* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ if($_SERVER['REQUEST_METHOD']=='HEAD') exit; // ignore HEAD requests date_default_timezone_set('UTC'); $A=array();// All registered members $C=array();// Configuration $F=array();// Fonts $G=array();// Guests: display names $H=array();// HTML-stuff $I=array();// Translations $L=array();// Languages $M=array();// Members: display names $P=array();// All present users $U=array();// This user data $countmods=0;// Present moderators $memcached;// Memcached connection $mysqli;// MySQL database connection load_config(); // set session variable to cookie if cookies are enabled if(!isSet($_REQUEST['session']) && isSet($_COOKIE[$C['cookiename']])){ $_REQUEST['session']=$_COOKIE[$C['cookiename']]; } elseif(!isSet($_REQUEST['session'])) $_REQUEST['session']=''; load_fonts(); load_lang(); load_html(); check_db(); // main program: decide what to do based on queries if(!isSet($_REQUEST['action'])){ if(check_init()<7) send_init(); send_login(); }elseif($_REQUEST['action']=='view'){ check_session(); send_messages(); }elseif($_REQUEST['action']=='redirect' && !empty($_GET['url'])){ send_redirect(); }elseif($_REQUEST['action']=='wait'){ send_waiting_room(); }elseif($_REQUEST['action']=='post'){ check_session(); if(isSet($_REQUEST['kick']) && isSet($_REQUEST['sendto']) && valid_nick($_REQUEST['sendto'])){ if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){ if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], true); else kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], false); } }elseif(isSet($_REQUEST['message']) && isSet($_REQUEST['sendto'])){ validate_input(); } send_post(); }elseif($_REQUEST['action']=='login'){ check_login(); send_frameset(); }elseif($_REQUEST['action']=='controls'){ check_session(); send_controls(); }elseif($_REQUEST['action']=='delete'){ check_session(); if($_REQUEST['what']=='all'){ if(isSet($_REQUEST['confirm'])) del_all_messages($U['nickname'], 10, $U['entry']); else send_del_confirm(); } elseif($_REQUEST['what']=='last') del_last_message(); send_post(); }elseif($_REQUEST['action']=='profile'){ check_session(); if(isSet($_REQUEST['do']) && $_REQUEST['do']=='save') save_profile(); send_profile(); }elseif($_REQUEST['action']=='logout'){ kill_session(); send_logout(); }elseif($_REQUEST['action']=='colours'){ check_session(); send_colours(); }elseif($_REQUEST['action']=='notes'){ check_session(); if($U['status']<5) send_login(); send_notes('staff'); }elseif($_REQUEST['action']=='help'){ check_session(); send_help(); }elseif($_REQUEST['action']=='admnotes'){ check_session(); if($U['status']<6) send_login(); send_notes('admin'); }elseif($_REQUEST['action']=='admin'){ check_session(); if($U['status']<5) send_login(); if(!isSet($_REQUEST['do'])){ send_admin(); }elseif($_REQUEST['do']=='clean'){ if($_REQUEST['what']=='choose') send_choose_messages(); elseif($_REQUEST['what']=='selected') clean_selected(); elseif($_REQUEST['what']=='room') clean_room(); elseif($_REQUEST['what']=='nick') del_all_messages($_REQUEST['nickname'], $U['status'], 0); send_admin(); }elseif($_REQUEST['do']=='kick'){ if(!isSet($_REQUEST['name'])) send_admin(); if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], true); else kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], false); send_admin(); }elseif($_REQUEST['do']=='logout'){ if(!isSet($_REQUEST['name'])) send_admin(); logout_chatter($_REQUEST['name']); send_admin(); }elseif($_REQUEST['do']=='sessions'){ if(isSet($_REQUEST['nick'])) kick_chatter(array($_REQUEST['nick']), '', false); send_sessions(); }elseif($_REQUEST['do']=='register'){ register_guest(3); check_session(); send_admin(); }elseif($_REQUEST['do']=='superguest'){ register_guest(2); check_session(); send_admin(); }elseif($_REQUEST['do']=='status'){ change_status(); }elseif($_REQUEST['do']=='regnew'){ register_new(); }elseif($_REQUEST['do']=='approve'){ approve_session(); send_approve_waiting(); }elseif($_REQUEST['do']=='guestaccess'){ if(isSet($_REQUEST['guestaccess']) && preg_match('/^[0123]$/', $_REQUEST['guestaccess'])){ update_setting('guestaccess', $_REQUEST['guestaccess']); } }elseif($_REQUEST['do']=='filter'){ manage_filter(); send_filter(); } send_admin(); }elseif($_REQUEST['action']=='setup'){ if(check_init()<7) send_init(); update_db(); if(!valid_admin()) send_alogin(); if(!isSet($_REQUEST['do'])){ }elseif($_REQUEST['do']=='save'){ $settings=array('guestaccess', 'englobalpass', 'globalpass', 'msgenter', 'msgexit', 'msgmemreg', 'msgsureg', 'msgkick', 'msgmultikick', 'msgallkick', 'msgclean', 'dateformat', 'captcha', 'css', 'memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage'); foreach($settings as $setting){ if(isSet($_REQUEST[$setting])) update_setting($setting, $_REQUEST[$setting]); } if(isSet($_REQUEST['rulestxt'])){ $_REQUEST['rulestxt']=preg_replace("/\r\n/", '
', $_REQUEST['rulestxt']); $_REQUEST['rulestxt']=preg_replace("/\n/", '
', $_REQUEST['rulestxt']); $_REQUEST['rulestxt']=preg_replace("/\r/", '
', $_REQUEST['rulestxt']); update_setting('rulestxt', $_REQUEST['rulestxt']); } } send_setup(); }elseif($_REQUEST['action']=='init'){ init_chat(); }else{ send_login(); } mysqli_close($mysqli); exit; // html output subs function print_stylesheet(){ global $C; $css=get_setting('css'); echo ""; } function print_end(){ global $mysqli; echo ''; mysqli_close($mysqli); exit; } function frmpst($arg1='', $arg2=''){ global $C, $H, $U; $string="<$H[form]>".hidden('action', $arg1).hidden('session', $U['session']).hidden('lang', $C['lang']); if(!empty($arg2)){ if(!isSet($_REQUEST['multi'])) $_REQUEST['multi']=''; if(!isSet($_REQUEST['sendto'])) $_REQUEST['sendto']=''; $string.=hidden('what', $arg2).hidden('sendto', $_REQUEST['sendto']).hidden('multi', $_REQUEST['multi']); } return $string; } function frmadm($arg1=''){ global $C, $H, $U; return "<$H[form]>".hidden('action', 'admin').hidden('do', $arg1).hidden('session', $U['session']).hidden('lang', $C['lang']); } function frmsetup($arg1=''){ global $C, $H, $U; return "<$H[form]>".hidden('action', 'setup').hidden('do', $arg1).hidden('session', $U['session']).hidden('lang', $C['lang']); } function hidden($arg1='', $arg2=''){ return ""; } function submit($arg1='', $arg2=''){ return ""; } function thr(){ echo '
'; } function print_start($class='', $ref=0, $url=''){ global $C, $H; header('Content-Type: text/html; charset=UTF-8'); header('Pragma: no-cache'); header('Cache-Control: no-cache'); header('Expires: 0'); if(!empty($url)) header("Refresh: $ref; URL=$url"); echo "$H[meta_html]"; if(!empty($url)) echo ""; if($class=='init'){ echo ""; }else{ print_stylesheet(); } echo "<$H[begin_body] class=\"$class\">"; } function send_redirect(){ global $I; if(preg_match('~^http(s)?://~', $_GET['url'])){ print_start('redirect', 0, $_GET['url']); echo "

$I[redirectto] ".htmlspecialchars($_GET['url']).'.

'; }else{ print_start('redirect'); $url=preg_replace('~(.*)://~', 'http://', $_GET['url']); echo "

$I[nonhttp] ".htmlspecialchars($_GET['url']).'.

'; echo "

$I[httpredir] ".htmlspecialchars($url).'.

'; } print_end(); } function send_captcha(){ global $C, $I, $memcached, $mysqli; $difficulty=get_setting('captcha'); if($difficulty==0) return; $length=strlen($C['captchachars'])-1; $code=''; for($i=0;$i<5;++$i){ $code.=$C['captchachars'][rand(0, $length)]; } $randid=rand(0, 99999999); $time=time(); if($C['memcached']){ $memcached->set("$C[dbname]-$C[prefix]captcha-$randid", $code, get_setting('captchatime')); }else{ $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]captcha` (`id`, `time`, `code`) VALUES (?, ?, ?)"); mysqli_stmt_bind_param($stmt, 'iis', $randid, $time, $code); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } echo "$I[copy]"; if($difficulty==1){ $im=imagecreatetruecolor(55, 24); $bg=imagecolorallocate($im, 0, 0, 0); $fg=imagecolorallocate($im, 255, 255, 255); imagefill($im, 0, 0, $bg); imagestring($im, 5, 5, 5, $code, $fg); echo ''; echo ''.hidden('challenge', $randid).''; } function send_setup(){ global $C, $H, $I, $U; $ga=get_setting('guestaccess'); print_start('setup'); echo "

$I[setup]

<$H[form]>".hidden('action', 'setup').hidden('do', 'save').hidden('session', $U['session']).hidden('lang', $C['lang']).''; thr(); echo "'; thr(); $englobal=get_setting('englobalpass'); echo "'; thr(); echo "'; thr(); echo "'; thr(); echo "'; thr(); echo "'; thr(); echo "'; $number_settings=array('memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage'); foreach($number_settings as $setting){ thr(); echo ''; } thr(); echo '
$I[guestacc]"; echo '
$I[globalloginpass]"; echo ''; echo ''; echo ''; echo '
 
$I[sysmessages]"; echo ''; echo "'; echo "'; echo "'; if($C['suguests']) echo "'; echo "'; echo "'; echo "'; echo "'; echo '
 $I[msgenter] 
 $I[msgexit] 
 $I[msgmemreg] 
 $I[msgsureg] 
 $I[msgkick] 
 $I[msgmultikick] 
 $I[msgallkick] 
 $I[msgclean] 
$I[rules]"; echo ''; echo ''; echo '
$I[dateformat]"; echo ''; echo ''; echo '
$I[captcha]"; echo ''; echo ''; echo '
$I[css]"; echo ''; echo ''; echo '
'.$I[$setting].''; echo ''; echo "'; echo '
'.submit($I['apply'])."

<$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['logout'])."$H[credit]"; print_end(); } function send_init(){ global $C, $H, $I, $L; print_start('init'); echo "

$I[init]

"; echo "<$H[form]>".hidden('action', 'init').hidden('lang', $C['lang'])."

