So I got this email from hostgator.
My scripts information
chat
ADMINSESSION
JsCodeInjection
Code:
Hello,
This message is to advise you of a temporary block placed on your account. This account was found to be consuming an inordinate amount of processor time, to the point of degrading overall system performance. While we do limit each account to no more than 25% of a system's CPU in our terms of service, we do not actively disable accounts until they greatly exceed that number, which is what happened in this case.
Requests to this scripts under this account may become degraded by limiting the abilty for scripts to run for a limited amount of time, or if the issue persists, we may be forced to restrict how fast processes can be spawned until the issue has been resolved.
We recommend taking steps to reduce the overall CPU usage for the account, which may be as simple as generating a flat HTML page for popular content, or enabling caching that is available through many popular scripts, or disabling high CPU usage features such as searches or Ajax refreshes. Although we may not be able to help in all cases, we would be more than happy to assist if you are unable to determine any cause, or if you need help interpreting any of the information.
CPU seconds used in the past hour: 3116.92999999976, 87% CPU
Sun May 6 03:01:02 CDT 2012
Running Processes:
Running Queries:
Open connections
Current Site Requests:
58.165.105.134 spetsnazhost.com /includes/chat/jsCodeInjecter.php?url=http%3A//spetsnazhost
58.165.105.134 spetsnazhost.com /includes/chat/jsCodeInjecter.php?url=http%3A//spetsnazhost
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=current&_=133628161
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=current&_=133628930
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=current&_=133629052
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=current&_=133629053
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=current&_=133629123
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=monitor&_=133628162
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=monitor&_=133629123
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=monitor&_=133629126
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336289319979
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336289320001
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336289320017
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336289320123
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336289339532
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336289484756
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336290532906
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336290532988
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336290533012
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336291239324
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336291240539
75.32.237.212 spetsnazhost.com /includes/chat/adminsessions.php?method=new&_=1336291240805
75.32.237.212 spetsnazhost.com /includes/chat/chat.php
75.32.237.212 spetsnazhost.com /includes/chat/chat.php
75.32.237.212 spetsnazhost.com /includes/chat/chat.php
Cordially,
Shaun L
Linux Systems Administrator
HostGator.com LLC
http://support.hostgator.comMy scripts information
chat
Code:
<?
/*
WHMCS Addon Live Support - Provides a way for you to instantly communicate
with your customers.
Copyright (C) 2010-2012 WHMCS Addon
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@error_reporting(0);
@ini_set("register_globals", "off");
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: ".date("r")); // Date in the past
//error_reporting(0);
// Find WHMCS Directory
// Set $pathPart to the folder to exclude from.
$directoryFinder = explode("/", $_SERVER["SCRIPT_FILENAME"]);
foreach($directoryFinder as $pathPart) {
