This commit is contained in:
themohooks 2024-07-10 13:23:05 +03:00
parent 8b63f67985
commit e01de93290
8 changed files with 240 additions and 229 deletions

View file

@ -17,13 +17,13 @@ class Comment {
<span class="message_date">'.Date::zmdate($this->c['posted_at']).'</span><br> <span class="message_date">'.Date::zmdate($this->c['posted_at']).'</span><br>
</div> </div>
<a name="2681468"></a><a name="last"></a> <a name="2681468"></a><a name="last"></a>
<div><img src="'.$user->i('photourl').'" width="32" style="border-radius: 3px; margin-right: 5px;"><b><a href="/author/'.$this->c['user_id'].'/" class="message_author">'.$user->i('username').'</a></b> &middot; <div><img src="'.$user->i('photourl').'" width="32" style="border-radius: 3px; margin-right: 5px;"><b><a href="/author/'.$this->c['user_id'].'/" class="message_author">'.htmlspecialchars($user->i('username')).'</a></b> &middot;
<span class="flag">'; <span class="flag">';
if (json_decode($user->i('content'), true)['aboutrid']['value'] != null) { if (json_decode($user->i('content'), true)['aboutrid']['value'] != null) {
echo '<img src="https://kamenphoto.ru/img/r/'.json_decode($user->i('content'), true)['aboutrid']['value'].'.gif">'; echo '<img src="https://kamenphoto.ru/img/r/'.json_decode($user->i('content'), true)['aboutrid']['value'].'.gif">';
} }
if (json_decode($user->i('content'), true)['aboutlive']['value'] != null) { if (json_decode($user->i('content'), true)['aboutlive']['value'] != null) {
echo ' '.json_decode($user->i('content'), true)['aboutlive']['value']; echo ' '.htmlspecialchars(json_decode($user->i('content'), true)['aboutlive']['value']);
} }
if ((int)Vote::countcommrates($this->c['id'], -1) >= 1) { if ((int)Vote::countcommrates($this->c['id'], -1) >= 1) {
$commclass = 'pro'; $commclass = 'pro';
@ -36,7 +36,7 @@ class Comment {
} }
echo '</span></div> echo '</span></div>
<div class="rank">Фото: '.Photo::fetchAll($this->c['user_id']).'</div> <div class="rank">Фото: '.Photo::fetchAll($this->c['user_id']).'</div>
<div class="message-text">'.$this->c['body'].'</div> <div class="message-text">'.htmlspecialchars($this->c['body']).'</div>
<div class="comment-votes-block"> <div class="comment-votes-block">
<div class="wvote" wid="'.$this->c['id'].'"> <div class="wvote" wid="'.$this->c['id'].'">
<a href="#" vote="1" class="w-btn s2"><span>+</span></a> <a href="#" vote="1" class="w-btn s2"><span>+</span></a>

View file

@ -36,7 +36,7 @@ use \App\Models\User;
<?php <?php
$admins = DB::query('SELECT * FROM users WHERE admin=1'); $admins = DB::query('SELECT * FROM users WHERE admin=1');
foreach ($admins as $a) { foreach ($admins as $a) {
echo '<li><b><a href="/author/'.$a['id'].'/"><img src="'.$a['photourl'].'" width="32" style="border-radius: 3px; margin-right: 5px;">'.$a['username'].'</a></b></li>'; echo '<li><b><a href="/author/'.$a['id'].'/"><img src="'.$a['photourl'].'" width="32" style="border-radius: 3px; margin-right: 5px;">'.htmlspecialchars($a['username']).'</a></b></li>';
} }
?> ?>
</ul> </ul>

