$I[adminnotes]

"; if(isset($_REQUEST['text'])){ $stmt=mysqli_prepare($mysqli, 'INSERT INTO `notes`(`type`, `lastedited`, `editedby`, `text`) VALUES (?, ?, ?, ?)'); mysqli_stmt_bind_param($stmt, 'sdss', $type, time(), $U['nickname'], $_REQUEST['text']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); echo "$I[notessaved] "; } $stmt=mysqli_prepare($mysqli, 'SELECT `lastedited`, `editedby`, `text` FROM `notes` WHERE `type`=? ORDER BY `lastedited` DESC LIMIT 1'); mysqli_stmt_bind_param($stmt, 's', $type); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $lastedited, $editedby, $text); if(mysqli_stmt_fetch($stmt)){ printf($I['lastedited'], $editedby, date('Y-m-d H:i:s', $lastedited)); } mysqli_stmt_close($stmt); echo "

$I[waitingroom]

$I[waitingroom]

".sprintf($I['waittext'], $U['displayname'], $timeleft).'

'.sprintf($I['waitreload'], $C['defaultrefresh']).'

$I[rules]

$I[help]

$H[backtochat]"; print_credits(); print_end(); } function send_profile($arg=''){ global $U, $F, $H, $I; print_start(); echo "<$H[form]>".hidden('action', 'profile').hidden('do', 'save').hidden('session', $U['session'])."

$I[profile]

$arg"; thr(); echo ""; thr(); echo ""; thr(); echo ""; thr(); if($U['status']>=3){ echo ""; thr(); } echo "'; thr(); echo ""; thr(); echo ""; thr(); echo "'; thr(); if($U['status']>=5){ echo "'; thr(); } if($U['status']>=2){ echo ""; thr(); } echo '

$I[refreshrate] "; echo "

$I[fontcolour] ($I[viewexample]) "; echo "

$I[bgcolour] ($I[viewexample]) "; echo "

$I[fontface] "; echo "   * $I[roomdefault] *"; foreach($F as $name=>$font){ echo '$name"; } echo "   /', $U['fontinfo'])) echo ' checked'; echo "> $I[bold]   /', $U['fontinfo'])) echo ' checked'; echo "> $I[italic]

$U[displayname] : ".style_this($I['fontexample'], $U['fontinfo']).'

$I[timestamps] "; echo "   $I[timestamps]

$I[embed] "; echo "   $I[embed]

$I[pbsize] "; echo ""; echo ""; echo '   $I[width]   $I[height]

$I[nbsize] "; echo ""; echo ""; echo '   $I[width]   $I[height]

"; echo " $I[changepass] "; echo ""; echo "   $I[oldpass]   $I[newpass]   $I[confirmpass]

'.submit($I['savechanges'])."

$H[backtochat]"; print_end(); } function send_controls(){ global $U, $H, $I; print_start(); echo ''; echo "'; echo "'; echo "'; if($U['status']>=5) echo "'; if($U['status']>=6) echo "'; if($U['status']>=5) echo "'; if($U['status']>=3) echo "'; echo "'; echo "'; echo '

<$H[form] target=\"post\">".hidden('action', 'post').hidden('session', $U['session']).submit($I['reloadpb']).'

<$H[form] target=\"view\">".hidden('action', 'view').hidden('session', $U['session']).hidden('nocache', '000001').submit($I['reloadmsgs']).'

<$H[form] target=\"view\">".hidden('action', 'profile').hidden('session', $U['session']).submit($I['chgprofile']).'

<$H[form] target=\"view\">".hidden('action', 'admin').hidden('session', $U['session']).submit($I['adminbtn']).'

<$H[form] target=\"view\">".hidden('action', 'admnotes').hidden('session', $U['session']).submit($I['admnotes']).'

<$H[form] target=\"view\">".hidden('action', 'notes').hidden('session', $U['session']).submit($I['notes']).'

<$H[form] target=\"_blank\">".hidden('action', 'login').hidden('session', $U['session']).submit($I['clone']).'

<$H[form] target=\"view\">".hidden('action', 'help').hidden('session', $U['session']).submit($I['randh']).'

<$H[form] target=\"_parent\">".hidden('action', 'logout').hidden('session', $U['session']).submit($I['exit']).'

'; print_end(); } function send_logout(){ global $U, $H, $I; print_start(); echo '

'.sprintf($I['bye'], $U['displayname'])."

$H[backtologin]"; print_end(); } function send_colours(){ global $H, $I; print_start(); echo "

$I[colourtable]

"; for($red=0x00;$red<=0xFF;$red+=0x33){ for($green=0x00;$green<=0xFF;$green+=0x33){ for($blue=0x00;$blue<=0xFF;$blue+=0x33){ $hcol=sprintf('%02X', $red).sprintf('%02X', $green).sprintf('%02X', $blue); echo "$hcol "; } echo '
'; } echo '
'; } echo "<$H[form]>".hidden('action', 'profile').hidden('session', $_REQUEST['session']).submit($I['backtoprofile'], ' style="background-color:#004400;color:#FFFFFF;"').''; print_end(); } function send_login(){ global $C, $H, $I, $mysqli, $L; setcookie('test', '1'); print_start(); echo "

$C[chatname]

<$H[form] target=\"_parent\">".hidden('action', 'login'); if($C['enablecaptcha']){ $code=rand(0, 99999); $randid=rand(0, 99999999); $enc=base64_encode(openssl_encrypt("$code, $randid", 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456')); $stmt=mysqli_prepare($mysqli, 'INSERT INTO `captcha` (`id`, `time`) VALUES (?, \''.time().'\')'); mysqli_stmt_bind_param($stmt, 'd', $randid); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); echo hidden('challenge', $enc); } echo ""; echo ""; if($C['enablecaptcha']){ echo "'; } echo "'; $nowchatting=get_nowchatting(); echo '

$I[nick]
$I[pass]
$I[copy]"; echo send_captcha($code); echo '
$I[choosecol] * $I[randomcol] *"; print_colours(); echo '
'.submit($I['enter'])."

$nowchatting"; echo "

$I[rules]

$C[rulestxt]

$I[changelang]"; foreach($L as $lang=>$name){ echo " $name"; } print_credits(); print_end(); } function send_error($err){ global $H, $I; print_start('body{color:#FF0033;}'); echo "

$I[error] $err

$H[backtologin]"; print_end(); } function print_chatters(){ global $U, $M, $H, $G, $I, $mysqli; echo ''; if($U['status']>=5 && get_setting('guestaccess')==3){ $result=mysqli_query($mysqli, 'SELECT COUNT(*) FROM `sessions` WHERE `entry`!=\'0\' AND `status`=\'1\' ORDER BY `entry`'); $temp=mysqli_fetch_array($result, MYSQLI_NUM); if($temp[0]>0) echo "'; } if(isSet($M[0])){ echo "'; if(isSet($G[0])) echo ''; } if(isSet($G[0])) echo "'; echo '

<$H[form]>".hidden('action', 'admin').hidden('do', 'approve').hidden('session', $_REQUEST['session']).submit(sprintf($I['approveguests'], $temp[0])).'

$I[members]

".implode('   ', $M).'

$I[guests]

".implode('   ', $G).'

