From ef7620eb0f19e3c44c6595fb8d58cc60e745604e Mon Sep 17 00:00:00 2001 From: Metacube Date: Sun, 2 Nov 2025 18:34:16 +0100 Subject: [PATCH] Bereinige doppelte Logik und CSS im Chat-Frontend --- chat1.php | 1355 +---------------------------------------------------- 1 file changed, 2 insertions(+), 1353 deletions(-) diff --git a/chat1.php b/chat1.php index dece074..305f212 100644 --- a/chat1.php +++ b/chat1.php @@ -758,9 +758,8 @@ if (isset($_POST['action']) || isset($_GET['action'])) { $keywordCheck = checkKeywordBlacklist($message); if ($keywordCheck['blocked']) { logSecurityEvent($currentUserId, 'KEYWORD_BLOCKED', "Keyword: {$keywordCheck['keyword']}"); - echo echo json_encode([ - 'success' => false, + 'success' => false, 'error' => 'Deine Nachricht enthΓ€lt nicht erlaubte Inhalte', 'details' => 'Verbotenes Wort erkannt: ' . $keywordCheck['keyword'] ]); @@ -1342,1347 +1341,6 @@ if (isset($_GET['stream']) && $_GET['stream'] === 'events') { ?> - - - - πŸ”’ Sicherer Private Chat - echo json_encode([ - 'success' => false, - 'error' => 'Diese Nachricht enthΓ€lt nicht erlaubte Inhalte: "' . $keywordCheck['keyword'] . '"', - 'blocked_keyword' => true - ]); - exit; - } - - // Profanity Filter - $profanityCheck = checkProfanityFilter($message); - if ($profanityCheck['blocked']) { - logSecurityEvent($currentUserId, 'PROFANITY_BLOCKED', "Word: {$profanityCheck['word']}"); - echo json_encode([ - 'success' => false, - 'error' => 'Bitte verwende keine SchimpfwΓΆrter', - 'blocked_profanity' => true - ]); - exit; - } - - // Link Filter - $linkCheck = checkLinkFilter($message); - if ($linkCheck['blocked']) { - logSecurityEvent($currentUserId, 'LINK_BLOCKED', "Message: $message"); - echo json_encode([ - 'success' => false, - 'error' => 'Links sind nicht erlaubt', - 'blocked_link' => true - ]); - exit; - } - - // Insert message - $stmt = $db->prepare(' - INSERT INTO messages (from_user_id, to_user_id, message) - VALUES (:from_user_id, :to_user_id, :message) - '); - $stmt->bindValue(':from_user_id', $currentUserId, SQLITE3_INTEGER); - $stmt->bindValue(':to_user_id', $toUserId, SQLITE3_INTEGER); - $stmt->bindValue(':message', $message, SQLITE3_TEXT); - $stmt->execute(); - - $messageId = $db->lastInsertRowID(); - - // Log rate limit - logRateLimit($currentUserId); - - echo json_encode([ - 'success' => true, - 'message_id' => $messageId, - 'timestamp' => date('Y-m-d H:i:s') - ]); - exit; - } - - // ─────────────────────────────────────────────────────── - // MARK AS READ - // ─────────────────────────────────────────────────────── - if ($action === 'mark_read') { - $otherUserId = intval($_POST['user_id'] ?? 0); - - if ($otherUserId <= 0) { - echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']); - exit; - } - - $db = getDB(); - $currentUserId = getCurrentUserId(); - - $stmt = $db->prepare(' - UPDATE messages - SET is_read = 1 - WHERE from_user_id = :other_user_id - AND to_user_id = :current_user_id - AND is_read = 0 - '); - $stmt->bindValue(':other_user_id', $otherUserId, SQLITE3_INTEGER); - $stmt->bindValue(':current_user_id', $currentUserId, SQLITE3_INTEGER); - $stmt->execute(); - - echo json_encode(['success' => true]); - exit; - } - - // ─────────────────────────────────────────────────────── - // BLOCK USER - // ─────────────────────────────────────────────────────── - if ($action === 'block_user') { - $blockUserId = intval($_POST['user_id'] ?? 0); - - if ($blockUserId <= 0) { - echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']); - exit; - } - - $db = getDB(); - $currentUserId = getCurrentUserId(); - - $stmt = $db->prepare(' - INSERT OR IGNORE INTO blocks (blocker_id, blocked_id) - VALUES (:blocker_id, :blocked_id) - '); - $stmt->bindValue(':blocker_id', $currentUserId, SQLITE3_INTEGER); - $stmt->bindValue(':blocked_id', $blockUserId, SQLITE3_INTEGER); - $stmt->execute(); - - logSecurityEvent($currentUserId, 'USER_BLOCKED', "Blocked user ID: $blockUserId"); - - echo json_encode(['success' => true]); - exit; - } - - // ─────────────────────────────────────────────────────── - // UNBLOCK USER - // ─────────────────────────────────────────────────────── - if ($action === 'unblock_user') { - $unblockUserId = intval($_POST['user_id'] ?? 