<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\System;
$user = new User();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
$vals = [];
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken('edit');
$longlangs = System::getAvailableLanguages(1);
$vals['langs_a'] = [];
$i = 0;
foreach ($longlangs as $id => $val) {
$vals['langs_a'][$i]['longlang_n'] = $val;
$vals['langs_a'][$i]['shortlang_n'] = $id;
++$i;
}
$vals['mylang_n'] = $user->getLanguage($_SESSION['id']);
$vals['myboardlang_n'] = $user->getBoardLanguage($_SESSION['id']);
$user->getTPL()->assign($vals);
$user->getTPL()->draw('preferences/language');
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Messages;
$messages = new Messages();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR') . ': referer'));
}
$hpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false;
if (!$hpid) {
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR')));
}
$prj = isset($prj);
switch (isset($_GET['action']) ? strtolower(trim($_GET['action'])) : '') {
case 'open':
die(NERDZ\Core\Utils::jsonDbResponse($messages->reOpen($hpid, $prj)));
case 'close':
die(NERDZ\Core\Utils::jsonDbResponse($messages->close($hpid, $prj)));
default:
die(NERDZ\Core\Utils::jsonResponse('error', $messages->lang('ERROR')));
}
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
$validFields = ['name', 'description'];
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC';
$q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8');
$orderby = isset($_GET['orderby']) ? NERDZ\Core\Security::fieldControl($_GET['orderby'], $validFields, 'name') : 'name';
$vals = [];
$query = empty($q) ? "SELECT name, description,counter\n FROM groups\n ORDER BY {$orderby} {$order} LIMIT {$limit}" : ["SELECT name,description, counter\n FROM groups WHERE CAST({$orderby} AS TEXT) ILIKE ?\n ORDER BY {$orderby} {$order} LIMIT {$limit}", ["%{$q}%"]];
$vals['list_a'] = [];
if ($r = Db::query($query, Db::FETCH_STMT)) {
$i = 0;
while ($o = $r->fetch(PDO::FETCH_OBJ)) {
$vals['list_a'][$i]['id_n'] = $o->counter;
$vals['list_a'][$i]['name_n'] = $o->name;
$vals['list_a'][$i]['description_n'] = $o->description;
$vals['list_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name);
++$i;
}
}
\NERDZ\Core\Security::setNextAndPrevURLs($vals, $limit, ['order' => $order, 'query' => $q, 'field' => empty($_GET['orderby']) ? '' : $_GET['orderby'], 'validFields' => $validFields]);
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/projectslist');
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
$id = $_SESSION['id'];
if (!($obj = Db::query(array('SELECT "private" FROM "users" WHERE "counter" = ?', array($id)), Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') {
case 'public':
if ($obj->private == 1) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = FALSE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
}
break;
case 'private':
if (!$obj->private) {
if (Db::NO_ERRNO != Db::query(array('UPDATE "users" SET "private" = TRUE WHERE "counter" = ?', array($id)), Db::FETCH_ERRNO)) {
use NERDZ\Core\Utils;
$validFields = ['username', 'name', 'surname', 'birth_date', 'last', 'counter', 'registration_time'];
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC';
$q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8');
$orderby = isset($_GET['orderby']) ? NERDZ\Core\Security::fieldControl($_GET['orderby'], $validFields, 'username') : 'username';
$user = new User();
$i = 0;
$ret = [];
foreach ($users as $fid) {
$ret[$i] = $user->getBasicInfo($fid);
$ret[$i]['since_n'] = $dateExtractor($fid, $ret[$i]['since_n']);
++$i;
}
usort($ret, 'NERDZ\\Core\\Utils::sortByUsername');
$myvals = [];
$myvals['list_a'] = $ret;
$startFrom = 0;
if (!is_numeric($limit)) {
$matches = [];
preg_match('/\\d+$/', $limit, $matches);
if (isset($matches[0])) {
$startFrom = $matches[0];
}
}
$myvals['displayedusers_n'] = count($ret) + $startFrom;
$myvals['totalusers_n'] = $total;
$myvals['type_n'] = $type;
NERDZ\Core\Security::setNextAndPrevURLs($myvals, $limit, ['order' => $order, 'query' => $q, 'field' => empty($_GET['orderby']) ? '' : $_GET['orderby'], 'validFields' => $validFields]);
