Third attempt to fix the same bug

CHANGELOG

@@ -1,4 +1,26 @@
-Version 1.19.1 - May. 1, 2016
+Version 1.20.3 - Jul. 12, 2016
+Third attempt to fix the same bug
+
+Version 1.20.3 - Jul. 10, 2016
+Yesterdays bugfix broke more than it fixed, refixed.
+
+Version 1.20.2 - Jul. 9, 2016
+Fix bug preventing to send PMs to number-only nicknames
+
+Version 1.20.1 - Jun. 13, 2016
+Bugfix when logging guests out via admin section
+Don't hide image embedding option in profile with cookies disabled
+Making a moderator to member now sets incognito back to disabled
+
+Version 1.20 - May 15, 2016
+Add setting in profile to allow offline inbox for: staff, members or everyone
+Completely fix link-redirection
+
+Version 1.19.2 - May 7, 2016
+Remove JavaScript "load only new messages" feature
+Add JS auto-refresh to header instead
+
+Version 1.19.1 - May 1, 2016
 Fix parts of the offline inbox
 
 Version 1.19 - Apr. 29, 2016

README

@@ -60,6 +60,7 @@ When you are done, you have to edit the chat script, to include your translation
 		'lang_code'	=>'Language name',
 to the $L array in the load_lang() function at the bottom, similar to what I did for the German translation.
 Please share your translation with me, so I can add it to the official version.
+To update your translation, you can copy each new string to your translation file or edit the automated lang_update.php script to reflect you language and run it.
 
 REGEX:
 

README.md

@@ -64,6 +64,7 @@ When you are done, you have to edit the chat script, to include your translation
 		'lang_code'	=>'Language name',
 to the $L array in the load_lang() function at the bottom, similar to what I did for the German translation.
 Please share your translation with me, so I can add it to the official version.
+To update your translation, you can copy each new string to your translation file or edit the automated lang_update.php script to reflect you language and run it.
 
 Regex:
 ------

chat.php

@@ -53,12 +53,7 @@ function route(){
 		send_login();
 	}elseif($_REQUEST['action']==='view'){
 		check_session();
-		send_messages(false);
+		send_messages();
-	}elseif($_REQUEST['action']==='jsview'){
-		check_session();
-		send_messages(true);
-	}elseif($_REQUEST['action']==='jsrefresh'){
-		send_jsrefresh();
 	}elseif($_REQUEST['action']==='redirect' && !empty($_GET['url'])){
 		send_redirect($_GET['url']);
 	}elseif($_REQUEST['action']==='wait'){
@@ -216,7 +211,7 @@ function route_setup(){
 	if(!valid_admin()){
 		send_alogin();
 	}
-	$C['bool_settings']=array('suguests', 'imgembed', 'timestamps', 'trackip', 'memkick', 'forceredirect', 'incognito', 'enablejs', 'sendmail', 'modfallback', 'disablepm', 'eninbox');
+	$C['bool_settings']=array('suguests', 'imgembed', 'timestamps', 'trackip', 'memkick', 'forceredirect', 'incognito', 'sendmail', 'modfallback', 'disablepm', 'eninbox');
 	$C['colour_settings']=array('colbg', 'coltxt');
 	$C['msg_settings']=array('msgenter', 'msgexit', 'msgmemreg', 'msgsureg', 'msgkick', 'msgmultikick', 'msgallkick', 'msgclean', 'msgsendall', 'msgsendmem', 'msgsendmod', 'msgsendadm', 'msgsendprv');
 	$C['number_settings']=array('memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'keeplimit', 'maxmessage', 'maxname', 'minpass', 'defaultrefresh', 'numnotes');
@@ -280,15 +275,18 @@ function thr(){
 	echo '<tr><td><hr></td></tr>';
 }
 
-function print_start($class='',  $ref=0, $url=''){
+function print_start($class='', $ref=0, $url=''){
 	global $H, $I;
 	if(!empty($url)){
-		$url=str_replace('&amp;', '&', $url);// Don't escape "&" in URLs here, it breaks some (older) browsers!
+		$url=str_replace('&amp;', '&', $url);// Don't escape "&" in URLs here, it breaks some (older) browsers and js refresh!
 		header("Refresh: $ref; URL=$url");
 	}
 	echo "<!DOCTYPE html><html><head>$H[meta_html]";
 	if(!empty($url)){
 		echo "<meta http-equiv=\"Refresh\" content=\"$ref; URL=$url\">";
+		$ref+=5;//only use js if browser refresh stopped working
+		$ref*=1000;//js uses milliseconds
+		echo "<script type=\"text/javascript\">setTimeout(function(){window.location.replace(\"$url\");}, $ref);</script>";
 	}
 	if($class==='init'){
 		echo "<title>$I[init]</title>";
@@ -302,6 +300,7 @@ function print_start($class='',  $ref=0, $url=''){
 
