function sanitize($text)
{
global $smileys;
global $smileys_default;
$temp = $text;
$text = sanitize_core($text);
$text = $text . " ";
$text = str_replace('&', '&', $text);
$search = "/((?#Email)(?:\\S+\\@)?(?#Protocol)(?:(?:ht|f)tp(?:s?)\\:\\/\\/|~\\/|\\/)?(?#Username:Password)(?:\\w+:\\w+@)?(?#Subdomains)(?:(?:[-\\w]+\\.)+(?#TopLevel Domains)(?:com|org|net|gov|mil|biz|info|mobi|name|aero|jobs|museum|travel|a[cdefgilmnoqrstuwz]|b[abdefghijmnorstvwyz]|c[acdfghiklmnoruvxyz]|d[ejkmnoz]|e[ceghrst]|f[ijkmnor]|g[abdefghilmnpqrstuwy]|h[kmnrtu]|i[delmnoqrst]|j[emop]|k[eghimnprwyz]|l[abcikrstuvy]|m[acdghklmnopqrstuvwxyz]|n[acefgilopruz]|om|p[aefghklmnrstwy]|qa|r[eouw]|s[abcdeghijklmnortuvyz]|t[cdfghjkmnoprtvwz]|u[augkmsyz]|v[aceginu]|w[fs]|y[etu]|z[amw]|aero|arpa|biz|com|coop|edu|info|int|gov|mil|museum|name|net|org|pro))(?#Port)(?::[\\d]{1,5})?(?#Directories)(?:(?:(?:\\/(?:[-\\w~!\$+|.,=]|%[a-f\\d]{2})+)+|\\/)+|#)?(?#Query)(?:(?:\\?(?:[-\\w~!\$+|\\/.,*:]|%[a-f\\d{2}])+=?(?:[-\\w~!\$+|.,*:=]|%[a-f\\d]{2})*)(?:&(?:[-\\w~!\$+|.,*:]|%[a-f\\d{2}])+=?(?:[-\\w~!\$+|.,*:=]|%[a-f\\d]{2})*)*)*(?#Anchor)(?:#(?:[-\\w~!\$+|\\/.,*:=]|%[a-f\\d]{2})*)?)([^[:alpha:]]|\\?)/i";
if (DISABLE_LINKING != 1) {
$text = preg_replace_callback($search, "autolink", $text);
}
if (DISABLE_SMILEYS != 1) {
foreach ($smileys_default as $default_pattern => $default_result) {
$title = str_replace("-", " ", ucwords(preg_replace("/\\.(.*)/", "", $default_result)));
$class = str_replace("-", " ", preg_replace("/\\.(.*)/", "", $default_result));
$text = str_ireplace(str_replace('&', '&', htmlspecialchars($default_pattern, ENT_NOQUOTES)) . ' ', '<img class="cometchat_smiley" height="20" width="20" src="' . BASE_URL . 'images/smileys/' . $default_result . '" title="' . $title . '"> ', $text . ' ');
}
foreach ($smileys as $pattern => $result) {
$title = str_replace("-", " ", ucwords(preg_replace("/\\.(.*)/", "", $result)));
$class = str_replace("-", " ", preg_replace("/\\.(.*)/", "", $result));
$text = str_ireplace(str_replace('&', '&', htmlspecialchars($pattern, ENT_NOQUOTES)) . ' ', '<img class="cometchat_smiley" height="20" width="20" src="' . BASE_URL . 'images/smileys/' . $result . '" title="' . $title . '"> ', $text . ' ');
}
}
return trim($text);
}
function sanitize($text)
{
$temp = $text;
$text = sanitize_core($text);
$text = $text . " ";
$text = str_replace('&', '&', $text);
$search = "/((?#Email)(?:\\S+\\@)?(?#Protocol)(?:(?:ht|f)tp(?:s?)\\:\\/\\/|~\\/|\\/)?(?#Username:Password)(?:\\w+:\\w+@)?(?#Subdomains)(?:(?:[-\\w]+\\.)+(?#TopLevel Domains)(?:com|org|net|gov|mil|biz|info|mobi|name|aero|jobs|museum|travel|a[cdefgilmnoqrstuwz]|b[abdefghijmnorstvwyz]|c[acdfghiklmnoruvxyz]|d[ejkmnoz]|e[ceghrst]|f[ijkmnor]|g[abdefghilmnpqrstuwy]|h[kmnrtu]|i[delmnoqrst]|j[emop]|k[eghimnprwyz]|l[abcikrstuvy]|m[acdghklmnopqrstuvwxyz]|n[acefgilopruz]|om|p[aefghklmnrstwy]|qa|r[eouw]|s[abcdeghijklmnortuvyz]|t[cdfghjkmnoprtvwz]|u[augkmsyz]|v[aceginu]|w[fs]|y[etu]|z[amw]|aero|arpa|biz|com|coop|edu|info|int|gov|mil|museum|name|net|org|pro))(?#Port)(?::[\\d]{1,5})?(?#Directories)(?:(?:(?:\\/(?:[-\\w~!\$+|.,=]|%[a-f\\d]{2})+)+|\\/)+|#)?(?#Query)(?:(?:\\?(?:[-\\w~!\$+|\\/.,*:]|%[a-f\\d{2}])+=?(?:[-\\w~!\$+|.,*:=]|%[a-f\\d]{2})*)(?:&(?:[-\\w~!\$+|.,*:]|%[a-f\\d{2}])+=?(?:[-\\w~!\$+|.,*:=]|%[a-f\\d]{2})*)*)*(?#Anchor)(?:#(?:[-\\w~!\$+|\\/.,*:=]|%[a-f\\d]{2})*)?)([^[:alpha:]]|\\?)/i";
return trim($text);
}
function deleteannouncement()
{
global $ts;
