Various changes and additions

Bugfixes on logout and kicking
Moved rules to database to make changes more easily in the setup
2015-04-10 08:53:07 +02:00 · 2015-04-04 20:36:50 +02:00 · 2015-04-02 18:19:36 +02:00 · 2015-04-02 16:37:11 +02:00
6 changed files with 136 additions and 84 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+Version 1.4 - Apr. 10, 2015
+Various changes and additions
+
+Version 1.3 - Apr. 4, 2015
+Bugfixes on logout and kicking
+
+Version 1.2 - Apr. 2, 2015
+Include letters when generating captchas not only numbers
+Moved rules to database to make changes more easily in the setup
+
 Version 1.1 - Apr. 2, 2015
 Some simplifications
 Added ignore feature
--- a/1
+++ b/1
@ -60,6 +60,7 @@ Then copy the script to your web-server directory and call the script in your br
 	http://(server)/(script-name).php?action=setup
 Now you can create the Superadmin account. With this account you can administer the chat and add new members and set the guest access.
 As soon as you are done with the setup, all necessary database tables will be created and the chat can be used.
+Note: If you updated the script, please visit http://(server)/(script-name).php?action=setup again, to make sure, that any database changes are applied and no errors occure.

 TRANSLATING:

--- a/README.md
+++ b/README.md
@ -45,6 +45,7 @@ Then copy the script to your web-server directory and call the script in your br
 	http://(server)/(script-name).php?action=setup
 Now you can create the Superadmin account. With this account you can administer the chat and add new members and set the guest access.
 As soon as you are done with the setup, all necessary database tables will be created and the chat can be used.
+Note: If you updated the script, please visit http://(server)/(script-name).php?action=setup again, to make sure, that any database changes are applied and no errors occure.

 Translating:
 ------------
--- a/chat.php
+++ b/chat.php
@ -55,9 +55,9 @@ if(!isSet($_REQUEST['action'])){
 }elseif($_REQUEST['action']=='post'){
 	check_session();
 	if(isSet($_REQUEST['kick']) && isSet($_REQUEST['sendto']) && valid_nick($_REQUEST['sendto'])){
-		if($U['status']>=5 || ($countmods==0 && $U['status']>=3)){
-			kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message']);
-			if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') del_all_messages($_REQUEST['sendto']);
+		if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){
+			if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], true);
+			else kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], false);
 		}
 	}elseif(isSet($_REQUEST['message']) && isSet($_REQUEST['sendto']) && !preg_match('/^\s*$/',$_REQUEST['message'])){
 		validate_input();
@ -108,12 +108,8 @@ if(!isSet($_REQUEST['action'])){
 		send_admin();
 	}elseif($_REQUEST['do']=='kick'){
 		if(!isSet($_REQUEST['name'])) send_admin();
-		kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage']);
-		if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge'){
-			foreach($_REQUEST['name'] as $name){
-				del_all_messages($name);
-			}
-		}
+		if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], true);
+		else kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], false);
 		send_admin();
 	}elseif($_REQUEST['do']=='logout'){
 		if(!isSet($_REQUEST['name'])) send_admin();
@ -162,6 +158,11 @@ if(!isSet($_REQUEST['action'])){
 		}
 	}elseif($_REQUEST['do']=='messages'){
 		update_messages();
+	}elseif($_REQUEST['do']=='rules'){
+		$_REQUEST['rulestxt']=preg_replace("/\r\n/", '<br>', $_REQUEST['rulestxt']);
+		$_REQUEST['rulestxt']=preg_replace("/\n/", '<br>', $_REQUEST['rulestxt']);
+		$_REQUEST['rulestxt']=preg_replace("/\r/", '<br>', $_REQUEST['rulestxt']);
+		update_setting('rulestxt', $_REQUEST['rulestxt']);
 	}
 	send_setup();
 }elseif($_REQUEST['action']=='init'){
@ -243,17 +244,31 @@ function send_redirect(){
 	}
 }

