fix quotes in messages, can change name option, checkbox default value, date_diff, advanced button generation

git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@17 c66351dc-e62f-0410-b875-e3a5c0b9693f

src/webim/client.php

@@ -25,16 +25,14 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
 	if( !$thread ) {
 		$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
 		$remote = isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : $_SERVER['REMOTE_ADDR'];
-		$userName = isset($_COOKIE[$namecookie]) ? $_COOKIE[$namecookie] : getstring("chat.default.username");
-
-		$thread = create_thread($userName, $remote, $referer,$current_locale);
+		$visitor = $remote_visitor();
+		$thread = create_thread($visitor['name'], $remote, $referer,$current_locale);
 		$_SESSION['threadid'] = $thread['threadid'];
 		if( $referer ) {
 			post_message($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referer)));
 		}
 		post_message($thread['threadid'],$kind_info,getstring('chat.wait'));
-
-	}	
+	}
 	$threadid = $thread['threadid'];
 	$token = $thread['ltoken'];
 	$level = get_remote_level($_SERVER['HTTP_USER_AGENT']);

src/webim/libs/chat.php

@@ -49,8 +49,8 @@ function post_message_($threadid,$kind,$message,$link,$from=null,$time=null) {
 	    "insert into chatmessage (threadid,ikind,tmessage,tname,dtmcreated) values (%s, %s,'%s',%s,%s)",
 			$threadid,
 			$kind,
-			mysql_real_escape_string($message),
-			$from ? "'".mysql_real_escape_string($from)."'" : "null",
+			quote_smart($message,$link),
+			$from ? "'".quote_smart($from,$link)."'" : "null",
 			$time ? "FROM_UNIXTIME($time)" : "CURRENT_TIMESTAMP" );
 
 	perform_query($query,$link);
@@ -151,8 +151,13 @@ function print_thread_mesages($threadid, $token, $lastid, $isuser,$format) {
 	}
 }
 
+function get_user_name($name, $id="") {
+	global $presentable_name_pattern;
+       	return str_replace("{id}", $id, str_replace("{name}", $name, $presentable_name_pattern));
+}
+
 function setup_chatview_for_user($thread,$level) {
-	global $page, $webimroot;
+	global $page, $webimroot, $user_can_change_name;
 	$page = array();
 	$page['agent'] = false;
 	$page['user'] = true;
@@ -164,6 +169,7 @@ function setup_chatview_for_user($thread,$level) {
 	$page['ct.chatThreadId'] = $thread['threadid'];
 	$page['ct.token'] = $thread['ltoken'];
 	$page['ct.user.name'] = $thread['userName'];
+	$page['canChangeName'] = $user_can_change_name;
 
 	$page['ct.company.name'] = "Test company";  // TODO
 	$page['ct.company.chatLogoURL'] = "";		// TODO
@@ -172,17 +178,18 @@ function setup_chatview_for_user($thread,$level) {
 	$page['selfLink'] = "$webimroot/client.php?".$params."&level=".$level;
 }
 
-function setup_chatview_for_operator($thread) {
-	global $page, $webimroot;
+function setup_chatview_for_operator($thread,$operator) {
+	global $page, $webimroot, $company_logo_link, $company_name;
 	$page = array();
 	$page['agent'] = true;
 	$page['user'] = false;
 	$page['canpost'] = true;
 	$page['ct.chatThreadId'] = $thread['threadid'];
 	$page['ct.token'] = $thread['ltoken'];
-	$page['ct.user.name'] = $thread['userName'];
-	$page['ct.company.name'] = "Test company";
-	$page['ct.company.chatLogoURL'] = "";
+	$page['ct.user.name'] = get_user_name($thread['userName']);
+
+	$page['ct.company.name'] = $company_name;
+	$page['ct.company.chatLogoURL'] = $company_logo_link;
 
 	// TODO
 	$page['namePostfix'] = "";	
@@ -323,7 +330,8 @@ function create_thread($username,$remote,$referer,$lang) {
 	$link = connect();
 