if (!empty($_GET['data'])) {
$sql = "delete from cometchat_announcements where id = '" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($_GET['data'])) . "'";
$query = mysqli_query($GLOBALS['dbh'], $sql);
removeCache('latest_announcement');
}
header("Location:?module=announcements&ts={$ts}");
}
function createchatroom()
{
if (!empty($_REQUEST['token']) && $_REQUEST['token'] == $_SESSION['token']) {
} else {
echo "CSRF attack detected. Halting request.";
exit;
}
global $userid;
$name = $_POST['name'];
$password = $_POST['password'];
$type = $_POST['type'];
if ($userid != '') {
$time = getTimeStamp();
if (!empty($password)) {
$password = sha1($password);
} else {
$password = '';
}
$sql = "insert into cometchat_chatrooms (name,createdby,lastactivity,password,type) values ('" . mysql_real_escape_string(sanitize_core($name)) . "', '" . mysql_real_escape_string($userid) . "','" . getTimeStamp() . "','" . mysql_real_escape_string(sanitize_core($password)) . "','" . mysql_real_escape_string(sanitize_core($type)) . "')";
$query = mysql_query($sql);
$currentroom = mysql_insert_id();
$sql = "insert into cometchat_chatrooms_users (userid,chatroomid,lastactivity) values ('" . mysql_real_escape_string($userid) . "','" . mysql_real_escape_string($currentroom) . "','" . mysql_real_escape_string($time) . "') on duplicate key update chatroomid = '" . mysql_real_escape_string($currentroom) . "', lastactivity = '" . mysql_real_escape_string($time) . "'";
$query = mysql_query($sql);
echo $currentroom;
exit(0);
}
}
function createchatroom()
{
global $userid;
global $cookiePrefix;
$name = $_POST['name'];
$password = $_POST['password'];
$type = $_POST['type'];
$sql = "select name from cometchat_chatrooms where name = '" . $name . "'";
$query = mysql_query($sql);
if (mysql_num_rows($query) == 0) {
if ($userid > 0) {
$time = getTimeStamp();
if (!empty($password)) {
$password = sha1($password);
} else {
$password = '';
}
$sql = "insert into cometchat_chatrooms (name,createdby,lastactivity,password,type) values ('" . mysql_real_escape_string(sanitize_core($name)) . "', '" . mysql_real_escape_string($userid) . "','" . getTimeStamp() . "','" . mysql_real_escape_string(sanitize_core($password)) . "','" . mysql_real_escape_string(sanitize_core($type)) . "')";
$query = mysql_query($sql);
$currentroom = mysql_insert_id();
$sql = "insert into cometchat_chatrooms_users (userid,chatroomid,lastactivity) values ('" . mysql_real_escape_string($userid) . "','" . mysql_real_escape_string($currentroom) . "','" . mysql_real_escape_string($time) . "') on duplicate key update chatroomid = '" . mysql_real_escape_string($currentroom) . "', lastactivity = '" . mysql_real_escape_string($time) . "'";
$query = mysql_query($sql);
echo $currentroom;
exit(0);
}
} else {
echo "0";
exit;
}
}
} else {
$joinroom = '';
$dynamicChatroom = 0;
$leaveroom = "";
if (!empty($_REQUEST['action']) && ($_REQUEST['action'] = 'dynamicChatroom') && !empty($_REQUEST['name'])) {
global $userid;
global $cookiePrefix;
$name = $_REQUEST['name'];
$type = '3';
$sql = "select id,name,type from cometchat_chatrooms where name = '" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($name)) . "'";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$result = mysqli_fetch_assoc($query);
if (empty($result['id'])) {
if ($userid > 0) {
$password = '';
