Move db setup in config.php
[squasher.git] / squasher.php
index 2e71b8f66db2550d7975ddd3c1711e2ea5c7ded6..c403e9dab07b1b4a36be0b4d37cafec8ef9d234b 100644 (file)
@@ -40,12 +40,12 @@ if (@$_GET['f']) {
 }
 
 if (@$_GET['f']) {
-       $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".$_GET['f']."'";
+       $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
        $f_r = mysql_query($f_q);
        $f_o = mysql_fetch_object($f_r);
 
        //log downloads
-       @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".$_GET['f']."','{$f_o->file}','download','".$_SESSION['creds']['user_id']."','".$_SESSION['creds']['user_name']."','".$_SERVER['REMOTE_ADDR']."',NOW())");
+       @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
 
        $_hpath_arr=explode("/", $f_o->file);
        $file=array_pop($_hpath_arr); //Remove filename
@@ -118,7 +118,7 @@ if (@$_GET['f']) {
        }
 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
 
-       require_once("smarty/Smarty.class.php");
+       require_once(SQUASHER_SMARTY);
 
        $smarty = new Smarty;
 
@@ -148,7 +148,7 @@ if (@$_GET['f']) {
                $squashweb->remove_users($_POST['u']);
        if ($type=="new")
                $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
-       require_once("smarty/Smarty.class.php");
+       require_once(SQUASHER_SMARTY);
 
        $smarty = new Smarty;
 
@@ -169,7 +169,7 @@ if (@$_GET['f']) {
        $logtype=@$_GET['logtype'];
        if (!$logtype)
                $logtype = 'all';
-       require_once("smarty/Smarty.class.php");
+       require_once(SQUASHER_SMARTY);
 
        $smarty = new Smarty;
 
@@ -184,7 +184,7 @@ if (@$_GET['f']) {
 } else {
        //show overview
 
-       require_once("smarty/Smarty.class.php");
+       require_once(SQUASHER_SMARTY);
 
        $smarty = new Smarty;