Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This blob has been accessed 820 times via Git panel.

  1. <?php
  2.  
  3.   header("Cache-control: private");
  4.  
  5.   error_reporting(E_ERROR);
  6.  
  7.   require("core.php");
  8.  
  9.   if (isset($_SESSION['logged_in']) and ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])) {
  10.       header("Location: login.php");
  11.   }
  12.  
  13.   if (isset($_POST['title_input']) and isset($_POST['body_input']) and !empty($_POST['title_input']) and !empty($_POST['body_input'])) {
  14.       header("Location: index.php");
  15.   }
  16.  
  17.   if ($_SESSION['logged_in'] == file_get_contents("data/username.txt")) {
  18.       $login_username = file_get_contents("data/username.txt");
  19.   }
  20.  
  21.   if ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) {
  22.       if (file_exists("data/members/active/{$_SESSION['logged_in']}/category.txt")) {
  23.           $bb_cat = file_get_contents("data/members/active/{$_SESSION['logged_in']}/category.txt");
  24.          
  25.           if (!file_exists("data/categories/$bb_cat") or ($bb_cat == "")) {
  26.               unlink("data/members/active/{$_SESSION['logged_in']}/category.txt");
  27.           }
  28.       }
  29.      
  30.       if ((file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/category.txt")) and file_exists("data/bb.txt") and !file_exists("data/noadd.txt")) {
  31.           $login_username = $_SESSION['logged_in'];
  32.       }
  33.   }
  34.  
  35.   if (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username)) {
  36.       exit();
  37.   }
  38. ?>
  39.  
  40. <title>Add</title>
  41.  
  42. <style>
  43.  
  44. body {
  45.   color: #666666;
  46.   margin: 10px;
  47.   padding: 0px;
  48.   text-align: left;
  49.   font-family: <?php
  50.   if (file_exists("data/fonts/body.txt")) {
  51.       $font_body = file_get_contents("data/fonts/body.txt");
  52.       echo "$font_body,";
  53.   }
  54. ?> arial, helvetica, sans-serif;
  55.   background-color: #FFFFFF;
  56. }
  57.  
  58. p, td {
  59.   font-size: 11px;
  60. }
  61.  
  62. a {
  63.   font-weight: bold;
  64.   text-decoration: none;
  65. }
  66.  
  67. a:link, a:visited {
  68.   color: #666666;
  69. }
  70.  
  71. a:hover {
  72.   color: #336699;
  73. }
  74.  
  75. a:active {
  76.   color: #336699;
  77. }
  78.  
  79. .input_title {  
  80.   color: #666666;
  81.   background: #ffffff;
  82.   border: #999999 solid 1px;
  83.   width: 512px;
  84.   font-family: <?php
  85.   if (file_exists("data/fonts/panel-title.txt")) {
  86.       $font_panel_title = file_get_contents("data/fonts/panel-title.txt");
  87.       echo "$font_panel_title,";
  88.   }
  89. ?> arial, helvetica, sans-serif;
  90.   font-size: 11px;
  91.   font-weight: bold
  92. }
  93.  
  94. .input_body {  
  95.   color: #666666;
  96.   background: #ffffff;
  97.   border: #999999 solid 1px;
  98.   width: 512px;
  99.   font-family: <?php
  100.   if (file_exists("data/fonts/panel-body.txt")) {
  101.       $font_panel_body = file_get_contents("data/fonts/panel-body.txt");
  102.       echo "$font_panel_body,";
  103.   }
  104. ?> arial, helvetica, sans-serif;
  105.   font-size: 11px
  106. }
  107.  
  108. </style>
  109.  
  110. <?php
  111.   if (file_exists("data/offset.txt")) {
  112.       $offset = file_get_contents("data/offset.txt");
  113.   } else {
  114.       $offset = 0;
  115.   }
  116.  
  117.   $entry_year = date("Y", time() + $offset);
  118.   $entry_month = date("m", time() + $offset);
  119.   $entry_day = date("d", time() + $offset);
  120.   $entry_hour = date("H", time() + $offset);
  121.   $entry_min = date("i", time() + $offset);
  122.   $entry_sec = date("s", time() + $offset);
  123.  
  124.   $server_upload_max_filesize = return_bytes(ini_get('upload_max_filesize'));
  125.   $server_post_max_size = return_bytes(ini_get('post_max_size'));
  126.   $server_memory_limit = return_bytes(ini_get('memory_limit'));
  127.  
  128.   $max_file_size = $server_upload_max_filesize;
  129.  
