function sendmessage()
{
if (!empty($_REQUEST['token']) && $_REQUEST['token'] == $_SESSION['token']) {
} else {
echo "CSRF attack detected. Halting request.";
exit;
}
global $userid;
global $db;
global $cookiePrefix;
if (!empty($_POST['message']) && !empty($_POST['currentroom'])) {
$to = $_POST['currentroom'];
$message = $_POST['message'];
$sql = "update cometchat_chatrooms set lastactivity = '" . getTimeStamp() . "' where id = '" . mysql_real_escape_string($to) . "'";
$query = mysql_query($sql);
$styleStart = '';
$styleEnd = '';
if (!empty($_COOKIE[$cookiePrefix . 'chatroomcolor']) && preg_match('/^[a-f0-9]{6}$/i', $_COOKIE[$cookiePrefix . 'chatroomcolor'])) {
$styleStart = '<span style="color:#' . $_COOKIE[$cookiePrefix . 'chatroomcolor'] . '">';
$styleEnd = '</span>';
}
if (USE_COMET == 1 && COMET_CHATROOMS == 1) {
$comet = new Comet(KEY_A, KEY_B);
if (empty($_SESSION['cometchat']['username'])) {
$name = '';
$sql = getUserDetails($userid);
$result = mysql_query($sql);
if ($row = mysql_fetch_array($result)) {
if (function_exists('processName')) {
$row['username'] = processName($row['username']);
}
$name = $row['username'];
}
$_SESSION['cometchat']['username'] = $name;
} else {
$name = $_SESSION['cometchat']['username'];
}
if (!empty($name)) {
$info = $comet->publish(array('channel' => md5('chatroom_' . $to . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $name, "message" => $styleStart . sanitize($message) . $styleEnd, "sent" => getTimeStamp())));
}
$insertedid = getTimeStamp() . rand(0, 1000000);
} else {
$sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($to) . "','" . $styleStart . mysql_real_escape_string(sanitize($message)) . $styleEnd . "','" . getTimeStamp() . "')";
$query = mysql_query($sql);
$insertedid = mysql_insert_id();
}
echo $insertedid;
exit;
}
}
function sendSelfMessage($to, $message, $sessionMessage = '')
{
global $userid;
if (!empty($to) && !empty($message)) {
if ($userid != '') {
if (USE_COMET == 1) {
$comet = new Comet(KEY_A, KEY_B);
$info = $comet->publish(array('channel' => md5($userid . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $to, "message" => $message, "sent" => getTimeStamp(), "self" => 1)));
$insertedid = getTimeStamp() . rand(0, 1000000);
} else {
$sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read, cometchat.direction) values ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($to) . "','" . mysql_real_escape_string($message) . "','" . getTimeStamp() . "',0,2)";
$query = mysql_query($sql);
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysql_error();
}
$insertedid = mysql_insert_id();
if (empty($_SESSION['cometchat']['cometchat_user_' . $to])) {
$_SESSION['cometchat']['cometchat_user_' . $to] = array();
}
if (empty($sessionMessage)) {
$sessionMessage = $message;
}
$_SESSION['cometchat']['cometchat_user_' . $to][] = array("id" => $insertedid, "from" => $to, "message" => $sessionMessage, "self" => 1, "old" => 1, 'sent' => getTimeStamp() + $_SESSION['cometchat']['timedifference']);
}
}
}
}
function sendChatroomMessage($to = 0, $message = '', $notsilent = 1)
{
global $userid;
global $cookiePrefix;
global $bannedUserIDs;
if ($to == 0 && empty($_POST['currentroom']) || $message == '' && $notsilent == 0 || isset($_POST['message']) && $_POST['message'] == '' || empty($userid) || in_array($userid, $bannedUserIDs)) {
return;
}
if (isset($_POST['message']) && !empty($_POST['currentroom'])) {
$to = mysqli_real_escape_string($GLOBALS['dbh'], $_POST['currentroom']);
//$message = mysqli_real_escape_string($GLOBALS['dbh'],$_POST['message']);
$message = $_POST['message'];
}
