np.phps

  1. <?
  2. error_reporting(E_ALL);
  3.  
  4. if(isset($_POST['uid']) && ctype_alnum($_POST['uid']) === true && ctype_digit($_POST['Playing']) === true)
  5. {
  6.   mysql_connect(':/var/run/mysqld/mysqld.sock','erik','fisk');
  7.   mysql_select_db('songs') or error_log(mysql_error());
  8.   
  9.   $res = mysql_query('select playing from users where user = "'.sqle($_POST['uid']).'" and pass = "'.sqle($_POST['pass']).'"') or error_log(mysql_error());
  10.   if(mysql_num_rows($res) !== 1)
  11.   { // no user found, yay!
  12.     exit();
  13.   }
  14.   $playing = mysql_fetch_row($res);
  15.   if($playing !== $_POST['Playing'])
  16.   {
  17.     mysql_query('UPDATE users set playing = '.$_POST['Playing']) or error_log(mysql_error());
  18.     if($_POST['Playing'] != '1')
  19.     {
  20.       exit();
  21.     }
  22.   }
  23.   mysql_query('INSERT INTO songs (artist,title,album,genre,length,quality,filename,user,timestamp) VALUES ("'.sqle($_POST['Artist1']).'","'.sqle($_POST['Title1']).'","'.sqle($_POST['Album1']).'","'.sqle($_POST['Genre1']).'","'.sqle($_POST['Length1']).'","'.sqle($_POST['Quality1']).'","'.sqle($_POST['Filename1']).'","'.sqle($_POST['uid']).'",NOW())') or error_log(mysql_error());
  24. } else
  25. {
  26.   die('Invalid request.');
  27. }
  28.  
  29. function sqle($str)
  30. {
  31.   return mysql_real_escape_string($str);
  32. }
  33.  
  34. ?>