function db_insert($tbl, $fields) { global $db; $count = 0; $query_fields = array(); $query_values = array(); foreach ($fields as $field => $val) { $query_fields[] = $field; $needle = substr($val, 0, 2); if ($needle != '{{') { $query_values[] = "'" . filter_sql($val) . "'"; } else { $val = substr($val, 2, strlen($val) - 4); $query_values[] = filter_sql($val); } $count++; } $fields_query = implode(',', $query_fields); $values_query = implode(',', $query_values); //Complete Query $query = "INSERT INTO {$tbl} ({$fields_query}) VALUES ({$values_query}) {$ep}"; //if(!mysql_query($query)) die($query.'<br>'.mysql_error()); $db->total_queries++; $db->total_queries_sql[] = $query; try { $db->mysqli->query($query); } catch (DB_Exception $e) { $e->getError(); } return $db->insert_id(); }
function destroy($id) { global $mydatabase; // Build query // $newid = mysql_real_escape_string($id,$mydatabase->CONN); $newid = filter_sql($id); $sql = "DELETE FROM `livehelp_sessions` WHERE `session_id` ='{$newid}'"; if (isset($mydatabase)) { $mydatabase->query($sql); } return true; }
$graph = array(); $graph[] = $row[0]; recursive_delete_pages($row[0], 'livehelp_visits_monthly', $graph); } } // Delete old Keywords: $sqlquery = "SELECT COUNT(*) as totalkeywords FROM livehelp_keywords_monthly WHERE dateof={$monthago}"; $rs = $mydatabase->query($sqlquery); $row = $rs->fetchRow(DB_FETCHMODE_ORDERED); $totalkeywords = $row[0]; // if we have more keywords then we should have for previous month: if ($totalkeywords > $CSLH_Config['topkeywords']) { $query = "SELECT keywords FROM livehelp_keywords_monthly WHERE dateof={$monthago} ORDER by levelvisits DESC LIMIT " . $CSLH_Config['topkeywords'] . ",1000"; $sth = $mydatabase->query($query); while ($row = $sth->fetchRow(DB_FETCHMODE_ORDERED)) { $keywords = filter_sql($row[0]); $q = "DELETE FROM livehelp_keywords_monthly WHERE keywords='{$keywords}'"; $mydatabase->query($q); $q = "DELETE FROM livehelp_keywords_daily WHERE keywords='{$keywords}'"; $mydatabase->query($q); } } } // If current database table is big: //------------------------------------------------ $randomNumber = rand(1, 999); $thismonth = date("Ym", mktime(2, 0, 0, date("m"), date("d"), date("Y"))); if ($dbtype != "txt-db-api" && $CSLH_Config['tracking'] == "Y" && $randomNumber == 17) { if (empty($CSLH_Config['maxrecords'])) { $CSLH_Config['maxrecords'] = 50000; }
$rs = $sth->fetchRow(DB_FETCHMODE_ASSOC); $channelcolor = $rs['channelcolor']; $txtcolor = $rs['txtcolor']; $txtcolor_alt = $rs['txtcolor_alt']; // get the usernames: $query = "SELECT username FROM livehelp_users WHERE user_id=" . intval($rs['user_id']); $sth = $mydatabase->query($query); $rs2 = $sth->fetchRow(DB_FETCHMODE_ASSOC); $txtcolor_username = $rs2['username']; $query = "SELECT username FROM livehelp_users WHERE user_id=" . intval($rs['userid']); $sth = $mydatabase->query($query); $rs2 = $sth->fetchRow(DB_FETCHMODE_ASSOC); $txtcolor_alt_username = $rs2['username']; } if ($UNTRUSTED['whattodo'] == "UPDATE") { $query = "UPDATE livehelp_operator_channels SET txtcolor_alt='" . filter_sql($UNTRUSTED['txtcolor_alt']) . "',channelcolor='" . filter_sql($UNTRUSTED['channelcolor']) . "',txtcolor='" . filter_sql($UNTRUSTED['txtcolor']) . "' WHERE channel=" . intval($UNTRUSTED['id']); $sth = $mydatabase->query($query); ?> <script type="text/javascript">window.location.replace('live.php');</script> <?php exit; } $selectedtab = "visit"; include "mobileheader.php"; ?> <script type="text/javascript"> var myScroll; window.addEventListener('orientationchange', setHeight); function setHeight() { document.getElementById('wrapper').style.height = window.orientation == 90 || window.orientation == -90 ? '85px' : '300px';
function initialization_database() { // Clear IP Activity and Banlist for next start mysql_query("TRUNCATE TABLE `ip_activity`"); mysql_query("TRUNCATE TABLE `ip_banlist`"); // Clear Active & New Peers List mysql_query("DELETE FROM `active_peer_list` WHERE `active_peer_list`.`join_peer_list` != 0"); // Permanent Peers Ignored mysql_query("TRUNCATE TABLE `new_peers_list`"); // Record when started mysql_query("UPDATE `options` SET `field_data` = '" . time() . "' WHERE `options`.`field_name` = 'timekoin_start_time' LIMIT 1"); //************************************** // Upgrade Database from v3.x earlier versions // Auto IP Update Settings $new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'auto_update_generation_IP' LIMIT 1"), 0, 0); if ($new_record_check === FALSE) { // Does not exist, create it mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('auto_update_generation_IP', '0')"); } // CLI Mode Settings $new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'cli_mode' LIMIT 1"), 0, 0); if ($new_record_check === FALSE) { // Does not exist, create it mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('cli_mode', '1')"); } // CLI Mode Port Settings $new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'cli_port' LIMIT 1"), 0, 0); if ($new_record_check === FALSE) { // Does not exist, create it mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('cli_port', '')"); } // IPv4 + IPv6 Network Mode $new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'network_mode' LIMIT 1"), 0, 0); if ($new_record_check === FALSE) { // Does not exist, create it mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('network_mode', '1')"); } // IPv6 Generation IP Field $new_record_check = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'generation_IP_v6' LIMIT 1"), 0, 0); if ($new_record_check === FALSE) { // Does not exist, create it mysql_query("INSERT INTO `options` (`field_name` ,`field_data`) VALUES ('generation_IP_v6', '')"); } //************************************** // Check for an empty generation IP address, // if none exist, attempt to auto-detect one // and fill in the field. $poll_IP = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'generation_IP' LIMIT 1"), 0, 0); if (empty($poll_IP) == TRUE) { ini_set('user_agent', 'Timekoin Server (Main) v' . TIMEKOIN_VERSION); ini_set('default_socket_timeout', 3); // Timeout for request in seconds $poll_IP = filter_sql(poll_peer(NULL, 'timekoin.net', NULL, 80, 46, "ipv4.php")); if (empty($poll_IP) == FALSE) { mysql_query("UPDATE `options` SET `field_data` = '{$poll_IP}' WHERE `options`.