[phpMyChat CVS] CVS: phpMyChat-0.15/chat/lib/index_libs do_enter_db_work.lib.php3,1.26,1.27 do_enter_js_work.lib.php3,1.16,1.17 index_validation.lib.php3,1.15,1.16 main_index.lib.php3,1.46,1.47

[Lo?c C. <lo...@us...>]

Update of /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs
In directory usw-pr-cvs1:/tmp/cvs-serv14795/chat/lib/index_libs

Modified Files:
	do_enter_db_work.lib.php3 do_enter_js_work.lib.php3 
	index_validation.lib.php3 main_index.lib.php3 
Log Message:
Begin right levels improvement

Index: do_enter_db_work.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs/do_enter_db_work.lib.php3,v
retrieving revision 1.26
retrieving revision 1.27
diff -C2 -r1.26 -r1.27
*** do_enter_db_work.lib.php3	2001/11/29 22:00:56	1.26
--- do_enter_db_work.lib.php3	2001/12/04 20:01:04	1.27
***************
*** 102,109 ****
   * (password are no long crypted)
   */
! if ($isRegUser)
  {
  	$slashedPswd		= pmcSlashSingleQuotes(str_replace('\\', '\\\\', $pmcPassword));
! 	$dbLink->query("UPDATE " . C_REG_TBL . " SET passwd = '$slashedPswd', reg_time = $currentTime, ip = '$ip' WHERE username = '$slashedNick'");
  }
  
--- 102,109 ----
   * (password are no long crypted)
   */
! if ($isRegUser && empty($reloading))
  {
  	$slashedPswd		= pmcSlashSingleQuotes(str_replace('\\', '\\\\', $pmcPassword));
! 	$dbLink->query("UPDATE " . C_REG_TBL . " SET passwd = '$slashedPswd', reg_time = $currentTime, ip = '$ip', log_times = $regUserLogTimes WHERE username = '$slashedNick'");
  }
  
***************
*** 123,131 ****
  if ($wasInRoom != '')
  {
! 	// 1.a ...in the same room -> updates his last loggin time and his IP
! 	// address;
  	if ($targetRoom == $wasInRoom)
  	{
! 		$dbLink->query("UPDATE " . C_USR_TBL . " SET u_time = $currentTime, ip = '$ip', away = 0 WHERE session_id = '$dbSessionId'");
  	}
  
--- 123,131 ----
  if ($wasInRoom != '')
  {
! 	// 1.a ...in the same room -> updates his last loggin time, right_level, ip
! 	//     and away status;
  	if ($targetRoom == $wasInRoom)
  	{
! 		$dbLink->query("UPDATE " . C_USR_TBL . " SET u_time = $currentTime, status = $status, ip = '$ip', away = 0 WHERE session_id = '$dbSessionId'");
  	}
  

Index: do_enter_js_work.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs/do_enter_js_work.lib.php3,v
retrieving revision 1.16
retrieving revision 1.17
diff -C2 -r1.16 -r1.17
*** do_enter_js_work.lib.php3	2001/11/30 19:30:35	1.16
--- do_enter_js_work.lib.php3	2001/12/04 20:01:04	1.17
***************
*** 78,82 ****
  <script type="text/javascript" language="javascript1.1">
  <!--
! var jsIsModerator		= <?php echo(($status >= 5) ? 1 : 0); ?>;
  // -->
  </script>
--- 78,82 ----
  <script type="text/javascript" language="javascript1.1">
  <!--
! var jsIsModerator		= <?php echo(($status >= 3) ? 1 : 0); ?>;
  // -->
  </script>

Index: index_validation.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs/index_validation.lib.php3,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -r1.15 -r1.16
*** index_validation.lib.php3	2001/11/26 22:16:08	1.15
--- index_validation.lib.php3	2001/12/04 20:01:04	1.16
***************
*** 40,43 ****
--- 40,44 ----
   * @param	string	previous id of the user whith the same nick
   * @param	string	name of the room the user was chatting into
+  * @param	integer	the number of times the user logged in
   *
   * @return	string	error number (empty if no error)
***************
*** 52,56 ****
   * @access	public
   */
! function pmcValidateNickAndPaswd(&$isRegNick, &$loggedInId, &$loggedInRoom)
  {
  	global $isJsValidated;
--- 53,57 ----
   * @access	public
   */
! function pmcValidateNickAndPaswd(&$isRegNick, &$loggedInId, &$loggedInRoom, &$logTimes)
  {
  	global $isJsValidated;
***************
*** 63,150 ****
  	$requireReg	= C_REQUIRE_REGISTER;
  
