if (isset($_POST["profile"])) { $q = NULL; $name = strclean($_POST["name"]); $loc = strclean($_POST["loc"]); $bio = _hstr_($_POST["bio"], false); $web = urlencode($_POST["web"]); $work = strclean($_POST["work"]); $edu = strclean($_POST["edu"]); $bday = $_POST["bday"]; $sex = intval($_POST["sex"]); // if(!preg_match('-(\d{2})/(\d{2})/(\d{4})-',$bday)) // { // exit("<div $style>Your birthday should be in this format {MM/DD/YYYY}</div>"); // } $status = strclean($_POST["status"]); $status2 = $status == 4 ? _hstr_($_POST["status_"], 2) : ""; list($img1, $img2, $img3) = explode("____", $_POST["imgs"]); $img = $_FILES["upl"]["tmp_name"]; if (is_uploaded_file($img)) { $mdir = "{$pth}/profile_pic/"; $_50x50 = upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 70, 70, $mdir); $_150x150 = upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 150, 150, $mdir); $_400x400 = upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 500, 500, $mdir); $_50x50 = str_replace($pth, "", $_50x50); $_150x150 = str_replace($pth, "", $_150x150); $_400x400 = str_replace($pth, "", $_400x400); if ($_50x50 && $_150x150 && $_400x400) { $q = mysqli_query($conc, "SELECT img1,img2,img3 FROM users WHERE id={$uid}"); $r = NULL; $r = mysqli_fetch_array($q); if (!stristr($r[0], "/img/")) {
exit("<div {$style}>Successfully updated {$name}</div>"); } else { exit("<div {$style}>Error updating {$name}</div>"); } } if (isset($_POST["add"])) { $img = $_FILES["upl"]["tmp_name"]; $video = $_FILES["vid"]["tmp_name"]; if (is_uploaded_file($video) && preg_match('/mp4|avi|mpeg|3gp|mkv|flv|mov/', extension($_FILES["vid"]["name"]))) { $_300x300 = is_uploaded_file($img) ? upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 300, 300) : DEF_VID_IMG; $vid = md5($video . " " . date("U")) . rand(0, 9) . extension($_FILES["vid"]["name"]); if ($_300x300 && copy($video, "../video/{$vid}")) { $name = strclean($_POST["name"]); $name = strlen($name) < 2 ? $_SESSION["user"] . "'s video " . rand(10, 999) : $name; $name = _hstr_($name, false); $info = _hstr_($_POST["info"], false); $q = $con->insertInto("videos", array($user, $name, $info, $_300x300, $vid, 1, date("U"), 0)); if ($q) { $q = mysqli_query($conc, "SELECT id FROM videos WHERE user = '******' AND name = '{$name}' AND vid = '{$vid}'"); $r = mysqli_fetch_array($q); $q = $con->insertInto("hist", array(6, 0, $user, $name . "::__::__::" . $r[0], date("U"))); $q = NULL; $con->close_db_con($conc); exit("<div {$style}>{$name} has been successfully added.</div>"); } else { if (is_file("../prev/" . $_300x300) && strstr($_300x300, DEF_VID_IMG) < 0) { unlink("../prev/" . $_300x300); } if (is_file("../video/{$vid}")) { unlink("../video/{$vid}"); }
