commit 884256130ed226c22cd9d3ee0c083f1d005b7844 Author: jemjabella Date: Mon May 21 13:42:55 2012 +0100 version 2 in progress diff --git a/README.txt b/README.txt new file mode 100644 index 0000000..de52c5f --- /dev/null +++ b/README.txt @@ -0,0 +1,230 @@ +//-------------------- +// READ ME +//-------------------- +BellaBuffs v2 Copyright © Jem Turner 2006-2012 + +You are free to customise BellaBuffs (php code, style, appearance) +as much as you like providing the link to http://www.jemjabella.co.uk +remains ON the fanlisting management script. Because I'm a tightarse. + +Installation of BellaBuffs is at your own risk. By using BellaBuffs +you agree not to hold Jem Turner of jemjabella.co.uk responsible for +any damages that may occur upon installing BellaBuffs or related plugins. +You also agree not to sell copies of the script, or services relating to the +script (i.e. installation, customisation, etc) without written permission +of Jem Turner. Because I'm a tightarse. + +Support is currently on hold while I pop out sprogs. +Check the Girls Who Geek forums as most questions have already been answered: +http://girlswhogeek.com/forums/forum/jemjabella-scripts + + + +//-------------------- +// INSTRUCTIONS +//-------------------- +1. Customise prefs.php - set your username, password and various preferences (yes or no etc) +2. Upload all of the files to a directory +3. CHMOD all of the txt files to 666 - this makes them writeable +4. CHMOD the buttons directory to 777 +(BEWARE: can be a security risk! CHMOD 'buttons' to 755 when not using the upload feature) + +NOTE: some hosts run PHP as CGI, which usually eradicates the need to change +the permissions on files and folders. Try joining as a test member before +CHMODing any files to see if this is true for you. This makes the script more +secure overall. If you get an error, CHMOD the files as above. + + +__________________________ HOW DO I CHMOD/CHANGE FILE PERMISSIONS? + +There are lots of tutorials on CHMODing which can be found through Google: +http://www.google.com/search?q=chmod+tutorial + + +__________________________ HOW DO I ADD A LAYOUT TO MY FANLISTING? + +The script is set up to use the popular header/footer include system. That +means you add the 'top' of your layout - things like divs, header images +etc. to the header.php file and the bottom of your layout - closing notices +and copyright signs - to the footer.php file. + +For more information on PHP includes (for layout purposes) see this tutorial: +http://girlswhogeek.com/tutorials/2006/php-includes + + +__________________________ HOW DO I UPDATE MY FANLISTING? + +Open your admin panel - this will be located in your online BellaBuffs folder +as admin.php. E.g. http://your-domain.com/bellabuffs/admin.php + +Login and choose "Add Update". The date will automatically be inserted for you +into the form with the timestamp format set in config.php + +Add your update. If you have no details, leave the details field blank and only +the date will be updated. Each update will replace the previous. + + +__________________________ HOW DO I ADD A BUTTON/CODE? + +Open your admin panel - this will be located in your online BellaBuffs folder +as admin.php. E.g. http://your-domain.com/bellabuffs/admin.php + +Login and choose "Add Button". Find the button/code on your computer. + +If the button was donated, fill in the fields. If not, leave them blank. Buttons +will automatically be added and sorted on the buttons.php page. + + +__________________________ HOW DO I DISPLAY THE MEMBER/BUTTON/ETC COUNT? + +This is done using the custom countfile() function. Simply add the +name of the file, as defined in config.php, between the brackets. + +For example, to count the members, put: +..to count the newbies: +..to count the buttons: .. etc. + + +__________________________ WHAT'S A CAPTCHA? + +A captcha is generally an image that is automatically generated with a mixture of +letters and numbers on it that a person must fill out exactly right before they +are able to submit information through a form - in the case of the BellaBuffs +captcha, before they are allowed to join. + +Because captchas are image based, they have accessibility implications. Please +consider those who browse with images turned off and/or those with eyesight +related disabilities before turning on the captcha - it is only needed if you suffer +from large amounts of bot-based spam. + +You can read more about captchas at wikipedia: http://en.wikipedia.org/wiki/Captcha + + +__________________________ I AM LISTED AT THEFANLISTINGS.ORG, CAN I USE THE CAPTCHA? + +I contacted the Senior Staff of TheFanlistings.Org because I wasn't sure - I was +told that the usage of captchas is allowed providing an alternative method is +displayed so that users who cannot for some reason display/use the captcha can +join too. This means that you MUST link to an e-mail address or other method of +contact as an alternative if you use the captcha. + + +__________________________ CAN I MANAGE MULTIPLE FANLISTINGS THROUGH BELLABUFFS? + +You will need to install a separate version of BellaBuffs for each fanlisting you +wish to have on your site. Also, there is currently no collective feature for +BellaBuffs so each fanlisting has to be managed through it's own admin panel. + + + +//-------------------- +// FEATURES +//-------------------- +* Spam word and IP blocking +* Valid country checking to prevent text injection +* E-mail scrambling and JavaScript protection +* Optional favourites field and spam-preventing captcha +* 'Paginate' members in admin panel too +* Sort members by country/join date +* Button ('code') upload & management +* Affiliate management (inc. button upload) +* Valid XHTML Transitional by default +* Auto-update date when approving member +* Optional update 'details' (single-entry) log + +//-------------------- +// FIXES IN VERS 2 +//-------------------- +- Update to countries list, as provided by Haley +- Updated contact form based on latest vers of Jem's PHP Mail Form (jemsmailform.com) +- New functions in functions.php for contact.php +- Updated join form to fix deprecated ereg errors + update spammy checks +- $maxpoints added to prefs.php + + +//-------------------- +// FIXES IN VERS 1b-1f +//-------------------- +In admin.php on line 216, !ctype_digit($line) replaced with !ctype_digit($_GET['mem']) +In join.php on line 62, checkTXTfile(SPAMWDS, $clean['name'] replaced with (checkTXTfile(SPAMWDS, $clean['name'] +In join.php on line 62, checkTXTfile(SPAMWDS, $clean['fave'], "spamword") === true) { replaced with checkTXTfile(SPAMWDS, $clean['fave'], "spamword") === true)) { +More rigorous testing of file names added to prevent broken images if a comma is in button/affiliate file name. +Added check to see if member exists before sending update info form +Search functionality added to admin panel +Added meta injection checks (this should have been added before the script was released!) + +//-------------------- +// FIXES IN VERS 1g-1k +//-------------------- +Fixed XHTML validity issue in admin.php (Thank you Shawna: http://www.eruantale.net) +Added extra checks to join.php & update.php, fixed email check in update.php +Fixed issue with uppercase emails being used in admin search + +//-------------------- +// FIXES IN VERS 1h: Suggestions and bug reports courtesy of Tea P. (http://colorfilter.net) +//-------------------- +Fixed XHTML validity issue in form textareas in: join.php, update.php and contact.php +Changed value of submit button in contact.php (copy&paste error!) +Included footer.php in join.php error messages +Added fixEmail() to "Reply-To: " in e-mail admin section of join.php +Added "Please select a country:" option to join.php and update.php +Added dynamic link to approved/pending members edit section after editing member +Added count of members for each country in members.php +Changed broken $email to $admin_email in "Reply-To: " in approval section of admin.php +More sanitisation of dispemail in join.php to prevent empty lines/commas being submitted +Further improvements to cleanUp() in config.php to strip stray new lines not caught by trim() + +//-------------------- +// FIXES IN VERS 1l-1p +//-------------------- +Fixed typos/wording errors in join.php, contact.php and update.php (Thanks Julie: http://jul13.ju.funpic.org) +checkTXTfile() function altered (config.php) to use in_array instead of preg_match +Footer link changed to match new URL (jemjabella.co.uk/scripts) +Closed file after blanklinefix() (config.php) as a safety precaution +Fixed data sanitisation bug in join.php caused by fix in 1k +Altered lastupdate() function making details optional (config.php) +Fixed dynamic "approve more members"/"no members to be approved" link (admin.php) +Fixed IP issue (blocked IPs caused country error) in config.php & join.php (Thanks Michele: http://www.absolutetrouble.com) +Changed captcha image to make it harder for bots to separate colours + +//-------------------- +// FIXES IN VERS 1q-1t +//-------------------- +Fixed pagination bug created by optimisation in version 1m +Modified join.php to display inline errors; additional spam protection +Implemented two potential fixes for those losing members due to script time-out (config.php) +More tidying of admin.php to reduce superfluous code +Separated functions and preferences to allow for easier upgrading (config.php renamed to prefs.php) +Added "edit affiliate" and "edit button" button replacement functionality +Improved security to reduce CSRF risk (admin.php) +Implemented checkbox for mass approve & delete (admin.php) +Alternating row colours to visually distinguish members (admin.php) +Added default sort option, oldest or newest first (prefs.php, admin.php) +Populated spam words list with common spam and profanity (spamwds.txt) +Further user agent checking to defeat bots (join.php) +Fixed blank fave error caused by changes in 1r (join.php) +Added new line to admin.php when sorting members by oldest first + + +//-------------------- +// CREDITS +//-------------------- +Mucho thanks go to the following people for helping with BellaBuffs: + +Amelie - http://not-noticeably.net +Katy - http://cathode-ray-coma.co.uk + +Amelie and Katy were there for my constant swearing, frustrated +coding-related ramblings, bug testings, suggestions, snippy "I know best" +responses and major dense moments. Without them, this script would +not exist, and my partner Karl would get a lot more earache. + +The following others also helped with last minute beta/bug testing: + +Julie - http://jul13.ju.funpic.org +Frosty - http://telperionworld.com +Jenny - http://www.prism-perfect.net +Ang - http://www.silencia.net +Ilona - http://www.puwing.com +Tea P. - http://colorfilter.net +Michele - http://www.absolutetrouble.com \ No newline at end of file diff --git a/admin-icons/accept.png b/admin-icons/accept.png new file mode 100644 index 0000000..89c8129 Binary files /dev/null and b/admin-icons/accept.png differ diff --git a/admin-icons/delete.png b/admin-icons/delete.png new file mode 100644 index 0000000..c149c2b Binary files /dev/null and b/admin-icons/delete.png differ diff --git a/admin-icons/edit.png b/admin-icons/edit.png new file mode 100644 index 0000000..af486c9 Binary files /dev/null and b/admin-icons/edit.png differ diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..e499345 --- /dev/null +++ b/admin.php @@ -0,0 +1,1117 @@ +Warning: Do not try to edit multiple members at once, do not try to approve and delete the same member.

