private function getArray($res, $hpid, $luck, $project, $blist, $gravurl, $users, $cg, $times, $lkd, $glue) { $i = 0; $ret = []; while ($o = $res->fetch(PDO::FETCH_OBJ)) { if (in_array($o->from, $blist)) { continue; } $ret[$i]['fromid_n'] = $o->from; $ret[$i]['gravatarurl_n'] = $gravurl[$o->from]; $ret[$i]['toid_n'] = $o->to; $ret[$i]['from_n'] = $users[$o->from]; $ret[$i]['uid_n'] = "c{$o->hcid}"; $ret[$i]['from4link_n'] = Utils::userLink($users[$o->from]); $ret[$i]['message_n'] = parent::bbcode($o->message, 1, $cg, 1, $o->hcid); $ret[$i]['datetime_n'] = $this->user->getDateTime($o->time); $ret[$i]['timestamp_n'] = $o->time; $ret[$i]['hcid_n'] = $o->hcid; $ret[$i]['hpid_n'] = $hpid; $ret[$i]['thumbs_n'] = $this->getThumbs($o->hcid, $project); $ret[$i]['uthumb_n'] = $this->getUserThumb($o->hcid, $project); $ret[$i]['revisions_n'] = $this->getRevisionsNumber($o->hcid, $project); $ret[$i]['caneditcomment_b'] = $this->canEdit((array) $o); if ($luck) { $ret[$i]['canshowlock_b'] = false; if (isset($lkd[$o->from]) && !in_array($o->from, $times) && $_SESSION['id'] != $o->from) { $ret[$i]['lock_b'] = true; $times[] = $o->from; $ret[$i]['canshowlock_b'] = true; } elseif (!in_array($o->from, $times) && $_SESSION['id'] != $o->from) { $ret[$i]['lock_b'] = false; $times[] = $o->from; $ret[$i]['canshowlock_b'] = true; } } else { $ret[$i]['canshowlock_b'] = $ret[$i]['lock_b'] = false; } $ret[$i]['canremove_b'] = $this->canRemove((array) $o, $project); ++$i; } if ($this->user->isLogged() && $i > 1) { Db::query(array('DELETE FROM "' . $glue . 'comments_notify" WHERE "to" = ? AND "hpid" = ?', array($_SESSION['id'], $hpid)), Db::NO_RETURN); } return $ret; }
public function read($fromid, $toid, $time, $pmid) { $ret = []; if (!is_numeric($fromid) || !is_numeric($toid) || !is_numeric($pmid) || !in_array($_SESSION['id'], array($fromid, $toid)) || !($res = Db::query(array('SELECT "message","to_read" FROM "pms" WHERE "from" = :from AND "to" = :to AND "pmid" = :pmid', array(':from' => $fromid, ':to' => $toid, ':pmid' => $pmid)), Db::FETCH_STMT))) { return false; } if ($o = $res->fetch(PDO::FETCH_OBJ)) { $from = User::getUsername($fromid); $ret['from4link_n'] = \NERDZ\Core\Utils::userLink($from); $ret['from_n'] = $from; $ret['datetime_n'] = $this->user->getDateTime($time); $ret['fromid_n'] = $fromid; $ret['toid_n'] = $toid; $ret['message_n'] = parent::bbcode($o->message); $ret['read_b'] = $o->to_read; $ret['pmid_n'] = $pmid; $ret['timestamp_n'] = $time; } return $ret; }
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; use NERDZ\Core\Messages; $messages = new Messages(); if (!NERDZ\Core\Security::refererControl()) { die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR') . ': referer')); } $hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false; if (!$hpid) { die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR'))); } $prj = isset($prj); switch (isset($_GET['action']) ? strtolower(trim($_GET['action'])) : '') { case 'open': die(NERDZ\Core\Utils::jsonDbResponse($messages->reOpen($hpid, $prj))); case 'close': die(NERDZ\Core\Utils::jsonDbResponse($messages->close($hpid, $prj))); default: die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR'))); }
