inc/cache/.htaccess -text
inc/cache/.revision -text
inc/check-reset.php -text
+inc/config-functions.php -text
inc/config.php -text
inc/databases.php -text
inc/db/.htaccess -text
inc/gen_mediadata.php -text
inc/gen_refback.php -text
inc/gen_sql_patches.php -text
+inc/handler.php -text
inc/header.php -text
+inc/hooks.php -text
inc/img/.htaccess -text
inc/install-inc.php -text
inc/js/.htaccess -text
inc/pool/pool-user.php -text
inc/profile-updte.php -text
inc/rdf.class.php -text
+inc/request-functions.php -text
inc/reset/.htaccess -text
inc/reset/reset_ -text
inc/reset/reset_beg.php -text
inc/reset/reset_surfbar.php -text
inc/reset/reset_yoomedia.php -text
inc/security.php -text
+inc/session-functions.php -text
inc/session.php -text
inc/sql_error.php -text
inc/stats_bonus.php -text
// Is the script installed?
if (isBooleanConstantAndTrue('mxchange_installed')) {
// Check for userid
- if (!empty($_GET['uid'])) {
+ if (REQUEST_ISSET_GET(('uid'))) {
// Init variables
$uid = 0;
$result = false;
$pay = false;
// Validate if it is not a number
- if ("".($_GET['uid'] + 0)."" !== "".$_GET['uid']."") {
+ if ("".(REQUEST_GET('uid') + 0)."" !== "".REQUEST_GET('uid')."") {
if (EXT_IS_ACTIVE("nickname")) {
// Maybe we have found a nickname?
$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
- array($_GET['uid']), __FILE__, __LINE__);
+ array(REQUEST_GET('uid')), __FILE__, __LINE__);
} else {
// Nickname entered but nickname is not active
$msg = constant('CODE_EXTENSION_PROBLEM');
} else {
// Direct userid
$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['uid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
}
// Check if locked in so don't pay points
$points = mt_rand((getConfig('beg_points') * 100000), (getConfig('beg_points_max') * 100000)) / 100000;
// Set nickname / userid for the template(s
- define('__BEG_UID' , SQL_ESCAPE($_GET['uid']));
+ define('__BEG_UID' , SQL_ESCAPE(REQUEST_GET('uid')));
define('__BEG_CLICKS', ($clicks + 1));
define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true));
define('__BEG_POINTS', TRANSLATE_COMMA($points));
} elseif (($uid == "0") || ($status == "failed")) {
// Inalid or locked account, so let's find out
$result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
- array($_GET['uid']), __FILE__, __LINE__);
+ array(REQUEST_GET('uid')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Locked account
$msg = constant('CODE_ACCOUNT_LOCKED');
// Is the script installed?
if (isBooleanConstantAndTrue('mxchange_installed')) {
// Script is installed so let's check for his confirmation link...
- $uid = bigintval($_GET['uid']);
+ $uid = bigintval(REQUEST_GET('uid'));
// Only allow numbers here...
- $chk = bigintval($_GET['check'], false);
+ $chk = bigintval(REQUEST_GET('check'), false);
// Check if link is not clicked so far
$result = SQL_QUERY_ESC("SELECT b.points, d.gender, d.surname, d.family, d.status, d.ref_payout
ON b.userid=d.userid
WHERE b.userid=%s AND b.chk_value='%s' LIMIT 1",
array($uid, $chk), __FILE__, __LINE__);
- //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")<br />\n";
+ //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen(REQUEST_GET('check'))."/".SQL_NUMROWS($result).")<br />\n";
// Is an entry there?
if (SQL_NUMROWS($result) == 1) {
// Load the required file(s)
require("inc/config.php");
-if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) {
+if (((REQUEST_ISSET_GET(('user'))) || (REQUEST_ISSET_GET(('reseller')))) && (REQUEST_ISSET_GET(('banner')))) {
// Update clicks counter...
- SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+ SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS() == 1) {
- if (!empty($_GET['user'])) {
- LOAD_URL("ref.php?refid=".bigintval($_GET['user']));
- } elseif (!empty($_GET['reseller'])) {
- LOAD_URL("shop_reseller.php?reseller=".bigintval($_GET['reseller']));
+ if (REQUEST_ISSET_GET(('user'))) {
+ LOAD_URL("ref.php?refid=".bigintval(REQUEST_GET('user')));
+ } elseif (REQUEST_ISSET_GET(('reseller'))) {
+ LOAD_URL("shop_reseller.php?reseller=".bigintval(REQUEST_GET('reseller')));
}
} // END - if
} // END - if
if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered'))) {
// Base URL for redirection
$URL = "modules.php?module=index&what=confirm&hash=";
- if (empty($_GET['hash'])) {
+ if (!REQUEST_ISSET_GET(('hash'))) {
// No refid and we add our refid (don't forget to set $def_refid!)
$URL = "modules.php?module=index";
} else {
// We have an refid here. So we simply add it
- $URL .= $_GET['hash'];
+ $URL .= REQUEST_GET('hash');
}
// Load the URL
} // END - if
// Is the request parameter set?
- if (isset($_POST['request'])) {
+ if (REQUEST_ISSET_POST(('request'))) {
// Handle the request
- if (DEBUG_HANDLE_REQUEST($_POST['request'])) {
+ if (DEBUG_HANDLE_REQUEST(REQUEST_POST('request'))) {
// Construct FQFN for the module
$INC = sprintf("inc/debug/%s/request_%s",
getConfig('debug_mode'),
- SQL_ESCAPE($_POST['request'])
+ SQL_ESCAPE(REQUEST_POST('request'))
);
// Is the module there? Else we log it!
LOAD_INC($INC);
} else {
// Missing request file, may happen while development
- DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_404", $_POST['request']);
+ DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_404", REQUEST_POST('request'));
}
} else {
// Unhandled request detected
- DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_unhandled", $_POST['request']);
+ DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_unhandled", REQUEST_POST('request'));
}
} else {
// Empty request
// Is the script installed?
if (isBooleanConstantAndTrue('mxchange_installed')) {
// Probe for referal ID
- if (!empty($_GET['refid'])) $GLOBALS['refid'] = SQL_ESCAPE($_GET['refid']);
+ if (REQUEST_ISSET_GET(('refid'))) $GLOBALS['refid'] = SQL_ESCAPE(REQUEST_GET('refid'));
// Only check this if refid is provided!
if ($GLOBALS['refid'] > 0) {
} // END - if
// Begin with doubler script...
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Secure points (so only integer/double values are allowed
- $_POST['points'] = bigintval($_POST['points']);
+ REQUEST_SET_POST('points', bigintval(REQUEST_POST('points')));
// Begin with doubling process
- if ((!empty($_POST['userid'])) && (!empty($_POST['pass'])) && (!empty($_POST['points']))) {
+ if ((REQUEST_ISSET_POST(('userid'))) && (REQUEST_ISSET_POST(('pass'))) && (REQUEST_ISSET_POST(('points')))) {
// Probe for nickname extension and if a nickname was entered
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['userid'])."") != $_POST['userid']));
+ $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round(REQUEST_POST('userid'))."") != REQUEST_POST('userid')));
if ($probe_nickname) {
// Nickname in URL, so load the ID
$result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
- array($_POST['userid']), __FILE__, __LINE__);
+ array(REQUEST_POST('userid')), __FILE__, __LINE__);
} else {
// Direct userid entered
$result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($_POST['userid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('userid'))), __FILE__, __LINE__);
}
// Load data
SQL_FREERESULT($result);
// Remove any dots and unwanted chars from the points
- $_POST['points'] = bigintval(round(REVERT_COMMA($_POST['points'])));
+ REQUEST_SET_POST('points', bigintval(round(REVERT_COMMA(REQUEST_POST('points')))));
// Probe for enough points
- $probe_points = (($_POST['points'] >= getConfig('doubler_min')) && ($_POST['points'] <= getConfig('doubler_max')));
+ $probe_points = ((REQUEST_POST('points') >= getConfig('doubler_min')) && (REQUEST_POST('points') <= getConfig('doubler_max')));
// Check all together
- if ((!empty($uid)) && ($password == generateHash($_POST['pass'], substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points)) {
+ if ((!empty($uid)) && ($password == generateHash(REQUEST_POST('pass'), substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points)) {
// Nickname resolved to a unique userid or direct userid entered by the member
$DOUBLER_UID = $uid;
$points = GET_TOTAL_DATA($uid, "user_points", "points") - GET_TOTAL_DATA($uid, "user_data", "used_points");
// So let's continue with probing his points amount
- if (($points - getConfig('doubler_left') - $_POST['points'] * getConfig('doubler_charge')) >= 0)
+ if (($points - getConfig('doubler_left') - REQUEST_POST('points') * getConfig('doubler_charge')) >= 0)
// Enough points are left so let's continue with the doubling process
// Create doubling "account" width *DOUBLED* points
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s','%s','%s','".GET_REMOTE_ADDR()."', UNIX_TIMESTAMP(), 'N','N')",
- array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__);
+ array($uid, bigintval($GLOBALS['refid']), bigintval(REQUEST_POST('points') * 2)), __FILE__, __LINE__);
// Subtract entered points
- SUB_POINTS("doubler", $uid, $_POST['points']);
+ SUB_POINTS("doubler", $uid, REQUEST_POST('points'));
// Add points to "total payed" including charge
- $points = $_POST['points'] - $_POST['points'] * getConfig('doubler_charge');
+ $points = REQUEST_POST('points') - REQUEST_POST('points') * getConfig('doubler_charge');
UPDATE_CONFIG("doubler_points", $points, "+");
incrementConfigEntry('doubler_points', $points);
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s',0,'%s','".GET_REMOTE_ADDR()."',UNIX_TIMESTAMP(),'N','Y')",
array(
bigintval($GLOBALS['refid']),
- bigintval($_POST['points'] * 2 * getConfig('doubler_ref'))
+ bigintval(REQUEST_POST('points') * 2 * getConfig('doubler_ref'))
), __FILE__, __LINE__);
// And that's why we don't want to you more than one referal level of doubler-points. ^^^
UPDATE_CONFIG("doubler_counter", 1, "+");
// Set constant
- define('__DOUBLER_MSG', LOAD_TEMPLATE("doubler_reflink", true, $_POST['userid']));
+ define('__DOUBLER_MSG', LOAD_TEMPLATE("doubler_reflink", true, REQUEST_POST('userid')));
} else {
// Not enougth points left
define('__ERROR_MSG', getMessage('DOUBLER_FORM_NO_POINTS_LEFT'));
} elseif ($status == "LOCKED") {
// Account is locked by admin / holiday!
define('__ERROR_MSG', getMessage('DOUBLER_FORM_STATUS_LOCKED'));
- } elseif ($_POST['points'] < getConfig('doubler_min')) {
+ } elseif (REQUEST_POST('points') < getConfig('doubler_min')) {
// Not enougth points entered
define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MIN'));
- } elseif ($_POST['points'] > getConfig('doubler_max')) {
+ } elseif (REQUEST_POST('points') > getConfig('doubler_max')) {
// Too much points entered
define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MAX'));
} elseif ($probe_nickname) {
// Wrong password or account not found
define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_MEMBER'));
}
- } elseif (empty($_POST['userid'])) {
+ } elseif (!REQUEST_ISSET_POST(('userid'))) {
// Login not entered
define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_LOGIN'));
- } elseif (empty($_POST['pass'])) {
+ } elseif (!REQUEST_ISSET_POST(('pass'))) {
// Password not entered
define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_PASSWORD'));
- } elseif (empty($_POST['points'])) {
+ } elseif (!REQUEST_ISSET_POST(('points'))) {
// points not entered
define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_POINTS'));
}
LOAD_INC_ONCE("inc/header.php");
// Code set?
- if (!empty($_GET['code'])) {
+ if (REQUEST_ISSET_GET(('code'))) {
// Generate image
- GENERATE_IMAGE(bigintval($_GET['code']));
- } elseif (!empty($_GET['tag'])) {
+ GENERATE_IMAGE(bigintval(REQUEST_GET('code')));
+ } elseif (REQUEST_ISSET_GET(('tag'))) {
// Tag set so create the IFN (Include-FileName)
$INC = sprintf("inc/img/tag-%s.php",
- SQL_ESCAPE($_GET['tag'])
+ SQL_ESCAPE(REQUEST_GET('tag'))
);
// Include is readable?
require($INC);
}
-// 01 2 3 32 2 3321 12 3 32 2 21 1 2 21 1 2 21 1 2 21 1 10
-if ((date("d", getConfig('last_update')) != date("d", time())) && ((!defined('mxchange_installing')) || (!mxchange_installing)) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($GLOBALS['output_mode'] != 1)) {
+// 01 2 3 32 2 3321 12 3 32 2 21 1 2 21 1 2 21 1 23 321 1 10
+if ((date("d", getConfig('last_update')) != date("d", time())) && ((!defined('mxchange_installing')) || (!mxchange_installing)) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!REQUEST_ISSET_GET(('register'))) && ($GLOBALS['output_mode'] != 1)) {
// Do daily things in external PHP file but only when script is completely setup
// Daily reset was run!
define('__DAILY_RESET', true);
--- /dev/null
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 02/28/2009 *
+ * =============== Last change: 02/28/2009 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : config-functions.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Many non-MySQL functions (also file access) *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Viele Nicht-MySQL-Funktionen (auch Dateizugriff) *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+ require($INC);
+}
+
+// Merges $_CONFIG with data in given array
+function mergeConfig ($newConfig) {
+ global $_CONFIG;
+ $_CONFIG = merge_array($_CONFIG, $newConfig);
+}
+
+// Getter for $_CONFIG entries
+function getConfig ($entry) {
+ global $_CONFIG;
+
+ // Default value
+ $value = null;
+
+ // Is the entry there?
+ if (isConfigEntrySet($entry)) {
+ // Then use it
+ $value = $_CONFIG[$entry];
+ } // END - if
+
+ // Return it
+ return $value;
+}
+
+// Setter for $_CONFIG entries
+function setConfigEntry ($entry, $value) {
+ global $_CONFIG;
+
+ // Secure the entry name
+ $entry = SQL_ESCAPE($entry);
+
+ // And set it
+ $_CONFIG[$entry] = $value;
+}
+
+// Checks wether the given config entry is set
+function isConfigEntrySet ($entry) {
+ global $_CONFIG;
+ return (isset($_CONFIG[$entry]));
+}
+
+// Increment or init with given value or 1 as default the given config entry
+function incrementConfigEntry ($configEntry, $value=1) {
+ global $_CONFIG;
+
+ // Increment it if set or init it with 1
+ if (getConfig($configEntry) > 0) {
+ $_CONFIG[$configEntry] += $value;
+ } else {
+ $_CONFIG[$configEntry] = $value;
+ }
+}
+
+// [EOF]
+?>
} // END - if
// Shall we display the copyright notice?
- if ((empty($_GET['frame'])) && (basename($_SERVER['PHP_SELF']) != "mailid_top.php") && (isBooleanConstantAndTrue('WRITE_FOOTER')) && ($GLOBALS['header_sent'] == "2")) {
+ if ((!REQUEST_ISSET_GET(('frame'))) && (basename($_SERVER['PHP_SELF']) != "mailid_top.php") && (isBooleanConstantAndTrue('WRITE_FOOTER')) && ($GLOBALS['header_sent'] == "2")) {
// Backlink enabled?
if (isBooleanConstantAndTrue('ENABLE_BACKLINK')) {
// Copyright with backlink, thanks! :-)
} // END - if
// Shall we display the parsing time and number of queries?
- if ((getConfig('show_timings') == "Y") && (empty($_GET['frame'])) && ($GLOBALS['header_sent'] == "2")) {
+ if ((getConfig('show_timings') == "Y") && (!REQUEST_ISSET_GET(('frame'))) && ($GLOBALS['header_sent'] == "2")) {
// Then display it here
DISPLAY_PARSING_TIME_FOOTER();
} // END - if
$lang = "";
// Is the variable set
- if (!empty($_GET['mx_lang'])) {
+ if (REQUEST_ISSET_GET(('mx_lang'))) {
// Accept only first 2 chars
- $lang = substr($_GET['mx_lang'], 0, 2);
+ $lang = substr(REQUEST_GET('mx_lang'), 0, 2);
} elseif (isset($GLOBALS['cache_array']['language'])) {
// Use cached
$ret = $GLOBALS['cache_array']['language'];
$NAV = "";
for ($page = 1; $page <= $PAGES; $page++) {
// Is the page currently selected or shall we generate a link to it?
- if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+ if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
// Is currently selected, so only highlight it
$NAV .= "<strong>-";
} else {
$NAV .= "<a href=\"{!URL!}/modules.php?module=admin&what=".$GLOBALS['what']."&page=".$page."&offset=".$offset;
// Add userid when we shall show all mails from a single member
- if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) $NAV .= "&u_id=".bigintval($_GET['u_id']);
+ if ((REQUEST_ISSET_GET(('uid'))) && (bigintval(REQUEST_GET('uid')) > 0)) $NAV .= "&uid=".bigintval(REQUEST_GET('uid'));
// Close open anchor tag
$NAV .= "\">";
}
$NAV .= $page;
- if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+ if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
// Is currently selected, so only highlight it
$NAV .= "-</strong>";
} else {
$eval = "\$OUT = \"[ ";
foreach ($TARGETS as $tar) {
- $eval .= "<span class=\\\"admin_user_link\\\"><a href=\\\"{!URL!}/modules.php?module=admin&what=".$tar."&u_id=".$uid."\\\" title=\\\"{--ADMIN_LINK_";
+ $eval .= "<span class=\\\"admin_user_link\\\"><a href=\\\"{!URL!}/modules.php?module=admin&what=".$tar."&uid=".$uid."\\\" title=\\\"{--ADMIN_LINK_";
//* DEBUG: */ echo "*".$tar."/".$status."*<br />\n";
if (($tar == "lock_user") && ($status == "LOCKED")) {
// Locked accounts shall be unlocked
if ((!defined('__COOKIES')) || ((!__COOKIES))) {
// Cookies are not accepted
- if ((!empty($_GET['refid'])) && (strpos($URL, "refid=") == 0)) {
+ if ((REQUEST_ISSET_GET(('refid'))) && (strpos($URL, "refid=") == 0)) {
// Cookie found in URL
- $ADD .= $BIND."refid=".bigintval($_GET['refid']);
+ $ADD .= $BIND."refid=".bigintval(REQUEST_GET('refid'));
} elseif ((GET_EXT_VERSION("sql_patches") != '') && (getConfig('def_refid') > 0)) {
// Not found! So let's set default here
$ADD .= $BIND."refid=".getConfig('def_refid');
LOAD_TEMPLATE("show_timings", false, $content);
}
-// Unset/set session variables
-function set_session ($var, $value) {
- // Abort in CSS mode here
- if ($GLOBALS['output_mode'] == 1) return true;
-
- // Trim value and session variable
- $var = trim(SQL_ESCAPE($var)); $value = trim($value);
-
- // Is the session variable set?
- if (("".$value."" == "") && (isSessionVariableSet($var))) {
- // Remove the session
- //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."<br />\n";
- unset($_SESSION[$var]);
- return session_unregister($var);
- } elseif (("".$value."" != '') && (!isSessionVariableSet($var))) {
- // Set session
- //* DEBUG: */ echo "SET:".$var."=".$value."<br />\n";
- $_SESSION[$var] = $value;
- return session_register($var);
- } elseif (!empty($value)) {
- // Update session
- //* DEBUG: */ echo "UPDATE:".$var."=".$value."<br />\n";
- $_SESSION[$var] = $value;
- return true;
- }
-
- // Ignored (but valid)
- //* DEBUG: */ echo "IGNORED:".$var."=".$value."<br />\n";
- return true;
-}
-
// Check wether a boolean constant is set
// Taken from user comments in PHP documentation for function constant()
function isBooleanConstantAndTrue($constName) { // : Boolean
return $res;
}
-// Check wether a session variable is set
-function isSessionVariableSet ($var) {
- //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):var={$var}<br />\n";
- return (isset($_SESSION[$var]));
-}
-// Returns wether the value of the session variable or NULL if not set
-function get_session ($var) {
- // Default is not found! ;-)
- $value = null;
-
- // Is the variable there or cached values?
- if (isset($GLOBALS['cache_array']['session'][$var])) {
- // Get cached value (skips a lot SQL_ESCAPE() calles!
- //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-CACHE!<br />\n";
- $value = $GLOBALS['cache_array']['session'][$var];
- } elseif (isSessionVariableSet($var)) {
- // Then get it secured!
- //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-RESOLVE!<br />\n";
- $value = SQL_ESCAPE($_SESSION[$var]);
-
- // Cache the value
- $GLOBALS['cache_array']['session'][$var] = $value;
- } // END - if
-
- // Return the value
- return $value;
-}
-
-// Send notification to admin
-function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content=array(), $uid="0") {
- if (GET_EXT_VERSION("admins") >= "0.4.1") {
- // Send new way
- SEND_ADMIN_EMAILS_PRO($subject, $templateName, $content, $uid);
- } else {
- // Send outdated way
- $msg = LOAD_EMAIL_TEMPLATE($templateName, $content, $uid);
- SEND_ADMIN_EMAILS($subject, $msg);
- }
-}
-
-// Destroy user session
-function destroy_user_session () {
- // Reset userid
- $GLOBALS['userid'] = 0;
-
- // Remove all user data from session
- return ((set_session('userid', "")) && (set_session('u_hash', "")));
-}
-
-// Merges an array together but only if both are arrays
-function merge_array ($array1, $array2) {
- // Are both an array?
- if ((is_array($array1)) && (is_array($array2))) {
- // Merge all together
- return array_merge($array1, $array2);
- } elseif (is_array($array1)) {
- // Return left array
- DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("array2 is not an array. array != %s", gettype($array2)));
- return $array1;
- } elseif (is_array($array2)) {
- // Return right array
- DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("array1 is not an array. array != %s", gettype($array1)));
- return $array2;
- }
-
- // Both are not arrays
- debug_report_bug(__FUNCTION__.": No arrays provided!");
-}
-
-// Debug message logger
-function DEBUG_LOG ($funcFile, $line, $message, $force=true) {
- // Is debug mode enabled?
- if ((isBooleanConstantAndTrue('DEBUG_MODE')) || ($force === true)) {
- // Log this message away
- $fp = fopen(constant('PATH')."inc/cache/debug.log", 'a') or mxchange_die("Cannot write logfile debug.log!");
- fwrite($fp, date("d.m.Y|H:i:s", time())."|".basename($funcFile)."|".$line."|".strip_tags($message)."\n");
- fclose($fp);
- } // END - if
-}
-
-// Reads a directory with PHP files in and gets only files back
-function GET_DIR_AS_ARRAY ($baseDir, $prefix) {
- $INCs = array();
-
- // Open directory
- $dirPointer = opendir($baseDir) or mxchange_die("Cannot read ".basename($baseDir)." path!");
-
- // Read all entries
- while ($baseFile = readdir($dirPointer)) {
- // Load file only if extension is active
- // Make full path
- $FQFN = $baseDir.$baseFile;
-
- // Is this a valid reset file?
- //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):baseDir={$baseDir},prefix={$prefix},baseFile={$baseFile}<br />\n";
- if ((FILE_READABLE($FQFN)) && (substr($baseFile, 0, strlen($prefix)) == $prefix) && (substr($baseFile, -4, 4) == ".php")) {
- // Remove both for extension name
- $extName = substr($baseFile, strlen($prefix), -4);
-
- // Try to find it
- $extId = GET_EXT_ID($extName);
-
- // Is the extension valid and active?
- if (($extId > 0) && (EXT_IS_ACTIVE($extName))) {
- // Then add this file
- $INCs[] = $FQFN;
- } elseif ($extId == 0) {
- // Add non-extension files as well
- $INCs[] = $FQFN;
- }
- } // END - if
- } // END - while
-
- // Close directory
- closedir($dirPointer);
-
- // Sort array
- asort($INCs);
-
- // Return array with include files
- return $INCs;
-}
-// Load more reset scripts
-function RESET_ADD_INCLUDES () {
- // Is the reset set or old sql_patches?
- if ((!defined('__DAILY_RESET')) || (EXT_VERSION_IS_OLDER("sql_patches", "0.4.5"))) {
- // Then abort here
- return array();
- } // END - if
-
- // Get more daily reset scripts
- $INC_POOL = GET_DIR_AS_ARRAY(constant('PATH')."inc/reset/", "reset_");
-
- // Update database
- if (!defined('DEBUG_RESET')) UPDATE_CONFIG("last_update", time());
-
- // Create current week mark
- $currWeek = date("W", time());
-
- // Has it changed?
- if (getConfig('last_week') != $currWeek) {
- // Include weekly reset scripts
- $INC_POOL = merge_array($INC_POOL, GET_DIR_AS_ARRAY(constant('PATH')."inc/weekly/", "weekly_"));
-
- // Update config
- if (!defined('DEBUG_WEEKLY')) UPDATE_CONFIG("last_week", $currWeek);
- } // END - if
-
- // Create current month mark
- $currMonth = date("m", time());
-
- // Has it changed?
- if (getConfig('last_month') != $currMonth) {
- // Include monthly reset scripts
- $INC_POOL = merge_array($INC_POOL, GET_DIR_AS_ARRAY(constant('PATH')."inc/monthly/", "monthly_"));
-
- // Update config
- if (!defined('DEBUG_MONTHLY')) UPDATE_CONFIG("last_month", $currMonth);
- } // END - if
-
- // Return array
- return $INC_POOL;
-}
-// Handle extra values
-function HANDLE_EXTRA_VALUES ($filterFunction, $value, $extraValue) {
- // Default is the value itself
- $ret = $value;
-
- // Do we have a special filter function?
- if (!empty($filterFunction)) {
- // Does the filter function exist?
- if (function_exists($filterFunction)) {
- // Do we have extra parameters here?
- if (!empty($extraValue)) {
- // Put both parameters in one new array by default
- $args = array($value, $extraValue);
-
- // If we have an array simply use it and pre-extend it with our value
- if (is_array($extraValue)) {
- // Make the new args array
- $args = merge_array(array($value), $extraValue);
- } // END - if
-
- // Call the multi-parameter call-back
- $ret = call_user_func_array($filterFunction, $args);
- } else {
- // One parameter call
- $ret = call_user_func($filterFunction, $value);
- }
- } // END - if
- } // END - if
-
- // Return the value
- return $ret;
-}
-// Check if given FQFN is a readable file
-function FILE_READABLE($fqfn) {
- // Check all...
- return ((file_exists($fqfn)) && (is_file($fqfn)) && (is_readable($fqfn)));
-}
-// Converts timestamp selections into a timestamp
-function CONVERT_SELECTIONS_TO_TIMESTAMP(&$POST, &$DATA, &$id, &$skip) {
- // Init test variable
- $test2 = "";
-
- // Get last three chars
- $test = substr($id, -3);
-
- // Improved way of checking! :-)
- if (in_array($test, array("_ye", "_mo", "_we", "_da", "_ho", "_mi", "_se"))) {
- // Found a multi-selection for timings?
- $test = substr($id, 0, -3);
- if ((isset($POST[$test."_ye"])) && (isset($POST[$test."_mo"])) && (isset($POST[$test."_we"])) && (isset($POST[$test."_da"])) && (isset($POST[$test."_ho"])) && (isset($POST[$test."_mi"])) && (isset($POST[$test."_se"])) && ($test != $test2)) {
- // Generate timestamp
- $POST[$test] = CREATE_TIMESTAMP_FROM_SELECTIONS($test, $POST);
- $DATA[] = sprintf("%s='%s'", $test, $POST[$test]);
-
- // Remove data from array
- foreach (array("ye", "mo", "we", "da", "ho", "mi", "se") as $rem) {
- unset($POST[$test."_".$rem]);
- } // END - foreach
-
- // Skip adding
- unset($id); $skip = true; $test2 = $test;
- } // END - if
- } else {
- // Process this entry
- $skip = false; $test2 = "";
- }
-}
-// Reverts the german decimal comma into Computer decimal dot
-function REVERT_COMMA ($str) {
- // Default float is not a float... ;-)
- $float = false;
-
- // Which language is selected?
- switch (GET_LANGUAGE()) {
- case "de": // German language
- // Remove german thousand dots first
- $str = str_replace(".", "", $str);
-
- // Replace german commata with decimal dot and cast it
- $float = (float)str_replace(",", ".", $str);
- break;
-
- default: // US and so on
- // Remove thousand dots first and cast
- $float = (float)str_replace(",", "", $str);
- break;
- }
-
- // Return float
- return $float;
-}
-
-// Handle menu-depending failed logins and return the rendered content
-function HANDLE_LOGIN_FAILTURES ($accessLevel) {
- // Default output is empty ;-)
- $OUT = "";
-
- // Is the session data set?
- if ((isSessionVariableSet('mxchange_'.$accessLevel.'_failures')) && (isSessionVariableSet('mxchange_'.$accessLevel.'_last_fail'))) {
- // Ignore zero values
- if (get_session('mxchange_'.$accessLevel.'_failures') > 0) {
- // Non-guest has login failures found, get both data and prepare it for template
- //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):accessLevel={$accessLevel}<br />\n";
- $content = array(
- 'login_failures' => get_session('mxchange_'.$accessLevel.'_failures'),
- 'last_failure' => MAKE_DATETIME(get_session('mxchange_'.$accessLevel.'_last_fail'), "2")
- );
-
- // Load template
- $OUT = LOAD_TEMPLATE("login_failures", true, $content);
- } // END - if
-
- // Reset session data
- set_session('mxchange_'.$accessLevel.'_failures', "");
- set_session('mxchange_'.$accessLevel.'_last_fail', "");
- } // END - if
-
- // Return rendered content
- return $OUT;
-}
-
-// Rebuild cache
-function REBUILD_CACHE ($cache, $inc="") {
- // Shall I remove the cache file?
- if ((EXT_IS_ACTIVE("cache")) && (is_object($GLOBALS['cache_instance']))) {
- // Rebuild cache
- if ($GLOBALS['cache_instance']->loadCacheFile($cache)) {
- // Destroy it
- $GLOBALS['cache_instance']->destroyCacheFile();
- } // END - if
-
- // Include file given?
- if (!empty($inc)) {
- // Construct FQFN
- $INC = sprintf("inc/loader/load_cache-%s.php", $inc);
-
- // Is the include there?
- if (INCLUDE_READABLE($INC)) {
- // And rebuild it from scratch
- //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): inc={$inc} - LOADED!<br />\n";
- LOAD_INC($INC);
- } else {
- // Include not found!
- DEBUG_LOG(__FUNCTION__, __LINE__, "Include {$inc} not found. cache={$cache}");
- }
- } // END - if
- } // END - if
-}
-
-// Purge admin menu cache
-function CACHE_PURGE_ADMIN_MENU ($id=0, $action="", $what="", $str="") {
- // Is the cache extension enabled or no cache instance or admin menu cache disabled?
- if (!EXT_IS_ACTIVE("cache")) {
- // Cache extension not active
- return false;
- } elseif (!is_object($GLOBALS['cache_instance'])) {
- // No cache instance!
- DEBUG_LOG(__FUNCTION__, __LINE__, " No cache instance found.");
- return false;
- } elseif ((!isConfigEntrySet('cache_admin_menu')) || (getConfig('cache_admin_menu') != "Y")) {
- // Caching disabled (currently experiemental!)
- return false;
- }
-
- // Experiemental feature!
- debug_report_bug("<strong>Experimental feature:</strong> You have to delete the admin_*.cache files by yourself at this point.");
-}
-
-// Translates the "pool type" into human-readable
-function TRANSLATE_POOL_TYPE ($type) {
- // Default type is unknown
- $translated = sprintf(getMessage('POOL_TYPE_UNKNOWN'), $type);
-
- // Generate constant
- $constName = sprintf("POOL_TYPE_%s", $type);
-
- // Does it exist?
- if (defined($constName)) {
- // Then use it
- $translated = getMessage($constName);
- } // END - if
-
- // Return "translation"
- return $translated;
-}
-
-// "Getter" for remote IP number
-function GET_REMOTE_ADDR () {
- // Get remote ip from environment
- $remoteAddr = getenv('REMOTE_ADDR');
-
- // Is removeip installed?
- if (EXT_IS_ACTIVE("removeip")) {
- // Then anonymize it
- $remoteAddr = GET_ANONYMOUS_REMOTE_ADDR($remoteAddr);
- } // END - if
-
- // Return it
- return $remoteAddr;
-}
-// "Getter" for remote hostname
-function GET_REMOTE_HOST () {
- // Get remote ip from environment
- $remoteHost = getenv('REMOTE_HOST');
-
- // Is removeip installed?
