diff --git a/chat1.php b/chat1.php
index dece074..305f212 100644
--- a/chat1.php
+++ b/chat1.php
@@ -758,9 +758,8 @@ if (isset($_POST['action']) || isset($_GET['action'])) {
$keywordCheck = checkKeywordBlacklist($message);
if ($keywordCheck['blocked']) {
logSecurityEvent($currentUserId, 'KEYWORD_BLOCKED', "Keyword: {$keywordCheck['keyword']}");
- echo
echo json_encode([
- 'success' => false,
+ 'success' => false,
'error' => 'Deine Nachricht enthΓ€lt nicht erlaubte Inhalte',
'details' => 'Verbotenes Wort erkannt: ' . $keywordCheck['keyword']
]);
@@ -1342,1347 +1341,6 @@ if (isset($_GET['stream']) && $_GET['stream'] === 'events') {
?>
-
-
-
- π Sicherer Private Chat
- echo json_encode([
- 'success' => false,
- 'error' => 'Diese Nachricht enthΓ€lt nicht erlaubte Inhalte: "' . $keywordCheck['keyword'] . '"',
- 'blocked_keyword' => true
- ]);
- exit;
- }
-
- // Profanity Filter
- $profanityCheck = checkProfanityFilter($message);
- if ($profanityCheck['blocked']) {
- logSecurityEvent($currentUserId, 'PROFANITY_BLOCKED', "Word: {$profanityCheck['word']}");
- echo json_encode([
- 'success' => false,
- 'error' => 'Bitte verwende keine SchimpfwΓΆrter',
- 'blocked_profanity' => true
- ]);
- exit;
- }
-
- // Link Filter
- $linkCheck = checkLinkFilter($message);
- if ($linkCheck['blocked']) {
- logSecurityEvent($currentUserId, 'LINK_BLOCKED', "Message: $message");
- echo json_encode([
- 'success' => false,
- 'error' => 'Links sind nicht erlaubt',
- 'blocked_link' => true
- ]);
- exit;
- }
-
- // Insert message
- $stmt = $db->prepare('
- INSERT INTO messages (from_user_id, to_user_id, message)
- VALUES (:from_user_id, :to_user_id, :message)
- ');
- $stmt->bindValue(':from_user_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':to_user_id', $toUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':message', $message, SQLITE3_TEXT);
- $stmt->execute();
-
- $messageId = $db->lastInsertRowID();
-
- // Log rate limit
- logRateLimit($currentUserId);
-
- echo json_encode([
- 'success' => true,
- 'message_id' => $messageId,
- 'timestamp' => date('Y-m-d H:i:s')
- ]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // MARK AS READ
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'mark_read') {
- $otherUserId = intval($_POST['user_id'] ?? 0);
-
- if ($otherUserId <= 0) {
- echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']);
- exit;
- }
-
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $stmt = $db->prepare('
- UPDATE messages
- SET is_read = 1
- WHERE from_user_id = :other_user_id
- AND to_user_id = :current_user_id
- AND is_read = 0
- ');
- $stmt->bindValue(':other_user_id', $otherUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':current_user_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->execute();
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // BLOCK USER
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'block_user') {
- $blockUserId = intval($_POST['user_id'] ?? 0);
-
- if ($blockUserId <= 0) {
- echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']);
- exit;
- }
-
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $stmt = $db->prepare('
- INSERT OR IGNORE INTO blocks (blocker_id, blocked_id)
- VALUES (:blocker_id, :blocked_id)
- ');
- $stmt->bindValue(':blocker_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':blocked_id', $blockUserId, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent($currentUserId, 'USER_BLOCKED', "Blocked user ID: $blockUserId");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // UNBLOCK USER
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'unblock_user') {
- $unblockUserId = intval($_POST['user_id'] ?? 0);
-
- if ($unblockUserId <= 0) {
- echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']);
- exit;
- }
-
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $stmt = $db->prepare('
- DELETE FROM blocks
- WHERE blocker_id = :blocker_id
- AND blocked_id = :blocked_id
- ');
- $stmt->bindValue(':blocker_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':blocked_id', $unblockUserId, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent($currentUserId, 'USER_UNBLOCKED', "Unblocked user ID: $unblockUserId");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // REPORT USER
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'report_user') {
- $reportedUserId = intval($_POST['user_id'] ?? 0);
- $reason = trim($_POST['reason'] ?? '');
- $messageId = intval($_POST['message_id'] ?? 0);
-
- if ($reportedUserId <= 0) {
- echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']);
- exit;
- }
-
- if (empty($reason)) {
- echo json_encode(['success' => false, 'error' => 'Bitte gib einen Grund an']);
- exit;
- }
-
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $stmt = $db->prepare('
- INSERT INTO reports (reporter_id, reported_user_id, reason, message_id)
- VALUES (:reporter_id, :reported_user_id, :reason, :message_id)
- ');
