part of the starting page;
- the 'layout' function that creates the start page.
The mains PHP variables used inside this script are:
- $L -> the current language;
- $Charset -> the name of the charset associated to the current language;
- $Ver -> the JavaScript abilities of the browser of the user ('H' when DHTML
enabled, 'M' when JavaScript1.1, 'L' else).
- $U -> the login nick of the user;
- $PASSWORD -> the password of the user in clear mode;
- $PWD_Hash -> the md5 hash of '$PASSWORD';
- $N -> the number of messages to be shown each time the 'messages' frame is
reloaded;
- $D -> the timeout between each update of the 'messages' frame;
- $T -> the type of the room the user wants to enter in;
- $R0 -> the name of the default public room the user wants to enter in (not
defined if he doesn't choose to enter one of the default public rooms);
- $R1 -> the name of the 'other' public room the user wants to enter in (not
defined if he doesn't choose to enter one of the 'other' public rooms);
- $R2 -> the name of the room the user wants to create (not defined if he
doesn't choose to create a room);
- $E -> the name of the room the user just leaves. When $E is defined, the $EN
boolean variable may also be defined and requires this script to insert
an exit message to the 'messages' table;
- $Reload -> when the user runs some specific actions inside the chat (he uses
the '/join' command, clicks on a room name at the 'users' frame or resizes
the window for the browser inside netscape 4+), this variable is defined
to skip some tests that aren't necessary;
- $perms -> permission level of the user for the room he wants to enter in.
---------------------------------------------------------------------------------- /*
/*********** COMMON WORK ***********/
// Get the names and values for vars sent to index.lib.php3
if (isset($HTTP_GET_VARS))
{
while(list($name,$value) = each($HTTP_GET_VARS))
{
$$name = $value;
};
};
// Get the names and values for vars posted from the form bellow
if (isset($HTTP_POST_VARS))
{
while(list($name,$value) = each($HTTP_POST_VARS))
{
$$name = $value;
};
};
// Fix some security holes
if (!is_dir('./'.substr($ChatPath, 0, -1))) exit();
require("./${ChatPath}config/config.lib.php3");
require("./${ChatPath}lib/release.lib.php3");
require("./${ChatPath}localization/languages.lib.php3");
require("./${ChatPath}localization/".$L."/localized.chat.php3");
require("./${ChatPath}lib/database/".C_DB_TYPE.".lib.php3");
require("./${ChatPath}lib/clean.lib.php3");
include("./${ChatPath}lib/get_IP.lib.php3");
// Special cache instructions for IE5+
$CachePlus = "";
if (ereg("MSIE [56789]", (isset($HTTP_USER_AGENT)) ? $HTTP_USER_AGENT : getenv("HTTP_USER_AGENT"))) $CachePlus = ", pre-check=0, post-check=0, max-age=0";
$now = gmdate('D, d M Y H:i:s') . ' GMT';
header("Expires: $now");
header("Last-Modified: $now");
header("Cache-Control: no-cache, must-revalidate".$CachePlus);
header("Pragma: no-cache");
header("Content-Type: text/html; charset=${Charset}");
// avoid server configuration for magic quotes
set_magic_quotes_runtime(0);
// Get the relative path to the script that called this one
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS["PHP_SELF"];
$Action = basename($PHP_SELF);
$From = urlencode(ereg_replace("[^/]+/","../",$ChatPath).$Action);
// For translations with a real iso code
if (!isset($FontFace)) $FontFace = "";
// For others translations
$DisplayFontMsg = !(isset($U) && $U != "");
// Translate to html special characters, and entities if message was sent with a latin 1 charset
