From 884256130ed226c22cd9d3ee0c083f1d005b7844 Mon Sep 17 00:00:00 2001 From: jemjabella Date: Mon, 21 May 2012 13:42:55 +0100 Subject: [PATCH] version 2 in progress --- README.txt | 230 +++++++++ admin-icons/accept.png | Bin 0 -> 781 bytes admin-icons/delete.png | Bin 0 -> 587 bytes admin-icons/edit.png | Bin 0 -> 714 bytes admin.php | 1117 ++++++++++++++++++++++++++++++++++++++++ affiliates.php | 19 + affiliates.txt | 0 buttons.php | 26 + buttons.txt | 0 captcha.jpg | Bin 0 -> 6056 bytes captcha.php | 17 + contact.php | 115 +++++ countries.txt | 197 +++++++ footer.php | 5 + functions.php | 210 ++++++++ header.php | 29 ++ index.php | 18 + ipblock.txt | 0 join.php | 206 ++++++++ logout.php | 13 + members.php | 147 ++++++ members.txt | 0 newbies.txt | 0 prefs.php | 43 ++ spamwds.txt | 279 ++++++++++ stylesheet.css | 35 ++ update.php | 135 +++++ updates.txt | 0 28 files changed, 2841 insertions(+) create mode 100644 README.txt create mode 100644 admin-icons/accept.png create mode 100644 admin-icons/delete.png create mode 100644 admin-icons/edit.png create mode 100644 admin.php create mode 100644 affiliates.php create mode 100644 affiliates.txt create mode 100644 buttons.php create mode 100644 buttons.txt create mode 100644 captcha.jpg create mode 100644 captcha.php create mode 100644 contact.php create mode 100644 countries.txt create mode 100644 footer.php create mode 100644 functions.php create mode 100644 header.php create mode 100644 index.php create mode 100644 ipblock.txt create mode 100644 join.php create mode 100644 logout.php create mode 100644 members.php create mode 100644 members.txt create mode 100644 newbies.txt create mode 100644 prefs.php create mode 100644 spamwds.txt create mode 100644 stylesheet.css create mode 100644 update.php create mode 100644 updates.txt diff --git a/README.txt b/README.txt new file mode 100644 index 0000000..de52c5f --- /dev/null +++ b/README.txt @@ -0,0 +1,230 @@ +//-------------------- +// READ ME +//-------------------- +BellaBuffs v2 Copyright © Jem Turner 2006-2012 + +You are free to customise BellaBuffs (php code, style, appearance) +as much as you like providing the link to http://www.jemjabella.co.uk +remains ON the fanlisting management script. Because I'm a tightarse. + +Installation of BellaBuffs is at your own risk. By using BellaBuffs +you agree not to hold Jem Turner of jemjabella.co.uk responsible for +any damages that may occur upon installing BellaBuffs or related plugins. +You also agree not to sell copies of the script, or services relating to the +script (i.e. installation, customisation, etc) without written permission +of Jem Turner. Because I'm a tightarse. + +Support is currently on hold while I pop out sprogs. +Check the Girls Who Geek forums as most questions have already been answered: +http://girlswhogeek.com/forums/forum/jemjabella-scripts + + + +//-------------------- +// INSTRUCTIONS +//-------------------- +1. Customise prefs.php - set your username, password and various preferences (yes or no etc) +2. Upload all of the files to a directory +3. CHMOD all of the txt files to 666 - this makes them writeable +4. CHMOD the buttons directory to 777 +(BEWARE: can be a security risk! CHMOD 'buttons' to 755 when not using the upload feature) + +NOTE: some hosts run PHP as CGI, which usually eradicates the need to change +the permissions on files and folders. Try joining as a test member before +CHMODing any files to see if this is true for you. This makes the script more +secure overall. If you get an error, CHMOD the files as above. + + +__________________________ HOW DO I CHMOD/CHANGE FILE PERMISSIONS? + +There are lots of tutorials on CHMODing which can be found through Google: +http://www.google.com/search?q=chmod+tutorial + + +__________________________ HOW DO I ADD A LAYOUT TO MY FANLISTING? + +The script is set up to use the popular header/footer include system. That +means you add the 'top' of your layout - things like divs, header images +etc. to the header.php file and the bottom of your layout - closing notices +and copyright signs - to the footer.php file. + +For more information on PHP includes (for layout purposes) see this tutorial: +http://girlswhogeek.com/tutorials/2006/php-includes + + +__________________________ HOW DO I UPDATE MY FANLISTING? + +Open your admin panel - this will be located in your online BellaBuffs folder +as admin.php. E.g. http://your-domain.com/bellabuffs/admin.php + +Login and choose "Add Update". The date will automatically be inserted for you +into the form with the timestamp format set in config.php + +Add your update. If you have no details, leave the details field blank and only +the date will be updated. Each update will replace the previous. + + +__________________________ HOW DO I ADD A BUTTON/CODE? + +Open your admin panel - this will be located in your online BellaBuffs folder +as admin.php. E.g. http://your-domain.com/bellabuffs/admin.php + +Login and choose "Add Button". Find the button/code on your computer. + +If the button was donated, fill in the fields. If not, leave them blank. Buttons +will automatically be added and sorted on the buttons.php page. + + +__________________________ HOW DO I DISPLAY THE MEMBER/BUTTON/ETC COUNT? + +This is done using the custom countfile() function. Simply add the +name of the file, as defined in config.php, between the brackets. + +For example, to count the members, put: +..to count the newbies: +..to count the buttons: .. etc. + + +__________________________ WHAT'S A CAPTCHA? + +A captcha is generally an image that is automatically generated with a mixture of +letters and numbers on it that a person must fill out exactly right before they +are able to submit information through a form - in the case of the BellaBuffs +captcha, before they are allowed to join. + +Because captchas are image based, they have accessibility implications. Please +consider those who browse with images turned off and/or those with eyesight +related disabilities before turning on the captcha - it is only needed if you suffer +from large amounts of bot-based spam. + +You can read more about captchas at wikipedia: http://en.wikipedia.org/wiki/Captcha + + +__________________________ I AM LISTED AT THEFANLISTINGS.ORG, CAN I USE THE CAPTCHA? + +I contacted the Senior Staff of TheFanlistings.Org because I wasn't sure - I was +told that the usage of captchas is allowed providing an alternative method is +displayed so that users who cannot for some reason display/use the captcha can +join too. This means that you MUST link to an e-mail address or other method of +contact as an alternative if you use the captcha. + + +__________________________ CAN I MANAGE MULTIPLE FANLISTINGS THROUGH BELLABUFFS? + +You will need to install a separate version of BellaBuffs for each fanlisting you +wish to have on your site. Also, there is currently no collective feature for +BellaBuffs so each fanlisting has to be managed through it's own admin panel. + + + +//-------------------- +// FEATURES +//-------------------- +* Spam word and IP blocking +* Valid country checking to prevent text injection +* E-mail scrambling and JavaScript protection +* Optional favourites field and spam-preventing captcha +* 'Paginate' members in admin panel too +* Sort members by country/join date +* Button ('code') upload & management +* Affiliate management (inc. button upload) +* Valid XHTML Transitional by default +* Auto-update date when approving member +* Optional update 'details' (single-entry) log + +//-------------------- +// FIXES IN VERS 2 +//-------------------- +- Update to countries list, as provided by Haley +- Updated contact form based on latest vers of Jem's PHP Mail Form (jemsmailform.com) +- New functions in functions.php for contact.php +- Updated join form to fix deprecated ereg errors + update spammy checks +- $maxpoints added to prefs.php + + +//-------------------- +// FIXES IN VERS 1b-1f +//-------------------- +In admin.php on line 216, !ctype_digit($line) replaced with !ctype_digit($_GET['mem']) +In join.php on line 62, checkTXTfile(SPAMWDS, $clean['name'] replaced with (checkTXTfile(SPAMWDS, $clean['name'] +In join.php on line 62, checkTXTfile(SPAMWDS, $clean['fave'], "spamword") === true) { replaced with checkTXTfile(SPAMWDS, $clean['fave'], "spamword") === true)) { +More rigorous testing of file names added to prevent broken images if a comma is in button/affiliate file name. +Added check to see if member exists before sending update info form +Search functionality added to admin panel +Added meta injection checks (this should have been added before the script was released!) + +//-------------------- +// FIXES IN VERS 1g-1k +//-------------------- +Fixed XHTML validity issue in admin.php (Thank you Shawna: http://www.eruantale.net) +Added extra checks to join.php & update.php, fixed email check in update.php +Fixed issue with uppercase emails being used in admin search + +//-------------------- +// FIXES IN VERS 1h: Suggestions and bug reports courtesy of Tea P. (http://colorfilter.net) +//-------------------- +Fixed XHTML validity issue in form textareas in: join.php, update.php and contact.php +Changed value of submit button in contact.php (copy&paste error!) +Included footer.php in join.php error messages +Added fixEmail() to "Reply-To: " in e-mail admin section of join.php +Added "Please select a country:" option to join.php and update.php +Added dynamic link to approved/pending members edit section after editing member +Added count of members for each country in members.php +Changed broken $email to $admin_email in "Reply-To: " in approval section of admin.php +More sanitisation of dispemail in join.php to prevent empty lines/commas being submitted +Further improvements to cleanUp() in config.php to strip stray new lines not caught by trim() + +//-------------------- +// FIXES IN VERS 1l-1p +//-------------------- +Fixed typos/wording errors in join.php, contact.php and update.php (Thanks Julie: http://jul13.ju.funpic.org) +checkTXTfile() function altered (config.php) to use in_array instead of preg_match +Footer link changed to match new URL (jemjabella.co.uk/scripts) +Closed file after blanklinefix() (config.php) as a safety precaution +Fixed data sanitisation bug in join.php caused by fix in 1k +Altered lastupdate() function making details optional (config.php) +Fixed dynamic "approve more members"/"no members to be approved" link (admin.php) +Fixed IP issue (blocked IPs caused country error) in config.php & join.php (Thanks Michele: http://www.absolutetrouble.com) +Changed captcha image to make it harder for bots to separate colours + +//-------------------- +// FIXES IN VERS 1q-1t +//-------------------- +Fixed pagination bug created by optimisation in version 1m +Modified join.php to display inline errors; additional spam protection +Implemented two potential fixes for those losing members due to script time-out (config.php) +More tidying of admin.php to reduce superfluous code +Separated functions and preferences to allow for easier upgrading (config.php renamed to prefs.php) +Added "edit affiliate" and "edit button" button replacement functionality +Improved security to reduce CSRF risk (admin.php) +Implemented checkbox for mass approve & delete (admin.php) +Alternating row colours to visually distinguish members (admin.php) +Added default sort option, oldest or newest first (prefs.php, admin.php) +Populated spam words list with common spam and profanity (spamwds.txt) +Further user agent checking to defeat bots (join.php) +Fixed blank fave error caused by changes in 1r (join.php) +Added new line to admin.php when sorting members by oldest first + + +//-------------------- +// CREDITS +//-------------------- +Mucho thanks go to the following people for helping with BellaBuffs: + +Amelie - http://not-noticeably.net +Katy - http://cathode-ray-coma.co.uk + +Amelie and Katy were there for my constant swearing, frustrated +coding-related ramblings, bug testings, suggestions, snippy "I know best" +responses and major dense moments. Without them, this script would +not exist, and my partner Karl would get a lot more earache. + +The following others also helped with last minute beta/bug testing: + +Julie - http://jul13.ju.funpic.org +Frosty - http://telperionworld.com +Jenny - http://www.prism-perfect.net +Ang - http://www.silencia.net +Ilona - http://www.puwing.com +Tea P. - http://colorfilter.net +Michele - http://www.absolutetrouble.com \ No newline at end of file diff --git a/admin-icons/accept.png b/admin-icons/accept.png new file mode 100644 index 0000000000000000000000000000000000000000..89c8129a490b329f3165f32fa0781701aab417ea GIT binary patch literal 781 zcmV+o1M>WdP)4-QibtN)VXQDpczE`xXAkUjh%RI>;okxb7K@0kpyQ1k_Y(|Oe7$m(^ zNYX>mI||sUbmn+c3<&FnE=4u#()KBS^SH8e)Qs5i!#lY=$-1gbH6VluzU=m=EP78&5vQ z-?+fFP-G2l&l_QzYealK$;1Rl?FkzXR&Jv@fBPNjCr#AYRyJ7UJQ0v#?)7Ott=>3`#-pV!7>9}>Q1jL)H6h&gkP@3nI=+F3nA~M>u#(n* z8T!#8oEw&-mED4!h4s!N@Jo3S7N&Q6%6l3}nlcd~X@>;uelvPsSkXIgg~e+^T1zSf z3SNj(5%jK~i8@b;CFS^-G}e*;M)Q6>s#cP zI`Y#S($G6W`W@NI5g|L-MKl0Zmu$m^(0~^Lwo5OO~d#(vPfzMscT0g(~ZNI{bH#Y_Utm11j?0+FF&hK-qRX-TePYY3~f zgtoM;)~2M+AJew!(sr+7^KN&$cgxoJcJAGZGzzQ(AD(j#=leYm&p8hTfchUO*=18r zr!~koJq|$qh+zB()q@3G>7PU6y;(H$c~Nhe#3lU)C~l9VR_BJ=;N(S}WT3GGbJ~$L zY!^k>SWYq!Z~hmmJ4PWHsEvN4)9Gy^Z?)wOR0E3;1OdDR51!|xxx?Z3jR~6$3lGcS zw`wrecMQ|rMHQ4-uw*icvKH@8Qe-U(ejNgB1!Gqt;e8II!iaktI@}570bpEkH@7b5obwc$sUX75)sc{ zLoV$^I#`Q!&qeqKv2}x;Q6ZOcK?qbLvr>-a zyc(hY)2O@Nn=hiGX9AH(WK#{q_3OcQFyqRCxB{6^XTi-jVaae3jL(UZMoZqHPUiu` zFod;2WZ-*e#Qe)flJ*;9mgV@eat;ZSNkD%BUpZPjbEd(ZH>lOVM>tFq!k`K6p&rZ) zt12-&(V<8oA9F-Oc!oCq@PvQW{0``D3AONE*fZt6-G6K6?>+q?gw;DtTL1t607*qoM6N<$g3ymi=>Px# literal 0 HcmV?d00001 diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..e499345 --- /dev/null +++ b/admin.php @@ -0,0 +1,1117 @@ +Warning: Do not try to edit multiple members at once, do not try to approve and delete the same member.