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Messages; use NERDZ\Core\Db; $user = new Messages(); $ncode = isset($_GET['ncode']) && is_numeric($_GET['ncode']) && intval($_GET['ncode']) > 0 ? $_GET['ncode'] : 1; --$ncode; if (isset($_GET['id']) && is_numeric($_GET['id'])) { $id = intval($_GET['id']); } else { if (isset($_GET['gid']) && is_numeric($_GET['gid'])) { $gid = intval($_GET['gid']); } } if (!isset($id) || !isset($gid)) { if (isset($_GET['pcid']) && is_numeric($_GET['pcid'])) { $pcid = intval($_GET['pcid']); } if (isset($_GET['gcid']) && is_numeric($_GET['gcid'])) { $gcid = intval($_GET['gcid']); } } if ((isset($id) || isset($gid)) && isset($_GET['pid']) && is_numeric($_GET['pid'])) { $pid = intval($_GET['pid']); } if ((isset($id) || isset($gid)) && isset($pid)) { $new = isset($id) ? $id : $gid; if (!($o = Db::query(['SELECT "message" FROM "' . (isset($id) ? '' : 'groups_') . 'posts" WHERE "pid" = :pid AND "to" = :new', [':pid' => $pid, ':new' => $new]], Db::FETCH_OBJ))) { die('Error');
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Messages; use NERDZ\Core\User; $messages = new Messages(); $user = new User(); $prj = isset($prj); if (!$user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER'))); } if (!NERDZ\Core\Security::refererControl()) { die(NERDZ\Core\Utils::jsonResponse('error', 'CSRF')); } switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') { case 'add': if (empty($_POST['to'])) { if ($prj) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . 'a')); } else { $_POST['to'] = $_SESSION['id']; } } die(NERDZ\Core\Utils::jsonDbResponse($messages->add($_POST['to'], isset($_POST['message']) ? $_POST['message'] : '', ['news' => !empty($_POST['news']), 'issue' => !empty($_POST['issue']), 'project' => $prj, 'language' => !empty($_POST['language']) ? $_POST['language'] : false]))); break; case 'del': if (!isset($_SESSION['delpost']) || empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || $_SESSION['delpost'] != $_POST['hpid'] || !$messages->delete($_POST['hpid'], $prj)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } unset($_SESSION['delpost']);
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Messages; use NERDZ\Core\Db; use NERDZ\Core\User; use NERDZ\Core\Config; $messages = new Messages(); $user = new User(); $tplcfg = $user->getTemplateCfg(); $id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false; // intval below $pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false; $action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false); $found = true; if ($id) { $id = intval($id); //intval here, so we can display the user not found message if (false === ($info = $user->getObject($id))) { $username = $user->lang('USER_NOT_FOUND'); $found = false; $post = new stdClass(); $post->message = ''; } else { $username = $info->username; if ($pid && !$user->hasInBlacklist($id)) { if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) { $post = new stdClass(); $post->message = ''; }
<?php if (empty($hpid)) { die('$hpid required'); } require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML')); use NERDZ\Core\Messages; $prj = isset($prj); $messages = new Messages(); require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php'; $user->getTPL()->assign($messages->getPost($hpid, ['project' => $prj])); if (isset($draw)) { $user->getTPL()->draw(($prj ? 'project' : 'profile') . '/post'); } else { return $user->getTPL()->draw(($prj ? 'project' : 'profile') . '/post', true); }
