Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This blob has been accessed 932 times via Git panel.

  1. <?php
  2.  
  3.   header("Cache-control: private");
  4.  
  5.   error_reporting(E_ERROR);
  6.  
  7.   require("core.php");
  8.  
  9.   if (isset($_SESSION['logged_in']) and ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])) {
  10.       header("Location: login.php");
  11.   }
  12.  
  13.   $login_username = file_get_contents("data/username.txt");
  14.  
  15.   if (isset($_POST['title_input']) and isset($_POST['body_input'])) {
  16.       header("Location: edit.php?entry={$_REQUEST['entry']}");
  17.   }
  18.  
  19.   if (!isset($_REQUEST['entry'])) {
  20.       exit();
  21.   }
  22.  
  23.   if (!file_exists("data/items/{$_REQUEST['entry']}")) {
  24.       exit();
  25.   }
  26.  
  27.   if (!isset($_SESSION['logged_in'])) {
  28.       exit();
  29.   }
  30.  
  31.   $do = 0;
  32.  
  33.   if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in']))) {
  34.       $do = 1;
  35.   }
  36.  
  37.   if (file_exists("data/items/{$_REQUEST['entry']}/lock.txt")) {
  38.       $do = 0;
  39.   }
  40.  
  41.   if ($_SESSION['logged_in'] == $login_username) {
  42.       $do = 1;
  43.   }
  44.  
  45.   if ($do == 0) {
  46.       exit();
  47.   }
  48.  
  49.   $title_file = "data/items/{$_REQUEST['entry']}/title.txt";
  50.   $body_file = "data/items/{$_REQUEST['entry']}/body.txt";
  51.   $date_file = "data/items/{$_REQUEST['entry']}/date.txt";
  52.   $img_file = "data/items/{$_REQUEST['entry']}/image.txt";
  53.   $revisions_file = "data/items/{$_REQUEST['entry']}/revisions.txt";
  54.  
  55.   $server_upload_max_filesize = return_bytes(ini_get('upload_max_filesize'));
  56.   $server_post_max_size = return_bytes(ini_get('post_max_size'));
  57.   $server_memory_limit = return_bytes(ini_get('memory_limit'));
  58.  
  59.   $max_file_size = $server_upload_max_filesize;
  60.  
  61.   if ($server_upload_max_filesize > $server_post_max_size) {
  62.       $max_file_size = $server_post_max_size;
  63.   }
  64.  
  65.   if ($server_post_max_size > $server_memory_limit) {
  66.       $max_file_size = $server_memory_limit;
  67.   }
  68. ?>
  69.  
  70. <title>Edit</title>
  71.  
  72. <style>
  73.  
  74. body {
  75.   color: #666666;
  76.   margin: 10px;
  77.   padding: 0px;
  78.   text-align: left;
  79.   font-family: <?php
  80.   if (file_exists("data/fonts/body.txt")) {
  81.       $font_body = file_get_contents("data/fonts/body.txt");
  82.       echo "{$font_body},";
  83.   }
  84. ?> arial, helvetica, sans-serif;
  85.   background-color: #ffffff;
  86. }
  87.  
  88. p, td {
  89.   font-size: 11px;
  90. }
  91.  
  92. a {
  93.   font-weight: bold;
  94.   text-decoration: none;
  95. }
  96.  
  97. a:link, a:visited {
  98.   color: #666666;
  99. }
  100.  
  101. a:hover {
  102.   color: #336699;
  103. }
  104.  
  105. a:active {
  106.   color: #336699;
  107. }
  108.  
  109. .input_title {  
  110.   color: #666666;
  111.   background: #ffffff;
  112.   border: #999999 solid 1px;
  113.   width: 525px;
  114.   font-family: <?php
  115.   if (file_exists("data/fonts/panel-title.txt")) {
  116.       $font_panel_title = file_get_contents("data/fonts/panel-title.txt");
  117.       echo "{$font_panel_title},";
  118.   }
  119. ?> arial, helvetica, sans-serif;
  120.   font-size: 11px;
  121.   font-weight: bold
  122. }
  123.  
  124. .input_body {  
  125.   color: #666666;
  126.   background: #ffffff;
  127.   border: #999999 solid 1px;
  128.   width: 525px;
  129.   font-family: <?php
  130.   if (file_exists("data/fonts/panel-body.txt")) {
  131.       $font_panel_body = file_get_contents("data/fonts/panel-body.txt");
  132.       echo "{$font_panel_body},";
  133.   }
  134. ?> arial, helvetica, sans-serif;
  135.   font-size: 11px
  136. }
  137.  
  138. #panel_title {
  139.   font-family: <?php
  140.   if (file_exists("data/fonts/panel-title.txt")) {
  141.       $font_panel_title = file_get_contents("data/fonts/panel-title.txt");
  142.       echo "{$font_panel_title},";
  143.   }
  144. ?> arial, helvetica, sans-serif;
  145.   font-size: 12px;
  146.   font-weight: bold;
  147.   color: #666666;
  148.   padding: 5px 5px 5px 5px;
  149.   background-color: #ffffff;
  150.   margin: 0px;
  151.   border-color: #cccccc;
  152.   border-width: 1px 1px 0px 1px;
  153.   border-style: solid solid none solid;
  154. }
  155.  
  156. #panel_body {
  157.   font-family: <?php
  158.   if (file_exists("data/fonts/panel-body.txt")) {
  159.       $font_panel_body = file_get_contents("data/fonts/panel-body.txt");
  160.       echo "{$font_panel_body},";
  161.   }
  162. ?> arial, helvetica, sans-serif;
  163.   font-size: 11px;
  164.   color: #666666;
  165.   padding: 5px 5px 5px 5px;
  166.   background-color: #ffffff;
  167.   margin: 0px;
  168.   border-color: #cccccc;
  169.   border-width: 1px 1px 1px 1px;
  170.   border-style: solid solid solid solid;
  171. }
  172.  
  173. #panel_footer {
  174.   font-family: <?php
  175.   if (file_exists("data/fonts/panel-footer.txt")) {
  176.       $font_panel_footer = file_get_contents("data/fonts/panel-footer.txt");
  177.       echo "{$font_panel_footer},";
  178.   }
  179. ?> arial, helvetica, sans-serif;
  180.   font-size: 11px;
  181.   color: #666666;
  182.   padding: 5px 5px 5px 5px;
  183.   background-color: #ffffff;
  184.   margin: 0px;
  185.   border-color: #cccccc;
  186.   border-width: 0px 1px 1px 1px;
  187.   border-style: none solid solid solid;
  188. }
  189.  
  190. .input_cat {  
  191.   color: #666666;
  192.   background: #ffffff;
  193.   border: #999999 solid 1px;
  194.   width: 40px;
  195.   font-family: <?php
  196.   if (file_exists("data/fonts/panel-body.txt")) {
  197.       $font_panel_body = file_get_contents("data/fonts/panel-body.txt");
  198.       echo "{$font_panel_body},";
  199.   }
  200. ?> arial, helvetica, sans-serif;
  201.   font-size: 11px
  202. }
  203.  
  204. <?php
  205.   if (file_exists("data/css.txt")) {
  206.       readfile("data/css.txt");
  207.   }
  208. ?>
  209.  
  210. </style>
  211.  
  212. <?php
  213.   if (isset($_POST['auth_member']) and !empty($_POST['auth_member']) and isset($_POST['auth_toggle']) and !empty($_POST['auth_toggle'])) {
  214.       if (($_POST['auth_toggle'] == "ack") and file_exists("data/members/active/{$_POST['auth_member']}")) {
  215.           if (!file_exists("data/items/{$_REQUEST['entry']}/members")) {
  216.               mkdir("data/items/{$_REQUEST['entry']}/members");
  217.           }
  218.          
  219.           if (!file_exists("data/items/{$_REQUEST['entry']}/members/{$_POST['auth_member']}")) {
  220.               mkdir("data/items/{$_REQUEST['entry']}/members/{$_POST['auth_member']}");
  221.           }
  222.          
  223.           if (!file_exists("data/items/{$_REQUEST['entry']}/imembers")) {
  224.               mkdir("data/items/{$_REQUEST['entry']}/imembers");
  225.           }
  226.          
