Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This commit has been accessed 940 times via Git panel.

commit 238981c4cf0923dee796dd97222cb6d520335955
tree b67b08fd915f2be2b8bb085da7f26200478b4421
parent 5a09e5df8f30e8a78bcf8d4662cd89fed2afed6c
author Engels Antonio <engels@majcms.org> 1277314213 +0800
committer Engels Antonio <engels@majcms.org> 1277314213 +0800

    maj-2.0-201006030907.zip

diff --git a/index.php b/index.php
index ddfd129..b25291d 100644
--- a/index.php
+++ b/index.php
@@ -616,6 +616,15 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                        fwrite($maj_fp_email_txt,$maj_email);
                        fclose($maj_fp_email_txt);
 
+                       if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt")) and !file_exists("data/email.txt")) {
+                               $maj_fp_email_root = fopen("data/email.txt","w");
+                               $maj_email_root = strtolower($_POST['email']);
+                               $maj_email_root = trim($maj_email_root);
+                               $maj_email_root = htmlentities($maj_email_root,ENT_NOQUOTES);
+                               fwrite($maj_fp_email_root,$maj_email_root);
+                               fclose($maj_fp_email_root);
+                       }
+
                        if (isset($_POST['url']) and !empty($_POST['url']) and (ereg("\.",$_POST['url']))) {
                                $maj_fp_url_txt = fopen("data/items/$maj_req_entry/comments/pending/$maj_comment_entry_dir/url.txt","w");
                                $maj_url = str_replace("http://","",$_POST['url']);
@@ -4596,19 +4605,10 @@ foreach ($maj_disp as $maj_d) {
                                echo " to add your comment.";
 
                                if ((!isset($_SESSION['logged_in']) and !file_exists("data/xscreen.txt")) or (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")))) {
-                                       echo " Note that it will not be posted immediately, but will be ";
-                      
-                                       if (file_exists("data/email.txt")) {
-                                               echo "e-mailed";
-                                       }
-                                       else {
-                                               echo "sent";
-                                       }
-      
-                                       echo " to me first.";
+                                       echo " Please wait for your comment to be approved and posted.";
 
                                        if (!isset($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and !file_exists("data/members/active/{$_SESSION['logged_in']}"))) {
-                                               echo " Comments with bogus contact information will be discarded.";
+                                               echo " Comments with bogus contact information or spam will be discarded.";
                                        }
                                }
                                echo "</p>";
diff --git a/login.php b/login.php
index bacfc15..cb891e4 100644
--- a/login.php
+++ b/login.php
@@ -1,26 +1,35 @@
 <?php
        session_start();
+
        header("Cache-control: private");
+
        error_reporting(E_ERROR);
-       if (get_magic_quotes_gpc())
-               {
-               function stripslashes_array($data)
-               {
-                       if (is_array($data))
-                               {
-                               foreach ($data as $key => $value)
-                               {
+
+       if (get_magic_quotes_gpc()) {
+
+               function stripslashes_array($data) {
+
+                       if (is_array($data)) {
+
+                               foreach ($data as $key => $value) {
                                        $data[$key] = stripslashes_array($value);
                                }
                                return $data;
                        }
-                       else
-                               {
+                       else {
                                return stripslashes($data);
                        }
                }
                $_POST = stripslashes_array($_POST);
        }
+
+       if (isset($_POST['go']) and ($_POST['go'] == "index")) {
+               header("Location: .");
+       }
+
+       if (isset($_POST['go']) and ($_POST['go'] == "reset")) {
+               header("Location: reset.php");
+       }
 ?>
 
 <title>Login</title>
@@ -32,10 +41,10 @@ body {
        margin: 10px;
        padding: 0px;
        text-align: left;
+       font-size: 11px;
        font-family:
 <?php
-       if (file_exists("data/fonts/body.txt"))
-       {
+       if (file_exists("data/fonts/body.txt")) {
                $font_body = file_get_contents("data/fonts/body.txt");
                echo "{$font_body},";
        }
@@ -69,11 +78,10 @@ a:active {
        color: #666666;
        background: #ffffff;
        border: #999999 solid 1px;
-       width: 125px;
+       width: 250px;
        font-family:
 <?php
-       if (file_exists("data/fonts/input.txt"))
-       {
+       if (file_exists("data/fonts/input.txt")) {
                $font_input = file_get_contents("data/fonts/input.txt");
                echo "{$font_input},";
        }
@@ -85,82 +93,96 @@ a:active {
 </style>
 
