if (!(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest')) { die("Call not allowed"); } $action = $_POST["action"]; switch ($action) { case "getpages": getPages(); break; case "ok": moderate($action); break; case "trash": moderate($action); break; case "spam": moderate($action); break; case "comment": get_comments(); break; } function getPages() { $path = realpath('.'); $dircontent = scandir($path); $arr = array(); foreach ($dircontent as $filename) { if ($filename != '.' && $filename != '..') { $ext = strtolower(substr($filename, strrpos($filename, '.') + 1)); if ($ext == "xml") { $xml = new DomDocument('1.0', 'utf-8');
$comment_vote = array(); $comment_vote["cid"] = $cid; $comment_vote["zid"] = $zid; $comment_vote["rid"] = $rid; $comment_vote["time"] = time(); db_set_rec("comment_vote", $comment_vote); } $k = array_keys($_POST); for ($i = 0; $i < count($k); $i++) { $a = explode("_", $k[$i]); if (count($a) == 2) { if ($a[0] == "cid" && string_uses($a[1], "[0-9]") && string_uses($_POST[$k[$i]], "[0-9]-")) { $cid = (int) $a[1]; $rid = (int) $_POST[$k[$i]]; if ($rid >= 0 && $rid <= 10) { moderate($cid, $auth_zid, $rid); } } } } $sid = http_post_int("sid", array("required" => false)); $pid = http_post_int("pid", array("required" => false)); $qid = http_post_int("qid", array("required" => false)); if ($sid > 0) { header("Location: /story/{$sid}"); } else { if ($pid > 0) { header("Location: /story/{$sid}"); } else { if ($qid > 0) { header("Location: /poll/{$qid}");