danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/DanWin/le-chat-php

Browse Source
This commit is contained in:
cypherbits
2020-05-11 18:18:03 +02:00
parent b7ff54f8d1 43a6adfa1c
commit 62f335d220
3 changed files with 28 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README
View File

@ -1,7 +1,7 @@
GENERAL INFORMATION: GENERAL INFORMATION:
This is a PHP Chat based on LE CHAT v.1.14. An up-to-date copy of this script can be downloaded at https://github.com/DanWin/le-chat-php This is a PHP Chat based on LE CHAT v.1.14. An up-to-date copy of this script can be downloaded at https://github.com/DanWin/le-chat-php
The original perl LE CHAT script by Lucky Eddie can be downloaded at http://4fvfamdpoulu2nms.onion/lechat/ or via a tor2web proxy like https://4fvfamdpoulu2nms.onion.to/lechat/ if you don't have TOR installed. The original perl LE CHAT script by Lucky Eddie can be downloaded at http://4fvfamdpoulu2nms.onion/lechat/ or via a tor2web proxy like https://4fvfamdpoulu2nms.onion.to/lechat/ if you don't have Tor installed.
If you add your own cool features or have a feature request, please tell me and I will add them, if I like them. If you add your own cool features or have a feature request, please tell me and I will add them, if I like them.
Please also let me know about any bugs you find in the code, so I can fix them. Please also let me know about any bugs you find in the code, so I can fix them.
Now a piece of information about the origin of the name "LE CHAT" copied from the original script: Now a piece of information about the origin of the name "LE CHAT" copied from the original script:
@ -10,7 +10,7 @@ It may even be the French word for "the" if you prefer. Translated from French t
FEATURES: FEATURES:
Optimized for TOR Optimized for Tor
No JavaScript needed No JavaScript needed
Cookies supported, but not needed Cookies supported, but not needed
Captcha Captcha
@ -77,6 +77,5 @@ If you never used regex before, check out this starting guide to begin with regu
LIVE DEMO: LIVE DEMO:
If you want to see the script in action, you can visit my TOR hidden service http://tt3j2x4k5ycaa5zt.onion/chat.php or via a tor2web proxy like https://danwin1210.me/chat.php if you don't have TOR installed. If you want to see the script in action, you can visit my Tor hidden service http://danschat356lctri3zavzh6fbxg2a7lo6z3etgkctzzpspewu7zdsaqd.onion/chat.php or via a tor2web proxy like https://chat.danwin1210.me/chat.php if you don't have Tor installed.
Considering this is a hidden service, you should be prepared for the worst case, as people tend to do illegal activities in the TOR network. I'm not online 24/7 so it might not be possible to remove such content right away. Considering this is a hidden service, you should be prepared for the worst case, as people tend to do illegal activities in the Tor network.
If you should see illegal content, don't panic. Use the contact form on my site to notify me and clean your browser cache afterwards.

