1 <?php |
|
2 |
|
3 /** |
|
4 * AjIM - the Asynchronous Javascript Instant Messenger |
|
5 * A shoutbox/chatbox framework that uses PHP, AJAX, MySQL, and Javascript |
|
6 * Version: 1.0 RC 1 |
|
7 * Copyright (C) 2006-2007 Dan Fuhry |
|
8 * |
|
9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
11 * |
|
12 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
13 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
14 */ |
|
15 |
|
16 error_reporting(E_ALL); |
|
17 class ajim { |
|
18 var $table_prefix, $conn, $id, $admin, $iface, $prune, $formatfunc, $config, $bad_words; |
|
19 /** |
|
20 * Die and be friendly about it. |
|
21 * @param string $text - should be the text to show to the user, include mysql_error() value if applicable |
|
22 */ |
|
23 function kill($text) { |
|
24 die('AjIM: Database error<br />'.$text); |
|
25 } |
|
26 /** |
|
27 * Make a SQL query. This function contains some error correction that performs automatic database upgrades if needed. |
|
28 * @param string $q - The query text to send to MySQL. |
|
29 * @return resource - or, kills the connection and bails out if the query failed |
|
30 */ |
|
31 function sql($q) { |
|
32 $r = mysql_query($q, $this->conn); |
|
33 if(!$r) |
|
34 { |
|
35 if(strstr(mysql_error(), 'Unknown column \'time_id\'')) |
|
36 { |
|
37 $this->sql('ALTER TABLE '.$this->table_prefix.'ajim ADD COLUMN time_id int(11) NOT NULL DEFAULT 0;'); |
|
38 $r = mysql_query($q, $this->conn); |
|
39 } |
|
40 elseif(strstr(mysql_error(), 'Unknown column \'sid\'')) |
|
41 { |
|
42 $this->sql('ALTER TABLE '.$this->table_prefix.'ajim ADD COLUMN sid varchar(40) NOT NULL DEFAULT \'\';'); |
|
43 $r = mysql_query($q, $this->conn); |
|
44 } |
|
45 elseif(strstr(mysql_error(), 'Unknown column \'ip_addr\'')) |
|
46 { |
|
47 $this->sql('ALTER TABLE '.$this->table_prefix.'ajim ADD COLUMN ip_addr varchar(15) NOT NULL DEFAULT \'\';'); |
|
48 $r = mysql_query($q, $this->conn); |
|
49 } |
|
50 $this->kill('Error during query:<br /><pre>'.htmlspecialchars($q).'</pre><br />MySQL said: '.mysql_error().'<br /><br />Depending on the error, AjIM may be able to automatically repair it. Just hang tight for about ten seconds. Whatever you do, don\'t close this browser window!'); |
|
51 } |
|
52 return $r; |
|
53 } |
|
54 /** |
|
55 * Get the user's SID (unique ID used for editing authorization) or generate a new one. |
|
56 * @return string |
|
57 */ |
|
58 function get_sid() |
|
59 { |
|
60 // Tag the user with a unique ID that can be used to edit posts |
|
61 // This is used to essentially track users, but only for the purpose of letting them edit posts |
|
62 if(!isset($_COOKIE['ajim_sid'])) |
|
63 { |
|
64 $hash = sha1(microtime()); |
|
65 setcookie('ajim_sid', $hash, time()+60*60*24*365); // Cookies last for one year |
|
66 } |
|
67 else |
|
68 $hash = $_COOKIE['ajim_sid']; |
|
69 |
|
70 return $hash; |
|
71 } |
|
72 /** |
|
73 * Set the default value for a configuration field. |
|
74 * @param string $key - name of the configuration key |
|
75 * @param string $value - the default value |
|
76 * @param array $confarray - needs to be the array passed as the first param on the constructor |
|
77 */ |
|
78 function config_default($key, $value, &$confarray) |
|
79 { |
|
80 if(!isset($confarray[$key])) |
|
81 $confarray[$key] = $value; |
|
82 } |
|
83 /** |
|
84 * Set up some basic vars and a database connection |
|
85 * @param array $config - a configuration array, with either the key db_connection_handle (a valid MySQL connection resource) or the keys dbhost, dbname, dbuser, and dbpass |
|
86 * @param string $table_prefix - the text prepended to the "ajim" table, should match ^([A-z0-9_]+)$ |
|
87 * @param string $handler - URL to the backend script, for example in Enano this would be the plugin file plugins/ajim.php |
|
88 * @param string $admin - string containing the MD5 hash of the user's password, IF AND ONLY IF the user should be allowed to use the moderation function. In all other cases this should be false. |
|
89 * @param string $id - used to carry over the randomly generated instance ID between requests. Should be false if the class is being initialized for displaying the inital HTML, in all other cases should be the value of the class variable AjIM::$id |
|
90 * @param bool $can_post - true if the user is allowed to post, false otherwise. Defaults to true. |
|
91 * @param mixed $formatfunc - a string containing the name of a function that can be called to format text before posts are sent to the user. If you need to call a class method, this should be an array with key 0 being the class name and key 1 being the method name. |
|
92 */ |
|
93 function __construct($config, $table_prefix, $handler, $admin = false, $id = false, $can_post = true, $formatfunc = false) { |
|
94 // CONFIGURATION |
|
95 // $this->prune: a limit on the number of posts in the chat box. Usually this should be set to 40 or 50. Default is 40. |
|
96 // Set to -1 to disable pruning. |
|
97 $this->prune = -1; |
|
98 |
|
99 $this->get_sid(); |
|
100 |
|
101 if(!is_array($config)) |
|
102 $this->kill('$config passed to the AjIM constructor should be an associative array with either the keys dbhost, dbname, dbuser, and dbpass, or the key db_connection_handle.'); |
|
103 if(isset($config['db_connection_handle'])) |
|
104 { |
|
105 if(!is_resource($config['db_connection_handle'])) $this->kill('$config[\'db_connection_handle\'] is not a valid resource'); |
|
106 $this->conn = $config['db_connection_handle']; |
|