"; + + $count = count($file); + if ($count == 0) { echo '

No '.$wording.' members at this time.

Back to admin panel?

'; exit(include('footer.php')); } + + echo '

'.$count.' '.$wording.' members | '; + $numpages = ceil($count/$perpage); + + echo "pages: "; + for ($x=1; $x<=$numpages; $x++) { + echo ''; + if (isset($_GET['page']) && $x == $_GET['page']) { + echo "$x"; + } else { + echo "$x"; + } + echo " "; + } + echo "

\n\n "; + + if (isset($_GET['page']) && is_numeric($_GET['page'])) $i = $perpage * ($_GET['page'] - 1); + else $i = 0; + + $end = $i + $perpage; + + if ($end > $count) $end=$count; +?> +
+ + " /> + + + Fave"; } ?> Add'; ?> + +'; + $email = ""; + if (empty($url) || $url == "http://") $url = "www"; else $url = "www"; + + echo " "; + if (isset($favefield) && $favefield == "yes") echo ""; + + if (isset($_GET['s']) && $_GET['s'] == "newbies") + echo ''; + + echo ''; + echo ''; + echo "\r\n"; + + $i++; + } +?> +
Name E-mail Website Country Edit Delete
$name $email $url $country" . str_replace('|', ',', $fave) . "edit
+

'."\r\n
"; + + echo "

Back to admin panel?

"; + break; + case "do_action": + if (!isset($_POST['token']) || $_POST['token'] != md5($secret)) exit("

Invalid token.

"); + + if (isset($_POST['appr']) && is_array($_POST['appr'])) { + $newbies = file(NEWBIES); + $approved = array(); + + foreach ($_POST['appr'] as $member => $value) { + if (is_numeric($member) && array_key_exists($member, $newbies)) { + $approved[] = $newbies[$member]; + unset($newbies[$member]); + } + } + + $newbies = implode("", $newbies); + $fh = fopen(NEWBIES, "w"); + fwrite($fh, $newbies); + fclose($fh); + + if ($emailapproval == "yes") { + $apprAmount = count($approved); + $i = 0; + while ($i < $apprAmount) { + list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$approved[$i]); + + $subject = "You have been approved at $title"; + + $message = $approvalMsg; + $message .= "Name: {$name} \r\n"; + $message .= "Email: " . fixEmail($email) . " \r\n"; + $message .= "URL: {$url} \r\n"; + $message .= "Country: {$country} \r\n"; + if (isset($favefield) && $favefield == "yes") $message .= strip_tags($favetext) . ": {$fave} \r\n"; + + if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) $headers = "From: $admin_email \n"; + else $headers = "From: $title <$admin_email> \n"; + + mail(fixEmail($email),$subject,$message,$headers); + + $i++; + } + } + + if (isset($defaultSort)) { + if ($defaultSort == "newest") { + $newmembers = implode("", $approved) . "\r\n"; + $olddata = file_get_contents(MEMBERS); + + $fp = fopen(MEMBERS, "w"); + fwrite($fp, $newmembers); + fclose($fp); + + $fp = fopen(MEMBERS, "a") or die ("Couldn't open members.txt"); + fwrite($fp, $olddata); + fclose($fp); + } elseif ($defaultSort == "oldest") { + $newmembers = "\r\n" . implode("", $approved); + + $fp = fopen(MEMBERS, "a") or die ("Couldn't open members.txt"); + fwrite($fp, $newmembers); + fclose($fp); + } else { + exit("

Invalid sort option in prefs.php: please ensure you use 'newest' or 'oldest'.

"); + } + } else { + exit("

No sort option in prefs.php: please ensure you're running the latest version.

"); + } + + if (isset($updateDate) && $updateDate == "yes") { + $update = "\n" . date($timestamp) . ",New member(s) added"; + + $fp = fopen(UPDATES, "w") or die ("Couldn't open UPDATES - the update could not be stored."); + fwrite($fp, $update); + fclose($fp); + } + + blanklinefix(NEWBIES); + blanklinefix(MEMBERS); + + echo "

Member(s) approved.

"; + } + if (isset($_POST['del']) && is_array($_POST['del'])) { + if (isset($_POST['fileloc'])) + $fileloc = basename($_POST['fileloc']); + else exit; + + $members = file(MEMBERS); + $newbies = file(NEWBIES); + + foreach ($_POST['del'] as $member => $file) { + if (is_numeric($member)) { + if ($fileloc == "newbies.txt" && array_key_exists($member, $newbies)) unset($newbies[$member]); + elseif ($fileloc == "members.txt" && array_key_exists($member, $members)) unset($members[$member]); + } + } + if ($fileloc == "newbies.txt") $backlink = 'Delete other pending members?'; else $backlink = 'Delete other approved members?'; + + $members = implode("", $members); + $newbies = implode("", $newbies); + + $fh = fopen(MEMBERS, "w"); + fwrite($fh, $members); + fclose($fh); + + $fb = fopen(NEWBIES, "w"); + fwrite($fb, $newbies); + fclose($fb); + + echo '

Member(s) deleted.

'; + } + echo '

Jump to: members / pending members

'; + echo '

Back to admin panel?

'; + break; + case "edit_member": + echo "

Note: editing a member will not approve them. You must do this separately.

"; + + if (!isset($_GET['mem']) || $_GET['mem'] == "" || !ctype_digit($_GET['mem'])) { + echo "

You didn't select a valid member.

"; + include('footer.php'); + exit; + } elseif (!isset($_GET['file']) || $_GET['file'] == "" || !file_exists($_GET['file'])) { + echo "

You didn't select a valid file.

"; + include('footer.php'); + exit; + } else { + if (is_numeric($_GET['mem'])) $mem = $_GET['mem']; else exit("Oops, not a valid member number."); + if (file_exists($_GET['file'])) $file = $_GET['file']; else exit("Oops, the important .txt files don't exist!"); + + $fh = fopen($file, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + if (empty($content[$mem])) { + echo "

That member does not exist.

"; + include('footer.php'); + exit; + } + + $memary = preg_split("/,(?! )/", $content[$mem]); + if (isset($memary['5'])) { + $memary['5'] = stripslashes(trim($memary['5'], "\"\x00..\x1F")); + } else { + $memary['4'] = trim($memary['4'], "\"\x00..\x1F"); + } +?> +

+ + +
+
+ + Display E-mail?
+
+
+ +
+ + +

+ +Back to admin panel?

"; + break; + case "edit_process": + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + if (!isset($favefield) || $favefield == "no") { + $clean['fave'] = ""; + } + if (empty($clean['dispemail'])) { + $clean['dispemail'] = "no"; + } + + $editedMember = $clean['name'] . "," . breakEmail($clean['email']) . "," . $clean['dispemail'] . "," . $clean['url'] . "," . $clean['country'] . "," . $clean['fave'] . "\n"; + + $mem = $clean['member']; + $file = $clean['file']; + + $fh = fopen($file, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + $content[$mem] = $editedMember; + $data = implode($content); + $data = trim($data); + + $fp = fopen($file, "w") or die ("Couldn't open {$file}."); + fwrite($fp, $data); + fclose($fp); + + if ($file == "newbies.txt") { + echo "

Member edited. Edit more pending members?