21
README.md
View File

@ -2,7 +2,7 @@ General Information:
-------------------- --------------------
This is a PHP Chat based on LE CHAT v.1.14. An up-to-date copy of this script can be downloaded at https://github.com/DanWin/le-chat-php This is a PHP Chat based on LE CHAT v.1.14. An up-to-date copy of this script can be downloaded at https://github.com/DanWin/le-chat-php
The original perl LE CHAT script by Lucky Eddie can be downloaded at [his site](http://4fvfamdpoulu2nms.onion/lechat/) or via a tor2web proxy like [this one](https://4fvfamdpoulu2nms.onion.to/lechat/) if you don't have TOR installed. The original perl LE CHAT script by Lucky Eddie can be downloaded at [his site](http://4fvfamdpoulu2nms.onion/lechat/) or via a tor2web proxy like [this one](https://4fvfamdpoulu2nms.onion.to/lechat/) if you don't have Tor installed.
If you add your own cool features or have a feature request, please tell me and I will add them, if I like them. If you add your own cool features or have a feature request, please tell me and I will add them, if I like them.
Please also let me know about any bugs you find in the code, so I can fix them. Please also let me know about any bugs you find in the code, so I can fix them.
Now a piece of information about the origin of the name "LE CHAT" copied from the original script: Now a piece of information about the origin of the name "LE CHAT" copied from the original script:
@ -12,7 +12,7 @@ It may even be the French word for "the" if you prefer. Translated from French t
Features: Features:
--------- ---------
* Optimized for TOR * Optimized for Tor
* No JavaScript needed * No JavaScript needed
* Cookies supported, but not needed * Cookies supported, but not needed
* Captcha * Captcha
@ -59,7 +59,7 @@ Translating:
Copy lang_en.php and rename it to lang_YOUR_LANGCODE.php Copy lang_en.php and rename it to lang_YOUR_LANGCODE.php
Then edit the file and translate the messages into your language and change $I to $T at the top. Then edit the file and translate the messages into your language and change $I to $T at the top.
If you ever use a ' character, you have to escape it by using \' instead or the script will fail. If you ever use a `'` character, you have to escape it by using `\'` instead or the script will fail.
When you are done, you have to edit the chat script, to include your translation. Simply add a line with When you are done, you have to edit the chat script, to include your translation. Simply add a line with
'lang_code' =>'Language name', 'lang_code' =>'Language name',
to the $L array in the load_lang() function at the bottom, similar to what I did for the German translation. to the $L array in the load_lang() function at the bottom, similar to what I did for the German translation.
@ -72,17 +72,16 @@ Regex:
Yes, the chat supports regular expression filtering of messages. As regex tends to be difficult for most people, I decided to give it an extra section here. Yes, the chat supports regular expression filtering of messages. As regex tends to be difficult for most people, I decided to give it an extra section here.
Regex is very powerful and can be used to filter messages that contain certain expressions and replace them with something else. Regex is very powerful and can be used to filter messages that contain certain expressions and replace them with something else.
It can be used e.g. to turn BB Code into html, so it is possible to use BB Code in the chat to format messages. It can be used e.g. to turn BB Code into html, so it is possible to use BB Code in the chat to format messages.
To do this, use this Regex-Match '\[(u|b)\](.*?)\[\/\1\]' and this Regex-Replace '<$1>$2</$1>' and your text will be '[b]bold[/b]' or '[u]underlined[/u]'. To do this, use this Regex-Match `\[(u|b)\](.*?)\[\/\1\]` and this Regex-Replace `<$1>$2</$1>` and your text will be `[b]bold[/b]` or `[u]underlined[/u]`.
You can also use smilies by using this Regex-Match '(?-i::(cry|eek|lol|sad|smile|surprised|wink):)' and this Regex-Replace '<img src="/pictures/$1.gif" alt=":$1:">' You can also use smilies by using this Regex-Match `(?-i::(cry|eek|lol|sad|smile|surprised|wink):)` and this Regex-Replace `<img src="/pictures/$1.gif" alt=":$1:">`
And now if you enter ':smile:' an image with the smiley will be loaded from your server at '/pictures/smile.gif'. And now if you enter `:smile:` an image with the smiley will be loaded from your server at `/pictures/smile.gif`.
The following should be escaped by putting '\' in front of it, if you are trying to match one of these characters '/ \ ^ . $ | ( ) [ ] * + ? { } ,'. The following should be escaped by putting `\` in front of it, if you are trying to match one of these characters `/ \ ^ . $ | ( ) [ ] * + ? { } ,`.
I used '/' as delimiter, so you will have to escape that, too. The only options I used is 'i' to make the regex case insensitive. I used `/` as delimiter, so you will have to escape that, too. The only options I used is `i` to make the regex case insensitive.
If you want to test your regex, before applying you can use [this site](http://www.phpliveregex.com/) and enter your Regex and Replacement there and click on preg_replace. If you want to test your regex, before applying you can use [this site](http://www.phpliveregex.com/) and enter your Regex and Replacement there and click on preg_replace.
If you never used regex before, check out [this starting guide](http://docs.activestate.com/komodo/4.4/regex-intro.html) to begin with regular expressions. If you never used regex before, check out [this starting guide](http://docs.activestate.com/komodo/4.4/regex-intro.html) to begin with regular expressions.
Live demo: Live demo:
---------- ----------
If you want to see the script in action, you can visit my [TOR hidden service](http://tt3j2x4k5ycaa5zt.onion/chat.php) or via a tor2web proxy like [this one](https://danwin1210.me/chat.php) if you don't have TOR installed. If you want to see the script in action, you can visit my [Tor hidden service](http://danschat356lctri3zavzh6fbxg2a7lo6z3etgkctzzpspewu7zdsaqd.onion/chat.php) or via a tor2web proxy like [this one](https://chat.danwin1210.me/chat.php) if you don't have Tor installed.
Considering this is a hidden service, you should be prepared for the worst case, as people tend to do illegal activities in the TOR network. I'm not online 24/7 so it might not be possible to remove such content right away. Considering this is a hidden service, you should be prepared for the worst case, as people tend to do illegal activities in the Tor network.
If you should see illegal content, don't panic. Use the contact form on my site to notify me and clean your browser cache afterwards. I will remove the content as soon as possible.

