<?php
require("ipcheck.php");
require("./lib/killtags.lib.php");
/**********************************************************
******* *********
******* These lines are commented out as a test. *********
******* It is likely that they are not needed, *********
******* and are a major contributor to the all *********
******* of the chat's security vulnerabilites. *********
******* *********
**********************************************************/
// Get the names and values for vars sent by index.lib.php3
//if (isset($HTTP_GET_VARS))
//{
// while(list($name,$value) = each($HTTP_GET_VARS))
// {
// $$name = killtags($value);
// };
//};
//
// *********** END TEST ***********************************
// Get the names and values for post vars
if (isset($HTTP_POST_VARS)) {
while(list($name,
$value) =
each($HTTP_POST_VARS)) {
$$name = killtags($value);
};
};
require("./config/config.lib.php3");
require("./localization/english/localized.chat.php3");
require("./lib/release.lib.php3");
require("./lib/database/".C_DB_TYPE.".lib.php3");
require("./lib/clean.lib.php3");
require("sanitize.inc");
header("Content-Type: text/html; charset=${Charset}");
// avoid server configuration for magic quotes
if ($T != 0 && $T != 1) $T = 1;
// Translate to html special characters, and entities if message was sent with a latin 1 charset
$Latin1 = ($Charset == "iso-8859-1");
function special_char($str,$lang)
{
};
$DbLink = new DB;
// ** Updates user info in connected users tables and fix some security issues **
// Fixed a security issue thanks to SeazoN
if (C_REQUIRE_REGISTER &&
(!
isset($PWD_Hash) ||
$PWD_Hash ==
'')) {
header("Location: index.php?KICKED=5");
}
else if (isset($PWD_Hash) &&
$PWD_Hash !=
'') {
$DbLink->query( 'SELECT ' . C_USR_TBL . '.room, ' . C_USR_TBL . '.status, ' . C_USR_TBL . '.timeout, ' . C_USR_TBL. '.ip'
. ' FROM ' . C_USR_TBL . ', ' . C_REG_TBL
.
' WHERE ' . C_USR_TBL .
'.username = \'' .
addslashes($U) .
'\'' .
' AND ' . C_REG_TBL .
'.username = \'' .
addslashes($U) .
'\'' .
' AND ' . C_REG_TBL .
'.password = \'' .
addslashes($PWD_Hash) .
'\'' . ' LIMIT 1');
}
else // C_REQUIRE_REGISTER == 0 && $PWD_Hash is empty
{
$DbLink->
query('SELECT username FROM ' . C_REG_TBL .
' WHERE username = \'' .
addslashes($U) .
'\' LIMIT 1');
if ($DbLink->num_rows() == 0)
{
$DbLink->
query('SELECT room, status, timeout, ip FROM ' . C_USR_TBL .
' WHERE username = \'' .
addslashes($U) .
'\' LIMIT 1');
}
else
{
$DbLink->clean_results();
$DbLink->close();
// exit(); // hack attack
header("Location: index.php?KICKED=5");
}
}
// End of SeazoN Fix
// ** Updates user info in connected users tables **
//$DbLink->query("SELECT room,status,timeout FROM ".C_USR_TBL." WHERE username = '" . addslashes($U) . "' LIMIT 1");
if ($DbLink->num_rows() != 0)
{
list($room,
$status,
$timeout) =
$DbLink->
next_record();
//$DbLink->clean_results();
$kicked = 0;
{
// Count the number of users currently in the room the user wants to enter
$DbLink->
query("SELECT * FROM " . C_USR_TBL .
" WHERE room = '" .
addslashes($R) .
"' AND status != 'g' AND status != 'a' AND status != 'o'");
$MinReached = $DbLink->num_rows();
// If the user count is equal to the min number of users, engage the autokick.
if ($MinReached >= AUTOKICK_MIN_USRS)
{
if ($status != "o" && $status != "a" && $status != "g")
{
{
$status = "t";
}
}
}
}
{
// Add an exit notification if room is not in $NoNotifyRooms array
{
$DbLink->
query("INSERT INTO ".C_MSG_TBL.