  130.   if ($server_upload_max_filesize > $server_post_max_size) {
  131.       $max_file_size = $server_post_max_size;
  132.   }
  133.  
  134.   if ($server_post_max_size > $server_memory_limit) {
  135.       $max_file_size = $server_memory_limit;
  136.   }
  137. ?>
  138.  
  139. <form enctype="multipart/form-data" action="add.php" method="post">
  140. <p>
  141.  
  142. <?php
  143.   if ($_SESSION['logged_in'] != file_get_contents("data/username.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/members/active/{$_SESSION['logged_in']}/ul.txt")) {
  144. ?>
  145.  
  146. <p><input type="hidden" name="MAX_FILE_SIZE" value="<?php
  147.       echo $max_file_size;
  148. ?>">
  149. <input autocomplete="off" type="file" name="image_input"> Upload optional GIF, JPG, or PNG entry image.</p>
  150.  
  151. <p><input type="hidden" name="MAX_FILE_SIZE" value="<?php
  152.       echo $max_file_size;
  153. ?>">
  154. <input autocomplete="off" type="file" name="file_input"> Upload optional file. Max size supported by server is <?php
  155.       echo($max_file_size / (1024 * 1024));
  156. ?>MB.</p>
  157.  
  158. <?php
  159.   }
  160. ?>
  161.  
  162.  
  163. <?php
  164.   if ($_SESSION['logged_in'] == file_get_contents("data/username.txt")) {
  165. ?>
  166.  
  167. <select name="select_year">
  168. <option selected>
  169. <option><?php
  170.       echo $entry_year;
  171. ?>
  172. <option><?php
  173.       $ante_year_1 = $entry_year - 1;
  174.       echo $ante_year_1;
  175. ?>
  176. <option><?php
  177.       $ante_year_2 = $entry_year - 2;
  178.       echo $ante_year_2;
  179. ?>
  180. <option><?php
  181.       $ante_year_3 = $entry_year - 3;
  182.       echo $ante_year_3;
  183. ?>
  184. <option><?php
  185.       $ante_year_4 = $entry_year - 4;
  186.       echo $ante_year_4;
  187. ?>
  188. <option><?php
  189.       $ante_year_5 = $entry_year - 5;
  190.       echo $ante_year_5;
  191. ?>
  192. <option><?php
  193.       $ante_year_6 = $entry_year - 6;
  194.       echo $ante_year_6;
  195. ?>
  196. <option><?php
  197.       $ante_year_7 = $entry_year - 7;
  198.       echo $ante_year_7;
  199. ?>
  200. <option><?php
  201.       $ante_year_8 = $entry_year - 8;
  202.       echo $ante_year_8;
  203. ?>
  204. <option><?php
  205.       $ante_year_9 = $entry_year - 9;
  206.       echo $ante_year_9;
  207. ?>
  208. <option><?php
  209.       $ante_year_10 = $entry_year - 10;
  210.       echo $ante_year_10;
  211. ?>
  212. </select>
  213.  
  214. <select name="select_month">
  215. <option selected>
  216. <option><?php
  217.       echo $entry_month;
  218. ?>
  219. <option>01
  220. <option>02
  221. <option>03
  222. <option>04
  223. <option>05
  224. <option>06
  225. <option>07
  226. <option>08
  227. <option>09
  228. <option>10
  229. <option>11
  230. <option>12
  231. </select>
  232.  
  233. <select name="select_day">
  234. <option selected>
  235. <option><?php
  236.       echo $entry_day;
  237. ?>
  238. <option>01
  239. <option>02
  240. <option>03
  241. <option>04
  242. <option>05
  243. <option>06
  244. <option>07
  245. <option>08
  246. <option>09
  247. <option>10
  248. <option>11
  249. <option>12
  250. <option>13
  251. <option>14
  252. <option>15
  253. <option>16
  254. <option>17
  255. <option>18
  256. <option>19
  257. <option>20
  258. <option>21
  259. <option>22
  260. <option>23
  261. <option>24
  262. <option>25
  263. <option>26
  264. <option>27
  265. <option>28
  266. <option>29
  267. <option>30
  268. <option>31
  269. </select>
  270.  
  271. <select name="select_hour">
  272. <option selected>
  273. <option><?php
  274.       echo $entry_hour;
  275. ?>
  276. <option>00
  277. <option>01
  278. <option>02
  279. <option>03
  280. <option>04
  281. <option>05
  282. <option>06
  283. <option>07
  284. <option>08
  285. <option>09
  286. <option>10
  287. <option>11
  288. <option>12
  289. <option>13
  290. <option>14
  291. <option>15
  292. <option>16
  293. <option>17
  294. <option>18
  295. <option>19
  296. <option>20
  297. <option>21
  298. <option>22
  299. <option>23
  300. </select>
  301.  
