WP Live Chat Support - Version 4.4.1

Version Description

It is highly recommended that you upgrade to WP Live Chat Support version 4.4.0 for security reasons.

Download this release

Release Info

Developer WP-LiveChat
Plugin Icon 128x128 WP Live Chat Support
Version 4.4.1
Comparing to
See all releases

Code changes from version 4.4.0 to 4.4.1

Files changed (5) hide show
  1. ajax.php +0 -321
  2. ajax_new.php +291 -0
  3. functions.php +10 -0
  4. readme.txt +5 -2
  5. wp-live-chat-support.php +14 -7
ajax.php DELETED
@@ -1,321 +0,0 @@
1
- <?php
2
- @session_start();
3
- @ob_start();
4
- header('Access-Control-Allow-Origin: *');
5
- header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
6
- header('Access-Control-Max-Age: 604800');
7
- header('Access-Control-Allow-Headers: x-requested-with');
8
- ini_set('html_errors', 0);
9
-
10
-
11
-
12
- /* check to see if the ajax request was requested from the server this file is hosted on */
13
- if (isset($_SERVER['HTTP_HOST'])) {
14
- $refering_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
15
- if ($refering_host != $_SERVER['HTTP_HOST']) { die('Security error #1'); }
16
- }
17
-
18
- define('SHORTINIT', true);
19
-
20
-
21
- require_once( '../../../wp-load.php' );
22
-
23
- if (!defined('WP_PLUGIN_DIR')) {
24
- define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' ); // full path, no trailing slash
25
- }
26
-
27
-
28
-
29
-
30
- $iterations = 55;
31
- /* time in microseconds between updating the user on the page within the DB (lower number = higher resource usage) */
32
- define('WPLC_DELAY_BETWEEN_UPDATES',500000);
33
- /* time in microseconds between long poll loop (lower number = higher resource usage) */
34
- define('WPLC_DELAY_BETWEEN_LOOPS',500000);
35
- /* this needs to take into account the previous constants so that we dont run out of time, which in turn returns a 503 error */
36
- define('WPLC_TIMEOUT',(((WPLC_DELAY_BETWEEN_UPDATES + WPLC_DELAY_BETWEEN_LOOPS))*$iterations)/1000000);
37
-
38
-
39
-
40
- require_once( ABSPATH . WPINC . '/l10n.php' );
41
-
42
- require_once( ABSPATH . WPINC . '/link-template.php' );
43
-
44
- require_once( ABSPATH . WPINC . '/formatting.php' );
45
-
46
- require_once( ABSPATH . WPINC . '/kses.php' );
47
-
48
-
49
- $plugin_dir = basename(dirname(__FILE__))."/languages/";
50
- load_plugin_textdomain( 'wplivechat', false, $plugin_dir );
51
-
52
-
53
- global $wpdb;
54
- global $wplc_tblname_chats;
55
- global $wplc_tblname_msgs;
56
- $wplc_tblname_chats = $wpdb->prefix . "wplc_chat_sessions";
57
- $wplc_tblname_msgs = $wpdb->prefix . "wplc_chat_msgs";
58
- require_once("functions.php");
59
-
60
-
61
-
62
-
63
- /* we're using PHP 'sleep' which may lock other requests until our script wakes up. Call this function to ensure that other requests can run without waiting for us to finish */
64
- session_write_close();
65
-
66
- $check = 1;
67
-
68
- if ($check == 1) {
69
-
70
- if($_POST['action'] == 'wplc_admin_long_poll'){
71
- if (defined('WPLC_TIMEOUT')) { @set_time_limit(WPLC_TIMEOUT); } else { @set_time_limit(120); }
72
- //sleep(6);
73
- $i = 1;
74
- while($i <= $iterations){
75
-
76
- // update chats if they have timed out every 10 seconds
77
- if($i %10 == 0) {
78
- wplc_update_chat_statuses();
79
- }
80
-
81
-
82
-
83
-
84
-
85
- if($_POST['wplc_update_admin_chat_table'] == 'false'){
86
- $old_chat_data = false;
87
- } else {
88
- $old_chat_data = sanitize_text_field($_POST['wplc_update_admin_chat_table']);
89
- }
90
-
91
- $pending = wplc_check_pending_chats();
92
- $new_chat_data = wplc_list_chats();
93
-
94
- if(sanitize_text_field($new_chat_data) !== sanitize_text_field($old_chat_data)){
95
- $array['old_chat_data'] = $old_chat_data;
96
- $array['wplc_update_admin_chat_table'] = $new_chat_data;
97
- $array['pending'] = $pending;
98
- $array['action'] = "wplc_update_admin_chat";
99
-
100
- }
101
-
102
- if(isset($array)){
103
- echo json_encode($array);
104
- break;
105
- }
106
- @ob_end_flush();