View file

@ -105,7 +105,7 @@ foreach ($photos as $pd) {
foreach ($photos as $p) { foreach ($photos as $p) {
$bck = 'background-image:url("' . $p['photourl'] . '")'; $bck = 'background-image:url("' . $p['photourl'] . '")';
echo ' <div class="prw-grid-item"> echo ' <div class="prw-grid-item">
<div class="prw-wrapper"><span style="word-spacing:-1px"><b>' . $p['place'] . '</b></span> <div class="prw-wrapper"><span style="word-spacing:-1px"><b>' . htmlspecialchars($p['place']) . '</b></span>
<div>' . Date::zmdate($p['posted_at']) . '</div> <div>' . Date::zmdate($p['posted_at']) . '</div>
</div> </div>
'; ?> '; ?>
@ -128,7 +128,7 @@ foreach ($photos as $pd) {
foreach ($photos as $p) { foreach ($photos as $p) {
$bck = 'background-image:url("' . $p['photourl'] . '")'; $bck = 'background-image:url("' . $p['photourl'] . '")';
echo ' <div class="prw-grid-item"> echo ' <div class="prw-grid-item">
<div class="prw-wrapper"><span style="word-spacing:-1px"><b>' . $p['place'] . '</b></span> <div class="prw-wrapper"><span style="word-spacing:-1px"><b>' . htmlspecialchars($p['place']) . '</b></span>
<div>' . Date::zmdate($p['posted_at']) . '</div> <div>' . Date::zmdate($p['posted_at']) . '</div>
</div> </div>
'; ?> '; ?>
@ -148,7 +148,7 @@ foreach ($photos as $pd) {
<?php <?php
$online = DB::query('SELECT * FROM users WHERE online>=:time-300 ORDER BY online DESC', array(':time'=>time())); $online = DB::query('SELECT * FROM users WHERE online>=:time-300 ORDER BY online DESC', array(':time'=>time()));
foreach ($online as $o) { foreach ($online as $o) {
echo '<a href="/author/'.$o['id'].'/">'.$o['username'].'</a>, '; echo '<a href="/author/'.$o['id'].'/">'.htmlspecialchars($o['username']).'</a>, ';
} }
?> ?>

