File: /home/httpd/html/baretube.com.new/includes/inc.remove_favorites.php
<?php
/*
session_start();
include 'admin/db.php';
if(!$_SESSION[userid]) { header("Location: login.php"); exit(); }
if(!$_GET[id]) { header("Location: index.php"); exit(); }
$id = mysqli_real_escape_string($dbconn,$_GET[id]);
$result = dbQuery("SELECT * FROM content WHERE record_num = '$id'");
if(count($result) > 0) {
dbQuery("DELETE FROM favorites WHERE user = '$_SESSION[userid]' AND content = '$id'");
header("Location: /favorites/page1.html");
exit();
}
else {
header("Location: index.php");
exit();
}
*/
session_start();
include('mb.php');
if(!$info) {
if(!isset($_GET['id']) || !is_numeric($_GET['id'])) {
$info = 'Invalid content ID.';
}
}
if(!$info) {
$result = dbQuery("SELECT record_num FROM content WHERE record_num = '".$_GET['id']."'",false);
if(count($result) == 0) {
$info = "Provided content ID doesn't exist in our database.";
} else {
$checkFavs = dbQuery("SELECT record_num FROM favorites WHERE content = '".$_GET['id']."' AND user = '".$_SESSION['userid']."'",false);
if(count($checkFavs) > 0) {
dbQuery("DELETE FROM favorites WHERE user = '".$_SESSION['userid']."' AND content = '".$_GET['id']."'", false);
$info = 'You have successfully removed this content from your favorites.';
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link type="text/css" href="<? echo $template_url; ?>/css/style.css" rel="stylesheet" />
<link type="text/css" href="<? echo $template_url; ?>/css/base.css" rel="stylesheet" />
</head>
<body>
<div id="incFavs">
<p style='font-weight: bold;'>
<? echo $info; ?>
</p>
</div>
</body>
</html>