EasyCFM.COM ColdFusion Forums / PHP to CFML / Help converting PHP code for IM App

   Reply to Discussion | New Discussion << previous || next >> 
Posted By Discussion Topic: Help converting PHP code for IM App

book mark this topic Printer-friendly Version  send this discussion to a friend  new posts last

Caliber
10-25-2006 @ 4:22 PM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
Junior Member
Posts: 106
Joined: Sep 2003

Hello all! I found this IM application written in PHP. The problem is I don't know an ounce of PHP. I was hoping someone could help.



<?

// configuration //
$sql_user = 'username';
$sql_pass
= 'password';
$sql_host
= 'localhost';
$sql_db
  = 'database';

//
string sanitizer - only alphanumerics //
function sanitize_alphanum($string, $min=', $max=')
{
  $string = preg_replace("/[^a-zA-Z0-9\s]/", "", $string);
   $len = strlen($string);
  if((($min != ') && ($len < $min)) || (($max != ') && ($len >
$max)))
     return FALSE;
   return $string;
}

// checks if a user is online or not //
function is_online($username) {
   $query = @mysql_query("SELECT is_online FROM users WHERE username='$username'");
   $result = @mysql_fetch_assoc($query);
   return $result['is_online'];
}

// function to generate a random password //
function generatePassword($length=10) {
   $randstr=';
   srand((double)microtime()*1000000);

   $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
   while(strlen($randstr)<$length) {
      $randstr.=substr($chars,(rand()%(strlen($chars))),1);
  }
   return $randstr;
}

$call      = sanitize_alphanum($_POST['call']);
$from
     = sanitize_alphanum($_POST['from']);
$pwd
      = sanitize_alphanum($_POST['pwd']);
$recipient
= sanitize_alphanum($_POST['recipient']);
$message
  = strip_tags(str_replace("<amp>
", "&", $_POST['msg']));


// connect to database //
$link = mysql_connect($sql_host, $sql_user, $sql_pass);
mysql_select_db($sql_db);


// cleanup logged-in users in database? [30% chance] //
if(rand(1, 100) <= 30) {
   // yes, cleanup! //
   $expire_time = time() - 90; // idle for more than 1.5 minutes? //
   $cleanup = @mysql_query("UPDATE users SET is_online='0' WHERE last_ping < $expire_time");
}


switch($call) {

   case 'send':
      //////////// sending a message ////////////
      // message parts (within array $_POST):  //
      // from     -  user who sent message     //
      // pwd      -  password                  //
      // recipient-  user receiving the message//
      // msg      -  the message               //
      ///////////////////////////////////////////

      $query = @mysql_query("SELECT username FROM users WHERE username='".mysql_real_escape_string($from)."' AND password='".$pwd."'");
     if(@mysql_num_rows($query) >
0) {
         if(is_online($recipient) > 0) {
            $query = @mysql_query("INSERT INTO messages (message, sender, recipient) VALUES ('$message', '".mysql_real_escape_string($from)."', '$recipient')");
            print "sent";
         } else {
            print 'not_online';
         }
      } else {
            $set_status = @mysql_query("UPDATE users SET is_online='0', last_ping='".time()."' WHERE username='".mysql_real_escape_string($from)."'");
            print 'not_logged_in';
      }
      break;

   case 'ping':
      ///////////// ping the server /////////////
      // note: since the server cannot contact //
      //       the client, the client must     //
      //       ping the server for new msgs    //
      //                                       //
      // ping parts (within array $_POST):     //
      // from     -  user pinging the server   //
      // pwd      -  password                  //
      ///////////////////////////////////////////
      $query = mysql_query("SELECT buddylist FROM users WHERE username='$from' AND password='".$pwd."'");
      if(@mysql_num_rows($query) > 0) {
         $user_bl = mysql_fetch_assoc($query);
         $set_status = @mysql_query("UPDATE users SET is_online='".mysql_real_escape_string($_POST['away']+1)."', last_ping='".time()."' WHERE username='".mysql_real_escape_string($from)."'");

         $query = @mysql_query("SELECT message,sender FROM messages WHERE recipient='".mysql_real_escape_string($from)."'");
         header("Content-type: text/xml");
         print '<?xml version="1.0" encoding="ISO-8859-1"?>'."\n";
         print "<main>\n<numMessages>";
         if(@mysql_num_rows($query) > 0) {
            print mysql_num_rows($query) . "</numMessages>\n";
            while ($row = @mysql_fetch_assoc($query)) {
               print "<message>\n";
               print '<from>'.$row['sender']."</from>\n";
               print '<data>'.rawurldecode($row['message'])."</data>\n";
               print "</message>\n";
            }
         } else {
            print "0</numMessages>\n";
         }

         $delete_new = @mysql_query("DELETE FROM messages WHERE recipient='$from'");

         print "<buddyList>\n";

         $query = @mysql_query("SELECT username,is_online FROM users WHERE username IN('".str_replace(",","','", $user_bl['buddylist'])."') ORDER BY username ASC");
         print "<numBuddies>".mysql_num_rows($query)."</numBuddies>\n";

         if(mysql_num_rows($query) > 0) {
            while ($row = mysql_fetch_array($query, MYSQL_ASSOC)) {
               print '<user status="'.($row['is_online']==2 ? 'away' : ($row['is_online']==1 ? 'online' : 'offline')).'">'.$row['username'].'</user>'."\n";
            }
         }
        
         print "</buddyList>\n";
         print "</main>\n";
      } else {
            $set_status = @mysql_query("UPDATE users SET is_online='0', last_ping='".time()."' WHERE username='".mysql_real_escape_string($from)."'");
            print 'not_logged_in';
      }
      break;      


   case 'login':
      ///////////// login to the server /////////
      // login parts (within array $_POST):    //
      // from     -  user logging in           //
      // pwd      -  password                  //
      ///////////////////////////////////////////