if (is_numeric(strpos($projectData['name'], '#'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': #')); } if (is_numeric(strpos($projectData['name'], '+'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': +')); } if (is_numeric(strpos($projectData['name'], '&'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': &')); } if (is_numeric(strpos($projectData['name'], '%'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': %')); } if (mb_strlen($projectData['name'], 'UTF-8') < Config\MIN_LENGTH_USER) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USERNAME_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_USER)); } if ($projectData['name'] !== Messages::stripTags($projectData['name'])) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': BBCode or [ ]')); } } if (isset($create)) { if (mb_strlen($projectData['name'], 'UTF-8') >= 30) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USERNAME_LONG'))); } } if (!isset($_POST['goal'])) { $_POST['goal'] = ''; } if (!isset($_POST['website'])) { $_POST['website'] = ''; } if (!empty($_POST['website']) && !Utils::isValidURL($_POST['website'])) {
if (is_numeric(strpos(html_entity_decode($userData['username'], ENT_QUOTES, 'UTF-8'), '#'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . ": {$userData['username']}\n" . $user->lang('CHAR_NOT_ALLOWED') . ': #')); } if (is_numeric(strpos($userData['username'], '+'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': +')); } if (is_numeric(strpos($userData['username'], '&'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': &')); } if (is_numeric(strpos($userData['username'], '%'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': %')); } if (filter_var($userData['username'], FILTER_VALIDATE_EMAIL)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('USERNAME_CANT_BE_EMAIL'))); } if ($userData['username'] !== Messages::stripTags($userData['username'])) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': BBCode or [ ]')); } } switch (Security::passwordControl($userData['password'])) { case 'PASSWORD_SHORT': die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_PASS)); case 'PASSWORD_LONG': if (!$user->isLogged() || $updatedPassword) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_LONG'))); } } if (mb_strlen($userData['name'], 'UTF-8') < Config\MIN_LENGTH_NAME) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('NAME_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_NAME)); } if (mb_strlen($userData['surname'], 'UTF-8') < Config\MIN_LENGTH_SURNAME) {
public function bbcode($str, $truncate = null, $type = NULL, $pid = NULL, $id = NULL) { //evitare il parsing del bbcode nel tag code $codes = $this->getCodes($str); $index = 0; foreach ($codes as $code) { $totalcode = $code['code']; $lang = $code['lang']; $str = str_ireplace("[code={$lang}]{$totalcode}[/code]", ">>>{$index}<<<", $str); ++$index; } $domain = System::getResourceDomain(); $str = static::hashtag($str); $str = str_replace("\n", '<br />', $str); $validURL = function ($m) { $m[1] = trim($m[1]); if (!Utils::isValidURL($m[1])) { $m[1] = 'http://' . $m[1]; if (!Utils::isValidURL($m[1])) { return '<b>' . $this->user->lang('INVALID_URL') . '</b>'; } } $url = preg_match('#^(?:https?|ftp):\\/\\/#i', $m[1]) ? $m[1] : 'http://' . $m[1]; return isset($m[2]) ? '<a href="' . Messages::stripTags($url) . '" onclick="window.open(this.href); return false">' . $m[2] . '</a>' : '<a href="' . Messages::stripTags($url) . '" onclick="window.open(this.href); return false">' . $m[1] . '</a>'; }; $str = preg_replace_callback('#\\[url="(.+?)"\\](.