Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This commit has been accessed 934 times via Git panel.

commit 84cde9b2215fb7a6d5aa167df08665dbdb6a3bc5
tree 4129ab88c85fa6d7374e9b392eada15087fad230
parent d64ede449500ec053aa4dbcea1c0526aeb3c922c
author Engels Antonio <engels@majcms.org> 1277314197 +0800
committer Engels Antonio <engels@majcms.org> 1277314197 +0800

    maj-0.14-20080521-bb.zip

diff --git a/index.php b/index.php
index 4d8511d..5d563e5 100644
--- a/index.php
+++ b/index.php
@@ -121,45 +121,43 @@ if (@ereg("Google", $agent)) {
        fclose($google_hits_file);
 }
 
-function str_rand($length = 8, $seeds = 'abcdefghijklmnopqrstuvwxyz0123456789')
-{
-    $str = '';
-    $seeds_count = strlen($seeds);
+function str_rand($length = 8, $seeds = 'abcdefghijklmnopqrstuvwxyz0123456789') {
+       $str = '';
+       $seeds_count = strlen($seeds);
 
-    list($usec, $sec) = explode(' ', microtime());
-    $seed = (float) $sec + ((float) $usec * 100000);
-    mt_srand($seed);
+       list($usec, $sec) = explode(' ', microtime());
+       $seed = (float) $sec + ((float) $usec * 100000);
+       mt_srand($seed);
 
-    for ($i = 0; $length > $i; $i++) {
-        $str .= $seeds{mt_rand(0, $seeds_count - 1)};
-    }
-
-    return $str;
+       for ($i = 0; $length > $i; $i++) {
+               $str .= $seeds{mt_rand(0, $seeds_count - 1)};
+       }
+       return $str;
 }
 
-function rmdirr($recurse_dirname)
-{
+function rmdirr($recurse_dirname) {
+
+       if (!file_exists($recurse_dirname)) {
+               return false;
+       }
 
-    if (!file_exists($recurse_dirname)) {
-        return false;
-    }
+       if (is_file($recurse_dirname)) {
+               return unlink($recurse_dirname);
+       }
 
-    if (is_file($recurse_dirname)) {
-        return unlink($recurse_dirname);
-    }
+       $recurse_dir = dir($recurse_dirname);
 
-    $recurse_dir = dir($recurse_dirname);
-    while (false !== $recurse_entry = $recurse_dir->read()) {
+       while (false !== $recurse_entry = $recurse_dir->read()) {
 
-        if ($recurse_entry == '.' || $recurse_entry == '..') {
-            continue;
-        }
+               if ($recurse_entry == '.' || $recurse_entry == '..') {
+                       continue;
+               }
 
-        rmdirr("$recurse_dirname/$recurse_entry");
-    }
+               rmdirr("$recurse_dirname/$recurse_entry");
+       }
 
-    $recurse_dir->close();
-    return rmdir($recurse_dirname);
+       $recurse_dir->close();
+       return rmdir($recurse_dirname);
 }
 
 if (isset($_REQUEST['download']) and !empty($_REQUEST['download'])) {
@@ -177,6 +175,7 @@ function go_download($dl_file) {
                $count_path = "data/items/$d/pdf/count";
                $count_file = "dl.txt";
        }
+
        if (isset($_REQUEST['type']) and !empty($_REQUEST['type']) and ($_REQUEST['type'] == filedrop)) {
                $dl_path = "data/items/$d/filedrop/files";
                $count_path = "data/items/$d/filedrop/count";
@@ -214,14 +213,17 @@ function go_download($dl_file) {
 }
 
 if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry']) and isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQUEST['key']) and !empty($_REQUEST['key']) and isset($_REQUEST['action']) and !empty($_REQUEST['action'])) {
-               $comment_dir = 'data/items/' . $_REQUEST['entry'] .'/comments/pending/' . $_REQUEST['comment'];
-               $key_file = $comment_dir . '/key.txt';
+
+               $comment_dir = "data/items/{$_REQUEST['entry']}/comments/pending/{$_REQUEST['comment']}";
+               $key_file = "$comment_dir/key.txt";
                $open_key_file = fopen($key_file,"r");
                $login_key = fread($open_key_file,filesize($key_file));
                fclose($open_key_file);
 
                if ($_REQUEST['key'] == $login_key) {
+
                        if ($_REQUEST['action'] == "approve") {
+
                                $live_dir = "data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}";
                                rename($comment_dir, $live_dir);
                                unlink("$live_dir/key.txt");
@@ -345,13 +347,16 @@ if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry']) and isset($_REQUEST
                                }
 