$I[sulogin]

"; echo ""; echo ""; echo ""; echo '
$I[sunick]
$I[supass]
$I[suconfirm]

'.submit($I['initbtn']).'
'; echo "

$I[changelang]"; foreach($L as $lang=>$name){ echo " $name"; } echo "

$H[credit]"; print_end(); } function send_update(){ global $C, $H, $I; print_start('update'); echo "

$I[dbupdate]


<$H[form]>".hidden('action', 'setup').hidden('lang', $C['lang']).submit($I['initgosetup'])."
$H[credit]"; print_end(); } function send_alogin(){ global $C, $H, $I, $L; print_start('alogin'); echo "
<$H[form]>".hidden('action', 'setup').hidden('lang', $C['lang']).''; echo ""; echo ""; send_captcha(); echo '
$I[nick]
$I[pass]
'.submit($I['login']).'
'; echo "

$I[changelang]"; foreach($L as $lang=>$name){ echo " $name"; } echo "

$H[credit]"; print_end(); } function send_admin($arg=''){ global $C, $H, $I, $P, $U; $ga=get_setting('guestaccess'); print_start('admin'); $chlist="'; echo "

$I[admfunc]

$arg"; if($U['status']>=7){ thr(); echo "'; } thr(); echo "'; thr(); echo ''; thr(); echo "'; thr(); echo "'; thr(); echo "'; thr(); echo "'; thr(); if($C['suguests']){ echo "'; thr(); } if($U['status']>=7){ echo "'; thr(); echo "'; thr(); echo "'; thr(); } echo "
"; echo "<$H[form] target=\"view\">".hidden('action', 'setup').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['initgosetup']).'
$I[cleanmsgs]"; echo frmadm('clean').'
'; echo " "; echo " 
"; echo " "; echo submit($I['clean'], 'class="delbutton"').'
'.sprintf($I['kickchat'], get_setting('kickpenalty')).'
'; echo frmadm('kick').""; echo "
$I[kickmsg]  
$chlist"; echo submit($I['kick']).'
$I[logoutinact]"; echo frmadm('logout')."
$chlist"; echo submit($I['logout']).'
$I[viewsess]"; echo frmadm('sessions').'
'.submit($I['view']).'
$I[filter]"; echo frmadm('filter').'
'.submit($I['view']).'
$I[guestacc]"; echo frmadm('guestaccess').''; echo '
'.submit($I['change']).'
$I[addsuguest]"; echo frmadm('superguest')."
'.submit($I['register']).'
$I[admmembers]"; echo frmadm('status')."
'.submit($I['change']).'
$I[regguest]"; echo frmadm('register')."
'.submit($I['register']).'
$I[regmem]
"; echo frmadm('regnew').""; echo "
$I[nick] 
$I[pass]"; echo submit($I['register']).'
$H[backtochat]
"; print_end(); } function send_sessions(){ global $C, $H, $I, $U; $lines=parse_sessions(); print_start('sessions'); echo "

$I[sessact]

"; echo ""; if($C['trackip']) echo ""; echo ""; foreach($lines as $temp){ if($temp['status']!=0 && $temp['entry']!=0 && (!$temp['incognito'] || $temp['status']<$U['status'])){ if($temp['status']==1 || $temp['status']==2) $s=' (G)'; elseif($temp['status']==3) $s=''; elseif($temp['status']==5) $s=' (M)'; elseif($temp['status']==6) $s=' (SM)'; elseif($temp['status']==7) $s=' (A)'; elseif($temp['status']==8) $s=' (SA)'; echo ''; if($U['status']>$temp['status'] || $U['session']==$temp['session']){ echo ""; if($C['trackip']) echo ""; echo "'; }else{ echo ''; if($C['trackip']) echo ''; echo ''; } } } echo "
$I[sessnick]$I[sesstimeout]$I[sessua]$I[sesip]$I[actions]
'.style_this($temp['nickname'].$s, $temp['fontinfo']).''.get_timeout($temp['lastpost'], $temp['status']).'$temp[useragent]$temp[ip]".frmadm('sessions').hidden('nick', $temp['nickname']).submit($I['kick']).'
---

$H[backtochat]
"; print_end(); } function manage_filter(){ global $C, $I, $memcached, $mysqli; if(isSet($_REQUEST['id'])){ $_REQUEST['match']=htmlspecialchars($_REQUEST['match']); if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){ if(!is_int(@preg_match("/$_REQUEST[match]/", ''))) send_filter($I['incorregex']); $reg=1; }else{ $_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']); $reg=0; } if(isSet($_REQUEST['allowinpm']) && $_REQUEST['allowinpm']==1) $pm=1; else $pm=0; if(isSet($_REQUEST['kick']) && $_REQUEST['kick']==1) $kick=1; else $kick=0; if(preg_match('/^[0-9]*$/', $_REQUEST['id'])){ if(empty($_REQUEST['match'])){ $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]filter` WHERE `id`=?"); mysqli_stmt_bind_param($stmt, 'i', $_REQUEST['id']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]filter"); }else{ $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]filter` SET `match`=?, `replace`=?, `allowinpm`=?, `regex`=?, `kick`=? WHERE `id`=?"); mysqli_stmt_bind_param($stmt, 'ssiiii', $_REQUEST['match'], $_REQUEST['replace'], $pm, $reg, $kick, $_REQUEST['id']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]filter"); } }elseif(preg_match('/^\+$/', $_REQUEST['id'])){ $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]filter` (`match`, `replace`, `allowinpm`, `regex`, `kick`) VALUES (?, ?, ?, ?, ?)"); mysqli_stmt_bind_param($stmt, 'ssiii', $_REQUEST['match'], $_REQUEST['replace'], $pm, $reg, $kick); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]filter"); } } } function send_filter($arg=''){ global $C, $H, $I, $U, $memcached, $mysqli; print_start('filter'); echo "

$I[filter]

$arg"; thr(); echo ""; if($C['memcached']) $filters=$memcached->get("$C[dbname]-$C[prefix]filter"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $filters=array(); $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]filter`"); while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $filters[]=$filter; if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]filter", $filters); } foreach($filters as $filter){ if($filter['allowinpm']==1) $check=' checked'; else $check=''; if($filter['regex']==1) $checked=' checked'; else $checked=''; if($filter['kick']==1) $checkedk=' checked'; else $checkedk=''; if($filter['regex']==0) $filter['match']=preg_replace('/(\\\\(.))/', "$2", $filter['match']); echo ''; } echo ''; echo "
"; echo ""; echo ""; echo ""; echo ""; echo ""; echo "
$I[fid]
$I[match]
$I[replace]
$I[allowpm]
$I[regex]
$I[kick]
$I[apply]
'.frmadm('filter').hidden('id', $filter['id']); echo ""; echo ""; echo '"; echo ""; echo ""; echo ""; echo '
$I[filter] $filter[id]:'.submit($I['change']).'
'.frmadm('filter').hidden('id', '+'); echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo '
$I[newfilter]'.submit($I['add']).'

$H[backtochat]
"; print_end(); } function send_frameset(){ global $C, $H, $I, $U, $mysqli; header('Content-Type: text/html; charset=UTF-8'); header('Pragma: no-cache'); header('Cache-Control: no-cache'); header('Expires: 0'); echo "$H[meta_html]"; print_stylesheet(); if(isSet($_COOKIE['test'])){ echo "<body>$I[noframes]$H[backtologin]</body>"; }else{ echo "<body>$I[noframes]$H[backtologin]</body>"; } mysqli_close($mysqli); exit; } function send_messages(){ global $C, $I, $U; if(isSet($_COOKIE[$C['cookiename']])){ $url="$_SERVER[SCRIPT_NAME]?action=view"; }else{ $url="$_SERVER[SCRIPT_NAME]?action=view&session=$U[session]&lang=$C[lang]"; } print_start('messages', $U['refresh'], $url); echo ''; print_chatters(); echo "
$I[bottom]
"; print_messages(); echo "
$I[top]
"; print_end(); } function send_notes($type){ global $C, $H, $I, $U, $mysqli; print_start('notes'); $text=''; echo '
'; if($U['status']>=6){ echo "'; echo "
<$H[form] target=\"view\">".hidden('action', 'admnotes').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['admnotes']).'<$H[form] target=\"view\">".hidden('action', 'notes').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['notes']).'
'; } if($type=='staff') echo "

$I[staffnotes]

"; else echo "

$I[adminnotes]

"; if(isset($_REQUEST['text'])){ if($C['msgencrypted']) $_REQUEST['text']=openssl_encrypt($_REQUEST['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); $time=time(); $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]notes` (`type`, `lastedited`, `editedby`, `text`) VALUES (?, ?, ?, ?)"); mysqli_stmt_bind_param($stmt, 'siss', $type, $time, $U['nickname'], $_REQUEST['text']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); echo "$I[notessaved] "; } $dateformat=get_setting('dateformat'); $stmt=mysqli_prepare($mysqli, "SELECT `lastedited`, `editedby`, `text` FROM `$C[prefix]notes` WHERE `type`=? ORDER BY `id` DESC LIMIT 1"); mysqli_stmt_bind_param($stmt, 's', $type); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $lastedited, $editedby, $text); if(mysqli_stmt_fetch($stmt)) printf($I['lastedited'], $editedby, date($dateformat, $lastedited)); mysqli_stmt_close($stmt); echo "

<$H[form]>"; if($C['msgencrypted']) $text=openssl_decrypt($text, 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); if($type=='staff') echo hidden('action', 'notes'); else echo hidden('action', 'admnotes'); echo hidden('session', $U['session']).hidden('lang', $C['lang'])."
'; echo submit($I['savenotes']).'
'; print_end(); } function send_approve_waiting(){ global $C, $H, $I, $mysqli; print_start('approve_waiting'); echo "

$I[waitingroom]

"; $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]sessions` WHERE `entry`=='0' AND `status`='1' ORDER BY `id`"); if(mysqli_num_rows($result)>0){ echo frmadm('approve').''; echo ""; while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ echo ''.hidden('alls[]', $temp['nickname']).""; } echo "
$I[sessnick]$I[sessua]
$temp[useragent]

"; echo ""; echo ""; echo ""; echo '
$I[denymessage]
'.submit($I['butallowdeny']).'
'; }else{ echo "$I[waitempty]
"; } echo "
$H[backtochat]
"; print_end(); } function send_waiting_room(){ global $C, $I, $U, $countmods, $mysqli; parse_sessions(); $ga=get_setting('guestaccess'); if($ga==3 && $countmods>0) $wait=false; else $wait=true; if(!isSet($U['session'])){ setcookie($C['cookiename'], false); send_error($I['expire']); } if($U['status']==0){ setcookie($C['cookiename'], false); send_error("$I[kicked]
$U[kickmessage]"); } $timeleft=get_setting('entrywait')-(time()-$U['lastpost']); if($wait && ($timeleft<=0 || $ga==1)){ $U['entry']=$U['lastpost']; $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `session`=?"); mysqli_stmt_bind_param($stmt, 's', $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); send_frameset(); }elseif(!$wait && $U['entry']!=0){ send_frameset(); }else{ if(isSet($_COOKIE['test'])){ header("Refresh: $C[defaultrefresh]; URL=$_SERVER[SCRIPT_NAME]?action=wait"); print_start('waitingroom', $C['defaultrefresh'], "$_SERVER[SCRIPT_NAME]?action=wait"); }else{ header("Refresh: $C[defaultrefresh]; URL=$_SERVER[SCRIPT_NAME]?action=wait&session=$U[session]"); print_start('waitingroom', $C['defaultrefresh'], "$_SERVER[SCRIPT_NAME]?action=wait&session=$U[session]&lang=$C[lang]"); } if($wait){ echo "

$I[waitingroom]

".sprintf($I['waittext'], $U['displayname'], $timeleft).'


