X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-edit_sponsor.php;h=631eef75314a46e14a88bced7ce0b8bca4082716;hb=ad851a23313d8ac6489a759a0f3d62e3bc6f4682;hp=005abac287b3bd772d6a1d1fbce952b3af5937a6;hpb=9beb33ae0c3194b05d172508768a833b1b69af2f;p=mailer.git

diff --git a/inc/modules/admin/what-edit_sponsor.php b/inc/modules/admin/what-edit_sponsor.php
index 005abac287..631eef7531 100644
--- a/inc/modules/admin/what-edit_sponsor.php
+++ b/inc/modules/admin/what-edit_sponsor.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 04/24/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * M-XChange v0.2.1                                   Start: 04/24/2005 *
+ * ================                             Last change: 05/12/2005 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-edit_sponsor.php                            *
@@ -15,9 +15,10 @@
  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  * For more information visit: http://www.mxchange.org                  *
  *                                                                      *
- * This program is free software. You can redistribute it and/or modify *
+ * This program is free software; you can redistribute it and/or modify *
  * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License.       *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
  *                                                                      *
  * This program is distributed in the hope that it will be useful,      *
  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
@@ -31,52 +32,49 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
 	require($INC);
 }
 
 // Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
 
-if ((!empty($HTTP_GET_VARS['id'])) && (!empty($HTTP_GET_VARS['mode'])))
-{
+if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
 	// Check for selected sponsor
-	$result = SQL_QUERY_ESC("SELECT company, position, salut, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, receive_warnings, warning_interval FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1",
-	 array($HTTP_GET_VARS['id']), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result) == 1)
-	{
+	$result = SQL_QUERY_ESC("SELECT company, position, gender, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, receive_warnings, warning_interval FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1",
+	 array(bigintval($_GET['id'])), __FILE__, __LINE__);
+	if (SQL_NUMROWS($result) == 1) {
 		// Load sponsor details
 		$DATA = SQL_FETCHARRAY($result);
 		SQL_FREERESULT($result);
 
 		// Prepare all data for the template
 		//  Sponsor's ID
-		define('__SPONSOR_ID' , $HTTP_GET_VARS['id']);
+		define('__SPONSOR_ID' , bigintval($_GET['id']));
 		//  Company's data
 		define('__COMPANY'    , $DATA['company']);
 		define('__POSITION'   , $DATA['position']);
 		define('__TAX_IDENT'  , $DATA['tax_ident']);
 		//  Personal data
-		switch ($DATA['salut'])
+		switch ($DATA['gender'])
 		{
 		case "M":
-			define('__SALUT_M', " selected");
-			define('__SALUT_F', "");
-			define('__SALUT_C', "");
+			define('__GENDER_M', " selected=\"selected\"");
+			define('__GENDER_F', "");
+			define('__GENDER_C', "");
 			break;
 
 		case "F":
-			define('__SALUT_M', "");
-			define('__SALUT_F', " selected");
-			define('__SALUT_C', "");
+			define('__GENDER_M', "");
+			define('__GENDER_F', " selected=\"selected\"");
+			define('__GENDER_C', "");
 			break;
 
 		case "C":
-			define('__SALUT_M', "");
-			define('__SALUT_F', "");
-			define('__SALUT_C', " selected");
+			define('__GENDER_M', "");
+			define('__GENDER_F', "");
+			define('__GENDER_C', " selected=\"selected\"");
 			break;
 		}
 		define('__SURNAME'    , $DATA['surname']);
@@ -96,60 +94,56 @@ if ((!empty($HTTP_GET_VARS['id'])) && (!empty($HTTP_GET_VARS['mode'])))
 		define('__REC_WARNING', ADD_SELECTION("yn", $DATA['receive_warnings'], "receive_warning"));
 		define('__INTERVAL'   , CREATE_TIME_SELECTIONS($DATA['warning_interval'], "warning_interval", "MWDh"));
 
+		// Init variables here
+		$TPL = sprintf("admin_edit_sponsor_%s", SQL_ESCAPE($_GET['mode']));
+		$SQLs = array();
+
 		// Sponsor was found
-		$TPL = "admin_edit_sponsor_".$HTTP_GET_VARS['mode']; $SQLs = array();
-		if ((isset($HTTP_POST_VARS['ok'])) || (isset($HTTP_POST_VARS['edit'])))
-		{
+		if ((isset($_POST['ok'])) || (isset($_POST['edit']))) {
 			// Perform action on mode
-			switch ($HTTP_GET_VARS['mode'])
+			switch ($_GET['mode'])
 			{
 			case "add_points": // Add points
-				if (strval($HTTP_POST_VARS['points']) > 0)
-				{
+				if (strval($_POST['points']) > 0) {
 					// Replace german decimal comma with computer's decimal dot
-					$POINTS = strval(str_replace(",", ".", $HTTP_POST_VARS['points']));
+					$POINTS = strval(REVERT_COMMA($_POST['points']));
 
 					// Add points to account
 					$result_add = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET points_amount=points_amount+%s WHERE id='%s' LIMIT 1",
-					 array($POINTS, bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+					 array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
 
 					// Remember points /reason for the template
 					define('__POINTS' , TRANSLATE_COMMA($POINTS));
-					define('__REASON' , $HTTP_POST_VARS['reason']);
+					define('__REASON' , $_POST['reason']);
 
