part of the starting page; - the 'layout' function that creates the start page. The mains PHP variables used inside this script are: - $L -> the current language; - $Charset -> the name of the charset associated to the current language; - $Ver -> the JavaScript abilities of the browser of the user ('H' when DHTML enabled, 'M' when JavaScript1.1, 'L' else). - $U -> the login nick of the user; - $PASSWORD -> the password of the user in clear mode; - $PWD_Hash -> the md5 hash of '$PASSWORD'; - $N -> the number of messages to be shown each time the 'messages' frame is reloaded; - $D -> the timeout between each update of the 'messages' frame; - $T -> the type of the room the user wants to enter in; - $R0 -> the name of the default public room the user wants to enter in (not defined if he doesn't choose to enter one of the default public rooms); - $R1 -> the name of the 'other' public room the user wants to enter in (not defined if he doesn't choose to enter one of the 'other' public rooms); - $R2 -> the name of the room the user wants to create (not defined if he doesn't choose to create a room); - $E -> the name of the room the user just leaves. When $E is defined, the $EN boolean variable may also be defined and requires this script to insert an exit message to the 'messages' table; - $Reload -> when the user runs some specific actions inside the chat (he uses the '/join' command, clicks on a room name at the 'users' frame or resizes the window for the browser inside netscape 4+), this variable is defined to skip some tests that aren't necessary; - $perms -> permission level of the user for the room he wants to enter in. ---------------------------------------------------------------------------------- /* /*********** COMMON WORK ***********/ // Get the names and values for vars sent to index.lib.php3 if (isset($HTTP_GET_VARS)) { while(list($name,$value) = each($HTTP_GET_VARS)) { $$name = $value; }; }; // Get the names and values for vars posted from the form bellow if (isset($HTTP_POST_VARS)) { while(list($name,$value) = each($HTTP_POST_VARS)) { $$name = $value; }; }; // Fix some security holes if (!is_dir('./'.substr($ChatPath, 0, -1))) exit(); require("./${ChatPath}config/config.lib.php3"); require("./${ChatPath}lib/release.lib.php3"); require("./${ChatPath}localization/languages.lib.php3"); require("./${ChatPath}localization/".$L."/localized.chat.php3"); require("./${ChatPath}lib/database/".C_DB_TYPE.".lib.php3"); require("./${ChatPath}lib/clean.lib.php3"); include("./${ChatPath}lib/get_IP.lib.php3"); // Special cache instructions for IE5+ $CachePlus = ""; if (ereg("MSIE [56789]", (isset($HTTP_USER_AGENT)) ? $HTTP_USER_AGENT : getenv("HTTP_USER_AGENT"))) $CachePlus = ", pre-check=0, post-check=0, max-age=0"; $now = gmdate('D, d M Y H:i:s') . ' GMT'; header("Expires: $now"); header("Last-Modified: $now"); header("Cache-Control: no-cache, must-revalidate".$CachePlus); header("Pragma: no-cache"); header("Content-Type: text/html; charset=${Charset}"); // avoid server configuration for magic quotes set_magic_quotes_runtime(0); // Get the relative path to the script that called this one if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS["PHP_SELF"]; $Action = basename($PHP_SELF); $From = urlencode(ereg_replace("[^/]+/","../",$ChatPath).$Action); // For translations with a real iso code if (!isset($FontFace)) $FontFace = ""; // For others translations $DisplayFontMsg = !