This commit is contained in:
overflowerror 2015-02-12 18:45:49 +01:00
parent fcf556607d
commit 793ed0c550
6 changed files with 613 additions and 0 deletions

161
ajax.php Normal file
View file

@ -0,0 +1,161 @@
<?php
include_once("connect.php");
@session_start();
$json = array();
session_write_close();
if (isset($_GET['addUser'])) {
if (!$_SESSION['loggedIn'])
die("not logged in");
$sql = "SELECT
`c`.`ID` AS `id`,
`c`.`name` AS `name`,
`c`.`initTime` AS `initTime`,
`p`.`joinTime` AS `joinTime`,
`iu`.`ID` AS `iuID`,
`iu`.`username` AS `initUser`
FROM `participants` AS `p`
INNER JOIN `conversations` AS `c` ON `p`.`conversationFK`=`c`.`ID`
INNER JOIN `users` AS `iu` ON `c`.`initUserFK`=`iu`.`ID`
WHERE `c`.`ID`=" . intval($_POST['chat']);
$result = mysql_query($sql);
$row = mysql_fetch_object($result);
if ($row->iuID != $_SESSION['userID']) {
$json['error'] = "nicht erlaubt";
} else {
$sql = "SELECT
`p`.`ID` AS `id`
FROM `participants` AS `p`
INNER JOIN `conversations` AS `c` ON `p`.`conversationFK`=`c`.`ID`
INNER JOIN `users` AS `u` ON `p`.`userFK`=`u`.`ID`
WHERE `c`.`ID`=" . intval($_POST['chat']) . "
AND `u`.`username`='" . mysql_real_escape_string(htmlspecialchars($_POST['username'])) . "'";
$result = mysql_query($sql);
echo mysql_error();
if (!mysql_num_rows($result)) {
$sql = "SELECT * FROM `users` WHERE `username`='" . mysql_real_escape_string(htmlspecialchars($_POST['username'])) . "'";
$result = mysql_query($sql);
$row = mysql_fetch_object($result);
$sql = "INSERT INTO `participants` (`conversationFK`, `userFK`, `joinTime`)
VALUES (" . intval($_POST['chat']) . ", " . $row->ID . ", " . time() . ")";
$result = mysql_query($sql);
}
$json['succes'] = true;
}
} else if (isset($_GET['load'])) {
if (!$_SESSION['loggedIn'])
die("not loggedIn");
$json['pid'] = $_POST['pid'];
$json['mid'] = $_POST['mid'];
$sql = "SELECT * FROM `participants` WHERE `conversationFK`=" . intval($_POST['chat']) . " AND `userFK`=" . $_SESSION['userID'];
$result = mysql_query($sql);
if (!mysql_num_rows($result)) {
echo '{"nic": true}';
exit();
}
$i = 0;
for (; $i < 55; $i++) {
$sql = "SELECT
`m`.`ID` AS `id`,
`u`.`username` AS `username`,
`u`.`ID` AS `userid`,
`m`.`sentTime` AS `time`,
`m`.`text` AS `text`
FROM `messages` AS `m`
INNER JOIN `users` AS `u` ON `m`.`userFK`=`u`.`ID`
WHERE `m`.`conversationFK`=" . intval($_POST['chat']) . "
AND `m`.`ID`>" . intval($_POST['mid']) . "
ORDER BY `m`.`sentTime`";
$resultm = mysql_query($sql);
$sql = "SELECT
`p`.`ID` AS `id`,
`u`.`ID` AS `userid`,
`u`.`username` AS `username`
FROM `participants` AS `p`
INNER JOIN `users` AS `u` ON `p`.`userFK`=`u`.`ID`
WHERE `p`.`conversationFK`=" . intval($_POST['chat']) . "
AND `p`.`ID`>" . intval($_POST['pid']);
$resultp = mysql_query($sql);
if (mysql_num_rows($resultm) || mysql_num_rows($resultp)) {
$json['messages'] = array();
while ($row = mysql_fetch_object($resultm)) {
$tmp = array();
$tmp['text'] = $row->text;
$tmp['username'] = $row->username;
$tmp['userid'] = $row->userid;
$json['messages'][] = $tmp;
$json['lastId'] = $row->id;
$sql = "INSERT INTO `seenTimes` (`time`, `userFK`, `messageFK`) VALUES (" . time() . ", " . $_SESSION['userID'] . ", " . $row->id . ")";
$result = mysql_query($sql);
}
$json['users'] = array();
$sql = "SELECT
`p`.`ID` AS `id`,
`u`.`ID` AS `userid`,
`u`.`username` AS `username`
FROM `participants` AS `p`
INNER JOIN `users` AS `u` ON `p`.`userFK`=`u`.`ID`
WHERE `p`.`conversationFK`=" . intval($_POST['chat']);
$resultp = mysql_query($sql);
while ($row = mysql_fetch_object($resultp)) {
$tmp = array();
$tmp['username'] = $row->username;
$tmp['userid'] = $row->userid;
$json['users'][] = $tmp;
$json['lastPa'] = $row->id;
}
break;
}
usleep(30 * 1000);
}
if ($i >= 55) {
$json['succes'] = false;
} else {
$json['succes'] = true;
}
} else if (isset($_GET['send'])) {
$sql = "INSERT INTO `messages` (`userFK`, `conversationFK`, `sentTime`, `text`)
VALUES (" . $_SESSION['userID'] . ", " . intval($_POST['chat']) . ", " . time() . ",
'" . mysql_real_escape_string(htmlspecialchars($_POST['text'])) . "')";
$result = mysql_query($sql);
$json['success'] = true;
} else if (isset($_GET['removeUser'])) {
if (!isset($_POST['id']) || !isset($_POST['chat']))
die();
$id = intval($_POST['id']);
$chat = intval($_POST['chat']);
if (!$_SESSION['loggedIn'])
die("not logged in");
$sql = "SELECT * FROM `conversations` WHERE `initUserFK`=" . $_SESSION['userID'] . " AND `ID`=" . $chat;
$result = mysql_query($sql);
if (!mysql_num_rows($result))
die("fatal!");
$sql = "DELETE FROM `participants` WHERE `userFK`=" . $id . " AND `conversationFK`=" . $chat;
$result = mysql_query($sql);
echo mysql_error();
}
echo json_encode($json);
?>