'.sprintf($I['waitreload'], $C['defaultrefresh']).'



'; }else{ echo "

$I[waitingroom]

".sprintf($I['admwaittext'], $U['displayname']).'


'.sprintf($I['waitreload'], $C['defaultrefresh']).'



'; } echo "
".hidden('action', 'wait').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['reload']).'

'; $rulestxt=get_setting('rulestxt'); if(!empty($rulestxt)) echo "

$I[rules]

$rulestxt"; echo '
'; print_end(); } } function send_choose_messages(){ global $H, $I, $U; print_start('choose_messages'); echo frmadm('clean').hidden('what', 'selected').submit($I['delselmes'], 'class="delbutton"').'

'; print_messages($U['status']); echo "
$H[backtochat]"; print_end(); } function send_del_confirm(){ global $I; print_start('del_confirm'); if(!isSet($_REQUEST['multi'])) $_REQUEST['multi']=''; if(!isSet($_REQUEST['sendto'])) $_REQUEST['sendto']=''; echo "
$I[confirm]
"; echo frmpst('delete').hidden('sendto', $_REQUEST['sendto']).hidden('multi', $_REQUEST['multi']).hidden('confirm', 'yes').hidden('what', $_REQUEST['what']).submit($I['yes'], 'class="delbutton"').''; echo frmpst('post').hidden('sendto', $_REQUEST['sendto']).hidden('multi', $_REQUEST['multi']).submit($I['no'], 'class="backbutton"').'
'; print_end(); } function send_post(){ global $C, $I, $P, $U, $countmods; $U['postid']=substr(time(), -6); print_start('post'); if(!isSet($_REQUEST['multi'])) $_REQUEST['multi']=''; if(!isSet($_REQUEST['sendto'])) $_REQUEST['sendto']=''; echo '
'.frmpst('post').hidden('postid', $U['postid']).hidden('multi', $_REQUEST['multi']); echo ""; if(!isSet($U['rejected'])) $U['rejected']=''; if(isSet($_REQUEST['multi']) && $_REQUEST['multi']=='on'){ echo ""; }else{ echo ""; } echo '
$U[displayname]:'.submit($I['talkto']).''; if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){ echo ""; echo ""; } echo '
'; echo '
'; echo frmpst('delete', 'last').submit($I['dellast'], 'class="delbutton"').''.frmpst('delete', 'all').submit($I['delall'], 'class="delbutton"').''; if($_REQUEST['multi']=='on'){ $switch=$I['switchsingle']; $multi=''; }else{ $switch=$I['switchmulti']; $multi='on'; } echo frmpst('post').hidden('sendto', $_REQUEST['sendto']).hidden('multi', $multi).submit($switch).'
'; print_end(); } function send_help(){ global $C, $H, $I, $U; print_start('help'); $rulestxt=get_setting('rulestxt'); if(!empty($rulestxt)) echo "

$I[rules]

$rulestxt

"; echo "

$I[help]

$I[helpguest]"; if($C['imgembed']) echo "
$I[helpembed]"; if($U['status']>=3){ echo "
$I[helpmem]
"; if($U['status']>=5){ echo "
$I[helpmod]
"; if($U['status']>=7) echo "
$I[helpadm]
"; } } echo "
$H[backtochat]$H[credit]"; print_end(); } function send_profile($arg=''){ global $C, $F, $H, $I, $P, $U; print_start('profile'); echo "
<$H[form]>".hidden('action', 'profile').hidden('do', 'save').hidden('session', $U['session']).hidden('lang', $C['lang'])."

$I[profile]

$arg"; thr(); array_multisort(array_map('strtolower', array_keys($P)), SORT_ASC, SORT_STRING, $P); $ignored=array(); $ignore=get_ignored(); foreach($ignore as $ign){ if($ign['by']==$U['nickname']) $ignored[]=$ign['ignored']; } if(count($ignored)>0){ echo "'; thr(); } if(count($P)-count($ignored)>1){ echo "'; thr(); } echo ""; thr(); if(!isSet($_COOKIE[$C['cookiename']])) $session='&session=$U[session]'; else $session=''; echo ""; thr(); echo ""; thr(); if($U['status']>=3){ echo ""; thr(); } echo "'; thr(); echo ""; thr(); if($C['imgembed']){ echo ""; thr(); } if($U['status']>=5 && $C['incognito']){ echo ""; thr(); } echo "'; thr(); if($U['status']>=5){ echo "'; thr(); } if($U['status']>=2){ echo ""; thr(); } echo '
$I[unignore]"; echo "
 
$I[ignore]"; echo "
 
$I[refreshrate]"; echo "
 
$I[fontcolour] ($I[viewexample])"; echo "
 
$I[bgcolour] ($I[viewexample])"; echo "
 
$I[fontface]"; echo "
  /', $U['fontinfo'])) echo ' checked'; echo "> /', $U['fontinfo'])) echo ' checked'; echo ">
$U[displayname] : ".style_this($I['fontexample'], $U['fontinfo']).'
$I[timestamps]"; echo '
 
$I[embed]"; echo '
 
$I[incognito]"; echo '
 
$I[pbsize]"; echo ""; echo ""; echo '
 $I[width] $I[height]
$I[nbsize]"; echo ""; echo ""; echo '
 $I[width] $I[height]
"; echo "
$I[changepass]
"; echo ""; echo "
 $I[oldpass]
 $I[newpass]
 $I[confirmpass]
'.submit($I['savechanges'])."

$H[backtochat]
"; print_end(); } function send_controls(){ global $C, $H, $I, $U; print_start('controls'); echo '
'; echo "'; echo "'; echo "'; if($U['status']>=5) echo "'; if($U['status']>=5) echo "'; if($U['status']>=3) echo "'; echo "'; echo "'; echo '
<$H[form] target=\"post\">".hidden('action', 'post').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['reloadpb']).'<$H[form] target=\"view\">".hidden('action', 'view').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['reloadmsgs']).'<$H[form] target=\"view\">".hidden('action', 'profile').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['chgprofile']).'<$H[form] target=\"view\">".hidden('action', 'admin').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['adminbtn']).'<$H[form] target=\"view\">".hidden('action', 'notes').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['notes']).'<$H[form] target=\"_blank\">".hidden('action', 'login').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['clone']).'<$H[form] target=\"view\">".hidden('action', 'help').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['randh']).'<$H[form] target=\"_parent\">".hidden('action', 'logout').hidden('session', $U['session']).hidden('lang', $C['lang']).submit($I['exit'], 'id="exitbutton"').'
'; print_end(); } function send_logout(){ global $H, $I, $U; print_start('logout'); echo '

'.sprintf($I['bye'], $U['displayname'])."

$H[backtologin]
"; print_end(); } function send_colours(){ global $C, $H, $I; print_start('colours'); echo "

$I[colourtable]

"; for($red=0x00;$red<=0xFF;$red+=0x33){ for($green=0x00;$green<=0xFF;$green+=0x33){ for($blue=0x00;$blue<=0xFF;$blue+=0x33){ $hcol=sprintf('%02X', $red).sprintf('%02X', $green).sprintf('%02X', $blue); echo "$hcol "; } echo '
'; } echo '
'; } echo "<$H[form]>".hidden('action', 'profile').hidden('session', $_REQUEST['session']).hidden('lang', $C['lang']).submit($I['backtoprofile'], ' class="backbutton"').'
'; print_end(); } function send_login(){ global $C, $H, $I, $L; setcookie('test', '1'); print_start('login'); $ga=get_setting('guestaccess'); $englobal=get_setting('englobalpass'); echo "

$C[chatname]

<$H[form] target=\"_parent\">".hidden('action', 'login').hidden('lang', $C['lang']); if($englobal==1 && isSet($_POST['globalpass'])) echo hidden('globalpass', $_POST['globalpass']); echo ''; if($englobal!=1 || (isSet($_POST['globalpass']) && $_POST['globalpass']==get_setting('globalpass'))){ echo ""; echo ""; send_captcha(); if($ga!=0){ if($englobal==2) echo ""; echo "'; }else{ echo ""; } echo '
$I[nick]
$I[pass]
$I[globalloginpass]
$I[choosecol]
$I[noguests]
'.submit($I['enter']).'
'; get_nowchatting(); $rulestxt=get_setting('rulestxt'); if(!empty($rulestxt)) echo "

$I[rules]

$rulestxt
"; }else{ echo "$I[globalloginpass]"; if($ga==0) echo "$I[noguests]"; echo ''.submit($I['enter']).''; } echo "

$I[changelang]"; foreach($L as $lang=>$name){ echo " $name"; } echo "

$H[credit]"; print_end(); } function send_error($err){ global $H, $I; print_start('error'); echo "

