No '.$wording.' members at this time.
'; exit(include('footer.php')); } echo ''.$count.' '.$wording.' members | '; $numpages = ceil($count/$perpage); echo "pages: "; for ($x=1; $x<=$numpages; $x++) { echo ''; if (isset($_GET['page']) && $x == $_GET['page']) { echo "$x"; } else { echo "$x"; } echo " "; } echo "
\n\n "; if (isset($_GET['page']) && is_numeric($_GET['page'])) $i = $perpage * ($_GET['page'] - 1); else $i = 0; $end = $i + $perpage; if ($end > $count) $end=$count; ?> "; echo ""; break; case "do_action": if (!isset($_POST['token']) || $_POST['token'] != md5($secret)) exit("Invalid token.
"); if (isset($_POST['appr']) && is_array($_POST['appr'])) { $newbies = file(NEWBIES); $approved = array(); foreach ($_POST['appr'] as $member => $value) { if (is_numeric($member) && array_key_exists($member, $newbies)) { $approved[] = $newbies[$member]; unset($newbies[$member]); } } $newbies = implode("", $newbies); $fh = fopen(NEWBIES, "w"); fwrite($fh, $newbies); fclose($fh); if ($emailapproval == "yes") { $apprAmount = count($approved); $i = 0; while ($i < $apprAmount) { list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$approved[$i]); $subject = "You have been approved at $title"; $message = $approvalMsg; $message .= "Name: {$name} \r\n"; $message .= "Email: " . fixEmail($email) . " \r\n"; $message .= "URL: {$url} \r\n"; $message .= "Country: {$country} \r\n"; if (isset($favefield) && $favefield == "yes") $message .= strip_tags($favetext) . ": {$fave} \r\n"; if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) $headers = "From: $admin_email \n"; else $headers = "From: $title <$admin_email> \n"; mail(fixEmail($email),$subject,$message,$headers); $i++; } } if (isset($defaultSort)) { if ($defaultSort == "newest") { $newmembers = implode("", $approved) . "\r\n"; $olddata = file_get_contents(MEMBERS); $fp = fopen(MEMBERS, "w"); fwrite($fp, $newmembers); fclose($fp); $fp = fopen(MEMBERS, "a") or die ("Couldn't open members.txt"); fwrite($fp, $olddata); fclose($fp); } elseif ($defaultSort == "oldest") { $newmembers = "\r\n" . implode("", $approved); $fp = fopen(MEMBERS, "a") or die ("Couldn't open members.txt"); fwrite($fp, $newmembers); fclose($fp); } else { exit("Invalid sort option in prefs.php: please ensure you use 'newest' or 'oldest'.
"); } } else { exit("No sort option in prefs.php: please ensure you're running the latest version.
"); } if (isset($updateDate) && $updateDate == "yes") { $update = "\n" . date($timestamp) . ",New member(s) added"; $fp = fopen(UPDATES, "w") or die ("Couldn't open UPDATES - the update could not be stored."); fwrite($fp, $update); fclose($fp); } blanklinefix(NEWBIES); blanklinefix(MEMBERS); echo "Member(s) approved.
"; } if (isset($_POST['del']) && is_array($_POST['del'])) { if (isset($_POST['fileloc'])) $fileloc = basename($_POST['fileloc']); else exit; $members = file(MEMBERS); $newbies = file(NEWBIES); foreach ($_POST['del'] as $member => $file) { if (is_numeric($member)) { if ($fileloc == "newbies.txt" && array_key_exists($member, $newbies)) unset($newbies[$member]); elseif ($fileloc == "members.txt" && array_key_exists($member, $members)) unset($members[$member]); } } if ($fileloc == "newbies.txt") $backlink = 'Delete other pending members?'; else $backlink = 'Delete other approved members?'; $members = implode("", $members); $newbies = implode("", $newbies); $fh = fopen(MEMBERS, "w"); fwrite($fh, $members); fclose($fh); $fb = fopen(NEWBIES, "w"); fwrite($fb, $newbies); fclose($fb); echo 'Member(s) deleted.
'; } echo 'Jump to: members / pending members
'; echo ''; break; case "edit_member": echo "Note: editing a member will not approve them. You must do this separately.
"; if (!isset($_GET['mem']) || $_GET['mem'] == "" || !ctype_digit($_GET['mem'])) { echo "You didn't select a valid member.
"; include('footer.php'); exit; } elseif (!isset($_GET['file']) || $_GET['file'] == "" || !file_exists($_GET['file'])) { echo "You didn't select a valid file.
