/**
* Send ICMP ECHO_REQUEST to network host using system binaries.
* Returns an array containing ping times in milliseconds for each request.
* This method may fail, if:
* - Web server has no access to system "ping" binary (eg. runs in chrooted mode)
* - ICMP ping requests are blocked by the firewall
* - shell_exec() function is disabled in php.ini
* @param string $host Hostname or IP address
* @param int $count Stop after sending count ECHO_REQUEST packets
* @return array
*/
function icmp_ping($host, $count = 3)
{
$ping_result = array();
$host = trim($host);
if ($host != '' && $count > 0) {
$os = PCPIN_Common::guessOS();
$result = false;
switch ($os) {
case 'windows':
$result = shell_exec('ping -n ' . $count . ' ' . $host);
break;
case 'unix':
$result = shell_exec('ping -c ' . $count . ' ' . $host);
break;
}
// Parse result
if (!empty($result)) {
$data = explode("\n", str_replace("\r", "\n", $result));
foreach ($data as $line) {
$line = strtolower($line);
if (false !== strpos($line, 'ms') && false !== strpos($line, 'ttl') && (false !== strpos($line, '=') || false !== strpos($line, '<'))) {
$parts = explode('=', str_replace('<', '=', $line));
foreach ($parts as $part) {
if (false !== strpos($part, 'ms')) {
$ping_result[] = trim(substr($part, 0, strpos($part, 'ms')));
break;
}
}
}
}
}
}
return $ping_result;
}
/**
* Removes slashes from all scalar array values recursively
* @param array $target Target array
* @param boolean $magic_quotes_sybase Use magic_quotes_sybase stripping only?
* @return array Array with stripped slashes
*/
function stripSlashesRecursive($target, $magic_quotes_sybase = false)
{
if (!empty($target) && is_array($target)) {
foreach ($target as $key => $val) {
if (is_array($val)) {
// Value is an array. Start recursion.
$target[$key] = PCPIN_Common::stripSlashesRecursive($val, $magic_quotes_sybase);
} elseif (is_scalar($val)) {
// Strip slashes from scalar value
if ($magic_quotes_sybase) {
$target[$key] = str_replace("''", "'", $val);
} else {
$target[$key] = stripslashes($val);
}
} else {
// Leave value unchanged.
$target[$key] = $val;
}
}
}
return $target;
}
/**
* Constructor.
* Connect to database.
* @param object &$caller Caller object
* @param array $db_conndata Database connection data
*/
function PCPIN_DB(&$caller, $db_conndata)
{
// Connect to database
$connected = false;
if (empty($this->_db_conn)) {
if (!function_exists('mysql_connect')) {
// MySQL extension is not loaded
PCPIN_Common::dieWithError(1, '<b>Fatal error</b>: MySQL extension is not loaded');
} elseif (PCPIN_DB_PERSISTENT && ($this->_db_conn = @mysql_pconnect($db_conndata['server'], $db_conndata['user'], $db_conndata['password']))) {
// Database server connected using mysql_pconnect() function
$connected = true;
} elseif ($this->_db_conn = mysql_connect($db_conndata['server'], $db_conndata['user'], $db_conndata['password'])) {
// Database server connected using mysql_connect() function
$connected = true;
}
if (!$connected) {
PCPIN_Common::dieWithError(1, '<b>Fatal error</b>: Failed to connect database server');
} else {
// Set UTF-8 character set for client-server communication
$this->_db_setCharsets();
// Disable MySQL strict mode
$this->_db_query('SET SESSION sql_mode=""');
// Trying do select database
if (!mysql_select_db($db_conndata['database'], $this->_db_conn)) {
// Failed to select database
$this->_db_close();
PCPIN_Common::dieWithError(1, '<b>Fatal error</b>: Failed to select database');
} else {
// Define database table names prefix
if (!defined('PCPIN_DB_PREFIX')) {
define('PCPIN_DB_PREFIX', $db_conndata['tbl_prefix']);
}
}
}
}
unset($db_conndata);
$this->_cache['_db_tabledata'] = array();
// Cached table information ($this->_cache is a property of the parent class)
$this->_db_pass_vars($this, $caller);
}
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
if (!isset($user_id)) {
$user_id = 0;
}
$client_data = array();
// Get client session
if (is_object($session) && !empty($current_user->id) && $session->_s_user_id == $current_user->id && $current_user->is_admin === 'y') {
if ($session->_db_getList('_s_user_id = ' . $user_id, 1)) {
// Client is online
$xmlwriter->setHeaderMessage('OK');
$xmlwriter->setHeaderStatus(0);
$sessiondata = $session->_db_list[0];
$session->_db_freeList();
$client_data = array('ip' => $sessiondata['_s_ip'], 'host' => gethostbyaddr($sessiondata['_s_ip']), 'agent' => $sessiondata['_s_client_agent_name'] . ' ' . $sessiondata['_s_client_agent_version'], 'os' => $sessiondata['_s_client_os'], 'session_start' => $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($sessiondata['_s_created'])));
// Get language name
$l->_db_getList('name, iso_name', 'id = ' . $sessiondata['_s_language_id'], 1);
$client_data['language'] = $l->_db_list[0]['name'] . ' (' . $l->_db_list[0]['iso_name'] . ')';
$l->_db_freeList();
} else {
// Client is not online
$xmlwriter->setHeaderMessage($l->g('client_not_online'));
$xmlwriter->setHeaderStatus(1);
}
}
$xmlwriter->setData(array('client_data' => $client_data));
$_js_lng[] = 'ban_canceled_ip_equals';
$_js_lng[] = 'muted_locally';
$_js_lng[] = 'permanently_globalmuted';
$_js_lng[] = 'globalmuted_until';
$_js_lng[] = 'yes';
$_js_lng[] = 'no';
$_js_lng[] = 'create_new_room';