107 if(!$this->conn) $this->kill('Error verifying database connection: '.mysql_error()); |
|
108 } elseif(isset($config['dbhost']) && isset($config['dbname']) && isset($config['dbuser']) && isset($config['dbpass'])) { |
|
109 $this->conn = mysql_connect($config['dbhost'], $config['dbuser'], $config['dbpass']); |
|
110 if(!$this->conn) $this->kill('Error connecting to the database: '.mysql_error()); |
|
111 $this->sql('USE '.$config['dbname']); |
|
112 } |
|
113 |
|
114 $this->bad_words = Array('viagra', 'phentermine', 'pharma', 'rolex', 'genital', 'penis', 'ranitidine', 'prozac', 'acetaminophen', 'acyclovir', 'ionamin', 'denavir', 'nizoral', 'zoloft', 'estradiol', 'didrex', 'aciphex', 'seasonale', 'allegra', 'lexapro', 'famvir', 'propecia', 'nasacort'); |
|
115 if(isset($config['bad_words']) && is_array($config['bad_words'])) |
|
116 { |
|
117 $this->bad_words = array_values(array_merge($this->bad_words, $config['bad_words'])); |
|
118 } |
|
119 |
|
120 // Don't change these values here - change them by passing values to the config array in this constructor's params! |
|
121 $this->config_default('sb_color_background', '#FFFFFF', $config); |
|
122 $this->config_default('sb_color_foreground', '#000000', $config); |
|
123 $this->config_default('sb_color_editlink', '#00C000', $config); |
|
124 $this->config_default('sb_color_deletelink', '#FF0000', $config); |
|
125 $this->config_default('sb_color_userlink', '#0000FF', $config); |
|
126 |
|
127 $this->config = $config; |
|
128 |
|
129 if($id) $this->id = $id; |
|
130 else $this->id = 'ajim_'.time(); |
|
131 $this->admin = $admin; |
|
132 $this->formatfunc = $formatfunc; |
|
133 $this->can_post = $can_post; |
|
134 $this->table_prefix = $table_prefix; |
|
135 $this->sql('CREATE TABLE IF NOT EXISTS '.$this->table_prefix.'ajim( |
|
136 post_id mediumint(8) NOT NULL auto_increment, |
|
137 name text, |
|
138 website text, |
|
139 post text, |
|
140 time_id int(11) NOT NULL DEFAULT 0, |
|
141 PRIMARY KEY ( post_id ) |
|
142 );'); |
|
143 $this->iface = $handler; |
|
144 if(isset($_GET['ajimmode'])) $this->handler(); |
|
145 } |
|
146 /** |
|
147 * A dummy function used for PHP4 compatibility. |
|
148 * @see AjIM::__construct() |
|
149 */ |
|
150 function ajim($config, $table_prefix, $handler, $admin = false, $id = false, $can_post = true, $formatfunc = false) { |
|
151 $this->__construct($config, $table_prefix, $handler, $admin, $id, $can_post, $formatfunc); |
|
152 } |
|
153 /** |
|
154 * Generates the initial HTML UI to be sent to the user, used internally. |
|
155 * @access private |
|
156 * @param string $ajimPath - path to the AjIM connector (not this file), relative to document root, with initial slash. |
|
157 */ |
|
158 function html($ajimPath) { |
|
159 |
|
160 $enstr = $this->can_post ? '' : ' disabled="disabled"'; |
|
161 $html = ''; |
|
162 $html .= '<script type="text/javascript" src="'.$ajimPath.'/ajim.php?js&id='.$this->id.'&path='.urlencode($this->iface).'&pfx='.$this->table_prefix.'"></script>'; |
|
163 if($this->admin) { |
|
164 $html.= '<script type="text/javascript" src="'.$ajimPath.'/ajim.php?jsadmin&id='.$this->id.'&path='.urlencode($this->iface).'&pfx='.$this->table_prefix.'"></script>'; |
|
165 } |
|
166 $html .= '<div id="'.$this->id.'_master" style="padding: 5%; width: 90%;"> |
|
167 <div id="'.$this->id.'_c" style="text-align: center; color: '.$this->config['sb_color_foreground'].'; |
|
168 font-family: arial, sans-serif; font-size: 7pt; background-color: '.$this->config['sb_color_background'].'; |
|
169 text-align: left; border: 1px solid #000000; border-bottom: none; margin-bottom: 0; padding: 5%; width: 90%; |
|
170 height: 200px; clip: rect(0px,auto,200px,0px); overflow: auto;"><noscript><p>You need to have JavaScript support to use this shoutbox.</p></noscript></div>'; |
|
171 // This is the post form div |
|
172 if($this->can_post) |
|
173 { |
|
174 $html .= '<div style="font-family: arial; font-size: 7pt; margin-top: 0; border: 1px solid #000000; border-top-width: 0; width: 100%;"> |
|
175 <form action="#" onsubmit="'.$this->id.'_form(); return false;" method="get"> |
|
176 <table border="0" style="margin: 0; padding: 0; width: 90%;"> |
|
177 <tr><td><span style="font-family: arial; font-size: 7pt; ">Name:</span></td> <td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_name" name="name"'.$enstr.' /></td></tr> |
|
178 <tr><td><span style="font-family: arial; font-size: 7pt; ">Website:</span></td><td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_website" name="website"'.$enstr.' /></td></tr> |
|
179 <tr><td colspan="2"><span style="font-family: arial; font-size: 7pt; ">Message:</span></td></tr> |
|
180 <tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post" onkeyup="'.$this->id.'_keyhandler();"></textarea></td></tr> |
|
181 <tr><td colspan="2" align="center"><input'.$enstr.' type="submit" value="Submit post" /><br /> |
|
182 <span style="font-family: arial; font-size: 6pt; color: #000000;">AjIM powered</span></td></tr> |
|
183 '; |
|
184 $html .= '</table> |
|
185 </form>'; |
|
186 if($this->admin) { |
|
187 $html .= '<table border="0" style="margin: 0; padding: 0; width: 90%;" align="center"><tr><td colspan="2" align="center"><span id="'.$this->id.'_admin"><a href="#" onclick="'.$this->id.'_prompt(); return false;">Administration</a></span></td></tr></table>'; |
|
188 } |
|
189 $html.='</div></div>'; |
|
190 } else { |
|
191 $html .= '<div style="font-family: arial; font-size: 7pt; margin: 5px; margin-top: 0; border: 1px solid #000000; border-top: none;">'; |
|
