Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Nov 2010
    Posts
    30
    Thanks
    2
    Thanked 2 Times in 2 Posts

    Thumbs up Secure minichat without mysql, javascript etc. Pure 100% PHP only.

    1. Insert this anywhere you want to add your minichat:

    Code:
    <button onmouseover="this.style.cursor='pointer'";  onClick="send()"><img src="images/send.gif" width="133"></button><br>
    <input style="background: black; color: white; text-align: center" onFocus="value=''" type="text"  name="search" id="chat"  value="">
    <br>
    <div id="frame1">
    <iframe width="153" src="jkgh1g5h1j5gh12k5g21hk5gh5gf12tjf12cj125jyc2y5l6glug36gl36lg6gyk5f12yk1fgk515k125gyk251h125vh125kjhv51k.php">
    </iframe>
    <script>
    function send()
    {
    var message = document.getElementById('chat').value;
    var meslen = document.getElementById('chat').value.length;
    if (meslen <= 0)
    {
    alert('Please,write the message.');
    }
    else if (meslen >= 81)
    {
    alert('Maximum characters in your messages must be 80');
    }
    else
    {
    document.getElementById("frame1").innerHTML='<iframe width="153" src="fafbj1bhvhj1vg12vi4g12iv4g1h2ivgh1i4vgy12iv5gh5r1jv5ghjvgfvjfg1h2vfg12vfg21ufv21gvc12g4vc12g4vc12grhuvg1rv21gvc12grvg1ruvg21r21g.php?message='+message+'"></iframe>';
    }
    }
    </script>
    -> script fixes max and min characters and other crap.


    2. Create long php file with loooong name "jkgh1g5h1j5gh12k5g21hk5gh5gf12tjf12cj125jyc2y5l6glug36gl36lg6gyk5f12yk1fgk515k125gyk251h125vh125kjh v51k.php" (increases security, kinda...) at the same directory. HTML and CSS attributes you configure yourself.
    Code:
    <html>
    <head>
    <script type="text/javascript">
    function pageScroll() {
    window.scrollBy(0,10000);
    }
    </script>
    </head>
    <body>
    <body onload="pageScroll()">
    <div id="contents">
    <?
    $fps = file("/var/tmp/messages.txt");
    $test = array_slice($fps, 0);
    echo "<table border='1' style='color: white' bordercolor='#B1749F' background='black'>";
    while (list ($line_num, $line) = each ($test))
    {
    $line_num = $line_num + 1;
    echo "<tr>";
    echo "<td><h3>#" .$line_num. " " .$line;
    echo "</td></tr>";
    }
    echo "</table>";
    ?>
    <br><br>
    </div>
    </body>
    </html>
    -> NOTICE the line:
    $fps = file("/var/tmp/messages.txt");"
    You should be sure that you have permissions to write file at this directory (by default: /var/tmp/messages.txt). If you haven't, then change directory. Messages.txt that will contain spam from minichat ;-)

    3. Create another php file with another loooong name "fafbj1bhvhj1vg12vi4g12iv4g1h2ivgh1i4vgy12iv5gh5r1jv5ghjvgfvjfg1h2vfg12vfg21ufv21gvc12g4vc12g4vc12gr huvg1rv21gvc12grvg1ruvg21r21g.php" at the same directory.
    Code:
    <?php
    $message = htmlspecialchars($_GET['message']);
    if ($message)
    {
    $fp = fopen('/var/tmp/messages.txt', 'a');
    $date = date("g:i A");
    fwrite($fp, "at " .$date. "</h3>" .$message. "\n");
    fclose($fp);
    header("Location: jkgh1g5h1j5gh12k5g21hk5gh5gf12tjf12cj125jyc2y5l6glug36gl36lg6gyk5f12yk1fgk515k125gyk251h125vh125kjhv51k.php");
    }
    else
    {
    header("Location: jkgh1g5h1j5gh12k5g21hk5gh5gf12tjf12cj125jyc2y5l6glug36gl36lg6gyk5f12yk1fgk515k125gyk251h125vh125kjhv51k.php");
    }
    ?>
    -> NOTICE the line:
    $fp = fopen('/var/tmp/messages.txt', 'a');
    You should be sure that you have permissions to write file at this directory (by default: /var/tmp/messages.txt). If you haven't, then change directory. Messages.txt that will contain spam from minichat ;-)


    That's all. You can just delete messages.txt if you got too much of flooders ;-)

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,978
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Moving from PHP to PHP Snippets.
    This has quite a bit of JS in it, which makes your title misleading. You may want to consider an intermediate interface for writing to datastorage as well; while this doesn't use MySQL, that messages.txt will grow very fast, and very large. Don't forget that while using a file() call it needs to have memory available to both Apache/IIS and PHP that is at least the size of the entire file + 4bytes per line in order to use the file. If you implement a common interface (or series of functions), swapping the IO from a file to a database should be trivial. Alternatively, you can prune out that messages.txt file periodically by simply cutting the first line out of the file once its exceeded either a certain file size or length of entries.
    That html shouldn't be split up either, just wrap the whole date part in <h3> or <span> tags, and apply your css per normal.

    Not too bad for a basic script though. I would use fopen and fpassthru instead of the file call. Much better on memory.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    New Coder
    Join Date
    Nov 2010
    Posts
    30
    Thanks
    2
    Thanked 2 Times in 2 Posts
    aCTUALLY,
    can remove javascript and use strlen by php instead in the fafbj1bhvhj1vg12vi4g12iv4g1h2ivgh1i4vgy12iv5gh5r1jv5ghjvgfvjfg1h2vfg12vfg21ufv21gvc12g4vc12g4vc12gr huvg1rv21gvc12grvg1ruvg21r21g.php

    well, have to use strlen anyway, because script is client-side so it is possible just to edit it, but dunno why, used an javascript-check there :P I guess just to prevent posters to flood my /var/log/apache2/access.log. :P

    about growing messages.txt, what do you think about removing the whole file daily using some-kind of simple php script?

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,978
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Depends on how many messages you get.
    I would use a database myself as that makes pruning very easy, and you can limit the amount of data in use to a certain number of records. This is the easiest approach as you can then only keep say, 100 messages on hand at any given time, and you never need to worry about a flood causing substantial diskspace usage. While you can do this all with standard IO on a file, its not nearly as easy as a delete command in sql.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •