diff --git a/CHANGELOG b/CHANGELOG index 7a11378..1d7c617 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,11 @@ +Version 1.12 - Aug. 17, 2015 +Almost all settings moved to setup +Backup/restore for super admin +Moderate and extreme captcha are more readable +Simplified font styling +Linkfilter to modify text of a link +More simplifications and fixes + Version 1.11.2 - Jul. 29, 2015 Fix security vulnerability More simplifications diff --git a/chat.php b/chat.php index e705e2e..25c19cf 100755 --- a/chat.php +++ b/chat.php @@ -58,7 +58,7 @@ if(!isSet($_REQUEST['action'])){ }elseif($_REQUEST['action']=='post'){ check_session(); if(isSet($_REQUEST['kick']) && isSet($_REQUEST['sendto']) && valid_nick($_REQUEST['sendto'])){ - if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){ + if($U['status']>=5 || (get_setting('memkick') && $countmods==0 && $U['status']>=3)){ if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], true); else kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], false); } @@ -146,24 +146,31 @@ if(!isSet($_REQUEST['action'])){ }elseif($_REQUEST['do']=='filter'){ manage_filter(); send_filter(); + }elseif($_REQUEST['do']=='linkfilter'){ + manage_linkfilter(); + send_linkfilter(); } send_admin(); }elseif($_REQUEST['action']=='setup'){ if(check_init()<7) send_init(); update_db(); if(!valid_admin()) send_alogin(); + $settings=array('guestaccess', 'englobalpass', 'globalpass', 'msgenter', 'msgexit', 'msgmemreg', 'msgsureg', 'msgkick', 'msgmultikick', 'msgallkick', 'msgclean', 'dateformat', 'captcha', 'colbg', 'coltxt', 'css', 'memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage', 'maxname', 'minpass', 'defaultrefresh', 'dismemcaptcha', 'suguests', 'imgembed', 'timestamps', 'trackip', 'captchachars', 'memkick', 'forceredirect', 'redirect', 'incognito', 'rulestxt'); if(!isSet($_REQUEST['do'])){ + }elseif($_REQUEST['do']=='backup' && $U['status']==8){ + send_backup(); + }elseif($_REQUEST['do']=='restore' && $U['status']==8){ + restore_backup(); + send_backup(); }elseif($_REQUEST['do']=='save'){ - $settings=array('guestaccess', 'englobalpass', 'globalpass', 'msgenter', 'msgexit', 'msgmemreg', 'msgsureg', 'msgkick', 'msgmultikick', 'msgallkick', 'msgclean', 'dateformat', 'captcha', 'css', 'memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage'); + $_REQUEST['rulestxt']=preg_replace("/(\r?\n|\r\n?)/", '
', $_REQUEST['rulestxt']); + if($_REQUEST['memberexpire']<5) $_REQUEST['memberexpire']=5; + if($_REQUEST['captchatime']<30) $_REQUEST['memberexpire']=30; + if($_REQUEST['defaultrefresh']<5) $_REQUEST['defaultrefresh']=5; + if($_REQUEST['defaultrefresh']>150) $_REQUEST['defaultrefresh']=150; foreach($settings as $setting){ if(isSet($_REQUEST[$setting])) update_setting($setting, $_REQUEST[$setting]); } - if(isSet($_REQUEST['rulestxt'])){ - $_REQUEST['rulestxt']=preg_replace("/\r\n/", '
', $_REQUEST['rulestxt']); - $_REQUEST['rulestxt']=preg_replace("/\n/", '
', $_REQUEST['rulestxt']); - $_REQUEST['rulestxt']=preg_replace("/\r/", '
', $_REQUEST['rulestxt']); - update_setting('rulestxt', $_REQUEST['rulestxt']); - } } send_setup(); }elseif($_REQUEST['action']=='init'){ @@ -176,9 +183,10 @@ exit; // html output subs function print_stylesheet(){ - global $C; $css=get_setting('css'); - echo ""; + $colbg=get_setting('colbg'); + $coltxt=get_setting('coltxt'); + echo ""; } function print_end(){ @@ -222,13 +230,13 @@ function thr(){ } function print_start($class='', $ref=0, $url=''){ - global $C, $H; + global $H; header('Content-Type: text/html; charset=UTF-8'); header('Pragma: no-cache'); header('Cache-Control: no-cache'); header('Expires: 0'); if(!empty($url)) header("Refresh: $ref; URL=$url"); echo "$H[meta_html]"; if(!empty($url)) echo ""; if($class=='init'){ - echo ""; + echo ""; }else{ print_stylesheet(); } @@ -253,10 +261,11 @@ function send_captcha(){ global $C, $I, $memcached, $mysqli; $difficulty=get_setting('captcha'); if($difficulty==0) return; - $length=strlen($C['captchachars'])-1; + $captchachars=get_setting('captchachars'); + $length=strlen($captchachars)-1; $code=''; for($i=0;$i<5;++$i){ - $code.=$C['captchachars'][rand(0, $length)]; + $code.=$captchachars[rand(0, $length)]; } $randid=rand(0, 99999999); $time=time(); @@ -281,8 +290,8 @@ function send_captcha(){ $bg=imagecolorallocate($im, 0, 0, 0); $fg=imagecolorallocate($im, 255, 255, 255); imagefill($im, 0, 0, $bg); - $line=imagecolorallocate($im, 200, 200, 200); - for($i=0;$i<4;++$i){ + $line=imagecolorallocate($im, 100, 100, 100); + for($i=0;$i<3;++$i){ imageline($im, 0, rand(0, 24), 55, rand(0, 24), $line); } $dots=imagecolorallocate($im, 200, 200, 200); @@ -296,27 +305,62 @@ function send_captcha(){ $bg=imagecolorallocate($im, 0, 0, 0); $fg=imagecolorallocate($im, 255, 255, 255); imagefill($im, 0, 0, $bg); - $line=imagecolorallocate($im, 200, 200, 200); - for($i=0;$i<10;++$i){ + $line=imagecolorallocate($im, 100, 100, 100); + for($i=0;$i<5;++$i){ imageline($im, 0, rand(0, 200), 150, rand(0, 200), $line); } $dots=imagecolorallocate($im, 200, 200, 200); for($i=0;$i<1000;++$i){ imagesetpixel($im, rand(0, 150), rand(0, 200), $dots); } + $chars=array(); for($i=0;$i<5;++$i){ - imagechar($im, 5, rand(10, 140), rand(10, 180), $C['captchachars'][rand(0, $length)], $fg); + $found=false; + while(!$found){ + $x=rand(10, 140); + $y=rand(10, 180); + $found=true; + foreach($chars as $char){ + if($char['x']>=$x && ($char['x']-$x)<25) $found=false; + elseif($char['x']<$x && ($x-$char['x'])<25) $found=false; + if(!$found){ + if($char['y']>=$y && ($char['y']-$y)<25) break; + elseif($char['y']<$y && ($y-$char['y'])<25) break; + else $found=true; + } + } + } + $chars[]=array('x', 'y'); + $chars[$i]['x']=$x; + $chars[$i]['y']=$y; + imagechar($im, 5, $chars[$i]['x'], $chars[$i]['y'], $captchachars[rand(0, $length)], $fg); } $x=$y=array(); - $follow=imagecolorallocate($im, 200, 0, 0); - for($i=0;$i<5;++$i){ - $x[]=rand(10, 140); - $y[]=rand(10, 180); - imagechar($im, 5, $x[$i], $y[$i], $code[$i], $fg); + for($i=5;$i<10;++$i){ + $found=false; + while(!$found){ + $x=rand(10, 140); + $y=rand(10, 180); + $found=true; + foreach($chars as $char){ + if($char['x']>=$x && ($char['x']-$x)<25) $found=false; + elseif($char['x']<$x && ($x-$char['x'])<25) $found=false; + if(!$found){ + if($char['y']>=$y && ($char['y']-$y)<25) break; + elseif($char['y']<$y && ($y-$char['y'])<25) break; + else $found=true; + } + } + } + $chars[]=array('x', 'y'); + $chars[$i]['x']=$x; + $chars[$i]['y']=$y; + imagechar($im, 5, $chars[$i]['x'], $chars[$i]['y'], $code[$i-5], $fg); } - imagearc($im, $x[0]+4, $y[0]+8, 16, 16, 0, 360, $follow); - for($i=0;$i<4;++$i){ - imageline($im, $x[$i]+4, $y[$i]+8, $x[$i+1]+4, $y[$i+1]+8, $follow); + $follow=imagecolorallocate($im, 200, 0, 0); + imagearc($im, $chars[5]['x']+4, $chars[5]['y']+8, 16, 16, 0, 360, $follow); + for($i=5;$i<9;++$i){ + imageline($im, $chars[$i]['x']+4, $chars[$i]['y']+8, $chars[$i+1]['x']+4, $chars[$i+1]['y']+8, $follow); } echo ' $I[msgenter] '; echo " $I[msgexit] '; echo " $I[msgmemreg] '; - if($C['suguests']) echo " $I[msgsureg] '; + if(get_setting('suguests')) echo " $I[msgsureg] '; echo " $I[msgkick] '; echo " $I[msgmultikick] '; echo " $I[msgallkick] '; echo " $I[msgclean] '; echo ''; - thr(); - echo "
$I[rules]"; - echo ''; - echo ''; - echo '
'; - thr(); - echo "
$I[dateformat]"; - echo ''; - echo ''; - echo '
'; + $text_settings=array('dateformat', 'captchachars', 'redirect'); + foreach($text_settings as $setting){ + thr(); + echo '
'.$I[$setting].''; + echo ''; + echo "'; + echo '
'; + } + $colour_settings=array('colbg', 'coltxt'); + foreach($colour_settings as $setting){ + thr(); + echo '
'.$I[$setting].''; + echo ''; + echo "'; + echo '
'; + } thr(); echo "
$I[captcha]"; echo ''; - echo ''; echo '
'; - thr(); - echo "
$I[css]"; - echo ''; - echo ''; - echo '
'; - $number_settings=array('memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage'); + $textarea_settings=array('rulestxt', 'css'); + foreach($textarea_settings as $setting){ + thr(); + echo '
'.$I[$setting].''; + echo ''; + echo "'; + echo '
'; + } + $number_settings=array('memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage', 'maxname', 'minpass', 'defaultrefresh'); foreach($number_settings as $setting){ thr(); echo ''; echo '
'.$I[$setting].''; @@ -397,8 +454,121 @@ function send_setup(){ echo "
'; } + $bool_settings=array('suguests', 'imgembed', 'timestamps', 'trackip', 'memkick', 'forceredirect', 'incognito'); + foreach($bool_settings as $setting){ + thr(); + echo '
'.$I[$setting].''; + echo ''; + echo "
'; + } thr(); - echo ''.submit($I['apply'])."
<$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['logout'])."$H[credit]"; + echo ''.submit($I['apply']).'
'; + echo ''; + if($U['status']==8) echo ""; + echo "
<$H[form]>".hidden('action', 'setup').hidden('do', 'backup').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['backuprestore'])."<$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['logout'], 'id="exitbutton"')."
$H[credit]"; + print_end(); +} + +function restore_backup(){ + global $C, $mysqli, $settings; + $code=json_decode($_REQUEST['restore'], true); + if(isSet($_REQUEST['settings'])){ + foreach($settings as $setting){ + if(isSet($code['settings'][$setting])) update_setting($setting, $code['settings'][$setting]); + } + } + if(isSet($_REQUEST['filter']) && (isSet($code['filters']) || isSet($code['linkfilters']))){ + mysqli_query($mysqli, "DELETE FROM `$C[prefix]filter`"); + mysqli_query($mysqli, "DELETE FROM `$C[prefix]linkfilter`"); + $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]filter` (`match`, `replace`, `allowinpm`, `regex`, `kick`) VALUES (?, ?, ?, ?, ?)"); + foreach($code['filters'] as $filter){ + mysqli_stmt_bind_param($stmt, 'ssiii', $filter['match'], $filter['replace'], $filter['allowinpm'], $filter['regex'], $filter['kick']); + mysqli_stmt_execute($stmt); + } + mysqli_stmt_close($stmt); + $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]linkfilter` (`match`, `replace`, `regex`) VALUES (?, ?, ?)"); + foreach($code['linkfilters'] as $filter){ + mysqli_stmt_bind_param($stmt, 'ssi', $filter['match'], $filter['replace'], $filter['regex']); + mysqli_stmt_execute($stmt); + } + mysqli_stmt_close($stmt); + if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]filter"); + if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]linkfilter"); + } + if(isSet($_REQUEST['members']) && isSet($code['members'])){ + mysqli_query($mysqli, "DELETE FROM `$C[prefix]members`"); + $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `lastlogin`, `timestamps`, `embed`, `incognito`, `style`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + foreach($code['members'] as $member){ + mysqli_stmt_bind_param($stmt, 'ssiisiiiisiiiis', $member['nickname'], $member['passhash'], $member['status'], $member['refresh'], $member['bgcolour'], $member['boxwidth'], $member['boxheight'], $member['notesboxwidth'], $member['notesboxheight'], $member['regedby'], $member['lastlogin'], $member['timestamps'], $member['embed'], $member['incognito'], $member['style']); + mysqli_stmt_execute($stmt); + } + mysqli_stmt_close($stmt); + if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); + } + if(isSet($_REQUEST['notes']) && isSet($code['notes'])){ + mysqli_query($mysqli, "DELETE FROM `$C[prefix]notes`"); + $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]notes` (`type`, `lastedited`, `editedby`, `text`) VALUES (?, ?, ?, ?)"); + foreach($code['notes'] as $note){ + mysqli_stmt_bind_param($stmt, 'siss', $note['type'], $note['lastedited'], $note['editedby'], $note['text']); + mysqli_stmt_execute($stmt); + } + mysqli_stmt_close($stmt); + } +} + +function send_backup(){ + global $C, $H, $I, $U, $mysqli, $settings; + $code=array(); + if($_REQUEST['do']=='backup'){ + if(isSet($_REQUEST['settings'])) foreach($settings as $setting) $code['settings'][$setting]=get_setting($setting); + if(isSet($_REQUEST['filter'])){ + $result=mysqli_query($mysqli, "SELECT `match`, `replace`, `allowinpm`, `regex`, `kick` FROM `$C[prefix]filter`"); + while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $code['filters'][]=$filter; + $result=mysqli_query($mysqli, "SELECT `match`, `replace`, `regex` FROM `$C[prefix]linkfilter`"); + while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $code['linkfilters'][]=$filter; + } + if(isSet($_REQUEST['members'])){ + $result=mysqli_query($mysqli, "SELECT `nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `lastlogin`, `timestamps`, `embed`, `incognito`, `style` FROM `$C[prefix]members`"); + while($member=mysqli_fetch_array($result, MYSQLI_ASSOC)) $code['members'][]=$member; + } + if(isSet($_REQUEST['notes'])){ + $result=mysqli_query($mysqli, "SELECT `type`, `lastedited`, `editedby`, `text` FROM `$C[prefix]notes` WHERE `type`='admin' ORDER BY `id` DESC LIMIT 1"); + $code['notes'][]=mysqli_fetch_array($result, MYSQLI_ASSOC); + $result=mysqli_query($mysqli, "SELECT `type`, `lastedited`, `editedby`, `text` FROM `$C[prefix]notes` WHERE `type`='staff' ORDER BY `id` DESC LIMIT 1"); + $code['notes'][]=mysqli_fetch_array($result, MYSQLI_ASSOC); + } + } + if(isSet($_REQUEST['settings'])) $chksettings=' checked'; else $chksettings=''; + if(isSet($_REQUEST['filter'])) $chkfilters=' checked'; else $chkfilters=''; + if(isSet($_REQUEST['members'])) $chkmembers=' checked'; else $chkmembers=''; + if(isSet($_REQUEST['notes'])) $chknotes=' checked'; else $chknotes=''; + print_start('backup'); + echo "

