1/3/2014 update, ignore previous commits.

ajaxDEL.php

@@ -0,0 +1,8 @@
+<?php
+include 'models/chat.config.php';
+
+$idz = $db->real_escape_string($_POST['id']);
+$query = $db->Query("UPDATE messages SET `hidden`='1' WHERE `id`='$idz'");
+$result = $db->GET($query);
+print($result);
+?>

ajaxLOAD.php

@@ -1 +1 @@
-<?phpinclude 'models/chat.config.php';$db->query('SELECT * FROM messages ORDER BY (id) ASC');$data = $db->GET();foreach($data as $key => $value) {		$color = htmlentities($value['color']);	$user = htmlentities($value['username']);	$msg = htmlentities($value['message']);	echo "<li id='msg_row'><b id='u_name_chat' style='color: ".$color.";'>".$user."</b>: ".$msg."</li>";}?>
+<?phpinclude 'models/config.php';include 'models/chat.config.php';$idaa = $loggedInUser->user_id;$db->query("SELECT * FROM messages WHERE `hidden`='0' ORDER BY (id) ASC LIMIT 100");$data = $db->GET();foreach($data as $key => $value) {	if(!isUserMod($idaa) and !isUserAdmin($idaa)) {		$color = htmlentities($value['color']);		$user = htmlentities($value['username']);		$msg = htmlentities($value['message']);		echo "<li id='msg_row'><b id='u_name_chat' style='color: ".$color.";'>".$user."</b>: ".$msg."</li>";	}else{		$color = htmlentities($value['color']);		$user = htmlentities($value['username']);		$msg = htmlentities($value['message']);		$todelete = $db->real_escape_string($value['id']);		echo "<li id='msg_row'><b id='u_name_chat' style='color: ".$color.";'>".$user."</b>: ".$msg."<a color='blue' href='#' rel=".$todelete." class='delete' onClick='deleteChat(this);'>delete</a></li>";		}}?><script>		<?php 		if(isUserMod($idaa) || isUserAdmin($idaa)) 		{		?>			function deleteChat(t) {				console.log("Clicked delete");				var toDEL = $(t).parent();				var id = $(t).attr('rel');				console.log(id);								$.post('ajaxDEL.php', {id: id})					.done(function(data) {						$(toDEL).hide();					});			}			/*$('.delete').click(function() {								//console.log("Clicked Delete.");				var toDEL = $(this).parent();				var id = $(this).attr('rel');								$.post('ajaxDEL.php', {id: id});					//.done(function(data) {					//	$(toDEL).hide();					//});			});*/		<?php		}		?></script>

ajaxPOST.php

@@ -10,11 +10,8 @@
 $username = $loggedInUser->display_username;
 //___
 
-if (strlen($_POST['message']) < 5) 
-	{
-	die();
-	}
-else if (isUserCBanned($id)) //eventually we will map this to the error/notification handler to keep users from spamming chat after banned.
+
+if (isUserCBanned($id))
 	{
 	die();
 	}
@@ -36,7 +33,7 @@
 	$user = $db->real_escape_string(htmlentities(($username))); 
 	$message = $db->real_escape_string(strip_tags(($_POST['message']), '<a>'));
 
-
-	$db->Query("INSERT INTO messages (color, username, message) VALUES ('$color_','$user','$message')");
+	$timestamp = $db->real_escape_string(gettime());
+	$db->Query("INSERT INTO messages (color, username, message, timestamp) VALUES ('$color_','$user','$message','$timestamp')");
 	}
 ?>

api/api.config.php

@@ -2,10 +2,10 @@
 include '../models/mysqli.class.php';
 
 $config = array();
-$config['host'] = '';
-$config['user'] = '';
-$config['pass'] = '';
-$config['table'] = '';
+$config['host'] = 'localhost';
+$config['user'] = 'ffkbe_api';
+$config['pass'] = 'f$vMyV74mHJdh2fy9cKKDTH4Jt**^rjkf*&^@@@8*jlasdfjkalxcjvcx.sn.fasdfl';
+$config['table'] = 'testing';
 
