X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmysql-manager.php;h=23a57e582182a58258895cb6a94ecb91aa3dae20;hb=4a81d02abaf1d774e251c44e651b559a4fe1e212;hp=34132e388bae189448c716abfa55fec39ed19e6d;hpb=a99e7f59b96a57db7a2b891d111f4168155433e1;p=mailer.git

diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index 34132e388b..23a57e5821 100644
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -32,30 +32,25 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
 
 //
-function ADD_MODULE_TITLE($mod)
-{
+function ADD_MODULE_TITLE($mod) {
 	global $cacheArray, $_CONFIG;
 	$name = ""; $result = false;
-	// Load title
-	if (!mxchange_installing)
-	{
-		if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module'])) && (isset($cacheArray['modules']['module'][$mod])))
-		{
+
+	// Is the script installed?
+	if (isBooleanConstantAndTrue('mxchange_installed')) {
+		if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module'])) && (isset($cacheArray['modules']['module'][$mod]))) {
 			// Load from cache
 			$name = $cacheArray['modules']['title'][$mod];
 
 			// Update cache hits
 			$_CONFIG['cache_hits']++;
-		}
-		 else
-		{
+		} else {
 			// Load from database
 			$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_mod_reg WHERE module='%s' LIMIT 1", array($mod), __FILE__, __LINE__);
 			list($name) = SQL_FETCHROW($result);
@@ -67,18 +62,17 @@ function ADD_MODULE_TITLE($mod)
 	$name = trim($name);
 
 	// Still no luck or empty title?
-	if (empty($name))
-	{
+	if (empty($name)) {
 		// No name found
 		$name = LANG_UNKNOWN_MODULE." (".$mod.")";
-		if (SQL_NUMROWS($result) == 0)
-		{
+		if (SQL_NUMROWS($result) == 0) {
 			// Add module to database
 			$dummy = CHECK_MODULE($mod);
 		}
 	}
 	return $name;
 }
+
 // Check validity of a given module name (no file extension)
 function CHECK_MODULE($mod) {
 	// We need them now here...
@@ -104,7 +98,7 @@ function CHECK_MODULE($mod) {
 	$ret = "major";
 
 	// Check if script is installed if not return a "done" to prevent some errors
-	if ((!mxchange_installed) || (mxchange_installing) || (!admin_registered)) return "done";
+	if ((!isBooleanConstantAndTrue('mxchange_installed')) || (isBooleanConstantAndTrue('mxchange_installing')) || (!isBooleanConstantAndTrue('admin_registered'))) return "done";
 
 	// Check if cache is latest version
 	$locked = 'Y'; $hidden = 'N'; $admin = 'N'; $mem = 'N'; $found = false;
@@ -193,9 +187,9 @@ function CHECK_MODULE($mod) {
 	// Return the value
 	return $ret;
 }
+
 // Add menu description pending on given file name (without path!)
-function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
-{
+function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) {
 	global $DEPTH, $_CONFIG;
 	$LINK_ADD = ""; $OUT = ""; $AND = "";
 	// First we have to do some analysis...
@@ -257,12 +251,16 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
 		if (!$return) $DEPTH++;
 		$prefix = "";
 	}
+
 	$prefix .= " -> ";
+
 	if (ereg(".php", $search)) {
 		$search = substr($search, 0, strpos($search, ".php"));
 	}
+
 	$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1",
 	 array($ACC_LVL, $type, $search), __FILE__, __LINE__);
+
 	if (SQL_NUMROWS($result) == 1) {
 		list($ret) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
@@ -276,6 +274,7 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
 			if (($type == "what") || (($type == "action") && (!isset($_GET['what'])) && ($GLOBALS['what'] != "welcome"))) {
 				//* DEBUG: */ echo __LINE__."+".$type."+<br />\n";
 				$OUT .= "</DIV><br />\n";
+				$DEPTH="0";
 			}
 		}
 	}
@@ -292,22 +291,28 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
 //
 function ADD_MENU($MODE, $act, $wht) {
 	global $_CONFIG;
+
+	// Init some variables
+	$main_cnt = 0;
+	$AND = "";
+	$main_action = "";
+	$sub_what = "";
+
 	if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID;
-	$main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = "";
-	if (!IS_ADMIN())
-	{
+
+	// Non-admin shall not see all menus
+	if (!IS_ADMIN()) {
 		$AND = "AND visible='Y' AND locked='N'";
 	}
+
 	// Load SQL data and add the menu to the output stream...
 	$result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort",
 	 array($MODE), __FILE__, __LINE__);
 	//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
-	if (SQL_NUMROWS($result_main) > 0)
-	{
+	if (SQL_NUMROWS($result_main) > 0) {
 		OUTPUT_HTML("<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"".$MODE."_menu\">");
 		// There are menus available, so we simply display them... :)
-		while (list($main_title, $main_action) = SQL_FETCHROW($result_main))
-		{
+		while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) {
 			//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
 			// Load menu header template
 			$BLOCK_MODE = false; $act = $main_action;
@@ -316,11 +321,10 @@ function ADD_MENU($MODE, $act, $wht) {
 			$result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort",
 			 array($MODE, $main_action), __FILE__, __LINE__);
 			$ctl = SQL_NUMROWS($result_sub);
-			if ($ctl > 0)
-			{
+			if ($ctl > 0) {
 				$cnt=0;
-				while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub))
-				{
+				while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) {
+					// Init content
 					$content = "";
 
