Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This commit has been accessed 884 times via Git panel.

commit e5ce10b18fa0c083b798c719a5621b4b1c91dc1b
tree 4f73c22a74e115e5b540b0afec6d6e6caf1fe733
parent 6a45f462755236d8343e805c72445e88859bab43
author Engels Antonio <engels@majcms.org> 1277314192 +0800
committer Engels Antonio <engels@majcms.org> 1277314192 +0800

    maj-0.14-20071208-bb.zip

diff --git a/edit.php b/edit.php
index 579644a..b75e7c5 100644
--- a/edit.php
+++ b/edit.php
@@ -30,6 +30,10 @@ if (!isset($_REQUEST['entry'])) {
        exit();
 }
 
+if (!file_exists("data/items/{$_REQUEST['entry']}")) {
+       exit();
+}
+
 if (!isset($_SESSION['logged_in'])) {
        exit();
 }
@@ -844,7 +848,6 @@ if (file_exists("data/wiki.txt") and (($title_get_content != file_get_contents("
                mkdir("data/items/{$_REQUEST['entry']}/wiki/delta/$ddate");
        }
 
-       copy("data/items/{$_REQUEST['entry']}/author.txt","data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/author.txt");
        copy("data/items/{$_REQUEST['entry']}/body.txt","data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/body.txt");
        copy("data/items/{$_REQUEST['entry']}/date.txt","data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/date.txt");
        copy("data/items/{$_REQUEST['entry']}/title.txt","data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/title.txt");
@@ -852,6 +855,11 @@ if (file_exists("data/wiki.txt") and (($title_get_content != file_get_contents("
        if (file_exists("data/items/{$_REQUEST['entry']}/contrib.txt")) {
                copy("data/items/{$_REQUEST['entry']}/contrib.txt","data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/contrib.txt");
        }
+
+       $open_editor_file = fopen("data/items/{$_REQUEST['entry']}/wiki/delta/$ddate/editor.txt","w");
+       fwrite($open_editor_file,$_SESSION['logged_in']);
+       fclose($open_editor_file);
+
 }
 
 // end of wiki mod (20071130)
diff --git a/index.php b/index.php
index 531c08f..8096e76 100644
--- a/index.php
+++ b/index.php
@@ -3,6 +3,11 @@
 ini_set("session.use_trans_sid", 0);
 
 session_start();
+
+if (isset($SESSION['logged_in']) and ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])) {
+       header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/login.php");
+}
+
 header("Cache-control: private");
 
 error_reporting(E_ERROR);
@@ -94,7 +99,7 @@ if (!file_exists("data/author.txt")) {
 
 $login_username = file_get_contents("data/username.txt");
 
-if ((!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username))) {
+if (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username)) {
        $global_hits_file = fopen("data/hits.txt", "r");
        $global_hits_count = fread($global_hits_file, filesize("data/hits.txt"));
        fclose($global_hits_file);
@@ -406,25 +411,15 @@ if (isset($_REQUEST['entry']) and !empty($_REQUEST['entry'])) {
                // $body_content = str_replace('href=', 'target=_maj href=', $body_content);
                $body_content = str_replace("\n", '<br />', $body_content);
                $body_content = trim($body_content);
-
                $body_content = str_replace(':((', '<img src=images/smileys/crying.png border=0>', $body_content);
-
                $body_content = str_replace(':(', '<img src=images/smileys/frown.png border=0>', $body_content);
-
                $body_content = str_replace(':|', '<img src=images/smileys/indifferent.png border=0>', $body_content);
-
                $body_content = str_replace(':D', '<img src=images/smileys/laughing.png border=0>', $body_content);
-
                $body_content = str_replace(':P', '<img src=images/smileys/lick.png border=0>', $body_content);
-
                $body_content = str_replace(':O', '<img src=images/smileys/ohno.png border=0>', $body_content);
-
                $body_content = str_replace(':)', '<img src=images/smileys/smile.png border=0>', $body_content);
-
                $body_content = str_replace('=)', '<img src=images/smileys/surprised.png border=0>', $body_content);
-
                $body_content = str_replace(':\\', '<img src=images/smileys/undecided.png border=0>', $body_content);
-
                $body_content = str_replace(';)', '<img src=images/smileys/wink.png border=0>', $body_content);
 
