function db_insert($tbl, $fields)
{
global $db;
$count = 0;
$query_fields = array();
$query_values = array();
foreach ($fields as $field => $val) {
$query_fields[] = $field;
$needle = substr($val, 0, 2);
if ($needle != '{{') {
$query_values[] = "'" . filter_sql($val) . "'";
} else {
$val = substr($val, 2, strlen($val) - 4);
$query_values[] = filter_sql($val);
}
$count++;
}
$fields_query = implode(',', $query_fields);
$values_query = implode(',', $query_values);
//Complete Query
$query = "INSERT INTO {$tbl} ({$fields_query}) VALUES ({$values_query}) {$ep}";
//if(!mysql_query($query)) die($query.'<br>'.mysql_error());
$db->total_queries++;
$db->total_queries_sql[] = $query;
try {
$db->mysqli->query($query);
} catch (DB_Exception $e) {
$e->getError();
}
return $db->insert_id();
}
function destroy($id)
{
global $mydatabase;
// Build query
// $newid = mysql_real_escape_string($id,$mydatabase->CONN);
$newid = filter_sql($id);
$sql = "DELETE FROM `livehelp_sessions` WHERE `session_id` ='{$newid}'";
if (isset($mydatabase)) {
$mydatabase->query($sql);
}
return true;
}
$graph = array();
$graph[] = $row[0];
recursive_delete_pages($row[0], 'livehelp_visits_monthly', $graph);
}
}
// Delete old Keywords:
$sqlquery = "SELECT COUNT(*) as totalkeywords FROM livehelp_keywords_monthly WHERE dateof={$monthago}";
$rs = $mydatabase->query($sqlquery);
$row = $rs->fetchRow(DB_FETCHMODE_ORDERED);
$totalkeywords = $row[0];
// if we have more keywords then we should have for previous month:
if ($totalkeywords > $CSLH_Config['topkeywords']) {
$query = "SELECT keywords FROM livehelp_keywords_monthly WHERE dateof={$monthago} ORDER by levelvisits DESC LIMIT " . $CSLH_Config['topkeywords'] . ",1000";
$sth = $mydatabase->query($query);
while ($row = $sth->fetchRow(DB_FETCHMODE_ORDERED)) {
$keywords = filter_sql($row[0]);
$q = "DELETE FROM livehelp_keywords_monthly WHERE keywords='{$keywords}'";
$mydatabase->query($q);
$q = "DELETE FROM livehelp_keywords_daily WHERE keywords='{$keywords}'";
$mydatabase->query($q);
}
}
}
// If current database table is big:
//------------------------------------------------
$randomNumber = rand(1, 999);
$thismonth = date("Ym", mktime(2, 0, 0, date("m"), date("d"), date("Y")));
if ($dbtype != "txt-db-api" && $CSLH_Config['tracking'] == "Y" && $randomNumber == 17) {
if (empty($CSLH_Config['maxrecords'])) {
$CSLH_Config['maxrecords'] = 50000;
}
$rs = $sth->fetchRow(DB_FETCHMODE_ASSOC);
$channelcolor = $rs['channelcolor'];
$txtcolor = $rs['txtcolor'];
$txtcolor_alt = $rs['txtcolor_alt'];
// get the usernames:
$query = "SELECT username FROM livehelp_users WHERE user_id=" . intval($rs['user_id']);
$sth = $mydatabase->query($query);
$rs2 = $sth->fetchRow(DB_FETCHMODE_ASSOC);
$txtcolor_username = $rs2['username'];
$query = "SELECT username FROM livehelp_users WHERE user_id=" . intval($rs['userid']);
$sth = $mydatabase->query($query);
$rs2 = $sth->fetchRow(DB_FETCHMODE_ASSOC);
$txtcolor_alt_username = $rs2['username'];
}
if ($UNTRUSTED['whattodo'] == "UPDATE") {
$query = "UPDATE livehelp_operator_channels SET txtcolor_alt='" . filter_sql($UNTRUSTED['txtcolor_alt']) . "',channelcolor='" . filter_sql($UNTRUSTED['channelcolor']) . "',txtcolor='" . filter_sql($UNTRUSTED['txtcolor']) . "' WHERE channel=" . intval($UNTRUSTED['id']);
$sth = $mydatabase->query($query);
?>
<script type="text/javascript">window.location.replace('live.php');</script>
<?php
exit;
}
$selectedtab = "visit";
include "mobileheader.php";
?>
<script type="text/javascript">
var myScroll;
window.addEventListener('orientationchange', setHeight);
function setHeight() {
document.getElementById('wrapper').style.height = window.orientation == 90 || window.orientation == -90 ? '85px' : '300px';
function initialization_database()
{
// Clear IP Activity and Banlist for next start
mysql_query("TRUNCATE TABLE `ip_activity`");
mysql_query("TRUNCATE TABLE `ip_banlist`");
// Clear Active & New Peers List
mysql_query("DELETE FROM `active_peer_list` WHERE `active_peer_list`.`join_peer_list` != 0");
// Permanent Peers Ignored
mysql_query("TRUNCATE TABLE `new_peers_list`");
// Record when started
mysql_query("UPDATE `options` SET `field_data` = '" . time() . "' WHERE `options`.`field_name` = 'timekoin_start_time' LIMIT 1");
//**************************************
// Upgrade Database from v3.x earlier versions
// Auto IP Update Settings
$new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'auto_update_generation_IP' LIMIT 1"), 0, 0);
if ($new_record_check === FALSE) {
// Does not exist, create it
mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('auto_update_generation_IP', '0')");
}
// CLI Mode Settings
$new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'cli_mode' LIMIT 1"), 0, 0);
if ($new_record_check === FALSE) {
// Does not exist, create it
mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('cli_mode', '1')");
}
// CLI Mode Port Settings
$new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'cli_port' LIMIT 1"), 0, 0);
if ($new_record_check === FALSE) {
// Does not exist, create it
mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('cli_port', '')");
}
// IPv4 + IPv6 Network Mode
$new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'network_mode' LIMIT 1"), 0, 0);
if ($new_record_check === FALSE) {
// Does not exist, create it
mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('network_mode', '1')");
}
// IPv6 Generation IP Field
$new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'generation_IP_v6' LIMIT 1"), 0, 0);
if ($new_record_check === FALSE) {
// Does not exist, create it
mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('generation_IP_v6', '')");
}
//**************************************
// Check for an empty generation IP address,
// if none exist, attempt to auto-detect one
// and fill in the field.