  227.           if (!file_exists("data/items/{$_REQUEST['entry']}/imembers/{$_POST['auth_member']}")) {
  228.               mkdir("data/items/{$_REQUEST['entry']}/imembers/{$_POST['auth_member']}");
  229.           }
  230.       }
  231.      
  232.       if (($_POST['auth_toggle'] == "nak") and file_exists("data/members/active/{$_POST['auth_member']}")) {
  233.           if (file_exists("data/items/{$_REQUEST['entry']}/members/{$_POST['auth_member']}")) {
  234.               rmdirr("data/items/{$_REQUEST['entry']}/members/{$_POST['auth_member']}");
  235.           }
  236.          
  237.           if (file_exists("data/items/{$_REQUEST['entry']}/imembers/{$_POST['auth_member']}")) {
  238.               rmdirr("data/items/{$_REQUEST['entry']}/imembers/{$_POST['auth_member']}");
  239.           }
  240.       }
  241.   }
  242.  
  243.   if (isset($_POST['category']) and !empty($_POST['category'])) {
  244.       if (file_exists("data/categories/{$_REQUEST['category']}/members")) {
  245.           if ($dh_cat_members = opendir("data/categories/{$_REQUEST['category']}/members")) {
  246.               while (($get_cat_member = readdir($dh_cat_members)) !== false) {
  247.                   if ($get_cat_member != "." && $get_cat_member != "..") {
  248.                       if (file_exists("data/members/active/$get_cat_member")) {
  249.                           $get_cat_members[] = $get_cat_member;
  250.                       } else {
  251.                           rmdirr("data/categories/{$_REQUEST['category']}/members/$get_cat_member");
  252.                       }
  253.                   }
  254.               }
  255.               closedir($dh_cat_members);
  256.           }
  257.       }
  258.      
  259.       if (($_POST['do'] == "unfile") and file_exists("data/items/{$_REQUEST['entry']}/categories/{$_REQUEST['category']}")) {
  260.           rmdirr("data/items/{$_REQUEST['entry']}/categories/{$_REQUEST['category']}");
  261.          
  262.           if (count(glob("data/items/{$_REQUEST['entry']}/categories/*")) < 1) {
  263.               rmdirr("data/items/{$_REQUEST['entry']}/categories");
  264.           }
  265.          
  266.           if (file_exists("data/categories")) {
  267.               if ($dh_get_categories = opendir("data/categories")) {
  268.                   while (($get_category = readdir($dh_get_categories)) !== false) {
  269.                       if ($get_category != "." && $get_category != "..") {
  270.                           $get_categories[] = $get_category;
  271.                       }
  272.                   }
  273.                   closedir($dh_get_categories);
  274.               }
  275.              
  276.               foreach ($get_cat_members as $get_cat_mem) {
  277.                   $count_mem = 0;
  278.                  
  279.                   foreach ($get_categories as $get_category) {
  280.                       if (file_exists("data/categories/$get_category/members/$get_cat_mem") and ($_REQUEST['category'] != $get_category) and file_exists("data/items/{$_REQUEST['entry']}/categories/$get_category")) {
  281.                           $count_mem = $count_mem + 1;
  282.                       }
  283.                   }
  284.                  
  285.                   if (($count_mem < 1) and !file_exists("data/items/{$_REQUEST['entry']}/imembers/$get_cat_mem")) {
  286.                       rmdirr("data/items/{$_REQUEST['entry']}/members/$get_cat_mem");
  287.                   }
  288.               }
  289.           }
  290.       }
  291.      
  292.       if (($_POST['do'] == "file") and !file_exists("data/items/{$_REQUEST['entry']}/categories/{$_REQUEST['category']}")) {
  293.           if (!file_exists("data/items/{$_REQUEST['entry']}/categories")) {
  294.               mkdir("data/items/{$_REQUEST['entry']}/categories");
  295.           }
  296.          
  297.           mkdir("data/items/{$_REQUEST['entry']}/categories/{$_REQUEST['category']}");
  298.          
  299.           foreach ($get_cat_members as $get_cat_mem) {
  300.               if (!file_exists("data/items/{$_REQUEST['entry']}/members/$get_cat_mem")) {
  301.                   mkdir("data/items/{$_REQUEST['entry']}/members/$get_cat_mem");
  302.               }
  303.           }
  304.       }
  305.   }
  306.  
  307.   if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_POST['comment_txt']) and !empty($_POST['comment_txt']) and isset($_REQUEST['type']) and !empty($_REQUEST['type']) and (($_REQUEST['type'] == "live") or ($_REQUEST['type'] == "pending"))) {
  308.       $comment_txt = ucfirst($_POST['comment_txt']);
  309.       $comment_txt = str_replace("\n", '<br />', $comment_txt);
  310.       $comment_txt = str_replace(':((', '<img src="images/smileys/crying.png" border="0">', $comment_txt);
  311.       $comment_txt = str_replace(':(', '<img src="images/smileys/frown.png" border="0">', $comment_txt);
  312.       $comment_txt = str_replace(':|', '<img src="images/smileys/indifferent.png" border="0">', $comment_txt);
  313.       $comment_txt = str_replace(':D', '<img src="images/smileys/laughing.png" border="0">', $comment_txt);
  314.       $comment_txt = str_replace(':P', '<img src="images/smileys/lick.png" border="0">', $comment_txt);
  315.       $comment_txt = str_replace(':O', '<img src="images/smileys/ohno.png" border="0">', $comment_txt);
  316.       $comment_txt = str_replace(':)', '<img src="images/smileys/smile.png" border="0">', $comment_txt);
  317.       $comment_txt = str_replace('=)', '<img src="images/smileys/surprised.png" border="0">', $comment_txt);
  318.       $comment_txt = str_replace(':\\', '<img src="images/smileys/undecided.png" border="0">', $comment_txt);
  319.       $comment_txt = str_replace(';)', '<img src="images/smileys/wink.png" border="0">', $comment_txt);
  320.       $comment_txt_file = "data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/comment.txt";
  321.       $open_comment_txt_file = fopen($comment_txt_file, "w");
  322.       fwrite($open_comment_txt_file, $comment_txt);
  323.       fclose($open_comment_txt_file);
  324.      
  325.       $comment_revisions_file = "data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/revisions.txt";
  326.       $fp_comment_revisions_file = fopen($comment_revisions_file, "r");
  327.       $comment_revisions_count = fread($fp_comment_revisions_file, filesize($comment_revisions_file));
  328.       fclose($fp_comment_revisions_file);
  329.      
  330.       $comment_revisions_count = $comment_revisions_count + 1;
  331.       $fp_comment_revisions_file = fopen($comment_revisions_file, "w");
  332.       fwrite($fp_comment_revisions_file, $comment_revisions_count);
  333.       fclose($fp_comment_revisions_file);
  334.   }
  335.  
  336.   if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQUEST['type']) and !empty($_REQUEST['type']) and (($_REQUEST['type'] == "live") or ($_REQUEST['type'] == "pending"))) {
  337.       if (!file_exists("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}")) {
  338.           exit();
  339.       }
  340. ?>
  341.   <table border="0" cellspacing="0" cellpadding="0" bgcolor="#cccccc"><tr><td width="525">
  342.   <div id="panel_title"><?php
  343.       readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/firstname.txt");
  344. ?>&nbsp;<?php
  345.       readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/lastname.txt");
  346. ?>&nbsp;&lt;<?php
  347.       readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/email.txt");
  348. ?>&gt;</div>
  349.   <div id="panel_body"><?php
  350.       readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/comment.txt");
  351. ?></div>
  352.   <div id="panel_footer"><font style="font-size: 10px; color: #999999;">
  353.   <?php
  354.       entry2date($_REQUEST['comment']);
  355.      
  356.       if (file_exists("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/revisions.txt")) {
  357.           echo " (Revision ";
  358.           readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/revisions.txt");
  359.           echo ")";
  360.       }
  361. ?>
  362.   </font></div>
  363.   </td></tr></table>
  364.  
  365.   <table border="0" cellspacing="2" cellpadding="0">
  366.   <form enctype="multipart/form-data" action="edit.php" method="post">
  367.   <tr><td><textarea class="input_body" name="comment_txt" rows="10"><?php
  368.       $comment_txt_file = "data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/comment.txt";
  369.       $open_comment_txt_file = fopen($comment_txt_file, "r");
  370.       $read_comment_txt_file = fread($open_comment_txt_file, filesize($comment_txt_file));
  371.       fclose($open_comment_txt_file);
  372.      
