0
+ − 1
<?php
+ − 2
+ − 3
/**
+ − 4
* AjIM - the Asynchronous Javascript Instant Messenger
+ − 5
* A shoutbox/chatbox framework that uses PHP, AJAX, MySQL, and Javascript
+ − 6
* Version: 1.0 RC 1
+ − 7
* Copyright (C) 2006-2007 Dan Fuhry
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
error_reporting(E_ALL);
+ − 17
class ajim {
+ − 18
var $table_prefix, $conn, $id, $admin, $iface, $prune, $formatfunc, $config, $bad_words;
+ − 19
/**
+ − 20
* Die and be friendly about it.
+ − 21
* @param string $text - should be the text to show to the user, include mysql_error() value if applicable
+ − 22
*/
+ − 23
function kill($text) {
+ − 24
die('AjIM: Database error<br />'.$text);
+ − 25
}
+ − 26
/**
+ − 27
* Make a SQL query. This function contains some error correction that performs automatic database upgrades if needed.
+ − 28
* @param string $q - The query text to send to MySQL.
+ − 29
* @return resource - or, kills the connection and bails out if the query failed
+ − 30
*/
+ − 31
function sql($q) {
+ − 32
$r = mysql_query($q, $this->conn);
+ − 33
if(!$r)
+ − 34
{
+ − 35
if(strstr(mysql_error(), 'Unknown column \'time_id\''))
+ − 36
{
+ − 37
$this->sql('ALTER TABLE '.$this->table_prefix.'ajim ADD COLUMN time_id int(11) NOT NULL DEFAULT 0;');
+ − 38
$r = mysql_query($q, $this->conn);
+ − 39
}
+ − 40
elseif(strstr(mysql_error(), 'Unknown column \'sid\''))
+ − 41
{
+ − 42
$this->sql('ALTER TABLE '.$this->table_prefix.'ajim ADD COLUMN sid varchar(40) NOT NULL DEFAULT \'\';');
+ − 43
$r = mysql_query($q, $this->conn);
+ − 44
}
+ − 45
elseif(strstr(mysql_error(), 'Unknown column \'ip_addr\''))
+ − 46
{
+ − 47
$this->sql('ALTER TABLE '.$this->table_prefix.'ajim ADD COLUMN ip_addr varchar(15) NOT NULL DEFAULT \'\';');
+ − 48
$r = mysql_query($q, $this->conn);
+ − 49
}
+ − 50
$this->kill('Error during query:<br /><pre>'.htmlspecialchars($q).'</pre><br />MySQL said: '.mysql_error().'<br /><br />Depending on the error, AjIM may be able to automatically repair it. Just hang tight for about ten seconds. Whatever you do, don\'t close this browser window!');
+ − 51
}
+ − 52
return $r;
+ − 53
}
+ − 54
/**
+ − 55
* Get the user's SID (unique ID used for editing authorization) or generate a new one.
+ − 56
* @return string
+ − 57
*/
+ − 58
function get_sid()
+ − 59
{
+ − 60
// Tag the user with a unique ID that can be used to edit posts
+ − 61
// This is used to essentially track users, but only for the purpose of letting them edit posts
+ − 62
if(!isset($_COOKIE['ajim_sid']))
+ − 63
{
+ − 64
$hash = sha1(microtime());
+ − 65
setcookie('ajim_sid', $hash, time()+60*60*24*365); // Cookies last for one year
+ − 66
}
+ − 67
else
+ − 68
$hash = $_COOKIE['ajim_sid'];
+ − 69
+ − 70
return $hash;
+ − 71
}
+ − 72
/**
+ − 73
* Set the default value for a configuration field.
+ − 74
* @param string $key - name of the configuration key
+ − 75
* @param string $value - the default value
+ − 76
* @param array $confarray - needs to be the array passed as the first param on the constructor
+ − 77
*/
+ − 78
function config_default($key, $value, &$confarray)
+ − 79
{
+ − 80
if(!isset($confarray[$key]))
+ − 81
$confarray[$key] = $value;
+ − 82
}
+ − 83
/**
+ − 84
* Set up some basic vars and a database connection
+ − 85
* @param array $config - a configuration array, with either the key db_connection_handle (a valid MySQL connection resource) or the keys dbhost, dbname, dbuser, and dbpass
+ − 86
* @param string $table_prefix - the text prepended to the "ajim" table, should match ^([A-z0-9_]+)$
+ − 87
* @param string $handler - URL to the backend script, for example in Enano this would be the plugin file plugins/ajim.php
+ − 88
* @param string $admin - string containing the MD5 hash of the user's password, IF AND ONLY IF the user should be allowed to use the moderation function. In all other cases this should be false.
+ − 89
* @param string $id - used to carry over the randomly generated instance ID between requests. Should be false if the class is being initialized for displaying the inital HTML, in all other cases should be the value of the class variable AjIM::$id
+ − 90
* @param bool $can_post - true if the user is allowed to post, false otherwise. Defaults to true.
+ − 91
* @param mixed $formatfunc - a string containing the name of a function that can be called to format text before posts are sent to the user. If you need to call a class method, this should be an array with key 0 being the class name and key 1 being the method name.
+ − 92
*/
+ − 93
function __construct($config, $table_prefix, $handler, $admin = false, $id = false, $can_post = true, $formatfunc = false) {
+ − 94
// CONFIGURATION
+ − 95
// $this->prune: a limit on the number of posts in the chat box. Usually this should be set to 40 or 50. Default is 40.
+ − 96
// Set to -1 to disable pruning.
+ − 97
$this->prune = -1;
+ − 98
+ − 99
$this->get_sid();
+ − 100
+ − 101
if(!is_array($config))
+ − 102
$this->kill('$config passed to the AjIM constructor should be an associative array with either the keys dbhost, dbname, dbuser, and dbpass, or the key db_connection_handle.');
+ − 103
if(isset($config['db_connection_handle']))
+ − 104
{
+ − 105
if(!is_resource($config['db_connection_handle'])) $this->kill('$config[\'db_connection_handle\'] is not a valid resource');
+ − 106
$this->conn = $config['db_connection_handle'];
+ − 107
if(!$this->conn) $this->kill('Error verifying database connection: '.mysql_error());
+ − 108
} elseif(isset($config['dbhost']) && isset($config['dbname']) && isset($config['dbuser']) && isset($config['dbpass'])) {
+ − 109
$this->conn = mysql_connect($config['dbhost'], $config['dbuser'], $config['dbpass']);
+ − 110
if(!$this->conn) $this->kill('Error connecting to the database: '.mysql_error());
+ − 111
$this->sql('USE '.$config['dbname']);
+ − 112
}
+ − 113
+ − 114
$this->bad_words = Array('viagra', 'phentermine', 'pharma', 'rolex', 'genital', 'penis', 'ranitidine', 'prozac', 'acetaminophen', 'acyclovir', 'ionamin', 'denavir', 'nizoral', 'zoloft', 'estradiol', 'didrex', 'aciphex', 'seasonale', 'allegra', 'lexapro', 'famvir', 'propecia', 'nasacort');
+ − 115
if(isset($config['bad_words']) && is_array($config['bad_words']))
+ − 116
{
+ − 117
$this->bad_words = array_values(array_merge($this->bad_words, $config['bad_words']));
+ − 118
}
+ − 119
+ − 120
// Don't change these values here - change them by passing values to the config array in this constructor's params!