"; + } else { + echo "

Member edited. Edit more approved members?

"; + } + + if (isset($updateDate) && $updateDate == "yes") { + if (empty($clean['url']) || $clean['url'] == "http://") { + $updatedMember = $clean['name']; + } else { + $updatedMember = "{$clean['name']}"; + } + $update = "\n" . date($timestamp) . ",Member edited: $updatedMember"; + + $fp = fopen(UPDATES, "w") or die ("

Couldn't open UPDATES - the update could not be stored.

"); + fwrite($fp, $update); + fclose($fp); + } + + echo "

Back to admin panel?

"; + break; + case "add_spamword": + echo "

These words will be blocked - if the script finds them in the join form, membership will be rejected. Add each new word separately: do not use commas to separate spam words.

"; + echo "

\n"; + echo "
\n"; + echo "
\n"; + echo "

\n"; + + echo "

Back to admin panel?

"; + break; + case "add_spamword_process": + if(!ctype_alnum($_POST['spamword'])) { + echo "

That is not a valid spam word: they must only contain numbers and letters. No special characters.

"; + include('footer.php'); + exit; + } + + $_POST['spamword'] = cleanUp(str_replace(',','',$_POST['spamword'])); + + echo "

The following word is now blacklisted:

\n\n

{$_POST['spamword']}

\n\n"; + $newlisting = "\n".$_POST['spamword']; + + $fh = @fopen(SPAMWDS, "a"); + @fwrite($fh, $newlisting); + fclose($fh); + + echo "

Back to admin panel?

"; + break; + case "edit_spamword": + echo "

To remove a spam word, simply delete the contents of the input field.

"; + + if (filesize(SPAMWDS) == 0) { + echo "

No spam words in the list.

"; + } else { + echo "\n

\n"; + $fh = fopen(SPAMWDS, "r") or die ("Couldn't open the spam words file."); + while(!feof($fh)) { + $spamword = fgetcsv($fh, 4096); + + for ($i=0; $i<1; $i++) { + echo "
\n"; + } + } + fclose($fh); + echo "
\n

\n"; + } + + echo "

Back to admin panel?

"; + break; + case "edit_spamword_process": + $wordlist = $_POST['wordlist']; + + echo "

The following words are now blacklisted:

\n\n

"; + foreach ($wordlist as $spamword) { + echo "$spamword
\n"; + } + echo "

"; + + $wordlist = cleanUp(implode(",", $wordlist)); + $wordlist = str_replace(',,',',', $wordlist); + $wordlist = split(',', $wordlist); + $new_wordlist = implode("\n", $wordlist); + + $fh = fopen(SPAMWDS, "w"); + fwrite($fh, $new_wordlist); + fclose($fh); + + echo "

Back to admin panel?

"; + break; + case "block_ip": + echo "

Please note: blocking an IP will stop a user from joining your fanlisting, but not from viewing it.

"; + echo "

\n"; + echo "
\n"; + echo "
\n"; + echo "

\n"; + + echo "

Back to admin panel?

"; + break; + case "block_ip_process": + if (preg_match("^((\d|[1-9]\d|2[0-4]\d|25[0-5]|1\d\d)(?:\.(\d|[1-9]\d|2[0-4]\d|25[0-5]|1\d\d)){3})$^", cleanUp(str_replace(',','',$_POST['newip'])))) { + echo "

The following IP has now been blocked:

\n\n

{$_POST['newip']}

\n\n"; + $newlisting = "\n".$_POST['newip']; + + $fh = @fopen(IPBLOCKLST, "a"); + fwrite($fh, $newlisting); + fclose($fh); + } else { + echo "

That's not a valid IP address!

"; + } + + echo "

Back to admin panel?

"; + break; + case "edit_blocked_ips": + echo "

To remove an IP, simply delete the content of the input field.

"; + + if (filesize(IPBLOCKLST) == 0) { + echo "

No blocked IPs.

"; + } else { + echo "\n

\n"; + $fh = fopen(IPBLOCKLST, "r") or die ("Couldn't open IP block list."); + while(!feof($fh)) { + $blockedips = @fgetcsv($fh, 4096); + + for ($i=0; $i<1; $i++) { + echo "
\n"; + } + } + fclose($fh); + echo "
\n

\n"; + } + + echo "

Back to admin panel?

"; + break; + case "edit_blocked_ips_process": + echo "

The following IPs are now blocked:

\n\n

"; + foreach ($_POST['iplist'] as $blockedip) { + print "$blockedip
\n"; + } + echo "

"; + + $iplist = cleanUp(implode(",", $_POST['iplist'])); + $iplist = str_replace(',,',',', $iplist); + $iplist = split(',', $iplist); + $new_iplist = implode("\n", $iplist); + + $fh = @fopen(IPBLOCKLST, "w"); + @fwrite($fh, $new_iplist); + fclose($fh); + + echo "

Back to admin panel?

"; + break; + case "add_button": + echo "

Note: On the majority of hosts, the button folders have to have permissions set to 777 for this upload feature to work. This can constitute a security risk. Please be careful when changing the permissions of files and folders.

"; +?> +

+
+
+ Yes + No
+ +
+
+ +

+Back to admin panel?

"; + break; + case "add_button_process": + if (!is_dir("buttons/")) { + echo "

The \"buttons\" directory does not exist and therefore the button could not be uploaded.

"; + include('footer.php'); + exit; + } + if (empty($_FILES['file'])) { + echo "

You did not choose an image to upload.

"; + include('footer.php'); + exit; + } + if (getimagesize($_FILES['file']['tmp_name']) === FALSE) { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + list($width, $height, $type, $attr) = getimagesize($_FILES['file']['tmp_name']); + if ($type == 1 || $type == 2 || $type == 3) { + if (move_uploaded_file($_FILES['file']['tmp_name'], "buttons/{$_FILES['file']['name']}")) { + echo "

The button was successfully uploaded. Add another?

"; + + $string = substr(md5(microtime() * mktime()),0,6); + $ext = substr(strrchr($_FILES['file']['name'], "."), 1); + + // rename the button so that bad characters don't break things. + if (rename("buttons/".$_FILES['file']['name'], "buttons/".$string.".".$ext)) { + $filename = $string.".".$ext; + } else { + // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine + if (strpos($_FILES['file']['name'], ",") === true) { + unlink("buttons/".$_FILES['file']['name']); + echo "

File names must not contain commas.

"; + include('footer.php'); + exit; + } else { + $filename = $_FILES['file']['name']; + } + } + + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + + $button = "\n" . $filename . "," . $width . "," . $height . "," . $clean['donated'] . "," . $clean['donatorname'] . "," . $clean['donatorurl']; + + $fp = fopen(BUTTONS, "a") or die ("Couldn't open BUTTONS - the information about the button could not be stored."); + fwrite($fp, $button); + fclose($fp); + } else { + echo "

The button was not uploaded this time.

"; + include('footer.php'); + exit; + } + } else { + echo "

That file extension not valid.

"; + include('footer.php'); + exit; + } + echo "

Back to admin panel?

"; + break; + case "manage_buttons": + if (isset($_GET['size'])) { + list($MANwidth,$MANheight) = preg_split("/x/",$_GET['size']); +?> +

Manage Buttons: x

+ + + $value) { + if (preg_match("/$MANwidth,$MANheight/i", $value)) { + list($file,$width,$height,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$value); + echo ""; + } + } +?> +
Image Donated? Donator Name Donator URL Admin
\"{$width}x{$height} $donated $donator $donatorUrl edit delete
+Back to admin panel?

"; + include('footer.php'); + exit; + } elseif (isset($_GET['p']) && $_GET['p'] == "del") { + if (!isset($_GET['p'])) { + echo "

You did not select a button to delete.

"; + } else { + $button = $_GET['button']; + + $fh = @fopen(BUTTONS, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + list($file,$width,$height,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$content[$button]); + unlink("buttons/" . $file); + + unset($content[$button]); + $data = implode("", $content); + $data = trim($data); + + $fh = @fopen(BUTTONS, "w"); + @fwrite($fh, $data); + fclose($fh); + + echo "

Button deleted. Manage more buttons?

"; + } + + echo "

Back to admin panel?

"; + include('footer.php'); + exit; + } elseif (isset($_GET['p']) && $_GET['p'] == "edit") { + if (!isset($_GET['button'])) { + echo "

You did not select a button to edit.

"; + } else { + $button = $_GET['button']; + + $fh = fopen(BUTTONS, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + if (empty($content[$button])) { + echo "

That button does not exist.

"; + include('footer.php'); + exit; + } + + $buttonArray = preg_split("/,(?! )/", $content[$button]); + if (isset($buttonArray['5'])) { + $buttonArray['5'] = stripslashes($buttonArray['5']); + $buttonArray['5'] = trim($buttonArray['5'], "\"\x00..\x1F"); + } else { + $buttonArray['4'] = trim($buttonArray['4'], "\"\x00..\x1F"); + $buttonArray['3'] = trim($buttonArray['3'], "\"\x00..\x1F"); + } +?> +

+ + + + + Old Button
+
+ + Donated?
+
+
+ +

+Back to admin panel?

"; + include('footer.php'); + exit; + } + $array = file(BUTTONS); + $buttons_found = array(); + echo "
    "; + foreach ($array as $value) { + list($file,$width,$height,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$value); + if (!in_array($width . "x" . $height, $buttons_found)) { + $buttons_found[] = $width . "x" . $height; + echo "
  • {$width}x{$height}
    • "; + } + } + echo "
"; + echo "

Back to admin panel?

"; + break; + case "edit_button": + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + if ($_FILES['newbutton']['size'] > 0) { + if (getimagesize($_FILES['newbutton']['tmp_name']) === FALSE) { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + list($width, $height, $type, $attr) = getimagesize($_FILES['newbutton']['tmp_name']); + if ($type == 1 || $type == 2 || $type == 3) { + if (move_uploaded_file($_FILES['newbutton']['tmp_name'], "buttons/{$_FILES['newbutton']['name']}")) { + $string = substr(md5(microtime() * mktime()),0,6); + $ext = substr(strrchr($_FILES['newbutton']['name'], "."), 1); + + // rename the button so that bad characters don't break things. + if (rename("buttons/".$_FILES['newbutton']['name'], "buttons/".$string.".".$ext)) { + $filename = $string.".".$ext; + } else { + // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine + if (strpos($_FILES['newbutton']['name'], ",") === true) { + unlink("buttons/".$_FILES['newbutton']['name']); + echo "

File names must not contain commas.