 function send_redirect($url){
 	global $I;
+	$url=htmlspecialchars_decode(rawurldecode($url));
 	preg_match('~^(.*)://~', $url, $match);
 	$url=preg_replace('~^(.*)://~', '', $url);
 	$escaped=htmlspecialchars($url);
@@ -617,9 +616,6 @@ function send_setup(){
 		}
 		echo ">$I[enabled]</option>";
 		echo '</select></td></tr>';
-		if($setting==='enablejs' && !extension_loaded('json')){
-			echo "<tr><td colspan=\"2\">$I[jsonextrequired]</td></tr>";
-		}
 		echo '</table></td></tr>';
 	}
 	thr();
@@ -847,7 +843,7 @@ function send_admin($arg=''){
 	print_start('admin');
 	$chlist="<select name=\"name[]\" size=\"5\" multiple><option value=\"\">$I[choose]</option>";
 	$chlist.="<option value=\"&\">$I[allguests]</option>";
-	array_multisort(array_map('strtolower', array_keys($P)), SORT_ASC, SORT_STRING, $P);
+	sort_names($P);
 	foreach($P as $user){
 		if($user[2]<$U['status']){
 			$chlist.="<option value=\"$user[0]\" style=\"$user[1]\">$user[0]</option>";
@@ -944,20 +940,20 @@ function send_admin($arg=''){
 		frmadm('status');
 		echo "<table class=\"right-table\"><td class=\"right\"><select name=\"name\" size=\"1\"><option value=\"\">$I[choose]</option>";
 		read_members();
-		array_multisort(array_map('strtolower', array_keys($A)), SORT_ASC, SORT_STRING, $A);
+		sort_names($A);
 		foreach($A as $member){
-			echo "<option value=\"$member[0]\" style=\"$member[2]\">$member[0]";
+			echo "<option value=\"$member[0]\" style=\"$member[1]\">$member[0]";
-			if($member[1]==0){
+			if($member[2]==0){
 				echo ' (!)';
-			}elseif($member[1]==2){
+			}elseif($member[2]==2){
 				echo ' (G)';
-			}elseif($member[1]==5){
+			}elseif($member[2]==5){
 				echo ' (M)';
-			}elseif($member[1]==6){
+			}elseif($member[2]==6){
 				echo ' (SM)';
-			}elseif($member[1]==7){
+			}elseif($member[2]==7){
 				echo ' (A)';
-			}elseif($member[1]==8){
+			}elseif($member[2]==8){
 				echo ' (SA)';
 			}
 			echo '</option>';
@@ -978,7 +974,7 @@ function send_admin($arg=''){
 		frmadm('passreset');
 		echo "<table class=\"right-table\"><td><select name=\"name\" size=\"1\"><option value=\"\">$I[choose]</option>";
 		foreach($A as $member){
-			echo "<option value=\"$member[0]\" style=\"$member[2]\">$member[0]</option>";
+			echo "<option value=\"$member[0]\" style=\"$member[1]\">$member[0]</option>";
 		}
 		echo '</select></td><td><input type="password" name="pass"></td><td>'.submit($I['change']).'</td></tr></table></form></td></tr></table></td></tr>';
 		thr();
@@ -1291,27 +1287,17 @@ function send_frameset(){
 	exit;
 }
 
-function send_messages($js){
+function send_messages(){
 	global $H, $I, $U, $db, $language;
-	if(!$js){
+	if($U['nocache']){
-		if($U['nocache']){
+		$nocache='&nc='.substr(time(), -6);
-			$nocache='&nc='.substr(time(), -6);
-		}else{
-			$nocache='';
-		}
-		if(isSet($_COOKIE[COOKIENAME])){
-			print_start('messages', $U['refresh'], "$_SERVER[SCRIPT_NAME]?action=view$nocache");
-			if(get_setting('enablejs')==1 && extension_loaded('json')){
-				echo "<script type=\"text/javascript\">window.location.assign('$_SERVER[SCRIPT_NAME]?action=jsview');</script>";
-			}
-		}else{
-			print_start('messages', $U['refresh'], "$_SERVER[SCRIPT_NAME]?action=view&session=$U[session]&lang=$language$nocache");
-			if(get_setting('enablejs')==1 && extension_loaded('json')){
-				echo "<script type=\"text/javascript\">window.location.assign('$_SERVER[SCRIPT_NAME]?action=jsview&session=$U[session]&lang=$language');</script>";
-			}
-		}
 	}else{
-		print_start('messages');
+		$nocache='';
+	}
+	if(isSet($_COOKIE[COOKIENAME])){
+		print_start('messages', $U['refresh'], "$_SERVER[SCRIPT_NAME]?action=view$nocache");
+	}else{
+		print_start('messages', $U['refresh'], "$_SERVER[SCRIPT_NAME]?action=view&session=$U[session]&lang=$language$nocache");
 	}
 	echo '<div class="left">';
 	echo '<a id="top"></a>';
@@ -1320,7 +1306,7 @@ function send_messages($js){
 	echo '</div><div id="chatters">';
 	print_chatters();
 	echo "</div><a style=\"position:fixed;top:0.5em;right:0.5em\" href=\"#bottom\">$I[bottom]</a><div id=\"messages\">";
-	if($U['status']>=2 && $U['eninbox']==1){
+	if($U['status']>=2 && $U['eninbox']!=0){
 		$stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . 'inbox WHERE recipient=?;');
 		$stmt->execute(array($U['nickname']));
 		$tmp=$stmt->fetch(PDO::FETCH_NUM);
@@ -1331,9 +1317,6 @@ function send_messages($js){
 	}
 	print_messages();
 	echo '</div>';
-	if($js){
-		echo "<script type=\"text/javascript\">var id=$_REQUEST[id]; setInterval(function (){xmlhttp=new XMLHttpRequest(); xmlhttp.onreadystatechange=function(){if(xmlhttp.readyState==4 && xmlhttp.status==200){if(xmlhttp.responseText.match(/^</)){document.write(xmlhttp.responseText);}else{var obj=JSON.parse(xmlhttp.responseText); id=obj[0]; document.getElementById(\"messages\").innerHTML=obj[1]+document.getElementById(\"messages\").innerHTML; document.getElementById(\"chatters\").innerHTML=obj[2]; document.getElementById(\"topic\").innerHTML=obj[3];}}}; xmlhttp.open('POST','$_SERVER[SCRIPT_NAME]?action=jsrefresh&session=$U[session]&id='+id,true); xmlhttp.send();}, $U[refresh]000);</script>";
-	}
 	echo "<a id=\"bottom\"></a><a style=\"position:fixed;bottom:0.5em;right:0.5em\" href=\"#top\">$I[top]</a>";
 	echo '</div>';
 	print_end();
@@ -1386,21 +1369,6 @@ function send_inbox(){
 	print_end();
 }
 