+ − 121
$this->config_default('sb_color_background', '#FFFFFF', $config);
+ − 122
$this->config_default('sb_color_foreground', '#000000', $config);
+ − 123
$this->config_default('sb_color_editlink', '#00C000', $config);
+ − 124
$this->config_default('sb_color_deletelink', '#FF0000', $config);
+ − 125
$this->config_default('sb_color_userlink', '#0000FF', $config);
+ − 126
+ − 127
$this->config = $config;
+ − 128
+ − 129
if($id) $this->id = $id;
+ − 130
else $this->id = 'ajim_'.time();
+ − 131
$this->admin = $admin;
+ − 132
$this->formatfunc = $formatfunc;
+ − 133
$this->can_post = $can_post;
+ − 134
$this->table_prefix = $table_prefix;
+ − 135
$this->sql('CREATE TABLE IF NOT EXISTS '.$this->table_prefix.'ajim(
+ − 136
post_id mediumint(8) NOT NULL auto_increment,
+ − 137
name text,
+ − 138
website text,
+ − 139
post text,
+ − 140
time_id int(11) NOT NULL DEFAULT 0,
+ − 141
PRIMARY KEY ( post_id )
+ − 142
);');
+ − 143
$this->iface = $handler;
+ − 144
if(isset($_GET['ajimmode'])) $this->handler();
+ − 145
}
+ − 146
/**
+ − 147
* A dummy function used for PHP4 compatibility.
+ − 148
* @see AjIM::__construct()
+ − 149
*/
+ − 150
function ajim($config, $table_prefix, $handler, $admin = false, $id = false, $can_post = true, $formatfunc = false) {
+ − 151
$this->__construct($config, $table_prefix, $handler, $admin, $id, $can_post, $formatfunc);
+ − 152
}
+ − 153
/**
+ − 154
* Generates the initial HTML UI to be sent to the user, used internally.
+ − 155
* @access private
+ − 156
* @param string $ajimPath - path to the AjIM connector (not this file), relative to document root, with initial slash.
+ − 157
*/
+ − 158
function html($ajimPath) {
+ − 159
+ − 160
$enstr = $this->can_post ? '' : ' disabled="disabled"';
+ − 161
$html = '';
+ − 162
$html .= '<script type="text/javascript" src="'.$ajimPath.'/ajim.php?js&id='.$this->id.'&path='.urlencode($this->iface).'&pfx='.$this->table_prefix.'"></script>';
+ − 163
if($this->admin) {
+ − 164
$html.= '<script type="text/javascript" src="'.$ajimPath.'/ajim.php?jsadmin&id='.$this->id.'&path='.urlencode($this->iface).'&pfx='.$this->table_prefix.'"></script>';
+ − 165
}
+ − 166
$html .= '<div id="'.$this->id.'_master" style="padding: 5%; width: 90%;">
+ − 167
<div id="'.$this->id.'_c" style="text-align: center; color: '.$this->config['sb_color_foreground'].';
+ − 168
font-family: arial, sans-serif; font-size: 7pt; background-color: '.$this->config['sb_color_background'].';
+ − 169
text-align: left; border: 1px solid #000000; border-bottom: none; margin-bottom: 0; padding: 5%; width: 90%;
+ − 170
height: 200px; clip: rect(0px,auto,200px,0px); overflow: auto;"><noscript><p>You need to have JavaScript support to use this shoutbox.</p></noscript></div>';
+ − 171
// This is the post form div
+ − 172
if($this->can_post)
+ − 173
{
+ − 174
$html .= '<div style="font-family: arial; font-size: 7pt; margin-top: 0; border: 1px solid #000000; border-top-width: 0; width: 100%;">
+ − 175
<form action="#" onsubmit="'.$this->id.'_form(); return false;" method="get">
+ − 176
<table border="0" style="margin: 0; padding: 0; width: 90%;">
+ − 177
<tr><td><span style="font-family: arial; font-size: 7pt; ">Name:</span></td> <td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_name" name="name"'.$enstr.' /></td></tr>
+ − 178
<tr><td><span style="font-family: arial; font-size: 7pt; ">Website:</span></td><td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_website" name="website"'.$enstr.' /></td></tr>
+ − 179
<tr><td colspan="2"><span style="font-family: arial; font-size: 7pt; ">Message:</span></td></tr>
+ − 180
<tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post" onkeyup="'.$this->id.'_keyhandler();"></textarea></td></tr>
+ − 181
<tr><td colspan="2" align="center"><input'.$enstr.' type="submit" value="Submit post" /><br />
+ − 182
<span style="font-family: arial; font-size: 6pt; color: #000000;">AjIM powered</span></td></tr>
+ − 183
';
+ − 184
$html .= '</table>
+ − 185
</form>';
+ − 186
if($this->admin) {
+ − 187
$html .= '<table border="0" style="margin: 0; padding: 0; width: 90%;" align="center"><tr><td colspan="2" align="center"><span id="'.$this->id.'_admin"><a href="#" onclick="'.$this->id.'_prompt(); return false;">Administration</a></span></td></tr></table>';
+ − 188
}
+ − 189
$html.='</div></div>';
+ − 190
} else {
+ − 191
$html .= '<div style="font-family: arial; font-size: 7pt; margin: 5px; margin-top: 0; border: 1px solid #000000; border-top: none;">';
+ − 192
if(isset($this->config['cant_post_notice'])) {
+ − 193
$html .= '<div style="margin: 0; padding: 5px;">'.$this->config['cant_post_notice'].'</div>';
+ − 194
}
+ − 195
$html .= '</div></div>';
+ − 196
}
+ − 197
$html.='<script type="text/javascript">
+ − 198
document.getElementById(\''.$this->id.'_c\').innerHTML = unescape(\'%3Cdiv align="center" style="width:95%;"%3EInitializing...%3C\/div%3E\');';
+ − 199
if($this->can_post) $html .= 'if('.$this->id.'readCookie("ajim_password") && ( typeof "'.$this->id.'_login_bin" == "string" || typeof "'.$this->id.'_login_bin" == "function" )) {
+ − 200
'.$this->id.'_login_bin('.$this->id.'readCookie("ajim_password"));
+ − 201
}
+ − 202
if('.$this->id.'readCookie("ajim_name")) document.getElementById("'.$this->id.'_name").value = '.$this->id.'readCookie("ajim_name");
+ − 203
if('.$this->id.'readCookie("ajim_website")) document.getElementById("'.$this->id.'_website").value = '.$this->id.'readCookie("ajim_website");';
+ − 204
$html .= ''.$this->id.'_refresh();
+ − 205
</script>';
+ − 206
+ − 207
return $html;
+ − 208
}
+ − 209
/**
+ − 210
* Kills the database connection
+ − 211
*/
+ − 212
function destroy() {
+ − 213
mysql_close($this->conn);
+ − 214
}
+ − 215
/**
+ − 216
* Strips all traces of HTML, XML, and PHP from text, and prepares it for being inserted into a MySQL database.