View file

@ -7,8 +7,8 @@ $id = explode('/', $_SERVER['REQUEST_URI'])[2];
$photo = new \App\Models\Photo($id); $photo = new \App\Models\Photo($id);
if ($photo->i('id') !== null) { if ($photo->i('id') !== null) {
$photouser = new \App\Models\User($photo->i('user_id')); $photouser = new \App\Models\User($photo->i('user_id'));
if (DB::query('SELECT * FROM photos_views WHERE user_id=:uid AND photo_id=:pid ORDER BY id DESC LIMIT 1', array(':uid'=>Auth::userid(), ':pid'=>$id))[0]['time'] <= time()-86400) { if (DB::query('SELECT * FROM photos_views WHERE user_id=:uid AND photo_id=:pid ORDER BY id DESC LIMIT 1', array(':uid' => Auth::userid(), ':pid' => $id))[0]['time'] <= time() - 86400) {
DB::query('INSERT INTO photos_views VALUES (\'0\', :uid, :pid, :time)', array(':uid'=>Auth::userid(), ':pid'=>$id, ':time'=>time())); DB::query('INSERT INTO photos_views VALUES (\'0\', :uid, :pid, :time)', array(':uid' => Auth::userid(), ':pid' => $id, ':time' => time()));
} }
} }
@ -21,11 +21,11 @@ if ($photo->i('id') !== null) {
<?php include($_SERVER['DOCUMENT_ROOT'] . '/views/components/LoadHead.php'); ?> <?php include($_SERVER['DOCUMENT_ROOT'] . '/views/components/LoadHead.php'); ?>
<meta http-equiv="content-type" content="text/html;charset=UTF-8"> <meta http-equiv="content-type" content="text/html;charset=UTF-8">
<meta name="description" content="<?=NGALLERY['root']['description']?>"> <meta name="description" content="<?= NGALLERY['root']['description'] ?>">
<meta name="keywords" content="<?=NGALLERY['root']['keywords']?>"> <meta name="keywords" content="<?= NGALLERY['root']['keywords'] ?>">
<meta property="og:title" content="<?=$photo->i('title')?> — Фото"> <meta property="og:title" content="<?= $photo->i('title') ?> — Фото">
<link rel="alternate" hreflang="x-default" href="<?=$_SERVER['REQUEST_URI']?>"> <link rel="alternate" hreflang="x-default" href="<?= $_SERVER['REQUEST_URI'] ?>">
<meta property="og:image" content="<?=$photo->i('photourl')?>"> <meta property="og:image" content="<?= $photo->i('photourl') ?>">
</head> </head>
@ -40,24 +40,28 @@ if ($photo->i('id') !== null) {
#map_canvas { #map_canvas {
width: 600px !important; width: 600px !important;
} }
#photobar { #photobar {
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4); box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4);
-moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4); -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4);
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4); -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4);
} }
#photobar {
#photobar {
background-color: #000; background-color: #000;
} }
#photobar {
#photobar {
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4); box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4);
-moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4); -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4);
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4); -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.4);
} }
#photobar {
#photobar {
margin: 0 -20px; margin: 0 -20px;
position: relative; position: relative;
background-color: #333; background-color: #333;
} }
</style> </style>
<td class="main"> <td class="main">
<?php <?php
@ -160,8 +164,12 @@ if ($photo->i('id') !== null) {
<?php <?php
if (Auth::userid() > 0) { ?> if (Auth::userid() > 0) { ?>
<div class="vote" pid="<?= $id ?>"> <div class="vote" pid="<?= $id ?>">
<a href="#" vote="1" class="vote_btn <?php if (Vote::photo(Auth::userid(), $id) === 1) { echo 'voted'; } ?>"><span>Интересная фотография!</span></a> <a href="#" vote="1" class="vote_btn <?php if (Vote::photo(Auth::userid(), $id) === 1) {
<a href="#" vote="0" class="vote_btn <?php if (Vote::photo(Auth::userid(), $id) === 0) { echo 'voted'; } ?>"><span>Мне не&nbsp;нравится</span></a> echo 'voted';
} ?>"><span>Интересная фотография!</span></a>
<a href="#" vote="0" class="vote_btn <?php if (Vote::photo(Auth::userid(), $id) === 0) {
echo 'voted';
} ?>"><span>Мне не&nbsp;нравится</span></a>
</div> </div>
<?php } ?> <?php } ?>
<div id="votes" class="votes"> <div id="votes" class="votes">
@ -171,7 +179,7 @@ if ($photo->i('id') !== null) {
foreach ($votespos as $ps) { foreach ($votespos as $ps) {
$uservote = new User($ps['user_id']); $uservote = new User($ps['user_id']);
echo ' <tr> echo ' <tr>
<td><a href="/author/' . $ps['user_id'] . '/">' . $uservote->i('username') . '</a></td> <td><a href="/author/' . $ps['user_id'] . '/">' . htmlspecialchars($uservote->i('username')) . '</a></td>
<td class="vv">+1</td> <td class="vv">+1</td>
</tr>'; </tr>';
} }
@ -184,7 +192,7 @@ if ($photo->i('id') !== null) {
foreach ($votespos as $ps) { foreach ($votespos as $ps) {
$uservote = new User($ps['user_id']); $uservote = new User($ps['user_id']);
echo ' <tr> echo ' <tr>
<td><a href="/author/' . $ps['user_id'] . '/">' . $uservote->i('username') . '</a></td> <td><a href="/author/' . $ps['user_id'] . '/">' . htmlspecialchars($uservote->i('username')) . '</a></td>
<td class="vv">-1</td> <td class="vv">-1</td>
</tr>'; </tr>';
} }
@ -249,30 +257,30 @@ if ($photo->i('id') !== null) {
<table class="linetable" id="exif"> <table class="linetable" id="exif">
<tr class="upl-map"> <tr class="upl-map">
<div id="map_frame" class="s11 p20" style="display:inline-block; padding:3px"> <div id="map_frame" class="s11 p20" style="display:inline-block; padding:3px">
<div id="map_canvas"></div></div> <div id="map_canvas"></div>
</div>
<script> <script>
