Subversion Repositories cheapmusic

<?php

include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/hosting.php');

if (isset($_POST["target"])) {

    include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/constants.php');

    include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/sessions_db.php');

    include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/cryptor.php');

    include_once ("php/NonceUtil.php");

    $configFile = parse_ini_file(FCM_CONFIGFILE, true);

    $crypt = Cryptor::getInstance($configFile['cryptor']);

    $tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);

    $handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);

    $systemConf = $configFile['system'];

    unset($configFile);

    session_set_cookie_params(604800, '/', '.findcheapmusic.com', true, true);

    session_set_save_handler($handler, true);

    if (!empty($_COOKIE['PHPSESSID'])) {

        session_id($_COOKIE['PHPSESSID']);

    }

    @session_start();

    if (empty($_POST["nonce"]) || NonceUtil::check($systemConf["nonce_secret"], $_POST["nonce"]) === false) {

        exit;

    }

    $_sess_db = MySessionHandler::getDBSessionId();

    $access = mysqli_real_escape_string($_sess_db, time());

    $url = mysqli_real_escape_string($_sess_db, base64_decode($_POST["target"]));

    $userId = (empty($_SESSION['sessData']['userID']) ? null : $_SESSION['sessData']['userID']);

    $ip = inet_pton($_SERVER['REMOTE_ADDR']);

    $sessionId = session_id();

    $sql = "INSERT

            INTO transfers

            (sessId, access, ip, url, userId)

            VALUES  (?, ?, ?, ?, ?)";

    $stmt = mysqli_prepare($_sess_db, $sql);

    mysqli_stmt_bind_param($stmt, 'sdssd', $sessionId, $access, $ip, $url, $userId);

    if (!mysqli_stmt_execute($stmt)) {

        error_log("Error: " . $sql . " | " . mysqli_error($_sess_db));

    }

    mysqli_stmt_close($stmt);

}

exit;