+?)\\[/url\\]#i', function ($m) use($validURL) { return $validURL($m); }, $str); $str = preg_replace_callback('#\\[url=(.+?)\\](.+?)\\[/url\\]#i', function ($m) use($validURL) { return $validURL($m); }, $str); $str = preg_replace_callback('#\\[url\\](.+?)\\[/url\\]#i', function ($m) use($validURL) { return $validURL($m); }, $str); $str = preg_replace('#\\[i\\](.+?)\\[/i\\]#i', '<span style="font-style:italic">$1</span>', $str); $str = preg_replace('#\\[cur\\](.+?)\\[/cur\\]#i', '<span style="font-style:italic">$1</span>', $str); $str = preg_replace('#\\[gist\\]([0-9a-z]+)\\[/gist\\]#i', '<div class="gistLoad" data-id="$1" id="gist-$1">' . $this->user->lang('LOADING') . '...</div>', $str); $str = preg_replace('#\\[b\\](.+?)\\[/b\\]#i', '<span style="font-weight:bold">$1</span>', $str); $str = preg_replace('#\\[del\\](.+?)\\[/del\\]#i', '<del>$1</del>', $str); $str = preg_replace('#\\[u\\](.+?)\\[/u\\]#i', '<u>$1</u>', $str); $str = preg_replace('#\\[hr\\]#i', '<hr style="clear:both" />', $str); $str = preg_replace('#\\[small\\](.+?)\\[/small\\]#i', '<span style="font-size:7pt">$1</span>', $str); $str = preg_replace('#\\[big\\](.+?)\\[/big\\]#i', '<span style="font-size:14pt">$1</span>', $str); $str = preg_replace('#\\[wat\\]#i', '<span style="font-size:22pt">WAT</span>', $str); $str = preg_replace_callback('#\\[user\\](.+?)\\[/user\\]#i', function ($m) { return '<a href="/' . Utils::userLink($m[1]) . "\">{$m[1]}</a>"; }, $str); $str = preg_replace_callback('#\\[project\\](.+?)\\[/project\\]#i', function ($m) { return '<a href="/' . Utils::projectLink($m[1]) . "\">{$m[1]}</a>"; }, $str); $str = preg_replace_callback('#\\[wiki=([a-z]{2})\\](.+?)\\[/wiki\\]#i', function ($m) { return '<a href="http://' . $m[1] . '.wikipedia.org/wiki/' . urlencode(str_replace(' ', '_', html_entity_decode($m[2], ENT_QUOTES, 'UTF-8'))) . "\" onclick=\"window.open(this.href); return false\">{$m[2]} @Wikipedia - {$m[1]}</a>"; }, $str); $str = preg_replace_callback("#(\\[math\\]|\\[m\\])(.+?)(\\[/math\\]|\\[/m\\])#i", function ($m) { return $m[1] . strip_tags($m[2]) . $m[3]; }, $str); $str = preg_replace_callback('#\\[list\\](.+?)\\[\\/list\\]#i', function ($m) { $arr = array_filter(explode('[*]', trim(trim($m[1]), '<br />'))); if (empty($arr)) { return $m[0]; } $ret = '<ul>'; foreach ($arr as $v) { $ret .= '<li>' . trim($v) . '</li>'; } $ret .= '</ul>'; return $ret; }, $str, 20); //ok $str = preg_replace_callback('#\\[list[\\s]+type="(1|a|i)"\\](.+?)\\[\\/list\\]#i', function ($m) { $arr = array_filter(explode('[*]', trim(trim($m[2]), '<br />'))); if (empty($arr)) { return $m[0]; } $ret = '<ol type="' . $m[1] . '">'; foreach ($arr as $v) { $ret .= '<li>' . trim($v) . '</li>'; } $ret .= '</ol>'; return $ret; }, $str, 10); //ok $str = preg_replace_callback('#\\[list[\\s]+start="(\\-?\\d+)"\\](.+?)\\[\\/list\\]#i', function ($m) { $arr = array_filter(explode('[*]', trim(trim($m[2]), '<br />'))); if (empty($arr)) { return $m[0]; } $ret = '<ol start="' . $m[1] . '">'; foreach ($arr as $v) { $ret .= '<li>' . trim($v) . '</li>'; } $ret .= '</ol>'; return $ret; }, $str, 10); //ok $str = preg_replace_callback('#\\[list[\\s]+start="(\\-?\\d+)"[\\s]+type="(1|a|i)"\\](.+?)\\[\\/list\\]#i', function ($m) { $arr = array_filter(explode('[*]', trim(trim($m[3]), '<br />'))); if (empty($arr)) { return $m[0]; } $ret = '<ol start="' . $m[1] . '" type="' . $m[2] . '">'; foreach ($arr as $v) { $ret .