+ − 217
* @access private
+ − 218
* @param string $text - the text to sanitize
+ − 219
* @return string
+ − 220
*/
+ − 221
function sanitize($text) {
+ − 222
$text = rawurldecode($text);
+ − 223
$text = preg_replace('#<(.*?)>#is', '<\\1>', $text);
+ − 224
$text = str_replace("\n", '<br />', $text);
+ − 225
$text = mysql_real_escape_string($text);
+ − 226
return $text;
+ − 227
}
+ − 228
/**
+ − 229
* Scrutinizes a string $text for any traces of the word $word, returns true if the text is clean.
+ − 230
* For example, if $word is "viagra" and the text contains "\/|@6r/\" this returns false, else you would get true.
+ − 231
* @access private
+ − 232
* @param string $text - the text to check
+ − 233
* @param string $word - word to look for.
+ − 234
* @return bool
+ − 235
*/
+ − 236
function spamcheck($text, $word)
+ − 237
{
+ − 238
// build an array, with each key containing one letter (equiv. to str_split() in PHP 5)
+ − 239
$chars = Array();
+ − 240
for($i=0;$i<strlen($word);$i++)
+ − 241
{
+ − 242
$chars[] = substr($word, $i, 1);
+ − 243
}
+ − 244
// This is our rule list - all the known substitutions for a given letter (e.g. "\/" in place of "V", etc.), needs to be escaped for regex use
+ − 245
$subs = Array(
+ − 246
'a'=>'a|\/\\\\|@',
+ − 247
'b'=>'b|\|o',
+ − 248
'c'=>'c|\(|',
+ − 249
'd'=>'d|o\|',
+ − 250
'e'=>'e|3',
+ − 251
'f'=>'f',
+ − 252
'g'=>'g|6|9',
+ − 253
'h'=>'h|\|n',
+ − 254
'i'=>'i|\!|1|\|',
+ − 255
'j'=>'j|\!|1|\|',
+ − 256
'k'=>'k|\|<|\|<',
+ − 257
'l'=>'l|\!|1|\|',
+ − 258
'm'=>'m|nn|rn',
+ − 259
'n'=>'n|h|u\\|\\\\\|',
+ − 260
'o'=>'o|\(\)|0|@',
+ − 261
'p'=>'p',
+ − 262
'q'=>'q',
+ − 263
'r'=>'r|\|\^',
+ − 264
's'=>'s',
+ − 265
't'=>'t|\+',
+ − 266
'u'=>'u|n',
+ − 267
'v'=>'v|\\\\\/', // "\/"
+ − 268
'w'=>'w|vv|\\\\\/\\\\\/', // allows for "\/\/"
+ − 269
'x'=>'x|><|><|><|><',
+ − 270
'y'=>'y',
+ − 271
'z'=>'z|\|\\\\\|' // |\|
+ − 272
);
+ − 273
$regex = '#([\s]){0,1}';
+ − 274
foreach($chars as $c)
+ − 275
{
+ − 276
$lc = strtolower($c);
+ − 277
if(isset($subs[$lc]))
+ − 278
{
+ − 279
$regex .= '('.$subs[$lc].')';
+ − 280
} else {
+ − 281
die('0 $subs['.$lc.'] is not set');
+ − 282
$regex .= preg_quote($c);
+ − 283
}
+ − 284
$regex .= '(.|)';
+ − 285
}
+ − 286
$regex .= '([\s]){0,1}#is';
+ − 287
//echo($word.': '.$regex.'<br />');
+ − 288
if(preg_match($regex, $text)) return false;
+ − 289
return true;
+ − 290
}
+ − 291
/**
+ − 292
* Processes AJAX requests. Usually called if $_GET['ajimmode'] is set.
+ − 293
* @access private
+ − 294
*/
+ − 295
function handler() {
+ − 296
if(isset($_GET['ajimmode'])) {
+ − 297
switch($_GET['ajimmode']) {
+ − 298
default:
+ − 299
die('');
+ − 300
break;
+ − 301
case 'getsource':
+ − 302
case 'getpost':
+ − 303
if(!preg_match('#^([0-9]+)$#', $_GET['p'])) die('SQL injection attempt');
+ − 304
$q = $this->sql('SELECT post,sid,ip_addr FROM '.$this->table_prefix.'ajim WHERE post_id='.$_GET['p']);
+ − 305
$r = mysql_fetch_assoc($q);
+ − 306
if( ( ( isset($_GET['ajim_auth']) && (!$this->admin || ($this->admin != $_GET['ajim_auth']) ) ) || !isset($_GET['ajim_auth']) ) && ( $this->get_sid() != $r['sid'] || $_SERVER['REMOTE_ADDR'] != $r['ip_addr'] ) ) die('Hacking attempt');
+ − 307
if($_GET['ajimmode']=='getpost')
+ − 308
if($this->formatfunc)
+ − 309
{
+ − 310
$p = @call_user_func($this->formatfunc, $r['post']);
+ − 311
if($p) $r['post'] = $p;
+ − 312
unset($p); // Free some memory
+ − 313
}
+ − 314
echo $r['post'];
+ − 315
break;
+ − 316
case "savepost":
+ − 317
if(!preg_match('#^([0-9]+)$#', $_POST['p'])) die('SQL injection attempt');
+ − 318
$q = $this->sql('SELECT sid,ip_addr FROM '.$this->table_prefix.'ajim WHERE post_id='.$_POST['p']);
+ − 319
$r = mysql_fetch_assoc($q);
+ − 320
if( ( ( isset($_POST['ajim_auth']) && (!$this->admin || ($this->admin != $_POST['ajim_auth']) ) ) || !isset($_POST['ajim_auth']) ) && ( $this->get_sid() != $r['sid'] || $_SERVER['REMOTE_ADDR'] != $r['ip_addr'] ) ) die('Hacking attempt');
+ − 321
$post = $this->sanitize($_POST['post']);
+ − 322
$post = $this->make_clickable($post);
+ − 323
$post = preg_replace('#_(.*?)_#is', '<i>\\1</i>', $post);
+ − 324
$post = preg_replace('#\*(.*?)\*#is', '<b>\\1</b>', $post);
+ − 325
$bad_words = Array('viagra', 'phentermine', 'pharma');
+ − 326
foreach($bad_words as $w)
+ − 327
{
+ − 328
if(!$this->spamcheck($post, $w)) die('<span style="color: red">The word "'.$w.'" has been detected in your message and as a result your post has been blocked.</span> Don\'t argue, that will only get you banned.');
+ − 329
}
+ − 330
if(!$this->can_post) die('Access to posting messages has been denied because the administrator has set that you must be logged into this website in order to post.');
+ − 331
+ − 332
$this->sql('UPDATE '.$this->table_prefix.'ajim SET post=\''.$post.'\' WHERE post_id='.$_POST['p'].';');
+ − 333
+ − 334
if($this->formatfunc)
+ − 335
{
+ − 336
$p = @call_user_func($this->formatfunc, $post);
+ − 337