  302. <select name="select_min">
  303. <option selected>
  304. <option><?php
  305.       echo $entry_min;
  306. ?>
  307. <option>00
  308. <option>01
  309. <option>02
  310. <option>03
  311. <option>04
  312. <option>05
  313. <option>06
  314. <option>07
  315. <option>08
  316. <option>09
  317. <option>10
  318. <option>11
  319. <option>12
  320. <option>13
  321. <option>14
  322. <option>15
  323. <option>16
  324. <option>17
  325. <option>18
  326. <option>19
  327. <option>20
  328. <option>21
  329. <option>22
  330. <option>23
  331. <option>24
  332. <option>25
  333. <option>26
  334. <option>27
  335. <option>28
  336. <option>29
  337. <option>30
  338. <option>31
  339. <option>32
  340. <option>33
  341. <option>34
  342. <option>35
  343. <option>36
  344. <option>37
  345. <option>38
  346. <option>39
  347. <option>40
  348. <option>41
  349. <option>42
  350. <option>43
  351. <option>44
  352. <option>45
  353. <option>46
  354. <option>47
  355. <option>48
  356. <option>49
  357. <option>50
  358. <option>51
  359. <option>52
  360. <option>53
  361. <option>54
  362. <option>55
  363. <option>56
  364. <option>57
  365. <option>58
  366. <option>59
  367. </select>   Enter antedate value in YYYY-MM-DD-HH-MM format.</p>
  368.  
  369. <p><input type="hidden" name="MAX_FILE_SIZE" value="<?php
  370.       echo $max_file_size;
  371. ?>">
  372. <input autocomplete="off" type="file" name="image_input"> Upload optional GIF, JPG, or PNG entry image.</p>
  373.  
  374. <p><input type="hidden" name="MAX_FILE_SIZE" value="<?php
  375.       echo $max_file_size;
  376. ?>">
  377. <input autocomplete="off" type="file" name="file_input"> Upload optional file. Max size supported by server is <?php
  378.       echo($max_file_size / (1024 * 1024));
  379. ?>MB.</p>
  380. <p><input autocomplete="off" type="password" name="passwd"> Enter optional password.</p>
  381.  
  382. <?php
  383.       if (file_exists("data/categories")) {
  384.           if ($dh_cat = opendir("data/categories")) {
  385.               while (($entry_cat = readdir($dh_cat)) !== false) {
  386.                   if ($entry_cat != "." && $entry_cat != ".." && fnmatch("*", $entry_cat)) {
  387.                       $show_cat[] = $entry_cat;
  388.                   }
  389.               }
  390.               closedir($dh_cat);
  391.           }
  392.          
  393.           sort($show_cat);
  394.           reset($show_cat);
  395.           $count_cat = count($show_cat);
  396.          
  397.           if ($count_cat > 0) {
  398.               echo "<p><select name=\"category\"><option value=\"\" selected>unfiled";
  399.              
  400.               foreach ($show_cat as $category) {
  401.                   echo "<option value=\"";
  402.                   echo strtolower($category);
  403.                   echo "\">";
  404.                  
  405.                   if (file_exists("data/categories/$category/title.txt")) {
  406.                       readfile("data/categories/$category/title.txt");
  407.                   } else {
  408.                       echo strtolower($category);
  409.                   }
  410.               }
  411.              
  412.               echo "</select> Select category.</p>";
  413.           }
  414.       }
  415. ?>
  416.  
  417. <p><input type="checkbox" name="sticky">Put entry title in Quick Links box.<br>
  418. <input type="checkbox" name="pdf">Allow PDF generation for this entry.<br>
  419. <input type="checkbox" name="display">Always display. If this is not a private entry, it will be displayed even if its category is hidden or isolated.<br>
  420. <input type="checkbox" name="private" <?php
  421.       if (file_exists("data/ml.txt")) {
  422.           echo checked;
  423.       }
  424. ?>>Private entry. This entry will unconditionally be invisible to visitors<?php
  425.       if (file_exists("data/ml.txt")) {
  426.           echo " and to the mailing list";
  427.       }
  428. ?>, even if always display is set.
  429.  