$poll_IP = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'generation_IP' LIMIT 1"), 0, 0);
if (empty($poll_IP) == TRUE) {
ini_set('user_agent', 'Timekoin Server (Main) v' . TIMEKOIN_VERSION);
ini_set('default_socket_timeout', 3);
// Timeout for request in seconds
$poll_IP = filter_sql(poll_peer(NULL, 'timekoin.net', NULL, 80, 46, "ipv4.php"));
if (empty($poll_IP) == FALSE) {
mysql_query("UPDATE `options` SET `field_data` = '{$poll_IP}' WHERE `options`.`field_name` = 'generation_IP' LIMIT 1");
}
}
//**************************************
// Main Loop Status & Active Options Setup
// Truncate to Free RAM
mysql_query("TRUNCATE TABLE `main_loop_status`");
$time = time();
//**************************************
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('balance_last_heartbeat', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('foundation_last_heartbeat', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('generation_last_heartbeat', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('genpeer_last_heartbeat', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('main_heartbeat_active', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('main_last_heartbeat', '{$time}')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('peerlist_last_heartbeat', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('queueclerk_last_heartbeat', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('transclerk_last_heartbeat', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('treasurer_last_heartbeat', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('watchdog_heartbeat_active', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('watchdog_last_heartbeat', '{$time}')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('peer_transaction_start_blocks', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('peer_transaction_performance', '10')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('block_check_back', '1')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('block_check_start', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('firewall_blocked_peer', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('foundation_block_check', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('foundation_block_check_end', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('foundation_block_check_start', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('generation_peer_list_no_sync', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('no_peer_activity', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('time_sync_error', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('transaction_history_block_check', '0')");
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('update_available', '0')");
//**************************************
// Copy values from Database to RAM Database
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'allow_ambient_peer_restart' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('allow_ambient_peer_restart', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'allow_LAN_peers' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('allow_LAN_peers', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'server_request_max' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('server_request_max', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'max_active_peers' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('max_active_peers', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'max_new_peers' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('max_new_peers', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'trans_history_check' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('trans_history_check', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'super_peer' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('super_peer', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'perm_peer_priority' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('perm_peer_priority', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'auto_update_generation_IP' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('auto_update_generation_IP', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'peer_failure_grade' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('peer_failure_grade', '{$db_to_RAM}')");
$db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'network_mode' LIMIT 1"), 0, 0);
mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('network_mode', '{$db_to_RAM}')");
//**************************************
return 0;
}
}
//***********************************************************************************
//***********************************************************************************
// Open persistent connection to database
mysql_connect(MYSQL_IP, MYSQL_USERNAME, MYSQL_PASSWORD);
mysql_select_db(MYSQL_DATABASE);
// Check for banned IP address
if (ip_banned($_SERVER['REMOTE_ADDR']) == TRUE) {
// Sorry, your IP address has been banned :(
exit;
}
//***********************************************************************************
//***********************************************************************************
// Answer public key balance request that match our hash code
if ($_GET["action"] == "key_balance") {
$hash_code = substr($_GET["hash"], 0, 256);
$server_hash_code = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'server_hash_code' LIMIT 1"), 0, "field_data");
if ($hash_code == $server_hash_code && $server_hash_code != "0") {
// Grab balance for public key and return back
$public_key = substr($_POST["public_key"], 0, 500);
$public_key = filter_sql(base64_decode($public_key));
echo check_crypt_balance($public_key);
}
// Log inbound IP activity
log_ip("AP");
exit;
}
//***********************************************************************************
//***********************************************************************************
// Log IP even when not using any functions
log_ip("AP");
function send_timekoins($my_private_key, $my_public_key, $send_to_public_key, $amount, $message)
{
$arr1 = str_split($send_to_public_key, 181);
openssl_private_encrypt($arr1[0], $encryptedData1, $my_private_key);
$encryptedData64_1 = base64_encode($encryptedData1);
openssl_private_encrypt($arr1[1], $encryptedData2, $my_private_key);
$encryptedData64_2 = base64_encode($encryptedData2);
if (empty($message) == TRUE) {
$transaction_data = "AMOUNT={$amount}---TIME=" . time() . "---HASH=" . hash('sha256', $encryptedData64_1 . $encryptedData64_2);
} else {
// Sanitization of message
// Filter symbols that might lead to a transaction hack attack
$symbols = array("|", "?", "=");
// SQL + URL
$message = str_replace($symbols, "", $message);
// Trim any message to 64 characters max and filter any sql
$message = filter_sql(substr($message, 0, 64));
$transaction_data = "AMOUNT={$amount}---TIME=" . time() . "---HASH=" . hash('sha256', $encryptedData64_1 . $encryptedData64_2) . "---MSG={$message}";
}
openssl_private_encrypt($transaction_data, $encryptedData3, $my_private_key);
$encryptedData64_3 = base64_encode($encryptedData3);
$triple_hash_check = hash('sha256', $encryptedData64_1 . $encryptedData64_2 . $encryptedData64_3);
$sql = "INSERT INTO `my_transaction_queue` (`timestamp`,`public_key`,`crypt_data1`,`crypt_data2`,`crypt_data3`, `hash`, `attribute`)\nVALUES ('" . time() . "', '{$my_public_key}', '{$encryptedData64_1}', '{$encryptedData64_2}' , '{$encryptedData64_3}', '{$triple_hash_check}' , 'T')";
if (mysql_query($sql) == TRUE) {
// Success code
return TRUE;
} else {
return FALSE;
}
}
// Keep track of errors in case this can't be recovered from
$datbase_error = TRUE;
$database_error_counter++;
} else {
$datbase_error = 0;
$database_error_counter = 0;
}
if ($loop_active == 1) {
// Main loop work goes below
// Set the working status of 2
mysql_query("UPDATE `main_loop_status` SET `field_data` = '2' WHERE `main_loop_status`.`field_name` = 'main_heartbeat_active' LIMIT 1");
//*****************************************************************************************************
//*****************************************************************************************************
// Do a random time sync check and report any errors to the user
if (rand(1, 99) == 30) {
$poll_peer = filter_sql(file_get_contents("http://timekoin.net/time.php", FALSE, $context, NULL, 12));
$my_time = time();
if (abs($poll_peer - $my_time) > 15 && empty($poll_peer) == FALSE) {
// Timekoin peer time is not in sync
mysql_query("UPDATE `main_loop_status` SET `field_data` = '1' WHERE `main_loop_status`.`field_name` = 'time_sync_error' LIMIT 1");
} else {
// Timekoin peer time is in sync
mysql_query("UPDATE `main_loop_status` SET `field_data` = '0' WHERE `main_loop_status`.`field_name` = 'time_sync_error' LIMIT 1");
}
}
//*****************************************************************************************************
//*****************************************************************************************************
// Do a update software check and report to user if one is available
if (rand(1, 300) == 100) {
if (check_for_updates(TRUE) == 1) {
// Update available, alert user
$check_s = $mydatabase->query($query);
$check_s = $check_s->fetchRow(DB_FETCHMODE_ASSOC);
if ($check_s['status'] != "chat") {
$query = "UPDATE livehelp_users set status='request' WHERE user_id=" . intval($saidto);
$mydatabase->query($query);
}
$query = "DELETE FROM livehelp_messages WHERE typeof='writediv'";
$mydatabase->query($query);
// see if we have same timestamp: a performance issue but actually done on perpose to discourage
// people making hosted solutions with multiple chats all using the same system.
