<?php
// Get the names and values for vars sent by index.lib.php3
if (isset($HTTP_GE T_VARS))
{
while(list($nam e,$value) = each($HTTP_GET_ VARS))
{
$$name = $value;
};
};
// Get the names and values for post vars
if (isset($HTTP_PO ST_VARS))
{
while(list($nam e,$value) = each($HTTP_POST _VARS))
{
$$name = $value;
};
};
// Fix some security issues
if ((empty($From) || trim($From) == '')
|| (empty($U) || trim($U) == '')
|| (empty($R) || trim($R) == '')
|| (empty($Ver) || empty($L) || empty($N))
|| (!isset($T) || !isset($D) || !isset($O) || !isset($ST) || !isset($NT))
|| !is_dir('./localization/'.$L))
{
exit();
}
require("./config/config.lib.php3 ");
require("./localization/".$L."/localized.chat. php3");
require("./lib/release.lib.php 3");
require("./lib/database/".C_DB_TYPE.".l ib.php3");
require("./lib/clean.lib.php3" );
header("Content-Type: text/html; charset=${Chars et}");
// avoid server configuration for magic quotes
set_magic_quote s_runtime(0);
$U = urldecode($U);
$R = urldecode($R);
// Translate to html special characters, and entities if message was sent with a latin 1 charset
$Latin1 = ($Charset == "iso-8859-1");
function special_char($s tr,$lang)
{
return addslashes($lan g ? htmlentities(st ripslashes($str )) : htmlspecialchar s(stripslashes( $str)));
};
$DbLink = new DB;
// ** Updates user info in connected users tables and fix some security issues **
$DbLink->query("SELEC T room, status, ip FROM ".C_USR_TBL ." WHERE username = '$U' LIMIT 1");
if ($DbLink->num_rows() != 0)
{
list($room, $status, $knownIp) = $DbLink->next_record( );
$DbLink->clean_results( );
$kicked = 0;
// Security issue
include("./lib/get_IP.lib.php3 ");
if ($knownIp != $IP)
{
$kicked = 5;
}
// Update users info
if ($room != stripslashes($R )) // Same nick in another room
{
$DbLink->query("INSER T INTO ".C_MSG_TBL ." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT _ROM,
\"".special_cha r($U,$Latin1)." \")')");
$kicked = 3;
}
elseif ($status == "k") // Kicked by a moderator or the admin.
{
$DbLink->query("INSER T INTO ".C_MSG_TBL ." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_KICK ED,
\"".special_cha r($U,$Latin1)." \")')");
$kicked = 1;
}
elseif ($status == "d") // The admin just deleted the room
{
$kicked = 2;
}
elseif ($status == "b") // Banished by a moderator or the admin.
{
$DbLink->query("INSER T INTO ".C_MSG_TBL ." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_BANI SHED,
\"".special_cha r($U,$Latin1)." \")')");
$kicked = 4;
};
if ($kicked > 0)
{
// Kick the user from the current room
$kickedUrl = ($kicked < 5)
? "$From?L=$L&U=" .urlencode(stri pslashes($U))." &E=".urlencode( stripslashes($R ))."&KICKED=$ki cked"
: "$From?L=$L ";
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript">
<!--
window.parent.w indow.location = '<?php echo($kickedUrl ); ?>';
// -->
</SCRIPT>
<?php
$DbLink->close();
exit;
}
}
else
{
$DbLink->clean_results( );
// Fix a security issue
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript">
<!--
window.parent.w indow.location = '<?php echo("$From?L=$ L"); ?>';
// -->
</SCRIPT>
<?php
$DbLink->close();
exit;
};
// ** Send formated messages to the message table **
function AddMessage($M, $T, $R, $U, $C, $Private)
{