"; include('footer.php'); exit; } else { if (is_numeric($_GET['mem'])) $mem = $_GET['mem']; else exit("Oops, not a valid member number."); if (file_exists($_GET['file'])) $file = $_GET['file']; else exit("Oops, the important .txt files don't exist!"); $fh = fopen($file, "r"); while(!feof($fh)) { $content[] = fgets($fh, 4096); } fclose($fh); if (empty($content[$mem])) { echo "That member does not exist.
"; include('footer.php'); exit; } $memary = preg_split("/,(?! )/", $content[$mem]); if (isset($memary['5'])) { $memary['5'] = stripslashes(trim($memary['5'], "\"\x00..\x1F")); } else { $memary['4'] = trim($memary['4'], "\"\x00..\x1F"); } ?> Back to admin panel?"; break; case "edit_process": foreach ($_POST as $key => $val) { $clean[$key] = cleanUp($val); } if (!isset($favefield) || $favefield == "no") { $clean['fave'] = ""; } if (empty($clean['dispemail'])) { $clean['dispemail'] = "no"; } $editedMember = $clean['name'] . "," . breakEmail($clean['email']) . "," . $clean['dispemail'] . "," . $clean['url'] . "," . $clean['country'] . "," . $clean['fave'] . "\n"; $mem = $clean['member']; $file = $clean['file']; $fh = fopen($file, "r"); while(!feof($fh)) { $content[] = fgets($fh, 4096); } fclose($fh); $content[$mem] = $editedMember; $data = implode($content); $data = trim($data); $fp = fopen($file, "w") or die ("Couldn't open {$file}."); fwrite($fp, $data); fclose($fp); if ($file == "newbies.txt") { echo "Member edited. Edit more pending members?
"; } else { echo "Member edited. Edit more approved members?
"; } if (isset($updateDate) && $updateDate == "yes") { if (empty($clean['url']) || $clean['url'] == "http://") { $updatedMember = $clean['name']; } else { $updatedMember = "{$clean['name']}"; } $update = "\n" . date($timestamp) . ",Member edited: $updatedMember"; $fp = fopen(UPDATES, "w") or die ("Couldn't open UPDATES - the update could not be stored.
"); fwrite($fp, $update); fclose($fp); } echo ""; break; case "add_spamword": echo "These words will be blocked - if the script finds them in the join form, membership will be rejected. Add each new word separately: do not use commas to separate spam words.
"; echo "\n"; echo ""; break; case "add_spamword_process": if(!ctype_alnum($_POST['spamword'])) { echo "That is not a valid spam word: they must only contain numbers and letters. No special characters.
"; include('footer.php'); exit; } $_POST['spamword'] = cleanUp(str_replace(',','',$_POST['spamword'])); echo "The following word is now blacklisted:
\n\n{$_POST['spamword']}
\n\n"; $newlisting = "\n".$_POST['spamword']; $fh = @fopen(SPAMWDS, "a"); @fwrite($fh, $newlisting); fclose($fh); echo ""; break; case "edit_spamword": echo "To remove a spam word, simply delete the contents of the input field.
"; if (filesize(SPAMWDS) == 0) { echo "No spam words in the list.
"; } else { echo "\n\n"; } echo ""; break; case "edit_spamword_process": $wordlist = $_POST['wordlist']; echo "The following words are now blacklisted:
\n\n";
foreach ($wordlist as $spamword) {
echo "$spamword
\n";
}
echo "
Please note: blocking an IP will stop a user from joining your fanlisting, but not from viewing it.
"; echo "\n"; echo ""; break; case "block_ip_process": if (preg_match("^((\d|[1-9]\d|2[0-4]\d|25[0-5]|1\d\d)(?:\.(\d|[1-9]\d|2[0-4]\d|25[0-5]|1\d\d)){3})$^", cleanUp(str_replace(',','',$_POST['newip'])))) { echo "The following IP has now been blocked:
\n\n{$_POST['newip']}
\n\n"; $newlisting = "\n".$_POST['newip']; $fh = @fopen(IPBLOCKLST, "a"); fwrite($fh, $newlisting); fclose($fh); } else { echo "That's not a valid IP address!
"; } echo ""; break; case "edit_blocked_ips": echo "To remove an IP, simply delete the content of the input field.
"; if (filesize(IPBLOCKLST) == 0) { echo "No blocked IPs.
"; } else { echo "\n\n"; } echo ""; break; case "edit_blocked_ips_process": echo "The following IPs are now blocked:
\n\n";
foreach ($_POST['iplist'] as $blockedip) {
print "$blockedip
\n";
}
echo "
Note: On the majority of hosts, the button folders have to have permissions set to 777 for this upload feature to work. This can constitute a security risk. Please be careful when changing the permissions of files and folders.