= '<li>' . trim($v) . '</li>'; } $ret .= '</ol>'; return $ret; }, $str, 10); //ok $str = preg_replace_callback('#\\[list[\\s]+type="(1|a|i)"[\\s]+start="(\\-?\\d+)"\\](.+?)\\[\\/list\\]#i', function ($m) { $arr = array_filter(explode('[*]', trim(trim($m[3]), '<br />'))); if (empty($arr)) { return $m[0]; } $ret = '<ol start="' . $m[2] . '" type="' . $m[1] . '">'; foreach ($arr as $v) { $ret .= '<li>' . trim($v) . '</li>'; } $ret .= '</ol>'; return $ret; }, $str, 10); // Quote in comments, new version while (preg_match('#\\[commentquote=(.+?)\\](.+?)\\[/commentquote\\]#i', $str)) { $str = preg_replace_callback('#\\[commentquote=(.+?)\\](.+?)\\[/commentquote\\]#i', function ($m) { return '<div class="qu_main"><div class="qu_user">' . $m[1] . '</div>' . $m[2] . '</div>'; }, $str, 1); } while (preg_match('#\\[quote=(.+?)\\](.+?)\\[/quote\\]#i', $str)) { $str = preg_replace_callback('#\\[quote=(.+?)\\](.+?)\\[/quote\\]#i', function ($m) use($domain) { return '<div class="quote"> <div style="font-weight: bold">' . $m[1] . ':</div> <span style="float: left; margin-top: 5px"> <img src="' . $domain . '/static/images/oquotes.gif" alt="quote" width="20" height="11" /> </span> <div style="font-style:italic"> <blockquote style="margin-left: 3%">' . trim($m[2]) . '</blockquote> </div> <span style="float: right"> <img src="' . $domain . '/static/images/cquotes.gif" alt="cquote" width="20" height="11" /> </span> </div>'; }, $str, 1); } while (preg_match('#\\[quote\\](.+?)\\[/quote\\]#i', $str)) { $str = preg_replace_callback('#\\[quote\\](.+?)\\[/quote\\]#i', function ($m) use($domain) { return '<div class="quote"> <span style="float: left; margin-top: 5px"> <img src="' . $domain . '/static/images/oquotes.gif" alt="quote" width="20" height="11" /> </span> <div style="font-style:italic"> <blockquote style="margin-left: 3%">' . trim($m[1]) . '</blockquote> </div> <span style="float: right"> <img src="' . $domain . '/static/images/cquotes.gif" alt="cquote" width="20" height="11" /> </span> </div>'; }, $str, 1); } while (preg_match('#\\[spoiler\\](.+?)\\[/spoiler\\]#i', $str)) { $str = preg_replace('#\\[spoiler\\](.+?)\\[/spoiler]#i', '<div class="spoiler" onclick="var c = $(this).children(\'div\'); c.toggle(\'fast\'); c.on(\'click\',function(e) {e.stopPropagation();});"> <span style="font-weight: bold; cursor:pointer">SPOILER:</span> <div style="display:none"><hr /></div> <div style="display:none; margin-left:3%;overflow:hidden">$1</div> </div>', $str, 1); } while (preg_match('#\\[spoiler=(.+?)\\](.+?)\\[/spoiler\\]#i', $str)) { $str = preg_replace('#\\[spoiler=(.+?)\\](.+?)\\[/spoiler]#i', '<div class="spoiler" onclick="var c = $(this).children(\'div\'); c.toggle(\'fast\'); c.on(\'click\',function(e) {e.stopPropagation();});"> <span style="font-weight: bold; cursor:pointer">$1:</span> <div style="display:none"><hr /></div> <div style="display:none; margin-left:3%;overflow:hidden">$2</div> </div>', $str, 1); } $str = preg_replace_callback('#\\[music\\]\\s*(.+?)\\s*\\[/music\\]#i', function ($m) use($truncate) { $uri = strip_tags(html_entity_decode($m[1], ENT_QUOTES, 'UTF-8')); if (stripos($uri, 'spotify') !