$_js_lng[] = 'room_is_password_protected';
$_js_lng[] = 'active';
$_js_lng[] = 'profile';
$_js_lng[] = 'guest';
$_js_lng[] = 'registered';
$_js_lng[] = 'admin';
// Add global vars to template
foreach ($global_tpl_vars as $key => $val) {
$tpl->addGlobalVar($key, htmlspecialchars($val));
}
// Add language expressions to template
foreach ($tpl->tpl_vars_plain as $var) {
if (0 === strpos($var, 'LNG_')) {
$var = strtolower($var);
$tpl->addGlobalVar($var, htmlspecialchars($l->g(substr($var, 4))));
}
}
// Add other vars
$tpl->addVar('main', 'welcome_message', htmlspecialchars(str_replace('[USER]', $current_user->login, $l->g('welcome_user'))));
if ($current_user->is_guest == 'n') {
$tpl->addVar('last_login', 'last_login', htmlspecialchars($current_user->previous_login > '0000-00-00 00:00:00' ? $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($current_user->previous_login)) : $l->g('never')));
}
$template->addVar('moderator_user_options', 'display', $current_user->moderated_rooms != '' || $current_user->is_admin === 'y');
$template->addVar('admin_user_options', 'display', $current_user->is_admin === 'y');
}
if (empty($errortext)) {
// Check data
if ($current_user->_db_getList('id,login', 'email = ' . $email, 'activated = y', 'is_guest = n', 1)) {
// Email address found
$user_id = $current_user->_db_list[0]['id'];
$login = $current_user->_db_list[0]['login'];
$current_user->_db_freeList();
} else {
// Wrong Email
$errortext[] = $l->g('email_not_found');
}
}
if (!empty($errortext)) {
$xmlwriter->setHeaderStatus(1);
$xmlwriter->setHeaderMessage('- ' . implode("\n- ", $errortext));
} else {
// Reset password
$password_new = PCPIN_Common::randomString(mt_rand(6, 8), 'abcdefghijklmnopqrstuvwxyz0123456789');
$current_user->_db_updateRow($user_id, 'id', array('password_new' => md5($password_new)));
// Send "password reset" email
$email_body = $l->g('email_password_reset');
$email_body = str_replace('[CHAT_NAME]', $session->_conf_all['chat_name'], $email_body);
$email_body = str_replace('[USERNAME]', $login, $email_body);
$email_body = str_replace('[PASSWORD]', $password_new, $email_body);
$email_body = str_replace('[URL]', str_replace(' ', '%20', $session->_conf_all['base_url']), $email_body);
$email_body = str_replace('[SENDER]', $session->_conf_all['chat_email_sender_name'], $email_body);
PCPIN_Email::send('"' . $session->_conf_all['chat_email_sender_name'] . '"' . ' <' . $session->_conf_all['chat_email_sender_address'] . '>', $email, $l->g('password_reset'), null, null, $email_body);
$xmlwriter->setHeaderStatus(0);
$xmlwriter->setHeaderMessage(str_replace('[EMAIL]', $email, $l->g('new_password_sent')));
}
/**
* Create new session
* @param int $user_id Optional ID of session owner user
* @param int $last_message_id ID of last message received by session owner
* @param int $language_id Optional. Selected language. If empty, then default language will be used.
* @param string $backend_login Optional. 'y', if user is Administrator and logged directly into Admin Backend.
*/
function _s_newSession($user_id = 0, $last_message_id = 0, $language_id = 0, $backend_login = '******')
{
$ok = false;
if ($backend_login !== 'y' && $backend_login !== 'n') {
$backend_login = '******';
}
$max_attempts = 100;
do {
// Generate new session ID
$this->_s_id = PCPIN_Common::randomString(PCPIN_SID_LENGTH, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789');
// Check new session ID
if (!$this->_db_getList('_s_id', '_s_id = ' . $this->_s_id, 1)) {
// New session ID is unique
// Check language
_pcpin_loadClass('language');
$language = new PCPIN_Language($this);
if (empty($this->_conf_all['allow_language_selection']) || 0 == ($language_id = $language->checkLanguage($language_id))) {
$language_id = $this->_conf_all['default_language'];
}
// Set all object properties up
$this->_s_ip = PCPIN_CLIENT_IP;
$this->_s_client_agent_name = PCPIN_CLIENT_AGENT_NAME;
$this->_s_client_agent_version = PCPIN_CLIENT_AGENT_VERSION;
$this->_s_client_os = PCPIN_CLIENT_OS;
$this->_s_created = date('Y-m-d H:i:s');
$this->_s_last_ping = date('Y-m-d H:i:s');
$this->_s_language_id = $language_id;
$this->_s_user_id = $user_id;
$this->_s_security_code = md5(PCPIN_Common::randomString(mt_rand(100, 255)));
$this->_s_security_code_img = '';
$this->_s_room_id = 0;
$this->_s_room_date = '';
$this->_s_last_message_id = $last_message_id;
$this->_s_last_sent_message_time = '0000-00-00 00:00:00';
$this->_s_last_sent_message_hash = '';
$this->_s_last_sent_message_repeats_count = 0;
$this->_s_online_status = 1;
$this->_s_online_status_message = '';
$this->_s_kicked = 'n';
$this->_s_stealth_mode = 'n';
$this->_s_backend = $backend_login;
$this->_s_page_unloaded = 'n';
// Save session into database
$ok = $this->_db_insertObj();
}
$max_attempts--;
} while ($ok !== true && $max_attempts > 0);
$this->_db_freeList();
if (!$ok) {
PCPIN_Common::dieWithError(-1, '<b>Fatal error</b>: Failed to create new session');
}
}
}
if (!empty($_pcpin_init_session->_s_id) && $l->id != $_pcpin_init_session->_s_language_id) {
$_pcpin_init_session->_s_updateSession($_pcpin_init_session->_s_id, true, true, $l->id);
}
unset($_pcpin_set_language);
}
}
/**
* Strip magic quotes from GPC vars and extract them into the global scope.
