diff --git a/CHANGELOG b/CHANGELOG index 1c3d678..a2dbb79 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,12 @@ +Version 1.13 - Sep. 15, 2015 +Switch from mysqli to PDO +More optimizations +Match case-insensitive @mention and also non-present members +Added topic field +Member password resetting by admins +Note revisioning +Added optional tiny JavaScript code to transfer less data with JavaScript enabled browsers + Version 1.12.3 - Aug. 18, 2015 Fix member registration diff --git a/README b/README index b95bfe0..b6fb262 100644 --- a/README +++ b/README @@ -29,7 +29,7 @@ It may even be the French word for "the" if you prefer. Translated from French t FEATURES: Optimized for TOR -No JavaScript +No JavaScript needed Cookies supported, but not needed Captcha Multiple languages @@ -54,6 +54,7 @@ And more INSTALLATION INSTRUCTIONS: You'll need to have mysql, php and a web-server installed. For the captcha feature, you also need php5-gd. +If you want to make the script even faster, install a memcached server and php5-memcached and change the configuaration to use memcached. This will lessen the database load. When you have everything installed, you'll have to create a database and a user for the chat in mysql. Then edit the configuration at the bottom of the script to reflect the appropriate database settings and to modify the chat settings the way you like them. Then copy the script to your web-server directory and call the script in your browser with a parameter like this: @@ -65,7 +66,7 @@ Note: If you updated the script, please visit http://(server)/(script-name).php? TRANSLATING: Copy lang_en.php and rename it to lang_YOUR_LANGCODE.php -Then edit the file and translate the messages into your language. +Then edit the file and translate the messages into your language and change $I to $T at the top. If you ever use a ' character, you have to escape it by using \' instead or the script will fail. When you are done, you have to edit the chat script, to include your translation. Simply add a line with 'lang_code' =>'Language name', diff --git a/README.md b/README.md index 8b498ce..0afbe94 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Features: --------- * Optimized for TOR -* No JavaScript +* No JavaScript needed * Cookies supported, but not needed * Captcha * Multiple languages @@ -39,6 +39,7 @@ Installation Instructions: -------------------------- You'll need to have mysql, php and a web-server installed. For the captcha feature, you also need php5-gd. +If you want to make the script even faster, install a memcached server and php5-memcached and change the configuaration to use memcached. This will lessen the database load. When you have everything installed, you'll have to create a database and a user for the chat in mysql. Then edit the configuration at the bottom of the script to reflect the appropriate database settings and to modify the chat settings the way you like them. Then copy the script to your web-server directory and call the script in your browser with a parameter like this: @@ -51,7 +52,7 @@ Translating: ------------ Copy lang_en.php and rename it to lang_YOUR_LANGCODE.php -Then edit the file and translate the messages into your language. +Then edit the file and translate the messages into your language and change $I to $T at the top. If you ever use a ' character, you have to escape it by using \' instead or the script will fail. When you are done, you have to edit the chat script, to include your translation. Simply add a line with 'lang_code' =>'Language name', diff --git a/chat.php b/chat.php index a9ecb18..2701c2b 100755 --- a/chat.php +++ b/chat.php @@ -31,14 +31,14 @@ $M=array();// Members: display names $P=array();// All present users $U=array();// This user data $countmods=0;// Present moderators +$db;// Database connection $memcached;// Memcached connection -$mysqli;// MySQL database connection load_config(); // set session variable to cookie if cookies are enabled -if(!isSet($_REQUEST['session']) && isSet($_COOKIE[$C['cookiename']])){ - $_REQUEST['session']=$_COOKIE[$C['cookiename']]; +if(!isSet($_REQUEST['session'])){ + if(isSet($_COOKIE[$C['cookiename']])) $_REQUEST['session']=$_COOKIE[$C['cookiename']]; + else $_REQUEST['session']=''; } -elseif(!isSet($_REQUEST['session'])) $_REQUEST['session']=''; load_fonts(); load_lang(); load_html(); @@ -46,11 +46,25 @@ check_db(); // main program: decide what to do based on queries if(!isSet($_REQUEST['action'])){ - if(check_init()<7) send_init(); + if(!check_init()) send_init(); send_login(); }elseif($_REQUEST['action']=='view'){ check_session(); - send_messages(); + send_messages(false); +}elseif($_REQUEST['action']=='jsview'){ + check_session(); + send_messages(true); +}elseif($_REQUEST['action']=='jsrefresh'){ + check_session(); + ob_start(); + print_messages(); + $msgs=ob_get_clean(); + ob_start(); + print_chatters(); + $chatters=ob_get_clean(); + $topic=get_setting('topic'); + if(!empty($topic)) $topic=sprintf($I['topic'], $topic); + echo json_encode(array($_REQUEST['id'], $msgs, $chatters, $topic)); }elseif($_REQUEST['action']=='redirect' && !empty($_GET['url'])){ send_redirect(); }elseif($_REQUEST['action']=='wait'){ @@ -92,46 +106,35 @@ if(!isSet($_REQUEST['action'])){ send_colours(); }elseif($_REQUEST['action']=='notes'){ check_session(); + if(!empty($_REQUEST['do']) && $_REQUEST['do']=='admin' && $U['status']>6) send_notes('admin'); if($U['status']<5) send_login(); send_notes('staff'); }elseif($_REQUEST['action']=='help'){ check_session(); send_help(); -}elseif($_REQUEST['action']=='admnotes'){ - check_session(); - if($U['status']<6) send_login(); - send_notes('admin'); }elseif($_REQUEST['action']=='admin'){ check_session(); if($U['status']<5) send_login(); - if(!isSet($_REQUEST['do'])){ - send_admin(); + if(empty($_REQUEST['do'])){ }elseif($_REQUEST['do']=='clean'){ if($_REQUEST['what']=='choose') send_choose_messages(); elseif($_REQUEST['what']=='selected') clean_selected(); elseif($_REQUEST['what']=='room') clean_room(); elseif($_REQUEST['what']=='nick') del_all_messages($_REQUEST['nickname'], $U['status'], 0); - send_admin(); }elseif($_REQUEST['do']=='kick'){ if(!isSet($_REQUEST['name'])) send_admin(); if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], true); else kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], false); - send_admin(); }elseif($_REQUEST['do']=='logout'){ if(!isSet($_REQUEST['name'])) send_admin(); logout_chatter($_REQUEST['name']); - send_admin(); }elseif($_REQUEST['do']=='sessions'){ if(isSet($_REQUEST['nick'])) kick_chatter(array($_REQUEST['nick']), '', false); send_sessions(); }elseif($_REQUEST['do']=='register'){ register_guest(3); - check_session(); - send_admin(); }elseif($_REQUEST['do']=='superguest'){ register_guest(2); - check_session(); - send_admin(); }elseif($_REQUEST['do']=='status'){ change_status(); }elseif($_REQUEST['do']=='regnew'){ @@ -149,28 +152,51 @@ if(!isSet($_REQUEST['action'])){ }elseif($_REQUEST['do']=='linkfilter'){ manage_linkfilter(); send_linkfilter(); + }elseif($_REQUEST['do']=='topic'){ + if(isSet($_REQUEST['topic'])) update_setting('topic', htmlspecialchars($_REQUEST['topic'])); + }elseif($_REQUEST['do']=='passreset'){ + passreset(); } send_admin(); }elseif($_REQUEST['action']=='setup'){ - if(check_init()<7) send_init(); + if(!check_init()) send_init(); update_db(); if(!valid_admin()) send_alogin(); - $settings=array('guestaccess', 