$Latin1 = ($Charset == "iso-8859-1");
function special_char($str,$lang)
{
return addslashes($lang ? htmlentities(stripslashes($str)) : htmlspecialchars(stripslashes($str)));
};
// Ensure a room ($what) is include in a rooms list ($in)
function room_in($what, $in)
{
$rooms = explode(",",$in);
for (reset($rooms); $room_name=current($rooms); next($rooms))
{
if (strcasecmp($what, $room_name) == 0) return true;
};
return false;
};
/*********** PART I ***********/
// Define the message to display if user comes here because he has been kicked
if (isset($KICKED))
{
switch ($KICKED)
{
case '1':
$Error = L_REG_18;
break;
case '2':
$Error = L_REG_39;
break;
case '3':
$Error = L_ERR_USR_19;
break;
case '4':
$Error = L_ERR_USR_20;
};
};
$DbLink = new DB;
// Fix some security issues
if (isset($Reload))
{
$isHacking = false;
if (($Reload == 'JoinCmd')
&& (empty($E) || empty($Ver) || empty($L) || empty($U) || (empty($R0) && empty($R1) && empty($R2)) || empty($D)))
{
$isHacking = true;
}
else if (($Reload == 'NNResize')
&& (empty($Ver) || empty($L) || empty($U) || empty($R) || empty($T) || empty($D) || empty($N)))
{
$isHacking = true;
}
else
{
$DbLink->query("SELECT password FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1");
list($user_password) = $DbLink->next_record();
$DbLink->clean_results();
if (!empty($user_password) && (empty($PWD_Hash) || $PWD_Hash != $user_password))
$isHacking = true;
unset($user_password);
}
if ($isHacking)
{
unset($Reload);
if (isset($U)) unset($U);
if (isset($PWD_Hash)) unset($PWD_Hash);
if (isset($T)) unset($T);
if (isset($R)) unset($R);
if (isset($R0)) unset($R0);
if (isset($R1)) unset($R1);
if (isset($R2)) unset($R2);
if (isset($E)) unset($E);
$Error = L_ERR_USR_10;
}
}
// Removes user from users table and if necessary add a notication message for him
if(isset($E) && $E != "")
{
// Fix a security issue
$DbLink->query("SELECT COUNT(*) FROM " . C_USR_TBL . " WHERE username='$U' AND ip='$IP' AND room='$E'");
list($isHacking) = $DbLink->next_record();
$isHacking = 1 - $isHacking;
$DbLink->clean_results();
if ($isHacking)
{
// HACKERS Atack !!!
unset($E);
if (isset($U)) unset($U);
$Error = L_ERR_USR_10;
}
else
{
$DbLink->query("DELETE FROM ".C_USR_TBL." WHERE username='$U' AND room='$E'");
if (isset($EN))
{
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");
}
}
}
// If no room is specified but the main form has been posted, define the room to enter
// in as the first among default ones
if ((isset($Form_Send) && $Form_Send) && (((C_VERSION == 0) || ((!isset($R0) || $R0 == "") && (!isset($R1) || $R1 == "") && (!isset($R2) || $R2 == ""))))) $R0 = $DefaultChatRooms[0];
// Optimize some of the tables when the user logs in
if(isset($U) && (isset($N) && $N != ""))
{
$DbLink->optimize(C_MSG_TBL);
$DbLink->optimize(C_USR_TBL);
}
//** Ensures the nick is a valid one except if the frameset is reloaded because of the
// NN4+ resize bug or because the user runs a join command. **
if(!isset($Reload) && isset($U) && (isset($N) && $N != ""))
{
$relog = false;
if (C_NO_SWEAR == 1) include("./${ChatPath}lib/swearing.lib.php3");
// Check for no nick entered in
if ($U == "")
{
$Error = L_ERR_USR_2;
}
// Check for invalid characters or empty nick
elseif (trim($U) == "" || ereg("[\, ]", stripslashes($U)))
{
$Error = L_ERR_USR_16;
}
// Check for swear words in the nick
elseif (C_NO_SWEAR == 1 && checkwords($U, true))
{
$Error = L_ERR_USR_18;
}
else
{
$DbLink->query("SELECT room FROM ".C_USR_TBL." WHERE username='$U' LIMIT 1");
$Nb = $DbLink->num_rows();
