function AddMessage($M, $T, $R, $U, $C, $Private, $Read, $RF, $Charset) { global $DbLink, $Latin1, $status, $Read, $M1, $COLOR_TB; # if (C_BOT_CONTROL && C_BOT_PUBLIC && $Private == "") if (C_BOT_CONTROL && C_BOT_PUBLIC && $Private == "" && !(preg_match("#^\\/#", $M) || preg_match("#^:#", $M))) { //--Bot Control Popeye # include("./bot/respond.php"; $botpath = "botfb/" . $U . ".txt"; $botcontrol = "botfb/" . $R . ".txt"; if (file_exists($botcontrol)) { # if (file_exists ($botpath) || eregi(mb_convert_case(C_BOT_NAME,MB_CASE_LOWER,$Charset), mb_convert_case($M,MB_CASE_LOWER,$Charset))) if (file_exists($botpath) || stripos(mb_convert_case($M, MB_CASE_LOWER, $Charset), mb_convert_case(C_BOT_NAME, MB_CASE_LOWER, $Charset)) !== false) { include "./lib/bot.lib.php"; } } } //---End Bot Control if (!isset($M1)) { $M1 = $M; } $M = str_replace("\"", """, $M); $M = str_replace("'", "'", $M); $M = str_ireplace("<applet", "", $M); $M = str_ireplace("<javascript", "", $M); // Text formating tags if (C_HTML_TAGS_KEEP == "none") { if (!C_HTML_TAGS_SHOW) { // eliminates every HTML like tags $M = str_replace("<[^>]+>", "", $M); $M = str_replace("x3c", "", $M); $M = str_replace("x3e", "", $M); } else { // or keep it without effect $M = str_replace("<", "<", $M); $M = str_replace(">", ">", $M); $M = str_replace("x3c", "<", $M); $M = str_replace("x3e", ">", $M); } } else { // then C_HTML_TAGS_KEEP == "simple", we keep U, B and I tags $M = str_replace("<", "<", $M); $M = str_replace(">", ">", $M); $M = str_replace("x3c", "<", $M); $M = str_replace("x3e", ">", $M); if (function_exists("preg_match")) { while (preg_match("/<([ubi]?)>(.*?)<(\\/\\1)>/i", $M)) { $M = preg_replace("/<([ubi]?)>(.*?)<(\\/\\1)>/i", "<\\1>\\2<\\3>", $M); } if (!C_HTML_TAGS_SHOW) { $M = preg_replace("/<\\/?[ubi]?>/i", "", $M); } } } // Text Direction for dir commands by Ciprian /* if(ereg('^bdo_rtl',$M)) $M = str_replace('bdo_rtl', '<BDO dir="rtl">', $M)."</BDO>"; elseif(ereg('^bdo_ltr',$M)) $M = str_replace('bdo_ltr', '<BDO dir="ltr">', $M)."</BDO>"; */ if (preg_match('/^bdo_rtl/', $M)) { $M = str_replace('bdo_rtl', '<BDO dir="rtl">', $M) . "</BDO>"; } elseif (preg_match('/^bdo_ltr/', $M)) { $M = str_replace('bdo_ltr', '<BDO dir="ltr">', $M) . "</BDO>"; } // URL /* $M = eregi_replace('([[:space:]]|^)(www[.])', '\\1http://\\2', $M); // no prefix (www.myurl.ext) $M = eregi_replace('([[:space:]]|^)(ftp[.])', '\\1ftp://\\2', $M); // no prefix (ftp.myurl.ext) */ $M = preg_replace('/([[:space:]]|^)(www[.])/i', '\\1http://\\2', $M); // no prefix (www.myurl.ext) $M = preg_replace('/([[:space:]]|^)(ftp[.])/i', '\\1ftp://\\2', $M); // no prefix (ftp.myurl.ext) // Word wrap fix by Alexander Eisele <*****@*****.**> - deprecated by Ciprian due to japanese (2-bytes undesired trimming) if (!preg_match_all("((http://|https://|ftp://|mailto:)[^ ]+)", $M, $pmatch)) { $M = wordwrap($M, 40, " ", 1); } /* $prefix = '(http|https|ftp|telnet|news|gopher|file|wais)://'; $pureUrl = '([[:alnum:]/\n+-=%&:_.~?]+[#[:alnum:]+-_~]*)'; */ $prefix = '(http|https|ftp|telnet|news|gopher|file|wais):\\/\\/'; $pureUrl = '([[:alnum:]\\/\\n+-=%&:_.~?]+[#[:alnum:]+-_~]*)'; if (C_POPUP_LINKS) { $purl = ""; for ($x = 0; $x < count($pmatch[0]); $x++) { $purl .= "||" . $pmatch[0][$x]; } # $M = eregi_replace($prefix.