private function getArray($res, $hpid, $luck, $project, $blist, $gravurl, $users, $cg, $times, $lkd, $glue)
{
$i = 0;
$ret = [];
while ($o = $res->fetch(PDO::FETCH_OBJ)) {
if (in_array($o->from, $blist)) {
continue;
}
$ret[$i]['fromid_n'] = $o->from;
$ret[$i]['gravatarurl_n'] = $gravurl[$o->from];
$ret[$i]['toid_n'] = $o->to;
$ret[$i]['from_n'] = $users[$o->from];
$ret[$i]['uid_n'] = "c{$o->hcid}";
$ret[$i]['from4link_n'] = Utils::userLink($users[$o->from]);
$ret[$i]['message_n'] = parent::bbcode($o->message, 1, $cg, 1, $o->hcid);
$ret[$i]['datetime_n'] = $this->user->getDateTime($o->time);
$ret[$i]['timestamp_n'] = $o->time;
$ret[$i]['hcid_n'] = $o->hcid;
$ret[$i]['hpid_n'] = $hpid;
$ret[$i]['thumbs_n'] = $this->getThumbs($o->hcid, $project);
$ret[$i]['uthumb_n'] = $this->getUserThumb($o->hcid, $project);
$ret[$i]['revisions_n'] = $this->getRevisionsNumber($o->hcid, $project);
$ret[$i]['caneditcomment_b'] = $this->canEdit((array) $o);
if ($luck) {
$ret[$i]['canshowlock_b'] = false;
if (isset($lkd[$o->from]) && !in_array($o->from, $times) && $_SESSION['id'] != $o->from) {
$ret[$i]['lock_b'] = true;
$times[] = $o->from;
$ret[$i]['canshowlock_b'] = true;
} elseif (!in_array($o->from, $times) && $_SESSION['id'] != $o->from) {
$ret[$i]['lock_b'] = false;
$times[] = $o->from;
$ret[$i]['canshowlock_b'] = true;
}
} else {
$ret[$i]['canshowlock_b'] = $ret[$i]['lock_b'] = false;
}
$ret[$i]['canremove_b'] = $this->canRemove((array) $o, $project);
++$i;
}
if ($this->user->isLogged() && $i > 1) {
Db::query(array('DELETE FROM "' . $glue . 'comments_notify" WHERE "to" = ? AND "hpid" = ?', array($_SESSION['id'], $hpid)), Db::NO_RETURN);
}
return $ret;
}
public function read($fromid, $toid, $time, $pmid)
{
$ret = [];
if (!is_numeric($fromid) || !is_numeric($toid) || !is_numeric($pmid) || !in_array($_SESSION['id'], array($fromid, $toid)) || !($res = Db::query(array('SELECT "message","to_read" FROM "pms" WHERE "from" = :from AND "to" = :to AND "pmid" = :pmid', array(':from' => $fromid, ':to' => $toid, ':pmid' => $pmid)), Db::FETCH_STMT))) {
return false;
}
if ($o = $res->fetch(PDO::FETCH_OBJ)) {
$from = User::getUsername($fromid);
$ret['from4link_n'] = \NERDZ\Core\Utils::userLink($from);
$ret['from_n'] = $from;
$ret['datetime_n'] = $this->user->getDateTime($time);
$ret['fromid_n'] = $fromid;
$ret['toid_n'] = $toid;
$ret['message_n'] = parent::bbcode($o->message);
$ret['read_b'] = $o->to_read;
$ret['pmid_n'] = $pmid;
$ret['timestamp_n'] = $time;
}
return $ret;
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Messages;
$messages = new Messages();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR') . ': referer'));
}
$hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false;
if (!$hpid) {
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR')));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower(trim($_GET['action'])) : '') {
case 'open':
die(NERDZ\Core\Utils::jsonDbResponse($messages->reOpen($hpid, $prj)));
case 'close':
die(NERDZ\Core\Utils::jsonDbResponse($messages->close($hpid, $prj)));
default:
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR')));
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\Db;
$user = new Messages();
$ncode = isset($_GET['ncode']) && is_numeric($_GET['ncode']) && intval($_GET['ncode']) > 0 ? $_GET['ncode'] : 1;
--$ncode;
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
$id = intval($_GET['id']);
} else {
if (isset($_GET['gid']) && is_numeric($_GET['gid'])) {
$gid = intval($_GET['gid']);
}
}
if (!isset($id) || !isset($gid)) {