107
- if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
108
- $i++;
109
- }
110
- }
111
- if($_POST['action'] == "wplc_admin_long_poll_chat"){
112
- if (defined('WPLC_TIMEOUT')) { @set_time_limit(WPLC_TIMEOUT); } else { @set_time_limit(120); }
113
- $i = 1;
114
- $array = array();
115
- while($i <= $iterations){
116
- if(isset($_POST['action_2']) && $_POST['action_2'] == "wplc_long_poll_check_user_opened_chat"){
117
- $chat_status = wplc_return_chat_status(sanitize_text_field($_POST['cid']));
118
- if($chat_status == 3){
119
- $array['action'] = "wplc_user_open_chat";
120
- }
121
- } else {
122
- $new_chat_status = wplc_return_chat_status(sanitize_text_field($_POST['cid']));
123
- if($new_chat_status != $_POST['chat_status']){
124
- $array['chat_status'] = $new_chat_status;
125
- $array['action'] = "wplc_update_chat_status";
126
- }
127
- $new_chat_message = wplc_return_admin_chat_messages(sanitize_text_field($_POST['cid']));
128
- if($new_chat_message){
129
-
130
- $array['chat_message'] = $new_chat_message;
131
- $array['action'] = "wplc_new_chat_message";
132
- }
133
- }
134
- if($array){
135
- echo json_encode($array);
136
- break;
137
- }
138
- @ob_end_flush();
139
- if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
140
- $i++;
141
- }
142
- }
143
- if ($_POST['action'] == "wplc_admin_accept_chat") {
144
- wplc_admin_accept_chat(sanitize_text_field($_POST['cid']));
145
- }
146
- if ($_POST['action'] == "wplc_admin_close_chat") {
147
- $chat_id = sanitize_text_field($_POST['cid']);
148
- wplc_change_chat_status($chat_id,1);
149
- echo 'done';
150
- }
151
- if ($_POST['action'] == "wplc_admin_send_msg") {
152
- $chat_id = sanitize_text_field($_POST['cid']);
153
- $chat_msg = sanitize_text_field($_POST['msg']);
154
- $wplc_rec_msg = wplc_record_chat_msg("2",$chat_id,$chat_msg);
155
- if ($wplc_rec_msg) {
156
- echo 'sent';
157
- } else {
158
- echo "There was an error sending your chat message. Please contact support";
159
- }
160
- }
161
-
162
- //User Ajax
163
-
164
- if($_POST['action'] == 'wplc_call_to_server_visitor'){
165
- if (defined('WPLC_TIMEOUT')) { @set_time_limit(WPLC_TIMEOUT); } else { @set_time_limit(120); }
166
- $i = 1;
167
- $array = array("check" => false);
168
-
169
- while($i <= $iterations){
170
- if($_POST['cid'] == null || $_POST['cid'] == "" || $_POST['cid'] == "null" || $_POST['cid'] == 0){
171
- // echo 1;
172
- $user = "user".time();
173
- $email = "no email set";
174
- $cid = wplc_log_user_on_page($user,$email,sanitize_text_field($_POST['wplcsession']));
175
- $array['cid'] = $cid;
176
- $array['status'] = wplc_return_chat_status($cid);
177
- $array['wplc_name'] = $user;
178
- $array['wplc_email'] = $email;
179
- $array['check'] = true;
180
-
181
- } else {
182
- // echo 2;
183
- $new_status = wplc_return_chat_status(sanitize_text_field($_POST['cid']));
184
- $array['wplc_name'] = sanitize_text_field($_POST['wplc_name']);
185
- $array['wplc_email'] = sanitize_text_field($_POST['wplc_email']);
186
- $array['cid'] = sanitize_text_field($_POST['cid']);
187
- if($new_status == $_POST['status']){ // if status matches do the following
188
- if($_POST['status'] != 2){
189
- /* check if session_variable is different? if yes then stop this script completely. */
190
- if (isset($_POST['wplcsession']) && $_POST['wplcsession'] != '' && $i > 1) {
191
- $wplc_session_variable = sanitize_text_field($_POST['wplcsession']);
192
- $current_session_variable = wplc_return_chat_session_variable(sanitize_text_field($_POST['cid']));
193
- if ($current_session_variable != "" && $current_session_variable != $wplc_session_variable) {
194
- /* stop this script */
195
- $array['status'] = 11;
196
- echo json_encode($array);
197
- die();
198
- }
199
- }
200
-
201
-
202
- if ($i == 1) {
203
- wplc_update_user_on_page(sanitize_text_field($_POST['cid']), sanitize_text_field($_POST['status']), sanitize_text_field($_POST['wplcsession']));
204
- }
205
- }
206
