<?php session_start(); if (!isset($_SESSION['email'])) { header("Location: index.php"); } require "blocks/autoload.php"; require "blocks/db.php"; $user = new User(); $user->db = $db; $user->session($_SESSION['email']); $user->escape();
function prepare($args) { parent::prepare($args); $this->groups = array(); $this->users = array(); $q = $this->arg('q'); $limit = $this->arg('limit'); if ($limit > 200) { $limit = 200; } //prevent DOS attacks if (substr($q, 0, 1) == '@') { //user search $q = substr($q, 1); $user = new User(); $user->limit($limit); $user->whereAdd('nickname like \'' . trim($user->escape($q), '\'') . '%\''); if ($user->find()) { while ($user->fetch()) { $this->users[] = clone $user; } } } if (substr($q, 0, 1) == '!') { //group search $q = substr($q, 1); $group = new User_group(); $group->limit($limit); $group->whereAdd('nickname like \'' . trim($group->escape($q), '\'') . '%\''); if ($group->find()) { while ($group->fetch()) { $this->groups[] = clone $group; } } } return true; }
function prepare($args) { // If we die, show short error messages. StatusNet::setApi(true); parent::prepare($args); $cur = common_current_user(); if (!$cur) { throw new ClientException('Access forbidden', true); } $this->groups = array(); $this->users = array(); $q = $this->arg('q'); $limit = $this->arg('limit'); if ($limit > 200) { $limit = 200; } //prevent DOS attacks if (substr($q, 0, 1) == '@') { //user search $q = substr($q, 1); $user = new User(); $user->limit($limit); $user->whereAdd('nickname like \'' . trim($user->escape($q), '\'') . '%\''); if ($user->find()) { while ($user->fetch()) { $this->users[] = clone $user; } } } if (substr($q, 0, 1) == '!') { //group search $q = substr($q, 1); $group = new User_group(); $group->limit($limit); $group->whereAdd('nickname like \'' . trim($group->escape($q), '\'') . '%\''); if ($group->find()) { while ($group->fetch()) { $this->groups[] = clone $group; } } } return true; }