function sortbyonlinestatus($a, $b)
{
if ($a['online_b'] && $b['online_b'] || !$a['online_b'] && !$b['online_b']) {
return \NERDZ\Core\Utils::sortByUsername($a, $b);
}
return $b['online_b'] ? 1 : -1;
}
private function __construct()
{
$this->dbh = new PDO('pgsql:host=' . Config\POSTGRESQL_HOST . ';dbname=' . Config\POSTGRESQL_DATA_NAME . ';port=' . Config\POSTGRESQL_PORT, Config\POSTGRESQL_USER, Config\POSTGRESQL_PASS);
$this->dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$this->dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Fetch the IDs for special profiles/projects
$cache = Config\SITE_HOST . 'special-ids';
if (!($specialIds = Utils::apc_get($cache))) {
$me = $this;
$specialIds = Utils::apc_set($cache, function () use($me) {
try {
$stmt = $this->dbh->query('SELECT * FROM special_users');
$userIds = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
$stmt = $this->dbh->query('SELECT * FROM special_groups');
$projectsIds = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
return ['USER' => $userIds, 'PROJECT' => $projectsIds];
} catch (PDOException $e) {
static::dumpException($e);
die($e->getTraceAsString());
}
}, 86400);
}
Config::add('USERS_NEWS', $specialIds['USER']['GLOBAL_NEWS']);
Config::add('DELETED_USERS', $specialIds['USER']['DELETED']);
Config::add('ISSUE_BOARD', $specialIds['PROJECT']['ISSUE']);
Config::add('PROJECTS_NEWS', $specialIds['PROJECT']['GLOBAL_NEWS']);
}
public function read($fromid, $toid, $time, $pmid)
{
$ret = [];
if (!is_numeric($fromid) || !is_numeric($toid) || !is_numeric($pmid) || !in_array($_SESSION['id'], array($fromid, $toid)) || !($res = Db::query(array('SELECT "message","to_read" FROM "pms" WHERE "from" = :from AND "to" = :to AND "pmid" = :pmid', array(':from' => $fromid, ':to' => $toid, ':pmid' => $pmid)), Db::FETCH_STMT))) {
return false;
}
if ($o = $res->fetch(PDO::FETCH_OBJ)) {
$from = User::getUsername($fromid);
$ret['from4link_n'] = \NERDZ\Core\Utils::userLink($from);
$ret['from_n'] = $from;
$ret['datetime_n'] = $this->user->getDateTime($time);
$ret['fromid_n'] = $fromid;
$ret['toid_n'] = $toid;
$ret['message_n'] = parent::bbcode($o->message);
$ret['read_b'] = $o->to_read;
$ret['pmid_n'] = $pmid;
$ret['timestamp_n'] = $time;
}
return $ret;
}
public function getPost($dbPost, $options = [])
{
extract($options);
$project = !empty($project);
$truncate = !empty($truncate);
if (is_object($dbPost)) {
$dbPost = (array) $dbPost;
} else {
if (is_numeric($dbPost)) {
$table = ($project ? 'groups_' : '') . 'posts';
if (!($o = Db::query(['SELECT p.*, EXTRACT(EPOCH FROM p."time") AS time FROM "' . $table . '" p WHERE p."hpid" = :hpid', [':hpid' => $dbPost]], Db::FETCH_OBJ))) {
return new \StdClass();
}
$dbPost = (array) $o;
}
}
$logged = $this->user->isLogged();
if (!($from = User::getUsername($dbPost['from']))) {
$from = '';
}
$toFunc = $project ? [__NAMESPACE__ . '\\Project', 'getName'] : [__NAMESPACE__ . '\\User', 'getUsername'];
$toFuncLink = [__NAMESPACE__ . '\\Utils', ($project ? 'project' : 'user') . 'Link'];
if (!($to = $toFunc($dbPost['to']))) {
$to = '';
}
$ret = [];
$ret['thumbs_n'] = $this->getThumbs($dbPost['hpid'], $project);
$ret['revisions_n'] = $this->getRevisionsNumber($dbPost['hpid'], $project);
$ret['uthumb_n'] = $this->getUserThumb($dbPost['hpid'], $project);
$ret['pid_n'] = $dbPost['pid'];
