- // Secure all data
- $url_uid = 0; $url_bid = 0; $url_mid = 0; $code = 0; $mode = "";
- if (!empty($_GET['uid'])) $url_uid = bigintval($_GET['uid']);
- if (!empty($_GET['mailid'])) $url_mid = bigintval($_GET['mailid']);
- if (!empty($_GET['bonusid'])) $url_bid = bigintval($_GET['bonusid']);
- if (!empty($_GET['code'])) $code = bigintval($_GET['code']);
- if (!empty($_GET['mode'])) $mode = $_GET['mode'];
-
- // 01 1 12 2 2 21 1 2 2 10
- if (($url_uid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (count($FATAL) == 0))
- {
- if ($mode != "img") require_once(PATH."inc/header.php");
-
- // Maybe he wants to confirm an email?
- if ($url_mid > 0)
- {
- $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s AND userid=%s LIMIT 1",
- array($url_mid, $url_uid), __FILE__, __LINE__);
- $type = "mailid"; $DATA = $url_mid;
- }
- elseif ($url_bid > 0)
- {
- $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s AND userid=%s LIMIT 1",
- array($url_bid, $url_uid), __FILE__, __LINE__);
- $type = "bonusid"; $DATA = $url_bid;
- }
- if (SQL_NUMROWS($result) == 1)
- {
- // Is the stats ID valid?
- list($lid, $ltype) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- switch ($ltype)
- {
- case "NORMAL":
- $result_mailid = SQL_QUERY_ESC("SELECT pool_id, userid, id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
- array($url_mid), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1) {
+ // Is the stats ID valid?
+ list($lid, $ltype) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+
+ // @TODO Rewrite this to a filter
+ switch ($ltype) {
+ case 'NORMAL':
+ $result_mailid = SQL_QUERY_ESC("SELECT pool_id, userid, id FROM `{!_MYSQL_PREFIX!}_user_stats` WHERE `id`=%s LIMIT 1",
+ array($url_mid), __FILE__, __LINE__);