 	$query = sprintf(
-		 "insert into chatthread (userName,"."ltoken,remote,referer,lrevision,locale,dtmcreated,dtmmodified) values ('%s','%s',%s,'%s','%s',%s,'%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)",
+		 "insert into chatthread (userName,"."ltoken,remote,referer,lrevision,locale,dtmcreated,dtmmodified) values ".
+								 "('%s',"."%s,'%s','%s',%s,'%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)",
 			mysql_real_escape_string($username),
 			next_token(),
 			mysql_real_escape_string($remote),
@@ -417,4 +425,11 @@ function thread_by_id($id) {
 	return $thread;
 }
 
-?>
+function visitor_from_request() {
+	global $namecookie;
+	$userName = isset($_COOKIE[$namecookie]) ? $_COOKIE[$namecookie] : getstring("chat.default.username");
+
+	return array( 'name' => $userName );
+}
+
+?>

src/webim/libs/common.php

@@ -166,11 +166,12 @@ function getstring2($text,$params) {
 }
 
 function connect() {
-	global $mysqlhost, $mysqllogin, $mysqlpass, $mysqldb, $dbencoding;
+	global $mysqlhost, $mysqllogin, $mysqlpass, $mysqldb, $dbencoding, $force_charset_in_connection;
 	$link = mysql_connect($mysqlhost,$mysqllogin ,$mysqlpass )
 		or die('Could not connect: ' . mysql_error());
 	mysql_select_db($mysqldb) or die('Could not select database');
-	mysql_query("SET character set $dbencoding", $link);
+	if( $force_charset_in_connection )
+		mysql_query("SET character set $dbencoding", $link);
 	return $link;
 }
 
@@ -210,6 +211,13 @@ function form_value($key) {
 	return "";
 }
 
+function form_value_cb($key) {
+	global $page;
+	if( isset($page) && isset($page["form$key"]) )
+		return $page["form$key"] === true;
+	return false;
+}
+
 function no_field($key) {
 	return getstring2("errors.required",array(getstring($key)));
 }
@@ -255,4 +263,31 @@ function div($a,$b) {
     return ($a-($a % $b)) / $b;
 }
 
+function date_diff($seconds) {
+    $minutes = div($seconds,60);
+	$seconds = $seconds % 60;
+	if( $minutes < 60 ) {
+		return sprintf("%02d:%02d",$minutes, $seconds);
+	} else {
+		$hours = div($minutes,60);
+		$minutes = $minutes % 60;
+		return sprintf("%02d:%02d:%02d",$hours, $minutes, $seconds);
+	}
+}
+
+function quote_smart($value,$link) {
+	if (get_magic_quotes_gpc()) {
+		$value = stripslashes($value);
+	}
+	return mysql_real_escape_string($value,$link);
+}
+
+function get_app_location($showhost,$issecure) {
+	if( $showhost ) {
+		return ($issecure?"https://":"http://").$_SERVER['HTTP_HOST']."/webim";
+	} else {
+		return "/webim";
+	}
+}
+
 ?>

src/webim/libs/config.php

@@ -23,20 +23,67 @@ $mysqlpass = "123";
 /*
  *  Localization parameters
  */
+
+// Use CP-1251 database
 $dbencoding = "cp1251";
 $webim_encoding = "cp1251";
 $request_encoding = "utf-8";
-$output_charset = "cp1251";
+$output_charset = "Windows-1251";
+$force_charset_in_connection = true;
+
+
+// Use UTF-8 database
+/*
+$dbencoding = "utf8";
+$webim_encoding = "cp1251";
+$request_encoding = "utf-8";
+$output_charset = "Windows-1251";
+$force_charset_in_connection = true;
+*/
 
 /*
- *  Application parameters
+ *   From field in outgoing mail.
  */
-$webim_from_email = "webim@yourdomain.com"; # email from field
+$webim_from_email = "webim@yourdomain.com"; // email from field
 
