Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This commit has been accessed 928 times via Git panel.

commit 9f377372890d1c5edfdfc88b069b73938ba6ab3d
tree afe58770706105af5b5d961184fa9e73b953fb1c
parent b4805febfbcd1f787f02f9d459f842800fb6d52c
author Engels Antonio <engels@majcms.org> 1277314205 +0800
committer Engels Antonio <engels@majcms.org> 1277314205 +0800

    maj-1.0-20081207-bb.zip

diff --git a/index.php b/index.php
index 5e0d092..c9c33d6 100644
--- a/index.php
+++ b/index.php
@@ -89,7 +89,7 @@ $wtable = $wside + $wspace + $wmain + $wspace + $wside;
 $default_blog_title = "My Activity Journal";
 $default_username = "maj";
 $default_password = "php";
-$default_blog_profile = 'This cool site is powered by <a href="http://maj.sourceforge.net/" target="_maj">My Activity Journal</a>, a simple, <a href="http://php.net/" target="_maj">PHP</a>-based, <a href="http://www.opensource.org/licenses/gpl-license.php" target="_maj">Open Source</a> blog written from scratch as a spare time family project by <a href="http://engels.mortega.net/" target="_maj">Engels</a>, <a href="http://gaffud.com/" target="_maj">Magie</a>, and <a href="http://psylocke.org/" target="_maj">Psylocke</a> Antonio.';
+$default_blog_profile = 'This cool site is powered by <a href="http://maj.sourceforge.net/" target="_maj">My Activity Journal</a>, a simple, <a href="http://php.net/" target="_maj">PHP</a>-based, <a href="http://www.opensource.org/licenses/gpl-license.php" target="_maj">Open Source</a> blog written from scratch as a spare time family project by <a href="http://psylocke.org/" target="_maj">Psylocke</a>, <a href="http://gaffud.com/" target="_maj">Magie</a>, and <a href="http://engels.mortega.net/" target="_maj">Engels</a> Antonio.';
 $default_blog_author = "My Activity Journal";
 
 if (!file_exists("data")) {
diff --git a/login.php b/login.php
index 91b6f73..bacfc15 100644
--- a/login.php
+++ b/login.php
@@ -116,6 +116,7 @@ a:active {
                        {
                        $_SESSION['logged_in'] = $_POST['username'];
                        $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
+                       $_SESSION['maj_server'] = sha1($_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']));
                        $lastlog = date("YmdHis", time() + $offset);
                        $fp_lastlog_txt = fopen($last_login, "w");
                        fwrite($fp_lastlog_txt, $lastlog);
diff --git a/member.php b/member.php
index b480732..fe4a78f 100644
--- a/member.php
+++ b/member.php
@@ -45,6 +45,8 @@ $id = $_REQUEST['id'];
 
 $login_username = file_get_contents("data/username.txt");
 
+$maj_server = sha1($_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']));
+
 if (file_get_contents("data/username.txt") != $id) {
        $member_firstname = file_get_contents("data/members/active/$id/firstname.txt");
        $member_lastname = file_get_contents("data/members/active/$id/lastname.txt");
@@ -311,12 +313,9 @@ if (file_exists("data/members/active")) {
                                                        if ((time() - fileatime("$sess_dir/$sess_file")) < ($idle * 60)) {
                       
                                                                $sess_content = file_get_contents("$sess_dir/$sess_file");
-                                                              
                                               
-                                                               if (preg_match("/logged_in/",$sess_content)) {
-                                                                       if (preg_match("/$member_list_entry/",$sess_content)) {
+                                                               if (preg_match("/logged_in/",$sess_content) and preg_match("/$maj_server/",$sess_content) and preg_match("/$member_list_entry/",$sess_content)) {
                                                                                $sess_count++;
-                                                                       }
                                                                }
                                                        }
                                                }
@@ -325,13 +324,15 @@ if (file_exists("data/members/active")) {
                                }
                        }
                       
-                       if (($sess_count > 0) or (isset($_SESSION['logged_in']) and !empty($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $member_list_entry))) {
+                       if ($sess_count > 0) {
                                echo "<img src=images/smileys/smile.png>";
                        }
                        else {
                                echo "<img src=images/smileys/offline.png>";
                        }
-                      
+
+                       $sess_count = 0;
+
                        echo "</td><td bgcolor=#ffffff><a href=member.php?id=$member_list_entry>$member_list_entry</a></td>";
 
                        if ($member_list_entry == file_get_contents("data/username.txt") or (file_exists("data/members/active/$member_list_entry") and !file_exists("data/members/active/$member_list_entry/timestamp.txt"))) {
@@ -952,11 +953,8 @@ if (is_dir($sess_dir)) {
                       
                                        $sess_content = file_get_contents("$sess_dir/$sess_file");
                       
-                                       if (preg_match("/logged_in/",$sess_content)) {
-
-                                               if (preg_match("/$id/",$sess_content)) {
-                                                       $sess_count++;
-                                               }
+                                       if (preg_match("/logged_in/",$sess_content) and preg_match("/$maj_server/",$sess_content) and preg_match("/$id/",$sess_content)) {
+                                               $sess_count++;
                                        }
                                }
                        }
@@ -965,13 +963,15 @@ if (is_dir($sess_dir)) {
        }
 }
 
-if (($sess_count > 0) or (isset($_SESSION['logged_in']) and !empty($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $id))) {
+if ($sess_count > 0) {
        echo "online";
 }
 else {
        echo "offline";
 }
 
+$sess_count = 0;
+
 ?>
 
 </code></td></tr>
diff --git a/rel.txt b/rel.txt
index 5425a2e..eac09b3 100644
--- a/rel.txt
+++ b/rel.txt
@@ -1 +1 @@
-20081204
\ No newline at end of file
+20081207
\ No newline at end of file
 
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
32977 downloads
MAJ 1.0
26 files
13132 downloads
MAJ 0.14
45 files
35010 downloads