From 6084bd87c7e64d599a9db12f6ee58262f52a3699 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Wed, 29 Jul 2015 08:34:28 +0200 Subject: [PATCH] Version 1.11.2 --- CHANGELOG | 6 + chat.php | 308 ++++++++++++++++++++++++++-------------------------- lang_de.php | 5 +- lang_en.php | 5 +- 4 files changed, 168 insertions(+), 156 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 1d0e23a..7a11378 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +Version 1.11.2 - Jul. 29, 2015 +Fix security vulnerability +More simplifications +Only allow deleting your own messages, not older ones by the same nick +Confirmation when deleting all your messages + Version 1.11.1 - Jul. 12, 2015 Bugfixes and minor changes diff --git a/chat.php b/chat.php index 7ecbfbc..e705e2e 100755 --- a/chat.php +++ b/chat.php @@ -33,19 +33,20 @@ $U=array();// This user data $countmods=0;// Present moderators $memcached;// Memcached connection $mysqli;// MySQL database connection -load_fonts(); load_config(); -load_lang(); -load_html(); -check_db(); - // set session variable to cookie if cookies are enabled if(!isSet($_REQUEST['session']) && isSet($_COOKIE[$C['cookiename']])){ $_REQUEST['session']=$_COOKIE[$C['cookiename']]; } +elseif(!isSet($_REQUEST['session'])) $_REQUEST['session']=''; +load_fonts(); +load_lang(); +load_html(); +check_db(); // main program: decide what to do based on queries if(!isSet($_REQUEST['action'])){ + if(check_init()<7) send_init(); send_login(); }elseif($_REQUEST['action']=='view'){ check_session(); @@ -73,8 +74,11 @@ if(!isSet($_REQUEST['action'])){ send_controls(); }elseif($_REQUEST['action']=='delete'){ check_session(); - if($_REQUEST['what']=='all') del_all_messages($U['nickname'], 10); - if($_REQUEST['what']=='last') del_last_message(); + if($_REQUEST['what']=='all'){ + if(isSet($_REQUEST['confirm'])) del_all_messages($U['nickname'], 10, $U['entry']); + else send_del_confirm(); + } + elseif($_REQUEST['what']=='last') del_last_message(); send_post(); }elseif($_REQUEST['action']=='profile'){ check_session(); @@ -88,25 +92,25 @@ if(!isSet($_REQUEST['action'])){ send_colours(); }elseif($_REQUEST['action']=='notes'){ check_session(); - if(!$U['status']>=5) send_login(); + if($U['status']<5) send_login(); send_notes('staff'); }elseif($_REQUEST['action']=='help'){ check_session(); send_help(); }elseif($_REQUEST['action']=='admnotes'){ check_session(); - if(!$U['status']>=6) send_login(); + if($U['status']<6) send_login(); send_notes('admin'); }elseif($_REQUEST['action']=='admin'){ check_session(); - if(!$U['status']>=5) send_login(); + if($U['status']<5) send_login(); if(!isSet($_REQUEST['do'])){ send_admin(); }elseif($_REQUEST['do']=='clean'){ if($_REQUEST['what']=='choose') send_choose_messages(); elseif($_REQUEST['what']=='selected') clean_selected(); elseif($_REQUEST['what']=='room') clean_room(); - elseif($_REQUEST['what']=='nick') del_all_messages($_REQUEST['nickname'], $U['status']); + elseif($_REQUEST['what']=='nick') del_all_messages($_REQUEST['nickname'], $U['status'], 0); send_admin(); }elseif($_REQUEST['do']=='kick'){ if(!isSet($_REQUEST['name'])) send_admin(); @@ -136,8 +140,8 @@ if(!isSet($_REQUEST['action'])){ approve_session(); send_approve_waiting(); }elseif($_REQUEST['do']=='guestaccess'){ - if(isSet($_REQUEST['set']) && preg_match('/^[0123]$/', $_REQUEST['set'])){ - update_setting('guestaccess', $_REQUEST['set']); + if(isSet($_REQUEST['guestaccess']) && preg_match('/^[0123]$/', $_REQUEST['guestaccess'])){ + update_setting('guestaccess', $_REQUEST['guestaccess']); } }elseif($_REQUEST['do']=='filter'){ manage_filter(); @@ -145,40 +149,21 @@ if(!isSet($_REQUEST['action'])){ } send_admin(); }elseif($_REQUEST['action']=='setup'){ - if(!