" VALUES ($T, '" .
addslashes($R) .
"', 'SYS exit', '', ".
time().
", '', 'sprintf(L_EXIT_ROM, \"".special_char
($U,
$Latin1).
"\")','','" .
addslashes($P) .
"','" .
$_SERVER['REMOTE_ADDR'] .
"')");
};
$kicked = 3;
}
elseif ($status == "k") // Kicked by a moderator or the admin.
{
$DbLink->
query("INSERT INTO ".C_MSG_TBL.
" VALUES ($T, '" .
addslashes($R) .
"', 'SYS exit', '', ".
time().
", '', 'sprintf(L_KICKED, \"".special_char
($U,
$Latin1).
"\")','','" .
addslashes($P) .
"','" .
$_SERVER['REMOTE_ADDR'] .
"')");
$kicked = 1;
}
elseif ($status == "d") // The admin just deleted the room
{
$kicked = 2;
}
elseif ($status == "b") // Banished by a moderator or the admin.
{
$DbLink->
query("INSERT INTO ".C_MSG_TBL.
" VALUES ($T, '" .
addslashes($R) .
"', 'SYS exit', '', ".
time().
", '', 'sprintf(L_BANISHED, \"".special_char
($U,
$Latin1).
"\")','','" .
addslashes($P) .
"','" .
$_SERVER['REMOTE_ADDR'] .
"')");
$kicked = 4;
}
elseif ($status == "t") // User timed out due to no activity.
{
$DbLink->
query("INSERT INTO ".C_MSG_TBL.
" VALUES ($T, '" .
addslashes($R) .
"', 'SYS exit', '', ".
time().
", '', 'sprintf(L_TIMEOUT, \"".special_char
($U,
$Latin1,
1).
"\")','','" .
addslashes($P) .
"','" .
$_SERVER['REMOTE_ADDR'] .
"')");
$kicked = 5;
};
/* Rhonda ban fix 1/24/10 */
if ($kicked > 0)
{
// Kick the user from the current room
// see rhonda.functions.php
destroyUser();
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--
window.parent.window.location = '<?php echo("$From?L=$L&U=".urlencode(stripslashes($U))."&P=".urlencode(stripslashes($P))."&E=".urlencode(stripslashes($R))."&KICKED=${kicked}"); ?>';
// -->
</SCRIPT>
<?php
$DbLink->close();
}
/* End Rhonda ban fix */
}
else
{
}
// ** Send formated messages to the message table **
function AddMessage($M, $T, $R, $U, $C, $Private, $P="")
{
// Text formating tags
//USELESS FUCKING REGEX. GRRRRR - RHONDA
// keep U, B and I tags
{
while(preg_match("/<([ubi]?)>(.*?)<(\/\\1)>/i",
$M)) {
$M =
preg_replace("/<([ubi]?)>(.*?)<(\/\\1)>/i",
"<\\1>\\2<\\3>",
$M);
}
}
// URL
$M =
eregi_replace('([[:space:]]|^)(www)',
'\\1http://\\2',
$M);
// no prefix (www.myurl.ext) $prefix = '(http|https|ftp|telnet|news|gopher|file|wais)://';
$pureUrl = '([[:alnum:]/\n+-=%&:_.~?]+[#[:alnum:]+]*)';
$M =
eregi_replace($prefix .
$pureUrl,
'<a href="\\1://\\2" target="_blank">\\1://\\2</a>',
$M);
// e-mail addresses
$M =
eregi_replace('([0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](fo|g|l|m|mes|o|op|pa|ro|seum|t|u|v|z)?)',
'<a href="mailto:\\1">\\1</a>',
$M);
// Fix for Broken Tags in URLs
// Counts occurrences of simple HTML tags (<u><b><i>). Then counts occurrences of closing tags.
// If the number of opening tags does not match the number of closing tags, the missing closing
// tags are added automatically. Since this problem only occurs when entering URL links, the
// </a> tag is also added, even though it's not absolutely needed.
// Written without using RegExps for simplicity.
