X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=doubler.php;h=5d39bf1771d7f119f52b524e672e657055acee1c;hb=310ab1fd53100627fa054ea5579f283ed77bfaec;hp=db9ebf7a397a0278bc6a82a384d9228bf8aaa6ab;hpb=524c58a61b0a074fed8d7c9dc2f9ddab7f653595;p=mailer.git diff --git a/doubler.php b/doubler.php index db9ebf7a39..5d39bf1771 100644 --- a/doubler.php +++ b/doubler.php @@ -46,7 +46,7 @@ $GLOBALS['refid'] = 0; $CSS = 0; // Load the required file(s) -require ("inc/config.php"); +require("inc/config.php"); // Is the "doubler" extension active? if (!EXT_IS_ACTIVE("doubler")) { @@ -57,17 +57,17 @@ if (!EXT_IS_ACTIVE("doubler")) { // Is the script installed? if (isBooleanConstantAndTrue('mxchange_installed')) { // Probe for referal ID - if (!empty($_GET['refid'])) $GLOBALS['refid'] = bigintval($_GET['refid']); + if (!empty($_GET['refid'])) $GLOBALS['refid'] = SQL_ESCAPE($_GET['refid']); // Probe for nickname extension and if a nickname was supplied by URL $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($GLOBALS['refid'])."") != $GLOBALS['refid'])); if ($probe_nickname) { // Nickname in URL, so load the ID - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1", array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); } else { // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); } @@ -96,11 +96,11 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['userid'])."") != $_POST['userid'])); if ($probe_nickname) { // Nickname in URL, so load the ID - $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1", array($_POST['userid']), __FILE__, __LINE__); } else { // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array(bigintval($_POST['userid'])), __FILE__, __LINE__); } @@ -134,7 +134,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__); // Subtract entered points - SUB_POINTS($uid, $_POST['points']); + SUB_POINTS("doubler", $uid, $_POST['points']); // Add points to "total payed" including charge $points = $_POST['points'] - $_POST['points'] * $_CONFIG['doubler_charge']; @@ -214,12 +214,9 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { if (!empty($uid)) { // Transfer userid/nickname to constant define('__REFID', $uid); - } elseif (!empty($GLOBALS['refid'])) { + } else { // Transfer userid/nickname to constant define('__REFID', $GLOBALS['refid']); - } else { - // Transfer default refid to constant - define('__REFID', $_CONFIG['def_refid']); } // Percent values etc.