if (!$user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER'))); } if (!NERDZ\Core\Security::refererControl()) { die(NERDZ\Core\Utils::jsonResponse('error', 'CSRF')); } switch (isset($_GET['action']) ? strtolower($_GET['action']) : '') { case 'add': if (empty($_POST['to'])) { if ($prj) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . 'a')); } else { $_POST['to'] = $_SESSION['id']; } } die(NERDZ\Core\Utils::jsonDbResponse($messages->add($_POST['to'], isset($_POST['message']) ? $_POST['message'] : '', ['news' => !empty($_POST['news']), 'issue' => !empty($_POST['issue']), 'project' => $prj, 'language' => !empty($_POST['language']) ? $_POST['language'] : false]))); break; case 'del': if (!isset($_SESSION['delpost']) || empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || $_SESSION['delpost'] != $_POST['hpid'] || !$messages->delete($_POST['hpid'], $prj)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } unset($_SESSION['delpost']); break; case 'delconfirm': $_SESSION['delpost'] = isset($_POST['hpid']) && is_numeric($_POST['hpid']) ? $_POST['hpid'] : -1; die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('ARE_YOU_SURE'))); break; case 'get': if (empty($_POST['hpid']) || !is_numeric($_POST['hpid']) || !($message = Messages::getMessage($_POST['hpid'], $prj))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '2')); }
} } else { $to = $_SESSION['id']; } if ($_SESSION['id'] != $to) { if ($user->hasClosedProfile($to)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('CLOSED_PROFILE_DESCR'))); } } $share = function ($to, $url, $message = NULL) use($user, $messages) { if (!preg_match('#(^http:\\/\\/|^https:\\/\\/|^ftp:\\/\\/)#i', $url)) { $url = "http://{$url}"; } if (preg_match('#(.*)youtube.com\\/watch\\?v=(.{11})#Usim', $url) || preg_match('#http:\\/\\/youtu.be\\/(.{11})#Usim', $url)) { $message = "[youtube]{$url}[/youtube] " . $message; return $messages->add($to, $message); } if (preg_match('#http://sprunge.us/([a-z0-9\\.]+)\\?(.+?)#i', $url, $res)) { $file = file_get_contents('http://sprunge.us/' . $res[1]); $message = "[code={$res[2]}]{$file}[/code]" . $message; return $messages->add($to, $message); } $h = @get_headers($url, Db::FETCH_OBJ); if (false === $h) { return false; } foreach ((array) $h['Content-Type'] as $ct) { if (preg_match('#(image)#i', $ct)) { $message = "[img]{$url}[/img]" . $message; return $messages->add($to, $message); }