require_once(PATH."inc/footer.php");
} elseif (($status != "CONFIRMED") && ($status != "failed")) {
// Maybe locked/unconfirmed account?
- switch ($status) {
- case "LOCKED" : $msg = CODE_ID_LOCKED ; break; // Locked account
- case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account
- }
+ $msg = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status);
} elseif (($uid == "0") || ($status == "failed")) {
// Inalid or locked account, so let's find out
$result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1",
// Is the script installed?
if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered'))) {
// Base URL for redirection
- $URL = URL."/modules.php?module=index&what=confirm&hash=";
+ $URL = "modules.php?module=index&what=confirm&hash=";
if (empty($_GET['hash'])) {
// No refid and we add our refid (don't forget to set $def_refid!)
- $URL = URL."/modules.php?module=index";
+ $URL = "modules.php?module=index";
} else {
// We have an refid here. So we simply add it
$URL .= $_GET['hash'];
define('START_YDAY', MAKE_TIME(0, 0, 0, time() - getConfig('one_day')));
define('START_TDAY', MAKE_TIME(0, 0, 0, time()));
-$COOKIES = substr(URL, strpos(substr(URL, 8), "/") + 8);
-if ((strpos($COOKIES, "/") == "0") && (strpos(substr(URL, 8), "/") > 0)) {
- // Script was installed into a sub directory
- if (substr($COOKIES, -1) != "/") $COOKIES .= "/";
-} else {
- // No more sub directories added to URL
- $COOKIES = "/";
-}
-
-// Cookie-Path ( for lame servers... ;-) )
-define('COOKIE_PATH', $COOKIES);
-
// Server-URL (DO NOT CHANGE THIS OR YOU CANNOT CHECK FOR UPDATES/EXTENSIONS!)
define('SERVER_URL', "http://www.mxchange.org");
// Calculate "entropy" with the prime number (for code generation)
define('_ADD', (_PRIME * _PRIME / (pi() * getConfig('code_length') + 1)));
-// Random number for e.g. "cache-buster" used in OpenX script
+// Random number for e.g. the "cache-buster" used in OpenX script
define('CACHE_BUSTER', mt_rand(1000000, 9999999));
// Extra title is empty by default
// Secure user ID
$GLOBALS['userid'] = bigintval(get_session('userid'));
- // Extract last online time (life) and how long is auto-login valid (time)
- $newl = time() + bigintval(get_session('lifetime'));
-
// Load last module and last online time
- $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+
+ // Entry found?
if (SQL_NUMROWS($result) == 1) {
// Load last module and online time
list($mod, $onl) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
// Maybe first login time?
if (empty($mod)) $mod = "login";
- if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", get_session('u_hash'), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) {
- // This will be displayed on welcome page! :-)
- if (empty($LAST['module'])) {
- $LAST['module'] = $mod; $LAST['online'] = $onl;
- } // END - if
+ // This will be displayed on welcome page! :-)
+ if (empty($LAST['module'])) {
+ $LAST['module'] = $mod; $LAST['online'] = $onl;
+ } // END - if
- // "what" not set?
- if (empty($GLOBALS['what'])) {
- // Fix it to default
- $GLOBALS['what'] = "welcome";
- if (getConfig('index_home') != "") $GLOBALS['what'] = getConfig('index_home');
- } // END - if
+ // "what" not set?
+ if (empty($GLOBALS['what'])) {
+ // Fix it to default
+ $GLOBALS['what'] = "welcome";
+ if (getConfig('index_home') != "") $GLOBALS['what'] = getConfig('index_home');
+ } // END - if
- // Update last module / online time
- SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",
- array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);
- }
+ // Update last module / online time
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",
+ array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);
} else {
// Destroy session, we cannot update!
destroy_user_session();
}
+
+ // Free the result
+ SQL_FREERESULT($result);
}
// Filter for checking admin ACL
$fp = @fopen($fqfn, 'a');
if ($inc == "dummy") {
// Remove dummy file
- @fclose($fp);
- return @unlink($fqfn);
+ fclose($fp);
+ return unlink($fqfn);
} else {
// Close all other files
- return @fclose($fp);
+ return fclose($fp);
}
}
// Open a table (you may want to add some header stuff here)
-function OPEN_TABLE($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_only=false) {
+// @DEPRECATED
+function OPEN_TABLE ($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_only=false) {
global $table_cnt;
// Count tables so we can generate CSS classes for every table... :-)
}
// Close a table (you may want to add some footer stuff here)
-function CLOSE_TABLE($ADD="") {
+// @DEPRECATED
+function CLOSE_TABLE( $ADD="") {
OUTPUT_HTML(" </TD>\n</TR>");
if (!empty($ADD)) OUTPUT_HTML($ADD);
OUTPUT_HTML("</TABLE>");
}
// Output HTML code directly or "render" it. You addionally switch the new-line character off
-function OUTPUT_HTML($HTML, $NEW_LINE = true) {
+function OUTPUT_HTML ($HTML, $NEW_LINE = true) {
// Some global variables
global $OUTPUT, $footer, $CSS;
// Don't de-refer our own links!
if (substr($URL, 0, strlen(URL)) != URL) {
// De-refer this link
- $URL = URL."/modules.php?module=loader&url=".urlencode(base64_encode(gzcompress($URL)));
+ $URL = "modules.php?module=loader&url=".urlencode(base64_encode(gzcompress($URL)));
} // END - if
// Return link
return $ret;
}
//
-function SET_LANGUAGE($lang) {
+function SET_LANGUAGE ($lang) {
// Accept only first 2 chars!
$lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2);
// Set cookie
- set_session("mx_lang", $lang);
+ set_session('mx_lang', $lang);
}
//
function LOAD_EMAIL_TEMPLATE($template, $content=array(), $UID="0") {
// Check if http(s):// is there
if ((substr($URL, 0, 7) != "http://") && (substr($URL, 0, 8) != "https://")) {
// Make all URLs full-qualified
- $URL = URL."/".$URL;
+ $URL = "".$URL;
}
// Get output buffer
// Add more additional data
if (isSessionVariableSet('u_hash')) $data .= ":".get_session('u_hash');
if (isset($GLOBALS['userid'])) $data .= ":".$GLOBALS['userid'];
- if (isSessionVariableSet('lifetime')) $data .= ":".get_session('lifetime');
if (isSessionVariableSet('mxchange_theme')) $data .= ":".get_session('mxchange_theme');
if (isSessionVariableSet('mx_lang')) $data .= ":".GET_LANGUAGE();
if (isset($GLOBALS['refid'])) $data .= ":".$GLOBALS['refid'];
// Return the value
return $value;
}
+
// Send notification to admin
function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content=array(), $uid="0") {
if (GET_EXT_VERSION("admins") >= "0.4.1") {
SEND_ADMIN_EMAILS($subject, $msg);
}
}
+
// Destroy user session
function destroy_user_session () {
+ // Reset userid
+ $GLOBALS['userid'] = 0;
+
// Remove all user data from session
- return ((set_session("userid", "")) && (set_session("u_hash", "")) && (set_session("lifetime", "")));
+ return ((set_session('userid', "")) && (set_session('u_hash', "")));
}
+
// Merges an array together but only if both are arrays
function merge_array ($array1, $array2) {
// Are both an array?
debug_print_backtrace();
die("</pre>");
}
+
// Debug message logger
function DEBUG_LOG ($file, $line, $message, $force=true) {
// Is debug mode enabled?
fclose($fp);
} // END - if
}
+
// Reads a directory with PHP files in and gets only files back
function GET_DIR_AS_ARRAY ($baseDir, $prefix) {
$INCs = array();
if (!isSessionVariableSet('mxchange_theme')) {
// Set default theme
- set_session("mxchange_theme", $ret);
+ set_session('mxchange_theme', $ret);
} elseif ((isSessionVariableSet('mxchange_theme')) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
//die("<pre>".print_r($cacheArray['themes'], true)."</pre>");
// Get theme from cookie
// Installation mode active
if ((!empty($_GET['theme'])) && (FILE_READABLE($theme))) {
// Set cookie from URL data
- set_session("mxchange_theme", SQL_ESCAPE($_GET['theme']));
+ set_session('mxchange_theme', SQL_ESCAPE($_GET['theme']));
} elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($_POST['theme'])))) {
// Set cookie from posted data
- set_session("mxchange_theme", SQL_ESCAPE($_POST['theme']));
+ set_session('mxchange_theme', SQL_ESCAPE($_POST['theme']));
}
// Set return value
$ret = get_session('mxchange_theme');
} else {
// Invalid design, reset cookie
- set_session("mxchange_theme", $ret);
+ set_session('mxchange_theme', $ret);
}
// Add (maybe) found theme.php file to inclusion list
return $content;
}
+// Generates an error code from given account status
+function GEN_ERROR_CODE_FROM_ACCOUNT_STATUS ($status) {
+ // Default error code if unknown account status
+ $ERROR = CODE_UNKNOWN_STATUS;
+
+ // Generate constant name
+ $constantName = sprintf("CODE_ID_%s", $status);
+
+ // Is the constant there?