"; + include('footer.php'); + exit; + } else { + $filename = $_FILES['newbutton']['name']; + } + } + unlink("buttons/".$clean['filename']); + } + } else { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + } else { + $filename = $clean['filename']; + } + + $editedButton = $filename . "," . $clean['width'] . "," . $clean['height'] . "," . $clean['donated'] . "," . $clean['donatorname'] . "," . $clean['donatorurl'] . "\n"; + + $button = $clean['buttonnum']; + + $fh = fopen(BUTTONS, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + $content[$button] = $editedButton; + $data = implode($content); + $data = trim($data); + + $fp = fopen(BUTTONS, "w") or die ("Couldn't open BUTTONS."); + fwrite($fp, $data); + fclose($fp); + + echo "

Button edited.

"; + + echo "

Back to admin panel?

"; + break; + case "add_update": +?> +

Add New Update

+

If updates details is left blank, only a date will be shown.

+ +

+
+
+ +

+Back to admin panel?

"; + break; + case "update_process": + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + $update = "\n" . $clean['date'] . "," . $clean['updatedetails']; + + $fp = fopen(UPDATES, "w") or die ("Couldn't open UPDATES - the update could not be stored."); + fwrite($fp, $update); + fclose($fp); + + echo "

Update added.

"; + echo "

Back to admin panel?

"; + break; + case "add_affiliate": + echo "

Note: On the majority of hosts, the button folders have to have permissions set to 777 for the upload feature to work. This can constitute a security risk. Please be careful when changing the permissions of files and folders.

"; +?> +

+
+
+
+
+
+ +

+Back to admin panel?

"; + break; + case "add_affiliate_process": + if (getimagesize($_FILES['affButton']['tmp_name']) === FALSE) { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + list($width, $height, $type, $attr) = getimagesize($_FILES['affButton']['tmp_name']); + if ($type == 1 || $type == 2 || $type == 3) { + if (move_uploaded_file($_FILES['affButton']['tmp_name'], "buttons/{$_FILES['affButton']['name']}")) { + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + } + + $string = substr(md5(microtime() * mktime()),0,6); + $ext = substr(strrchr($_FILES['affButton']['name'], "."), 1); + + // rename the button so that bad characters don't break things. + if (rename("buttons/".$_FILES['affButton']['name'], "buttons/aff_".$string.".".$ext)) { + $filename = "aff_".$string.".".$ext; + } else { + // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine + if (strpos($_FILES['affButton']['name'], ",") === true) { + unlink("buttons/".$_FILES['affButton']['name']); + echo "

File names must not contain commas.

"; + include('footer.php'); + exit; + } else { + $filename = $_FILES['affButton']['name']; + } + } + + $aff = "\n" . $filename . "," . $clean['affName'] . "," . breakEmail($clean['affEmail']) . "," . $clean['affURL'] . "," . $clean['affSitename']; + + $fp = fopen(AFFILIATES, "a") or die ("Couldn't open AFFILIATES - the affiliate details were not uploaded this time."); + fwrite($fp, $aff); + fclose($fp); + + echo "

The affiliate details were uploaded successfully. Add another?

"; + } else { + echo "

The affiliate details were not uploaded this time.

"; + include('footer.php'); + exit; + } + } else { + echo "

That file extension not valid.

"; + include('footer.php'); + exit; + } + echo "

Back to admin panel?

"; + break; + case "manage_affiliates": + if (isset($_GET['p']) && $_GET['p'] == "del") { + if (!isset($_GET['p'])) { + echo "

You did not select an affiliate to delete.

"; + } else { + $aff = $_GET['aff']; + + $fh = @fopen(AFFILIATES, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + list($affButton,$affName,$affEmail,$affURL,$affSitename) = preg_split("/,(?! )/",$content[$aff]); + unlink("buttons/" . $affButton); + + unset($content[$aff]); + $data = implode("", $content); + $data = trim($data); + + $fh = @fopen(AFFILIATES, "w"); + @fwrite($fh, $data); + fclose($fh); + + echo "

Affiliate deleted. Manage more affiliates?

"; + } + + echo "

Back to admin panel?

"; + include('footer.php'); + exit; + } elseif (isset($_GET['p']) && $_GET['p'] == "edit") { + if (!isset($_GET['aff'])) { + echo "

You did not select an affiliate to edit.

"; + } else { + $aff = $_GET['aff']; + + $fh = fopen(AFFILIATES, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + if (empty($content[$aff])) { + echo "

That affiliate does not exist.

"; + include('footer.php'); + exit; + } + + $affArray = preg_split("/,(?! )/", $content[$aff]); + $affArray['4'] = trim($affArray['4'], "\"\x00..\x1F"); +?> +

+ + + Old Affiliate Button
+
+
+
+
+
+ +

+Back to admin panel?

"; + include('footer.php'); + exit; + } + +?> + + + $value) { + list($affButton,$affName,$affEmail,$affURL,$affSitename) = preg_split("/,(?! )/",$value); + echo ""; + } +?> +
Button Name Email URL Site Name Admin
$affName email www $affSitename edit delete
+ $val) { + $clean[$key] = cleanUp($val); + } + if ($_FILES['newbutton']['size'] > 0) { + if (getimagesize($_FILES['newbutton']['tmp_name']) === FALSE) { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + list($width, $height, $type, $attr) = getimagesize($_FILES['newbutton']['tmp_name']); + if ($type == 1 || $type == 2 || $type == 3) { + if (move_uploaded_file($_FILES['newbutton']['tmp_name'], "buttons/{$_FILES['newbutton']['name']}")) { + $string = substr(md5(microtime() * mktime()),0,6); + $ext = substr(strrchr($_FILES['newbutton']['name'], "."), 1); + + // rename the button so that bad characters don't break things. + if (rename("buttons/".$_FILES['newbutton']['name'], "buttons/".$string.".".$ext)) { + $filename = $string.".".$ext; + } else { + // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine + if (strpos($_FILES['newbutton']['name'], ",") === true) { + unlink("buttons/".$_FILES['newbutton']['name']); + echo "

File names must not contain commas.

"; + include('footer.php'); + exit; + } else { + $filename = $_FILES['newbutton']['name']; + } + } + unlink("buttons/".$clean['filename']); + } + } else { + echo "

That is not a valid image file.

"; + include('footer.php'); + exit; + } + } else { + $filename = $clean['filename']; + } + $editedAff = $filename . "," . $clean['affName'] . "," . breakEmail($clean['affEmail']) . "," . $clean['affURL'] . "," . $clean['affSitename'] . "\n"; + $aff = $clean['affnum']; + + $fh = fopen(AFFILIATES, "r"); + while(!feof($fh)) { + $content[] = fgets($fh, 4096); + } + fclose($fh); + + $content[$aff] = $editedAff; + $data = implode($content); + $data = trim($data); + + $fp = fopen(AFFILIATES, "w") or die ("Couldn't open AFFILIATES."); + fwrite($fp, $data); + fclose($fp); + + echo "

Affiliate edited.

"; + + echo "

Back to admin panel?

"; + break; + case "email_affiliates": + if (isset($_GET['p']) && $_GET['p'] == "process") { + foreach ($_POST as $key => $val) { + $clean[$key] = stripslashes(trim($val)); + } + + $subject = "E-mail from the $FLsubject fanlisting"; + + if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $clean['to'] = str_replace('>', '', $clean['to']); + $clean['to'] = str_replace('<', '', $clean['to']); + + $headers = "From: $admin_email \n"; + $headers .= "Reply-To: $admin_email"; + } else { + $headers = "From: $title <$admin_email> \n"; + $headers .= "Reply-To: <$admin_email>"; + } + + if (mail($clean['to'],$subject,$clean['message'],$headers)) { + echo "

E-mail sent!

"; + echo "

Back to admin panel?

"; + } else { + echo "

The e-mail could not be sent at this time.

"; + echo "

Back to admin panel?

"; + } + exit; + } + + $array = file(AFFILIATES); +?> +

+
+
+ +

+Back to admin panel?

"; + break; + case "search": + if (isset($_GET['p']) && $_GET['p'] == "process") { + if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($_POST['email']))) { + echo "

That is not a valid e-mail address.

"; + echo "

Back to admin panel?

"; + include('footer.php'); + exit; + } + if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($_POST['email']), "email") === true) { + $file = MEMBERS; + } elseif (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($_POST['email']), "email") === true) { + $file = NEWBIES; + } + if (!isset($file)) { + echo "

Something went horribly, drastically wrong! Run for your life!

"; + echo "

...

"; + echo "

Just kidding — that member does not exist.

"; + echo "

Back to admin panel?

"; + include('footer.php'); + exit; + } + + $members = file($file); + foreach ($members as $key => $value) { + if (preg_match("/(".breakEmail($_POST['email']).")/i", $value)) { + list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$value); + if (empty($url) || $url == "http://" || $url == "") { + $url = "(none)"; + } else { + $url = "website"; + } +?> +

Search results:

+ + +Fave"; } ?> + + + + + + + + +
Name E-mail Website Country Admin
email"; ?>edit delete +
+ +Back to admin panel?

"; + } + } + include('footer.php'); + exit; + } +?> +

Search for member by e-mail address:

+

+
+ +

+BellaBuffs Admin Panel"; +?> + + + + + + +Bad cookie. Clear 'em out and start again.

"; + include('footer.php'); + exit; + } +} +if (isset($_GET['p']) && $_GET['p'] == "login") { + if ($_POST['name'] != $admin_name || $_POST['pass'] != $admin_pass) { + include('header.php'); + echo "

Sorry, that username and password combination does not match. Please try again.

"; +?> +
+
+
+ +
+Sorry, you could not be logged in at this time. Please try again.

"; +?> +
+
+
+ +
+ + +

+
+
+ +

+ + \ No newline at end of file diff --git a/affiliates.php b/affiliates.php new file mode 100644 index 0000000..0aac4a4 --- /dev/null +++ b/affiliates.php @@ -0,0 +1,19 @@ + +

Affiliates

+

+ 0) { + $array = file(AFFILIATES); + foreach ($array as $value) { + list($affButton,$affName,$affEmail,$affURL,$affSitename) = preg_split("/,(?! )/",$value); + echo "\"$affSitename"; + } +} else { + echo "There are no affiliates."; +} ?> +

+ + \ No newline at end of file diff --git a/affiliates.txt b/affiliates.txt new file mode 100644 index 0000000..e69de29 diff --git a/buttons.php b/buttons.php new file mode 100644 index 0000000..d73ffba --- /dev/null +++ b/buttons.php @@ -0,0 +1,26 @@ + +

Buttons (Codes)

+ + 0) { + if (isset($_GET['p'])) { + if ($_GET['p'] != "[0-9]x[0-9]" && !ctype_alnum($_GET['p'])) { + echo "

That is not a valid button size. See all sizes?