 <?php
-       if (!isset($_POST['username']) or empty($_POST['username']) or !isset($_POST['password']) or empty($_POST['password']))
-               {
+       if (!isset($_POST['username']) or empty($_POST['username']) or !isset($_POST['password']) or empty($_POST['password'])) {
                $_SESSION = array();
                session_destroy();
        }
-       else
-               {
+       else {
                $put_username = trim($_POST['username']);
+
                /* Fun with crypt! */
                $put_password = sha1($_POST['password']);
                $put_password = md5($put_password);
                $put_password = crypt($put_password, $put_password);
-               if ($put_username == file_get_contents("data/username.txt"))
-                       {
+
+               $err_username = "1";
+               $err_password = "1";
+
+               if ($put_username == file_get_contents("data/username.txt")) {
                        $get_password = file_get_contents("data/password.txt");
                        $last_login = "data/lastlog.txt";
                        $logins = "data/logins.txt";
+                       $err_username = "0";
                }
-               else
-                       {
-                       if (file_exists("data/members/active/$put_username") and file_exists("data/bb.txt"))
-                               {
+               else {
+                       if (file_exists("data/members/active/$put_username") and file_exists("data/bb.txt")) {
                                $get_password = file_get_contents("data/members/active/$put_username/password.txt");
                                $last_login = "data/members/active/$put_username/bb-last.txt";
                                $logins = "data/members/active/$put_username/bb-logins.txt";
+                               $err_username = "0";
                        }
                }
-               if ($get_password == $put_password)
-                       {
+              
+               if ($get_password == $put_password) {
+
                        $_SESSION['logged_in'] = $_POST['username'];
                        $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
                        $_SESSION['maj_server'] = sha1($_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']));
+
                        $lastlog = date("YmdHis", time() + $offset);
+
                        $fp_lastlog_txt = fopen($last_login, "w");
                        fwrite($fp_lastlog_txt, $lastlog);
                        fclose($fp_lastlog_txt);
-                       if (file_exists("data/bb.txt") and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")))
-                               {
+
+                       if (file_exists("data/bb.txt") and ($_SESSION['logged_in'] != file_get_contents("data/username.txt"))) {
                                $fp_latest_login_txt = fopen("data/bb-last.txt", "w");
                                fwrite($fp_latest_login_txt, $_SESSION['logged_in']);
                                fclose($fp_latest_login_txt);
                        }
+
                        $login_count = file_get_contents($logins);
                        $login_count = $login_count + 1;
+
                        $login_count_file = fopen($logins, "w");
                        fwrite($login_count_file, $login_count);
                        fclose($login_count_file);
+
+                       $err_password = "0";
+
                        header("Location: index.php");
                }
-               else
-                       {
+               else {
                        $_SESSION = array();
                        session_destroy();
                }
        }
 ?>
 
-<form enctype="multipart/form-data" action="login.php" method="post">
 <table border="0" cellspacing="1" cellpadding="2">
-<tr>
-<td><input class="input" type="text" name="username"<?php if (!file_exists("data/autocomplete.txt")) { echo " autocomplete=\"off\""; } ?>></td>
-<td><input autocomplete="off" class="input" type="password" name="password"<?php if (!file_exists("data/autocomplete.txt")) { echo " autocomplete=\"off\""; } ?>></td>
-<td><input class="input" type="submit" value="login"></td>
-</tr>
 
-<tr>
-<td colspan="3">Enter your login credentials above or click <a href="index.php">here</a> to go to the index page.
+<form enctype="multipart/form-data" action="login.php" method="post">
 