`field_name` = 'generation_IP' LIMIT 1"); } } //************************************** // Main Loop Status & Active Options Setup // Truncate to Free RAM mysql_query("TRUNCATE TABLE `main_loop_status`"); $time = time(); //************************************** mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('balance_last_heartbeat', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('foundation_last_heartbeat', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('generation_last_heartbeat', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('genpeer_last_heartbeat', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('main_heartbeat_active', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('main_last_heartbeat', '{$time}')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('peerlist_last_heartbeat', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('queueclerk_last_heartbeat', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('transclerk_last_heartbeat', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('treasurer_last_heartbeat', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('watchdog_heartbeat_active', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('watchdog_last_heartbeat', '{$time}')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('peer_transaction_start_blocks', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('peer_transaction_performance', '10')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('block_check_back', '1')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('block_check_start', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('firewall_blocked_peer', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('foundation_block_check', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('foundation_block_check_end', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('foundation_block_check_start', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('generation_peer_list_no_sync', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('no_peer_activity', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('time_sync_error', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('transaction_history_block_check', '0')"); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('update_available', '0')"); //************************************** // Copy values from Database to RAM Database $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'allow_ambient_peer_restart' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('allow_ambient_peer_restart', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'allow_LAN_peers' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('allow_LAN_peers', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'server_request_max' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('server_request_max', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'max_active_peers' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('max_active_peers', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'max_new_peers' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('max_new_peers', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'trans_history_check' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('trans_history_check', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'super_peer' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('super_peer', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'perm_peer_priority' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('perm_peer_priority', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'auto_update_generation_IP' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('auto_update_generation_IP', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'peer_failure_grade' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('peer_failure_grade', '{$db_to_RAM}')"); $db_to_RAM = mysql_result(mysql_query("SELECT field_data FROM `options` WHERE `field_name` = 'network_mode' LIMIT 1"), 0, 0); mysql_query("INSERT INTO `main_loop_status` (`field_name` ,`field_data`)VALUES ('network_mode', '{$db_to_RAM}')"); //************************************** return 0; }
} //*********************************************************************************** //*********************************************************************************** // Open persistent connection to database mysql_connect(MYSQL_IP, MYSQL_USERNAME, MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); // Check for banned IP address if (ip_banned($_SERVER['REMOTE_ADDR']) == TRUE) { // Sorry, your IP address has been banned :( exit; } //*********************************************************************************** //*********************************************************************************** // Answer public key balance request that match our hash code if ($_GET["action"] == "key_balance") { $hash_code = substr($_GET["hash"], 0, 256); $server_hash_code = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'server_hash_code' LIMIT 1"), 0, "field_data"); if ($hash_code == $server_hash_code && $server_hash_code != "0") { // Grab balance for public key and return back $public_key = substr($_POST["public_key"], 0, 500); $public_key = filter_sql(base64_decode($public_key)); echo check_crypt_balance($public_key); } // Log inbound IP activity log_ip("AP"); exit; } //*********************************************************************************** //*********************************************************************************** // Log IP even when not using any functions log_ip("AP");