- if (EXT_IS_ACTIVE("removeip")) {
- // Then anonymize it
- $remoteHost = GET_ANONYMOUS_REMOTE_HOST($remoteHost);
- } // END - if
-
- // Return it
- return $remoteHost;
-}
-// "Getter" for user agent
-function GET_USER_AGENT () {
- // Get remote ip from environment
- $userAgent = getenv('HTTP_USER_AGENT');
-
- // Is removeip installed?
- if (EXT_IS_ACTIVE("removeip")) {
- // Then anonymize it
- $userAgent = GET_ANONYMOUS_USER_AGENT($userAgent);
- } // END - if
-
- // Return it
- return $userAgent;
-}
-// "Getter" for referer
-function GET_REFERER () {
- // Get remote ip from environment
- $referer = getenv('HTTP_REFERER');
-
- // Is removeip installed?
- if (EXT_IS_ACTIVE("removeip")) {
- // Then anonymize it
- $referer = GET_ANONYMOUS_REFERER($referer);
- } // END - if
-
- // Return it
- return $referer;
-}
-
-// Adds a bonus mail to the queue
-// This is a high-level function!
-function ADD_NEW_BONUS_MAIL ($data, $mode="", $output=true) {
- // Use mode from data if not set and availble ;-)
- if ((empty($mode)) && (isset($data['mode']))) $mode = $data['mode'];
-
- // Generate receiver list
- $RECEIVER = GENERATE_RECEIVER_LIST($data['cat'], $data['receiver'], $mode);
-
- // Receivers added?
- if (!empty($RECEIVER)) {
- // Add bonus mail to queue
- ADD_BONUS_MAIL_TO_QUEUE(
- $data['subject'],
- $data['text'],
- $RECEIVER,
- $data['points'],
- $data['seconds'],
- $data['url'],
- $data['cat'],
- $mode,
- $data['receiver']
- );
-
- // Mail inserted into bonus pool
- if ($output) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_BONUS_SEND'));
- } elseif ($output) {
- // More entered than can be reached!
- LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_MORE_SELECTED'));
- } else {
- // Debug log
- DEBUG_LOG(__FUNCTION__, __LINE__, " cat={$data['cat']},receiver={$data['receiver']},data=".base64_encode(serialize($data))." More selected, than available!");
- }
-}
-
-// Determines referal id and sets it
-function DETERMINE_REFID () {
- global $CLICK, $_SERVER;
-
- // Check if refid is set
- if ((!empty($_GET['user'])) && ($CLICK == 1) && (basename($_SERVER['PHP_SELF']) == "click.php")) {
- // The variable user comes from the click-counter script click.php and we only accept this here
- $GLOBALS['refid'] = bigintval($_GET['user']);
- } elseif (!empty($_POST['refid'])) {
- // Get referal id from variable refid (so I hope this makes my script more compatible to other scripts)
- $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_POST['refid']));
- } elseif (!empty($_GET['refid'])) {
- // Get referal id from variable refid (so I hope this makes my script more compatible to other scripts)
- $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['refid']));
- } elseif (!empty($_GET['ref'])) {
- // Set refid=ref (the referal link uses such variable)
- $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref']));
- } elseif ((isSessionVariableSet('refid')) && (get_session('refid') != 0)) {
- // Set session refid als global
- $GLOBALS['refid'] = bigintval(get_session('refid'));
- } elseif ((GET_EXT_VERSION("sql_patches") != "") && (getConfig('def_refid') > 0)) {
- // Set default refid as refid in URL
- $GLOBALS['refid'] = bigintval(getConfig('def_refid'));
- } elseif ((GET_EXT_VERSION("user") >= "0.3.4") && (getConfig('select_user_zero_refid')) == "Y") {
- // Select a random user which has confirmed enougth mails
- $GLOBALS['refid'] = SELECT_RANDOM_REFID();
- } else {
- // No default ID when sql_patches is not installed or none set
- $GLOBALS['refid'] = 0;
- }
-
- // Set cookie when default refid > 0
- if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_session('refid') == "0") && (getConfig('def_refid') > 0))) {
- // Set cookie
- set_session('refid', $GLOBALS['refid']);
- } // END - if
-
- // Return determined refid
- return $GLOBALS['refid'];
-}
-
-// Destroys the admin session
-function destroyAdminSession ($destroy = true) {
- // Kill maybe existing session variables including array elements
- set_session('admin_login', "");
- set_session('admin_md5' , "");
- set_session('admin_last' , "");
- set_session('admin_to' , "");
-
- // Destroy session and return status
- if ($destroy) {
- return session_destroy();
- } // END - if
-
- // All fine if we shall not really destroy the session
- return true;
-}
-
// Checks if a given apache module is loaded
function IF_APACHE_MODULE_LOADED ($apacheModule) {
// Check it and return result
return (((function_exists('apache_get_modules')) && (in_array($apacheModule, apache_get_modules()))) || (!function_exists('apache_get_modules')));
}
-// Merges $_CONFIG with data in given array
-function mergeConfig ($newConfig) {
- global $_CONFIG;
- $_CONFIG = merge_array($_CONFIG, $newConfig);
-}
-
-// Getter for $_CONFIG entries
-function getConfig ($entry) {
- global $_CONFIG;
-
- // Default value
- $value = null;
-
- // Is the entry there?
- if (isConfigEntrySet($entry)) {
- // Then use it
- $value = $_CONFIG[$entry];
- } // END - if
-
- // Return it
- return $value;
-}
-
-// Setter for $_CONFIG entries
-function setConfigEntry ($entry, $value) {
- global $_CONFIG;
-
- // Secure the entry name
- $entry = SQL_ESCAPE($entry);
-
- // And set it
- $_CONFIG[$entry] = $value;
-}
-
-// Checks wether the given config entry is set
-function isConfigEntrySet ($entry) {
- global $_CONFIG;
- return (isset($_CONFIG[$entry]));
-}
-
-// Increment or init with given value or 1 as default the given config entry
-function incrementConfigEntry ($configEntry, $value=1) {
- global $_CONFIG;
-
- // Increment it if set or init it with 1
- if (getConfig($configEntry) > 0) {
- $_CONFIG[$configEntry] += $value;
- } else {
- $_CONFIG[$configEntry] = $value;
- }
-}
-
// "Getter" for language strings
// @TODO Rewrite all language constants to this function.
function getMessage ($messageId) {
// Fix it to default
$ret = "default";
} // END - if
- } elseif ((!isBooleanConstantAndTrue('mxchange_installed')) && ((isBooleanConstantAndTrue('mxchange_installing')) || ($GLOBALS['output_mode'] == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme'])))) {
+ } elseif ((!isBooleanConstantAndTrue('mxchange_installed')) && ((isBooleanConstantAndTrue('mxchange_installing')) || ($GLOBALS['output_mode'] == true)) && ((REQUEST_ISSET_GET(('theme'))) || (REQUEST_ISSET_POST(('theme'))))) {
// Prepare FQFN for checking
- $theme = sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE($_GET['theme']));
+ $theme = sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE(REQUEST_GET('theme')));
// Installation mode active
- if ((!empty($_GET['theme'])) && (FILE_READABLE($theme))) {
+ if ((REQUEST_ISSET_GET(('theme'))) && (FILE_READABLE($theme))) {
// Set cookie from URL data
- set_session('mxchange_theme', SQL_ESCAPE($_GET['theme']));
- } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE($_POST['theme'])))) {
+ set_session('mxchange_theme', SQL_ESCAPE(REQUEST_GET('theme')));
+ } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE(REQUEST_POST('theme'))))) {
// Set cookie from posted data
- set_session('mxchange_theme', SQL_ESCAPE($_POST['theme']));
+ set_session('mxchange_theme', SQL_ESCAPE(REQUEST_POST('theme')));
}
// Set return value
break;
case constant('CODE_EXTENSION_PROBLEM'):
- if (isset($_GET['ext'])) {
- $msg = sprintf(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), SQL_ESCAPE($_GET['ext']));
+ if (REQUEST_ISSET_GET(('ext'))) {
+ $msg = sprintf(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), SQL_ESCAPE(REQUEST_GET('ext')));
} else {
$msg = getMessage('EXTENSION_PROBLEM_UNSET_EXT');
}
--- /dev/null
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 02/28/2009 *
+ * =============== Last change: 02/28/2009 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : handler.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Handler functions (call-back) *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Handler-Funktionen (Call-Back) *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ require($INC);
+}
+
+// Error handler function
+function __errorHandler ($errno, $errstr, $errfile, $errline) {
+ // Construct message
+ $msg = sprintf("errno=%s,errstr=%s,errfile=%s,errline=%s",
+ $errno,
+ $errstr,
+ basename($errfile),
+ $errline
+ );
+
+ // Write debug log message
+ DEBUG_LOG(__FUNCTION__, __LINE__, "".$msg, true);
+
+ // Output message to user and die
+ if (EXT_IS_ACTIVE("debug")) {
+ // Debug extension found! So Output a small message
+ mxchange_die("Error message written to debug.log. Please try to call <a href=\"{!URL!}\">the main page</a> to continue.");
+ } else {
+ // No debug extension found, so regular output
+ debug_report_bug($msg);
+ }
+}
+
+// [EOF]
+?>
} // END - if
// Load body or not
-if (($GLOBALS['module'] != "frametester") || (($GLOBALS['module'] == "frametester") && (isset($_GET['frame']))) || (($GLOBALS['header_sent'] == "1") && (!empty($_GET['frame']))) && ($GLOBALS['output_mode'] != "1")) {
+if (($GLOBALS['module'] != "frametester") || (($GLOBALS['module'] == "frametester") && (REQUEST_ISSET_GET(('frame')))) || (($GLOBALS['header_sent'] == "1") && (REQUEST_ISSET_GET(('frame')))) && ($GLOBALS['output_mode'] != "1")) {
// Is the header sent and the script is not the mail confirmation script and not a CSS?
if (($GLOBALS['header_sent'] == "1") && (basename($_SERVER['PHP_SELF']) != "mailid.php") && ($GLOBALS['output_mode'] != "1")) {
// Add BODY tag
--- /dev/null
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 02/28/2009 *
+ * =============== Last change: 02/28/2009 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : hooks.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Hooks (call-backs) *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Hooks (Call-Back) *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ require($INC);
+}
+
+// Call-back function for running shutdown functions and close database connection
+function __SHUTDOWN_HOOK () {
+ // Call the filter chain 'shutdown'
+ RUN_FILTER('shutdown', null, false);
+
+ if (SQL_IS_LINK_UP()) {
+ // Close link
+ SQL_CLOSE(__FILE__, __LINE__);
+ } else {
+ // No database link
+ addFatalMessage(getMessage('NO_DB_LINK'));
+ }
+}
+
+// [EOF]
+?>
// Init variables
$mysql = "";
-if ((isset($_POST['mysql'])) && (is_array($_POST['mysql']))) $mysql = $_POST['mysql'];
+if ((REQUEST_ISSET_POST(('mysql'))) && (is_array(REQUEST_POST('mysql')))) $mysql = REQUEST_POST('mysql');
// Check if both passwords from SMTP are matching
-if ((isset($_GET['page']) && ($_GET['page'] == 5))) {
+if ((REQUEST_ISSET_GET(('page')) && (REQUEST_GET('page') == 5))) {
// Okay, we have to check it
- if (!empty($_POST['smtp_user']) && (empty($_POST['smtp_host']))) {
+ if (REQUEST_ISSET_POST(('smtp_user')) && (!REQUEST_ISSET_POST(('smtp_host')))) {
// Hostname not set
OUTPUT_HTML(getMessage('INSTALL_SMTP_HOSTNAME_EMPTY')."<br />");
- $_GET['page'] = 3;
+ REQUEST_SET_GET('page', 3);
} // END - if
- if ((empty($_POST['smtp_pass1'])) && (!empty($_POST['smtp_pass2']))) {
+ if ((!REQUEST_ISSET_POST(('smtp_pass1'))) && (REQUEST_ISSET_POST(('smtp_pass2')))) {
// Password is empty
OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS1_EMPTY')."<br />");
- $_GET['page'] = 3;
+ REQUEST_SET_GET('page', 3);
} // END - if
- if ((!empty($_POST['smtp_pass1'])) && (empty($_POST['smtp_pass2']))) {
+ if ((REQUEST_ISSET_POST(('smtp_pass1'))) && (!REQUEST_ISSET_POST(('smtp_pass2')))) {
// Password repeat is empty
OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS2_EMPTY')."<br />");
- $_GET['page'] = 3;
+ REQUEST_SET_GET('page', 3);
} // END - if
- if ($_POST['smtp_pass1'] != $_POST['smtp_pass1']) {
+ if (REQUEST_POST('smtp_pass1') != REQUEST_POST('smtp_pass1')) {
// Passwords are not matching
OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS_MISMATCH')."<br />");
- $_GET['page'] = 3;
+ REQUEST_SET_GET('page', 3);
} // END - if
} // END - if
define('__BURL_ACTION', constant('URL'));
// Output page for entered value
- switch ($_GET['page'])
+ switch (REQUEST_GET('page'))
{
case "welcome": // Welcome to the installation!
LOAD_TEMPLATE("install_welcome");
define('__MYSQL_DBASE' , $mysql['dbase']);
define('__MYSQL_PREFIX', $mysql['prefix']);
define('__MYSQL_LOGIN' , $mysql['login']);
- define('__SPATH_VALUE' , $_POST['spath']);
- define('__BURL_VALUE' , $_POST['burl']);
- define('__TITLE_VALUE' , $_POST['title']);
- define('__SLOGAN_VALUE', $_POST['slogan']);
- define('__EMAIL_VALUE' , $_POST['email']);
+ define('__SPATH_VALUE' , REQUEST_POST('spath'));
+ define('__BURL_VALUE' , REQUEST_POST('burl'));
+ define('__TITLE_VALUE' , REQUEST_POST('title'));
+ define('__SLOGAN_VALUE', REQUEST_POST('slogan'));
+ define('__EMAIL_VALUE' , REQUEST_POST('email'));
// Load template
LOAD_TEMPLATE("install_page2");
case "3":
// Set more values
- define('__SPATH_VALUE' , $_POST['spath']);
- define('__BURL_VALUE' , $_POST['burl']);
- define('__TITLE_VALUE' , $_POST['title']);
- define('__SLOGAN_VALUE' , $_POST['slogan']);
- define('__EMAIL_VALUE' , $_POST['email']);
+ define('__SPATH_VALUE' , REQUEST_POST('spath'));
+ define('__BURL_VALUE' , REQUEST_POST('burl'));
+ define('__TITLE_VALUE' , REQUEST_POST('title'));
+ define('__SLOGAN_VALUE' , REQUEST_POST('slogan'));
+ define('__EMAIL_VALUE' , REQUEST_POST('email'));
// Use default SMTP data
$smtpHost = constant('SMTP_HOSTNAME');
$smtpPass2 = constant('SMTP_PASSWORD');
// Overwrite it with the data from sent (failed) form
- if (!empty($_POST['smtp_host'])) $smtpHost = $_POST['smtp_host'];
- if (!empty($_POST['smtp_user'])) $smtpUser = $_POST['smtp_user'];
+ if (REQUEST_ISSET_POST(('smtp_host'))) $smtpHost = REQUEST_POST('smtp_host');
+ if (REQUEST_ISSET_POST(('smtp_user'))) $smtpUser = REQUEST_POST('smtp_user');
// MySQL settings
define('__MYSQL_HOST' , $mysql['host']);
case "5": // Misc settings
// General settings
- define('__SPATH_VALUE' , $_POST['spath']);
- define('__BURL_VALUE' , $_POST['burl']);
- define('__TITLE_VALUE' , $_POST['title']);
- define('__SLOGAN_VALUE' , $_POST['slogan']);
- define('__EMAIL_VALUE' , $_POST['email']);
+ define('__SPATH_VALUE' , REQUEST_POST('spath'));
+ define('__BURL_VALUE' , REQUEST_POST('burl'));
+ define('__TITLE_VALUE' , REQUEST_POST('title'));
+ define('__SLOGAN_VALUE' , REQUEST_POST('slogan'));
+ define('__EMAIL_VALUE' , REQUEST_POST('email'));
// MySQL settings
define('__MYSQL_HOST' , $mysql['host']);
define('__MYSQL_LOGIN' , $mysql['login']);
// SMTP settings
- define('__SMTP_HOST' , $_POST['smtp_host']);
- define('__SMTP_USER' , $_POST['smtp_user']);
- define('__SMTP_PASS' , $_POST['smtp_pass1']);
+ define('__SMTP_HOST' , REQUEST_POST('smtp_host'));
+ define('__SMTP_USER' , REQUEST_POST('smtp_user'));
+ define('__SMTP_PASS' , REQUEST_POST('smtp_pass1'));
OUTPUT_HTML("<form action=\"{!__BURL_ACTION!}/install.php?page=finalize\" method=\"POST\" target=\"_self\">
<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"install_content\">
<tr>
break;
case "finalize": // Write captured data to files
- if ((!empty($_POST['finalize'])) && (!isBooleanConstantAndTrue('mxchange_installed'))) {
+ if ((REQUEST_ISSET_POST(('finalize'))) && (!isBooleanConstantAndTrue('mxchange_installed'))) {
// You have submitted data then we have to reset the fatal messages
$SQLs = array();
// Seems to work, also right database?
if (SQL_SELECT_DB($mysql['dbase'], __FILE__, __LINE__) === true) {
// Automatically run install.sql
- if ((FILE_READABLE($_POST['spath']."install/tables.sql")) && (FILE_READABLE($_POST['spath']."install/menu-".GET_LANGUAGE().".sql"))) {
+ if ((FILE_READABLE(REQUEST_POST('spath')."install/tables.sql")) && (FILE_READABLE(REQUEST_POST('spath')."install/menu-".GET_LANGUAGE().".sql"))) {
// Both exists so import them
foreach (array("tables.sql", "menu-".GET_LANGUAGE().".sql") as $dump) {
// Should be save here because file_exists() is there but we check it again. :)
- $FQFN = secureString($_POST['spath']) . "install/" . $dump;
+ $FQFN = secureString(REQUEST_POST('spath')) . "install/" . $dump;
if (FILE_READABLE($FQFN)) {
// Read the file
$SQLs = READ_FILE($FQFN, true);
} // END - foreach
// Ok, all done. So we can write the config data to the php files
- if ($_POST['spath'] != constant('PATH')) changeDataInFile($_POST['spath']."inc/config.php", "SERVER-PATH", "define('PATH', \"", "\");", $_POST['spath'], 0);
- if ($_POST['burl'] != constant('URL')) changeDataInFile($_POST['spath']."inc/config.php", "HOST-URL", "define('URL', \"", "\");", $_POST['burl'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "MAIN_TITLE", "define('MAIN_TITLE', \"", "\");", $_POST['title'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "SLOGAN", "define('SLOGAN', \"", "\");", $_POST['slogan'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "WEBMASTER", "define('WEBMASTER', \"", "\");", $_POST['email'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "NULLPASS-WARNING", "define('warn_no_pass', ", ");", $_POST['warn_no_pass'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "WRITE-FOOTER", "define('WRITE_FOOTER', ", ");", $_POST['wfooter'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "BACKLINK", "define('ENABLE_BACKLINK', ", ");", $_POST['blink'], 0);
- // changeDataInFile($_POST['spath']."inc/config.php", "OUTPUT-MODE", "define('OUTPUT_MODE', \"", "\");", $_POST['omode'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-HOST", " 'host' => \"", "\",", $mysql['host'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-DBASE", " 'dbase' => \"", "\",", $mysql['dbase'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-LOGIN", " 'login' => \"", "\",", $mysql['login'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-PASSWORD", " 'password' => \"", "\",", $mysql['pass1'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-PREFIX", "define('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "SMTP-HOSTNAME", "define('SMTP_HOSTNAME', \"", "\");", $_POST['smtp_host'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", $_POST['smtp_user'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", $_POST['smtp_pass'], 0);
- changeDataInFile($_POST['spath']."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0);
+ if (REQUEST_POST('spath') != constant('PATH')) changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SERVER-PATH", "define('PATH', \"", "\");", REQUEST_POST('spath'), 0);
+ if (REQUEST_POST('burl') != constant('URL')) changeDataInFile(REQUEST_POST('spath')."inc/config.php", "HOST-URL", "define('URL', \"", "\");", REQUEST_POST('burl'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MAIN_TITLE", "define('MAIN_TITLE', \"", "\");", REQUEST_POST('title'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SLOGAN", "define('SLOGAN', \"", "\");", REQUEST_POST('slogan'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "WEBMASTER", "define('WEBMASTER', \"", "\");", REQUEST_POST('email'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "NULLPASS-WARNING", "define('warn_no_pass', ", ");", REQUEST_POST('warn_no_pass'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "WRITE-FOOTER", "define('WRITE_FOOTER', ", ");", REQUEST_POST('wfooter'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "BACKLINK", "define('ENABLE_BACKLINK', ", ");", REQUEST_POST('blink'), 0);
+ // DEACTIVATED: changeDataInFile(REQUEST_POST('spath')."inc/config.php", "OUTPUT-MODE", "define('OUTPUT_MODE', \"", "\");", REQUEST_POST('omode'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-HOST", " 'host' => \"", "\",", $mysql['host'], 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-DBASE", " 'dbase' => \"", "\",", $mysql['dbase'], 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-LOGIN", " 'login' => \"", "\",", $mysql['login'], 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-PASSWORD", " 'password' => \"", "\",", $mysql['pass1'], 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-PREFIX", "define('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-HOSTNAME", "define('SMTP_HOSTNAME', \"", "\");", REQUEST_POST('smtp_host'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", REQUEST_POST('smtp_user'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", REQUEST_POST('smtp_pass1'), 0);
+ changeDataInFile(REQUEST_POST('spath')."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0);
} else {
// Installation area not found!
addFatalMessage(getMessage('INSTALL_MISSING_DUMPS'));
$OUT .= " <input type=\"hidden\" name=\"mysql[".$key."]\" value=\"".$value."\">\n";
} // END foreach
define('__MYSQL_DATA' , $OUT);
- define('__SPATH_VALUE' , $_POST['spath']);
- define('__BURL_VALUE' , $_POST['burl']);
- define('__TITLE_VALUE' , $_POST['title']);
- define('__SMTP_HOST' , $_POST['smtp_host']);
- define('__SMTP_USER' , $_POST['smtp_user']);
- define('__SMTP_PASS' , $_POST['smtp_pass']);
+ define('__SPATH_VALUE' , REQUEST_POST('spath'));
+ define('__BURL_VALUE' , REQUEST_POST('burl'));
+ define('__TITLE_VALUE' , REQUEST_POST('title'));
+ define('__SMTP_HOST' , REQUEST_POST('smtp_host'));
+ define('__SMTP_USER' , REQUEST_POST('smtp_user'));
+ define('__SMTP_PASS' , REQUEST_POST('smtp_pass1'));
// Load template
LOAD_TEMPLATE("install_fatal_errors");
break;
default:
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Wrong page %s detected", $_GET['page']));
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Wrong page %s detected", REQUEST_GET('page')));
OUTPUT_HTML(" <div class=\"install_error\">{--WRONG_PAGE--}</strong>");
break;
}
list($uid) = SQL_FETCHROW($result);
// Rewrite email address to contact link
- $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&u_id=".bigintval($uid);
+ $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&uid=".bigintval($uid);
}
// Free memory
}
// Remove cache file
- RUN_FILTER('post_admin_edited', $_POST);
+ RUN_FILTER('post_admin_edited', REQUEST_POST_ARRAY());
}
// Make admin accounts editable
}
// Remove cache if cache system is activated
- RUN_FILTER('post_admin_deleted', $_POST);
+ RUN_FILTER('post_admin_deleted', REQUEST_POST_ARRAY());
}
// List all admin accounts
//
function SEND_NEWSLETTER ($TO, $SUBJECT, $MSG, $MODE) {
// Send mail away as HTML
- if ($_POST['auto_urls'] == "Y") {
+ if (REQUEST_POST('auto_urls') == "Y") {
// Automatically insert URLs into newsletter
if ((EXT_IS_ACTIVE("html")) && ($MODE == "html")) {
// Send HTML mail
// is not false the API data is valid, else invalid
function PRIMERA_TEST_API () {
// Get new instance
- $api = new PrimeraApi($_POST['primera_api_name'], $_POST['primera_api_md5']);
+ $api = new PrimeraApi(REQUEST_POST('primera_api_name'), REQUEST_POST('primera_api_md5'));
// Was that fine?
return ($api->getPrimera() !== false);
if (GET_EXT_VERSION("cache") >= "0.1.2") {
// Get refs from cache
$cnt = 0;
- foreach ($GLOBALS['cache_array']['refsystem']['userid'] as $id => $u_id) {
+ foreach ($GLOBALS['cache_array']['refsystem']['userid'] as $id => $uid) {
// Do we have a ref for this user?
- //* DEBUG: */ echo "id={$id},u_id={$u_id},uid={$uid},old={$old},level={$GLOBALS['cache_array']['refsystem']['level'][$id]}<br />\n";
- if (($u_id == $uid) && ($GLOBALS['cache_array']['refsystem']['level'][$id] == 1)) {
+ //* DEBUG: */ echo "id={$id},uid={$uid},uid={$uid},old={$old},level={$GLOBALS['cache_array']['refsystem']['level'][$id]}<br />\n";
+ if (($uid == $uid) && ($GLOBALS['cache_array']['refsystem']['level'][$id] == 1)) {
//* DEBUG: */ echo "uid matches!<br />\n";
foreach ($GLOBALS['cache_array']['ref_depths']['level'] as $level) {
if (($level == $GLOBALS['cache_array']['refsystem']['level'][$id]) && ($level == 1)) {
$SW = 2;
$OUT .= "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\">\n";
while (list($id, $cat, $visible) = SQL_FETCHROW($result)) {
- if (empty($_POST['cat'][$id])) $_POST['cat'][$id] = "";
+ if (!REQUEST_ISSET_POST(('cat', $id))) REQUEST_POST('cat', $id) = "";
// Prepare array for the template
$content = array(
'sw' => $SW,
'id' => $id,
);
- if (($_POST['cat'][$id] == "Y") || ((getConfig('register_default') == "Y") && (empty($_POST['cat'][$id])))) {
+ if ((REQUEST_POST('cat', $id) == "Y") || ((getConfig('register_default') == "Y") && (!REQUEST_ISSET_POST(('cat', $id))))) {
$content['def_y'] = " checked=\"checked\"";
} else {
$content['def_n'] = " checked=\"checked\"";
// Simple from->to replacements
$REPLACE = array(
- 'search' => array("u_id", "url", "page", "offset", "mid", "bid", "sub", "home"),
+ 'search' => array("uid", "url", "page", "offset", "mid", "bid", "sub", "home"),
'replace' => array("u" , "url", "page", "offset", "m" , "b" , "s" , "h")
);
// Replace all array elements through
foreach ($REPLACE['search'] as $k => $v) {
if (eregi("$v=", $test)) {
- // Replace &u_id= with /u/
+ // Replace &uid= with /u/
$test = preg_replace("/&".$v."=/i", "/".$REPLACE['replace'][$k]."/", $test);
} // END - if
} // END - foreach
// Remove last ", " from SQL string
$SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
- $DATA['values'][] = bigintval($_GET['id']);
+ $DATA['values'][] = bigintval(REQUEST_GET('id'));
// Generate message
$MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
$templateName = "surfbar_frameset";
// Any frame set? ;-)
- if (isset($_GET['frame'])) {
+ if (REQUEST_ISSET_GET(('frame'))) {
// Use the frame as a template name part... ;-)
$templateName = sprintf("surfbar_frame_%s",
- SQL_ESCAPE($_GET['frame'])
+ SQL_ESCAPE(REQUEST_GET('frame'))
);
} // END - if
$GLOBALS['curr_theme'] = GET_CURR_THEME();
// Check if new theme is selcted
-if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $GLOBALS['curr_theme'])) {
+if ((REQUEST_ISSET_POST(('new_theme'))) && (REQUEST_POST('new_theme') != $GLOBALS['curr_theme'])) {
// Set new theme for guests
- $newTheme = $_POST['new_theme'];
+ $newTheme = REQUEST_POST('new_theme');
// Change to new theme
set_session('mxchange_theme', $newTheme);
// Add links for selecting some users
function alpha ($sortby, $colspan, $return=false) {
- if (empty($_GET['offset'])) $_GET['offset'] = 0;
- $ADD = "&page=".SQL_ESCAPE($_GET['page'])."&offset=".SQL_ESCAPE($_GET['offset']);
- if (!empty($_GET['mode'])) $ADD .= "&mode=".SQL_ESCAPE($_GET['mode']);
+ if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', 0);
+ $ADD = "&page=".SQL_ESCAPE(REQUEST_GET('page'))."&offset=".SQL_ESCAPE(REQUEST_GET('offset'));
+ if (REQUEST_ISSET_GET(('mode'))) $ADD .= "&mode=".SQL_ESCAPE(REQUEST_GET('mode'));
/* Creates the list of letters and makes them a link. */
$alphabet = array(_ALL2,"A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z",_OTHERS);
$num = count($alphabet) - 1;
$OUT = "";
while (list($counter, $ltr) = each($alphabet)) {
- if ($_GET['letter'] == $ltr) {
+ if (REQUEST_GET('letter') == $ltr) {
// Current letter is letter from URL
$OUT .= "<strong>".$ltr."</strong>";
} else {
// Output link to letter
$OUT .= "<a href=\"{!URL!}/modules.php?module=admin&what=".$GLOBALS['what'];
- if (!empty($_GET['mode'])) $OUT .= "&mode=".SQL_ESCAPE($_GET['mode']);
+ if (REQUEST_ISSET_GET(('mode'))) $OUT .= "&mode=".SQL_ESCAPE(REQUEST_GET('mode'));
$OUT .= "&letter=".$ltr."&sortby=".$sortby.$ADD."\">".$ltr."</a>";
}
// Add links for sorting
function SortLinks($letter, $sortby, $colspan, $return=false) {
$OUT = "";
- if (empty($_GET['offset'])) $_GET['offset'] = 0;
- if (empty($_GET['page'])) $_GET['page'] = 0;
+ if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', 0);
+ if (!REQUEST_ISSET_GET(('page'))) REQUEST_SET_GET('page' , 0);
// Add page and offset
- $ADD = "&page=".SQL_ESCAPE($_GET['page'])."&offset=".SQL_ESCAPE($_GET['offset']);
+ $ADD = "&page=".SQL_ESCAPE(REQUEST_GET('page'))."&offset=".SQL_ESCAPE(REQUEST_GET('offset'));
// Add status or mode
- if (!empty($_GET['status'])) $ADD .= "&mode=".SQL_ESCAPE($_GET['status']);
- elseif (!empty($_GET['mode'])) $ADD .= "&mode=".SQL_ESCAPE($_GET['mode']);
+ if (REQUEST_ISSET_GET(('status'))) $ADD .= "&mode=".SQL_ESCAPE(REQUEST_GET('status'));
+ elseif (REQUEST_ISSET_GET(('mode'))) $ADD .= "&mode=".SQL_ESCAPE(REQUEST_GET('mode'));
// Makes order by links..
if ($letter == "front") $letter = _ALL2;
$OUT = "";
for ($page = 1; $page <= $PAGES; $page++) {
- if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+ if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
$OUT .= "<strong>-";
} else {
- if (empty($_GET['letter'])) $_GET['letter'] = _ALL2;
- if (empty($_GET['sortby'])) $_GET['sortby'] = "userid";
+ if (!REQUEST_ISSET_GET(('letter'))) REQUEST_SET_GET('letter', getMessage('_ALL2'));
+ if (!REQUEST_ISSET_GET(('sortby'))) REQUEST_SET_GET('sortby', "userid");
// Base link
$OUT .= "<a href=\"{!URL!}/modules.php?module=admin&what=".$GLOBALS['what'];
// Add status or mode
- if (!empty($_GET['status'])) $OUT .= "&mode=".SQL_ESCAPE($_GET['status']);
- elseif (!empty($_GET['mode'])) $OUT .= "&mode=".SQL_ESCAPE($_GET['mode']);
+ if (REQUEST_ISSET_GET(('status'))) $OUT .= "&mode=".SQL_ESCAPE(REQUEST_GET('status'));
+ elseif (REQUEST_ISSET_GET(('mode'))) $OUT .= "&mode=".SQL_ESCAPE(REQUEST_GET('mode'));
// Letter and so on
- $OUT .= "&letter=".SQL_ESCAPE($_GET['letter'])."&sortby=".SQL_ESCAPE($_GET['sortby'])."&page=".$page."&offset=".$offset."\">";
+ $OUT .= "&letter=".SQL_ESCAPE(REQUEST_GET('letter'))."&sortby=".SQL_ESCAPE(REQUEST_GET('sortby'))."&page=".$page."&offset=".$offset."\">";
}
$OUT .= $page;
- if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+ if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
$OUT .= "-</strong>";
} else {
$OUT .= "</a>";
list($uid) = SQL_FETCHROW($result);
// Rewrite email address to contact link
- $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&u_id=".bigintval($uid);
+ $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&uid=".bigintval($uid);
} // END - if
// Free memory
// Is no admin registered?
if (!isBooleanConstantAndTrue('admin_registered')) {
// Admin is not registered so we have to inform the user
- if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
- if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
+ if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
+ REQUEST_SET_POST('ok', "***");
+ }
+
+ if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
// Hash the password with the old function because we are here in install mode
- $hashedPass = md5($_POST['pass']);
+ $hashedPass = md5(REQUEST_POST('pass'));
// Kill maybe existing session variables
destroyAdminSession(false);
// Do registration
- $ret = REGISTER_ADMIN($_POST['login'], $hashedPass);
+ $ret = REGISTER_ADMIN(REQUEST_POST('login'), $hashedPass);
switch ($ret)
{
case "done":
// Whas that action okay?
if ($ret != "done") {
// Fixes another "Notice"
- if (!empty($_POST['login'])) {
- define('__LOGIN_VALUE', $_POST['login']);
+ if (REQUEST_ISSET_POST(('login'))) {
+ define('__LOGIN_VALUE', REQUEST_POST('login'));
} else {
define('__LOGIN_VALUE', "");
}
// Yet-another "Notice" fix
- if ((!empty($_POST['ok'])) && ($_POST['ok'] == "***")) {
+ if ((IS_FORM_SENT()) && (REQUEST_POST('ok') == "***")) {
// No login entered?