"; + + $count = count($file); + if ($count == 0) { echo '

No '.$wording.' members at this time.

Back to admin panel?

'; exit(include('footer.php')); } + + echo '

'.$count.' '.$wording.' members | '; + $numpages = ceil($count/$perpage); + + echo "pages: "; + for ($x=1; $x<=$numpages; $x++) { + echo ''; + if (isset($_GET['page']) && $x == $_GET['page']) { + echo "$x"; + } else { + echo "$x"; + } + echo " "; + } + echo "

\n\n "; + + if (isset($_GET['page']) && is_numeric($_GET['page'])) $i = $perpage * ($_GET['page'] - 1); + else $i = 0; + + $end = $i + $perpage; + + if ($end > $count) $end=$count; +?> +
+ + " /> + + + Fave"; } ?> Add'; ?> + +'; + $email = ""; + if (empty($url) || $url == "http://") $url = "www"; else $url = "www"; + + echo " "; + if (isset($favefield) && $favefield == "yes") echo ""; + + if (isset($_GET['s']) && $_GET['s'] == "newbies") + echo ''; + + echo ''; + echo ''; + echo "\r\n"; + + $i++; + } +?> +
Name E-mail Website Country Edit Delete
$name $email $url $country" . str_replace('|', ',', $fave) . "edit
+

'."\r\n
"; + + echo "

Back to admin panel?

"; + break; + case "do_action": + if (!isset($_POST['token']) || $_POST['token'] != md5($secret)) exit("

Invalid token.

"); + + if (isset($_POST['appr']) && is_array($_POST['appr'])) { + $newbies = file(NEWBIES); + $approved = array(); + + foreach ($_POST['appr'] as $member => $value) { + if (is_numeric($member) && array_key_exists($member, $newbies)) { + $approved[] = $newbies[$member]; + unset($newbies[$member]); + } + } + + $newbies = implode("", $newbies); + $fh = fopen(NEWBIES, "w"); + fwrite($fh, $newbies); + fclose($fh); + + if ($emailapproval == "yes") { + $apprAmount = count($approved); + $i = 0; + while ($i < $apprAmount) { + list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$approved[$i]); + + $subject = "You have been approved at $title"; + + $message = $approvalMsg; + $message .= "Name: {$name} \r\n"; + $message .= "Email: " . fixEmail($email) . " \r\n"; + $message .= "URL: {$url} \r\n"; + $message .= "Country: {$country} \r\n"; + if (isset($favefield) && $favefield == "yes") $message .= strip_tags($favetext) . ": {$fave} \r\n"; + + if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) $headers = "From: $admin_email \n"; + else $headers = "From: $title <$admin_email> \n"; + + mail(fixEmail($email),$subject,$message,$headers); + + $i++; + } + } + + if (isset($defaultSort)) { + if ($defaultSort == "newest") { + $newmembers = implode("", $approved) . "\r\n"; + $olddata = file_get_contents(MEMBERS); + + $fp = fopen(MEMBERS, "w"); + fwrite($fp, $newmembers); + fclose($fp); + + $fp = fopen(MEMBERS, "a") or die ("Couldn't open members.txt"); + fwrite($fp, $olddata); + fclose($fp); + } elseif ($defaultSort == "oldest") { + $newmembers = "\r\n" . implode("", $approved); + + $fp = fopen(MEMBERS, "a") or die ("Couldn't open members.txt"); + fwrite($fp, $newmembers); + fclose($fp); + } else { + exit("

Invalid sort option in prefs.php: please ensure you use 'newest' or 'oldest'.

"); + } + } else { + exit("

No sort option in prefs.php: please ensure you're running the latest version.

"); + } + + if (isset($updateDate) && $updateDate == "yes") { + $update = "\n" . date($timestamp) . ",New member(s) added"; + + $fp = fopen(UPDATES, "w") or die ("Couldn't open UPDATES - the update could not be stored."); + fwrite($fp, $update); + fclose($fp); + } + + blanklinefix(NEWBIES); + blanklinefix(MEMBERS); + + echo "

Member(s) approved.

"; + } + if (isset($_POST['del']) && is_array($_POST['del'])) { + if (isset($_POST['fileloc'])) + $fileloc = basename($_POST['fileloc']); + else exit; + + $members = file(MEMBERS); + $newbies = file(NEWBIES); + + foreach ($_POST['del'] as $member => $file) { + if (is_numeric($member)) { + if ($fileloc == "newbies.txt" && array_key_exists($member, $newbies)) unset($newbies[$member]); + elseif ($fileloc == "members.txt" && array_key_exists($member, $members)) unset($members[$member]); + } + } + if ($fileloc == "newbies.txt") $backlink = 'Delete other pending members?'; else $backlink = 'Delete other approved members?'; + + $members = implode("", $members); + $newbies = implode("", $newbies); + + $fh = fopen(MEMBERS, "w"); + fwrite($fh, $members); + fclose($fh); + + $fb = fopen(NEWBIES, "w"); + fwrite($fb, $newbies); + fclose($fb); + + echo '

Member(s) deleted.

'; + } + echo '

Jump to: members / pending members

'; + echo '

Back to admin panel?

'; + break; + case "edit_member": + echo "

Note: editing a member will not approve them. You must do this separately.

"; + + if (!isset($_GET['mem']) || $_GET['mem'] == "" || !ctype_digit($_GET['mem'])) { + echo "

You didn't select a valid member.

"; + include('footer.php'); + exit; + } elseif (!isset($_GET['file']) || $_GET['file'] == "" || !file_exists($_GET['file'])) { + echo "

You didn't select a valid file.

"; + include('footer.php'); + exit; + } else { + if (is_numeric($_GET['mem'])) $mem = $_GET['mem']; else exit("Oops, not a valid member number."); + if (file_exists($_GET['file'])) $file = $_GET['file']; else exit("Oops, the important .txt files don't exist!"); + + $fh = fopen($file, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + if (empty($content[$mem])) { + echo "

That member does not exist.

"; + include('footer.php'); + exit; + } + + $memary = preg_split("/,(?! )/", $content[$mem]); + if (isset($memary['5'])) { + $memary['5'] = stripslashes(trim($memary['5'], "\"\x00..\x1F")); + } else { + $memary['4'] = trim($memary['4'], "\"\x00..\x1F"); + } +?> +

+ + +
+
+ + Display E-mail?
+
+
+ +
+ + +

+ +Back to admin panel?

