* -------------------------------------------------------------------- *
* Kurzbeschreibung : Funktionen fuer den Sponsorenbereich *
* -------------------------------------------------------------------- *
* -------------------------------------------------------------------- *
* Kurzbeschreibung : Funktionen fuer den Sponsorenbereich *
* -------------------------------------------------------------------- *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2008 by Roland Haeder *
* For more information visit: http://www.mxchange.org *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2008 by Roland Haeder *
* For more information visit: http://www.mxchange.org *
} else {
// Do we want to add a new sponsor or update his data?
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' LIMIT 1",
} else {
// Do we want to add a new sponsor or update his data?
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' LIMIT 1",
if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
// SQL and message string is empty by default
if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
// SQL and message string is empty by default
- $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
- $DATA['values'][] = bigintval($_GET['id']);
+ $sql = substr($sql, 0, -2)." WHERE id='%s' LIMIT 1";
+ $DATA['values'][] = bigintval(REQUEST_GET('id'));
- $result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC($sql, $DATA['values'], __FUNCTION__, __LINE__);
// Check cookies against database records...
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE id='%s' AND password='%s' AND `status`='CONFIRMED' LIMIT 1",
// Check cookies against database records...
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE id='%s' AND password='%s' AND `status`='CONFIRMED' LIMIT 1",
- array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FUNCTION__, __LINE__);
-ORDER BY `sort`", __FILE__, __LINE__);
- if (SQL_NUMROWS($result_main) > 0)
- {
+ORDER BY `sort`", __FUNCTION__, __LINE__);
+ if (SQL_NUMROWS($result_main) > 0) {
-ORDER BY `sort`", array($action), __FILE__, __LINE__);
- if (SQL_NUMROWS($result_sub) > 0)
- {
+ORDER BY `sort`",
+ array($content['main_action']), __FUNCTION__, __LINE__);
+ if (SQL_NUMROWS($result_sub) > 0) {
$OUT = "";
$INC = sprintf("inc/modules/sponsor/%s.php", $what);
if (INCLUDE_READABLE($INC)) {
$OUT = "";
$INC = sprintf("inc/modules/sponsor/%s.php", $what);
if (INCLUDE_READABLE($INC)) {
- $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
+ $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, sprintf(getMessage('SPONSOR_CONTENT_404'), $what));
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data`
SET last_online=UNIX_TIMESTAMP()
WHERE id='%s' AND password='%s' LIMIT 1",
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data`
SET last_online=UNIX_TIMESTAMP()
WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FUNCTION__, __LINE__);
if ($POST['pass1'] == $POST['pass2']) {
// Okay, then set password and remove pass1 and pass2
$POST['password'] = md5($POST['pass1']);
if ($POST['pass1'] == $POST['pass2']) {
// Okay, then set password and remove pass1 and pass2
$POST['password'] = md5($POST['pass1']);
foreach ($POST as $key => $value) {
// Mmmmm, too less security here???
foreach ($POST as $key => $value) {
// Mmmmm, too less security here???
// We will secure this later inside the SQL_QUERY_ESC() function
$DATA[] = strip_tags($value);
// Compile {SLASH} and so on for the email templates
$POST[$key] = COMPILE_CODE($value);
// We will secure this later inside the SQL_QUERY_ESC() function
$DATA[] = strip_tags($value);
// Compile {SLASH} and so on for the email templates
$POST[$key] = COMPILE_CODE($value);
if (SQL_AFFECTEDROWS() == 1) {
if (!empty($templ) && !empty($subj)) {
// Run SQL command and check for success
if (SQL_AFFECTEDROWS() == 1) {
if (!empty($templ) && !empty($subj)) {
// Run SQL command and check for success
- $result = SQL_QUERY_ESC($SQL, $DATA, __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__);