$query = "SELECT timeof FROM livehelp_messages WHERE timeof='{$timeof}'";
$rs = $mydatabase->query($query);
while ($rs->numrows() != 0) {
if (function_exists('sleep')) {
sleep(1);
$timeof = date("YmdHis");
} else {
$timeof++;
}
$query = "SELECT timeof FROM livehelp_messages WHERE timeof='{$timeof}'";
$rs = $mydatabase->query($query);
}
if (!empty($UNTRUSTED['smilies'])) {
$UNTRUSTED['comment'] = convert_smile($UNTRUSTED['comment']);
}
$query = "INSERT INTO livehelp_messages (message,channel,timeof,saidfrom,saidto) VALUES ('" . filter_sql($UNTRUSTED['comment']) . "'," . intval($channel) . ",'{$timeof}'," . intval($myid) . "," . intval($saidto) . ")";
$mydatabase->query($query);
$quicknote = "";
}
?>
echo $UNTRUSTED['keywords'];
}
?>
" ><a href=javascript:document.dataformrefer.submit()><img src=images/go.gif width=20 height=20 border=0></a></td>
</tr>
</table>
</FORM>
<table bgcolor=DDDDDD width=600><tr><td>
<b>Key Words:</b></td></tr></table>
<?php
$keywordssql = "";
if (!empty($UNTRUSTED['keywords'])) {
$keywordssql = " AND keywords LIKE '%" . filter_sql($UNTRUSTED['keywords']) . "%' ";
}
$query = "SELECT * FROM livehelp_keywords_monthly WHERE dateof={$whatYm} {$keywordssql} AND department='" . intval($UNTRUSTED['whichdepartment']) . "' ORDER by levelvisits DESC";
$refer_a = $mydatabase->query($query);
$total_p = $refer_a->numrows();
$perpage = intval($UNTRUSTED['perpage']);
$top = intval($UNTRUSTED['top']);
$show = $UNTRUSTED['show'];
$pageUrl = "data.php";
$varstring = "&tab=" . $UNTRUSTED['tab'] . "&month=" . $UNTRUSTED['month'] . "&year=" . $UNTRUSTED['year'] . "&whichdepartment=" . intval($UNTRUSTED['whichdepartment']);
if (empty($UNTRUSTED['perpage'])) {
$UNTRUSTED['perpage'] = 25;
}
if (empty($UNTRUSTED['offset'])) {
$UNTRUSTED['offset'] = 0;
}
if (empty($my_server_domain) == TRUE) {
// No domain used
$my_server_domain = "NA";
}
// Add more possible peers to the new peer list by polling what the active peers have
$sql = "SELECT * FROM `active_peer_list` ORDER BY RAND() LIMIT 10";
$sql_result = mysql_query($sql);
$sql_num_results = mysql_num_rows($sql_result);
$new_peer_difference = $max_new_peers - $new_peers_numbers;
for ($i = 0; $i < $sql_num_results; $i++) {
$sql_row = mysql_fetch_array($sql_result);
$ip_address = $sql_row["IP_Address"];
$domain = $sql_row["domain"];
$subfolder = $sql_row["subfolder"];
$port_number = $sql_row["port_number"];
$poll_peer = filter_sql(poll_peer($ip_address, $domain, $subfolder, $port_number, 10000, "peerlist.php?action=new_peers"));
$peer_counter = 1;
// Reset peer counter
while ($peer_counter <= 15) {
$peer_IP = NULL;
$peer_domain = NULL;
$peer_subfolder = NULL;
$peer_port_number = NULL;
// Sort Data
$peer_IP = find_string("-----IP{$peer_counter}=", "-----domain{$peer_counter}", $poll_peer);
$peer_domain = find_string("-----domain{$peer_counter}=", "-----subfolder{$peer_counter}", $poll_peer);
$peer_subfolder = find_string("-----subfolder{$peer_counter}=", "-----port_number{$peer_counter}", $poll_peer);
$peer_port_number = find_string("-----port_number{$peer_counter}=", "-----", $poll_peer);
if (is_domain_valid($peer_domain) == FALSE) {
// Someone is using an IP address or Localhost :p
$peer_domain = NULL;
$externalchats = "";
for ($i = 0; $i < count($externalchats_array); $i++) {
if ($channel != $externalchats_array[$i]) {
$externalchats = $externalchats . ",{$externalchats_array[$i]}";
}
}
$sqlquery = "UPDATE livehelp_users SET externalchats='" . filter_sql($externalchats) . "' WHERE sessionid='" . $identity['SESSIONID'] . "'";
$mydatabase->query($sqlquery);
print "<SCRIPT type=\"text/javascript\">window.close();</SCRIPT>";
exit;
} else {
if (!in_array($channel, $externalchats_array)) {
array_push($externalchats_array, $channel);
$externalchats = $externalchats . ",{$channel}";
}
$sqlquery = "UPDATE livehelp_users SET externalchats='" . filter_sql($externalchats) . "' WHERE sessionid='" . $identity['SESSIONID'] . "'";
$mydatabase->query($sqlquery);
}
// who is this?