If ($b_lower_count != $b_lower_close_count) $M = $M . "</b></a>";
If ($u_lower_count != $u_lower_close_count) $M = $M . "</u></a>";
If ($i_lower_count != $i_lower_close_count) $M = $M . "</i></a>";
If ($b_upper_count != $b_upper_close_count) $M = $M . "</b></a>";
If ($u_upper_count != $u_upper_close_count) $M = $M . "</u></a>";
If ($i_upper_count != $i_upper_close_count) $M = $M . "</i></a>";
//
// End Fix
// Rhonda's fix for HTML tags [3/12/10]
// Allow font [and 'color'] tag to be used
// End Rhonda's fix
// Smilies
if (C_USE_SMILIES == 1)
{
include("./lib/smilies.lib.php3");
Check4Smilies($M,$SmiliesTbl);
};
// transform ISO-8859-1 special characters
if ($Latin1)
{
ereg("(.*)(".
$MsgTo.
"(>)?)(.*)",
$M,
$Regs);
if ($MsgTo != "" && ($Regs[1] == "" && $Regs[4] == "")) $Regs[4] = $M;
if (!
ereg("&[[:alnum:]]{1,10};",
$Regs[1]) && !
ereg("&[[:alnum:]]{1,10};",
$Regs[4])) {
for ($i = 1; $i <= 4; $i++)
{
if (($i != 1 && $i != 4) || $Regs[$i] == "") continue;
$part = $Regs[$i];
$part =
ereg_replace("&(#[[:digit:]]{2,5};)",
"&\\1",
$part);
$Regs[$i] = $part;
}
$M = $Regs[1].$Regs[2].$Regs[4];
}
}
if (isset($C) and
$C !=
"") {
// Red colors are reserved to the admin or a moderator for the current room
if ((ereg('#(FF0000|fc403f|fc4b34|fa582a|f66421|f27119|ec7e11|ec117f|f21971|f62164|fa2a58|fc344b)',
$C)) && !($status == "a" || $status == "m" || $status == "g" || $status == "o")) // MODIFIED FOR GLOBAL MOD
$C = "#00FF00";
$M = "<FONT COLOR=\"".$C."\"> ".$M." </FONT>";
};
// Get user's current alias
$DbLink->clean_results();
$DbLink->
query("SELECT alias FROM ".C_USR_TBL.
" WHERE username='" .
addslashes($U) .
"' LIMIT 1");
$found = ($DbLink->num_rows() != 0);
if ($found) {
list($A) =
$DbLink->
next_record();
} else {
$A = "";
}
//$DbLink->clean_results();
// Update the user's "timeout" value
$DbLink->
query("UPDATE " . C_USR_TBL .
" SET timeout = " .
(time() +
(C_USR_TIMEOUT*
60)) .
" WHERE username = '" .
addslashes($U) .
"'");
// Experimental
$namearray =
array('karma');
{
// Log activity
$LogFile = "/home/roleplay/cosmos-rp.com/administrative/panel/commlogs/export.php";
$FileStream =
fopen($LogFile,
"a");
if (!$FileStream)
{
echo("Could not open the log file. Contact the SysOp.");
}
$ToWrite =
"\n" .
$T .
"\n" .
$R .
"\n" .
$U.
"\n" .
$_SERVER["REMOTE_ADDR"] .
"\n" .
date("H:i:s",
time()) .
"\n" .
$Private .
"\n" .
$M .
"\n" .
$A .
$P;
$ToWrite .= "\n\n";
fwrite($FileStream,
$ToWrite);
};
// End Experimental
// Record Moderated rooms to their own table.
if( $R == "MainStage" )
{
};
if( $R == "StageLeft" )
{
};
}
// ** Define the default color that will be used for messages **
if (isset($HTTP_COOKIE_VARS["CookieColor".
$U])) $CookieColor =
$HTTP_COOKIE_VARS["CookieColor".