192 if(isset($this->config['cant_post_notice'])) { |
|
193 $html .= '<div style="margin: 0; padding: 5px;">'.$this->config['cant_post_notice'].'</div>'; |
|
194 } |
|
195 $html .= '</div></div>'; |
|
196 } |
|
197 $html.='<script type="text/javascript"> |
|
198 document.getElementById(\''.$this->id.'_c\').innerHTML = unescape(\'%3Cdiv align="center" style="width:95%;"%3EInitializing...%3C\/div%3E\');'; |
|
199 if($this->can_post) $html .= 'if('.$this->id.'readCookie("ajim_password") && ( typeof "'.$this->id.'_login_bin" == "string" || typeof "'.$this->id.'_login_bin" == "function" )) { |
|
200 '.$this->id.'_login_bin('.$this->id.'readCookie("ajim_password")); |
|
201 } |
|
202 if('.$this->id.'readCookie("ajim_name")) document.getElementById("'.$this->id.'_name").value = '.$this->id.'readCookie("ajim_name"); |
|
203 if('.$this->id.'readCookie("ajim_website")) document.getElementById("'.$this->id.'_website").value = '.$this->id.'readCookie("ajim_website");'; |
|
204 $html .= ''.$this->id.'_refresh(); |
|
205 </script>'; |
|
206 |
|
207 return $html; |
|
208 } |
|
209 /** |
|
210 * Kills the database connection |
|
211 */ |
|
212 function destroy() { |
|
213 mysql_close($this->conn); |
|
214 } |
|
215 /** |
|
216 * Strips all traces of HTML, XML, and PHP from text, and prepares it for being inserted into a MySQL database. |
|
217 * @access private |
|
218 * @param string $text - the text to sanitize |
|
219 * @return string |
|
220 */ |
|
221 function sanitize($text) { |
|
222 $text = rawurldecode($text); |
|
223 $text = preg_replace('#<(.*?)>#is', '<\\1>', $text); |
|
224 $text = str_replace("\n", '<br />', $text); |
|
225 $text = mysql_real_escape_string($text); |
|
226 return $text; |
|
227 } |
|
228 /** |
|
229 * Scrutinizes a string $text for any traces of the word $word, returns true if the text is clean. |
|
230 * For example, if $word is "viagra" and the text contains "\/|@6r/\" this returns false, else you would get true. |
|
231 * @access private |
|
232 * @param string $text - the text to check |
|
233 * @param string $word - word to look for. |
|
234 * @return bool |
|
235 */ |
|
236 function spamcheck($text, $word) |
|
237 { |
|
238 // build an array, with each key containing one letter (equiv. to str_split() in PHP 5) |
|
239 $chars = Array(); |
|
240 for($i=0;$i<strlen($word);$i++) |
|
241 { |
|
242 $chars[] = substr($word, $i, 1); |
|
243 } |
|
244 // This is our rule list - all the known substitutions for a given letter (e.g. "\/" in place of "V", etc.), needs to be escaped for regex use |
|
245 $subs = Array( |
|
246 'a'=>'a|\/\\\\|@', |
|
247 'b'=>'b|\|o', |
|
248 'c'=>'c|\(|', |
|
249 'd'=>'d|o\|', |
|
250 'e'=>'e|3', |
|
251 'f'=>'f', |
|
252 'g'=>'g|6|9', |
|
253 'h'=>'h|\|n', |
|
254 'i'=>'i|\!|1|\|', |
|
255 'j'=>'j|\!|1|\|', |
|
256 'k'=>'k|\|<|\|<', |
|
257 'l'=>'l|\!|1|\|', |
|
258 'm'=>'m|nn|rn', |
|
259 'n'=>'n|h|u\\|\\\\\|', |
|
260 'o'=>'o|\(\)|0|@', |
|
261 'p'=>'p', |
|
262 'q'=>'q', |
|
263 'r'=>'r|\|\^', |
|
264 's'=>'s', |
|
265 't'=>'t|\+', |
|
266 'u'=>'u|n', |
|
267 'v'=>'v|\\\\\/', // "\/" |
|
268 'w'=>'w|vv|\\\\\/\\\\\/', // allows for "\/\/" |
|
269 'x'=>'x|><|><|><|><', |
|
270 'y'=>'y', |
|
271 'z'=>'z|\|\\\\\|' // |\| |
|
272 ); |
|
273 $regex = '#([\s]){0,1}'; |
|
274 foreach($chars as $c) |
|
275 { |
|
276 $lc = strtolower($c); |
|
277 if(isset($subs[$lc])) |
|
278 { |
|
279 $regex .= '('.$subs[$lc].')'; |
|
280 } else { |
|
281 die('0 $subs['.$lc.'] is not set'); |
|
282 $regex .= preg_quote($c); |
|
283 } |
|
284 $regex .= '(.|)'; |
|
285 } |
|
286 $regex .= '([\s]){0,1}#is'; |
|
287 //echo($word.': '.$regex.'<br />'); |
|
288 if(preg_match($regex, $text)) return false; |
|
289 return true; |
|
290 } |
|
291 /** |
|
292 * Processes AJAX requests. Usually called if $_GET['ajimmode'] is set. |
|
293 * @access private |
|
294 */ |
|
295 function handler() { |
|
296 if(isset($_GET['ajimmode'])) { |
|
297 switch($_GET['ajimmode']) { |
|
298 default: |
|
299 die(''); |
|
300 break; |
|
301 case 'getsource': |
|
302 case 'getpost': |
|
303 if(!preg_match('#^([0-9]+)$#', $_GET['p'])) die('SQL injection attempt'); |
|
304 $q = $this->sql('SELECT post,sid,ip_addr FROM '.$this->table_prefix.'ajim WHERE post_id='.$_GET['p']); |
|
305 $r = mysql_fetch_assoc($q); |
|
306 if( ( ( isset($_GET['ajim_auth']) && (!$this->admin || ($this->admin != $_GET['ajim_auth']) ) ) || !isset($_GET['ajim_auth']) ) && ( $this->get_sid() != $r['sid'] || $_SERVER['REMOTE_ADDR'] != $r['ip_addr'] ) ) die('Hacking attempt'); |
|
307 if($_GET['ajimmode']=='getpost') |
|
308 if($this->formatfunc) |
|
309 { |
|
310 $p = @call_user_func($this->formatfunc, $r['post']); |
|
311 if($p) $r['post'] = $p; |
|
312 unset($p); // Free some memory |
|
313 } |
|
314 echo $r['post']; |
|
315 break; |
|
316 case "savepost": |
|
317 if(!preg_match('#^([0-9]+)$#', $_POST['p'])) die('SQL injection attempt'); |
|
318 $q = $this->sql('SELECT sid,ip_addr FROM '.$this->table_prefix.'ajim WHERE post_id='.$_POST['p']); |
|
319 $r = mysql_fetch_assoc($q); |
|
320 if( ( ( isset($_POST['ajim_auth']) && (!$this->admin || ($this->admin != $_POST['ajim_auth']) ) ) || !isset($_POST['ajim_auth']) ) && ( $this->get_sid() != $r['sid'] || $_SERVER['REMOTE_ADDR'] != $r['ip_addr'] ) ) die('Hacking attempt'); |
|
321 $post = $this->sanitize($_POST['post']); |
|
322 $post = $this->make_clickable($post); |
|
323 $post = preg_replace('#_(.*?)_#is', '<i>\\1</i>', $post); |
|
324 $post = preg_replace('#\*(.*?)\*#is', '<b>\\1</b>', $post); |
|