- if ($_POST['status'] == 0){ // browsing - user tried to chat but admin didn't answer so turn back to browsing
207
- wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 5, sanitize_text_field($_POST['wplcsession']));
208
- $array['status'] = 5;
209
- $array['check'] = true;
210
- } else if($_POST['status'] == 3){
211
- //wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 3);
212
- $messages = wplc_return_user_chat_messages(sanitize_text_field($_POST['cid']));
213
- if ($messages){
214
- wplc_mark_as_read_user_chat_messages(sanitize_text_field($_POST['cid']));
215
- $array['status'] = 3;
216
- $array['data'] = $messages;
217
- $array['check'] = true;
218
- }
219
- }
220
-
221
- } else { // statuses do not match
222
- $array['status'] = $new_status;
223
- if($new_status == 1){ // completed
224
- wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 8, sanitize_text_field($_POST['wplcsession']));
225
- $array['check'] = true;
226
- $array['status'] = 8;
227
- $array['data'] = __("Admin has closed and ended the chat","wplivechat");
228
- }
229
- else if($new_status == 2){ // pending
230
- $array['check'] = true;
231
- $array['wplc_name'] = wplc_return_chat_name(sanitize_text_field($_POST['cid']));
232
- $array['wplc_email'] = wplc_return_chat_email(sanitize_text_field($_POST['cid']));
233
- }
234
- else if($new_status == 3){ // active
235
- $array['data'] = null;
236
- $array['check'] = true;
237
- if($_POST['status'] == 5){
238
- $messages = wplc_return_chat_messages(sanitize_text_field($_POST['cid']));
239
- if ($messages){
240
- $array['data'] = $messages;
241
- }
242
- }
243
- }
244
- else if($new_status == 7){ // timed out
245
- wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 5, sanitize_text_field($_POST['wplcsession']));
246
- }
247
- else if($new_status == 9){ // user closed chat without inputting or starting a chat
248
- $array['check'] = true;
249
- }
250
- else if($new_status == 0){ // no answer from admin
251
- $array['data'] = __('There is No Answer. Please Try Again Later', 'wplivechat');
252
- $array['check'] = true;
253
- }
254
- else if($new_status == 10){ // minimized active chat
255
- $array['check'] = true;
256
- if($_POST['status'] == 5){
257
- $messages = wplc_return_chat_messages(sanitize_text_field($_POST['cid']));
258
- if ($messages){
259
- $array['data'] = $messages;
260
- }
261
- }
262
- }
263
- }
264
- }
265
- if($array['check'] == true){
266
- echo json_encode($array);
267
- break;
268
- }
269
- $i++;
270
- @ob_end_flush();
271
- if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
272
- }
273
- }
274
-
275
- /* */
276
- if ($_POST['action'] == "wplc_user_close_chat") {
277
- if($_POST['status'] == 5){
278
- wplc_change_chat_status(sanitize_text_field($_POST['cid']),9);
279
- } else if($_POST['status'] == 3){
280
- wplc_change_chat_status(sanitize_text_field($_POST['cid']),8);
281
- }
282
- }
283
-
284
- if ($_POST['action'] == "wplc_user_minimize_chat") {
285
- $chat_id = sanitize_text_field($_POST['cid']);
286
- wplc_change_chat_status(sanitize_text_field($_POST['cid']),10);
287
- }
288
- if ($_POST['action'] == "wplc_user_maximize_chat") {
289
- $chat_id = sanitize_text_field($_POST['cid']);
290
- wplc_change_chat_status(sanitize_text_field($_POST['cid']),3);
291
- }
292
-
293
- if ($_POST['action'] == "wplc_user_send_msg") {
294
- $chat_id = sanitize_text_field($_POST['cid']);
295
- $chat_msg = sanitize_text_field($_POST['msg']);
296
- $wplc_rec_msg = wplc_record_chat_msg("1",$chat_id,$chat_msg);
297
- if ($wplc_rec_msg) {
298
- echo 'sent';
299
- } else {
300
- echo "There was an error sending your chat message. Please contact support";
301
- }
302
- }
303
- if ($_POST['action'] == "wplc_start_chat") {
304
-
305
- if (isset($_POST['cid'])) {
306
- if ($_POST['name'] && $_POST['email']) {
307
- echo wplc_user_initiate_chat(sanitize_text_field($_POST['name']),sanitize_email($_POST['email']),sanitize_text_field($_POST['cid']), sanitize_text_field($_POST['wplcsession'])); // echo the chat session id