+ if (defined($constantName)) {
+ // Then get it!
+ $ERROR = constant($constantName);
+ } else {
+ // Unknown status
+ DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown error status %s detected.", $status));
+ }
+
+ // Return error code
+ return $ERROR;
+}
+
//////////////////////////////////////////////////
-// //
// AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS //
-// //
//////////////////////////////////////////////////
//
if (!function_exists('html_entity_decode')) {
}
} // END - if
-//
+// [EOF]
?>
// Set default language
if (empty($mx_lang)) $mx_lang = DEFAULT_LANG;
+// Generate FQFN
+$FQFN = sprintf("%sinc/language/%s.php", PATH, $mx_lang);
+
// Look for file
-$file = sprintf("%sinc/language/%s.php", PATH, $mx_lang);
-if (!FILE_READABLE($file)) {
+if (!FILE_READABLE($FQFN)) {
// Switch to default (DO NOT CHANGE!!!)
- set_session("mx_lang", "de");
+ set_session('mx_lang', 'de');
$mx_lang = "de";
- $file = sprintf("%sinc/language/%s.php", PATH, "de");
+ $FQFN = sprintf("%sinc/language/%s.php", PATH, "de");
} // END - if
// Load language file
-require($file);
-unset($file);
+require($FQFN);
+unset($FQFN);
// Check for installation mode
if (isBooleanConstantAndTrue('mxchange_installing')) {
// Rewrite cookie when it's own account
if ($aid == $id) {
// Set timeout cookie
- set_session("admin_last", time());
+ set_session('admin_last', time());
if ($login != get_session('admin_login')) {
// Update login cookie
- set_session("admin_login", $login);
+ set_session('admin_login', $login);
// Update password cookie as well?
- if (!empty($ADD)) set_session("admin_md5", $hash);
+ if (!empty($ADD)) set_session('admin_md5', $hash);
} elseif (generateHash($POST['pass1'][$id], $salt) != get_session('admin_md5')) {
// Update password cookie
- set_session("admin_md5", $hash);
+ set_session('admin_md5', $hash);
}
} // END - if
default_acl='%s',
la_mode='%s'
WHERE id=%s LIMIT 1",
- array(
- $login,
- $POST['email'][$id],
- $POST['mode'][$id],
- $POST['la_mode'][$id],
- $id
-), __FILE__, __LINE__);
+ array(
+ $login,
+ $POST['email'][$id],
+ $POST['mode'][$id],
+ $POST['la_mode'][$id],
+ $id
+ ), __FILE__, __LINE__);
} else {
// Do not allow it here
SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
email='%s',
la_mode='%s'
WHERE id=%s LIMIT 1",
- array(
- $login,
- $POST['email'][$id],
- $POST['la_mode'][$id],
- $id
-), __FILE__, __LINE__);
+ array(
+ $login,
+ $POST['email'][$id],
+ $POST['la_mode'][$id],
+ $id
+ ), __FILE__, __LINE__);
}
// Purge cache
}
//
-function NICKNAME_IS_ACTIVE($uidNick)
-{
+function NICKNAME_IS_ACTIVE ($uidNick) {
+ global $cacheArray;
+
+ // By default nothing is found...
$ret = false;
- $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE (userid=%s AND userid > 0) OR nickname='%s' LIMIT 1",
- array(bigintval($uidNick), $uidNick), __FILE__, __LINE__);
- // Check existence of nickname
- if (SQL_NUMROWS($result) == 1) $ret = true;
+ // Found in cache?
+ if (isset($cacheArray['nick_active'][$uidNick])) {
+ // Use it directly
+ $ret = $cacheArray['nick_active'][$uidNick];
+
+ // Increment cache counter
+ incrementConfigEntry('cache_hits');
+ } else {
+ // Search in database
+ // @TODO Can we replace this with GET_TOTAL_DATA() ?
+ $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s OR nickname='%s' LIMIT 1",
+ array(bigintval($uidNick), $uidNick), __FILE__, __LINE__);
- // Free result
- SQL_FREERESULT($result);
+ // Check existence of nickname
+ $ret = (SQL_NUMROWS($result) == 1);
+
+ // Put it in cache
+ $cacheArray['nick_active'][$uidNick] = $ret;
+
+ // Free result
+ SQL_FREERESULT($result);
+ }
// Return nickname
return $ret;
}
+
//
-function NICKNAME_GET_NICK($userid)
-{
+function NICKNAME_GET_NICK ($userid) {
+ global $cacheArray;
+
// If not found...
$ret = "";
- // Search for non-empty nickname
- $result = SQL_QUERY_ESC("SELECT nickname FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND nickname != '' LIMIT 1",
- array(bigintval($userid)), __FILE__, __LINE__);
+ // Found in cache?
+ if (isset($cacheArray['nicknames'][$userid])) {
+ // Use it directly
+ $ret = $cacheArray['nicknames'][$userid];
- // Found?
- if (SQL_NUMROWS($result) == 1)
- {
- // Load nickname from database
- list($ret) = SQL_FETCHROW($result);
- }
+ // Increment cache counter
+ incrementConfigEntry('cache_hits');
+ } elseif (NICKNAME_IS_ACTIVE($userid)) {
+ // Search for non-empty nickname
+ $result = SQL_QUERY_ESC("SELECT nickname FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND nickname != '' LIMIT 1",
+ array(bigintval($userid)), __FILE__, __LINE__);
+
+ // Found?
+ if (SQL_NUMROWS($result) == 1) {
+ // Load nickname from database
+ list($ret) = SQL_FETCHROW($result);
- // Free result
- SQL_FREERESULT($result);
+ // Put it in cche
+ $cacheArray['nicknames'][$userid] = $ret;
+ } // END - if
+
+ // Free result
+ SQL_FREERESULT($result);
+ }
// Return nickname
return $ret;
}
+
+// Simple wrapper function
+function NICKNAME_PROBE_ON_USERID ($uid) {
+ return (NICKNAME_GET_NICK($uid) != "");
+}
+
//
?>
$api = new PrimeraApi($primusNick, $userMd5);
// Prepare purpose
- $eval = "\$purpose = \"".COMPILE_CODE(sprintf(PRIMERA_API_PURPOSE_WITHDRAW, $_COOKIE['sponsorid']))."\";";
+ $eval = "\$purpose = \"".COMPILE_CODE(sprintf(PRIMERA_API_PURPOSE_WITHDRAW, get_session('sponsorid')))."\";";
eval($eval);
// Pay the Primera
$_POST = $GLOBALS['_POST'];
}
-if (!isset($_COOKIE)) {
- global $_COOKIE;
- $_COOKIE = $GLOBALS['_COOKIE'];
-}
-
// Include IP-Filter here
//require("/usr/share/php/ipfilter.php");
$_POST[$seckey] = strip_tags($_POST[$seckey]);
}
}
-
- // ... and finally cookies
- foreach ($_COOKIE as $seckey => $secvalue) {
- if (is_array($secvalue)) {
- // Throw arrays away...
- unset($_COOKIE[$seckey]);
- } else {
- // Only variables are allowed (non-array) but we secure them all!