* This software uses own security algorithm to prevent SQL injections.
*/
if (get_magic_quotes_gpc()) {
$_pcpin_magic_quotes_sybase = ini_get('magic_quotes_sybase') == '1';
$_GET = PCPIN_Common::stripSlashesRecursive($_GET, $_pcpin_magic_quotes_sybase);
$_POST = PCPIN_Common::stripSlashesRecursive($_POST, $_pcpin_magic_quotes_sybase);
$_COOKIE = PCPIN_Common::stripSlashesRecursive($_COOKIE, $_pcpin_magic_quotes_sybase);
// $_SESSION=PCPIN_Common::stripSlashesRecursive($_SESSION, $_pcpin_magic_quotes_sybase); // <-- not needed yet
unset($_pcpin_magic_quotes_sybase);
}
/**
* Yes, we extract GPC+F superglobals into the global scope.
* This software knows, how to handle them.
*/
// $_GET vars
extract($_GET);
// $_POST vars
extract($_POST);
// $_COOKIE vars
$_pcpin_cookies_found = !empty($_COOKIE);
//extract($_COOKIE); // <- not needed yet
// Posted files into the global scope
$current_user->show_message_time = 'y';
$current_user->_db_updateObj($current_user->id);
} elseif (empty($pref_timestamp) && $current_user->show_message_time != 'n') {
$current_user->show_message_time = 'n';
$current_user->_db_updateObj($current_user->id);
}
// "Allow sounds" preference
if (!empty($pref_allow_sounds) && $current_user->allow_sounds != 'y') {
$current_user->allow_sounds = 'y';
$current_user->_db_updateObj($current_user->id);
} elseif (empty($pref_allow_sounds) && $current_user->allow_sounds != 'n') {
$current_user->allow_sounds = 'n';
$current_user->_db_updateObj($current_user->id);
}
// "Message color" preference
if (!empty($pref_message_color) && $current_user->outgoing_message_color != $pref_message_color) {
$current_user->outgoing_message_color = $pref_message_color;
$current_user->_db_updateObj($current_user->id);
}
// Get display positions of displayable banners
$banner_display_positions = $banner->checktRoomBanners();
if (!empty($banner_display_positions)) {
$xml_data['banner_display_position'] = $banner_display_positions;
}
unset($banner_display_positions);
if ($last_message_id > $session->_s_last_message_id || $last_sent_message_time > PCPIN_Common::datetimeToTimestamp($session->_s_last_sent_message_time) || $last_sent_message_hash != $session->_s_last_sent_message_hash || $last_sent_message_repeats_count != $session->_s_last_sent_message_repeats_count) {
// Update session
$session->_s_updateSession($session->_s_id, true, true, null, null, null, null, null, null, $last_message_id > $session->_s_last_message_id ? $last_message_id : null, null, null, null, null, null, null, $last_sent_message_time > PCPIN_Common::datetimeToTimestamp($session->_s_last_sent_message_time) ? date('Y-m-d H:i:s', $last_sent_message_time) : null, $last_sent_message_hash != $session->_s_last_sent_message_hash ? $last_sent_message_hash : null, $last_sent_message_repeats_count != $session->_s_last_sent_message_repeats_count ? $last_sent_message_repeats_count : null);
}
}
$xmlwriter->setData($xml_data);
}
if (!PCPIN_Common::checkEmail($email, $session->_conf_all['email_validation_level'])) {
// Email invalid
$xmlwriter->setHeaderStatus(1);
$xmlwriter->setHeaderMessage($l->g('email_invalid'));
} else {
if (!$current_user->checkEmailUnique($profile_user_id, $email)) {
// Email address already taken
$xmlwriter->setHeaderStatus(1);
$xmlwriter->setHeaderMessage($l->g('email_already_taken'));
} else {
// Email address is free
if ($current_user->is_admin !== 'y' && !empty($session->_conf_all['activate_new_emails'])) {
// Email address needs to be activated
$activation_required = 1;
$email_new_activation_code = PCPIN_Common::randomString(18, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789');
$profile_user->email_new = $email;
$profile_user->email_new_date = date('Y-m-d H:i:s');
$profile_user->email_new_activation_code = md5($email_new_activation_code);
$profile_user->_db_updateObj($profile_user->id);
$email_body = $l->g('email_email_address_activation');
$email_body = str_replace('[HOURS]', $session->_conf_all['new_email_activation_timeout'], $email_body);
$email_body = str_replace('[SENDER]', $session->_conf_all['chat_email_sender_name'], $email_body);
$email_body = str_replace('[ACTIVATION_URL]', str_replace(' ', '%20', $session->_conf_all['base_url']) . '?activate_email&activation_code=' . urlencode($email_new_activation_code), $email_body);
$email_body = str_replace('[CHAT_NAME]', $session->_conf_all['chat_name'], $email_body);
PCPIN_Email::send('"' . $session->_conf_all['chat_email_sender_name'] . '"' . ' <' . $session->_conf_all['chat_email_sender_address'] . '>', $email, $l->g('email_address_activation'), null, null, $email_body);
$xmlwriter->setHeaderStatus(0);
$xmlwriter->setHeaderMessage(str_replace('[EMAIL]', $email, $l->g('email_address_activation_sent')));
} else {
// Save new email address
$activation_required = 0;
/**
* Send email
* Send an email to specified recipients. Supports RFC821-conform envelops.
