X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-config_rallye_prices.php;h=91fe4c618a77fdd2552b2cc8670d4ad93fd6827f;hb=c4ceb98e54f072c262519fc2ea31ccf6f8559049;hp=91565cf9e3234575182989391ef1fc3b71645895;hpb=e1653405d28923c78b2e292125306ccf61138f24;p=mailer.git

diff --git a/inc/modules/admin/what-config_rallye_prices.php b/inc/modules/admin/what-config_rallye_prices.php
index 91565cf9e3..91fe4c618a 100644
--- a/inc/modules/admin/what-config_rallye_prices.php
+++ b/inc/modules/admin/what-config_rallye_prices.php
@@ -32,37 +32,37 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
+
 // Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['rallye']))
+if (REQUEST_ISSET_GET(('rallye')))
 {
 	// Price submitted?
-	if (isset($_POST['add']))
+	if (REQUEST_ISSET_POST(('add')))
 	{
-		if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
+		if ((REQUEST_ISSET_POST(('level'))) && ((REQUEST_ISSET_POST(('points'))) || (REQUEST_ISSET_POST(('info')))))
 		{
 			// Submitted data is valid, but maybe we already have this price level?
-			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d AND price_level='%s' LIMIT 1",
-			 array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
+			$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
+			 array(bigintval(REQUEST_GET('rallye')), bigintval(REQUEST_POST('level'))), __FILE__, __LINE__);
 
 			if (SQL_NUMROWS($result) == 0)
 			{
 				// Ok, new price level entered!
-				$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_prices (rallye_id, price_level, points, info)
-VALUES ('%s', '%s', '%s', '%s')",
+				SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_prices` (rallye_id, price_level, points, info)
+VALUES ('%s','%s','%s','%s')",
  array(
-	bigintval($_GET['rallye']),
-	bigintval($_POST['level']),
-	$_POST['points'],
-	$_POST['info']
+	bigintval(REQUEST_GET('rallye')),
+	bigintval(REQUEST_POST('level')),
+	REQUEST_POST('points'),
+	REQUEST_POST('info')
 ), __FILE__, __LINE__);
-				LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED);
+				LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED);
 			}
 			 else
 			{
@@ -70,61 +70,55 @@ VALUES ('%s', '%s', '%s', '%s')",
 				SQL_FREERESULT($result);
 
 				// Price level found!
-				LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND);
+				LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND);
 			}
 		}
-	}
-	 elseif (isset($_POST['remove']))
-	{
+	} elseif (REQUEST_ISSET_POST(('remove'))) {
 		// Check if at last one line is selected
-		$SEL = SELECTION_COUNT($_POST['sel']);
-		if ($SEL > 0)
-		{
+		$SEL = SELECTION_COUNT(REQUEST_POST('sel'));
+		if ($SEL > 0) {
 			// Delete selected entries
-			foreach ($_POST['sel'] as $id=>$sel)
-			{
-				$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
-				 array(bigintval($id)), __FILE__, __LINE__);
+			foreach (REQUEST_POST('sel') as $id => $sel) {
+				SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
+					array(bigintval($id)), __FILE__, __LINE__);
 			}
 
 			// Output message
-			LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_ENTRIES_DELETED);
-		}
-		 else
-		{
-			LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED);
+			LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_DELETED);
+		} else {
+			LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED);
 		}
-	}
-	 elseif (isset($_POST['change']))
-	{
+	} elseif (REQUEST_ISSET_POST(('change'))) {
 		// Change entries
-		foreach ($_POST['level'] as $id=>$level)
-		{
+		foreach (REQUEST_POST('level') as $id => $level) {
 			// Secure ID
 			$id = bigintval($id);
 
 			// Update entry
-			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%d, price_level='%s', points='%s', info='%s' WHERE id=%d LIMIT 1",
-			 array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
+			SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_prices` SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
+				array(
+					REQUEST_POST('rallye_id', $id),
+					bigintval($level),
+					REQUEST_POST('points', $id]),
+					REQUEST_POST('infos', $id),
+					$id
+				), __FILE__, __LINE__);
 		}
 
 		// Output message
-		LOAD_TEMPLATE ("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED);
+		LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED);
 	}
 
-	if (isset($_POST['edit']))
-	{
+	if (REQUEST_ISSET_POST('edit')) {
 		// Check if at last one line is selected
-		$SEL = SELECTION_COUNT($_POST['sel']);
-		if ($SEL > 0)
-		{
+		$SEL = SELECTION_COUNT(REQUEST_POST('sel'));
+		if ($SEL > 0) {
 			// Make selected editable
 			$SW = 2; $OUT = "";
-			foreach ($_POST['sel'] as $id=>$sel)
-			{
+			foreach (REQUEST_POST('sel') as $id => $sel) {
 				// Load data to selected rallye
-				$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
-				 array(bigintval($id)), __FILE__, __LINE__);
+				$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
+					array(bigintval($id)), __FILE__, __LINE__);
 				list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
 				SQL_FREERESULT($result);
 
@@ -145,7 +139,7 @@ VALUES ('%s', '%s', '%s', '%s')",
 			define('__PRICE_ROWS', $OUT);
 
