inc/modules/admin/what-maintenance.php -text
inc/modules/admin/what-mem_add.php -text
inc/modules/admin/what-memedit.php -text
-inc/modules/admin/what-newsletter.php -text
inc/modules/admin/what-optimize.php -text
inc/modules/admin/what-overview.php -text
inc/modules/admin/what-payments.php -text
inc/modules/admin/what-repair_mmnu.php -text
inc/modules/admin/what-send_bonus.php -text
inc/modules/admin/what-send_newsletter.php -text
-inc/modules/admin/what-stats.php -text
inc/modules/admin/what-stats_mods.php -text
inc/modules/admin/what-sub_points.php -text
inc/modules/admin/what-theme_check.php -text
/show_bonus.php -text
/sponsor_confirm.php -text
/sponsor_ref.php -text
+/surfbar.php -text
templates/.htaccess -text
templates/de/.htaccess -text
templates/de/emails/add-points.tpl -text
templates/de/html/admin/admin_config_admins_edit_row.tpl -text
templates/de/html/admin/admin_config_admins_row.tpl -text
templates/de/html/admin/admin_config_autopurge.tpl -text
-templates/de/html/admin/admin_config_autopurge_pro.tpl -text
templates/de/html/admin/admin_config_beg.tpl -text
-templates/de/html/admin/admin_config_beg_pro.tpl -text
templates/de/html/admin/admin_config_birthday.tpl -text
templates/de/html/admin/admin_config_bonus.tpl -text
-templates/de/html/admin/admin_config_bonus_pro.tpl -text
templates/de/html/admin/admin_config_cache.tpl -text
templates/de/html/admin/admin_config_cats.tpl -text
templates/de/html/admin/admin_config_cats_row.tpl -text
templates/de/html/admin/admin_config_doubler.tpl -text
-templates/de/html/admin/admin_config_doubler_pro.tpl -text
templates/de/html/admin/admin_config_email.tpl -text
templates/de/html/admin/admin_config_email_del.tpl -text
templates/de/html/admin/admin_config_email_del_row.tpl -text
templates/de/html/admin/admin_config_rallye_prices.tpl -text
templates/de/html/admin/admin_config_rallye_prices_row.tpl -text
templates/de/html/admin/admin_config_refid.tpl -text
-templates/de/html/admin/admin_config_reg.tpl -text
templates/de/html/admin/admin_config_reg_pro.tpl -text
templates/de/html/admin/admin_config_register.tpl -text
templates/de/html/admin/admin_config_register2.tpl -text
templates/de/html/admin/admin_config_title.tpl -text
templates/de/html/admin/admin_config_top10.tpl -text
templates/de/html/admin/admin_config_transfer.tpl -text
-templates/de/html/admin/admin_config_transfer_pro.tpl -text
templates/de/html/admin/admin_config_user.tpl -text
templates/de/html/admin/admin_config_wernis.tpl -text
templates/de/html/admin/admin_contct_user_form.tpl -text
templates/de/html/admin/admin_extensions_installed.tpl -text
templates/de/html/admin/admin_extensions_list.tpl -text
templates/de/html/admin/admin_extensions_row.tpl -text
-templates/de/html/admin/admin_extensions_search.tpl -text
templates/de/html/admin/admin_extensions_text.tpl -text
templates/de/html/admin/admin_footer.tpl -text
templates/de/html/admin/admin_gmenu_delete.tpl -text
templates/de/html/admin/admin_mmenu_status.tpl -text
templates/de/html/admin/admin_mods_edit.tpl -text
templates/de/html/admin/admin_mods_edit_row.tpl -text
-templates/de/html/admin/admin_mods_footer_edit.tpl -text
-templates/de/html/admin/admin_mods_footer_list.tpl -text
-templates/de/html/admin/admin_mods_footer_stats.tpl -text
-templates/de/html/admin/admin_mods_footer_stats2.tpl -text
-templates/de/html/admin/admin_mods_header_edit.tpl -text
-templates/de/html/admin/admin_mods_header_list.tpl -text
-templates/de/html/admin/admin_mods_header_stats.tpl -text
-templates/de/html/admin/admin_mods_header_stats2.tpl -text
templates/de/html/admin/admin_mods_list.tpl -text
templates/de/html/admin/admin_mods_list_row.tpl -text
templates/de/html/admin/admin_mods_stats.tpl -text
templates/de/html/admin/admin_send_bonus_select.tpl -text
templates/de/html/admin/admin_send_reset_link.tpl -text
templates/de/html/admin/admin_settings_saved.tpl -text
-templates/de/html/admin/admin_setup_stats.tpl -text
templates/de/html/admin/admin_sponsor_paytypes.tpl -text
templates/de/html/admin/admin_sub_points.tpl -text
templates/de/html/admin/admin_sub_points_all.tpl -text
templates/de/html/mailid/mailid_confirm_buttom.tpl -text
templates/de/html/mailid/mailid_enter_code.tpl -text
templates/de/html/mailid/mailid_frames.tpl -text
-templates/de/html/mailid/mailid_frameset.tpl -text
templates/de/html/mailid/mailid_points_done.tpl -text
templates/de/html/mailid/mailid_points_done2.tpl -text
templates/de/html/mailid/mailid_points_failed.tpl -text
templates/de/html/member/member_doubler_list.tpl -text
templates/de/html/member/member_doubler_list_rows.tpl -text
templates/de/html/member/member_footer.tpl -text
-templates/de/html/member/member_frameset-back.tpl -text
-templates/de/html/member/member_frameset-send.tpl -text
templates/de/html/member/member_goto_top.tpl -text
templates/de/html/member/member_header.tpl -text
templates/de/html/member/member_holiday_deactivate.tpl -text
templates/de/html/member/member_support_contacted.tpl -text
templates/de/html/member/member_support_contcted.tpl -text
templates/de/html/member/member_support_form.tpl -text
+templates/de/html/member/member_surfbar_link.tpl -text
+templates/de/html/member/member_surfbar_start_static.tpl -text
templates/de/html/member/member_themes.tpl -text
templates/de/html/member/member_transfer_list.tpl -text
templates/de/html/member/member_transfer_new.tpl -text
templates/de/html/sponsor/sponsor_settings_form.tpl -text
templates/de/html/sponsor/sponsor_welcome.tpl -text
templates/de/html/sponsor/sponsor_what.tpl -text
+templates/de/html/surfbar/.htaccess -text
+templates/de/html/surfbar/surfbar_frame_banner.tpl -text
+templates/de/html/surfbar/surfbar_frame_top.tpl -text
+templates/de/html/surfbar/surfbar_frameset.tpl -text
+templates/de/html/surfbar/surfbar_stopped.tpl -text
templates/de/html/theme_one.tpl -text
templates/de/html/theme_select_box.tpl -text
templates/de/html/theme_select_form.tpl -text
}
} else {
// Direct userid
- $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['uid'])), __FILE__, __LINE__);
}
if (($uid > 0) && ($_CONFIG['beg_uid'] != $uid)) {
// Update counter
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array($uid), __FILE__, __LINE__);
// Check for last entry for userid w/o IP number
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%d)) AND remote_ip='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%s)) AND remote_ip='%s' LIMIT 1",
array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
if ((SQL_NUMROWS($result) == 0) && ($points > 0) && (!$login)) {
// Free memory
// Is begging rallye active?
if ($_CONFIG['beg_rallye'] == "Y") {
// Add points to rallye account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1",
array($points, $uid), __FILE__, __LINE__);
} else {
// Add points to account
// Subtract begged points from member account if the admin has selected one
if ($_CONFIG['beg_uid'] > 0) {
// Subtract from this account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array($points, bigintval($_CONFIG['beg_uid'])), __FILE__, __LINE__);
-
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
- }
+ SUB_POINTS($_CONFIG['beg_uid'], $points);
}
// Set message
FROM "._MYSQL_PREFIX."_user_birthday AS b
INNER JOIN "._MYSQL_PREFIX."_user_data AS d
ON b.userid=d.userid
-WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
+WHERE b.userid=%s AND b.chk_value='%s' LIMIT 1",
array($uid, $chk), __FILE__, __LINE__);
//* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")<br />\n";
ADD_POINTS_REFSYSTEM($uid, $data['points'], false, "0", $locked, strtolower($_CONFIG['birthday_mode']));
// Remove entry from table
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d AND chk_value='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%s AND chk_value='%s' LIMIT 1",
array($uid, $chk), __FILE__, __LINE__);
// Update mediadata if version is 0.0.4 or newer
if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) {
// Update clicks counter...
$CLICK = 1;
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET clicks=clicks+1 WHERE id=%d LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS($link) == 1) {
if (!empty($_GET['user'])) {
LOAD_URL("ref.php?refid=".bigintval($_GET['user']));
else
{
// Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
}
else
{
// Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_POST['userid'])), __FILE__, __LINE__);
}
array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__);
// Subtract entered points
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array($_POST['points'], $uid), __FILE__, __LINE__);
-
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $_POST['points']);
- }
+ SUB_POINTS($uid, $_POST['points']);
// Add points to "total payed" including charge
$points = $_POST['points'] - $_POST['points'] * $_CONFIG['doubler_charge'];
while(list($mid, $sender, $pool, $price) = SQL_FETCHROW($result))
{
// Check if confirmation links are purged or not
- $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d LIMIT 1",
+ $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s LIMIT 1",
array(bigintval($mid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_links) == 1)
{
$uid = $sender; $points += $price; $admin_points += $price;
// Remove confirmation links from queue
- $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d",
+ $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s",
array(bigintval($mid)), __FILE__, __LINE__);
// Update status of order
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='DELETED' WHERE id=%d LIMIT 1",
+ $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='DELETED' WHERE id=%s LIMIT 1",
array(bigintval($pool)), __FILE__, __LINE__);
}
}
while (list($bid, $price) = SQL_FETCHROW($result))
{
// Check if confirmation links are purged or not
- $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d",
+ $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s",
array(bigintval($bid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_links) > 0)
{
SQL_FREERESULT($result_links);
// Remove confirmation links from queue
- $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d",
+ $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s",
array(bigintval($bid)), __FILE__, __LINE__);
// Update status of order
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='DELETED' WHERE id=%d LIMIT 1",
+ $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='DELETED' WHERE id=%s LIMIT 1",
array(bigintval($bid)), __FILE__, __LINE__);
}
}
SEND_EMAIL($email, AUTOPURGE_MEMBER_INACTIVE_SUBJECT, $msg);
// Update this account
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ap_notified=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+ $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ap_notified=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
}
while(list($sender) = SQL_FETCHROW($result_mails))
{
// Check now...
- $fount = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
+ $fount = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
if ($found == 0)
{
// Okay we found some mails!
- $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE sender=%d",
+ $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE sender=%s",
array(bigintval($sender)), __FILE__, __LINE__);
$DELETED += SQL_AFFECTEDROWS();
while(list($sender) = SQL_FETCHROW($result_mails))
{
// Check now...
- $found = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
+ $found = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
if ($found == 0)
{
// Okay we found some mails!
- $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE sender=%d", array(bigintval($sender)), __FILE__, __LINE__);
+ $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE sender=%s", array(bigintval($sender)), __FILE__, __LINE__);
$DELETED += SQL_AFFECTEDROWS();
// Reset query (to prevent possible errors) ...
// Debug output
//* DEBUG: */ print "Query=<pre>".$sql_string."</pre>, affected=<b>".SQL_AFFECTEDROWS()."</b>, numrows=<b>".SQL_NUMROWS($result)."</b><br />\n";
- if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (DEBUG_SQL)) {
+ if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (isBooleanConstantAndTrue('DEBUG_SQL'))) {
//
// Debugging stuff...
//
global $_CONFIG, $cacheInstance, $cacheArray;
if ((GET_EXT_VERSION("cache") >= "0.0.7") && (isset($_CONFIG['db_hits'])) && (isset($_CONFIG['cache_hits'])) && (is_object($cacheInstance))) {
// Update counter for db/cache
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%d, cache_hits=%d WHERE config=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%s, cache_hits=%s WHERE config=0 LIMIT 1",
array(bigintval($_CONFIG['db_hits']), bigintval($_CONFIG['cache_hits'])), __FILE__, __LINE__);
// Update cache here
return @mysql_insert_id();
}
// Escape a string for the database
-function SQL_ESCAPE($str) {
+function SQL_ESCAPE($str, $secureString = true) {
global $link;
+ // Secure string first? (which is the default behaviour!)
+ if ($secureString) {
+ // Then do it here
+ $str = secureString($str);
+ } // END - if
+
if (!is_resource($link)) {
// Fall-back to addslashes() when there is no link
return addslashes($str);
// SELECT query string from table, columns and so on... ;-)
function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id) {
// Prepare the SQL statement
- $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%d LIMIT 1";
+ $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%s LIMIT 1";
// Return the result
return SQL_QUERY_ESC($SQL, array(bigintval($id)), __FILE__, __LINE__);
if (_DB_TYPE == "_DB_TYPE") define('_DB_TYPE', "mysql3");
// Create include file name
-$INC = PATH."inc/db/lib-"._DB_TYPE.".php";
+$INC = sprintf("%sinc/db/lib-%s.php", PATH, _DB_TYPE);
if ((file_exists($INC)) && (is_readable($INC))) {
// Include abstraction layer
if ($DOUBLER_POINTS >= $points)
{
// Check for his ref points
- $result_ref = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_doubler WHERE refid=%d AND completed='N' AND is_ref='Y'",
+ $result_ref = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_doubler WHERE refid=%s AND completed='N' AND is_ref='Y'",
array(bigintval($uid)), __FILE__, __LINE__);
list($ref) = SQL_FETCHROW($result_ref);
{
// Referral points found so add them and set line(s) to completed='Y'
$points += $ref;
- $result_ref = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE refid=%d AND completed='N' AND is_ref='Y'",
+ $result_ref = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE refid=%s AND completed='N' AND is_ref='Y'",
array(bigintval($uid)), __FILE__, __LINE__);
}
else
if ($uid != $_CONFIG['doubler_uid'])
{
// Add points
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
array($points, bigintval($uid)), __FILE__, __LINE__);
// Update mediadata as well
}
// Set entry as "payed"
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
$OK = false;
if (($user > 0) && ($user >= $points) && (!$OK) && ($_CONFIG['doubler_uid'] > 0) && ($uid != $_CONFIG['doubler_uid']))
{
// Add points to used points
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid='%d' LIMIT 1",
- array($points, $_CONFIG['doubler_uid']), __FILE__, __LINE__);
-
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
- }
+ SUB_POINTS($_CONFIG['doubler_uid'], $points);
// Okay, done!
$OK = true;
array($ext_name, $EXT_LANG_PREFIX, $EXT_ALWAYS_ACTIVE, $EXT_VERSION), __FILE__, __LINE__);
// Update task management
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// In normal mode return a true on success
}
} elseif (($id > 0) && (!empty($ext_name))) {
// Remove task from system when id and extension's name is valid
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND status='NEW' LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND status='NEW' LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
// Removal mode?
if ($EXT_LOAD_MODE == "remove") {
// Delete this extension (remember to remove it from your server *before* you click on welcome!
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
} // END - if
else
{
// Load from database
- $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($ret) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
// Do we have a daily-reset-run?
- if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+ if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
{
// Yes, we have. So let's auto-purge some campaigns, inactive users and unconfirmed accounts
- $INC_POOL[] = PATH."inc/autopurge.php";
+ $INC_POOL[] = sprintf("%sinc/autopurge.php", PATH);
}
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
// Remove old entries
if ($_CONFIG['beg_uid_timeout'] > $OLD) $OLD = $_CONFIG['beg_uid_timeout'];
$result_ext = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_beg_ips WHERE timeout < ".(time() - $OLD - 60*60), __FILE__, __LINE__);
- if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+ if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
{
// Daily reset was run so let's check if begging rallye is active
if ($_CONFIG['beg_rallye'] == "Y")
{
// Check for our winers
- $INC_POOL[] = PATH."inc/monthly/monthly_beg.php";
+ $INC_POOL[] = sprintf("%sinc/monthly/monthly_beg.php", PATH);
}
else
{
// Reset begging points
- $INC_POOL[] = PATH."inc/reset/reset_beg.php";
+ $INC_POOL[] = sprintf("inc/reset/reset_beg.php", PATH);
}
}
if (($_CONFIG['beg_rallye'] == "Y") && ($_CONFIG['beg_new_mem_notify'] == "Y"))
{
// Include file for sending out mails
- $INC_POOL[] = PATH."inc/mails/beg_mails.php";
+ $INC_POOL[] = sprintf("%sinc/mails/beg_mails.php", PATH);
}
// Return code for the URL
$dummy = LOAD_CONFIG();
// Copy config to main array
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
// Save some RAM...
unset($dummy);
- if ((defined('__DAILY_RESET')) && ($_CONFIG['birthday_points'] > 0))
+ if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['birthday_points'] > 0))
{
// Daily reset was run and we shall pay points so we start checking for members who
// has a birthday for today
- $INC_POOL[] = PATH."inc/mails/birthday_mails.php";
+ $INC_POOL[] = sprintf("%sinc/mails/birthday_mails.php", PATH);
}
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
- if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+ if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
{
// Daily reset was run so let's check if active rallye is activated
if ($_CONFIG['bonus_active'] == "Y")
{
// Run active rallye
- if($_CONFIG['bonus_stats'] > 0) $INC_POOL[] = PATH."inc/stats_bonus.php";
- $INC_POOL[] = PATH."inc/monthly/monthly_bonus.php";
+ if($_CONFIG['bonus_stats'] > 0) $INC_POOL[] = sprintf("%sinc/stats_bonus.php", PATH);
+ $INC_POOL[] = sprintf("%sinc/monthly/monthly_bonus.php", PATH);
}
else
{
// Reset points
- $INC_POOL[] = PATH."inc/reset/reset_bonus.php";
+ $INC_POOL[] = sprintf("%sinc/reset/reset_bonus.php", PATH);
}
}
if (($_CONFIG['bonus_active'] == "Y") && ($_CONFIG['bonus_new_mem_notify'] == "Y"))
{
// Include file for sending out mails
- $INC_POOL[] = PATH."inc/mails/bonus_mails.php";
+ $INC_POOL[] = sprintf("%sinc/mails/bonus_mails.php", PATH);
}
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
// Create instance on class
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
- if ((defined('__DAILY_RESET')) && ($_CONFIG['doubler_send_mode'] == "RESET"))
- {
+ if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['doubler_send_mode'] == "RESET")) {
// So let's check for points
- $INC_POOL[] = PATH."inc/doubler_send.php";
+ $INC_POOL[] = sprintf("%sinc/doubler_send.php", PATH);
}
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
// Do we have a daily-reset-run?
- if (((defined('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET")) || ($_CONFIG['holiday_mode'] == "DIRECT"))
+ if (((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET")) || ($_CONFIG['holiday_mode'] == "DIRECT"))
{
// Ok, let's check for finished holidays and unlock those accounts
- $INC_POOL[] = PATH."inc/reset/reset_holiday.php";
+ $INC_POOL[] = sprintf("%sinc/reset/reset_holiday.php", PATH);
}
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
break;
}
if ((!$dry_run) && ($EXT_LOAD_MODE == "update") && ($EXT_VER == "0.0.4"))
{
// Add auto-check file
- $INC_POOL[] = PATH."inc/gen_mediadata.php";
+ $INC_POOL[] = sprintf("%sinc/gen_mediadata.php", PATH);
}
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
// URL ends which are used to indentify the end of an URL or email link
'2', '3', '4', '5', '6', '7', '8', '9'
);
- if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+ if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
{
// Daily reset was run so let's check out for expired newsletter orders
- $INC_POOL[] = PATH."inc/monthly/monthly_newsletter.php";
+ $INC_POOL[] = sprintf("%sinc/monthly/monthly_newsletter.php", PATH);
}
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
// Do daily reset only when installed and extension version is at least 0.1.1
- if ((defined('__DAILY_RESET')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (GET_EXT_VERSION("order") >= "0.1.1"))
+ if ((isBooleanConstantAndTrue('__DAILY_RESET')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (GET_EXT_VERSION("order") >= "0.1.1"))
{
// Reset mail order values
$result_ext = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET mail_orders=0 WHERE mail_orders > 0", __FILE__, __LINE__);
default: // Do stuff when extension is loaded
// Do we have a daily-reset-run?