if ($pathPart != "") {
if ($pathPart != "includes") {
$dir .= "/".$pathPart;
} else {
$dir .= "/";
break;
}
}
}
require_once($dir."dbconnect.php");
session_start();
// View Messages
switch ($_POST["action"]) {
case "view":
if ($_SESSION["adminid"] != "") {
$uid = $_SESSION["adminid"];
$utype = 2;
} elseif ($_SESSION["uid"] != "") {
$uid = $_SESSION["uid"];
$utype = 1;
} else {
$uid = -1;
$utype = 0;
}
$result = mysql_query("SELECT * FROM `chat_conversations` WHERE `session`='".mysql_real_escape_string($_POST["session"])."' AND `order`>=".mysql_real_escape_string($_POST["count"])." ORDER BY `order`, `timestamp` ASC;");
$numberRows = mysql_num_rows($result);
$run = false;
if ($numberRows > 0) {
if (!isset($chat_settings)) {
$result2 = mysql_query("SELECT * FROM `chat_settings`");
while($row = mysql_fetch_array($result2)) {
$chat_settings[$row[0]] = $row[1];
}
}
mysql_free_result($result2);
while($row = mysql_fetch_array($result)) {
$run = true;
$htmlDecode = htmlspecialchars($row["data"]);
// Script Excutable
if ($row["datatype"] == 1 && $row["ulevel"] == 2) {
$lastCount = $row["order"];
$htmlDecode = htmlspecialchars_decode($row["data"]);
$htmlDecode .= "<script>count++;</script>";
// Download
} elseif ($row["datatype"] == 2) {
$lastCount = $row["order"];
echo "<div class='inchat downloadFile ".$row["order"]."'>".htmlspecialchars_decode($row["data"])."</div>";
continue;
// Connected User
} elseif ($row["datatype"] == 3) {
$lastCount = $row["order"];
if ($uid != $row["uid"] || $utype != $row["ulevel"])
echo "<div class='inchat connectedUser ".$row["order"]."'>".htmlspecialchars_decode($row["data"])."</div>";
continue;
// Transfer
} elseif ($row["datatype"] == 4) {
$lastCount = $row["order"];
if ($utype == 2) {
echo "<div class='inchat transfer operator ".$row["order"]."'><strong>Transfer Request Initiated!</strong></div>";
} else {
echo "<div class='inchat transfer".$row["order"]."'>".htmlspecialchars_decode($row["data"])."</div>";
}
continue;
// Cancel Transfer
} elseif ($row["datatype"] == 5) {
$lastCount = $row["order"];
if ($utype == 2) {
echo "<div class='inchat transfer operator red ".$row["order"]."'><strong>Transfer has been stopped!</strong></div>";
} else {
echo "<div class='inchat transfer".$row["order"]."'>".htmlspecialchars_decode($row["data"])."</div>";
}
continue;
}
// Identify user's name
switch ($row["ulevel"]) {
case 2:
$userResult = mysql_query("SELECT * FROM `tbladmins` WHERE `id`='".$row["uid"]."';");
while($uRow = mysql_fetch_array($userResult)) {
switch ($chat_settings["AdminDisplayName"]) {
case "l":
$uname = $uRow["lastname"];
break;
case "f":
$uname = $uRow["firstname"];
break;
case "fl":
$uname = $uRow["firstname"]." ".$uRow["lastname"];
break;
case "lf":
$uname = $uRow["lastname"]." ".$uRow["firstname"];
break;
case "u":
$uname = $uRow["username"];
break;
default:
$uname = $uRow["firstname"];
break;
}
}
break;
case 1:
$userResult = mysql_query("SELECT * FROM `tblclients` WHERE `id`='".$row["uid"]."';");
while($uRow = mysql_fetch_array($userResult)) {
switch ($chat_settings["ClientDisplayName"]) {
case "l":
$uname = $uRow["lastname"];
break;
case "f":
$uname = $uRow["firstname"];
break;
case "fl":
$uname = $uRow["firstname"]." ".$uRow["lastname"];
break;
case "lf":
$uname = $uRow["lastname"]." ".$uRow["firstname"];
break;
default:
$uname = $uRow["firstname"];
break;
}
}
break;
default:
$uname = $row[2];
break;
}
//$urlPattern[0] = "[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]";
//$urlPattern[1] = "www.[^<>[:space:]]+[[:alnum:]/]";
if ($row["ulevel"] != 2) {
echo "<div class=\"inchat client ".$row["order"]."\">";
if (strip_tags(preg_replace('/<script\b[^>]*>(.*?)<\/script>/i', "", $htmlDecode)) != "") {
echo "<span class=\"inchat client uname\">".$uname.":</span> ";
}
echo "<span class=\"inchat client usays\">".strip_tags($htmlDecode)."</span></div>";
