X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=0.2.1%2Fmailid.php;h=b268fa82d82ba528a29ef86f66bc88333f7977cf;hb=8e1498142233eff66b72904ad0428876eee1ce15;hp=b48ee7bafaaaffe632d37b5a115ccdb8aafcc12b;hpb=2408c1599f73859fe4a2938e87bc080b9dcb9cca;p=mailer.git

diff --git a/0.2.1/mailid.php b/0.2.1/mailid.php
index b48ee7bafa..b268fa82d8 100644
--- a/0.2.1/mailid.php
+++ b/0.2.1/mailid.php
@@ -1,226 +1,216 @@
-<?php
-/************************************************************************
- * MXChange v0.2.1                                    Start: 11/14/2003 *
- * ===============                              Last change: 11/25/2004 *
- *                                                                      *
- * -------------------------------------------------------------------- *
- * File              : mailid.php                                       *
- * -------------------------------------------------------------------- *
- * Short description : Confirmation file for emails                     *
- * -------------------------------------------------------------------- *
- * Kurzbeschreibung  : Bestaetigung von Mails                           *
- * -------------------------------------------------------------------- *
- *                                                                      *
- * -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder                           *
- * For more information visit: http://www.mxchange.org                  *
- *                                                                      *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or    *
- * (at your option) any later version.                                  *
- *                                                                      *
- * This program is distributed in the hope that it will be useful,      *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
- * GNU General Public License for more details.                         *
- *                                                                      *
- * You should have received a copy of the GNU General Public License    *
- * along with this program; if not, write to the Free Software          *
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
- * MA  02110-1301  USA                                                  *
- ************************************************************************/
-
-// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
-require_once("inc/libs/security_functions.php");
-
-// Init "action" and "what"
-global $what, $action;
-$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
-if (!empty($_GET['action'])) $GLOBALS['action'] = trim(strip_tags($_GET['action']));
-if (!empty($_GET['what'])) $GLOBALS['what'] = trim(strip_tags($_GET['what']));
-
-// Tell everyone we are in this module
-$GLOBALS['module'] = "mailid"; $CSS = -1;
-
-// Load the required file(s)
-require ("inc/config.php");
-
-if (defined('mxchange_installed') && (mxchange_installed))
-{
-	// Is the extension active
-	if (!EXT_IS_ACTIVE("mailid", true)) {
-		// Is not activated/installed yet!
-		ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "register"));
-	}
-
-	// Add header
-	require_once(PATH."inc/header.php");
-
-	// Secure all data
-	$url_uid = "0"; $url_bid = "0"; $url_mid = "0";
-	if (!empty($_GET['uid']))     $url_uid = bigintval($_GET['uid']);
-	if (!empty($_GET['mailid']))  $url_mid = bigintval($_GET['mailid']);
-	if (!empty($_GET['bonusid'])) $url_bid = bigintval($_GET['bonusid']);
-
-	// 01        1        12            3    32           21    1     2      2     10
-	if (($url_uid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (count($FATAL) == 0))
-	{
-		// Maybe he wants to confirm an email?
-		if ($url_mid > 0)
-		{
-			// Normal-Mails
-			$result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d AND userid=%d LIMIT 1",
-			 array($url_mid, $url_uid), __FILE__, __LINE__);
-			$TYPE = "mailid"; $DATA = $url_mid;
-		}
-		 elseif ($url_bid > 0)
-		{
-			// Bonus-Mail
-			$result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d AND userid=%d LIMIT 1",
-			 array($url_bid, $url_uid), __FILE__, __LINE__);
-			$TYPE = "bonusid"; $DATA = $url_bid;
-		}
-		 else
-		{
-			// Problem: No ID entered
-			LOAD_URL("index.php");
-		}
-		if (SQL_NUMROWS($result) == 1)
-		{
-			list($ltype) = SQL_FETCHROW($result);
-			SQL_FREERESULT($result);
-			switch ($ltype)
-			{
-			case "NORMAL":
-				// Is the stats ID valid?
-				$result = SQL_QUERY_ESC("SELECT pool_id, url FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
-				 array($url_mid), __FILE__, __LINE__);
-				break;
-
-			case "BONUS":
-				// Bonus-Mails
-				$result = SQL_QUERY_ESC("SELECT id, url FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
-				 array($url_bid), __FILE__, __LINE__);
-				break;
-			}
-
-			if (SQL_NUMROWS($result) == 1)
-			{
-				// Load data
-				list($pool, $URL) = SQL_FETCHROW($result);
-				SQL_FREERESULT($result);
-
-				// Is the user's ID unlocked?
