Mini Shell Moded By TiGER HeX

//var/www/ridazz/includes/bookTop.php

<?
$tag_id = addslashes(sanitize_title($_REQUEST['tag_id']));
$uid= addslashes(sanitize_title($query));
if(is_authorized()){
	if( isset($_REQUEST['vote'])){
 $vote = addslashes(sanitize_title($_REQUEST['vote']));
		$sql = "SELECT vote FROM 50mm_tag_votes WHERE voter_id = '".$_SESSION['user_id']."' AND tag_id='$tag_id'";
		if( !($result = $db->sql_query($sql)) ){
		 $sql_error = $db->sql_error();
		 die($sql_error['message']);
		}
		$row = $db->sql_fetchrow($result);
		if($db->sql_numrows($result)==0){
		 $sql = "INSERT INTO 50mm_tag_votes (tag_id,voter_id,vote,entry_time) VALUES ('$tag_id','".$_SESSION['user_id']."','".$vote."',NOW())";
		}else{
		 $sql = "UPDATE 50mm_tag_votes SET vote = '".$vote."', entry_time = NOW() WHERE voter_id = '".$_SESSION['user_id']."' AND tag_id='$tag_id'";
		}
		if( !($result = $db->sql_query($sql)) ){
		 $sql_error = $db->sql_error();
		 die($sql_error['message']);
		}
	}
}
$email_confirm = "";

if(isset($_REQUEST['sendEmail'])){
 //send email
 $email = sanitize_title($_REQUEST['email']);
 $query = "?tagId=$tag_id&userId=$uid";
 $link = ROOT_URL.$_SERVER['PHP_SELF'].$query;
 $link = "<a href=\"$link\">$link</a>";
 $body = "A friend of yours has sent you a page from the 50mm Los Angeles Online Blackbook... Click the link below to view it! $link";
 $headers = "MIME-Version: 1.0\r\n";
 $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
 $headers .= "To: ".$email." <".$email.">\n"; 
 $headers .= "Bcc: ".SITE_TITLE."<mailto:view_blackbook@50mmlosangeles.com>\r\n";
 $headers .= "From: ".SITE_TITLE."<mailto:view_blackbook@50mmlosangeles.com>\r\n";
 $mresult = mail($email,"50mm Los Angeles Online Blackbook",$body,$headers);
 if(!$mresult){
	 die("Unable to send email notification!");
 }
 $email_confirm = " Your email was sent!";
}
?>