sibtracker/system/ajax/favorites.php

<?php
@session_start();
@error_reporting( 7 );
@ini_set( 'display_errors', true );
@ini_set( 'html_errors', false );

define( 'DATALIFEENGINE', true );
define( 'ROOT_DIR', substr( dirname(  __FILE__ ), 0, -12 ) );
define( 'SYSTEM_DIR', ROOT_DIR . '/system' );

include SYSTEM_DIR . '/data/config.php';
require_once SYSTEM_DIR . '/classes/mysql.php';
require_once SYSTEM_DIR . '/data/dbconfig.php';
require_once SYSTEM_DIR . '/modules/functions.php';

$_REQUEST['skin'] = totranslit($_REQUEST['skin'], false, false);
if( ! @is_dir( ROOT_DIR . '/templates/' . $_REQUEST['skin'] ) ) {die( "Hacking attempt!" );} else {$config['skin'] = $_REQUEST['skin'];}
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];

require_once SYSTEM_DIR . '/modules/sitelogin.php';

if( ! $is_logged ) die( "error" );
$id = intval( $_REQUEST['fav_id'] );
if( ! $id ) die( "error" );

if( $_REQUEST['action'] == "plus" ) {
    $error = "";
	$list = explode( ",", $member_id['favorites'] );
	foreach ( $list as $daten ) {if( $daten == $id ) $error = "stop";}
	if( $error != "stop" ) {
		$list[] = $id;
		$favorites = implode( ",", $list );
		if( $member_id['favorites'] == "" ) $favorites = $id;
		$member_id['favorites'] = $favorites;
		$db->query( "UPDATE " . USERPREFIX . "_users set favorites='$favorites' where user_id = '$member_id[user_id]'" );
	}
	$buffer = "<img src=\"" . $config['http_home_url'] . "templates/{$config['skin']}/images/del_fav.png\" onclick=\"doFavorites('" . $id . "', 'minus'); return false;\" title=\"" . $lang['news_minfav'] . "\" style=\"vertical-align: middle;border: none;\" />";

} elseif( $_REQUEST['action'] == "minus" ) {
	$list = explode( ",", $member_id['favorites'] );
	$i = 0;
	foreach ( $list as $daten ) {if( $daten == $id ) unset( $list[$i] ); $i ++;}
	if( count( $list ) ) $member_id['favorites'] = $db->safesql(implode( ",", $list )); else $member_id['favorites'] = "";
	$db->query( "UPDATE " . USERPREFIX . "_users set favorites='$member_id[favorites]' where user_id = '$member_id[user_id]'" );
	$buffer = "<img src=\"" . $config['http_home_url'] . "templates/{$config['skin']}/images/add_fav.png\" onclick=\"doFavorites('" . $id . "', 'plus'); return false;\" title=\"" . $lang['news_addfav'] . "\" style=\"vertical-align: middle;border: none;\" />";

} else die( "error" );
$db->close();

@header( "Content-type: text/html; charset=" . $config['charset'] );
echo $buffer;
?>
message 2019-05-18 13:46:03 +08:00			`<?php`
			`@session_start();`
			`@error_reporting( 7 );`
			`@ini_set( 'display_errors', true );`
			`@ini_set( 'html_errors', false );`

			`define( 'DATALIFEENGINE', true );`
			`define( 'ROOT_DIR', substr( dirname( __FILE__ ), 0, -12 ) );`
			`define( 'SYSTEM_DIR', ROOT_DIR . '/system' );`

			`include SYSTEM_DIR . '/data/config.php';`
			`require_once SYSTEM_DIR . '/classes/mysql.php';`
			`require_once SYSTEM_DIR . '/data/dbconfig.php';`
			`require_once SYSTEM_DIR . '/modules/functions.php';`

			`$_REQUEST['skin'] = totranslit($_REQUEST['skin'], false, false);`
			`if( ! @is_dir( ROOT_DIR . '/templates/' . $_REQUEST['skin'] ) ) {die( "Hacking attempt!" );} else {$config['skin'] = $_REQUEST['skin'];}`
			`include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';`
			`$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];`

			`require_once SYSTEM_DIR . '/modules/sitelogin.php';`

			`if( ! $is_logged ) die( "error" );`
			`$id = intval( $_REQUEST['fav_id'] );`
			`if( ! $id ) die( "error" );`

			`if( $_REQUEST['action'] == "plus" ) {`
			`$error = "";`
			`$list = explode( ",", $member_id['favorites'] );`
			`foreach ( $list as $daten ) {if( $daten == $id ) $error = "stop";}`
			`if( $error != "stop" ) {`
			`$list[] = $id;`
			`$favorites = implode( ",", $list );`
			`if( $member_id['favorites'] == "" ) $favorites = $id;`
			`$member_id['favorites'] = $favorites;`
			`$db->query( "UPDATE " . USERPREFIX . "_users set favorites='$favorites' where user_id = '$member_id[user_id]'" );`
			`}`
			`$buffer = "<img src=\"" . $config['http_home_url'] . "templates/{$config['skin']}/images/del_fav.png\" onclick=\"doFavorites('" . $id . "', 'minus'); return false;\" title=\"" . $lang['news_minfav'] . "\" style=\"vertical-align: middle;border: none;\" />";`

			`} elseif( $_REQUEST['action'] == "minus" ) {`
			`$list = explode( ",", $member_id['favorites'] );`
			`$i = 0;`
			`foreach ( $list as $daten ) {if( $daten == $id ) unset( $list[$i] ); $i ++;}`
			`if( count( $list ) ) $member_id['favorites'] = $db->safesql(implode( ",", $list )); else $member_id['favorites'] = "";`
			`$db->query( "UPDATE " . USERPREFIX . "_users set favorites='$member_id[favorites]' where user_id = '$member_id[user_id]'" );`
			`$buffer = "<img src=\"" . $config['http_home_url'] . "templates/{$config['skin']}/images/add_fav.png\" onclick=\"doFavorites('" . $id . "', 'plus'); return false;\" title=\"" . $lang['news_addfav'] . "\" style=\"vertical-align: middle;border: none;\" />";`

			`} else die( "error" );`
			`$db->close();`

			`@header( "Content-type: text/html; charset=" . $config['charset'] );`
			`echo $buffer;`
			`?>`