} else {
if ($utype != 2) {
echo "<div class=\"inchat operator ".$row["order"]."\">";
if (strip_tags(preg_replace('/<script\b[^>]*>(.*?)<\/script>/i', "", $htmlDecode)) != "") {
echo "<span class=\"inchat operator uname\">".$uname.":</span> ";
}
echo "<span class=\"inchat operator usays\">".strip_tags($htmlDecode, $chat_settings["adminHTML"])."</span></div>";
} else {
preg_match_all('/<script\b[^>]*>(.*?)<\/script>/i', $htmlDecode, $matches);
if ($matches[1][0] != "") {
echo "<div class=\"inchat inchat script ".$row["order"]."\">Script Executed<div class=\"executed\">";
for ($x = 0; $x <= count($matches[1]); $x++) {
if ($matches[$x] != "") {
echo $matches[1][$x];
}
}
echo "</div></div>";
}
echo "<div class=\"inchat operator ".$row["order"]."\">";
if (strip_tags(preg_replace('/<script\b[^>]*>(.*?)<\/script>/i', "", $htmlDecode)) != "") {
echo "<span class=\"inchat operator uname\">".$uname.":</span> ";
}
echo "<span class=\"inchat operator usays\">".strip_tags(preg_replace('/<script\b[^>]*>(.*?)<\/script>/i', "", $htmlDecode), $chat_settings["adminHTML"])."</span></div>";
}
}
//echo "<div class=\"chat ".$row["order"]."\">".$row["data"]."</div>";
$lastCount = $row["order"];
}
}
mysql_free_result($result);
include "chatSession.php";
$cSess = new chatSession();
$cSess->useSession($_POST["session"]);
if ($_POST["wmessage"] == "true") {
$cSess->setWritingMessage($uid.":".$utype, 1);
} else {
$cSess->setWritingMessage($uid.":".$utype, 0);
}
$writeMessage = array();
$writeMessage = $cSess->getWritingMessage();
$isWritingM = false;
//print_r($writeMessage);
foreach ($writeMessage as $arrWM) {
$arrWM2 = explode(":", $arrWM);
if (!empty($arrWM) && $arrWM2[0] != $uid && $arrWM2[1] != $utype) {
$isWritingM = true;
}
}
if ($isWritingM) {
if (!$_SESSION["chat_isWriting_".$_POST["session"]]) {
$_SESSION["chat_isWriting_".$_POST["session"]] = true;
echo "<script type=\"text/javascript\">enableWritingIcon();</script>";
}
//echo "Enabled";
} else {
if ($_SESSION["chat_isWriting_".$_POST["session"]]) {
$_SESSION["chat_isWriting_".$_POST["session"]] = false;
echo "<script type=\"text/javascript\">disableWritingIcon();</script>";
}
//echo "Disabled";
}
if ($run && $_POST["count"] != $lastCount) {
echo "<script type=\"text/javascript\">count = ".$lastCount.";</script>";
//print_r($chat_settings);
}
mysql_close();
break;
case "post":
if ($_SESSION["adminid"] != "") {
$uid = $_SESSION["adminid"];
$utype = 2;
} elseif ($_SESSION["uid"] != "") {
$uid = $_SESSION["uid"];
$utype = 1;
} else {
$uid = -1;
$utype = 0;
}
if (!isset($chat_settings)) {
$result2 = mysql_query("SELECT * FROM `chat_settings`");
while($row = mysql_fetch_array($result2)) {
$chat_settings[$row[0]] = $row[1];
}
}
$result = mysql_query("SELECT * FROM `chat_conversations` WHERE `session`='".mysql_real_escape_string($_POST["session"])."' AND `order`>=".mysql_real_escape_string($_POST["count"])." ORDER BY `order`, `timestamp` ASC;");
$run = false;
while($row = mysql_fetch_array($result)) {
$run = true;
$lastCount = $row["order"];
}
if ($run) {
$order = $lastCount + 1;
} else {
$order = $_POST["count"];
}
$data = $_POST["data"];
if ($data == "%operatorConnectedMessage%" && $_POST["datatype"] == 3) {
$data = $chat_settings["operatorConnectedMessage"];
$userResult = mysql_query("SELECT * FROM `tbladmins` WHERE `id`='".$_SESSION["adminid"]."';");
while($uRow = mysql_fetch_array($userResult)) {
$data = str_replace("%FIRSTNAME%", $uRow["firstname"], $data);
$data = str_replace("%LASTNAME%", $uRow["lastname"], $data);
}
$data = htmlspecialchars_decode($data);
$data .= "<script type=\"text/javascript\">connected=true;</script>";
}
if ($data == "%clientConnectedMessage%" && $_POST["datatype"] == 3) {
$data = $chat_settings["clientConnectedMessage"];
if ($utype == 1) {
$userResult = mysql_query("SELECT * FROM `tblclients` WHERE `id`='".$uid."';");
