Yesterdays bugfix broke more than it fixed, refixed.

CHANGELOG

@@ -1,3 +1,18 @@
+Version 1.20.3 - Jul. 10, 2016
+Yesterdays bugfix broke more than it fixed, refixed.
+
+Version 1.20.2 - Jul. 9, 2016
+Fix bug preventing to send PMs to number-only nicknames
+
+Version 1.20.1 - Jun. 13, 2016
+Bugfix when logging guests out via admin section
+Don't hide image embedding option in profile with cookies disabled
+Making a moderator to member now sets incognito back to disabled
+
+Version 1.20 - May 15, 2016
+Add setting in profile to allow offline inbox for: staff, members or everyone
+Completely fix link-redirection
+
 Version 1.19.2 - May 7, 2016
 Remove JavaScript "load only new messages" feature
 Add JS auto-refresh to header instead

README

@@ -60,6 +60,7 @@ When you are done, you have to edit the chat script, to include your translation
 		'lang_code'	=>'Language name',
 to the $L array in the load_lang() function at the bottom, similar to what I did for the German translation.
 Please share your translation with me, so I can add it to the official version.
+To update your translation, you can copy each new string to your translation file or edit the automated lang_update.php script to reflect you language and run it.
 
 REGEX:
 

README.md

@@ -64,6 +64,7 @@ When you are done, you have to edit the chat script, to include your translation
 		'lang_code'	=>'Language name',
 to the $L array in the load_lang() function at the bottom, similar to what I did for the German translation.
 Please share your translation with me, so I can add it to the official version.
+To update your translation, you can copy each new string to your translation file or edit the automated lang_update.php script to reflect you language and run it.
 
 Regex:
 ------

chat.php

@@ -275,7 +275,7 @@ function thr(){
 	echo '<tr><td><hr></td></tr>';
 }
 
-function print_start($class='',  $ref=0, $url=''){
+function print_start($class='', $ref=0, $url=''){
 	global $H, $I;
 	if(!empty($url)){
 		$url=str_replace('&amp;', '&', $url);// Don't escape "&" in URLs here, it breaks some (older) browsers and js refresh!
@@ -284,7 +284,8 @@ function print_start($class='',  $ref=0, $url=''){
 	echo "<!DOCTYPE html><html><head>$H[meta_html]";
 	if(!empty($url)){
 		echo "<meta http-equiv=\"Refresh\" content=\"$ref; URL=$url\">";
-		$ref*=1000;
+		$ref+=5;//only use js if browser refresh stopped working
+		$ref*=1000;//js uses milliseconds
 		echo "<script type=\"text/javascript\">setTimeout(function(){window.location.replace(\"$url\");}, $ref);</script>";
 	}
 	if($class==='init'){
@@ -299,6 +300,7 @@ function print_start($class='',  $ref=0, $url=''){
 
 function send_redirect($url){
 	global $I;
+	$url=htmlspecialchars_decode(rawurldecode($url));
 	preg_match('~^(.*)://~', $url, $match);
 	$url=preg_replace('~^(.*)://~', '', $url);
 	$escaped=htmlspecialchars($url);
@@ -835,13 +837,21 @@ function send_alogin(){
 	print_end();
 }
 
