ILYAS415 Posted January 2, 2008 Share Posted January 2, 2008 Okay Hi. I have a problem with a chat script. Basically when someone enters a string and somewhere in the string the use a # character, then there actualy name there using doesn't appear only the message they were typing in appears. Example:- normally when someone types something in it comes out like this... Person's name - Message blablabla When they use a hash it comes out like this:- - Message here blablabla The hash does not appear in the string though. Heres the coding for the script im using... <?php /* author: chris at linuxuser.at licence: GPLv2 */ require_once "includes/db_connect.php"; include_once "includes/functions.php"; include_once "includes/smile.php"; logincheck(); $username= $_SESSION['username']; $fetch= mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$username'")); $fn = "chat.txt"; $maxlines = 18; $nick_length = 10; /* Set this to a minimum wait time between posts (in sec) */ $waittime_sec = 0; /* spam keywords */ $spam[] = "nigger"; $spam[] = "cum"; $spam[] = "dick"; $spam[] = "EAT coon"; $spam[] = "bitch"; $spam[] = "fuck"; $spam[] = "whore"; $spam[] = "sex"; $spam[] = "slut"; $spam[] = "cock"; $spam[] = "bastard"; $spam[] = "motherfucker"; $spam[] = "hoe"; $spam[] = "tits"; $spam[] = "boobs"; $spam[] = "breasts"; $spam[] = "penis"; $spam[] = "arse"; /* IP's to block */ $blockip[] = "72.60.167.89"; /* spam, if message IS exactly that string */ $espam[] = "ajax"; /* Get Message & Nick from the Request and Escape them */ $msg = $_REQUEST["m"]; $msg = htmlspecialchars(stripslashes($msg)); $msg = str_replace("#", "", $msg); $msg = stripslashes($msg); $n = $_REQUEST["n"]; $n = htmlspecialchars(stripslashes($n)); $n= str_replace("#", "", $n); $n= stripslashes($n); if (strlen($n) >= $nick_length) { $n = substr($n, 0, $nick_length); } else { for ($i=strlen($n); $i<$nick_length; $i++) $n .= " "; } if ($waittime_sec > 0) { $lastvisit = $_COOKIE["lachatlv"]; setcookie("lachatlv", time()); if ($lastvisit != "") { $diff = time() - $lastvisit; if ($diff < 5) { die(); } } } if ($msg != "") { if (strlen($msg) <= "2") { die(); } if (strlen($msg) >= "3") { /* Smilies are ok */ if (strtoupper($msg) == $msg) { die(); } } if (strlen($msg) > 150) { die(); } if (strlen($msg) > 15) { if (substr_count($msg, substr($msg, 6, ) > 1) { die(); } } foreach ($blockip as $a) { if ($_SERVER["REMOTE_ADDR"] == $a) { die(); } } $mystring = strtoupper($msg); foreach ($spam as $a) { if (strpos($mystring, strtoupper($a)) === false) { /* Everything Ok Here */ } else { die(); } } foreach ($espam as $a) { if (strtoupper($msg) == strtoupper($a)) { die(); } } $handle = fopen ($fn, 'r'); $chattext = fread($handle, filesize($fn)); fclose($handle); $arr1 = explode("\n", $chattext); if (count($arr1) > $maxlines) { /* Pruning */ $arr1 = array_reverse($arr1); for ($i=0; $i<$maxlines; $i++) { $arr2[$i] = $arr1[$i]; } $arr2 = array_reverse($arr2); } else { $arr2 = $arr1; } $chattext = implode("\n", $arr2); if (substr_count($chattext, $msg) > 2) { die(); } $msg="<font color=orange>".ucfirst($msg)."</font>"; if ($fetch->userlevel == "0"){ $n="<font color=lightblue>".ucfirst($n)."</font>"; }elseif ($fetch->userlevel == "0.5"){ $n="<font color=#f8ff6a>".ucfirst($n)."</font>"; }elseif ($fetch->userlevel == "1"){ $n="<font color=#71f8ff>".ucfirst($n)."</font>"; }elseif ($fetch->userlevel == "2"){ $n="<font color=#ff6464>".ucfirst($n)."</font>"; }elseif ($fetch->userlevel == "3"){ $n="<font color=#7cff5b>".ucfirst($n)."</font>"; } $out = $chattext . $n . " - " . $msg . "<br>"; $out = str_replace("\'", "'", $out); $out = str_replace("\\\"", "\"", $out); $out= chat($out); $handle = fopen ($fn, 'w'); fwrite ($handle, $out); fclose($handle); $timenow= time() + (60 * 5); mysql_query("UPDATE users SET chatonline='$timenow' WHERE username='$username'"); } ?> Thanks, im in a rush because i have to go work now. Thanks, i tried to keep it as simple as possible. Link to comment https://forums.phpfreaks.com/topic/84136-need-help-with-chat-script/ Share on other sites More sharing options...
lemmin Posted January 2, 2008 Share Posted January 2, 2008 I think the problem might be coming from this part: /* Get Message & Nick from the Request and Escape them */ $msg = $_REQUEST["m"]; $msg = htmlspecialchars(stripslashes($msg)); $msg = str_replace("#", "", $msg); $msg = stripslashes($msg); $n = $_REQUEST["n"]; $n = htmlspecialchars(stripslashes($n)); $n= str_replace("#", "", $n); $n= stripslashes($n); Try commenting out this: $msg = htmlspecialchars(stripslashes($msg)); $msg = str_replace("#", "", $msg); $msg = stripslashes($msg); And this: $n = htmlspecialchars(stripslashes($n)); $n= str_replace("#", "", $n); $n= stripslashes($n); And see if you still have the same problem. If not, you might consider using regular expressions to make your own escaping functions. Link to comment https://forums.phpfreaks.com/topic/84136-need-help-with-chat-script/#findComment-428290 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.