$C['memcached'] || !$num_tables=$memcached->get("$C[dbname]-$C[prefix]num-tables")){ - $tables=array("$C[prefix]captcha", "$C[prefix]filter", "$C[prefix]ignored", "$C[prefix]members", "$C[prefix]messages", "$C[prefix]notes", "$C[prefix]sessions", "$C[prefix]settings"); - $num_tables=0; - $result=mysqli_query($mysqli, 'SHOW TABLES'); - while($tmp=mysqli_fetch_array($result, MYSQLI_NUM)){ - if(in_array($tmp[0],$tables)) ++$num_tables; - } - if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]num-tables", $num_tables, 60); - } - if($num_tables<7) send_init(); + if(check_init()<7) send_init(); update_db(); if(!valid_admin()) send_alogin(); - $setting_update=array('guestaccess', 'dateformat', 'captcha', 'css', 'memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage'); if(!isSet($_REQUEST['do'])){ - }elseif(in_array($_REQUEST['do'], $setting_update)){ - if(isSet($_REQUEST[$_REQUEST['do']])){ - update_setting($_REQUEST['do'], $_REQUEST[$_REQUEST['do']]); + }elseif($_REQUEST['do']=='save'){ + $settings=array('guestaccess', 'englobalpass', 'globalpass', 'msgenter', 'msgexit', 'msgmemreg', 'msgsureg', 'msgkick', 'msgmultikick', 'msgallkick', 'msgclean', 'dateformat', 'captcha', 'css', 'memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage'); + foreach($settings as $setting){ + if(isSet($_REQUEST[$setting])) update_setting($setting, $_REQUEST[$setting]); } - }elseif($_REQUEST['do']=='messages'){ - update_messages(); - }elseif($_REQUEST['do']=='rules'){ if(isSet($_REQUEST['rulestxt'])){ $_REQUEST['rulestxt']=preg_replace("/\r\n/", '
', $_REQUEST['rulestxt']); $_REQUEST['rulestxt']=preg_replace("/\n/", '
', $_REQUEST['rulestxt']); $_REQUEST['rulestxt']=preg_replace("/\r/", '
', $_REQUEST['rulestxt']); update_setting('rulestxt', $_REQUEST['rulestxt']); } - }elseif($_REQUEST['do']=='globalpass'){ - if(isSet($_REQUEST['globalpass'])){ - update_setting('globalpass', $_REQUEST['globalpass']); - } - if(isSet($_REQUEST['englobalpass']) && preg_match('/^[012]$/', $_REQUEST['englobalpass'])){ - update_setting('englobalpass', $_REQUEST['englobalpass']); - } } send_setup(); }elseif($_REQUEST['action']=='init'){ @@ -207,7 +192,9 @@ function frmpst($arg1='', $arg2=''){ global $C, $H, $U; $string="<$H[form]>".hidden('action', $arg1).hidden('session', $U['session']).hidden('lang', $C['lang']); if(!empty($arg2)){ - $string.=hidden('what', $arg2).@hidden('sendto', $_REQUEST['sendto']).@hidden('multi', $_REQUEST['multi']); + if(!isSet($_REQUEST['multi'])) $_REQUEST['multi']=''; + if(!isSet($_REQUEST['sendto'])) $_REQUEST['sendto']=''; + $string.=hidden('what', $arg2).hidden('sendto', $_REQUEST['sendto']).hidden('multi', $_REQUEST['multi']); } return $string; } @@ -235,12 +222,16 @@ function thr(){ } function print_start($class='', $ref=0, $url=''){ - global $H; + global $C, $H; header('Content-Type: text/html; charset=UTF-8'); header('Pragma: no-cache'); header('Cache-Control: no-cache'); header('Expires: 0'); if(!empty($url)) header("Refresh: $ref; URL=$url"); echo "$H[meta_html]"; if(!empty($url)) echo ""; - print_stylesheet(); + if($class=='init'){ + echo ""; + }else{ + print_stylesheet(); + } echo "<$H[begin_body] class=\"$class\">"; } @@ -340,37 +331,29 @@ function send_setup(){ global $C, $H, $I, $U; $ga=get_setting('guestaccess'); print_start('setup'); - echo "

