diff --git a/chat1.php b/chat1.php
index dece074..dcf92bf 100644
--- a/chat1.php
+++ b/chat1.php
@@ -375,6 +375,7 @@ function cleanupOldData() {
// ═══════════════════════════════════════════════════════════
session_start();
+$isAdminPage = isset($_GET['admin']);
function isLoggedIn() {
return isset($_SESSION['user_id']) && isset($_SESSION['username']);
@@ -758,9 +759,8 @@ if (isset($_POST['action']) || isset($_GET['action'])) {
$keywordCheck = checkKeywordBlacklist($message);
if ($keywordCheck['blocked']) {
logSecurityEvent($currentUserId, 'KEYWORD_BLOCKED', "Keyword: {$keywordCheck['keyword']}");
- echo
echo json_encode([
- 'success' => false,
+ 'success' => false,
'error' => 'Deine Nachricht enthält nicht erlaubte Inhalte',
'details' => 'Verbotenes Wort erkannt: ' . $keywordCheck['keyword']
]);
@@ -1156,7 +1156,32 @@ if (isset($_POST['action']) || isset($_GET['action'])) {
]);
exit;
}
-
+
+ if ($action === 'admin_get_banned_users') {
+ $db = getDB();
+
+ $result = $db->query('
+ SELECT id, username, user_id as display_id, ban_reason, last_seen
+ FROM users
+ WHERE is_banned = 1
+ ORDER BY last_seen DESC
+ LIMIT 100
+ ');
+
+ $banned = [];
+ while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
+ $banned[] = [
+ 'id' => $row['id'],
+ 'display_name' => $row['username'] . '#' . $row['display_id'],
+ 'reason' => $row['ban_reason'] ?? 'keine Angabe',
+ 'last_seen' => $row['last_seen']
+ ];
+ }
+
+ echo json_encode(['success' => true, 'banned' => $banned]);
+ exit;
+ }
+
// ───────────────────────────────────────────────────────
// ADMIN: BAN USER
// ───────────────────────────────────────────────────────
@@ -1342,1347 +1367,6 @@ if (isset($_GET['stream']) && $_GET['stream'] === 'events') {
?>
-
-
-
- 🔒 Sicherer Private Chat
- echo json_encode([
- 'success' => false,
- 'error' => 'Diese Nachricht enthält nicht erlaubte Inhalte: "' . $keywordCheck['keyword'] . '"',
- 'blocked_keyword' => true
- ]);
- exit;
- }
-
- // Profanity Filter
- $profanityCheck = checkProfanityFilter($message);
- if ($profanityCheck['blocked']) {
- logSecurityEvent($currentUserId, 'PROFANITY_BLOCKED', "Word: {$profanityCheck['word']}");
- echo json_encode([
- 'success' => false,
- 'error' => 'Bitte verwende keine Schimpfwörter',
- 'blocked_profanity' => true
- ]);
- exit;
- }
-
- // Link Filter
- $linkCheck = checkLinkFilter($message);
- if ($linkCheck['blocked']) {
- logSecurityEvent($currentUserId, 'LINK_BLOCKED', "Message: $message");
- echo json_encode([
- 'success' => false,
- 'error' => 'Links sind nicht erlaubt',
- 'blocked_link' => true
- ]);
- exit;
- }
-
- // Insert message
- $stmt = $db->prepare('
- INSERT INTO messages (from_user_id, to_user_id, message)
- VALUES (:from_user_id, :to_user_id, :message)
- ');
- $stmt->bindValue(':from_user_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':to_user_id', $toUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':message', $message, SQLITE3_TEXT);
- $stmt->execute();
-
- $messageId = $db->lastInsertRowID();
-
- // Log rate limit
- logRateLimit($currentUserId);
-
- echo json_encode([
- 'success' => true,
- 'message_id' => $messageId,
- 'timestamp' => date('Y-m-d H:i:s')
- ]);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // MARK AS READ
- // ───────────────────────────────────────────────────────
- if ($action === 'mark_read') {
- $otherUserId = intval($_POST['user_id'] ?? 0);
-
- if ($otherUserId <= 0) {
- echo json_encode(['success' => false, 'error' => 'Ungültige User-ID']);
- exit;
- }
-
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $stmt = $db->prepare('
- UPDATE messages
- SET is_read = 1
- WHERE from_user_id = :other_user_id
- AND to_user_id = :current_user_id
- AND is_read = 0
- ');
- $stmt->bindValue(':other_user_id', $otherUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':current_user_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->execute();
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // BLOCK USER
- // ───────────────────────────────────────────────────────
- if ($action === 'block_user') {
- $blockUserId = intval($_POST['user_id'] ?? 0);