function send_timekoins($my_private_key, $my_public_key, $send_to_public_key, $amount, $message) { $arr1 = str_split($send_to_public_key, 181); openssl_private_encrypt($arr1[0], $encryptedData1, $my_private_key); $encryptedData64_1 = base64_encode($encryptedData1); openssl_private_encrypt($arr1[1], $encryptedData2, $my_private_key); $encryptedData64_2 = base64_encode($encryptedData2); if (empty($message) == TRUE) { $transaction_data = "AMOUNT={$amount}---TIME=" . time() . "---HASH=" . hash('sha256', $encryptedData64_1 . $encryptedData64_2); } else { // Sanitization of message // Filter symbols that might lead to a transaction hack attack $symbols = array("|", "?", "="); // SQL + URL $message = str_replace($symbols, "", $message); // Trim any message to 64 characters max and filter any sql $message = filter_sql(substr($message, 0, 64)); $transaction_data = "AMOUNT={$amount}---TIME=" . time() . "---HASH=" . hash('sha256', $encryptedData64_1 . $encryptedData64_2) . "---MSG={$message}"; } openssl_private_encrypt($transaction_data, $encryptedData3, $my_private_key); $encryptedData64_3 = base64_encode($encryptedData3); $triple_hash_check = hash('sha256', $encryptedData64_1 . $encryptedData64_2 . $encryptedData64_3); $sql = "INSERT INTO `my_transaction_queue` (`timestamp`,`public_key`,`crypt_data1`,`crypt_data2`,`crypt_data3`, `hash`, `attribute`)\nVALUES ('" . time() . "', '{$my_public_key}', '{$encryptedData64_1}', '{$encryptedData64_2}' , '{$encryptedData64_3}', '{$triple_hash_check}' , 'T')"; if (mysql_query($sql) == TRUE) { // Success code return TRUE; } else { return FALSE; } }
// Keep track of errors in case this can't be recovered from $datbase_error = TRUE; $database_error_counter++; } else { $datbase_error = 0; $database_error_counter = 0; } if ($loop_active == 1) { // Main loop work goes below // Set the working status of 2 mysql_query("UPDATE `main_loop_status` SET `field_data` = '2' WHERE `main_loop_status`.`field_name` = 'main_heartbeat_active' LIMIT 1"); //***************************************************************************************************** //***************************************************************************************************** // Do a random time sync check and report any errors to the user if (rand(1, 99) == 30) { $poll_peer = filter_sql(file_get_contents("http://timekoin.net/time.php", FALSE, $context, NULL, 12)); $my_time = time(); if (abs($poll_peer - $my_time) > 15 && empty($poll_peer) == FALSE) { // Timekoin peer time is not in sync mysql_query("UPDATE `main_loop_status` SET `field_data` = '1' WHERE `main_loop_status`.`field_name` = 'time_sync_error' LIMIT 1"); } else { // Timekoin peer time is in sync mysql_query("UPDATE `main_loop_status` SET `field_data` = '0' WHERE `main_loop_status`.`field_name` = 'time_sync_error' LIMIT 1"); } } //***************************************************************************************************** //***************************************************************************************************** // Do a update software check and report to user if one is available if (rand(1, 300) == 100) { if (check_for_updates(TRUE) == 1) { // Update available, alert user
$check_s = $mydatabase->query($query); $check_s = $check_s->fetchRow(DB_FETCHMODE_ASSOC); if ($check_s['status'] != "chat") { $query = "UPDATE livehelp_users set status='request' WHERE user_id=" . intval($saidto); $mydatabase->query($query); } $query = "DELETE FROM livehelp_messages WHERE typeof='writediv'"; $mydatabase->query($query); // see if we have same timestamp: a performance issue but actually done on perpose to discourage // people making hosted solutions with multiple chats all using the same system. $query = "SELECT timeof FROM livehelp_messages WHERE timeof='{$timeof}'"; $rs = $mydatabase->query($query); while ($rs->numrows() != 0) { if (function_exists('sleep')) { sleep(1); $timeof = date("YmdHis"); } else { $timeof++; } $query = "SELECT timeof FROM livehelp_messages WHERE timeof='{$timeof}'"; $rs = $mydatabase->query($query); } if (!empty($UNTRUSTED['smilies'])) { $UNTRUSTED['comment'] = convert_smile($UNTRUSTED['comment']); } $query = "INSERT INTO livehelp_messages (message,channel,timeof,saidfrom,saidto) VALUES ('" . filter_sql($UNTRUSTED['comment']) . "'," . intval($channel) . ",'{$timeof}'," . intval($myid) . "," . intval($saidto) . ")"; $mydatabase->query($query); $quicknote = ""; } ?>
echo $UNTRUSTED['keywords']; } ?> " ><a href=javascript:document.dataformrefer.submit()><img src=images/go.gif width=20 height=20 border=0></a></td> </tr> </table> </FORM> <table bgcolor=DDDDDD width=600><tr><td> <b>Key Words:</b></td></tr></table> <?php $keywordssql = ""; if (!empty($UNTRUSTED['keywords'])) { $keywordssql = " AND keywords LIKE '%" . filter_sql($UNTRUSTED['keywords']) . "%' "; } $query = "SELECT * FROM livehelp_keywords_monthly WHERE dateof={$whatYm} {$keywordssql} AND department='" . intval($UNTRUSTED['whichdepartment']) . "' ORDER by levelvisits DESC"; $refer_a = $mydatabase->query($query); $total_p = $refer_a->numrows(); $perpage = intval($UNTRUSTED['perpage']); $top = intval($UNTRUSTED['top']); $show = $UNTRUSTED['show']; $pageUrl = "data.php"; $varstring = "&tab=" . $UNTRUSTED['tab'] . "&month=" . $UNTRUSTED['month'] . "&year=" . $UNTRUSTED['year'] . "&whichdepartment=" . intval($UNTRUSTED['whichdepartment']); if (empty($UNTRUSTED['perpage'])) { $UNTRUSTED['perpage'] = 25; } if (empty($UNTRUSTED['offset'])) { $UNTRUSTED['offset'] = 0; }