"; + break; + case "edit_process": + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + if (!isset($favefield) || $favefield == "no") { + $clean['fave'] = ""; + } + if (empty($clean['dispemail'])) { + $clean['dispemail'] = "no"; + } + + $editedMember = $clean['name'] . "," . breakEmail($clean['email']) . "," . $clean['dispemail'] . "," . $clean['url'] . "," . $clean['country'] . "," . $clean['fave'] . "\n"; + + $mem = $clean['member']; + $file = $clean['file']; + + $fh = fopen($file, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + $content[$mem] = $editedMember; + $data = implode($content); + $data = trim($data); + + $fp = fopen($file, "w") or die ("Couldn't open {$file}."); + fwrite($fp, $data); + fclose($fp); + + if ($file == "newbies.txt") { + echo "

Member edited. Edit more pending members?

"; + } else { + echo "

Member edited. Edit more approved members?

"; + } + + if (isset($updateDate) && $updateDate == "yes") { + if (empty($clean['url']) || $clean['url'] == "http://") { + $updatedMember = $clean['name']; + } else { + $updatedMember = "{$clean['name']}"; + } + $update = "\n" . date($timestamp) . ",Member edited: $updatedMember"; + + $fp = fopen(UPDATES, "w") or die ("

Couldn't open UPDATES - the update could not be stored.

"); + fwrite($fp, $update); + fclose($fp); + } + + echo "

Back to admin panel?

"; + break; + case "add_spamword": + echo "

These words will be blocked - if the script finds them in the join form, membership will be rejected. Add each new word separately: do not use commas to separate spam words.

"; + echo "

\n"; + echo "
\n"; + echo "
\n"; + echo "

\n"; + + echo "

Back to admin panel?

"; + break; + case "add_spamword_process": + if(!ctype_alnum($_POST['spamword'])) { + echo "

That is not a valid spam word: they must only contain numbers and letters. No special characters.

"; + include('footer.php'); + exit; + } + + $_POST['spamword'] = cleanUp(str_replace(',','',$_POST['spamword'])); + + echo "

The following word is now blacklisted:

\n\n

{$_POST['spamword']}

\n\n"; + $newlisting = "\n".$_POST['spamword']; + + $fh = @fopen(SPAMWDS, "a"); + @fwrite($fh, $newlisting); + fclose($fh); + + echo "

Back to admin panel?

"; + break; + case "edit_spamword": + echo "

To remove a spam word, simply delete the contents of the input field.

"; + + if (filesize(SPAMWDS) == 0) { + echo "

No spam words in the list.

"; + } else { + echo "\n

\n"; + $fh = fopen(SPAMWDS, "r") or die ("Couldn't open the spam words file."); + while(!feof($fh)) { + $spamword = fgetcsv($fh, 4096); + + for ($i=0; $i<1; $i++) { + echo "
\n"; + } + } + fclose($fh); + echo "
\n

\n"; + } + + echo "

Back to admin panel?

"; + break; + case "edit_spamword_process": + $wordlist = $_POST['wordlist']; + + echo "

The following words are now blacklisted:

\n\n

"; + foreach ($wordlist as $spamword) { + echo "$spamword
\n"; + } + echo "

"; + + $wordlist = cleanUp(implode(",", $wordlist)); + $wordlist = str_replace(',,',',', $wordlist); + $wordlist = split(',', $wordlist); + $new_wordlist = implode("\n", $wordlist); + + $fh = fopen(SPAMWDS, "w"); + fwrite($fh, $new_wordlist); + fclose($fh); + + echo "

Back to admin panel?

"; + break; + case "block_ip": + echo "

Please note: blocking an IP will stop a user from joining your fanlisting, but not from viewing it.

"; + echo "

\n"; + echo "
\n"; + echo "
\n"; + echo "

\n"; + + echo "

Back to admin panel?

"; + break; + case "block_ip_process": + if (preg_match("^((\d|[1-9]\d|2[0-4]\d|25[0-5]|1\d\d)(?:\.(\d|[1-9]\d|2[0-4]\d|25[0-5]|1\d\d)){3})$^", cleanUp(str_replace(',','',$_POST['newip'])))) { + echo "

The following IP has now been blocked:

\n\n

{$_POST['newip']}

\n\n"; + $newlisting = "\n".$_POST['newip']; + + $fh = @fopen(IPBLOCKLST, "a"); + fwrite($fh, $newlisting); + fclose($fh); + } else { + echo "

That's not a valid IP address!

"; + } + + echo "

Back to admin panel?

"; + break; + case "edit_blocked_ips": + echo "

To remove an IP, simply delete the content of the input field.

"; + + if (filesize(IPBLOCKLST) == 0) { + echo "

No blocked IPs.

"; + } else { + echo "\n

\n"; + $fh = fopen(IPBLOCKLST, "r") or die ("Couldn't open IP block list."); + while(!feof($fh)) { + $blockedips = @fgetcsv($fh, 4096); + + for ($i=0; $i<1; $i++) { + echo "
\n"; + } + } + fclose($fh); + echo "
\n

\n"; + } + + echo "

Back to admin panel?

"; + break; + case "edit_blocked_ips_process": + echo "

The following IPs are now blocked:

\n\n

"; + foreach ($_POST['iplist'] as $blockedip) { + print "$blockedip
\n"; + } + echo "

"; + + $iplist = cleanUp(implode(",", $_POST['iplist'])); + $iplist = str_replace(',,',',', $iplist); + $iplist = split(',', $iplist); + $new_iplist = implode("\n", $iplist); + + $fh = @fopen(IPBLOCKLST, "w"); + @fwrite($fh, $new_iplist); + fclose($fh); + + echo "

Back to admin panel?

"; + break; + case "add_button": + echo "

Note: On the majority of hosts, the button folders have to have permissions set to 777 for this upload feature to work. This can constitute a security risk. Please be careful when changing the permissions of files and folders.

"; +?> +

+
+
+ Yes + No
+ +
+
+ +

+Back to admin panel?

"; + break; + case "add_button_process": + if (!is_dir("buttons/")) { + echo "

The \"buttons\" directory does not exist and therefore the button could not be uploaded.

"; + include('footer.php'); + exit; + } + if (empty($_FILES['file'])) { + echo "

You did not choose an image to upload.

"; + include('footer.php'); + exit; + } + if (getimagesize($_FILES['file']['tmp_name']) === FALSE) { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + list($width, $height, $type, $attr) = getimagesize($_FILES['file']['tmp_name']); + if ($type == 1 || $type == 2 || $type == 3) { + if (move_uploaded_file($_FILES['file']['tmp_name'], "buttons/{$_FILES['file']['name']}")) { + echo "

The button was successfully uploaded. Add another?

"; + + $string = substr(md5(microtime() * mktime()),0,6); + $ext = substr(strrchr($_FILES['file']['name'], "."), 1); + + // rename the button so that bad characters don't break things. + if (rename("buttons/".$_FILES['file']['name'], "buttons/".$string.".".$ext)) { + $filename = $string.".".$ext; + } else { + // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine + if (strpos($_FILES['file']['name'], ",") === true) { + unlink("buttons/".$_FILES['file']['name']); + echo "

File names must not contain commas.

"; + include('footer.php'); + exit; + } else { + $filename = $_FILES['file']['name']; + } + } + + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + + $button = "\n" . $filename . "," . $width . "," . $height . "," . $clean['donated'] . "," . $clean['donatorname'] . "," . $clean['donatorurl']; + + $fp = fopen(BUTTONS, "a") or die ("Couldn't open BUTTONS - the information about the button could not be stored."); + fwrite($fp, $button); + fclose($fp); + } else { + echo "

The button was not uploaded this time.

"; + include('footer.php'); + exit; + } + } else { + echo "

That file extension not valid.

"; + include('footer.php'); + exit; + } + echo "

Back to admin panel?

"; + break; + case "manage_buttons": + if (isset($_GET['size'])) { + list($MANwidth,$MANheight) = preg_split("/x/",$_GET['size']); +?> +

Manage Buttons: x

+ + + $value) { + if (preg_match("/$MANwidth,$MANheight/i", $value)) { + list($file,$width,$height,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$value); + echo ""; + } + } +?> +
Image Donated? Donator Name Donator URL Admin
\"{$width}x{$height} $donated $donator $donatorUrl edit delete
+Back to admin panel?

"; + include('footer.php'); + exit; + } elseif (isset($_GET['p']) && $_GET['p'] == "del") { + if (!isset($_GET['p'])) { + echo "

You did not select a button to delete.

"; + } else { + $button = $_GET['button']; + + $fh = @fopen(BUTTONS, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + list($file,$width,$height,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$content[$button]); + unlink("buttons/" . $file); + + unset($content[$button]); + $data = implode("", $content); + $data = trim($data); + + $fh = @fopen(BUTTONS, "w"); + @fwrite($fh, $data); + fclose($fh); + + echo "

Button deleted. Manage more buttons?

"; + } + + echo "

Back to admin panel?

