************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
}
+
//
function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
{
- global $HTTP_GET_VARS, $_SERVER, $_COOKIE;
$SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false;
$ret = "unused";
);
// Check if sponsor already exists
- foreach ($POST as $k=>$v)
+ foreach ($POST as $k => $v)
{
if (!(array_search($k, $SKIPPED) > -1))
{
SQL_FREERESULT($result);
// Yes, he is!
- if (($HTTP_GET_VARS['what'] == "add_sponsor") || ($NO_UPDATE))
+ if (($_GET['what'] == "add_sponsor") || ($NO_UPDATE))
{
// Already found!
$ALREADY = true;
if ($SAVE)
{
// Default is no force even when a guest want to abuse this force switch
- if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = "0";
+ if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
// SQL and message string is empty by default
$SQL = ""; $MSG = "";
{
// Update his data
$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET ";
- foreach ($DATA['keys'] as $k=>$v)
+ foreach ($DATA['keys'] as $k => $v)
{
$SQL .= $v."='%s', ";
}
// Remove last ", " from SQL string
$SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
- $DATA['values'][] = bigintval($HTTP_GET_VARS['id']);
+ $DATA['values'][] = bigintval($_GET['id']);
// Generate message
$MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
// Add new sponsor, first add more data
$DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
$DATA['keys'][] = "status";
- if ((!$NO_UPDATE) && (IS_ADMIN()) && ($HTTP_GET_VARS['what'] == "add_sponsor"))
+ if ((!$NO_UPDATE) && (IS_ADMIN()) && ($_GET['what'] == "add_sponsor"))
{
// Only allowed for admin
$DATA['values'][] = "PENDING";
// Generate hash code
$DATA['keys'][] = "hash";
- $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
+ $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA['keys'][] = "remote_addr";
- $DATA['values'][] = $_SERVER['REMOTE_ADDR'];
+ $DATA['values'][] = GET_REMOTE_ADDR();
}
// Implode all data into strings
{
// Add all data as hidden data
$OUT = "";
- foreach ($POST as $k=>$v)
+ foreach ($POST as $k => $v)
{
// Do not add 'force' !
if ($k != "force")
// Load main menu entries
$result_main = SQL_QUERY("SELECT action, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE what='' ".$WHERE."
+WHERE (what='' OR what IS NULL) ".$WHERE."
ORDER BY sort", __FILE__, __LINE__);
if (SQL_NUMROWS($result_main) > 0)
{
{
// Load sub menus
$result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE action='%s' AND what != '' ".$WHERE."
+WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE."
ORDER BY sort", array($action), __FILE__, __LINE__);
if (SQL_NUMROWS($result_sub) > 0)
{
//
function GENERATE_SPONSOR_CONTENT($what)
{
- global $HTTP_POST_VARS, $HTTP_GET_VARS, $CONFIG;
- $FILE = PATH."inc/modules/sponsor/".$what.".php";
+ global $_CONFIG;
$OUT = "";
- if (@file_exists($FILE))
- {
+ $FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
+ if (FILE_READABLE($FILE)) {
// Every sponsor action will output nothing directly. It will be written into $OUT!
require_once($FILE);
- }
- else
- {
+ } else {
// File not found!
$OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
}
//
function UPDATE_SPONSOR_LOGIN()
{
- global $_COOKIE, $CONFIG;
+ global $_COOKIE, $_CONFIG;
// Check if cookies are set
if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
// Calculate cookie lifetime, maybe we have to change this so the admin can setup a
// seperate timeout for these two cookies?
- $life = (time() + $CONFIG['online_timeout']);
+ $life = (time() + $_CONFIG['online_timeout']);
// Is confirmed so both is fine and we can continue with login procedure
$login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
//
function SPONSOR_SAVE_DATA($POST, $content)
{
- global $_COOKIE, $_SERVER, $HTTP_GET_VARS;
+ global $_COOKIE, $_SERVER, $_GET;
$EMAIL = false;
// Unsecure data which we don't want
$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
- 'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old',
+ 'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
'ok', 'pass1', 'pass2');
// Set default message ("not saved")
$MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED;
// Check for submitted passwords
- if ((!empty($HTTP_POST_VARS['pass1'])) && (!empty($HTTP_POST_VARS['pass2'])))
+ if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
{
// Are both passwords the same?
- if ($HTTP_POST_VARS['pass1'] == $HTTP_POST_VARS['pass2'])
+ if ($_POST['pass1'] == $_POST['pass2'])
{
// Okay, then set password and remove pass1 and pass2
- $HTTP_POST_VARS['password'] = md5($HTTP_POST_VARS['pass1']);
+ $_POST['password'] = md5($_POST['pass1']);
}
}
// Prepare SQL string
$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET";
- foreach ($POST as $key=>$value)
+ foreach ($POST as $key => $value)
{
// Mmmmm, too less security here???
$SQL .= " ".strip_tags($key)."='%s',";
$SQL .= " status='EMAIL', hash='%s',";
// Generate hash code
- $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
+ $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA[] = $HASH;
}
}
$DATA[] = $_COOKIE['sponsorpass'];
// Saving data was completed... ufff...
- switch ($HTTP_GET_VARS['what'])
+ switch ($_GET['what'])
{
case "account": // Change account data
if ($EMAIL)
break;
default: // Unknown sponsor what value!
- $MSG = SPONSOR_UNKNOWN_WHAT_1.$HTTP_GET_VARS['what'].SPONSOR_UNKNOWN_WHAT_2;
+ $MSG = SPONSOR_UNKNOWN_WHAT_1.$_GET['what'].SPONSOR_UNKNOWN_WHAT_2;
$templ = ""; $subj = "";
break;
}
$DATA = $POST;
// Change some data
- if (isset($content['salut'])) $content['salut'] = TRANSLATE_SEX($content['salut']);
- if (isset($DATA['salut'])) $DATA['salut'] = TRANSLATE_SEX($DATA['salut']);
+ if (isset($content['gender'])) $content['gender'] = TRANSLATE_GENDER($content['gender']);
+ if (isset($DATA['gender'])) $DATA['gender'] = TRANSLATE_GENDER($DATA['gender']);
if (isset($content['receive_warnings'])) $DATA['receive'] = TRANSLATE_YESNO($POST['receive_warnings']);
if (isset($content['warning_interval'])) $DATA['interval'] = CREATE_FANCY_TIME($POST['warning_interval']);
// Send email to admins
- if (GET_EXT_VERSION("admins") < "0.4.1")
- {
- // Use old method to send out
- $msg = LOAD_EMAIL_TEMPLATE($templ, $content);
- SEND_ADMIN_EMAILS($subj, $msg);
- }
- else
- {
- // Use new system to send out
- SEND_ADMIN_EMAILS_PRO($subj, $templ, $content);
- }
+ SEND_ADMIN_NOTIFICATION($subj, $templ, $content);
// Shall we send mail to the sponsor's new email address?
if ($content['receive_warnings'] == "Y")
// to the old address
// First to old address
- switch ($HTTP_GET_VARS['what'])
+ switch ($_GET['what'])
{
case "account": // Change account data
$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);