OXIESEC PANEL
- Current Dir:
/
/
var
/
www
/
cream
/
groupchat
/
inc
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
05/19/2025 10:07:13 AM
rwxrwxr-x
📄
db_connect.php
614 bytes
05/19/2025 10:07:13 AM
rw-rw-r--
📄
delete_chat.php
382 bytes
05/19/2025 10:07:13 AM
rw-rw-r--
📄
delete_group.php
410 bytes
05/19/2025 10:07:13 AM
rw-rw-r--
📄
exit_group.php
431 bytes
05/19/2025 10:07:13 AM
rw-rw-r--
📄
function.php
22.64 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
memberSearch.php
1.32 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
navbar.php
607 bytes
05/19/2025 10:07:13 AM
rw-rw-r--
📄
script.js
11.89 KB
11/28/2024 01:24:17 PM
rw-rw-r--
📄
sendreview.php
1.71 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
sidebar.php
5.71 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
style.css
11.1 KB
11/28/2024 01:24:17 PM
rw-rw-r--
📄
test.php
1.83 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
update_member.php
460 bytes
05/19/2025 10:07:13 AM
rw-rw-r--
Editing: function.php
Close
<?php include 'db_connect.php'; function display_messages($conn, $group_id) { $message_id = ''; $message = ''; $posted_on = ''; $user_name = ''; try { // SQL query with placeholders $sql = "SELECT m.message_id, m.message, m.posted_on, u.full_name FROM messages m JOIN user u ON m.user_id = u.id WHERE m.group_id = ? AND m.delete_status='N';"; // $sql = "SELECT m.message, m.posted_on, mb.user_name FROM messages m JOIN members mb WHERE m.group_id = ? ;"; $stmt = $conn->prepare($sql); $stmt->bind_param('i', $group_id); // 'i' indicates the type of the parameter (integer) // Execute query $stmt->execute(); // Bind result variables $stmt->bind_result($message_id, $message, $posted_on, $user_name); $chat = []; while ($stmt->fetch()) { $chat[] = [ 'message_id' => $message_id, 'message' => $message, 'time' => $posted_on, 'user_name' => htmlspecialchars_decode($user_name) ]; } // Close statement $stmt->close(); return $chat; } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function display_groups($conn, $user_id) { $groups = []; $group_id = ''; $group_name = ''; try { // Prepare SQL query // $sql = "SELECT g.group_id, g.group_name FROM groups g INNER JOIN members mb ON g.group_id = mb.group_id WHERE mb.user_id = ?"; $sql = "SELECT g.group_id, g.group_name FROM groups g INNER JOIN group_members gm ON g.group_id = gm.group_id WHERE gm.user_id = ? AND g.status = 'active' AND gm.exit_status = 'No'"; $stmt = $conn->prepare($sql); $stmt->bind_param('i', $user_id); // Execute query $stmt->execute(); // Bind result variables $stmt->bind_result($group_id, $group_name); // Fetch results into an associative array while ($stmt->fetch()) { $groups[] = [ 'group_id' => $group_id, 'group_name' => $group_name ]; } // Close statement $stmt->close(); return $groups; } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function display_group_name($conn, $group_id) { $group_name = ''; try { // Prepare SQL query $sql = "SELECT group_name FROM groups WHERE group_id = ?"; $stmt = $conn->prepare($sql); if (!$stmt) { throw new Exception("Prepare failed: (" . $conn->errno . ") " . $conn->error); } // Bind parameters $stmt->bind_param('i', $group_id); // Execute query $stmt->execute(); // Bind result variables $stmt->bind_result($group_name); // Fetch value $stmt->fetch(); // Close statement $stmt->close(); // Return the group name return $group_name; } catch (Exception $e) { // Handle errors echo "Error: " . $e->getMessage(); return null; // or handle error as needed } } function create_group($conn, $group_name, $group_description, $owner_id, $group_membersId, $group_image) { $created_at = date('Y-m-d H:i:s'); try { // Prepare SQL statement with placeholders $sql = "INSERT INTO groups (group_name, group_description, created_at, owner_id, group_image) VALUES (?, ?, ?, ?, ?)"; $stmt = $conn->prepare($sql); // Bind parameters to statement $stmt->bind_param("sssis", $group_name, $group_description, $created_at, $owner_id, $group_image); // Execute statement $stmt->execute(); // Get the last inserted ID (group_id in this case) $group_id = strval($stmt->insert_id); // Close statement $stmt->close(); if (!in_array($owner_id, $group_membersId)) { $group_membersId[] = $owner_id; // Add owner_id to group_membersId } foreach ($group_membersId as $user_id) { add_members_to_the_group($conn, 'group', $user_id, $group_id); } } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function delete_group($conn, $action, $id) { $deleted_at = date('Y-m-d H:i:s'); try { if ($action == 'group') { $sql = "UPDATE groups SET deleted_on = ?, status = 'inactive' WHERE group_id = ?"; } else if ($action == 'broadcast') { $sql = "UPDATE broadcasts SET deleted_on = ?, status = 'inactive' WHERE broadcast_id = ?"; } $stmt = $conn->prepare($sql); $stmt->bind_param('si', $deleted_at, $id); $stmt->execute(); $stmt->close(); } catch (mysqli_sql_exception $e) { // Handle database errors echo "Error: " . $e->getMessage(); } } function add_members_to_the_group($conn, $action, $user_id, $id) { try { $joined_on = date('Y-m-d H:i:s'); if ($action == 'group') { $sql = "INSERT INTO group_members (user_id, group_id, joined_on) VALUES (?, ?, ?)"; } else if ($action == 'broadcast') { $sql = "INSERT INTO broadcast_members (user_id, broadcast_id, joined_on) VALUES (?, ?, ?)"; } $stmt = $conn->prepare($sql); $stmt->bind_param("sss", $user_id, $id, $joined_on); $stmt->execute(); } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function find_user($conn, $user_id) { $user_name = ''; try { // Prepare SQL query $sql = "SELECT full_name FROM user WHERE id = ?"; $stmt = $conn->prepare($sql); // Bind parameters $stmt->bind_param("i", $user_id); // Assuming user_id is an integer (change "i" if it's a different type) // Execute query $stmt->execute(); // Bind result variables $stmt->bind_result($user_name); // Fetch the user_name $stmt->fetch(); // Close statement $stmt->close(); // Return the user_name return $user_name; } catch (mysqli_sql_exception $e) { // Handle any exceptions or errors echo "Error: " . $e->getMessage(); // You may choose to log the error or handle it in another way return ''; // Return empty string or handle as appropriate in your application } } function convertStringToArray($input) { // Trim any leading/trailing whitespace $input = trim($input); // Check if the input contains a comma if (strpos($input, ',') !== false) { // If it contains a comma, split the string into an array $array = explode(',', $input); // Trim whitespace from each element in the array $array = array_map('trim', $array); } else { // If there is no comma, treat the input as a single number $array = [$input]; } return $array; } function convertArrayToString($array, $separator = ',') { // Check if the input is an array if (!is_array($array)) { throw new InvalidArgumentException('The input must be an array.'); } // Remove any empty elements from the array $array = array_filter($array, 'strlen'); // Join the array elements into a string using the specified separator $string = implode($separator, $array); // Return the resulting string return $string; } function members_to_add($conn, $group_id) { $all_members = display_all_members($conn); $present_members = display_group_members($conn, $group_id); $present_ids = array_column($present_members, 'user_id'); $all_members = array_filter($all_members, function ($member) use ($present_ids) { return !in_array($member['user_id'], $present_ids); }); return $all_members; } function display_all_members($conn) { $user_id = ''; $user_name = ''; $email = ''; try { $sql = "SELECT id, full_name, email FROM user"; $stmt = $conn->prepare($sql); // Execute