$I[backuprestore]

"; + thr(); + echo "'; + thr(); + echo "'; + thr(); + echo ""; + echo '
<$H[form]>".hidden('action', 'setup').hidden('do', 'backup').hidden('session', $U['session']).hidden('lang', $C['lang']); + echo '
'; + echo ""; + echo ""; + echo ""; + echo ""; + echo ''.submit($I['backup']).'
<$H[form]>".hidden('action', 'setup').hidden('do', 'restore').hidden('session', $U['session']).hidden('lang', $C['lang']); + echo ''; + echo "'; + echo "
"; + echo ""; + echo ""; + echo ""; + echo submit($I['restore']).'
'; + echo '
<$H[form]>".hidden('action', 'setup').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['initgosetup'], 'class="backbutton"')."
'; print_end(); } @@ -443,14 +613,20 @@ function send_alogin(){ } function send_admin($arg=''){ - global $C, $H, $I, $P, $U; + global $C, $H, $I, $U; $ga=get_setting('guestaccess'); print_start('admin'); + $lines=parse_sessions(); + foreach($lines as $temp){ + if($temp['entry']!=0 && $temp['status']!=0){ + $Present[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']]; + } + } $chlist="'; echo "

$I[admfunc]

$arg"; @@ -475,12 +651,12 @@ function send_admin($arg=''){ echo "'; + $views=array('sessions', 'filter', 'linkfilter'); + foreach($views as $view){ thr(); - echo "'; - thr(); - echo "'; + echo ''; + } thr(); echo "'; thr(); - if($C['suguests']){ + if(get_setting('suguests')){ echo "'; @@ -505,7 +681,7 @@ function send_admin($arg=''){ echo frmadm('status')."
$I[logoutinact]"; echo frmadm('logout')."
$chlist"; echo submit($I['logout']).'
$I[viewsess]"; - echo frmadm('sessions').'
'.submit($I['view']).'
$I[filter]"; - echo frmadm('filter').'
'.submit($I['view']).'
'.$I[$view].''; + echo frmadm($view).'
'.submit($I['view']).'
$I[guestacc]"; echo frmadm('guestaccess').''; @@ -491,10 +667,10 @@ function send_admin($arg=''){ echo '"; echo '
'.submit($I['change']).'
$I[addsuguest]"; echo frmadm('superguest')."
'.submit($I['register']).'
'; @@ -530,12 +706,13 @@ function send_admin($arg=''){ } function send_sessions(){ - global $C, $H, $I, $U; + global $H, $I, $U; $lines=parse_sessions(); print_start('sessions'); echo "

$I[sessact]

$I[regguest]"; echo frmadm('register')."
'.submit($I['register']).'
"; echo ""; - if($C['trackip']) echo ""; + $trackip=get_setting('trackip'); + if($trackip) echo ""; echo ""; foreach($lines as $temp){ if($temp['status']!=0 && $temp['entry']!=0 && (!$temp['incognito'] || $temp['status']<$U['status'])){ @@ -545,14 +722,14 @@ function send_sessions(){ elseif($temp['status']==6) $s=' (SM)'; elseif($temp['status']==7) $s=' (A)'; elseif($temp['status']==8) $s=' (SA)'; - echo ''; + echo ''; if($U['status']>$temp['status'] || $U['session']==$temp['session']){ echo ""; - if($C['trackip']) echo ""; + if($trackip) echo ""; echo "'; }else{ echo ''; - if($C['trackip']) echo ''; + if($trackip) echo ''; echo ''; } } @@ -600,6 +777,41 @@ function manage_filter(){ } } +function manage_linkfilter(){ + global $C, $I, $memcached, $mysqli; + if(isSet($_REQUEST['id'])){ + $_REQUEST['match']=htmlspecialchars($_REQUEST['match']); + if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){ + if(!is_int(@preg_match("/$_REQUEST[match]/", ''))) send_linkfilter($I['incorregex']); + $reg=1; + }else{ + $_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']); + $reg=0; + } + if(preg_match('/^[0-9]*$/', $_REQUEST['id'])){ + if(empty($_REQUEST['match'])){ + $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]linkfilter` WHERE `id`=?"); + mysqli_stmt_bind_param($stmt, 'i', $_REQUEST['id']); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]linkfilter"); + }else{ + $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]linkfilter` SET `match`=?, `replace`=?, `regex`=? WHERE `id`=?"); + mysqli_stmt_bind_param($stmt, 'ssii', $_REQUEST['match'], $_REQUEST['replace'], $reg, $_REQUEST['id']); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]linkfilter"); + } + }elseif(preg_match('/^\+$/', $_REQUEST['id'])){ + $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]linkfilter` (`match`, `replace`, `regex`) VALUES (?, ?, ?)"); + mysqli_stmt_bind_param($stmt, 'ssi', $_REQUEST['match'], $_REQUEST['replace'], $reg); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]linkfilter"); + } + } +} + function send_filter($arg=''){ global $C, $H, $I, $U, $memcached, $mysqli; print_start('filter'); @@ -648,6 +860,44 @@ function send_filter($arg=''){ print_end(); } +function send_linkfilter($arg=''){ + global $C, $H, $I, $U, $memcached, $mysqli; + print_start('linkfilter'); + echo "

$I[linkfilter]

$arg
$I[sessnick]$I[sesstimeout]$I[sessua]$I[sesip]$I[sesip]$I[actions]
'.style_this($temp['nickname'].$s, $temp['fontinfo']).''.get_timeout($temp['lastpost'], $temp['status']).'
'.style_this($temp['nickname'].$s, $temp['style']).''.get_timeout($temp['lastpost'], $temp['status']).'$temp[useragent]$temp[ip]$temp[ip]".frmadm('sessions').hidden('nick', $temp['nickname']).submit($I['kick']).'
----
"; + thr(); + echo ""; + if($C['memcached']) $filters=$memcached->get("$C[dbname]-$C[prefix]linkfilter"); + if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ + $filters=array(); + $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]linkfilter`"); + while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $filters[]=$filter; + if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]linkfilter", $filters); + } + foreach($filters as $filter){ + if($filter['regex']==1) $checked=' checked'; + else $checked=''; + if($filter['regex']==0) $filter['match']=preg_replace('/(\\\\(.))/', "$2", $filter['match']); + echo ''; + } + echo ''; + echo "
"; + echo ""; + echo ""; + echo ""; + echo "
$I[fid]
$I[match]
$I[replace]
$I[regex]
$I[apply]
'.frmadm('linkfilter').hidden('id', $filter['id']); + echo ""; + echo ""; + echo '"; + echo ""; + echo '
$I[filter] $filter[id]:'.submit($I['change']).'
'.frmadm('linkfilter').hidden('id', '+'); + echo ""; + echo ""; + echo ""; + echo ""; + echo '
$I[newfilter]'.submit($I['add']).'

