************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
//
-function ADD_MODULE_TITLE($mod)
-{
+function ADD_MODULE_TITLE($mod) {
global $cacheArray, $_CONFIG;
$name = ""; $result = false;
- // Load title
- if (!mxchange_installing)
- {
- if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module'])) && (isset($cacheArray['modules']['module'][$mod])))
- {
+
+ // Is the script installed?
+ if (isBooleanConstantAndTrue('mxchange_installed')) {
+ if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module'])) && (isset($cacheArray['modules']['module'][$mod]))) {
// Load from cache
$name = $cacheArray['modules']['title'][$mod];
// Update cache hits
$_CONFIG['cache_hits']++;
- }
- else
- {
+ } else {
// Load from database
$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_mod_reg WHERE module='%s' LIMIT 1", array($mod), __FILE__, __LINE__);
list($name) = SQL_FETCHROW($result);
$name = trim($name);
// Still no luck or empty title?
- if (empty($name))
- {
+ if (empty($name)) {
// No name found
$name = LANG_UNKNOWN_MODULE." (".$mod.")";
- if (SQL_NUMROWS($result) == 0)
- {
+ if (SQL_NUMROWS($result) == 0) {
// Add module to database
$dummy = CHECK_MODULE($mod);
}
}
return $name;
}
+
// Check validity of a given module name (no file extension)
function CHECK_MODULE($mod) {
// We need them now here...
$ret = "major";
// Check if script is installed if not return a "done" to prevent some errors
- if ((!mxchange_installed) || (mxchange_installing) || (!admin_registered)) return "done";
+ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (isBooleanConstantAndTrue('mxchange_installing')) || (!isBooleanConstantAndTrue('admin_registered'))) return "done";
// Check if cache is latest version
$locked = 'Y'; $hidden = 'N'; $admin = 'N'; $mem = 'N'; $found = false;
// Return the value
return $ret;
}
+
// Add menu description pending on given file name (without path!)
-function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
-{
+function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) {
global $DEPTH, $_CONFIG;
$LINK_ADD = ""; $OUT = ""; $AND = "";
// First we have to do some analysis...
if (!$return) $DEPTH++;
$prefix = "";
}
+
$prefix .= " -> ";
+
if (ereg(".php", $search)) {
$search = substr($search, 0, strpos($search, ".php"));
}
+
$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1",
array($ACC_LVL, $type, $search), __FILE__, __LINE__);
+
if (SQL_NUMROWS($result) == 1) {
list($ret) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (($type == "what") || (($type == "action") && (!isset($_GET['what'])) && ($GLOBALS['what'] != "welcome"))) {
//* DEBUG: */ echo __LINE__."+".$type."+<br />\n";
$OUT .= "</DIV><br />\n";
+ $DEPTH="0";
}
}
}
//
function ADD_MENU($MODE, $act, $wht) {
global $_CONFIG;
+
+ // Init some variables
+ $main_cnt = 0;
+ $AND = "";
+ $main_action = "";
+ $sub_what = "";
+
if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID;
- $main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = "";
- if (!IS_ADMIN())
- {
+
+ // Non-admin shall not see all menus
+ if (!IS_ADMIN()) {
$AND = "AND visible='Y' AND locked='N'";
}
+
// Load SQL data and add the menu to the output stream...
$result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort",
array($MODE), __FILE__, __LINE__);
//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
- if (SQL_NUMROWS($result_main) > 0)
- {
+ if (SQL_NUMROWS($result_main) > 0) {
OUTPUT_HTML("<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"".$MODE."_menu\">");
// There are menus available, so we simply display them... :)
- while (list($main_title, $main_action) = SQL_FETCHROW($result_main))
- {
+ while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) {
//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
// Load menu header template
$BLOCK_MODE = false; $act = $main_action;
$result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort",
array($MODE, $main_action), __FILE__, __LINE__);
$ctl = SQL_NUMROWS($result_sub);
- if ($ctl > 0)
- {
+ if ($ctl > 0) {
$cnt=0;
- while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub))
- {
+ while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) {
+ // Init content
$content = "";
// Full file name for checking menu
//* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
// If admin login is not given take current from cookies...