- if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN');
+ if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
// An error comes back from registration?
if (!empty($ret)) $MSG1 = $ret;
// No password entered?
- if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS');
+ if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
// Or password too short?
- if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
+ if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
// Output error messages
define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
// Load register template
LOAD_TEMPLATE("admin_reg_form");
}
-} elseif (isset($_GET['reset_pass'])) {
+} elseif (REQUEST_ISSET_GET(('reset_pass'))) {
// Is the form submitted?
- if ((isset($_POST['send_link'])) && (!empty($_POST['email']))) {
+ if ((REQUEST_ISSET_POST(('send_link'))) && (REQUEST_ISSET_POST(('email')))) {
// Try to send the link out
- $OUT = ADMIN_SEND_PASSWORD_RESET_LINK($_POST['email']);
+ $OUT = ADMIN_SEND_PASSWORD_RESET_LINK(REQUEST_POST('email'));
// Output result
LOAD_TEMPLATE("admin_settings_saved", false, $OUT);
- } elseif (!empty($_GET['hash'])) {
+ } elseif (REQUEST_ISSET_GET(('hash'))) {
// Output form for hash validation
- LOAD_TEMPLATE("admin_validate_reset_hash_form", false, $_GET['hash']);
- } elseif ((isset($_POST['validate_hash'])) && (!empty($_POST['login'])) && (!empty($_POST['hash']))) {
+ LOAD_TEMPLATE("admin_validate_reset_hash_form", false, REQUEST_GET('hash'));
+ } elseif ((REQUEST_ISSET_POST(('validate_hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('hash')))) {
// Validate the login data and hash
- $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login']);
+ $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'));
// Valid?
if ($valid === true) {
// Prepare content first
$content = array(
- 'hash' => SQL_ESCAPE($_POST['hash']),
- 'login' => SQL_ESCAPE($_POST['login'])
+ 'hash' => SQL_ESCAPE(REQUEST_POST('hash')),
+ 'login' => SQL_ESCAPE(REQUEST_POST('login'))
);
// Validation okay so display form for final password change
// Cannot validate the login data and hash
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
}
- } elseif ((isset($_POST['reset_pass'])) && (!empty($_POST['hash'])) && (!empty($_POST['login'])) && (!empty($_POST['pass1'])) && ($_POST['pass1'] == $_POST['pass2'])) {
+ } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
// Okay, we shall the admin password here. So first revalidate the hash
- if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login'])) {
+ if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) {
// Set the password now
- $OUT = ADMIN_RESET_PASSWORD($_POST['login'], $_POST['pass1']);
+ $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1'));
// Output result
LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT);
LOAD_URL("modules.php?module=admin&action=login&logout=1");
} // END - if
- if (!empty($_GET['register'])) {
+ if (REQUEST_ISSET_GET(('register'))) {
// Registration of first admin is done
- if ($_GET['register'] == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
+ if (REQUEST_GET('register') == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
} // END - if
// Check if the admin has submitted data or not
- if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
- if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
+ if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
+ REQUEST_SET_POST('ok', "***");
+ }
+
+ if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
// All required data was entered so we check his account
- $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']);
+ $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass'));
// Which status do we have?
switch ($ret)
// Add data to URL
if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
- elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
+ elseif (REQUEST_ISSET_GET(('area'))) $URL .= "area=".REQUEST_GET('area');
// Load URL
LOAD_URL($URL);
break;
case "404": // Administrator login not found
- $_POST['ok'] = $ret;
+ REQUEST_SET_POST('ok', $ret);
$ret = getMessage('ADMIN_NOT_FOUND');
destroyAdminSession();
break;
case "pass": // Wrong password
- $_POST['ok'] = $ret;
+ REQUEST_SET_POST('ok', $ret);
$ret = "{--WRONG_PASS--} [<a href=\"{!URL!}/modules.php?module=admin&reset_pass=1\">{--ADMIN_RESET_PASS--}</a>]\n";
destroyAdminSession();
break;
// Error detected?
if ($ret != "done") {
- if (!empty($_POST['login'])) {
- define('__LOGIN_VALUE', $_POST['login']);
+ if (REQUEST_ISSET_POST(('login'))) {
+ define('__LOGIN_VALUE', REQUEST_POST('login'));
} else {
define('__LOGIN_VALUE', "");
}
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Set messages to zero
$MSG1 = ""; $MSG2 = "";
// No login entered?
- if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN');
+ if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
// An error comes back from login?
- if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret;
+ if ((!empty($ret)) && (REQUEST_POST('ok') == "404")) $MSG1 = $ret;
// No password entered?
- if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS');
+ if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
// Or password too short?
- if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
+ if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
// An error comes back from login?
- if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret;
+ if ((!empty($ret)) && (REQUEST_POST('ok') == "pass")) $MSG2 = $ret;
// Load message template
define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
// Set default values
$content = array('target' => "action", 'value' => "login");
}
- } elseif (!empty($_GET['area'])) {
+ } elseif (REQUEST_ISSET_GET(('area'))) {
// Restore old area value
- $content = array('target' => "area", 'value' => $_GET['area']);
+ $content = array('target' => "area", 'value' => REQUEST_GET('area'));
} else {
// Set default values
$content = array('target' => "action", 'value' => "login");
// Load login form template
LOAD_TEMPLATE("admin_login_form", false, $content);
} // END - if
-} elseif (isset($_GET['logout'])) {
+} elseif (REQUEST_ISSET_GET(('logout'))) {
// Only try to remove cookies
if (destroyAdminSession()) {
// Load logout template
- if (isset($_GET['register'])) {
+ if (REQUEST_ISSET_GET(('register'))) {
// Secure input
- $register = SQL_ESCAPE($_GET['register']);
+ $register = SQL_ESCAPE(REQUEST_GET('register'));
// Special logout redirect for installation of given extension
LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
- } elseif (isset($_GET['remove'])) {
+ } elseif (REQUEST_ISSET_GET(('remove'))) {
// Secure input
- $remove = SQL_ESCAPE($_GET['remove']);
+ $remove = SQL_ESCAPE(REQUEST_GET('remove'));
// Special logout redirect for removal of given extension
LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
$area = "entrance";
// Check for similar URL variable
- if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']);
+ if (REQUEST_ISSET_GET(('area'))) $area = SQL_ESCAPE(REQUEST_GET('area'));
// Load "logical-area menu-system" file
LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php");
break;
case "404": // Administrator login not found
- $_POST['ok'] = $ret;
+ REQUEST_SET_POST('ok', $ret);
destroyAdminSession();
addFatalMessage(getMessage('ADMIN_NOT_FOUND'));
break;
case "pass": // Wrong password
- $_POST['ok'] = $ret;
+ REQUEST_SET_POST('ok', $ret);
destroyAdminSession();
addFatalMessage(getMessage('WRONG_PASS'));
break;
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_POST['no'])) {
+if (REQUEST_ISSET_POST(('no'))) {
// Do not logout now
LOAD_URL("admin.php");
-} elseif ((!empty($_POST['yes'])) && ($GLOBALS['action'] == "logout")) {
+} elseif ((REQUEST_ISSET_POST(('yes'))) && ($GLOBALS['action'] == "logout")) {
// Redirect to logout link
LOAD_URL("modules.php?module=admin&logout=1");
}
) && (
set_session('admin_last', time())
) && (
- set_session('admin_to', bigintval($_POST['timeout']))
+ set_session('admin_to', bigintval(REQUEST_POST('timeout')))
)
);
}
$OUT .= "</select>\n";
} else {
// No menus???
- $OUT = ADMIN_PROBLEM_NO_MENU;
+ $OUT = getMessage('ADMIN_PROBLEM_NO_MENU');
}
// Return output
return $OUT;
}
+// Wrapper for $_POST and ADMIN_SAVE_SETTINGS
+function ADMIN_SAVE_SETTINGS_POST () {
+ // Get the array
+ $POST = REQUEST_POST_ARRAY();
+
+ // Call the lower function
+ ADMIN_SAVE_SETTINGS($POST);
+}
+
// Save settings to the database
-function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="config=0", $translateComma=array(), $alwaysAdd=false) {
+function ADMIN_SAVE_SETTINGS (&$POST, $tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) {
// Prepare all arrays, variables
$DATA = array();
$skip = false;
$handle = opendir(sprintf("%sinc/modules/%s/", constant('PATH'), $menu)) or mxchange_die("Cannot load menu ".$menu."!");
// Init the selection box
- $OUT = "<select name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <option value=\"\">".IS_TOP_MENU."</option>\n";
+ $OUT = "<select name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <option value=\"\">{--IS_TOP_MENU--}</option>\n";
// Walk through all files
while ($file = readdir($handle)) {
//* DEBUG: */ echo "a:".$title."<br />";
// Return link
- return "<a href=\"{!URL!}/modules.php?module=admin&what=".$wht."&u_id=".$uid."\" title=\"{--ADMIN_USER_PROFILE_TITLE--}\">".$title."</a>";
+ return "<a href=\"{!URL!}/modules.php?module=admin&what=".$wht."&uid=".$uid."\" title=\"{--ADMIN_USER_PROFILE_TITLE--}\">".$title."</a>";
}
// Check "logical-area-mode"
} // END - if
// Is the raw userid set?
- if ($_POST['uid_raw'][$id] > 0) {
+ if (REQUEST_POST('uid_raw', $id) > 0) {
// Generate subject
$subjectLine = constant('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
}
// Send email out
- SEND_EMAIL($_POST['uid_raw'][$id], $subjectLine, $mail);
+ SEND_EMAIL(REQUEST_POST('uid_raw', $id), $subjectLine, $mail);
} // END - if
// Generate subject
// Send admin notification out
if (!empty($subjectPart)) {
- SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, $_POST['uid_raw'][$id]);
+ SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, REQUEST_POST('uid_raw', $id));
} else {
- SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, $_POST['uid_raw'][$id]);
+ SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, REQUEST_POST('uid_raw', $id));
}
}
} // END - foreach
// Add other columns as well
- foreach ($_POST as $key => $entries) {
+ foreach (REQUEST_POST_ARRAY() as $key => $entries) {
// Skip id, raw userid and 'do_$mode'
if (!in_array($key, array($idColumn, 'uid_raw', ('do_'.$mode)))) {
// Are there brackets () at the end?
$idList = "";
foreach ($IDs as $id => $sel) {
// Is there a userid?
- if (isset($_POST['uid_raw'][$id])) {
+ if (REQUEST_ISSET_POST(('uid_raw', $id))) {
// Load all data from that id
$result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1",
array($table, $idColumn, $id), __FILE__, __LINE__);
$SQL = sprintf("UPDATE `{!_MYSQL_PREFIX!}_ SET",
SQL_ESCAPE($table)
);
- foreach ($_POST as $key => $entries) {
+ foreach (REQUEST_POST_ARRAY() as $key => $entries) {
// Skip raw userid which is always invalid
if ($key == "uid_raw") {
// Continue with next field
ADD_DESCR("admin", __FILE__);
// Is the formular sent?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save the row to the database
- ADMIN_SAVE_SETTINGS($_POST, "_bank_packages", "", array("account_fee", "interest_plus", "interest_minus", "first_payment"), true);
+ ADMIN_SAVE_SETTINGS(REQUEST_POST_ARRAY(), "_bank_packages", "", array("account_fee", "interest_plus", "interest_minus", "first_payment"), true);
} else {
// Display form
LOAD_TEMPLATE("admin_add_bank_package");
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
// Check if category does already exist
-}
- else
-{
+} else {
// Display form
LOAD_TEMPLATE("admin_add_guestnl_cat");
}
ADD_DESCR("admin", __FILE__);
// Fix a notice
-if (!isset($_GET['u_id'])) $_GET['u_id'] = "";
+if (!REQUEST_ISSET_GET(('uid'))) REQUEST_SET_GET('uid', "");
-if ($_GET['u_id'] == "all") {
+if (REQUEST_GET('uid') == "all") {
// Add points to all accounts
- if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) {
- define('__POINTS_VALUE', $_POST['points']);
+ if ((IS_FORM_SENT()) && (REQUEST_POST('points') > 0)) {
+ define('__POINTS_VALUE', REQUEST_POST('points'));
$result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
while (list($uid) = SQL_FETCHROW($result_main)) {
// Remove depth to prevent booking errors. This is a bad coding
$GLOBALS['ref_level'] = -1;
// Ok, add points and send an email to him...
- ADD_POINTS_REFSYSTEM("admin_all", $uid, bigintval($_POST['points']), false, "0", false, "direct");
+ ADD_POINTS_REFSYSTEM("admin_all", $uid, bigintval(REQUEST_POST('points')), false, "0", false, "direct");
// Prepare content
$content = array(
- 'text' => SQL_ESCAPE($_POST['reason']),
- 'points' => bigintval($_POST['points'])
+ 'text' => SQL_ESCAPE(REQUEST_POST('reason')),
+ 'points' => bigintval(REQUEST_POST('points'))
);
// Load email template and send email away
// Display form add points
LOAD_TEMPLATE("admin_add_points_all");
}
-} elseif (!empty($_GET['u_id'])) {
+} elseif (REQUEST_ISSET_GET(('uid'))) {
// User ID found in URL so we use this give him some credits
$result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Selected user does exist
list($sname, $fname, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+ if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) {
// Remove depth to prevent booking errors. This is a bad coding
// practice, thats also why we need to write this project from
// scratch...
unset($GLOBALS['ref_level']);
// Ok, add points and send an email to him...
- ADD_POINTS_REFSYSTEM("admin_single", bigintval($_GET['u_id']), bigintval($_POST['points']), false, "0", false, "direct");
+ ADD_POINTS_REFSYSTEM("admin_single", bigintval(REQUEST_GET('uid')), bigintval(REQUEST_POST('points')), false, "0", false, "direct");
// Prepare content
$content = array(
- 'text' => SQL_ESCAPE($_POST['reason']),
- 'points' => bigintval($_POST['points'])
+ 'text' => SQL_ESCAPE(REQUEST_POST('reason')),
+ 'points' => bigintval(REQUEST_POST('points'))
);
// Message laden
- $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($_GET['u_id']));
+ $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval(REQUEST_GET('uid')));
- SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_ADD_SUBJ'), $msg);
+ SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_ADD_SUBJ'), $msg);
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_ADDED'));
} else {
// Opps, missing form here
define('__USER_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$sname." ".$fname."</a>");
- define('__UID' , bigintval($_GET['u_id']));
+ define('__UID' , bigintval(REQUEST_GET('uid')));
LOAD_TEMPLATE("admin_add_points");
}
} else {
// User not found!
- LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+ LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
}
} else {
// Output selection form with all confirmed user accounts listed
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
// Generate timestamps
- $START = mktime($_POST['start_hour'], $_POST['start_min'], $_POST['start_sec'], $_POST['start_month'], $_POST['start_day'], $_POST['start_year']);
- $END = mktime($_POST['end_hour'] , $_POST['end_min'] , $_POST['end_sec'] , $_POST['end_month'] , $_POST['end_day'] , $_POST['end_year'] );
+ $START = mktime(REQUEST_POST('start_hour'), REQUEST_POST('start_min'), REQUEST_POST('start_sec'), REQUEST_POST('start_month'), REQUEST_POST('start_day'), REQUEST_POST('start_year'));
+ $END = mktime(REQUEST_POST('end_hour') , REQUEST_POST('end_min') , REQUEST_POST('end_sec') , REQUEST_POST('end_month') , REQUEST_POST('end_day') , REQUEST_POST('end_year') );
// Is there already a rallye running?
$result = SQL_QUERY_ESC("SELECT id, admin_id FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE (start_time <= %s AND end_time >= %s) OR (start_time >= %s AND start_time <= %s) LIMIT 1",
- array($START, $START, $START, $END), __FILE__, __LINE__);
+ array($START, $START, $START, $END), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 0)
- {
+ if (SQL_NUMROWS($result) == 0) {
// Ok, start and end time did not overlap
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_data` (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify)
VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')",
array(
GET_CURRENT_ADMIN_ID(),
- $_POST['title'],
- $_POST['descr'],
- $_POST['template'],
+ REQUEST_POST('title'),
+ REQUEST_POST('descr'),
+ REQUEST_POST('template'),
$START,
$END,
- $_POST['auto_add'],
- $_POST['active'],
- $_POST['notify'],
+ REQUEST_POST('auto_add'),
+ REQUEST_POST('active'),
+ REQUEST_POST('notify'),
), __FILE__, __LINE__);
// Load ID
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE start_time='%s' AND end_time='%s' AND `title`='%s' LIMIT 1",
- array($START, $END, $_POST['title']), __FILE__, __LINE__);
+ array($START, $END, REQUEST_POST('title')), __FILE__, __LINE__);
list($id) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- if (!empty($id))
- {
+ if (!empty($id)) {
// Reload to prices...
LOAD_URL("modules.php?module=admin&what=config_rallye_prices&rallye=".$id);
- }
- else
- {
+ } else {
// Problem detected...
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PROBLEM_CREATE);
}
- }
- else
- {
+ } else {
// Free memory
SQL_FREERESULT($result);
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save sponsor in database
- SPONSOR_HANDLE_SPONSOR($_POST);
+ SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY());
} else {
// Prepare constants for the template
define('__SPONSOR_MIN_VALUE', getConfig('sponsor_min_points'));
ADD_DESCR("admin", __FILE__);
// Was an URL added?
-if ((isset($_POST['add'])) && (!empty($_POST['url']))) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('url')))) {
// Dummy variables
$DATA = array(); $id = "reload_ye"; $skip = false;
// Convert the "reload selections"
- CONVERT_SELECTIONS_TO_TIMESTAMP($_POST, $DATA, $id, $skip);
+ CONVERT_SELECTIONS_TO_TIMESTAMP(REQUEST_POST_ARRAY(), $DATA, $id, $skip);
// Then add this URL
- if (SURFBAR_ADMIN_ADD_URL($_POST['url'], $_POST['limit'], $_POST['reload'])) {
+ if (SURFBAR_ADMIN_ADD_URL(REQUEST_POST('url'), REQUEST_POST('limit'), REQUEST_POST('reload'))) {
// URL was added
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_URL_ADDED'));
} else {
ADD_DESCR("admin", __FILE__);
// Check if the admin has entered title and what-php file name...
-if (((empty($_POST['title'])) || (empty($_POST['menu'])) || (empty($_POST['descr']))) && (isset($_POST['ok']))) {
- unset($_POST['ok']);
+if (((!REQUEST_ISSET_POST(('title'))) || (!REQUEST_ISSET_POST(('menu'))) || (!REQUEST_ISSET_POST(('descr')))) && (IS_FORM_SENT())) {
+ REQUEST_UNSET_POST('ok');
}
-if (!isset($_POST['ok']))
+if (!IS_FORM_SENT())
{
// Create arrays
$menus = array(); $titles = array(); $below = array();
LOAD_TEMPLATE("admin_admin_add");
} elseif (!IS_DEMO()) {
// Insert new menu entry
- if (!empty($_POST['menu'])) {
+ if (REQUEST_ISSET_POST(('menu'))) {
// Add sub menu
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('%s','%s','%s','%s','%s')",
array(
- $_POST['menu'],
- $_POST['name'],
- $_POST['title'],
- $_POST['descr'],
- bigintval($_POST['sort']),
+ REQUEST_POST('menu'),
+ REQUEST_POST('name'),
+ REQUEST_POST('title'),
+ REQUEST_POST('descr'),
+ bigintval(REQUEST_POST('sort')),
), __FILE__, __LINE__
);
- CACHE_PURGE_ADMIN_MENU(0, $_POST['menu'], $_POST['name']);
+ CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('menu'), REQUEST_POST('name'));
} else {
// Add main menu
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admin_menu` (action, title, descr, sort) VALUES ('%s','%s','%s','%s')",
array(
- $_POST['name'],
- $_POST['title'],
- $_POST['descr'],
- bigintval($_POST['sort']),
+ REQUEST_POST('name'),
+ REQUEST_POST('title'),
+ REQUEST_POST('descr'),
+ bigintval(REQUEST_POST('sort')),
), __FILE__, __LINE__
);
- CACHE_PURGE_ADMIN_MENU(0, $_POST['name']);
+ CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('name'));
}
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
} else {
// Do we edit/delete/change main menus or sub menus?
$AND = "(`what` = '' OR `what` IS NULL)"; $SUB = "";
-if (!empty($_GET['sub']))
+if (REQUEST_ISSET_GET(('sub')))
{
- $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub']));
- $SUB = SQL_ESCAPE($_GET['sub']);
+ $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub')));
+ $SUB = SQL_ESCAPE(REQUEST_GET('sub'));
}
// Get count of (maybe) selected menu points
$chk = 0;
-if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel'));
// List all menu points and make them editable
-if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
+if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO())) {
// Edit menu entries
define('__SUB_VALUE', $SUB);
define('__CHK_VALUE', $chk);
$cnt = 0; $SW = 2;
- foreach ($_POST['sel'] as $sel => $confirm)
+ foreach (REQUEST_POST('sel') as $sel => $confirm)
{
if ($confirm == 1)
{
// Load template
LOAD_TEMPLATE("admin_amenu_edit_form");
}
- elseif ((isset($_POST['del'])) && (!IS_DEMO()))
+ elseif ((REQUEST_ISSET_POST(('del'))) && (!IS_DEMO()))
{
define('__SUB_VALUE', $SUB);
define('__CHK_VALUE', $chk);
// Del menu entries with or without confirmation
$SW = 2; $cnt = 0; $OUT = "";
- foreach ($_POST['sel'] as $sel => $confirm)
+ foreach (REQUEST_POST('sel') as $sel => $confirm)
{
if ($confirm == 1)
{
// Load template
LOAD_TEMPLATE("admin_amenu_delete");
-} elseif ((isset($_POST['ok'])) && (!IS_DEMO())) {
+} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) {
// An action is done...
- switch ($_POST['ok'])
+ switch (REQUEST_POST('ok'))
{
case "edit": // Edit menu
- foreach ($_POST['sel'] as $sel => $menu) {
+ foreach (REQUEST_POST('sel') as $sel => $menu) {
// Secure ID
$sel = bigintval($sel);
WHERE ".$AND." AND id=%s LIMIT 1",
array(
$menu,
- $_POST['sel_action'][$sel],
- $_POST['sel_what'][$sel],
- $_POST['sel_desc'][$sel],
+ REQUEST_POST('sel_action', $sel),
+ REQUEST_POST('sel_what', $sel),
+ REQUEST_POST('sel_desc', $sel),
$sel,
), __FILE__, __LINE__);
}
// Purge admin menu cache
- CACHE_PURGE_ADMIN_MENU(0, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel]);
+ CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('sel_action', $sel), REQUEST_POST('sel_what', $sel));
// Load template
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
break;
case "del": // Delete menu
- foreach ($_POST['sel'] as $sel => $menu) {
+ foreach (REQUEST_POST('sel') as $sel => $menu) {
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
break;
default: // Unexpected action
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", $_POST['ok']));
- define('__OK_VALUE', $_POST['ok']);
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", REQUEST_POST('ok')));
+ define('__OK_VALUE', REQUEST_POST('ok'));
LOAD_TEMPLATE("admin_menu_unknown_okay");
break;
}
} else {
- if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) {
+ if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) {
// Get IDs
- if (!empty($_GET['w'])) {
+ if (REQUEST_ISSET_GET(('w'))) {
// Sub menus selected
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
- array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__);
+ array(REQUEST_GET('act'), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
list($tid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$result = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
- array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__);
+ array(REQUEST_GET('act'), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
} else {
// Main menu selected
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
- array(bigintval($_GET['tid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
list($tid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
- array(bigintval($_GET['fid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
if ((!empty($tid)) && (!empty($fid))) {
// Sort menu
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admin_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__);
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admin_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__);
CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
}
}
// Display form is default
$FORM = true;
-if ((isset($_POST['add'])) && (!empty($_POST['login'])) && (!empty($_POST['email'])) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] == $_POST['pass2'])) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('email'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
// Add admin when not added already
- if (REGISTER_ADMIN($_POST['login'], generateHash($_POST['pass1']), $_POST['email']) == "done") {
+ if (REGISTER_ADMIN(REQUEST_POST('login'), generateHash(REQUEST_POST('pass1')), REQUEST_POST('email')) == "done") {
// Do not ouput any form!
$FORM = false;
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ADD_DONE'));
// Run filter chain
- RUN_FILTER('post_admin_added', $_POST);
+ RUN_FILTER('post_admin_added', REQUEST_POST_ARRAY());
} // END - if
} // END - if
// Shall we display the form?
if ($FORM === true) {
// Set missing elements
- // @TODO Do we need this ugly code here?
- if (!isset($_POST['login'])) $_POST['login'] = "";
- if (!isset($_POST['email'])) $_POST['email'] = "";
+ // @TODO Do we still need this ugly code here?
+ if (!REQUEST_ISSET_POST(('login'))) REQUEST_SET_POST('login', "");
+ if (!REQUEST_ISSET_POST(('email'))) REQUEST_SET_POST('email', "");
// Load form from template
LOAD_TEMPLATE("admin_admins_add");
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if ((isset($_POST['ok'])) && (!empty($_GET['admin']))) {
+if ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('admin')))) {
// Send mail or message
- if ((EXT_IS_ACTIVE("msg")) && ($_POST['type'] == "msg")) {
+ if ((EXT_IS_ACTIVE("msg")) && (REQUEST_POST('type') == "msg")) {
// Add message
- $msg = LOAD_EMAIL_TEMPLATE("admins_msg_contct_admin", $_POST['text'], "0");
- SEND_ADMIN_MESSAGE($_GET['admin'], ADMINS_MSG_FROM_ADMIN, $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("admins_msg_contct_admin", REQUEST_POST('text'), "0");
+ SEND_ADMIN_MESSAGE(REQUEST_GET('admin'), ADMINS_MSG_FROM_ADMIN, $msg);
} else {
// Load admin's email address
- $email = GET_ADMIN_EMAIL(bigintval($_GET['admin']));
+ $email = GET_ADMIN_EMAIL(bigintval(REQUEST_GET('admin')));
// Load email template and send the mail to the admin
- $msg = LOAD_EMAIL_TEMPLATE("admins_mail_contct_admin", $_POST['text'], "0");
+ $msg = LOAD_EMAIL_TEMPLATE("admins_mail_contct_admin", REQUEST_POST('text'), "0");
SEND_EMAIL($email, ADMINS_MSG_FROM_ADMIN, $msg);
}
// Mail / message dropped
LOAD_TEMPLATE("admin_settings_saved", false, ADMINS_ADMIN_CONTACTED);
-} elseif (!empty($_GET['admin'])) {
+} elseif (REQUEST_ISSET_GET(('admin'))) {
// Load contact form template
- define('__ADMIN', $_GET['admin']);
+ define('__ADMIN', REQUEST_GET('admin'));
if (EXT_IS_ACTIVE("msg")) {
// Add option to select between mail and message
define('ADMINS_MESSAGING_SELECTION', LOAD_TEMPLATE("admin_admins_contct_select", true));
ADD_DESCR("admin", __FILE__);
// Set selection data to empty array when it is empty
-if (empty($_POST['sel'])) $_POST['sel'] = array();
+if (!REQUEST_ISSET_POST(('sel'))) REQUEST_SET_POST('sel', array());
// Check if direct admin account was selected
-if (!empty($_GET['admin'])) {
+if (REQUEST_ISSET_GET(('admin'))) {
// Secure ID number
- $aid = bigintval($_GET['admin']);
- $_POST['edit'] = "1";
- $_POST['sel'][$aid] = "1";
+ $aid = bigintval(REQUEST_GET('admin'));
+
+ // Set required fields
+ REQUEST_SET_POST('edit', "1");
+ REQUEST_SET_POST(array('sel', $aid), "1");
}
-if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
// Edit account(s)
- ADMINS_EDIT_ADMIN_ACCOUNTS($_POST);
-} elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0)) {
+ ADMINS_EDIT_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY());
+} elseif ((REQUEST_ISSET_POST(('change'))) && (sizeof(REQUEST_POST('login')) > 0)) {
// Change admin accounts
- ADMINS_CHANGE_ADMIN_ACCOUNT($_POST);
-} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+ ADMINS_CHANGE_ADMIN_ACCOUNT(REQUEST_POST_ARRAY());
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
// Show admin accounts for deletetion
- ADMINS_DELETE_ADMIN_ACCOUNTS($_POST);
+ ADMINS_DELETE_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY());
} else {
- if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+ if ((REQUEST_ISSET_POST(('remove'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
// Remove accounts now
- ADMINS_REMOVE_ADMIN_ACCOUNTS($_POST);
+ ADMINS_REMOVE_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY());
}
// List all admin accounts
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['edit']))
+if (REQUEST_ISSET_POST(('edit')))
{
// Check if entires are checked
- $SEL = SELECTION_COUNT($_POST['sel']);
+ $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
if ($SEL > 0)
{
// Add option for events
$GLOBALS['cache_array']['admins'] = ADD_OPTION_LINES("admins", "id", "login", "", "email");
$SW = 2; $rowNameS = "";
- foreach ($_POST['sel'] as $template => $sel) {
+ foreach (REQUEST_POST('sel') as $template => $sel) {
// First of all load data from DB
$result = SQL_QUERY_ESC("SELECT admin_id, id FROM `{!_MYSQL_PREFIX!}_admins_mails` WHERE mail_template='%s' ORDER BY `id`",
array($template), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
// Shall I change entries?
- if (isset($_POST['change']))
+ if (REQUEST_ISSET_POST(('change')))
{
// Ok, update database
- foreach ($_POST['admin_id'] as $id => $aid)
- {
+ foreach (REQUEST_POST('admin_id') as $id => $aid) {
// Secure IDs
$id = bigintval($id);
$aid = bigintval($aid);
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins_mails` SET admin_id=%s WHERE id=%s ORDER BY `id` LIMIT 1",
array($aid, $id), __FILE__, __LINE__);
- if (($aid < 1) && (!empty($_POST['template'][$id])))
+ if (($aid < 1) && (REQUEST_ISSET_POST(('template', $id))))
{
// Remove any other admin entries
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins_mails` WHERE mail_template='%s' AND id != '%s'",
- array($_POST['template'][$id], $id), __FILE__, __LINE__);
+ array(REQUEST_POST('template', $id), $id), __FILE__, __LINE__);
}
- if ($_POST['admin_new'][$_POST['template'][$id]] > 0)
+ if (REQUEST_POST('admin_new', REQUEST_POST('template', $id)) > 0)
{
// Add new admin
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_mails` (admin_id, mail_template) VALUES ('%s','%s')",
- array($aid, $_POST['template'][$id]), __FILE__, __LINE__);
+ array($aid, REQUEST_POST('template', $id)), __FILE__, __LINE__);
}
}
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save data
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Minimum mails / active
define('__LIMIT_VALUE', getConfig('active_limit'));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save configuration
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare data for the template
switch (getConfig('admin_menu'))
ADD_DESCR("admin", __FILE__);
$SEL = 0;
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
-if ((isset($_POST['edit'])) && ($SEL > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && ($SEL > 0)) {
// Edit ACLs
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Load data for the ID
$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// Load main template
LOAD_TEMPLATE("admin_config_admins_edit");
-} elseif ((isset($_POST['change'])) && ($SEL > 0)) {
+} elseif ((REQUEST_ISSET_POST(('change'))) && ($SEL > 0)) {
// Change entries
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Secure ID
$id = bigintval($id);
// Update entries
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins_acls` SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
- array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
+ array(
+ REQUEST_POST('admin', $id),
+ REQUEST_POST('action_menu', $id),
+ REQUEST_POST('what_menu', $id),
+ REQUEST_POST('mode', $id),
+ $id
+ ),__FILE__, __LINE__);
}
// Update cache when installed
if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile();
// Purge menu cache
- CACHE_PURGE_ADMIN_MENU($_POST['admin'][$id]);
+ CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin', $id));
}
// Entries changed
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_CHANGED'));
-} elseif ((isset($_POST['del'])) && ($SEL > 0)) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ($SEL > 0)) {
// Delete ACLs
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Load data for the ID
$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// Load main template
LOAD_TEMPLATE("admin_config_admins_del");
-} elseif ((isset($_POST['remove'])) && ($SEL > 0)) {
+} elseif ((REQUEST_ISSET_POST(('remove'))) && ($SEL > 0)) {
// Remove entries
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
array(bigintval($id)),__FILE__, __LINE__);
}
// Entries deleted
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_DELETED'));
-} elseif (isset($_POST['add'])) {
+} elseif (REQUEST_ISSET_POST(('add'))) {
// Check if everything is fine...
