$sqlquery = "SELECT typeof FROM livehelp_messages WHERE typeof='writediv' AND channel=" . intval($channel) . " AND saidfrom=" . intval($UNTRUSTED['fromwho']) . " LIMIT 1";
$checking = $mydatabase->query($sqlquery);
// if not create one
if ($checking->numrows() == 0) {
if (empty($saidto)) {
$saidto = -1;
}
$sqlquery = "INSERT INTO livehelp_messages (message,channel,timeof,saidfrom,saidto,typeof) VALUES ('" . filter_sql(convertamps($UNTRUSTED['sayingwhat'])) . "'," . intval($channel) . ",'{$timeof}'," . intval($UNTRUSTED['fromwho']) . "," . intval($saidto) . ",'writediv')";
$mydatabase->query($sqlquery);
}
// see if we have something to update...
$sqlquery = "SELECT typeof FROM livehelp_messages WHERE message='" . filter_sql(convertamps($UNTRUSTED['sayingwhat'])) . "' AND typeof='writediv' AND channel=" . intval($channel) . " AND saidfrom=" . intval($UNTRUSTED['fromwho']) . " LIMIT 1";
$checking = $mydatabase->query($sqlquery);
// if so update it
if ($checking->numrows() == 0) {
$sqlquery = "UPDATE livehelp_messages set timeof='" . date("YmdHis") . "',message='" . filter_sql(convertamps($UNTRUSTED['sayingwhat'])) . "' WHERE typeof='writediv' AND channel=" . intval($channel) . " AND saidfrom=" . intval($UNTRUSTED['fromwho']);
$mydatabase->query($sqlquery);
}
if (!$serversession) {
$mydatabase->close_connect();
}
$filepath = "images/browse.gif";
showimage($filepath, "image/gif");
exit;
}
//----------------------------------------------------------------
if ($UNTRUSTED['what'] == "browse") {
if (!$serversession) {
$mydatabase->close_connect();
}
$filepath = "images/browse.gif";
$peoplestring .= str_replace(" ", "", $visitor_string);
}
print $peoplestring;
exit;
}
//-----------------------------------------------------------------------------------
if ($UNTRUSTED['whattodo'] == "donetyping") {
// get the info of this user..
$query = "SELECT * FROM livehelp_users WHERE sessionid='" . $identity['SESSIONID'] . "'";
$people = $mydatabase->query($query);
$people = $people->fetchRow(DB_FETCHMODE_ASSOC);
$myid = $people['user_id'];
$channel = $people['onchannel'];
$isnamed = $people['isnamed'];
$timeof = date("YmdHis") - 1;
$comment = filter_html(convertamps($UNTRUSTED['comment']));
// remove sneeky people pushing urls from client side:
$comment = str_replace("[PUSH]", "", $comment);
$comment = str_replace("[/PUSH]", "", $comment);
// convert links :
$comment = preg_replace('#(\\s(www.))([^\\s]*)#', ' http://\\2\\3 ', $comment);
$comment = preg_replace('#((http|https|ftp|news|file)://)([^\\s]*)#', '<a href="\\1\\3" target=_blank>\\1\\3</a>', $comment);
if ($UNTRUSTED['convertsmile'] != "OFF") {
$comment = convert_smile($comment);
}
$timeof = date("YmdHis");
if (empty($UNTRUSTED['saidto'])) {
$UNTRUSTED['saidto'] = 0;
}
// see if we have same timestamp: a performance issue but actually done on perpose to discourage
// people making hosted solutions with multiple chats all using the same system.