$pureUrl, '<a href="links.php?link='.urlencode($purl).'" target="_blank"></a>', $M); $M = preg_replace("/" . $prefix . $pureUrl . "/i", '<a href="links.php?link=' . urlencode($purl) . '" target="_blank"></a>', $M); } else { $M = preg_replace("/" . $prefix . $pureUrl . "/i", '<a href="\\1://\\2" target="_blank">\\1://\\2</a>', $M); } // e-mail addresses // $M = eregi_replace('([0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](fo|g|l|m|mes|o|op|pa|ro|seum|t|u|v|z)?)', '<a href="mailto:\\1" alt="Send email">\\1</a>', $M); // Added the new top-level domains (mail, asia, travel, aso) # $M = eregi_replace('([0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](avel|bi|bs|fo|g|ia|l|m|me|mes|o|op|pa|ro|seum|t|to|u|v|z)?)', '<a href="mailto:\\1" alt="Send email">\\1</a>', $M); $M = preg_replace('/([0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](avel|bi|bs|fo|g|ia|l|m|me|mes|o|op|pa|ro|seum|t|to|u|v|z)?)/i', '<a href="mailto:\\1" alt="Send email">\\1</a>', $M); if (C_EN_STATS) { # if(eregi('<a href="mailto',$M)) $DbLink->query("UPDATE ".C_STS_TBL." SET emails_posted=emails_posted+1 WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='$R' AND username='******'"); if (stripos($M, '<a href="mailto') !== false) { $DbLink->query("UPDATE " . C_STS_TBL . " SET emails_posted=emails_posted+1 WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='{$R}' AND username='******'"); } # if(eregi('<a href="http',$M)) $DbLink->query("UPDATE ".C_STS_TBL." SET urls_posted=urls_posted+1 WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='$R' AND username='******'"); if (stripos($M, '<a href="http') !== false) { $DbLink->query("UPDATE " . C_STS_TBL . " SET urls_posted=urls_posted+1 WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='{$R}' AND username='******'"); } } // Smilies if (C_USE_SMILIES) { include "./lib/smilies.lib.php"; $ss = Check4Smilies($M, $SmiliesTbl); if (C_EN_STATS && $ss > 0) { $DbLink->query("UPDATE " . C_STS_TBL . " SET smilies_posted=smilies_posted+{$ss} WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='{$R}' AND username='******'"); } unset($SmiliesTbl, $ss); } // transform ISO-8859-1 special characters if ($Latin1) { global $MsgTo; # ereg("(.*)(".$MsgTo."(>)?)(.*)",$M,$Regs); preg_match("/(.*)(" . $MsgTo . "(>)?)(.*)/", $M, $Regs); if ($MsgTo != "" && ($Regs[1] == "" && $Regs[4] == "")) { $Regs[4] = $M; } # if (!ereg("&[[:alnum:]]{1,10};",$Regs[1]) && !ereg("&[[:alnum:]]{1,10};",$Regs[4])) if (!preg_match("/&[[:alnum:]]{1,10};/", $Regs[1]) && !preg_match("/&[[:alnum:]]{1,10};/", $Regs[4])) { for ($i = 1; $i <= 4; $i++) { if ($i != 1 && $i != 4 || $Regs[$i] == "") { continue; } $part = $Regs[$i]; $part = htmlentities($part); $part = str_replace("&lt;", "<", $part); $part = str_replace("&gt;", ">", $part); $part = str_replace("<", "<", $part); $part = str_replace(">", ">", $part); $part = str_replace(""", "\"", $part); # $part = ereg_replace("&(#[[:digit:]]{2,5};)", "&\\1", $part); $part = preg_replace("/&(#[[:digit:]]{2,5};)/", "&\\1", $part); $Regs[$i] = $part; } $M = $Regs[1] . $Regs[2] . $Regs[4]; } } // Color Sniffer scripting safe mode filter by Alexander Eisele <*****@*****.