bi4VGQvE

· 4 years ago · Dec 09, 2020, 03:56 AM
1<?php
2include("bl_Common.php");
3
4$name    = safe($_POST['name']);
5$title   = safe($_POST['title']);
6$content = safe($_POST['content']);
7$hash    = safe($_POST['hash']);
8$typ     = safe($_POST['type']);
9$reply   = safe($_POST['reply']);
10$id      = safe($_POST['id']);
11
12$link = dbConnect();
13
14$name    = stripslashes($name);
15$name    = mysqli_real_escape_string($link, $name);
16$title   = stripslashes($title);
17$title   = mysqli_real_escape_string($link, $title);
18$content = stripslashes($content);
19$content = mysqli_real_escape_string($link, $content);
20$reply   = stripslashes($reply);
21$reply   = mysqli_real_escape_string($link, $reply);
22
23
24$real_hash = md5($name . $secretKey);
25if ($real_hash == $hash) {
26    if ($typ == "1") {
27        $sql = "INSERT INTO MyGameTickets (name, title, content) VALUES ('$name', '$title', '$content')";
28        if ($check = mysqli_query($link, $sql)) {
29            echo "success";
30        } else {
31            die(mysqli_error($link));
32        }
33    } else if ($typ == "2") {
34        
35        $check = mysqli_query($link, "SELECT * FROM MyGameTickets WHERE name ='$name' AND close !='2' ") or die(mysqli_connect_error());
36        $numrows = mysqli_num_rows($check);
37        if ($numrows == 0) {
38            echo "none";
39        } else {
40            while ($row = mysqli_fetch_assoc($check)) {
41                echo "reply";
42                echo "|";
43                echo $row['content'];
44                echo "|";
45                echo $row['reply'];
46                echo "|";
47                echo $row['id'];
48                echo "|";
49            }
50        }
51        
52    } else if ($typ == "3") {
53        
54        $query = "SELECT * FROM `MyGameTickets` WHERE close ='0'";
55        $result = mysqli_query($link, $query) or die('Query failed: ' . mysqli_connect_error());
56        $num_results = mysqli_num_rows($result);
57        
58        if ($num_results > 0) {
59            for ($i = 0; $i < $num_results; $i++) {
60                $row = mysqli_fetch_array($result);
61                
62                echo $row['title'] . "|" . $row['content'] . "|" . $row['reply'] . "|" . $row['id'] . "|" . $row['name'] . "|&&";
63                
64            }
65        }
66    } else if ($typ == "4") {
67        
68        $check = mysqli_query($link, "UPDATE MyGameTickets SET reply='" . $reply . "', close='1' WHERE id='$id'") or die(mysqli_connect_error());
69        if ($check) {
70            echo "success";
71        }
72    } else if ($typ == "5") {
73        
74        $check = mysqli_query($link, "DELETE FROM MyGameTickets  WHERE id='$id'") or die(mysqli_connect_error());
75        if ($check) {
76            echo "success";
77        }
78    } else {
79        die("Any type are assigned with this id:" . $typ . " for user: " . $name);
80    }
81    
82} else {
83    die("You don't have permission for this! " . $name . " " . $secretKey);
84}
85
86mysqli_close($link);
87?>