-
- if ($blockUserId <= 0) {
- echo json_encode(['success' => false, 'error' => 'Ungültige User-ID']);
- exit;
- }
-
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $stmt = $db->prepare('
- INSERT OR IGNORE INTO blocks (blocker_id, blocked_id)
- VALUES (:blocker_id, :blocked_id)
- ');
- $stmt->bindValue(':blocker_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':blocked_id', $blockUserId, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent($currentUserId, 'USER_BLOCKED', "Blocked user ID: $blockUserId");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // UNBLOCK USER
- // ───────────────────────────────────────────────────────
- if ($action === 'unblock_user') {
- $unblockUserId = intval($_POST['user_id'] ?? 0);
-
- if ($unblockUserId <= 0) {
- echo json_encode(['success' => false, 'error' => 'Ungültige User-ID']);
- exit;
- }
-
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $stmt = $db->prepare('
- DELETE FROM blocks
- WHERE blocker_id = :blocker_id
- AND blocked_id = :blocked_id
- ');
- $stmt->bindValue(':blocker_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':blocked_id', $unblockUserId, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent($currentUserId, 'USER_UNBLOCKED', "Unblocked user ID: $unblockUserId");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // REPORT USER
- // ───────────────────────────────────────────────────────
- if ($action === 'report_user') {
- $reportedUserId = intval($_POST['user_id'] ?? 0);
- $reason = trim($_POST['reason'] ?? '');
- $messageId = intval($_POST['message_id'] ?? 0);
-
- if ($reportedUserId <= 0) {
- echo json_encode(['success' => false, 'error' => 'Ungültige User-ID']);
- exit;
- }
-
- if (empty($reason)) {
- echo json_encode(['success' => false, 'error' => 'Bitte gib einen Grund an']);
- exit;
- }
-
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $stmt = $db->prepare('
- INSERT INTO reports (reporter_id, reported_user_id, reason, message_id)
- VALUES (:reporter_id, :reported_user_id, :reason, :message_id)
- ');
- $stmt->bindValue(':reporter_id', $currentUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':reported_user_id', $reportedUserId, SQLITE3_INTEGER);
- $stmt->bindValue(':reason', $reason, SQLITE3_TEXT);
- $stmt->bindValue(':message_id', $messageId > 0 ? $messageId : null, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent($currentUserId, 'USER_REPORTED', "Reported user ID: $reportedUserId, Reason: $reason");
-
- // Flag message if provided
- if ($messageId > 0) {
- $stmt = $db->prepare('
- UPDATE messages
- SET is_flagged = 1, flag_reason = :reason
- WHERE id = :message_id
- ');
- $stmt->bindValue(':reason', $reason, SQLITE3_TEXT);
- $stmt->bindValue(':message_id', $messageId, SQLITE3_INTEGER);
- $stmt->execute();
- }
-
- echo json_encode(['success' => true, 'message' => 'Meldung wurde erfasst. Danke!']);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // GET BLOCKED USERS
- // ───────────────────────────────────────────────────────
- if ($action === 'get_blocked_users') {
- $db = getDB();
- $currentUserId = getCurrentUserId();
-
- $query = '
- SELECT
- u.id,
- u.username,
- u.user_id as display_id,
- b.timestamp as blocked_at
- FROM blocks b
- JOIN users u ON b.blocked_id = u.id
- WHERE b.blocker_id = :current_user_id
- ORDER BY b.timestamp DESC
- ';
-
- $stmt = $db->prepare($query);
- $stmt->bindValue(':current_user_id', $currentUserId, SQLITE3_INTEGER);
- $result = $stmt->execute();
-
- $blocked = [];
- while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
- $blocked[] = [
- 'id' => $row['id'],
- 'username' => $row['username'],
- 'display_id' => $row['display_id'],
- 'display_name' => $row['username'] . '#' . $row['display_id'],
- 'blocked_at' => $row['blocked_at']
- ];
- }
-
- echo json_encode(['success' => true, 'blocked' => $blocked]);
- exit;
- }
-
- // ═══════════════════════════════════════════════════════════
- // ADMIN ACTIONS
- // ═══════════════════════════════════════════════════════════
-
- if (!isAdmin()) {