-<?php
-       if (!file_exists("data/lite.txt") and file_exists("data/reset.txt"))
-               {
-               echo "<br>Click <a href=\"reset.php\">here</a> if you forgot your password.";
-       }
-?>
+<tr><td>Username</td><td><input class="input" type="text" maxlength="30" name="username"<?php if (!file_exists("data/autocomplete.txt")) { echo " autocomplete=\"off\""; } if ($err_username == "0") { echo " value=\"{$_POST['username']}\""; } ?>></td><?php if ($err_username == "0") { echo "<td><img src=\"images/widget.ok.png\" border=\"0\" width=\"14\" height=\"14\"></td><td>The username you entered is correct.</td>"; } if ($err_username == "1") { echo "<td><img src=\"images/widget.x.png\" border=\"0\" width=\"14\" height=\"14\"></td><td>The username you entered is invalid.</td>"; } ?></tr>
+
+<tr><td>Password</td><td><input autocomplete="off" class="input" type="password" maxlength="128" name="password"<?php if (!file_exists("data/autocomplete.txt")) { echo " autocomplete=\"off\""; } ?>></td><?php if ($err_password == "1") { echo "<td><img src=\"images/widget.x.png\" border=\"0\" width=\"14\" height=\"14\"></td><td>The password you entered is invalid.</td>"; } ?></tr>
+
+<tr><td></td><td><input class="input" type="submit" value="click here to login"></td></tr>
 
-</td>
-</tr>
-</table>
 </form>
+
+<form enctype="multipart/form-data" action="login.php" method="post">
+<input type="hidden" name="go" value="index">
+<tr><td></td><td><input class="input" type="submit" value="click here to go to the index page"></td></tr>
+</form>
+
+<?php if (!file_exists("data/lite.txt") and file_exists("data/reset.txt")) { ?>
+
+<form enctype="multipart/form-data" action="login.php" method="post">
+<input type="hidden" name="go" value="reset">
+<tr><td></td><td><input class="input" type="submit" value="click here to reset your password"></td></tr>
+</form>
+
+<?php } ?>
+
+</table>
diff --git a/reg.php b/reg.php
index be845a0..dd87a41 100644
--- a/reg.php
+++ b/reg.php
@@ -25,6 +25,10 @@ if (get_magic_quotes_gpc()) {
        $_REQUEST = stripslashes_array($_REQUEST);
 }
 
+if (isset($_POST['go']) and ($_POST['go'] == "index")) {
+       header("Location: .");
+}
+
 if (file_exists("data/offset.txt")) {
        $offset = file_get_contents("data/offset.txt");
 }
@@ -498,7 +502,7 @@ if (file_exists("data/bb-disclaimer.txt")) {
 <tr><td width=100><p>Last Name</p></td><td colspan=3><input class=input type=text autocomplete=off name=lastname maxlength=30></td></tr>
 <tr><td width=100><p>E-mail Address</p></td><td colspan=3><input class=input type=text autocomplete=off name=email maxlength=60></td></tr>
 <tr><td width=100><p>Birthdate</p></td><td><input class=bd type=text autocomplete=off name=bd_year maxlength=4 value=<?php echo date("Y", time() + $offset); ?>></td><td><input class=bd type=text autocomplete=off name=bd_month maxlength=2 value=<?php echo date("m", time() + $offset); ?>></td><td><input class=bd type=text autocomplete=off name=bd_day maxlength=2 value=<?php echo date("d", time() + $offset); ?>></td></tr>
-<tr><td width=100><p>Website</p></td><td colspan=3><input class=input type=text autocomplete=off name=url maxlength=300></td></tr>
+<tr><td width=100><p>Website (optional)</p></td><td colspan=3><input class=input type=text autocomplete=off name=url maxlength=300></td></tr>
 
 <tr><td width=100><p>Country</p></td><td colspan=3>
 
@@ -756,6 +760,6 @@ if (file_exists("data/bb-disclaimer.txt")) {
 <tr><td width=100><p>Registration Code</p></td><td colspan=3><input class=input type=text autocomplete=off name=captcha_put maxlength=7></td></tr>
 <tr><td><p></p></td><td colspan=3><input class=input type=submit value="click here to submit your registration"></td></tr>
 </form>
-<form enctype="multipart/form-data" action="<?php echo 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); ?>" method="post">
-<tr><td><p></p></td><td colspan=3><input class=input type=submit value="click here to go to the index page"></td></tr>
+<form enctype="multipart/form-data" method="post">
+<tr><td><p></p></td><td colspan=3><input type="hidden" name="go" value="index"><input class=input type=submit value="click here to go to the index page"></td></tr>
 </for
diff --git a/rel.txt b/rel.txt
index 81b916d..01bd233 100644
--- a/rel.txt
+++ b/rel.txt
@@ -1 +1 @@
-201006030700
+201006030907
 
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
33012 downloads
MAJ 1.0
26 files
13143 downloads
MAJ 0.14
45 files
35025 downloads