global $DbLink;
global $Latin1;
global $status;
// Text formating tags
if(C_HTML_TAGS_ KEEP == "none")
{
if(C_HTML_TAGS_ SHOW == 0)
{
// eliminates every HTML like tags
$M = ereg_replace("<[^>]+>", "", $M);
}
else
{
// or keep it without effect
$M = str_replace("<" , "<", $M);
$M = str_replace(">" , ">", $M);
}
}
else
{
// then C_HTML_TAGS_KEE P == "simple", we keep U, B and I tags
$M = str_replace("<" , "<", $M);
$M = str_replace(">" , ">", $M);
if(function_exi sts("preg_match "))
{
while(preg_matc h("/<([ubi]?)>(.*?)< (\/\\1)>/i",$M))
{
$M = preg_replace("/<([ubi]?)>(.*?)< (\/\\1)>/i","<\\1>\\2<\\ 3>",$M);
}
if(C_HTML_TAGS_ SHOW == 0)
{
$M = preg_replace("/<\/?[ubi]?>/i","",$M);
}
}
}
// URL
$M = eregi_replace(' ([[:space:]]|^)(www)', '\\1http://\\2', $M); // no prefix (www.myurl.ext)
$prefix = '(http|https|ft p|telnet|news|g opher|file|wais )://';
$pureUrl = '([[:alnum:]/\n+-=%&:_.~?]+[#[:alnum:]+]*)';
$M = eregi_replace($ prefix . $pureUrl, '<a href="\\1://\\2" target="_blank" >\\1://\\2</a>', $M);
// e-mail addresses
$M = eregi_replace(' ([0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](fo|g|l|m|mes|o |op|pa|ro|seum| t|u|v|z)?)',
'<a href="mailto:\\ 1">\\1</a>', $M);
// Smilies
if (C_USE_SMILIES == 1)
{
include("./lib/smilies.lib.php 3");
Check4Smilies($ M,$SmiliesTbl);
unset($SmiliesT bl);
};
// transform ISO-8859-1 special characters
if ($Latin1)
{
global $MsgTo;
ereg("(.*)(".$M sgTo."(>)?)( .*)",$M,$Regs) ;
if ($MsgTo != "" && ($Regs[1] == "" && $Regs[4] == "")) $Regs[4] = $M;
if (!ereg("&[[:alnum:]]{1,10};",$Regs[1]) && !ereg("&[[:alnum:]]{1,10};",$Regs[4]))
{
for ($i = 1; $i <= 4; $i++)
{
if (($i != 1 && $i != 4) || $Regs[$i] == "") continue;
$part = $Regs[$i];
$part = htmlentities($p art);
$part = str_replace("&l t;", "<", $part);
$part = str_replace("&g t;", ">", $part);
$part = str_replace("&a mp;lt;", "<", $part);
$part = str_replace("&a mp;gt;", ">", $part);
$part = str_replace("&q uot;","\"", $part);
$part = ereg_replace("& amp;(#[[:digit:]]{2,5};)", "&\\1", $part);
$Regs[$i] = $part;
}
$M = $Regs[1].$Regs[2].$Regs[4];
}
}
if (isset($C) and $C != "")
{
// Red colors are reserved to the admin or a moderator for the current room
if ((ereg('#(FF000 0|fc403f|fc4b34 |fa582a|f66421| f27119|ec7e11|e c117f|f21971|f6 2164|fa2a58|fc3 44b)', $C))
&& !($status == "a" || $status == "m"))
$C = "#000000";
$M = "<FONT COLOR=\"".$C."\ ">".$M."</FONT>";
};
$DbLink->query("INSER T INTO ".C_MSG_TBL ." VALUES ($T, '$R', '".addslashes($ U)."', '$Latin1', ".time().", '$Private',
'".addslashes($ M)."')");
}
// ** Define the default color that will be used for messages **
if (isset($HTTP_CO OKIE_VARS["CookieColo r"])) $CookieColor = $HTTP_COOKIE_VA RS["CookieColo r"];
if(!isset($C))
{
if(!isset($Cook ieColor))
{
// set default color to black
$C = "#FFFFFF";
}
elseif (ereg('#(FF0000 |fc403f|fc4b34| fa582a|f66421|f 27119|ec7e11|ec 117f|f21971|f62 164|fa2a58|fc34 4b)', $CookieColor))
{
// Red colors are reserved to the admin or a moderator for the current room
if (!(isset($statu s) && ($status == "a" || $status == "m")))
$C = "#FFFFFF";
}
if (!isset($C))
{
$C = $CookieColor;
$C = "#FFFFFF";
$CookieColor = "#FFFFFF";
}
};