+/*
+ *   Company international name.
+ */
+$company_name = "My Company Ltd.";
+
+/*
+ *   Company logo. 
+ */
+$company_logo_link = "";
+
+/*
+ *   Locales 
+ */
 $available_locales = array("en", "ru");
-$home_locale = "ru";                        # native name will be used in this locale
-$default_locale = "en";                     # if user does not provide known lang
+$home_locale = "ru";                        // native name will be used in this locale
+$default_locale = "en";                     // if user does not provide known lang
 
-$online_timeout = 30; # sec
+/*
+ *   Allows users to change their names
+ */
+$user_can_change_name = true;
 
-?>
+/*
+ *   How to build presentable visitor name from {name}. Default: {name}
+ */ 
+$presentable_name_pattern = "{name}";
+
+/*
+ *   Method of getting information about remote user. For example, you could
+ *   have user name or id in session. Default value: visitor_from_request
+ */
+$remote_visitor = 'visitor_from_request';
+
+/*
+ *   Timeout (in seconds) when online operator becomes offline.
+ */
+$online_timeout = 30;
+
+
+
+?>

src/webim/libs/operator.php

@@ -102,8 +102,9 @@ function get_operator_name($operator) {
 		return $operator['vccommonname'];
 }
 
-function generate_button($title,$locale,$inner) {
-	return "<!-- webim button -->".get_popup("/webim/client.php". ($locale?"?locale=".$locale : ""), $inner, $title, "webim", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=600,height=420,resizable=1" )."<!-- /webim button -->";
+function generate_button($title,$locale,$inner,$showhost,$forcesecure) {
+	$link = get_app_location($showhost,$forcesecure)."/client.php". ($locale?"?locale=".$locale : "");
+	return "<!-- webim button -->".get_popup($link, $inner, $title, "webim", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=600,height=420,resizable=1" )."<!-- /webim button -->";
 }
 
 function check_login() {

src/webim/operator/agent.php

@@ -31,6 +31,7 @@ if( !isset($_GET['token']) ) {
 		die("wrong thread");
 	}
 
+	
 	take_thread($thread,$operator);
 
 	$token = $thread['ltoken'];
@@ -45,7 +46,7 @@ if( !$thread || !isset($thread['ltoken']) || $token != $thread['ltoken'] ) {
 	die("wrong thread");
 }
 
-setup_chatview_for_operator($thread);
+setup_chatview_for_operator($thread, $operator);
 
 start_html_output();
 

src/webim/operator/getcode.php

@@ -37,6 +37,9 @@ if($handle = opendir($imagesDir)) {
 $image = verifyparam("image","/^\w+$/", "webim");
 $image_locales = $imageLocales[$image];
 
+$showhost = verifyparam("hostname","/^on$/", "") == "on";
+$forcesecure = verifyparam("secure","/^on$/", "") == "on";
+
 $lang = verifyparam("lang", "/^\w\w$/", "");
 if( !$lang || !in_array($lang,$image_locales) )
 	$lang = in_array($current_locale,$image_locales) ? $current_locale : $image_locales[0];
@@ -44,16 +47,18 @@ if( !$lang || !in_array($lang,$image_locales) )
 $file = "../images/webim/${image}_${lang}_on.gif";
 $size = get_gifimage_size($file);
 
-$message = get_image("/webim/button.php?image=$image&lang=$lang",$size[0],$size[1]);
+$message = get_image(get_app_location($showhost,$forcesecure)."/button.php?image=$image&lang=$lang",$size[0],$size[1]);
 
 $page = array();
 $page['operator'] = get_operator_name($operator);
-$page['buttonCode'] = generate_button("",$lang,$message);
+$page['buttonCode'] = generate_button("",$lang,$message,$showhost,$forcesecure);
 $page['availableImages'] = array_keys($imageLocales);
 $page['availableLocales'] = $image_locales;
 
 $page['formimage'] = $image;
 $page['formlang'] = $lang;
+$page['formhostname'] = $showhost;
+$page['formsecure'] = $forcesecure;
 
 start_html_output();
 require('../view/gen_button.php');

src/webim/operator/login.php

@@ -36,7 +36,7 @@ if( isset($_POST['login']) && isset($_POST['password']) ) {
 	}
 }
 