0); - - if ($unblockUserId <= 0) { - echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']); - exit; - } - - $db = getDB(); - $currentUserId = getCurrentUserId(); - - $stmt = $db->prepare(' - DELETE FROM blocks - WHERE blocker_id = :blocker_id - AND blocked_id = :blocked_id - '); - $stmt->bindValue(':blocker_id', $currentUserId, SQLITE3_INTEGER); - $stmt->bindValue(':blocked_id', $unblockUserId, SQLITE3_INTEGER); - $stmt->execute(); - - logSecurityEvent($currentUserId, 'USER_UNBLOCKED', "Unblocked user ID: $unblockUserId"); - - echo json_encode(['success' => true]); - exit; - } - - // ─────────────────────────────────────────────────────── - // REPORT USER - // ─────────────────────────────────────────────────────── - if ($action === 'report_user') { - $reportedUserId = intval($_POST['user_id'] ?? 0); - $reason = trim($_POST['reason'] ?? ''); - $messageId = intval($_POST['message_id'] ?? 0); - - if ($reportedUserId <= 0) { - echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']); - exit; - } - - if (empty($reason)) { - echo json_encode(['success' => false, 'error' => 'Bitte gib einen Grund an']); - exit; - } - - $db = getDB(); - $currentUserId = getCurrentUserId(); - - $stmt = $db->prepare(' - INSERT INTO reports (reporter_id, reported_user_id, reason, message_id) - VALUES (:reporter_id, :reported_user_id, :reason, :message_id) - '); - $stmt->bindValue(':reporter_id', $currentUserId, SQLITE3_INTEGER); - $stmt->bindValue(':reported_user_id', $reportedUserId, SQLITE3_INTEGER); - $stmt->bindValue(':reason', $reason, SQLITE3_TEXT); - $stmt->bindValue(':message_id', $messageId > 0 ? $messageId : null, SQLITE3_INTEGER); - $stmt->execute(); - - logSecurityEvent($currentUserId, 'USER_REPORTED', "Reported user ID: $reportedUserId, Reason: $reason"); - - // Flag message if provided - if ($messageId > 0) { - $stmt = $db->prepare(' - UPDATE messages - SET is_flagged = 1, flag_reason = :reason - WHERE id = :message_id - '); - $stmt->bindValue(':reason', $reason, SQLITE3_TEXT); - $stmt->bindValue(':message_id', $messageId, SQLITE3_INTEGER); - $stmt->execute(); - } - - echo json_encode(['success' => true, 'message' => 'Meldung wurde erfasst. Danke!']); - exit; - } - - // ─────────────────────────────────────────────────────── - // GET BLOCKED USERS - // ─────────────────────────────────────────────────────── - if ($action === 'get_blocked_users') { - $db = getDB(); - $currentUserId = getCurrentUserId(); - - $query = ' - SELECT - u.id, - u.username, - u.user_id as display_id, - b.timestamp as blocked_at - FROM blocks b - JOIN users u ON b.blocked_id = u.id - WHERE b.blocker_id = :current_user_id - ORDER BY b.timestamp DESC - '; - - $stmt = $db->prepare($query); - $stmt->bindValue(':current_user_id', $currentUserId, SQLITE3_INTEGER); - $result = $stmt->execute(); - - $blocked = []; - while ($row = $result->fetchArray(SQLITE3_ASSOC)) { - $blocked[] = [ - 'id' => $row['id'], - 'username' => $row['username'], - 'display_id' => $row['display_id'], - 'display_name' => $row['username'] . '#' . $row['display_id'], - 'blocked_at' => $row['blocked_at'] - ]; - } - - echo json_encode(['success' => true, 'blocked' => $blocked]); - exit; - } - - // ═══════════════════════════════════════════════════════════ - // ADMIN ACTIONS - // ═══════════════════════════════════════════════════════════ - - if (!isAdmin()) { - echo json_encode(['success' => false, 'error' => 'Admin-Rechte erforderlich']); - exit; - } - - // ─────────────────────────────────────────────────────── - // GET ADMIN STATS - // ─────────────────────────────────────────────────────── - if ($action === 'admin_stats') { - $db = getDB(); - - // Total users - $result = $db->query('SELECT COUNT(*) as count FROM users WHERE is_banned = 0'); - $totalUsers = $result->fetchArray(SQLITE3_ASSOC)['count']; - - // U18 users - $result = $db->query('SELECT COUNT(*) as count FROM users WHERE age_group = "U18" AND is_banned = 0'); - $u18Users = $result->fetchArray(SQLITE3_ASSOC)['count']; - - // O18 users - $result = $db->query('SELECT COUNT(*) as count FROM users WHERE age_group = "O18" AND is_banned = 0'); - $o18Users = $result->fetchArray(SQLITE3_ASSOC)['count']; - - // Total messages today - $result = $db->query('SELECT COUNT(*) as count FROM messages WHERE DATE(timestamp) = DATE("now")'); - $messagesToday = $result->fetchArray(SQLITE3_ASSOC)['count']; - - // Pending reports - $result = $db->query('SELECT COUNT(*) as count FROM reports WHERE status = "pending"'); - $pendingReports = $result->fetchArray(SQLITE3_ASSOC)['count']; - - // Flagged messages - $result = $db->query('SELECT COUNT(*) as count FROM messages WHERE is_flagged = 1'); - $flaggedMessages = $result->fetchArray(SQLITE3_ASSOC)['count']; - - // Banned users - $result = $db->query('SELECT COUNT(*) as count FROM users WHERE is_banned = 1'); - $bannedUsers = $result->fetchArray(SQLITE3_ASSOC)['count']; - - echo json_encode([ - 'success' => true, - 'stats' => [ - 'total_users' => $totalUsers, - 'u18_users' => $u18Users, - 'o18_users' => $o18Users, - 'messages_today' => $messagesToday, - 'pending_reports' => $pendingReports, - 'flagged_messages' => $flaggedMessages, - 'banned_users' => $bannedUsers - ] - ]); - exit; - } - - // ─────────────────────────────────────────────────────── - // GET REPORTS - // ─────────────────────────────────────────────────────── - if ($action === 'admin_get_reports') { - $db = getDB(); - - $query = ' - SELECT - r.id, - r.reason, - r.timestamp, - r.status, - r.message_id, - reporter.username as reporter_name, - reporter.user_id as reporter_display_id, - reported.username as reported_name, - reported.user_id as reported_display_id, - reported.id as reported_user_id, - m.message as message_content - FROM reports r - JOIN users reporter ON r.reporter_id = reporter.id - JOIN users reported ON r.reported_user_id = reported.id - LEFT JOIN messages m ON r.message_id = m.id - ORDER BY r.timestamp DESC - LIMIT 50 - '; - - $result = $db->query($query); - - $reports = []; - while ($row = $result->fetchArray(SQLITE3_ASSOC)) { - $reports[] = [ - 'id' => $row['id'], - 'reason' => $row['reason'], - 'timestamp' => $row['timestamp'], - 'status' => $row['status'], - 'reporter_name' => $row['reporter_name'] . '#' . $row['reporter_display_id'], - 'reported_name' => $row['reported_name'] . '#' . $row['reported_display_id'], - 'reported_user_id' => $row['reported_user_id'], - 'message_content' => $row['message_content'] - ]; - } - - echo json_encode(['success' => true, 'reports' => $reports]); - exit; - } - - // ─────────────────────────────────────────────────────── - // BAN USER - // ─────────────────────────────────────────────────────── - if ($action === 'admin_ban_user') { - $userId = intval($_POST['user_id'] ?? 0); - $reason = trim($_POST['reason'] ?? 'Verstoß gegen Nutzungsbedingungen'); - - if ($userId <= 0) { - echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']); - exit; - } - - $db = getDB(); - - $stmt = $db->prepare(' - UPDATE users - SET is_banned = 1, ban_reason = :reason - WHERE id = :user_id - '); - $stmt->bindValue(':user_id', $userId, SQLITE3_INTEGER); - $stmt->bindValue(':reason', $reason, SQLITE3_TEXT); - $stmt->execute(); - - logSecurityEvent(null, 'ADMIN_BAN_USER', "User ID: $userId, Reason: $reason"); - - echo json_encode(['success' => true]); - exit; - } - - // ─────────────────────────────────────────────────────── - // UNBAN USER - // ─────────────────────────────────────────────────────── - if ($action === 'admin_unban_user') { - $userId = intval($_POST['user_id'] ?? 