X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmysql-manager.php;h=f87c4c4c0df7957d258fb59ebd10e657605dc89c;hb=7b8e99bea1bd896d7d984bb5a04fdbf974890a7c;hp=bbd581d8a03a6b3a09768c36d7eb2ab3690622d1;hpb=b5912168d72ae511eb623c3d92540c82d31b93c5;p=mailer.git diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index bbd581d8a0..f87c4c4c0d 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -32,30 +32,25 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } // -function ADD_MODULE_TITLE($mod) -{ - global $MODULES, $_CONFIG; +function ADD_MODULE_TITLE($mod) { + global $cacheArray, $_CONFIG; $name = ""; $result = false; - // Load title - if (!mxchange_installing) - { - if ((GET_EXT_VERSION("cache") >= "0.1.2") && (is_array($MODULES['module'])) && (isset($MODULES['module'][$mod]))) - { + + // Is the script installed? + if (isBooleanConstantAndTrue('mxchange_installed')) { + if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module'])) && (isset($cacheArray['modules']['module'][$mod]))) { // Load from cache - $name = $MODULES['title'][$mod]; + $name = $cacheArray['modules']['title'][$mod]; // Update cache hits $_CONFIG['cache_hits']++; - } - else - { + } else { // Load from database $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_mod_reg WHERE module='%s' LIMIT 1", array($mod), __FILE__, __LINE__); list($name) = SQL_FETCHROW($result); @@ -67,22 +62,21 @@ function ADD_MODULE_TITLE($mod) $name = trim($name); // Still no luck or empty title? - if (empty($name)) - { + if (empty($name)) { // No name found $name = LANG_UNKNOWN_MODULE." (".$mod.")"; - if (SQL_NUMROWS($result) == 0) - { + if (SQL_NUMROWS($result) == 0) { // Add module to database $dummy = CHECK_MODULE($mod); } } return $name; } + // Check validity of a given module name (no file extension) function CHECK_MODULE($mod) { // We need them now here... - global $MODULES, $_CONFIG, $CACHE; + global $cacheArray, $_CONFIG, $cacheInstance; // Filter module name (names with low chars and underlines are fine!) $mod = preg_replace("/[^a-z_]/", "", $mod); @@ -104,18 +98,18 @@ function CHECK_MODULE($mod) { $ret = "major"; // Check if script is installed if not return a "done" to prevent some errors - if ((!mxchange_installed) || (mxchange_installing) || (!admin_registered)) return "done"; + if ((!isBooleanConstantAndTrue('mxchange_installed')) || (isBooleanConstantAndTrue('mxchange_installing')) || (!isBooleanConstantAndTrue('admin_registered'))) return "done"; // Check if cache is latest version - $locked = 'Y'; $hidden = 'N'; $admin = 'N'; $mem = 'N'; $found = false; - if ((GET_EXT_VERSION("cache") >= "0.1.2") && (is_array($MODULES['module']))) { + $locked = "Y"; $hidden = "N"; $admin = "N"; $mem = "N"; $found = false; + if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module']))) { // Is the module cached? - if (isset($MODULES['locked'][$mod_chk])) { + if (isset($cacheArray['modules']['locked'][$mod_chk])) { // Check cache - $locked = $MODULES['locked'][$mod_chk]; - $hidden = $MODULES['hidden'][$mod_chk]; - $admin = $MODULES['admin_only'][$mod_chk]; - $mem = $MODULES['mem_only'][$mod_chk]; + $locked = $cacheArray['modules']['locked'][$mod_chk]; + $hidden = $cacheArray['modules']['hidden'][$mod_chk]; + $admin = $cacheArray['modules']['admin_only'][$mod_chk]; + $mem = $cacheArray['modules']['mem_only'][$mod_chk]; // Update cache hits $_CONFIG['cache_hits']++; @@ -138,16 +132,16 @@ function CHECK_MODULE($mod) { // Check returned values against current access permissions // // Admin access ----- Guest access ----- --- Guest or member? --- - if ((IS_ADMIN()) || (($locked == 'N') && ($admin == 'N') && (($mem == 'N') || (IS_LOGGED_IN())))) { + if ((IS_ADMIN()) || (($locked == "N") && ($admin == "N") && (($mem == "N") || (IS_LOGGED_IN())))) { // If you are admin you are welcome for everything! $ret = "done"; - } elseif ($locked == 'Y') { + } elseif ($locked == "Y") { // Module is locked $ret = "locked"; - } elseif (($mem == 'Y') && (!IS_LOGGED_IN())) { + } elseif (($mem == "Y") && (!IS_LOGGED_IN())) { // You have to login first! $ret = "mem_only"; - } elseif (($admin == 'Y') && (!IS_ADMIN())) { + } elseif (($admin == "Y") && (!IS_ADMIN())) { // Only the Admin is allowed to enter this module! $ret = "admin_only"; } @@ -178,8 +172,8 @@ function CHECK_MODULE($mod) { // Destroy cache here if (GET_EXT_VERSION("cache") >= "0.1.2") { - if ($CACHE->cache_file("mod_reg", true)) $CACHE->cache_destroy(); - unset($MODULES); + if ($cacheInstance->cache_file("mod_reg", true)) $cacheInstance->cache_destroy(); + unset($cacheArray['modules']); } // And reload data @@ -193,9 +187,9 @@ function CHECK_MODULE($mod) { // Return the value return $ret; } + // Add menu description pending on given file name (without path!) -function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) -{ +function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) { global $DEPTH, $_CONFIG; $LINK_ADD = ""; $OUT = ""; $AND = ""; // First we have to do some analysis... @@ -215,7 +209,7 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) $MOD_CHECK = $GLOBALS['module']; break; } - $AND = " AND what=''"; + $AND = " AND (what='' OR what IS NULL)"; } elseif (ereg("what-", $file)) { // This is an admin what file! $type = "what"; @@ -235,8 +229,8 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) } break; } - $DUMMY = substr($search, 0, -4); - $AND .= " AND action='".GET_ACTION($ACC_LVL, $DUMMY)."'"; + $dummy = substr($search, 0, -4); + $AND .= " AND action='".GET_ACTION($ACC_LVL, $dummy)."'"; } elseif (($ACC_LVL == "sponsor") || ($ACC_LVL == "engine")) { // Sponsor / engine menu $type = "what"; @@ -257,25 +251,30 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) if (!$return) $DEPTH++; $prefix = ""; } + $prefix .= " -> "; + if (ereg(".php", $search)) { $search = substr($search, 0, strpos($search, ".php")); } + $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1", array($ACC_LVL, $type, $search), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { list($ret) = SQL_FETCHROW($result); SQL_FREERESULT($result); if ($return) { // Return title return $ret; - } elseif (((GET_EXT_VERSION("sql_patches") >= "0.2.3") && ($_CONFIG['youre_here'] == 'Y')) || ((IS_ADMIN()) && ($MOD_CHECK == "admin"))) { + } elseif (((GET_EXT_VERSION("sql_patches") >= "0.2.3") && ($_CONFIG['youre_here'] == "Y")) || ((IS_ADMIN()) && ($MOD_CHECK == "admin"))) { // Output HTML code $OUT = $prefix."".$ret."\n"; //* DEBUG: */ echo __LINE__."*".$type."/".$GLOBALS['what']."*
\n"; if (($type == "what") || (($type == "action") && (!isset($_GET['what'])) && ($GLOBALS['what'] != "welcome"))) { //* DEBUG: */ echo __LINE__."+".$type."+
\n"; $OUT .= "
\n"; + $DEPTH="0"; } } } @@ -292,22 +291,28 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) // function ADD_MENU($MODE, $act, $wht) { global $_CONFIG; + + // Init some variables + $main_cnt = 0; + $AND = ""; + $main_action = ""; + $sub_what = ""; + if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID; - $main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = ""; - if (!IS_ADMIN()) - { + + // Non-admin shall not see all menus + if (!IS_ADMIN()) { $AND = "AND visible='Y' AND locked='N'"; } + // Load SQL data and add the menu to the output stream... - $result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort", + $result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE (what='' OR what IS NULL) ".$AND." ORDER BY sort", array($MODE), __FILE__, __LINE__); //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; - if (SQL_NUMROWS($result_main) > 0) - { + if (SQL_NUMROWS($result_main) > 0) { OUTPUT_HTML(""); // There are menus available, so we simply display them... :) - while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) - { + while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) { //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; // Load menu header template $BLOCK_MODE = false; $act = $main_action; @@ -316,11 +321,10 @@ function ADD_MENU($MODE, $act, $wht) { $result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort", array($MODE, $main_action), __FILE__, __LINE__); $ctl = SQL_NUMROWS($result_sub); - if ($ctl > 0) - { + if ($ctl > 0) { $cnt=0; - while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) - { + while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) { + // Init content $content = ""; // Full file name for checking menu @@ -339,7 +343,7 @@ function ADD_MENU($MODE, $act, $wht) { } // Menu title - $content .