      $query = @mysql_query("SELECT username FROM users WHERE username='".mysql_real_escape_string($from)."' AND password='".$pwd."'");
      if(@mysql_num_rows($query) > 0) {
         $set_status = @mysql_query("UPDATE users SET is_online='1' WHERE username='".mysql_real_escape_string($from)."'");
         print "logged_in";
      } else {
         print 'invalid';
      }
      break;

   case 'logout':
      ///////////// logout of the server ////////
      // login parts (within array $_POST):    //
      // from     -  user logging out          //
      // pwd      -  password                  //
      ///////////////////////////////////////////
      $query = @mysql_query("SELECT username FROM users WHERE username='".mysql_real_escape_string($from)."' AND password='".$pwd."'");
      if(@mysql_num_rows($query) > 0) {
         $set_status = @mysql_query("UPDATE users SET is_online='0', last_ping='".time()."' WHERE username='".mysql_real_escape_string($from)."'");
         print 'logged_out';
      } else {
         print 'invalid';
      }
      break;

   case 'register':
      ///////////// register a new user /////////
      // login parts (within array $_POST):    //
      // from     -  username chosen           //
      // pwd      -  password chosen           //
      // email    -  email address             //
      ///////////////////////////////////////////
      $email = $_POST['email'];

      if(preg_match('/^[a-z0-9_\\d]+$/', $from) !== false && strlen($from) >= 3 && strlen($from) <= 16) {
         if(preg_match('/^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$/', $email) !== false) {
            if(strlen($pwd) >
= 4 && strlen($pwd) <= 16) {
               if(mysql_num_rows(mysql_query("SELECT email FROM users WHERE email='".mysql_real_escape_string($email)."'")) == 0) {
                  $query = @mysql_query("SELECT username FROM users WHERE username='".mysql_real_escape_string($from)."'");
                 if(@mysql_num_rows($query) == 0) {
                     $query = @mysql_query("INSERT INTO users (username, password, email) VALUES ('".mysql_real_escape_string($from)."', '".md5($pwd)."', '".mysql_real_escape_string($email)."')");
                     print 'user_registered';
                  } else {
                     print 'username_taken';
                  }
               } else {
                  print 'email_already_used';
               }
            } else {
               print 'password_bad_length';
            }
         } else {
            print 'invalid_email';
         }
      } else {
         print 'username_bad';
      }
      break;

   case 'save':
      //////// save the users buddylist /////////
      // parts (within array $_POST):          //
      // from     -  user saving the buddylist //
      // pwd      -  password                  //
      // list     -  the buddylist             //
      ///////////////////////////////////////////
      $query = @mysql_query("SELECT username FROM users WHERE username='".mysql_real_escape_string($from)."' AND password='".$pwd."'");
     if(@mysql_num_rows($query) >
0) {
            $query = @mysql_query("UPDATE users SET buddylist='".$_POST['list']."' WHERE username='".mysql_real_escape_string($from)."'");
            print 'saved';
      } else {
            print 'not_logged_in';
      }
      break;

   case 'reset':
      //////// reset the users password /////////
      // parts (within array $_POST):          //
      // from     -  the email for the account //
      ///////////////////////////////////////////
      $from = str_replace(' AT ', '@', str_replace(' DOT ', '.', $from));
      $query = @mysql_query("SELECT email FROM users WHERE email='".mysql_real_escape_string($from)."'");
      if(@mysql_num_rows($query) > 0) {
         $new_pass = generatePassword();
         $query = @mysql_query("UPDATE users SET password='".md5($new_pass)."' WHERE email='".mysql_real_escape_string($from)."'");
         mail($from, 'Your Reset Password', "You requested your password be reset -- your new password is below.\n\nNew Password: $new_pass", 'From: Reset Password <reset_password@'.$_SERVER['HTTP_HOST'].'>');
         print 'pw_reset';
      } else {
         print 'no_email_on_record';
      }
      break;

   case 'pwdchange':
      //////// change the users password ////////
      // parts (within array $_POST):          //
      // from     -  user changing the passwd  //
      // pwd      -  current password          //
      // newpwd   -  new password              //
      ///////////////////////////////////////////
      $query = @mysql_query("SELECT username FROM users WHERE username='".mysql_real_escape_string($from)."' AND password='".$pwd."'");
      if(@mysql_num_rows($query) > 0) {
         if(strlen($_POST['newpwd']) >= 4 && strlen($_POST['newpwd']) <= 16) {
            $query = @mysql_query("UPDATE users SET password='".md5($_POST['newpwd'])."' WHERE username='".mysql_real_escape_string($from)."'");
           print 'pw_changed';
         } else {
            print 'password_bad_length';
         }
      } else {
         print 'invalid_pw';
      }
      break;
}
?>


pangea33
10-25-2006 @ 11:28 PM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
Junior Member
Posts: 62
Joined: Jul 2005

I'm actually willing to give it a go, as an intellectual pursuit and a challenge to myself. There's not much chance I'd be willing to the endure the painstaking task of reverse engineering from just this page though.

First, there is clearly at least one other page that posts to this one, since this document has no forms on it. There are also a couple tables referenced too, so I'm sure there is a script to define them.

If you hook me up with all the php code, I'll get it working in CF. If you want me to, PM or respond to this thread with a link or ftp login credentials so I can get the original source.

--
http://benconley.net


Website Designed and Developed by Pablo Varando.