Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This commit has been accessed 914 times via Git panel.

commit 8ddffabab9d446808955ab63e9c643c4032a19bf
tree 183270bed3f0aef7d22792edc177e9bcd06814d4
parent 9256d60951f9080e60c929e10506c155714b2032
author Engels Antonio <engels@majcms.org> 1277314199 +0800
committer Engels Antonio <engels@majcms.org> 1277314199 +0800

    maj-0.14-20080705-bb.zip

diff --git a/images/oops.png b/images/oops.png
new file mode 100755
index 0000000..93cb64a
Binary files /dev/null and b/images/oops.png differ
diff --git a/images/pdf.png b/images/pdf.png
index e542731..7c40208 100644
Binary files a/images/pdf.png and b/images/pdf.png differ
diff --git a/index.php b/index.php
index f024a95..74d626d 100644
--- a/index.php
+++ b/index.php
@@ -480,8 +480,7 @@ if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry'])) {
                fclose($fp_lastname_txt);
 
                $fp_email_txt = fopen("$check/comments/pending/$comment_entry_dir/email.txt","w");
-               $email = str_replace("@"," at ",$_POST['email']);
-               $email = strtolower($email);
+               $email = strtolower($_POST['email']);
                $email = trim($email);
                $email = htmlentities($email, ENT_NOQUOTES);
                fwrite($fp_email_txt,$email);
@@ -678,8 +677,10 @@ if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry']) and file_exists("da
                                $description = substr($description,0,210);
                                $description = htmlentities($description, ENT_NOQUOTES);
 
-                                               if (file_exists("data/pf.txt") and file_exists("data/pf-badwords.txt") and (!isset($_SESSION['logged_in']) or empty($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt"))))) {
+                               if (file_exists("data/pf.txt") and file_exists("data/pf-badwords.txt") and (!isset($_SESSION['logged_in']) or empty($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt"))))) {
+
                                        $badwords = file_get_contents("data/pf-badwords.txt");
+
                                        if (file_exists("data/pf-censor.txt")) {
                                                $censor = file_get_contents("data/pf-censor.txt");
                                        }
@@ -1958,7 +1959,8 @@ if (count($items) == 0) {
                echo '<div id=panel_title>';
        }
 
-       echo 'Oops!</div><div id=panel_body>';
+       echo "Oops!</div><div id=panel_body><table border=0 cellspacing=0 cellpadding=4><tr>";
+       echo "<td valign=middle><img src=images/oops.png width=36 height=36 border=0></td><td valign=middle>";
 
        if ((count($grand) == 0) and (count($_GET) == 0)) {
                echo "No entries found. Perhaps this is a fresh install.";
@@ -1968,11 +1970,11 @@ if (count($items) == 0) {
                        echo "The entry you are looking for does not exist or is off limits to you.";
                }
                else {
-                       echo "Login required. Entries are off limits until you do.";
+                       echo "Login required. Entries are off limits without proper credentials.";
                }
        }
 
-       echo '</div>';
+       echo '</td></tr></table></div>';
 
        if (file_exists("data/round.txt")) {
                echo '<b class="rbbottom"><b class="rb4b"></b><b class="rb3b"></b><b class="rb2b"></b><b class="rb1b"></b></b>';
@@ -2932,7 +2934,7 @@ if (file_exists("data/panels")) {
                                        if ($dl_file != "." && $dl_file != ".." && fnmatch("*", $dl_file)) {
                                                echo '<table border=0 cellspacing=0 cellpadding=4><tr><td>';
                                                echo '<a href=' . $_SERVER['PHP_SELF'] . '?entry=' . $d . '&download=' . $dl_file. '&type=pdf>';
-                                               echo '<img src=images/pdf.png width=48 height=48 border=0 alt="download file"></a></td>';
+                                               echo '<img src=images/pdf.png width=36 height=36 border=0 alt="download file"></a></td>';
                                                echo '<td><p><b>';
                                                echo $dl_file;
                                                echo'</b><br>';
@@ -3243,208 +3245,184 @@ if (file_exists("data/panels")) {
                        echo '</td></tr></table>';
                }
 
-if (!file_exists("data/nocomment.txt") or (file_exists("data/memcomment.txt") and isset($_SESSION['logged_in']))) {
-
-               echo '<p><table border=0 cellspacing=0 cellpadding=0 width=';
+               if (!file_exists("data/nocomment.txt") or (file_exists("data/memcomment.txt") and isset($_SESSION['logged_in']))) {
 
-               if (file_exists("data/bb.txt") and file_exists("data/avatar.txt")) {
-                       echo "610";
-               }
-               else {
-                       echo "525";
-               }
-
-               echo '><tr><td>';
-               echo '<p><font style="font-size: 12px;"><b>Add Comment</b></font></p>';
-
-               if (file_exists("$dir/$d/passwd.txt") and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username)) and (!isset($_REQUEST['passwd']) or ($crypt_passwd != $passwd))) {
-                       echo "<p>This entry is password protected. If you know the magic word, click <a href=passwd.php?entry=$d&show=comments>here</a> to enter it.</p>";
-               }
-               else {
-      
-                       $captcha_rand = str_rand(7);
-      
-                       echo "<p>Fill out the form below";
+                       echo '<p><table border=0 cellspacing=0 cellpadding=0 width=';
 
