Member Avatar for barryw33

Hi,

I am trying to sign off a website but have one final obstacle to overcome and then all good.

the problem I have is I have private chat on a dating website.

the site is in russian and english.

the php page for the chat needs headers so that it can recognise the russian charset.

if i have no header in the php page then the chat works fine but with silly characters instead of russian text.

If i add the headers required the chat does not work.

But if I get the chat working then edit the php page adding the headers and then upload that page, the chat works with russian characters.

I tried adding an if statement to push the headers if a message was sent but to no avail.

any help would be fantastic.

I can add the code if required but theres reams of it to go through

many thanks in advance
Barry

  • 1 Contributor
  • 1 Reply
  • 141 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by barryw33
Member Avatar for barryw33

index page with ajax in that calls php page and outputs result

<?
 session_start();
 
?>
<script language="javascript" type="text/javascript">
function chatYes(me,them,request) {
var ajaxRequest;  // The variable that makes Ajax possible!
	
	try{
		// Opera 8.0+, Firefox, Safari
		ajaxRequest = new XMLHttpRequest();
	} catch (e){
		// Internet Explorer Browsers
		try{
			ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
		} catch (e) {
			try{
				ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
			} catch (e){
				// Something went wrong
				alert("Your browser broke!");
				return false;
			}
		}
	}
	ajaxRequest.onreadystatechange = function(){
		///alert(ajaxRequest.readyState);
		if(ajaxRequest.readyState == 4){
							
			var ajaxDisplay = document.getElementById('ajaxDiv');
			ajaxDisplay.innerHTML = ajaxRequest.responseText;
			var other=ajaxRequest.responseText.split(",");
			
			n.value=other[0];
			t.value=other[1];
			o=other[2];
			fullname.value=other[3];
			fullimage.src="http://www.siberiansecrets.com/files/thumb/"+other[4];
			setother(o);			
			loginbutton.click();			
		}
	}
	ajaxRequest.open("POST", "chatyes.php?them=" + them + "&me=" + me + "&request=" + request, true);
	ajaxRequest.send(null); 
}
function setother(o) {
var ajaxRequest;  // The variable that makes Ajax possible!
	
	try{
		// Opera 8.0+, Firefox, Safari
		ajaxRequest = new XMLHttpRequest();
	} catch (e){
		// Internet Explorer Browsers
		try{
			ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
		} catch (e) {
			try{
				ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
			} catch (e){
				// Something went wrong
				alert("Your browser broke!");
				return false;
			}
		}
	}
	ajaxRequest.onreadystatechange = function(){
		///alert(ajaxRequest.readyState);
		if(ajaxRequest.readyState == 4){
							
			var ajaxDisplay = document.getElementById('ajaxOther');
			ajaxDisplay.innerHTML = ajaxRequest.responseText;	
			
			var user=ajaxRequest.responseText.split(",");
			
			otheruser=user[1];
		}
	}
	ajaxRequest.open("POST", "setother.php?o=" + o, true);
	ajaxRequest.send(null); 
}
</script>

<?

//$c_id=$_REQUEST['c_id'];

$c_id=$_SESSION['MM_UserId'];
$_SESSION['c_id']=$c_id;

?> 
<html>
	<head>
	<title>Siberian Secrets Chat</title>
	<link rel="stylesheet" type="text/css" href="themes/style_light.css">
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-type" content="text/html; charset=koi8-b"/>
<meta http-equiv="Content-Type" content="text/html; charset=koi8-r" />
<meta http-equiv="Content-type" content="text/html; charset=windows-1251"/>
<meta http-equiv="Content-Type" content="text/html; charset=x-mac-cyrillic" />
<meta http-equiv="Content-type" content="text/html; charset=cp866"/>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-5"/>
	<style>
		.fullname
			{
				width:100px;
				border:0px;
				text-align:center;
			}
		.fullimage
			{
				border:1px solid #000;
				text-align:center;
				width:100px;
				height:75px;
			}
		.send_button
			{
				width:55px;
				background-color:#cccccc;
				border:1px soild #000;				
				text-align:center;
				font-weight:bold;
			}
	</style>
	</head>
	<div id="ajaxDiv" style="display:none"></div>
	<div id="ajaxOther" style="display:none"></div>
	<body onbeforeunload="quit();">
		<table style="width:100%;height:100%;" cellspacing="0" cellpadding="0"><tr><td align="center" valign="middle">
			<table style="width:1px;height:1px;" cellspacing="0" cellpadding="2">
				<tr>

					<td colspan="2" style="width:590px;">
						<p id="chat" style="width:590px;height:300px;<? echo $chatscrollbar ? "overflow-y:auto;" : "overflow-y:hidden;"; ?>overflow-x:hidden;">
						<table id="enternamecontainer" style="width:100%;height:100%;" cellspacing="0" cellpadding="0"><tr><td align="center" valign="middle">
							<table id="entername" cellspacing="0" cellpadding="2" style="width:1px;height:1px;">
								<tr>
									<td colspan="2" style="text-align:center;">
										