+function sort_names(&$names){
+	$keys=[];
+	foreach($names as $k => $v){
+		$keys[]=(string) $k;
+	}
+	array_multisort(array_map('strtolower', $keys), SORT_ASC, SORT_STRING, $names);
+}
+
 function send_admin($arg=''){
 	global $A, $H, $I, $P, $U, $db;
 	$ga=(int) get_setting('guestaccess');
 	print_start('admin');
 	$chlist="<select name=\"name[]\" size=\"5\" multiple><option value=\"\">$I[choose]</option>";
 	$chlist.="<option value=\"&\">$I[allguests]</option>";
-	array_multisort(array_map('strtolower', array_keys($P)), SORT_ASC, SORT_STRING, $P);
+	sort_names($P);
 	foreach($P as $user){
 		if($user[2]<$U['status']){
 			$chlist.="<option value=\"$user[0]\" style=\"$user[1]\">$user[0]</option>";
@@ -938,7 +948,7 @@ function send_admin($arg=''){
 		frmadm('status');
 		echo "<table class=\"right-table\"><td class=\"right\"><select name=\"name\" size=\"1\"><option value=\"\">$I[choose]</option>";
 		read_members();
-		array_multisort(array_map('strtolower', array_keys($A)), SORT_ASC, SORT_STRING, $A);
+		sort_names($A);
 		foreach($A as $member){
 			echo "<option value=\"$member[0]\" style=\"$member[2]\">$member[0]";
 			if($member[1]==0){
@@ -1304,7 +1314,7 @@ function send_messages(){
 	echo '</div><div id="chatters">';
 	print_chatters();
 	echo "</div><a style=\"position:fixed;top:0.5em;right:0.5em\" href=\"#bottom\">$I[bottom]</a><div id=\"messages\">";
-	if($U['status']>=2 && $U['eninbox']==1){
+	if($U['status']>=2 && $U['eninbox']!=0){
 		$stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . 'inbox WHERE recipient=?;');
 		$stmt->execute(array($U['nickname']));
 		$tmp=$stmt->fetch(PDO::FETCH_NUM);
@@ -1457,7 +1467,7 @@ function send_approve_waiting(){
 		echo '<table class="center-table left">';
 		echo "<tr><th class=\"padded\">$I[sessnick]</th><th class=\"padded\">$I[sessua]</th></tr>";
 		foreach($tmp as $temp){
-			echo '<tr>'.hidden('alls[]', $temp['nickname'])."<td class=\"padded\"><input type=\"checkbox\" name=\"csid[]\" id=\"$temp[nickname]]\" value=\"$temp[nickname]\"><label for=\"$temp[nickname]\"> ".style_this($temp['nickname'], $temp['style'])."</label></td><td class=\"padded\">$temp[useragent]</td></tr>";
+			echo '<tr>'.hidden('alls[]', $temp['nickname'])."<td class=\"padded\"><input type=\"checkbox\" name=\"csid[]\" id=\"$temp[nickname]\" value=\"$temp[nickname]\"><label for=\"$temp[nickname]\"> ".style_this($temp['nickname'], $temp['style'])."</label></td><td class=\"padded\">$temp[useragent]</td></tr>";
 		}
 		echo "</table><br><table class=\"center-table left\"><tr><td><input type=\"radio\" name=\"what\" value=\"allowchecked\" id=\"allowchecked\" checked><label for=\"allowchecked\">$I[allowchecked]</label></td>";
 		echo "<td><input type=\"radio\" name=\"what\" value=\"allowall\" id=\"allowall\"><label for=\"allowall\">$I[allowall]</label></td>";
@@ -1620,16 +1630,16 @@ function send_post(){
 				$ignored[]=$ign['ignored'];
 			}
 		}
-		$stmt=$db->prepare('SELECT nickname, style, status FROM ' . PREFIX . 'members WHERE eninbox=1 AND nickname NOT IN (SELECT nickname FROM ' . PREFIX . 'sessions WHERE incognito=0) AND nickname NOT IN (SELECT ign FROM ' . PREFIX . 'ignored WHERE ignby=?) AND nickname NOT IN (SELECT ignby FROM ' . PREFIX . 'ignored WHERE ign=?);');
-		$stmt->execute(array($U['nickname'], $U['nickname']));
+		$stmt=$db->prepare('SELECT nickname, style, status FROM ' . PREFIX . 'members WHERE eninbox!=0 AND eninbox<=? AND nickname NOT IN (SELECT nickname FROM ' . PREFIX . 'sessions WHERE incognito=0) AND nickname NOT IN (SELECT ign FROM ' . PREFIX . 'ignored WHERE ignby=?) AND nickname NOT IN (SELECT ignby FROM ' . PREFIX . 'ignored WHERE ign=?);');
+		$stmt->execute(array($U['status'], $U['nickname'], $U['nickname']));
 		while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
 			$P[$tmp['nickname']]=["$tmp[nickname] $I[offline]", $tmp['style'], $tmp['status']];
 		}
-		array_multisort(array_map('strtolower', array_keys($P)), SORT_ASC, SORT_STRING, $P);
+		sort_names($P);
 		foreach($P as $name => $user){
 			if($U['nickname']!==$user[0] && !in_array($user[0], $ignored)){
 				echo '<option ';
-				if($_REQUEST['sendto']===$name){
+				if($_REQUEST['sendto']==$name){
 					echo 'selected ';
 				}
 				echo "value=\"$name\" style=\"$user[1]\">$user[0]</option>";
@@ -1696,7 +1706,7 @@ function send_profile($arg=''){
 	print_start('profile');
 	echo "<$H[form]>$H[commonform]".hidden('action', 'profile').hidden('do', 'save')."<h2>$I[profile]</h2><i>$arg</i><table class=\"center-table\">";
 	thr();
-	array_multisort(array_map('strtolower', array_keys($P)), SORT_ASC, SORT_STRING, $P);
+	sort_names($P);
 	$ignored=array();
 	$ignore=get_ignored();
 	foreach($ignore as $ign){
