function show_tag_posts($id, $db) { if (!ctype_digit($id)) { alert_try_sqlinj(); header('index.php'); die; } $similar = array(); $query = 'SELECT * FROM posttags WHERE post_id=' . mysql_real_escape_string($id, $db); $result = sql_query($query, $db); if (mysql_num_rows($result) > 0) { while ($row = mysql_fetch_array($result)) { extract($row); $query = 'SELECT pt.post_id AS post_id,post_title FROM posttags pt JOIN posts po ON pt.post_id=po.post_id WHERE pt.tag_id=' . mysql_real_escape_string($tag_id, $db) . ' AND pt.post_id!=' . mysql_real_escape_string($id, $db) . ' ORDER BY post_id DESC LIMIT 0,' . MAX_SIMILAR_POSTS; $result2 = sql_query($query, $db); if (mysql_num_rows($result2) > 0) { while ($row = mysql_fetch_array($result2)) { extract($row); if (!array_key_exists($post_id, $similar)) { $similar[$post_id] = deletenbsp($post_title); } } } } } if (count($similar) > 0) { echo '----------------------<div><span style="font-size:15px;">Similar posts:</span></br>'; foreach ($similar as $key => $value) { echo '<span style="font-size:12px;"><a href="view_post.php?id=' . $key . '">' . $value . '</a></span></br>'; } echo '</div>----------------------'; } }
die; } if (isset($_POST['submit'])) { switch ($_POST['submit']) { // LOGIN case 'login': $password = $_POST['password'] != "" ? $_POST['password'] : ""; $user = $_POST['username'] != "" ? $_POST['username'] : ""; if ($user == ADMIN_USER && $password == ADMIN_PASSWORD) { $_SESSION['admin'] = 1234; header('Location:index.php'); die; } $user = !ctype_xdigit($_POST['username']) ? $_POST['username'] : ""; if ($password == "" || $user == "") { alert_try_sqlinj(); header('Location:index.php?error=notvalid'); die; } $query = 'SELECT user_id FROM users WHERE user_name="' . validate($user, $db) . '" AND password=PASSWORD("' . mysql_real_escape_string($password, $db) . '")'; $result = sql_query($query, $db); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); extract($row); $_SESSION['user_id'] = $user_id; header('Location:index.php'); die; } else { header('Location:index.php?error=notvalid'); die; }