308
- } else {
309
- echo "error2";
310
- }
311
- } else {
312
- if ($_POST['name'] && $_POST['email']) {
313
- echo wplc_user_initiate_chat(sanitize_text_field($_POST['name']), sanitize_email($_POST['email']), null, sanitize_text_field($_POST['wplcsession'])); // echo the chat session id
314
- } else {
315
- echo "error2";
316
- }
317
- }
318
- }
319
- }
320
-
321
- die();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
ajax_new.php ADDED
@@ -0,0 +1,291 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ add_action('wp_ajax_wplc_admin_long_poll', 'wplc_init_ajax_callback');
4
+ add_action('wp_ajax_wplc_admin_long_poll_chat', 'wplc_init_ajax_callback');
5
+ add_action('wp_ajax_wplc_admin_accept_chat', 'wplc_init_ajax_callback');
6
+ add_action('wp_ajax_wplc_admin_close_chat', 'wplc_init_ajax_callback');
7
+ add_action('wp_ajax_wplc_admin_send_msg', 'wplc_init_ajax_callback');
8
+ add_action('wp_ajax_wplc_call_to_server_visitor', 'wplc_init_ajax_callback');
9
+ add_action('wp_ajax_wplc_user_close_chat', 'wplc_init_ajax_callback');
10
+ add_action('wp_ajax_wplc_user_minimize_chat', 'wplc_init_ajax_callback');
11
+ add_action('wp_ajax_wplc_user_maximize_chat', 'wplc_init_ajax_callback');
12
+ add_action('wp_ajax_wplc_user_send_msg', 'wplc_init_ajax_callback');
13
+ add_action('wp_ajax_wplc_start_chat', 'wplc_init_ajax_callback');
14
+
15
+ function wplc_init_ajax_callback() {
16
+
17
+ $check = check_ajax_referer( 'wplc', 'security' );
18
+
19
+
20
+
21
+
22
+ if ($check == 1) {
23
+
24
+
25
+ $iterations = 55;
26
+ /* time in microseconds between updating the user on the page within the DB (lower number = higher resource usage) */
27
+ define('WPLC_DELAY_BETWEEN_UPDATES',500000);
28
+ /* time in microseconds between long poll loop (lower number = higher resource usage) */
29
+ define('WPLC_DELAY_BETWEEN_LOOPS',500000);
30
+ /* this needs to take into account the previous constants so that we dont run out of time, which in turn returns a 503 error */
31
+ define('WPLC_TIMEOUT',(((WPLC_DELAY_BETWEEN_UPDATES + WPLC_DELAY_BETWEEN_LOOPS))*$iterations)/1000000);
32
+
33
+ global $wpdb;
34
+ global $wplc_tblname_chats;
35
+ global $wplc_tblname_msgs;
36
+ /* we're using PHP 'sleep' which may lock other requests until our script wakes up. Call this function to ensure that other requests can run without waiting for us to finish */
37
+ session_write_close();
38
+
39
+ if($_POST['action'] == 'wplc_admin_long_poll'){
40
+ if (defined('WPLC_TIMEOUT')) { @set_time_limit(WPLC_TIMEOUT); } else { @set_time_limit(120); }
41
+ //sleep(6);
42
+ $i = 1;
43
+ while($i <= $iterations){
44
+
45
+ // update chats if they have timed out every 10 seconds
46
+ if($i %10 == 0) {
47
+ wplc_update_chat_statuses();
48
+ }
49
+
50
+
51
+
52
+
53
+
54
+ if($_POST['wplc_update_admin_chat_table'] == 'false'){
55
+ $old_chat_data = false;
56
+ } else {
57
+ $old_chat_data = sanitize_text_field($_POST['wplc_update_admin_chat_table']);
58
+ }
59
+
60
+ $pending = wplc_check_pending_chats();
61
+ $new_chat_data = wplc_list_chats();
62
+
63
+ if(sanitize_text_field($new_chat_data) !== sanitize_text_field($old_chat_data)){
64
+ $array['old_chat_data'] = $old_chat_data;
65
+ $array['wplc_update_admin_chat_table'] = $new_chat_data;
66
+ $array['pending'] = $pending;
67
+ $array['action'] = "wplc_update_admin_chat";
68
+
69
+ }
70
+
71
+ if(isset($array)){
72
+ echo json_encode($array);
73
+ break;
74
+ }
75
+ @ob_end_flush();
76
+ if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
77
+ $i++;
78
+ }
79
+ }
80
+ if($_POST['action'] == "wplc_admin_long_poll_chat"){
81
+ if (defined('WPLC_TIMEOUT')) { @set_time_limit(WPLC_TIMEOUT); } else { @set_time_limit(120); }
82
+ $i = 1;
83
+ $array = array();
84
+ while($i <= $iterations){
85
+ if(isset($_POST['action_2']) && $_POST['action_2'] == "wplc_long_poll_check_user_opened_chat"){
86
+ $chat_status = wplc_return_chat_status(sanitize_text_field($_POST['cid']));
87
+ if($chat_status == 3){
