require ("inc/config.php");
// Redirect only to registration page when this script is installed
-if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')))
-{
+if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed'))) {
// Base URL for redirection
switch ($_CONFIG['refid_target'])
{
}
// Get referral ID from ref or refid variable
- if (!empty($_GET['ref'])) $ref = strip_tags(htmlentities($_GET['ref']));
- elseif (!empty($_GET['refid'])) $ref = bigintval($_GET['refid']);
+ if (!empty($_GET['ref'])) $ref = secureString($_GET['ref']);
+ elseif (!empty($_GET['refid'])) $ref = secureString($_GET['refid']);
- if (!empty($ref))
- {
- // Test if nickname ($test == "0") or ID
- $test = "".round($ref)."";
- if ((EXT_IS_ACTIVE("nickname")) && ($test != $ref))
- {
+ if (!empty($ref)) {
+ // Test if nickname or numeric id
+ if ((EXT_IS_ACTIVE("nickname")) && ($ref != "".bigintval($ref)."")) {
// Nickname in URL, so load the ID
- $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", array($ref), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
+ array($ref), __FILE__, __LINE__);
list($ref) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- }
+ } // END - if
+
// Also edit this 0 !
- if (empty($ref)) $ref = "0";
+ if (empty($ref)) $ref = 0;
// We have an refid here. So we simply add it
$URL .= bigintval($ref);
// Update ref counter
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%d LIMIT 1",
- array(bigintval($ref)), __FILE__, __LINE__);
- }
- else
- {
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%s LIMIT 1",
+ array(bigintval($ref)), __FILE__, __LINE__);
+ } else {
// No refid and we add our refid (don't forget to set $def_refid!)
$URL = URL."/index.php";
}
+
// Load the URL
LOAD_URL($URL);
- // Redirection should be done here
-}
- else
-{
+} else {
// You have to configure first!
LOAD_URL("install.php");
}