									</td>
								</tr>
								
								<tr>
									<td colspan="2" style="width:155px;display:none;">
										<input id="n" type="input" style="width:155px;" maxlength="9">
									</td>
								</tr>
								
								<tr>
									<td colspan="2" id="passtd" style="width:155px;display:none;">
										<input id="t" type="input" style="width:155px;">
									</td>
								</tr>
								
								<tr>

									<td style="width:100px;text-align:center;display:none;">
										<select id="c" style="width:100px;height:1px;">
											<option value="1" class="name_blue">Blue</option>
											<option value="2" class="name_pink">Pink</option>
											<option value="3" class="name_green">Green</option>
											<option value="4" class="name_purple">Purple</option>
											<option value="5" class="name_orange">Orange</option>

										</select>
									</td>
									<td style="width:50px;display:none;">
										<input id="loginbutton" type="button" onClick="javascript:activatechat();" style="width:50px;" value="Okay">
									</td>
								</tr>
								
								<tr>
									<td id="errortd" colspan="2" style="display:none;text-align:center;width:150px;" >
										<span id="errormsg" class="name_red" style="font-weight:bold;"></span>
									</td>
								</tr>
							</table>

						</td></tr></table>
						<table id="chattable" cellspacing="0" cellpadding="2" style="display:none;width:100%;">
							<tbody>
							</tbody>
						</table>
						</p>
					</td>
					<td valign="top">
						<!--<p id="nicklist" style="height:300px;overflow-y:auto;overflow-x:hidden;text-align:left;"></p>
						<img src="http://www.siberiansecrets.com/files/thumb/<? echo $image; ?>">
						<p align="center"><div id="ajaxOther"></div></p>-->
						<input type="image" class="fullimage" id="fullimage"><br><br>
						<input id="fullname" type="text" class="fullname">
						
						
						
					</td>
				</tr>
				<tr>
					<td colspan="2" style="width:590px;height:1px;">
						<input id="m" style="width:90%;" maxlength="140" onKeyPress="if (event.keyCode == 13) {
     keyup(13)
    }" disabled="true" autocomplete="off" ><input type="button" onClick="keyup(13)" value="send" class="send_button">
					</td>
					<!--<td align="center" valign="middle">
						<a class="helplink" >&nbsp;&nbsp;&nbsp;</a>
					</td>-->
				</tr>
			</table>
		</td></tr></table>
<script type="text/javascript">
/////////////////////////////////////
//atoChat
//Version: 0.5
//Author: atomiku (http://atomiku.com/)
/////////////////////////////////////

var waittime = 500;
var xmlHttp1;
var xmlHttp2;
var xmlHttp4;
var nick;
var color;
var pass;
var candie = 0;
var flood = 0;

var history_lines=new Array();
var history_now=-1;




function URLEncode (clearString) {
  var output = '';
  var x = 0;
  clearString = clearString.toString();
  var regex = /(^[a-zA-Z0-9_.]*)/;
  while (x < clearString.length) {
    var match = regex.exec(clearString.substr(x));
    if (match != null && match.length > 1 && match[1] != '') {
    	output += match[1];
      x += match[1].length;
    } else {
      if (clearString[x] == ' ')
        output += '+';
      else {
        var charCode = clearString.charCodeAt(x);
        var hexVal = charCode.toString(16);
        output += '%' + hexVal.toUpperCase();
      }
      x++;
    }
  }
  return output;
}

function trim(s) {
	var l=0; var r=s.length -1;
	while(l < s.length && s[l] == ' ')
	{	l++; }
	while(r > l && s[r] == ' ')
	{	r-=1;	}
	return s.substring(l, r+1);
}

function ajaxrecv(url) {
	xmlHttp1 = new GetXmlHttpObject();
	if (xmlHttp1 == null) {
		//alert ("Your browser does not support AJAX!");
		return;
	} 
	xmlHttp1.onreadystatechange=handlerecv;
	xmlHttp1.open("GET",url,true);
	xmlHttp1.send(null);
}

function ajaxsend(url) {
	xmlHttp2 = new GetXmlHttpObject();
	if (xmlHttp2 == null) {
		//alert ("Your browser does not support AJAX!");
		return;
	} 
	xmlHttp2.open("GET",url,true);
	xmlHttp2.send(null);
}

function quit() {
	xmlHttp4 = new GetXmlHttpObject();
	if (xmlHttp4 == null) {
		//alert ("Your browser does not support AJAX!");
		return;
	}
	xmlHttp4.open("GET","chat.php?z=endsession",true);
	xmlHttp4.send(null);
}

function ajaxchecknick() {
	document.getElementById("loginbutton").disabled=true;
	xmlHttp4 = new GetXmlHttpObject();
	if (xmlHttp4 == null) {
		//alert ("Your browser does not support AJAX!");
		return;
	}
	
	xmlHttp4.onreadystatechange=handlenickcheck;
	xmlHttp4.open("GET","chat.php?z=checknick&n=" + nick + "&c=" + color + "&p=" + pass + "&o=" + o,true);
	xmlHttp4.send(null);
}