$I[error] $err

$H[backtologin]"; print_end(); } function print_chatters(){ global $C, $G, $I, $M, $U, $mysqli; echo ''; if($U['status']>=5 && get_setting('guestaccess')==3){ $result=mysqli_query($mysqli, "SELECT COUNT(*) FROM `$C[prefix]sessions` WHERE `entry`='0' AND `status`='1'"); $temp=mysqli_fetch_array($result, MYSQLI_NUM); if($temp[0]>0) echo ''; } if(!empty($M)){ echo "'; if(!empty($G)) echo ''; } if(!empty($G)) echo "'; echo '
'.frmadm('approve').submit(sprintf($I['approveguests'], $temp[0])).' $I[members] ".implode('   ', $M).'  $I[guests] ".implode('   ', $G).'
'; } function print_memberslist(){ global $A; read_members(); array_multisort(array_map('strtolower', array_keys($A)), SORT_ASC, SORT_STRING, $A); foreach($A as $member){ echo "'; } } // session management function create_session($setup){ global $C, $I, $U, $memcached, $mysqli; $U['nickname']=cleanup_nick($_REQUEST['nick']); $U['passhash']=md5(sha1(md5($U['nickname'].$_REQUEST['pass']))); if(isSet($_REQUEST['colour'])) $U['colour']=$_REQUEST['colour']; else $U['colour']=$C['coltxt']; $U['status']=1; check_member(); add_user_defaults(); if($setup) $U['incognito']=true; if(get_setting('captcha')>0 && ($U['status']==1 || !$C['dismemcaptcha'])){ if(!isSet($_REQUEST['challenge'])) send_error($I['wrongcaptcha']); if(!$C['memcached']){ $stmt=mysqli_prepare($mysqli, "SELECT `code` FROM `$C[prefix]captcha` WHERE `id`=?"); mysqli_stmt_bind_param($stmt, 'i', $_REQUEST['challenge']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $code); if(!mysqli_stmt_fetch($stmt)) send_error($I['captchaexpire']); mysqli_stmt_close($stmt); }else{ if(!$code=$memcached->get("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]")) send_error($I['captchexpire']); $memcached->delete("$C[dbname]-$C[prefix]captcha-$_REQUEST[challenge]"); } if($_REQUEST['captcha']!=$code) send_error($I['wrongcaptcha']); $timeout=time()-get_setting('captchatime'); $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]captcha` WHERE `id`=? OR `time`=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgenter'), $U['displayname'])); }elseif($inuse){ send_error($I['wrongpass']); }elseif($U['status']==0){ setcookie($C['cookiename'], false); send_error("$I[kicked]
$U[kickmessage]"); } } function approve_session(){ global $C, $mysqli; if(isSet($_REQUEST['what'])){ if($_REQUEST['what']=='allowchecked' && isSet($_REQUEST['csid'])){ $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `nickname`=?"); foreach($_REQUEST['csid'] as $nick){ mysqli_stmt_bind_param($stmt, 's', $nick); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); }elseif($_REQUEST['what']=='allowall' && isSet($_REQUEST['alls'])){ $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`=`lastpost` WHERE `nickname`=?"); foreach($_REQUEST['alls'] as $nick){ mysqli_stmt_bind_param($stmt, 's', $nick); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); }elseif($_REQUEST['what']=='denychecked' && isSet($_REQUEST['csid'])){ $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`='".(60*(get_setting('kickpenalty')-get_setting('guestexpire'))+time())."', `status`='0', `kickmessage`=? WHERE `nickname`=? AND `status`='1'"); foreach($_REQUEST['csid'] as $nick){ mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['kickmessage'], $nick); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); }elseif($_REQUEST['what']=='denyall' && isSet($_REQUEST['alls'])){ $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`='".(60*(get_setting('kickpenalty')-get_setting('guestexpire'))+time())."', `status`='0', `kickmessage`=? WHERE `nickname`=? AND `status`='1'"); foreach($_REQUEST['alls'] as $nick){ mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['kickmessage'], $nick); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); } } } function check_login(){ global $C, $I, $U, $mysqli; $ga=get_setting('guestaccess'); if(isSet($_POST['session'])){ $stmt=mysqli_prepare($mysqli, "SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed`, `incognito` FROM `$C[prefix]sessions` WHERE `session`=?"); mysqli_stmt_bind_param($stmt, 's', $_POST['session']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']); if(mysqli_stmt_fetch($stmt)){ mysqli_stmt_close($stmt); if($U['status']==0){ setcookie($C['cookiename'], false); send_error("$I[kicked]
$U[kickmessage]"); }else{ setcookie($C['cookiename'], $U['session']); } }else{ mysqli_stmt_close($stmt); setcookie($C['cookiename'], false); send_error($I['expire']); } }elseif(get_setting('englobalpass')==1 && (!isSet($_POST['globalpass']) || $_POST['globalpass']!=get_setting('globalpass'))){ send_error($I['wrongglobalpass']); }elseif(!isSet($_REQUEST['nick']) || !isSet($_REQUEST['pass'])){ send_login(); }else{ create_session(false); } if($U['status']==1){ if($ga==2 || $ga==3){ $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `entry`='0' WHERE `session`=?"); mysqli_stmt_bind_param($stmt, 's', $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $_REQUEST['session']=$U['session']; send_waiting_room(); } } } function kill_session(){ global $C, $I, $U, $memcached, $mysqli; parse_sessions(); setcookie($C['cookiename'], false); if(!isSet($U['session'])) send_error($I['expire']); if($U['status']==0) send_error("$I[kicked]
$U[kickmessage]"); $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]sessions` WHERE `session`=?"); mysqli_stmt_bind_param($stmt, 's', $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($U['status']==1){ $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `poster`='' WHERE `poster`=? AND `poststatus`='9'"); mysqli_stmt_bind_param($stmt, 's', $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `recipient`='' WHERE `recipient`=? AND `poststatus`='9'"); mysqli_stmt_bind_param($stmt, 's', $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? OR `by`=?"); mysqli_stmt_bind_param($stmt, 'ss', $U['nickname'], $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } elseif($U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgexit'), $U['displayname'])); } function kick_chatter($names, $mes, $purge){ global $C, $P, $U, $mysqli; $lonick=''; $lines=parse_sessions(); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`='".(60*(get_setting('kickpenalty')-get_setting('guestexpire'))+time())."', `status`='0', `kickmessage`=? WHERE `session`=? AND `status`!='0'"); $i=0; foreach($names as $name){ foreach($lines as $temp){ if(($temp['nickname']==$U['nickname'] && $U['nickname']==$name) || ($U['status']>$temp['status'] && (($temp['nickname']==$name && $temp['status']>0) || ($name=='&' && $temp['status']==1)))){ mysqli_stmt_bind_param($stmt, 'ss', $mes, $temp['session']); mysqli_stmt_execute($stmt); if($purge) del_all_messages($temp['nickname'], 10, 0); $lonick.="$temp[displayname], "; ++$i; unset($P[$name]); } } } mysqli_stmt_close($stmt); if(!empty($lonick)){ if($names[0]=='&'){ add_system_message(get_setting('msgallkick')); }else{ $lonick=preg_replace('/\,\s$/','',$lonick); if($i>1){ add_system_message(sprintf(get_setting('msgmultikick'), $lonick)); }else{ add_system_message(sprintf(get_setting('msgkick'), $lonick)); } } } if(!empty($lonick)) return true; return false; } function logout_chatter($names){ global $C, $P, $U, $memcached, $mysqli; $lines=parse_sessions(); $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]sessions` WHERE `session`=? AND `status`delete("$C[dbname]-$C[prefix]ignored"); } unset($P[$name]); } } } mysqli_stmt_close($stmt); mysqli_stmt_close($stmt1); mysqli_stmt_close($stmt2); mysqli_stmt_close($stmt3); } function update_session(){ global $C, $U, $mysqli; if($U['postid']==$_REQUEST['postid']){// ignore double post=reload from browser or proxy $_REQUEST['message']=''; }elseif(time()-$U['lastpost']<=1){// time between posts too short, reject! $U['rejected']=$_REQUEST['message']; $_REQUEST['message']=''; }else{// valid post $U['postid']=substr($_REQUEST['postid'], 0, 6); $U['lastpost']=time(); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `lastpost`=?, `postid`=? WHERE `session`=?"); mysqli_stmt_bind_param($stmt, 'iis', $U['lastpost'], $U['postid'], $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } } function check_session(){ global $C, $I, $U; parse_sessions(); if(!isSet($U['session'])){ setcookie($C['cookiename'], false); send_error($I['expire']); } if($U['status']==0){ setcookie($C['cookiename'], false); send_error("$I[kicked]
$U[kickmessage]"); } if($U['entry']==0){ send_waiting_room(); } } function get_nowchatting(){ global $G, $I, $M, $P; parse_sessions(); echo sprintf($I['curchat'], count($P)).'
'.implode('   ', $M).'   '.implode('   ', $G); } function parse_sessions(){ global $C, $G, $M, $P, $U, $countmods, $memcached, $mysqli; $result=mysqli_query($mysqli, "SELECT `nickname`, `status`, `session` FROM `$C[prefix]sessions` WHERE (`lastpost`<'".(time()-60*get_setting('guestexpire'))."' AND `status`<='2') OR (`lastpost`<'".(time()-60*get_setting('memberexpire'))."' AND `status`>'2')"); if(mysqli_num_rows($result)>0){ $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]sessions` WHERE `nickname`=?"); $stmt1=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `poster`='' WHERE `poster`=? AND `poststatus`='9'"); $stmt2=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `recipient`='' WHERE `recipient`=? AND `poststatus`='9'"); $stmt3=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? OR `by`=?"); while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ mysqli_stmt_bind_param($stmt, 's', $temp['nickname']); mysqli_stmt_execute($stmt); if($temp['status']<=1){ mysqli_stmt_bind_param($stmt1, 's', $temp['nickname']); mysqli_stmt_bind_param($stmt2, 's', $temp['nickname']); mysqli_stmt_bind_param($stmt3, 'ss', $temp['nickname'], $temp['nickname']); mysqli_stmt_execute($stmt1); mysqli_stmt_execute($stmt2); mysqli_stmt_execute($stmt3); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } } mysqli_stmt_close($stmt); mysqli_stmt_close($stmt1); mysqli_stmt_close($stmt2); mysqli_stmt_close($stmt3); } $lines=array(); $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]sessions` ORDER BY `status` DESC, `lastpost` DESC"); while($line=mysqli_fetch_array($result, MYSQLI_ASSOC)) $lines[]=$line; if(!empty($_REQUEST['session'])){ foreach($lines as $temp){ if($temp['session']==$_REQUEST['session']){ $U=$temp; add_user_defaults(); break; } } } $countmods=0; $G=array(); $M=array(); $P=array(); foreach($lines as $temp){ if($temp['entry']!=0){ if($temp['status']==1 || $temp['status']==2){ $P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']]; $G[]=$temp['displayname']; }elseif($temp['status']>2){ if(!