(isset($U) && $U != ""); // Translate to html special characters, and entities if message was sent with a latin 1 charset $Latin1 = ($Charset == "iso-8859-1"); function special_char($str,$lang) { return addslashes($lang ? htmlentities(stripslashes($str)) : htmlspecialchars(stripslashes($str))); }; // Ensure a room ($what) is include in a rooms list ($in) function room_in($what, $in) { $rooms = explode(",",$in); for (reset($rooms); $room_name=current($rooms); next($rooms)) { if (strcasecmp($what, $room_name) == 0) return true; }; return false; }; /*********** PART I ***********/ // Define the message to display if user comes here because he has been kicked if (isset($KICKED)) { switch ($KICKED) { case '1': $Error = L_REG_18; break; case '2': $Error = L_REG_39; break; case '3': $Error = L_ERR_USR_19; break; case '4': $Error = L_ERR_USR_20; }; }; $DbLink = new DB; // Fix some security issues if (isset($Reload)) { $isHacking = false; if (($Reload == 'JoinCmd') && (empty($E) || empty($Ver) || empty($L) || empty($U) || (empty($R0) && empty($R1) && empty($R2)) || empty($D))) { $isHacking = true; } else if (($Reload == 'NNResize') && (empty($Ver) || empty($L) || empty($U) || empty($R) || empty($T) || empty($D) || empty($N))) { $isHacking = true; } else { $DbLink->query("SELECT password FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1"); list($user_password) = $DbLink->next_record(); $DbLink->clean_results(); if (!empty($user_password) && (empty($PWD_Hash) || $PWD_Hash != $user_password)) $isHacking = true; unset($user_password); } if ($isHacking) { unset($Reload); if (isset($U)) unset($U); if (isset($PWD_Hash)) unset($PWD_Hash); if (isset($T)) unset($T); if (isset($R)) unset($R); if (isset($R0)) unset($R0); if (isset($R1)) unset($R1); if (isset($R2)) unset($R2); if (isset($E)) unset($E); $Error = L_ERR_USR_10; } } // Removes user from users table and if necessary add a notication message for him if(isset($E) && $E != "") { // Fix a security issue $DbLink->query("SELECT COUNT(*) FROM " . C_USR_TBL . " WHERE username='$U' AND ip='$IP' AND room='$E'"); list($isHacking) = $DbLink->next_record(); $isHacking = 1 - $isHacking; $DbLink->clean_results(); if ($isHacking) { // HACKERS Atack !!! unset($E); if (isset($U)) unset($U); $Error = L_ERR_USR_10; } else { $DbLink->query("DELETE FROM ".C_USR_TBL." WHERE username='$U' AND room='$E'"); if (isset($EN)) { $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')"); } } } // If no room is specified but the main form has been posted, define the room to enter // in as the first among default ones if ((isset($Form_Send) && $Form_Send) && (((C_VERSION == 0) || ((!isset($R0) || $R0 == "") && (!isset($R1) || $R1 == "") && (!isset($R2) || $R2 == ""))))) $R0 = $DefaultChatRooms[0]; // Optimize some of the tables when the user logs in if(isset($U) && (isset($N) && $N != "")) { $DbLink->optimize(C_MSG_TBL); $DbLink->optimize(C_USR_TBL); } //** Ensures the nick is a valid one except if the frameset is reloaded because of the // NN4+ resize bug or because the user runs a join command. ** if(!isset($Reload) && isset($U) && (isset($N) && $N != "")) { $relog = false; if (C_NO_SWEAR == 1) include("./${ChatPath}lib/swearing.lib.php3"); // Check for no nick entered in if ($U == "") { $Error = L_ERR_USR_2; } // Check for invalid characters or empty nick elseif (trim($U) == "" || ereg("[\, ]", stripslashes($U))) { $Error = L_ERR_USR_16; } // Check for swear words in the nick elseif (C_NO_SWEAR == 1 && checkwords($U, true)) { $Error = L_ERR_USR_18; } else { $DbLink->query("SELECT room FROM ".C_USR_TBL." WHERE username='$U' LIMIT 1"); $Nb = $DbLink->num_rows(); // If the same nick is already in use and the user is not registered deny access if($Nb != 0 && $PASSWORD == "" && !isset($PWD_Hash)) { $Error = L_ERR_USR_1; $DbLink->clean_results(); } else { list($room) = $DbLink->next_record(); $DbLink->clean_results(); $DbLink->query("SELECT password,perms,rooms FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1"); $reguser = ($DbLink->num_rows() != 0); if ($reguser) list($user_password,$perms,$rooms) = $DbLink->next_record(); $DbLink->clean_results(); if (!