"; + include('footer.php'); + exit; + } + + getButtonSizes(); + list($width,$height) = preg_split("/x/",$_GET['p']); + getButtons($width, $height); + } else { + getButtonSizes(); + } +} else { + echo "

There are no buttons.

"; +} + +include('footer.php'); ?> \ No newline at end of file diff --git a/buttons.txt b/buttons.txt new file mode 100644 index 0000000..e69de29 diff --git a/captcha.jpg b/captcha.jpg new file mode 100644 index 0000000000000000000000000000000000000000..382e0e44546e6379832e8a00291cf0ff15323e18 GIT binary patch literal 6056 zcmaiYYgkj))@~4i3Jp;Zs34?@N^ON~D=}M)iHd+oDJm5N3aR=jH!<5nN`yu7$t~RT zSw7(i8zRb8E~!F5ASRLv*{#QhYobsHYo(Q218Y^0C9H&#{hV{2^Ye^3f6V#J@yy#8 z<9+9t8?QEIa9hs=1_$CSEG%%R%>}nHiSz$=@Bb^CHd$DhtHq}OEB~*xY2!K0?jxKh z?uLcMHr$2+N5tVQtp4|mxc?&-n=Ch5S=)TH#n#TOAli!CWMOH!X|tu3)#lA+?JV;+ zZu2%Phg}CxSUaA(WV8F`_AhVWsr$(D6{^RPk_=Loy)HK!)>Fiq>Ik|cHyn@1_AItyy zZbjw)xL5VyVSPhmQ*+CsC!JlQ?w+T;eKNU1IjH*A&%ca}j*V-yuU=1pkpA~S-ptO; zFCc%teYf&{75%WbF@gKYd}}y5&Xj9%2mVp6@}R+toOr~8-vq=DOFZVPN~S$YkQ*VN z?&!NkdHp_A!YQOTETU;%$aLqNKu4RTzF23FJNco_54o zcR+j)+Q5}m4VE?}N0+MdR=6%P*l{%A78F8v2K>h)pU!)@qsb}o&(v*?ULuzlWjY(| zSUdK&5nsdiS~(@Sq4YQqI}8MM^yISc0io8dZ#Qtc8@L2DFS6DiR^CDI>H?F~Z>V&} z$d{{K=NJw^WMf={#LYD*Ur2LRBQB7xNV2Dfq5nqWiMD_*+z%NJpP&AXE#mB-_aJJ0 zk6rn?QsFoKaLoeZ@^x?_n?$QvWg9<=T(qcItv!I|Jp%lPx|p~`0Um^{A3tKRh)Hm!yh#}K|AwjZFI0Vce7AlEbCtud1 z9(XrUxq*`z!y)?M2F?MvD%Q{wi0B#4=W}Z}YO6|fwLKmOi=m~$`^i<#y^TLZjBQDb z!%{=?r3O?uAh8}_$vQl0wqHKBrS7+B_CJH6DLR<0I7SRdc-caep9*B$cBVW0(chzO zPusxR&z()I(mY+0p?f7hiHVn5(Xyku?Q>Q95pJi>5O9UOsv^3elpqcHU)T{AbVskw zHb9?IqmV-}=-mf%5|>W&N<6$CtK}T<$~EEV{M2#=Ue$U6EPj>N%sRp$CDiWIbcl&9 zJ%!~lf4Old37}84%Wd&ddSM3;30FrW%z=Jp9*qVsE4e#gG3GrSe}Z}0EPg(P?m+WJ zDmY&UTt-E2eH6eL zrn%3huhP7ts9}xR0krzTx2W#<9nO#d&gZDRbuNta-I_mB#ANVazEi1jt|M$G2{~c- zRdSqH$Og`7uBt**E_k-v;mwb-f zT)Jd;KSGoVwz5aT&`OzfC(4DI%F=3rPQbsG*RdndqlsP$b&13aEm>2mZegKFvit|v zsNSxpeS*PrK-4fs7S6f8ucj2TUWQLf$QZYGm>LfA<&xc+u6{=GM7+E@^Mjc231VFi zS3;b7lv0kHYTZ9zM)2D7Lcdqja<$`CG@35InYgAc2z=~vTMGV=@Hnw=xu{}QIpMvU z3JX+y++vp08RZ=xcYYC;qcl;5B>UNx3eK)RL|vT5EQk&j$lJdF-#o0-B@(xjk9p0^ z<_JyO=3TjkyxfPw?LzWJ8Yw~ICGCda^xlNrQZoM#-mVIh;YsJ<5U%WaCt!it@Ms_F zFh8`R3A>0`wTn$(K1Mq7uEL|I5u3qQVOdZV`gj9pXLk-^%3mC_mEjMYUMQ{{*S^y^ zB}Y%NRcD5MKy)7D6OyJ6qvZ|B6BUIIfa_(W5WYuNJav-k5QS2d603U>m!!VPvhtY< z96lgM3^pjzoAz|@9VtzFoF1q zch?54$aw>2D`Zs*b`Z9(D`n+V?4a<+$Ph{a)n$Rps%Wo#CJ+R#$|wFX8r8g&Bdlci zb6t1gU-?k0wboOYJ#H0=-nBL@jeHi%pvhqaWwR5=D)GUj2i|Y zz;^l4`pF=WpFJ_l^DSk9@g<`5WA>}DqoQLjXS5_L<^G~+7a}U_Pyg^5(%G2)=Nh*J zqd0Z6rnF$TTBQ?nfi>^#XJZe+V8QQl9#qmJ*a3%3$bL=eitkT>y_K&R}8;gKlb?AgSHXxk?CEupV zhk5~CKQ(5cMtPNpH|v~DZb_z3MToGJYLyD{^F8dJh~c~eM#+zCCMXfr&3o*I83m$( zwEp&_U)DoLS7J)-LNsK)!>fh2nO+02bTF;~WLj}$=Q=iU*8zgY%oSB!p3c!=@=ESL zM=3eL*^^KeDK~g2xI5hRmlx?y@rY4fNOO;#i}=TUx@KaLeI@P*64={DDeh|bSZ+rD ztlcr*POh<3_WgPnG#h;)t4X;|%3ZAzV0*f!?GR=*NhHXtTB_DRHQBM_^>>xCd|#nm z9GeeH^I22j-w5OrU47G)?I8~az);IU=S}N((EUvSVaxz{LP9HcX81FNrBV=1uz}zY_4k{&De<2Ppr!hqrdus1K_@CCGnxr4Tq;w^(J~ z)w`((ZVI}5AK07XIg=dCuGK2&ofXe!7`z^atz_S8;5@Py6eHfk5{btIdkYYNybVW} zX+ormUf`*uP4DN+9oP>+RW6I+u-L~DJc>f|@t5^M zqtv6I)HNz*VFO17e12Rb6daD*JL(u&t>~+ioBiAl@tVO8c7jtO5aafBj0qV-LgBDd zmYWkg2YAjH9sP?KWi|?JbU=rYtN#r9xZ6b3h+4$E8WZ}20(4a#w{`p)`Xadn`zn~T zW#I{ysHFxVyf8HHR^mg_S5^uUc^ zTfFjqVJ9&^o+nO>w{PI$QzGRf?2sTNT^V{*W}@;SdR`jcb}_mmf7%(Y95f_I#&#7VT2rit#44tzj-hsCc=4gdGwH>lB;EC5KP6U^}XarE9`M4kyXTz6Ay3|&$FnZsRPmH`L!?}XR9Dbq0 zEou*9)FCVdu{jM#D%#zk_}q6SJ9hE;Cjyzo#(1CVp9nw0B9X5EG8zdACw9mBUmWp~ zc&L#F_%BW%S4}Oc;Ik{>?~*SC{>VN7nBsYHoEC%LUjIBquP*EnI31v-w$0NhT5Jm( zy$(_S98PUQ4>8aNSbYZh^%)@t+Y2pkZRj!Vqk4l=Zm0d?2XC>~UwXJlaGgl<#cDb} zY5LQrutdG*iZKBTv$EenJJ1C-8Ta`+zfiXu-AYUh0epee7X& zg|el!wfh#v4rd&Hlf79HOV~}gS%HQbywY7!3NIVrm*83n_R5h(IkJ<15b-O!azLb)Honi z2|7u+CQtMW$ho`?yVW^Lvw6;;u`3mfo$ci2N!bR@rcJy9a(B={J=v07z*kyn0@yZZ z+BYisG#a>4G4eKmcX|lJ*Q54&IVA+F=HnBIlVV*y_mVNl41lE)VuHsWbheSr9hA7C z{Cbot%b1qVJQW`T1$@_k>TEm2iHI$o$HBqNhP}s(##YpJ6&e@iS3+*Z{p~K_py{bl zZLaX7~5JX*S_!G0# zyE9HcLD%UyRL9172O@tPyZYRaL6oU>y-TUuGIlj}tC0Lyg_(R@qA*kT$OgrU5Pk+C7)XYnKv6o9h z*B*44luz3-XI`RCQXTQQXB68Te^t2fc;P1db8hj(@ouSh*BIdcAgMy)n?!eP6LXPC zg=FjKN>orj*?8q^L@JvUIHE3t9!I(EbJLFKmE@VvsE2OR2i=}of)V@19 z>>8Q)i%=X*DInLwgRM7(0nNZ&SPBi+U7DG)C2Yk`h_$923#Pp&B@vz-oFJ8q{1QtE z$X16)VEk+;Z9fA$Wg16&hy|Qo^RCvFZ(`KV-?E#r)1zszF~Q?qlQo&)ea0YEs^@Mc z4R{|tDM3;i1SCuAI_PBbj^KxvDocHzD`bb072ykNv1J5eboV@LDmW@fGmR2w+vOlhk|u z^b^X}8=OI^CkB4emYsdJCV@^zZ}arF6Bd}Vkjlq zv@I)QQDOH8`vBJIjT<;T>z?>B5Da@N;`X5a@$d^M@D36m@RR2$u0495l=~KyL+_s< zSt4P{ONd`IaqV`!lKku?W;#T7OnYV*Il_A8w;D6HY;1ZzT(190@&#%KMvT9kGku=O zz>A*6oJGi8Rr~T_9dx07`g1fY9;p*M!6#?+vD3mtZiA#4tg~-wQ$0EX?m=HZh`E?- z+MTI$NbDhoanya0#iBXUy3y@?{#2UU1zkRY_RhqnD%R4=fXF)R)DzzG!y7n)Pg-jY z5z;i(W3F)f^1!;cr$P!Bs_J867rHlaF22m|j2M&~-LJi`y~TK)GvMdj;}@1wyQ-9* zhQ~}+Pe(gOAshZ~BtTKS>6Yjvp0$D782|-nu*l7;eO5)u=aQ=Oe&_7ztX=&YaY(A- zG&E1f2CsjUP!Y~vRB}8MMOVktp6!zdc4xb1#`X;T(W&MACzIJY29T^D^j#CS22psv zD^H~TUA60>`H)HX^;1#Kg)vBswZqo;QsU_aH=y#f6|t#jJI9tIRwKq)ZV4TiMhsp5 z!4K|~KC5uI3|rrKC&7^TU4=%-@_zYNrq%XTI+_~HR?9C>UU%l(2C$&`5$p)@KcUg3 z4j@H;ROj#;DaW)Qy|EhXw_37H{y^q$|JipU;K2gFMK?|B-QE+iHk!0GZd!HoEm79) zF_P%bnytPNV<4RwPfJc_v!-t7PW?CnZDMkkF{0>=6pMLU{=#0Q1*>1uC-+d3#kDeuO=DMbJGs6_$-_Gm1ZTR zm}#BR6berZ4piOX&-4Sh!DZQSQ;ZvA$KPq~_{QVTo{yv82$Ovj)2w#v8MC0M7wXCO0RIi2(K?~#J zZ%KY%xkTUXxXX%9X;0p&14Qi!@2lb!>g{opp^t(o1*{PF%SJLjHF~_=duaxa z^Z#j_wdFoMSaCh==zb4XXxYdwA+MLo`@JX6jggi*vVy?X?5;~Q-gdH+Z{M%64 z+Rd;rPsz&#!uPC=EM(A%_4rLA69fmeOe-(Hh?XldXb+p!k5Jm=g;38}&BLc~V?`gQ aA@j=3=J~U+NfCXq<2Bu#ZT?vsum2Z^|IVub literal 0 HcmV?d00001 diff --git a/captcha.php b/captcha.php new file mode 100644 index 0000000..df4d3d0 --- /dev/null +++ b/captcha.php @@ -0,0 +1,17 @@ + \ No newline at end of file diff --git a/contact.php b/contact.php new file mode 100644 index 0000000..f1dea20 --- /dev/null +++ b/contact.php @@ -0,0 +1,115 @@ +)/i", $_POST['comments'])) + $points += 2; + if (strlen($_POST['name']) < 3) + $points += 1; + if (strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500)) + $points += 2; + // end score assignments + + foreach($requiredFields as $field) { + trim($_POST[$field]); + + if (!isset($_POST[$field]) || empty($_POST[$field])) + $error_msg .= "Please fill in all the required fields and submit again.\r\n"; + } + + if (!preg_match("/^[a-zA-Z-'\s]*$/", stripslashes($_POST['name']))) + $error_msg .= "The name field is required, and must not contain special characters.\r\n"; + if (!preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' . '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower($_POST['email']))) + $error_msg .= "The e-mail field is required, and must be a valid e-mail address.\r\n"; + if (!empty($_POST['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $_POST['url'])) + $error_msg .= "Invalid website url.\r\n"; + + if ($error_msg == NULL && $points <= $maxPoints) { + $subject = "Contact form submission from ". $title; + + $message = "You received this e-mail message through your fanlisting: \n\n"; + foreach ($_POST as $key => $val) { + $message .= ucwords($key) . ": " . clean($val) . "\r\n"; + } + $message .= "\r\n"; + $message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n"; + $message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n"; + $message .= 'Points: '.$points; + + if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $headers = "From: {$admin_email}\n"; + $headers .= "Reply-To: {$_POST['email']}"; + } else { + $headers = "From: {$title} <{$admin_email}>\n"; + $headers .= "Reply-To: {$_POST['email']}"; + } + + if (mail($admin_email,$subject,$message,$headers)) { + $result = 'Your mail was successfully sent.'; + $disable = true; + } else { + $error_msg = 'Your mail could not be sent this time. ['.$points.']'; + } + } else { + if (empty($error_msg)) + $error_msg = 'Your mail looks too much like spam, and could not be sent this time. ['.$points.']'; + } +} +include_once('header.php'); +?> +

