File: /home/httpd/html/tubeshemale.com/public_html/includes/inc.post_profile_comment.php
<?
session_start();
include '../admin/db.php';
if(!$_POST[id] || !$_SESSION[userid]) { header("Location: /index.php"); exit(); }
$_POST[name] = $_SESSION[username];
if(!$_POST[comment]) { exit(); }
$comment = mysql_real_escape_string(strip_tags($_POST[comment]));
$name = mysql_real_escape_string(strip_tags($_POST[name]));
$userid = mysql_real_escape_string(strip_tags($_POST[userid]));
$id = mysql_real_escape_string($_POST[id]);
$now = time() - 60;
$throttle = mysql_query("SELECT record_num FROM profile_comments WHERE name = '$_SESSION[username]' AND timestamp > '$now'") or die(mysql_error());
if(mysql_num_rows($throttle) > 0) {
echo "You may only post a comment once every 60 seconds<br>";
exit();
}
$result = mysql_query("SELECT record_num FROM users WHERE record_num = '$id'");
if(mysql_num_rows($result) > 0) {
mysql_query("INSERT INTO profile_comments (`userid`, name, comment, `profile`, timestamp, ip) VALUES ('$_SESSION[userid]','$name','$comment','$id','".time()."','$_SERVER[REMOTE_ADDR]')") or die(mysql_error());
echo "Thank you! Wall post has been added.<br>";
exit();
}
else {
exit();
}
?>