// If the same nick is already in use and the user is not registered deny access
if($Nb != 0 && $PASSWORD == "" && !isset($PWD_Hash))
{
$Error = L_ERR_USR_1;
$DbLink->clean_results();
}
else
{
list($room) = $DbLink->next_record();
$DbLink->clean_results();
$DbLink->query("SELECT password,perms,rooms FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1");
$reguser = ($DbLink->num_rows() != 0);
if ($reguser) list($user_password,$perms,$rooms) = $DbLink->next_record();
$DbLink->clean_results();
if (!(isset($E) && $E != ""))
{
// Check for password if the nick exist in registered users table
if ($reguser)
{
if ($PASSWORD == "" && !isset($PWD_Hash))
{
$Error = L_ERR_USR_3;
}
else
{
if (md5(stripslashes($PASSWORD)) != $user_password && (!isset($PWD_Hash) || $PWD_Hash != $user_password)) $Error = L_ERR_USR_4;
}
if (!isset($Error)) $DbLink->query("UPDATE ".C_REG_TBL." SET reg_time=".time()." WHERE username='$U'");
}
// If users isn't a registered one and phpMyChat require registration deny access
else if (C_REQUIRE_REGISTER)
{
$Error = L_ERR_USR_14;
}
}
// The var bellow is set to 1 when a registered user is allowed to log using a nick
// that already exist in the users table
$relog = ($Nb != 0 && !isset($Error));
$CookieUsername = urlencode(stripslashes($U));
setcookie("CookieUsername", $CookieUsername, time() + 60*60*24*365); // cookie expires in one year
}
}
}
// ** Get perms of the user if the script is called by a join command **
if (isset($Reload) && $Reload == "JoinCmd")
{
$DbLink->query("SELECT perms,rooms FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1");
$reguser = ($DbLink->num_rows() != 0);
if ($reguser) list($perms,$rooms) = $DbLink->next_record();
$DbLink->clean_results();
};
// ** Ensure the user is not banished from the room he wants to enter in **
if(!isset($Error) && (isset($N) && $N != "") && !isset($Reload))
{
if (C_BANISH != "0" && (!isset($perms) || $perms != "admin"))
{
include("./${ChatPath}lib/banish.lib.php3");
if ($IsBanished) $Error = L_ERR_USR_20;
};
};
// ** Ensures the user can create a room and the room name is a valid one (bypassed test
// when the frameset is reloaded because of the NN4+ resize bug). **
if(!isset($Error) && (isset($R2) && $R2 != ""))
{
// Skipped when the script is called by a join command.
if (!isset($Reload))
{
// User is not registered -> Deny room creation
if (!$reguser)
{
$Error = L_ERR_USR_13;
}
// Check for invalid characters or empty room name
else if (trim($R2) == "" || ereg("[,\]", stripslashes($R2)))
{
$Error = L_ERR_ROM_1;
}
// Check for swear words in room name
else if(C_NO_SWEAR == 1 && checkwords($R2, true))
{
$Error = L_ERR_ROM_2;
}
// Ensure there is no existing room with the same name but a different type...
else
{
// ...among reserved name for private/public (default) rooms
$ToCheck = ($T == "1" ? $DefaultPrivateRooms : $DefaultChatRooms);
for ($i = 0; $i < count($ToCheck); $i++)
{
if (strcasecmp($R2,$ToCheck[$i]) == "0")
{
$Error = ($T == 0 ? L_ERR_ROM_3:L_ERR_ROM_4);
break;
};
};
unset($ToCheck);
// ...among other rooms created by users
if (!isset($Error))
{
$T1 = 1 - $T;
$DbLink->query("SELECT count(*) FROM ".C_MSG_TBL." WHERE room = '$R2' AND type = '$T1' LIMIT 1");
list($Nb) = $DbLink->next_record();
$DbLink->clean_results();
if($Nb != 0) $Error = ($T == 0 ? L_ERR_ROM_3:L_ERR_ROM_4);
};
};
};
// Define the user status
if (!isset($Error))
{
$register_room = true;
// If the name of the room to be created is a reserved one for private/public (default) rooms,
// status will be 'user'. Skipped when the script is called by a join command.
