Newer sponsor scripts found in backup\! :D :D

diff --git a/.gitattributes b/.gitattributes
index 2b14e244a2f836ff66eff6c9a16e3759e357e95a..f81ab98f4d231d019ce4cb81adbc84984ef8660c 100644 (file)
--- a/.gitattributes
+++ b/.gitattributes
@@ -370,7 +370,6 @@ inc/modules/guest/action-main.php -text
 inc/modules/guest/action-members.php -text
 inc/modules/guest/action-online.php -text
 inc/modules/guest/action-sponsor.php -text
-inc/modules/guest/action-sponsors.php -text
 inc/modules/guest/action-themes.php -text
 inc/modules/guest/what- -text
 inc/modules/guest/what-active.php -text
@@ -441,6 +440,11 @@ inc/modules/member/what-welcome.php -text
 inc/modules/member/what-wernis.php -text
 inc/modules/order.php -text
 inc/modules/sponsor.php -text
+inc/modules/sponsor/.htaccess -text
+inc/modules/sponsor/.php -text
+inc/modules/sponsor/account.php -text
+inc/modules/sponsor/settings.php -text
+inc/modules/sponsor/welcome.php -text
 inc/modules/welcome.php -text
 inc/monthly/.htaccess -text
 inc/monthly/monthly_ -text

diff --git a/inc/extensions/ext-sponsor.php b/inc/extensions/ext-sponsor.php
index 37d3c071937aa0f67e6a13017bb9a9d11f2b2eb8..d704b522b9564743fb46e48fd992d6b936c1fa37 100644 (file)
--- a/inc/extensions/ext-sponsor.php
+++ b/inc/extensions/ext-sponsor.php
@@ -52,8 +52,11 @@ case "register": // Do stuff when installtion is running (modules.php?module=adm
        //
        // SQL commands to run
        //
-       if (EXT_IS_ACTIVE("repair"))
-       {
+       //if (EXT_IS_ACTIVE("repair"))
+       //{
+               // Try to make it depend on repair
+               $EXT_UPDATE_DEPENDS = "repair";
+
                //
                // Sponsor data
                //
@@ -368,12 +371,12 @@ PRIMARY KEY(id)
 
                // Load CSS file
                $EXT_CSS = "Y";
-       }
-        else
-       {
-               // Sponsor extension depends now on repair extension!
-               $SQLs[] = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE ext_name='sponsor' LIMIT 1";
-       }
+       //}
+       // else
+       //{
+       //      // Sponsor extension depends now on repair extension!
+       //      $SQLs[] = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE ext_name='sponsor' LIMIT 1";
+       //}
        break;
 
 case "remove": // Do stuff when removing extension

diff --git a/inc/libs/output_functions.php b/inc/libs/output_functions.php
index ab24e8fb3e4d0b3972af97ba10248ba35c93d52a..9b5be757323c57b63af559b145b69e3ac8d1aeca 100644 (file)
--- a/inc/libs/output_functions.php
+++ b/inc/libs/output_functions.php
@@ -38,30 +38,26 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
        require($INC);
 }
 // Add HTML to the output stream
-class HTMLParser
-{
+class HTMLParser {
 
 // Initializer
-function HTMLParser()
-{
+function HTMLParser() {
 }
 
 // Add HTML-Code to buffer
-function add_html ($HTML, $NEW_LINE = true)
-{
+function add_html ($HTML, $NEW_LINE = true) {
        global $OUTPUT;
 }
+
 // Compiles HTML code
-function compile_html($code, $simple=false)
-{
+function compile_html($code, $simple=false) {
        global $SEC_CHARS;
 
        // Compile constants
        $code = str_replace('{--', '".', str_replace('--}', '."', $code));
 
        // Compile QUOT and other non-HTML codes
-       foreach ($SEC_CHARS['to'] as $k=>$from)
-       {
+       foreach ($SEC_CHARS['to'] as $k=>$from) {
                // Do the reversed thing as in inc/libs/security_functions.php
                $code = str_replace($from, $SEC_CHARS['from'][$k], $code);
        }
@@ -72,6 +68,7 @@ function compile_html($code, $simple=false)
        // Return compiled code
        return $code;
 }
+
 // Load a template file and return it's content (only it's name; do not use ' or ")
 function get_template ($template, $return=false, $content="")
 {
@@ -79,8 +76,7 @@ function get_template ($template, $return=false, $content="")
        global $DATA, $ACTION, $WHAT;
        $REFID = bigintval(get_session('refid'));
 
-       if ($template == "member_support_form")
-       {
+       if ($template == "member_support_form") {
                // Support request of a member
                $ID = bigintval($GLOBALS['userid']);
                $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__);
@@ -94,56 +90,44 @@ function get_template ($template, $return=false, $content="")
        $MODE = "";
 
        // Check for admin/guest/member templates
-       if (strpos($template, "admin_") > -1)
-       {
+       if (strpos($template, "admin_") > -1) {
                // Admin template found
                $MODE = "admin/";
-       }
-        elseif (strpos($template, "guest_") > -1)
-       {
+       } elseif (strpos($template, "guest_") > -1) {
                // Guest template found
                $MODE = "guest/";
-       }
-        elseif (strpos($template, "member_") > -1)
-       {
+       } elseif (strpos($template, "member_") > -1) {
                // Member template found
                $MODE = "member/";
-       }
-        elseif (strpos($template, "install_") > -1)
-       {
+       } elseif (strpos($template, "install_") > -1) {
                // Installation template found
                $MODE = "install/";
-       }
-        elseif (strpos($template, "mailid_") > -1)
-       {
+       } elseif (strpos($template, "mailid_") > -1) {
                // Mail confirmation template found
                $MODE = "mailid/";
        }
 
        // Generate file name
        $file = $BASE.$MODE.$template.".tpl";
-       if ((!empty($HTTP_GET_VARS['what'])) && ((strpos($template, "_header") > 0) || (strpos($template, "_footer") > 0)) && (($MODE == "guest/") || ($MODE == "member/") || ($MODE == "admin/")))
-       {
+       if ((!empty($_GET['what'])) && ((strpos($template, "_header") > 0) || (strpos($template, "_footer") > 0)) && (($MODE == "guest/") || ($MODE == "member/") || ($MODE == "admin/"))) {
                // Select what depended header/footer template file for admin/guest/member area
-               $file2 = $BASE.$MODE.$template."_".$HTTP_GET_VARS['what'].".tpl";
+               $file2 = sprintf("%s%s%s_%s.tpl", $BASE, $MODE, $template, SQL_ESCAPE($_GET['what']));
 
                // Probe for it...
-               if (file_exists($file2)) $file = $file2;
+               if ((file_exists($file2)) && (is_readable($file2))) $file = $file2;
 
                // Remove variable from memory
                unset($file2);
        }
 
        // Does the special template exists?
-       if (!file_exists($file))
-       {
+       if ((!file_exists($file)) || (!is_readable($file))) {
                // Reset to default template
                $file = PATH."templates/".GET_LANGUAGE()."/html/".$template.".tpl";
        }
 
        // Now does the final template exists?
-       if (file_exists($file))
-       {
+       if ((file_exists($file)) && (is_readable($file))) {
                // The local file does exists so we load it. :)
                $tmpl_file = implode("", file($file));
                $tmpl_file = str_replace("'", '{QUOT}', $tmpl_file);
@@ -151,21 +135,17 @@ function get_template ($template, $return=false, $content="")
                // Compile and run code
                $ret = COMPILE_CODE(addslashes($tmpl_file), false, true);
                $ret = "<!-- Template ".$template." - Start -->\n".$ret."<!-- Template ".$template." - End -->\n";
-       }
-        elseif (IS_ADMIN())
-       {
+       } elseif (IS_ADMIN()) {
                // Only admins shall see this warning
                $ret = "<br /><SPAN class=\"guest_failed\">".TEMPLATE_404."</SPAN><br />
 (".basename($file).")
 <br /><br />";
        }
-       if ($return)
-       {
+
+       if ($return) {
                // Return the HTML code
                return $ret;
-       }
-        else
-       {
+       } else {
                // Output directly
                $this->add_html ($ret);
        }
@@ -173,5 +153,6 @@ function get_template ($template, $return=false, $content="")
 
        // END OF CLASS
 }
+
 //
 ?>

diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php
index ac2324e567f05bb68cf33bf4a7f66003e5d37b96..e0c63d5316edbbd00164ae6d7fe890aefe552253 100644 (file)
--- a/inc/libs/sponsor_functions.php
+++ b/inc/libs/sponsor_functions.php
@@ -39,7 +39,6 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 //
 function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
 {
-       global $HTTP_GET_VARS, $_SERVER, $_COOKIE;
        $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false;
        $ret = "unused";
 
@@ -82,7 +81,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
                                                SQL_FREERESULT($result);
 
                                                // Yes, he is!
-                                               if (($HTTP_GET_VARS['what'] == "add_sponsor") || ($NO_UPDATE))
+                                               if (($_GET['what'] == "add_sponsor") || ($NO_UPDATE))
                                                {
                                                        // Already found!
                                                        $ALREADY = true;
@@ -171,7 +170,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 
                        // Remove last ", " from SQL string
                        $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
-                       $DATA['values'][] = bigintval($HTTP_GET_VARS['id']);
+                       $DATA['values'][] = bigintval($_GET['id']);
 
                        // Generate message
                        $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
@@ -182,7 +181,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
                        // Add new sponsor, first add more data
                        $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
                        $DATA['keys'][] = "status";
-                       if ((!$NO_UPDATE) && (IS_ADMIN()) && ($HTTP_GET_VARS['what'] == "add_sponsor"))
+                       if ((!$NO_UPDATE) && (IS_ADMIN()) && ($_GET['what'] == "add_sponsor"))
                        {
                                // Only allowed for admin
                                $DATA['values'][] = "PENDING";
@@ -421,7 +420,7 @@ ORDER BY sort", array($action), __FILE__, __LINE__);
 //
 function GENERATE_SPONSOR_CONTENT($what)
 {
-       global $HTTP_POST_VARS, $HTTP_GET_VARS, $CONFIG;
+       global $HTTP_POST_VARS, $_GET, $CONFIG;
        $FILE = PATH."inc/modules/sponsor/".$what.".php";
        $OUT = "";
        if (@file_exists($FILE))
@@ -470,7 +469,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
 //
 function SPONSOR_SAVE_DATA($POST, $content)
 {
-       global $_COOKIE, $_SERVER, $HTTP_GET_VARS;
+       global $_COOKIE, $_SERVER, $_GET;
        $EMAIL = false;
 
        // Unsecure data which we don't want
@@ -542,7 +541,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
        $DATA[] = $_COOKIE['sponsorpass'];
 
        // Saving data was completed... ufff...
-       switch ($HTTP_GET_VARS['what'])
+       switch ($_GET['what'])
        {
        case "account": // Change account data
                if ($EMAIL)
@@ -571,7 +570,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
                break;
 
        default: // Unknown sponsor what value!
-               $MSG = SPONSOR_UNKNOWN_WHAT_1.$HTTP_GET_VARS['what'].SPONSOR_UNKNOWN_WHAT_2;
+               $MSG = SPONSOR_UNKNOWN_WHAT_1.$_GET['what'].SPONSOR_UNKNOWN_WHAT_2;
                $templ = ""; $subj = "";
                break;
        }
@@ -613,7 +612,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
                                // to the old address
 
                                // First to old address
-                               switch ($HTTP_GET_VARS['what'])
+                               switch ($_GET['what'])
                                {
                                case "account": // Change account data
                                        $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);

diff --git a/inc/modules/admin/action-setup.php b/inc/modules/admin/action-setup.php
index 5cf0b0c60fa7ac48a059759a82d29fb388076371..2e62585b9539a7674e064f26babd3f4e4bfeb0d3 100644 (file)
--- a/inc/modules/admin/action-setup.php
+++ b/inc/modules/admin/action-setup.php
@@ -43,14 +43,12 @@ ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
 $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
-if (file_exists($INC))
-{
+if (file_exists($INC)) {
        // Ok, we finally load the admin action module
        include($INC);
-}
- else
-{
+} else {
        ADD_FATAL(ADMIN_404_ACTION_1.$GLOBALS['what'].ADMIN_404_ACTION_2);
 }
+
 //
 ?>

diff --git a/inc/modules/admin/action-sponsor.php b/inc/modules/admin/action-sponsor.php
index 0306396d08bacb0bf450535068442c600cf0b364..b4cbba35c9187ff151e9bd89a39ed68a06d291ce 100644 (file)
--- a/inc/modules/admin/action-sponsor.php
+++ b/inc/modules/admin/action-sponsor.php
@@ -41,15 +41,12 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = PATH."inc/modules/admin/what-".$what.".php";
-if (file_exists($INC))
-{
+$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+if (file_exists($INC)) {
        // Ok, we finally load the admin action module
        include($INC);
-}
- else
-{
-       $FATAL[] = ADMIN_404_ACTION_1.$what.ADMIN_404_ACTION_2;
+} else {
+       $FATAL[] = ADMIN_404_ACTION_1.$GLOBALS['what'].ADMIN_404_ACTION_2;
 }
 //
 ?>

diff --git a/inc/modules/admin/what-add_sponsor.php b/inc/modules/admin/what-add_sponsor.php
index 07767a67af5e594976b1e308a75c6edb4f1dbcd3..2d056ebce741d85f908585cb97931c512681077f 100644 (file)
--- a/inc/modules/admin/what-add_sponsor.php
+++ b/inc/modules/admin/what-add_sponsor.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 04/03/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * M-XChange v0.2.1                                   Start: 04/03/2005 *
+ * ================                             Last change: 05/19/2008 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-add_sponsor.php                             *
@@ -31,26 +31,24 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
+
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-if (isset($HTTP_POST_VARS['ok']))
-{
+if (isset($_POST['ok'])) {
        // Save sponsor in database
-       SPONSOR_HANDLE_SPONSOR($HTTP_POST_VARS);
-}
- else
-{
+       SPONSOR_HANDLE_SPONSOR($_POST);
+} else {
        // Prepare constants for the template
        define('__SPONSOR_MIN_VALUE', $CONFIG['sponsor_min_points']);
 