function chat() {
	ajaxrecv("chat.php?z=read");
}

function handlerecv() {
	if (candie == 1) {
		return;
	}
	if (xmlHttp1.readyState == 4) {
		//This segment is from XHTML live chat by alexander kohlhofer
	    results = xmlHttp1.responseText.split(String.fromCharCode(1));
	    if (results.length > 4) {
		    for(i=0;i < (results.length-1);i=i+5) { //goes through the result one message at a time
				if (results[i+2] == "<i>COMMAND</i>") {
					if (results[i+4] == "KICK") {
						reset();
						alert("You have been kicked.");
					}
					else if (results[i+4] == "BAN") {
						reset();
						alert("You have been banned.");
					}
					else if (results[i+4] == "MUTE") {
						document.getElementById("m").disabled=true;
					}
					else if (results[i+4] == "UNMUTE") {
						document.getElementById("m").disabled=false;
					}
					else {
						var splitdata = results[i+4].split("|");
						if (splitdata[0] == "LIST") {
							var nickbuffer = "";
							for(z=1;z < (splitdata.length -1);z=z+2) {
								nickbuffer = nickbuffer + "<span class='" + splitdata[z] + "'>" + splitdata[z+1] + "</span><br>";
							}		
							//document.getElementById("nicklist").innerHTML = nickbuffer;
						}
					}
				}
				else {
					if (results[i] == "PM") {						
						insertNewLine(results[i+1],results[i+2],results[i+3],results[i+4]); //inserts the new content into the page
					}
					else {
						insertNewLine(results[i+1],results[i+2],results[i+3],results[i+4]); //inserts the new content into the page
					}
				}
		    }
	    }
		//End segment
		setTimeout("chat()", waittime);
	}
}

function reset() {
	candie = 1;
	document.getElementById("errormsg").innerHTML = "";
	document.getElementById("errortd").style.display = "none";
	document.getElementById("enternamecontainer").style.display = "table";
	document.getElementById("chattable").style.display = "none";
	document.getElementById("nicklist").innerHTML = "";
	document.getElementById("chattable").innerHTML = "<tbody></tbody>";
	document.getElementById("m").disabled=true;
}

function handlenickcheck() {
	var nickbuffer = "";
	if (xmlHttp4.readyState == 4) {
		document.getElementById("loginbutton").disabled=false;
	    results = xmlHttp4.responseText;
	    if (results == "1") {
			document.getElementById("errormsg").innerHTML = "That nick is in use.";
			document.getElementById("errortd").style.display = "";
			document.getElementById("passtd").style.display = "none";
		}
		else if (results == "2") {
			document.getElementById("errormsg").innerHTML = "You are already logged in.";
			document.getElementById("errortd").style.display = "";
			document.getElementById("passtd").style.display = "none";
		}
		else if (results == "3") {
			document.getElementById("errormsg").innerHTML = "You are banned.";
			document.getElementById("errortd").style.display = "";
			document.getElementById("passtd").style.display = "none";
		}
		else if (results == "4") {
			document.getElementById("errormsg").innerHTML = "Invalid nick.";
			document.getElementById("errortd").style.display = "";
			document.getElementById("passtd").style.display = "none";
		}
		else if (results == "5") {
			document.getElementById("errormsg").innerHTML = "Swear-words not allowed in your nickname.";
			document.getElementById("errortd").style.display = "";
			document.getElementById("passtd").style.display = "none";
		}
		else if (results == "7") {
			document.getElementById("errormsg").innerHTML = "Wrong password.";
			document.getElementById("errortd").style.display = "";
			document.getElementById("passtd").style.display = "";
		}
		else if (results == "8") {
			document.getElementById("errormsg").innerHTML = "That username is registered, please provide a password.";
			document.getElementById("errortd").style.display = "";
			document.getElementById("passtd").style.display = "";
		}
		else if (results == "9") {
			document.getElementById("errormsg").innerHTML = "Invalid color.";
			document.getElementById("errortd").style.display = "";
		}
		else if (results == "10") {
			candie = 0;
			document.getElementById("enternamecontainer").style.display = "none";
			document.getElementById("chattable").style.display = "block";
			document.getElementById("m").disabled=false;
			//insertNewLine("System","name_red","Loading chat...");
			chat();
		}
	}
}

function insertNewLine(time,name,color,message) {
	
	var tbody = document.getElementById("chattable").getElementsByTagName("tbody")[0];
	var row = document.createElement("TR");
	var timecell = document.createElement("TD");

	var currentTime = new Date()
	var hours = currentTime.getHours()
	var minutes = currentTime.getMinutes()
	var seconds = currentTime.getSeconds()
	if (hours < 10)
	hours = "0" + hours
	if (minutes < 10)
	minutes = "0" + minutes
	if (seconds < 10)
	seconds = "0" + seconds
	
	time = hours + ":" + minutes + ":" + seconds
	
	timecell.innerHTML = "<span class='time'>" + time + "</span>";
	timecell.style.width = "1px";
	var cell1 = document.createElement("TD");
	cell1.innerHTML = "<span class='" + color + "'>" + name + "</span>";
	cell1.style.width = "1px";
	cell1.style.textAlign = "right";
	var cell2 = document.createElement("TD");
	cell2.innerHTML = "<div style='width:100%;overflow-x:hidden;'>" + message + "</div>";
	<? if ($timestamps) { ?>
		row.appendChild(timecell);
	<? } ?>
	row.appendChild(cell1);
	row.appendChild(cell2);
	tbody.appendChild(row);
	document.getElementById("chat").scrollTop = document.getElementById("chat").scrollHeight;
}