-function send_captcha($code){
-	global $C;
+function send_captcha(){
+	global $C, $I, $mysqli;
+	$length=strlen($C['captchachars']);
+	$code='';
+	for($i=0;$i<5;$i++) {
+		$code .= $C['captchachars'][rand(0, $length-1)];
+	}
+	$randid=rand(0, 99999999);
+	$enc=base64_encode(openssl_encrypt("$code, $randid", 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456'));
+	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `captcha` (`id`, `time`) VALUES (?, \''.time().'\')');
+	mysqli_stmt_bind_param($stmt, 'd', $randid);
+	mysqli_stmt_execute($stmt);
+	mysqli_stmt_close($stmt);
 	$im=imagecreatetruecolor(55, 24);
 	$bg=imagecolorallocate($im, 0, 0, 0);
 	$fg=imagecolorallocate($im, 255, 255, 255);
 	imagefill($im, 0, 0, $bg);
 	imagestring($im, 5, 5, 5, $code, $fg);
+	echo "<tr><td align=\"left\">$I[copy]";
+	echo '<img width="55" height="24" src="data:image/gif;base64,';
 	ob_start();
 	imagegif($im);
 	imagedestroy($im);
-	return '<img width="55" height="24" src="data:image/gif;base64,'.base64_encode(ob_get_clean()).'">';
+	echo base64_encode(ob_get_clean()).'">';
+	echo '</td><td align="right">'.hidden('challenge', $enc).'<input type="text" name="captcha" size="15" autocomplete="off"></td></tr>';
 }

 function send_setup(){
@ -263,22 +278,22 @@ function send_setup(){
 	echo "<center><h2>$I[setup]</h2><table cellspacing=\"0\">";
 	thr();
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[guestacc]</b></td><td align=\"right\">";
-	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'guestaccess').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass'])."<table cellspacing=\"0\">";
-	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set1\" value=\"1\"";
-	if($ga==1) echo " checked";
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'guestaccess').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass']).'<table cellspacing="0">';
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set1" value="1"';
+	if($ga==1) echo ' checked';
 	echo "><label for=\"set1\">&nbsp;$I[guestallow]</label></td><td>&nbsp;</td><tr>";
-	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set2\" value=\"2\"";
-	if($ga==2) echo " checked";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set2" value="2"';
+	if($ga==2) echo ' checked';
 	echo "><label for=\"set2\">&nbsp;$I[guestwait]</label></td><td>&nbsp;</td><tr>";
-	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set3\" value=\"3\"";
-	if($ga==3) echo " checked";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set3" value="3"';
+	if($ga==3) echo ' checked';
 	echo "><label for=\"set3\">&nbsp;$I[adminallow]</label></td><td>&nbsp;</td><tr>";
-	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set0\" value=\"0\"";
-	if($ga==0) echo " checked";
-	echo "><label for=\"set0\">&nbsp;$I[guestdisallow]</label></td><td>&nbsp;</td></tr><tr><td>&nbsp;</td><td align=\"right\">".submit($I['change'])."</td></tr></table></form></td></tr></table></td></tr>";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set0" value="0"';
+	if($ga==0) echo ' checked';
+	echo "><label for=\"set0\">&nbsp;$I[guestdisallow]</label></td><td>&nbsp;</td></tr><tr><td>&nbsp;</td><td align=\"right\">".submit($I['change']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[sysmessages]</b></td><td align=\"right\">";
-	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'messages').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass'])."<table cellspacing=\"0\">";
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'messages').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass']).'<table cellspacing="0">';
 	echo "<tr><td>&nbsp;$I[msgenter]</td><td>&nbsp;<input type=\"text\" name=\"msgenter\" value=\"".get_setting('msgenter').'"></td></tr>';
 	echo "<tr><td>&nbsp;$I[msgexit]</td><td>&nbsp;<input type=\"text\" name=\"msgexit\" value=\"".get_setting('msgexit').'"></td></tr>';
 	echo "<tr><td>&nbsp;$I[msgmemreg]</td><td>&nbsp;<input type=\"text\" name=\"msgmemreg\" value=\"".get_setting('msgmemreg').'"></td></tr>';
@ -289,6 +304,11 @@ function send_setup(){
 	echo "<tr><td>&nbsp;$I[msgclean]</td><td>&nbsp;<input type=\"text\" name=\"msgclean\" value=\"".get_setting('msgclean').'"></td></tr>';
 	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
+	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[rules]</b></td><td align=\"right\">";
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'rules').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass']).'<table cellspacing="0">';
+	echo '<tr><td colspan=2><textarea name="rulestxt" rows="4" cols="60">'.htmlspecialchars(get_setting('rulestxt')).'</textarea></td></tr>';
+	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
+	thr();
 	echo "</table><$H[form]>".hidden('action', 'setup').submit($I['logout']).'</form>';
 	print_credits();
 	print_end();
@ -317,11 +337,12 @@ function send_update(){
 }