setcookie("Cook ieColor", $C, time() + 60*60*24*365); // cookie expires in one year
// ** Test for online commands and swear words **
$IsCommand = false;
$RefreshMessage s = false;
$IsPopup = false;
$IsM = false;
if (isset($M) && trim($M) != "" && ereg("^\/", $M)) include("./lib/commands.lib.ph p3");
if (isset($M) && ereg("^\/", $M) && !($IsCommand) && !isset($Error)) $Error = L_BAD_CMD;
if (isset($M) && trim($M) != "" && (!isset($M0) || ($M != $M0)) && !($IsCommand || isset($Error)))
{
if (C_NO_SWEAR == 1)
{
include("./lib/swearing.lib.ph p3");
$M = checkwords($M, false);
}
AddMessage(stri pslashes($M), $T, $R, $U, $C, "");
$RefreshMessage s = true;
}
$DbLink->close();
// For translations with an explicit charset (not the 'x-user-defined' one)
if (!isset($FontNa me)) $FontName = "";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML dir="<?php echo(($Charset == "windows-1256") ? "RTL" : "LTR"); ?>">
<HEAD>
<TITLE>Input frame</TITLE>
<LINK REL="stylesheet " HREF="config/style.css.php3? <?php echo("Charset=$ {Charset}&mediu m=${FontSize}&F ontName=${FontN ame}"); ?>"
TYPE="text/css">
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript1.2">
<!--
// Get the position for the help popup
if (window.parent. NS4) document.captur eEvents(Event.M OUSEDOWN);
document.onmous edown = window.parent.d isplayLocation;
// -->
</SCRIPT>
</HEAD>
<BODY CLASS="frame" <?php if (!$IsPopup) echo("onLoad=\" if (window.focus) window.parent.g et_focus();\"") ; ?>>
<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0>
<TR>
<!-- Input form -->
<TD>
<?php
// Define the way posted values will be handled according to the javascript abilities
// of the browser
if ($Ver == "H")
{
$action = "handle_inputH. php3";
$target = "input_sent ";
}
else
{
$action = "input.php3 ";
$target = "_self";
};
?>
<FORM NAME="MsgForm" ACTION="<?php echo($action); ?>" METHOD="POST" AUTOCOMPLETE="O FF" TARGET="<?php echo($target); ?>"
onSubmit="retur n window.parent.v alidateSubmissi on();">
<INPUT TYPE="hidden" NAME="From" VALUE="<?php echo($From); ?>">
<INPUT TYPE="hidden" NAME="Ver" VALUE="<?php echo($Ver); ?>">
<INPUT TYPE="hidden" NAME="L" VALUE="<?php echo($L); ?>">
<INPUT TYPE="hidden" NAME="R" VALUE="<?php echo(htmlspecia lchars(stripsla shes(urlencode( $R)))); ?>">
<INPUT TYPE="hidden" NAME="T" VALUE="<?php echo($T); ?>">
<INPUT TYPE="hidden" NAME="D" VALUE="<?php echo($D); ?>">
<INPUT TYPE="hidden" NAME="N" VALUE="<?php echo($N); ?>">
<INPUT TYPE="hidden" NAME="O" VALUE="<?php echo($O); ?>">
<INPUT TYPE="hidden" NAME="ST" VALUE="<?php echo($ST); ?>">
<INPUT TYPE="hidden" NAME="NT" VALUE="<?php echo($NT); ?>">
<INPUT TYPE="hidden" NAME="PWD_Hash" VALUE="<?php echo(isset($PWD _Hash) ? $PWD_Hash : ''); ?>">
<!-- Ignored users list -->
<INPUT TYPE="hidden" NAME="Ign" VALUE="<?php echo(isset($Ign ) ? htmlspecialchar s(stripslashes( $Ign)) : ""); ?>">
<!-- Last sent message or command (will be used for the '/!' command) -->
<INPUT TYPE="hidden" NAME="M0" VALUE="<?php echo(isset($M) ? htmlspecialchar s(stripslashes( $M)) : ""); ?>">
<A HREF="help_popu p.php3?<?php echo("L=$L&Ver= $Ver"); ?>" onClick="window .parent.help_po pup(); return false" TARGET="_blank"
onmouseover="do cument.images['helpImg'].src = window.parent.i mgHelpOn.src" onmouseout="doc ument.images['helpImg'].src =