        // Output form
        LOAD_TEMPLATE("admin_add_sponsor");
 }
+
 //
 ?>

diff --git a/inc/modules/admin/what-config_sponsor.php b/inc/modules/admin/what-config_sponsor.php
index 22185a82b85aa65e3161cd5b638a807f36755a66..dc81d948a91d5c1daafd365d73bd19b072128c4c 100644 (file)
--- a/inc/modules/admin/what-config_sponsor.php
+++ b/inc/modules/admin/what-config_sponsor.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 12/21/2004 *
- * ===============                              Last change: 12/21/2004 *
+ * M-XChange v0.2.1                                   Start: 12/21/2004 *
+ * ================                             Last change: 12/21/2004 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-config_title.php                            *
@@ -31,25 +31,22 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
+
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-if (isset($HTTP_POST_VARS['ok']))
-{
+if (isset($_POST['ok'])) {
        // Allow only direct points (non-floating)
-       $HTTP_POST_VARS['sponsor_min_points'] = bigintval($HTTP_POST_VARS['sponsor_min_points']);
-       $HTTP_POST_VARS['sponsor_ref_points'] = bigintval($HTTP_POST_VARS['sponsor_ref_points']);
+       $_POST['sponsor_min_points'] = bigintval($_POST['sponsor_min_points']);
+       $_POST['sponsor_ref_points'] = bigintval($_POST['sponsor_ref_points']);
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($HTTP_POST_VARS, "_config", "config='0'");
-}
- else
-{
+       ADMIN_SAVE_SETTINGS($_POST);
+} else {
        // Remember config data in constants for the template
        define('__SPONSOR_MIN_POINTS', $CONFIG['sponsor_min_points']);
        define('__SPONSOR_REF_POINTS', $CONFIG['sponsor_ref_points']);
@@ -57,5 +54,6 @@ if (isset($HTTP_POST_VARS['ok']))
        // Load template
        LOAD_TEMPLATE("admin_config_sponsor");
 }
+
 //
 ?>

diff --git a/inc/modules/admin/what-del_sponsor.php b/inc/modules/admin/what-del_sponsor.php
index 0bd3444b15c9493240f78bdf04b038c11d0291f9..d0140fc149c098ab2cdb80d342d05a6c395edd59 100644 (file)
--- a/inc/modules/admin/what-del_sponsor.php
+++ b/inc/modules/admin/what-del_sponsor.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 04/24/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * M-XChange v0.2.1                                   Start: 04/24/2005 *
+ * ================                             Last change: 05/19/2008 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-del_sponsor.php                             *
@@ -31,8 +31,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -40,46 +39,42 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-if (!empty($HTTP_GET_VARS['id']))
-{
+if (!empty($_GET['id']))) {
        // Check for selected sponsor
        $result = SQL_QUERY_ESC("SELECT email, salut, surname, family FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1",
-        array($HTTP_GET_VARS['id']), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
+        array(bigintval($_GET['id'])), __FILE__, __LINE__);
+       if (SQL_NUMROWS($result) == 1) {
                // Remove sponsor
-               if (isset($HTTP_POST_VARS['ok']))
-               {
+               if (isset($_POST['ok'])) {
                        // Load data and remember it in constants
                        list($email, $salut, $surname, $family) = SQL_FETCHROW($result);
+
+                       // Free result
                        SQL_FREERESULT($result);
+
                        define('__EMAIL'  , $email);
                        define('__SALUT'  , TRANSLATE_SEX($salut));
                        define('__SURNAME', $surname);
                        define('__FAMILY' , $family);
 
                        // Prepare message and send it away
-                       $msg = LOAD_EMAIL_TEMPLATE("del_sponsor", $HTTP_POST_VARS['reason'], $HTTP_GET_VARS['id']);
+                       $msg = LOAD_EMAIL_TEMPLATE("del_sponsor", $_POST['reason'], bigintval($_GET['id']));
                        SEND_EMAIL($email, SPONSOR_ADMIN_DEL_SUBJECT, $msg);
 
                        // Remove account
                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1",
-                        array(bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+                        array(bigintval($_GET['id'])), __FILE__, __LINE__);
 
                        // Remove orders
                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_sponsor_orders WHERE sponsorid='%s' LIMIT 1",
-                        array(bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+                        array(bigintval($_GET['id'])), __FILE__, __LINE__);
 
                        // Output message
-                       LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_DELETED_1.$HTTP_GET_VARS['id'].SPONSOR_DELETED_2);
-               }
-                elseif (!empty($HTTP_POST_VARS['no']))
-               {
+                       LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_DELETED_1.bigintval($_GET['id']).SPONSOR_DELETED_2);
+               } elseif (!empty($_POST['no'])) {
                        // Do not delete him...
-                       LOAD_URL(URL."/modules.php?module=admin&amp;what=list_sponsor&amp;id=".$HTTP_GET_VARS['id']);
-               }
-                else
-               {
+                       LOAD_URL(URL."/modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval($_GET['id']));
+               } else {
                        // Load data
                        list ($email, $salut, $sname, $fname) = SQL_FETCHROW($result);
 
@@ -88,20 +83,16 @@ if (!empty($HTTP_GET_VARS['id']))
                        define('__SNAME', $sname);
                        define('__FNAME', $fname);
                        define('__SALUT', TRANSLATE_SEX($salut));
-                       define('__UID'  , $HTTP_GET_VARS['id']);
+                       define('__UID'  , bigintval($_GET['id']));
 
                        // Display form
                        LOAD_TEMPLATE("admin_del_sponsor");
                }
-       }
-        else
-       {
+       } else {
                // Sponsor not found!
-               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['id'].ADMIN_SPONSOR_404_2);
+               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.bigintval($_GET['id']).ADMIN_SPONSOR_404_2);
        }
-}
- else
-{
+} else {
        // Not called by what-list_sponsor.php
        LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_CALL_NOT_DIRECTLY);
 }

diff --git a/inc/modules/admin/what-edit_sponsor.php b/inc/modules/admin/what-edit_sponsor.php
index 005abac287b3bd772d6a1d1fbce952b3af5937a6..fc3d280ea6744c6d615cd08e010b42ff671383ea 100644 (file)
--- a/inc/modules/admin/what-edit_sponsor.php
+++ b/inc/modules/admin/what-edit_sponsor.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 04/24/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * M-XChange v0.2.1                                   Start: 04/24/2005 *
+ * ================                             Last change: 05/12/2005 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-edit_sponsor.php                            *
@@ -31,8 +31,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -40,20 +39,18 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-if ((!empty($HTTP_GET_VARS['id'])) && (!empty($HTTP_GET_VARS['mode'])))
-{
+if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
        // Check for selected sponsor
        $result = SQL_QUERY_ESC("SELECT company, position, salut, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, receive_warnings, warning_interval FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1",
-        array($HTTP_GET_VARS['id']), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
+        array(bigintval($_GET['id'])), __FILE__, __LINE__);
+       if (SQL_NUMROWS($result) == 1) {
                // Load sponsor details
                $DATA = SQL_FETCHARRAY($result);
                SQL_FREERESULT($result);
 
                // Prepare all data for the template
                //  Sponsor's ID
-               define('__SPONSOR_ID' , $HTTP_GET_VARS['id']);
+               define('__SPONSOR_ID' , bigintval($_GET['id']));
                //  Company's data
                define('__COMPANY'    , $DATA['company']);
                define('__POSITION'   , $DATA['position']);
@@ -96,60 +93,56 @@ if ((!empty($HTTP_GET_VARS['id'])) && (!empty($HTTP_GET_VARS['mode'])))
                define('__REC_WARNING', ADD_SELECTION("yn", $DATA['receive_warnings'], "receive_warning"));
                define('__INTERVAL'   , CREATE_TIME_SELECTIONS($DATA['warning_interval'], "warning_interval", "MWDh"));
 
+               // Init variables here
+               $TPL = sprintf("admin_edit_sponsor_%s", SQL_ESCAPE($_GET['mode']));
+               $SQLs = array();
+
                // Sponsor was found
-               $TPL = "admin_edit_sponsor_".$HTTP_GET_VARS['mode']; $SQLs = array();
-               if ((isset($HTTP_POST_VARS['ok'])) || (isset($HTTP_POST_VARS['edit'])))
-               {
+               if ((isset($_POST['ok'])) || (isset($_POST['edit']))) {
                        // Perform action on mode
-                       switch ($HTTP_GET_VARS['mode'])
+                       switch ($_GET['mode'])
                        {
                        case "add_points": // Add points
-                               if (strval($HTTP_POST_VARS['points']) > 0)
-                               {
+                               if (strval($_POST['points']) > 0) {
                                        // Replace german decimal comma with computer's decimal dot
-                                       $POINTS = strval(str_replace(",", ".", $HTTP_POST_VARS['points']));
+                                       $POINTS = strval(str_replace(",", ".", $_POST['points']));
 
                                        // Add points to account
                                        $result_add = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET points_amount=points_amount+%s WHERE id='%s' LIMIT 1",
-                                        array($POINTS, bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+                                        array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
 
                                        // Remember points /reason for the template
                                        define('__POINTS' , TRANSLATE_COMMA($POINTS));
-                                       define('__REASON' , $HTTP_POST_VARS['reason']);
+                                       define('__REASON' , $_POST['reason']);
 
                                        // Send email
-                                       $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $HTTP_POST_VARS['reason'], true);
+                                       $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $_POST['reason'], true);
                                        SEND_EMAIL(__EMAIL, SPONSOR_ADMIN_ADD_POINTS, $msg);
                                        $MSG = ADMIN_SPONSOR_POINTS_ADDED;
-                               }
-                                else
-                               {
+                               } else {
                                        // No points entered to add!
                                        $MSG = ADMIN_SPONSPOR_NO_POINTS_TO_ADD;
                                }
                                break;
 
                        case "sub_points": // Subtract points
-                               if (strval($HTTP_POST_VARS['points']) > 0)
-                               {
+                               if (strval($_POST['points']) > 0) {
                                        // Replace german decimal comma with computer's decimal dot
-                                       $POINTS = strval(str_replace(",", ".", $HTTP_POST_VARS['points']));
+                                       $POINTS = strval(str_replace(",", ".", $_POST['points']));
 
                                        // Add points to account
                                        $result_add = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET points_used=points_used+%s WHERE id='%s' LIMIT 1",
-                                        array($POINTS, bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+                                        array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
 
                                        // Remember points /reason for the template
                                        define('__POINTS' , TRANSLATE_COMMA($POINTS));
-                                       define('__REASON' , $HTTP_POST_VARS['reason']);
+                                       define('__REASON' , $_POST['reason']);
 
                                        // Send email
-                                       $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $HTTP_POST_VARS['reason'], true);
+                                       $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $_POST['reason'], true);
                                        SEND_EMAIL(__EMAIL, SPONSOR_ADMIN_SUB_POINTS, $msg);
                                        $MSG = ADMIN_SPONSOR_POINTS_SUBTRACTED;
-                               }
-                                else
-                               {
+                               } else {
                                        // No points entered to add!
                                        $MSG = ADMIN_SPONSPOR_NO_POINTS_TO_SUBTRACT;
                                }
@@ -157,58 +150,48 @@ if ((!empty($HTTP_GET_VARS['id'])) && (!empty($HTTP_GET_VARS['mode'])))
 
                        case "edit": // Edit sponsor account
                                $PASS = true;
-                               if (($HTTP_POST_VARS['pass1'] != $HTTP_POST_VARS['pass2']) || ((empty($HTTP_POST_VARS['pass1'])) && (empty($HTTP_POST_VARS['pass1']))))
-                               {
+                               if (($_POST['pass1'] != $_POST['pass2']) || ((empty($_POST['pass1'])) && (empty($_POST['pass1'])))) {
                                        // Remove passwords
-                                       unset($HTTP_POST_VARS['pass1']);
-                                       unset($HTTP_POST_VARS['pass2']);
+                                       unset($_POST['pass1']);
+                                       unset($_POST['pass2']);
                                        $PASS = false;
                                }
-                               SPONSOR_HANDLE_SPONSOR($HTTP_POST_VARS);
+                               SPONSOR_HANDLE_SPONSOR($_POST);
 
