This page lists files in the current directory. You can view content, get download/execute commands for Wget, Curl, or PowerShell, or filter the list using wildcards (e.g., `*.sh`).
wget 'https://lists2.roe3.org/swapshop/action.php'<?php
include_once("inc_dbcon.php");
$confirmPassword = $_GET["cp"];
$action = $_GET["a"];
$k="";
if (isset($_GET["k"])){
$k = "&k=" . $_GET["k"];
}
$sql = "SELECT * FROM md_postings WHERE confirmPassword='$confirmPassword'";
if ($result = mysqli_query($dbConn,$sql)){
//
} else {
print("Hmmm... something went wrong activating your post:<br>" . mysql_error());
}
$num_rows = mysqli_num_rows($result);
$row = mysqli_fetch_array($result);
if ($num_rows > 0){
if ($action == "confirm") {
mysqli_query($dbConn,"UPDATE md_postings SET isConfirmed='1' WHERE confirmPassword='$confirmPassword'");
header("Location: viewItem.php?id=" . $row["postId"] . "&msg=activated");
}
if ($action == "delete"){
mysqli_query($dbConn,"DELETE from md_postings WHERE confirmPassword='$confirmPassword'");
header("Location: index.php?&msg=deleted". $k);
}
if ($action == "deact"){
mysqli_query($dbConn,"UPDATE md_postings SET isAvailable='0' WHERE confirmPassword='$confirmPassword'");
header("Location: viewItem.php?id=" . $row["postId"] . "&msg=deactivated". $k);
}
if ($action == "react") {
mysqli_query($dbConn,"UPDATE md_postings SET isAvailable='1' WHERE confirmPassword='$confirmPassword'");
header("Location: viewItem.php?id=" . $row["postId"] . "&msg=reactivated&admin=true". $k);
}
} else {
print("The item specified could not be found. Please try again.");
}
?>
wget 'https://lists2.roe3.org/swapshop/controller.php'<?php
session_start();
include_once("inc_dbcon.php");
include_once('inc_thumbnail.php');
include_once('inc_functions.php');
include_once('./admin/config.php');
include_once($languageFile);
$ip = GetHostByName($_SERVER['REMOTE_ADDR']);
$op = $_REQUEST["op"]; // op is the operation code
$msg = "";
if ($op == "newItem"){
$botEmail = $_POST["email"];
// this should not be filled in if it is a human filling out the form because the email field should be hidden via css
// if it is filled in, send them over to the fbi's site :)
if ($botEmail != '') {
// begin hacker defense - Thanks Kreuznacher | wurdzwurk
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*<?.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img.*\"?[^>]*>", $secvalue))) {
die ("There was a problem with your post. Please try removing any HTML you may have in it.");
}
}
}
// end hacker defense
// start captcha check
include_once("captcha/securimage.php");
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
die('<font face=\"verdana,arial,helvetica\">
<b>The code you entered was incorrect.
<br>Use the browser\'s back button and try again.</b></font>');
}
// end captcha check
$title = mysqli_real_escape_string($dbConn,trim($_POST["md_title"]));
$description = mysqli_real_escape_string($dbConn,trim($_POST["md_description"]));
$price = mysqli_real_escape_string($dbConn,trim($_POST["md_price"]));
$email = mysqli_real_escape_string($dbConn,trim($_POST["md_email2"]));
$city = mysqli_real_escape_string($dbConn,trim($_POST["city"]));
$namer = mysqli_real_escape_string($dbConn,$_POST["namer"]);
$category = mysqli_real_escape_string($dbConn,$_POST["category"]);
$owner = mysqli_real_escape_string($dbConn,$_POST["owner"]);
// upload the file if it exists
$file = uploadImage($_POST["uploadform"]);
// Create a Thumbnail if an image exists
if ($file != "no file") {
$date = date("YmdHis");
$imgArr = split('[/]', $file);
$imgNameOnly = $imgArr[sizeof($imgArr)-1];
$folderPath = "";
for ($i=0; $i<sizeof($imgArr)-1; $i++)
$folderPath .= $imgArr[$i] . "/" ;
$photoPathName = $folderPath . $date . "_" . $imgNameOnly;
$thumbNailPathName = $folderPath . "thumb_" . $date . "_" . $imgNameOnly;
$imgType = getImgType($imgNameOnly);
// Create a resized image of the orig. a mx of 400 pixels
$photo=new Thumbnail(400,400); //change this value for smaller images
// Load an image into a string (this could be from a database)
$image=file_get_contents($file);
// Load the image data
$photo->loadData($image,$imgType);
// Build the thumbnail and store as a file
$photo->buildThumb($photoPathName);
// Instantiate the thumbnail
$tn=new Thumbnail(80,80);
// Load an image into a string (this could be from a database)
$image=file_get_contents($file);
// Load the image data
$tn->loadData($image,$imgType);
// Build the thumbnail and store as a file
$tn->buildThumb($thumbNailPathName);
// delete the source file that is potentially large
unlink($file);
}
// Creates a 7 character random string
$confirmPassword = chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122));
$sql = "insert INTO md_postings SET email='$email', name='$namer', city='$city', category='$category', title='$title', description='$description', price='$price', ip='$ip', owner='$owner', confirmPassword='$confirmPassword', imgURL='$photoPathName', imgURLThumb='$thumbNailPathName'";
if (mysqli_query($dbConn,$sql)) { // If all is good, send the email
include_once("emails/email_newItem.php");
mail($email, STR_CONFIRMPOSTING, $message, $headers);
header("Location:newItemConfirm.php");
} else {
print("There was a problem while trying to create a new item:<br>" . mysql_error());
}
}
if ($op == "email"){
$botEmail = $_POST["email"];
// this should not be filled in if it is a human filling out the form because the field should be hidden via css
// if it is filled in, send them over to the fbi's site :)
if ($botEmail != '') {
// begin hacker defense - Thanks Kreuznacher | wurdzwurk
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*<?.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img.*\"?[^>]*>", $secvalue))) {
die ("There was a problem with your post. Please do not include code.");
}
}
}
// end hacker defense
$postId = mysqli_real_escape_string($dbConn,$_POST["postId"]);
$title = mysqli_real_escape_string($dbConn,addslashes(trim($_POST["title"])));
$name = mysqli_real_escape_string($dbConn,addslashes(trim($_POST["name"])));
$email = mysqli_real_escape_string($dbConn,trim($_POST["email2"]));
$message = "From: $name \n\n" . stripslashes($_POST["md_message"]);
$emailTitle = STR_ABOUTYOURPOST . $title;
$headers = 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$sql = "SELECT email FROM md_postings WHERE postId='$postId'";
$result = mysqli_query($dbConn,$sql);
if (!$result){
print("Hmmm... Error getting email address: " . mysql_error());
}
$row = mysqli_fetch_array($result);
$toEmail = $row["email"];
mail($toEmail, $emailTitle, $message, $headers);
header("Location: viewItem.php?id=$postId&msg=messageSent");
}
if ($op == "emailReminder"){
$postId = mysqli_real_escape_string($dbConn,$_POST["postId"]);
$sql = "SELECT email, title, confirmPassword FROM md_postings WHERE postId='$postId'";
$result = mysqli_query($dbConn,$sql);
if (!$result){
print("Error performing query: " . mysql_error());
}
$row = mysqli_fetch_array($result);
$confirmPassword = $row["confirmPassword"];
$toEmail = $row["email"];
include_once("emails/email_reminder.php");
mail($toEmail, STR_REMINDEREMIAL, $message, $headers);
header("Location: viewItem.php?id=$postId&msg=messageSent");
}
?>