'; } function print_memberslist(){ global $A; read_members(); array_multisort(array_map('strtolower', array_keys($A)), SORT_ASC, SORT_STRING, $A); foreach($A as $member){ echo "$member[0]"; if($member[1]==0) echo ' (!)'; elseif($member[1]==2) echo ' (G)'; elseif($member[1]==5 || $member[1]==6) echo ' (M)'; elseif($member[1]>=7) echo ' (A)'; echo ''; } } // session management function create_session(){ global $U, $C, $I, $mysqli; $U['nickname']=cleanup_nick($_REQUEST['nick']); $U['passhash']=md5(sha1(md5($U['nickname'].$_REQUEST['pass']))); $U['colour']=$_REQUEST['colour']; $U['status']=1; if(!valid_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname'])); check_member(); add_user_defaults(); if($C['enablecaptcha'] && ($U['status']==1 || !$C['dismemcaptcha'])){ $captcha=explode(',', openssl_decrypt(base64_decode($_REQUEST['challenge']), 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456')); if(current($captcha)!==$_REQUEST['captcha']) send_error($I['wrongcaptcha']); $stmt=mysqli_prepare($mysqli, 'SELECT * FROM `captcha` WHERE `id`=?'); mysqli_stmt_bind_param($stmt, 'd', end($captcha)); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt)==0) send_error($I['captchatime']); mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, 'DELETE FROM `captcha` WHERE `id`=? OR `time`<\''.(time()-60*10)."'"); mysqli_stmt_bind_param($stmt, 'd', end($captcha)); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } if($U['status']==1){ if(!allowed_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname'])); $ga=get_setting('guestaccess'); if($ga==0) send_error($I['noguests']); } write_new_session(); } function write_new_session(){ global $U, $C, $I, $mysqli; // read and update current sessions $lines=parse_sessions(); $sids; $inuse=0; $reentry=0; if(isSet($lines)){ foreach($lines as $temp){ $sids[$temp['session']]=1;// collect all existing ids if($temp['nickname']==$U['nickname']){// nick already here? if($U['passhash']==$temp['passhash']){ $U=$temp; add_user_defaults(); setcookie($C['cookiename'], $U['session']); $reentry=1; }else{ $inuse=1; } } } } // create new session: if($inuse==0 && $reentry==0){ do{ $U['session']=md5(time().rand().$U['nickname']); }while(isSet($sids[$U['session']]));// check for hash collision $stmt=mysqli_prepare($mysqli, 'INSERT INTO `sessions`(`session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `bgcolour`, `notesboxwidth`, `notesboxheight`, `entry`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); mysqli_stmt_bind_param($stmt, 'sssddssdsdddssddddd', $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['entry'], $U['timestamps'], $U['embed']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); setcookie($C['cookiename'], $U['session']); if($C['msglogin'] && $U['status']>=3) add_system_message(sprintf(get_setting('msgenter'), $U['displayname'])); }elseif($inuse){ send_error($I['invalpass']); }elseif($U['status']==0){ setcookie($C['cookiename'], false); send_error("$I[kicked]
$U[kickmessage]"); } } function approve_session(){ global $mysqli; if(isSet($_REQUEST['what'])){ if($_REQUEST['what']=='allowchecked' && isSet($_REQUEST['csid'])){ $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `entry`=\'0\' WHERE `nickname`=?'); foreach($_REQUEST['csid'] as $nick){ mysqli_stmt_bind_param($stmt, 's', $nick); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); }elseif($_REQUEST['what']=='allowall' && isSet($_REQUEST['alls'])){ $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `entry`=\'0\' WHERE `nickname`=?'); foreach($_REQUEST['alls'] as $nick){ mysqli_stmt_bind_param($stmt, 's', $nick); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); }elseif($_REQUEST['what']=='denychecked' && isSet($_REQUEST['csid'])){ $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `lastpost`=\''.(60*($C['kickpenalty']-$C['guestsexpire'])+time()).'\', `status`=\'0\', `kickmessage`=? WHERE `nickname`=? AND `status`=\'1\''); foreach($_REQUEST['csid'] as $nick){ mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['kickmessage'], $nick); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); }elseif($_REQUEST['what']=='denyall' && isSet($_REQUEST['alls'])){ $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `lastpost`=\''.(60*($C['kickpenalty']-$C['guestsexpire'])+time()).'\', `status`=\'0\', `kickmessage`=? WHERE `nickname`=? AND `status`=\'1\''); foreach($_REQUEST['alls'] as $nick){ mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['kickmessage'], $nick); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); } } } function check_login(){ global $mysqli, $C, $U, $I, $M; if(isSet($_POST['session'])){ $stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed` FROM `sessions` WHERE `session`=?'); mysqli_stmt_bind_param($stmt, 's', $_POST['session']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed']); if(mysqli_stmt_fetch($stmt)){ if($U['status']==0){ setcookie($C['cookiename'], false); send_error("$I[kicked]
$U[kickmessage]"); }else{ setcookie($C['cookiename'], $U['session']); } }else{ setcookie($C['cookiename'], false); send_error($I['expire']); } mysqli_stmt_close($stmt); }else{ create_session(); } if($U['status']==1){ $ga=get_setting('guestaccess'); if(($ga==2 || $ga==3) && count($M)>0){ $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `entry`=\''.time().'\' WHERE `session`=?'); mysqli_stmt_bind_param($stmt, 's', $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $_REQUEST['session']=$U['session']; send_waiting_room(); } } } function kill_session(){ global $U, $C, $I, $mysqli; parse_sessions(); setcookie($C['cookiename'], false); if(!isSet($U['session'])) send_error($I['expire']); if($U['status']==0) send_error("$I[kicked]
$U[kickmessage]"); $stmt=mysqli_prepare($mysqli, 'DELETE FROM `sessions` WHERE `session`=?'); mysqli_stmt_bind_param($stmt, 's', $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($U['status']==1){ $stmt=mysqli_prepare($mysqli, 'UPDATE `messages` SET `poster`=\'\' WHERE `poster`=? AND `poststatus`=\'9\''); mysqli_stmt_bind_param($stmt, 's', $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, 'UPDATE `messages` SET `recipient`=\'\' WHERE `recipient`=? AND `poststatus`=\'9\''); mysqli_stmt_bind_param($stmt, 's', $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } elseif($C['msglogout'] && $U['status']>=3) add_system_message(sprintf(get_setting('msgexit'), $U['displayname'])); } function kick_chatter($names, $mes){ global $C, $U, $P, $mysqli; $lonick=''; $lines=parse_sessions(); $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `lastpost`=\''.(60*($C['kickpenalty']-$C['guestsexpire'])+time()).'\', `status`=\'0\', `kickmessage`=? WHERE `session`=? AND `status`!=\'0\''); $i=0; if(isSet($lines)){ foreach($names as $name){ foreach($lines as $temp){ if(($temp['nickname']==$U['nickname'] && $U['nickname']==$name) || ($U['status']>$temp['status'] && (($temp['nickname']==$name && $temp['status']>0) || ($name=='&' && $temp['status']==1)))){ mysqli_stmt_bind_param($stmt, 'ss', $mes, $temp['session']); mysqli_stmt_execute($stmt); $lonick.="$temp[displayname], "; $i++; unset($P[$name]); } } } } mysqli_stmt_close($stmt); if($C['msgkick']){ if($names[0]=='&'){ add_system_message(get_setting('msgallkick')); }else{ $lonick=preg_replace('/\,\s$/','',$lonick); if($lonick!==''){ if($i>1){ add_system_message(sprintf(get_setting('msgmultikick'), $lonick)); }else{ add_system_message(sprintf(get_setting('msgkick'), $lonick)); } } } } } function logout_chatter($names){ global $U, $P, $mysqli; $lines=parse_sessions(); $stmt=mysqli_prepare($mysqli, 'DELETE FROM `sessions` WHERE `session`=? AND `status`$U[kickmessage]"); } } function get_nowchatting(){ global $M, $G, $P, $I; parse_sessions(); return sprintf($I['curchat'], count($P)).'