*
* Email address must be formatted as in one of the following examples:
* john.doe@some.domain.tld
* <*****@*****.**>
* "John Doe" <*****@*****.**>
* "John Doe" john.doe@some.domain.tld
* John Doe <*****@*****.**>
* John Doe john.doe@some.domain.tld
* NOTE: Sender name must have UTF-8 charset
*
* Attached files must be passed to this function as an array of following structure:
* array ( <file_1>, <file_2>, ... )
* Single elements of that array must be an array of following structure:
* array ( 'filename' => 'invoice.pdf',
* 'mime_type' => 'application/pdf',
* 'body' => <file_contents_als_string> )
*
*
* @param string $from Sender email address
* @param mixed $to Receiver email address as string or multiple addresses as an array
* @param string $subject Subject
* @param mixed $cc CC Receiver email address as string or multiple addresses as an array
* @param mixed $bcc BCC Receiver email address as string or multiple addresses as an array
* @param string $body Email body
* @param array $files Attached files as array
* @return boolean TRUE on success or FALSE on error
*/
function send($from = '', $to = null, $subject = '', $cc = null, $bcc = null, $body = '', $files = null)
{
$result = false;
$from = trim($from);
$from_strict = $from;
$to_array = array();
$to_strict_array = array();
$cc_array = array();
$cc_strict_array = array();
$bcc_array = array();
$bcc_strict_array = array();
$default_mime = 'application/octet-stream';
if (!empty($to)) {
// From
$from = PCPIN_Email::convertEmailAddressRFC($from, false);
$from_strict = PCPIN_Email::convertEmailAddressRFC($from, true);
// To
if (!is_array($to)) {
$to = trim($to);
$to = $to != '' ? explode(';', $to) : array();
}
foreach ($to as $to_str) {
$to_str = trim($to_str);
if ($to_str != '') {
$to_str = PCPIN_Email::convertEmailAddressRFC($to_str, false);
if ($to_str != '') {
$to_array[] = $to_str;
}
$to_str_strict = PCPIN_Email::convertEmailAddressRFC($to_str, true);
if ($to_str_strict != '') {
$to_strict_array[] = $to_str_strict;
}
}
}
// CC
if (!is_array($cc)) {
$cc = trim($cc);
$cc = $cc != '' ? explode(';', $cc) : array();
}
foreach ($cc as $cc_str) {
$cc_str = trim($cc_str);
if ($cc_str != '') {
$cc_str = PCPIN_Email::convertEmailAddressRFC($cc_str, false);
if ($cc_str != '') {
$cc_array[] = $cc_str;
}
$cc_str_strict = PCPIN_Email::convertEmailAddressRFC($cc_str, true);
if ($cc_str_strict != '') {
$cc_strict_array[] = $cc_str_strict;
}
}
}
// BCC
if (!is_array($bcc)) {
$bcc = trim($bcc);
$bcc = $bcc != '' ? explode(';', $bcc) : array();
}
foreach ($bcc as $bcc_str) {
$bcc_str = trim($bcc_str);
if ($bcc_str != '') {
$bcc_str = PCPIN_Email::convertEmailAddressRFC($bcc_str, false);
if ($bcc_str != '') {
$bcc_array[] = $bcc_str;
}
$bcc_str_strict = PCPIN_Email::convertEmailAddressRFC($bcc_str, true);
if ($bcc_str_strict != '') {
$bcc_strict_array[] = $bcc_str_strict;
}
}
}
// Boundary
$boundary = '===' . md5(PCPIN_Common::randomString(32));
// Headers
$headers = array('Content-Type: multipart/mixed; boundary="' . $boundary . '";', 'Content-Transfer-Encoding: 7bit', 'MIME-Version: 1.0', 'X-Generator: PCPIN');
$headers_strict = $headers;
// From
if (!empty($from)) {
$headers[] = 'From: ' . $from;
}
if (!empty($from_strict)) {
$headers_strict[] = 'From: ' . $from_strict;
}
// CC
if (!empty($cc_array)) {
$headers[] = 'Cc: ' . implode(', ', $cc_array);
}
if (!empty($cc_strict_array)) {
$headers_strict[] = 'Cc: ' . implode(', ', $cc_strict_array);
}
// BCC
if (!empty($bcc_array)) {
$headers[] = 'Bcc: ' . implode(', ', $bcc_array);
}
if (!empty($bcc_strict_array)) {
$headers_strict[] = 'Bcc: ' . implode(', ', $bcc_strict_array);
}
// Create body
$message = '';
if ($body != '') {
$encoded_body = '';
$src = base64_encode($body);
while (true) {
$encoded_body .= substr($src, 0, 76);
$src = substr($src, 76);
if ($src != '') {
$encoded_body .= "\n";
} else {
break;
}
}
$message .= '--' . $boundary . "\n" . 'Content-Type: text/plain; charset=utf-8;' . "\n" . 'Content-Transfer-Encoding: base64' . "\n\n" . $encoded_body . "\n";
}
// Attachments
if (!empty($files)) {
foreach ($files as $file) {
if (empty($file['mime'])) {
$file['mime'] = $default_mime;
}
if (empty($file['filename'])) {
$file['filename'] = md5(PCPIN_Common::randomString(32));
}
$file['mime'] = str_replace('"', '\\"', $file['mime']);
$file['filename'] = str_replace('"', '\\"', PCPIN_Email::encodeHeaderValue($file['filename']));
$encoded_body = '';
$src = base64_encode($file['body']);
$encoded_body = wordwrap($src, 70, "\n", true);
$message .= '--' . $boundary . "\n" . 'Content-Type: ' . $file['mime'] . '; name="' . $file['filename'] . '";' . "\n" . 'Content-Transfer-Encoding: base64' . "\n" . 'Content-Disposition: attachment; filename="' . $file['filename'] . '"' . "\n\n" . $encoded_body . "\n";
}
}
if ($message != '') {
$message .= "\n" . '--' . $boundary . '--' . "\n";
}
// Trying to send mail
if (false === ($result = mail(implode(', ', $to_array), PCPIN_Email::encodeHeaderValue($subject), $message, implode("\n", $headers)))) {
// Failed. Trying to use RFC821-conform envelope.