4
connect.php Normal file
View file

@ -0,0 +1,4 @@
<?php
$connection = mysql_connect("localhost", "chat", "passwort");;
mysql_select_db("chat");
?>

40
db.sql Normal file
View file

@ -0,0 +1,40 @@
CREATE TABLE `conversations` (
`ID` int(11) NOT NULL AUTO_INCREMENT,
`name` text CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`initUserFK` int(11) NOT NULL,
`initTime` int(11) NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=7 DEFAULT CHARSET=utf8;
CREATE TABLE `messages` (
`ID` int(11) NOT NULL AUTO_INCREMENT,
`userFK` int(11) NOT NULL,
`conversationFK` int(11) NOT NULL,
`sentTime` int(11) NOT NULL,
`text` text CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=15 DEFAULT CHARSET=utf8;
CREATE TABLE `participants` (
`ID` int(11) NOT NULL AUTO_INCREMENT,
`conversationFK` int(11) NOT NULL,
`userFK` int(11) NOT NULL,
`joinTime` int(11) NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=21 DEFAULT CHARSET=utf8;
CREATE TABLE `seenTimes` (
`ID` int(11) NOT NULL AUTO_INCREMENT,
`time` int(11) NOT NULL,
`userFK` int(11) NOT NULL,
`messageFK` int(11) NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=63 DEFAULT CHARSET=utf8;
CREATE TABLE `users` (
`ID` int(11) NOT NULL AUTO_INCREMENT,
`username` text CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`password` text CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`regTime` int(11) NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;