  373.       $comment_smiley2emoticon = str_replace('<br />', "\n", $read_comment_txt_file);
  374.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/crying.png" border="0">', ':((', $comment_smiley2emoticon);
  375.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/frown.png" border="0">', ':(', $comment_smiley2emoticon);
  376.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/indifferent.png" border="0">', ':|', $comment_smiley2emoticon);
  377.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/laughing.png" border="0">', ':D', $comment_smiley2emoticon);
  378.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/lick.png" border="0">', ':P', $comment_smiley2emoticon);
  379.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/ohno.png" border="0">', ':O', $comment_smiley2emoticon);
  380.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/smile.png" border="0">', ':)', $comment_smiley2emoticon);
  381.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/surprised.png" border="0">', '=)', $comment_smiley2emoticon);
  382.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/undecided.png" border="0">', ':\\', $comment_smiley2emoticon);
  383.       $comment_smiley2emoticon = str_replace('<img src="images/smileys/wink.png" border="0">', ';)', $comment_smiley2emoticon);
  384.      
  385.       echo $comment_smiley2emoticon;
  386. ?></textarea></td></tr>
  387.   <tr><td><input type="hidden" name="entry" value="<?php
  388.       echo $_REQUEST['entry'];
  389. ?>"></td></tr>
  390.   <tr><td><input type="hidden" name="comment" value="<?php
  391.       echo $_REQUEST['comment'];
  392. ?>"></td></tr>
  393.   <tr><td><input type="hidden" name="type" value="<?php
  394.       echo $_REQUEST['type'];
  395. ?>"></td></tr>
  396.   <tr><td><input class="input_body" type="submit" value="click here to update this comment"></td></tr>
  397.   </form>
  398.  
  399.   <form enctype="multipart/form-data" action="index.php?entry=<?php
  400.       echo $_REQUEST['entry'];
  401. ?>&show=comments" method="post">
  402.   <tr><td><input class="input_body" type="submit" value="click here to view posted entry"></td></tr>
  403.   </form>
  404.  
  405.   <form enctype="multipart/form-data" action="index.php" method="post">
  406.   <tr><td><input class="input_body" type="submit" value="click here to go to the index page"></td></tr>
  407.   </form>
  408.   </table>
  409.  
  410. <?php
  411.       exit();
  412.   }
  413. ?>
  414.  
  415. <table border="0" cellspacing="0" cellpadding="0"><tr><td valign="top">
  416.  
  417. <table border="0" cellspacing="0" cellpadding="0" bgcolor="#cccccc"><tr><td width="525">
  418.  
  419. <div id="panel_title"><?php
  420.   readfile($title_file);
  421. ?></div>
  422. <div id="panel_body"><table border="0" cellspacing="0" cellpadding="0"><tr><td><?php
  423.   readfile($body_file);
  424. ?></td></tr></table></div>
  425. <div id="panel_footer"><font style="font-size: 10px; color: #999999;"><?php
  426.   if (file_exists("data/items/{$_REQUEST['entry']}/author.txt")) {
  427.       readfile("data/items/{$_REQUEST['entry']}/author.txt");
  428.       echo " - ";
  429.   }
  430.  
  431.   entry2date($_REQUEST['entry']);
  432.  
  433.   if (file_exists($revisions_file)) {
  434.       echo ' (Revision ';
  435.       readfile($revisions_file);
  436.       echo " - ";
  437.       echo date("l, M j, Y, g:i A", filemtime("data/items/{$_REQUEST['entry']}/body.txt"));
  438.       echo ')';
  439.   }
  440. ?>
  441.  
  442. </font></div>
  443. </td></tr></table>
  444.  
  445. <form enctype="multipart/form-data" action="edit.php" method="post">
  446.  
  447. <p><table border="0" cellspacing="2" cellpadding="0" bgcolor="#ffffff">
  448.  
  449. <?php
  450.   if (($_SESSION['logged_in'] == $login_username) or (file_exists("data/members/active/{$_SESSION['logged_in']}/ul.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt"))) {
  451. ?>
  452.  
  453. <input type="hidden" name="max_file_size" value="<?php
  454.       echo $max_file_size;
  455. ?>">
  456.  
  457. <tr><td><input autocomplete="off" type="file" name="album_image_input"> Upload optional album image. Enter optional caption below.</td></tr>
  458. <tr><td><input autocomplete="off" type="text" name="caption" class="input_body"></td></tr>
  459. <tr><td><input type="hidden" name="max_file_size" value="<?php
  460.       echo $max_file_size;
  461. ?>"></td></tr>
  462. <tr><td><input autocomplete="off" type="file" name="entry_image_input"> Upload optional GIF, JPG, or PNG entry image.</td></tr>
  463. <tr><td><input type="hidden" name="max_file_size" value="<?php
  464.       echo $max_file_size;
  465. ?>"></td></tr>
  466. <tr><td><input autocomplete="off" type="file" name="file_input"> Upload optional file. Max size supported by server is <?php
  467.       echo($max_file_size / (1024 * 1024));
  468. ?>MB.</td></tr>
  469.  
  470. <?php
  471.   }
  472.  
  473.   if ($_SESSION['logged_in'] == $login_username) {
  474. ?>
  475.  
  476.   <tr><td><input autocomplete="off" type="password" name="passwd" <?php
  477.       if (file_exists("data/items/{$_REQUEST['entry']}/passwd.txt")) {
  478.           echo "value=\"password\"";
  479.       }
  480. ?>
  481.  
  482.   > <?php
  483.       if (file_exists("data/items/{$_REQUEST['entry']}/passwd.txt")) {
  484.           echo "Enter new password or clear field to disable password protection.";
  485.       } else {
  486.           echo "Enter optional password.";
  487.       }
  488. ?></td></tr>
  489.  
  490.   <tr><td><input autocomplete="off" type="text" name="maxlines" <?php
  491.       if (file_exists("data/items/{$_REQUEST['entry']}/maxlines.txt")) {
  492.           echo "value=\"";
  493.           readfile("data/items/{$_REQUEST['entry']}/maxlines.txt");
  494.           echo "\"";
  495.       }
  496. ?>
  497.  
  498.   > <?php
  499.       if (file_exists("data/items/{$_REQUEST['entry']}/maxlines.txt")) {
  500.           echo "Enter new maximum lines for initial display or clear field to disable.";
  501.       } else {
  502.           echo "Enter optional maximum lines for initial display.";
  503.       }
  504. ?></td></tr>
  505.  
  506.   <tr><td><input type="checkbox" name="sticky" <?php
  507.       $sticky_sem = 'data/sticky/' . $_REQUEST['entry'];
  508.       if (file_exists($sticky_sem)) {
  509.           echo checked;
  510.       }
  511. ?>>Put entry title in Quick Links box.</td></tr>
  512.   <tr><td><input type="checkbox" name="pdf" <?php
  513.       if (file_exists("data/items/{$_REQUEST['entry']}/pdf/file")) {
  514.           echo checked;
  515.       }
  516. ?>>Allow PDF generation for this entry.</td></tr>
  517.   <tr><td><input type="checkbox" name="display" <?php
  518.       $display_sem = "data/items/{$_REQUEST['entry']}/cat.txt";
  519.       if (file_exists($display_sem)) {
  520.           echo checked;
  521.       }
  522. ?>>Always display. If this is not a private entry, it will be displayed even if its category is hidden or isolated.</td></tr>
  523.   <tr><td><input type="checkbox" name="private" <?php
  524.       $private_sem = "data/items/{$_REQUEST['entry']}/private.txt";
  525.       if (file_exists($private_sem)) {
  526.           echo checked;
  527.       }
  528. ?>>Private entry. This entry will unconditionally be invisible to visitors<?php
  529.       if (file_exists("data/ml.txt")) {
  530.           echo " and to the mailing list";
  531.       }
  532. ?>, even if always display is set.</td></tr>
  533.  
  534.   <?php
  535.       if (file_exists("data/bb.txt")) {
  536. ?>
  537.  
  538.   <tr><td><input type="checkbox" name="member" <?php
  539.           $member_sem = "data/items/{$_REQUEST['entry']}/member.txt";
  540.           if (file_exists($member_sem)) {
  541.               echo checked;
  542.           }
  543. ?>>Only registered members can view this entry.</td></tr>
  544.  