                                // Convert some data for the email template
-                               $HTTP_POST_VARS['salut'] = TRANSLATE_SEX($HTTP_POST_VARS['salut']);
-                               $HTTP_POST_VARS['warning_interval'] = CREATE_FANCY_TIME($HTTP_POST_VARS['warning_interval']);
-                               if (!$PASS) $HTTP_POST_VARS['pass1'] = SPONSOR_PASS_UNCHANGED;
+                               $_POST['salut'] = TRANSLATE_SEX($_POST['salut']);
+                               $_POST['warning_interval'] = CREATE_FANCY_TIME($_POST['warning_interval']);
+                               if (!$PASS) $_POST['pass1'] = SPONSOR_PASS_UNCHANGED;
 
                                // Load email template and send the mail away
-                               $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $HTTP_POST_VARS, false);
-                               SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ADMIN_EDIT_SUBJECT, $msg);
+                               $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $_POST, false);
+                               SEND_EMAIL($_POST['email'], SPONSOR_ADMIN_EDIT_SUBJECT, $msg);
                                break;
 
                        default: // Unknown mode
-                               $MSG = ADMIN_INVALID_MODE_1.$HTTP_GET_VARS['mode'].ADMIN_INVALID_MODE_2;
+                               $MSG = ADMIN_INVALID_MODE_1.SQL_ESCAPE($_GET['mode']).ADMIN_INVALID_MODE_2;
                                break;
                        }
 
-                       if (!empty($MSG))
-                       {
+                       if (!empty($MSG)) {
                                // Output message
                                LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
                        }
-               }
-                elseif (file_exists(PATH."templates/".GET_LANGUAGE()."/html/admin/".$TPL.".tpl"))
-               {
+               } elseif (file_exists(PATH."templates/".GET_LANGUAGE()."/html/admin/".$TPL.".tpl")) {
                        // Create mailto link
                        define('__SPONSOR_VALUE', "<A href=\"mailto:".__EMAIL."\">".__SURNAME." ".__FAMILY."</A>");
 
                        // Load mode template
                        LOAD_TEMPLATE($TPL);
-               }
-                else
-               {
+               } else {
                        // Template not found!
-                       LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_TPL_404_1.$HTTP_GET_VARS['mode'].ADMIN_TPL_404_2);
+                       LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_TPL_404_1.SQL_ESCAPE($_GET['mode']).ADMIN_TPL_404_2);
                }
-       }
-        else
-       {
+       } else {
                // Sponsor not found!
-               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['id'].ADMIN_SPONSOR_404_2);
+               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.bigintval($_GET['id']).ADMIN_SPONSOR_404_2);
        }
-}
- else
-{
+} else {
        // Not called by what-list_sponsor.php
        LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_CALL_NOT_DIRECTLY);
 }

diff --git a/inc/modules/admin/what-list_doubler.php b/inc/modules/admin/what-list_doubler.php
index fe7df7ad8cbbbcff88e780d72f54f515f5ec5184..d9f373aa2fa79bf242c9db9ed432b87e1e6bef31 100644 (file)
--- a/inc/modules/admin/what-list_doubler.php
+++ b/inc/modules/admin/what-list_doubler.php
@@ -32,8 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
@@ -41,13 +40,10 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-if (empty($_GET['mode']))
-{
+if (empty($_GET['mode'])) {
        // Chosse the overview page as default
        $_GET['mode'] = "overview";
-}
- else
-{
+} else {
        // Set table title automatically
        if (empty($_GET['select'])) $_GET['select'] = "all";
        $eval = "define('__ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."', ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."_".strtoupper($_GET['select']).");";

diff --git a/inc/modules/admin/what-list_sponsor.php b/inc/modules/admin/what-list_sponsor.php
index fc48a1f7d9875e698abc9a4220aa78a3674499b6..a753c8d8315afd4e7437c4b7670100e70064f0eb 100644 (file)
--- a/inc/modules/admin/what-list_sponsor.php
+++ b/inc/modules/admin/what-list_sponsor.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 04/25/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * M-XChange v0.2.1                                   Start: 04/25/2005 *
+ * ================                             Last change: 05/19/2008 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-list_sponsor.php                            *
@@ -31,8 +31,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -40,36 +39,33 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-if (!empty($HTTP_GET_VARS['id']))
-{
+if (!empty($_GET['id'])) {
        // Show detailed informations to a sponsor
        $result = SQL_QUERY_ESC("SELECT company, position, salut, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, status, sponsor_created, last_online, last_change, receive_warnings, points_amount, points_used, remote_addr, warning_interval, refid, ref_count
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE id='%s' LIMIT 1",
- array(bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+ array(bigintval($_GET['id'])), __FILE__, __LINE__);
 
-       if (SQL_NUMROWS($result) == 1)
-       {
+       if (SQL_NUMROWS($result) == 1) {
                // Load sponsor details
                $DATA = SQL_FETCHARRAY($result);
                SQL_FREERESULT($result);
 
                // Check if an entry is empty
-               foreach ($DATA as $k=>$v)
-               {
+               foreach ($DATA as $k=>$v) {
                        if (empty($v)) $DATA[$k] = "---";
                }
 
                // Check for sponsor's orders (only count)
                $result_orders = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_sponsor_orders WHERE sponsorid='%s'",
-                array(bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
+                array(bigintval($_GET['id'])), __FILE__, __LINE__);
                list($orders) = SQL_FETCHROW($result_orders);
                SQL_FREERESULT($result_orders);
                if (empty($orders)) $orders = "0";
 
                // Prepare all data for the template
                //  Sponsor's ID
-               define('__SPONSOR_ID'         , $HTTP_GET_VARS['id']);
+               define('__SPONSOR_ID'         , $_GET['id']);
                //  Company's data
                define('__SPONSOR_COMPANY'    , $DATA['company']);
                define('__SPONSOR_POSITION'   , $DATA['position']);
@@ -110,20 +106,15 @@ WHERE id='%s' LIMIT 1",
 
                // Load template
                LOAD_TEMPLATE("admin_list_sponsor_details");
-       }
-        else
-       {
+       } else {
                // Sponsor not found
-               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['id'].ADMIN_SPONSOR_404_2);
+               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$_GET['id'].ADMIN_SPONSOR_404_2);
        }
-}
- elseif (!empty($HTTP_GET_VARS['rid']))
-{
+} elseif (!empty($_GET['rid'])) {
        // Search for sponsor
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1",
-        array(bigintval($HTTP_GET_VARS['rid'])), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
+        array(bigintval($_GET['rid'])), __FILE__, __LINE__);
+       if (SQL_NUMROWS($result) == 1) {
                // Free memory
                SQL_FREERESULT($result);
 
@@ -131,37 +122,28 @@ WHERE id='%s' LIMIT 1",
                $result = SQL_QUERY_ESC("SELECT id, salut, surname, family, email, status, sponsor_created, last_online, points_amount, points_used, remote_addr, ref_count
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE refid='%s' ORDER BY id",
- array(bigintval($HTTP_GET_VARS['rid'])), __FILE__, __LINE__);
+ array(bigintval($_GET['rid'])), __FILE__, __LINE__);
 
-               if (SQL_NUMROWS($result) > 0)
-               {
+               if (SQL_NUMROWS($result) > 0) {
                        // List refs now
                        // Free memory
                        SQL_FREERESULT($result);
-               }
-                else
-               {
+               } else {
                        // No refs made so far
-                       LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_REFS_404_1."<A href=\"".URL."/modules.php?module=admin&amp;what=list_sponsor&amp;id=".$HTTP_GET_VARS['rid']."\">".$HTTP_GET_VARS['rid']."</A>".ADMIN_SPONSOR_REFS_404_2);
+                       LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_REFS_404_1."<A href=\"".URL."/modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval($_GET['rid'])."\">".bigintval($_GET['rid'])."</A>".ADMIN_SPONSOR_REFS_404_2);
                }
-       }
-        else
-       {
+       } else {
                // Sponsor not found
-               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['rid'].ADMIN_SPONSOR_404_2);
+               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.bigintval($_GET['rid']).ADMIN_SPONSOR_404_2);
        }
-}
- else
-{
+} else {
        // List all sponsors
        $result_main = SQL_QUERY("SELECT id, salut, surname, family, email, status, sponsor_created, last_online, points_amount, points_used, remote_addr
 FROM "._MYSQL_PREFIX."_sponsor_data ORDER BY id", __FILE__, __LINE__);
-       if (SQL_NUMROWS($result_main) > 0)
-       {
+       if (SQL_NUMROWS($result_main) > 0) {
                // At least one sponsor found!
                $OUT = ""; $SW = 2;
-               while(list($id, $salut, $sname, $fname, $email, $status, $created, $last, $amount, $used, $ip) = SQL_FETCHROW($result_main))
-               {
+               while(list($id, $salut, $sname, $fname, $email, $status, $created, $last, $amount, $used, $ip) = SQL_FETCHROW($result_main)) {
                        // Transfer data to array
                        $content = array(
                                'id'      => $id,
@@ -188,9 +170,7 @@ FROM "._MYSQL_PREFIX."_sponsor_data ORDER BY id", __FILE__, __LINE__);
 
                // Load final template
                LOAD_TEMPLATE("admin_list_sponsor");
-       }
-        else
-       {
+       } else {
                // No sponsors registered so far
                LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_NONE_REGISTERED);
        }

diff --git a/inc/modules/admin/what-list_sponsor_pay.php b/inc/modules/admin/what-list_sponsor_pay.php
index 587fc0580522e824dbeaf5c8c048ba0186f93819..8564656c69885ca9491124f49f1e9594e79d2e94 100644 (file)
--- a/inc/modules/admin/what-list_sponsor_pay.php
+++ b/inc/modules/admin/what-list_sponsor_pay.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 06/10/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * M-XChange v0.2.1                                   Start: 06/10/2005 *
+ * ================                             Last change: 05/19/2008 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-list_sponsor_pay.php                        *
@@ -31,8 +31,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -41,49 +40,39 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
 ADD_DESCR("admin", basename(__FILE__));
 $MSG = "";
 
-if (isset($HTTP_POST_VARS['add']))
-{
+if (isset($_POST['add'])) {
        // Check input variables
-       if (empty($HTTP_POST_VARS['pay_name'])) unset($HTTP_POST_VARS['add']);
-       if ((round($HTTP_POST_VARS['pay_rate']) == 0) || (empty($HTTP_POST_VARS['pay_rate']))) unset($HTTP_POST_VARS['add']);
-       $HTTP_POST_VARS['pay_min_count'] = bigintval($HTTP_POST_VARS['pay_min_count']);
-       if (($HTTP_POST_VARS['pay_min_count'] == 0) || (empty($HTTP_POST_VARS['pay_min_count']))) unset($HTTP_POST_VARS['add']);
-       if (empty($HTTP_POST_VARS['pay_currency'])) unset($HTTP_POST_VARS['add']);
-}
- elseif ((isset($HTTP_POST_VARS['edit'])) || (isset($HTTP_POST_VARS['del'])) || (isset($HTTP_POST_VARS['change'])) || (isset($HTTP_POST_VARS['remove'])))
-{
+       if (empty($_POST['pay_name'])) unset($_POST['add']);
+       if ((round($_POST['pay_rate']) == 0) || (empty($_POST['pay_rate']))) unset($_POST['add']);
+       $_POST['pay_min_count'] = bigintval($_POST['pay_min_count']);
+       if (($_POST['pay_min_count'] == 0) || (empty($_POST['pay_min_count']))) unset($_POST['add']);
+       if (empty($_POST['pay_currency'])) unset($_POST['add']);
+} elseif ((isset($_POST['edit'])) || (isset($_POST['del'])) || (isset($_POST['change'])) || (isset($_POST['remove']))) {
        // Check if at least one entry was selected
-       if (empty($HTTP_POST_VARS['id']))
-       {
+       if (empty($_POST['id'])) {
                // Nothing selected for editing / deleting???
-               unset($HTTP_POST_VARS['edit']);
-               unset($HTTP_POST_VARS['del']);
-               unset($HTTP_POST_VARS['change']);
-               unset($HTTP_POST_VARS['remove']);
-       }
-        elseif (isset($HTTP_POST_VARS['change']))
-       {
+               unset($_POST['edit']);
+               unset($_POST['del']);
+               unset($_POST['change']);
+               unset($_POST['remove']);
+       } elseif (isset($_POST['change'])) {
                // Change entries here...
-               foreach ($HTTP_POST_VARS['id'] as $id=>$sel)
-               {
+               foreach ($_POST['id'] as $id=>$sel) {
                        // Secure ID
                        $id = bigintval($id);
 
                        // Save entry
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_paytypes
 SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id='%s' LIMIT 1",
- array($HTTP_POST_VARS['name'][$id], $HTTP_POST_VARS['rate'][$id], bigintval($HTTP_POST_VARS['min'][$id]), $HTTP_POST_VARS['curr'][$id], $id),
+ array($_POST['name'][$id], $_POST['rate'][$id], bigintval($_POST['min'][$id]), $_POST['curr'][$id], $id),
  __FILE__, __LINE__);
                }
 