402
index.php Normal file
View file

@ -0,0 +1,402 @@
<?php
include_once("connect.php");
ob_start();
@session_start();
?>
<style>
body {
}
</style>
<?php
if (!isset($_SESSION['active'])) {
$_SESSION['active'] = true;
$_SESSION['loggedIn'] = false;
$_SESSION['userID'] = 0;
}
if (!isset($_GET['site'])) {
header("LOCATION: ?site=home");
exit();
}
switch($_GET['site']) {
case "home":
if ($_SESSION['loggedIn']) {
?>
<a href="?site=conversations">Eine Liste der Konversationen</a>
<?php
} else {
?>
<a href="?site=login">Login</a><br />
<a href="?site=register">Noch keinen Account?</a>
<?php
}
break;
case "login":
if ($_SESSION['loggedIn']) {
header("LOCATION: ?site=home");
exit();
}
if (isset($_GET['sent'])) {
if (!isset($_POST['username']) || empty($_POST['username'])) {
header("LOCATION: ?site=login&error=username");
exit();
}
if (!isset($_POST['password']) || empty($_POST['password'])) {
header("LOCATION: ?site=login&error=password");
exit();
}
$sql = "SELECT `ID` FROM `users` WHERE `username`='" . mysql_real_escape_string(htmlspecialchars($_POST['username'])) . "' AND `password`='" . hash("sha256", $_POST['password']) . "'";
$result = mysql_query($sql);
if (!mysql_num_rows($result)) {
header("LOCATION: ?site=login&error=wrong");
exit();
}
$_SESSION['loggedIn'] = true;
$row = mysql_fetch_object($result);
$_SESSION['userID'] = $row->ID;
header("LOCATION: ?site=home");
exit();
}
if (isset($_GET['error']))
echo "<div class='error'>Error Typ: " . htmlspecialchars($_GET['error']) . "</div>";
?>
<form action="?site=login&sent" method="POST">
<input type="text" name="username"><br />
<input type="password" name="password"><br />
<input type="submit">
</form>
<?php
break;
case "register":
if ($_SESSION['loggedIn']) {
header("LOCATION: ?site=home");
exit();
}
if (isset($_GET['sent'])) {
if (!isset($_POST['username']) || empty($_POST['username'])) {
header("LOCATION: ?site=register&error=username");
exit();
}
if (!isset($_POST['password']) || empty($_POST['password'])) {
header("LOCATION: ?site=register&error=password");
exit();
}
$sql = "SELECT `ID` FROM `users` WHERE `username`='" . mysql_real_escape_string(htmlspecialchars($_POST['username'])) . "'";
$result = mysql_query($sql);
if (mysql_num_rows($result)) {
header("LOCATION: ?site=register&error=existing");
exit();
}
$sql = "INSERT INTO `users` (`username`, `password`, `regTime`) VALUES ('" . mysql_real_escape_string(htmlspecialchars($_POST['username'])) . "', '" . hash("sha256", $_POST['password']) . "', " . time() . ")";
$result = mysql_query($sql);
$_SESSION['loggedIn'] = true;
$sql = "SELECT `ID` FROM `users` WHERE `username`='" . mysql_real_escape_string(htmlspecialchars($_POST['username'])) . "'";
$result = mysql_query($sql);
$row = mysql_fetch_object($result);
$_SESSION['userID'] = $row->ID;
//echo mysql_error();
header("LOCATION: ?site=home");
exit();
}
if (isset($_GET['error']))
echo "<div class='error'>Error Typ: " . htmlspecialchars($_GET['error']) . "</div>";
?>
<form action="?site=register&sent" method="POST">
<input type="text" name="username"><br />
<input type="password" name="password"><br />
<input type="submit"><br />
</form>
<?php
break;
case "chat":
if (!$_SESSION['loggedIn']) {
header("LOCATION: ?site=login");
exit();
}
if (!isset($_GET['id'])) {
header("LOCATION: ?site=conversations");
exit();
}
$sql = "SELECT
`c`.`ID` AS `id`,
`c`.`name` AS `name`,
`c`.`initTime` AS `initTime`,
`p`.`joinTime` AS `joinTime`,
`iu`.`ID` AS `iuID`,
`iu`.`username` AS `initUser`
FROM `participants` AS `p`
INNER JOIN `conversations` AS `c` ON `p`.`conversationFK`=`c`.`ID`
