Subversion Repositories cheapmusic

<?php

include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/hosting.php');

if (isset($_POST["target"])) {

    include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/constants.php');

    include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/sessions_db.php');

    include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/cryptor.php');

    include_once ("php/NonceUtil.php");

    $configFile = parse_ini_file(FCM_CONFIGFILE, true);

    $crypt = Cryptor::getInstance($configFile['cryptor']);

    $tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);

    $handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);

    $systemConf = $configFile['system'];

    unset($configFile);

    session_set_cookie_params(604800, '/', '.findcheapmusic.com', true, true);

    session_set_save_handler($handler, true);

    if (!empty($_COOKIE['PHPSESSID'])) {

        session_id($_COOKIE['PHPSESSID']);

    }

    @session_start();

    if (empty($_POST["nonce"]) || NonceUtil::check($systemConf["nonce_secret"], $_POST["nonce"]) === false) {

        exit;

    }

    $_sess_db = MySessionHandler::getDBSessionId();

    $access = mysqli_real_escape_string($_sess_db, time());

    $url = mysqli_real_escape_string($_sess_db, base64_decode($_POST["target"]));

    $userId = (empty($_SESSION['sessData']['userID']) ? 'NULL' : $_SESSION['sessData']['userID']);

    $ip = inet_pton($_SERVER['REMOTE_ADDR']);

    $sql = "INSERT

            INTO transfers

            (sessId, access, ip, url, userId)

            VALUES  ('" . session_id() . "', '$access', '$ip', '$url', $userId)";

    if (!mysqli_query($_sess_db, $sql)) {

        error_log("Error: " . $sql . " | " . mysqli_error($_sess_db));

    }

}

exit;