Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This commit has been accessed 984 times via Git panel.

commit 9ff5127098f9f91eaee4811d1879a8184ff3cd78
tree b4432ceb5b53516cf09e416ded980c2f84d142ee
parent 6bf20217f2e2f786665c7eb8e86dcca6305c76d4
author Engels Antonio <engels@majcms.org> 1283546933 +0800
committer Engels Antonio <engels@majcms.org> 1283546933 +0800

    Add dupe checking in reg.php
    Fix admin name display in comments

diff --git a/index.php b/index.php
index 31ecdf9..b349988 100644
--- a/index.php
+++ b/index.php
@@ -544,18 +544,26 @@ if (isset($maj_req_entry) and !empty($maj_req_entry)) {
                        fclose($maj_fp_timestamp_txt);
 
                        $maj_fp_firstname_txt = fopen("data/items/$maj_req_entry/comments/pending/$maj_comment_entry_dir/firstname.txt","w");
-                       $maj_firstname = strtolower($_POST['firstname']);
-                       $maj_firstname = ucwords($maj_firstname);
+                       $maj_firstname = htmlentities($_POST['firstname'],ENT_NOQUOTES);
                        $maj_firstname = trim($maj_firstname);
-                       $maj_firstname = htmlentities($maj_firstname,ENT_NOQUOTES);
+                      
+                       if (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != file_get_contents("data/username.txt"))) {
+                               $maj_firstname = strtolower($maj_firstname);
+                       }
+
+                       $maj_firstname = ucwords($maj_firstname);
                        fwrite($maj_fp_firstname_txt,$maj_firstname);
                        fclose($maj_fp_firstname_txt);
 
                        $maj_fp_lastname_txt = fopen("data/items/$maj_req_entry/comments/pending/$maj_comment_entry_dir/lastname.txt","w");
-                       $maj_lastname = strtolower($_POST['lastname']);
-                       $maj_lastname = ucwords($maj_lastname);
+                       $maj_lastname = htmlentities($_POST['lastname'],ENT_NOQUOTES);
                        $maj_lastname = trim($maj_lastname);
-                       $maj_lastname = htmlentities($maj_lastname,ENT_NOQUOTES);
+
+                       if (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != file_get_contents("data/username.txt"))) {
+                               $maj_lastname = strtolower();
+                       }
+                      
+                       $maj_lastname = ucwords($maj_lastname);
                        fwrite($maj_fp_lastname_txt,$maj_lastname);
                        fclose($maj_fp_lastname_txt);
 
@@ -3759,10 +3767,39 @@ foreach ($maj_disp as $maj_d) {
                                <input type=hidden name=captcha_get value="<?php echo $maj_captcha_rand; ?>">
                                <tr>
 
-                               <?php
+                               <?php
+                              
                                if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
-                                       ?>
-                                       <td width=75></td><td><input type=hidden name=cauthor value="<?php echo $_SESSION['logged_in']; ?>"><input type=hidden name=firstname value="<?php $maj_logged_in_author = explode(" ",file_get_contents("data/author.txt")); echo trim(str_replace(",","",$maj_logged_in_author[0])); ?>"></td>
+                              
+                                       $maj_logged_in_author = explode(" ",file_get_contents("data/author.txt"));
+                                       $maj_logged_in_author_words = count($maj_logged_in_author);
+                                       $maj_logged_in_author_last = $maj_logged_in_author_words - 1;
+                                      
+                                       if ($maj_logged_in_author_words == 2) {
+                                              
+                                               $maj_logged_in_author_fname = str_replace(",","",$maj_logged_in_author[0]);
+                                               $maj_logged_in_author_lname = str_replace(",","",$maj_logged_in_author[1]);                                            
+                                       }
+                                      
+                                       if ($maj_logged_in_author_words > 2) {
+                                      
+                                               $maj_logged_in_author_mkfname = 0;
+                                      
+                                               while ($maj_logged_in_author_mkfname < $maj_logged_in_author_last) {
+                                              
+                                                       $maj_logged_in_author_fname .= $maj_logged_in_author[$maj_logged_in_author_mkfname] . " ";
+                                                      
+                                                       $maj_logged_in_author_mkfname = $maj_logged_in_author_mkfname + 1;                                             
+                                               }
+                                              
+                                               $maj_logged_in_author_lname = $maj_logged_in_author[$maj_logged_in_author_last];
+                                       }
+
+                               ?>
+                                       <td width=75></td><td><input type=hidden name=cauthor value="<?php echo $_SESSION['logged_in']; ?>">
+                                      
+                                       <input type="hidden" name="firstname" value="<?php echo $maj_logged_in_author_fname; ?>"></td>
+
                                        <?php
                                }
                                elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
@@ -3794,7 +3831,7 @@ foreach ($maj_disp as $maj_d) {
                                <?php
                                if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
                                        ?>
-                                       <td width=75></td><td><input type=hidden name=lastname value="<?php echo trim(str_replace(",","",$maj_logged_in_author[1])); ?>"></td>
+                                       <td width=75></td><td><input type=hidden name=lastname value="<?php echo $maj_logged_in_author_lname; ?>"></td>
                                        <?php
                                }
                                elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/bb.txt")) {
diff --git a/reg.php b/reg.php
index 23e2673..8498503 100644
--- a/reg.php
+++ b/reg.php
@@ -369,6 +369,8 @@ if (isset($_REQUEST['username']) and !empty($_REQUEST['username']) and isset($_R
 