  430. <?php
  431.       if (file_exists("data/bb.txt")) {
  432. ?>
  433. <br>
  434. <input type="checkbox" name="member" <?php
  435.           if (file_exists("data/member.txt")) {
  436.               echo checked;
  437.           }
  438. ?>>Only registered members can view this entry.
  439.  
  440. <?php
  441.       }
  442. ?>
  443.  
  444. </p>
  445.  
  446. <?php
  447.   }
  448. ?>
  449.  
  450. <table border="0" cellspacing="0" cellpadding="0"><tr><td>
  451.  
  452. <table border="0" cellspacing="2" cellpadding="0">
  453. <tr><td><input autocomplete="off" class="input_title" type="text" name="title_input"></td></tr>
  454. <tr><td><textarea class="input_body" name="body_input" rows="15"></textarea></td></tr>
  455. <tr><td><input class="input_body" type="submit" value="click here to post this new entry"></td></tr>
  456. </form>
  457.  
  458. <form enctype="multipart/form-data" action="index.php" method="post">
  459. <tr><td><input class=input_body type=submit value="click here to go to the index page"></td></tr>
  460. </form>
  461. </table>
  462.  
  463. </td><td width="10"></td><td>
  464.  
  465. <table border="0" cellspacing="1" cellpadding="2">
  466. <tr><td><img src="images/smileys/crying.png" border="0"></td><td><p>:((</p></td><td ><p>crying</p></td></tr>
  467. <tr><td><img src="images/smileys/frown.png" border="0"></td><td><p>:(</p></td><td><p>frown</p></td></tr>
  468. <tr><td><img src="images/smileys/indifferent.png" border="0"></td><td><p>:|</p></td><td><p>indifferent</p></td></tr>
  469. <tr><td><img src="images/smileys/laughing.png" border="0"></td><td><p>:D</p></td><td><p>laughing</p></td></tr>
  470. <tr><td><img src="images/smileys/lick.png" border="0"></td><td><p>:P</p></td><td><p>lick</p></td></tr>
  471. <tr><td><img src="images/smileys/ohno.png" border="0"></td><td><p>:O</p></td><td><p>oh no!</p></td></tr>
  472. <tr><td><img src="images/smileys/smile.png" border="0"></td><td><p>:)</p></td><td><p>smile</p></td></tr>
  473. <tr><td><img src="images/smileys/surprised.png" border="0"></td><td><p>=)</p></td><td><p>surprised</p></td></tr>
  474. <tr><td><img src="images/smileys/undecided.png" border="0"></td><td><p>:\</p></td><td><p>undecided</p></td></tr>
  475. <tr><td><img src="images/smileys/wink.png" border="0"></td><td><p>;)</p></td><td><p>wink</p></td></tr>
  476. </td></tr>
  477. </table>
  478.  
  479. </td></tr></table>
  480.  
  481. <?php
  482.   if (!isset($_POST['title_input']) or !isset($_POST['body_input']) or empty($_POST['title_input']) or empty($_POST['body_input'])) {
  483.       exit();
  484.   }
  485.  
  486.   if (!isset($_POST['select_year']) or !isset($_POST['select_month']) or !isset($_POST['select_day']) or !isset($_POST['select_hour']) or !isset($_POST['select_min']) or empty($_POST['select_year']) or empty($_POST['select_month']) or empty($_POST['select_day']) or empty($_POST['select_hour']) or empty($_POST['select_min'])) {
  487.       $entry = date("YmdHis", time() + $offset);
  488.       $timestamp = date("l, M j, Y, g:i A", time() + $offset);
  489.   } else {
  490.       $entry = $_POST['select_year'] . $_POST['select_month'] . $_POST['select_day'] . $_POST['select_hour'] . $_POST['select_min'] . $entry_sec;
  491.       $timestamp = date("l, M j, Y, g:i A", mktime($_POST['select_hour'], $_POST['select_min'], $entry_sec, $_POST['select_month'], $_POST['select_day'], $_POST['select_year']));
  492.   }
  493.  
  494.   if (!file_exists("data/items")) {
  495.       mkdir("data/items");
  496.   }
  497.  
  498.   $dir = "data/items/";
  499.   $item_dir = $dir . $entry;
  500.  
  501.   if (!file_exists("images")) {
  502.       mkdir("images");
  503.   }
  504.  
  505.   $image_dir = 'images/' . $entry;
  506.   $file_dir = $item_dir . '/filedrop';
  507.  
  508.   mkdir($item_dir);
  509.  
  510.   $title_write_content = format_title_put($_POST['title_input']);
  511.   $body_write_content = format_body_put($_POST['body_input']);
  512.  