! 	// 1. Ensures invalid characters/words aren't in use for the nick
! 	// Ensures a nick has been submitted
! 	if (!$isJsValidated && $pmcNick == '')
  	{
! 		$error1				= L_ERR_USR_2;
! 	}
! 	// Checks for invalid characters or empty nick
! 	else if (!$isJsValidated && 
! 				(trim($pmcNick) == '' || ereg('[\, ]', $pmcNick)))
! 	{
! 		$error1				= L_ERR_USR_16;
! 	}
! 	// Checks for swear words in the nick
! 	else if (C_NO_SWEAR)
! 	{
! 		if (checkWords($pmcNick, true))
  		{
! 			$error1			= L_ERR_USR_18;
  		}
! 	}
! 	// end of the 1st stage (character validation inside the nick)
  
! 	// 2. If the nick is currently in use, gets the corresponding room name and
! 	//	  sets the $requireReg variable to true
! 	if ($error1 == '')
  	{
! 		$dbLink->query("SELECT session_id, room FROM " . C_USR_TBL . " WHERE username = '$slashedNick' LIMIT 1");
! 		$isLoggedIn = (list($loggedInId, $loggedInRoom) = $dbLink->nextRecord());
! 		if ($isLoggedIn)
  		{
! 			$loggedInRoom	= pmcHandleMagicQuotes($loggedInRoom, '', 1, 'del');
! 			$requireReg		= true;
  		}
! 	}
! 	// end of the 2nd stage (checking if the nick is already in use)
! 
! 	// 3. If registration is required but no password has been submitted
! 	//    -> deny access
! 	if ($error1 == '' && !$isJsValidated && $requireReg)
! 	{
! 		if ($pmcPassword == '')
  		{
! 			$error1			= ($isLoggedIn) ? L_ERR_USR_1 : L_ERR_USR_14;
  		}
! 	}
! 	// end of the 3rd stage (a password has been submitted if required)
! 
! 	// 4. Ensure a valid password has been submitted if the nick is a
! 	//    registered one
! 	if ($error1 == '')
! 	{
! 		$dbLink->query("SELECT passwd FROM " . C_REG_TBL . " WHERE username = '$slashedNick' LIMIT 1");
! 		$isRegNick = (list($regUserPassword) = $dbLink->nextRecord());
! 		if ($isRegNick)
  		{
! 			$regUserPassword			= pmcHandleMagicQuotes($regUserPassword, '', 1, 'del');
  		}
! 		$dbLink->cleanResults();
  
! 		// Nick isn't a registered one but registration is required
! 		if (!$isRegNick && $requireReg)
! 		{
! 			$error1 					= L_ERR_USR_14;
  		}
! 		// Skip the validation of the password when it has already be done before
! 		// the 'main_index.lib.php3' is ran
! 		else if (!isset($GLOBALS['$exitMessage']) && $isRegNick)
  		{
! 			// Reserved nick but no password submitted -> deny access
! 			if (!$isJsValidated && $pmcPassword == '')
  			{
! 				$error1 				= L_ERR_USR_3;
  			}
! 			// Validates the password submitted (compare also its md5 hash for
! 			// compatibility with old releases)
! 			else if ($regUserPassword != $pmcPassword && $regUserPassword != md5($pmcPassword))
  			{
! 				$isRegNick				= false;
! 				$pmcPassword			= '';
! 				$error1					= L_ERR_USR_4;
  			}
  		}
! 	}
! 	// end of the 4th stage (validation of the password)
  
  	return $error1;
--- 64,175 ----
  	$requireReg	= C_REQUIRE_REGISTER;
  
! 	// Light validation if the user is relogging
! 	if (!empty($GLOBALS['reloading']))
  	{
! 		$isRegNick			= (dbSessionIsRegistered('status') && $GLOBALS['dbSessionVars']['status'] > 0);
! 		if ($GLOBALS['reloading'] == 'joinLink')
  		{
! 			$dbLink->query('SELECT log_times FROM ' . C_REG_TBL . " WHERE username = '$slashedNick' LIMIT 1");
! 			list($logTimes)	= $dbLink->nextRecord();
! 			$dbLink->cleanResults();
! 			if ($logTimes < C_EXPERIENCED_LOGIN_TIMES)
! 			{
! 				$logTimes++;
! 			}
  		}
! 	} // end of light validation
  
! 	// Full validation
! 	else
  	{
! 		// 1. Ensures invalid characters/words aren't in use for the nick
! 		// Ensures a nick has been submitted
! 		if (!$isJsValidated && $pmcNick == '')
  		{
! 			$error1				= L_ERR_USR_2;
  		}
! 		// Checks for invalid characters or empty nick
! 		else if (!$isJsValidated && 
! 				(trim($pmcNick) == '' || ereg('[\, ]', $pmcNick)))
  		{
! 			$error1				= L_ERR_USR_16;
  		}
! 		// Checks for swear words in the nick
! 		else if (C_NO_SWEAR)
  		{
! 			if (checkWords($pmcNick, true))
! 			{
! 				$error1			= L_ERR_USR_18;
! 			}
  		}
! 		// end of the 1st stage (character validation inside the nick)
  
