Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This commit has been accessed 963 times via Git panel.

commit 26787eab08dbd25b23f74e23ed4249dbb9c9af30
tree 3e012ffca37ae2228be28c1eddc978b2c642c09a
parent 0bc3d939315bf889dd6cf2f96feb1202577924e2
author Engels Antonio <engels@majcms.org> 1307319787 +0800
committer Engels Antonio <engels@majcms.org> 1307319787 +0800

    Add member auto-lockout after multiple failed logins

diff --git a/add.php b/add.php
index fa4ba7a..f20abfe 100644
--- a/add.php
+++ b/add.php
@@ -28,7 +28,7 @@
           }
       }
       
-      if ((file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/category.txt")) and file_exists("data/bb.txt") and !file_exists("data/noadd.txt")) {
+      if ((file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/category.txt")) and file_exists("data/bb.txt") and !file_exists("data/noadd.txt")) {
           $login_username = $_SESSION['logged_in'];
       }
   }
@@ -672,7 +672,7 @@ a:active {
       }
       
       if ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) {
-          if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/bb.txt")) {
+          if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and file_exists("data/bb.txt")) {
               $ml_from_firstname = file_get_contents("data/members/active/{$_SESSION['logged_in']}/firstname.txt");
               $ml_from_lastname = file_get_contents("data/members/active/{$_SESSION['logged_in']}/lastname.txt");
               
@@ -731,11 +731,12 @@ a:active {
       if ($dh_ml_member = opendir("data/members/active")) {
           while (($ml_member = readdir($dh_ml_member)) !== false) {
               if ($ml_member != "." && $ml_member != ".." && fnmatch("*", $ml_member)) {
-                  if (file_exists("data/members/active/$ml_member/noml.txt")) {
+          
+                  if (file_exists("data/members/active/$ml_member/bb-noml.txt")) {
                       continue;
                   }
                   
-                  if (file_exists("data/members/active/$ml_member/vacation.txt")) {
+                  if (file_exists("data/members/active/$ml_member/bb-vacation.txt")) {
                       continue;
                   }
                   
diff --git a/edit.php b/edit.php
index 5bae69a..3b8c413 100644
--- a/edit.php
+++ b/edit.php
@@ -31,7 +31,7 @@
   
   $do = 0;
   
-  if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in']))) {
+  if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in']))) {
       $do = 1;
   }
   
@@ -448,7 +448,7 @@ a:active {
 <p><table border="0" cellspacing="2" cellpadding="0" bgcolor="#ffffff">
 
 <?php
-  if (($_SESSION['logged_in'] == $login_username) or (file_exists("data/members/active/{$_SESSION['logged_in']}/ul.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt"))) {
+  if (($_SESSION['logged_in'] == $login_username) or (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-ul.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt"))) {
 ?>
 
 <input type="hidden" name="max_file_size" value="<?php
diff --git a/index.php b/index.php
index 132c047..c6ca03b 100644
--- a/index.php
+++ b/index.php
@@ -285,7 +285,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry) and isset($_REQUEST['commen
                       
                                                        if ($maj_unread_active_member != "." && $maj_unread_active_member != "..") {
 
-                                                               if ((!file_exists("data/members/active/$maj_unread_active_member/vacation.txt") and !file_exists("data/items/$maj_req_entry/members")) or (!file_exists("data/members/active/$maj_unread_active_member/vacation.txt") and file_exists("data/items/$maj_req_entry/members") and file_exists("data/items/$maj_req_entry/members/$maj_unread_active_member"))) {
+                                                               if ((!file_exists("data/members/active/$maj_unread_active_member/bb-vacation.txt") and !file_exists("data/items/$maj_req_entry/members")) or (!file_exists("data/members/active/$maj_unread_active_member/bb-vacation.txt") and file_exists("data/items/$maj_req_entry/members") and file_exists("data/items/$maj_req_entry/members/$maj_unread_active_member"))) {
                                                                       
                                                                        if (!file_exists("data/members/active/$maj_unread_active_member/comments")) {
                                                                                mkdir("data/members/active/$maj_unread_active_member/comments");
@@ -413,11 +413,11 @@ if (isset($maj_req_entry) and !empty($maj_req_entry) and isset($_REQUEST['commen
                                                while (($maj_ml_member = readdir($maj_dh_ml_member)) !== false) {
                                                        if ($maj_ml_member != "." && $maj_ml_member != "..") {
 