 if ($_POST['submit'] == "1") {
 
+       $check_members = array_merge(glob("data/members/active/*"),glob("data/members/confirmed/*"),glob("data/members/pending/*"));
+      
        $err_reg = "0";
 
        if (!isset($_REQUEST['username']) or empty($_REQUEST['username'])) {
@@ -433,6 +435,26 @@ if ($_POST['submit'] == "1") {
 
                $err_lastname = "<td><img src=\"images/widget.ok.png\" border=\"0\" width=\"14\" height=\"14\"></td><td>$lastname</td>";
        }
+      
+       if (isset($firstname) and isset($lastname)) {
+      
+               if ((strtolower($firstname) . " " . strtolower($lastname)) == strtolower(file_get_contents("data/author.txt"))) {
+                       $err_reg = $err_reg + 1;
+                       $err_firstname = "$firstname $lastname is already registered.";
+                       $err_firstname = "<td><img src=\"images/widget.x.png\" border=\"0\" width=\"14\" height=\"14\"></td><td>$err_firstname</td>";
+                       $err_lastname = $err_firstname;
+               }
+      
+               foreach ($check_members as $check_member) {
+              
+                       if ((strtolower($firstname) == strtolower(file_get_contents("$check_member/firstname.txt"))) and (strtolower($lastname) == strtolower(file_get_contents("$check_member/lastname.txt")))) {
+                               $err_reg = $err_reg + 2;
+                               $err_firstname = "$firstname $lastname is already registered.";
+                               $err_firstname = "<td><img src=\"images/widget.x.png\" border=\"0\" width=\"14\" height=\"14\"></td><td>$err_firstname</td>";
+                               $err_lastname = $err_firstname;
+                       }
+               }
+       }
 
        if (!isset($_POST['email']) or empty($_POST['email'])) {
                $err_reg = $err_reg + 1;
@@ -459,6 +481,21 @@ if ($_POST['submit'] == "1") {
                        $err_email = "The email address $email is not allowed on this site.";
                        $err_email = "<td><img src=\"images/widget.x.png\" border=\"0\" width=\"14\" height=\"14\"></td><td>$err_email</td>";
                }
+              
+               if ($email == file_get_contents("data/email.txt")) {
+                       $err_reg = $err_reg + 1;
+                       $err_email = "The email address $email is already in use.";
+                       $err_email = "<td><img src=\"images/widget.x.png\" border=\"0\" width=\"14\" height=\"14\"></td><td>$err_email</td>";
+               }
+              
+               foreach ($check_members as $check_member) {
+              
+                       if ($email == file_get_contents("$check_member/email.txt")) {
+                               $err_reg = $err_reg + 1;
+                               $err_email = "The email address $email is already in use.";
+                               $err_email = "<td><img src=\"images/widget.x.png\" border=\"0\" width=\"14\" height=\"14\"></td><td>$err_email</td>";                          
+                       }
+               }
        }
 
        if (!isset($_POST['bd_year']) or empty($_POST['bd_year']) or !isset($_POST['bd_month']) or empty($_POST['bd_month']) or !isset($_POST['bd_day']) or empty($_POST['bd_day']) or !is_numeric($_POST['bd_year']) or !is_numeric($_POST['bd_month']) or !is_numeric($_POST['bd_day'])or (strlen($_POST['bd_year']) > "4") or (strlen($_POST['bd_month']) > "2") or (strlen($_POST['bd_day']) > "2") or ($_POST['bd_month'] < 1) or ($_POST['bd_month'] > 12) or ($_POST['bd_day'] < 1) or ($_POST['bd_day'] > 31) or (date("Y", time() + $offset) < $_POST['bd_year']) or ((date("Y", time() + $offset) == $_POST['bd_year']) and (date("m", time() + $offset) < $_POST['bd_month'])) or ((date("Y", time() + $offset) == $_POST['bd_year']) and (date("m", time() + $offset) == $_POST['bd_month']) and (date("d", time() + $offset) < $_POST['bd_day']))) {
diff --git a/rel.txt b/rel.txt
index f82f4f4..d2706a5 100644
--- a/rel.txt
+++ b/rel.txt
@@ -1 +1 @@
-201008310224
+201009040433
 
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
32980 downloads
MAJ 1.0
26 files
13132 downloads
MAJ 0.14
45 files
35010 downloads