X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-config_rallye_prices.php;h=1c069121fd262db859c6c138279a461bf67af94a;hb=8454545089b9b77695498cd855cf50075151d957;hp=02ed535f9a92708b8daeb4d51841ba811290c9e5;hpb=5ef6ed7373ae85e5635e39e2a0adf9496a8add05;p=mailer.git

diff --git a/inc/modules/admin/what-config_rallye_prices.php b/inc/modules/admin/what-config_rallye_prices.php
index 02ed535f9a..1c069121fd 100644
--- a/inc/modules/admin/what-config_rallye_prices.php
+++ b/inc/modules/admin/what-config_rallye_prices.php
@@ -32,13 +32,13 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
+
 // Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
 
 if (!empty($_GET['rallye']))
 {
@@ -48,14 +48,14 @@ if (!empty($_GET['rallye']))
 		if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
 		{
 			// Submitted data is valid, but maybe we already have this price level?
-			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d AND price_level='%s' LIMIT 1",
+			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
 			 array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
 
 			if (SQL_NUMROWS($result) == 0)
 			{
 				// Ok, new price level entered!
 				$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_prices (rallye_id, price_level, points, info)
-VALUES ('%s', '%s', '%s', '%s')",
+VALUES ('%s','%s','%s','%s')",
  array(
 	bigintval($_GET['rallye']),
 	bigintval($_POST['level']),
@@ -81,9 +81,9 @@ VALUES ('%s', '%s', '%s', '%s')",
 		if ($SEL > 0)
 		{
 			// Delete selected entries
-			foreach ($_POST['sel'] as $id=>$sel)
+			foreach ($_POST['sel'] as $id => $sel)
 			{
-				$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+				$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
 				 array(bigintval($id)), __FILE__, __LINE__);
 			}
 
@@ -98,13 +98,13 @@ VALUES ('%s', '%s', '%s', '%s')",
 	 elseif (isset($_POST['change']))
 	{
 		// Change entries
-		foreach ($_POST['level'] as $id=>$level)
+		foreach ($_POST['level'] as $id => $level)
 		{
 			// Secure ID
 			$id = bigintval($id);
 
 			// Update entry
-			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%d, price_level='%s', points='%s', info='%s' WHERE id=%d LIMIT 1",
+			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
 			 array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
 		}
 
@@ -120,10 +120,10 @@ VALUES ('%s', '%s', '%s', '%s')",
 		{
 			// Make selected editable
 			$SW = 2; $OUT = "";
-			foreach ($_POST['sel'] as $id=>$sel)
+			foreach ($_POST['sel'] as $id => $sel)
 			{
 				// Load data to selected rallye
-				$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+				$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
 				 array(bigintval($id)), __FILE__, __LINE__);
 				list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
 				SQL_FREERESULT($result);
@@ -165,10 +165,10 @@ VALUES ('%s', '%s', '%s', '%s')",
 		{
 			// List all prices
 			$SW = 2; $OUT = "";
-			foreach ($_POST['sel'] as $id=>$sel)
+			foreach ($_POST['sel'] as $id => $sel)
 			{
 				// Load data to selected rallye
-				$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+				$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
 				 array(bigintval($id)), __FILE__, __LINE__);
 				list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
 				SQL_FREERESULT($result);
@@ -206,7 +206,7 @@ VALUES ('%s', '%s', '%s', '%s')",
 	 else
 	{
 		// A rallye was selected, so check if there are already prices assigned...
-		$result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+		$result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
 		 array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
 
 		if (SQL_NUMROWS($result) > 0)
@@ -262,7 +262,7 @@ WHERE d.admin_id=a.id ORDER BY start_time DESC", __FILE__, __LINE__);
 		while (list($id, $aid, $start, $end, $title, $alogin, $active) = SQL_FETCHROW($result))
 		{
 			$select = "<INPUT type=\"checkbox\" name=\"sel[".$id."]\" class=\"admin_normal\" value=\"1\">";
-			if ($active == 'Y') $select = "<STRONG class=\"big\">".$id."</STRONG>";
+			if ($active == "Y") $select = "<STRONG class=\"big\">".$id."</STRONG>";
 
 			// Prepare data for the row template
 			$content = array(