-                                                               if (file_exists("data/members/active/$maj_ml_member/noml.txt")) {
+                                                               if (file_exists("data/members/active/$maj_ml_member/bb-noml.txt")) {
                                                                        continue;
                                                                }
 
-                                                               if (file_exists("data/members/active/$maj_ml_member/vacation.txt")) {
+                                                               if (file_exists("data/members/active/$maj_ml_member/bb-vacation.txt")) {
                                                                        continue;
                                                                }
 
@@ -926,7 +926,7 @@ elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != $maj_login_
                }
        }
 
-       if (!file_exists("data/noadd.txt") and (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/categories/$maj_req_category"))) {
+       if (!file_exists("data/noadd.txt") and (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/categories/$maj_req_category"))) {
                echo '<a class="navlink" href="add.php">Add Entry</a><br>';
        }
 
@@ -2054,7 +2054,7 @@ foreach ($maj_disp as $maj_d) {
 
                readfile("data/items/$maj_d/title.txt");
 
-               if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != $maj_login_username) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/wiki.txt") and (file_exists("data/items/$maj_d/edit.txt") or (file_get_contents("data/items/$maj_d/author.txt") == $_SESSION['logged_in'])) and file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and !file_exists("data/items/$maj_d/passwd.txt") and !file_exists("data/items/$maj_d/lock.txt")) {
+               if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != $maj_login_username) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/wiki.txt") and (file_exists("data/items/$maj_d/edit.txt") or (file_get_contents("data/items/$maj_d/author.txt") == $_SESSION['logged_in'])) and file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and !file_exists("data/items/$maj_d/passwd.txt") and !file_exists("data/items/$maj_d/lock.txt")) {
 
                        if (file_exists("data/items/$maj_d/wiki/delta") and (count(glob("data/items/$maj_d/wiki/delta/*")) > 0)) {
                                echo "<a href=\"wiki.php?entry=$maj_d\">";
diff --git a/login.php b/login.php
index d93e0d3..79ac5e8 100644
--- a/login.php
+++ b/login.php
@@ -105,11 +105,34 @@ a:active {
                        $err_username = "0";
                }
                else {
-                       if (file_exists("data/members/active/$put_username") and file_exists("data/bb.txt") and !file_exists("data/members/active/$put_username/lockout.txt")) {
+                       if (file_exists("data/members/active/$put_username") and file_exists("data/bb.txt") and !file_exists("data/members/active/$put_username/bb-lockout.txt")) {
+
                                $get_password = file_get_contents("data/members/active/$put_username/password.txt");
                                $last_login = "data/members/active/$put_username/bb-last.txt";
                                $logins = "data/members/active/$put_username/bb-logins.txt";
                                $err_username = "0";
+
+                               if (($get_password != $put_password) and (file_exists("data/bb-invalid.txt"))) {
+                              
+                                       $max_invalid = file_get_contents("data/bb-invalid.txt");
+
+                                       if (file_exists("data/members/active/$put_username/bb-invalid.txt")) {
+                                               $count_invalid = file_get_contents("data/members/active/$put_username/bb-invalid.txt");
+                                       }
+                                       else {
+                                               $count_invalid = "0";
+                                       }
+                                      
+                                       $count_invalid = $count_invalid + 1;
+                                      
+                                       $fp_invalid_txt = fopen("data/members/active/$put_username/bb-invalid.txt", "w");
+                                       fwrite($fp_invalid_txt, $count_invalid);
+                                       fclose($fp_invalid_txt);
+                                      
+                                       if ($count_invalid >= $max_invalid) {
+                                               touch("data/members/active/$put_username/bb-lockout.txt");
+                                       }
+                               }
                        }
                }
               
diff --git a/member.php b/member.php
index 7c1be00..96b11a9 100644
--- a/member.php
+++ b/member.php
@@ -173,55 +173,55 @@ if ($id == "all") {
 
        if (isset($_POST['edit']) and !empty($_POST['edit']) and ($_POST['edit'] == "on") and isset($_POST['username']) and !empty($_POST['username']) and file_exists("data/members/active/{$_POST['username']}") and isset($_SESSION['logged_in']) and !empty($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
       