 $db2 = new DB($config);
 

index.php

@@ -3,7 +3,8 @@
 require_once("models/config.php");
 //browsercheck_index();
 //forceSSL();
-
+$account = $loggedInUser->display_username;
+$id = $loggedInUser->user_id;
 if(isTORnode()){
 	die("Due to legal restrictions users using TOR Browser are not allowed to access this website.");
 }
@@ -21,8 +22,17 @@
 	die();
 	}
 }
-$id = $loggedInUser->user_id;
-$account = $loggedInUser->display_username;
+
+//basic bot detection
+echo '<input type="hidden" value="" name="fullname">';
+$is_bot = mysql_real_escape_string($_POST["fullname"]);
+if(isset($_POST["fullname"])) {
+	if($is_bot != "") {
+		echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">';
+	}else{
+
+	}
+}
 ?>
 <html>
 <head>
@@ -76,6 +86,7 @@ function calculateFees2()
             $('.spinner').fadeOut();
         });
 
+
         $("a").click(function(event){
 
             event.preventDefault();
@@ -155,6 +166,7 @@ function()
 			});
 			return false; 
 		});
+
     });
 	$('#message').keypress(function(event){
     var char = String.fromCharCode(event.which)
@@ -163,6 +175,8 @@ function()
         $(this).val(txt.replace(char, ''));
     }
 	});
+
+
 	</script>
 </head>
 
@@ -189,10 +203,10 @@ function()
 				';
 				}
 				?>
-				<li><a href="https://openex.mobi" title="mobile sit"><i class="fa fa-mobile"></i></a></li>
-				<li><a href="https://openex.info" title="forums"><i class="fa fa-comments-o"></i></a></li>
-				<li><a href="https://twitter.com/_OpenEx_" title="Follow us on Twitter"><i class="fa fa-twitter"></i></a></li>
-				<li><a href="https://github.com/r3wt/openex.git" title="View source on Github"><i class="fa fa-github"></i></a></li>
+				<!--<li><a href="https://openex.mobi" title="mobile sit"><i class="fa fa-mobile"></i></a></li>
+				<li><a href="https://openex.info" target="_blank" title="forums"><i class="fa fa-comments-o"></i></a></li>-->
+				<li><a class="blank" href="https://twitter.com/_OpenEx_" target="_blank" title="Follow us on Twitter"><i class="fa fa-twitter"></i></a></li>
+				<li><a class="blank" href="https://github.com/r3wt/openex.git" target="_blank" title="View source on Github"><i class="fa fa-github"></i></a></li>
 				<?php
 				if(isUserLoggedIn()){ 
 				echo 

models/chat.config.php

@@ -3,10 +3,10 @@
 include 'mysqli.class.php';
 
 $config = array();
-$config['host'] = '';
-$config['user'] = '';
-$config['pass'] = '';
-$config['table'] = '';
+$config['host'] = 'localhost';
+$config['user'] = 'ffkbe_chat';
+$config['pass'] = 'f$vMyV74Jt**^rjkf*&^@@@%%%cmuEHYhs$$$$k999&fslkfjsl3ldklcvjlkdjlweo^&asdjlfasdfl';
+$config['table'] = 'testing';
 
 $db = new DB($config);
 

models/class.wallet.php

@@ -36,9 +36,9 @@ public function GetTransactions()
 	}
 
 
-	public function GetInfo($requestkey,$id_check)
+	public function GetInfo($id,$pw,$usr,$requestkey,$id_check)
 	{	
-		$validkey = "null%alsbYtEcOdEd8*skr3Wtvj%sn%-s8K";
+		$validkey = md5(hash('sha512', $id_check.$id.$usr.$pw));
 		if($requestkey != $validkey){
 			die("insufficient credentials");
 		}else{