if (isset($_POST["profile"])) {
$q = NULL;
$name = strclean($_POST["name"]);
$loc = strclean($_POST["loc"]);
$bio = _hstr_($_POST["bio"], false);
$web = urlencode($_POST["web"]);
$work = strclean($_POST["work"]);
$edu = strclean($_POST["edu"]);
$bday = $_POST["bday"];
$sex = intval($_POST["sex"]);
// if(!preg_match('-(\d{2})/(\d{2})/(\d{4})-',$bday))
// {
// exit("<div $style>Your birthday should be in this format {MM/DD/YYYY}</div>");
// }
$status = strclean($_POST["status"]);
$status2 = $status == 4 ? _hstr_($_POST["status_"], 2) : "";
list($img1, $img2, $img3) = explode("____", $_POST["imgs"]);
$img = $_FILES["upl"]["tmp_name"];
if (is_uploaded_file($img)) {
$mdir = "{$pth}/profile_pic/";
$_50x50 = upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 70, 70, $mdir);
$_150x150 = upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 150, 150, $mdir);
$_400x400 = upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 500, 500, $mdir);
$_50x50 = str_replace($pth, "", $_50x50);
$_150x150 = str_replace($pth, "", $_150x150);
$_400x400 = str_replace($pth, "", $_400x400);
if ($_50x50 && $_150x150 && $_400x400) {
$q = mysqli_query($conc, "SELECT img1,img2,img3 FROM users WHERE id={$uid}");
$r = NULL;
$r = mysqli_fetch_array($q);
if (!stristr($r[0], "/img/")) {
exit("<div {$style}>Successfully updated {$name}</div>");
} else {
exit("<div {$style}>Error updating {$name}</div>");
}
}
if (isset($_POST["add"])) {
$img = $_FILES["upl"]["tmp_name"];
$video = $_FILES["vid"]["tmp_name"];
if (is_uploaded_file($video) && preg_match('/mp4|avi|mpeg|3gp|mkv|flv|mov/', extension($_FILES["vid"]["name"]))) {
$_300x300 = is_uploaded_file($img) ? upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 300, 300) : DEF_VID_IMG;
$vid = md5($video . " " . date("U")) . rand(0, 9) . extension($_FILES["vid"]["name"]);
if ($_300x300 && copy($video, "../video/{$vid}")) {
$name = strclean($_POST["name"]);
$name = strlen($name) < 2 ? $_SESSION["user"] . "'s video " . rand(10, 999) : $name;
$name = _hstr_($name, false);
$info = _hstr_($_POST["info"], false);
$q = $con->insertInto("videos", array($user, $name, $info, $_300x300, $vid, 1, date("U"), 0));
if ($q) {
$q = mysqli_query($conc, "SELECT id FROM videos WHERE user = '******' AND name = '{$name}' AND vid = '{$vid}'");
$r = mysqli_fetch_array($q);
$q = $con->insertInto("hist", array(6, 0, $user, $name . "::__::__::" . $r[0], date("U")));
$q = NULL;
$con->close_db_con($conc);
exit("<div {$style}>{$name} has been successfully added.</div>");
} else {
if (is_file("../prev/" . $_300x300) && strstr($_300x300, DEF_VID_IMG) < 0) {
unlink("../prev/" . $_300x300);
}
if (is_file("../video/{$vid}")) {
unlink("../video/{$vid}");
}
<?php
include "../scripts/db.php";
$con = new db();
$conc = $con->c();
header("Content-Type: text/xml");
$user = md5($_POST["user"]);
echo "<?xml version='1.0' encoding='utf-8' ?><bubble uid='{$user}'>";
$action = $_POST["action"];
$p = sha1($_POST["p"]);
$id = $_POST["id"];
$time = $_POST["time"];
$msg = _hstr_(strclean($_POST["msg"]), false);
switch ($action) {
case 1:
