version 2 in progress

This commit is contained in:
jemjabella 2012-05-21 13:42:55 +01:00
commit 884256130e
28 changed files with 2841 additions and 0 deletions

230
README.txt Normal file
View File

@ -0,0 +1,230 @@
//--------------------
// READ ME
//--------------------
BellaBuffs v2 Copyright © Jem Turner 2006-2012
You are free to customise BellaBuffs (php code, style, appearance)
as much as you like providing the link to http://www.jemjabella.co.uk
remains ON the fanlisting management script. Because I'm a tightarse.
Installation of BellaBuffs is at your own risk. By using BellaBuffs
you agree not to hold Jem Turner of jemjabella.co.uk responsible for
any damages that may occur upon installing BellaBuffs or related plugins.
You also agree not to sell copies of the script, or services relating to the
script (i.e. installation, customisation, etc) without written permission
of Jem Turner. Because I'm a tightarse.
Support is currently on hold while I pop out sprogs.
Check the Girls Who Geek forums as most questions have already been answered:
http://girlswhogeek.com/forums/forum/jemjabella-scripts
//--------------------
// INSTRUCTIONS
//--------------------
1. Customise prefs.php - set your username, password and various preferences (yes or no etc)
2. Upload all of the files to a directory
3. CHMOD all of the txt files to 666 - this makes them writeable
4. CHMOD the buttons directory to 777
(BEWARE: can be a security risk! CHMOD 'buttons' to 755 when not using the upload feature)
NOTE: some hosts run PHP as CGI, which usually eradicates the need to change
the permissions on files and folders. Try joining as a test member before
CHMODing any files to see if this is true for you. This makes the script more
secure overall. If you get an error, CHMOD the files as above.
__________________________ HOW DO I CHMOD/CHANGE FILE PERMISSIONS?
There are lots of tutorials on CHMODing which can be found through Google:
http://www.google.com/search?q=chmod+tutorial
__________________________ HOW DO I ADD A LAYOUT TO MY FANLISTING?
The script is set up to use the popular header/footer include system. That
means you add the 'top' of your layout - things like divs, header images
etc. to the header.php file and the bottom of your layout - closing notices
and copyright signs - to the footer.php file.
For more information on PHP includes (for layout purposes) see this tutorial:
http://girlswhogeek.com/tutorials/2006/php-includes
__________________________ HOW DO I UPDATE MY FANLISTING?
Open your admin panel - this will be located in your online BellaBuffs folder
as admin.php. E.g. http://your-domain.com/bellabuffs/admin.php
Login and choose "Add Update". The date will automatically be inserted for you
into the form with the timestamp format set in config.php
Add your update. If you have no details, leave the details field blank and only
the date will be updated. Each update will replace the previous.
__________________________ HOW DO I ADD A BUTTON/CODE?
Open your admin panel - this will be located in your online BellaBuffs folder
as admin.php. E.g. http://your-domain.com/bellabuffs/admin.php
Login and choose "Add Button". Find the button/code on your computer.
If the button was donated, fill in the fields. If not, leave them blank. Buttons
will automatically be added and sorted on the buttons.php page.
__________________________ HOW DO I DISPLAY THE MEMBER/BUTTON/ETC COUNT?
This is done using the custom countfile() function. Simply add the
name of the file, as defined in config.php, between the brackets.
For example, to count the members, put: <?php countfile(MEMBERS); ?>
..to count the newbies: <?php countfile(NEWBIES); ?>
..to count the buttons: <?php countfile(BUTTONS); ?> .. etc.
__________________________ WHAT'S A CAPTCHA?
A captcha is generally an image that is automatically generated with a mixture of
letters and numbers on it that a person must fill out exactly right before they
are able to submit information through a form - in the case of the BellaBuffs
captcha, before they are allowed to join.
Because captchas are image based, they have accessibility implications. Please
consider those who browse with images turned off and/or those with eyesight
related disabilities before turning on the captcha - it is only needed if you suffer
from large amounts of bot-based spam.
You can read more about captchas at wikipedia: http://en.wikipedia.org/wiki/Captcha
__________________________ I AM LISTED AT THEFANLISTINGS.ORG, CAN I USE THE CAPTCHA?
I contacted the Senior Staff of TheFanlistings.Org because I wasn't sure - I was
told that the usage of captchas is allowed providing an alternative method is
displayed so that users who cannot for some reason display/use the captcha can
join too. This means that you MUST link to an e-mail address or other method of
contact as an alternative if you use the captcha.
__________________________ CAN I MANAGE MULTIPLE FANLISTINGS THROUGH BELLABUFFS?
You will need to install a separate version of BellaBuffs for each fanlisting you
wish to have on your site. Also, there is currently no collective feature for
BellaBuffs so each fanlisting has to be managed through it's own admin panel.
//--------------------
// FEATURES
//--------------------
* Spam word and IP blocking
* Valid country checking to prevent text injection
* E-mail scrambling and JavaScript protection
* Optional favourites field and spam-preventing captcha
* 'Paginate' members in admin panel too
* Sort members by country/join date
* Button ('code') upload & management
* Affiliate management (inc. button upload)
* Valid XHTML Transitional by default
* Auto-update date when approving member
* Optional update 'details' (single-entry) log
//--------------------
// FIXES IN VERS 2
//--------------------
- Update to countries list, as provided by Haley
- Updated contact form based on latest vers of Jem's PHP Mail Form (jemsmailform.com)
- New functions in functions.php for contact.php
- Updated join form to fix deprecated ereg errors + update spammy checks
- $maxpoints added to prefs.php
//--------------------
// FIXES IN VERS 1b-1f
//--------------------
In admin.php on line 216, !ctype_digit($line) replaced with !ctype_digit($_GET['mem'])
In join.php on line 62, checkTXTfile(SPAMWDS, $clean['name'] replaced with (checkTXTfile(SPAMWDS, $clean['name']
In join.php on line 62, checkTXTfile(SPAMWDS, $clean['fave'], "spamword") === true) { replaced with checkTXTfile(SPAMWDS, $clean['fave'], "spamword") === true)) {
More rigorous testing of file names added to prevent broken images if a comma is in button/affiliate file name.
Added check to see if member exists before sending update info form
Search functionality added to admin panel
Added meta injection checks (this should have been added before the script was released!)
//--------------------
// FIXES IN VERS 1g-1k
//--------------------
Fixed XHTML validity issue in admin.php (Thank you Shawna: http://www.eruantale.net)
Added extra checks to join.php & update.php, fixed email check in update.php
Fixed issue with uppercase emails being used in admin search
//--------------------
// FIXES IN VERS 1h: Suggestions and bug reports courtesy of Tea P. (http://colorfilter.net)
//--------------------
Fixed XHTML validity issue in form textareas in: join.php, update.php and contact.php
Changed value of submit button in contact.php (copy&paste error!)
Included footer.php in join.php error messages
Added fixEmail() to "Reply-To: " in e-mail admin section of join.php
Added "Please select a country:" option to join.php and update.php
Added dynamic link to approved/pending members edit section after editing member
Added count of members for each country in members.php
Changed broken $email to $admin_email in "Reply-To: " in approval section of admin.php
More sanitisation of dispemail in join.php to prevent empty lines/commas being submitted
Further improvements to cleanUp() in config.php to strip stray new lines not caught by trim()
//--------------------
// FIXES IN VERS 1l-1p
//--------------------
Fixed typos/wording errors in join.php, contact.php and update.php (Thanks Julie: http://jul13.ju.funpic.org)
checkTXTfile() function altered (config.php) to use in_array instead of preg_match
Footer link changed to match new URL (jemjabella.co.uk/scripts)
Closed file after blanklinefix() (config.php) as a safety precaution
Fixed data sanitisation bug in join.php caused by fix in 1k
Altered lastupdate() function making details optional (config.php)
Fixed dynamic "approve more members"/"no members to be approved" link (admin.php)
Fixed IP issue (blocked IPs caused country error) in config.php & join.php (Thanks Michele: http://www.absolutetrouble.com)
Changed captcha image to make it harder for bots to separate colours
//--------------------
// FIXES IN VERS 1q-1t
//--------------------
Fixed pagination bug created by optimisation in version 1m
Modified join.php to display inline errors; additional spam protection
Implemented two potential fixes for those losing members due to script time-out (config.php)
More tidying of admin.php to reduce superfluous code
Separated functions and preferences to allow for easier upgrading (config.php renamed to prefs.php)
Added "edit affiliate" and "edit button" button replacement functionality
Improved security to reduce CSRF risk (admin.php)
Implemented checkbox for mass approve & delete (admin.php)
Alternating row colours to visually distinguish members (admin.php)
Added default sort option, oldest or newest first (prefs.php, admin.php)
Populated spam words list with common spam and profanity (spamwds.txt)
Further user agent checking to defeat bots (join.php)
Fixed blank fave error caused by changes in 1r (join.php)
Added new line to admin.php when sorting members by oldest first
//--------------------
// CREDITS
//--------------------
Mucho thanks go to the following people for helping with BellaBuffs:
Amelie - http://not-noticeably.net
Katy - http://cathode-ray-coma.co.uk
Amelie and Katy were there for my constant swearing, frustrated
coding-related ramblings, bug testings, suggestions, snippy "I know best"
responses and major dense moments. Without them, this script would
not exist, and my partner Karl would get a lot more earache.
The following others also helped with last minute beta/bug testing:
Julie - http://jul13.ju.funpic.org
Frosty - http://telperionworld.com
Jenny - http://www.prism-perfect.net
Ang - http://www.silencia.net
Ilona - http://www.puwing.com
Tea P. - http://colorfilter.net
Michele - http://www.absolutetrouble.com

