<?php
/************************************************************************
- * MXChange v0.2.1 Start: 04/24/2005 *
- * =============== Last change: 05/18/2008 *
+ * M-XChange v0.2.1 Start: 04/24/2005 *
+ * ================ Last change: 05/12/2005 *
* *
* -------------------------------------------------------------------- *
* File : what-edit_sponsor.php *
************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
}
// Add description as navigation point
ADD_DESCR("admin", basename(__FILE__));
-if ((!empty($HTTP_GET_VARS['id'])) && (!empty($HTTP_GET_VARS['mode'])))
-{
+if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
// Check for selected sponsor
$result = SQL_QUERY_ESC("SELECT company, position, salut, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, receive_warnings, warning_interval FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1",
- array($HTTP_GET_VARS['id']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1) {
// Load sponsor details
$DATA = SQL_FETCHARRAY($result);
SQL_FREERESULT($result);
// Prepare all data for the template
// Sponsor's ID
- define('__SPONSOR_ID' , $HTTP_GET_VARS['id']);
+ define('__SPONSOR_ID' , bigintval($_GET['id']));
// Company's data
define('__COMPANY' , $DATA['company']);
define('__POSITION' , $DATA['position']);
define('__REC_WARNING', ADD_SELECTION("yn", $DATA['receive_warnings'], "receive_warning"));
define('__INTERVAL' , CREATE_TIME_SELECTIONS($DATA['warning_interval'], "warning_interval", "MWDh"));
+ // Init variables here
+ $TPL = sprintf("admin_edit_sponsor_%s", SQL_ESCAPE($_GET['mode']));
+ $SQLs = array();
+
// Sponsor was found
- $TPL = "admin_edit_sponsor_".$HTTP_GET_VARS['mode']; $SQLs = array();
- if ((isset($HTTP_POST_VARS['ok'])) || (isset($HTTP_POST_VARS['edit'])))
- {
+ if ((isset($_POST['ok'])) || (isset($_POST['edit']))) {
// Perform action on mode
- switch ($HTTP_GET_VARS['mode'])
+ switch ($_GET['mode'])
{
case "add_points": // Add points
- if (strval($HTTP_POST_VARS['points']) > 0)
- {
+ if (strval($_POST['points']) > 0) {
// Replace german decimal comma with computer's decimal dot
- $POINTS = strval(str_replace(",", ".", $HTTP_POST_VARS['points']));
+ $POINTS = strval(str_replace(",", ".", $_POST['points']));
// Add points to account
$result_add = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET points_amount=points_amount+%s WHERE id='%s' LIMIT 1",
- array($POINTS, bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+ array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
// Remember points /reason for the template
define('__POINTS' , TRANSLATE_COMMA($POINTS));
- define('__REASON' , $HTTP_POST_VARS['reason']);
+ define('__REASON' , $_POST['reason']);
// Send email
- $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $HTTP_POST_VARS['reason'], true);
+ $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $_POST['reason'], true);
SEND_EMAIL(__EMAIL, SPONSOR_ADMIN_ADD_POINTS, $msg);
$MSG = ADMIN_SPONSOR_POINTS_ADDED;
- }
- else
- {
+ } else {
// No points entered to add!
$MSG = ADMIN_SPONSPOR_NO_POINTS_TO_ADD;
}
break;
case "sub_points": // Subtract points
- if (strval($HTTP_POST_VARS['points']) > 0)
- {
+ if (strval($_POST['points']) > 0) {
// Replace german decimal comma with computer's decimal dot
- $POINTS = strval(str_replace(",", ".", $HTTP_POST_VARS['points']));
+ $POINTS = strval(str_replace(",", ".", $_POST['points']));
// Add points to account
$result_add = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET points_used=points_used+%s WHERE id='%s' LIMIT 1",
- array($POINTS, bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+ array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
// Remember points /reason for the template
define('__POINTS' , TRANSLATE_COMMA($POINTS));
- define('__REASON' , $HTTP_POST_VARS['reason']);
+ define('__REASON' , $_POST['reason']);
// Send email
- $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $HTTP_POST_VARS['reason'], true);
+ $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $_POST['reason'], true);
SEND_EMAIL(__EMAIL, SPONSOR_ADMIN_SUB_POINTS, $msg);
$MSG = ADMIN_SPONSOR_POINTS_SUBTRACTED;
- }
- else
- {
+ } else {
// No points entered to add!