88
+ $array['action'] = "wplc_user_open_chat";
89
+ }
90
+ } else {
91
+ $new_chat_status = wplc_return_chat_status(sanitize_text_field($_POST['cid']));
92
+ if($new_chat_status != $_POST['chat_status']){
93
+ $array['chat_status'] = $new_chat_status;
94
+ $array['action'] = "wplc_update_chat_status";
95
+ }
96
+ $new_chat_message = wplc_return_admin_chat_messages(sanitize_text_field($_POST['cid']));
97
+ if($new_chat_message){
98
+
99
+ $array['chat_message'] = $new_chat_message;
100
+ $array['action'] = "wplc_new_chat_message";
101
+ }
102
+ }
103
+ if($array){
104
+ echo json_encode($array);
105
+ break;
106
+ }
107
+ @ob_end_flush();
108
+ if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
109
+ $i++;
110
+ }
111
+ }
112
+ if ($_POST['action'] == "wplc_admin_accept_chat") {
113
+ wplc_admin_accept_chat(sanitize_text_field($_POST['cid']));
114
+ }
115
+ if ($_POST['action'] == "wplc_admin_close_chat") {
116
+ $chat_id = sanitize_text_field($_POST['cid']);
117
+ wplc_change_chat_status($chat_id,1);
118
+ echo 'done';
119
+ }
120
+ if ($_POST['action'] == "wplc_admin_send_msg") {
121
+ $chat_id = sanitize_text_field($_POST['cid']);
122
+ $chat_msg = sanitize_text_field($_POST['msg']);
123
+ $wplc_rec_msg = wplc_record_chat_msg("2",$chat_id,$chat_msg);
124
+ if ($wplc_rec_msg) {
125
+ echo 'sent';
126
+ } else {
127
+ echo "There was an error sending your chat message. Please contact support";
128
+ }
129
+ }
130
+
131
+ //User Ajax
132
+
133
+ if($_POST['action'] == 'wplc_call_to_server_visitor'){
134
+ if (defined('WPLC_TIMEOUT')) { @set_time_limit(WPLC_TIMEOUT); } else { @set_time_limit(120); }
135
+ $i = 1;
136
+ $array = array("check" => false);
137
+
138
+ while($i <= $iterations){
139
+ if($_POST['cid'] == null || $_POST['cid'] == "" || $_POST['cid'] == "null" || $_POST['cid'] == 0){
140
+ // echo 1;
141
+ $user = "user".time();
142
+ $email = "no email set";
143
+ $cid = wplc_log_user_on_page($user,$email,sanitize_text_field($_POST['wplcsession']));
144
+ $array['cid'] = $cid;
145
+ $array['status'] = wplc_return_chat_status($cid);
146
+ $array['wplc_name'] = $user;
147
+ $array['wplc_email'] = $email;
148
+ $array['check'] = true;
149
+
150
+ } else {
151
+ // echo 2;
152
+ $new_status = wplc_return_chat_status(sanitize_text_field($_POST['cid']));
153
+ $array['wplc_name'] = sanitize_text_field($_POST['wplc_name']);
154
+ $array['wplc_email'] = sanitize_text_field($_POST['wplc_email']);
155
+ $array['cid'] = sanitize_text_field($_POST['cid']);
156
+ if($new_status == $_POST['status']){ // if status matches do the following
157
+ if($_POST['status'] != 2){
158
+ /* check if session_variable is different? if yes then stop this script completely. */
159
+ if (isset($_POST['wplcsession']) && $_POST['wplcsession'] != '' && $i > 1) {
160
+ $wplc_session_variable = sanitize_text_field($_POST['wplcsession']);
161
+ $current_session_variable = wplc_return_chat_session_variable(sanitize_text_field($_POST['cid']));
162
+ if ($current_session_variable != "" && $current_session_variable != $wplc_session_variable) {
163
+ /* stop this script */
164
+ $array['status'] = 11;
165
+ echo json_encode($array);
166
+ die();
167
+ }
168
+ }
169
+
170
+
171
+ if ($i == 1) {
172
+ wplc_update_user_on_page(sanitize_text_field($_POST['cid']), sanitize_text_field($_POST['status']), sanitize_text_field($_POST['wplcsession']));
173
+ }
174
+ }
175
+ if ($_POST['status'] == 0){ // browsing - user tried to chat but admin didn't answer so turn back to browsing
176
+ wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 5, sanitize_text_field($_POST['wplcsession']));
177
+ $array['status'] = 5;
178
+ $array['check'] = true;
179
+ } else if($_POST['status'] == 3){
180
+ //wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 3);
181
+ $messages = wplc_return_user_chat_messages(sanitize_text_field($_POST['cid']));
182
+ if ($messages){
183
+ wplc_mark_as_read_user_chat_messages(sanitize_text_field($_POST['cid']));
184
