X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=beg.php;h=ccf6edf2525eb1d5af30863ab89729205a657c82;hb=ba973321465edf4c1239d3b499b6de1e4be1f10c;hp=f76da26f194e0a9a8b0721ec9ce240b7c9f41015;hpb=701f5ac005404813e0e546102b5821f2ba2af522;p=mailer.git diff --git a/beg.php b/beg.php index f76da26f19..ccf6edf252 100644 --- a/beg.php +++ b/beg.php @@ -32,7 +32,7 @@ ************************************************************************/ // Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) ) -require_once("inc/libs/security_functions.php"); +require("inc/libs/security_functions.php"); // Init "action" and "what" global $what, $action, $startTime; @@ -51,7 +51,7 @@ require("inc/config.php"); // Is the "beg" extension active? if (!EXT_IS_ACTIVE("beg")) { // Redirect to index - LOAD_URL("modules.php?module=index&msg=".CODE_EXTENSION_PROBLEM."&ext=beg"); + LOAD_URL("modules.php?module=index&msg=".constant('CODE_EXTENSION_PROBLEM')."&ext=beg"); } // END - if // Is the script installed? @@ -70,16 +70,16 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { if ("".($_GET['uid'] + 0)."" !== "".$_GET['uid']."") { if (EXT_IS_ACTIVE("nickname")) { // Maybe we have found a nickname? - $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", array($_GET['uid']), __FILE__, __LINE__); } else { // Nickname entered but nickname is not active - $msg = CODE_EXTENSION_PROBLEM; + $msg = constant('CODE_EXTENSION_PROBLEM'); $uid = -1; } } else { // Direct userid - $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", array(bigintval($_GET['uid'])), __FILE__, __LINE__); } @@ -96,9 +96,6 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // Secure userid $uid = bigintval($uid); - // Calculate beg points - mt_srand((double)microtime() * 10000000000 / time()); - // Multiply configured values with 100000 and divide with 100000 so we can also handle small values // If we need more number behind the decimal dot then we just need to increase all these three // numbers matching to the numbers behind the decimal dot. Simple! ;-) @@ -121,11 +118,11 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // User id valid and not webmaster's id? if (($uid > 0) && (getConfig('beg_uid') != $uid)) { // Update counter - SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET beg_clicks=beg_clicks+1 WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1", array($uid), __FILE__, __LINE__); // Check for last entry for userid w/o IP number - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_timeout').") OR (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_uid_timeout').") AND userid=%s)) AND (remote_ip='%s' OR sid='%s') LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_beg_ips` WHERE (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_timeout').") OR (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_uid_timeout').") AND userid=%s)) AND (remote_ip='%s' OR sid='%s') LIMIT 1", array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__); // Entry not found, points set and not logged in? @@ -136,7 +133,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // Remember remote address, userid and timestamp for next click // but only when there is no admin begging. // Admins shall be able to test it! - SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_beg_ips (userid, remote_ip,sid, timeout) VALUES ('%s','%s','%s', UNIX_TIMESTAMP())", + SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_beg_ips` (userid, remote_ip,sid, timeout) VALUES ('%s','%s','%s', UNIX_TIMESTAMP())", array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__); // Was is successfull? @@ -150,7 +147,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { } // Pay points? - if ($pay) { + if ($pay === true) { // Add points to user or begging rallye account if (BEG_ADD_POINTS($uid, $points)) { // Set "done" message @@ -169,9 +166,9 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { } elseif (getConfig('beg_pay_mode') != "NONE") { // Other pay-mode active! // Prepare content for template $content = array( - 'clicks' => __BEG_CLICKS, - 'points' => __BEG_POINTS, - 'uid' => __BEG_UID + 'clicks' => constant('__BEG_CLICKS'), + 'points' => constant('__BEG_POINTS'), + 'uid' => constant('__BEG_UID') ); // Load message template depending on pay-mode @@ -186,7 +183,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { SQL_FREERESULT($result); // Include header - require_once(PATH."inc/header.php"); + LOAD_INC_ONCE("inc/header.php"); // Load final template LOAD_TEMPLATE("beg_link"); @@ -205,27 +202,27 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { } // Include footer - require_once(PATH."inc/footer.php"); + LOAD_INC_ONCE("inc/footer.php"); } elseif (($status != "CONFIRMED") && ($status != "failed")) { // Maybe locked/unconfirmed account? $msg = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status); } elseif (($uid == "0") || ($status == "failed")) { // Inalid or locked account, so let's find out - $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", array($_GET['uid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Locked account - $msg = CODE_ACCOUNT_LOCKED; + $msg = constant('CODE_ACCOUNT_LOCKED'); } else { // Invalid nickname! (404) - $msg = CODE_USER_404; + $msg = constant('CODE_USER_404'); } // Free memory SQL_FREERESULT($result); } elseif ($uid == getConfig('beg_uid')) { // Webmaster's ID cannot beg for points! - $msg = CODE_BEG_SAME_AS_OWN; + $msg = constant('CODE_BEG_SAME_AS_OWN'); } // Reload to index module