 			// Prepare data for the main template
-			define('__RALLYE_ID', $_GET['rallye']);
+			define('__RALLYE_ID', REQUEST_GET('rallye'));
 
 			// Load main template
 			LOAD_TEMPLATE("admin_config_rallye_edit");
@@ -153,22 +147,22 @@ VALUES ('%s', '%s', '%s', '%s')",
 		 else
 		{
 			// Nothing selected
-			$content = RALLYE_NO_PRICES_SELECTED_1."<A href=\"".URL."/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</A>".RALLYE_NO_PRICES_SELECTED_3;
+			$content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".REQUEST_GET('rallye')."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
 			LOAD_TEMPLATE("admin_settings_saved", false, $content);
 		}
 	}
-	 elseif (isset($_POST['del']))
+	 elseif (REQUEST_ISSET_POST('del'))
 	{
 		// Check if at last one line is selected
-		$SEL = SELECTION_COUNT($_POST['sel']);
+		$SEL = SELECTION_COUNT(REQUEST_POST('sel'));
 		if ($SEL > 0)
 		{
 			// List all prices
 			$SW = 2; $OUT = "";
-			foreach ($_POST['sel'] as $id=>$sel)
+			foreach (REQUEST_POST('sel') as $id => $sel)
 			{
 				// Load data to selected rallye
-				$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+				$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
 				 array(bigintval($id)), __FILE__, __LINE__);
 				list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
 				SQL_FREERESULT($result);
@@ -191,7 +185,7 @@ VALUES ('%s', '%s', '%s', '%s')",
 			define('__PRICE_ROWS', $OUT);
 
 			// Prepare data for the main template
-			define('__RALLYE_ID', $_GET['rallye']);
+			define('__RALLYE_ID', REQUEST_GET('rallye'));
 
 			// Load main template
 			LOAD_TEMPLATE("admin_config_rallye_del");
@@ -199,21 +193,21 @@ VALUES ('%s', '%s', '%s', '%s')",
 		 else
 		{
 			// Nothing selected
-			$content = RALLYE_NO_PRICES_SELECTED_1."<A href=\"".URL."/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</A>".RALLYE_NO_PRICES_SELECTED_3;
+			$content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".REQUEST_GET('rallye')."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
 			LOAD_TEMPLATE("admin_settings_saved", false, $content);
 		}
 	}
 	 else
 	{
-		// A rallye was selected, so check if there are already prices assigned...
-		$result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
-		 array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+		// a rallye was selected, so check if there are already prices assigned...
+		$result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s ORDER BY price_level",
+		 array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
 
 		if (SQL_NUMROWS($result) > 0)
 		{
 			// Load all prices for the selected rallye
 			$SW = 2; $OUT = "";
-			while(list($id, $level, $points, $infos) = SQL_FETCHROW($result))
+			while (list($id, $level, $points, $infos) = SQL_FETCHROW($result))
 			{
 				if (empty($infos)) $infos = "---";
 
@@ -236,7 +230,7 @@ VALUES ('%s', '%s', '%s', '%s')",
 			define('__PRICE_ROWS', $OUT);
 
 			// Prepare data for the main template
-			define('__RALLYE_ID', $_GET['rallye']);
+			define('__RALLYE_ID', REQUEST_GET('rallye'));
 
 			// Load main template
 			LOAD_TEMPLATE("admin_config_rallye_prices");
@@ -244,16 +238,13 @@ VALUES ('%s', '%s', '%s', '%s')",
 	}
 
 	// Add form for adding new price level
-	if (empty($_POST['edit']))
-	{
-		LOAD_TEMPLATE("admin_add_rallye_prices", false, $_GET['rallye']);
+	if (!REQUEST_ISSET_POST('edit')) {
+		LOAD_TEMPLATE("admin_add_rallye_prices", false, REQUEST_GET('rallye'));
 	}
-}
- else
-{
+} else {
 	// No rallye selected so display all available without prices
 	$result = SQL_QUERY("SELECT d.id, d.admin_id, d.start_time, d.end_time, d.title, a.login, d.is_active
-FROM "._MYSQL_PREFIX."_rallye_data AS d, "._MYSQL_PREFIX."_admins AS a
+FROM `{!_MYSQL_PREFIX!}_rallye_data` AS d, `{!_MYSQL_PREFIX!}_admins` AS a
 WHERE d.admin_id=a.id ORDER BY start_time DESC", __FILE__, __LINE__);
 	if (SQL_NUMROWS($result) > 0)
 	{
@@ -261,8 +252,8 @@ WHERE d.admin_id=a.id ORDER BY start_time DESC", __FILE__, __LINE__);
 		$SW = 2; $OUT = "";
 		while (list($id, $aid, $start, $end, $title, $alogin, $active) = SQL_FETCHROW($result))
 		{
-			$select = "<INPUT type=\"checkbox\" name=\"sel[".$id."]\" class=\"admin_normal\" value=\"1\">";
-			if ($active == 'Y') $select = "<STRONG class=\"big\">".$id."</STRONG>";
+			$select = "<input type=\"checkbox\" name=\"sel[".$id."]\" class=\"admin_normal\" value=\"1\">";
+			if ($active == "Y") $select = "<div class=\"big\">".$id."</div>";
 
 			// Prepare data for the row template
 			$content = array(