- echo json_encode(['success' => false, 'error' => 'Admin-Rechte erforderlich']);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // GET ADMIN STATS
- // ───────────────────────────────────────────────────────
- if ($action === 'admin_stats') {
- $db = getDB();
-
- // Total users
- $result = $db->query('SELECT COUNT(*) as count FROM users WHERE is_banned = 0');
- $totalUsers = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // U18 users
- $result = $db->query('SELECT COUNT(*) as count FROM users WHERE age_group = "U18" AND is_banned = 0');
- $u18Users = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // O18 users
- $result = $db->query('SELECT COUNT(*) as count FROM users WHERE age_group = "O18" AND is_banned = 0');
- $o18Users = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // Total messages today
- $result = $db->query('SELECT COUNT(*) as count FROM messages WHERE DATE(timestamp) = DATE("now")');
- $messagesToday = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // Pending reports
- $result = $db->query('SELECT COUNT(*) as count FROM reports WHERE status = "pending"');
- $pendingReports = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // Flagged messages
- $result = $db->query('SELECT COUNT(*) as count FROM messages WHERE is_flagged = 1');
- $flaggedMessages = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- // Banned users
- $result = $db->query('SELECT COUNT(*) as count FROM users WHERE is_banned = 1');
- $bannedUsers = $result->fetchArray(SQLITE3_ASSOC)['count'];
-
- echo json_encode([
- 'success' => true,
- 'stats' => [
- 'total_users' => $totalUsers,
- 'u18_users' => $u18Users,
- 'o18_users' => $o18Users,
- 'messages_today' => $messagesToday,
- 'pending_reports' => $pendingReports,
- 'flagged_messages' => $flaggedMessages,
- 'banned_users' => $bannedUsers
- ]
- ]);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // GET REPORTS
- // ───────────────────────────────────────────────────────
- if ($action === 'admin_get_reports') {
- $db = getDB();
-
- $query = '
- SELECT
- r.id,
- r.reason,
- r.timestamp,
- r.status,
- r.message_id,
- reporter.username as reporter_name,
- reporter.user_id as reporter_display_id,
- reported.username as reported_name,
- reported.user_id as reported_display_id,
- reported.id as reported_user_id,
- m.message as message_content
- FROM reports r
- JOIN users reporter ON r.reporter_id = reporter.id
- JOIN users reported ON r.reported_user_id = reported.id
- LEFT JOIN messages m ON r.message_id = m.id
- ORDER BY r.timestamp DESC
- LIMIT 50
- ';
-
- $result = $db->query($query);
-
- $reports = [];
- while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
- $reports[] = [
- 'id' => $row['id'],
- 'reason' => $row['reason'],
- 'timestamp' => $row['timestamp'],
- 'status' => $row['status'],
- 'reporter_name' => $row['reporter_name'] . '#' . $row['reporter_display_id'],
- 'reported_name' => $row['reported_name'] . '#' . $row['reported_display_id'],
- 'reported_user_id' => $row['reported_user_id'],
- 'message_content' => $row['message_content']
- ];
- }
-
- echo json_encode(['success' => true, 'reports' => $reports]);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // BAN USER
- // ───────────────────────────────────────────────────────
- if ($action === 'admin_ban_user') {
- $userId = intval($_POST['user_id'] ?? 0);
- $reason = trim($_POST['reason'] ?? 'Verstoß gegen Nutzungsbedingungen');
-
- if ($userId <= 0) {
- echo json_encode(['success' => false, 'error' => 'Ungültige User-ID']);
- exit;
- }
-
- $db = getDB();
-
- $stmt = $db->prepare('
- UPDATE users
- SET is_banned = 1, ban_reason = :reason
- WHERE id = :user_id
- ');
- $stmt->bindValue(':user_id', $userId, SQLITE3_INTEGER);
- $stmt->bindValue(':reason', $reason, SQLITE3_TEXT);
- $stmt->execute();
-
- logSecurityEvent(null, 'ADMIN_BAN_USER', "User ID: $userId, Reason: $reason");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // UNBAN USER
- // ───────────────────────────────────────────────────────
- if ($action === 'admin_unban_user') {
- $userId = intval($_POST['user_id'] ?? 0);
-
- if ($userId <= 0) {