while($uRow = mysql_fetch_array($userResult)) {
$data = str_replace("%FIRSTNAME%", $uRow["firstname"], $data);
$data = str_replace("%LASTNAME%", $uRow["lastname"], $data);
$data = str_replace("%ENTEREDNAME%", "", $data);
}
} elseif ($utype == 0) {
$data = str_replace("%FIRSTNAME%", "", $data);
$data = str_replace("%LASTNAME%", "", $data);
$data = str_replace("%ENTEREDNAME%", $_POST["user"], $data);
}
}
$data = htmlspecialchars_decode($data);
$result = mysql_query("INSERT INTO chat_conversations (`session`, `user`, `uid`, `ulevel`, `data`, `timestamp`, `order`, `datatype`)
VALUES ('".mysql_real_escape_string($_POST["session"])."', '".mysql_real_escape_string($_POST["user"])."', '".$uid."', '".$utype."', '".mysql_real_escape_string($data)."', '".$_SERVER['REQUEST_TIME']."', '".mysql_real_escape_string($order)."', '".mysql_real_escape_string($_POST["datatype"])."');");
if ($_POST["datatype"] == 0) {
require("chatSession.php");
$chat_session = new chatSession();
$chat_session->useSession($_POST["session"]);
if ($chat_session->getActive() == 2) {
$userResult = mysql_query("SELECT * FROM `tbladmins` WHERE `id`='".$uid."'");
while($uRow = mysql_fetch_array($userResult)) {
$uname = $uRow["firstname"]." ".$uRow["lastname"];
}
$result = mysql_query("INSERT INTO `tblticketreplies` (`tid`, `date`, `message`, `admin`) VALUES ('".$chat_session->getTID()."', '".date("Y-m-d G:i:s")."', '".mysql_real_escape_string($data)."', '".mysql_real_escape_string($uname)."');");
}
}
mysql_close();
break;
}
?>ADMINSESSION
Code:
<?
/*
WHMCS Addon Live Support - Provides a way for you to instantly communicate
with your customers.
Copyright (C) 2010-2012 WHMCS Addon
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@error_reporting(0);
@ini_set("register_globals", "off");
// Find WHMCS Directory
// Set $pathPart to the folder to exclude from.
$directoryFinder = explode("/", $_SERVER["SCRIPT_FILENAME"]);
foreach($directoryFinder as $pathPart) {
if ($pathPart != "") {
if ($pathPart != "includes") {
$dir .= "/".$pathPart;
} else {
$dir .= "/";
break;
}
}
}
require($dir."/dbconnect.php");
# Get Variables from storage (retrieve from wherever it's stored - DB, file, etc...)
if (!isset($chat_settings)) {
$result2 = mysql_query("SELECT * FROM `chat_settings`");
while($row = mysql_fetch_array($result2)) {
$chat_settings[$row[0]] = $row[1];
}
}
session_start();
//print_r($_SESSION);
if (!isset($_SESSION["adminid"])) {
exit("You do not have permission to view this page.");
}
function ipcode($ip) {
$numbers = preg_split( "/\./", $ip);
$code=($numbers[0] * 16777216) + ($numbers[1] * 65536) + ($numbers[2] * 256) + ($numbers[3]);
return $code;
}
$result = mysql_query("SELECT * FROM `tbladmins` WHERE `id`='".$_SESSION["adminid"]."'");
while($row = mysql_fetch_array($result)) {
$user = $row;
}
$viewDept = explode(",", $user["supportdepts"]);
$result = mysql_query("SELECT * FROM `tblticketdepartments`");
$x = 0;
$dept = array();
while($row = mysql_fetch_array($result)) {
$dept[$x] = $row;
$x++;
}
$withinFive = time() - 300;
$result = mysql_query("SELECT * FROM `chat_ban`");
$x = 0;
$ban = array();
while($row = mysql_fetch_array($result)) {
$ban[$x] = $row["ip"];
}
if ($_GET["method"] == "current") {
$result = mysql_query("SELECT * FROM `chat_sessions` WHERE `active`='0' AND NOT `utype`='2' ORDER BY `timestamp` DESC, `active` ASC");
} elseif ($_GET["method"] == "monitor") {
$result = mysql_query("SELECT * FROM `site_activitylogs` WHERE `lastaccess` >= ".$withinFive." ORDER BY `uid` DESC,`id` ASC");
} else {
$result = mysql_query("SELECT * FROM `chat_sessions` WHERE `timestamp` >= ".$withinFive." AND `active` = '1' ORDER BY `timestamp` DESC, `active` ASC");
}
while($row = mysql_fetch_array($result)) {
if ($_GET["method"] == "monitor") {
$actuallyRan = true;
?>
<table class="monitorTable monitorContent">
<tr>
<td class="monitorName"><?