  545.   <?php
  546.       }
  547. ?>
  548.  
  549.   <?php
  550.       if (file_exists("data/bb.txt") and file_exists("data/wiki.txt")) {
  551. ?>
  552.  
  553.   <tr><td><input type="checkbox" name="edit" <?php
  554.           $edit_sem = "data/items/{$_REQUEST['entry']}/edit.txt";
  555.           if (file_exists($edit_sem)) {
  556.               echo checked;
  557.           }
  558. ?>>Registered members can edit this entry.</td></tr>
  559.   <tr><td><input type="checkbox" name="lock" <?php
  560.           if (file_exists("data/items/{$_REQUEST['entry']}/lock.txt")) {
  561.               echo checked;
  562.           }
  563. ?>>Only the administrator can edit this entry. </td></tr>
  564.  
  565.   <?php
  566.       }
  567. ?>
  568.  
  569.   <tr><td><input type="checkbox" name="lastmod" <?php
  570.       $lastmod_sem = "data/items/{$_REQUEST['entry']}/lastmod.txt";
  571.       if (file_exists($lastmod_sem)) {
  572.           echo checked;
  573.       }
  574. ?>>Display last modification date and time.</td></tr>
  575.  
  576. <?php
  577.   }
  578. ?>
  579.  
  580. <?php
  581.  
  582. if (file_exists("images/{$_REQUEST['entry']}/album")) {
  583.  
  584.         $count_album_images = count(glob("images/{$_REQUEST['entry']}/album/*"));
  585.        
  586.         if ($count_album_images < 1) {
  587.                 rmdirr("images/{$_REQUEST['entry']}/album");
  588.         }
  589.         else {
  590.                 if (file_exists("data/items/{$_REQUEST['entry']}/auto-album.txt")) {
  591.                         echo "<tr><td><input type=\"checkbox\" name=\"auto_album\" checked>";
  592.                 }
  593.                 else {
  594.                         echo "<tr><td><input type=\"checkbox\" name=\"auto_album\">";
  595.                 }
  596.        
  597.                 if ($count_album_images > 1) {
  598.                         echo "Automatically display album (<a href=\"index.php?entry={$_REQUEST['entry']}&show=album\">$count_album_images images</a>).</td></tr>";
  599.                 }
  600.                 else {
  601.                         echo "Automatically display album (<a href=\"index.php?entry={$_REQUEST['entry']}&show=album\">$count_album_images image</a>).</td></tr>";
  602.                 }
  603.         }
  604. }
  605.  
  606. ?>
  607.  
  608. </table></p>
  609.  
  610. <input type="hidden" name="entry" value="<?php
  611.   echo $_REQUEST['entry'];
  612. ?>">
  613.  
  614. <table border="0" cellspacing="0" cellpadding="0"><tr><td>
  615.  
  616. <table border="0" cellspacing="2" cellpadding="0">
  617. <tr><td><input autocomplete="off" class="input_title" type="text" name="title_input" value="<?php
  618.   readfile($title_file);
  619. ?>"></td></tr>
  620. <tr><td><textarea class="input_body" name="body_input" rows="15">
  621. <?php
  622.   $open_body_file = fopen($body_file, "r");
  623.   $read_body_file = fread($open_body_file, filesize($body_file));
  624.   fclose($open_body_file);
  625.  
  626.   $body_read_content = str_replace('<br />', "\n", $read_body_file);
  627.   $body_read_content = str_replace('<img src="images/smileys/crying.png" border="0">', ':((', $body_read_content);
  628.   $body_read_content = str_replace('<img src="images/smileys/frown.png" border="0">', ':(', $body_read_content);
  629.   $body_read_content = str_replace('<img src="images/smileys/indifferent.png" border="0">', ':|', $body_read_content);
  630.   $body_read_content = str_replace('<img src="images/smileys/laughing.png" border="0">', ':D', $body_read_content);
  631.   $body_read_content = str_replace('<img src="images/smileys/lick.png" border="0">', ':P', $body_read_content);
  632.   $body_read_content = str_replace('<img src="images/smileys/ohno.png" border="0">', ':O', $body_read_content);
  633.   $body_read_content = str_replace('<img src="images/smileys/smile.png" border="0">', ':)', $body_read_content);
  634.   $body_read_content = str_replace('<img src="images/smileys/surprised.png" border="0">', '=)', $body_read_content);
  635.   $body_read_content = str_replace('<img src="images/smileys/undecided.png" border="0">', ':\\', $body_read_content);
  636.   $body_read_content = str_replace('<img src="images/smileys/wink.png" border="0">', ';)', $body_read_content);
  637.   $body_read_content = str_replace('<!-- html -->', '<html>', $body_read_content);
  638.   $body_read_content = str_replace('<!-- /html -->', '</html>', $body_read_content);
  639.   $body_read_content = str_replace('<span style="background-color: #ffff00;">', '<highlight>', $body_read_content);
  640.   $body_read_content = str_replace('</span>', '</highlight>', $body_read_content);
  641.  
  642.   echo $body_read_content;
  643. ?>
  644. </textarea></td></tr>
  645. <tr><td><input class="input_body" type="submit" value="click here to update this entry"></td></tr>
  646. </form>
  647.  
  648. <form enctype="multipart/form-data" action="index.php?entry=<?php
  649.   echo $_REQUEST['entry'];
  650. ?>" method="post">
  651. <tr><td><input class=input_body type=submit value="click here to view posted entry"></td></tr>
  652. </form>
  653.  
  654. <form enctype="multipart/form-data" action="index.php" method="post">
  655. <tr><td><input class="input_body" type="submit" value="click here to go to the index page"></td></tr>
  656. </form>
  657.  
  658. </table>
  659.  
  660. </td><td width="10"></td><td>
  661.  
  662. <table border="0" cellspacing="1" cellpadding="2">
  663. <tr><td><img src="images/smileys/crying.png" border="0"></td><td>:((</td><td >crying</td></tr>
  664. <tr><td><img src="images/smileys/frown.png" border="0"></td><td>:(</td><td>frown</td></tr>
  665. <tr><td><img src="images/smileys/indifferent.png" border="0"></td><td>:|</td><td>indifferent</td></tr>
  666. <tr><td><img src="images/smileys/laughing.png" border="0"></td><td>:D</td><td>laughing</td></tr>
  667. <tr><td><img src="images/smileys/lick.png" border="0"></td><td>:P</td><td>lick</td></tr>
  668. <tr><td><img src="images/smileys/ohno.png" border="0"></td><td>:O</td><td>oh no!</td></tr>
  669. <tr><td><img src="images/smileys/smile.png" border="0"></td><td>:)</td><td>smile</td></tr>
  670. <tr><td><img src="images/smileys/surprised.png" border="0"></td><td>=)</td><td>surprised</td></tr>
  671. <tr><td><img src="images/smileys/undecided.png" border="0"></td><td>:\</td><td>undecided</td></tr>
  672. <tr><td><img src="images/smileys/wink.png" border="0"></td><td>;)</td><td>wink</td></tr>
  673. </table>
  674.  
  675. </td></tr></table>
  676.  
  677. </td><td width="25"></td><td valign="top">
  678.  
  679. <?php
  680.   // improve category handling (20100221) - start
  681.  
  682.   if (file_exists("data/categories")) {
  683.       echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\"><tr><td valign=\"top\" width=\"150\">";
  684.      
  685.       if ($dh_cat = opendir("data/categories")) {
  686.           while (($entry_cat = readdir($dh_cat)) !== false) {
  687.               if ($entry_cat != "." && $entry_cat != "..") {
  688.                   if (file_exists("data/categories/$entry_cat/private.txt") and ($login_username != $_SESSION['logged_in'])) {
  689.                       continue;
  690.                   }
  691.                  
  692.                   if (file_exists("data/items/{$_REQUEST['entry']}/categories/$entry_cat")) {
  693.                       $filed_cat[] = $entry_cat;
  694.                   }
  695.                  
  696.                   if (!file_exists("data/items/{$_REQUEST['entry']}/categories/$entry_cat")) {
  697.                       $unfiled_cat[] = $entry_cat;
  698.                   }
  699.               }
  700.           }
  701.           closedir($dh_cat);
  702.          