"; + include('footer.php'); + exit; + } elseif (isset($_GET['p']) && $_GET['p'] == "edit") { + if (!isset($_GET['button'])) { + echo "

You did not select a button to edit.

"; + } else { + $button = $_GET['button']; + + $fh = fopen(BUTTONS, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + if (empty($content[$button])) { + echo "

That button does not exist.

"; + include('footer.php'); + exit; + } + + $buttonArray = preg_split("/,(?! )/", $content[$button]); + if (isset($buttonArray['5'])) { + $buttonArray['5'] = stripslashes($buttonArray['5']); + $buttonArray['5'] = trim($buttonArray['5'], "\"\x00..\x1F"); + } else { + $buttonArray['4'] = trim($buttonArray['4'], "\"\x00..\x1F"); + $buttonArray['3'] = trim($buttonArray['3'], "\"\x00..\x1F"); + } +?> +

+ + + + + Old Button
+
+ + Donated?
+
+
+ +

+Back to admin panel?

"; + include('footer.php'); + exit; + } + $array = file(BUTTONS); + $buttons_found = array(); + echo ""; + echo "

Back to admin panel?

"; + break; + case "edit_button": + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + if ($_FILES['newbutton']['size'] > 0) { + if (getimagesize($_FILES['newbutton']['tmp_name']) === FALSE) { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + list($width, $height, $type, $attr) = getimagesize($_FILES['newbutton']['tmp_name']); + if ($type == 1 || $type == 2 || $type == 3) { + if (move_uploaded_file($_FILES['newbutton']['tmp_name'], "buttons/{$_FILES['newbutton']['name']}")) { + $string = substr(md5(microtime() * mktime()),0,6); + $ext = substr(strrchr($_FILES['newbutton']['name'], "."), 1); + + // rename the button so that bad characters don't break things. + if (rename("buttons/".$_FILES['newbutton']['name'], "buttons/".$string.".".$ext)) { + $filename = $string.".".$ext; + } else { + // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine + if (strpos($_FILES['newbutton']['name'], ",") === true) { + unlink("buttons/".$_FILES['newbutton']['name']); + echo "

File names must not contain commas.

"; + include('footer.php'); + exit; + } else { + $filename = $_FILES['newbutton']['name']; + } + } + unlink("buttons/".$clean['filename']); + } + } else { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + } else { + $filename = $clean['filename']; + } + + $editedButton = $filename . "," . $clean['width'] . "," . $clean['height'] . "," . $clean['donated'] . "," . $clean['donatorname'] . "," . $clean['donatorurl'] . "\n"; + + $button = $clean['buttonnum']; + + $fh = fopen(BUTTONS, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + $content[$button] = $editedButton; + $data = implode($content); + $data = trim($data); + + $fp = fopen(BUTTONS, "w") or die ("Couldn't open BUTTONS."); + fwrite($fp, $data); + fclose($fp); + + echo "

Button edited.

"; + + echo "

Back to admin panel?

"; + break; + case "add_update": +?> +

Add New Update

+

If updates details is left blank, only a date will be shown.

+ +

+
+
+ +

+Back to admin panel?

"; + break; + case "update_process": + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + $update = "\n" . $clean['date'] . "," . $clean['updatedetails']; + + $fp = fopen(UPDATES, "w") or die ("Couldn't open UPDATES - the update could not be stored."); + fwrite($fp, $update); + fclose($fp); + + echo "

Update added.

"; + echo "

Back to admin panel?

"; + break; + case "add_affiliate": + echo "

Note: On the majority of hosts, the button folders have to have permissions set to 777 for the upload feature to work. This can constitute a security risk. Please be careful when changing the permissions of files and folders.

"; +?> +

+
+
+
+
+
+ +

+Back to admin panel?

"; + break; + case "add_affiliate_process": + if (getimagesize($_FILES['affButton']['tmp_name']) === FALSE) { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + list($width, $height, $type, $attr) = getimagesize($_FILES['affButton']['tmp_name']); + if ($type == 1 || $type == 2 || $type == 3) { + if (move_uploaded_file($_FILES['affButton']['tmp_name'], "buttons/{$_FILES['affButton']['name']}")) { + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + + $string = substr(md5(microtime() * mktime()),0,6); + $ext = substr(strrchr($_FILES['affButton']['name'], "."), 1); + + // rename the button so that bad characters don't break things. + if (rename("buttons/".$_FILES['affButton']['name'], "buttons/aff_".$string.".".$ext)) { + $filename = "aff_".$string.".".$ext; + } else { + // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine + if (strpos($_FILES['affButton']['name'], ",") === true) { + unlink("buttons/".$_FILES['affButton']['name']); + echo "

File names must not contain commas.

"; + include('footer.php'); + exit; + } else { + $filename = $_FILES['affButton']['name']; + } + } + + $aff = "\n" . $filename . "," . $clean['affName'] . "," . breakEmail($clean['affEmail']) . "," . $clean['affURL'] . "," . $clean['affSitename']; + + $fp = fopen(AFFILIATES, "a") or die ("Couldn't open AFFILIATES - the affiliate details were not uploaded this time."); + fwrite($fp, $aff); + fclose($fp); + + echo "

The affiliate details were uploaded successfully. Add another?

"; + } else { + echo "

The affiliate details were not uploaded this time.

"; + include('footer.php'); + exit; + } + } else { + echo "

That file extension not valid.

"; + include('footer.php'); + exit; + } + echo "

Back to admin panel?

"; + break; + case "manage_affiliates": + if (isset($_GET['p']) && $_GET['p'] == "del") { + if (!isset($_GET['p'])) { + echo "

You did not select an affiliate to delete.

"; + } else { + $aff = $_GET['aff']; + + $fh = @fopen(AFFILIATES, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + list($affButton,$affName,$affEmail,$affURL,$affSitename) = preg_split("/,(?! )/",$content[$aff]); + unlink("buttons/" . $affButton); + + unset($content[$aff]); + $data = implode("", $content); + $data = trim($data); + + $fh = @fopen(AFFILIATES, "w"); + @fwrite($fh, $data); + fclose($fh); + + echo "

Affiliate deleted. Manage more affiliates?

"; + } + + echo "

Back to admin panel?

"; + include('footer.php'); + exit; + } elseif (isset($_GET['p']) && $_GET['p'] == "edit") { + if (!isset($_GET['aff'])) { + echo "

You did not select an affiliate to edit.

"; + } else { + $aff = $_GET['aff']; + + $fh = fopen(AFFILIATES, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + if (empty($content[$aff])) { + echo "

That affiliate does not exist.

"; + include('footer.php'); + exit; + } + + $affArray = preg_split("/,(?! )/", $content[$aff]); + $affArray['4'] = trim($affArray['4'], "\"\x00..\x1F"); +?> +

+ + + Old Affiliate Button
+
+
+
+
+
+ +

+Back to admin panel?

"; + include('footer.php'); + exit; + } + +?> + + + $value) { + list($affButton,$affName,$affEmail,$affURL,$affSitename) = preg_split("/,(?! )/",$value); + echo ""; + } +?> +
Button Name Email URL Site Name Admin
$affName email www $affSitename edit delete
+ $val) { + $clean[$key] = cleanUp($val); + } + if ($_FILES['newbutton']['size'] > 0) { + if (getimagesize($_FILES['newbutton']['tmp_name']) === FALSE) { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + list($width, $height, $type, $attr) = getimagesize($_FILES['newbutton']['tmp_name']); + if ($type == 1 || $type == 2 || $type == 3) { + if (move_uploaded_file($_FILES['newbutton']['tmp_name'], "buttons/{$_FILES['newbutton']['name']}")) { + $string = substr(md5(microtime() * mktime()),0,6); + $ext = substr(strrchr($_FILES['newbutton']['name'], "."), 1); + + // rename the button so that bad characters don't break things. + if (rename("buttons/".$_FILES['newbutton']['name'], "buttons/".$string.".".$ext)) { + $filename = $string.".".$ext; + } else { + // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine + if (strpos($_FILES['newbutton']['name'], ",") === true) { + unlink("buttons/".$_FILES['newbutton']['name']); + echo "

File names must not contain commas.

"; + include('footer.php'); + exit; + } else { + $filename = $_FILES['newbutton']['name']; + } + } + unlink("buttons/".$clean['filename']); + } + } else { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + } else { + $filename = $clean['filename']; + } + $editedAff = $filename . "," . $clean['affName'] . "," . breakEmail($clean['affEmail']) . "," . $clean['affURL'] . "," . $clean['affSitename'] . "\n"; + $aff = $clean['affnum']; + + $fh = fopen(AFFILIATES, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + $content[$aff] = $editedAff; + $data = implode($content); + $data = trim($data); + + $fp = fopen(AFFILIATES, "w") or die ("Couldn't open AFFILIATES."); + fwrite($fp, $data); + fclose($fp); + + echo "

Affiliate edited.

