************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
} elseif (!EXT_IS_ACTIVE("mailid")) {
}
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
if (empty($_GET['del'])) $_GET['del'] = "";
if (!empty($_GET['u_id'])) {
// Check if the user already exists
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
// Is there an entry?
// Grab user's all unconfirmed mails
if (EXT_IS_ACTIVE("bonus")) {
// Load bonus ID
- $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+ $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
} else {
// Load stats ID (2nd will be ignored later! But it is needed for the same fetchrow command)
- $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+ $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
}
// Some unconfirmed mails left
if ($_GET['del'] == "all") {
// Delete all unconfirmed mails by this user
- $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d LIMIT %s",
+ $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s LIMIT %s",
array(bigintval($_GET['u_id']), $nums), __FILE__, __LINE__);
// Prepare mail and send it away
switch ($type)
{
case "NORMAL":
- $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+ $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
- $TYPE = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM;
+ $type = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM;
$LINK = "<A href=\"".URL."/mailid.php?uid=".$_GET['u_id']."&mailid=".$id."\" target=\"_blank\">".$id."</A>";
break;
case "BONUS":
- $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array(bigintval($id2)), __FILE__, __LINE__);
- $TYPE = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM;
+ $type = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM;
$LINK = "<A href=\"".URL."/mailid.php?uid=".$_GET['u_id']."&bonusid=".$id2."\" target=\"_blank\">".$id2."</A>";
break;
}
define('__EMAIL_VALUE', "<A href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$email."</A>");
define('__EMAIL_LIST' , $OUT);
define('__NUMS_VALUE' , $nums);
- define('__UID_VALUE' , $_GET['u_id']);
+ define('__UID' , bigintval($_GET['u_id']));
// Load final template
LOAD_TEMPLATE("admin_list_links");