- foreach ($SEC_CHARS['from'] as $key => $char) {
- // Pass all through
- $_COOKIE[$seckey] = str_replace($char , $SEC_CHARS['to'][$key], $_COOKIE[$seckey]);
- }
-
- // Strip all other out
- $_COOKIE[$seckey] = strip_tags($_COOKIE[$seckey]);
- }
- }
}
// Activate caching or transparent compressing when it is not already done
}
//
-function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
-{
- $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false;
+function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) {
+ // Init a lot variables
+ $SAVE = true;
+ $UPDATE = false;
+ $skip = false;
+ $ALREADY = false;
$ret = "unused";
// Skip these entries
);
// Check if sponsor already exists
- foreach ($POST as $k => $v)
- {
- if (!(array_search($k, $SKIPPED) > -1))
- {
+ foreach ($POST as $k => $v) {
+ if (!(array_search($k, $SKIPPED) > -1)) {
// Check only posted input entries not the submit button
switch ($k)
{
case "email":
$ALREADY = false;
- if (!VALIDATE_EMAIL($v))
- {
+ if (!VALIDATE_EMAIL($v)) {
// Email address is not valid
$SAVE = false;
- }
- else
- {
+ } else {
// Do we want to add a new sponsor or update his data?
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
- array($POST['email']), __FILE__, __LINE__);
+ array($POST['email']), __FILE__, __LINE__);
// Is a sponsor alread in the db?
- if (SQL_NUMROWS($result) == 1)
- {
- // Free memory
- SQL_FREERESULT($result);
-
+ if (SQL_NUMROWS($result) == 1) {
// Yes, he is!
- if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE))
- {
+ if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) {
// Already found!
$ALREADY = true;
- }
- else
- {
+ } else {
// Update his data
$UPDATE = true;
}
}
+
+ // Free memory
+ SQL_FREERESULT($result);
}
break;
default:
// Test if there is are time selections
$TEST = substr($k, -3);
- if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v)))
- {
+ if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v))) {
// Found a multi-selection for timings?
$TEST = substr($k, 0, -3);
- if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2))
- {
+ if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2)) {
// Generate timestamp
$POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);
$DATA['keys'][] = $TEST;
$DATA['values'][] = $POST[$TEST];
// Remove data from array
+ // @TODO Do we still need this all?
unset($POST[$TEST."_ye"]);
unset($POST[$TEST."_mo"]);
unset($POST[$TEST."_we"]);
// Skip adding
$k = ""; $skip = true; $TEST2 = $TEST;
}
- }
- else
- {
+ } else {
$skip = false; $TEST2 = "";
}
break;
}
- if ((!empty($k)) && ($skip == false))
- {
+ if ((!empty($k)) && ($skip == false)) {
// Add data
$DATA['keys'][] = $k; $DATA['values'][] = $v;
}
}
// Save sponsor?
- if ($SAVE)
- {
+ if ($SAVE) {
// Default is no force even when a guest want to abuse this force switch
if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
$SQL = ""; $MSG = "";
// Update?
- if ($UPDATE)
- {
+ if ($UPDATE) {
// Update his data
$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET ";
- foreach ($DATA['keys'] as $k => $v)
- {
+ foreach ($DATA['keys'] as $k => $v) {
$SQL .= $v."='%s', ";
}
$DATA['values'][] = bigintval($_GET['id']);
// Generate message
- $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
+ $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
$ret = "updated";
- }
- elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN())))
- {
+ } elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) {
// Add new sponsor, first add more data
$DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
$DATA['keys'][] = "status";
- if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor"))
- {
+ if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) {
// Only allowed for admin
$DATA['values'][] = "PENDING";
- }
- else
- {
+ } elsen{
// Guest area
$DATA['values'][] = "UNCONFIRMED";
// Generate hash code
$DATA['keys'][] = "hash";
- $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
+ $DATA['values'][] = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA['keys'][] = "remote_addr";
$DATA['values'][] = GET_REMOTE_ADDR();
}
$SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')";
// Generate message
- $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
+ $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
$ret = "added";
- }
- elseif ((!$NO_UPDATE) && (IS_ADMIN()))
- {
+ } elseif ((!$NO_UPDATE) && (IS_ADMIN())) {
// Add all data as hidden data
$OUT = "";
- foreach ($POST as $k => $v)
- {
+ foreach ($POST as $k => $v) {
// Do not add 'force' !
- if ($k != "force")
- {
+ if ($k != "force") {
$OUT .= "<INPUT type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\">\n";
}
}
// Ask for adding a sponsor with same email address
LOAD_TEMPLATE("admin_add_sponsor_already");
return;
- }
- else
- {
+ } else {
// Already added!
$MSG = SPONSOR_ALREADY_FOUND_1.$POST['email'].SPONSOR_ALREADY_FOUND_2;
$ret = "already";
}
- if (!empty($SQL))
- {
+ if (!empty($SQL)) {
// Run SQL command
$result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__);
}
// Output message
- if ((!$NO_UPDATE) && (IS_ADMIN()))
- {
+ if ((!$NO_UPDATE) && (IS_ADMIN())) {
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
}
- }
- else
- {
+ } else {
// Error found!
- $MSG = SPONSOR_SET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
+ $MSG = SPONSOR_GET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
}
if ($RET_STATUS) return $ret;
}
//
-function SPONSOR_TRANSLATE_STATUS($status)
-{
+function SPONSOR_TRANSLATE_STATUS($status) {
switch ($status)
{
case "UNCONFIRMED":
return $ret;
}
// Search for an email address in the database
-function SPONSOR_FOUND_EMAIL_DB($email)
-{
- // Default status is failed (as it is always be...)
- $ret = false;
-
- // Check for email (and secure input)
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
- array($email), __FILE__, __LINE__);
-
+function SPONSOR_FOUND_EMAIL_DB ($email) {
// Do we already have the provided email address in our DB?
- if (SQL_NUMROWS($result) == 1) $ret = true;
+ $ret = (GET_TOTAL_DATA($email, "sponsor_data", "id", "email", true) == 1);
// Return result
return $ret;
}
//
-function SPONSOR_SET_MESSAGE($msg, $pos, $array)
-{
+function SPONSOR_GET_MESSAGE ($msg, $pos, $array) {
// Check if the requested message was found in array
- if (isset($array[$pos]))
- {
+ if (isset($array[$pos])) {
// ... if yes then use it!
$ret = $array[$pos];
- }
- else
- {
+ } else {
// ... else use default message
$ret = $msg;
}
// Return result
return $ret;
}
+
//
-function IS_SPONSOR()
-{
- global $_COOKIE;
+function IS_SPONSOR () {
// Failed...
$ret = false;
- if ((!empty($_COOKIE['sponsorid'])) && (!empty($_COOKIE['sponsorpass'])))
- {
+ if ((isSessionVariableSet('sponsorid'))) && (isSessionVariableSet('sponsorpass')))) {
// Check cookies against database records...
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data
WHERE id='%s' AND password='%s' AND status='CONFIRMED' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1) {
// All is fine
$ret = true;
}
return $OUT;
}
//
-function UPDATE_SPONSOR_LOGIN()
-{
- global $_COOKIE, $_CONFIG;
-
- // Check if cookies are set
- if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
+function UPDATE_SPONSOR_LOGIN () {
+ // Failed by default
+ $login = false;
- // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
- // seperate timeout for these two cookies?
- $life = (time() + getConfig('online_timeout'));
-
- // Is confirmed so both is fine and we can continue with login procedure
- $login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
- (setcookie("sponsorpass", $_COOKIE['sponsorpass'] , $life, COOKIE_PATH)));
-
- // Update database?
- if ($login)
- {
+ // Is sponsor?
+ if (IS_SPONSOR()) {
// Update last online timestamp
SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data
-SET last_online='".time()."'
+SET last_online=UNIX_TIMESTAMP()
WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
+
+ // This update went fine?
+ $login = (SQL_AFFECTEDROWS() == 1);
}
// Return status
return $login;
}
//
-function SPONSOR_SAVE_DATA($POST, $content)
-{
- global $_COOKIE, $_SERVER, $_GET;
+function SPONSOR_SAVE_DATA ($POST, $content) {
$EMAIL = false;
// Unsecure data which we don't want
$MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED;
// Check for submitted passwords
- if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
- {
+ if ((!empty($POST['pass1'])) && (!empty($POST['pass2']))) {
// Are both passwords the same?
- if ($_POST['pass1'] == $_POST['pass2'])
- {
+ if ($POST['pass1'] == $POST['pass2']) {
// Okay, then set password and remove pass1 and pass2
- $_POST['password'] = md5($_POST['pass1']);
+ $POST['password'] = md5($POST['pass1']);
}
}
// Remove all (maybe spoofed) unsafe data from array
- foreach ($UNSAFE as $remove)
- {
+ foreach ($UNSAFE as $remove) {
unset($POST[$remove]);
}
// Prepare SQL string
$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET";
- foreach ($POST as $key => $value)
- {
+ foreach ($POST as $key => $value) {
// Mmmmm, too less security here???
