<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Pms;
use NERDZ\Core\User;
$pms = new Pms();
$user = new User();
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', 'No SPAM/BOT'));
}
if (empty($_POST['to'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('SOMETHING_MISS')));
}
if (!($toid = $user->getId(trim($_POST['to'])))) {
//getId DON'T what htmlspecialchars in parameter
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('USER_NOT_FOUND')));
}
foreach ($_POST as &$val) {
$val = htmlspecialchars(trim($val), ENT_QUOTES, 'UTF-8');
}
die(NERDZ\Core\Utils::jsonDbResponse($pms->send($toid, $_POST['message'])));
if (Db::NO_ERRNO != Db::query(['DELETE FROM "groups" WHERE "counter" = :id', [':id' => $id]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
break;
case 'update':
//validate fields
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateproject.php';
// Members
$_POST['members'] = isset($_POST['members']) ? $_POST['members'] : '';
$oldmem = $project->getMembers($id);
$m = array_filter(array_unique(explode("\n", $_POST['members'])));
$newmem = [];
$userMap = [];
foreach ($m as $v) {
$username = trim($v);
$uid = $user->getId($username);
if (is_numeric($uid) && $uid > 0) {
$newmem[] = $uid;
$userMap[$uid] = $username;
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid member - ' . $v));
}
}
//members to add
$toadd = array_diff($newmem, $oldmem);
foreach ($toadd as $uid) {
$ret = Db::query(['INSERT INTO "groups_members"("to","from") VALUES(:project,:user)', [':project' => $id, ':user' => $uid]], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret, $userMap[$uid]));
}
}
if (Db::NO_ERRNO != Db::query(['UPDATE "profiles" SET "closed" = :closed WHERE "counter" = :counter', [':closed' => 'true', ':counter' => $_SESSION['id']]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
}
} else {
if (Db::NO_ERRNO != Db::query(['UPDATE "profiles" SET "closed" = :closed WHERE "counter" = :counter', [':closed' => 'false', ':counter' => $_SESSION['id']]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR')));
}
}
$_SESSION['dateformat'] = $userData['dateformat'];
if (isset($_POST['whitelist'])) {
$oldlist = $user->getWhitelist($_SESSION['id']);
$m = array_filter(array_unique(explode("\n", $_POST['whitelist'])));
$newlist = [];
foreach ($m as $v) {
$uid = $user->getId(trim($v));
if (is_numeric($uid) && $uid > 0) {
if (Db::NO_ERRNO != Db::query(['INSERT INTO "whitelist"("from","to")
SELECT :id, :uid
WHERE NOT EXISTS (SELECT 1 FROM "whitelist" WHERE "from" = :id AND "to" = :uid)', [':id' => $_SESSION['id'], ':uid' => $uid]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '1'));
}
$newlist[] = $uid;
} else {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Invalid user - ' . $v));
}
}
$toremove = [];
foreach ($oldlist as $val) {
if (!in_array($val, $newlist)) {
$toremove[] = $val;
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/vendor/autoload.php';
use MCilloni\Pushed\Pushed;
use MCilloni\Pushed\PushedException;
use NERDZ\Core\User;
use NERDZ\Core\Config;
use NERDZ\Core\Utils;
$user = new User();
try {
if (!$user->isLogged()) {
die(Utils::jsonResponse(['ERROR' => 'Not logged']));
}
if (!isset($_GET['action'])) {
die(Utils::jsonResponse(['ERROR' => 'Action not set']));
}
$thisUser = $user->getId();
if (!NERDZ\Core\Security::floodPushRegControl()) {
die(Utils::jsonResponse(['ERROR' => 'NO SPAM']));
}
$pushed = Pushed::connectIp(Config\PUSHED_PORT, Config\PUSHED_IP6);
$resp = [];
switch ($_GET['action']) {
case 'subscribe':
if (!isset($_POST['service']) || !isset($_POST['deviceId'])) {
die(Utils::jsonResponse(['ERROR' => 'Field not set']));
}
$user->setPush($thisUser, true);
if (!$pushed->exists($thisUser)) {
if ($pushed->addUser($thisUser)[0] !== Pushed::$ACCEPTED) {
die(Utils::jsonResponse(['ERROR' => 'Request rejected']));
}