HEX

File: /home/httpd/html/camrub.com/public_html/includes/ajax.post_comment.php
<?php
    session_start();
    include '../admin/db.php';

    if(!$_POST['id']) { header("Location: ".$basehttp."/"); exit(); }
    if(!$_POST['comment']) {$res['error'] = 'true';  $res['info'] = "<div class='notification error'><p>Please write comment.</p></div>"; echo json_encode($res);  exit(); }
    if(!is_numeric($_POST['type'])) { exit(); }

    if(strtolower($_POST['captcha']) != strtolower($_SESSION['captcha'])){
	$res['error'] = 'true';
	$res['info'] = "<div class='notification error'><p>Incorrect Captcha!</p></div>";
	echo json_encode($res);
	exit();
    }

    $id = mysqli_real_escape_string($dblink, $_POST['id']);
    $comment = mysqli_real_escape_string($dblink, strip_tags($_POST['comment']));
    if($comment_notregistered){
        $userid = 0;
    }else{
        $userid = $_SESSION['userid'];
    }
    $type = mysqli_real_escape_string($dblink, $_POST['type']);

    $now = time() - 60;
    $throttle = dbQuery("SELECT record_num FROM comments WHERE userid = '$userid' AND content = '$id' AND type = '$type' AND timestamp > '$now'",false);
    if(count($throttle) > 0) {
        $res['error'] = 'true';
        $res['info'] = "<div class='notification alert'><p>You may only post a comment once every 60 seconds.</p></div>";
	echo json_encode($res);
	exit();
    }

    switch ($type):
	case 0:
            $sql="SELECT record_num FROM content WHERE record_num = '$id'";
            break;
	case 1:
            $sql="SELECT record_num FROM pornstars WHERE record_num = '$id'";
            break;
	case 2:
            $sql="SELECT record_num FROM users WHERE record_num = '$id'";
            break;
	default:
            $sql="";
    endswitch;

    $result = dbQuery($sql);
    if(count($result) > 0) {
	dbQuery("INSERT INTO comments (userid,name,comment, content, type,timestamp,ip) VALUES ('$userid','$_SESSION[username]','$comment','$id','$type','".time()."','".$_SERVER['REMOTE_ADDR']."')");
        $res['error'] = 'false';
        $res['info'] = "<div class='notification success'><p>Thank you! Your comment has been posted.</p></div>";
	if($type == 2) {
	    sendEmail('new-post',$id);
	} elseif($type == 0) {
            $row = dbRow("SELECT title, submitter, photos FROM content WHERE record_num = $id");
            if($row['photos'] == 1) {
                $link = generateUrl('galleries', $row['title'],$id);
            } else {
                $link = generateUrl('video', $row['title'],$id);
            }
            sendEmail('new-comment',$row['submitter'], array('%link' => $link));
        }
	echo json_encode($res);
    } else {
        $res['error'] = 'true';
        $res['info'] = "<div class='notification error'><p>This content doesn't exist.</p></div>";
	echo json_encode($res);
    }
?>