-                       if (!isset($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")))) {
-                               echo " and enter <b>$captcha_rand</b> in the anti-spam field";
+                       if (file_exists("data/bb.txt") and file_exists("data/avatar.txt")) {
+                               echo "610";
+                       }
+                       else {
+                               echo "525";
                        }
 
-                       echo " to add your comment.";
+                       echo '><tr><td>';
 
-                       if (!isset($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")))) {
-                               echo " Note that it will not be posted immediately, but will be ";
-                      
-                               if (file_exists("data/email.txt")) {
-                                       echo "e-mailed";
-                               }
-                               else {
-                                       echo "sent";
-                               }
+                       if (!isset($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}")))) {
       
-                               echo " to me first.";
-
-                               if (!isset($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and !file_exists("data/members/active/{$_SESSION['logged_in']}"))) {
-                                       echo " Comments with bogus contact information will be discarded.";
-                               }
-                       }
-                       echo "</p>";
-
-                       ?>
+                               if (isset($_REQUEST['show']) and !empty($_REQUEST['show']) and isset($_POST['captcha_put']) and !empty($_REQUEST['captcha_get']) and isset($_POST['firstname']) and !empty($_POST['firstname']) and isset($_POST['lastname']) and !empty($_POST['lastname']) and isset($_POST['email']) and !empty($_POST['email']) and isset($_POST['new_comment']) and !empty($_POST['new_comment']) and isset($_POST['captcha_put']) and !empty($_POST['captcha_put']) and ($_REQUEST['captcha_get'] == $_POST['captcha_put']) and (ereg("@", $_POST['email'])) and (ereg("\.", $_POST['email']))) {
                       
-                       <table border=0 cellspacing=2 cellpadding=0 width=500>
-                       <form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>?entry=<?php echo $d; ?>&show=comments" method="post">
-                       <input type=hidden name=captcha_get value="<?php echo $captcha_rand; ?>">
-                       <tr>
-
-<?php
-if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
-?>
-       <td width=75><p></p></td><td><input type=hidden name=cauthor value="<?php echo $_SESSION['logged_in']; ?>"><input type=hidden name=firstname value="<?php $logged_in_author = explode(" ", file_get_contents("data/author.txt")); echo trim(str_replace(",","",$logged_in_author[0])); ?>"></p></td>
-<?php
-}
-elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
-?>
-       <td width=75><p></p></td><td><input type=hidden name=cauthor value="<?php echo $_SESSION['logged_in']; ?>"><input type=hidden name=firstname value="<?php echo file_get_contents("data/members/active/{$_SESSION['logged_in']}/firstname.txt"); ?>"></p></td>
-<?php
-}
-else {
-
-?>
-
-<td width=75><p>First Name*</p></td><td width=300><input class=input type=text autocomplete=off name=firstname maxlength=30></td>
-
-<?php
-
-}
-
-?>
-                       <td rowspan=7 valign=top width=75 align=right>
-                       <table border=0 cellspacing=1 cellpadding=2>
-                       <tr><td><img src=images/smileys/crying.png border=0></td><td><p>:((</p></td><td ><p>crying</p></td></tr>
-                       <tr><td><img src=images/smileys/frown.png border=0></td><td><p>:(</p></td><td><p>frown</p></td></tr>
-                       <tr><td><img src=images/smileys/indifferent.png border=0></td><td><p>:|</p></td><td><p>indifferent</p></td></tr>
-                       <tr><td><img src=images/smileys/laughing.png border=0></td><td><p>:D</p></td><td><p>laughing</p></td></tr>
-                       <tr><td><img src=images/smileys/lick.png border=0></td><td><p>:P</p></td><td><p>lick</p></td></tr>
-                       <tr><td><img src=images/smileys/ohno.png border=0></td><td><p>:O</p></td><td><p>oh no!</p></td></tr>
-                       <tr><td><img src=images/smileys/smile.png border=0></td><td><p>:)</p></td><td><p>smile</p></td></tr>
-                       <tr><td><img src=images/smileys/surprised.png border=0></td><td><p>=)</p></td><td><p>surprised</p></td></tr>
-                       <tr><td><img src=images/smileys/undecided.png border=0></td><td><p>:\</p></td><td><p>undecided</p></td></tr>
-                       <tr><td><img src=images/smileys/wink.png border=0></td><td><p>;)</p></td><td><p>wink</p></td></tr>
-                       </td></tr>
-                       </table>
-
-<?php
-if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
-?>
-       <td width=75><p></p></td><td><input type=hidden name=lastname value="<?php echo trim(str_replace(",","",$logged_in_author[1])); ?>"></p></td>
-<?php
-}
-elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
-?>
-       <td width=75><p></p></td><td><input type=hidden name=lastname value="<?php echo file_get_contents("data/members/active/{$_SESSION['logged_in']}/lastname.txt"); ?>"></p></td>
-<?php
-}
-else {
-
-?>
-
-                       <tr><td><p>Last Name*</p></td><td><input class=input type=text autocomplete=off name=lastname maxlength=30></td></tr>
-
-<?php
-
-}
-
-?>
-
-<?php
-if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
-       if (file_exists("data/email.txt")) {
-?>
-               <td width=75><p></p></td><td colspan=2><input type=hidden name=email value="<?php echo file_get_contents("data/email.txt"); ?>"></p></td>
-<?php
-       }
-       else {
-               echo "<tr><td><p>E-mail*</p></td><td colspan=2><input class=input type=text autocomplete=off name=email maxlength=60></td></tr>";
-       }
-}
-elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
-?>
-       <td width=75><p></p></td><td colspan=2><input type=hidden name=email value="<?php echo file_get_contents("data/members/active/{$_SESSION['logged_in']}/email.txt"); ?>"></p></td>
-<?php
-}
-else {
+                                       echo '<p><table border=0 cellspacing=0 cellpadding=0><tr><td><p><font style="font-size: 12px;"><b>Thanks!</b></font></p><p>Your comment has been submitted for approval. Please check back soon to see if it has been posted.</p></td></tr></table></p>';
+                               }
+                       }
 