BIN
admin-icons/accept.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 781 B

BIN
admin-icons/delete.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 587 B

BIN
admin-icons/edit.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 714 B

1117
admin.php Normal file

File diff suppressed because it is too large Load Diff

19
affiliates.php Normal file
View File

@ -0,0 +1,19 @@
<?php
require_once('prefs.php');
include_once('header.php');
?>
<h1>Affiliates</h1>
<p>
<?php
if (filesize(AFFILIATES) > 0) {
$array = file(AFFILIATES);
foreach ($array as $value) {
list($affButton,$affName,$affEmail,$affURL,$affSitename) = preg_split("/,(?! )/",$value);
echo "<a href=\"$affURL\" title=\"affiliate: $affName of $affSitename\"><img src=\"buttons/$affButton\" alt=\"$affSitename button\" /></a>";
}
} else {
echo "There are no affiliates.";
} ?>
</p>
<?php include('footer.php'); ?>

0
affiliates.txt Normal file
View File

26
buttons.php Normal file
View File

@ -0,0 +1,26 @@
<?php
require_once('prefs.php');
include_once('header.php');
?>
<h1>Buttons (Codes)</h1>
<?php
if (filesize(BUTTONS) > 0) {
if (isset($_GET['p'])) {
if ($_GET['p'] != "[0-9]x[0-9]" && !ctype_alnum($_GET['p'])) {
echo "<p>That is not a valid button size. <a href=\"buttons.php\">See all sizes?</a></p>";
include('footer.php');
exit;
}
getButtonSizes();
list($width,$height) = preg_split("/x/",$_GET['p']);
getButtons($width, $height);
} else {
getButtonSizes();
}
} else {
echo "<p>There are no buttons.</p>";
}
include('footer.php'); ?>

0
buttons.txt Normal file
View File

BIN
captcha.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.9 KiB

17
captcha.php Normal file
View File

@ -0,0 +1,17 @@
<?php
session_start();
$md5 = md5(microtime() * mktime());
$string = substr($md5,0,5);
$captcha = imagecreatefromjpeg("captcha.jpg");
$black = imagecolorallocate($captcha, 0, 0, 0);
$line = imagecolorallocate($captcha,233,239,239);
imageline($captcha,0,0,39,29,$line);
imageline($captcha,40,0,64,29,$line);
imagestring($captcha, 5, 20, 10, $string, $black);
$_SESSION['key'] = md5($string);
header("Content-type: image/jpeg");
imagejpeg($captcha);
?>