- if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])))
- {
- $admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5'];
+ if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {
+ // Get admin login and password from session/cookies
+ $admin = SQL_ESCAPE(get_session('admin_login'));
+ $passCookie = SQL_ESCAPE(get_session('admin_md5'));
}
//* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
// Search in array for entry
- if ((!empty($passCookie)) && (isset($cacheArray['admins']['password'][$admin])) && (!empty($admin)))
- {
+ if ((!empty($passCookie)) && (isset($cacheArray['admins']['password'][$admin])) && (!empty($admin))) {
// Count cache hits
$_CONFIG['cache_hits']++;
// Login data is valid or not?
$valPass = generatePassString($cacheArray['admins']['password'][$admin]);
- }
- elseif (!empty($admin))
- {
+ } elseif (!empty($admin)) {
// Search for admin
$result = SQL_QUERY_ESC("SELECT HIGH_PRIORITY password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
array($admin), __FILE__, __LINE__);
// Is he admin?
$passDB = "";
- if (SQL_NUMROWS($result) == 1)
- {
+ if (SQL_NUMROWS($result) == 1) {
// Admin login was found so let's load password from DB
list($passDB) = SQL_FETCHROW($result);
+
+ // Generate password hash
$valPass = generatePassString($passDB);
}
SQL_FREERESULT($result);
}
- if (!empty($valPass))
- {
+ if (!empty($valPass)) {
// Check if password is valid
- //* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*<br>";
- $ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
+ //* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*<br />\n";
+ $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
}
// Return result of comparision
FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
// Are cookies set?
- if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH')))
+ if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH')))
{
// Cookies are set with values, but are they valid?
$result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
// So did we now have valid data and an unlocked user?
- //* DEBUG: */ echo $valPass."<br>".$_SESSION['u_hash']."<br>";
- if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash']))
- {
+ //* DEBUG: */ echo $valPass."<br>".get_session('u_hash')."<br>";
+ if (($status == "CONFIRMED") && ($valPass == get_session('u_hash'))) {
// Account is confirmed and all cookie data is valid so he is definely logged in! :-)
$ret = true;
- }
- else
- {
+ } else {
// Maybe got locked etc.
//* DEBUG: */ echo __LINE__."!!!<br>";
- set_session("userid", "", time() - 3600, COOKIE_PATH);
- set_session("u_hash", "", time() - 3600, COOKIE_PATH);
- set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+ set_session("userid", "");
+ set_session("u_hash", "");
+ set_session("lifetime", "");
// Remove array elements to prevent errors
unset($GLOBALS['userid']);
}
- }
- else
- {
+ } else {
// Cookie data is invalid!
//* DEBUG: */ echo __LINE__."***<br>";
- set_session("userid", "", time() - 3600, COOKIE_PATH);
- set_session("u_hash", "", time() - 3600, COOKIE_PATH);
- set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+ set_session("userid", "");
+ set_session("u_hash", "");
+ set_session("lifetime", "");
// Remove array elements to prevent errors
unset($GLOBALS['userid']);
{
// Cookie data is invalid!
//* DEBUG: */ echo __LINE__."///<br>";
- set_session("userid", "", time() - 3600, COOKIE_PATH);
- set_session("u_hash", "", time() - 3600, COOKIE_PATH);
- set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+ set_session("userid", "");
+ set_session("u_hash", "");
+ set_session("lifetime", "");
// Remove array elements to prevent errors
unset($GLOBALS['userid']);
if (!is_array($LAST)) $LAST = array();
// Are the required cookies set?
- if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) {
+ if ((!isset($GLOBALS['userid'])) || (!isSessionVariableSet('u_hash')) || (!isSessionVariableSet('lifetime'))) {
// Nope, then return here to caller function
return false;
} else {
// Secure user ID
- $GLOBALS['userid'] = bigintval($_SESSION['userid']);
+ $GLOBALS['userid'] = bigintval(get_session('userid'));
}
// Extract last online time (life) and how long is auto-login valid (time)
- $newl = time() + bigintval($_SESSION['lifetime']);
+ $newl = time() + bigintval(get_session('lifetime'));
// Recheck if logged in
if (!IS_LOGGED_IN()) return false;
// Maybe first login time?
if (empty($mod)) $mod = "login";
- if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) {
+ if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE(get_session('u_hash')), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) {
// This will be displayed on welcome page! :-)
if (empty($LAST['module'])) {
$LAST['module'] = $mod; $LAST['online'] = $onl;
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__);
}
- }
- else
- {
+ } else {
// Destroy session, we cannot update!