                // Generate message
                $MSG = SPONSOR_PAY_ENTRIES_CHANGED;
-       }
-        elseif (isset($HTTP_POST_VARS['remove']))
-       {
+       } elseif (isset($_POST['remove'])) {
                // Remove entries here...
-               foreach ($HTTP_POST_VARS['id'] as $id=>$sel)
-               {
+               foreach ($_POST['id'] as $id=>$sel) {
                        // Remove entry
                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_sponsor_paytypes WHERE id='%s' LIMIT 1",
  array(bigintval($id)), __FILE__, __LINE__);
@@ -93,54 +82,45 @@ SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id
                $MSG = SPONSOR_PAY_ENTRIES_REMOVED;
        }
 
-       if (!empty($MSG))
-       {
+       if (!empty($MSG)) {
                // Output message
                LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
                OUTPUT_HTML("<BR>");
        }
 }
 
-if (isset($HTTP_POST_VARS['add']))
-{
+if (isset($_POST['add'])) {
        // Check if entry with same name does exists
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_paytypes WHERE pay_name='%s' LIMIT 1",
-        array($HTTP_POST_VARS['pay_name']), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 0)
-       {
+        array($_POST['pay_name']), __FILE__, __LINE__);
+       if (SQL_NUMROWS($result) == 0) {
                // No entry found so add this line
                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_sponsor_paytypes (pay_name, pay_rate, pay_min_count, pay_currency)
  VALUES ('%s', '%s', '%s', '%s')",
- array(htmlspecialchars($HTTP_POST_VARS['pay_name']), str_replace(",", ".", $HTTP_POST_VARS['pay_rate']), bigintval($HTTP_POST_VARS['pay_min_count']), htmlspecialchars($HTTP_POST_VARS['pay_currency'])),
+ array(htmlspecialchars($_POST['pay_name']), str_replace(",", ".", $_POST['pay_rate']), bigintval($_POST['pay_min_count']), htmlspecialchars($_POST['pay_currency'])),
  __FILE__, __LINE__);
 
                // Payment type added!
-               $MSG = SPONSOR_ADMIN_PAYTYPE_ADDED_1.$HTTP_POST_VARS['pay_name'].SPONSOR_ADMIN_PAYTYPE_ADDED_2;
-       }
-        else
-       {
+               $MSG = SPONSOR_ADMIN_PAYTYPE_ADDED_1.$_POST['pay_name'].SPONSOR_ADMIN_PAYTYPE_ADDED_2;
+       } else {
                // Free memory
                SQL_FREERESULT($result);
 
                // Entry does already exists
-               $MSG = SPONSOR_ADMIN_PAYTYPE_ALREADY_1.$HTTP_POST_VARS['pay_name'].SPONSOR_ADMIN_PAYTYPE_ALREADY_2;
+               $MSG = SPONSOR_ADMIN_PAYTYPE_ALREADY_1.$_POST['pay_name'].SPONSOR_ADMIN_PAYTYPE_ALREADY_2;
        }
 
        // Output message
        LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
        OUTPUT_HTML("<BR>");
-}
- elseif ((isset($HTTP_POST_VARS['edit'])) || (isset($HTTP_POST_VARS['del'])))
-{
+} elseif ((isset($_POST['edit'])) || (isset($_POST['del']))) {
        // Load all data
        $OUT = ""; $SW = 2;
-       foreach ($HTTP_POST_VARS['id'] as $id=>$sel)
-       {
+       foreach ($_POST['id'] as $id=>$sel) {
                // Load entry
                $result = SQL_QUERY_ESC("SELECT pay_name, pay_rate, pay_min_count, pay_currency FROM "._MYSQL_PREFIX."_sponsor_paytypes WHERE id='%s' LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
-               if (SQL_NUMROWS($result) == 1)
-               {
+               if (SQL_NUMROWS($result) == 1) {
                        // Load data
                        list($name, $rate, $min, $curr) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -155,19 +135,14 @@ if (isset($HTTP_POST_VARS['add']))
                                'curr' => htmlspecialchars($curr)
                        );
 
-                       if (isset($HTTP_POST_VARS['edit']))
-                       {
+                       if (isset($_POST['edit'])) {
                                // Edit entry
                                $OUT .= LOAD_TEMPLATE("admin_list_sponsor_pay_edit_row", true, $content);
-                       }
-                        else
-                       {
+                       } else {
                                // Delete entry
                                $OUT .= LOAD_TEMPLATE("admin_list_sponsor_pay_del_row", true, $content);
                        }
-               }
-                else
-               {
+               } else {
                        // Entry invalid
                        $OUT .= LOAD_TEMPLATE("admin_list_sponsor_pay_404", true, $id);
                }
@@ -180,32 +155,25 @@ if (isset($HTTP_POST_VARS['add']))
        define('__SPONSOR_ROWS', $OUT);
 
        // Load main template depending on mode (edit/delete)
-       if (isset($HTTP_POST_VARS['edit']))
-       {
+       if (isset($_POST['edit'])) {
                // Load main edit template
                LOAD_TEMPLATE("admin_list_sponsor_pay_edit");
-       }
-        else
-       {
+       } else {
                // Load main delete template
                LOAD_TEMPLATE("admin_list_sponsor_pay_del");
        }
-}
- else
-{
+} else {
        // Load all payment types
        $result = SQL_QUERY("SELECT id, pay_name, pay_rate, pay_min_count, pay_currency FROM "._MYSQL_PREFIX."_sponsor_paytypes ORDER BY pay_name",
         __FILE__, __LINE__);
 
        // Do we have some paytypes setup?
-       if (SQL_NUMROWS($result) > 0)
-       {
+       if (SQL_NUMROWS($result) > 0) {
                // Prepare variables for listing
                $SW = 2; $OUT = "";
 
                // List alle found payment types
-               while(list($id, $name, $rate, $min, $currency) = SQL_FETCHROW($result))
-               {
+               while(list($id, $name, $rate, $min, $currency) = SQL_FETCHROW($result)) {
                        // Remember data in array
                        $content = array(
                                'sw'       => $SW,
@@ -231,9 +199,7 @@ if (isset($HTTP_POST_VARS['add']))
 
                // Load list template
                define('__LIST_CONTENT', LOAD_TEMPLATE("admin_list_sponsor_pay", true));
-       }
-        else
-       {
+       } else {
                // Noting setup so far!
                define('__LIST_CONTENT', LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ADMIN_NO_PAYTYPES));
        }

diff --git a/inc/modules/admin/what-list_sponsor_pays.php b/inc/modules/admin/what-list_sponsor_pays.php
index 5c183d69a7ba882a29f5db881952867e99b1a602..fe961dc14f880da67cfbbafd1681067018366fea 100644 (file)
--- a/inc/modules/admin/what-list_sponsor_pays.php
+++ b/inc/modules/admin/what-list_sponsor_pays.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 04/24/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * M-XChange v0.2.1                                   Start: 04/24/2005 *
+ * ================                             Last change: 05/19/2008 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-list_sponsor_pays.php                       *
@@ -31,8 +31,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -40,25 +39,19 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-if (!empty($HTTP_GET_VARS['id']))
-{
+if (!empty($_GET['id'])) {
        // Check for selected sponsor
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1",
-        array(bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
+        array(bigintval($_GET['id'])), __FILE__, __LINE__);
+       if (SQL_NUMROWS($result) == 1) {
                // ...
                // Free memory
                SQL_FREERESULT($result);
-       }
-        else
-       {
+       } else {
                // Sponsor not found!
-               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['id'].ADMIN_SPONSOR_404_2);
+               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.bigintval($_GET['id']).ADMIN_SPONSOR_404_2);
        }
-}
- else
-{
+} else {
        // Not called by what-list_sponsor.php
        LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_CALL_NOT_DIRECTLY);
 }

diff --git a/inc/modules/admin/what-lock_sponsor.php b/inc/modules/admin/what-lock_sponsor.php
index 2d22e80e03f0b707496ac3991edfa57606a3a997..433f5be562f3a273902bf1742a7654212e981298 100644 (file)
--- a/inc/modules/admin/what-lock_sponsor.php
+++ b/inc/modules/admin/what-lock_sponsor.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 04/24/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * M-XChange v0.2.1                                   Start: 04/24/2005 *
+ * ================                             Last change: 05/19/2008 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-lock_sponsor.php                            *
@@ -31,8 +31,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -41,37 +40,30 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
 ADD_DESCR("admin", basename(__FILE__));
 $MSG = "";
 
-if (!empty($HTTP_GET_VARS['id']))
-{
+if (!empty($_GET['id'])) {
        // Check for selected sponsor
        $result = SQL_QUERY_ESC("SELECT salut, surname, family, email, status FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1",
-        array($HTTP_GET_VARS['id']), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
+        array(bigintval($_GET['id'])), __FILE__, __LINE__);
+       if (SQL_NUMROWS($result) == 1) {
                // Get sponsor's current status and let only confirmed and locked status pass
                list($salut, $sname, $fname, $email, $status) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
-               if (($status == "CONFIRMED") || ($status == "LOCKED"))
-               {
+               if (($status == "CONFIRMED") || ($status == "LOCKED")) {
                        // Transfer data to constants
                        define('__SALUT'  , TRANSLATE_SEX($salut));
                        define('__SURNAME', $sname);
                        define('__FAMILY' , $fname);
-                       define('__ID'     , $HTTP_GET_VARS['id']);
+                       define('__ID'     , bigintval($_GET['id']));
 
-                       if (isset($HTTP_POST_VARS['ok']))
-                       {
+                       if (isset($_POST['ok'])) {
                                // Create messages
-                               if ($status == "CONFIRMED")
-                               {
+                               if ($status == "CONFIRMED") {
                                        // Message when sponsor's account got lock
                                        define('__EMAIL_MSG', SPONSOR_ACCOUNT_LOCKED);
                                        $subject = SPONSOR_SUBJECT_LOCKED;
                                        $status = "LOCKED";
-                               }
-                                else
-                               {
+                               } else {
                                        // Message when sponsor's account got unlock
                                        define('__EMAIL_MSG', SPONSOR_ACCOUNT_UNLOCKED);
                                        $subject = SPONSOR_SUBJECT_UNLOCKED;
@@ -79,31 +71,24 @@ if (!empty($HTTP_GET_VARS['id']))
                                }
 
                                // Load email message
-                               $msg = LOAD_EMAIL_TEMPLATE("lock_sponsor", $HTTP_POST_VARS['reason'], $HTTP_GET_VARS['id']);
+                               $msg = LOAD_EMAIL_TEMPLATE("lock_sponsor", $_POST['reason'], bigintval($_GET['id']));
 
                                // And send it away
                                SEND_EMAIL($email, $subject, $msg);
 
                                // Update sponsor's account
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='".$status."' WHERE id='%s' LIMIT 1",
-                                array(bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__);
-                       }
-                        elseif (!empty($HTTP_POST_VARS['no']))
-                       {
+                                array(bigintval($_GET['id'])), __FILE__, __LINE__);
+                       } elseif (!empty($_POST['no'])) {
                                // No don't lock / unlock now!
-                               LOAD_URL(URL."/modules.php?module=admin&what=list_sponsor&id=".$HTTP_GET_VARS['id']);
-                       }
-                        else
-                       {
+                               LOAD_URL(URL."/modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id']));
+                       } else {
                                // Create header and text messages
-                               if ($status == "CONFIRMED")
-                               {
+                               if ($status == "CONFIRMED") {
                                        // Messages when sponsor's account is confirmed
                                        define('__HEADER_MESSAGE', SPONSOR_LOCK_SPONSOR_HEADER);
                                        define('__TEXT_MESSAGE'  , SPONSOR_LOCK_SPONSOR_TEXT);
-                               }
-                                else
-                               {
+                               } else {
                                        // Messages when sponsor's account is locked
                                        define('__HEADER_MESSAGE', SPONSOR_UNLOCK_SPONSOR_HEADER);
                                        define('__TEXT_MESSAGE'  , SPONSOR_UNLOCK_SPONSOR_TEXT);
@@ -115,27 +100,20 @@ if (!empty($HTTP_GET_VARS['id']))
                                // Display form
                                LOAD_TEMPLATE("admin_lock_sponsor");
                        }
-               }
-                else
-               {
+               } else {
                        // Cannot change status on unconfirmed or pending accounts!
                        $MSG = ADMIN_SPONSPOR_CANNOT_LOCK_PENDING_UNCINFIRMED_ACCOUNTS;
                }
-       }
-        else
-       {
+       } else {
                // Sponsor not found!
-               $MSG = ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['id'].ADMIN_SPONSOR_404_2;
+               $MSG = ADMIN_SPONSOR_404_1.bigintval($_GET['id']).ADMIN_SPONSOR_404_2;
        }
-}
- else
-{
+} else {
        // Not called by what-list_sponsor.php
        $MSG = ADMIN_CALL_NOT_DIRECTLY;
 }
 