$ret['news_b'] = $dbPost['news'];
$ret['language_n'] = $dbPost['lang'];
$ret['from4link_n'] = Utils::userLink($from);
$ret['to4link_n'] = $toFuncLink($to);
$ret['fromid_n'] = $dbPost['from'];
$ret['toid_n'] = $dbPost['to'];
$ret['from_n'] = $from;
$ret['to_n'] = $to;
$ret['datetime_n'] = $this->user->getDateTime($dbPost['time']);
$ret['timestamp_n'] = $dbPost['time'];
$ret['canclosepost_b'] = $this->canClose($dbPost, $project);
$ret['closed_b'] = $dbPost['closed'];
$ret['canremovepost_b'] = $this->canRemove($dbPost, $project);
$ret['caneditpost_b'] = $this->canEdit($dbPost, $project);
$ret['canshowlock_b'] = $this->canShowLock($dbPost, $project);
$ret['lock_b'] = $this->user->hasLocked($dbPost, $project);
$ret['canshowlurk_b'] = $logged ? !$ret['canshowlock_b'] : false;
$ret['lurk_b'] = $this->user->hasLurked($dbPost, $project);
$ret['canshowbookmark_b'] = $logged;
$ret['bookmark_b'] = $this->user->hasBookmarked($dbPost, $project);
$ret['message_n'] = $this->bbcode($dbPost['message'], $truncate, $project ? 'g' : 'u', $ret['pid_n'], $ret['toid_n']);
if (!$project && $dbPost['to'] == Config\USERS_NEWS) {
$ret['message_n'] = $this->parseNews($ret['message_n']);
}
$ret['postcomments_n'] = $this->countComments($dbPost['hpid'], $project);
$ret['hpid_n'] = $dbPost['hpid'];
return $ret;
}
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Trend;
use NERDZ\Core\Utils;
use NERDZ\Core\Config;
if (!isset($user)) {
die('$user required');
}
$func = function () use($user) {
$vals = [];
$cache = 'trends' . Config\SITE_HOST;
if (!($trends = Utils::apc_get($cache))) {
$trends = Utils::apc_set($cache, function () {
$trend = new Trend();
$ret = [];
$ret['popular'] = $trend->getPopular();
$ret['newest'] = $trend->getNewest();
return $ret;
}, 300);
}
$vals['popular_a'] = $trends['popular'];
$vals['newest_a'] = $trends['newest'];
$user->getTPL()->assign($vals);
};
$func();
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
$validFields = ['name', 'description'];
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC';
$q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8');
$orderby = isset($_GET['orderby']) ? NERDZ\Core\Security::fieldControl($_GET['orderby'], $validFields, 'name') : 'name';
$vals = [];
$query = empty($q) ? "SELECT name, description,counter\n FROM groups\n ORDER BY {$orderby} {$order} LIMIT {$limit}" : ["SELECT name,description, counter\n FROM groups WHERE CAST({$orderby} AS TEXT) ILIKE ?\n ORDER BY {$orderby} {$order} LIMIT {$limit}", ["%{$q}%"]];
$vals['list_a'] = [];
if ($r = Db::query($query, Db::FETCH_STMT)) {
$i = 0;
while ($o = $r->fetch(PDO::FETCH_OBJ)) {
$vals['list_a'][$i]['id_n'] = $o->counter;
$vals['list_a'][$i]['name_n'] = $o->name;
$vals['list_a'][$i]['description_n'] = $o->description;
$vals['list_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name);
++$i;
}
}
\NERDZ\Core\Security::setNextAndPrevURLs($vals, $limit, ['order' => $order, 'query' => $q, 'field' => empty($_GET['orderby']) ? '' : $_GET['orderby'], 'validFields' => $validFields]);
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/projectslist');
<?php
//Variables avaiable in every page present in the root of nerdz (/home.php, /profile.php and so on)
if (!isset($user)) {
die('$user required');
}
// use function to create variable scope and avoid conflicts
$func = function () use($user) {