if($p) $post = $p;
+ − 338
unset($p); // Free some memory
+ − 339
}
+ − 340
die($post);
+ − 341
break;
+ − 342
case 'delete':
+ − 343
if(!preg_match('#^([0-9]+)$#', $_POST['p'])) die('SQL injection attempt');
+ − 344
$q = $this->sql('SELECT sid,ip_addr FROM '.$this->table_prefix.'ajim WHERE post_id='.$_POST['p']);
+ − 345
$r = mysql_fetch_assoc($q);
+ − 346
if( ( ( isset($_POST['ajim_auth']) && (!$this->admin || ($this->admin != $_POST['ajim_auth']) ) ) || !isset($_POST['ajim_auth']) ) && ( $this->get_sid() != $r['sid'] || $_SERVER['REMOTE_ADDR'] != $r['ip_addr'] ) ) die('Hacking attempt');
+ − 347
$this->sql('DELETE FROM '.$this->table_prefix.'ajim WHERE post_id='.$_POST['p']);
+ − 348
die('good');
+ − 349
break;
+ − 350
case 'post':
+ − 351
if(!preg_match('#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)$#is', $_POST['website'])) $_POST['website']='';
+ − 352
// Now for a clever anti-spam trick: blacklist the words "viagra" and "phentermine" using one wicked regex:
+ − 353
// #([\s]){1}(v|\\\\\/)(.*){1}(i|\||l|1)(.*){1}(a|@|\/\\\\)(.*){1}(g|6)(.*){1}r(.*){1}(a|@|\/\\\\)(\s){1}#is
+ − 354
$name = $this->sanitize($_POST['name']);
+ − 355
$website = $this->sanitize($_POST['website']);
+ − 356
$post = $this->sanitize($_POST['post']);
+ − 357
foreach($this->bad_words as $w)
+ − 358
{
+ − 359
if(!$this->spamcheck($post, $w)) die('<span style="color: red">The word "'.$w.'" has been detected in your message and as a result your post has been blocked.</span> Don\'t argue, that will only get you banned.');
+ − 360
}
+ − 361
$post = $this->make_clickable($post);
+ − 362
$post = preg_replace('#_(.*?)_#is', '<i>\\1</i>', $post);
+ − 363
$post = preg_replace('#\*(.*?)\*#is', '<b>\\1</b>', $post);
+ − 364
if(!$this->can_post) die('Access to posting messages has been denied because the administrator has set that you must be logged into this website in order to post.');
+ − 365
$this->sql('INSERT INTO '.$this->table_prefix.'ajim ( name, website, post, time_id, sid, ip_addr ) VALUES(\''.$name.'\', \''.$website.'\', \''.$post.'\', '.time().', \''.mysql_real_escape_string($this->get_sid()).'\', \''.mysql_real_escape_string($_SERVER['REMOTE_ADDR']).'\');');
+ − 366
case 'view':
+ − 367
// if(isset($_GET['ajim_auth']))
+ − 368
// die('Auth: '.$_GET['ajim_auth']); // .'<br />Pw: '.$this->admin);
+ − 369
if(isset($_GET['latest']) && ( isset($this->config['allow_looping']) && $this->config['allow_looping'] == true ))
+ − 370
{
+ − 371
// Determine max execution time
+ − 372
$max_exec = intval(@ini_get('max_execution_time'));
+ − 373
if(!$max_exec) $max_exec = 30;
+ − 374
$time_left = $max_exec - 1;
+ − 375
}
+ − 376
$q = $this->sql('SELECT name, website, post, post_id, time_id, sid, ip_addr FROM '.$this->table_prefix.'ajim ORDER BY post_id;');
+ − 377
if(mysql_num_rows($q) < 1) echo '0 <span style="color: #666666">No posts.</span>';
+ − 378
else {
+ − 379
// Prune the table
+ − 380
if($this->prune > 0) {
+ − 381
$nr = mysql_num_rows($q);
+ − 382
$nr = $nr - $this->prune;
+ − 383
if($nr > 0) $this->sql('DELETE FROM '.$this->table_prefix.'ajim LIMIT '.$nr.';');
+ − 384
}
+ − 385
// Alright, what we want to do here is grab the entire table, load it into an array, and then display the posts in reverse order.
+ − 386
for($i = 1; $i<=mysql_num_rows($q); $i++) {
+ − 387
$t[$i] = mysql_fetch_object($q);
+ − 388
}
+ − 389
+ − 390
$s = sizeof($t);
+ − 391
+ − 392
if(isset($_GET['latest']) && ( isset($this->config['allow_looping']) && $this->config['allow_looping'] == true ))
+ − 393
{
+ − 394
// When I was coding this, I immediately thought "use labels and goto!" Here's hoping, PHP6 :-)
+ − 395
$latest_from_user = intval($_GET['latest']);
+ − 396
$latest_from_db = intval($t[$s]->time_id);
+ − 397
while(true)
+ − 398
{
+ − 399
if($latest_from_user == $latest_from_db && $time_left > 5)
+ − 400
{
+ − 401
$time_left = $time_left - 5;
+ − 402
sleep(5);
+ − 403
mysql_free_result($q);
+ − 404
$q = $this->sql('SELECT name, website, post, post_id, time_id, sid, ip_addr FROM '.$this->table_prefix.'ajim ORDER BY post_id;');
+ − 405
$t = Array();
+ − 406
for($i = 1; $i<=mysql_num_rows($q); $i++) {
+ − 407
$t[$i] = mysql_fetch_object($q);
+ − 408
}
+ − 409
$s = sizeof($t);
+ − 410
$latest_from_user = intval($_GET['latest']);
+ − 411
$latest_from_db = intval($t[$s]->time_id);
+ − 412
//echo (string)$latest_from_db.'<br />';
+ − 413
//flush();
+ − 414
//exit;
+ − 415
if($latest_from_user != $latest_from_db)
+ − 416
break;
+ − 417
continue;
+ − 418
}
+ − 419
elseif($latest_from_user == $latest_from_db && $time_left < 5)
+ − 420
{
+ − 421
die('[E] No new posts');
+ − 422
}
+ − 423
break;
+ − 424
}
+ − 425
}
+ − 426
+ − 427
echo $t[$s]->time_id . ' ';
+ − 428
+ − 429
// This is my favorite array trick - it baffles everyone who looks at it :-D
+ − 430
// What it does is the same as for($i=0;$i<sizeof($t);$i++), but it processes the
+ − 431
// array in reverse order.