$H[backtochat]
"; + print_end(); +} + function send_frameset(){ global $C, $H, $I, $U, $mysqli; header('Content-Type: text/html; charset=UTF-8'); header('Pragma: no-cache'); header('Cache-Control: no-cache'); header('Expires: 0'); @@ -670,11 +920,11 @@ function send_messages(){ $url="$_SERVER[SCRIPT_NAME]?action=view&session=$U[session]&lang=$C[lang]"; } print_start('messages', $U['refresh'], $url); - echo ''; + echo ''; print_chatters(); - echo "
$I[bottom]
"; + echo "$I[bottom]"; print_messages(); - echo "
$I[top]
"; + echo "$I[top]"; print_end(); } @@ -723,7 +973,7 @@ function send_approve_waiting(){ echo frmadm('approve').''; echo ""; while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ - echo ''.hidden('alls[]', $temp['nickname']).""; + echo ''.hidden('alls[]', $temp['nickname']).""; } echo "
$I[sessnick]$I[sessua]
$temp[useragent]
$temp[useragent]

"; echo ""; @@ -762,17 +1012,18 @@ function send_waiting_room(){ }elseif(!$wait && $U['entry']!=0){ send_frameset(); }else{ + $refresh=get_setting('defaultrefresh'); if(isSet($_COOKIE['test'])){ - header("Refresh: $C[defaultrefresh]; URL=$_SERVER[SCRIPT_NAME]?action=wait"); - print_start('waitingroom', $C['defaultrefresh'], "$_SERVER[SCRIPT_NAME]?action=wait"); + header("Refresh: $refresh; URL=$_SERVER[SCRIPT_NAME]?action=wait"); + print_start('waitingroom', $refresh, "$_SERVER[SCRIPT_NAME]?action=wait"); }else{ - header("Refresh: $C[defaultrefresh]; URL=$_SERVER[SCRIPT_NAME]?action=wait&session=$U[session]"); - print_start('waitingroom', $C['defaultrefresh'], "$_SERVER[SCRIPT_NAME]?action=wait&session=$U[session]&lang=$C[lang]"); + header("Refresh: $refresh; URL=$_SERVER[SCRIPT_NAME]?action=wait&session=$U[session]"); + print_start('waitingroom', $refresh, "$_SERVER[SCRIPT_NAME]?action=wait&session=$U[session]&lang=$C[lang]"); } if($wait){ - echo "

$I[waitingroom]

".sprintf($I['waittext'], $U['displayname'], $timeleft).'


'.sprintf($I['waitreload'], $C['defaultrefresh']).'



'; + echo "

$I[waitingroom]

".sprintf($I['waittext'], style_this($U['nickname'], $U['style']), $timeleft).'


'.sprintf($I['waitreload'], $refresh).'



'; }else{ - echo "

$I[waitingroom]

".sprintf($I['admwaittext'], $U['displayname']).'


'.sprintf($I['waitreload'], $C['defaultrefresh']).'



'; + echo "

$I[waitingroom]

".sprintf($I['admwaittext'], style_this($U['nickname'], $U['style'])).'


'.sprintf($I['waitreload'], $refresh).'



'; } echo "
".hidden('action', 'wait').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['reload']).'
'; $rulestxt=get_setting('rulestxt'); @@ -803,13 +1054,13 @@ function send_del_confirm(){ } function send_post(){ - global $C, $I, $P, $U, $countmods; + global $I, $P, $U, $countmods; $U['postid']=substr(time(), -6); print_start('post'); if(!isSet($_REQUEST['multi'])) $_REQUEST['multi']=''; if(!isSet($_REQUEST['sendto'])) $_REQUEST['sendto']=''; echo '
'.frmpst('post').hidden('postid', $U['postid']).hidden('multi', $_REQUEST['multi']); - echo ""; + echo '
$U[displayname]:
'; if(!isSet($U['rejected'])) $U['rejected']=''; if(isSet($_REQUEST['multi']) && $_REQUEST['multi']=='on'){ echo ""; @@ -844,11 +1095,11 @@ function send_post(){ if($U['nickname']!==$user[0] && !in_array($user[0], $ignored)){ echo '"; + echo "value=\"$user[0]\" style=\"$user[1]\">$user[0]"; } } echo ''; - if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){ + if($U['status']>=5 || (get_setting('memkick') && $countmods==0 && $U['status']>=3)){ echo ""; echo ""; } @@ -867,12 +1118,12 @@ function send_post(){ } function send_help(){ - global $C, $H, $I, $U; + global $H, $I, $U; print_start('help'); $rulestxt=get_setting('rulestxt'); if(!empty($rulestxt)) echo "

$I[rules]

$rulestxt

"; echo "

$I[help]

$I[helpguest]"; - if($C['imgembed']) echo "
$I[helpembed]"; + if(get_setting('imgembed')) echo "
$I[helpembed]"; if($U['status']>=3){ echo "
$I[helpmem]
"; if($U['status']>=5){ @@ -880,7 +1131,7 @@ function send_help(){ if($U['status']>=7) echo "
$I[helpadm]
"; } } - echo "
$H[backtochat]$H[credit]"; + echo "
$H[backtochat]$H[credit]
"; print_end(); } @@ -902,7 +1153,7 @@ function send_profile($arg=''){ $style=''; foreach($P as $user){ if($ign==$user[0]){ - $style=" style=\"$user[2]\""; + $style=" style=\"$user[1]\""; break; } } @@ -916,7 +1167,7 @@ function send_profile($arg=''){ echo "
'.style_this($U['nickname'], $U['style']).':
 
'; @@ -926,6 +1177,8 @@ function send_profile($arg=''){ echo " "; thr(); if(!isSet($_COOKIE[$C['cookiename']])) $session='&session=$U[session]'; else $session=''; + preg_match('/#([0-9a-f]{6})/i', $U['style'], $matches); + $U['colour']=$matches[1]; echo "
$I[fontcolour] ($I[viewexample])"; echo "
 
"; thr(); @@ -936,32 +1189,32 @@ function send_profile($arg=''){ echo "
$I[fontface]"; echo "
  /', $U['fontinfo'])) echo ' checked'; + if(preg_match('/font-weight:bold;/', $U['style'])) echo ' checked'; echo "> /', $U['fontinfo'])) echo ' checked'; + if(preg_match('/font-style:italic;/', $U['style'])) echo ' checked'; echo ">
"; thr(); } - echo "$U[displayname] : ".style_this($I['fontexample'], $U['fontinfo']).''; + echo ''.style_this("$U[nickname] : $I[fontexample]", $U['style']).''; thr(); echo "
$I[timestamps]"; echo '
 
"; thr(); - if($C['imgembed']){ + if(get_setting('imgembed')){ echo "
$I[embed]"; echo '
 
"; thr(); } - if($U['status']>=5 && $C['incognito']){ + if($U['status']>=5 && get_setting('incognito')){ echo "
$I[incognito]"; echo '
 

'.sprintf($I['bye'], $U['displayname'])."

$H[backtologin]"; + echo '

'.sprintf($I['bye'], style_this($U['nickname'], $U['style']))."

$H[backtologin]
"; print_end(); } @@ -1038,7 +1291,8 @@ function send_login(){ print_start('login'); $ga=get_setting('guestaccess'); $englobal=get_setting('englobalpass'); - echo "

$C[chatname]

<$H[form] target=\"_parent\">".hidden('action', 'login').hidden('lang', $C['lang']); + echo "

$C[chatname]

"; + echo "<$H[form] target=\"_parent\">".hidden('action', 'login').hidden('lang', $C['lang']); if($englobal==1 && isSet($_POST['globalpass'])) echo hidden('globalpass', $_POST['globalpass']); echo ''; if($englobal!=1 || (isSet($_POST['globalpass']) && $_POST['globalpass']==get_setting('globalpass'))){ @@ -1066,7 +1320,7 @@ function send_login(){ foreach($L as $lang=>$name){ echo " $name"; } - echo "

$H[credit]"; + echo "