                        }
+
                        if ($_REQUEST['action'] == "delete") {
                                rmdirr($comment_dir);
                        }
+
                        $pending_comment_flag_dir = $_REQUEST['entry'];
                        $fp_comment_count_txt = fopen("data/comments/pending/$pending_comment_flag_dir/count.txt","r");
                        $comment_count_value = fread($fp_comment_count_txt,filesize("data/comments/pending/$pending_comment_flag_dir/count.txt"));
                        fclose($fp_comment_count_txt);
+
                        if ($comment_count_value <= 1) {
                                rmdirr("data/comments/pending/$pending_comment_flag_dir");
                        }
@@ -365,20 +370,21 @@ if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry']) and isset($_REQUEST
                                fclose($fp_comment_count_txt);
                        }
 
-                       header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?entry=' . $_REQUEST['entry'] . '&show=comments');
+                       header("Location: http://{$_SERVER['HTTP_HOST']}" . dirname($_SERVER['PHP_SELF']) . "/index.php?entry={$_REQUEST['entry']}&show=comments");
                }
 }
 
 if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry'])) {
-       $check = $dir . '/' . $_REQUEST['entry'];
+       $check = "$dir/{$_REQUEST['entry']}";
 
        if (file_exists("$check")) {
                $filter = $_REQUEST['entry'];
                echo '<title>';
-               $title = $check . '/title.txt';
+               $title = "$check/title.txt";
                readfile($title);
                echo '</title>';
-               $views = $check . '/views.txt';
+               $views = "$check/views.txt";
+
                if ((!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username))) {
                        $fp_views = fopen($views, "r");
                        $count_views = fread($fp_views, filesize($views));
@@ -577,6 +583,46 @@ else {
        }
 }
 
+// start: auto-approve comments without rewriting "comment approval system" (20080521)
+
+if (file_exists("data/comments/pending") and file_exists("data/xscreen.txt")) {
+
+       if ($dh_xscreen_list = opendir("data/comments/pending")) {
+
+               while (($entry_xscreen = readdir($dh_xscreen_list)) !== false) {
+
+                       if ($entry_xscreen != "." && $entry_xscreen != "..") {
+                               $show_xscreen_list[] = $entry_xscreen;
+                       }
+               }
+               closedir($dh_xscreen_list);
+       }
+
+       rsort($show_xscreen_list);
+       reset($show_xscreen_list);
+
+       if (count($show_xscreen_list) > 0) {
+
+               foreach ($show_xscreen_list as $xscreen_dir) {
+
+                       if ($dh_xscreen_pending = opendir("data/items/$xscreen_dir/comments/pending")) {
+
+                               while (($xscreen_entry = readdir($dh_xscreen_pending)) !== false) {
+                                      
+                                       if ($xscreen_entry != "." && $xscreen_entry != "..") {
+
+                                               $xscreen_key = file_get_contents("data/items/$xscreen_dir/comments/pending/$xscreen_entry/key.txt");
+                                               header("Location: http://{$_SERVER['HTTP_HOST']}" . dirname($_SERVER['PHP_SELF']) . "/index.php?entry={$xscreen_dir}&comment={$xscreen_entry}&key={$xscreen_key}&action=approve");
+                                       }
+                               }
+                       }
+               }
+
+       }
+}
+
+// end: auto-approve comments without rewriting "comment approval system" (20080521)
+
 ?>
 
 <?php
@@ -661,6 +707,7 @@ body {
                                        echo "#ffffff";
                                }
        ?>;
+
        <?php
        if (file_exists("images/background.gif") and !file_exists("images/background.jpg") and !file_exists("images/background.png")) { ?>
                background-image: url('images/background.gif');
@@ -1353,7 +1400,9 @@ else {
 