INNER JOIN `users` AS `iu` ON `c`.`initUserFK`=`iu`.`ID`
WHERE `p`.`userFK`=" . $_SESSION['userID'] . " AND `c`.`ID`=" . intval($_GET['id']);
$result = mysql_query($sql);
if (!mysql_num_rows($result)) {
echo "Du bist bei dem Chat nicht dabei... : / ";
exit();
}
$row = mysql_fetch_object($result);
if (intval($_SESSION['userID']) == $row->iuID) {
?>
<div style="height: 20px; width: 100%;">
Uh, du bist der Initiator? Cool... : )
<input type="text" id="username">
<button onclick="addUser()">Benutzer hinzuf&uuml;gen</button>
</div>
<?php
}
?>
<div style="display: none">
<style>
.sender {
text-decoration: underline;
font-weight: bold;
}
</style>
<script>
var ret = function(v) {
return v;
}
//var http;
var reqGet = function(file, pars, bg, after) {
var http = new XMLHttpRequest();
http.open("GET", "ajax/" + file + ".php?" + pars, bg);
if (bg) {
http.onreadystatechange = function() {
if (http.readyState == 4) {
after(http.responseText);
}
};
}
http.send(null);
if (!bg)
return after(http.responseText);
}
var reqPost = function(file, get, pars, bg, after) {
var http = new XMLHttpRequest();
http.open("POST", file + ".php?" + get, bg);
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", pars.length);
http.setRequestHeader("Connection", "close")
if (bg) {
http.onreadystatechange = function() {
if (http.readyState == 4) {
after(http.responseText);
}
};
}
http.send(pars);
if (!bg)
return after(http.responseText);
}
var addUser = function() {
try {
//http.abort();
} catch(e) {
}
var username = document.getElementById("username").value;
reqPost("ajax", "addUser", "chat=<?php echo $row->id; ?>&username=" + encodeURIComponent(username), true, message);
document.getElementById("username").value = "";
//startLoader();
}
var lastId = 0;
var lastPa = 0;
var startLoader = function() {
reqPost("ajax", "load", "chat=<?php echo $row->id; ?>&mid=" + lastId + "&pid=" + lastPa, true, load);
}
var load = function(result) {
console.log(result);
if (!result.length)
return;
result = JSON.parse(result);
if (result.nic) {
window.location = "kicked.html";
return;
}
if (result.lastId)
lastId = result.lastId;
if (result.lastPa)
lastPa = result.lastPa;
if (result.messages) {
var chat = document.getElementById("chat");
var chattext = "";
for (var i = 0; i < result.messages.length; i++) {
chattext += "<tr>";
chattext += '<td class="sender">';
// chattext += '<a href="?site=users&id=' + result.messages[i].userid + '">';
chattext += result.messages[i].username;
// chattext += '</a>';
chattext += "</td>";
chattext += "<td>";
chattext += result.messages[i].text;
chattext += "</td>";
chattext += "</tr>";
}
chat.innerHTML += chattext;
}
if (result.users) {
var users = document.getElementById("users");
users.innerHTML = "";
var userstext = "";
for (var i = 0; i < result.users.length; i++) {
userstext += "<tr>";
userstext += "<td>";
//userstext += '<a href="?site=users&id=' + result.users[i].userid + '">';
if (result.users[i].userid != <?php echo $_SESSION['userID'];?>) {
<?php
if (intval($_SESSION['userID']) == $row->iuID)
echo "userstext += '<a href=\"javascript:remove(' + result.users[i].userid + ');\">';\n";
echo "userstext += result.users[i].username;\n";
if (intval($_SESSION['userID']) == $row->iuID)
echo "userstext += '</a>';\n";
?>
} else {
userstext += result.users[i].username;
}
userstext += "</td>";
userstext += "</tr>";
}
users.innerHTML = userstext;
}
scrollDown();
startLoader();
}
var remove = function(id) {
reqPost("ajax", "removeUser", "chat=<?php echo $row->id; ?>&id=" + id, true, resetLastPa);
}
var resetLastPa = function(msg) {
