X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-list_links.php;h=2fd651fd1fd67007b80b73d27ea0f3e18fb16432;hb=2142149f3f72f1a2476f95a87937c044d63bbaf2;hp=1cb8786dab5107c7235a618a7103246a0c721aa8;hpb=d0ab0382dd73638f0bc13a1a3d6f117ec11a203e;p=mailer.git
diff --git a/inc/modules/admin/what-list_links.php b/inc/modules/admin/what-list_links.php
index 1cb8786dab..2fd651fd1f 100644
--- a/inc/modules/admin/what-list_links.php
+++ b/inc/modules/admin/what-list_links.php
@@ -32,7 +32,7 @@
************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
} elseif (!EXT_IS_ACTIVE("mailid")) {
@@ -41,13 +41,13 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
}
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
if (empty($_GET['del'])) $_GET['del'] = "";
if (!empty($_GET['u_id'])) {
// Check if the user already exists
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
// Is there an entry?
@@ -59,11 +59,11 @@ if (!empty($_GET['u_id'])) {
// Grab user's all unconfirmed mails
if (EXT_IS_ACTIVE("bonus")) {
// Load bonus ID
- $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+ $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
} else {
// Load stats ID (2nd will be ignored later! But it is needed for the same fetchrow command)
- $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+ $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
}
@@ -74,7 +74,7 @@ if (!empty($_GET['u_id'])) {
// Some unconfirmed mails left
if ($_GET['del'] == "all") {
// Delete all unconfirmed mails by this user
- $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d LIMIT %s",
+ $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s LIMIT %s",
array(bigintval($_GET['u_id']), $nums), __FILE__, __LINE__);
// Prepare mail and send it away
@@ -92,16 +92,16 @@ if (!empty($_GET['u_id'])) {
switch ($type)
{
case "NORMAL":
- $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+ $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
- $TYPE = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM;
+ $type = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM;
$LINK = "".$id."";
break;
case "BONUS":
- $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array(bigintval($id2)), __FILE__, __LINE__);
- $TYPE = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM;
+ $type = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM;
$LINK = "".$id2."";
break;
}