$I[setup]

"; + echo "

$I[setup]

<$H[form]>".hidden('action', 'setup').hidden('do', 'save').hidden('session', $U['session']).hidden('lang', $C['lang']).'
'; thr(); echo "'; + echo '
$I[guestacc]"; - echo frmsetup('guestaccess').''; - echo '"; - echo '"; - echo '"; - echo '"; - echo '
  
  
  
  
 '.submit($I['change']).'
'; thr(); $englobal=get_setting('englobalpass'); echo "
$I[globalloginpass]"; - echo frmsetup('globalpass').''; + echo '
'; echo ''; - echo ''; - echo '
  '.submit($I['apply']).'
'; + echo ''; + echo ''; thr(); echo "
$I[sysmessages]"; - echo frmsetup('messages').''; + echo '
'; echo "'; echo "'; echo "'; @@ -379,43 +362,43 @@ function send_setup(){ echo "'; echo "'; echo "'; - echo '
 $I[msgenter] 
 $I[msgexit] 
 $I[msgmemreg] 
 $I[msgmultikick] 
 $I[msgallkick] 
 $I[msgclean] 
 '.submit($I['apply']).'
'; + echo ''; thr(); echo "
$I[rules]"; - echo frmsetup('rules').''; + echo '
'; echo ''; - echo '
 '.submit($I['apply']).'
'; + echo ''; thr(); echo "
$I[dateformat]"; - echo frmsetup('dateformat').''; - echo ''; - echo '
 '.submit($I['apply']).'
'; + echo ''; + echo ''; + echo '
'; thr(); echo "
$I[captcha]"; - echo frmsetup('captcha').''; + echo '
'; echo ''; - echo '
 '.submit($I['apply']).'
'; + echo ''; + echo ''; thr(); echo "
$I[css]"; - echo frmsetup('css').''; + echo '
'; echo ''; - echo '
 '.submit($I['apply']).'
'; + echo ''; $number_settings=array('memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage'); foreach($number_settings as $setting){ thr(); echo '
'.$I[$setting].''; - echo frmsetup($setting).''; - echo "'; - echo '
 '.submit($I['apply']).'
'; + echo ''; + echo "'; + echo '
'; } thr(); - echo "<$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['logout'])."$H[credit]"; + echo ''.submit($I['apply'])."
<$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['logout'])."$H[credit]"; print_end(); } @@ -471,6 +454,11 @@ function send_admin($arg=''){ } $chlist.=''; echo "

$I[admfunc]

$arg"; + if($U['status']>=7){ + thr(); + echo "'; + } thr(); echo "'; thr(); echo "
"; + echo "<$H[form] target=\"view\">".hidden('action', 'setup').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['initgosetup']).'
$I[cleanmsgs]"; echo frmadm('clean').'
'; @@ -485,34 +473,27 @@ function send_admin($arg=''){ echo submit($I['kick']).'
'; thr(); echo "'; + echo frmadm('sessions').'
$I[logoutinact]"; - echo frmadm('logout')."
 $chlist"; + echo frmadm('logout')."
$chlist"; echo submit($I['logout']).'
$I[viewsess]"; - echo frmadm('sessions').'
 '.submit($I['view']).'
'.submit($I['view']).'
'; thr(); echo "
$I[filter]"; - echo frmadm('filter').'
 '.submit($I['view']).'
'; + echo frmadm('filter').'
'.submit($I['view']).'
'; thr(); echo "
$I[guestacc]"; echo frmadm('guestaccess').''; - echo '"; - echo '"; - echo '"; - echo '"; - echo '
  
  
  
  
 '.submit($I['change']).'
'; + echo ''.submit($I['change']).''; thr(); if($C['suguests']){ echo "
$I[addsuguest]"; - echo frmadm('superguest')."
 