-?>
+                       echo '<p><font style="font-size: 12px;"><b>Add Comment</b></font></p>';
 
-                       <tr><td><p>E-mail*</p></td><td colspan=2><input class=input type=text autocomplete=off name=email maxlength=60></td></tr>
+                       if (file_exists("$dir/$d/passwd.txt") and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username)) and (!isset($_REQUEST['passwd']) or ($crypt_passwd != $passwd))) {
+                               echo "<p>This entry is password protected. If you know the magic word, click <a href=passwd.php?entry=$d&show=comments>here</a> to enter it.</p>";
+                       }
+                       else {
+                               $captcha_rand = str_rand(7);
+              
+                               echo "<p>Fill out the form below";
 
-<?php
+                               if (!isset($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")))) {
+                                       echo " and enter <b>$captcha_rand</b> in the anti-spam field";
+                               }
 
-}
+                               echo " to add your comment.";
 
-?>
+                               if (!isset($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")))) {
+                                       echo " Note that it will not be posted immediately, but will be ";
+                      
+                                       if (file_exists("data/email.txt")) {
+                                               echo "e-mailed";
+                                       }
+                                       else {
+                                               echo "sent";
+                                       }
+      
+                                       echo " to me first.";
 
-<?php
-if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
-?>
-       <td width=75><p></p></td><td colspan=2><input type=hidden name=url value="<?php file_get_contents("data/url.txt"); ?>"></p></td>
-<?php
-}
-elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
-?>
-       <td width=75><p></p></td><td colspan=2><input type=hidden name=url value="<?php if (file_exists("data/members/active/{$_SESSION['logged_in']}/url.txt")) { echo file_get_contents("data/members/active/{$_SESSION['logged_in']}/url.txt"); } ?>"></p></td>
-<?php
-}
-else {
+                                       if (!isset($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and !file_exists("data/members/active/{$_SESSION['logged_in']}"))) {
+                                               echo " Comments with bogus contact information will be discarded.";
+                                       }
+                               }
+                               echo "</p>";
 
-?>
+                               ?>
+                      
+                               <table border=0 cellspacing=2 cellpadding=0 width=500>
+                               <form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>?entry=<?php echo $d; ?>&show=comments" method="post">
+                               <input type=hidden name=captcha_get value="<?php echo $captcha_rand; ?>">
+                               <tr>
+
+                               <?php
+                               if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
+                                       ?>
+                                       <td width=75><p></p></td><td><input type=hidden name=cauthor value="<?php echo $_SESSION['logged_in']; ?>"><input type=hidden name=firstname value="<?php $logged_in_author = explode(" ", file_get_contents("data/author.txt")); echo trim(str_replace(",","",$logged_in_author[0])); ?>"></p></td>
+                                       <?php
+                               }
+                               elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
+                                       ?>
+                                       <td width=75><p></p></td><td><input type=hidden name=cauthor value="<?php echo $_SESSION['logged_in']; ?>"><input type=hidden name=firstname value="<?php echo file_get_contents("data/members/active/{$_SESSION['logged_in']}/firstname.txt"); ?>"></p></td>
+                                       <?php
+                               }
+                               else {
+                                       ?>
+                                       <td width=75><p>First Name*</p></td><td width=300><input class=input type=text autocomplete=off name=firstname maxlength=30></td>
+                                       <?php
+                               }
+                               ?>
+                               <td rowspan=7 valign=top width=75 align=right>
+                               <table border=0 cellspacing=1 cellpadding=2>
+                               <tr><td><img src=images/smileys/crying.png border=0></td><td><p>:((</p></td><td ><p>crying</p></td></tr>
+                               <tr><td><img src=images/smileys/frown.png border=0></td><td><p>:(</p></td><td><p>frown</p></td></tr>
+                               <tr><td><img src=images/smileys/indifferent.png border=0></td><td><p>:|</p></td><td><p>indifferent</p></td></tr>
+                               <tr><td><img src=images/smileys/laughing.png border=0></td><td><p>:D</p></td><td><p>laughing</p></td></tr>
+                               <tr><td><img src=images/smileys/lick.png border=0></td><td><p>:P</p></td><td><p>lick</p></td></tr>
+                               <tr><td><img src=images/smileys/ohno.png border=0></td><td><p>:O</p></td><td><p>oh no!</p></td></tr>
+                               <tr><td><img src=images/smileys/smile.png border=0></td><td><p>:)</p></td><td><p>smile</p></td></tr>
+                               <tr><td><img src=images/smileys/surprised.png border=0></td><td><p>=)</p></td><td><p>surprised</p></td></tr>
+                               <tr><td><img src=images/smileys/undecided.png border=0></td><td><p>:\</p></td><td><p>undecided</p></td></tr>
+                               <tr><td><img src=images/smileys/wink.png border=0></td><td><p>;)</p></td><td><p>wink</p></td></tr>
+                               </td></tr>
+                               </table>
+
+                               <?php
+                               if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
+                                       ?>
+                                       <td width=75><p></p></td><td><input type=hidden name=lastname value="<?php echo trim(str_replace(",","",$logged_in_author[1])); ?>"></p></td>
+                                       <?php
+                               }
+                               elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
+                                       ?>
+                                       <td width=75><p></p></td><td><input type=hidden name=lastname value="<?php echo file_get_contents("data/members/active/{$_SESSION['logged_in']}/lastname.txt"); ?>"></p></td>
+                                       <?php
+                               }
+                               else {
+                                       ?>
+                                       <tr><td><p>Last Name*</p></td><td><input class=input type=text autocomplete=off name=lastname maxlength=30></td></tr>
+                                       <?php
+                               }
 
