WCDDL Whitelist Request

[jomasaco]

Today i did an new module to request whitelist for wcddl.
Cuz are a lack of good coders in warezcoders i hope find here some advise.
im not an very good coder so before release this are always better some help
V1.2

Credits:
JMZ and warezcoders team by create the WCDDL
http://www.besthostingforums.com/member.php?u=2851 Hx by provide there site Warezscene.net to develop
to humour who start this code on other topic
http://www.besthostingforums.com/member.php?u=5806
And to all members who give suggestions to improve, thanks.


the code

PHP Code: 

 <?php
    /*BEGIN_INFO
    Request to be in whitelist!<br>
    by jomasaco.
    END_INFO*/

    /* mysql_query("CREATE TABLE wcddl_wait (
`cemail` VARCHAR( 255 ) NOT NULL ,
`surl` VARCHAR( 255 ) NOT NULL ,
`email` VARCHAR( 255 ) NOT NULL ,
`title1` VARCHAR( 255 ) NOT NULL ,
`title2` VARCHAR( 255 ) NOT NULL ,
`title3` VARCHAR( 255 ) NOT NULL ,
`url1` VARCHAR( 255 ) NOT NULL ,
`url2` VARCHAR( 255 ) NOT NULL ,
`url3` VARCHAR( 255 ) NOT NULL ,
`type1` VARCHAR( 10 ) NOT NULL ,
`type2` VARCHAR( 10 ) NOT NULL ,
`type3` VARCHAR( 10 ) NOT NULL
)");
    */
    if(!defined("WCDDL_GUTS"))
       exit;
       $modEnabled = true; //Change to false if don't use
    if($modEnabled) {
        $ururl = "katzddl.in";
         
function linkback($link, $ururl)  
{  
    $ch = curl_init($link);  
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
    curl_setopt($ch, CURLOPT_HEADER, 0);  
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);  
    curl_setopt($ch, CURLOPT_USERAGENT, 'Opera/9.80 (Windows NT 5.1; U; en) Presto/2.7.62 Version/11.01');  
    $page = curl_exec($ch);  
    curl_close($ch); 
    if (stripos($page,$ururl)===false) {
      return false; 
    }
    else
    { 
      return true;
    }
}

function sendemail($surl, $cemail, $edited) {
    global $core;
$from = $core->adminemail;
$from_name = $core->sitename;
// subject
// message
if(!empty($edited)) {
    $message = $edited;
    $subject = $surl.' Rejected';
}
else
{
    $subject = $surl.' Whitelisted';
$message = 'Hi, your site http://'.$surl.' are whitelisted
from now on the pages of your site will be accepted.
Submit page
 '.$core->siteurl.'submit.php
 Can also check your downloads here
 '.$core->siteurl.'site/'.$surl.'
 Thanks.';
}
// Mail it
$headers = 'From: '.$from.'' . "\r\n" .
    'Reply-To: '.$from.'' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();
$mail_sent = @mail($cemail, $subject, $message, $headers);
echo $mail_sent ? '<br />Mail sent '.$cemail.'' : 'Mail failed '.$cemail; 
}