$commonvars = [];
$commonvars['tok_n'] = NERDZ\Core\Security::getCsrfToken();
$commonvars['myusername_n'] = NERDZ\Core\User::getUsername();
$commonvars['myusername4link_n'] = \NERDZ\Core\Utils::userLink($commonvars['myusername_n']);
$langKey = 'lang' . NERDZ\Core\Config\SITE_HOST;
if (!($commonvars['langs_a'] = NERDZ\Core\Utils::apc_get($langKey))) {
$commonvars['langs_a'] = NERDZ\Core\Utils::apc_set($langKey, function () {
$ret = [];
$i = 0;
$longlangs = NERDZ\Core\System::getAvailableLanguages(1);
foreach ($longlangs as $id => $val) {
$ret[$i]['longlang_n'] = $val;
$ret[$i]['shortlang_n'] = $id;
++$i;
}
return $ret;
}, 3600);
}
$commonvars['mylang_n'] = $user->getLanguage();
$commonvars['flagdir_n'] = NERDZ\Core\System::getResourceDomain() . '/static/images/flags/';
$banners = (new NERDZ\Core\Banners())->getBanners();
$commonvars['banners_a'] = [];
shuffle($banners);
public static function getVersion()
{
$cache = 'NERDZVersion' . Config\SITE_HOST;
if ($version = Utils::apc_get($cache)) {
return $version;
}
return Utils::apc_set($cache, function () {
if (!is_dir($_SERVER['DOCUMENT_ROOT'] . '/.git') || !file_exists($_SERVER['DOCUMENT_ROOT'] . '/.git/refs/heads/master')) {
return 'null';
}
$revision = substr(file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/.git/refs/heads/master'), 0, 7);
if (strlen($revision) != 7) {
return 'null';
}
return $revision;
}, 5400);
}
<?php
if (!isset($id)) {
die('$id required');
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Project;
use NERDZ\Core\User;
use NERDZ\Core\Db;
use NERDZ\Core\Utils;
$user = new User();
$prj = isset($prj);
$entity = $prj ? new Project() : new User();
$limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20;
$order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC';
$myvals = [];
$myvals['me_n'] = $_SESSION['id'];
$myvals['list_a'] = $entity->getInteractions($id, $limit);
if ($prj) {
$myvals['to_n'] = Project::getName($id);
$myvals['to4link_n'] = Utils::projectLink($myvals['to_n']);
} else {
$myvals['to_n'] = $myvals['to4link_n'] = '';
}
$validFields = ['time'];
NERDZ\Core\Security::setNextAndPrevURLs($myvals, $limit, ['order' => $order, 'field' => empty($_GET['orderby']) ? '' : $_GET['orderby'], 'validFields' => $validFields]);
$user->getTPL()->assign($myvals);
return $user->getTPL()->draw(($prj ? 'project' : 'profile') . '/interactions', true);
jax: ["input/TeX", "output/HTML-CSS"],
tex2jax: {
inlineMath: [ ['[m]','[/m]'] ],
displayMath: [ ['[math]','[/math]'] ],
processEscapes: false
},
"HTML-CSS": { availableFonts: ["TeX"], linebreaks: { automatic: true, width: "container" } }
});
</script>
<script src="//cdn.mathjax.org/mathjax/latest/MathJax.js" async></script>
<script>
<?php
$trackingCacheKey = 'tracking_js' . NERDZ\Core\Config\SITE_HOST;
if (!($tracking = Utils::apc_get($trackingCacheKey))) {
$tracking = Utils::apc_set($trackingCacheKey, function () {
$trjs = $_SERVER['DOCUMENT_ROOT'] . '/data/tracking.js';
return is_readable($trjs) ? file_get_contents($trjs) : '';
}, 3600);
}
echo $tracking;
/* BEGIN SSL_VARIABLES (used by the JS API) */
?>
var Nssl = {
login: <?php
echo Config\LOGIN_SSL_ONLY ? 'true' : 'false';
?>
,
domain: "<?php
echo Config\HTTPS_DOMAIN;
?>
"
};
usort($vals['members_a'], 'NERDZ\\Core\\Utils::sortByUsername');
$fol = $project->getFollowers($info->counter);