window.parent.i mgHelpOff.src"> <IMG NAME="helpImg" SRC="images/helpOff.gif" WIDTH=15 HEIGHT=15 BORDER=0 ALT="<?php echo(L_HLP); ?>"
onClick="docume nt.forms['MsgForm'].elements['M'].focus();"></A>
<?php
// Get the value to put in the message box : preceding M0 field value for /! command,
// preceding entry if it was an erroneous command, else nothing;
$ValM = $IsM ? $M0 : "";
if (isset($Error) && !($IsCommand)) $ValM = $M;
?>
<INPUT TYPE="text" NAME="M" SIZE="45" taborder=1 tabindex=1 MAXLENGTH="299" VALUE="<?php
echo(htmlspecia lchars(stripsla shes($ValM))); ?>">
<!-- Addressee that will be filled when the user click on a nick at the users frame -->
<INPUT TYPE="hidden" NAME="MsgTo" VALUE="">
<?php
if ($Ver == "L")
{
// Drop down list of colors for non-enabled JavaScript1.1+ browsers
echo("<SELECT NAME=\"C\">\n") ;
while(list($Col orName, $ColorCode) = each($TextColor s))
{
// Red color is reserved to the admin or a moderator for the current room
if ($ColorCode == "#FF0000" && !(isset($status ) && ($status == "a" || $status == "m"))) continue;
echo("<OPTION VALUE=\"".$Colo rCode."\"");
if($C == $ColorCode || $ColorCode == "#000000") echo(" SELECTED");
echo(">".$Color Name."</OPTION>");
}
echo("\n</SELECT> \n ");
}
else
{
?>
<INPUT TYPE="hidden" NAME="C" VALUE="<?php echo($C); ?>">
<?php
}
?>
<INPUT TYPE="hidden" NAME="sent" VALUE="0">
<INPUT TYPE="submit" NAME="sendForm" VALUE="<?php echo(L_OK); ?>">
<font color=white> <b>Name</b></font>
<INPUT TYPE="hidden" NAME="U" SIZE="5" MAXLENGTH="29" VALUE="<?php echo(htmlspecia lchars(stripsla shes(urlencode( $U)))); ?>">
</FORM>
<form name="aliasform ">
<INPUT TYPE="text" NAME="ZU" SIZE="5" MAXLENGTH="29" VALUE="<?php echo(htmlspecia lchars(stripsla shes(urlencode( $U)))); ?>">
</form>
</TD>
<?php
if ($Ver != "L")
{
// Define the colors picker for JavaScript1.1+ enabled browsers
unset($TextColo rs);
$TextColors = array('#ffffff' , '#ffffff');
for($x = 0; $x < 360; $x += 6)
{
$r = ceil(126 * (cos(deg2rad($x )) + 1));
$g = ceil(126 * (cos(deg2rad($x + 240)) + 1));
$b = ceil(126 * (cos(deg2rad($x + 120)) + 1));
if(!($r > 128 && $g < 128 && $b < 128 && !(isset($status ) && ($status == "a" || $status == "m"))))
{
$TextColors[] = '#'.substr('0'. dechex($r), -2).substr('0'.d echex($g), -2).substr('0'.d echex($b), -2);
}
}
?>
<TD>   ;</TD>
<TD>
<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0>
<TR>
<?php
while(list($key , $ColorCode) = each($TextColor s))
{
$i = $key + 1;
if ($ColorCode == $C)
{
$wichImage = "selColor.g if";
$wichSelected = $i;
}
else
{
$wichImage = "unselColor.gif ";
}
echo("\n\t\t\t" );
echo('<td bgcolor="' . $ColorCode . '"><a href="#" onclick="window .parent.ChangeC olor(\'' . $ColorCode . '\',\'C' . $i .'\');
return false;"><img src="images/' . $wichImage . '" alt="' . $ColorCode . '" name="C' . $i . '" border="0" width="2" height="20"
/></a></td>');
};
unset($TextColo rs);
echo("\n");
?>
</TR>
</TABLE>
</TD>
<TD> </TD>
<?php
}
?>
</TR>
</TABLE>
<?php
// ** Ensure a color is selected in the colors picker, else select the default one (black) **
if ($Ver != "L")
{
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript">
<!--
<?php
