$sure = isset($_GET['sure']) ? 0 + $_GET['sure'] : ''; if (!is_valid_id($torrentid)) { stderr("Error", "Invalid ID."); } $hash = md5('s5l6t0mu55yt4hwa7e5' . $torrentid . 'private' . 's5l6t0mu55yt4hwa7e5'); if (!$sure) { stderr("Make Bookmark Private", "Do you really want to mark this bookmark private? Click\n" . "<a href='?torrent={$torrentid}&action=private&sure=1&h={$hash}'>here</a> if you are sure.", FALSE); } if ($_GET['h'] != $hash) { stderr('Error', 'what are you doing?'); } if (!is_valid_id($torrentid)) { stderr("Error", "Invalid ID."); } function privatebookmark($torrentid) { global $CURUSER, $mc1, $INSTALLER09; sql_query("UPDATE bookmarks SET private = 'yes' WHERE private = 'no' AND torrentid = " . sqlesc($torrentid) . " AND userid = " . sqlesc($CURUSER['id'])); $mc1->delete_value('bookmm_' . $CURUSER['id']); make_bookmarks($CURUSER['id'], 'bookmm_'); } $HTMLOUT .= privatebookmark($torrentid); $HTMLOUT .= "<h2>Bookmark made private!</h2>"; } if (isset($_POST["returnto"])) { $ret = "<a href=\"" . htmlsafechars($_POST["returnto"]) . "\">Go back to whence you came</a>"; } else { $ret = "<a href=\"bookmarks.php\">Go to My Bookmarks</a><br /><br />\r\n<a href=\"browse.php\">Go to Browse</a>"; } $HTMLOUT .= $ret; echo stdhead('Bookmark') . $HTMLOUT . stdfoot();
$torrentid = (int) $_GET['torrent']; $sure = safeChar($_GET['sure']); if (!is_valid_id($torrentid)) { stderr("Error", "Invalid ID."); } $hash = md5('the salt to' . $torrentid . 'add' . 'mu55y'); if (!$sure) { stderr("Confirm Bookmark", "Do you really want to mark this bookmark private? Click\n" . "<a href=?torrent={$torrentid}&action=private&sure=1&h={$hash}>here</a> if you are sure.", false); } if ($_GET['h'] != $hash) { stderr('Error', 'what are you doing?'); } if (!is_valid_id($torrentid)) { stderr("Error", "Invalid ID."); } function privatebookmark($torrentid) { global $CURUSER; mysql_query("UPDATE bookmarks SET private = 'yes' WHERE private = 'no' AND torrentid = {$torrentid} AND userid = {$CURUSER['id']}"); } privatebookmark($torrentid); stdhead("Bookmark made private!"); echo '<h2>Bookmark made private!</h2>'; } if (isset($_POST["returnto"])) { $ret = "<a href=\"" . htmlspecialchars($_POST["returnto"]) . "\">Go back to whence you came</a>"; } else { $ret = "<a href=\"bookmarks.php\">Go to My Bookmarks</a><br /><br />\n<a href=\"browse.php\">Go to Browse</a>"; } echo $ret; stdfoot();