$vals['users_n'] = count($fol);
$vals['users_a'] = [];
$i = 0;
foreach ($fol as $uid) {
if (!($uname = User::getUsername($uid))) {
continue;
}
$vals['users_a'][$i]['username_n'] = $uname;
$vals['users_a'][$i]['username4link_n'] = \NERDZ\Core\Utils::userLink($uname);
++$i;
}
usort($vals['users_a'], 'NERDZ\\Core\\Utils::sortByUsername');
$vals['owner_n'] = User::getUsername($project->getOwner());
$vals['owner4link_n'] = \NERDZ\Core\Utils::userLink($vals['owner_n']);
$vals['description_n'] = $messages->bbcode($info->description);
$vals['goal_n'] = $messages->bbcode($info->goal);
$vals['website_n'] = $vals['website4link_n'] = empty($info->website) ? 'http://' . Config\SITE_HOST . '/' : $info->website;
$vals['openproject_b'] = $project->isOpen($info->counter);
$vals['canifollow_b'] = $vals['logged_b'] && !in_array($_SESSION['id'], array_merge($mem, $fol));
$vals['canshowmenu_b'] = $vals['logged_b'] && $_SESSION['id'] != $project->getOwner();
if (!$vals['singlepost_b'] && !$vals['followers_b'] && !$vals['interactions_b'] && !$vals['members_b']) {
$vals['canwrite_b'] = $vals['logged_b'] && ($project->isOpen($gid) || in_array($_SESSION['id'], $mem) || $_SESSION['id'] == $project->getOwner());
$vals['canwriteissue_b'] = $vals['logged_b'] && $info->counter == Config\ISSUE_BOARD;
$vals['canwritenews_b'] = !$vals['canwriteissue_b'] && $vals['logged_b'] && (in_array($_SESSION['id'], $mem) || $_SESSION['id'] == $project->getOwner());
} else {
// don't show textarea when in a singlepost
$vals['canwritenews_b'] = $vals['canwrite_b'] = $vals['canwriteissue_b'] = false;
}
// single post handling
use NERDZ\Core\Trend;
use NERDZ\Core\Utils;
use NERDZ\Core\Config;
use NERDZ\Core\User;
use NERDZ\Core\Project;
$vals = [];
$vals['querystring_n'] = $q;
$vals['type_n'] = !preg_match('/^#[a-z][a-z0-9]{0,33}$/i', $q) && isset($_GET['type']) ? $_GET['type'] == 'profile' ? 'profile' : 'project' : 'tag';
if ($vals['type_n'] == 'tag') {
$vals['where_n'] = 'home';
$vals['toid_n'] = $vals['to_n'] = $vals['to4link_n'] = '';
} else {
$prj = $vals['type_n'] == 'project';
$vals['where_n'] = isset($_GET['location']) ? $_GET['location'] == 'home' ? 'home' : ($_GET['location'] == 'profile' ? 'profile' : 'project') : 'home';
$vals['toid_n'] = isset($_GET['id']) && is_numeric($_GET['id']) ? intval($_GET['id']) : false;
if ($vals['toid_n']) {
if ($prj) {
$vals['to_n'] = Project::getName($vals['toid_n']);
$vals['to4link_n'] = Utils::projectLink($vals['to_n']);
} else {
$vals['to_n'] = User::getUsername($vals['toid_n']);
$vals['to4link_n'] = Utils::userLink($vals['to_n']);
}
} else {
$vals['toid_n'] = $vals['to_n'] = $vals['to4link_n'] = '';
}
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/trends.html.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->assign($vals);
$user->getTPL()->draw('search/layout');
ORDER BY cc DESC LIMIT 100', Db::FETCH_STMT);
$rank = [];
while ($o = $res->fetch(PDO::FETCH_OBJ)) {
$gc = Db::query(['SELECT COUNT("hcid") AS cc FROM "groups_comments" WHERE "from" = :from ' . (!$mo ? $un_ti : ''), [':from' => $o->from]], Db::FETCH_OBJ);
$us = User::getUsername($o->from);
$n = $o->cc + $gc->cc;
$rank[$us] = $n;
$stupid = Stuff::stupid($n);
$ss[$us] = $stupid['now'];
}
asort($rank);
$rank = array_reverse($rank, true);
$i = 0;
$ret = [];
foreach ($rank as $username => $val) {