-				$result = SQL_QUERY_ESC("SELECT status, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
-				 array($url_uid), __FILE__, __LINE__);
-				if (SQL_NUMROWS($result) == 1)
-				{
-					list($status, $sex, $sname, $fname) = SQL_FETCHROW($result);
-					SQL_FREERESULT($result);
-					if ($status == "CONFIRMED")
-					{
-						// User has confirmed his account so we can procede...
-						switch ($ltype)
-						{
-						case "NORMAL":
-							$result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
-							 array(bigintval($pool)), __FILE__, __LINE__);
-							if (SQL_NUMROWS($result) == 1)
-							{
-								list($pay) = SQL_FETCHROW($result);
-								$time      = GET_PAY_POINTS($pay, "time");
-								$payment   = GET_PAY_POINTS($pay, "payment");
-								$VALID     = true;
-							}
-
-							// Free memory
-							SQL_FREERESULT($result);
-							break;
-
-						case "BONUS":
-							$result = SQL_QUERY_ESC("SELECT points, time FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
-							 array($url_bid), __FILE__, __LINE__);
-							if (SQL_NUMROWS($result) == 1)
-							{
-								list($points, $time) = SQL_FETCHROW($result);
-								$payment = "0.00000";
-								$VALID = true;
-							}
-
-							// Free memory
-							SQL_FREERESULT($result);
-							break;
-						}
-
-						if ($VALID)
-						{
-							// If time is zero seconds we have a sponsor mail. 1 Second shall be set to avoid problems
-							if (($time == "0") && ($payment > 0)) { $URL = URL; $time = "1"; }
-							if (($time > 0) && (($payment > 0) || ($points > 0)))
-							{
-								// He can confirm this mail!
-								// Export data into constants for the template
-								define('_UID_VALUE' , $url_uid);
-								define('_TYPE_VALUE', $TYPE);
-								define('_DATA_VALUE', $DATA);
-								define('_URL_VALUE' , DEREFERER($URL));
-
-								// Load template
-								LOAD_TEMPLATE("mailid_frames");
-							}
-							 else
-							{
-								$msg = CODE_DATA_INVALID;
-							}
-						}
-						 else
-						{
-							$msg = CODE_POSSIBLE_INVALID;
-						}
-					}
-					 else
-					{
-						$msg = CODE_ACCOUNT_LOCKED;
-					}
-				}
-				 else
-				{
-					SQL_FREERESULT($result);
-					$msg = CODE_USER_404;
-				}
-			}
-			 else
-			{
-				SQL_FREERESULT($result);
-				$msg = CODE_STATS_404;
-			}
-		}
-		 else
-		{
-			SQL_FREERESULT($result);
-			$msg = CODE_ALREADY_CONFIRMED;
-		}
-	}
-	 else
-	{
-		// Nothing entered
-		$msg = CODE_ERROR_MAILID;
-	}
-	if (!empty($msg))
-	{
-		LOAD_URL(URL."/modules.php?module=index&msg=".$msg);
-	}
-
-	require_once(PATH."inc/footer.php");
-}
- else
-{
-	// You have to configure first!
-	LOAD_URL("install.php");
-}
-// Really all done here... ;-)
-die();
-
-//
-?>
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 11/14/2003 *
+ * ===============                              Last change: 11/25/2004 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : mailid.php                                       *
+ * -------------------------------------------------------------------- *
+ * Short description : Confirmation file for emails                     *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Bestaetigung von Mails                           *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
+require_once("inc/libs/security_functions.php");
+
+// Init "action" and "what"
+global $what, $action;
+$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
+if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
+if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
+
+// Tell everyone we are in this module
+$GLOBALS['module'] = "mailid"; $CSS = -1;
+
+// Load the required file(s)
+require ("inc/config.php");
+
+if (defined('mxchange_installed') && (mxchange_installed))
+{
+	// Is the extension active
+	if (!EXT_IS_ACTIVE("mailid", true)) {
+		// Is not activated/installed yet!
+		ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "mailid"));
+	}
+
+	// Add header
+	require_once(PATH."inc/header.php");
+
+	// Init
+	$url_uid = 0; $url_bid = 0; $url_mid = 0;
+
+	// Secure all data
+	if (!empty($_GET['uid']))     $url_uid = bigintval($_GET['uid']);
+	if (!empty($_GET['mailid']))  $url_mid = bigintval($_GET['mailid']);
+	if (!empty($_GET['bonusid'])) $url_bid = bigintval($_GET['bonusid']);
+
+	//* DEBUG: */ die("*".$url_uid."/".$url_bid."/".$url_mid."*<pre>".print_r($FATAL, true)."</pre>");
+
+	// 01        1        12            3    32           21    1     2      2     10
+	if (($url_uid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (count($FATAL) == 0))
+	{
+		// Maybe he wants to confirm an email?