if (isset($_GET['pcid']) && is_numeric($_GET['pcid'])) {
$pcid = intval($_GET['pcid']);
}
if (isset($_GET['gcid']) && is_numeric($_GET['gcid'])) {
$gcid = intval($_GET['gcid']);
}
}
if ((isset($id) || isset($gid)) && isset($_GET['pid']) && is_numeric($_GET['pid'])) {
$pid = intval($_GET['pid']);
}
if ((isset($id) || isset($gid)) && isset($pid)) {
$new = isset($id) ? $id : $gid;
if (!($o = Db::query(['SELECT "message" FROM "' . (isset($id) ? '' : 'groups_') . 'posts" WHERE "pid" = :pid AND "to" = :new', [':pid' => $pid, ':new' => $new]], Db::FETCH_OBJ))) {
die('Error');
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\User;
$messages = new Messages();
$user = new User();
$prj = isset($prj);
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'CSRF'));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'add':
if (empty($_POST['to'])) {
if ($prj) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . 'a'));
} else {
$_POST['to'] = $_SESSION['id'];
}
}
die(NERDZ\Core\Utils::jsonDbResponse($messages->add($_POST['to'], isset($_POST['message']) ? $_POST['message'] : '', ['news' => !empty($_POST['news']), 'issue' => !empty($_POST['issue']), 'project' => $prj, 'language' => !empty($_POST['language']) ? $_POST['language'] : false])));
break;
case 'del':
if (!isset($_SESSION['delpost']) || empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || $_SESSION['delpost'] != $_POST['hpid'] || !$messages->delete($_POST['hpid'], $prj)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
unset($_SESSION['delpost']);
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Config;
$messages = new Messages();
$user = new User();
$tplcfg = $user->getTemplateCfg();
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false;
// intval below
$pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false;
$action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false);
$found = true;
if ($id) {
$id = intval($id);
//intval here, so we can display the user not found message
if (false === ($info = $user->getObject($id))) {
$username = $user->lang('USER_NOT_FOUND');
$found = false;
$post = new stdClass();
$post->message = '';
} else {
$username = $info->username;
if ($pid && !$user->hasInBlacklist($id)) {
if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) {
$post = new stdClass();
$post->message = '';
}
<?php
if (empty($hpid)) {
die('$hpid required');
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
use NERDZ\Core\Messages;
$prj = isset($prj);
$messages = new Messages();
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->assign($messages->getPost($hpid, ['project' => $prj]));
if (isset($draw)) {
$user->getTPL()->draw(($prj ? 'project' : 'profile') . '/post');
} else {
return $user->getTPL()->draw(($prj ? 'project' : 'profile') . '/post', true);
}
if (is_numeric(strpos($projectData['name'], '#'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': #'));
}
if (is_numeric(strpos($projectData['name'], '+'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': +'));
}
if (is_numeric(strpos($projectData['name'], '&'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': &'));
}
if (is_numeric(strpos($projectData['name'], '%'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': %'));
}
if (mb_strlen($projectData['name'], 'UTF-8') < Config\MIN_LENGTH_USER) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USERNAME_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_USER));
}
if ($projectData['name'] !== Messages::stripTags($projectData['name'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': BBCode or [ ]'));
}
}
if (isset($create)) {