$run = false;
if ($row["uid"] > 0) {
$result2 = mysql_query("SELECT * FROM `tblclients` WHERE `id`=".$row["uid"]);
while ($row2 = mysql_fetch_array($result2)) {
echo "<a href='clientssummary.php?userid=".$row["uid"]."' target='_blank'><img src=\"images/icons/clientsprofile.png\" border=\"0\" /> ".$row2["firstname"]." ".$row2["lastname"]."</a>";
$run = true;
}
}
if ($run == false) {
echo "<i>Guest</i>";
}
?></td>
<td class="monitorDepartment"><?= $row["ip"]; ?></td>
<td class="monitorQuestion"><?
$pages = explode("|", $row["pages"]);
echo $pages[count($pages)-1];
?></td>
<td class="monitorStatus"><?
$timestamps = explode("|", $row["timestamps"]);
$firstTime = explode(",", $timestamps[0]);
//$lastTime = explode(",", $timestamps[count($timestamps)-1]);
$timeFinal = ($row["lastaccess"]-$firstTime[0]);
$hours = floor($timeFinal/3600);
$timeFinal = $timeFinal - ($hours * 3600);
$minutes = floor($timeFinal/60);
$timeFinal = $timeFinal - ($minutes * 60);
$seconds = $timeFinal;
if ($minutes < 10)
$minutes = "0".$minutes;
if ($seconds < 10)
$seconds = "0".$seconds;
echo $hours.":".$minutes.":".$seconds;
// 7 days; 24 hours; 60 mins; 60secs
?></td>
<td class="monitorBetween"></td>
<td class="monitorActions">
<img class="injectScriptButton <?= $row["id"]; ?>" src="images/script.jpg" title="Inject Script" alt="Inject Script" onclick="injectScript('<?= $row["session"]; ?>', '.injectScriptButton.<?= $row["id"]; ?>')" onmouseover="this.src='images/script_hover.jpg';" onmouseout="this.src='images/script.jpg';" />
</td>
<td class="monitorBetween"></td>
<td class="monitorMore"><?
$x = ipcode($row["ip"]);
$result2 = mysql_query("SELECT * FROM tblgeoip WHERE ip_from <= '$x' AND ip_to >= '$x'");
while ($row2 = mysql_fetch_array($result2)) {
if (floatval($row2["ip_from"]) <= floatval($x) && floatval($row2["ip_to"]) >= floatval($x)) {
echo "<img src='images/flags/".strtolower($row2["ctry"]).".gif' title='".$row2["country"]."' alt='".$row2["country"]."' />";
break;
}
}
?></td>
</tr>
</table>
<?
} else {
$currentDept = explode("|", $row["departments"]);
$ignore = explode("|", $row["ignore"]);
//print_r($user);
//echo in_array($user["id"], $ignore);
$run = false;
if ($row["uid"] > 0 || $row["name"] != "") {
$run = true;
}
$env = unserialize($row["environment"]);
if (in_array($env["REMOTE_ADDR"], $ban) == 1) {
$run = false;
}
if (in_array($user["id"], $ignore) != 1 && $run || $_GET["method"] == "current" && $run) {
if (in_array($currentDept[count($currentDept)-1], $viewDept) == 1 || $currentDept[count($currentDept)-1] == "-1") {
//$env = unserialize($row["environment"]);
//echo $row["session"];
$actuallyRan = true;
?>
<table class="monitorTable monitorContent">
<tr>
<td class="monitorName"><?