function GetXmlHttpObject() {
	var xmlHttp = null;
	try {
	  // Firefox, Opera 8.0+, Safari
	  xmlHttp = new XMLHttpRequest();
	}
	catch (e) {
		// Internet Explorer
		try {
			xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
		}
		catch (e) {
			xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
		}
	}
	return xmlHttp;
}

function floodcontrol() {
	flood = 1;
	setTimeout("flood = 0", 3000);
}

function addMsg() {
	msg = trim(document.getElementById("m").value);
	msg= "/msg " + otheruser + " " + msg;
	//alert(msg);
	if (msg == "") {
		return;
	}
	
	if (flood == 1) {
		insertNewLine("","System","name_red","You can only send one message every 3 seconds!")
		return;
	}
	
	history_lines.push(msg);
	history_now=-1;
	
	<? if ($floodcontrol) { ?>
	floodcontrol();
	<? } ?>
	
	//msg = msg.replace(/\+/g, '%2B');
	//msg = encodeURI(msg);
	
	document.getElementById("m").value = "";
	
	ajaxsend("chat.php?z=addmsg&m=" + msg);
	
}

function keyup(key) {
	
	if (key == 13) {		
		addMsg();
	}
}
function keydown(key) {
	
	if (history_now != -1 && key == 40) {
		if (history_now >= history_lines.length-1) document.getElementById('m').value='';
		else { history_now++; document.getElementById('m').value=history_lines[history_now]; }
	}
	else if (key == 38) {
		if (history_now == -1) {history_now=history_lines.length-1; document.getElementById('m').value=history_lines[history_now];}
		else if (history_now > 0) { history_now--; document.getElementById('m').value=history_lines[history_now]; }
	}
}

function addsmiley(smiley) {
	document.getElementById("m").value = document.getElementById("m").value + smiley;
}

function popuphelp() {
	var helpwindow = window.open('help.php','smilies','resizable=no,scrollbars=yes,width=350,height=400');
}

function activatechat() {	
	nick = document.getElementById("n").value;
	var dropdownIndex = document.getElementById('c').selectedIndex;
	color = document.getElementById('c')[dropdownIndex].value;
	pass = document.getElementById("t").value;
	
	if (nick == "") {
		alert("Please enter a nickname.");
		return;
	}
	if (color == "") {
		alert("Please select a color.");
		return;
	}
	
	ajaxchecknick();
}
</script>
	</body>
</html>

php page that access db and sends result back

<?
session_start();


//atoChat script
//Version: 0.5
//Author: atomiku (http://atomiku.com/)

include("config.php");
include("functions.php");
require("../../application/connect.php");
/*@mysql_connect($mysql_server,$mysql_username,$mysql_password)
or die("Couldnt connect to database, Make sure you have configured config.php correctly!");
@mysql_select_db($mysql_database)
or die("Couldn't select database!");*/


//Automagically block SQL injection crap:
if(get_magic_quotes_gpc()) { //Reverse the shit magic quotes does:
	foreach ($_GET as $key=>$get) {
		$_GET[$key] = stripslashes($get);
	}
}

foreach ($_GET as $key=>$get) {
	$_GET[$key] = mysql_real_escape_string($get);
}
//Woo! Someone isnt going to be exploited today!

//These headers are from XHTML live chat by alexander kohlhofer
//"Headers are sent to prevent browsers from caching.. IE is still resistent sometimes"
header( "Expires: Mon, 26 Jul 1997 05:00:00 GMT" ); 
header( "Last-Modified: " . gmdate( "D, d M Y H:i:s" ) . "GMT" ); 
header( "Cache-Control: no-cache, must-revalidate" ); 
header( "Pragma: no-cache" );
header("Content-Type: text/html; charset=utf-8");
header("Content-Type: text/html; charset=koi8-b");
header("Content-Type: text/html; charset=koi8-r");
header("Content-Type: text/html; charset=windows-1251");
header("Content-Type: text/html; charset=x-mac-cyrillic");
header("Content-Type: text/html; charset=iso-8859-5");
	
//Globals
//$ip = isset ( $_SERVER['X_FORWARDED_FOR'] ) ? $_SERVER['X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$ip=$_SESSION['MM_UserId'];

$breakchr = chr(1);
$z = $_GET["z"];

if ($z == "read") {
	$query = query("SELECT * FROM `chat_sessions` WHERE `ip`='$ip'");
	$sesdata = mysql_fetch_array($query);