== false) { if (preg_match('#^(?:spotify:track:[\\d\\w]+)|(?:spotify:user:[\\w\\d]+:playlist:[\\w\\d]+)$#i', $uri)) { $ID = $uri; } else { if (preg_match('#^https?://(?:open|play)\\.spotify\\.com/track/[\\w\\d]+$#i', $uri)) { $ID = 'spotify:track:' . basename($uri); } else { if (preg_match('#^https?://(?:open|play)\\.spotify\\.com/user/([\\w\\d]+)/playlist/[\\w\\d]+#i', $uri, $matches)) { $ID = "spotify:user:{$matches[1]}:playlist:" . basename($uri); } else { return $m[0]; } } } return '<iframe src="https://embed.spotify.com/?uri=' . $ID . '" width="300" height="80" frameborder="0" allowtransparency="true"></iframe>'; } else { if (preg_match('#^https?://soundcloud\\.com/\\S+/\\S+$#i', $uri)) { return '<iframe width="100%" height="166" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=' . rawurlencode($uri) . '"></iframe>'; } else { if (preg_match('#^https?://(?:www\\.)?deezer\\.com/(track|album|playlist)/(\\d+)$#', $uri, $match)) { $a_type = $match[1] . ($match[1] == 'track' ? 's' : ''); $a_height = $truncate ? '80' : '240'; return "<iframe src='//www.deezer.com/plugins/player?height={$a_height}&type={$a_type}&id={$match[2]}' width='100%' height='{$a_height}' scrolling='no' frameborder='no'></iframe>"; } else { if (filter_var($uri, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED)) { return '<audio preload="none" controls src="' . htmlspecialchars($uri, ENT_QUOTES, 'UTF-8') . '"></audio>'; } else { return $m[0]; } } } } }, $str, 10); $str = preg_replace_callback('#\\[twitter\\]\\s*(.+?)\\s*\\[/twitter\\]#i', function ($m) use($truncate) { // The reason for the 'data-uuid' attribute is in the jclass.js file, in the loadTweet function. // with a fixed height (220px - when truncate is true - js trimmer can handle post size if (!(is_numeric($m[1]) || Utils::isValidURL($m[1]))) { return $m[0]; } return '<img data-id="' . htmlspecialchars($m[1], ENT_QUOTES, 'UTF-8') . '" data-uuid="' . mt_rand() . '" src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" onload="N.loadTweet(this)"' . ($truncate ? ' height="220"' : '') . '>'; }, $str, 10); if ($truncate) { $videoCallback = function ($m) { $v_url = html_entity_decode($m[1], ENT_QUOTES, 'UTF-8'); $output = []; if (preg_match(static::YOUTUBE_REGEXP, $v_url, $match)) { $output = ['youtube', $match[1], '//i1.ytimg.com/vi/' . $match[1] . '/hqdefault.jpg', 130]; } else { if (preg_match(static::VIMEO_REGEXP, $v_url, $match)) { $output = ['vimeo', $match[1], 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==', 130, 'N.vimeoThumbnail(this)']; } else { if (preg_match(static::DMOTION_REGEXP, $v_url, $match)) { $output = ['dailymotion', $match[1], 'https://www.dailymotion.com/thumbnail/video/' . $match[1], 100]; } else { if (preg_match(static::FACEBOOK_REGEXP, $v_url, $match)) { $output = ['facebook', $match[1], 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==', 100, 'N.facebookThumbnail(this)']; } else { if (preg_match(static::NERDZCRUSH_REGEXP, $v_url, $match)) { $output = ['nerdzcrush', $match[1], 'https://media.nerdz.eu/' . $match[1] . '.jpg', 130]; } else { return $m[0]; } } } } } return '<a class="yt_frame" data-vid="' . $output[1] . '" data-host="' . $output[0] . '">' . '<span>' . $this->user->lang('VIDEO') . '</span>' . '<img src="' . $output[2] . '" alt="" width="130" height="' . $output[3] . '" style="float:left;margin-right:4px"' . (isset($output[4]) ? 'onload="' . $output[4] . '"' : '') . ' />' . '</a>'; }; $str = preg_replace_callback('#\\[video\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/video\\]#i', $videoCallback, $str, 10); // don't break older posts and preserve the [yt] and [youtube] tags. $str = preg_replace_callback('#\\[yt\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/yt\\]#i', $videoCallback, $str, 10); $str = preg_replace_callback('#\\[youtube\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/youtube\\]#i', $videoCallback, $str, 10); $str = preg_replace_callback('#\\[img\\](.