if (empty($my_server_domain) == TRUE) { // No domain used $my_server_domain = "NA"; } // Add more possible peers to the new peer list by polling what the active peers have $sql = "SELECT * FROM `active_peer_list` ORDER BY RAND() LIMIT 10"; $sql_result = mysql_query($sql); $sql_num_results = mysql_num_rows($sql_result); $new_peer_difference = $max_new_peers - $new_peers_numbers; for ($i = 0; $i < $sql_num_results; $i++) { $sql_row = mysql_fetch_array($sql_result); $ip_address = $sql_row["IP_Address"]; $domain = $sql_row["domain"]; $subfolder = $sql_row["subfolder"]; $port_number = $sql_row["port_number"]; $poll_peer = filter_sql(poll_peer($ip_address, $domain, $subfolder, $port_number, 10000, "peerlist.php?action=new_peers")); $peer_counter = 1; // Reset peer counter while ($peer_counter <= 15) { $peer_IP = NULL; $peer_domain = NULL; $peer_subfolder = NULL; $peer_port_number = NULL; // Sort Data $peer_IP = find_string("-----IP{$peer_counter}=", "-----domain{$peer_counter}", $poll_peer); $peer_domain = find_string("-----domain{$peer_counter}=", "-----subfolder{$peer_counter}", $poll_peer); $peer_subfolder = find_string("-----subfolder{$peer_counter}=", "-----port_number{$peer_counter}", $poll_peer); $peer_port_number = find_string("-----port_number{$peer_counter}=", "-----", $poll_peer); if (is_domain_valid($peer_domain) == FALSE) { // Someone is using an IP address or Localhost :p $peer_domain = NULL;
$externalchats = ""; for ($i = 0; $i < count($externalchats_array); $i++) { if ($channel != $externalchats_array[$i]) { $externalchats = $externalchats . ",{$externalchats_array[$i]}"; } } $sqlquery = "UPDATE livehelp_users SET externalchats='" . filter_sql($externalchats) . "' WHERE sessionid='" . $identity['SESSIONID'] . "'"; $mydatabase->query($sqlquery); print "<SCRIPT type=\"text/javascript\">window.close();</SCRIPT>"; exit; } else { if (!in_array($channel, $externalchats_array)) { array_push($externalchats_array, $channel); $externalchats = $externalchats . ",{$channel}"; } $sqlquery = "UPDATE livehelp_users SET externalchats='" . filter_sql($externalchats) . "' WHERE sessionid='" . $identity['SESSIONID'] . "'"; $mydatabase->query($sqlquery); } // who is this? $sqlq = "SELECT username FROM livehelp_users WHERE user_id=" . intval($user_id); $rs = $mydatabase->query($sqlq); $row = $rs->fetchRow(DB_FETCHMODE_ORDERED); $thisusername = $row[0]; if (!$serversession) { $mydatabase->close_connect(); } ?> <html> <head> <title><?php echo $thisusername;
if (!empty($dataset[1])) { $fieldid = str_replace("field_", "", $dataset[0]); $query = "SELECT * FROM livehelp_questions WHERE id=" . intval($fieldid); $questiondata = $mydatabase->query($query); $question_row = $questiondata->fetchRow(DB_FETCHMODE_ASSOC); print "<b> " . $question_row['headertext'] . ":</b> <br><font color=000000>" . urldecode($dataset[1]) . "</font><br>"; } } $now = date("YmdHis"); $thediff = $now - $user_info['lastaction']; print "<b>" . $lang['txt65'] . "</b> {$thediff} sec. <br>"; // time online: $query = "SELECT whendone from livehelp_visit_track WHERE sessionid='" . filter_sql($user_info['sessionid']) . "' Order by whendone LIMIT 1"; $page_trail = $mydatabase->query($query); $page = $page_trail->fetchRow(DB_FETCHMODE_ASSOC); $later = $page['whendone']; print "<b>Time online:</b>" . secondstoHHmmss(timediff($later, date("YmdHis"))) . "<br>"; print "<b>" . $lang['txt66'] . "</b><br>"; $query = "SELECT * from livehelp_visit_track WHERE sessionid='" . filter_sql($user_info['sessionid']) . "' Order by whendone DESC"; $page_trail = $mydatabase->query($query); print "<table border=1><tr bgcolor=FFFFFF><td>" . $lang['txt67'] . "</td><td>url</td><td>" . $lang['date'] . "</td></tr>"; while ($page = $page_trail->fetchRow(DB_FETCHMODE_ASSOC)) { $when = mktime(substr($page['whendone'], 8, 2), substr($page['whendone'], 10, 2), substr($page['whendone'], 12, 2), substr($page['whendone'], 4, 2), substr($page['whendone'], 6, 2), substr($page['whendone'], 0, 4)); print "<tr><td>" . $page['title'] . "</td><td><a href=" . $page['location'] . " target=_blank>" . $page['location'] . "</a></td><td>"; print date("F j, Y, g:i a", $when); print "</td></tr>"; } print "</table><br><center><a href=javascript:window.close()>" . $lang['txt40'] . "</a>"; if (!$serversession) { $mydatabase->close_connect(); }
$username_s = $newusername; if ($newusername == "") { $newusername = "******"; } while ($count != 0) { $query = "SELECT * \n FROM livehelp_users \n WHERE username='******'"; $count_a = $mydatabase->query($query); $count = $count_a->numrows(); if ($count != 0) { $newusername = $username_s . "_" . $countnum; } $countnum++; } $useremail = str_replace("\\'", "", $useremail); $useremail = str_replace("'", "", $useremail); $query = "UPDATE livehelp_users \n SET email='" . filter_sql($useremail) . "',isnamed='Y',askquestions='N',username='******',sessiondata='{$sessiondata}' \n WHERE sessionid='" . $identity['SESSIONID'] . "'"; $mydatabase->query($query); $query = "SELECT * \n FROM livehelp_users \n WHERE sessionid='" . $identity['SESSIONID'] . "'"; $people = $mydatabase->query($query); $people = $people->fetchRow(DB_FETCHMODE_ASSOC); $myid = $people['user_id']; $channel = $people['onchannel']; $isnamed = $people['isnamed']; $isnamed = "Y"; ?> <SCRIPT type="text/javascript"> window.location.replace("user_connect.php?try=0&tab=1&doubleframe=yes&pageurl=offline.php&department=<?php echo $UNTRUSTED['department']; ?> "); </SCRIPT>
function db_multi_insert($tbl, $multi_fields) { global $db; $count = 0; if ($multi_fields) { foreach ($multi_fields as $fields) { $query_fields = array(); $query_values = array(); foreach ($fields as $field => $val) { $query_fields[] = $field; $needle = substr($val, 0, 2); if ($needle != '{{') { $query_values[] = "'" . filter_sql($val) . "'"; } else { $val = substr($val, 2, strlen($val) - 4); $query_values[] = filter_sql($val); } $count++; } $fields_query = implode(',', $query_fields); $values_query[] = '(' . implode(',', $query_values) . ')'; } $values_query_multi = implode(',', $values_query); } //Complete Query $query = "INSERT INTO {$tbl} ({$fields_query}) VALUES {$values_query_multi} "; /*//if(!mysql_query($query)) die($query.'<br>'.mysql_error()); $db->total_queries++; $db->total_queries_sql[] = $query; $db->Execute($query); if (mysql_error()) { //if(LOG_DB_ERRORS) die($db->db_query . '<br>' . mysql_error()); }*/ $db->write($query); return $db->insert_id(); }