-               if (isset($_POST['rw']) and !empty($_POST['rw']) and ($_POST['rw'] == "on") and !file_exists("data/members/active/{$_POST['username']}/rw.txt")) {
-                       touch("data/members/active/{$_POST['username']}/rw.txt");
+               if (isset($_POST['rw']) and !empty($_POST['rw']) and ($_POST['rw'] == "on") and !file_exists("data/members/active/{$_POST['username']}/bb-rw.txt")) {
+                       touch("data/members/active/{$_POST['username']}/bb-rw.txt");
                }
       
-               if ((!isset($_POST['rw']) or empty($_POST['rw'])) and file_exists("data/members/active/{$_POST['username']}/rw.txt")) {
-                       unlink("data/members/active/{$_POST['username']}/rw.txt");
+               if ((!isset($_POST['rw']) or empty($_POST['rw'])) and file_exists("data/members/active/{$_POST['username']}/bb-rw.txt")) {
+                       unlink("data/members/active/{$_POST['username']}/bb-rw.txt");
                }
       
-               if (isset($_POST['ul']) and !empty($_POST['ul']) and ($_POST['ul'] == "on") and !file_exists("data/members/active/{$_POST['username']}/ul.txt")) {
-                       touch("data/members/active/{$_POST['username']}/ul.txt");
+               if (isset($_POST['ul']) and !empty($_POST['ul']) and ($_POST['ul'] == "on") and !file_exists("data/members/active/{$_POST['username']}/bb-ul.txt")) {
+                       touch("data/members/active/{$_POST['username']}/bb-ul.txt");
                }
       
-               if ((!isset($_POST['ul']) or empty($_POST['ul'])) and file_exists("data/members/active/{$_POST['username']}/ul.txt")) {
-                       unlink("data/members/active/{$_POST['username']}/ul.txt");
+               if ((!isset($_POST['ul']) or empty($_POST['ul'])) and file_exists("data/members/active/{$_POST['username']}/bb-ul.txt")) {
+                       unlink("data/members/active/{$_POST['username']}/bb-ul.txt");
                }
       
-               if (isset($_POST['noml']) and !empty($_POST['noml']) and ($_POST['noml'] == "on") and !file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
-                       touch("data/members/active/{$_POST['username']}/noml.txt");
+               if (isset($_POST['noml']) and !empty($_POST['noml']) and ($_POST['noml'] == "on") and !file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+                       touch("data/members/active/{$_POST['username']}/bb-noml.txt");
                }
       
-               if ((!isset($_POST['noml']) or empty($_POST['noml'])) and file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
-                       unlink("data/members/active/{$_POST['username']}/noml.txt");
+               if ((!isset($_POST['noml']) or empty($_POST['noml'])) and file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+                       unlink("data/members/active/{$_POST['username']}/bb-noml.txt");
                }
       
                if (isset($_POST['lockout']) and !empty($_POST['lockout']) and ($_POST['lockout'] == "on")) {
 
-                       if (!file_exists("data/members/active/{$_POST['username']}/lockout.txt")) {
-                               touch("data/members/active/{$_POST['username']}/lockout.txt");
+                       if (!file_exists("data/members/active/{$_POST['username']}/bb-lockout.txt")) {
+                               touch("data/members/active/{$_POST['username']}/bb-lockout.txt");
                        }
                       
-                       if (file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
-                               touch("data/members/active/{$_POST['username']}/noml2.txt");
+                       if (file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+                               touch("data/members/active/{$_POST['username']}/bb-noml2.txt");
                        }
                       
-                       if (!file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
-                               touch("data/members/active/{$_POST['username']}/noml.txt");
+                       if (!file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+                               touch("data/members/active/{$_POST['username']}/bb-noml.txt");
                        }
                }
       
-               if ((!isset($_POST['lockout']) or empty($_POST['lockout'])) and file_exists("data/members/active/{$_POST['username']}/lockout.txt")) {
+               if ((!isset($_POST['lockout']) or empty($_POST['lockout'])) and file_exists("data/members/active/{$_POST['username']}/bb-lockout.txt")) {
 
-                       unlink("data/members/active/{$_POST['username']}/lockout.txt");
+                       unlink("data/members/active/{$_POST['username']}/bb-lockout.txt");
                       
-                       if (file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
-                               unlink("data/members/active/{$_POST['username']}/noml.txt");
+                       if (file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+                               unlink("data/members/active/{$_POST['username']}/bb-noml.txt");
                        }
 