$sql = "insert into cometchat_chatrooms (name,createdby,lastactivity,password,type) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($name)) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "','" . getTimeStamp() . "','" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($password)) . "','3')";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$currentroom = mysqli_insert_id($GLOBALS['dbh']);
$_GET['id'] = $currentroom;
}
} elseif ($result['type'] == 3) {
$_GET['id'] = $result['id'];
}
$leaveroom = "setTimeout(function(){\$('.welcomemessage a:first, span:first').remove();},500);";
$dynamicChatroom = 1;
}
if (!empty($_COOKIE[$cookiePrefix . 'chatroom']) && empty($_GET['roomid']) && empty($_GET['id'])) {
$info = explode(':', base64_decode($_COOKIE[$cookiePrefix . 'chatroom']));
$_GET['roomid'] = intval($info[0]);
$_GET['inviteid'] = $info[1];
$_GET['roomname'] = $info[2];
function searchlogs()
{
global $ts;
global $usertable_userid;
global $usertable_username;
global $usertable;
global $navigation;
global $body;
global $moderatorUserIDs;
include_once dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'modules' . DIRECTORY_SEPARATOR . 'chatrooms' . DIRECTORY_SEPARATOR . 'config.php';
$username = $_REQUEST['susername'];
if (empty($username)) {
// Base 64 Encoded
$username = '******';
}
$sql = "select {$usertable_userid} id, {$usertable_username} username from {$usertable} where {$usertable_username} LIKE '%" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($username)) . "%'";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$userslist = '';
while ($user = mysqli_fetch_assoc($query)) {
if (function_exists('processName')) {
$user['username'] = processName($user['username']);
}
$moderator = '<a style="font-size: 11px; margin-top: 2px; margin-left: 5px; float: right; font-weight: bold; color: #0F5D7E;" href="?module=chatrooms&action=makemoderatorprocess&susername='******'&moderatorid=' . $user['id'] . '&ts=' . $ts . '"><img style="width: 16px;" title="Make Moderator" src="images/add_moderator.png"></a>';
if (in_array($user['id'], $moderatorUserIDs)) {
$moderator = '<a style="font-size: 11px; margin-top: 2px; margin-left: 5px; float: right; font-weight: bold; color: #0F5D7E;" href="?module=chatrooms&action=removemoderatorprocess&susername='******'&moderatorid=' . $user['id'] . '&ts=' . $ts . '"><img style="width: 16px;" title="Remove Moderator" src="images/remove_moderator.png"></a>';
}
$userslist .= '<li class="ui-state-default cursor_default"><span style="font-size:11px;float:left;margin-top:2px;margin-left:5px;">' . $user['username'] . ' - ' . $user['id'] . '</span>' . $moderator . '<div style="clear:both"></div></li>';
}
$body = <<<EOD
\t{$navigation}
\t<div id="rightcontent" style="float:left;width:720px;border-left:1px dotted #ccc;padding-left:20px;">
\t\t<h2>Search results</h2>
\t\t<h3>Please find the user id next to each username. <a href="?module=chatrooms&action=finduser&ts={$ts}">Click here to search again</a></h3>
\t\t<div>
\t\t\t<ul id="modules_logs">
\t\t\t\t{$userslist}
\t\t\t</ul>
\t\t</div>
\t\t<div style="clear:both;padding:7.5px;"></div>
\t</div>
\t<div style="clear:both"></div>
EOD;
template();
}
function setStatus($message)
{
global $userid;
global $chromeReorderFix;
$sql = "insert into cometchat_status (userid,status) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($message)) . "') on duplicate key update status = '" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($message)) . "'";
$query = mysqli_query($GLOBALS['dbh'], $sql);
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysqli_error($GLOBALS['dbh']);