$ret[$i]['position_n'] = $i + 1;
$ret[$i]['username4link_n'] = Utils::userLink($username);
$ret[$i]['username_n'] = $username;
$ret[$i]['comments_n'] = $val;
$ret[$i]['stupidstuff_n'] = $ss[$username];
++$i;
}
return $ret;
}, 3600);
}
$vals['list_a'] = $ret;
$vals['monthly_b'] = !$mo;
$vals['lastupdate_n'] = $user->getDateTime(Utils::apc_getLastModified($path));
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php';
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/rank');
public function story()
{
if (!($ret = Utils::apc_get($this->cachekey))) {
return Utils::apc_set($this->cachekey, function () {
if (!($o = Db::query(['SELECT "notify_story" FROM "users" WHERE "counter" = :id', [':id' => $_SESSION['id']]], Db::FETCH_OBJ))) {
return [];
}
return json_decode($o->notify_story, true);
}, 300);
}
return $ret;
}
if (!$pushed->exists($thisUser)) {
if ($pushed->addUser($thisUser)[0] !== Pushed::$ACCEPTED) {
die(Utils::jsonResponse(['ERROR' => 'Request rejected']));
}
}
if ($pushed->subscribe($thisUser, $_POST['service'], $_POST['deviceId'])[0] !== Pushed::$ACCEPTED) {
die(Utils::jsonResponse(['ERROR' => 'Request rejected']));
}
$resp = ['ACCEPTED' => 'Ok'];
break;
case 'unsubscribe':
if (!isset($_POST['service']) || !isset($_POST['deviceId'])) {
die(Utils::jsonResponse(['ERROR' => 'Field not set']));
}
$user->setPush($thisUser, true);
if (!$pushed->exists($thisUser)) {
die(Utils::jsonResponse(['ERROR' => 'No push for this user']));
}
if ($pushed->unsubscribe($thisUser, $_POST['service'], $_POST['deviceId'])[0] !== Pushed::$ACCEPTED) {
die(Utils::jsonResponse(['ERROR' => 'Request rejected']));
}
$resp = ['ACCEPTED' => 'Ok'];
break;
default:
die(Utils::jsonResponse(['ERROR' => "Unknown request: '" . addslashes($_GET['action']) . "'"]));
}
} catch (PushedException $e) {
$resp = ['ERROR' => 'Internal Server Error'];
}
die(Utils::jsonResponse($resp));
if (isset($create)) {
if (mb_strlen($projectData['name'], 'UTF-8') >= 30) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USERNAME_LONG')));
}
}
if (!isset($_POST['goal'])) {
$_POST['goal'] = '';
}
if (!isset($_POST['website'])) {
$_POST['website'] = '';
}
if (!empty($_POST['website']) && !Utils::isValidURL($_POST['website'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WEBSITE') . ': ' . $user->lang('INVALID_URL')));
}
if (!empty($_POST['photo'])) {
if (!Utils::isValidURL($_POST['photo'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PHOTO') . ': ' . $user->lang('INVALID_URL')));
}
if (!($head = get_headers($_POST['photo'], 1)) || !isset($head['Content-Type'])) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Something wrong with your project image'));
}
if (false === strpos($head['Content-Type'], 'image')) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Your project image, is not a photo or is protected, change it'));
}
} else {
$_POST['photo'] = '';
}
foreach ($projectData as &$value) {
$value = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
}
//htmlspecialchars empty return values FIX
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\Utils;
if (!($o = Db::query('SELECT "username" FROM "users" ORDER BY "counter" DESC', Db::FETCH_OBJ))) {
die('Db error');
}
die(header('Location: /' . Utils::userLink($o->username)));
while ($o = $r->fetch(PDO::FETCH_OBJ)) {
$vals['memberof_a'][$i]['name_n'] = $o->name;