$H[credit]"; print_end(); } @@ -1086,10 +1340,10 @@ function print_chatters(){ if($temp[0]>0) echo ''; } if(!empty($M)){ - echo "'; + echo "'; if(!empty($G)) echo ''; } - if(!empty($G)) echo "'; + if(!empty($G)) echo "'; echo '
'.frmadm('approve').submit(sprintf($I['approveguests'], $temp[0])).' $I[members] ".implode('   ', $M).'$I[members]: ".implode('   ', $M).'  $I[guests] ".implode('   ', $G).'$I[guests]: ".implode('   ', $G).'
'; } @@ -1113,15 +1367,14 @@ function print_memberslist(){ function create_session($setup){ global $C, $I, $U, $memcached, $mysqli; - $U['nickname']=cleanup_nick($_REQUEST['nick']); + $U['nickname']=preg_replace('/\s+/', '', $_REQUEST['nick']); $U['passhash']=md5(sha1(md5($U['nickname'].$_REQUEST['pass']))); - if(isSet($_REQUEST['colour'])) $U['colour']=$_REQUEST['colour']; - else $U['colour']=$C['coltxt']; + if(isSet($_REQUEST['colour'])) $U['colour']=$_REQUEST['colour']; else $U['colour']=''; $U['status']=1; check_member(); add_user_defaults(); if($setup) $U['incognito']=true; - if(get_setting('captcha')>0 && ($U['status']==1 || !$C['dismemcaptcha'])){ + if(get_setting('captcha')>0 && ($U['status']==1 || get_setting('dismemcaptcha')==0)){ if(!isSet($_REQUEST['challenge'])) send_error($I['wrongcaptcha']); if(!$C['memcached']){ $stmt=mysqli_prepare($mysqli, "SELECT `code` FROM `$C[prefix]captcha` WHERE `id`=?"); @@ -1131,7 +1384,7 @@ function create_session($setup){ if(!mysqli_stmt_fetch($stmt)) send_error($I['captchaexpire']); mysqli_stmt_close($stmt); }else{ - if(!$code=$memcached->get("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]")) send_error($I['captchexpire']); + if(!$code=$memcached->get("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]")) send_error($I['captchaexpire']); $memcached->delete("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]"); } if($_REQUEST['captcha']!=$code) send_error($I['wrongcaptcha']); @@ -1142,8 +1395,8 @@ function create_session($setup){ mysqli_stmt_close($stmt); } if($U['status']==1){ - if(!valid_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname'])); - if(!valid_pass($_REQUEST['pass'])) send_error(sprintf($I['invalpass'], $C['minpass'])); + if(!valid_nick($U['nickname'])) send_error(sprintf($I['invalnick'], get_setting('maxname'))); + if(!valid_pass($_REQUEST['pass'])) send_error(sprintf($I['invalpass'], get_setting('minpass'))); if(get_setting('guestaccess')==0) send_error($I['noguests']); if(get_setting('englobalpass')!=0 && isSet($_REQUEST['globalpass']) && $_REQUEST['globalpass']!=get_setting('globalpass')) send_error($I['wrongglobalpass']); } @@ -1151,44 +1404,41 @@ function create_session($setup){ } function write_new_session(){ - global $C, $I, $U, $mysqli; + global $C, $H, $I, $U, $mysqli; // read and update current sessions $lines=parse_sessions(); - $sids; $inuse=false; $reentry=false; + $sids; $reentry=false; foreach($lines as $temp){ $sids[$temp['session']]=true;// collect all existing ids if($temp['nickname']==$U['nickname']){// nick already here? if($U['passhash']==$temp['passhash']){ $U=$temp; - add_user_defaults(); + if($U['status']==0){ + setcookie($C['cookiename'], false); + send_error("$I[kicked]
$U[kickmessage]"); + } setcookie($C['cookiename'], $U['session']); + $H['begin_body']="body style=\"background-color:#$U[bgcolour];\""; $reentry=true; break; }else{ - $inuse=true; - break; + send_error($I['wrongpass']); } } } // create new session: - if(!$inuse && !$reentry){ + if(!$reentry){ do{ $U['session']=md5(time().rand().$U['nickname']); }while(isSet($sids[$U['session']]));// check for hash collision if(isSet($_SERVER['HTTP_USER_AGENT'])) $useragent=htmlspecialchars($_SERVER['HTTP_USER_AGENT']); else $useragent=''; - $ip=$_SERVER['REMOTE_ADDR']; - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]sessions` (`session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `bgcolour`, `notesboxwidth`, `notesboxheight`, `entry`, `timestamps`, `embed`, `incognito`, `ip`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); - mysqli_stmt_bind_param($stmt, 'sssiissisiiissiiiiiis', $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $useragent, $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito'], $ip); + $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]sessions` (`session`, `nickname`, `status`, `refresh`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `bgcolour`, `notesboxwidth`, `notesboxheight`, `entry`, `timestamps`, `embed`, `incognito`, `ip`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + mysqli_stmt_bind_param($stmt, 'ssiisisiiissiiiiiis', $U['session'], $U['nickname'], $U['status'], $U['refresh'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $useragent, $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito'], $_SERVER['REMOTE_ADDR']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); setcookie($C['cookiename'], $U['session']); - if($U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgenter'), $U['displayname'])); - }elseif($inuse){ - send_error($I['wrongpass']); - }elseif($U['status']==0){ - setcookie($C['cookiename'], false); - send_error("$I[kicked]
$U[kickmessage]"); + if($U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgenter'), style_this($U['nickname'], $U['style']))); } } @@ -1231,10 +1481,10 @@ function check_login(){ global $C, $I, $U, $mysqli; $ga=get_setting('guestaccess'); if(isSet($_POST['session'])){ - $stmt=mysqli_prepare($mysqli, "SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed`, `incognito` FROM `$C[prefix]sessions` WHERE `session`=?"); + $stmt=mysqli_prepare($mysqli, "SELECT `session`, `nickname`, `status`, `refresh`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed`, `incognito` FROM `$C[prefix]sessions` WHERE `session`=?"); mysqli_stmt_bind_param($stmt, 's', $_POST['session']); mysqli_stmt_execute($stmt); - mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']); + mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['status'], $U['refresh'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']); if(mysqli_stmt_fetch($stmt)){ mysqli_stmt_close($stmt); if($U['status']==0){ @@ -1293,7 +1543,7 @@ function kill_session(){ mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } - elseif($U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgexit'), $U['displayname'])); + elseif($U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgexit'), style_this($U['nickname'], $U['style']))); } function kick_chatter($names, $mes, $purge){ @@ -1308,7 +1558,7 @@ function kick_chatter($names, $mes, $purge){ mysqli_stmt_bind_param($stmt, 'ss', $mes, $temp['session']); mysqli_stmt_execute($stmt); if($purge) del_all_messages($temp['nickname'], 10, 0); - $lonick.="$temp[displayname], "; + $lonick.=style_this($temp['nickname'], $temp['style']).', '; ++$i; unset($P[$name]); } @@ -1362,23 +1612,6 @@ function logout_chatter($names){ mysqli_stmt_close($stmt3); } -function update_session(){ - global $C, $U, $mysqli; - if($U['postid']==$_REQUEST['postid']){// ignore double post=reload from browser or proxy - $_REQUEST['message']=''; - }elseif(time()-$U['lastpost']<=1){// time between posts too short, reject! - $U['rejected']=$_REQUEST['message']; - $_REQUEST['message']=''; - }else{// valid post - $U['postid']=substr($_REQUEST['postid'], 0, 6); - $U['lastpost']=time(); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`=?, `postid`=? WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 'iis', $U['lastpost'], $U['postid'], $U['session']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - } -} - function check_session(){ global $C, $I, $U; parse_sessions(); @@ -1402,7 +1635,7 @@ function get_nowchatting(){ } function parse_sessions(){ - global $C, $G, $M, $P, $U, $countmods, $memcached, $mysqli; + global $C, $G, $H, $M, $P, $U, $countmods, $memcached, $mysqli; $result=mysqli_query($mysqli, "SELECT `nickname`, `status`, `session` FROM `$C[prefix]sessions` WHERE (`lastpost`<'".(time()-60*get_setting('guestexpire'))."' AND `status`<='2') OR (`lastpost`<'".(time()-60*get_setting('memberexpire'))."' AND `status`>'2')"); if(mysqli_num_rows($result)>0){ $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]sessions` WHERE `nickname`=?"); @@ -1434,7 +1667,7 @@ function parse_sessions(){ foreach($lines as $temp){ if($temp['session']==$_REQUEST['session']){ $U=$temp; - add_user_defaults(); + $H['begin_body']="body style=\"background-color:#$U[bgcolour];\""; break; } } @@ -1446,12 +1679,12 @@ function parse_sessions(){ foreach($lines as $temp){ if($temp['entry']!=0){ if($temp['status']==1 || $temp['status']==2){ - $P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']]; - $G[]=$temp['displayname']; + $P[$temp['nickname']]=[$temp['nickname'], $temp['style']]; + $G[]=style_this($temp['nickname'], $temp['style']); }elseif($temp['status']>2){ if(!$temp['incognito']){ - $P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']]; - $M[]=$temp['displayname']; + $P[$temp['nickname']]=[$temp['nickname'], $temp['style']]; + $M[]=style_this($temp['nickname'], $temp['style']); } if($temp['status']>=5) ++$countmods; } @@ -1464,10 +1697,10 @@ function parse_sessions(){ function check_member(){ global $C, $I, $U, $mysqli; - $stmt=mysqli_prepare($mysqli, "SELECT `nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `fontface`, `fonttags`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `lastlogin`, `timestamps`, `embed`, `incognito` FROM `$C[prefix]members` WHERE `nickname`=?"); + $stmt=mysqli_prepare($mysqli, "SELECT `nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `lastlogin`, `timestamps`, `embed`, `incognito`, `style` FROM `$C[prefix]members` WHERE `nickname`=?"); mysqli_stmt_bind_param($stmt, 's', $U['nickname']); mysqli_stmt_execute($stmt); - mysqli_stmt_bind_result($stmt, $temp['nickname'], $temp['passhash'], $temp['status'], $temp['refresh'], $temp['colour'], $temp['bgcolour'], $temp['fontface'], $temp['fonttags'], $temp['boxwidth'], $temp['boxheight'], $temp['notesboxwidth'], $temp['notesboxheight'], $temp['lastlogin'], $temp['timestamps'], $temp['embed'], $temp['incognito']); + mysqli_stmt_bind_result($stmt, $temp['nickname'], $temp['passhash'], $temp['status'], $temp['refresh'], $temp['bgcolour'], $temp['boxwidth'], $temp['boxheight'], $temp['notesboxwidth'], $temp['notesboxheight'], $temp['lastlogin'], $temp['timestamps'], $temp['embed'], $temp['incognito'], $temp['style']); if(mysqli_stmt_fetch($stmt)){ if($temp['passhash']==$U['passhash']){ mysqli_stmt_close($stmt); @@ -1485,14 +1718,14 @@ function check_member(){ } function read_members(){ - global $A, $C, $F, $memcached, $mysqli; + global $A, $C, $memcached, $mysqli; if($C['memcached']) $A=$memcached->get("$C[dbname]-$C[prefix]members"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]members`"); while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ $A[$temp['nickname']][0]=$temp['nickname']; $A[$temp['nickname']][1]=$temp['status']; - $A[$temp['nickname']][2]=@get_style("#$temp[colour] {$F[$temp['fontface']]} <$temp[fonttags]>"); + $A[$temp['nickname']][2]=$temp['style']; } if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]members", $A); } @@ -1504,15 +1737,15 @@ function register_guest($status){ if(!isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); read_members(); if(isSet($A[$_REQUEST['name']])) send_admin(sprintf($I['alreadyreged'], $_REQUEST['name'])); - $stmt=mysqli_prepare($mysqli, "SELECT `session`, `nickname`, `displayname`, `passhash`, `refresh`, `fontinfo`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito` FROM `$C[prefix]sessions` WHERE `nickname`=? AND `status`='1'"); + $stmt=mysqli_prepare($mysqli, "SELECT `session`, `nickname`, ``passhash`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito` FROM `$C[prefix]sessions` WHERE `nickname`=? AND `status`='1'"); mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); mysqli_stmt_execute($stmt); - mysqli_stmt_bind_result($stmt, $reg['session'], $reg['nickname'], $reg['displayname'], $reg['passhash'], $reg['refresh'], $reg['fontinfo'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito']); + mysqli_stmt_bind_result($stmt, $reg['session'], $reg['nickname'], $reg['passhash'], $reg['refresh'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito']); if(mysqli_stmt_fetch($stmt)){ mysqli_stmt_close($stmt); $reg['status']=$status; - if(preg_match('/#([a-f0-9]{6})/i', $reg['fontinfo'], $match)) $reg['colour']=$match[1]; - else $reg['colour']=$C['coltxt']; + if(preg_match('/#([a-f0-9]{6})/i', $reg['style'], $match)) $reg['colour']=$match[1]; + else $reg['colour']=get_setting('coltxt'); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `status`=? WHERE `session`=?"); mysqli_stmt_bind_param($stmt, 'is', $reg['status'], $reg['session']); mysqli_stmt_execute($stmt); @@ -1526,37 +1759,37 @@ function register_guest($status){ mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); - if($reg['status']==3) add_system_message(sprintf(get_setting('msgmemreg'), $reg['displayname'])); - else add_system_message(sprintf(get_setting('msgsureg'), $reg['displayname'])); + if($reg['status']==3) add_system_message(sprintf(get_setting('msgmemreg'), style_this($reg['nickname'], $reg['style']))); + else add_system_message(sprintf(get_setting('msgsureg'), style_this($reg['nickname'], $reg['style']))); } function register_new(){ global $A, $C, $I, $P, $U, $memcached, $mysqli; - $_REQUEST['name']=cleanup_nick($_REQUEST['name']); + $_REQUEST['name']=preg_replace('/\s+/', '', $_REQUEST['name']); if(empty($_REQUEST['name'])) send_admin(); if(isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); - if(!valid_nick($_REQUEST['name'])) send_admin(sprintf($I['invalnick'], $C['maxname'])); - if(!valid_pass($_REQUEST['pass'])) send_admin(sprintf($I['invalpass'], $C['minpass'])); + if(!valid_nick($_REQUEST['name'])) send_admin(sprintf($I['invalnick'], get_setting('maxname'))); + if(!valid_pass($_REQUEST['pass'])) send_admin(sprintf($I['invalpass'], get_setting('minpass'))); read_members(); if(isSet($A[$_REQUEST['name']])) send_admin(sprintf($I['alreadyreged'], $_REQUEST['name'])); $reg=array( 'nickname' =>$_REQUEST['name'], 'passhash' =>md5(sha1(md5($_REQUEST['name'].$_REQUEST['pass']))), 'status' =>3, - 'refresh' =>$C['defaultrefresh'], - 'colour' =>$C['coltxt'], - 'bgcolour' =>$C['colbg'], + 'refresh' =>get_setting('defaultrefresh'), + 'bgcolour' =>get_setting('colbg'), 'boxwidth' =>40, 'boxheight' =>3, 'notesboxwidth' =>80, 'notesboxheight'=>30, 'regedby' =>$U['nickname'], - 'timestamps' =>$C['timestamps'], - 'embed' =>$C['embed'], - 'incognito' =>false + 'timestamps' =>get_setting('timestamps'), + 'embed' =>true, + 'incognito' =>false, + 'style' =>'color:#'.get_setting('coltxt').';' ); - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`,`notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); - mysqli_stmt_bind_param($stmt, 'ssiissiiiisiii', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['regedby'], $reg['timestamps'], $reg['embed'], $reg['incognito']); + $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`,`notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`, `style`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + mysqli_stmt_bind_param($stmt, 'ssiisiiiisiiis', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['regedby'], $reg['timestamps'], $reg['embed'], $reg['incognito'], $reg['style']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); @@ -1605,37 +1838,31 @@ function change_status(){ } function amend_profile(){ - global $C, $F, $U; + global $F, $U; if(isSet($_REQUEST['refresh'])) $U['refresh']=$_REQUEST['refresh']; - else $U['refresh']=$C['defaultrefresh']; if($U['refresh']<5) $U['refresh']=5; elseif($U['refresh']>150) $U['refresh']=150; if(preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['colour'])) $U['colour']=$_REQUEST['colour']; - else $U['colour']=$C['coltxt']; + else{ + preg_match('/#([0-9a-f]{6})/i', $U['style'], $matches); + $U['colour']=$matches[1]; + } if(preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['bgcolour'])) $U['bgcolour']=$_REQUEST['bgcolour']; - else $U['bgcolour']=$C['colbg']; - $U['fonttags']=''; - if($U['status']>=3 && isSet($_REQUEST['bold'])) $U['fonttags'].='b'; - if($U['status']>=3 && isSet($_REQUEST['italic'])) $U['fonttags'].='i'; - if($U['status']>=3 && isSet($F[$_REQUEST['font']])) $U['fontface']=$_REQUEST['font']; - @$U['fontinfo']="#$U[colour] {$F[$U['fontface']]} <$U[fonttags]>"; - if(!isSet($U['fontinfo'])) $U['fontinfo']=''; - $U['style']=get_style($U['fontinfo']); - $U['displayname']=style_this($U['nickname'], $U['fontinfo']); - if($_REQUEST['boxwidth']>0) $U['boxwidth']=$_REQUEST['boxwidth']; - if($_REQUEST['boxheight']>0) $U['boxheight']=$_REQUEST['boxheight']; - if(isSet($_REQUEST['notesboxwidth']) && $_REQUEST['notesboxwidth']>0) $U['notesboxwidth']=$_REQUEST['notesboxwidth']; - if(isSet($_REQUEST['notesboxheight']) && $_REQUEST['notesboxheight']>0) $U['notesboxheight']=$_REQUEST['notesboxheight']; + $fonttags=''; + if($U['status']>=3 && isSet($_REQUEST['bold'])) $fonttags.='b'; + if($U['status']>=3 && isSet($_REQUEST['italic'])) $fonttags.='i'; + if($U['status']>=3 && isSet($F[$_REQUEST['font']])) $fontface=$F[$_REQUEST['font']]; else $fontface=''; + $U['style']=get_style("#$U[colour] $fontface <$fonttags>"); + if($_REQUEST['boxwidth']>0 && $_REQUEST['boxwidth']<1000) $U['boxwidth']=$_REQUEST['boxwidth']; + if($_REQUEST['boxheight']>0 && $_REQUEST['boxheight']<1000) $U['boxheight']=$_REQUEST['boxheight']; + if(isSet($_REQUEST['notesboxwidth']) && $_REQUEST['notesboxwidth']>0 && $_REQUEST['notesboxwidth']<1000) $U['notesboxwidth']=$_REQUEST['notesboxwidth']; + if(isSet($_REQUEST['notesboxheight']) && $_REQUEST['notesboxheight']>0 && $_REQUEST['notesboxheight']<1000) $U['notesboxheight']=$_REQUEST['notesboxheight']; if(isSet($_REQUEST['timestamps'])) $U['timestamps']=true; else $U['timestamps']=false; if(isSet($_REQUEST['embed'])) $U['embed']=true; else $U['embed']=false; - if($U['status']>=5 && isSet($_REQUEST['incognito']) && $C['incognito']) $U['incognito']=true; + if($U['status']>=5 && isSet($_REQUEST['incognito']) && get_setting('incognito')) $U['incognito']=true; else $U['incognito']=false; - if($U['boxwidth']>=1000) $U['boxwidth']=40; - if($U['boxheight']>=1000) $U['boxheight']=3; - if($U['notesboxwidth']>=1000) $U['notesboxwidth']=80; - if($U['notesboxheight']>=1000) $U['notesboxheight']=30; } function save_profile(){ @@ -1654,13 +1881,13 @@ function save_profile(){ if($U['passhash']!==$U['oldhash']) send_profile($I['wrongpass']); $U['passhash']=$U['newhash']; amend_profile(); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `refresh`=?, `displayname`=?, `fontinfo`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 'issssiisiiiiis', $U['refresh'], $U['displayname'], $U['fontinfo'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['session']); + $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `refresh`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `session`=?"); + mysqli_stmt_bind_param($stmt, 'issiisiiiiis', $U['refresh'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($U['status']>=2){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]members` SET `passhash`=?, `refresh`=?, `colour`=?, `bgcolour`=?, `fontface`=?, `fonttags`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `nickname`=?"); - mysqli_stmt_bind_param($stmt, 'sissssiiiiiiis', $U['passhash'], $U['refresh'], $U['colour'], $U['bgcolour'], $U['fontface'], $U['fonttags'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['nickname']); + $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]members` SET `passhash`=?, `refresh`=?, `bgcolour`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=?, `style`=? WHERE `nickname`=?"); + mysqli_stmt_bind_param($stmt, 'sisiiiiiiiss', $U['passhash'], $U['refresh'], $U['bgcolour'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['style'], $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); @@ -1683,59 +1910,50 @@ function save_profile(){ } function add_user_defaults(){ - global $C, $F, $H, $U; - if(!isSet($U['refresh'])) $U['refresh']=$C['defaultrefresh']; - if($U['refresh']<5) $U['refresh']=5; - elseif($U['refresh']>150) $U['refresh']=150; - if(!isSet($U['fontinfo'])){ - if(!preg_match('/^[a-f0-9]{6}$/i', $U['colour'])){ - $U['colour']=$C['coltxt']; - do{ - $U['colour']=sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)); - }while(abs(greyval($U['colour'])-greyval($C['colbg']))<75); - } - $U['fontinfo']="#$U[colour]"; - @$U['fontinfo'].=" {$F[$U['fontface']]} <$U[fonttags]>"; - } - if(!isSet($U['bgcolour'])) $U['bgcolour']=$C['colbg']; + global $H, $U; + if(!isSet($U['refresh'])) $U['refresh']=get_setting('defaultrefresh'); + if(!isSet($U['bgcolour'])) $U['bgcolour']=get_setting('colbg'); $H['begin_body']="body style=\"background-color:#$U[bgcolour];\""; - if(!isSet($U['colour'])){ - preg_match('/([0-9a-f]{6})/i', $U['fontinfo'], $matches); - $U['colour']=$matches[0]; + if(!isSet($U['style']) && !preg_match('/^[a-f0-9]{6}$/i', $U['colour'])){ + do{ + $U['colour']=sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)); + }while(abs(greyval($U['colour'])-greyval(get_setting('colbg')))<75); } - if(!isSet($U['style'])) $U['style']=get_style($U['fontinfo']); + if(!isSet($U['style'])) $U['style']=get_style("#$U[colour]"); if(!isSet($U['boxwidth'])) $U['boxwidth']=40; if(!isSet($U['boxheight'])) $U['boxheight']=3; if(!isSet($U['notesboxwidth'])) $U['notesboxwidth']=80; if(!isSet($U['notesboxheight'])) $U['notesboxheight']=30; - if(!isSet($U['timestamps'])) $U['timestamps']=$C['timestamps']; - if(!isSet($U['embed'])) $U['embed']=$C['embed']; + if(!isSet($U['timestamps'])) $U['timestamps']=get_setting('timestamps'); + if(!isSet($U['embed'])) $U['embed']=true; if(!isSet($U['incognito'])) $U['incognito']=false; - if(!isSet($U['lastpost'])) $U['lastpost']=time(); - if(!isSet($U['entry'])) $U['entry']=$U['lastpost']; - if(!isSet($U['postid'])) $U['postid']='OOOOOO'; - if(!isSet($U['displayname'])) $U['displayname']=style_this($U['nickname'], $U['fontinfo']); + $U['entry']=$U['lastpost']=time(); + $U['postid']='OOOOOO'; } // message handling function validate_input(){ - global $P, $U; + global $C, $P, $U, $mysqli; $maxmessage=get_setting('maxmessage'); $U['message']=substr($_REQUEST['message'], 0, $maxmessage); $U['rejected']=substr($_REQUEST['message'], $maxmessage); + if($U['postid']==$_REQUEST['postid']){// ignore double post=reload from browser or proxy + $_REQUEST['message']=''; + }elseif((time()-$U['lastpost'])<=1){// time between posts too short, reject! + $U['rejected']=$_REQUEST['message']; + $_REQUEST['message']=''; + } if(preg_match('/&[^;]{0,8}$/', $U['message']) && preg_match('/^([^;]{0,8};)/', $U['rejected'], $match)){ $U['message'].=$match[0]; $U['rejected']=preg_replace("/^$match[0]", '', $U['rejected']); } - if($U['rejected']){ + if(!empty($U['rejected'])){ $U['rejected']=trim($U['rejected']); $U['rejected']=htmlspecialchars($U['rejected']); } $U['message']=htmlspecialchars($U['message']); - $U['message']=preg_replace("/\r\n/", '
', $U['message']); - $U['message']=preg_replace("/\n/", '
', $U['message']); - $U['message']=preg_replace("/\r/", '
', $U['message']); + $U['message']=preg_replace("/(\r?\n|\r\n?)/", '
', $U['message']); if(isSet($_REQUEST['multi']) && $_REQUEST['multi']=='on'){ $U['message']=preg_replace('/\s*
/', '
', $U['message']); $U['message']=preg_replace('/
(
)+/', '