                $fp_body_txt = fopen("$check/comments/pending/$comment_entry_dir/comment.txt","w");
diff --git a/login.php b/login.php
index 6d42f7f..1181d9e 100644
--- a/login.php
+++ b/login.php
@@ -1,7 +1,9 @@
 <?php
 
 session_start();
+
 session_regenerate_id();
+
 header("Cache-control: private");
 
 error_reporting(E_ERROR);
@@ -118,6 +120,7 @@ if ($login_username != $_REQUEST['username'] || $login_password != $crypt_passwo
 }
 
 $_SESSION['logged_in'] = $_REQUEST['username'];
+$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
 
 $lastlog = date("YmdHis", time() + $offset);
 $fp_lastlog_txt = fopen($last_login,"w");
diff --git a/wiki.php b/wiki.php
new file mode 100644
index 0000000..8b41e7c
--- /dev/null
+++ b/wiki.php
@@ -0,0 +1,244 @@
+<?php
+session_start();
+header("Cache-control: private");
+
+error_reporting(E_ERROR);
+
+if (get_magic_quotes_gpc()) {
+       function stripslashes_array($data) {
+               if (is_array($data)){
+                        foreach ($data as $key => $value){
+                                 $data[$key] = stripslashes_array($value);
+                        }
+                        return $data;
+               }
+               else{
+                        return stripslashes($data);
+               }
+       }
+
+       $_REQUEST = stripslashes_array($_REQUEST);
+}
+
+$login_username = file_get_contents("data/username.txt");
+
+if (!isset($_REQUEST['entry'])) {
+       exit();
+}
+
+if (!file_exists("data/items/{$_REQUEST['entry']}")) {
+       exit();
+}
+
+if (!isset($_SESSION['logged_in'])) {
+       exit();
+}
+
+$do = 0;
+
+if ($_SESSION['logged_in'] == $login_username) {
+       $do = 1;
+}
+
+
+if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/wiki.txt") and file_exists("data/items/{$_REQUEST['entry']}/edit.txt")) {
+       $do = 1;
+}
+
+if ($do == 0) {
+       exit();
+}
+
+function rmdirr($recurse_dirname) {
+
+    if (!file_exists($recurse_dirname)) {
+        return false;
+    }
+
+    if (is_file($recurse_dirname)) {
+        return unlink($recurse_dirname);
+    }
+
+    $recurse_dir = dir($recurse_dirname);
+    while (false !== $recurse_entry = $recurse_dir->read()) {
+
+        if ($recurse_entry == '.' || $recurse_entry == '..') {
+            continue;
+        }
+
+        rmdirr("$recurse_dirname/$recurse_entry");
+    }
+
+    $recurse_dir->close();
+    return rmdir($recurse_dirname);
+}
+
+?>
+
+<style>
+body {
+       color: #666666;
+       margin: 10px;
+       padding: 0px;
+       text-align: left;
+       font-family: <?php
+                               if (file_exists("data/fonts/body.txt")) {
+                                       $font_body = file_get_contents("data/fonts/body.txt");
+                                       echo "{$font_body},";
+                               }
+       ?> arial, helvetica, sans-serif;
+       background-color: #ffffff;
+}
+
+p, td {
+       font-size: 11px;
+}
+
+a {
+       font-weight: bold;
+       text-decoration: none;
+}
+
+a:link, a:visited {
+       color: #666666;
+}
+
+a:hover {
+       color: #336699;
+}
+
+a:active {
+       color: #336699;
+}
+
+.input_title {        
+       color: #666666;
+       background: #ffffff;
+       border: #999999 solid 1px;
+       width: 525px;
+       font-family: <?php
+                               if (file_exists("data/fonts/panel-title.txt")) {
+                                       $font_panel_title = file_get_contents("data/fonts/panel-title.txt");
+                                       echo "{$font_panel_title},";
+                               }
+       ?> arial, helvetica, sans-serif;
+       font-size: 11px;
+       font-weight: bold
+}
+
+.input_body {  
+       color: #666666;
+       background: #ffffff;
+       border: #999999 solid 1px;
+       width: 525px;
+       font-family: <?php
+                               if (file_exists("data/fonts/panel-body.txt")) {
+                                       $font_panel_body = file_get_contents("data/fonts/panel-body.txt");
+                                       echo "{$font_panel_body},";
+                               }
+       ?> arial, helvetica, sans-serif;
+       font-size: 11px