-                       if (file_exists("data/members/active/{$_POST['username']}/noml2.txt")) {
-                               rename("data/members/active/{$_POST['username']}/noml2.txt","data/members/active/{$_POST['username']}/noml.txt");                      
+                       if (file_exists("data/members/active/{$_POST['username']}/bb-noml2.txt")) {
+                               rename("data/members/active/{$_POST['username']}/bb-noml2.txt","data/members/active/{$_POST['username']}/bb-noml.txt");                
                        }
                }
 
@@ -247,8 +247,8 @@ if ($id == "all") {
                        unlink("data/members/active/{$_POST['username']}/category.txt");
                }
       
-               if (file_exists("data/members/active/{$_POST['username']}/ul.txt") and !file_exists("data/members/active/{$_POST['username']}/rw.txt") and !file_exists("data/members/active/{$_POST['username']}/category.txt")) {
-                       unlink("data/members/active/{$_POST['username']}/ul.txt");
+               if (file_exists("data/members/active/{$_POST['username']}/bb-ul.txt") and !file_exists("data/members/active/{$_POST['username']}/bb-rw.txt") and !file_exists("data/members/active/{$_POST['username']}/category.txt")) {
+                       unlink("data/members/active/{$_POST['username']}/bb-ul.txt");
                }
       
                if (isset($_POST['del']) and !empty($_POST['del']) and ($_POST['del'] == "on")) {
@@ -299,6 +299,31 @@ if (file_exists("data/members/active")) {
 
                foreach ($show_member_list as $member_list_entry) {
 
+                       /* remove the lines below in version 3.0 */
+                       if (file_exists("data/members/active/$member_list_entry/rw.txt")) {
+                               rename("data/members/active/$member_list_entry/rw.txt","data/members/active/$member_list_entry/bb-rw.txt");
+                       }
+                       if (file_exists("data/members/active/$member_list_entry/vacation.txt")) {
+                               rename("data/members/active/$member_list_entry/vacation.txt","data/members/active/$member_list_entry/bb-vacation.txt");
+                       }
+                       if (file_exists("data/members/active/$member_list_entry/ul.txt")) {
+                               rename("data/members/active/$member_list_entry/ul.txt","data/members/active/$member_list_entry/bb-ul.txt");
+                       }
+                       if (file_exists("data/members/active/$member_list_entry/noml.txt")) {
+                               rename("data/members/active/$member_list_entry/noml.txt","data/members/active/$member_list_entry/bb-noml.txt");
+                       }
+                       if (file_exists("data/members/active/$member_list_entry/noml2.txt")) {
+                               rename("data/members/active/$member_list_entry/noml2.txt","data/members/active/$member_list_entry/bb-noml2.txt");
+                       }
+
+                       if (file_exists("data/members/active/$member_list_entry/resetx.txt")) {
+                               rename("data/members/active/$member_list_entry/resetx.txt","data/members/active/$member_list_entry/bb-resetx.txt");
+                       }
+                       if (file_exists("data/members/active/$member_list_entry/resetl.txt")) {
+                               rename("data/members/active/$member_list_entry/resetl.txt","data/members/active/$member_list_entry/bb-resetl.txt");
+                       }
+                       /* remove the lines above in version 3.0 */
+
                        echo "<tr><td bgcolor=#ffffff align=center>";
 
                        $sess_count = 0;
@@ -358,8 +383,8 @@ if (file_exists("data/members/active")) {
                                echo "<td bgcolor=#ffffff align=center><nobr><code>$member_since</code></nobr></td>";
                        }
 
-                       if ((file_get_contents("data/username.txt") == $member_list_entry) and file_exists("data/logins.txt")) {
-                               $logins = file_get_contents("data/logins.txt");
+                       if ((file_get_contents("data/username.txt") == $member_list_entry) and file_exists("data/bb-logins.txt")) {
+                               $logins = file_get_contents("data/bb-logins.txt");
                                echo "<td bgcolor=#ffffff align=right><code>$logins</code></td>";
                        }
                        elseif (file_exists("data/members/active/$member_list_entry") and file_exists("data/members/active/$member_list_entry/bb-logins.txt")) {
@@ -367,7 +392,7 @@ if (file_exists("data/members/active")) {
                                echo "<td bgcolor=#ffffff align=right><code>$logins</code></td>";
                        }
 