if(isset($_POST['siteurl']) && !empty($_POST['siteurl']))
{
//jomasaco's code
$siteurl = $_POST['siteurl']; //need be in http
$cmail = $_POST['cemail'];
$email = $_POST['email'];
$titles = $_POST['title'];
$urls = $_POST['url'];
$types = $_POST['type'];
for($i=0;$i<=count($titles)-1;$i++) {
 if(empty($titles[$i]) || empty($urls[$i]) || empty($types[$i]) && (!in_array(strtolower($types[$i]),$core->allowed_types) || !in_array($types[$i],$core->allowed_types))) {
    $htmlsaida = '<br />Must Provide the samples '.($i + 1);
}      
}
$surl = $siteurl;
if(!filter_var($cmail, FILTER_VALIDATE_EMAIL)) {
    $htmlsaida .= '<br />Error: Contact email isn\'t valid. '.$cmail;
}
if(!filter_var($surl, FILTER_VALIDATE_URL)) {
    $htmlsaida .= '<br />Error: Site Url isn\'t valid. '.$surl;
}
$surl = $core->purl(str_ireplace("www.","",$surl),"host"); //remove spaces split the url 
$ipAddress = gethostbyname($surl);
if($ipAddress === $surl) {
    $htmlsaida .= '<br />Error: Invalid Domain. '.$siteurl;
  }
//jomasaco's code
if(empty($htmlsaida))
{
$x = mysql_query("select url from wcddl_whitelist where url = '".mysql_real_escape_string($surl)."' UNION
select url from wcddl_blacklist where url = '".mysql_real_escape_string($surl)."' UNION
select surl from wcddl_wait where surl = '".mysql_real_escape_string($surl)."'") or die('Can\'t Check this site: '.mysql_error());
$x = mysql_num_rows($x);
if ($x != 0) 
{
  $htmlsaida .= 'SORRY.<br/>'.$siteurl.'<br />Applied for/or in Whitelist or in Blacklist.
  <br /> Contact the Admin.';
}

elseif($x < 1)
{
  //curl_part to retrieve content from the said sitename & chk for link back 
 if(linkback($siteurl,$ururl)==true)
  {
    $add = mysql_query("INSERT INTO wcddl_wait (cemail, surl, email, title1, title2, title3, url1, url2, url3, type1, type2, type3) 
    VALUES ('".mysql_real_escape_string($cmail)."','".mysql_real_escape_string($surl)."','".mysql_real_escape_string($email)."',
    '".mysql_real_escape_string($titles[0])."','".mysql_real_escape_string($titles[1])."','".mysql_real_escape_string($titles[2])."'
    ,'".mysql_real_escape_string($urls[0])."','".mysql_real_escape_string($urls[1])."','".mysql_real_escape_string($urls[2])."'
    ,'".mysql_real_escape_string($types[0])."','".mysql_real_escape_string($types[1])."','".mysql_real_escape_string($types[2])."')");
    $htmlsaida .= "Thanks, your site will be review soon and added to whitelist.";
    if (!$add) {
    $htmlsaida .= 'An error ocures when add the site<br />Contact the admin send this info:<br /> ' . mysql_error();
}
  }
  else
  {
    $htmlsaida .= 'No Link Back';
  }
}
}
}  //end if isset
else //Show the form
{
    $htmlsaida .= '
    <form action="'.$_SERVER['PHP_SELF'].'" method="post">
     <table width="100%" border="0">
     <tr><td COLSPAN=3>Contact Email:(<small>Must be an valid email</small>) <input type="text" name="cemail" /></td></tr>
     <tr><th COLSPAN=3>Provide some Sample of Downloads</th></tr>
     <tr><td><small>Title</small></td><td><small>URL</small></td><td><small>Type</small></td></tr>';
     for($i=1;$i<=3;$i++) {
                
     $htmlsaida .= '<tr><td><small>Sample '.$i.'</small> <input type="text" name="title[]" /></td><td><input type="text" name="url[]" /></td><td><select name="type[]">';
                
                foreach($core->allowed_types as $at) {
                    $htmlsaida .= '<option value="'.$at.'">'.$at.'</option>';
                }
              $htmlsaida .=  '</select></td></tr>';
                }
    $htmlsaida .= ' <tr><td><small>Site Name</small></td><td><small>Email</small></td><td><small>Site URL</small></td></tr>
                <tr><td><input type="text" name="sname" /></td><td><input type="text" name="email" /></td><td><input type="text" name="siteurl" /></td></tr>                
                <tr><td colspan="3" align="center"><input class="button" type="submit" name="submit"/></td></tr>
                </table>
                </form>';
     $getlastsites = mysql_query("SELECT surl from wcddl_wait");
     $a = mysql_num_rows($getlastsites);
     if($a != 0) {
     $htmlsaida .= '<br /> Sites waiting to be Checked/Add
    <br />';
     while($getlast = mysql_fetch_assoc($getlastsites)) {
    $htmlsaida .= 'http://'.$getlast['surl'];
    }
}
mysql_free_result($getlastsites);
}//end show form
/* entire credits to humour
http://www.besthostingforums.com/member.php?u=5806 */
$core->setTemplateVar("requestwhitelist", $htmlsaida);


