X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mailid.php;h=bc7848c2d88bd098ff7391c15e964791e8e00273;hb=89ac5d0f12aa675a380a93bb165ec43bbc9d1461;hp=1c4762dab2a2906ee91ebfb2d81a48fb135be41d;hpb=7e17864b7d07fb5123b1b1d68f83db28ea5394ef;p=mailer.git diff --git a/mailid.php b/mailid.php index 1c4762dab2..bc7848c2d8 100644 --- a/mailid.php +++ b/mailid.php @@ -58,31 +58,33 @@ setContentType('text/html'); redirectOnUninstalledExtension('mailid'); // Init -$url_userid = '0'; -$url_bid = '0'; -$url_mid = '0'; +$userId = '0'; +$bonusId = '0'; +$mailId = '0'; // Secure all data -if (isGetRequestParameterSet('userid')) $url_userid = bigintval(getRequestParameter('userid')); -if (isGetRequestParameterSet('mailid')) $url_mid = bigintval(getRequestParameter('mailid')); -if (isGetRequestParameterSet('bonusid')) $url_bid = bigintval(getRequestParameter('bonusid')); +if (isGetRequestParameterSet('userid')) $userId = bigintval(getRequestParameter('userid')); +if (isGetRequestParameterSet('mailid')) $mailId = bigintval(getRequestParameter('mailid')); +if (isGetRequestParameterSet('bonusid')) $bonusId = bigintval(getRequestParameter('bonusid')); // 01 1 12 2 2 21 1 2210 -if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (!ifFatalErrorsDetected())) { +if ((isValidUserId($userId)) && (($mailId > 0) || ($bonusId > 0)) && (!ifFatalErrorsDetected())) { // Init result $result_link = false; // Maybe he wants to confirm an email? - if ($url_mid > 0) { + if ($mailId > 0) { // Normal-Mails $result_link = SQL_QUERY_ESC("SELECT `link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `stats_id`=%s AND `userid`=%s LIMIT 1", - array($url_mid, $url_userid), __FILE__, __LINE__); - $type = 'mailid'; $urlId = $url_mid; - } elseif ($url_bid > 0) { + array($mailId, $userId), __FILE__, __LINE__); + $type = 'mailid'; + $urlId = $mailId; + } elseif ($bonusId > 0) { // Bonus-Mail $result_link = SQL_QUERY_ESC("SELECT `link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `bonus_id`=%s AND `userid`=%s LIMIT 1", - array($url_bid, $url_userid), __FILE__, __LINE__); - $type = 'bonusid'; $urlId = $url_bid; + array($bonusId, $userId), __FILE__, __LINE__); + $type = 'bonusid'; + $urlId = $bonusId; } else { // Problem: No id entered redirectToUrl('modules.php?module=index'); @@ -97,7 +99,7 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (!ifFatalErrorsDe case 'NORMAL': // Is the stats id valid? $result = SQL_QUERY_ESC("SELECT `pool_id`, `url`, `subject` FROM `{?_MYSQL_PREFIX?}_user_stats` WHERE `id`=%s LIMIT 1", - array($url_mid), __FILE__, __LINE__); + array($mailId), __FILE__, __LINE__); break; case 'BONUS': @@ -106,7 +108,7 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (!ifFatalErrorsDe // Bonus-Mails $result = SQL_QUERY_ESC("SELECT id, url, subject FROM `{?_MYSQL_PREFIX?}_bonus` WHERE `id`=%s LIMIT 1", - array($url_bid), __FILE__, __LINE__); + array($bonusId), __FILE__, __LINE__); break; default: // Invalid mail type @@ -125,13 +127,13 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (!ifFatalErrorsDe setExtraTitle($title); // Is the user's id unlocked? - if (fetchUserData($url_userid)) { + if (fetchUserData($userId)) { // Status must be CONFIRMED if (getUserData('status') == 'CONFIRMED') { // Update last activity if not admin if (!isAdmin()) { // Is not admin, so update last activity - updateLastActivity($url_userid); + updateLastActivity($userId); } // END - if // User has confirmed his account so we can procede... @@ -153,7 +155,7 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (!ifFatalErrorsDe case 'BONUS': $result = SQL_QUERY_ESC("SELECT `points`, `time` FROM `{?_MYSQL_PREFIX?}_bonus` WHERE `id`=%s LIMIT 1", - array($url_bid), __FILE__, __LINE__); + array($bonusId), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { list($points, $time) = SQL_FETCHROW($result); $payment = '0.00000'; @@ -175,11 +177,15 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (!ifFatalErrorsDe // Was that mail a valid one? if ($isValid === true) { // If time is zero seconds we have a sponsor mail. 1 Second shall be set to avoid problems - if (($time == '0') && ($payment > 0)) { $URL = getConfig('URL'); $time = 1; } + if (($time == '0') && ($payment > 0)) { + $URL = getUrl(); + $time = 1; + } // END - if + if (($time > 0) && (($payment > 0) || ($points > 0))) { // Export data into constants for the template $content = array( - 'userid' => $url_userid, + 'userid' => $userId, 'type' => $type, 'data' => $urlId, 'url' => $URL