-                       <tr><td><p>Website</p></td><td colspan=2><input class=input type=text autocomplete=off name=url maxlength=300></td></tr>
+                               if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
 
-<?php
+                                       if (file_exists("data/email.txt")) {
+                                               ?>
+                                               <td width=75><p></p></td><td colspan=2><input type=hidden name=email value="<?php echo file_get_contents("data/email.txt"); ?>"></p></td>
+                                               <?php
+                                       }
+                                       else {
+                                               echo "<tr><td><p>E-mail*</p></td><td colspan=2><input class=input type=text autocomplete=off name=email maxlength=60></td></tr>";
+                                       }
+                               }
+                               elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
+                                       ?>
+                                       <td width=75><p></p></td><td colspan=2><input type=hidden name=email value="<?php echo file_get_contents("data/members/active/{$_SESSION['logged_in']}/email.txt"); ?>"></p></td>
+                                       <?php
+                               }
+                               else {
+                                       ?>
+                                       <tr><td><p>E-mail*</p></td><td colspan=2><input class=input type=text autocomplete=off name=email maxlength=60></td></tr>
+                                       <?php
+                               }
 
-}
+                               if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
+                                       ?>
+                                       <td width=75><p></p></td><td colspan=2><input type=hidden name=url value="<?php file_get_contents("data/url.txt"); ?>"></p></td>
+                                       <?php
+                               }
+                               elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
+                                       ?>
+                                       <td width=75><p></p></td><td colspan=2><input type=hidden name=url value="<?php if (file_exists("data/members/active/{$_SESSION['logged_in']}/url.txt")) { echo file_get_contents("data/members/active/{$_SESSION['logged_in']}/url.txt"); } ?>"></p></td>
+                                       <?php
+                               }
+                               else {
+                                       ?>
+                                       <tr><td><p>Website</p></td><td colspan=2><input class=input type=text autocomplete=off name=url maxlength=300></td></tr>
+                                       <?php
+                               }
+                               ?>
+                               <tr><td><p>Comment*</p></td><td><textarea class=input name=new_comment rows=15></textarea></td></tr>
+                               <?php
 
-?>
+                               if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
+                                       echo "<input type=hidden name=captcha_put value=\"$captcha_rand\">";
+                               }
+                               else {
+                                       echo "<tr><td><p>Anti-Spam*</p></td><td><input class=input type=text autocomplete=off name=captcha_put maxlength=7></td></tr>";
+                               }
 