if (isset($message) && $message != '') {
if (strpos($message, 'CC^CONTROL_') !== false) {
$message = str_ireplace('CC^CONTROL_', '', $message);
$message = sanitize($message);
$controlparameters = json_decode($message, true);
switch ($controlparameters['name']) {
case 'avchat':
$grp = $controlparameters['params']['grp'];
switch ($controlparameters['method']) {
case 'endcall':
$message = 'CC^CONTROL_AVCHAT_END_CHATROOM_CALL' . $grp;
break;
case 'rejectcall':
$message = 'CC^CONTROL_AVCHAT_REJECT_CHATROOM_CALL' . $grp;
break;
case 'noanswer':
$message = 'CC^CONTROL_AVCHAT_NO_ANSWER_CHATROOM' . $grp;
break;
case 'canceloutgoingcall':
$message = 'CC^CONTROL_AVCHAT_CANCEL_CALL' . $grp;
break;
case 'busycall':
$message = 'CC^CONTROL_AVCHAT_BUSY_CALL' . $grp;
break;
default:
$message = '';
break;
}
break;
case 'audiochat':
$grp = $controlparameters['params']['grp'];
switch ($controlparameters['method']) {
case 'endcall':
$message = 'CC^CONTROL_AUDIOCHAT_END_CHATROOM_CALL' . $grp;
break;
case 'rejectcall':
$message = 'CC^CONTROL_AUDIOCHAT_REJECT_CHATROOM_CALL' . $grp;
break;
case 'noanswer':
$message = 'CC^CONTROL_AUDIOCHAT_NO_ANSWER_CHATROOM' . $grp;
break;
case 'canceloutgoingcall':
$message = 'CC^CONTROL_AUDIOCHAT_CANCEL_CALL' . $grp;
break;
case 'busycall':
$message = 'CC^CONTROL_AUDIOCHAT_BUSY_CALL' . $grp;
break;
default:
$message = '';
break;
}
break;
case 'broadcast':
$grp = $controlparameters['params']['grp'];
switch ($controlparameters['method']) {
case 'endcall':
$message = 'CC^CONTROL_BROADCAST_END_CHATROOM_CALL' . $grp;
break;
default:
$message = '';
break;
}
break;
case 'chatroom':
$delid = $controlparameters['params']['id'];
switch ($controlparameters['method']) {
case 'deletemessage':
$message = 'CC^CONTROL_deletemessage_' . $delid;
break;
case 'kicked':
$message = 'CC^CONTROL_kicked_' . $delid;
break;
case 'banned':
$message = 'CC^CONTROL_banned_' . $delid;
break;
default:
$message = '';
break;
}
break;
default:
break;
}
}
}
if ($notsilent !== 0) {
$message = str_ireplace('CC^CONTROL_', '', $message);
$message = sanitize($message);
}
$styleStart = '';
$styleEnd = '';
if (!empty($_COOKIE[$cookiePrefix . 'chatroomcolor']) && preg_match('/^[a-f0-9]{6}$/i', $_COOKIE[$cookiePrefix . 'chatroomcolor']) && $notsilent == 1) {
$styleStart = '<span style="color:#' . mysqli_real_escape_string($GLOBALS['dbh'], $_COOKIE[$cookiePrefix . 'chatroomcolor']) . '">';
$styleEnd = '</span>';
}
if (USE_COMET == 1 && COMET_CHATROOMS == 1) {
$comet = new Comet(KEY_A, KEY_B);
if (empty($_SESSION['cometchat']['username'])) {
$name = '';
$sql = getUserDetails($userid);
if ($userid > 10000000) {
$sql = getGuestDetails($userid);
}
$result = mysqli_query($GLOBALS['dbh'], $sql);
if ($row = mysqli_fetch_assoc($result)) {
if (function_exists('processName')) {
$row['username'] = processName($row['username']);
}
$name = $row['username'];
}
$_SESSION['cometchat']['username'] = $name;
} else {
$name = $_SESSION['cometchat']['username'];
}
if (!empty($name)) {
$sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $styleStart) . mysqli_real_escape_string($GLOBALS['dbh'], $message) . mysqli_real_escape_string($GLOBALS['dbh'], $styleEnd) . "','" . getTimeStamp() . "')";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$insertedid = mysqli_insert_id($GLOBALS['dbh']);
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysqli_error($GLOBALS['dbh']);
}
$timestamp = getTimeStamp();
$info = $comet->publish(array('channel' => md5('chatroom_' . $to . KEY_A . KEY_B . KEY_C), 'message' => array("id" => $insertedid, "from" => $name, "fromid" => $userid, "message" => $styleStart . $message . $styleEnd, "sent" => getTimeStamp())));