- if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+ if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
{
// So let's check for profiles which needs an update
- $INC_POOL[] = PATH."inc/profile-updte.php";
+ $INC_POOL[] = sprintf("%sinc/profile-updte.php", PATH);
}
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
break;
}
if (GET_EXT_VERSION("sql_patches") != '') {
$_CONFIG['secret_key'] = "";
//die("<pre>".print_r($dummy, true)."</pre>");
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
// Read key from secret file
if ((empty($_CONFIG['file_hash'])) || (empty($_CONFIG['master_salt'])) || (empty($_CONFIG['pass_scramble']))) {
`id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
`userid` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0',
`url` VARCHAR(255) NOT NULL DEFAULT '',
+`last_salt` VARCHAR( 255 ) NOT NULL DEFAULT '',
`reward` DOUBLE(20,5) UNSIGNED NOT NULL DEFAULT '0.00000',
+`payment_id` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0',
`views_total` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0',
`status` ENUM('PENDING','CONFIRMED', 'LOCKED') NOT NULL DEFAULT 'CONFIRMED',
`registered` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`url_id` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0',
`last_surfed` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY(`id`),
-INDEX(`userid`),
-INDEX(`url_id`)
+INDEX (`userid`),
+INDEX (`url_id`),
) TYPE=MyISAM COMMENT='Surfbar reload locks'";
// Reload locks
$SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','unlock_surfbar_urls','Wartende URLs freigeben','Geben Sie hier nur direkt in der Surfbar gebuchte URLs frei.',2)";
$SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','list_surfbar_reflvl','Referal-Ebenen einstellen','Stellen Sie hier die prozentuale Vergütung für Refs ein. Es wird nur die Basisvergütung zur Rechengrundlage der Referalvergütung verwendet.',3)";
$SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','config_surfbar','Einstellungen','Einstellungen an der Surfbar ändern, wie Festvergütung, prozentuale Ref-Vergütung und vieles mehr.',4)";
+
+ // Load CSS?
+ $EXT_CSS = "Y";
break;
case "remove": // Do stuff when removing extension
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
break;
}
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
- if ((defined('__DAILY_RESET')) && ($_CONFIG['ap_transfer'] == "Y"))
+ if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['ap_transfer'] == "Y"))
{
// Automatically remove outdated or not displayed transactions
TRANSFER_AUTPPURGE($_CONFIG['transfer_max'], $_CONFIG['transfer_age']);
default: // Do stuff when extension is loaded
$dummy = LOAD_CONFIG();
- $_CONFIG = array_merge($_CONFIG, $dummy);
+ $_CONFIG = merge_array($_CONFIG, $dummy);
unset($dummy);
break;
}
DISPLAY_PARSING_TIME_FOOTER();
} // END - if
- // Load page footer
- LOAD_TEMPLATE("page_footer");
+ // Not in frameset mode?
+ if ((!isset($isFrameset)) || ($isFrameset === false)) {
+ // Load page footer
+ LOAD_TEMPLATE("page_footer");
+ } // END - if
// And the last closing HTML tag
OUTPUT_HTML("</HTML>");
if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = 0;
$REFID = $GLOBALS['refid'];
+ // DEPRECATED!!!
if ($template == "member_support_form") {
// Support request of a member
- $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($sex, $surname, $family) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$date_time = MAKE_DATETIME(time(), "1");
// Base directory
- $BASE = PATH."templates/".GET_LANGUAGE()."/html/";
+ $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE());
$MODE = "";
// Check for admin/guest/member templates
ADD_MESSAGE_TO_BOX($TO, $SUBJECT, $MSG, $HTML);
return;
} else {
- $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__);
+ $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__);
list($TO) = SQL_FETCHROW($result_email);
SQL_FREERESULT($result_email);
}
// get new instance
$mail = new PHPMailer();
- $mail->PluginDir = PATH."inc/phpmailer/";
+ $mail->PluginDir = sprintf("%sinc/phpmailer/", PATH);
$mail->IsSMTP();
$mail->SMTPAuth = true;
$EXPIRATION = round($_CONFIG['auto_purge']/60/60/24)." "._DAYS;
}
+ // DEPRECATED switch!
switch ($template)
{
case "bonus-mail": // Load data for the bonus mail
if ($UID > 0) {
if (EXT_IS_ACTIVE("nickname")) {
// Load nickname
- $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($UID)), __FILE__, __LINE__);
list($surname, $family, $sex, $email, $nick) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
} else {
// Load normal data
- $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($UID)), __FILE__, __LINE__);
list($surname, $family, $sex, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$DATA['email'] = $email;
// Base directory
- $BASE = PATH."templates/".GET_LANGUAGE()."/emails/";
+ $BASE = sprintf("%stemplates/%s/emails/", PATH, GET_LANGUAGE());
// Check for admin/guest/member templates
if (strpos($template, "admin_") > -1) {
if ((!@file_exists($file)) || (!is_readable($file))) {
// Reset to default template
$file = $BASE.$template.".tpl";
- }
+ } // END - if
// Now does the final template exists?
- if ((@file_exists($file)) && (is_readable($file)))
- {
+ if ((@file_exists($file)) && (is_readable($file))) {
// The local file does exists so we load it. :)
$tmpl_file = @implode("", @file($file));
$tmpl_file = addslashes($tmpl_file);
// Replace HTML confirm chars
$content = html_entity_decode($content);
- }
- elseif (!empty($template))
- {
+ } elseif (!empty($template)) {
// Template file not found!
$content = TEMPLATE_404.": ".$template."<br />
".TEMPLATE_CONTENT."
// Debug mode not active? Then remove the HTML tags
if (!DEBUG_MODE) $content = strip_tags($content);
- }
- else
- {
+ } else {
// No template name supplied!
$content = NO_TEMPLATE_SUPPLIED;
}
+
+ // Return compiled content
return COMPILE_CODE($content);
}
//
-function MAKE_TIME($H, $M, $S, $stamp)
-{
+function MAKE_TIME($H, $M, $S, $stamp) {
// Extract day, month and year from given timestamp
$DAY = date("d", $stamp);
$MONTH = date("m", $stamp);
return $return;
}
// Does only allow numbers
-function bigintval($num, $castValue = true)
-{
+function bigintval($num, $castValue = true) {
// Filter all numbers out
$ret = preg_replace("/[^0123456789]/", "", $num);
- // Cast the value?
- if ($castValue) $ret = (int) $ret;
-
// Return result
return $ret;
}
// Insert the code in $img_code into jpeg or PNG image
-function GENERATE_IMAGE($img_code, $header=true)
-{
+function GENERATE_IMAGE($img_code, $header=true) {
global $_CONFIG;
if ((strlen($img_code) > 6) || (empty($img_code)) || ($_CONFIG['code_length'] == 0))
{
{
case "jpg":
// Loads JPEG image
- $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.jpg";
- if ((file_exists($img)) && (is_readable($img)))
- {
+ $img = sprintf("%s/theme/%s/images/code_bg.jpg", PATH, GET_CURR_THEME());
+ if ((file_exists($img)) && (is_readable($img))) {
// Okay, load image and hide all errors
$image = @imagecreatefromjpeg($img);
- }
- else
- {
+ } else {
// Exit function here
return;
}
case "png":
// Loads PNG image
- $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.png";
- if ((file_exists($img)) && (is_readable($img)))
- {
+ $img = sprintf("%s/theme/%s/images/code_bg.png", PATH, GET_CURR_THEME());
+ if ((file_exists($img)) && (is_readable($img))) {
// Okay, load image and hide all errors
$image = @imagecreatefrompng($img);
- }
- else
- {
+ } else {
// Exit function here
return;
}
header ("Content-Type: image/".$_CONFIG['img_type']);
// Output image with matching image factory
- switch ($_CONFIG['img_type'])
- {
+ switch ($_CONFIG['img_type']) {
case "jpg": imagejpeg($image); break;
case "png": imagepng($image); break;
}
return $plainText;
} // END - if
+ // Do we miss an arry element here?
+ if (!isset($_CONFIG['file_hash'])) {
+ // Stop here
+ print(__FUNCTION__.":<pre>");
+ debug_print_backtrace();
+ die("</pre>");
+ } // END - if
+
// When the salt is empty build a new one, else use the first x configured characters as the salt
if ($salt == "") {
// Build server string
// Generate the password salt string
$salt = substr($sha1, 0, $_CONFIG['salt_length']);
//* DEBUG: */ echo $salt." (".strlen($salt).")<br />";
- }
- else
- {
+ } else {
+ // Use given salt
$salt = substr($salt, 0, $_CONFIG['salt_length']);
+ //* DEBUG: */ echo "GIVEN={$salt}<br />\n";
}
// Return hash
// Add all together and return it
return $URL.$ADD;
}
-//
+// Generate an PGP-like encrypted hash of given hash for e.g. cookies
function generatePassString($passHash) {
global $_CONFIG;
//* DEBUG: */ echo "*".$start."=".$mod."*<br>";
$start += 4;
$newHash .= $mod;
- }
+ } // END - for
- //* DEBUG: */ die($passHash."<br>".$newHash." (".strlen($newHash).")");
+ //* DEBUG: */ print($passHash."<br>".$newHash." (".strlen($newHash).")");
$ret = generateHash($newHash, $_CONFIG['master_salt']);
+ //* DEBUG: */ print($ret."<br />\n");
} else {
// Hash it simple
//* DEBUG: */ echo "--".$passHash."--<br />\n";
} elseif (!empty($value)) {
// Update session
$_SESSION[$var] = $value;
+ } else {
+ // Something bad happens!
+ return false; // Hope this doesn't make so much trouble???
}
// Return always true if the session variable is already set.
SEND_ADMIN_EMAILS($subject, $msg);
}
}
-
+// Destroy user session
+function destroy_user_session () {
+ // Remove all user data from session
+ return ((set_session("userid", "")) && (set_session("u_hash", "")) && (set_session("lifetime", "")));
+}
+// Merges an array together but only if both are arrays
+function merge_array ($array1, $array2) {
+ // Are both an array?
+ if ((is_array($array1)) && (is_array($array2))) {
+ // Merge all together
+ return array_merge($array1, $array2);
+ } elseif (is_array($array1)) {
+ // Return left array
+ return $array1;
+ }
+
+ // Something wired happened here...
+ print(__FUNCTION__.":<pre>");
+ debug_print_backtrace();
+ die("</pre>");
+}
//
//////////////////////////////////////////////////
// //
if (empty($_CONFIG['file_hash'])) {
// Create filename from hashed random string
$file_hash = generateHash(GEN_PASS(rand(128, 256)));
- $file = PATH."inc/.secret/.".$file_hash;
+ $file = sprintf("%sinc/.secret/.%s", PATH, $file_hash);
// File hash was never created
$fp = @fopen($file, 'w') or mxchange_die("Cannot write secret key file!");
} // END - if
// Load body or not
-if ((($GLOBALS['module'] != "frametester")) || (($header == "1") && ($GLOBALS['module'] == "frametester") && (!empty($_GET['frame']))) && ($CSS != "1")) {
+if (((!$isFrameset) && ($GLOBALS['module'] != "frametester")) || (($GLOBALS['module'] == "frametester") && (isset($_GET['frame']))) || (($header == "1") && ($isFrameset) && (!empty($_GET['frame']))) && ($CSS != "1")) {
// Is the header sent and the script is not the mail confirmation script and not a CSS?
if (($header == "1") && (basename($_SERVER['PHP_SELF']) != "mailid.php") && ($CSS != "1")) {
// Add BODY tag
if (!empty($act))
{
// Main menu
- $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' LIMIT 1",
array(bigintval($aid), $act), __FILE__, __LINE__);
} elseif (!empty($wht)) {
// Sub menu
- $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND what_menu='%s' LIMIT 1",
array(bigintval($aid), $wht), __FILE__, __LINE__);
}
email='%s',
default_acl='%s',
la_mode='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
array(
$login,
$POST['email'][$id],
login='%s'".$ADD.",
email='%s',
la_mode='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
array(
$login,
$POST['email'][$id],
$id = bigintval($id);
// Get the admin's data
- $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
if ((SQL_NUMROWS($result) == 1) && ($sel == 1)) {
// Entry found
$id = bigintval($id);
// Get the admin's data
- $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Entry found
array($id), __FILE__, __LINE__);
// Remove account
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
$cacheInstance_UPDATE = "1";
{
global $jackpot;
// Check if he has locked points or not
- $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
list($payout) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
else
{
// .. to user's account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
array($target, $target, $points, bigintval($uid)), __FILE__, __LINE__);
// Update mediadata as well
switch ($type)
{
case "bonusid":
- $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array($mid), __FILE__, __LINE__);
$bonus = $mid; $mail = "0";
break;
case "mailid" :
- $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
array($mid), __FILE__, __LINE__);
$bonus = "0"; $mail = $mid;
break;
}
// Add points to his account directly
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=turbo_bonus+".$points." WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=turbo_bonus+".$points." WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
// Rember this whole data for displaying ranking list
$ranks = sizeof(explode(";", $_CONFIG['bonus_rates'])) + 1;
// Load current user's data
- $result = SQL_QUERY_ESC("SELECT level, points, timemark FROM "._MYSQL_PREFIX."_bonus_turbo WHERE %s=%s AND userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT level, points, timemark FROM "._MYSQL_PREFIX."_bonus_turbo WHERE %s=%s AND userid=%s LIMIT 1",
array($type, $data, $uid), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ($TOTAL >= $points)
{
// Subtract points from userid's account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array(bigintval($points), bigintval($_CONFIG['bonus_uid'])), __FILE__, __LINE__);
-
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
- }
+ SUB_POINTS($_CONFIG['bonus_uid'], $points);
}
}
break;
if ($TOTAL >= $points)
{
// Subtract points from userid's account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array(bigintval($points), bigintval($_CONFIG['bonus_uid'])), __FILE__, __LINE__);
-
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
- }
+ SUB_POINTS($_CONFIG['bonus_uid'], $points);
}
else
{
//
function COUNTRY_GENERATE_INFO($ID)
{
- $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%s LIMIT 1",
array(bigintval($ID)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
while (list($uid, $start, $end, $comments) = SQL_FETCHROW($result_stop))
{
// Stop holiday
- $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays WHERE userid=%d LIMIT 1",
+ $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
// Unlock account
$result_del = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
SET holiday_active='N', holiday_activated='0'
-WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
// Prepare array
$content = array(
function NICKNAME_IS_ACTIVE($uidNick)
{
$ret = false;
- $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%d AND userid > 0) OR nickname='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%s AND userid > 0) OR nickname='%s' LIMIT 1",
array(bigintval($uidNick), $uidNick), __FILE__, __LINE__);
// Check existence of nickname
$ret = "";
// Search for non-empty nickname
- $result = SQL_QUERY_ESC("SELECT nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND nickname != '' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND nickname != '' LIMIT 1",
array(bigintval($userid)), __FILE__, __LINE__);
// Found?
if ($template == "member_support_form") {
// Support request of a member
- $ID = bigintval($GLOBALS['userid']);
- $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
list($sex, $surname, $family) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$salut = TRANSLATE_SEX($sex);
}
// Base directory
- $BASE = PATH."templates/".GET_LANGUAGE()."/html/";
+ $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE());
$MODE = "";
// Check for admin/guest/member templates
// Remove variable from memory
unset($file2);
- }
+ } // END - if
// Does the special template exists?
if ((!file_exists($file)) || (!is_readable($file))) {
// Reset to default template
- $file = PATH."templates/".GET_LANGUAGE()."/html/".$template.".tpl";
- }
+ $file = sprintf("%stemplates/%s/html/%s.tpl", PATH, GET_LANGUAGE(), $template);
+ } // END - if
// Now does the final template exists?
if ((file_exists($file)) && (is_readable($file))) {
SQL_FREERESULT($result);
// Set notified to Y
- $result_notified = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET notified='Y' WHERE id=%d LIMIT 1",
+ $result_notified = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET notified='Y' WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// Do a snapshot off all user refs
if (empty($cnt)) $cnt = "0"; // Added prevent some unknown troubles... :-?
// Check if line is already included...
- $result_ref = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d AND userid=%d LIMIT 1",
+ $result_ref = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s AND userid=%s LIMIT 1",
array(bigintval($id), bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_ref) == 0)
{
FROM "._MYSQL_PREFIX."_user_points AS p
LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
ON p.userid=d.userid
-WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d",
+WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%s",
array($_CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__);
list($cpoints) = SQL_FETCHROW($result_ref);
SQL_FREERESULT($result_ref);
$since = (time() - $_CONFIG['ap_in_since']);
// First check how many prices are set
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
array(bigintval($rallye)), __FILE__, __LINE__);
$prices = SQL_NUMROWS($result);
SQL_FREERESULT($result);
$result = SQL_QUERY_ESC("SELECT DISTINCT u.userid, u.refs, u.curr_points FROM "._MYSQL_PREFIX."_rallye_users AS u
LEFT JOIN "._MYSQL_PREFIX."_refsystem AS r
ON u.userid=r.userid
-WHERE u.rallye_id=%d AND r.counter > 0 ORDER BY u.refs DESC",
+WHERE u.rallye_id=%s AND r.counter > 0 ORDER BY u.refs DESC",
array(bigintval($rallye)), __FILE__, __LINE__);
// Load users
$result_ref = SQL_QUERY_ESC("SELECT DISTINCT p.points FROM "._MYSQL_PREFIX."_user_points AS p
LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
ON p.userid=d.userid
-WHERE d.userid=%d AND d.status='CONFIRMED' AND p.ref_depth=1 AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s
+WHERE d.userid=%s AND d.status='CONFIRMED' AND p.ref_depth=1 AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s
LIMIT 1", array(bigintval($uid), $_CONFIG['ref_payout'], $since), __FILE__, __LINE__);
list($refpoints) = SQL_FETCHROW($result_ref);
SQL_FREERESULT($result_ref);
SQL_FREERESULT($result);
// Check if line is already included...