"; + + echo "

Back to admin panel?

"; + break; + case "email_affiliates": + if (isset($_GET['p']) && $_GET['p'] == "process") { + foreach ($_POST as $key => $val) { + $clean[$key] = stripslashes(trim($val)); + } + + $subject = "E-mail from the $FLsubject fanlisting"; + + if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $clean['to'] = str_replace('>', '', $clean['to']); + $clean['to'] = str_replace('<', '', $clean['to']); + + $headers = "From: $admin_email \n"; + $headers .= "Reply-To: $admin_email"; + } else { + $headers = "From: $title <$admin_email> \n"; + $headers .= "Reply-To: <$admin_email>"; + } + + if (mail($clean['to'],$subject,$clean['message'],$headers)) { + echo "

E-mail sent!

"; + echo "

Back to admin panel?

"; + } else { + echo "

The e-mail could not be sent at this time.

"; + echo "

Back to admin panel?

"; + } + exit; + } + + $array = file(AFFILIATES); +?> +

+
+
+ +

+Back to admin panel?

"; + break; + case "search": + if (isset($_GET['p']) && $_GET['p'] == "process") { + if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($_POST['email']))) { + echo "

That is not a valid e-mail address.

"; + echo "

Back to admin panel?

"; + include('footer.php'); + exit; + } + if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($_POST['email']), "email") === true) { + $file = MEMBERS; + } elseif (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($_POST['email']), "email") === true) { + $file = NEWBIES; + } + if (!isset($file)) { + echo "

Something went horribly, drastically wrong! Run for your life!

"; + echo "

...

"; + echo "

Just kidding — that member does not exist.

"; + echo "

Back to admin panel?

"; + include('footer.php'); + exit; + } + + $members = file($file); + foreach ($members as $key => $value) { + if (preg_match("/(".breakEmail($_POST['email']).")/i", $value)) { + list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$value); + if (empty($url) || $url == "http://" || $url == "") { + $url = "(none)"; + } else { + $url = "website"; + } +?> +

Search results:

+ + +Fave"; } ?> + + + + + + + + +
Name E-mail Website Country Admin
email"; ?>edit delete +
+ +Back to admin panel?

"; + } + } + include('footer.php'); + exit; + } +?> +

Search for member by e-mail address:

+

+
+ +

+BellaBuffs Admin Panel"; +?> + + + + + + +Bad cookie. Clear 'em out and start again.

"; + include('footer.php'); + exit; + } +} +if (isset($_GET['p']) && $_GET['p'] == "login") { + if ($_POST['name'] != $admin_name || $_POST['pass'] != $admin_pass) { + include('header.php'); + echo "

Sorry, that username and password combination does not match. Please try again.

"; +?> +
+
+
+ +
+Sorry, you could not be logged in at this time. Please try again.

"; +?> +
+
+
+ +
+ + +

+
+
+ +

+ + \ No newline at end of file diff --git a/affiliates.php b/affiliates.php new file mode 100644 index 0000000..0aac4a4 --- /dev/null +++ b/affiliates.php @@ -0,0 +1,19 @@ + +

Affiliates

+

+ 0) { + $array = file(AFFILIATES); + foreach ($array as $value) { + list($affButton,$affName,$affEmail,$affURL,$affSitename) = preg_split("/,(?! )/",$value); + echo "\"$affSitename"; + } +} else { + echo "There are no affiliates."; +} ?> +

+ + \ No newline at end of file diff --git a/affiliates.txt b/affiliates.txt new file mode 100644 index 0000000..e69de29 diff --git a/buttons.php b/buttons.php new file mode 100644 index 0000000..d73ffba --- /dev/null +++ b/buttons.php @@ -0,0 +1,26 @@ + +

Buttons (Codes)

+ + 0) { + if (isset($_GET['p'])) { + if ($_GET['p'] != "[0-9]x[0-9]" && !ctype_alnum($_GET['p'])) { + echo "

That is not a valid button size. See all sizes?

"; + include('footer.php'); + exit; + } + + getButtonSizes(); + list($width,$height) = preg_split("/x/",$_GET['p']); + getButtons($width, $height); + } else { + getButtonSizes(); + } +} else { + echo "

There are no buttons.

"; +} + +include('footer.php'); ?> \ No newline at end of file diff --git a/buttons.txt b/buttons.txt new file mode 100644 index 0000000..e69de29 diff --git a/captcha.jpg b/captcha.jpg new file mode 100644 index 0000000..382e0e4 Binary files /dev/null and b/captcha.jpg differ diff --git a/captcha.php b/captcha.php new file mode 100644 index 0000000..df4d3d0 --- /dev/null +++ b/captcha.php @@ -0,0 +1,17 @@ + \ No newline at end of file diff --git a/contact.php b/contact.php new file mode 100644 index 0000000..f1dea20 --- /dev/null +++ b/contact.php @@ -0,0 +1,115 @@ +)/i", $_POST['comments'])) + $points += 2; + if (strlen($_POST['name']) < 3) + $points += 1; + if (strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500)) + $points += 2; + // end score assignments + + foreach($requiredFields as $field) { + trim($_POST[$field]); + + if (!isset($_POST[$field]) || empty($_POST[$field])) + $error_msg .= "Please fill in all the required fields and submit again.\r\n"; + } + + if (!preg_match("/^[a-zA-Z-'\s]*$/", stripslashes($_POST['name']))) + $error_msg .= "The name field is required, and must not contain special characters.\r\n"; + if (!preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' . '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower($_POST['email']))) + $error_msg .= "The e-mail field is required, and must be a valid e-mail address.\r\n"; + if (!empty($_POST['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $_POST['url'])) + $error_msg .= "Invalid website url.\r\n"; + + if ($error_msg == NULL && $points <= $maxPoints) { + $subject = "Contact form submission from ". $title; + + $message = "You received this e-mail message through your fanlisting: \n\n"; + foreach ($_POST as $key => $val) { + $message .= ucwords($key) . ": " . clean($val) . "\r\n"; + } + $message .= "\r\n"; + $message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n"; + $message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n"; + $message .= 'Points: '.$points; + + if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $headers = "From: {$admin_email}\n"; + $headers .= "Reply-To: {$_POST['email']}"; + } else { + $headers = "From: {$title} <{$admin_email}>\n"; + $headers .= "Reply-To: {$_POST['email']}"; + } + + if (mail($admin_email,$subject,$message,$headers)) { + $result = 'Your mail was successfully sent.'; + $disable = true; + } else { + $error_msg = 'Your mail could not be sent this time. ['.$points.']'; + } + } else { + if (empty($error_msg)) + $error_msg = 'Your mail looks too much like spam, and could not be sent this time. ['.$points.']'; + } +} +include_once('header.php'); +?> +

Contact Admin

+

This form is for contacting the fanlisting owner only -- it is not to be used to join the fanlisting unless you have been directed to do so. (Name, e-mail and comments are required fields.)

+ +ERROR: '. nl2br($error_msg) . "

"; + +if ($result != NULL) + echo '

'. $result . "

