<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
$pms = new Pms();
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
if (empty($_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if (!($toid = $user->getId(trim($_POST['to'])))) {
//getId DON'T what htmlspecialchars in parameter
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
foreach ($_POST as &$val) {
$val = htmlspecialchars(trim($val), ENT_QUOTES, 'UTF-8');
}
die(NERDZ\Core\Utils::jsonDbResponse($pms->send($toid, $_POST['message'])));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Messages;
$messages = new Messages();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR') . ': referer'));
}
$hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false;
if (!$hpid) {
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR')));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower(trim($_GET['action'])) : '') {
case 'open':
die(NERDZ\Core\Utils::jsonDbResponse($messages->reOpen($hpid, $prj)));
case 'close':
die(NERDZ\Core\Utils::jsonDbResponse($messages->close($hpid, $prj)));
default:
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR')));
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
$hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false;
if (!$hpid) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower(trim($_GET['action'])) : '') {
case 'add':
die(NERDZ\Core\Utils::jsonDbResponse($user->bookmark($hpid, $prj)));
case 'del':
die(NERDZ\Core\Utils::jsonDbResponse($user->unbookmark($hpid, $prj)));
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
}
}
die(NERDZ\Core\Utils::jsonDbResponse($messages->add($_POST['to'], isset($_POST['message']) ? $_POST['message'] : '', ['news' => !empty($_POST['news']), 'issue' => !empty($_POST['issue']), 'project' => $prj, 'language' => !empty($_POST['language']) ? $_POST['language'] : false])));
break;
case 'del':
if (!isset($_SESSION['delpost']) || empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || $_SESSION['delpost'] != $_POST['hpid'] || !$messages->delete($_POST['hpid'], $prj)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
unset($_SESSION['delpost']);
break;
case 'delconfirm':
$_SESSION['delpost'] = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : -1;
die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('ARE_YOU_SURE')));
break;
case 'get':
if (empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || !($message = Messages::getMessage($_POST['hpid'], $prj))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '2'));
}
die(NERDZ\Core\Utils::jsonResponse('ok', $message));
break;
case 'edit':
if (empty($_POST['hpid']) || !is_numeric($_POST['hpid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
die(NERDZ\Core\Utils::jsonDbResponse($messages->edit($_POST['hpid'], $_POST['message'], $prj)));
break;
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ' Wrong request'));
break;
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if ($user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ALREADY_LOGGED')));
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php';
$ret = Db::query(['INSERT INTO users ("username","password","name","surname","email","gender","birth_date","lang","board_lang","timezone","remote_addr", "http_user_agent")
VALUES (:username, crypt(:password, gen_salt(\'bf\', 7)) , :name, :surname, :email, :gender, :date, :lang, :lang, :timezone, :remote_addr, :http_user_agent)', [':username' => $userData['username'], ':password' => $userData['password'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':timezone' => $userData['timezone'], ':date' => $birth['date'], ':lang' => $user->getLanguage(), ':remote_addr' => $_SERVER['REMOTE_ADDR'], ':http_user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') : '']], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret));
}
if (!$user->login($userData['username'], $userData['password'], $setCookie = true)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('LOGIN_OK')));
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (isset($_POST['comment'])) {
$message = new NERDZ\Core\Comments();
if (!isset($_POST['hcid']) || !is_numeric($_POST['hcid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hcid'));
}
$id = $_POST['hcid'];
} else {
$message = new NERDZ\Core\Messages();
if (!isset($_POST['hpid']) || !is_numeric($_POST['hpid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hpid'));
}
$id = $_POST['hpid'];
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (isset($_POST['thumb']) && is_numeric($_POST['thumb'])) {
$thumb = (int) $_POST['thumb'];
$dbResponse = $message->setThumbs($id, $thumb, isset($prj));
if ($dbResponse != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($dbResponse));
}
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': 3'));
}
die(NERDZ\Core\Utils::jsonResponse('thumbs', $message->getThumbs($id, isset($prj))));
foreach ($m as $v) {
$username = trim($v);
$uid = $user->getId($username);
if (is_numeric($uid) && $uid > 0) {
$newmem[] = $uid;
$userMap[$uid] = $username;
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid member - ' . $v));
}
}
//members to add
$toadd = array_diff($newmem, $oldmem);
foreach ($toadd as $uid) {
$ret = Db::query(['INSERT INTO "groups_members"("to","from") VALUES(:project,:user)', [':project' => $id, ':user' => $uid]], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret, $userMap[$uid]));
}
}
// members to remove
$toremove = array_diff($oldmem, $newmem);
foreach ($toremove as $val) {
if (Db::NO_ERRNO != Db::query(['DELETE FROM groups_members WHERE "to" = :project AND "from" = :user', [':project' => $id, ':user' => $val]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '4'));
}
}
if (Db::NO_ERRNO != Db::query(['UPDATE "groups" SET "description" = :desc, "website" = :website, "photo" = :photo,
"private" = :private, "open" = :open, "goal" = :goal, "visible" = :visible WHERE "counter" = :id', [':desc' => $projectData['description'], ':website' => $projectData['website'], ':photo' => $projectData['photo'], ':private' => $projectData['private'], ':open' => $projectData['open'], ':goal' => $projectData['goal'], ':visible' => $projectData['visible'], ':id' => $id]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
break;
default:
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
$user = new User();
if (empty($_POST['id']) || !is_numeric($_POST['id'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'del':
die(NERDZ\Core\Utils::jsonDbResponse($user->defollow($_POST['id'], $prj)));
break;
case 'add':
die(NERDZ\Core\Utils::jsonDbResponse($user->follow($_POST['id'], $prj)));
break;
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
break;
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
$from = isset($_POST['from']) && is_numeric($_POST['from']) ? $_POST['from'] : 0;
// 0 = full post
$hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : 0;
if (!$hpid) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower(trim($_GET['action'])) : '') {
case 'add':
die(NERDZ\Core\Utils::jsonDbResponse($user->dontNotify(['hpid' => $hpid, 'from' => $from], $prj)));
case 'del':
die(NERDZ\Core\Utils::jsonDbResponse($user->reNotify(['hpid' => $hpid, 'from' => $from], $prj)));
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'CSRF'));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'add':
$hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false;
if (!$hpid) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
die(NERDZ\Core\Utils::jsonDbResponse($comments->add($hpid, $_POST['message'], $prj)));
case 'del':
$hcid = isset($_POST['hcid']) && is_numeric($_POST['hcid']) ? $_POST['hcid'] : false;
if (!$hcid || !$comments->delete($hcid, $prj)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
break;
case 'get':
if (empty($_POST['hcid']) || !($message = Comments::getMessage($_POST['hcid'], $prj))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
die(NERDZ\Core\Utils::jsonResponse('ok', $message));
case 'edit':
if (empty($_POST['hcid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
die(NERDZ\Core\Utils::jsonDbResponse($comments->edit($_POST['hcid'], $_POST['message'], $prj)));
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));