'englobalpass', 'globalpass', 'msgenter', 'msgexit', 'msgmemreg', 'msgsureg', 'msgkick', 'msgmultikick', 'msgallkick', 'msgclean', 'dateformat', 'captcha', 'colbg', 'coltxt', 'css', 'memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage', 'maxname', 'minpass', 'defaultrefresh', 'dismemcaptcha', 'suguests', 'imgembed', 'timestamps', 'trackip', 'captchachars', 'memkick', 'forceredirect', 'redirect', 'incognito', 'rulestxt'); - if(!isSet($_REQUEST['do'])){ + $C['bool_settings']=array('suguests', 'imgembed', 'timestamps', 'trackip', 'memkick', 'forceredirect', 'incognito', 'enablejs'); + $C['colour_settings']=array('colbg', 'coltxt'); + $C['msg_settings']=array('msgenter', 'msgexit', 'msgmemreg', 'msgsureg', 'msgkick', 'msgmultikick', 'msgallkick', 'msgclean', 'msgsendall', 'msgsendmem', 'msgsendmod', 'msgsendadm', 'msgsendprv'); + $C['number_settings']=array('memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage', 'maxname', 'minpass', 'defaultrefresh', 'numnotes'); + $C['textarea_settings']=array('rulestxt', 'css'); + $C['text_settings']=array('dateformat', 'captchachars', 'redirect', 'chatname'); + $C['settings']=array('guestaccess', 'englobalpass', 'globalpass', 'captcha', 'dismemcaptcha', 'topic')+$C['bool_settings']+$C['colour_settings']+$C['msg_settings']+$C['number_settings']+$C['text_settings']; // All settings in the database + if(empty($_REQUEST['do'])){ + }elseif($_REQUEST['do']=='save'){ + foreach($C['msg_settings'] as $setting) $_REQUEST[$setting]=htmlspecialchars($_REQUEST[$setting]); + foreach($C['number_settings'] as $setting) settype($_REQUEST[$setting], 'int'); + $_REQUEST['rulestxt']=preg_replace("/(\r?\n|\r\n?)/", '
', $_REQUEST['rulestxt']); + $_REQUEST['chatname']=htmlspecialchars($_REQUEST['chatname']); + if(!preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['colbg'])) unset($_REQUEST['colbg']); + if(!preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['coltxt'])) unset($_REQUEST['coltxt']); + if($_REQUEST['memberexpire']<5) $_REQUEST['memberexpire']=5; + if($_REQUEST['captchatime']<30) $_REQUEST['memberexpire']=30; + if($_REQUEST['defaultrefresh']<5) $_REQUEST['defaultrefresh']=5; + elseif($_REQUEST['defaultrefresh']>150) $_REQUEST['defaultrefresh']=150; + if($_REQUEST['maxname']<1) $_REQUEST['maxname']=1; + elseif($_REQUEST['maxname']>50) $_REQUEST['maxname']=50; + if($_REQUEST['maxmessage']<1) $_REQUEST['maxmessage']=1; + elseif($_REQUEST['maxmessage']>20000) $_REQUEST['maxmessage']=20000; + if($_REQUEST['numnotes']<1) $_REQUEST['numnotes']=1; + foreach($C['settings'] as $setting){ + if(isSet($_REQUEST[$setting])) update_setting($setting, $_REQUEST[$setting]); + } }elseif($_REQUEST['do']=='backup' && $U['status']==8){ send_backup(); }elseif($_REQUEST['do']=='restore' && $U['status']==8){ restore_backup(); send_backup(); - }elseif($_REQUEST['do']=='save'){ - $_REQUEST['rulestxt']=preg_replace("/(\r?\n|\r\n?)/", '
', $_REQUEST['rulestxt']); - if($_REQUEST['memberexpire']<5) $_REQUEST['memberexpire']=5; - if($_REQUEST['captchatime']<30) $_REQUEST['memberexpire']=30; - if($_REQUEST['defaultrefresh']<5) $_REQUEST['defaultrefresh']=5; - if($_REQUEST['defaultrefresh']>150) $_REQUEST['defaultrefresh']=150; - foreach($settings as $setting){ - if(isSet($_REQUEST[$setting])) update_setting($setting, $_REQUEST[$setting]); - } + }elseif($_REQUEST['do']=='destroy' && $U['status']==8){ + if(isSet($_REQUEST['confirm'])) destroy_chat(); + else send_destroy_chat(); } send_setup(); }elseif($_REQUEST['action']=='init'){ @@ -178,7 +204,6 @@ if(!isSet($_REQUEST['action'])){ }else{ send_login(); } -mysqli_close($mysqli); exit; // html output subs @@ -190,9 +215,7 @@ function print_stylesheet(){ } function print_end(){ - global $mysqli; echo ''; - mysqli_close($mysqli); exit; } @@ -212,11 +235,6 @@ function frmadm($arg1=''){ return "<$H[form]>".hidden('action', 'admin').hidden('do', $arg1).hidden('session', $U['session']).hidden('lang', $C['lang']); } -function frmsetup($arg1=''){ - global $C, $H, $U; - return "<$H[form]>".hidden('action', 'setup').hidden('do', $arg1).hidden('session', $U['session']).hidden('lang', $C['lang']); -} - function hidden($arg1='', $arg2=''){ return ""; } @@ -230,17 +248,20 @@ function thr(){ } function print_start($class='', $ref=0, $url=''){ - global $H; + global $H, $I, $U; header('Content-Type: text/html; charset=UTF-8'); header('Pragma: no-cache'); header('Cache-Control: no-cache'); header('Expires: 0'); if(!empty($url)) header("Refresh: $ref; URL=$url"); echo "$H[meta_html]"; if(!empty($url)) echo ""; if($class=='init'){ + echo "$I[init]"; echo ""; }else{ + echo ''.get_setting('chatname').''; print_stylesheet(); } - echo "<$H[begin_body] class=\"$class\">"; + if(!empty($U['bgcolour'])) $style=" style=\"background-color:#$U[bgcolour];\""; else $style=''; + echo ""; } function send_redirect(){ @@ -258,7 +279,7 @@ function send_redirect(){ } function send_captcha(){ - global $C, $I, $memcached, $mysqli; + global $C, $I, $db, $memcached; $difficulty=get_setting('captcha'); if($difficulty==0) return; $captchachars=get_setting('captchachars'); @@ -272,10 +293,8 @@ function send_captcha(){ if($C['memcached']){ $memcached->set("$C[dbname]-$C[prefix]captcha-$randid", $code, get_setting('captchatime')); }else{ - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]captcha` (`id`, `time`, `code`) VALUES (?, ?, ?)"); - mysqli_stmt_bind_param($stmt, 'iis', $randid, $time, $code); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("INSERT INTO `$C[prefix]captcha` (`id`, `time`, `code`) VALUES (?, ?, ?)"); + $stmt->execute(array($randid, $time, $code)); } echo "$I[copy]"; if($difficulty==1){ @@ -398,25 +417,16 @@ function send_setup(){ thr(); echo "
$I[sysmessages]"; echo ''; - echo "'; - echo "'; - echo "'; - if(get_setting('suguests')) echo "'; - echo "'; - echo "'; - echo "'; - echo "'; + foreach($C['msg_settings'] as $setting) echo ''; echo '
 $I[msgenter] 
 $I[msgexit] 
 $I[msgmemreg] 
 $I[msgsureg] 
 $I[msgkick] 
 $I[msgmultikick] 
 $I[msgallkick] 
 $I[msgclean] 
 '.$I[$setting]." 
'; - $text_settings=array('dateformat', 'captchachars', 'redirect'); - foreach($text_settings as $setting){ + foreach($C['text_settings'] as $setting){ thr(); echo '
'.$I[$setting].''; echo ''; echo "'; echo '
'; } - $colour_settings=array('colbg', 'coltxt'); - foreach($colour_settings as $setting){ + foreach($C['colour_settings'] as $setting){ thr(); echo '
'.$I[$setting].''; echo ''; @@ -438,24 +448,21 @@ function send_setup(){ echo '"; echo ''; echo '
'; - $textarea_settings=array('rulestxt', 'css'); - foreach($textarea_settings as $setting){ + foreach($C['textarea_settings'] as $setting){ thr(); echo '
'.$I[$setting].''; echo ''; echo "'; echo '
'; } - $number_settings=array('memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage', 'maxname', 'minpass', 'defaultrefresh'); - foreach($number_settings as $setting){ + foreach($C['number_settings'] as $setting){ thr(); echo '
'.$I[$setting].''; echo ''; echo "'; echo '
'; } - $bool_settings=array('suguests', 'imgembed', 'timestamps', 'trackip', 'memkick', 'forceredirect', 'incognito'); - foreach($bool_settings as $setting){ + foreach($C['bool_settings'] as $setting){ thr(); echo '
'.$I[$setting].''; echo ''; @@ -467,79 +474,74 @@ function send_setup(){ } thr(); echo '
'.submit($I['apply']).'