-$page = array( 'backPath' => '' );
+$page = array( 'backPath' => '', 'formisRemember' => true );
 start_html_output();
 require('../view/login.php');
 ?>

src/webim/operator/update.php

@@ -47,8 +47,9 @@ function thread_to_xml($thread) {
 	$state = getstring($threadstate_key[$thread['istate']]);
 	$threadoperator = ($thread['agentName'] ? $thread['agentName'] : "-");
 
-	$result .= " canopen=\"true\" state=\"$state\">";
-	$result .= "<name>".htmlspecialchars($thread['userName'])."</name>";
+	$result .= " canopen=\"true\"";
+	$result .= " state=\"$state\">";
+	$result .= "<name>".htmlspecialchars(get_user_name($thread['userName']))."</name>";
 	$result .= "<addr>".htmlspecialchars($thread['remote'])."</addr>";
 	$result .= "<agent>".htmlspecialchars($threadoperator)."</agent>";
 	$result .= "<time>".$thread['unix_timestamp(dtmcreated)']."000</time>";

src/webim/thread.php

@@ -54,6 +54,13 @@ if( $act == "refresh" ) {
 	exit;
 
 } else if( $act == "rename" ) {
+
+	if( !$user_can_change_name ) {
+		start_xml_output();
+		echo "<error></error>";
+		exit;
+	}
+
 	$newname = getrawparam('name');
 
 	rename_user($thread, $newname);

src/webim/view/chat_ajaxed.php

@@ -89,7 +89,7 @@ var threadParams = { servl:"/webim/thread.php",frequency:2,<?php if( $page['user
 				<td class="text" nowrap>
 					<?php echo getstring("chat.window.chatting_with") ?> <b><a href="javascript:void(0)" onclick="return false;" title="<?php echo getstring("chat.window.chatting_with") ?> <?php echo $page['ct.user.name'] ?><?php echo $page['namePostfix'] ?>"><?php echo $page['ct.user.name'] ?></a></b><br>
 				</td>
-<?php } ?><?php if( $page['user'] ) { ?>
+<?php } ?><?php if( $page['user'] && $page['canChangeName'] ) { ?>
 				<td class="text" nowrap>
 				<div id="changename1" style="display:<?php echo $page['displ1'] ?>;">
 					<table cellspacing="0" cellpadding="0" border="0"><tr>
@@ -154,7 +154,7 @@ var threadParams = { servl:"/webim/thread.php",frequency:2,<?php if( $page['user
 			<tr>
 		    <td bgcolor="#A1A1A1"><img src='/webim/images/free.gif' width="1" height="1" border="0" alt="" /></td>
 		    <td width="100%" height="100%" bgcolor="#FFFFFF" valign="top">
-				<iframe id="chatwnd" width="100%" height="100%" src="" frameborder="0" style="overflow:auto;">
+				<iframe id="chatwnd" width="100%" height="100%" src='/webim/images/free.gif' frameborder="0" style="overflow:auto;">
 				Sorry, your browser does not support iframes; try a browser that supports W3 standards.
 				</iframe>
 			</td>

src/webim/view/gen_button.php

@@ -72,6 +72,28 @@
 			<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("lang") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
 		</td>
 	</tr>
+	<tr><td colspan="3" height="5"></td></tr>
+	<tr>
+		<td colspan="3" class="formauth"><?php echo getstring("page.gen_button.include_site_name") ?></td>
+	</tr>
+	<tr><td colspan="3" height="2"></td></tr>
+	<tr>
+		<td colspan="3">
+			<input type="checkbox" name="hostname" value="on"<?php echo form_value_cb('hostname') ? " checked=\"checked\"" : "" ?> onchange="this.form.submit();"/>
+		</td>
+	</tr>
+<?php if( $page['formhostname'] ) { ?>
+	<tr><td colspan="3" height="5"></td></tr>
+	<tr>
+		<td colspan="3" class="formauth"><?php echo getstring("page.gen_button.secure_links") ?></td>
+	</tr>
+	<tr><td colspan="3" height="2"></td></tr>
+	<tr>
+		<td colspan="3">
+			<input type="checkbox" name="secure" value="on"<?php echo form_value_cb('secure') ? " checked=\"checked\"" : "" ?> onchange="this.form.submit();"/>
+		</td>
+	</tr>
+<?php } ?>
 	<tr><td colspan="3" height="5"></td></tr>
 	<tr>
 		<td class="formauth"><?php echo getstring("page.gen_button.code") ?></td>