$q = mysqli_query($conc, "SELECT * FROM `users` WHERE `em` = '{$user}' AND `pass` = '{$p}' ");
$r = mysqli_fetch_assoc($q);
if (mysqli_num_rows($q) == 1) {
echo "<name>" . $r["fname"] . " " . $r["lname"] . "</name>";
echo "<img>" . str_replace("../", "http://localhost/bubble/", $r["img_m"]) . "</img>";
} else {
echo "<error>Invalid Credentials</error>";
}
break;
case 2:
$q = mysqli_query($conc, "SELECT `email`,`femail`,`id` FROM `pals` WHERE `email` = '{$user}' OR `femail` = '{$user}' ");
$q2 = mysqli_query($conc, "UPDATE `chat_online` SET `time` = " . date("U") . " WHERE `email` = '{$user}'");
while ($r = mysqli_fetch_array($q)) {
$em = $r[0] == $user ? $r[1] : $r[0];
$tm = date("U") - 60 * 10;
$q2 = mysqli_query($conc, "SELECT `email` FROM `chat_online` WHERE `email` = '{$em}' AND `time` > {$tm}");
<?php
session_start();
include "../scripts/db.php";
if (!isset($_SESSION["uid"], $_SESSION["user"])) {
exit("<div class='m_s_g'>Invalid Authentication<div>");
}
$uid = intval($_SESSION["uid"]);
$type = intval($_POST["type"]);
$owner = intval($_POST["owner"]);
$cid = intval($_POST["cid"]);
$id = intval($_POST["id"]);
$action = intval($_POST["action"]);
$post = _hstr_($_POST["post"], false);
$con = new db();
$conc = $con->c();
switch ($action) {
case 1:
$q = mysqli_query($conc, "SELECT comment.id,comment.owner,comment.uid,comment.post,comment.date,users.user,users.name,users.img1 FROM comment INNER JOIN users ON comment.uid = users.id WHERE comment.cid = {$cid} AND comment.type ={$type} ORDER BY comment.id ASC");
echo "<div style='font-size:12px;'>";
while ($r = mysqli_fetch_array($q)) {
$del = $uid == $r[1] || $uid == $r[2] ? "·<a href='#' onclick='return _delcom(event,{$type},{$r['0']})'><span class='del'>delete</span></a>" : "";
echo "<div class='comment_" . $r[0] . "' style='width:100%;'>\n\t\t\t\t\t<table width='100%'><tr>\n\t\t\t\t\t<td width='10%'><a href='" . PTH . "/{$r['5']}' onclick='return _pop(event,{$r['2']});'><div class='ssmpdiv' style='background-image:url(" . PTH . "{$r['7']});'></div></a></td>\n\t\t\t\t\t<td valign='top'><a href='" . PTH . "/{$r['5']}' onclick='return _pop(event,{$r['2']});'>{$r['5']}</a> <i style='_pn'>{$r['6']}</i><br/><span>{$r['3']}</span><div style='float:right;'><span class='del' title='" . date("U", $r[4]) . "'>" . gtime($r[4]) . "</span> {$del}</div></td></tr></table>\n\t\t\t </div>";
}
echo $uid != 0 ? "\n\t<div class=''><div class ='comm'><table><tr><td valign='top'><div class='ssmpdiv'style='background-image:url(" . PTH . "" . $_SESSION["img1"] . ");'></div></td><td><textarea id='txtcom_" . $type . "' placeholder='Comment...' rows='3' class='txt' onkeyup='gment(event)'></textarea><div class='pl2div' style='position:relative'></div><br /><input type='button' onclick='_com(event,{$type},{$cid},{$owner});' style='float:right' class='button1' value='Comment'/></td></tr></table></div></div><a href='#' onclick='addCommentV(event)'><!--span class='__c'>Add a comment</span--></a></div></div>\n\t</div>" : "";
break;
case 2:
if ($uid != 0) {
$q = $con->insertInto("comment", array($type, $cid, $owner, $uid, $post, date("U")));