-function send_jsrefresh(){
-	global $I;
-	if(!extension_loaded('json')){
-		send_fatal_error($I['jsonextrequired']);
-	}
-	check_session();
-	ob_start();
-	print_messages();
-	$msgs=ob_get_clean();
-	ob_start();
-	print_chatters();
-	$chatters=ob_get_clean();
-	echo json_encode(array($_REQUEST['id'], $msgs, $chatters, get_setting('topic')));
-}
-
 function send_notes($type){
 	global $H, $I, $U, $db;
 	print_start('notes');
@@ -1491,7 +1459,7 @@ function send_approve_waiting(){
 		echo '<table class="center-table left">';
 		echo "<tr><th class=\"padded\">$I[sessnick]</th><th class=\"padded\">$I[sessua]</th></tr>";
 		foreach($tmp as $temp){
-			echo '<tr>'.hidden('alls[]', $temp['nickname'])."<td class=\"padded\"><input type=\"checkbox\" name=\"csid[]\" id=\"$temp[nickname]]\" value=\"$temp[nickname]\"><label for=\"$temp[nickname]\"> ".style_this($temp['nickname'], $temp['style'])."</label></td><td class=\"padded\">$temp[useragent]</td></tr>";
+			echo '<tr>'.hidden('alls[]', $temp['nickname'])."<td class=\"padded\"><input type=\"checkbox\" name=\"csid[]\" id=\"$temp[nickname]\" value=\"$temp[nickname]\"><label for=\"$temp[nickname]\"> ".style_this($temp['nickname'], $temp['style'])."</label></td><td class=\"padded\">$temp[useragent]</td></tr>";
 		}
 		echo "</table><br><table class=\"center-table left\"><tr><td><input type=\"radio\" name=\"what\" value=\"allowchecked\" id=\"allowchecked\" checked><label for=\"allowchecked\">$I[allowchecked]</label></td>";
 		echo "<td><input type=\"radio\" name=\"what\" value=\"allowall\" id=\"allowall\"><label for=\"allowall\">$I[allowall]</label></td>";
@@ -1645,28 +1613,27 @@ function send_post(){
 	$disablepm=(bool) get_setting('disablepm');
 	if(!$disablepm){
 		$ignored=array();
-		$ignore=get_ignored();
+		$ignore=get_ignored($U['nickname']);
 		foreach($ignore as $ign){
 			if($ign['ignored']===$U['nickname']){
 				$ignored[]=$ign['by'];
-			}
+			}else{
-			if($ign['by']===$U['nickname']){
 				$ignored[]=$ign['ignored'];
 			}
 		}
-		$stmt=$db->prepare('SELECT nickname, style, status FROM ' . PREFIX . 'members WHERE eninbox=1 AND nickname NOT IN (SELECT nickname FROM ' . PREFIX . 'sessions WHERE incognito=0) AND nickname NOT IN (SELECT ign FROM ' . PREFIX . 'ignored WHERE ignby=?) AND nickname NOT IN (SELECT ignby FROM ' . PREFIX . 'ignored WHERE ign=?);');
+		$stmt=$db->prepare('SELECT nickname, style, status FROM ' . PREFIX . 'members WHERE eninbox!=0 AND eninbox<=? AND nickname NOT IN (SELECT nickname FROM ' . PREFIX . 'sessions WHERE incognito=0) AND nickname NOT IN (SELECT ign FROM ' . PREFIX . 'ignored WHERE ignby=?) AND nickname NOT IN (SELECT ignby FROM ' . PREFIX . 'ignored WHERE ign=?);');
-		$stmt->execute(array($U['nickname'], $U['nickname']));
+		$stmt->execute(array($U['status'], $U['nickname'], $U['nickname']));
 		while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
-			$P[$tmp['nickname']]=["$tmp[nickname] $I[offline]", $tmp['style'], $tmp['status']];
+			$P[$tmp['nickname']]=["$tmp[nickname] $I[offline]", $tmp['style'], $tmp['status'], $tmp['nickname']];
 		}
-		array_multisort(array_map('strtolower', array_keys($P)), SORT_ASC, SORT_STRING, $P);
+		sort_names($P);
-		foreach($P as $name => $user){
+		foreach($P as $user){
-			if($U['nickname']!==$user[0] && !in_array($user[0], $ignored)){
+			if($U['nickname']!==$user[3] && !in_array($user[3], $ignored)){
 				echo '<option ';
-				if($_REQUEST['sendto']===$name){
+				if($_REQUEST['sendto']==$user[3]){
 					echo 'selected ';
 				}
-				echo "value=\"$name\" style=\"$user[1]\">$user[0]</option>";
+				echo "value=\"$user[3]\" style=\"$user[1]\">$user[0]</option>";
 			}
 		}
 	}
@@ -1730,9 +1697,9 @@ function send_profile($arg=''){
 	print_start('profile');
 	echo "<$H[form]>$H[commonform]".hidden('action', 'profile').hidden('do', 'save')."<h2>$I[profile]</h2><i>$arg</i><table class=\"center-table\">";
 	thr();
-	array_multisort(array_map('strtolower', array_keys($P)), SORT_ASC, SORT_STRING, $P);
+	sort_names($P);
 	$ignored=array();
-	$ignore=get_ignored();
+	$ignore=get_ignored($U['nickname']);
 	foreach($ignore as $ign){
 		if($ign['by']===$U['nickname']){
 			$ignored[]=$ign['ignored'];
@@ -1808,15 +1775,12 @@ function send_profile($arg=''){
 	echo '<tr><td>'.style_this("$U[nickname] : $I[fontexample]", $U['style']).'</td></tr>';
 	thr();
 	$bool_settings=['timestamps', 'nocache'];
-	if(get_setting('imgembed') && isSet($_COOKIE[COOKIENAME])){
+	if(get_setting('imgembed')){
 		$bool_settings[]='embed';
 	}
 	if($U['status']>=5 && get_setting('incognito')){
 		$bool_settings[]='incognito';
 	}
-	if($U['status']>=2 && get_setting('eninbox')){
-		$bool_settings[]='eninbox';
-	}
 	foreach($bool_settings as $setting){
 		echo '<tr><td><table class="left-table"><tr><th>'.$I[$setting].'</th><td class="right">';
 		echo "<input type=\"checkbox\" name=\"$setting\" id=\"$setting\" value=\"on\"";
@@ -1826,6 +1790,32 @@ function send_profile($arg=''){
 		echo "><label for=\"$setting\"><b>$I[enabled]</b></label></td></tr></table></td></tr>";
 		thr();
 	}
+	if($U['status']>=2 && get_setting('eninbox')){
+		echo "<tr><td><table class=\"left-table\"><tr><th>$I[eninbox]</th><td class=\"right\">";
+		echo "<select name=\"eninbox\" id=\"eninbox\">";
+		echo '<option value="0"';
+		if($U['eninbox']==0){
+			echo ' selected';
+		}
+		echo ">$I[disabled]</option>";
+		echo '<option value="1"';
+		if($U['eninbox']==1){
+			echo ' selected';
+		}
+		echo ">$I[eninall]</option>";
+		echo '<option value="3"';
+		if($U['eninbox']==3){
+			echo ' selected';
+		}
+		echo ">$I[eninmem]</option>";
+		echo '<option value="5"';
+		if($U['eninbox']==5){
+			echo ' selected';
+		}
+		echo ">$I[eninstaff]</option>";
+		echo '</select></td></tr></table></td></tr>';
+		thr();
+	}
 	echo "<tr><td><table class=\"left-table\"><tr><th>$I[tz]</th><td class=\"right\">";
 	echo "<select name=\"tz\" id=\"tz\">";
 	$tzs=[-12=>'-12', -11=>'-11', -10=>'-10', -9=>'-9', -8=>'-8', -7=>'-7', -6=>'-6', -5=>'-5', -4=>'-4', -3=>'-3', -2=>'-2', -1=>'-1', 0=>'', 1=>'+1', 2=>'+2', 3=>'+3', 4=>'+4', 5=>'+5', 6=>'+6', 7=>'+7', 8=>'+8', 9=>'+9', 10=>'+10', 11=>'+11', 12=>'+12', 13=>'+13', 14=>'+14'];
@@ -2123,7 +2113,7 @@ function write_new_session(){
 		if($U['status']>=3 && !$U['incognito']){
 			add_system_message(sprintf(get_setting('msgenter'), style_this($U['nickname'], $U['style'])));
 		}
-		$P[$U['nickname']]=[$U['nickname'], $U['style'], $U['status']];
+		$P[$U['nickname']]=[$U['nickname'], $U['style'], $U['status'], $U['nickname']];
 	}
 }
 
