************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
{
global $jackpot;
// Check if he has locked points or not
- $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
list($payout) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
{
// ... to jackpot account
ADD_JACKPOT($points);
- if (empty($jackpot)) $jackpot = "0";
+ if (empty($jackpot)) $jackpot = 0;
$jackpot += $points;
}
else
{
// .. to user's account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth='0' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
array($target, $target, $points, bigintval($uid)), __FILE__, __LINE__);
// Update mediadata as well