'.implode('   ', $M).'   '.implode('   ', $G); } function parse_sessions(){ global $U, $P, $M, $G, $C, $mysqli, $countmods; $result=mysqli_query($mysqli, 'SELECT `nickname`, `status` FROM `sessions` WHERE (`lastpost`<\''.(time()-60*$C['guestsexpire']).'\' AND `status`<=\'2\') OR (`lastpost`<\''.(time()-60*$C['sessionexpire']).'\' AND `status`>\'2\')'); if(mysqli_num_rows($result)>0){ $stmt=mysqli_prepare($mysqli, 'DELETE FROM `sessions` WHERE `nickname`=?'); $stmt1=mysqli_prepare($mysqli, 'UPDATE `messages` SET `poster`=\'\' WHERE `poster`=? AND `poststatus`=\'9\''); $stmt2=mysqli_prepare($mysqli, 'UPDATE `messages` SET `recipient`=\'\' WHERE `recipient`=? AND `poststatus`=\'9\''); while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ mysqli_stmt_bind_param($stmt, 's', $temp['nickname']); mysqli_stmt_execute($stmt); if($temp['status']<=1){ mysqli_stmt_bind_param($stmt1, 's', $temp['nickname']); mysqli_stmt_bind_param($stmt2, 's', $temp['nickname']); mysqli_stmt_execute($stmt1); mysqli_stmt_execute($stmt2); } } mysqli_stmt_close($stmt); mysqli_stmt_close($stmt1); mysqli_stmt_close($stmt2); } $result=mysqli_query($mysqli, 'SELECT * FROM `sessions` WHERE `entry`=\'0\' ORDER BY `status` DESC, `lastpost` DESC'); if(mysqli_num_rows($result)>0){ while($line=mysqli_fetch_array($result, MYSQLI_ASSOC)) $lines[]=$line; if(isSet($_REQUEST['session'])){ foreach($lines as $temp){ if($temp['session']==$_REQUEST['session']){ $U=$temp; add_user_defaults(); } } } $countmods=0; $G=array(); $M=array(); $P=array(); foreach($lines as $temp){ if($temp['status']==1 || $temp['status']==2){ $P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']]; $G[]=$temp['displayname']; }elseif($temp['status']>2){ $P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']]; $M[]=$temp['displayname']; if($temp['status']>=5) $countmods++; } } return $lines; } return; } // member handling function check_member(){ global $U, $I, $mysqli; $stmt=mysqli_prepare($mysqli, 'SELECT `nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `fontface`, `fonttags`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `lastlogin`, `timestamps`, `embed` FROM `members` WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 's', $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $temp['nickname'], $temp['passhash'], $temp['status'], $temp['refresh'], $temp['colour'], $temp['bgcolour'], $temp['fontface'], $temp['fonttags'], $temp['boxwidth'], $temp['boxheight'], $temp['notesboxwidth'], $temp['notesboxheight'], $temp['lastlogin'], $temp['timestamps'], $temp['embed']); if(mysqli_stmt_fetch($stmt)){ mysqli_stmt_close($stmt); if($temp['passhash']==$U['passhash']){ $U=$temp; $stmt=mysqli_prepare($mysqli, 'UPDATE `members` SET `lastlogin`=? WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 'ds', time(), $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); }else{ send_error($I['invalpass']); } }else{ mysqli_stmt_close($stmt); } } function read_members(){ global $A, $F, $mysqli; $result=mysqli_query($mysqli, 'SELECT * FROM `members`'); if(mysqli_num_rows($result)>0){ while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ $A[$temp['nickname']][0]=$temp['nickname']; $A[$temp['nickname']][1]=$temp['status']; $A[$temp['nickname']][2]=@get_style("#$temp[colour] {$F[$temp['fontface']]} <$temp[fonttags]>"); } } } function register_guest($status){ global $P, $U, $C, $I, $mysqli; if($_REQUEST['name']=='') send_admin(); if(!isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); $stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `passhash`, `refresh`, `fontinfo`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed` FROM `sessions` WHERE `nickname`=? AND `status`=\'1\''); mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $reg['session'], $reg['nickname'], $reg['displayname'], $reg['passhash'], $reg['refresh'], $reg['fontinfo'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed']); if(mysqli_stmt_fetch($stmt)){ mysqli_stmt_close($stmt); $reg['status']=$status; if(preg_match('/#([a-f0-9]{6})/i', $reg['fontinfo'], $match)) $reg['colour']=$match[1]; else $reg['colour']=$C['coltxt']; $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `status`=? WHERE `session`=?'); mysqli_stmt_bind_param($stmt, 'ds', $reg['status'], $reg['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); }else{ mysqli_stmt_close($stmt); } if(!isSet($reg['status'])) send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); $stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt)>0) send_admin(sprintf($I['alreadyreged'], $_REQUEST['name'])); mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); mysqli_stmt_bind_param($stmt, 'ssddssddddsdd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $U['nickname'], $reg['timestamps'], $reg['embed']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($reg['status']==3) add_system_message(sprintf(get_setting('msgmemreg'), $reg['displayname'])); else add_system_message(sprintf(get_setting('msgsureg'), $reg['displayname'])); } function register_new(){ global $C, $U, $P, $I, $mysqli; $_REQUEST['name']=cleanup_nick($_REQUEST['name']); if($_REQUEST['name']=='') send_admin(); if(isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); if(!valid_nick($_REQUEST['name'])) send_admin(sprintf($I['invalnick'], $C['maxname'])); $stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt)>0) send_admin(sprintf($I['alreadyreged'], $_REQUEST['name'])); mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); $reg=array( 'nickname' =>$_REQUEST['name'], 'passhash' =>md5(sha1(md5($_REQUEST['name'].