X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmysql-manager.php;h=f11a84bf7493969c8533f933f211cb52f77fbb37;hb=e7639f20342bea7665b00d22025b028408c005f1;hp=46154a41084d7508073acf6f18619de9225ccf75;hpb=feebd0199748544fe8c930b70e97452001a13f76;p=mailer.git

diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index 46154a4108..f11a84bf74 100644
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -32,19 +32,18 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
 
 //
-function ADD_MODULE_TITLE($mod)
-{
+function ADD_MODULE_TITLE($mod) {
 	global $cacheArray, $_CONFIG;
 	$name = ""; $result = false;
-	// Load title
-	if (!isBooleanConstantAndTrue('mxchange_installed')) {
+
+	// Is the script installed?
+	if (isBooleanConstantAndTrue('mxchange_installed')) {
 		if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module'])) && (isset($cacheArray['modules']['module'][$mod]))) {
 			// Load from cache
 			$name = $cacheArray['modules']['title'][$mod];
@@ -73,6 +72,7 @@ function ADD_MODULE_TITLE($mod)
 	}
 	return $name;
 }
+
 // Check validity of a given module name (no file extension)
 function CHECK_MODULE($mod) {
 	// We need them now here...
@@ -187,9 +187,9 @@ function CHECK_MODULE($mod) {
 	// Return the value
 	return $ret;
 }
+
 // Add menu description pending on given file name (without path!)
-function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
-{
+function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) {
 	global $DEPTH, $_CONFIG;
 	$LINK_ADD = ""; $OUT = ""; $AND = "";
 	// First we have to do some analysis...
@@ -251,12 +251,16 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
 		if (!$return) $DEPTH++;
 		$prefix = "";
 	}
+
 	$prefix .= " -> ";
+
 	if (ereg(".php", $search)) {
 		$search = substr($search, 0, strpos($search, ".php"));
 	}
+
 	$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1",
 	 array($ACC_LVL, $type, $search), __FILE__, __LINE__);
+
 	if (SQL_NUMROWS($result) == 1) {
 		list($ret) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
@@ -270,6 +274,7 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
 			if (($type == "what") || (($type == "action") && (!isset($_GET['what'])) && ($GLOBALS['what'] != "welcome"))) {
 				//* DEBUG: */ echo __LINE__."+".$type."+<br />\n";
 				$OUT .= "</DIV><br />\n";
+				$DEPTH="0";
 			}
 		}
 	}
@@ -286,22 +291,28 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
 //
 function ADD_MENU($MODE, $act, $wht) {
 	global $_CONFIG;
+
+	// Init some variables
+	$main_cnt = 0;
+	$AND = "";
+	$main_action = "";
+	$sub_what = "";
+
 	if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID;
-	$main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = "";
-	if (!IS_ADMIN())
-	{
+
+	// Non-admin shall not see all menus
+	if (!IS_ADMIN()) {
 		$AND = "AND visible='Y' AND locked='N'";
 	}
+
 	// Load SQL data and add the menu to the output stream...
 	$result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort",
 	 array($MODE), __FILE__, __LINE__);
 	//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
-	if (SQL_NUMROWS($result_main) > 0)
-	{
+	if (SQL_NUMROWS($result_main) > 0) {
 		OUTPUT_HTML("<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"".$MODE."_menu\">");
 		// There are menus available, so we simply display them... :)
-		while (list($main_title, $main_action) = SQL_FETCHROW($result_main))
-		{
+		while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) {
 			//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
 			// Load menu header template
 			$BLOCK_MODE = false; $act = $main_action;
@@ -310,11 +321,10 @@ function ADD_MENU($MODE, $act, $wht) {
 			$result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort",
 			 array($MODE, $main_action), __FILE__, __LINE__);
 			$ctl = SQL_NUMROWS($result_sub);
-			if ($ctl > 0)
-			{
+			if ($ctl > 0) {
 				$cnt=0;
-				while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub))
-				{
+				while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) {
+					// Init content
 					$content = "";
 
 					// Full file name for checking menu
@@ -389,7 +399,9 @@ function IS_ADMIN($admin="")
 