325 $bad_words = Array('viagra', 'phentermine', 'pharma'); |
|
326 foreach($bad_words as $w) |
|
327 { |
|
328 if(!$this->spamcheck($post, $w)) die('<span style="color: red">The word "'.$w.'" has been detected in your message and as a result your post has been blocked.</span> Don\'t argue, that will only get you banned.'); |
|
329 } |
|
330 if(!$this->can_post) die('Access to posting messages has been denied because the administrator has set that you must be logged into this website in order to post.'); |
|
331 |
|
332 $this->sql('UPDATE '.$this->table_prefix.'ajim SET post=\''.$post.'\' WHERE post_id='.$_POST['p'].';'); |
|
333 |
|
334 if($this->formatfunc) |
|
335 { |
|
336 $p = @call_user_func($this->formatfunc, $post); |
|
337 if($p) $post = $p; |
|
338 unset($p); // Free some memory |
|
339 } |
|
340 die($post); |
|
341 break; |
|
342 case 'delete': |
|
343 if(!preg_match('#^([0-9]+)$#', $_POST['p'])) die('SQL injection attempt'); |
|
344 $q = $this->sql('SELECT sid,ip_addr FROM '.$this->table_prefix.'ajim WHERE post_id='.$_POST['p']); |
|
345 $r = mysql_fetch_assoc($q); |
|
346 if( ( ( isset($_POST['ajim_auth']) && (!$this->admin || ($this->admin != $_POST['ajim_auth']) ) ) || !isset($_POST['ajim_auth']) ) && ( $this->get_sid() != $r['sid'] || $_SERVER['REMOTE_ADDR'] != $r['ip_addr'] ) ) die('Hacking attempt'); |
|
347 $this->sql('DELETE FROM '.$this->table_prefix.'ajim WHERE post_id='.$_POST['p']); |
|
348 die('good'); |
|
349 break; |
|
350 case 'post': |
|
351 if(!preg_match('#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)$#is', $_POST['website'])) $_POST['website']=''; |
|
352 // Now for a clever anti-spam trick: blacklist the words "viagra" and "phentermine" using one wicked regex: |
|
353 // #([\s]){1}(v|\\\\\/)(.*){1}(i|\||l|1)(.*){1}(a|@|\/\\\\)(.*){1}(g|6)(.*){1}r(.*){1}(a|@|\/\\\\)(\s){1}#is |
|
354 $name = $this->sanitize($_POST['name']); |
|
355 $website = $this->sanitize($_POST['website']); |
|
356 $post = $this->sanitize($_POST['post']); |
|
357 foreach($this->bad_words as $w) |
|
358 { |
|
359 if(!$this->spamcheck($post, $w)) die('<span style="color: red">The word "'.$w.'" has been detected in your message and as a result your post has been blocked.</span> Don\'t argue, that will only get you banned.'); |
|
360 } |
|
361 $post = $this->make_clickable($post); |
|
362 $post = preg_replace('#_(.*?)_#is', '<i>\\1</i>', $post); |
|
363 $post = preg_replace('#\*(.*?)\*#is', '<b>\\1</b>', $post); |
|
364 if(!$this->can_post) die('Access to posting messages has been denied because the administrator has set that you must be logged into this website in order to post.'); |
|
365 $this->sql('INSERT INTO '.$this->table_prefix.'ajim ( name, website, post, time_id, sid, ip_addr ) VALUES(\''.$name.'\', \''.$website.'\', \''.$post.'\', '.time().', \''.mysql_real_escape_string($this->get_sid()).'\', \''.mysql_real_escape_string($_SERVER['REMOTE_ADDR']).'\');'); |
|
366 case 'view': |
|
367 // if(isset($_GET['ajim_auth'])) |
|
368 // die('Auth: '.$_GET['ajim_auth']); // .'<br />Pw: '.$this->admin); |
|
369 if(isset($_GET['latest']) && ( isset($this->config['allow_looping']) && $this->config['allow_looping'] == true )) |
|
370 { |
|
371 // Determine max execution time |
|
372 $max_exec = intval(@ini_get('max_execution_time')); |
|
373 if(!$max_exec) $max_exec = 30; |
|
374 $time_left = $max_exec - 1; |
|
375 } |
|
376 $q = $this->sql('SELECT name, website, post, post_id, time_id, sid, ip_addr FROM '.$this->table_prefix.'ajim ORDER BY post_id;'); |
|
377 if(mysql_num_rows($q) < 1) echo '0 <span style="color: #666666">No posts.</span>'; |
|
378 else { |
|
379 // Prune the table |
|
380 if($this->prune > 0) { |
|
381 $nr = mysql_num_rows($q); |
|
382 $nr = $nr - $this->prune; |
|
383 if($nr > 0) $this->sql('DELETE FROM '.$this->table_prefix.'ajim LIMIT '.$nr.';'); |
|
384 } |
|
385 // Alright, what we want to do here is grab the entire table, load it into an array, and then display the posts in reverse order. |
|
386 for($i = 1; $i<=mysql_num_rows($q); $i++) { |
|
387 $t[$i] = mysql_fetch_object($q); |
|
388 } |
|
389 |
|
390 $s = sizeof($t); |
|
391 |
|
392 if(isset($_GET['latest']) && ( isset($this->config['allow_looping']) && $this->config['allow_looping'] == true )) |
|
393 { |
|
394 // When I was coding this, I immediately thought "use labels and goto!" Here's hoping, PHP6 :-) |
|
395 $latest_from_user = intval($_GET['latest']); |
|
396 $latest_from_db = intval($t[$s]->time_id); |
|
397 while(true) |
|
398 { |
|
399 if($latest_from_user == $latest_from_db && $time_left > 5) |
|
400 { |
|
401 $time_left = $time_left - 5; |
|
402 sleep(5); |
|
403 mysql_free_result($q); |
|
404 $q = $this->sql('SELECT name, website, post, post_id, time_id, sid, ip_addr FROM '.$this->table_prefix.'ajim ORDER BY post_id;'); |
|
405 $t = Array(); |
|
406 for($i = 1; $i<=mysql_num_rows($q); $i++) { |
|
407 $t[$i] = mysql_fetch_object($q); |
|
408 } |
|
409 $s = sizeof($t); |
|
410 $latest_from_user = intval($_GET['latest']); |
|
411 $latest_from_db = intval($t[$s]->time_id); |
|
412 //echo (string)$latest_from_db.'<br />'; |
|
413 //flush(); |
|
414 //exit; |
|
415 if($latest_from_user != $latest_from_db) |
|
416 break; |
|
417 continue; |
|
418 } |
|
419 elseif($latest_from_user == $latest_from_db && $time_left < 5) |
|
420 { |
|
421 die('[E] No new posts'); |
|
422 } |
|
423 break; |
|
424 } |
|
425 } |
|
426 |
|
427 echo $t[$s]->time_id . ' '; |
|
428 |
|
429 // This is my favorite array trick - it baffles everyone who looks at it :-D |
|
