if (!NERDZ\Core\Security::refererControl()) { die(NERDZ\Core\Utils::jsonResponse('error', 'CSRF')); } switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') { case 'add': if (empty($_POST['to'])) { if ($prj) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . 'a')); } else { $_POST['to'] = $_SESSION['id']; } } die(NERDZ\Core\Utils::jsonDbResponse($messages->add($_POST['to'], isset($_POST['message']) ? $_POST['message'] : '', ['news' => !empty($_POST['news']), 'issue' => !empty($_POST['issue']), 'project' => $prj, 'language' => !empty($_POST['language']) ? $_POST['language'] : false]))); break; case 'del': if (!isset($_SESSION['delpost']) || empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || $_SESSION['delpost'] != $_POST['hpid'] || !$messages->delete($_POST['hpid'], $prj)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } unset($_SESSION['delpost']); break; case 'delconfirm': $_SESSION['delpost'] = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : -1; die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('ARE_YOU_SURE'))); break; case 'get': if (empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || !($message = Messages::getMessage($_POST['hpid'], $prj))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '2')); } die(NERDZ\Core\Utils::jsonResponse('ok', $message)); break; case 'edit':