} $alterations_sql = ""; $prev = mktime(date("H"), date("i") - 35, date("s"), date("m"), date("d"), date("Y")); $oldtime = date("YmdHis", $prev); $rightnow = date("YmdHis"); if ($UNTRUSTED['alterations'] == "Y" && $UNTRUSTED['show_arrival_new'] == "") { $UNTRUSTED['show_arrival_new'] = "N"; } if ($UNTRUSTED['alterations'] == "Y" && $UNTRUSTED['user_alert_new'] == "") { $UNTRUSTED['user_alert_new'] = "Y"; } if ($UNTRUSTED['status'] == "") { $UNTRUSTED['status'] = "Y"; } if ($UNTRUSTED['alterations'] == "Y") { $alterations_sql = "auto_invite='" . filter_sql($UNTRUSTED['auto_invite']) . "',show_arrival='" . filter_sql($UNTRUSTED['show_arrival_new']) . "',user_alert='" . filter_sql($UNTRUSTED['user_alert_new']) . "',typing_alert='" . filter_sql($UNTRUSTED['typing_alert_new']) . "',"; } if ($UNTRUSTED['status'] == "N") { $query = "UPDATE livehelp_users set " . $alterations_sql . "isonline='N',lastaction='{$rightnow}',status='offline',auto_invite='N' WHERE sessionid='" . $identity['SESSIONID'] . "'"; $mydatabase->query($query); } if ($UNTRUSTED['status'] == "Y") { $query = "UPDATE livehelp_users set " . $alterations_sql . "isonline='Y',lastaction='{$rightnow}',status='chat' WHERE sessionid='" . $identity['SESSIONID'] . "'"; $mydatabase->query($query); } $query = "SELECT * FROM livehelp_users WHERE sessionid='" . $identity['SESSIONID'] . "'"; $data = $mydatabase->query($query); $row = $data->fetchRow(DB_FETCHMODE_ASSOC); $offline = " "; $online = " "; $show_arrival = " ";
$counter = 0; while (empty($gen_peer_public_key) == FALSE) { if ($counter > 50) { // Too many loops for peers, something is wrong or peer // is giving out garbage information, break from loop modify_peer_grade($ip_address, $domain, $subfolder, $port_number, 5); break; } $gen_peer_public_key = find_string("-----public_key{$match_number}=", "-----join{$match_number}", $poll_peer); $gen_peer_join_peer_list = filter_sql(find_string("-----join{$match_number}=", "-----last{$match_number}", $poll_peer)); $gen_peer_last_generation = filter_sql(find_string("-----last{$match_number}=", "-----ip{$match_number}", $poll_peer)); $gen_peer_IP = filter_sql(find_string("-----ip{$match_number}=", "-----END{$match_number}", $poll_peer)); $gen_peer_public_key = filter_sql(base64_decode($gen_peer_public_key)); if (empty($gen_peer_last_generation) == TRUE) { // Old format compatible $gen_peer_last_generation = filter_sql(find_string("-----last{$match_number}=", "-----END{$match_number}", $poll_peer)); } //Check if this public key is already in our peer list $public_key_match = mysql_result(mysql_query("SELECT * FROM `generating_peer_list` WHERE `public_key` = '{$gen_peer_public_key}' LIMIT 1"), 0, 0); //Check if a duplicate election time exist $time_elected_match = mysql_result(mysql_query("SELECT * FROM `generating_peer_list` WHERE `join_peer_list` = '{$gen_peer_join_peer_list}' LIMIT 1"), 0, 1); if (empty($public_key_match) == TRUE && empty($time_elected_match) == TRUE) { // No match in database to this public key if (strlen($gen_peer_public_key) > 256 && empty($gen_peer_public_key) == FALSE && $gen_peer_join_peer_list <= $current_generation_cycle && $gen_peer_join_peer_list > TRANSACTION_EPOCH) { $sql = "INSERT INTO `generating_peer_list` (`public_key`,`join_peer_list`,`last_generation`,`IP_Address`)\n\t\t\t\t\tVALUES ('{$gen_peer_public_key}', '{$gen_peer_join_peer_list}', '{$gen_peer_last_generation}', '{$gen_peer_IP}')"; mysql_query($sql); } } $counter++; $match_number++; }
} } // remove a question if ($UNTRUSTED['whatdo'] == "REMOVE") { $query = "DELETE FROM livehelp_qa WHERE recno=" . intval($UNTRUSTED['recno']); $mydatabase->query($query); } // re-order folders/questions. if ($UNTRUSTED['whatdo'] == "REORDER") { $query = "SELECT * from livehelp_qa"; $myarray = $mydatabase->query($query); while ($row = $myarray->fetchRow(DB_FETCHMODE_ASSOC)) { $lookingfor = "ordering__" . $row['recno']; if (isset($UNTRUSTED[$lookingfor])) { $value = $UNTRUSTED[$lookingfor]; $query = "UPDATE livehelp_qa \n SET ordernum='" . filter_sql($value) . "' \n WHERE recno=" . intval($row['recno']); $mydatabase->query($query); } } } // get the depth and the path.. function depthof($id) { global $mydatabase; $pathto = array(); while ($id != 0) { $query = "SELECT * FROM livehelp_qa WHERE recno=" . intval($id); $children = $mydatabase->query($query); $row = $children->fetchRow(DB_FETCHMODE_ASSOC); array_push($pathto, $id); $id = $row['parent'];
$row = $data->fetchRow(DB_FETCHMODE_ASSOC); $isadminsetting = $row['isadmin']; if ($isadminsetting != "Y") { print "You must be logged in with Admin rights in order to change/view security settings"; exit; } ?> <body bgcolor=<?php echo $color_background; ?> onload=currentstatus();> <center> <table border=0 cellpadding=0 cellspacing=0 width=590> <?php if (!empty($UNTRUSTED['goforit'])) { $query = "UPDATE livehelp_config set directoryid='" . filter_sql($UNTRUSTED['directoryid']) . "'"; $mydatabase->query($query); $CSLH_Config['directoryid'] = $UNTRUSTED['directoryid']; } ?> <tr><td bgcolor=<?php echo $color_alt2; ?> ><b>Crafty Syntax Security Registration Information:</b></td></tr> <tr><td bgcolor=<?php echo $color_alt1; ?> ><ul> Security is <font color=990000><b>*VERY*</b></font> important to Crafty Syntax. Security vulnerabilities are found in open source programs on almost a weekly basis and not knowing about these vulnerabilities can be catastrophic to your