 <?php
 if (file_exists("data/sticky")) {
+
        if ($dh_sticky_list = opendir("data/sticky")) {
+
                while (($entry_sticky_list = readdir($dh_sticky_list)) !== false) {
 
                        if (file_exists("data/items/$entry_sticky_list/private.txt") and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username))) {
@@ -2233,7 +2282,7 @@ foreach ($disp as $d) {
        }
        echo ';">';
 
-if (!file_exists("data/nocomment.txt")) {
+if (!file_exists("data/nocomment.txt") or (file_exists("data/memcomment.txt") and isset($_SESSION['logged_in']))) {
 
        if (!file_exists("$dir/$d/comments/live")) {
                echo '<a href=' . $_SERVER['PHP_SELF'] . '?entry=' . $d . '&show=comments>add comment</a>';
@@ -2416,7 +2465,7 @@ else {
                }
        }
 
-       if (!file_exists("data/nocomment.txt")) {
+       if (!file_exists("data/nocomment.txt") or (file_exists("data/memcomment.txt") and isset($_SESSION['logged_in']))) {
                echo '| <a href=' . $_SERVER['PHP_SELF'] . '?entry=' . $d . '>permalink</a></font>';
        }
 
@@ -2834,7 +2883,7 @@ if (file_exists("data/panels")) {
                echo '</td></tr></table>';
        }
 
-       if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry']) and isset($_REQUEST['show']) and !empty($_REQUEST['show']) and ($_REQUEST['show'] == comments) and !file_exists("data/nocomment.txt")) {
+       if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry']) and isset($_REQUEST['show']) and !empty($_REQUEST['show']) and ($_REQUEST['show'] == comments) and (!file_exists("data/nocomment.txt") or (file_exists("data/memcomment.txt") and isset($_SESSION['logged_in'])))) {
 
                if (file_exists("$dir/$d/passwd.txt") and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username)) and (!isset($_REQUEST['passwd']) or ($crypt_passwd != $passwd))) {
                }
@@ -3109,7 +3158,7 @@ if (file_exists("data/panels")) {
                        echo '</td></tr></table>';
                }
 
-if (!file_exists("data/nocomment.txt")) {
+if (!file_exists("data/nocomment.txt") or (file_exists("data/memcomment.txt") and isset($_SESSION['logged_in']))) {
 
                echo '<p><table border=0 cellspacing=0 cellpadding=0 width=';
 
@@ -3730,15 +3779,20 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
 
                echo 'Pending Comments</div>';
                echo '<div id=panel_body>';
+
                if ($dh_list_pending_comment_flags = opendir("data/comments/pending")) {
+
                        while (($entry_list_pending_comment_flags = readdir($dh_list_pending_comment_flags)) !== false) {
+
                                if ($entry_list_pending_comment_flags != "." && $entry_list_pending_comment_flags != ".." && fnmatch("*", $entry_list_pending_comment_flags)) {
+
                                        echo '<a href=' . $_SERVER['PHP_SELF'] . '?entry=' .$entry_list_pending_comment_flags . '&show=comments>';
                                        readfile("data/items/$entry_list_pending_comment_flags/title.txt");
                                        echo '</a><br><font style="font-size: 10px; color: #999999;">';
                                        $fp_comment_count_txt = fopen("data/comments/pending/$entry_list_pending_comment_flags/count.txt","r");
                                        $comment_count_value = fread($fp_comment_count_txt,filesize("data/comments/pending/$entry_list_pending_comment_flags/count.txt"));
                                        fclose($fp_comment_count_txt);
+
                                        if ($comment_count_value == 1) {
                                                echo ' ( ' . $comment_count_value . ' comment ) ';
                                        }
diff --git a/settings.php b/settings.php
index 7565bc5..f14a182 100644
--- a/settings.php
+++ b/settings.php
@@ -129,6 +129,18 @@ if (!isset($_POST['nocomment']) or empty($_POST['nocomment'])) {
        }
 }
 