- $mode = GET_ADMIN_DEFAULT_ACL(bigintval($_POST['admin_id']));
+ $mode = GET_ADMIN_DEFAULT_ACL(bigintval(REQUEST_POST('admin_id')));
// Default ACL is false
$ACL = false;
- if (!empty($_POST['what_menu'])) {
+ if (REQUEST_ISSET_POST(('what_menu'))) {
// Check parent ACL
- $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", $_POST['what_menu']), "");
+ $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", REQUEST_POST('what_menu')), "");
}
- if ($mode != $_POST['mode'] || ($ACL)) {
+ if ($mode != REQUEST_POST('mode') || ($ACL)) {
// Mode is fine
- $BOTH = ((!empty($_POST['action_menu'])) && (!empty($_POST['what_menu'])));
- if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH)) {
+ $BOTH = ((REQUEST_ISSET_POST(('action_menu'))) && (REQUEST_ISSET_POST(('what_menu'))));
+ if (((REQUEST_ISSET_POST(('action_menu'))) || (REQUEST_ISSET_POST(('what_menu')))) && (!$BOTH)) {
// Main or sub menu selected
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
- array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('admin_id')), REQUEST_POST('action_menu'), REQUEST_POST('what_menu')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Finally add the new ACL
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_acls` (admin_id, action_menu, what_menu, access_mode)
VALUES ('%s','%s','%s','%s')",
array(
- bigintval($_POST['admin_id']),
- $_POST['action_menu'],
- $_POST['what_menu'],
- $_POST['mode']
+ bigintval(REQUEST_POST('admin_id')),
+ REQUEST_POST('action_menu'),
+ REQUEST_POST('what_menu'),
+ REQUEST_POST('mode')
), __FILE__, __LINE__);
$content = ADMIN_ADMINS_ACL_SAVED;
if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile();
// Purge cache
- CACHE_PURGE_ADMIN_MENU($_POST['admin_id'], $_POST['action_menu'], $_POST['what_menu']);
+ CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin_id'), REQUEST_POST('action_menu'), REQUEST_POST('what_menu'));
} // END - if
} else {
// ACL does already exist!
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Data was submitted so we store it
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Output de-/activation selections
define('__AP_INACTIVE_SELECTION' , ADD_SELECTION("yn", getConfig('autopurge_inactive') , "autopurge_inactive"));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Translate german decimal commas to computer decimal dots
- $_POST['beg_points'] = REVERT_COMMA($_POST['beg_points'] );
- $_POST['beg_points_max'] = REVERT_COMMA($_POST['beg_points_max'] );
- $_POST['beg_notify_bonus'] = REVERT_COMMA($_POST['beg_notify_bonus']);
+ REQUEST_SET_POST('beg_points' , REVERT_COMMA(REQUEST_POST('beg_points') ));
+ REQUEST_SET_POST('beg_points_max' , REVERT_COMMA(REQUEST_POST('beg_points_max') ));
+ REQUEST_SET_POST('beg_notify_bonus', REVERT_COMMA(REQUEST_POST('beg_notify_bonus')));
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
// Remember new settings
- setConfigEntry('beg_rallye' , $_POST['beg_rallye']);
- setConfigEntry('beg_ral_en_notify', $_POST['beg_ral_en_notify']);
- setConfigEntry('beg_ral_di_notify', $_POST['beg_ral_di_notify']);
+ setConfigEntry('beg_rallye' , REQUEST_POST('beg_rallye'));
+ setConfigEntry('beg_ral_en_notify', REQUEST_POST('beg_ral_en_notify'));
+ setConfigEntry('beg_ral_di_notify', REQUEST_POST('beg_ral_di_notify'));
} else {
// Prepare constants for the template
define('__BEG_POINTS' , TRANSLATE_COMMA(getConfig('beg_points') , false));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save configuration
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare data for the template
define('__POINTS_VALUE', getConfig('birthday_points'));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Replace german decimal commas to computer decimal dots
- $_POST['login_bonus'] = REVERT_COMMA($_POST['login_bonus'] );
- $_POST['turbo_bonus'] = REVERT_COMMA($_POST['turbo_bonus'] );
- $_POST['bonus_ref'] = REVERT_COMMA($_POST['bonus_ref'] );
- $_POST['bonus_order'] = REVERT_COMMA($_POST['bonus_order'] );
- $_POST['bonus_notify_points'] = REVERT_COMMA($_POST['bonus_notify_points']);
+ REQUEST_POST('login_bonus') = REVERT_COMMA(REQUEST_POST('login_bonus') );
+ REQUEST_POST('turbo_bonus') = REVERT_COMMA(REQUEST_POST('turbo_bonus') );
+ REQUEST_POST('bonus_ref') = REVERT_COMMA(REQUEST_POST('bonus_ref') );
+ REQUEST_POST('bonus_order') = REVERT_COMMA(REQUEST_POST('bonus_order') );
+ REQUEST_SET_POST('bonus_notify_points', REVERT_COMMA(REQUEST_POST('bonus_notify_points')));
// Generate string for saving ranks
- $_POST['turbo_rates'] = ""; $RATES = array();
- foreach ($_POST['rate'] as $rate) {
+ REQUEST_SET_POST('turbo_rates', "");
+ $RATES = array();
+ foreach (REQUEST_POST('rate') as $rate) {
$rate = trim(REVERT_COMMA($rate));
- if (isset($rate)) $RATES[] = $rate;
+ if (!empty($rate)) $RATES[] = $rate;
}
- $_POST['turbo_rates'] = trim(implode(";", $RATES));
- unset($_POST['rate']);
+ REQUEST_SET_POST('turbo_rates', trim(implode(";", $RATES)));
+ REQUEST_UNSET_POST(('rate'));
// Automatically calculate bonus points for ranks 2 and 3 when not set
- if (empty($_POST['turbo_rates'])) $_POST['turbo_rates'] = "".round(getConfig('turbo_bonus') / 2).";".round(getConfig('turbo_bonus') / 4)."";
+ if (!REQUEST_ISSET_POST(('turbo_rates'))) REQUEST_SET_POST('turbo_rates', "".round(getConfig('turbo_bonus') / 2).";".round(getConfig('turbo_bonus') / 4)."");
// Save data
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
// Remember new settings
- setConfigEntry('bonus_active' , $_POST['bonus_active']);
- setConfigEntry('bonus_en_notify', $_POST['bonus_en_notify']);
- setConfigEntry('bonus_di_notify', $_POST['bonus_di_notify']);
+ setConfigEntry('bonus_active' , REQUEST_POST('bonus_active'));
+ setConfigEntry('bonus_en_notify', REQUEST_POST('bonus_en_notify'));
+ setConfigEntry('bonus_di_notify', REQUEST_POST('bonus_di_notify'));
} else {
// Prepare contants for the template
define('__LOGIN_VALUE' , TRANSLATE_COMMA(getConfig('login_bonus') , false));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Cache path has been not changed by default so don't test it again
- $_POST['cache_tested'] = "N";
+ REQUEST_SET_POST('cache_tested', "N");
// Check if path has been changed
- if ($_POST['cache_path'] != getConfig('cache_path')) {
+ if (REQUEST_POST('cache_path') != getConfig('cache_path')) {
// Okay, cache path has been altered so we have to test it again!
- $_POST['cache_tested'] = "Y";
+ REQUEST_SET_POST('cache_tested', "Y");
}
- // Delete deactivated cache files
- if (($_POST['cache_admins'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("admins"))) {
+ if ((REQUEST_POST('cache_admins') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("admins"))) {
$GLOBALS['cache_instance']->destroyCacheFile();
}
- if (($_POST['cache_acls'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("acls"))) {
+
+ if ((REQUEST_POST('cache_acls') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("acls"))) {
$GLOBALS['cache_instance']->destroyCacheFile();
}
- if (($_POST['cache_exts'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("extensions", true))) {
+
+ if ((REQUEST_POST('cache_exts') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("extensions", true))) {
$GLOBALS['cache_instance']->destroyCacheFile();
}
- if (($_POST['cache_config'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("config"))) {
+
+ if ((REQUEST_POST('cache_config') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("config"))) {
$GLOBALS['cache_instance']->destroyCacheFile();
}
- if (($_POST['cache_modreg'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("modreg"))) {
+
+ if ((REQUEST_POST('cache_modreg') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("modreg"))) {
$GLOBALS['cache_instance']->destroyCacheFile();
}
- if (($_POST['cache_refdepth'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refdepth"))) {
+
+ if ((REQUEST_POST('cache_refdepth') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refdepth"))) {
$GLOBALS['cache_instance']->destroyCacheFile();
}
- if (($_POST['cache_refsys'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refsys"))) {
+
+ if ((REQUEST_POST('cache_refsys') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refsys"))) {
$GLOBALS['cache_instance']->destroyCacheFile();
}
// Save configuration
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare data
switch (getConfig('cache_admins')) {
// Init variable to avoid a notice
$CATS = "";
-if (isset($_POST['add'])) {
+if (REQUEST_ISSET_POST(('add'))) {
// Add a new category
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_cats` WHERE cat='%s' LIMIT 1",
- array($_POST['catname']), __FILE__, __LINE__);
+ array(REQUEST_POST('catname')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Category does not exists, we simply add it...
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_cats` (cat, visible, sort) VALUES ('%s','%s','%s')",
- array($_POST['catname'], $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__);
+ array(REQUEST_POST('catname'), REQUEST_POST('visible'), bigintval(REQUEST_POST('parent') + 1)), __FILE__, __LINE__);
$content = CATEGORY_ADDED;
} else {
// Category does already exists
// Display message
LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif ((isset($_POST['ok'])) && (isset($_POST['id'])) && (is_array($_POST['id']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('id'))) && (is_array(REQUEST_POST('id')))) {
// Change or delete categories...
$TEXT = "";
- foreach ($_POST['id'] as $id => $cat) {
+ foreach (REQUEST_POST('id') as $id => $cat) {
// Secure ID
$id = bigintval($id);
// Is the entry set?
if (!empty($cat)) {
- switch ($_GET['do'])
+ switch (REQUEST_GET('do'))
{
case "edit": // Change categories
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_cats` SET cat='%s', `visible`='%s', sort=%s WHERE id=%s LIMIT 1",
- array($cat, $_POST['vis'][$id], $_POST['sort'][$id], $id), __FILE__, __LINE__);
+ array(
+ $cat,
+ REQUEST_POST('vis', $id),
+ REQUEST_POST('sort', $id),
+ $id
+ ), __FILE__, __LINE__);
$TEXT = CATEGORIES_SAVED;
break;
// Display message
LOAD_TEMPLATE("admin_settings_saved", false, $TEXT);
}
-} elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
// Delete categories
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $value) {
+ foreach (REQUEST_POST('sel') as $id => $value) {
// Load data of category
$result = SQL_QUERY_ESC("SELECT cat FROM `{!_MYSQL_PREFIX!}_cats` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// Load main template
LOAD_TEMPLATE("admin_del_cats");
-} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
// Edit categories
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $value)
+ foreach (REQUEST_POST('sel') as $id => $value)
{
// Load data from the category
$result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM `{!_MYSQL_PREFIX!}_cats` WHERE id=%s LIMIT 1",
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Replace commata with decimal dot
- $_POST['doubler_charge'] = REVERT_COMMA(($_POST['doubler_charge'] / 100));
- $_POST['doubler_ref'] = REVERT_COMMA(($_POST['doubler_ref'] / 100));
- $_POST['doubler_min'] = REVERT_COMMA($_POST['doubler_min']);
- $_POST['doubler_max'] = REVERT_COMMA($_POST['doubler_max']);
- $_POST['doubler_left'] = REVERT_COMMA($_POST['doubler_left']);
+ REQUEST_SET_POST('doubler_charge', REVERT_COMMA((REQUEST_POST('doubler_charge') / 100)));
+ REQUEST_SET_POST('doubler_ref' , REVERT_COMMA((REQUEST_POST('doubler_ref') / 100)));
+ REQUEST_SET_POST('doubler_min' , REVERT_COMMA(REQUEST_POST('doubler_min')));
+ REQUEST_SET_POST('doubler_max' , REVERT_COMMA(REQUEST_POST('doubler_max')));
+ REQUEST_SET_POST('doubler_left' , REVERT_COMMA(REQUEST_POST('doubler_left')));
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare data for the template
// - Charge rate
ADD_DESCR("admin", __FILE__);
// Remove empty array index
-if (empty($_POST['max'])) unset($_POST['add_max']);
+if (!REQUEST_ISSET_POST(('max'))) REQUEST_UNSET_POST(('add_max'));
-if (isset($_POST['add_max'])) {
+if (REQUEST_ISSET_POST(('add_max'))) {
// Save all settings
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE value='%s' LIMIT 1",
- array(bigintval($_POST['max'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('max'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Add this value (including comment)
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_max_receive` (value, comment) VALUES ('%s','%s')",
- array(bigintval($_POST['max']), $_POST['comment']),__FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('max')), REQUEST_POST('comment')),__FILE__, __LINE__);
$content = MAX_VALUE_SAVED;
} else {
// Value does alread exists!
- $content = "<span class=\"admin_failed\">".MAX_VALUE_ALREADY."</span>";
+ $content = "<span class=\"admin_failed\">{--MAX_VALUE_ALREADY--}</span>";
}
// Free memory
// Display message
LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif ((isset($_POST['ok'])) && (isset($_GET['do']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('do')))) {
// Change or delete entries...
$TEXT = "";
- foreach ($_POST['id'] as $id => $value) {
+ foreach (REQUEST_POST('id') as $id => $value) {
// Secure ID
$id = bigintval($id);
- switch ($_GET['do'])
+ switch (REQUEST_GET('do'))
{
case "edit": // Change entries
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_max_receive` SET value='%s', comment='%s' WHERE id=%s LIMIT 1",
- array(bigintval($_POST['val'][$id]), $_POST['comm'][$id], $id),__FILE__, __LINE__);
+ array(
+ bigintval(REQUEST_POST('val', $id)),
+ REQUEST_POST('comm', $id),
+ $id
+ ),__FILE__, __LINE__);
$TEXT = MRECEIVE_SAVED;
break;
// Display message
LOAD_TEMPLATE("admin_settings_saved", false, $TEXT);
}
-} elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
// Delete entries
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $value)
+ foreach (REQUEST_POST('sel') as $id => $value)
{
// Load data
$result = SQL_QUERY_ESC("SELECT value, comment FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE id=%s LIMIT 1",
// Load main template
LOAD_TEMPLATE("admin_config_email_del");
-} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
// Edit entries
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $value) {
+ foreach (REQUEST_POST('sel') as $id => $value) {
// Load data
$result = SQL_QUERY_ESC("SELECT value, comment FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save configuration
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare data
switch (getConfig('verbose_sql')) {
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
{
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
}
else
{
ADD_DESCR("admin", __FILE__);
$sub = "";
-if (!empty($_GET['sub'])) $sub = $_GET['sub'];
+if (REQUEST_ISSET_GET(('sub'))) $sub = REQUEST_GET('sub');
switch ($sub)
{
break;
case "settings": // Settings related to the index page
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
OUTPUT_HTML("<a href=\"{!URL!}/modules.php?module=admin&what=config_home&sub=settings\">".ADMIN_CONTINUE_TO_CONFIG."</a>");
} else {
// Prepare data for the template
break;
case "target": // Set which what-file will be placed in home-page (only modules.php?module=index)
- if (isset($_GET['home'])) {
+ if (REQUEST_ISSET_GET(('home'))) {
// Set new home
- UPDATE_CONFIG("index_home", SQL_ESCAPE($_GET['home']));
+ UPDATE_CONFIG("index_home", SQL_ESCAPE(REQUEST_GET('home')));
} // END - if
// Load all what menu points
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
// Test timestamp
- $STAMP = mktime(0, 0, 0, bigintval($_POST['month']), bigintval($_POST['day']), bigintval($_POST['year']));
- if ($STAMP > time())
- {
+ $STAMP = mktime(0, 0, 0, bigintval(REQUEST_POST('month')), bigintval(REQUEST_POST('day')), bigintval(REQUEST_POST('year')));
+ if ($STAMP > time()) {
// Date is in the future!
- unset($_POST['ok']);
- }
- else
- {
+ REQUEST_UNSET_POST('ok');
+ } else {
// Remove entries
- unset($_POST['day']);
- unset($_POST['month']);
- unset($_POST['year']);
+ REQUEST_UNSET_POST(('day'));
+ REQUEST_UNSET_POST(('month'));
+ REQUEST_UNSET_POST(('year'));
// Remember timestamp
- $_POST['mt_start'] = $STAMP;
+ REQUEST_SET_POST('mt_start', $STAMP);
}
// Convert some data
- $_POST['mt_stage'] = bigintval($_POST['mt_stage']);
- if ($_POST['mt_stage'] <= GET_TOTAL_DATA("CONFIRMED", "user_data", "userid", "status", true))
- {
+ REQUEST_SET_POST('mt_stage', bigintval(REQUEST_POST('mt_stage')));
+ if (REQUEST_POST('mt_stage') <= GET_TOTAL_DATA("CONFIRMED", "user_data", "userid", "status", true)) {
// Not enougth!
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
}
}
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
// Save data
- ADMIN_SAVE_SETTINGS($_POST);
-}
- else
-{
+ ADMIN_SAVE_SETTINGS_POST();
+} else {
// Start of this exchange
- if (getConfig('mt_start') > 0)
- {
+ if (getConfig('mt_start') > 0) {
// Only show start
define('__MT_START', "<strong>".MAKE_DATETIME(getConfig('mt_start'), "3")."</strong>");
- }
- else
- {
+ } else {
// Make start editable
define('__MT_START',
ADD_SELECTION("day" , date("d", time())).
ADD_DESCR("admin", __FILE__);
$SEL = 0;
-if (isset($_POST['edit'])) {
+if (REQUEST_ISSET_POST(('edit'))) {
// Check if at least one module is selected
- $SEL = SELECTION_COUNT($_POST['sel']);
+ $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
if ($SEL > 0) {
// Output header
$OUT = ""; $SW = 2;
// Edit selected modules
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Load module data
$result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM `{!_MYSQL_PREFIX!}_mod_reg` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MODS_NOTHING_SELECTED'));
// Remove maybe confusing data
- unset($_POST['edit']);
- unset($_POST['change']);
+ REQUEST_UNSET_POST(('edit'));
+ REQUEST_UNSET_POST(('change'));
}
-} elseif (isset($_POST['change'])) {
+} elseif (REQUEST_ISSET_POST(('change'))) {
// Change modules
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Secure ID number
$id = bigintval($id);
// Update module
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_mod_reg` SET `title`='%s', `locked`='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%s LIMIT 1",
- array($_POST['title'][$id], $_POST['locked'][$id], $_POST['hidden'][$id], $_POST['admin'][$id], $_POST['member'][$id], $id), __FILE__, __LINE__);
+ array(
+ REQUEST_POST('title', $id),
+ REQUEST_POST('locked', $id),
+ REQUEST_POST('hidden', $id),
+ REQUEST_POST('admin', $id),
+ REQUEST_POST('member', $id),
+ $id
+ ), __FILE__, __LINE__);
}
// Remove cache file if version matches
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save data
- $_POST['nl_charge'] = REVERT_COMMA($_POST['nl_charge']);
+ REQUEST_SET_POST('nl_charge', REVERT_COMMA(REQUEST_POST('nl_charge')));
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare contants for the template
define('__CHARGE_VALUE' , TRANSLATE_COMMA(getConfig('nl_charge'), false));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save data
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Load template
LOAD_TEMPLATE("admin_config_nickname");
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save data
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare constants for the template
switch (getConfig('order_max_full'))
ADD_DESCR("admin", __FILE__);
// Stop saving data if one input field is !isset
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Calculate stamps and set calculated stamps
- $_POST['online_timeout'] = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout" , $_POST);
- $_POST['url_tlock'] = CREATE_TIMESTAMP_FROM_SELECTIONS("url_tlock" , $_POST);
- $_POST['profile_lock'] = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_lock" , $_POST);
- $_POST['profile_update'] = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_update" , $_POST);
- $_POST['resend_profile_update'] = CREATE_TIMESTAMP_FROM_SELECTIONS("resend_profile_update", $_POST);
+ REQUEST_POST('online_timeout') = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout" , REQUEST_POST_ARRAY());
+ REQUEST_POST('url_tlock') = CREATE_TIMESTAMP_FROM_SELECTIONS("url_tlock" , REQUEST_POST_ARRAY());
+ REQUEST_POST('profile_lock') = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_lock" , REQUEST_POST_ARRAY());
+ REQUEST_POST('profile_update') = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_update" , REQUEST_POST_ARRAY());
+ REQUEST_SET_POST('resend_profile_update', CREATE_TIMESTAMP_FROM_SELECTIONS("resend_profile_update", REQUEST_POST_ARRAY()));
// Online-Timeout shall be > 0 or your database will crow and crow and crow...
- if (!isset($_POST['online_timeout'])) { unset($_POST['ok']); }
+ if (!REQUEST_ISSET_POST(('online_timeout'))) { REQUEST_UNSET_POST('ok'); }
// Chedck other timestamps (which can be zero!)
- if (!isset($_POST['profile_lock'])) { unset($_POST['ok']); }
- if (!isset($_POST['url_tlock'])) { unset($_POST['ok']); }
- if (!isset($_POST['profile_update'])) { unset($_POST['ok']); }
- if (!isset($_POST['resend_profile_update'])) { unset($_POST['ok']); }
+ if (!REQUEST_ISSET_POST(('profile_lock'))) { REQUEST_UNSET_POST('ok'); }
+ if (!REQUEST_ISSET_POST(('url_tlock'))) { REQUEST_UNSET_POST('ok'); }
+ if (!REQUEST_ISSET_POST(('profile_update'))) { REQUEST_UNSET_POST('ok'); }
+ if (!REQUEST_ISSET_POST(('resend_profile_update'))) { REQUEST_UNSET_POST('ok'); }
// Check other settings
- if (!isset($_POST['max_send'])) { unset($_POST['ok']); }
- if (!isset($_POST['code_length'])) { unset($_POST['ok']); }
- if (!isset($_POST['reject_url'])) { unset($_POST['ok']); }
+ if (!REQUEST_ISSET_POST(('max_send'))) { REQUEST_UNSET_POST('ok'); }
+ if (!REQUEST_ISSET_POST(('code_length'))) { REQUEST_UNSET_POST('ok'); }
+ if (!REQUEST_ISSET_POST(('reject_url'))) { REQUEST_UNSET_POST('ok'); }
}
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Update stamps directly
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Transfer config data into constants for the template (DO NOT set $_CONFIG as global in LOAD_TEMPLATE!!!)
define('_CFG_CODE_LENGTH', getConfig('code_length'));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_POST['rate'])) $_POST['rate'] = REVERT_COMMA($_POST['rate']);
+if (REQUEST_ISSET_POST(('rate'))) REQUEST_SET_POST('rate', REVERT_COMMA(REQUEST_POST('rate')));
-if ((isset($_POST['add'])) && (!empty($_POST['title'])) && ($_POST['rate'] > 0)) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('title'))) && (REQUEST_POST('rate') > 0)) {
// Add new payout type
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE type='%s' LIMIT 1",
- array($_POST['title']), __FILE__, __LINE__);
+ array(REQUEST_POST('title')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Add now
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_payout_types`
(type, rate, min_points, from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url)
VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')",
array(
- $_POST['title'],
- bigintval($_POST['rate']),
- bigintval($_POST['mpoi']),
- $_POST['yacc'],
- $_POST['ypass'],
- $_POST['yurl'],
- $_POST['yrdone'],
- $_POST['yrfailed'],
- $_POST['ytrans'],
- $_POST['allow_url'],
+ REQUEST_POST('title'),
+ bigintval(REQUEST_POST('rate')),
+ bigintval(REQUEST_POST('mpoi')),
+ REQUEST_POST('yacc'),
+ REQUEST_POST('ypass'),
+ REQUEST_POST('yurl'),
+ REQUEST_POST('yrdone'),
+ REQUEST_POST('yrfailed'),
+ REQUEST_POST('ytrans'),
+ REQUEST_POST('allow_url'),
), __FILE__, __LINE__);
- $msg = ADMIN_PAYOUT_TYPE_ADDED;
+ $msg = getMessage('ADMIN_PAYOUT_TYPE_ADDED');
} else {
// Free memory
SQL_FREERESULT($result);
$result_mem = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE `status`='NEW' ORDER BY payout_timestamp DESC", __FILE__, __LINE__);
$display = true;
-if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
// Edit payout types
- if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) {
+ if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
// Edit entries
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Secure ID
$id = bigintval($id);
// Edit only if something is entered
- if ((!empty($_POST['title'][$id])) && ($_POST['rate'][$id] > 0)) {
+ if ((REQUEST_ISSET_POST(('title', $id))) && (REQUEST_POST('rate', $id) > 0)) {
// Update entry
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_payout_types` SET
type='%s',
allow_url='%s'
WHERE id='".$id."' LIMIT 1",
array(
- $_POST['title'][$id],
- bigintval(REVERT_COMMA($_POST['rate'][$id])),
- bigintval(REVERT_COMMA($_POST['mpoi'][$id])),
- $_POST['allow'][$id],
+ REQUEST_POST('title', $id),
+ bigintval(REVERT_COMMA(REQUEST_POST('rate', $id))),
+ bigintval(REVERT_COMMA(REQUEST_POST('mpoi' , $id))),
+ REQUEST_POST('allow', $id),
),__FILE__, __LINE__);
}
}
- $msg = ADMIN_PAYOUT_ENTRIES_CHANGED;
+ $msg = getMessage('ADMIN_PAYOUT_ENTRIES_CHANGED');
} else {
$display = false; //Suppress any other outputs
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Load data
$result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// Load main template
LOAD_TEMPLATE("admin_config_payouts_edit");
}
-} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
// Delete payout types
- if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) {
+ if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
// Delete entries
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
} else {
$display = false; //Suppress any other outputs
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Secure ID number
$id = bigintval($id);
$message = "";
// Is the 'sub' parameter set?
-if (!empty($_GET['sub'])) {
+if (REQUEST_ISSET_GET(('sub'))) {
// Yes, then do some sanity-checks
- switch ($_GET['sub'])
+ switch (REQUEST_GET('sub'))
{
case "points":
- if ((empty($_POST['points_register'])) || (empty($_POST['points_ref']))) {
- unset($_POST['ok']);
+ if ((!REQUEST_ISSET_POST(('points_register'))) || (!REQUEST_ISSET_POST(('points_ref')))) {
+ REQUEST_UNSET_POST('ok');
}
break;
case "ref":
- if (isset($_GET['do'])) {
- if (((empty($_POST['lvl'])) || (empty($_POST['perc']))) && ($_GET['do'] == "add")) {
- unset($_POST['ok']);
+ if (REQUEST_ISSET_GET(('do'))) {
+ if (((!REQUEST_ISSET_POST(('lvl'))) || (!REQUEST_ISSET_POST(('perc')))) && (REQUEST_GET('do') == "add")) {
+ REQUEST_UNSET_POST('ok');
}
}
break;
}
} else {
// Display overview
- $_GET['sub'] = "overview";
+ REQUEST_SET_GET('sub', "overview");
}
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
$SQLs = array();
- switch ($_GET['sub'])
+ switch (REQUEST_GET('sub'))
{
case "points":
- $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_config` SET points_register='".$_POST['points_register']."', points_ref='".$_POST['points_ref']."' WHERE config=0 LIMIT 1";
+ $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_config` SET points_register='".REQUEST_POST('points_register')."', points_ref='".REQUEST_POST('points_ref')."' WHERE config=0 LIMIT 1";
break;
case "ref":
- switch ($_GET['do'])
+ switch (REQUEST_GET('do'))
{
case "add":
- $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_refdepths` (level, percents) VALUES ('".$_POST['lvl']."','".$_POST['perc']."')";
+ $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_refdepths` (level, percents) VALUES ('".REQUEST_POST('lvl')."','".REQUEST_POST('perc')."')";
break;
case "edit": // Change entries
- foreach ($_POST['lvl'] as $id => $value) {
+ foreach (REQUEST_POST('lvl') as $id => $value) {
// Secure ID
$id = bigintval($id);
// Revert german commata
- $_POST['perc'][$id] = REVERT_COMMA($_POST['perc'][$id]);
+ REQUEST_POST('perc', $id) = REVERT_COMMA(REQUEST_POST('perc', $id));
// Update entry
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refdepths` SET level='%s', percents='%s' WHERE id=%s LIMIT 1",
- array(bigintval($value), $_POST['perc'][$id], $id), __FILE__, __LINE__);
+ array(bigintval($value), REQUEST_POST('perc', $id), $id), __FILE__, __LINE__);
}
$message = REF_DEPTHS_SAVED;
break;
case "del":
- foreach ($_POST['id'] as $id => $value) {
+ foreach (REQUEST_POST('id') as $id => $value) {
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
break;
case "settings":
- $REF = bigintval($_POST['ref_payout']);
+ $REF = bigintval(REQUEST_POST('ref_payout'));
$SQLs[] = sprintf("UPDATE `{!_MYSQL_PREFIX!}_config` SET
allow_direct_pay='%s',
reg_points_mode='%s',
ref_payout='%s'
WHERE config=0 LIMIT 1",
- $_POST['allow_direct_pay'],
- $_POST['reg_points_mode'],
+ REQUEST_POST('allow_direct_pay'),
+ REQUEST_POST('reg_points_mode'),
$REF
);
- if ((getConfig('ref_payout') == 0) && ($_POST['ref_payout'] > 0)) {
+ if ((getConfig('ref_payout') == 0) && (REQUEST_POST('ref_payout') > 0)) {
// Update account's ref_payout for "must-confirm"
$SQLs[] = sprintf("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET ref_payout=(%s - mails_confirmed)
WHERE mails_confirmed < %s", $REF, $REF);
- } elseif ((getConfig('ref_payout') > 0) && ($_POST['ref_payout'] == 0)) {
+ } elseif ((getConfig('ref_payout') > 0) && (REQUEST_POST('ref_payout') == 0)) {
// Update account's ref_payout for "not-must-confirm"
$SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_user_data` SET ref_payout=0 WHERE ref_payout > 0";
$SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_user_points` SET points=points+locked_points WHERE locked_points>0";
if ((isset($SQLs)) && (is_array($SQLs)) && (!empty($SQLs[0]))) {
if (strpos($SQLs[0], "INSERT") > -1) {
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE level='%s' LIMIT 1",
- array(bigintval($_POST['lvl'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('lvl'))), __FILE__, __LINE__);
SQL_FREERESULT($result);
} // END - if
// When do so...