$run = false;
if ($row["uid"] > 0) {
$result2 = mysql_query("SELECT * FROM `tblclients` WHERE `id`=".$row["uid"]);
while ($row2 = mysql_fetch_array($result2)) {
echo "<a href='clientssummary.php?userid=".$row["uid"]."' target='_blank'><img src=\"images/icons/clientsprofile.png\" border=\"0\" /> ".$row2["firstname"]." ".$row2["lastname"]."</a>";
$run = true;
}
}
if ($run == false) {
$result2 = mysql_query("SELECT * FROM `tblclients` WHERE `firstname`='".$row["name"]."' OR `lastname`='".$row["name"]."' OR `companyname`='".$row["name"]."' OR `email`='".$row["email"]."' OR `ip`='".$env["REMOTE_ADDR"]."'");
while ($row2 = mysql_fetch_array($result2)) {
echo "<img src=\"images/info.gif\" border=\"0\" title=\"Client Results Detected\" alt=\"Client Results Detected\" /> ";
break;
}
echo $row["name"];
}
?></td>
<td class="monitorDepartment"><?
if ($currentDept[count($currentDept)-1] == "-1") {
echo "<i>All</i>";
} else {
for ($x = 0; $x < count($dept); $x++) {
if ($dept[$x]["id"] == $currentDept[count($currentDept)-1]) {
echo $dept[$x]["name"];
}
}
}
?></td>
<td class="monitorQuestion"><? echo $row["question"]; ?></td>
<td class="monitorStatus"><?
if ($row["active"] == 1) {
echo "Not Answered";
} elseif ($row["active"] == 2) {
echo "Closed";
} else {
echo "Answered";
}
?></td>
<td class="monitorBetween"></td>
<td class="monitorActions">
<img class="actionAnswer" src="images/answer.jpg" title="Answer" alt="Answer" onclick="answerCall('<?= $row["session"]; ?>'<? if ( $_GET["method"] == "current") { echo ", true"; } ?>);" onmouseover="this.src='images/answer_hover.jpg';" onmouseout="this.src='images/answer.jpg';" />
<? if ($_GET["method"] != "current") { ?>
<img class="actionIgnore" src="images/ignore.jpg" title="Ignore" alt="Ignore" onclick="ignoreCall('<?= $row["session"]; ?>');" onmouseover="this.src='images/ignore_hover.jpg';" onmouseout="this.src='images/ignore.jpg';" />
<? } ?>
<img src="images/blockip.jpg" title="Block IP" alt="Block IP" onclick="blockUser('<?= $row["session"]; ?>');" onmouseover="this.src='images/blockip_hover.jpg';" onmouseout="this.src='images/blockip.jpg';" />
</td>
<td class="monitorBetween"></td>
<td class="monitorMore"><?
$x = ipcode($env["REMOTE_ADDR"]);
$result2 = mysql_query("SELECT * FROM tblgeoip WHERE ip_from <= '$x' AND ip_to >= '$x'");
while ($row2 = mysql_fetch_array($result2)) {
if (floatval($row2["ip_from"]) <= floatval($x) && floatval($row2["ip_to"]) >= floatval($x)) {
echo "<img src='images/flags/".strtolower($row2["ctry"]).".gif' title='".$row2["country"]."' alt='".$row2["country"]."' />";
break;
}
}
?></td>
</tr>
</table>
<?
}
}
}
}
if ($actuallyRan != true) {
?><table class="monitorTable monitorContent">
<tr><td style="padding-left: 10px;">No support requests are available at the moment.</td></tr></table><?
}
?>JsCodeInjection
Code:
<?
/*
WHMCS Addon Live Support - Provides a way for you to instantly communicate
with your customers.
Copyright (C) 2010-2012 WHMCS Addon
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@error_reporting(0);
@ini_set("register_globals", "off");
// Find WHMCS Directory
// Set $pathPart to the folder to exclude from.