"; ?> Back to admin panel?"; break; case "add_button_process": if (!is_dir("buttons/")) { echo "The \"buttons\" directory does not exist and therefore the button could not be uploaded.
"; include('footer.php'); exit; } if (empty($_FILES['file'])) { echo "You did not choose an image to upload.
"; include('footer.php'); exit; } if (getimagesize($_FILES['file']['tmp_name']) === FALSE) { echo "That is not a valid image file.
"; include('footer.php'); exit; } list($width, $height, $type, $attr) = getimagesize($_FILES['file']['tmp_name']); if ($type == 1 || $type == 2 || $type == 3) { if (move_uploaded_file($_FILES['file']['tmp_name'], "buttons/{$_FILES['file']['name']}")) { echo "The button was successfully uploaded. Add another?
"; $string = substr(md5(microtime() * mktime()),0,6); $ext = substr(strrchr($_FILES['file']['name'], "."), 1); // rename the button so that bad characters don't break things. if (rename("buttons/".$_FILES['file']['name'], "buttons/".$string.".".$ext)) { $filename = $string.".".$ext; } else { // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine if (strpos($_FILES['file']['name'], ",") === true) { unlink("buttons/".$_FILES['file']['name']); echo "File names must not contain commas.
"; include('footer.php'); exit; } else { $filename = $_FILES['file']['name']; } } foreach ($_POST as $key => $val) { $clean[$key] = cleanUp($val); } $button = "\n" . $filename . "," . $width . "," . $height . "," . $clean['donated'] . "," . $clean['donatorname'] . "," . $clean['donatorurl']; $fp = fopen(BUTTONS, "a") or die ("Couldn't open BUTTONS - the information about the button could not be stored."); fwrite($fp, $button); fclose($fp); } else { echo "The button was not uploaded this time.
"; include('footer.php'); exit; } } else { echo "That file extension not valid.
"; include('footer.php'); exit; } echo ""; break; case "manage_buttons": if (isset($_GET['size'])) { list($MANwidth,$MANheight) = preg_split("/x/",$_GET['size']); ?>| Image | Donated? | Donator Name | Donator URL | Admin |
|---|---|---|---|---|
| $donated | $donator | $donatorUrl | |
You did not select a button to delete.
"; } else { $button = $_GET['button']; $fh = @fopen(BUTTONS, "r"); while(!feof($fh)) { $content[] = fgets($fh, 4096); } fclose($fh); list($file,$width,$height,$donated,$donator,$donatorUrl) = preg_split("/,(?! )/",$content[$button]); unlink("buttons/" . $file); unset($content[$button]); $data = implode("", $content); $data = trim($data); $fh = @fopen(BUTTONS, "w"); @fwrite($fh, $data); fclose($fh); echo "Button deleted. Manage more buttons?
"; } echo ""; include('footer.php'); exit; } elseif (isset($_GET['p']) && $_GET['p'] == "edit") { if (!isset($_GET['button'])) { echo "You did not select a button to edit.
"; } else { $button = $_GET['button']; $fh = fopen(BUTTONS, "r"); while(!feof($fh)) { $content[] = fgets($fh, 4096); } fclose($fh); if (empty($content[$button])) { echo "That button does not exist.
"; include('footer.php'); exit; } $buttonArray = preg_split("/,(?! )/", $content[$button]); if (isset($buttonArray['5'])) { $buttonArray['5'] = stripslashes($buttonArray['5']); $buttonArray['5'] = trim($buttonArray['5'], "\"\x00..\x1F"); } else { $buttonArray['4'] = trim($buttonArray['4'], "\"\x00..\x1F"); $buttonArray['3'] = trim($buttonArray['3'], "\"\x00..\x1F"); } ?> Back to admin panel?"; include('footer.php'); exit; } $array = file(BUTTONS); $buttons_found = array(); echo "That is not a valid image file.
"; include('footer.php'); exit; } list($width, $height, $type, $attr) = getimagesize($_FILES['newbutton']['tmp_name']); if ($type == 1 || $type == 2 || $type == 3) { if (move_uploaded_file($_FILES['newbutton']['tmp_name'], "buttons/{$_FILES['newbutton']['name']}")) { $string = substr(md5(microtime() * mktime()),0,6); $ext = substr(strrchr($_FILES['newbutton']['name'], "."), 1); // rename the button so that bad characters don't break things. if (rename("buttons/".$_FILES['newbutton']['name'], "buttons/".$string.".".$ext)) { $filename = $string.".".$ext; } else { // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine if (strpos($_FILES['newbutton']['name'], ",") === true) { unlink("buttons/".$_FILES['newbutton']['name']); echo "File names must not contain commas.
