Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This blob has been accessed 833 times via Git panel.

  1. <?php
  2.  
  3.  
  4. header("Cache-control: private");
  5.  
  6. error_reporting(E_ERROR);
  7.  
  8. if (isset($_SESSION['logged_in']) and ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])) {
  9.         header("Location: login.php");
  10. }
  11.  
  12.         function stripslashes_array($data) {
  13.                 if (is_array($data)) {
  14.                         foreach ($data as $key => $value) {
  15.                                 $data[$key] = stripslashes_array($value);
  16.                         }
  17.                         return $data;
  18.                 }
  19.                 else {
  20.                         return stripslashes($data);
  21.                 }
  22.         }
  23.         $_POST = stripslashes_array($_POST);
  24. }
  25.  
  26. if (file_exists("data/offset.txt")) {
  27.         $offset = file_get_contents("data/offset.txt");
  28. }
  29. else {
  30.         $offset = 0;
  31. }
  32.  
  33. ?>
  34.  
  35. <title>Dig!</title>
  36.  
  37. <style>
  38. body {
  39.         color: #666666;
  40.         margin: 10px;
  41.         padding: 0px;
  42.         text-align: left;
  43.         font-family: <?php
  44.                                 if (file_exists("data/fonts/body.txt")) {
  45.                                         $font_body = file_get_contents("data/fonts/body.txt");
  46.                                         echo "{$font_body},";
  47.                                 }
  48.         ?> arial, helvetica, sans-serif;
  49.         background-color: #FFFFFF;
  50. }
  51.  
  52. p, td {
  53.         font-size: 11px;
  54. }
  55.  
  56. a {
  57.         font-weight: bold;
  58.         text-decoration: none;
  59. }
  60.  
  61. a:link, a:visited {
  62.         color: #666666;
  63. }
  64.  
  65. a:hover {
  66.         color: #336699;
  67. }
  68.  
  69. a:active {
  70.         color: #336699;
  71. }
  72. </style>
  73.  
  74. <?php
  75.  
  76. $username_file = 'data/username.txt';
  77. $open_username_file = fopen($username_file,"r");
  78. $login_username = fread($open_username_file,filesize($username_file));
  79. fclose($open_username_file);
  80.  
  81. if (!isset($_POST['search'])) {
  82.         exit();
  83. }
  84.  
  85. if (empty($_POST['search'])) {
  86.         echo "<p>Search string required. Click <a href=index.php>here</a> to go to the index page.</p>";
  87.         exit();
  88. }
  89.  
  90. $search = trim(strip_tags(strtolower($_POST['search'])));
  91.  
  92. $google = str_replace(" ", "+", $search);
  93.  
  94. if (strlen($search) < 3) {
  95.         echo "<p>Search string must be composed of 3 or more characters. Click <a href=index.php>here</a> to go to the index page.</p>";
  96.         exit();
  97. }
  98.  
  99. $dir = "data/items";
  100.  
  101. if (file_exists("data/bb.txt") and file_exists("data/members/active") and ($dh_search_members = opendir("data/members/active"))) {
  102.  
  103.         $start_time_member = round(microtime(), 3);
  104.  
  105.         while (($entry_search_members = readdir($dh_search_members)) !== false) {
  106.  
  107.                 if ($entry_search_members != "." && $entry_search_members != "..") {
  108.                         $total_members[] = $entry_search_members;
  109.                 }
  110.  
  111.                 if ($entry_search_members != "." && $entry_search_members != ".." && (preg_match("/\b$search\b/i", file_get_contents("data/members/active/$entry_search_members/firstname.txt")) or preg_match("/\b$search\b/i", file_get_contents("data/members/active/$entry_search_members/lastname.txt")) or preg_match("/\b$search\b/i", file_get_contents("data/members/active/$entry_search_members/rank.txt")) or ($search == $entry_search_members))) {
  112.                         $show_search_members[] = $entry_search_members;
  113.                 }
  114.         }
  115.  
  116.         $stop_time_member = round(microtime(), 3);
  117.  
  118.         $generation_time_member = $stop_time_member - $start_time_member;
  119.         $generation_time_member = str_replace("-","",$generation_time_member);
  120.  
