function sendmessage() { if (!empty($_REQUEST['token']) && $_REQUEST['token'] == $_SESSION['token']) { } else { echo "CSRF attack detected. Halting request."; exit; } global $userid; global $db; global $cookiePrefix; if (!empty($_POST['message']) && !empty($_POST['currentroom'])) { $to = $_POST['currentroom']; $message = $_POST['message']; $sql = "update cometchat_chatrooms set lastactivity = '" . getTimeStamp() . "' where id = '" . mysql_real_escape_string($to) . "'"; $query = mysql_query($sql); $styleStart = ''; $styleEnd = ''; if (!empty($_COOKIE[$cookiePrefix . 'chatroomcolor']) && preg_match('/^[a-f0-9]{6}$/i', $_COOKIE[$cookiePrefix . 'chatroomcolor'])) { $styleStart = '<span style="color:#' . $_COOKIE[$cookiePrefix . 'chatroomcolor'] . '">'; $styleEnd = '</span>'; } if (USE_COMET == 1 && COMET_CHATROOMS == 1) { $comet = new Comet(KEY_A, KEY_B); if (empty($_SESSION['cometchat']['username'])) { $name = ''; $sql = getUserDetails($userid); $result = mysql_query($sql); if ($row = mysql_fetch_array($result)) { if (function_exists('processName')) { $row['username'] = processName($row['username']); } $name = $row['username']; } $_SESSION['cometchat']['username'] = $name; } else { $name = $_SESSION['cometchat']['username']; } if (!empty($name)) { $info = $comet->publish(array('channel' => md5('chatroom_' . $to . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $name, "message" => $styleStart . sanitize($message) . $styleEnd, "sent" => getTimeStamp()))); } $insertedid = getTimeStamp() . rand(0, 1000000); } else { $sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($to) . "','" . $styleStart . mysql_real_escape_string(sanitize($message)) . $styleEnd . "','" . getTimeStamp() . "')"; $query = mysql_query($sql); $insertedid = mysql_insert_id(); } echo $insertedid; exit; } }
function sendSelfMessage($to, $message, $sessionMessage = '') { global $userid; if (!empty($to) && !empty($message)) { if ($userid != '') { if (USE_COMET == 1) { $comet = new Comet(KEY_A, KEY_B); $info = $comet->publish(array('channel' => md5($userid . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $to, "message" => $message, "sent" => getTimeStamp(), "self" => 1))); $insertedid = getTimeStamp() . rand(0, 1000000); } else { $sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read, cometchat.direction) values ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($to) . "','" . mysql_real_escape_string($message) . "','" . getTimeStamp() . "',0,2)"; $query = mysql_query($sql); if (defined('DEV_MODE') && DEV_MODE == '1') { echo mysql_error(); } $insertedid = mysql_insert_id(); if (empty($_SESSION['cometchat']['cometchat_user_' . $to])) { $_SESSION['cometchat']['cometchat_user_' . $to] = array(); } if (empty($sessionMessage)) { $sessionMessage = $message; } $_SESSION['cometchat']['cometchat_user_' . $to][] = array("id" => $insertedid, "from" => $to, "message" => $sessionMessage, "self" => 1, "old" => 1, 'sent' => getTimeStamp() + $_SESSION['cometchat']['timedifference']); } } } }