-if (!empty($MSG))
-{
+if (!empty($MSG)) {
        // Output message
        LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
 }

diff --git a/inc/modules/admin/what-maintenance.php b/inc/modules/admin/what-maintenance.php
index 9d272d8a9e833d011f9ef1ca5c36811d7846758a..923926c45bde493a59699ce1a426899b0f077183 100644 (file)
--- a/inc/modules/admin/what-maintenance.php
+++ b/inc/modules/admin/what-maintenance.php
@@ -37,6 +37,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
+
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 

diff --git a/inc/modules/admin/what-theme_check.php b/inc/modules/admin/what-theme_check.php
index 2fb556ecc09a39d20d8afed267f2a5bbc139fc8e..99df9a41061a7e6e17cb40c9432f89919e6caef0 100644 (file)
--- a/inc/modules/admin/what-theme_check.php
+++ b/inc/modules/admin/what-theme_check.php
@@ -82,8 +82,7 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
                        if (empty($cver)) $cver = "-.-";
 
                        // Is the extension already installed or not?
-                       if (((SQL_NUMROWS($result) == 0) && (!file_exists($file))) || ($ver != $cver))
-                       {
+                       if (((SQL_NUMROWS($result) == 0) && (!file_exists($file))) || ($ver != $cver)) {
                                // No, it isn't. So let's add this one!
                                $THEMES['fname'][]  = $name;
                                $THEMES['fsize'][]  = $response[$idx + 1];
@@ -96,8 +95,7 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
                                $INFO = ADMIN_EXT_NO_INFO_FOUND;
 
                                // Trim every data line
-                               foreach ($LANG_DUMMY as $k=>$v)
-                               {
+                               foreach ($LANG_DUMMY as $k=>$v) {
                                        $v = trim($v);
                                        if (substr($v, 3) == "") $v = "---";
                                        $LANG_DUMMY[$k] = $v;
@@ -106,8 +104,7 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
                                }
 
                                // If language is found stop searching on matching line
-                               foreach($LANG as $search)
-                               {
+                               foreach($LANG as $search) {
                                        if (substr($search, 0, 3) == (GET_LANGUAGE().":")) { $INFO = substr($search, 3); break; }
                                }
 
@@ -118,15 +115,13 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
        }
 
        // Ok, themes are on our server but maybe you have already installed them?
-       if (sizeof($THEMES['fname']) > 0)
-       {
+       if (sizeof($THEMES['fname']) > 0) {
                // Sort array (I missed ver and cver here)
                array_pk_sort($THEMES, array("cver", "fname"), 0, 1);
 
                // Extensions where found which are not downloaded and installed
                $SW = 2; $OUT = ""; $TSIZE = 0;
-               foreach ($THEMES['fname'] as $idx=>$name)
-               {
+               foreach ($THEMES['fname'] as $idx=>$name) {
                        // Generate download link
                        $LINK = SERVER_URL."/themes/theme-".$name.".zip";
                        $OUT .= "<TR>

diff --git a/inc/modules/admin/what-theme_import.php b/inc/modules/admin/what-theme_import.php
index 0e3ec8ebdf00ebdc71830dfe519cda755855ae45..775f6f493f5b6f48ed51af0fce29b9639601ea4d 100644 (file)
--- a/inc/modules/admin/what-theme_import.php
+++ b/inc/modules/admin/what-theme_import.php
@@ -52,23 +52,21 @@ if (!empty($_POST['theme']))
        if (SQL_NUMROWS($result) == 0)
        {
                // Import theme
-               $file = PATH."theme/".$_POST['theme']."/theme.php";
-               if (file_exists($file))
-               {
+               $file = sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($_POST['theme']));
+               if ((file_exists($file)) && (is_readable($file))) {
+                       // Load the theme header file
                        include($file);
+
+                       // Register it ith the exchange
                        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_themes (theme_path, theme_active, theme_ver)
 VALUES ('%s', 'N', '%s')",
  array($_POST['theme'], $THEME_VERSION), __FILE__, __LINE__);
                        $msg = ADMIN_THEME_IMPORTED_1.$_POST['theme'].ADMIN_THEME_IMPORTED_2;
-               }
-                else
-               {
+               } else {
                        // Include file not found!
                        $msg = ADMIN_THEME_INC_404_1.$_POST['theme'].ADMIN_THEME_INC_404_2;
                }
-       }
-        else
-       {
+       } else {
                // Free memory
                SQL_FREERESULT($result);
 
@@ -93,14 +91,12 @@ $THEMES = array(
 
 // Read directory "themes"
 $handle = opendir(PATH."theme/") or mxchange_die("Cannot read themes dir!");
-while ($dir = readdir($handle))
-{
+while ($dir = readdir($handle)) {
        // Construct absolute theme.php file name
-       $theme = PATH."theme/".$dir."/"."theme.php";
+       $theme = sprintf("%stheme/%s/theme.php", PATH, $dir);
 
        // Test it...
-       if (($dir != ".") && ($dir != "..") && (file_exists($theme)))
-       {
+       if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme))) {
                // Found a valid directory so let's load it's theme.php file
                include($theme);
 
@@ -120,21 +116,17 @@ array_pk_sort($THEMES, array("theme_name"));
 
 // Generate output lines for the template
 $OUT = ""; $SW = 2;
-foreach ($THEMES['theme_unix'] as $key=>$unix)
-{
+foreach ($THEMES['theme_unix'] as $key=>$unix) {
        // Check if current theme is already imported or not
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1",
         array($unix), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
+       if (SQL_NUMROWS($result) == 1) {
                // Free memory
                SQL_FREERESULT($result);
 
                // Already installed
                $FOUND = "<FONT class=\"admin_note\">".ADMIN_THEME_ALREADY_INSTALLED."</FONT>";
-       }
-        else
-       {
+       } else {
                // Theme not installed
                $FOUND = "<FORM action=\"".URL."/modules.php?module=admin&amp;what=theme_import\" method=\"POST\">
   <INPUT type=\"submit\" name=\"ok\" class=\"admin_submit\" value=\"".ADMIN_INSTALL_THEME."\">
@@ -159,8 +151,8 @@ foreach ($THEMES['theme_unix'] as $key=>$unix)
 </TR>\n";
        $SW = 3 - $SW;
 }
-if (empty($OUT))
-{
+
+if (empty($OUT)) {
        // No themes found???
        $OUT .= "<TR>
   <TD colspan=\"6\" class=\"bottom2\" height=\"80\">

diff --git a/inc/modules/admin/what-unlock_sponsor.php b/inc/modules/admin/what-unlock_sponsor.php
index d8018db2d332e2acf86cf9dd0906daf4e42dd045..130f511cf97a8569334ca83f422fbae2921be5f9 100644 (file)
--- a/inc/modules/admin/what-unlock_sponsor.php
+++ b/inc/modules/admin/what-unlock_sponsor.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 04/23/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * M-XChange v0.2.1                                   Start: 04/23/2005 *
+ * ================                             Last change: 05/19/2008 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-unlock_sponsor.php                          *
@@ -18,21 +18,10 @@
  * This program is free software. You can redistribute it and/or modify *
  * it under the terms of the GNU General Public License as published by *
  * the Free Software Foundation; either version 2 of the License.       *
- *                                                                      *
- * This program is distributed in the hope that it will be useful,      *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
- * GNU General Public License for more details.                         *
- *                                                                      *
- * You should have received a copy of the GNU General Public License    *
- * along with this program; if not, write to the Free Software          *
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
- * MA  02110-1301  USA                                                  *
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -41,22 +30,21 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Check if admin has submitted form
-if (isset($HTTP_POST_VARS['ok']))
-{
+if (isset($_POST['ok'])) {
        // Does he have selected at least one sponsor?
-       if (SELECTION_COUNT($HTTP_POST_VARS['id']) > 0)
-       {
+       if (SELECTION_COUNT($_POST['id']) > 0) {
                // At least one entry selected
-               foreach ($HTTP_POST_VARS['id'] as $id=>$sel)
-               {
+               foreach ($_POST['id'] as $id=>$sel) {
+                       // Secure ID number
+                       $id = bigintval($id);
+
                        // Load his personal data
                        $result_main = SQL_QUERY_ESC("SELECT salut, surname, family, email, remote_addr, sponsor_created, points_amount, refid
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE status='PENDING' AND id='%s' LIMIT 1",
- array(bigintval($id)), __FILE__, __LINE__);
+ array($id), __FILE__, __LINE__);
                        $refid = 0;
-                       if (SQL_NUMROWS($result_main) == 1)
-                       {
+                       if (SQL_NUMROWS($result_main) == 1) {
                                // Load data and free memory
                                list($salut, $sname, $fname, $email, $ip, $created, $points, $refid) = SQL_FETCHROW($result_main);
 
@@ -68,19 +56,15 @@ LEFT JOIN "._MYSQL_PREFIX."_sponsor_paytypes AS sp
 ON sp.id=so.payid
 WHERE so.sponsorid='%s'
 ORDER BY sp.pay_name",
- array(bigintval($id)), __FILE__, __LINE__);
-                               if (SQL_NUMROWS($result) > 0)
-                               {
+ array($id), __FILE__, __LINE__);
+                               if (SQL_NUMROWS($result) > 0) {
                                        // Payment does exist
                                        while(list($aid, $count, $ordered, $status, $pname, $prate, $pcurr) = SQL_FETCHROW($result))
                                        {
-                                               if ($aid == "0")
-                                               {
+                                               if ($aid == "0") {
                                                        // No admin assigned!
                                                        $aid = SPONSOR_NO_ADMIN;
-                                               }
-                                                else
-                                               {
+                                               } else {
                                                        // Load admin's email address for contact
                                                        $result_aid = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id='%s' LIMIT 1",
                                                         array(bigintval($aid)), __FILE__, __LINE__);
@@ -102,9 +86,7 @@ ORDER BY sp.pay_name",
                                                // Load email template
                                                $content['msg'] = LOAD_EMAIL_TEMPLATE("sponsor_unlock_sponsor_pay", $content, $id);
                                        }
-                               }
-                                        else
-                               {
+                               } else {
                                        // No payments found
                                        $content['msg'] = SPONSOR_NO_PAYMENTS_FOUND;
                                }
@@ -119,28 +101,28 @@ ORDER BY sp.pay_name",
                        // Unlock sponsor account
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
 WHERE id='%s' AND status='PENDING' LIMIT 1",
- array(bigintval($id)), __FILE__, __LINE__);
+ array($id), __FILE__, __LINE__);
 
                        // Update, if applyable, referral count and points
-                       if (($refid > 0) && ($refid != $id))
-                       {
+                       if (($refid > 0) && ($refid != $id)) {
                                // Update referral account
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data
 SET points_amount=points_amount+%s, ref_count=ref_count+1
 WHERE id='%s' LIMIT 1",
  array($CONFIG['sponsor_ref_points'], bigintval($refid)), __FILE__, __LINE__);
 
-                               // Load referral's data
-                               if (SQL_AFFECTED_ROWS($link) == 1)
-                               {
+                               // Whas that update fine?
+                               if (SQL_AFFECTED_ROWS($link) == 1) {
+                                       // Load referral's data
                                        $result = SQL_QUERY_ESC("SELECT id, salut, surname, family, email,
 (points_amount - points_used) AS points, receive_warnings, ref_count AS refs
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE id='%s' LIMIT 1",
  array(bigintval($refid)), __FILE__, __LINE__);
                                        $REFERRAL = SQL_FETCHARRAY($result);
-                                       if ($REFERRAL['receive_warnings'] == "Y")
-                                       {
+
+                                       // Send warnings out?
+                                       if ($REFERRAL['receive_warnings'] == "Y") {
                                                // Translate some data
                                                $REFERRAL['points']     = TRANSLATE_COMMA($REFERRAL['points']);
                                                $REFERRAL['ref_points'] = TRANSLATE_COMMA($CONFIG['sponsor_ref_points']);
@@ -167,9 +149,7 @@ WHERE id='%s' LIMIT 1",
                        $msg = LOAD_EMAIL_TEMPLATE("sponsor_unlocked", $content);
                        SEND_EMAIL($email, SPONSOR_UNLOCKED_SUBJ, $msg);
                }
-       }
-        else
-       {
+       } else {
                // Nothing selected
                LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_NONE_SELECTED_UNLOCK);
        }
@@ -183,12 +163,10 @@ $result = SQL_QUERY("SELECT id, salut, surname, family, email, remote_addr, spon
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE status='PENDING' ORDER BY id", __FILE__, __LINE__);
 
-if (SQL_NUMROWS($result) > 0)
-{
+if (SQL_NUMROWS($result) > 0) {
        // Entries found so let's list them!
        $OUT = ""; $SW = 2;
-       while(list($id, $salut, $sname, $fname, $email, $ip, $created) = SQL_FETCHROW($result))
-       {
+       while(list($id, $salut, $sname, $fname, $email, $ip, $created) = SQL_FETCHROW($result)) {
                // Transfer data to array
                $content = array(
                        'sw'      => $SW,
@@ -209,9 +187,7 @@ if (SQL_NUMROWS($result) > 0)
 
