<?php
session_start();
if (!isset($_SESSION['email'])) {
header("Location: index.php");
}
require "blocks/autoload.php";
require "blocks/db.php";
$user = new User();
$user->db = $db;
$user->session($_SESSION['email']);
$user->escape();
function prepare($args)
{
parent::prepare($args);
$this->groups = array();
$this->users = array();
$q = $this->arg('q');
$limit = $this->arg('limit');
if ($limit > 200) {
$limit = 200;
}
//prevent DOS attacks
if (substr($q, 0, 1) == '@') {
//user search
$q = substr($q, 1);
$user = new User();
$user->limit($limit);
$user->whereAdd('nickname like \'' . trim($user->escape($q), '\'') . '%\'');
if ($user->find()) {
while ($user->fetch()) {
$this->users[] = clone $user;
}
}
}
if (substr($q, 0, 1) == '!') {
//group search
$q = substr($q, 1);
$group = new User_group();
$group->limit($limit);
$group->whereAdd('nickname like \'' . trim($group->escape($q), '\'') . '%\'');
if ($group->find()) {
while ($group->fetch()) {
$this->groups[] = clone $group;
}
}
}
return true;
}
function prepare($args)
{
// If we die, show short error messages.
StatusNet::setApi(true);
parent::prepare($args);
$cur = common_current_user();
if (!$cur) {
throw new ClientException('Access forbidden', true);
}
$this->groups = array();
$this->users = array();
$q = $this->arg('q');
$limit = $this->arg('limit');
if ($limit > 200) {
$limit = 200;
}
//prevent DOS attacks
if (substr($q, 0, 1) == '@') {
//user search
$q = substr($q, 1);
$user = new User();
$user->limit($limit);
$user->whereAdd('nickname like \'' . trim($user->escape($q), '\'') . '%\'');
if ($user->find()) {
while ($user->fetch()) {
$this->users[] = clone $user;
}
}
}
if (substr($q, 0, 1) == '!') {
//group search
$q = substr($q, 1);
$group = new User_group();
$group->limit($limit);
$group->whereAdd('nickname like \'' . trim($group->escape($q), '\'') . '%\'');
if ($group->find()) {
while ($group->fetch()) {
$this->groups[] = clone $group;
}
}
}
return true;
}