$_REQUEST['pass']))), 'status' =>3, 'refresh' =>$C['defaultrefresh'], 'colour' =>$C['coltxt'], 'bgcolour' =>$C['colbg'], 'boxwidth' =>$C['boxwidth'], 'boxheight' =>$C['boxheight'], 'notesboxwidth' =>$C['notesboxwidth'], 'notesboxheight'=>$C['notesboxheight'], 'regedby' =>$U['nickname'], 'timestamps' =>$C['timestamps'], 'embed' =>$C['embed'] ); $stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`,`notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); mysqli_stmt_bind_param($stmt, 'ssddssddddsdd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['regedby'], $reg['timestamps'], $reg['embed']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); send_admin(sprintf($I['successreg'], $reg['nickname'])); } function change_status(){ global $U, $I, $mysqli; if(!isSet($_REQUEST['name']) || $_REQUEST['name']=='') send_admin(); if($U['status']<=$_REQUEST['set'] || !preg_match('/^[023567\-]$/', $_REQUEST['set'])) send_admin(sprintf($I['cantchgstat'], $_REQUEST['name'])); $stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=? AND `status`0){ mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); if($_REQUEST['set']=='-'){ $stmt=mysqli_prepare($mysqli, 'DELETE FROM `members` WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `status`=\'1\' WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); send_admin(sprintf($I['succdel'], $_REQUEST['name'])); }else{ $stmt=mysqli_prepare($mysqli, 'UPDATE `members` SET `status`=? WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 'ds', $_REQUEST['set'], $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `status`=? WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 'ds', $_REQUEST['set'], $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); send_admin(sprintf($I['succchg'], $_REQUEST['name'])); } }else{ send_admin(sprintf($I['cantchgstat'], $_REQUEST['name'])); mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); } } function amend_profile(){ global $U, $F, $C; if(isSet($_REQUEST['refresh'])) $U['refresh']=$_REQUEST['refresh']; else $U['refresh']=$C['defaultrefresh']; if($U['refresh']<20) $U['refresh']=20; if($U['refresh']>150) $U['refresh']=150; if(preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['colour'])) $U['colour']=$_REQUEST['colour']; else $U['colour']=$C['coltxt']; if(preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['bgcolour'])) $U['bgcolour']=$_REQUEST['bgcolour']; else $U['bgcolour']=$C['colbg']; $U['fonttags']=''; if($U['status']>=3 && isSet($_REQUEST['bold'])) $U['fonttags'].='b'; if($U['status']>=3 && isSet($_REQUEST['italic'])) $U['fonttags'].='i'; if($U['status']>=3 && isSet($F[$_REQUEST['font']])) $U['fontface']=$_REQUEST['font']; @$U['fontinfo']="#$U[colour] {$F[$U['fontface']]} <$U[fonttags]>"; if(!isSet($U['fontinfo'])) $U['fontinfo']=''; $U['style']=get_style($U['fontinfo']); $U['displayname']=style_this($U['nickname'], $U['fontinfo']); if($_REQUEST['boxwidth']>0) $U['boxwidth']=$_REQUEST['boxwidth']; if($_REQUEST['boxheight']>0) $U['boxheight']=$_REQUEST['boxheight']; if(isSet($_REQUEST['notesboxwidth']) && $_REQUEST['notesboxwidth']>0) $U['notesboxwidth']=$_REQUEST['notesboxwidth']; if(isSet($_REQUEST['notesboxheight']) && $_REQUEST['notesboxheight']>0) $U['notesboxheight']=$_REQUEST['notesboxheight']; if(isSet($_REQUEST['timestamps'])) $U['timestamps']=true; else $U['timestamps']=false; if(isSet($_REQUEST['embed'])) $U['embed']=true; else $U['embed']=false; if($U['boxwidth']>=1000) $U['boxwidth']=40; if($U['boxheight']>=1000) $U['boxheight']=3; if($U['notesboxwidth']>=1000) $U['notesboxwidth']=80; if($U['notesboxheight']>=1000) $U['notesboxheight']=30; } function save_profile(){ global $U, $C, $I, $mysqli; if(isSet($_REQUEST['oldpass']) && $_REQUEST['oldpass']=='' && ($_REQUEST['newpass']!=='' || $_REQUEST['confirmpass']!=='')){ send_profile($I['wrongpass']); }elseif(isSet($_REQUEST['newpass']) && $_REQUEST['newpass']!==$_REQUEST['confirmpass']){ send_profile($I['noconfirm']); } // check and rewrite session if(isSet($_REQUEST['oldpass']) && $_REQUEST['oldpass']!==''){ $U['oldhash']=md5(sha1(md5($U['nickname'].$_REQUEST['oldpass']))); }else{ $U['oldhash']=$U['passhash']; } if(isSet($_REQUEST['newpass']) && $_REQUEST['newpass']!==''){ $U['newhash']=md5(sha1(md5($U['nickname'].$_REQUEST['newpass']))); }else{ $U['newhash']=$U['passhash']; } $U['orihash']=$U['passhash']; $stmt=mysqli_prepare($mysqli, 'SELECT * FROM `sessions` WHERE `session`=? AND `passhash`=?'); mysqli_stmt_bind_param($stmt, 'ss', $U['session'], $U['oldhash']); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt)>0){ mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); amend_profile(); $U['passhash']=$U['newhash']; $stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `refresh`=?, `displayname`=?, `fontinfo`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=? WHERE `session`=?'); mysqli_stmt_bind_param($stmt, 'dssssddsdddds', $U['refresh'], $U['displayname'], $U['fontinfo'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); }else{ mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); } if($U['orihash']!==$U['oldhash']) send_profile($I['wrongpass']); // rewrite member file if($U['status']>=2){ $err=''; $stmt=mysqli_prepare($mysqli, 'SELECT `passhash`, `status` FROM `members` WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 's', $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $temp['passhash'], $temp['status']); if(mysqli_stmt_fetch($stmt)){ mysqli_stmt_close($stmt); $U['sessionstatus']=$U['status']; $U['status']=$temp['status']; if($temp['passhash']!==$U['orihash']){ $err=$I['wrongpass']; }else{ $stmt=mysqli_prepare($mysqli, 'UPDATE `members` SET `passhash`=?, `refresh`=?, `colour`=?, `bgcolour`=?, `fontface`=?, `fonttags`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=? WHERE `nickname`=?'); mysqli_stmt_bind_param($stmt, 'sdssssdddddds', $U['passhash'], $U['refresh'], $U['colour'], $U['bgcolour'], $U['fontface'], $U['fonttags'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } $U['status']=$U['sessionstatus']; }else{ mysqli_stmt_close($stmt); } if($err!=='') send_profile($err); } send_profile($I['succprofile']); } function add_user_defaults(){ global $U, $F, $C, $H; if(isSet($_SERVER['HTTP_USER_AGENT'])) $U['useragent']=htmlspecialchars($_SERVER['HTTP_USER_AGENT']); else $U['useragent']=''; if(!isSet($U['refresh'])) $U['refresh']=$C['defaultrefresh']; if(!isSet($U['fontinfo'])){ if(!preg_match('/^[a-f0-9]{6}$/i', $U['colour'])){ $U['colour']=$C['coltxt']; do{ $U['colour']=sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)); }while(abs(greyval($U['colour'])-greyval($C['colbg']))<75); } $U['fontinfo']="#$U[colour]"; @$U['fontinfo'].=" {$F[$U['fontface']]} <$U[fonttags]>"; } if(!isSet($U['bgcolour']) || !preg_match('/^[a-f0-9]{6}$/i', $U['bgcolour'])) $U['bgcolour']=$C['colbg']; $H['begin_body']="\n\n"; if(!isSet($U['colour'])){ preg_match('/([0-9a-f]{6})/i', $U['fontinfo'], $matches); $U['colour']=$matches[0]; } if(!isSet($U['style'])) $U['style']=get_style($U['fontinfo']); if(!isSet($U['boxwidth'])) $U['boxwidth']=40; if(!isSet($U['boxheight'])) $U['boxheight']=3; if(!isSet($U['notesboxwidth'])) $U['notesboxwidth']=80; if(!isSet($U['notesboxheight'])) $U['notesboxheight']=30; if(!isSet($U['timestamps'])) $U['timestamps']=$C['timestamps']; if(!isSet($U['embed'])) $U['embed']=$C['embed']; if(!isSet($U['lastpost'])) $U['lastpost']=time(); if(!isSet($U['entry'])) $U['entry']=0; if(!isSet($U['postid'])) $U['postid']='OOOOOO'; if(!isSet($U['displayname'])) $U['displayname']=style_this($U['nickname'], $U['fontinfo']); } // message handling function validate_input(){ global $U, $P, $C; $U['message']=substr($_REQUEST['message'], 0, $C['maxmessage']); if(!isSet($U['rejected'])) $U['rejected']=substr($_REQUEST['message'], $C['maxmessage']); if(preg_match('/&[^;]{0,8}$/', $U['message']) && preg_match('/^([^;]{0,8};)/', $U['rejected'], $match)){ $U['message'].=$match[0]; $U['rejected']=preg_replace("/^$match[0]", '', $U['rejected']); } if($U['rejected']){ $U['rejected']=htmlspecialchars($U['rejected']); $U['rejected']=preg_replace('/
(
)+/', '