  703.           sort($filed_cat);
  704.           sort($unfiled_cat);
  705.          
  706.           reset($filed_cat);
  707.           reset($unfiled_cat);
  708.          
  709.           $count_filed_cat = count($filed_cat);
  710.           $count_unfiled_cat = count($unfiled_cat);
  711.       }
  712.      
  713.       if ($count_filed_cat > 0) {
  714.           echo "<p><b>Filed Under</b></p>";
  715.          
  716.           echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\" width=\"150\">";
  717.          
  718.           foreach ($filed_cat as $filed_category) {
  719.               echo "<form enctype=\"multipart/form-data\" action=\"edit.php\" method=\"post\">";
  720.               echo "<input type=\"hidden\" name=\"entry\" value=\"{$_REQUEST['entry']}\">";
  721.               echo "<input type=\"hidden\" name=\"category\" value=\"$filed_category\">";
  722.               echo "<input type=\"hidden\" name=\"do\" value=\"unfile\">";
  723.               echo "<tr bgcolor=\"#ffffff\"><td><a href=\"index.php?category=$filed_category\">$filed_category</a></td>";
  724.               echo "<td width=\"14\"><input type=\"image\" src=\"images/widget.x.png\"></td></tr>";
  725.               echo "</form>";
  726.           }
  727.          
  728.           echo "</table>";
  729.       }
  730.      
  731.       echo "</td><td width=\"25\"></td><td valign=\"top\" width=\"150\">";
  732.      
  733.       if ($count_unfiled_cat > 0) {
  734.           echo "<p><b>Available Categories</b></p>";
  735.          
  736.           echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\" width=\"150\">";
  737.          
  738.           foreach ($unfiled_cat as $unfiled_category) {
  739.               echo "<form enctype=\"multipart/form-data\" action=\"edit.php\" method=\"post\">";
  740.               echo "<input type=\"hidden\" name=\"entry\" value=\"{$_REQUEST['entry']}\">";
  741.               echo "<input type=\"hidden\" name=\"category\" value=\"$unfiled_category\">";
  742.               echo "<input type=\"hidden\" name=\"do\" value=\"file\">";
  743.               echo "<tr bgcolor=\"#ffffff\"><td width=\"14\"><input type=\"image\" src=\"images/widget.ok.png\"></td>";
  744.               echo "<td align=\"right\"><a href=\"index.php?category=$unfiled_category\">$unfiled_category</a></td></tr>";
  745.               echo "</form>";
  746.           }
  747.          
  748.           echo "</table>";
  749.       }
  750.      
  751.       echo "</td></tr></table><br>";
  752.   }
  753.  
  754.   // improve category handling (20100221) - end
  755.  
  756.   // add member authorization (20100221) - start
  757.  
  758.   if (file_exists("data/members/active")) {
  759.       echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\"><tr><td valign=\"top\" width=\"150\">";
  760.      
  761.       if ($dh_ack_members = opendir("data/items/{$_REQUEST['entry']}/members")) {
  762.           while (($ack_member = readdir($dh_ack_members)) !== false) {
  763.               if ($ack_member != "." && $ack_member != "..") {
  764.                   if (file_exists("data/members/active/$ack_member")) {
  765.                       $ack_members[] = $ack_member;
  766.                   } else {
  767.                       rmdirr("data/items/{$_REQUEST['entry']}/members/$ack_member");
  768.                   }
  769.               }
  770.           }
  771.           closedir($dh_ack_members);
  772.           sort($ack_members);
  773.           reset($ack_members);
  774.           $count_ack_members = count($ack_members);
  775.       }
  776.      
  777.       if ($dh_nak_members = opendir("data/members/active")) {
  778.           while (($nak_member = readdir($dh_nak_members)) !== false) {
  779.               if ($nak_member != "." && $nak_member != "..") {
  780.                   if (file_exists("data/items/{$_REQUEST['entry']}/members/$nak_member")) {
  781.                       continue;
  782.                   }
  783.                  
  784.                   if (!file_exists("data/items/{$_REQUEST['entry']}/members/$nak_member")) {
  785.                       $nak_members[] = $nak_member;
  786.                   }
  787.               }
  788.           }
  789.           closedir($dh_nak_members);
  790.           sort($nak_members);
  791.           reset($nak_members);
  792.           $count_nak_members = count($nak_members);
  793.       }
  794.      
  795.       if ($count_ack_members > 0) {
  796.           echo "<p><b>Authorized Members</b></p>";
  797.          
  798.           echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\" width=\"150\">";
  799.          
  800.           foreach ($ack_members as $ack_member) {
  801.  
  802.                 if ($_SESSION['logged_in'] == $nak_member) {
  803.                         continue;
  804.                 }
  805.                          
  806.               echo "<form enctype=\"multipart/form-data\" action=\"edit.php\" method=\"post\">";
  807.               echo "<input type=\"hidden\" name=\"entry\" value=\"{$_REQUEST['entry']}\">";
  808.               echo "<input type=\"hidden\" name=\"auth_member\" value=\"$ack_member\">";
  809.               echo "<input type=\"hidden\" name=\"auth_toggle\" value=\"nak\">";
  810.               echo "<tr bgcolor=\"#ffffff\"><td><a href=\"member.php?id=$ack_member\">$ack_member</a></td>";
  811.               echo "<td width=\"14\"><input type=\"image\" src=\"images/widget.x.png\"></td></tr>";
  812.               echo "</form>";
  813.           }
  814.           echo "</table>";
  815.       }
  816.      
  817.       echo "</td><td width=\"25\"></td><td valign=\"top\" width=\"150\">";
  818.      
  819.       if ($count_nak_members > 0) {
  820.           echo "<p><b>Registered Members</b></p>";
  821.          
  822.           echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\" width=\"150\">";
  823.          
  824.           foreach ($nak_members as $nak_member) {
  825.          
  826.                 if ($_SESSION['logged_in'] == $nak_member) {
  827.                         continue;
  828.                 }
  829.          
  830.               echo "<form enctype=\"multipart/form-data\" action=\"edit.php\" method=\"post\">";
  831.               echo "<input type=\"hidden\" name=\"entry\" value=\"{$_REQUEST['entry']}\">";
  832.               echo "<input type=\"hidden\" name=\"auth_member\" value=\"$nak_member\">";
  833.               echo "<input type=\"hidden\" name=\"auth_toggle\" value=\"ack\">";
  834.               echo "<tr bgcolor=\"#ffffff\"><td width=\"14\"><input type=\"image\" src=\"images/widget.ok.png\"></td>";
  835.               echo "<td align=\"right\"><a href=\"member.php?id=$nak_member\">$nak_member</a></td></tr>";
  836.               echo "</form>";
  837.           }
  838.           echo "</table>";
  839.       }
  840.      
  841.       echo "</td></tr></table><br>";
  842.   }
  843.  
  844.   // add member authorization (20100221) - end
  845. ?>
  846.  
  847. </td></tr></table>
  848.  
  849. <?php
  850.   if (!isset($_POST['title_input']) or !isset($_POST['body_input']) or empty($_POST['title_input']) or empty($_POST['body_input'])) {
  851.       exit();
  852.   }
  853.  
  854.   if (file_exists("data/items/{$_REQUEST['entry']}/title.old")) {
  855.       unlink("data/items/{$_REQUEST['entry']}/title.old");
  856.   }
  857.  
  858.   if (file_exists("data/items/{$_REQUEST['entry']}/body.old")) {
  859.       unlink("data/items/{$_REQUEST['entry']}/body.old");
  860.   }
  861.  
  862.   copy("data/items/{$_REQUEST['entry']}/title.txt", "data/items/{$_REQUEST['entry']}/title.old");
  863.   copy("data/items/{$_REQUEST['entry']}/body.txt", "data/items/{$_REQUEST['entry']}/body.old");
  864.  
  865.   $title_write_content = format_title_put($_POST['title_input']);
  866.   $body_write_content = format_body_put($_POST['body_input']);
  867.  
  868.   $fp_revisions_file = fopen($revisions_file, "r");
  869.   $revisions_count = fread($fp_revisions_file, filesize($revisions_file));
  870.   fclose($fp_revisions_file);
  871.  
  872.   $revisions_count = $revisions_count + 1;
  873.  