if (mb_strlen($projectData['name'], 'UTF-8') >= 30) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USERNAME_LONG')));
}
}
if (!isset($_POST['goal'])) {
$_POST['goal'] = '';
}
if (!isset($_POST['website'])) {
$_POST['website'] = '';
}
if (!empty($_POST['website']) && !Utils::isValidURL($_POST['website'])) {
if (is_numeric(strpos(html_entity_decode($userData['username'], ENT_QUOTES, 'UTF-8'), '#'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . ": {$userData['username']}\n" . $user->lang('CHAR_NOT_ALLOWED') . ': #'));
}
if (is_numeric(strpos($userData['username'], '+'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': +'));
}
if (is_numeric(strpos($userData['username'], '&'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': &'));
}
if (is_numeric(strpos($userData['username'], '%'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': %'));
}
if (filter_var($userData['username'], FILTER_VALIDATE_EMAIL)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('USERNAME_CANT_BE_EMAIL')));
}
if ($userData['username'] !== Messages::stripTags($userData['username'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': BBCode or [ ]'));
}
}
switch (Security::passwordControl($userData['password'])) {
case 'PASSWORD_SHORT':
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_PASS));
case 'PASSWORD_LONG':
if (!$user->isLogged() || $updatedPassword) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_LONG')));
}
}
if (mb_strlen($userData['name'], 'UTF-8') < Config\MIN_LENGTH_NAME) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('NAME_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_NAME));
}
if (mb_strlen($userData['surname'], 'UTF-8') < Config\MIN_LENGTH_SURNAME) {
public function bbcode($str, $truncate = null, $type = NULL, $pid = NULL, $id = NULL)
{
//evitare il parsing del bbcode nel tag code
$codes = $this->getCodes($str);
$index = 0;
foreach ($codes as $code) {
$totalcode = $code['code'];
$lang = $code['lang'];
$str = str_ireplace("[code={$lang}]{$totalcode}[/code]", ">>>{$index}<<<", $str);
++$index;
}
$domain = System::getResourceDomain();
$str = static::hashtag($str);
$str = str_replace("\n", '<br />', $str);
$validURL = function ($m) {
$m[1] = trim($m[1]);
if (!Utils::isValidURL($m[1])) {
$m[1] = 'http://' . $m[1];
if (!Utils::isValidURL($m[1])) {
return '<b>' . $this->user->lang('INVALID_URL') . '</b>';
}
}
$url = preg_match('#^(?:https?|ftp):\\/\\/#i', $m[1]) ? $m[1] : 'http://' . $m[1];
return isset($m[2]) ? '<a href="' . Messages::stripTags($url) . '" onclick="window.open(this.href); return false">' . $m[2] . '</a>' : '<a href="' . Messages::stripTags($url) . '" onclick="window.open(this.href); return false">' . $m[1] . '</a>';
};
$str = preg_replace_callback('#\\[url="(.+?)"\\](.+?)\\[/url\\]#i', function ($m) use($validURL) {
return $validURL($m);
}, $str);
$str = preg_replace_callback('#\\[url=(.+?)\\](.+?)\\[/url\\]#i', function ($m) use($validURL) {
return $validURL($m);
}, $str);
$str = preg_replace_callback('#\\[url\\](.+?)\\[/url\\]#i', function ($m) use($validURL) {
return $validURL($m);
}, $str);
$str = preg_replace('#\\[i\\](.+?)\\[/i\\]#i', '<span style="font-style:italic">$1</span>', $str);
$str = preg_replace('#\\[cur\\](.+?)\\[/cur\\]#i', '<span style="font-style:italic">$1</span>', $str);
$str = preg_replace('#\\[gist\\]([0-9a-z]+)\\[/gist\\]#i', '<div class="gistLoad" data-id="$1" id="gist-$1">' . $this->user->lang('LOADING') . '...</div>', $str);
$str = preg_replace('#\\[b\\](.+?)\\[/b\\]#i', '<span style="font-weight:bold">$1</span>', $str);