$temp['incognito']){ $P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']]; $M[]=$temp['displayname']; } if($temp['status']>=5) ++$countmods; } } } return $lines; } // member handling function check_member(){ global $C, $I, $U, $mysqli; $stmt=mysqli_prepare($mysqli, "SELECT `nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `fontface`, `fonttags`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `lastlogin`, `timestamps`, `embed`, `incognito` FROM `$C[prefix]members` WHERE `nickname`=?"); mysqli_stmt_bind_param($stmt, 's', $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $temp['nickname'], $temp['passhash'], $temp['status'], $temp['refresh'], $temp['colour'], $temp['bgcolour'], $temp['fontface'], $temp['fonttags'], $temp['boxwidth'], $temp['boxheight'], $temp['notesboxwidth'], $temp['notesboxheight'], $temp['lastlogin'], $temp['timestamps'], $temp['embed'], $temp['incognito']); if(mysqli_stmt_fetch($stmt)){ if($temp['passhash']==$U['passhash']){ mysqli_stmt_close($stmt); $U=$temp; $time=time(); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]members` SET `lastlogin`=? WHERE `nickname`=?"); mysqli_stmt_bind_param($stmt, 'is', $time, $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); }else{ mysqli_stmt_close($stmt); send_error($I['wrongpass']); } } } function read_members(){ global $A, $C, $F, $memcached, $mysqli; if($C['memcached']) $A=$memcached->get("$C[dbname]-$C[prefix]members"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]members`"); while($temp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ $A[$temp['nickname']][0]=$temp['nickname']; $A[$temp['nickname']][1]=$temp['status']; $A[$temp['nickname']][2]=@get_style("#$temp[colour] {$F[$temp['fontface']]} <$temp[fonttags]>"); } if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]members", $A); } } function register_guest($status){ global $A, $C, $I, $P, $U, $memcached, $mysqli; if(empty($_REQUEST['name'])) send_admin(); if(!isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); read_members(); if(isSet($A[$_REQUEST['name']])) send_admin(sprintf($I['alreadyreged'], $_REQUEST['name'])); $stmt=mysqli_prepare($mysqli, "SELECT `session`, `nickname`, `displayname`, `passhash`, `refresh`, `fontinfo`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito` FROM `$C[prefix]sessions` WHERE `nickname`=? AND `status`='1'"); mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $reg['session'], $reg['nickname'], $reg['displayname'], $reg['passhash'], $reg['refresh'], $reg['fontinfo'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito']); if(mysqli_stmt_fetch($stmt)){ mysqli_stmt_close($stmt); $reg['status']=$status; if(preg_match('/#([a-f0-9]{6})/i', $reg['fontinfo'], $match)) $reg['colour']=$match[1]; else $reg['colour']=$C['coltxt']; $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `status`=? WHERE `session`=?"); mysqli_stmt_bind_param($stmt, 'is', $reg['status'], $reg['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); }else{ mysqli_stmt_close($stmt); send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); } $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); mysqli_stmt_bind_param($stmt, 'ssiissiiiisiii', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $U['nickname'], $reg['timestamps'], $reg['embed'], $reg['incognito']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); if($reg['status']==3) add_system_message(sprintf(get_setting('msgmemreg'), $reg['displayname'])); else add_system_message(sprintf(get_setting('msgsureg'), $reg['displayname'])); } function register_new(){ global $A, $C, $I, $P, $U, $memcached, $mysqli; $_REQUEST['name']=cleanup_nick($_REQUEST['name']); if(empty($_REQUEST['name'])) send_admin(); if(isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name'])); if(!valid_nick($_REQUEST['name'])) send_admin(sprintf($I['invalnick'], $C['maxname'])); if(!valid_pass($_REQUEST['pass'])) send_admin(sprintf($I['invalpass'], $C['minpass'])); read_members(); if(isSet($A[$_REQUEST['name']])) send_admin(sprintf($I['alreadyreged'], $_REQUEST['name'])); $reg=array( 'nickname' =>$_REQUEST['name'], 'passhash' =>md5(sha1(md5($_REQUEST['name'].$_REQUEST['pass']))), 'status' =>3, 'refresh' =>$C['defaultrefresh'], 'colour' =>$C['coltxt'], 'bgcolour' =>$C['colbg'], 'boxwidth' =>40, 'boxheight' =>3, 'notesboxwidth' =>80, 'notesboxheight'=>30, 'regedby' =>$U['nickname'], 'timestamps' =>$C['timestamps'], 'embed' =>$C['embed'], 'incognito' =>false ); $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`,`notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); mysqli_stmt_bind_param($stmt, 'ssiissiiiisiii', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['regedby'], $reg['timestamps'], $reg['embed'], $reg['incognito']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); send_admin(sprintf($I['successreg'], $reg['nickname'])); } function change_status(){ global $C, $I, $U, $memcached, $mysqli; if(empty($_REQUEST['name'])) send_admin(); if($U['status']<=$_REQUEST['set'] || !preg_match('/^[023567\-]$/', $_REQUEST['set'])) send_admin(sprintf($I['cantchgstat'], $_REQUEST['name'])); $stmt=mysqli_prepare($mysqli, "SELECT * FROM `$C[prefix]members` WHERE `nickname`=? AND `status`0){ mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); if($_REQUEST['set']=='-'){ $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]members` WHERE `nickname`=?"); mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `status`='1' WHERE `nickname`=?"); mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); send_admin(sprintf($I['succdel'], $_REQUEST['name'])); }else{ $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]members` SET `status`=? WHERE `nickname`=?"); mysqli_stmt_bind_param($stmt, 'is', $_REQUEST['set'], $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `status`=? WHERE `nickname`=?"); mysqli_stmt_bind_param($stmt, 'is', $_REQUEST['set'], $_REQUEST['name']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); send_admin(sprintf($I['succchg'], $_REQUEST['name'])); } }else{ send_admin(sprintf($I['cantchgstat'], $_REQUEST['name'])); mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); } } function amend_profile(){ global $C, $F, $U; if(isSet($_REQUEST['refresh'])) $U['refresh']=$_REQUEST['refresh']; else $U['refresh']=$C['defaultrefresh']; if($U['refresh']<5) $U['refresh']=5; elseif($U['refresh']>150) $U['refresh']=150; if(preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['colour'])) $U['colour']=$_REQUEST['colour']; else $U['colour']=$C['coltxt']; if(preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['bgcolour'])) $U['bgcolour']=$_REQUEST['bgcolour']; else $U['bgcolour']=$C['colbg']; $U['fonttags']=''; if($U['status']>=3 && isSet($_REQUEST['bold'])) $U['fonttags'].='b'; if($U['status']>=3 && isSet($_REQUEST['italic'])) $U['fonttags'].='i'; if($U['status']>=3 && isSet($F[$_REQUEST['font']])) $U['fontface']=$_REQUEST['font']; @$U['fontinfo']="#$U[colour] {$F[$U['fontface']]} <$U[fonttags]>"; if(!isSet($U['fontinfo'])) $U['fontinfo']=''; $U['style']=get_style($U['fontinfo']); $U['displayname']=style_this($U['nickname'], $U['fontinfo']); if($_REQUEST['boxwidth']>0) $U['boxwidth']=$_REQUEST['boxwidth']; if($_REQUEST['boxheight']>0) $U['boxheight']=$_REQUEST['boxheight']; if(isSet($_REQUEST['notesboxwidth']) && $_REQUEST['notesboxwidth']>0) $U['notesboxwidth']=$_REQUEST['notesboxwidth']; if(isSet($_REQUEST['notesboxheight']) && $_REQUEST['notesboxheight']>0) $U['notesboxheight']=$_REQUEST['notesboxheight']; if(isSet($_REQUEST['timestamps'])) $U['timestamps']=true; else $U['timestamps']=false; if(isSet($_REQUEST['embed'])) $U['embed']=true; else $U['embed']=false; if($U['status']>=5 && isSet($_REQUEST['incognito']) && $C['incognito']) $U['incognito']=true; else $U['incognito']=false; if($U['boxwidth']>=1000) $U['boxwidth']=40; if($U['boxheight']>=1000) $U['boxheight']=3; if($U['notesboxwidth']>=1000) $U['notesboxwidth']=80; if($U['notesboxheight']>=1000) $U['notesboxheight']=30; } function save_profile(){ global $C, $I, $U, $memcached, $mysqli; if(!isSet($_REQUEST['oldpass'])) $_REQUEST['oldpass']=''; if(!isSet($_REQUEST['newpass'])) $_REQUEST['newpass']=''; if(!isSet($_REQUEST['confirmpass'])) $_REQUEST['confirmpass']=''; if($_REQUEST['newpass']!==$_REQUEST['confirmpass']){ send_profile($I['noconfirm']); }elseif(!empty($_REQUEST['newpass'])){ $U['oldhash']=md5(sha1(md5($U['nickname'].$_REQUEST['oldpass']))); $U['newhash']=md5(sha1(md5($U['nickname'].$_REQUEST['newpass']))); }else{ $U['oldhash']=$U['newhash']=$U['passhash']; } if($U['passhash']!==$U['oldhash']) send_profile($I['wrongpass']); $U['passhash']=$U['newhash']; amend_profile(); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]sessions` SET `refresh`=?, `displayname`=?, `fontinfo`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `session`=?"); mysqli_stmt_bind_param($stmt, 'issssiisiiiiis', $U['refresh'], $U['displayname'], $U['fontinfo'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['session']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($U['status']>=2){ $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]members` SET `passhash`=?, `refresh`=?, `colour`=?, `bgcolour`=?, `fontface`=?, `fonttags`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `nickname`=?"); mysqli_stmt_bind_param($stmt, 'sissssiiiiiiis', $U['passhash'], $U['refresh'], $U['colour'], $U['bgcolour'], $U['fontface'], $U['fonttags'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]members"); } if(!empty($_REQUEST['unignore'])){ $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]ignored` WHERE `ignored`=? AND `by`=?"); mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['unignore'], $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } if(!empty($_REQUEST['ignore'])){ $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]ignored` (`ignored`,`by`) VALUES (?, ?)"); mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['ignore'], $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->delete("$C[dbname]-$C[prefix]ignored"); } send_profile($I['succprofile']); } function add_user_defaults(){ global $C, $F, $H, $U; if(!isSet($U['refresh'])) $U['refresh']=$C['defaultrefresh']; if($U['refresh']<5) $U['refresh']=5; elseif($U['refresh']>150) $U['refresh']=150; if(!isSet($U['fontinfo'])){ if(!preg_match('/^[a-f0-9]{6}$/i', $U['colour'])){ $U['colour']=$C['coltxt']; do{ $U['colour']=sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)).sprintf('%02X', rand(0, 256)); }while(abs(greyval($U['colour'])-greyval($C['colbg']))<75); } $U['fontinfo']="#$U[colour]"; @$U['fontinfo'].=" {$F[$U['fontface']]} <$U[fonttags]>"; } if(!isSet($U['bgcolour'])) $U['bgcolour']=$C['colbg']; $H['begin_body']="body style=\"background-color:#$U[bgcolour];\""; if(!isSet($U['colour'])){ preg_match('/([0-9a-f]{6})/i', $U['fontinfo'], $matches); $U['colour']=$matches[0]; } if(!isSet($U['style'])) $U['style']=get_style($U['fontinfo']); if(!isSet($U['boxwidth'])) $U['boxwidth']=40; if(!isSet($U['boxheight'])) $U['boxheight']=3; if(!isSet($U['notesboxwidth'])) $U['notesboxwidth']=80; if(!isSet($U['notesboxheight'])) $U['notesboxheight']=30; if(!isSet($U['timestamps'])) $U['timestamps']=$C['timestamps']; if(!isSet($U['embed'])) $U['embed']=$C['embed']; if(!isSet($U['incognito'])) $U['incognito']=false; if(!isSet($U['lastpost'])) $U['lastpost']=time(); if(!isSet($U['entry'])) $U['entry']=$U['lastpost']; if(!isSet($U['postid'])) $U['postid']='OOOOOO'; if(!isSet($U['displayname'])) $U['displayname']=style_this($U['nickname'], $U['fontinfo']); } // message handling function validate_input(){ global $P, $U; $maxmessage=get_setting('maxmessage'); $U['message']=substr($_REQUEST['message'], 0, $maxmessage); $U['rejected']=substr($_REQUEST['message'], $maxmessage); if(preg_match('/&[^;]{0,8}$/', $U['message']) && preg_match('/^([^;]{0,8};)/', $U['rejected'], $match)){ $U['message'].=$match[0]; $U['rejected']=preg_replace("/^$match[0]", '', $U['rejected']); } if($U['rejected']){ $U['rejected']=trim($U['rejected']); $U['rejected']=htmlspecialchars($U['rejected']); } $U['message']=htmlspecialchars($U['message']); $U['message']=preg_replace("/\r\n/", '
', $U['message']); $U['message']=preg_replace("/\n/", '
', $U['message']); $U['message']=preg_replace("/\r/", '
', $U['message']); if(isSet($_REQUEST['multi']) && $_REQUEST['multi']=='on'){ $U['message']=preg_replace('/\s*
/', '
', $U['message']); $U['message']=preg_replace('/
(
)+/', '