  874.   $fp_revisions_file = fopen($revisions_file, "w");
  875.   fwrite($fp_revisions_file, $revisions_count);
  876.   fclose($fp_revisions_file);
  877.  
  878.   if (isset($_FILES['album_image_input']) and !empty($_FILES['album_image_input'])) {
  879.       if (is_uploaded_file($_FILES['album_image_input']['tmp_name'])) {
  880.           if ($_FILES['album_image_input']['size'] <= $max_file_size) {
  881.               if (($_FILES['album_image_input']['type'] == "image/gif") || ($_FILES['album_image_input']['type'] == "image/pjpeg") || ($_FILES['album_image_input']['type'] == "image/jpeg") || ($_FILES['album_image_input']['type'] == "image/png")) {
  882.                   $album_image_input_name = str_replace(" ", "_", $_FILES['album_image_input']['name']);
  883.                  
  884.                   if (!file_exists("images/{$_REQUEST['entry']}/album/$album_image_input_name")) {
  885.                       if (!file_exists("images/{$_REQUEST['entry']}")) {
  886.                           mkdir("images/{$_REQUEST['entry']}");
  887.                       }
  888.                      
  889.                       if (!file_exists("images/{$_REQUEST['entry']}/album")) {
  890.                           mkdir("images/{$_REQUEST['entry']}/album");
  891.                       }
  892.                      
  893.                       if (!file_exists("data/albums")) {
  894.                           mkdir("data/albums");
  895.                       }
  896.                      
  897.                       if (!file_exists("data/albums/{$_REQUEST['entry']}")) {
  898.                           mkdir("data/albums/{$_REQUEST['entry']}");
  899.                       }
  900.                      
  901.                       if (isset($_POST['caption']) and !empty($_POST['caption'])) {
  902.                           if (!file_exists("data/items/{$_REQUEST['entry']}/album")) {
  903.                               mkdir("data/items/{$_REQUEST['entry']}/album");
  904.                           }
  905.                          
  906.                           if (!file_exists("data/items/{$_REQUEST['entry']}/album/captions")) {
  907.                               mkdir("data/items/{$_REQUEST['entry']}/album/captions");
  908.                           }
  909.                          
  910.                           if (!file_exists("data/items/{$_REQUEST['entry']}/album/captions/{$album_image_input_name}.txt")) {
  911.                               $caption_txt = ucfirst($_POST['caption']);
  912.                               $caption_txt = str_replace(':((', '<img src="images/smileys/crying.png" border="0">', $caption_txt);
  913.                               $caption_txt = str_replace(':(', '<img src="images/smileys/frown.png" border="0">', $caption_txt);
  914.                               $caption_txt = str_replace(':|', '<img src="images/smileys/indifferent.png" border="0">', $caption_txt);
  915.                               $caption_txt = str_replace(':D', '<img src="images/smileys/laughing.png" border="0">', $caption_txt);
  916.                               $caption_txt = str_replace(':P', '<img src="images/smileys/lick.png" border="0">', $caption_txt);
  917.                               $caption_txt = str_replace(':O', '<img src="images/smileys/ohno.png" border="0">', $caption_txt);
  918.                               $caption_txt = str_replace(':)', '<img src="images/smileys/smile.png" border="0">', $caption_txt);
  919.                               $caption_txt = str_replace('=)', '<img src="images/smileys/surprised.png" border="0">', $caption_txt);
  920.                               $caption_txt = str_replace(':\\', '<img src="images/smileys/undecided.png" border="0">', $caption_txt);
  921.                               $caption_txt = str_replace(';)', '<img src="images/smileys/wink.png" border="0">', $caption_txt);
  922.                               $caption_txt = str_replace('[code]', '<code>', $caption_txt);
  923.                               $caption_txt = str_replace('[/code]', '</code>', $caption_txt);
  924.                               $caption_txt = str_replace("\n", '<br />', $caption_txt);
  925.                               $caption_txt = str_replace('[b]', '<b>', $caption_txt);
  926.                               $caption_txt = str_replace('[/b]', '</b>', $caption_txt);
  927.                               $caption_txt = str_replace('[i]', '<i>', $caption_txt);
  928.                               $caption_txt = str_replace('[/i]', '</i>', $caption_txt);
  929.                               $caption_txt = str_replace('[u]', '<u>', $caption_txt);
  930.                               $caption_txt = str_replace('[/u]', '</u>', $caption_txt);
  931.                               $caption_txt = str_replace('[strike]', '<strike>', $caption_txt);
  932.                               $caption_txt = str_replace('[/strike]', '</strike>', $caption_txt);
  933.                               $caption_txt = str_replace('[sup]', '<sup>', $caption_txt);
  934.                               $caption_txt = str_replace('[/sup]', '</sup>', $caption_txt);
  935.                               $caption_txt = str_replace('[sub]', '<sub>', $caption_txt);
  936.                               $caption_txt = str_replace('[/sub]', '</sub>', $caption_txt);
  937.                               $caption_txt = str_replace('[highlight]', '<highlight>', $caption_txt);
  938.                               $caption_txt = str_replace('[/highlight]', '</highlight>', $caption_txt);
  939.                               $caption_txt = str_replace('<highlight>', '<span style="background-color: #ffff00;">', $caption_txt);
  940.                               $caption_txt = str_replace('</highlight>', '</span>', $caption_txt);
  941.                              
  942.                               $fp_caption_txt = fopen("data/items/{$_REQUEST['entry']}/album/captions/{$album_image_input_name}.txt", "w");
  943.                               fwrite($fp_caption_txt, $caption_txt);
  944.                               fclose($fp_caption_txt);
  945.                           }
  946.                       }
  947.                      
  948.                      
  949.                       $res = copy($_FILES['album_image_input']['tmp_name'], "images/{$_REQUEST['entry']}/album/$album_image_input_name");
  950.                       unlink($_FILES['album_image_input']['tmp_name']);
  951.                   } else {
  952.                       unlink($_FILES['album_image_input']['tmp_name']);
  953.                   }
  954.               } else {
  955.                   unlink($_FILES['album_image_input']['tmp_name']);
  956.               }
  957.           } else {
  958.               unlink($_FILES['album_image_input']['tmp_name']);
  959.           }
  960.       } else {
  961.           unlink($_FILES['album_image_input']['tmp_name']);
  962.       }
  963.   }
  964.  
  965.   if (isset($_FILES['entry_image_input']) and !empty($_FILES['entry_image_input'])) {
  966.       if (is_uploaded_file($_FILES['entry_image_input']['tmp_name'])) {
  967.           if ($_FILES['entry_image_input']['size'] <= $max_file_size) {
  968.               if (($_FILES['entry_image_input']['type'] == "image/gif") || ($_FILES['entry_image_input']['type'] == "image/pjpeg") || ($_FILES['entry_image_input']['type'] == "image/jpeg") || ($_FILES['entry_image_input']['type'] == "image/png")) {
  969.                   $entry_image_input_name = str_replace(" ", "_", $_FILES['entry_image_input']['name']);
  970.                  
  971.                  
  972.                   if (!file_exists("images/{$_REQUEST['entry']}/$entry_image_input_name")) {
  973.                       if (!file_exists("images/{$_REQUEST['entry']}")) {
  974.                           mkdir("images/{$_REQUEST['entry']}");
  975.                       }
  976.                      
  977.                      
  978.                       $res = copy($_FILES['entry_image_input']['tmp_name'], "images/{$_REQUEST['entry']}/$entry_image_input_name");
  979.                       unlink($_FILES['entry_image_input']['tmp_name']);
  980.                      
  981.                       $entry_image_size = getimagesize("images/{$_REQUEST['entry']}/$entry_image_input_name");
  982.                       $entry_image_width = $entry_image_size[0];
  983.                       $entry_image_height = $entry_image_size[1];
  984.                      
  985.                       $max_entry_image_width = 513;
  986.                      
  987.                       if ($entry_image_width > $max_entry_image_width) {
  988.                           $sizefactor = (double)($max_entry_image_width / $entry_image_width);
  989.                           $entry_image_width = (int)($entry_image_width * $sizefactor);
  990.                           $entry_image_height = (int)($entry_image_height * $sizefactor);
  991.                       }
  992.                      
