], ':val' => $val]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '4'));
}
}
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
return false;
}
foreach ((array) $h['Content-Type'] as $ct) {
if (preg_match('#(image)#i', $ct)) {
$message = "[img]{$url}[/img]" . $message;
return $messages->add($to, $message);
}
if (preg_match('#(htm)#i', $ct)) {
$file = file_get_contents($url);
$arr = explode('<img src="', $file);
$flag = false;
if (!empty($arr[0])) {
foreach ($arr as $val) {
$img = trim(strstr($val, '"', true));
$img = str_replace('"', '', $img);
if (filter_var($img, FILTER_VALIDATE_URL)) {
$flag = true;
break;
}
}
}
$message = $flag ? "[url={$url}][img]{$img}[/img][/url]" . $message : "[url]{$url}[/url] " . $message;
return $messages->add($to, $message);
}
}
};
if ($share($to, $url, $comment)) {
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
if (!$pushed->exists($thisUser)) {
if ($pushed->addUser($thisUser)[0] !== Pushed::$ACCEPTED) {
die(Utils::jsonResponse(['ERROR' => 'Request rejected']));
}
}
if ($pushed->subscribe($thisUser, $_POST['service'], $_POST['deviceId'])[0] !== Pushed::$ACCEPTED) {
die(Utils::jsonResponse(['ERROR' => 'Request rejected']));
}
$resp = ['ACCEPTED' => 'Ok'];
break;
case 'unsubscribe':
if (!isset($_POST['service']) || !isset($_POST['deviceId'])) {
die(Utils::jsonResponse(['ERROR' => 'Field not set']));
}
$user->setPush($thisUser, true);
if (!$pushed->exists($thisUser)) {
die(Utils::jsonResponse(['ERROR' => 'No push for this user']));
}
if ($pushed->unsubscribe($thisUser, $_POST['service'], $_POST['deviceId'])[0] !== Pushed::$ACCEPTED) {
die(Utils::jsonResponse(['ERROR' => 'Request rejected']));
}
$resp = ['ACCEPTED' => 'Ok'];
break;
default:
die(Utils::jsonResponse(['ERROR' => "Unknown request: '" . addslashes($_GET['action']) . "'"]));
}
} catch (PushedException $e) {
$resp = ['ERROR' => 'Internal Server Error'];
}
die(Utils::jsonResponse($resp));