= $_CONFIG['middot'].$sub_title; + $content .= $_CONFIG['menu_blur_spacer'].$sub_title; if ($test) { $content .= ""; @@ -360,7 +364,7 @@ function ADD_MENU($MODE, $act, $wht) { } else { // This is a menu block... ;-) $BLOCK_MODE = true; - $INC_BLOCK = sprintf(PATH."inc/modules/%s/action-%s.php", $MODE, $main_action); + $INC_BLOCK = sprintf("%sinc/modules/%s/action-%s.php", PATH, $MODE, $main_action); if ((file_exists($INC_BLOCK)) && (is_readable($INC_BLOCK))) { // Load include file if ((!EXT_IS_ACTIVE($main_action)) || ($main_action == "online")) OUTPUT_HTML(" @@ -389,38 +393,37 @@ function ADD_MENU($MODE, $act, $wht) { // This patched function will reduce many SELECT queries for the specified or current admin login function IS_ADMIN($admin="") { - global $_SESSION, $ADMINS, $_CONFIG; + global $cacheArray, $_CONFIG; $ret = false; $passCookie = ""; $valPass = ""; //* DEBUG: */ echo __LINE__."ADMIN:".$admin."
"; // If admin login is not given take current from cookies... - if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5']))) - { - $admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5']; + if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) { + // Get admin login and password from session/cookies + $admin = SQL_ESCAPE(get_session('admin_login')); + $passCookie = SQL_ESCAPE(get_session('admin_md5')); } //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."
"; // Search in array for entry - if ((!empty($passCookie)) && (isset($ADMINS['password'][$admin])) && (!empty($admin))) - { + if ((!empty($passCookie)) && (isset($cacheArray['admins']['password'][$admin])) && (!empty($admin))) { // Count cache hits $_CONFIG['cache_hits']++; // Login data is valid or not? - $valPass = generatePassString($ADMINS['password'][$admin]); - } - elseif (!empty($admin)) - { + $valPass = generatePassString($cacheArray['admins']['password'][$admin]); + } elseif (!empty($admin)) { // Search for admin $result = SQL_QUERY_ESC("SELECT HIGH_PRIORITY password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin), __FILE__, __LINE__); // Is he admin? $passDB = ""; - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Admin login was found so let's load password from DB list($passDB) = SQL_FETCHROW($result); + + // Generate password hash $valPass = generatePassString($passDB); } @@ -428,11 +431,10 @@ function IS_ADMIN($admin="") SQL_FREERESULT($result); } - if (!empty($valPass)) - { + if (!empty($valPass)) { // Check if password is valid - //* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*
"; - $ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); + //* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*
\n"; + $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); } // Return result of comparision @@ -538,7 +540,7 @@ function WHAT_IS_VALID($act, $wht, $type="guest") // function IS_LOGGED_IN() { - global $_SESSION, $status, $LAST; + global $status, $LAST; if (!is_array($LAST)) $LAST = array(); $ret = false; @@ -546,10 +548,10 @@ function IS_LOGGED_IN() FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime')); // Are cookies set? - if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH'))) + if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH'))) { // Cookies are set with values, but are they valid? - $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -563,31 +565,21 @@ function IS_LOGGED_IN() if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; } // So did we now have valid data and an unlocked user? - //* DEBUG: */ echo $valPass."
".$_SESSION['u_hash']."
"; - if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash'])) - { + //* DEBUG: */ echo $valPass."
".get_session('u_hash')."
"; + if (($status == "CONFIRMED") && ($valPass == get_session('u_hash'))) { // Account is confirmed and all cookie data is valid so he is definely logged in! :-) $ret = true; - } - else - { + } else { // Maybe got locked etc. //* DEBUG: */ echo __LINE__."!!!
