X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-config_rallye_prices.php;h=33f53536c65ea0fcf0828c98fe5ed92a4187020e;hb=d016e24dd4686f613a17733b96bc28fac936a4ac;hp=0d3faf764b7b37536cd53e6650cd07aab6e32211;hpb=307a4e11763f0914e73dc756b219356e1c29ab25;p=mailer.git
diff --git a/inc/modules/admin/what-config_rallye_prices.php b/inc/modules/admin/what-config_rallye_prices.php
index 0d3faf764b..33f53536c6 100644
--- a/inc/modules/admin/what-config_rallye_prices.php
+++ b/inc/modules/admin/what-config_rallye_prices.php
@@ -32,13 +32,13 @@
************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
if (!empty($_GET['rallye']))
{
@@ -48,14 +48,14 @@ if (!empty($_GET['rallye']))
if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
{
// Submitted data is valid, but maybe we already have this price level?
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d AND price_level='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
{
// Ok, new price level entered!
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_prices (rallye_id, price_level, points, info)
-VALUES ('%s', '%s', '%s', '%s')",
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_prices` (rallye_id, price_level, points, info)
+VALUES ('%s','%s','%s','%s')",
array(
bigintval($_GET['rallye']),
bigintval($_POST['level']),
@@ -73,57 +73,47 @@ VALUES ('%s', '%s', '%s', '%s')",
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND);
}
}
- }
- elseif (isset($_POST['remove']))
- {
+ } elseif (isset($_POST['remove'])) {
// Check if at last one line is selected
$SEL = SELECTION_COUNT($_POST['sel']);
- if ($SEL > 0)
- {
+ if ($SEL > 0) {
// Delete selected entries
- foreach ($_POST['sel'] as $id=>$sel)
- {
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
- array(bigintval($id)), __FILE__, __LINE__);
+ foreach ($_POST['sel'] as $id => $sel) {
+ SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
+ array(bigintval($id)), __FILE__, __LINE__);
}
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_DELETED);
- }
- else
- {
+ } else {
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED);
}
- }
- elseif (isset($_POST['change']))
- {
+ } elseif (isset($_POST['change'])) {
// Change entries
- foreach ($_POST['level'] as $id=>$level)
- {
+ foreach ($_POST['level'] as $id => $level) {
// Secure ID
$id = bigintval($id);
// Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%d, price_level='%s', points='%s', info='%s' WHERE id=%d LIMIT 1",
- array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
+ SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_prices` SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
+ array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
}
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED);
}
- if (isset($_POST['edit']))
- {
+ if (isset($_POST['edit'])) {
// Check if at last one line is selected
$SEL = SELECTION_COUNT($_POST['sel']);
if ($SEL > 0)
{
// Make selected editable
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
// Load data to selected rallye
- $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
@@ -153,7 +143,7 @@ VALUES ('%s', '%s', '%s', '%s')",
else
{
// Nothing selected
- $content = RALLYE_NO_PRICES_SELECTED_1."".RALLYE_NO_PRICES_SELECTED_2."".RALLYE_NO_PRICES_SELECTED_3;
+ $content = RALLYE_NO_PRICES_SELECTED_1."".RALLYE_NO_PRICES_SELECTED_2."".RALLYE_NO_PRICES_SELECTED_3;
LOAD_TEMPLATE("admin_settings_saved", false, $content);
}
}
@@ -165,10 +155,10 @@ VALUES ('%s', '%s', '%s', '%s')",
{
// List all prices
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
// Load data to selected rallye
- $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
@@ -199,21 +189,21 @@ VALUES ('%s', '%s', '%s', '%s')",
else
{
// Nothing selected
- $content = RALLYE_NO_PRICES_SELECTED_1."".RALLYE_NO_PRICES_SELECTED_2."".RALLYE_NO_PRICES_SELECTED_3;
+ $content = RALLYE_NO_PRICES_SELECTED_1."".RALLYE_NO_PRICES_SELECTED_2."".RALLYE_NO_PRICES_SELECTED_3;
LOAD_TEMPLATE("admin_settings_saved", false, $content);
}
}
else
{
- // A rallye was selected, so check if there are already prices assigned...
- $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+ // a rallye was selected, so check if there are already prices assigned...
+ $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s ORDER BY price_level",
array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
// Load all prices for the selected rallye
$SW = 2; $OUT = "";
- while(list($id, $level, $points, $infos) = SQL_FETCHROW($result))
+ while (list($id, $level, $points, $infos) = SQL_FETCHROW($result))
{
if (empty($infos)) $infos = "---";
@@ -253,7 +243,7 @@ VALUES ('%s', '%s', '%s', '%s')",
{
// No rallye selected so display all available without prices
$result = SQL_QUERY("SELECT d.id, d.admin_id, d.start_time, d.end_time, d.title, a.login, d.is_active
-FROM "._MYSQL_PREFIX."_rallye_data AS d, "._MYSQL_PREFIX."_admins AS a
+FROM `{!_MYSQL_PREFIX!}_rallye_data` AS d, `{!_MYSQL_PREFIX!}_admins` AS a
WHERE d.admin_id=a.id ORDER BY start_time DESC", __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
@@ -261,8 +251,8 @@ WHERE d.admin_id=a.id ORDER BY start_time DESC", __FILE__, __LINE__);
$SW = 2; $OUT = "";
while (list($id, $aid, $start, $end, $title, $alogin, $active) = SQL_FETCHROW($result))
{
- $select = "";
- if ($active == "Y") $select = "".$id."";
+ $select = "";
+ if ($active == "Y") $select = "".$id."
";
// Prepare data for the row template
$content = array(