+ $array['status'] = 3;
185
+ $array['data'] = $messages;
186
+ $array['check'] = true;
187
+ }
188
+ }
189
+
190
+ } else { // statuses do not match
191
+ $array['status'] = $new_status;
192
+ if($new_status == 1){ // completed
193
+ wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 8, sanitize_text_field($_POST['wplcsession']));
194
+ $array['check'] = true;
195
+ $array['status'] = 8;
196
+ $array['data'] = __("Admin has closed and ended the chat","wplivechat");
197
+ }
198
+ else if($new_status == 2){ // pending
199
+ $array['check'] = true;
200
+ $array['wplc_name'] = wplc_return_chat_name(sanitize_text_field($_POST['cid']));
201
+ $array['wplc_email'] = wplc_return_chat_email(sanitize_text_field($_POST['cid']));
202
+ }
203
+ else if($new_status == 3){ // active
204
+ $array['data'] = null;
205
+ $array['check'] = true;
206
+ if($_POST['status'] == 5){
207
+ $messages = wplc_return_chat_messages(sanitize_text_field($_POST['cid']));
208
+ if ($messages){
209
+ $array['data'] = $messages;
210
+ }
211
+ }
212
+ }
213
+ else if($new_status == 7){ // timed out
214
+ wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 5, sanitize_text_field($_POST['wplcsession']));
215
+ }
216
+ else if($new_status == 9){ // user closed chat without inputting or starting a chat
217
+ $array['check'] = true;
218
+ }
219
+ else if($new_status == 0){ // no answer from admin
220
+ $array['data'] = __('There is No Answer. Please Try Again Later', 'wplivechat');
221
+ $array['check'] = true;
222
+ }
223
+ else if($new_status == 10){ // minimized active chat
224
+ $array['check'] = true;
225
+ if($_POST['status'] == 5){
226
+ $messages = wplc_return_chat_messages(sanitize_text_field($_POST['cid']));
227
+ if ($messages){
228
+ $array['data'] = $messages;
229
+ }
230
+ }
231
+ }
232
+ }
233
+ }
234
+ if($array['check'] == true){
235
+ echo json_encode($array);
236
+ break;
237
+ }
238
+ $i++;
239
+ @ob_end_flush();
240
+ if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
241
+ }
242
+ }
243
+
244
+ /* */
245
+ if ($_POST['action'] == "wplc_user_close_chat") {
246
+ if($_POST['status'] == 5){
247
+ wplc_change_chat_status(sanitize_text_field($_POST['cid']),9);
248
+ } else if($_POST['status'] == 3){
249
+ wplc_change_chat_status(sanitize_text_field($_POST['cid']),8);
250
+ }
251
+ }
252
+
253
+ if ($_POST['action'] == "wplc_user_minimize_chat") {
254
+ $chat_id = sanitize_text_field($_POST['cid']);
255
+ wplc_change_chat_status(sanitize_text_field($_POST['cid']),10);
256
+ }
257
+ if ($_POST['action'] == "wplc_user_maximize_chat") {
258
+ $chat_id = sanitize_text_field($_POST['cid']);
259
+ wplc_change_chat_status(sanitize_text_field($_POST['cid']),3);
260
+ }
261
+
262
+ if ($_POST['action'] == "wplc_user_send_msg") {
263
+ $chat_id = sanitize_text_field($_POST['cid']);
264
+ $chat_msg = sanitize_text_field($_POST['msg']);
265
+ $wplc_rec_msg = wplc_record_chat_msg("1",$chat_id,$chat_msg);
266
+ if ($wplc_rec_msg) {
267
+ echo 'sent';
268
+ } else {
269
+ echo "There was an error sending your chat message. Please contact support";
270
+ }
271
+ }
272
+ if ($_POST['action'] == "wplc_start_chat") {
273
+
274
+ if (isset($_POST['cid'])) {
275
+ if ($_POST['name'] && $_POST['email']) {
276
+ echo wplc_user_initiate_chat(sanitize_text_field($_POST['name']),sanitize_email($_POST['email']),sanitize_text_field($_POST['cid']), sanitize_text_field($_POST['wplcsession'])); // echo the chat session id
277
+ } else {
278
+ echo "error2";
279
+ }
280
+ } else {
281
+ if ($_POST['name'] && $_POST['email']) {
282
+ echo wplc_user_initiate_chat(sanitize_text_field($_POST['name']), sanitize_email($_POST['email']), null, sanitize_text_field($_POST['wplcsession'])); // echo the chat session id
283
+ } else {
284
+ echo "error2";
285
+ }
286
+ }
287
+ }
288
+ }
289
+
290
+ die();
291
+ }
functions.php CHANGED
@@ -127,6 +127,10 @@ function wplc_record_chat_msg($from,$cid,$msg) {
127
  global $wpdb;
128
  global $wplc_tblname_msgs;
129
 