	//Check for bans/kicks
	$query = query("select count(*) as howmany from `chat_bans` WHERE `ip`='$ip'");
	$row = mysql_fetch_array($query);
	$num = $row["howmany"];
	if ($num != 0) {
		$query = query("SELECT `expire` FROM `chat_bans` WHERE `ip`='$ip'"); //Check if there are any bans for this IP
		$row = mysql_fetch_array($query);
		if ($row['expire'] == "1337") { //If its a kick
			echo "PM" . $breakchr . "" . $breakchr . "<i>COMMAND</i>" . $breakchr . "name_red" . $breakchr . "KICK" . $breakchr;
			query("DELETE FROM `chat_bans` WHERE `ip`='$ip'");
			query("DELETE FROM `chat_sessions` WHERE `ip`='$ip'"); //Expunged!
			sendnicklist();
			die();
		}
		elseif ($row['expire'] != "") {
			echo "PM" . $breakchr . "" . $breakchr . "<i>COMMAND</i>" . $breakchr . "name_red" . $breakchr . "BAN" . $breakchr;
			query("DELETE FROM `chat_sessions` WHERE `ip`='$ip'"); //Expunged!
			sendnicklist();
			die();
		}
	}
	//Those fuckers are pwnt!
	
	$lastid = (int)$sesdata['lastid'];
	
	//Delete old sessions
	$query = query("select count(*) as howmany from `chat_sessions` WHERE `lastcheck` < " . (time() - 20));
	$row = mysql_fetch_array($query);
	$num = $row["howmany"];
	if ($num != 0) {
		$query = query("SELECT `name` FROM `chat_sessions` WHERE `lastcheck` < " . (time() - 20));
		$listchanged = false;
		while ($row = mysql_fetch_array($query)) {			
			//bottalk("{$row['name']} has quit.");
			$listchanged = true;
		}
		query("DELETE FROM `chat_sessions` WHERE `lastcheck` < " . (time() - 20));
		if ($listchanged) {
			//sendnicklist(); //Only send new nicklist if the nicklist has actually changed.
		}
	}
	//Woo, old sessions destroyed!

	//Keep the chat shit down to 50 entries
	$query = query("SELECT `id` FROM `chat` ORDER BY `id` DESC LIMIT 50,1");
	$row = mysql_fetch_array($query);
	query("DELETE FROM `chat` WHERE `id` < {$row['id']}");
	//Okay done!
	
	checkAuth($sesdata);
	
	query("UPDATE `chat_sessions` SET `lastcheck`='" . time() . "' WHERE `name`='{$sesdata['name']}'");
	
	if ($lastid == 0) {
		query("DELETE FROM `chat_pms` WHERE `target`='{$sesdata['name']}'"); //Delete old pms
		foreach ($motd as $motdline) {
			syspm($sesdata['name'],$motdline);
		}
		$query = query("SELECT `id` FROM `chat` ORDER BY `id` DESC LIMIT 0,1");
		$row = mysql_fetch_array($query);
		$id = $row['id'];
		query("UPDATE `chat_sessions` SET `lastid`='$id' WHERE `name`='{$sesdata['name']}'");
		sendnicklist();
	}
	else {
		$query = query("select count(*) as howmany from `chat` WHERE `id` > $lastid ORDER BY `id` ASC");
		$row = mysql_fetch_array($query);
		$num = $row["howmany"];
		if ($num != 0) {
			$query = query("SELECT * FROM `chat` WHERE `id` > $lastid ORDER BY `id` ASC");
			while ($row = mysql_fetch_array($query)) {
				$id = $row['id'];
				$name = $row['name'];
				$color = $row['color'];
				$message = $row['message'];
				
				$message = str_replace("\'", "'", $message);
				$message = str_replace("\\\"", "\"", $message);
				$sclass = getcolorclass($color);

				if ($row['rank'] == "6") {
					$name = $adminchar . $row['name'];
				}			
				elseif ($row['rank'] == "5") {
					$name = $modchar . $row['name'];
				}
				elseif ($row['rank'] == "1"){
					$name = $vipchar . $row['name'];
				}
				else {
					$name = $row['name'];
				}
				echo "$id" . $breakchr . "" . $breakchr . "$name" . $breakchr . "$sclass" . $breakchr . "$message" . $breakchr;
			}
			if (mysql_num_rows($query) != 0) {
				query("UPDATE `chat_sessions` SET `lastid`='$id' WHERE `name`='{$sesdata['name']}'");
			}
		}
	}
	
	//Get them the PMs
	$query = query("select count(*) as howmany from `chat_pms` WHERE `target`='{$sesdata['name']}' ORDER BY `time` ASC");
	$row = mysql_fetch_array($query);
	$num = $row["howmany"];
	if ($num != 0) {
		$query = query("SELECT * FROM `chat_pms` WHERE `target`='{$sesdata['name']}' ORDER BY `time` ASC");
		while ($row = mysql_fetch_array($query)) {
			$sclass = getcolorclass($row['color']);
			//$row['message'] = display($row['message']);
			echo "PM" . $breakchr . "" . $breakchr . "<i>{$row['name']}</i>" . $breakchr . $sclass . $breakchr . $row['message'] . $breakchr;
		}
		query("DELETE FROM `chat_pms` WHERE `target`='{$sesdata['name']}'");
		//PMs sent!
	}
}
elseif ($z == "addmsg") {
	$query = query("SELECT * FROM `chat_sessions` WHERE `ip`='$ip'");
	$sesdata = mysql_fetch_array($query);
	checkAuth($sesdata);
	if ($sesdata['muted'] == "1") die(); //If they are muted, dont let them add the message. This prevents the client from re-enabling his chatbox and trying to send messages.
	if ($floodcontrol) {
		if ($sesdata['lasttalk'] > (time() - 2)) die(); //Only let them have one message per 2 seconds. Flood control :)
	}
	$m = trim($_GET["m"]);
	