$sqlq = "SELECT username FROM livehelp_users WHERE user_id=" . intval($user_id);
$rs = $mydatabase->query($sqlq);
$row = $rs->fetchRow(DB_FETCHMODE_ORDERED);
$thisusername = $row[0];
if (!$serversession) {
$mydatabase->close_connect();
}
?>
<html>
<head>
<title><?php
echo $thisusername;
if (!empty($dataset[1])) {
$fieldid = str_replace("field_", "", $dataset[0]);
$query = "SELECT * FROM livehelp_questions WHERE id=" . intval($fieldid);
$questiondata = $mydatabase->query($query);
$question_row = $questiondata->fetchRow(DB_FETCHMODE_ASSOC);
print "<b> " . $question_row['headertext'] . ":</b> <br><font color=000000>" . urldecode($dataset[1]) . "</font><br>";
}
}
$now = date("YmdHis");
$thediff = $now - $user_info['lastaction'];
print "<b>" . $lang['txt65'] . "</b> {$thediff} sec. <br>";
// time online:
$query = "SELECT whendone from livehelp_visit_track WHERE sessionid='" . filter_sql($user_info['sessionid']) . "' Order by whendone LIMIT 1";
$page_trail = $mydatabase->query($query);
$page = $page_trail->fetchRow(DB_FETCHMODE_ASSOC);
$later = $page['whendone'];
print "<b>Time online:</b>" . secondstoHHmmss(timediff($later, date("YmdHis"))) . "<br>";
print "<b>" . $lang['txt66'] . "</b><br>";
$query = "SELECT * from livehelp_visit_track WHERE sessionid='" . filter_sql($user_info['sessionid']) . "' Order by whendone DESC";
$page_trail = $mydatabase->query($query);
print "<table border=1><tr bgcolor=FFFFFF><td>" . $lang['txt67'] . "</td><td>url</td><td>" . $lang['date'] . "</td></tr>";
while ($page = $page_trail->fetchRow(DB_FETCHMODE_ASSOC)) {
$when = mktime(substr($page['whendone'], 8, 2), substr($page['whendone'], 10, 2), substr($page['whendone'], 12, 2), substr($page['whendone'], 4, 2), substr($page['whendone'], 6, 2), substr($page['whendone'], 0, 4));
print "<tr><td>" . $page['title'] . "</td><td><a href=" . $page['location'] . " target=_blank>" . $page['location'] . "</a></td><td>";
print date("F j, Y, g:i a", $when);
print "</td></tr>";
}
print "</table><br><center><a href=javascript:window.close()>" . $lang['txt40'] . "</a>";
if (!$serversession) {
$mydatabase->close_connect();
}
$username_s = $newusername;
if ($newusername == "") {
$newusername = "******";
}
while ($count != 0) {
$query = "SELECT * \n FROM livehelp_users \n WHERE username='******'";
$count_a = $mydatabase->query($query);
$count = $count_a->numrows();
if ($count != 0) {
$newusername = $username_s . "_" . $countnum;
}
$countnum++;
}
$useremail = str_replace("\\'", "", $useremail);
$useremail = str_replace("'", "", $useremail);
$query = "UPDATE livehelp_users \n SET email='" . filter_sql($useremail) . "',isnamed='Y',askquestions='N',username='******',sessiondata='{$sessiondata}' \n WHERE sessionid='" . $identity['SESSIONID'] . "'";
$mydatabase->query($query);
$query = "SELECT * \n FROM livehelp_users \n WHERE sessionid='" . $identity['SESSIONID'] . "'";
$people = $mydatabase->query($query);
$people = $people->fetchRow(DB_FETCHMODE_ASSOC);
$myid = $people['user_id'];
$channel = $people['onchannel'];
$isnamed = $people['isnamed'];
$isnamed = "Y";
?>
<SCRIPT type="text/javascript">
window.location.replace("user_connect.php?try=0&tab=1&doubleframe=yes&pageurl=offline.php&department=<?php
echo $UNTRUSTED['department'];
?>
");
</SCRIPT>
function db_multi_insert($tbl, $multi_fields)
{
global $db;
$count = 0;
if ($multi_fields) {
foreach ($multi_fields as $fields) {
$query_fields = array();
$query_values = array();
foreach ($fields as $field => $val) {
$query_fields[] = $field;
$needle = substr($val, 0, 2);
if ($needle != '{{') {
$query_values[] = "'" . filter_sql($val) . "'";
} else {
$val = substr($val, 2, strlen($val) - 4);
$query_values[] = filter_sql($val);
}
$count++;
}
$fields_query = implode(',', $query_fields);
$values_query[] = '(' . implode(',', $query_values) . ')';
}
$values_query_multi = implode(',', $values_query);
}
//Complete Query
$query = "INSERT INTO {$tbl} ({$fields_query}) VALUES {$values_query_multi} ";
/*//if(!mysql_query($query)) die($query.'<br>'.mysql_error());
$db->total_queries++;
$db->total_queries_sql[] = $query;
$db->Execute($query);
if (mysql_error())
{
//if(LOG_DB_ERRORS)
die($db->db_query . '<br>' . mysql_error());
}*/
$db->write($query);
return $db->insert_id();
}
}
$alterations_sql = "";
$prev = mktime(date("H"), date("i") - 35, date("s"), date("m"), date("d"), date("Y"));
$oldtime = date("YmdHis", $prev);
$rightnow = date("YmdHis");
if ($UNTRUSTED['alterations'] == "Y" && $UNTRUSTED['show_arrival_new'] == "") {
$UNTRUSTED['show_arrival_new'] = "N";
}
if ($UNTRUSTED['alterations'] == "Y" && $UNTRUSTED['user_alert_new'] == "") {
$UNTRUSTED['user_alert_new'] = "Y";
}
if ($UNTRUSTED['status'] == "") {
$UNTRUSTED['status'] = "Y";
}
if ($UNTRUSTED['alterations'] == "Y") {
$alterations_sql = "auto_invite='" . filter_sql($UNTRUSTED['auto_invite']) . "',show_arrival='" . filter_sql($UNTRUSTED['show_arrival_new']) . "',user_alert='" . filter_sql($UNTRUSTED['user_alert_new']) . "',typing_alert='" . filter_sql($UNTRUSTED['typing_alert_new']) . "',";