'; - echo ''; - if($U['status']==8) echo ""; - echo "
<$H[form]>".hidden('action', 'setup').hidden('do', 'backup').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['backuprestore'])."<$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['logout'], 'id="exitbutton"')."
$H[credit]"; + if($U['status']==8){ + echo ''; + echo "'; + echo "
<$H[form]>".hidden('action', 'setup').hidden('do', 'backup').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['backuprestore']).'<$H[form]>".hidden('action', 'setup').hidden('do', 'destroy').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['destroy'], 'class="delbutton"').'

'; + } + echo "
<$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['logout'], 'id="exitbutton"')."
$H[credit]"; print_end(); } function restore_backup(){ - global $C, $mysqli, $settings; + global $C, $db; $code=json_decode($_REQUEST['restore'], true); if(isSet($_REQUEST['settings'])){ - foreach($settings as $setting){ + foreach($C['settings'] as $setting){ if(isSet($code['settings'][$setting])) update_setting($setting, $code['settings'][$setting]); } } if(isSet($_REQUEST['filter']) && (isSet($code['filters']) || isSet($code['linkfilters']))){ - mysqli_query($mysqli, "DELETE FROM `$C[prefix]filter`"); - mysqli_query($mysqli, "DELETE FROM `$C[prefix]linkfilter`"); - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]filter` (`match`, `replace`, `allowinpm`, `regex`, `kick`) VALUES (?, ?, ?, ?, ?)"); + $db->exec("DELETE FROM `$C[prefix]filter`"); + $db->exec("DELETE FROM `$C[prefix]linkfilter`"); + $stmt=$db->prepare("INSERT INTO `$C[prefix]filter` (`match`, `replace`, `allowinpm`, `regex`, `kick`) VALUES (?, ?, ?, ?, ?)"); foreach($code['filters'] as $filter){ - mysqli_stmt_bind_param($stmt, 'ssiii', $filter['match'], $filter['replace'], $filter['allowinpm'], $filter['regex'], $filter['kick']); - mysqli_stmt_execute($stmt); + $stmt->execute(array($filter['match'], $filter['replace'], $filter['allowinpm'], $filter['regex'], $filter['kick'])); } - mysqli_stmt_close($stmt); - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]linkfilter` (`match`, `replace`, `regex`) VALUES (?, ?, ?)"); + $stmt=$db->prepare("INSERT INTO `$C[prefix]linkfilter` (`match`, `replace`, `regex`) VALUES (?, ?, ?)"); foreach($code['linkfilters'] as $filter){ - mysqli_stmt_bind_param($stmt, 'ssi', $filter['match'], $filter['replace'], $filter['regex']); - mysqli_stmt_execute($stmt); + $stmt->execute(array($filter['match'], $filter['replace'], $filter['regex'])); } - mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]filter"); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]linkfilter"); } if(isSet($_REQUEST['members']) && isSet($code['members'])){ - mysqli_query($mysqli, "DELETE FROM `$C[prefix]members`"); - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `lastlogin`, `timestamps`, `embed`, `incognito`, `style`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + $db->exec("DELETE FROM `$C[prefix]members`"); + $stmt=$db->prepare("INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `lastlogin`, `timestamps`, `embed`, `incognito`, `style`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); foreach($code['members'] as $member){ - mysqli_stmt_bind_param($stmt, 'ssiisiiiisiiiis', $member['nickname'], $member['passhash'], $member['status'], $member['refresh'], $member['bgcolour'], $member['boxwidth'], $member['boxheight'], $member['notesboxwidth'], $member['notesboxheight'], $member['regedby'], $member['lastlogin'], $member['timestamps'], $member['embed'], $member['incognito'], $member['style']); - mysqli_stmt_execute($stmt); + $stmt->execute(array($member['nickname'], $member['passhash'], $member['status'], $member['refresh'], $member['bgcolour'], $member['boxwidth'], $member['boxheight'], $member['notesboxwidth'], $member['notesboxheight'], $member['regedby'], $member['lastlogin'], $member['timestamps'], $member['embed'], $member['incognito'], $member['style'])); } - mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); } if(isSet($_REQUEST['notes']) && isSet($code['notes'])){ - mysqli_query($mysqli, "DELETE FROM `$C[prefix]notes`"); - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]notes` (`type`, `lastedited`, `editedby`, `text`) VALUES (?, ?, ?, ?)"); + $db->exec("DELETE FROM `$C[prefix]notes`"); + $stmt=$db->prepare("INSERT INTO `$C[prefix]notes` (`type`, `lastedited`, `editedby`, `text`) VALUES (?, ?, ?, ?)"); foreach($code['notes'] as $note){ - mysqli_stmt_bind_param($stmt, 'siss', $note['type'], $note['lastedited'], $note['editedby'], $note['text']); - mysqli_stmt_execute($stmt); + $stmt->execute(array($note['type'], $note['lastedited'], $note['editedby'], $note['text'])); } - mysqli_stmt_close($stmt); } } function send_backup(){ - global $C, $H, $I, $U, $mysqli, $settings; + global $C, $H, $I, $U, $db; $code=array(); if($_REQUEST['do']=='backup'){ - if(isSet($_REQUEST['settings'])) foreach($settings as $setting) $code['settings'][$setting]=get_setting($setting); + if(isSet($_REQUEST['settings'])) foreach($C['settings'] as $setting) $code['settings'][$setting]=get_setting($setting); if(isSet($_REQUEST['filter'])){ - $result=mysqli_query($mysqli, "SELECT `match`, `replace`, `allowinpm`, `regex`, `kick` FROM `$C[prefix]filter`"); - while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $code['filters'][]=$filter; - $result=mysqli_query($mysqli, "SELECT `match`, `replace`, `regex` FROM `$C[prefix]linkfilter`"); - while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $code['linkfilters'][]=$filter; + $result=$db->query("SELECT `match`, `replace`, `allowinpm`, `regex`, `kick` FROM `$C[prefix]filter`"); + while($filter=$result->fetch(PDO::FETCH_ASSOC)) $code['filters'][]=$filter; + $result=$db->query("SELECT `match`, `replace`, `regex` FROM `$C[prefix]linkfilter`"); + while($filter=$result->fetch(PDO::FETCH_ASSOC)) $code['linkfilters'][]=$filter; } if(isSet($_REQUEST['members'])){ - $result=mysqli_query($mysqli, "SELECT `nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `lastlogin`, `timestamps`, `embed`, `incognito`, `style` FROM `$C[prefix]members`"); - while($member=mysqli_fetch_array($result, MYSQLI_ASSOC)) $code['members'][]=$member; + $result=$db->query("SELECT `nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `lastlogin`, `timestamps`, `embed`, `incognito`, `style` FROM `$C[prefix]members`"); + while($member=$result->fetch(PDO::FETCH_ASSOC)) $code['members'][]=$member; } if(isSet($_REQUEST['notes'])){ - $result=mysqli_query($mysqli, "SELECT `type`, `lastedited`, `editedby`, `text` FROM `$C[prefix]notes` WHERE `type`='admin' ORDER BY `id` DESC LIMIT 1"); - $code['notes'][]=mysqli_fetch_array($result, MYSQLI_ASSOC); - $result=mysqli_query($mysqli, "SELECT `type`, `lastedited`, `editedby`, `text` FROM `$C[prefix]notes` WHERE `type`='staff' ORDER BY `id` DESC LIMIT 1"); - $code['notes'][]=mysqli_fetch_array($result, MYSQLI_ASSOC); + $result=$db->query("SELECT `type`, `lastedited`, `editedby`, `text` FROM `$C[prefix]notes` WHERE `type`='admin' ORDER BY `id` DESC LIMIT 1"); + $code['notes'][]=$result->fetch(PDO::FETCH_ASSOC); + $result=$db->query("SELECT `type`, `lastedited`, `editedby`, `text` FROM `$C[prefix]notes` WHERE `type`='staff' ORDER BY `id` DESC LIMIT 1"); + $code['notes'][]=$result->fetch(PDO::FETCH_ASSOC); } } if(isSet($_REQUEST['settings'])) $chksettings=' checked'; else $chksettings=''; @@ -572,6 +574,15 @@ function send_backup(){ print_end(); } +function send_destroy_chat(){ + global $C, $H, $I, $U; + print_start('destroy_chat'); + echo "
$I[confirm]
"; + echo "<$H[form] target=\"_parent\">".hidden('action', 'setup').hidden('do', 'destroy').hidden('session', $U['session']).hidden('lang', $C['lang']).hidden('confirm', 'yes').submit($I['yes'], 'class="delbutton"').''; + echo "<$H[form]>".hidden('action', 'setup').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['no'], 'class="backbutton"').'
'; + print_end(); +} + function send_init(){ global $C, $H, $I, $L; print_start('init'); @@ -600,7 +611,7 @@ function send_alogin(){ global $C, $H, $I, $L; print_start('alogin'); echo "
<$H[form]>".hidden('action', 'setup').hidden('lang', $C['lang']).''; - echo ""; + echo ""; echo ""; send_captcha(); echo '
$I[nick]
$I[nick]
$I[pass]
'.submit($I['login']).'
'; @@ -613,7 +624,7 @@ function send_alogin(){ } function send_admin($arg=''){ - global $C, $H, $I, $U; + global $A, $C, $H, $I, $U, $db; $ga=get_setting('guestaccess'); print_start('admin'); $lines=parse_sessions(); @@ -640,11 +651,15 @@ function send_admin($arg=''){ echo frmadm('clean').'
'; echo " "; echo " 
"; - echo " "; + echo " '; echo submit($I['clean'], 'class="delbutton"').'
'; thr(); echo '
'.sprintf($I['kickchat'], get_setting('kickpenalty')).'
'; - echo frmadm('kick').""; + echo frmadm('kick')."
$I[kickmsg]  
"; echo "
$I[kickreason]  
$chlist"; echo submit($I['kick']).'
'; thr(); @@ -658,6 +673,10 @@ function send_admin($arg=''){ echo frmadm($view).'
'.submit($I['view']).'
'; } thr(); + echo "
$I[admtopic]"; + echo frmadm('topic').'
'; + echo submit($I['change']).'
'; + thr(); echo "
$I[guestacc]"; echo frmadm('guestaccess').''; echo ''; thr(); + echo "'; + thr(); echo "
$I[admmembers]"; echo frmadm('status')."
'.submit($I['change']).'
$I[passreset]"; + echo frmadm('passreset')."
'.submit($I['change']).'
$I[regguest]"; echo frmadm('register')."
"; thr(); @@ -827,8 +850,8 @@ function send_filter($arg=''){ if($C['memcached']) $filters=$memcached->get("$C[dbname]-$C[prefix]filter"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $filters=array(); - $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]filter`"); - while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $filters[]=$filter; + $result=$db->query("SELECT * FROM `$C[prefix]filter`"); + while($filter=$result->fetch(PDO::FETCH_ASSOC)) $filters[]=$filter; if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]filter", $filters); } foreach($filters as $filter){ @@ -861,7 +884,7 @@ function send_filter($arg=''){ } function send_linkfilter($arg=''){ - global $C, $H, $I, $U, $memcached, $mysqli; + global $C, $H, $I, $U, $db, $memcached; print_start('linkfilter'); echo "

$I[linkfilter]