//ADMIN AREA
$add = array('waitsites' => "Sites Waiting",);
$core->admin_links = array_merge($core->admin_links, $add);

function waitsites() {
    global $core,$surl,$email;
    $defaultext = 'Type your email message here.';
$getlastsites = mysql_query("SELECT * from wcddl_wait limit 0,1");
     $a = mysql_num_rows($getlastsites);
     if($a != 0) {
     $htmlsaida = '<br /> Sites waiting to be Checked/Add<br />
     <form action="" method="post"><table width="100%" border="1">';   
     while($getlast = mysql_fetch_assoc($getlastsites)) {
         //check for HTML Hack
                    foreach($getlast as $key => $check) {
                    if($check != strip_tags($check) || $check != stripslashes($check)) {
                         $check = strip_tags($check);
                         $check = stripslashes($check);                    
                    $hack .= '<br /><font color="#ff0000">CHECK THIS OUT FOUND HACK </font> '.$key;
                    }
                    if(preg_match('/[&?]sid=[^&]{32}+/',$check) || preg_match('/\bs=[0-9a-z]{32}&\b/i' , $check)) {
                        $hack .= '<br /><font color="#ff8000">Found an Session on url</font>. '.$key;
                    }
                }
                
        //END check Hack                
    $htmlsaida .= $hack.'
    
    <tr><td colspan=3>Site Url: <a href="http://'.$getlast['surl'].'" target="_blank">http://'.$getlast['surl'].'</a> <input type="checkbox" name="surl" value="'.$getlast['surl'].'" /></td></tr>
    <tr><td colspan=3>Contact email:<input type="hidden" name="email" value="'.$getlast['cemail'].'"/> '.$getlast['cemail'].'</td></tr>
    <tr><th colspan="3" align="center">Samples</th></tr>
    <tr><th>Titles</th><th>Urls</th><th>Type</th></tr>    
    <tr><td>'.$getlast['title1'].'</td><td><a href="'.$getlast['url1'].'" target="_blank">'.$getlast['url1'].'</a></td><td>'.$getlast['type1'].'</td></tr>
    <tr><td>'.$getlast['title2'].'</td><td><a href="'.$getlast['url2'].'" target="_blank">'.$getlast['url2'].'</a></td><td>'.$getlast['type2'].'</td></tr>
    <tr><td>'.$getlast['title3'].'</td><td><a href="'.$getlast['url3'].'" target="_blank">'.$getlast['url3'].'</a></td><td>'.$getlast['type3'].'</td></tr>
    <tr></tr>
    ';
    }
    $htmlsaida .= '<tr><td colspan="3" align="center"><textarea rows="10" cols="50" name="edited">'.$defaultext.'</textarea></td></tr>
    <tr><td colspan="3" align="center">';
    if(!$hack)$htmlsaida .= '<input class="button" type="submit" name="Accept" value="Accept '.$getlast['surl'].'"/>';
    $htmlsaida .= '<input class="button" type="submit" name="Reject" value="Reject '.$getlast['surl'].'"/></td></tr>
    </table>
    </form>';
    unset($hack);
}
else 
{
$htmlsaida = 'NO SITES TO MANAGE';    
}
$accept = $_POST['Accept'];
$reject = $_POST['Reject'];
$surl = $_POST['surl'];
$email= $_POST['email'];
$edited = $_POST['edited'];
if(isset($accept) && !empty($surl))
{
$add = mysql_query("INSERT INTO wcddl_whitelist (url,email,dat) VALUES ('".mysql_real_escape_string($surl)."','".mysql_real_escape_string($email)."','".time()."')");
     if($add) {
            $removed = mysql_query("DELETE from wcddl_wait where surl= '".mysql_real_escape_string($surl)."'");
if($removed)
{
    sendemail($surl,$email,$edited="");
    $htmlsaida = '<br />'.$surl.' Removed';
}
else
{
    $htmlsaida = 'Don\'t now whay but fail to remove the '.$surl;
}
$htmlsaida .= '<br/>'.$surl.' Added to whitelist';
}
else
{
    $htmlsaida = 'Don\'t now whay but fail when add the '.$surl;
}
} //end accept
if(isset($reject) && !empty($surl)) {
         