  513.   $title_file = $item_dir . '/title.txt';
  514.   $fp_title_txt = fopen($title_file, "w");
  515.   fwrite($fp_title_txt, $title_write_content);
  516.   fclose($fp_title_txt);
  517.  
  518.   $author_file = $item_dir . '/author.txt';
  519.   $fp_author_txt = fopen($author_file, "w");
  520.   fwrite($fp_author_txt, $_SESSION['logged_in']);
  521.   fclose($fp_author_txt);
  522.  
  523.   if (file_get_contents("data/username.txt") == $_SESSION['logged_in']) {
  524.       $post_file = "data/lastpost.txt";
  525.   } elseif (file_exists("data/members/active/{$_SESSION['logged_in']}")) {
  526.       $post_file = "data/members/active/{$_SESSION['logged_in']}/bb-post.txt";
  527.   }
  528.  
  529.   $fp_post_txt = fopen($post_file, "w");
  530.   fwrite($fp_post_txt, $entry);
  531.   fclose($fp_post_txt);
  532.  
  533.   $date_file = $item_dir . '/date.txt';
  534.   $fp_date_txt = fopen($date_file, "w");
  535.   fwrite($fp_date_txt, $timestamp);
  536.   fclose($fp_date_txt);
  537.  
  538.   if (isset($_FILES['image_input']) and !empty($_FILES['image_input'])) {
  539.       if (is_uploaded_file($_FILES['image_input']['tmp_name'])) {
  540.           if ($_FILES['image_input']['size'] <= $max_file_size) {
  541.               if (($_FILES['image_input']['type'] == "image/gif") || ($_FILES['image_input']['type'] == "image/pjpeg") || ($_FILES['image_input']['type'] == "image/jpeg") || ($_FILES['image_input']['type'] == "image/png")) {
  542.                   if (!file_exists($image_dir)) {
  543.                       mkdir($image_dir);
  544.                   }
  545.                  
  546.                   $image_input_name = str_replace(" ", "_", $_FILES['image_input']['name']);
  547.                  
  548.                   if (!file_exists("$image_dir/$image_input_name")) {
  549.                       $res = copy($_FILES['image_input']['tmp_name'], "$image_dir/$image_input_name");
  550.                       unlink($_FILES['image_input']['tmp_name']);
  551.                   } else {
  552.                       unlink($_FILES['image_input']['tmp_name']);
  553.                   }
  554.               } else {
  555.                   unlink($_FILES['image_input']['tmp_name']);
  556.               }
  557.           } else {
  558.               unlink($_FILES['image_input']['tmp_name']);
  559.           }
  560.       } else {
  561.           unlink($_FILES['image_input']['tmp_name']);
  562.       }
  563.   }
  564.  
  565.   if (isset($_FILES['file_input']) and !empty($_FILES['file_input'])) {
  566.       if (is_uploaded_file($_FILES['file_input']['tmp_name'])) {
  567.           if ($_FILES['file_input']['size'] <= $max_file_size) {
  568.               $filedrop_dir = "$item_dir/filedrop";
  569.              
  570.               if (!file_exists($filedrop_dir)) {
  571.                   mkdir($filedrop_dir);
  572.               }
  573.              
  574.               $file_dir = "$filedrop_dir/files";
  575.              
  576.               if (!file_exists($file_dir)) {
  577.                   mkdir($file_dir);
  578.               }
  579.              
  580.               $file_input_name = str_replace(" ", "_", $_FILES['file_input']['name']);
  581.              
  582.               if (!file_exists("$file_dir/$file_input_name")) {
  583.                   $res = copy($_FILES['file_input']['tmp_name'], "$file_dir/$file_input_name");
  584.                   unlink($_FILES['file_input']['tmp_name']);
  585.                  
  586.                  
  587.                   $fp_file_txt = fopen("$filedrop_dir/{$file_input_name}.txt", "w");
  588.                   fwrite($fp_file_txt, "$file_dir/$file_input_name");
  589.                   fclose($fp_file_txt);
  590.               } else {
  591.                   unlink($_FILES['file_input']['tmp_name']);
  592.               }
  593.           } else {
  594.               unlink($_FILES['file_input']['tmp_name']);
  595.           }
  596.       } else {
  597.           unlink($_FILES['file_input']['tmp_name']);
  598.       }
  599.   }
  600.  
  601.  
  602.   $body_file = "$item_dir/body.txt";
  603.  