0); - - if ($userId <= 0) { - echo json_encode(['success' => false, 'error' => 'UngΓΌltige User-ID']); - exit; - } - - $db = getDB(); - - $stmt = $db->prepare(' - UPDATE users - SET is_banned = 0, ban_reason = NULL - WHERE id = :user_id - '); - $stmt->bindValue(':user_id', $userId, SQLITE3_INTEGER); - $stmt->execute(); - - logSecurityEvent(null, 'ADMIN_UNBAN_USER', "User ID: $userId"); - - echo json_encode(['success' => true]); - exit; - } - - // ─────────────────────────────────────────────────────── - // RESOLVE REPORT - // ─────────────────────────────────────────────────────── - if ($action === 'admin_resolve_report') { - $reportId = intval($_POST['report_id'] ?? 0); - $status = $_POST['status'] ?? 'resolved'; - - if ($reportId <= 0) { - echo json_encode(['success' => false, 'error' => 'UngΓΌltige Report-ID']); - exit; - } - - $db = getDB(); - - $stmt = $db->prepare('UPDATE reports SET status = :status WHERE id = :report_id'); - $stmt->bindValue(':status', $status, SQLITE3_TEXT); - $stmt->bindValue(':report_id', $reportId, SQLITE3_INTEGER); - $stmt->execute(); - - logSecurityEvent(null, 'ADMIN_RESOLVE_REPORT', "Report ID: $reportId, Status: $status"); - - echo json_encode(['success' => true]); - exit; - } - - // ─────────────────────────────────────────────────────── - // GET SECURITY LOGS - // ─────────────────────────────────────────────────────── - if ($action === 'admin_get_logs') { - $db = getDB(); - - $query = ' - SELECT - l.id, - l.action, - l.details, - l.ip_address, - l.timestamp, - u.username, - u.user_id as display_id - FROM security_logs l - LEFT JOIN users u ON l.user_id = u.id - ORDER BY l.timestamp DESC - LIMIT 100 - '; - - $result = $db->query($query); - - $logs = []; - while ($row = $result->fetchArray(SQLITE3_ASSOC)) { - $logs[] = [ - 'id' => $row['id'], - 'action' => $row['action'], - 'details' => $row['details'], - 'ip_address' => $row['ip_address'], - 'timestamp' => $row['timestamp'], - 'username' => $row['username'] ? $row['username'] . '#' . $row['display_id'] : 'System' - ]; - } - - echo json_encode(['success' => true, 'logs' => $logs]); - exit; - } - - echo json_encode(['success' => false, 'error' => 'Unbekannte Aktion']); - exit; -} - -// ═══════════════════════════════════════════════════════════ -// SSE STREAM (ECHTZEIT) -// ═══════════════════════════════════════════════════════════ - -if (isset($_GET['stream']) && $_GET['stream'] === 'events') { - if (!isLoggedIn()) { - exit; - } - - header('Content-Type: text/event-stream'); - header('Cache-Control: no-cache'); - header('Connection: keep-alive'); - header('X-Accel-Buffering: no'); - - $currentUserId = getCurrentUserId(); - $lastMessageId = intval($_GET['last_message_id'] ?? 0); - - set_time_limit(0); - ob_implicit_flush(true); - ob_end_flush(); - - $db = getDB(); - - $stmt = $db->prepare(' - SELECT - m.id, - m.from_user_id, - m.to_user_id, - m.message, - m.timestamp, - u.username as from_username, - u.user_id as from_display_id - FROM messages m - JOIN users u ON m.from_user_id = u.id - WHERE m.id > :last_message_id - AND (m.to_user_id = :current_user_id OR m.from_user_id = :current_user_id) - ORDER BY m.id ASC - '); - $stmt->bindValue(':last_message_id', $lastMessageId, SQLITE3_INTEGER); - $stmt->bindValue(':current_user_id', $currentUserId, SQLITE3_INTEGER); - $result = $stmt->execute(); - - $messages = []; - while ($row = $result->fetchArray(SQLITE3_ASSOC)) { - $messages[] = [ - 'id' => $row['id'], - 'from_user_id' => $row['from_user_id'], - 'to_user_id' => $row['to_user_id'], - 'message' => $row['message'], - 'timestamp' => $row['timestamp'], - 'from_username' => $row['from_username'], - 'from_display_id' => $row['from_display_id'], - 'from_display_name' => $row['from_username'] . '#' . $row['from_display_id'] - ]; - } - - if (!empty($messages)) { - echo "data: " . json_encode(['type' => 'messages', 'messages' => $messages]) . "\n\n"; - flush(); - } else { - echo "data: " . json_encode(['type' => 'ping']) . "\n\n"; - flush(); - } - - exit; -} - -// ═══════════════════════════════════════════════════════════ -// HTML OUTPUT -// ═══════════════════════════════════════════════════════════ -?> - - - - - - πŸ’¬ Secure Private Chat - -