430 // What it does is the same as for($i=0;$i<sizeof($t);$i++), but it processes the |
|
431 // array in reverse order. |
|
432 |
|
433 for($i = $s; $i > 0; $i--) { |
|
434 if($this->formatfunc) |
|
435 { |
|
436 $p = @call_user_func($this->formatfunc, $t[$i]->post); |
|
437 if($p) $t[$i]->post = $p; |
|
438 unset($p); // Free some memory |
|
439 $good_tags = Array('b', 'i', 'u', 'br'); |
|
440 $gt = implode('|', $good_tags); |
|
441 |
|
442 // Override any modifications that may have been made to the HTML |
|
443 $t[$i]->post = preg_replace('#<('.$gt.')>([^.]+)</\\1>#is', '<\\1>\\2</\\1>', $t[$i]->post); |
|
444 $t[$i]->post = preg_replace('#<('.$gt.')([ ]*?)/>#is', '<\\1 />', $t[$i]->post); |
|
445 $t[$i]->post = preg_replace('#<('.$gt.')>#is', '<\\1 />', $t[$i]->post); |
|
446 } |
|
447 echo '<div style="border-bottom: 1px solid #BBB; width: 98%;"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr><td><span style="font-weight: bold">'; |
|
448 if($t[$i]->website != '') echo '<a href="'.$t[$i]->website.'" style="color: #0000FF">'.$t[$i]->name.'</a>'; |
|
449 else echo ''.$t[$i]->name.''; |
|
450 echo '</span> '; |
|
451 if( $this->can_post && ($t[$i]->sid == $this->get_sid() && $t[$i]->ip_addr == $_SERVER['REMOTE_ADDR'] ) || ( isset($_GET['ajim_auth']) && $_GET['ajim_auth']==$this->admin ) ) |
|
452 echo '</td><td style="text-align: right"><a href="#" onclick="void('.$this->id.'_delete_post(\''.$t[$i]->post_id.'\')); return false;" style="color: '.$this->config['sb_color_deletelink'].'">Delete</a> <a href="javascript:void('.$this->id.'_edit_post(\''.$t[$i]->post_id.'\'));" id="'.$this->id.'_editbtn_'.$t[$i]->post_id.'" style="color: '.$this->config['sb_color_editlink'].'">Edit</a>'; |
|
453 echo '</td></tr></table><span style="color: #CCC; font-style: italic;">Posted on '.date('n/j, g:ia', $t[$i]->time_id).'</span></div>'; |
|
454 echo '<div style="border-bottom: 1px solid #CCC; width: 98%;" id="'.$this->id.'_post_'.$t[$i]->post_id.'">'.$t[$i]->post.'</div>'; |
|
455 echo '<br />'; |
|
456 } |
|
457 } |
|
458 break; |
|
459 case 'auth': |
|
460 if($_POST['ajim_auth']==$this->admin) echo 'good'; |
|
461 else echo 'The password you entered is invalid.'; |
|
462 break; |
|
463 } |
|
464 } |
|
465 } |
|
466 |
|
467 /** |
|
468 * Replace URLs within a block of text with anchors |
|
469 * Written by Nathan Codding, copyright (C) phpBB Group |
|
470 * @param string $text - the text to process |
|
471 * @return string |
|
472 */ |
|
473 function make_clickable($text) |
|
474 { |
|
475 $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); |
|
476 $ret = ' ' . $text; |
|
477 $ret = preg_replace('#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '\\1<a href="\\2" target="_blank">\\2</a>', $ret); |
|
478 $ret = preg_replace("#(^|[\ n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", '\\1<a href="http://\\2" target="_blank">\\2</a>', $ret); |
|
479 $ret = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", '\\1<a href="mailto:\\2@\\3">\\2@\\3</a>', $ret); |
|
480 $ret = substr($ret, 1); |
|
481 return($ret); |
|
482 } |
|
483 } |
|
484 |
|
485 // The client-side javascript and CSS code |
|
486 |
|
487 if(isset($_GET['js']) && isset($_GET['id']) && isset($_GET['path']) && isset($_GET['pfx'])) { |
|
488 header('Content-type: text/javascript'); |
|
489 ?> |
|
490 // <script> |
|
491 var <?php echo $_GET['id']; ?>id='<?php echo $_GET['id']; ?>'; |
|
492 var path='<?php echo $_GET['path']; ?>'; |
|
493 var pfx='<?php echo $_GET['pfx']; ?>'; |
|
494 var authed = false; // Don't even try to hack this var; it contains the MD5 of the password that *you* enter, setting it to true will just botch up all the requests |
|
495 // authed is always set to false unless your password has been verified by the server, and it is sent to the server with every request. |
|
496 var shift; |
|
497 var <?php echo $_GET['id']; ?>editlist = new Array(); |
|
498 var <?php echo $_GET['id']; ?>_latestpost = 0; |
|
499 var <?php echo $_GET['id']; ?>_allowrequest = true; |
|
500 |
|
501 var <?php echo $_GET['id']; ?>_refcount = 0; |
|
502 var <?php echo $_GET['id']; ?>_refcount_current = 0; |
|
503 |
|
504 var <?php echo $_GET['id']; ?>interval = setInterval('<?php echo $_GET['id']; ?>_refresh();', 5000); |
|
505 var ajim_editlevels = 0; |
|
506 |
|
507 // Add the AjIM stylesheet to the HTML header |
|
508 var link = document.createElement('link'); |
|
509 link.href = path+'?title=null&css&id='+<?php echo $_GET['id']; ?>id+'&path='+path+'&pfx='+pfx+'&ajimmode='; |
|
510 link.rel = 'stylesheet'; |
|
511 link.type = 'text/css'; |
|
512 var head = document.getElementsByTagName('head'); |
|
513 head = head[0]; |
|
514 head.appendChild(link); |
|
515 |
|
516 if(typeof window.onload == 'function') |
|
517 var __ajim_oltemp = window.onload; |
|
518 else |
|
519 var __ajim_oltemp = function(e) { }; |
|
520 window.onload = function(e) |
|
521 { |
|
522 if(document.getElementById('<?php echo $_GET['id']; ?>_post')) |
|
523 { |
|
524 document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = function(e) { <?php echo $_GET['id']; ?>_keyhandler(e); }; |
|
525 } |
|
526 __ajim_oltemp(e); |
|
527 } |
|
528 |
|
529 function <?php echo $_GET['id']; ?>readCookie(name) {var nameEQ = name + "=";var ca = document.cookie.split(';');for(var i=0;i < ca.length;i++){var c = ca[i];while (c.charAt(0)==' ') c = c.substring(1,c.length);if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);}return null;} |
|
