<?php
//prevent session hi-jacking
if($_REQUEST['id']) { $_REQUEST['id'] = (int) $_REQUEST['id']; }
if($_GET['id']) { $_GET['id'] = (int) $_GET['id']; }
if($_POST['id']) { $_POST['id'] = (int) $_POST['id']; }
if($_REQUEST['page']) { $_REQUEST['page'] = (int) $_REQUEST['page']; }
if($_GET['page']) { $_GET['page'] = (int) $_GET['page']; }
if($_GET['paysite']) { $_GET['paysite'] = (int) $_GET['paysite']; }
if($_GET['submitter']) { $_GET['submitter'] = (int) $_GET['submitter']; }
if($_REQUEST['setmax']) { $_REQUEST['setmax'] = (int) $_REQUEST['setmax']; }
if($_POST['niche'] && is_array($_POST['niche'])) {
	foreach($_POST['niche'] as $k=>$v) {
		if(is_numeric($v)) { 
			$_POST['niche'][$k] = $v;	
		} else {
			unset($_POST['niche'][$k]);
		}
	}
}
if($_POST['comments'] && is_array($_POST['comments'])) {
	foreach($_POST['comments'] as $k=>$v) {
		if(is_numeric($v)) { 
			$_POST['comments'][$k] = $v;	
		} else {
			unset($_POST['comments'][$k]);
		}
	}
}
if($_POST['list'] && is_array($_POST['list'])) {
	foreach($_POST['list'] as $k=>$v) {
		if(is_numeric($v)) { 
			$_POST['list'][$k] = $v;	
		} else {
			unset($_POST['list'][$k]);
		}
	}
}
if($_POST['pornstar'] && is_array($_POST['pornstar'])) {
	foreach($_POST['pornstar'] as $k=>$v) {
		if(is_numeric($v)) { 
			$_POST['pornstar'][$k] = $v;	
		} else {
			unset($_POST['pornstar'][$k]);
		}
	}
}
if($_GET['q']) { $_GET['q'] = htmlentities($_GET['q']); }
/** TEMPORARILY REMOVED ANTI-SESSION HACKING
if(isset($_SESSION[ip]) && $_SESSION[ip] != $_SERVER[REMOTE_ADDR]) {
	unset($_SESSION[username]);
	unset($_SESSION[ip]);
	unset($_SESSION[userid]);
	header("Location: /login.php"); 
	exit();
}
**/

//input sanitization
function mysql_real_escape_array ( $array ) {
   foreach ( $array as $key => $value ) {
       if ( is_array ( $value )) {
           $array [ $key ] = mysql_real_escape_array ( $value );
       }
       else {
           $array [ $key ] = mysql_real_escape_string ( $value );
       }
   }
   return $array ;
}
?>