query $stmt->execute(); // Bind result variables $stmt->bind_result($user_id, $user_name, $email); // Fetch results into an associative array while ($stmt->fetch()) { $data[] = [ 'user_id' => $user_id, 'user_name' => $user_name, 'user_email' => $email ]; } // Close statement $stmt->close(); // print_r($data); return $data; } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function display_group_members($conn, $group_id) { $user_id = ''; $user_name = ''; $email = ''; $data = []; try { // $sql = "SELECT id, full_name, email FROM user WHERE group"; $sql = "SELECT u.id, u.full_name, u.email FROM user u INNER JOIN group_members gm ON u.id = gm.user_id WHERE gm.group_id = ? "; $stmt = $conn->prepare($sql); $stmt->bind_param("i", $group_id); // Assuming user_id is an integer (change "i" if it's a different type) // Execute query $stmt->execute(); // Bind result variables $stmt->bind_result($user_id, $user_name, $email); // Fetch results into an associative array while ($stmt->fetch()) { $data[] = [ 'user_id' => $user_id, 'user_name' => $user_name, 'user_email' => $email ]; } // Close statement $stmt->close(); // print_r($data); return $data; } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function replace_urls_with_links($text) { // Regular expression to match URLs terminated by a space or end of string $regex = '/(?:https?:\/\/(?:www\.)?[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,}(?:\/[^\s]*)?(?:\.[a-zA-Z]{2,})?)/'; // Replace URLs with HTML <a> tags $text_with_links = preg_replace_callback($regex, function ($matches) { $url = $matches[0]; // Check if the URL starts with http:// or https:// if (!preg_match("~^(?:f|ht)tps?://~i", $url)) { // If no protocol is specified, add http:// at the beginning $url = "http://" . $url; } // Encode special characters in the URL for HTML $url = htmlspecialchars($url, ENT_QUOTES, 'UTF-8'); return '<a href="#" onclick="redirectTo(\'' . $url . '\'); return false;">' . $matches[0] . '</a>'; }, $text); return $text_with_links; } function exit_group($conn, $action, $user_id, $id) { $exited_on = date('Y-m-d H:i:s'); try { if ($action == 'group') { $sql = "UPDATE group_members SET exited_on = ?, exit_status = 'Yes' WHERE user_id = ? AND group_id = ?"; } else if ($action == 'broadcast') { $sql = "UPDATE broadcast_members SET exited_on = ?, exit_status = 'Yes' WHERE user_id = ? AND broadcast_id = ?"; } $stmt = $conn->prepare($sql); $stmt->bind_param('sii', $exited_on, $user_id, $id); $stmt->execute(); $stmt->close(); } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function delete_chat($conn, $type, $message_id) { date_default_timezone_set('UTC'); $deleted_at = date('Y-m-d H:i:s'); echo $deleted_at; if ($type == "group") { $table = "messages"; } else if ($type == "broadcast") { $table = "broadcast_messages"; } try { $sql = "UPDATE $table SET deleted_on = ?, delete_status = 'Y' WHERE message_id = ? "; $stmt = $conn->prepare($sql); $stmt->bind_param('si', $deleted_at, $message_id); $stmt->execute(); $stmt->close(); echo "deleted chat successfully. " . $message_id; } catch (mysqli_sql_exception $e) { // Handle database errors echo "Error: " . $e->getMessage(); } } function display_broadcast($conn, $user_id) { $broadcasts = []; $broadcast_id = ''; $broadcast_name = ''; try { // Prepare SQL query $sql = "SELECT b.broadcast_id, b.broadcast_name FROM broadcasts b INNER JOIN broadcast_members bm ON b.broadcast_id = bm.broadcast_id WHERE bm.user_id = ? AND b.status = 'active' AND bm.exit_status = 'No'"; $stmt = $conn->prepare($sql); $stmt->bind_param('i', $user_id); // Execute query $stmt->execute(); // Bind result variables $stmt->bind_result($broadcast_id, $broadcast_name); // Fetch results into an associative array while ($stmt->fetch()) { $broadcasts[] = [ 'broadcast_id' => $broadcast_id, 