115
contact.php Normal file
View File

@ -0,0 +1,115 @@
<?php
require_once('prefs.php');
$error_msg = null;
$result = null;
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (isBot() !== false)
$error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'];
// lets check a few things - not enough to trigger an error on their own, but worth assigning a spam score..
// score quickly adds up therefore allowing genuine users with 'accidental' score through but cutting out real spam :)
$points = (int)0;
$badwords = file(SPAMWDS);
foreach ($badwords as $word)
if (
strpos(strtolower($_POST['comments']), $word) !== false ||
strpos(strtolower($_POST['name']), $word) !== false
)
$points += 2;
if (strpos($_POST['comments'], "http://") !== false || strpos($_POST['comments'], "www.") !== false)
$points += 2;
if (isset($_POST['nojs']))
$points += 1;
if (preg_match("/(<.*>)/i", $_POST['comments']))
$points += 2;
if (strlen($_POST['name']) < 3)
$points += 1;
if (strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500))
$points += 2;
// end score assignments
foreach($requiredFields as $field) {
trim($_POST[$field]);
if (!isset($_POST[$field]) || empty($_POST[$field]))
$error_msg .= "Please fill in all the required fields and submit again.\r\n";
}
if (!preg_match("/^[a-zA-Z-'\s]*$/", stripslashes($_POST['name'])))
$error_msg .= "The name field is required, and must not contain special characters.\r\n";
if (!preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' . '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower($_POST['email'])))
$error_msg .= "The e-mail field is required, and must be a valid e-mail address.\r\n";
if (!empty($_POST['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $_POST['url']))
$error_msg .= "Invalid website url.\r\n";
if ($error_msg == NULL && $points <= $maxPoints) {
$subject = "Contact form submission from ". $title;
$message = "You received this e-mail message through your fanlisting: \n\n";
foreach ($_POST as $key => $val) {
$message .= ucwords($key) . ": " . clean($val) . "\r\n";
}
$message .= "\r\n";
$message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n";
$message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
$message .= 'Points: '.$points;
if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
$headers = "From: {$admin_email}\n";
$headers .= "Reply-To: {$_POST['email']}";
} else {
$headers = "From: {$title} <{$admin_email}>\n";
$headers .= "Reply-To: {$_POST['email']}";
}
if (mail($admin_email,$subject,$message,$headers)) {
$result = 'Your mail was successfully sent.';
$disable = true;
} else {
$error_msg = 'Your mail could not be sent this time. ['.$points.']';
}
} else {
if (empty($error_msg))
$error_msg = 'Your mail looks too much like spam, and could not be sent this time. ['.$points.']';
}
}
include_once('header.php');
?>
<h1>Contact Admin</h1>
<p>This form is for contacting the fanlisting owner only -- it is not to be used to join the fanlisting unless you have been directed to do so. (Name, e-mail and comments are required fields.)</p>
<?php
if ($error_msg != NULL)
echo '<p class="error">ERROR: '. nl2br($error_msg) . "</p>";
if ($result != NULL)
echo '<p class="success">'. $result . "</p>";
?>
<form action="contact.php" method="post">
<noscript>
<p><input type="hidden" name="nojs" id="nojs" /></p>
</noscript>
<p>
<label for="name">Name *</label><br /> <input type="text" id="name" name="name" value="<?php get_data("name"); ?>" /> <br />
<label for="email">E-mail *</label><br /> <input type="text" id="email" name="email" value="<?php get_data("email"); ?>" /> <br />
<label for="url">Website</label><br /> <input type="text" id="url" name="url" value="http://" /> <br />
<label for="reason">Reason for contact</label><br /> <select name="reason" id="reason">
<option value="affiliate-request">Affiliate Request</option>
<option value="couldnt-join">Joining Problem</option>
<option value="button-donation">Button Donation</option>
<option value="other">Other</option>
</select> <br />
<label for="comments">Comments *</label><br /> <textarea name="comments" id="comments" rows="3" cols="25"><?php get_data("comments"); ?></textarea><br />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Send" <?php if (isset($disable) && $disable === true) echo ' disabled="disabled"'; ?> />
</p>
</form>
<?php include('footer.php'); ?>

197
countries.txt Normal file
View File

@ -0,0 +1,197 @@
Afghanistan
Albania
Algeria
Andorra
Angola
Antigua and Barbuda
Argentina
Armenia
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Brazil
Brunei
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Central African Republic
Chad
Chile
China
Colombia
Comoros
Costa Rica
Cote D'Ivoire
Croatia
Cuba
Cyprus
Czech Republic
Democratic Republic of the Congo
Denmark
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
England
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Fiji
Finland
France
Gabon
Gambia
Georgia
Germany
Ghana
Greece
Grenada
Guatemala
Guinea
Guinea-Bissau
Guyana
Haiti
Honduras
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Israel
Italy
Jamaica
Japan
Jordan
Kazakhstan
Kenya
Kiribati
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Mauritania
Mauritius
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Zealand
Nicaragua
Niger
Nigeria
North Korea
Northern Ireland
Norway
Oman
Pakistan
Palau
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Poland
Portugal
Qatar
Republic of the Congo
Romania
Russia
Rwanda
Saint Kitts and Nevis
Saint Lucia
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Scotland
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Korea
Spain
Sri Lanka
Sudan
Suriname
Swaziland
Sweden
Switzerland
Syria
Tajikistan
Tanzania
Thailand
Togo
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
Uruguay
Uzbekistan
Vanuatu
Vatican
Venezuela
Vietnam
Wales
Yemen
Zambia
Zimbabwe

5
footer.php Normal file
View File

@ -0,0 +1,5 @@
<p>Powered by <a href="http://www.jemjabella.co.uk/scripts">BellaBuffs</a></p>
</body>
</html>