 function send_alogin(){
-	global $H, $I;
+	global $H, $I, $C;
 	print_start();
 	echo "<center><$H[form]>".hidden('action', 'setup').'<table>';
 	echo "<tr><td align=\"left\">$I[nick]</td><td><input type=\"text\" name=\"nick\" size=\"15\"></td></tr>";
 	echo "<tr><td align=\"left\">$I[pass]</td><td><input type=\"password\" name=\"pass\" size=\"15\"></td></tr>";
+	if($C['enablecaptcha']) send_captcha();
 	echo "<tr><td colspan=\"2\" align=\"right\">".submit($I['login']).'</td></tr></table></form>';
 	print_credits();
 	print_end();
@ -647,7 +668,7 @@ function send_waiting_room(){
 			echo "</head>$H[begin_body]<center><h2>$I[waitingroom]</h2><p>".sprintf($I['admwaittext'], $U['displayname']).'</p><br><p>'.sprintf($I['waitreload'], $C['defaultrefresh']).'</p><br><br>';
 		}
 		echo "<hr><form action=\"$_SERVER[SCRIPT_NAME]\" method=\"post\">".hidden('action', 'wait').hidden('session', $U['session']).submit($I['reload']).'</form><br>';
-		echo "<h2>$I[rules]</h2><b>$C[rulestxt]</b></center>";
+		echo "<h2>$I[rules]</h2><b>".get_setting('rulestxt').'</b></center>';
 		print_end();
 	}
 }
@ -708,7 +729,7 @@ function send_post(){
 		}
 	}
 	echo '</select>';
-	if($U['status']>=5 || ($countmods==0 && $U['status']>=3)){
+	if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){
 		echo "<input type=\"checkbox\" name=\"kick\" id=\"kick\" value=\"kick\"><label for=\"kick\">&nbsp;$I[kick]</label>";
 		echo "<input type=\"checkbox\" name=\"what\" id=\"what\" value=\"purge\" checked><label for=\"what\">&nbsp;$I[alsopurge]</label>";
 	}
@ -729,7 +750,7 @@ function send_post(){
 function send_help(){
 	global $U, $C, $H, $I;
 	print_start();
-	echo "<h2>$I[rules]</h2>$C[rulestxt]<br><br><hr><h2>$I[help]</h2>$I[helpguest]";
+	echo "<h2>$I[rules]</h2>".get_setting('rulestxt')."<br><br><hr><h2>$I[help]</h2>$I[helpguest]";
 	if($C['imgembed'] || $C['vidembed']) echo "<br>$I[helpembed]";
 	if($U['status']>=3){
 		echo "<br>$I[helpmem]<br>";
@ -816,11 +837,13 @@ function send_profile($arg=''){
 	if($U['timestamps']) echo ' checked';
 	echo "></td><td><label for=\"timestamps\"><b>$I[timestamps]</b></label></td></tr></table></td></tr></table></td></tr>";
 	thr();
-	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[embed]</b></td><td align=\"right\"><table cellspacing=\"0\">";
-	echo "<tr><td>&nbsp;</td><td><input type=\"checkbox\" name=\"embed\" id=\"embed\" value=\"on\"";
-	if($U['embed']) echo ' checked';
-	echo "></td><td><label for=\"embed\"><b>$I[embed]</b></label></td></tr></table></td></tr></table></td></tr>";
-	thr();
+	if($C['imgembed'] || $C['vidembed']){
+		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[embed]</b></td><td align=\"right\"><table cellspacing=\"0\">";
+		echo "<tr><td>&nbsp;</td><td><input type=\"checkbox\" name=\"embed\" id=\"embed\" value=\"on\"";
+		if($U['embed']) echo ' checked';
+		echo "></td><td><label for=\"embed\"><b>$I[embed]</b></label></td></tr></table></td></tr></table></td></tr>";
+		thr();
+	}
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[pbsize]</b></td><td align=\"right\"><table cellspacing=\"0\">";
 	echo "<tr><td>&nbsp;</td><td>$I[width]</td><td><input type=\"text\" name=\"boxwidth\" size=\"3\" maxlength=\"3\" value=\"$U[boxwidth]\"></td>";
 	echo "<td>&nbsp;</td><td>$I[height]</td><td><input type=\"text\" name=\"boxheight\" size=\"3\" maxlength=\"3\" value=\"$U[boxheight]\"></td>";
@ -887,33 +910,23 @@ function send_colours(){
 }