if ($notsilent == 1) {
sendCCResponse(json_encode(array("id" => $insertedid, "m" => $styleStart . $message . $styleEnd)));
}
}
} else {
$sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $styleStart) . mysqli_real_escape_string($GLOBALS['dbh'], $message) . mysqli_real_escape_string($GLOBALS['dbh'], $styleEnd) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], getTimeStamp()) . "')";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$insertedid = mysqli_insert_id($GLOBALS['dbh']);
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysqli_error($GLOBALS['dbh']);
}
if ($notsilent == 1) {
sendCCResponse(json_encode(array("id" => $insertedid, "m" => $styleStart . $message . $styleEnd)));
}
}
parsePusher($to, $insertedid, $message, '1');
$sql = "update cometchat_chatrooms set lastactivity = '" . mysqli_real_escape_string($GLOBALS['dbh'], getTimeStamp()) . "' where id = '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "'";
$query = mysqli_query($GLOBALS['dbh'], $sql);
if ($notsilent == 0) {
return $insertedid;
}
}
function sendSelfMessage($to, $message, $sessionMessage = '')
{
global $userid;
global $cookiePrefix;
if (!empty($_REQUEST['callback'])) {
if (!empty($_SESSION['cometchat']['duplicates'][$_REQUEST['callback']])) {
exit;
}
$_SESSION['cometchat']['duplicates'][$_REQUEST['callback']] = 1;
}
if (!empty($to) && !empty($message)) {
if ($userid > 0) {
if (USE_COMET == 1) {
$insertedid = getTimeStamp() . rand(100, 999);
$key = KEY_A . KEY_B . KEY_C;
$channel = md5($userid . $key);
if (function_exists('mcrypt_encrypt')) {
$channel = md5(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $userid, MCRYPT_MODE_CBC, md5(md5($key)))) . $key);
}
$comet = new Comet(KEY_A, KEY_B);
$info = $comet->publish(array('channel' => $channel, 'message' => array("from" => $to, "message" => $message, "sent" => $insertedid, "self" => 1)));
if (defined('SAVE_LOGS') && SAVE_LOGS == 1) {
$sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read, cometchat.direction) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $message) . "','" . getTimeStamp() . "',1,2)";
$query = mysqli_query($GLOBALS['dbh'], $sql);
}
} else {
$sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read, cometchat.direction) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $message) . "','" . getTimeStamp() . "',0,2)";
$query = mysqli_query($GLOBALS['dbh'], $sql);
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysqli_error($GLOBALS['dbh']);
}
$insertedid = mysqli_insert_id($GLOBALS['dbh']);
}
}
}
}
function sendChatroomMessage($to = 0, $message = '', $notsilent = 1)
{
global $userid;
global $cookiePrefix;
global $bannedUserIDs;
if ($to == 0 && empty($_POST['currentroom']) || $message == '' && $notsilent == 0 || isset($_POST['message']) && $_POST['message'] == '' || empty($userid) || in_array($userid, $bannedUserIDs)) {
return;
}
if (isset($_POST['message']) && !empty($_POST['currentroom'])) {
$to = $_POST['currentroom'];
$message = $_POST['message'];
}
if ($notsilent !== 0) {
$message = str_ireplace('CC^CONTROL_', '', $message);
$message = sanitize($message);
}
$styleStart = '';
$styleEnd = '';
if (!empty($_COOKIE[$cookiePrefix . 'chatroomcolor']) && preg_match('/^[a-f0-9]{6}$/i', $_COOKIE[$cookiePrefix . 'chatroomcolor']) && $notsilent == 1) {
$styleStart = '<span style="color:#' . $_COOKIE[$cookiePrefix . 'chatroomcolor'] . '">';
$styleEnd = '</span>';
}
if (USE_COMET == 1 && COMET_CHATROOMS == 1) {
$insertedid = getTimeStamp() . rand(100, 999);
if ($notsilent == 1) {
