if (isset($create)) {
if (mb_strlen($projectData['name'], 'UTF-8') >= 30) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USERNAME_LONG')));
}
}
if (!isset($_POST['goal'])) {
$_POST['goal'] = '';
}
if (!isset($_POST['website'])) {
$_POST['website'] = '';
}
if (!empty($_POST['website']) && !Utils::isValidURL($_POST['website'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WEBSITE') . ': ' . $user->lang('INVALID_URL')));
}
if (!empty($_POST['photo'])) {
if (!Utils::isValidURL($_POST['photo'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PHOTO') . ': ' . $user->lang('INVALID_URL')));
}
if (!($head = get_headers($_POST['photo'], 1)) || !isset($head['Content-Type'])) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Something wrong with your project image'));
}
if (false === strpos($head['Content-Type'], 'image')) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Your project image, is not a photo or is protected, change it'));
}
} else {
$_POST['photo'] = '';
}
foreach ($projectData as &$value) {
$value = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
}
//htmlspecialchars empty return values FIX
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\Utils;
use NERDZ\Core\User;
$user = new User();
$messages = new Messages();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
$url = empty($_POST['url']) ? false : trim($_POST['url']);
$comment = empty($_POST['comment']) ? false : trim($_POST['comment']);
$to = empty($_POST['to']) ? false : trim($_POST['to']);
if (!$url || !Utils::isValidURL($url)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('INVALID_URL')));
}
if ($to) {
if (!User::getUsername($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
} else {
$to = $_SESSION['id'];
}
if ($_SESSION['id'] != $to) {
if ($user->hasClosedProfile($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('CLOSED_PROFILE_DESCR')));
}
}
$share = function ($to, $url, $message = NULL) use($user, $messages) {
public function bbcode($str, $truncate = null, $type = NULL, $pid = NULL, $id = NULL)
{
//evitare il parsing del bbcode nel tag code
$codes = $this->getCodes($str);
$index = 0;
foreach ($codes as $code) {
$totalcode = $code['code'];
$lang = $code['lang'];
$str = str_ireplace("[code={$lang}]{$totalcode}[/code]", ">>>{$index}<<<", $str);
++$index;
}
$domain = System::getResourceDomain();
$str = static::hashtag($str);
$str = str_replace("\n", '<br />', $str);
$validURL = function ($m) {
$m[1] = trim($m[1]);
if (!Utils::isValidURL($m[1])) {
$m[1] = 'http://' . $m[1];
if (!Utils::isValidURL($m[1])) {
return '<b>' . $this->user->lang('INVALID_URL') . '</b>';
}
}
$url = preg_match('#^(?:https?|ftp):\\/\\/#i', $m[1]) ? $m[1] : 'http://' . $m[1];
return isset($m[2]) ? '<a href="' . Messages::stripTags($url) . '" onclick="window.open(this.href); return false">' . $m[2] . '</a>' : '<a href="' . Messages::stripTags($url) . '" onclick="window.open(this.href); return false">' . $m[1] . '</a>';
};
$str = preg_replace_callback('#\\[url="(.+?)"\\](.+?)\\[/url\\]#i', function ($m) use($validURL) {
return $validURL($m);
}, $str);
$str = preg_replace_callback('#\\[url=(.+?)\\](.+?)\\[/url\\]#i', function ($m) use($validURL) {
return $validURL($m);
}, $str);
$str = preg_replace_callback('#\\[url\\](.+?)\\[/url\\]#i', function ($m) use($validURL) {
return $validURL($m);
}, $str);
$str = preg_replace('#\\[i\\](.+?)\\[/i\\]#i', '<span style="font-style:italic">$1</span>', $str);
$str = preg_replace('#\\[cur\\](.+?)\\[/cur\\]#i', '<span style="font-style:italic">$1</span>', $str);
$str = preg_replace('#\\[gist\\]([0-9a-z]+)\\[/gist\\]#i', '<div class="gistLoad" data-id="$1" id="gist-$1">' . $this->user->lang('LOADING') . '...</div>', $str);
