ajax_im.php

ajax 聊天室,实现多人聊天,无刷新!

<?
///////////////////////////////////
//         ajax im v3.1          //
//    AJAX Instant Messenger     //
//   Copyright (c) 2006-2007     //
// unwieldy studios/Joshua Gross //
//  http://unwieldy.net/ajaxim/  //
//   Do not remove this notice   //
///////////////////////////////////

require 'config.php';

// begin code                        //
// note: do not edit below unless    //
//       you know what you're doing! //

// JSON Class //
include('json.php');
$json = new JSON_obj();

// string sanitizer - only alphanumerics //
function sanitize_alphanum($string, $min='', $max='')
{
   $string = preg_replace("/[^a-zA-Z0-9\s]/", "", $string);
   $len = strlen($string);
   if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
     return FALSE;
   return $string;
}

// checks if a user is online or not //
function is_online($username) {
   $query = @mysql_query("SELECT is_online FROM ".SQL_PREFIX."users WHERE username='$username'");
   $result = @mysql_fetch_assoc($query);
   return $result['is_online'];
}

function is_chatroom($room) {
   $query = @mysql_query("SELECT room FROM ".SQL_PREFIX."chats WHERE room='".strtolower($room)."' LIMIT 1");
   if(@mysql_num_rows($query) > 0)
      return true;
   return false;
}

function get_chatlist($room) {
   $query = mysql_query("SELECT DISTINCT user FROM ".SQL_PREFIX."chats WHERE room='".strtolower($room)."'");
   $i=0;
   while ($row = @mysql_fetch_assoc($query))
      $userlist[$i++]=$row['user'];
   return $userlist;
}

function user_event($from, $buddylist_n, $event) {
   global $json;
   
   $buddylist_new = Array();
   
   $event_info = explode(',', $event);

   if(strlen($buddylist_n) > 0) {
      $buddylist = (!is_array($buddylist_n) ? (array) $json->decode($buddylist_n) : $buddylist_n);
      if($event_info[0] == 'chat') {
         $users = $buddylist['users'];
         $query = @mysql_query("SELECT username,is_online FROM ".SQL_PREFIX."users WHERE username IN('".implode("','", $users)."') AND is_online > 0 ORDER BY username ASC");
         
         $i=0;
         while ($row = @mysql_fetch_assoc($query))
            $to_insert .= "('".mysql_real_escape_string($event)."', 'event', '".mysql_real_escape_string($from)."', '".mysql_real_escape_string($row['username'])."'),";
         
         $buddylist_new = Array();
      } else if($event_info[0] == 'status') {
         if($event_info[1] == '100') {
            $event = 'status,0';
            $not = 'NOT ';
            $query_str = " AND buddylist LIKE '%\"".mysql_real_escape_string($from)."\"%' AND buddylist NOT LIKE '%\"".mysql_real_escape_string($from)."\":%'";
         } else {
            $not = '';
            $query_str = " OR buddylist LIKE '%\"".mysql_real_escape_string($from)."\"%'";
         }
         foreach($buddylist as $group => $users) {
            $query = @mysql_query("SELECT username,buddylist,is_online FROM ".SQL_PREFIX."users WHERE username {$not}IN('".implode("','", $users)."'){$query_str} GROUP BY username ORDER BY username ASC");
            
            if(mysql_num_rows($query) > 0) {
               $i=0;
               while ($row = @mysql_fetch_assoc($query)) {
                  if(in_array($row['username'], $users) !== false) {
                     if($row['is_online'] == 100 && strpos($row['buddylist'], '"' . $from . '"') === false)
                        $row['is_online'] = 0;
                     $buddylist_new[$group][$i++] = Array('username'=>$row['username'], 'is_online'=>$row['is_online']);
                  }
                  if($row['is_online'] != '0') $to_insert .= "('".mysql_real_escape_string($event)."', 'event', '".mysql_real_escape_string($from)."', '".mysql_real_escape_string($row['username'])."'),";
               }
            }
         }
      }
      