"; - set_session("userid", "", time() - 3600, COOKIE_PATH); - set_session("u_hash", "", time() - 3600, COOKIE_PATH); - set_session("lifetime", "", time() - 3600, COOKIE_PATH); + destroy_user_session(); // Remove array elements to prevent errors unset($GLOBALS['userid']); } - } - else - { + } else { // Cookie data is invalid! //* DEBUG: */ echo __LINE__."***
"; - set_session("userid", "", time() - 3600, COOKIE_PATH); - set_session("u_hash", "", time() - 3600, COOKIE_PATH); - set_session("lifetime", "", time() - 3600, COOKIE_PATH); // Remove array elements to prevent errors unset($GLOBALS['userid']); @@ -600,9 +592,7 @@ function IS_LOGGED_IN() { // Cookie data is invalid! //* DEBUG: */ echo __LINE__."///
"; - set_session("userid", "", time() - 3600, COOKIE_PATH); - set_session("u_hash", "", time() - 3600, COOKIE_PATH); - set_session("lifetime", "", time() - 3600, COOKIE_PATH); + destroy_user_session(); // Remove array elements to prevent errors unset($GLOBALS['userid']); @@ -615,22 +605,22 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { if (!is_array($LAST)) $LAST = array(); // Are the required cookies set? - if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) { + if ((!isset($GLOBALS['userid'])) || (!isSessionVariableSet('u_hash')) || (!isSessionVariableSet('lifetime'))) { // Nope, then return here to caller function return false; } else { // Secure user ID - $GLOBALS['userid'] = bigintval($_SESSION['userid']); + $GLOBALS['userid'] = bigintval(get_session('userid')); } // Extract last online time (life) and how long is auto-login valid (time) - $newl = time() + bigintval($_SESSION['lifetime']); + $newl = time() + bigintval(get_session('lifetime')); // Recheck if logged in if (!IS_LOGGED_IN()) return false; // Load last module and last online time - $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load last module and online time list($mod, $onl) = SQL_FETCHROW($result); @@ -639,7 +629,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { // Maybe first login time? if (empty($mod)) $mod = "login"; - if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) { + if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE(get_session('u_hash')), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) { // This will be displayed on welcome page! :-) if (empty($LAST['module'])) { $LAST['module'] = $mod; $LAST['online'] = $onl; @@ -649,16 +639,12 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { } // Update last module / online time - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__); } - } - else - { + } else { // Destroy session, we cannot update! - set_session("userid", "", time() - 3600, COOKIE_PATH); - set_session("u_hash", "", time() - 3600, COOKIE_PATH); - set_session("lifetime", "", time() - 3600, COOKIE_PATH); + destroy_user_session(); } } // @@ -684,7 +670,7 @@ function VALIDATE_MENU_ACTION ($MODE, $act, $wht, $UPDATE=false) else { // Admin login overview - $SQL = SQL_QUERY_ESC("SELECT id, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what=''".$ADD." ORDER BY action DESC LIMIT 1", + $SQL = SQL_QUERY_ESC("SELECT id, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND (what='' OR what IS NULL)".$ADD." ORDER BY action DESC LIMIT 1", array($MODE, $act), __FILE__, __LINE__, false); } @@ -729,20 +715,20 @@ function SEND_MODE_MAILS($mod, $modes) global $_CONFIG, $DATA; // Load hash - $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result_main) == 1) { // Load hash from database list($hashDB) = SQL_FETCHROW($result_main); // Extract salt from cookie - $salt = substr($_SESSION['u_hash'], 0, -40); + $salt = substr(get_session('u_hash'), 0, -40); // Now let's compare passwords $hash = generatePassString($hashDB); - if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) { + if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) { // Load user's data - $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND password='%s' LIMIT 1", array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load the data @@ -788,7 +774,7 @@ function SEND_MODE_MAILS($mod, $modes) // Load template $msg = LOAD_EMAIL_TEMPLATE("member_mydata_notify", $content, $GLOBALS['userid']); - if ($_CONFIG['admin_notify'] == 'Y') { + if ($_CONFIG['admin_notify'] == "Y") { // The admin needs to be notified about a profile change $msg_admin = "admin_mydata_notify"; $sub_adm = ADMIN_CHANGED_DATA; @@ -832,12 +818,8 @@ function SEND_MODE_MAILS($mod, $modes) if (empty($content)) { if ((!empty($sub_adm)) && (!empty($msg_admin))) { // Send admin mail - if (GET_EXT_VERSION("admins") >= "0.4.1") { - SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']); - } else { - SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid'])); - } - } elseif ($_CONFIG['admin_notify'] == 'Y') { + SEND_ADMIN_NOTIFICATION($sub_adm, $msg_admin, $content, $GLOBALS['userid']); + } elseif ($_CONFIG['admin_notify'] == "Y") { // Cannot send mails to admin! $content = CANNOT_SEND_ADMIN_MAILS; } else { @@ -924,46 +906,55 @@ function GET_ACTION ($MODE, &$wht) return $ret; } // -function GET_CATEGORY ($cid) -{ +function GET_CATEGORY ($cid) { + // Default is not found $ret = _CATEGORY_404; - $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1", array($cid), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + + // Lookup the category + $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1", + array(bigintval($cid)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Category found... :-) list($ret) = SQL_FETCHROW($result); - SQL_FREERESULT($result); - } + } // END - if + + // Free result + SQL_FREERESULT($result); + + // Return result return $ret; } // -function GET_PAYMENT ($pid, $full=false) -{ +function GET_PAYMENT ($pid, $full=false) { + // Default is not found $ret = _PAYMENT_404; - $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1", array($pid), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + + // Load payment data + $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1", + array(bigintval($pid)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Payment type found... :-) - if (!$full) - { + if (!$full) { // Return only title list($ret) = SQL_FETCHROW($result); - SQL_FREERESULT($result); - } - else - { + } else { // Return title and price list($t, $p) = SQL_FETCHROW($result); $ret = $t." / ".TRANSLATE_COMMA($p)." ".POINTS; } } + + // Free result + SQL_FREERESULT($result); + + // Return result return $ret; } // function GET_PAY_POINTS($pid, $lookFor="price") { $ret = "-1"; - $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1", array($lookFor, $pid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -988,7 +979,7 @@ function REMOVE_RECEIVER(&$ARRAY, $key, $uid, $pool_id, $stats_id="", $bonus=fal // Only when we got a real stats ID continue searching for the entry $type = "NORMAL"; $rowName = "stats_id"; if ($bonus) { $type = "BONUS"; $rowName = "bonus_id"; } - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%d AND link_type='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%s AND link_type='%s' LIMIT 1", array($rowName, $stats_id, bigintval($uid), $type), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { @@ -1044,7 +1035,7 @@ function GET_TOTAL_DATA($search, $tableName, $lookFor, $whereStatement="userid", * uid = Referral ID wich should receive... * points = ... xxx points * send_notify = shall I send the referral an email or not? - * refid = inc/modules/guest/what-confirm.php need this + * rid = inc/modules/guest/what-confirm.php need this * locked = Shall I pay it to normal (false) or locked (true) points ammount? * add_mode = Add points only to $uid or also refs? (WARNING! Changing "ref" to "direct" * will cause no referral will get points ever!!!) @@ -1054,73 +1045,81 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock global $DEPTH, $_CONFIG, $DATA, $link; // When $uid = 0 add points to jackpot - if ($uid == "0") - { + if ($uid == "0") { // Add points to jackpot ADD_JACKPOT($points); return; } // Count up referral depth - if (empty($DEPTH)) - { + if (empty($DEPTH)) { // Initialialize referral system $DEPTH = "0"; - } - else - { + } else { // Increase referral level $DEPTH++; } + // Percents and table + $percents = "percents"; if (isset($_CONFIG['db_percents'])) $percents = $_CONFIG['db_percents']; + $table = "refdepths"; if (isset($_CONFIG['db_table'])) $table = $_CONFIG['db_table']; + // Which points, locked or normal? $data = "points"; if ($locked) $data = "locked_points"; - $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); - if (SQL_NUMROWS($result_user) == 1) - { + //* DEBUG */ echo "+".SQL_NUMROWS($result_user).":".$points."+
\n"; + if (SQL_NUMROWS($result_user) == 1) { // This is the user and his ref list ($ref, $email) = SQL_FETCHROW($result_user); SQL_FREERESULT($result_user); - $result = SQL_QUERY_ESC("SELECT percents FROM "._MYSQL_PREFIX."_refdepths WHERE level='%s' LIMIT 1", - array(bigintval($DEPTH)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + + $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE level='%s' LIMIT 1", + array($percents, $table, bigintval($DEPTH)), __FILE__, __LINE__); + //* DEBUG */ echo "DEPTH:".$DEPTH."
\n"; + if (SQL_NUMROWS($result) == 1) { list($per) = SQL_FETCHROW($result); SQL_FREERESULT($result); $P = $points * $per / 100; + //* DEBUG */ echo "ADD:".$P."