// Координаты выбранной точки // Координаты выбранной точки
const selectedPoint = { const selectedPoint = {
lat: <?=$photo->content('lat')?>, // Пример: Широта Москвы lat: <?= $photo->content('lat') ?>, // Пример: Широта Москвы
lng: <?=$photo->content('lng')?> // Пример: Долгота Москвы lng: <?= $photo->content('lng') ?> // Пример: Долгота Москвы
}; };
// Создание карты // Создание карты
const map = L.map('map_canvas').setView([selectedPoint.lat, selectedPoint.lng], 13); const map = L.map('map_canvas').setView([selectedPoint.lat, selectedPoint.lng], 13);
// Добавление базового слоя карты (OpenStreetMap) // Добавление базового слоя карты (OpenStreetMap)
L.tileLayer('https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png', { L.tileLayer('https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png', {
maxZoom: 19, maxZoom: 19,
attribution: '&copy; OpenStreetMap contributors' attribution: '&copy; OpenStreetMap contributors'
}).addTo(map); }).addTo(map);
// Добавление маркера на выбранной точке // Добавление маркера на выбранной точке
const marker = L.marker([selectedPoint.lat, selectedPoint.lng]).addTo(map); const marker = L.marker([selectedPoint.lat, selectedPoint.lng]).addTo(map);
// Установка всплывающего окна на маркере // Установка всплывающего окна на маркере
marker.bindPopup("<b>Выбранная точка</b>").openPopup(); marker.bindPopup("<b>Выбранная точка</b>").openPopup();
</script>
</script>
</tr> </tr>
</table> </table>
@ -285,7 +293,7 @@ marker.bindPopup("<b>Выбранная точка</b>").openPopup();
<h4 class="pp-item-header">Комментарии<span style="font-weight:normal"> <span style="color:#aaa">&middot;</span> 1</span></h4> <h4 class="pp-item-header">Комментарии<span style="font-weight:normal"> <span style="color:#aaa">&middot;</span> 1</span></h4>
<div id="posts"> <div id="posts">
<?php <?php
$comments = DB::query('SELECT * FROM photos_comments WHERE photo_id=:pid', array(':pid'=>$id)); $comments = DB::query('SELECT * FROM photos_comments WHERE photo_id=:pid', array(':pid' => $id));
foreach ($comments as $c) { foreach ($comments as $c) {
$comm = new Comment($c); $comm = new Comment($c);
$comm->i(); $comm->i();
@ -298,7 +306,7 @@ marker.bindPopup("<b>Выбранная точка</b>").openPopup();
<form action="/comment.php" method="post" id="f1"> <form action="/comment.php" method="post" id="f1">
<input type="hidden" name="sid" value="hgdl6old9r9qodmvkn1r4t7d6h"> <input type="hidden" name="sid" value="hgdl6old9r9qodmvkn1r4t7d6h">
<input type="hidden" name="last_comment_rand" value="893329610"> <input type="hidden" name="last_comment_rand" value="893329610">
<input type="hidden" name="id" id="id" value="<?=$id?>"> <input type="hidden" name="id" id="id" value="<?= $id ?>">
<input type="hidden" name="subj" id="subj" value="p"> <input type="hidden" name="subj" id="subj" value="p">
<textarea name="wtext" id="wtext"></textarea><br> <textarea name="wtext" id="wtext"></textarea><br>
<div class="cmt-submit"><input type="submit" value="Добавить комментарий" id="sbmt">&ensp;&emsp;Ctrl + Enter <div class="cmt-submit"><input type="submit" value="Добавить комментарий" id="sbmt">&ensp;&emsp;Ctrl + Enter
@ -309,17 +317,20 @@ marker.bindPopup("<b>Выбранная точка</b>").openPopup();
</div> </div>
</div> </div>
</td> </td>
</tr></tbody></table> </tr>
</tbody>
</table>
<?php } else { ?> <?php } else { ?>
<center> <center>
<h1>Изображение не найдено</h1> <h1>Изображение не найдено</h1>
<div class="p20w" style="margin-bottom:20px; padding:10px 30px"> <div class="p20w" style="margin-bottom:20px; padding:10px 30px">
<img src="/static/img/pnp.jpg" alt="Пусто" width="400" height="205" border="0"> <img src="/static/img/pnp.jpg" alt="Пусто" width="400" height="205" border="0">
<p>Изображения с таким номером нет на сайте.<br />Может быть, его здесь никогда и не было.<br />Если Вы уверены, что что-то здесь всё-таки было, значит, администратор по каким-то причинам это удалил.</p> <p>Изображения с таким номером нет на сайте.<br />Может быть, его здесь никогда и не было.<br />Если Вы уверены, что что-то здесь всё-таки было, значит, администратор по каким-то причинам это удалил.</p>
</div> </div>
</center> </center>
<?php } ?> <?php } ?>
<table width="100%" style="margin-top: 30px;"><tbody> <table width="100%" style="margin-top: 30px;">
<tbody>
<tr> <tr>
<?php include($_SERVER['DOCUMENT_ROOT'] . '/views/components/Footer.php'); ?> <?php include($_SERVER['DOCUMENT_ROOT'] . '/views/components/Footer.php'); ?>
</tr> </tr>
@ -340,7 +351,7 @@ marker.bindPopup("<b>Выбранная точка</b>").openPopup();
//$("#result").html("<div class='alert alert-dangernew container mt-5' role='alert'>Неправильная почта или пароль!</div>"); //$("#result").html("<div class='alert alert-dangernew container mt-5' role='alert'>Неправильная почта или пароль!</div>");
} else if (jsonData.errorcode == "2") { } else if (jsonData.errorcode == "2") {
Notify.noty('warning', 'Пожалуйста, подождите...'); Notify.noty('warning', 'Пожалуйста, подождите...');
setTimeout(function(){ setTimeout(function() {
window.location.replace(jsonData.twofaurl); window.location.replace(jsonData.twofaurl);
}, 1000); }, 1000);
} else if (jsonData.errorcode == "0") { } else if (jsonData.errorcode == "0") {
@ -351,7 +362,7 @@ marker.bindPopup("<b>Выбранная точка</b>").openPopup();
type: "POST", type: "POST",
url: "/api/photo/getcomments/<?=$id?>", url: "/api/photo/getcomments/<?= $id ?>",
processData: false, processData: false,
async: true, async: true,
success: function(r) { success: function(r) {