+?)\\[/img\\]#i', function ($m) { $url = Utils::getValidImageURL($m[1]); return '<a href="' . $url . '" target="_blank" class="img_frame" onclick="$(this).toggleClass(\'img_frame-extended\'); return false;"> <span> ' . $this->user->lang('IMAGES') . ' </span> <img src="' . $url . '" alt="" onload="N.imgLoad(this)" onerror="N.imgErr(this)" /> </a>'; }, $str, 10); } else { $videoCallback = function ($m) { $v_url = html_entity_decode($m[1], ENT_QUOTES, 'UTF-8'); $iframe_code = ''; if (preg_match(static::YOUTUBE_REGEXP, $v_url, $match)) { $iframe_code = '<iframe title="YouTube video" style="width:560px; height:340px; border:0px; margin: auto;" src="//www.youtube.com/embed/' . $match[1] . '?wmode=opaque"></iframe>'; } else { if (preg_match(static::VIMEO_REGEXP, $v_url, $match)) { $iframe_code = '<iframe src="//player.vimeo.com/video/' . $match[1] . '?badge=0&color=ffffff" width="500" height="281" style="margin: auto" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>'; } else { if (preg_match(static::DMOTION_REGEXP, $v_url, $match)) { $iframe_code = '<iframe frameborder="0" style="margin: auto" width="480" height="270" src="//www.dailymotion.com/embed/video/' . $match[1] . '" allowfullscreen></iframe>'; } else { if (preg_match(static::FACEBOOK_REGEXP, $v_url, $match)) { $iframe_code = '<iframe style="margin: auto" src="https://www.facebook.com/video/embed?video_id=' . $match[1] . '" frameborder="0"></iframe>'; } else { if (preg_match(static::NERDZCRUSH_REGEXP, $v_url, $match)) { $iframe_code = '<div class="nerdzcrush" data-media="' . $match[1] . '#noautoplay,noloop"></div>'; } else { return $m[0]; } } } } } return '<div style="width:100%; text-align:center"><br />' . $iframe_code . '</div>'; }; $str = preg_replace_callback('#\\[video\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/video\\]#i', $videoCallback, $str, 10); $str = preg_replace_callback('#\\[yt\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/yt\\]#i', $videoCallback, $str, 10); $str = preg_replace_callback('#\\[youtube\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/youtube\\]#i', $videoCallback, $str, 10); $str = preg_replace_callback('#\\[img\\](.+?)\\[/img\\]#i', function ($m) { return '<img src="' . Utils::getValidImageURL($m[1]) . '" alt="" style="max-width: 79%; max-height: 89%" onerror="N.imgErr(this)" />'; }, $str); } while ($index > 0) { --$index; $lang = $codes[$index]['lang']; $totalcode = $codes[$index]['code']; $tag = $codes[$index]['tag']; $str = str_ireplace(">>>{$index}<<<", "[{$tag}={$lang}]{$totalcode}[/{$tag}]", $str); } return $this->parseCode($codes, $str, $type, $pid, $id); }
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Messages; use NERDZ\Core\Utils; use NERDZ\Core\User; $user = new User(); $messages = new Messages(); if (!$user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER'))); } if (!NERDZ\Core\Security::refererControl()) { die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT')); } $url = empty($_POST['url']) ? false : trim($_POST['url']); $comment = empty($_POST['comment']) ? false : trim($_POST['comment']); $to = empty($_POST['to']) ? false : trim($_POST['to']); if (!$url || !Utils::isValidURL($url)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('INVALID_URL'))); } if ($to) { if (!User::getUsername($to)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND'))); } } else { $to = $_SESSION['id']; } if ($_SESSION['id'] != $to) { if ($user->hasClosedProfile($to)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('CLOSED_PROFILE_DESCR')));