function sendChatroomMessage($to = 0, $message = '', $notsilent = 1) { global $userid; global $cookiePrefix; global $bannedUserIDs; if ($to == 0 && empty($_POST['currentroom']) || $message == '' && $notsilent == 0 || isset($_POST['message']) && $_POST['message'] == '' || empty($userid) || in_array($userid, $bannedUserIDs)) { return; } if (isset($_POST['message']) && !empty($_POST['currentroom'])) { $to = mysqli_real_escape_string($GLOBALS['dbh'], $_POST['currentroom']); //$message = mysqli_real_escape_string($GLOBALS['dbh'],$_POST['message']); $message = $_POST['message']; } if (isset($message) && $message != '') { if (strpos($message, 'CC^CONTROL_') !== false) { $message = str_ireplace('CC^CONTROL_', '', $message); $message = sanitize($message); $controlparameters = json_decode($message, true); switch ($controlparameters['name']) { case 'avchat': $grp = $controlparameters['params']['grp']; switch ($controlparameters['method']) { case 'endcall': $message = 'CC^CONTROL_AVCHAT_END_CHATROOM_CALL' . $grp; break; case 'rejectcall': $message = 'CC^CONTROL_AVCHAT_REJECT_CHATROOM_CALL' . $grp; break; case 'noanswer': $message = 'CC^CONTROL_AVCHAT_NO_ANSWER_CHATROOM' . $grp; break; case 'canceloutgoingcall': $message = 'CC^CONTROL_AVCHAT_CANCEL_CALL' . $grp; break; case 'busycall': $message = 'CC^CONTROL_AVCHAT_BUSY_CALL' . $grp; break; default: $message = ''; break; } break; case 'audiochat': $grp = $controlparameters['params']['grp']; switch ($controlparameters['method']) { case 'endcall': $message = 'CC^CONTROL_AUDIOCHAT_END_CHATROOM_CALL' . $grp; break; case 'rejectcall': $message = 'CC^CONTROL_AUDIOCHAT_REJECT_CHATROOM_CALL' . $grp; break; case 'noanswer': $message = 'CC^CONTROL_AUDIOCHAT_NO_ANSWER_CHATROOM' . $grp; break; case 'canceloutgoingcall': $message = 'CC^CONTROL_AUDIOCHAT_CANCEL_CALL' . $grp; break; case 'busycall': $message = 'CC^CONTROL_AUDIOCHAT_BUSY_CALL' . $grp; break; default: $message = ''; break; } break; case 'broadcast': $grp = $controlparameters['params']['grp']; switch ($controlparameters['method']) { case 'endcall': $message = 'CC^CONTROL_BROADCAST_END_CHATROOM_CALL' . $grp; break; default: $message = ''; break; } break; case 'chatroom': $delid = $controlparameters['params']['id']; switch ($controlparameters['method']) { case 'deletemessage': $message = 'CC^CONTROL_deletemessage_' . $delid; break; case 'kicked': $message = 'CC^CONTROL_kicked_' . $delid; break; case 'banned': $message = 'CC^CONTROL_banned_' . $delid; break; default: $message = ''; break; } break; default: break; } } } if ($notsilent !== 0) { $message = str_ireplace('CC^CONTROL_', '', $message); $message = sanitize($message); } $styleStart = ''; $styleEnd = ''; if (!empty($_COOKIE[$cookiePrefix . 'chatroomcolor']) && preg_match('/^[a-f0-9]{6}$/i', $_COOKIE[$cookiePrefix . 'chatroomcolor']) && $notsilent == 1) { $styleStart = '<span style="color:#' . mysqli_real_escape_string($GLOBALS['dbh'], $_COOKIE[$cookiePrefix . 'chatroomcolor']) . '">'; $styleEnd = '</span>'; } if (USE_COMET == 1 && COMET_CHATROOMS == 1) { $comet = new Comet(KEY_A, KEY_B); if (empty($_SESSION['cometchat']['username'])) { $name = ''; $sql = getUserDetails($userid); if ($userid > 10000000) { $sql = getGuestDetails($userid); } $result = mysqli_query($GLOBALS['dbh'], $sql); if ($row = mysqli_fetch_assoc($result)) { if (function_exists('processName')) { $row['username'] = processName($row['username']); } $name = $row['username']; } $_SESSION['cometchat']['username'] = $name; } else { $name = $_SESSION['cometchat']['username']; } if (!empty($name)) { $sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $styleStart) . mysqli_real_escape_string($GLOBALS['dbh'], $message) . mysqli_real_escape_string($GLOBALS['dbh'], $styleEnd) . "','" . getTimeStamp() . "')"; $query = mysqli_query($GLOBALS['dbh'], $sql); $insertedid = mysqli_insert_id($GLOBALS['dbh']); if (defined('DEV_MODE') && DEV_MODE == '1') { echo mysqli_error($GLOBALS['dbh']); } $timestamp = getTimeStamp(); $info = $comet->publish(array('channel' => md5('chatroom_' . $to . KEY_A . KEY_B . KEY_C), 'message' => array("id" => $insertedid, "from" => $name, "fromid" => $userid, "message" => $styleStart . $message . $styleEnd, "sent" => getTimeStamp()))); if ($notsilent == 1) { sendCCResponse(json_encode(array("id" => $insertedid, "m" => $styleStart . $message . $styleEnd))); } } } else { $sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $styleStart) . mysqli_real_escape_string($GLOBALS['dbh'], $message) . mysqli_real_escape_string($GLOBALS['dbh'], $styleEnd) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], getTimeStamp()) . "')"; $query = mysqli_query($GLOBALS['dbh'], $sql); $insertedid = mysqli_insert_id($GLOBALS['dbh']); if (defined('DEV_MODE') && DEV_MODE == '1') { echo mysqli_error($GLOBALS['dbh']); } if ($notsilent == 1) { sendCCResponse(json_encode(array("id" => $insertedid, "m" => $styleStart . $message . $styleEnd))); } } parsePusher($to, $insertedid, $message, '1'); $sql = "update cometchat_chatrooms set lastactivity = '" . mysqli_real_escape_string($GLOBALS['dbh'], getTimeStamp()) . "' where id = '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "'"; $query = mysqli_query($GLOBALS['dbh'], $sql); if ($notsilent == 0) { return $insertedid; } }
function sendSelfMessage($to, $message, $sessionMessage = '') { global $userid; global $cookiePrefix; if (!empty($_REQUEST['callback'])) { if (!empty($_SESSION['cometchat']['duplicates'][$_REQUEST['callback']])) { exit; } $_SESSION['cometchat']['duplicates'][$_REQUEST['callback']] = 1; } if (!empty($to) && !empty($message)) { if ($userid > 0) { if (USE_COMET == 1) { $insertedid = getTimeStamp() . rand(100, 999); $key = KEY_A . KEY_B . KEY_C; $channel = md5($userid . $key); if (function_exists('mcrypt_encrypt')) { $channel = md5(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $userid, MCRYPT_MODE_CBC, md5(md5($key)))) . $key); } $comet = new Comet(KEY_A, KEY_B); $info = $comet->publish(array('channel' => $channel, 'message' => array("from" => $to, "message" => $message, "sent" => $insertedid, "self" => 1))); if (defined('SAVE_LOGS') && SAVE_LOGS == 1) { $sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read, cometchat.direction) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $message) . "','" . getTimeStamp() . "',1,2)"; $query = mysqli_query($GLOBALS['dbh'], $sql); } } else { $sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read, cometchat.direction) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $message) . "','" . getTimeStamp() . "',0,2)"; $query = mysqli_query($GLOBALS['dbh'], $sql); if (defined('DEV_MODE') && DEV_MODE == '1') { echo mysqli_error($GLOBALS['dbh']); } $insertedid = mysqli_insert_id($GLOBALS['dbh']); } } } }
function sendChatroomMessage($to = 0, $message = '', $notsilent = 1) { global $userid; global $cookiePrefix; global $bannedUserIDs; if ($to == 0 && empty($_POST['currentroom']) || $message == '' && $notsilent == 0 || isset($_POST['message']) && $_POST['message'] == '' || empty($userid) || in_array($userid, $bannedUserIDs)) { return; } if (isset($_POST['message']) && !empty($_POST['currentroom'])) { $to = $_POST['currentroom']; $message = $_POST['message']; } if ($notsilent !== 0) { $message = str_ireplace('CC^CONTROL_', '', $message); $message = sanitize($message); } $styleStart = ''; $styleEnd = ''; if (!empty($_COOKIE[$cookiePrefix . 'chatroomcolor']) && preg_match('/^[a-f0-9]{6}$/i', $_COOKIE[$cookiePrefix . 'chatroomcolor']) && $notsilent == 1) { $styleStart = '<span style="color:#' . $_COOKIE[$cookiePrefix . 