- set_session("userid", "", time() - 3600, COOKIE_PATH);
- set_session("u_hash", "", time() - 3600, COOKIE_PATH);
- set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+ set_session("userid", "");
+ set_session("u_hash", "");
+ set_session("lifetime", "");
}
}
//
list($hashDB) = SQL_FETCHROW($result_main);
// Extract salt from cookie
- $salt = substr($_SESSION['u_hash'], 0, -40);
+ $salt = substr(get_session('u_hash'), 0, -40);
// Now let's compare passwords
$hash = generatePassString($hashDB);
- if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
+ if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) {
// Load user's data
$result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
global $DEPTH, $_CONFIG, $DATA, $link;
// When $uid = 0 add points to jackpot
- if ($uid == "0")
- {
+ if ($uid == "0") {
// Add points to jackpot
ADD_JACKPOT($points);
return;
}
// Count up referral depth
- if (empty($DEPTH))
- {
+ if (empty($DEPTH)) {
// Initialialize referral system
$DEPTH = "0";
- }
- else
- {
+ } else {
// Increase referral level
$DEPTH++;
}
$result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
- if (SQL_NUMROWS($result_user) == 1)
- {
+ //* DEBUG */ echo "+".SQL_NUMROWS($result_user).":".$points."+<br />\n";
+ if (SQL_NUMROWS($result_user) == 1) {
// This is the user and his ref
list ($ref, $email) = SQL_FETCHROW($result_user);
SQL_FREERESULT($result_user);
+
$result = SQL_QUERY_ESC("SELECT percents FROM "._MYSQL_PREFIX."_refdepths WHERE level='%s' LIMIT 1",
array(bigintval($DEPTH)), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ //* DEBUG */ echo "DEPTH:".$DEPTH."<br />\n";
+ if (SQL_NUMROWS($result) == 1) {
list($per) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$P = $points * $per / 100;
+ //* DEBUG */ echo "ADD:".$P."<br />\n";
// Update points...
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1",
array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__);
- if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0)
- {
+ if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) {
// First ref in this level! :-)
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)",
array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__);
}
// Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
+ if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
// Update database
MEDIA_UPDATE_ENTRY(array("total_points"), "add", $P);
}
// Points updated, maybe I shall send him an email?
- if (($send_notify) && ($ref > 0) && (!$locked))
- {
+ if (($send_notify) && ($ref > 0) && (!$locked)) {
// 0 1 2 3
$DATA = array($per, bigintval($DEPTH), $P, bigintval($ref));
$msg = LOAD_EMAIL_TEMPLATE("confirm-referral", "", bigintval($uid));
SEND_EMAIL($email, THANX_REFERRAL_ONE, $msg);
+ } elseif (($send_notify) && ($ref == 0) && (!$locked) && ($add_mode == "direct") && (!defined('__POINTS_VALUE'))) {
+ // Direct payment shall be notified about
+ define('__POINTS_VALUE', $P);
+
+ // Load message
+ $msg = LOAD_EMAIL_TEMPLATE("add-points", REASON_DIRECT_PAYMENT, $uid);
+
+ // And sent it away
+ SEND_EMAIL($email, SUBJECT_DIRECT_PAYMENT, $msg);
+ LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_ADDED);
}
// Maybe there's another ref?
- if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref"))
- {
+ if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref")) {
// Then let's credit him here...
ADD_POINTS_REFSYSTEM($ref, $points, $send_notify, $ref, $locked);
}
// Is administrator
$ADMIN = 'Y';
}
- if (!empty($_SESSION['refid']))
- {
+ if (isSessionVariableSet('refid')) {
// Check cookie
- if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid'];
+ if (get_session('refid') > 0) $rid = $GLOBALS['refid'];
}
// Now Read data
}
//
function IS_DEMO() {
- return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo"));
+ return ((EXT_IS_ACTIVE("demo")) && (get_session('admin_login') == "demo"));
}
//
function LOAD_CONFIG($no="0")