$arg
"; thr(); @@ -873,8 +896,8 @@ function send_linkfilter($arg=''){ if($C['memcached']) $filters=$memcached->get("$C[dbname]-$C[prefix]linkfilter"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $filters=array(); - $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]linkfilter`"); - while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $filters[]=$filter; + $result=$db->query("SELECT * FROM `$C[prefix]linkfilter`"); + while($filter=$result->fetch(PDO::FETCH_ASSOC)) $filters[]=$filter; if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]linkfilter", $filters); } foreach($filters as $filter){ @@ -899,42 +922,52 @@ function send_linkfilter($arg=''){ } function send_frameset(){ - global $C, $H, $I, $U, $mysqli; + global $C, $H, $I, $U; header('Content-Type: text/html; charset=UTF-8'); header('Pragma: no-cache'); header('Cache-Control: no-cache'); header('Expires: 0'); echo "$H[meta_html]"; + echo ''.get_setting('chatname').''; print_stylesheet(); if(isSet($_COOKIE['test'])){ echo "<body>$I[noframes]$H[backtologin]</body>"; }else{ echo "<body>$I[noframes]$H[backtologin]</body>"; } - mysqli_close($mysqli); exit; } -function send_messages(){ +function send_messages($js){ global $C, $I, $U; - if(isSet($_COOKIE[$C['cookiename']])){ - $url="$_SERVER[SCRIPT_NAME]?action=view"; + if(!$js){ + if(isSet($_COOKIE[$C['cookiename']])){ + print_start('messages', $U['refresh'], "$_SERVER[SCRIPT_NAME]?action=view"); + if(get_setting('enablejs')==1) echo ""; + }else{ + print_start('messages', $U['refresh'], "$_SERVER[SCRIPT_NAME]?action=view&session=$U[session]&lang=$C[lang]"); + if(get_setting('enablejs')==1) echo ""; + } }else{ - $url="$_SERVER[SCRIPT_NAME]?action=view&session=$U[session]&lang=$C[lang]"; + print_start('messages'); } - print_start('messages', $U['refresh'], $url); echo ''; + echo '
'; + $topic=get_setting('topic'); + if(!empty($topic)) echo sprintf($I['topic'], $topic); + echo '
'; print_chatters(); - echo "$I[bottom]"; + echo "
$I[bottom]
"; print_messages(); + echo '
'; + if($js) echo ""; echo "$I[top]"; print_end(); } function send_notes($type){ - global $C, $H, $I, $U, $mysqli; + global $C, $H, $I, $U, $db; print_start('notes'); - $text=''; echo '
'; if($U['status']>=6){ - echo "
'; + echo "
<$H[form] target=\"view\">".hidden('action', 'admnotes').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['admnotes']).'
'; echo "
<$H[form] target=\"view\">".hidden('action', 'notes').hidden('do', 'admin').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['admnotes']).'<$H[form] target=\"view\">".hidden('action', 'notes').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['notes']).'
'; } if($type=='staff') echo "

$I[staffnotes]

"; @@ -942,37 +975,52 @@ function send_notes($type){ if(isset($_REQUEST['text'])){ if($C['msgencrypted']) $_REQUEST['text']=openssl_encrypt($_REQUEST['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); $time=time(); - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]notes` (`type`, `lastedited`, `editedby`, `text`) VALUES (?, ?, ?, ?)"); - mysqli_stmt_bind_param($stmt, 'siss', $type, $time, $U['nickname'], $_REQUEST['text']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("INSERT INTO `$C[prefix]notes` (`type`, `lastedited`, `editedby`, `text`) VALUES (?, ?, ?, ?)"); + $stmt->execute(array($type, $time, $U['nickname'], $_REQUEST['text'])); + $db->exec("DELETE FROM `$C[prefix]notes` WHERE `type`='$type' AND `id` NOT IN (SELECT * FROM (SELECT `id` FROM `$C[prefix]notes` WHERE `type`='$type' ORDER BY `id` DESC LIMIT ".get_setting('numnotes').') t )'); echo "$I[notessaved] "; } $dateformat=get_setting('dateformat'); - $stmt=mysqli_prepare($mysqli, "SELECT `lastedited`, `editedby`, `text` FROM `$C[prefix]notes` WHERE `type`=? ORDER BY `id` DESC LIMIT 1"); - mysqli_stmt_bind_param($stmt, 's', $type); - mysqli_stmt_execute($stmt); - mysqli_stmt_bind_result($stmt, $lastedited, $editedby, $text); - if(mysqli_stmt_fetch($stmt)) printf($I['lastedited'], $editedby, date($dateformat, $lastedited)); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("SELECT COUNT(*) FROM `$C[prefix]notes` WHERE `type`=?"); + $stmt->execute(array($type)); + $num=$stmt->fetch(PDO::FETCH_NUM); + if(!empty($_REQUEST['revision'])) $revision=intval($_REQUEST['revision']); else $revision=0; + $stmt=$db->prepare("SELECT * FROM `$C[prefix]notes` WHERE `type`=? ORDER BY `id` DESC LIMIT $revision, 1"); + $stmt->execute(array($type)); + if($note=$stmt->fetch(PDO::FETCH_ASSOC)) printf($I['lastedited'], $note['editedby'], date($dateformat, $note['lastedited'])); + else $note['text']=''; echo "

<$H[form]>"; - if($C['msgencrypted']) $text=openssl_decrypt($text, 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); - if($type=='staff') echo hidden('action', 'notes'); - else echo hidden('action', 'admnotes'); - echo hidden('session', $U['session']).hidden('lang', $C['lang'])."
'; - echo submit($I['savenotes']).'
'; + if($C['msgencrypted']) $note['text']=openssl_decrypt($note['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); + if($type=='admin') echo hidden('do', 'admin'); + echo hidden('action', 'notes').hidden('session', $U['session']).hidden('lang', $C['lang'])."
'; + echo submit($I['savenotes']).'
'; + if($num[0]>1){ + echo "
"; + if($revision<$num[0]-1){ + echo "'; + } + if($revision>0){ + echo "'; + } + echo '
$I[revisions]<$H[form]>".hidden('action', 'notes').hidden('session', $U['session']).hidden('lang', $C['lang']).hidden('revision', $revision+1); + if($type=='admin') echo hidden('do', 'admin'); + echo submit($I['older']).'<$H[form]>".hidden('action', 'notes').hidden('session', $U['session']).hidden('lang', $C['lang']).hidden('revision', $revision-1); + if($type=='admin') echo hidden('do', 'admin'); + echo submit($I['newer']).'
'; + } + echo ''; print_end(); } function send_approve_waiting(){ - global $C, $H, $I, $mysqli; + global $C, $H, $I, $db; print_start('approve_waiting'); echo "

$I[waitingroom]

"; - $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]sessions` WHERE `entry`=='0' AND `status`='1' ORDER BY `id`"); - if(mysqli_num_rows($result)>0){ + $result=$db->query("SELECT * FROM `$C[prefix]sessions` WHERE `entry`=='0' AND `status`='1' ORDER BY `id`"); + if($result->rowCount()>0){ echo frmadm('approve').''; echo ""; - while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ + while($temp=$result->fetch(PDO::FETCH_ASSOC)){ echo ''.hidden('alls[]', $temp['nickname']).""; } echo "
$I[sessnick]$I[sessua]
$temp[useragent]

"; @@ -988,7 +1036,7 @@ function send_approve_waiting(){ } function send_waiting_room(){ - global $C, $I, $U, $countmods, $mysqli; + global $C, $H, $I, $U, $countmods, $db; parse_sessions(); $ga=get_setting('guestaccess'); if($ga==3 && $countmods>0) $wait=false; @@ -1004,10 +1052,8 @@ function send_waiting_room(){ $timeleft=get_setting('entrywait')-(time()-$U['lastpost']); if($wait && ($timeleft<=0 || $ga==1)){ $U['entry']=$U['lastpost']; - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 's', $U['session']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `session`=?"); + $stmt->execute(array($U['session'])); send_frameset(); }elseif(!$wait && $U['entry']!=0){ send_frameset(); @@ -1025,7 +1071,8 @@ function send_waiting_room(){ }else{ echo "

$I[waitingroom]

".sprintf($I['admwaittext'], style_this($U['nickname'], $U['style'])).'


'.sprintf($I['waitreload'], $refresh).'



'; } - echo "
".hidden('action', 'wait').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['reload']).'
'; + echo "
<$H[form]>".hidden('action', 'wait').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['reload']).'
'; + echo "<$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['exit'], 'id="exitbutton"').''; $rulestxt=get_setting('rulestxt'); if(!empty($rulestxt)) echo "

$I[rules]

$rulestxt"; echo '
'; @@ -1063,9 +1110,9 @@ function send_post(){ echo '
'; if(!isSet($U['rejected'])) $U['rejected']=''; if(isSet($_REQUEST['multi']) && $_REQUEST['multi']=='on'){ - echo ""; + echo ""; }else{ - echo ""; + echo ""; } echo '
'.style_this($U['nickname'], $U['style']).':'.submit($I['talkto']).''; if($englobal!=1 || (isSet($_POST['globalpass']) && $_POST['globalpass']==get_setting('globalpass'))){ - echo ""; + echo ""; echo ""; send_captcha(); if($ga!=0){ @@ -1312,7 +1359,7 @@ function send_login(){ $rulestxt=get_setting('rulestxt'); if(!empty($rulestxt)) echo "

$I[rules]