 					// Send email
-					$msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $HTTP_POST_VARS['reason'], true);
+					$msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $_POST['reason'], true);
 					SEND_EMAIL(__EMAIL, SPONSOR_ADMIN_ADD_POINTS, $msg);
 					$MSG = ADMIN_SPONSOR_POINTS_ADDED;
-				}
-				 else
-				{
+				} else {
 					// No points entered to add!
 					$MSG = ADMIN_SPONSPOR_NO_POINTS_TO_ADD;
 				}
 				break;
 
 			case "sub_points": // Subtract points
-				if (strval($HTTP_POST_VARS['points']) > 0)
-				{
+				if (strval($_POST['points']) > 0) {
 					// Replace german decimal comma with computer's decimal dot
-					$POINTS = strval(str_replace(",", ".", $HTTP_POST_VARS['points']));
+					$POINTS = strval(REVERT_COMMA($_POST['points']));
 
 					// Add points to account
 					$result_add = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET points_used=points_used+%s WHERE id='%s' LIMIT 1",
-					 array($POINTS, bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+					 array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
 
 					// Remember points /reason for the template
 					define('__POINTS' , TRANSLATE_COMMA($POINTS));
-					define('__REASON' , $HTTP_POST_VARS['reason']);
+					define('__REASON' , $_POST['reason']);
 
 					// Send email
-					$msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $HTTP_POST_VARS['reason'], true);
+					$msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $_POST['reason'], true);
 					SEND_EMAIL(__EMAIL, SPONSOR_ADMIN_SUB_POINTS, $msg);
 					$MSG = ADMIN_SPONSOR_POINTS_SUBTRACTED;
-				}
-				 else
-				{
+				} else {
 					// No points entered to add!
 					$MSG = ADMIN_SPONSPOR_NO_POINTS_TO_SUBTRACT;
 				}
@@ -157,58 +151,49 @@ if ((!empty($HTTP_GET_VARS['id'])) && (!empty($HTTP_GET_VARS['mode'])))
 
 			case "edit": // Edit sponsor account
 				$PASS = true;
-				if (($HTTP_POST_VARS['pass1'] != $HTTP_POST_VARS['pass2']) || ((empty($HTTP_POST_VARS['pass1'])) && (empty($HTTP_POST_VARS['pass1']))))
-				{
+				if (($_POST['pass1'] != $_POST['pass2']) || ((empty($_POST['pass1'])) && (empty($_POST['pass1'])))) {
 					// Remove passwords
-					unset($HTTP_POST_VARS['pass1']);
-					unset($HTTP_POST_VARS['pass2']);
+					unset($_POST['pass1']);
+					unset($_POST['pass2']);
 					$PASS = false;
 				}
-				SPONSOR_HANDLE_SPONSOR($HTTP_POST_VARS);
+				SPONSOR_HANDLE_SPONSOR($_POST);
 
 				// Convert some data for the email template
-				$HTTP_POST_VARS['salut'] = TRANSLATE_SEX($HTTP_POST_VARS['salut']);
-				$HTTP_POST_VARS['warning_interval'] = CREATE_FANCY_TIME($HTTP_POST_VARS['warning_interval']);
-				if (!$PASS) $HTTP_POST_VARS['pass1'] = SPONSOR_PASS_UNCHANGED;
+				$_POST['gender'] = TRANSLATE_GENDER($_POST['gender']);
+				$_POST['warning_interval'] = CREATE_FANCY_TIME($_POST['warning_interval']);
+				if (!$PASS) $_POST['pass1'] = SPONSOR_PASS_UNCHANGED;
 
 				// Load email template and send the mail away
-				$msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $HTTP_POST_VARS, false);
-				SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ADMIN_EDIT_SUBJECT, $msg);
+				$msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $_POST, false);
+				SEND_EMAIL($_POST['email'], SPONSOR_ADMIN_EDIT_SUBJECT, $msg);
 				break;
 
 			default: // Unknown mode
-				$MSG = ADMIN_INVALID_MODE_1.$HTTP_GET_VARS['mode'].ADMIN_INVALID_MODE_2;
+				DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown mode %s detected.", $_GET['mode']));
+				$MSG = ADMIN_INVALID_MODE_1.SQL_ESCAPE($_GET['mode']).ADMIN_INVALID_MODE_2;
 				break;
 			}
 
-			if (!empty($MSG))
-			{
+			if (!empty($MSG)) {
 				// Output message
 				LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
-			}
-		}
-		 elseif (file_exists(PATH."templates/".GET_LANGUAGE()."/html/admin/".$TPL.".tpl"))
-		{
+			} // END - if
+		} elseif (FILE_READABLE(sprintf("%stemplates/%s/html/admin/%s.tpl", PATH, GET_LANGUAGE(), $TPL))) {
 			// Create mailto link
 			define('__SPONSOR_VALUE', "<A href=\"mailto:".__EMAIL."\">".__SURNAME." ".__FAMILY."</A>");
 
 			// Load mode template
 			LOAD_TEMPLATE($TPL);
-		}
-		 else
-		{
+		} else {
 			// Template not found!
-			LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_TPL_404_1.$HTTP_GET_VARS['mode'].ADMIN_TPL_404_2);
+			LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_TPL_404_1.SQL_ESCAPE($_GET['mode']).ADMIN_TPL_404_2);
 		}
-	}
-	 else
-	{
+	} else {
 		// Sponsor not found!
-		LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['id'].ADMIN_SPONSOR_404_2);
+		LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.bigintval($_GET['id']).ADMIN_SPONSOR_404_2);
 	}
-}
- else
-{
+} else {
 	// Not called by what-list_sponsor.php
 	LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_CALL_NOT_DIRECTLY);
 }