LOAD_TEMPLATE("admin_settings_saved", false, $message);
}
-} elseif ($_GET['sub'] == "settings") {
+} elseif (REQUEST_GET('sub') == "settings") {
// Setup some settings like direct pay and so on
// Including new add-mode for one-time referal bonus
switch (getConfig('allow_direct_pay')) {
// Load template
LOAD_TEMPLATE("admin_config_point_settings");
-} elseif ($_GET['sub'] == "ref") {
- if ((isset($_POST['del'])) && (isset($_POST['sel'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif (REQUEST_GET('sub') == "ref") {
+ if ((REQUEST_ISSET_POST(('del'))) && (REQUEST_ISSET_POST(('sel'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
// Delete entries
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $value) {
+ foreach (REQUEST_POST('sel') as $id => $value) {
$result = SQL_QUERY_ESC("SELECT level, percents FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($lvl, $perc) = SQL_FETCHROW($result);
// Load main template
LOAD_TEMPLATE("admin_points_del");
- } elseif ((isset($_POST['edit'])) && (isset($_POST['sel'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+ } elseif ((REQUEST_ISSET_POST(('edit'))) && (REQUEST_ISSET_POST(('sel'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
// Edit entries
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $value) {
+ foreach (REQUEST_POST('sel') as $id => $value) {
$result = SQL_QUERY_ESC("SELECT level, percents FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($lvl, $perc) = SQL_FETCHROW($result);
// Form for adding new referal levels
LOAD_TEMPLATE("admin_add_reflvl");
}
-} elseif ($_GET['sub'] == "points") {
+} elseif (REQUEST_GET('sub') == "points") {
// First points for registration and other fixed points including new add-mode for one-time referal bonus...
define('P_REG_VALUE', getConfig('points_register'));
define('P_REF_VALUE', getConfig('points_ref'));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// First merge temporarily the new API data into the current config
- mergeConfig($_POST);
+ mergeConfig(REQUEST_POST_ARRAY());
// Is the password set?
- if (isset($_POST['pass'])) {
+ if (REQUEST_ISSET_POST(('pass'))) {
// Then hash and remove it
- $_POST['primera_api_md5'] = md5($_POST['pass']);
- unset($_POST['pass']);
+ REQUEST_SET_POST('primera_api_md5', md5(REQUEST_POST('pass')));
+ REQUEST_UNSET_POST('pass');
} // END - if
// Let's test the API first (hold your horses here, cowboy! Thank you. :) )
if (PRIMERA_TEST_API()) {
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Failed to test the API!
LOAD_TEMPLATE("admin_settings_saved", false, GET_PRIMERA_ERROR_MESSAGE());
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Test proxy settings
- if (ADMIN_TEST_PROXY_SETTINGS($_POST)) {
+ if (ADMIN_TEST_PROXY_SETTINGS(REQUEST_POST_ARRAY())) {
// Save configuration
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Invalid!
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_PROXY_SETTINGS_INVALID'));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_GET['rallye']))
+if (REQUEST_ISSET_GET(('rallye')))
{
// Price submitted?
- if (isset($_POST['add']))
+ if (REQUEST_ISSET_POST(('add')))
{
- if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
+ if ((REQUEST_ISSET_POST(('level'))) && ((REQUEST_ISSET_POST(('points'))) || (REQUEST_ISSET_POST(('info')))))
{
// Submitted data is valid, but maybe we already have this price level?
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
- array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('rallye')), bigintval(REQUEST_POST('level'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
{
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_prices` (rallye_id, price_level, points, info)
VALUES ('%s','%s','%s','%s')",
array(
- bigintval($_GET['rallye']),
- bigintval($_POST['level']),
- $_POST['points'],
- $_POST['info']
+ bigintval(REQUEST_GET('rallye')),
+ bigintval(REQUEST_POST('level')),
+ REQUEST_POST('points'),
+ REQUEST_POST('info')
), __FILE__, __LINE__);
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED);
}
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND);
}
}
- } elseif (isset($_POST['remove'])) {
+ } elseif (REQUEST_ISSET_POST(('remove'))) {
// Check if at last one line is selected
- $SEL = SELECTION_COUNT($_POST['sel']);
+ $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
if ($SEL > 0) {
// Delete selected entries
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
} else {
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED);
}
- } elseif (isset($_POST['change'])) {
+ } elseif (REQUEST_ISSET_POST(('change'))) {
// Change entries
- foreach ($_POST['level'] as $id => $level) {
+ foreach (REQUEST_POST('level') as $id => $level) {
// Secure ID
$id = bigintval($id);
// Update entry
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_prices` SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
- array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
+ array(
+ REQUEST_POST('rallye_id', $id),
+ bigintval($level),
+ REQUEST_POST('points', $id]),
+ REQUEST_POST('infos', $id),
+ $id
+ ), __FILE__, __LINE__);
}
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED);
}
- if (isset($_POST['edit'])) {
+ if (REQUEST_ISSET_POST(('edit'))) {
// Check if at last one line is selected
- $SEL = SELECTION_COUNT($_POST['sel']);
- if ($SEL > 0)
- {
+ $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
+ if ($SEL > 0) {
// Make selected editable
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $sel)
- {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Load data to selected rallye
$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
- array(bigintval($id)), __FILE__, __LINE__);
+ array(bigintval($id)), __FILE__, __LINE__);
list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
define('__PRICE_ROWS', $OUT);
// Prepare data for the main template
- define('__RALLYE_ID', $_GET['rallye']);
+ define('__RALLYE_ID', REQUEST_GET('rallye'));
// Load main template
LOAD_TEMPLATE("admin_config_rallye_edit");
else
{
// Nothing selected
- $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&what=config_rallye_prices&rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
+ $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&what=config_rallye_prices&rallye=".REQUEST_GET('rallye')."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
LOAD_TEMPLATE("admin_settings_saved", false, $content);
}
}
- elseif (isset($_POST['del']))
+ elseif (REQUEST_ISSET_POST(('del')))
{
// Check if at last one line is selected
- $SEL = SELECTION_COUNT($_POST['sel']);
+ $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
if ($SEL > 0)
{
// List all prices
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $sel)
+ foreach (REQUEST_POST('sel') as $id => $sel)
{
// Load data to selected rallye
$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
define('__PRICE_ROWS', $OUT);
// Prepare data for the main template
- define('__RALLYE_ID', $_GET['rallye']);
+ define('__RALLYE_ID', REQUEST_GET('rallye'));
// Load main template
LOAD_TEMPLATE("admin_config_rallye_del");
else
{
// Nothing selected
- $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&what=config_rallye_prices&rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
+ $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&what=config_rallye_prices&rallye=".REQUEST_GET('rallye')."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
LOAD_TEMPLATE("admin_settings_saved", false, $content);
}
}
{
// a rallye was selected, so check if there are already prices assigned...
$result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s ORDER BY price_level",
- array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
define('__PRICE_ROWS', $OUT);
// Prepare data for the main template
- define('__RALLYE_ID', $_GET['rallye']);
+ define('__RALLYE_ID', REQUEST_GET('rallye'));
// Load main template
LOAD_TEMPLATE("admin_config_rallye_prices");
}
// Add form for adding new price level
- if (empty($_POST['edit']))
- {
- LOAD_TEMPLATE("admin_add_rallye_prices", false, $_GET['rallye']);
+ if (!REQUEST_ISSET_POST(('edit'))) {
+ LOAD_TEMPLATE("admin_add_rallye_prices", false, REQUEST_GET('rallye'));
}
-}
- else
-{
+} else {
// No rallye selected so display all available without prices
$result = SQL_QUERY("SELECT d.id, d.admin_id, d.start_time, d.end_time, d.title, a.login, d.is_active
FROM `{!_MYSQL_PREFIX!}_rallye_data` AS d, `{!_MYSQL_PREFIX!}_admins` AS a
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save configuration
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare content
$content = array(
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save data
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare contants for the template
define('__MEMBER_SELECTION', ADD_MEMBER_SELECTION_BOX(getConfig('def_refid'), false, true, true, "def_refid"));
ADD_DESCR("admin", __FILE__);
// Do we want to save changes?
-if (isset($_POST['ok'])) {
- foreach ($_POST['sel'] as $id => $value) {
+if (IS_FORM_SENT()) {
+ foreach (REQUEST_POST('sel') as $id => $value) {
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_must_register` SET field_required='%s' WHERE id=%s AND field_required != '%s' LIMIT 1",
array($value, bigintval($id), $value),__FILE__, __LINE__);
}
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Calculate timestamp from selections...
- $_POST['ip_timeout'] = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout", $_POST);
- $_POST['least_cats'] = round($_POST['least_cats']);
+ REQUEST_SET_POST('ip_timeout', CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout", REQUEST_POST_ARRAY()));
+ REQUEST_SET_POST('least_cats', round(REQUEST_POST('least_cats')));
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Remember stuff in constants
define('LEAST_CATS_VALUE' , round(getConfig('least_cats')));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save configuration
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare data
switch (getConfig('removeip_anon_ip')) {
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Generate string
$MODs = array();
- foreach ($_POST['mod'] as $mod => $sel) {
+ foreach (REQUEST_POST('mod') as $mod => $sel) {
// Now you can never deselect the admin module, bah!!! ;-)
if (($sel == "Y") || ($mod == "admin")) {
// Add module to queue
}
// Implode array to string and remove posted mod array
- $_POST['rewrite_skip'] = implode(":", $MODs);
- unset($_POST['mod']);
+ REQUEST_SET_POST('rewrite_skip', implode(":", $MODs));
+ REQUEST_UNSET_POST(('mod'));
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Load existing modules and generate TR rows for the template
$result = SQL_QUERY("SELECT module, title FROM `{!_MYSQL_PREFIX!}_mod_reg` ORDER BY module", __FILE__, __LINE__);
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// If salt length is empty or null then we shall generate new passwords
- if (empty($_POST['salt_length']) || ($_POST['salt_length'] == "0")) {
+ if (!REQUEST_ISSET_POST(('salt_length')) || (REQUEST_POST('salt_length') == "0")) {
// Generate new passwords for all!
LOAD_INC("inc/gen_sql_patches.php");
// Forget the wrong number!
- unset($_POST['salt_length']);
+ REQUEST_UNSET_POST(('salt_length'));
// Redirect to logout link
LOAD_URL("modules.php?module=admin&logout=1");
} // END - if
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Remember stuff in constants
define('__PASS_LEN' , getConfig('pass_len'));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Test Path
- if ((empty($_POST['session_save_path'])) || ((is_dir($_POST['session_save_path'])) && (is_writeable($_POST['session_save_path'])))) {
+ if ((!REQUEST_ISSET_POST(('session_save_path'))) || ((is_dir(REQUEST_POST('session_save_path'))) && (is_writeable(REQUEST_POST('session_save_path'))))) {
// Save configuration
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Invalid!
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SESSION_SAVE_PATH_INVALID'));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Allow only direct points (non-floating)
- $_POST['sponsor_min_points'] = bigintval($_POST['sponsor_min_points']);
- $_POST['sponsor_ref_points'] = bigintval($_POST['sponsor_ref_points']);
+ REQUEST_SET_POST('sponsor_min_points', bigintval(REQUEST_POST('sponsor_min_points')));
+ REQUEST_SET_POST('sponsor_ref_points', bigintval(REQUEST_POST('sponsor_ref_points')));
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Remember config data in constants for the template
define('__SPONSOR_MIN_POINTS', getConfig('sponsor_min_points'));
ADD_DESCR("admin", __FILE__);
// Was the form submitted?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Guest stats
switch (getConfig('guest_stats'))
ADD_DESCR("admin", __FILE__);
// Was the form submitted?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Replace german decimal comma with computer decimal dot
- if (isset($_POST['surfbar_static_reward'])) $_POST['surfbar_static_reward'] = REVERT_COMMA($_POST['surfbar_static_reward']);
- if (isset($_POST['surfbar_static_costs'])) $_POST['surfbar_static_costs'] = REVERT_COMMA($_POST['surfbar_static_costs']);
- if (isset($_POST['surfbar_dynamic_percent'])) $_POST['surfbar_dynamic_percent'] = REVERT_COMMA($_POST['surfbar_dynamic_percent']);
+ if (REQUEST_ISSET_POST(('surfbar_static_reward'))) REQUEST_SET_POST('surfbar_static_reward' , REVERT_COMMA(REQUEST_POST('surfbar_static_reward')));
+ if (REQUEST_ISSET_POST(('surfbar_static_costs'))) REQUEST_SET_POST('surfbar_static_costs' , REVERT_COMMA(REQUEST_POST('surfbar_static_costs')));
+ if (REQUEST_ISSET_POST(('surfbar_dynamic_percent'))) REQUEST_SET_POST('surfbar_dynamic_percent', REVERT_COMMA(REQUEST_POST('surfbar_dynamic_percent')));
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare content
$content = array(
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
{
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
}
else
{
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
{
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
}
else
{
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save settings...
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
}
// Prepare constants for template
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Prepare constants for the template
define('__LIMIT_VALUE', getConfig('user_limit'));
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// First merge temporarily the new API data into the current config
- mergeConfig($_POST);
+ mergeConfig(REQUEST_POST_ARRAY());
// Let's test the API first (hold your horses here, cowboy! Thank you. :) )
if (WERNIS_TEST_API()) {
// Revert german commata
foreach (array('payout_factor', 'withdraw_factor', 'payout_fee_percent', 'withdraw_fee_percent') as $revert) {
- $_POST['wernis_'.$revert] = REVERT_COMMA($_POST['wernis_'.$revert]);
+ REQUEST_SET_POST('wernis_'.$revert, REVERT_COMMA(REQUEST_POST('wernis_'.$revert)));
} // END - if
// Hash the password and remove clear-text
- $_POST['wernis_pass_md5'] = md5($_POST['wernis_pass']);
- unset($_POST['wernis_pass']);
+ REQUEST_SET_POST('wernis_pass_md5', md5(REQUEST_POST('wernis_pass')));
+ REQUEST_UNSET_POST(('wernis_pass'));
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Failed to test the API!
LOAD_TEMPLATE("admin_settings_saved", false, GET_WERNIS_ERROR_MESSAGE());
ADD_DESCR("admin", __FILE__);
// Was the form submitted?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Test Yoo!Media config
- if (YOOMEDIA_TEST_CONFIG($_POST)) {
+ if (YOOMEDIA_TEST_CONFIG(REQUEST_POST_ARRAY())) {
// Save settings
- ADMIN_SAVE_SETTINGS($_POST);
+ ADMIN_SAVE_SETTINGS_POST();
} else {
// Config not saved
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_CONFIG_YOOMEDIA_TEST_FAILED'));
// Init counter for deleted mails
$cnt = 0;
-if (!empty($_GET['mid'])) {
+if (REQUEST_ISSET_GET(('mid'))) {
// Load email data
$result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
- array(bigintval($_GET['mid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__);
// Delete mail only once
if (SQL_NUMROWS($result) == 1) {
LEFT JOIN `{!_MYSQL_PREFIX!}_pool` AS p
ON s.pool_id=p.id
WHERE s.pool_id=%s LIMIT 1",
- array(bigintval($_GET['mid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result_pool) == 1) {
// Fetch stats id
list($stats_id) = SQL_FETCHROW($result_pool);
$links = GET_TOTAL_DATA($stats_id, "user_links", "userid", "stats_id", true);
// Reset sent mails for recipient(s)
- REDUCT_RECIPIENT_RECEIVED_MAILS("stats_id", $_GET['mid'], $links);
+ REDUCT_RECIPIENT_RECEIVED_MAILS("stats_id", REQUEST_GET('mid'), $links);
// Calc total points and pay them back
$totalPoints = $links * $price;
$cnt += SQL_AFFECTEDROWS();
// Load template for link
- LOAD_TEMPLATE("admin_settings_saved", false, "<a href=\"{!URL!}/modules.php?module=admin&what=del_email&pid=".bigintval($_GET['mid'])."\">".ADMIN_REMOVE_STATS_ENTRY."</a>");
+ LOAD_TEMPLATE("admin_settings_saved", false, "<a href=\"{!URL!}/modules.php?module=admin&what=del_email&pid=".bigintval(REQUEST_GET('mid'))."\">".ADMIN_REMOVE_STATS_ENTRY."</a>");
} // END - if
// Free the result
// Delete mail from queue
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
- array(bigintval($_GET['mid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__);
$cnt += SQL_AFFECTEDROWS();
// Output link for manually removing stats entry
// Mail already deleted!
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_NORMAL_MAIL_ALREADY_DELETED'));
}
-} elseif (!empty($_GET['pid'])) {
+} elseif (REQUEST_ISSET_GET(('pid'))) {
// Remove stats entries
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_stats` WHERE pool_id=%s LIMIT 1",
- array(bigintval($_GET['pid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__);
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_USER_STATS_REMOVED'));
-} elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) {
+} elseif ((REQUEST_ISSET_GET(('bid'))) && (EXT_IS_ACTIVE("bonus"))) {
// Load data from bonus mail
$result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp, mails_sent FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s",
- array(bigintval($_GET['bid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('bid'))), __FILE__, __LINE__);
// Delete mail only once
if (SQL_NUMROWS($result) == 1) {
list ($id, $subject, $url, $timestamp, $sent) = SQL_FETCHROW($result);
// Reset sent mails for recipient(s)
- REDUCT_RECIPIENT_RECEIVED_MAILS ("bonus_id", $_GET['bid'], $sent);
+ REDUCT_RECIPIENT_RECEIVED_MAILS ("bonus_id", REQUEST_GET('bid'), $sent);
// Init counter for deleted mails
$cnt = 0;
// Delete bonus mail entirely from database
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s LIMIT 1",
- array(bigintval($_GET['bid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('bid'))), __FILE__, __LINE__);
$cnt += SQL_AFFECTEDROWS();
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_links` WHERE bonus_id=%s",
- array(bigintval($_GET['bid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('bid'))), __FILE__, __LINE__);
$cnt += SQL_AFFECTEDROWS();
// Prepare data for the template
// Free result
SQL_FREERESULT($result);
-} elseif ((!empty($_GET['nid'])) && (GET_EXT_VERSION("bonus") >= "0.8.7")) {
+} elseif ((REQUEST_ISSET_GET(('nid'))) && (GET_EXT_VERSION("bonus") >= "0.8.7")) {
// Load data from bonus mail
$result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s",
- array(bigintval($_GET['nid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('nid'))), __FILE__, __LINE__);
// Delete mail only once
if (SQL_NUMROWS($result) == 1) {
// Delete bonus mail entirely from database
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s LIMIT 1",
- array(bigintval($_GET['nid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('nid'))), __FILE__, __LINE__);
$cnt += SQL_AFFECTEDROWS();
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_links` WHERE bonus_id=%s",
- array(bigintval($_GET['nid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('nid'))), __FILE__, __LINE__);
$cnt += SQL_AFFECTEDROWS();
// Prepare data for the template
// Check for selected holidays
$SUM = 0;
-if (isset($_POST['sel'])) $SUM = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SUM = SELECTION_COUNT(REQUEST_POST('sel'));
// Shall I delete selected holidays???
if ($SUM > 0)
{
// Delete multiple holiday requests (for list_holiday)
$cnt = 0;
- foreach ($_POST['sel'] as $id => $sel)
+ foreach (REQUEST_POST('sel') as $id => $sel)
{
// Get the userid
$result = SQL_QUERY_ESC("SELECT userid, holiday_start, holiday_end
}
LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ADMIN_MULTI_DEL_1.$cnt.HOLIDAY_ADMIN_MULTI_DEL_2);
}
- elseif (!empty($_GET['u_id']))
+ elseif (REQUEST_ISSET_GET(('uid')))
{
// Set default message
$MSG = HOLIDAY_ADMIN_SINGLE_404;
// Fetch data
$result_load = SQL_QUERY_ESC("SELECT holiday_start AS start, holiday_end AS end
FROM `{!_MYSQL_PREFIX!}_user_holidays`
-WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result_load) == 1)
{
// Load data
// Delete one holiday request (for task)
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_holidays`
-WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
// Send email to user
- $msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, $_GET['u_id']);
- SEND_EMAIL($_GET['u_id'], HOLIDAY_ADMIN_REMOVED_SUBJ, $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, REQUEST_GET('uid'));
+ SEND_EMAIL(REQUEST_GET('uid'), HOLIDAY_ADMIN_REMOVED_SUBJ, $msg);
// Set message
$MSG = HOLIDAY_ADMIN_SINGLE_DELETED;
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_GET['id'])) {
+if (REQUEST_ISSET_GET(('id'))) {
// Check for selected sponsor
$result = SQL_QUERY_ESC("SELECT email, gender, surname, family FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Remove sponsor
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Load data and remember it in constants
list($email, $gender, $surname, $family) = SQL_FETCHROW($result);
define('__FAMILY' , $family);
// Prepare message and send it away
- $msg = LOAD_EMAIL_TEMPLATE("del_sponsor", $_POST['reason'], bigintval($_GET['id']));
+ $msg = LOAD_EMAIL_TEMPLATE("del_sponsor", REQUEST_POST('reason'), bigintval(REQUEST_GET('id')));
SEND_EMAIL($email, getMessage('ADMIN_SPONSOR_DEL_SUBJECT'), $msg);
// Remove account
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
// Remove orders
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_sponsor_orders` WHERE sponsorid='%s' LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
// Output message
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_DELETED'), bigintval($_GET['id'])));
- } elseif (!empty($_POST['no'])) {
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_DELETED'), bigintval(REQUEST_GET('id'))));
+ } elseif (REQUEST_ISSET_POST(('no'))) {
// Do not delete him...
- LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id']));
+ LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval(REQUEST_GET('id')));
} else {
// Load data
list ($email, $gender, $sname, $fname) = SQL_FETCHROW($result);
define('__SNAME' , $sname);
define('__FNAME' , $fname);
define('__GENDER', TRANSLATE_GENDER($gender));
- define('__UID' , bigintval($_GET['id']));
+ define('__UID' , bigintval(REQUEST_GET('id')));
// Display form
LOAD_TEMPLATE("admin_del_sponsor");
}
} else {
// Sponsor not found!
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id'])));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id'))));
}
} else {
// Not called by what-list_sponsor.php
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['del']))
+if (REQUEST_ISSET_POST(('del')))
{
// Delete entries from tables
- $SEL = SELECTION_COUNT($_POST['sel']);
+ $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
if ($SEL > 0)
{
// Delete entries...
- foreach ($_POST['sel'] as $id => $sel)
+ foreach (REQUEST_POST('sel') as $id => $sel)
{
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_transfers_in` WHERE trans_id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
ADD_DESCR("admin", __FILE__);
// User exists..
-if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason'])))) {
+if ((IS_FORM_SENT()) || ((REQUEST_ISSET_POST(('del'))) && (REQUEST_ISSET_POST(('reason'))))) {
// Delete users account
$result_user = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result_user) == 1) {
// Free memory
SQL_FREERESULT($result_user);
// Delete user account
- DELETE_USER_ACCOUNT(bigintval($_GET['u_id']), $_POST['reason']);
+ DELETE_USER_ACCOUNT(bigintval(REQUEST_GET('uid')), REQUEST_POST('reason'));
LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_green\">".ADMIN_DEL_COMPLETED."</div>");
} else {
// Account does not exists!
- LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+ LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
}
-} elseif (!empty($_POST['no'])) {
+} elseif (REQUEST_ISSET_POST(('no'))) {
// Do not delete him...
- LOAD_URL("modules.php?module=admin&what=list_user&u_id=".$_GET['u_id']);
-} elseif (empty($_GET['u_id'])) {
+ LOAD_URL("modules.php?module=admin&what=list_user&uid=".REQUEST_GET('uid'));
+} elseif (!REQUEST_ISSET_GET(('uid'))) {
// Output selection form with all confirmed user accounts listed
ADD_MEMBER_SELECTION_BOX();
} else {
// Realy want to delete?
$result = SQL_QUERY_ESC("SELECT email, surname, family FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Load data
list ($email, $sname, $fname) = SQL_FETCHROW($result);
define('__EMAIL', CREATE_EMAIL_LINK($email, "user_data"));
define('__SNAME', $sname);
define('__FNAME', $fname);
- define('__UID' , $_GET['u_id']);
+ define('__UID' , REQUEST_GET('uid'));
// Display form
LOAD_TEMPLATE("admin_del_user");
} else {
// Account does not exists!
- LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+ LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
}
}
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if ((isset($_POST['ok'])) && (empty($_POST['id']))) {
- unset($_POST['ok']);
+if ((IS_FORM_SENT()) && (!REQUEST_ISSET_POST(('id')))) {
+ REQUEST_UNSET_POST('ok');
}
$result = SQL_QUERY("SELECT id, sender, subject, payment_id, cat_id FROM `{!_MYSQL_PREFIX!}_pool` ORDER BY timestamp", __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0) {
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Make mail editable...
$result = SQL_QUERY_ESC("SELECT subject, text, url FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
- array(bigintval($_POST['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('id'))), __FILE__, __LINE__);
list($subj, $text, $url) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- define('__ID_VALUE' , $_POST['id']);
+ define('__ID_VALUE' , REQUEST_POST('id'));
define('__URL_VALUE' , $url);
define('__SUBJ_VALUE', $subj);
define('__TEXT_VALUE', $text);
// Load template
LOAD_TEMPLATE("admin_edit_email");
- } elseif (!empty($_POST['save'])) {
+ } elseif (REQUEST_ISSET_POST(('save'))) {
// Save changes
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET
subject='%s',
url='%s'
WHERE id=%s LIMIT 1",
array(
- $_POST['subj'],
- $_POST['text'],
- $_POST['url'],
- bigintval($_POST['id']),
+ REQUEST_POST('subj'),
+ REQUEST_POST('text'),
+ REQUEST_POST('url'),
+ bigintval(REQUEST_POST('id')),
), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS() == 1) {
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
+if ((REQUEST_ISSET_GET(('id'))) && (REQUEST_ISSET_GET(('mode')))) {
// Check for selected sponsor
$result = SQL_QUERY_ESC("SELECT company, position, gender, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, receive_warnings, warning_interval FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Load sponsor details
$DATA = SQL_FETCHARRAY($result);
// Prepare all data for the template
// Sponsor's ID
- define('__SPONSOR_ID' , bigintval($_GET['id']));
+ define('__SPONSOR_ID' , bigintval(REQUEST_GET('id')));
// Company's data
define('__COMPANY' , $DATA['company']);
define('__POSITION' , $DATA['position']);
define('__INTERVAL' , CREATE_TIME_SELECTIONS($DATA['warning_interval'], "warning_interval", "MWDh"));
// Init variables here
- $TPL = sprintf("admin_edit_sponsor_%s", SQL_ESCAPE($_GET['mode']));
+ $TPL = sprintf("admin_edit_sponsor_%s", SQL_ESCAPE(REQUEST_GET('mode')));
$SQLs = array();
// Sponsor was found
- if ((isset($_POST['ok'])) || (isset($_POST['edit']))) {
+ if ((IS_FORM_SENT()) || (REQUEST_ISSET_POST(('edit')))) {
// Perform action on mode
- switch ($_GET['mode'])
+ switch (REQUEST_GET('mode'))
{
case "add_points": // Add points
- if (strval($_POST['points']) > 0) {
+ if (strval(REQUEST_POST('points')) > 0) {
// Replace german decimal comma with computer's decimal dot
- $POINTS = strval(REVERT_COMMA($_POST['points']));
+ $POINTS = strval(REVERT_COMMA(REQUEST_POST('points')));
// Add points to account
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET points_amount=points_amount+%s WHERE id='%s' LIMIT 1",
- array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
+ array($POINTS, bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
// Remember points /reason for the template
define('__POINTS' , TRANSLATE_COMMA($POINTS));
- define('__REASON' , $_POST['reason']);
+ define('__REASON' , REQUEST_POST('reason'));
// Send email
- $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $_POST['reason'], true);
+ $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", REQUEST_POST('reason'), true);
SEND_EMAIL(__EMAIL, ADMIN_SPONSOR_ADD_POINTS, $msg);
$MSG = ADMIN_SPONSOR_POINTS_ADDED;
} else {
break;
case "sub_points": // Subtract points
- if (strval($_POST['points']) > 0) {
+ if (strval(REQUEST_POST('points')) > 0) {
// Replace german decimal comma with computer's decimal dot
- $POINTS = strval(REVERT_COMMA($_POST['points']));
+ $POINTS = strval(REVERT_COMMA(REQUEST_POST('points')));
// Add points to account
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET points_used=points_used+%s WHERE id='%s' LIMIT 1",
- array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
+ array($POINTS, bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
// Remember points /reason for the template
define('__POINTS' , TRANSLATE_COMMA($POINTS));
- define('__REASON' , $_POST['reason']);
+ define('__REASON' , REQUEST_POST('reason'));
// Send email
- $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $_POST['reason'], true);
+ $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", REQUEST_POST('reason'), true);
SEND_EMAIL(__EMAIL, ADMIN_SPONSOR_SUB_POINTS, $msg);
$MSG = ADMIN_SPONSOR_POINTS_SUBTRACTED;
} else {
case "edit": // Edit sponsor account
$PASS = true;
- if (($_POST['pass1'] != $_POST['pass2']) || ((empty($_POST['pass1'])) && (empty($_POST['pass1'])))) {
+ if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) || ((!REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass1'))))) {
// Remove passwords
- unset($_POST['pass1']);
- unset($_POST['pass2']);
+ REQUEST_UNSET_POST(('pass1'));
+ REQUEST_UNSET_POST(('pass2'));
$PASS = false;
}
// Convert time selection
$DATA = array(); $id = "warning_interval_ye"; $skip = false;
- CONVERT_SELECTIONS_TO_TIMESTAMP($_POST, $DATA, $id, $skip);
+ CONVERT_SELECTIONS_TO_TIMESTAMP(REQUEST_POST_ARRAY(), $DATA, $id, $skip);
// Save the sponsor
- SPONSOR_HANDLE_SPONSOR($_POST);
+ SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY());
// Convert some data for the email template
- $_POST['gender'] = TRANSLATE_GENDER($_POST['gender']);
- $_POST['warning_interval'] = CREATE_FANCY_TIME($_POST['warning_interval']);
- if (!$PASS) $_POST['pass1'] = SPONSOR_PASS_UNCHANGED;
+ REQUEST_POST('gender' , TRANSLATE_GENDER(REQUEST_POST('gender')));
+ REQUEST_POST('warning_interval', CREATE_FANCY_TIME(REQUEST_POST('warning_interval')));
+
+ if (!$PASS) REQUEST_SET_POST('pass1', getMessage('SPONSOR_PASS_UNCHANGED'));
// Load email template and send the mail away
- $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $_POST, false);
- SEND_EMAIL($_POST['email'], ADMIN_SPONSOR_EDIT_SUBJECT, $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", REQUEST_POST_ARRAY(), false);
+ SEND_EMAIL(REQUEST_POST('email'), getMessage('ADMIN_SPONSOR_EDIT_SUBJECT'), $msg);
break;
default: // Unknown mode
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown mode %s detected.", $_GET['mode']));
- $MSG = sprintf(getMessage('ADMIN_SPONSOR_INVALID_MODE'), SQL_ESCAPE($_GET['mode']));
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown mode %s detected.", REQUEST_GET('mode')));
+ $MSG = sprintf(getMessage('ADMIN_SPONSOR_INVALID_MODE'), SQL_ESCAPE(REQUEST_GET('mode')));
break;
}
LOAD_TEMPLATE($TPL);
} else {
// Template not found!
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_MODUS_TPL_404'), SQL_ESCAPE($_GET['mode'])));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_MODUS_TPL_404'), SQL_ESCAPE(REQUEST_GET('mode'))));
}
} else {
// Sponsor not found!
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id'])));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id'))));
}
} else {
// Not called by what-list_sponsor.php
// Fix a notice
$result_main = false;
-if (isset($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
// 0 1 2 3 4 5 6 7 8 9 10 11
$result_main = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails
FROM `{!_MYSQL_PREFIX!}_user_data`
WHERE userid=%s
LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
}
-if ((SQL_NUMROWS($result_main) == 1) || (empty($_GET['u_id'])))
+if ((SQL_NUMROWS($result_main) == 1) || (!REQUEST_ISSET_GET(('uid'))))
{
// User found
- if (empty($_GET['u_id']))
+ if (!REQUEST_ISSET_GET(('uid')))
{
// Output selection form with all confirmed user accounts listed
ADD_MEMBER_SELECTION_BOX();
}
- elseif (isset($_POST['edit']))
+ elseif (REQUEST_ISSET_POST(('edit')))
{
// Ok, change the account...
$PASS = false; $ADD = "";
- if ((empty($_POST['pass1'])) && (empty($_POST['pass2'])))
+ if ((!REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass2'))))
{
// Don't change the password
$PASS = true;
}
- elseif (($_POST['pass1'] == $_POST['pass2']))
+ elseif ((REQUEST_POST('pass1') == REQUEST_POST('pass2')))
{
// Change the password
$PASS = true;
- $ADD = ", password='".generateHash($_POST['pass1'])."'";
+ $ADD = ", password='".generateHash(REQUEST_POST('pass1'))."'";
}
if ($PASS)
{
".$ADD."