	if ($m == "") die();
	//$m = urldecode($m);
	if (strlen($m) > 150) die();
	//$m = fixmsg($m);
	//$m = display($m);
	
	if ($filterbad) {
		foreach($badwords as $key => $v) {
			$m = eregi_replace($v,str_repeat("*",strlen($v)),$m);
		}
	}
	
	$msplit = split(" ",$m);
	//Normal user commands
	if ($msplit[0] == "/help") {
		syspm($sesdata['name'],"[b]Help Menu[/b]");
		syspm($sesdata['name'],"/msg target message - Private messages someone");
		syspm($sesdata['name'],"/register password - Registers your nickname");
		syspm($sesdata['name'],"/info user - Tells you some info about user");
	}
	elseif ($msplit[0] == "/msg") { //msg a user
		if (!useronline($msplit[1])) {
			syspm($sesdata['name'],"The user you are trying to message has not logged in yet or has left please wait a moment and try again.");
		}
		else {
			$named=$sesdata['name'];
			$query = query("SELECT `first_name`,`client_ref` FROM `profile` WHERE `client_ref`={$ip}");
			$usr_name = mysql_fetch_array($query);		
			
				
			//privmsg($msplit[1],$sesdata['name'],$sesdata['color'],glue($msplit,2));
			privmsg($sesdata['name'],$usr_name['first_name'],$sesdata['color'],$msplit[2]);
			privmsg($msplit[1],$usr_name['first_name'],"1",$msplit[2]);
			$msgprv=glue($msplit,2);
			