', $U['rejected']); $U['rejected']=preg_replace('/

$/', '
', $U['rejected']); $U['rejected']=preg_replace('/
/', "\n", $U['rejected']); $U['rejected']=preg_replace('/^\s+|\s+$/', '', $U['rejected']); } $U['message']=htmlspecialchars($U['message']); $U['message']=preg_replace("/\r\n/", '
', $U['message']); $U['message']=preg_replace("/\n/", '
', $U['message']); $U['message']=preg_replace("/\r/", '
', $U['message']); if($_REQUEST['multi']=='on'){ $U['message']=preg_replace('/
(
)+/', '

', $U['message']); $U['message']=preg_replace('/

$/', '
', $U['message']); $U['message']=preg_replace('/ /', '  ', $U['message']); $U['message']=preg_replace('/
/', '
 ', $U['message']); }else{ $U['message']=preg_replace('/
/', ' ', $U['message']); $U['message']=preg_replace('/^\s+|\s+$/', '', $U['message']); $U['message']=preg_replace('/\s+/', ' ', $U['message']); } $U['delstatus']=$U['status']; $U['recipient']=''; if($_REQUEST['sendto']=='*'){ $U['poststatus']='1'; $U['displaysend']="$U[displayname] - "; }elseif($_REQUEST['sendto']=='?' && $U['status']>=3){ $U['poststatus']='3'; $U['displaysend']="[M] $U[displayname] - "; }elseif($_REQUEST['sendto']=='#' && $U['status']>=5){ $U['poststatus']='5'; $U['displaysend']="[Staff] $U[displayname] - "; }elseif($_REQUEST['sendto']=='&' && $U['status']>=6){ $U['poststatus']='6'; $U['displaysend']="[Admin] $U[displayname] - "; }else{// known nick in room? foreach($P as $chatter){ if($_REQUEST['sendto']==$chatter[0]){ $U['recipient']=$chatter[0]; $U['displayrecp']=style_this($chatter[0], $chatter[2]); } } if($U['recipient']!==''){ $U['poststatus']='9'; $U['delstatus']='9'; $U['displaysend']="[$U[displayname] to $U[displayrecp]] - "; }else{// nick left already $U['message']=''; $U['rejected']=''; } } if(isSet($U['poststatus'])){ update_session(); if($U['poststatus']==9) apply_filter(true); else apply_filter(false); create_hotlinks(); } } function apply_filter($pm){ global $U, $I, $mysqli; $result=mysqli_query($mysqli, 'SELECT * FROM `filter`'); if(mysqli_num_rows($result)>0){ while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)){ if(!$pm) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count); elseif(!$filter['allowinpm']) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count); if($count>0 && $filter['kick']){ kick_chatter(array($U['nickname']), ''); send_error("$I[kicked]"); } } } } function create_hotlinks(){ global $U, $C; //Make hotlinks for URLs, redirect through dereferrer script to prevent session leakage // 1. all explicit schemes with whatever xxx://yyyyyyy $U['message']=preg_replace('~(\w*://[^\s<>]+)~i', "<<$1>>", $U['message']); // 2. valid URLs without scheme: $U['message']=preg_replace('~((?:[^\s<>]*:[^\s<>]*@)?[a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?::\d*)?/[^\s<>]*)(?![^<>]*>)~i', "<<$1>>", $U['message']); // server/path given $U['message']=preg_replace('~((?:[^\s<>]*:[^\s<>]*@)?[a-z0-9\-]+(?:\.[a-z0-9\-]+)+:\d+)(?![^<>]*>)~i', "<<$1>>", $U['message']); // server:port given $U['message']=preg_replace('~([^\s<>]*:[^\s<>]*@[a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?::\d+)?)(?![^<>]*>)~i', "<<$1>>", $U['message']); // au:th@server given // 3. likely servers without any hints but not filenames like *.rar zip exe etc. $U['message']=preg_replace('~((?:[a-z0-9\-]+\.)*[a-z0-9]{16}\.onion)(?![^<>]*>)~i', "<<$1>>", $U['message']);// *.onion $U['message']=preg_replace('~([a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?:\.(?!rar|zip|exe|gz|7z|bat|doc)[a-z]{2,}))(?=[^a-z0-9\-\.]|$)(?![^<>]*>)~i', "<<$1>>", $U['message']);// xxx.yyy.zzz // Convert every <<....>> into proper links: $U['message']=preg_replace_callback('/<<([^<>]+)>>/', function ($matches){if(strpos($matches[1], '://')==false){ return "$matches[1]";}else{ return "$matches[1]"; }}, $U['message']); if($C['imgembed']) $U['message']=preg_replace_callback('/\[img\](.*?(?=<\/a>))<\/a>/i', function ($matched){ return "

";}, $U['message']); if($C['vidembed']) $U['message']=preg_replace_callback('/\[vid\](.*?(?=<\/a>))<\/a>/i', function ($matched){ return "