@@ -2277,7 +2267,7 @@ function logout_chatter($names){
 					$stmt1->execute(array($name));
 					$stmt2->execute(array($name));
 					$stmt3->execute(array($name, $name));
-					$stmt4->execute(array($name, $name));
+					$stmt4->execute(array($name));
 				}
 				unset($P[$name]);
 			}
@@ -2359,7 +2349,7 @@ function parse_sessions(){
 	$stmt=$db->query('SELECT nickname, style, status, incognito FROM ' . PREFIX . 'sessions WHERE entry!=0 AND status>0 ORDER BY status DESC, lastpost DESC;');
 	while($temp=$stmt->fetch(PDO::FETCH_ASSOC)){
 		if(!$temp['incognito']){
-			$P[$temp['nickname']]=[$temp['nickname'], $temp['style'], $temp['status']];
+			$P[$temp['nickname']]=[$temp['nickname'], $temp['style'], $temp['status'], $temp['nickname']];
 		}
 		if($temp['status']>=5){
 			++$countmods;
@@ -2391,9 +2381,7 @@ function read_members(){
 	global $A, $db;
 	$result=$db->query('SELECT * FROM ' . PREFIX . 'members;');
 	while($temp=$result->fetch(PDO::FETCH_ASSOC)){
-		$A[$temp['nickname']][0]=$temp['nickname'];
+		$A[$temp['nickname']]=[$temp['nickname'], $temp['style'], $temp['status'], $temp['nickname']];
-		$A[$temp['nickname']][1]=$temp['status'];
-		$A[$temp['nickname']][2]=$temp['style'];
 	}
 }
 