$rulestxt
"; }else{ - echo ""; + echo ""; if($ga==0) echo ""; echo '
$I[nick]
$I[nick]
$I[pass]
$I[globalloginpass]
$I[globalloginpass]
$I[noguests]
'.submit($I['enter']).'
'; } @@ -1332,11 +1379,11 @@ function send_error($err){ } function print_chatters(){ - global $C, $G, $I, $M, $U, $mysqli; + global $C, $G, $I, $M, $U, $db; echo ''; if($U['status']>=5 && get_setting('guestaccess')==3){ - $result=mysqli_query($mysqli, "SELECT COUNT(*) FROM `$C[prefix]sessions` WHERE `entry`='0' AND `status`='1'"); - $temp=mysqli_fetch_array($result, MYSQLI_NUM); + $result=$db->query("SELECT COUNT(*) FROM `$C[prefix]sessions` WHERE `entry`='0' AND `status`='1'"); + $temp=$result->fetch(PDO::FETCH_NUM); if($temp[0]>0) echo ''; } if(!empty($M)){ @@ -1347,26 +1394,10 @@ function print_chatters(){ echo '
'.frmadm('approve').submit(sprintf($I['approveguests'], $temp[0])).' 
'; } -function print_memberslist(){ - global $A; - read_members(); - array_multisort(array_map('strtolower', array_keys($A)), SORT_ASC, SORT_STRING, $A); - foreach($A as $member){ - echo "'; - } -} - // session management function create_session($setup){ - global $C, $I, $U, $memcached, $mysqli; + global $C, $I, $U, $db, $memcached; $U['nickname']=preg_replace('/\s+/', '', $_REQUEST['nick']); $U['passhash']=md5(sha1(md5($U['nickname'].$_REQUEST['pass']))); if(isSet($_REQUEST['colour'])) $U['colour']=$_REQUEST['colour']; else $U['colour']=''; @@ -1377,22 +1408,18 @@ function create_session($setup){ if(get_setting('captcha')>0 && ($U['status']==1 || get_setting('dismemcaptcha')==0)){ if(!isSet($_REQUEST['challenge'])) send_error($I['wrongcaptcha']); if(!$C['memcached']){ - $stmt=mysqli_prepare($mysqli, "SELECT `code` FROM `$C[prefix]captcha` WHERE `id`=?"); - mysqli_stmt_bind_param($stmt, 'i', $_REQUEST['challenge']); - mysqli_stmt_execute($stmt); - mysqli_stmt_bind_result($stmt, $code); - if(!mysqli_stmt_fetch($stmt)) send_error($I['captchaexpire']); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("SELECT `code` FROM `$C[prefix]captcha` WHERE `id`=?"); + $stmt->execute(array($_REQUEST['challenge'])); + $stmt->bindColumn(1, $code); + if(!$stmt->fetch(PDO::FETCH_BOUND)) send_error($I['captchaexpire']); + $timeout=time()-get_setting('captchatime'); + $stmt=$db->prepare("DELETE FROM `$C[prefix]captcha` WHERE `id`=? OR `time`execute(array($_REQUEST['challenge'], $timeout)); }else{ if(!$code=$memcached->get("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]")) send_error($I['captchaexpire']); $memcached->delete("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]"); } if($_REQUEST['captcha']!=$code) send_error($I['wrongcaptcha']); - $timeout=time()-get_setting('captchatime'); - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]captcha` WHERE `id`=? OR `time`$U[kickmessage]"); } setcookie($C['cookiename'], $U['session']); - $H['begin_body']="body style=\"background-color:#$U[bgcolour];\""; $reentry=true; break; }else{ @@ -1433,60 +1459,41 @@ function write_new_session(){ }while(isSet($sids[$U['session']]));// check for hash collision if(isSet($_SERVER['HTTP_USER_AGENT'])) $useragent=htmlspecialchars($_SERVER['HTTP_USER_AGENT']); else $useragent=''; - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]sessions` (`session`, `nickname`, `status`, `refresh`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `bgcolour`, `notesboxwidth`, `notesboxheight`, `entry`, `timestamps`, `embed`, `incognito`, `ip`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); - mysqli_stmt_bind_param($stmt, 'ssiisisiiissiiiiiis', $U['session'], $U['nickname'], $U['status'], $U['refresh'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $useragent, $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito'], $_SERVER['REMOTE_ADDR']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + if(get_setting('trackip')) $ip=$_SERVER['REMOTE_ADDR']; + else $ip=''; + $stmt=$db->prepare("INSERT INTO `$C[prefix]sessions` (`session`, `nickname`, `status`, `refresh`, `style`, `lastpost`, `passhash`, `boxwidth`, `boxheight`, `useragent`, `bgcolour`, `notesboxwidth`, `notesboxheight`, `entry`, `timestamps`, `embed`, `incognito`, `ip`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute(array($U['session'], $U['nickname'], $U['status'], $U['refresh'], $U['style'], $U['lastpost'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $useragent, $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito'], $ip)); setcookie($C['cookiename'], $U['session']); if($U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgenter'), style_this($U['nickname'], $U['style']))); } } function approve_session(){ - global $C, $mysqli; + global $C, $db; if(isSet($_REQUEST['what'])){ if($_REQUEST['what']=='allowchecked' && isSet($_REQUEST['csid'])){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `nickname`=?"); - foreach($_REQUEST['csid'] as $nick){ - mysqli_stmt_bind_param($stmt, 's', $nick); - mysqli_stmt_execute($stmt); - } - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `nickname`=?"); + foreach($_REQUEST['csid'] as $nick) $stmt->execute(array($nick)); }elseif($_REQUEST['what']=='allowall' && isSet($_REQUEST['alls'])){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `nickname`=?"); - foreach($_REQUEST['alls'] as $nick){ - mysqli_stmt_bind_param($stmt, 's', $nick); - mysqli_stmt_execute($stmt); - } - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `nickname`=?"); + foreach($_REQUEST['alls'] as $nick) $stmt->execute(array($nick)); }elseif($_REQUEST['what']=='denychecked' && isSet($_REQUEST['csid'])){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`='".(60*(get_setting('kickpenalty')-get_setting('guestexpire'))+time())."', `status`='0', `kickmessage`=? WHERE `nickname`=? AND `status`='1'"); - foreach($_REQUEST['csid'] as $nick){ - mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['kickmessage'], $nick); - mysqli_stmt_execute($stmt); - } - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `lastpost`='".(60*(get_setting('kickpenalty')-get_setting('guestexpire'))+time())."', `status`='0', `kickmessage`=? WHERE `nickname`=? AND `status`='1'"); + foreach($_REQUEST['csid'] as $nick) $stmt->execute(array($_REQUEST['kickmessage'], $nick)); }elseif($_REQUEST['what']=='denyall' && isSet($_REQUEST['alls'])){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`='".(60*(get_setting('kickpenalty')-get_setting('guestexpire'))+time())."', `status`='0', `kickmessage`=? WHERE `nickname`=? AND `status`='1'"); - foreach($_REQUEST['alls'] as $nick){ - mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['kickmessage'], $nick); - mysqli_stmt_execute($stmt); - } - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `lastpost`='".(60*(get_setting('kickpenalty')-get_setting('guestexpire'))+time())."', `status`='0', `kickmessage`=? WHERE `nickname`=? AND `status`='1'"); + foreach($_REQUEST['alls'] as $nick) $stmt->execute(array($_REQUEST['kickmessage'], $nick)); } } } function check_login(){ - global $C, $I, $U, $mysqli; + global $C, $I, $U, $db; $ga=get_setting('guestaccess'); if(isSet($_POST['session'])){ - $stmt=mysqli_prepare($mysqli, "SELECT `session`, `nickname`, `status`, `refresh`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed`, `incognito` FROM `$C[prefix]sessions` WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 's', $_POST['session']); - mysqli_stmt_execute($stmt); - mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['status'], $U['refresh'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']); - if(mysqli_stmt_fetch($stmt)){ - mysqli_stmt_close($stmt); + $stmt=$db->prepare("SELECT * FROM `$C[prefix]sessions` WHERE `session`=?"); + $stmt->execute(array($_POST['session'])); + if($U=$stmt->fetch(PDO::FETCH_ASSOC)){ if($U['status']==0){ setcookie($C['cookiename'], false); send_error("$I[kicked]
$U[kickmessage]"); @@ -1494,7 +1501,6 @@ function check_login(){ setcookie($C['cookiename'], $U['session']); } }else{ - mysqli_stmt_close($stmt); setcookie($C['cookiename'], false); send_error($I['expire']); @@ -1508,10 +1514,8 @@ function check_login(){ } if($U['status']==1){ if($ga==2 || $ga==3){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`='0' WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 's', $U['session']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `entry`='0' WHERE `session`=?"); + $stmt->execute(array($U['session'])); $_REQUEST['session']=$U['session']; send_waiting_room(); } @@ -1519,44 +1523,35 @@ function check_login(){ } function kill_session(){ - global $C, $I, $U, $memcached, $mysqli; + global $C, $I, $U, $db, $memcached; parse_sessions(); setcookie($C['cookiename'], false); if(!isSet($U['session'])) send_error($I['expire']); if($U['status']==0) send_error("$I[kicked]