$query = "TRUNCATE TABLE `livehelp_smilies`"; $mydatabase->query($query); // go though post vars reset($_POST); while (list($key, $val) = each($_POST)) { $arraysl = explode("_", $key); // if the code is not empty and this is a smile then insert it.. if ($arraysl[0] == "smile" && $val != "") { $imgsrc = $arraysl[2]; $index = 3; while (!empty($arraysl[$index])) { $imgsrc .= "_" . $arraysl[$index]; $index++; } $imgsrc = str_replace("^", ".", $imgsrc); $query = "INSERT INTO livehelp_smilies (code,smile_url) VALUES ('" . filter_sql($val) . "','" . filter_sql($imgsrc) . "')"; $mydatabase->query($query); } } print "<font color=007700 size=+2>" . $lang['txt63'] . "</font>"; } ?> <body bgcolor=<?php echo $color_background; ?> ><center> <table width=500 bgcolor=<?php echo $color_background; ?> ><tr><td> <?php
</b></td></tr></table> <table width=600> <tr bgcolor=FFFFFF><td><b><?php echo $lang['name']; ?> </b></td><td><b>url</b></td><td><b><?php echo $lang['options']; ?> </b></td></tr> <?php if (isset($UNTRUSTED['updatemod'])) { $query = "UPDATE livehelp_modules \n SET name='" . filter_sql($UNTRUSTED['name']) . "',\n path='" . filter_sql($UNTRUSTED['path']) . "',\n adminpath='" . filter_sql($UNTRUSTED['adminpath']) . "',\n `query_string`='" . filter_sql($UNTRUSTED['query_string']) . "'\n WHERE id=" . intval($UNTRUSTED['updatemod']); $mydatabase->query($query); } if (isset($UNTRUSTED['newmodinsert'])) { $query = "INSERT INTO livehelp_modules\n (name,path,adminpath,query_string) \n VALUES ('" . filter_sql($UNTRUSTED['name']) . "','" . filter_sql($UNTRUSTED['path']) . "','" . filter_sql($UNTRUSTED['adminpath']) . "','" . filter_sql($UNTRUSTED['query_string']) . "')"; $mydatabase->query($query); } if (isset($UNTRUSTED['delmod'])) { $query = "DELETE FROM livehelp_modules WHERE id=" . intval($UNTRUSTED['delmod']); $mydatabase->query($query); $query = "DELETE FROM livehelp_modules_dep WHERE modid=" . intval($UNTRUSTED['delmod']); $mydatabase->query($query); } $query = "SELECT * FROM livehelp_modules "; $bgcolor = "{$color_alt2}"; $data = $mydatabase->query($query); while ($row = $data->fetchRow(DB_FETCHMODE_ASSOC)) { if ($bgcolor == "{$color_alt2}") { $bgcolor = "{$color_alt1}"; } else {
$crypto_balance += $transaction_amount_sent; } } echo $crypto_balance; } // End Permission Check // Log inbound IP activity log_ip("AP", scale_trigger(100)); exit; } //*********************************************************************************** //*********************************************************************************** if ($_GET["action"] == "pk_gen_total") { if (check_hashcode_permissions($hash_permissions, "pk_sent") == TRUE) { // Total of *all* the Timekoins ever generated by the provided public key $public_key = filter_sql(base64_decode($_POST["public_key"])); set_decrypt_mode(); // Figure out which decrypt method can be best used //Initialize objects for Internal RSA decrypt if ($GLOBALS['decrypt_mode'] == 2) { require_once 'RSA.php'; $rsa = new Crypt_RSA(); $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); } // Find every Time Koin sent to this public Key $sql = "SELECT public_key_from, public_key_to, crypt_data3, attribute FROM `transaction_history` WHERE `public_key_from` = '{$public_key}'"; $sql_result = mysql_query($sql); $sql_num_results = mysql_num_rows($sql_result); $crypto_balance = 0; $transaction_info; for ($i = 0; $i < $sql_num_results; $i++) {
} while (empty($poll_peer) == FALSE) { $transaction_timestamp = filter_sql(find_string("-----timestamp{$tc}=", "-----public_key_from{$tc}", $poll_peer)); $transaction_public_key_from = find_string("-----public_key_from{$tc}=", "-----public_key_to{$tc}", $poll_peer); $transaction_public_key_to = find_string("-----public_key_to{$tc}=", "-----crypt1data{$tc}", $poll_peer); $transaction_crypt1 = filter_sql(find_string("-----crypt1data{$tc}=", "-----crypt2data{$tc}", $poll_peer)); $transaction_crypt2 = filter_sql(find_string("-----crypt2data{$tc}=", "-----crypt3data{$tc}", $poll_peer)); $transaction_crypt3 = filter_sql(find_string("-----crypt3data{$tc}=", "-----hash{$tc}", $poll_peer)); $transaction_hash = filter_sql(find_string("-----hash{$tc}=", "-----attribute{$tc}", $poll_peer)); $transaction_attribute = find_string("-----attribute{$tc}=", "-----end{$tc}", $poll_peer); if (empty($transaction_public_key_from) == TRUE && empty($transaction_public_key_to) == TRUE) { // No more data, break while loop break; } $transaction_public_key_from = filter_sql(base64_decode($transaction_public_key_from)); $transaction_public_key_to = filter_sql(base64_decode($transaction_public_key_to)); $found_duplicate = mysql_result(mysql_query("SELECT timestamp FROM `transaction_history` WHERE `timestamp` = '{$transaction_timestamp}' AND `public_key_from` = '{$transaction_public_key_from}' AND `hash` = '{$transaction_hash}' LIMIT 1"), 0, 0); // Check for valid attribute if ($transaction_attribute == "G" || $transaction_attribute == "T" || $transaction_attribute == "H") { if (empty($found_duplicate) == TRUE) { $sql = "INSERT INTO `transaction_history` (`timestamp`,`public_key_from`,`public_key_to`,`crypt_data1`,`crypt_data2`,`crypt_data3`, `hash`, `attribute`)\n\t\t\t\t\t\t\t\tVALUES ('{$transaction_timestamp}', '{$transaction_public_key_from}', '{$transaction_public_key_to}', '{$transaction_crypt1}', '{$transaction_crypt2}' , '{$transaction_crypt3}', '{$transaction_hash}' , '{$transaction_attribute}')"; if (mysql_query($sql) == TRUE) { // Flag for a re-check afterwards $double_check_block = TRUE; } } } $tc++; } // End while loop }