@@ -2480,33 +2468,35 @@ function change_status($nick, $status){
 	}elseif($U['status']<=$status || !preg_match('/^[023567\-]$/', $status)){
 		return sprintf($I['cantchgstat'], $nick);
 	}
-	$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'members WHERE nickname=? AND status<?;');
+	$stmt=$db->prepare('SELECT incognito FROM ' . PREFIX . 'members WHERE nickname=? AND status<?;');
 	$stmt->execute(array($nick, $U['status']));
-	if($stmt->fetch(PDO::FETCH_ASSOC)){
+	if(!$old=$stmt->fetch(PDO::FETCH_NUM)){
-		if($_REQUEST['set']==='-'){
-			$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'inbox WHERE recipient=?;');
-			$stmt->execute(array($nick));
-			$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'members WHERE nickname=?;');
-			$stmt->execute(array($nick));
-			$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET status=1 WHERE nickname=?;');
-			$stmt->execute(array($nick));
-			if(isSet($P[$nick])){
-				$P[$nick][2]=1;
-			}
-			return sprintf($I['succdel'], $nick);
-		}else{
-			$stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET status=? WHERE nickname=?;');
-			$stmt->execute(array($status, $nick));
-			$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET status=? WHERE nickname=?;');
-			$stmt->execute(array($status, $nick));
-			if(isSet($P[$nick])){
-				$P[$nick][2]=$status;
-			}
-			return sprintf($I['succchg'], $nick);
-		}
-	}else{
 		return sprintf($I['cantchgstat'], $nick);
 	}
+	if($_REQUEST['set']==='-'){
+		$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'inbox WHERE recipient=?;');
+		$stmt->execute(array($nick));
+		$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'members WHERE nickname=?;');
+		$stmt->execute(array($nick));
+		$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET status=1, incognito=0 WHERE nickname=?;');
+		$stmt->execute(array($nick));
+		if(isSet($P[$nick])){
+			$P[$nick][2]=1;
+		}
+		return sprintf($I['succdel'], $nick);
+	}else{
+		if($status<5){
+			$old[0]=0;
+		}
+		$stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET status=?, incognito=? WHERE nickname=?;');
+		$stmt->execute(array($status, $old[0], $nick));
+		$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET status=?, incognito=? WHERE nickname=?;');
+		$stmt->execute(array($status, $old[0], $nick));
+		if(isSet($P[$nick])){
+			$P[$nick][2]=$status;
+		}
+		return sprintf($I['succchg'], $nick);
+	}
 }
 
 function passreset($nick, $pass){
@@ -2598,10 +2588,8 @@ function amend_profile(){
 			$U['tz']=$_REQUEST['tz'];
 		}
 	}
-	if(isSet($_REQUEST['eninbox'])){
+	if(isSet($_REQUEST['eninbox']) && $_REQUEST['eninbox']>=0 && $_REQUEST['eninbox']<=5){
-		$U['eninbox']=1;
+		$U['eninbox']=$_REQUEST['eninbox'];
-	}else{
-		$U['eninbox']=0;
 	}
 }
 
@@ -2764,10 +2752,10 @@ function validate_input(){
 		$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'ignored WHERE (ignby=? AND ign=?) OR (ignby=? AND ign=?);');
 		$stmt->execute(array($U['nickname'], $_REQUEST['sendto'], $_REQUEST['sendto'], $U['nickname']));
 		if(!$stmt->fetch(PDO::FETCH_NUM)){
-			$stmt=$db->prepare('SELECT nickname, style, status FROM ' . PREFIX . 'members WHERE eninbox=1 AND nickname NOT IN (SELECT nickname FROM ' . PREFIX . 'sessions WHERE incognito=0) AND nickname NOT IN (SELECT ign FROM ' . PREFIX . 'ignored WHERE ignby=?) AND nickname NOT IN (SELECT ignby FROM ' . PREFIX . 'ignored WHERE ign=?);');
+			$stmt=$db->prepare('SELECT nickname, style, status FROM ' . PREFIX . 'members WHERE eninbox!=0 AND eninbox<=? AND nickname NOT IN (SELECT nickname FROM ' . PREFIX . 'sessions WHERE incognito=0) AND nickname NOT IN (SELECT ign FROM ' . PREFIX . 'ignored WHERE ignby=?) AND nickname NOT IN (SELECT ignby FROM ' . PREFIX . 'ignored WHERE ign=?);');
-			$stmt->execute(array($U['nickname'], $U['nickname']));
+			$stmt->execute(array($U['status'], $U['nickname'], $U['nickname']));
 			while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
-				$P[$tmp['nickname']]=[$tmp['nickname'], $tmp['style'], $tmp['status']];
+				$P[$tmp['nickname']]=[$tmp['nickname'], $tmp['style'], $tmp['status'], $tmp['nickname']];
 				$inboxes[$tmp['nickname']]=true;
 			}
 			if(isSet($P[$_REQUEST['sendto']])){
@@ -2830,11 +2818,11 @@ function apply_filter(){
 		}
 		read_members();
 		if(isSet($A[$matched[1]])){
-			return style_this($matched[0], $A[$matched[1]][2]);
+			return style_this($matched[0], $A[$matched[1]][1]);
 		}
 		foreach($A as $user){
 			if(strtolower($user[0])===$nick){
-				return style_this($matched[0], $user[2]);
+				return style_this($matched[0], $user[1]);
 			}
 		}
 		return "$matched[0]";
@@ -2880,7 +2868,7 @@ function apply_linkfilter(){
 	if(get_setting('forceredirect')){
 		$U['message']=preg_replace_callback('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/',
 			function ($matched) use($redirect){
-				return "<a href=\"$redirect".$matched[1]."\" target=\"_blank\">$matched[2]</a>";
+				return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
 			}
 		, $U['message']);
 	}elseif(preg_match_all('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/', $U['message'], $matches)){
@@ -2888,7 +2876,7 @@ function apply_linkfilter(){
 			if(!preg_match('~^http(s)?://~', $match)){
 				$U['message']=preg_replace_callback('/<a href="('.str_replace('/', '\/', $match).')\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/',
 					function ($matched) use($redirect){
-						return "<a href=\"$redirect".$matched[1]."\" target=\"_blank\">$matched[2]</a>";
+						return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
 					}
 				, $U['message']);
 			}
@@ -3108,7 +3096,7 @@ function prepare_message_print(&$message, $injectRedirect, $redirect, $removeEmb
 	if($injectRedirect){
 		$message['text']=preg_replace_callback('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/',
 			function ($matched) use($redirect) {
-				return "<a href=\"$redirect".$matched[1]."\" target=\"_blank\">$matched[2]</a>";
+				return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
 			}
 		, $message['text']);
 	}
@@ -3123,6 +3111,14 @@ function prepare_message_print(&$message, $injectRedirect, $redirect, $removeEmb
 
