View file rating.php

World Fastest and Cheapest Hosting
Buy Cheapest Web Domains
File size: 1.42Kb 
////////////////////
else if($action=="rate")
{
**$rate= mysql_real_escape_string( $_REQUEST["rate"] );
**$bid = mysql_real_escape_string( $_REQUEST["bid"] );
**$who = mysql_real_escape_string( $_REQUEST["who"] );

** addonline(getuid_sid($sid),"Rating a member","");


if ($uid==$who)
{
******echo "<head>";
******echo "<title>$sitename</title>";
******echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
******echo "</head>";
******echo "<body>";
******echo "<p align=\"center\">";
******echo "You Cant Rate Yourself Silly
";
******echo "</p></body></html>";
******exit();
} 

**
******echo "<head>";
******echo "<title>$sitename</title>";
******echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
******echo "</head>";
******echo "<body>";
****** echo "<p align=\"center\">";

$addplus = mysql_fetch_array(mysql_query("SELECT rate FROM wap_users WHERE id=&#39;".$who."&#39;"));


$add = $rate;
$addplus = $add + $addplus[0];
$res = mysql_query("UPDATE wap_users SET rate= &#39;".$addplus."&#39; WHERE id=&#39;".$who."&#39;");
**if($res)
** {
********echo "<img src=\"../images/ok.gif\" alt=\"o\"/> rated successfully
";
** }else {
********echo "<img src=\"../images/notok.gif\" alt=\"x\"/>You have rated this user before
";
** }


**echo "

";
**echo "0 <a accesskey=\"0\" href=\"index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
**echo "</p></body>";
**}