function send_timekoins($my_private_key, $my_public_key, $send_to_public_key, $amount, $message) { if (empty($my_private_key) == TRUE || empty($my_public_key) == TRUE || empty($send_to_public_key) == TRUE) { return FALSE; } ini_set('user_agent', 'Timekoin Client v' . TIMEKOIN_VERSION); ini_set('default_socket_timeout', 3); // Timeout for request in seconds $arr1 = str_split($send_to_public_key, 181); $encryptedData1 = tk_encrypt($my_private_key, $arr1[0]); $encryptedData64_1 = base64_encode($encryptedData1); $encryptedData2 = tk_encrypt($my_private_key, $arr1[1]); $encryptedData64_2 = base64_encode($encryptedData2); // Sanitization of message // Filter symbols that might lead to a transaction hack attack $symbols = array("|", "?", "="); // SQL + URL $message = str_replace($symbols, "", $message); // Trim any message to 64 characters max and filter any sql $message = filter_sql(substr($message, 0, 64)); $transaction_data = "AMOUNT={$amount}---TIME=" . time() . "---HASH=" . hash('sha256', $encryptedData64_1 . $encryptedData64_2) . "---MSG={$message}"; $encryptedData3 = tk_encrypt($my_private_key, $transaction_data); $encryptedData64_3 = base64_encode($encryptedData3); $triple_hash_check = hash('sha256', $encryptedData64_1 . $encryptedData64_2 . $encryptedData64_3); $timestamp = transaction_cycle(0) + 1; $attribute = "T"; $qhash = $timestamp . base64_encode($my_public_key) . $encryptedData64_1 . $encryptedData64_2 . $encryptedData64_3 . $triple_hash_check . $attribute; $qhash = hash('md5', $qhash); // Create map with request parameters $params = array('timestamp' => $timestamp, 'public_key' => base64_encode($my_public_key), 'crypt_data1' => $encryptedData64_1, 'crypt_data2' => $encryptedData64_2, 'crypt_data3' => $encryptedData64_3, 'hash' => $triple_hash_check, 'attribute' => $attribute, 'qhash' => $qhash); // Build Http query using params $query = http_build_query($params); // Create Http context details $contextData = array('method' => 'POST', 'header' => "Connection: close\r\n" . "Content-Length: " . strlen($query) . "\r\n", 'content' => $query); // Create context resource for our request $context = stream_context_create(array('http' => $contextData)); // Try all Active Peer Servers $sql_result = mysql_query("SELECT * FROM `active_peer_list` ORDER BY RAND()"); $sql_num_results = mysql_num_rows($sql_result); $return_results; for ($i = 0; $i < $sql_num_results; $i++) { $sql_row = mysql_fetch_array($sql_result); $ip_address = $sql_row["IP_Address"]; $domain = $sql_row["domain"]; $subfolder = $sql_row["subfolder"]; $port_number = $sql_row["port_number"]; $code = $sql_row["code"]; $poll_peer = filter_sql(poll_peer($ip_address, $domain, $subfolder, $port_number, 5, "api.php?action=send_tk&hash={$code}", $context)); if ($poll_peer == "OK") { write_log("Peer: [{$ip_address}{$domain}:{$port_number}/{$subfolder}] Accepted the Transaction for Processing", "T"); $return_results = TRUE; } } if ($return_results == TRUE) { // Success in sending transaction return TRUE; } else { // No peer servers accepted the transaction data :( write_log("No Peers Accepted the Transaction", "T"); return FALSE; } }
if ($transaction_amount_sent_test == $transaction_amount_sent) { // Is a valid integer $amount_valid = TRUE; } else { // Is NOT a valid integer $amount_valid = FALSE; } // Validate transaction against known public key balance if (check_crypt_balance($public_key) >= $transaction_amount_sent && $transaction_amount_sent > 0 && $amount_valid == TRUE) { // Balance checks out // Check hash value for tampering of crypt1, crypt2, or crypt3 fields if (hash('sha256', $crypt1 . $crypt2 . $crypt3) == $hash_check) { // Find destination public key $public_key_to_1 = tk_decrypt($public_key, base64_decode($crypt1)); $public_key_to_2 = tk_decrypt($public_key, base64_decode($crypt2)); $public_key_to = filter_sql($public_key_to_1 . $public_key_to_2); if (strlen($public_key) > 300 && strlen($public_key_to) > 300 && $public_key !== $public_key_to) { // Public key not found, insert into final transaction history $sql = "INSERT INTO `transaction_history` (`timestamp` ,`public_key_from` , `public_key_to` , `crypt_data1` ,`crypt_data2` ,`crypt_data3` ,`hash` ,`attribute`)\n\t\t\t\t\t\t\t\tVALUES ({$time_created}, '{$public_key}', '{$public_key_to}' , '{$crypt1}', '{$crypt2}', '{$crypt3}', '{$hash_check}', 'T');"; if (mysql_query($sql) == FALSE) { //Something didn't work write_log("Transaction Database Insert Failed for this Key: " . base64_encode($public_key), "T"); $record_failure_counter++; } else { $record_insert_counter++; } } else { // Invalid or blank Public Key(s) write_log("Transaction Public Key Error for this Key: " . base64_encode($public_key), "T"); $safe_delete_transaction = TRUE; $record_failure_counter++;
echo $message; ?> <?php if (!empty($UNTRUSTED['changeit'])) { $sql = "SELECT * FROM livehelp_users WHERE password='******'changeit']) . "' AND user_id='" . intval($UNTRUSTED['user_id']) . "'"; $data = $mydatabase->query($sql); if ($data->numrows() == 0) { print "<font color=#990000>Invalid Input/Link</font>"; } else { $sql = "UPDATE livehelp_users SET password='******'newpass'])) . "' WHERE user_id='" . intval($UNTRUSTED['user_id']) . "'"; $mydatabase->query($sql); print "<br><br><br><b>Password has been changed..</b><br><br> <a href=login.php>Log in</a><br><br><br><br><br><br><br><br>"; } } if (!empty($UNTRUSTED['changepass'])) { $sql = "SELECT * FROM livehelp_users WHERE password='******'changepass']) . "' AND username='******'username']) . "'"; $data = $mydatabase->query($sql); if ($data->numrows() == 0) { print "<font color=#990000>Invalid Input/Link</font>"; } else { $row = $data->fetchRow(DB_FETCHMODE_ASSOC); $user_id = $row['user_id']; ?> <input type=hidden name=changeit value="<?php echo $UNTRUSTED['changepass']; ?> "> <table width=250> <tr><td nowrap=nowrap><b>Re-set password for:</b></td><td><b><?php echo $UNTRUSTED['username']; ?>
$active_peers = mysql_num_rows(mysql_query($sql)); if ($active_peers >= $max_active_peers) { // Server is full for active peers echo "FULL"; } else { // Server has room for another peer $my_server_domain = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'server_domain' LIMIT 1"), 0, "field_data"); $my_server_subfolder = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'server_subfolder' LIMIT 1"), 0, "field_data"); $my_server_port_number = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'server_port_number' LIMIT 1"), 0, "field_data"); if (empty($my_server_domain) == TRUE) { // No domain used $my_server_domain = "NA"; } $ip_address = $_SERVER['REMOTE_ADDR']; $domain = filter_sql($_GET["domain"]); $subfolder = filter_sql($_GET["subfolder"]); $port_number = intval($_GET["port_number"]); if (is_domain_valid($domain) == FALSE) { // Someone is using an IP address or Localhost :p $domain = NULL; } // Check to make sure that this peer is not already in our active peer list $duplicate_check1 = mysql_result(mysql_query("SELECT * FROM `active_peer_list` WHERE `IP_Address` = '{$ip_address}' LIMIT 1"), 0, "join_peer_list"); $duplicate_check2 = mysql_result(mysql_query("SELECT * FROM `active_peer_list` WHERE `domain` LIKE '{$domain}' LIMIT 1"), 0, "join_peer_list"); if (empty($ip_address) == TRUE) { //Don't have an IP address, check for duplicate domain if (empty($duplicate_check2) == TRUE) { if ($my_server_domain == $domain) { $duplicate_peer = TRUE; } else { // Neither IP nor Domain exist