$result = mail(implode(', ', $to_strict_array), PCPIN_Email::encodeHeaderValue($subject), $message, implode("\n", $headers_strict));
}
}
return $result;
}
*/
if (!empty($sk) && !empty($nv) && !empty($dl)) {
_pcpin_loadClass('version');
$version = new PCPIN_Version($session);
if ($version->_db_getList(1)) {
$current_version = $version->_db_list[0]['version'];
$last_check = $version->_db_list[0]['last_version_check'] > '0000-00-00 00:00:00' ? $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($version->_db_list[0]['last_version_check'])) : $l->g('never');
$new_version_available = $version->_db_list[0]['new_version_available'];
$new_version_url = $version->_db_list[0]['new_version_url'];
$version_check_key = $version->_db_list[0]['version_check_key'];
} else {
$current_version = 6.0;
$last_check = $l->g('never');
$new_version_available = $current_version;
$new_version_url = '';
$version_check_key = PCPIN_Common::randomString(mt_rand(10, 20));
}
$version->_db_freeList();
// Check security key
if (!empty($version_check_key) && md5($sk) == $version_check_key) {
if ($session->_db_getList('_s_id', '_s_security_code = ' . $version_check_key, 1)) {
// Security key check passed
$old_session = $session->_db_list[0]['_s_id'];
// Save version number
$version->setLastVersionCheckTime();
$version->setNewestAvailableVersion($nv);
$version->setVersionCheckKey();
$version->setNewVersionDownloadUrl(base64_decode($dl));
$session->_s_updateSession($old_session, false, true, null, null, null, '');
header('Location: ' . PCPIN_ADMIN_FORMLINK . '?s_id=' . $old_session . '&ainc=versions&version_checked');
die;
/**
* Insert new user into database
* @param string $login Login name
* @param string $password Password (NOT encoded!!!)
* @param string $email E-Mail address
* @param int $hide_email Hide E-Mail address? (0: No, 1: Yes)
* @param string $guest Flag: "y" if user is a guest, "n" if user was registered
* @param string $activation_code If new account activation enabled: Activation code (MD5-encoded)
* @param int $language_id Language ID. If empty: language ID from current session will be used
* @return boolean TRUE on success or FALSE on error
*/
function newUser($login, $password = '', $email = '', $hide_email = 0, $guest = 'n', $activation_code = '', $language_id = 0)
{
$result = false;
$this->id = 0;
$login = trim($login);
$email = trim($email);
if ($login != '' && $password != '') {
$this->id = 0;
$this->login = $login;
$this->password = md5($password);
$this->password_new = md5(PCPIN_Common::randomString(mt_rand(100, 255)));
$this->email = $email;
$this->email_new = '';
$this->email_new_date = '';
$this->email_new_activation_code = '';
$this->hide_email = $hide_email;
$this->joined = date('Y-m-d H:i:s');
$this->activated = $activation_code == '' ? 'y' : 'n';
$this->activation_code = $activation_code;
$this->last_login = '';
$this->previous_login = '';
$this->time_online = 0;
$this->date_format = $this->_conf_all['date_format'];
$this->last_message_id = 0;
$this->moderated_rooms = '';
$this->moderated_categories = '';
$this->is_admin = 'n';
$this->banned_by = 0;
$this->banned_by_username = '';
$this->banned_until = '';
$this->banned_permanently = 'n';
$this->ban_reason = '';
$this->muted_users = '';
$this->global_muted_by = 0;
$this->global_muted_by_username = '';
$this->global_muted_until = '';
$this->global_muted_permanently = 'n';
$this->global_muted_reason = '';
$this->time_zone_offset = 0;
$this->is_guest = $guest;
$this->show_message_time = '';
$this->outgoing_message_color = '';
$this->language_id = !empty($language_id) ? $language_id : $this->_s_language_id;
$this->allow_sounds = '';
$this->room_selection_view = $this->_conf_all['room_selection_display_type'];
// Insert row
if ($this->_db_insertObj()) {
$result = true;
$this->id = $this->_db_lastInsertID();
$this_id = $this->id;
// Add new nickname
_pcpin_loadClass('nickname');
$nickname = new PCPIN_Nickname($this);
if (!$nickname->_db_getList('id', 'nickname_plain = ' . $login, 1)) {
$nickname->addNickname($this_id, '^' . $this->_conf_all['default_nickname_color'] . $login);
}
$this->id = $this_id;
}
}
return $result;
}
case '1':
$abuse_category = $l->g('spam');
break;
case '2':
$abuse_category = $l->g('insult');
break;
case '3':
$abuse_category = $l->g('adult_content');
break;
case '4':
$abuse_category = $l->g('illegal_content');
break;
case '5':
$abuse_category = $l->g('harassment');
break;
case '6':
$abuse_category = $l->g('fraud');
break;
default:
$abuse_category = $l->g('other');
break;
}