if (!isset($Reload))
{
$ToCheck = ($T == "1" ? $DefaultChatRooms : $DefaultPrivateRooms);
for ($i = 0; $i < count($ToCheck); $i++)
{
if (strcasecmp($R2,$ToCheck[$i]) == "0") $register_room = false;
};
unset($ToCheck);
};
// If room name is the same than one of an existing room containing "true" messages
// (not only notifications of users entrance/exit) or containing only "system"
// message but an other user is already logged in, status will be 'user'
if ($register_room)
{
$DbLink->query("SELECT Count(*) FROM ".C_MSG_TBL." WHERE room='$R2' AND username NOT LIKE 'SYS %' LIMIT 1");
list($count) = $DbLink->next_record();
$register_room = ($count == "0");
$DbLink->clean_results();
};
if ($register_room)
{
$DbLink->query("SELECT count(*) FROM ".C_USR_TBL." WHERE room='$R2' AND username != '$U' LIMIT 1");
list($anybody) = $DbLink->next_record();
$register_room = ($anybody == 0);
$DbLink->clean_results();
};
if ($register_room)
{
// If an other registered user is already moderator for the room to be created but
// there is no "true" message in this room then set his status to user for this room
$UpdLink = new DB;
$DbLink->query("SELECT username,rooms FROM ".C_REG_TBL." WHERE perms = 'moderator' AND username != '$U'");
while (list($mod_un,$mod_rooms) = $DbLink->next_record())
{
$changed = false;
$roomTab = explode(",",$mod_rooms);
for ($i = 0; $i < count($roomTab); $i++)
{
if (strcasecmp(stripslashes($R2), $roomTab[$i]) == 0)
{
$roomTab[$i] = "";
$changed = true;
break;
};
};
if ($changed)
{
$mod_rooms = str_replace(",,",",",ereg_replace("^,|,$","",implode(",",$roomTab)));
$UpdLink->query("UPDATE ".C_REG_TBL." SET rooms='".addslashes($mod_rooms)."' WHERE username='".addslashes($mod_un)."'");
$UpdLink->query("UPDATE ".C_USR_TBL." SET status='r' WHERE room='$R2' AND username='".addslashes($mod_un)."'");
};
unset($roomTab);
};
$DbLink->clean_results();
// Update the current user status for the room to be created in registered users table
$changed = false;
if (!room_in(stripslashes($R2), $rooms))
{
if ($rooms != "") $rooms .= ",";
$rooms .= stripslashes($R2);
$changed = true;
}
if ($perms == "user" || $perms == "")
{
$perms = "moderator";
$changed = true;
}
if (($changed)&&($perms != "admin"))
{
$DbLink->query("UPDATE ".C_REG_TBL." SET perms='$perms', rooms='".addslashes($rooms)."' WHERE username='$U'");
}
}
}
}
// ** Enter the chat **
if(!isset($Error) && (isset($N) && $N != ""))
{
if(isset($R2) && $R2 != "")
{
$R = $R2;
}
elseif (!isset($R)) // $R is set when the frameset is reloaded because of the NN4+ resize bug.
{
$T = 1;
$R = (isset($R0) && $R0 != "")? $R0 : $R1;
};
$CookieRoom = urlencode(stripslashes($R));
setcookie("CookieRoom", $CookieRoom, time() + 60*60*24*365); // cookie expires in one year
setcookie("CookieRoomType", $T, time() + 60*60*24*365); // cookie expires in one year
if (isset($HTTP_COOKIE_VARS))
{
if (isset($HTTP_COOKIE_VARS["CookieMsgOrder"])) $CookieMsgOrder = $HTTP_COOKIE_VARS["CookieMsgOrder"];
if (isset($HTTP_COOKIE_VARS["CookieShowTimestamp"])) $CookieShowTimestamp = $HTTP_COOKIE_VARS["CookieShowTimestamp"];
if (isset($HTTP_COOKIE_VARS["CookieNotify"])) $CookieNotify = $HTTP_COOKIE_VARS["CookieNotify"];
};
if (!isset($O)) $O = isset($CookieMsgOrder) ? $CookieMsgOrder : C_MSG_ORDER;
if (!isset($ST)) $ST = isset($CookieShowTimestamp) ? $CookieShowTimestamp : C_SHOW_TIMESTAMP;
if (!isset($NT)) $NT = isset($CookieNotify) ? $CookieNotify : C_NOTIFY;
if (!isset($PWD_Hash)) $PWD_Hash = (isset($reguser) && $reguser ? md5(stripslashes($PASSWORD)) : "");
// Define the user status to be put in the users table if necessary. Skipped when the
// frameset is reloaded because of the NN4+ resize bug.
if (!isset($Reload) || $Reload != "NNResize")
{
if (!isset($perms)) $perms = ((isset($reguser) && $reguser) ? "" : "noreg");
switch ($perms)
{
case 'admin':
$status = "a";
break;
case 'moderator':
$status = (room_in(stripslashes($R), $rooms) ? "m" : "r");
break;
case 'noreg':
$status = "u";
break;
default:
$status = "r";
};
};
// Udpates the IP address and the last log. time of the user in the regsistered users table if necessary
if (isset($reguser) && $reguser) $DbLink->query("UPDATE ".C_REG_TBL." SET reg_time='".time()."', ip='$IP' WHERE username='$U'");
// In the case of a registered user that logs again...
