} # Process sign in if (isset($_POST['signin']) && empty($_POST['signin']) && !empty($_POST['username']) && !empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['password-confirm']) && $_POST['password'] === $_POST['password-confirm']) { $user = addslashes(htmlspecialchars($_POST['username'])); $email = addslashes(htmlspecialchars($_POST['email'])); $passwd = addslashes(htmlspecialchars($_POST['password'])); User::create($user, $email, $passwd); $_SESSION['signedIn'] = true; } # Process comment if (isset($_POST['comment']) && isset($_POST['song']) && is_numeric($_POST['song']) && isset($_POST['text']) && !empty($_POST['text']) && preg_match("/[a-zA-Z0-9]/", trim($_POST['text'])) && isset($_SESSION['online']) && $_SESSION['online']) { $db = $_SESSION['db']; $song = new Song($_POST['song']); $user_id = $_SESSION['user']->getId(); $text = preg_replace("/_3/", "♥", htmlspecialchars(trim(preg_replace("/<3/", "_3", $_POST['text'])))); $stmt = $song->userHasCommented($user_id) ? $db->prepare("update comment set text = :text, date = unix_timestamp() where user = :user and song = :song;") : $db->prepare("insert into comment (user, song, text, date) values (:user, :song, :text, unix_timestamp());"); $stmt->execute(array("user" => $user_id, "song" => $song->getId(), "text" => $text)); $stmt->closeCursor(); $_SESSION['commented'] = true; } # Process regular search /** * @author Jérôme Boesch * */ if (isset($_GET['q']) && !empty($_GET['q'])) { $db = $_SESSION['db']; $q = htmlspecialchars($_GET['q']); $search_songs = array(); $search_albums = array(); $search_artists = array();