! 		// 2. If the nick is currently in use, gets the corresponding room name
! 		//	  and sets the $requireReg variable to true
! 		if ($error1 == '')
! 		{
! 			$dbLink->query("SELECT session_id, room FROM " . C_USR_TBL . " WHERE username = '$slashedNick' LIMIT 1");
! 			$isLoggedIn = (list($loggedInId, $loggedInRoom) = $dbLink->nextRecord());
! 			if ($isLoggedIn)
! 			{
! 				$loggedInRoom	= pmcHandleMagicQuotes($loggedInRoom, '', 1, 'del');
! 				$requireReg		= true;
! 			}
  		}
! 		// end of the 2nd stage (checking if the nick is already in use)
! 
! 		// 3. If registration is required but no password has been submitted
! 		//    -> deny access
! 		if ($error1 == '' && !$isJsValidated && $requireReg)
  		{
! 			if ($pmcPassword == '')
! 			{
! 				$error1			= ($isLoggedIn) ? L_ERR_USR_1 : L_ERR_USR_14;
! 			}
! 		}
! 		// end of the 3rd stage (a password has been submitted if required)
! 
! 		// 4. Ensure a valid password has been submitted if the nick is a
! 		//    registered one
! 		if ($error1 == '')
! 		{
! 			$dbLink->query("SELECT passwd, log_times FROM " . C_REG_TBL . " WHERE username = '$slashedNick' LIMIT 1");
! 			$isRegNick = (list($regUserPassword, $logTimes) = $dbLink->nextRecord());
! 			if ($isRegNick)
! 			{
! 				$regUserPassword		= pmcHandleMagicQuotes($regUserPassword, '', 1, 'del');
! 				if ($logTimes < C_EXPERIENCED_LOGIN_TIMES)
! 				{
! 					$logTimes++;
! 				}
! 			}
! 			$dbLink->cleanResults();
! 
! 			// Nick isn't a registered one but registration is required
! 			if (!$isRegNick && $requireReg)
  			{
! 				$error1 				= L_ERR_USR_14;
  			}
! 			// Skip the validation of the password when it has already be done
! 			// before the 'main_index.lib.php3' is ran
! 			else if (!isset($GLOBALS['$exitMessage']) && $isRegNick)
  			{
! 				// Reserved nick but no password submitted -> deny access
! 				if (!$isJsValidated && $pmcPassword == '')
! 				{
! 					$error1 			= L_ERR_USR_3;
! 				}
! 				// Validates the password submitted (compare also its md5 hash
! 				// for compatibility with old releases)
! 				else if ($regUserPassword != $pmcPassword && $regUserPassword != md5($pmcPassword))
! 				{
! 					$isRegNick			= false;
! 					$pmcPassword		= '';
! 					$error1				= L_ERR_USR_4;
! 				}
  			}
  		}
! 		// end of the 4th stage (validation of the password)
! 	} // end of full validation
  
  	return $error1;
***************
*** 162,165 ****
--- 187,191 ----
   * @global	string	the slashed nick of the user who wants to enter the chat
   * @global	boolean	whether this nick is a registered one or not
+  * @global	integer	the number of times the user logged in
   * @global	boolean	whether the room has to be trully created or not
   * @global	string	the name of the room to create
***************
*** 176,179 ****
--- 202,206 ----
  	global $slashedNick;
  	global $isRegUser;
+ 	global $regUserLogTimes;
  	global $isCreateRoom;
  	global $targetRoom, $roomType;
***************
*** 187,190 ****
--- 214,225 ----
  		$error2					= L_ERR_USR_13;
  	}
+ 	// Not an experienced user and this is required -> deny room creation
+ 	else if ($rightLevels['create_room'] > 1
+ 			 && !((dbSessionIsRegistered('status') && $GLOBALS['dbSessionVars']['status'] > 6)
+ 				  || $regUserLogTimes > C_EXPERIENCED_LOGIN_TIMES))
+ 	{
+ 		$error2					= L_ERR_USR_22;
+ 	}
+ 
  	// Checks for invalid characters or empty room name
  	else if (!$isJsValidated

Index: main_index.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs/main_index.lib.php3,v
retrieving revision 1.46
retrieving revision 1.47
diff -C2 -r1.46 -r1.47
*** main_index.lib.php3	2001/12/01 11:16:36	1.46
--- main_index.lib.php3	2001/12/04 20:01:04	1.47
***************
*** 61,69 ****
   * in the 'chat/lib/common.lib.php3' library.
   */
! $retVar						= array($defaultChatRooms, $defaultPrivateRooms);
  $toGrab						= array('%GET', '%POST', '%COOKIE');
  pmcGrabGlobals($toGrab);
  $defaultChatRooms			= $retVar[0];
  $defaultPrivateRooms		= $retVar[1];
  unset($retVar);
  