<?php include "../scripts/db.php"; $con = new db(); $conc = $con->c(); header("Content-Type: text/xml"); $user = md5($_POST["user"]); echo "<?xml version='1.0' encoding='utf-8' ?><bubble uid='{$user}'>"; $action = $_POST["action"]; $p = sha1($_POST["p"]); $id = $_POST["id"]; $time = $_POST["time"]; $msg = _hstr_(strclean($_POST["msg"]), false); switch ($action) { case 1: $q = mysqli_query($conc, "SELECT * FROM `users` WHERE `em` = '{$user}' AND `pass` = '{$p}' "); $r = mysqli_fetch_assoc($q); if (mysqli_num_rows($q) == 1) { echo "<name>" . $r["fname"] . " " . $r["lname"] . "</name>"; echo "<img>" . str_replace("../", "http://localhost/bubble/", $r["img_m"]) . "</img>"; } else { echo "<error>Invalid Credentials</error>"; } break; case 2: $q = mysqli_query($conc, "SELECT `email`,`femail`,`id` FROM `pals` WHERE `email` = '{$user}' OR `femail` = '{$user}' "); $q2 = mysqli_query($conc, "UPDATE `chat_online` SET `time` = " . date("U") . " WHERE `email` = '{$user}'"); while ($r = mysqli_fetch_array($q)) { $em = $r[0] == $user ? $r[1] : $r[0]; $tm = date("U") - 60 * 10; $q2 = mysqli_query($conc, "SELECT `email` FROM `chat_online` WHERE `email` = '{$em}' AND `time` > {$tm}");
<?php session_start(); include "../scripts/db.php"; if (!isset($_SESSION["uid"], $_SESSION["user"])) { exit("<div class='m_s_g'>Invalid Authentication<div>"); } $uid = intval($_SESSION["uid"]); $type = intval($_POST["type"]); $owner = intval($_POST["owner"]); $cid = intval($_POST["cid"]); $id = intval($_POST["id"]); $action = intval($_POST["action"]); $post = _hstr_($_POST["post"], false); $con = new db(); $conc = $con->c(); switch ($action) { case 1: $q = mysqli_query($conc, "SELECT comment.id,comment.owner,comment.uid,comment.post,comment.date,users.user,users.name,users.img1 FROM comment INNER JOIN users ON comment.uid = users.id WHERE comment.cid = {$cid} AND comment.type ={$type} ORDER BY comment.id ASC"); echo "<div style='font-size:12px;'>"; while ($r = mysqli_fetch_array($q)) { $del = $uid == $r[1] || $uid == $r[2] ? "·<a href='#' onclick='return _delcom(event,{$type},{$r['0']})'><span class='del'>delete</span></a>" : ""; echo "<div class='comment_" . $r[0] . "' style='width:100%;'>\n\t\t\t\t\t<table width='100%'><tr>\n\t\t\t\t\t<td width='10%'><a href='" . PTH . "/{$r['5']}' onclick='return _pop(event,{$r['2']});'><div class='ssmpdiv' style='background-image:url(" . PTH . "{$r['7']});'></div></a></td>\n\t\t\t\t\t<td valign='top'><a href='" . PTH . "/{$r['5']}' onclick='return _pop(event,{$r['2']});'>{$r['5']}</a> <i style='_pn'>{$r['6']}</i><br/><span>{$r['3']}</span><div style='float:right;'><span class='del' title='" . date("U", $r[4]) . "'>" . gtime($r[4]) . "</span> {$del}</div></td></tr></table>\n\t\t\t </div>"; } echo $uid != 0 ? "\n\t<div class=''><div class ='comm'><table><tr><td valign='top'><div class='ssmpdiv'style='background-image:url(" . PTH . "" . $_SESSION["img1"] . ");'></div></td><td><textarea id='txtcom_" . $type . "' placeholder='Comment...' rows='3' class='txt' onkeyup='gment(event)'></textarea><div class='pl2div' style='position:relative'></div><br /><input type='button' onclick='_com(event,{$type},{$cid},{$owner});' style='float:right' class='button1' value='Comment'/></td></tr></table></div></div><a href='#' onclick='addCommentV(event)'><!--span class='__c'>Add a comment</span--></a></div></div>\n\t</div>" : ""; break; case 2: if ($uid != 0) { $q = $con->insertInto("comment", array($type, $cid, $owner, $uid, $post, date("U"))); $plate = 9 + $type; if ($uid != $owner) {
