np.phps
<?
error_reporting(E_ALL);
if(isset($_POST['uid']) && ctype_alnum($_POST['uid']) === true && ctype_digit($_POST['Playing']) === true)
{
mysql_connect(':/var/run/mysqld/mysqld.sock','erik','fisk');
mysql_select_db('songs') or error_log(mysql_error());
$res = mysql_query('select playing from users where user = "'.sqle($_POST['uid']).'" and pass = "'.sqle($_POST['pass']).'"') or error_log(mysql_error());
if(mysql_num_rows($res) !== 1)
{ // no user found, yay!
exit();
}
$playing = mysql_fetch_row($res);
if($playing !== $_POST['Playing'])
{
mysql_query('UPDATE users set playing = '.$_POST['Playing']) or error_log(mysql_error());
if($_POST['Playing'] != '1')
{
exit();
}
}
mysql_query('INSERT INTO songs (artist,title,album,genre,length,quality,filename,user,timestamp) VALUES ("'.sqle($_POST['Artist1']).'","'.sqle($_POST['Title1']).'","'.sqle($_POST['Album1']).'","'.sqle($_POST['Genre1']).'","'.sqle($_POST['Length1']).'","'.sqle($_POST['Quality1']).'","'.sqle($_POST['Filename1']).'","'.sqle($_POST['uid']).'",NOW())') or error_log(mysql_error());
} else
{
die('Invalid request.');
}
function sqle($str)
{
return mysql_real_escape_string($str);
}
?>