-                       if ((file_get_contents("data/username.txt") == $member_list_entry) and !file_exists("data/logins.txt")) {
+                       if ((file_get_contents("data/username.txt") == $member_list_entry) and !file_exists("data/bb-logins.txt")) {
                                echo "<td bgcolor=#ffffff align=right><code>0</code></td>";
                        }
                        elseif (file_exists("data/members/active/$member_list_entry") and !file_exists("data/members/active/$member_list_entry/bb-logins.txt")) {
@@ -439,25 +464,25 @@ if (file_exists("data/members/active")) {
                                        echo "<form action=member.php method=post><input type=hidden name=id value=all><input type=hidden name=edit value=on><input type=hidden name=username value=$member_list_entry>";
                                        echo "<td bgcolor=#ffffff align=center><input type=checkbox name=rw";
 
-                                       if (file_exists("data/members/active/$member_list_entry/rw.txt")) {
+                                       if (file_exists("data/members/active/$member_list_entry/bb-rw.txt")) {
                                                echo " checked";
                                        }
 
                                        echo "></td><td bgcolor=#ffffff align=center><input type=checkbox name=ul";
 
-                                       if (file_exists("data/members/active/$member_list_entry/ul.txt")) {
+                                       if (file_exists("data/members/active/$member_list_entry/bb-ul.txt")) {
                                                echo " checked";
                                        }
 
                                        echo "></td><td bgcolor=#ffffff align=center><input type=checkbox name=noml";
 
-                                       if (file_exists("data/members/active/$member_list_entry/noml.txt")) {
+                                       if (file_exists("data/members/active/$member_list_entry/bb-noml.txt")) {
                                                echo " checked";
                                        }
                                       
                                        echo "></td><td bgcolor=#ffffff align=center><input type=checkbox name=lockout";
 
-                                       if (file_exists("data/members/active/$member_list_entry/lockout.txt")) {
+                                       if (file_exists("data/members/active/$member_list_entry/bb-lockout.txt")) {
                                                echo " checked";
                                        }                                      
 
@@ -804,8 +829,8 @@ elseif (file_exists("data/members/active/$id")) {
        echo "<tr><td width=90>profile views</td><td><code>$views</code></td></tr>";
 }
 
-if ((file_get_contents("data/username.txt") == $id) and file_exists("data/logins.txt")) {
-       $logins = file_get_contents("data/logins.txt");
+if ((file_get_contents("data/username.txt") == $id) and file_exists("data/bb-logins.txt")) {
+       $logins = file_get_contents("data/bb-logins.txt");
        echo "<tr><td width=90>total logins</td><td><code>$logins</code></td></tr>";
 }
 elseif (file_exists("data/members/active/$id") and file_exists("data/members/active/$id/bb-logins.txt")) {
@@ -892,7 +917,7 @@ if ($id == file_get_contents("data/username.txt")) {
 
 if (($id != file_get_contents("data/username.txt")) and file_exists("data/members/active/$id")) {
 
-       if (file_exists("data/members/active/$id/rw.txt")) {
+       if (file_exists("data/members/active/$id/bb-rw.txt")) {
                echo "rw";
        }
        else {
@@ -902,7 +927,7 @@ if (($id != file_get_contents("data/username.txt")) and file_exists("data/member
 
 if (($id != file_get_contents("data/username.txt")) and file_exists("data/members/active/$id")) {
 
-       if (file_exists("data/members/active/$id/ul.txt")) {
+       if (file_exists("data/members/active/$id/bb-ul.txt")) {
                echo " upload";
        }
 }
diff --git a/options.php b/options.php
index df913e8..81a81f5 100644
--- a/options.php
+++ b/options.php
@@ -108,7 +108,7 @@ if (isset($_REQUEST['username']) and !empty($_REQUEST['username']) and isset($_R
 
        if (file_exists("data/members/active/$username") and ($_REQUEST['key'] == file_get_contents("data/members/active/$username/key.txt"))) {
                unlink("data/members/active/$username/key.txt");
-               unlink("data/members/active/$username/vacation.txt");
+               unlink("data/members/active/$username/bb-vacation.txt");
                unlink("data/members/active/$username/email.txt");
                rename("data/members/active/$username/new-email.txt","data/members/active/$username/email.txt");
                echo "<p><font style=\"font-size: 12px;\"><b>Thanks!</b></font></p><p>You have successfully verified your new e-mail address.<br>Click <a href=index.php>here</a> to go to the index page.</p>";
@@ -319,20 +319,20 @@ $max_image_size = 1000000;
        }
 }
 
