Skip to content

Commit

Permalink
Merge pull request #861 from causefx/develop
Browse files Browse the repository at this point in the history 
Develop
  • Loading branch information
@causefx
causefx authored May 9, 2018
2 parents ed4de0d + 04b5a8e commit 9b3673f
Show file tree
Hide file tree
Showing 5 changed files with 51 additions and 213 deletions.
4 changes: 2 additions & 2 deletions chat/logmessage.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
$message = "";
}
}else{
$message = $_GET["message"];
$message = htmlspecialchars($_GET["message"], ENT_QUOTES);
}
$user = $_GET["user"];
$avatar = $_GET["avatar"];
Expand Down Expand Up @@ -78,4 +78,4 @@ function encryptmessage($msg)

$db->close();

?>
?>
3 changes: 2 additions & 1 deletion chat/refreshmessages.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@
"<span style=\"font-size: 20px; color: #b77fdb;\"><em>$1</em></span>", $message);
$message = preg_replace("/\*(.*?)\*/",
"<span style=\"color: #d89334;\"><strong>$1</strong></span>", $message);
$message = htmlspecialchars($message, ENT_QUOTES);

// user online avatar

Expand Down Expand Up @@ -140,7 +141,7 @@ function decryptmessage($msg)
}
else
{
echo $newmessages[$i] . "###endofmessage###";
echo $newmessages[$i]. "###endofmessage###";
}
}
}
Expand Down
176 changes: 1 addition & 175 deletions chat/uploadimage.php
View file
Original file line number Diff line number Diff line change
@@ -1,177 +1,3 @@
<?php

$data = $_POST["datavars"];
$dataarray = explode("###", $data);
$user = $dataarray[0];
$avatar = $dataarray[1];
$imagename = $_FILES["image"]["name"];
$size = $_FILES["image"]["size"];
$tempname = $_FILES["image"]["tmp_name"];
$type = $_FILES["image"]["type"];
$endtemp = explode(".", $_FILES["image"]["name"]);
$ending = end($endtemp);

// unique image filename

$unique = md5($imagename . $tempname . time());
$filename = $unique . "." . $ending;

// thumbnail

$thumbname = $unique . "t" . "." . $ending;

// path

$uploaddir = "../uploads";
$uploaddirexists = false;

if( !is_dir($uploaddir) ) // check if upload directory exists
{
if( mkdir($uploaddir, 0705, true) ) // create upload directory
{
$uploaddirexists = true;
}
}
else
{
$uploaddirexists = true;
}

$path = "../uploads/" . $filename;
$thumbpath = "../uploads/" . $thumbname;

// upload

if( strlen($user) > 0 && strlen($imagename) > 0 && $size > 0 && $uploaddirexists )
{
if( ($type == "image/gif") || ($type == "image/jpeg") || ($type == "image/jpg") || ($type == "image/png") )
{
if( $size < 5000000 )
{
if( $_FILES["image"]["error"] == 0 )
{
if( !file_exists($path) )
{
if( copy($tempname, $path) ) // upload image
{
// thumbnail

$sizedata = getimagesize($tempname);

if( $type == "image/gif" )
{
$imagetoupload = @imagecreatefromgif($tempname);
}
elseif( $type == "image/jpeg" || $type == "image/jpg" )
{
$imagetoupload = @imagecreatefromjpeg($tempname);
}
elseif( $type == "image/png" )
{
$imagetoupload = @imagecreatefrompng($tempname);
}

if( $imagetoupload ) // imagecreatefromX
{
$width = imagesx($imagetoupload);
$height = imagesy($imagetoupload);
$div = $width / $height;
$newwidth = 150;
$newheight = 150 / $div;

$newimage = @imageCreateTrueColor($newwidth, $newheight);

if( $newimage ) // imagecreatetruecolor
{
// upload thumbnail

$imagecopy = @imagecopyresized($newimage, $imagetoupload, 0, 0, 0, 0,
$newwidth, $newheight, $sizedata[0], $sizedata[1]);

if( $imagecopy ) // imagecopyresized
{
if( $type == "image/gif" )
{
$img = @imagegif($newimage, $thumbpath);
}
elseif( $type == "image/jpeg" || $type1 == "image/jpg" )
{
$img = @imagejpeg($newimage, $thumbpath);
}
elseif( $type == "image/png" )
{
$img = @imagepng($newimage, $thumbpath);
}

if( $img ) // imageX
{
@imagedestroy($newimage);

// db entry

include("connect.php");

$timestamp = time();
$message = "specialcharimg" . $thumbname;

if( !$db->exec("INSERT INTO chatpack_log (timestamp, user, avatar, message)
VALUES ('$timestamp', '$user', '$avatar', '$message')") )
{
cleanup($path, $thumbpath, $filename); // clean up on error
}

$db->close();
}
}
}
}
}
else // error upload
{
cleanup($path, $thumbpath, $filename);
}
}
else // error exists
{
cleanup($path, $thumbpath, $filename);
}
}
}
else // error size
{
cleanup($path, $thumbpath, $filename);
}
}
else // error type
{
cleanup($path, $thumbpath, $filename);
}
}

function cleanup($path, $thumbpath, $filename)
{
// delete image

if( file_exists($path) )
{
unlink($path);
}

// delete thumbnail

if( file_exists($thumbpath) )
{
unlink($thumbpath);
}

// delete db entry

include("connect.php");

$message = "specialcharimg" . $thumbname;
$db->exec("DELETE FROM chatpack_log WHERE message='$message'");