"; include('footer.php'); exit; } else { $filename = $_FILES['newbutton']['name']; } } unlink("buttons/".$clean['filename']); } } else { echo "That is not a valid image file.
"; include('footer.php'); exit; } } else { $filename = $clean['filename']; } $editedButton = $filename . "," . $clean['width'] . "," . $clean['height'] . "," . $clean['donated'] . "," . $clean['donatorname'] . "," . $clean['donatorurl'] . "\n"; $button = $clean['buttonnum']; $fh = fopen(BUTTONS, "r"); while(!feof($fh)) { $content[] = fgets($fh, 4096); } fclose($fh); $content[$button] = $editedButton; $data = implode($content); $data = trim($data); $fp = fopen(BUTTONS, "w") or die ("Couldn't open BUTTONS."); fwrite($fp, $data); fclose($fp); echo "Button edited.
"; echo ""; break; case "add_update": ?>If updates details is left blank, only a date will be shown.
Back to admin panel?"; break; case "update_process": foreach ($_POST as $key => $val) { $clean[$key] = cleanUp($val); } $update = "\n" . $clean['date'] . "," . $clean['updatedetails']; $fp = fopen(UPDATES, "w") or die ("Couldn't open UPDATES - the update could not be stored."); fwrite($fp, $update); fclose($fp); echo "Update added.
"; echo ""; break; case "add_affiliate": echo "Note: On the majority of hosts, the button folders have to have permissions set to 777 for the upload feature to work. This can constitute a security risk. Please be careful when changing the permissions of files and folders.
"; ?> Back to admin panel?"; break; case "add_affiliate_process": if (getimagesize($_FILES['affButton']['tmp_name']) === FALSE) { echo "That is not a valid image file.
"; include('footer.php'); exit; } list($width, $height, $type, $attr) = getimagesize($_FILES['affButton']['tmp_name']); if ($type == 1 || $type == 2 || $type == 3) { if (move_uploaded_file($_FILES['affButton']['tmp_name'], "buttons/{$_FILES['affButton']['name']}")) { foreach ($_POST as $key => $val) { $clean[$key] = cleanUp($val); } $string = substr(md5(microtime() * mktime()),0,6); $ext = substr(strrchr($_FILES['affButton']['name'], "."), 1); // rename the button so that bad characters don't break things. if (rename("buttons/".$_FILES['affButton']['name'], "buttons/aff_".$string.".".$ext)) { $filename = "aff_".$string.".".$ext; } else { // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine if (strpos($_FILES['affButton']['name'], ",") === true) { unlink("buttons/".$_FILES['affButton']['name']); echo "File names must not contain commas.
"; include('footer.php'); exit; } else { $filename = $_FILES['affButton']['name']; } } $aff = "\n" . $filename . "," . $clean['affName'] . "," . breakEmail($clean['affEmail']) . "," . $clean['affURL'] . "," . $clean['affSitename']; $fp = fopen(AFFILIATES, "a") or die ("Couldn't open AFFILIATES - the affiliate details were not uploaded this time."); fwrite($fp, $aff); fclose($fp); echo "The affiliate details were uploaded successfully. Add another?
"; } else { echo "The affiliate details were not uploaded this time.
"; include('footer.php'); exit; } } else { echo "That file extension not valid.
"; include('footer.php'); exit; } echo ""; break; case "manage_affiliates": if (isset($_GET['p']) && $_GET['p'] == "del") { if (!isset($_GET['p'])) { echo "You did not select an affiliate to delete.
"; } else { $aff = $_GET['aff']; $fh = @fopen(AFFILIATES, "r"); while(!feof($fh)) { $content[] = fgets($fh, 4096); } fclose($fh); list($affButton,$affName,$affEmail,$affURL,$affSitename) = preg_split("/,(?! )/",$content[$aff]); unlink("buttons/" . $affButton); unset($content[$aff]); $data = implode("", $content); $data = trim($data); $fh = @fopen(AFFILIATES, "w"); @fwrite($fh, $data); fclose($fh); echo "Affiliate deleted. Manage more affiliates?
"; } echo ""; include('footer.php'); exit; } elseif (isset($_GET['p']) && $_GET['p'] == "edit") { if (!isset($_GET['aff'])) { echo "You did not select an affiliate to edit.