**> & Ciprian $C = str_replace("<", "<", $C); $C = str_replace(">", ">", $C); $C = str_replace("\"", """, $C); $C = str_replace("x3c", "<", $C); $C = str_replace("x3e", ">", $C); $CC = array("", "black", "dimgray", "gray", "darkgray", "silver", "lightgrey", "gainsboro", "whitesmoke", "ghostwhite", "white", "slategray", "lightslategray", "midnightblue", "navy", "darkblue", "darkslateblue", "mediumblue", "blue", "steelblue", "royalblue", "cornflowerblue", "dodgerblue", "deepskyblue", "lightskyblue", "skyblue", "lightsteelblue", "lightblue", "powderblue", "paleturquoise", "lightcyan", "aliceblue", "azure", "mintcream", "darkslategray", "cadetblue", "teal", "darkcyan", "lightseagreen", "darkturquoise", "mediumturquoise", "turquoise", "aqua", "cyan", "mediumaquamarine", "aquamarine", "darkolivegreen", "olive", "olivedrab", "darkkhaki", "darkgreen", "green", "forestgreen", "seagreen", "mediumseagreen", "darkseagreen", "mediumspringgreen", "springgreen", "palegreen", "honeydew", "limegreen", "lime", "lightgreen", "lawngreen", "chartreuse", "greenyellow", "yellowgreen", "indigo", "purple", "darkmagenta", "darkviolet", "darkorchid", "mediumorchid", "orchid", "violet", "plum", "thistle", "blueviolet", "mediumpurple", "slateblue", "mediumslateblue", "lavender", "mediumvioletred", "magenta", "fuchsia", "deeppink", "palevioletred", "hotpink", "lightpink", "pink", "mistyrose", "lavenderblush", "maroon", "darkred", "firebrick", "crimson", "red", "orangered", "tomato", "indianred", "lightcoral", "salmon", "darksalmon", "lightsalmon", "coral", "darkorange", "orange", "sandybrown", "darkgoldenrod", "goldenrod", "gold", "yellow", "khaki", "palegoldenrod", "lemonchiffon", "cornsilk", "lightgoldenrodyellow", "beige", "lightyellow", "ivory", "rosybrown", "saddlebrown", "brown", "sienna", "chocolate", "peru", "tan", "burlywood", "wheat", "navajowhite", "peachpuff", "moccasin", "bisque", "blanchedalmond", "papayawhip", "antiquewhite", "linen", "oldlace", "seashell", "floralwhite", "snow"); if (trim($C) != "") { if (!in_array($C, $CC)) { $C = "lime"; } } //Color's Power Filter Mod by Ciprian if (isset($_COOKIE["CookieColor"]) && !isset($C)) { $C = strcasecmp($_COOKIE["CookieColor"], $COLOR_TB) != 0 ? $_COOKIE["CookieColor"] : ''; } else { $DbLink->query("SELECT colorname FROM " . C_REG_TBL . " WHERE username = '******' LIMIT 1"); if ($DbLink->num_rows() != 0 && !isset($C)) { list($C) = $DbLink->next_record(); } } if (COLOR_FILTERS) { if (!isset($C)) { if ($status == "a" || $status == "t") { $C = COLOR_CA; } elseif ($status == "m") { $C = COLOR_CM; } } elseif ($C != '') { // Red colors are reserved to the admin if ((strcasecmp($C, COLOR_CA) == 0 || strcasecmp($C, COLOR_CA1) == 0 || strcasecmp($C, COLOR_CA2) == 0) && $C != "" && $status != "a" && $status != "t") { if ($status == "m") { $C = COLOR_CM; //default moderator's color } else { $C = ''; //default color } } elseif ((strcasecmp($C, COLOR_CM) == 0 || strcasecmp($C, COLOR_CM1) == 0 || strcasecmp($C, COLOR_CM2) == 0) && $C != "" && $status != "a" && $status != "t" && $status != "m") { $C = ''; //default color } elseif (strcasecmp($C, $COLOR_TB) == 0) { $C = ''; } } } if (!COLOR_ALLOW_GUESTS && $status == "u") { $C = ''; } include_once "./lib/swearing.lib.php"; if (checkwords($C, true, $Charset)) { $C = ''; } //if user is using a swear word (defined in swearing.lib.php), the font color will resets to default. this is to keep your database as well as our computer clean of swearing (no swear into your cookies on your local computer). if (isset($C) && $C != '' && strcasecmp($C, COLOR_CD) != 0) { $M = "<FONT COLOR=\"" . $C . "\">" . $M . "</FONT>"; setcookie("CookieColor", $C, time() + 60 * 60 * 24 * 365); // cookie expires in one year } elseif (isset($_COOKIE["CookieColor"])) { setcookie("CookieColor", '', time()); // cookie expires in one year } // Text tags for power users if (C_ITALICIZE_POWERS) { $text_tag = ""; $text_endtag = ""; if ($status == "a" || $status == "t" || $status == "m") { if (stristr(C_TAGS_POWERS, "B")) { $text_tag .