- echo json_encode(['success' => false, 'error' => 'Ungültige User-ID']);
- exit;
- }
-
- $db = getDB();
-
- $stmt = $db->prepare('
- UPDATE users
- SET is_banned = 0, ban_reason = NULL
- WHERE id = :user_id
- ');
- $stmt->bindValue(':user_id', $userId, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent(null, 'ADMIN_UNBAN_USER', "User ID: $userId");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // RESOLVE REPORT
- // ───────────────────────────────────────────────────────
- if ($action === 'admin_resolve_report') {
- $reportId = intval($_POST['report_id'] ?? 0);
- $status = $_POST['status'] ?? 'resolved';
-
- if ($reportId <= 0) {
- echo json_encode(['success' => false, 'error' => 'Ungültige Report-ID']);
- exit;
- }
-
- $db = getDB();
-
- $stmt = $db->prepare('UPDATE reports SET status = :status WHERE id = :report_id');
- $stmt->bindValue(':status', $status, SQLITE3_TEXT);
- $stmt->bindValue(':report_id', $reportId, SQLITE3_INTEGER);
- $stmt->execute();
-
- logSecurityEvent(null, 'ADMIN_RESOLVE_REPORT', "Report ID: $reportId, Status: $status");
-
- echo json_encode(['success' => true]);
- exit;
- }
-
- // ───────────────────────────────────────────────────────
- // GET SECURITY LOGS
- // ───────────────────────────────────────────────────────
- if ($action === 'admin_get_logs') {
- $db = getDB();
-
- $query = '
- SELECT
- l.id,
- l.action,
- l.details,
- l.ip_address,
- l.timestamp,
- u.username,
- u.user_id as display_id
- FROM security_logs l
- LEFT JOIN users u ON l.user_id = u.id
- ORDER BY l.timestamp DESC
- LIMIT 100
- ';
-
- $result = $db->query($query);
-
- $logs = [];
- while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
- $logs[] = [
- 'id' => $row['id'],
- 'action' => $row['action'],
- 'details' => $row['details'],
- 'ip_address' => $row['ip_address'],
- 'timestamp' => $row['timestamp'],
- 'username' => $row['username'] ? $row['username'] . '#' . $row['display_id'] : 'System'
- ];
- }
-
- echo json_encode(['success' => true, 'logs' => $logs]);
- exit;
- }
-
- echo json_encode(['success' => false, 'error' => 'Unbekannte Aktion']);
- exit;
-}
-
-// ═══════════════════════════════════════════════════════════
-// SSE STREAM (ECHTZEIT)
-// ═══════════════════════════════════════════════════════════
-
-if (isset($_GET['stream']) && $_GET['stream'] === 'events') {
- if (!isLoggedIn()) {
- exit;
- }
-
- header('Content-Type: text/event-stream');
- header('Cache-Control: no-cache');
- header('Connection: keep-alive');
- header('X-Accel-Buffering: no');
-
- $currentUserId = getCurrentUserId();
- $lastMessageId = intval($_GET['last_message_id'] ?? 0);
-
- set_time_limit(0);
- ob_implicit_flush(true);
- ob_end_flush();
-
- $db = getDB();
-
- $stmt = $db->prepare('
- SELECT
- m.id,
- m.from_user_id,
- m.to_user_id,
- m.message,
- m.timestamp,
- u.username as from_username,
- u.user_id as from_display_id
- FROM messages m
- JOIN users u ON m.from_user_id = u.id
- WHERE m.id > :last_message_id
- AND (m.to_user_id = :current_user_id OR m.from_user_id = :current_user_id)
- ORDER BY m.id ASC
- ');
- $stmt->bindValue(':last_message_id', $lastMessageId, SQLITE3_INTEGER);
- $stmt->bindValue(':current_user_id', $currentUserId, SQLITE3_INTEGER);
- $result = $stmt->execute();
-
- $messages = [];
- while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
- $messages[] = [
- 'id' => $row['id'],
- 'from_user_id' => $row['from_user_id'],
- 'to_user_id' => $row['to_user_id'],
- 'message' => $row['message'],
- 'timestamp' => $row['timestamp'],
- 'from_username' => $row['from_username'],
- 'from_display_id' => $row['from_display_id'],
- 'from_display_name' => $row['from_username'] . '#' . $row['from_display_id']
- ];
- }
-
- if (!empty($messages)) {
- echo "data: " . json_encode(['type' => 'messages', 'messages' => $messages]) . "\n\n";
- flush();
- } else {
- echo "data: " . json_encode(['type' => 'ping']) . "\n\n";
- flush();
- }
-
- exit;
-}
-
-// ═══════════════════════════════════════════════════════════
-// HTML OUTPUT
-// ═══════════════════════════════════════════════════════════
-?>
-
-
-
-
-
- 💬 Secure Private Chat
-
-