<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
$pms = new Pms();
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
if (empty($_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if (!($toid = $user->getId(trim($_POST['to'])))) {
//getId DON'T what htmlspecialchars in parameter
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
foreach ($_POST as &$val) {
$val = htmlspecialchars(trim($val), ENT_QUOTES, 'UTF-8');
}
die(NERDZ\Core\Utils::jsonDbResponse($pms->send($toid, $_POST['message'])));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
$pms = new Pms();
$user = new User();
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
switch (isset($_GET['action']) ? trim(strtolower($_GET['action'])) : '') {
case 'conversation':
$from = isset($_POST['from']) && is_numeric($_POST['from']) ? $_POST['from'] : false;
$to = isset($_POST['to']) && is_numeric($_POST['to']) ? $_POST['to'] : false;
if (!$from || !$to || !in_array($_SESSION['id'], array($from, $to))) {
die($user->lang('ERROR'));
}
$conv = null;
if (isset($_POST['start']) && isset($_POST['num']) && is_numeric($_POST['start']) && is_numeric($_POST['num'])) {
$conv = $pms->readConversation($from, $to, false, $_POST['num'], $_POST['start']);
} else {
if (isset($_POST['pmid']) && is_numeric($_POST['pmid'])) {
$conv = $pms->readConversation($from, $to, $_POST['pmid']);
} else {
$conv = $pms->readConversation($from, $to);
}
}
$doShowForm = !isset($_POST['pmid']) && (!isset($_POST['start']) || $_POST['start'] == 0) && !isset($_POST['forceNoForm']);
if (!$doShowForm && empty($conv)) {
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
ob_start('ob_gzhandler');
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No spam or spam-bot here'));
}
$pms = new Pms();
if (empty($_POST['from']) || !is_numeric($_POST['from']) || empty($_POST['to']) || !is_numeric($_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if ($pms->deleteConversation($_POST['from'], $_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
$user = new User();
ob_start(array('NERDZ\\Core\\Utils', 'minifyHTML'));
if (!$user->isLogged()) {
die($user->lang('REGISTER'));
}
$pms = new Pms();
$vals = [];
$vals['list_a'] = $pms->getList();
$user->getTPL()->assign($vals);
$user->getTPL()->draw('pm/inbox');