', $U['message']); @@ -1750,16 +1968,16 @@ function validate_input(){ $U['recipient']=''; if($_REQUEST['sendto']=='*'){ $U['poststatus']='1'; - $U['displaysend']="$U[displayname] - "; + $U['displaysend']=style_this($U['nickname'], $U['style']).' - '; }elseif($_REQUEST['sendto']=='?' && $U['status']>=3){ $U['poststatus']='3'; - $U['displaysend']="[M] $U[displayname] - "; + $U['displaysend']='[M] '.style_this($U['nickname'], $U['style']).' - '; }elseif($_REQUEST['sendto']=='#' && $U['status']>=5){ $U['poststatus']='5'; - $U['displaysend']="[Staff] $U[displayname] - "; + $U['displaysend']='[Staff] '.style_this($U['nickname'], $U['style']).' - '; }elseif($_REQUEST['sendto']=='&' && $U['status']>=6){ $U['poststatus']='6'; - $U['displaysend']="[Admin] $U[displayname] - "; + $U['displaysend']='[Admin] '.style_this($U['nickname'], $U['style']).' - '; }else{// known nick in room? $ignored=get_ignored(); $ignore=false; @@ -1773,7 +1991,7 @@ function validate_input(){ foreach($P as $chatter){ if($_REQUEST['sendto']==$chatter[0]){ $U['recipient']=$chatter[0]; - $U['displayrecp']=style_this($chatter[0], $chatter[2]); + $U['displayrecp']=style_this($chatter[0], $chatter[1]); break; } } @@ -1781,7 +1999,7 @@ function validate_input(){ if(!empty($U['recipient'])){ $U['poststatus']='9'; $U['delstatus']='9'; - $U['displaysend']="[$U[displayname] to $U[displayrecp]] - "; + $U['displaysend']='['.style_this($U['nickname'], $U['style'])." to $U[displayrecp]] - "; }else{// nick left already or ignores us $U['message']=''; $U['rejected']=''; @@ -1790,7 +2008,15 @@ function validate_input(){ if(isSet($U['poststatus'])){ apply_filter(); create_hotlinks(); - if(add_message()) update_session(); + apply_linkfilter(); + if(add_message()){ + $U['lastpost']=time(); + $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`=?, `postid`=? WHERE `session`=?"); + mysqli_stmt_bind_param($stmt, 'iis', $U['lastpost'], $_REQUEST['postid'], $U['session']); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + } + } } @@ -1800,7 +2026,7 @@ function apply_filter(){ $U['displaysend']=substr($U['displaysend'], 0, -3); $U['message']=preg_replace("~^/me~i", '', $U['message']); } - $U['message']=preg_replace_callback("/\@([a-z0-9]{1,$C[maxname]})/i", function ($matched){ global $P; if(isSet($P[$matched[1]])) return style_this($matched[0], $P[$matched[1]][2]); else return "$matched[0]";}, $U['message']); + $U['message']=preg_replace_callback('/\@([a-z0-9]{1,})/i', function ($matched){ global $P; if(isSet($P[$matched[1]])) return style_this($matched[0], $P[$matched[1]][1]); else return "$matched[0]";}, $U['message']); if($C['memcached']) $filters=$memcached->get("$C[dbname]-$C[prefix]filter"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $filters=array(); @@ -1818,8 +2044,34 @@ function apply_filter(){ } } +function apply_linkfilter(){ + global $C, $U, $memcached, $mysqli; + if(get_setting('imgembed')) $U['message']=preg_replace_callback('/\[img\]\s?(.*?(?=<\/a>))<\/a>/i', function ($matched){ return str_ireplace('[/img]', '', "