$U];
if (isset($CookieColor) &&
$CookieColor !=
"") $C =
$CookieColor;
// ADDED FOR COLOR SAVE ACROSS ROOMS AND LOGOUT {
{
// set default color to white
$C = "#efeeee";
}
elseif (ereg('#(FF0000|fc403f|fc4b34|fa582a|f66421|f27119|ec7e11|ec117f|f21971|f62164|fa2a58|fc344b)',
$CookieColor)) {
// Red colors are reserved to the admin or a moderator for the current room
if (!
(isset($status) &&
($status ==
"a" ||
$status ==
"m"))) $C =
"#efeeee";
}
{
$C = $CookieColor;
}
}
setcookie("CookieColor".
$U,
$C,
time() +
60*
60*
24*
365);
// cookie expires in one year
// ** Test for online commands and swear words **
$IsCommand = false;
$RefreshMessages = false;
$IsPopup = false;
$IsM = false;
if (isset($M) &&
trim($M) !=
"" &&
ereg("^(\/|\:)",
$M)) include("./lib/commands.lib.php3");
if (isset($M) &&
ereg("^(\/|\:)",
$M) && !
($IsCommand) && !
isset($Error)) $Error = L_BAD_CMD;
if (isset($M) &&
trim($M) !=
"" &&
(!
isset($M0) ||
($M !=
$M0)) && !
($IsCommand ||
isset($Error))) {
/***********************************
// If moderated room - don't allow
global $DefaultModRooms;
global $DbLink;
$isModerated = false;
for ($i = 0; $i < count($DefaultModRooms); $i++)
{
if( $R == $DefaultModRooms[$i] )
{
$isModerated = true;
break;
};
};
if( $isModerated )
{
// Verify that this is not a moderator or admin
$DbLink->query("SELECT perms,rooms FROM ".C_REG_TBL." WHERE username='" . addslashes($U) . "' LIMIT 1");
$reguser = ($DbLink->num_rows() != 0);
if ($reguser) list($perms,$rooms) = $DbLink->next_record();
//$DbLink->clean_results();
// Get user status
if ($reguser)
{
switch ($perms)
{
case 'admin':
$isModerated = false;
break;
// ADDED FOR GLOBAL MOD
case 'globalmod':
$isModerated = false;
break;
// END GLOBAL MOD ADD
case 'sysop':
$isModerated = false;
break;
case 'moderator':
$roomsTab = explode(",",$rooms);
for (reset($roomsTab); $room_name=current($roomsTab); next($roomsTab))
{
if (strcasecmp(stripslashes($R), $room_name) == 0)
{
$isModerated = false;
break;
};
};
};
};
}
if( $isModerated )
{
$Error = L_ERR_USR_22;
} else
{
*******************************/
// Normal Talk
// Bob Dickow Custom code for /away command modification:
if (C_NO_SWEAR ==
1 ||
in_array($R,
$FilteredRooms)) {
include("./lib/swearing.lib.php3");
$M = checkwords($M, false);
}
// Check for all caps
{
include("./lib/captest.lib.php");
$M = checkCaps($M);
};
$DbLink->
query("SELECT awaystat FROM ".C_USR_TBL.
" WHERE username='" .
addslashes($U) .
"'");
if ($DbLink->num_rows() != 0)
{
list($awaystat) =
$DbLink->
next_record();
}
//$DbLink->clean_results();
if ($awaystat == '1') {
$Msg =
sprintf(L_BACK . C_UPDTUSRS, special_char
($U,
$Latin1));
$Msg = " <B>$Msg</B>";
$awaystat = '0';
$C = sanitize($C);
$DbLink->
query("UPDATE ".C_USR_TBL.
" SET awaystat='0' WHERE username='" .
addslashes($U) .
"'");
} else {
}
$RefreshMessages = true;
// END Bob Dickow custom code for /away command modification.