WHERE userid=%s LIMIT 1",
array(
- substr($_POST['gender'], 0, 1),
- $_POST['surname'],
- $_POST['family_name'],
- $_POST['street_nr'],
- $_POST['country'],
- bigintval($_POST['zip']),
- $_POST['city'],
- $_POST['email'],
- bigintval($_GET['u_id']),
+ substr(REQUEST_POST('gender'), 0, 1),
+ REQUEST_POST('surname'),
+ REQUEST_POST('family'),
+ REQUEST_POST('street_nr'),
+ REQUEST_POST('country'),
+ bigintval(REQUEST_POST('zip')),
+ REQUEST_POST('city'),
+ REQUEST_POST('email'),
+ bigintval(REQUEST_GET('uid')),
), __FILE__, __LINE__);
$content = USER_ACCOUNT_SAVED;
}
define('_COUNTRY', $country); define('_EMAIL' , $email);
// Load template
- LOAD_TEMPLATE("admin_edit_user", false, bigintval($_GET['u_id']));
+ LOAD_TEMPLATE("admin_edit_user", false, bigintval(REQUEST_GET('uid')));
}
} else {
// Account does not exists!
- LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+ LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
}
//
$result_normal = SQL_QUERY($SQL, __FILE__, __LINE__);
// Set offset an current page to default values
-if (empty($_GET['page'])) $_GET['page'] = "1";
-if (empty($_GET['offset'])) $_GET['offset'] = getConfig('mails_page');
+if (!REQUEST_ISSET_GET(('page'))) REQUEST_GET('page') = "1";
+if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('mails_page'));
// Add limitation to SQL string
-$SQL .= " LIMIT ".($_GET['offset'] * $_GET['page'] - $_GET['offset']).", ".$_GET['offset'];
+$SQL .= " LIMIT ".(REQUEST_GET('offset') * REQUEST_GET('page') - REQUEST_GET('offset')).", ".REQUEST_GET('offset');
// Run SQL query for normal mails
$result = SQL_QUERY($SQL, __FILE__, __LINE__);
$WHO = _ALL;
$SQL2 = "";
-if (!empty($_GET['mid'])) {
+if (REQUEST_ISSET_GET(('mid'))) {
// Only a specific mail shall be displayed
// 0 1 2 3 4 5 6 7 8 9 10
$SQL = "SELECT id, sender, subject, text, receivers, payment_id, data_type, timestamp, url, target_send, cat_id
FROM `{!_MYSQL_PREFIX!}_pool`
- WHERE id='".bigintval($_GET['mid'])."'
+ WHERE id='".bigintval(REQUEST_GET('mid'))."'
LIMIT 1";
- $WHO = MAIL_ID.": ".$_GET['mid'];
-} elseif (!empty($_GET['u_id'])) {
+ $WHO = MAIL_ID.": ".REQUEST_GET('mid');
+} elseif (REQUEST_ISSET_GET(('uid'))) {
// All mails by a specific member shall be displayed
// 0 1 2 3 4 5 6 7 8 9 10
$SQL = "SELECT id, sender, subject, text, receivers, payment_id, data_type, timestamp, url, target_send, cat_id
FROM `{!_MYSQL_PREFIX!}_pool`
-WHERE sender='".bigintval($_GET['u_id'])."'
+WHERE sender='".bigintval(REQUEST_GET('uid'))."'
ORDER by timestamp DESC";
- $WHO = USER_ID.": ".$_GET['u_id'];
+ $WHO = USER_ID.": ".REQUEST_GET('uid');
}
if ((EXT_IS_ACTIVE("bonus")) && ($WHO == _ALL)) {
$result_normal = SQL_QUERY($SQL, __FILE__, __LINE__);
// Set offset an current page to default values
-if (empty($_GET['page'])) $_GET['page'] = "1";
-if (empty($_GET['offset'])) $_GET['offset'] = getConfig('mails_page');
+if (!REQUEST_ISSET_GET(('page'))) REQUEST_GET('page') = "1";
+if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('mails_page'));
// Add limitation to SQL string
-if (empty($_GET['mid'])) {
+if (!REQUEST_ISSET_GET(('mid'))) {
// Create limitation line
- $ADD = " LIMIT ".(bigintval($_GET['offset']) * bigintval($_GET['page']) - bigintval($_GET['offset'])).", ".bigintval($_GET['offset']);
+ $ADD = " LIMIT ".(bigintval(REQUEST_GET('offset')) * bigintval(REQUEST_GET('page')) - bigintval(REQUEST_GET('offset'))).", ".bigintval(REQUEST_GET('offset'));
// For normal mails
$SQL .= $ADD;
// Normally we want the overview of all registered extensions
$do = "overview";
$SEL = 0;
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
-if (!empty($_GET['reg_ext'])) {
+if (REQUEST_ISSET_GET(('reg_ext'))) {
// We are about to register a new extension
- $do = "register"; $ext_id = bigintval($_GET['reg_ext']);
+ $do = "register"; $ext_id = bigintval(REQUEST_GET('reg_ext'));
// The ID comes from task management and it is - of course - *not* the extension's name!
-} elseif ((isset($_POST['change'])) && ($SEL > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('change'))) && ($SEL > 0) && (!IS_DEMO())) {
// De-/activate extensions
- foreach ($_POST['sel'] as $ext_id => $active) {
+ foreach (REQUEST_POST('sel') as $ext_id => $active) {
// Shall we keep the extension always active?
if ((isset($GLOBALS['cache_array']['active_extensions'][GET_EXT_NAME($ext_id)])) && ($GLOBALS['cache_array']['active_extensions'][GET_EXT_NAME($ext_id)] == "Y") && ($active == "N")) {
// Keep this extension active!
EXTENSION_RUN_SQLS($ext_id, $EXT_LOAD_MODE);
}
}
-} elseif (((isset($_POST['edit'])) || (isset($_POST['modify']))) && ($SEL > 0) && (!IS_DEMO())) {
+} elseif (((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('modify')))) && ($SEL > 0) && (!IS_DEMO())) {
// Change settings like CSS file load
- if (isset($_POST['modify'])) {
+ if (REQUEST_ISSET_POST(('modify'))) {
// Change entries
$cache_update = 0;
- foreach ($_POST['sel'] as $ext_id => $sel) {
+ foreach (REQUEST_POST('sel') as $ext_id => $sel) {
// Secure ID
$ext_id = bigintval($ext_id);
// Change this extension?
if ($sel == 1) {
// Update extension's record
- $active = $_POST['active'][$ext_id];
+ $active = REQUEST_POST('active', $ext_id);
if (GET_EXT_VERSION("sql_patches") >= "0.0.6") {
// Update also CSS column when extensions sql_patches is newer or exact v0.0.6
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_extensions` SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1",
- array($_POST['css'][$ext_id], $active, $ext_id), __FILE__, __LINE__);
+ array(REQUEST_POST('css', $ext_id), $active, $ext_id), __FILE__, __LINE__);
} else {
// When extension is older than v0.0.6 there is no column for the CSS information
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_extensions` SET ext_active='%s' WHERE id=%s LIMIT 1",
} else {
// Edit selected entries
$SW = "2"; $OUT = "";
- foreach ($_POST['sel'] as $ext_id => $sel) {
+ foreach (REQUEST_POST('sel') as $ext_id => $sel) {
// Edit this extension?
if (($sel == "Y") || ($sel == "N")) {
// Load required data
LOAD_TEMPLATE("admin_extensions_edit");
$do = "edit";
}
-} elseif ((isset($_POST['delete'])) && ($SEL > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('delete'))) && ($SEL > 0) && (!IS_DEMO())) {
// List extensions and when verbose is enabled SQL statements which will be executed
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $ext_id => $sel) {
+ foreach (REQUEST_POST('sel') as $ext_id => $sel) {
// Init variables
$VERBOSE_OUT = ""; $SQLs = array();
// Load template
LOAD_TEMPLATE("admin_extensions_delete");
$do = "delete";
-} elseif ((isset($_POST['remove'])) && ($SEL > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('remove'))) && ($SEL > 0) && (!IS_DEMO())) {
// Remove extensions from DB (you have to delete all files manually!)
$cache_update = 0;
- foreach ($_POST['sel'] as $ext_id => $active) {
+ foreach (REQUEST_POST('sel') as $ext_id => $active) {
// Secure ID number
$ext_id = bigintval($ext_id);
EXTENSION_RUN_SQLS($ext_id, "remove");
} // END - if
} // END - foreach
-} elseif (!empty($_GET['do']) && (!IS_DEMO())) {
+} elseif (REQUEST_ISSET_GET(('do')) && (!IS_DEMO())) {
// Other things to do
- $do = SQL_ESCAPE(strip_tags($_GET['do']));
-} elseif (!empty($_GET['do'])) {
+ $do = SQL_ESCAPE(strip_tags(REQUEST_GET('do')));
+} elseif (REQUEST_ISSET_GET(('do'))) {
// Demo mode active!
$do = "demo";
}
// Shall we display active/inactive extensions?
$where = "";
-if (!empty($_GET['active'])) {
- $where = sprintf("WHERE ext_active = '%s'", SQL_ESCAPE(strip_tags($_GET['active'])));
+if (REQUEST_ISSET_GET(('active'))) {
+ $where = sprintf("WHERE ext_active = '%s'", SQL_ESCAPE(strip_tags(REQUEST_GET('active'))));
} // END - if
// Case selection
ADD_DESCR("admin", __FILE__);
// Check if the admin has entered title and what-php file name...
-if (((empty($_POST['title'])) || (empty($_POST['menu']))) && (isset($_POST['ok']))) {
+if (((!REQUEST_ISSET_POST(('title'))) || (!REQUEST_ISSET_POST(('menu')))) && (IS_FORM_SENT())) {
// Abort adding the menu entry
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
}
-if (!isset($_POST['ok'])) {
+if (!IS_FORM_SENT()) {
// Create arrays
$menus = array(); $titles = array(); $below = array();
LOAD_TEMPLATE("admin_guest_add");
} elseif (!IS_DEMO()) {
// Insert new menu entry
- if (!empty($_POST['menu'])) {
+ if (REQUEST_ISSET_POST(('menu'))) {
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_guest_menu` (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('%s','%s','%s','%s','%s','%s')",
array(
- $_POST['menu'],
- $_POST['name'],
- $_POST['title'],
- bigintval($_POST['sort']),
- $_POST['visible'],
- $_POST['active'],
+ REQUEST_POST('menu'),
+ REQUEST_POST('name'),
+ REQUEST_POST('title'),
+ bigintval(REQUEST_POST('sort')),
+ REQUEST_POST('visible'),
+ REQUEST_POST('active'),
), __FILE__, __LINE__);
} else {
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_guest_menu` (action, title, sort, visible, locked) VALUES ('%s','%s','%s','%s','%s')",
array(
- $_POST['name'],
- $_POST['title'],
- bigintval($_POST['sort']),
- $_POST['visible'],
- $_POST['active'],
+ REQUEST_POST('name'),
+ REQUEST_POST('title'),
+ bigintval(REQUEST_POST('sort')),
+ REQUEST_POST('visible'),
+ REQUEST_POST('active'),
), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
// Do we edit/delete/change main menus or sub menus?
$AND = "(`what` = '' OR `what` IS NULL)"; $SUB = "";
-if (!empty($_GET['sub'])) {
- $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub']));
- $SUB = SQL_ESCAPE($_GET['sub']);
+if (REQUEST_ISSET_GET(('sub'))) {
+ $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub')));
+ $SUB = SQL_ESCAPE(REQUEST_GET('sub'));
} // END - if
// Get count of (maybe) selected menu points
$chk = 0;
-if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel'));
// List all menu points and make them editable
-if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
+if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO()))
{
// Edit menu entries
define('__SUB_VALUE', $SUB);
define('__CHK_VALUE', $chk);
$cnt = 0; $SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $sel => $confirm)
+ foreach (REQUEST_POST('sel') as $sel => $confirm)
{
if ($confirm == 1)
{
// Load template
LOAD_TEMPLATE("admin_gmenu_edit_form");
-}
- elseif ((isset($_POST['del'])) && (!IS_DEMO()))
-{
+} elseif ((REQUEST_ISSET_POST(('del'))) && (!IS_DEMO())) {
// Del menu entries with or without confirmation
define('__SUB_VALUE', $SUB);
define('__CHK_VALUE', $chk);
$cnt = 0; $OUT = ""; $SW = 2;
- foreach ($_POST['sel'] as $sel => $confirm)
- {
- if ($confirm == 1)
- {
+ foreach (REQUEST_POST('sel') as $sel => $confirm) {
+ if ($confirm == 1) {
$cnt++;
$result = SQL_QUERY_ESC("SELECT title FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($sel)), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ array(bigintval($sel)), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1) {
// Entry found so we load the stuff...
list($menu) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
'sw' => $SW,
);
$OUT .= LOAD_TEMPLATE("admin_gmenu_delete_row", true, $DATA);
- }
- else
- {
+ } else {
// Entry not found?
$content = array(
'sw' => $SW,
// Load template
LOAD_TEMPLATE("admin_gmenu_delete");
-}
- elseif ((isset($_POST['ok'])) && (!IS_DEMO()))
-{
+} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) {
// An action is done...
- switch ($_POST['ok'])
+ switch (REQUEST_POST('ok'))
{
case "edit": // Edit menu
- foreach ($_POST['sel'] as $sel => $menu)
- {
+ foreach (REQUEST_POST('sel') as $sel => $menu) {
// Secure selector
$sel = bigintval($sel);
// Update entry
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `title`='%s', `action`='%s', `what`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__);
+ array($menu, REQUEST_POST('sel_action', $sel), REQUEST_POST('sel_what', $sel), $sel),__FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
break;
case "del": // Delete menu
- foreach ($_POST['sel'] as $sel => $menu)
- {
+ foreach (REQUEST_POST('sel') as $sel => $menu) {
// Delete enty
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
break;
case "status": // Change access levels
- foreach ($_POST['sel'] as $sel => $menu)
- {
+ foreach (REQUEST_POST('sel') as $sel => $menu) {
// Secure selector
$sel = bigintval($sel);
// Update entry
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `visible`='%s', `locked`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
+ array(REQUEST_POST('visible', $sel), REQUEST_POST('locked', $sel), $sel), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
break;
default: // Unexpected action
- define('__OK_VALUE', $_POST['ok']);
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", $_POST['ok']));
+ define('__OK_VALUE', REQUEST_POST('ok'));
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", REQUEST_POST('ok')));
LOAD_TEMPLATE("admin_menu_unknown_okay");
break;
}
-}
- elseif ((isset($_POST['status'])) && ($chk > 0) && (!IS_DEMO()))
-{
+} elseif ((REQUEST_ISSET_POST(('status'))) && ($chk > 0) && (!IS_DEMO())) {
// Change status (visible / locked)
define('__SUB_VALUE', $SUB);
define('__CHK_VALUE', $chk);
// Load template
$SW = 2; $cnt = 0; $OUT = "";
- foreach ($_POST['sel'] as $sel => $confirm)
+ foreach (REQUEST_POST('sel') as $sel => $confirm)
{
if ($confirm == 1)
{
// Load template
LOAD_TEMPLATE("admin_gmenu_status");
} else {
- if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) {
+ if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) {
// Get IDs
- if (!empty($_GET['w'])) {
+ if (REQUEST_ISSET_GET(('w'))) {
// Sub menus selected
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
- array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__);
+ array(REQUEST_GET('act'), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
list($tid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
- array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__);
+ array(REQUEST_GET('act'), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
} else {
// Main menu selected
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
- array(bigintval($_GET['tid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
list($tid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
- array(bigintval($_GET['fid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
if ((!empty($tid)) && (!empty($fid))) {
// Sort menu
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__);
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__);
} // END - if
} // END - if
// Check if there is enougth selected
$show = true;
-if ((isset($_POST['id'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) {
+if ((REQUEST_ISSET_POST(('id'))) && (is_array(REQUEST_POST('id'))) && (count(REQUEST_POST('id')) > 0)) {
// Okay, which button was pressed?
- if (isset($_POST['change'])) {
+ if (REQUEST_ISSET_POST(('change'))) {
// Change permissions
- ADMIN_CHANGE_ACTIVATION_STATUS($_POST['id'], "bank_packages", "package_active");
- } elseif (isset($_POST['edit'])) {
+ ADMIN_CHANGE_ACTIVATION_STATUS(REQUEST_POST('id'), "bank_packages", "package_active");
+ } elseif (REQUEST_ISSET_POST(('edit'))) {
// Delete entries (with confirmation)
ADMIN_EDIT_ENTRIES_CONFIRM(
- $_POST['id'],
+ REQUEST_POST('id'),
"bank_packages",
array("id", "title", "description", "account_fee", "free_transfers", "transfer_fee", "output_system_mode", "package_active", "free_months_no_fee", "interest_plus", "interest_minus", "first_payment", "free_account_income", "free_account_stuff", "tan_lock"),
array("bigintval", "", "", "TRANSLATE_COMMA", "bigintval", "TRANSLATE_COMMA", "", "", "bigintval", "TRANSLATE_COMMA", "TRANSLATE_COMMA", "TRANSLATE_COMMA", "TRANSLATE_COMMA", "", "bigintval"),
array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "")
);
$show = false;
- } elseif (isset($_POST['do_edit'])) {
+ } elseif (REQUEST_ISSET_POST(('do_edit'))) {
// Delete entries (with confirmation)
- ADMIN_EDIT_ENTRIES_CONFIRM($_POST['id'], "bank_packages", array(), array(), array(), true);
- } elseif (isset($_POST['delete'])) {
+ ADMIN_EDIT_ENTRIES_CONFIRM(REQUEST_POST('id'), "bank_packages", array(), array(), array(), true);
+ } elseif (REQUEST_ISSET_POST(('delete'))) {
// Delete entries (with confirmation)
- ADMIN_DELETE_ENTRIES_CONFIRM($_POST['id'], "bank_packages", array("id", "title", "description", "account_fee"), array("bigintval", "", "", "TRANSLATE_COMMA"), array("", "", "", ""));
+ ADMIN_DELETE_ENTRIES_CONFIRM(REQUEST_POST('id'), "bank_packages", array("id", "title", "description", "account_fee"), array("bigintval", "", "", "TRANSLATE_COMMA"), array("", "", "", ""));
$show = false;
- } elseif (isset($_POST['remove'])) {
+ } elseif (REQUEST_ISSET_POST(('remove'))) {
// Delete entries (with confirmation)
- ADMIN_DELETE_ENTRIES_CONFIRM($_POST['id'], "bank_packages", array(), array(), array(), true);
+ ADMIN_DELETE_ENTRIES_CONFIRM(REQUEST_POST('id'), "bank_packages", array(), array(), array(), true);
}
} // END - if
if (getConfig('beg_rallye') == "Y") {
// Shall I withdraw now?
- if (isset($_POST['withdraw'])) {
+ if (REQUEST_ISSET_POST(('withdraw'))) {
// Okay, let's prepare...
$curr = date("m", time()) - 1;
if (strlen($curr) == 1) $curr = "0".$curr;
if (getConfig('bonus_active') == "Y") {
// Shall I withdraw now?
- if (isset($_POST['withdraw'])) {
+ if (REQUEST_ISSET_POST(('withdraw'))) {
// Okay, let's prepare...
$curr = date("m", time()) - 1;
if (strlen($curr) == 1) $curr = "0".$curr;
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
// Check if the user already exists
$result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Loads surname, family's name and the email address
list($sname, $fname, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Prepare constants
- define('__CATS_BASE' , "<a href=\"{!URL!}/modules.php?module=admin&u_id=");
- define('__UID' , bigintval($_GET['u_id']));
+ define('__CATS_BASE' , "<a href=\"{!URL!}/modules.php?module=admin&uid=");
+ define('__UID' , bigintval(REQUEST_GET('uid')));
define('__MEMBER_LINKS', MEMBER_ACTION_LINKS(__UID));
define('__EMAIL' , "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$sname." ".$fname."</a>");
while (list($cid, $cat) = SQL_FETCHROW($result_cats)) {
// Check user's selection
$result_user = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_user_cats` WHERE userid=%s AND cat_id=%s LIMIT 1",
- array(bigintval($_GET['u_id']), bigintval($cid)), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid')), bigintval($cid)), __FILE__, __LINE__);
// Set selection
$SELECTED = "<font color=\"red\">{--NO--}</div>";
ADD_DESCR("admin", __FILE__);
// Add new code?
-if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr']))) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('code'))) && (REQUEST_ISSET_POST(('descr')))) {
// Check if country code does already exist
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_countries` WHERE code='%s' LIMIT 1",
- array(strtoupper($_POST['code'])), __FILE__, __LINE__);
+ array(strtoupper(REQUEST_POST('code'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Save entry
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_countries` (code, descr, is_active) VALUES ('%s','%s','%s')",
array(
- strtoupper(substr($_POST['code'], 0, 2)),
- $_POST['descr'],
- $_POST['is_active']
+ strtoupper(substr(REQUEST_POST('code'), 0, 2)),
+ REQUEST_POST('descr'),
+ REQUEST_POST('is_active')
), __FILE__, __LINE__);
// Country added
- $MSG = ADMIN_COUNTRY_ADDED_1.strtoupper($_POST['descr']).ADMIN_COUNTRY_ADDED_2;
+ $MSG = ADMIN_COUNTRY_ADDED_1.strtoupper(REQUEST_POST('descr')).ADMIN_COUNTRY_ADDED_2;
} else {
// Free memory
SQL_FREERESULT($result);
// Does already exist
- $MSG = ADMIN_COUNTRY_ALREADY_1.strtoupper($_POST['code']).ADMIN_COUNTRY_ALREADY_2;
+ $MSG = ADMIN_COUNTRY_ALREADY_1.strtoupper(REQUEST_POST('code')).ADMIN_COUNTRY_ALREADY_2;
}
// Display message
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
-} elseif ((isset($_POST['change'])) && (!empty($_POST['id']))) {
+} elseif ((REQUEST_ISSET_POST(('change'))) && (REQUEST_ISSET_POST(('id')))) {
// Change all status
- ADMIN_CHANGE_ACTIVATION_STATUS($_POST['id'], "countries", "is_active");
+ ADMIN_CHANGE_ACTIVATION_STATUS(REQUEST_POST('id'), "countries", "is_active");
// Show next link
LOAD_TEMPLATE("admin_next_link", false, array(
'url' => "modules.php?module=admin&what=list_country",
'title' => getMessage('ADMIN_COUNTRY_ACTIVATION_NEXT_LINK')
));
-} elseif (((isset($_POST['edit'])) || (isset($_POST['delete']))) && (!empty($_POST['id']))) {
- if (count($_POST['id']) > 0) {
- if (isset($_POST['edit'])) {
+} elseif (((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('delete')))) && (REQUEST_ISSET_POST(('id')))) {
+ if (count(REQUEST_POST('id')) > 0) {
+ if (REQUEST_ISSET_POST(('edit'))) {
// Edit template
$row = "admin_list_country_edit_row";
$post = "modify";
// Edit all selected country codes
$OUT = ""; $SW = 2;
- foreach ($_POST['id'] as $id => $status) {
+ foreach (REQUEST_POST('id') as $id => $status) {
// Load data from DB
$result = SQL_QUERY_ESC("SELECT code, descr FROM `{!_MYSQL_PREFIX!}_countries` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
} else {
// Shall we modify / remove entries now?
$MSG = ""; $SQLs = array();
- if ((isset($_POST['modify'])) && (!empty($_POST['id']))) {
+ if ((REQUEST_ISSET_POST(('modify'))) && (REQUEST_ISSET_POST(('id')))) {
// Modify
- foreach ($_POST['id'] as $id => $sel) {
- $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_countries` SET code='".$_POST['code'][$id]."', descr='".$_POST['descr'][$id]."', is_active='".$_POST['is_active'][$id]."' WHERE id='".$id."' LIMIT 1";
+ foreach (REQUEST_POST('id') as $id => $sel) {
+ $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_countries` SET code='".REQUEST_POST('code', $id)."', descr='".REQUEST_POST('descr', $id)."', is_active='".REQUEST_POST('is_active', $id)."' WHERE id='".$id."' LIMIT 1";
}
// Create message
$MSG = ADMIN_COUNTRIES_MODIFIED;
- } elseif ((isset($_POST['remove'])) && (!empty($_POST['id']))) {
+ } elseif ((REQUEST_ISSET_POST(('remove'))) && (REQUEST_ISSET_POST(('id')))) {
// Remove
- $IDs = implode(",", array_keys($_POST['id']));
- $SQLs[] = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_countries` WHERE id IN (".$IDs.") LIMIT ".count($_POST['id'])."";
+ $IDs = implode(",", array_keys(REQUEST_POST('id')));
+ $SQLs[] = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_countries` WHERE id IN (".$IDs.") LIMIT ".count(REQUEST_POST('id'))."";
// Create message
$MSG = ADMIN_COUNTRIES_REMOVED;
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (empty($_GET['mode'])) {
+if (!REQUEST_ISSET_GET(('mode'))) {
// Chosse the overview page as default
- $_GET['mode'] = "overview";
+ REQUEST_GET('mode', "overview");
} else {
// Set table title automatically
- if (empty($_GET['select'])) $_GET['select'] = "all";
- $eval = "define('__ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."', getMessage('ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."_".strtoupper($_GET['select'])."'));";
+ if (!REQUEST_ISSET_GET(('select'))) REQUEST_GET('select', "all");
+ $eval = "define('__ADMIN_DOUBLER_LIST_".strtoupper(REQUEST_GET('mode'))."', getMessage('ADMIN_DOUBLER_LIST_".strtoupper(REQUEST_GET('mode'))."_".strtoupper(REQUEST_GET('select'))."'));";
eval($eval);
}
// Load data for the template
-switch ($_GET['mode'])
+switch (REQUEST_GET('mode'))
{
case "already": // Already payed out points
break;
}
// Load mode template
-LOAD_TEMPLATE("admin_list_doubler_".$_GET['mode']);
+LOAD_TEMPLATE("admin_list_doubler_".REQUEST_GET('mode'));
//
?>
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (empty($_GET['del'])) $_GET['del'] = "";
+if (!REQUEST_ISSET_GET(('del'))) REQUEST_SET_GET('del', "");
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
// Check if the user already exists
$result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
// Is there an entry?
if (SQL_NUMROWS($result) == 1) {
if (EXT_IS_ACTIVE("bonus")) {
// Load bonus ID
$result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM `{!_MYSQL_PREFIX!}_user_links` WHERE userid=%s ORDER BY `id`",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
} else {
// Load stats ID (2nd will be ignored later! But it is needed for the same fetchrow command)
$result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM `{!_MYSQL_PREFIX!}_user_links` WHERE userid=%s ORDER BY `id`",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
}
// Get number of rows from the query
if ($nums > 0) {
// Some unconfirmed mails left
- if ($_GET['del'] == "all") {
+ if (REQUEST_GET('del') == "all") {
// Delete all unconfirmed mails by this user
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_links` WHERE userid=%s LIMIT %s",
- array(bigintval($_GET['u_id']), $nums), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid')), $nums), __FILE__, __LINE__);
// Prepare mail and send it away
- $msg = LOAD_EMAIL_TEMPLATE("admin-del_links", $nums, bigintval($_GET['u_id']));
+ $msg = LOAD_EMAIL_TEMPLATE("admin-del_links", $nums, bigintval(REQUEST_GET('uid')));
SEND_EMAIL($email, getMessage('ADMIN_DEL_LINK_SUBJ'), $msg);
// Display message
$result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM `{!_MYSQL_PREFIX!}_user_stats` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
$type = "mailid"; $DATA = $id; $PROBLEM = getMessage('NORMAL_MAIL_PROBLEM');
- $LINK = "<a href=\"{!URL!}/mailid.php?uid=".$_GET['u_id']."&mailid=".$id."\" target=\"_blank\">".$id."</a>";
+ $LINK = "<a href=\"{!URL!}/mailid.php?uid=".REQUEST_GET('uid')."&mailid=".$id."\" target=\"_blank\">".$id."</a>";
break;
case "BONUS":
$result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s LIMIT 1",
array(bigintval($id2)), __FILE__, __LINE__);
$type = "bonusid"; $DATA = $id2; $PROBLEM = getMessage('BONUS_MAIL_PROBLEM');
- $LINK = "<a href=\"{!URL!}/mailid.php?uid=".$_GET['u_id']."&bonusid=".$id2."\" target=\"_blank\">".$id2."</a>";
+ $LINK = "<a href=\"{!URL!}/mailid.php?uid=".REQUEST_GET('uid')."&bonusid=".$id2."\" target=\"_blank\">".$id2."</a>";
break;
default: // Problem in application detected!
define('__EMAIL_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$email."</a>");
define('__EMAIL_LIST' , $OUT);
define('__NUMS_VALUE' , $nums);
- define('__UID' , bigintval($_GET['u_id']));
+ define('__UID' , bigintval(REQUEST_GET('uid')));
// Load final template
LOAD_TEMPLATE("admin_list_links");
}
} else {
// No mails left to confirm
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_LINKS'), $_GET['u_id']));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_LINKS'), REQUEST_GET('uid')));
}
} else {
// User not found
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id']));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid')));
}
} else {
// Output selection form with all confirmed user accounts listed
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if ((!empty($_POST['uid'])) && (!empty($_POST['id']))) {
+if ((REQUEST_ISSET_POST(('uid'))) && (REQUEST_ISSET_POST(('id')))) {
// Update database...
// First user's account
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nl_until=(UNIX_TIMESTAMP() + nl_timespan), nl_receive='N', nl_timespan=0 WHERE userid=%s LIMIT 1",
- array(bigintval($_POST['uid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('uid'))), __FILE__, __LINE__);
// Next the task system...