src/webim/view/login.php

@@ -112,7 +112,7 @@
 					<td>
 					<table cellspacing="0" cellpadding="0" border="0">
 						<tr>
-							<td><input type="checkbox" name="isRemember" value="on" checked="checked"/></td>
+							<td><input type="checkbox" name="isRemember" value="on"<?php echo form_value_cb('isRemember') ? " checked=\"checked\"" : "" ?> /></td>
 							<td width="5"></td>
 							<td class="formauth" nowrap><span><?php echo getstring("page_login.remember") ?></span></td>
 						</tr>

src/webim/view/properties_en

@@ -142,6 +142,10 @@ menu.agents=Agents list
 menu.main=Main
 menu.operator=You are {0}
 no_such_operator=No such operator
+page.gen_button.choose_image=Choose image
+page.gen_button.choose_locale=Target locale
+page.gen_button.include_site_name=Include host name into code
+page.gen_button.secure_links=Use secure links (https)
 page_agent.create_new=Here you can create new operator
 page_agents.agent_commonname=International name
 page_analysis.full.text.search=User name or message text search:

src/webim/view/properties_ru

@@ -97,7 +97,7 @@ admin.content.description=
 admin.content.client_agents=Создание, удаление агентов компании. Управление их правами и возможностями.
 admin.content.client_gen_button=Получение HTML-кода для кнопки "Вэб Мессенджера".
 page.gen_button.title=Получение HTML-кода кнопки
-page.gen_button.intro=На этой старнице Вы можете получить HTML-код кнопки "Вэб Мессенджера" для размещения на своем сайте.
+page.gen_button.intro=На этой странице Вы можете получить HTML-код кнопки "Вэб Мессенджера" для размещения на своем сайте.
 page.gen_button.code=HTML-код
 page.gen_button.sample=Пример
 page.gen_button.code.description=<strong>Внимание!</strong> При внесении<br/> каких-либо изменений<br/> в этот код работоспособность<br/> кнопки не гарантируется!
@@ -144,6 +144,8 @@ menu.operator=
 no_such_operator=Запрашиваемая учетная запись не существует
 page.gen_button.choose_image=Выбор картинки
 page.gen_button.choose_locale=Для какой локали создавать кнопку
+page.gen_button.include_site_name=Включать имя сайта в код
+page.gen_button.secure_links=Использовать защищенное соединение (https)
 page_agent.create_new=Создание нового оператора
 page_agents.agent_commonname=Интернациональное имя
 page_analysis.full.text.search=Поиск по имени посетителя или по тексту сообщения:

src/webim/view/thread_search.php

@@ -90,7 +90,7 @@
         			<?php if( $chatthread['agentName'] ) { ?><?php echo htmlspecialchars($chatthread['agentName']) ?><?php } ?>
 				</td><td background='/webim/images/tablediv3.gif'><img width='3' height='1' border='0' alt='' src='/webim/images/free.gif'></td>
 				<td height='30' class='table'>
-					<?php echo date("d M Y H:i:s", $chatthread['created']) ?>,  <?php echo date("d M Y H:i:s", $chatthread['modified']-$chatthread['created']) ?>
+					<?php echo date("d M Y H:i:s", $chatthread['created']) ?>,  <?php echo date_diff($chatthread['modified']-$chatthread['created']) ?>
 				</td>
 			</tr>
 			<tr><td height='2' colspan='7'></td></tr><tr><td bgcolor='#e1e1e1' colspan='7'><img width='1' height='1' border='0' alt='' src='/webim/images/free.gif'></td></tr><tr><td height='2' colspan='7'></td></tr>