X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Flibs%2Fsponsor_functions.php;h=31a7578e6e3a74ef6df7c6b7967efd4580158578;hb=f6fc2b9723a0554bf4f407554225e9a1a1a97e5e;hp=e0c63d5316edbbd00164ae6d7fe890aefe552253;hpb=d18075f375db1b9db40773cdf80a5d6f2c36cd3a;p=mailer.git

diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php
index e0c63d5316..31a7578e6e 100644
--- a/inc/libs/sponsor_functions.php
+++ b/inc/libs/sponsor_functions.php
@@ -31,11 +31,11 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
 	require($INC);
 }
+
 //
 function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
 {
@@ -54,7 +54,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 	);
 
  	// Check if sponsor already exists
-	foreach ($POST as $k=>$v)
+	foreach ($POST as $k => $v)
 	{
 		if (!(array_search($k, $SKIPPED) > -1))
 		{
@@ -153,7 +153,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 	if ($SAVE)
 	{
 		// Default is no force even when a guest want to abuse this force switch
-		if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = "0";
+		if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
 
 		// SQL and message string is empty by default
 		$SQL = ""; $MSG = "";
@@ -163,7 +163,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 		{
 			// Update his data
 			$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET ";
-			foreach ($DATA['keys'] as $k=>$v)
+			foreach ($DATA['keys'] as $k => $v)
 			{
 				$SQL .= $v."='%s', ";
 			}
@@ -213,7 +213,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 		{
 			// Add all data as hidden data
 			$OUT = "";
-			foreach ($POST as $k=>$v)
+			foreach ($POST as $k => $v)
 			{
 				// Do not add 'force' !
 				if ($k != "force")
@@ -356,7 +356,7 @@ function GENERATE_SPONSOR_MENU($current)
 
 	// Load main menu entries
 	$result_main = SQL_QUERY("SELECT action, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE what='' ".$WHERE."
+WHERE (what='' OR what IS NULL) ".$WHERE."
 ORDER BY sort", __FILE__, __LINE__);
 	if (SQL_NUMROWS($result_main) > 0)
 	{
@@ -365,7 +365,7 @@ ORDER BY sort", __FILE__, __LINE__);
 		{
 			// Load sub menus
 			$result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE action='%s' AND what != '' ".$WHERE."
+WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE."
 ORDER BY sort", array($action), __FILE__, __LINE__);
 			if (SQL_NUMROWS($result_sub) > 0)
 			{
@@ -420,16 +420,13 @@ ORDER BY sort", array($action), __FILE__, __LINE__);
 //
 function GENERATE_SPONSOR_CONTENT($what)
 {
-	global $HTTP_POST_VARS, $_GET, $CONFIG;
-	$FILE = PATH."inc/modules/sponsor/".$what.".php";
+	global $_CONFIG;
 	$OUT = "";
-	if (@file_exists($FILE))
-	{
+	$FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
+	if (FILE_READABLE($FILE)) {
 		// Every sponsor action will output nothing directly. It will be written into $OUT!
 		require_once($FILE);
-	}
-	 else
-	{
+	} else {
 		// File not found!
 		$OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
 	}
@@ -440,14 +437,14 @@ function GENERATE_SPONSOR_CONTENT($what)
 //
 function UPDATE_SPONSOR_LOGIN()
 {
-	global $_COOKIE, $CONFIG;
+	global $_COOKIE, $_CONFIG;
 
 	// Check if cookies are set
 	if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
 
 	// Calculate cookie lifetime, maybe we have to change this so the admin can setup a
 	// seperate timeout for these two cookies?
-	$life = (time() + $CONFIG['online_timeout']);
+	$life = (time() + $_CONFIG['online_timeout']);
 
 	// Is confirmed so both is fine and we can continue with login procedure
 	$login = ((setcookie("sponsorid"  , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
@@ -474,20 +471,20 @@ function SPONSOR_SAVE_DATA($POST, $content)
 
 	// Unsecure data which we don't want
 	$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
-	                'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old',
+	                'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
 	                'ok', 'pass1', 'pass2');
 
 	// Set default message ("not saved")
 	$MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED;
 
 	// Check for submitted passwords
-	if ((!empty($HTTP_POST_VARS['pass1'])) && (!empty($HTTP_POST_VARS['pass2'])))
+	if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
 	{
 		// Are both passwords the same?
-		if ($HTTP_POST_VARS['pass1'] == $HTTP_POST_VARS['pass2'])
+		if ($_POST['pass1'] == $_POST['pass2'])
 		{
 			// Okay, then set password and remove pass1 and pass2
-			$HTTP_POST_VARS['password'] = md5($HTTP_POST_VARS['pass1']);
+			$_POST['password'] = md5($_POST['pass1']);
 		}
 	}
 
@@ -503,7 +500,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
 
 	// Prepare SQL string
 	$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET";
-	foreach ($POST as $key=>$value)
+	foreach ($POST as $key => $value)
 	{
 		// Mmmmm, too less security here???
 		$SQL   .= " ".strip_tags($key)."='%s',";
@@ -587,23 +584,13 @@ function SPONSOR_SAVE_DATA($POST, $content)
 			$DATA = $POST;
 
 			// Change some data
-			if (isset($content['salut'])) $content['salut'] = TRANSLATE_SEX($content['salut']);
-			if (isset($DATA['salut']))    $DATA['salut']    = TRANSLATE_SEX($DATA['salut']);
+			if (isset($content['gender'])) $content['gender'] = TRANSLATE_GENDER($content['gender']);
+			if (isset($DATA['gender']))    $DATA['gender']    = TRANSLATE_GENDER($DATA['gender']);
 			if (isset($content['receive_warnings'])) $DATA['receive']     = TRANSLATE_YESNO($POST['receive_warnings']);
 			if (isset($content['warning_interval'])) $DATA['interval']    = CREATE_FANCY_TIME($POST['warning_interval']);
 
 			// Send email to admins
-			if (GET_EXT_VERSION("admins") < "0.4.1")
-			{
-				// Use old method to send out
-				$msg = LOAD_EMAIL_TEMPLATE($templ, $content);
-				SEND_ADMIN_EMAILS($subj, $msg);
-			}
-			 else
-			{
-				// Use new system to send out
-				SEND_ADMIN_EMAILS_PRO($subj, $templ, $content);
-			}
+			SEND_ADMIN_NOTIFICATION($subj, $templ, $content);
 
 			// Shall we send mail to the sponsor's new email address?
 			if ($content['receive_warnings'] == "Y")