Contact Admin

+

This form is for contacting the fanlisting owner only -- it is not to be used to join the fanlisting unless you have been directed to do so. (Name, e-mail and comments are required fields.)

+ +ERROR: '. nl2br($error_msg) . "

"; + +if ($result != NULL) + echo '

'. $result . "

"; +?> + +
+ +

+
" />
+
" />
+

+

+

+

+

+ /> +

+
+ + \ No newline at end of file diff --git a/countries.txt b/countries.txt new file mode 100644 index 0000000..8bb094d --- /dev/null +++ b/countries.txt @@ -0,0 +1,197 @@ +Afghanistan +Albania +Algeria +Andorra +Angola +Antigua and Barbuda +Argentina +Armenia +Australia +Austria +Azerbaijan +Bahamas +Bahrain +Bangladesh +Barbados +Belarus +Belgium +Belize +Benin +Bhutan +Bolivia +Bosnia and Herzegovina +Botswana +Brazil +Brunei +Bulgaria +Burkina Faso +Burundi +Cambodia +Cameroon +Canada +Cape Verde +Central African Republic +Chad +Chile +China +Colombia +Comoros +Costa Rica +Cote D'Ivoire +Croatia +Cuba +Cyprus +Czech Republic +Democratic Republic of the Congo +Denmark +Djibouti +Dominica +Dominican Republic +East Timor +Ecuador +Egypt +El Salvador +England +Equatorial Guinea +Eritrea +Estonia +Ethiopia +Fiji +Finland +France +Gabon +Gambia +Georgia +Germany +Ghana +Greece +Grenada +Guatemala +Guinea +Guinea-Bissau +Guyana +Haiti +Honduras +Hungary +Iceland +India +Indonesia +Iran +Iraq +Ireland +Israel +Italy +Jamaica +Japan +Jordan +Kazakhstan +Kenya +Kiribati +Kuwait +Kyrgyzstan +Laos +Latvia +Lebanon +Lesotho +Liberia +Libya +Liechtenstein +Lithuania +Luxembourg +Macedonia +Madagascar +Malawi +Malaysia +Maldives +Mali +Malta +Marshall Islands +Mauritania +Mauritius +Mexico +Micronesia +Moldova +Monaco +Mongolia +Montenegro +Morocco +Mozambique +Myanmar +Namibia +Nauru +Nepal +Netherlands +New Zealand +Nicaragua +Niger +Nigeria +North Korea +Northern Ireland +Norway +Oman +Pakistan +Palau +Panama +Papua New Guinea +Paraguay +Peru +Philippines +Poland +Portugal +Qatar +Republic of the Congo +Romania +Russia +Rwanda +Saint Kitts and Nevis +Saint Lucia +Saint Vincent and the Grenadines +Samoa +San Marino +Sao Tome and Principe +Saudi Arabia +Scotland +Senegal +Serbia +Seychelles +Sierra Leone +Singapore +Slovakia +Slovenia +Solomon Islands +Somalia +South Africa +South Korea +Spain +Sri Lanka +Sudan +Suriname +Swaziland +Sweden +Switzerland +Syria +Tajikistan +Tanzania +Thailand +Togo +Tonga +Trinidad and Tobago +Tunisia +Turkey +Turkmenistan +Tuvalu +Uganda +Ukraine +United Arab Emirates +United Kingdom +United States +Uruguay +Uzbekistan +Vanuatu +Vatican +Venezuela +Vietnam +Wales +Yemen +Zambia +Zimbabwe \ No newline at end of file diff --git a/footer.php b/footer.php new file mode 100644 index 0000000..5d55ebc --- /dev/null +++ b/footer.php @@ -0,0 +1,5 @@ + +

Powered by BellaBuffs

+ + + \ No newline at end of file diff --git a/functions.php b/functions.php new file mode 100644 index 0000000..6f0813b --- /dev/null +++ b/functions.php @@ -0,0 +1,210 @@ +$country[0]"; + } + } + fclose($fh); +} + +function lastupdate($showdetails = 'yes') { + $updatesArray = file(UPDATES); + foreach($updatesArray as $updateValue) { + list($date,$update) = preg_split("/,(?! )/",$updateValue); + echo str_replace('|', ',', $date); + if ($showdetails == "yes" && (!empty($update) || $update != "")) { + echo "
Update Details: " . stripslashes(str_replace('|', ',', $update)); + } + } +} + +function blanklinefix($inputfile) { + ignore_user_abort(true); + $content = file($inputfile); + + if (count($content) > 0) { + $content = array_diff(array_diff($content, array("")), array("\n")); + + $newContent = array(); + foreach ($content as $line) { + $newContent[] = trim($line); + } + $newContent = implode("\n", $newContent); + + $fl = fopen($inputfile, "w+"); + if (flock($fl, LOCK_EX)) { + fwrite($fl, $newContent); + flock($fl, LOCK_UN); + } else { + echo 'The file: '.$inputfile.' could not be locked for writing; the blanklinefix function could not be applied at this time.'; + } + fclose($fl); + } + ignore_user_abort(false); +} + + +function countfile($fileloc) { + $file = file($fileloc); + $count = count($file); + echo $count; +} + +function checkTXTfile($file, $input, $inputtype) { + $Array = array(); + $fh = @fopen($file, "r") or die ("Couldn't open $file."); + while(!feof($fh)) { + $item = fgetcsv($fh, 4096); + + if ($inputtype == "country" || $inputtype == "ip") { + for ($i=0; $i<1; $i++) { + $Array[] = $item[0]; + } + } elseif ($inputtype == "email") { + for ($i=0; $i<1; $i++) { + $Array[] = $item[1]; + } + } + } + fclose($fh); + + if (in_array($input, $Array)) { + return true; + } else { + return false; + } +} + +function addmember($member) { + $data = file_get_contents(NEWBIES); + + $fp = fopen(NEWBIES, "w") or die ("Couldn't open NEWBIES - you weren't added to the fanlisting."); + if (flock($fp, LOCK_EX)) { + fwrite($fp, $member); + flock($fp, LOCK_UN); + } else { + echo 'The file: newbies.txt could not be locked for writing; you could not be added at this time.'; + } + fclose($fp); + + $fp2 = fopen(NEWBIES, "a") or die ("Couldn't open NEWBIES."); + if (flock($fp2, LOCK_EX)) { + fwrite($fp2, $data); + flock($fp2, LOCK_UN); + } else { + echo 'The file: newbies.txt could not be locked for writing; other new members could not be re-added to newbies.txt'; + } + fclose($fp2); + + return true; +} + +function breakEmail($email) { + $email = str_replace('.', 'DOTTY', $email); + $email = str_replace('@', 'ATTIE', $email); + $email = str_replace('-', 'DASHY', $email); + $email = str_replace('_', 'SCORE', $email); + + return $email; +} +function fixEmail($email) { + $email = str_replace('DOTTY', '.', $email); + $email = str_replace('ATTIE', '@', $email); + $email = str_replace('DASHY', '-', $email); + $email = str_replace('SCORE', '_', $email); + + return $email; +} + +function getButtons($width, $height) { + echo "