"; +?> + +
+ +

+
" />
+
" />
+

+

+

+

+

+ /> +

+
+ + \ No newline at end of file diff --git a/countries.txt b/countries.txt new file mode 100644 index 0000000..8bb094d --- /dev/null +++ b/countries.txt @@ -0,0 +1,197 @@ +Afghanistan +Albania +Algeria +Andorra +Angola +Antigua and Barbuda +Argentina +Armenia +Australia +Austria +Azerbaijan +Bahamas +Bahrain +Bangladesh +Barbados +Belarus +Belgium +Belize +Benin +Bhutan +Bolivia +Bosnia and Herzegovina +Botswana +Brazil +Brunei +Bulgaria +Burkina Faso +Burundi +Cambodia +Cameroon +Canada +Cape Verde +Central African Republic +Chad +Chile +China +Colombia +Comoros +Costa Rica +Cote D'Ivoire +Croatia +Cuba +Cyprus +Czech Republic +Democratic Republic of the Congo +Denmark +Djibouti +Dominica +Dominican Republic +East Timor +Ecuador +Egypt +El Salvador +England +Equatorial Guinea +Eritrea +Estonia +Ethiopia +Fiji +Finland +France +Gabon +Gambia +Georgia +Germany +Ghana +Greece +Grenada +Guatemala +Guinea +Guinea-Bissau +Guyana +Haiti +Honduras +Hungary +Iceland +India +Indonesia +Iran +Iraq +Ireland +Israel +Italy +Jamaica +Japan +Jordan +Kazakhstan +Kenya +Kiribati +Kuwait +Kyrgyzstan +Laos +Latvia +Lebanon +Lesotho +Liberia +Libya +Liechtenstein +Lithuania +Luxembourg +Macedonia +Madagascar +Malawi +Malaysia +Maldives +Mali +Malta +Marshall Islands +Mauritania +Mauritius +Mexico +Micronesia +Moldova +Monaco +Mongolia +Montenegro +Morocco +Mozambique +Myanmar +Namibia +Nauru +Nepal +Netherlands +New Zealand +Nicaragua +Niger +Nigeria +North Korea +Northern Ireland +Norway +Oman +Pakistan +Palau +Panama +Papua New Guinea +Paraguay +Peru +Philippines +Poland +Portugal +Qatar +Republic of the Congo +Romania +Russia +Rwanda +Saint Kitts and Nevis +Saint Lucia +Saint Vincent and the Grenadines +Samoa +San Marino +Sao Tome and Principe +Saudi Arabia +Scotland +Senegal +Serbia +Seychelles +Sierra Leone +Singapore +Slovakia +Slovenia +Solomon Islands +Somalia +South Africa +South Korea +Spain +Sri Lanka +Sudan +Suriname +Swaziland +Sweden +Switzerland +Syria +Tajikistan +Tanzania +Thailand +Togo +Tonga +Trinidad and Tobago +Tunisia +Turkey +Turkmenistan +Tuvalu +Uganda +Ukraine +United Arab Emirates +United Kingdom +United States +Uruguay +Uzbekistan +Vanuatu +Vatican +Venezuela +Vietnam +Wales +Yemen +Zambia +Zimbabwe \ No newline at end of file diff --git a/footer.php b/footer.php new file mode 100644 index 0000000..5d55ebc --- /dev/null +++ b/footer.php @@ -0,0 +1,5 @@ + +

Powered by BellaBuffs

+ + + \ No newline at end of file diff --git a/functions.php b/functions.php new file mode 100644 index 0000000..6f0813b --- /dev/null +++ b/functions.php @@ -0,0 +1,210 @@ +$country[0]"; + } + } + fclose($fh); +} + +function lastupdate($showdetails = 'yes') { + $updatesArray = file(UPDATES); + foreach($updatesArray as $updateValue) { + list($date,$update) = preg_split("/,(?! )/",$updateValue); + echo str_replace('|', ',', $date); + if ($showdetails == "yes" && (!empty($update) || $update != "")) { + echo "
Update Details: " . stripslashes(str_replace('|', ',', $update)); + } + } +} + +function blanklinefix($inputfile) { + ignore_user_abort(true); + $content = file($inputfile); + + if (count($content) > 0) { + $content = array_diff(array_diff($content, array("")), array("\n")); + + $newContent = array(); + foreach ($content as $line) { + $newContent[] = trim($line); + } + $newContent = implode("\n", $newContent); + + $fl = fopen($inputfile, "w+"); + if (flock($fl, LOCK_EX)) { + fwrite($fl, $newContent); + flock($fl, LOCK_UN); + } else { + echo 'The file: '.$inputfile.' could not be locked for writing; the blanklinefix function could not be applied at this time.'; + } + fclose($fl); + } + ignore_user_abort(false); +} + + +function countfile($fileloc) { + $file = file($fileloc); + $count = count($file); + echo $count; +} + +function checkTXTfile($file, $input, $inputtype) { + $Array = array(); + $fh = @fopen($file, "r") or die ("Couldn't open $file."); + while(!feof($fh)) { + $item = fgetcsv($fh, 4096); + + if ($inputtype == "country" || $inputtype == "ip") { + for ($i=0; $i<1; $i++) { + $Array[] = $item[0]; + } + } elseif ($inputtype == "email") { + for ($i=0; $i<1; $i++) { + $Array[] = $item[1]; + } + } + } + fclose($fh); + + if (in_array($input, $Array)) { + return true; + } else { + return false; + } +} + +function addmember($member) { + $data = file_get_contents(NEWBIES); + + $fp = fopen(NEWBIES, "w") or die ("Couldn't open NEWBIES - you weren't added to the fanlisting."); + if (flock($fp, LOCK_EX)) { + fwrite($fp, $member); + flock($fp, LOCK_UN); + } else { + echo 'The file: newbies.txt could not be locked for writing; you could not be added at this time.'; + } + fclose($fp); + + $fp2 = fopen(NEWBIES, "a") or die ("Couldn't open NEWBIES."); + if (flock($fp2, LOCK_EX)) { + fwrite($fp2, $data); + flock($fp2, LOCK_UN); + } else { + echo 'The file: newbies.txt could not be locked for writing; other new members could not be re-added to newbies.txt'; + } + fclose($fp2); + + return true; +} + +function breakEmail($email) { + $email = str_replace('.', 'DOTTY', $email); + $email = str_replace('@', 'ATTIE', $email); + $email = str_replace('-', 'DASHY', $email); + $email = str_replace('_', 'SCORE', $email); + + return $email; +} +function fixEmail($email) { + $email = str_replace('DOTTY', '.', $email); + $email = str_replace('ATTIE', '@', $email); + $email = str_replace('DASHY', '-', $email); + $email = str_replace('SCORE', '_', $email); + + return $email; +} + +function getButtons($width, $height) { + echo "

\n"; + $array = file(BUTTONS); + foreach ($array as $value) { + if (preg_match("/$width,$height/i", $value)) { + list($file,$width2,$height2,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$value); + $donatorUrl = trim($donatorUrl); + if ($donated == "yes") { + if ($donatorUrl != "") { + echo "\"{$width2}x{$height2} \n"; + } else { + echo "\"{$width2}x{$height2} \n"; + } + } else { + echo "\"{$width2}x{$height2} \n"; + } + } + } + echo "

\n"; +} +function getButtonSizes() { + $array = file(BUTTONS); + $buttons_found = array(); + + foreach ($array as $value) { + list($file,$width,$height,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$value); + $buttons_found[] = $width . "x" . $height; + } + $buttons_found = array_unique($buttons_found); + natcasesort($buttons_found); + + echo ""; +} + +function get_data($var) { + if (isset($_POST[$var])) + echo htmlspecialchars($_POST[$var]); +} + +blanklinefix(COUNTRIES); +blanklinefix(IPBLOCKLST); +blanklinefix(MEMBERS); +blanklinefix(NEWBIES); +blanklinefix(SPAMWDS); +blanklinefix(BUTTONS); +blanklinefix(AFFILIATES); +blanklinefix(UPDATES); + +error_reporting(E_ALL); +?> \ No newline at end of file diff --git a/header.php b/header.php new file mode 100644 index 0000000..aa54031 --- /dev/null +++ b/header.php @@ -0,0 +1,29 @@ +This script cannot run unless the .txt files have been uploaded and have write permissions. Please ensure they are CHMODed/have permissions set to 666.

"; + exit; +} ?> + + + + + + + +<?php echo $title; ?> - Powered by BellaBuffs + + + + + + + + + + diff --git a/index.php b/index.php new file mode 100644 index 0000000..fe1a04a --- /dev/null +++ b/index.php @@ -0,0 +1,18 @@ + + +

Welcome to

+ + + + + +

+Members:
+Pending:
+Last Update: +

+ + \ No newline at end of file diff --git a/ipblock.txt b/ipblock.txt new file mode 100644 index 0000000..e69de29 diff --git a/join.php b/join.php new file mode 100644 index 0000000..cd558d1 --- /dev/null +++ b/join.php @@ -0,0 +1,206 @@ +The text you entered didn't match the image, please try again.

"; + include('footer.php'); + exit; + } + if (isset($_SESSION['key']) && isset($_COOKIE[session_name()])) { + setcookie(session_name(), '', time()-36000, '/'); + $_SESSION = array(); + session_destroy(); + } + } else { + echo "

The text you entered didn't match the image, please try again.

