...

View Full Version : Secure minichat without mysql, javascript etc. Pure 100% PHP only.



StrangeCoder
11-25-2010, 12:16 AM
1. Insert this anywhere you want to add your minichat:


<button onmouseover="this.style.cursor='pointer'"; onClick="send()"><img src="images/send.gif" width="133"></button><br>
<input style="background: black; color: white; text-align: center" onFocus="value=''" type="text" name="search" id="chat" value="">
<br>
<div id="frame1">
<iframe width="153" src="jkgh1g5h1j5gh12k5g21hk5gh5gf12tjf12cj125jyc2y5l6glug36gl36lg6gyk5f12yk1fgk515k125gyk251h125vh125kjhv 51k.php">
</iframe>
<script>
function send()
{
var message = document.getElementById('chat').value;
var meslen = document.getElementById('chat').value.length;
if (meslen <= 0)
{
alert('Please,write the message.');
}
else if (meslen >= 81)
{
alert('Maximum characters in your messages must be 80');
}
else
{
document.getElementById("frame1").innerHTML='<iframe width="153" src="fafbj1bhvhj1vg12vi4g12iv4g1h2ivgh1i4vgy12iv5gh5r1jv5ghjvgfvjfg1h2vfg12vfg21ufv21gvc12g4vc12g4vc12grh uvg1rv21gvc12grvg1ruvg21r21g.php?message='+message+'"></iframe>';
}
}
</script>

-> script fixes max and min characters and other crap.


2. Create long php file with loooong name "jkgh1g5h1j5gh12k5g21hk5gh5gf12tjf12cj125jyc2y5l6glug36gl36lg6gyk5f12yk1fgk515k125gyk251h125vh125kjhv 51k.php" (increases security, kinda...) at the same directory. HTML and CSS attributes you configure yourself.

<html>
<head>
<script type="text/javascript">
function pageScroll() {
window.scrollBy(0,10000);
}
</script>
</head>
<body>
<body onload="pageScroll()">
<div id="contents">
<?
$fps = file("/var/tmp/messages.txt");
$test = array_slice($fps, 0);
echo "<table border='1' style='color: white' bordercolor='#B1749F' background='black'>";
while (list ($line_num, $line) = each ($test))
{
$line_num = $line_num + 1;
echo "<tr>";
echo "<td><h3>#" .$line_num. " " .$line;
echo "</td></tr>";
}
echo "</table>";
?>
<br><br>
</div>
</body>
</html>
-> NOTICE the line:
$fps = file("/var/tmp/messages.txt");"
You should be sure that you have permissions to write file at this directory (by default: /var/tmp/messages.txt). If you haven't, then change directory. Messages.txt that will contain spam from minichat ;-)

3. Create another php file with another loooong name "fafbj1bhvhj1vg12vi4g12iv4g1h2ivgh1i4vgy12iv5gh5r1jv5ghjvgfvjfg1h2vfg12vfg21ufv21gvc12g4vc12g4vc12grh uvg1rv21gvc12grvg1ruvg21r21g.php" at the same directory.

<?php
$message = htmlspecialchars($_GET['message']);
if ($message)
{
$fp = fopen('/var/tmp/messages.txt', 'a');
$date = date("g:i A");
fwrite($fp, "at " .$date. "</h3>" .$message. "\n");
fclose($fp);
header("Location: jkgh1g5h1j5gh12k5g21hk5gh5gf12tjf12cj125jyc2y5l6glug36gl36lg6gyk5f12yk1fgk515k125gyk251h125vh125kjhv 51k.php");
}
else
{
header("Location: jkgh1g5h1j5gh12k5g21hk5gh5gf12tjf12cj125jyc2y5l6glug36gl36lg6gyk5f12yk1fgk515k125gyk251h125vh125kjhv 51k.php");
}
?>
-> NOTICE the line:
$fp = fopen('/var/tmp/messages.txt', 'a');
You should be sure that you have permissions to write file at this directory (by default: /var/tmp/messages.txt). If you haven't, then change directory. Messages.txt that will contain spam from minichat ;-)


That's all. You can just delete messages.txt if you got too much of flooders ;-)

Fou-Lu
11-25-2010, 01:10 AM
Moving from PHP to PHP Snippets.
This has quite a bit of JS in it, which makes your title misleading. You may want to consider an intermediate interface for writing to datastorage as well; while this doesn't use MySQL, that messages.txt will grow very fast, and very large. Don't forget that while using a file() call it needs to have memory available to both Apache/IIS and PHP that is at least the size of the entire file + 4bytes per line in order to use the file. If you implement a common interface (or series of functions), swapping the IO from a file to a database should be trivial. Alternatively, you can prune out that messages.txt file periodically by simply cutting the first line out of the file once its exceeded either a certain file size or length of entries.
That html shouldn't be split up either, just wrap the whole date part in <h3> or <span> tags, and apply your css per normal.

Not too bad for a basic script though. I would use fopen and fpassthru instead of the file call. Much better on memory.

StrangeCoder
11-25-2010, 01:31 AM
aCTUALLY,
can remove javascript and use strlen by php instead in the fafbj1bhvhj1vg12vi4g12iv4g1h2ivgh1i4vgy12iv5gh5r1jv5ghjvgfvjfg1h2vfg12vfg21ufv21gvc12g4vc12g4vc12gr huvg1rv21gvc12grvg1ruvg21r21g.php

well, have to use strlen anyway, because script is client-side so it is possible just to edit it, but dunno why, used an javascript-check there :P I guess just to prevent posters to flood my /var/log/apache2/access.log. :P

about growing messages.txt, what do you think about removing the whole file daily using some-kind of simple php script?

Fou-Lu
11-25-2010, 01:36 AM
Depends on how many messages you get.
I would use a database myself as that makes pruning very easy, and you can limit the amount of data in use to a certain number of records. This is the easiest approach as you can then only keep say, 100 messages on hand at any given time, and you never need to worry about a flood causing substantial diskspace usage. While you can do this all with standard IO on a file, its not nearly as easy as a delete command in sql.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum