if (!(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest')) {
die("Call not allowed");
}
$action = $_POST["action"];
switch ($action) {
case "getpages":
getPages();
break;
case "ok":
moderate($action);
break;
case "trash":
moderate($action);
break;
case "spam":
moderate($action);
break;
case "comment":
get_comments();
break;
}
function getPages()
{
$path = realpath('.');
$dircontent = scandir($path);
$arr = array();
foreach ($dircontent as $filename) {
if ($filename != '.' && $filename != '..') {
$ext = strtolower(substr($filename, strrpos($filename, '.') + 1));
if ($ext == "xml") {
$xml = new DomDocument('1.0', 'utf-8');
$comment_vote = array();
$comment_vote["cid"] = $cid;
$comment_vote["zid"] = $zid;
$comment_vote["rid"] = $rid;
$comment_vote["time"] = time();
db_set_rec("comment_vote", $comment_vote);
}
$k = array_keys($_POST);
for ($i = 0; $i < count($k); $i++) {
$a = explode("_", $k[$i]);
if (count($a) == 2) {
if ($a[0] == "cid" && string_uses($a[1], "[0-9]") && string_uses($_POST[$k[$i]], "[0-9]-")) {
$cid = (int) $a[1];
$rid = (int) $_POST[$k[$i]];
if ($rid >= 0 && $rid <= 10) {
moderate($cid, $auth_zid, $rid);
}
}
}
}
$sid = http_post_int("sid", array("required" => false));
$pid = http_post_int("pid", array("required" => false));
$qid = http_post_int("qid", array("required" => false));
if ($sid > 0) {
header("Location: /story/{$sid}");
} else {
if ($pid > 0) {
header("Location: /story/{$sid}");
} else {
if ($qid > 0) {
header("Location: /poll/{$qid}");