$abuses_xml[] = array('id' => $message_data['id'], 'date' => $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($message_data['date'])), 'author_id' => $message_data['author_id'], 'author_nickname' => $message_data['author_nickname'], 'category' => $abuse_category, 'room_id' => $msg_parts[1], 'room_name' => $room_name, 'abuser_nickname' => $msg_parts[3], 'description' => $msg_parts[4]);
}
}
if ($last_message_id > $session->_s_last_message_id) {
// Update session
$session->_s_updateSession($session->_s_id, true, true, null, null, null, null, null, null, $last_message_id);
}
}
$xmlwriter->setData(array('abuse' => $abuses_xml));
$language_id = $session->_conf_all['default_language'];
}
$old_language_id = $l->id;
$errortext = array();
$login = trim($login);
$email = trim($email);
if ($login == '') {
$errortext[] = $l->g('username_empty');
} elseif (_pcpin_strlen($login) < $session->_conf_all['login_length_min'] || _pcpin_strlen($login) > $session->_conf_all['login_length_max']) {
$errortext[] = str_replace('[MIN]', $session->_conf_all['login_length_min'], str_replace('[MAX]', $session->_conf_all['login_length_max'], $l->g('username_length_error')));
} elseif (!$current_user->checkUsernameUnique($login)) {
$errortext[] = $l->g('username_already_taken');
} elseif (true !== $badword->checkString($login) || true !== $disallowed_name->checkString($login)) {
$errortext[] = $l->g('username_not_available');
}
if (!PCPIN_Common::checkEmail($email)) {
$errortext[] = $l->g('email_invalid');
} elseif (!$current_user->checkEmailUnique(0, $email)) {
$errortext[] = $l->g('email_already_taken');
}
if (_pcpin_strlen($password) == 0) {
$errortext[] = $l->g('password_empty');
} elseif (_pcpin_strlen($password) < 3) {
$errortext[] = $l->g('password_too_short');
}
if (!empty($errortext)) {
$xmlwriter->setHeaderStatus(1);
$xmlwriter->setHeaderMessage('- ' . implode("\n- ", $errortext));
} else {
if ($language_id != $l->id) {
// Load language
// Avatar
$avatar->deleteAvatar($current_user_set['id']);
if (!empty($_pcpin_slave_userdata['avatar'])) {
$new_avatar_data = null;
if (PCPIN_IMAGE_CHECK_OK === PCPIN_Image::checkImage($new_avatar_data, $_pcpin_slave_userdata['avatar'], $session->_conf_all['avatar_image_types'], 0, 0, 0, true)) {
if ($binaryfile->newBinaryFile(file_get_contents($_pcpin_slave_userdata['avatar']), $new_avatar_data['mime'], $new_avatar_data['width'], $new_avatar_data['height'], 'log')) {
$avatar->addAvatar($binaryfile->id, $current_user_set['id']);
}
}
}
}
} else {
// User not exists yet
$login = $_pcpin_slave_userdata['login'];
// Create new user
$current_user->newUser($_pcpin_slave_userdata['login'], PCPIN_Common::randomString(32), $_pcpin_slave_userdata['email'], $_pcpin_slave_userdata['hide_email'], 'n', '');
$current_user->password = $_pcpin_slave_userdata['password'];
$_pcpin_slave_userdata_md5_password = $_pcpin_slave_userdata['password'];
$current_user->_db_updateObj($current_user->id);
// Userdata
$current_userdata->_db_getList('user_id = ' . $current_user->id, 1);
$current_userdata_set = $current_userdata->_db_list[0];
$current_userdata->_db_freeList();
$update_args = array();
foreach ($_pcpin_slave_userdata as $key => $val) {
if (!is_null($val) && isset($current_userdata_set[$key]) && $current_userdata_set[$key] != $val) {
$update_args[$key] = $val;
}
}
if (!empty($update_args)) {
$current_userdata->_db_updateRow($current_user->id, 'user_id', $update_args);
/**
* Get language file information
* @param string $raw Raw data
* @param string &$lng_info Language file info will be stored here
* @return boolean TRUE on success or FALSE on error
*/
function getLanguageFileInfo($raw, &$lng_info)
{
$result = false;
$lng_info = array();
if ($raw != '') {
$hash = substr($raw, 0, 32);
$raw = substr($raw, 32);
if (strlen($hash) == 32 && $raw != '' && strtoupper(md5($raw)) === $hash) {
// Hash OK
if ($raw = @base64_decode($raw)) {
if ($lng = @unserialize($raw)) {
unset($raw);
if (is_array($lng) && isset($lng['data_type']) && $lng['data_type'] == 'language' && isset($lng['pcpin_version']) && !empty($lng['data']) && is_array($lng['data'])) {
$result = true;
$lng_info['pcpin_version'] = $lng['pcpin_version'];
$lng_info['date_created'] = $lng['date_created'];
$lng = $lng['data'];
$lng_info['iso_name'] = PCPIN_Common::hexToString($lng['iso_name']);
$lng_info['local_name'] = PCPIN_Common::hexToString($lng['local_name']);
$lng_info['expressions_count'] = count($lng['expressions']);
}
}
}
}
}
return $result;
}
$tries = 100;
do {
$login = $l->g('guest') . mt_rand(0, 999);
if ($current_user->checkUsernameUnique($login) && $current_user->newUser($login, PCPIN_Common::randomString(mt_rand(100, 255)), '', 1, 'y')) {