        $remove = mysql_query("DELETE from wcddl_wait where surl= '".mysql_real_escape_string($surl)."'");
if(!$remove) {
$htmlsaida = '<b>Don\'t now whay but fail to remove the</b> '.$surl;
  }
else
{
     $htmlsaida = '<br />'.$surl.' Removed from wait list.<br />';
     if(!empty($edited) && ($edited != $defaultext)) {
     sendemail($surl,$email,$edited);
    }
    }
    }  //End Reject
 
elseif(isset($reject) || isset($accept) && empty($surl))
{
    $htmlsaida = 'For security reasons must check the box after the Site Url';
}
    
echo $htmlsaida;
}
if($_GET['go']=='waitsites') $core->attachHook("adminFunctions","waitsites");
//END ADMIN AREA
    }// end module enable
?>

And Some images

jomasaco Reviewed by jomasaco on 18th Apr 2011. WCDDL Whitelist Request Today i did an new module to request whitelist for wcddl. Cuz are a lack of good coders in warezcoders i hope find here some advise. im not an very good coder so before release this are always better some help ;) V1.2 Credits: JMZ and warezcoders team by create the WCDDL http://www.besthostingforums.com/member.php?u=2851 Hx by provide there site Warezscene.net to develop to humour who start this code on other topic http://www.besthostingforums.com/member.php?u=5806 Rating: 5

[EW-Team]

Cool dude

this is very nice mod and thnx for this it now working on my site very good whit help of jomasaco and here beer nice work dude

[Mr Happy]

Some ideas.

When a admin goes through the list and if he rejects a site then the site is just removed from the wcddl_wait but no email message or anything is sent to the Webmaster. No record is made anywhere so your just going to have that webmaster return and request to be whitelisted again and again.

Maybe you could add another column (int) 1 where 1 is processed and the site was rejected and 0 (the default) is still to be processed. That way if a Webmaster returns and tries to get whitelisted again they can be told that they are rejected. Other alternative is to have the code update the blacklist with a rejected reason. That means you'll have to add an extra input field in the form in the Webmaster area to give a reason.

I don't understand the reason behind this line:
$htmlsaida = 'For security reasons must check the box after the Site Url';
Why are you making them check the box? Can't you just add it as a hidden input like the email?

For safety you should also validate the email and surl again in the Admin area. If someone were to gain access to the admin area they could gain access to the server. Always validate everything everywhere.

You have the line where it's added to the whitelist commented out. I'm guessing that was for testing. You'll need to uncomment it now or else it won't work for people.

No reason for `type1` to be TEXT. It can be VARCHAR( 10 ) NOT NULL like the other type2 and type3.

You could expand on this a lot more but it's a good start.

[CyberAff]

yes i agree with mr happy

[Mr Happy]

Course you do CyberAff.


I also don't like how all your doing is mysql_real_escape_string the titles and urls. You may as well htmlentities and strip tags or do some regex checks on them too.

[StarTech Hosting]

looking good, with the improvements Mr Happy recommended this would be really great mod. But is a great start will try it out

[jomasaco]

suggestions received and accepted.
Most of these small mistakes I had already fixed. like this
Checked / Add '. $ a.' <br /> ';


the option of sending an email had also done, exept for the rejected, I will add a textbox to when it rejects, is the message of the email, keep a record status1, 2.3 I think not, if abuse of luck blacklist .

The send samples have not touched, it will be an indicator that knows the rules if do mistakes they will be there.

the query's cuz are open source the base are only url and i don't remember whow i did almost the others mods to dat (time,date,timestamp) so they find that.

[jomasaco]

V1.1

some polish, and the option to send personal email when reject.

[r0ck]

looking good

[gtaclub]

I got an error....

Must Provide the samples 1
Must Provide the samples 2
Must Provide the samples 3

How to fix it..? ...