$SQL .= " ".strip_tags($key)."='%s',";
}
// Check if email has changed
- if ((!empty($content['email'])) && (!empty($POST['email'])))
- {
- if ($content['email'] != $POST['email'])
- {
+ if ((!empty($content['email'])) && (!empty($POST['email']))) {
+ if ($content['email'] != $POST['email']) {
// Change email address
$EMAIL = true;
$SQL .= " status='EMAIL', hash='%s',";
// Generate hash code
- $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
+ $HASH = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA[] = $HASH;
}
}
// Add SQL tail data
$SQL .= " WHERE id='%s' AND password='%s' LIMIT 1";
- $DATA[] = bigintval($_COOKIE['sponsorid']);
- $DATA[] = $_COOKIE['sponsorpass'];
+ $DATA[] = bigintval(get_session('sponsorid'));
+ $DATA[] = get_session('sponsorpass');
// Saving data was completed... ufff...
switch ($GLOBALS['what'])
{
case "account": // Change account data
- if ($EMAIL)
- {
+ if ($EMAIL) {
$MSG = SPONSOR_ACCOUNT_EMAIL_CHANGED;
$templ = "admin_sponsor_change_email";
$subj = ADMIN_SPONSOR_ACC_EMAIL_SUBJ;
$newTheme = $_POST['new_theme'];
// Change to new theme
- set_session("mxchange_theme", $newTheme);
+ set_session('mxchange_theme', $newTheme);
// Remove current from array and set new
$theme = sprintf("%stheme/%s/theme.php", PATH, $currTheme);
return $refid;
}
+// Do the user login
+function USER_DO_LOGIN ($uid, $passwd) {
+ // Add last_login if available
+ $LAST = "";
+ if (GET_EXT_VERSION("sql_patches") >= "0.2.8") {
+ $LAST = ", last_login";
+ } // END - if
+
+ // Check login data
+ $password = ""; $uid2 = ""; $dmy = ""; $online = 0; $login = 0;
+ if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($uid))) {
+ // Nickname entered
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
+ array($uid), __FILE__, __LINE__);
+ list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
+ if (!empty($uid2)) $uid = bigintval($uid2);
+ } else {
+ // Direct userid entered
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+ array($uid, $hash), __FILE__, __LINE__);
+ list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
+ }
+
+ // Is there an entry?
+ if ((SQL_NUMROWS($result) == 1) && ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid))) {
+ // Free result
+ SQL_FREERESULT($result);
+
+ // By default the hash is empty
+ $hash = "";
+
+ // Check for old MD5 passwords
+ if ((strlen($password) == 32) && (md5($passwd) == $password)) {
+ // Just set the hash to the password from DB... :)
+ $hash = $password;
+ } else {
+ // Hash password with improved way for comparsion
+ $hash = generateHash($passwd, substr($password, 0, -40));
+ }
+
+ if ($hash == $password) {
+ // New hashed password found so let's generate a new one
+ $hash = generateHash($passwd);
+
+ // ... and update database
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+ array($hash, $uid), __FILE__, __LINE__);
+
+ // No login bonus by default
+ // @TODO Make this filter working: $ADDON = RUN_FILTER('post_login_update', array('login' => $login, 'online' => $online));
+ $BONUS = false;
+
+ // Probe for last online timemark
+ $probe = time() - $online;
+ if (!empty($login)) $probe = time() - $login;
+ if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= getConfig('login_timeout'))) {
+ // Add login bonus to user's account
+ $ADD = sprintf(", login_bonus=login_bonus+%s",
+ (float)getConfig('login_bonus')
+ );
+ $BONUS = true;
+
+ // Subtract login bonus from userid's account or jackpot
+ if ((GET_EXT_VERSION("bonus") >= "0.3.5") && (getConfig('bonus_mode') != "ADD")) BONUS_POINTS_HANDLER('login_bonus');
+ } // END - if
+
+ // Init variables
+ $login = false;
+
+ // Calculate new hash with the secret key and master salt together
+ $hash = generatePassString($hash);
+
+ // Update global array
+ // @TODO Make this filter working: $URL = RUN_FILTER('do_login', array('uid' => $uid, 'hash' => $hash, 'addon' => $ADDON));
+ $GLOBALS['userid'] = $uid;
+
+ // Try to set session data (which shall normally always work!)
+ if ((set_session('userid', $uid )) && (set_session('u_hash', $hash))) {
+ // Update database records
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1",
+ array($uid), __FILE__, __LINE__);
+ if (SQL_AFFECTEDROWS() == 1) {
+ // Procedure to checking for login data
+ if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) {
+ // Bonus added (just displaying!)
+ $URL = "modules.php?module=chk_login&mode=bonus";
+ } else {
+ // Bonus not added
+ $URL = "modules.php?module=chk_login&mode=login";
+ }
+ } else {
+ // Cannot update counter!
+ $URL = "modules.php?module=index&what=login&login=".CODE_CNTR_FAILED;
+ }
+ } else {
+ // Cookies not setable!
+ $URL = "modules.php?module=index&what=login&login=".CODE_NO_COOKIES;
+ }
+ } elseif (GET_EXT_VERSION("sql_patches") >= "0.4.7") {
+ // Update failture counter
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1",
+ array($uid), __FILE__, __LINE__);
+
+ // Wrong password!
+ $URL = "modules.php?module=index&what=login&login=".CODE_WRONG_PASS;
+ }
+ } elseif ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid)) {
+ // Other account status?
+ // @TODO Can this query be saved???
+ $result = SQL_QUERY_ESC("SELECT status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
+ array($uid), __FILE__, __LINE__);
+
+ // Entry found?
+ if (SQL_NUMROWS($result) == 1) {
+ // Load status
+ list($status) = SQL_FETCHROW($result);
+
+ // Create an error code from given status
+ $ERROR = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status);
+ } else {
+ // ID not found!
+ $ERROR = CODE_WRONG_ID;
+ }
+
+ // Construct URL
+ $URL = "modules.php?module=index&what=login&login=".$ERROR;
+ } else {
+ // ID not found!
+ $URL = "modules.php?module=index&what=login&login=".CODE_WRONG_ID;
+ }
+
+ // Return URL
+ return $URL;
+}
+
+// Try to send a new password for the given user account
+function USER_DO_NEW_PASSWORD ($email, $uid) {
+ // Compile email when found in address (only secure chars!)
+ if (!empty($email)) $email = str_replace("{DOT}", '.', $email);
+
+ // Init result and error
+ $ERROR = "";
+ $result = false;
+
+ // Probe userid/nickname
+ if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($uid))) {
+ // Nickname entered
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' OR email='%s' LIMIT 1",
+ array($uid, $email), __FILE__, __LINE__);
+ } elseif (($uid > 0) && (empty($email))) {
+ // Direct userid entered
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
+ array(bigintval($uid)), __FILE__, __LINE__);
+ } elseif (!empty($email)) {
+ // Email entered
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1",
+ array($email), __FILE__, __LINE__);
+ } else {
+ // Userid not set!
+ DEBUG_LOG(__FUNCTION__, __LINE__, "Userid is not set! BUG!");
+ $ERROR = CODE_WRONG_ID;
+ }
+
+ // Any entry found?
+ if (SQL_NUMROWS($result) == 1) {
+ // This data is valid, so we create a new pass... :-)
+ list($uid, $status) = SQL_FETCHROW($result);
+
+ if ($status == "CONFIRMED") {
+ // Ooppps, this was missing! ;-) We should update the database...