$directoryFinder = explode("/", $_SERVER["SCRIPT_FILENAME"]);
foreach($directoryFinder as $pathPart) {
if ($pathPart != "") {
if ($pathPart != "includes") {
$dir .= "/".$pathPart;
} else {
$dir .= "/";
break;
}
}
}
require($dir."/dbconnect.php");
session_start();
if ($_SESSION["uid"] != "") {
$uid = $_SESSION["uid"];
$utype = 1;
} else {
$uid = 0;
$utype = 0;
}
/*if (isset($_SESSION["site_session"]) || isset($_COOKIE["site_session"])) {
$result = mysql_query("SELECT * FROM `site_activitylogs` WHERE `session`='".$_SESSION["site_session"]."'");
while($row = mysql_fetch_array($result)) {
if ($uid != $row["uid"] || $_SERVER['REMOTE_ADDR'] != $row["ip"]) {
$startNew = true;
}
}
}*/
$aTime = time() - 3000;
$result = mysql_query("SELECT * FROM `site_activitylogs` WHERE `ip`='".$_SERVER['REMOTE_ADDR']."' AND `lastaccess`>='".$aTime."' ORDER BY `id` ASC");
//echo $_SESSION["monitor_session"];
if (mysql_num_rows($result) == 1) {
while($row = mysql_fetch_array($result)) {
$pageFinder = explode("|", $row["pages"]);
$timeFinder = explode("|", $row["timestamps"]);
if ($pageFinder[count($pageFinder)-1] == $_GET["url"]) {
$pages = $row["pages"];
$timeSubFinder = explode(",", $timeFinder[count($timeFinder)-1]);
$ran = false;
for ($x = 0; $x < count($timeFinder)-1; $x++) {
if ($x > 0) {
$timestamps .= "|";
}
$timestamps .= $timeFinder[$x];
$ran = true;
}
if ($ran) {
$timestamps .= "|";
}
$timestamps .= $timeSubFinder[0].",".time();
} else {
$pages = $row["pages"]."|".$_GET["url"];
$timestamps = $row["timestamps"]."|".time();
}
$_SESSION["monitor_session"] = $row["session"];
$_SESSION["monitor_session_uid"] = $row["uid"];
}
if ($_SESSION["monitor_session_uid"] && !$uid)
mysql_query("UPDATE `site_activitylogs` SET `pages`='$pages', `timestamps`='$timestamps', `lastaccess`='".time()."' WHERE `session`='".$_SESSION["monitor_session"]."' AND `ip`='".$_SERVER['REMOTE_ADDR']."' AND `lastaccess`>='".$aTime."'");
else
mysql_query("UPDATE `site_activitylogs` SET `pages`='$pages', `timestamps`='$timestamps', `lastaccess`='".time()."', `uid`='".$uid."' WHERE `session`='".$_SESSION["monitor_session"]."' AND `ip`='".$_SERVER['REMOTE_ADDR']."' AND `lastaccess`>='".$aTime."'");
$result = mysql_query("SELECT * FROM `site_script` WHERE `session`='".$_SESSION["monitor_session"]."' AND `ip`='".$_SERVER['REMOTE_ADDR']."' AND `excuted`='0'");
while($row = mysql_fetch_array($result)) {
mysql_query("UPDATE `site_script` SET `excuted`='1' WHERE `session`='".$_SESSION["monitor_session"]."' AND `ip`='".$_SERVER['REMOTE_ADDR']."' AND `script`='".mysql_real_escape_string($row["script"])."'");
echo $row["script"];
}
} else {
/*$_SESSION["site_session"] = $_SERVER["UNIQUE_ID"];
$_COOKIE["site_session"] = $_SERVER["UNIQUE_ID"];*/
$session_id_gen = sha1(uniqid(hash("md5", time()), TRUE));
if (isset($_SERVER["REMOTE_ADDR"]) && isset($_COOKIE["cookiecheck"])) {
setcookie("cookiecheck", true, time() -1);
mysql_query("INSERT INTO `site_activitylogs` (`uid`, `ip`, `session`, `pages`, `timestamps`, `lastaccess`) VALUES ('".$_SESSION["uid"]."', '".$_SERVER['REMOTE_ADDR']."', '".$session_id_gen."', '".mysql_real_escape_string($_GET["url"])."', '".time()."', '".time()."')") or die(mysql_error());
$_SESSION["monitor_session"] = $session_id_gen;
$_SESSION["monitor_session_uid"] = $uid;
} else {
setcookie("cookiecheck", true, time() + 3600);
}
}
?>