 
 
 
 
130
  if ($from == "1") {
131
  $fromname = wplc_return_chat_name(sanitize_text_field($cid));
132
  //$fromemail = wplc_return_chat_email($cid);
@@ -549,8 +553,10 @@ function wplc_mark_as_read_user_chat_messages($cid) {
549
  //here
550
  function wplc_return_admin_chat_messages($cid) {
551
 
 
552
  $wplc_settings = get_option("WPLC_SETTINGS");
553
 
 
554
  if(isset($wplc_settings['wplc_display_name']) && $wplc_settings['wplc_display_name'] == 1){ $display_name = 1; } else { $display_name = 0; }
555
 
556
  global $wpdb;
@@ -607,11 +613,15 @@ function wplc_return_admin_chat_messages($cid) {
607
  }
608
  }
609
 
 
 
610
  return $msg_hist;
611
 
612
 
613
  }
614
  function wplc_mark_as_read_admin_chat_messages($mid) {
 
 
615
  global $wpdb;
616
  global $wplc_tblname_msgs;
617
 
127
  global $wpdb;
128
  global $wplc_tblname_msgs;
129
 
130
+ if ($from == "2") {
131
+ if (!current_user_can("manage_options")) { die(); }
132
+ }
133
+
134
  if ($from == "1") {
135
  $fromname = wplc_return_chat_name(sanitize_text_field($cid));
136
  //$fromemail = wplc_return_chat_email($cid);
553
  //here
554
  function wplc_return_admin_chat_messages($cid) {
555
 
556
+ if (!current_user_can("manage_options")) { die(); }
557
  $wplc_settings = get_option("WPLC_SETTINGS");
558
 
559
+
560
  if(isset($wplc_settings['wplc_display_name']) && $wplc_settings['wplc_display_name'] == 1){ $display_name = 1; } else { $display_name = 0; }
561
 
562
  global $wpdb;
613
  }
614
  }
615
 
616
+
617
+
618
  return $msg_hist;
619
 
620
 
621
  }
622
  function wplc_mark_as_read_admin_chat_messages($mid) {
623
+ if (!current_user_can("manage_options")) { die(); }
624
+
625
  global $wpdb;
626
  global $wplc_tblname_msgs;
627
 
readme.txt CHANGED
@@ -173,7 +173,7 @@ If the live chat box still does not appear on your website, please go through th
173
 
174
  == Upgrade Notice ==
175
 
176
- = 4.4.0 =
177
  It is highly recommended that you upgrade to WP Live Chat Support version 4.4.0 for security reasons.
178
 
179
 
@@ -182,6 +182,9 @@ It is highly recommended that you upgrade to WP Live Chat Support version 4.1.4
182
 
183
  == Changelog ==
184
 
 
 
 
185
  = 4.4.0 - 2015-07-08 - Critical Priority =
186
  * Major security update. Please ensure you update to this version to eliminate previous vulnerabilities.
187
 
@@ -370,4 +373,4 @@ It is highly recommended that you upgrade to WP Live Chat Support version 4.1.4
370
  * Added Welcome Page
371
  * Fixed Visitor pending forever - Now Shown a message that admin is away
372
  * Fixed many small bugs
373
- * Added Multiple Live Chat Agents support (Add On)
173
 
174
  == Upgrade Notice ==
175
 
176
+ = 4.4.1 =
177
  It is highly recommended that you upgrade to WP Live Chat Support version 4.4.0 for security reasons.
178
 
179
 
182
 
183
  == Changelog ==
184
 
185
+ = 4.4.1 - 2015-07-09 - Critical Priority =
186
+ * Further security enhancements
187
+
188
  = 4.4.0 - 2015-07-08 - Critical Priority =
189
  * Major security update. Please ensure you update to this version to eliminate previous vulnerabilities.
190
 
373
  * Added Welcome Page
374
  * Fixed Visitor pending forever - Now Shown a message that admin is away
375
  * Fixed many small bugs
376
+ * Added Multiple Live Chat Agents support (Add On)
wp-live-chat-support.php CHANGED
@@ -3,13 +3,13 @@
3
  Plugin Name: WP Live Chat Support
4
  Plugin URI: http://www.wp-livechat.com
5
  Description: The easiest to use website live chat plugin. Let your visitors chat with you and increase sales conversion rates with WP Live Chat Support. No third party connection required!
6
- Version: 4.4.0
7
  Author: WP-LiveChat
8
  Author URI: http://www.wp-livechat.com
9
  */
10
 
11
 
12
- /* 4.4.0 - 2015-07-08 - Critical Priority
13
  * Major security update. Please ensure you update to this version to eliminate previous vulnerabilities.
14
  *
15
  * 4.3.5 Espresso - 2015-07-03 - Low Priority
@@ -217,6 +217,9 @@ define('WPLC_BASIC_PLUGIN_URL', plugins_url() . "/wp-live-chat-support/");
217
  global $wplc_basic_plugin_url;
218
  $wplc_basic_plugin_url = get_option('siteurl') . "/wp-content/plugins/wp-live-chat-support/";
219
 
 
 
 
220
  require_once (plugin_dir_path(__FILE__) . "functions.php");
221
  add_action('wp_ajax_wplc_admin_set_transient', 'wplc_action_callback');
222
  add_action('init', 'wplc_version_control');
@@ -336,8 +339,8 @@ function wplc_user_top_js() {
336
 