--- 61,70 ----
   * in the 'chat/lib/common.lib.php3' library.
   */
! $retVar						= array($defaultChatRooms, $defaultPrivateRooms, $rightLevels);
  $toGrab						= array('%GET', '%POST', '%COOKIE');
  pmcGrabGlobals($toGrab);
  $defaultChatRooms			= $retVar[0];
  $defaultPrivateRooms		= $retVar[1];
+ $rightLevels				= $retVar[2];
  unset($retVar);
  
***************
*** 337,340 ****
--- 338,342 ----
  	$wasInRoom				= '';
  	$previousId				= '';
+ 	$regUserLogTimes		= 0;
  	$isCreateRoom			= FALSE;
  
***************
*** 410,425 ****
  	 * also the convenient password has been submitted.
  	 *
- 	 * This part of the script is skipped if the frameset is reloaded because
- 	 * of the NS4+ resize bug or because the user has clicked on a room name at
- 	 * the 'users' frame.
- 	 * In these cases, the nick and the password have already been validated.
- 	 *
  	 * The function 'pmcValidateNickAndPaswd()' is defined inside the
  	 * 'chat/lib/index_validation.lib.php3' library
  	 */
! 	if (empty($error) && empty($reloading))
  	{
! 		$error = pmcValidateNickAndPaswd($isRegUser, $previousId, $wasInRoom);
! 		if ($error == '')
  		{
  			// Puts the nick in a cookie that will expire in one year
--- 412,422 ----
  	 * also the convenient password has been submitted.
  	 *
  	 * The function 'pmcValidateNickAndPaswd()' is defined inside the
  	 * 'chat/lib/index_validation.lib.php3' library
  	 */
! 	if (empty($error))
  	{
! 		$error = pmcValidateNickAndPaswd($isRegUser, $previousId, $wasInRoom, $regUserLogTimes);
! 		if ($error == '' && empty($reloading))
  		{
  			// Puts the nick in a cookie that will expire in one year
***************
*** 446,453 ****
  		else
  		{
! 			$dbLink->query("SELECT COUNT(*) FROM " . C_RIGHT_TBL . " WHERE username = '$slashedNick' AND right_level > 9 LIMIT 1");
  			list($isAdmin) = $dbLink->nextRecord();
  			$dbLink->cleanResults();
! 			$dbSessionVars['status'] = ($isAdmin) ? 10 : '';
  		}
  	}
--- 443,450 ----
  		else
  		{
! 			$dbLink->query("SELECT right_level FROM " . C_RIGHT_TBL . " WHERE username = '$slashedNick' AND right_level > 6 LIMIT 1");
  			list($isAdmin) = $dbLink->nextRecord();
  			$dbLink->cleanResults();
! 			$dbSessionVars['status'] = ($isAdmin) ? $isAdmin : '';
  		}
  	}
***************
*** 466,470 ****
  	if (empty($error) && C_MAX_USERS
  		&& empty($reloading) && empty($wasInRoom)
! 		&& !(dbSessionIsRegistered('status') && intval($dbSessionVars['status']) > 9))
  	{
  		$dbLink->query('SELECT COUNT(*) FROM ' . C_USR_TBL);
--- 463,467 ----
  	if (empty($error) && C_MAX_USERS
  		&& empty($reloading) && empty($wasInRoom)
! 		&& !(dbSessionIsRegistered('status') && intval($dbSessionVars['status']) > 6))
  	{
  		$dbLink->query('SELECT COUNT(*) FROM ' . C_USR_TBL);
***************
*** 491,495 ****
  	{
  		if (C_BANISH
! 			&& !(dbSessionIsRegistered('status') && intval($dbSessionVars['status']) > 9)
   			&& pmcCheckBanish())
  		{
--- 488,492 ----
  	{
  		if (C_BANISH
! 			&& !(dbSessionIsRegistered('status') && intval($dbSessionVars['status']) > 6)
   			&& pmcCheckBanish())
  		{
***************
*** 524,536 ****
  	{
  		$slashedTargetRoomName	= pmcSlashSingleQuotes($targetRoom);
! 		if (!isset($reloading))
! 		{
! 			$status				= pmcRightLevel();
! 		}		
! 		else if ($reloading != 'nsResize')
  		{
- 			$isRegUser			= ($dbSessionVars['status'] > 0);
  			$status				= pmcRightLevel();
- 			$isRegUser			= FALSE;
  		}
  		else
--- 521,527 ----
  	{
  		$slashedTargetRoomName	= pmcSlashSingleQuotes($targetRoom);
! 		if (!isset($reloading) || $reloading != 'nsResize')
  		{
  			$status				= pmcRightLevel();
  		}
  		else