$db->close();
}

?>
//Depreciated
15 changes: 11 additions & 4 deletions functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

// ===================================
// Define Version
define('INSTALLEDVERSION', '1.75');
define('INSTALLEDVERSION', '1.80');
// ===================================
$debugOrganizr = true;
if($debugOrganizr == true && file_exists('debug.php')){ require_once('debug.php'); }
Expand Down Expand Up @@ -1756,8 +1756,14 @@ function uploadAvatar($path, $ext_mask = null) {
// Remove file
function removeFiles($path) {
if(is_file($path)) {
writeLog("success", "file was removed");
unlink($path);
$fileType = getExtension($path);
if(in_arrayi($fileType, array('jpg','jpeg','png','json','db','gif'))){
writeLog("success", "file was removed");
unlink($path);
} else{
writeLog("error", "file was not removed");
echo json_encode('Invalid File Type');
}
} else {
writeLog("error", "file was not removed");
echo json_encode('No file specified for removal!');
Expand Down Expand Up @@ -4253,7 +4259,7 @@ function getExtension($string) {
function showFile(){
$file = $_GET['file'];
$fileType = getExtension($file);
if($fileType != 'php'){
if($fileType == 'css' || $fileType == 'js'){
header("Content-type: ".mimeTypes()[$fileType]);
@readfile($file);
}
Expand Down Expand Up @@ -4754,6 +4760,7 @@ function getPing($url, $style, $refresh = null){
$class .= " animated flash loop-animation-timeout";
}
}
$style = htmlspecialchars($style, ENT_QUOTES);
echo '<span class="pingcheck badge ping-'.$class.'" style="position: absolute;z-index: 100;right: 5px; padding: 0px 0px;'.$style.';font-size: 10px;">&nbsp;</span>';
}

Expand Down
66 changes: 35 additions & 31 deletions user.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -792,6 +792,7 @@ function login_user($username, $sha1, $remember, $password, $surface = true) {
function update_user($username, $email, $sha1, $role)
{
//Admin bypass
$trueAdmin = false;
if(!in_arrayi($_SESSION["username"], $this->get_admin_list())){
// logged in, but do the tokens match?
$token = $this->get_user_token($username);
Expand All @@ -810,6 +811,7 @@ function update_user($username, $email, $sha1, $role)
if(isset($_COOKIE['Organizr_Token'])) {
if($this->jwtParse()){
$override = true;
$trueAdmin = true;
}
}
if($override){
Expand All @@ -822,7 +824,7 @@ function update_user($username, $email, $sha1, $role)
if($email !="") {
$update = "UPDATE users SET email = '$email' WHERE username = '$username' COLLATE NOCASE";
$this->database->exec($update); }
if($role !="") {
if($role !="" && $trueAdmin) {
$update = "UPDATE users SET role = '$role' WHERE username = '$username' COLLATE NOCASE";
$this->database->exec($update); }
if($sha1 !="") {
Expand Down Expand Up @@ -850,36 +852,38 @@ function deleteInvite()
*/
function invite_user($username = "none", $email, $server)
{
//lang shit
$language = new setLanguage;
$domain = getServerPath();
$topImage = $domain."images/organizr-logo-h.png";
$uServer = strtoupper($server);
$now = date("Y-m-d H:i:s");
$inviteCode = randomCode(6);
$username = (!empty($username) ? $username : strtoupper($server) . " User");
$link = getServerPath()."?inviteCode=".$inviteCode;
if($email !="") {
$insert = "INSERT INTO invites (username, email, code, valid, date) ";
$insert .= "VALUES ('".strtolower($username)."', '$email', '$inviteCode', 'Yes', '$now') ";
$this->database->exec($insert);
}
writeLog("success", "$email has been invited to the $server server");
$this->info("$email has been invited to the $server server");
if($insert && User::use_mail)
{
$emailTemplate = array(
'type' => 'invite',
'body' => emailTemplateInviteUser,
'subject' => emailTemplateInviteUserSubject,
'user' => $username,
'password' => null,
'inviteCode' => $inviteCode,
);
$emailTemplate = emailTemplate($emailTemplate);
$subject = $emailTemplate['subject'];
$body = buildEmail($emailTemplate);
$this->startEmail($email, $username, $subject, $body);
if(in_arrayi($_SESSION["username"], $this->get_admin_list())){
//lang shit
$language = new setLanguage;
$domain = getServerPath();
$topImage = $domain."images/organizr-logo-h.png";
$uServer = strtoupper($server);
$now = date("Y-m-d H:i:s");
$inviteCode = randomCode(6);
$username = (!empty($username) ? $username : strtoupper($server) . " User");
$link = getServerPath()."?inviteCode=".$inviteCode;
if($email !="") {
$insert = "INSERT INTO invites (username, email, code, valid, date) ";
$insert .= "VALUES ('".strtolower($username)."', '$email', '$inviteCode', 'Yes', '$now') ";
$this->database->exec($insert);
}
writeLog("success", "$email has been invited to the $server server");
$this->info("$email has been invited to the $server server");
if($insert && User::use_mail)
{
$emailTemplate = array(
'type' => 'invite',
'body' => emailTemplateInviteUser,
'subject' => emailTemplateInviteUserSubject,
'user' => $username,
'password' => null,
'inviteCode' => $inviteCode,
);
$emailTemplate = emailTemplate($emailTemplate);
$subject = $emailTemplate['subject'];
$body = buildEmail($emailTemplate);
$this->startEmail($email, $username, $subject, $body);
}
}
}
/**
Expand Down

0 comments on commit 9b3673f

Please sign in to comment.