			$time1=time();
			$old_time=$time1-600;
			$c_id=$_SESSION['MM_UserId'];
			$p_id=$_SESSION['p_id'];
			require("../../application/connect.php");
			//mysql_query("INSERT INTO chat_pms (name,target,message,time,timestamp) VALUES('$c_id','$p_id','$msplit[2]','$time1','$time1')");
			///mysql_query("INSERT INTO pms (c_id,p_id,message,time1) VALUES('$c_id','$p_id','$msgprv','$time1')");
			mysql_query("DELETE FROM pms WHERE time1<$old_time");
		}
	}
	elseif ($msplit[0] == "/register") { //msg a user
		if (userexists($sesdata['name'])) {
			syspm($sesdata['name'],"That nick is already registerd!");
		}
		elseif (trim($msplit[1]) == "") {
			syspm($sesdata['name'],"You must enter a password!");
		}
		elseif (preg_match('/[^\w\-]/', $msplit[1])) {
			syspm($sesdata['name'],"Invalid password! Passwords can only contain A-Z,0-9,- and _");
		}
		else {
			syspm($sesdata['name'],"Your nick has been registered!");
			query("INSERT INTO `chat_users` (`user`,`pass`,`rank`) VALUES('{$sesdata['name']}','{$msplit[1]}','1')");
			query("UPDATE `chat_sessions` SET `rank`='1' WHERE `name`='{$sesdata['name']}'");
			sendnicklist();
		}
	}
	elseif ($msplit[0] == "/info") { //Get information about a user
		if (!useronline($msplit[1])) {
			syspm($sesdata['name'],"That user is not online.");
		}
		else {
			$query = query("SELECT `ip`,`rank`,`lasttalk` FROM `chat_sessions` WHERE `name`='{$msplit[1]}'");
			$victim = mysql_fetch_array($query);
			syspm($sesdata['name'],"[b]Info about {$msplit[1]}:[/b]");
			if ($victim['rank'] == "6") syspm($sesdata['name'],"This user is an admin");
			if ($victim['rank'] == "5") syspm($sesdata['name'],"This user is an moderator");
			if ($victim['rank'] == "1") syspm($sesdata['name'],"This user is registered");
			if ($sesdata['rank'] >= 5) syspm($sesdata['name'],"User's IP: " . $victim['ip']); //Let admins/mods see people's ips
			if ($victim['lasttalk'] == 0) {
				syspm($sesdata['name'],"{$msplit[1]} has not spoke yet.");
			}
			else {
				syspm($sesdata['name'],"{$msplit[1]} last spoke " . get_date($victim['lasttalk']));
			}
			if ($victim['muted'] == "1") syspm($sesdata['name'],"User is currently muted");
		}
	}
	elseif ($sesdata['rank'] == 5 or $sesdata['rank'] == 6) { //Admin commands
		if ($msplit[0] == "/adminhelp") {
			syspm($sesdata['name'],"[b]Admin Help Menu[/b]");
			syspm($sesdata['name'],"/bottalk msg - Makes the system bot talk");
			syspm($sesdata['name'],"/kick user - Kicks a user");
			syspm($sesdata['name'],"/ban user <time> - Bans a user for <time> minutes");
			syspm($sesdata['name'],"/mute user - Stops a user from talking");
			syspm($sesdata['name'],"/unmute user - Allows the user to talk again");
			if ($sesdata['rank'] == 6) {
				syspm($sesdata['name'],"/addadmin user - Sets <user> to be a admin");
				syspm($sesdata['name'],"/addmod user - Sets <user> to be a moderator");
				syspm($sesdata['name'],"/rempriv user - Removes <user>'s admin/mod privileges");
				syspm($sesdata['name'],"/delreg user - Deletes <user>'s user registration");
			}
		}
		elseif ($msplit[0] == "/bottalk") { //system command, to make the bot talk
			bottalk(glue($msplit,1));
		}
		elseif ($msplit[0] == "/kick") {
			if (!useronline($msplit[1])) {
				syspm($sesdata['name'],"The user you are trying to kick does not exist.");
			}
			else {
				$query = query("SELECT `ip`,`rank` FROM `chat_sessions` WHERE `name`='{$msplit[1]}'");
				$victim = mysql_fetch_array($query);
				if (checkranks($victim['rank'],$sesdata['rank'])) {
					syspm($sesdata['name'],"You can not kick this user!");
				}
				else {
					bottalk("{$sesdata['name']} has kicked {$msplit[1]}.");
					query("INSERT INTO `chat_bans` (`ip`,`expire`) VALUES('{$victim['ip']}','1337')");
				}
			}
		}
		elseif ($msplit[0] == "/ban") {
			if (!useronline($msplit[1])) {
				syspm($sesdata['name'],"The user you are trying to ban does not exist.");
			}
			else {
				$query = query("SELECT `ip`,`rank` FROM `chat_sessions` WHERE `name`='{$msplit[1]}'");
				$victim = mysql_fetch_array($query);
				if (checkranks($victim['rank'],$sesdata['rank'])) {
					syspm($sesdata['name'],"You can not ban this user!");
				}
				else {
					bottalk("{$sesdata['name']} has banned {$msplit[1]}.");
					query("INSERT INTO `chat_bans` (`ip`,`expire`) VALUES('{$victim['ip']}','" . (time() + ((int)$msplit[2] * 60)) . "')");
				}
			}
		}
		elseif ($msplit[0] == "/mute") {
			if (!useronline($msplit[1])) {
				syspm($sesdata['name'],"The user you are trying to mute does not exist.");
			}
			else {
				$query = query("SELECT `ip`,`rank` FROM `chat_sessions` WHERE `name`='{$msplit[1]}'");
				$victim = mysql_fetch_array($query);
				if (checkranks($victim['rank'],$sesdata['rank'])) {
					syspm($sesdata['name'],"You can not ban this user!");
				}
				else {
					query("UPDATE `chat_sessions` SET `muted`='1' WHERE `ip`='{$victim['ip']}'");
					sendnicklist();
					bottalk("{$sesdata['name']} has muted {$msplit[1]}.");
					command($msplit[1],"MUTE");
				}
			}
		}
		elseif ($msplit[0] == "/unmute") {
			if (!useronline($msplit[1])) {
				syspm($sesdata['name'],"The user you are trying to unmute does not exist.");
			}
			else {
				$query = query("SELECT * FROM `chat_sessions` WHERE `name`='{$msplit[1]}'");
				$victim = mysql_fetch_array($query);
				query("UPDATE `chat_sessions` SET `muted`='0' WHERE `ip`='{$victim['ip']}'");
				sendnicklist();
				bottalk("{$sesdata['name']} has unmuted {$msplit[1]}.");
				command($msplit[1],"UNMUTE");
			}
		}
		elseif ($msplit[0] == "/addadmin") {
			if (!userexists($msplit[1])) {
				syspm($sesdata['name'],"The user you are trying to add does not exist.");
			}
			else {
				query("UPDATE `chat_users` SET `rank`='6' WHERE `user`='{$msplit[1]}'");
				query("UPDATE `chat_sessions` SET `rank`='6' WHERE `name`='{$msplit[1]}'");
				sendnicklist();
				syspm($sesdata['name'],"{$msplit[1]} has been added as an admin.");
			}
		}
		elseif ($msplit[0] == "/addmod") {
			if (!userexists($msplit[1])) {
				syspm($sesdata['name'],"The user you are trying to add does not exist.");
			}
			else {
				query("UPDATE `chat_users` SET `rank`='5' WHERE `user`='{$msplit[1]}'");
				query("UPDATE `chat_sessions` SET `rank`='5' WHERE `name`='{$msplit[1]}'");
				syspm($sesdata['name'],"{$msplit[1]} has been added as an mod.");
				sendnicklist();
			}
		}
		elseif ($msplit[0] == "/rempriv") {
			if (!userexists($msplit[1])) {
				syspm($sesdata['name'],"The user whose privileges you are trying to take does not exist.");
			}
			else {
				query("UPDATE `chat_users` SET `rank`='1' WHERE `user`='{$msplit[1]}'");
				query("UPDATE `chat_sessions` SET `rank`='1' WHERE `name`='{$msplit[1]}'");
				syspm($sesdata['name'],"{$msplit[1]}'s privileges have been removed.");
				sendnicklist();
			}
		}
		elseif ($msplit[0] == "/remuser") {
			if (!userexists($msplit[1])) {
				syspm($sesdata['name'],"The user you are trying to remove does not exist.");
			}
			else {
				query("DELETE FROM `chat_users` WHERE `user`='{$msplit[1]}'");
				query("UPDATE `chat_sessions` SET `rank`='0' WHERE `name`='{$msplit[1]}'");
				syspm($sesdata['name'],"{$msplit[1]} has been removed.");
				sendnicklist();
			}
		}
		else {
			query("INSERT INTO `chat` (`name`,`message`,`color`,`rank`,`time`) VALUES('{$sesdata['name']}','$m','{$sesdata['color']}','{$sesdata['rank']}','" . time() . "')");
			query("UPDATE `chat_sessions` SET `lasttalk`='" . time() . "' WHERE `ip`='$ip'");
		}
	}
	else {
		query("INSERT INTO `chat` (`name`,`message`,`color`,`time`,`rank`) VALUES('{$sesdata['name']}','$m','{$sesdata['color']}','" . time() . "','{$sesdata['rank']}')");
		query("UPDATE `chat_sessions` SET `lasttalk`='" . time() . "' WHERE `ip`='$ip'");
	}
}
elseif ($z == "endsession") {
	$query = query("select count(*) as howmany from `chat_sessions` WHERE `ip` = '$ip'");
	$row = mysql_fetch_array($query);
	$num = $row["howmany"];
	if ($num != 0) {
		$query = query("SELECT `name` FROM `chat_sessions` WHERE `ip` = '$ip'");
		$row = mysql_fetch_array($query);
		//bottalk("{$row['name']} has quit.");
		query("DELETE FROM `chat_sessions` WHERE `ip` = '$ip'");
		sendnicklist();
	}
}
elseif ($z == "checknick") {
	//Delete old sessions
	$query = query("SELECT `lastcheck`,`name` FROM `chat_sessions` WHERE `lastcheck` < " . (time() - 20));
	while ($row = mysql_fetch_array($query)) {
		//bottalk("{$row['name']} has quit.");
	}
	query("DELETE FROM `chat_sessions` WHERE `lastcheck` < " . (time() - 20));
	//Woo, old sessions destroyed!
	
