- switch (REQUEST_GET('mode'))
- {
- case "add_points": // Add points
- if (strval(REQUEST_POST('points')) > 0) {
- // Replace german decimal comma with computer's decimal dot
- $POINTS = strval(REVERT_COMMA(REQUEST_POST('points')));
-
- // Add points to account
- SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET points_amount=points_amount+%s WHERE id='%s' LIMIT 1",
- array($POINTS, bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
-
- // Remember points /reason for the template
- define('__POINTS' , TRANSLATE_COMMA($POINTS));
- define('__REASON' , REQUEST_POST('reason'));
-
- // Send email
- $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", REQUEST_POST('reason'), true);
- SEND_EMAIL(__EMAIL, ADMIN_SPONSOR_ADD_POINTS, $msg);
- $MSG = ADMIN_SPONSOR_POINTS_ADDED;
- } else {
- // No points entered to add!
- $MSG = ADMIN_SPONSPOR_NO_POINTS_TO_ADD;
- }
- break;
-
- case "sub_points": // Subtract points
- if (strval(REQUEST_POST('points')) > 0) {
- // Replace german decimal comma with computer's decimal dot
- $POINTS = strval(REVERT_COMMA(REQUEST_POST('points')));
-
- // Add points to account
- SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET points_used=points_used+%s WHERE id='%s' LIMIT 1",
- array($POINTS, bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
-
- // Remember points /reason for the template
- define('__POINTS' , TRANSLATE_COMMA($POINTS));
- define('__REASON' , REQUEST_POST('reason'));
-
- // Send email
- $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", REQUEST_POST('reason'), true);
- SEND_EMAIL(__EMAIL, ADMIN_SPONSOR_SUB_POINTS, $msg);
- $MSG = ADMIN_SPONSOR_POINTS_SUBTRACTED;
- } else {
- // No points entered to add!
- $MSG = ADMIN_SPONSPOR_NO_POINTS_TO_SUBTRACT;
- }
- break;
-
- case "edit": // Edit sponsor account
- $PASS = true;
- if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) || ((!REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass1'))))) {
- // Remove passwords
- REQUEST_UNSET_POST(('pass1'));
- REQUEST_UNSET_POST(('pass2'));
- $PASS = false;
- }
-
- // Convert time selection
- $DATA = array(); $id = "warning_interval_ye"; $skip = false;
- CONVERT_SELECTIONS_TO_TIMESTAMP(REQUEST_POST_ARRAY(), $DATA, $id, $skip);
-
- // Save the sponsor
- SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY());
-
- // Convert some data for the email template
- REQUEST_POST('gender' , TRANSLATE_GENDER(REQUEST_POST('gender')));
- REQUEST_POST('warning_interval', CREATE_FANCY_TIME(REQUEST_POST('warning_interval')));
-
- if (!$PASS) REQUEST_SET_POST('pass1', getMessage('SPONSOR_PASS_UNCHANGED'));
-
- // Load email template and send the mail away
- $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", REQUEST_POST_ARRAY(), false);
- SEND_EMAIL(REQUEST_POST('email'), getMessage('ADMIN_SPONSOR_EDIT_SUBJECT'), $msg);
- break;
-
- default: // Unknown mode
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown mode %s detected.", REQUEST_GET('mode')));
- $MSG = sprintf(getMessage('ADMIN_SPONSOR_INVALID_MODE'), SQL_ESCAPE(REQUEST_GET('mode')));
- break;
+ switch (getRequestParameter('mode')) {
+ case 'add_points': // Add points
+ if (bigintval(postRequestParameter('points')) > 0) {
+ // Replace german decimal comma with computer's decimal dot
+ $points = bigintval(convertCommaToDot(postRequestParameter('points')));
+
+ // Add points to account
+ SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `points_amount`=`points_amount`+%s WHERE `id`='%s' LIMIT 1",
+ array($points, bigintval(getRequestParameter('id'))), __FILE__, __LINE__);
+
+ // Remember points /reason for the template
+ $content['points'] = translateComma($points);
+ $content['reason'] = secureString(postRequestParameter('reason'));
+
+ // Send email
+ $message = loadEmailTemplate('sponsor_add_points', $content);
+ sendEmail($content['email'], '{--ADMIN_SPONSOR_ADD_POINTS_SUBJECT--}', $message);
+ $message = '{--ADMIN_SPONSOR_POINTS_ADDED--}';
+ } else {
+ // No points entered to add!
+ $message = '{--ADMIN_SPONSPOR_NO_POINTS_TO_ADD--}';
+ }
+ break;
+
+ case 'sub_points': // Subtract points
+ if (bigintval(postRequestParameter('points')) > 0) {
+ // Replace german decimal comma with computer's decimal dot
+ $points = bigintval(convertCommaToDot(postRequestParameter('points')));
+
+ // Add points to account
+ SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `points_used`=`points_used`+%s WHERE `id`='%s' LIMIT 1",
+ array($points, bigintval(getRequestParameter('id'))), __FILE__, __LINE__);
+
+ // Remember points /reason for the template
+ $content['points'] = translateComma($points);
+ $content['reason'] = secureString(postRequestParameter('reason'));
+
+ // Send email
+ $message = loadEmailTemplate('sponsor_sub_points', $content);
+ sendEmail($content['email'], '{--ADMIN_SPONSOR_SUB_POINTS_SUBJECT--}', $message);
+ $message = '{--ADMIN_SPONSOR_POINTS_SUBTRACTED--}';
+ } else {
+ // No points entered to add!
+ $message = '{--ADMIN_SPONSPOR_NO_POINTS_TO_SUBTRACT--}';
+ }
+ break;
+
+ case 'edit': // Edit sponsor account
+ $PASS = true;
+ if ((postRequestParameter('pass1') != postRequestParameter('pass2')) || ((!isPostRequestParameterSet('pass1')) && (!isPostRequestParameterSet('pass1')))) {
+ // Remove passwords
+ unsetPostRequestParameter('pass1');
+ unsetPostRequestParameter('pass2');
+ $PASS = false;
+ } // END - if
+
+ // Convert time selection
+ $DATA = array(); $id = 'warning_interval_ye'; $skip = false;
+ convertSelectionsToTimestamp(postRequestArray(), $DATA, $id, $skip);
+
+ // Save the sponsor
+ handlSponsorRequest(postRequestArray());
+
+ // Convert some data for the email template
+ postRequestParameter('gender' , translateGender(postRequestParameter('gender')));
+ postRequestParameter('warning_interval', createFancyTime(postRequestParameter('warning_interval')));
+
+ if ($PASS === false) setPostRequestParameter('pass1', '{--SPONSOR_PASS_UNCHANGED--}');
+
+ // Load email template and send the mail away
+ $message = loadEmailTemplate('admin_sponsor_edit', postRequestArray(), false);
+ sendEmail(postRequestParameter('email'), '{--ADMIN_SPONSOR_EDIT_SUBJECT--}', $message);
+ break;
+
+ default: // Unknown mode
+ logDebugMessage(__FILE__, __LINE__, sprintf("Unknown mode %s detected.", getRequestParameter('mode')));
+ $message = getMaskedMessage('ADMIN_SPONSOR_INVALID_MODE', getRequestParameter('mode'));
+ break;