530 function <?php echo $_GET['id']; ?>setCookie(name,value,days){if (days){var date = new Date();date.setTime(date.getTime()+(days*24*60*60*1000));var expires = "; expires="+date.toGMTString();}else var expires = "";document.cookie = name+"="+value+expires+"; path=/";} |
|
531 function <?php echo $_GET['id']; ?>eraseCookie(name) {createCookie(name,"",-1);} |
|
532 |
|
533 function strpos(haystack, needle) |
|
534 { |
|
535 if(typeof(haystack) != 'string') return false; |
|
536 if(typeof(needle) != 'string') return false; |
|
537 len = needle.length; |
|
538 for(i=0;i<haystack.length;i++) |
|
539 { |
|
540 if ( haystack.substr(i, len) == needle ) |
|
541 return i; |
|
542 } |
|
543 return 0; |
|
544 } |
|
545 |
|
546 function <?php echo $_GET['id']; ?>_newReq(what2call) { |
|
547 if (window.XMLHttpRequest) { |
|
548 request = new XMLHttpRequest(); |
|
549 } else { |
|
550 if (window.ActiveXObject) { |
|
551 request = new ActiveXObject("Microsoft.XMLHTTP"); |
|
552 } else { |
|
553 alert('Your browser does not support AJAX. Get Firefox 2.0!'); |
|
554 return false; |
|
555 } |
|
556 } |
|
557 request.onreadystatechange = what2call; |
|
558 return request; |
|
559 } |
|
560 |
|
561 function <?php echo $_GET['id']; ?>_refresh(force) { |
|
562 <?php echo $_GET['id']; ?>_refcount++; |
|
563 <?php echo $_GET['id']; ?>_refcount_current = <?php echo $_GET['id']; ?>_refcount; |
|
564 if(!<?php echo $_GET['id']; ?>_allowrequest && !force) |
|
565 return false; |
|
566 <?php echo $_GET['id']; ?>_allowrequest = false; |
|
567 var r = <?php echo $_GET['id']; ?>_newReq(function() { |
|
568 if(r.readyState == 4) |
|
569 { |
|
570 // Prevent an old request from taking over a more recent one |
|
571 if(<?php echo $_GET['id']; ?>_refcount > <?php echo $_GET['id']; ?>_refcount_current) |
|
572 return; |
|
573 if(r.responseText != '[E] No new posts') |
|
574 { |
|
575 time = r.responseText.substr(0, strpos(r.responseText, ' ')); |
|
576 <?php echo $_GET['id']; ?>_latestpost = parseInt(time); |
|
577 text = r.responseText.substr(strpos(r.responseText, ' ')+1, r.responseText.length); |
|
578 document.getElementById('<?php echo $_GET['id']; ?>_c').innerHTML = text; |
|
579 } |
|
580 <?php echo $_GET['id']; ?>_allowrequest = true; |
|
581 } |
|
582 }); |
|
583 if(force) |
|
584 latest = ''; |
|
585 else |
|
586 latest = '&latest='+<?php echo $_GET['id']; ?>_latestpost; |
|
587 if(authed) r.open('GET', path+'?title=null&ajimmode=view&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+latest+'&ajim_auth='+authed, true); |
|
588 else r.open('GET', path+'?title=null&ajimmode=view&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+latest, true); |
|
589 r.send(null); |
|
590 } |
|
591 |
|
592 function <?php echo $_GET['id']; ?>_submit(name, website, post) { |
|
593 var r = <?php echo $_GET['id']; ?>_newReq(function() { |
|
594 if(r.readyState == 4) |
|
595 { |
|
596 if(r.responseText != '[E] No new posts') |
|
597 { |
|
598 if(parseInt(r.responseText.substr(0,1)) != 0) |
|
599 { |
|
600 time = r.responseText.substr(0, strpos(r.responseText, ' ')); |
|
601 <?php echo $_GET['id']; ?>_latestpost = parseInt(time); |
|
602 text = r.responseText.substr(strpos(r.responseText, ' ')+1, r.responseText.length); |
|
603 } |
|
604 else |
|
605 { |
|
606 text = r.responseText; |
|
607 } |
|
608 document.getElementById('<?php echo $_GET['id']; ?>_c').innerHTML = text; |
|
609 } |
|
610 } |
|
611 }) |
|
612 if(authed) var parms = 'name='+name+'&website='+website+'&post='+post+'&ajim_auth='+authed; |
|
613 else var parms = 'name='+name+'&website='+website+'&post='+post; |
|
614 r.open('POST', path+'?title=null&ajimmode=post&id='+<?php echo $_GET['id']; ?>id+'', true); |
|
615 r.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); |
|
616 r.setRequestHeader("Content-length", parms.length); |
|
617 r.setRequestHeader("Connection", "close"); |
|
618 r.send(parms); |
|
619 } |
|
620 |
|
621 function <?php echo $_GET['id']; ?>_form() { |
|
622 var name = document.getElementById(<?php echo $_GET['id']; ?>id+'_name').value; |
|
623 var website = document.getElementById(<?php echo $_GET['id']; ?>id+'_website').value; |
|
624 var post = document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value; |
|
625 if(name.length < 1) { alert('Please enter your name.'); return; } |
|
626 if(post.length < 1) { alert('Please enter a post.'); return; } |
|
627 <?php echo $_GET['id']; ?>setCookie('ajim_name', name, 60*60*24*365*10); |
|
628 <?php echo $_GET['id']; ?>setCookie('ajim_website', website, 60*60*24*365*10); |
|
629 <?php echo $_GET['id']; ?>_submit(name, website, post); |
|
630 document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value = ''; |
|
631 } |
|
632 |
|
633 |
|
634 function <?php echo $_GET['id']; ?>_keyhandler(e) |
|
635 { |
|
636 if(!e) e = window.event; |
|
637 if(e.keyCode == 13) |
|
638 { |
|
639 val = document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value; |
|
640 if(!shift) |
|
641 { |
|
642 document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value = val.substr(0, val.length - 1); |
|
643 <?php echo $_GET['id']; ?>_form(); |
|
644 } |
|
645 } |
|
646 } |
|
647 |
|
648 function <?php echo $_GET['id']; ?>keysensor(event) |
|
649 { |
|
650 if (event.shiftKey==1) |
|
651 { |
|
652 shift = true; |
|
653 } |
|
654 else |
|
655 { |
|
656 shift = false; |
|
657 } |
|
658 } |
|
659 |
|
660 if(window.onkeydown) |
|
661 { |
|
662 var kttemp = window.onkeydown; |
|
663 window.onkeydown = function(e) { kttemp(e); <?php echo $_GET['id']; ?>keysensor(e); } |
|
664 } else { |
|