 function send_login(){
-	global $C, $H, $I, $mysqli, $L;
+	global $C, $H, $I, $L;
 	setcookie('test', '1');
 	print_start();
 	echo "<center><h1>$C[chatname]</h1><$H[form] target=\"_parent\">".hidden('action', 'login');
-	if($C['enablecaptcha']){
-		$code=rand(0, 99999);
-		$randid=rand(0, 99999999);
-		$enc=base64_encode(openssl_encrypt("$code, $randid", 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456'));
-		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `captcha` (`id`, `time`) VALUES (?, \''.time().'\')');
-		mysqli_stmt_bind_param($stmt, 'd', $randid);
-		mysqli_stmt_execute($stmt);
-		mysqli_stmt_close($stmt);
-		echo hidden('challenge', $enc);
-	}
 	echo "<table border=\"2\" width=\"1\" rules=\"none\"><tr><td align=\"left\">$I[nick]</td><td align=\"right\"><input type=\"text\" name=\"nick\" size=\"15\"></td></tr>";
 	echo "<tr><td align=\"left\">$I[pass]</td><td align=\"right\"><input type=\"password\" name=\"pass\" size=\"15\"></td></tr>";
-	if($C['enablecaptcha']){
-		echo "<tr><td align=\"left\">$I[copy]";
-		echo send_captcha($code);
-		echo '</td><td align="right"><input type="text" name="captcha" size="15" autocomplete="off"></td></tr>';
+	if($C['enablecaptcha']) send_captcha();
+	if(get_setting('guestaccess')>0){
+		echo "<tr><td colspan=\"2\" align=\"center\">$I[choosecol]<br><select style=\"text-align:center;\" name=\"colour\"><option value=\"\">* $I[randomcol] *</option>";
+		print_colours();
+		echo '</select></td></tr>';
+	}else{
+		echo "<tr><td colspan=\"2\" align=\"center\">$I[noguests]</td></tr>";
 	}
-	echo "<tr><td colspan=\"2\" align=\"center\">$I[choosecol]<br><select style=\"text-align:center;\" name=\"colour\"><option value=\"\">* $I[randomcol] *</option>";
-	print_colours();
-	echo '</select></td></tr>';
-	$nowchatting=get_nowchatting();
-	echo '<tr><td colspan="2" align="center">'.submit($I['enter'])."</td></tr></table></form>$nowchatting";
-	echo "<h2>$I[rules]</h2><b>$C[rulestxt]</b><br><br><p>$I[changelang]";
+	echo '<tr><td colspan="2" align="center">'.submit($I['enter'])."</td></tr></table></form>";
+	get_nowchatting();
+	echo "<h2>$I[rules]</h2><b>".get_setting('rulestxt')."</b><br><br><p>$I[changelang]";
 	foreach($L as $lang=>$name){
 		echo " <a href=\"$_SERVER[SCRIPT_NAME]?lang=$lang\">$name</a>";
 	}
@ -966,7 +979,6 @@ function create_session(){
 	$U['passhash']=md5(sha1(md5($U['nickname'].$_REQUEST['pass'])));
 	$U['colour']=$_REQUEST['colour'];
 	$U['status']=1;
-	if(!valid_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname']));
 	check_member();
 	add_user_defaults();
 	if($C['enablecaptcha'] && ($U['status']==1 || !$C['dismemcaptcha'])){
@ -985,7 +997,8 @@ function create_session(){
 		mysqli_stmt_close($stmt);
 	}
 	if($U['status']==1){
-		if(!allowed_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname']));
+		if(!valid_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname']));
+		if(!valid_pass($_REQUEST['pass'])) send_error(sprintf($I['invalpass'], $C['minpass']));
 		$ga=get_setting('guestaccess');
 		if($ga==0) send_error($I['noguests']);
 	}
@ -1024,7 +1037,7 @@ function write_new_session(){
 		setcookie($C['cookiename'], $U['session']);
 		if($C['msglogin'] && $U['status']>=3) add_system_message(sprintf(get_setting('msgenter'), $U['displayname']));
 	}elseif($inuse){
-		send_error($I['invalpass']);
+		send_error($I['wrongpass']);
 	}elseif($U['status']==0){
 		setcookie($C['cookiename'], false);
 		send_error("$I[kicked]<br>$U[kickmessage]");
@ -1129,7 +1142,7 @@ function kill_session(){
 	elseif($C['msglogout'] && $U['status']>=3) add_system_message(sprintf(get_setting('msgexit'), $U['displayname']));
 }

