Файл: X-MAN/upload/show.php
Строк: 57
<?
include ("config/bd.php");
function code($url,$code)
{
$key = "hGqb381".$code;
$hash = md5($url.$key);
$hash = substr($hash, 0, 5);
return $hash;
}
function err($str)
{
echo("<html>
<head>
<title>Error $str</title>
<style>
BODY {background-color:#323232; color:#efefef; margin-top:50px;}
H1 {margin:auto;}
</style>
</head>
<body>
<div align='center'>
<h1>Ошибка: $str</h1>
</div>
</body>
</html>");
}
$id = (int)$_GET['id'];
$hash = (string)trim($_GET['hash']);
$result = mysql_query("SELECT active,count,scan,bann,url,pos FROM url WHERE id='$id'",$db);
$myrow = mysql_fetch_array($result);
$url = $myrow['url'];
$pos = $myrow['pos'];
$user_scan = $myrow['scan'];
$hash4 = code($url,'show'.$user_scan);
if ($hash != $hash4) {err("#105035<br>Некорректный хэш"); exit('');}
$user_scan_n = $user_scan+1;
mysql_query("UPDATE url SET scan='$user_scan_n' WHERE id='$id'",$db);
$flag = false;
$result2 = mysql_query("SELECT * FROM url WHERE NOT id='$id' AND bann='0' AND active='1' ORDER BY `id` DESC ",$db);
$myrow2 = mysql_fetch_array($result2);
$i = $myrow['pos'];
do
{
if (($i >= $myrow2['id']) OR ($i == 0))
{
$ech = $myrow2['url'];
$npos = $myrow2['id']-1;
$nscan = $myrow2['review']-1;
$nall = $myrow2['allcount']+1;
$site_count = $myrow2['count'];
mysql_query("UPDATE url SET pos='$npos' WHERE id='$id'",$db);
mysql_query("UPDATE url SET review='$nscan' WHERE url='$ech'",$db);
mysql_query("UPDATE url SET allcount='$nall' WHERE url='$ech'",$db);
if ($nscan == 0)
{
mysql_query("UPDATE url SET active='2' WHERE url='$ech'",$db);
}
$flag = true;
break;
}
$i = $myrow['pos'];
}
while($myrow2 = mysql_fetch_array($result2));
if(!$flag) {err("#105057<br>Вы просмотрели все доступные сайты."); exit('');}
print <<<HERE
<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<title>Обмен визитами</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
</head>
<frameset>
<frame name="frmurl" id="frmurl" src="$ech">
</frameset><noframes></noframes>
</html>
HERE;
?>