$vals['memberof_a'][$i]['username_n'] = $o->name;
$vals['memberof_a'][$i]['name4link_n'] = Utils::projectLink($o->name);
++$i;
}
usort($vals['memberof_a'], '\\NERDZ\\Core\\Utils::sortByUsername');
if (!($r = Db::query(['SELECT "name" FROM "groups" INNER JOIN "groups_followers" ON "groups"."counter" = "groups_followers"."to" WHERE "from" = :id', $ida], Db::FETCH_STMT))) {
die($user->lang('ERROR'));
}
$vals['userof_a'] = [];
$i = 0;
while ($o = $r->fetch(PDO::FETCH_OBJ)) {
$vals['userof_a'][$i]['name_n'] = $o->name;
$vals['userof_a'][$i]['username_n'] = $o->name;
$vals['userof_a'][$i]['name4link_n'] = Utils::projectLink($o->name);
++$i;
}
usort($vals['userof_a'], '\\NERDZ\\Core\\Utils::sortByUsername');
$vals['github_n'] = $info->github;
$vals['yahoo_n'] = $vals['logged_b'] ? $info->yahoo : '';
$vals['jabber_n'] = $vals['logged_b'] ? $info->jabber : '';
$vals['skype_n'] = $vals['logged_b'] ? $info->skype : '';
$vals['steam_n'] = $vals['logged_b'] ? $info->steam : '';
$vals['facebook_n'] = $vals['logged_b'] ? $info->facebook : '';
$vals['twitter_n'] = $vals['logged_b'] ? $info->twitter : '';
$vals['id_n'] = $id;
// single post like nessuno.1
$found = false;
if ($vals['singlepost_b']) {
if ($user->hasInBlacklist($id)) {
$userData['facebook'] = isset($_POST['facebook']) ? trim($_POST['facebook']) : '';
$userData['twitter'] = isset($_POST['twitter']) ? trim($_POST['twitter']) : '';
$userData['steam'] = isset($_POST['steam']) ? trim($_POST['steam']) : '';
$userData['skype'] = isset($_POST['skype']) ? trim($_POST['skype']) : '';
$userData['github'] = isset($_POST['github']) ? trim($_POST['github']) : '';
$userData['userscript'] = isset($_POST['userscript']) ? strip_tags(trim($_POST['userscript'])) : '';
$userData['dateformat'] = isset($_POST['dateformat']) ? trim($_POST['dateformat']) : '';
foreach ($userData as $key => $val) {
$userData[$key] = trim(htmlspecialchars($val, ENT_QUOTES, 'UTF-8'));
}
$closed = isset($_POST['closed']);
$flag = true;
if (!empty($userData['website']) && !Utils::isValidURL($userData['website'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WEBSITE') . ': ' . $user->lang('INVALID_URL')));
}
if (!empty($userData['userscript']) && !Utils::isValidURL($userData['userscript'])) {
die(NERDZ\Core\Utils::jsonResponse('error', 'Userscript: ' . $user->lang('INVALID_URL')));
}
if (!empty($userData['github']) && !preg_match('#^https?://(www\\.)?github\\.com/[a-z0-9]+$#i', $userData['github'])) {
die(NERDZ\Core\Utils::jsonResponse('error', 'GitHub: ' . $user->lang('INVALID_URL')));
}
if (false == ($obj = $user->getObject($_SESSION['id']))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
if (!empty($userData['jabber']) && false == filter_var($userData['jabber'], FILTER_VALIDATE_EMAIL)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('JABBER') . ': ' . $user->lang('MAIL_NOT_VALID')));
}
if (empty($userData['dateformat'])) {
$userData['dateformat'] = 'd/m/Y, H:i';
}
if (!empty($userData['facebook']) && (!preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/people/[^/]+/([a-z0-9_\\-]+)#i', $userData['facebook']) && !preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/profile\\.php\\?id\\=([0-9]+)#i', $userData['facebook']) && !preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/([a-z0-9_\\-\\.]+)#i', $userData['facebook']))) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Messages;