@@ -1774,15 +1784,12 @@ function send_profile($arg=''){
 	echo '<tr><td>'.style_this("$U[nickname] : $I[fontexample]", $U['style']).'</td></tr>';
 	thr();
 	$bool_settings=['timestamps', 'nocache'];
-	if(get_setting('imgembed') && isSet($_COOKIE[COOKIENAME])){
+	if(get_setting('imgembed')){
 		$bool_settings[]='embed';
 	}
 	if($U['status']>=5 && get_setting('incognito')){
 		$bool_settings[]='incognito';
 	}
-	if($U['status']>=2 && get_setting('eninbox')){
-		$bool_settings[]='eninbox';
-	}
 	foreach($bool_settings as $setting){
 		echo '<tr><td><table class="left-table"><tr><th>'.$I[$setting].'</th><td class="right">';
 		echo "<input type=\"checkbox\" name=\"$setting\" id=\"$setting\" value=\"on\"";
@@ -1792,6 +1799,32 @@ function send_profile($arg=''){
 		echo "><label for=\"$setting\"><b>$I[enabled]</b></label></td></tr></table></td></tr>";
 		thr();
 	}
+	if($U['status']>=2 && get_setting('eninbox')){
+		echo "<tr><td><table class=\"left-table\"><tr><th>$I[eninbox]</th><td class=\"right\">";
+		echo "<select name=\"eninbox\" id=\"eninbox\">";
+		echo '<option value="0"';
+		if($U['eninbox']==0){
+			echo ' selected';
+		}
+		echo ">$I[disabled]</option>";
+		echo '<option value="1"';
+		if($U['eninbox']==1){
+			echo ' selected';
+		}
+		echo ">$I[eninall]</option>";
+		echo '<option value="3"';
+		if($U['eninbox']==3){
+			echo ' selected';
+		}
+		echo ">$I[eninmem]</option>";
+		echo '<option value="5"';
+		if($U['eninbox']==5){
+			echo ' selected';
+		}
+		echo ">$I[eninstaff]</option>";
+		echo '</select></td></tr></table></td></tr>';
+		thr();
+	}
 	echo "<tr><td><table class=\"left-table\"><tr><th>$I[tz]</th><td class=\"right\">";
 	echo "<select name=\"tz\" id=\"tz\">";
 	$tzs=[-12=>'-12', -11=>'-11', -10=>'-10', -9=>'-9', -8=>'-8', -7=>'-7', -6=>'-6', -5=>'-5', -4=>'-4', -3=>'-3', -2=>'-2', -1=>'-1', 0=>'', 1=>'+1', 2=>'+2', 3=>'+3', 4=>'+4', 5=>'+5', 6=>'+6', 7=>'+7', 8=>'+8', 9=>'+9', 10=>'+10', 11=>'+11', 12=>'+12', 13=>'+13', 14=>'+14'];
@@ -2243,7 +2276,7 @@ function logout_chatter($names){
 					$stmt1->execute(array($name));
 					$stmt2->execute(array($name));
 					$stmt3->execute(array($name, $name));
-					$stmt4->execute(array($name, $name));
+					$stmt4->execute(array($name));
 				}
 				unset($P[$name]);
 			}
@@ -2446,33 +2479,35 @@ function change_status($nick, $status){
 	}elseif($U['status']<=$status || !preg_match('/^[023567\-]$/', $status)){
 		return sprintf($I['cantchgstat'], $nick);
 	}
-	$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'members WHERE nickname=? AND status<?;');
+	$stmt=$db->prepare('SELECT incognito FROM ' . PREFIX . 'members WHERE nickname=? AND status<?;');
 	$stmt->execute(array($nick, $U['status']));
-	if($stmt->fetch(PDO::FETCH_ASSOC)){
-		if($_REQUEST['set']==='-'){
-			$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'inbox WHERE recipient=?;');
-			$stmt->execute(array($nick));
-			$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'members WHERE nickname=?;');
-			$stmt->execute(array($nick));
-			$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET status=1 WHERE nickname=?;');
-			$stmt->execute(array($nick));
-			if(isSet($P[$nick])){
-				$P[$nick][2]=1;
-			}
-			return sprintf($I['succdel'], $nick);
-		}else{
-			$stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET status=? WHERE nickname=?;');
-			$stmt->execute(array($status, $nick));
-			$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET status=? WHERE nickname=?;');
-			$stmt->execute(array($status, $nick));
-			if(isSet($P[$nick])){
-				$P[$nick][2]=$status;
-			}
-			return sprintf($I['succchg'], $nick);
-		}
-	}else{
+	if(!$old=$stmt->fetch(PDO::FETCH_NUM)){
 		return sprintf($I['cantchgstat'], $nick);
 	}
+	if($_REQUEST['set']==='-'){
+		$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'inbox WHERE recipient=?;');
+		$stmt->execute(array($nick));
+		$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'members WHERE nickname=?;');
+		$stmt->execute(array($nick));
+		$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET status=1, incognito=0 WHERE nickname=?;');
+		$stmt->execute(array($nick));
+		if(isSet($P[$nick])){
+			$P[$nick][2]=1;
+		}
+		return sprintf($I['succdel'], $nick);
+	}else{
+		if($status<5){
+			$old[0]=0;
+		}
+		$stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET status=?, incognito=? WHERE nickname=?;');
+		$stmt->execute(array($status, $old[0], $nick));
+		$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET status=?, incognito=? WHERE nickname=?;');
+		$stmt->execute(array($status, $old[0], $nick));
+		if(isSet($P[$nick])){
+			$P[$nick][2]=$status;
+		}
+		return sprintf($I['succchg'], $nick);
+	}
 }
 