-function kick_chatter($names, $mes){
+function kick_chatter($names, $mes, $purge){
 	global $C, $U, $P, $mysqli;
 	$lonick='';
 	$lines=parse_sessions();
@ -1141,6 +1154,7 @@ function kick_chatter($names, $mes){
 				if(($temp['nickname']==$U['nickname'] && $U['nickname']==$name) || ($U['status']>$temp['status'] && (($temp['nickname']==$name && $temp['status']>0) || ($name=='&' && $temp['status']==1)))){
 					mysqli_stmt_bind_param($stmt, 'ss', $mes, $temp['session']);
 					mysqli_stmt_execute($stmt);
+					if($purge) del_all_messages($temp['nickname']);
 					$lonick.="$temp[displayname], ";
 					$i++;
 					unset($P[$name]);
@ -1150,11 +1164,11 @@ function kick_chatter($names, $mes){
 	}
 	mysqli_stmt_close($stmt);
 	if($C['msgkick']){
-		if($names[0]=='&'){
-			add_system_message(get_setting('msgallkick'));
-		}else{
-			$lonick=preg_replace('/\,\s$/','',$lonick);
-			if($lonick!==''){
+		if($lonick!==''){
+			if($names[0]=='&'){
+				add_system_message(get_setting('msgallkick'));
+			}else{
+				$lonick=preg_replace('/\,\s$/','',$lonick);
 				if($i>1){
 					add_system_message(sprintf(get_setting('msgmultikick'), $lonick));
 				}else{
@ -1163,6 +1177,8 @@ function kick_chatter($names, $mes){
 			}
 		}
 	}
+	if($lonick!=='') return true;
+	return false;
 }

 function logout_chatter($names){
@ -1181,7 +1197,7 @@ function logout_chatter($names){
 					if($temp['status']==1){
 						mysqli_stmt_bind_param($stmt1, 's', $temp['nickname']);
 						mysqli_stmt_bind_param($stmt2, 's', $temp['nickname']);
-						mysqli_stmt_bind_param($stmt3, 's', $temp['nickname'], $temp['nickname']);
+						mysqli_stmt_bind_param($stmt3, 'ss', $temp['nickname'], $temp['nickname']);
 						mysqli_stmt_execute($stmt1);
 						mysqli_stmt_execute($stmt2);
 						mysqli_stmt_execute($stmt3);
@ -1230,7 +1246,7 @@ function check_session(){
 function get_nowchatting(){
 	global $M, $G, $P, $I;
 	parse_sessions();
-	return sprintf($I['curchat'], count($P)).'<br>'.implode(' &nbsp; ', $M).' &nbsp; '.implode(' &nbsp; ', $G);
+	echo sprintf($I['curchat'], count($P)).'<br>'.implode(' &nbsp; ', $M).' &nbsp; '.implode(' &nbsp; ', $G);
 }