use NERDZ\Core\Utils;
use NERDZ\Core\User;
$user = new User();
$messages = new Messages();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
$url = empty($_POST['url']) ? false : trim($_POST['url']);
$comment = empty($_POST['comment']) ? false : trim($_POST['comment']);
$to = empty($_POST['to']) ? false : trim($_POST['to']);
if (!$url || !Utils::isValidURL($url)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('INVALID_URL')));
}
if ($to) {
if (!User::getUsername($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
} else {
$to = $_SESSION['id'];
}
if ($_SESSION['id'] != $to) {
if ($user->hasClosedProfile($to)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('CLOSED_PROFILE_DESCR')));
}
}
$share = function ($to, $url, $message = NULL) use($user, $messages) {
<?php
$vals = [];
$vals['logged_b'] = $user->isLogged();
if ($vals['logged_b']) {
$vals['myusername_n'] = NERDZ\Core\User::getUsername();
$vals['myusername4link_n'] = \NERDZ\Core\Utils::userLink($vals['myusername_n']);
}
$vals['tok_n'] = NERDZ\Core\Security::getCsrfToken();
$user->getTPL()->assign($vals);
$user->getTPL()->draw('base/header');
$_list = null;
if (isset($_POST['start']) && isset($_POST['num']) && is_numeric($_POST['start']) && is_numeric($_POST['num'])) {
$_list = $comments->getLastComments($hpid, $_POST['num'], $_POST['start'], $prj);
} else {
if (isset($_POST['hcid']) && is_numeric($_POST['hcid'])) {
$_list = $comments->getCommentsAfterHcid($hpid, $_POST['hcid'], $prj);
} else {
$_list = $comments->getAll($hpid, $prj);
}
}
$doShowForm = !isset($_POST['hcid']) && (!isset($_POST['start']) || $_POST['start'] == 0) && !isset($_POST['forceNoForm']);
if (empty($_list) && !$doShowForm) {
die;
}
$vals = [];
$vals['currentuserprofile_n'] = \NERDZ\Core\Utils::userLink($_SESSION['id']);
$vals['currentusergravatar_n'] = $user->getGravatar($_SESSION['id']);
$vals['currentusername_n'] = User::getUsername();
$vals['onerrorimgurl_n'] = System::getResourceDomain() . '/static/images/red_x.png';
$vals['list_a'] = $_list;
$vals['showform_b'] = $doShowForm;
$vals['hpid_n'] = $hpid;
$vals['commentcount_n'] = (new Messages())->countComments($hpid, $prj);
$vals['needmorebtn_b'] = $doShowForm && $vals['commentcount_n'] > 10;
$vals['needeverycommentbtn_b'] = $doShowForm && $vals['commentcount_n'] > 20;
$user->getTPL()->assign($vals);
$user->getTPL()->draw(($prj ? 'project' : 'profile') . '/comments');
break;
default:
die($user->lang('ERROR'));
break;
private static function getURLFromCid($hcid, $project = false)
{
$prefix = $project ? 'groups_' : '';
if (!($o = Db::query(['SELECT p.to, p.pid FROM "' . $prefix . 'posts" p INNER JOIN "' . $prefix . 'comments" c ON c."hcid" = :hcid AND c.hpid = p.hpid', [':hcid' => $hcid]], Db::FETCH_OBJ))) {
return System::getCurrentHostAddress();
}
return System::getCurrentHostAddress() . ($project ? Utils::projectLink(Project::getName($o->to)) : Utils::userLink(User::getUsername($o->to))) . $o->pid . '#c' . $hcid;
}
public function getInteractions($id, $limit = 0)
{
if (!$this->isLogged()) {
return [];
}
if ($limit) {
$limit = Security::limitControl($limit, 20);
}
$objs = [];
if (!($objs = Db::query(['SELECT "type", "from", "to", extract(epoch from time) as time, pid, post_to
FROM user_interactions(:me, :id) AS