 	// If admin login is not given take current from cookies...
 	if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {
-		$admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5');
+		// Get admin login and password from session/cookies
+		$admin = SQL_ESCAPE(get_session('admin_login'));
+		$passCookie = SQL_ESCAPE(get_session('admin_md5'));
 	}
 	//* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 
@@ -410,6 +422,8 @@ function IS_ADMIN($admin="")
 		if (SQL_NUMROWS($result) == 1) {
 			// Admin login was found so let's load password from DB
 			list($passDB) = SQL_FETCHROW($result);
+
+			// Generate password hash
 			$valPass = generatePassString($passDB);
 		}
 
@@ -419,8 +433,8 @@ function IS_ADMIN($admin="")
 
 	if (!empty($valPass)) {
 		// Check if password is valid
-		//* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*<br>";
-		$ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
+		//* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*<br />\n";
+		$ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
 	}
 
 	// Return result of comparision
@@ -1035,21 +1049,17 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock
 	global $DEPTH, $_CONFIG, $DATA, $link;
 
 	// When $uid = 0 add points to jackpot
-	if ($uid == "0")
-	{
+	if ($uid == "0") {
 		// Add points to jackpot
 		ADD_JACKPOT($points);
 		return;
 	}
 
 	// Count up referral depth
-	if (empty($DEPTH))
-	{
+	if (empty($DEPTH)) {
 		// Initialialize referral system
 		$DEPTH = "0";
-	}
-	 else
-	{
+	} else {
 		// Increase referral level
 		$DEPTH++;
 	}
@@ -1059,49 +1069,57 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock
 
 	$result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
 	 array(bigintval($uid)), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result_user) == 1)
-	{
+	//* DEBUG */ echo "+".SQL_NUMROWS($result_user).":".$points."+<br />\n";
+	if (SQL_NUMROWS($result_user) == 1) {
 		// This is the user and his ref
 		list ($ref, $email) = SQL_FETCHROW($result_user);
 		SQL_FREERESULT($result_user);
+
 		$result = SQL_QUERY_ESC("SELECT percents FROM "._MYSQL_PREFIX."_refdepths WHERE level='%s' LIMIT 1",
 		 array(bigintval($DEPTH)), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1)
-		{
+		//* DEBUG */ echo "DEPTH:".$DEPTH."<br />\n";
+		if (SQL_NUMROWS($result) == 1) {
 			list($per) = SQL_FETCHROW($result);
 			SQL_FREERESULT($result);
 			$P = $points * $per / 100;
+			//* DEBUG */ echo "ADD:".$P."<br />\n";
 
 			// Update points...
 			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1",
 			 array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__);
-			if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0)
-			{
+			if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) {
 				// First ref in this level! :-)
 				$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)",
 				 array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__);
 			}
 
 			// Update mediadata as well
-			if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-			{
+			if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
 				// Update database
 				MEDIA_UPDATE_ENTRY(array("total_points"), "add", $P);
 			}
 
 			// Points updated, maybe I shall send him an email?
-			if (($send_notify) && ($ref > 0) && (!$locked))
-			{
+			if (($send_notify) && ($ref > 0) && (!$locked)) {
 				//              0                1      2              3
 				$DATA = array($per, bigintval($DEPTH), $P, bigintval($ref));
 				$msg = LOAD_EMAIL_TEMPLATE("confirm-referral", "", bigintval($uid));
 
 				SEND_EMAIL($email, THANX_REFERRAL_ONE, $msg);
+			} elseif (($send_notify) && ($ref == 0) && (!$locked) && ($add_mode == "direct") && (!defined('__POINTS_VALUE'))) {
+				// Direct payment shall be notified about
+				define('__POINTS_VALUE', $P);
+
+				// Load message
+				$msg = LOAD_EMAIL_TEMPLATE("add-points", REASON_DIRECT_PAYMENT, $uid);
+
+				// And sent it away
+				SEND_EMAIL($email, SUBJECT_DIRECT_PAYMENT, $msg);
+				if (!isset($_GET['mid'])) LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_ADDED);
 			}
 
 			// Maybe there's another ref?
-			if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref"))
-			{
+			if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref")) {
 				// Then let's credit him here...
 				ADD_POINTS_REFSYSTEM($ref, $points, $send_notify, $ref, $locked);
 			}