}
if (function_exists('hooks_activityupdate')) {
hooks_activityupdate($userid, $message);
}
}
function searchlogs()
{
checktoken();
global $usertable_userid;
global $usertable_username;
global $usertable;
global $navigation;
global $body;
$username = $_POST['susername'];
if (empty($username)) {
// Base 64 Encoded
$username = '******';
}
$sql = "select {$usertable_userid} id, {$usertable_username} username from {$usertable} where {$usertable_username} LIKE '%" . mysql_real_escape_string(sanitize_core($username)) . "%'";
$query = mysql_query($sql);
$userslist = '';
while ($user = mysql_fetch_array($query)) {
if (function_exists('processName')) {
$user['username'] = processName($user['username']);
}
$userslist .= '<li class="ui-state-default"><span style="font-size:11px;float:left;margin-top:2px;margin-left:5px;">' . $user['username'] . ' - ' . $user['id'] . '</span><div style="clear:both"></div></li>';
}
$body = <<<EOD
\t{$navigation}
\t<div id="rightcontent" style="float:left;width:720px;border-left:1px dotted #ccc;padding-left:20px;">
\t\t<h2>Search results</h2>
\t\t<h3>Please find the user id next to each username. <a href="?module=chatrooms&action=finduser">Click here to search again</a></h3>
\t\t<div>
\t\t\t<ul id="modules_logs">
\t\t\t\t{$userslist}
\t\t\t</ul>
\t\t</div>
\t\t<div style="clear:both;padding:7.5px;"></div>
\t</div>
\t<div style="clear:both"></div>
EOD;
template();
}
function deletechatroom()
{
global $userid;
global $moderatorUserIDs;
global $cookiePrefix;
$createdby = " and createdby != 0 ";
if (!empty($_POST['id'])) {
if (!in_array($userid, $moderatorUserIDs)) {
$createdby .= " and createdby = '" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($userid)) . "' ";
}
$sql = "delete from cometchat_chatrooms where id = '" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($_POST['id'])) . "' " . $createdby;
$query = mysqli_query($GLOBALS['dbh'], $sql);
echo mysqli_affected_rows($GLOBALS['dbh']);
exit;
}
removeCache('chatroom_list');
echo 0;
}
function deleteannouncement()
{
checktoken();
if (!empty($_GET['data'])) {
$sql = "delete from cometchat_announcements where id = '" . mysql_real_escape_string(sanitize_core($_GET['data'])) . "'";
$query = mysql_query($sql);
}
header("Location:?module=announcements");
}
$query = mysql_query($sql);
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysql_error();
}
if (isset($_GET['callback'])) {
header('content-type: application/json; charset=utf-8');
echo $_GET['callback'] . '(1)';
} else {
echo "1";
}
exit(0);
}
if (isset($_REQUEST['statusmessage'])) {
$message = $_REQUEST['statusmessage'];
if (empty($_SESSION['cometchat']['statusmessage']) || $_SESSION['cometchat']['statusmessage'] != $message) {
$sql = "insert into cometchat_status (userid,message) values ('" . mysql_real_escape_string($userid) . "','" . mysql_real_escape_string(sanitize_core($message)) . "') on duplicate key update message = '" . mysql_real_escape_string(sanitize_core($message)) . "'";
$query = mysql_query($sql);
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysql_error();
}
$_SESSION['cometchat']['statusmessage'] = $message;
if (function_exists('hooks_statusupdate')) {
hooks_statusupdate($userid, $message);
}
}
if (isset($_GET['callback'])) {
header('content-type: application/json; charset=utf-8');
echo $_GET['callback'] . '(1)';
} else {
echo "1";
}
function searchlogs()
{
global $ts;
global $usertable_userid;