}
if ($UNTRUSTED['status'] == "N") {
$query = "UPDATE livehelp_users set " . $alterations_sql . "isonline='N',lastaction='{$rightnow}',status='offline',auto_invite='N' WHERE sessionid='" . $identity['SESSIONID'] . "'";
$mydatabase->query($query);
}
if ($UNTRUSTED['status'] == "Y") {
$query = "UPDATE livehelp_users set " . $alterations_sql . "isonline='Y',lastaction='{$rightnow}',status='chat' WHERE sessionid='" . $identity['SESSIONID'] . "'";
$mydatabase->query($query);
}
$query = "SELECT * FROM livehelp_users WHERE sessionid='" . $identity['SESSIONID'] . "'";
$data = $mydatabase->query($query);
$row = $data->fetchRow(DB_FETCHMODE_ASSOC);
$offline = " ";
$online = " ";
$show_arrival = " ";
$counter = 0;
while (empty($gen_peer_public_key) == FALSE) {
if ($counter > 50) {
// Too many loops for peers, something is wrong or peer
// is giving out garbage information, break from loop
modify_peer_grade($ip_address, $domain, $subfolder, $port_number, 5);
break;
}
$gen_peer_public_key = find_string("-----public_key{$match_number}=", "-----join{$match_number}", $poll_peer);
$gen_peer_join_peer_list = filter_sql(find_string("-----join{$match_number}=", "-----last{$match_number}", $poll_peer));
$gen_peer_last_generation = filter_sql(find_string("-----last{$match_number}=", "-----ip{$match_number}", $poll_peer));
$gen_peer_IP = filter_sql(find_string("-----ip{$match_number}=", "-----END{$match_number}", $poll_peer));
$gen_peer_public_key = filter_sql(base64_decode($gen_peer_public_key));
if (empty($gen_peer_last_generation) == TRUE) {
// Old format compatible
$gen_peer_last_generation = filter_sql(find_string("-----last{$match_number}=", "-----END{$match_number}", $poll_peer));
}
//Check if this public key is already in our peer list
$public_key_match = mysql_result(mysql_query("SELECT * FROM `generating_peer_list` WHERE `public_key` = '{$gen_peer_public_key}' LIMIT 1"), 0, 0);
//Check if a duplicate election time exist
$time_elected_match = mysql_result(mysql_query("SELECT * FROM `generating_peer_list` WHERE `join_peer_list` = '{$gen_peer_join_peer_list}' LIMIT 1"), 0, 1);
if (empty($public_key_match) == TRUE && empty($time_elected_match) == TRUE) {
// No match in database to this public key
if (strlen($gen_peer_public_key) > 256 && empty($gen_peer_public_key) == FALSE && $gen_peer_join_peer_list <= $current_generation_cycle && $gen_peer_join_peer_list > TRANSACTION_EPOCH) {
$sql = "INSERT INTO `generating_peer_list` (`public_key`,`join_peer_list`,`last_generation`,`IP_Address`)\n\t\t\t\t\tVALUES ('{$gen_peer_public_key}', '{$gen_peer_join_peer_list}', '{$gen_peer_last_generation}', '{$gen_peer_IP}')";
mysql_query($sql);
}
}
$counter++;
$match_number++;
}
}
}
// remove a question
if ($UNTRUSTED['whatdo'] == "REMOVE") {
$query = "DELETE FROM livehelp_qa WHERE recno=" . intval($UNTRUSTED['recno']);
$mydatabase->query($query);
}
// re-order folders/questions.
if ($UNTRUSTED['whatdo'] == "REORDER") {
$query = "SELECT * from livehelp_qa";
$myarray = $mydatabase->query($query);
while ($row = $myarray->fetchRow(DB_FETCHMODE_ASSOC)) {
$lookingfor = "ordering__" . $row['recno'];
if (isset($UNTRUSTED[$lookingfor])) {
$value = $UNTRUSTED[$lookingfor];
$query = "UPDATE livehelp_qa \n SET ordernum='" . filter_sql($value) . "' \n WHERE recno=" . intval($row['recno']);
$mydatabase->query($query);
}
}
}
// get the depth and the path..
function depthof($id)
{
global $mydatabase;
$pathto = array();
while ($id != 0) {
$query = "SELECT * FROM livehelp_qa WHERE recno=" . intval($id);
$children = $mydatabase->query($query);
$row = $children->fetchRow(DB_FETCHMODE_ASSOC);
array_push($pathto, $id);
$id = $row['parent'];
$row = $data->fetchRow(DB_FETCHMODE_ASSOC);
$isadminsetting = $row['isadmin'];
if ($isadminsetting != "Y") {
print "You must be logged in with Admin rights in order to change/view security settings";
exit;
}
?>
<body bgcolor=<?php
echo $color_background;
?>
onload=currentstatus();>
<center>
<table border=0 cellpadding=0 cellspacing=0 width=590>
<?php
if (!empty($UNTRUSTED['goforit'])) {
$query = "UPDATE livehelp_config set directoryid='" . filter_sql($UNTRUSTED['directoryid']) . "'";
$mydatabase->query($query);
$CSLH_Config['directoryid'] = $UNTRUSTED['directoryid'];
}
?>
<tr><td bgcolor=<?php
echo $color_alt2;
?>
><b>Crafty Syntax Security Registration Information:</b></td></tr>
<tr><td bgcolor=<?php
echo $color_alt1;
?>
><ul>
Security is <font color=990000><b>*VERY*</b></font> important to Crafty Syntax.
Security vulnerabilities are found in open source programs on almost a weekly
basis and not knowing about these vulnerabilities can be catastrophic to your
$query = "TRUNCATE TABLE `livehelp_smilies`";
$mydatabase->query($query);
// go though post vars
reset($_POST);
while (list($key, $val) = each($_POST)) {
$arraysl = explode("_", $key);
// if the code is not empty and this is a smile then insert it..