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d AND userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s AND userid=%s LIMIT 1",
array(bigintval($id), bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
{
// active = 0: account is deleted or locked
$result = SQL_QUERY_ESC("SELECT COUNT(userid) AS active
FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d AND status='CONFIRMED' AND last_online >= %s
+WHERE userid=%s AND status='CONFIRMED' AND last_online >= %s
LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__);
list($active) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
// Expire rallye
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET expired='Y' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET expired='Y' WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// Run array through (by uid is the most important 2nd-level-array)
if ($DATA['points'] > 0)
{
// Add points directly to user's account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
array($DATA['points'], bigintval($uid)), __FILE__, __LINE__);
// Update mediadata as well
);
// Load prices
- $result = SQL_QUERY_ESC("SELECT price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+ $result = SQL_QUERY_ESC("SELECT price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
array(bigintval($rallye)), __FILE__, __LINE__);
while(list($level, $points, $info) = SQL_FETCHROW($result))
{
);
// Load users uid old points earned
- $result_user = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d ORDER BY userid",
+ $result_user = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s ORDER BY userid",
array(bigintval($rallye)), __FILE__, __LINE__);
while(list($uid, $refs, $cpoints) = SQL_FETCHROW($result_user))
{
FROM "._MYSQL_PREFIX."_user_points AS p
LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
ON p.userid=d.userid
-WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d",
+WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%s",
array($_CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__);
list($refpoints) = SQL_FETCHROW($result_ref);
SQL_FREERESULT($result_ref);
function RALLYE_LIST_WINNERS($rallye,$default=0)
{
// First check how many prices are set
- $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+ $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
array(bigintval($rallye)), __FILE__, __LINE__);
$prices = SQL_NUMROWS($result_prices);
SQL_FREERESULT($result_prices);
// Check status
// active = 1: account is still confirmed
// active = 0: account is deleted or locked
- $result_active = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result_active = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($DATA['uid'][$idx])), __FILE__, __LINE__);
list($active) = SQL_FETCHROW($result_active);
SQL_FREERESULT($result_active);
SEND_ADMIN_NOTIFICATION(RALLYE_ADMIN_PURGED.": ".$title, "admin_rallye_purged", "", 0);
// Purge whole rallye
- $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1",
+ $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
- $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d LIMIT 1",
+ $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
- $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d LIMIT 1",
+ $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
{
// Check templates directory
$OUT = ""; $ral = array();
- $BASE = PATH."templates/".GET_LANGUAGE()."/html";
+ $BASE = sprintf("%stemplates/%s/html", PATH, GET_LANGUAGE());
$dir = opendir($BASE);
while ($read = readdir($dir))
{
FROM "._MYSQL_PREFIX."_refsystem AS s
LEFT JOIN "._MYSQL_PREFIX."_refdepths AS d
ON s.level=d.level
-WHERE s.userid=%d AND s.level=0", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE s.userid=%s AND s.level=0", array(bigintval($uid)), __FILE__, __LINE__);
list($cnt) = SQL_FETCHROW($result_ref);
SQL_FREERESULT($result_ref);
if (empty($cnt))
function GENERATE_SPONSOR_CONTENT($what)
{
global $HTTP_POST_VARS, $_GET, $CONFIG;
- $FILE = PATH."inc/modules/sponsor/".$what.".php";
$OUT = "";
- if (@file_exists($FILE))
- {
+ $FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
+ if ((file_exists($FILE)) && (is_readable($FILE))) {
// Every sponsor action will output nothing directly. It will be written into $OUT!
require_once($FILE);
- }
- else
- {
+ } else {
// File not found!
$OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
}
}
// Admin has added an URL with given user id
-function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward) {
+function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward, $paymentId) {
// Is this really an admin?
if (!IS_ADMIN()) {
// Then leave here
} // END - if
// Register the new URL
- return SURFBAR_REGISTER_URL($url, $uid, $reward, "CONFIRMED", "unlock");
+ return SURFBAR_REGISTER_URL($url, $uid, $reward, $paymentId, "CONFIRMED", "unlock");
}
// Looks up by an URL
function SURFBAR_LOOKUP_BY_URL ($url) {
return $lastUrlData;
}
// Registers an URL with the surfbar. You should have called SURFBAR_LOOKUP_BY_URL() first!
-function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode="reg") {
+function SURFBAR_REGISTER_URL ($url, $uid, $reward, $paymentId, $status="PENDING", $addMode="reg") {
global $_CONFIG;
// Make sure by the user registered URLs are always pending
'frametester' => FRAMETESTER($url),
'uid' => $uid,
'reward' => $reward,
+ 'payment_id' => $paymentId,
'status' => $status
);
// Inserts an url by given data array and return the insert id
function SURFBAR_INSERT_URL_BY_ARRAY ($urlData) {
// Just run the insert query for now
- SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid, url, reward, status) VALUES(%s, '%s', %s, '%s')",
+ SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid, url, reward, payment_id, status) VALUES(%s, '%s', %s, %s, '%s')",
array(
bigintval($urlData['uid']),
- bigintval($urlData['url']),
+ $urlData['url'],
(float)$urlData['reward'],
+ bigintval($urlData['payment_id']),
$urlData['status']
), __FILE__, __LINE__
);
// Return result
return $statusTranslated;
}
+// Determine right template name
+function SURFBAR_DETERMINE_TEMPLATE_NAME() {
+ // Default is the frameset
+ $templateName = "surfbar_frameset";
+
+ // Any frame set? ;-)
+ if (isset($_GET['frame'])) {
+ // Use the frame as a template name part... ;-)
+ $templateName = sprintf("surfbar_frame_%s",
+ SQL_ESCAPE($_GET['frame'])
+ );
+ } // END - if
+
+ // Return result
+ return $templateName;
+}
+// Check if the "reload lock" of the current user is full
+function SURFBAR_CHECK_RELOAD_FULL() {
+ global $SURFBAR_DATA, $_CONFIG;
+
+ // Default is full!
+ $isFull = true;
+
+ // Do we have static or dynamic mode?
+ if ($_CONFIG['surfbar_pay_model'] == "STATIC") {
+ // Cache static reload lock
+ $SURFBAR_DATA['surf_lock'] = $_CONFIG['surfbar_static_lock'];
+
+ // Ask the database
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) AS cnt FROM "._MYSQL_PREFIX."_surfbar_locks
+WHERE userid=%s AND (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") < UNIX_TIMESTAMP(last_surfed)
+LIMIT 1",
+ array($GLOBALS['userid']), __FILE__, __LINE__
+ );
+
+ // Fetch row
+ list($SURFBAR_DATA['user_locks']) = SQL_FETCHROW($result);
+
+ // Is it null?
+ if (is_null($SURFBAR_DATA['user_locks'])) {
+ // Then fix it to zero!
+ $SURFBAR_DATA['user_locks'] = 0;
+ } // END - if
+
+ // Free result
+ SQL_FREERESULT($result);
+
+ // Get total URLs
+ $total = SURFBAR_GET_TOTAL_URLS();
+
+ // Do we have some URLs in lock? Admins can always surf on own URLs!
+ $isFull = (($SURFBAR_DATA['user_locks'] == $total) && ($total > 0));
+ } else {
+ // Dynamic model...
+ die("DYNAMIC not yet implemented!");
+ }
+
+ // Return result
+ return $isFull;
+}
+// Get total amount of URLs of given status for current user or of CONFIRMED URLs by default
+function SURFBAR_GET_TOTAL_URLS ($status="CONFIRMED") {
+ // Get amount from database
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) AS cnt
+FROM "._MYSQL_PREFIX."_surfbar_urls
+WHERE userid != %d AND status='%s'",
+ array($GLOBALS['userid'], $status), __FILE__, __LINE__
+ );
+
+ // Fetch row
+ list($cnt) = SQL_FETCHROW($result);
+
+ // Free result
+ SQL_FREERESULT($result);
+
+ // Return result
+ return $cnt;
+}
+// Generate a validation code for the given id number
+function SURFBAR_GENERATE_VALIDATION_CODE ($id, $salt="") {
+ global $_CONFIG, $SURFBAR_DATA;
+
+ // Generate a code until the length matches
+ $valCode = "";
+ while (strlen($valCode) != $_CONFIG['code_length']) {
+ // Is the salt set?
+ if (empty($salt)) {
+ // Generate random hashed string
+ $SURFBAR_DATA['salt'] = sha1(GEN_PASS(255));
+ } else {
+ // Use this as salt!
+ $SURFBAR_DATA['salt'] = $salt;
+ }
+ //* DEBUG: */ echo "*".$SURFBAR_DATA['salt']."*<br />\n";
+
+ // ... and now the validation code
+ $valCode = GEN_RANDOM_CODE($_CONFIG['code_length'], sha1(SURFBAR_GET_DATA('salt').":".$id), $GLOBALS['userid']);
+ //* DEBUG: */ echo "valCode={$valCode}<br />\n";
+ } // END - while
+
+ // Hash it with md5() and salt it with the random string
+ $hashedCode = generateHash(md5($valCode), SURFBAR_GET_DATA('salt'));
+
+ // Finally encrypt it PGP-like and return it
+ return generatePassString($hashedCode);
+}
+// Check validation code
+function SURFBAR_CHECK_VALIDATION_CODE ($id, $check, $salt) {
+ global $SURFBAR_DATA;
+
+ // Secure id number
+ $id = bigintval($id);
+
+ // Now generate the code again
+ $code = SURFBAR_GENERATE_VALIDATION_CODE($id, $salt);
+
+ // Return result of checking hashes and salts
+ //* DEBUG: */ echo "--- ".$code."<br />\n--- ".$check."<br />\n";
+ //* DEBUG: */ echo "+++ ".$salt."<br />\n+++ ".SURFBAR_GET_DATA('last_salt')."<br />\n";
+ return (($code == $check) && ($salt == SURFBAR_GET_DATA('last_salt')));
+}
+// Lockdown the userid/id combination (reload lock)
+function SURFBAR_LOCKDOWN_ID ($id) {
+ // Just add it to the database
+ SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_locks (userid, url_id) VALUES(%s, %s)",
+ array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__);
+}
+// Pay points to the user and remove it from the sender
+function SURFBAR_PAY_POINTS ($id) {
+ global $SURFBAR_DATA, $_CONFIG;
+
+ // Re-configure ref-system to surfbar levels
+ $_CONFIG['db_percents'] = "percent";
+ $_CONFIG['db_table'] = "surfbar_reflevels";
+
+ // Book it to the user
+ ADD_POINTS_REFSYSTEM($GLOBALS['userid'], $SURFBAR_DATA['reward']);
+
+ // Remove it from the URL owner
+ SUB_POINTS($SURFBAR_DATA['userid'], $SURFBAR_DATA['reward']);
+}
+// Update the salt for validation
+function SURFBAR_UPDATE_SALT() {
+ global $SURFBAR_DATA;
+
+ // Simply store the salt from cache away in database...
+ SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_surfbar_urls SET last_salt='%s', views_total=views_total+1 WHERE id=%s LIMIT 1",
+ array(SURFBAR_GET_DATA('salt'), SURFBAR_GET_DATA('id')), __FILE__, __LINE__);
+
+ // Return if the update was okay
+ return (SQL_AFFECTEDROWS() == 1);
+}
+// Determine next id for surfbar view, always call this before you call other
+// getters below this function!!!
+function SURFBAR_GET_NEXT_ID ($id = 0) {
+ global $SURFBAR_DATA, $_CONFIG;
+
+ // Default is no id!
+ $nextId = 0;
+
+ // Is the ID set?
+ if ($id == 0) {
+ // Set max random factor to total URLs minus 1
+ $maxRand = SURFBAR_GET_TOTAL_URLS() - 1;
+
+ // Generate random number
+ $randNum = mt_rand(0, $maxRand);
+
+ // And query the database
+ $result = SQL_QUERY_ESC("SELECT sb.id, sb.userid, sb.url, sb.last_salt, sb.reward, sb.views_total, p.time, UNIX_TIMESTAMP(l.last_surfed) AS last_surfed
+FROM "._MYSQL_PREFIX."_surfbar_urls AS sb
+LEFT JOIN "._MYSQL_PREFIX."_payments AS p
+ON sb.payment_id=p.id
+LEFT JOIN "._MYSQL_PREFIX."_surfbar_locks AS l
+ON sb.id=l.url_id
+WHERE sb.userid != %d AND sb.status='CONFIRMED' AND (l.last_surfed IS NULL OR (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") >= UNIX_TIMESTAMP(l.last_surfed))
+ORDER BY l.last_surfed DESC, sb.last_salt ASC, sb.id ASC
+LIMIT %d,1",
+ array($GLOBALS['userid'], $randNum), __FILE__, __LINE__
+ );
+ } else {
+ // Get data from specified id number
+ $result = SQL_QUERY_ESC("SELECT sb.id, sb.userid, sb.url, sb.last_salt, sb.reward, sb.views_total, p.time
+FROM "._MYSQL_PREFIX."_surfbar_urls AS sb
+LEFT JOIN "._MYSQL_PREFIX."_payments AS p
+ON sb.payment_id=p.id
+WHERE sb.userid != %s AND sb.status='CONFIRMED' AND sb.id=%s
+LIMIT 1",
+ array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__
+ );
+ }
+
+ // Is there an id number?
+ if (SQL_NUMROWS($result) == 1) {
+ // Load/cache data
+ //* DEBUG: */ echo "*".count($SURFBAR_DATA)."*<br />\n";
+ $SURFBAR_DATA = merge_array($SURFBAR_DATA, SQL_FETCHARRAY($result));
+ //* DEBUG: */ echo "*".count($SURFBAR_DATA)."*<br />\n";
+
+ // Is the time there?
+ if (is_null($SURFBAR_DATA['time'])) {
+ // Then repair it wit the static!
+ $SURFBAR_DATA['time'] = $_CONFIG['surfbar_static_time'];
+ } // END - if
+
+ // Fix missing last_surfed
+ if ((!isset($SURFBAR_DATA['last_surfed'])) || (is_null($SURFBAR_DATA['last_surfed']))) {
+ // Fix it here
+ $SURFBAR_DATA['last_surfed'] = "0";
+ } // END - if
+
+ // Are we in static mode?
+ if ($_CONFIG['surfbar_pay_model'] == "STATIC") {
+ // Then use static reward!
+ $SURFBAR_DATA['reward'] = $_CONFIG['surfbar_static_reward'];
+ } else {
+ // Calculate dynamic reward and add it
+ $SURFBAR_DATA['reward'] += SURFBAR_CALCULATE_DYNAMIC_REWARD_ADD();
+ }
+
+ // Now get the id
+ $nextId = SURFBAR_GET_DATA('id');
+ } // END - if
+
+ // Free result
+ SQL_FREERESULT($result);
+
+ // Return result
+ //* DEBUG: */ echo "nextId={$nextId}<br />\n";
+ return $nextId;
+}
+// ----------------------------------------------------------------------------
+// PLEASE DO NOT ADD ANY OTHER FUNCTIONS BELOW THIS LINE ELSE THEY "WRAP" THE
+// $SURFBAR_DATA ARRAY!
+// ----------------------------------------------------------------------------
+// Private getter for data elements
+function SURFBAR_GET_DATA ($element) {
+ global $SURFBAR_DATA;
+
+ // Default is null
+ $data = null;
+
+ // Is the entry there?
+ if (isset($SURFBAR_DATA[$element])) {
+ // Then take it
+ $data = $SURFBAR_DATA[$element];
+ } else { // END - if
+ print("<pre>");
+ print_r($SURFBAR_DATA);
+ debug_print_backtrace();
+ die("</pre>");
+ }
+
+ // Return result
+ return $data;
+}
+// Getter for reward from cache
+function SURFBAR_GET_REWARD () {
+ // Get data element and return its contents
+ return SURFBAR_GET_DATA('reward');
+}
+// Getter for URL from cache
+function SURFBAR_GET_URL () {
+ // Get data element and return its contents
+ return SURFBAR_GET_DATA('url');
+}
+// Getter for user reload locks
+function SURFBAR_GET_USER_RELOAD_LOCK () {
+ // Get data element and return its contents
+ return SURFBAR_GET_DATA('user_locks');
+}
+// Getter for reload time
+function SURFBAR_GET_RELOAD_TIME () {
+ // Get data element and return its contents
+ return SURFBAR_GET_DATA('time');
+}
//
?>
unset($cacheArray['modules']);
} else {
// Rewrite module cache
- $MOD = $cacheArray['modules'];
- foreach ($cacheArray['modules']['module'] as $key=>$mod) {
- $cacheArray['modules']['id'][$mod] = $cacheArray['modules']['id'][$key];
+ $modArray = $cacheArray['modules'];
+ foreach ($modArray['module'] as $key=>$mod) {
+ $cacheArray['modules']['id'][$mod] = $modArray['id'][$key];
unset($cacheArray['modules']['id'][$key]);
- $cacheArray['modules']['title'][$mod] = $cacheArray['modules']['title'][$key];
+ $cacheArray['modules']['title'][$mod] = $modArray['title'][$key];
unset($cacheArray['modules']['title'][$key]);
- $cacheArray['modules']['locked'][$mod] = $cacheArray['modules']['locked'][$key];
+ $cacheArray['modules']['locked'][$mod] = $modArray['locked'][$key];
unset($cacheArray['modules']['locked'][$key]);
- $cacheArray['modules']['hidden'][$mod] = $cacheArray['modules']['hidden'][$key];
+ $cacheArray['modules']['hidden'][$mod] = $modArray['hidden'][$key];
unset($cacheArray['modules']['hidden'][$key]);
- $cacheArray['modules']['admin_only'][$mod] = $cacheArray['modules']['admin_only'][$key];
+ $cacheArray['modules']['admin_only'][$mod] = $modArray['admin_only'][$key];
unset($cacheArray['modules']['admin_only'][$key]);
- $cacheArray['modules']['mem_only'][$mod] = $cacheArray['modules']['mem_only'][$key];
+ $cacheArray['modules']['mem_only'][$mod] = $modArray['mem_only'][$key];
unset($cacheArray['modules']['mem_only'][$key]);
if (isset($cacheArray['modules']['has_menu'][$key])) {
- $cacheArray['modules']['has_menu'][$mod] = $cacheArray['modules']['has_menu'][$key];
+ $cacheArray['modules']['has_menu'][$mod] = $modArray['has_menu'][$key];
unset($cacheArray['modules']['has_menu'][$key]);
} // END - if
}
+ unset($modArray);
}
} elseif (($_CONFIG['cache_modreg'] == "Y") && ($CSS != "1") && ($CSS != "-1")) {
// Create cache file here
// Overwrite the config with the cache version
$cacheArray['config'] = $newCache;
+ unset($newCache);
// When there is a period (.) in the result this test will fail and so the cache file is
// damaged/corrupted
{
// Update account
$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
-SET beg_ral_notify='%s', beg_ral_%s_notify='%s' WHERE userid=%d LIMIT 1",
+SET beg_ral_notify='%s', beg_ral_%s_notify='%s' WHERE userid=%s LIMIT 1",
array(time(), $MODE, time(), $uid), __FILE__, __LINE__);
// Load email template and send it to the user!
// Only confirmed members shall receive birthday mails...
$result_birthday = SQL_QUERY_ESC("SELECT userid, email, birth_year
FROM "._MYSQL_PREFIX."_user_data
-WHERE status='CONFIRMED' AND birth_day=%d AND birth_month=%d AND birthday_sent < ".(time() - (ONE_DAY*364)).$ADD."
+WHERE status='CONFIRMED' AND birth_day=%s AND birth_month=%s AND birthday_sent < ".(time() - (ONE_DAY*364)).$ADD."
ORDER BY userid",
array($DAY, $MONTH, $VALUE), __FILE__, __LINE__);
SEND_EMAIL($email, HAPPY_BIRTHDAY, $msg);
// Remember him that he has received a birthday mail
- $result_bd = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET birthday_sent=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+ $result_bd = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET birthday_sent=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
}
{
// Update account
$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
-SET bonus_ral_notify='%s', bonus_ral_%s_notify='%s' WHERE userid=%d LIMIT 1",
+SET bonus_ral_notify='%s', bonus_ral_%s_notify='%s' WHERE userid=%s LIMIT 1",
array(time(), $MODE, time(), $uid), __FILE__, __LINE__);
// Load email template and send it to the user!
