HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
$ pwd: /home/httpd/html/baretube.com/
Upload Files
File: /home/httpd/html/baretube.com/friends.php
<?
session_start();
include('admin/db.php');
if(!$_SESSION[userid]) {
	header("Location: /login.php");
	exit();
}
$user= $_SESSION[userid];
$option = mysql_real_escape_string(trim($_GET['option']));
$id = mysql_real_escape_string ( trim($_GET['id']));

$possibleOptions = array('add', 'del');
if(!in_array($option, $possibleOptions)) {
	header("Location: $basehttp"); 
	exit();
}

$title = 'Manage Friends'; 
$pagetitle = 'Manage Friends'; 
include($basepath.'/templates/template.overall_header.php');

switch($option) {
	case 'add': 
		if(isset($id)) {
			$result = mysql_query("SELECT users.record_num FROM users, subscriptions WHERE user = '$_SESSION[userid]' AND subscriptions.friend = '$id' AND users.record_num = '$id'");
			if(mysql_num_rows($result) > 0) {
				echo "<p>You already have this person on your friend's list!</p>";
			}
			else {
				mysql_query("INSERT INTO subscriptions (user, friend) VALUES ('$_SESSION[userid]', '$id')");
				echo "<p>You have added this person to your friends list. <a href='$_SERVER[HTTP_REFERER]'>Click here to go back</a>.</p>"; 
			}
		}
	break;
	case "del":
		if(mysql_query("DELETE FROM subscriptions WHERE user = '$_SESSION[userid]' AND friend = '$id'")) {
			echo "<p>You have removed this person from your friends list. <a href='$_SERVER[HTTP_REFERER]'>Click here to go back</a>.</p>"; 
		}
		else {
			echo "<p>An error has occured. <a href='$_SERVER[HTTP_REFERER]'>Click here to go back</a>.</p>"; 
		}
	break;
	
	default: 
		echo "Invalid Action";
	break; 
}
include($basepath.'/templates/template.overall_footer.php'); ?>
@ Telegram