<?
session_start();
if(!$_POST) { 
	exit(); 
}
set_time_limit(86400);
include '../admin/db.php';
$newfilename = mysql_real_escape_string($_POST["hidFileID"]);
$filename = trim(str_replace("\n","",$newfilename));
if($filename == 'CantMoveFile') { exit("CantMoveFile"); }
if($filename == 'InvalidExtension') { exit("InvalidExtension"); } 
if(eregi('.flv',$newfilename)) {
	$newfilename = substr($filename,0,-4).'.flv';
}
else {
	$newfilename = substr($filename,0,-4).'.mp4';
}
$filesize = filesize($content_path.'/'.$filename);
$_POST[keywords] = htmlentities(html_entity_decode($_POST[keywords]));
$_POST[pornstars] = htmlentities(html_entity_decode($_POST[pornstars]));
$_POST[description] = htmlentities(html_entity_decode($_POST[description]));
$_POST[title] = htmlentities(html_entity_decode($_POST[title]));
$_POST[channel] = htmlentities(html_entity_decode($_POST[channel]));
$_POST[paysite] = htmlentities(html_entity_decode($_POST[paysite]));
$_POST = mysql_real_escape_array($_POST);
mysql_query("INSERT INTO content (length, title, filename, orig_filename, description, keywords, date_added, submitter, ip, approved, paysite) VALUES ('$length', '$_POST[title]', '".$newfilename."', '$filename',  '$_POST[description]', '$_POST[keywords]', NOW(), '$_SESSION[userid]', '$_SERVER[REMOTE_ADDR]',  '$approved', '$_POST[paysite]')") or die(mysql_error());
$insert = mysql_insert_id();
mysql_query("INSERT INTO content_niches (content, niche) VALUES ('$insert', '$_POST[channel]')");
header("Location: $basehttp/thanks.php");
exit();
?>