if ($arraysl[0] == "smile" && $val != "") {
$imgsrc = $arraysl[2];
$index = 3;
while (!empty($arraysl[$index])) {
$imgsrc .= "_" . $arraysl[$index];
$index++;
}
$imgsrc = str_replace("^", ".", $imgsrc);
$query = "INSERT INTO livehelp_smilies (code,smile_url) VALUES ('" . filter_sql($val) . "','" . filter_sql($imgsrc) . "')";
$mydatabase->query($query);
}
}
print "<font color=007700 size=+2>" . $lang['txt63'] . "</font>";
}
?>
<body bgcolor=<?php
echo $color_background;
?>
><center>
<table width=500 bgcolor=<?php
echo $color_background;
?>
><tr><td>
<?php
</b></td></tr></table>
<table width=600>
<tr bgcolor=FFFFFF><td><b><?php
echo $lang['name'];
?>
</b></td><td><b>url</b></td><td><b><?php
echo $lang['options'];
?>
</b></td></tr>
<?php
if (isset($UNTRUSTED['updatemod'])) {
$query = "UPDATE livehelp_modules \n SET name='" . filter_sql($UNTRUSTED['name']) . "',\n path='" . filter_sql($UNTRUSTED['path']) . "',\n adminpath='" . filter_sql($UNTRUSTED['adminpath']) . "',\n `query_string`='" . filter_sql($UNTRUSTED['query_string']) . "'\n WHERE id=" . intval($UNTRUSTED['updatemod']);
$mydatabase->query($query);
}
if (isset($UNTRUSTED['newmodinsert'])) {
$query = "INSERT INTO livehelp_modules\n (name,path,adminpath,query_string) \n VALUES ('" . filter_sql($UNTRUSTED['name']) . "','" . filter_sql($UNTRUSTED['path']) . "','" . filter_sql($UNTRUSTED['adminpath']) . "','" . filter_sql($UNTRUSTED['query_string']) . "')";
$mydatabase->query($query);
}
if (isset($UNTRUSTED['delmod'])) {
$query = "DELETE FROM livehelp_modules WHERE id=" . intval($UNTRUSTED['delmod']);
$mydatabase->query($query);
$query = "DELETE FROM livehelp_modules_dep WHERE modid=" . intval($UNTRUSTED['delmod']);
$mydatabase->query($query);
}
$query = "SELECT * FROM livehelp_modules ";
$bgcolor = "{$color_alt2}";
$data = $mydatabase->query($query);
while ($row = $data->fetchRow(DB_FETCHMODE_ASSOC)) {
if ($bgcolor == "{$color_alt2}") {
$bgcolor = "{$color_alt1}";
} else {
$crypto_balance += $transaction_amount_sent;
}
}
echo $crypto_balance;
}
// End Permission Check
// Log inbound IP activity
log_ip("AP", scale_trigger(100));
exit;
}
//***********************************************************************************
//***********************************************************************************
if ($_GET["action"] == "pk_gen_total") {
if (check_hashcode_permissions($hash_permissions, "pk_sent") == TRUE) {
// Total of *all* the Timekoins ever generated by the provided public key
$public_key = filter_sql(base64_decode($_POST["public_key"]));
set_decrypt_mode();
// Figure out which decrypt method can be best used
//Initialize objects for Internal RSA decrypt
if ($GLOBALS['decrypt_mode'] == 2) {
require_once 'RSA.php';
$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
}
// Find every Time Koin sent to this public Key
$sql = "SELECT public_key_from, public_key_to, crypt_data3, attribute FROM `transaction_history` WHERE `public_key_from` = '{$public_key}'";
$sql_result = mysql_query($sql);
$sql_num_results = mysql_num_rows($sql_result);
$crypto_balance = 0;
$transaction_info;
for ($i = 0; $i < $sql_num_results; $i++) {
}
while (empty($poll_peer) == FALSE) {
$transaction_timestamp = filter_sql(find_string("-----timestamp{$tc}=", "-----public_key_from{$tc}", $poll_peer));
$transaction_public_key_from = find_string("-----public_key_from{$tc}=", "-----public_key_to{$tc}", $poll_peer);
$transaction_public_key_to = find_string("-----public_key_to{$tc}=", "-----crypt1data{$tc}", $poll_peer);
$transaction_crypt1 = filter_sql(find_string("-----crypt1data{$tc}=", "-----crypt2data{$tc}", $poll_peer));
$transaction_crypt2 = filter_sql(find_string("-----crypt2data{$tc}=", "-----crypt3data{$tc}", $poll_peer));
$transaction_crypt3 = filter_sql(find_string("-----crypt3data{$tc}=", "-----hash{$tc}", $poll_peer));
$transaction_hash = filter_sql(find_string("-----hash{$tc}=", "-----attribute{$tc}", $poll_peer));
$transaction_attribute = find_string("-----attribute{$tc}=", "-----end{$tc}", $poll_peer);
if (empty($transaction_public_key_from) == TRUE && empty($transaction_public_key_to) == TRUE) {
// No more data, break while loop
break;
}
$transaction_public_key_from = filter_sql(base64_decode($transaction_public_key_from));
$transaction_public_key_to = filter_sql(base64_decode($transaction_public_key_to));
$found_duplicate = mysql_result(mysql_query("SELECT timestamp FROM `transaction_history` WHERE `timestamp` = '{$transaction_timestamp}' AND `public_key_from` = '{$transaction_public_key_from}' AND `hash` = '{$transaction_hash}' LIMIT 1"), 0, 0);
// Check for valid attribute
if ($transaction_attribute == "G" || $transaction_attribute == "T" || $transaction_attribute == "H") {
if (empty($found_duplicate) == TRUE) {
$sql = "INSERT INTO `transaction_history` (`timestamp`,`public_key_from`,`public_key_to`,`crypt_data1`,`crypt_data2`,`crypt_data3`, `hash`, `attribute`)\n\t\t\t\t\t\t\t\tVALUES ('{$transaction_timestamp}', '{$transaction_public_key_from}', '{$transaction_public_key_to}', '{$transaction_crypt1}', '{$transaction_crypt2}' , '{$transaction_crypt3}', '{$transaction_hash}' , '{$transaction_attribute}')";
if (mysql_query($sql) == TRUE) {
// Flag for a re-check afterwards
$double_check_block = TRUE;
}
}
}
$tc++;
}
// End while loop
}
function send_timekoins($my_private_key, $my_public_key, $send_to_public_key, $amount, $message)
{
if (empty($my_private_key) == TRUE || empty($my_public_key) == TRUE || empty($send_to_public_key) == TRUE) {
return FALSE;
}
ini_set('user_agent', 'Timekoin Client v' . TIMEKOIN_VERSION);
ini_set('default_socket_timeout', 3);
// Timeout for request in seconds
$arr1 = str_split($send_to_public_key, 181);
$encryptedData1 = tk_encrypt($my_private_key, $arr1[0]);
$encryptedData64_1 = base64_encode($encryptedData1);
$encryptedData2 = tk_encrypt($my_private_key, $arr1[1]);
$encryptedData64_2 = base64_encode($encryptedData2);
// Sanitization of message
// Filter symbols that might lead to a transaction hack attack