// Load logout template
if (isset($_GET['register'])) {
// Secure input
- $register = secureString(SQL_ESCAPE($_GET['register']));
+ $register = SQL_ESCAPE($_GET['register']);
// Special logout redirect for installation of given extension
LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
} elseif (isset($_GET['remove'])) {
// Secure input
- $remove = secureString(SQL_ESCAPE($_GET['remove']));
+ $remove = SQL_ESCAPE($_GET['remove']);
// Special logout redirect for removal of given extension
LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
}
//
function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") {
+ // Open the requested menu directory
+ $handle = opendir(sprintf("%sinc/modules/%s/", PATH, $menu)) or mxchange_die("Cannot load menu ".$menu."!");
+
// Init the selection box
$OUT = "<SELECT name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <OPTION value=\"\">".IS_TOP_MENU."</OPTION>\n";
-
- // Open the requested menu directory
- $handle = opendir(PATH."inc/modules/".$menu."/") or mxchange_die("Cannot load menu ".$menu."!");
+ // Walk through all files
while ($file = readdir($handle)) {
// Is this a PHP script?
if (($file != ".") && ($file != "..") && ($file != "lost+found") && (strpos($file, "".$type."-") > -1) && (strpos($file, ".php") > 0)) {
// Then test if the file is readable
- $test = PATH."inc/modules/".$menu."/".$file;
- if (is_readable($test)) {
+ $test = sprintf("%sinc/modules/%s/%s", PATH, $menu, $file);
+ if ((is_file($test)) && (is_readable($test))) {
// Extract the value for what=xxx
$part = substr($file, (strlen($type) + 1)); $part = substr($part, 0, strpos($part, ".php"));
$OUT .= " <OPTION value=\"".$part."\"";
if ($part == $default) $OUT .= "selected";
$OUT .= ">".$part."</OPTION>\n";
- }
- }
- }
+ } // END - if
+ } // END - if
+ } // END - if
}
closedir($handle);
$OUT .= "</SELECT>\n";
// Should always be 1 ;-)
if ($selected == 1) {
// Determine new status
- $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1",
array($row, $table, $idRow, $id), __FILE__, __LINE__);
// Row found?
if ($currStatus == "Y") $newStatus='N'; else $newStatus = "Y";
// Change this status
- SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%d LIMIT 1",
+ SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%s LIMIT 1",
array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__);
// Count up affected rows
// Assign / do tasks
$OUT = ""; $SW = 2;
foreach ($_POST['task'] as $id=>$sel) {
- $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
+ $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result_task) == 1) {
// Task is valid...
if ($aid == "0") {
// Assgin current admin to unassgigned task
- $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%d LIMIT 1",
+ $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%s LIMIT 1",
array(GET_ADMIN_ID(get_session('admin_login')), bigintval($tid)), __FILE__, __LINE__);
}
}
if ($uid > 0) {
- $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_user) == 1)
{
// Close task but not already closes or deleted or update tasks
if (($status != "CLOSED") && ($status != "DELETED") && ($type != "EXTENSION_UPDATE"))
{
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
array(bigintval($tid)), __FILE__, __LINE__);
}
}
// Close task
if (($status != "CLOSED") && ($status != "DELETED")) {
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
array(bigintval($tid)), __FILE__, __LINE__);
}
break;
if (EXT_IS_ACTIVE("payout"))
{
// Extension is installed so let him send a notification to the user
- $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%d AND payout_timestamp=%d LIMIT 1",
+ $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%s AND payout_timestamp=%s LIMIT 1",
array(bigintval($uid), bigintval($created)), __FILE__, __LINE__);
list($pid) = SQL_FETCHROW($result_pay);
SQL_FREERESULT($result_pay);
if (EXT_IS_ACTIVE("wernis"))
{
// Extension is installed so let him send a notification to the user
- $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%d AND wernis_timestamp=%d LIMIT 1",
+ $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%s AND wernis_timestamp=%s LIMIT 1",
array(bigintval($uid), bigintval($created)), __FILE__, __LINE__);
list($pid) = SQL_FETCHROW($result_pay);
SQL_FREERESULT($result_pay);
break;
case "NL_UNSUBSCRIBE": // Newsletter unsubscriptions
- $result = SQL_QUERY_ESC("SELECT nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
list($span) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Unassign from tasks
foreach ($_POST['task'] as $id=>$sel)
{
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%s AND assigned_admin='%s' LIMIT 1",
array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
}
}
// Delete tasks
foreach ($_POST['task'] as $id=>$sel)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",
array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
}
}
while (list($uid) = SQL_FETCHROW($result_main))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
{
// Ok, add points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1",
array($_POST['points'], bigintval($uid)), __FILE__, __LINE__);
// Update mediadata as well
elseif (!empty($_GET['u_id']))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
{
// Ok, add points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1",
array($_POST['points'], bigintval($_GET['u_id'])), __FILE__, __LINE__);
// Remember points in constant
if ($confirm == 1)
{
$cnt++;
- $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ($confirm == 1)
{
$cnt++;
- $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
action='%s',
what='%s',
descr='%s'
-WHERE ".$AND." AND id=%d LIMIT 1",
+WHERE ".$AND." AND id=%s LIMIT 1",
array(
$menu,
$_POST['sel_action'][$sel],
case "del": // Delete menu
foreach ($_POST['sel'] as $sel=>$menu)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
if ((!empty($tid)) && (!empty($fid)))
{
// Sort menu
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
}
}
else
{
// Load admin's email address
- $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
array(bigintval($_GET['admin'])), __FILE__, __LINE__);
list($email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$aid = bigintval($aid);
// Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_mails SET admin_id=%d WHERE id=%d ORDER BY id LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_mails SET admin_id=%s WHERE id=%s ORDER BY id LIMIT 1",
array($aid, $id), __FILE__, __LINE__);
if (($aid < 1) && (!empty($_POST['template'][$id])))
foreach ($_POST['sel'] as $id=>$sel)
{
// Load data for the ID
- $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($aid, $act, $wht, $mode) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$id = bigintval($id);
// Update entries
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%d, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
}
foreach ($_POST['sel'] as $id=>$sel)
{
// Load data for the ID
- $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($admin, $act, $wht, $mode) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Remove entries
foreach ($_POST['sel'] as $id=>$sel)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
array(bigintval($id)),__FILE__, __LINE__);
}
elseif (isset($_POST['add']))
{
// Check if everything is fine...
- $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
array(bigintval($_POST['admin_id'])), __FILE__, __LINE__);
list($mode) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH))
{
// Main or sub menu selected
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' AND what_menu='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
{
switch ($_GET['do'])
{
case "edit": // Change categories
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%d WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%s WHERE id=%s LIMIT 1",
array($cat, $_POST['vis'][$id], $_POST['sort'][$id], $id), __FILE__, __LINE__);
$TEXT = CATEGORIES_SAVED;
break;
case "del": // Delete categories
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s",
array($id), __FILE__, __LINE__);
$TEXT = CATEGORIES_DELETED;
break;
foreach ($_POST['sel'] as $id=>$value)
{
// Load data of category
- $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($cat) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
foreach ($_POST['sel'] as $id=>$value)
{
// Load data from the category
- $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($cat, $vis, $sort) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
switch ($_GET['do'])
{
case "edit": // Change entries
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%s LIMIT 1",
array(bigintval($_POST['val'][$id]), $_POST['comm'][$id], $id),__FILE__, __LINE__);
$TEXT = MRECEIVE_SAVED;
break;
case "del":
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
$TEXT = MRECEIVE_DELETED;
break;
foreach ($_POST['sel'] as $id=>$value)
{
// Load data
- $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($value, $comment) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$SW = 2; $OUT = "";
foreach ($_POST['sel'] as $id=>$value) {
// Load data
- $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($value, $comment) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
foreach ($_POST['sel'] as $id=>$sel)
{
// Load module data
- $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($mod, $title, $locked, $hidden, $admin, $mem) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$id = bigintval($id);
// Update module
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%s LIMIT 1",
array($_POST['title'][$id], $_POST['locked'][$id], $_POST['hidden'][$id], $_POST['admin'][$id], $_POST['member'][$id], $id), __FILE__, __LINE__);
}
// Update entry
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_payout_types SET
type='%s',
-rate=%d,
-min_points=%d,
+rate=%s,
+min_points=%s,
allow_url='%s'
WHERE id='".$id."' LIMIT 1",
array(
foreach ($_POST['sel'] as $id=>$sel)
{
// Load data
- $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($title, $rate, $mpoi, $allow) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Delete entries
foreach ($_POST['sel'] as $id=>$sel)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
$msg = ADMIN_PAYOUT_ENTRIES_DELETED;
$id = bigintval($id);
// Load data
- $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
list($title, $rate, $mpoi) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$id = bigintval($id);
// Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refdepths SET level='%s', percents='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refdepths SET level='%s', percents='%s' WHERE id=%s LIMIT 1",
array(bigintval($value), $_POST['perc'][$id], $id), __FILE__, __LINE__);
}
$TEXT = REF_DEPTHS_SAVED;
case "del":
foreach ($_POST['id'] as $id=>$value)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
$TEXT = REF_DEPTHS_DELETED;
$SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_config SET
allow_direct_pay='%s',
reg_points_mode='%s',
-ref_payout='%d'
+ref_payout='%s'
WHERE config=0 LIMIT 1",
$_POST['allow_direct_pay'],
$_POST['reg_points_mode'],
if (($_CONFIG['ref_payout'] == 0) && ($_POST['ref_payout'] > 0))
{
// Update account's ref_payout for "must-confirm"
- $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=(%d - mails_confirmed)
-WHERE mails_confirmed < %d", $REF, $REF);
+ $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=(%s - mails_confirmed)
+WHERE mails_confirmed < %s", $REF, $REF);
}
elseif (($_CONFIG['ref_payout'] > 0) && ($_POST['ref_payout'] == 0))
{
$SW = 2; $OUT = "";
foreach ($_POST['sel'] as $id=>$value)
{
- $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($lvl, $perc) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$SW = 2; $OUT = "";
foreach ($_POST['sel'] as $id=>$value)
{
- $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($lvl, $perc) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
{
// Submitted data is valid, but maybe we already have this price level?
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d AND price_level='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
// Delete selected entries
foreach ($_POST['sel'] as $id=>$sel)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
$id = bigintval($id);
// Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%d, price_level='%s', points='%s', info='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
}
foreach ($_POST['sel'] as $id=>$sel)
{
// Load data to selected rallye
- $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
foreach ($_POST['sel'] as $id=>$sel)
{
// Load data to selected rallye
- $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
else
{
// A rallye was selected, so check if there are already prices assigned...
- $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+ $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
foreach ($_POST['sel'] as $id=>$value)
{
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_must_register SET field_required='%s' WHERE id=%d AND field_required != '%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_must_register SET field_required='%s' WHERE id=%s AND field_required != '%s' LIMIT 1",
array($value, bigintval($id), $value),__FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_settings_saved", false, REGISTER_ADMIN_CHANGES_SAVED);
if (!empty($_GET['mid'])) {
// Load email data
- $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
array(bigintval($_GET['mid'])), __FILE__, __LINE__);
// Delete mail only once
SEND_EMAIL($sender, MEMBER_ORDER_DELETED, $msg_user);
// Delete mail from queue
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
array(bigintval($_GET['mid'])), __FILE__, __LINE__);
// Fetch right stats_id from pool
$result = SQL_QUERY_ESC("SELECT s.id FROM "._MYSQL_PREFIX."_user_stats AS s
LEFT JOIN "._MYSQL_PREFIX."_pool AS p
ON s.pool_id=p.id
-WHERE s.pool_id=%d LIMIT 1",
+WHERE s.pool_id=%s LIMIT 1",
array(bigintval($_GET['mid'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Fetch stats id
SQL_FREERESULT($result);
// Get all user links
- $result = SQL_QUERY_ESC("SELECT COUNT(id) AS 'cnt' FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d",
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) AS 'cnt' FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s",
array(bigintval($stats_id)), __FILE__, __LINE__);
// Get unconfirmed links for calculation of total points
}
// Remove links from DB
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s",
array(bigintval($stats_id)), __FILE__, __LINE__);
// Output link for manually removing stats entry
}
} elseif (!empty($_GET['pid'])) {
// Remove stats entries
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
array(bigintval($_GET['pid'])), __FILE__, __LINE__);
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_USER_STATS_REMOVED);
} elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) {
// Load data from bonus mail
- $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%d",
+ $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%s",
array(bigintval($_GET['bid'])), __FILE__, __LINE__);
// Delete mail only once
SQL_FREERESULT($result);
// Delete bonus mail entirely from database
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array(bigintval($_GET['bid'])), __FILE__, __LINE__);
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s",
array(bigintval($_GET['bid'])), __FILE__, __LINE__);
// Prepare data for the template
// Get the userid
$result = SQL_QUERY_ESC("SELECT userid, holiday_start, holiday_end
FROM "._MYSQL_PREFIX."_user_holidays
-WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
+WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
// Load data and free memory
// Update user's account
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
SET holiday_active='N', holiday_activated='0'
-WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
// Remove holiday
$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays
-WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
+WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
// Prepare loaded data for the
$content = array(
// Fetch data
$result_load = SQL_QUERY_ESC("SELECT holiday_start AS start, holiday_end AS end
FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result_load) == 1)
{
// Load data
// Delete one holiday request (for task)
$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
// Send email to user
$msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, $_GET['u_id']);
// Delete entries...
foreach ($_POST['sel'] as $id=>$sel)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_in WHERE trans_id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_in WHERE trans_id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_out WHERE trans_id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_out WHERE trans_id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
}
if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason']))))
{
// Delete users account
- $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result_user) == 1)
{
else
{
// Realy want to delete?
- $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if (isset($_POST['ok']))
{
// Make mail editable...
- $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
array(bigintval($_POST['id'])), __FILE__, __LINE__);
list($subj, $text, $url) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
subject='%s',
text='%s',
url='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
array(
addslashes($_POST['subj']),
addslashes($_POST['text']),
$result_main = false;
if (isset($_GET['u_id'])) {
// 0 1 2 3 4 5 6 7 8 9 10 11
- $result_main = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result_main = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
}
family='%s',
street_nr='%s',
country='%s',
-zip=%d,
+zip=%s,
city='%s',
email='%s'
".$ADD."
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
array(
substr($_POST['salut'], 0, 1),
$_POST['surname'],
while ($pool = SQL_FETCHROW($result))
{
// Check sent mails and clicks
- $result_mails = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+ $result_mails = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
array(bigintval($pool[0])), __FILE__, __LINE__);
list($sent, $clicks) = SQL_FETCHROW($result_mails);
SQL_FREERESULT($result_mails);
while ($pool = SQL_FETCHROW($result_list))
{
// Unconfirmed mails and sent mails
- $result_uncon = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+ $result_uncon = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
array(bigintval($pool[0])), __FILE__, __LINE__);
list($sent, $clicks) = SQL_FETCHROW($result_uncon);
SQL_FREERESULT($result_uncon);
// De/activate extension
$ACT = "N"; $EXT_LOAD_MODE = "deactivate";
if ($active == "N") { $ACT = "Y"; $EXT_LOAD_MODE = "activate"; }
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%d AND ext_active='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%s AND ext_active='%s' LIMIT 1",
array(bigintval($id), $active), __FILE__, __LINE__);
// Run embeded SQL commands
$active = $_POST['active'][$id];
if (GET_EXT_VERSION("sql_patches") >= "0.0.6") {
// Update also CSS column when extensions sql_patches is newer or exact v0.0.6
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1",
array($_POST['css'][$id], $active, $id), __FILE__, __LINE__);
} else {
// When extension is older than v0.0.6 there is no column for the CSS information
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%s LIMIT 1",
array($active, $id), __FILE__, __LINE__);
}
if (($sel == "Y") || ($sel == "N")) {
// Load required data
if (GET_EXT_VERSION("sql_patches") >= "0.0.6") {
- $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($name, $css, $active) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
} else {
- $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($name, $active) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Is the ID number valid and the task was found?
if (($id > 0) && ($task_found == 1)) {
// ID is valid so begin with registration, we first want to it's real name from task management (subject column)
- $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($subj) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if ($confirm == 1)
{
$cnt++;
- $query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($query) == 1)
{
if ($confirm == 1)
{
$cnt++;
- $query = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $query = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($query) == 1)
{
$sel = bigintval($sel);
// Update entry
- $query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
foreach ($_POST['sel'] as $sel=>$menu)
{
// Delete enty
- $query = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $query = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
$sel = bigintval($sel);
// Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
if ($confirm == 1)
{
$cnt++;
- $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ((!empty($tid)) && (!empty($fid)))
{
// Sort menu
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
}
}
if (!empty($_GET['u_id']))
{
// Check if the user already exists
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
while (list($cid, $cat) = SQL_FETCHROW($result_cats))
{
// Check user's selection
- $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
array(bigintval($_GET['u_id']), bigintval($cid)), __FILE__, __LINE__);
// Set selection
foreach ($_POST['id'] as $id=>$status)
{
// Load data from DB
- $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if (!empty($_GET['u_id'])) {
// Check if the user already exists
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
// Is there an entry?
// Grab user's all unconfirmed mails
if (EXT_IS_ACTIVE("bonus")) {
// Load bonus ID
- $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+ $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
} else {
// Load stats ID (2nd will be ignored later! But it is needed for the same fetchrow command)
- $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+ $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
}
// Some unconfirmed mails left
if ($_GET['del'] == "all") {
// Delete all unconfirmed mails by this user
- $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d LIMIT %s",
+ $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s LIMIT %s",
array(bigintval($_GET['u_id']), $nums), __FILE__, __LINE__);
// Prepare mail and send it away
switch ($type)
{
case "NORMAL":
- $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+ $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
$type = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM;
$LINK = "<A href=\"".URL."/mailid.php?uid=".$_GET['u_id']."&mailid=".$id."\" target=\"_blank\">".$id."</A>";
break;
case "BONUS":
- $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array(bigintval($id2)), __FILE__, __LINE__);
$type = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM;
$LINK = "<A href=\"".URL."/mailid.php?uid=".$_GET['u_id']."&bonusid=".$id2."\" target=\"_blank\">".$id2."</A>";
{
// Update database...