"; } else { $aff = $_GET['aff']; $fh = fopen(AFFILIATES, "r"); while(!feof($fh)) { $content[] = fgets($fh, 4096); } fclose($fh); if (empty($content[$aff])) { echo "That affiliate does not exist.
"; include('footer.php'); exit; } $affArray = preg_split("/,(?! )/", $content[$aff]); $affArray['4'] = trim($affArray['4'], "\"\x00..\x1F"); ?> Back to admin panel?"; include('footer.php'); exit; } ?>| Button | Name | URL | Site Name | Admin | |
|---|---|---|---|---|---|
| $affName | www | $affSitename | |
That is not a valid image file.
"; include('footer.php'); exit; } list($width, $height, $type, $attr) = getimagesize($_FILES['newbutton']['tmp_name']); if ($type == 1 || $type == 2 || $type == 3) { if (move_uploaded_file($_FILES['newbutton']['tmp_name'], "buttons/{$_FILES['newbutton']['name']}")) { $string = substr(md5(microtime() * mktime()),0,6); $ext = substr(strrchr($_FILES['newbutton']['name'], "."), 1); // rename the button so that bad characters don't break things. if (rename("buttons/".$_FILES['newbutton']['name'], "buttons/".$string.".".$ext)) { $filename = $string.".".$ext; } else { // if button could not be renamed we check for commas and delete the button if 'bad', or rely on original name if fine if (strpos($_FILES['newbutton']['name'], ",") === true) { unlink("buttons/".$_FILES['newbutton']['name']); echo "File names must not contain commas.
"; include('footer.php'); exit; } else { $filename = $_FILES['newbutton']['name']; } } unlink("buttons/".$clean['filename']); } } else { echo "That is not a valid image file.
"; include('footer.php'); exit; } } else { $filename = $clean['filename']; } $editedAff = $filename . "," . $clean['affName'] . "," . breakEmail($clean['affEmail']) . "," . $clean['affURL'] . "," . $clean['affSitename'] . "\n"; $aff = $clean['affnum']; $fh = fopen(AFFILIATES, "r"); while(!feof($fh)) { $content[] = fgets($fh, 4096); } fclose($fh); $content[$aff] = $editedAff; $data = implode($content); $data = trim($data); $fp = fopen(AFFILIATES, "w") or die ("Couldn't open AFFILIATES."); fwrite($fp, $data); fclose($fp); echo "Affiliate edited.
"; echo ""; break; case "email_affiliates": if (isset($_GET['p']) && $_GET['p'] == "process") { foreach ($_POST as $key => $val) { $clean[$key] = stripslashes(trim($val)); } $subject = "E-mail from the $FLsubject fanlisting"; if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { $clean['to'] = str_replace('>', '', $clean['to']); $clean['to'] = str_replace('<', '', $clean['to']); $headers = "From: $admin_email \n"; $headers .= "Reply-To: $admin_email"; } else { $headers = "From: $title <$admin_email> \n"; $headers .= "Reply-To: <$admin_email>"; } if (mail($clean['to'],$subject,$clean['message'],$headers)) { echo "E-mail sent!
"; echo ""; } else { echo "The e-mail could not be sent at this time.
"; echo ""; } exit; } $array = file(AFFILIATES); ?> Back to admin panel?"; break; case "search": if (isset($_GET['p']) && $_GET['p'] == "process") { if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($_POST['email']))) { echo "That is not a valid e-mail address.
"; echo ""; include('footer.php'); exit; } if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($_POST['email']), "email") === true) { $file = MEMBERS; } elseif (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($_POST['email']), "email") === true) { $file = NEWBIES; } if (!isset($file)) { echo "Something went horribly, drastically wrong! Run for your life!
"; echo "...
"; echo "Just kidding — that member does not exist.
"; echo ""; include('footer.php'); exit; } $members = file($file); foreach ($members as $key => $value) { if (preg_match("/(".breakEmail($_POST['email']).")/i", $value)) { list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$value); if (empty($url) || $url == "http://" || $url == "") { $url = "(none)"; } else { $url = "website"; } ?>Search results:
| Name | Website | Country | Fave"; } ?>Admin | ||
|---|---|---|---|---|---|
| email"; ?> |
|
Search for member by e-mail address:
BellaBuffs Admin Panel"; ?> Bad cookie. Clear 'em out and start again."; include('footer.php'); exit; } } if (isset($_GET['p']) && $_GET['p'] == "login") { if ($_POST['name'] != $admin_name || $_POST['pass'] != $admin_pass) { include('header.php'); echo "Sorry, that username and password combination does not match. Please try again.
"; ?> Sorry, you could not be logged in at this time. Please try again."; ?>