"; + include('footer.php'); + exit; + } + } + include_once('header.php'); + + if (isBot() !== false) + $error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'] . "\r\n"; + + if (substr_count($_POST['comments'], 'http://') > 1) + $error_msg .= "Too many URLs; we've assumed you're spam and 'lost' your application. Please try again without any extra URLs if you're a geniune person :)\r\n"; + + $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i"; + if (filesize(SPAMWDS) > 0) $spamlist = file(SPAMWDS); + + foreach ($_POST as $key => $val) { + if (isset($spamlist)) { + foreach ($spamlist as $spamword) { + if (preg_match("/(".trim($spamword).")/i", $val)) { + $error_msg .= "Your join application contains words in the spam list, please go back and remove references to obvious 'spam' material.\r\n"; + } + } + } + if (preg_match($exploits, $val)) + $error_msg .= "No meta injection, please.\r\n"; + + if (preg_match("/(<.*>)/i", $val)) + $error_msg .= "No HTML, please.\r\n"; + + $clean[$key] = cleanUp($val); + } + + // set default values for empty/unset fields + if (empty($clean['dispemail'])) + $clean['dispemail'] = "no"; + + if (!isset($favefield) || $favefield == "no" || !isset($clean['fave'])) + $clean['fave'] = NULL; + + // let's do some security and spam checks + if (empty($clean['name']) || empty($clean['email']) || empty($clean['country'])) + $error_msg .= "Name, e-mail and country are required fields. \r\n"; + if (!preg_match("/^[a-zA-Z-'\s]*$/", $clean['name'])) + $error_msg .= "That name is not valid. Your name must contain letters only, and must be less than 15 characters. \r\n"; + if ($clean['dispemail'] != "yes" && $clean['dispemail'] != "no") + $error_msg .= "You didn't choose whether or not you'd like to show your e-mail address on the member list. \r\n"; + if ($clean['fave'] != "" && (!preg_match("/^[a-zA-Z0-9-'\s]*$/", $clean['face']) || strlen($clean['fave']) > 20)) { + $error_msg .= "Your chosen \"favourite\" is not valid. It must contain letters and numbers only, and must be less than 20 characters. \r\n"; + if (!preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' . '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower($clean['email']))) + $error_msg .= "The email address you have used is not valid. \r\n"; + if (!empty($clean['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $clean['url'])) + $error_msg .= "The website url you provided is not valid. Please remove and try again or fix the URL.\r\n"; + if ($clean['country'] == "null" || (filesize(COUNTRIES) > 0 && checkTXTfile(COUNTRIES, $clean['country'], "country") === false)) { + $error_msg .= "Please select a valid country. \r\n"; + + if (filesize(IPBLOCKLST) > 0 && checkTXTfile(IPBLOCKLST, $_SERVER['REMOTE_ADDR'], "ip") === true) { + echo "

Your IP is in the block list, that means you're not allowed to join at this time. \r\n

"; + exit(include('footer.php')); + } + if (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($clean['email']), "email") === true) { + echo "

You're already in the pending queue, you can't join twice!

\n"; + exit(include('footer.php')); + } + if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($clean['email']), "email") === true) { + echo "

You're already a member of the fanlisting, you can't join twice!

\n"; + exit(include('footer.php')); + } + + if ($error_msg == NULL) { + $show_form = false; + + // attempt to break email to piss off spammers :p + $clean['email'] = breakEmail(strtolower($clean['email'])); + + // send off some emails + if ($emailnewbies == "yes") { + $subject = "Thank you for joining $title"; + + $message = $thanksjoinMsg; + $message .= "Name: {$clean['name']} \n"; + $message .= "Email: " . fixEmail($clean['email']) . " \n"; + $message .= "URL: {$clean['url']} \n"; + $message .= "Country: {$clean['country']} \n"; + if (isset($favefield) && $favefield == "yes") { + $message .= "$favetext: {$clean['fave']} \n"; + } + $message .= "Comments: {$clean['comments']} \n\n"; + + if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $headers = "From: $admin_email \n"; + $headers .= "Reply-To: $admin_email"; + } else { + $headers = "From: $title <$admin_email> \n"; + $headers .= "Reply-To: <$admin_email>"; + } + + mail(fixEmail($clean['email']),$subject,$message,$headers); + } + if ($emailadmin == "yes") { + $subject = "New member at $title"; + + $message = "There's a new member at your $FLsubject fanlisting with the following details: \n\n"; + + $message .= "Name: {$clean['name']} \n"; + $message .= "Email: " . fixEmail($clean['email']) . " \n"; + $message .= "URL: {$clean['url']} \n"; + $message .= "Country: {$clean['country']} \n"; + if (isset($favefield) && $favefield == "yes") { + $message .= "$favetext: {$clean['fave']} \n"; + } + $message .= "Comments: {$clean['comments']} \n"; + $message .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n"; + + $message .= "Manage members: {$FLurl}/admin.php?ap=manage_members&s=newbies"; + + if (!strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $headers = "From: $admin_email \n"; + $headers .= "Reply-To: " . fixEmail($clean['email']) . ""; + } else { + $headers = "From: $title <$admin_email> \n"; + $headers .= "Reply-To: <" . fixEmail($clean['email']) . ">"; + } + + mail($admin_email,$subject,$message,$headers); + } + + // add the member to the newbies txt file + if (addmember("$clean[name],$clean[email],$clean[dispemail],$clean[url],$clean[country],$clean[fave]\n")) { + echo "

Thank You

\n

Thank you for joining $title, the fanlisting for $FLsubject!

"; + } else { + echo "

Oh Dear!

\n

Your application could not be added at this time. Please contact the owner of the fanlisting for help.

"; + } + } +} +if (!isset($_POST['submit']) || $show_form == true) { + require_once('prefs.php'); + include_once('header.php'); + +?> +

Join the Fanlisting

+

To join the fanlisting, fill in your details below. Please do not use this form to update; use the update form instead.

+ +

(Name, E-mail and Country are required fields.)

+ +ERROR:
"; + echo nl2br($error_msg) . "

"; + } + if (isset($_POST['country'])) $country = $_POST['country']; else $country = NULL; +?> + +

+
" />
+
" />
+
+ Yes + No
+
" />
+

+ +
" />
+ +
+

+ +

+ +

+ + \ No newline at end of file diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..6798036 --- /dev/null +++ b/logout.php @@ -0,0 +1,13 @@ +You are now logged out.

"; + +include('footer.php'); +?> \ No newline at end of file diff --git a/members.php b/members.php new file mode 100644 index 0000000..1fd4136 --- /dev/null +++ b/members.php @@ -0,0 +1,147 @@ +Could not open members file. Please verify permissions (CHMOD - 666) and actual existence.

"; +} else { + if (filesize(MEMBERS) > 0) { + $members = file(MEMBERS); + $queryURL = ""; + + if (isset($_GET['s']) && $_GET['s'] == "sortName") { + natcasesort($members); + $members = array_values($members); + + $queryURL = "&s=sortName"; + } elseif (isset($_GET['s']) && $_GET['s'] == "sortCountry") { + $countryArray = file(COUNTRIES); + foreach($countryArray as $country) { + $countryArray[] = rtrim($country); + } + if (!isset($_GET['c']) || in_array($_GET['c'], $countryArray) === FALSE) { + // find out who has joined with which country and stick them in an array + foreach ($members as $mem) { + list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$mem); + $newArray[] = $country; + } + // count each time country occurs + $countryCount = array_count_values($newArray); + + // sort the array so that the countries are in alphabetical order + $newArray = array_unique($newArray); + natcasesort($newArray); + + // display the countries + echo ""; + exit(include("footer.php")); + } else { + foreach ($members as $key => $memb) { + list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$memb); + if (preg_match("/($_GET[c])/i", $country)) { + $NEWmembers[] = "$name,$email,$dispemail,$url,$country,$fave"; + } + } + + $members = $NEWmembers; + natcasesort($members); + $members = array_values($members); + unset($NEWmembers); + + $queryURL = "&s=sortCountry&c=".urlencode($country); + } + } + + $count = count($members); + $numpages = ceil($count/$perpage); + + if ($perpage < $count) { + echo "

$count members | "; + + if (isset($_GET['page']) && $_GET['page'] > 1 && $_GET['page'] <= $numpages) { + $prev = $_GET['page'] - 1; + echo "Prev · "; + } else { + echo "Prev · "; + } + for ($x=1; $x<=$numpages; $x++) { + if ((isset($_GET['page']) && $x == $_GET['page']) || (!isset($_GET['page']) && $x == 1)) { + echo "$x "; + } else { + echo "$x "; + } + } + if ((!isset($_GET['page'])) || (isset($_GET['page']) && $_GET['page'] < $numpages)) { + if (!isset($_GET['page'])) { + $_GET['page'] = 1; + } + $next = $_GET['page'] + 1; + echo " · Next"; + } else { + echo " · Next"; + } + echo "

\n\n "; + } else { + echo "

$count members

"; + } + if (isset($_GET['page']) && is_numeric($_GET['page'])) { + $i=$perpage*($_GET['page']-1); + } else { + $i=0; + } + $end = $i + $perpage; + + if ($end > $count) { $end = $count; } + +?> + + {$favetext}"; } ?> + + + + "; + } else { + $email = "e-mail"; + } + if (empty($url) || $url == "http://") $url = "www"; else $url = "www"; + + echo " + + + + "; + if (isset($favefield) && $favefield == "yes") { echo ""; } + echo ""; + + $i++; + } +?> +
Name E-mail Website Country
$name$email$url $country" . str_replace('|', ',', stripslashes($fave)) . "
+ +

Sort by Name · Sort by Country

+No members have joined yet!