wget 'https://lists2.roe3.org/swapshop/geocode.txt'<?php
$IPaddress=$_SERVER['REMOTE_ADDR'];
$two_letter_country_code=iptocountry($IPaddress);
if ($two_letter_country_code!="US"){
Header ("Location: https://www.google.com/");
} else {
Header ("Location: content.php?q=mainpage");
}
function iptocountry($ip) {
$numbers = preg_split( "/\./", $ip);
include("ip_files/".$numbers[0].".php");
$code=($numbers[0] * 16777216) + ($numbers[1] * 65536) + ($numbers[2] * 256) + ($numbers[3]);
foreach($ranges as $key => $value){
if($key<=$code){
if($ranges[$key][0]>=$code){$two_letter_country_code=$ranges[$key][1];break;}
}
}
if ($two_letter_country_code==""){$two_letter_country_code="unkown";}
return $two_letter_country_code;
}
?>
wget 'https://lists2.roe3.org/swapshop/inc_banner.php'<a href="index.php"><img src="images/banner.png"></a>
wget 'https://lists2.roe3.org/swapshop/inc_dbcon.php'<?php
// Change these to be for your database
$dbhostname = "localhost";
$dbname = "swapshop";
$dbusername = "swapshopuser";
$dbpassword = "swapshoppass";
$dbConn = mysqli_connect("localhost", $dbusername, $dbpassword, $dbname);
?>
wget 'https://lists2.roe3.org/swapshop/inc_footer.php'<div style="font-size:x-small;font-family:helvetica,arial,sans serif;">
<div align="center" style="border-top:1px dotted #ccc; padding-top:6px; margin-top:20px;">
<div style="display:inline; float:left;">
<a href="admin/index.php" style="text-decoration:none;">Admin</a>
|
<a href="user-registration/logout.php" style="text-decoration:none;">Logout</a>
</div>
<div style="display:inline; float:right;">
<a href="rss.php?<?php echo $_SERVER['QUERY_STRING']; ?>"><img src="images/icn_rss.gif" alt="RSS" width="16" height="16" border="0" align="absmiddle" /></a>
<a href="rss.php?<?php echo $_SERVER['QUERY_STRING']; ?>" class='md_footer'>RSS</a></div>
</div>
</div>
wget 'https://lists2.roe3.org/swapshop/inc_functions.php'wget 'https://lists2.roe3.org/swapshop/inc_navigation.php'<?php
$catList = "";
$id = "";
if(!isset($currentCat)){
$currentCat = "";
}
if (isset($_GET["category"])){
$currentCat = mysqli_real_escape_string($dbConn,$_GET["category"]);
}
$result = mysqli_query($dbConn,"SELECT * FROM md_categories order by cat_order");
if (!$result){
print("Houston we have a problem: " . mysql_error());
exit();
}
$categoryCounter = 0;
while ($row = mysqli_fetch_array($result)){
if ($currentCat == $row["cat_id"]){
$id ='id="current"';
$categoryCounter++;
}
$catList .= "<li $id><a href='index.php?category=" . $row["cat_id"] . $keyOut . "'>" . $row["cat_name"] . "</a></li>\n" ;
$id = "";
}
$idNewItem = $idHome = "";
if ($categoryCounter < 1){
if(strpos($_SERVER['PHP_SELF'], "newItem") > 0){
$idNewItem = "id='current'";
} else {
$idHome = "current";
}
}
?>
<div id="header">
<div style="display:inline; float:right">
<form name="searchForm" action="index.php" method="get" style="display:inline; float:right">
<?php echo STR_SEARCH; ?>
<input type="text" name="q" size="8" maxlength="40" value="<?php echo $searchQuery ;?>">
<input type="submit" name="" value="<?php echo STR_GO; ?>">
</form>
</div>
<ul>
<li id='<?php print($idHome); ?>'><a href='index.php?a=1<?php echo $keyOut;?>'><?php echo STR_ALLADDS ?></a></li>
<?php print($catList); ?>
<li <?php print($idNewItem); ?>><a href="newItem.php?a=1<?php echo $keyOut;?>"> <?php echo STR_POSTSOMETHING ?></a></li>
</ul>
</div>
<?php mysqli_free_result($result); ?>
wget 'https://lists2.roe3.org/swapshop/inc_thumbnail.php'<?php
/**
* @package SPLIB
* @version $Id: Thumbnail.php,v 1.1 2003/12/12 08:06:06 kevin Exp $
*/
/**
* Thumbnail<br />
* Resizes images to thumbnails
* @package SPLIB
* @access public
* @todo bug fix for multiple images
* @todo PHP < 4.3.0 compatibility
*/
class Thumbnail {
/**
* Maximum width of the thumbnail in pixels
* @access private
* @var int
*/
var $maxWidth;
/**
* Maximum height of the thumbnail in pixels
* @access private
* @var int
*/
var $maxHeight;
/**
* Whether to scale image to fit thumbnail (true) or
* strech to fit (false)
* @access private
* @var boolean
*/
var $scale;
/**
* Whether to inflate images smaller the the thumbnail
* @access private
* @var boolean
*/
var $inflate;
/**
* List of accepted image types based on MIME description
* @access private
* @var array
*/
var $types;
/**
* Stores function names for each image type e.g. imagecreatefromjpeg
* @access private
* @var array
*/
var $imgLoaders;
/**
* Stores function names for each image type e.g. imagejpeg
* @access private
* @var array
*/
var $imgCreators;
/**
* The source image
* @access private
* @var resource
*/
var $source;
/**
* Width of source image in pixels
* @access private
* @var int
*/
var $sourceWidth;
/**
* Height of source image in pixels
* @access private
* @var int
*/
var $sourceHeight;
/**
* MIME type of source image
* @access private
* @var string
*/
var $sourceMime;
/**
* The thumbnail
* @access private
* @var resource
*/
var $thumb;
/**
* Width of thumbnail in pixels
* @access private
* @var int
*/
var $thumbWidth;
/**
* Height of thumbnail in pixels
* @access private
* @var int
*/
var $thumbHeight;
/**
* Thumbnail constructor
* @param int max width of thumbnail
* @param int max height of thumbnail
* @param boolean (optional) if true image scales
* @param boolean (optional) if true inflate small images
* @access public
*/
function Thumbnail ($maxWidth,$maxHeight,$scale=true,$inflate=true) {
$this->maxWidth=$maxWidth;
$this->maxHeight=$maxHeight;
$this->scale=$scale;
$this->inflate=$inflate;
// Consider modifying these to add to handle other images
$this->types=array('image/jpeg','image/png');
$this->imgLoaders=array(
'image/jpeg'=>'imagecreatefromjpeg',
'image/png'=>'imagecreatefrompng'
);
$this->imgCreators=array(
'image/jpeg'=>'imagejpeg',
'image/png'=>'imagepng'
);
}
/**
* Loads an image from a file
* @param string filename (with path) of image
* @return boolean
* @access public
*/
function loadFile ($image) {
if ( !$dims=@GetImageSize($image) ) {
trigger_error('Could not find image '.$image);
return false;
}
if ( in_array($dims['mime'],$this->types) ) {
$loader=$this->imgLoaders[$dims['mime']];
$this->source=$loader($image);
$this->sourceWidth=$dims[0];
$this->sourceHeight=$dims[1];
$this->sourceMime=$dims['mime'];
$this->initThumb();
return true;
} else {
trigger_error('Image MIME type '.$dims['mime'].' not supported');
return false;
}
}
/**
* Loads an image from a string (e.g. database)
* @param string the image
* @param mime mime type of the image
* @return boolean
* @access public
*/
function loadData ($image,$mime) {
if ( in_array($mime,$this->types) ) {
$this->source=imagecreatefromstring($image);
$this->sourceWidth=imagesx($this->source);
$this->sourceHeight=imagesy($this->source);
$this->sourceMime=$mime;
$this->initThumb();
return true;
} else {
trigger_error('Image MIME type '.$mime.' not supported');
return false;
}
}
/**
* If a filename is provides, creates the thumbnail using that name
* If not, the image is output to the browser
* @param string (optional) filename to create image with
* @return boolean
* @access public
*/
function buildThumb ($file=null) {
$creator=$this->imgCreators[$this->sourceMime];
if ( isset ( $file ) ) {
return $creator($this->thumb,$file);