$str = preg_replace('#\\[del\\](.+?)\\[/del\\]#i', '<del>$1</del>', $str);
$str = preg_replace('#\\[u\\](.+?)\\[/u\\]#i', '<u>$1</u>', $str);
$str = preg_replace('#\\[hr\\]#i', '<hr style="clear:both" />', $str);
$str = preg_replace('#\\[small\\](.+?)\\[/small\\]#i', '<span style="font-size:7pt">$1</span>', $str);
$str = preg_replace('#\\[big\\](.+?)\\[/big\\]#i', '<span style="font-size:14pt">$1</span>', $str);
$str = preg_replace('#\\[wat\\]#i', '<span style="font-size:22pt">WAT</span>', $str);
$str = preg_replace_callback('#\\[user\\](.+?)\\[/user\\]#i', function ($m) {
return '<a href="/' . Utils::userLink($m[1]) . "\">{$m[1]}</a>";
}, $str);
$str = preg_replace_callback('#\\[project\\](.+?)\\[/project\\]#i', function ($m) {
return '<a href="/' . Utils::projectLink($m[1]) . "\">{$m[1]}</a>";
}, $str);
$str = preg_replace_callback('#\\[wiki=([a-z]{2})\\](.+?)\\[/wiki\\]#i', function ($m) {
return '<a href="http://' . $m[1] . '.wikipedia.org/wiki/' . urlencode(str_replace(' ', '_', html_entity_decode($m[2], ENT_QUOTES, 'UTF-8'))) . "\" onclick=\"window.open(this.href); return false\">{$m[2]} @Wikipedia - {$m[1]}</a>";
}, $str);
$str = preg_replace_callback("#(\\[math\\]|\\[m\\])(.+?)(\\[/math\\]|\\[/m\\])#i", function ($m) {
return $m[1] . strip_tags($m[2]) . $m[3];
}, $str);
$str = preg_replace_callback('#\\[list\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[1]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ul>';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ul>';
return $ret;
}, $str, 20);
//ok
$str = preg_replace_callback('#\\[list[\\s]+type="(1|a|i)"\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[2]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ol type="' . $m[1] . '">';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ol>';
return $ret;
}, $str, 10);
//ok
$str = preg_replace_callback('#\\[list[\\s]+start="(\\-?\\d+)"\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[2]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ol start="' . $m[1] . '">';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ol>';
return $ret;
}, $str, 10);
//ok
$str = preg_replace_callback('#\\[list[\\s]+start="(\\-?\\d+)"[\\s]+type="(1|a|i)"\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[3]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ol start="' . $m[1] . '" type="' . $m[2] . '">';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ol>';
return $ret;
}, $str, 10);
//ok
$str = preg_replace_callback('#\\[list[\\s]+type="(1|a|i)"[\\s]+start="(\\-?\\d+)"\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[3]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ol start="' . $m[2] . '" type="' . $m[1] . '">';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ol>';
return $ret;
}, $str, 10);
// Quote in comments, new version
while (preg_match('#\\[commentquote=(.+?)\\](.+?)\\[/commentquote\\]#i', $str)) {
$str = preg_replace_callback('#\\[commentquote=(.+?)\\](.+?)\\[/commentquote\\]#i', function ($m) {
return '<div class="qu_main"><div class="qu_user">' . $m[1] . '</div>' . $m[2] . '</div>';
}, $str, 1);
}
while (preg_match('#\\[quote=(.+?)\\](.+?)\\[/quote\\]#i', $str)) {
$str = preg_replace_callback('#\\[quote=(.+?)\\](.+?)\\[/quote\\]#i', function ($m) use($domain) {
return '<div class="quote">
<div style="font-weight: bold">' . $m[1] . ':</div>
<span style="float: left; margin-top: 5px">
<img src="' . $domain . '/static/images/oquotes.gif" alt="quote" width="20" height="11" />
</span>
<div style="font-style:italic">
<blockquote style="margin-left: 3%">' . trim($m[2]) . '</blockquote>