");}, $U['message']); + if($C['memcached']) $filters=$memcached->get("$C[dbname]-$C[prefix]linkfilter"); + if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ + $filters=array(); + $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]linkfilter`"); + while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $filters[]=$filter; + if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]linkfilter", $filters); + } + foreach($filters as $filter){ + $U['message']=preg_replace_callback("/(.*?(?=<\/a>))<\/a>/i", function ($matched) use(&$filter){ return "".preg_replace("/$filter[match]/i", $filter['replace'], $matched[2]).'';}, $U['message']); + } + $redirect=get_setting('redirect'); + if(empty($redirect)) $redirect="$_SERVER[SCRIPT_NAME]?action=redirect&url="; + if(get_setting('forceredirect')) $U['message']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $U['message']); + elseif(preg_match_all('/(.*?(?=<\/a>))<\/a>/', $U['message'], $matches)){ + foreach($matches[1] as $match){ + if(!preg_match('~^http(s)?://~', $match)){ + $U['message']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $U['message']); + break; + } + } + } +} + function create_hotlinks(){ - global $C, $U; + global $U; //Make hotlinks for URLs, redirect through dereferrer script to prevent session leakage // 1. all explicit schemes with whatever xxx://yyyyyyy $U['message']=preg_replace('~(\w*://[^\s<>]+)~i', "<<$1>>", $U['message']); @@ -1832,16 +2084,6 @@ function create_hotlinks(){ $U['message']=preg_replace('~([a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?:\.(?!rar|zip|exe|gz|7z|bat|doc)[a-z]{2,}))(?=[^a-z0-9\-\.]|$)(?![^<>]*>)~i', "<<$1>>", $U['message']);// xxx.yyy.zzz // Convert every <<....>> into proper links: $U['message']=preg_replace_callback('/<<([^<>]+)>>/', function ($matches){if(strpos($matches[1], '://')==false){ return "$matches[1]";}else{ return "$matches[1]"; }}, $U['message']); - if($C['imgembed']) $U['message']=preg_replace_callback('/\[img\]\s?(.*?(?=<\/a>))<\/a>/i', function ($matched){ return str_ireplace('[/img]', '', "

");}, $U['message']); - if($C['forceredirect']) $U['message']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $U['message']); - elseif(preg_match_all('/(.*?(?=<\/a>))<\/a>/', $U['message'], $matches)){ - foreach($matches[1] as $match){ - if(!preg_match('~^http(s)?://~', $match)){ - $U['message']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $U['message']); - break; - } - } - } } function add_message(){ @@ -1852,7 +2094,7 @@ function add_message(){ 'poststatus' =>$U['poststatus'], 'poster' =>$U['nickname'], 'recipient' =>$U['recipient'], - 'text' =>$U['displaysend'].style_this($U['message'], $U['fontinfo']), + 'text' =>$U['displaysend'].style_this($U['message'], $U['style']), 'delstatus' =>$U['delstatus'] ); write_message($newmessage); @@ -1887,7 +2129,7 @@ function write_message($message){ if($C['sendmail'] && $message['poststatus']<9){ $subject='New Chat message'; $headers="From: $C[mailsender]\r\nX-Mailer: PHP/".phpversion()."\r\nContent-Type: text/html; charset=UTF-8\r\n"; - $body="$message[text]"; + $body='$message[text]"; mail($C['mailreceiver'], $subject, $body, $headers); } } @@ -1944,9 +2186,13 @@ function print_messages($delstatus=''){ global $C, $U, $mysqli; $dateformat=get_setting('dateformat'); $messagelimit=get_setting('messagelimit'); - if(!isSet($_COOKIE[$C['cookiename']]) && !$C['forceredirect']) $injectRedirect=true; else $injectRedirect=false; - if($C['imgembed'] && (!$U['embed'] || !isSet($_COOKIE[$C['cookiename']]))) $removeEmbed=true; else $removeEmbed=false; - mysqli_query($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `postdate`<='".(time()-60*get_setting('messageexpire'))."'"); + if(!isSet($_COOKIE[$C['cookiename']]) && get_setting('forceredirect')==0){ + $injectRedirect=true; + $redirect=get_setting('redirect'); + if(empty($redirect)) $redirect="$_SERVER[SCRIPT_NAME]?action=redirect&url="; + }else $injectRedirect=false; + if(get_setting('imgembed') && (!$U['embed'] || !isSet($_COOKIE[$C['cookiename']]))) $removeEmbed=true; else $removeEmbed=false; + mysqli_query($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `postdate`<='".(time()-60*get_setting('messageexpire'))."' OR (`poster`='' AND `recipient`='' AND `poststatus`='9')"); if(!empty($delstatus)){ $stmt=mysqli_prepare($mysqli, "SELECT `postdate`, `id`, `text` FROM `$C[prefix]messages` WHERE ". "`id` IN (SELECT * FROM (SELECT `id` FROM `$C[prefix]messages` WHERE `poststatus`='1' ORDER BY `id` DESC LIMIT ?) AS t) ". @@ -1957,7 +2203,7 @@ function print_messages($delstatus=''){ while(mysqli_stmt_fetch($stmt)){ if($C['msgencrypted']) $message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); if($injectRedirect){ - $message['text']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $message['text']); + $message['text']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $message['text']); } if($removeEmbed){ $message['text']=preg_replace_callback('//', function ($matched){ return $matched[1];}, $message['text']); @@ -1978,7 +2224,7 @@ function print_messages($delstatus=''){ while(mysqli_stmt_fetch($stmt)){ if($C['msgencrypted']) $message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); if($injectRedirect){ - $message['text']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $message['text']); + $message['text']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $message['text']); } if($removeEmbed){ $message['text']=preg_replace_callback('//', function ($matched){ return $matched[1];}, $message['text']); @@ -2019,18 +2265,11 @@ function valid_admin(){ } function valid_nick($nick){ - global $C; - return preg_match("/^[a-z0-9]{1,$C[maxname]}$/i", $nick); + return preg_match('/^[a-z0-9]{1,'.get_setting('maxname').'}$/i', $nick); } function valid_pass($pass){ - global $C; - return preg_match('/^.{'.$C['minpass'].',}$/', $pass); -} - -function cleanup_nick($nick){ - $nick=preg_replace('/\s+/', '', $nick); - return $nick; + return preg_match('/^.{'.get_setting('minpass').',}$/', $pass); } function get_timeout($lastpost, $status){ // lastpost, status @@ -2048,11 +2287,11 @@ function get_timeout($lastpost, $status){ // lastpost, status } function print_colours(){ - global $C, $I; + global $I; // Prints a short list with selected named HTML colours and filters out illegible text colours for the given background. // It's a simple comparison of weighted grey values. This is not very accurate but gets the job done well enough. $colours=array('Beige'=>'F5F5DC', 'Black'=>'000000', 'Blue'=>'0000FF', 'BlueViolet'=>'8A2BE2', 'Brown'=>'A52A2A', 'Cyan'=>'00FFFF', 'DarkBlue'=>'00008B', 'DarkGreen'=>'006400', 'DarkRed'=>'8B0000', 'DarkViolet'=>'9400D3', 'DeepSkyBlue'=>'00BFFF', 'Gold'=>'FFD700', 'Grey'=>'808080', 'Green'=>'008000', 'HotPink'=>'FF69B4', 'Indigo'=>'4B0082', 'LightBlue'=>'ADD8E6', 'LightGreen'=>'90EE90', 'LimeGreen'=>'32CD32', 'Magenta'=>'FF00FF', 'Olive'=>'808000', 'Orange'=>'FFA500', 'OrangeRed'=>'FF4500', 'Purple'=>'800080', 'Red'=>'FF0000', 'RoyalBlue'=>'4169E1', 'SeaGreen'=>'2E8B57', 'Sienna'=>'A0522D', 'Silver'=>'C0C0C0', 'Tan'=>'D2B48C', 'Teal'=>'008080', 'Violet'=>'EE82EE', 'White'=>'FFFFFF', 'Yellow'=>'FFFF00', 'YellowGreen'=>'9ACD32'); - $greybg=greyval($C['colbg']); + $greybg=greyval(get_setting('colbg')); foreach($colours as $name=>$colour){ if(abs($greybg-greyval($colour))>75) echo ""; } @@ -2065,22 +2304,11 @@ function greyval($colour){ function get_style($styleinfo){ $fbold=preg_match('/(|:bold)/', $styleinfo); $fitalic=preg_match('/(|:italic)/', $styleinfo); - $fsmall=preg_match('/(size="-1"|:smaller)/', $styleinfo); - preg_match('/(#.{6})/', $styleinfo, $match); + $fsmall=preg_match('/:smaller/', $styleinfo); + preg_match('/(#.{6})/i', $styleinfo, $match); if(isSet($match[0])) $fcolour=$match[0]; - preg_match('/face=\'([^"]+)\'/', $styleinfo, $match); - if(isSet($match[1])) $fface=$match[1]; preg_match('/font-family:([^;]+);/', $styleinfo, $match); if(isSet($match[1])) $sface=$match[1]; - if(isSet($fface)){ - $sface=$fface; - $sface=preg_replace('/^/', "'", $sface); - $sface=preg_replace('/$/', "'", $sface); - $sface=preg_replace('/,/', "','", $sface); - }elseif(isSet($sface)){ - $fface=$sface; - $fface=preg_replace("/'/", '', $fface); - } $fstyle=''; if(isSet($fcolour)) $fstyle.="color:$fcolour;"; if(isSet($sface)) $fstyle.="font-family:$sface;"; @@ -2091,43 +2319,7 @@ function get_style($styleinfo){ } function style_this($text, $styleinfo){ - $fbold=preg_match('/(|:bold)/', $styleinfo); - $fitalic=preg_match('/(|:italic)/', $styleinfo); - $fsmall=preg_match('/(size="-1"|:smaller)/', $styleinfo); - preg_match('/(#.{6})/', $styleinfo, $match); - if(isSet($match[0])) $fcolour=$match[0]; - preg_match('/face=\'([^"]+)\'/', $styleinfo, $match); - if(isSet($match[1])) $fface=$match[1]; - preg_match('/font-family:([^;]+);/', $styleinfo, $match); - if(isSet($match[1])) $sface=$match[1]; - if(isSet($fface)){ - $sface=$fface; - $sface=preg_replace('/^/', "'", $sface); - $sface=preg_replace('/$/', "'", $sface); - $sface=preg_replace('/,/', "','", $sface); - }elseif(isSet($sface)){ - $fface=$sface; - $fface=preg_replace("/'/", '', $fface); - } - $fstyle=''; - if(isSet($fcolour)) $fstyle.="color:$fcolour;"; - if(isSet($sface)) $fstyle.="font-family:$sface;"; - if($fsmall) $fstyle.='font-size:smaller;'; - if($fitalic) $fstyle.='font-style:italic;'; - if($fbold) $fstyle.='font-weight:bold;'; - $fstart='$text"; } function check_init(){ @@ -2153,24 +2345,26 @@ function init_chat(){ if(mysqli_num_rows($result)>0){ $suwrite=$I['initsuexist']; } - }elseif(!valid_nick($_REQUEST['sunick'])){ - $suwrite=sprintf($I['invalnick'], $C['maxname']); - }elseif(!valid_pass($_REQUEST['supass'])){ - $suwrite=sprintf($I['invalpass'], $C['minpass']); + }elseif(!preg_match('/^[a-z0-9]{1,20}$/i', $_REQUEST['sunick'])){ + $suwrite=sprintf($I['invalnick'], 20); + }elseif(!preg_match('/^.{5,}$/', $_REQUEST['supass'])){ + $suwrite=sprintf($I['invalpass'], 5); }elseif($_REQUEST['supass']!==$_REQUEST['supassc']){ $suwrite=$I['noconfirm']; }else{ - mysqli_multi_query($mysqli, "CREATE TABLE IF NOT EXISTS `$C[prefix]captcha` (`id` int(10) unsigned NOT NULL, `time` int(10) unsigned NOT NULL, `code` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". - "CREATE TABLE IF NOT EXISTS `$C[prefix]filter` (`id` tinyint(3) unsigned NOT NULL, `match` tinytext NOT NULL, `replace` text NOT NULL, `allowinpm` tinyint(1) unsigned NOT NULL, `regex` tinyint(1) unsigned NOT NULL, `kick` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". - "CREATE TABLE IF NOT EXISTS `$C[prefix]ignored` (`id` int(10) unsigned NOT NULL, `ignored` tinytext NOT NULL, `by` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". - "CREATE TABLE IF NOT EXISTS `$C[prefix]members` (`id` tinyint(3) unsigned NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `passhash` tinytext NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `colour` tinytext NOT NULL, `bgcolour` tinytext NOT NULL, `fontface` tinytext NOT NULL, `fonttags` tinytext NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `regedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `lastlogin` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". - "CREATE TABLE IF NOT EXISTS `$C[prefix]messages` (`id` int(10) unsigned NOT NULL, `postdate` int(10) unsigned NOT NULL, `poststatus` tinyint(3) unsigned NOT NULL, `poster` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `recipient` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL, `delstatus` tinyint(3) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". - "CREATE TABLE IF NOT EXISTS `$C[prefix]notes` (`id` int(10) unsigned NOT NULL, `type` tinytext NOT NULL, `lastedited` int(10) unsigned NOT NULL, `editedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". - "CREATE TABLE IF NOT EXISTS `$C[prefix]sessions` (`id` int(10) unsigned NOT NULL, `session` tinytext NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `displayname` text NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `fontinfo` tinytext NOT NULL, `style` text NOT NULL, `lastpost` int(10) unsigned NOT NULL, `passhash` tinytext NOT NULL, `postid` int(10) unsigned NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `useragent` text NOT NULL, `kickmessage` text NOT NULL, `bgcolour` tinytext NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `entry` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL, `ip` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". - "CREATE TABLE IF NOT EXISTS `$C[prefix]settings` (`id` tinyint(3) unsigned NOT NULL, `setting` tinytext NOT NULL, `value` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". + mysqli_multi_query($mysqli, "CREATE TABLE IF NOT EXISTS `$C[prefix]captcha` (`id` int(10) unsigned NOT NULL, `time` int(10) unsigned NOT NULL, `code` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; ". + "CREATE TABLE IF NOT EXISTS `$C[prefix]filter` (`id` tinyint(3) unsigned NOT NULL, `match` tinytext NOT NULL, `replace` text NOT NULL, `allowinpm` tinyint(1) unsigned NOT NULL, `regex` tinyint(1) unsigned NOT NULL, `kick` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; ". + "CREATE TABLE IF NOT EXISTS `$C[prefix]ignored` (`id` int(10) unsigned NOT NULL, `ignored` tinytext NOT NULL, `by` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; ". + "CREATE TABLE IF NOT EXISTS `$C[prefix]linkfilter` (`id` int(10) unsigned NOT NULL, `match` tinytext NOT NULL, `replace` tinytext NOT NULL, `regex` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; ". + "CREATE TABLE IF NOT EXISTS `$C[prefix]members` (`id` tinyint(3) unsigned NOT NULL, `nickname` tinytext NOT NULL, `passhash` tinytext NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `bgcolour` tinytext NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `regedby` tinytext NOT NULL, `lastlogin` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL, `style` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; ". + "CREATE TABLE IF NOT EXISTS `$C[prefix]messages` (`id` int(10) unsigned NOT NULL, `postdate` int(10) unsigned NOT NULL, `poststatus` tinyint(3) unsigned NOT NULL, `poster` tinytext NOT NULL, `recipient` tinytext NOT NULL, `text` text NOT NULL, `delstatus` tinyint(3) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; ". + "CREATE TABLE IF NOT EXISTS `$C[prefix]notes` (`id` int(10) unsigned NOT NULL, `type` tinytext NOT NULL, `lastedited` int(10) unsigned NOT NULL, `editedby` tinytext NOT NULL, `text` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; ". + "CREATE TABLE IF NOT EXISTS `$C[prefix]sessions` (`id` int(10) unsigned NOT NULL, `session` tinytext NOT NULL, `nickname` tinytext NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `style` text NOT NULL, `lastpost` int(10) unsigned NOT NULL, `passhash` tinytext NOT NULL, `postid` int(10) unsigned NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `useragent` text NOT NULL, `kickmessage` text NOT NULL, `bgcolour` tinytext NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `entry` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL, `ip` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; ". + "CREATE TABLE IF NOT EXISTS `$C[prefix]settings` (`id` tinyint(3) unsigned NOT NULL, `setting` tinytext NOT NULL, `value` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; ". "ALTER TABLE `$C[prefix]captcha` ADD UNIQUE KEY `id` (`id`); ". "ALTER TABLE `$C[prefix]filter` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]ignored` ADD PRIMARY KEY (`id`); ". + "ALTER TABLE `$C[prefix]linkfilter` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]members` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]messages` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]notes` ADD PRIMARY KEY (`id`); ". @@ -2178,42 +2372,43 @@ function init_chat(){ "ALTER TABLE `$C[prefix]settings` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]filter` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]ignored` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; ". + "ALTER TABLE `$C[prefix]linkfilter` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]members` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]messages` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]notes` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]sessions` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]settings` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; ". - "INSERT INTO `$C[prefix]settings` (`setting`,`value`) VALUES ('guestaccess','0'), ('globalpass',''), ('englobalpass','0'), ('captcha','0'), ('dateformat','m-d H:i:s'), ('rulestxt', ''), ('msgencrypted','0'), ('msgenter','%s entered the chat.'), ('msgexit','%s left the chat.'), ('msgmemreg','%s is now a registered member.'), ('msgsureg','%s is now a registered applicant.'), ('msgkick','%s has been kicked.'), ('msgmultikick','%s have been kicked.'), ('msgallkick','All chatters have been kicked.'), ('msgclean','%s has been cleaned.'), ('dbversion','$C[dbversion]'), ('css','a:visited{color:#B33CB4;} a:active{color:#FF0033;} a:link{color:#0000FF;} input,select,textarea{color:#FFFFFF;background-color:#000000;} a img{width:15%} a:hover img{width:35%} .error{color:#FF0033;} .delbutton{background-color:#660000;} .backbutton{background-color:#004400;} #exitbutton{background-color:#AA0000;}'), ('memberexpire','60'), ('guestexpire', '15'), ('kickpenalty', '10'), ('entrywait', '120'), ('messageexpire', '14400'), ('messagelimit', '150'), ('maxmessage', 2000), ('captchatime', '600');"); + "INSERT INTO `$C[prefix]settings` (`setting`,`value`) VALUES ('guestaccess', '0'), ('globalpass', ''), ('englobalpass', '0'), ('captcha', '0'), ('dateformat', 'm-d H:i:s'), ('rulestxt', ''), ('msgencrypted', '0'), ('msgenter', '%s entered the chat.'), ('msgexit', '%s left the chat.'), ('msgmemreg', '%s is now a registered member.'), ('msgsureg', '%s is now a registered applicant.'), ('msgkick', '%s has been kicked.'), ('msgmultikick', '%s have been kicked.'), ('msgallkick', 'All chatters have been kicked.'), ('msgclean', '%s has been cleaned.'), ('dbversion', '$C[dbversion]'), ('css', 'a:visited{color:#B33CB4;} a:active{color:#FF0033;} a:link{color:#0000FF;} input,select,textarea{color:#FFFFFF;background-color:#000000;} a img{width:15%} a:hover img{width:35%} .error{color:#FF0033;} .delbutton{background-color:#660000;} .backbutton{background-color:#004400;} #exitbutton{background-color:#AA0000;}'), ('memberexpire', '60'), ('guestexpire', '15'), ('kickpenalty', '10'), ('entrywait', '120'), ('messageexpire', '14400'), ('messagelimit', '150'), ('maxmessage', 2000), ('captchatime', '600'), ('colbg', '000000'), ('coltxt', 'FFFFFF'), ('maxname', '20'), ('minpass', '5'), ('defaultrefresh', '20'), ('dismemcaptcha', '0'), ('suguests', '0'), ('imgembed', '1'), ('timestamps', '1'), ('trackip', '1'), ('captchachars', '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), ('memkick', '1'), ('forceredirect', '0'), ('redirect', ''), ('incognito', '1');"); while(mysqli_more_results($mysqli)) mysqli_next_result($mysqli); $reg=array( 'nickname' =>$_REQUEST['sunick'], 'passhash' =>md5(sha1(md5($_REQUEST['sunick'].$_REQUEST['supass']))), 'status' =>8, - 'refresh' =>$C['defaultrefresh'], - 'colour' =>$C['coltxt'], - 'bgcolour' =>$C['colbg'], + 'refresh' =>20, + 'bgcolour' =>'000000', 'boxwidth' =>40, 'boxheight' =>3, 'notesboxwidth' =>80, 'notesboxheight'=>30, - 'timestamps' =>$C['timestamps'], - 'embed' =>$C['embed'], - 'incognito' =>false + 'timestamps' =>true, + 'embed' =>true, + 'incognito' =>false, + 'style' =>'color:#FFFFFF;' ); - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); - mysqli_stmt_bind_param($stmt, 'ssiissiiiiiii', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito']); + $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito`, `style`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + mysqli_stmt_bind_param($stmt, 'ssiisiiiiiiis', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito'], $reg['style']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $suwrite=$I['susuccess']; } print_start('init'); echo "

