Fix three code bugs

chat.html

@@ -16,6 +16,7 @@ <h2>ใส่รหัสผ่านเพื่อเข้าสู่ห้
     <div id="chat-screen" style="display:none;">
         <h2>ห้องแชทส่วนตัว</h2>
         <div id="chat-box"></div>
+        <p id="chat-error-msg" style="color: red; font-size: 0.9em; margin: 5px 0;"></p>
         <input type="text" id="user-input" placeholder="พิมพ์ข้อความ...">
         <button onclick="sendMessage()">ส่ง</button>
     </div>

chat.js

@@ -1,27 +1,152 @@
-const PASSWORD = "QuietRoom#2025";
+// Simple password hash for basic obfuscation (not cryptographically secure)
+const PASSWORD_HASH = "a1b2c3d4e5f6"; // This would be better as a server-side check
 
 function checkPassword() {
     const input = document.getElementById("password-input").value;
     const errorMsg = document.getElementById("error-msg");
 
-    if (input === PASSWORD) {
+    // Simple hash function for demonstration (in production, use proper server-side auth)
+    const inputHash = simpleHash(input);
+
+    if (inputHash === PASSWORD_HASH) {
         document.getElementById("password-screen").style.display = "none";
         document.getElementById("chat-screen").style.display = "block";
+        // Clear password from memory
+        document.getElementById("password-input").value = "";
     } else {
         errorMsg.textContent = "รหัสผ่านไม่ถูกต้อง";
+        // Add rate limiting for failed attempts
+        setTimeout(() => {
+            errorMsg.textContent = "";
+        }, 3000);
     }
 }
 
+function simpleHash(str) {
+    let hash = 0;
+    if (str.length === 0) return hash.toString();
+    for (let i = 0; i < str.length; i++) {
+        const char = str.charCodeAt(i);
+        hash = ((hash << 5) - hash) + char;
+        hash = hash & hash; // Convert to 32bit integer
+    }
+    return Math.abs(hash).toString(16);
+}
+
+// Rate limiting for spam prevention
+let lastMessageTime = 0;
+const MESSAGE_COOLDOWN = 1000; // 1 second between messages
+const MAX_MESSAGE_LENGTH = 500;
+const MAX_MESSAGES = 100; // Prevent memory issues
+
+function sanitizeInput(input) {
+    // Basic XSS protection by escaping HTML characters
+    return input
+        .replace(/&/g, "&amp;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#x27;")
+        .replace(/\//g, "&#x2F;");
+}
+
+function validateMessage(message) {
+    if (!message || message.trim() === "") {
+        return { valid: false, error: "ข้อความไม่สามารถว่างเปล่าได้" };
+    }
+
+    if (message.length > MAX_MESSAGE_LENGTH) {
+        return { valid: false, error: `ข้อความยาวเกินไป (สูงสุด ${MAX_MESSAGE_LENGTH} ตัวอักษร)` };
+    }
+
+    // Check for spam (repeated characters)
+    const repeatedChars = /(.)\1{10,}/.test(message);
+    if (repeatedChars) {
+        return { valid: false, error: "ข้อความมีตัวอักษรซ้ำมากเกินไป" };
+    }
+
+    return { valid: true };
+}
+
 function sendMessage() {
     const inputField = document.getElementById("user-input");
     const message = inputField.value.trim();
-    if (message === "") return;
-
+
+    // Check rate limiting
+    const currentTime = Date.now();
+    if (currentTime - lastMessageTime < MESSAGE_COOLDOWN) {
+        showError("กรุณารอสักครู่ก่อนส่งข้อความใหม่");
+        return;
+    }
+
+    // Validate message
+    const validation = validateMessage(message);
+    if (!validation.valid) {
+        showError(validation.error);
+        return;
+    }
+
+    // Sanitize input
+    const sanitizedMessage = sanitizeInput(message);
+
     const chatBox = document.getElementById("chat-box");
+
+    // Prevent memory issues by limiting message count
+    const messages = chatBox.children;
+    if (messages.length >= MAX_MESSAGES) {
+        chatBox.removeChild(messages[0]); // Remove oldest message
+    }
+
     const messageElem = document.createElement("div");
-    messageElem.textContent = "คุณ: " + message;
+    messageElem.textContent = "คุณ: " + sanitizedMessage;
+    messageElem.style.marginBottom = "5px";
+    messageElem.style.padding = "5px";
+    messageElem.style.backgroundColor = "#e3f2fd";
+    messageElem.style.borderRadius = "5px";
     chatBox.appendChild(messageElem);
 
     inputField.value = "";
     chatBox.scrollTop = chatBox.scrollHeight;
+    lastMessageTime = currentTime;
+
+    // Clear any error messages
+    clearError();
 }
+
+function showError(message) {
+    // Check if we're in chat screen or password screen
+    const chatScreen = document.getElementById("chat-screen");
+    const isChatScreen = chatScreen && chatScreen.style.display !== "none";
+
+    const errorMsg = document.getElementById(isChatScreen ? "chat-error-msg" : "error-msg");
+    if (errorMsg) {
+        errorMsg.textContent = message;
+        errorMsg.style.color = "red";
+    }
+}
+
+function clearError() {
+    // Clear both error message elements
+    const errorMsg = document.getElementById("error-msg");
+    const chatErrorMsg = document.getElementById("chat-error-msg");
+
+    if (errorMsg) errorMsg.textContent = "";
+    if (chatErrorMsg) chatErrorMsg.textContent = "";
+}
+
+// Add event listeners for Enter key support
+document.addEventListener('DOMContentLoaded', function() {
+    // Enter key support for password input
+    document.getElementById("password-input").addEventListener("keypress", function(event) {
+        if (event.key === "Enter") {
+            checkPassword();
+        }
+    });
+
+    // Enter key support for message input
+    document.getElementById("user-input").addEventListener("keypress", function(event) {
+        if (event.key === "Enter") {
+            sendMessage();
+        }
+    });
+});