665 window.onkeydown = function(e) { <?php echo $_GET['id']; ?>keysensor(e); } |
|
666 } |
|
667 |
|
668 if(window.onkeyup) |
|
669 { |
|
670 var kttemp = window.onkeyup; |
|
671 window.onkeyup = function(e) { kttemp(e); <?php echo $_GET['id']; ?>keysensor(e); } |
|
672 } else { |
|
673 window.onkeyup = function(e) { <?php echo $_GET['id']; ?>keysensor(e); } |
|
674 } |
|
675 |
|
676 function <?php echo $_GET['id']; ?>_edit_post(pid) |
|
677 { |
|
678 if(<?php echo $_GET['id']; ?>editlist[pid]) |
|
679 { |
|
680 var r = <?php echo $_GET['id']; ?>_newReq(function() { |
|
681 if(r.readyState == 4) { |
|
682 document.getElementById('<?php echo $_GET['id']; ?>_post_'+pid).innerHTML = r.responseText; |
|
683 document.getElementById('<?php echo $_GET['id']; ?>_editbtn_'+pid).innerHTML = 'Edit'; |
|
684 ajim_editlevels--; |
|
685 <?php echo $_GET['id']; ?>editlist[pid] = false; |
|
686 if(ajim_editlevels < 1) |
|
687 { |
|
688 <?php echo $_GET['id']; ?>interval = setInterval('<?php echo $_GET['id']; ?>_refresh();', 5000); |
|
689 } |
|
690 } |
|
691 }); |
|
692 if(authed) r.open('GET', path+'?title=null&ajimmode=getpost&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+'&p='+pid+'&ajim_auth='+authed, true); |
|
693 else r.open('GET', path+'?title=null&ajimmode=getpost&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+'&p='+pid, true); |
|
694 r.send(null); |
|
695 } else { |
|
696 clearInterval(<?php echo $_GET['id']; ?>interval); |
|
697 var r = <?php echo $_GET['id']; ?>_newReq(function() { |
|
698 if(r.readyState == 4) { |
|
699 document.getElementById('<?php echo $_GET['id']; ?>_post_'+pid).innerHTML = '<textarea rows="4" cols="17" id="<?php echo $_GET['id']; ?>_editor_'+pid+'">'+r.responseText+'</textarea><br /><a href="#" onclick="<?php echo $_GET['id']; ?>_save_post(\''+pid+'\'); return false;" style="font-size: 7pt; color: #00C000;">save</a>'; |
|
700 document.getElementById('<?php echo $_GET['id']; ?>_editbtn_'+pid).innerHTML = 'Cancel'; |
|
701 ajim_editlevels++; |
|
702 <?php echo $_GET['id']; ?>editlist[pid] = true; |
|
703 } |
|
704 }); |
|
705 if(authed) r.open('GET', path+'?title=null&ajimmode=getsource&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+'&p='+pid+'&ajim_auth='+authed, true); |
|
706 else r.open('GET', path+'?title=null&ajimmode=getsource&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+'&p='+pid, true); |
|
707 r.send(null); |
|
708 } |
|
709 } |
|
710 |
|
711 var ajim_global_pid; |
|
712 function <?php echo $_GET['id']; ?>_save_post(pid) { |
|
713 ajim_global_pid = pid; |
|
714 if(!document.getElementById('<?php echo $_GET['id']; ?>_editor_'+pid)) |
|
715 { |
|
716 alert('AjIM internal error: bad post ID '+pid+': editor is not open'); |
|
717 return false; |
|
718 } |
|
719 var r = <?php echo $_GET['id']; ?>_newReq(function() { |
|
720 if(r.readyState == 4) |
|
721 { |
|
722 ajim_editlevels--; |
|
723 <?php echo $_GET['id']; ?>editlist[pid] = false; |
|
724 document.getElementById('<?php echo $_GET['id']; ?>_editbtn_'+ajim_global_pid).innerHTML = 'Edit'; |
|
725 document.getElementById('<?php echo $_GET['id']; ?>_post_'+ajim_global_pid).innerHTML = r.responseText; |
|
726 if(ajim_editlevels < 1) |
|
727 { |
|
728 <?php echo $_GET['id']; ?>_refresh(true); |
|
729 <?php echo $_GET['id']; ?>interval = setInterval('<?php echo $_GET['id']; ?>_refresh();', 5000); |
|
730 } |
|
731 } |
|
732 }); |
|
733 var parms = 'post='+escape(document.getElementById('<?php echo $_GET['id']; ?>_editor_'+pid).value.replace('+', '%2B'))+'&ajim_auth='+authed+'&p='+pid; |
|
734 r.open('POST', path+'?title=null&ajimmode=savepost&id='+<?php echo $_GET['id']; ?>id+'', true); |
|
735 r.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); |
|
736 r.setRequestHeader("Content-length", parms.length); |
|
737 r.setRequestHeader("Connection", "close"); |
|
738 r.send(parms); |
|
739 return null; |
|
740 } |
|
741 |
|
742 function <?php echo $_GET['id']; ?>_delete_post(pid) { |
|
743 //document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = '<span style="font-family: arial; font-size: 7pt; ">Loading...</span>'; |
|
744 var r = <?php echo $_GET['id']; ?>_newReq(function() { |
|
745 if(r.readyState == 4) |
|
746 if(r.responseText=="good") { |
|
747 <?php echo $_GET['id']; ?>_refresh(true); |
|
748 } else alert(r.responseText); |
|
749 }); |
|
750 var parms = 'ajim_auth='+authed+'&p='+pid; |
|
751 r.open('POST', path+'?title=null&ajimmode=delete&id='+<?php echo $_GET['id']; ?>id+'', true); |
|
752 r.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); |
|
753 r.setRequestHeader("Content-length", parms.length); |
|
754 r.setRequestHeader("Connection", "close"); |
|
755 r.send(parms); |
|
756 return null; |
|
757 } |
|
758 |
|
759 <?php |
|
760 } elseif(isset($_GET['jsadmin']) && isset($_GET['id']) && isset($_GET['path'])) { |
|
761 header('Content-type: text/javascript'); |
|
762 ?> |
|
763 |
|
764 var abuffer; |
|
765 function <?php echo $_GET['id']; ?>_prompt() { |
|
766 abuffer = document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML; |
|
767 document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = '<form action="javascript:void(0)" onsubmit="'+<?php echo $_GET['id']; ?>id+'_login()" method="get"><span style="font-family: arial; font-size: 7pt; ">Password:</span> <input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px" id="'+<?php echo $_GET['id']; ?>id+'_passfield" name="pass" type="password" /> <input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px" type="submit" value="OK" /></form>'; |
|
768 } |
|
769 |
|