+ − 432
+ − 433
for($i = $s; $i > 0; $i--) {
+ − 434
if($this->formatfunc)
+ − 435
{
+ − 436
$p = @call_user_func($this->formatfunc, $t[$i]->post);
+ − 437
if($p) $t[$i]->post = $p;
+ − 438
unset($p); // Free some memory
+ − 439
$good_tags = Array('b', 'i', 'u', 'br');
+ − 440
$gt = implode('|', $good_tags);
+ − 441
+ − 442
// Override any modifications that may have been made to the HTML
+ − 443
$t[$i]->post = preg_replace('#<('.$gt.')>([^.]+)</\\1>#is', '<\\1>\\2</\\1>', $t[$i]->post);
+ − 444
$t[$i]->post = preg_replace('#<('.$gt.')([ ]*?)/>#is', '<\\1 />', $t[$i]->post);
+ − 445
$t[$i]->post = preg_replace('#<('.$gt.')>#is', '<\\1 />', $t[$i]->post);
+ − 446
}
+ − 447
echo '<div style="border-bottom: 1px solid #BBB; width: 98%;"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr><td><span style="font-weight: bold">';
+ − 448
if($t[$i]->website != '') echo '<a href="'.$t[$i]->website.'" style="color: #0000FF">'.$t[$i]->name.'</a>';
+ − 449
else echo ''.$t[$i]->name.'';
+ − 450
echo '</span> ';
+ − 451
if( $this->can_post && ($t[$i]->sid == $this->get_sid() && $t[$i]->ip_addr == $_SERVER['REMOTE_ADDR'] ) || ( isset($_GET['ajim_auth']) && $_GET['ajim_auth']==$this->admin ) )
+ − 452
echo '</td><td style="text-align: right"><a href="#" onclick="void('.$this->id.'_delete_post(\''.$t[$i]->post_id.'\')); return false;" style="color: '.$this->config['sb_color_deletelink'].'">Delete</a> <a href="javascript:void('.$this->id.'_edit_post(\''.$t[$i]->post_id.'\'));" id="'.$this->id.'_editbtn_'.$t[$i]->post_id.'" style="color: '.$this->config['sb_color_editlink'].'">Edit</a>';
+ − 453
echo '</td></tr></table><span style="color: #CCC; font-style: italic;">Posted on '.date('n/j, g:ia', $t[$i]->time_id).'</span></div>';
+ − 454
echo '<div style="border-bottom: 1px solid #CCC; width: 98%;" id="'.$this->id.'_post_'.$t[$i]->post_id.'">'.$t[$i]->post.'</div>';
+ − 455
echo '<br />';
+ − 456
}
+ − 457
}
+ − 458
break;
+ − 459
case 'auth':
+ − 460
if($_POST['ajim_auth']==$this->admin) echo 'good';
+ − 461
else echo 'The password you entered is invalid.';
+ − 462
break;
+ − 463
}
+ − 464
}
+ − 465
}
+ − 466
+ − 467
/**
+ − 468
* Replace URLs within a block of text with anchors
+ − 469
* Written by Nathan Codding, copyright (C) phpBB Group
+ − 470
* @param string $text - the text to process
+ − 471
* @return string
+ − 472
*/
+ − 473
function make_clickable($text)
+ − 474
{
+ − 475
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text);
+ − 476
$ret = ' ' . $text;
+ − 477
$ret = preg_replace('#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '\\1<a href="\\2" target="_blank">\\2</a>', $ret);
+ − 478
$ret = preg_replace("#(^|[\ n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", '\\1<a href="http://\\2" target="_blank">\\2</a>', $ret);
+ − 479
$ret = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", '\\1<a href="mailto:\\2@\\3">\\2@\\3</a>', $ret);
+ − 480
$ret = substr($ret, 1);
+ − 481
return($ret);
+ − 482
}
+ − 483
}
+ − 484
+ − 485
// The client-side javascript and CSS code
+ − 486
+ − 487
if(isset($_GET['js']) && isset($_GET['id']) && isset($_GET['path']) && isset($_GET['pfx'])) {
+ − 488
header('Content-type: text/javascript');
+ − 489
?>
+ − 490
// <script>
+ − 491
var <?php echo $_GET['id']; ?>id='<?php echo $_GET['id']; ?>';
+ − 492
var path='<?php echo $_GET['path']; ?>';
+ − 493
var pfx='<?php echo $_GET['pfx']; ?>';
+ − 494
var authed = false; // Don't even try to hack this var; it contains the MD5 of the password that *you* enter, setting it to true will just botch up all the requests
+ − 495
// authed is always set to false unless your password has been verified by the server, and it is sent to the server with every request.