// First user's account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%s LIMIT 1",
array(bigintval($_POST['uid'])), __FILE__, __LINE__);
// Next the task system...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
array(bigintval($_POST['id'])), __FILE__, __LINE__);
// Send mail to user
if (!empty($_GET['pid']))
{
// First let's get the member's ID
- $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
array($_GET['pid']), __FILE__, __LINE__);
list($uid, $tuid, $points, $tstamp, $tpass) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0))
{
// Get task ID from database
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%d AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%s AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
list($task) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if ((!empty($task)) && (!empty($uid)) && ($uid > 0))
{
// Load user's data
- $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
list($email, $sex, $surname, $family) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (isset($_POST['ok']))
{
// Obtain payout type and other data
- $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
array(bigintval($_GET['pid'])), __FILE__, __LINE__);
list($ptype) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (!empty($ptype))
{
// Obtain data from payout type
- $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
array(bigintval($ptype)), __FILE__, __LINE__);
list($fuid, $fpass, $eurl, $eok, $failed, $eenc, $allow) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Clear task
if ($task > 0)
{
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
array(bigintval($task)),__FILE__, __LINE__);
}
// Clear payout request
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%s LIMIT 1",
array(bigintval($_GET['pid'])), __FILE__, __LINE__);
// Send out mail
if ($task > 0)
{
// Clear task
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
array(bigintval($task)), __FILE__, __LINE__);
}
// Clear payout request
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%s LIMIT 1",
array(bigintval($_GET['pid'])), __FILE__, __LINE__);
// Send out mail
switch ($_GET['activate'])
{
case "1": // Activate
- $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='Y' WHERE id=%d AND is_active='N' LIMIT 1";
+ $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='Y' WHERE id=%s AND is_active='N' LIMIT 1";
break;
case "0": // Deactivate
- $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='N' WHERE id=%d AND is_active='Y' LIMIT 1";
+ $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='N' WHERE id=%s AND is_active='Y' LIMIT 1";
break;
}
}
switch ($_GET['notify'])
{
case "1": // Activate
- $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='Y' WHERE id=%d AND send_notify='N' LIMIT 1";
+ $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='Y' WHERE id=%s AND send_notify='N' LIMIT 1";
break;
case "0": // Deactivate
- $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='N' WHERE id=%d AND send_notify='Y' LIMIT 1";
+ $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='N' WHERE id=%s AND send_notify='Y' LIMIT 1";
break;
}
}
switch ($_GET['auto'])
{
case "1": // Activate
- $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='Y' WHERE id=%d AND auto_add_new_user='N' LIMIT 1";
+ $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='Y' WHERE id=%s AND auto_add_new_user='N' LIMIT 1";
break;
case "0": // Deactivate
- $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='N' WHERE id=%d AND auto_add_new_user='Y' LIMIT 1";
+ $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='N' WHERE id=%s AND auto_add_new_user='Y' LIMIT 1";
break;
}
}
foreach ($_POST['sel'] as $id=>$sel)
{
// Remove selected rallye entirely...
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s",
array(bigintval($id)), __FILE__, __LINE__);
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s",
array(bigintval($id)), __FILE__, __LINE__);
}
foreach ($_POST['sel'] as $id=>$sel)
{
// Load rallye basic data
- $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($title, $descr, $templ, $start, $end, $min_users, $min_prices) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
elseif (($_GET['sub'] == "users") && ($_GET['rallye'] > 0))
{
// List users and their refs before start and current
- $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d ORDER BY userid",
+ $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s ORDER BY userid",
array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
$alogin = GET_ADMIN_LOGIN($aid);
// Count assigned prices
- $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d",
+ $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s",
array(bigintval($id)), __FILE__, __LINE__);
// Count joined userids
- $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d",
+ $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s",
array($id), __FILE__, __LINE__);
$joined = SQL_NUMROWS($result_user);
if (!empty($_GET['u_id']))
{
// Check if the user already exists
- $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
SQL_FREERESULT($result);
// Loads surname, family's name and the email address
- $result = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d",
+ $result = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
- $result_lck = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d AND status != 'CONFIRMED' ORDER BY userid",
+ $result_lck = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s AND status != 'CONFIRMED' ORDER BY userid",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
$menge = SQL_RESULT($result , 0, 0);
$menge_lck = SQL_RESULT($result_lck, 0, 0);
SQL_FREERESULT($result);
SQL_FREERESULT($result_lck);
- $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email, status, joined FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d ORDER BY userid",
+ $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email, status, joined FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s ORDER BY userid",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
OUTPUT_HTML(ADMIN_TOTAL_REFS_1."".ADMIN_USER_PROFILE_LINK($_GET['u_id'])."".ADMIN_TOTAL_REFS_2.$menge.ADMIN_TOTAL_REFS_3.$menge_lck.ADMIN_TOTAL_REFS_4."<br /><br />");
while ($row = SQL_FETCHROW($result))
{
// Check for referrals
- $result_refs = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d",
+ $result_refs = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s",
array(bigintval($row[0])), __FILE__, __LINE__);
$refs_cnt = SQL_RESULT($result_refs, 0, 0);
SQL_FREERESULT($result_refs);
// Unassign from tasks
foreach ($_POST['task'] as $id=>$sel)
{
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%s AND assigned_admin='%s' LIMIT 1",
array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
}
}
if ($_GET['type'] == "deleted")
{
// Delete task immediately
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1",
array(bigintval($id)),__FILE__, __LINE__);
}
else
{
// Mark task as to be deleted (purged by autppurge extension)
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='DELETED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='DELETED' WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
}
elseif ($_GET['mid'] > 0)
{
// Data in pool or in user_stats not found, so let's find out where data is missing
- $result1 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ $result1 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
array(bigintval($ID)), __FILE__, __LINE__);
- $result2 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+ $result2 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
array(bigintval($ID)), __FILE__, __LINE__);
if (SQL_NUMROWS($result1) == 1)
{
// Does the account exists? 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
$result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails, receive_mails, refid, status, REMOTE_ADDR, last_online, last_module, ref_clicks, total_logins, used_points, emails_sent, joined, last_update, last_profile_sent, notified, ref_payout".$MORE."
FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
array($uid), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
OPEN_TABLE("100%", "admin_content admin_content_align", "");
if (!empty($_GET['u_id']))
{
- $result_user = SQL_QUERY_ESC("SELECT status, sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT status, sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
$ACT = false;
if (SQL_NUMROWS($result_user) == 1)
ADD_MEMBER_SELECTION_BOX();
} elseif (!empty($_POST['lock'])) {
// Ok, lock the account!
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
{
$ACT = true;
} elseif (!empty($_POST['unlock'])) {
// Ok, unlock the account!
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
{
}
else
{
- $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ($confirm == 1)
{
$cnt++;
- $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ($confirm == 1)
{
$cnt++;
- $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ($confirm == 1)
{
$cnt++;
- $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
switch ($_POST['ok'])
{
case "edit": // Edit menu
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $_POST['sel_descr'][$sel], $sel), __FILE__, __LINE__);
break;
case "del": // Delete menu
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
array($sel), __FILE__, __LINE__);
break;
case "status": // Change status of menus
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
break;
}
if ((!empty($tid)) && (!empty($fid)))
{
// Sort menu
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
}
}
+++ /dev/null
-<?php
-// DEPRECATED!!!
-?>
$SW = 2; $OUT = "";
foreach ($_POST['sel'] as $id=>$value)
{
- $result = SQL_QUERY_ESC("SELECT time, mail_title FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT time, mail_title FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($time, $title) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$SW = 2; $OUT = "";
foreach ($_POST['sel'] as $id=>$value)
{
- $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($time, $pay, $title, $price) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$id = bigintval($id);
// Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%s LIMIT 1",
array($_POST['url'][$id], $_POST['alternate'][$id], $_POST['visible'], $id), __FILE__, __LINE__);
}
break;
foreach ($_POST['sel'] as $id=>$sel)
{
// Load data
- $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($url, $alt, $vis) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Delete banner
foreach ($_POST['sel'] as $id=>$sel)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
}
$ACTIONs[] = $act;
// Fix weight
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%s LIMIT 1",
array($cnt, bigintval($id)), __FILE__, __LINE__);
$REP += SQL_AFFECTEDROWS();
while (list($id) = SQL_FETCHROW($result_fix))
{
// Fix weight
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%s LIMIT 1",
array($cnt, bigintval($id)), __FILE__, __LINE__);
$REP += SQL_AFFECTEDROWS();
$REMOVED = 0; // Nothing is removed for now... ;-)
while (list($uid) = SQL_FETCHROW($result))
{
- $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_user) == 0)
{
// Ok, we found something to remove
- $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d",
+ $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s",
array(bigintval($uid)), __FILE__, __LINE__);
$REMOVED += SQL_AFFECTEDROWS();
}
$ACTIONS[] = $act;
// Fix weight
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%s LIMIT 1",
array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
$REP += SQL_AFFECTEDROWS();
while (list($id) = SQL_FETCHROW($result_fix))
{
// Fix weight
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%s LIMIT 1",
array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
$REP += SQL_AFFECTEDROWS();
$ACTIONS[] = $act;
// Fix weight
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%s LIMIT 1",
array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
$REP += SQL_AFFECTEDROWS();
while (list($id) = SQL_FETCHROW($result_fix))
{
// Fix weight
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%d LIMIT 1",
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%s LIMIT 1",
array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
$REP += SQL_AFFECTEDROWS();
// Select category
$CAT_TABS = "LEFT JOIN "._MYSQL_PREFIX."_user_cats AS c ON d.userid=c.userid";
$cat = bigintval($_POST['cat']);
- $CAT_WHERE = " AND c.cat_id=%d";
+ $CAT_WHERE = " AND c.cat_id=%s";
}
if (GET_EXT_VERSION("holiday") >= "0.1.3")
{
{
$CATS['id'][] = $id;
$CATS['name'][] = $cat;
- $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d",
+ $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s",
array(bigintval($id)), __FILE__, __LINE__);
$uid_cnt = "0";
while (list($ucat) = SQL_FETCHROW($result_uids))
{
$result_ver = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d AND status='CONFIRMED' AND receive_mails > 0".$MORE." LIMIT 1",
+WHERE userid=%s AND status='CONFIRMED' AND receive_mails > 0".$MORE." LIMIT 1",
array(bigintval($ucat)), __FILE__, __LINE__);
$uid_cnt += SQL_NUMROWS($result_ver);
+++ /dev/null
-<?php
-// OBSOLETE!
-?>
while (list($uid) = SQL_FETCHROW($result_main))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
{
// Ok, add points to used points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array(bigintval($_POST['points'], bigintval($uid))), __FILE__, __LINE__);
+ SUB_POINTS($uid, $_POST['points']);
// Load message and send it away
$msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $uid);
elseif (!empty($_GET['u_id']))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($_GET['u_id'])),__FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
{
// Ok, add to used points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array(bigintval($_POST['points']), bigintval($_GET['u_id'])), __FILE__, __LINE__);
-
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "sub", bigintval($_POST['points']));
- }
+ SUB_POINTS(bigintval($_GET['u_id']), $_POST['points']);
// Remember points in template
define('__POINTS_VALUE', bigintval($_POST['points']));
if ((substr($value, 0, 6) == "theme-") && (substr($value, -4) == ".zip"))
{
$name = substr($value, 6, -4);
- $file = PATH."themes/".$name."/theme.php";
+ $file = sprintf("%sthemes/%s/theme.php", PATH, $name);
$ver = trim(substr($response[$idx + 3], 4));
// Load version
$LANG_DUMMY[$k] = $v;
if ($v == "xx:xx") break;
$LANG[] = $v;
- }
+ } // END - foreach
// If language is found stop searching on matching line
foreach($LANG as $search) {
if (substr($search, 0, 3) == (GET_LANGUAGE().":")) { $INFO = substr($search, 3); break; }
- }
+ } // END - foreach
// Add informations to array
$THEMES['infos'][] = $INFO;
- }
- }
- }
+ } // END - if
+ } // END - if
+ } // END - foreach
// Ok, themes are on our server but maybe you have already installed them?
if (sizeof($THEMES['fname']) > 0) {
// Load template
LOAD_TEMPLATE("admin_theme_list");
- }
- else
- {
+ } else {
// All Themes are downloaded and installed
LOAD_TEMPLATE("admin_theme_installed", false, $count);
}
-}
- else
-{
+} else {
// No theme where found
LOAD_TEMPLATE("admin_theme_404");
}
+
//
?>
$id = bigintval($id);
// Unlock selected email
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%d AND data_type='ADMIN' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%s AND data_type='ADMIN' LIMIT 1",
array($id), __FILE__, __LINE__);
// Update wents fine?
if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) {
- // Order placed in queue... 0 1 2 3
- $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment
+ // Order placed in queue... 0 1 2 3 4
+ $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment, po.payment_id
FROM "._MYSQL_PREFIX."_pool AS po
INNER JOIN "._MYSQL_PREFIX."_payments AS pay
ON po.payment_id=pay.id
-WHERE po.id=%d
+WHERE po.id=%s
LIMIT 1",
array($id), __FILE__, __LINE__);
// Check for bonus extension version >= 0.4.4 for the order bonus
if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y")) {
// Add points directly
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%s LIMIT 1",
array(bigintval($DATA['sender'])), __FILE__, __LINE__);
// Subtract bonus points from system
// Check for surfbar extension
if (EXT_IS_ACTIVE("surfbar")) {
// Add the url
- $insertId = SURFBAR_ADMIN_ADD_URL($DATA['url'], $DATA['sender'], $DATA['payment']);
+ $insertId = SURFBAR_ADMIN_ADD_URL($DATA['url'], $DATA['sender'], $DATA['payment'], $DATA['payment_id']);
// Load email template
$msg_user = LOAD_EMAIL_TEMPLATE("order_accept_sb", $insertId, $DATA['sender']);
$id = bigintval($id);
// Load URL and subject from pool
- $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
// Load data
if ((empty($_POST['redirect'])) || ($_POST['redirect'] == "http://")) $_POST['redirect'] = URL;
// Redirect URL
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1",
array($_POST['redirect'], $id),__FILE__, __LINE__);
// Prepare data for the row template
// Is a user id given?
if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) {
// Load user data and display it
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
// Is a user account found?
if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime'))) {
// Get theme from profile
- $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($NewTheme) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Update last login
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
SET last_login=UNIX_TIMESTAMP()
-WHERE userid=%d AND last_login < (UNIX_TIMESTAMP() - %d)
+WHERE userid=%s AND last_login < (UNIX_TIMESTAMP() - %s)
LIMIT 1", array($GLOBALS['userid'], $_CONFIG['login_timeout']),
__FILE__, __LINE__);
if (SQL_AFFECTEDROWS($link) == 1) $bonus = true;
// Order number placed, is he also logged in?
if(IS_LOGGED_IN()) {
// Ok, test passed... :)
- $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
// Finally is the entry valid?
// Update counter
$_CONFIG['mad_counter'] = $total;
$_CONFIG['last_mad'] = time();
- $result_mad = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET mad_timestamp=%d, mad_count='%s' WHERE config=0 LIMIT 1",
+ $result_mad = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET mad_timestamp=%s, mad_count='%s' WHERE config=0 LIMIT 1",
array($_CONFIG['last_mad'], $_CONFIG['mad_counter']), __FILE__, __LINE__);
// Destroy cache
if (($rid > 0) && ($rid != $uid))
{
// Select the referral userid
- $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($rid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y"))
{
// Add points (directly only!)
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%s LIMIT 1",
array($_CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__);
// Subtract points from system
if (!empty($UID2)) $UID = $UID2;
} else {
// Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($UID), $hash), __FILE__, __LINE__);
list($dmy, $password, $online, $login) = SQL_FETCHROW($result);
}
$hash = generateHash($_POST['password']);
// ... and update database
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array($hash, $UID), __FILE__, __LINE__);
// No login bonus by default
&& set_session("lifetime", $l , $life, COOKIE_PATH));
// Update global array
- $GLOBALS['userid'] = $UID;
+ $GLOBALS['userid'] = bigintval($UID);
} else {
// Check for login data
$login = IS_LOGGED_IN();
if ($login) {
// Update database records
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1",
array(bigintval($UID)), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS($link) == 1) {
// Procedure to checking for login data
}
} else {
// Other account status?
- $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($UID)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
else
{
// Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1",
array(bigintval($UID), $_POST['email']), __FILE__, __LINE__);
}
if (SQL_NUMROWS($result) == 1)
{
// Ooppps, this was missing! ;-) We should update the database...
$NEW_PASS = GEN_PASS();
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s LIMIT 1",
array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__);
// Prepare data and message for email
}
// Test the refid (because some strange hackers... :-P)
- $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
{
//////////////////////////////
//
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
-VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
+VALUES ('%s', '%s', '%s', '%s', '%s', %s, '%s', '%s', %s, %s, %s, '%s', %s, %s, %s, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
array(
$countryRow,
SQL_ESCAPE(substr($_POST['sex'], 0, 1)),
$userid = bigintval($userid);
// Write his welcome-points
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=0 LIMIT 1",
array(bigintval($userid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
{
// Add only when the line was not found (maybe some more secure?)
$locked = "points";
if ($_CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')",
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%s, 0, '%s')",
array(bigintval($userid), $_CONFIG['points_register']), __FILE__, __LINE__);
// Update mediadata as well
foreach ($_POST['cat'] as $cat=>$joined) {
if ($joined == "Y") {
// Insert category entry
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)",
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%s, %s)",
array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__);
}
}
for ($idx = 1; $idx < 13; $idx++)
{
$month = $idx; if ($idx < 10) $month = "0".$idx;
- $months[$month] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE birth_month=%d AND status='CONFIRMED'",
+ $months[$month] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE birth_month=%s AND status='CONFIRMED'",
array(bigintval($month)), __FILE__, __LINE__));
}
foreach ($cats as $id=>$dummy)
{
// We only need id and nothing more to count...
- $cat_cnt[$id] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d",
+ $cat_cnt[$id] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s",
array(bigintval($id)), __FILE__, __LINE__));
}
}
// Run SQL command
-$result = SQL_QUERY_ESC("SELECT ".$data.", beg_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($uid), __FILE__, __LINE__);
+$result = SQL_QUERY_ESC("SELECT ".$data.", beg_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($uid), __FILE__, __LINE__);
list($uid, $clicks) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
{
case 'Y':
$sql = "";
- $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
array($UID, bigintval($cat)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_user) == 0)
break;
case 'N':
- $sql = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1";
+ $sql = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1";
break;
}
if (!empty($sql))
$JOINED_N = ' checked'; $JOINED_Y = "";
// Check category selection
- $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
array($UID, bigintval($id)), __FILE__, __LINE__);
// When we found an entry don't read it, just change the JOINED_x variables
// Check for running mail orders in pool
$result1 = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool
-WHERE sender=%d ORDER BY timestamp DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE sender=%s ORDER BY timestamp DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
// Check for sent mail orders in stats
$result2 = SQL_QUERY_ESC("SELECT timestamp_ordered FROM "._MYSQL_PREFIX."_user_stats
-WHERE userid=%d ORDER BY timestamp_ordered DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s ORDER BY timestamp_ordered DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
if ((SQL_NUMROWS($result1) == 1) || (SQL_NUMROWS($result2) == 1))
{
// Activate holiday system
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
SET holiday_active='N', holiday_activated=UNIX_TIMESTAMP()
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Prepare constants
{
// Okay, end the holiday here...
$result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
list($active, $locked) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
{
// Load data
$result = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
// Data was found
// Deactivate it now
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
SET holiday_active='N', holiday_activated='0'
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
// Remove entry
$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
// Send email to admin
SEND_ADMIN_NOTIFICATION(HOLIDAY_ADMIN_DEAC_SUBJ, "admin_holiday_deactivated", "", $GLOBALS['userid']);
{
// Check if user is in holiday...