$U[kickmessage]"); - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]sessions` WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 's', $U['session']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("DELETE FROM `$C[prefix]sessions` WHERE `session`=?"); + $stmt->execute(array($U['session'])); if($U['status']==1){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `poster`='' WHERE `poster`=? AND `poststatus`='9'"); - mysqli_stmt_bind_param($stmt, 's', $U['nickname']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `recipient`='' WHERE `recipient`=? AND `poststatus`='9'"); - mysqli_stmt_bind_param($stmt, 's', $U['nickname']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? OR `by`=?"); - mysqli_stmt_bind_param($stmt, 'ss', $U['nickname'], $U['nickname']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]messages` SET `poster`='' WHERE `poster`=? AND `poststatus`='9'"); + $stmt->execute(array($U['nickname'])); + $stmt=$db->prepare("UPDATE `$C[prefix]messages` SET `recipient`='' WHERE `recipient`=? AND `poststatus`='9'"); + $stmt->execute(array($U['nickname'])); + $stmt=$db->prepare("DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? OR `by`=?"); + $stmt->execute(array($U['nickname'], $U['nickname'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } elseif($U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgexit'), style_this($U['nickname'], $U['style']))); } function kick_chatter($names, $mes, $purge){ - global $C, $P, $U, $mysqli; + global $C, $P, $U, $db; $lonick=''; $lines=parse_sessions(); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`='".(60*(get_setting('kickpenalty')-get_setting('guestexpire'))+time())."', `status`='0', `kickmessage`=? WHERE `session`=? AND `status`!='0'"); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `lastpost`='".(60*(get_setting('kickpenalty')-get_setting('guestexpire'))+time())."', `status`='0', `kickmessage`=? WHERE `session`=? AND `status`!='0'"); $i=0; foreach($names as $name){ foreach($lines as $temp){ if(($temp['nickname']==$U['nickname'] && $U['nickname']==$name) || ($U['status']>$temp['status'] && (($temp['nickname']==$name && $temp['status']>0) || ($name=='&' && $temp['status']==1)))){ - mysqli_stmt_bind_param($stmt, 'ss', $mes, $temp['session']); - mysqli_stmt_execute($stmt); + $stmt->execute(array($mes, $temp['session'])); if($purge) del_all_messages($temp['nickname'], 10, 0); $lonick.=style_this($temp['nickname'], $temp['style']).', '; ++$i; @@ -1564,7 +1559,6 @@ function kick_chatter($names, $mes, $purge){ } } } - mysqli_stmt_close($stmt); if(!empty($lonick)){ if($names[0]=='&'){ add_system_message(get_setting('msgallkick')); @@ -1582,34 +1576,26 @@ function kick_chatter($names, $mes, $purge){ } function logout_chatter($names){ - global $C, $P, $U, $memcached, $mysqli; + global $C, $P, $U, $db, $memcached; $lines=parse_sessions(); - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]sessions` WHERE `session`=? AND `status`prepare("DELETE FROM `$C[prefix]sessions` WHERE `session`=? AND `status`prepare("UPDATE `$C[prefix]messages` SET `poster`='' WHERE `poster`=? AND `poststatus`='9'"); + $stmt2=$db->prepare("UPDATE `$C[prefix]messages` SET `recipient`='' WHERE `recipient`=? AND `poststatus`='9'"); + $stmt3=$db->prepare("DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? OR `by`=?"); foreach($names as $name){ foreach($lines as $temp){ if($temp['nickname']==$name || ($name=='&' && $temp['status']==1)){ - mysqli_stmt_bind_param($stmt, 'si', $temp['session'], $U['status']); - mysqli_stmt_execute($stmt); + $stmt->execute(array($temp['session'], $U['status'])); if($temp['status']==1){ - mysqli_stmt_bind_param($stmt1, 's', $temp['nickname']); - mysqli_stmt_bind_param($stmt2, 's', $temp['nickname']); - mysqli_stmt_bind_param($stmt3, 'ss', $temp['nickname'], $temp['nickname']); - mysqli_stmt_execute($stmt1); - mysqli_stmt_execute($stmt2); - mysqli_stmt_execute($stmt3); + $stmt1->execute(array($temp['nickname'])); + $stmt2->execute(array($temp['nickname'])); + $stmt3->execute(array($temp['nickname'], $temp['nickname'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } unset($P[$name]); } } } - mysqli_stmt_close($stmt); - mysqli_stmt_close($stmt1); - mysqli_stmt_close($stmt2); - mysqli_stmt_close($stmt3); } function check_session(){ @@ -1635,39 +1621,30 @@ function get_nowchatting(){ } function parse_sessions(){ - global $C, $G, $H, $M, $P, $U, $countmods, $memcached, $mysqli; - $result=mysqli_query($mysqli, "SELECT `nickname`, `status`, `session` FROM `$C[prefix]sessions` WHERE (`lastpost`<'".(time()-60*get_setting('guestexpire'))."' AND `status`<='2') OR (`lastpost`<'".(time()-60*get_setting('memberexpire'))."' AND `status`>'2')"); - if(mysqli_num_rows($result)>0){ - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]sessions` WHERE `nickname`=?"); - $stmt1=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `poster`='' WHERE `poster`=? AND `poststatus`='9'"); - $stmt2=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `recipient`='' WHERE `recipient`=? AND `poststatus`='9'"); - $stmt3=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? OR `by`=?"); - while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ - mysqli_stmt_bind_param($stmt, 's', $temp['nickname']); - mysqli_stmt_execute($stmt); + global $C, $G, $M, $P, $U, $countmods, $db, $memcached; + $result=$db->query("SELECT `nickname`, `status`, `session` FROM `$C[prefix]sessions` WHERE (`status`<='2' AND `lastpost`<'".(time()-60*get_setting('guestexpire'))."') OR (`status`>'2' AND `lastpost`<'".(time()-60*get_setting('memberexpire'))."')"); + if($result->rowCount()>0){ + $stmt=$db->prepare("DELETE FROM `$C[prefix]sessions` WHERE `nickname`=?"); + $stmt1=$db->prepare("UPDATE `$C[prefix]messages` SET `poster`='' WHERE `poster`=? AND `poststatus`='9'"); + $stmt2=$db->prepare("UPDATE `$C[prefix]messages` SET `recipient`='' WHERE `recipient`=? AND `poststatus`='9'"); + $stmt3=$db->prepare("DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? OR `by`=?"); + while($temp=$result->fetch(PDO::FETCH_ASSOC)){ + $stmt->execute(array($temp['nickname'])); if($temp['status']<=1){ - mysqli_stmt_bind_param($stmt1, 's', $temp['nickname']); - mysqli_stmt_bind_param($stmt2, 's', $temp['nickname']); - mysqli_stmt_bind_param($stmt3, 'ss', $temp['nickname'], $temp['nickname']); - mysqli_stmt_execute($stmt1); - mysqli_stmt_execute($stmt2); - mysqli_stmt_execute($stmt3); + $stmt1->execute(array($temp['nickname'])); + $stmt2->execute(array($temp['nickname'])); + $stmt3->execute(array($temp['nickname'], $temp['nickname'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } } - mysqli_stmt_close($stmt); - mysqli_stmt_close($stmt1); - mysqli_stmt_close($stmt2); - mysqli_stmt_close($stmt3); } $lines=array(); - $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]sessions` ORDER BY `status` DESC, `lastpost` DESC"); - while($line=mysqli_fetch_array($result, MYSQLI_ASSOC)) $lines[]=$line; + $result=$db->query("SELECT * FROM `$C[prefix]sessions` ORDER BY `status` DESC, `lastpost` DESC"); + while($line=$result->fetch(PDO::FETCH_ASSOC)) $lines[]=$line; if(!empty($_REQUEST['session'])){ foreach($lines as $temp){ if($temp['session']==$_REQUEST['session']){ $U=$temp; - $H['begin_body']="body style=\"background-color:#$U[bgcolour];\""; break; } } @@ -1696,33 +1673,27 @@ function parse_sessions(){ // member handling function check_member(){ - global $C, $I, $U, $mysqli; - $stmt=mysqli_prepare($mysqli, "SELECT `nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `lastlogin`, `timestamps`, `embed`, `incognito`, `style` FROM `$C[prefix]members` WHERE `nickname`=?"); - mysqli_stmt_bind_param($stmt, 's', $U['nickname']); - mysqli_stmt_execute($stmt); - mysqli_stmt_bind_result($stmt, $temp['nickname'], $temp['passhash'], $temp['status'], $temp['refresh'], $temp['bgcolour'], $temp['boxwidth'], $temp['boxheight'], $temp['notesboxwidth'], $temp['notesboxheight'], $temp['lastlogin'], $temp['timestamps'], $temp['embed'], $temp['incognito'], $temp['style']); - if(mysqli_stmt_fetch($stmt)){ + global $C, $I, $U, $db; + $stmt=$db->prepare("SELECT * FROM `$C[prefix]members` WHERE `nickname`=?"); + $stmt->execute(array($U['nickname'])); + if($temp=$stmt->fetch(PDO::FETCH_ASSOC)){ if($temp['passhash']==$U['passhash']){ - mysqli_stmt_close($stmt); $U=$temp; $time=time(); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]members` SET `lastlogin`=? WHERE `nickname`=?"); - mysqli_stmt_bind_param($stmt, 'is', $time, $U['nickname']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]members` SET `lastlogin`=? WHERE `nickname`=?"); + $stmt->execute(array($time, $U['nickname'])); }else{ - mysqli_stmt_close($stmt); send_error($I['wrongpass']); } } } function read_members(){ - global $A, $C, $memcached, $mysqli; + global $A, $C, $db, $memcached; if($C['memcached']) $A=$memcached->get("$C[dbname]-$C[prefix]members"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ - $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]members`"); - while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ + $result=$db->query("SELECT * FROM `$C[prefix]members`"); + while($temp=$result->fetch(PDO::FETCH_ASSOC)){ $A[$temp['nickname']][0]=$temp['nickname']; $A[$temp['nickname']][1]=$temp['status']; $A[$temp['nickname']][2]=$temp['style']; @@ -1732,37 +1703,30 @@ function read_members(){ } function register_guest($status){ - global $A, $C, $I, $P, $U, $memcached, $mysqli; + global $A, $C, $I, $P, $U, $db, $memcached; if(empty($_REQUEST['name'])) send_admin(); if(!isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); read_members(); if(isSet($A[$_REQUEST['name']])) send_admin(sprintf($I['alreadyreged'], $_REQUEST['name'])); - $stmt=mysqli_prepare($mysqli, "SELECT `session`, `nickname`, `passhash`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito`, `style` FROM `$C[prefix]sessions` WHERE `nickname`=? AND `status`='1'"); - mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); - mysqli_stmt_execute($stmt); - mysqli_stmt_bind_result($stmt, $reg['session'], $reg['nickname'], $reg['passhash'], $reg['refresh'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito'], $reg['style']); - if(mysqli_stmt_fetch($stmt)){ - mysqli_stmt_close($stmt); + $stmt=$db->prepare("SELECT * FROM `$C[prefix]sessions` WHERE `nickname`=? AND `status`='1'"); + $stmt->execute(array($_REQUEST['name'])); + if($reg=$stmt->fetch(PDO::FETCH_ASSOC)){ $reg['status']=$status; - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `status`=? WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 'is', $reg['status'], $reg['session']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `status`=? WHERE `session`=?"); + $stmt->execute(array($reg['status'], $reg['session'])); }else{ - mysqli_stmt_close($stmt); send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); } - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`, `style`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); - mysqli_stmt_bind_param($stmt, 'ssiisiiiisiiis', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $U['nickname'], $reg['timestamps'], $reg['embed'], $reg['incognito'], $reg['style']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`, `regedby`, `timestamps`, `embed`, `style`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute(array($reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $U['nickname'], $reg['timestamps'], $reg['embed'], $reg['style'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); if($reg['status']==3) add_system_message(sprintf(get_setting('msgmemreg'), style_this($reg['nickname'], $reg['style']))); else add_system_message(sprintf(get_setting('msgsureg'), style_this($reg['nickname'], $reg['style']))); + send_admin(sprintf($I['successreg'], $reg['nickname'])); } function register_new(){ - global $A, $C, $I, $P, $U, $memcached, $mysqli; + global $A, $C, $I, $P, $U, $db, $memcached; $_REQUEST['name']=preg_replace('/\s+/', '', $_REQUEST['name']); if(empty($_REQUEST['name'])) send_admin(); if(isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); @@ -1776,62 +1740,57 @@ function register_new(){ 'status' =>3, 'refresh' =>get_setting('defaultrefresh'), 'bgcolour' =>get_setting('colbg'), - 'boxwidth' =>40, - 'boxheight' =>3, - 'notesboxwidth' =>80, - 'notesboxheight'=>30, 'regedby' =>$U['nickname'], 'timestamps' =>get_setting('timestamps'), - 'embed' =>true, - 'incognito' =>false, 'style' =>'color:#'.get_setting('coltxt').';' ); - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `boxwidth`, `boxheight`,`notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`, `style`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); - mysqli_stmt_bind_param($stmt, 'ssiisiiiisiiis', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['regedby'], $reg['timestamps'], $reg['embed'], $reg['incognito'], $reg['style']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `bgcolour`, `regedby`, `timestamps`, `style`) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute(array($reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['bgcolour'], $reg['regedby'], $reg['timestamps'], $reg['style'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); send_admin(sprintf($I['successreg'], $reg['nickname'])); } function change_status(){ - global $C, $I, $U, $memcached, $mysqli; + global $C, $I, $U, $db, $memcached; if(empty($_REQUEST['name'])) send_admin(); if($U['status']<=$_REQUEST['set'] || !preg_match('/^[023567\-]$/', $_REQUEST['set'])) send_admin(sprintf($I['cantchgstat'], $_REQUEST['name'])); - $stmt=mysqli_prepare($mysqli, "SELECT * FROM `$C[prefix]members` WHERE `nickname`=? AND `status`0){ - mysqli_stmt_free_result($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("SELECT * FROM `$C[prefix]members` WHERE `nickname`=? AND `status`execute(array($_REQUEST['name'], $U['status'])); + if($stmt->rowCount()>0){ if($_REQUEST['set']=='-'){ - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]members` WHERE `nickname`=?"); - mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `status`='1' WHERE `nickname`=?"); - mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("DELETE FROM `$C[prefix]members` WHERE `nickname`=?"); + $stmt->execute(array($_REQUEST['name'])); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `status`='1' WHERE `nickname`=?"); + $stmt->execute(array($_REQUEST['name'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); send_admin(sprintf($I['succdel'], $_REQUEST['name'])); }else{ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]members` SET `status`=? WHERE `nickname`=?"); - mysqli_stmt_bind_param($stmt, 'is', $_REQUEST['set'], $_REQUEST['name']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `status`=? WHERE `nickname`=?"); - mysqli_stmt_bind_param($stmt, 'is', $_REQUEST['set'], $_REQUEST['name']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]members` SET `status`=? WHERE `nickname`=?"); + $stmt->execute(array($_REQUEST['set'], $_REQUEST['name'])); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `status`=? WHERE `nickname`=?"); + $stmt->execute(array($_REQUEST['set'], $_REQUEST['name'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); send_admin(sprintf($I['succchg'], $_REQUEST['name'])); } }else{ send_admin(sprintf($I['cantchgstat'], $_REQUEST['name'])); - mysqli_stmt_free_result($stmt); - mysqli_stmt_close($stmt); + } +} + +function passreset(){ + global $C, $I, $U, $db; + if(empty($_REQUEST['name'])) send_admin(); + $stmt=$db->prepare("SELECT * FROM `$C[prefix]members` WHERE `nickname`=? AND `status`execute(array($_REQUEST['name'], $U['status'])); + if($stmt->rowCount()>0){ + $passhash=md5(sha1(md5($_REQUEST['name'].$_REQUEST['pass']))); + $stmt=$db->prepare("UPDATE `$C[prefix]members` SET `passhash`=? WHERE `nickname`=?"); + $stmt->execute(array($passhash, $_REQUEST['name'])); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `passhash`=? WHERE `nickname`=?"); + $stmt->execute(array($passhash, $_REQUEST['name'])); + send_admin(sprintf($I['succpassreset'], $_REQUEST['name'])); + }else{ + send_admin(sprintf($I['cantresetpass'], $_REQUEST['name'])); } } @@ -1864,7 +1823,7 @@ function amend_profile(){ } function save_profile(){ - global $C, $I, $U, $memcached, $mysqli; + global $C, $I, $U, $db, $memcached; if(!isSet($_REQUEST['oldpass'])) $_REQUEST['oldpass']=''; if(!isSet($_REQUEST['newpass'])) $_REQUEST['newpass']=''; if(!isSet($_REQUEST['confirmpass'])) $_REQUEST['confirmpass']=''; @@ -1879,39 +1838,30 @@ function save_profile(){ if($U['passhash']!==$U['oldhash']) send_profile($I['wrongpass']); $U['passhash']=$U['newhash']; amend_profile(); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `refresh`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 'issiisiiiiis', $U['refresh'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['session']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `refresh`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `session`=?"); + $stmt->execute(array($U['refresh'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['session'])); if($U['status']>=2){ - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]members` SET `passhash`=?, `refresh`=?, `bgcolour`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=?, `style`=? WHERE `nickname`=?"); - mysqli_stmt_bind_param($stmt, 'sisiiiiiiiss', $U['passhash'], $U['refresh'], $U['bgcolour'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['style'], $U['nickname']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]members` SET `passhash`=?, `refresh`=?, `bgcolour`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=?, `style`=? WHERE `nickname`=?"); + $stmt->execute(array($U['passhash'], $U['refresh'], $U['bgcolour'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['style'], $U['nickname'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); } if(!empty($_REQUEST['unignore'])){ - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? AND `by`=?"); - mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['unignore'], $U['nickname']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? AND `by`=?"); + $stmt->execute(array($_REQUEST['unignore'], $U['nickname'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } if(!empty($_REQUEST['ignore'])){ - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]ignored` (`ignored`,`by`) VALUES (?, ?)"); - mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['ignore'], $U['nickname']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("INSERT INTO `$C[prefix]ignored` (`ignored`, `by`) VALUES (?, ?)"); + $stmt->execute(array($_REQUEST['ignore'], $U['nickname'])); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } send_profile($I['succprofile']); } function add_user_defaults(){ - global $H, $U; + global $U; if(!isSet($U['refresh'])) $U['refresh']=get_setting('defaultrefresh'); if(!isSet($U['bgcolour'])) $U['bgcolour']=get_setting('colbg'); - $H['begin_body']="body style=\"background-color:#$U[bgcolour];\""; if(!isSet($U['style']) && !preg_match('/^[a-f0-9]{6}$/i', $U['colour'])){ do{ $U['colour']=sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)); @@ -1926,13 +1876,12 @@ function add_user_defaults(){ if(!isSet($U['embed'])) $U['embed']=true; if(!isSet($U['incognito'])) $U['incognito']=false; $U['entry']=$U['lastpost']=time(); - $U['postid']='OOOOOO'; } // message handling function validate_input(){ - global $C, $P, $U, $mysqli; + global $C, $P, $U, $db; $maxmessage=get_setting('maxmessage'); $U['message']=substr($_REQUEST['message'], 0, $maxmessage); $U['rejected']=substr($_REQUEST['message'], $maxmessage); @@ -1966,16 +1915,16 @@ function validate_input(){ $U['recipient']=''; if($_REQUEST['sendto']=='*'){ $U['poststatus']='1'; - $U['displaysend']=style_this($U['nickname'], $U['style']).' - '; + $U['displaysend']=sprintf(get_setting('msgsendall'), style_this($U['nickname'], $U['style'])); }elseif($_REQUEST['sendto']=='?' && $U['status']>=3){ $U['poststatus']='3'; - $U['displaysend']='[M] '.style_this($U['nickname'], $U['style']).' - '; + $U['displaysend']=sprintf(get_setting('msgsendmem'), style_this($U['nickname'], $U['style'])); }elseif($_REQUEST['sendto']=='#' && $U['status']>=5){ $U['poststatus']='5'; - $U['displaysend']='[Staff] '.style_this($U['nickname'], $U['style']).' - '; + $U['displaysend']=sprintf(get_setting('msgsendmod'), style_this($U['nickname'], $U['style'])); }elseif($_REQUEST['sendto']=='&' && $U['status']>=6){ $U['poststatus']='6'; - $U['displaysend']='[Admin] '.style_this($U['nickname'], $U['style']).' - '; + $U['displaysend']=sprintf(get_setting('msgsendadm'), style_this($U['nickname'], $U['style'])); }else{// known nick in room? $ignored=get_ignored(); $ignore=false; @@ -1997,7 +1946,7 @@ function validate_input(){ if(!empty($U['recipient'])){ $U['poststatus']='9'; $U['delstatus']='9'; - $U['displaysend']='['.style_this($U['nickname'], $U['style'])." to $U[displayrecp]] - "; + $U['displaysend']=sprintf(get_setting('msgsendprv'), style_this($U['nickname'], $U['style']), $U['displayrecp']); }else{// nick left already or ignores us $U['message']=''; $U['rejected']=''; @@ -2009,27 +1958,34 @@ function validate_input(){ apply_linkfilter(); if(add_message()){ $U['lastpost']=time(); - $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`=?, `postid`=? WHERE `session`=?"); - mysqli_stmt_bind_param($stmt, 'iis', $U['lastpost'], $_REQUEST['postid'], $U['session']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("UPDATE `$C[prefix]sessions` SET `lastpost`=?, `postid`=? WHERE `session`=?"); + $stmt->execute(array($U['lastpost'], $_REQUEST['postid'], $U['session'])); } } } function apply_filter(){ - global $C, $I, $U, $memcached, $mysqli; + global $C, $I, $U, $db, $memcached; if($U['poststatus']!=9 && preg_match('~^/me~i', $U['message'])){ $U['displaysend']=substr($U['displaysend'], 0, -3); $U['message']=preg_replace("~^/me~i", '', $U['message']); } - $U['message']=preg_replace_callback('/\@([a-z0-9]{1,})/i', function ($matched){ global $P; if(isSet($P[$matched[1]])) return style_this($matched[0], $P[$matched[1]][1]); else return "$matched[0]";}, $U['message']); + $U['message']=preg_replace_callback('/\@([a-z0-9]{1,})/i', function ($matched){ + global $A, $P; + if(isSet($P[$matched[1]])) return style_this($matched[0], $P[$matched[1]][1]); + $nick=strtolower($matched[1]); + foreach($P as $user){ if(strtolower($user[0])==$nick) return style_this($matched[0], $user[1]);} + read_members(); + if(isSet($A[$matched[1]])) return style_this($matched[0], $A[$matched[1]][2]); + foreach($A as $user){ if(strtolower($user[0])==$nick) return style_this($matched[0], $user[2]);} + return "$matched[0]"; + }, $U['message']); if($C['memcached']) $filters=$memcached->get("$C[dbname]-$C[prefix]filter"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $filters=array(); - $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]filter`"); - while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $filters[]=$filter; + $result=$db->query("SELECT * FROM `$C[prefix]filter`"); + while($filter=$result->fetch(PDO::FETCH_ASSOC)) $filters[]=$filter; if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]filter", $filters); } foreach($filters as $filter){ @@ -2043,12 +1999,12 @@ function apply_filter(){ } function apply_linkfilter(){ - global $C, $U, $memcached, $mysqli; + global $C, $U, $db, $memcached; if($C['memcached']) $filters=$memcached->get("$C[dbname]-$C[prefix]linkfilter"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $filters=array(); - $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]linkfilter`"); - while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $filters[]=$filter; + $result=$db->query("SELECT * FROM `$C[prefix]linkfilter`"); + while($filter=$result->fetch(PDO::FETCH_ASSOC)) $filters[]=$filter; if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]linkfilter", $filters); } foreach($filters as $filter){ @@ -2113,17 +2069,13 @@ function add_system_message($mes){ } function write_message($message){ - global $C, $mysqli; + global $C, $db; if($C['msgencrypted']) $message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); - $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]messages` (`postdate`, `poststatus`, `poster`, `recipient`, `text`, `delstatus`) VALUES (?, ?, ?, ?, ?, ?)"); - mysqli_stmt_bind_param($stmt, 'iisssi', $message['postdate'], $message['poststatus'], $message['poster'], $message['recipient'], $message['text'], $message['delstatus']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("INSERT INTO `$C[prefix]messages` (`postdate`, `poststatus`, `poster`, `recipient`, `text`, `delstatus`) VALUES (?, ?, ?, ?, ?, ?)"); + $stmt->execute(array($message['postdate'], $message['poststatus'], $message['poster'], $message['recipient'], $message['text'], $message['delstatus'])); $limit=$C['keeplimit']*get_setting('messagelimit'); - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `id` NOT IN (SELECT `id` FROM (SELECT `id` FROM `$C[prefix]messages` ORDER BY `id` DESC LIMIT ?) t )"); - mysqli_stmt_bind_param($stmt, 'i', $limit); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + // Delete old messages - ignore possible deadlock warning + @$db->exec("DELETE FROM `$C[prefix]messages` WHERE `id` NOT IN (SELECT * FROM (SELECT `id` FROM `$C[prefix]messages` ORDER BY `id` DESC LIMIT $limit) t )"); if($C['sendmail'] && $message['poststatus']<9){ $subject='New Chat message'; $headers="From: $C[mailsender]\r\nX-Mailer: PHP/".phpversion()."\r\nContent-Type: text/html; charset=UTF-8\r\n"; @@ -2133,55 +2085,38 @@ function write_message($message){ } function clean_room(){ - global $C, $mysqli; - mysqli_query($mysqli, "DELETE FROM `$C[prefix]messages`"); + global $C, $db; + $db->query("DELETE FROM `$C[prefix]messages`"); $msg=get_setting('msgclean'); - if(empty($msg)) return; - $sysmessage=array( - 'postdate' =>time(), - 'poster' =>'', - 'recipient' =>'', - 'poststatus' =>1, - 'text' =>sprintf($msg, $C['chatname']), - 'delstatus' =>9 - ); - write_message($sysmessage); + add_system_message(sprintf($msg, get_setting('chatname'))); } function clean_selected(){ - global $C, $mysqli; + global $C, $db; if(isSet($_REQUEST['mid'])){ - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `id`=?"); - foreach($_REQUEST['mid'] as $mid){ - mysqli_stmt_bind_param($stmt, 'i', $mid); - mysqli_stmt_execute($stmt); - } - mysqli_stmt_close($stmt); + $stmt=$db->prepare("DELETE FROM `$C[prefix]messages` WHERE `id`=?"); + foreach($_REQUEST['mid'] as $mid) $stmt->execute(array($mid)); } } function del_all_messages($nick, $status, $entry){ - global $C, $U, $mysqli; + global $C, $U, $db; if($nick==$U['nickname']) $status=10; if($U['status']>1) $entry=0; - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `poster`=? AND `delstatus`?"); - mysqli_stmt_bind_param($stmt, 'sii', $nick, $status, $entry); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("DELETE FROM `$C[prefix]messages` WHERE `poster`=? AND `delstatus`?"); + $stmt->execute(array($nick, $status, $entry)); } function del_last_message(){ - global $C, $U, $mysqli; + global $C, $U, $db; if($U['status']>1) $entry=0; else $entry=$U['entry']; - $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `poster`=? AND `postdate`>? ORDER BY `id` DESC LIMIT 1"); - mysqli_stmt_bind_param($stmt, 'si', $U['nickname'], $entry); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + $stmt=$db->prepare("DELETE FROM `$C[prefix]messages` WHERE `poster`=? AND `postdate`>? ORDER BY `id` DESC LIMIT 1"); + $stmt->execute(array($U['nickname'], $entry)); } function print_messages($delstatus=''){ - global $C, $U, $mysqli; + global $C, $U, $db; $dateformat=get_setting('dateformat'); $messagelimit=get_setting('messagelimit'); if(!isSet($_COOKIE[$C['cookiename']]) && get_setting('forceredirect')==0){ @@ -2190,15 +2125,14 @@ function print_messages($delstatus=''){ if(empty($redirect)) $redirect="$_SERVER[SCRIPT_NAME]?action=redirect&url="; }else $injectRedirect=false; if(get_setting('imgembed') && (!$U['embed'] || !isSet($_COOKIE[$C['cookiename']]))) $removeEmbed=true; else $removeEmbed=false; - mysqli_query($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `postdate`<='".(time()-60*get_setting('messageexpire'))."' OR (`poster`='' AND `recipient`='' AND `poststatus`='9')"); + // Delete old messages - ignore possible deadlock warning + @$db->exec("DELETE FROM `$C[prefix]messages` WHERE (`poster`='' AND `recipient`='' AND `poststatus`='9') OR `postdate`<='".(time()-60*get_setting('messageexpire'))."'"); if(!empty($delstatus)){ - $stmt=mysqli_prepare($mysqli, "SELECT `postdate`, `id`, `text` FROM `$C[prefix]messages` WHERE ". - "`id` IN (SELECT * FROM (SELECT `id` FROM `$C[prefix]messages` WHERE `poststatus`='1' ORDER BY `id` DESC LIMIT ?) AS t) ". + $stmt=$db->prepare("SELECT `postdate`, `id`, `text` FROM `$C[prefix]messages` WHERE ". + "`id` IN (SELECT * FROM (SELECT `id` FROM `$C[prefix]messages` WHERE `poststatus`='1' ORDER BY `id` DESC LIMIT $messagelimit) AS t) ". "OR (`poststatus`>'1' AND (`poststatus`execute(array($U['status'], $U['nickname'], $U['nickname'])); + while($message=$stmt->fetch(PDO::FETCH_ASSOC)){ if($C['msgencrypted']) $message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); if($injectRedirect){ $message['text']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched) use ($redirect){ return "$matched[2]";}, $message['text']); @@ -2206,20 +2140,19 @@ function print_messages($delstatus=''){ if($removeEmbed){ $message['text']=preg_replace_callback('//', function ($matched){ return $matched[1];}, $message['text']); } - echo "