- $stmt->bindValue(':reporter_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':reported_user_id', $reportedUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':reason', $reason, SQLITE3_TEXT);
- $stmt->bindValue(':message_id', $messageId > 0 ? $messageId : null, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent($currentUserId, 'USER_REPORTED', "Reported user ID: $reportedUserId, Reason: $reason");
-
- // Flag message if provided
- if ($messageId > 0) {
- $stmt = $db->prepare('
- UPDATE messages
- SET is_flagged = 1, flag_reason = :reason
- WHERE id = :message_id
- ');
- $stmt->bindValue(':reason', $reason, SQLITE3_TEXT);
- $stmt->bindValue(':message_id', $messageId, SQLITE3_INTEGER);
- $stmt->execute();
- }
-
- echo json_encode(['success' => true, 'message' => 'Meldung wurde erfasst. Danke!']);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // GET BLOCKED USERS
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'get_blocked_users') {
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $query = '
- SELECT
- u.id,
- u.username,
- u.user_id as display_id,
- b.timestamp as blocked_at
- FROM blocks b
- JOIN users u ON b.blocked_id = u.id
- WHERE b.blocker_id = :current_user_id
- ORDER BY b.timestamp DESC
- ';
-
- $stmt = $db->prepare($query);
- $stmt->bindValue(':current_user_id', $currentUserId, SQLITE3_INTEGER);
- $result = $stmt->execute();
-
- $blocked = [];
- while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
- $blocked[] = [
- 'id' => $row['id'],
- 'username' => $row['username'],
- 'display_id' => $row['display_id'],
- 'display_name' => $row['username'] . '#' . $row['display_id'],
- 'blocked_at' => $row['blocked_at']
- ];
- }
-
- echo json_encode(['success' => true, 'blocked' => $blocked]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // ADMIN ACTIONS
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
-
- if (!isAdmin()) {
- echo json_encode(['success' => false, 'error' => 'Admin-Rechte erforderlich']);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // GET ADMIN STATS
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'admin_stats') {
- $db = getDB();
-
- // Total users
- $result = $db->query('SELECT COUNT(*) as count FROM users WHERE is_banned = 0');
- $totalUsers = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // U18 users
- $result = $db->query('SELECT COUNT(*) as count FROM users WHERE age_group = "U18" AND is_banned = 0');
- $u18Users = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // O18 users
- $result = $db->query('SELECT COUNT(*) as count FROM users WHERE age_group = "O18" AND is_banned = 0');
- $o18Users = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // Total messages today
- $result = $db->query('SELECT COUNT(*) as count FROM messages WHERE DATE(timestamp) = DATE("now")');
- $messagesToday = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // Pending reports
- $result = $db->query('SELECT COUNT(*) as count FROM reports WHERE status = "pending"');
- $pendingReports = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // Flagged messages
- $result = $db->query('SELECT COUNT(*) as count FROM messages WHERE is_flagged = 1');
- $flaggedMessages = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // Banned users
- $result = $db->query('SELECT COUNT(*) as count FROM users WHERE is_banned = 1');
- $bannedUsers = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- echo json_encode([
- 'success' => true,
- 'stats' => [
- 'total_users' => $totalUsers,
- 'u18_users' => $u18Users,
- 'o18_users' => $o18Users,
- 'messages_today' => $messagesToday,
- 'pending_reports' => $pendingReports,
- 'flagged_messages' => $flaggedMessages,
- 'banned_users' => $bannedUsers
- ]
- ]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // GET REPORTS
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'admin_get_reports') {
- $db = getDB();
-
- $query = '
- SELECT
- r.id,
- r.reason,
- r.timestamp,
- r.status,
- r.message_id,
- reporter.username as reporter_name,
- reporter.user_id as reporter_display_id,
- reported.username as reported_name,
- reported.user_id as reported_display_id,
- reported.id as reported_user_id,
- m.message as message_content
- FROM reports r
- JOIN users reporter ON r.reporter_id = reporter.id
- JOIN users reported ON r.reported_user_id = reported.id
- LEFT JOIN messages m ON r.message_id = m.id
- ORDER BY r.timestamp DESC
- LIMIT 50
- ';
-
- $result = $db->query($query);
-
- $reports = [];
- while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
- $reports[] = [
- 'id' => $row['id'],
- 'reason' => $row['reason'],
- 'timestamp' => $row['timestamp'],
- 'status' => $row['status'],
- 'reporter_name' => $row['reporter_name'] . '#' . $row['reporter_display_id'],
- 'reported_name' => $row['reported_name'] . '#' . $row['reported_display_id'],
- 'reported_user_id' => $row['reported_user_id'],
- 'message_content' => $row['message_content']
- ];
- }
-
