* -------------------------------------------------------------------- *
* File : ref.php *
* -------------------------------------------------------------------- *
- * Short description : Redirection for the referral link *
+ * Short description : Redirection for the referal link *
* -------------------------------------------------------------------- *
- * Kurzbeschreibung : Weiterleitungsscript fuer die Referral-Links *
+ * Kurzbeschreibung : Weiterleitungsscript fuer die Referal-Links *
* -------------------------------------------------------------------- *
* *
* -------------------------------------------------------------------- *
$GLOBALS['module'] = "ref"; $CSS = -1;
// Load the required file(s)
-require ("inc/config.php");
+require("inc/config.php");
// Redirect only to registration page when this script is installed
-if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')))
-{
+if (isBooleanConstantAndTrue('mxchange_installed')) {
// Base URL for redirection
- switch ($_CONFIG['refid_target'])
+ switch (getConfig('refid_target'))
{
case "register":
$URL = URL."/modules.php?module=index&what=register&refid=";
break;
}
- // Get referral ID from ref or refid variable
- if (!empty($_GET['ref'])) $ref = strip_tags(htmlentities($_GET['ref']));
- elseif (!empty($_GET['refid'])) $ref = bigintval($_GET['refid']);
+ // Get referal ID from ref or refid variable
+ if (!empty($_GET['ref'])) $ref = secureString($_GET['ref']);
+ elseif (!empty($_GET['refid'])) $ref = secureString($_GET['refid']);
+
+ if (!empty($ref)) {
+ // Test if nickname or numeric id
+ if ($ref != "".($ref + 0)."") {
+ if (EXT_IS_ACTIVE("nickname")) {
+ // Nickname in URL, so load the ID
+ $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1",
+ array($ref), __FILE__, __LINE__);
+
+ // Load userid
+ list($ref) = SQL_FETCHROW($result);
+
+ // Free result
+ SQL_FREERESULT($result);
+ } else {
+ // Invalid request!
+ $ref = 0;
+ }
+ } // END - if
- if (!empty($ref))
- {
- // Test if nickname ($test == "0") or ID
- $test = "".round($ref)."";
- if ((EXT_IS_ACTIVE("nickname")) && ($test != $ref))
- {
- // Nickname in URL, so load the ID
- $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", array($ref), __FILE__, __LINE__);
- list($ref) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- }
// Also edit this 0 !
- if (empty($ref)) $ref = "0";
+ if (empty($ref)) $ref = 0;
+
+ // Update session
+ set_session('refid', $ref);
// We have an refid here. So we simply add it
$URL .= bigintval($ref);
- // Update ref counter
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%d LIMIT 1",
- array(bigintval($ref)), __FILE__, __LINE__);
- }
- else
- {
+ // Is the refid valid?
+ if ($ref > 0) {
+ // Update ref counter
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET ref_clicks=ref_clicks+1 WHERE userid=%s LIMIT 1",
+ array(bigintval($ref)), __FILE__, __LINE__);
+ } // END - if
+ } else {
// No refid and we add our refid (don't forget to set $def_refid!)
$URL = URL."/index.php";
}
+
// Load the URL
LOAD_URL($URL);
- // Redirection should be done here
-}
- else
-{
+} else {
// You have to configure first!
LOAD_URL("install.php");
}