(isset($E) && $E != "")) { // Check for password if the nick exist in registered users table if ($reguser) { if ($PASSWORD == "" && !isset($PWD_Hash)) { $Error = L_ERR_USR_3; } else { if (md5(stripslashes($PASSWORD)) != $user_password && (!isset($PWD_Hash) || $PWD_Hash != $user_password)) $Error = L_ERR_USR_4; } if (!isset($Error)) $DbLink->query("UPDATE ".C_REG_TBL." SET reg_time=".time()." WHERE username='$U'"); } // If users isn't a registered one and phpMyChat require registration deny access else if (C_REQUIRE_REGISTER) { $Error = L_ERR_USR_14; } } // The var bellow is set to 1 when a registered user is allowed to log using a nick // that already exist in the users table $relog = ($Nb != 0 && !isset($Error)); $CookieUsername = urlencode(stripslashes($U)); setcookie("CookieUsername", $CookieUsername, time() + 60*60*24*365); // cookie expires in one year } } } // ** Get perms of the user if the script is called by a join command ** if (isset($Reload) && $Reload == "JoinCmd") { $DbLink->query("SELECT perms,rooms FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1"); $reguser = ($DbLink->num_rows() != 0); if ($reguser) list($perms,$rooms) = $DbLink->next_record(); $DbLink->clean_results(); }; // ** Ensure the user is not banished from the room he wants to enter in ** if(!isset($Error) && (isset($N) && $N != "") && !isset($Reload)) { if (C_BANISH != "0" && (!isset($perms) || $perms != "admin")) { include("./${ChatPath}lib/banish.lib.php3"); if ($IsBanished) $Error = L_ERR_USR_20; }; }; // ** Ensures the user can create a room and the room name is a valid one (bypassed test // when the frameset is reloaded because of the NN4+ resize bug). ** if(!isset($Error) && (isset($R2) && $R2 != "")) { // Skipped when the script is called by a join command. if (!isset($Reload)) { // User is not registered -> Deny room creation if (!$reguser) { $Error = L_ERR_USR_13; } // Check for invalid characters or empty room name else if (trim($R2) == "" || ereg("[,\]", stripslashes($R2))) { $Error = L_ERR_ROM_1; } // Check for swear words in room name else if(C_NO_SWEAR == 1 && checkwords($R2, true)) { $Error = L_ERR_ROM_2; } // Ensure there is no existing room with the same name but a different type... else { // ...among reserved name for private/public (default) rooms $ToCheck = ($T == "1" ? $DefaultPrivateRooms : $DefaultChatRooms); for ($i = 0; $i < count($ToCheck); $i++) { if (strcasecmp($R2,$ToCheck[$i]) == "0") { $Error = ($T == 0 ? L_ERR_ROM_3:L_ERR_ROM_4); break; }; }; unset($ToCheck); // ...among other rooms created by users if (!isset($Error)) { $T1 = 1 - $T; $DbLink->query("SELECT count(*) FROM ".C_MSG_TBL." WHERE room = '$R2' AND type = '$T1' LIMIT 1"); list($Nb) = $DbLink->next_record(); $DbLink->clean_results(); if($Nb != 0) $Error = ($T == 0 ? L_ERR_ROM_3:L_ERR_ROM_4); }; }; }; // Define the user status if (!isset($Error)) { $register_room = true; // If the name of the room to be created is a reserved one for private/public (default) rooms, // status will be 'user'. Skipped when the script is called by a join command. if (!isset($Reload)) { $ToCheck = ($T == "1" ? $DefaultChatRooms : $DefaultPrivateRooms); for ($i = 0; $i < count($ToCheck); $i++) { if (strcasecmp($R2,$ToCheck[$i]) == "0") $register_room = false; }; unset($ToCheck); }; // If room name is