28
chat.php
View File

@ -45,7 +45,7 @@ load_config();
if(!isset($_REQUEST['session']) && isset($_COOKIE[COOKIENAME])){ if(!isset($_REQUEST['session']) && isset($_COOKIE[COOKIENAME])){
$_REQUEST['session']=$_COOKIE[COOKIENAME]; $_REQUEST['session']=$_COOKIE[COOKIENAME];
} }
$_REQUEST['session'] = preg_replace('/[^0-9a-zA-Z]/', '', $_REQUEST['session']); $_REQUEST['session'] = preg_replace('/[^0-9a-zA-Z]/', '', $_REQUEST['session'] ?? '');
load_lang(); load_lang();
check_db(); check_db();
cron(); cron();
@ -2266,6 +2266,14 @@ function is_definitely_ssl() {
return false; return false;
} }
function set_secure_cookie($name, $value){
if (version_compare(PHP_VERSION, '7.3.0') >= 0) {
setcookie($name, $value, ['expires' => 0, 'path' => '/', 'domain' => '', 'secure' => is_definitely_ssl(), 'httponly'=>true, 'samesite' => 'Strict']);
}else{
setcookie($name, $value, 0, '/', '', is_definitely_ssl(), true);
}
}
function write_new_session($password){ function write_new_session($password){
global $I, $U, $db; global $I, $U, $db;
$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'sessions WHERE nickname=?;'); $stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'sessions WHERE nickname=?;');
@ -2275,11 +2283,7 @@ function write_new_session($password){
if(password_verify($password, $temp['passhash'])){ if(password_verify($password, $temp['passhash'])){
$U=$temp; $U=$temp;
check_kicked(); check_kicked();
if (version_compare(PHP_VERSION, '7.3.0') >= 0) { set_secure_cookie(COOKIENAME, $U['session']);
setcookie(COOKIENAME, $U['session'], ['expires' => 0, 'path' => '/', 'domain' => '', 'secure' => is_definitely_ssl(), 'httponly'=>true, 'samesite' => 'Strict']);
}else{
setcookie(COOKIENAME, $U['session'], 0, '/', '', is_definitely_ssl(), true);
}
}else{ }else{
send_error("$I[userloggedin]<br>$I[wrongpass]"); send_error("$I[userloggedin]<br>$I[wrongpass]");
} }
@ -2306,11 +2310,7 @@ function write_new_session($password){
} }
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'sessions (session, nickname, status, refresh, style, lastpost, passhash, useragent, bgcolour, entry, timestamps, embed, incognito, ip, nocache, tz, eninbox, sortupdown, hidechatters, nocache_old) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);'); $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'sessions (session, nickname, status, refresh, style, lastpost, passhash, useragent, bgcolour, entry, timestamps, embed, incognito, ip, nocache, tz, eninbox, sortupdown, hidechatters, nocache_old) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);');
$stmt->execute([$U['session'], $U['nickname'], $U['status'], $U['refresh'], $U['style'], $U['lastpost'], $U['passhash'], $useragent, $U['bgcolour'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito'], $ip, $U['nocache'], $U['tz'], $U['eninbox'], $U['sortupdown'], $U['hidechatters'], $U['nocache_old']]); $stmt->execute([$U['session'], $U['nickname'], $U['status'], $U['refresh'], $U['style'], $U['lastpost'], $U['passhash'], $useragent, $U['bgcolour'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito'], $ip, $U['nocache'], $U['tz'], $U['eninbox'], $U['sortupdown'], $U['hidechatters'], $U['nocache_old']]);
if (version_compare(PHP_VERSION, '7.3.0') >= 0) { set_secure_cookie(COOKIENAME, $U['session']);
setcookie(COOKIENAME, $U['session'], ['expires' => 0, 'path' => '/', 'domain' => '', 'secure' => is_definitely_ssl(), 'httponly'=>true, 'samesite' => 'Strict']);
}else{
setcookie(COOKIENAME, $U['session'], 0, '/', '', is_definitely_ssl(), true);
}
if($U['status']>=3 && !$U['incognito']){ if($U['status']>=3 && !$U['incognito']){
add_system_message(sprintf(get_setting('msgenter'), style_this(htmlspecialchars($U['nickname']), $U['style']))); add_system_message(sprintf(get_setting('msgenter'), style_this(htmlspecialchars($U['nickname']), $U['style'])));
} }
@ -3286,7 +3286,7 @@ function send_headers(){
header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0'); header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
header('Expires: 0'); header('Expires: 0');
header('Referrer-Policy: no-referrer'); header('Referrer-Policy: no-referrer');
header("Content-Security-Policy: default-src 'self'; img-src *; media-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"); header("Content-Security-Policy: default-src 'self'; img-src * data:; media-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'");
header('X-Content-Type-Options: nosniff'); header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: sameorigin'); header('X-Frame-Options: sameorigin');
header('X-XSS-Protection: 1; mode=block'); header('X-XSS-Protection: 1; mode=block');
@ -4186,13 +4186,13 @@ function load_lang(){
if(isset($_REQUEST['lang']) && isset($L[$_REQUEST['lang']])){ if(isset($_REQUEST['lang']) && isset($L[$_REQUEST['lang']])){
$language=$_REQUEST['lang']; $language=$_REQUEST['lang'];
if(!isset($_COOKIE['language']) || $_COOKIE['language']!==$language){ if(!isset($_COOKIE['language']) || $_COOKIE['language']!==$language){
setcookie('language', $language); set_secure_cookie('language', $language);
} }
}elseif(isset($_COOKIE['language']) && isset($L[$_COOKIE['language']])){ }elseif(isset($_COOKIE['language']) && isset($L[$_COOKIE['language']])){
$language=$_COOKIE['language']; $language=$_COOKIE['language'];
}else{ }else{
$language=LANG; $language=LANG;
setcookie('language', $language); set_secure_cookie('language', $language);
} }
include('lang_en.php'); //always include English include('lang_en.php'); //always include English
if($language!=='en'){ if($language!=='en'){