<?php include "../scripts/db.php"; $post = "RP: @fisicallyFeet RP: @omish RP: @papaste @fisicallyFeet @omish @easymind @DonZion"; $post = strclean(_hstr_($post, false)); $post = str_replace("__@", "_@", $post); $post = str_replace(" _ _ ", " _ ", $post); //echo $post; $m = " @papaste @fisicallyFeet @omish [music:5] @papaste @fisicallyFeet @omish"; $con = new db(); $conc = $con->c(); $conc = $con->c(); $q = mysqli_query($conc, "SELECT id,img1,img2,img3 FROM users"); echo "no. of users " . mysqli_num_rows($q); if (isset($_GET["no"])) { $con->close_db_con($conc); exit; } while ($r = mysqli_fetch_array($q)) { $img1 = str_replace("..", "", $r[1]); $img2 = str_replace("..", "", $r[2]); $img3 = str_replace("..", "", $r[3]); $img1 = str_replace("d70.jpg", "d70.png", $img1); $img2 = str_replace("d150.jpg", "d150.png", $img2); $img3 = str_replace("d500.jpg", "d500.png", $img3); $qq = mysqli_query($conc, "UPDATE users SET img1='{$img1}',img2='{$img2}',img3='{$img3}' WHERE id = {$r['0']}"); echo $img1 . "<br/>"; } $q = mysqli_query($conc, "SELECT id,img1,img2,img3 FROM art"); while ($r = mysqli_fetch_array($q)) { $img1 = str_replace("..", "", $r[1]);
$qq = mysqli_query($con, "INSERT INTO trend Values (NULL, {$uid},'{$s}',1," . date("U") . ")"); } else { $qq = mysqli_query($con, "UPDate trend set tc=tc+1 WHERE trend LIKE '{$s}'"); } } } } } if (strlen($post) > 0) { $con = new db(); $conc = $con->c(); $q = $con->insertInto("post", array($uid, $post, date("U"), $client, $loc, $id, $type, $_SERVER['REMOTE_ADDR'])); if ($q) { switch ($type) { case 0: $v = _hstr_($real_post, 1); $v = NULL; break; case 1: $q = mysqli_query($conc, "SELECT user FROM post WHERE id = {$id}"); $r = mysqli_fetch_array($q); if ($r[0] != $uid) { $q = $con->insertInto("hist", array(8, $r[0], $uid, $id, date("U"))); s_mail($_SESSION["user"], " replied your <a href='http://muzikkitchen.com/?view={$id}&t={$type}'>feed</a><br/><div style='font-size:14px'><b><br/><br/>{$real_post}</b></div>", $r[0], $conc, "replied your feed"); $r = NULL; } $q = NULL; break; case 2: $q = mysqli_query($conc, "SELECT user FROM post WHERE id = {$id}"); $r = mysqli_fetch_array($q);
<?php session_start(); include "../scripts/db.php"; if (!isset($_SESSION["uid"], $_SESSION["user"])) { exit("<div class='m_s_g'>Invalid Authentication<div>"); } $uid = $_SESSION["uid"]; $msg = _hstr_($_POST["msg"], false); $subj = strclean($_POST["subj"]); $to = $_POST["u2"]; $id = $_POST["id"]; if (isset($msg) && $msg != "") { if ($uid == $to) { die("You cannot send a message to yourself"); exit; } $con = new db(); $conc = $con->c(); if (isset($subj) && !isset($id) && isset($to) && $to != "") { if ($subj == "") { $subj = "No Subject"; } $qq = mysqli_query($conc, "INSERT INTO `msg_subj` VALUES(NULL,'{$uid}','{$to}','{$subj}','" . date("U") . "')"); $getid = mysqli_query($conc, "SELECT `id` FROM `msg_subj` WHERE `u1` = '{$uid}' AND `u2`='{$to}' AND `subj` = '{$subj}'"); $nid = mysqli_fetch_array($getid); if ($getid && $qq) { sendmsg($conc, $nid[0], $uid, $to, $msg); } else { echo 2; }