 // this and that
 
+function sort_names(&$names){
+	$keys=[];
+	foreach($names as $v){
+		$keys[]=$v[3];
+	}
+	array_multisort(array_map('strtolower', $keys), SORT_ASC, SORT_STRING, $names);
+}
+
 function send_headers(){
 	header('Content-Type: text/html; charset=UTF-8');
 	header('Pragma: no-cache');
@@ -3196,12 +3192,13 @@ function save_setup(){
 	}
 }
 
-function get_ignored(){
+function get_ignored($name){
 	global $db;
 	$ignored=array();
-	$result=$db->query('SELECT ign, ignby FROM ' . PREFIX . 'ignored;');
+	$stmt=$db->prepare('SELECT ign, ignby FROM ' . PREFIX . 'ignored WHERE ign=? OR ignby=?;');
-	while($tmp=$result->fetch(PDO::FETCH_ASSOC)){
+	$stmt->execute([$name, $name]);
-		$ignored[]=array('ignored'=>$tmp['ign'], 'by'=>$tmp['ignby']);
+	while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
+		$ignored[]=['ignored'=>$tmp['ign'], 'by'=>$tmp['ignby']];
 	}
 	return $ignored;
 }
@@ -3385,7 +3382,7 @@ function init_chat(){
 			$db->exec('CREATE INDEX ' . PREFIX . 'incognito ON ' . PREFIX . 'sessions(incognito);');
 			$db->exec('CREATE TABLE ' . PREFIX . "settings (setting varchar(50) NOT NULL PRIMARY KEY, value varchar(20000) NOT NULL);");
 		}
-		$settings=array(array('guestaccess', '0'), array('globalpass', ''), array('englobalpass', '0'), array('captcha', '0'), array('dateformat', 'm-d H:i:s'), array('rulestxt', ''), array('msgencrypted', '0'), array('dbversion', DBVERSION), array('css', 'a:visited{color:#B33CB4;} a:active{color:#FF0033;} a:link{color:#0000FF;} input,select,textarea{color:#FFFFFF;background-color:#000000;} a img{width:15%} a:hover img{width:35%} .error{color:#FF0033;} .delbutton{background-color:#660000;} .backbutton{background-color:#004400;} #exitbutton{background-color:#AA0000;} .center-table{margin-left:auto;margin-right:auto;} body{text-align:center;} .left-table{width:100%;text-align:left;} .right{text-align:right;} .left{text-align:left;} .right-table{border-spacing:0px;margin-left:auto;} .padded{padding:5px;} #chatters{max-height:100px;overflow-y:auto;} .center{text-align:center;}'), array('memberexpire', '60'), array('guestexpire', '15'), array('kickpenalty', '10'), array('entrywait', '120'), array('messageexpire', '14400'), array('messagelimit', '150'), array('maxmessage', 2000), array('captchatime', '600'), array('colbg', '000000'), array('coltxt', 'FFFFFF'), array('maxname', '20'), array('minpass', '5'), array('defaultrefresh', '20'), array('dismemcaptcha', '0'), array('suguests', '0'), array('imgembed', '1'), array('timestamps', '1'), array('trackip', '0'), array('captchachars', '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), array('memkick', '1'), array('forceredirect', '0'), array('redirect', ''), array('incognito', '1'), array('enablejs', '0'), array('chatname', 'My Chat'), array('topic', ''), array('msgsendall', $I['sendallmsg']), array('msgsendmem', $I['sendmemmsg']), array('msgsendmod', $I['sendmodmsg']), array('msgsendadm', $I['sendadmmsg']), array('msgsendprv', $I['sendprvmsg']), array('msgenter', $I['entermsg']), array('msgexit', $I['exitmsg']), array('msgmemreg', $I['memregmsg']), array('msgsureg', $I['suregmsg']), array('msgkick', $I['kickmsg']), array('msgmultikick', $I['multikickmsg']), array('msgallkick', $I['allkickmsg']), array('msgclean', $I['cleanmsg']), array('numnotes', '3'), array('keeplimit', '3'), array('mailsender', 'www-data <www-data@localhost>'), array('mailreceiver', 'Webmaster <webmaster@localhost>'), array('sendmail', '0'), array('modfallback', '1'), array('guestreg', '0'), array('disablepm', '0'), array('disabletext', "<h1>$I[disabledtext]</h1>"), array('defaulttz', '0'), array('eninbox', '0'));