      $to_insert = substr($to_insert, 0, strlen($to_insert) - 1);
      $query = @mysql_query("INSERT INTO ".SQL_PREFIX."messages (message, type, sender, recipient) VALUES " . $to_insert);
   }
   
   return $buddylist_new;
}

// function to generate a random password //
function generatePassword($length=10) {
   $randstr='';
   srand((double)microtime()*1000000);

   $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
   while(strlen($randstr)<$length) {
      $randstr.=substr($chars,(rand()%(strlen($chars))),1);
   } 
   return $randstr;
}

$call      = sanitize_alphanum($_POST['call']);
$from      = sanitize_alphanum($_POST['from']);
$pwd       = sanitize_alphanum($_POST['pwd']);
$recipient = sanitize_alphanum($_POST['recipient']);
$message   = strip_tags(str_replace("<amp>", "&", $_POST['msg']));

// connect to database //
$link = mysql_connect($sql_host, $sql_user, $sql_pass);
mysql_select_db($sql_db);
mysql_query("SET NAMES 'utf8'");

// cleanup logged-in users in database? [30% chance] //
if(rand(1, 100) <= 30) {
   // yes, cleanup! //
   $expire_time = time() - 15; // idle for more than 15 seconds? //
   $cleanup_event = @mysql_query("SELECT username, buddylist FROM ".SQL_PREFIX."users WHERE last_ping < $expire_time AND is_online > 0");
   if(@mysql_num_rows($cleanup_event) > 0) {
      while($row = @mysql_fetch_assoc($cleanup_event))
         $notify_buddies = user_event($row['username'], $row['buddylist'], 'status,0');
   }
   $cleanup_event2 = @mysql_query("SELECT user, room FROM ".SQL_PREFIX."chats WHERE user IN(SELECT username FROM ".SQL_PREFIX."users WHERE last_ping < $expire_time AND is_online > 0)");
   if(@mysql_num_rows($cleanup_event2) > 0) {
      while($row = @mysql_fetch_assoc($cleanup_event2)) {
         $room = @mysql_query("SELECT user FROM ".SQL_PREFIX."chats WHERE room='" . $row['room'] . "'");
         if(@mysql_num_rows($room) > 0) {
            while($row2 = @mysql_fetch_assoc($room))
               $chatusers['users'][] = $row2['user'];
         }
         $notify_chatusers = user_event($row['user'], $chatusers, 'chat,left,' . $row['room']);
      }
   }
   $cleanup_chats = @mysql_query("DELETE FROM ".SQL_PREFIX."chats WHERE user IN(SELECT username FROM ".SQL_PREFIX."users WHERE last_ping < $expire_time AND is_online > 0)");
   $cleanup = @mysql_query("UPDATE ".SQL_PREFIX."users SET is_online=0 WHERE last_ping < $expire_time AND is_online > 0");
}


switch($call) {

   case 'send':
      //////////// sending a message ////////////
      // message parts (within array $_POST):  //
      // from     -  user who sent message     //
      // pwd      -  password                  //
      // recipient-  user receiving the message//
      // msg      -  the message               //
      ///////////////////////////////////////////
      $query = @mysql_query("SELECT username FROM ".SQL_PREFIX."users WHERE username='".mysql_real_escape_string($from)."' AND password='".$pwd."'");
      if(@mysql_num_rows($query) > 0) {
         $is_room   = is_chatroom($recipient);
         $is_online = is_online($recipient);
         if($is_online > 0 || $is_room == true) {
            if($is_online == 100) {
               $check_friendship = @mysql_query("SELECT is_online FROM ".SQL_PREFIX."users WHERE username='".mysql_real_escape_string($recipient)."' AND buddylist LIKE '%\"".mysql_real_escape_string($from)."\"%'");
               if(@mysql_num_rows($check_friendship) == 0) {
                  print 'not_online';
                  die();
               }
            }
            