  604.   $fp_body_txt = fopen($body_file, "w");
  605.  
  606.   if (isset($_FILES['image_input']) and !empty($_FILES['image_input'])) {
  607.       if (file_exists("$image_dir/$image_input_name")) {
  608.           $entry_image_size = getimagesize("$image_dir/$image_input_name");
  609.           $entry_image_width = $entry_image_size[0];
  610.           $entry_image_height = $entry_image_size[1];
  611.          
  612.           $max_entry_image_width = 513;
  613.          
  614.           if ($entry_image_width > $max_entry_image_width) {
  615.               $sizefactor = (double)($max_entry_image_width / $entry_image_width);
  616.               $entry_image_width = (int)($entry_image_width * $sizefactor);
  617.               $entry_image_height = (int)($entry_image_height * $sizefactor);
  618.           }
  619.          
  620.           $body_write_content = "<img src=\"$image_dir/$image_input_name\" border=\"0\" width=\"$entry_image_width\" height=\"$entry_image_height\"><br>$body_write_content";
  621.       }
  622.   }
  623.  
  624.   fwrite($fp_body_txt, $body_write_content);
  625.   fclose($fp_body_txt);
  626.  
  627.   $sticky_sem = "data/sticky/$entry";
  628.  
  629.   if (isset($_POST['sticky']) and !empty($_POST['sticky']) and ($_POST['sticky'] == "on")) {
  630.       if (!file_exists("data/sticky")) {
  631.           mkdir("data/sticky");
  632.       }
  633.       if (!file_exists($sticky_sem)) {
  634.           touch($sticky_sem);
  635.       }
  636.   }
  637.  
  638.   $display_sem = "data/items/$entry/cat.txt";
  639.   if (isset($_POST['display']) and !empty($_POST['display']) and ($_POST['display'] == "on")) {
  640.       if (!file_exists($display_sem)) {
  641.           touch($display_sem);
  642.       }
  643.   }
  644.  
  645.   $private_sem = "data/items/$entry/private.txt";
  646.   if (isset($_POST['private']) and !empty($_POST['private']) and ($_POST['private'] == "on")) {
  647.       if (!file_exists($private_sem)) {
  648.           touch($private_sem);
  649.       }
  650.   }
  651.  
  652.   if (file_exists("data/bb.txt") and file_exists("data/member.txt") and (($_SESSION['logged_in'] != file_get_contents("data/username.txt")) or (isset($_POST['member']) and !empty($_POST['member']) and ($_POST['member'] == "on")))) {
  653.       touch("data/items/$entry/member.txt");
  654.   }
  655.  
  656.   if (file_exists("data/members/active") and file_exists("data/ml.txt") and file_exists("data/email.txt") and !file_exists($private_sem)) {
  657.       if (file_exists("data/ml-reply2.txt")) {
  658.           $ml_reply2 = file_get_contents("data/ml-reply2.txt");
  659.       }
  660.      
  661.       if ($_SESSION['logged_in'] == file_get_contents("data/username.txt")) {
  662.           $ml_author = file_get_contents("data/author.txt");
  663.          
  664.           if (file_exists("data/ml-from.txt")) {
  665.               $ml_from = $ml_reply2;
  666.           } else {
  667.               $ml_from = file_get_contents("data/email.txt");
  668.           }
  669.          
  670.           $ml_from = '"' . $ml_author . '" <' . $ml_from . '>';
  671.       }
  672.      
  673.       if ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) {
  674.           if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/bb.txt")) {
  675.               $ml_from_firstname = file_get_contents("data/members/active/{$_SESSION['logged_in']}/firstname.txt");
  676.               $ml_from_lastname = file_get_contents("data/members/active/{$_SESSION['logged_in']}/lastname.txt");
  677.              
  678.               if (file_exists("data/ml-from.txt")) {
  679.                   $ml_from = $ml_reply2;
  680.               } else {
  681.                   $ml_from = file_get_contents("data/members/active/{$_SESSION['logged_in']}/email.txt");
  682.               }
  683.              
  684.               $ml_from = '"' . "$ml_from_firstname $ml_from_lastname" . '" <' . $ml_from . '>';
  685.           }
  686.       }
  687.      
  688.       $ml_subject = ucfirst($_POST['title_input']);
  689.       if (file_exists("data/ml-prepend.txt")) {
  690.           $ml_subject = file_get_contents("data/ml-prepend.txt") . " " . $ml_subject;
  691.       }
  692.      