";}, $U['message']); if($C['forceredirect']) $U['message']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $U['message']); if(preg_match_all('/(.*?(?=<\/a>))<\/a>/', $U['message'], $matches)){ foreach($matches[1] as $match){ if(!preg_match('~^http(s)?://~', $match)){ $U['message']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $U['message']); break; } } } } function add_message(){ global $U; if($U['message']=='') return; $newmessage=array( 'postdate' =>time(), 'postid' =>$U['postid'], 'poststatus'=>$U['poststatus'], 'poster' =>$U['nickname'], 'recipient' =>$U['recipient'], 'text' =>$U['displaysend'].style_this($U['message'], $U['fontinfo']), 'delstatus' =>$U['delstatus'] ); write_message($newmessage); } function add_system_message($mes){ $sysmessage=array( 'postdate' =>time(), 'postid' =>substr(rand(), -6), 'poststatus' =>1, 'poster' =>'', 'recipient' =>'', 'text' =>$mes, 'delstatus' =>9 ); write_message($sysmessage); } function write_message($message){ global $C, $mysqli; $stmt=mysqli_prepare($mysqli, 'INSERT INTO `messages`(`postdate`, `postid`, `poststatus`, `poster`, `recipient`, `text`, `delstatus`) VALUES (?, ?, ?, ?, ?, ?, ?)'); mysqli_stmt_bind_param($stmt, 'dddsssd', $message['postdate'], $message['postid'], $message['poststatus'], $message['poster'], $message['recipient'], $message['text'], $message['delstatus']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, 'DELETE FROM `messages` WHERE `id` NOT IN (SELECT `id` FROM (SELECT `id` FROM `messages` ORDER BY `postdate` DESC LIMIT ?) t )'); mysqli_stmt_bind_param($stmt, 'd', $limit=$C['keeplimit']*$C['messagelimit']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['sendmail'] && $message['poststatus']<9){ $subject = 'New Chat message'; $headers = "From: $C[mailsender]\r\nX-Mailer: PHP/".phpversion()."\r\nContent-Type: text/html; charset=UTF-8\r\n"; mail($C['mailreceiver'], $subject, $message['text'], $headers); } } function clean_room(){ global $C, $mysqli; mysqli_query($mysqli, 'DELETE FROM `messages`'); $sysmessage=array( 'postdate' =>time(), 'postid' =>substr(rand(), -6), 'poster' =>'', 'recipient' =>'', 'poststatus' =>1, 'text' =>sprintf(get_setting('msgclean'), $C['chatname']), 'delstatus' =>9 ); write_message($sysmessage); } function clean_selected(){ global $C, $mysqli; if(isSet($_REQUEST['mid'])){ foreach($_REQUEST['mid'] as $mid) $mids[$mid]=1; } $result=mysqli_query($mysqli, 'SELECT * FROM `messages` ORDER BY `postdate` DESC'); if(mysqli_num_rows($result)>0){ $stmt=mysqli_prepare($mysqli, 'DELETE FROM `messages` WHERE `postdate`=? AND `postid`=?'); while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ if(isSet($mids[$temp['postdate'].$temp['postid']])){ mysqli_stmt_bind_param($stmt, 'dd', $temp['postdate'], $temp['postid']); mysqli_stmt_execute($stmt); } } mysqli_stmt_close($stmt); } } function del_all_messages($nick){ global $mysqli; $stmt=mysqli_prepare($mysqli, 'DELETE FROM `messages` WHERE `poster`=?'); mysqli_stmt_bind_param($stmt, 's', $nick); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } function del_last_message(){ global $U, $mysqli; $stmt=mysqli_prepare($mysqli, 'DELETE FROM `messages` WHERE `poster`=? ORDER BY `postdate` DESC LIMIT 1'); mysqli_stmt_bind_param($stmt, 's', $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } function print_messages($delstatus=''){ global $U, $C, $mysqli; mysqli_query($mysqli, 'DELETE FROM `messages` WHERE `postdate`<=\''.(time()-60*$C['messageexpire'])."'"); $stmt=mysqli_prepare($mysqli, 'SELECT `postdate`, `postid`, `text`, `delstatus` FROM `messages` WHERE `id` IN (SELECT * FROM (SELECT `id` FROM `messages` WHERE `poststatus`=\'1\' ORDER BY `postdate` DESC LIMIT ?) AS t) OR (`poststatus`>\'1\' AND `poststatus`<=?) OR (`poststatus`=\'9\' AND (`poster`=? OR `recipient`=?)) ORDER BY `postdate` DESC'); mysqli_stmt_bind_param($stmt, 'ddss', $C['messagelimit'], $U['status'], $U['nickname'], $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $message['postdate'], $message['postid'], $message['text'], $message['delstatus']); while(mysqli_stmt_fetch($stmt)){ if($delstatus!==''){ if($U['status']>$message['delstatus']){ echo " $message[text]
"; } }else{ if(!isSet($_COOKIE[$C['cookiename']]) && !$C['forceredirect']){ $message['text']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $message['text']); } if(!$U['embed'] && preg_match('/<(img|video) src="(.*?(?="))">/', $message['text'], $matches)){ $message['text']=preg_replace_callback("/<$matches[1] src=\"(.*?(?=\"))\">/", function ($matched){ return $matched[1];}, $message['text']); } if($U['timestamps']) echo ''.date('m-d H:i:s', $message['postdate']).' - '; echo "$message[text]
"; } } mysqli_stmt_close($stmt); } // this and that function valid_admin(){ global $mysqli; if(isSet($_REQUEST['nick']) && isSet($_REQUEST['pass'])){ $stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=? AND `passhash`=? AND `status`>=\'7\''); mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['nick'], $pass=md5(sha1(md5($_REQUEST['nick'].$_REQUEST['pass'])))); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt)>0) return true; mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); } return false; } function valid_nick($nick){ return preg_match('/^[a-z0-9]*$/i', $nick); } function allowed_nick($nick){ global $C; return preg_match("/^.{1,$C[maxname]}$/", $nick); } function cleanup_nick($nick){ $nick=preg_replace('/\s+/', '', $nick); return $nick; } function get_timeout($lastpost, $status){ // lastpost, status global $C; if($status>2) $expire=$C['sessionexpire']; else $expire=$C['guestsexpire']; $s=($lastpost+60*$expire)-time(); $m=$s/60;$m=floor($m);$s-=$m*60; $h=$m/60;$h=floor($h);$m-=$h*60; $s=substr('0'.$s, -2, 2); if($h>0){ $m=substr('0'.$m, -2, 2); return "$h:$m:$s"; } return "$m:$s"; } function print_colours(){ global $C, $I; // Prints a short list with selected named HTML colours and filters out illegible text colours for the given background. // It's a simple comparison of weighted grey values. This is not very accurate but gets the job done well enough. $colours=array('Beige'=>'F5F5DC', 'Black'=>'000000', 'Blue'=>'0000FF', 'BlueViolet'=>'8A2BE2', 'Brown'=>'A52A2A', 'Cyan'=>'00FFFF', 'DarkBlue'=>'00008B', 'DarkGreen'=>'006400', 'DarkRed'=>'8B0000', 'DarkViolet'=>'9400D3', 'DeepSkyBlue'=>'00BFFF', 'Gold'=>'FFD700', 'Grey'=>'808080', 'Green'=>'008000', 'HotPink'=>'FF69B4', 'Indigo'=>'4B0082', 'LightBlue'=>'ADD8E6', 'LightGreen'=>'90EE90', 'LimeGreen'=>'32CD32', 'Magenta'=>'FF00FF', 'Olive'=>'808000', 'Orange'=>'FFA500', 'OrangeRed'=>'FF4500', 'Purple'=>'800080', 'Red'=>'FF0000', 'RoyalBlue'=>'4169E1', 'SeaGreen'=>'2E8B57', 'Sienna'=>'A0522D', 'Silver'=>'C0C0C0', 'Tan'=>'D2B48C', 'Teal'=>'008080', 'Violet'=>'EE82EE', 'White'=>'FFFFFF', 'Yellow'=>'FFFF00', 'YellowGreen'=>'9ACD32'); $greybg=greyval($C['colbg']); foreach($colours as $name=>$colour){ if(abs($greybg-greyval($colour))>75) echo "$I[$name]"; } } function greyval($colour){ return hexdec(substr($colour, 0, 2))*.3+hexdec(substr($colour, 2, 2))*.59+hexdec(substr($colour, 4, 2))*.11; } function get_style($styleinfo){ $fbold=preg_match('/(|:bold)/', $styleinfo); $fitalic=preg_match('/(|:italic)/', $styleinfo); $fsmall=preg_match('/(size="-1"|:smaller)/', $styleinfo); preg_match('/(#.