+ $NEW_PASS = GEN_PASS();
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s LIMIT 1",
+ array(generateHash($NEW_PASS), $uid), __FILE__, __LINE__);
+
+ // Prepare data and message for email
+ $msg = LOAD_EMAIL_TEMPLATE("new-pass", array('new_pass' => $NEW_PASS), $uid);
+
+ // ... and send it away
+ SEND_EMAIL($uid, GUEST_NEW_PASSWORD, $msg);
+
+ // Output note to user
+ LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND);
+ } else {
+ // Account is locked or unconfirmed
+ $ERROR = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status);
+
+ // Load URL
+ LOAD_URL("modules.php?module=index&what=login&login=".$ERROR);
+ }
+ } else {
+ // ID or email is wrong
+ LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"guest_failed\">".GUEST_WRONG_ID_EMAIL."</SPAN>");
+ }
+
+ // Return the error code
+ return $ERROR;
+}
+
// [EOF]
?>
$RECEIVER = implode(";", $UIDs);
// Prepare URL
- $url = URL."/modules.php?module=index&what=login";
+ $URL = "modules.php?module=index&what=login";
// Insert mail
- ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('beg_notify_bonus'), getConfig('beg_notify_wait'), $url, 0, "normal", SQL_NUMROWS($result_main));
+ ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('beg_notify_bonus'), getConfig('beg_notify_wait'), $URL, 0, "normal", SQL_NUMROWS($result_main));
} // END - if
} // END - if
$RECEIVER = implode(";", $UIDs);
// Prepare URL
- $url = URL."/modules.php?module=index&what=login";
+ $URL = "modules.php?module=index&what=login";
// Insert mail
- ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('bonus_notify_points'), getConfig('bonus_notify_wait'), $url, 0, "normal", SQL_NUMROWS($result_main));
+ ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('bonus_notify_points'), getConfig('bonus_notify_wait'), $URL, 0, "normal", SQL_NUMROWS($result_main));
} // END - if
} // END - if
admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
if (!_FATAL) {
// Registering is done
- LOAD_URL(URL."/modules.php?module=admin&action=login®ister=done");
+ LOAD_URL("modules.php?module=admin&action=login®ister=done");
} else {
$ret = ADMIN_CANNOT_COMPLETE;
}
admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
// Load URL for login
- LOAD_URL(URL."/modules.php?module=admin&action=login");
+ LOAD_URL("modules.php?module=admin&action=login");
} // END - if
break;
}
// At leat one administrator account was created
if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) {
// Timeout for last login, we have to logout first!
- LOAD_URL(URL."/modules.php?module=admin&action=login&logout=1");
+ LOAD_URL("modules.php?module=admin&action=login&logout=1");
} // END - if
if (!empty($_GET['register'])) {
{
case "done": // Admin and password are okay, so we log in now
// Construct URL and redirect
- $URL = URL."/modules.php?module=admin&";
+ $URL = "modules.php?module=admin&";
// Rewrite overview module
if ($GLOBALS['what'] == "overview") {
switch ($ret)
{
case "done":
- // Cookie-Data accepted
- if ((set_session("admin_md5", get_session('admin_md5'))) && (set_session("admin_login", get_session('admin_login'))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) {
- // Ok, Cookie-Update done
- // Check for access control line of current menu entry
- define('__ACL_ALLOW', RUN_FILTER('check_admin_acl'));
+ // Check for access control line of current menu entry
+ define('__ACL_ALLOW', RUN_FILTER('check_admin_acl'));
- // When type of admin menu is not set fallback to old menu system
- if (getConfig('admin_menu') == null) $_CONFIG['admin_menu'] = "OLD";
+ // When type of admin menu is not set fallback to old menu system
+ if (getConfig('admin_menu') == null) $_CONFIG['admin_menu'] = "OLD";
- // Check for version and switch between old menu system and new "intelligent menu system"
- if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (FILE_READABLE(PATH."inc/modules/admin/lasys-inc.php"))) {
- // Default area is the entrance, of course
- $area = "entrance";
+ // Check for version and switch between old menu system and new "intelligent menu system"
+ if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (FILE_READABLE(PATH."inc/modules/admin/lasys-inc.php"))) {
+ // Default area is the entrance, of course
+ $area = "entrance";
- // Check for similar URL variable
- if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']);
+ // Check for similar URL variable
+ if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']);
- // Load "logical-area menu-system" file
- require_once(PATH."inc/modules/admin/lasys-inc.php");
+ // Load "logical-area menu-system" file
+ require_once(PATH."inc/modules/admin/lasys-inc.php");
- // Create new-style menu system will "logical areas"
- ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']);
- } else {
- // This little call constructs the whole default old and lacky menu system
- // on left side
- ADMIN_DO_ACTION($GLOBALS['what']);
- }
+ // Create new-style menu system will "logical areas"
+ ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']);
} else {
- // Login failed (cookies enabled?)
- OUTPUT_HTML("<STRONG class=\"admin_fatal\">".ADMIN_LOGIN_FAILED."</STRONG>");
- ADD_FATAL(CANNOT_RE_REGISTER_SESS);
+ // This little call constructs the whole default old and lacky menu system
+ // on left side
+ ADMIN_DO_ACTION($GLOBALS['what']);
}
break;
// Now set all session variables and return the result
return (
(
- set_session("admin_md5", generatePassString($passHash))
+ set_session('admin_md5', generatePassString($passHash))
) && (
- set_session("admin_login", $adminLogin)
+ set_session('admin_login', $adminLogin)
) && (
- set_session("admin_last", time())
+ set_session('admin_last', time())
) && (
- set_session("admin_to", bigintval($_POST['timeout']))
+ set_session('admin_to', bigintval($_POST['timeout']))
)
);
}
$OUT .= LOAD_TEMPLATE("admin_overview_row", true, $content);
// Which task do we actually have here?
+ // @TODO Rewrite this to something with include files
switch ($type)
{
case "EXTENSION": // Install new extensions
case "SUPPORT_MEMBER": // Assign on member's support request
switch ($mode)
{
- default: // Unknown support mode
+ default: // @TODO Unknown support mode
DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown support mode %s detected. This part is under construction!", $mode));
$OUT .= "<FONT class=\"admin_failed medium\">".ADMIN_UNKNOWN_SUPPORT_MODE_1.$mode.ADMIN_UNKNOWN_SUPPORT_MODE_2."</FONT>\n";
break;
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_DELETED_1.bigintval($_GET['id']).SPONSOR_DELETED_2);
} elseif (!empty($_POST['no'])) {
// Do not delete him...
- LOAD_URL(URL."/modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id']));
+ LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id']));
} else {
// Load data
list ($email, $gender, $sname, $fname) = SQL_FETCHROW($result);
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if ((!empty($_POST['uid'])) && (!empty($_POST['id'])))
-{
+if ((!empty($_POST['uid'])) && (!empty($_POST['id']))) {
// Update database...
// First user's account
- SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%s LIMIT 1",
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET nl_until=(UNIX_TIMESTAMP() + nl_timespan), nl_receive='N', nl_timespan=0 WHERE userid=%s LIMIT 1",
array(bigintval($_POST['uid'])), __FILE__, __LINE__);
// Next the task system...
// Output message to admin
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NL_MEMBER_DONE);
-}
- else
-{
- // Currently under construction!
+} else {
+ // @TODO Currently under construction!
LOAD_TEMPLATE("admin_settings_saved", false, UNDER_CONSTRUCTION);
}
+
//
?>
array(bigintval($_GET['id'])), __FILE__, __LINE__);
} elseif (!empty($_POST['no'])) {
// No don't lock / unlock now!
- LOAD_URL(URL."/modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id']));
+ LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id']));
} else {
// Create header and text messages
if ($status == "CONFIRMED") {
require_once(PATH."inc/modules/admin/what-del_user.php");
} elseif (!empty($_POST['no'])) {
// Do not lock him...
- $URL = URL."/modules.php?module=admin&what=list_user&u_id=".bigintval($_GET['u_id']);
+ $URL = "modules.php?module=admin&what=list_user&u_id=".bigintval($_GET['u_id']);
} else {
$result = SQL_QUERY_ESC("SELECT email, surname, family FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
$POST['default_theme'] = SQL_ESCAPE($_GET['default_theme']);
// Set session
- set_session("mxchange_theme", $POST['default_theme']);
+ set_session('mxchange_theme', $POST['default_theme']);
// Set it in config and current theme as well
global $currTheme;
// Generate output lines for the template
$OUT = ""; $SW = 2;
$result = SQL_QUERY("SELECT id, theme_path, theme_active, theme_ver, theme_name FROM `"._MYSQL_PREFIX."_themes` ORDER BY theme_path", __FILE__, __LINE__);
-if (SQL_NUMROWS($result) > 0)
-{
- while(list($id, $unix, $active, $ver, $name) = SQL_FETCHROW($result))
- {
+if (SQL_NUMROWS($result) > 0) {
+ while(list($id, $unix, $active, $ver, $name) = SQL_FETCHROW($result)) {
// Load theme in test mode
require(PATH."theme/".$unix."/theme.php");
OPEN_TABLE("500", "guest_login_header dashed", "center");
OUTPUT_HTML("<br /><strong>".VALIDATING_LOGIN."</strong><br />");
-if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime'))) {
+if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash'))) {
// Login failtures are supported since 0.4.7
// Do we have 0.4.7 of sql_patches or later?