\n"; // Update points... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=%s LIMIT 1", array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) - { + if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) { // First ref in this level! :-) - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%s, %s, %s)", array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__); } // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { + if (GET_EXT_VERSION("mediadata") >= "0.0.4") { // Update database MEDIA_UPDATE_ENTRY(array("total_points"), "add", $P); } // Points updated, maybe I shall send him an email? - if (($send_notify) && ($ref > 0) && (!$locked)) - { + if (($send_notify) && ($ref > 0) && (!$locked)) { // 0 1 2 3 $DATA = array($per, bigintval($DEPTH), $P, bigintval($ref)); $msg = LOAD_EMAIL_TEMPLATE("confirm-referral", "", bigintval($uid)); SEND_EMAIL($email, THANX_REFERRAL_ONE, $msg); + } elseif (($send_notify) && ($ref == 0) && (!$locked) && ($add_mode == "direct") && (!defined('__POINTS_VALUE'))) { + // Direct payment shall be notified about + define('__POINTS_VALUE', $P); + + // Load message + $msg = LOAD_EMAIL_TEMPLATE("add-points", REASON_DIRECT_PAYMENT, $uid); + + // And sent it away + SEND_EMAIL($email, SUBJECT_DIRECT_PAYMENT, $msg); + if (!isset($_GET['mid'])) LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_ADDED); } // Maybe there's another ref? - if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref")) - { + if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref")) { // Then let's credit him here... ADD_POINTS_REFSYSTEM($ref, $points, $send_notify, $ref, $locked); } @@ -1130,12 +1129,12 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock // function UPDATE_REF_COUNTER($uid) { - global $REF_LVL, $link, $CACHE; + global $REF_LVL, $link, $cacheInstance; // Make it sure referral level zero (member him-/herself) is at least selected if (empty($REF_LVL)) $REF_LVL = "0"; // Update counter - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%d AND level='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%s AND level='%s' LIMIT 1", array(bigintval($uid), $REF_LVL), __FILE__, __LINE__); // When no entry was updated then we have to create it here @@ -1147,7 +1146,7 @@ function UPDATE_REF_COUNTER($uid) } // Check for his referral - $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); list($ref) = SQL_FETCHROW($result); @@ -1163,7 +1162,7 @@ function UPDATE_REF_COUNTER($uid) elseif ((($ref == $uid) || ($ref == 0)) && (GET_EXT_VERSION("cache") >= "0.1.2")) { // Remove cache here - if ($CACHE->cache_file("refsystem", true)) $CACHE->cache_destroy(); + if ($cacheInstance->cache_file("refsystem", true)) $cacheInstance->cache_destroy(); } } // @@ -1174,7 +1173,7 @@ function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht) if (!EXT_IS_ACTIVE("online", true)) return; // Initialize variables - $uid = "0"; $rid = "0"; $MEM = 'N'; $ADMIN = 'N'; + $uid = "0"; $rid = "0"; $MEM = "N"; $ADMIN = "N"; if (!empty($GLOBALS['userid'])) { // Update member status only when userid is valid @@ -1182,18 +1181,17 @@ function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht) { // Is valid user $uid = $GLOBALS['userid']; - $MEM = 'Y'; + $MEM = "Y"; } } if (IS_ADMIN()) { // Is administrator - $ADMIN = 'Y'; + $ADMIN = "Y"; } - if (!empty($_SESSION['refid'])) - { + if (isSessionVariableSet('refid')) { // Check cookie - if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid']; + if (get_session('refid') > 0) $rid = $GLOBALS['refid']; } // Now Read data @@ -1208,8 +1206,8 @@ WHERE sid='%s' LIMIT 1", module='%s', action='%s', what='%s', -userid=%d, -refid=%d, +userid=%s, +refid=%s, is_member='%s', is_admin='%s', timestamp=UNIX_TIMESTAMP() @@ -1228,14 +1226,13 @@ WHERE sid='%s' LIMIT 1", else { // No entry does exists so we simply add it! - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s', '%s', '%s', %d, %d, '%s', '%s', UNIX_TIMESTAMP(), '%s', '%s')", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s', '%s', '%s', %s, %s, '%s', '%s', UNIX_TIMESTAMP(), '%s', '%s')", array($mod, $act, $wht, bigintval($uid), bigintval($rid), $MEM, $ADMIN, $SID, getenv('REMOTE_ADDR')), __FILE__, __LINE__); } // Purge