- echo json_encode(['success' => true, 'reports' => $reports]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // BAN USER
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'admin_ban_user') {
- $userId = intval($_POST['user_id'] ?? 0);
- $reason = trim($_POST['reason'] ?? 'VerstoΓ gegen Nutzungsbedingungen');
-
- if ($userId <= 0) {
- echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']);
- exit;
- }
-
- $db = getDB();
-
- $stmt = $db->prepare('
- UPDATE users
- SET is_banned = 1, ban_reason = :reason
- WHERE id = :user_id
- ');
- $stmt->bindValue(':user_id', $userId, SQLITE3_INTEGER);
- $stmt->bindValue(':reason', $reason, SQLITE3_TEXT);
- $stmt->execute();
-
- logSecurityEvent(null, 'ADMIN_BAN_USER', "User ID: $userId, Reason: $reason");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // UNBAN USER
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'admin_unban_user') {
- $userId = intval($_POST['user_id'] ?? 0);
-
- if ($userId <= 0) {
- echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']);
- exit;
- }
-
- $db = getDB();
-
- $stmt = $db->prepare('
- UPDATE users
- SET is_banned = 0, ban_reason = NULL
- WHERE id = :user_id
- ');
- $stmt->bindValue(':user_id', $userId, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent(null, 'ADMIN_UNBAN_USER', "User ID: $userId");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // RESOLVE REPORT
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'admin_resolve_report') {
- $reportId = intval($_POST['report_id'] ?? 0);
- $status = $_POST['status'] ?? 'resolved';
-
- if ($reportId <= 0) {
- echo json_encode(['success' => false, 'error' => 'UngΓΌltige Report-ID']);
- exit;
- }
-
- $db = getDB();
-
- $stmt = $db->prepare('UPDATE reports SET status = :status WHERE id = :report_id');
- $stmt->bindValue(':status', $status, SQLITE3_TEXT);
- $stmt->bindValue(':report_id', $reportId, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent(null, 'ADMIN_RESOLVE_REPORT', "Report ID: $reportId, Status: $status");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- // GET SECURITY LOGS
- // βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- if ($action === 'admin_get_logs') {
- $db = getDB();
-
- $query = '
- SELECT
- l.id,
- l.action,
- l.details,
- l.ip_address,
- l.timestamp,
- u.username,
- u.user_id as display_id
- FROM security_logs l
- LEFT JOIN users u ON l.user_id = u.id
- ORDER BY l.timestamp DESC
- LIMIT 100
- ';
-
- $result = $db->query($query);
-
- $logs = [];
- while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
- $logs[] = [
- 'id' => $row['id'],
- 'action' => $row['action'],
- 'details' => $row['details'],
- 'ip_address' => $row['ip_address'],
- 'timestamp' => $row['timestamp'],
- 'username' => $row['username'] ? $row['username'] . '#' . $row['display_id'] : 'System'
- ];
- }
-
- echo json_encode(['success' => true, 'logs' => $logs]);
- exit;
- }
-
- echo json_encode(['success' => false, 'error' => 'Unbekannte Aktion']);
- exit;
-}
-
-// βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
-// SSE STREAM (ECHTZEIT)
-// βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
-
-if (isset($_GET['stream']) && $_GET['stream'] === 'events') {
- if (!isLoggedIn()) {
- exit;
- }
-
- header('Content-Type: text/event-stream');
- header('Cache-Control: no-cache');
- header('Connection: keep-alive');
- header('X-Accel-Buffering: no');
-
- $currentUserId = getCurrentUserId();
- $lastMessageId = intval($_GET['last_message_id'] ?? 0);
-
- set_time_limit(0);
- ob_implicit_flush(true);
- ob_end_flush();
-
- $db = getDB();
-
- $stmt = $db->prepare('
- SELECT
- m.id,
- m.from_user_id,
- m.to_user_id,
- m.message,
- m.timestamp,
- u.username as from_username,
- u.user_id as from_display_id
- FROM messages m
- JOIN users u ON m.from_user_id = u.id
- WHERE m.id > :last_message_id
- AND (m.to_user_id = :current_user_id OR m.from_user_id = :current_user_id)
- ORDER BY m.id ASC
- ');
- $stmt->bindValue(':last_message_id', $lastMessageId, SQLITE3_INTEGER);
- $stmt->bindValue(':current_user_id', $currentUserId, SQLITE3_INTEGER);
- $result = $stmt->execute();
-
- $messages = [];
- while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
- $messages[] = [
- 'id' => $row['id'],
- 'from_user_id' => $row['from_user_id'],
- 'to_user_id' => $row['to_user_id'],
- 'message' => $row['message'],
- 'timestamp' => $row['timestamp'],
- 'from_username' => $row['from_username'],
- 'from_display_id' => $row['from_display_id'],
- 'from_display_name' => $row['from_username'] . '#' . $row['from_display_id']
- ];
- }
-
- if (!empty($messages)) {
- echo "data: " . json_encode(['type' => 'messages', 'messages' => $messages]) . "\n\n";
- flush();
- } else {
- echo "data: " . json_encode(['type' => 'ping']) . "\n\n";
- flush();
- }
-
- exit;
-}
-
-// βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
-// HTML OUTPUT
-// βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
-?>
-
-
-
-
-
- π¬ Secure Private Chat
-
-