= "<B>"; $text_endtag .= "</B>"; } if (stristr(C_TAGS_POWERS, "I")) { $text_tag .= "<I>"; $text_endtag .= "</I>"; } if (stristr(C_TAGS_POWERS, "U")) { $text_tag .= "<U>"; $text_endtag .= "</U>"; } } if ($text_tag != "") { $M = $text_tag . $M . $text_endtag; } } $DbLink->query("INSERT INTO " . C_MSG_TBL . " VALUES ({$T}, '{$R}', '" . addslashes($U) . "', '{$Latin1}', " . time() . ", '{$Private}', '" . addslashes($M) . "', '{$Read}', '{$RF}')"); }
// if it does delete it. } # $DbLink = new DB; $DbLink->query("INSERT INTO " . C_MSG_TBL . " VALUES ({$T}, '{$R}', 'SYS topic reset', '{$Latin1}', " . time() . ", '{$U}', '', '', '')"); } else { if (file_exists($topgpath)) { unlink($topgpath); // if it does delete it. } # $DbLink = new DB; $DbLink->query("INSERT INTO " . C_MSG_TBL . " VALUES ({$T}, '*', 'SYS topic reset', '{$Latin1}', " . time() . ", '{$U}', '', '', '')"); } } else { if (C_USE_SMILIES) { include "./lib/smilies.lib.php"; $ss = Check4Smilies($Top, $SmiliesTbl); if (C_EN_STATS && $ss > 0) { $DbLink->query("UPDATE " . C_STS_TBL . " SET smilies_posted=smilies_posted+{$ss} WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='{$R}' AND username='******'"); } unset($SmiliesTbl, $ss); } // URL # $Top = eregi_replace('([[:space:]]|^)(www[.])', '\\1http://\\2', $Top); // no prefix (www.myurl.ext) # $Top = eregi_replace('([[:space:]]|^)(ftp[.])', '\\1ftp://\\2', $Top); // no prefix (ftp.myurl.ext) # $Top = eregi_replace('([[:space:]]|^)(www)', '\\1http://\\2', $Top); // no prefix (www.myurl.ext) $Top = preg_replace('/([[:space:]]|^)(www[.])/i', '\\1http://\\2', $Top); // no prefix (www.myurl.ext) $Top = preg_replace('/([[:space:]]|^)(ftp[.])/i', '\\1ftp://\\2', $Top); // no prefix (ftp.myurl.ext) $Top = preg_replace('/([[:space:]]|^)(www)/i', '\\1http://\\2', $Top); // no prefix (www.myurl.ext)
$purl .= "||" . $pmatch[0][$x]; } # $xtra = eregi_replace($prefix.$pureUrl, '<a href="links.php?link='.urlencode($purl).'" target="_blank"></a>', $xtra); $xtra = preg_replace("/" . $prefix . $pureUrl . "/i", '<a href="links.php?link=' . urlencode($purl) . '" target="_blank"></a>', $xtra); } else { $xtra = preg_replace("/" . $prefix . $pureUrl . "/i", '<a href="\\1://\\2" target="_blank">\\1://\\2</a>', $xtra); } // e-mail addresses // $xtra = eregi_replace('([0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](fo|g|l|m|mes|o|op|pa|ro|seum|t|u|v|z)?)', '<a href="mailto:\\1" alt="Send email">\\1</a>', $xtra); // Added the new top-level domains (mail, asia, travel, aso) # $xtra = eregi_replace('([0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](avel|bi|bs|fo|g|ia|l|m|me|mes|o|op|pa|ro|seum|t|to|u|v|z)?)', '<a href="mailto:\\1" alt="Send email">\\1</a>', $xtra); $xtra = preg_replace('/([0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](avel|bi|bs|fo|g|ia|l|m|me|mes|o|op|pa|ro|seum|t|to|u|v|z)?)