 					// Full file name for checking menu
@@ -394,33 +398,32 @@ function IS_ADMIN($admin="")
 	//* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
 
 	// If admin login is not given take current from cookies...
-	if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])))
-	{
-		$admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5'];
+	if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {
+		// Get admin login and password from session/cookies
+		$admin = SQL_ESCAPE(get_session('admin_login'));
+		$passCookie = SQL_ESCAPE(get_session('admin_md5'));
 	}
 	//* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 
 	// Search in array for entry
-	if ((!empty($passCookie)) && (isset($cacheArray['admins']['password'][$admin])) && (!empty($admin)))
-	{
+	if ((!empty($passCookie)) && (isset($cacheArray['admins']['password'][$admin])) && (!empty($admin))) {
 		// Count cache hits
 		$_CONFIG['cache_hits']++;
 
 		// Login data is valid or not?
 		$valPass = generatePassString($cacheArray['admins']['password'][$admin]);
-	}
-	 elseif (!empty($admin))
-	{
+	} elseif (!empty($admin)) {
 		// Search for admin
 		$result = SQL_QUERY_ESC("SELECT HIGH_PRIORITY password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
 		 array($admin), __FILE__, __LINE__);
 
 		// Is he admin?
 		$passDB = "";
-		if (SQL_NUMROWS($result) == 1)
-		{
+		if (SQL_NUMROWS($result) == 1) {
 			// Admin login was found so let's load password from DB
 			list($passDB) = SQL_FETCHROW($result);
+
+			// Generate password hash
 			$valPass = generatePassString($passDB);
 		}
 
@@ -428,11 +431,10 @@ function IS_ADMIN($admin="")
 		SQL_FREERESULT($result);
 	}
 
-	if (!empty($valPass))
-	{
+	if (!empty($valPass)) {
 		// Check if password is valid
-		//* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*<br>";
-		$ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
+		//* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*<br />\n";
+		$ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
 	}
 
 	// Return result of comparision
@@ -538,7 +540,7 @@ function WHAT_IS_VALID($act, $wht, $type="guest")
 //
 function IS_LOGGED_IN()
 {
-	global $_SESSION, $status, $LAST;
+	global $status, $LAST;
 	if (!is_array($LAST)) $LAST = array();
 	$ret = false;
 
@@ -546,7 +548,7 @@ function IS_LOGGED_IN()
 	FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
 
 	// Are cookies set?
-	if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH')))
+	if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH')))
 	{
 		// Cookies are set with values, but are they valid?
 		$result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
@@ -563,31 +565,26 @@ function IS_LOGGED_IN()
 			if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
 