\n"; + $array = file(BUTTONS); + foreach ($array as $value) { + if (preg_match("/$width,$height/i", $value)) { + list($file,$width2,$height2,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$value); + $donatorUrl = trim($donatorUrl); + if ($donated == "yes") { + if ($donatorUrl != "") { + echo "\"{$width2}x{$height2} \n"; + } else { + echo "\"{$width2}x{$height2} \n"; + } + } else { + echo "\"{$width2}x{$height2} \n"; + } + } + } + echo "

\n"; +} +function getButtonSizes() { + $array = file(BUTTONS); + $buttons_found = array(); + + foreach ($array as $value) { + list($file,$width,$height,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$value); + $buttons_found[] = $width . "x" . $height; + } + $buttons_found = array_unique($buttons_found); + natcasesort($buttons_found); + + echo "
    "; + foreach ($buttons_found as $size) { + echo "
  • {$size}
    • \n"; + } + echo "
  • View All?
    • "; + echo "
"; +} + +function get_data($var) { + if (isset($_POST[$var])) + echo htmlspecialchars($_POST[$var]); +} + +blanklinefix(COUNTRIES); +blanklinefix(IPBLOCKLST); +blanklinefix(MEMBERS); +blanklinefix(NEWBIES); +blanklinefix(SPAMWDS); +blanklinefix(BUTTONS); +blanklinefix(AFFILIATES); +blanklinefix(UPDATES); + +error_reporting(E_ALL); +?> \ No newline at end of file diff --git a/header.php b/header.php new file mode 100644 index 0000000..aa54031 --- /dev/null +++ b/header.php @@ -0,0 +1,29 @@ +This script cannot run unless the .txt files have been uploaded and have write permissions. Please ensure they are CHMODed/have permissions set to 666.

"; + exit; +} ?> + + + + + + + +<?php echo $title; ?> - Powered by BellaBuffs + + + + + + + + + + diff --git a/index.php b/index.php new file mode 100644 index 0000000..fe1a04a --- /dev/null +++ b/index.php @@ -0,0 +1,18 @@ + + +

Welcome to

+ + + + + +

+Members:
+Pending:
+Last Update: +

+ + \ No newline at end of file diff --git a/ipblock.txt b/ipblock.txt new file mode 100644 index 0000000..e69de29 diff --git a/join.php b/join.php new file mode 100644 index 0000000..cd558d1 --- /dev/null +++ b/join.php @@ -0,0 +1,206 @@ +The text you entered didn't match the image, please try again.

"; + include('footer.php'); + exit; + } + if (isset($_SESSION['key']) && isset($_COOKIE[session_name()])) { + setcookie(session_name(), '', time()-36000, '/'); + $_SESSION = array(); + session_destroy(); + } + } else { + echo "

The text you entered didn't match the image, please try again.

"; + include('footer.php'); + exit; + } + } + include_once('header.php'); + + if (isBot() !== false) + $error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'] . "\r\n"; + + if (substr_count($_POST['comments'], 'http://') > 1) + $error_msg .= "Too many URLs; we've assumed you're spam and 'lost' your application. Please try again without any extra URLs if you're a geniune person :)\r\n"; + + $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i"; + if (filesize(SPAMWDS) > 0) $spamlist = file(SPAMWDS); + + foreach ($_POST as $key => $val) { + if (isset($spamlist)) { + foreach ($spamlist as $spamword) { + if (preg_match("/(".trim($spamword).")/i", $val)) { + $error_msg .= "Your join application contains words in the spam list, please go back and remove references to obvious 'spam' material.\r\n"; + } + } + } + if (preg_match($exploits, $val)) + $error_msg .= "No meta injection, please.\r\n"; + + if (preg_match("/(<.*>)/i", $val)) + $error_msg .= "No HTML, please.\r\n"; + + $clean[$key] = cleanUp($val); + } + + // set default values for empty/unset fields + if (empty($clean['dispemail'])) + $clean['dispemail'] = "no"; + + if (!isset($favefield) || $favefield == "no" || !isset($clean['fave'])) + $clean['fave'] = NULL; + + // let's do some security and spam checks + if (empty($clean['name']) || empty($clean['email']) || empty($clean['country'])) + $error_msg .= "Name, e-mail and country are required fields. \r\n"; + if (!preg_match("/^[a-zA-Z-'\s]*$/", $clean['name'])) + $error_msg .= "That name is not valid. Your name must contain letters only, and must be less than 15 characters. \r\n"; + if ($clean['dispemail'] != "yes" && $clean['dispemail'] != "no") + $error_msg .= "You didn't choose whether or not you'd like to show your e-mail address on the member list. \r\n"; + if ($clean['fave'] != "" && (!preg_match("/^[a-zA-Z0-9-'\s]*$/", $clean['face']) || strlen($clean['fave']) > 20)) { + $error_msg .= "Your chosen \"favourite\" is not valid. It must contain letters and numbers only, and must be less than 20 characters. \r\n"; + if (!preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' . '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower($clean['email']))) + $error_msg .= "The email address you have used is not valid. \r\n"; + if (!empty($clean['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $clean['url'])) + $error_msg .= "The website url you provided is not valid. Please remove and try again or fix the URL.\r\n"; + if ($clean['country'] == "null" || (filesize(COUNTRIES) > 0 && checkTXTfile(COUNTRIES, $clean['country'], "country") === false)) { + $error_msg .= "Please select a valid country. \r\n"; + + if (filesize(IPBLOCKLST) > 0 && checkTXTfile(IPBLOCKLST, $_SERVER['REMOTE_ADDR'], "ip") === true) { + echo "

Your IP is in the block list, that means you're not allowed to join at this time. \r\n

"; + exit(include('footer.php')); + } + if (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($clean['email']), "email") === true) { + echo "

You're already in the pending queue, you can't join twice!

\n"; + exit(include('footer.php')); + } + if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($clean['email']), "email") === true) { + echo "

You're already a member of the fanlisting, you can't join twice!

\n"; + exit(include('footer.php')); + } + + if ($error_msg == NULL) { + $show_form = false; + + // attempt to break email to piss off spammers :p + $clean['email'] = breakEmail(strtolower($clean['email'])); + + // send off some emails + if ($emailnewbies == "yes") { + $subject = "Thank you for joining $title"; + + $message = $thanksjoinMsg; + $message .= "Name: {$clean['name']} \n"; + $message .= "Email: " . fixEmail($clean['email']) . " \n"; + $message .= "URL: {$clean['url']} \n"; + $message .= "Country: {$clean['country']} \n"; + if (isset($favefield) && $favefield == "yes") { + $message .= "$favetext: {$clean['fave']} \n"; + } + $message .= "Comments: {$clean['comments']} \n\n"; + + if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $headers = "From: $admin_email \n"; + $headers .= "Reply-To: $admin_email"; + } else { + $headers = "From: $title <$admin_email> \n"; + $headers .= "Reply-To: <$admin_email>"; + } + + mail(fixEmail($clean['email']),$subject,$message,$headers); + } + if ($emailadmin == "yes") { + $subject = "New member at $title"; + + $message = "There's a new member at your $FLsubject fanlisting with the following details: \n\n"; + + $message .= "Name: {$clean['name']} \n"; + $message .= "Email: " . fixEmail($clean['email']) . " \n"; + $message .= "URL: {$clean['url']} \n"; + $message .= "Country: {$clean['country']} \n"; + if (isset($favefield) && $favefield == "yes") { + $message .= "$favetext: {$clean['fave']} \n"; + } + $message .= "Comments: {$clean['comments']} \n"; + $message .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n"; + + $message .= "Manage members: {$FLurl}/admin.php?ap=manage_members&s=newbies"; + + if (!strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $headers = "From: $admin_email \n"; + $headers .= "Reply-To: " . fixEmail($clean['email']) . ""; + } else { + $headers = "From: $title <$admin_email> \n"; + $headers .= "Reply-To: <" . fixEmail($clean['email']) . ">"; + } + + mail($admin_email,$subject,$message,$headers); + } + + // add the member to the newbies txt file + if (addmember("$clean[name],$clean[email],$clean[dispemail],$clean[url],$clean[country],$clean[fave]\n")) { + echo "

Thank You

\n

Thank you for joining $title, the fanlisting for $FLsubject!

"; + } else { + echo "

Oh Dear!

\n

Your application could not be added at this time. Please contact the owner of the fanlisting for help.

"; + } + } +} +if (!isset($_POST['submit']) || $show_form == true) { + require_once('prefs.php'); + include_once('header.php'); + +?> +

Join the Fanlisting

+

To join the fanlisting, fill in your details below. Please do not use this form to update; use the update form instead.

+ +

(Name, E-mail and Country are required fields.)

+ +ERROR:
"; + echo nl2br($error_msg) . "

"; + } + if (isset($_POST['country'])) $country = $_POST['country']; else $country = NULL; +?> + +

+
" />
+
" />
+
+ Yes + No
+
" />
+

+ +
" />
+ +
+

+ +

+ +

+ + \ No newline at end of file diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..6798036 --- /dev/null +++ b/logout.php @@ -0,0 +1,13 @@ +You are now logged out.

"; + +include('footer.php'); +?> \ No newline at end of file diff --git a/members.php b/members.php new file mode 100644 index 0000000..1fd4136 --- /dev/null +++ b/members.php @@ -0,0 +1,147 @@ +Could not open members file. Please verify permissions (CHMOD - 666) and actual existence.