$result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
list($active, $locked) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
case 'Y': // Display deactivation form
// Load starting and ending date
$result = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
// Data was found
// Remove entry and reload URL
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
SET holiday_active='N'
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
LOAD_URL("modules.php?module=login&what=holiday");
return;
}
if (isset($_POST['ok']))
{
// Save settings
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET html='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET html='%s' WHERE userid=%s LIMIT 1",
array($_POST['html'], $GLOBALS['userid']), __FILE__, __LINE__);
LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_SETTINGS_SAVED);
}
else
{
// Load template for changing settings
- $result = SQL_QUERY_ESC("SELECT html FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT html FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($mode) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
-}
- elseif (!IS_LOGGED_IN())
-{
+} elseif (!IS_LOGGED_IN()) {
LOAD_URL("modules.php?module=index");
}
// NEW: Fixed the Set of Cookies, you mus add right TimeSet, if you changed it in What_login.php! (eg. time()- cookieTime
-if (set_session("userid", "") && set_session("u_hash", "") && set_session("lifetime", ""))
-{
+if (destroy_user_session()) {
// Remove theme cookie as well
set_session("mxchange_theme", "");
// Destroy session here
@session_destroy();
-}
- else
-{
+} else {
// Cannot logout! :-(
$URL .= "&msg=".CODE_LOGOUT_FAILED;
}
-//
+// Load the URL
LOAD_URL($URL);
+
//
?>
if (EXT_IS_ACTIVE("country", true))
{
// New way 0 1 2 3 4 5 6 7 8 9 10 11 12 13
- $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(UID_VALUE), __FILE__, __LINE__);
}
else
{
// Old way 0 1 2 3 4 5 6 7 8 9 10 11 12 13
- $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(UID_VALUE), __FILE__, __LINE__);
}
$DATA = SQL_FETCHROW($result);
{
// New way 0 1 2 3 4 5 6 7 8 9 10 11 12 13
$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
-FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(UID_VALUE), __FILE__, __LINE__);
}
else
{
// Old way 0 1 2 3 4 5 6 7 8 9 10 11 12 13
$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
-FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(UID_VALUE), __FILE__, __LINE__);
}
case "save": // Save entered data
// Load old email / password: 0 1 2
- $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(UID_VALUE), __FILE__, __LINE__);
$DATA = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
sex='%s', surname='%s', family='%s',
street_nr='%s',
-country_code=%d, zip=%d, city='%s',
+country_code=%s, zip=%s, city='%s',
email='%s',
-birth_day=%d, birth_month=%d, birth_year=%d,
-max_mails=%d,
+birth_day=%s, birth_month=%s, birth_year=%s,
+max_mails=%s,
last_update=UNIX_TIMESTAMP()".$AND.",
notified='N',
last_profile_sent=UNIX_TIMESTAMP()
-WHERE userid=%d AND password='%s' LIMIT 1",
+WHERE userid=%s AND password='%s' LIMIT 1",
array(
$_POST['sex'],
$_POST['surname'],
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
sex='%s', surname='%s', family='%s',
street_nr='%s',
-country='%s', zip=%d, city='%s',
+country='%s', zip=%s, city='%s',
email='%s',
-birth_day=%d, birth_month=%d, birth_year=%d,
+birth_day=%s, birth_month=%s, birth_year=%s,
max_mails='%s',
last_update=UNIX_TIMESTAMP()".$AND.",
notified='N',
last_profile_sent=UNIX_TIMESTAMP()
-WHERE userid=%d AND password='%s' LIMIT 1",
+WHERE userid=%s AND password='%s' LIMIT 1",
array(
$_POST['sex'],
$_POST['surname'],
break;
case "notify": // Switch off notfication
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
$URL = URL."/modules.php?module=login&what=welcome&msg=".urlencode(PROFILE_UPDATED);
break;
ADD_DESCR("member", basename(__FILE__));
// Load status
-$result = SQL_QUERY_ESC("SELECT nl_receive, nl_until, nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT nl_receive, nl_until, nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($status, $until, $span) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if ((isset($_POST['ok'])) && ($status == "Y") && ($span == "0"))
{
// Save request
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_timespan='".(ONE_DAY * 30)."' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_timespan='".(ONE_DAY * 30)."' WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Load admin message
if (SQL_NUMROWS($result) == 0)
{
// Nickname not in use, so set it now
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nickname='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nickname='%s' WHERE userid=%s LIMIT 1",
array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__);
$content = NICKNAME_SAVED;
}
define('__MIN_VALUE', $_CONFIG['order_min']);
// Count unconfirmed mails
-$result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d",
+$result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s",
array($GLOBALS['userid']), __FILE__, __LINE__);
$links = SQL_NUMROWS($result_links);
SQL_FREERESULT($result_links);
$result_mmails = SQL_QUERY_ESC("SELECT userid, receive_mails, mail_orders, ".$HOLIDAY."
FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d AND max_mails > 0 LIMIT 1",
+WHERE userid=%s AND max_mails > 0 LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
$mmails = SQL_NUMROWS($result_mmails);
$HTML_EXT = EXT_IS_ACTIVE("html_mail");
// Now check his points amount
-$result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d",
+$result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s",
array($GLOBALS['userid']), __FILE__, __LINE__);
$TOTAL = "0";
SQL_FREERESULT($result_p);
// And subtract his used points...
- $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($p) = SQL_FETCHROW($result_p);
// Continue with the frametester, we first need to store the data temporary in the pool
//
// First we would like to store the data and get it's pool position back...
- $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND url='%s' AND timestamp > %d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND url='%s' AND timestamp > %s LIMIT 1",
array($GLOBALS['userid'], $_POST['url'], bigintval(time() - $_CONFIG['url_tlock'])), __FILE__, __LINE__);
$type = "TEMP"; $id = "0";
$result = SQL_QUERY_ESC("SELECT DISTINCT c.userid FROM "._MYSQL_PREFIX."_user_cats AS c
LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
ON c.userid=d.userid
-WHERE c.cat_id=%d AND c.userid != '%s' AND d.status='CONFIRMED' AND d.receive_mails > 0
+WHERE c.cat_id=%s AND c.userid != '%s' AND d.status='CONFIRMED' AND d.receive_mails > 0
".$ADD."
ORDER BY d.%s %s",
array(
{
// Check for his holiday status
$result_holiday = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1",
+WHERE userid=%s AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1",
array(bigintval($REC)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_holiday) == 1) $REC = 0; // Exclude user who are in holiday
subject='%s',
text='%s',
receivers='%s',
-payment_id=%d,
+payment_id=%s,
timestamp=UNIX_TIMESTAMP(),
url='%s',
-cat_id=%d,
-target_send=%d,
-zip=%d,
+cat_id=%s,
+target_send=%s,
+zip=%s,
html_msg='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
array(
$_POST['subject'],
$_POST['text'],
subject='%s',
text='%s',
receivers='%s',
-payment_id=%d,
+payment_id=%s,
timestamp=UNIX_TIMESTAMP(),
url='%s',
-cat_id=%d,
-target_send=%d,
-zip=%d
-WHERE id=%d LIMIT 1",
+cat_id=%s,
+target_send=%s,
+zip=%s
+WHERE id=%s LIMIT 1",
array(
$_POST['subject'],
$_POST['text'],
// Do we need to get the ID number?
if ($id == 0) {
// Order is placed as temporary. We need to get it's id for the frametester
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND subject='%s' AND payment_id=%d AND data_type='TEMP' AND timestamp=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND subject='%s' AND payment_id=%s AND data_type='TEMP' AND timestamp=%s LIMIT 1",
array(
$GLOBALS['userid'],
$_POST['subject'],
$CATS['name'][] = $cat;
// Select users in current category
- $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d AND userid != '%s' ORDER BY userid",
+ $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s AND userid != '%s' ORDER BY userid",
array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__);
$uid_cnt = "0";
$result_holiday = SQL_QUERY_ESC("SELECT DISTINCT d.userid FROM "._MYSQL_PREFIX."_user_data AS d
LEFT JOIN "._MYSQL_PREFIX."_user_holidays AS h
ON d.userid=h.userid
-WHERE d.userid=%d AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y'
+WHERE d.userid=%s AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y'
AND h.holiday_start < ".time()." AND h.holiday_end > ".time()."
LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_holiday) == 1)
if (!$HOL_ACTIVE)
{
// Check if the user want's to receive mails?
- $result_ver = SQL_QUERY_ESC("SELECT zip FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d".$HTML." AND receive_mails > 0 AND status='CONFIRMED' LIMIT 1",
+ $result_ver = SQL_QUERY_ESC("SELECT zip FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s".$HTML." AND receive_mails > 0 AND status='CONFIRMED' LIMIT 1",
array(bigintval($ucat)), __FILE__, __LINE__);
if ((SQL_NUMROWS($result_ver) == 1) && (!empty($_POST['zip'])) && ($_CONFIG['order_multi_page'] == "Y"))
switch ($_GET['msg'])
{
case CODE_URL_TLOCK:
- $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
array(bigintval($_GET['id'])), __FILE__, __LINE__);
// Load timestamp from last order
$OLD_ORDER = false; $subject = ""; $text = ""; $target = "";
// Check if we already have an order placed and make it editable
- $result = SQL_QUERY_ESC("SELECT subject, text, payment_id, timestamp, url, target_send, cat_id, zip FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND data_type='TEMP' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject, text, payment_id, timestamp, url, target_send, cat_id, zip FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND data_type='TEMP' LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
while (list($lvl, $per) = SQL_FETCHROW($result_depths))
{
// Load referral points
- $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=%d LIMIT 1",
+ $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=%s LIMIT 1",
array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_points) == 1)
{
// Free memory
SQL_FREERESULT($result_depths);
-$result = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($USED) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Load payout types
$result = SQL_QUERY_ESC("SELECT id, type, rate, min_points, allow_url
FROM "._MYSQL_PREFIX."_payout_types
-WHERE %d >= min_points
+WHERE %s >= min_points
ORDER BY type", array(str_replace(",", ".", $TPTS)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
FROM "._MYSQL_PREFIX."_user_payouts AS p
LEFT JOIN "._MYSQL_PREFIX."_payout_types AS t
ON p.payout_id = t.id
-WHERE p.userid = %d
+WHERE p.userid = %s
ORDER BY p.payout_timestamp DESC",
array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result_payouts) > 0)
else
{
// Chedk if he can get paid by selected type
- $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
array(bigintval($_GET['payout'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
define('PAYOUT_POINTS_VALUE', $PAYOUT);
// Subtract points from member's account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array($PAYOUT, $GLOBALS['userid']), __FILE__, __LINE__);
-
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $PAYOUT);
- }
+ SUB_POINTS($GLOBALS['userid'], $PAYOUT);
// Add entry to his tranfer history
if ($allow == "Y")
{
// Banner/textlink ordered
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, payout_id, payout_timestamp, status, target_url, link_text, banner_url)
-VALUES (%d, %d, %d, UNIX_TIMESTAMP(), 'NEW', '%s', '%s', '%s')",
+VALUES (%s, %s, %s, UNIX_TIMESTAMP(), 'NEW', '%s', '%s', '%s')",
array(
$GLOBALS['userid'],
bigintval($_POST['payout']),
{
// e-currency payout requested
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, target_account, target_bank, payout_id, payout_timestamp, status, password)
-VALUES (%d, %d, %d, '%s', %d, UNIX_TIMESTAMP(), 'NEW', '%s')",
+VALUES (%s, %s, %s, '%s', %s, UNIX_TIMESTAMP(), 'NEW', '%s')",
array(
$GLOBALS['userid'],
bigintval($_POST['payout']),
// Generate task
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, status, task_type, subject, text, task_created, userid)
-VALUES (0, 'NEW', 'PAYOUT_REQUEST', '[payout:] ".PAYOUT_REQUEST_ADMIN."', '%s', UNIX_TIMESTAMP(), %d)",
+VALUES (0, 'NEW', 'PAYOUT_REQUEST', '[payout:] ".PAYOUT_REQUEST_ADMIN."', '%s', UNIX_TIMESTAMP(), %s)",
array(
$msg_adm,
$GLOBALS['userid']
$REFS = "0";
// Load referral points
- $result_points = SQL_QUERY_ESC("SELECT points, locked_points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=%d LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
+ $result_points = SQL_QUERY_ESC("SELECT points, locked_points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=%s LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_points) == 1) {
list($points, $LOCKED) = SQL_FETCHROW($result_points);
SQL_FREERESULT($result_points);
}
// Load referral counts
- $result_refs = SQL_QUERY_ESC("SELECT counter FROM "._MYSQL_PREFIX."_refsystem WHERE userid=%d AND level='%s' LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
+ $result_refs = SQL_QUERY_ESC("SELECT counter FROM "._MYSQL_PREFIX."_refsystem WHERE userid=%s AND level='%s' LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_refs) == 1) {
list($REFS) = SQL_FETCHROW($result_refs);
SQL_FREERESULT($result_refs);
// Put rows to constant for the main template
define('__REF_LEVEL_ROWS', $OUT);
-$result = SQL_QUERY_ESC("SELECT used_points, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT used_points, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($USED, $PAY) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (GET_EXT_VERSION("user") >= "0.1.4") {
$ADD = ", emails_sent, emails_received";
}
- $result = SQL_QUERY_ESC("SELECT mails_confirmed".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT mails_confirmed".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
list($CONFIRMED, $SENT, $RECEIVED) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (GET_EXT_VERSION("bonus") >= "0.4.4") $ADD = ", bonus_ref, bonus_order, bonus_stats";
// Load data
- $result = SQL_QUERY_ESC("SELECT login_bonus, turbo_bonus".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT login_bonus, turbo_bonus".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// We don't add this points now. This will be done after each month
OPEN_TABLE("90%", "member_table member_content_align", "");
// Load current referral clicks
-$result = SQL_QUERY_ESC("SELECT ref_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT ref_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($c) = SQL_FETCHROW($result);
// Load waiting/pending orders
$result = SQL_QUERY_ESC("SELECT id, cat_id, payment_id, subject, url, timestamp, target_send, data_type, zip
FROM "._MYSQL_PREFIX."_pool
-WHERE sender=%d AND data_type != 'SEND'
+WHERE sender=%s AND data_type != 'SEND'
ORDER BY timestamp DESC",
array($GLOBALS['userid']), __FILE__, __LINE__);
// 0 1 2 3 4 5 6 7 8
$result = SQL_QUERY_ESC("SELECT id, cat_id, payment_id, subject, url, timestamp_ordered, max_rec, timestamp_send, clicks
FROM "._MYSQL_PREFIX."_user_stats
-WHERE userid=%d
+WHERE userid=%s
ORDER BY timestamp_ordered DESC",
array($GLOBALS['userid']), __FILE__, __LINE__);
);
// Construct template name
-$templateName = substr(basename(__FILE__), 5, -4)."_".strtolower($_CONFIG['surfbar_pay_model']);
+$templateName = "member_".substr(basename(__FILE__), 5, -4)."_".strtolower($_CONFIG['surfbar_pay_model']);
// Load the template
LOAD_TEMPLATE($templateName, false, $content);
+// Load surfbar link template
+LOAD_TEMPLATE("member_surfbar_link");
+
//
?>
if (!empty($_POST['member_theme']))
{
// Save theme to member's profile
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET curr_theme='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET curr_theme='%s' WHERE userid=%s LIMIT 1",
array($_POST['member_theme'], $GLOBALS['userid']), __FILE__, __LINE__);
// Set new theme for guests
while ($dir = readdir($handle))
{
// Construct absolute theme.php file name
- $theme = PATH."theme/".$dir."/"."theme.php";
+ $theme = sprintf("%stheme/%s/theme.php", PATH, $dir);
// Test it...
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' AND theme_active='Y' LIMIT 1",
array($dir), __FILE__, __LINE__);
- if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme)) && (SQL_NUMROWS($result) == 1))
- {
+ if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme)) && (SQL_NUMROWS($result) == 1)) {
// Free memory
SQL_FREERESULT($result);
ADD_DESCR("member", basename(__FILE__));
// Load data
-$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($opt_in) = SQL_FETCHROW($result);
{
case "new": // Start new transfer
// Get total points and subtract the balance amount from it = maximum transferable points
- $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND points > 0",
+ $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND points > 0",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($total) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Get totally used points and password
- $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($used, $pass) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
__FILE__, __LINE__);
// Add points to account *directly* ...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__);
// ... and add it to current user's used points
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array(bigintval($_POST['points']), $GLOBALS['userid']), __FILE__, __LINE__);
+ SUB_POINTS($GLOBALS['userid'], $_POST['points']);
// First send email to recipient
$msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID);
switch ($MODE)
{
case "list_in":
- $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
+ $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
$NOTHING = TRANSFER_NO_INCOMING_TRANSFERS;
define('__TRANSFER_SUM', TRANSFER_TOTAL_INCOMING);
define('__TRANSFER_TITLE', TRANSFER_LIST_INCOMING);
break;
case "list_out":
- $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
+ $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
$NOTHING = TRANSFER_NO_OUTGOING_TRANSFERS;
define('__TRANSFER_SUM', TRANSFER_TOTAL_OUTGOING);
define('__TRANSFER_TITLE', TRANSFER_LIST_OUTGOING);
) TYPE=HEAP", __FILE__, __LINE__);
// Let's begin with the incoming list
- $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY id LIMIT %s",
+ $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY id LIMIT %s",
array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
while ($DATA = SQL_FETCHROW($result))
{
SQL_FREERESULT($result);
// As the last table transfer data from outgoing table to temporary
- $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY id LIMIT %s",
+ $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY id LIMIT %s",
array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
while ($DATA = SQL_FETCHROW($result))
{
case "": // Overview page
// Check incoming transfers
- $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__);
list($dmy) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
// Check outgoing transfers
- $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__);
list($dmy) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (isset($_POST['ok']))
{
// Save settings
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%s LIMIT 1",
array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__);
// Rember for next switch() command
}
// Check for latest out-transfers
- $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%d ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%s ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
{
// Load template
if (EXT_IS_ACTIVE("bonus"))
{
// Load bonus ID
- $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY bonus_id DESC",
+ $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY bonus_id DESC",
array($GLOBALS['userid']), __FILE__, __LINE__);
}
else
{
// Don't load bonus ID
- $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY stats_id DESC",
+ $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY stats_id DESC",
array($GLOBALS['userid']), __FILE__, __LINE__);
}
switch ($type)
{
case "NORMAL":
- $result_data = SQL_QUERY_ESC("SELECT subject, subject, timestamp_ordered, cat_id, payment_id, pool_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+ $result_data = SQL_QUERY_ESC("SELECT subject, subject, timestamp_ordered, cat_id, payment_id, pool_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
$type = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM;
break;
case "BONUS":
- $result_data = SQL_QUERY_ESC("SELECT subject, text, timestamp, cat_id, points, id FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result_data = SQL_QUERY_ESC("SELECT subject, text, timestamp, cat_id, points, id FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array(bigintval($id2)), __FILE__, __LINE__);
$type = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM;
break;
if ($type == "NORMAL")
{
$pay = GET_PAY_POINTS($pay, "payment");
- $result_text = SQL_QUERY_ESC("SELECT text FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ $result_text = SQL_QUERY_ESC("SELECT text FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
array(bigintval($pool)), __FILE__, __LINE__);
list($text) = SQL_FETCHROW($result_text);
SQL_FREERESULT($result_text);
LOAD_TEMPLATE("member_welcome_header");
// Chedk if he is returning from a profile update notification
-$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE notified='Y' AND userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE notified='Y' AND userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
if ((SQL_NUMROWS($result) == 1) && (EXT_IS_ACTIVE("profile")))
$content['refid'] = bigintval($_CONFIG['wernis_refid']);
// Get WDS66 id
- $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Are there some entries?
$_GET['mode'] = "list";
// And load all rows!
- $result = SQL_QUERY_ESC("SELECT `id`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type` FROM "._MYSQL_PREFIX."_user_wernis WHERE `userid` = %d ORDER BY `wernis_timestamp` DESC",
+ $result = SQL_QUERY_ESC("SELECT `id`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type` FROM "._MYSQL_PREFIX."_user_wernis WHERE `userid` = %s ORDER BY `wernis_timestamp` DESC",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Load all rows
// Get WDS66 id
$content['wds66_id'] = "";
- $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Are there some entries?
$content['wds66_id'] = "";
// Get WDS66 id
- $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Are there some entries?
ADD_POINTS_REFSYSTEM($GLOBALS['userid'], bigintval($_POST['amount']), false, 0, false, "direct");
// Update the user data as well..
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `wernis_userid`=%d WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
// All done!
