Exemple #1
0
<?php

require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Comments;
use NERDZ\Core\User;
$user = new User();
$message = new Comments();
if (!$user->isLogged() || empty($_GET['message'])) {
    $_GET['message'] = $user->lang('ERROR');
}
$vals = [];
$vals['message_n'] = $message->bbcode($message->parseQuote(htmlspecialchars($_GET['message'], ENT_QUOTES, 'UTF-8')));
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/preview');
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
use NERDZ\Core\Comments;
use NERDZ\Core\Messages;
use NERDZ\Core\Gravatar;
use NERDZ\Core\System;
use NERDZ\Core\User;
$prj = isset($prj);
$user = new User();
$comments = new Comments();
if (!$user->isLogged()) {
    die($user->lang('REGISTER'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
    case 'get':
        $hcid = isset($_POST['hcid']) && is_numeric($_POST['hcid']) ? $_POST['hcid'] : false;
        if (!$hcid) {
            die($user->lang('ERROR') . ': no hcid');
        }
        $vals = [];
        $vals['list_a'] = $comments->get($hcid, $prj);
        $vals['showform_b'] = false;
        $vals['needmorebtn_b'] = false;
        $vals['commentcount_n'] = 0;
        $vals['hpid_n'] = 0;
        $vals['onerrorimgurl_n'] = System::getResourceDomain() . '/static/images/red_x.png';
        $user->getTPL()->assign($vals);
        $user->getTPL()->draw(($prj ? 'project' : 'profile') . '/comments');
 public function edit($hpid, $message, $project = false)
 {
     $message = Comments::parseQuote(htmlspecialchars($message, ENT_QUOTES, 'UTF-8'));
     $table = ($project ? 'groups_' : '') . 'posts';
     if (!($obj = Db::query(['SELECT "from","to","pid" FROM "' . $table . '" WHERE "hpid" = :hpid', [':hpid' => $hpid]], Db::FETCH_OBJ)) || !$this->canEdit(['from' => $obj->from, 'to' => $obj->to], $project)) {
         return 'ERROR';
     }
     return Db::query(['UPDATE "' . $table . '" SET "message" = :message WHERE "hpid" = :hpid', [':message' => $message, ':hpid' => $hpid]], Db::FETCH_ERRSTR);
 }
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Comments;
$user = new User();
$comments = new Comments();
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', 'CSRF'));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
    case 'add':
        $hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false;
        if (!$hpid) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
        }
        die(NERDZ\Core\Utils::jsonDbResponse($comments->add($hpid, $_POST['message'], $prj)));
    case 'del':
        $hcid = isset($_POST['hcid']) && is_numeric($_POST['hcid']) ? $_POST['hcid'] : false;
        if (!$hcid || !$comments->delete($hcid, $prj)) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
        }
        break;
    case 'get':
        if (empty($_POST['hcid']) || !($message = Comments::getMessage($_POST['hcid'], $prj))) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));