        // Load template
        LOAD_TEMPLATE("admin_unlock_sponsor");
-}
- else
-{
+} else {
        // No pending accounts found
        LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_NONE_PENDING);
 }

diff --git a/inc/modules/admin/what-usage.php b/inc/modules/admin/what-usage.php
index f5afcc325e1f71456f8b4a764573aba635fd886a..3a17999e65bc0739a9662c7de7c5932bfa72b955 100644 (file)
--- a/inc/modules/admin/what-usage.php
+++ b/inc/modules/admin/what-usage.php
@@ -32,52 +32,46 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
+
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
+// Base directory (should be moved to database)
 $usage = "usage/";
-if (!empty($_GET['image']))
-{
-       if ($_GET['type'] == "usage")
-       {
-               $file = PATH.$usage."usage.png";
-       }
-        else
-       {
+
+OPEN_TABLE("100%", "admin_content admin_content_align", "");
+
+if (!empty($_GET['image'])) {
+       if ($_GET['type'] == "usage") {
+               $file = sprintf("%s%susage.png", PATH, $usage);
+       } else {
                if (strpos($_GET['image'], "\\") > 0) $_GET['image'] = substr($_GET['image'], 0, strpos($_GET['image'], "\\"));
-               $file = PATH.$usage.$_GET['type']."_usage_".$_GET['image'].".png";
+               $file = sprintf("%s%s%s_usage_%s.png", PATH, $usage, SQL_ESCAPE($_GET['type']), SQL_ESCAPE($_GET['image']));
        }
-       if (file_exists($file))
-       {
+
+       if ((file_exists($file)) && (is_readable($file))) {
                $image = imagecreatefrompng($file);
                header("Content-type: image/png");
                imagepng($image);
                imagedestroy($image);
        }
        exit();
-}
- elseif (empty($_GET['usage']))
-{
+} elseif (empty($_GET['usage'])) {
        $file = PATH.$usage."index.html";
-}
- else
-{
+} else {
        $file = sprintf("%s%susage_%s.html",
                PATH,
                $usage,
                SQL_ESCAPE($_GET['usage'])
        );
 }
-if ($file !="")
-{
-       if (file_exists($file) && is_readable($file))
-       {
+
+if (!empty($file)) {
+       if (file_exists($file) && is_readable($file)) {
                        $tmpl_file = implode("", file($file));
                        $tmpl_file = addslashes($tmpl_file);
                        $tmpl_file = "\$content=\"".$tmpl_file."\";";
@@ -102,6 +96,7 @@ if ($file !="")
                        }
        }
 }
+
 CLOSE_TABLE();
 //
 ?>

diff --git a/inc/modules/guest/action-sponsor.php b/inc/modules/guest/action-sponsor.php
index 3485b82deb46c35253c0dc2e405e16ef83d75d18..de40dbc7152aea6df5e38695bf1a0d4aba5773db 100644 (file)
--- a/inc/modules/guest/action-sponsor.php
+++ b/inc/modules/guest/action-sponsor.php
@@ -41,15 +41,12 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("guest", basename(__FILE__));
 
 // Load the include file
-$INC = PATH."inc/modules/guest/what-".$what.".php";
-if (file_exists($INC))
-{
+$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']);
+if (file_exists($INC)) {
        // Ok, we finally load the guest action module
        include($INC);
-}
- else
-{
-       $FATAL[] = GUEST_404_ACTION_1.$what.GUEST_404_ACTION_2;
+} else {
+       $FATAL[] = GUEST_404_ACTION_1.$GLOBALS['what'].GUEST_404_ACTION_2;
 }
 //
 ?>

diff --git a/inc/modules/guest/action-sponsors.php b/inc/modules/guest/action-sponsors.php
deleted file mode 100644 (file)
index 7148cc7..0000000
--- a/inc/modules/guest/action-sponsors.php
+++ /dev/null
@@ -1,56 +0,0 @@
-<?php
-/************************************************************************
- * MXChange v0.2.1                                    Start: 10/14/2003 *
- * ===============                              Last change: 05/18/2008 *
- *                                                                      *
- * -------------------------------------------------------------------- *
- * File              : action-members.php                               *
- * -------------------------------------------------------------------- *
- * Short description : Menu points for members (login register, ...)    *
- * -------------------------------------------------------------------- *
- * Kurzbeschreibung  : Menues fuer Mitglieder (Login, Anmeldung, ...)   *
- * -------------------------------------------------------------------- *
- *                                                                      *
- * -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder                           *
- * For more information visit: http://www.mxchange.org                  *
- *                                                                      *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or    *
- * (at your option) any later version.                                  *
- *                                                                      *
- * This program is distributed in the hope that it will be useful,      *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
- * GNU General Public License for more details.                         *
- *                                                                      *
- * You should have received a copy of the GNU General Public License    *
- * along with this program; if not, write to the Free Software          *
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
- * MA  02110-1301  USA                                                  *
- ************************************************************************/
-
-// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
-       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
-       require($INC);
-}
-
-// Add description as navigation point
-ADD_DESCR("guest", basename(__FILE__));
-
-// Load the include file
-$INC = PATH."inc/modules/guest/what-".$what.".php";
-if (file_exists($INC))
-{
-       // Ok, we finally load the guest action module
-       include($INC);
-}
- else
-{
-       $FATAL[] = GUEST_404_ACTION_1.$what.GUEST_404_ACTION_2;
-}
-//
-?>

diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php
index 77a6db57c7d3d347b193daace3a967898eae63af..2c00d2ec863356f7f7548eb06b001fcb3889225c 100644 (file)
--- a/inc/modules/guest/what-sponsor_login.php
+++ b/inc/modules/guest/what-sponsor_login.php
@@ -41,10 +41,10 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("guest", basename(__FILE__));
 
 $MODE = "";
-if (!empty($HTTP_GET_VARS['mode']))
+if (!empty($_GET['mode']))
 {
        // A "special" mode of the login system was requested
-       switch ($HTTP_GET_VARS['mode'])
+       switch ($_GET['mode'])
        {
                case "activate" : $MODE = "activate";  break; // Activation link requested
                case "lost_pass": $MODE = "lost_pass"; break; // Request new password
@@ -52,7 +52,7 @@ if (!empty($HTTP_GET_VARS['mode']))
 }
 
 // Check if hash for confirmation of email address is given...
-if (!empty($HTTP_GET_VARS['hash']))
+if (!empty($_GET['hash']))
 {
        // Lookup sponsor
        $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
@@ -61,7 +61,7 @@ street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
 points_amount AS points, last_pay AS pay, last_curr AS curr
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
-LIMIT 1", array($HTTP_GET_VARS['hash']), __FILE__, __LINE__);
+LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
                // Sponsor found, load his data...
@@ -78,7 +78,7 @@ LIMIT 1", array($HTTP_GET_VARS['hash']), __FILE__, __LINE__);
                        // Set account to pending
                        $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
 WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
- array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__);
+ array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
 
                        // Check on success 
                        if (SQL_AFFECTEDROWS($link) == 1)
@@ -114,7 +114,7 @@ WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
                        // Changed email adress need to be confirmed
                        $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
 WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
- array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__);
+ array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
 
                        // Check on success 
                        if (SQL_AFFECTEDROWS($link) == 1)

diff --git a/inc/modules/guest/what-sponsor_reg.php b/inc/modules/guest/what-sponsor_reg.php
index 473e09125457d3d73ef2444068f6a8b1a4b6de50..3d54c25b2ccd7a10c185248537d53b5bcf73bb53 100644 (file)
--- a/inc/modules/guest/what-sponsor_reg.php
+++ b/inc/modules/guest/what-sponsor_reg.php
@@ -31,8 +31,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -43,151 +42,150 @@ ADD_DESCR("guest", basename(__FILE__));
 // Create array for form errors (= missing data)
 $FORM_ERRORS = array();
 
-if (isset($HTTP_POST_VARS['ok']))
-{
+if (isset($_POST['ok'])) {
        //
        // Check submitted form data
        //
        // 1. Salutation / Surname / family name
-       if (empty($HTTP_POST_VARS['salut']))
+       if (empty($_POST['salut']))
        {
                // Surname is empty
                $FORM_ERRORS[] = SPONSOR_NO_SALUT_SELECTED;
        }
-       if (empty($HTTP_POST_VARS['surname']))
+       if (empty($_POST['surname']))
        {
                // Surname is empty
                $FORM_ERRORS[] = SPONSOR_SURNAME_IS_EMPTY;
        }
-       if (empty($HTTP_POST_VARS['family']))
+       if (empty($_POST['family']))
        {
                // Surname is empty
                $FORM_ERRORS[] = SPONSOR_FAMILY_IS_EMPTY;
        }
        // 2. Company name
        // 012     3                          32    23      4                            43    3      4                           4321    12      3                          32    2     3                            3210
-       if (((empty($HTTP_POST_VARS['company'])) && ((!empty($HTTP_POST_VARS['tax_ident'])) || (!empty($HTTP_POST_VARS['position'])))) || ((!empty($HTTP_POST_VARS['company'])) && (empty($HTTP_POST_VARS['tax_ident']))))
+       if (((empty($_POST['company'])) && ((!empty($_POST['tax_ident'])) || (!empty($_POST['position'])))) || ((!empty($_POST['company'])) && (empty($_POST['tax_ident']))))
        {
-               if (empty($HTTP_POST_VARS['company']))
+               if (empty($_POST['company']))
                {
                        // Company name is empty
                        $FORM_ERRORS[] = SPONSOR_COMPANY_IS_EMPTY;
                }
-                elseif (empty($HTTP_POST_VARS['tax_ident']))
+                elseif (empty($_POST['tax_ident']))
                {
                        // Tax ident number name is empty
                        $FORM_ERRORS[] = SPONSOR_TAX_IDENT_IS_EMPTY;
                }
-               if (empty($HTTP_POST_VARS['position']))
+               if (empty($_POST['position']))
                {
                        // Not fatal but not nice: position in company is empty
                        $FORM_ERRORS[] = SPONSOR_POSITION_IS_EMPTY;
                }
        }
        // 3. Street and number
-       if (empty($HTTP_POST_VARS['street_nr1']))
+       if (empty($_POST['street_nr1']))
        {
                // Street name and house number are empty
                $FORM_ERRORS[] = SPONSOR_STREET_NR1_IS_EMPTY;
        }
-        elseif ((!empty($HTTP_POST_VARS['street_nr2'])) && (empty($HTTP_POST_VARS['street_nr1'])))
+        elseif ((!empty($_POST['street_nr2'])) && (empty($_POST['street_nr1'])))
        {
                // 1st line for street is empty, but 2nd line not
                $FORM_ERRORS[] = SPONSOR_STREET_NR1_IS_EMPTY_2_NOT;
        }
        // 4. Country code
-       if (empty($HTTP_POST_VARS['country']))
+       if (empty($_POST['country']))
        {
                // Country code is empty
                $FORM_ERRORS[] = SPONSOR_COUNTRY_IS_EMPTY;
        }
-        elseif (strlen($HTTP_POST_VARS['country']) != 2)
+        elseif (strlen($_POST['country']) != 2)
        {
                // Country code is invalid
                $FORM_ERRORS[] = SPONSOR_COUNTRY_IS_INVALID;
        }
        // 3. ZIP code
-       if (empty($HTTP_POST_VARS['zip']))
+       if (empty($_POST['zip']))
        {
                // ZIP code is empty
                $FORM_ERRORS[] = SPONSOR_ZIP_IS_EMPTY;
        }
-        elseif (bigintval($HTTP_POST_VARS['zip']) != $HTTP_POST_VARS['zip'])
+        elseif (bigintval($_POST['zip']) != $_POST['zip'])
        {
                // ZIP is invalid
                $FORM_ERRORS[] = SPONSOR_ZIP_IS_INVALID;
-               $HTTP_POST_VARS['zip'] = "";
+               $_POST['zip'] = "";
        }
        // 4. City
-       if (empty($HTTP_POST_VARS['city']))
+       if (empty($_POST['city']))
        {
                // City is empty
                $FORM_ERRORS[] = SPONSOR_CITY_IS_EMPTY;
        }
        // 5. Phone number
-       if (empty($HTTP_POST_VARS['phone']))
+       if (empty($_POST['phone']))
        {
                // City is empty
                $FORM_ERRORS[] = SPONSOR_PHONE_IS_EMPTY;
        }
        // 6. Homepage URL
-       if (empty($HTTP_POST_VARS['url']))
+       if (empty($_POST['url']))
        {
                // Homepage URL is empty
                $FORM_ERRORS[] = SPONSOR_URL_IS_EMPTY;
        }
-        elseif (!VALIDATE_URL($HTTP_POST_VARS['url']))
+        elseif (!VALIDATE_URL($_POST['url']))
        {
                // Homepage URL is invalid
                $FORM_ERRORS[] = SPONSOR_URL_IS_INVALID;
-               $HTTP_POST_VARS['url'] = "";
+               $_POST['url'] = "";
        }
        // 7. Light validation of email address
-       if ((empty($HTTP_POST_VARS['email'])) || ($HTTP_POST_VARS['email'] == "@"))
+       if ((empty($_POST['email'])) || ($_POST['email'] == "@"))
        {
                // Email is invalid/empty
                $FORM_ERRORS[] = SPONSOR_EMAIL_IS_INVALID;
        }
-        elseif (SPONSOR_FOUND_EMAIL_DB($HTTP_POST_VARS['email']))
+        elseif (SPONSOR_FOUND_EMAIL_DB($_POST['email']))
        {
                // Email already found in database!
                $FORM_ERRORS[] = SPONSOR_EMAIL_IS_ALREADY_REGISTERED;
-               $HTTP_POST_VARS['email'] = "";
+               $_POST['email'] = "";
        }
        // 8. Pay type selected?
-       if (empty($HTTP_POST_VARS['pay_type']))
+       if (empty($_POST['pay_type']))
        {
                // Not pay type selected
                $FORM_ERRORS[] = SPONSOR_NO_PAYTYPE_SELECTED;
        }
        // 9. Interval of mails
-       if (empty($HTTP_POST_VARS['warning_interval']))
+       if (empty($_POST['warning_interval']))
        {
                // No warning interval selected
                $FORM_ERRORS[] = SPONSOR_NO_WARNING_INTERVAL_SELECTED;
        }
        // 10. Mail notifications disabled/enabled
-       if (empty($HTTP_POST_VARS['receive_warnings']))
+       if (empty($_POST['receive_warnings']))
        {
                // Option not selected!
                $FORM_ERRORS[] = SPONSOR_NO_RECEIVE_WARNINGS_SELECTED;
        }
        // Did he enter his password twice?
-       if (((empty($HTTP_POST_VARS['pass1'])) || (empty($HTTP_POST_VARS['pass2']))) || (($HTTP_POST_VARS['pass1'] != $HTTP_POST_VARS['pass2']) && (!empty($HTTP_POST_VARS['pass1'])) && (!empty($HTTP_POST_VARS['pass2']))))
+       if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))))
        {
-               if (($HTTP_POST_VARS['pass1'] != $HTTP_POST_VARS['pass2']) && (!empty($HTTP_POST_VARS['pass1'])) && (!empty($HTTP_POST_VARS['pass2'])))
+               if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
                {
                        // Passwords missmatch
                        $FORM_ERRORS[] = SPONSOR_PASSWORDS_MISMATCH;
                }
                 else
                {
-                       if (empty($HTTP_POST_VARS['pass1']))
+                       if (empty($_POST['pass1']))
                        {
                                // Password 1 is empty
                                $FORM_ERRORS[] = SPONSOR_PASSWORD1_EMPTY;
                        }
-                       if (empty($HTTP_POST_VARS['pass2']))
+                       if (empty($_POST['pass2']))
                        {
                                // Password 2 is empty
                                $FORM_ERRORS[] = SPONSOR_PASSWORD2_EMPTY;
@@ -195,24 +193,24 @@ if (isset($HTTP_POST_VARS['ok']))
                }
        }
        // Is the password long enough?
-        elseif (strlen($HTTP_POST_VARS['pass1']) < $CONFIG['pass_len'])
+        elseif (strlen($_POST['pass1']) < $CONFIG['pass_len'])
        {
                // Too short!
                $FORM_ERRORS[] = SPONSOR_PASSWORD_TOO_SHORT;
        }
 