'chatroomcolor'] . '">'; $styleEnd = '</span>'; } if (USE_COMET == 1 && COMET_CHATROOMS == 1) { $insertedid = getTimeStamp() . rand(100, 999); if ($notsilent == 1) { sendCCResponse(json_encode(array("id" => $insertedid, "m" => $styleStart . $message . $styleEnd))); } $comet = new Comet(KEY_A, KEY_B); if (empty($_SESSION['cometchat']['username'])) { $name = ''; $sql = getUserDetails($userid); if ($userid > 10000000) { $sql = getGuestDetails($userid); } $result = mysqli_query($GLOBALS['dbh'], $sql); if ($row = mysqli_fetch_assoc($result)) { if (function_exists('processName')) { $row['username'] = processName($row['username']); } $name = $row['username']; } $_SESSION['cometchat']['username'] = $name; } else { $name = $_SESSION['cometchat']['username']; } if (!empty($name)) { $info = $comet->publish(array('channel' => md5('chatroom_' . $to . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $name, "fromid" => $userid, "message" => $styleStart . $message . $styleEnd, "sent" => $insertedid))); if (defined('SAVE_LOGS') && SAVE_LOGS == 1) { $sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . $styleStart . mysqli_real_escape_string($GLOBALS['dbh'], $message) . $styleEnd . "','" . getTimeStamp() . "')"; $query = mysqli_query($GLOBALS['dbh'], $sql); } } } else { $sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . $styleStart . mysqli_real_escape_string($GLOBALS['dbh'], $message) . $styleEnd . "','" . getTimeStamp() . "')"; $query = mysqli_query($GLOBALS['dbh'], $sql); $insertedid = mysqli_insert_id($GLOBALS['dbh']); if ($notsilent == 1) { sendCCResponse(json_encode(array("id" => $insertedid, "m" => $styleStart . $message . $styleEnd))); } if (defined('DEV_MODE') && DEV_MODE == '1') { echo mysqli_error($GLOBALS['dbh']); } } parsePusher($to, $insertedid, $message, '1'); $sql = "update cometchat_chatrooms set lastactivity = '" . getTimeStamp() . "' where id = '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "'"; $query = mysqli_query($GLOBALS['dbh'], $sql); if ($notsilent != 0) { return $insertedid; } }
function sendmessage() { global $userid; global $cookiePrefix; if (isset($_POST['message']) && isset($_POST['currentroom'])) { $to = $_POST['currentroom']; $message = $_POST['message']; $sql = "update cometchat_chatrooms set lastactivity = '" . getTimeStamp() . "' where id = '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "'"; $query = mysqli_query($GLOBALS['dbh'], $sql); $styleStart = ''; $styleEnd = ''; if (!empty($_COOKIE[$cookiePrefix . 'chatroomcolor']) && preg_match('/^[a-f0-9]{6}$/i', $_COOKIE[$cookiePrefix . 'chatroomcolor'])) { $styleStart = '<span style="color:#' . $_COOKIE[$cookiePrefix . 'chatroomcolor'] . '">'; $styleEnd = '</span>'; } $message = str_ireplace('CC^CONTROL_', '', $message); if (USE_COMET == 1 && COMET_CHATROOMS == 1) { $comet = new Comet(KEY_A, KEY_B); if (empty($_SESSION['cometchat']['username'])) { $name = ''; $sql = getUserDetails($userid); if ($userid > 10000000) { $sql = getGuestDetails($userid); } $result = mysqli_query($GLOBALS['dbh'], $sql); if ($row = mysqli_fetch_assoc($result)) { if (function_exists('processName')) { $row['username'] = processName($row['username']); } $name = $row['username']; } $_SESSION['cometchat']['username'] = $name; } else { $name = $_SESSION['cometchat']['username']; } $insertedid = getTimeStamp() . rand(100, 999); if (!empty($name)) { $info = $comet->publish(array('channel' => md5('chatroom_' . $to . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $name, "fromid" => $userid, "message" => $styleStart . sanitize($message) . $styleEnd, "sent" => $insertedid))); if (defined('SAVE_LOGS') && SAVE_LOGS == 1) { $sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . $styleStart . mysqli_real_escape_string($GLOBALS['dbh'], sanitize($message)) . $styleEnd . "','" . getTimeStamp() . "')"; $query = mysqli_query($GLOBALS['dbh'], $sql); } } } else { $sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . $styleStart . mysqli_real_escape_string($GLOBALS['dbh'], sanitize($message)) . $styleEnd . "','" . getTimeStamp() . "')"; $query = mysqli_query($GLOBALS['dbh'], $sql); $insertedid = mysqli_insert_id($GLOBALS['dbh']); } echo $insertedid; exit; } }
header('content-type: application/json; charset=utf-8'); echo $_GET['callback'] . '(' . json_encode($response) . ')'; } else { echo json_encode($response); } $size = ob_get_length(); header("Content-Length: {$size}"); ob_end_flush(); flush(); $key = KEY_A . KEY_B . KEY_C; $channel = md5($to . $key); if (function_exists('mcrypt_encrypt')) { $channel = md5(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $to, MCRYPT_MODE_CBC, md5(md5($key)))) . $key); } $comet = new Comet(KEY_A, KEY_B); $info = $comet->publish(array('channel' => $channel, 'message' => array("from" => $userid, "message" => $message, "sent" => $insertedid, "self" => 0))); if (defined('SAVE_LOGS') && SAVE_LOGS == 1) { $sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $message) . "','" . getTimeStamp() . "',1)"; $query = mysqli_query($GLOBALS['dbh'], $sql); } } else { $sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $message) . "','" . getTimeStamp() . "',0)"; $query = mysqli_query($GLOBALS['dbh'], $sql); $insertedid = mysqli_insert_id($GLOBALS['dbh']); if (defined('DEV_MODE') && DEV_MODE == '1') { echo mysqli_error($GLOBALS['dbh']); } $response = array("insertedid" => $insertedid, "message" => $message); if (isset($_REQUEST['callbackfn']) && $_REQUEST['callbackfn'] == 'mobileapp' && empty($_REQUEST['v'])) { $response = $insertedid; }
$message = $_REQUEST['message']; if ($userid != '') { if (function_exists('hooks_message')) { hooks_message($userid, $to, $message); } if (!in_array($userid, $bannedUserIDs)) { if (in_array('block', $plugins)) { $sql = "select * from cometchat_block where (fromid = '" . mysql_real_escape_string($to) . "' and toid ='" . mysql_real_escape_string($userid) . "') OR (fromid = '" . mysql_real_escape_string($userid) . "' and toid ='" . mysql_real_escape_string($to) . "')"; $query = mysql_query($sql); if (mysql_num_rows($query) > 0) { return; } } if (USE_COMET == 1) { $comet = new Comet(KEY_A, KEY_B); $info = $comet->publish(array('channel' => md5($to . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $userid, "message" => sanitize($message), "sent" => getTimeStamp(), "self" => 0))); $insertedid = getTimeStamp() . rand(0, 1000000); if (defined('SAVE_LOGS') && SAVE_LOGS == 1) { $sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read) values ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($to) . "','" . mysql_real_escape_string(sanitize($message)) . "','" . getTimeStamp() . "',1)"; $query = mysql_query($sql); $insertedid = mysql_insert_id(); } } else { $sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read) values ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($to) . "','" . mysql_real_escape_string(sanitize($message)) . "','" . getTimeStamp() . "',0)"; $query = mysql_query($sql); $insertedid = mysql_insert_id(); if (defined('DEV_MODE') && DEV_MODE == '1') { echo mysql_error(); } } if (empty($_SESSION['cometchat']['cometchat_user_' . $to])) {