210
functions.php Normal file
View File

@ -0,0 +1,210 @@
<?php
$classA = "literow";
$classB = "darkrow";
define("MEMBERS", "members.txt");
define("NEWBIES", "newbies.txt");
define("IPBLOCKLST", "ipblock.txt");
define("SPAMWDS", "spamwds.txt");
define("COUNTRIES", "countries.txt");
define("BUTTONS", "buttons.txt");
define("AFFILIATES", "affiliates.txt");
define("UPDATES", "updates.txt");
function cleanUp($text) {
$text = strip_tags($text);
$text = str_replace(',', '|', str_replace('\r', '', str_replace('\n', '', trim(htmlentities($text)))));
return $text;
}
function isBot() {
$bots = array("Indy", "Blaiz", "Java", "libwww-perl", "Python", "OutfoxBot", "User-Agent", "PycURL", "AlphaServer", "T8Abot", "Syntryx", "WinHttp", "WebBandit", "nicebot", "Teoma", "alexa", "froogle", "inktomi", "looksmart", "URL_Spider_SQL", "Firefly", "NationalDirectory", "Ask Jeeves", "TECNOSEEK", "InfoSeek", "WebFindBot", "girafabot", "crawler", "www.galaxy.com", "Googlebot", "Scooter", "Slurp", "appie", "FAST", "WebBug", "Spade", "ZyBorg", "rabaz");
foreach ($bots as $bot)
if (stripos($_SERVER['HTTP_USER_AGENT'], $bot) !== false)
return true;
if (empty($_SERVER['HTTP_USER_AGENT']) || $_SERVER['HTTP_USER_AGENT'] == " ")
return true;
return false;
}
function get_countries($ThisCountry) {
$fh = @fopen(COUNTRIES, "r") or die ("Couldn't open the country list.");
while(!feof($fh)) {
$country = fgetcsv($fh, 4096);
for ($i=0; $i<1; $i++) {
echo "<option value=\"$country[0]\" "; if ($ThisCountry == $country[0]) { echo "selected=\"selected\""; } echo ">$country[0]</option>";
}
}
fclose($fh);
}
function lastupdate($showdetails = 'yes') {
$updatesArray = file(UPDATES);
foreach($updatesArray as $updateValue) {
list($date,$update) = preg_split("/,(?! )/",$updateValue);
echo str_replace('|', ',', $date);
if ($showdetails == "yes" && (!empty($update) || $update != "")) {
echo "<br /><strong>Update Details:</strong> " . stripslashes(str_replace('|', ',', $update));
}
}
}
function blanklinefix($inputfile) {
ignore_user_abort(true);
$content = file($inputfile);
if (count($content) > 0) {
$content = array_diff(array_diff($content, array("")), array("\n"));
$newContent = array();
foreach ($content as $line) {
$newContent[] = trim($line);
}
$newContent = implode("\n", $newContent);
$fl = fopen($inputfile, "w+");
if (flock($fl, LOCK_EX)) {
fwrite($fl, $newContent);
flock($fl, LOCK_UN);
} else {
echo 'The file: '.$inputfile.' could not be locked for writing; the blanklinefix function could not be applied at this time.';
}
fclose($fl);
}
ignore_user_abort(false);
}
function countfile($fileloc) {
$file = file($fileloc);
$count = count($file);
echo $count;
}
function checkTXTfile($file, $input, $inputtype) {
$Array = array();
$fh = @fopen($file, "r") or die ("Couldn't open $file.");
while(!feof($fh)) {
$item = fgetcsv($fh, 4096);
if ($inputtype == "country" || $inputtype == "ip") {
for ($i=0; $i<1; $i++) {
$Array[] = $item[0];
}
} elseif ($inputtype == "email") {
for ($i=0; $i<1; $i++) {
$Array[] = $item[1];
}
}
}
fclose($fh);
if (in_array($input, $Array)) {
return true;
} else {
return false;
}
}
function addmember($member) {
$data = file_get_contents(NEWBIES);
$fp = fopen(NEWBIES, "w") or die ("Couldn't open NEWBIES - you weren't added to the fanlisting.");
if (flock($fp, LOCK_EX)) {
fwrite($fp, $member);
flock($fp, LOCK_UN);
} else {
echo 'The file: newbies.txt could not be locked for writing; you could not be added at this time.';
}
fclose($fp);
$fp2 = fopen(NEWBIES, "a") or die ("Couldn't open NEWBIES.");
if (flock($fp2, LOCK_EX)) {
fwrite($fp2, $data);
flock($fp2, LOCK_UN);
} else {
echo 'The file: newbies.txt could not be locked for writing; other new members could not be re-added to newbies.txt';
}
fclose($fp2);
return true;
}
function breakEmail($email) {
$email = str_replace('.', 'DOTTY', $email);
$email = str_replace('@', 'ATTIE', $email);
$email = str_replace('-', 'DASHY', $email);
$email = str_replace('_', 'SCORE', $email);
return $email;
}
function fixEmail($email) {
$email = str_replace('DOTTY', '.', $email);
$email = str_replace('ATTIE', '@', $email);
$email = str_replace('DASHY', '-', $email);
$email = str_replace('SCORE', '_', $email);
return $email;
}
function getButtons($width, $height) {
echo "<p> \n";
$array = file(BUTTONS);
foreach ($array as $value) {
if (preg_match("/$width,$height/i", $value)) {
list($file,$width2,$height2,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$value);
$donatorUrl = trim($donatorUrl);
if ($donated == "yes") {
if ($donatorUrl != "") {
echo "<a href=\"$donatorUrl\" title=\"donated by $donator\"><img src=\"buttons/$file\" alt=\"{$width2}x{$height2} button\" /></a> \n";
} else {
echo "<img src=\"buttons/$file\" alt=\"{$width2}x{$height2} button\" title=\"donated by $donator\" /> \n";
}
} else {
echo "<img src=\"buttons/$file\" alt=\"{$width2}x{$height2} button\" /> \n";
}
}
}
echo "</p> \n";
}
function getButtonSizes() {
$array = file(BUTTONS);
$buttons_found = array();
foreach ($array as $value) {
list($file,$width,$height,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$value);
$buttons_found[] = $width . "x" . $height;
}
$buttons_found = array_unique($buttons_found);
natcasesort($buttons_found);
echo "<ul>";
foreach ($buttons_found as $size) {
echo "<li><a href=\"buttons.php?p={$size}\">{$size}</a></li> \n";
}
echo "<li><a href=\"buttons.php?p=[0-9]x[0-9]\">View All?</a></li>";
echo "</ul>";
}
function get_data($var) {
if (isset($_POST[$var]))
echo htmlspecialchars($_POST[$var]);
}
blanklinefix(COUNTRIES);
blanklinefix(IPBLOCKLST);
blanklinefix(MEMBERS);
blanklinefix(NEWBIES);
blanklinefix(SPAMWDS);
blanklinefix(BUTTONS);
blanklinefix(AFFILIATES);
blanklinefix(UPDATES);
error_reporting(E_ALL);
?>

29
header.php Normal file
View File

@ -0,0 +1,29 @@
<?php if (!is_writable(MEMBERS) || !is_writable(NEWBIES) || !is_writable(SPAMWDS) || !is_writable(BUTTONS) || !is_writable(AFFILIATES) || !is_writable(UPDATES)) {
echo "<p>This script cannot run unless the .txt files have been uploaded and have write permissions. Please ensure they are CHMODed/have permissions set to 666.</p>";
exit;
} ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
<title><?php echo $title; ?> - Powered by BellaBuffs</title>
</head>
<body>
<ul id="navigation">
<li><a href="index.php">Index</a></li>
<li><a href="buttons.php">Buttons</a></li>
<li><a href="join.php">Join</a></li>
<li><a href="members.php">Members</a></li>
<li><a href="affiliates.php">Affiliates</a></li>
<li><a href="contact.php">Contact</a></li>
</ul>