  993.                       $body_write_content = "<img src=\"images/{$_REQUEST['entry']}/$entry_image_input_name\" border=\"0\" width=\"$entry_image_width\" height=\"$entry_image_height\">\n\r$body_write_content";
  994.                   } else {
  995.                       unlink($_FILES['entry_image_input']['tmp_name']);
  996.                   }
  997.               } else {
  998.                   unlink($_FILES['entry_image_input']['tmp_name']);
  999.               }
  1000.           } else {
  1001.               unlink($_FILES['entry_image_input']['tmp_name']);
  1002.           }
  1003.       } else {
  1004.           unlink($_FILES['entry_image_input']['tmp_name']);
  1005.       }
  1006.   }
  1007.  
  1008.   if (isset($_FILES['file_input']) and !empty($_FILES['file_input'])) {
  1009.       if (is_uploaded_file($_FILES['file_input']['tmp_name'])) {
  1010.           if ($_FILES['file_input']['size'] <= $max_file_size) {
  1011.               if (!file_exists("data/items/{$_REQUEST['entry']}/filedrop")) {
  1012.                   mkdir("data/items/{$_REQUEST['entry']}/filedrop");
  1013.               }
  1014.              
  1015.               if (!file_exists("data/items/{$_REQUEST['entry']}/filedrop/files")) {
  1016.                   mkdir("data/items/{$_REQUEST['entry']}/filedrop/files");
  1017.               }
  1018.              
  1019.               $file_input_name = str_replace(" ", "_", $_FILES['file_input']['name']);
  1020.              
  1021.               if (!file_exists("data/items/{$_REQUEST['entry']}/filedrop/files/$file_input_name")) {
  1022.                   $res = copy($_FILES['file_input']['tmp_name'], "data/items/{$_REQUEST['entry']}/filedrop/files/$file_input_name");
  1023.                   unlink($_FILES['file_input']['tmp_name']);
  1024.                  
  1025.                  
  1026.                   $fp_file_txt = fopen("data/items/{$_REQUEST['entry']}/filedrop/{$file_input_name}.txt", "w");
  1027.                   fwrite($fp_file_txt, "data/items/{$_REQUEST['entry']}/filedrop/files/$file_input_name");
  1028.                   fclose($fp_file_txt);
  1029.               } else {
  1030.                   unlink($_FILES['file_input']['tmp_name']);
  1031.               }
  1032.           } else {
  1033.               unlink($_FILES['file_input']['tmp_name']);
  1034.           }
  1035.       } else {
  1036.           unlink($_FILES['file_input']['tmp_name']);
  1037.       }
  1038.   }
  1039.  
  1040.   if (file_exists("data/wiki.txt")) {
  1041.       $old_title = file_get_contents("data/items/{$_REQUEST['entry']}/title.old");
  1042.       $old_body = file_get_contents("data/items/{$_REQUEST['entry']}/body.old");
  1043.      
  1044.       if (($old_title != $title_write_content) or ($old_body != $body_write_content)) {
  1045.           if (!file_exists("data/items/{$_REQUEST['entry']}/wiki")) {
  1046.               mkdir("data/items/{$_REQUEST['entry']}/wiki");
  1047.           }
  1048.          
  1049.           if (!file_exists("data/items/{$_REQUEST['entry']}/wiki/delta")) {
  1050.               mkdir("data/items/{$_REQUEST['entry']}/wiki/delta");
  1051.           }
  1052.          
  1053.           if (file_exists("data/offset.txt")) {
  1054.               $offset = file_get_contents("data/offset.txt");
  1055.           } else {
  1056.               $offset = 0;
  1057.           }
  1058.          
  1059.           $ddate = date("YmdHis", time() + $offset);
  1060.          
  1061.           if (!file_exists("data/items/{$_REQUEST['entry']}/wiki/delta/$ddate")) {
  1062.               mkdir("data/items/{$_REQUEST['entry']}/wiki/delta/$ddate");
  1063.           }
  1064.          
  1065.           $new_body = fopen("data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/body.txt", "w");
  1066.           fwrite($new_body, $body_write_content);
  1067.           fclose($new_body);
  1068.          
  1069.           $new_title = fopen("data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/title.txt", "w");
  1070.           fwrite($new_title, $title_write_content);
  1071.           fclose($new_title);
  1072.          
  1073.           copy("data/items/{$_REQUEST['entry']}/title.txt", "data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/ptitle.txt");
  1074.           copy("data/items/{$_REQUEST['entry']}/body.txt", "data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/prev.txt");
  1075.           copy("data/items/{$_REQUEST['entry']}/date.txt", "data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/date.txt");
  1076.          
  1077.           if (file_exists("data/items/{$_REQUEST['entry']}/contrib.txt")) {
  1078.               copy("data/items/{$_REQUEST['entry']}/contrib.txt", "data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/contrib.txt");
  1079.           }
  1080.          
  1081.           $open_editor_file = fopen("data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/editor.txt", "w");
  1082.           fwrite($open_editor_file, $_SESSION['logged_in']);
  1083.           fclose($open_editor_file);
  1084.       }
  1085.   }
  1086.  
  1087.   $open_title_file = fopen($title_file, "w");
  1088.   fwrite($open_title_file, $title_write_content);
  1089.   fclose($open_title_file);
  1090.  
  1091.   $open_body_file = fopen($body_file, "w");
  1092.   fwrite($open_body_file, $body_write_content);
  1093.   fclose($open_body_file);
  1094.  
  1095.   if (file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in']))) {
  1096.       $open_contrib_file = fopen("data/items/{$_REQUEST['entry']}/contrib.txt", "w");
  1097.       fwrite($open_contrib_file, $_SESSION['logged_in']);
  1098.       fclose($open_contrib_file);
  1099.   }
  1100.  
  1101.   if ($_SESSION['logged_in'] == $login_username) {
  1102.       $sticky_sem = 'data/sticky/' . $_REQUEST['entry'];
  1103.      
  1104.       if (isset($_POST['sticky']) and !empty($_POST['sticky']) and ($_POST['sticky'] == "on")) {
  1105.           if (!file_exists("data/sticky")) {
  1106.               mkdir("data/sticky");
  1107.           }
  1108.           if (!file_exists($sticky_sem)) {
  1109.               touch($sticky_sem);
  1110.           }
  1111.       }
  1112.       if (!isset($_POST['sticky']) or empty($_POST['sticky'])) {
  1113.           if (file_exists($sticky_sem)) {
  1114.               unlink($sticky_sem);
  1115.           }
  1116.       }
  1117.      
  1118.       $display_sem = "data/items/{$_REQUEST['entry']}/cat.txt";
  1119.      
  1120.       if (isset($_POST['display']) and !empty($_POST['display']) and ($_POST['display'] == "on")) {
  1121.           if (!file_exists($display_sem)) {
  1122.               touch($display_sem);
  1123.           }
  1124.       }
  1125.       if (!isset($_POST['display']) or empty($_POST['display'])) {
  1126.           if (file_exists($display_sem)) {
  1127.               unlink($display_sem);
  1128.           }
  1129.       }
  1130.      
  1131.       $private_sem = "data/items/{$_REQUEST['entry']}/private.txt";
  1132.      
  1133.       if (isset($_POST['private']) and !empty($_POST['private']) and ($_POST['private'] == "on")) {
  1134.           if (!file_exists($private_sem)) {
  1135.               touch($private_sem);
  1136.           }
  1137.       }
  1138.       if (!isset($_POST['private']) or empty($_POST['private'])) {
  1139.           if (file_exists($private_sem)) {
  1140.               unlink($private_sem);
  1141.           }
  1142.       }
  1143.      
  1144.       $member_sem = "data/items/{$_REQUEST['entry']}/member.txt";
  1145.      
  1146.       if (isset($_POST['member']) and !empty($_POST['member']) and ($_POST['member'] == "on")) {
  1147.           if (!file_exists($member_sem)) {
  1148.               touch($member_sem);
  1149.           }
  1150.       }
  1151.       if (!isset($_POST['member']) or empty($_POST['member'])) {
  1152.           if (file_exists($member_sem)) {
  1153.               unlink($member_sem);
  1154.           }
  1155.       }
  1156.      
  1157.       $edit_sem = "data/items/{$_REQUEST['entry']}/edit.txt";
  1158.      