 function passreset($nick, $pass){
@@ -2564,10 +2599,8 @@ function amend_profile(){
 			$U['tz']=$_REQUEST['tz'];
 		}
 	}
-	if(isSet($_REQUEST['eninbox'])){
-		$U['eninbox']=1;
-	}else{
-		$U['eninbox']=0;
+	if(isSet($_REQUEST['eninbox']) && $_REQUEST['eninbox']>=0 && $_REQUEST['eninbox']<=5){
+		$U['eninbox']=$_REQUEST['eninbox'];
 	}
 }
 
@@ -2730,8 +2763,8 @@ function validate_input(){
 		$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'ignored WHERE (ignby=? AND ign=?) OR (ignby=? AND ign=?);');
 		$stmt->execute(array($U['nickname'], $_REQUEST['sendto'], $_REQUEST['sendto'], $U['nickname']));
 		if(!$stmt->fetch(PDO::FETCH_NUM)){
-			$stmt=$db->prepare('SELECT nickname, style, status FROM ' . PREFIX . 'members WHERE eninbox=1 AND nickname NOT IN (SELECT nickname FROM ' . PREFIX . 'sessions WHERE incognito=0) AND nickname NOT IN (SELECT ign FROM ' . PREFIX . 'ignored WHERE ignby=?) AND nickname NOT IN (SELECT ignby FROM ' . PREFIX . 'ignored WHERE ign=?);');
-			$stmt->execute(array($U['nickname'], $U['nickname']));
+			$stmt=$db->prepare('SELECT nickname, style, status FROM ' . PREFIX . 'members WHERE eninbox!=0 AND eninbox<=? AND nickname NOT IN (SELECT nickname FROM ' . PREFIX . 'sessions WHERE incognito=0) AND nickname NOT IN (SELECT ign FROM ' . PREFIX . 'ignored WHERE ignby=?) AND nickname NOT IN (SELECT ignby FROM ' . PREFIX . 'ignored WHERE ign=?);');
+			$stmt->execute(array($U['status'], $U['nickname'], $U['nickname']));
 			while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
 				$P[$tmp['nickname']]=[$tmp['nickname'], $tmp['style'], $tmp['status']];
 				$inboxes[$tmp['nickname']]=true;
@@ -2846,7 +2879,7 @@ function apply_linkfilter(){
 	if(get_setting('forceredirect')){
 		$U['message']=preg_replace_callback('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/',
 			function ($matched) use($redirect){
-				return "<a href=\"$redirect".$matched[1]."\" target=\"_blank\">$matched[2]</a>";
+				return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
 			}
 		, $U['message']);
 	}elseif(preg_match_all('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/', $U['message'], $matches)){
@@ -2854,7 +2887,7 @@ function apply_linkfilter(){
 			if(!preg_match('~^http(s)?://~', $match)){
 				$U['message']=preg_replace_callback('/<a href="('.str_replace('/', '\/', $match).')\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/',
 					function ($matched) use($redirect){
-						return "<a href=\"$redirect".$matched[1]."\" target=\"_blank\">$matched[2]</a>";
+						return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
 					}
 				, $U['message']);
 			}
@@ -3074,7 +3107,7 @@ function prepare_message_print(&$message, $injectRedirect, $redirect, $removeEmb
 	if($injectRedirect){
 		$message['text']=preg_replace_callback('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/',
 			function ($matched) use($redirect) {
-				return "<a href=\"$redirect".$matched[1]."\" target=\"_blank\">$matched[2]</a>";
+				return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
 			}
 		, $message['text']);
 	}
@@ -3717,7 +3750,7 @@ function load_lang(){
 