f("type" text, "from" int8, "to" int8, "time" timestamp with time zone, pid int8, post_to int8)
ORDER BY f.time DESC' . ($limit !== 0 ? " LIMIT {$limit}" : ''), [':me' => $_SESSION['id'], ':id' => $id]], Db::FETCH_OBJ, true))) {
return [];
}
$ret = [];
for ($i = 0, $count = count($objs); $i < $count; ++$i) {
$ret[$i]['type_n'] = $objs[$i]->type;
$ret[$i]['fromid_n'] = $objs[$i]->from;
$ret[$i]['from_n'] = static::getUsername($objs[$i]->from);
$ret[$i]['from4link_n'] = Utils::userLink($ret[$i]['from_n']);
$ret[$i]['toid_n'] = $objs[$i]->to;
$ret[$i]['to_n'] = static::getUsername($objs[$i]->to);
$ret[$i]['to4link_n'] = Utils::userLink($ret[$i]['to_n']);
$ret[$i]['datetime_n'] = $this->getDateTime($objs[$i]->time);
$ret[$i]['pid_n'] = $objs[$i]->pid;
$ret[$i]['postto_n'] = static::getUsername($objs[$i]->post_to);
$ret[$i]['link_n'] = Utils::userLink($ret[$i]['postto_n']) . $objs[$i]->pid;
}
return $ret;
}
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Notification;
use NERDZ\Core\Db;
use NERDZ\Core\Config;
use NERDZ\Core\RedisSessionHandler;
use NERDZ\Core\Utils;
$user = new Notification();
header("Content-Type: text/event-stream\n\n");
$push = function ($event, $status, $message) use($user) {
echo 'event: ', $event, "\n", 'data: ', Utils::toJsonResponse($status, $message), "\n\n";
ob_flush();
flush();
};
$dontSendCacheLimiter = function () {
// http://stackoverflow.com/a/12315542
ini_set('session.use_only_cookies', false);
ini_set('session.use_cookies', false);
ini_set('session.use_trans_sid', false);
ini_set('session.cache_limiter', null);
if (Config\REDIS_HOST !== '' && Config\REDIS_PORT !== '') {
new RedisSessionHandler(Config\REDIS_HOST, Config\REDIS_PORT);
} else {
session_start();
}
};
if (!$user->isLogged()) {
$push('notification', 'error', $user->lang('REGISTER'));
$push('pm', 'error', $user->lang('REGISTER'));
} else {
// 1st step
if (!$captcha) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MAIL_NOT_VALID')));
}
if (!($obj = Db::query(['SELECT "username","counter" FROM "users" WHERE "email" = :email', [':email' => $email]], Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
$vals = [];
$vals['username_n'] = $obj->username;
$vals['usernamelink_n'] = 'http://' . Config\SITE_HOST . '/' . \NERDZ\Core\Utils::userLink($obj->username);
$vals['account_n'] = "{$obj->username} - ID: {$obj->counter}";
$vals['ip_n'] = $_SERVER['REMOTE_ADDR'];
$token = md5(openssl_random_pseudo_bytes(rand(7, 21)));
if (Db::NO_ERRNO != Db::query(['INSERT INTO reset_requests(remote_addr,token,"to") VALUES(:remote_addr,:token,:to)', [':remote_addr' => $_SERVER['REMOTE_ADDR'], ':token' => $token, ':to' => $obj->counter]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(1): ' . $user->lang('TRY_LATER')));
}
if (!($key = Db::query(['SELECT counter FROM reset_requests WHERE token = :token AND "to" = :to AND remote_addr = :remote_addr', [':remote_addr' => $_SERVER['REMOTE_ADDR'], ':token' => $token, ':to' => $obj->counter]], Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(4): ' . $user->lang('TRY_LATER')));
}
$vals['reseturl_n'] = 'http://' . Config\SITE_HOST . '/reset.php?tok=' . $token . '&id=' . $key->counter;
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/vendor/autoload.php';
try {
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->SMTPAuth = true;