************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
}
+
//
function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
{
{
// Load sub menus
$result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE action='%s' AND what != '' ".$WHERE."
+WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE."
ORDER BY sort", array($action), __FILE__, __LINE__);
if (SQL_NUMROWS($result_sub) > 0)
{
//
function GENERATE_SPONSOR_CONTENT($what)
{
- global $HTTP_POST_VARS, $_GET, $CONFIG;
+ global $_CONFIG;
$OUT = "";
$FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
if (FILE_READABLE($FILE)) {
//
function UPDATE_SPONSOR_LOGIN()
{
- global $_COOKIE, $CONFIG;
+ global $_COOKIE, $_CONFIG;
// Check if cookies are set
if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
// Calculate cookie lifetime, maybe we have to change this so the admin can setup a
// seperate timeout for these two cookies?
- $life = (time() + $CONFIG['online_timeout']);
+ $life = (time() + $_CONFIG['online_timeout']);
// Is confirmed so both is fine and we can continue with login procedure
$login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
// Unsecure data which we don't want
$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
- 'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old',
+ 'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
'ok', 'pass1', 'pass2');
// Set default message ("not saved")
projects / mailer.git / blobdiff