        // Check if he has accepted the terms&conditions
-       if (empty($HTTP_POST_VARS['terms']))
+       if (empty($_POST['terms']))
        {
                // Homepage URL is empty
                $FORM_ERRORS[] = SPONSOR_TERMS_NOT_ACCEPTED;
        }
        
        // If there is something wrong/missing stop registration
-       if (count($FORM_ERRORS) > 0) unset($HTTP_POST_VARS['ok']);
+       if (count($FORM_ERRORS) > 0) unset($_POST['ok']);
 }
 
-if ((isset($HTTP_POST_VARS['ok'])) && (count($FORM_ERRORS) == 0))
+if ((isset($_POST['ok'])) && (count($FORM_ERRORS) == 0))
 {
        // Generate message array
        $MSGs = array(
@@ -223,20 +221,20 @@ if ((isset($HTTP_POST_VARS['ok'])) && (count($FORM_ERRORS) == 0))
        // Calulate points
        $result = SQL_QUERY_ESC("SELECT (pay_rate * pay_min_count) AS points, pay_min_count AS pay, pay_currency AS curr
 FROM "._MYSQL_PREFIX."_sponsor_paytypes
-WHERE id='%s' LIMIT 1", array($HTTP_POST_VARS['pay_type']), __FILE__, __LINE__);
+WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__);
        list($points, $pay, $curr) = SQL_FETCHROW($result);
 
        // Free memory
        SQL_FREERESULT($result);
 
        // Add points to array
-       $HTTP_POST_VARS['points_amount'] = $points;
-       $HTTP_POST_VARS['points_used']   = "0.00000";
-       $HTTP_POST_VARS['last_pay']      = $pay;
-       $HTTP_POST_VARS['last_curr']     = $curr;
+       $_POST['points_amount'] = $points;
+       $_POST['points_used']   = "0.00000";
+       $_POST['last_pay']      = $pay;
+       $_POST['last_curr']     = $curr;
 
        // Register sponsor but never ever update here!
-       $STATUS = SPONSOR_HANDLE_SPONSOR($HTTP_POST_VARS, true, $MSGs, true);
+       $STATUS = SPONSOR_HANDLE_SPONSOR($_POST, true, $MSGs, true);
 
        // Check the status of the registration process
        switch ($STATUS)
@@ -244,7 +242,7 @@ WHERE id='%s' LIMIT 1", array($HTTP_POST_VARS['pay_type']), __FILE__, __LINE__);
        case "added": // Sponsor successfully added with account status = UNCONFIRMED!
                // Check for his ID number
                $result = SQL_QUERY_ESC("SELECT id, hash FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
-                array($HTTP_POST_VARS['email']), __FILE__, __LINE__);
+                array($_POST['email']), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // ID found so let's load it for the confirmation email
@@ -253,16 +251,16 @@ WHERE id='%s' LIMIT 1", array($HTTP_POST_VARS['pay_type']), __FILE__, __LINE__);
                        // Prepare data for the email template
                        define('__ID'       , $id);
                        define('__HASH'     , $hash);
-                       define('__EMAIL'    , $HTTP_POST_VARS['email']);
-                       define('__SURNAME'  , $HTTP_POST_VARS['surname']);
-                       define('__FAMILY'   , $HTTP_POST_VARS['family']);
-                       define('__SALUT'    , TRANSLATE_SEX($HTTP_POST_VARS['salut']));
+                       define('__EMAIL'    , $_POST['email']);
+                       define('__SURNAME'  , $_POST['surname']);
+                       define('__FAMILY'   , $_POST['family']);
+                       define('__SALUT'    , TRANSLATE_SEX($_POST['salut']));
                        define('__TIMESTAMP', MAKE_DATETIME(time(), 0));
-                       define('__PASSWORD' , $HTTP_POST_VARS['pass1']);
+                       define('__PASSWORD' , $_POST['pass1']);
 
                        // Generate email and send it to the new sponsor
                        $EMAIL_MSG = LOAD_EMAIL_TEMPLATE("sponsor_confirm", $hash);
-                       SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_PLEASE_CONFIRM_SUBJ, $EMAIL_MSG);
+                       SEND_EMAIL($_POST['email'], SPONSOR_PLEASE_CONFIRM_SUBJ, $EMAIL_MSG);
 
                        // Send mail to admin
                        if (GET_EXT_VERSION("admins") >= "0.4.1")
@@ -283,7 +281,7 @@ WHERE id='%s' LIMIT 1", array($HTTP_POST_VARS['pay_type']), __FILE__, __LINE__);
                 else
                {
                        // Sponsor account not found???
-                       $MSG = SPONSOR_EMAIL_404_1.$HTTP_POST_VARS['email'].SPONSOR_EMAIL_404_2;
+                       $MSG = SPONSOR_EMAIL_404_1.$_POST['email'].SPONSOR_EMAIL_404_2;
                }
 
                // Free memory
@@ -336,24 +334,24 @@ ORDER BY pay_name", __FILE__, __LINE__);
                if (count($FORM_ERRORS) > 0)
                {
                        // Some found... :-(
-                       define('__COMPANY'  , COMPILE_CODE($HTTP_POST_VARS['company']));
-                       define('__POSITION' , COMPILE_CODE($HTTP_POST_VARS['position']));
-                       define('__TAX_IDENT', COMPILE_CODE($HTTP_POST_VARS['tax_ident']));
-                       define('__SURNAME'  , COMPILE_CODE($HTTP_POST_VARS['surname']));
-                       define('__FAMILY'   , COMPILE_CODE($HTTP_POST_VARS['family']));
-                       define('__STREET1'  , COMPILE_CODE($HTTP_POST_VARS['street_nr1']));
-                       define('__STREET2'  , COMPILE_CODE($HTTP_POST_VARS['street_nr2']));
-                       define('__COUNTRY'  , COMPILE_CODE($HTTP_POST_VARS['country']));
-                       define('__ZIP'      , COMPILE_CODE($HTTP_POST_VARS['zip']));
-                       define('__CITY'     , COMPILE_CODE($HTTP_POST_VARS['city']));
-                       define('__PHONE'    , COMPILE_CODE($HTTP_POST_VARS['phone']));
-                       define('__FAX'      , COMPILE_CODE($HTTP_POST_VARS['fax']));
-                       define('__CELL'     , COMPILE_CODE($HTTP_POST_VARS['cell']));
-                       define('__EMAIL'    , COMPILE_CODE($HTTP_POST_VARS['email']));
-                       define('__URL'      , COMPILE_CODE($HTTP_POST_VARS['url']));
+                       define('__COMPANY'  , COMPILE_CODE($_POST['company']));
+                       define('__POSITION' , COMPILE_CODE($_POST['position']));
+                       define('__TAX_IDENT', COMPILE_CODE($_POST['tax_ident']));
+                       define('__SURNAME'  , COMPILE_CODE($_POST['surname']));
+                       define('__FAMILY'   , COMPILE_CODE($_POST['family']));
+                       define('__STREET1'  , COMPILE_CODE($_POST['street_nr1']));
+                       define('__STREET2'  , COMPILE_CODE($_POST['street_nr2']));
+                       define('__COUNTRY'  , COMPILE_CODE($_POST['country']));
+                       define('__ZIP'      , COMPILE_CODE($_POST['zip']));
+                       define('__CITY'     , COMPILE_CODE($_POST['city']));
+                       define('__PHONE'    , COMPILE_CODE($_POST['phone']));
+                       define('__FAX'      , COMPILE_CODE($_POST['fax']));
+                       define('__CELL'     , COMPILE_CODE($_POST['cell']));
+                       define('__EMAIL'    , COMPILE_CODE($_POST['email']));
+                       define('__URL'      , COMPILE_CODE($_POST['url']));
 
                        // Check for salutation selection
-                       switch ($HTTP_POST_VARS['salut'])
+                       switch ($_POST['salut'])
                        {
                        case "M": // Male
                                define('__SALUT_M'  , " selected");
@@ -375,7 +373,7 @@ ORDER BY pay_name", __FILE__, __LINE__);
                        }
 
                        // Check for receive_warnings
-                       switch ($HTTP_POST_VARS['receive_warnings'])
+                       switch ($_POST['receive_warnings'])
                        {
                        case "Y":
                                define('__REC_Y'    , " selected");
@@ -399,7 +397,7 @@ ORDER BY pay_name", __FILE__, __LINE__);
                        }
                        $OUT .= "</OL><BR>\n";
                        define('__SPONSOR_FORM_ERRORS', $OUT);
-                       define('__SPONSOR_REFID', $HTTP_POST_VARS['refid']);
+                       define('__SPONSOR_REFID', $_POST['refid']);
                }
                 else
                {
@@ -430,7 +428,7 @@ ORDER BY pay_name", __FILE__, __LINE__);
                }
 
                // Prepare referral things
-               if (!isset($HTTP_GET_VARS['refid']))
+               if (!isset($_GET['refid']))
                {
                        // No referral link
                        define('__SPONSOR_REFID', "0");
@@ -438,7 +436,7 @@ ORDER BY pay_name", __FILE__, __LINE__);
                 else
                {
                        // Referral ID transmitted, we don't care here if it is right or not
-                       define('__SPONSOR_REFID', $HTTP_GET_VARS['refid']);
+                       define('__SPONSOR_REFID', bigintval($_GET['refid']));
                }
 
                // Display registration form

diff --git a/inc/modules/sponsor.php b/inc/modules/sponsor.php
index 5f54f365963226009074fc3357febfd6693f461d..f8a1083e9b333c51b6259720efe89f27662161bd 100644 (file)
--- a/inc/modules/sponsor.php
+++ b/inc/modules/sponsor.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
  * MXChange v0.2.1                                    Start: 04/02/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * ===============                              Last change: 05/19/2008 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : sponsor.php                                      *
@@ -12,7 +12,7 @@
  * -------------------------------------------------------------------- *
  *                                                                      *
  * -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * Copyleft (c) 2003, 2004, 2005 by Roland Haeder                       *
  * For more information visit: http://www.mxchange.org                  *
  *                                                                      *
  * This program is free software. You can redistribute it and/or modify *
@@ -41,20 +41,20 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
        // No sponsor!
        $FATAL[] = SPONSOR_ONLY_AREA_ENTERED;
        return;
-} elseif (empty($HTTP_GET_VARS['what'])) {
+} elseif (empty($GLOBALS['what'])) {
        // Empty what value detected!
-       $HTTP_GET_VARS['what'] = "welcome";
+       $GLOBALS['what'] = "welcome";
 }
 