// User created
$xmlwriter->setHeaderMessage('OK');
$xmlwriter->setHeaderStatus(0);
$user_created = true;
// Create new session and log it in
$session->_s_logIn($current_user->id, 0, $language_id);
// Update user
$current_user->_db_loadObj($current_user->id);
$current_user->previous_login = '******';
$current_user->last_login = date('Y-m-d H:i:s');
$current_user->time_zone_offset = $time_zone_offset;
$current_user->password_new = md5(PCPIN_Common::randomString(mt_rand(30, 120)));
$current_user->_db_updateObj($session->_s_user_id);
// Insert system message
$msg->addMessage(101, 'n', 0, '', 0, 0, $session->_s_user_id);
break;
}
if (--$tries == 0) {
break;
}
} while (true);
if (!$user_created) {
$xmlwriter->setHeaderMessage($l->g('error'));
}
}
}
}
/**
* Constructor
* @param object &$caller Caller object
*/
function PCPIN_Config(&$caller)
{
// Get parent properties
$this->_db_pass_vars($caller, $this);
// Load dynamic configuration.
if ($this->_db_getList('_conf_group ASC', '_conf_subgroup ASC', '_conf_id ASC')) {
foreach ($this->_db_list as $conf) {
// Set appropriate value type
$type = substr($conf['_conf_type'], 0, strpos($conf['_conf_type'], '_'));
settype($conf['_conf_value'], $type);
$this->_conf_all[$conf['_conf_name']] = $conf['_conf_value'];
if (isset($this->_conf_all_grouped[$conf['_conf_group']])) {
$this->_conf_all_grouped[$conf['_conf_group']][] = $conf;
} else {
$this->_conf_all_grouped[$conf['_conf_group']] = array($conf);
}
}
// Free up memory
$this->_db_freeList();
} else {
// No configuration found
PCPIN_Common::dieWithError(-1, '<b>Fatal error</b>: No configuration found. Check your installation.');
}
$this->_db_pass_vars($this, $caller);
}
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* Get addresses listed in IP filter table
* @param int $sort_by Sort by (0: Address, 1: Action type, 2: Expiration date, 3: Description, 4: "Added on" date)
* @param int $sort_dir Sort direction (0: Ascending, 1: Descending)
*/
_pcpin_loadClass('ipfilter');
$ipfilter = new PCPIN_IPFilter($session);
$ip_addresses = array();
if (!isset($sort_by)) {
$sort_by = 0;
}
if (!isset($sort_dir)) {
$sort_dir = 0;
}
// Get client session
if (is_object($session) && !empty($current_user->id) && $current_user->is_admin === 'y') {
$xmlwriter->setHeaderMessage('OK');
$xmlwriter->setHeaderStatus(0);
$addresses = $ipfilter->readAddresses($sort_by, $sort_dir);
foreach ($addresses as $address_data) {
$ip_addresses[] = array('id' => $address_data['id'], 'type' => $address_data['type'], 'mask' => $address_data['address'], 'added_on' => $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($address_data['added_on'])), 'expires' => $address_data['expires'] > '0000-00-00 00:00:00' ? $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($address_data['expires'])) : $l->g('never'), 'action' => $address_data['action'], 'description' => $address_data['description']);
}
}
$xmlwriter->setData(array('address' => $ip_addresses));
*
* "PCPIN Chat 6" is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* "PCPIN Chat 6" is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
if (!file_exists('../extension.inc')) {
PCPIN_Common::dieWithError(1, 'Slave mode: No phpBB2 installation found');
}
if (empty($_pcpin_init_session->_s_user_id)) {
// Get parent directory name
$master_to_chat_path_parts = explode('/', !empty($_SERVER['SCRIPT_FILENAME']) ? $_SERVER['SCRIPT_FILENAME'] : (!empty($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : $_SERVER['PHP_SELF']));
$chat_dir = $master_to_chat_path_parts[count($master_to_chat_path_parts) - 2];
unset($master_to_chat_path_parts);
/**
* phpBB stuff
*/
define('IN_PHPBB', true);
// Load master base
chdir('..');
$_pcpin_init_session->_db_restoreCharsets();
require 'extension.inc';
require 'common.' . $phpEx;
/**
* Constructor
* @param string $header_service Service name
* @param string $encoding Optional. XML encoding
* @param string $name Optional. Name of the root element
* @param string $type Optional. Type of the root element
* @param boolean $indent Optional. Whether to indent XML or not
* @param string $indent_string Optional. Indent string
*/
function PCPIN_XMLWrite($header_service, $encoding = PCPIN_XMLDOC_ENCODING, $name = PCPIN_XMLDOC_ROOT_NAME, $indent = PCPIN_XMLDOC_INDENT, $indent_string = PCPIN_XMLDOC_INDENT_STRING)
{
$this->set('root_name', $name);
$this->set('encoding', $encoding);
$this->set('indent', $indent);
$this->set('indent_string', $indent_string);
$this->set('cdata_escape_sequence', '_' . PCPIN_Common::randomString(12) . '_');