$ADD = "";
SQL_FREERESULT($result);
// Change to new theme
- set_session("mxchange_theme", $data['curr_theme']);
+ set_session('mxchange_theme', $data['curr_theme']);
// Remmeber login failtures if available
if (GET_EXT_VERSION("sql_patches") >= "0.4.7") {
// Account confirmed!
if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
// Set special lead cookie
- set_session("lead_uid", bigintval($uid));
+ set_session('lead_uid', bigintval($uid));
// Lead-Code mode enabled
LOAD_URL("lead-confirm.php");
}
} elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
// Set special lead cookie
- set_session("lead_uid", bigintval($uid));
+ set_session('lead_uid', bigintval($uid));
// Lead-Code mode enabled
LOAD_URL("lead-confirm.php");
define('__UID', "0");
LOAD_TEMPLATE("guest_confirm_table");
}
-}
- elseif ((isset($_POST['ok'])) && (!empty($_POST['email'])))
-{
+} elseif ((isset($_POST['ok'])) && (!empty($_POST['email']))) {
// Confirmation link requested 0 1 2
$result = SQL_QUERY_ESC("SELECT userid, status, user_hash FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1",
- array($_POST['email']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ array($_POST['email']), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1) {
// Email address found
$DATA = SQL_FETCHROW($result);
switch ($DATA[1])
if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
+} elseif ((!EXT_IS_ACTIVE("user")) && (!IS_ADMIN())) {
+ ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "user");
+ return;
}
// Add description as navigation point
ADD_DESCR("guest", __FILE__);
-global $DATA, $FATAL;
+global $DATA, $ERROR;
-// Initialize data
-$probe_nickname = false; $uid = false; $hash = "";
-unset($login); unset($online);
+// Initialize variables
+$ERROR = 0;
+$probe_nickname = false;
+$uid = false;
+$hash = "";
+$URL = "";
+$ADD = "";
+// Already logged in?
if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) {
- // Already logged in?
+ // Maybe, then continue with it
$uid = $GLOBALS['userid'];
} elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) {
// Set userid and crypt password when login data was submitted
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".($_POST['id'] + 0)."") != $_POST['id']));
- if ($probe_nickname === true) {
+ if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($_POST['id']))) {
// Nickname entered
$uid = SQL_ESCAPE($_POST['id']);
} else {
$uid = 0; $hash = "";
}
-$URL = ""; $ADD = "";
// Set unset variables
if (empty($_POST['new_pass'])) $_POST['new_pass'] = "";
if (empty($_GET['login'])) $_GET['login'] = "";
if (IS_MEMBER()) {
// Login immidiately...
- $URL = URL."/modules.php?module=login";
+ $URL = "modules.php?module=login";
} elseif ((isset($_POST['ok'])) && ("".$uid."" != "".$_POST['id']."")) {
// Invalid input (no nickname extension installed but nickname entered)
$ERROR = CODE_EXTENSION_PROBLEM;
} elseif (isset($_POST['ok'])) {
- // Add last_login if available
- $LAST = "";
- if (GET_EXT_VERSION("sql_patches") >= "0.2.8") {
- $LAST = ", last_login";
- } // END - if
-
- // Check login data
- $password = ""; $uid2 = ""; $dmy = "";
- if ($probe_nickname === true) {
- // Nickname entered
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
- array($uid), __FILE__, __LINE__);
- list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
- if (!empty($uid2)) $uid = bigintval($uid2);
- } else {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
- array($uid, $hash), __FILE__, __LINE__);
- list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
- }
-
- // Is there an entry?
- if ((SQL_NUMROWS($result) == 1) && ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid))) {
- // Free result
- SQL_FREERESULT($result);
-
- // By default the hash is empty
- $hash = "";
-
- // Check for old MD5 passwords
- if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) {
- // Just set the hash to the password from DB... :)
- $hash = $password;
- } else {
- // Hash password with improved way for comparsion
- $hash = generateHash($_POST['password'], substr($password, 0, -40));
- }
-
- if ($hash == $password) {
- // New hashed password found so let's generate a new one
- $hash = generateHash($_POST['password']);
-
- // ... and update database
- SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
- array($hash, $uid), __FILE__, __LINE__);
-
- // No login bonus by default
- $BONUS = false;
-
- // Probe for last online timemark
- $probe = time() - $online;
- if (!empty($login)) $probe = time() - $login;
- if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= getConfig('login_timeout'))) {
- // Add login bonus to user's account
- $ADD = sprintf(", login_bonus=login_bonus+%s",
- (float)getConfig('login_bonus')
- );
- $BONUS = true;
-
- // Subtract login bonus from userid's account or jackpot
- if ((GET_EXT_VERSION("bonus") >= "0.3.5") && (getConfig('bonus_mode') != "ADD")) BONUS_POINTS_HANDLER('login_bonus');
- } // END - if
-
- // Init variables
- $life = "-1"; $login = false;
-
- // Secure lifetime from input form
- $l = bigintval($_POST['lifetime']);
-
- // Is the lifetime set?
- if ($l > 0) {
- // Calculate lifetime of cookies
- $life = time() + $l;
-
- // Calculate new hash with the secret key and master salt together
- $hash = generatePassString($hash);
-
- // Update cookies
- $login = (set_session("userid" , $uid , $life, COOKIE_PATH)
- && set_session("u_hash" , $hash, $life, COOKIE_PATH)
- && set_session("lifetime", $l , $life, COOKIE_PATH)
- );
-
- // Update global array
- $GLOBALS['userid'] = $uid;
- } else {
- // Check for login data
- $login = IS_MEMBER();
- }
-
- if ($login) {
- // Update database records
- SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1",
- array($uid), __FILE__, __LINE__);
- if (SQL_AFFECTEDROWS() == 1) {
- // Procedure to checking for login data
- if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) {
- // Bonus added (just displaying!)
- $URL = URL."/modules.php?module=chk_login&mode=bonus";
- } else {
- // Bonus not added
- $URL = URL."/modules.php?module=chk_login&mode=login";
- }
- } else {
- // Cannot update counter!
- $URL = URL."/modules.php?module=index&what=login&login=".CODE_CNTR_FAILED;
- }
- } else {
- // Cookies not setable!
- $URL = URL."/modules.php?module=index&what=login&login=".CODE_NO_COOKIES;
- }
- } elseif (GET_EXT_VERSION("sql_patches") >= "0.4.7") {
- // Update failture counter
- SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1",
- array($uid), __FILE__, __LINE__);
-
- // Wrong password!
- $ERROR = CODE_WRONG_PASS;
- }
- } elseif ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid)) {
- // Other account status?
- $result = SQL_QUERY_ESC("SELECT status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
- array($uid), __FILE__, __LINE__);
-
- // Entry found?
- if (SQL_NUMROWS($result) == 1) {
- // Load status
- list($status) = SQL_FETCHROW($result);
- switch ($status) {
- case "LOCKED":
- $ERROR = CODE_ID_LOCKED;
- break;
-
- case "UNCONFIRMED":
- $ERROR = CODE_ID_UNCONFIRMED;
- break;
-
- default:
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error status %s detected.", $status));
- $ERROR = CODE_UNKNOWN_STATUS;
- break;
- }
- } else {
- // ID not found!
- $ERROR = CODE_WRONG_ID;
- }
-
- // Construct URL
- $URL = URL."/modules.php?module=index&what=login&login=".$ERROR;
- } else {
- // ID not found!
- $ERROR = CODE_WRONG_ID;
- }
+ // Try the login (see inc/libs/user_functions.php)
+ $URL = USER_DO_LOGIN($_POST['id'], $_POST['password']);
} elseif ((!empty($_POST['new_pass'])) && (isset($uid))) {
- // Compile email when found in address (only secure chars!)
- if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']);
-
- // Set ID number when left empty
- if (empty($_POST['id'])) $_POST['id'] = 0;
-
- // Init result
- $result = false;
-
- // Probe userid/nickname
- if ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])) {
- // Nickname entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' OR email='%s' LIMIT 1",
- array($uid, $_POST['email']), __FILE__, __LINE__);
- } elseif (($uid > 0) && (empty($_POST['email']))) {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($uid)), __FILE__, __LINE__);
- } elseif (!empty($_POST['email'])) {
- // Email entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1",
- array($_POST['email']), __FILE__, __LINE__);
- } else {
- // Userid not set!
