File: /home/httpd/html/debouchery.com/public_html_1.2.7_bad/core/ajax.loadModels.php
<?
include_once('../admin/db.php');
if(isset($honor_geoip) && isset($geoip_env)) {
if(isset($_SERVER[$geoip_env])) {
$blockCountry = mysqli_real_escape_string($dblink,$_SERVER[$geoip_env]);
$filterAnd .= " AND `performers`.`block_from_countries` NOT LIKE '%".$blockCountry."%' ";
}
}
$page = (isset($_GET['page']) && is_numeric($_GET['page'])) ? (int) $_GET['page'] : 1;
$max_results = $results_per_page;
$from = ($page * $max_results) - $max_results;
$validSortOrders = array("recent", "name", "mostViewed", "leastViewed", "youngest", "oldest", "timeOnline");
if (isset($_GET['sortOrder'])) {
switch ($_GET['sortOrder']) {
case "recent":
$orderBy = "position ASC";
break;
case "name":
$orderBy = "username ASC";
break;
case "mostViewed":
$orderBy = "num_users DESC";
break;
case "leastViewed":
$orderBy = "num_users ASC";
break;
case "youngest":
$orderBy = "age ASC";
break;
case "oldest":
$orderBy = "age DESC";
break;
case "timeOnline":
$orderBy = "seconds_online DESC";
break;
default:
$orderBy = "position ASC";
break;
}
} else {
$orderBy = "position ASC";
}
if (!empty($_GET)) {
if(isset($_GET['status']) && is_array($_GET['status'])) {
//this one we do a bit differently as there's only two statuses
if(count($_GET['status']) == 1) {
if($_GET['status'][0] == 'online') {
$filterAnd .= " AND `performers`.`status` = 1";
} else {
$filterAnd .= " AND `performers`.`status` = 0";
}
}
}
if (isset($_GET['q'])) {
$filterAnd = " AND MATCH(performers.tags,performers.persistentTags,performers.username) AGAINST ('" . mysqli_real_escape_string($dblink, $_GET['q']) . "') ";
}
if (is_array($_GET['gender'])) {
foreach ($_GET['gender'] as $i) {
$outGender[] = mysqli_real_escape_string($dblink, $i);
}
$filterAnd .= " AND performers.gender IN (" . '"' . implode('","', $outGender) . '"' . ")";
}
if (is_array($_GET['sites'])) {
foreach ($_GET['sites'] as $i) {
$outSites[] = mysqli_real_escape_string($dblink, $i);
}
$filterAnd .= " AND performers.site IN (" . '"' . implode('","', $outSites) . '"' . ")";
}
if (is_array($_GET['tags'])) {
foreach ($_GET['tags'] as $i) {
$iAgg[] = $i;
}
$iAgg = implode(" ",$iAgg);
$filterAnd .= " AND (MATCH(performers.tags,performers.persistentTags) AGAINST ('" . mysqli_real_escape_string($dblink, $iAgg) . "')) ";
}
if (is_array($_GET['notTags'])) {
unset($outTags);
foreach ($_GET['notTags'] as $i) {
//$outTags[] .= "performers.tags NOT LIKE '%" . mysqli_real_escape_string($dblink, $i) . "%'";
$outTags[] .= "(NOT MATCH(performers.tags) AGAINST('" . mysqli_real_escape_string($dblink, $i) . "'))";
}
$filterAnd .= " AND (" . implode(" AND ", $outTags) . ")";
}
if (is_array($_GET['languages'])) {
$outLanguages[] .= "(MATCH(performers.spoken_languages) AGAINST('" . mysqli_real_escape_string($dblink, implode(" ",$_GET['languages'])) . "'))";
$filterAnd .= " AND (" . implode(" OR ", $outLanguages) . ")";
}
if (is_array($_GET['ethnicity'])) {
foreach ($_GET['ethnicity'] as $i) {
if($i == 'asian') {
$outEthnicity[] .= "(performers.race LIKE '%asian%' AND performers.race NOT LIKE '%caucasian%')";
}
}
$outEthnicity[] = "(MATCH(performers.race) AGAINST('" . mysqli_real_escape_string($dblink, implode(" ",$_GET['ethnicity'])) . "'))";
$filterAnd .= " AND (" . implode(" OR ", $outEthnicity) . ")";
}
if (is_array($_GET['hair'])) {
$outHair[] = "(MATCH(performers.hair) AGAINST('" . mysqli_real_escape_string($dblink, implode(" ",$_GET['hair'])) . "'))";
$filterAnd .= " AND (" . implode(" OR ", $outHair) . ")";
}
if (is_array($_GET['age'])) {
foreach ($_GET['age'] as $i) {
$i = explode("-", $i);
$outAge[] .= "(performers.age BETWEEN '" . (int) $i[0] . "' AND '" . (int) $i[1] . "')";
}
$filterAnd .= " AND (" . implode(" OR ", $outAge) . ")";
}
$total_results = dbValue("SELECT COUNT(*) AS `count` FROM `performers` WHERE `performers`.`deleted` = 0 AND `performers`.`enabled` = 1 $filterAnd", 'count', true);
$results = dbQuery("SELECT `performers`.*, paysites.slug AS siteSlug, paysites.name as siteName FROM `performers` RIGHT JOIN `paysites` ON `performers`.`site` = `paysites`.`record_num` WHERE `performers`.`deleted` = 0 AND `performers`.`enabled` = 1 AND `paysites`.`enabled` = 1 $filterAnd ORDER BY $orderBy LIMIT $from, $max_results");
$total_pages = ceil($total_results / $max_results);
} else {
//show default (all)
if (!isset($filterAnd)) {
$filterAnd = "";
}
$total_results = dbValue("SELECT COUNT(*) AS `count` FROM `performers` WHERE `performers`.`deleted` = 0 AND `performers`.`enabled` = 1 $filterAnd", 'count', true);
$results = dbQuery("SELECT `performers`.*, paysites.slug AS siteSlug, paysites.name as siteName FROM `performers` RIGHT JOIN `paysites` ON `performers`.`site` = `paysites`.`record_num` WHERE `performers`.`deleted` = 0 AND `performers`.`enabled` = 1 AND `paysites`.`enabled` = 1 $filterAnd ORDER BY $orderBy LIMIT $from, $max_results");
$total_pages = ceil($total_results / $max_results);
}
if (is_array($results)) {
?>
<script>
$("#numModelsOnline").html('<? echo $total_results; ?>');
</script>
<?
$i = 1;
foreach ($results as $row) {
include($template_path . "/template.performer_item.php");
}
if ($total_results > $max_results) {
?>
<div class="col-lg-12 p-0 d-flex justify-content-center mb-3 loadMoreContainer">
<a href='#' id="loadMore" data-page="<?php echo $page + 1; ?>" class="main-btn my-2 text-capitalize header__button">show more</a>
</div>
<?php
}
} else {
echo '<div class="notification-col col">';
?>
<script>
$("#numModelsOnline").html('0');
</script>
<?
echo setMessage(_t("Sorry, no results were found."), 'alert', true);
echo "</div>";
}