// ...in the same room update his logging time and update his IP address;
// ...in an other room kick him from the other room, put a notification message of
// exit for this room, update the users table and put a notification message of
// entrance for the room he log in.
$current_time = time();
if (isset($relog) && $relog)
{
if (stripslashes($R) == $room)
{
$DbLink->query("UPDATE ".C_USR_TBL." SET u_time='$current_time', ip='$IP' WHERE username='$U'");
}
else
{
$DbLink->query("SELECT type FROM ".C_MSG_TBL." WHERE room='".addslashes($room)."' LIMIT 1");
list($type) = $DbLink->next_record();
$DbLink->clean_results();
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ('$type', '".addslashes($room)."', 'SYS exit', '', '$current_time', '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS enter', '', '$current_time', '', 'sprintf(L_ENTER_ROM, \"".special_char($U,$Latin1)."\")')");
$DbLink->query("UPDATE ".C_USR_TBL." SET room='$R',u_time='$current_time', status='$status', ip='$IP' WHERE username='$U'");
if (C_WELCOME)
{
// Delete old welcome messages sent to the current user
$DbLink->query("DELETE FROM ".C_MSG_TBL." WHERE username = 'SYS welcome' AND address = '$U'");
// Insert a new welcome message in the messages table
include("./${ChatPath}lib/welcome.lib.php3");
$current_time_plus = $current_time + 1; // ensures the welcome msg is the last one
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS welcome', '', '$current_time_plus', '$U', 'sprintf(\"".WELCOME_MSG."\")')");
};
};
}
// In the case of an user that logs again in the same room because of the resize bug of NN4+
// update his logging time and his IP address
elseif (isset($Reload) && $Reload == "NNResize")
{
$DbLink->query("UPDATE ".C_USR_TBL." SET room='$R',u_time='$current_time', ip='$IP' WHERE username='$U'");
}
// For all other case of users entering in, set user infos. in users table and put a
// notification message of entrance in the messages table
else
{
$DbLink->query("INSERT INTO ".C_USR_TBL." VALUES ('$R', '$U', '$Latin1', '$current_time', '$status','$IP')");
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS enter', '', '$current_time', '', 'sprintf(L_ENTER_ROM, \"".special_char($U,$Latin1)."\")')");
if (C_WELCOME)
{
// Delete old welcome messages sent to the current user
$DbLink->query("DELETE FROM ".C_MSG_TBL." WHERE username = 'SYS welcome' AND address = '$U'");
// Insert a new welcome message in the messages table
include("./${ChatPath}lib/welcome.lib.php3");
$current_time_plus = $current_time + 1; // ensures the welcome msg is the last one
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS welcome', '', '$current_time_plus', '$U', 'sprintf(\"".WELCOME_MSG."\")')");
};
};
// Delete invite messages sent to the user for the room he will enter in
$DbLink->query("SELECT m_time FROM ".C_MSG_TBL." WHERE username='SYS inviteTo' AND address='$U' AND room='$R'");
if($DbLink->num_rows() != 0)
{
$DelLink = new DB;
while(list($sent_time) = $DbLink->next_record())
{
$DelLink->query("DELETE FROM ".C_MSG_TBL." WHERE m_time='$sent_time' AND (username='SYS inviteFrom' OR (username='SYS inviteTo' AND address='$U'))");
};
};
?>
<?php echo(APP_NAME); ?>
close();
exit;
} // end of entering the chat work
/*********** 'send_headers' FUNCTION ***********/
/* ------------------------------------------------------------------------------------------
The send_headers function add lines at the head part of your html file.
$title var allows to show "phpMyChat" as the title for your window when sets to 1/true.
$icon var allows to set phpMyChat icon as the icon for favorites when sets to 1/true.
--------------------------------------------------------------------------------------- */
function send_headers($title, $icon)
{
global $ChatPath, $From, $L;
global $Charset, $FontName, $FontSize;
if ($title)
echo("\t" . '' . APP_NAME . '' . "\n");
?>
\n");
// For translations with an explicit charset (not the 'x-user-defined' one)
if (!isset($FontName)) $FontName = "";
?>
" TYPE="text/css">