$str = preg_replace('#\\[b\\](.+?)\\[/b\\]#i', '<span style="font-weight:bold">$1</span>', $str);
$str = preg_replace('#\\[del\\](.+?)\\[/del\\]#i', '<del>$1</del>', $str);
$str = preg_replace('#\\[u\\](.+?)\\[/u\\]#i', '<u>$1</u>', $str);
$str = preg_replace('#\\[hr\\]#i', '<hr style="clear:both" />', $str);
$str = preg_replace('#\\[small\\](.+?)\\[/small\\]#i', '<span style="font-size:7pt">$1</span>', $str);
$str = preg_replace('#\\[big\\](.+?)\\[/big\\]#i', '<span style="font-size:14pt">$1</span>', $str);
$str = preg_replace('#\\[wat\\]#i', '<span style="font-size:22pt">WAT</span>', $str);
$str = preg_replace_callback('#\\[user\\](.+?)\\[/user\\]#i', function ($m) {
return '<a href="/' . Utils::userLink($m[1]) . "\">{$m[1]}</a>";
}, $str);
$str = preg_replace_callback('#\\[project\\](.+?)\\[/project\\]#i', function ($m) {
return '<a href="/' . Utils::projectLink($m[1]) . "\">{$m[1]}</a>";
}, $str);
$str = preg_replace_callback('#\\[wiki=([a-z]{2})\\](.+?)\\[/wiki\\]#i', function ($m) {
return '<a href="http://' . $m[1] . '.wikipedia.org/wiki/' . urlencode(str_replace(' ', '_', html_entity_decode($m[2], ENT_QUOTES, 'UTF-8'))) . "\" onclick=\"window.open(this.href); return false\">{$m[2]} @Wikipedia - {$m[1]}</a>";
}, $str);
$str = preg_replace_callback("#(\\[math\\]|\\[m\\])(.+?)(\\[/math\\]|\\[/m\\])#i", function ($m) {
return $m[1] . strip_tags($m[2]) . $m[3];
}, $str);
$str = preg_replace_callback('#\\[list\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[1]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ul>';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ul>';
return $ret;
}, $str, 20);
//ok
$str = preg_replace_callback('#\\[list[\\s]+type="(1|a|i)"\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[2]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ol type="' . $m[1] . '">';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ol>';
return $ret;
}, $str, 10);
//ok
$str = preg_replace_callback('#\\[list[\\s]+start="(\\-?\\d+)"\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[2]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ol start="' . $m[1] . '">';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ol>';
return $ret;
}, $str, 10);
//ok
$str = preg_replace_callback('#\\[list[\\s]+start="(\\-?\\d+)"[\\s]+type="(1|a|i)"\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[3]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ol start="' . $m[1] . '" type="' . $m[2] . '">';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ol>';
return $ret;
}, $str, 10);
//ok
$str = preg_replace_callback('#\\[list[\\s]+type="(1|a|i)"[\\s]+start="(\\-?\\d+)"\\](.+?)\\[\\/list\\]#i', function ($m) {
$arr = array_filter(explode('[*]', trim(trim($m[3]), '<br />')));
if (empty($arr)) {
return $m[0];
}
$ret = '<ol start="' . $m[2] . '" type="' . $m[1] . '">';
foreach ($arr as $v) {
$ret .= '<li>' . trim($v) . '</li>';
}
$ret .= '</ol>';
return $ret;
}, $str, 10);
// Quote in comments, new version
while (preg_match('#\\[commentquote=(.+?)\\](.+?)\\[/commentquote\\]#i', $str)) {
$str = preg_replace_callback('#\\[commentquote=(.+?)\\](.+?)\\[/commentquote\\]#i', function ($m) {
return '<div class="qu_main"><div class="qu_user">' . $m[1] . '</div>' . $m[2] . '</div>';
}, $str, 1);
}
while (preg_match('#\\[quote=(.+?)\\](.+?)\\[/quote\\]#i', $str)) {
$str = preg_replace_callback('#\\[quote=(.+?)\\](.+?)\\[/quote\\]#i', function ($m) use($domain) {
return '<div class="quote">
<div style="font-weight: bold">' . $m[1] . ':</div>
<span style="float: left; margin-top: 5px">
<img src="' . $domain . '/static/images/oquotes.gif" alt="quote" width="20" height="11" />