 function parse_sessions(){
@ -1305,7 +1321,7 @@ function check_member(){
 			mysqli_stmt_execute($stmt);
 			mysqli_stmt_close($stmt);
 		}else{
-			send_error($I['invalpass']);
+			send_error($I['wrongpass']);
 		}
 	}else{
 		mysqli_stmt_close($stmt);
@ -1366,6 +1382,7 @@ function register_new(){
 	if($_REQUEST['name']=='') send_admin();
 	if(isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name']));
 	if(!valid_nick($_REQUEST['name'])) send_admin(sprintf($I['invalnick'], $C['maxname']));
+	if(!valid_pass($_REQUEST['pass'])) send_admin(sprintf($I['invalpass'], $C['minpass']));
 	$stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=?');
 	mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']);
 	mysqli_stmt_execute($stmt);
@ -1627,7 +1644,7 @@ function apply_filter($pm){
 			if(!$pm) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count);
 			elseif(!$filter['allowinpm']) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count);
 			if($count>0 && $filter['kick']){
-				kick_chatter(array($U['nickname']), '');
+				kick_chatter(array($U['nickname']), '', false);
 				send_error("$I[kicked]");
 			}
 		}
@ -1788,8 +1805,23 @@ function print_messages($delstatus=''){
 // this and that

 function valid_admin(){
-	global $mysqli;
+	global $mysqli, $C;
 	if(isSet($_REQUEST['nick']) && isSet($_REQUEST['pass'])){
+		if($C['enablecaptcha']){
+			$captcha=explode(',', openssl_decrypt(base64_decode($_REQUEST['challenge']), 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456'));
+			if(current($captcha)!==$_REQUEST['captcha']) return false;
+			$stmt=mysqli_prepare($mysqli, 'SELECT * FROM `captcha` WHERE `id`=?');
+			mysqli_stmt_bind_param($stmt, 'd', end($captcha));
+			mysqli_stmt_execute($stmt);
+			mysqli_stmt_store_result($stmt);
+			if(mysqli_stmt_num_rows($stmt)==0) return false;
+			mysqli_stmt_free_result($stmt);
+			mysqli_stmt_close($stmt);
+			$stmt=mysqli_prepare($mysqli, 'DELETE FROM `captcha` WHERE `id`=? OR `time`<\''.(time()-60*10)."'");
+			mysqli_stmt_bind_param($stmt, 'd', end($captcha));
+			mysqli_stmt_execute($stmt);
+			mysqli_stmt_close($stmt);
+		}
 		$stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=? AND `passhash`=? AND `status`>=\'7\'');
 		mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['nick'], $pass=md5(sha1(md5($_REQUEST['nick'].$_REQUEST['pass']))));
 		mysqli_stmt_execute($stmt);
@ -1802,12 +1834,13 @@ function valid_admin(){
 }

 function valid_nick($nick){
-	return preg_match('/^[a-z0-9]*$/i', $nick);
+	global $C;
+	return preg_match("/^[a-z0-9]{1,$C[maxname]}$/i", $nick);
 }

-function allowed_nick($nick){
+function valid_pass($pass){
 	global $C;
-	return preg_match("/^.{1,$C[maxname]}$/", $nick);
+	return preg_match('/^.{'.$C['minpass'].',}$/', $pass);
 }