"; + } +} +include('footer.php'); ?> \ No newline at end of file diff --git a/members.txt b/members.txt new file mode 100644 index 0000000..e69de29 diff --git a/newbies.txt b/newbies.txt new file mode 100644 index 0000000..e69de29 diff --git a/prefs.php b/prefs.php new file mode 100644 index 0000000..2e8172f --- /dev/null +++ b/prefs.php @@ -0,0 +1,43 @@ + \ No newline at end of file diff --git a/spamwds.txt b/spamwds.txt new file mode 100644 index 0000000..3afc547 --- /dev/null +++ b/spamwds.txt @@ -0,0 +1,279 @@ +asshole +bastard +beastial +bestial +bitch +blowjob +clit +cock +cum +cunilingus +cunillingus +cunnilingus +cunt +dink +dinks +ejaculate +fag +felatio +fellatio +fuck +fuk +fuks +gangbang +gangbanged +gangbangs +goddamn +horniest +horny +hotsex +jism +jiz +kock +kondum +kum +kunilingus +lust +lusting +nigger +niggers +orgasim +orgasims +orgasm +orgasms +phonesex +phuk +phuq +porn +prick +pussies +pussy +shited +shitfull +shiting +shitings +shitted +shitter +shitters +shitting +shittings +slut +sluts +smut +spunk +twat +xxx +abercrombie +acadia +activistmagazine +adipex +advair +advait +adware +aguilera +airline +aktivex +aleuzeneve +allegra +alprazolam +alproot +ambian +ambien +ameriquest +amigo +amoxicillin +antivert +aphthasol +aristocort +asitehost +atarax +ativan +backgammon +baldness +bankrupcy +bentyl +bestmovies +bestop +bingo +biz +blackjack +blogshot +blowjob +bondage +bonsai +buon +buspar +busty +cadillac +carburatore +carisoprodol +cascata +cashette +casino +cavalli +caverta +celexa +chevrolet +chinaartgallery +cialis +cigarette +cipro +ciprofloxacin +claritin +comunalia +comunicazione +consolidation +danazol +dating +debt +deliver +diazepam +diflucan +digoxin +discount +drug +ebony +ecard +ejaculation +emeets +ephedra +evista +exelon +fetish +fisting +flexeril +flomaxonline +forex +formular +fotti +gallup +gambling +gangbang +hairlossmale +handbag +hanghonggongshi +hawaii +hellow +hentai +holdem +homebuymail +hoop +hydrocodone +insurance +investing +jeezy +jennajameson +joesmitt +levaquin +levitra +lipitor +lixium +lotto +lukxi +luminoso +luogo +medication +medicine +meds +medved +meridia +milf +mortage +mortgage +mortgage +nano +nemoforone +network54 +neurontin +nexium +noonhost +nude +online +oscilloscope +pantyhose +paxil +pehntermine +penis +percocet +pharmacy +phendimetrazine +phentermine +phentermnie +phentremine +pill +playboy +poker +pokerstars +pontiac +porn +pregnancy +propecia +prozac +purse +pursefiling +ranitidine +rectal +rental +replica +ringtone +ringtones +ritalin +rolex +roulette +roullette +sesso +sex +shemale +shurl +silagra +skpialml1 +slot +slots +smoking +softcracks +sogonet +soho +solyak1 +soma +soulfeet +spank +spartan +spyware +stalb0 +steroid +striptease +sunglasses +tamiflu +tits +toledo +topfarm +tramadol +tranny +url= +v1tamin +vaccum +valium +valtrex +vassar +verison +vi5ta +viagra +vicodin +vinokurov +virgilio +virtualcar +warez +watches +wboard +wellbutrin +wirless +www12 +wwww +xanax +xenical +xoom +xoomer +xrumer +yahho +zole +zoloft \ No newline at end of file diff --git a/stylesheet.css b/stylesheet.css new file mode 100644 index 0000000..43d9596 --- /dev/null +++ b/stylesheet.css @@ -0,0 +1,35 @@ +body { + font: 11px/15px Verdana, Sans-Serif; +} +img { border: 0; } + +td { padding: 3px; } + +#navigation { + list-style-type: none; + margin: 0; + padding: 0; +} + #navigation li { + display: inline; + padding: 2px 8px; + } + +/* control row colours in admin */ +.literow { background: #fff; } +.darkrow { background: #ddd; } + +/* error/success msg colours on forms */ +p.error, p.success { + font-weight: bold; + padding: 10px; + border: 1px solid; +} +p.error { + background: #ffc0c0; + color: #900; +} +p.success { + background: #b3ff69; + color: #4fa000; +} \ No newline at end of file diff --git a/update.php b/update.php new file mode 100644 index 0000000..e5032bc --- /dev/null +++ b/update.php @@ -0,0 +1,135 @@ +The text you entered didn't match the image, please try again.

"; + include('footer.php'); + exit; + } + if (isset($_SESSION['key']) && isset($_COOKIE[session_name()])) { + setcookie(session_name(), '', time()-36000, '/'); + $_SESSION = array(); + session_destroy(); + } + } else { + echo "

The text you entered didn't match the image, please try again.

"; + include('footer.php'); + exit; + } + } + include_once('header.php'); + + if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") { + echo "

Accessing this page directly is not allowed.

\n\n"; + include('footer.php'); + exit; + } + + $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload)/i"; + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + + if (filesize(SPAMWDS) > 0 && (checkTXTfile(SPAMWDS, $val, "spamword") === true)) { + echo "

Your application contains words in the spam list, that means you're not allowed to join at this time. \n

"; + exit(include('footer.php')); + } + if (preg_match($exploits, $val)) { + echo "

No meta injection, please. \n

"; + exit(include('footer.php')); + } + } + if ((filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail(strtolower($clean['email'])), "email") === true) || (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail(strtolower($clean['email'])), "email") === true)) { + if (empty($clean['name']) || empty($clean['email'])) { + echo "

Name and e-mail are required fields. Please go back and try again.\n

"; + exit(include('footer.php')); + } elseif (!ereg("^[A-Za-z' -]",$clean['name']) || strlen($clean['name']) > 15) { + echo "

That name is not valid. Your name must contain letters only, and must be less than 15 characters. Please go back and try again.\n

"; + exit(include('footer.php')); + } elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($clean['email']))) { + echo "

Your old e-mail address is not valid. Please go back and try again.\n

"; + exit(include('footer.php')); + } elseif (!empty($clean['newemail']) && !ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($clean['newemail']))) { + echo "

Your new e-mail address is not valid. Please go back and try again.\n

"; + exit(include('footer.php')); + } + + $subject = "Update member at $title"; + + $message = "A member at your $FLsubject fanlisting wants updating with following details: \n\n"; + + $message .= "Name: {$clean['name']} \n"; + $message .= "Email: ".strtolower($clean['email'])." \n"; + $message .= "New Email: {$clean['newemail']} \n"; + $message .= "New URL: {$clean['newurl']} \n"; + $message .= "Country: {$clean['country']} \n"; + $message .= "Comments: {$clean['comments']} \n"; + $message .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n"; + + $message .= "Manage members: {$FLurl}/admin.php"; + + if (!strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $headers = "From: $admin_email \n"; + $headers .= "Reply-To: $clean[email]"; + } else { + $headers = "From: $title <$admin_email> \n"; + $headers .= "Reply-To: <$clean[email]>"; + } + + if (mail($admin_email,$subject,$message,$headers)) { + echo "

Update Sent!

\n

Your updated information has been sent.

"; + } else { + echo "

Oops!

\n

Your updated information could not be sent this time, please contact the fanlisting owner.

"; + } + } else { + echo "

You're not a member! Only current members can update their information.

\n"; + include('footer.php'); + exit; + } + break; + default: + require_once('prefs.php'); + include_once('header.php'); +?> + +

Update Your Details

+

To update your details, fill in your information below. Please do not use this form to join; use the join form instead.

+ +

(Name, Old E-mail and Country are required fields.)

+ +

+

+

+

+
+ Yes + No
+

+

+ +
+

+ +
+
+ +

+ + \ No newline at end of file diff --git a/updates.txt b/updates.txt new file mode 100644 index 0000000..e69de29