- DEBUG_LOG(__FILE__, __LINE__, "Userid is not set! BUG!");
- $ERROR = CODE_WRONG_ID;
- }
-
- // Any entry found?
- if (SQL_NUMROWS($result) == 1) {
- // This data is valid, so we create a new pass... :-)
- list($uid, $status) = SQL_FETCHROW($result);
-
- if ($status == "CONFIRMED") {
- // Ooppps, this was missing! ;-) We should update the database...
- $NEW_PASS = GEN_PASS();
- SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s LIMIT 1",
- array(generateHash($NEW_PASS), $uid), __FILE__, __LINE__);
-
- // Prepare data and message for email
- $msg = LOAD_EMAIL_TEMPLATE("new-pass", array('new_pass' => $NEW_PASS), $uid);
-
- // ... and send it away
- SEND_EMAIL($uid, GUEST_NEW_PASSWORD, $msg);
-
- // Output note to user
- LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND);
- } else {
- // Account is locked or unconfirmed
- switch ($status) {
- case "LOCKED" : $ERROR = CODE_ID_LOCKED; break;
- case "UNCONFIRMED": $ERROR = CODE_ID_UNCONFIRMED; break;
- default: // Unhandled account status!
- $ERROR = CODE_UNHANDLED_STATUS;
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Undhandled account status %s detected.", $status));
- break;
- }
-
- // Load URL
- LOAD_URL("modules.php?module=index&what=login&login=".$MSG);
- }
- } else {
- // ID or email is wrong
- LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"guest_failed\">".GUEST_WRONG_ID_EMAIL."</SPAN>");
- }
+ // Try the userid/email lookup (see inc/libs/user_functions.php)
+ $ERROR = USER_DO_NEW_PASSWORD($_POST['email'], $uid);
}
// Login problems?
// Login problems?
if (!empty($ERROR)) {
// Ok, which one now?
- $MSG = "<TR>
- <TD width=\"10\"> </TD>
- <TD colspan=\"7\" align=\"center\">
- <STRONG><SPAN class=\"guest_failed\">";
+ $MSG = "<tr>
+ <td width=\"10\" class=\"seperator\"> </td>
+ <td colspan=\"7\" align=\"center\">
+ <span class=\"guest_failed\">";
switch ($ERROR) {
case CODE_WRONG_PASS:
$MSG .= LOGIN_WRONG_ID;
break;
}
- $MSG .= "</SPAN></STRONG>
- </TD>
- <TD width=\"10\"> </TD>
-</TR>\n";
+ $MSG .= "</span>
+ </td>
+ <td width=\"10\" class=\"seperator\"> </td>
+</tr>\n";
define('LOGIN_FAILURE_MSG', $MSG);
} else {
// No problems, no output
// Was an URL constructed?
if (!empty($URL)) {
// URL was constructed
+ global $FATAL;
if (!empty($FATAL[0])) {
// Fatal errors!
require_once(PATH."inc/fatal_errors.php");
// Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
list($status) = SQL_FETCHROW($result);
if ($status == "CONFIRMED") {
- // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
- // seperate timeout for these two cookies?
- $life = (time() + getConfig('online_timeout'));
-
// Is confirmed so both is fine and we can continue with login procedure
- $login = ((setcookie("sponsorid" , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
- (setcookie("sponsorpass", md5($_POST['pass']) , $life, COOKIE_PATH)));
+ $login = ((set_session('sponsorid' , bigintval($_POST['sponsorid']))) &&
+ (set_session('sponsorpass', md5($_POST['pass']) ))
+ );
if ($login) {
// Cookie setup successfull so we can forward to sponsor area
- LOAD_URL(URL."/modules.php?module=sponsor");
+ LOAD_URL("modules.php?module=sponsor");
} else {
// Cookie setup failed!
LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
} elseif (!IS_MEMBER()) {
- $URL = URL."/modules.php?module=index";
- if ($check == "mem_only") $URL .= "&msg=".urlencode(LANG_MEM_ONLY_1.$GLOBALS['module'].LANG_MEM_ONLY_2);
+ $URL = "modules.php?module=index";
+ if ($check == "mem_only") $URL .= "&msg=".urlencode(LANG_MEM_ONLY_1.$GLOBALS['module'].LANG_MEM_ONLY_2);
LOAD_URL($URL);
}
if ($status != "CONFIRMED") {
// If the status is different than confirmed move the user away from here
- switch ($status)
- {
- case "LOCKED":
- $ERROR = CODE_ID_LOCKED;
- break;
-
- case "UNCONFIRMED":
- $ERROR = CODE_ID_UNCONFIRMED;
- break;
-
- default:
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown status %s detected.", $status));
- $ERROR = CODE_UNKNOWN_STATUS;
- break;
- }
+ $ERROR = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status);
// Load URL
- LOAD_URL(URL."/modules.php?module=index&login=".$ERROR);
+ LOAD_URL("modules.php?module=index&what=login&login=".$ERROR);
} // END - if
// Load adverstising template
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
} elseif (!IS_MEMBER()) {
- LOAD_URL(URL."/modules.php?module=index");
+ LOAD_URL("modules.php?module=index");
} elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) {
ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar");
return;
}
// Base URL for redirection (both cases)
-$URL = URL."/modules.php?module=index";
+$URL = "modules.php?module=index";
if (destroy_user_session()) {
// Remove theme cookie as well
set_session("mxchange_theme", "");
// Logout completed
- $URL .= "&msg=".CODE_LOGOUT_DONE;
+ $URL .= "&msg=".CODE_LOGOUT_DONE;
// Destroy session here
@session_destroy();
} else {
// Cannot logout! :-(
- $URL .= "&msg=".CODE_LOGOUT_FAILED;
+ $URL .= "&msg=".CODE_LOGOUT_FAILED;
}
// Load the URL
case "notify": // Switch off notfication
SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
- $URL = URL."/modules.php?module=login&what=welcome&msg=".urlencode(PROFILE_UPDATED);
+ $URL = "modules.php?module=login&what=welcome&msg=".urlencode(PROFILE_UPDATED);
break;
}
// Test submitted text against some filters (length, URLs in text etc.)
if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1)) {
// URL found!
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_FOUND;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_URL_FOUND;
} // END - if
// Remove new-line and carriage-return characters
// Text length within allowed length?
if (strlen($TEST) > getConfig('max_tlength')) {
// Text is too long!
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_OVERLENGTH;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_OVERLENGTH;
} // END - if
} // END - if
$_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200));
if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1)) {
// URL in subject found
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_SUBJ_URL;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_SUBJ_URL;
} // END - if
} // END - if
list($blist) = SQL_FETCHROW($result);
// Create redirect-URL
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_BLIST_URL."&blist=".$blist;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_BLIST_URL."&blist=".$blist;
} // END - if
// Free result
// Enougth receivers entered?
if (($_POST['receiver'] < getConfig('order_min')) && (!IS_ADMIN())) {
// Less than allowed receivers entered!
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS3;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS3;
} // END - if
// Validate URL
if (!VALIDATE_URL($_POST['url'])) {
// URL is invalid!
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_URL;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_INVALID_URL;
} // END - if
// Probe for HTML extension
$_POST['text'] = HTML_CHECK_TAGS($_POST['text']);
// Maybe invalid tags found?
- if (empty($_POST['text'])) $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_TAGS."&id=".$id;
+ if (empty($_POST['text'])) $URL = "modules.php?module=login&what=order&msg=".CODE_INVALID_TAGS."&id=".$id;
} else {
// Remove any HTML code
$_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text']));
}
} elseif (!IS_ADMIN()) {
// He has already sent a mail within a specific time
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_TLOCK."&id=".$id;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_URL_TLOCK."&id=".$id;
}
// Still no error?
}
// ID is received so we can redirect the user, used points will be added when he send's out the mail
- $URL = URL."/modules.php?module=frametester&order=".$id."";
+ $URL = "modules.php?module=frametester&order=".$id."";
} elseif ($MAX_SEND == 0) {
// Not enougth receivers found which can receive mails
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS2;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS2;
} else {
// No enougth points left!