/i', '<a href="mailto:\\1" alt="Send email">\\1</a>', $xtra); // Smilies if (C_USE_SMILIES) { include "./lib/smilies.lib.php"; $ss = Check4Smilies($xtra, $SmiliesTbl); if (C_EN_STATS && $ss > 0) { $DbLink->query("UPDATE " . C_STS_TBL . " SET smilies_posted=smilies_posted+{$ss} WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='{$R}' AND username='******'"); } unset($SmiliesTbl, $ss); } // transform ISO-8859-1 special characters if ($Latin1) { global $MsgTo; # ereg("(.*)(".$MsgTo."(>)?)(.*)",$xtra,$Regs); preg_match("/(.*)(" . $MsgTo . "(>)?)(.*)/", $xtra, $Regs); if ($MsgTo != "" && ($Regs[1] == "" && $Regs[4] == "")) { $Regs[4] = $xtra; } # if (!ereg("&[[:alnum:]]{1,10};",$Regs[1]) && !ereg("&[[:alnum:]]{1,10};",$Regs[4])) if (!preg_match("/&[[:alnum:]]{1,10};/", $Regs[1]) && !preg_match("/&[[:alnum:]]{1,10};/", $Regs[4])) {
<?php // Slashes ' and " characters function SpecialSlash(&$Str) { return str_replace("\"", """, str_replace("'", "'", $Str)); } //if ($status == "a" || $status == "t") // use this line if you only want administrators to be able to use this. if ($status == "m" || $status == "t" || $status == "a") { if (trim($Cmd[3]) != "") { $Mess = SpecialSlash($Cmd[3]); if (C_USE_SMILIES) { include "./lib/smilies.lib.php"; $ss = Check4Smilies($Mess, $SmiliesTbl); if (C_EN_STATS && $ss > 0) { $DbLink->query("UPDATE " . C_STS_TBL . " SET smilies_posted=smilies_posted+{$ss} WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='{$R}' AND username='******'"); } unset($SmiliesTbl, $ss); } if (C_NO_SWEAR && $R != C_NO_SWEAR_ROOM1 && $R != C_NO_SWEAR_ROOM2 && $R != C_NO_SWEAR_ROOM3 && $R != C_NO_SWEAR_ROOM4) { include "./lib/swearing.lib.php"; $Mess = " " . checkwords($Mess, false, $Charset); if (C_EN_STATS && isset($Found) && $b > 0) { $DbLink->query("UPDATE " . C_STS_TBL . " SET swears_posted=swears_posted+{$b} WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='{$R}' AND username='******'"); } unset($Found, $b); } $Mess .= " ...BUZZER..."; } # if (eregi("~",$Cmd[2])) if (strpos($Cmd[2], "~") !== false) {
$Error = L_NO_MODERATOR; } else { // Check for swear words in the message to be sent if there is one if (trim($Cmd[3]) != "") { $room_mess = $Cmd[3]; if (C_NO_SWEAR && $R != C_NO_SWEAR_ROOM1 && $R != C_NO_SWEAR_ROOM2 && $R != C_NO_SWEAR_ROOM3 && $R != C_NO_SWEAR_ROOM4) { include "./lib/swearing.lib.php"; $room_mess = checkwords($room_mess, false, $Charset); if (C_EN_STATS && isset($Found) && $b > 0) { $DbLink->query("UPDATE " . C_STS_TBL . " SET swears_posted=swears_posted+{$b} WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='{$R}' AND username='******'"); } unset($Found, $b); } if (C_USE_SMILIES) { include "./lib/smilies.lib.php"; $ss = Check4Smilies($room_mess, $SmiliesTbl); if (C_EN_STATS && $ss > 0) { $DbLink->query("UPDATE " . C_STS_TBL . " SET smilies_posted=smilies_posted+{$ss} WHERE stat_date=FROM_UNIXTIME(last_in,'%Y-%m-%d') AND room='{$R}' AND username='******'"); } unset($SmiliesTbl, $ss); } } if (trim($Cmd[2]) == "*") { $DbLink->query("INSERT INTO " . C_MSG_TBL . " VALUES ({$T}, '*', 'SYS room', '{$Latin1}', " . time() . ", '{$U}', '" . addslashes(stripslashes($room_mess)) . "', '', '')"); } else { $DbLink->query("INSERT INTO " . C_MSG_TBL . " VALUES ({$T}, '{$R}', 'SYS room', '{$Latin1}', " . time() . ", '{$U}', '" . addslashes(stripslashes($room_mess)) . "', '', '')"); } $IsCommand = true; $RefreshMessages = true; } }