} else {
return $creator($this->thumb);
}
}
/**
* Returns the mime type for the thumbnail
* @return string
* @access public
*/
function getMime () {
return $this->sourceMime;
}
/**
* Returns the width of the thumbnail
* @return int
* @access public
*/
function getThumbWidth() {
return $this->thumbWidth;
}
/**
* Returns the height of the thumbnail
* @return int
* @access public
*/
function getThumbHeight() {
return $this->thumbHeight;
}
/**
* Creates the thumbnail
* @return void
* @access private
*/
function initThumb () {
if ( $this->scale ) {
if ( $this->sourceWidth > $this->sourceHeight ) {
$this->thumbWidth=$this->maxWidth;
$this->thumbHeight=floor(
$this->sourceHeight*($this->maxWidth/$this->sourceWidth)
);
} else if ( $this->sourceWidth < $this->sourceHeight ) {
$this->thumbHeight=$this->maxHeight;
$this->thumbWidth=floor(
$this->sourceWidth*($this->maxHeight/$this->sourceHeight)
);
} else {
$this->thumbWidth=$this->maxWidth;
$this->thumbHeight=$this->maxHeight;
}
} else {
$this->thumbWidth=$this->maxWidth;
$this->thumbHeight=$this->maxHeight;
}
$this->thumb=imagecreatetruecolor($this->thumbWidth,
$this->thumbHeight);
if ( $this->sourceWidth <= $this->maxWidth &&
$this->sourceHeight <= $this->maxHeight &&
$this->inflate == false ) {
$this->thumb=& $this->source;
} else {
imagecopyresampled( $this->thumb, $this->source, 0, 0, 0, 0,
$this->thumbWidth, $this->thumbHeight,
$this->sourceWidth, $this->sourceHeight );
}
}
}
function getImgType($val){
$val = strtolower($val);
$tmp = "";
if (strpos($val, ".gif"))
$tmp = "image/gif";
elseif (strpos($val, ".png"))
$tmp = "image/png";
else
$tmp = "image/jpeg";
return $tmp;
}
?>wget 'https://lists2.roe3.org/swapshop/md_style.css'.md_pageTitle{
border-bottom:1px solid #cccccc; font-family:Helvetica,Arial,sans-serif;
font-size:x-large; color:#333333; margin-bottom:20px;
}
.md_labelViewItem{font-size:smallest; color:#666666; font-weight:bold;}
.md_divider{color:#ccc}
.md_date{float:right; display:inline; font-size:small;}
.md_label{font-weight:bold; margin-top:16px;}
.md_labelFinePrint{font-weight:normal;}
.md_bigButton{ font-weight:bold;color:#444; }
.md_formTitle{font-size:large; border-bottom:1px solid #ebebeb; margin-bottom:10px; }
.md_listingTable{ border-bottom:1px solid #cccccc;}
.md_itemTitle{ font-size:22px; font-family:Helvetica,Arial,sans-serif; color:#333; margin-bottom:12px;padding-top:12px; border-bottom:1px dotted #ccc; }
.md_itemTitleSub{ color:#333; font-size:small;}
.md_msg{
padding:11px;
color:white;
font-weight:bold;
background-repeat:no-repeat;
padding-left:60px;
background-image: url(images/bg_msg.png);
margin-top:16px;
}
.md_thumbnail{ border:1px solid #003399;}
.md_photo{
padding:8px;
padding-bottom:30px;
margin-top:12px;
border:2px solid #ccc;
}
.md_required{ color:#900; font-weight:bold;}
.md_listing{ padding-top:12px; padding-bottom:12px; border-bottom:1px solid #ccc;}
a.md_recordLink{ }
/*0066D8*/
a.md_recordLink:link{ color:#003399; font-weight:bold;}
a.md_recordLink:hover{ text-decoration:none;}
a.md_recordLink:visited { color:#603; font-weight:bold;}
a.md_footer:link{ color:#003399;}
a.md_footer:hover{ text-decoration:none;}
a.md_footer:visited { color:#003399;}
.thisismypost{
display:none;
margin:4px;
padding:12px;
padding-bottom:18px;
width:400px;
float:right;
border:1px solid #ccc;
background-color:#fff;
background-image:url(images/bg_form.gif);
-moz-border-radius: 6px;
-webkit-border-radius: 6px;
border-radius: 6px;
}
#newItemForm{
margin:4px;
padding:12px;
padding-bottom:18px;
border:1px solid #ccc;
background-color:#fff;
background-image:url(images/bg_form.gif);
-moz-border-radius: 6px;
-webkit-border-radius: 6px;
border-radius: 6px;
}
textarea{font-family:helvetica, arial, sans-serif; font-size:small;}
#md_container{font-family:helvetica, arial, sans-serif; padding:10px; padding-top:0px; font-size:small;}
#md_content{ xmargin-top:60px;}
#md_navigation{background-color:#efefef;}
#md_submit{margin-top:20px; border-top:1px solid #cccccc; padding-top:20px}
#md_description{width:100%; padding:3px;}
#md_title{width:100%}
#md_email{display:none;}
#navigationBar{height:40px; background-image:url(images/bar_middle.gif)}
#mxxxxxd_contentForm{
background-color:#efefef;
padding:16px;
border:1px solid #ccc;
background-image:url(images/bg_form.gif);
}
#md_emailBox{
width:550px;
padding:12px;
margin-top:30px;
border:1px solid #ccc;
background-color:#fff;
background-image:url(images/bg_form.gif);
-moz-border-radius: 6px;
-webkit-border-radius: 6px;
border-radius: 6px;}
#md_listingBox{ }
#md_message{font-family:Arial, Helvetica, sans-serif; font-size:small; padding:4px;}
#md_filter{padding-bottom:8px;}
#md_postSomethingContainer{padding-top:12px;}
#md_myPostLink{margin-top:20px;}
#header {
float:left;
width:100%;
background:#fff url("images/bg.gif") repeat-x bottom;
font-size:80%;
line-height:normal;
background-image: url(images/bg.gif);
margin-bottom:8px;
font-family:Helvetica,Arial,Sans-serif;
}
#header ul {
margin:0;
padding:10px 10px 0;
list-style:none;
}
#header li {
float:left;
background:url("images/left.gif") no-repeat left top;
margin:0;
padding:0 0 0 9px;
}
#header a {
display:block;
background:url("images/right.gif") no-repeat right top;
padding:5px 15px 4px 6px;
text-decoration:none;
color:black;
font-weight:bold;
}
#header a:hover {
text-decoration:underline;
color:#003399;
}
#header #current {
background-image:url("images/left_on.gif");
}
#header #current a {
background-image:url("images/right_on.gif");
padding-bottom:5px;
color:#003399;
}
#confirmationBox{}
#md_viewItemContent{padding-top:20px;padding-right:20px;width:80%}
.md_admin{background-image:url("images/bg_admin.gif"); left-margin:10px;padding:10px; border: 1px solid maroon; }
.md_errorField{border:1px solid #CC0000; background-color:#FFDDDD}
.md_errorText{color:#CC0000; font-weight:bold;}
/* buttons */
.clear { /* generic container (i.e. div) for floating buttons */
overflow: hidden;
width: 100%;
}
a.button {
background: transparent url('images/bg_button_a.gif') no-repeat scroll top right;
color: #444;
display: block;
float: left;
font: normal 12px arial, sans-serif;
height: 24px;
margin-right: 6px;
padding-right: 18px; /* sliding doors padding */
text-decoration: none;
font-weight:bold;
}
a.button span {
background: transparent url('images/bg_button_span.gif') no-repeat;
display: block;
line-height: 14px;
padding: 5px 0 5px 18px;
}
a.button:active {
background-position: bottom right;
color: #000;
outline: none; /* hide dotted outline in Firefox */
}
a.button:active span {
background-position: bottom left;
padding: 6px 0 4px 18px; /* push text down 1px */
}
wget 'https://lists2.roe3.org/swapshop/newItem.php'<?php
session_start();
if (isset($_SESSION["username"])) {
$user = $_SESSION["username"];
}
include_once("inc_dbcon.php");
include_once("inc_functions.php");
include_once('./admin/config.php');
include_once($languageFile);
$key = "fjmzryhbxwepqgnktdlcv";
global $keyOut;
$keyOut = "";
if (isset($_GET["k"]))
if($_GET["k"] == $key){ // Key comes from admin/password.php file
$keyOut = "&k=" . $key;
}
$catSelectList = "";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Post a New Item</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script language="JavaScript" type="text/javascript">