-                       <tr><td><p>Comment*</p></td><td><textarea class=input name=new_comment rows=15></textarea></td></tr>
-                       <?php
-                       if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
-                               echo "<input type=hidden name=captcha_put value=\"$captcha_rand\">";
-                       }
-                       else {
-                               echo "<tr><td><p>Anti-Spam*</p></td><td><input class=input type=text autocomplete=off name=captcha_put maxlength=7></td></tr>";
+                               ?>
+                               <tr><td><p></p></td><td><input class=input type=submit value="click here to submit your comment"></td></tr>
+                               </form>
+                               </table>
+                               <?php
                        }
                        ?>
-
-                       <tr><td><p></p></td><td><input class=input type=submit value="click here to submit your comment"></td></tr>
-                       </form>
-                       </table>
-               <?php } ?>
-               </td></tr></table></p>
-
-<?php
-}
-
-if (!isset($_SESSION['logged_in']) or (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}")))) {
-       if (isset($_REQUEST['show']) and !empty($_REQUEST['show']) and isset($_POST['captcha_put']) and !empty($_REQUEST['captcha_get']) and isset($_POST['firstname']) and !empty($_POST['firstname']) and isset($_POST['lastname']) and !empty($_POST['lastname']) and isset($_POST['email']) and !empty($_POST['email']) and isset($_POST['new_comment']) and !empty($_POST['new_comment']) and isset($_POST['captcha_put']) and !empty($_POST['captcha_put']) and ($_REQUEST['captcha_get'] == $_POST['captcha_put']) and (ereg("@", $_POST['email'])) and (ereg("\.", $_POST['email']))) {
-               echo '<p><table border=0 cellspacing=0 cellpadding=0><tr><td><p><font style="font-size: 12px;"><b>Thanks!</b></font></p><p>Your comment has been submitted for approval.<br>Please check back soon to see if it has been posted.</p></td></tr></table></p>';
-       }
-}
- ?>
-      
-
-
-               <?php
+                       </td></tr></table></p>
+                       <?php
+               }
        }
 }
-?>
 
-<?php
 if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username) and isset($_REQUEST['entry']) and !empty($_REQUEST['entry'])) {
+
        if ($dh_pending_comments = opendir("$dir/$d/comments/pending")) {
+
                while (($entry_pending_comments = readdir($dh_pending_comments)) !== false) {
+
                        if ($entry_pending_comments != "." && $entry_pending_comments != ".." && fnmatch("*", $entry_pending_comments)) {
                                $show_pending_comments[] = $entry_pending_comments;
                        }
@@ -3454,9 +3432,11 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
 
        asort($show_pending_comments);
        reset($show_pending_comments);
+
        $count_pending_comments = count($show_pending_comments);
 
        if ($count_pending_comments > 0) {
+
                if ($count_pending_comments == 1) {
                        echo '<p><b>Pending Comment</b></p>';
                }
@@ -3464,6 +3444,7 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
                        echo '<p><b>Pending Comments</b></p>';
                }
                foreach ($show_pending_comments as $pending_comment) {
+
                        echo '<p><table border=0 cellspacing=0 cellpadding=0 width=';
       
                        if (file_exists("data/bb.txt") and file_exists("data/avatar.txt")) {
@@ -3516,10 +3497,15 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
                        echo '</div><div id=panel_body><table border=0 cellspacing=0 cellpadding=0><tr>';
 
                        if (file_exists("data/bb.txt") and file_exists("data/avatar.txt") and file_exists("$dir/$d/comments/pending/$pending_comment/author.txt")) {
+
                                echo "<td width=85 valign=top><p>";
+
                                $pc_author = file_get_contents("$dir/$d/comments/pending/$pending_comment/author.txt");
+
                                echo "<a href=member.php?id=$pc_author>";
+
                                if ((file_get_contents("data/username.txt") == $pc_author) and (file_exists("images/avatar.jpg") or file_exists("images/avatar.gif") or file_exists("images/avatar.png"))) {
+
                                        if (file_exists("images/avatar.gif")) {
                                                $pc_avatar_gif_image_size = getimagesize("images/avatar.gif");
                                                $pc_avatar_gif_image_width = $pc_avatar_gif_image_size[0];
@@ -3577,6 +3563,7 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
                                echo "><br>";
                                }
                                elseif (file_exists("images/members/$pc_author/avatar.jpg") or file_exists("images/members/$pc_author/avatar.gif") or file_exists("images/members/$pc_author/avatar.png")) {
+
                                        if (file_exists("images/members/$pc_author/avatar.gif")) {
                                                $pc_avatar_gif_image_size = getimagesize("images/members/$pc_author/avatar.gif");
                                                $pc_avatar_gif_image_width = $pc_avatar_gif_image_size[0];
@@ -3634,6 +3621,7 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
                                echo "><br>";
                                }
                                echo "$pc_author</a><br>";
+
                                if ((file_get_contents("data/username.txt") == $pc_author) and file_exists("data/rank.txt")) {
                                        echo "administrator<br>";
                                }
@@ -3646,6 +3634,7 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
                                }
               
                                if ($pc_dh_posts = opendir("data/items")) {
+
                                        while (($pc_entry_posts = readdir($pc_dh_posts)) !== false) {
               
                                                if (file_exists("data/items/$pc_entry_posts/private.txt") and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username))) {
@@ -3693,6 +3682,7 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
                        }
 