$symbols = array("|", "?", "=");
// SQL + URL
$message = str_replace($symbols, "", $message);
// Trim any message to 64 characters max and filter any sql
$message = filter_sql(substr($message, 0, 64));
$transaction_data = "AMOUNT={$amount}---TIME=" . time() . "---HASH=" . hash('sha256', $encryptedData64_1 . $encryptedData64_2) . "---MSG={$message}";
$encryptedData3 = tk_encrypt($my_private_key, $transaction_data);
$encryptedData64_3 = base64_encode($encryptedData3);
$triple_hash_check = hash('sha256', $encryptedData64_1 . $encryptedData64_2 . $encryptedData64_3);
$timestamp = transaction_cycle(0) + 1;
$attribute = "T";
$qhash = $timestamp . base64_encode($my_public_key) . $encryptedData64_1 . $encryptedData64_2 . $encryptedData64_3 . $triple_hash_check . $attribute;
$qhash = hash('md5', $qhash);
// Create map with request parameters
$params = array('timestamp' => $timestamp, 'public_key' => base64_encode($my_public_key), 'crypt_data1' => $encryptedData64_1, 'crypt_data2' => $encryptedData64_2, 'crypt_data3' => $encryptedData64_3, 'hash' => $triple_hash_check, 'attribute' => $attribute, 'qhash' => $qhash);
// Build Http query using params
$query = http_build_query($params);
// Create Http context details
$contextData = array('method' => 'POST', 'header' => "Connection: close\r\n" . "Content-Length: " . strlen($query) . "\r\n", 'content' => $query);
// Create context resource for our request
$context = stream_context_create(array('http' => $contextData));
// Try all Active Peer Servers
$sql_result = mysql_query("SELECT * FROM `active_peer_list` ORDER BY RAND()");
$sql_num_results = mysql_num_rows($sql_result);
$return_results;
for ($i = 0; $i < $sql_num_results; $i++) {
$sql_row = mysql_fetch_array($sql_result);
$ip_address = $sql_row["IP_Address"];
$domain = $sql_row["domain"];
$subfolder = $sql_row["subfolder"];
$port_number = $sql_row["port_number"];
$code = $sql_row["code"];
$poll_peer = filter_sql(poll_peer($ip_address, $domain, $subfolder, $port_number, 5, "api.php?action=send_tk&hash={$code}", $context));
if ($poll_peer == "OK") {
write_log("Peer: [{$ip_address}{$domain}:{$port_number}/{$subfolder}] Accepted the Transaction for Processing", "T");
$return_results = TRUE;
}
}
if ($return_results == TRUE) {
// Success in sending transaction
return TRUE;
} else {
// No peer servers accepted the transaction data :(
write_log("No Peers Accepted the Transaction", "T");
return FALSE;
}
}
if ($transaction_amount_sent_test == $transaction_amount_sent) {
// Is a valid integer
$amount_valid = TRUE;
} else {
// Is NOT a valid integer
$amount_valid = FALSE;
}
// Validate transaction against known public key balance
if (check_crypt_balance($public_key) >= $transaction_amount_sent && $transaction_amount_sent > 0 && $amount_valid == TRUE) {
// Balance checks out
// Check hash value for tampering of crypt1, crypt2, or crypt3 fields
if (hash('sha256', $crypt1 . $crypt2 . $crypt3) == $hash_check) {
// Find destination public key
$public_key_to_1 = tk_decrypt($public_key, base64_decode($crypt1));
$public_key_to_2 = tk_decrypt($public_key, base64_decode($crypt2));
$public_key_to = filter_sql($public_key_to_1 . $public_key_to_2);
if (strlen($public_key) > 300 && strlen($public_key_to) > 300 && $public_key !== $public_key_to) {
// Public key not found, insert into final transaction history
$sql = "INSERT INTO `transaction_history` (`timestamp` ,`public_key_from` , `public_key_to` , `crypt_data1` ,`crypt_data2` ,`crypt_data3` ,`hash` ,`attribute`)\n\t\t\t\t\t\t\t\tVALUES ({$time_created}, '{$public_key}', '{$public_key_to}' , '{$crypt1}', '{$crypt2}', '{$crypt3}', '{$hash_check}', 'T');";
if (mysql_query($sql) == FALSE) {
//Something didn't work
write_log("Transaction Database Insert Failed for this Key: " . base64_encode($public_key), "T");
$record_failure_counter++;
} else {
$record_insert_counter++;
}
} else {
// Invalid or blank Public Key(s)
write_log("Transaction Public Key Error for this Key: " . base64_encode($public_key), "T");
$safe_delete_transaction = TRUE;
$record_failure_counter++;
echo $message;
?>
<?php
if (!empty($UNTRUSTED['changeit'])) {
$sql = "SELECT * FROM livehelp_users WHERE password='******'changeit']) . "' AND user_id='" . intval($UNTRUSTED['user_id']) . "'";
$data = $mydatabase->query($sql);
if ($data->numrows() == 0) {
print "<font color=#990000>Invalid Input/Link</font>";
} else {
$sql = "UPDATE livehelp_users SET password='******'newpass'])) . "' WHERE user_id='" . intval($UNTRUSTED['user_id']) . "'";
$mydatabase->query($sql);
print "<br><br><br><b>Password has been changed..</b><br><br> <a href=login.php>Log in</a><br><br><br><br><br><br><br><br>";
}
}
if (!empty($UNTRUSTED['changepass'])) {
$sql = "SELECT * FROM livehelp_users WHERE password='******'changepass']) . "' AND username='******'username']) . "'";
$data = $mydatabase->query($sql);
if ($data->numrows() == 0) {
print "<font color=#990000>Invalid Input/Link</font>";
} else {
$row = $data->fetchRow(DB_FETCHMODE_ASSOC);
$user_id = $row['user_id'];
?>
<input type=hidden name=changeit value="<?php
echo $UNTRUSTED['changepass'];
?>
">
<table width=250>
<tr><td nowrap=nowrap><b>Re-set password for:</b></td><td><b><?php
echo $UNTRUSTED['username'];
?>
$active_peers = mysql_num_rows(mysql_query($sql));
if ($active_peers >= $max_active_peers) {
// Server is full for active peers
echo "FULL";
} else {
// Server has room for another peer
$my_server_domain = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'server_domain' LIMIT 1"), 0, "field_data");
$my_server_subfolder = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'server_subfolder' LIMIT 1"), 0, "field_data");
$my_server_port_number = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'server_port_number' LIMIT 1"), 0, "field_data");
if (empty($my_server_domain) == TRUE) {
// No domain used
$my_server_domain = "NA";
}
$ip_address = $_SERVER['REMOTE_ADDR'];
$domain = filter_sql($_GET["domain"]);