lastPa = 0;
}
var send = function() {
try {
//http.abort();
} catch(e) {
}
var text = document.getElementById("chatInput").value;
document.getElementById("chatInput").value = "";
reqPost("ajax", "send", "text=" + encodeURIComponent(text) + "&chat=<?php echo $row->id; ?>", true, function (v) { console.dir(v); } );
//startLoader();
}
var message = function(result) {
console.log(result);
result = JSON.parse(result);
console.dir(result);
}
var scrollDown = function() {
var obj = document.getElementById("chatcontainer");
obj.scrollTop = obj.scrollHeight;
}
window.onunload = function() {
document.getElementById("chat").innerHTML = "";
//http.abort();
}
startLoader();
</script>
</div>
<div style="height: 85%; width: 100%">
<div id="chatcontainer" style="float: left; height: 100%; width: 75%; overflow-y: scroll; overflow-x: hidden">
<table id="chat">
</table>
</div>
<div style="float: right; height: 100%; width: 25%; overflow-y: scroll; overflow-x: hidden">
<table id="users">
</table>
</div>
</div>
<div style="margin: 0px; padding: 0px; height: 5%; width: 100%; position: absolute; left: 0px; bottom: 0px;">
<form>
<input type="text" id="chatInput" style="margin: 0px; padding-left: 10px; width: 89%">
<input type="submit" style="width: 10%" onclick="send(); return false;">
</form>
</div>
<?php
break;
case "conversations":
if (!$_SESSION['loggedIn']) {
header("LOCATION: ?site=home");
exit();
}
if (isset($_GET['new'])) {
if (!isset($_POST['name']) || empty($_POST['name'])) {
header("LOCATION: ?site=conversations&error=name");
exit();
}
$sql = "INSERT INTO `conversations` (`name`, `initUserFK`, `initTime`) VALUES ('" . mysql_real_escape_string(htmlspecialchars($_POST['name'])) . "', " . $_SESSION['userID'] . ", " . time() . ")";
$result = mysql_query($sql);
$sql = "SELECT `ID` FROM `conversations` WHERE `name`='" . mysql_real_escape_string(htmlspecialchars($_POST['name'])) . "'";
$result = mysql_query($sql);
$row = mysql_fetch_object($result);
$sql = "INSERT INTO `participants` (`conversationFK`, `userFK`, `joinTime`) VALUES (" . $row->ID . ", " . $_SESSION['userID'] . ", " . time() . ")";
$result = mysql_query($sql);
header("LOCATION: ?site=conversations");
exit();
}
$sql = "SELECT
`c`.`ID` AS `id`,
`c`.`name` AS `name`,
`c`.`initTime` AS `initTime`,
`p`.`joinTime` AS `joinTime`,
`iu`.`ID` AS `iuID`,
`iu`.`username` AS `initUser`
FROM `participants` AS `p`
INNER JOIN `conversations` AS `c` ON `p`.`conversationFK`=`c`.`ID`
INNER JOIN `users` AS `iu` ON `c`.`initUserFK`=`iu`.`ID`
WHERE `p`.`userFK`=" . $_SESSION['userID'];
$result = mysql_query($sql);
if (!mysql_num_rows($result)) {
echo "Keine Konversationen... : (<br />";
}
if (isset($_GET['error']))
echo "<div class='error'>Error Typ: " . htmlspecialchars($_GET['error']) . "</div>";
?>
<table>
<?php
while ($row = mysql_fetch_object($result)) {
?>
<tr>
<td colspan="2"><a href="?site=chat&id=<?php echo $row->id; ?>"><?php echo $row->name; ?></td>
</tr>
<tr>
<td>von <a href="?site=users&id=<?php echo $row->iuID; ?>"><?php echo $row->initUser; ?></a></td>
<td>um <?php echo $row->initTime; ?></td>
</tr>
<tr>
<td>dabei seit <?php echo $row->joinTime; ?></td>
</tr>
<?php
}
?>
</table>
<div>
Neue Konversation:<br />
<form action="?site=conversations&new" method="POST">
<input type="text" name="name"><br />
<input type="submit">
</form>
</div>
<?php
break;
}
?>

2
kicked.html Normal file
View file

@ -0,0 +1,2 @@
Du wurdest gekickt!<br />
<a href="./">Zur&uuml;ck</a>

4
logout.php Normal file
View file

@ -0,0 +1,4 @@
<?php
session_start();
$_SESSION = array();
?>