{6})/', $styleinfo, $match); if(isSet($match[0])) $fcolour=$match[0]; preg_match('/face=\'([^"]+)\'/', $styleinfo, $match); if(isSet($match[1])) $fface=$match[1]; preg_match('/font-family:([^;]+);/', $styleinfo, $match); if(isSet($match[1])) $sface=$match[1]; if(isSet($fface)){ $sface=$fface; $sface=preg_replace('/^/', "'", $sface); $sface=preg_replace('/$/', "'", $sface); $sface=preg_replace('/,/', "','", $sface); }elseif(isSet($sface)){ $fface=$sface; $fface=preg_replace("/'/", '', $fface); } $fstyle=''; if(isSet($fcolour)) $fstyle.="color:$fcolour;"; if(isSet($sface)) $fstyle.="font-family:$sface;"; if($fsmall) $fstyle.='font-size:smaller;'; if($fitalic) $fstyle.='font-style:italic;'; if($fbold) $fstyle.='font-weight:bold;'; return $fstyle; } function style_this($text, $styleinfo){ $fbold=preg_match('/(|:bold)/', $styleinfo); $fitalic=preg_match('/(|:italic)/', $styleinfo); $fsmall=preg_match('/(size="-1"|:smaller)/', $styleinfo); preg_match('/(#.{6})/', $styleinfo, $match); if(isSet($match[0]))$fcolour=$match[0]; preg_match('/face=\'([^"]+)\'/', $styleinfo, $match); if(isSet($match[1]))$fface=$match[1]; preg_match('/font-family:([^;]+);/', $styleinfo, $match); if(isSet($match[1]))$sface=$match[1]; if(isSet($fface)){ $sface=$fface; $sface=preg_replace('/^/', "'", $sface); $sface=preg_replace('/$/', "'", $sface); $sface=preg_replace('/,/', "','", $sface); }elseif(isSet($sface)){ $fface=$sface; $fface=preg_replace("/'/", '', $fface); } $fstyle=''; if(isSet($fcolour)) $fstyle.="color:$fcolour;"; if(isSet($sface)) $fstyle.="font-family:$sface;"; if($fsmall) $fstyle.='font-size:smaller;'; if($fitalic)$fstyle.='font-style:italic;'; if($fbold) $fstyle.='font-weight:bold;'; $fstart='0){ $suwrite=$I['initsuexist']; } }elseif(!valid_nick($_REQUEST['sunick']) || $_REQUEST['sunick']==''){ $suwrite=sprintf($I['invalnick'], $C['maxname']); }elseif($_REQUEST['supass']!==$_REQUEST['supassc']){ $suwrite=$I['noconfirm']; }else{ mysqli_multi_query($mysqli, 'CREATE TABLE IF NOT EXISTS `captcha` (`id` int(10) unsigned NOT NULL, `time` int(10) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '. 'CREATE TABLE IF NOT EXISTS `filter` (`id` tinyint(3) unsigned NOT NULL, `match` tinytext NOT NULL, `replace` text NOT NULL, `allowinpm` tinyint(1) unsigned NOT NULL, `regex` tinyint(1) unsigned NOT NULL, `kick` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '. 'CREATE TABLE IF NOT EXISTS `members` (`id` tinyint(3) unsigned NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `passhash` tinytext NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `colour` tinytext NOT NULL, `bgcolour` tinytext NOT NULL, `fontface` tinytext NOT NULL, `fonttags` tinytext NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `regedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `lastlogin` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '. 'CREATE TABLE IF NOT EXISTS `messages` (`id` int(10) unsigned NOT NULL, `postdate` int(10) unsigned NOT NULL, `postid` int(10) unsigned NOT NULL, `poststatus` tinyint(3) unsigned NOT NULL, `poster` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `recipient` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL, `delstatus` tinyint(3) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '. 'CREATE TABLE IF NOT EXISTS `notes` (`id` int(10) unsigned NOT NULL, `type` tinytext NOT NULL, `lastedited` int(10) unsigned NOT NULL, `editedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '. 'CREATE TABLE IF NOT EXISTS `sessions` (`id` int(10) unsigned NOT NULL, `session` tinytext NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `displayname` text NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `fontinfo` tinytext NOT NULL, `style` text NOT NULL, `lastpost` int(10) unsigned NOT NULL, `passhash` tinytext NOT NULL, `postid` int(10) unsigned NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `useragent` text NOT NULL, `kickmessage` text NOT NULL, `bgcolour` tinytext NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `entry` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '. 'CREATE TABLE IF NOT EXISTS `settings` (`id` tinyint(3) unsigned NOT NULL, `setting` tinytext NOT NULL, `value` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '. 'ALTER TABLE `captcha` ADD UNIQUE KEY `id` (`id`); '. 'ALTER TABLE `filter` ADD PRIMARY KEY (`id`); '. 'ALTER TABLE `members` ADD PRIMARY KEY (`id`); '. 'ALTER TABLE `messages` ADD PRIMARY KEY (`id`); '. 'ALTER TABLE `notes` ADD PRIMARY KEY (`id`); '. 'ALTER TABLE `sessions` ADD PRIMARY KEY (`id`); '. 'ALTER TABLE `settings` ADD PRIMARY KEY (`id`); '. 'ALTER TABLE `filter` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; '. 'ALTER TABLE `members` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; '. 'ALTER TABLE `messages` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; '. 'ALTER TABLE `notes` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; '. 'ALTER TABLE `sessions` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; '. 'ALTER TABLE `settings` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'guestaccess\',\'0\'); '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgenter\',\'%s entered the chat.\'); '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgexit\',\'%s left the chat.\'); '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgmemreg\',\'%s is now a registered member.\'); '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgsureg\',\'%s is now a registered applicant.\'); '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgkick\',\'%s has been kicked.\'); '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgmultikick\',\'%s have been kicked.\'); '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgallkick\',\'All chatters have been kicked.\'); '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgclean\',\'%s has been cleaned.\'); '. 'INSERT INTO `settings` (`setting`,`value`) VALUES (\'dbversion\',\''.$C['dbversion'].'\');'); while(mysqli_next_result($mysqli)) {;} $reg=array( 'nickname' =>$_REQUEST['sunick'], 'passhash' =>md5(sha1(md5($_REQUEST['sunick'].$_REQUEST['supass']))), 'status' =>8, 'refresh' =>$C['defaultrefresh'], 'colour' =>$C['coltxt'], 'bgcolour' =>$C['colbg'], 'boxwidth' =>$C['boxwidth'], 'boxheight' =>$C['boxheight'], 'notesboxwidth' =>$C['notesboxwidth'], 'notesboxheight'=>$C['notesboxheight'], 'timestamps' =>$C['timestamps'], 'embed' =>$C['embed'] ); $stmt=mysqli_prepare($mysqli, 'INSERT INTO `members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); mysqli_stmt_bind_param($stmt, 'ssddssdddddd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $suwrite=$I['susuccess']; } print_start(); print "