$subfolder = filter_sql($_GET["subfolder"]);
$port_number = intval($_GET["port_number"]);
if (is_domain_valid($domain) == FALSE) {
// Someone is using an IP address or Localhost :p
$domain = NULL;
}
// Check to make sure that this peer is not already in our active peer list
$duplicate_check1 = mysql_result(mysql_query("SELECT * FROM `active_peer_list` WHERE `IP_Address` = '{$ip_address}' LIMIT 1"), 0, "join_peer_list");
$duplicate_check2 = mysql_result(mysql_query("SELECT * FROM `active_peer_list` WHERE `domain` LIKE '{$domain}' LIMIT 1"), 0, "join_peer_list");
if (empty($ip_address) == TRUE) {
//Don't have an IP address, check for duplicate domain
if (empty($duplicate_check2) == TRUE) {
if ($my_server_domain == $domain) {
$duplicate_peer = TRUE;
} else {
// Neither IP nor Domain exist
if (!empty($UNTRUSTED['usetemplateimage'])) {
$query = "UPDATE livehelp_config SET showoperator='Y'";
$mydatabase->query($query);
} else {
$query = "UPDATE livehelp_config SET showoperator='N'";
$mydatabase->query($query);
}
$useimage_Y = "N";
if (!empty($UNTRUSTED['useimage'])) {
if ($UNTRUSTED['useimage'] == "Y") {
$useimage_Y = "Y";
} else {
$useimage_Y = "N";
}
}
$query = "UPDATE livehelp_users \n SET showtype='" . filter_sql($UNTRUSTED['showtyping']) . "',\n displayname='" . filter_sql($UNTRUSTED['newdisplayname']) . "',\n photo='" . filter_sql($UNTRUSTED['photo']) . "',\n greeting='" . filter_sql($UNTRUSTED['greeting']) . "',\n user_alert='" . filter_sql($UNTRUSTED['user_alert']) . "',\n show_arrival='" . filter_sql($UNTRUSTED['show_arrival']) . "',\n username='******'newuser']) . "',\n alertchat='" . filter_sql($UNTRUSTED['alertchat']) . "',\n alerttyping='" . filter_sql($UNTRUSTED['alerttyping']) . "',\n alertinsite='" . filter_sql($UNTRUSTED['alertinsite']) . "', \n useimage='{$useimage_Y}',\n {$passsql}\n {$isadminsql}\n email='" . filter_sql($UNTRUSTED['email']) . "' \n WHERE user_id=" . intval($UNTRUSTED['who']);
$mydatabase->query($query);
if ($isadminsetting == "Y") {
$query = "DELETE FROM livehelp_operator_departments WHERE user_id=" . intval($UNTRUSTED['who']);
$mydatabase->query($query);
$query = "SELECT * FROM livehelp_departments";
$data = $mydatabase->query($query);
while ($row = $data->fetchRow(DB_FETCHMODE_ASSOC)) {
$varname = "mydepartment_" . $row['recno'];
if (!empty($UNTRUSTED[$varname])) {
$query = "INSERT INTO livehelp_operator_departments (user_id,department) \n VALUES (" . intval($UNTRUSTED['who']) . "," . intval($row['recno']) . ")";
$mydatabase->query($query);
}
}
}
if (!$serversession) {
$delay_minutes = $_POST["delay_minutes"];
$easy_key = $_POST["easy_key"];
$user_server_keys = intval($_POST["use_private"]);
if ($user_server_keys == TRUE) {
$fromprivatekey = my_private_key();
$frompublickey = my_public_key();
}
if (empty($easy_key) == FALSE) {
// Look up destination public key from Easy Key database
ini_set('user_agent', 'Timekoin Server (AutoTransfer Plugin) v' . TIMEKOIN_VERSION);
ini_set('default_socket_timeout', 7);
// Timeout for request in seconds
// Translate Easy Key to Public Key and fill in field with
$context = stream_context_create(array('http' => array('header' => 'Connection: close')));
// Force close socket after complete
$easy_key = filter_sql(file_get_contents("http://timekoin.net/easy.php?s={$easy_key}", FALSE, $context, NULL, 500));
if ($easy_key == "ERROR" || empty($easy_key) == TRUE) {
// No Response :(
header("Location: autotransfer.php?task=new&error=2");
exit;
} else {
// Copy to public key destination
$topublickey = base64_decode($easy_key);
}
}
if (empty($fromprivatekey) == TRUE || empty($frompublickey) == TRUE || empty($topublickey) == TRUE) {
// Missing Data Fields
header("Location: autotransfer.php?task=new&error=1");
exit;
}
// Find Empty Record Location
if ($UNTRUSTED['whattodo'] == $lang['SAVE']) {
$seconds = $UNTRUSTED['seconds'] + $UNTRUSTED['minutes'] * 60;
if (empty($UNTRUSTED['socialpane'])) {
$UNTRUSTED['socialpane'] = "N";
}
if (empty($UNTRUSTED['excludemobile'])) {
$UNTRUSTED['excludemobile'] = "N";
}
if (empty($UNTRUSTED['onlymobile'])) {
$UNTRUSTED['onlymobile'] = "N";
}
if (empty($UNTRUSTED['editidnum'])) {
$query = "INSERT INTO livehelp_autoinvite (isactive,department,message,page,visits,referer,typeof,seconds,user_id,socialpane,excludemobile,onlymobile) VALUES ('Y'," . intval($UNTRUSTED['department']) . ",'" . filter_sql($UNTRUSTED['comment']) . "','" . filter_sql($UNTRUSTED['page']) . "'," . intval($UNTRUSTED['visits']) . ",'" . filter_sql($UNTRUSTED['referer']) . "','" . filter_sql($UNTRUSTED['typeof']) . "','{$seconds}','" . intval($UNTRUSTED['user_id']) . "','" . filter_sql($UNTRUSTED['socialpane']) . "','" . filter_sql($UNTRUSTED['excludemobile']) . "','" . filter_sql($UNTRUSTED['onlymobile']) . "')";
$mydatabase->query($query);
} else {
$query = "UPDATE livehelp_autoinvite SET seconds='{$seconds}',user_id='" . intval($UNTRUSTED['user_id']) . "',socialpane='" . filter_sql($UNTRUSTED['socialpane']) . "',excludemobile='" . filter_sql($UNTRUSTED['excludemobile']) . "',onlymobile='" . filter_sql($UNTRUSTED['onlymobile']) . "',typeof='" . filter_sql($UNTRUSTED['typeof']) . "',department=" . intval($UNTRUSTED['department']) . ",message='" . filter_sql($UNTRUSTED['comment']) . "',page='" . filter_sql($UNTRUSTED['page']) . "',visits=" . intval($UNTRUSTED['visits']) . ",referer='" . filter_sql($UNTRUSTED['referer']) . "' WHERE idnum=" . intval($UNTRUSTED['editidnum']);
$mydatabase->query($query);
}
}
if ($UNTRUSTED['whattodo'] == $lang['UPDATE']) {
$query = "SELECT * FROM livehelp_autoinvite";
$data = $mydatabase->query($query);
while ($row = $data->fetchRow(DB_FETCHMODE_ASSOC)) {
$varname = "isactive__" . $row['idnum'];
if (!empty($UNTRUSTED[$varname])) {
$query = "UPDATE livehelp_autoinvite set isactive='Y' WHERE idnum='" . $row['idnum'] . "' ";
$mydatabase->query($query);
} else {
$query = "UPDATE livehelp_autoinvite set isactive='N' WHERE idnum='" . $row['idnum'] . "' ";
$mydatabase->query($query);
}