                        echo '<p><font style="font-size: 10px; color: #999999;">';
+
                        if ((file_exists("$dir/$d/comments/pending/$pending_comment/author.txt") and (file_exists("data/bb.txt") and !file_exists("data/avatar.txt")) or (file_exists("$dir/$d/comments/pending/$pending_comment/author.txt") and (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username) and !file_exists("data/avatar.txt"))))) {
                                $pxavatar_author = file_get_contents("$dir/$d/comments/pending/$pending_comment/author.txt");
                                echo "<a href=member.php?id=$pxavatar_author>$pxavatar_author</a> - ";
@@ -4286,6 +4276,13 @@ if (file_exists("data/comments/latest/$cmonth")) {
 
        if ($dh_latest_comments = opendir("data/comments/latest/$cmonth")) {
                while (($entry_latest_comments = readdir($dh_latest_comments)) !== false) {
+
+                       $today = date("YmdHis", time() + $offset);
+
+                       if (($entry_latest_comments > $today) and (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username))) {
+                               continue;
+                       }
+
                        if ($entry_latest_comments != "." && $entry_latest_comments != "..") {
                                $show_latest_comments[] = $entry_latest_comments;
                        }
diff --git a/member.php b/member.php
index a605078..412c1f5 100644
--- a/member.php
+++ b/member.php
@@ -486,7 +486,6 @@ else {
 
        if (isset($_SESSION['logged_in']) and !empty($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt")) and !file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/members/active/$id/email.txt")) {
                $email = file_get_contents("data/members/active/$id/email.txt");
-               $email = str_replace("@"," at ",$email);
                echo " &lt;$email&gt;";
        }
 
diff --git a/move.php b/move.php
index c8d937a..9a4801d 100644
--- a/move.php
+++ b/move.php
@@ -1,13 +1,17 @@
 <?php
 
 session_start();
+
 header("Cache-control: private");
 
 error_reporting(E_ERROR);
 
 if (get_magic_quotes_gpc()) {
+
        function stripslashes_array($data) {
+
                if (is_array($data)){
+
                         foreach ($data as $key => $value){
                                  $data[$key] = stripslashes_array($value);
                         }
@@ -27,6 +31,13 @@ if (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username
        exit();
 }
 
+if (!isset($_REQUEST['entry']) or empty($_REQUEST['entry'])) {
+       exit();
+}
+else {
+       $entry = trim($_REQUEST['entry']);
+}
+
 function rmdirr($recurse_dirname) {
 
        if (!file_exists($recurse_dirname)) {
@@ -52,9 +63,122 @@ function rmdirr($recurse_dirname) {
        return rmdir($recurse_dirname);
 }
 
+if (isset($_POST['target']) and !empty($_POST['target'])) {
+
+       $target = trim($_POST['target']);
+
+       if (isset($_POST['comment']) and !empty($_POST['comment']) and isset($_POST['type']) and !empty($_POST['type'])) {
+
+               $comment = trim($_POST['comment']);
+               $type = trim($_POST['type']);
+
+               if (file_exists("data/items/$entry/comments/$type/$comment") and file_exists("data/items/$target")) {
+
+                       if (!file_exists("data/items/$target/comments")) {
+                               mkdir("data/items/$target/comments");
+                       }
+
+                       if (!file_exists("data/items/$target/comments/$type")) {
+                               mkdir("data/items/$target/comments/$type");
+                       }
+
+                       rename("data/items/$entry/comments/$type/$comment","data/items/$target/comments/$type/$comment");
+
+                       if ($type == "pending") {
+
+                               if (file_exists("data/comments/pending/$entry/count.txt")) {
+
+                                       $count = file_get_contents("data/comments/pending/$entry/count.txt");
+
+                                       if ($count <= 1) {
+                                               rmdirr("data/comments/pending/$entry");
+                                       }
+                                       else {
+                                               $count = $count - 1;
+                                               $count_txt = fopen("data/comments/pending/$entry/count.txt","w");
+                                               fwrite($count_txt,$count);
+                                               fclose($count_txt);
+                                       }
+                               }
+
+                               if (file_exists("data/comments/pending/$target/count.txt")) {
+
+                                       $count = file_get_contents("data/comments/pending/$target/count.txt");
+                                       $count = $count + 1;
+                               }
+                               else {
+                                       $count = 1;
+                               }
+      
+                               if (!file_exists("data/comments/pending/$target")) {
+                                       mkdir("data/comments/pending/$target");
+                               }
+
+                               $count_txt = fopen("data/comments/pending/$target/count.txt","w");
+                               fwrite($count_txt,$count);
+                               fclose($count_txt);
+                       }
+               }
+       }
+       else {
+               if (!file_exists("data/items/$target/comments/live/$entry")) {
+
+                       if (!file_exists("data/items/$target/comments")) {
+                               mkdir("data/items/$target/comments");
+                       }
+
+                       if (!file_exists("data/items/$target/comments/live")) {
+                               mkdir("data/items/$target/comments/live");
+                       }
+
+                       rename("data/items/$entry","data/items/$target/comments/live/$entry");
+
+                       rename("data/items/$target/comments/live/$entry/body.txt","data/items/$target/comments/live/$entry/comment.txt");
+                       rename("data/items/$target/comments/live/$entry/date.txt","data/items/$target/comments/live/$entry/timestamp.txt");
+
+                       if (file_exists("data/items/$target/comments/live/$entry/author.txt")) {
+
+                               $author = file_get_contents("data/items/$target/comments/live/$entry/author.txt");
+
+                               if ($author != file_get_contents("data/username.txt") and file_exists("data/members/active/$author")) {
+
+                                       copy("data/members/active/$author/firstname.txt","data/items/$target/comments/live/$entry/firstname.txt");
+                                       copy("data/members/active/$author/lastname.txt","data/items/$target/comments/live/$entry/lastname.txt");
+                                       copy("data/members/active/$author/email.txt","data/items/$target/comments/live/$entry/email.txt");
+
+                                       if (file_exists("data/members/active/$author/url.txt")) {
+                                               copy("data/members/active/$author/url.txt","data/items/$target/comments/live/$entry/url.txt");
+                                       }
+                               }
+                               else {
+                                       $author_name = explode(" ", file_get_contents("data/author.txt"));
+                                       $author_fname = ucfirst(trim(str_replace(",","",$author_name[0])));
+                                       $author_lname = ucfirst(trim(str_replace(",","",$author_name[1])));
+
+                                       $fp_fname_txt = fopen("data/items/$target/comments/live/$entry/firstname.txt","w");
+                                       fwrite($fp_fname_txt, $author_fname);
+                                       fclose($fp_fname_txt);
+
+                                       $fp_lname_txt = fopen("data/items/$target/comments/live/$entry/lastname.txt","w");
+                                       fwrite($fp_lname_txt, $author_lname);
+                                       fclose($fp_lname_txt);
+
+                                       copy("data/email.txt","data/items/$target/comments/live/$entry/email.txt");
+                               }
+                       }
+
+               }
+       }
+
+       header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?entry=' . $target . '&show=comments');
+
+       exit();
+}
+
 ?>
 
