Location: PHPKode > projects > phpBlogger > sharerset.php
<?php session_start();
/* * ********************************************************************
*  Copyright notice PHP Blogger 1.2.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpblogger[dot]org
*  All rights reserved
*
*  This script is part of the PHP Blogger project. 
*  The PHP Blogger project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
##############################
# shareset.php version 1.1.5.#
##############################
include ('settings.php');
require_once ('languages/lang_'.$language.'.php');
require_once ('salt.php');
require_once ('classes/securesession.class.php');
if($editortrue == 2) {
echo $lang['SHARERNO'];
die();
}
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) {
	die();
}
$shouter = $_SESSION['INC_USER_ID'];
$arecordSet = &$conn->Execute('SELECT * FROM users WHERE usid = ? LIMIT 1', array($shouter));
if(!$arecordSet)
	print $conn->ErrorMsg();
else
	while(!$arecordSet->EOF) {
		$kori = $arecordSet->fields['usid'];
		$usercc = $arecordSet->fields['username'];
		$thumbs = $arecordSet->fields['thumbs'];
		$eeuser = $arecordSet->fields['email'];
		$arecordSet->MoveNext();
	}
if(get_magic_quotes_gpc()) {
	$areass = stripslashes($_POST['areass']);
} else {
	$areass = $_POST['areass'];
}
$list = "/(content-type|mime-version|content-transfer-encoding|to:|bcc:|cc:|document.cookie|document.write|onmouse|onkey|onclick|onload)/i";
if(preg_match($list,$areass)) {
			echo "<div id=\"toprow\"> '??'";
			die();
		}
if(preg_match("/</",$areass)) {
	echo "<center><div id=\"toprow\">Invalid Characters \"<\" HTML is not allowed <a href=\"javascript:location.reload(true)\">Go Back</a>";
	Die();
}
if(preg_match("/\\[/",$areass)) {
	echo "<center><div id=\"toprow\">Invalid Characters \"[\" BB code is not allowed <a href=\"javascript:location.reload(true)\">Go Back</a>";
	Die();
}
if(strlen($areass) < 4) {
	echo "<center>Field must be at least 4 characters long:
<a href=\"javascript:location.reload(true)\">Go Back</a>";
	die();
}
if(strlen($areass) > 300) {
	echo "<center>Max Characters Field: 300
<a href=\"javascript:location.reload(true)\">Go Back</a>";
	die();
}
if(@$_SESSION["reloads"] == $areass) {
	echo "Whoops, you already said that.";
	die();
}
if(@$_SESSION["noreloads"] > 6) {
	echo "Error";
	die();
}
@$_SESSION["noreloads"] = @$_SESSION["noreloads"] + 1;
@$_SESSION["reloads"] = $areass;
$time = date("Y-m-d H:i:s");
$areass = $conn->addq($areass);
$sql = $conn->Prepare('INSERT INTO comment (userid,texty,imgs,date,amess) VALUES (?, ?, ?, ?, ?)');
if($conn->Execute($sql,array($kori,$usercc,$thumbs,$time,$areass)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
$kori = $conn->addq($kori);
$sql2 = $conn->Prepare('UPDATE users SET nofposts = nofposts + ? WHERE usid = ?');
if($conn->Execute($sql2,array(1,$kori)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
$conn->Close();
?>
<font style="font-size:24px;color:#51537E;margin:22px">See You Later Alligator</font>
<script type="text/javascript">
function closeWindow() {
setTimeout(function() {
window.close();
}, 1200);
}
window.onload = closeWindow();
</script>
Return current item: phpBlogger