<!--
function md_validateForm(){
d = document.form1
e = false // no erros by default
// Restore categories to the default so that when re-checked the UI updates
d.md_category.className = d.md_title.className = d.md_description.className = d.md_email2.className =''
document.getElementById('md_categoryLabel').className = document.getElementById('md_titleLabel').className = document.getElementById('md_descriptionLabel').className =document.getElementById('md_emailLabel').className = 'md_label';
if(d.md_category.value == 'null'){
d.md_category.className = 'md_errorField'
document.getElementById('md_categoryLabel').className = 'md_errorText';
d.md_category.focus();
e=true;
}
if(d.md_title.value == ''){
d.md_title.className = 'md_errorField'
document.getElementById('md_titleLabel').className = 'md_errorText';
d.md_title.focus();
e=true;
}
if(d.md_description.value == ''){
d.md_description.className = 'md_errorField';
document.getElementById('md_descriptionLabel').className = 'md_errorText';
d.md_description.focus();
e=true;
}
if ((d.md_email2.value.indexOf(".") > 2) && (d.md_email2.value.indexOf("@") > 0)){
// it looks like an email address
} else {
d.md_email2.className = 'md_errorField';
document.getElementById('md_emailLabel').className = 'md_errorText';
d.md_email2.focus();
e=true;
}
if(!e)
document.form1.submit()
}
//-->
</script>
<link href="md_style.css" rel="stylesheet" type="text/css" />
<style>
</style>
</head>
<body>
<span style="color:#808080;font-family: Calibri, sans-serif; font-size: 0.8em;">
<?php
echo "User: ".$user."<br>";
?>
</span>
<?php
include_once("inc_banner.php");
include_once("inc_navigation.php");
?>
<div id="md_container">
<div id="md_contentForm">
<br clear="all" />
<div id='newItemForm'>
<form action="controller.php" method="post" enctype="multipart/form-data" name="form1" id="form1">
<table border="0" cellpadding="8" cellspacing="0">
<tr>
<td align="right" valign="top"><span class="md_required">*</span> <span class="md_label" id="md_categoryLabel"><?php echo STR_CATEGORY;?></span></td>
<td>
<?php
$result2 = mysqli_query($dbConn,"SELECT * FROM md_categories order by cat_order");
if (!$result2){
print("There was a problem getting categories: <b>" . mysqli_error());
exit();
}
$counter = 0;
// Create the HTML code for the label and select list
$catSelectList .= "<select name='category' id='md_category'><option value='null'>- Select a category -</option>\n";
while ($row = mysqli_fetch_array($result2))
{
$catSelectList .= "<option value='".$row["cat_id"]."'>" . $row["cat_name"] . "</option>\n" ;
$counter++;
}
$catSelectList .= "</select>";
if ($counter == 0)
echo "<input type=hidden name='category' value='0'>";
else
echo $catSelectList;
?></td>
</tr>
<tr>
<td align="right" valign="top"><span class="md_required">*</span> <span class="md_label" id="md_titleLabel"><?php echo STR_TITLE;?></span></td>
<td><input name="md_title" type="text" size="50" value="" id='md_title' /></td>
</tr>
<tr>
<td align="right" valign="top"><span class="md_label"><?php echo STR_PRICE;?></span></td>
<td>$
<input name="md_price" type="text" size="6" value="" id='md_price' />
<?php echo STR_FORFREE;?></td>
</tr>
<tr>
<td align="right" valign="top" nowrap="nowrap"><span class="md_required">*</span> <span class="md_label" id="md_descriptionLabel"><?php echo STR_DESCRIPTION;?></span></td>
<td><textarea name="md_description" cols="60" rows="6" id='md_description'></textarea></td>
</tr>
<tr>
<td align="right" valign="top"><span class="md_label"><?php echo STR_PICTURE;?></span></td>
<td valign="top">
<input name="filetoupload" type="file" id="filetoupload" size="40" />
<span class="md_labelFinePrint">(4 mb max)</span>
<input type="hidden" name="MAX_FILE_SIZE" value="409600" />
[ <a href="https://shrinkpdf.com/" target="_blank">Shrink PDF</a> |
<a href="https://picsmaller.com/" target="_blank">Pic Smaller</a> |
<a href="https://www.adobe.com/express/feature/image/resize" target="_blank">Adobe Image Resizer</a> ]
</td>
</tr>
<tr>
<td align="right" valign="top">
<font color="#FF0000">PLEASE NOTE:</font>
</td>
<td valign="top">
<i>Phone camera photos are notoriously large, as are many PDF files. Please use the tools above to reduce the size of your files prior to uploading them.</i>
</td>
</tr>
<tr>
<td align="right" valign="top"><span class="md_label"><?php echo STR_NAME;?></span></td>
<td valign="top">
<input name="namer" type="text" id="namer" size="40" />
<?php echo STR_NAMEISDISPLAY;?></td>
</tr>
<tr>
<td align="right" valign="top"><span class="md_label"><?php echo STR_CITY;?></span></td>
<td valign="top">
<input name="city" type="text" id="md_city" size="40" maxlength="90" />
<?php echo STR_WHERELOCATED;?></td>
</tr>
<tr>
<td align="right" valign="top"><span class="md_required">*</span> <span class="md_label" id="md_emailLabel"><?php echo STR_EMAIL;?></span></td>
<td valign="top">
<input name="Email" type="text" id="md_email" size="40" maxlength="90" />
<input name="md_email2" type="text" id="md_email2" size="40" maxlength="90" />
<?php echo STR_MAILNOTDISPLAY;?></td>
</tr>
<tr>
<td colspan="2" align="right" valign="top"> </td>
</tr>
<tr>
<td align="right" valign="top">
<img id="captcha" src="captcha/securimage_show.php"
alt="CAPTCHA Image" />
</td>
<td align="left" valign="middle">
Type the characters appearing at left in the textbox below:<br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#"
onclick="document.getElementById('captcha').src =
'captcha/securimage_show.php?' + Math.random(); return false">
Reload Image</a>
</td>
</tr>
<tr>
<td align="right" valign="top"> </td>
<td>
<input name="uploadform" type="button" value="<?php echo STR_SUBMITIT ?>" id="md_submitButton" class="md_bigButton" onclick="md_validateForm()" />
<input type="hidden" name="op" value="newItem" />
<input type="hidden" name="owner" value="<?php echo $user; ?>" />
</td>
</tr>
</table>
</form>
</div>
</div>
</div>
<?php include_once("inc_footer.php"); ?>
</body>
</html>
wget 'https://lists2.roe3.org/swapshop/newItemConfirm.php'<?php
session_start();
if (isset($_SESSION["username"])) {
$user = $_SESSION["username"];
}
include_once("inc_dbcon.php");
include_once('admin/config.php');
include_once($languageFile);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title><?php echo STR_CHECKYOURMAIL; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="md_style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php include_once("inc_navigation.php") ?>
<div id="md_container">
<div id='confirmationBox'>
<br /> <br /> <br />
<?php echo STR_ALMOSTDONE; ?></p>
<blockquote>
<ol style="margin:22px">
<li><strong><?php echo STR_CHECKYOURMAIL; ?><br /> </strong></li>
<li><strong><?php echo STR_CLICKTHELINK; ?></strong></li>
</ol>
</blockquote>
</div>
</div>
<?php include_once("inc_footer.php");?>
</body>
</html>
wget 'https://lists2.roe3.org/swapshop/password_protect.php'<?php
session_start();
##################################################################
# SETTINGS START
##################################################################
// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
'TechGeeksR0ck$!'
