HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
$ pwd: /home/httpd/html/camrub.com/public_html/includes/
Upload Files
File: /home/httpd/html/camrub.com/public_html/includes/ajax.rating.php
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
include('../admin/db.php');
$aResponse = array();
if (isset($_REQUEST['action'])) {
    if (htmlentities($_REQUEST['action'], ENT_QUOTES, 'UTF-8') == 'rating') {
        $pname = mysqli_real_escape_string($dblink, $_REQUEST['performer_name']);
        $rate = floatval($_REQUEST['rate']);
        $psite = (int) $_REQUEST['performer_site'];
        $result = dbQuery("SELECT * FROM ratings WHERE performer_name = '$pname' AND performer_site = '$psite'", false);
        $result = (is_array($result)) ? $result : array();
        if (count($result) > 0) {
            $row = $result[0];
            $ips = unserialize($row['used_ips']);
            if (in_array($_SERVER['REMOTE_ADDR'], $ips)) {
                $success = false;
                $alreadyVoted = true;
            } else {
                $ips[] = $_SERVER['REMOTE_ADDR'];
                $ips = serialize($ips);
                if (dbQuery("UPDATE ratings SET total_votes = total_votes + 1, total_value = total_value + '$rate', used_ips = '$ips' WHERE performer_name = '$pname' AND performer_site = '$psite'", false)) {
                    dbQuery("INSERT INTO ratings_log SET performer_name = '$pname', performer_site = '$psite', ip = '".$_SERVER['REMOTE_ADDR']."', rate = '$rate'");
                    $newRating = round(($row['total_value'] + $rate) / ($row['total_votes'] + 1));
                    $success = true;
                }
            }
        } else {
            $ips = serialize(array($_SERVER['REMOTE_ADDR']));
            if (dbQuery("INSERT INTO ratings SET performer_name = '$pname', performer_site = '$psite', total_votes = 1, total_value = '$rate', used_ips = '$ips'", false)) {
                dbQuery("INSERT INTO ratings_log SET performer_name = '$pname', performer_site = '$psite', ip = '".$_SERVER['REMOTE_ADDR']."', rate = '$rate'");
                $newRating = round($rate);
                $success = true;
            }
        }
        if ($success) {
            $aResponse['success'] = true;
            $aResponse['message'] = "Thank you for voting!";
            $aResponse['newRating'] = $newRating;
            exit(json_encode($aResponse));
        } else {
            $aResponse['error'] = true;
            if ($alreadyVoted) {
                $aResponse['message'] = "You've already voted on this webcam!";
            } else {
                $aResponse['message'] = "An error has occured.";
            }
            exit(json_encode($aResponse));
        }
    } else {
        $aResponse['error'] = true;
        $aResponse['message'] = "An error has occured.";
        exit(json_encode($aResponse));
    }
} else {
    $aResponse['error'] = true;
    $aResponse['message'] = "An error has occured.";
    exit(json_encode($aResponse));
}
exit();
?>
@ Telegram