'broadcast_name' => $broadcast_name ]; } // Close statement $stmt->close(); return $broadcasts; } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function create_broadcast($conn, $broadcast_name, $broadcast_description, $owner_id, $broadcast_membersId, $admin_ids, $broadcast_image) { $created_at = date('Y-m-d H:i:s'); try { if (!in_array($owner_id, $broadcast_membersId)) { $broadcast_membersId[] = $owner_id; } if (!in_array($owner_id, $admin_ids)) { $admin_ids[] = $owner_id; } $admin_ids = convertArrayToString($admin_ids); // Prepare SQL statement with placeholders $sql = "INSERT INTO broadcasts (broadcast_name, broadcast_description, created_at, owner_id, admin_id, broadcast_image) VALUES (?, ?, ?, ?, ?, ?)"; $stmt = $conn->prepare($sql); // Bind parameters to statement $stmt->bind_param("sssiss", $broadcast_name, $broadcast_description, $created_at, $owner_id, $admin_ids, $broadcast_image); // Execute statement $stmt->execute(); // Get the last inserted ID (group_id in this case) $broadcast_id = strval($stmt->insert_id); // Close statement $stmt->close(); foreach ($broadcast_membersId as $user_id) { add_members_to_the_broadcast($conn, $user_id, $broadcast_id); } } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function add_members_to_the_broadcast($conn, $user_id, $broadcast_id) { try { $joined_on = date('Y-m-d H:i:s'); // Prepare SQL statement with placeholders $sql = "INSERT INTO broadcast_members (user_id, broadcast_id, joined_on) VALUES (?, ?, ?)"; $stmt = $conn->prepare($sql); // Bind parameters to statement $stmt->bind_param("sss", $user_id, $broadcast_id, $joined_on); // Execute statement $stmt->execute(); } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function display_broadcast_messages($conn, $broadcast_id) { $message_id = ''; $message = ''; $posted_on = ''; $user_name = ''; try { // SQL query with placeholders $sql = "SELECT m.message_id, m.message, m.posted_on, u.full_name FROM broadcast_messages m JOIN user u ON m.user_id = u.id WHERE m.broadcast_id = ? AND m.delete_status='N';"; $stmt = $conn->prepare($sql); $stmt->bind_param('i', $broadcast_id); // 'i' indicates the type of the parameter (integer) // Execute query $stmt->execute(); // Bind result variables $stmt->bind_result($message_id, $message, $posted_on, $user_name); $chat = []; while ($stmt->fetch()) { $chat[] = [ 'message_id' => $message_id, 'message' => $message, 'time' => $posted_on, 'user_name' => htmlspecialchars_decode($user_name) ]; } // Close statement $stmt->close(); return $chat; } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function display_broadcast_name($conn, $broadcast_id) { $broadcast_name = ''; try { $sql = "SELECT broadcast_name FROM broadcasts WHERE broadcast_id = ?"; $stmt = $conn->prepare($sql); if (!$stmt) { throw new Exception("Prepare failed: (" . $conn->errno . ") " . $conn->error); } $stmt->bind_param('i', $broadcast_id); $stmt->execute(); $stmt->bind_result($broadcast_name); $stmt->fetch(); $stmt->close(); return $broadcast_name; } catch (Exception $e) { echo "Error: " . $e->getMessage(); return null; } } function display_broadcast_members($conn, $broadcast_id) { $user_id = ''; $user_name = ''; $email = ''; $data = []; try { $sql = "SELECT u.id, u.full_name, u.email FROM user u INNER JOIN broadcast_members bm ON u.id = bm.user_id WHERE bm.broadcast_id = ? AND exit_status = 'No'"; $stmt = $conn->prepare($sql); $stmt->bind_param("i", $broadcast_id); // Assuming user_id is an integer (change "i" if it's a different type) // Execute query $stmt->execute(); // Bind result variables $stmt->bind_result($user_id, $user_name, $email); // Fetch results into an associative array while ($stmt->fetch()) { $data[] = [ 'user_id' => $user_id, 'user_name' => $user_name, 'user_email' => $email ]; } // Close statement $stmt->close(); // print_r($data); return $data; } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } } function broadcast_members_to_add($conn, $broadcast_id) { $all_members = display_all_members($conn); $present_members = display_broadcast_members($conn, $broadcast_id); $present_ids = array_column($present_members, 'user_id'); $all_members = array_filter($all_members, function ($member) use ($present_ids) { return !in_array($member['user_id'], $present_ids); }); return $all_members; } function verify_admin($conn, $broadcast_id, $expected_admin_id) { $admin_id = ''; $sql = "SELECT admin_id FROM broadcasts WHERE broadcast_id = ?"; $stmt = $conn->prepare($sql); if ($stmt === false) { die('Prepare failed: ' . htmlspecialchars($conn->error)); } $stmt->bind_param('i', $broadcast_id); $stmt->execute(); $stmt->bind_result($admin_id); $stmt->fetch(); $stmt->close(); $admin_id = convertStringToArray($admin_id); foreach ($admin_id as $id) { if ($id == $expected_admin_id) { return true; } } return false; } function verify_group_member($db, $type, $user_id, $id) { $count = ''; try { if ($type == "group") { $sql = "SELECT COUNT(*) AS COUNT FROM group_members WHERE group_id = ? AND user_id = ?"; } elseif ($type == "broadcast") { $sql = "SELECT COUNT(*) AS COUNT FROM broadcast_members WHERE broadcast_id = ? AND user_id = ?"; } $stmt = $db->prepare($sql); $stmt->bind_param("ii", $id, $user_id); $stmt->execute(); $stmt->bind_result($count); $stmt->fetch(); $stmt->close(); if ($count >= 1) { return false; } else { return true; } } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); return false; } } function verify_group_broadcast_id($db, $type, $id) { function isValidResult($result) { return $result !== '' && $result !== null; } if ($type === "group") { $result = display_group_name($db, $id); return isValidResult($result); } elseif ($type === "broadcast") { $result = display_broadcast_name($db, $id); return isValidResult($result); } // Handle invalid type return false; } function display_image($conn, $type, $id) { $imageUrl = ''; $validTypes = ['group', 'broadcast']; if (!in_array($type, $validTypes)) { throw new InvalidArgumentException("Invalid type provided."); } try { if ($type == 'group') { $sql = "SELECT group_image FROM groups WHERE group_id = ?"; } else if ($type == 'broadcast') { $sql = "SELECT broadcast_image FROM broadcasts WHERE broadcast_id = ?"; } $stmt = $conn->prepare($sql); if (!$stmt) { throw new mysqli_sql_exception("Prepare failed: " . $conn->error); } $stmt->bind_param('i', $id); if (!$stmt->execute()) { throw new mysqli_sql_exception("Execute failed: " . $stmt->error); } $stmt->bind_result($imageUrl); if (!$stmt->fetch()) { $imageUrl = null; } $stmt->close(); return $imageUrl; } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } catch (InvalidArgumentException $e) { echo "Error: " . $e->getMessage(); } return null; } function display_description($conn, $type, $id) { $description = ''; $validTypes = ['group', 'broadcast']; if (!in_array($type, $validTypes)) { throw new InvalidArgumentException("Invalid type provided."); } try { if ($type == 'group') { $sql = "SELECT group_description FROM groups WHERE group_id = ?"; } else if ($type == 'broadcast') { $sql = "SELECT broadcast_description FROM broadcasts WHERE broadcast_id = ?"; } $stmt = $conn->prepare($sql); if (!$stmt) { throw new mysqli_sql_exception("Prepare failed: " . $conn->error); } $stmt->bind_param('i', $id); if (!$stmt->execute()) { throw new mysqli_sql_exception("Execute failed: " . $stmt->error); } $stmt->bind_result($description); if (!$stmt->fetch()) { $description = null; } $stmt->close(); return $description; } catch (mysqli_sql_exception $e) { echo "Error: " . $e->getMessage(); } catch (InvalidArgumentException $e) { echo "Error: " . $e->getMessage(); } return null; }