$I[init]

$I[sulogin]

$suwrite


"; print "<$H[form]>".hidden('action', 'setup').hidden('nick', $_REQUEST['sunick']).hidden('pass', $_REQUEST['supass']).submit($I['initgosetup']).''; print_credits(); print_end(); } function update_db(){ global $C, $mysqli; $dbversion=get_setting('dbversion'); if($dbversion<$C['dbversion']){ update_setting('dbversion', $C['dbversion']); } } function update_messages(){ global $C; update_setting('msgenter', $_REQUEST['msgenter']); update_setting('msgexit', $_REQUEST['msgexit']); update_setting('msgmemreg', $_REQUEST['msgmemreg']); if($C['suguests']) update_setting('msgsureg', $_REQUEST['msgsureg']); update_setting('msgkick', $_REQUEST['msgkick']); update_setting('msgmultikick', $_REQUEST['msgmultikick']); update_setting('msgallkick', $_REQUEST['msgallkick']); update_setting('msgclean', $_REQUEST['msgclean']); } function get_setting($setting){ global $mysqli; $stmt=mysqli_prepare($mysqli, 'SELECT `value` FROM `settings` WHERE `setting`=?'); mysqli_stmt_bind_param($stmt, 's', $setting); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $value); mysqli_stmt_fetch($stmt); mysqli_stmt_close($stmt); return $value; } function update_setting($setting, $value){ global $mysqli; $stmt=mysqli_prepare($mysqli, 'UPDATE `settings` SET `value`=? WHERE `setting`=?'); mysqli_stmt_bind_param($stmt, 'ss', $value, $setting); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } // configuration, defaults and internals function load_fonts(){ global $F; $F=array( 'Arial' =>" face='Arial,Helvetica,sans-serif'", 'Book Antiqua' =>" face='Book Antiqua,MS Gothic'", 'Comic' =>" face='Comic Sans MS,Papyrus'", 'Comic small' =>" face='Comic Sans MS,Papyrus' size=\"-1\"", 'Courier' =>" face='Courier New,Courier,monospace'", 'Cursive' =>" face='Cursive,Papyrus'", 'Fantasy' =>" face='Fantasy,Futura,Papyrus'", 'Garamond' =>" face='Garamond,Palatino,serif'", 'Georgia' =>" face='Georgia,Times New Roman,Times,serif'", 'Serif' =>" face='MS Serif,New York,serif'", 'System' =>" face='System,Chicago,sans-serif'", 'Times New Roman' =>" face='Times New Roman,Times,serif'", 'Verdana' =>" face='Verdana,Geneva,Arial,Helvetica,sans-serif'", 'Verdana small' =>" face='Verdana,Geneva,Arial,Helvetica,sans-serif' size=\"-1\"" ); } function load_html(){ global $H, $C, $I; $H=array(// default HTML 'begin_body' =>"\n\n", 'form' =>"form action=\"$_SERVER[SCRIPT_NAME]\" method=\"post\" style=\"margin:0;padding:0;\"", 'meta_html' =>"\n\n\n" ); $H=$H+array( 'backtologin' =>"<$H[form] target=\"_parent\">".submit($I['backtologin'], ' style="background-color:#004400;color:#FFFFFF;"').'', 'backtochat' =>"<$H[form]>".hidden('action', 'view').@hidden('session', $_REQUEST['session']).submit($I['backtochat'], ' style="background-color:#004400;color:#FFFFFF;"').'' ); } function check_db(){ global $mysqli, $C, $I; $mysqli=mysqli_connect($C['dbhost'], $C['dbuser'], $C['dbpass'], $C['dbname']); if(mysqli_connect_errno($mysqli)){ if($_REQUEST['action']=='setup'){ die($I['nosetupdb']); }else{ die($I['nodb']); } } } function load_lang(){ global $C, $I, $L; $L=array( 'de' =>'Deutsch', 'en' =>'English' ); if(isSet($_REQUEST['lang']) && array_key_exists($_REQUEST['lang'], $L)){ $C['lang']=$_REQUEST['lang']; setcookie('language', $C['lang']); }elseif(isSet($_COOKIE['language']) && array_key_exists($_COOKIE['language'], $L)){ $C['lang']=$_COOKIE['language']; } include('lang_en.php'); //always include English if($C['lang']!=='en') include("lang_$C[lang].php"); //replace with translation if available } function load_config(){ global $C; $C=array( 'version' =>'1.0', // Script version 'dbversion' =>1, // Database version 'showcredits' =>true, // Allow showing credits 'colbg' =>'000000', // Background colour 'coltxt' =>'FFFFFF', // Default text colour 'collnk' =>'0000FF', // Link colour 'colvis' =>'B33CB4', // Visited link colour 'colact' =>'FF0033', // Clicked link colour 'sessionexpire' =>60, // Minutes until a member session expires 'guestsexpire' =>15, // Minutes until a guest session expires 'kickpenalty' =>10, // Minutes a nickname is blocked when it got kicked 'entrywait' =>120, // Seconds to wait in the waiting room after login 'cookiename' =>'chat_session', // Cookie name storing the session information 'chatname' =>'My Chat', // Chat Name 'messageexpire' =>14400, // Minutes until a message expires 'messagelimit' =>150, // Max messages displayed 'keeplimit' =>3, // Numer of messages to keep in the database multiplied with max messages displayed - increase if you have many private messages 'defaultrefresh'=>30, // Seconds to refresh the messages 'maxmessage' =>2000, // Longest number of characters for a message 'maxname' =>20, // Longest number of chatacters for a name 'boxwidth' =>40, // Default post box width 'boxheight' =>3, // Default post box height 'notesboxwidth' =>80, // Default notes box width 'notesboxheight'=>30, // Default notes box height 'dbhost' =>'p:localhost', // Database host 'dbuser' =>'www-data', // Database user 'dbpass' =>'YOUR_DB_PASS', // Database password 'dbname' =>'public_chat', // Database 'captchapass' =>'YOUR_PASS', // Password used for captcha encryption 'enablecaptcha' =>true, // Enable captcha? ture/false 'dismemcaptcha' =>true, // Disable captcha for members? ture/false 'embed' =>true, // Default for displaying embedded imgs/vids or turn them into links true/false 'imgembed' =>true, // Allow image embedding in chat using [img] tag? ture/false Warning: this might leak session data to the image hoster when cookies are disabled. 'vidembed' =>true, // Allow video embedding in chat using [vid] tag? ture/false Warning: this might leak session data to the video hoster when cookies are disabled. 'suguests' =>false, // Adds option to add applicants. They will have a reserved nick protected with a password, but don't count as member true/false 'timestamps' =>true, // Display timestamps in front of the messages by default true/false 'forceredirect' =>false, // Force redirect script or only use when no cookies available? ture/false 'msglogout' =>false, // Add a message on member logout 'msglogin' =>true, // Add a message on member login 'msgkick' =>true, // Add a message when kicking someone 'sendmail' =>false, // Send mail on new message - only activate on low traffic chat or your inbox will fill up very fast! 'mailsender' =>'www-data ', // Send mail using this e-Mail address 'mailreceiver' =>'Webmaster ', // Send mail to this e-Mail address 'redirect' =>"$_SERVER[SCRIPT_NAME]?action=redirect&url=", // Redirect script default: "$_SERVER[SCRIPT_NAME]?action=redirect&url=" 'lang' =>'en', // Default language 'rulestxt' =>'1. YOUR_RULS
2. YOUR_RULES' // Rules - divide multiple rules by
to make them appear in a new line ); } ?>