"; +} else { + if (filesize(MEMBERS) > 0) { + $members = file(MEMBERS); + $queryURL = ""; + + if (isset($_GET['s']) && $_GET['s'] == "sortName") { + natcasesort($members); + $members = array_values($members); + + $queryURL = "&s=sortName"; + } elseif (isset($_GET['s']) && $_GET['s'] == "sortCountry") { + $countryArray = file(COUNTRIES); + foreach($countryArray as $country) { + $countryArray[] = rtrim($country); + } + if (!isset($_GET['c']) || in_array($_GET['c'], $countryArray) === FALSE) { + // find out who has joined with which country and stick them in an array + foreach ($members as $mem) { + list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$mem); + $newArray[] = $country; + } + // count each time country occurs + $countryCount = array_count_values($newArray); + + // sort the array so that the countries are in alphabetical order + $newArray = array_unique($newArray); + natcasesort($newArray); + + // display the countries + echo "
    "; + foreach ($newArray as $country) { + foreach ($countryCount as $key => $cc) { + if ($key == $country) { + echo "
  • $country ($cc members)
    • "; + } + } + } + echo "
"; + exit(include("footer.php")); + } else { + foreach ($members as $key => $memb) { + list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$memb); + if (preg_match("/($_GET[c])/i", $country)) { + $NEWmembers[] = "$name,$email,$dispemail,$url,$country,$fave"; + } + } + + $members = $NEWmembers; + natcasesort($members); + $members = array_values($members); + unset($NEWmembers); + + $queryURL = "&s=sortCountry&c=".urlencode($country); + } + } + + $count = count($members); + $numpages = ceil($count/$perpage); + + if ($perpage < $count) { + echo "

$count members | "; + + if (isset($_GET['page']) && $_GET['page'] > 1 && $_GET['page'] <= $numpages) { + $prev = $_GET['page'] - 1; + echo "Prev · "; + } else { + echo "Prev · "; + } + for ($x=1; $x<=$numpages; $x++) { + if ((isset($_GET['page']) && $x == $_GET['page']) || (!isset($_GET['page']) && $x == 1)) { + echo "$x "; + } else { + echo "$x "; + } + } + if ((!isset($_GET['page'])) || (isset($_GET['page']) && $_GET['page'] < $numpages)) { + if (!isset($_GET['page'])) { + $_GET['page'] = 1; + } + $next = $_GET['page'] + 1; + echo " · Next"; + } else { + echo " · Next"; + } + echo "

\n\n "; + } else { + echo "

$count members

"; + } + if (isset($_GET['page']) && is_numeric($_GET['page'])) { + $i=$perpage*($_GET['page']-1); + } else { + $i=0; + } + $end = $i + $perpage; + + if ($end > $count) { $end = $count; } + +?> + + {$favetext}"; } ?> + + + + "; + } else { + $email = "e-mail"; + } + if (empty($url) || $url == "http://") $url = "www"; else $url = "www"; + + echo " + + + + "; + if (isset($favefield) && $favefield == "yes") { echo ""; } + echo ""; + + $i++; + } +?> +
Name E-mail Website Country
$name$email$url $country" . str_replace('|', ',', stripslashes($fave)) . "
+ +

Sort by Name · Sort by Country

+No members have joined yet!

"; + } +} +include('footer.php'); ?> \ No newline at end of file diff --git a/members.txt b/members.txt new file mode 100644 index 0000000..e69de29 diff --git a/newbies.txt b/newbies.txt new file mode 100644 index 0000000..e69de29 diff --git a/prefs.php b/prefs.php new file mode 100644 index 0000000..2e8172f --- /dev/null +++ b/prefs.php @@ -0,0 +1,43 @@ + \ No newline at end of file diff --git a/spamwds.txt b/spamwds.txt new file mode 100644 index 0000000..3afc547 --- /dev/null +++ b/spamwds.txt @@ -0,0 +1,279 @@ +asshole +bastard +beastial +bestial +bitch +blowjob +clit +cock +cum +cunilingus +cunillingus +cunnilingus +cunt +dink +dinks +ejaculate +fag +felatio +fellatio +fuck +fuk +fuks +gangbang +gangbanged +gangbangs +goddamn +horniest +horny +hotsex +jism +jiz +kock +kondum +kum +kunilingus +lust +lusting +nigger +niggers +orgasim +orgasims +orgasm +orgasms +phonesex +phuk +phuq +porn +prick +pussies +pussy +shited +shitfull +shiting +shitings +shitted +shitter +shitters +shitting +shittings +slut +sluts +smut +spunk +twat +xxx +abercrombie +acadia +activistmagazine +adipex +advair +advait +adware +aguilera +airline +aktivex +aleuzeneve +allegra +alprazolam +alproot +ambian +ambien +ameriquest +amigo +amoxicillin +antivert +aphthasol +aristocort +asitehost +atarax +ativan +backgammon +baldness +bankrupcy +bentyl +bestmovies +bestop +bingo +biz +blackjack +blogshot +blowjob +bondage +bonsai +buon +buspar +busty +cadillac +carburatore +carisoprodol +cascata +cashette +casino +cavalli +caverta +celexa +chevrolet +chinaartgallery +cialis +cigarette +cipro +ciprofloxacin +claritin +comunalia +comunicazione +consolidation +danazol +dating +debt +deliver +diazepam +diflucan +digoxin +discount +drug +ebony +ecard +ejaculation +emeets +ephedra +evista +exelon +fetish +fisting +flexeril +flomaxonline +forex +formular +fotti +gallup +gambling +gangbang +hairlossmale +handbag +hanghonggongshi +hawaii +hellow +hentai +holdem +homebuymail +hoop +hydrocodone +insurance +investing +jeezy +jennajameson +joesmitt +levaquin +levitra +lipitor +lixium +lotto +lukxi +luminoso +luogo +medication +medicine +meds +medved +meridia +milf +mortage +mortgage +mortgage +nano +nemoforone +network54 +neurontin +nexium +noonhost +nude +online +oscilloscope +pantyhose +paxil +pehntermine +penis +percocet +pharmacy +phendimetrazine +phentermine +phentermnie +phentremine +pill +playboy +poker +pokerstars +pontiac +porn +pregnancy +propecia +prozac +purse +pursefiling +ranitidine +rectal +rental +replica +ringtone +ringtones +ritalin +rolex +roulette +roullette +sesso +sex +shemale +shurl +silagra +skpialml1 +slot +slots +smoking +softcracks +sogonet +soho +solyak1 +soma +soulfeet +spank +spartan +spyware +stalb0 +steroid +striptease +sunglasses +tamiflu +tits +toledo +topfarm +tramadol +tranny +url= +v1tamin +vaccum +valium +valtrex +vassar +verison +vi5ta +viagra +vicodin +vinokurov +virgilio +virtualcar +warez +watches +wboard +wellbutrin +wirless +www12 +wwww +xanax +xenical +xoom +xoomer +xrumer +yahho +zole +zoloft \ No newline at end of file diff --git a/stylesheet.css b/stylesheet.css new file mode 100644 index 0000000..43d9596 --- /dev/null +++ b/stylesheet.css @@ -0,0 +1,35 @@ +body { + font: 11px/15px Verdana, Sans-Serif; +} +img { border: 0; } + +td { padding: 3px; } + +#navigation { + list-style-type: none; + margin: 0; + padding: 0; +} + #navigation li { + display: inline; + padding: 2px 8px; + } + +/* control row colours in admin */ +.literow { background: #fff; } +.darkrow { background: #ddd; } + +/* error/success msg colours on forms */ +p.error, p.success { + font-weight: bold; + padding: 10px; + border: 1px solid; +} +p.error { + background: #ffc0c0; + color: #900; +} +p.success { + background: #b3ff69; + color: #4fa000; +} \ No newline at end of file diff --git a/update.php b/update.php new file mode 100644 index 0000000..e5032bc --- /dev/null +++ b/update.php @@ -0,0 +1,135 @@ +The text you entered didn't match the image, please try again.

"; + include('footer.php'); + exit; + } + if (isset($_SESSION['key']) && isset($_COOKIE[session_name()])) { + setcookie(session_name(), '', time()-36000, '/'); + $_SESSION = array(); + session_destroy(); + } + } else { + echo "

The text you entered didn't match the image, please try again.

"; + include('footer.php'); + exit; + } + } + include_once('header.php'); + + if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") { + echo "

Accessing this page directly is not allowed.

\n\n"; + include('footer.php'); + exit; + } + + $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload)/i"; + foreach ($_POST as $key => $val) { + $clean[$key] = cleanUp($val); + + if (filesize(SPAMWDS) > 0 && (checkTXTfile(SPAMWDS, $val, "spamword") === true)) { + echo "

Your application contains words in the spam list, that means you're not allowed to join at this time. \n

"; + exit(include('footer.php')); + } + if (preg_match($exploits, $val)) { + echo "

No meta injection, please. \n

"; + exit(include('footer.php')); + } + } + if ((filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail(strtolower($clean['email'])), "email") === true) || (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail(strtolower($clean['email'])), "email") === true)) { + if (empty($clean['name']) || empty($clean['email'])) { + echo "

Name and e-mail are required fields. Please go back and try again.\n

"; + exit(include('footer.php')); + } elseif (!ereg("^[A-Za-z' -]",$clean['name']) || strlen($clean['name']) > 15) { + echo "

That name is not valid. Your name must contain letters only, and must be less than 15 characters. Please go back and try again.\n

"; + exit(include('footer.php')); + } elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($clean['email']))) { + echo "

Your old e-mail address is not valid. Please go back and try again.\n

"; + exit(include('footer.php')); + } elseif (!empty($clean['newemail']) && !ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($clean['newemail']))) { + echo "

Your new e-mail address is not valid. Please go back and try again.\n

"; + exit(include('footer.php')); + } + + $subject = "Update member at $title"; + + $message = "A member at your $FLsubject fanlisting wants updating with following details: \n\n"; + + $message .= "Name: {$clean['name']} \n"; + $message .= "Email: ".strtolower($clean['email'])." \n"; + $message .= "New Email: {$clean['newemail']} \n"; + $message .= "New URL: {$clean['newurl']} \n"; + $message .= "Country: {$clean['country']} \n"; + $message .= "Comments: {$clean['comments']} \n"; + $message .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n"; + + $message .= "Manage members: {$FLurl}/admin.php"; + + if (!strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { + $headers = "From: $admin_email \n"; + $headers .= "Reply-To: $clean[email]"; + } else { + $headers = "From: $title <$admin_email> \n"; + $headers .= "Reply-To: <$clean[email]>"; + } + + if (mail($admin_email,$subject,$message,$headers)) { + echo "

Update Sent!

\n

Your updated information has been sent.

"; + } else { + echo "

Oops!

\n

Your updated information could not be sent this time, please contact the fanlisting owner.

"; + } + } else { + echo "

You're not a member! Only current members can update their information.

\n"; + include('footer.php'); + exit; + } + break; + default: + require_once('prefs.php'); + include_once('header.php'); +?> + +

Update Your Details

+

To update your details, fill in your information below. Please do not use this form to join; use the join form instead.

+ +

(Name, Old E-mail and Country are required fields.)

+ +

+

+

+

+
+ Yes + No
+

+

+ +
+

+ +
+
+ +

+ + \ No newline at end of file diff --git a/updates.txt b/updates.txt new file mode 100644 index 0000000..e69de29