);
// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', false);
// User will be redirected to this page after logout
//define('LOGOUT_URL', 'https://www.google.com');
define('LOGOUT_URL', $_SERVER['HTTP_REFERER']);
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
##################################################################
# SETTINGS END
##################################################################
///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////
// show usage example
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
// logout?
if(isset($_GET['logout'])) {
session_unset();
session_destroy();
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if(!function_exists('showLoginPasswordProtect')) {
// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
<title>Please Enter Your Password To Access This Resource</title>
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<style>
body {
font-family: "Lato", Calibri, Arial, sans-serif;
font-weight: 700;
font-size: 16px;
color: #000;
-webkit-font-smoothing: antialiased;
overflow-y: scroll;
overflow-x: hidden;
}
input {
border: 1px solid black;
font-size: 16px;
font-weight: 800;
}
label,
input:not([type="checkbox"]),
toggle-password {
display: block;
width: 100%;
}
input,
toggle-password {
margin-bottom: 1em;
}
toggle-password [aria-pressed="true"] [is-hidden],
toggle-password [aria-pressed="false"] [is-visible] {
display: none;
}
li { margin: 10px 0; }
fieldset {
background-color: #efefef;
}
legend {
background-color: black;
color: white;
padding: 5px 10px;
}
</style>
</head>
<body>
<div style="width:200px; margin-left:auto; margin-right:auto; text-align:center">
<form method="post">
<h3>Please Enter Your Password To Access This Resource</h3>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<toggle-password>
<label for="password-1">Password</label>
<input id="password=1" type="password" name="access_password" />
<label hidden>
<input toggle type="checkbox">
Show password
</label>
<p></p>
<input type="submit" name="Submit" value="Submit" />
</toggle-password>
</form>
</div>
<div style="width:800px; margin-left:auto; margin-right:auto;">
<fieldset>
<legend>
<b>End-User Agreement:</b>
</legend>
<ul>
<li>This resource is provided to the Tech-Geeks community in order to exchange resources and share the wealth.
<li>The end-user agrees not to share the common password with anyone outside the Tech-Geeks community.
<li>The end-user agrees not to abuse the system by posting commercial products intended to market company goods.
<li>The end-user agrees to self-manage any and all items posted. This includes deleting said items when the items are no longer available.
<li>The site administrator reserves the right to delete any items deemed in violation of the end-user agreement.
</ul>
</fieldset>
</div>
<script>
customElements.define('toggle-password', class extends HTMLElement {
constructor () {
// Get parent class properties
super();
// Define properties
this.passwords = this.querySelectorAll('[type="password"]');
this.trigger = this.querySelector('[toggle]');
if (!this.trigger) return;
this.type = this.trigger.tagName.toLowerCase();
this.visible = this.hasAttribute('visible');
this.handler = this.createHandler();
// Setup the UI
this.init();
}
/**
* Show hidden elements and add ARIA
*/
init () {
// Show hidden toggle
let hidden = this.trigger.closest('[hidden]');
if (hidden) {
hidden.removeAttribute('hidden');
}
// If toggle is a button, add aria-pressed
if (this.type === 'button') {
this.trigger.setAttribute('aria-pressed', this.visible);
this.trigger.setAttribute('type', 'button');
}
// If passwords should be visible, show them by default
if (this.visible) {
this.show();
}
}
/**
* Show passwords
*/
show () {
for (let pw of this.passwords) {
pw.type = 'text';
}
if (this.type === 'button') {
this.trigger.setAttribute('aria-pressed', true);
}
}
/**
* Hide password visibility
*/
hide () {
for (let pw of this.passwords) {
pw.type = 'password';
}
if (this.type === 'button') {
this.trigger.setAttribute('aria-pressed', false);
}
}
/**
* Toggle password visibility on or off
*/
toggle () {
let show = this.type === 'button' ? this.trigger.getAttribute('aria-pressed') === 'false' : this.trigger.checked;
if (show) {
this.show();
} else {
this.hide();
}
}
/**
* Create the event handler
* @return {Function} The event handler function
*/
createHandler () {
return (event) => {
this.toggle();
};
}
/**
* Start listening to clicks
*/
connectedCallback () {
this.trigger.addEventListener('click', this.handler);
}
/**
* Stop listening to clicks
*/
disconnectedCallback () {
this.trigger.removeEventListener('click', this.handler);
}
});
</script>
</body>
</html>
<?php
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
$_SESSION['password'] = $pass;
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
} else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
else {
// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>
wget 'https://lists2.roe3.org/swapshop/rss.php'<?php
header("Content-type: text/xml");
include_once("admin/config.php");
include_once('inc_dbcon.php');
require_once($languageFile);
?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
<title><?php echo $rss_title;?></title>
<link><?php echo $urlPath;?>/</link>
<description><?php echo $rss_description;?></description>
<language>en-us</language>
<pubDate>Tue, 10 Jun 2003 04:00:00 GMT</pubDate>
<lastBuildDate>Tue, 10 Jun 2003 09:41:01 GMT</lastBuildDate>
<docs><?php echo $urlPath;?>/rss.php</docs>
<generator>PHP</generator>
<managingEditor><?php echo $urlPath;?></managingEditor>
<webMaster><?php echo $urlPath;?></webMaster>
<?php
// check to see if in admin mode and validate key
global $keyOut;
$keyOut = "";
if (isset($_GET["k"]))
if($_GET["k"] == $key){ // Key comes from admin/password.php file
$keyOut = "&k=" . $key;
}
global $category;
$category = "%";
if (isset($_GET["category"]))
$category = $_GET["category"];
if (isset($_GET["msg"]))
$msg = $_GET["msg"];
$maxRows_Recordset1 = 100;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
$pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;
$query_Recordset1 = "SELECT postId,category,title,description,isAvailable,description,price,confirmPassword,category,imgURL,imgURLThumb,DATE_FORMAT(timeStamp,'%b %d, %Y %l:%i %p') AS timeStamp1 FROM md_postings WHERE isConfirmed = '1' AND category like '$category' ORDER BY `timeStamp` DESC";
$query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1);
$Recordset1 = mysqli_query($dbConn,$query_limit_Recordset1);
if (!$Recordset1){
print("It appears we have a problem: " . mysql_error());
exit();
}
$row_Recordset1 = mysqli_fetch_assoc($Recordset1);
if (isset($_GET['totalRows_Recordset1'])) {
$totalRows_Recordset1 = $_GET['totalRows_Recordset1'];
} else {
$all_Recordset1 = mysqli_query($dbConn,$query_Recordset1);
$totalRows_Recordset1 = mysqli_num_rows($all_Recordset1);
}
$totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1;
$queryString_Recordset1 = "";
if (!empty($_SERVER['QUERY_STRING'])) {
$params = explode("&", $_SERVER['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_Recordset1") == false &&
stristr($param, "totalRows_Recordset1") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_Recordset1 = "&" . htmlentities(implode("&", $newParams));
}
}
$queryString_Recordset1 = sprintf("&totalRows_Recordset1=%d%s", $totalRows_Recordset1, $queryString_Recordset1);
if($totalRows_Recordset1 < 1)
{
echo "<br />" . STR_NOITEMS;
} else {
do {
$type = $row_Recordset1['type'];
$isAvailable = $row_Recordset1['isAvailable'];
$isAvailableClass = ($isAvailable == 0) ? 'md_taken' : '';
print("<item> \n");
print(" <title>" . str_replace ( "&", "&", $row_Recordset1['title'] ). " - $" . $row_Recordset1['price'] . "</title> \n");
print(" <link>" . $urlPath . "/viewItem.php?id=" . $row_Recordset1['postId'] . "</link> \n");
print(" <description>" . str_replace ( "&", "&", $row_Recordset1['description']) . "</description> \n");
print(" <pubDate>" . $row_Recordset1['timeStamp1'] . "</pubDate> \n");
print("</item>\n ");
} while ($row_Recordset1 = mysqli_fetch_assoc($Recordset1));
} // end else clause
?>
</channel>
</rss>
<?php
mysqli_free_result($Recordset1);
mysqli_close($dbConn);
?>
wget 'https://lists2.roe3.org/swapshop/secure-test.php'<?php
/**
Securimage Test Script
Version 2.0 - 11/15/2009
Upload this PHP script to your web server and call it from the browser.