18
index.php Normal file
View File

@ -0,0 +1,18 @@
<?php
require_once('prefs.php');
include_once('header.php');
?>
<h1>Welcome to <?php echo $title; ?></h1>
<p>
<strong>Members:</strong> <?php countfile(MEMBERS); ?><br />
<strong>Pending:</strong> <?php countfile(NEWBIES); ?><br />
<strong>Last Update:</strong> <?php lastupdate(); ?>
</p>
<?php include('footer.php'); ?>

0
ipblock.txt Normal file
View File

206
join.php Normal file
View File

@ -0,0 +1,206 @@
<?php
$show_form = true;
$error_msg = NULL;
if (isset($_POST['submit'])) {
require_once('prefs.php');
if (isset($captcha) && $captcha == "yes") {
session_start();
if (isset($_SESSION['key'])) {
if(md5($_POST['captcha']) != $_SESSION['key']) {
setcookie(session_name(), '', time()-36000, '/');
$_SESSION = array();
session_destroy();
echo "<p>The text you entered didn't match the image, please <a href='join.php'>try again</a>.</p>";
include('footer.php');
exit;
}
if (isset($_SESSION['key']) && isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-36000, '/');
$_SESSION = array();
session_destroy();
}
} else {
echo "<p>The text you entered didn't match the image, please <a href='join.php'>try again</a>.</p>";
include('footer.php');
exit;
}
}
include_once('header.php');
if (isBot() !== false)
$error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'] . "\r\n";
if (substr_count($_POST['comments'], 'http://') > 1)
$error_msg .= "Too many URLs; we've assumed you're spam and 'lost' your application. Please try again without any extra URLs if you're a geniune person :)\r\n";
$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
if (filesize(SPAMWDS) > 0) $spamlist = file(SPAMWDS);
foreach ($_POST as $key => $val) {
if (isset($spamlist)) {
foreach ($spamlist as $spamword) {
if (preg_match("/(".trim($spamword).")/i", $val)) {
$error_msg .= "Your join application contains words in the spam list, please go back and remove references to obvious 'spam' material.\r\n";
}
}
}
if (preg_match($exploits, $val))
$error_msg .= "No meta injection, please.\r\n";
if (preg_match("/(<.*>)/i", $val))
$error_msg .= "No HTML, please.\r\n";
$clean[$key] = cleanUp($val);
}
// set default values for empty/unset fields
if (empty($clean['dispemail']))
$clean['dispemail'] = "no";
if (!isset($favefield) || $favefield == "no" || !isset($clean['fave']))
$clean['fave'] = NULL;
// let's do some security and spam checks
if (empty($clean['name']) || empty($clean['email']) || empty($clean['country']))
$error_msg .= "Name, e-mail and country are required fields. \r\n";
if (!preg_match("/^[a-zA-Z-'\s]*$/", $clean['name']))
$error_msg .= "That name is not valid. Your name must contain letters only, and must be less than 15 characters. \r\n";
if ($clean['dispemail'] != "yes" && $clean['dispemail'] != "no")
$error_msg .= "You didn't choose whether or not you'd like to show your e-mail address on the member list. \r\n";
if ($clean['fave'] != "" && (!preg_match("/^[a-zA-Z0-9-'\s]*$/", $clean['face']) || strlen($clean['fave']) > 20)) {
$error_msg .= "Your chosen \"favourite\" is not valid. It must contain letters and numbers only, and must be less than 20 characters. \r\n";
if (!preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' . '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower($clean['email'])))
$error_msg .= "The email address you have used is not valid. \r\n";
if (!empty($clean['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $clean['url']))
$error_msg .= "The website url you provided is not valid. Please remove and try again or fix the URL.\r\n";
if ($clean['country'] == "null" || (filesize(COUNTRIES) > 0 && checkTXTfile(COUNTRIES, $clean['country'], "country") === false)) {
$error_msg .= "Please select a valid country. \r\n";
if (filesize(IPBLOCKLST) > 0 && checkTXTfile(IPBLOCKLST, $_SERVER['REMOTE_ADDR'], "ip") === true) {
echo "<p>Your IP is in the block list, that means you're not allowed to join at this time. \r\n</p>";
exit(include('footer.php'));
}
if (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($clean['email']), "email") === true) {
echo "<p>You're already in the pending queue, you can't join twice!</p> \n";
exit(include('footer.php'));
}
if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($clean['email']), "email") === true) {
echo "<p>You're already a member of the fanlisting, you can't join twice!</p> \n";
exit(include('footer.php'));
}
if ($error_msg == NULL) {
$show_form = false;
// attempt to break email to piss off spammers :p
$clean['email'] = breakEmail(strtolower($clean['email']));
// send off some emails
if ($emailnewbies == "yes") {
$subject = "Thank you for joining $title";
$message = $thanksjoinMsg;
$message .= "Name: {$clean['name']} \n";
$message .= "Email: " . fixEmail($clean['email']) . " \n";
$message .= "URL: {$clean['url']} \n";
$message .= "Country: {$clean['country']} \n";
if (isset($favefield) && $favefield == "yes") {
$message .= "$favetext: {$clean['fave']} \n";
}
$message .= "Comments: {$clean['comments']} \n\n";
if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
$headers = "From: $admin_email \n";
$headers .= "Reply-To: $admin_email";
} else {
$headers = "From: $title <$admin_email> \n";
$headers .= "Reply-To: <$admin_email>";
}
mail(fixEmail($clean['email']),$subject,$message,$headers);
}
if ($emailadmin == "yes") {
$subject = "New member at $title";
$message = "There's a new member at your $FLsubject fanlisting with the following details: \n\n";
$message .= "Name: {$clean['name']} \n";
$message .= "Email: " . fixEmail($clean['email']) . " \n";
$message .= "URL: {$clean['url']} \n";
$message .= "Country: {$clean['country']} \n";
if (isset($favefield) && $favefield == "yes") {
$message .= "$favetext: {$clean['fave']} \n";
}
$message .= "Comments: {$clean['comments']} \n";
$message .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n";
$message .= "Manage members: {$FLurl}/admin.php?ap=manage_members&s=newbies";
if (!strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
$headers = "From: $admin_email \n";
$headers .= "Reply-To: " . fixEmail($clean['email']) . "";
} else {
$headers = "From: $title <$admin_email> \n";
$headers .= "Reply-To: <" . fixEmail($clean['email']) . ">";
}
mail($admin_email,$subject,$message,$headers);
}
// add the member to the newbies txt file
if (addmember("$clean[name],$clean[email],$clean[dispemail],$clean[url],$clean[country],$clean[fave]\n")) {
echo "<h1>Thank You</h1> \n <p>Thank you for joining $title, the fanlisting for $FLsubject!</p>";
} else {
echo "<h1>Oh Dear!</h1> \n <p>Your application could not be added at this time. Please contact the owner of the fanlisting for help.</p>";
}
}
}
if (!isset($_POST['submit']) || $show_form == true) {
require_once('prefs.php');
include_once('header.php');
?>
<h1>Join the Fanlisting</h1>
<p>To join the fanlisting, fill in your details below. Please do not use this form to update; use the <a href="update.php">update form</a> instead.</p>
<p>(Name, E-mail and Country are required fields.)</p>
<?php
if ($error_msg != NULL) {
echo "<p><strong style='color: red;'>ERROR:</strong><br />";
echo nl2br($error_msg) . "</p>";
}
if (isset($_POST['country'])) $country = $_POST['country']; else $country = NULL;
?>
<form action="join.php?p=process" method="post"><p>
<label>Name *</label><br /> <input type="text" id="name" name="name" value="<?php get_data("name"); ?>" /> <br />
<label>E-mail *</label><br /> <input type="text" id="email" name="email" value="<?php get_data("email"); ?>" /> <br />
<label>Display E-mail?</label><br />
<input type="radio" id="dispemailyes" name="dispemail" value="yes" checked="checked" /> Yes
<input type="radio" id="dispemailno" name="dispemail" value="no" /> No<br />
<label>Website</label><br /> <input type="text" id="url" name="url" value="<?php get_data("url"); ?>" /> <br />
<label>Country *</label><br /> <select name="country" id="country"><option value="null">Please select a country:</option><?php get_countries($country); ?></select> <br />
<?php
if (isset($favefield) && $favefield == "yes") {
?>
<label><?php echo $favetext; ?></label><br /> <input type="text" id="fave" name="fave" value="<?php get_data("fave"); ?>" /> <br />
<?php
}
if (isset($captcha) && $captcha == "yes") {
?>
<img src="captcha.php" alt="" /><br />
<label>Captcha</label><br /> <input type="text" name="captcha" id="captcha" /> <br />
<?php
}
?>
<label>Comments</label><br /> <textarea id="comments" name="comments" rows="3" cols="25"><?php get_data("comments"); ?></textarea><br />
<input type="submit" name="submit" id="submit" value="Join" />
</p></form>
<?php
}
include('footer.php');
?>