-// A valid sponsor login and we are allowed to enter this module so let's
+// A valid sponsor login and we are allowed to enter this module so let's
 // update his cookies and online time
 UPDATE_SPONSOR_LOGIN();
 
 // Generate menu
-define('__SPONSOR_MENU', GENERATE_SPONSOR_MENU($HTTP_GET_VARS['what']));
+define('__SPONSOR_MENU', GENERATE_SPONSOR_MENU($GLOBALS['what']));
 
 // Generate right-side output
-define('__SPONSOR_CONTENT', GENERATE_SPONSOR_CONTENT($HTTP_GET_VARS['what']));
+define('__SPONSOR_CONTENT', GENERATE_SPONSOR_CONTENT($GLOBALS['what']));
 
 // Load header template
 define('__SPONSOR_HEADER', LOAD_TEMPLATE("sponsor_header", true));
@@ -63,7 +63,7 @@ define('__SPONSOR_HEADER', LOAD_TEMPLATE("sponsor_header", true));
 define('__SPONSOR_FOOTER', LOAD_TEMPLATE("sponsor_footer", true));
 
 // "You are here" navigation
-define('__SPONSOR_YOURE_HERE', ADD_DESCR("sponsor", $HTTP_GET_VARS['what'], false, false));
+define('__SPONSOR_YOURE_HERE', ADD_DESCR("sponsor", $GLOBALS['what'], false, false));
 
 // Load main sponsor template
 LOAD_TEMPLATE("sponsor_main");

diff --git a/inc/modules/sponsor/.htaccess b/inc/modules/sponsor/.htaccess
new file mode 100644 (file)
index 0000000..14249c5
--- /dev/null
+++ b/inc/modules/sponsor/.htaccess
@@ -0,0 +1 @@
+Deny from all
\ No newline at end of file

diff --git a/inc/modules/sponsor/.php b/inc/modules/sponsor/.php
new file mode 100644 (file)
index 0000000..7f11d01
--- /dev/null
+++ b/inc/modules/sponsor/.php
@@ -0,0 +1,48 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 05/19/2008 *
+ * ===============                              Last change: 05/19/2008 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              :                                                  *
+ * -------------------------------------------------------------------- *
+ * Short description :                                                  *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  :                                                  *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyleft (c) 2003, 2004, 2005 by Roland Haeder                       *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software. You can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License.       *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+       require($INC);
+} elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) {
+       $FATAL[] = EXTENSION_PROBLEM_EXT_INACTIVE;
+       return;
+} elseif (!IS_SPONSOR()) {
+       // No sponsor!
+       $FATAL[] = SPONSOR_ONLY_AREA_ENTERED;
+       return;
+}
+
+// Put all HTML code into $OUT!
+// E.g.: $OUT = LOAD_TEMPLATE("sponsor_template", true);
+?>

diff --git a/inc/modules/sponsor/account.php b/inc/modules/sponsor/account.php
new file mode 100644 (file)
index 0000000..cdd775e
--- /dev/null
+++ b/inc/modules/sponsor/account.php
@@ -0,0 +1,152 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 09/30/2005 *
+ * ===============                              Last change: 05/19/2008 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : account.php                                      *
+ * -------------------------------------------------------------------- *
+ * Short description : Sponsor can manage his account                   *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Der Sponsor kann sein Account verwalten          *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyleft (c) 2003, 2004, 2005 by Roland Haeder                       *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software. You can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License.       *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+       require($INC);
+} elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) {
+       $FATAL[] = EXTENSION_PROBLEM_EXT_INACTIVE;
+       return;
+} elseif (!IS_SPONSOR()) {
+       // No sponsor!
+       $FATAL[] = SPONSOR_ONLY_AREA_ENTERED;
+       return;
+}
+
+// Data for the formular
+$result = SQL_QUERY_ESC("SELECT company, position, tax_ident,
+salut, surname, family, street_nr1, street_nr2, zip, city, country,
+phone, fax, cell, email, url,
+status, receive_warnings
+FROM "._MYSQL_PREFIX."_sponsor_data
+WHERE id='%s' AND password='%s' LIMIT 1",
+ array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+if (SQL_NUMROWS($result) == 1) {
+       // Load sponsor data
+       $content = SQL_FETCHARRAY($result);
+       if ($content['status'] == "CONFIRMED") {
+               // Check if form was submitted or not
+               if (!empty($_POST['ok'])) {
+                       // Check passwords
+                       if (empty($_POST['pass_old'])) {
+                               // No current password entered
+                               $MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
+                       } elseif (md5($_POST['pass_old']) != $_COOKIE['sponsorpass']) {
+                               // Entered password didn't match password in DB
+                               $MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
+                       } elseif ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] != $_POST['pass2'])) {
+                               // Both new passwords did not match
+                               $MSG = SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH;
+                       } elseif ((empty($_POST['pass1'])) && (!empty($_POST['pass2']))) {
+                               // No password one entered
+                               $MSG = SPONSOR_PASSWORD_ONE_EMPTY;
+                       } elseif ((!empty($_POST['pass1'])) && (empty($_POST['pass2']))) {
+                               // No password two entered
+                               $MSG = SPONSOR_PASSWORD_TWO_EMPTY;
+                       } elseif ((!empty($_POST['pass1'])) && (strlen($_POST['pass1']) < $CONFIG['pass_len'])) {
+                               // Too short password
+                               $MSG = SPONSOR_PASSWORD_TOO_SHORT_1.$CONFIG['pass_len'].SPONSOR_PASSWORD_TOO_SHORT_2;
+                       } else {
+                               // Default is we don't want to change password!
+                               $PASS_AND = ""; $PASS_DATA = "";
+
+                               // Check if we want to change password or not
+                               if (($_POST['pass1'] == $_POST['pass2']) && (!empty($_POST['pass1'])) && ($_POST['pass1'] != $_POST['pass_old'])) {
+                                       // Change current password
+                                       $PASS_AND  = ", password='%s'";
+                                       $PASS_DATA = md5($_POST['pass1']);
+                               }
+
+                               // Unsecure data which we don't want here
+                               $UNSAFE = array('receive_warnings', 'warning_interval');
+
+                               // Remove all (maybe spoofed) unsafe data from array
+                               foreach ($UNSAFE as $remove) {
+                                       unset($_POST[$remove]);
+                               }
+
+                               // Set last change timestamp
+                               $_POST['last_change'] = time();
+
+                               // Save data
+                               $MSG = SPONSOR_SAVE_DATA($_POST, $content);
+                       }
+
+                       if (!empty($MSG)) {
+                               // Output message
+                               $OUT = LOAD_TEMPLATE("admin_settings_saved", true, $MSG);
+                       } else {
+                               // No message generated
+                               $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_MESSAGE_GENERATED);
+                       }
+               } else {
+                       // Check for salutation selection
+                       switch ($content['salut'])
+                       {
+                       case "M": // Male
+                               define('__SALUT_M', " selected");
+                               define('__SALUT_F', "");
+                               define('__SALUT_C', "");
+                               break;
+
+                       case "F": // Female
+                               define('__SALUT_M', "");
+                               define('__SALUT_F', " selected");
+                               define('__SALUT_C', "");
+                               break;
+
+                       case "C": // Company
+                               define('__SALUT_M', "");
+                               define('__SALUT_F', "");
+                               define('__SALUT_C', " selected");
+                               break;
+                       }
+
+                       // Output formular
+                       $OUT = LOAD_TEMPLATE("sponsor_account_form", true, $content);
+               }
+       } else {
+               // Locked or so?
+               $STATUS = SPONSOR_TRANSLATE_STATUS($content['status']);
+               $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_FAILED_1.$STATUS.SPONSOR_ACCOUNT_FAILED_2);
+       }
+} else {
+       // Sponsor account not found!
+       $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2);
+}
+
+// Free memory
+SQL_FREERESULT($result);
+
+//
+?>

diff --git a/inc/modules/sponsor/settings.php b/inc/modules/sponsor/settings.php
new file mode 100644 (file)
index 0000000..8c2f4da
--- /dev/null
+++ b/inc/modules/sponsor/settings.php
@@ -0,0 +1,116 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 10/11/2005 *
+ * ===============                              Last change: 05/19/2008 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : settings.php                                     *
+ * -------------------------------------------------------------------- *
+ * Short description : Sponsor can manage his settings                  *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Der Sponsor kann seine Einstellungen aendern     *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyleft (c) 2003, 2004, 2005 by Roland Haeder                       *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software. You can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License.       *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+       require($INC);
+} elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) {
+       $FATAL[] = EXTENSION_PROBLEM_EXT_INACTIVE;
+       return;
+} elseif (!IS_SPONSOR()) {
+       // No sponsor!
+       $FATAL[] = SPONSOR_ONLY_AREA_ENTERED;
+       return;
+}
+
+// Data for the formular
+$result = SQL_QUERY_ESC("SELECT status, receive_warnings, warning_interval, email, surname, family, salut
+FROM "._MYSQL_PREFIX."_sponsor_data
+WHERE id='%s' AND password='%s' LIMIT 1",
+ array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+if (SQL_NUMROWS($result) == 1) {
+       // Load sponsor data
+       $content = SQL_FETCHARRAY($result);
+       if ($content['status'] == "CONFIRMED") {
+               // Check if form was submitted or not
+               if (!empty($_POST['ok'])) {
+                       // Check passwords
+                       if (empty($_POST['password'])) {
+                               // No current password entered
+                               $MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
+                       } elseif (md5($_POST['password']) != $_COOKIE['sponsorpass']) {
+                               // Entered password didn't match password in DB
+                               $MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
+                       } else {
+                               // Unsecure data which we don't want here
+                               $UNSAFE = array('company', 'position', 'tax_ident', 'salut', 'surname', 'family',
+                                               'street_nr1', 'street_nr2', 'zip', 'city', 'country', 'phone', 'fax', 'cell',
+                                               'email', 'url');
+
+                               // Remove all (maybe spoofed) unsafe data from array
+                               foreach ($UNSAFE as $remove) {
+                                       unset($_POST[$remove]);
+                               }
+
+                               // Set last change timestamp
+                               $_POST['last_change'] = time();
+
+                               // Save data
+                               $MSG = SPONSOR_SAVE_DATA($_POST, $content);
+                       }
+
+                       if (!empty($MSG)) {
+                               // Output message
+                               $OUT = LOAD_TEMPLATE("admin_settings_saved", true, $MSG);
+                       } else {
+                               // No message generated
+                               $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_MESSAGE_GENERATED);
+                       }
+               } else {
+                       // Make yes/no selection
+                       switch ($content['receive_warnings']) {
+                               case "Y": define('__YES', " checked"); define('__NO', "");         break;
+                               case "N": define('__YES', "");         define('__NO', " checked"); break;
+                       }
+
+                       // Translate current interval into fancy string
+                       define('__CURRENT', CREATE_FANCY_TIME($content['warning_interval']));
+
+                       // Output formular
+                       $OUT = LOAD_TEMPLATE("sponsor_settings_form", true, $content);
+               }
+       } else {
+               // Locked or so?
+               $STATUS = SPONSOR_TRANSLATE_STATUS($content['status']);
+               $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_FAILED_1.$STATUS.SPONSOR_ACCOUNT_FAILED_2);
+       }
+} else {
+       // Sponsor account not found!
+       $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2);
+}
+
+// Free memory
+SQL_FREERESULT($result);
+
+//
+?>

diff --git a/inc/modules/sponsor/welcome.php b/inc/modules/sponsor/welcome.php
new file mode 100644 (file)
index 0000000..0c9b1f7
--- /dev/null
+++ b/inc/modules/sponsor/welcome.php
@@ -0,0 +1,66 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 09/17/2005 *
+ * ===============                              Last change: 05/19/2008 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : welcome.php                                      *
+ * -------------------------------------------------------------------- *
+ * Short description : Welcome page for sponsor area                    *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Willkommensseite des Sponsorenbereiches          *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyleft (c) 2003, 2004, 2005 by Roland Haeder                       *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software. You can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License.       *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+       require($INC);
+} elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) {
+       $FATAL[] = EXTENSION_PROBLEM_EXT_INACTIVE;
+       return;
+} elseif (!IS_SPONSOR()) {
+       // No sponsor!
+       $FATAL[] = SPONSOR_ONLY_AREA_ENTERED;
+       return;
+}
+
+// Load some data
+$result = SQL_QUERY_ESC("SELECT salut, surname, family, (points_amount - points_used) AS points
+FROM "._MYSQL_PREFIX."_sponsor_data
+WHERE id='%s' AND password='%s' LIMIT 1",
+ array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+list($salut, $surname, $family, $points) = SQL_FETCHROW($result);
+
+// Free memory
+SQL_FREERESULT($result);
+
+// Prepare data for the template
+define('__SALUT'  , TRANSLATE_SEX($salut));
+define('__SURNAME', $surname);
+define('__FAMILY' , $family);
+define('__POINTS' , TRANSLATE_COMMA($points));
+
+// Load main template
+$OUT = LOAD_TEMPLATE("sponsor_welcome", true);
+
+//
+?>