+		$settings=array(array('guestaccess', '0'), array('globalpass', ''), array('englobalpass', '0'), array('captcha', '0'), array('dateformat', 'm-d H:i:s'), array('rulestxt', ''), array('msgencrypted', '0'), array('dbversion', DBVERSION), array('css', 'a:visited{color:#B33CB4;} a:active{color:#FF0033;} a:link{color:#0000FF;} input,select,textarea{color:#FFFFFF;background-color:#000000;} a img{width:15%} a:hover img{width:35%} .error{color:#FF0033;} .delbutton{background-color:#660000;} .backbutton{background-color:#004400;} #exitbutton{background-color:#AA0000;} .center-table{margin-left:auto;margin-right:auto;} body{text-align:center;} .left-table{width:100%;text-align:left;} .right{text-align:right;} .left{text-align:left;} .right-table{border-spacing:0px;margin-left:auto;} .padded{padding:5px;} #chatters{max-height:100px;overflow-y:auto;} .center{text-align:center;}'), array('memberexpire', '60'), array('guestexpire', '15'), array('kickpenalty', '10'), array('entrywait', '120'), array('messageexpire', '14400'), array('messagelimit', '150'), array('maxmessage', 2000), array('captchatime', '600'), array('colbg', '000000'), array('coltxt', 'FFFFFF'), array('maxname', '20'), array('minpass', '5'), array('defaultrefresh', '20'), array('dismemcaptcha', '0'), array('suguests', '0'), array('imgembed', '1'), array('timestamps', '1'), array('trackip', '0'), array('captchachars', '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), array('memkick', '1'), array('forceredirect', '0'), array('redirect', ''), array('incognito', '1'), array('chatname', 'My Chat'), array('topic', ''), array('msgsendall', $I['sendallmsg']), array('msgsendmem', $I['sendmemmsg']), array('msgsendmod', $I['sendmodmsg']), array('msgsendadm', $I['sendadmmsg']), array('msgsendprv', $I['sendprvmsg']), array('msgenter', $I['entermsg']), array('msgexit', $I['exitmsg']), array('msgmemreg', $I['memregmsg']), array('msgsureg', $I['suregmsg']), array('msgkick', $I['kickmsg']), array('msgmultikick', $I['multikickmsg']), array('msgallkick', $I['allkickmsg']), array('msgclean', $I['cleanmsg']), array('numnotes', '3'), array('keeplimit', '3'), array('mailsender', 'www-data <www-data@localhost>'), array('mailreceiver', 'Webmaster <webmaster@localhost>'), array('sendmail', '0'), array('modfallback', '1'), array('guestreg', '0'), array('disablepm', '0'), array('disabletext', "<h1>$I[disabledtext]</h1>"), array('defaulttz', '0'), array('eninbox', '0'));
 		$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'settings (setting, value) VALUES (?, ?);');
 		foreach($settings as $pair){
 			$stmt->execute($pair);
@@ -3501,7 +3498,7 @@ function update_db(){
 			$db->exec('ALTER TABLE ' . PREFIX . 'sessions ENGINE=MEMORY;');
 			$db->exec('ALTER TABLE ' . PREFIX . 'settings MODIFY id integer unsigned NOT NULL, MODIFY setting varchar(50) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, MODIFY value varchar(20000) NOT NULL;');
 			$db->exec('ALTER TABLE ' . PREFIX . 'settings DROP PRIMARY KEY, DROP id, ADD PRIMARY KEY(setting);');
-			$db->exec('INSERT INTO ' . PREFIX . "settings (setting, value) VALUES ('enablejs', '0'), ('chatname', 'My Chat'), ('topic', ''), ('msgsendall', '$I[sendallmsg]'), ('msgsendmem', '$I[sendmemmsg]'), ('msgsendmod', '$I[sendmodmsg]'), ('msgsendadm', '$I[sendadmmsg]'), ('msgsendprv', '$I[sendprvmsg]'), ('numnotes', '3');");
+			$db->exec('INSERT INTO ' . PREFIX . "settings (setting, value) VALUES ('chatname', 'My Chat'), ('topic', ''), ('msgsendall', '$I[sendallmsg]'), ('msgsendmem', '$I[sendmemmsg]'), ('msgsendmod', '$I[sendmodmsg]'), ('msgsendadm', '$I[sendadmmsg]'), ('msgsendprv', '$I[sendprvmsg]'), ('numnotes', '3');");
 		}
 		if($dbversion<13){
 			$db->exec('ALTER TABLE ' . PREFIX . 'filter CHANGE `match` filtermatch varchar(255) NOT NULL, CHANGE `replace` filterreplace varchar(20000) NOT NULL;');
@@ -3557,6 +3554,12 @@ function update_db(){
 		if($dbversion<22){
 			$db->exec('CREATE INDEX ' . PREFIX . 'incognito ON ' . PREFIX . 'sessions(incognito);');
 		}
+		if($dbversion<23){
+			$db->exec('DELETE FROM ' . PREFIX . "settings WHERE setting='enablejs';");
+			if(MEMCACHED){
+				$memcached->delete(DBNAME . '-' . PREFIX . "settings-enablejs");
+			}
+		}
 		update_setting('dbversion', DBVERSION);
 		if(get_setting('msgencrypted')!=MSGENCRYPTED){
 			if(!extension_loaded('openssl')){
@@ -3745,8 +3748,8 @@ function load_lang(){
 