View file

@ -23,7 +23,7 @@ $userprofile = new User(explode('/', $_SERVER['REQUEST_URI'])[2]);
<td class="main"> <td class="main">
<?php <?php
if ($userprofile->i('id') === explode('/', $_SERVER['REQUEST_URI'])[2]) { ?> if ($userprofile->i('id') === explode('/', $_SERVER['REQUEST_URI'])[2]) { ?>
<h1><?= $userprofile->i('username') ?><?php if ($userprofile->i('admin') === 1) { echo '<img width="32" src="/static/img/star.png">'; } ?></h1> <h1><?= htmlspecialchars($userprofile->i('username')) ?><?php if ($userprofile->i('admin') === 1) { echo '<img width="32" src="/static/img/star.png">'; } ?></h1>
<?php <?php
if ($userprofile->i('id') === Auth::userid()) { ?> if ($userprofile->i('id') === Auth::userid()) { ?>
@ -44,21 +44,21 @@ $userprofile = new User(explode('/', $_SERVER['REQUEST_URI'])[2]);
if ($userprofile->content('location') !== null) { ?> if ($userprofile->content('location') !== null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Откуда:</td> <td class="sm" style="padding:3px 10px 3px 0">Откуда:</td>
<td><?= $userprofile->content('location') ?></td> <td><?= htmlspecialchars($userprofile->content('location')) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['aboutlive']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutlive']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Откуда:</td> <td class="sm" style="padding:3px 10px 3px 0">Откуда:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutlive']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutlive']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['aboutbirthday']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutbirthday']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">День рождения:</td> <td class="sm" style="padding:3px 10px 3px 0">День рождения:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutbirthday']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutbirthday']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
</col></table> </col></table>
@ -69,63 +69,63 @@ $userprofile = new User(explode('/', $_SERVER['REQUEST_URI'])[2]);
if (json_decode($userprofile->i('content'), true)['aboutlangs']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutlangs']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Владение языками:</td> <td class="sm" style="padding:3px 10px 3px 0">Владение языками:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutlangs']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutlangs']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['abouttelegram']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['abouttelegram']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Telegram:</td> <td class="sm" style="padding:3px 10px 3px 0">Telegram:</td>
<td><?= json_decode($userprofile->i('content'), true)['abouttelegram']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['abouttelegram']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['aboutvk']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutvk']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">ВКонтакте:</td> <td class="sm" style="padding:3px 10px 3px 0">ВКонтакте:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutvk']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutvk']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['abouttwitter']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['abouttwitter']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Twitter/X:</td> <td class="sm" style="padding:3px 10px 3px 0">Twitter/X:</td>
<td><?= json_decode($userprofile->i('content'), true)['abouttwitter']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['abouttwitter']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['aboutyoutube']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutyoutube']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Twitter/X:</td> <td class="sm" style="padding:3px 10px 3px 0">Twitter/X:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutyoutube']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutyoutube']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['aboutemail']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutemail']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Почта:</td> <td class="sm" style="padding:3px 10px 3px 0">Почта:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutemail']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutemail']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['aboutinstagram']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutinstagram']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Instagram:</td> <td class="sm" style="padding:3px 10px 3px 0">Instagram:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutinstagram']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutinstagram']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['abouttransphoto']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['abouttransphoto']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">TransPhoto:</td> <td class="sm" style="padding:3px 10px 3px 0">TransPhoto:</td>
<td><?= json_decode($userprofile->i('content'), true)['abouttransphoto']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['abouttransphoto']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['aboutwebsite']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutwebsite']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Личный сайт:</td> <td class="sm" style="padding:3px 10px 3px 0">Личный сайт:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutwebsite']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutwebsite']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
</table> </table>
@ -136,21 +136,21 @@ $userprofile = new User(explode('/', $_SERVER['REQUEST_URI'])[2]);
if (json_decode($userprofile->i('content'), true)['aboutfavs_trains']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutfavs_trains']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Любимые модели поездов:</td> <td class="sm" style="padding:3px 10px 3px 0">Любимые модели поездов:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutfavs_trains']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutfavs_trains']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['aboutfavs_countries']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutfavs_countries']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Любимые страны:</td> <td class="sm" style="padding:3px 10px 3px 0">Любимые страны:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutfavs_countries']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutfavs_countries']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
<?php <?php
if (json_decode($userprofile->i('content'), true)['aboutfavs_cities']['value'] != null) { ?> if (json_decode($userprofile->i('content'), true)['aboutfavs_cities']['value'] != null) { ?>
<tr> <tr>
<td class="sm" style="padding:3px 10px 3px 0">Любимые города:</td> <td class="sm" style="padding:3px 10px 3px 0">Любимые города:</td>
<td><?= json_decode($userprofile->i('content'), true)['aboutfavs_cities']['value'] ?></td> <td><?= htmlspecialchars(json_decode($userprofile->i('content'), true)['aboutfavs_cities']['value']) ?></td>
</tr> </tr>
<?php } ?> <?php } ?>
</table> </table>

