private function byName($contains, $limit, $project = false) { if ($limit) { $limit = Security::limitControl($limit, 20); } if (!$project) { $table = 'users'; $field = 'username'; $fetcher = $this->user; } else { $table = 'groups'; $field = 'name'; $fetcher = $this->project; } if (!($stmt = Db::query(['SELECT "' . $field . '" FROM "' . $table . '" u WHERE u.' . $field . ' ILIKE :contains ORDER BY u.' . $field . ' LIMIT ' . $limit, [':contains' => "%{$contains}%"]], Db::FETCH_STMT))) { return []; } $elements = $stmt->fetchAll(PDO::FETCH_COLUMN); $ret = []; foreach ($elements as $u) { $ret[] = $fetcher->getBasicInfo($u); } return $ret; }
<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; $validFields = ['name', 'description']; $limit = isset($_GET['lim']) ? NERDZ\Core\Security::limitControl($_GET['lim'], 20) : 20; $order = isset($_GET['desc']) && $_GET['desc'] == 1 ? 'DESC' : 'ASC'; $q = empty($_GET['q']) ? '' : htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8'); $orderby = isset($_GET['orderby']) ? NERDZ\Core\Security::fieldControl($_GET['orderby'], $validFields, 'name') : 'name'; $vals = []; $query = empty($q) ? "SELECT name, description,counter\n FROM groups\n ORDER BY {$orderby} {$order} LIMIT {$limit}" : ["SELECT name,description, counter\n FROM groups WHERE CAST({$orderby} AS TEXT) ILIKE ?\n ORDER BY {$orderby} {$order} LIMIT {$limit}", ["%{$q}%"]]; $vals['list_a'] = []; if ($r = Db::query($query, Db::FETCH_STMT)) { $i = 0; while ($o = $r->fetch(PDO::FETCH_OBJ)) { $vals['list_a'][$i]['id_n'] = $o->counter; $vals['list_a'][$i]['name_n'] = $o->name; $vals['list_a'][$i]['description_n'] = $o->description; $vals['list_a'][$i]['name4link_n'] = \NERDZ\Core\Utils::projectLink($o->name); ++$i; } } \NERDZ\Core\Security::setNextAndPrevURLs($vals, $limit, ['order' => $order, 'query' => $q, 'field' => empty($_GET['orderby']) ? '' : $_GET['orderby'], 'validFields' => $validFields]); require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/vars.php'; $user->getTPL()->assign($vals); $user->getTPL()->draw('base/projectslist');
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': +')); } if (is_numeric(strpos($userData['username'], '&'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': &')); } if (is_numeric(strpos($userData['username'], '%'))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': %')); } if (filter_var($userData['username'], FILTER_VALIDATE_EMAIL)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('USERNAME_CANT_BE_EMAIL'))); } if ($userData['username'] !== Messages::stripTags($userData['username'])) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_USERNAME') . "\n" . $user->lang('CHAR_NOT_ALLOWED') . ': BBCode or [ ]')); } } switch (Security::passwordControl($userData['password'])) { case 'PASSWORD_SHORT': die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_PASS)); case 'PASSWORD_LONG': if (!$user->isLogged() || $updatedPassword) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_LONG'))); } } if (mb_strlen($userData['name'], 'UTF-8') < Config\MIN_LENGTH_NAME) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('NAME_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_NAME)); } if (mb_strlen($userData['surname'], 'UTF-8') < Config\MIN_LENGTH_SURNAME) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SURNAME_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_SURNAME)); } if (false === filter_var($userData['email'], FILTER_VALIDATE_EMAIL)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MAIL_NOT_VALID')));
public function getFriends($id, $limit = 0) { if ($limit) { $limit = Security::limitControl($limit, 20); } if (!($stmt = Db::query(['select "to" from ( select "to" from followers where "from" = :id) as f inner join (select "from" from followers where "to" = :id) as e on f.to = e.from inner join users u on u.counter = f.to order by username' . ($limit != 0 ? ' LIMIT ' . $limit : ''), [':id' => $id]], Db::FETCH_STMT))) { return []; } return $stmt->fetchAll(PDO::FETCH_COLUMN); }
public function getInteractions($id, $limit = 0) { if (!$this->user->isLogged()) { return []; } if ($limit) { $limit = Security::limitControl($limit, 20); } $objs = []; if (!($objs = Db::query(['SELECT "type", extract(epoch from time) as time, pid, post_to FROM group_interactions(:me, :id) AS f("type" text, "time" timestamp with time zone, pid int8, post_to int8) ORDER BY f.time DESC' . ($limit !== 0 ? " LIMIT {$limit}" : ''), [':me' => $_SESSION['id'], ':id' => $id]], Db::FETCH_OBJ, true))) { return []; } $ret = []; for ($i = 0, $count = count($objs); $i < $count; ++$i) { $ret[$i]['type_n'] = $objs[$i]->type; $ret[$i]['datetime_n'] = $this->user->getDateTime($objs[$i]->time); $ret[$i]['pid_n'] = $objs[$i]->pid; $ret[$i]['postto_n'] = static::getName($objs[$i]->post_to); $ret[$i]['link_n'] = Utils::projectLink($ret[$i]['postto_n']) . $objs[$i]->pid; } return $ret; }
$mail->Subject = $user->lang('RESET_YOUR_PASSWORD'); $user->getTPL()->assign($vals); $mail->MsgHTML($user->getTPL()->draw("langs/{$user->getLanguage()}/reset-mail", true)); $mail->AddAddress($email); if ($mail->Send()) { die(NERDZ\Core\Utils::jsonResponse('ok', 'OK')); } die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': ' . $mail->ErrorInfo)); } catch (phpmailerException $e) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': ' . $e->errorMessage() . "\n contact support@nerdz.eu or retry")); } die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': contact support@nerdz.eu or retry')); } else { if ($password !== false && $token !== false && $key !== false) { //3rd step switch (Security::passwordControl($password)) { case 'PASSWORD_SHORT': die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_PASS)); case 'PASSWORD_LONG': die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_LONG'))); } if (!($obj = Db::query(['SELECT r.*, u.username FROM reset_requests r JOIN users u ON r.to = u.counter WHERE r.counter = :key', [':key' => $key]], Db::FETCH_OBJ))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(2): ' . $user->lang('TRY_LATER'))); } if ($obj->token !== $token) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Token')); } if (Db::NO_ERRNO != Db::query(['DELETE FROM reset_requests WHERE "to" = :to AND counter <= :key', [':to' => $obj->to, ':key' => $key]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(3): ' . $user->lang('TRY_LATER'))); } if (Db::NO_ERRNO != Db::query(['UPDATE "users" SET "password" = crypt(:pass, gen_salt(\'bf\', 7)) WHERE "counter" = :id', [':pass' => $password, ':id' => $obj->to]], Db::FETCH_ERRNO)) {