	//Check for bans/kicks
	query("DELETE FROM `chat_bans` WHERE `expire` < " . (time()));
	$query = query("SELECT * FROM `chat_bans` WHERE `ip`='$ip'"); //Check if there are any bans for this IP
	$row = mysql_fetch_array($query);
	if ($row['expire'] != "") {
		die("3");
	}
	//Those fuckers are pwnt!

	$n = $_GET["n"];
	$c = $_GET["c"];
	$p = $_GET["p"];
	$_SESSION['p_id']=$_GET["o"];
	
	if (strlen($n) > $maxnickchars) die("4");
	if ($n == "") die("4");
	if (preg_match('/[^\w\-]/', $n)) die("4");
	
	if (!($c == "1" or $c == "2" or $c == "3" or $c == "4" or $c == "5")) die("9");	
	
	if (strtolower($n) == strtolower($botname)) { //Don't let them use the bot nick
		die("1");
	}
	
	if (strtolower($n) == "command") { //Don't let them use the command  nick
		die("1");
	}
	
	$query = query("select `name` from `chat_sessions` WHERE `ip` = '$ip'");
	$row = mysql_fetch_array($query);
	$num = mysql_num_rows($query);
	if ($num > 0) { //If we're already logged in, die.
		die("2");
	}
	
	if ($filterbad) {
		foreach ($badwords as $badword) {
			if(stristr($n, $badword) == TRUE) {
				die("5");
			}
		}
	}
	
	if (checkregged($n)) {
		if ($p == "") {
			die("8");
		}
		else {
			$rank = checkuserpass($n,$p);
			if ($rank == "0") {
				die("7");
			}
		}
	}
	
	$query = query("select `ip` from `chat_sessions` WHERE `name` = '$n'");
	$row = mysql_fetch_array($query);
	$num = mysql_num_rows($query);
	if ($num > 0) { //If someone is already using the name, and it isnt our IP, die.
		die("1");
	}
	
	query("INSERT INTO `chat_sessions` (`ip`,`name`,`lastcheck`,`color`,`rank`) VALUES('$ip','$n','" . time() . "','$c','$rank')");
	//bottalk("$n has joined");
	sendnicklist();
	die ("10");
}
?>

the returned message is sent back from the php page in the section that is commented "Get them the PM's"
with the return code being

echo "PM" . $breakchr . "" . $breakchr . "<i>{$row['name']}</i>" . $breakchr . $sclass . $breakchr . $row['message'] . $breakchr;

the message typed in russian is still in the russian charset in the db, but because the page does not have the correct headers declared the text is sent back in jumbled characters

Edited by barryw33 because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.