  693.       $ml_mailer = 'MAJ/0.14 (PHP/' . phpversion() . ')';
  694.       $ml_body = ucfirst($_POST['body_input']);
  695.       $ml_body = str_replace('<br />', "\n", $ml_body);
  696.       $ml_body = str_replace('<img src="images/smileys/crying.png" border="0">', ':((', $ml_body);
  697.       $ml_body = str_replace('<img src="images/smileys/frown.png" border="0">', ':(', $ml_body);
  698.       $ml_body = str_replace('<img src="images/smileys/indifferent.png" border="0">', ':|', $ml_body);
  699.       $ml_body = str_replace('<img src="images/smileys/laughing.png" border="0">', ':D', $ml_body);
  700.       $ml_body = str_replace('<img src="images/smileys/lick.png" border="0">', ':P', $ml_body);
  701.       $ml_body = str_replace('<img src="images/smileys/ohno.png" border="0">', ':O', $ml_body);
  702.       $ml_body = str_replace('<img src="images/smileys/smile.png" border="0">', ':)', $ml_body);
  703.       $ml_body = str_replace('<img src="images/smileys/surprised.png" border="0">', '=)', $ml_body);
  704.       $ml_body = str_replace('<img src="images/smileys/undecided.png" border="0">', ':\\', $ml_body);
  705.       $ml_body = str_replace('<img src="images/smileys/wink.png" border="0">', ';)', $ml_body);
  706.       $ml_body = str_replace('&amp;', '&', $ml_body);
  707.       $ml_body = str_replace('&reg;', '(R)', $ml_body);
  708.       $ml_body = strip_tags($ml_body);
  709.      
  710.       if (file_exists("data/ml-header.txt")) {
  711.           $ml_header = file_get_contents("data/ml-header.txt");
  712.           $ml_body = $ml_header . "\n\n" . $ml_body;
  713.       }
  714.      
  715.       $ml_url = $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/";
  716.       $ml_url = str_replace('//', '/', $ml_url);
  717.       $ml_url = "http://" . $ml_url . "index.php?entry={$entry}&show=comments";
  718.      
  719.       $ml_body = $ml_body . "\n\nPlease visit the following URL for the online version of this message:\n\n" . $ml_url;
  720.      
  721.       if (file_exists("data/items/$entry/member.txt")) {
  722.           $ml_body = $ml_body . "\n\nYou need to login first to view the entry or to add a comment.";
  723.       }
  724.      
  725.       if (file_exists("data/ml-footer.txt")) {
  726.           $ml_footer = file_get_contents("data/ml-footer.txt");
  727.           $ml_body = $ml_body . "\n\n" . $ml_footer;
  728.       }
  729.      
  730.       if ($dh_ml_member = opendir("data/members/active")) {
  731.           while (($ml_member = readdir($dh_ml_member)) !== false) {
  732.               if ($ml_member != "." && $ml_member != ".." && fnmatch("*", $ml_member)) {
  733.                   if (file_exists("data/members/active/$ml_member/noml.txt")) {
  734.                       continue;
  735.                   }
  736.                  
  737.                   if (file_exists("data/members/active/$ml_member/vacation.txt")) {
  738.                       continue;
  739.                   }
  740.                  
  741.                   $ml_to_firstname = file_get_contents("data/members/active/$ml_member/firstname.txt");
  742.                   $ml_to_lastname = file_get_contents("data/members/active/$ml_member/lastname.txt");
  743.                   $ml_to = file_get_contents("data/members/active/$ml_member/email.txt");
  744.                   $ml_to = '"' . "$ml_to_firstname $ml_to_lastname" . '" <' . $ml_to . '>';
  745.                  
  746.                   if (file_exists("data/ml-reply2.txt")) {
  747.                       mail($ml_to, $ml_subject, $ml_body, "From: $ml_from\r\n" . "Reply-To: $ml_reply2\r\n" . "References: $entry\r\n" . "X-Mailer: $ml_mailer");
  748.                   } else {
  749.                       mail($ml_to, $ml_subject, $ml_body, "From: $ml_from\r\n" . "References: $entry\r\n" . "X-Mailer: $ml_mailer");
  750.                   }
  751.               }
  752.           }
  753.           closedir($dh_ml_member);
  754.       }
  755.   }
  756.  
  757.   if (isset($_POST['pdf']) and !empty($_POST['pdf']) and ($_POST['pdf'] == "on")) {
  758.       if (!file_exists("data/items/$entry/pdf")) {
  759.           mkdir("data/items/$entry/pdf");
  760.       }
  761.       if (!file_exists("data/items/$entry/pdf/file")) {
  762.           mkdir("data/items/$entry/pdf/file");
  763.       }
  764.       if (!file_exists("data/items/$entry/pdf/count")) {
  765.           mkdir("data/items/$entry/pdf/count");
  766.       }
  767.      