sendCCResponse(json_encode(array("id" => $insertedid, "m" => $styleStart . $message . $styleEnd)));
}
$comet = new Comet(KEY_A, KEY_B);
if (empty($_SESSION['cometchat']['username'])) {
$name = '';
$sql = getUserDetails($userid);
if ($userid > 10000000) {
$sql = getGuestDetails($userid);
}
$result = mysqli_query($GLOBALS['dbh'], $sql);
if ($row = mysqli_fetch_assoc($result)) {
if (function_exists('processName')) {
$row['username'] = processName($row['username']);
}
$name = $row['username'];
}
$_SESSION['cometchat']['username'] = $name;
} else {
$name = $_SESSION['cometchat']['username'];
}
if (!empty($name)) {
$info = $comet->publish(array('channel' => md5('chatroom_' . $to . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $name, "fromid" => $userid, "message" => $styleStart . $message . $styleEnd, "sent" => $insertedid)));
if (defined('SAVE_LOGS') && SAVE_LOGS == 1) {
$sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . $styleStart . mysqli_real_escape_string($GLOBALS['dbh'], $message) . $styleEnd . "','" . getTimeStamp() . "')";
$query = mysqli_query($GLOBALS['dbh'], $sql);
}
}
} else {
$sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . $styleStart . mysqli_real_escape_string($GLOBALS['dbh'], $message) . $styleEnd . "','" . getTimeStamp() . "')";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$insertedid = mysqli_insert_id($GLOBALS['dbh']);
if ($notsilent == 1) {
sendCCResponse(json_encode(array("id" => $insertedid, "m" => $styleStart . $message . $styleEnd)));
}
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysqli_error($GLOBALS['dbh']);
}
}
parsePusher($to, $insertedid, $message, '1');
$sql = "update cometchat_chatrooms set lastactivity = '" . getTimeStamp() . "' where id = '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "'";
$query = mysqli_query($GLOBALS['dbh'], $sql);
if ($notsilent != 0) {
return $insertedid;
}
}
function sendmessage()
{
global $userid;
global $cookiePrefix;
if (isset($_POST['message']) && isset($_POST['currentroom'])) {
$to = $_POST['currentroom'];
$message = $_POST['message'];
$sql = "update cometchat_chatrooms set lastactivity = '" . getTimeStamp() . "' where id = '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "'";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$styleStart = '';
$styleEnd = '';
if (!empty($_COOKIE[$cookiePrefix . 'chatroomcolor']) && preg_match('/^[a-f0-9]{6}$/i', $_COOKIE[$cookiePrefix . 'chatroomcolor'])) {
$styleStart = '<span style="color:#' . $_COOKIE[$cookiePrefix . 'chatroomcolor'] . '">';
$styleEnd = '</span>';
}
$message = str_ireplace('CC^CONTROL_', '', $message);
if (USE_COMET == 1 && COMET_CHATROOMS == 1) {
$comet = new Comet(KEY_A, KEY_B);
if (empty($_SESSION['cometchat']['username'])) {
$name = '';
$sql = getUserDetails($userid);
if ($userid > 10000000) {
$sql = getGuestDetails($userid);
}
$result = mysqli_query($GLOBALS['dbh'], $sql);
if ($row = mysqli_fetch_assoc($result)) {
if (function_exists('processName')) {
$row['username'] = processName($row['username']);
}
$name = $row['username'];
}
$_SESSION['cometchat']['username'] = $name;
} else {
$name = $_SESSION['cometchat']['username'];
}
$insertedid = getTimeStamp() . rand(100, 999);
if (!empty($name)) {
$info = $comet->publish(array('channel' => md5('chatroom_' . $to . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $name, "fromid" => $userid, "message" => $styleStart . sanitize($message) . $styleEnd, "sent" => $insertedid)));
if (defined('SAVE_LOGS') && SAVE_LOGS == 1) {
$sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . $styleStart . mysqli_real_escape_string($GLOBALS['dbh'], sanitize($message)) . $styleEnd . "','" . getTimeStamp() . "')";