 function load_config(){
 	date_default_timezone_set('UTC');
-	define('VERSION', '1.19.1'); // Script version
+	define('VERSION', '1.20.4'); // Script version
-	define('DBVERSION', 22); // Database version
+	define('DBVERSION', 23); // Database version
 	define('MSGENCRYPTED', false); // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing!
 	define('ENCRYPTKEY', 'MY_KEY'); // Encryption key for messages
 	define('DBHOST', 'localhost'); // Database host

lang_de.php

@@ -277,7 +277,6 @@ $T=array(
 	'restore' => 'Wiederherstellen',
 	'settings' => 'Einstellungen',
 	'linkfilter' => 'Linkfilter',
-	'enablejs' => 'JavaScript für besseres Nachrichtenladen erlauben',
 	'chatname' => 'Chatname',
 	'destroy' => 'Chat zerstören',
 	'destroyed' => 'Chat erfolgreich zerstört',
@@ -343,6 +342,9 @@ $T=array(
 	'eninbox' => 'Offline Posteingang aktivieren',
 	'inboxmsgs' => '%d Nachrichten im Posteingang lesen',
 	'offline' => '(offline)',
-	'deleteacc' => 'Konto löschen'
+	'deleteacc' => 'Konto löschen',
+	'eninall' => 'Für jeden',
+	'eninmem' => 'Nur für Mitglieder',
+	'eninstaff' => 'Nur für Moderatoren'
 );
 ?>

lang_en.php

@@ -277,7 +277,6 @@ $I=array(
 	'restore' => 'Restore',
 	'settings' => 'Settings',
 	'linkfilter' => 'Linkfilter',
-	'enablejs' => 'Allow JavaScript for better message loading',
 	'chatname' => 'Chat name',
 	'destroy' => 'Destroy chat',
 	'destroyed' => 'Successfully destroyed chat',
@@ -343,6 +342,9 @@ $I=array(
 	'eninbox' => 'Enable offline inbox',
 	'inboxmsgs' => 'Read %d messages in your inbox',
 	'offline' => '(offline)',
-	'deleteacc' => 'Delete account'
+	'deleteacc' => 'Delete account',
+	'eninall' => 'For everyone',
+	'eninmem' => 'For members only',
+	'eninstaff' => 'For staff only'
 );
 ?>

lang_es_AR.php

@@ -276,7 +276,6 @@ $T=array(
 	'restore' => 'Restablacer copia',
 	'settings' => 'Configuración',
 	'linkfilter' => 'Filtro de enlaces',
-	'enablejs' => 'Permitir  JavaScript para mejorar la carga de mensajes',
 	'chatname' => 'Nombre de la sala',
 	'destroy' => 'Destruir sala',
 	'destroyed' => 'Sala destruida satisfactoriamente',

lang_es_ES.php

@@ -276,7 +276,6 @@ $T=array(
 	'restore' => 'Restaurar',
 	'settings' => 'Preferencias',
 	'linkfilter' => 'Filtro de enlaces',
-	'enablejs' => 'Permitir  JavaScript para mejorar la carga de mensajes',
 	'chatname' => 'Nombre de la sala',
 	'destroy' => 'Destruir sala',
 	'destroyed' => 'Sala destruida satisfactoriamente',

lang_fr.php

@@ -276,7 +276,6 @@ $T=array(
 	'restore' => 'Récupérer',
 	'settings' => 'Paramètres',
 	'linkfilter' => 'Lien filtré',
-	'enablejs' => 'Autoriser JavaScript permet un meilleur chargement des messages ',
 	'chatname' => 'Nom du chat',
 	'destroy' => 'Destruction du chat',
 	'destroyed' => 'Chat supprimé',

lang_id.php

@@ -276,7 +276,6 @@ $T=array(
 	'restore' => 'Pulihkan',
 	'settings' => 'Pengaturan',
 	'linkfilter' => 'penyaring-tautan',
-	'enablejs' => 'Izinkan javascript agar pemuatan pesan lebih baik',
 	'chatname' => 'Nama obrolan',
 	'destroy' => 'Musnahkan obrolan',
 	'destroyed' => 'Berhasil memusnahkan obrolan',

lang_update.php

@@ -0,0 +1,45 @@
+<?php
+$native = 'Deutsch'; // Native lanugae name
+$english = 'German'; // Enlish language name
+$code = 'de'; // Language code
+
+ob_start();
+echo "<?php
+/*
+* LE CHAT-PHP - a PHP Chat based on LE CHAT - $english translation
+*
+* Copyright (C) 2015-2016 Daniel Winzen <d@winzen4.de>
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+//Native language name: $native
+\$T=array(
+";
+if(file_exists("lang_$code.php")){
+	include("lang_$code.php");
+}
+include('lang_en.php');
+foreach($T as $id=>$value){
+	if(isSet($I[$id])){
+		$I[$id]=$value;
+	}
+}
+foreach($I as $id=>$value){
+	echo "\t'$id' => '".str_replace("'", "\'", $value)."',\n";
+}
+echo ");\n?>\n";
+$file=ob_get_clean();
+file_put_contents("lang_$code.php", $file);
+?>