+ − 496
var shift;
+ − 497
var <?php echo $_GET['id']; ?>editlist = new Array();
+ − 498
var <?php echo $_GET['id']; ?>_latestpost = 0;
+ − 499
var <?php echo $_GET['id']; ?>_allowrequest = true;
+ − 500
+ − 501
var <?php echo $_GET['id']; ?>_refcount = 0;
+ − 502
var <?php echo $_GET['id']; ?>_refcount_current = 0;
+ − 503
+ − 504
var <?php echo $_GET['id']; ?>interval = setInterval('<?php echo $_GET['id']; ?>_refresh();', 5000);
+ − 505
var ajim_editlevels = 0;
+ − 506
+ − 507
// Add the AjIM stylesheet to the HTML header
+ − 508
var link = document.createElement('link');
+ − 509
link.href = path+'?title=null&css&id='+<?php echo $_GET['id']; ?>id+'&path='+path+'&pfx='+pfx+'&ajimmode=';
+ − 510
link.rel = 'stylesheet';
+ − 511
link.type = 'text/css';
+ − 512
var head = document.getElementsByTagName('head');
+ − 513
head = head[0];
+ − 514
head.appendChild(link);
+ − 515
+ − 516
if(typeof window.onload == 'function')
+ − 517
var __ajim_oltemp = window.onload;
+ − 518
else
+ − 519
var __ajim_oltemp = function(e) { };
+ − 520
window.onload = function(e)
+ − 521
{
+ − 522
if(document.getElementById('<?php echo $_GET['id']; ?>_post'))
+ − 523
{
+ − 524
document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = function(e) { <?php echo $_GET['id']; ?>_keyhandler(e); };
+ − 525
}
+ − 526
__ajim_oltemp(e);
+ − 527
}
+ − 528
+ − 529
function <?php echo $_GET['id']; ?>readCookie(name) {var nameEQ = name + "=";var ca = document.cookie.split(';');for(var i=0;i < ca.length;i++){var c = ca[i];while (c.charAt(0)==' ') c = c.substring(1,c.length);if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);}return null;}
+ − 530
function <?php echo $_GET['id']; ?>setCookie(name,value,days){if (days){var date = new Date();date.setTime(date.getTime()+(days*24*60*60*1000));var expires = "; expires="+date.toGMTString();}else var expires = "";document.cookie = name+"="+value+expires+"; path=/";}
+ − 531
function <?php echo $_GET['id']; ?>eraseCookie(name) {createCookie(name,"",-1);}
+ − 532
+ − 533
function strpos(haystack, needle)
+ − 534
{
+ − 535
if(typeof(haystack) != 'string') return false;
+ − 536
if(typeof(needle) != 'string') return false;
+ − 537
len = needle.length;
+ − 538
for(i=0;i<haystack.length;i++)
+ − 539
{
+ − 540
if ( haystack.substr(i, len) == needle )
+ − 541
return i;
+ − 542
}
+ − 543
return 0;
+ − 544
}
+ − 545
+ − 546
function <?php echo $_GET['id']; ?>_newReq(what2call) {
+ − 547
if (window.XMLHttpRequest) {
+ − 548
request = new XMLHttpRequest();
+ − 549
} else {
+ − 550
if (window.ActiveXObject) {
+ − 551
request = new ActiveXObject("Microsoft.XMLHTTP");
+ − 552
} else {
+ − 553
alert('Your browser does not support AJAX. Get Firefox 2.0!');
+ − 554
return false;
+ − 555
}
+ − 556
}
+ − 557
request.onreadystatechange = what2call;
+ − 558
return request;
+ − 559
}
+ − 560
+ − 561
function <?php echo $_GET['id']; ?>_refresh(force) {
+ − 562
<?php echo $_GET['id']; ?>_refcount++;
+ − 563
<?php echo $_GET['id']; ?>_refcount_current = <?php echo $_GET['id']; ?>_refcount;
+ − 564
if(!<?php echo $_GET['id']; ?>_allowrequest && !force)
+ − 565
return false;
+ − 566
<?php echo $_GET['id']; ?>_allowrequest = false;
+ − 567
var r = <?php echo $_GET['id']; ?>_newReq(function() {
+ − 568
if(r.readyState == 4)
+ − 569
{
+ − 570
// Prevent an old request from taking over a more recent one
+ − 571
if(<?php echo $_GET['id']; ?>_refcount > <?php echo $_GET['id']; ?>_refcount_current)
+ − 572
return;
+ − 573
if(r.responseText != '[E] No new posts')
+ − 574
{
+ − 575
time = r.responseText.substr(0, strpos(r.responseText, ' '));
+ − 576
<?php echo $_GET['id']; ?>_latestpost = parseInt(time);
+ − 577
text = r.responseText.substr(strpos(r.responseText, ' ')+1, r.responseText.length);
+ − 578
document.getElementById('<?php echo $_GET['id']; ?>_c').innerHTML = text;
+ − 579
}
+ − 580
<?php echo $_GET['id']; ?>_allowrequest = true;
+ − 581
}
+ − 582
});
+ − 583
if(force)
+ − 584
latest = '';
+ − 585
else
+ − 586
latest = '&latest='+<?php echo $_GET['id']; ?>_latestpost;
+ − 587
if(authed) r.open('GET', path+'?title=null&ajimmode=view&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+latest+'&ajim_auth='+authed, true);
+ − 588
else r.open('GET', path+'?title=null&ajimmode=view&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+latest, true);
+ − 589
r.send(null);
+ − 590
}
+ − 591
+ − 592
function <?php echo $_GET['id']; ?>_submit(name, website, post) {
+ − 593
var r = <?php echo $_GET['id']; ?>_newReq(function() {
+ − 594
if(r.readyState == 4)
+ − 595
{
+ − 596
if(r.responseText != '[E] No new posts')
+ − 597
{
+ − 598
if(parseInt(r.responseText.substr(0,1)) != 0)
+ − 599
{
+ − 600
time = r.responseText.substr(0, strpos(r.responseText, ' '));
+ − 601
<?php echo $_GET['id']; ?>_latestpost = parseInt(time);
+ − 602
text = r.responseText.substr(strpos(r.responseText, ' ')+1, r.responseText.length);
+ − 603
}
+ − 604
else
+ − 605
{
+ − 606
text = r.responseText;
+ − 607
}
+ − 608
document.getElementById('<?php echo $_GET['id']; ?>_c').innerHTML = text;
+ − 609
}
+ − 610
}
+ − 611
})
+ − 612
if(authed) var parms = 'name='+name+'&website='+website+'&post='+post+'&ajim_auth='+authed;
+ − 613
else var parms = 'name='+name+'&website='+website+'&post='+post;
+ − 614
r.open('POST', path+'?title=null&ajimmode=post&id='+<?php echo $_GET['id']; ?>id+'', true);
+ − 615
r.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ − 616
r.setRequestHeader("Content-length", parms.length);
+ − 617
r.setRequestHeader("Connection", "close");
+ − 618
r.send(parms);
+ − 619
}
+ − 620
+ − 621
function <?php echo $_GET['id']; ?>_form() {
+ − 622
var name = document.getElementById(<?php echo $_GET['id']; ?>id+'_name').value;
+ − 623
var website = document.getElementById(<?php echo $_GET['id']; ?>id+'_website').value;
+ − 624
var post = document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value;
+ − 625
if(name.length < 1) { alert('Please enter your name.'); return; }
+ − 626
if(post.length < 1) { alert('Please enter a post.'); return; }
+ − 627
<?php echo $_GET['id']; ?>setCookie('ajim_name', name, 60*60*24*365*10);