$query = mysqli_query($GLOBALS['dbh'], $sql);
}
}
} else {
$sql = "insert into cometchat_chatroommessages (userid,chatroomid,message,sent) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . $styleStart . mysqli_real_escape_string($GLOBALS['dbh'], sanitize($message)) . $styleEnd . "','" . getTimeStamp() . "')";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$insertedid = mysqli_insert_id($GLOBALS['dbh']);
}
echo $insertedid;
exit;
}
}
header('content-type: application/json; charset=utf-8');
echo $_GET['callback'] . '(' . json_encode($response) . ')';
} else {
echo json_encode($response);
}
$size = ob_get_length();
header("Content-Length: {$size}");
ob_end_flush();
flush();
$key = KEY_A . KEY_B . KEY_C;
$channel = md5($to . $key);
if (function_exists('mcrypt_encrypt')) {
$channel = md5(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $to, MCRYPT_MODE_CBC, md5(md5($key)))) . $key);
}
$comet = new Comet(KEY_A, KEY_B);
$info = $comet->publish(array('channel' => $channel, 'message' => array("from" => $userid, "message" => $message, "sent" => $insertedid, "self" => 0)));
if (defined('SAVE_LOGS') && SAVE_LOGS == 1) {
$sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $message) . "','" . getTimeStamp() . "',1)";
$query = mysqli_query($GLOBALS['dbh'], $sql);
}
} else {
$sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "', '" . mysqli_real_escape_string($GLOBALS['dbh'], $to) . "','" . mysqli_real_escape_string($GLOBALS['dbh'], $message) . "','" . getTimeStamp() . "',0)";
$query = mysqli_query($GLOBALS['dbh'], $sql);
$insertedid = mysqli_insert_id($GLOBALS['dbh']);
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysqli_error($GLOBALS['dbh']);
}
$response = array("insertedid" => $insertedid, "message" => $message);
if (isset($_REQUEST['callbackfn']) && $_REQUEST['callbackfn'] == 'mobileapp' && empty($_REQUEST['v'])) {
$response = $insertedid;
}
$message = $_REQUEST['message'];
if ($userid != '') {
if (function_exists('hooks_message')) {
hooks_message($userid, $to, $message);
}
if (!in_array($userid, $bannedUserIDs)) {
if (in_array('block', $plugins)) {
$sql = "select * from cometchat_block where (fromid = '" . mysql_real_escape_string($to) . "' and toid ='" . mysql_real_escape_string($userid) . "') OR (fromid = '" . mysql_real_escape_string($userid) . "' and toid ='" . mysql_real_escape_string($to) . "')";
$query = mysql_query($sql);
if (mysql_num_rows($query) > 0) {
return;
}
}
if (USE_COMET == 1) {
$comet = new Comet(KEY_A, KEY_B);
$info = $comet->publish(array('channel' => md5($to . KEY_A . KEY_B . KEY_C), 'message' => array("from" => $userid, "message" => sanitize($message), "sent" => getTimeStamp(), "self" => 0)));
$insertedid = getTimeStamp() . rand(0, 1000000);
if (defined('SAVE_LOGS') && SAVE_LOGS == 1) {
$sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read) values ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($to) . "','" . mysql_real_escape_string(sanitize($message)) . "','" . getTimeStamp() . "',1)";
$query = mysql_query($sql);
$insertedid = mysql_insert_id();
}
} else {
$sql = "insert into cometchat (cometchat.from,cometchat.to,cometchat.message,cometchat.sent,cometchat.read) values ('" . mysql_real_escape_string($userid) . "', '" . mysql_real_escape_string($to) . "','" . mysql_real_escape_string(sanitize($message)) . "','" . getTimeStamp() . "',0)";
$query = mysql_query($sql);
$insertedid = mysql_insert_id();
if (defined('DEV_MODE') && DEV_MODE == '1') {
echo mysql_error();
}
}
if (empty($_SESSION['cometchat']['cometchat_user_' . $to])) {