</div>
<span style="float: right">
<img src="' . $domain . '/static/images/cquotes.gif" alt="cquote" width="20" height="11" />
</span>
</div>';
}, $str, 1);
}
while (preg_match('#\\[quote\\](.+?)\\[/quote\\]#i', $str)) {
$str = preg_replace_callback('#\\[quote\\](.+?)\\[/quote\\]#i', function ($m) use($domain) {
return '<div class="quote">
<span style="float: left; margin-top: 5px">
<img src="' . $domain . '/static/images/oquotes.gif" alt="quote" width="20" height="11" />
</span>
<div style="font-style:italic">
<blockquote style="margin-left: 3%">' . trim($m[1]) . '</blockquote>
</div>
<span style="float: right">
<img src="' . $domain . '/static/images/cquotes.gif" alt="cquote" width="20" height="11" />
</span>
</div>';
}, $str, 1);
}
while (preg_match('#\\[spoiler\\](.+?)\\[/spoiler\\]#i', $str)) {
$str = preg_replace('#\\[spoiler\\](.+?)\\[/spoiler]#i', '<div class="spoiler" onclick="var c = $(this).children(\'div\'); c.toggle(\'fast\'); c.on(\'click\',function(e) {e.stopPropagation();});">
<span style="font-weight: bold; cursor:pointer">SPOILER:</span>
<div style="display:none"><hr /></div>
<div style="display:none; margin-left:3%;overflow:hidden">$1</div>
</div>', $str, 1);
}
while (preg_match('#\\[spoiler=(.+?)\\](.+?)\\[/spoiler\\]#i', $str)) {
$str = preg_replace('#\\[spoiler=(.+?)\\](.+?)\\[/spoiler]#i', '<div class="spoiler" onclick="var c = $(this).children(\'div\'); c.toggle(\'fast\'); c.on(\'click\',function(e) {e.stopPropagation();});">
<span style="font-weight: bold; cursor:pointer">$1:</span>
<div style="display:none"><hr /></div>
<div style="display:none; margin-left:3%;overflow:hidden">$2</div>
</div>', $str, 1);
}
$str = preg_replace_callback('#\\[music\\]\\s*(.+?)\\s*\\[/music\\]#i', function ($m) use($truncate) {
$uri = strip_tags(html_entity_decode($m[1], ENT_QUOTES, 'UTF-8'));
if (stripos($uri, 'spotify') !== false) {
if (preg_match('#^(?:spotify:track:[\\d\\w]+)|(?:spotify:user:[\\w\\d]+:playlist:[\\w\\d]+)$#i', $uri)) {
$ID = $uri;
} else {
if (preg_match('#^https?://(?:open|play)\\.spotify\\.com/track/[\\w\\d]+$#i', $uri)) {
$ID = 'spotify:track:' . basename($uri);
} else {
if (preg_match('#^https?://(?:open|play)\\.spotify\\.com/user/([\\w\\d]+)/playlist/[\\w\\d]+#i', $uri, $matches)) {
$ID = "spotify:user:{$matches[1]}:playlist:" . basename($uri);
} else {
return $m[0];
}
}
}
return '<iframe src="https://embed.spotify.com/?uri=' . $ID . '" width="300" height="80" frameborder="0" allowtransparency="true"></iframe>';
} else {
if (preg_match('#^https?://soundcloud\\.com/\\S+/\\S+$#i', $uri)) {
return '<iframe width="100%" height="166" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=' . rawurlencode($uri) . '"></iframe>';
} else {
if (preg_match('#^https?://(?:www\\.)?deezer\\.com/(track|album|playlist)/(\\d+)$#', $uri, $match)) {
$a_type = $match[1] . ($match[1] == 'track' ? 's' : '');
$a_height = $truncate ? '80' : '240';
return "<iframe src='//www.deezer.com/plugins/player?height={$a_height}&type={$a_type}&id={$match[2]}' width='100%' height='{$a_height}' scrolling='no' frameborder='no'></iframe>";
} else {
if (filter_var($uri, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED)) {
return '<audio preload="none" controls src="' . htmlspecialchars($uri, ENT_QUOTES, 'UTF-8') . '"></audio>';
} else {
return $m[0];
}
}
}
}
}, $str, 10);
$str = preg_replace_callback('#\\[twitter\\]\\s*(.+?)\\s*\\[/twitter\\]#i', function ($m) use($truncate) {
// The reason for the 'data-uuid' attribute is in the jclass.js file, in the loadTweet function.