 			// So did we now have valid data and an unlocked user?
-			//* DEBUG: */ echo $valPass."<br>".$_SESSION['u_hash']."<br>";
-			if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash']))
-			{
+			//* DEBUG: */ echo $valPass."<br>".get_session('u_hash')."<br>";
+			if (($status == "CONFIRMED") && ($valPass == get_session('u_hash'))) {
 				// Account is confirmed and all cookie data is valid so he is definely logged in! :-)
 				$ret = true;
-			}
-			 else
-			{
+			} else {
 				// Maybe got locked etc.
 				//* DEBUG: */ echo __LINE__."!!!<br>";
-				set_session("userid", "", time() - 3600, COOKIE_PATH);
-				set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-				set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+				set_session("userid", "");
+				set_session("u_hash", "");
+				set_session("lifetime", "");
 
 				// Remove array elements to prevent errors
 				unset($GLOBALS['userid']);
 			}
-		}
-		 else
-		{
+		} else {
 			// Cookie data is invalid!
 			//* DEBUG: */ echo __LINE__."***<br>";
-			set_session("userid", "", time() - 3600, COOKIE_PATH);
-			set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-			set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+			set_session("userid", "");
+			set_session("u_hash", "");
+			set_session("lifetime", "");
 
 			// Remove array elements to prevent errors
 			unset($GLOBALS['userid']);
@@ -600,9 +597,9 @@ function IS_LOGGED_IN()
 	{
 		// Cookie data is invalid!
 		//* DEBUG: */ echo __LINE__."///<br>";
-		set_session("userid", "", time() - 3600, COOKIE_PATH);
-		set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-		set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+		set_session("userid", "");
+		set_session("u_hash", "");
+		set_session("lifetime", "");
 
 		// Remove array elements to prevent errors
 		unset($GLOBALS['userid']);
@@ -615,16 +612,16 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
 	if (!is_array($LAST)) $LAST = array();
 
 	// Are the required cookies set?
-	if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) {
+	if ((!isset($GLOBALS['userid'])) || (!isSessionVariableSet('u_hash')) || (!isSessionVariableSet('lifetime'))) {
 		// Nope, then return here to caller function
 		return false;
 	} else {
 		// Secure user ID
-		$GLOBALS['userid'] = bigintval($_SESSION['userid']);
+		$GLOBALS['userid'] = bigintval(get_session('userid'));
 	}
 
 	// Extract last online time (life) and how long is auto-login valid (time)
-	$newl = time() + bigintval($_SESSION['lifetime']);
+	$newl = time() + bigintval(get_session('lifetime'));
 
 	// Recheck if logged in
 	if (!IS_LOGGED_IN()) return false;
@@ -639,7 +636,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
 		// Maybe first login time?
 		if (empty($mod)) $mod = "login";
 
-		if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) {
+		if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE(get_session('u_hash')), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) {
 			// This will be displayed on welcome page! :-)
 			if (empty($LAST['module'])) {
 				$LAST['module'] = $mod; $LAST['online'] = $onl;
@@ -652,13 +649,11 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
 			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
 			 array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__);
 		}
-	}
-	 else
-	{
+	}  else {
 		// Destroy session, we cannot update!
-		set_session("userid", "", time() - 3600, COOKIE_PATH);
-		set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-		set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+		set_session("userid", "");
+		set_session("u_hash", "");
+		set_session("lifetime", "");
 	}
 }
 //
@@ -736,11 +731,11 @@ function SEND_MODE_MAILS($mod, $modes)
 		list($hashDB) = SQL_FETCHROW($result_main);
 
 		// Extract salt from cookie
-		$salt = substr($_SESSION['u_hash'], 0, -40);
+		$salt = substr(get_session('u_hash'), 0, -40);
 
 		// Now let's compare passwords
 		$hash = generatePassString($hashDB);
-		if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
+		if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) {
 			// Load user's data
 			$result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
 			 array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
@@ -1054,21 +1049,17 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock
 	global $DEPTH, $_CONFIG, $DATA, $link;
 
 	// When $uid = 0 add points to jackpot
-	if ($uid == "0")
-	{
+	if ($uid == "0") {
 		// Add points to jackpot
 		ADD_JACKPOT($points);
 		return;
 	}
 
 	// Count up referral depth
-	if (empty($DEPTH))
-	{
+	if (empty($DEPTH)) {
 		// Initialialize referral system
 		$DEPTH = "0";
-	}
-	 else
-	{
+	} else {
 		// Increase referral level
 		$DEPTH++;
 	}
@@ -1078,49 +1069,57 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock
 