View file

@ -56,8 +56,8 @@ use \App\Models\User;
</a> </a>
</td> </td>
<td class="d"> <td class="d">
<p><span style="word-spacing:-1px"><b>'.$p['place'].'</b></span></p> <p><span style="word-spacing:-1px"><b>'.htmlspecialchars($p['place']).'</b></span></p>
<p class="sm"><b>'.Date::zmdate($p['posted_at']).'</b><br>Автор: <a href="/author/'.$p['user_id'].'/">'.$author->i('username').'</a></p> <p class="sm"><b>'.Date::zmdate($p['posted_at']).'</b><br>Автор: <a href="/author/'.$p['user_id'].'/">'.htmlspecialchars($author->i('username')).'</a></p>
</td> </td>
<td class="c" style="padding:10px"> <td class="c" style="padding:10px">

View file

@ -20,7 +20,7 @@ $user = new User(Auth::userid());
<tr> <tr>
<td class="main"> <td class="main">
<h1>Общая информация</h1> <h1>Общая информация</h1>
<h4>Здравствуйте, <a href="/author/<?=Auth::userid()?>/"><?=$user->i('username')?></a>!</h4> <h4>Здравствуйте, <a href="/author/<?=Auth::userid()?>/"><?=htmlspecialchars($user->i('username'))?></a>!</h4>
<p> <p>
Количество ваших фотографий на сайте: <b><?=DB::query('SELECT COUNT(*) FROM photos WHERE user_id=:uid', array(':uid'=>Auth::userid()))[0]['COUNT(*)']?></b></p> Количество ваших фотографий на сайте: <b><?=DB::query('SELECT COUNT(*) FROM photos WHERE user_id=:uid', array(':uid'=>Auth::userid()))[0]['COUNT(*)']?></b></p>
<p> <p>

View file

@ -32,9 +32,9 @@ use App\Services\{Router, Auth, DB, Date};
</a></td> </a></td>
<td class="pb_descr"> <td class="pb_descr">
<p><b class="pw-place">'.$p['place'].'</b></p> <p><b class="pw-place">'.htmlspecialchars($p['place']).'</b></p>
<span class="pw-descr">'.$p['postbody'].'</span> <span class="pw-descr">'.htmlspecialchars($p['postbody']).'</span>
<p class="sm"><b>'.Date::zmdate($p['timeupload']).'</b><br>Автор: <a href="/author/'.$p['user_id'].'/">'.$p['username'].'</a></p> <p class="sm"><b>'.Date::zmdate($p['timeupload']).'</b><br>Автор: <a href="/author/'.$p['user_id'].'/">'.htmlspecialchars($p['username']).'</a></p>
</td> </td>
</tr> </tr>
</tbody> </tbody>