 function cleanup_nick($nick){
@ -1928,8 +1961,10 @@ function init_chat(){
 		if(mysqli_num_rows($result)>0){
 			$suwrite=$I['initsuexist'];
 		}
-	}elseif(!valid_nick($_REQUEST['sunick']) || $_REQUEST['sunick']==''){
+	}elseif(!valid_nick($_REQUEST['sunick'])){
 		$suwrite=sprintf($I['invalnick'], $C['maxname']);
+	}elseif(!valid_pass($_REQUEST['supass'])){
+		$suwrite=sprintf($I['invalpass'], $C['minpass']);
 	}elseif($_REQUEST['supass']!==$_REQUEST['supassc']){
 		$suwrite=$I['noconfirm'];
 	}else{
@ -2003,6 +2038,9 @@ function update_db(){
 			mysqli_query($mysqli, 'ALTER TABLE `ignored` ADD PRIMARY KEY (`id`)');
 			mysqli_query($mysqli, 'ALTER TABLE `ignored` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT');
 		}
+		if($dbversion<3){
+			mysqli_query($mysqli, 'INSERT INTO `settings` (`setting`, `value`) VALUES (\'rulestxt\', \'1. YOUR_RULS<br>2. YOUR_RULES\')');
+		}
 		update_setting('dbversion', $C['dbversion']);
 		send_update();
 	}
@ -2079,7 +2117,7 @@ function check_db(){
 	$mysqli=mysqli_connect($C['dbhost'], $C['dbuser'], $C['dbpass'], $C['dbname']);
 	if(mysqli_connect_errno($mysqli)){
 		if($_REQUEST['action']=='setup'){
-			die($I['nosetupdb']);
+			die($I['nodbsetup']);
 		}else{
 			die($I['nodb']);
 		}
@ -2105,9 +2143,9 @@ function load_lang(){
 function load_config(){
 	global $C;
 	$C=array(
-		'version'	=>'1.1', // Script version
-		'dbversion'	=>2, // Database version
-		'showcredits'	=>true, // Allow showing credits
+		'version'	=>'1.4', // Script version
+		'dbversion'	=>3, // Database version
+		'showcredits'	=>false, // Allow showing credits
 		'colbg'		=>'000000', // Background colour
 		'coltxt'	=>'FFFFFF', // Default text colour
 		'collnk'	=>'0000FF', // Link colour
@ -2125,6 +2163,7 @@ function load_config(){
 		'defaultrefresh'=>30, // Seconds to refresh the messages
 		'maxmessage'	=>2000, // Longest number of characters for a message
 		'maxname'	=>20, // Longest number of chatacters for a name
+		'minpass'	=>5, // Shortest number of chatacters for a password
 		'boxwidth'	=>40, // Default post box width
 		'boxheight'	=>3, // Default post box height
 		'notesboxwidth'	=>80, // Default notes box width
@ -2134,23 +2173,24 @@ function load_config(){
 		'dbpass'	=>'YOUR_DB_PASS', // Database password
 		'dbname'	=>'public_chat', // Database
 		'captchapass'	=>'YOUR_PASS', // Password used for captcha encryption
+		'captchachars'	=>'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', // Characters used for captcha generation
 		'enablecaptcha'	=>true, // Enable captcha? ture/false
 		'dismemcaptcha'	=>false, // Disable captcha for members? ture/false
 		'embed'		=>true, // Default for displaying embedded imgs/vids or turn them into links true/false
 		'imgembed'	=>true, // Allow image embedding in chat using [img] tag? ture/false Warning: this might leak session data to the image hoster when cookies are disabled.
-		'vidembed'	=>true, // Allow video embedding in chat using [vid] tag? ture/false Warning: this might leak session data to the video hoster when cookies are disabled.
+		'vidembed'	=>false, // Allow video embedding in chat using [vid] tag? ture/false Warning: this might leak session data to the video hoster when cookies are disabled.
 		'suguests'	=>false, // Adds option to add applicants. They will have a reserved nick protected with a password, but don't count as member true/false
 		'timestamps'	=>true, // Display timestamps in front of the messages by default true/false
 		'forceredirect'	=>false, // Force redirect script or only use when no cookies available? ture/false
 		'msglogout'	=>false, // Add a message on member logout
 		'msglogin'	=>true, // Add a message on member login
 		'msgkick'	=>true, // Add a message when kicking someone
+		'memkick'	=>true, // Let a member kick guests if no mod is present
 		'sendmail'	=>false, // Send mail on new message - only activate on low traffic chat or your inbox will fill up very fast!
 		'mailsender'	=>'www-data <www-data@localhost>', // Send mail using this e-Mail address
 		'mailreceiver'	=>'Webmaster <webmaster@localhost>', // Send mail to this e-Mail address
 		'redirect'	=>"$_SERVER[SCRIPT_NAME]?action=redirect&url=", // Redirect script default: "$_SERVER[SCRIPT_NAME]?action=redirect&url="
-		'lang'		=>'en', // Default language
-		'rulestxt'	=>'1. YOUR_RULS<br>2. YOUR_RULES' // Rules - divide multiple rules by <br> to make them appear in a new line
+		'lang'		=>'en' // Default language
 	);
 }
 ?>
--- a/lang_de.php
+++ b/lang_de.php
@ -20,12 +20,12 @@