</span>
<div style="font-style:italic">
<blockquote style="margin-left: 3%">' . trim($m[2]) . '</blockquote>
</div>
<span style="float: right">
<img src="' . $domain . '/static/images/cquotes.gif" alt="cquote" width="20" height="11" />
</span>
</div>';
}, $str, 1);
}
while (preg_match('#\\[quote\\](.+?)\\[/quote\\]#i', $str)) {
$str = preg_replace_callback('#\\[quote\\](.+?)\\[/quote\\]#i', function ($m) use($domain) {
return '<div class="quote">
<span style="float: left; margin-top: 5px">
<img src="' . $domain . '/static/images/oquotes.gif" alt="quote" width="20" height="11" />
</span>
<div style="font-style:italic">
<blockquote style="margin-left: 3%">' . trim($m[1]) . '</blockquote>
</div>
<span style="float: right">
<img src="' . $domain . '/static/images/cquotes.gif" alt="cquote" width="20" height="11" />
</span>
</div>';
}, $str, 1);
}
while (preg_match('#\\[spoiler\\](.+?)\\[/spoiler\\]#i', $str)) {
$str = preg_replace('#\\[spoiler\\](.+?)\\[/spoiler]#i', '<div class="spoiler" onclick="var c = $(this).children(\'div\'); c.toggle(\'fast\'); c.on(\'click\',function(e) {e.stopPropagation();});">
<span style="font-weight: bold; cursor:pointer">SPOILER:</span>
<div style="display:none"><hr /></div>
<div style="display:none; margin-left:3%;overflow:hidden">$1</div>
</div>', $str, 1);
}
while (preg_match('#\\[spoiler=(.+?)\\](.+?)\\[/spoiler\\]#i', $str)) {
$str = preg_replace('#\\[spoiler=(.+?)\\](.+?)\\[/spoiler]#i', '<div class="spoiler" onclick="var c = $(this).children(\'div\'); c.toggle(\'fast\'); c.on(\'click\',function(e) {e.stopPropagation();});">
<span style="font-weight: bold; cursor:pointer">$1:</span>
<div style="display:none"><hr /></div>
<div style="display:none; margin-left:3%;overflow:hidden">$2</div>
</div>', $str, 1);
}
$str = preg_replace_callback('#\\[music\\]\\s*(.+?)\\s*\\[/music\\]#i', function ($m) use($truncate) {
$uri = strip_tags(html_entity_decode($m[1], ENT_QUOTES, 'UTF-8'));
if (stripos($uri, 'spotify') !== false) {
if (preg_match('#^(?:spotify:track:[\\d\\w]+)|(?:spotify:user:[\\w\\d]+:playlist:[\\w\\d]+)$#i', $uri)) {
$ID = $uri;
} else {
if (preg_match('#^https?://(?:open|play)\\.spotify\\.com/track/[\\w\\d]+$#i', $uri)) {
$ID = 'spotify:track:' . basename($uri);
} else {
if (preg_match('#^https?://(?:open|play)\\.spotify\\.com/user/([\\w\\d]+)/playlist/[\\w\\d]+#i', $uri, $matches)) {
$ID = "spotify:user:{$matches[1]}:playlist:" . basename($uri);
} else {
return $m[0];
}
}
}
return '<iframe src="https://embed.spotify.com/?uri=' . $ID . '" width="300" height="80" frameborder="0" allowtransparency="true"></iframe>';
} else {
if (preg_match('#^https?://soundcloud\\.com/\\S+/\\S+$#i', $uri)) {
return '<iframe width="100%" height="166" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=' . rawurlencode($uri) . '"></iframe>';
} else {
if (preg_match('#^https?://(?:www\\.)?deezer\\.com/(track|album|playlist)/(\\d+)$#', $uri, $match)) {
$a_type = $match[1] . ($match[1] == 'track' ? 's' : '');
$a_height = $truncate ? '80' : '240';
return "<iframe src='//www.deezer.com/plugins/player?height={$a_height}&type={$a_type}&id={$match[2]}' width='100%' height='{$a_height}' scrolling='no' frameborder='no'></iframe>";
} else {
if (filter_var($uri, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED)) {
return '<audio preload="none" controls src="' . htmlspecialchars($uri, ENT_QUOTES, 'UTF-8') . '"></audio>';
} else {
return $m[0];
}
}
}
}
}, $str, 10);
$str = preg_replace_callback('#\\[twitter\\]\\s*(.+?)\\s*\\[/twitter\\]#i', function ($m) use($truncate) {
// The reason for the 'data-uuid' attribute is in the jclass.js file, in the loadTweet function.