if (isset($wichSel ected))
{
?>
window.parent.S elColor = "<?php echo("C${wichSe lected}"); ?>";
<?php
}
else
{
?>
window.parent.C hangeColor("#FF FFFF","C1");
<?php
}
?>
// -->
</SCRIPT>
<?php
};
// ** Refresh the messages frame if necessary **
if($RefreshMess ages)
{
$Tmp = isset($Ign) ? "&Ign=".urlenco de(stripslashes ($Ign)) : "";
$First = isset($First) ? $First : 0;
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript">
<!--
<?php
if ($Ver == "H")
{
if ($First) echo("window.pa rent.frames['messages'].window.documen t.close();\n\tw indow.parent.co nnect = 0;\n");
?>
if (window.parent. connect == 0)
{
window.parent.r efresh_query = "<?php
echo("From=".ur lencode($From). "&amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;
amp;amp;amp;amp ;L=$L&amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp
;amp;U=".urlenc ode(stripslashe s($U))."&am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;a
mp;amp;amp;amp; amp;amp;R=".url encode(stripsla shes($R))."& ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp
;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;T=$T &amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;am
p;amp;amp;amp;a mp;amp;amp;amp; D=$D&amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;a
mp;amp;amp;amp; amp;N=$N&am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;
amp;amp;ST=$ST& amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;N
T=$NT".$Tmp."&a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;Fi
rst=$First"); ?>";
window.parent.f orce_refresh();
};
<?php
}
else
{
?>
window.parent.f rames['messages'].window.locatio n = 'messagesL.php3 ?<?php
echo("From=".ur lencode($From). "&amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;
amp;amp;amp;amp ;L=$L&amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp
;amp;U=".urlenc ode(stripslashe s($U))."&am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;a
mp;amp;amp;amp; amp;amp;R=".url encode(stripsla shes($R))."& ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp
;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;T=$T &amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;am
p;amp;amp;amp;a mp;amp;amp;amp; D=$D&amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;a
mp;amp;amp;amp; amp;N=$N&am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;
amp;amp;O=$O&am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;ST=
$ST&amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; amp;amp;amp;amp ;amp;amp;amp;am p;amp;amp;amp;a mp;amp;amp;amp; NT=$NT".$Tmp
); ?>';
<?php
};
?>
// -->
</SCRIPT>
<?php
};
// ** Display a JavaScript alert box with the error message if necessary **
if(isset($Error ))
{
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript">
<!--
document.forms['MsgForm'].elements['M'].select();
alert("<?php echo(str_replac e("\\\\n","\\n" ,addslashes($Er ror))); ?>");
// -->
</SCRIPT>
<?php
}
// ** Put JavaScript instructions that commands may have set
if (isset($jsTbl))
{
for (reset($jsTbl); $jsInst=current ($jsTbl); next($jsTbl))
{
echo("$jsInst\n ");
};
unset($jsTbl);
}
?>
</BODY>
</HTML>
--
\ oo
\____|\mn
/ /_/ /\ \_\ - FREE THE TRUeMAN -
/ K-9/ \/_/ - Join www.chatty.net -
/____/_____\ - Webmasters join www.BannerX.net -