$I[admmembers]
"; - echo frmadm('status')."'; thr(); echo "
 
$I[admmembers]"; + echo frmadm('status')."
'.submit($I['change']).'
'; thr(); echo ""; if($ga==0) echo ""; @@ -1082,7 +1081,7 @@ function print_chatters(){ global $C, $G, $I, $M, $U, $mysqli; echo '
$I[regguest]"; - echo frmadm('register')."
 
'.submit($I['register']).'
'; thr(); } @@ -557,7 +538,7 @@ function send_sessions(){ if($C['trackip']) echo ""; echo ""; foreach($lines as $temp){ - if($temp['status']!=0 && $temp['entry']==0 && (!$temp['incognito'] || $temp['status']<$U['status'])){ + if($temp['status']!=0 && $temp['entry']!=0 && (!$temp['incognito'] || $temp['status']<$U['status'])){ if($temp['status']==1 || $temp['status']==2) $s=' (G)'; elseif($temp['status']==3) $s=''; elseif($temp['status']==5) $s=' (M)'; @@ -675,7 +656,7 @@ function send_frameset(){ if(isSet($_COOKIE['test'])){ echo "<body>$I[noframes]$H[backtologin]</body>"; }else{ - echo "<body>$I[noframes]$H[backtologin]</body>"; + echo "<body>$I[noframes]$H[backtologin]</body>"; } mysqli_close($mysqli); exit; @@ -686,14 +667,14 @@ function send_messages(){ if(isSet($_COOKIE[$C['cookiename']])){ $url="$_SERVER[SCRIPT_NAME]?action=view"; }else{ - $url="$_SERVER[SCRIPT_NAME]?action=view&session=$U[session]&lang=$C[lang]"; + $url="$_SERVER[SCRIPT_NAME]?action=view&session=$U[session]&lang=$C[lang]"; } print_start('messages', $U['refresh'], $url); echo ''; print_chatters(); - echo "
$I[regmem]
"; - echo frmadm('regnew').""; - echo "
 $I[nick] 
 $I[pass]"; + echo frmadm('regnew').""; + echo "
$I[nick] 
$I[pass]"; echo submit($I['register']).'
$I[sesip]$I[actions]
$I[bottom]
"; + echo "
$I[bottom]
"; print_messages(); - echo "
$I[top]
"; + echo "
$I[top]
"; print_end(); } @@ -737,7 +718,7 @@ function send_approve_waiting(){ global $C, $H, $I, $mysqli; print_start('approve_waiting'); echo "

$I[waitingroom]

"; - $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]sessions` WHERE `entry`!='0' AND `status`='1' ORDER BY `id`"); + $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]sessions` WHERE `entry`=='0' AND `status`='1' ORDER BY `id`"); if(mysqli_num_rows($result)>0){ echo frmadm('approve').''; echo ""; @@ -757,7 +738,7 @@ function send_approve_waiting(){ } function send_waiting_room(){ - global $C, $H, $I, $U, $countmods, $mysqli; + global $C, $I, $U, $countmods, $mysqli; parse_sessions(); $ga=get_setting('guestaccess'); if($ga==3 && $countmods>0) $wait=false; @@ -770,15 +751,15 @@ function send_waiting_room(){ setcookie($C['cookiename'], false); send_error("$I[kicked]
$U[kickmessage]"); } - $timeleft=get_setting('entrywait')-(time()-$U['entry']); + $timeleft=get_setting('entrywait')-(time()-$U['lastpost']); if($wait && ($timeleft<=0 || $ga==1)){ - $U['entry']=0; - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=? WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 'is', $U['entry'], $U['session']); + $U['entry']=$U['lastpost']; + $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `session`=?"); + mysqli_stmt_bind_param($stmt, 's', $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); send_frameset(); - }elseif(!$wait && $U['entry']==0){ + }elseif(!$wait && $U['entry']!=0){ send_frameset(); }else{ if(isSet($_COOKIE['test'])){ @@ -786,7 +767,7 @@ function send_waiting_room(){ print_start('waitingroom', $C['defaultrefresh'], "$_SERVER[SCRIPT_NAME]?action=wait"); }else{ header("Refresh: $C[defaultrefresh]; URL=$_SERVER[SCRIPT_NAME]?action=wait&session=$U[session]"); - print_start('waitingroom', $C['defaultrefresh'], "$_SERVER[SCRIPT_NAME]?action=wait&session=$U[session]&lang=$C[lang]"); + print_start('waitingroom', $C['defaultrefresh'], "$_SERVER[SCRIPT_NAME]?action=wait&session=$U[session]&lang=$C[lang]"); } if($wait){ echo "

