X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-config_rallye_prices.php;h=1c069121fd262db859c6c138279a461bf67af94a;hb=2142149f3f72f1a2476f95a87937c044d63bbaf2;hp=83e90ef5423db15c3f258fd2a072253e153b6594;hpb=d0ab0382dd73638f0bc13a1a3d6f117ec11a203e;p=mailer.git diff --git a/inc/modules/admin/what-config_rallye_prices.php b/inc/modules/admin/what-config_rallye_prices.php index 83e90ef542..1c069121fd 100644 --- a/inc/modules/admin/what-config_rallye_prices.php +++ b/inc/modules/admin/what-config_rallye_prices.php @@ -32,13 +32,13 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) -{ +if ((!defined('__SECURITY')) || (!IS_ADMIN())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } + // Add description as navigation point -ADD_DESCR("admin", basename(__FILE__)); +ADD_DESCR("admin", __FILE__); if (!empty($_GET['rallye'])) { @@ -48,21 +48,21 @@ if (!empty($_GET['rallye'])) if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info'])))) { // Submitted data is valid, but maybe we already have this price level? - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d AND price_level='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s AND price_level='%s' LIMIT 1", array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Ok, new price level entered! $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_prices (rallye_id, price_level, points, info) -VALUES ('%s', '%s', '%s', '%s')", +VALUES ('%s','%s','%s','%s')", array( bigintval($_GET['rallye']), bigintval($_POST['level']), $_POST['points'], $_POST['info'] ), __FILE__, __LINE__); - LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED); + LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED); } else { @@ -70,7 +70,7 @@ VALUES ('%s', '%s', '%s', '%s')", SQL_FREERESULT($result); // Price level found! - LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND); + LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND); } } } @@ -81,35 +81,35 @@ VALUES ('%s', '%s', '%s', '%s')", if ($SEL > 0) { // Delete selected entries - foreach ($_POST['sel'] as $id=>$sel) + foreach ($_POST['sel'] as $id => $sel) { - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } // Output message - LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_ENTRIES_DELETED); + LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_DELETED); } else { - LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED); + LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED); } } elseif (isset($_POST['change'])) { // Change entries - foreach ($_POST['level'] as $id=>$level) + foreach ($_POST['level'] as $id => $level) { // Secure ID $id = bigintval($id); // Update entry - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%d, price_level='%s', points='%s', info='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1", array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__); } // Output message - LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED); + LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED); } if (isset($_POST['edit'])) @@ -120,10 +120,10 @@ VALUES ('%s', '%s', '%s', '%s')", { // Make selected editable $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id=>$sel) + foreach ($_POST['sel'] as $id => $sel) { // Load data to selected rallye - $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($rallye, $level, $points, $infos) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -165,10 +165,10 @@ VALUES ('%s', '%s', '%s', '%s')", { // List all prices $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id=>$sel) + foreach ($_POST['sel'] as $id => $sel) { // Load data to selected rallye - $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($rallye, $level, $points, $infos) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -206,7 +206,7 @@ VALUES ('%s', '%s', '%s', '%s')", else { // A rallye was selected, so check if there are already prices assigned... - $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level", + $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level", array(bigintval($_GET['rallye'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0)