13
logout.php Normal file
View File

@ -0,0 +1,13 @@
<?php
if (isset($_COOKIE['bellabuffs'])) {
setcookie('bellabuffs', "");
header("Location: logout.php");
exit;
}
include('prefs.php');
include('header.php');
echo "<p>You are now logged out.</p>";
include('footer.php');
?>

147
members.php Normal file
View File

@ -0,0 +1,147 @@
<?php
require_once('prefs.php');
include_once('header.php');
if(!fopen(MEMBERS, "r")) {
echo "<p>Could not open members file. Please verify permissions (CHMOD - 666) and actual existence.</p>";
} else {
if (filesize(MEMBERS) > 0) {
$members = file(MEMBERS);
$queryURL = "";
if (isset($_GET['s']) && $_GET['s'] == "sortName") {
natcasesort($members);
$members = array_values($members);
$queryURL = "&amp;s=sortName";
} elseif (isset($_GET['s']) && $_GET['s'] == "sortCountry") {
$countryArray = file(COUNTRIES);
foreach($countryArray as $country) {
$countryArray[] = rtrim($country);
}
if (!isset($_GET['c']) || in_array($_GET['c'], $countryArray) === FALSE) {
// find out who has joined with which country and stick them in an array
foreach ($members as $mem) {
list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$mem);
$newArray[] = $country;
}
// count each time country occurs
$countryCount = array_count_values($newArray);
// sort the array so that the countries are in alphabetical order
$newArray = array_unique($newArray);
natcasesort($newArray);
// display the countries
echo "<ul>";
foreach ($newArray as $country) {
foreach ($countryCount as $key => $cc) {
if ($key == $country) {
echo "<li><a href=\"members.php?s=sortCountry&amp;c=".urlencode($country)."\">$country</a> ($cc members)</li>";
}
}
}
echo "</ul>";
exit(include("footer.php"));
} else {
foreach ($members as $key => $memb) {
list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$memb);
if (preg_match("/($_GET[c])/i", $country)) {
$NEWmembers[] = "$name,$email,$dispemail,$url,$country,$fave";
}
}
$members = $NEWmembers;
natcasesort($members);
$members = array_values($members);
unset($NEWmembers);
$queryURL = "&amp;s=sortCountry&amp;c=".urlencode($country);
}
}
$count = count($members);
$numpages = ceil($count/$perpage);
if ($perpage < $count) {
echo "<p style=\"text-align: center;\">$count members | ";
if (isset($_GET['page']) && $_GET['page'] > 1 && $_GET['page'] <= $numpages) {
$prev = $_GET['page'] - 1;
echo "<a href='members.php?page={$prev}$queryURL'>Prev</a> &middot; ";
} else {
echo "Prev &middot; ";
}
for ($x=1; $x<=$numpages; $x++) {
if ((isset($_GET['page']) && $x == $_GET['page']) || (!isset($_GET['page']) && $x == 1)) {
echo "<strong>$x</strong> ";
} else {
echo "<a href=\"members.php?page=$x$queryURL\">$x</a> ";
}
}
if ((!isset($_GET['page'])) || (isset($_GET['page']) && $_GET['page'] < $numpages)) {
if (!isset($_GET['page'])) {
$_GET['page'] = 1;
}
$next = $_GET['page'] + 1;
echo " &middot; <a href='members.php?page={$next}$queryURL'>Next</a>";
} else {
echo " &middot; Next";
}
echo "</p> \n\n ";
} else {
echo "<p style=\"text-align: center;\">$count members</p>";
}
if (isset($_GET['page']) && is_numeric($_GET['page'])) {
$i=$perpage*($_GET['page']-1);
} else {
$i=0;
}
$end = $i + $perpage;
if ($end > $count) { $end = $count; }
?>
<table style="width: 100%;">
<tr> <th>Name</th> <th>E-mail</th> <th>Website</th> <th>Country</th> <?php if (isset($favefield) && $favefield == "yes") { echo "<th>{$favetext}</th>"; } ?> </tr>
<?php
while ($i<$end) {
list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$members[$i]);
$fave = trim($fave, "\"\x00..\x1F");
if ($dispemail == "yes") {
// this bit of javascript prevents the email address being picked up by bots
$email = "
<script type=\"text/javascript\">
<!--//
document.write('<a href=\"mailto:".fixEmail($email)."\">e-mail<\/a>');
//-->
</script>
";
} else {
$email = "<del>e-mail</del>";
}
if (empty($url) || $url == "http://") $url = "<del>www</del>"; else $url = "<a href=\"$url\" title=\"$name's website\">www</a>";
echo "
<tr> <td>$name</td>
<td>$email</td>
<td>$url</td> <td>$country</td>
";
if (isset($favefield) && $favefield == "yes") { echo "<td>" . str_replace('|', ',', stripslashes($fave)) . "</td>"; }
echo "</tr>";
$i++;
}
?>
</table>
<p><a href="members.php?s=sortName">Sort by Name</a> &middot; <a href="members.php?s=sortCountry">Sort by Country</a></p>
<?php
} else {
echo "<p>No members have joined yet!</p>";
}
}
include('footer.php'); ?>