  121.         $show_search_members = array_unique($show_search_members);
  122.         $show_search_members = array_values($show_search_members);
  123.         sort($show_search_members);
  124.  
  125.         reset($show_search_members);
  126.         $count_search_members = count($show_search_members);
  127.  
  128.         reset($total_members);
  129.         $count_total_members = count($total_members);
  130.  
  131.         if ($count_search_members > 0) {
  132.                 echo "<p>Found <b>$search</b> in $count_search_members out of $count_total_members ";
  133.  
  134.                 if ($count_total_members == 1) {
  135.                         echo "member";
  136.                 }
  137.  
  138.                 if ($count_total_members > 1) {
  139.                         echo "members";
  140.                 }
  141.  
  142.                 echo " ($generation_time_member seconds).</p>";
  143.  
  144.                 $search_ucfirst = ucfirst($search);
  145.                 $search_ucwords = ucwords($search);
  146.                 $search_strtoupper = strtoupper($search);
  147.  
  148.                 foreach ($show_search_members as $match_member) {
  149.                         $match_member_firstname = file_get_contents("data/members/active/$match_member/firstname.txt");
  150.                         $match_member_firstname = str_replace($search, "<span style=\"background-color: #ffff00;\">$search</span>", $match_member_firstname);
  151.                         $match_member_firstname = str_replace($search_ucfirst, "<span style=\"background-color: #ffff00;\">$search_ucfirst</span>", $match_member_firstname);
  152.                         $match_member_firstname = str_replace($search_ucwords, "<span style=\"background-color: #ffff00;\">$search_ucwords</span>", $match_member_firstname);
  153.                         $match_member_firstname = str_replace($search_strtoupper, "<span style=\"background-color: #ffff00;\">$search_strtoupper</span>", $match_member_firstname);
  154.  
  155.                         $match_member_lastname = file_get_contents("data/members/active/$match_member/lastname.txt");
  156.                         $match_member_lastname = str_replace($search, "<span style=\"background-color: #ffff00;\">$search</span>", $match_member_lastname);
  157.                         $match_member_lastname = str_replace($search_ucfirst, "<span style=\"background-color: #ffff00;\">$search_ucfirst</span>", $match_member_lastname);
  158.                         $match_member_lastname = str_replace($search_ucwords, "<span style=\"background-color: #ffff00;\">$search_ucwords</span>", $match_member_lastname);
  159.                         $match_member_lastname = str_replace($search_strtoupper, "<span style=\"background-color: #ffff00;\">$search_strtoupper</span>", $match_member_lastname);
  160.  
  161.                         $match_member_link = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/member.php?id={$match_member}";
  162.                         $match_member_link_fix = array('//member.php', '///member.php');
  163.                         $match_member_link = str_replace($match_member_link_fix, '/member.php', $match_member_link);
  164.                         $match_member_link = trim($match_member_link);
  165.  
  166.                         echo "<p><a href=member.php?id={$match_member}>$match_member</a><br>{$match_member_firstname} {$match_member_lastname}<br>$match_member_link</p>";
  167.                 }
  168.         }
  169. }
  170.  
  171. if ($dh_search_items = opendir($dir)) {
  172.  
  173.         $start_time_item = round(microtime(), 3);
  174.  
  175.         while (($entry_search_items = readdir($dh_search_items)) !== false) {
  176.  
  177.                 $today = date("YmdHis", time() + $offset);
  178.  
  179.                 if (($entry_search_items > $today) and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username))) {
  180.                         continue;
  181.                 }
  182.  
  183.                 $private = "0";
  184.  
  185.                 if (file_exists("data/items/$entry_search_items/categories")) {
  186.                        
  187.                         if ($dh_cat_dig = opendir("data/items/$entry_search_items/categories")) {
  188.                        
  189.                                 while (($entry_cat_dig = readdir($dh_cat_dig)) !== false) {
  190.                        
  191.                                         if ($entry_cat_dig != "." && $entry_cat_dig != "..") {
  192.                        
  193.                                                 if (file_exists("data/categories/$entry_cat_dig/private.txt") and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username))) {
  194.                                                         $private = $private + 1;
  195.                                                 }
  196.                                         }
  197.                                 }
  198.                                 closedir($dh_cat_dig);
  199.                         }
  200.                 }
  201.  