 <style>
+
 body {
        color: #666666;
        margin: 10px;
@@ -94,7 +218,7 @@ a:active {
        color: #666666;
        background: #ffffff;
        border: #999999 solid 1px;
-       width: 200px;
+       width: 400px;
        font-family: <?php
                                if (file_exists("data/fonts/input.txt")) {
                                        $font_input = file_get_contents("data/fonts/input.txt");
@@ -103,170 +227,82 @@ a:active {
        ?> arial, helvetica, sans-serif;
        font-size: 11px
 }
+
 </style>
 
-<table border=0 cellspacing=1 cellpadding=1>
-<form action=move.php method=post>
-<tr><td>entry</td><td><input type=text class=input name=entry maxlength=14 <?php
+<table border="0" cellspacing="1" cellpadding="1">
+<form action="move.php" method="post">
+<tr><td>current entry</td><td width="5"></td><td><b>
 
-       if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry'])) {
-               echo "value=";
-               echo trim($_REQUEST['entry']);
-               echo " ";
-       }
 
-?>autocomplete=off></td></tr>
+<?php echo file_get_contents("data/items/{$_REQUEST['entry']}/title.txt"); ?>
 
-<?php
-       if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQUEST['type']) and !empty($_REQUEST['type'])) {
-               echo "<tr><td>comment&nbsp;</td><td><input type=text class=input name=comment maxlength=14 value=";
-               echo trim($_REQUEST['comment']);
-               echo " autocomplete=off><input type=hidden name=type value={$_REQUEST['type']}></td></tr>";
-       }
-?>
-
-<tr><td>target&nbsp;</td><td><input type=text class=input name=target maxlength=14 autocomplete=off></td></tr>
-<tr><td></td><td><input type=submit class=input value="click here to move <?php
-       if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment'])) {
-               echo "comment";
-       }
-       else {
-               echo "entry";
-       }
-?>"></td></tr>
-</form>
-<form action=index.php method=post>
-<tr><td></td><td><input type=submit class=input value="click here to go to the index page"></td></tr>
-</form>
-</table>
+<input type="hidden" name="entry" value="<?php echo trim($_REQUEST['entry']); ?>">
 
 <?php
 
-if (!isset($_REQUEST['entry']) or empty($_REQUEST['entry']) or !isset($_POST['target']) or empty($_POST['target'])) {
-       exit();
-}
+if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQUEST['type']) and !empty($_REQUEST['type'])) {
 
-$entry = trim($_REQUEST['entry']);
-$target = trim($_POST['target']);
+       echo "<input type=\"hidden\" name=\"comment\" value=\"{$_REQUEST['comment']}\">";
+       echo "<input type=\"hidden\" name=\"type\" value=\"{$_REQUEST['type']}\">";
 
-if (!file_exists("data/items/$entry") or !file_exists("data/items/$target")) {
-       exit();
 }
 
-if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQUEST['type']) and !empty($_REQUEST['type']) and ($_REQUEST['type'] == "live")) {
-
-       $comment = trim($_REQUEST['comment']);
-
-       if (!file_exists("data/items/$entry/comments/live/$comment")) {
-               exit();
-       }
+?>
 
-       if (!file_exists("data/items/$target/comments/live/$entry")) {
+</b></td></tr>
 
-               if (!file_exists("data/items/$target/comments")) {
-                       mkdir("data/items/$target/comments");
-               }
+<tr><td>target entry</td><td width="5"></td><td>
+<select class="input" name="target">
 
-               if (!file_exists("data/items/$target/comments/live")) {
-                       mkdir("data/items/$target/comments/live");
-               }
+<?php
 