0
members.txt Normal file
View File

0
newbies.txt Normal file
View File

43
prefs.php Normal file
View File

@ -0,0 +1,43 @@
<?php
// FANLIST SETTINGS
$title = "My Fanlisting"; // name of fanlisting
$FLsubject = "subject"; // subject of fanlisting (e.g "coffee")
$FLurl = "http://yourdomain.com/fanlisting"; // url of fanlisting - no trailing slash (don't add a '/' at the end)!
// ADMIN SETTINGS
$admin_name = "admin"; // admin username
$admin_pass = "password"; // admin password
$admin_email = "you@your-domain.com"; // admin e-mail address
$secret = "pleasechangeme123"; // this is like a second password. you won't have to remember it, so make it random
// EMAIL SETTINGS
$emailnewbies = "no"; // (yes or no) email new members after joining ($admin_email must be filled in, above)
$emailadmin = "no"; // (yes or no) email admin when new member joins ($admin_email must be filled in, above)
$emailapproval = "no"; // (yes or no) email member when approved ($admin_email must be filled in, above)
// message e-mailed to new members on join. use \n for a new line
// use \r\n for a new line, member details will automatically appear underneath
$thanksjoinMsg = "Thank you for joining my fanlisting: $title \r\nWe will process your application shortly.";
// message e-mailed to new members on approval.
// use \r\n for a new line, member details automatically appear underneath
$approvalMsg = "You've been approved at the fanlisting: $title with the following details: \r\n\r\n";
// GENERAL SETTINGS
$perpage = 30; // number of members per page
$captcha = "no"; // (yes or no) enable captcha on join form?
$favefield = "no"; // (yes or no) have a favourite field? yes or no
$favetext = "Your favourite .. ?"; // the text to display next to the fave field
$timestamp = "dS F, y"; // timestamp for last update on index.php (see php.net/date)
$updateDate = "yes"; // (yes or no) update date on index when new member approved or member edited
$defaultSort = "newest"; // newest or oldest first in the members list?
$maxPoints = 4; // max spam points a person can hit before contact refuses to submit - recommend 4
// REQUIRED TO WORK
require_once('functions.php');
?>

279
spamwds.txt Normal file
View File

@ -0,0 +1,279 @@
asshole
bastard
beastial
bestial
bitch
blowjob
clit
cock
cum
cunilingus
cunillingus
cunnilingus
cunt
dink
dinks
ejaculate
fag
felatio
fellatio
fuck
fuk
fuks
gangbang
gangbanged
gangbangs
goddamn
horniest
horny
hotsex
jism
jiz
kock
kondum
kum
kunilingus
lust
lusting
nigger
niggers
orgasim
orgasims
orgasm
orgasms
phonesex
phuk
phuq
porn
prick
pussies
pussy
shited
shitfull
shiting
shitings
shitted
shitter
shitters
shitting
shittings
slut
sluts
smut
spunk
twat
xxx
abercrombie
acadia
activistmagazine
adipex
advair
advait
adware
aguilera
airline
aktivex
aleuzeneve
allegra
alprazolam
alproot
ambian
ambien
ameriquest
amigo
amoxicillin
antivert
aphthasol
aristocort
asitehost
atarax
ativan
backgammon
baldness
bankrupcy
bentyl
bestmovies
bestop
bingo
biz
blackjack
blogshot
blowjob
bondage
bonsai
buon
buspar
busty
cadillac
carburatore
carisoprodol
cascata
cashette
casino
cavalli
caverta
celexa
chevrolet
chinaartgallery
cialis
cigarette
cipro
ciprofloxacin
claritin
comunalia
comunicazione
consolidation
danazol
dating
debt
deliver
diazepam
diflucan
digoxin
discount
drug
ebony
ecard
ejaculation
emeets
ephedra
evista
exelon
fetish
fisting
flexeril
flomaxonline
forex
formular
fotti
gallup
gambling
gangbang
hairlossmale
handbag
hanghonggongshi
hawaii
hellow
hentai
holdem
homebuymail
hoop
hydrocodone
insurance
investing
jeezy
jennajameson
joesmitt
levaquin
levitra
lipitor
lixium
lotto
lukxi
luminoso
luogo
medication
medicine
meds
medved
meridia
milf
mortage
mortgage
mortgage
nano
nemoforone
network54
neurontin
nexium
noonhost
nude
online
oscilloscope
pantyhose
paxil
pehntermine
penis
percocet
pharmacy
phendimetrazine
phentermine
phentermnie
phentremine
pill
playboy
poker
pokerstars
pontiac
porn
pregnancy
propecia
prozac
purse
pursefiling
ranitidine
rectal
rental
replica
ringtone
ringtones
ritalin
rolex
roulette
roullette
sesso
sex
shemale
shurl
silagra
skpialml1
slot
slots
smoking
softcracks
sogonet
soho
solyak1
soma
soulfeet
spank
spartan
spyware
stalb0
steroid
striptease
sunglasses
tamiflu
tits
toledo
topfarm
tramadol
tranny
url=
v1tamin
vaccum
valium
valtrex
vassar
verison
vi5ta
viagra
vicodin
vinokurov
virgilio
virtualcar
warez
watches
wboard
wellbutrin
wirless
www12
wwww
xanax
xenical
xoom
xoomer
xrumer
yahho
zole
zoloft

