File: /home/httpd/html/porn.tw/public_html/controllers/control.members.php
<?php
$filterAnd = "";
if ($_POST) {
$_POST = mysql_real_escape_array($_POST);
// set name
if (!empty($_POST['name'])) {
$_SESSION['ms']['name'] = mysqli_real_escape_string($dblink,$_POST['name']);
} else {
unset($_SESSION['ms']['name']);
}
// set age
$ageF = explode(";", $_POST['filter_age']);
if (!empty($ageF) && $ageF[0] > 18) {
$_SESSION['ms']['ageFrom'] = mysqli_real_escape_string($dblink,$ageF[0]);
} else {
unset($_SESSION['ms']['ageFrom']);
}
if (!empty($ageF) && $ageF[1] < 98) {
$_SESSION['ms']['ageTo'] = mysqli_real_escape_string($dblink,$ageF[1]);
} else {
unset($_SESSION['ms']['ageTo']);
}
// set location
if (!empty($_POST['location'])) {
$_SESSION['ms']['location'] = mysqli_real_escape_string($dblink,$_POST['location']);
} else {
unset($_SESSION['ms']['location']);
}
// set gender
if ($_POST['gender'] != "all") {
$_SESSION['ms']['gender'] = mysqli_real_escape_string($dblink,$_POST['gender']);
} else {
unset($_SESSION['ms']['gender']);
}
// set avatar
if ($_POST['hasAvatar'] == 1) {
$_SESSION['ms']['avatar'] = mysqli_real_escape_string($dblink,$_POST['hasAvatar']);
} else {
unset($_SESSION['ms']['avatar']);
}
// set videos
if ($_POST['hasVideos'] == 1) {
$_SESSION['ms']['video'] = mysqli_real_escape_string($dblink,$_POST['hasVideos']);
} else {
unset($_SESSION['ms']['video']);
}
// set photos
if ($_POST['hasPhotos'] == 1) {
$_SESSION['ms']['photo'] = mysqli_real_escape_string($dblink,$_POST['hasPhotos']);
} else {
unset($_SESSION['ms']['photo']);
}
}
if ($_GET[sortby] == "date_joined") {
$_SESSION['ms']['order'] = "ORDER BY date_joined";
} else if ($_GET[sortby] == "alphabetical") {
$_SESSION['ms']['order'] = "ORDER BY username";
}
if ($_SESSION['ms']['order']) {
$order = mysqli_real_escape_string($dblink,$_SESSION['ms']['order']);
} else {
$order = "ORDER BY username";
}
if ($_GET['clearForm'] == "1") {
unset($_SESSION['ms']);
}
$max_results = $results_per_page;
if (!isset($_GET['page']) || $_GET[page] == '' || !is_numeric($_GET[page])) {
$page = 1;
} else {
$page = (int)$_GET['page'];
}
$from = (($page * $max_results) - $max_results);
// SET FILTERS
if ($_SESSION['ms']['name']) {
$filterAnd .= " AND users.username LIKE '%" . $_SESSION['ms']['name'] . "%'";
}
if ($_SESSION['ms']['ageFrom']) {
$filterAnd .= " AND users.age >= '" . (int) $_SESSION['ms']['ageFrom'] . "'";
}
if ($_SESSION['ms']['ageTo']) {
$filterAnd .= " AND users.age <= '" . (int) $_SESSION['ms']['ageTo'] . "'";
}
if ($_SESSION['ms']['location']) {
$filterAnd .= " AND users.location LIKE '%" . $_SESSION['ms']['location'] . "%'";
}
if ($_SESSION['ms']['gender']) {
$filterAnd .= " AND users.gender = '" . $_SESSION['ms']['gender'] . "'";
}
if ($_SESSION['ms']['avatar']) {
$filterAnd .= " AND users.avatar != ''";
}
// ONLY VIDEO
$photos = 'AND content.photos = 0';
// ALL
if ($_SESSION['ms']['photo'] && $_SESSION['ms']['video']) {
$photos = '';
} else if ($_SESSION['ms']['photo'] && !$_SESSION['ms']['video']) {
$photos = 'AND content.photos = 1';
}
// ONLY PHOTOS
if ($_SESSION['ms']['video'] || $_SESSION['ms']['photo']) {
$filterAnd .= " AND users.record_num IN(SELECT content.submitter FROM content WHERE content.enabled = '1' content.submitter = users.record_num $photos)";
}
$result = dbQuery("SELECT COUNT(record_num) AS counter FROM users WHERE date_joined != 0 $filterAnd", true);
$total_results = $result[0]['counter'];
$result = dbQuery("SELECT * FROM users WHERE date_joined != 0 $filterAnd $order ASC LIMIT $from,$max_results", true);
$total_pages = ceil($total_results / $max_results);
?>