$I[waitingroom]

".sprintf($I['waittext'], $U['displayname'], $timeleft).'


'.sprintf($I['waitreload'], $C['defaultrefresh']).'



'; @@ -794,7 +775,9 @@ function send_waiting_room(){ echo "

$I[waitingroom]

".sprintf($I['admwaittext'], $U['displayname']).'


'.sprintf($I['waitreload'], $C['defaultrefresh']).'



'; } echo "
".hidden('action', 'wait').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['reload']).'
'; - echo "

$I[rules]

".get_setting('rulestxt').'
'; + $rulestxt=get_setting('rulestxt'); + if(!empty($rulestxt)) echo "

$I[rules]

$rulestxt"; + echo '
'; print_end(); } } @@ -808,11 +791,24 @@ function send_choose_messages(){ print_end(); } +function send_del_confirm(){ + global $I; + print_start('del_confirm'); + if(!isSet($_REQUEST['multi'])) $_REQUEST['multi']=''; + if(!isSet($_REQUEST['sendto'])) $_REQUEST['sendto']=''; + echo "
$I[sessnick]$I[sessua]
$I[confirm]
"; + echo frmpst('delete').hidden('sendto', $_REQUEST['sendto']).hidden('multi', $_REQUEST['multi']).hidden('confirm', 'yes').hidden('what', $_REQUEST['what']).submit($I['yes'], 'class="delbutton"').''; + echo frmpst('post').hidden('sendto', $_REQUEST['sendto']).hidden('multi', $_REQUEST['multi']).submit($I['no'], 'class="backbutton"').'
'; + print_end(); +} + function send_post(){ global $C, $I, $P, $U, $countmods; $U['postid']=substr(time(), -6); print_start('post'); - echo '
"; thr(); - if(!isSet($_COOKIE[$C['cookiename']])) $session='&session=$U[session]'; else $session=''; + if(!isSet($_COOKIE[$C['cookiename']])) $session='&session=$U[session]'; else $session=''; echo ""; thr(); @@ -1057,7 +1055,8 @@ function send_login(){ } echo '
'.frmpst('post').hidden('postid', $U['postid']).@hidden('multi', $_REQUEST['multi']); + if(!isSet($_REQUEST['multi'])) $_REQUEST['multi']=''; + if(!isSet($_REQUEST['sendto'])) $_REQUEST['sendto']=''; + echo '
'.frmpst('post').hidden('postid', $U['postid']).hidden('multi', $_REQUEST['multi']); echo ""; if(!isSet($U['rejected'])) $U['rejected']=''; if(isSet($_REQUEST['multi']) && $_REQUEST['multi']=='on'){ @@ -858,14 +854,14 @@ function send_post(){ } echo '
$U[displayname]:
'; + echo frmpst('post').hidden('sendto', $_REQUEST['sendto']).hidden('multi', $multi).submit($switch).''; echo '
'; echo frmpst('delete', 'last').submit($I['dellast'], 'class="delbutton"').''.frmpst('delete', 'all').submit($I['delall'], 'class="delbutton"').''; - if(isSet($_REQUEST['multi']) && $_REQUEST['multi']=='on'){ + if($_REQUEST['multi']=='on'){ $switch=$I['switchsingle']; $multi=''; }else{ $switch=$I['switchmulti']; $multi='on'; } - echo frmpst('post').@hidden('sendto', $_REQUEST['sendto']).hidden('multi', $multi).submit($switch).'
'; print_end(); } @@ -873,7 +869,9 @@ function send_post(){ function send_help(){ global $C, $H, $I, $U; print_start('help'); - echo "

$I[rules]

".get_setting('rulestxt')."