+		if ($url_mid > 0)
+		{
+			// Normal-Mails
+			$result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d AND userid=%d LIMIT 1",
+			 array($url_mid, $url_uid), __FILE__, __LINE__);
+			$TYPE = "mailid"; $DATA = $url_mid;
+		}
+		 elseif ($url_bid > 0)
+		{
+			// Bonus-Mail
+			$result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d AND userid=%d LIMIT 1",
+			 array($url_bid, $url_uid), __FILE__, __LINE__);
+			$TYPE = "bonusid"; $DATA = $url_bid;
+		}
+		 else
+		{
+			// Problem: No ID entered
+			LOAD_URL("index.php");
+		}
+		if (SQL_NUMROWS($result) == 1)
+		{
+			list($ltype) = SQL_FETCHROW($result);
+			SQL_FREERESULT($result);
+			switch ($ltype)
+			{
+			case "NORMAL":
+				// Is the stats ID valid?
+				$result = SQL_QUERY_ESC("SELECT pool_id, url FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+				 array($url_mid), __FILE__, __LINE__);
+				break;
+
+			case "BONUS":
+				// Bonus-Mails
+				$result = SQL_QUERY_ESC("SELECT id, url FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+				 array($url_bid), __FILE__, __LINE__);
+				break;
+			}
+
+			if (SQL_NUMROWS($result) == 1)
+			{
+				// Load data
+				list($pool, $URL) = SQL_FETCHROW($result);
+				SQL_FREERESULT($result);
+
+				// Is the user's ID unlocked?
+				$result = SQL_QUERY_ESC("SELECT status, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+				 array($url_uid), __FILE__, __LINE__);
+				if (SQL_NUMROWS($result) == 1)
+				{
+					list($status, $sex, $sname, $fname) = SQL_FETCHROW($result);
+					SQL_FREERESULT($result);
+					if ($status == "CONFIRMED")
+					{
+						// User has confirmed his account so we can procede...
+						switch ($ltype)
+						{
+						case "NORMAL":
+							$result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+							 array(bigintval($pool)), __FILE__, __LINE__);
+							if (SQL_NUMROWS($result) == 1)
+							{
+								list($pay) = SQL_FETCHROW($result);
+								$time      = GET_PAY_POINTS($pay, "time");
+								$payment   = GET_PAY_POINTS($pay, "payment");
+								$VALID     = true;
+							}
+
+							// Free memory
+							SQL_FREERESULT($result);
+							break;
+
+						case "BONUS":
+							$result = SQL_QUERY_ESC("SELECT points, time FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+							 array($url_bid), __FILE__, __LINE__);
+							if (SQL_NUMROWS($result) == 1)
+							{
+								list($points, $time) = SQL_FETCHROW($result);
+								$payment = "0.00000";
+								$VALID = true;
+							}
+
+							// Free memory
+							SQL_FREERESULT($result);
+							break;
+						}
+
+						if ($VALID)
+						{
+							// If time is zero seconds we have a sponsor mail. 1 Second shall be set to avoid problems
+							if (($time == "0") && ($payment > 0)) { $URL = URL; $time = "1"; }
+							if (($time > 0) && (($payment > 0) || ($points > 0))) {
+								// He can confirm this mail!
+								// Export data into constants for the template
+								define('_UID_VALUE' , $url_uid);
+								define('_TYPE_VALUE', $TYPE);
+								define('_DATA_VALUE', $DATA);
+								define('_URL_VALUE' , DEREFERER($URL));
+
+								// Load template
+								LOAD_TEMPLATE("mailid_frames");
+							} else {
+								$msg = CODE_DATA_INVALID;
+							}
+						} else {
+							$msg = CODE_POSSIBLE_INVALID;
+						}
+					} else {
+						$msg = CODE_ACCOUNT_LOCKED;
+					}
+				} else {
+					SQL_FREERESULT($result);
+					$msg = CODE_USER_404;
+				}
+			} else {
+				SQL_FREERESULT($result);
+				$msg = CODE_STATS_404;
+			}
+		} else {
+			SQL_FREERESULT($result);
+			$msg = CODE_ALREADY_CONFIRMED;
+		}
+	} else {
+		// Nothing entered
+		$msg = CODE_ERROR_MAILID;
+	}
+
+	// Error code is set?
+	if (!empty($msg)) {
+		LOAD_URL(URL."/modules.php?module=index&msg=".$msg);
+	}
+
+	require_once(PATH."inc/footer.php");
+}
+ else
+{
+	// You have to configure first!
+	LOAD_URL("install.php");
+}
+// Really all done here... ;-)
+die();
+
+//
+?>