  1159.       if (isset($_POST['edit']) and !empty($_POST['edit']) and ($_POST['edit'] == "on")) {
  1160.           if (!file_exists($edit_sem)) {
  1161.               touch($edit_sem);
  1162.           }
  1163.       }
  1164.      
  1165.       if (!isset($_POST['edit']) or empty($_POST['edit'])) {
  1166.           if (file_exists($edit_sem)) {
  1167.               unlink($edit_sem);
  1168.           }
  1169.       }
  1170.      
  1171.       if (isset($_POST['lock']) and !empty($_POST['lock']) and ($_POST['lock'] == "on")) {
  1172.           if (file_exists("data/items/{$_REQUEST['entry']}/edit.txt")) {
  1173.               unlink("data/items/{$_REQUEST['entry']}/edit.txt");
  1174.           }
  1175.          
  1176.           if (!file_exists("data/items/{$_REQUEST['entry']}/lock.txt")) {
  1177.               touch("data/items/{$_REQUEST['entry']}/lock.txt");
  1178.           }
  1179.       }
  1180.       if (!isset($_POST['lock']) or empty($_POST['lock'])) {
  1181.           if (file_exists("data/items/{$_REQUEST['entry']}/lock.txt")) {
  1182.               unlink("data/items/{$_REQUEST['entry']}/lock.txt");
  1183.           }
  1184.       }
  1185.      
  1186.       $lastmod_sem = "data/items/{$_REQUEST['entry']}/lastmod.txt";
  1187.      
  1188.       if (isset($_POST['lastmod']) and !empty($_POST['lastmod']) and ($_POST['lastmod'] == "on")) {
  1189.           if (!file_exists($lastmod_sem)) {
  1190.               touch($lastmod_sem);
  1191.           }
  1192.       }
  1193.      
  1194.       if (!isset($_POST['lastmod']) or empty($_POST['lastmod'])) {
  1195.           if (file_exists($lastmod_sem)) {
  1196.               unlink($lastmod_sem);
  1197.           }
  1198.       }
  1199.  
  1200.         if (isset($_POST['auto_album']) and !empty($_POST['auto_album']) and ($_POST['auto_album'] == "on")) {
  1201.        
  1202.                 if (!file_exists("data/items/{$_REQUEST['entry']}/auto-album.txt")) {
  1203.                         touch("data/items/{$_REQUEST['entry']}/auto-album.txt");
  1204.                 }
  1205.         }
  1206.        
  1207.         if (!isset($_POST['auto_album']) or empty($_POST['auto_album'])) {
  1208.        
  1209.                 if (file_exists("data/items/{$_REQUEST['entry']}/auto-album.txt")) {
  1210.                         unlink("data/items/{$_REQUEST['entry']}/auto-album.txt");
  1211.                 }
  1212.         }
  1213.      
  1214.       if (isset($_POST['pdf']) and !empty($_POST['pdf']) and ($_POST['pdf'] == "on")) {
  1215.           if (!file_exists("data/items/{$_REQUEST['entry']}/pdf")) {
  1216.               mkdir("data/items/{$_REQUEST['entry']}/pdf");
  1217.           }
  1218.          
  1219.           if (!file_exists("data/items/{$_REQUEST['entry']}/pdf/file")) {
  1220.               mkdir("data/items/{$_REQUEST['entry']}/pdf/file");
  1221.           }
  1222.          
  1223.           if (!file_exists("data/items/{$_REQUEST['entry']}/pdf/count")) {
  1224.               mkdir("data/items/{$_REQUEST['entry']}/pdf/count");
  1225.           }
  1226.          
  1227.           $entry = $_REQUEST['entry'];
  1228.           $author_file = "data/author.txt";
  1229.           $title_file = "data/items/$entry/title.txt";
  1230.           $date_file = "data/items/$entry/date.txt";
  1231.           $body_file = "data/items/$entry/body.txt";
  1232.          
  1233.           $author = file_get_contents($author_file);
  1234.           $title = file_get_contents($title_file);
  1235.           $date = file_get_contents($date_file);
  1236.          
  1237.           $link = "<a href=\"http://{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}?entry=$entry\">http://{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}?entry=$entry</a>";
  1238.           $link = str_replace("pdf.php?entry=", "index.php?entry=", $link);
  1239.           $link = str_replace("edit.php?entry=", "index.php?entry=", $link);
  1240.          
  1241.           $body = file_get_contents($body_file);
  1242.           $body = str_replace("\n", "<br />", $body);
  1243.          
  1244.           $html = "<br><i>by $author</i><br><br>$date<br><br>Canonical Source<br>$link<br><br><br>$body";
  1245.          
  1246.           $filename = strtolower($title);
  1247.           $filename = strtolower($_SERVER['SERVER_NAME']) . "-" . $entry . "-" . $filename . ".pdf";
  1248.           $filename = str_replace(" ", "-", $filename);
  1249.           $filename = "data/items/$entry/pdf/file/$filename";
  1250.          
  1251.           $pdf = new PDF();
  1252.           $pdf->AddPage();
  1253.           $pdf->SetTitle($title);
  1254.           $pdf->SetAuthor($author);
  1255.           $pdf->SetFont('Helvetica', 'B', 14);
  1256.           $pdf->WriteHTML($title);
  1257.           $pdf->SetFont('Helvetica', '', 10);
  1258.           $pdf->WriteHTML($html);
  1259.           $pdf->Output($filename);
  1260.       }
  1261.      
  1262.       if (!isset($_POST['pdf']) or empty($_POST['pdf'])) {
  1263.           if (file_exists("data/items/{$_REQUEST['entry']}/pdf/file")) {
  1264.               rmdirr("data/items/{$_REQUEST['entry']}/pdf/file");
  1265.           }
  1266.       }
  1267.      
  1268.       $passwd_file = "data/items/{$_REQUEST['entry']}/passwd.txt";
  1269.      
  1270.       if (isset($_POST['passwd']) and !empty($_POST['passwd']) and ($_POST['passwd'] != "password")) {
  1271.           $fp_passwd_txt = fopen("$passwd_file", "w");
  1272.           $passwd_crypt = sha1($_POST['passwd']);
  1273.           $passwd_crypt = md5($passwd_crypt);
  1274.           $passwd_crypt = crypt($passwd_crypt, $passwd_crypt);
  1275.           fwrite($fp_passwd_txt, $passwd_crypt);
  1276.           fclose($fp_passwd_txt);
  1277.       }
  1278.      
  1279.       if (!isset($_POST['passwd']) or empty($_POST['passwd'])) {
  1280.           if (file_exists($passwd_file)) {
  1281.               unlink($passwd_file);
  1282.           }
  1283.       }
  1284.      
  1285.       if (isset($_POST['maxlines']) and !empty($_POST['maxlines']) and is_numeric($_POST['maxlines'])) {
  1286.           $fp_maxlines_txt = fopen("data/items/{$_REQUEST['entry']}/maxlines.txt", "w");
  1287.           fwrite($fp_maxlines_txt, $_POST['maxlines']);
  1288.           fclose($fp_maxlines_txt);
  1289.       }
  1290.      
  1291.       if (!isset($_POST['maxlines']) or empty($_POST['maxlines'])) {
  1292.           if (file_exists("data/items/{$_REQUEST['entry']}/maxlines.txt")) {
  1293.               unlink("data/items/{$_REQUEST['entry']}/maxlines.txt");
  1294.           }
  1295.       }
  1296.   }
  1297.  
  1298.   if (file_exists("data/items/{$_REQUEST['entry']}/title.old")) {
  1299.       unlink("data/items/{$_REQUEST['entry']}/title.old");
  1300.   }
  1301.  
  1302.   if (file_exists("data/items/{$_REQUEST['entry']}/body.old")) {
  1303.       unlink("data/items/{$_REQUEST['entry']}/body.old");
  1304.   }
  1305.  
  1306.   if (file_exists("data/ping.txt")) {
  1307.       $ping_urls = explode("|", file_get_contents("data/ping.txt"));
  1308.      
  1309.       foreach ($ping_urls as $ping_url) {
  1310.           $ping = file_get_contents($ping_url);
  1311.           unset($ping);
  1312.       }
  1313.   }
  1314. ?>
  1315.  
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
35524 downloads
MAJ 1.0
26 files
14406 downloads
MAJ 0.14
45 files
37089 downloads