', $U['message']); $U['message']=preg_replace('/

\s*$/', '
', $U['message']); $U['message']=preg_replace('/^
\s*$/', '', $U['message']); }else{ $U['message']=preg_replace('/
/', ' ', $U['message']); } $U['message']=trim($U['message']); $U['message']=preg_replace('/\s+/', ' ', $U['message']); $U['delstatus']=$U['status']; $U['recipient']=''; if($_REQUEST['sendto']=='*'){ $U['poststatus']='1'; $U['displaysend']="$U[displayname] - "; }elseif($_REQUEST['sendto']=='?' && $U['status']>=3){ $U['poststatus']='3'; $U['displaysend']="[M] $U[displayname] - "; }elseif($_REQUEST['sendto']=='#' && $U['status']>=5){ $U['poststatus']='5'; $U['displaysend']="[Staff] $U[displayname] - "; }elseif($_REQUEST['sendto']=='&' && $U['status']>=6){ $U['poststatus']='6'; $U['displaysend']="[Admin] $U[displayname] - "; }else{// known nick in room? $ignored=get_ignored(); $ignore=false; foreach($ignored as $ign){ if($ign['by']==$U['nickname'] && $ign['ignored']==$_REQUEST['sendto'] || ($ign['by']==$_REQUEST['sendto'] && $ign['ignored']==$U['nickname'])){ $ignore=true; break; } } if(!$ignore){ foreach($P as $chatter){ if($_REQUEST['sendto']==$chatter[0]){ $U['recipient']=$chatter[0]; $U['displayrecp']=style_this($chatter[0], $chatter[2]); break; } } } if(!empty($U['recipient'])){ $U['poststatus']='9'; $U['delstatus']='9'; $U['displaysend']="[$U[displayname] to $U[displayrecp]] - "; }else{// nick left already or ignores us $U['message']=''; $U['rejected']=''; } } if(isSet($U['poststatus'])){ apply_filter(); create_hotlinks(); if(add_message()) update_session(); } } function apply_filter(){ global $C, $I, $U, $memcached, $mysqli; if($U['poststatus']!=9 && preg_match('~^/me~i', $U['message'])){ $U['displaysend']=substr($U['displaysend'], 0, -3); $U['message']=preg_replace("~^/me~i", '', $U['message']); } $U['message']=preg_replace_callback("/\@([a-z0-9]{1,$C[maxname]})/i", function ($matched){ global $P; if(isSet($P[$matched[1]])) return style_this($matched[0], $P[$matched[1]][2]); else return "$matched[0]";}, $U['message']); if($C['memcached']) $filters=$memcached->get("$C[dbname]-$C[prefix]filter"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $filters=array(); $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]filter`"); while($filter=mysqli_fetch_array($result, MYSQLI_ASSOC)) $filters[]=$filter; if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]filter", $filters); } foreach($filters as $filter){ if($U['poststatus']!=9) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count); elseif(!$filter['allowinpm']) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count); if(isSet($count) && $count>0 && $filter['kick']){ kick_chatter(array($U['nickname']), '', false); send_error("$I[kicked]"); } } } function create_hotlinks(){ global $C, $U; //Make hotlinks for URLs, redirect through dereferrer script to prevent session leakage // 1. all explicit schemes with whatever xxx://yyyyyyy $U['message']=preg_replace('~(\w*://[^\s<>]+)~i', "<<$1>>", $U['message']); // 2. valid URLs without scheme: $U['message']=preg_replace('~((?:[^\s<>]*:[^\s<>]*@)?[a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?::\d*)?/[^\s<>]*)(?![^<>]*>)~i', "<<$1>>", $U['message']); // server/path given $U['message']=preg_replace('~((?:[^\s<>]*:[^\s<>]*@)?[a-z0-9\-]+(?:\.[a-z0-9\-]+)+:\d+)(?![^<>]*>)~i', "<<$1>>", $U['message']); // server:port given $U['message']=preg_replace('~([^\s<>]*:[^\s<>]*@[a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?::\d+)?)(?![^<>]*>)~i', "<<$1>>", $U['message']); // au:th@server given // 3. likely servers without any hints but not filenames like *.rar zip exe etc. $U['message']=preg_replace('~((?:[a-z0-9\-]+\.)*[a-z2-7]{16}\.onion)(?![^<>]*>)~i', "<<$1>>", $U['message']);// *.onion $U['message']=preg_replace('~([a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?:\.(?!rar|zip|exe|gz|7z|bat|doc)[a-z]{2,}))(?=[^a-z0-9\-\.]|$)(?![^<>]*>)~i', "<<$1>>", $U['message']);// xxx.yyy.zzz // Convert every <<....>> into proper links: $U['message']=preg_replace_callback('/<<([^<>]+)>>/', function ($matches){if(strpos($matches[1], '://')==false){ return "$matches[1]";}else{ return "$matches[1]"; }}, $U['message']); if($C['imgembed']) $U['message']=preg_replace_callback('/\[img\]\s?(.*?(?=<\/a>))<\/a>/i', function ($matched){ return str_ireplace('[/img]', '', "