old entries - $TIMEOUT = time() - $_CONFIG['online_timeout']; - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= %d", - array($TIMEOUT), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= (UNIX_TIMESTAMP() - %s)", + array($_CONFIG['online_timeout']), __FILE__, __LINE__); } // OBSULETE: Sends out mail to all administrators function SEND_ADMIN_EMAILS($subj, $msg) @@ -1251,12 +1248,12 @@ function SEND_ADMIN_EMAILS($subj, $msg) // Get ID number from administrator's login name function GET_ADMIN_ID($login) { - global $ADMINS; + global $cacheArray; $ret = "-1"; - if (!empty($ADMINS['aid'][$login])) + if (!empty($cacheArray['admins']['aid'][$login])) { // Check cache - $ret = $ADMINS['aid'][$login]; + $ret = $cacheArray['admins']['aid'][$login]; if (empty($ret)) $ret = "-1"; } else @@ -1276,12 +1273,12 @@ function GET_ADMIN_ID($login) // Get password hash from administrator's login name function GET_ADMIN_HASH($login) { - global $ADMINS; + global $cacheArray; $ret = "-1"; - if (!empty($ADMINS['password'][$login])) + if (!empty($cacheArray['admins']['password'][$login])) { // Check cache - $ret = $ADMINS['password'][$login]; + $ret = $cacheArray['admins']['password'][$login]; if (empty($ret)) $ret = "-1"; } else @@ -1298,23 +1295,18 @@ function GET_ADMIN_HASH($login) return $ret; } // -function GET_ADMIN_LOGIN($aid) -{ - global $ADMINS; +function GET_ADMIN_LOGIN($aid) { + global $cacheArray; $ret = "***"; - if (!empty($ADMINS['login']['aid'])) - { + if (!empty($cacheArray['admins']['login']['aid'])) { // Check cache - if (!empty($ADMINS['login'][$aid])) $ret = $ADMINS['login'][$aid]; + if (!empty($cacheArray['admins']['login'][$aid])) $ret = $cacheArray['admins']['login'][$aid]; if (empty($ret)) $ret = "***"; - } - else - { + } else { // Load from database - $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array(bigintval($aid)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Fetch data list($ret) = SQL_FETCHROW($result); } @@ -1325,25 +1317,19 @@ function GET_ADMIN_LOGIN($aid) return $ret; } // -function ADD_OPTION_LINES($table, $id, $name, $default="",$special="",$where="") -{ +function ADD_OPTION_LINES($table, $id, $name, $default="",$special="",$where="") { $ret = ""; - if ($table == "/ARRAY/") - { + if ($table == "/ARRAY/") { // Selection from array - if (is_array($id) && is_array($name) && sizeof($id) == sizeof($name)) - { + if (is_array($id) && is_array($name) && sizeof($id) == sizeof($name)) { // Both are arrays - foreach ($id as $idx=>$value) - { + foreach ($id as $idx=>$value) { $ret .= "\n"; } } + // Return - hopefully - the requested data return $ret; } @@ -1388,7 +1371,7 @@ function activateExchange() { $SQLs = array( "UPDATE "._MYSQL_PREFIX."_mod_reg SET locked='N', hidden='N', mem_only='Y' WHERE module='order' LIMIT 1", "UPDATE "._MYSQL_PREFIX."_member_menu SET visible='Y', locked='N' WHERE what='order' OR what='unconfirmed' LIMIT 2", - "UPDATE "._MYSQL_PREFIX."_config SET activate_xchange='0' WHERE config='0' LIMIT 1" + "UPDATE "._MYSQL_PREFIX."_config SET activate_xchange='0' WHERE config=0 LIMIT 1" ); // Run SQLs @@ -1408,7 +1391,7 @@ function DELETE_USER_ACCOUNT($uid, $reason) FROM "._MYSQL_PREFIX."_user_points AS p LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON p.userid=d.userid -WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__); +WHERE p.userid=%s", array(bigintval($uid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Save his points to add them to the jackpot @@ -1416,7 +1399,7 @@ WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__); SQL_FREERESULT($result); // Delete points entries as well - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d", array(bigintval($uid)), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well if (GET_EXT_VERSION("mediadata") >= "0.0.4") @@ -1430,13 +1413,13 @@ WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__); } // Delete category selections as well... - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); // Remove from rallye if found if (EXT_IS_ACTIVE("rallye")) { - $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%d", + $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); } @@ -1445,7 +1428,7 @@ WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__); SEND_EMAIL($uid, ADMIN_DEL_ACCOUNT, $msg); // Ok, delete the account! - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); } // function META_DESCRIPTION($mod, $wht) @@ -1508,44 +1491,46 @@ function SUB_JACKPOT($points) } } // -function IS_DEMO() -{ - global $_SESSION; - return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo")); +function IS_DEMO() { + return ((EXT_IS_ACTIVE("demo")) && (get_session('admin_login') == "demo")); } // -function LOAD_CONFIG($no="0") -{ - global $CFG_CACHE, $_CONFIG; - $CFG_DUMMY = false; +function LOAD_CONFIG($no="0") { + global $cacheArray; + $CFG_DUMMY = array(); + // Check for cache extension, cache-array and if the requested configuration is in cache - if ((is_array($CFG_CACHE)) && (isset($CFG_CACHE['config'][$no]))) - { + if ((is_array($cacheArray)) && (isset($cacheArray['config'][$no])) && (is_array($cacheArray['config'][$no]))) { // Load config from cache - $CFG_DUMMY = array(); - foreach ($CFG_CACHE as $element=>$cfgs) - { - $CFG_DUMMY[$element] = $cfgs[$no]; - } - - // Count cache hits - $_CONFIG['cache_hits']++; - } - else - { + //* DEBUG: */ echo gettype($cacheArray['config'][$no])."
\n"; + foreach ($cacheArray['config'][$no] as $key=>$value) { + $CFG_DUMMY[$key] = $value; + } // END - foreach + + // Count cache hits if exists + if ((isset($CFG_DUMMY['cache_hits'])) && (EXT_IS_ACTIVE("cache"))) { + $CFG_DUMMY['cache_hits']++; + } // END - if + } else { // Load config from DB - $result_config = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_config WHERE config='%d' LIMIT 1", - array(bigintval($no)), __FILE__, __LINE__); + $result_config = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_config WHERE config=%d LIMIT 1", + array(bigintval($no)), __FILE__, __LINE__); + + // Get config from database $CFG_DUMMY = SQL_FETCHARRAY($result_config); + + // Free result SQL_FREERESULT($result_config); + + // Remember this config in the array + $cacheArray['config'][$no] = $CFG_DUMMY; } // Return config array return $CFG_DUMMY; } // Gets the matching what name from module -function GET_WHAT($MOD_CHECK) -{ +function GET_WHAT($MOD_CHECK) { $wht = ""; //* DEBUG: */ echo __LINE__."!".$MOD_CHECK."!
\n"; switch ($MOD_CHECK) @@ -1570,22 +1555,22 @@ function GET_WHAT($MOD_CHECK) // function MODULE_HAS_MENU($mod) { - global $EXTENSIONS, $MODULES, $_CONFIG; + global $cacheArray, $_CONFIG; // All is false by default $ret = false; if (GET_EXT_VERSION("cache") >= "0.1.2") { - if (isset($MODULES['has_menu'][$mod])) + if (isset($cacheArray['modules']['has_menu'][$mod])) { // Check module cache and count hit - if ($MODULES['has_menu'][$mod] == 'Y') $ret = true; + if ($cacheArray['modules']['has_menu'][$mod] == "Y") $ret = true; $_CONFIG['cache_hits']++; } - elseif (isset($EXTENSIONS['ext_menu'][$mod])) + elseif (isset($cacheArray['extensions']['ext_menu'][$mod])) { // Check cache and count hit - if ($EXTENSIONS['ext_menu'][$mod] == 'Y') $ret = true; + if ($cacheArray['extensions']['ext_menu'][$mod] == "Y") $ret = true; $_CONFIG['cache_hits']++; } } @@ -1597,7 +1582,7 @@ function MODULE_HAS_MENU($mod) if (SQL_NUMROWS($result) == 1) { list($has_menu) = SQL_FETCHROW($result); - if ($has_menu == 'Y') $ret = true; + if ($has_menu == "Y") $ret = true; } // Free memory @@ -1610,6 +1595,18 @@ function MODULE_HAS_MENU($mod) // Return status return $ret; } +// Subtract points from database and mediadata cache +function SUB_POINTS ($uid, $points) { + // Add points to used points + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%s LIMIT 1", + array($points, bigintval($uid)), __FILE__, __LINE__); + + // Update mediadata as well + if (GET_EXT_VERSION("mediadata") >= "0.0.4") { + // Update database + MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points); + } // END - if +} // ?>