+ − 628
<?php echo $_GET['id']; ?>setCookie('ajim_website', website, 60*60*24*365*10);
+ − 629
<?php echo $_GET['id']; ?>_submit(name, website, post);
+ − 630
document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value = '';
+ − 631
}
+ − 632
+ − 633
+ − 634
function <?php echo $_GET['id']; ?>_keyhandler(e)
+ − 635
{
+ − 636
if(!e) e = window.event;
+ − 637
if(e.keyCode == 13)
+ − 638
{
+ − 639
val = document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value;
+ − 640
if(!shift)
+ − 641
{
+ − 642
document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value = val.substr(0, val.length - 1);
+ − 643
<?php echo $_GET['id']; ?>_form();
+ − 644
}
+ − 645
}
+ − 646
}
+ − 647
+ − 648
function <?php echo $_GET['id']; ?>keysensor(event)
+ − 649
{
+ − 650
if (event.shiftKey==1)
+ − 651
{
+ − 652
shift = true;
+ − 653
}
+ − 654
else
+ − 655
{
+ − 656
shift = false;
+ − 657
}
+ − 658
}
+ − 659
+ − 660
if(window.onkeydown)
+ − 661
{
+ − 662
var kttemp = window.onkeydown;
+ − 663
window.onkeydown = function(e) { kttemp(e); <?php echo $_GET['id']; ?>keysensor(e); }
+ − 664
} else {
+ − 665
window.onkeydown = function(e) { <?php echo $_GET['id']; ?>keysensor(e); }
+ − 666
}
+ − 667
+ − 668
if(window.onkeyup)
+ − 669
{
+ − 670
var kttemp = window.onkeyup;
+ − 671
window.onkeyup = function(e) { kttemp(e); <?php echo $_GET['id']; ?>keysensor(e); }
+ − 672
} else {
+ − 673
window.onkeyup = function(e) { <?php echo $_GET['id']; ?>keysensor(e); }
+ − 674
}
+ − 675
+ − 676
function <?php echo $_GET['id']; ?>_edit_post(pid)
+ − 677
{
+ − 678
if(<?php echo $_GET['id']; ?>editlist[pid])
+ − 679
{
+ − 680
var r = <?php echo $_GET['id']; ?>_newReq(function() {
+ − 681
if(r.readyState == 4) {
+ − 682
document.getElementById('<?php echo $_GET['id']; ?>_post_'+pid).innerHTML = r.responseText;
+ − 683
document.getElementById('<?php echo $_GET['id']; ?>_editbtn_'+pid).innerHTML = 'Edit';
+ − 684
ajim_editlevels--;
+ − 685
<?php echo $_GET['id']; ?>editlist[pid] = false;
+ − 686
if(ajim_editlevels < 1)
+ − 687
{
+ − 688
<?php echo $_GET['id']; ?>interval = setInterval('<?php echo $_GET['id']; ?>_refresh();', 5000);
+ − 689
}
+ − 690
}
+ − 691
});
+ − 692
if(authed) r.open('GET', path+'?title=null&ajimmode=getpost&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+'&p='+pid+'&ajim_auth='+authed, true);
+ − 693
else r.open('GET', path+'?title=null&ajimmode=getpost&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+'&p='+pid, true);
+ − 694
r.send(null);
+ − 695
} else {
+ − 696
clearInterval(<?php echo $_GET['id']; ?>interval);
+ − 697
var r = <?php echo $_GET['id']; ?>_newReq(function() {
+ − 698
if(r.readyState == 4) {
+ − 699
document.getElementById('<?php echo $_GET['id']; ?>_post_'+pid).innerHTML = '<textarea rows="4" cols="17" id="<?php echo $_GET['id']; ?>_editor_'+pid+'">'+r.responseText+'</textarea><br /><a href="#" onclick="<?php echo $_GET['id']; ?>_save_post(\''+pid+'\'); return false;" style="font-size: 7pt; color: #00C000;">save</a>';
+ − 700
document.getElementById('<?php echo $_GET['id']; ?>_editbtn_'+pid).innerHTML = 'Cancel';
+ − 701
ajim_editlevels++;
+ − 702
<?php echo $_GET['id']; ?>editlist[pid] = true;
+ − 703
}
+ − 704
});
+ − 705
if(authed) r.open('GET', path+'?title=null&ajimmode=getsource&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+'&p='+pid+'&ajim_auth='+authed, true);
+ − 706
else r.open('GET', path+'?title=null&ajimmode=getsource&id='+<?php echo $_GET['id']; ?>id+'&pfx='+pfx+'&p='+pid, true);
+ − 707
r.send(null);
+ − 708
}
+ − 709
}
+ − 710
+ − 711
var ajim_global_pid;
+ − 712
function <?php echo $_GET['id']; ?>_save_post(pid) {
+ − 713
ajim_global_pid = pid;
+ − 714
if(!document.getElementById('<?php echo $_GET['id']; ?>_editor_'+pid))
+ − 715
{
+ − 716
alert('AjIM internal error: bad post ID '+pid+': editor is not open');
+ − 717
return false;
+ − 718
}
+ − 719
var r = <?php echo $_GET['id']; ?>_newReq(function() {
+ − 720
if(r.readyState == 4)
+ − 721
{
+ − 722
ajim_editlevels--;
+ − 723
<?php echo $_GET['id']; ?>editlist[pid] = false;
+ − 724
document.getElementById('<?php echo $_GET['id']; ?>_editbtn_'+ajim_global_pid).innerHTML = 'Edit';
+ − 725
document.getElementById('<?php echo $_GET['id']; ?>_post_'+ajim_global_pid).innerHTML = r.responseText;
+ − 726
if(ajim_editlevels < 1)
+ − 727
{
+ − 728
<?php echo $_GET['id']; ?>_refresh(true);
+ − 729
<?php echo $_GET['id']; ?>interval = setInterval('<?php echo $_GET['id']; ?>_refresh();', 5000);
+ − 730
}
+ − 731
}
+ − 732
});
+ − 733
var parms = 'post='+escape(document.getElementById('<?php echo $_GET['id']; ?>_editor_'+pid).value.replace('+', '%2B'))+'&ajim_auth='+authed+'&p='+pid;
+ − 734
r.open('POST', path+'?title=null&ajimmode=savepost&id='+<?php echo $_GET['id']; ?>id+'', true);
+ − 735
r.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ − 736
r.setRequestHeader("Content-length", parms.length);
+ − 737
r.setRequestHeader("Connection", "close");
+ − 738
r.send(parms);
+ − 739
return null;
+ − 740
}
+ − 741
+ − 742
function <?php echo $_GET['id']; ?>_delete_post(pid) {
+ − 743
//document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = '<span style="font-family: arial; font-size: 7pt; ">Loading...</span>';
+ − 744
var r = <?php echo $_GET['id']; ?>_newReq(function() {
+ − 745
if(r.readyState == 4)
+ − 746
if(r.responseText=="good") {
+ − 747
<?php echo $_GET['id']; ?>_refresh(true);
+ − 748
} else alert(r.responseText);
+ − 749
});
+ − 750
var parms = 'ajim_auth='+authed+'&p='+pid;
+ − 751
r.open('POST', path+'?title=null&ajimmode=delete&id='+<?php echo $_GET['id']; ?>id+'', true);
+ − 752
r.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ − 753
r.setRequestHeader("Content-length", parms.length);
+ − 754
r.setRequestHeader("Connection", "close");
+ − 755
r.send(parms);
+ − 756
return null;
+ − 757
}
+ − 758
+ − 759
<?php
+ − 760
} elseif(isset($_GET['jsadmin']) && isset($_GET['id']) && isset($_GET['path'])) {
+ − 761
header('Content-type: text/javascript');
+ − 762
?>
+ − 763
+ − 764
var abuffer;
+ − 765
function <?php echo $_GET['id']; ?>_prompt() {
+ − 766
