HEX

File: /home/httpd/html/porn.tw/public_html/controllers/control.gallery.php
<?php

//invalid id number, so we 404
if (!is_numeric($_GET['id'])) {
    pageNotFound();
} else {
    $id = (int) $_GET['id'];
}

//update views
if (!$_GET['image']) {
    dbQuery("UPDATE `content_views` SET `views` = `views` + 1 WHERE `content` = '$id'");
    dbQuery("INSERT INTO `watch_log` (`content`, `user`, `time`) VALUES ('$id', '" . (int) $_SESSION['userid'] . "', NOW()) ON DUPLICATE KEY UPDATE `content` = '$id', `user` = '" . (int) $_SESSION['userid'] . "', `time` = NOW()");
}

if ($template_name == 'default_tube2019' && (!isset($_GET['image']) || $_GET['image'] == '')) {
    $_GET['image'] = 1;
}

//fetch gallery page data
$langSelect = "";
$langJoin = "";
$langWhere = "";
if ($currentLang) {
    $langSelect .= ", content_languages.title AS langTitle, content_languages.description AS langDescription, content_languages.keywords AS langKeywords";
    $langJoin .= " LEFT JOIN content_languages ON content_languages.content = content.record_num AND content_languages.language = '$currentLang'";
    $langWhere .= " ";
}

$rrow = dbQuery("SELECT `content`.*, (SELECT filename FROM images WHERE images.record_num = content.thumbnail) AS thumbfile, IFNULL(`content_views`.`views`, 0) AS `views`, IFNULL(`users`.`username`, 'Anonymous') AS `username` $langSelect FROM `content` LEFT JOIN `users` ON `users`.`record_num` = `content`.`submitter` LEFT JOIN `content_views` ON `content_views`.`content` = `content`.`record_num` $langJoin WHERE `content`.`record_num` = '$id' AND `content`.`enabled` = 1 AND `content`.`photos` = 1 $langWhere LIMIT 0,1", true, $video_cache_time);
$rrow = $rrow[0];
if ($rrow['langTitle']) {
    $rrow['title'] = $rrow['langTitle'];
}
if ($rrow['langDescription']) {
    $rrow['description'] = $rrow['langDescription'];
}
if ($rrow['langKeywords']) {
    $rrow['keywords'] = $rrow['langKeywords'];
}

if (!is_numeric($rrow['record_num'])) {
    //data doesn't exist, throw a 404
    $rrow = dbQuery("SELECT * FROM `content_deleted` WHERE `content` = '$id'", true, $video_cache_time);
    $rrow = $rrow[0];
    if ($rrow['content']) {
        include($basepath . '/controllers/control.softdelete.php');
        exit();
    } else {
        pageNotFound();
    }
}

//data is external link / plug, so we redirect and exit
if ($rrow['external_link']) {
    header("Location: " . $rrow['external_link']);
    exit();
}

//grab ads
$ads = getAds($rrow['paysite']);

if ($rrow['paysite'] != 0) {
    $prow = dbQuery("SELECT `paysites`.`name`, `paysites`.`url` FROM `paysites` WHERE `record_num` = '$rrow[paysite]'");
    $prow = $prow[0];
    $rrow['paysiteurl'] = $prow['url'];
    $rrow['paysitename'] = $prow['name'];
} else {
    $rrow['paysiteurl'] = $basehttp;
    $rrow['paysitename'] = $sitename;
}

//prepend force related to related string
if ($rrow['force_related']) {
    $rrow['related'] = $rrow['force_related'] . ',' . $rrow['related'];
}

//seo
$_meta['title'] = $rrow['title'];
$_meta['meta_description'] = $rrow['description'];
$_meta['meta_keywords'] = $rrow['keywords'];

//images - previously in template.gallery_content.php
$result = dbQuery("SELECT * FROM images WHERE gallery = '$rrow[record_num]' ORDER BY LENGTH(filename), filename ASC", true);
$galleryUrl = generateUrl('galleries', $rrow['title'], $rrow['record_num']);

if (is_numeric($_GET['image'])) {
    $key = $_GET['image'] - 1;
    $imageUrl = "$gallery_url/$rrow[filename]/" . $result[$key]['filename'];
}

$_template_header = 'video_header';
$_template_content = 'gallery_content';
$_template_footer = 'video_footer';
?>