<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Comments;
use NERDZ\Core\User;
$user = new User();
$message = new Comments();
if (!$user->isLogged() || empty($_GET['message'])) {
$_GET['message'] = $user->lang('ERROR');
}
$vals = [];
$vals['message_n'] = $message->bbcode($message->parseQuote(htmlspecialchars($_GET['message'], ENT_QUOTES, 'UTF-8')));
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/preview');
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
use NERDZ\Core\Comments;
use NERDZ\Core\Messages;
use NERDZ\Core\Gravatar;
use NERDZ\Core\System;
use NERDZ\Core\User;
$prj = isset($prj);
$user = new User();
$comments = new Comments();
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'get':
$hcid = isset($_POST['hcid']) && is_numeric($_POST['hcid']) ? $_POST['hcid'] : false;
if (!$hcid) {
die($user->lang('ERROR') . ': no hcid');
}
$vals = [];
$vals['list_a'] = $comments->get($hcid, $prj);
$vals['showform_b'] = false;
$vals['needmorebtn_b'] = false;
$vals['commentcount_n'] = 0;
$vals['hpid_n'] = 0;
$vals['onerrorimgurl_n'] = System::getResourceDomain() . '/static/images/red_x.png';
$user->getTPL()->assign($vals);
$user->getTPL()->draw(($prj ? 'project' : 'profile') . '/comments');
public function edit($hpid, $message, $project = false)
{
$message = Comments::parseQuote(htmlspecialchars($message, ENT_QUOTES, 'UTF-8'));
$table = ($project ? 'groups_' : '') . 'posts';
if (!($obj = Db::query(['SELECT "from","to","pid" FROM "' . $table . '" WHERE "hpid" = :hpid', [':hpid' => $hpid]], Db::FETCH_OBJ)) || !$this->canEdit(['from' => $obj->from, 'to' => $obj->to], $project)) {
return 'ERROR';
}
return Db::query(['UPDATE "' . $table . '" SET "message" = :message WHERE "hpid" = :hpid', [':message' => $message, ':hpid' => $hpid]], Db::FETCH_ERRSTR);
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Comments;
$user = new User();
$comments = new Comments();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'CSRF'));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'add':
$hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false;
if (!$hpid) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
die(NERDZ\Core\Utils::jsonDbResponse($comments->add($hpid, $_POST['message'], $prj)));
case 'del':
$hcid = isset($_POST['hcid']) && is_numeric($_POST['hcid']) ? $_POST['hcid'] : false;
if (!$hcid || !$comments->delete($hcid, $prj)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
break;
case 'get':
if (empty($_POST['hcid']) || !($message = Comments::getMessage($_POST['hcid'], $prj))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));