+}
+
+#panel_title {
+       font-family: <?php
+                               if (file_exists("data/fonts/panel-title.txt")) {
+                                       $font_panel_title = file_get_contents("data/fonts/panel-title.txt");
+                                       echo "{$font_panel_title},";
+                               }
+       ?> arial, helvetica, sans-serif;
+       font-size: 12px;
+       font-weight: bold;
+       color: #666666;
+       padding: 5px 5px 5px 5px;
+       background-color: #ffffff;
+       margin: 0px;
+       border-color: #CCCCCC;
+       border-width: 1px 1px 0px 1px;
+       border-style: solid solid none solid;
+}
+
+#panel_body {
+       font-family: <?php
+                               if (file_exists("data/fonts/panel-body.txt")) {
+                                       $font_panel_body = file_get_contents("data/fonts/panel-body.txt");
+                                       echo "{$font_panel_body},";
+                               }
+       ?> arial, helvetica, sans-serif;
+       font-size: 11px;
+       color: #666666;
+       padding: 5px 5px 5px 5px;
+       background-color: #ffffff;
+       margin: 0px;
+       border-color: #CCCCCC;
+       border-width: 1px 1px 1px 1px;
+       border-style: solid solid solid solid;
+}
+
+#panel_footer {
+       font-family: <?php
+                               if (file_exists("data/fonts/panel-footer.txt")) {
+                                       $font_panel_footer = file_get_contents("data/fonts/panel-footer.txt");
+                                       echo "{$font_panel_footer},";
+                               }
+       ?> arial, helvetica, sans-serif;
+       font-size: 11px;
+       color: #666666;
+       padding: 5px 5px 5px 5px;
+       background-color: #ffffff;
+       margin: 0px;
+       border-color: #CCCCCC;
+       border-width: 0px 1px 1px 1px;
+       border-style: none solid solid solid;
+}
+</style>
+
+<?php
+
+$entry = $_REQUEST['entry'];
+
+if (file_exists("data/items/$entry/wiki/delta")) {
+
+       if ($dh_delta = opendir("data/items/$entry/wiki/delta")) {
+
+               while (($entry_delta = readdir($dh_delta)) !== false) {
+
+                       if ($entry_delta != "." && $entry_delta != "..") {
+                               $show_delta[] = $entry_delta;
+                       }
+               }
+               closedir($dh_delta);
+       }
+       sort($show_delta);
+       reset($show_delta);
+       $count_delta = count($show_delta);
+
+       if ($count_delta > 0) {
+
+               foreach ($show_delta as $item) {
+
+                       $title = file_get_contents("data/items/$entry/wiki/delta/$item/title.txt");
+                       $body = file_get_contents("data/items/$entry/wiki/delta/$item/body.txt");
+                       $date = file_get_contents("data/items/$entry/wiki/delta/$item/date.txt");
+                       $author = file_get_contents("data/items/$entry/author.txt");
+                       $editor = file_get_contents("data/items/$entry/wiki/delta/$item/editor.txt");
+      
+                       $itemYear = substr($item,0,4);
+                       $itemMonth = substr($item,4,2);
+                       $itemDay = substr($item,6,2);
+                       $itemHour = substr($item,8,2);
+                       $itemMinute = substr($item,10,2);
+                       $itemSecond = substr($item,12,2);
+
+                       $mod = date("l, M j, g:i A", mktime($itemHour,$itemMinute,$itemSecond,$itemMonth,$itemDay,$itemYear));
+
+                       echo "<p><table border=0 cellspacing=0 cellpadding=0 bgcolor=#CCCCCC><tr><td width=525>";
+                       echo "<div id=panel_title>$title</div>";
+                       echo "<div id=panel_body><font style=\"font-size: 10px; color: #999999;\">$author - $date<br><br></font>$body</div>";
+                       echo "<div id=panel_footer>Edited by $editor last $mod</div>";
+                       echo "</td></tr></table></p>";
+               }
+       }
+}
+
+?>
 
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
32980 downloads
MAJ 1.0
26 files
13132 downloads
MAJ 0.14
45 files
35010 downloads