private function byName($contains, $limit, $project = false)
{
if ($limit) {
$limit = Security::limitControl($limit, 20);
}
if (!$project) {
$table = 'users';
$field = 'username';
$fetcher = $this->user;
} else {
$table = 'groups';
$field = 'name';
$fetcher = $this->project;
}
if (!($stmt = Db::query(['SELECT "' . $field . '" FROM "' . $table . '" u WHERE u.' . $field . ' ILIKE :contains ORDER BY u.' . $field . ' LIMIT ' . $limit, [':contains' => "%{$contains}%"]], Db::FETCH_STMT))) {
return [];
}
$elements = $stmt->fetchAll(PDO::FETCH_COLUMN);
$ret = [];
foreach ($elements as $u) {
$ret[] = $fetcher->getBasicInfo($u);
}
return $ret;
}
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
$validFields = ['name', 'description'];
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC';
$q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8');
$orderby = isset($_GET['orderby']) ? NERDZ\Core\Security::fieldControl($_GET['orderby'], $validFields, 'name') : 'name';
$vals = [];
$query = empty($q) ? "SELECT name, description,counter\n FROM groups\n ORDER BY {$orderby} {$order} LIMIT {$limit}" : ["SELECT name,description, counter\n FROM groups WHERE CAST({$orderby} AS TEXT) ILIKE ?\n ORDER BY {$orderby} {$order} LIMIT {$limit}", ["%{$q}%"]];
$vals['list_a'] = [];
if ($r = Db::query($query, Db::FETCH_STMT)) {
$i = 0;
while ($o = $r->fetch(PDO::FETCH_OBJ)) {
$vals['list_a'][$i]['id_n'] = $o->counter;
$vals['list_a'][$i]['name_n'] = $o->name;
$vals['list_a'][$i]['description_n'] = $o->description;
$vals['list_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name);
++$i;
}
}
\NERDZ\Core\Security::setNextAndPrevURLs($vals, $limit, ['order' => $order, 'query' => $q, 'field' => empty($_GET['orderby']) ? '' : $_GET['orderby'], 'validFields' => $validFields]);
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/projectslist');
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': +'));
}
if (is_numeric(strpos($userData['username'], '&'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': &'));
}
if (is_numeric(strpos($userData['username'], '%'))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': %'));
}
if (filter_var($userData['username'], FILTER_VALIDATE_EMAIL)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('USERNAME_CANT_BE_EMAIL')));
}
if ($userData['username'] !== Messages::stripTags($userData['username'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': BBCode or [ ]'));
}
}
switch (Security::passwordControl($userData['password'])) {
case 'PASSWORD_SHORT':
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_PASS));
case 'PASSWORD_LONG':
if (!$user->isLogged() || $updatedPassword) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_LONG')));
}
}
if (mb_strlen($userData['name'], 'UTF-8') < Config\MIN_LENGTH_NAME) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('NAME_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_NAME));
}
if (mb_strlen($userData['surname'], 'UTF-8') < Config\MIN_LENGTH_SURNAME) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SURNAME_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_SURNAME));
}
if (false === filter_var($userData['email'], FILTER_VALIDATE_EMAIL)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MAIL_NOT_VALID')));
public function getFriends($id, $limit = 0)
{
if ($limit) {
$limit = Security::limitControl($limit, 20);
}
if (!($stmt = Db::query(['select "to" from (
select "to" from followers where "from" = :id) as f
inner join
(select "from" from followers where "to" = :id) as e
on f.to = e.from
inner join users u on u.counter = f.to order by username' . ($limit != 0 ? ' LIMIT ' . $limit : ''), [':id' => $id]], Db::FETCH_STMT))) {
return [];
}
return $stmt->fetchAll(PDO::FETCH_COLUMN);
}
public function getInteractions($id, $limit = 0)
{
if (!$this->user->isLogged()) {
return [];
}
if ($limit) {
$limit = Security::limitControl($limit, 20);
}
$objs = [];
if (!($objs = Db::query(['SELECT "type", extract(epoch from time) as time, pid, post_to
FROM group_interactions(:me, :id) AS
f("type" text, "time" timestamp with time zone, pid int8, post_to int8)
ORDER BY f.time DESC' . ($limit !== 0 ? " LIMIT {$limit}" : ''), [':me' => $_SESSION['id'], ':id' => $id]], Db::FETCH_OBJ, true))) {
return [];
}
$ret = [];
for ($i = 0, $count = count($objs); $i < $count; ++$i) {
$ret[$i]['type_n'] = $objs[$i]->type;
$ret[$i]['datetime_n'] = $this->user->getDateTime($objs[$i]->time);
$ret[$i]['pid_n'] = $objs[$i]->pid;
$ret[$i]['postto_n'] = static::getName($objs[$i]->post_to);
$ret[$i]['link_n'] = Utils::projectLink($ret[$i]['postto_n']) . $objs[$i]->pid;
}
return $ret;
}
$mail->Subject = $user->lang('RESET_YOUR_PASSWORD');
$user->getTPL()->assign($vals);
$mail->MsgHTML($user->getTPL()->draw("langs/{$user->getLanguage()}/reset-mail", true));
$mail->AddAddress($email);
if ($mail->Send()) {
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': ' . $mail->ErrorInfo));
} catch (phpmailerException $e) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': ' . $e->errorMessage() . "\n contact support@nerdz.eu or retry"));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': contact support@nerdz.eu or retry'));
} else {
if ($password !== false && $token !== false && $key !== false) {
//3rd step
switch (Security::passwordControl($password)) {
case 'PASSWORD_SHORT':
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_PASS));
case 'PASSWORD_LONG':
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_LONG')));
}
if (!($obj = Db::query(['SELECT r.*, u.username FROM reset_requests r JOIN users u ON r.to = u.counter WHERE r.counter = :key', [':key' => $key]], Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(2): ' . $user->lang('TRY_LATER')));
}
if ($obj->token !== $token) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Token'));
}
if (Db::NO_ERRNO != Db::query(['DELETE FROM reset_requests WHERE "to" = :to AND counter <= :key', [':to' => $obj->to, ':key' => $key]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(3): ' . $user->lang('TRY_LATER')));
}
if (Db::NO_ERRNO != Db::query(['UPDATE "users" SET "password" = crypt(:pass, gen_salt(\'bf\', 7)) WHERE "counter" = :id', [':pass' => $password, ':id' => $obj->to]], Db::FETCH_ERRNO)) {