            if(strlen(trim($message)) > 0 && strlen($message) <= 1500) {
               $message = ('<span style="font-family:' . mysql_real_escape_string($_POST['font']) . ',sans-serif;font-size:' . mysql_real_escape_string(($_POST['fontsize'] > 24 ? 24 : $_POST['fontsize'])) . 'px;color:' . mysql_real_escape_string($_POST['fontcolor']) . ';">') .
                          ($_POST['bold'] == 'true' ? '<b>' : '') . ($_POST['italic'] == 'true' ? '<i>' : '') . ($_POST['underline'] == 'true' ? '<u>' : '') .
                          $message .
                          ($_POST['bold'] == 'true' ? '</b>' : '') . ($_POST['italic'] == 'true' ? '</i>' : '') . ($_POST['underline'] == 'true' ? '</u>' : '') .
                          ('</span>');
               if($is_room) {
                  $num_to_send = count(get_chatlist($recipient))-1;
                  $to_insert = str_repeat("('$message', 'msg', '".mysql_real_escape_string($from)."', '".strtolower($recipient)."'),", $num_to_send);
                  $to_insert = substr($to_insert, 0, strlen($to_insert) - 1);
               } else {
                  $to_insert = "('$message', 'msg', '".mysql_real_escape_string($from)."', '$recipient')";
               }
               $query = @mysql_query("INSERT INTO ".SQL_PREFIX."messages (message, type, sender, recipient) VALUES " . $to_insert);
            } else {
               if(strlen($message) > 1500)
                  print 'too_long';
            }
            print "sent";
         } else {
            print 'not_online';
         }
      } else {
      	 $set_status = @mysql_query("UPDATE ".SQL_PREFIX."users SET is_online='0', last_ping='".time()."' WHERE username='".mysql_real_escape_string($from)."'");
      	 print 'not_logged_in';
      }
      break;

   case 'ping':
      ///////////// ping the server /////////////
      // note: since the server cannot contact //
      //       the client, the client must     //
      //       ping the server for new msgs    //
      //                                       //
      // ping parts (within array $_POST):     //
      // from     -  user pinging the server   //
      // pwd      -  password                  //
      ///////////////////////////////////////////
      $query = mysql_query("SELECT is_online, buddylist FROM ".SQL_PREFIX."users WHERE username='$from' AND password='".$pwd."'");
      if(@mysql_num_rows($query) > 0) {
         $user_bl = mysql_fetch_assoc($query);
         
         $set_status = @mysql_query("UPDATE ".SQL_PREFIX."users SET is_online='".mysql_real_escape_string($_POST['away']+1)."', last_ping='".time()."' WHERE username='".mysql_real_escape_string($from)."'");
         if($user_bl['is_online'] != $_POST['away']+1) user_event($from, $user_bl['buddylist'], 'status,'.($_POST['away']+1));

         $buddylist = (array) $json->decode($user_bl['buddylist']);
         foreach($buddylist as $group => $users) {
            $num_users = count($users);
            for($i=0; $i<$num_users; ++$i)
               $reverse_list[$users[$i]] = $group;
         }

         $query = @mysql_query("SELECT id,message,type,sender,recipient FROM ".SQL_PREFIX."messages WHERE (recipient='".mysql_real_escape_string($from)."' OR recipient IN(SELECT room FROM ".SQL_PREFIX."chats WHERE user='".mysql_real_escape_string($from)."')) GROUP BY sender, message, recipient ORDER BY id ASC");
         $output['numMessages'] = 0;
         $output['numEvents'] = 0;
         $i=0; $j=0;
         while ($row = @mysql_fetch_assoc($query)) {
            if($row['type'] == 'msg') {
               if($row['sender'] != $from || $row['sender'] == $row['recipient']) {
                  $output['messages'][$i++] = Array('message'=>$row['message'], 'sender'=>$row['sender'], 'recipient'=>$row['recipient']);
                  $output['numMessages']++;