$I[init]


$I[sulogin]

$suwrite


"; - echo "<$H[form]>".hidden('action', 'setup').hidden('lang', $C['lang']).submit($I['initgosetup'])."$H[credit]"; + echo "<$H[form]>".hidden('action', 'setup').hidden('lang', $C['lang']).submit($I['initgosetup'])."$H[credit]
"; print_end(); } function update_db(){ - global $C, $mysqli; + global $C, $F, $mysqli; $dbversion=get_setting('dbversion'); if($dbversion<$C['dbversion'] || get_setting('msgencrypted')!=$C['msgencrypted']){ if($dbversion<2){ @@ -2253,11 +2448,35 @@ function update_db(){ mysqli_query($mysqli, "ALTER TABLE `$C[prefix]settings` CHANGE `value` `value` text NOT NULL"); mysqli_query($mysqli, "ALTER TABLE `$C[prefix]messages` DROP `postid`"); } - if($dbversion<10){ mysqli_query($mysqli, "INSERT INTO `$C[prefix]settings` (`setting`, `value`) VALUES ('css', 'a:visited{color:#B33CB4;} a:active{color:#FF0033;} a:link{color:#0000FF;} input,select,textarea{color:#FFFFFF;background-color:#000000;} a img{width:15%} a:hover img{width:35%} .error{color:#FF0033;} .delbutton{background-color:#660000;} .backbutton{background-color:#004400;} #exitbutton{background-color:#AA0000;}'), ('memberexpire', '60'), ('guestexpire', '15'), ('kickpenalty', '10'), ('entrywait', '120'), ('messageexpire', '14400'), ('messagelimit', '150'), ('maxmessage', 2000), ('captchatime', '600')"); mysqli_query($mysqli, "ALTER TABLE `$C[prefix]sessions` ADD `ip` TINYTEXT NOT NULL"); } + if($dbversion<11){ + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]captcha` CHARACTER SET utf8 COLLATE utf8_bin"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]filter` CHARACTER SET utf8 COLLATE utf8_bin"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]ignored` CHARACTER SET utf8 COLLATE utf8_bin"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]members` CHARACTER SET utf8 COLLATE utf8_bin"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]messages` CHARACTER SET utf8 COLLATE utf8_bin"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]notes` CHARACTER SET utf8 COLLATE utf8_bin"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]sessions` CHARACTER SET utf8 COLLATE utf8_bin"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]settings` CHARACTER SET utf8 COLLATE utf8_bin"); + mysqli_query($mysqli, "CREATE TABLE IF NOT EXISTS `$C[prefix]linkfilter` (`id` int(10) unsigned NOT NULL, `match` tinytext NOT NULL, `replace` tinytext NOT NULL, `regex` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]linkfilter` ADD PRIMARY KEY (`id`)"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]linkfilter` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT"); + mysqli_query($mysqli, "ALTER TABLE `$C[prefix]sessions` DROP `fontinfo`, DROP `displayname`"); + mysqli_query($mysqli, "ALTER TABLE `members` ADD `style` TEXT NOT NULL"); + $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]members`"); + $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]members` SET `style`=? WHERE `id`=?"); + while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ + $style=@get_style("#$temp[colour] {$F[$temp['fontface']]} <$temp[fonttags]>"); + mysqli_stmt_bind_param($stmt, 'si', $style, $temp['id']); + mysqli_stmt_execute($stmt); + } + mysqli_stmt_close($stmt); + mysqli_query($mysqli, "ALTER TABLE `members` DROP `colour`, DROP `fontface`, DROP `fonttags`;"); + mysqli_query($mysqli, "INSERT INTO `$C[prefix]settings` (`setting`, `value`) VALUES ('colbg', '000000'), ('coltxt', 'FFFFFF'), ('maxname', '20'), ('minpass', '5'), ('defaultrefresh', '20'), ('dismemcaptcha', '0'), ('suguests', '0'), ('imgembed', '1'), ('timestamps', '1'), ('trackip', '1'), ('captchachars', '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), ('memkick', '1'), ('forceredirect', '0'), ('redirect', ''), ('incognito', '1')"); + } if(get_setting('msgencrypted')!=$C['msgencrypted']){ $result=mysqli_query($mysqli, "SELECT `id`, `text` FROM `$C[prefix]messages`"); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `text`=? WHERE `id`=?"); @@ -2312,20 +2531,20 @@ function update_setting($setting, $value){ function load_fonts(){ global $F; $F=array( - 'Arial' =>" face='Arial,Helvetica,sans-serif'", - 'Book Antiqua' =>" face='Book Antiqua,MS Gothic'", - 'Comic' =>" face='Comic Sans MS,Papyrus'", - 'Comic small' =>" face='Comic Sans MS,Papyrus' size=\"-1\"", - 'Courier' =>" face='Courier New,Courier,monospace'", - 'Cursive' =>" face='Cursive,Papyrus'", - 'Fantasy' =>" face='Fantasy,Futura,Papyrus'", - 'Garamond' =>" face='Garamond,Palatino,serif'", - 'Georgia' =>" face='Georgia,Times New Roman,Times,serif'", - 'Serif' =>" face='MS Serif,New York,serif'", - 'System' =>" face='System,Chicago,sans-serif'", - 'Times New Roman' =>" face='Times New Roman,Times,serif'", - 'Verdana' =>" face='Verdana,Geneva,Arial,Helvetica,sans-serif'", - 'Verdana small' =>" face='Verdana,Geneva,Arial,Helvetica,sans-serif' size=\"-1\"" + 'Arial' =>"font-family:'Arial','Helvetica','sans-serif';", + 'Book Antiqua' =>"font-family:'Book Antiqua','MS Gothic';", + 'Comic' =>"font-family:'Comic Sans MS','Papyrus';", + 'Comic small' =>"font-family:'Comic Sans MS','Papyrus';font-size:smaller;", + 'Courier' =>"font-family:'Courier New','Courier','monospace';", + 'Cursive' =>"font-family:'Cursive','Papyrus';", + 'Fantasy' =>"font-family:'Fantasy','Futura','Papyrus';", + 'Garamond' =>"font-family:'Garamond','Palatino','serif';", + 'Georgia' =>"font-family:'Georgia','Times New Roman','Times','serif';", + 'Serif' =>"font-family:'MS Serif','New York','serif';", + 'System' =>"font-family:'System','Chicago','sans-serif';", + 'Times New Roman' =>"font-family:'Times New Roman','Times','serif';", + 'Verdana' =>"font-family:'Verdana','Geneva','Arial','Helvetica','sans-serif';", + 'Verdana small' =>"font-family:'Verdana','Geneva','Arial','Helvetica','sans-serif';font-size:smaller;" ); } @@ -2335,7 +2554,7 @@ function load_html(){ 'begin_body' =>"body", 'form' =>"form action=\"$_SERVER[SCRIPT_NAME]\" method=\"post\" style=\"margin:0;padding:0;\"", 'meta_html' =>"$C[chatname]", - 'credit' =>"

LE CHAT-PHP - $C[version]
" + 'credit' =>"

LE CHAT-PHP - $C[version]" ); $H=$H+array( 'backtologin' =>"<$H[form] target=\"_parent\">".hidden('lang', $C['lang']).submit($I['backtologin'], 'class="backbutton"').'', @@ -2378,17 +2597,12 @@ function load_lang(){ function load_config(){ global $C; $C=array( - 'version' =>'1.11.2', // Script version - 'dbversion' =>10, // Database version - 'colbg' =>'000000', // Background colour - 'coltxt' =>'FFFFFF', // Default text colour + 'version' =>'1.12', // Script version + 'dbversion' =>11, // Database version 'chatname' =>'My Chat', // Chat Name 'keeplimit' =>3, // Amount of messages to keep in the database (multiplied with max messages displayed) - increase if you have many private messages - 'defaultrefresh'=>30, // Seconds to refresh the messages 'msgencrypted' =>false, // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing! 'encryptkey' =>'MY_KEY', // Encryption key for messages - 'maxname' =>20, // Longest number of chatacters for a name - 'minpass' =>5, // Shortest number of chatacters for a password 'dbhost' =>'p:localhost', // Database host 'dbuser' =>'www-data', // Database user 'dbpass' =>'YOUR_DB_PASS', // Database password @@ -2397,21 +2611,10 @@ function load_config(){ 'memcached' =>false, // Enable/disable memcached caching true/false - needs php5-memcached and a memcached server. 'memcachedhost' =>'localhost', // Memcached server 'memcachedport' =>'11211', // Memcached server - 'captchachars' =>'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', // Characters used for captcha generation - 'dismemcaptcha' =>false, // Disable captcha for members? true/false - 'embed' =>true, // Default for displaying embedded imgs or turning them into links true/false - 'imgembed' =>true, // Allow image embedding in chat using [img] tag? true/false - 'suguests' =>false, // Adds option to add applicants. They will have a reserved nick protected with a password, but don't count as member true/false - 'timestamps' =>true, // Display timestamps in front of the messages by default true/false - 'incognito' =>true, // Allow mods and admins to be invisable true/false - 'forceredirect' =>false, // Force redirect script or only use when no cookies available? true/false - 'memkick' =>true, // Let a member kick guests if no mod is present 'sendmail' =>false, // Send mail on new message - only activate on low traffic chat or your inbox will fill up very fast! 'mailsender' =>'www-data ', // Send mail using this e-Mail address 'mailreceiver' =>'Webmaster ', // Send mail to this e-Mail address - 'redirect' =>"$_SERVER[SCRIPT_NAME]?action=redirect&url=", // Redirect script default: "$_SERVER[SCRIPT_NAME]?action=redirect&url=" - 'lang' =>'en', // Default language - 'trackip' =>true // Display IP-Address in session overview - true/false + 'lang' =>'en' // Default language ); $C=$C+array( 'cookiename' =>"$C[prefix]chat_session" // Cookie name storing the session information diff --git a/lang_de.php b/lang_de.php index 6e350a7..98d2c00 100644 --- a/lang_de.php +++ b/lang_de.php @@ -77,7 +77,7 @@ $I=array( 'kick' => 'Rausschmeißen', 'logoutinact' => 'Inaktive Teilnehmer abmelden', 'logout' => 'Abmelden', - 'viewsess' => 'Aktive Sitzungen anzeigen', + 'sessions' => 'Aktive Sitzungen anzeigen', 'view' => 'Anzeigen', 'filter' => 'Filter', 'guestacc' => 'Gastzugriff ändern', @@ -180,8 +180,8 @@ $I=array( 'randomcol' => 'Zufällige Farbe', 'enter' => 'Chat beitreten', 'error' => 'Fehler:', - 'members' => 'Mitglieder:', - 'guests' => 'Gäste:', + 'members' => 'Mitglieder', + 'guests' => 'Gäste', 'approveguests' => '%d neue Gäste zum Hereinlassen', 'allowchecked' => 'Ausgewählte erlauben', 'allowall' => 'Alle erlauben', @@ -256,6 +256,24 @@ $I=array( 'maxmessage' => 'Maximale Nachrichenlänge', 'confirm' => 'Bist du sicher?', 'yes' => 'Ja', - 'no' => 'Nein' + 'no' => 'Nein', + 'colbg' => 'Hintergrundfarbe', + 'coltxt' => 'Schriftfarbe', + 'maxname' => 'Maximale Benutzernamen-Länge', + 'minpass' => 'Minimale Passwortlänge', + 'defaultrefresh' => 'Standardzeit zum Neuladen der Nachrichten (Sekunden)', + 'suguests' => 'Anwerber aktivieren', + 'rulestxt' => 'Regeln (html)', + 'imgembed' => 'Bilder einbetten', + 'trackip' => 'Sitzungs-IP anzeigen', + 'captchachars' => 'Im Captcha benutzte Zeichen', + 'memkick' => 'Mitglieder dürfen Rasusschmeißen, wenn kein Moderator da ist', + 'forceredirect' => 'Umleitung erzwingen', + 'redirect' => 'Benutzerdefinierte Umleitungsadresse', + 'backuprestore' => 'Sichern und wiederherstellen', + 'backup' => 'Sichern', + 'restore' => 'Wiederherstellen', + 'settings' => 'Einstellungen', + 'linkfilter' => 'Linkfilter' ); ?> diff --git a/lang_en.php b/lang_en.php index b7f3a14..8bfc955 100644 --- a/lang_en.php +++ b/lang_en.php @@ -78,7 +78,7 @@ $I=array( 'kick' => 'Kick', 'logoutinact' => 'Logout inactive Chatter', 'logout' => 'Logout', - 'viewsess' => 'View active sessions', + 'sessions' => 'View active sessions', 'view' => 'View', 'filter' => 'Filter', 'guestacc' => 'Change Guestaccess', @@ -181,8 +181,8 @@ $I=array( 'randomcol' => 'Random Colour', 'enter' => 'Enter Chat', 'error' => 'Error:', - 'members' => 'Members:', - 'guests' => 'Guests:', + 'members' => 'Members', + 'guests' => 'Guests', 'approveguests' => '%d new guests to approve', 'allowchecked' => 'Allow checked', 'allowall' => 'Allow all', @@ -254,9 +254,27 @@ $I=array( 'captchatime' => 'Captcha timeout (seconds)', 'messageexpire' => 'Message timeout (minutes)', 'messagelimit' => 'Message limit (public)', - 'maxmessage' => 'Maximum message length', + 'maxmessage' => 'Maximal message length', 'confirm' => 'Are you sure?', 'yes' => 'Yes', - 'no' => 'No' + 'no' => 'No', + 'colbg' => 'Background colour', + 'coltxt' => 'Text colour', + 'maxname' => 'Maximal user name length', + 'minpass' => 'Minimal password length', + 'defaultrefresh' => 'Default message reload time (seconds)', + 'suguests' => 'Enable applicants', + 'rulestxt' => 'Rules (html)', + 'imgembed' => 'Embed images', + 'trackip' => 'Show session-IP', + 'captchachars' => 'Characters used in Captcha', + 'memkick' => 'Members can kick, if no moderator is present', + 'forceredirect' => 'Force redirection', + 'redirect' => 'Custom redirection script', + 'backuprestore' => 'Backup and restore', + 'backup' => 'Backup', + 'restore' => 'Restore', + 'settings' => 'Settings', + 'linkfilter' => 'Linkfilter' ); ?>