- RUN_FILTER('solve_task', bigintval($_POST['id']));
+ RUN_FILTER('solve_task', bigintval(REQUEST_POST('id')));
// Send mail to user
- $msg = LOAD_EMAIL_TEMPLATE("member_newsletter_done", true, bigintval($_POST['uid']));
- SEND_EMAIL(bigintval($_POST['uid']), NL_MEMBER_DONE_SUBJECT, $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("member_newsletter_done", true, bigintval(REQUEST_POST('uid')));
+ SEND_EMAIL(bigintval(REQUEST_POST('uid')), NL_MEMBER_DONE_SUBJECT, $msg);
// Output message to admin
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_NL_MEMBER_DONE'));
$SQL2 = "";
// Set offset an current page to default values
-if (empty($_GET['page'])) $_GET['page'] = "1";
-if (empty($_GET['offset'])) $_GET['offset'] = getConfig('mails_page');
+if (!REQUEST_ISSET_GET(('page'))) REQUEST_GET('page') = "1";
+if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('mails_page'));
-if ((EXT_IS_ACTIVE("bonus")) && ($WHO == _ALL)) {
+if ((EXT_IS_ACTIVE("bonus")) && ($WHO == getMessage('_ALL'))) {
// Bonus mails sent by you
// 0 1 2 3 4 5 6 7 8 9 10 11 12
$SQL2 = "SELECT id, subject, text, receivers, points, time, data_type, timestamp, url, cat_id, target_send, mails_sent, clicks
}
// Create limitation line
-$ADD = " LIMIT ".(bigintval($_GET['offset']) * bigintval($_GET['page']) - bigintval($_GET['offset'])).", ".bigintval($_GET['offset']);
+$ADD = " LIMIT ".(bigintval(REQUEST_GET('offset')) * bigintval(REQUEST_GET('page')) - bigintval(REQUEST_GET('offset'))).", ".bigintval(REQUEST_GET('offset'));
// Add limitation
if (!empty($SQL2)) $SQL2 .= $ADD;
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_GET['pid'])) {
+if (REQUEST_ISSET_GET(('pid'))) {
// First let's get the member's ID
$result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE id=%s LIMIT 1",
- array($_GET['pid']), __FILE__, __LINE__);
+ array(REQUEST_GET('pid')), __FILE__, __LINE__);
list($uid, $tuid, $points, $tstamp, $tpass) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Obtain some data
- if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0)) {
+ if (!REQUEST_ISSET_GET(('task')) && (!empty($uid)) && ($uid > 0)) {
// Get task ID from database
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_task_system` WHERE userid=%s AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_FAILED_OBTAIN_USERID);
} else {
// Get task ID from URL
- $task = $_GET['task'];
+ $task = REQUEST_GET('task');
}
if ((!empty($task)) && (!empty($uid)) && ($uid > 0)) {
// Konstante bauen
define('PAYOUT_USERDATA_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".TRANSLATE_GENDER($gender)." ".$surname." ".$family."</a>");
- if (($_GET['do'] == "accept") && (!empty($email))) {
+ if ((REQUEST_GET('do') == "accept") && (!empty($email))) {
// Ok, now we can output the form or execute accepting
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Obtain payout type and other data
$result = SQL_QUERY_ESC("SELECT payout_id FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE id=%s LIMIT 1",
- array(bigintval($_GET['pid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__);
list($ptype) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Clear payout request
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_payouts` SET `status`='ACCEPTED' WHERE id=%s LIMIT 1",
- array(bigintval($_GET['pid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__);
// Send out mail
- $msg = LOAD_EMAIL_TEMPLATE("member_payout_accepted", $_POST['text'], $uid);
+ $msg = LOAD_EMAIL_TEMPLATE("member_payout_accepted", REQUEST_POST('text'), $uid);
// Output message
if ($allow == "Y") {
// Load template
LOAD_TEMPLATE("admin_payout_accept_form", false, $task);
}
- } elseif (($_GET['do'] == "reject") && (!empty($email))) {
+ } elseif ((REQUEST_GET('do') == "reject") && (!empty($email))) {
// Ok, now we can output the form or execute rejecting
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
if ($task > 0) {
// Clear task
RUN_FILTER('solve_task', $task);
// Clear payout request
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_payouts` SET `status`='REJECTED' WHERE id=%s LIMIT 1",
- array(bigintval($_GET['pid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__);
// Send out mail
- $msg = LOAD_EMAIL_TEMPLATE("member_payout_rejected", $_POST['text'], $uid);
+ $msg = LOAD_EMAIL_TEMPLATE("member_payout_rejected", REQUEST_POST('text'), $uid);
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_REJECTED_NOTIFIED);
}
} elseif ((empty($task)) || ($task == "0")) {
// Failed loading task ID
- LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_FAILED_OBTAIN_TASK_ID);
+ LOAD_TEMPLATE("admin_settings_saved", false, getMessage('PAYOUT_FAILED_OBTAIN_TASK_ID'));
}
} else {
- if (empty($_GET['do'])) $_GET['do'] = "";
- if ($_GET['do'] == "delete") {
+ if (!REQUEST_ISSET_GET(('do'))) REQUEST_SET_GET('do', "");
+
+ if (REQUEST_GET('do') == "delete") {
// Delete all requests
$result = SQL_QUERY("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_payouts`", __FILE__, __LINE__);
}
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (empty($_GET['sub'])) $_GET['sub'] = "";
+if (!REQUEST_ISSET_GET(('sub'))) REQUEST_SET_GET('sub', "");
$MSG = "";
// Quick actions on a rallye
-if (isset($_GET['rallye']))
+if (REQUEST_ISSET_GET(('rallye')))
{
// Activate / deactivate
$SQL = "";
- if (isset($_GET['activate']))
+ if (REQUEST_ISSET_GET(('activate')))
{
- switch ($_GET['activate'])
+ switch (REQUEST_GET('activate'))
{
case "1": // Activate
$SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET is_active='Y' WHERE id=%s AND is_active='N' LIMIT 1";
}
// Automatic notification
- if (isset($_GET['notify']))
+ if (REQUEST_ISSET_GET(('notify')))
{
- switch ($_GET['notify'])
+ switch (REQUEST_GET('notify'))
{
case "1": // Activate
$SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET send_notify='Y' WHERE id=%s AND send_notify='N' LIMIT 1";
}
// Automatic adding of new members
- if (isset($_GET['auto']))
+ if (REQUEST_ISSET_GET(('auto')))
{
- switch ($_GET['auto'])
+ switch (REQUEST_GET('auto'))
{
case "1": // Activate
$SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET auto_add_new_user='Y' WHERE id=%s AND auto_add_new_user='N' LIMIT 1";
// Run SQL command
if (!empty($SQL))
{
- $result = SQL_QUERY_ESC($SQL, array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC($SQL, array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
}
}
- elseif (isset($_POST['remove']))
+ elseif (REQUEST_ISSET_POST(('remove')))
{
// Delete rallyes
- $SEL = SELECTION_COUNT($_POST['sel']);
+ $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
if ($SEL > 0)
{
// Delete selected rallyes and all it's data
- foreach ($_POST['sel'] as $id => $sel)
+ foreach (REQUEST_POST('sel') as $id => $sel)
{
// Remove selected rallye entirely...
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1",
$MSG = RALLYE_DELETE_NOTHING_SELECTED;
}
}
- elseif (isset($_POST['change']))
+ elseif (REQUEST_ISSET_POST(('change')))
{
// Change rallye
- $SEL = SELECTION_COUNT($_POST['title']);
+ $SEL = SELECTION_COUNT(REQUEST_POST('title'));
if ($SEL > 0)
{
// Change selected rallyes and all it's data
- foreach ($_POST['title'] as $id => $title)
+ foreach (REQUEST_POST('title') as $id => $title)
{
// Secure ID number
$id = bigintval($id);
// Generate timestamps
- $START = mktime($_POST['start_hour'][$id], $_POST['start_min'][$id], $_POST['start_sec'][$id], $_POST['start_month'][$id], $_POST['start_day'][$id], $_POST['start_year'][$id]);
- $END = mktime($_POST['end_hour'][$id] , $_POST['end_min'][$id] , $_POST['end_sec'][$id] , $_POST['end_month'][$id] , $_POST['end_day'][$id] , $_POST['end_year'][$id] );
+ $START = mktime(REQUEST_POST('start_hour', $id), REQUEST_POST('start_min', $id), REQUEST_POST('start_sec', $id), REQUEST_POST('start_month', $id), REQUEST_POST('start_day', $id), REQUEST_POST('start_year', $id));
+ $END = mktime(REQUEST_POST('end_hour', $id) , REQUEST_POST('end_min', $id) , REQUEST_POST('end_sec', $id) , REQUEST_POST('end_month', $id) , REQUEST_POST('end_day', $id) , REQUEST_POST('end_year', $id) );
// Update entry
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET
min_users='%s',
min_prices='%s'
WHERE id='".$id."' LIMIT 1",
- array($title, $_POST['descr'][$id], $_POST['templ'][$id], bigintval($START), bigintval($END), bigintval($_POST['min_users'][$id]), bigintval($_POST['min_prices'][$id]), $id),
- __FILE__, __LINE__);
+ array(
+ $title,
+ REQUEST_POST('descr', $id),
+ REQUEST_POST('templ', $id),
+ bigintval($START),
+ bigintval($END),
+ bigintval(REQUEST_POST('min_users', $id)),
+ bigintval(REQUEST_POST('min_prices', $id)),
+ $id
+ ), __FILE__, __LINE__);
}
// Output message
}
}
-if (isset($_POST['edit']))
-{
+if (REQUEST_ISSET_POST(('edit'))) {
// Check for selections
- $SEL = SELECTION_COUNT($_POST['sel']);
- if ($SEL > 0)
- {
+ $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
+ if ($SEL > 0) {
// Make all selected and deactivated rallyes editable
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $sel)
- {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Load rallye basic data
$result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// Color switching
$SW = 3 - $SW;
}
+
// Remember rows in constant
define('__RALLYE_ROWS', $OUT);
// Load final template
LOAD_TEMPLATE("admin_edit_rallyes");
- }
- else
- {
+ } else {
// Nothing selected to edit
LOAD_TEMPLATE("admin_settings_saved", false, LOAD_TEMPLATE("admin_list_rallye_noselect", true));
}
-} elseif (($_GET['sub'] == "users") && ($_GET['rallye'] > 0)) {
+} elseif ((REQUEST_GET('sub') == "users") && (REQUEST_GET('rallye') > 0)) {
// List users and their refs before start and current
$result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM `{!_MYSQL_PREFIX!}_rallye_users` WHERE rallye_id=%s ORDER BY userid",
- array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
$SW = 2; $OUT = "";
- define('__RALLYE_VALUE', $_GET['rallye']);
+ define('__RALLYE_VALUE', REQUEST_GET('rallye'));
while (list($uid, $old, $opoints) = SQL_FETCHROW($result))
{
// Check for referal count
// Output row
$Bl = ""; $Br = "";
if (($opoints > 0) && ($cnt > 0)) { $Bl = "<strong>"; $Br = "</strong>"; }
- if (($old > 0) || ($cnt > 0))
- {
+ if (($old > 0) || ($cnt > 0)) {
// Insert link to referal list
//* DEBUG: */ echo "-".$uid."/".$cnt."/".$old."-<br />";
$cnt = ADMIN_USER_PROFILE_LINK($uid, $cnt, "list_refs");
// Load template
LOAD_TEMPLATE("admin_list_rallye_usr");
- }
- else
- {
+ } else {
// No entries found?
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ADMIN_USERS_404);
}
-}
- else
-{
+} else {
// Start listing rallyes
$result = SQL_QUERY("SELECT id, admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify, notified, min_users, min_prices
FROM `{!_MYSQL_PREFIX!}_rallye_data`
ORDER BY start_time DESC",
__FILE__, __LINE__);
- if (SQL_NUMROWS($result) > 0)
- {
+ if (SQL_NUMROWS($result) > 0) {
// List found rallyes
$SW = 2; $OUT = "";
- while (list($id, $aid, $title, $descr, $templ, $start, $end, $auto_add, $active, $notify, $notified, $min_users, $min_prices) = SQL_FETCHROW($result))
- {
+ while (list($id, $aid, $title, $descr, $templ, $start, $end, $auto_add, $active, $notify, $notified, $min_users, $min_prices) = SQL_FETCHROW($result)) {
// Load admin login
$alogin = GET_ADMIN_LOGIN($aid);
$joined = SQL_NUMROWS($result_user);
// Did some users joined this rallye?
- if ($joined > 0)
- {
+ if ($joined > 0) {
// List joined users
$joined = "<a href=\"{!URL!}/modules.php?module=admin&what=list_rallyes&sub=users&rallye=".$id."\" title=\"".RALLYE_LIST_USERS."\">".$joined."</a>";
}
// Load template
LOAD_TEMPLATE("admin_list_rallyes");
- }
- else
- {
+ } else {
// No rallyes setup so far
LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_NO_RALLYES_SETUP);
}
}
+
//
?>
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
// Secure userid
- $uid = bigintval($_GET['u_id']);
+ $uid = bigintval(REQUEST_GET('uid'));
// Check if the user already exists
$result_user = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
array($uid), __FILE__, __LINE__);
// Output info message
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_USER_TOTAL_REFS'), ADMIN_USER_PROFILE_LINK($_GET['u_id']), $menge, $menge_lck));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_USER_TOTAL_REFS'), ADMIN_USER_PROFILE_LINK(REQUEST_GET('uid')), $menge, $menge_lck));
}
// Are there some levels (VERY BAD IF NONE!)
// Prepare content
$content = array(
'rows' => $OUT,
- 'uid' => ADMIN_USER_PROFILE_LINK($_GET['u_id'])
+ 'uid' => ADMIN_USER_PROFILE_LINK(REQUEST_GET('uid'))
);
// Load main template
SQL_FREERESULT($result_levels);
} else {
// User not found
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id']));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid')));
}
// Free memory
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_GET['id'])) {
+if (REQUEST_ISSET_GET(('id'))) {
// Show detailed informations to a sponsor
$result = SQL_QUERY_ESC("SELECT company, position, gender, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, status, sponsor_created, last_online, last_change, receive_warnings, points_amount, points_used, remote_addr, warning_interval, refid, ref_count
FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE id='%s' LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Load sponsor details
// Check for sponsor's orders (only count)
$result_orders = SQL_QUERY_ESC("SELECT COUNT(id) FROM `{!_MYSQL_PREFIX!}_sponsor_orders` WHERE sponsorid='%s'",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
list($orders) = SQL_FETCHROW($result_orders);
SQL_FREERESULT($result_orders);
if (empty($orders)) $orders = 0;
// Prepare all data for the template
// Sponsor's ID
- define('__SPONSOR_ID' , $_GET['id']);
+ define('__SPONSOR_ID' , REQUEST_GET('id'));
// Company's data
define('__SPONSOR_COMPANY' , $DATA['company']);
define('__SPONSOR_POSITION' , $DATA['position']);
LOAD_TEMPLATE("admin_list_sponsor_details");
} else {
// Sponsor not found
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), $_GET['id']));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), REQUEST_GET('id')));
}
-} elseif (!empty($_GET['rid'])) {
+} elseif (REQUEST_ISSET_GET(('rid'))) {
// Search for sponsor
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
- array(bigintval($_GET['rid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('rid'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Free memory
SQL_FREERESULT($result);
$result = SQL_QUERY_ESC("SELECT id, gender, surname, family, email, status, sponsor_created, last_online, points_amount, points_used, remote_addr, ref_count
FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE refid='%s' ORDER BY `id`",
- array(bigintval($_GET['rid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('rid'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0) {
// List refs now
SQL_FREERESULT($result);
} else {
// No refs made so far
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_REFS_404'), "<a href=\"{!URL!}/modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['rid'])."\">".bigintval($_GET['rid'])."</a>"));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_REFS_404'), "<a href=\"{!URL!}/modules.php?module=admin&what=list_sponsor&id=".bigintval(REQUEST_GET('rid'))."\">".bigintval(REQUEST_GET('rid'))."</a>"));
}
} else {
// Sponsor not found
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['rid'])));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('rid'))));
}
} else {
// List all sponsors
$MSG = "";
-if (isset($_POST['add'])) {
+if (REQUEST_ISSET_POST(('add'))) {
// Check input variables
- if (empty($_POST['pay_name'])) unset($_POST['add']);
- if ((round($_POST['pay_rate']) == 0) || (empty($_POST['pay_rate']))) unset($_POST['add']);
- $_POST['pay_min_count'] = bigintval($_POST['pay_min_count']);
- if (($_POST['pay_min_count'] == 0) || (empty($_POST['pay_min_count']))) unset($_POST['add']);
- if (empty($_POST['pay_currency'])) unset($_POST['add']);
-} elseif ((isset($_POST['edit'])) || (isset($_POST['del'])) || (isset($_POST['change'])) || (isset($_POST['remove']))) {
+ if (!REQUEST_ISSET_POST(('pay_name'))) REQUEST_UNSET_POST(('add'));
+ if ((round(REQUEST_POST('pay_rate')) == 0) || (!REQUEST_ISSET_POST(('pay_rate')))) REQUEST_UNSET_POST(('add'));
+
+ REQUEST_SET_POST('pay_min_count', bigintval(REQUEST_POST('pay_min_count')));
+
+ if ((REQUEST_POST('pay_min_count') == 0) || (!REQUEST_ISSET_POST(('pay_min_count')))) REQUEST_UNSET_POST(('add'));
+ if (!REQUEST_ISSET_POST(('pay_currency'))) REQUEST_UNSET_POST(('add'));
+
+} elseif ((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('del'))) || (REQUEST_ISSET_POST(('change'))) || (REQUEST_ISSET_POST(('remove')))) {
// Check if at least one entry was selected
- if (empty($_POST['id'])) {
+ if (!REQUEST_ISSET_POST(('id'))) {
// Nothing selected for editing / deleting???
- unset($_POST['edit']);
- unset($_POST['del']);
- unset($_POST['change']);
- unset($_POST['remove']);
- } elseif (isset($_POST['change'])) {
+ REQUEST_UNSET_POST(('edit'));
+ REQUEST_UNSET_POST(('del'));
+ REQUEST_UNSET_POST(('change'));
+ REQUEST_UNSET_POST(('remove'));
+ } elseif (REQUEST_ISSET_POST(('change'))) {
// Change entries here...
- foreach ($_POST['id'] as $id => $sel) {
+ foreach (REQUEST_POST('id') as $id => $sel) {
// Secure ID
$id = bigintval($id);
// Save entry
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_paytypes`
SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id='%s' LIMIT 1",
- array($_POST['name'][$id], $_POST['rate'][$id], bigintval($_POST['min'][$id]), $_POST['curr'][$id], $id),
- __FILE__, __LINE__);
+ array(
+ REQUEST_POST('name', $id),
+ REQUEST_POST('rate', $id),
+ bigintval(REQUEST_POST('min', $id)),
+ REQUEST_POST('curr', $id),
+ $id
+ ), __FILE__, __LINE__);
}
// Generate message
- $MSG = SPONSOR_PAY_ENTRIES_CHANGED;
- } elseif (isset($_POST['remove'])) {
+ $MSG = getMessage('SPONSOR_PAY_ENTRIES_CHANGED');
+ } elseif (REQUEST_ISSET_POST(('remove'))) {
// Remove entries here...
- foreach ($_POST['id'] as $id => $sel) {
+ foreach (REQUEST_POST('id') as $id => $sel) {
// Remove entry
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` WHERE id='%s' LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
// Generate message
- $MSG = SPONSOR_PAY_ENTRIES_REMOVED;
+ $MSG = getMessage('SPONSOR_PAY_ENTRIES_REMOVED');
}
if (!empty($MSG)) {
}
}
-if (isset($_POST['add'])) {
+if (REQUEST_ISSET_POST(('add'))) {
// Check if entry with same name does exists
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` WHERE pay_name='%s' LIMIT 1",
- array($_POST['pay_name']), __FILE__, __LINE__);
+ array(REQUEST_POST('pay_name')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// No entry found so add this line
- SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_paytypes` (pay_name, pay_rate, pay_min_count, pay_currency)
- VALUES ('%s','%s','%s','%s')",
- array(htmlspecialchars($_POST['pay_name']), REVERT_COMMA($_POST['pay_rate']), bigintval($_POST['pay_min_count']), htmlspecialchars($_POST['pay_currency'])),
- __FILE__, __LINE__);
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_paytypes` (pay_name, pay_rate, pay_min_count, pay_currency) VALUES ('%s','%s','%s','%s')",
+ array(
+ htmlspecialchars(REQUEST_POST('pay_name')),
+ REVERT_COMMA(REQUEST_POST('pay_rate')),
+ bigintval(REQUEST_POST('pay_min_count')),
+ htmlspecialchars(REQUEST_POST('pay_currency'))
+ ), __FILE__, __LINE__);
// Payment type added!
- $MSG = ADMIN_SPONSOR_PAYTYPE_ADDED_1.$_POST['pay_name'].ADMIN_SPONSOR_PAYTYPE_ADDED_2;
+ $MSG = ADMIN_SPONSOR_PAYTYPE_ADDED_1.REQUEST_POST('pay_name').ADMIN_SPONSOR_PAYTYPE_ADDED_2;
} else {
// Free memory
SQL_FREERESULT($result);
// Entry does already exists
- $MSG = ADMIN_SPONSOR_PAYTYPE_ALREADY_1.$_POST['pay_name'].ADMIN_SPONSOR_PAYTYPE_ALREADY_2;
+ $MSG = ADMIN_SPONSOR_PAYTYPE_ALREADY_1.REQUEST_POST('pay_name').ADMIN_SPONSOR_PAYTYPE_ALREADY_2;
}
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
-} elseif ((isset($_POST['edit'])) || (isset($_POST['del']))) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('del')))) {
// Load all data
$OUT = ""; $SW = 2;
- foreach ($_POST['id'] as $id => $sel) {
+ foreach (REQUEST_POST('id') as $id => $sel) {
// Load entry
$result = SQL_QUERY_ESC("SELECT pay_name, pay_rate, pay_min_count, pay_currency FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` WHERE id='%s' LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
'curr' => htmlspecialchars($curr)
);
- if (isset($_POST['edit'])) {
+ if (REQUEST_ISSET_POST(('edit'))) {
// Edit entry
$OUT .= LOAD_TEMPLATE("admin_list_sponsor_pay_edit_row", true, $content);
} else {
define('__SPONSOR_ROWS', $OUT);
// Load main template depending on mode (edit/delete)
- if (isset($_POST['edit'])) {
+ if (REQUEST_ISSET_POST(('edit'))) {
// Load main edit template
LOAD_TEMPLATE("admin_list_sponsor_pay_edit");
} else {
define('__LIST_CONTENT', LOAD_TEMPLATE("admin_list_sponsor_pay", true));
} else {
// Noting setup so far!
- define('__LIST_CONTENT', LOAD_TEMPLATE("admin_settings_saved", true, ADMIN_SPONSOR_NO_PAYTYPES));
+ define('__LIST_CONTENT', LOAD_TEMPLATE("admin_settings_saved", true, getMessage('ADMIN_SPONSOR_NO_PAYTYPES')));
}
// Add new payment types here
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_GET['id'])) {
+if (REQUEST_ISSET_GET(('id'))) {
// Check for selected sponsor
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// ...
// Free memory
SQL_FREERESULT($result);
} else {
// Sponsor not found!
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id'])));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id'))));
}
} else {
// Not called by what-list_sponsor.php
$show = true;
// Check for 'id' element
-if ((count($_POST) > 0) && ((!isset($_POST['id'])) || (!is_array($_POST['id'])) || (count($_POST['id']) == 0))) {
+if ((REQUEST_POST_COUNT() > 0) && ((!REQUEST_ISSET_POST(('id'))) || (!is_array(REQUEST_POST('id'))) || (count(REQUEST_POST('id')) == 0))) {
// Not found so output message
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_NO_SELECTIONS'));
}
// Edit or delete button hit?
-if (isset($_POST['edit'])) {
+if (REQUEST_ISSET_POST(('edit'))) {
// Show entries for editing
ADMIN_EDIT_ENTRIES_CONFIRM(
- $_POST['id'],
+ REQUEST_POST('id'),
"surfbar_urls",
array("id", "userid", "url"),
array("bigintval", "ADD_MEMBER_SELECTION_BOX", ""),
array("", array(false, true, true), "")
);
$show = false;
-} elseif (isset($_POST['do_edit'])) {
+} elseif (REQUEST_ISSET_POST(('do_edit'))) {
// Change data of entries
ADMIN_EDIT_ENTRIES_CONFIRM(
- $_POST['id'],
+ REQUEST_POST('id'),
"surfbar_urls",
array(),
array(),
array(),
true
);
-} elseif (isset($_POST['delete'])) {
+} elseif (REQUEST_ISSET_POST(('delete'))) {
// Show entries for deletion
ADMIN_DELETE_ENTRIES_CONFIRM(
- $_POST['id'],
+ REQUEST_POST('id'),
"surfbar_urls",
array("id", "userid", "url", "registered"),
array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", ""),
array("", "", "", "")
);
$show = false;
-} elseif (isset($_POST['do_delete'])) {
+} elseif (REQUEST_ISSET_POST(('do_delete'))) {
// Remove entries from database
- ADMIN_DELETE_ENTRIES_CONFIRM($_POST['id'], "surfbar_urls", array(), array(), array(), true);
-} elseif (isset($_POST['lock'])) {
+ ADMIN_DELETE_ENTRIES_CONFIRM(REQUEST_POST('id'), "surfbar_urls", array(), array(), array(), true);
+} elseif (REQUEST_ISSET_POST(('lock'))) {
// Un-/lock selected URLs. This does not work for pending URLs
ADMIN_LOCK_ENTRIES_CONFIRM(
- $_POST['id'],
+ REQUEST_POST('id'),
"surfbar_urls",
array("id", "userid", "url", "registered", "status"),
array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", "", "SURFBAR_TRANSLATE_STATUS"),
array("", "", "", "", "")
);
$show = false;
-} elseif (isset($_POST['do_lock'])) {
+} elseif (REQUEST_ISSET_POST(('do_lock'))) {
// Un-/lock selected URLs. This does not work for pending URLs
ADMIN_LOCK_ENTRIES_CONFIRM(
- $_POST['id'],
+ REQUEST_POST('id'),
"surfbar_urls",
array(),
array(),
array("status" => array("ACTIVE" => "LOCKED", "LOCKED" => "ACTIVE")),
true
);
-} elseif (isset($_POST['undelete'])) {
+} elseif (REQUEST_ISSET_POST(('undelete'))) {
// Undelete selected URLs. This does only work for deleted URLs... ;-)
ADMIN_UNDELETE_ENTRIES_CONFIRM(
- $_POST['id'],
+ REQUEST_POST('id'),
"surfbar_urls",
array("id", "userid", "url", "registered", "status"),
array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", "", "SURFBAR_TRANSLATE_STATUS"),
array("", "", "", "", "")
);
$show = false;
-} elseif (isset($_POST['do_undelete'])) {
+} elseif (REQUEST_ISSET_POST(('do_undelete'))) {
// Undelete selected URLs. This does only work for deleted URLs... ;-)
ADMIN_UNDELETE_ENTRIES_CONFIRM(
- $_POST['id'],
+ REQUEST_POST('id'),
"surfbar_urls",
array(),
array(),
ADD_DESCR("admin", __FILE__);
$whereStatement = "";
-if (empty($_GET['type'])) $_GET['type'] = "your";
+if (!REQUEST_ISSET_GET(('type'))) REQUEST_SET_GET('type', "your");
-switch ($_GET['type'])
+switch (REQUEST_GET('type'))
{
case "your": // List only your own open (new) tasks
$whereStatement = "assigned_admin='".GET_CURRENT_ADMIN_ID()."' AND `status`='NEW' AND task_type != 'EXTENSION_UPDATE'";
break;
default: // Unknown type
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown task type %s detected.", $_GET['type']));
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_TASK_UNKNOWN_MODE'), $_GET['type']));
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown task type %s detected.", REQUEST_GET('type')));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_TASK_UNKNOWN_MODE'), REQUEST_GET('type')));
break;
}
-if (!empty($whereStatement))
-{
+if (!empty($whereStatement)) {
$SEL = 0;
- if (isset($_POST['task'])) $SEL = SELECTION_COUNT($_POST['task']);
- if ((isset($_POST['assign'])) && ($SEL > 0)) {
+ if (REQUEST_ISSET_POST(('task'))) $SEL = SELECTION_COUNT(REQUEST_POST('task'));
+
+ if ((REQUEST_ISSET_POST(('assign'))) && ($SEL > 0)) {
// Assign / do tasks
LOAD_INC_ONCE("inc/modules/admin/overview-inc.php");
if (empty($dmy)) $dmy = "";
- OUTPUT_SELECTED_TASKS($_POST, $dmy);
+ OUTPUT_SELECTED_TASKS(REQUEST_POST_ARRAY(), $dmy);
} else {
// Start listing tasks matching selected filter
$result_tasks = SQL_QUERY("SELECT id, assigned_admin, userid, task_type, subject, text, task_created
ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __LINE__);
if (($SEL > 0) && (!IS_DEMO())) {
// Only unassign / delete tasks when there are selected tasks posted
- if (isset($_POST['unassign'])) {
+ if (REQUEST_ISSET_POST(('unassign'))) {
// Unassign from tasks
- foreach ($_POST['task'] as $id => $sel) {
+ foreach (REQUEST_POST('task') as $id => $sel) {
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_task_system` SET assigned_admin=0 WHERE id=%s AND assigned_admin=%s LIMIT 1",
array(bigintval($id), GET_CURRENT_ADMIN_ID()), __FILE__, __LINE__);
}
- } elseif (isset($_POST['del'])) {
+ } elseif (REQUEST_ISSET_POST(('del'))) {
// Delete tasks
- foreach ($_POST['task'] as $id => $sel) {
- if ($_GET['type'] == "deleted") {
+ foreach (REQUEST_POST('task') as $id => $sel) {
+ if (REQUEST_GET('type') == "deleted") {
// Delete task immediately
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_task_system` WHERE id=%s LIMIT 1",
array(bigintval($id)),__FILE__, __LINE__);
}
// There are uncompleted jobs!
- $type = constant('ADMIN_OVERVIEW_TASK_'.strtoupper($_GET['type']).'_TYPE');
+ $type = constant('ADMIN_OVERVIEW_TASK_'.strtoupper(REQUEST_GET('type')).'_TYPE');
LOAD_TEMPLATE("admin_overview_header_task", false, array(
'message' => $type,
- 'type' => $_GET['type']
+ 'type' => REQUEST_GET('type')
));
$SW = 2;
while (list($id, $admin, $uid, $type, $subj, $text, $created) = SQL_FETCHROW($result_tasks)) {
SQL_FREERESULT($result_tasks);
// Load footer template
- if ($_GET['type'] == "deleted")
+ if (REQUEST_GET('type') == "deleted")
{
// Delete now button
LOAD_TEMPLATE("admin_overview_footer_task");
// Don't load the admin_list_unconfirmed template by default
$listed = false;
-if (!empty($_GET['mid'])) {
+if (REQUEST_ISSET_GET(('mid'))) {
// List confirmation links from your member's mail orders
define('__LIST_UNCON_TITLE', getMessage('LIST_UNCONFIRMED_MEMBER_LINKS'));
$SQL = "SELECT DISTINCT s.id, p.sender, p.subject, p.text, p.url, p.timestamp, s.max_rec FROM `{!_MYSQL_PREFIX!}_pool` AS p
LEFT JOIN `{!_MYSQL_PREFIX!}_user_stats` AS s
ON p.id=s.pool_id
-WHERE p.id='".$_GET['mid']."' LIMIT 1";
+WHERE p.id='".REQUEST_GET('mid')."' LIMIT 1";
// Column, type and ID for member's mail
$col = "stats_id"; $type = "NORMAL"; $ID = "-1";
// Load admin_list_unconfirmed template
- $listed = true; $DATA = $_GET['mid']; $LINK = "mailid";
-} elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) {
+ $listed = true; $DATA = REQUEST_GET('mid'); $LINK = "mailid";
+} elseif ((REQUEST_ISSET_GET(('bid'))) && (EXT_IS_ACTIVE("bonus"))) {
// List confirmation links from bonus mails
define('__LIST_UNCON_TITLE', getMessage('LIST_UNCONFIRMED_BONUS_LINKS'));
// SQL query for mail data (both ids are required for compatiblity to above normal mail
- $SQL = "SELECT id, id, subject, text, url, timestamp, mails_sent FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id='".$_GET['bid']."' LIMIT 1";
+ $SQL = "SELECT id, id, subject, text, url, timestamp, mails_sent FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id='".REQUEST_GET('bid')."' LIMIT 1";
// Column, type and ID for member's mail
- $col = "bonus_id"; $type = "BONUS"; $ID = $_GET['bid'];
+ $col = "bonus_id"; $type = "BONUS"; $ID = REQUEST_GET('bid');
// Load admin_list_unconfirmed template
$listed = true; $DATA = $ID; $LINK = "bonusid";
// Load final template
LOAD_TEMPLATE("admin_list_unconfirmed");
- } elseif ($_GET['mid'] > 0) {
+ } elseif (REQUEST_GET('mid') > 0) {
// Data in pool or in user_stats not found, so let's find out where data is missing
$result1 = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
array(bigintval($ID)), __FILE__, __LINE__);
// Free memory
SQL_FREERESULT($result1);
SQL_FREERESULT($result2);
- } elseif (!empty($_GET['bid'])) {
+ } elseif (REQUEST_ISSET_GET(('bid'))) {
// Data in bonus table not found
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_UNCONFIRMED_INVALID_LINK'));
}
// Init title with "all accounts"
$listHeader = getMessage('ADMIN_ALL_ACCOUNTS');
-if (!empty($_GET['status'])) {
+if (REQUEST_ISSET_GET(('status'))) {
// Set title according to the "status"
- $listHeader = getMessage(sprintf("ADMIN_LIST_STATUS_%s_ACCOUNTS", strtoupper(SQL_ESCAPE($_GET['status']))));
-} elseif (!empty($_GET['mode'])) {
+ $listHeader = getMessage(sprintf("ADMIN_LIST_STATUS_%s_ACCOUNTS", strtoupper(SQL_ESCAPE(REQUEST_GET('status')))));
+} elseif (REQUEST_ISSET_GET(('mode'))) {
// Set title according to the "mode"
- $listHeader = getMessage(sprintf("ADMIN_LIST_MODE_%s_ACCOUNTS", strtoupper(SQL_ESCAPE($_GET['mode']))));
+ $listHeader = getMessage(sprintf("ADMIN_LIST_MODE_%s_ACCOUNTS", strtoupper(SQL_ESCAPE(REQUEST_GET('mode')))));
}
// Remember it
}
// Init unset data (bad that we change $_GET here!)
-if (empty($_GET['letter'])) { $_GET['letter'] = _ALL2; }
-if (empty($_GET['sortby'])) { $_GET['sortby'] = "userid"; }
-if (empty($_GET['page'])) { $_GET['page'] = "1"; }
+if (!REQUEST_ISSET_GET(('letter'))) { REQUEST_SET_GET('letter', getMessage('_ALL2')); }
+if (!REQUEST_ISSET_GET(('sortby'))) { REQUEST_SET_GET('sortby', "userid"); }
+if (!REQUEST_ISSET_GET(('page'))) { REQUEST_SET_GET('page' , "1"); }
// Set base URL
$BASE = "[<a href=\"{!URL!}/modules.php?module=admin";
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
// Secure the user ID
- $uid = bigintval($_GET['u_id']);
+ $uid = bigintval(REQUEST_GET('uid'));
// Does the account exists?
$result_user = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails, receive_mails, refid, status, REMOTE_ADDR, last_online, last_module, ref_clicks, total_logins, used_points, emails_sent, joined, last_update, last_profile_sent, notified, ref_payout, emails_received, mails_confirmed".$MORE."