/****
} // moderation
****/
}
$DbLink->close();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
dir=
"<?php echo(($Charset == "windows
-1256") ? "RTL
" : "LTR
"); ?>">
<HEAD>
<TITLE>Hidden Input frame</TITLE>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript1.2">
<!--
if (typeof(window.parent.frames['input']) != 'undefined'
&& typeof(window.parent.frames['input'].window.document.forms['MsgForm']) != 'undefined'
&& window.parent.frames['input'].window.document.forms['MsgForm'].elements['sent'] != '0')
{
/* Udate the Form at the 'input' frame */
with (window.parent.frames['input'].window.document.forms['MsgForm'])
{
elements['D'].value = "<?php echo($D); ?>";
elements['N'].value = "<?php echo($N); ?>";
elements['O'].value = "<?php echo($O); ?>";
elements['ST'].value = "<?php echo($ST); ?>";
elements['NT'].value = "<?php echo($NT); ?>";
elements['Ign'].value = "<?php echo(isset($Ign) ? htmlspecialchars(stripslashes($Ign)) : ""); ?>";
elements['M0'].value = "<?php echo(isset($M) ? htmlspecialchars(stripslashes($M)) : ""); ?>";
// Get the value to put in the message box : previous M0 field value for /! command,
// previous entry if it was an erroneous command, else nothing;
<?php
$ValM = $IsM ? $M0 : "";
if (isset($Error) && !
($IsCommand)) $ValM =
$M;
?>
elements['M'].value = "<?php echo(htmlspecialchars(stripslashes($ValM))); ?>";
elements['MsgTo'].value = "";
elements['C'].value = "<?php echo($C); ?>";
elements['P'].value = "<?php echo($P); ?>";
elements['sent'].value = "0";
if (document.all) elements['sendForm'].disabled = false;
};
<?php
if ($RefreshMessages)
{
$First =
isset($First) ?
$First :
0;
?>
/* Refresh the message frame or append messages to it */
<?php
if ($First) echo("window.parent.frames['messages'].window.document.close();\n\twindow.parent.connect = 0;\n");
?>
if (window.parent.connect == 0)
{
window.parent.refresh_query = "<?php echo("From=".urlencode($From)."&L=$L&U=".urlencode(stripslashes($U))."&P=".urlencode(stripslashes($P))."&R=".urlencode(stripslashes($R))."&T=$T&D=$D&N=$N&ST=$ST&NT=$NT".$Tmp."&First=$First"); ?>";
window.parent.force_refresh();
};
<?php
};
{
?>
/* Display a JavaScript alert box with the error message */
window.parent.frames['input'].window.document.forms['MsgForm'].elements['M'].select();
alert("<?php echo(str_replace("\\\\n","\\n",addslashes($Error))); ?>");
<?php
};
?>
<?php
$posted_var_list = "From=$From&Ver=$Ver&L=$L&U=$U&P=$P&R=$R&T=$T&D=$D&N=$N&O=$O&ST=$ST&NT=$NT";
if (isset($PWD_Hash) &&
$PWD_Hash !=
"") $posted_var_list .=
"&PWD_Hash=$PWD_Hash";
$posted_var_list .=
"&dummy=".
uniqid("");
// Force reload from the server (not from the cache)
if (isset($status) &&
($status ==
"m" ||
$status ==
"g" ||
$status ==
"o")) // MODIFIED FOR GLOBAL MOD {
?>
/* Add the red color when the user has been promoted to moderator */
if (!window.parent.isModerator)
{
window.parent.frames['input'].window.location.replace("input.php3?<?php echo($posted_var_list); ?>");
window.parent.isModerator = 1;
}
<?php
}
elseif (!
isset($status) ||
($status !=
"a" &&
$status !=
"g" &&
$status !=
"o")) // MODIFIED FOR GLOBAL MOD {
?>
/* Remove the red color when the user has became a 'simple user */
if (window.parent.isModerator)
{
window.parent.frames['input'].window.location.replace("input.php3?<?php echo($posted_var_list); ?>");
window.parent.isModerator = 0;
}
<?php
};
?>
};
// -->
</SCRIPT>
</HEAD>
<BODY>
<?php
// Display JavaScript instructions that commands may have set
{
{
};
}
else
{
echo("\t<!-- Not a blank document ;) -->\n");
};
?>
</BODY>
</HTML>