- // Add header
- require_once(PATH."inc/header.php");
-
- // Init
- $url_uid = 0; $url_bid = 0; $url_mid = 0;
-
- // Secure all data
- if (!empty($_GET['uid'])) $url_uid = bigintval($_GET['uid']);
- if (!empty($_GET['mailid'])) $url_mid = bigintval($_GET['mailid']);
- if (!empty($_GET['bonusid'])) $url_bid = bigintval($_GET['bonusid']);
-
- //* DEBUG: */ die("*".$url_uid."/".$url_bid."/".$url_mid."*<pre>".print_r($FATAL, true)."</pre>");
-
- // 01 1 12 3 32 21 1 2 2 10
- if (($url_uid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (count($FATAL) == 0))
- {
- // Maybe he wants to confirm an email?
- if ($url_mid > 0)
- {
- // Normal-Mails
- $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d AND userid=%d LIMIT 1",
- array($url_mid, $url_uid), __FILE__, __LINE__);
- $TYPE = "mailid"; $DATA = $url_mid;
- }
- elseif ($url_bid > 0)
- {
- // Bonus-Mail
- $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d AND userid=%d LIMIT 1",
- array($url_bid, $url_uid), __FILE__, __LINE__);
- $TYPE = "bonusid"; $DATA = $url_bid;
- }
- else
- {
- // Problem: No ID entered
- LOAD_URL("index.php");
- }
- if (SQL_NUMROWS($result) == 1)
- {
- list($ltype) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- switch ($ltype)
- {
- case "NORMAL":
- // Is the stats ID valid?
- $result = SQL_QUERY_ESC("SELECT pool_id, url FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
- array($url_mid), __FILE__, __LINE__);
+// Set content type and HTTP status
+setContentType('text/html');
+setHttpStatus('404 Not Found');
+
+// Is the extension mailid active?
+redirectOnUninstalledExtension('mailid');
+
+// Is the extension other active?
+redirectOnUninstalledExtension('other');
+
+// Init data
+$data = array(
+ 'error_code' => '0',
+ 'userid' => '0',
+ 'id' => '0',
+ 'code' => '0',
+ 'do' => 'frames',
+ 'type' => '',
+);
+
+// Secure all data
+if (isGetRequestElementSet('userid')) $data['userid'] = bigintval(getRequestElement('userid'));
+if (isGetRequestElementSet('id')) $data['id'] = bigintval(getRequestElement('id'));
+if (isGetRequestElementSet('code')) $data['code'] = bigintval(getRequestElement('code'));
+if (isGetRequestElementSet('do')) $data['do'] = getRequestElement('do');
+if (isGetRequestElementSet('type')) $data['type'] = getRequestElement('type');
+
+// @TODO Improve check on $data['type'], empty() is not very much ...
+if ((isValidId($data['userid'])) && (isValidId($data['id'])) && (!empty($data['type'])) && (!ifFatalErrorsDetected())) {
+ // No image?
+ if ($data['do'] != 'img') {
+ // ... then output header
+ loadIncludeOnce('inc/header.php');
+ } // END - fi
+
+ // Is 'do' still "frames"?
+ if ($data['do'] == 'frames') {
+ // This is a frameset module
+ $GLOBALS['frameset_mode'] = TRUE;
+ } // END - if
+
+ // Init result for below SQL_NUMROWS() function
+ $result_main = FALSE;
+
+ // Maybe he wants to confirm an email?
+ switch ($data['type']) {
+ case 'normal':
+ $result_main = SQL_QUERY_ESC("SELECT `id` AS `link_id`, `link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `stats_id`=%s AND `userid`=%s LIMIT 1",
+ array($data['id'], $data['userid']), __FILE__, __LINE__);
+ break;
+
+ case 'bonus':
+ $result_main = SQL_QUERY_ESC("SELECT `id` AS `link_id`, `link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `bonus_id`=%s AND `userid`=%s LIMIT 1",
+ array($data['id'], $data['userid']), __FILE__, __LINE__);
+ break;
+
+ default: // Not detected
+ reportBug(__FILE__, __LINE__, 'No valid type=' . $data['type'] . ' set.');
+ break;
+ } // END - switch
+
+ // Is an entry found?
+ if (SQL_NUMROWS($result_main) == 1) {
+ // Is the stats id valid?
+ $data = merge_array($data, SQL_FETCHARRAY($result_main));
+
+ // Init result here with invalid to avoid possible missing variable
+ $result_mailid = FALSE;
+
+ // @TODO Rewrite this to a filter/function
+ switch ($data['link_type']) {
+ case 'NORMAL':
+ $result_mailid = SQL_QUERY_ESC("SELECT `pool_id`, `userid` AS `sender` FROM `{?_MYSQL_PREFIX?}_user_stats` WHERE `id`=%s LIMIT 1",
+ array($data['id']), __FILE__, __LINE__);