 	$result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
 	 array(bigintval($uid)), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result_user) == 1)
-	{
+	//* DEBUG */ echo "+".SQL_NUMROWS($result_user).":".$points."+<br />\n";
+	if (SQL_NUMROWS($result_user) == 1) {
 		// This is the user and his ref
 		list ($ref, $email) = SQL_FETCHROW($result_user);
 		SQL_FREERESULT($result_user);
+
 		$result = SQL_QUERY_ESC("SELECT percents FROM "._MYSQL_PREFIX."_refdepths WHERE level='%s' LIMIT 1",
 		 array(bigintval($DEPTH)), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1)
-		{
+		//* DEBUG */ echo "DEPTH:".$DEPTH."<br />\n";
+		if (SQL_NUMROWS($result) == 1) {
 			list($per) = SQL_FETCHROW($result);
 			SQL_FREERESULT($result);
 			$P = $points * $per / 100;
+			//* DEBUG */ echo "ADD:".$P."<br />\n";
 
 			// Update points...
 			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1",
 			 array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__);
-			if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0)
-			{
+			if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) {
 				// First ref in this level! :-)
 				$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)",
 				 array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__);
 			}
 
 			// Update mediadata as well
-			if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-			{
+			if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
 				// Update database
 				MEDIA_UPDATE_ENTRY(array("total_points"), "add", $P);
 			}
 
 			// Points updated, maybe I shall send him an email?
-			if (($send_notify) && ($ref > 0) && (!$locked))
-			{
+			if (($send_notify) && ($ref > 0) && (!$locked)) {
 				//              0                1      2              3
 				$DATA = array($per, bigintval($DEPTH), $P, bigintval($ref));
 				$msg = LOAD_EMAIL_TEMPLATE("confirm-referral", "", bigintval($uid));
 
 				SEND_EMAIL($email, THANX_REFERRAL_ONE, $msg);
+			} elseif (($send_notify) && ($ref == 0) && (!$locked) && ($add_mode == "direct") && (!defined('__POINTS_VALUE'))) {
+				// Direct payment shall be notified about
+				define('__POINTS_VALUE', $P);
+
+				// Load message
+				$msg = LOAD_EMAIL_TEMPLATE("add-points", REASON_DIRECT_PAYMENT, $uid);
+
+				// And sent it away
+				SEND_EMAIL($email, SUBJECT_DIRECT_PAYMENT, $msg);
+				if (!isset($_GET['mid'])) LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_ADDED);
 			}
 
 			// Maybe there's another ref?
-			if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref"))
-			{
+			if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref")) {
 				// Then let's credit him here...
 				ADD_POINTS_REFSYSTEM($ref, $points, $send_notify, $ref, $locked);
 			}
@@ -1190,10 +1189,9 @@ function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht)
 		// Is administrator
 		$ADMIN = 'Y';
 	}
-	if (!empty($_SESSION['refid']))
-	{
+	if (isSessionVariableSet('refid')) {
 		// Check cookie
-		if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid'];
+		if (get_session('refid') > 0) $rid = $GLOBALS['refid'];
 	}
 
 	// Now Read data
@@ -1507,10 +1505,8 @@ function SUB_JACKPOT($points)
 	}
 }
 //
-function IS_DEMO()
-{
-	global $_SESSION;
-	return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo"));
+function IS_DEMO() {
+	return ((EXT_IS_ACTIVE("demo")) && (get_session('admin_login') == "demo"));
 }
 //
 function LOAD_CONFIG($no="0")
@@ -1526,8 +1522,10 @@ function LOAD_CONFIG($no="0")
 			$CFG_DUMMY[$key] = $value;
 		}
 
-		// Count cache hits
-		$CFG_DUMMY['cache_hits']++;
+		// Count cache hits if exists
+		if ((isset($CFG_DUMMY['cache_hits'])) && (EXT_IS_ACTIVE("cache"))) {
+			$CFG_DUMMY['cache_hits']++;
+		} // END - if
 	} else {
 		// Load config from DB
 		$result_config = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_config WHERE config=%d LIMIT 1",