// with a fixed height (220px - when truncate is true - js trimmer can handle post size
if (!(is_numeric($m[1]) || Utils::isValidURL($m[1]))) {
return $m[0];
}
return '<img data-id="' . htmlspecialchars($m[1], ENT_QUOTES, 'UTF-8') . '" data-uuid="' . mt_rand() . '" src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" onload="N.loadTweet(this)"' . ($truncate ? ' height="220"' : '') . '>';
}, $str, 10);
if ($truncate) {
$videoCallback = function ($m) {
$v_url = html_entity_decode($m[1], ENT_QUOTES, 'UTF-8');
$output = [];
if (preg_match(static::YOUTUBE_REGEXP, $v_url, $match)) {
$output = ['youtube', $match[1], '//i1.ytimg.com/vi/' . $match[1] . '/hqdefault.jpg', 130];
} else {
if (preg_match(static::VIMEO_REGEXP, $v_url, $match)) {
$output = ['vimeo', $match[1], 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==', 130, 'N.vimeoThumbnail(this)'];
} else {
if (preg_match(static::DMOTION_REGEXP, $v_url, $match)) {
$output = ['dailymotion', $match[1], 'https://www.dailymotion.com/thumbnail/video/' . $match[1], 100];
} else {
if (preg_match(static::FACEBOOK_REGEXP, $v_url, $match)) {
$output = ['facebook', $match[1], 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==', 100, 'N.facebookThumbnail(this)'];
} else {
if (preg_match(static::NERDZCRUSH_REGEXP, $v_url, $match)) {
$output = ['nerdzcrush', $match[1], 'https://media.nerdz.eu/' . $match[1] . '.jpg', 130];
} else {
return $m[0];
}
}
}
}
}
return '<a class="yt_frame" data-vid="' . $output[1] . '" data-host="' . $output[0] . '">' . '<span>' . $this->user->lang('VIDEO') . '</span>' . '<img src="' . $output[2] . '" alt="" width="130" height="' . $output[3] . '" style="float:left;margin-right:4px"' . (isset($output[4]) ? 'onload="' . $output[4] . '"' : '') . ' />' . '</a>';
};
$str = preg_replace_callback('#\\[video\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/video\\]#i', $videoCallback, $str, 10);
// don't break older posts and preserve the [yt] and [youtube] tags.