");}, $U['message']); if($C['forceredirect']) $U['message']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $U['message']); elseif(preg_match_all('/(.*?(?=<\/a>))<\/a>/', $U['message'], $matches)){ foreach($matches[1] as $match){ if(!preg_match('~^http(s)?://~', $match)){ $U['message']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $U['message']); break; } } } } function add_message(){ global $U; if(empty($U['message'])) return false; $newmessage=array( 'postdate' =>time(), 'poststatus' =>$U['poststatus'], 'poster' =>$U['nickname'], 'recipient' =>$U['recipient'], 'text' =>$U['displaysend'].style_this($U['message'], $U['fontinfo']), 'delstatus' =>$U['delstatus'] ); write_message($newmessage); return true; } function add_system_message($mes){ if(empty($mes)) return; $sysmessage=array( 'postdate' =>time(), 'poststatus' =>1, 'poster' =>'', 'recipient' =>'', 'text' =>$mes, 'delstatus' =>9 ); write_message($sysmessage); } function write_message($message){ global $C, $mysqli; if($C['msgencrypted']) $message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]messages` (`postdate`, `poststatus`, `poster`, `recipient`, `text`, `delstatus`) VALUES (?, ?, ?, ?, ?, ?)"); mysqli_stmt_bind_param($stmt, 'iisssi', $message['postdate'], $message['poststatus'], $message['poster'], $message['recipient'], $message['text'], $message['delstatus']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $limit=$C['keeplimit']*get_setting('messagelimit'); $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `id` NOT IN (SELECT `id` FROM (SELECT `id` FROM `$C[prefix]messages` ORDER BY `id` DESC LIMIT ?) t )"); mysqli_stmt_bind_param($stmt, 'i', $limit); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['sendmail'] && $message['poststatus']<9){ $subject='New Chat message'; $headers="From: $C[mailsender]\r\nX-Mailer: PHP/".phpversion()."\r\nContent-Type: text/html; charset=UTF-8\r\n"; $body="$message[text]"; mail($C['mailreceiver'], $subject, $body, $headers); } } function clean_room(){ global $C, $mysqli; mysqli_query($mysqli, "DELETE FROM `$C[prefix]messages`"); $msg=get_setting('msgclean'); if(empty($msg)) return; $sysmessage=array( 'postdate' =>time(), 'poster' =>'', 'recipient' =>'', 'poststatus' =>1, 'text' =>sprintf($msg, $C['chatname']), 'delstatus' =>9 ); write_message($sysmessage); } function clean_selected(){ global $C, $mysqli; if(isSet($_REQUEST['mid'])){ $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `id`=?"); foreach($_REQUEST['mid'] as $mid){ mysqli_stmt_bind_param($stmt, 'i', $mid); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); } } function del_all_messages($nick, $status, $entry){ global $C, $U, $mysqli; if($nick==$U['nickname']) $status=10; if($U['status']>1) $entry=0; $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `poster`=? AND `delstatus`?"); mysqli_stmt_bind_param($stmt, 'sii', $nick, $status, $entry); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } function del_last_message(){ global $C, $U, $mysqli; if($U['status']>1) $entry=0; else $entry=$U['entry']; $stmt=mysqli_prepare($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `poster`=? AND `postdate`>? ORDER BY `id` DESC LIMIT 1"); mysqli_stmt_bind_param($stmt, 'si', $U['nickname'], $entry); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } function print_messages($delstatus=''){ global $C, $U, $mysqli; $dateformat=get_setting('dateformat'); $messagelimit=get_setting('messagelimit'); if(!isSet($_COOKIE[$C['cookiename']]) && !$C['forceredirect']) $injectRedirect=true; else $injectRedirect=false; if($C['imgembed'] && (!$U['embed'] || !isSet($_COOKIE[$C['cookiename']]))) $removeEmbed=true; else $removeEmbed=false; mysqli_query($mysqli, "DELETE FROM `$C[prefix]messages` WHERE `postdate`<='".(time()-60*get_setting('messageexpire'))."'"); if(!empty($delstatus)){ $stmt=mysqli_prepare($mysqli, "SELECT `postdate`, `id`, `text` FROM `$C[prefix]messages` WHERE ". "`id` IN (SELECT * FROM (SELECT `id` FROM `$C[prefix]messages` WHERE `poststatus`='1' ORDER BY `id` DESC LIMIT ?) AS t) ". "OR (`poststatus`>'1' AND (`poststatus`(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $message['text']); } if($removeEmbed){ $message['text']=preg_replace_callback('//', function ($matched){ return $matched[1];}, $message['text']); } echo "
"; } }else{ $stmt=mysqli_prepare($mysqli, "SELECT `postdate`, `text` FROM `$C[prefix]messages` WHERE (". "`id` IN (SELECT * FROM (SELECT `id` FROM `$C[prefix]messages` WHERE `poststatus`='1' ORDER BY `id` DESC LIMIT ?) AS t) ". "OR (`poststatus`>'1' AND `poststatus`<=?) ". "OR (`poststatus`='9' AND ( (`poster`=? AND `recipient` NOT IN (SELECT `ignored` FROM `$C[prefix]ignored` WHERE `by`=?) ) OR `recipient`=?) )". ") AND `poster` NOT IN (SELECT `ignored` FROM `$C[prefix]ignored` WHERE `by`=?) ORDER BY `id` DESC"); mysqli_stmt_bind_param($stmt, 'iissss', $messagelimit, $U['status'], $U['nickname'], $U['nickname'], $U['nickname'], $U['nickname']); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $message['postdate'], $message['text']); while(mysqli_stmt_fetch($stmt)){ if($C['msgencrypted']) $message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); if($injectRedirect){ $message['text']=preg_replace_callback('/(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "$matched[2]";}, $message['text']); } if($removeEmbed){ $message['text']=preg_replace_callback('//', function ($matched){ return $matched[1];}, $message['text']); } if($U['timestamps']) echo ''.date($dateformat, $message['postdate']).' - '; echo "$message[text]
"; } } mysqli_stmt_close($stmt); } // this and that function get_ignored(){ global $C, $memcached, $mysqli; if($C['memcached']) $ignored=$memcached->get("$C[dbname]-$C[prefix]ignored"); if(!$C['memcached'] || $memcached->getResultCode()!=Memcached::RES_SUCCESS){ $ignored=array(); $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]ignored`"); while($tmp=mysqli_fetch_array($result, MYSQLI_ASSOC)){ $ignored[]=$tmp; } if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]ignored", $ignored); } return $ignored; } function valid_admin(){ global $U; if(!empty($_REQUEST['session'])){ check_session(); } elseif(isSet($_REQUEST['nick']) && isSet($_REQUEST['pass'])){ create_session(true); } if(isSet($U['status']) && $U['status']>=7) return true; else return false; } function valid_nick($nick){ global $C; return preg_match("/^[a-z0-9]{1,$C[maxname]}$/i", $nick); } function valid_pass($pass){ global $C; return preg_match('/^.{'.$C['minpass'].',}$/', $pass); } function cleanup_nick($nick){ $nick=preg_replace('/\s+/', '', $nick); return $nick; } function get_timeout($lastpost, $status){ // lastpost, status if($status>2) $expire=get_setting('memberexpire'); else $expire=get_setting('guestexpire'); $s=($lastpost+60*$expire)-time(); $m=$s/60;$m=floor($m);$s-=$m*60; $h=$m/60;$h=floor($h);$m-=$h*60; $s=substr('0'.$s, -2, 2); if($h>0){ $m=substr('0'.$m, -2, 2); return "$h:$m:$s"; } return "$m:$s"; } function print_colours(){ global $C, $I; // Prints a short list with selected named HTML colours and filters out illegible text colours for the given background. // It's a simple comparison of weighted grey values. This is not very accurate but gets the job done well enough. $colours=array('Beige'=>'F5F5DC', 'Black'=>'000000', 'Blue'=>'0000FF', 'BlueViolet'=>'8A2BE2', 'Brown'=>'A52A2A', 'Cyan'=>'00FFFF', 'DarkBlue'=>'00008B', 'DarkGreen'=>'006400', 'DarkRed'=>'8B0000', 'DarkViolet'=>'9400D3', 'DeepSkyBlue'=>'00BFFF', 'Gold'=>'FFD700', 'Grey'=>'808080', 'Green'=>'008000', 'HotPink'=>'FF69B4', 'Indigo'=>'4B0082', 'LightBlue'=>'ADD8E6', 'LightGreen'=>'90EE90', 'LimeGreen'=>'32CD32', 'Magenta'=>'FF00FF', 'Olive'=>'808000', 'Orange'=>'FFA500', 'OrangeRed'=>'FF4500', 'Purple'=>'800080', 'Red'=>'FF0000', 'RoyalBlue'=>'4169E1', 'SeaGreen'=>'2E8B57', 'Sienna'=>'A0522D', 'Silver'=>'C0C0C0', 'Tan'=>'D2B48C', 'Teal'=>'008080', 'Violet'=>'EE82EE', 'White'=>'FFFFFF', 'Yellow'=>'FFFF00', 'YellowGreen'=>'9ACD32'); $greybg=greyval($C['colbg']); foreach($colours as $name=>$colour){ if(abs($greybg-greyval($colour))>75) echo ""; } } function greyval($colour){ return hexdec(substr($colour, 0, 2))*.3+hexdec(substr($colour, 2, 2))*.59+hexdec(substr($colour, 4, 2))*.11; } function get_style($styleinfo){ $fbold=preg_match('/(|:bold)/', $styleinfo); $fitalic=preg_match('/(|:italic)/', $styleinfo); $fsmall=preg_match('/(size="-1"|:smaller)/', $styleinfo); preg_match('/(#.{6})/', $styleinfo, $match); if(isSet($match[0])) $fcolour=$match[0]; preg_match('/face=\'([^"]+)\'/', $styleinfo, $match); if(isSet($match[1])) $fface=$match[1]; preg_match('/font-family:([^;]+);/', $styleinfo, $match); if(isSet($match[1])) $sface=$match[1]; if(isSet($fface)){ $sface=$fface; $sface=preg_replace('/^/', "'", $sface); $sface=preg_replace('/$/', "'", $sface); $sface=preg_replace('/,/', "','", $sface); }elseif(isSet($sface)){ $fface=$sface; $fface=preg_replace("/'/", '', $fface); } $fstyle=''; if(isSet($fcolour)) $fstyle.="color:$fcolour;"; if(isSet($sface)) $fstyle.="font-family:$sface;"; if($fsmall) $fstyle.='font-size:smaller;'; if($fitalic) $fstyle.='font-style:italic;'; if($fbold) $fstyle.='font-weight:bold;'; return $fstyle; } function style_this($text, $styleinfo){ $fbold=preg_match('/(|:bold)/', $styleinfo); $fitalic=preg_match('/(|:italic)/', $styleinfo); $fsmall=preg_match('/(size="-1"|:smaller)/', $styleinfo); preg_match('/(#.{6})/', $styleinfo, $match); if(isSet($match[0])) $fcolour=$match[0]; preg_match('/face=\'([^"]+)\'/', $styleinfo, $match); if(isSet($match[1])) $fface=$match[1]; preg_match('/font-family:([^;]+);/', $styleinfo, $match); if(isSet($match[1])) $sface=$match[1]; if(isSet($fface)){ $sface=$fface; $sface=preg_replace('/^/', "'", $sface); $sface=preg_replace('/$/', "'", $sface); $sface=preg_replace('/,/', "','", $sface); }elseif(isSet($sface)){ $fface=$sface; $fface=preg_replace("/'/", '', $fface); } $fstyle=''; if(isSet($fcolour)) $fstyle.="color:$fcolour;"; if(isSet($sface)) $fstyle.="font-family:$sface;"; if($fsmall) $fstyle.='font-size:smaller;'; if($fitalic) $fstyle.='font-style:italic;'; if($fbold) $fstyle.='font-weight:bold;'; $fstart='get("$C[dbname]-$C[prefix]num-tables")){ $tables=array("$C[prefix]captcha", "$C[prefix]filter", "$C[prefix]ignored", "$C[prefix]members", "$C[prefix]messages", "$C[prefix]notes", "$C[prefix]sessions", "$C[prefix]settings"); $num_tables=0; $result=mysqli_query($mysqli, 'SHOW TABLES'); while($tmp=mysqli_fetch_array($result, MYSQLI_NUM)){ if(in_array($tmp[0],$tables)) ++$num_tables; } if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]num-tables", $num_tables, 60); } return $num_tables; } function init_chat(){ global $C, $H, $I, $mysqli; $suwrite=''; if(check_init()>=7){ $suwrite=$I['initdbexist']; $result=mysqli_query($mysqli, "SELECT * FROM `$C[prefix]members` WHERE `status`='8'"); if(mysqli_num_rows($result)>0){ $suwrite=$I['initsuexist']; } }elseif(!valid_nick($_REQUEST['sunick'])){ $suwrite=sprintf($I['invalnick'], $C['maxname']); }elseif(!valid_pass($_REQUEST['supass'])){ $suwrite=sprintf($I['invalpass'], $C['minpass']); }elseif($_REQUEST['supass']!==$_REQUEST['supassc']){ $suwrite=$I['noconfirm']; }else{ mysqli_multi_query($mysqli, "CREATE TABLE IF NOT EXISTS `$C[prefix]captcha` (`id` int(10) unsigned NOT NULL, `time` int(10) unsigned NOT NULL, `code` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". "CREATE TABLE IF NOT EXISTS `$C[prefix]filter` (`id` tinyint(3) unsigned NOT NULL, `match` tinytext NOT NULL, `replace` text NOT NULL, `allowinpm` tinyint(1) unsigned NOT NULL, `regex` tinyint(1) unsigned NOT NULL, `kick` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". "CREATE TABLE IF NOT EXISTS `$C[prefix]ignored` (`id` int(10) unsigned NOT NULL, `ignored` tinytext NOT NULL, `by` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". "CREATE TABLE IF NOT EXISTS `$C[prefix]members` (`id` tinyint(3) unsigned NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `passhash` tinytext NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `colour` tinytext NOT NULL, `bgcolour` tinytext NOT NULL, `fontface` tinytext NOT NULL, `fonttags` tinytext NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `regedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `lastlogin` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". "CREATE TABLE IF NOT EXISTS `$C[prefix]messages` (`id` int(10) unsigned NOT NULL, `postdate` int(10) unsigned NOT NULL, `poststatus` tinyint(3) unsigned NOT NULL, `poster` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `recipient` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL, `delstatus` tinyint(3) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". "CREATE TABLE IF NOT EXISTS `$C[prefix]notes` (`id` int(10) unsigned NOT NULL, `type` tinytext NOT NULL, `lastedited` int(10) unsigned NOT NULL, `editedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". "CREATE TABLE IF NOT EXISTS `$C[prefix]sessions` (`id` int(10) unsigned NOT NULL, `session` tinytext NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `displayname` text NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `fontinfo` tinytext NOT NULL, `style` text NOT NULL, `lastpost` int(10) unsigned NOT NULL, `passhash` tinytext NOT NULL, `postid` int(10) unsigned NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `useragent` text NOT NULL, `kickmessage` text NOT NULL, `bgcolour` tinytext NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `entry` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL, `ip` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". "CREATE TABLE IF NOT EXISTS `$C[prefix]settings` (`id` tinyint(3) unsigned NOT NULL, `setting` tinytext NOT NULL, `value` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; ". "ALTER TABLE `$C[prefix]captcha` ADD UNIQUE KEY `id` (`id`); ". "ALTER TABLE `$C[prefix]filter` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]ignored` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]members` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]messages` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]notes` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]sessions` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]settings` ADD PRIMARY KEY (`id`); ". "ALTER TABLE `$C[prefix]filter` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]ignored` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]members` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]messages` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]notes` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]sessions` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; ". "ALTER TABLE `$C[prefix]settings` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; ". "INSERT INTO `$C[prefix]settings` (`setting`,`value`) VALUES ('guestaccess','0'), ('globalpass',''), ('englobalpass','0'), ('captcha','0'), ('dateformat','m-d H:i:s'), ('rulestxt', ''), ('msgencrypted','0'), ('msgenter','%s entered the chat.'), ('msgexit','%s left the chat.'), ('msgmemreg','%s is now a registered member.'), ('msgsureg','%s is now a registered applicant.'), ('msgkick','%s has been kicked.'), ('msgmultikick','%s have been kicked.'), ('msgallkick','All chatters have been kicked.'), ('msgclean','%s has been cleaned.'), ('dbversion','$C[dbversion]'), ('css','a:visited{color:#B33CB4;} a:active{color:#FF0033;} a:link{color:#0000FF;} input,select,textarea{color:#FFFFFF;background-color:#000000;} a img{width:15%} a:hover img{width:35%} .error{color:#FF0033;} .delbutton{background-color:#660000;} .backbutton{background-color:#004400;} #exitbutton{background-color:#AA0000;}'), ('memberexpire','60'), ('guestexpire', '15'), ('kickpenalty', '10'), ('entrywait', '120'), ('messageexpire', '14400'), ('messagelimit', '150'), ('maxmessage', 2000), ('captchatime', '600');"); while(mysqli_more_results($mysqli)) mysqli_next_result($mysqli); $reg=array( 'nickname' =>$_REQUEST['sunick'], 'passhash' =>md5(sha1(md5($_REQUEST['sunick'].$_REQUEST['supass']))), 'status' =>8, 'refresh' =>$C['defaultrefresh'], 'colour' =>$C['coltxt'], 'bgcolour' =>$C['colbg'], 'boxwidth' =>40, 'boxheight' =>3, 'notesboxwidth' =>80, 'notesboxheight'=>30, 'timestamps' =>$C['timestamps'], 'embed' =>$C['embed'], 'incognito' =>false ); $stmt=mysqli_prepare($mysqli, "INSERT INTO `$C[prefix]members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); mysqli_stmt_bind_param($stmt, 'ssiissiiiiiii', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito']); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $suwrite=$I['susuccess']; } print_start('init'); echo "