-if (isset($_POST['vacation']) and !empty($_POST['vacation']) and ($_POST['vacation'] == "on") and !file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) {
-       touch("data/members/active/{$_SESSION['logged_in']}/vacation.txt");
+if (isset($_POST['vacation']) and !empty($_POST['vacation']) and ($_POST['vacation'] == "on") and !file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) {
+       touch("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt");
 }
 
 if (!isset($_POST['vacation']) or empty($_POST['vacation'])) {
        if (isset($_POST['edit']) and ($_POST['edit'] == "on")) {
-               if (file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) {
-                       unlink("data/members/active/{$_SESSION['logged_in']}/vacation.txt");
+               if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) {
+                       unlink("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt");
                }
        }
 }
 
-if (file_exists("data/members/active/{$_SESSION['logged_in']}/key.txt") and !file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) {
-       touch("data/members/active/{$_SESSION['logged_in']}/vacation.txt");
+if (file_exists("data/members/active/{$_SESSION['logged_in']}/key.txt") and !file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) {
+       touch("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt");
 }
 
 
@@ -515,7 +515,7 @@ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-last.txt")) {
 
 <tr><td bgcolor="#ffffff"><p>country</p></td><td bgcolor="#ffffff" colspan="2">
 
-<select class="input" name="country">
+<select class="input" name="country" required>
 <option<?php if (!file_exists("data/members/active/{$_SESSION['logged_in']}/country.txt")) { echo " selected"; } ?> value=""></option>
 <option<?php if (file_get_contents("data/members/active/{$_SESSION['logged_in']}/country.txt") == "AF") { echo " selected"; } ?> value="AF">Afghanistan</option>
 <option<?php if (file_get_contents("data/members/active/{$_SESSION['logged_in']}/country.txt") == "AX") { echo " selected"; } ?> value="AX">Aland (Ahvenanmaa) Islands</option>
@@ -804,7 +804,7 @@ if (file_exists("data/avatar.txt")) {
 if (file_exists("data/avatar.txt") and (file_exists("images/members/{$_SESSION['logged_in']}/avatar.gif") or file_exists("images/members/{$_SESSION['logged_in']}/avatar.jpg") or file_exists("images/members/{$_SESSION['logged_in']}/avatar.png"))) { ?>
 <tr><td bgcolor="#ffffff"><p></p></td><td bgcolor="#ffffff" colspan="2"><p><input type="checkbox" name="del_avatar">delete existing avatar</p></td></tr>
 <?php } if (file_exists("data/ml.txt") and !file_exists("data/members/active/{$_SESSION['logged_in']}/key.txt")) { ?>
-<tr><td bgcolor="#ffffff"><p></p></td><td bgcolor="#ffffff" colspan="2"><p><input type="checkbox" name="vacation" <?php if (file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) { echo checked; } ?>>temporarily disable mailing list subscription</p></td></tr>
+<tr><td bgcolor="#ffffff"><p></p></td><td bgcolor="#ffffff" colspan="2"><p><input type="checkbox" name="vacation" <?php if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) { echo checked; } ?>>temporarily disable mailing list subscription</p></td></tr>
 <?php } ?>
 
 <?php if (!file_exists("data/members/active/{$_SESSION['logged_in']}/bday.txt")) { ?>
diff --git a/reset.php b/reset.php
index 3c247bc..834b189 100644
--- a/reset.php
+++ b/reset.php
@@ -94,10 +94,10 @@ a:active {
 </style>
 
 <form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
-<input required autofocus autocomplete=off class=input type=text name=username>
-<input required autocomplete=off class=input type=email name=addr>
-<input required autocomplete=off class=input type=text name=bday>
-<input class=input type=submit value=reset>
+<input required autofocus autocomplete="off" class="input" type="text" name="username">
+<input required autocomplete="off" class="input" type="email" name="addr">
+<input required autocomplete="off" class="input" type="text" name="bday">
+<input class="input" type="submit" value="reset">
 </form>
 
 <?php
@@ -131,10 +131,9 @@ if (isset($_POST['username']) and !empty($_POST['username']) and isset($_POST['a
        $fp_passwd_txt = fopen("data/members/active/$username/password.txt","w");
        fwrite($fp_passwd_txt,$passwd);
        fclose($fp_passwd_txt);
-
-
-       if (file_exists("data/members/active/$username/resetx.txt")) {
-               $resetx = file_get_contents("data/members/active/$username/resetx.txt");
+      
+       if (file_exists("data/members/active/$username/bb-resetx.txt")) {
+               $resetx = file_get_contents("data/members/active/$username/bb-resetx.txt");
        }
        else {
                $resetx = 0;
@@ -142,12 +141,12 @@ if (isset($_POST['username']) and !empty($_POST['username']) and isset($_POST['a
 
