-// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
-require_once("inc/libs/security_functions.php");
-
-// Init "action" and "what"
-global $what, $action, $startTime;
-$GLOBALS['startTime'] = microtime(true);
-$GLOBALS['what'] = "";
-$GLOBALS['action'] = "";
-
-// Set module
-$GLOBALS['module'] = "doubler";
-$GLOBALS['refid'] = 0;
-$CSS = 0;
-
-// Load the required file(s)
-require ("inc/config.php");
-
-// Is the "doubler" extension active?
-if (!EXT_IS_ACTIVE("doubler")) {
- // Redirect to index
- LOAD_URL("modules.php?module=index&msg=".CODE_EXTENSION_PROBLEM."&ext=doubler");
-} // END - if
-
-// Is the script installed?
-if (isBooleanConstantAndTrue('mxchange_installed')) {
- // Probe for referal ID
- if (!empty($_GET['refid'])) $GLOBALS['refid'] = SQL_ESCAPE($_GET['refid']);
-
- // Probe for nickname extension and if a nickname was supplied by URL
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($GLOBALS['refid'])."") != $GLOBALS['refid']));
- if ($probe_nickname) {
- // Nickname in URL, so load the ID
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
- array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
- } else {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
- array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
- }
-
- // Load data
- list($rid, $status_ref) = SQL_FETCHROW($result);
- $GLOBALS['refid'] = bigintval($rid);
-
- // Free memory
- SQL_FREERESULT($result);
- $uid = 0;
-
- // If no account was found set default refid and status to CONFIRMED
- if (empty($GLOBALS['refid'])) {
- $GLOBALS['refid'] = $_CONFIG['def_refid'];
- $status = "CONFIRMED";
- } // END - if
-
- // Begin with doubler script...
- if (isset($_POST['ok'])) {
- // Secure points (so only integer/double values are allowed
- $_POST['points'] = bigintval($_POST['points']);
-
- // Begin with doubling process
- if ((!empty($_POST['userid'])) && (!empty($_POST['pass'])) && (!empty($_POST['points']))) {
- // Probe for nickname extension and if a nickname was entered
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['userid'])."") != $_POST['userid']));
- if ($probe_nickname) {
- // Nickname in URL, so load the ID
- $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
- array($_POST['userid']), __FILE__, __LINE__);
- } else {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
- array(bigintval($_POST['userid'])), __FILE__, __LINE__);
- }
-
- // Load data
- list($uid, $status, $password) = SQL_FETCHROW($result);
- $uid = bigintval($uid);
-
- // Free result
- SQL_FREERESULT($result);
-
- // Remove any dots and unwanted chars from the points
- $_POST['points'] = bigintval(round(REVERT_COMMA($_POST['points'])));