$user->getTPL()->assign($myvals);
return $user->getTPL()->draw('base/userslist', true);
<?php
//Variables avaiable in every page present in the root of nerdz (/home.php, /profile.php and so on)
if (!isset($user)) {
die('$user required');
}
// use function to create variable scope and avoid conflicts
$func = function () use($user) {
$commonvars = [];
$commonvars['tok_n'] = NERDZ\Core\Security::getCsrfToken();
$commonvars['myusername_n'] = NERDZ\Core\User::getUsername();
$commonvars['myusername4link_n'] = \NERDZ\Core\Utils::userLink($commonvars['myusername_n']);
$langKey = 'lang' . NERDZ\Core\Config\SITE_HOST;
if (!($commonvars['langs_a'] = NERDZ\Core\Utils::apc_get($langKey))) {
$commonvars['langs_a'] = NERDZ\Core\Utils::apc_set($langKey, function () {
$ret = [];
$i = 0;
$longlangs = NERDZ\Core\System::getAvailableLanguages(1);
foreach ($longlangs as $id => $val) {
$ret[$i]['longlang_n'] = $val;
$ret[$i]['shortlang_n'] = $id;
++$i;
}
return $ret;
}, 3600);
}
$commonvars['mylang_n'] = $user->getLanguage();
$commonvars['flagdir_n'] = NERDZ\Core\System::getResourceDomain() . '/static/images/flags/';
$banners = (new NERDZ\Core\Banners())->getBanners();
$commonvars['banners_a'] = [];
shuffle($banners);
<?php
if (!isset($gid, $user, $project)) {
die('$id & user required');
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$users = $project->getMembers($gid, $limit);
$total = $project->getMembersCount($gid);
$type = 'members';
$dateExtractor = function ($memberId) use($gid, $user) {
$projectId = $gid;
$since = Db::query(['SELECT EXTRACT(EPOCH FROM time) AS time
FROM "groups_members"
WHERE "from" = :fid AND "to" = :id', [':id' => $projectId, ':fid' => $memberId]], Db::FETCH_OBJ);
if (!$since) {
$since = new StdClass();
$since->time = 0;
}
return $user->getDateTime($since->time);
};
return require $_SERVER['DOCUMENT_ROOT'] . '/pages/common/userslist.html.php';
<?php
// require_once $prj, $path variables
if (!isset($prj, $path)) {
die('$prj, $path required');
}
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core;
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
$user = new NERDZ\Core\User();
$messages = new NERDZ\Core\Messages();
$logged = $user->isLogged();
// boards
$id = isset($_POST['id']) && is_numeric($_POST['id']) ? $_POST['id'] : false;
$limit = isset($_POST['limit']) ? NERDZ\Core\Security::limitControl($_POST['limit'], 10) : 10;
$beforeHpid = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : false;
// homepage
if (isset($_POST['onlyfollowed'])) {
$lang = false;
$onlyfollowed = true;
} else {
$lang = isset($_POST['lang']) ? $_POST['lang'] : false;
$onlyfollowed = false;
}
$vote = isset($_POST['vote']) && is_string($_POST['vote']) ? trim($_POST['vote']) : false;
//search
$specific = isset($_GET['specific']);
$action = isset($_GET['action']) && $_GET['action'] === 'profile' ? 'profile' : 'project';
$search = !empty($_POST['q']) ? trim(htmlspecialchars($_POST['q'], ENT_QUOTES, 'UTF-8')) : false;
//rewrite $path if searching not in home
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/vendor/autoload.php';
use MCilloni\Pushed\Pushed;
use MCilloni\Pushed\PushedException;
use NERDZ\Core\User;
use NERDZ\Core\Config;
use NERDZ\Core\Utils;
$user = new User();
try {
if (!$user->isLogged()) {
die(Utils::jsonResponse(['ERROR' => 'Not logged']));
}
if (!isset($_GET['action'])) {
die(Utils::jsonResponse(['ERROR' => 'Action not set']));
}
$thisUser = $user->getId();
if (!NERDZ\Core\Security::floodPushRegControl()) {
die(Utils::jsonResponse(['ERROR' => 'NO SPAM']));
}
$pushed = Pushed::connectIp(Config\PUSHED_PORT, Config\PUSHED_IP6);
$resp = [];
switch ($_GET['action']) {
case 'subscribe':
if (!isset($_POST['service']) || !isset($_POST['deviceId'])) {
die(Utils::jsonResponse(['ERROR' => 'Field not set']));
}
$user->setPush($thisUser, true);
if (!$pushed->exists($thisUser)) {
if ($pushed->addUser($thisUser)[0] !== Pushed::$ACCEPTED) {
die(Utils::jsonResponse(['ERROR' => 'Request rejected']));
}
}