The script will tell you if you meet the requirements for running Securimage.
http://www.phpcaptcha.org
*/
if (isset($_GET['testimage']) && $_GET['testimage'] == '1') {
$im = imagecreate(290, 120);
$white = imagecolorallocate($im, 255, 255, 255);
$black = imagecolorallocate($im, 0, 0, 0);
$red = imagecolorallocate($im, 255, 0, 0);
$blue = imagecolorallocate($im, 0, 0, 255);
imagestring($im, 5, 45, 1, 'Securimage Will Work!!', $blue);
imagestring($im, 2, 5, 2, ':) :)', $red);
imagestring($im, 2, 255, 2, '(: (:', $red);
imagestring($im, 3, 5, 25, 'Can you see the ', $black);
imagestring($im, 3, 190, 25, 'word?*', $black);
imageline($im, 114, 38, 184, 38, $black);
$ba = (function_exists('imagecolorallocatealpha') ?
@imagecolorallocatealpha($im, 0, 0, 0, 80) :
null);
if ($ba != null) {
imagestring($im, 3, 115, 25, 'underlined', $ba);
}
imagestring($im, 3, 5, 45, '*If the word "underlined" is not visible', $black);
imagestring($im, 3, 5, 60, 'Securimage will work but you will not be', $black);
imagestring($im, 3, 5, 75, 'able to use transparent text in your', $black);
imagestring($im, 3, 5, 90, 'CAPTCHA image.', $black);
imagepng($im, null, 3);
exit;
}
function print_status($supported)
{
if ($supported) {
echo "<span style=\"color: #00f\">Yes!</span>";
} else {
echo "<span style=\"color: #f00; font-weight: bold\">No</span>";
}
}
?>
<html>
<head>
<title>Securimage Test Script</title>
</head>
<body>
<h2>Securimage Test Script</h2>
<p>
This script will test your PHP installation to see if Securimage will run on your server.
</p>
<ul>
<li>
<strong>PHP Version:</strong> <?php echo phpversion(); ?>
<li>
<strong>GD Support:</strong>
<?php print_status($gd_support = extension_loaded('gd')); ?>
</li>
<?php if ($gd_support) $gd_info = gd_info(); else $gd_info = array(); ?>
<?php if ($gd_support): ?>
<li>
<strong>GD Version:</strong>
<?php echo $gd_info['GD Version']; ?>
</li>
<?php endif; ?>
<li>
<strong>TTF Support (FreeType):</strong>
<?php print_status($gd_support && $gd_info['FreeType Support']); ?>
<?php if ($gd_support && $gd_info['FreeType Support'] == false): ?>
<br />No FreeType support. Cannot use TTF fonts, but you can use GD fonts
<?php endif; ?>
</li>
<li>
<strong>imagettfbbox() function:</strong>
<?php print_status($gd_support && function_exists('imagettfbbox')); ?>
<?php if ($gd_support && !function_exists('imagettfbbox')): ?>
<br />PHP function imagettfbbox is not supported. Font spacing will be estimated.
<?php endif; ?>
<li>
<strong>JPEG Support:</strong>
<?php print_status($gd_support && $gd_info['JPG Support']); ?>
</li>
<li>
<strong>PNG Support:</strong>
<?php print_status($gd_support && $gd_info['PNG Support']); ?>
</li>
<li>
<strong>GIF Read Support:</strong>
<?php print_status($gd_support && $gd_info['GIF Read Support']); ?>
</li>
<li>
<strong>GIF Create Support:</strong>
<?php print_status($gd_support && $gd_info['GIF Create Support']); ?>
</li>
</ul>
<?php if ($gd_support): ?>
Since you can see this...<br /><br />
<img src="<?php echo $_SERVER['PHP_SELF']; ?>?testimage=1" alt="Test Image" align="bottom" />
<?php else: ?>
Based on the requirements, you do not have what it takes to run Securimage :(
<?php endif; ?>
</body>
</html>
wget 'https://lists2.roe3.org/swapshop/viewItem.php'<?php
session_start();
// Capture user session if set
$user = isset($_SESSION["username"]) ? $_SESSION["username"] : "";
include_once("inc_dbcon.php");
include_once("./admin/config.php");
include_once($languageFile);
// check to see if in admin mode and validate key
$key = "fjmzryhbxwepqgnktdlcv";
global $keyOut;
$keyOut = "";
$adminMode = false;
if (isset($_GET["k"]) && $_GET["k"] === $key) {
$adminMode = true;
$keyOut = "&k=" . $key;
}
/* -----------------------
ADMIN ACTION HANDLER
----------------------- */
if ($adminMode && isset($_GET['a']) && isset($_GET['id'])) {
$postId = mysqli_real_escape_string($dbConn, $_GET['id']);
if ($_GET['a'] === 'delete') {
// Get image URL before deleting
$sql = "SELECT imgURL FROM md_postings WHERE postId='$postId' LIMIT 1";
$res = mysqli_query($dbConn, $sql);
$imgURL = "";
if ($res && mysqli_num_rows($res) > 0) {
$row = mysqli_fetch_assoc($res);
$imgURL = $row['imgURL'];
}
// Delete DB row
$sql = "DELETE FROM md_postings WHERE postId='$postId'";
if (mysqli_query($dbConn, $sql)) {
// Attempt to delete image file if it exists and is local
if (!empty($imgURL)) {
if (strpos($imgURL, 'http://') !== 0 && strpos($imgURL, 'https://') !== 0) {
$filePath = $_SERVER['DOCUMENT_ROOT'] . '/' . ltrim($imgURL, '/');
if (file_exists($filePath)) {
@unlink($filePath);
}
}
}
header("Location: index.php?msg=deleted" . $keyOut);
exit();
} else {
echo "Error deleting post: " . mysqli_error($dbConn);
exit();
}
} elseif ($_GET['a'] === 'deact') {
// Mark as taken (isAvailable = 0)
$sql = "UPDATE md_postings SET isAvailable=0 WHERE postId='$postId'";
if (mysqli_query($dbConn, $sql)) {
header("Location: viewItem.php?id=" . urlencode($postId) . "&msg=deactivated" . $keyOut);
exit();
} else {
echo "Error deactivating post: " . mysqli_error($dbConn);
exit();
}
}
}
/* -----------------------
NORMAL VIEW FLOW
----------------------- */
if (!isset($_GET["id"])) {
echo "This posting was not found. Please go back and try again.";
exit();
}
$postId = mysqli_real_escape_string($dbConn, $_GET["id"]);
$query = "SELECT *, DATE_FORMAT(timeStamp, '%b %d, %Y %l:%i %p') AS timeStamp
FROM md_postings WHERE postId='$postId'";
$result = mysqli_query($dbConn, $query);
if (!$result){
echo "Houston we have a problem: " . mysqli_error($dbConn);
exit();
}
while ($row = mysqli_fetch_assoc($result)) {
$title = stripslashes($row["title"]);
$description = stripslashes($row["description"]);
$price = trim($row["price"]);
$name = trim($row["name"]);
$city = trim($row["city"]);
$owner = trim($row["owner"]);
$imgURL = $row["imgURL"];
$ipAddress = $row["ip"];
$email = trim($row["email"]);
$cp = $row["confirmPassword"];
$currentCat = $row["category"];
if ($price == 0) {
$price = "Free";
} else {
$price = "$" . $price;
}
$timeStamp = $row["timeStamp"];
$isAvailable = $row["isAvailable"];
}
$msg = "";
if (isset($_GET["msg"])) {
$msg = mysqli_real_escape_string($dbConn, $_GET["msg"]);
}
if ($isAvailable == 0) {
$msg = STR_NOLONGERAVAILABLE;
}
if ($name == "") {
$name = "<span class='md_help'>" . STR_UNDISCLOSED . "</span>\n";
}
$photo = "";
if ($imgURL != "") {
$photo = "<img src='" . htmlspecialchars($imgURL, ENT_QUOTES, 'UTF-8') . "' class='md_photo'>";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo htmlspecialchars($title, ENT_QUOTES, 'UTF-8'); ?></title>
<script src="https://code.jquery.com/jquery-3.7.1.min.js"
integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo="
crossorigin="anonymous"></script>
<script type="text/javascript">
function emailPerson() { $("#md_emailBox").toggle("fast"); }
function myposttoggle() { $("#myPost").toggle("fast"); }
function show(lyr){
let el = document.getElementById(lyr);
el.style.display = (el.style.display === "none") ? "" : "none";
