Exemple #1
3
<?php

ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
$pms = new Pms();
$user = new User();
if (!$user->isLogged()) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
    die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
if (empty($_POST['to'])) {
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if (!($toid = $user->getId(trim($_POST['to'])))) {
    //getId DON'T what htmlspecialchars in parameter
    die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
foreach ($_POST as &$val) {
    $val = htmlspecialchars(trim($val), ENT_QUOTES, 'UTF-8');
}
die(NERDZ\Core\Utils::jsonDbResponse($pms->send($toid, $_POST['message'])));
     if (Db::NO_ERRNO != Db::query(['DELETE FROM "groups" WHERE "counter" = :id', [':id' => $id]], Db::FETCH_ERRNO)) {
         die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
     }
     break;
 case 'update':
     //validate fields
     require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateproject.php';
     // Members
     $_POST['members'] = isset($_POST['members']) ? $_POST['members'] : '';
     $oldmem = $project->getMembers($id);
     $m = array_filter(array_unique(explode("\n", $_POST['members'])));
     $newmem = [];
     $userMap = [];
     foreach ($m as $v) {
         $username = trim($v);
         $uid = $user->getId($username);
         if (is_numeric($uid) && $uid > 0) {
             $newmem[] = $uid;
             $userMap[$uid] = $username;
         } else {
             die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid member - ' . $v));
         }
     }
     //members to add
     $toadd = array_diff($newmem, $oldmem);
     foreach ($toadd as $uid) {
         $ret = Db::query(['INSERT INTO "groups_members"("to","from") VALUES(:project,:user)', [':project' => $id, ':user' => $uid]], Db::FETCH_ERRSTR);
         if ($ret != Db::NO_ERRSTR) {
             die(NERDZ\Core\Utils::jsonDbResponse($ret, $userMap[$uid]));
         }
     }
        if (Db::NO_ERRNO != Db::query(['UPDATE "profiles" SET "closed" = :closed WHERE "counter" = :counter', [':closed' => 'true', ':counter' => $_SESSION['id']]], Db::FETCH_ERRNO)) {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
        }
    }
} else {
    if (Db::NO_ERRNO != Db::query(['UPDATE "profiles" SET "closed" = :closed WHERE "counter" = :counter', [':closed' => 'false', ':counter' => $_SESSION['id']]], Db::FETCH_ERRNO)) {
        die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
    }
}
$_SESSION['dateformat'] = $userData['dateformat'];
if (isset($_POST['whitelist'])) {
    $oldlist = $user->getWhitelist($_SESSION['id']);
    $m = array_filter(array_unique(explode("\n", $_POST['whitelist'])));
    $newlist = [];
    foreach ($m as $v) {
        $uid = $user->getId(trim($v));
        if (is_numeric($uid) && $uid > 0) {
            if (Db::NO_ERRNO != Db::query(['INSERT INTO "whitelist"("from","to")
                    SELECT :id, :uid
                    WHERE NOT EXISTS (SELECT 1 FROM "whitelist" WHERE "from" = :id AND "to" = :uid)', [':id' => $_SESSION['id'], ':uid' => $uid]], Db::FETCH_ERRNO)) {
                die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1'));
            }
            $newlist[] = $uid;
        } else {
            die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid user - ' . $v));
        }
    }
    $toremove = [];
    foreach ($oldlist as $val) {
        if (!in_array($val, $newlist)) {
            $toremove[] = $val;
Exemple #4
0
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/vendor/autoload.php';
use MCilloni\Pushed\Pushed;
use MCilloni\Pushed\PushedException;
use NERDZ\Core\User;
use NERDZ\Core\Config;
use NERDZ\Core\Utils;
$user = new User();
try {
    if (!$user->isLogged()) {
        die(Utils::jsonResponse(['ERROR' => 'Not logged']));
    }
    if (!isset($_GET['action'])) {
        die(Utils::jsonResponse(['ERROR' => 'Action not set']));
    }
    $thisUser = $user->getId();
    if (!NERDZ\Core\Security::floodPushRegControl()) {
        die(Utils::jsonResponse(['ERROR' => 'NO SPAM']));
    }
    $pushed = Pushed::connectIp(Config\PUSHED_PORT, Config\PUSHED_IP6);
    $resp = [];
    switch ($_GET['action']) {
        case 'subscribe':
            if (!isset($_POST['service']) || !isset($_POST['deviceId'])) {
                die(Utils::jsonResponse(['ERROR' => 'Field not set']));
            }
            $user->setPush($thisUser, true);
            if (!$pushed->exists($thisUser)) {
                if ($pushed->addUser($thisUser)[0] !== Pushed::$ACCEPTED) {
                    die(Utils::jsonResponse(['ERROR' => 'Request rejected']));
                }