337
  <script type="text/javascript">
338
  <?php if (!function_exists("wplc_register_pro_version")) { ?>
339
- var wplc_ajaxurl = '<?php echo plugins_url('/ajax.php', __FILE__); ?>';
340
-
341
  <?php } ?>
342
  var wplc_nonce = '<?php echo $ajax_nonce; ?>';
343
  </script>
@@ -731,7 +734,8 @@ function wplc_admin_javascript() {
731
  ?>
732
 
733
  <script type="text/javascript">
734
- var wplc_ajaxurl = '<?php echo plugins_url('/ajax.php', __FILE__); ?>';
 
735
  var data = {
736
  action: 'wplc_admin_long_poll',
737
  security: '<?php echo $ajax_nonce; ?>',
@@ -1099,7 +1103,8 @@ function wplc_return_admin_chat_javascript($cid) {
1099
  }
1100
  ?>
1101
  <script type="text/javascript">
1102
- var wplc_ajaxurl = '<?php echo plugins_url('/ajax.php', __FILE__); ?>';
 
1103
  var chat_status = 3;
1104
  var cid = <?php echo $cid; ?>;
1105
  var data = {
@@ -1116,6 +1121,7 @@ function wplc_return_admin_chat_javascript($cid) {
1116
  jQuery.ajax({
1117
  url: wplc_ajaxurl,
1118
  data: data,
 
1119
  type: "POST",
1120
  success: function (response) {
1121
  if (response) {
@@ -1216,7 +1222,8 @@ function wplc_return_admin_chat_javascript($cid) {
1216
  } else {
1217
  echo "";
1218
  } ?>";
1219
- var wplc_ajaxurl = '<?php echo plugins_url('/ajax.php', __FILE__); ?>';
 
1220
 
1221
 
1222
  jQuery("#wplc_admin_chatmsg").focus();
3
  Plugin Name: WP Live Chat Support
4
  Plugin URI: http://www.wp-livechat.com
5
  Description: The easiest to use website live chat plugin. Let your visitors chat with you and increase sales conversion rates with WP Live Chat Support. No third party connection required!
6
+ Version: 4.4.1
7
  Author: WP-LiveChat
8
  Author URI: http://www.wp-livechat.com
9
  */
10
 
11
 
12
+ /* 4.4.1 - 2015-07-08 - Critical Priority
13
  * Major security update. Please ensure you update to this version to eliminate previous vulnerabilities.
14
  *
15
  * 4.3.5 Espresso - 2015-07-03 - Low Priority
217
  global $wplc_basic_plugin_url;
218
  $wplc_basic_plugin_url = get_option('siteurl') . "/wp-content/plugins/wp-live-chat-support/";
219
 
220
+
221
+
222
+ require_once (plugin_dir_path(__FILE__) . "ajax_new.php");
223
  require_once (plugin_dir_path(__FILE__) . "functions.php");
224
  add_action('wp_ajax_wplc_admin_set_transient', 'wplc_action_callback');
225
  add_action('init', 'wplc_version_control');
339
 
340
  <script type="text/javascript">
341
  <?php if (!function_exists("wplc_register_pro_version")) { ?>
342
+ /* var wplc_ajaxurl = '<?php echo plugins_url('/ajax.php', __FILE__); ?>'; */
343
+ var wplc_ajaxurl = ajaxurl;
344
  <?php } ?>
345
  var wplc_nonce = '<?php echo $ajax_nonce; ?>';
346
  </script>
734
  ?>
735
 
736
  <script type="text/javascript">
737
+ /* var wplc_ajaxurl = '<?php echo plugins_url('/ajax.php', __FILE__); ?>'; */
738
+ var wplc_ajaxurl = ajaxurl;
739
  var data = {
740
  action: 'wplc_admin_long_poll',
741
  security: '<?php echo $ajax_nonce; ?>',
1103
  }
1104
  ?>
1105
  <script type="text/javascript">
1106
+ /* var wplc_ajaxurl = '<?php echo plugins_url('/ajax.php', __FILE__); ?>'; */
1107
+ var wplc_ajaxurl = ajaxurl;
1108
  var chat_status = 3;
1109
  var cid = <?php echo $cid; ?>;
1110
  var data = {
1121
  jQuery.ajax({
1122
  url: wplc_ajaxurl,
1123
  data: data,
1124
+ security: '<?php echo $ajax_nonce; ?>',
1125
  type: "POST",
1126
  success: function (response) {
1127
  if (response) {
1222
  } else {
1223
  echo "";
1224
  } ?>";
1225
+ /* var wplc_ajaxurl = '<?php echo plugins_url('/ajax.php', __FILE__); ?>'; */
1226
+ var wplc_ajaxurl = ajaxurl;
1227
 
1228
 
1229
  jQuery("#wplc_admin_chatmsg").focus();