// with a fixed height (220px - when truncate is true - js trimmer can handle post size
if (!(is_numeric($m[1]) || Utils::isValidURL($m[1]))) {
return $m[0];
}
return '<img data-id="' . htmlspecialchars($m[1], ENT_QUOTES, 'UTF-8') . '" data-uuid="' . mt_rand() . '" src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" onload="N.loadTweet(this)"' . ($truncate ? ' height="220"' : '') . '>';
}, $str, 10);
if ($truncate) {
$videoCallback = function ($m) {
$v_url = html_entity_decode($m[1], ENT_QUOTES, 'UTF-8');
$output = [];
if (preg_match(static::YOUTUBE_REGEXP, $v_url, $match)) {
$output = ['youtube', $match[1], '//i1.ytimg.com/vi/' . $match[1] . '/hqdefault.jpg', 130];
} else {
if (preg_match(static::VIMEO_REGEXP, $v_url, $match)) {
$output = ['vimeo', $match[1], 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==', 130, 'N.vimeoThumbnail(this)'];
} else {
if (preg_match(static::DMOTION_REGEXP, $v_url, $match)) {
$output = ['dailymotion', $match[1], 'https://www.dailymotion.com/thumbnail/video/' . $match[1], 100];
} else {
if (preg_match(static::FACEBOOK_REGEXP, $v_url, $match)) {
$output = ['facebook', $match[1], 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==', 100, 'N.facebookThumbnail(this)'];
} else {
if (preg_match(static::NERDZCRUSH_REGEXP, $v_url, $match)) {
$output = ['nerdzcrush', $match[1], 'https://media.nerdz.eu/' . $match[1] . '.jpg', 130];
} else {
return $m[0];
}
}
}
}
}
return '<a class="yt_frame" data-vid="' . $output[1] . '" data-host="' . $output[0] . '">' . '<span>' . $this->user->lang('VIDEO') . '</span>' . '<img src="' . $output[2] . '" alt="" width="130" height="' . $output[3] . '" style="float:left;margin-right:4px"' . (isset($output[4]) ? 'onload="' . $output[4] . '"' : '') . ' />' . '</a>';
};
$str = preg_replace_callback('#\\[video\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/video\\]#i', $videoCallback, $str, 10);
// don't break older posts and preserve the [yt] and [youtube] tags.
$str = preg_replace_callback('#\\[yt\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/yt\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[youtube\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/youtube\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[img\\](.+?)\\[/img\\]#i', function ($m) {
$url = Utils::getValidImageURL($m[1]);
return '<a href="' . $url . '" target="_blank" class="img_frame" onclick="$(this).toggleClass(\'img_frame-extended\'); return false;">
<span>
' . $this->user->lang('IMAGES') . '
</span>
<img src="' . $url . '" alt="" onload="N.imgLoad(this)" onerror="N.imgErr(this)" />
</a>';
}, $str, 10);
} else {
$videoCallback = function ($m) {
$v_url = html_entity_decode($m[1], ENT_QUOTES, 'UTF-8');
$iframe_code = '';
if (preg_match(static::YOUTUBE_REGEXP, $v_url, $match)) {
$iframe_code = '<iframe title="YouTube video" style="width:560px; height:340px; border:0px; margin: auto;" src="//www.youtube.com/embed/' . $match[1] . '?wmode=opaque"></iframe>';
} else {
if (preg_match(static::VIMEO_REGEXP, $v_url, $match)) {
$iframe_code = '<iframe src="//player.vimeo.com/video/' . $match[1] . '?badge=0&color=ffffff" width="500" height="281" style="margin: auto" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>';
} else {
if (preg_match(static::DMOTION_REGEXP, $v_url, $match)) {
$iframe_code = '<iframe frameborder="0" style="margin: auto" width="480" height="270" src="//www.dailymotion.com/embed/video/' . $match[1] . '" allowfullscreen></iframe>';
} else {
if (preg_match(static::FACEBOOK_REGEXP, $v_url, $match)) {
$iframe_code = '<iframe style="margin: auto" src="https://www.facebook.com/video/embed?video_id=' . $match[1] . '" frameborder="0"></iframe>';
} else {
if (preg_match(static::NERDZCRUSH_REGEXP, $v_url, $match)) {
$iframe_code = '<div class="nerdzcrush" data-media="' . $match[1] . '#noautoplay,noloop"></div>';
} else {
return $m[0];
}
}
}
}
}
return '<div style="width:100%; text-align:center"><br />' . $iframe_code . '</div>';
};
$str = preg_replace_callback('#\\[video\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/video\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[yt\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/yt\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[youtube\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/youtube\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[img\\](.+?)\\[/img\\]#i', function ($m) {
