Esempio n. 1
0
                             }
                         }
                     }
                 }
             }
         }
     }
 } else {
     $post_type = cleanit($_REQUEST['post_type']);
     if ($post_type == "Photo") {
         $nsfw = intval(cleanit($_REQUEST['nsfw']));
         $source = cleanit($_REQUEST['source']);
         $tags = cleanit($_REQUEST['tags']);
         $title = cleanit($_REQUEST['title']);
         $title = str_replace("#", "#", $title);
         findHashDeleteCache($title);
         $url = cleanit($_REQUEST['url']);
         $category = intval(cleanit($_REQUEST['category']));
         if ($url == "") {
             $error = $lang['96'];
         } elseif ($title == "") {
             $error = $lang['95'];
         } else {
             $pos = strrpos($url, ".");
             $ph = strtolower(substr($url, $pos + 1, strlen($url) - $pos));
             if ($ph == "jpg" || $ph == "jpeg" || $ph == "png" || $ph == "gif") {
                 $query = "INSERT INTO posts SET USERID='" . mysql_real_escape_string($SID) . "', story='" . mysql_real_escape_string($title) . "', tags='" . mysql_real_escape_string($tags) . "', source='" . mysql_real_escape_string($source) . "', category='" . mysql_real_escape_string($category) . "', nsfw='" . mysql_real_escape_string($nsfw) . "', url='" . mysql_real_escape_string($url) . "', time_added='" . time() . "', date_added='" . date("Y-m-d") . "', active='0', pip='" . $_SERVER['REMOTE_ADDR'] . "'";
                 $result = $conn->execute($query);
                 $pid = mysql_insert_id();
                 $uploadedimage = $config['pdir'] . '/' . $pid . '-temp.' . $ph;
                 if (!download_photo($url, $uploadedimage)) {
Esempio n. 2
0
<?php

include "include/config.php";
include "include/functions/import.php";
include 'include/emoji.php';
include 'include/Mobile_Detect.php';
$detect = new Mobile_Detect();
$comment = cleanit($_REQUEST['comment']);
findHashDeleteCache($comment);
$comment = emojify($comment, $detect);
$pid = intval(cleanit($_REQUEST['pid']));
$userid = intval(cleanit($_REQUEST['userid']));
$SID = intval(cleanit($_SESSION['USERID']));
$datesub = time();
if (!$comment) {
    echo 0;
    exit;
}
if ($SID == $userid) {
    $query = "INSERT INTO posts_comments SET PID='" . mysql_real_escape_string($pid) . "', USERID='" . mysql_real_escape_string($userid) . "', comment='" . mysql_real_escape_string($comment) . "', date='{$datesub}'";
    $result = $conn->execute($query);
    $cid = mysql_insert_id();
    $filename = $config['basedir'] . '/themes/cache/' . $pid . '.txt';
    if (file_exists($filename)) {
        $json = file_get_contents($filename);
        $data = (array) json_decode($json);
        $user_comments = isset($data['user_comments']) ? $data['user_comments'] : false;
        $num_comments = isset($data['comments']) ? $data['comments'] : 0;
        $c = 0;
        $new_arr = false;
        if ($user_comments) {