770 function <?php echo $_GET['id']; ?>_login() { |
|
771 pass = document.getElementById(<?php echo $_GET['id']; ?>id+'_passfield').value; |
|
772 pass = hex_md5(pass); |
|
773 <?php echo $_GET['id']; ?>_login_bin(pass); |
|
774 } |
|
775 function <?php echo $_GET['id']; ?>_login_bin(pass) { |
|
776 document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = '<span style="font-family: arial; font-size: 7pt; ">Loading...</span>'; |
|
777 var r = <?php echo $_GET['id']; ?>_newReq(function() { |
|
778 if(r.readyState == 4) |
|
779 { |
|
780 if(r.responseText=="good") { |
|
781 authed = pass; |
|
782 <?php echo $_GET['id']; ?>setCookie('ajim_password', authed, 60*60*24*365*10); |
|
783 <?php echo $_GET['id']; ?>_latestpost = 0; |
|
784 <?php echo $_GET['id']; ?>_refresh(true); |
|
785 document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = ''; |
|
786 } |
|
787 else |
|
788 { |
|
789 alert(r.responseText); |
|
790 document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = '<span style="font-family: arial; font-size: 7pt; color: #ff0000">Invalid password!</span><br />'+abuffer; |
|
791 } |
|
792 } |
|
793 }) |
|
794 var parms = 'ajim_auth='+pass; |
|
795 r.open('POST', path+'?title=null&ajimmode=auth&id='+<?php echo $_GET['id']; ?>id+'', true); |
|
796 r.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); |
|
797 r.setRequestHeader("Content-length", parms.length); |
|
798 r.setRequestHeader("Connection", "close"); |
|
799 r.send(parms); |
|
800 } |
|
801 |
|
802 var hexcase = 0; var b64pad = ""; var chrsz = 8; function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}; function b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length * chrsz));}; function str_md5(s){ return binl2str(core_md5(str2binl(s), s.length * chrsz));}; function hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key, data)); }; function b64_hmac_md5(key, data) { return binl2b64(core_hmac_md5(key, data)); }; function str_hmac_md5(key, data) { return binl2str(core_hmac_md5(key, data)); }; function md5_vm_test() { return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"; }; function core_md5(x, len) { x[len >> 5] |= 0x80 << ((len) % 32); x[(((len + 64) >>> 9) << 4) + 14] = len; var a = 1732584193; var b = -271733879; var c = -1732584194; var d = 271733878; for(var i = 0; i < x.length; i += 16) { var olda = a; var oldb = b; var oldc = c; var oldd = d; a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);c = md5_ff(c, d, a, b, x[i+10], 17, -42063);b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551); a = safe_add(a, olda); b = safe_add(b, oldb); c = safe_add(c, oldc); d = safe_add(d, oldd); } return Array(a, b, c, d); }; function md5_cmn(q, a, b, x, s, t) { return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b); }; function md5_ff(a, b, c, d, x, s, t) { return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t); }; function md5_gg(a, b, c, d, x, s, t) { return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t); }; function md5_hh(a, b, c, d, x, s, t) { return md5_cmn(b ^ c ^ d, a, b, x, s, t); }; function md5_ii(a, b, c, d, x, s, t) { return md5_cmn(c ^ (b | (~d)), a, b, x, s, t); }; function core_hmac_md5(key, data) { var bkey = str2binl(key); if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz); var ipad = Array(16), opad = Array(16); for(var i = 0; i < 16; i++) { ipad[i] = bkey[i] ^ 0x36363636; opad[i] = bkey[i] ^ 0x5C5C5C5C; } var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz); return core_md5(opad.concat(hash), 512 + 128); }; function safe_add(x, y) {var lsw = (x & 0xFFFF) + (y & 0xFFFF);var msw = (x >> 16) + (y >> 16) + (lsw >> 16);return (msw << 16) | (lsw & 0xFFFF); }; function bit_rol(num, cnt) { return (num << cnt) | (num >>> (32 - cnt)); }; function str2binl(str) { var bin = Array(); var mask = (1 << chrsz) - 1; for(var i = 0; i < str.length * chrsz; i += chrsz) bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%32); return bin; }; function binl2str(bin) { var str = ""; var mask = (1 << chrsz) - 1; for(var i = 0; i < bin.length * 32; i += chrsz) str += String.fromCharCode((bin[i>>5] >>> (i % 32)) & mask); return str; }; function binl2hex(binarray) { var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; var str = ""; for(var i = 0; i < binarray.length * 4; i++) { str += hex_tab.charAt((binarray[i>>2] >> ((i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((i%4)*8 )) & 0xF); } return str; }; function binl2b64(binarray) { var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; var str = ""; for(var i = 0; i < binarray.length * 4; i += 3) { var triplet = (((binarray[i >> 2] >> 8 * ( i %4)) & 0xFF) << 16) | (((binarray[i+1 >> 2] >> 8 * ((i+1)%4)) & 0xFF) << 8 ) | ((binarray[i+2 >> 2] >> 8 * ((i+2)%4)) & 0xFF); for(var j = 0; j < 4; j++) { if(i * 8 + j * 6 > binarray.length * 32) str += b64pad; else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F); } } return str; }; |
|
803 |
|
804 <?php |
|
805 } elseif(isset($_GET['css']) && isset($_GET['id']) && isset($_GET['path'])) { |
|
806 header('Content-type: text/css'); |
|
807 ?> |
|
808 div#<?php echo $_GET['id']; ?>_master { |
|
809 margin: 0; |
|
810 padding: 0; |
|
811 /* background-color: #DDD; */ |
|
812 } |
|
813 div#<?php echo $_GET['id']; ?>_master a { |
|
814 display: inline; |
|
815 color: #0000FF; |
|
816 } |
|
817 div#<?php echo $_GET['id']; ?>_master textarea { |
|
818 font-family: arial; |
|
819 font-size: 7pt; |
|
820 border: 1px solid #000; |
|
821 padding: 0; |
|
822 } |
|
823 <?php |
|
824 } |
|
825 ?> |
|