return '<img src="' . Utils::getValidImageURL($m[1]) . '" alt="" style="max-width: 79%; max-height: 89%" onerror="N.imgErr(this)" />';
}, $str);
}
while ($index > 0) {
--$index;
$lang = $codes[$index]['lang'];
$totalcode = $codes[$index]['code'];
$tag = $codes[$index]['tag'];
$str = str_ireplace(">>>{$index}<<<", "[{$tag}={$lang}]{$totalcode}[/{$tag}]", $str);
}
return $this->parseCode($codes, $str, $type, $pid, $id);
}
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\Utils;
use NERDZ\Core\User;
$user = new User();
$messages = new Messages();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
$url = empty($_POST['url']) ? false : trim($_POST['url']);
$comment = empty($_POST['comment']) ? false : trim($_POST['comment']);
$to = empty($_POST['to']) ? false : trim($_POST['to']);
if (!$url || !Utils::isValidURL($url)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('INVALID_URL')));
}
if ($to) {
if (!User::getUsername($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
} else {
$to = $_SESSION['id'];
}
if ($_SESSION['id'] != $to) {
if ($user->hasClosedProfile($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('CLOSED_PROFILE_DESCR')));
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Project;
use NERDZ\Core\Utils;
use NERDZ\Core\User;
use NERDZ\Core\Config;
use NERDZ\Core\Messages;
$project = new Project($gid);
$messages = new Messages();
$user = new User();
$vals = [];
$enter = true;
$vals['logged_b'] = $user->isLogged();
$vals['singlepost_b'] = isset($pid) && isset($gid) && is_numeric($pid);
$vals['followers_b'] = isset($action) && $action == 'followers';
$vals['members_b'] = isset($action) && $action == 'members';
$vals['interactions_b'] = isset($action) && $action == 'interactions';
if ($info->private && !$vals['logged_b'] || !$info->visible && !$vals['logged_b'] || $vals['interactions_b'] && !$vals['logged_b']) {
$included = true;
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/register.php';
$user->getTPL()->assign($vals);
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->draw('project/private');
} else {
$mem = $project->getMembers($info->counter);
$icansee = true;
if ($vals['logged_b'] && !$info->visible) {
$icansee = $_SESSION['id'] == $project->getOwner() || in_array($_SESSION['id'], $mem);
}
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Project;
use NERDZ\Core\Utils;
use NERDZ\Core\Messages;
$messages = new Messages();
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$order = isset($_GET['asc']) && $_GET['asc'] == 1 ? 'ASC' : 'DESC';
$q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8');
$orderby = 'time';
$prj = isset($_GET['project']);
$vals = [];
$vals['project_b'] = $prj;
if ($prj) {
$orderby = $orderby == 'time' ? 'groups_bookmarks.time' : $orderby;
$query = empty($q) ? array('SELECT p.*, EXTRACT(EPOCH FROM groups_bookmarks.time) AS time FROM "groups_bookmarks" INNER JOIN "groups_posts" p ON p.hpid = groups_bookmarks.hpid WHERE groups_bookmarks.from = ? ORDER BY ' . $orderby . ' ' . $order . ' LIMIT ' . $limit, array($_SESSION['id'])) : array("SELECT p.*, EXTRACT(EPOCH FROM groups_bookmarks.time) AS time FROM groups_bookmarks INNER JOIN groups_posts p ON p.hpid = groups_bookmarks.hpid WHERE groups_bookmarks.from = ? AND CAST({$orderby} AS TEXT) LIKE ? ORDER BY {$orderby} {$order} LIMIT {$limit}", array($_SESSION['id'], "%{$q}%"));
$linkMethod = 'projectLink';
$nameMethod = 'getName';
$object = new Project();
} else {
$orderby = $orderby == 'time' ? 'bookmarks.time' : $orderby;
$query = empty($q) ? array("SELECT p.*, EXTRACT(EPOCH FROM bookmarks.time) AS time FROM bookmarks INNER JOIN posts p ON p.hpid = bookmarks.hpid WHERE bookmarks.from = ? ORDER BY {$orderby} {$order} LIMIT {$limit}", array($_SESSION['id'])) : array("SELECT p.*, EXTRACT(EPOCH FROM bookmarks.time) AS time FROM bookmarks INNER JOIN posts p ON p.hpid = bookmarks.hpid WHERE bookmarks.from = ? AND CAST({$orderby} AS TEXT) LIKE ? ORDER BY {$orderby} {$order} LIMIT {$limit}", array($_SESSION['id'], "%{$q}%"));
$linkMethod = 'userLink';
$nameMethod = 'getUsername';
$object = $user;
}
$vals['list_a'] = [];
if ($r = Db::query($query, Db::FETCH_STMT)) {
$i = 0;