if (!empty($UNTRUSTED['usetemplateimage'])) { $query = "UPDATE livehelp_config SET showoperator='Y'"; $mydatabase->query($query); } else { $query = "UPDATE livehelp_config SET showoperator='N'"; $mydatabase->query($query); } $useimage_Y = "N"; if (!empty($UNTRUSTED['useimage'])) { if ($UNTRUSTED['useimage'] == "Y") { $useimage_Y = "Y"; } else { $useimage_Y = "N"; } } $query = "UPDATE livehelp_users \n SET showtype='" . filter_sql($UNTRUSTED['showtyping']) . "',\n displayname='" . filter_sql($UNTRUSTED['newdisplayname']) . "',\n photo='" . filter_sql($UNTRUSTED['photo']) . "',\n greeting='" . filter_sql($UNTRUSTED['greeting']) . "',\n user_alert='" . filter_sql($UNTRUSTED['user_alert']) . "',\n show_arrival='" . filter_sql($UNTRUSTED['show_arrival']) . "',\n username='******'newuser']) . "',\n alertchat='" . filter_sql($UNTRUSTED['alertchat']) . "',\n alerttyping='" . filter_sql($UNTRUSTED['alerttyping']) . "',\n alertinsite='" . filter_sql($UNTRUSTED['alertinsite']) . "', \n useimage='{$useimage_Y}',\n {$passsql}\n {$isadminsql}\n email='" . filter_sql($UNTRUSTED['email']) . "' \n WHERE user_id=" . intval($UNTRUSTED['who']); $mydatabase->query($query); if ($isadminsetting == "Y") { $query = "DELETE FROM livehelp_operator_departments WHERE user_id=" . intval($UNTRUSTED['who']); $mydatabase->query($query); $query = "SELECT * FROM livehelp_departments"; $data = $mydatabase->query($query); while ($row = $data->fetchRow(DB_FETCHMODE_ASSOC)) { $varname = "mydepartment_" . $row['recno']; if (!empty($UNTRUSTED[$varname])) { $query = "INSERT INTO livehelp_operator_departments (user_id,department) \n VALUES (" . intval($UNTRUSTED['who']) . "," . intval($row['recno']) . ")"; $mydatabase->query($query); } } } if (!$serversession) {
$delay_minutes = $_POST["delay_minutes"]; $easy_key = $_POST["easy_key"]; $user_server_keys = intval($_POST["use_private"]); if ($user_server_keys == TRUE) { $fromprivatekey = my_private_key(); $frompublickey = my_public_key(); } if (empty($easy_key) == FALSE) { // Look up destination public key from Easy Key database ini_set('user_agent', 'Timekoin Server (AutoTransfer Plugin) v' . TIMEKOIN_VERSION); ini_set('default_socket_timeout', 7); // Timeout for request in seconds // Translate Easy Key to Public Key and fill in field with $context = stream_context_create(array('http' => array('header' => 'Connection: close'))); // Force close socket after complete $easy_key = filter_sql(file_get_contents("http://timekoin.net/easy.php?s={$easy_key}", FALSE, $context, NULL, 500)); if ($easy_key == "ERROR" || empty($easy_key) == TRUE) { // No Response :( header("Location: autotransfer.php?task=new&error=2"); exit; } else { // Copy to public key destination $topublickey = base64_decode($easy_key); } } if (empty($fromprivatekey) == TRUE || empty($frompublickey) == TRUE || empty($topublickey) == TRUE) { // Missing Data Fields header("Location: autotransfer.php?task=new&error=1"); exit; } // Find Empty Record Location
if ($UNTRUSTED['whattodo'] == $lang['SAVE']) { $seconds = $UNTRUSTED['seconds'] + $UNTRUSTED['minutes'] * 60; if (empty($UNTRUSTED['socialpane'])) { $UNTRUSTED['socialpane'] = "N"; } if (empty($UNTRUSTED['excludemobile'])) { $UNTRUSTED['excludemobile'] = "N"; } if (empty($UNTRUSTED['onlymobile'])) { $UNTRUSTED['onlymobile'] = "N"; } if (empty($UNTRUSTED['editidnum'])) { $query = "INSERT INTO livehelp_autoinvite (isactive,department,message,page,visits,referer,typeof,seconds,user_id,socialpane,excludemobile,onlymobile) VALUES ('Y'," . intval($UNTRUSTED['department']) . ",'" . filter_sql($UNTRUSTED['comment']) . "','" . filter_sql($UNTRUSTED['page']) . "'," . intval($UNTRUSTED['visits']) . ",'" . filter_sql($UNTRUSTED['referer']) . "','" . filter_sql($UNTRUSTED['typeof']) . "','{$seconds}','" . intval($UNTRUSTED['user_id']) . "','" . filter_sql($UNTRUSTED['socialpane']) . "','" . filter_sql($UNTRUSTED['excludemobile']) . "','" . filter_sql($UNTRUSTED['onlymobile']) . "')"; $mydatabase->query($query); } else { $query = "UPDATE livehelp_autoinvite SET seconds='{$seconds}',user_id='" . intval($UNTRUSTED['user_id']) . "',socialpane='" . filter_sql($UNTRUSTED['socialpane']) . "',excludemobile='" . filter_sql($UNTRUSTED['excludemobile']) . "',onlymobile='" . filter_sql($UNTRUSTED['onlymobile']) . "',typeof='" . filter_sql($UNTRUSTED['typeof']) . "',department=" . intval($UNTRUSTED['department']) . ",message='" . filter_sql($UNTRUSTED['comment']) . "',page='" . filter_sql($UNTRUSTED['page']) . "',visits=" . intval($UNTRUSTED['visits']) . ",referer='" . filter_sql($UNTRUSTED['referer']) . "' WHERE idnum=" . intval($UNTRUSTED['editidnum']); $mydatabase->query($query); } } if ($UNTRUSTED['whattodo'] == $lang['UPDATE']) { $query = "SELECT * FROM livehelp_autoinvite"; $data = $mydatabase->query($query); while ($row = $data->fetchRow(DB_FETCHMODE_ASSOC)) { $varname = "isactive__" . $row['idnum']; if (!empty($UNTRUSTED[$varname])) { $query = "UPDATE livehelp_autoinvite set isactive='Y' WHERE idnum='" . $row['idnum'] . "' "; $mydatabase->query($query); } else { $query = "UPDATE livehelp_autoinvite set isactive='N' WHERE idnum='" . $row['idnum'] . "' "; $mydatabase->query($query); }