HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
Upload Files
File: /home/httpd/html/baretube.com.new/includes/rating/jRating.php
<?php
include('../../mb.php');
if(isset($_POST['action'])) {
	if(htmlentities($_POST['action'], ENT_QUOTES, 'UTF-8') == 'rating' && is_numeric($_POST['idBox'])) {
		$id = intval($_POST['idBox']);
		$rate = floatval($_POST['rate']);
		$type = intval($_POST['type']); 
		$result = dbQuery("SELECT * FROM ratings WHERE content = '$id' AND type = '$type'", false);
		if(count($result) > 0) { 
			$row = $result[0];
			$ips = unserialize($row['used_ips']);
			if(in_array($_SERVER['REMOTE_ADDR'],$ips)) { 
				$success = false; 
				$alreadyVoted = true;
			} else {
				$ips[] = $_SERVER['REMOTE_ADDR']; 
				$ips = serialize($ips); 
				if(dbQuery("UPDATE ratings SET total_votes = total_votes + 1, total_value = total_value + '$rate', used_ips = '$ips' WHERE content = '$id' AND type = '$type'", false)) { 
					$newRating = round(($row['total_value']+$rate)/($row['total_votes']+1));
                                        if($type == 1){
                                            dbQuery("UPDATE pornstars SET rating = '$newRating' WHERE record_num = '$id'");
                                        } else {
                                            dbQuery("UPDATE content SET rating = '$newRating' WHERE record_num = '$id'");
                                        }
					$success = true;
				}
			}
		} else { 
			$ips = serialize(array($_SERVER['REMOTE_ADDR'])); 
			if(dbQuery("INSERT INTO ratings SET content = '$id', type = '$type', total_votes = 1, total_value = '$rate', used_ips = '$ips'", false)) {
				$newRating = round($rate); 
                                if($type == 1){
                                    dbQuery("UPDATE pornstars SET rating = '$newRating' WHERE record_num = '$id'");
                                } else {
                                    dbQuery("UPDATE content SET rating = '$newRating' WHERE record_num = '$id'");
                                }
				$success = true;
			}
		}
		if($success) {
			$aResponse['success'] = true;
			$aResponse['message'] = "Thank you for voting!";
			exit(json_encode($aResponse));
		} else {
			$aResponse['error'] = true;
			if($alreadyVoted) { 
				$aResponse['message'] = "You've already voted on this video/gallery!";
			} else {
				$aResponse['message'] = "An error has occured.";
			}
			exit(json_encode($aResponse));
		}
	} else {
		$aResponse['error'] = true;
		$aResponse['message'] = "An error has occured.";
		exit(json_encode($aResponse));
	}
} else {
	$aResponse['error'] = true;
	$aResponse['message'] = "An error has occured.";
	exit(json_encode($aResponse));
}
exit();
?>