File: /home/httpd/html/porn.tw/public_html/controllers/control.video.php
<?php
//invalid id number, so we 404
if(!$_GET['awe']) {
if (!is_numeric($_GET['id'])) {
pageNotFound();
} else {
$id = (int) $_GET['id'];
}
} else {
$id = mysqli_real_escape_string($dblink, $_GET['id']);
}
//update views
if (!$_GET['image'] && !$_GET['awe']) {
dbQuery("UPDATE `content_views` SET `views` = `views` + 1 WHERE `content` = '$id'");
dbQuery("INSERT INTO `watch_log` (`content`, `user`, `time`) VALUES ('$id', '" . (int) $_SESSION['userid'] . "', NOW()) ON DUPLICATE KEY UPDATE `content` = '$id', `user` = '" . (int) $_SESSION['userid'] . "', `time` = NOW()");
}
if($_GET['awe']) {
//video is from AWE API.
$rrow = getAweDetails($id);
} else {
//fetch video page data
$langSelect = "";
$langJoin = "";
$langWhere = "";
if ($currentLang) {
$langSelect .= ", content_languages.title AS langTitle, content_languages.description AS langDescription, content_languages.keywords AS langKeywords";
$langJoin .= " LEFT JOIN content_languages ON content_languages.content = content.record_num AND content_languages.language = '$currentLang'";
$langWhere .= " ";
}
$rrow = dbRow("SELECT `content`.*, IFNULL(`content_views`.`views`, 0) AS `views`, IFNULL(`users`.`username`, 'Anonymous') AS `username` $langSelect FROM `content` LEFT JOIN `users` ON `users`.`record_num` = `content`.`submitter` LEFT JOIN `content_views` ON `content_views`.`content` = `content`.`record_num` $langJoin WHERE `content`.`record_num` = '$id' AND `content`.`enabled` = 1 AND `content`.`photos` = 0 $langWhere LIMIT 1", $video_cache_time > 0, $video_cache_time);
if ($rrow['langTitle']) {
$rrow['title'] = $rrow['langTitle'];
}
if ($rrow['langDescription']) {
$rrow['description'] = $rrow['langDescription'];
}
if ($rrow['langKeywords']) {
$rrow['keywords'] = $rrow['langKeywords'];
}
if (!is_numeric($rrow['record_num'])) {
//data doesn't exist, throw a 404
$rrow = dbRow("SELECT * FROM `content_deleted` WHERE `content` = '$id'", $video_cache_time > 0, $video_cache_time);
if ($rrow['content']) {
include($basepath . '/controllers/control.softdelete.php');
exit();
} else {
pageNotFound();
}
}
}
//data is external link / plug, so we redirect and exit
if ($rrow['plug_url']) {
header("Location: " . $rrow['embed']);
exit();
}
//grab ads
$ads = getAds($rrow['paysite']);
//seo
$_meta['title'] = $rrow['title'];
$_meta['meta_description'] = $rrow['description'] != "" ? $rrow['description'] : $rrow['title'];
$_meta['meta_keywords'] = $rrow['keywords'];
if ($rrow['paysite'] != 0) {
$prow = dbRow("SELECT `name`, `url` FROM `paysites` WHERE `record_num` = '$rrow[paysite]'", true, $overall_cache_time);
$rrow['paysiteurl'] = $prow['url'];
$rrow['paysitename'] = $prow['name'];
} else {
$rrow['paysiteurl'] = $basehttp;
$rrow['paysitename'] = $sitename;
}
//prepend force related to related string
if ($rrow['force_related']) {
if ($rrow['related']) {
$rrow['related'] = $rrow['force_related'] . ',' . $rrow['related'];
} else {
$rrow['related'] = $rrow['force_related'];
}
}
if ($rrow['embed']) {
if (stripos($rrow['embed'], '<iframe') !== false) {
$rrow['embed'] = str_ireplace("<iframe", "<iframe scrolling='no' ", $rrow['embed']);
}
}
$_access = true;
if ($rrow['access_level'] > 0 && !$_SESSION['isAdmin']) {
if ($rrow['access_level'] == 1) {
if (!$_SESSION['userid'] && !$_SESSION['isAdmin']) {
$_access = false;
} else {
$checkFriend = dbQuery("SELECT record_num FROM friends WHERE ((`user` = '$_SESSION[userid]' AND `friend` = '$rrow[submitter]') OR (`friend` = '$_SESSION[userid]' AND `user` = '$rrow[submitter]')) AND approved = 1");
if (count($checkFriend) < 1) {
$_access = false;
}
}
}
if ($rrow['access_level'] == 2) {
if (!$_SESSION['premium'] && !$_SESSION['isAdmin']) {
$_access = false;
}
}
}
$_template_header = 'video_header';
$_template_content = 'video_content';
$_template_footer = 'video_footer';
?>