$MSG = ADMIN_SPONSPOR_NO_POINTS_TO_SUBTRACT;
}
case "edit": // Edit sponsor account
$PASS = true;
- if (($HTTP_POST_VARS['pass1'] != $HTTP_POST_VARS['pass2']) || ((empty($HTTP_POST_VARS['pass1'])) && (empty($HTTP_POST_VARS['pass1']))))
- {
+ if (($_POST['pass1'] != $_POST['pass2']) || ((empty($_POST['pass1'])) && (empty($_POST['pass1'])))) {
// Remove passwords
- unset($HTTP_POST_VARS['pass1']);
- unset($HTTP_POST_VARS['pass2']);
+ unset($_POST['pass1']);
+ unset($_POST['pass2']);
$PASS = false;
}
- SPONSOR_HANDLE_SPONSOR($HTTP_POST_VARS);
+ SPONSOR_HANDLE_SPONSOR($_POST);
// Convert some data for the email template
- $HTTP_POST_VARS['salut'] = TRANSLATE_SEX($HTTP_POST_VARS['salut']);
- $HTTP_POST_VARS['warning_interval'] = CREATE_FANCY_TIME($HTTP_POST_VARS['warning_interval']);
- if (!$PASS) $HTTP_POST_VARS['pass1'] = SPONSOR_PASS_UNCHANGED;
+ $_POST['salut'] = TRANSLATE_SEX($_POST['salut']);
+ $_POST['warning_interval'] = CREATE_FANCY_TIME($_POST['warning_interval']);
+ if (!$PASS) $_POST['pass1'] = SPONSOR_PASS_UNCHANGED;
// Load email template and send the mail away
- $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $HTTP_POST_VARS, false);
- SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ADMIN_EDIT_SUBJECT, $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $_POST, false);
+ SEND_EMAIL($_POST['email'], SPONSOR_ADMIN_EDIT_SUBJECT, $msg);
break;
default: // Unknown mode
- $MSG = ADMIN_INVALID_MODE_1.$HTTP_GET_VARS['mode'].ADMIN_INVALID_MODE_2;
+ $MSG = ADMIN_INVALID_MODE_1.SQL_ESCAPE($_GET['mode']).ADMIN_INVALID_MODE_2;
break;
}
- if (!empty($MSG))
- {
+ if (!empty($MSG)) {
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
- }
- }
- elseif (file_exists(PATH."templates/".GET_LANGUAGE()."/html/admin/".$TPL.".tpl"))
- {
+ } // END - if
+ } elseif (FILE_READABLE(sprintf("%stemplates/%s/html/admin/%s.tpl", PATH, GET_LANGUAGE(), $TPL))) {
// Create mailto link
define('__SPONSOR_VALUE', "<A href=\"mailto:".__EMAIL."\">".__SURNAME." ".__FAMILY."</A>");
// Load mode template
LOAD_TEMPLATE($TPL);
- }
- else
- {
+ } else {
// Template not found!
- LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_TPL_404_1.$HTTP_GET_VARS['mode'].ADMIN_TPL_404_2);
+ LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_TPL_404_1.SQL_ESCAPE($_GET['mode']).ADMIN_TPL_404_2);
}
- }
- else
- {
+ } else {
// Sponsor not found!
- LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['id'].ADMIN_SPONSOR_404_2);
+ LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.bigintval($_GET['id']).ADMIN_SPONSOR_404_2);
}
-}
- else
-{
+} else {
// Not called by what-list_sponsor.php
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_CALL_NOT_DIRECTLY);
}