************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
}
+
//
function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
{
SQL_FREERESULT($result);
// Yes, he is!
- if (($_GET['what'] == "add_sponsor") || ($NO_UPDATE))
+ if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE))
{
// Already found!
$ALREADY = true;
// Add new sponsor, first add more data
$DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
$DATA['keys'][] = "status";
- if ((!$NO_UPDATE) && (IS_ADMIN()) && ($_GET['what'] == "add_sponsor"))
+ if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor"))
{
// Only allowed for admin
$DATA['values'][] = "PENDING";
// Generate hash code
$DATA['keys'][] = "hash";
- $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
+ $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA['keys'][] = "remote_addr";
- $DATA['values'][] = $_SERVER['REMOTE_ADDR'];
+ $DATA['values'][] = GET_REMOTE_ADDR();
}
// Implode all data into strings
$VALUES = str_repeat("%s', '", count($DATA['values']) - 1);
// Generate string
- $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES('".$VALUES."%s')";
+ $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')";
// Generate message
$MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
break;
default:
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown status %s detected.", $status));
$ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2;
break;
}
{
// Load sub menus
$result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE action='%s' AND what != '' ".$WHERE."
+WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE."
ORDER BY sort", array($action), __FILE__, __LINE__);
if (SQL_NUMROWS($result_sub) > 0)
{
// Unsecure data which we don't want
$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
- 'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old',
+ 'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
'ok', 'pass1', 'pass2');
// Set default message ("not saved")
$SQL .= " status='EMAIL', hash='%s',";
// Generate hash code
- $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
+ $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA[] = $HASH;
}
}
$DATA[] = $_COOKIE['sponsorpass'];
// Saving data was completed... ufff...
- switch ($_GET['what'])
+ switch ($GLOBALS['what'])
{
case "account": // Change account data
if ($EMAIL)
break;
default: // Unknown sponsor what value!
- $MSG = SPONSOR_UNKNOWN_WHAT_1.$_GET['what'].SPONSOR_UNKNOWN_WHAT_2;
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what']));
+ $MSG = SPONSOR_UNKNOWN_WHAT_1.$GLOBALS['what'].SPONSOR_UNKNOWN_WHAT_2;
$templ = ""; $subj = "";
break;
}
// to the old address
// First to old address
- switch ($_GET['what'])
+ switch ($GLOBALS['what'])
{
case "account": // Change account data
$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);