$plate = 9 + $type;
if ($uid != $owner) {
<?php
include "../scripts/db.php";
$post = "RP: @fisicallyFeet RP: @omish RP: @papaste @fisicallyFeet @omish @easymind @DonZion";
$post = strclean(_hstr_($post, false));
$post = str_replace("__@", "_@", $post);
$post = str_replace(" _ _ ", " _ ", $post);
//echo $post;
$m = " @papaste @fisicallyFeet @omish [music:5] @papaste @fisicallyFeet @omish";
$con = new db();
$conc = $con->c();
$conc = $con->c();
$q = mysqli_query($conc, "SELECT id,img1,img2,img3 FROM users");
echo "no. of users " . mysqli_num_rows($q);
if (isset($_GET["no"])) {
$con->close_db_con($conc);
exit;
}
while ($r = mysqli_fetch_array($q)) {
$img1 = str_replace("..", "", $r[1]);
$img2 = str_replace("..", "", $r[2]);
$img3 = str_replace("..", "", $r[3]);
$img1 = str_replace("d70.jpg", "d70.png", $img1);
$img2 = str_replace("d150.jpg", "d150.png", $img2);
$img3 = str_replace("d500.jpg", "d500.png", $img3);
$qq = mysqli_query($conc, "UPDATE users SET img1='{$img1}',img2='{$img2}',img3='{$img3}' WHERE id = {$r['0']}");
echo $img1 . "<br/>";
}
$q = mysqli_query($conc, "SELECT id,img1,img2,img3 FROM art");
while ($r = mysqli_fetch_array($q)) {
$img1 = str_replace("..", "", $r[1]);
$qq = mysqli_query($con, "INSERT INTO trend Values (NULL, {$uid},'{$s}',1," . date("U") . ")");
} else {
$qq = mysqli_query($con, "UPDate trend set tc=tc+1 WHERE trend LIKE '{$s}'");
}
}
}
}
}
if (strlen($post) > 0) {
$con = new db();
$conc = $con->c();
$q = $con->insertInto("post", array($uid, $post, date("U"), $client, $loc, $id, $type, $_SERVER['REMOTE_ADDR']));
if ($q) {
switch ($type) {
case 0:
$v = _hstr_($real_post, 1);
$v = NULL;
break;
case 1:
$q = mysqli_query($conc, "SELECT user FROM post WHERE id = {$id}");
$r = mysqli_fetch_array($q);
if ($r[0] != $uid) {
$q = $con->insertInto("hist", array(8, $r[0], $uid, $id, date("U")));
s_mail($_SESSION["user"], " replied your <a href='http://muzikkitchen.com/?view={$id}&t={$type}'>feed</a><br/><div style='font-size:14px'><b><br/><br/>{$real_post}</b></div>", $r[0], $conc, "replied your feed");
$r = NULL;
}
$q = NULL;
break;
case 2:
$q = mysqli_query($conc, "SELECT user FROM post WHERE id = {$id}");
$r = mysqli_fetch_array($q);
<?php
session_start();
include "../scripts/db.php";
if (!isset($_SESSION["uid"], $_SESSION["user"])) {
exit("<div class='m_s_g'>Invalid Authentication<div>");
}
$uid = $_SESSION["uid"];
$msg = _hstr_($_POST["msg"], false);
$subj = strclean($_POST["subj"]);
$to = $_POST["u2"];
$id = $_POST["id"];
if (isset($msg) && $msg != "") {
if ($uid == $to) {
die("You cannot send a message to yourself");
exit;
}
$con = new db();
$conc = $con->c();
if (isset($subj) && !isset($id) && isset($to) && $to != "") {
if ($subj == "") {
$subj = "No Subject";
}
$qq = mysqli_query($conc, "INSERT INTO `msg_subj` VALUES(NULL,'{$uid}','{$to}','{$subj}','" . date("U") . "')");
$getid = mysqli_query($conc, "SELECT `id` FROM `msg_subj` WHERE `u1` = '{$uid}' AND `u2`='{$to}' AND `subj` = '{$subj}'");
$nid = mysqli_fetch_array($getid);
if ($getid && $qq) {
sendmsg($conc, $nid[0], $uid, $to, $msg);
} else {
echo 2;
}