 $I=array(
 	'nodb' => 'Keine Verbindung zur Datenbank!',
-	'nodsetupb' => 'Keine Verbindung zur Datenbank, bitte erstelle eine Datenbank und bearbeite das Skript, um die korrekte Datenbank mit angegebenem Benutzernamen und Passwort zu benutzen.',
+	'nodbsetup' => 'Keine Verbindung zur Datenbank, bitte erstelle eine Datenbank und bearbeite das Skript, um die korrekte Datenbank mit angegebenem Benutzernamen und Passwort zu benutzen.',
 	'changelang' => 'Sprache ändern:',
 	'expire' => 'Ungültige/abgelaufene Sitzung',
 	'kicked' => 'Rausgeschmissen!',
 	'invalnick' => 'Ungültiger Nickname (Maximal %d Zeichen, keine Sonderzeichen erlaubt)',
-	'invalpass' => 'Falsches Passwort!',
+	'invalpass' => 'Ungültiges Passwort (Mindestens %d Zeichen)',
 	'noconfirm' => 'Passwordbestätigung stimmt nicht überein!',
 	'incorregex' => 'Ungültiger regulärer Ausdruck!',
 	'bottom' => 'Unten',
@ -189,7 +189,7 @@ $I=array(
 	'cantchgstat' => 'Der Status von %s kann nicht geändert werden.',
 	'succdel' => '%s wurde erfolgriech aus der Datenbank gelöscht.',
 	'succchg' => 'Status of %s successfully changed.',
-	'wrongpass' => 'Passwort ist falsch.',
+	'wrongpass' => 'Falsches Passwort!',
 	'succprofile' => 'Dein Profil wurde erfolgreich gespeichert.',
 	'backtologin' => 'Zurück zur Anmeldeseite.',
 	'backtochat' => 'Zurück zum Chat.',
--- a/lang_en.php
+++ b/lang_en.php
@ -21,12 +21,12 @@
 //Language: English
 $I=array(
 	'nodb' => 'No Connection to Database!',
-	'nodsetupb' => 'No Connection to Database, please create a database and edit the script to use the correct database with given username and password!',
+	'nodbsetup' => 'No Connection to Database, please create a database and edit the script to use the correct database with given username and password!',
 	'changelang' => 'Change language:',
 	'expire' => 'Invalid/expired session',
 	'kicked' => 'Kicked!',
 	'invalnick' => 'Invalid nickname (%d characters maximum, no special characters allowed)',
-	'invalpass' => 'Invalid password!',
+	'invalpass' => 'Invalid password (At least %d characters)',
 	'noconfirm' => 'Password confirmation does not match!',
 	'incorregex' => 'Incorrect regular expression!',
 	'bottom' => 'Bottom',
@ -190,7 +190,7 @@ $I=array(
 	'cantchgstat' => 'Can\'t change status of %s',
 	'succdel' => '%s successfully deleted from database.',
 	'succchg' => 'Status of %s successfully changed.',
-	'wrongpass' => 'Password is wrong.',
+	'wrongpass' => 'Wrong Password!',
 	'succprofile' => 'Your profile has successfully been saved.',
 	'backtologin' => 'Back to the login page.',
 	'backtochat' => 'Back to the chat.',
Author	SHA1	Message	Date
Daniel Winzen	92643bad03	Various changes and additions	2015-04-10 08:53:07 +02:00
Daniel Winzen	be34272e1b	Bugfixes on logout and kicking	2015-04-04 20:36:50 +02:00
Daniel Winzen	e6265ba296	Moved rules to database to make changes more easily in the setup	2015-04-02 18:19:36 +02:00
Daniel Winzen	8bf25230f2	Include letters when generating captchas not only numbers	2015-04-02 16:37:11 +02:00