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_POINTS;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_MORE_POINTS;
}
} else {
// Ordered more mails than he can send in this category
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_NO_RECS_LEFT;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_NO_RECS_LEFT;
}
}
} elseif ($_POST['receiver'] == "0") {
// Not enougth receivers selected
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS1;
+ $URL = "modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS1;
} elseif (($ALLOWED == 0) && (getConfig('order_max_full') == "ORDER")) {
// No more mail orders allowed
LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_ORDER_ALLOWED_EXHAUSTED);
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
} elseif (!IS_MEMBER()) {
- LOAD_URL(URL."/modules.php?module=index");
+ LOAD_URL("modules.php?module=index");
} elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) {
ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "sponsor");
return;
require($INC);
} elseif (!IS_MEMBER()) {
// Redirect
- LOAD_URL(URL."/modules.php?module=index");
+ LOAD_URL("modules.php?module=index");
} elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) {
ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar");
return;
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
} elseif (!IS_MEMBER()) {
- LOAD_URL(URL."/modules.php?module=index");
+ LOAD_URL("modules.php?module=index");
} elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) {
ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar");
return;
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
} elseif (!IS_MEMBER()) {
- LOAD_URL(URL."/modules.php?module=index");
+ LOAD_URL("modules.php?module=index");
} elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) {
ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar");
return;
$newTheme = SQL_ESCAPE($_POST['member_theme']);
// Change to new theme
- set_session("mxchange_theme", $newTheme);
+ set_session('mxchange_theme', $newTheme);
// Theme saved!
LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_THEME_SAVED);
return;
} elseif (!IS_MEMBER()) {
// Sorry, no guest access!
- $URL = URL."/modules.php?module=index";
+ $URL = "modules.php?module=index";
} elseif (empty($_GET['order'])) {
// You cannot call this module directly!
- $URL = URL."/modules.php?module=login&what=order";
+ $URL = "modules.php?module=login&what=order";
}
// When URL is empty nothing bad happend here
LOAD_TEMPLATE("member_order-back", false);
} else {
// Matching line not found or already "placed" in send queue
- LOAD_URL(URL."/modules.php?module=login");
+ LOAD_URL("modules.php?module=login");
}
} else {
// Redirect...
status, receive_warnings
FROM "._MYSQL_PREFIX."_sponsor_data
WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Load sponsor data
$content = SQL_FETCHARRAY($result);
if (empty($_POST['pass_old'])) {
// No current password entered
$MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
- } elseif (md5($_POST['pass_old']) != $_COOKIE['sponsorpass']) {
+ } elseif (md5($_POST['pass_old']) != get_session('sponsorpass')) {
// Entered password didn't match password in DB
$MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
} elseif ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] != $_POST['pass2'])) {
}
} else {
// Sponsor account not found!
- $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2);
+ $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.get_session('sponsorid').SPONSOR_ACCOUNT_404_2);
}
// Free memory
$result = SQL_QUERY_ESC("SELECT status, receive_warnings, warning_interval, email, surname, family, gender
FROM "._MYSQL_PREFIX."_sponsor_data
WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Load sponsor data
$content = SQL_FETCHARRAY($result);
if (empty($_POST['password'])) {
// No current password entered
$MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
- } elseif (md5($_POST['password']) != $_COOKIE['sponsorpass']) {
+ } elseif (md5($_POST['password']) != get_session('sponsorpass')) {
// Entered password didn't match password in DB
$MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
} else {
}
} else {
// Sponsor account not found!
- $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2);
+ $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.get_session('sponsorid').SPONSOR_ACCOUNT_404_2);
}
// Free memory
$result = SQL_QUERY_ESC("SELECT gender, surname, family, (points_amount - points_used) AS points
FROM "._MYSQL_PREFIX."_sponsor_data
WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
list($gender, $surname, $family, $points) = SQL_FETCHROW($result);
// Free memory
}
}
//
-function IS_MEMBER()
-{
+function IS_MEMBER () {
global $status, $LAST, $cacheArray;
if (!is_array($LAST)) $LAST = array();
$ret = false;
} // END - if
// Fix "deleted" cookies first
- FIX_DELETED_COOKIES(array('userid','u_hash','lifetime'));
+ FIX_DELETED_COOKIES(array('userid', 'u_hash'));
// Are cookies set?
- if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH')))
- {
+ if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) {
// Cookies are set with values, but are they valid?
$result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
- array($GLOBALS['userid']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1) {
// Load data from cookies
list($password, $status, $mod, $onl) = SQL_FETCHROW($result);
$valPass = generatePassString($password);
// Transfer last module and online time
- if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
+ if ((!empty($mod)) && (empty($LAST['module']))) {
+ $LAST['module'] = $mod;
+ $LAST['online'] = $onl;
+ } // END - if
// So did we now have valid data and an unlocked user?
//* DEBUG: */ echo $valPass."<br />".get_session('u_hash')."<br />";
// Maybe got locked etc.
//* DEBUG: */ echo __LINE__."!!!<br />";
destroy_user_session();
-
- // Reset userid
- $GLOBALS['userid'] = 0;
}
} else {
// Cookie data is invalid!
//* DEBUG: */ echo __LINE__."***<br />";
destroy_user_session();
-
- // Reset userid
- $GLOBALS['userid'] = 0;
}
// Free memory
// Cookie data is invalid!
//* DEBUG: */ echo __LINE__."///<br />";
destroy_user_session();
-
- // Reset userid
- $GLOBALS['userid'] = 0;
}
// Cache status
// Is the index page configured for redirect pr not?
if (getConfig('index_cookie') > 0) {
// Set cookie and remeber it for specified time
- set_session("visited", "true");
+ set_session('visited', "true");
} elseif (isSessionVariableSet('visited')) {
// Remove cookie when admin set 0 in setup
- set_session("visited", "");
+ set_session('visited', "");
}
// Template laden
switch (getConfig('refid_target'))
{
case "register":
- $URL = URL."/modules.php?module=index&what=register&refid=";
+ $URL = "modules.php?module=index&what=register&refid=";
break;
case "index":
- $URL = URL."/index.php?refid=";
+ $URL = "index.php?refid=";
break;
}
} // END - if
} else {
// No refid and we add our refid (don't forget to set $def_refid!)
- $URL = URL."/index.php";
+ $URL = "index.php";
}
// Load the URL
// Is the script installed?
if (isBooleanConstantAndTrue('mxchange_installed')) {
// Base URL for redirection
- $URL = URL."/modules.php?module=index&what=sponsor_login&hash=";
+ $URL = "modules.php?module=index&what=sponsor_login&hash=";
if (empty($_GET['hash'])) {
// No refid and we add our refid (don't forget to set $def_refid!)
- $URL = URL."/modules.php?module=index";
+ $URL = "modules.php?module=index";
} else {
// We have an refid here. So we simply add it
$URL .= SQL_ESCAPE($_GET['hash']);
// Redirection should be done here
} else {
// You have to configure first!
- LOAD_URL(URL."/install.php");
+ LOAD_URL("install.php");
}
// Really all done here... ;-)
// Redirect only to registration page when this script is installed
if (defined('mxchange_installed') && (isBooleanConstantAndTrue(mxchange_installed))) {
// Base URL for redirection
- $URL = URL."/modules.php?module=index&what=sponsor_reg&refid=";
+ $URL = "modules.php?module=index&what=sponsor_reg&refid=";
// Get referal ID from ref or refid variable
$ref = 0;
$URL .= $ref;
} else {
// No refid so we redirect to the index page
- $URL = URL."/index.php";
+ $URL = "index.php";
}
// Load the URL
// Redirection should be done here
} else {
// You have to configure first!
- LOAD_URL(URL."/install.php");
+ LOAD_URL("install.php");
}
// Really all done here... ;-)
// Only logged in users may use this surfbar!
if (!EXT_IS_ACTIVE("surfbar")) {
// Surfbar deactivated
- LOAD_URL(URL."/modules.php?module=login&msg=".CODE_EXTENSION_PROBLEM."&ext=surfbar");
+ LOAD_URL("modules.php?module=login&msg=".CODE_EXTENSION_PROBLEM."&ext=surfbar");
} elseif (!IS_MEMBER()) {
// Redirect
- LOAD_URL(URL."/modules.php?module=index");
+ LOAD_URL("modules.php?module=index");
}
// Handle tasks on self-maintenance
projects / mailer.git / commitdiff