$v) { $k = sajax_safe_string($k); $pairs[] = is_numeric($k) ? "$k: " . sajax_get_js_repr($v) : "\"$k\": " . sajax_get_js_repr($v); } return "{ " . implode(', ', $pairs) . " }"; } return "'" . sajax_safe_string($value) . "'"; } function sajax_export() { global $sajax_export_list; foreach (func_get_args() as $func) { if (is_string($func)) { $sajax_export_list[] = $func; } } } $SAJAX_INCLUDED = 1; } /* ============================== CHAT FUNCTIONS (HARDENED) ============================== */ function add_data($data) { global $session, $database; if (!$session->uid) return; $msg = is_array($data) ? ($data[1] ?? '') : $data; $msg = trim((string)$msg); if ($msg === '') return; $id_user = (int)$session->uid; $name = $database->escape($session->username); $alliance = $database->escape($session->alliance); $now = time(); $stmt = mysqli_prepare( $database->dblink, "INSERT INTO ".TB_PREFIX."chat (id_user, name, alli, date, msg) VALUES (?, ?, ?, ?, ?)" ); if ($stmt) { mysqli_stmt_bind_param($stmt, "issis", $id_user, $name, $alliance, $now, $msg ); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } } function get_data() { global $session, $database; $alliance = $database->escape($session->alliance); $stmt = mysqli_prepare( $database->dblink, "SELECT id_user, name, date, msg FROM ".TB_PREFIX."chat WHERE alli = ? ORDER BY id DESC LIMIT 13" ); $data = ''; if ($stmt) { mysqli_stmt_bind_param($stmt, "s", $alliance); mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); while ($r = mysqli_fetch_assoc($result)) { $dates = date("H:i", (int)$r['date']); $uid = (int)$r['id_user']; $username = sajax_safe_string($r['name']); $message = sajax_safe_string($r['msg']); $data .= "[{$dates}] {$username}: {$message}
"; } mysqli_stmt_close($stmt); } return $data; } /* ============================== SAJAX BOOTSTRAP ============================== */ $sajax_request_type = "GET"; sajax_export("add_data", "get_data"); sajax_handle_client_request();