$this->set('xml_data', array());
$this->set('header_service', $header_service);
}
$current_version = $version->_db_list[0]['version'];
$last_check = $version->_db_list[0]['last_version_check'] > '0000-00-00 00:00:00' ? $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($version->_db_list[0]['last_version_check'])) : $l->g('never');
$new_version_available = $version->_db_list[0]['new_version_available'];
$new_version_url = $version->_db_list[0]['new_version_url'];
} else {
$current_version = 6.0;
$last_check = $l->g('never');
$new_version_available = $current_version;
$new_version_url = '';
}
$current_version = number_format($current_version, 2, '.', '');
$new_version_available = number_format($new_version_available, 2, '.', '');
if (!empty($do_check)) {
// Check for new version
// Generate new security key
$key = PCPIN_Common::randomString(36, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-()[].,');
$version->setVersionCheckKey($key);
$session->_s_updateSession($session->_s_id, true, true, null, null, null, md5($key));
header('Location: ' . PCPIN_VERSIONCHECKER_URL . '?' . htmlspecialchars($key));
die;
}
// Initialize template handler
_pcpin_loadClass('pcpintpl');
$tpl = new PcpinTpl();
$tpl->setBasedir('./tpl');
$tpl->readTemplatesFromFile('./admin/versions.tpl');
// Add global vars to template
foreach ($global_tpl_vars as $key => $val) {
$tpl->addGlobalVar($key, htmlspecialchars($val));
}
// Add language expressions to template
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
if (!isset($user_id)) {
$user_id = 0;
}
_pcpin_loadClass('nickname');
$nickname = new PCPIN_Nickname($session);
_pcpin_loadClass('invitation');
$invitation = new PCPIN_Invitation($session);
if (!empty($current_user->id)) {
$xmlwriter->setHeaderMessage($l->g('error'));
$xmlwriter->setHeaderStatus(1);
if ($current_user->global_muted_until > date('Y-m-d H:i:s')) {
$xmlwriter->setHeaderMessage($l->g('you_are_muted_until'));
$xmlwriter->setHeaderMessage(str_replace('[EXPIRATION_DATE]', $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($current_user->global_muted_until)), $message));
} elseif ($current_user->global_muted_permanently == 'y') {
$xmlwriter->setHeaderMessage($l->g('you_are_muted_permanently'));
} else {
if (!empty($session->_s_room_id) && !empty($user_id) && $current_user->_db_getList('id', 'id = ' . $user_id, 1)) {
// User exists
if ($session->_db_getList('_s_room_id, _s_stealth_mode', '_s_user_id = ' . $user_id, 1)) {
// User is online
if ($session->_db_list[0]['_s_room_id'] == $session->_s_room_id) {
// User is already in desired room
if ($session->_db_list[0]['_s_stealth_mode'] == 'y' && $current_user->is_admin !== 'y') {
// Invited user is in stealth mode, produce a dummy message
$xmlwriter->setHeaderStatus(0);
$xmlwriter->setHeaderMessage(str_replace('[USER]', $nickname->coloredToPlain($nickname->getDefaultNickname($user_id), false), $l->g('invitation_sent')));
} else {
$xmlwriter->setHeaderStatus(1);
// Database server host name.
// Examples: 'localhost' or 'db.myhost.com'
$_pcpin_db_server = 'localhost';
// Database username
$_pcpin_db_user = '******';
// Database password
$_pcpin_db_password = '******';
// Database name
$_pcpin_db_database = 'usr_web0_2';
// Prefix for all chat table names
$_pcpin_db_tbl_prefix = 'pcpin_';
///////////////////////////////////////////////////////////
// DO NOT EDIT OR DELETE ANYTHING BELOW THIS LINE !!!
///////////////////////////////////////////////////////////
if (defined('PCPIN_DB_DATA_LOADED')) {
PCPIN_Common::dieWithError(1, 'Access denied');
} else {
define('PCPIN_DB_DATA_LOADED', true);
}
if (function_exists('debug_backtrace')) {
$_pcpin_dbt = debug_backtrace();
if (is_array($_pcpin_dbt) && (!isset($_pcpin_dbt[0]) || basename($_pcpin_dbt[0]['file']) !== 'init.inc.php' && basename($_pcpin_dbt[0]['file']) !== 'check_db.php')) {
die('Access denied');
}
unset($_pcpin_dbt);
}
$_pcpin_dbcn = md5(mt_rand(-time(), time()) . microtime());
${$_pcpin_dbcn} = array();
${$_pcpin_dbcn}['server'] = $_pcpin_db_server;
unset($_pcpin_db_server);
${$_pcpin_dbcn}['user'] = $_pcpin_db_user;
/**
* Get banners list
* @return array
*/
function getBanners()
{
$banners = array();
if ($this->_db_getList('display_position DESC, name ASC')) {
foreach ($this->_db_list as $data) {
$data['start_date'] = PCPIN_Common::datetimeToTimestamp($data['start_date']);
$data['expiration_date'] = $data['expiration_date'] > '0000-00-00 00:00:00' ? PCPIN_Common::datetimeToTimestamp($data['expiration_date']) : 0;
$banners[] = $data;
}
$this->_db_freeList();
}
return $banners;
}