}
// Remove the points from the account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `used_points` = `used_points` + %d, `wernis_userid`=%d WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `used_points` = `used_points` + %s, `wernis_userid`=%s WHERE userid=%s LIMIT 1",
array(bigintval($_POST['amount']), bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
// All done!
}
// Update sending pool
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
// Finally is the entry valid?
UPDATE_LOGIN_DATA();
// Load personal data...
- $result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($sex, $sname, $fname, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Load mail again... 0 1 2 3 4 5 6 7
- $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s LIMIT 1",
array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
$DATA = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Update used points
$ADD = "";
if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1";
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s".$ADD." WHERE userid=%d LIMIT 1",
- array($USED, $GLOBALS['userid']), __FILE__, __LINE__);
+ SUB_POINTS($GLOBALS['userid']), $USED);
// Update mediadata as well
if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
}
// Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
// Get current month (2 digits)
$curr = date("m", time());
{
// Add points to user's account directly
$result_data = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points
-SET points=points+%s WHERE ref_depth=0 AND userid=%d LIMIT 1",
+SET points=points+%s WHERE ref_depth=0 AND userid=%s LIMIT 1",
array($points, bigintval($uid)), __FILE__, __LINE__);
// Update mediadata as well
}
// Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
// Get current month (2 digits)
$curr = date("m", time());
// Add points to user's account directly
$result_data = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points
-SET points=points+%s WHERE ref_depth=0 AND userid=%d LIMIT 1",
+SET points=points+%s WHERE ref_depth=0 AND userid=%s LIMIT 1",
array($points, bigintval($uid)), __FILE__, __LINE__);
// Update mediadata as well
}
// Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
// Get current month (2 digits)
$curr = date("m", time());
while(list($uid, $until) = SQL_FETCHROW($result))
{
// Update account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_receive='Y', nl_until='0' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_receive='Y', nl_until='0' WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
// Send email to him
// CFG: DEBUG-SQL (if enabled and DEBUG_MODE is enabled all SQL queries will be logged to debug.log)
define('DEBUG_SQL', false);
+// Default is not a frameset
+global $isFrameset;
+$isFrameset = false;
+
// Load library
require_once(PATH."inc/db/lib.php");
// Run daily reset
if ((date("d", $_CONFIG['last_update']) != date("d", time()) || ((isBooleanConstantAndTrue('DEBUG_MODE')))) && (!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($CSS != 1)) {
// Do daily things in external PHP file but only when script is completely setup
- $INC_POOL[] = PATH."inc/reset/reset_daily.php";
+ $INC_POOL[] = sprintf("%sinc/reset/reset_daily.php", PATH);
// Daily reset was run!
define('__DAILY_RESET', "1");
if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH')))
{
// Cookies are set with values, but are they valid?
- $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
} else {
// Maybe got locked etc.
//* DEBUG: */ echo __LINE__."!!!<br>";
- set_session("userid", "");
- set_session("u_hash", "");
- set_session("lifetime", "");
+ destroy_user_session();
// Remove array elements to prevent errors
unset($GLOBALS['userid']);
} else {
// Cookie data is invalid!
//* DEBUG: */ echo __LINE__."***<br>";
- set_session("userid", "");
- set_session("u_hash", "");
- set_session("lifetime", "");
// Remove array elements to prevent errors
unset($GLOBALS['userid']);
{
// Cookie data is invalid!
//* DEBUG: */ echo __LINE__."///<br>";
- set_session("userid", "");
- set_session("u_hash", "");
- set_session("lifetime", "");
+ destroy_user_session();
// Remove array elements to prevent errors
unset($GLOBALS['userid']);
if (!IS_LOGGED_IN()) return false;
// Load last module and last online time
- $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Load last module and online time
list($mod, $onl) = SQL_FETCHROW($result);
}
// Update last module / online time
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__);
}
} else {
// Destroy session, we cannot update!
- set_session("userid", "");
- set_session("u_hash", "");
- set_session("lifetime", "");
+ destroy_user_session();
}
}
//
global $_CONFIG, $DATA;
// Load hash
- $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result_main) == 1) {
// Load hash from database
$hash = generatePassString($hashDB);
if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) {
// Load user's data
- $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND password='%s' LIMIT 1",
array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Load the data
$ret = _CATEGORY_404;
// Lookup the category
- $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
array(bigintval($cid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Category found... :-)
$ret = _PAYMENT_404;
// Load payment data
- $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
array(bigintval($pid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Payment type found... :-)
function GET_PAY_POINTS($pid, $lookFor="price")
{
$ret = "-1";
- $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
array($lookFor, $pid), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
// Only when we got a real stats ID continue searching for the entry
$type = "NORMAL"; $rowName = "stats_id";
if ($bonus) { $type = "BONUS"; $rowName = "bonus_id"; }
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%d AND link_type='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%s AND link_type='%s' LIMIT 1",
array($rowName, $stats_id, bigintval($uid), $type), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
{
$DEPTH++;
}
+ // Percents and table
+ $percents = "percents"; if (isset($_CONFIG['db_percents'])) $percents = $_CONFIG['db_percents'];
+ $table = "refdepths"; if (isset($_CONFIG['db_table'])) $table = $_CONFIG['db_table'];
+
// Which points, locked or normal?
$data = "points"; if ($locked) $data = "locked_points";
- $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
//* DEBUG */ echo "+".SQL_NUMROWS($result_user).":".$points."+<br />\n";
if (SQL_NUMROWS($result_user) == 1) {
list ($ref, $email) = SQL_FETCHROW($result_user);
SQL_FREERESULT($result_user);
- $result = SQL_QUERY_ESC("SELECT percents FROM "._MYSQL_PREFIX."_refdepths WHERE level='%s' LIMIT 1",
- array(bigintval($DEPTH)), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE level='%s' LIMIT 1",
+ array($percents, $table, bigintval($DEPTH)), __FILE__, __LINE__);
//* DEBUG */ echo "DEPTH:".$DEPTH."<br />\n";
if (SQL_NUMROWS($result) == 1) {
list($per) = SQL_FETCHROW($result);
//* DEBUG */ echo "ADD:".$P."<br />\n";
// Update points...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=%s LIMIT 1",
array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) {
// First ref in this level! :-)
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)",
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%s, %s, %s)",
array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__);
}
if (empty($REF_LVL)) $REF_LVL = "0";
// Update counter
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%d AND level='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%s AND level='%s' LIMIT 1",
array(bigintval($uid), $REF_LVL), __FILE__, __LINE__);
// When no entry was updated then we have to create it here
}
// Check for his referral
- $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
list($ref) = SQL_FETCHROW($result);
module='%s',
action='%s',
what='%s',
-userid=%d,
-refid=%d,
+userid=%s,
+refid=%s,
is_member='%s',
is_admin='%s',
timestamp=UNIX_TIMESTAMP()
else
{
// No entry does exists so we simply add it!
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s', '%s', '%s', %d, %d, '%s', '%s', UNIX_TIMESTAMP(), '%s', '%s')",
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s', '%s', '%s', %s, %s, '%s', '%s', UNIX_TIMESTAMP(), '%s', '%s')",
array($mod, $act, $wht, bigintval($uid), bigintval($rid), $MEM, $ADMIN, $SID, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
}
// Purge old entries
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= (UNIX_TIMESTAMP() - %d)",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= (UNIX_TIMESTAMP() - %s)",
array($_CONFIG['online_timeout']), __FILE__, __LINE__);
}
// OBSULETE: Sends out mail to all administrators
if (empty($ret)) $ret = "***";
} else {
// Load from database
- $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
array(bigintval($aid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Fetch data
FROM "._MYSQL_PREFIX."_user_points AS p
LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
ON p.userid=d.userid
-WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE p.userid=%s", array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
// Save his points to add them to the jackpot
SQL_FREERESULT($result);
// Delete points entries as well
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d", array(bigintval($uid)), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__);
// Update mediadata as well
if (GET_EXT_VERSION("mediadata") >= "0.0.4")
}
// Delete category selections as well...
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s",
array(bigintval($uid)), __FILE__, __LINE__);
// Remove from rallye if found
if (EXT_IS_ACTIVE("rallye"))
{
- $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%d",
+ $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%s",
array(bigintval($uid)), __FILE__, __LINE__);
}
SEND_EMAIL($uid, ADMIN_DEL_ACCOUNT, $msg);
// Ok, delete the account!
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
}
//
function META_DESCRIPTION($mod, $wht)
return ((EXT_IS_ACTIVE("demo")) && (get_session('admin_login') == "demo"));
}
//
-function LOAD_CONFIG($no="0")
-{
+function LOAD_CONFIG($no="0") {
global $cacheArray;
$CFG_DUMMY = array();
//* DEBUG: */ echo gettype($cacheArray['config'][$no])."<br />\n";
foreach ($cacheArray['config'][$no] as $key=>$value) {
$CFG_DUMMY[$key] = $value;
- }
+ } // END - foreach
// Count cache hits if exists
if ((isset($CFG_DUMMY['cache_hits'])) && (EXT_IS_ACTIVE("cache"))) {
return $CFG_DUMMY;
}
// Gets the matching what name from module
-function GET_WHAT($MOD_CHECK)
-{
+function GET_WHAT($MOD_CHECK) {
$wht = "";
//* DEBUG: */ echo __LINE__."!".$MOD_CHECK."!<br />\n";
switch ($MOD_CHECK)
// Return status
return $ret;
}
+// Subtract points from database and mediadata cache
+function SUB_POINTS ($uid, $points) {
+ // Add points to used points
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%s LIMIT 1",
+ array($points, bigintval($uid)), __FILE__, __LINE__);
+
+ // Update mediadata as well
+ if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
+ // Update database
+ MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
+ } // END - if
+}
//
?>
$DATA[7] = COMPILE_CODE($DATA[7]);
// Set mail order as "active". That means it will be sent out
- $result_active = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='ACTIVE' WHERE id=%d AND data_type='NEW' LIMIT 1",
+ $result_active = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='ACTIVE' WHERE id=%s AND data_type='NEW' LIMIT 1",
array($DATA[0]), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS($result_active) == 1)
{
foreach ($RECEIVERS as $key=>$uid)
{
// Lookup user ID
- $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
// Is his data available?
SQL_FREERESULT($result_user);
// Do we have a stats entry?
- $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d AND userid=%d AND timestamp_ordered='%s' LIMIT 1",
+ $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s AND userid=%s AND timestamp_ordered='%s' LIMIT 1",
array($DATA[0], $DATA[1], $DATA[6]), __FILE__, __LINE__);
// If there's no stats entry add it!
array(bigintval($DATA[0]), bigintval($DATA[1]), bigintval($DATA[9]), bigintval($DATA[5]), $DATA[2], $DATA[7], $DATA[8], bigintval($DATA[6])), __FILE__, __LINE__);
// Receive it's ID for the links table
- $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d AND userid=%d AND timestamp_ordered='%s' LIMIT 1",
+ $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s AND userid=%s AND timestamp_ordered='%s' LIMIT 1",
array(bigintval($DATA[0]), bigintval($DATA[1]), bigintval($DATA[6])), __FILE__, __LINE__);
}
SEND_EMAIL($email, $DATA[2], $msg, $HTML);
// Count sent mails...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_sent=emails_sent+1 WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_sent=emails_sent+1 WHERE userid=%s LIMIT 1",
array(bigintval($DATA[1])), __FILE__, __LINE__);
if (GET_EXT_VERSION("user") >= "0.1.4")
{
// Update mails received for receiver
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
}
SEND_ADMIN_NOTIFICATION(ADMIN_SUBJ_SEND_DONE, "done-admin", $DATA[3], $uid);
// Get sender's data
- $result_sender = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result_sender = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($DATA[1])), __FILE__, __LINE__);
if (SQL_NUMROWS($result_sender) == 1)
{
}
// Set status to SEND because we completely send it away
- $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND', target_send='0', receivers='' WHERE id=%d LIMIT 1",
+ $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND', target_send='0', receivers='' WHERE id=%s LIMIT 1",
array(bigintval($DATA[0])), __FILE__, __LINE__);
// Update send-completed-time
- $result_user = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET timestamp_send=UNIX_TIMESTAMP() WHERE pool_id=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET timestamp_send=UNIX_TIMESTAMP() WHERE pool_id=%s LIMIT 1",
array(bigintval($DATA[0])), __FILE__, __LINE__);
$LAST_SENT_ID = $DATA[0]; $cnt = "0";
// There are some mails left to send for next round, so we reset the status back to NEW (=still not fully delivered)
$ADD = "";
if ($cnt <= $DATA[8]) $ADD = ", target_send=target_send-".$cnt;
- $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW', receivers='%s'".$ADD." WHERE id=%d LIMIT 1",
+ $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW', receivers='%s'".$ADD." WHERE id=%s LIMIT 1",
array(implode(";", $dummy), bigintval($DATA[0])), __FILE__, __LINE__);
//* DEBUG: */ echo"*EXIT/L:".__LINE__."*<br />";
if (($RECEIVERS[0] == "0") || (empty($RECEIVERS[0])))
{
// List was empty
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND' WHERE id=%s LIMIT 1",
array(bigintval($DATA[0])), __FILE__, __LINE__);
}
else
{
// User does not exists, pay points back
$points = GET_PAY_POINTS($DATA[5]);
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
array($points, bigintval($DATA[1])), __FILE__, __LINE__);
// Update mediadata as well
unset($dummy[$key]);
// Update receivers
- $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET receivers='%s' WHERE id=%d LIMIT 1",
+ $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET receivers='%s' WHERE id=%s LIMIT 1",
array(implode(";", $dummy), bigintval($DATA[0])), __FILE__, __LINE__);
}
}
if (($PB > 0) && ($uid > 0))
{
// We have to pay back some points to the sender (we add them directly :-P)
- $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
$DATA[10] = $PB; $DATA[11] = $cnt_back[$uid];
if (SQL_NUMROWS($result) == 1)
$DATA[8] = COMPILE_CODE($DATA[8]);
// Message is active in queue
- $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='QUEUE' WHERE id=%d LIMIT 1",
+ $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='QUEUE' WHERE id=%s LIMIT 1",
array(bigintval($DATA[0])), __FILE__, __LINE__);
// "Explode" all receivers into an array
{
// Load personal data
//* DEBUG: */ echo "*L:".__LINE__."/".$uid."*<br />";
- $result_user = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
// Is his data available?
if (GET_EXT_VERSION("user") >= "0.1.4")
{
// Update mails received for receiver
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
}
if (SELECTION_COUNT($dummy) == 0)
{
// Queue reached!
- $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='SEND', target_send='0', receivers='' WHERE id=%d LIMIT 1",
+ $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='SEND', target_send='0', receivers='' WHERE id=%s LIMIT 1",
array(bigintval($DATA[0])), __FILE__, __LINE__);
//* DEBUG: */ echo "*L:".__LINE__."*<br />";
elseif ($cnt >= $_CONFIG['max_send'])
{
// Update bonus pool
- $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='NEW', target_send=%d, receivers='%s' WHERE id=%d LIMIT 1",
+ $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='NEW', target_send=%s, receivers='%s' WHERE id=%s LIMIT 1",
array(SELECTION_COUNT($dummy), implode(";", $dummy), bigintval($DATA[0])), __FILE__, __LINE__);
//* DEBUG: */ echo "*L:".__LINE__."<PRE>";
//* DEBUG: */ print_r($dummy);
SEND_EMAIL($DATA[1], PROFILE_OUTDATED, $msg);
// Update profile data
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_profile_sent=UNIX_TIMESTAMP(), notified='Y' WHERE userid=%d LIMIT 1",
+ $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_profile_sent=UNIX_TIMESTAMP(), notified='Y' WHERE userid=%s LIMIT 1",
array(bigintval($DATA[0])), __FILE__, __LINE__);
}
}
}
// Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
// Reset accounts
$result = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=0.00000 WHERE beg_points > 0",
}
// Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
// Reset accounts
$result = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=0, login_bonus=0, bonus_order=0, bonus_stats=0, bonus_ref=0",
while (list($uid) = SQL_FETCHROW($result_daily))
{
$result_points = SQL_QUERY_ESC("SELECT ref_depth, locked_points FROM "._MYSQL_PREFIX."_user_points
-WHERE userid=%d AND locked_points != 0.00000 ORDER BY ref_depth",
+WHERE userid=%s AND locked_points != 0.00000 ORDER BY ref_depth",
array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_points) > 0)
{
while (list($dep, $locked) = SQL_FETCHROW($result_points))
{
$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s, locked_points=0.00000
-WHERE userid=%d AND ref_depth=%d LIMIT 1",
+WHERE userid=%s AND ref_depth=%s LIMIT 1",
array($locked, bigintval($uid), $dep), __FILE__, __LINE__);
// Update mediadata as well
}
// Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
//
?>
}
// Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || ((!defined('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET"))) return;
+if (($CSS == 1) || ((!isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET"))) return;
// Check for holidays we need to enable and send email to user
$result_main = SQL_QUERY("SELECT userid, holiday_activated FROM "._MYSQL_PREFIX."_user_data
{
// Check if his holiday can be activated
$result_holiday = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d AND holiday_start <= ".time()." AND holiday_end > ".time()." LIMIT 1",
+WHERE userid=%s AND holiday_start <= ".time()." AND holiday_end > ".time()." LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_holiday) == 1)
{
// Update account
$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET holiday_active='Y'
-WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
}
// Free memory
set_session("refid", $GLOBALS['refid']);
}
+// Transfer userid from session and validate it
+if (isset($_SESSION['userid'])) {
+ // Get it secured from session
+ $GLOBALS['userid'] = bigintval($_SESSION['userid']);
+
+ // Is it valid?
+ if (!IS_LOGGED_IN()) {
+ // Then destroy the user id
+ destroy_user_session();
+ } // END - if
+}
+
// Test session if index.php or modules.php is loaded
if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (isBooleanConstantAndTrue('mxchange_installing'))) {
if (count($_SESSION) > 0) {
while(list($id, $uid, $subj, $stamp, $clicks, $url) = SQL_FETCHROW($result_bonus))
{
// Add points
- $result_points = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_stats=bonus_stats+%s WHERE userid=%d LIMIT 1",
+ $result_points = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_stats=bonus_stats+%s WHERE userid=%s LIMIT 1",
array($_CONFIG['bonus_stats'], bigintval($uid)), __FILE__, __LINE__);
// Prepare array
SEND_EMAIL($uid, BONUS_MEMBER_STATS_SUBJECT, $msg);
// Update database
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET bonus_stats='Y' WHERE id=%d LIMIT 1",
+ $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET bonus_stats='Y' WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
return $ret;
}
-function THEME_SELECTION_BOX($mod, $act, $wht, $result)
-{
+function THEME_SELECTION_BOX($mod, $act, $wht, $result) {
// Construction URL
global $currTheme;
$FORM = URL."/modules.php?module=".$mod;
);
// Load all themes
- while(list($theme) = SQL_FETCHROW($result))
- {
+ while(list($theme) = SQL_FETCHROW($result)) {
// Load it's theme.php file
- $INC = PATH."theme/".$theme."/theme.php";
- if (file_exists($INC))
- {
+ $INC = sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($theme));
+ if ((file_exists($INC)) && (is_readable($INC))) {
// And save all data in array
- include($INC);
+ require($INC);
$THEMES['theme_unix'][] = $theme;
$THEMES['theme_name'][] = $THEME_NAME;
- }
- }
+ } // END - if
+ } // END - while
// Sort whole array by title
array_pk_sort($THEMES, array("theme_name"));
// Construct selection form for the box template
$OUT = "";
- foreach ($THEMES['theme_unix'] as $key=>$theme)
- {
+ foreach ($THEMES['theme_unix'] as $key => $theme) {
$OUT .= " <OPTION value=\"".$theme."\"";
if ($theme == $currTheme) $OUT .= " selected=\"selected\"";
$OUT .= ">".$THEMES['theme_name'][$key]."</OPTION>\n";
- }
+ } // END - foreach
// Return generated selection
define('__THEME_SELECTION_OPTIONS', $OUT);
if (empty($_POST['new_theme'])) $_POST['new_theme'] = "";
// Check if new theme is selcted
-if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $currTheme))
-{
+if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $currTheme)) {
// Set new theme for guests
$NewTheme = $_POST['new_theme'];
set_session("mxchange_theme", $NewTheme);
// Remove current from array and set new
- $theme = PATH."theme/".$currTheme."/theme.php";
+ $theme = sprintf("%stheme/%s/theme.php", PATH, $currTheme);
unset($INC_POOL[array_search($theme, $INC_POOL)]);
- $INC_POOL[] = PATH."theme/".$NewTheme."/theme.php";
-}
+ $INC_POOL[] = sprintf("%stheme/%s/theme.php", PATH, $NewTheme);
+} // END - if
// Remove variable again
unset($_POST['new_theme']);
// Is the cookie set?
if (isSessionVariableSet('lead_uid')) {
// Is the user-account unlocked and valid?