global $usertable_username;
global $usertable;
global $navigation;
global $body;
global $guestsMode;
$userid = $_POST['userid'];
$username = $_POST['susername'];
if (empty($username)) {
// Base 64 Encoded
$username = '******';
}
$guestpart = "";
if ($guestsMode) {
$guestpart = "union (select cometchat_guests.id, cometchat_guests.name username from cometchat_guests where cometchat_guests.name LIKE '%" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($username)) . "%' or cometchat_guests.id = '" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($userid)) . "')";
}
$sql = "(select " . $usertable_userid . " id, " . $usertable_username . " username from " . $usertable . " where " . $usertable_username . " LIKE '%" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($username)) . "%' or " . $usertable_userid . " = '" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($userid)) . "') " . $guestpart . " ";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$userslist = '';
$no_users = '';
while ($user = mysqli_fetch_assoc($query)) {
if (function_exists('processName')) {
$user['username'] = processName($user['username']);
}
$userslist .= '<li class="ui-state-default" onclick="javascript:logs_gotouser(\'' . $user['id'] . '\');"><span style="font-size:11px;float:left;margin-top:2px;margin-left:5px;">' . $user['username'] . '</span><div style="clear:both"></div></li>';
}
if (!$userslist) {
$no_users .= '<div id="no_plugin" style="width: 480px;float: left;color: #333333;">No results found</div>';
}
$body = <<<EOD
\t{$navigation}
\t<div id="rightcontent" style="float:left;width:720px;border-left:1px dotted #ccc;padding-left:20px;">
\t\t<h2>Logs</h2>
\t\t<h3>Please select a user from below. <a href="?module=logs&ts={$ts}">Click here to search again</a></h3>
\t\t<div>
\t\t\t<ul id="modules_logs">
\t\t\t\t{$no_users}
\t\t\t\t{$userslist}
\t\t\t</ul>
\t\t</div>
\t\t<div style="clear:both;padding:7.5px;"></div>
\t</div>
\t<div style="clear:both"></div>
EOD;
template();
}
function deletechatroom()
{
global $userid;
global $moderatorUserIDs;
global $cookiePrefix;
$createdby = " and createdby != 0 ";
if (!empty($_POST['id'])) {
if (!in_array($userid, $moderatorUserIDs)) {
$createdby .= " and createdby = '" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($userid)) . "' ";
}
$joinedChatroomIds = $_SESSION['cometchat']['cometchat_joinedchatroomids'];
$key = array_search($_POST['id'], $joinedChatroomIds);
if ($key !== false) {
unset($joinedChatroomIds[$key]);
}
$_SESSION['cometchat']['cometchat_joinedchatroomids'] = $joinedChatroomIds;
$sql = "delete from cometchat_chatrooms where id = '" . mysqli_real_escape_string($GLOBALS['dbh'], sanitize_core($_POST['id'])) . "' " . $createdby;
$query = mysqli_query($GLOBALS['dbh'], $sql);
echo mysqli_affected_rows($GLOBALS['dbh']);
exit;
}
removeCache('chatroom_list');
echo 0;
}
function newchatroomprocess()
{
checktoken();
$chatroom = $_POST['chatroom'];
$type = $_POST['type'];
$password = $_POST['ppassword'];
if (!empty($password) && ($type == 1 || $type == 2)) {
$password = md5($password);
} else {
$password = '';
}
$sql = "insert into cometchat_chatrooms (name,createdby,lastactivity,password,type) values ('" . mysql_real_escape_string(sanitize_core($chatroom)) . "', '0','" . getTimeStamp() . "','" . mysql_real_escape_string($password) . "','" . mysql_real_escape_string($type) . "')";
$query = mysql_query($sql);
header("Location: ?module=chatrooms");
}
