<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
$pms = new Pms();
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
if (empty($_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if (!($toid = $user->getId(trim($_POST['to'])))) {
//getId DON'T what htmlspecialchars in parameter
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
foreach ($_POST as &$val) {
$val = htmlspecialchars(trim($val), ENT_QUOTES, 'UTF-8');
}
die(NERDZ\Core\Utils::jsonDbResponse($pms->send($toid, $_POST['message'])));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Messages;
$messages = new Messages();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR') . ': referer'));
}
$hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false;
if (!$hpid) {
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR')));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower(trim($_GET['action'])) : '') {
case 'open':
die(NERDZ\Core\Utils::jsonDbResponse($messages->reOpen($hpid, $prj)));
case 'close':
die(NERDZ\Core\Utils::jsonDbResponse($messages->close($hpid, $prj)));
default:
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR')));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$id = $_SESSION['id'];
if (!($obj = Db::query(array('SELECT "private" FROM "users" WHERE "counter" = ?', array($id)), Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'public':
if ($obj->private == 1) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = FALSE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
}
break;
case 'private':
if (!$obj->private) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = TRUE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
}
break;
default:
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
break;
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Search;
$search = new Search();
if (!isset($searchMethod) || !method_exists($search, $searchMethod)) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No-sense error'));
}
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('LOGIN')));
}
$count = isset($_GET['count']) && is_numeric($_GET['count']) ? (int) $_GET['count'] : 10;
$q = isset($_GET['q']) && is_string($_GET['q']) ? $_GET['q'] : '';
if ($q === '') {
die(NERDZ\Core\Utils::jsonResponse('error', 'Invalid search'));
}
die(NERDZ\Core\Utils::jsonResponse($search->{$searchMethod}($q, $count)));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
$user = new User();
if (isset($_POST['comment'])) {
$message = new NERDZ\Core\Comments();
if (!isset($_POST['hcid']) || !is_numeric($_POST['hcid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hcid'));
}
$id = $_POST['hcid'];
} else {
$message = new NERDZ\Core\Messages();
if (!isset($_POST['hpid']) || !is_numeric($_POST['hpid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hpid'));
}
$id = $_POST['hpid'];
}
$revNo = isset($_POST['revNo']) && is_numeric($_POST['revNo']) && $_POST['revNo'] >= 1 ? $_POST['revNo'] : 0;
if (!$revNo) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': invalid revNo'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$rev = $message->getRevision($id, $revNo, isset($prj));
die(is_object($rev) ? NERDZ\Core\Utils::jsonResponse(['datetime' => $user->getDateTime($rev->time), 'message' => $message->bbcode($rev->message)]) : NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
ob_start('ob_gzhandler');
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No spam or spam-bot here'));
}
$pms = new Pms();
if (empty($_POST['from']) || !is_numeric($_POST['from']) || empty($_POST['to']) || !is_numeric($_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if ($pms->deleteConversation($_POST['from'], $_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Captcha;
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$capt = new Captcha();
if (!$capt->check(isset($_POST['captcha']) ? $_POST['captcha'] : '')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if (Db::NO_ERRNO != Db::query(array('DELETE FROM "users" WHERE "counter" = ?', array($_SESSION['id'])), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
$motivation = !empty($_POST['motivation']) ? htmlentities($_POST['motivation'], ENT_QUOTES, 'UTF-8') : false;
if ($motivation) {
Db::query(['UPDATE "deleted_users" SET "motivation" = :motivation WHERE "counter" = :counter', [':motivation' => $motivation, ':counter' => $_SESSION['id']]], Db::NO_RETURN);
}
$user->logout();
die(NERDZ\Core\Utils::jsonResponse('ok', 'Bye :('));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if ($user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ALREADY_LOGGED')));
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php';
$ret = Db::query(['INSERT INTO users ("username","password","name","surname","email","gender","birth_date","lang","board_lang","timezone","remote_addr", "http_user_agent")
VALUES (:username, crypt(:password, gen_salt(\'bf\', 7)) , :name, :surname, :email, :gender, :date, :lang, :lang, :timezone, :remote_addr, :http_user_agent)', [':username' => $userData['username'], ':password' => $userData['password'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':timezone' => $userData['timezone'], ':date' => $birth['date'], ':lang' => $user->getLanguage(), ':remote_addr' => $_SERVER['REMOTE_ADDR'], ':http_user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') : '']], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret));
}
if (!$user->login($userData['username'], $userData['password'], $setCookie = true)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('LOGIN_OK')));
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
$user = new User();
if (isset($_POST['comment'])) {
$message = new NERDZ\Core\Comments();
if (!isset($_POST['hcid']) || !is_numeric($_POST['hcid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hcid'));
}
$id = $_POST['hcid'];
} else {
$message = new NERDZ\Core\Messages();
if (!isset($_POST['hpid']) || !is_numeric($_POST['hpid'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': no hpid'));
}
$id = $_POST['hpid'];
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (isset($_POST['thumb']) && is_numeric($_POST['thumb'])) {
$thumb = (int) $_POST['thumb'];
$dbResponse = $message->setThumbs($id, $thumb, isset($prj));
if ($dbResponse != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($dbResponse));
}
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': 3'));
}
die(NERDZ\Core\Utils::jsonResponse('thumbs', $message->getThumbs($id, isset($prj))));
}
foreach ($userData as $id => $value) {
$userData[$id] = $id == 'password' ? $value : htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
}
//htmlspecialchars empty return values FIX
if (count(array_filter($userData)) != count($userData)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': INVALID UTF-8'));
}
if (!$user->isLogged() && mb_strlen($userData['username'], 'UTF-8') >= 90) {
//Username with convertited entities is too long for Db field
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USERNAME_LONG')));
}
if (isset($userData['email'][350])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MAIL_NOT_VALID')));
}
if (isset($userData['name'][60])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('NAME_LONG')));
}
if (isset($userData['surname'][60])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SURNAME_LONG')));
}
if (!in_array($userData['timezone'], DateTimeZone::listIdentifiers())) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Time zone'));
}
if (!checkdate($birth['birth_month'], $birth['birth_day'], $birth['birth_year'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('DATE_NOT_VALID')));
}
$birth['date'] = $birth['birth_year'] . '/' . $birth['birth_month'] . '/' . $birth['birth_day'];
$userData['gender'] = intval($userData['gender']) == 1 ? 'true' : 'false';
//true = male, false = woman
// if here, user fields are ok
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Notification;
use NERDZ\Core\User;
$notification = new Notification();
$user = new User();
if ($user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('ok', $notification->count(false, true)));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php';
//include $updatedPassword
$params = [':timezone' => $userData['timezone'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':date' => $birth['date'], ':id' => $_SESSION['id']];
if ($updatedPassword) {
$params[':password'] = $userData['password'];
}
$ret = Db::query(['UPDATE users SET "timezone" = :timezone, "name" = :name,
"surname" = :surname,"email" = :email,"gender" = :gender, "birth_date" = :date
' . ($updatedPassword ? ', "password" = crypt(:password, gen_salt(\'bf\', 7))' : '') . ' WHERE counter = :id', $params], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret));
}
if ($updatedPassword && ($cookie = isset($_COOKIE['nerdz_u']))) {
if (!$user->login(User::getUsername(), $userData['password'], $cookie, $_SESSION['mark_offline'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
}
die(NERDZ\Core\Utils::jsonResponse('error', 'OK'));