- $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval(get_session('lead_uid'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Secure the ID number
// Maybe he wants to confirm an email?
if ($url_mid > 0) {
// Normal-Mails
- $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d AND userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s AND userid=%s LIMIT 1",
array($url_mid, $url_uid), __FILE__, __LINE__);
$type = "mailid"; $DATA = $url_mid;
} elseif ($url_bid > 0) {
// Bonus-Mail
- $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d AND userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s AND userid=%s LIMIT 1",
array($url_bid, $url_uid), __FILE__, __LINE__);
$type = "bonusid"; $DATA = $url_bid;
} else {
{
case "NORMAL":
// Is the stats ID valid?
- $result = SQL_QUERY_ESC("SELECT pool_id, url FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT pool_id, url FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
array($url_mid), __FILE__, __LINE__);
break;
case "BONUS":
// Bonus-Mails
- $result = SQL_QUERY_ESC("SELECT id, url FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id, url FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array($url_bid), __FILE__, __LINE__);
break;
}
SQL_FREERESULT($result);
// Is the user's ID unlocked?
- $result = SQL_QUERY_ESC("SELECT status, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT status, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($url_uid), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
list($status, $sex, $sname, $fname) = SQL_FETCHROW($result);
switch ($ltype)
{
case "NORMAL":
- $result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
array(bigintval($pool)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
break;
case "BONUS":
- $result = SQL_QUERY_ESC("SELECT points, time FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT points, time FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array($url_bid), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
// Maybe he wants to confirm an email?
if ($url_mid > 0)
{
- $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d AND userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s AND userid=%s LIMIT 1",
array($url_mid, $url_uid), __FILE__, __LINE__);
$type = "mailid"; $DATA = $url_mid;
}
elseif ($url_bid > 0)
{
- $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d AND userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s AND userid=%s LIMIT 1",
array($url_bid, $url_uid), __FILE__, __LINE__);
$type = "bonusid"; $DATA = $url_bid;
}
switch ($ltype)
{
case "NORMAL":
- $result_mailid = SQL_QUERY_ESC("SELECT pool_id, userid, id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+ $result_mailid = SQL_QUERY_ESC("SELECT pool_id, userid, id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
array($url_mid), __FILE__, __LINE__);
break;
case "BONUS":
- $result_mailid = SQL_QUERY_ESC("SELECT id, id, is_notify FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result_mailid = SQL_QUERY_ESC("SELECT id, id, is_notify FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array($url_bid), __FILE__, __LINE__);
break;
}
if ($ltype == "BONUS") $sender = 0;
// Is the user's ID unlocked?
- $result = SQL_QUERY_ESC("SELECT status, sex, surname, family, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT status, sex, surname, family, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($url_uid), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ($status == "CONFIRMED")
{
// Update last activity
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_online=UNIX_TIMESTAMP(), last_module='mailid_top' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_online=UNIX_TIMESTAMP(), last_module='mailid_top' WHERE userid=%s LIMIT 1",
array($url_uid), __FILE__, __LINE__);
// User has confirmed his account so we can procede...
switch ($ltype)
{
case "NORMAL":
- $result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
array(bigintval($pool)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
break;
case "BONUS":
- $result = SQL_QUERY_ESC("SELECT time, points FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT time, points FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
array(bigintval($pool)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
switch ($ltype)
{
case "NORMAL":
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET clicks=clicks+1 WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET clicks=clicks+1 WHERE id=%s LIMIT 1",
array($url_mid), __FILE__, __LINE__);
// Update mediadata as well
break;
case "BONUS":
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET clicks=clicks+1 WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET clicks=clicks+1 WHERE id=%s LIMIT 1",
array($url_bid), __FILE__, __LINE__);
// Update mediadata as well
if (GET_EXT_VERSION("user") >= "0.1.2")
{
// Update counter
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET mails_confirmed=mails_confirmed+1 WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET mails_confirmed=mails_confirmed+1 WHERE userid=%s LIMIT 1",
array($url_uid), __FILE__, __LINE__);
}
}
// Count down ref_payout value
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=ref_payout-1 WHERE userid=%d AND ref_payout > 0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=ref_payout-1 WHERE userid=%s AND ref_payout > 0 LIMIT 1",
array($url_uid), __FILE__, __LINE__);
// Add points
}
// Remove link from table
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE id=%s LIMIT 1",
array(bigintval($link_id)), __FILE__, __LINE__);
// Load total points
ADD_POINTS_REFSYSTEM($sender, $payment, false, 0, false, "direct");
// Remove link from table
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE id=%s LIMIT 1",
array(bigintval($link_id)), __FILE__, __LINE__);
// Load template
require ("inc/config.php");
// Check if logged in
-if (IS_LOGGED_IN())
-{
+if (IS_LOGGED_IN()) {
// Is still logged in so we welcome him with his name
- $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ if (SQL_NUMROWS($result) == 1) {
// Load surname and family's name and build the username
list($s, $f) = SQL_FETCHROW($result);
$username = $s." ".$f;
// Update only cookies and no login data!
UPDATE_LOGIN_DATA(false);
- }
- else
- {
+ } else {
// Hmmm, logged in and no valid cookies???
$username = "<I>"._UNKNOWN."</I>";
// Free memory
SQL_FREERESULT($result);
-}
- elseif (IS_ADMIN())
-{
+} elseif (IS_ADMIN()) {
$username = _ADMIN;
-}
- else
-{
+} else {
// He's a guest, hello there... ;-)
$username = _GUEST;
}
$URL .= bigintval($ref);
// Update ref counter
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%s LIMIT 1",
array(bigintval($ref)), __FILE__, __LINE__);
}
else
FROM "._MYSQL_PREFIX."_user_data AS d
RIGHT JOIN "._MYSQL_PREFIX."_bonus_turbo AS b
ON d.userid=b.userid
-WHERE d.status='CONFIRMED' AND d.userid=%d AND b.".$t."='%s' LIMIT 1",
+WHERE d.status='CONFIRMED' AND d.userid=%s AND b.".$t."='%s' LIMIT 1",
array(bigintval($_GET['uid']), bigintval($_GET['d'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
--- /dev/null
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 09/05/2008 *
+ * =============== Last change: 09/05/2008 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : surfbar.php *
+ * -------------------------------------------------------------------- *
+ * Short description : The surfbar itself *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Die Surfbar selbst *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
+require_once("inc/libs/security_functions.php");
+
+// Init "action" and "what"
+global $what, $action, $startTime, $SURFBAR_DATA;
+$SURFBAR_DATA = array();
+$GLOBALS['startTime'] = microtime(true);
+$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
+
+// Set module
+$GLOBALS['module'] = "surfbar";
+$GLOBALS['refid'] = 0;
+$CSS = 0;
+$msg = null;
+
+// Load the required file(s)
+require ("inc/config.php");
+
+// Is the script installed?
+if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed'))) {
+ // Only logged in users may use this surfbar!
+ if (!IS_LOGGED_IN()) {
+ // Redirect
+ LOAD_URL(URL."/modules.php?module=index");
+ } // END - if
+
+ // Is there a check value?
+ if ((isset($_GET['check'])) && (isset($_GET['id'])) && (isset($_GET['salt']))) {
+ // Dummy next id get
+ SURFBAR_GET_NEXT_ID($_GET['id']);
+
+ // Check validation code
+ if (SURFBAR_CHECK_VALIDATION_CODE($_GET['id'], $_GET['check'], $_GET['salt'])) {
+ // Lock the URL (id) down
+ SURFBAR_LOCKDOWN_ID($_GET['id']);
+
+ // Code is valid so pay points here
+ SURFBAR_PAY_POINTS($_GET['id']);
+ } // END - if
+
+ // Set footer (fixes notice)
+ $footer = 1;
+ } elseif (SURFBAR_CHECK_RELOAD_FULL()) {
+ // Reload-lock is full, surfbar stopped so...
+ // Load header
+ require_once(PATH."inc/header.php");
+
+ // Load template
+ LOAD_TEMPLATE("surfbar_stopped");
+ } else {
+ // Prepare content
+ $content = "";
+
+ // Determine template name
+ $templateName = SURFBAR_DETERMINE_TEMPLATE_NAME();
+
+ // Frame "top" set?
+ if ((isset($_GET['frame'])) && ($_GET['frame'] == "top")) {
+ // Determine next id
+ $nextId = SURFBAR_GET_NEXT_ID();
+
+ // Is there a valid id?
+ if ($nextId > 0) {
+ // Then prepare other content
+ $content = array(
+ 'id' => $nextId,
+ 'check' => SURFBAR_GENERATE_VALIDATION_CODE($nextId),
+ 'salt' => $SURFBAR_DATA['salt'],
+ 'reward' => TRANSLATE_COMMA(SURFBAR_GET_REWARD($nextId)),
+ 'url' => SURFBAR_GET_URL($nextId),
+ 'curr_reload' => SURFBAR_GET_USER_RELOAD_LOCK(),
+ 'max_urls' => SURFBAR_GET_TOTAL_URLS(),
+ 'reload' => SURFBAR_GET_RELOAD_TIME($nextId)
+ );
+
+ // Update salt (double-call lock!)
+ SURFBAR_UPDATE_SALT();
+ } else {
+ // Change template name
+ $templateName = "surfbar_stopped";
+ }
+ } else {
+ // Load header in frameset mode
+ $isFrameset = true;
+ }
+
+ // Load header
+ require_once(PATH."inc/header.php");
+
+ // Load that template
+ LOAD_TEMPLATE($templateName, false, $content);
+ }
+
+ // Load footer
+ require_once(PATH."inc/footer.php");
+} else {
+ // You have to configure first!
+ LOAD_URL("install.php");
+}
+
+// Close any open database connection here
+SQL_CLOSE($link, __FILE__, __LINE__);
+
+// Really all done here... ;-)
+?>
+++ /dev/null
-<!-- OBSULETE -->
\ No newline at end of file
+++ /dev/null
-<!-- OBSULETE -->
\ No newline at end of file
+++ /dev/null
-<!-- OBSULETE -->
\ No newline at end of file
+++ /dev/null
-<!-- OBSULETE -->
\ No newline at end of file
+++ /dev/null
-<!-- OBSULETE! //-->
+++ /dev/null
-<!-- OBSULETE -->
\ No newline at end of file
+++ /dev/null
-<!-- OBSULETE!!! -->
\ No newline at end of file
+++ /dev/null
-<!-- DEPRECARED! //-->
+++ /dev/null
-<!-- DEPRECATED! //-->
+++ /dev/null
-<!-- DEPRECATED! //-->
+++ /dev/null
-<!-- DEPRECATED! //-->
+++ /dev/null
-<!-- DEPRECARED! //-->
+++ /dev/null
-<!-- DEPRECATED! //-->
+++ /dev/null
-<!-- DEPRECATED! //-->
+++ /dev/null
-<!-- DEPRECATED! //-->
+++ /dev/null
-<!-- OBSULETE! -->
\ No newline at end of file
-<FRAMESET rows="120,*" frameborder="no" framespacing="0" border="0">
- <FRAME
- src="{!URL!}/mailid_top.php?uid={!_UID_VALUE!}&{!_TYPE_VALUE!}={!_DATA_VALUE!}"
- name="mailid_top">
- <FRAME src="{--_URL_VALUE!}" name="mailid_url">
-</FRAMESET>
\ No newline at end of file
+<frameset rows="120,*" frameborder="no" framespacing="0" border="0">
+ <frame name="mailid_top" src="{!URL!}/mailid_top.php?uid={!_UID_VALUE!}&{!_TYPE_VALUE!}={!_DATA_VALUE!}">
+ <frame name="mailid_url" src="{--_URL_VALUE!}">
+</frameset>
+<noframes>
+ Ihr Browser unterstützt keine frames!
+</noframes>
+++ /dev/null
-<!-- OBSULETE!!! -->
\ No newline at end of file
<!--
var Timer = "{--_TIME_VALUE!}";
-function Init()
-{
+function Init() {
var Counter = window.setInterval("StartCounter()", 1000);
}
-function StartCounter()
-{
+function StartCounter() {
+ if (Timer < 1) {
+ return false;
+ }
+
Timer--;
document.confirm.counter.value = Timer;
- if (Timer == 0)
- {
+ if (Timer == 0) {
document.location.href="{!URL!}/mailid_top.php?uid={!_UID_VALUE!}&{!_TYPE_VALUE!}={!_DATA_VALUE!}&mode=confirm&code={--_RAND_VALUE!}";
clearInterval(Counter);
}
+++ /dev/null
-<!-- OBSULETE! -->
\ No newline at end of file
+++ /dev/null
-<!-- OBSULETE! -->
\ No newline at end of file
--- /dev/null
+<div class="member_title2 dashed" style="width:600px;margin-top:10px">
+ >> <strong><a href="{!URL!}/surfbar.php" target="_blank">Jetzt die Surfbar starten!</a></strong> <<
+</div>
--- /dev/null
+<div class="member_table dashed" style="width:600px">
+ <div class="member_title2 bottom2">
+ <strong>Statisch vergütete Surfbar ist aktiv</strong>
+ </div>
+ <div style="padding:5px">
+ Bei der statischen Vergütung werden Ihnen derzeit
+ $content[surfbar_static_reward] {!POINTS!} für jede besuchte Seite
+ vergütet. Diese müssen Sie $content[surfbar_static_time]
+ lang angesehen haben und können die selbe Seite erst nach
+ $content[surfbar_static_lock] wieder aufrufen.
+ </div>
+</div>
-
-</TD>
+ </TD>
</TR>
-</TABLE>
\ No newline at end of file
+</TABLE>
<TABLE border="0" cellspacing="0" cellpadding="0" width="100%">
- <TR>
- <TD width="10" class="seperator"> </TD>
- <TD class="member_content">{--LAST_ONLINE--}: <STRONG>{!_LAST_ONLINE_VALUE!}</STRONG><br />
- {--LAST_MODULE--}: <STRONG>{!_LAST_MODULE_VALUE!}</STRONG></TD>
- </TR>
- <TR>
- <TD colspan="2" height="7" class="seperator"> </TD>
- </TR>
- <TR>
- <TD colspan="2" align="center" class="member_content">
\ No newline at end of file
+<TR>
+ <TD width="10" class="seperator"> </TD>
+ <TD class="member_content">{--LAST_ONLINE--}: <STRONG>{!_LAST_ONLINE_VALUE!}</STRONG><br />
+ {--LAST_MODULE--}: <STRONG>{!_LAST_MODULE_VALUE!}</STRONG></TD>
+</TR>
+<TR>
+ <TD colspan="2" height="7" class="seperator"> </TD>
+</TR>
+<TR>
+ <TD colspan="2" align="center" class="member_content">
--- /dev/null
+Deny from all\r
--- /dev/null
+<table border="0" cellspacing="0" cellpadding="0" class="surfbar_banner dashed" width="468" align="center">
+<tr>
+ <td height="60">
+ <!-- Hier kommt Ihr Code fuer 468x60-Banner rein! //-->
+ </td>
+</tr>
+</table>
--- /dev/null
+<table border="0" cellspacing="0" cellpadding="0" width="100%" class="surfbar_table">
+<tr>
+ <td class="surfbar_td">
+ »<span class="surfbar_points">$content[reward] {!POINTS!}</span> in
+ <span id="surfbar_counter">X</span> <span
+ id="counter_word">Sekunden</span>« »<span
+ class="surfbar_reload">$content[curr_reload]</span> von <span
+ class="surfbar_max">$content[max_urls]</span> im Reload«<br />
+
+ »<a href="$content[url]" target="_blank">Aktuelle Seite in neuem
+ Fenster öffnen</a>«<br /> [<a
+ href="{!URL!}/modules.php?module=index&what=logout">Ausloggen</a>|<a
+ href="javascript:close()">Schliessen</a>]
+
+ »{!MAIN_TITLE!} ist für den Inhalt nicht verantwortlich!«
+ </td>
+</tr>
+</table>
+<script language="JavaScript" type="text/javascript">
+<!--
+var currCounter = "$content[reload]";
+var maxCounter = "$content[reload]";
+var counter = document.getElementById("surfbar_counter");
+var countDown = null;
+
+function Init() {
+ countDown = window.setInterval("StartCounter()", 1000);
+ parent.surfbar_url.location.href = "$content[url]";
+}
+
+function Confirm() {
+ parent.surfbar_url.location="{!URL!}/surfbar.php?id=$content[id]&check=$content[check]&salt=$content[salt]";
+}
+
+function StartCounter() {
+ if (currCounter < 1) {
+ return false;
+ }
+
+ currCounter--;
+ counter.innerHTML = currCounter;
+
+ if (currCounter == 0) {
+ clearInterval(countDown);
+ Confirm();
+ this.location.reload();
+ }
+}
+
+counter.innerHTML = $content[reload];
+Init();
+
+//-->
+</script>
--- /dev/null
+<script language="JavaScript" type="text/javascript">
+<!--
+if (top.frames.length > 0) {
+ top.location.href=self.location;
+}
+//-->
+</script>
+<frameset rows="62,*" frameborder="no" border="0" framespacing="0">
+ <frameset cols="*,468" frameborder="no" border="0" framespacing="0">
+ <frame name="surfbar_top" src="{!URL!}/surfbar.php?frame=top" frameborder="no" scrolling="no" noresize>
+ <frame name="surfbar_banner" src="{!URL!}/surfbar.php?frame=banner" frameborder="no" scrolling="no" noresize>
+ </frameset>
+ <frame name="surfbar_url" src="about:blank" frameborder="no" scrolling="no" noresize>
+</frameset>
+<noframes>
+ Ihr Browser unterstützt keine Frames!
+</noframes>
--- /dev/null
+<div align="center">
+ <div class="member_table dashed" style="width:500px">
+ <div class="member_title2 bottom2">
+ <strong>Surfbar angehalten!</strong>
+ </div>
+
+ Keine URLs mehr verfürgbar oder Datenbankfehler liegt vor.
+ </div>
+</div>
$VIEW = 1;
// for later things... ;-)
- $result = SQL_QUERY_ESC("SELECT url FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT url FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
list($url) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET counter=counter+1 WHERE id=%d LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET counter=counter+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
$type = substr($url, -3);
@header ("Content-Type: image/".$type);
projects / mailer.git / commitdiff