-               rename("data/items/$entry/comments/live/$comment","data/items/$target/comments/live/$comment");
+if ($dh_items = opendir("data/items")) {
 
-               header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?entry=' . $target . '&show=comments');
+       while (($entry_item = readdir($dh_items)) !== false) {
 
-               exit();
+               if ($entry_item != "." && $entry_item != ".." && ($_REQUEST['entry'] != $entry_item)) {
+                       $target_items[] = $entry_item;
+               }
        }
-
-       exit();
+       closedir($dh_items);
 }
 
-if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQUEST['type']) and !empty($_REQUEST['type']) and ($_REQUEST['type'] == "pending")) {
+rsort($target_items);
+reset($target_items);
 
-       $comment = trim($_REQUEST['comment']);
+foreach ($target_items as $target_entry) {
 
-       if (!file_exists("data/items/$entry/comments/pending/$comment")) {
-               exit();
-       }
-
-       if (!file_exists("data/items/$target/comments/pending/$entry")) {
-
-               if (!file_exists("data/items/$target/comments")) {
-                       mkdir("data/items/$target/comments");
-               }
+       echo "<option value=\"$target_entry\">";
+       readfile("data/items/$target_entry/title.txt");
+       echo "</option>";
 
-               if (!file_exists("data/items/$target/comments/pending")) {
-                       mkdir("data/items/$target/comments/pending");
-               }
-
-               rename("data/items/$entry/comments/pending/$comment","data/items/$target/comments/pending/$comment");
-
-               if (file_exists("data/comments/pending/$entry/count.txt")) {
-
-                       $count = file_get_contents("data/comments/pending/$entry/count.txt");
-
-                       if ($count <= 1) {
-                               rmdirr("data/comments/pending/$entry");
-                       }
-                       else {
-                               $count = $count - 1;
-                               $count_txt = fopen("data/comments/pending/$entry/count.txt","w");
-                               fwrite($count_txt,$count);
-                               fclose($count_txt);
-                       }
-               }
-
-               if (file_exists("data/comments/pending/$target/count.txt")) {
-
-                       $count = file_get_contents("data/comments/pending/$target/count.txt");
-                       $count = $count + 1;
-               }
-               else {
-                       $count = 1;
-               }
-
-
-               if (!file_exists("data/comments/pending/$target")) {
-                       mkdir("data/comments/pending/$target");
-               }
-
-               $count_txt = fopen("data/comments/pending/$target/count.txt","w");
-               fwrite($count_txt,$count);
-               fclose($count_txt);
-
-               header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?entry=' . $target . '&show=comments');
-
-               exit();
-       }
-
-       exit();
 }
 
-if ((!isset($_REQUEST['comment']) or empty($_REQUEST['comment'])) and (!isset($_REQUEST['type']) or empty($_REQUEST['type'])) and !file_exists("data/items/$target/comments/live/$entry")) {
+?>
 
-       if (!file_exists("data/items/$target/comments")) {
-               mkdir("data/items/$target/comments");
-       }
+</select>
+</td></tr>
 
-       if (!file_exists("data/items/$target/comments/live")) {
-               mkdir("data/items/$target/comments/live");
+<tr><td></td><td width="5"></td><td><input type="submit" class="input" value="click here to move <?php
+       if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment'])) {
+               echo "comment";
        }
-
-       rename("data/items/$entry","data/items/$target/comments/live/$entry");
-       rename("data/items/$target/comments/live/$entry/body.txt","data/items/$target/comments/live/$entry/comment.txt");
-       rename("data/items/$target/comments/live/$entry/date.txt","data/items/$target/comments/live/$entry/timestamp.txt");
-
-       $author = file_get_contents(data/items/$target/comments/live/$entry/author.txt);
-
-       copy("data/members/active/$author/firstname.txt","data/items/$target/comments/live/$entry/firstname.txt");
-       copy("data/members/active/$author/lastname.txt","data/items/$target/comments/live/$entry/lastname.txt");
-       copy("data/members/active/$author/email.txt","data/items/$target/comments/live/$entry/email.txt");
-
-       if (file_exists("data/members/active/$author/url.txt")) {
-               copy("data/members/active/$author/url.txt","data/items/$target/comments/live/$entry/url.txt");
+       else {
+               echo "entry";
        }
+?>"></td></tr>
+</form>
 
-       header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?entry=' . $target . '&show=comments');
-}
+<form action="index.php" method="get">
+<tr><td></td><td width="5"></td><td>
+<input type="hidden" name="entry" value="<?php echo trim($_REQUEST['entry']); ?>">
+<input type="hidden" name="show" value="comments">
+<input type="submit" class="input" value="click here to go back to the current entry">
+</td></tr>
+</form>
 
-?>
+<form action="index.php" method="post">
+<tr><td></td><td width="5"></td><td><input type="submit" class="input" value="click here to go to the index page"></td></tr>
+</form>
+</table>
 
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
33012 downloads
MAJ 1.0
26 files
13143 downloads
MAJ 0.14
45 files
35025 downloads