  202.                 if (($private > 0) and !file_exists("data/items/$entry_search_items/cat.txt")) {
  203.                         continue;
  204.                 }
  205.  
  206.                 if (file_exists("data/items/$entry_search_items/private.txt") and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username))) {
  207.                         continue;
  208.                 }
  209.  
  210.                 if (file_exists("data/items/$entry_search_items/passwd.txt") and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username))) {
  211.                         continue;
  212.                 }
  213.  
  214.                 if (file_exists("data/items/$entry_search_items/member.txt") and !isset($_SESSION['logged_in'])) {
  215.                         continue;
  216.                 }
  217.  
  218.                 if ($entry_search_items != "." && $entry_search_items != "..") {
  219.                         $total_entries[] = $entry_search_items;
  220.                 }
  221.  
  222.                 if ($entry_search_items != "." && $entry_search_items != ".." && (preg_match("/\b$search\b/i", file_get_contents("data/items/$entry_search_items/title.txt")) or preg_match("/\b$search\b/i", file_get_contents("data/items/$entry_search_items/body.txt")))) {
  223.                         $show_search_items[] = $entry_search_items;
  224.                 }
  225.  
  226.                 if ($entry_search_items != "." && $entry_search_items != ".." && file_exists("data/items/$entry_search_items/comments/live")) {
  227.                         if ($dh_comment_items = opendir("data/items/$entry_search_items/comments/live")) {
  228.                                 while (($entry_comment_items = readdir($dh_comment_items)) !== false) {
  229.  
  230.                                         if ($entry_comment_items != "." && $entry_comment_items != "..") {
  231.                                                 $total_comments[] = $entry_comment_items;
  232.                                         }
  233.  
  234.                                         if ($entry_comment_items != "." && $entry_comment_items != ".." && preg_match("/\b$search\b/i", file_get_contents("data/items/$entry_search_items/comments/live/$entry_comment_items/comment.txt"))) {
  235.                                                 $show_search_items[] = $entry_search_items;
  236.                                         }
  237.                                 }
  238.                         }
  239.                 }
  240.         }
  241.         closedir($dh_search_items);
  242. }
  243.  
  244. $stop_time_item = round(microtime(), 3);
  245.  
  246. $generation_time_item = $stop_time_item - $start_time_item;
  247. $generation_time_item = str_replace("-","",$generation_time_item);
  248.  
  249. $show_search_items = array_unique($show_search_items);
  250. $show_search_items = array_values($show_search_items);
  251. rsort($show_search_items);
  252.  
  253. reset($show_search_items);
  254. $count_search_items = count($show_search_items);
  255.  
  256. reset($count_total_comments);
  257. $count_total_comments = count($total_comments);
  258.  
  259. reset($total_entries);
  260. $count_total_items = count($total_entries);
  261.  
  262. if (($count_search_items > 0) and ($count_total_items > 0)) {
  263.  
  264.         echo "<p>Found <b>$search</b> in $count_search_items out of $count_total_items ";
  265.  
  266.         if ($count_total_items == 1) {
  267.                 echo "entry";
  268.         }
  269.  
  270.         if ($count_total_items > 1) {
  271.                 echo "entries";
  272.         }
  273.  
  274.         if ($count_total_comments > 0) {
  275.                 echo " and $count_total_comments ";
  276.  
  277.                 if ($count_total_comments == 1) {
  278.                         echo "comment";
  279.                 }
  280.  
  281.                 if ($count_total_comments > 1) {
  282.                         echo "comments";
  283.                 }
  284.         }
  285.        
  286.         echo " ($generation_time_item seconds).</p>";
  287.  
  288.         $increment_search_entries = 0;
  289.  
  290.         while ($increment_search_entries <= ($count_search_items - 1)) {
  291.                 $link = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?entry=$show_search_items[$increment_search_entries]";
  292.                 $fix_link = array('//index.php', '///index.php');
  293.                 $link = str_replace($fix_link, '/index.php', $link);
  294.                 $link = trim($link);
  295.  
  296.                 echo "<p><a href=$link";
  297.  