$I[help]

$I[helpguest]"; + $rulestxt=get_setting('rulestxt'); + if(!empty($rulestxt)) echo "

$I[rules]

$rulestxt

"; + echo "

$I[help]

$I[helpguest]"; if($C['imgembed']) echo "
$I[helpembed]"; if($U['status']>=3){ echo "
$I[helpmem]
"; @@ -927,7 +925,7 @@ function send_profile($arg=''){ echo "
$I[refreshrate]"; echo "
 
$I[fontcolour] ($I[viewexample])"; echo "
 
'.submit($I['enter']).'
'; get_nowchatting(); - echo "

$I[rules]

".get_setting('rulestxt').'
'; + $rulestxt=get_setting('rulestxt'); + if(!empty($rulestxt)) echo "

$I[rules]

$rulestxt
"; }else{ echo "
$I[globalloginpass]
$I[noguests]
'; if($U['status']>=5 && get_setting('guestaccess')==3){ - $result=mysqli_query($mysqli, "SELECT COUNT(*) FROM `$C[prefix]sessions` WHERE `entry`!='0' AND `status`='1'"); + $result=mysqli_query($mysqli, "SELECT COUNT(*) FROM `$C[prefix]sessions` WHERE `entry`='0' AND `status`='1'"); $temp=mysqli_fetch_array($result, MYSQLI_NUM); if($temp[0]>0) echo ''; } @@ -1132,7 +1131,7 @@ function create_session($setup){ if(!mysqli_stmt_fetch($stmt)) send_error($I['captchaexpire']); mysqli_stmt_close($stmt); }else{ - if(!$code=$memcached->get("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]")) send_error($I['captchaexpire']); + if(!$code=$memcached->get("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]")) send_error($I['captchexpire']); $memcached->delete("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]"); } if($_REQUEST['captcha']!=$code) send_error($I['wrongcaptcha']); @@ -1197,14 +1196,14 @@ function approve_session(){ global $C, $mysqli; if(isSet($_REQUEST['what'])){ if($_REQUEST['what']=='allowchecked' && isSet($_REQUEST['csid'])){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`='0' WHERE `nickname`=?"); + $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `nickname`=?"); foreach($_REQUEST['csid'] as $nick){ mysqli_stmt_bind_param($stmt, 's', $nick); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); }elseif($_REQUEST['what']=='allowall' && isSet($_REQUEST['alls'])){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`='0' WHERE `nickname`=?"); + $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `nickname`=?"); foreach($_REQUEST['alls'] as $nick){ mysqli_stmt_bind_param($stmt, 's', $nick); mysqli_stmt_execute($stmt); @@ -1259,9 +1258,8 @@ function check_login(){ } if($U['status']==1){ if($ga==2 || $ga==3){ - $U['entry']=time(); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=? WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 'is', $U['entry'], $U['session']); + $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`='0' WHERE `session`=?"); + mysqli_stmt_bind_param($stmt, 's', $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $_REQUEST['session']=$U['session']; @@ -1309,7 +1307,7 @@ function kick_chatter($names, $mes, $purge){ if(($temp['nickname']==$U['nickname'] && $U['nickname']==$name) || ($U['status']>$temp['status'] && (($temp['nickname']==$name && $temp['status']>0) || ($name=='&' && $temp['status']==1)))){ mysqli_stmt_bind_param($stmt, 'ss', $mes, $temp['session']); mysqli_stmt_execute($stmt); - if($purge) del_all_messages($temp['nickname'], 10); + if($purge) del_all_messages($temp['nickname'], 10, 0); $lonick.="$temp[displayname], "; ++$i; unset($P[$name]); @@ -1392,6 +1390,9 @@ function check_session(){ setcookie($C['cookiename'], false); send_error("$I[kicked]
$U[kickmessage]"); } + if($U['entry']==0){ + send_waiting_room(); + } } function get_nowchatting(){ @@ -1429,7 +1430,7 @@ function parse_sessions(){ $lines=array(); $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]sessions` ORDER BY `status` DESC, `lastpost` DESC"); while($line=mysqli_fetch_array($result, MYSQLI_ASSOC)) $lines[]=$line; - if(isSet($_REQUEST['session'])){ + if(!empty($_REQUEST['session'])){ foreach($lines as $temp){ if($temp['session']==$_REQUEST['session']){ $U=$temp; @@ -1443,7 +1444,7 @@ function parse_sessions(){ $M=array(); $P=array(); foreach($lines as $temp){ - if($temp['entry']==0){ + if($temp['entry']!=0){ if($temp['status']==1 || $temp['status']==2){ $P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']]; $G[]=$temp['displayname']; @@ -1711,7 +1712,7 @@ function add_user_defaults(){ if(!isSet($U['embed'])) $U['embed']=$C['embed']; if(!isSet($U['incognito'])) $U['incognito']=false; if(!isSet($U['lastpost'])) $U['lastpost']=time(); - if(!isSet($U['entry'])) $U['entry']=0; + if(!isSet($U['entry'])) $U['entry']=$U['lastpost']; if(!isSet($U['postid'])) $U['postid']='OOOOOO'; if(!isSet($U['displayname'])) $U['displayname']=style_this($U['nickname'], $U['fontinfo']); } @@ -1736,8 +1737,10 @@ function validate_input(){ $U['message']=preg_replace("/\n/", '
', $U['message']); $U['message']=preg_replace("/\r/", '
', $U['message']); if(isSet($_REQUEST['multi']) && $_REQUEST['multi']=='on'){ + $U['message']=preg_replace('/\s*
/', '
', $U['message']); $U['message']=preg_replace('/
(
)+/', '

