HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
$ pwd: /home/httpd/html/seekya.com/DEAD/beta/
Upload Files
File: /home/httpd/html/seekya.com/DEAD/beta/rating.php
<?if ($_GET["vote"]!='' && $_GET["video_code"]!='' && $_GET["vote"]>=1 && $_GET["vote"]<=10)
{
	$ip=GetIP();
	$sql="select count(*) from rating_master where rating_ip='".$ip."' and video_code='".$_GET["video_code"]."'";
	$cmdrating = mysql_query($sql);
	
	$rsrating = mysql_fetch_array($cmdrating);
		if ($rsrating[0]==0)
			{
				$sql="insert into rating_master(rating_vote,video_code,rating_date,rating_ip)values(".$_GET["vote"].",'".$_GET["video_code"]."',now(),'".$ip."')";
				mysql_query($sql);

				$sql="update video_master set video_votes=video_votes+".$_GET["vote"].",video_votes_count=video_votes_count+1 where video_code='".$_GET["video_code"]."'";
				mysql_query($sql);

			}
			redirect($_SERVER["HTTP_REFERER"]);
}


if ($_GET["video_code"]!='' && $_GET["comments"]!='' && $_GET["user_name"]!='')
{
	$listing_date=date("Y-m-d");	
	$sql="insert into comment_master(video_code,comments,user_name,comment_date)values('".$_GET["video_code"]."','".strip_tags($_GET["comments"])."','".strip_tags($_GET["user_name"])."','".$listing_date."')";
	mysql_query($sql);
	redirect("index.php");
}

if ($_POST["video_title"]!='' && $_POST["submitvideo"]!='')
{
	$listing_date=date("Y-m-d");
	$passwordrandom=genpasswordnum(18);
	if ($_SESSION["user_id"]!='')
		$sql="insert into video_master(video_title,video_description,video_code,video_date,video_category,video_status,user_id)values('".$_POST["video_title"]."','".$_POST["video_description"]."','".$passwordrandom."','".$listing_date."',".$_POST["video_category"].",0,".$_SESSION["user_id"].")";
	else
		$sql="insert into video_master(video_title,video_description,video_code,video_date,video_category,video_status)values('".$_POST["video_title"]."','".$_POST["video_description"]."','".$passwordrandom."','".$listing_date."',".$_POST["video_category"].",0)";
		

	mysql_query($sql);
	
	redirect("submit.php?stage=2&video_code=".$passwordrandom);
}
if (!empty($_POST["submitvideo2"])) {
	$flname = $_FILES["video_file"]["name"];
	$flarr = explode(".", $flname);
	$flext = strtolower($flarr[count($flarr)-1]);
	if ($flext=="")
		redirect("submit.php?stage=2&error=3&video_code=".$_GET["video_code"]);
	if ($flext!="wmv" && $flext!="zip")
		{
			redirect("submit.php?stage=2&error=1&video_code=".$_GET["video_code"]);
		}
	
		

		if (move_uploaded_file($_FILES["video_file"]["tmp_name"], "videodir/" . $_GET["video_code"] ."." . $flext))
		{
			
			
			$sql="update video_master set video_file='".$_GET["video_code"].".".$flext."',video_size='".round($_FILES["video_file"]["size"]/1000,1)."' where video_code='".$_GET["video_code"]."' and video_status=0";
			
			mysql_query($sql);
		}

			//include("admin/create.php");

			$sql="update video_master set video_time='".$timevideo."',video_image='". $_GET["video_code"].".png' where video_code='".$_GET["video_code"]."' and video_status=0";
			
			mysql_query($sql);
		//Image Code ends
		if ($_POST["webmaster"]!='')
		$sql="update video_master set webmaster_comments='". $_POST["webmaster"]."' where video_code='".$_GET["video_code"]."' and video_status=0";
			
			mysql_query($sql);
			

		redirect("submit.php?stage=3&video_code=".$_GET["video_code"]);

}
?>
@ Telegram