  298.                 if (file_exists("data/items/$show_search_items[$increment_search_entries]/comments/live") and !preg_match("/\b$search\b/i",file_get_contents("data/items/$show_search_items[$increment_search_entries]/title.txt")) and !preg_match("/\b$search\b/i",file_get_contents("data/items/$show_search_items[$increment_search_entries]/body.txt"))) {
  299.                         echo "&show=comments";
  300.                 }
  301.  
  302.                 echo ">";
  303.                 readfile("data/items/$show_search_items[$increment_search_entries]/title.txt");
  304.                 echo "</a><br>";
  305.                 readfile("data/items/$show_search_items[$increment_search_entries]/date.txt");
  306.                 echo "<br>";
  307.  
  308.                 $body = file_get_contents("data/items/$show_search_items[$increment_search_entries]/body.txt");
  309.                 $body = strip_tags($body);
  310.                 $body = trim($body);
  311.                 // comment out next line for _long_ quote
  312.                 $body = str_replace(".","<br />", $body);
  313.  
  314.                 if (file_exists("data/pf.txt") and file_exists("data/pf-badwords.txt")) {
  315.                         $badwords = file_get_contents("data/pf-badwords.txt");
  316.  
  317.                         if (file_exists("data/pf-censor.txt")) {
  318.                                 $censor = file_get_contents("data/pf-censor.txt");
  319.                         }
  320.                         else {
  321.                                 $censor = "[expletive]";
  322.                         }
  323.                         $body = preg_replace("/\b($badwords)\b/i",$censor,$body);
  324.                 }
  325.  
  326.                 $body = nl2br($body);
  327.                 $body = explode("<br />", $body);
  328.                 foreach ($body as $line) {
  329.                         if (preg_match("/\b$search\b/i", $line)) {
  330.                                 $line = str_replace($search, "<span style=\"background-color: #ffff00;\">$search</span>", $line);
  331.                                 $ucfirst_line = ucfirst($search);
  332.                                 $line = str_replace($ucfirst_line, "<span style=\"background-color: #ffff00;\">$ucfirst_line</span>", $line);
  333.  
  334.                                 $strtoupper_line = strtoupper($search);
  335.                                 $line = str_replace($strtoupper_line, "<span style=\"background-color: #ffff00;\">$strtoupper_line</span>", $line);
  336.  
  337.                                 $ucwords_line = ucwords($search);
  338.                                 $line = str_replace($ucwords_line, "<span style=\"background-color: #ffff00;\">$ucwords_line</span>", $line);
  339.  
  340.                                 echo "$line ...<br>";
  341.                         }
  342.                 }
  343.  
  344.                 echo str_replace("http://","",$link);
  345.  
  346.                 $size = filesize("data/items/$show_search_items[$increment_search_entries]/body.txt");
  347.                 $size_string = ($size > 512)?(  ($size/1024 > 512)  ?sprintf("%.02f MB",($size/1024)/1024)  :sprintf("%.02f KB",$size/1024))  :sprintf("%d B",$size);
  348.                 echo " - $size_string";
  349.                 echo "</p>";
  350.                 $increment_search_entries = $increment_search_entries + 1;
  351.         }
  352. echo "<p>Click <a href=http://google.com/search?q=$google target=_maj>here</a> to search for <b>$search</b> with Google.<br>Click <a href=index.php>here</a> to go to the index page.</p>";
  353. }
  354. else {
  355.         echo "<p>Search string not found in $count_total_items ";
  356.         if ($count_total_items == 1) {
  357.                 echo "entry";
  358.         }
  359.         if ($count_total_items > 1) {
  360.                 echo "entries";
  361.         }
  362.  
  363.         if ($count_total_comments > 0) {
  364.                 echo " and $count_total_comments ";
  365.  
  366.                 if ($count_total_comments == 1) {
  367.                         echo "comment";
  368.                 }
  369.  
  370.                 if ($count_total_comments > 1) {
  371.                         echo "comments";
  372.                 }
  373.         }
  374.         echo " ($generation_time_item seconds).<br><br>Click <a href=http://google.com/search?q=$google target=_maj>here</a> to search for <b>$search</b> with Google.<br>Click <a href=index.php>here</a> to go to the index page.</p>";
  375. }
  376.  
  377. ?>
  378.  
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
35387 downloads
MAJ 1.0
26 files
14152 downloads
MAJ 0.14
45 files
36716 downloads