$str = preg_replace_callback('#\\[yt\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/yt\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[youtube\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/youtube\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[img\\](.+?)\\[/img\\]#i', function ($m) {
$url = Utils::getValidImageURL($m[1]);
return '<a href="' . $url . '" target="_blank" class="img_frame" onclick="$(this).toggleClass(\'img_frame-extended\'); return false;">
<span>
' . $this->user->lang('IMAGES') . '
</span>
<img src="' . $url . '" alt="" onload="N.imgLoad(this)" onerror="N.imgErr(this)" />
</a>';
}, $str, 10);
} else {
$videoCallback = function ($m) {
$v_url = html_entity_decode($m[1], ENT_QUOTES, 'UTF-8');
$iframe_code = '';
if (preg_match(static::YOUTUBE_REGEXP, $v_url, $match)) {
$iframe_code = '<iframe title="YouTube video" style="width:560px; height:340px; border:0px; margin: auto;" src="//www.youtube.com/embed/' . $match[1] . '?wmode=opaque"></iframe>';
} else {
if (preg_match(static::VIMEO_REGEXP, $v_url, $match)) {
$iframe_code = '<iframe src="//player.vimeo.com/video/' . $match[1] . '?badge=0&color=ffffff" width="500" height="281" style="margin: auto" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>';
} else {
if (preg_match(static::DMOTION_REGEXP, $v_url, $match)) {
$iframe_code = '<iframe frameborder="0" style="margin: auto" width="480" height="270" src="//www.dailymotion.com/embed/video/' . $match[1] . '" allowfullscreen></iframe>';
} else {
if (preg_match(static::FACEBOOK_REGEXP, $v_url, $match)) {
$iframe_code = '<iframe style="margin: auto" src="https://www.facebook.com/video/embed?video_id=' . $match[1] . '" frameborder="0"></iframe>';
} else {
if (preg_match(static::NERDZCRUSH_REGEXP, $v_url, $match)) {
$iframe_code = '<div class="nerdzcrush" data-media="' . $match[1] . '#noautoplay,noloop"></div>';
} else {
return $m[0];
}
}
}
}
}
return '<div style="width:100%; text-align:center"><br />' . $iframe_code . '</div>';
};
$str = preg_replace_callback('#\\[video\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/video\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[yt\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/yt\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[youtube\\]\\s*(https?:\\/\\/[\\S]+)\\s*\\[\\/youtube\\]#i', $videoCallback, $str, 10);
$str = preg_replace_callback('#\\[img\\](.+?)\\[/img\\]#i', function ($m) {
return '<img src="' . Utils::getValidImageURL($m[1]) . '" alt="" style="max-width: 79%; max-height: 89%" onerror="N.imgErr(this)" />';
}, $str);
}
while ($index > 0) {
--$index;
$lang = $codes[$index]['lang'];
$totalcode = $codes[$index]['code'];
$tag = $codes[$index]['tag'];
$str = str_ireplace(">>>{$index}<<<", "[{$tag}={$lang}]{$totalcode}[/{$tag}]", $str);
}
return $this->parseCode($codes, $str, $type, $pid, $id);
}
$userData['facebook'] = isset($_POST['facebook']) ? trim($_POST['facebook']) : '';
$userData['twitter'] = isset($_POST['twitter']) ? trim($_POST['twitter']) : '';
$userData['steam'] = isset($_POST['steam']) ? trim($_POST['steam']) : '';
$userData['skype'] = isset($_POST['skype']) ? trim($_POST['skype']) : '';
$userData['github'] = isset($_POST['github']) ? trim($_POST['github']) : '';
$userData['userscript'] = isset($_POST['userscript']) ? strip_tags(trim($_POST['userscript'])) : '';
$userData['dateformat'] = isset($_POST['dateformat']) ? trim($_POST['dateformat']) : '';
foreach ($userData as $key => $val) {
$userData[$key] = trim(htmlspecialchars($val, ENT_QUOTES, 'UTF-8'));
}
$closed = isset($_POST['closed']);
$flag = true;
if (!empty($userData['website']) && !Utils::isValidURL($userData['website'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WEBSITE') . ': ' . $user->lang('INVALID_URL')));
}
if (!empty($userData['userscript']) && !Utils::isValidURL($userData['userscript'])) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Userscript: ' . $user->lang('INVALID_URL')));
}
if (!empty($userData['github']) && !preg_match('#^https?://(www\\.)?github\\.com/[a-z0-9]+$#i', $userData['github'])) {
die(NERDZ\Core\Utils::jsonResponse('error', 'GitHub: ' . $user->lang('INVALID_URL')));
}
if (false == ($obj = $user->getObject($_SESSION['id']))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
if (!empty($userData['jabber']) && false == filter_var($userData['jabber'], FILTER_VALIDATE_EMAIL)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('JABBER') . ': ' . $user->lang('MAIL_NOT_VALID')));
}
if (empty($userData['dateformat'])) {
$userData['dateformat'] = 'd/m/Y, H:i';
}
if (!empty($userData['facebook']) && (!preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/people/[^/]+/([a-z0-9_\\-]+)#i', $userData['facebook']) && !preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/profile\\.php\\?id\\=([0-9]+)#i', $userData['facebook']) && !preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/([a-z0-9_\\-\\.]+)#i', $userData['facebook']))) {