 function load_config(){
 	date_default_timezone_set('UTC');
-	define('VERSION', '1.19.2'); // Script version
+	define('VERSION', '1.20.3'); // Script version
 	define('DBVERSION', 23); // Database version
 	define('MSGENCRYPTED', false); // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing!
 	define('ENCRYPTKEY', 'MY_KEY'); // Encryption key for messages

lang_de.php

@@ -342,6 +342,9 @@ $T=array(
 	'eninbox' => 'Offline Posteingang aktivieren',
 	'inboxmsgs' => '%d Nachrichten im Posteingang lesen',
 	'offline' => '(offline)',
-	'deleteacc' => 'Konto löschen'
+	'deleteacc' => 'Konto löschen',
+	'eninall' => 'Für jeden',
+	'eninmem' => 'Nur für Mitglieder',
+	'eninstaff' => 'Nur für Moderatoren'
 );
 ?>

lang_en.php

@@ -342,6 +342,9 @@ $I=array(
 	'eninbox' => 'Enable offline inbox',
 	'inboxmsgs' => 'Read %d messages in your inbox',
 	'offline' => '(offline)',
-	'deleteacc' => 'Delete account'
+	'deleteacc' => 'Delete account',
+	'eninall' => 'For everyone',
+	'eninmem' => 'For members only',
+	'eninstaff' => 'For staff only'
 );
 ?>

lang_update.php

@@ -0,0 +1,45 @@
+<?php
+$native = 'Deutsch'; // Native lanugae name
+$english = 'German'; // Enlish language name
+$code = 'de'; // Language code
+
+ob_start();
+echo "<?php
+/*
+* LE CHAT-PHP - a PHP Chat based on LE CHAT - $english translation
+*
+* Copyright (C) 2015-2016 Daniel Winzen <d@winzen4.de>
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+//Native language name: $native
+\$T=array(
+";
+if(file_exists("lang_$code.php")){
+	include("lang_$code.php");
+}
+include('lang_en.php');
+foreach($T as $id=>$value){
+	if(isSet($I[$id])){
+		$I[$id]=$value;
+	}
+}
+foreach($I as $id=>$value){
+	echo "\t'$id' => '".str_replace("'", "\'", $value)."',\n";
+}
+echo ");\n?>\n";
+$file=ob_get_clean();
+file_put_contents("lang_$code.php", $file);
+?>