+if (isset($_POST['memcomment']) and !empty($_POST['memcomment']) and ($_POST['memcomment'] == "on") and !file_exists("data/memcomment.txt")) {
+       touch("data/memcomment.txt");
+}
+
+if (!isset($_POST['memcomment']) or empty($_POST['memcomment'])) {
+       if (isset($_POST['edit']) and ($_POST['edit'] == "on")) {
+               if (file_exists("data/memcomment.txt")) {
+                       unlink("data/memcomment.txt");
+               }
+       }
+}
+
 if (isset($_POST['nak']) and !empty($_POST['nak']) and ($_POST['nak'] == "on") and !file_exists("data/nak.txt")) {
        touch("data/nak.txt");
 }
@@ -141,6 +153,33 @@ if (!isset($_POST['nak']) or empty($_POST['nak'])) {
        }
 }
 
+if (isset($_POST['xscreen']) and !empty($_POST['xscreen']) and ($_POST['xscreen'] == "on") and !file_exists("data/xscreen.txt")) {
+       touch("data/xscreen.txt");
+}
+
+if (!isset($_POST['xscreen']) or empty($_POST['xscreen'])) {
+       if (isset($_POST['edit']) and ($_POST['edit'] == "on")) {
+               if (file_exists("data/xscreen.txt")) {
+                       unlink("data/xscreen.txt");
+               }
+       }
+}
+
+if (file_exists("data/nocomment.txt") and !file_exists("data/memcomment.txt")) {
+
+       if (file_exists("data/nak.txt")) {
+               unlink("data/nak.txt");
+       }
+
+       if (file_exists("data/xscreen.txt")) {
+               unlink("data/xscreen.txt");
+       }
+}
+
+if (!file_exists("data/nocomment.txt") and file_exists("data/memcomment.txt")) {
+       unlink("data/memcomment.txt");
+}
+
 if (isset($_POST['nopdf']) and !empty($_POST['nopdf']) and ($_POST['nopdf'] == "on") and !file_exists("data/nopdf.txt")) {
        touch("data/nopdf.txt");
 }
@@ -1002,16 +1041,18 @@ a:active {
 <tr><td><p>ping on content change</p></td><td><input autocomplete=off class=input type=text name=ping value="<?php readfile("data/ping.txt"); ?>"></td></tr>
 <tr><td rowspan=<?php
        if (file_exists("data/email.txt")) {
-               echo "11";
+               echo "13";
        }
        else {
-               echo "10";
+               echo "12";
        }
 ?>
 ><p>toggles</p></td><td><p><input type=checkbox name=nocomment <?php if (file_exists("data/nocomment.txt")) { echo checked; } ?>> Do not allow visitors to post comments.</p></td></tr>
+<tr><td><p><input type=checkbox name=memcomment <?php if (file_exists("data/memcomment.txt")) { echo checked; } ?>> Do not prevent members from posting comments.</p></td></tr>
 <?php if (file_exists("data/email.txt")) { ?>
 <tr><td><p><input type=checkbox name=nak <?php if (file_exists("data/nak.txt")) { echo checked; } ?>> Do not acknowledge comment submissions via e-mail.</p></td></tr>
 <?php } ?>
+<tr><td><p><input type=checkbox name=xscreen <?php if (file_exists("data/xscreen.txt")) { echo checked; } ?>> Do not screen comments. Automatically approve them.</p></td></tr>
 <tr><td><p><input type=checkbox name=nopdf <?php if (file_exists("data/nopdf.txt")) { echo checked; } ?>> Do not allow PDF generation for all entries.</p></td></tr>
 <tr><td><p><input type=checkbox name=xrecent <?php if (file_exists("data/xrecent.txt")) { echo checked; } ?>> Do not show recent entries panel to guests.</p></td></tr>
 <tr><td><p><input type=checkbox name=xrand <?php if (file_exists("data/xrand.txt")) { echo checked; } ?>> Do not show random entries panel.</p></td></tr>
 
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
32977 downloads
MAJ 1.0
26 files
13132 downloads
MAJ 0.14
45 files
35010 downloads