$I[init]


$I[sulogin]

$suwrite


"; echo "<$H[form]>".hidden('action', 'setup').hidden('lang', $C['lang']).submit($I['initgosetup'])."$H[credit]"; print_end(); } function update_db(){ global $C, $mysqli; $dbversion=get_setting('dbversion'); if($dbversion<$C['dbversion'] || get_setting('msgencrypted')!=$C['msgencrypted']){ if($dbversion<2){ mysqli_query($mysqli, "CREATE TABLE IF NOT EXISTS `$C[prefix]ignored` (`id` int(10) unsigned NOT NULL, `ignored` tinytext NOT NULL, `by` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8"); mysqli_query($mysqli, "ALTER TABLE `$C[prefix]ignored` ADD PRIMARY KEY (`id`)"); mysqli_query($mysqli, "ALTER TABLE `$C[prefix]ignored` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT"); } if($dbversion<3){ mysqli_query($mysqli, "INSERT INTO `$C[prefix]settings` (`setting`, `value`) VALUES ('rulestxt', '')"); } if($dbversion<4){ mysqli_query($mysqli, "ALTER TABLE `$C[prefix]members` ADD `incognito` TINYINT(1) UNSIGNED NOT NULL"); mysqli_query($mysqli, "ALTER TABLE `$C[prefix]sessions` ADD `incognito` TINYINT(1) UNSIGNED NOT NULL"); } if($dbversion<5){ mysqli_query($mysqli, "INSERT INTO `$C[prefix]settings` (`setting`, `value`) VALUES ('globalpass', '')"); } if($dbversion<6){ mysqli_query($mysqli, "INSERT INTO `$C[prefix]settings` (`setting`, `value`) VALUES ('dateformat', 'm-d H:i:s')"); } if($dbversion<7){ mysqli_query($mysqli, "ALTER TABLE `$C[prefix]captcha` ADD `code` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL"); } if($dbversion<8){ mysqli_query($mysqli, "INSERT INTO `$C[prefix]settings` (`setting`, `value`) VALUES ('captcha', '0'), ('englobalpass', '0')"); $ga=get_setting('guestaccess'); if($ga==-1){ update_setting('guestaccess', 0); update_setting('englobalpass', 1); }elseif($ga==4){ update_setting('guestaccess', 1); update_setting('englobalpass', 2); } } if($dbversion<9){ mysqli_query($mysqli, "INSERT INTO `$C[prefix]settings` (`setting`,`value`) VALUES ('msgencrypted', '0')"); mysqli_query($mysqli, "ALTER TABLE `$C[prefix]settings` CHANGE `value` `value` text NOT NULL"); mysqli_query($mysqli, "ALTER TABLE `$C[prefix]messages` DROP `postid`"); } if($dbversion<10){ mysqli_query($mysqli, "INSERT INTO `$C[prefix]settings` (`setting`, `value`) VALUES ('css', 'a:visited{color:#B33CB4;} a:active{color:#FF0033;} a:link{color:#0000FF;} input,select,textarea{color:#FFFFFF;background-color:#000000;} a img{width:15%} a:hover img{width:35%} .error{color:#FF0033;} .delbutton{background-color:#660000;} .backbutton{background-color:#004400;} #exitbutton{background-color:#AA0000;}'), ('memberexpire', '60'), ('guestexpire', '15'), ('kickpenalty', '10'), ('entrywait', '120'), ('messageexpire', '14400'), ('messagelimit', '150'), ('maxmessage', 2000), ('captchatime', '600')"); mysqli_query($mysqli, "ALTER TABLE `$C[prefix]sessions` ADD `ip` TINYTEXT NOT NULL"); } if(get_setting('msgencrypted')!=$C['msgencrypted']){ $result=mysqli_query($mysqli, "SELECT `id`, `text` FROM `$C[prefix]messages`"); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]messages` SET `text`=? WHERE `id`=?"); while($message=mysqli_fetch_array($result, MYSQLI_ASSOC)){ if($C['msgencrypted']) $message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); else $message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); mysqli_stmt_bind_param($stmt, 'si', $message['text'], $message['id']); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); $result=mysqli_query($mysqli, "SELECT `id`, `text` FROM `$C[prefix]notes`"); $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]notes` SET `text`=? WHERE `id`=?"); while($message=mysqli_fetch_array($result, MYSQLI_ASSOC)){ if($C['msgencrypted']) $message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); else $message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', $C['encryptkey'], 0, '1234567890123456'); mysqli_stmt_bind_param($stmt, 'si', $message['text'], $message['id']); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); update_setting('msgencrypted', (int)$C['msgencrypted']); } update_setting('dbversion', $C['dbversion']); send_update(); } } function get_setting($setting){ global $C, $memcached, $mysqli; if(!$C['memcached'] || !$value=$memcached->get("$C[dbname]-$C[prefix]settings-$setting")){ $stmt=mysqli_prepare($mysqli, "SELECT `value` FROM `$C[prefix]settings` WHERE `setting`=?"); mysqli_stmt_bind_param($stmt, 's', $setting); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $value); mysqli_stmt_fetch($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]settings-$setting", $value); } return $value; } function update_setting($setting, $value){ global $C, $memcached, $mysqli; $stmt=mysqli_prepare($mysqli, "UPDATE `$C[prefix]settings` SET `value`=? WHERE `setting`=?"); mysqli_stmt_bind_param($stmt, 'ss', $value, $setting); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if($C['memcached']) $memcached->set("$C[dbname]-$C[prefix]settings-$setting", $value); } // configuration, defaults and internals function load_fonts(){ global $F; $F=array( 'Arial' =>" face='Arial,Helvetica,sans-serif'", 'Book Antiqua' =>" face='Book Antiqua,MS Gothic'", 'Comic' =>" face='Comic Sans MS,Papyrus'", 'Comic small' =>" face='Comic Sans MS,Papyrus' size=\"-1\"", 'Courier' =>" face='Courier New,Courier,monospace'", 'Cursive' =>" face='Cursive,Papyrus'", 'Fantasy' =>" face='Fantasy,Futura,Papyrus'", 'Garamond' =>" face='Garamond,Palatino,serif'", 'Georgia' =>" face='Georgia,Times New Roman,Times,serif'", 'Serif' =>" face='MS Serif,New York,serif'", 'System' =>" face='System,Chicago,sans-serif'", 'Times New Roman' =>" face='Times New Roman,Times,serif'", 'Verdana' =>" face='Verdana,Geneva,Arial,Helvetica,sans-serif'", 'Verdana small' =>" face='Verdana,Geneva,Arial,Helvetica,sans-serif' size=\"-1\"" ); } function load_html(){ global $C, $H, $I; $H=array(// default HTML 'begin_body' =>"body", 'form' =>"form action=\"$_SERVER[SCRIPT_NAME]\" method=\"post\" style=\"margin:0;padding:0;\"", 'meta_html' =>"$C[chatname]", 'credit' =>"

LE CHAT-PHP - $C[version]
" ); $H=$H+array( 'backtologin' =>"<$H[form] target=\"_parent\">".hidden('lang', $C['lang']).submit($I['backtologin'], 'class="backbutton"').'', 'backtochat' =>"<$H[form]>".hidden('action', 'view').hidden('session', $_REQUEST['session']).hidden('lang', $C['lang']).submit($I['backtochat'], 'class="backbutton"').'' ); } function check_db(){ global $C, $I, $memcached, $mysqli; $mysqli=mysqli_connect($C['dbhost'], $C['dbuser'], $C['dbpass'], $C['dbname']); if(mysqli_connect_errno($mysqli)){ if($_REQUEST['action']=='setup'){ die($I['nodbsetup']); }else{ die($I['nodb']); } } if($C['memcached']){ $memcached=new Memcached(); $memcached->addServer($C['memcachedhost'], $C['memcachedport']); } } function load_lang(){ global $C, $I, $L; $L=array( 'de' =>'Deutsch', 'en' =>'English' ); if(isSet($_REQUEST['lang']) && array_key_exists($_REQUEST['lang'], $L)){ $C['lang']=$_REQUEST['lang']; setcookie('language', $C['lang']); }elseif(isSet($_COOKIE['language']) && array_key_exists($_COOKIE['language'], $L)){ $C['lang']=$_COOKIE['language']; } include('lang_en.php'); //always include English if($C['lang']!=='en') include("lang_$C[lang].php"); //replace with translation if available } function load_config(){ global $C; $C=array( 'version' =>'1.11.2', // Script version 'dbversion' =>10, // Database version 'colbg' =>'000000', // Background colour 'coltxt' =>'FFFFFF', // Default text colour 'chatname' =>'My Chat', // Chat Name 'keeplimit' =>3, // Amount of messages to keep in the database (multiplied with max messages displayed) - increase if you have many private messages 'defaultrefresh'=>30, // Seconds to refresh the messages 'msgencrypted' =>false, // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing! 'encryptkey' =>'MY_KEY', // Encryption key for messages 'maxname' =>20, // Longest number of chatacters for a name 'minpass' =>5, // Shortest number of chatacters for a password 'dbhost' =>'p:localhost', // Database host 'dbuser' =>'www-data', // Database user 'dbpass' =>'YOUR_DB_PASS', // Database password 'dbname' =>'public_chat', // Database 'prefix' =>'', // Prefix - Set this to a unique value for every chat, if you have more than 1 chats on the same database or domain 'memcached' =>false, // Enable/disable memcached caching true/false - needs php5-memcached and a memcached server. 'memcachedhost' =>'localhost', // Memcached server 'memcachedport' =>'11211', // Memcached server 'captchachars' =>'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', // Characters used for captcha generation 'dismemcaptcha' =>false, // Disable captcha for members? true/false 'embed' =>true, // Default for displaying embedded imgs or turning them into links true/false 'imgembed' =>true, // Allow image embedding in chat using [img] tag? true/false 'suguests' =>false, // Adds option to add applicants. They will have a reserved nick protected with a password, but don't count as member true/false 'timestamps' =>true, // Display timestamps in front of the messages by default true/false 'incognito' =>true, // Allow mods and admins to be invisable true/false 'forceredirect' =>false, // Force redirect script or only use when no cookies available? true/false 'memkick' =>true, // Let a member kick guests if no mod is present 'sendmail' =>false, // Send mail on new message - only activate on low traffic chat or your inbox will fill up very fast! 'mailsender' =>'www-data ', // Send mail using this e-Mail address 'mailreceiver' =>'Webmaster ', // Send mail to this e-Mail address 'redirect' =>"$_SERVER[SCRIPT_NAME]?action=redirect&url=", // Redirect script default: "$_SERVER[SCRIPT_NAME]?action=redirect&url=" 'lang' =>'en', // Default language 'trackip' =>true // Display IP-Address in session overview - true/false ); $C=$C+array( 'cookiename' =>"$C[prefix]chat_session" // Cookie name storing the session information ); } ?>