the same than one of an existing room containing "true" messages // (not only notifications of users entrance/exit) or containing only "system" // message but an other user is already logged in, status will be 'user' if ($register_room) { $DbLink->query("SELECT Count(*) FROM ".C_MSG_TBL." WHERE room='$R2' AND username NOT LIKE 'SYS %' LIMIT 1"); list($count) = $DbLink->next_record(); $register_room = ($count == "0"); $DbLink->clean_results(); }; if ($register_room) { $DbLink->query("SELECT count(*) FROM ".C_USR_TBL." WHERE room='$R2' AND username != '$U' LIMIT 1"); list($anybody) = $DbLink->next_record(); $register_room = ($anybody == 0); $DbLink->clean_results(); }; if ($register_room) { // If an other registered user is already moderator for the room to be created but // there is no "true" message in this room then set his status to user for this room $UpdLink = new DB; $DbLink->query("SELECT username,rooms FROM ".C_REG_TBL." WHERE perms = 'moderator' AND username != '$U'"); while (list($mod_un,$mod_rooms) = $DbLink->next_record()) { $changed = false; $roomTab = explode(",",$mod_rooms); for ($i = 0; $i < count($roomTab); $i++) { if (strcasecmp(stripslashes($R2), $roomTab[$i]) == 0) { $roomTab[$i] = ""; $changed = true; break; }; }; if ($changed) { $mod_rooms = str_replace(",,",",",ereg_replace("^,|,$","",implode(",",$roomTab))); $UpdLink->query("UPDATE ".C_REG_TBL." SET rooms='".addslashes($mod_rooms)."' WHERE username='".addslashes($mod_un)."'"); $UpdLink->query("UPDATE ".C_USR_TBL." SET status='r' WHERE room='$R2' AND username='".addslashes($mod_un)."'"); }; unset($roomTab); }; $DbLink->clean_results(); // Update the current user status for the room to be created in registered users table $changed = false; if (!room_in(stripslashes($R2), $rooms)) { if ($rooms != "") $rooms .= ","; $rooms .= stripslashes($R2); $changed = true; } if ($perms == "user" || $perms == "") { $perms = "moderator"; $changed = true; } if (($changed)&&($perms != "admin")) { $DbLink->query("UPDATE ".C_REG_TBL." SET perms='$perms', rooms='".addslashes($rooms)."' WHERE username='$U'"); } } } } // ** Enter the chat ** if(!isset($Error) && (isset($N) && $N != "")) { if(isset($R2) && $R2 != "") { $R = $R2; } elseif (!isset($R)) // $R is set when the frameset is reloaded because of the NN4+ resize bug. { $T = 1; $R = (isset($R0) && $R0 != "")? $R0 : $R1; }; $CookieRoom = urlencode(stripslashes($R)); setcookie("CookieRoom", $CookieRoom, time() + 60*60*24*365); // cookie expires in one year setcookie("CookieRoomType", $T, time() + 60*60*24*365); // cookie expires in one year if (isset($HTTP_COOKIE_VARS)) { if (isset($HTTP_COOKIE_VARS["CookieMsgOrder"])) $CookieMsgOrder = $HTTP_COOKIE_VARS["CookieMsgOrder"]; if (isset($HTTP_COOKIE_VARS["CookieShowTimestamp"])) $CookieShowTimestamp = $HTTP_COOKIE_VARS["CookieShowTimestamp"]; if (isset($HTTP_COOKIE_VARS["CookieNotify"])) $CookieNotify = $HTTP_COOKIE_VARS["CookieNotify"]; }; if (!isset($O)) $O = isset($CookieMsgOrder) ? $CookieMsgOrder : C_MSG_ORDER; if (!isset($ST)) $ST = isset($CookieShowTimestamp) ? $CookieShowTimestamp : C_SHOW_TIMESTAMP; if (!isset($NT)) $NT = isset($CookieNotify) ? $CookieNotify : C_NOTIFY; if (!isset($PWD_Hash)) $PWD_Hash = (isset($reguser) && $reguser ? md5(stripslashes($PASSWORD)) : ""); // Define the user status to be put in the users table if necessary. Skipped when the // frameset is reloaded because of the NN4+ resize bug. if (!isset($Reload) || $Reload != "NNResize") { if (!isset($perms)) $perms = ((isset($reguser) && $reguser) ? "" : "noreg"); switch ($perms) { case 'admin': $status = "a"; break; case 'moderator': $status = (room_in(stripslashes($R), $rooms) ? "m" : "r"); break; case 'noreg': $status = "u"; break; default: $status = "r"; }; }; // Udpates the IP address and the last log. time of the user in the regsistered users table if necessary if (isset($reguser) && $reguser) $DbLink->query("UPDATE ".C_REG_TBL." SET reg_time='".time()."', ip='$IP' WHERE username='$U'"); // In the case of a registered user that logs again... // ...in the same room update his logging time and update his IP address; // ...in an other room kick him from the other room, put a notification message of // exit for this room, update the users table and put a notification message of // entrance for the room he log in. $current_time = time(); if (isset($relog) && $relog) { if (stripslashes($R) == $room) { $DbLink->query("UPDATE ".C_USR_TBL." SET u_time='$current_time', ip='$IP' WHERE username='$U'"); } else { $DbLink->query("SELECT type FROM ".C_MSG_TBL." WHERE room='".addslashes($room)."' LIMIT 1"); list($type) = $DbLink->next_record(); $DbLink->clean_results(); $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ('$type', '".addslashes($room)."', 'SYS exit', '', '$current_time', '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')"); $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS enter', '', '$current_time', '', 'sprintf(L_ENTER_ROM, \"".special_char($U,$Latin1)."\")')"); $DbLink->query("UPDATE ".C_USR_TBL." SET room='$R',u_time='$current_time', status='$status', ip='$IP' WHERE username='$U'"); if (C_WELCOME) { // Delete old welcome messages sent to the current user $DbLink->query("DELETE FROM ".C_MSG_TBL." WHERE username = 'SYS welcome' AND address = '$U'"); // Insert a new welcome message in the messages table include("./${ChatPath}lib/welcome.lib.php3"); $current_time_plus = $current_time + 1; // ensures the welcome msg is the last one $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS welcome', '', '$current_time_plus', '$U', 'sprintf(\"".WELCOME_MSG."\")')"); }; }; } // In the case of an user that logs again in the same room because of the resize bug of NN4+ // update his logging time and his IP address elseif (isset($Reload) && $Reload == "NNResize") { $DbLink->query("UPDATE ".C_USR_TBL." SET room='$R',u_time='$current_time', ip='$IP' WHERE username='$U'"); } // For all other case of users entering in, set user infos. in users table and put a // notification message of entrance in the messages table else { $DbLink->query("INSERT INTO ".C_USR_TBL." VALUES ('$R', '$U', '$Latin1', '$current_time', '$status','$IP')"); $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS enter', '', '$current_time', '', 'sprintf(L_ENTER_ROM, \"".special_char($U,$Latin1)."\")')"); if (C_WELCOME) { // Delete old welcome messages sent to the current user $DbLink->query("DELETE FROM ".C_MSG_TBL." WHERE username = 'SYS welcome' AND address = '$U'"); // Insert a new welcome message in the messages table include("./${ChatPath}lib/welcome.lib.php3"); $current_time_plus = $current_time + 1; // ensures the welcome msg is the last one $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS welcome', '', '$current_time_plus', '$U', 'sprintf(\"".WELCOME_MSG."\")')"); }; }; // Delete invite messages sent to the user for the room he will enter in $DbLink->query("SELECT m_time FROM ".C_MSG_TBL." WHERE username='SYS inviteTo' AND address='$U' AND room='$R'"); if($DbLink->num_rows() != 0) { $DelLink = new DB; while(list($sent_time) = $DbLink->next_record()) { $DelLink->query("DELETE FROM ".C_MSG_TBL." WHERE m_time='$sent_time' AND (username='SYS inviteFrom' OR (username='SYS inviteTo' AND address='$U'))"); }; }; ?>
|