}
function md_validateForm(){
let d = document.form1;
let e = false; // no errors by default
if(d.md_message.value === ''){
d.md_message.className = 'md_errorField';
d.md_message.focus();
document.getElementById('md_messageLabel').className = 'md_errorText';
e = true;
}
if ((d.email2.value.indexOf(".") > 2) && (d.email2.value.indexOf("@") > 0)){
// it looks like an email address
} else {
d.email2.className = 'md_errorField';
d.email2.focus();
document.getElementById('md_email2Label').className = 'md_errorText';
e = true;
}
if(!e) document.form1.submit();
}
</script>
<link href="md_style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<span style="color:#808080;font-family: Calibri, sans-serif; font-size: 0.8em;">
<?php
echo "User: " . htmlspecialchars($user, ENT_QUOTES, 'UTF-8') . "<br>";
?>
</span>
<?php
include_once("inc_banner.php");
include_once("inc_navigation.php");
?>
<div id="md_container">
<div id="md_content">
<?php if ($msg != "") {
if ($msg == "deactivated") $msg = STR_MESSAGEDEACTIVATED;
if ($msg == "activated") $msg = STR_MESSAGEACTIVATED;
if ($msg == "messageSent") $msg = STR_MESSAGESENT;
echo "<br clear='all'><div class='md_msg'>$msg</div>";
}
?>
<br clear="all" />
<div class="md_itemTitle">
<?php echo htmlspecialchars($title, ENT_QUOTES, 'UTF-8'); ?> —
<?php echo $price; ?>
</div>
<?php if ($adminMode){ ?>
<script type="text/javascript">
function adminAction(val){
window.location.href = "viewItem.php?a=" + val +
"&cp=<?php echo $cp; ?>" +
"&k=<?php echo $_GET['k']; ?>" +
"&id=<?php echo $postId; ?>";
}
</script>
<div class="md_admin" style="display:inline; float:right;">
<b>Admin Only:</b>
<ul>
<li><a href="javascript:adminAction('delete');"
title="This will delete the item, but not any photos, you'll have to clean that up on the server">
<?php echo STR_DELETEPOST; ?></a>
<li><a href="javascript:adminAction('deact');"
title='Will not delete, but show others that things are getting taken... and activity'>
<?php echo STR_MARKASTAKEN; ?></a>
</ul>
</div>
<?php } ?>
<div id='md_fromDate' class="md_itemTitleSub">
<div style="float:right; display:inline">
<a href='javascript:myposttoggle()'><?php echo STR_THISISMYPOSTING; ?></a>
<img src="images/icn_arrow_down.gif" border="0" align="absmiddle" width="9" height="5" alt="Open" />
</div>
<span class='md_labelViewItem'><?php echo STR_FROM; ?></span> <?php echo $name; ?>
<span class='md_divider'> | </span>
<span class='md_labelViewItem'><?php echo STR_CITY2; ?></span> <?php echo $city; ?>
<span class='md_divider'> | </span>
<span class='md_labelViewItem'><?php echo STR_POSTED; ?></span> <?php echo $timeStamp; ?>
<?php if ($adminMode){ ?>
<span class='md_divider'> | </span>
<span class='md_labelViewItem' style="color:maroon"><?php echo STR_IPADDRESS . " " . $ipAddress; ?></span>
<span class='md_divider'> | </span>
<span class='md_labelViewItem' style="color:maroon"><?php echo STR_EMAIL; ?> <?php echo $email; ?></span>
<?php } ?>
</div>
<?php if($owner === $user) { ?>
<div id='myPost' class="thisismypost">
<form name='form2' action='controller.php' method="post">
If and only if this is your post, and you need to mark this as taken or delete it,
we can send you a reminder email with links to do this.<br /><br />
<b>Please do not abuse this system.</b><br><br>
<a class="button" id="myPost" href="#" onclick="document.form2.submit();"><span>Send Email Reminder</span></a>
<input type='hidden' name='postId' value='<?php echo $postId; ?>'>
<input type='hidden' name='op' value='emailReminder'>
<a href='javascript:myposttoggle()' id="mypostclose">Cancel</a>
</form>
</div>
<?php } ?>
<div id="md_viewItemContent">
<?php echo nl2br($description); ?><br clear="all">
<?php echo $photo; ?>
</div>
<?php
// Only show emailing form if the item is available
if ($isAvailable == 1) { ?>
<br><br>
<a class="button" id="emailPerson" href="javascript:emailPerson()" onclick="this.blur();">
<span><?php echo STR_EMAILTHISPERSON; ?>
<img src="images/icn_arrow_down.gif" border="0" align="absmiddle" width="9" height="5" alt="Open" /></span></a>
<div id="md_emailBox" style="display:none">
<form action="controller.php" method="post" name="form1" id="form1" class='md_form' style="display:inline">
<table border="0" cellpadding="2" cellspacing="0">
<tr>
<td><?php echo STR_YOURNAME; ?><br />
<input name="name" type="text" id="name" size="20" />
</td>
<td> </td>
<td><span id="md_email2Label"><?php echo STR_YOURMAIL; ?></span><br />
<input name="Email" type="text" id="md_email" size="40" maxlength="90" />
<input name="email2" type="text" id="md_email2" size="40" />
</td>
</tr>
</table>
<div> <br />
<span id="md_messageLabel"><?php echo STR_YOURMESSAGE; ?></span></div>
<textarea name="md_message" cols="60" rows="6" id="md_message" style="width:96%"></textarea>
<input type="hidden" name="postId" id="postId" value="<?php echo $postId; ?>" />
<input type="hidden" name="title" value="<?php echo htmlspecialchars($title, ENT_QUOTES, 'UTF-8'); ?>" />
<input name="op" type="hidden" value="email" />
<p>
<table>
<tr>
<td align="right" valign="top">
<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" />
</td>
<td align="left" valign="middle">
Type the characters appearing at left in the textbox below:<br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">
Reload Image</a>
</td>
</tr>
</table><br>
<a class="button" id="Submit" href="#" onclick="md_validateForm();this.blur();">
<span><?php echo STR_SENDEMAIL; ?></span></a>
<br />
</p>
</form>
</div>
<?php } ?>
</div>
</div>
<br /><br />
<?php include_once("inc_footer.php"); ?>
</body>
</html>
<?php
mysqli_free_result($result);
mysqli_close($dbConn);
?>
wget 'https://lists2.roe3.org/swapshop/viewItem.php.bak'<?php
session_start();
if (isset($_SESSION["username"])) {
$user = $_SESSION["username"];
}
include_once("inc_dbcon.php");
include_once('./admin/config.php');
include_once($languageFile);
// check to see if in admin mode and validate key
$key = "fjmzryhbxwepqgnktdlcv";
global $keyOut;
$keyOut = "";
$adminMode = false;
if (isset($_GET["k"]))
if($_GET["k"] == $key) { // Key comes from admin/password.php file
$adminMode = true;
$keyOut = "&k=" . $key;
}
if (!isset($_GET["id"])) {
print("This posting was not found. Please go back and try again.");
exit();
}
$postId = mysqli_real_escape_string($dbConn,$_GET["id"]);
$result = mysqli_query($dbConn,"SELECT *,DATE_FORMAT(timeStamp,'%b %d, %Y %l:%i %p') AS timeStamp FROM md_postings WHERE postId='$postId'");
if (!$result){
print("Houston we have a problem: " . mysqli_error());
exit();
}
while ($row = mysqli_fetch_array($result)){
$title = stripslashes($row["title"]);
$description = stripslashes($row["description"]);
$price = trim($row["price"]);
$name = trim($row["name"]);
$city = trim($row["city"]);
$owner = trim($row["owner"]);
$imgURL = $row["imgURL"];
$ipAddress = $row["ip"];
$email = trim($row["email"]);
$cp = $row["confirmPassword"];
$currentCat = $row["category"]; // This is the current category used in navigation.