  768.       $author_file = "data/author.txt";
  769.       $title_file = "data/items/$entry/title.txt";
  770.       $date_file = "data/items/$entry/date.txt";
  771.       $body_file = "data/items/$entry/body.txt";
  772.      
  773.       $author = file_get_contents($author_file);
  774.       $title = file_get_contents($title_file);
  775.       $date = file_get_contents($date_file);
  776.      
  777.       $link = "<a href=\"http://{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}?entry=$entry\">http://{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}?entry=$entry</a>";
  778.       $link = str_replace("pdf.php?entry=", "index.php?entry=", $link);
  779.       $link = str_replace("add.php?entry=", "index.php?entry=", $link);
  780.      
  781.       $body = file_get_contents($body_file);
  782.       $body = str_replace("\n", "<br />", $body);
  783.      
  784.       $html = "<br><i>by $author</i><br><br>$date<br><br>Canonical Source<br>$link<br><br><br>$body";
  785.      
  786.       $filename = strtolower($title);
  787.       $filename = strtolower($_SERVER['SERVER_NAME']) . "-" . $entry . "-" . $filename . ".pdf";
  788.       $filename = str_replace(" ", "-", $filename);
  789.       $filename = "data/items/$entry/pdf/file/$filename";
  790.      
  791.       $pdf = new PDF();
  792.       $pdf->AddPage();
  793.       $pdf->SetTitle($title);
  794.       $pdf->SetAuthor($author);
  795.       $pdf->SetFont('Helvetica', 'B', 14);
  796.       $pdf->WriteHTML($title);
  797.       $pdf->SetFont('Helvetica', '', 10);
  798.       $pdf->WriteHTML($html);
  799.       $pdf->Output($filename);
  800.   }
  801.  
  802.   if (isset($_POST['category']) and !empty($_POST['category']) and file_exists("data/categories/{$_POST['category']}")) {
  803.       if (!file_exists("data/items/$entry/categories")) {
  804.           mkdir("data/items/$entry/categories");
  805.       }
  806.      
  807.       if (!file_exists("data/items/$entry/categories/{$_POST['category']}")) {
  808.           mkdir("data/items/$entry/categories/{$_POST['category']}");
  809.       }
  810.   }
  811.  
  812.  
  813.   if (file_exists("data/members/active/{$_SESSION['logged_in']}/category.txt") and file_exists("data/bb.txt")) {
  814.       $bb_cat = file_get_contents("data/members/active/{$_SESSION['logged_in']}/category.txt");
  815.      
  816.       if (file_exists("data/categories/$bb_cat")) {
  817.           if (!file_exists("data/items/$entry/categories")) {
  818.               mkdir("data/items/$entry/categories");
  819.           }
  820.          
  821.           if (!file_exists("data/items/$entry/categories/$bb_cat")) {
  822.               mkdir("data/items/$entry/categories/$bb_cat");
  823.           }
  824.       }
  825.   }
  826.  
  827.   if (isset($_POST['passwd']) and !empty($_POST['passwd'])) {
  828.       if (($_POST['passwd'] == "password") or empty($_POST['passwd'])) {
  829.           unlink("data/items/$entry/passwd.txt");
  830.       } else {
  831.           $passwd_crypt = sha1($_POST['passwd']);
  832.           $passwd_crypt = md5($passwd_crypt);
  833.           $passwd_crypt = crypt($passwd_crypt, $passwd_crypt);
  834.          
  835.           $fp_passwd_txt = fopen("data/items/$entry/passwd.txt", "w");
  836.           fwrite($fp_passwd_txt, $passwd_crypt);
  837.           fclose($fp_passwd_txt);
  838.       }
  839.   }
  840.  
  841.   if (file_exists("data/ping.txt")) {
  842.       $ping_urls = file_get_contents("data/ping.txt");
  843.      
  844.       $get_ping_urls = explode("|", $ping_urls);
  845.      
  846.       foreach ($get_ping_urls as $ping_url) {
  847.           $ping = file_get_contents($ping_url);
  848.           unset($ping);
  849.       }
  850.   }
  851. ?>
  852.  
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
33449 downloads
MAJ 1.0
26 files
13526 downloads
MAJ 0.14
45 files
35642 downloads