        $resetx = $resetx + 1;
 
-       $fp_resetx_txt = fopen("data/members/active/$username/resetx.txt","w");
+       $fp_resetx_txt = fopen("data/members/active/$username/bb-resetx.txt","w");
        fwrite($fp_resetx_txt,$resetx);
        fclose($fp_resetx_txt);
 
        $resetl = date("Ymd", time() + $offset);
-       $fp_resetl_txt = fopen("data/members/active/$username/resetl.txt","w");
+       $fp_resetl_txt = fopen("data/members/active/$username/bb-resetl.txt","w");
        fwrite($fp_resetl_txt,$resetl);
        fclose($fp_resetl_txt);
 
@@ -184,6 +183,10 @@ if (isset($_POST['username']) and !empty($_POST['username']) and isset($_POST['a
                "Reply-To: $from_email\r\n" .
                "X-Mailer: $mailer");
 
+       if (file_exists("data/members/active/$username/bb-lockout.txt")) {
+               unlink("data/members/active/$username/bb-lockout.txt");
+       }
+
        echo "<p><font style=\"font-size: 12px;\"><b>Password Reset</b></font></p><p>Check your ";
        readfile("data/members/active/$username/email.txt");
        echo " account for your new password.";
diff --git a/settings.php b/settings.php
index d1cb5c7..93ef550 100644
--- a/settings.php
+++ b/settings.php
@@ -701,6 +701,21 @@ if (!isset($_POST['bb_idle']) or empty($_POST['bb_idle']) or !is_numeric($_POST[
        }
 }
 
+if (isset($_POST['bb_invalid']) and !empty($_POST['bb_invalid']) and is_numeric($_POST['bb_invalid']) and ($_POST['bb_invalid'] > 0) and (file_get_contents("data/bb-invalid.txt") != $_POST['bb_invalid'])) {
+       $bb_invalid_write_content = number_format($_POST['bb_invalid'],0,'.','');
+       $fp_bb_invalid_txt = fopen("data/bb-invalid.txt","w");
+       fwrite($fp_bb_invalid_txt,$bb_invalid_write_content);
+       fclose($fp_bb_invalid_txt);
+}
+
+if (!isset($_POST['bb_invalid']) or empty($_POST['bb_invalid']) or !is_numeric($_POST['bb_invalid']) or ($_POST['bb_invalid'] <= 0)) {
+       if (isset($_POST['edit']) and ($_POST['edit'] == "on")) {
+               if (file_exists("data/bb-invalid.txt")) {
+                       unlink("data/bb-invalid.txt");
+               }
+       }
+}
+
 if (isset($_POST['bb_reserved']) and !empty($_POST['bb_reserved']) and (file_get_contents("data/bb-reserved.txt") != $_POST['bb_reserved'])) {
        $bb_reserved_write_content = strtolower($_POST['bb_reserved']);
        $bb_reserved_write_content = trim($bb_reserved_write_content);
@@ -1529,6 +1544,13 @@ if (file_exists("data/bb-idle.txt")) {
 }
 ?>></td></tr>
 
+<tr><td>maximum invalid logins</td><td><input class="input" autocomplete="off" type="text" name="bb_invalid" <?php
+if (file_exists("data/bb-invalid.txt")) {
+       echo "value=";
+       readfile("data/bb-invalid.txt");
+}
+?>></td></tr>
+
 <tr><td>reserved usernames</td><td><textarea class="input" name="bb_reserved"><?php if (file_exists("data/bb-reserved.txt")) { readfile("data/bb-reserved.txt"); } ?></textarea></td></tr>
 
 <tr><td>banned email addresses</td><td><textarea class="input" name="bb_banned"><?php if (file_exists("data/bb-banned.txt")) { readfile("data/bb-banned.txt"); } ?></textarea></td></tr>
diff --git a/wiki.php b/wiki.php
index 6eb0369..63c4056 100644
--- a/wiki.php
+++ b/wiki.php
@@ -21,7 +21,7 @@
                exit();
        }
        $do = 0;
-       if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in'])))
+       if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in'])))
        {
                $do = 1;
        }
 
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
33087 downloads
MAJ 1.0
26 files
13170 downloads
MAJ 0.14
45 files
35071 downloads