abuffer = document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML;
+ − 767
document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = '<form action="javascript:void(0)" onsubmit="'+<?php echo $_GET['id']; ?>id+'_login()" method="get"><span style="font-family: arial; font-size: 7pt; ">Password:</span> <input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px" id="'+<?php echo $_GET['id']; ?>id+'_passfield" name="pass" type="password" /> <input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px" type="submit" value="OK" /></form>';
+ − 768
}
+ − 769
+ − 770
function <?php echo $_GET['id']; ?>_login() {
+ − 771
pass = document.getElementById(<?php echo $_GET['id']; ?>id+'_passfield').value;
+ − 772
pass = hex_md5(pass);
+ − 773
<?php echo $_GET['id']; ?>_login_bin(pass);
+ − 774
}
+ − 775
function <?php echo $_GET['id']; ?>_login_bin(pass) {
+ − 776
document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = '<span style="font-family: arial; font-size: 7pt; ">Loading...</span>';
+ − 777
var r = <?php echo $_GET['id']; ?>_newReq(function() {
+ − 778
if(r.readyState == 4)
+ − 779
{
+ − 780
if(r.responseText=="good") {
+ − 781
authed = pass;
+ − 782
<?php echo $_GET['id']; ?>setCookie('ajim_password', authed, 60*60*24*365*10);
+ − 783
<?php echo $_GET['id']; ?>_latestpost = 0;
+ − 784
<?php echo $_GET['id']; ?>_refresh(true);
+ − 785
document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = '';
+ − 786
}
+ − 787
else
+ − 788
{
+ − 789
alert(r.responseText);
+ − 790
document.getElementById(<?php echo $_GET['id']; ?>id+'_admin').innerHTML = '<span style="font-family: arial; font-size: 7pt; color: #ff0000">Invalid password!</span><br />'+abuffer;
+ − 791
}
+ − 792
}
+ − 793
})
+ − 794
var parms = 'ajim_auth='+pass;
+ − 795
r.open('POST', path+'?title=null&ajimmode=auth&id='+<?php echo $_GET['id']; ?>id+'', true);
+ − 796
r.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ − 797
r.setRequestHeader("Content-length", parms.length);
+ − 798
r.setRequestHeader("Connection", "close");
+ − 799
r.send(parms);
+ − 800
}
+ − 801
+ − 802
var hexcase = 0; var b64pad = ""; var chrsz = 8; function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}; function b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length * chrsz));}; function str_md5(s){ return binl2str(core_md5(str2binl(s), s.length * chrsz));}; function hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key, data)); }; function b64_hmac_md5(key, data) { return binl2b64(core_hmac_md5(key, data)); }; function str_hmac_md5(key, data) { return binl2str(core_hmac_md5(key, data)); }; function md5_vm_test() { return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"; }; function core_md5(x, len) { x[len >> 5] |= 0x80 << ((len) % 32); x[(((len + 64) >>> 9) << 4) + 14] = len; var a = 1732584193; var b = -271733879; var c = -1732584194; var d = 271733878; for(var i = 0; i < x.length; i += 16) { var olda = a; var oldb = b; var oldc = c; var oldd = d; a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);c = md5_ff(c, d, a, b, x[i+10], 17, -42063);b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551); a = safe_add(a, olda); b = safe_add(b, oldb); c = safe_add(c, oldc); d = safe_add(d, oldd); } return Array(a, b, c, d); }; function md5_cmn(q, a, b, x, s, t) { return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b); }; function md5_ff(a, b, c, d, x, s, t) { return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t); }; function md5_gg(a, b, c, d, x, s, t) { return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t); }; function md5_hh(a, b, c, d, x, s, t) { return md5_cmn(b ^ c ^ d, a, b, x, s, t); }; function md5_ii(a, b, c, d, x, s, t) { return md5_cmn(c ^ (b | (~d)), a, b, x, s, t); }; function core_hmac_md5(key, data) { var bkey = str2binl(key); if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz); var ipad = Array(16), opad = Array(16); for(var i = 0; i < 16; i++) { ipad[i] = bkey[i] ^ 0x36363636; opad[i] = bkey[i] ^ 0x5C5C5C5C; } var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz); return core_md5(opad.concat(hash), 512 + 128); }; function safe_add(x, y) {var lsw = (x & 0xFFFF) + (y & 0xFFFF);var msw = (x >> 16) + (y >> 16) + (lsw >> 16);return (msw << 16) | (lsw & 0xFFFF); }; function bit_rol(num, cnt) { return (num << cnt) | (num >>> (32 - cnt)); }; function str2binl(str) { var bin = Array(); var mask = (1 << chrsz) - 1; for(var i = 0; i < str.length * chrsz; i += chrsz) bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%32); return bin; }; function binl2str(bin) { var str = ""; var mask = (1 << chrsz) - 1; for(var i = 0; i < bin.length * 32; i += chrsz) str += String.fromCharCode((bin[i>>5] >>> (i % 32)) & mask); return str; }; function binl2hex(binarray) { var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; var str = ""; for(var i = 0; i < binarray.length * 4; i++) { str += hex_tab.charAt((binarray[i>>2] >> ((i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((i%4)*8 )) & 0xF); } return str; }; function binl2b64(binarray) { var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; var str = ""; for(var i = 0; i < binarray.length * 4; i += 3) { var triplet = (((binarray[i >> 2] >> 8 * ( i %4)) & 0xFF) << 16) | (((binarray[i+1 >> 2] >> 8 * ((i+1)%4)) & 0xFF) << 8 ) | ((binarray[i+2 >> 2] >> 8 * ((i+2)%4)) & 0xFF); for(var j = 0; j < 4; j++) { if(i * 8 + j * 6 > binarray.length * 32) str += b64pad; else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F); } } return str; };
+ − 803
+ − 804
<?php
+ − 805
} elseif(isset($_GET['css']) && isset($_GET['id']) && isset($_GET['path'])) {
+ − 806
header('Content-type: text/css');
+ − 807
?>
+ − 808
div#<?php echo $_GET['id']; ?>_master {
+ − 809
margin: 0;
+ − 810
padding: 0;
+ − 811
/* background-color: #DDD; */
+ − 812
}
+ − 813
div#<?php echo $_GET['id']; ?>_master a {
+ − 814
display: inline;
+ − 815
color: #0000FF;
+ − 816
}
+ − 817
div#<?php echo $_GET['id']; ?>_master textarea {
+ − 818
font-family: arial;
+ − 819
font-size: 7pt;
+ − 820
border: 1px solid #000;
+ − 821
padding: 0;
+ − 822
}
+ − 823
<?php
+ − 824
}
+ − 825
?>