35
stylesheet.css Normal file
View File

@ -0,0 +1,35 @@
body {
font: 11px/15px Verdana, Sans-Serif;
}
img { border: 0; }
td { padding: 3px; }
#navigation {
list-style-type: none;
margin: 0;
padding: 0;
}
#navigation li {
display: inline;
padding: 2px 8px;
}
/* control row colours in admin */
.literow { background: #fff; }
.darkrow { background: #ddd; }
/* error/success msg colours on forms */
p.error, p.success {
font-weight: bold;
padding: 10px;
border: 1px solid;
}
p.error {
background: #ffc0c0;
color: #900;
}
p.success {
background: #b3ff69;
color: #4fa000;
}

135
update.php Normal file
View File

@ -0,0 +1,135 @@
<?php
if (isset($_GET['p'])) { $page = $_GET['p']; } else { $page = ""; }
switch ($page) {
case "process":
require_once('prefs.php');
if (isset($captcha) && $captcha == "yes") {
session_start();
if (isset($_SESSION['key'])) {
if(md5($_POST['captcha']) != $_SESSION['key']) {
setcookie(session_name(), '', time()-36000, '/');
$_SESSION = array();
session_destroy();
echo "<p>The text you entered didn't match the image, please <a href='update.php'>try again</a>.</p>";
include('footer.php');
exit;
}
if (isset($_SESSION['key']) && isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-36000, '/');
$_SESSION = array();
session_destroy();
}
} else {
echo "<p>The text you entered didn't match the image, please <a href='update.php'>try again</a>.</p>";
include('footer.php');
exit;
}
}
include_once('header.php');
if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") {
echo "<p>Accessing this page directly is not allowed.</p>\n\n";
include('footer.php');
exit;
}
$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload)/i";
foreach ($_POST as $key => $val) {
$clean[$key] = cleanUp($val);
if (filesize(SPAMWDS) > 0 && (checkTXTfile(SPAMWDS, $val, "spamword") === true)) {
echo "<p>Your application contains words in the spam list, that means you're not allowed to join at this time. \n</p>";
exit(include('footer.php'));
}
if (preg_match($exploits, $val)) {
echo "<p>No meta injection, please. \n</p>";
exit(include('footer.php'));
}
}
if ((filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail(strtolower($clean['email'])), "email") === true) || (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail(strtolower($clean['email'])), "email") === true)) {
if (empty($clean['name']) || empty($clean['email'])) {
echo "<p>Name and e-mail are required fields. Please <a href='javascript:history.back(1)'>go back</a> and try again.\n</p>";
exit(include('footer.php'));
} elseif (!ereg("^[A-Za-z' -]",$clean['name']) || strlen($clean['name']) > 15) {
echo "<p>That name is not valid. Your name must contain letters only, and must be less than 15 characters. Please <a href='javascript:history.back(1)'>go back</a> and try again.\n</p>";
exit(include('footer.php'));
} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($clean['email']))) {
echo "<p>Your old e-mail address is not valid. Please <a href='javascript:history.back(1)'>go back</a> and try again.\n</p>";
exit(include('footer.php'));
} elseif (!empty($clean['newemail']) && !ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($clean['newemail']))) {
echo "<p>Your new e-mail address is not valid. Please <a href='javascript:history.back(1)'>go back</a> and try again.\n</p>";
exit(include('footer.php'));
}
$subject = "Update member at $title";
$message = "A member at your $FLsubject fanlisting wants updating with following details: \n\n";
$message .= "Name: {$clean['name']} \n";
$message .= "Email: ".strtolower($clean['email'])." \n";
$message .= "New Email: {$clean['newemail']} \n";
$message .= "New URL: {$clean['newurl']} \n";
$message .= "Country: {$clean['country']} \n";
$message .= "Comments: {$clean['comments']} \n";
$message .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n";
$message .= "Manage members: {$FLurl}/admin.php";
if (!strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
$headers = "From: $admin_email \n";
$headers .= "Reply-To: $clean[email]";
} else {
$headers = "From: $title <$admin_email> \n";
$headers .= "Reply-To: <$clean[email]>";
}
if (mail($admin_email,$subject,$message,$headers)) {
echo "<h1>Update Sent!</h1> \n <p>Your updated information has been sent.</p>";
} else {
echo "<h1>Oops!</h1> \n <p>Your updated information could not be sent this time, please contact the fanlisting owner.</p>";
}
} else {
echo "<p>You're not a member! Only current members can update their information.</p> \n";
include('footer.php');
exit;
}
break;
default:
require_once('prefs.php');
include_once('header.php');
?>
<h1>Update Your Details</h1>
<p>To update your details, fill in your information below. Please do not use this form to join; use the <a href="join.php">join form</a> instead.</p>
<p>(Name, Old E-mail and Country are required fields.)</p>
<form action="update.php?p=process" method="post"><p>
<label>Name *</label><br /> <input type="text" id="name" name="name" /> <br />
<label>Old E-mail *</label><br /> <input type="text" id="email" name="email" /> <br />
<label>New E-mail</label><br /> <input type="text" id="newemail" name="newemail" /> <br />
<label>Display E-mail?</label><br />
<input type="radio" id="dispemailyes" name="dispemail" value="yes" checked="checked" /> Yes
<input type="radio" id="dispemailno" name="dispemail" value="no" /> No<br />
<label>New Website?</label><br /> <input type="text" id="newurl" name="newurl" value="http://" /> <br />
<label>Country *</label><br /> <select name="country" id="country"><option value="null">Please select a country:</option><?php get_countries("null"); ?></select> <br />
<?php
if (isset($captcha) && $captcha == "yes") {
?>
<img src="captcha.php" alt="" /><br />
<label>Captcha</label><br /> <input type="text" name="captcha" id="captcha" /> <br />
<?php
}
?>
<label>Comments</label><br />
<textarea name="comments" id="comments" rows="3" cols="25"></textarea><br />
<input type="submit" name="submit" id="submit" value="Update" />
</p></form>
<?php
break;
}
include('footer.php');
?>

0
updates.txt Normal file
View File