', $U['message']); - $U['message']=preg_replace('/

$/', '
', $U['message']); + $U['message']=preg_replace('/

\s*$/', '
', $U['message']); + $U['message']=preg_replace('/^
\s*$/', '', $U['message']); }else{ $U['message']=preg_replace('/
/', ' ', $U['message']); } @@ -1808,7 +1811,7 @@ function apply_filter(){ foreach($filters as $filter){ if($U['poststatus']!=9) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count); elseif(!$filter['allowinpm']) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count); - if($count>0 && $filter['kick']){ + if(isSet($count) && $count>0 && $filter['kick']){ kick_chatter(array($U['nickname']), '', false); send_error("$I[kicked]"); } @@ -1917,18 +1920,22 @@ function clean_selected(){ } } -function del_all_messages($nick, $status){ - global $C, $mysqli; - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `poster`=? AND `delstatus`1) $entry=0; + $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `poster`=? AND `delstatus`?"); + mysqli_stmt_bind_param($stmt, 'sii', $nick, $status, $entry); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } function del_last_message(){ global $C, $U, $mysqli; - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `poster`=? ORDER BY `id` DESC LIMIT 1"); - mysqli_stmt_bind_param($stmt, 's', $U['nickname']); + if($U['status']>1) $entry=0; + else $entry=$U['entry']; + $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `poster`=? AND `postdate`>? ORDER BY `id` DESC LIMIT 1"); + mysqli_stmt_bind_param($stmt, 'si', $U['nickname'], $entry); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } @@ -2001,7 +2008,7 @@ function get_ignored(){ function valid_admin(){ global $U; - if(isSet($_REQUEST['session'])){ + if(!empty($_REQUEST['session'])){ check_session(); } elseif(isSet($_REQUEST['nick']) && isSet($_REQUEST['pass'])){ @@ -2123,9 +2130,8 @@ function style_this($text, $styleinfo){ return "$fstart$text$fend"; } -function init_chat(){ - global $C, $H, $I, $memcached, $mysqli; - $suwrite=''; +function check_init(){ + global $C, $memcached, $mysqli; if(!$C['memcached'] || !$num_tables=$memcached->get("$C[dbname]-$C[prefix]num-tables")){ $tables=array("$C[prefix]captcha", "$C[prefix]filter", "$C[prefix]ignored", "$C[prefix]members", "$C[prefix]messages", "$C[prefix]notes", "$C[prefix]sessions", "$C[prefix]settings"); $num_tables=0; @@ -2135,7 +2141,13 @@ function init_chat(){ } if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]num-tables", $num_tables, 60); } - if($num_tables>=7){ + return $num_tables; +} + +function init_chat(){ + global $C, $H, $I, $mysqli; + $suwrite=''; + if(check_init()>=7){ $suwrite=$I['initdbexist']; $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]members` WHERE `status`='8'"); if(mysqli_num_rows($result)>0){ @@ -2272,18 +2284,6 @@ function update_db(){ } } -function update_messages(){ - global $C; - update_setting('msgenter', $_REQUEST['msgenter']); - update_setting('msgexit', $_REQUEST['msgexit']); - update_setting('msgmemreg', $_REQUEST['msgmemreg']); - if($C['suguests']) update_setting('msgsureg', $_REQUEST['msgsureg']); - update_setting('msgkick', $_REQUEST['msgkick']); - update_setting('msgmultikick', $_REQUEST['msgmultikick']); - update_setting('msgallkick', $_REQUEST['msgallkick']); - update_setting('msgclean', $_REQUEST['msgclean']); -} - function get_setting($setting){ global $C, $memcached, $mysqli; if(!$C['memcached'] || !$value=$memcached->get("$C[dbname]-$C[prefix]settings-$setting")){ @@ -2339,7 +2339,7 @@ function load_html(){ ); $H=$H+array( 'backtologin' =>"<$H[form] target=\"_parent\">".hidden('lang', $C['lang']).submit($I['backtologin'], 'class="backbutton"').'', - 'backtochat' =>"<$H[form]>".hidden('action', 'view').@hidden('session', $_REQUEST['session']).hidden('lang', $C['lang']).submit($I['backtochat'], 'class="backbutton"').'' + 'backtochat' =>"<$H[form]>".hidden('action', 'view').hidden('session', $_REQUEST['session']).hidden('lang', $C['lang']).submit($I['backtochat'], 'class="backbutton"').'' ); } @@ -2378,7 +2378,7 @@ function load_lang(){ function load_config(){ global $C; $C=array( - 'version' =>'1.11.1', // Script version + 'version' =>'1.11.2', // Script version 'dbversion' =>10, // Database version 'colbg' =>'000000', // Background colour 'coltxt' =>'FFFFFF', // Default text colour diff --git a/lang_de.php b/lang_de.php index c2e9d8b..6e350a7 100644 --- a/lang_de.php +++ b/lang_de.php @@ -253,6 +253,9 @@ $I=array( 'captchatime' => 'Captcha-Ablaufzeit (Sekunden)', 'messageexpire' => 'Nachrichten-Ablaufzeit (Minuten)', 'messagelimit' => 'Nachrichtenlimit (öffentliche)', - 'maxmessage' => 'Maximale Nachrichenlänge' + 'maxmessage' => 'Maximale Nachrichenlänge', + 'confirm' => 'Bist du sicher?', + 'yes' => 'Ja', + 'no' => 'Nein' ); ?> diff --git a/lang_en.php b/lang_en.php index 51c6146..b7f3a14 100644 --- a/lang_en.php +++ b/lang_en.php @@ -254,6 +254,9 @@ $I=array( 'captchatime' => 'Captcha timeout (seconds)', 'messageexpire' => 'Message timeout (minutes)', 'messagelimit' => 'Message limit (public)', - 'maxmessage' => 'Maximum message length' + 'maxmessage' => 'Maximum message length', + 'confirm' => 'Are you sure?', + 'yes' => 'Yes', + 'no' => 'No' ); ?>
'.frmadm('approve').submit(sprintf($I['approveguests'], $temp[0])).'