<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; use NERDZ\Core\Project; use NERDZ\Core\Utils; use NERDZ\Core\User; use NERDZ\Core\Config; use NERDZ\Core\Messages; $project = new Project($gid); $messages = new Messages(); $user = new User(); $vals = []; $enter = true; $vals['logged_b'] = $user->isLogged(); $vals['singlepost_b'] = isset($pid) && isset($gid) && is_numeric($pid); $vals['followers_b'] = isset($action) && $action == 'followers'; $vals['members_b'] = isset($action) && $action == 'members'; $vals['interactions_b'] = isset($action) && $action == 'interactions'; if ($info->private && !$vals['logged_b'] || !$info->visible && !$vals['logged_b'] || $vals['interactions_b'] && !$vals['logged_b']) { $included = true; require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/register.php'; $user->getTPL()->assign($vals); require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php'; $user->getTPL()->draw('project/private'); } else { $mem = $project->getMembers($info->counter); $icansee = true; if ($vals['logged_b'] && !$info->visible) { $icansee = $_SESSION['id'] == $project->getOwner() || in_array($_SESSION['id'], $mem); }
<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; use NERDZ\Core\Project; use NERDZ\Core\Utils; use NERDZ\Core\Messages; $messages = new Messages(); $limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20; $order = isset($_GET['asc']) && $_GET['asc'] == 1 ? 'ASC' : 'DESC'; $q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8'); $orderby = 'time'; $prj = isset($_GET['project']); $vals = []; $vals['project_b'] = $prj; if ($prj) { $orderby = $orderby == 'time' ? 'groups_bookmarks.time' : $orderby; $query = empty($q) ? array('SELECT p.*, EXTRACT(EPOCH FROM groups_bookmarks.time) AS time FROM "groups_bookmarks" INNER JOIN "groups_posts" p ON p.hpid = groups_bookmarks.hpid WHERE groups_bookmarks.from = ? ORDER BY ' . $orderby . ' ' . $order . ' LIMIT ' . $limit, array($_SESSION['id'])) : array("SELECT p.*, EXTRACT(EPOCH FROM groups_bookmarks.time) AS time FROM groups_bookmarks INNER JOIN groups_posts p ON p.hpid = groups_bookmarks.hpid WHERE groups_bookmarks.from = ? AND CAST({$orderby} AS TEXT) LIKE ? ORDER BY {$orderby} {$order} LIMIT {$limit}", array($_SESSION['id'], "%{$q}%")); $linkMethod = 'projectLink'; $nameMethod = 'getName'; $object = new Project(); } else { $orderby = $orderby == 'time' ? 'bookmarks.time' : $orderby; $query = empty($q) ? array("SELECT p.*, EXTRACT(EPOCH FROM bookmarks.time) AS time FROM bookmarks INNER JOIN posts p ON p.hpid = bookmarks.hpid WHERE bookmarks.from = ? ORDER BY {$orderby} {$order} LIMIT {$limit}", array($_SESSION['id'])) : array("SELECT p.*, EXTRACT(EPOCH FROM bookmarks.time) AS time FROM bookmarks INNER JOIN posts p ON p.hpid = bookmarks.hpid WHERE bookmarks.from = ? AND CAST({$orderby} AS TEXT) LIKE ? ORDER BY {$orderby} {$order} LIMIT {$limit}", array($_SESSION['id'], "%{$q}%")); $linkMethod = 'userLink'; $nameMethod = 'getUsername'; $object = $user; } $vals['list_a'] = []; if ($r = Db::query($query, Db::FETCH_STMT)) { $i = 0;