if ($price == 0)
$price = "Free";
else
$price = "$" . $price;
$timeStamp = $row["timeStamp"];
$isAvailable = $row["isAvailable"];
}
$msg = "";
if (isset($_GET["msg"]))
$msg = mysqli_real_escape_string($dbConn,$_GET["msg"]);
if ($isAvailable == 0 )
$msg = STR_NOLONGERAVAILABLE;
if ($name == "")
$name = "<span class='md_help'>" . STR_UNDISCLOSED . "</span>\n";
$photo = "";
if ($imgURL != "")
$photo = "<img src='$imgURL' class='md_photo'>";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $title; ?></title>
<script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
<script language="JavaScript" type="text/JavaScript">
$(document).ready(function() {
});
function emailPerson() {$("#md_emailBox").toggle("fast");}
function myposttoggle() {$("#myPost").toggle("fast");}
</script>
<script language="JavaScript" type="text/JavaScript">
function show(lyr){
d = document.getElementById(lyr).style.display
if (d == "none")
document.getElementById(lyr).style.display = ""
else
document.getElementById(lyr).style.display = "none"
}
function md_validateForm(){
d = document.form1
e = false // no erros by default
if(d.md_message.value == ''){
d.md_message.className = 'md_errorField';
d.md_message.focus();
document.getElementById('md_messageLabel').className = 'md_errorText';
e=true;
}
if ((d.email2.value.indexOf(".") > 2) && (d.email2.value.indexOf("@") > 0)){
// it looks like an email address
} else {
d.md_email2.className = 'md_errorField';
d.md_email2.focus();
document.getElementById('md_email2Label').className = 'md_errorText';
e=true;
}
if(!e)
document.form1.submit()
}
</script>
<link href="md_style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<span style="color:#808080;font-family: Calibri, sans-serif; font-size: 0.8em;">
<?php
echo "User: ".$user."<br>";
?>
</span>
<?php
include_once("inc_banner.php");
include_once("inc_navigation.php");
?>
<div id="md_container">
<div id="md_content">
<?php if ($msg != "") { // If there is a message, display it
if ($msg == "deactivated"){
$msg = STR_MESSAGEDEACTIVATED;
}
if ($msg == "activated"){
$msg = STR_MESSAGEACTIVATED;
}
if ($msg == "messageSent"){
$msg = STR_MESSAGESENT;
}
print("<br clear='all'><div class='md_msg'>$msg</div>");
}
?>
<br clear="all" />
<div class="md_itemTitle">
<?php echo $title; ?> —
<?php echo $price; ?>
</div>
<?php if ($adminMode){ ?>
<script language="JavaScript">
function adminAction(val){
window.location.href = "viewItem.php?a=" + val + "&cp=<?php echo $cp; ?>&k=<?php echo $_GET['k']; ?>"
}
</script>
<div class="md_admin" style="display:inline; float:right;">
<b>Admin Only:</b>
<ul>
<li><a href="javascript:adminAction('delete');" title="This will delete the item, but not any photos, you'll have to clean that up on the server"><?php echo STR_DELETEPOST; ?></a>
<li><a href="javascript:adminAction('deact');" title='Will not delete, but show others that things are getting taken... and activity'><?php echo STR_MARKASTAKEN; ?></a>
</ul>
</div>
<?php } ?>
<div id='md_fromDate' class="md_itemTitleSub">
<div style="float:right; display:inline">
<a href='javascript:myposttoggle()'><?php echo STR_THISISMYPOSTING; ?></a> <img src="images/icn_arrow_down.gif" border="0" align="absmiddle" width="9" height="5" alt="Open" />
</div>
<span class='md_labelViewItem'><?php echo STR_FROM; ?></span> <?php echo $name; ?> <span class='md_divider'> | </span>
<span class='md_labelViewItem'><?php echo STR_CITY2; ?></span> <?php echo $city; ?> <span class='md_divider'> | </span>
<span class='md_labelViewItem'><?php echo STR_POSTED; ?></span> <?php echo $timeStamp; ?>
<?php if ($adminMode){ ?>
<span class='md_divider'> | </span>
<span class='md_labelViewItem' style="color:maroon"><?php echo STR_IPADDRESS . " " . $ipAddress; ?></span>
<span class='md_divider'> | </span>
<span class='md_labelViewItem' style="color:maroon"><?php echo STR_EMAIL; ?> <?php echo $email; ?></span>
<?php } ?>
</div>
<!-- this is my posting box -->
<?php if($owner == $user) { ?>
<div id='myPost' class="thisismypost">
<form name='form2' action='controller.php' method="post">
If and only if this is your post, and you need to mark this as taken or delete it, we can send you a reminder email with links to do this.<br /><br />
<b>Please do not abuse this system.</b><br><br>
<a class="button" id="myPost" href="#" onclick="document.form2.submit();"><span>Send Email Reminder</span></a>
<input type='hidden' name='postId' value='<?php echo $postId; ?>'>
<input type='hidden' name='op' value='emailReminder'>
<a href='javascript:myposttoggle()' id="mypostclose">Cancel</a>
</form>
</div>
<?php } ?>
<div id="md_viewItemContent">
<?php print (nl2br($description)); ?><br clear="all">
<?php echo $photo; ?>
</div>
<?php
// Only show emailing form if the item is available
if ($isAvailable == 1) { ?>
<br><br>
<a class="button" id="emailPerson" href="javascript:emailPerson()" onclick="this.blur();"><span><?php echo STR_EMAILTHISPERSON; ?> <img src="images/icn_arrow_down.gif" border="0" align="absmiddle" width="9" height="5" alt="Open" /></span></a>
<div id="md_emailBox" style="display:none">
<form action="controller.php" method="post" name="form1" id="form1" class='md_form' style="display:inline">
<table border="0" cellpadding="2" cellspacing="0">
<tr>
<td><?php echo STR_YOURNAME; ?><br />
<input name="name" type="text" id="name" size="20" />
</td>
<td> </td>
<td><span id="md_email2Label"><?php echo STR_YOURMAIL; ?></span><br />
<input name="Email" type="text" id="md_email" size="40" maxlength="90" />
<input name="email2" type="text" id="md_email2" size="40" />
</td>
</tr>
</table>
<div> <br />
<span id="md_messageLabel"><?php echo STR_YOURMESSAGE; ?></span></div>
<textarea name="md_message" cols="60" rows="6" id="md_message" style="width:96%"></textarea>
<input type="hidden" name="postId" id="postId" value="<?php echo $postId; ?>" />
<input type="hidden" name="title" value="<?php echo $title; ?>" />
<input name="op" type="hidden" value="email" />
<p>
<table>
<tr>
<td align="right" valign="top">
<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" />
</td>
<td align="left" valign="middle">
Type the characters appearing at left in the textbox below:<br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">
Reload Image</a>
</td>
</tr>
</table><br>
<a class="button" id="Submit" href="#" onclick="md_validateForm();this.blur();"><span><?php echo STR_SENDEMAIL; ?></span></a>
<br />
</p>
</form>
</div>
<?php } ?>
</div>
</div>
<br /><br />
<?php include_once("inc_footer.php");?>
</body>
</html>
<?php
mysqli_free_result($result);
mysqli_close($dbConn);
?>