$LINKS = GET_TOTAL_DATA($uid, "user_links", "id", "userid", true);
// Add links to the numbers
- if ($LINKS > 0) $LINKS = $BASE."&what=list_links&u_id=".$uid."\">".$LINKS."</a>]";
- if ($DATA['refid'] > 0) $DATA['refid'] = $BASE."&what=list_user&u_id=".$DATA['refid']."\">".$DATA['refid']."</a>]";
+ if ($LINKS > 0) $LINKS = $BASE."&what=list_links&uid=".$uid."\">".$LINKS."</a>]";
+ if ($DATA['refid'] > 0) $DATA['refid'] = $BASE."&what=list_user&uid=".$DATA['refid']."\">".$DATA['refid']."</a>]";
if (empty($DATA['last_module'])) $DATA['last_module'] = "---";
- if ($REFS > 0) $REFS = $BASE."&what=list_refs&u_id=".$uid."\">".$REFS."</a>]";
- if ($CATS > 0) $CATS = $BASE."&what=list_cats&u_id=".$uid."\">".$CATS."</a>]";
+ if ($REFS > 0) $REFS = $BASE."&what=list_refs&uid=".$uid."\">".$REFS."</a>]";
+ if ($CATS > 0) $CATS = $BASE."&what=list_cats&uid=".$uid."\">".$CATS."</a>]";
// Calculate timestamp for birthday
$stamp = mktime(0, 0, 0, $DATA['birth_month'], $DATA['birth_day'], $DATA['birth_year']);
$DATA['status'] = TRANSLATE_STATUS($DATA['status']);
$DATA['last_online'] = MAKE_DATETIME($DATA['last_online'], "0");
$DATA['used_points'] = TRANSLATE_COMMA($DATA['used_points']);
- if ($DATA['emails_sent'] > 0) $DATA['emails_sent'] = $BASE."&what=email_details&u_id=".$uid."\">".TRANSLATE_COMMA($DATA['emails_sent'])."</a>]";
+ if ($DATA['emails_sent'] > 0) $DATA['emails_sent'] = $BASE."&what=email_details&uid=".$uid."\">".TRANSLATE_COMMA($DATA['emails_sent'])."</a>]";
$DATA['joined'] = MAKE_DATETIME($DATA['joined'], "0");
$DATA['last_update'] = MAKE_DATETIME($DATA['last_update'], "0");
$DATA['last_profile_sent'] = MAKE_DATETIME($DATA['last_profile_sent'], "0");
SQL_FREERESULT($result_user);
} else {
$whereStatement = "";
- if (($_GET['letter'] != getMessage('_ALL2')) && ($_GET['letter'] != getMessage('_OTHERS')) && (!empty($_GET['letter']))) {
+ if ((REQUEST_GET('letter') != getMessage('_ALL2')) && (REQUEST_GET('letter') != getMessage('_OTHERS')) && (REQUEST_ISSET_GET(('letter')))) {
// List only persons w
- $whereStatement = " WHERE family LIKE '".$_GET['letter']."%'";
+ $whereStatement = " WHERE family LIKE '".REQUEST_GET('letter')."%'";
} // END - if
- if ($_GET['sortby'] == "family_name") $_GET['sortby'] = "family";
+ if (REQUEST_GET('sortby') == "family_name") REQUEST_SET_GET('sortby', "family");
// Parse the status or mode parameter
- if (isset($_GET['status'])) {
+ if (REQUEST_ISSET_GET(('status'))) {
// Is a WHERE statement already there?
if (!empty($whereStatement)) {
// Then append the status column
- $whereStatement .= sprintf(" AND `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['status']))));
+ $whereStatement .= sprintf(" AND `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper(REQUEST_GET('status')))));
} else {
// Start a new one
- $whereStatement = sprintf(" WHERE `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['status']))));
+ $whereStatement = sprintf(" WHERE `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper(REQUEST_GET('status')))));
}
- } elseif (isset($_GET['mode'])) {
+ } elseif (REQUEST_ISSET_GET(('mode'))) {
// Choose what we need to list
- switch ($_GET['mode']) {
+ switch (REQUEST_GET('mode')) {
case "norefs": // Users w/o refs
if (!empty($whereStatement)) {
// Add AND statement
break;
default: // Invalid list mode
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid list mode %s detected.", SQL_ESCAPE($_GET['mode'])));
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid list mode %s detected.", SQL_ESCAPE(REQUEST_GET('mode'))));
break;
}
} // END = if
// Prepare SQL and run it
- $SQL = "SELECT userid, gender, surname, family, email, REMOTE_ADDR, refid, status, emails_sent, mails_confirmed, emails_received".$MORE." FROM `{!_MYSQL_PREFIX!}_user_data`".$whereStatement." ORDER BY ".SQL_ESCAPE($_GET['sortby']);
+ $SQL = "SELECT userid, gender, surname, family, email, REMOTE_ADDR, refid, status, emails_sent, mails_confirmed, emails_received".$MORE." FROM `{!_MYSQL_PREFIX!}_user_data`".$whereStatement." ORDER BY ".SQL_ESCAPE(REQUEST_GET('sortby'));
$result_master = SQL_QUERY($SQL, __FILE__, __LINE__);
// Calculate page count (0.5 fixes a bug with page count)
// Activate the extension please!
$PAGES = round(SQL_NUMROWS($result_master) / getConfig('user_limit') + 0.5);
- if (empty($_GET['page'])) $_GET['page'] = "1";
- if (empty($_GET['offset'])) $_GET['offset'] = getConfig('user_limit');
+ if (!REQUEST_ISSET_GET(('page'))) REQUEST_SET_GET('page' , "1");
+ if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('user_limit'));
// Add limitation to SQL string and run him again
- $SQL .= " LIMIT ".($_GET['offset'] * $_GET['page'] - $_GET['offset']).", ".$_GET['offset'];
+ $SQL .= " LIMIT ".(REQUEST_GET('offset') * REQUEST_GET('page') - REQUEST_GET('offset')).", ".REQUEST_GET('offset');
$result = SQL_QUERY($SQL, __FILE__, __LINE__);
$result_user = SQL_QUERY("SELECT emails_sent FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED'", __FILE__, __LINE__);
define('__USER_CNT' , $user_count);
// Sorting links
- define('__ALPHA_SORT', alpha($_GET['sortby'], $colspan, true));
- define('__SORT_LINKS', SortLinks($_GET['letter'], $_GET['sortby'], $colspan, true));
+ define('__ALPHA_SORT', alpha(REQUEST_GET('sortby'), $colspan, true));
+ define('__SORT_LINKS', SortLinks(REQUEST_GET('letter'), REQUEST_GET('sortby'), $colspan, true));
if ($PAGES > 1) {
define('__PAGE_NAV', ADD_PAGENAV($PAGES, getConfig('user_limit'), true, $colspan, true));
// Get number of unconfirmed mails
$LINKS = GET_TOTAL_DATA($content['userid'], "user_links", "id", "userid", true);
- if ($LINKS > 0) $LINKS = $BASE."&what=list_links&u_id=".$content['userid']."\">".TRANSLATE_COMMA($LINKS)."</a>]";
+ if ($LINKS > 0) $LINKS = $BASE."&what=list_links&uid=".$content['userid']."\">".TRANSLATE_COMMA($LINKS)."</a>]";
// Set link to sent mails if present
- if ($content['emails_sent'] > 0) $content['emails_sent'] = $BASE."&what=email_details&u_id=".$content['userid']."\">".TRANSLATE_COMMA($content['emails_sent'])."</a>]";
+ if ($content['emails_sent'] > 0) $content['emails_sent'] = $BASE."&what=email_details&uid=".$content['userid']."\">".TRANSLATE_COMMA($content['emails_sent'])."</a>]";
// Add nickname
if (empty($content['nickname']) || $content['nickname'] == $content['userid']) $content['nickname'] = "---";
ADD_DESCR("admin", __FILE__);
// Do actions here
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Prepare mail for delivery
- YOOMEDIA_PREPARE_MAIL_DELIVERY($_POST);
+ YOOMEDIA_PREPARE_MAIL_DELIVERY(REQUEST_POST_ARRAY());
return;
-} elseif (isset($_POST['sent'])) {
+} elseif (REQUEST_ISSET_POST(('sent'))) {
// Sent mail
- YOOMEDIA_SEND_BONUS_MAIL($_POST, "normal");
-} elseif (isset($_POST['remove'])) {
+ YOOMEDIA_SEND_BONUS_MAIL(REQUEST_POST_ARRAY(), "normal");
+} elseif (REQUEST_ISSET_POST(('remove'))) {
// Add mail to exclude list
- YOOMEDIA_EXCLUDE_MAIL($_POST, "normal");
-} elseif (isset($_POST['unlist'])) {
+ YOOMEDIA_EXCLUDE_MAIL(REQUEST_POST_ARRAY(), "normal");
+} elseif (REQUEST_ISSET_POST(('unlist'))) {
// Remove mail from exclude list
- YOOMEDIA_UNLIST_MAIL($_POST, "normal");
+ YOOMEDIA_UNLIST_MAIL(REQUEST_POST_ARRAY(), "normal");
}
// Enougth queries left?
ADD_DESCR("admin", __FILE__);
$MSG = "";
-if (!empty($_GET['id'])) {
+if (REQUEST_ISSET_GET(('id'))) {
// Check for selected sponsor
$result = SQL_QUERY_ESC("SELECT gender, surname, family, email, status FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Get sponsor's current status and let only confirmed and locked status pass
list($gender, $sname, $fname, $email, $status) = SQL_FETCHROW($result);
define('__GENDER' , TRANSLATE_GENDER($gender));
define('__SURNAME', $sname);
define('__FAMILY' , $fname);
- define('__ID' , bigintval($_GET['id']));
+ define('__ID' , bigintval(REQUEST_GET('id')));
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Create messages
if ($status == "CONFIRMED") {
// Message when sponsor's account got lock
}
// Load email message
- $msg = LOAD_EMAIL_TEMPLATE("lock_sponsor", $_POST['reason'], bigintval($_GET['id']));
+ $msg = LOAD_EMAIL_TEMPLATE("lock_sponsor", REQUEST_POST('reason'), bigintval(REQUEST_GET('id')));
// And send it away
SEND_EMAIL($email, $subject, $msg);
// Update sponsor's account
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='".$status."' WHERE id='%s' LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
- } elseif (!empty($_POST['no'])) {
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
+ } elseif (REQUEST_ISSET_POST(('no'))) {
// No don't lock / unlock now!
- LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id']));
+ LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval(REQUEST_GET('id')));
} else {
// Create header and text messages
if ($status == "CONFIRMED") {
}
} else {
// Sponsor not found!
- $MSG = sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id']));
+ $MSG = sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id')));
}
} else {
// Not called by what-list_sponsor.php
ADD_DESCR("admin", __FILE__);
// Is a userid set?
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
// Load user's data
$result_user = SQL_QUERY_ESC("SELECT status, gender, surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
$ACT = false;
if (SQL_NUMROWS($result_user) == 1) {
// User found
SQL_FREERESULT($result_user);
// Is a lock reason set?
- if ((!empty($_POST['lock'])) && ($status != "LOCKED")) {
+ if ((REQUEST_ISSET_POST(('lock'))) && ($status != "LOCKED")) {
// Ok, lock the account!
if (GET_EXT_VERSION("user") >= "0.3.5") {
// Lock with reason
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='LOCKED',lock_reason='%s',lock_timestamp=NOW() WHERE userid=%s LIMIT 1",
- array($_POST['reason'], bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(REQUEST_POST('reason'), bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
} else {
// Lock with no lock reason saved
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='LOCKED' WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
}
// Entry updated?
if (SQL_AFFECTEDROWS() == 1) {
// Send an email to the user! In later version you can optionally switch this feature off
- $msg = LOAD_EMAIL_TEMPLATE("lock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id']));
+ $msg = LOAD_EMAIL_TEMPLATE("lock-user", array('text' => REQUEST_POST('reason')), bigintval(REQUEST_GET('uid')));
// Send away...
- SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_LOCKED_SUBJ, $msg);
+ SEND_EMAIL(bigintval(REQUEST_GET('uid')), ADMIN_LOCKED_SUBJ, $msg);
} // END - if
// Prepare message
- $MSG = USER_ACCOUNT_LOCKED_1.$_GET['u_id'].USER_ACCOUNT_LOCKED_2;
+ $MSG = USER_ACCOUNT_LOCKED_1.REQUEST_GET('uid').USER_ACCOUNT_LOCKED_2;
$ACT = true;
- } elseif ((!empty($_POST['unlock'])) && ($status == "LOCKED")) {
+ } elseif ((REQUEST_ISSET_POST(('unlock'))) && ($status == "LOCKED")) {
// Ok, unlock the account!
if (GET_EXT_VERSION("user") >= "0.3.5") {
// Reset lock reason as well
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='CONFIRMED',lock_reason='',lock_timestamp='0000-00-00 00:00' WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
} else {
// No lock reason to reset
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='CONFIRMED' WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
}
// Entry updated?
if (SQL_AFFECTEDROWS() == 1) {
// Send an email to the user! In later version you can optionally switch this feature off
- $msg = LOAD_EMAIL_TEMPLATE("unlock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id']));
+ $msg = LOAD_EMAIL_TEMPLATE("unlock-user", array('text' => REQUEST_POST('reason')), bigintval(REQUEST_GET('uid')));
// Send away...
- SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_UNLOCKED_SUBJ'), $msg);
+ SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_UNLOCKED_SUBJ'), $msg);
if (EXT_IS_ACTIVE("rallye")) {
- RALLYE_AUTOADD_USER($_GET['u_id']);
+ RALLYE_AUTOADD_USER(REQUEST_GET('uid'));
} // END - if
} // END - if
// Prepare message
- $MSG = USER_ACCOUNT_UNLOCKED_1.$_GET['u_id'].USER_ACCOUNT_UNLOCKED_2;
+ $MSG = USER_ACCOUNT_UNLOCKED_1.REQUEST_GET('uid').USER_ACCOUNT_UNLOCKED_2;
$ACT = true;
- } elseif (isset($_POST['del'])) {
+ } elseif (REQUEST_ISSET_POST(('del'))) {
// Delete the account
$ACT = true;
LOAD_INC_ONCE("inc/modules/admin/what-del_user.php");
- } elseif (!empty($_POST['no'])) {
+ } elseif (REQUEST_ISSET_POST(('no'))) {
// Do not lock him...
- $URL = "modules.php?module=admin&what=list_user&u_id=".bigintval($_GET['u_id']);
+ $URL = "modules.php?module=admin&what=list_user&uid=".bigintval(REQUEST_GET('uid'));
} else {
$result = SQL_QUERY_ESC("SELECT email, surname, family FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
// Entry found?
if (SQL_NUMROWS($result) == 1) {
define('__EMAIL', CREATE_EMAIL_LINK($email, "user_data"));
define('__SNAME', $sname);
define('__FNAME', $fname);
- define('__UID' , bigintval($_GET['u_id']));
+ define('__UID' , bigintval(REQUEST_GET('uid')));
// Realy want to lock?
switch ($status)
LOAD_TEMPLATE("admin_lock_user");
} else {
// Account does not exists!
- LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+ LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
}
}
}
} else {
// Account does not exists!
- LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+ LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
}
} else {
// List all users
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (!empty($_GET['access'])) {
+if (REQUEST_ISSET_GET(('access'))) {
// Secure input and construct FQFN
- $access = SQL_ESCAPE(strip_tags($_GET['access']));
+ $access = SQL_ESCAPE(strip_tags(REQUEST_GET('access')));
$target = sprintf("%slogs/%s", constant('PATH'), $access);
// Is the file valid and readable?
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// De- or activate maintenance mode
switch (getConfig('maintenance'))
{
ADD_DESCR("admin", __FILE__);
// Check if the admin has entered title and what-php file name...
-if ((empty($_POST['title'])) && (isset($_POST['ok']))) {
- unset($_POST['ok']);
+if ((!REQUEST_ISSET_POST(('title'))) && (IS_FORM_SENT())) {
+ REQUEST_UNSET_POST('ok');
}
-if (!isset($_POST['ok'])) {
+if (!IS_FORM_SENT()) {
// Create arrays
$menus = array(); $titles = array(); $below = array();
LOAD_TEMPLATE("admin_member_add");
} elseif (!IS_DEMO()) {
// Insert new menu entry
- if (!empty($_POST['menu']))
+ if (REQUEST_ISSET_POST(('menu')))
{
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_member_menu` (`action`,`what`,`title`,`visible`,`locked`,`sort`) VALUES ('%s','%s','%s','%s','%s','%s')",
array(
- $_POST['menu'],
- $_POST['name'],
- $_POST['title'],
- $_POST['visible'],
- $_POST['active'],
- bigintval($_POST['sort']),
+ REQUEST_POST('menu'),
+ REQUEST_POST('name'),
+ REQUEST_POST('title'),
+ REQUEST_POST('visible'),
+ REQUEST_POST('active'),
+ bigintval(REQUEST_POST('sort')),
), __FILE__, __LINE__);
} else {
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_member_menu` (`action`,`title`,`visible`,`locked`,`sort`) VALUES ('%s','%s','%s','%s','%s')",
array(
- $_POST['name'],
- $_POST['title'],
- $_POST['visible'],
- $_POST['active'],
- bigintval($_POST['sort']),
+ REQUEST_POST('name'),
+ REQUEST_POST('title'),
+ REQUEST_POST('visible'),
+ REQUEST_POST('active'),
+ bigintval(REQUEST_POST('sort')),
), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
// Do we edit/delete/change main menus or sub menus?
$AND = "(`what` = '' OR `what` IS NULL)"; $SUB = "";
-if (!empty($_GET['sub'])) {
- $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub']));
- $SUB = SQL_ESCAPE($_GET['sub']);
+if (REQUEST_ISSET_GET(('sub'))) {
+ $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub')));
+ $SUB = SQL_ESCAPE(REQUEST_GET('sub'));
}
// Get count of (maybe) selected menu points
$chk = 0;
-if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel'));
// List all menu points and make them editable
-if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
+if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO())) {
// Edit menu entries
define('__SUB_VALUE', $SUB);
define('__CHK_VALUE', $chk);
$SW = 2; $cnt = 0; $OUT = "";
- foreach ($_POST['sel'] as $sel => $confirm) {
+ foreach (REQUEST_POST('sel') as $sel => $confirm) {
if ($confirm == 1) {
$cnt++;
$result = SQL_QUERY_ESC("SELECT title, action, what FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE ".$AND." AND id=%s LIMIT 1",
// Load template
LOAD_TEMPLATE("admin_mmenu_edit");
-} elseif ((isset($_POST['del'])) && ($chk > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ($chk > 0) && (!IS_DEMO())) {
// Del menu entries with or without confirmation
define('__SUB_VALUE', $SUB);
define('__CHK_VALUE', $chk);
$SW = 2; $cnt = 0; $OUT = "";
- foreach ($_POST['sel'] as $sel => $confirm) {
+ foreach (REQUEST_POST('sel') as $sel => $confirm) {
if ($confirm == 1) {
$cnt++;
$result = SQL_QUERY_ESC("SELECT title FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE ".$AND." AND id=%s LIMIT 1",
// Load template
LOAD_TEMPLATE("admin_mmenu_delete");
-} elseif ((isset($_POST['status'])) && ($chk > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('status'))) && ($chk > 0) && (!IS_DEMO())) {
// Change status (visible / locked)
define('__SUB_VALUE', $SUB);
define('__CHK_VALUE', $chk);
$SW = 2; $cnt = 0; $OUT = "";
- foreach ($_POST['sel'] as $sel => $confirm) {
+ foreach (REQUEST_POST('sel') as $sel => $confirm) {
if ($confirm == 1) {
$cnt++;
$result = SQL_QUERY_ESC("SELECT title, visible, locked FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE ".$AND." AND id=%s LIMIT 1",
define('__CNT_VALUE', $cnt);
//
LOAD_TEMPLATE("admin_mmenu_status");
-} elseif ((isset($_POST['ok'])) && (!IS_DEMO())) {
+} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) {
// An act is done...
- foreach ($_POST['sel'] as $sel => $menu) {
+ foreach (REQUEST_POST('sel') as $sel => $menu) {
$AND = "(`what` = '' OR `what` IS NULL)";
$sel = bigintval($sel);
if (!empty($SUB)) $AND = "action='".$SUB."'";
- switch ($_POST['ok'])
+ switch (REQUEST_POST('ok'))
{
case "edit": // Edit menu
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `title`='%s', `action`='%s', `what`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $sel), __FILE__, __LINE__);
+ array($menu, REQUEST_POST('sel_act', $sel), REQUEST_POST('sel_what', $sel), $sel), __FILE__, __LINE__);
break;
case "del": // Delete menu
case "status": // Change status of menus
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `visible`='%s', `locked`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
+ array(REQUEST_POST('visible', $sel), REQUEST_POST('locked', $sel), $sel), __FILE__, __LINE__);
break;
}
break;
// Load template
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
} else {
- if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) {
+ if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) {
// Init
$tid = ""; $fid = "";
// Get IDs
- if (!empty($_GET['w'])) {
+ if (REQUEST_ISSET_GET(('w'))) {
// Sub menus selected
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
- array(bigintval($_GET['act']), bigintval($_GET['tid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('act')), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
list($tid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
- array(bigintval($_GET['act']), bigintval($_GET['fid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('act')), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
} else {
// Main menu selected
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
- array(bigintval($_GET['tid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
list($tid) = SQL_FETCHROW($result);
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
- array(bigintval($_GET['fid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
}
if ((!empty($tid)) && (!empty($fid))) {
// Sort menu
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__);
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__);
} // END - -fi
}
}
// List selected tasks on overview when task management is not active
- OUTPUT_SELECTED_TASKS($_POST, $result_tasks);
+ OUTPUT_SELECTED_TASKS(REQUEST_POST_ARRAY(), $result_tasks);
}
//
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (empty($_GET['do'])) unset($_GET['do']);
-
-if (((empty($_POST['t_wait'])) || (empty($_POST['payment']))) && (!empty($_GET['do'])) && ($_GET['do'] == "add")) {
- unset($_POST['ok']);
+if (((!REQUEST_ISSET_POST(('t_wait'))) || (!REQUEST_ISSET_POST(('payment')))) && (REQUEST_ISSET_GET(('do'))) && (REQUEST_GET('do') == "add")) {
+ REQUEST_UNSET_POST('ok');
}
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
$SQL = array();
- switch ($_GET['do']) {
+ switch (REQUEST_GET('do')) {
case "add":
- $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_payments` (time, payment, mail_title, price) VALUES ('".$_POST['t_wait']."','".$_POST['payment']."','".$_POST['title']."','".$_POST['price']."')";
+ $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_payments` (time, payment, mail_title, price) VALUES ('".REQUEST_POST('t_wait')."','".REQUEST_POST('payment')."','".REQUEST_POST('title')."','".REQUEST_POST('price')."')";
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_payments` WHERE time='%s' LIMIT 1",
- array($_POST['t_wait']), __FILE__, __LINE__);
+ array(REQUEST_POST('t_wait')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Free memory
$SQLs[0] = "";
break;
case "edit":
- foreach ($_POST['time'] as $id => $value) {
- $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_payments` SET time='".$value."', payment='".$_POST['pay'][$id]."', price='".$_POST['price'][$id]."', mail_title='".$_POST['title'][$id]."' WHERE id='".$id."' LIMIT 1";
+ foreach (REQUEST_POST('time') as $id => $value) {
+ $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_payments` SET time='".$value."', payment='".REQUEST_POST('pay', $id)."', price='".REQUEST_POST('price', $id)."', mail_title='".REQUEST_POST('title', $id)."' WHERE id='".$id."' LIMIT 1";
}
break;
case "del":
- foreach ($_POST['id'] as $id => $value) {
+ foreach (REQUEST_POST('id') as $id => $value) {
$SQLs[] = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_payments` WHERE id='".$id."' LIMIT 1";
}
break;
// Output template
LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
// Delete entries here
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $value) {
+ foreach (REQUEST_POST('sel') as $id => $value) {
$result = SQL_QUERY_ESC("SELECT time, mail_title FROM `{!_MYSQL_PREFIX!}_payments` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($time, $title) = SQL_FETCHROW($result);
// Load main template
LOAD_TEMPLATE("admin_del_payments");
-} elseif ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
// Edit entries
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $value) {
+ foreach (REQUEST_POST('sel') as $id => $value) {
$result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM `{!_MYSQL_PREFIX!}_payments` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($time, $pay, $title, $price) = SQL_FETCHROW($result);
$SEL = 0;
// Some sanity-check
-if ((empty($_POST['url'])) || (empty($_POST['alternate']))) {
- unset($_POST['ok']);
+if ((!REQUEST_ISSET_POST(('url'))) || (!REQUEST_ISSET_POST(('alternate')))) {
+ REQUEST_UNSET_POST('ok');
}
// Check selection count
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Fix older calls from add-new-banner-form
- if (empty($_GET['mode'])) $_GET['mode'] = "add";
+ if (!REQUEST_ISSET_GET(('mode'))) REQUEST_SET_GET('mode', "add");
$SQL = "";
- switch ($_GET['mode'])
+ switch (REQUEST_GET('mode'))
{
case "add":
// Check if banner is already added
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE url='%s' LIMIT 1",
- array($_POST['url']), __FILE__, __LINE__);
+ array(REQUEST_POST('url')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Add banner
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_refbanner` (url, alternate, visible)
VALUES ('%s','%s','%s')",
- array($_POST['url'], $_POST['alternate'], $_POST['visible']), __FILE__, __LINE__);
+ array(REQUEST_POST('url'), REQUEST_POST('alternate'), REQUEST_POST('visible')), __FILE__, __LINE__);
} else {
// Free memory
SQL_FREERESULT($result);
break;
case "edit": // Update banner
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Secure ID
$id = bigintval($id);
// Update entry
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET url='%s', alternate='%s', `visible`='%s' WHERE id=%s LIMIT 1",
- array($_POST['url'][$id], $_POST['alternate'][$id], $_POST['visible'], $id), __FILE__, __LINE__);
+ array(
+ REQUEST_POST('url', $id),
+ REQUEST_POST('alternate', $id),
+ REQUEST_POST('visible'),
+ $id
+ ), __FILE__, __LINE__);
}
break;
}
$content = "<span class=\"admin_failed\">{--SETTINGS_NOT_SAVED--}</span>";
}
LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif (($SEL > 0) && (isset($_POST['edit']))) {
+} elseif (($SEL > 0) && (REQUEST_ISSET_POST(('edit')))) {
// Edit banner
$SW = ""; $OUT = "";
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Load data
$result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
// Load main template
LOAD_TEMPLATE("admin_refbanner_edit");
} else {
- if (($SEL > 0) && (isset($_POST['del'])))
+ if (($SEL > 0) && (REQUEST_ISSET_POST(('del'))))
{
// Delete banner
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
ADD_DESCR("admin", __FILE__);
// Set empty mode to "select"
-if (empty($_GET['mode'])) $_GET['mode'] = "select";
+if (!REQUEST_ISSET_GET('mode')) REQUEST_SET_GET('mode', "select");
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Deliver bonus mail
- ADD_NEW_BONUS_MAIL($_POST, $_GET['mode']);
+ ADD_NEW_BONUS_MAIL(REQUEST_POST_ARRAY(), REQUEST_GET('mode'));
} else {
// Get all available users
- define('__ALL_VALUE', TRANSLATE_COMMA(GET_TOTAL_RECEIVERS($_GET['mode'])));
+ define('__ALL_VALUE', TRANSLATE_COMMA(GET_TOTAL_RECEIVERS(REQUEST_GET('mode'))));
// Prepare option lines
- define('__OPTION_LINES', ADD_CATEGORY_OPTIONS($_GET['mode']));
+ define('__OPTION_LINES', ADD_CATEGORY_OPTIONS(REQUEST_GET('mode')));
// Store send mode
- define('__MODE', SQL_ESCAPE($_GET['mode']));
+ define('__MODE', SQL_ESCAPE(REQUEST_GET('mode')));
if (EXT_IS_ACTIVE("html_mail")) {
// If HTML extension is active
}
// Select template
- switch($_GET['mode']) {
+ switch(REQUEST_GET('mode')) {
case "html": // HTML mails
case "normal": // Normal mails
$template = "admin_send_bonus_form";
// Add description as navigation point
ADD_DESCR("admin", __FILE__);
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
$result = SQL_QUERY("SELECT userid, email
FROM `{!_MYSQL_PREFIX!}_user_data`
WHERE `status`='CONFIRMED' AND nl_receive='Y'
$template = "newsletter";
// Check for extension and sending-mode
- if (!EXT_IS_ACTIVE("html_mail", true) && ($_POST['mode'] == "html")) {
+ if (!EXT_IS_ACTIVE("html_mail", true) && (REQUEST_POST('mode') == "html")) {
// Set mode to text mode
- $_POST['mode'] == "text";
- } elseif ($_POST['mode'] == "html") {
+ REQUEST_POST('mode') == "text";
+ } elseif (REQUEST_POST('mode') == "html") {
// Set HTML templates
$template = "newsletter_html";
}
// Compile message
- $_POST['text'] = COMPILE_CODE($_POST['text']);
+ REQUEST_SET_POST('text', COMPILE_CODE(REQUEST_POST('text')));
// Load template
- $msg = LOAD_EMAIL_TEMPLATE($template, array('text' => $_POST['text']), $id);
+ $msg = LOAD_EMAIL_TEMPLATE($template, array('text' => REQUEST_POST('text')), $id);
// ... and send it away!
- SEND_NEWSLETTER($email, $_POST['subject'], $msg, $_POST['mode']);
+ SEND_NEWSLETTER($email, REQUEST_POST('subject'), $msg, REQUEST_POST('mode'));
}
// Free memory
ADD_DESCR("admin", __FILE__);
// If var is empty set it to empty
-if (empty($_GET['mod'])) $_GET['mod'] = "";
+if (!REQUEST_ISSET_GET(('mod'))) REQUEST_SET_GET('mod', "");
// Check if module was selected
-if (($_GET['mod'] == "index") || ($_GET['mod'] == "login"))
-{
+if ((REQUEST_GET('mod') == "index") || (REQUEST_GET('mod') == "login")) {
// Select menu system
$mod = "";
- switch ($_GET['mod'])
- {
+ switch (REQUEST_GET('mod')) {
case "index": $mod = "guest" ; break;
case "login": $mod = "member"; break;
}
$result = SQL_QUERY_ESC("SELECT action, title, counter FROM `{!_MYSQL_PREFIX!}_%s_menu` WHERE `what` != '' AND `what` IS NOT NULL ORDER BY counter DESC",
array($mod), __FILE__, __LINE__);
$SW = 2; $OUT = "";
- while (list($act, $title, $clicks) = SQL_FETCHROW($result))
- {
+ while (list($act, $title, $clicks) = SQL_FETCHROW($result)) {
// Prepare array for the template
$content = array(
'sw' => $SW,
// Load final template
LOAD_TEMPLATE("admin_mods_stats");
}
+
//
?>
ADD_DESCR("admin", __FILE__);
// Fix a notice
-if (!isset($_GET['u_id'])) $_GET['u_id'] = "";
+if (!REQUEST_ISSET_GET(('uid'))) REQUEST_SET_GET('uid', "");
-if ($_GET['u_id'] == "all") {
+if (REQUEST_GET('uid') == "all") {
// Add points to all accounts
- define('__POINTS_VALUE', $_POST['points']);
- if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) {
+ define('__POINTS_VALUE', REQUEST_POST('points'));
+ if ((IS_FORM_SENT()) && (REQUEST_POST('points') > 0)) {
$result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
while (list($uid) = SQL_FETCHROW($result_main)) {
// User ID found in URL so we use this give him some credits
// Free result
SQL_FREERESULT($result);
- if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+ if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) {
// Ok, add points to used points and send an email to him...
- SUB_POINTS("admin_all", $uid, $_POST['points']);
+ SUB_POINTS("admin_all", $uid, REQUEST_POST('points'));
// Prepare content
$content = array(
- 'text' => SQL_ESCAPE($_POST['reason']),
- 'points' => bigintval($_POST['points'])
+ 'text' => SQL_ESCAPE(REQUEST_POST('reason')),
+ 'points' => bigintval(REQUEST_POST('points'))
);
// Load message and send it away
// Display form add points
LOAD_TEMPLATE("admin_sub_points_all");
}
-} elseif (!empty($_GET['u_id'])) {
+} elseif (REQUEST_ISSET_GET(('uid'))) {
// User ID found in URL so we use this give him some credits
$result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1",
- array(bigintval($_GET['u_id'])),__FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))),__FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Selected user does exist
list($sname, $fname, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+ if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) {
// Ok, add to used points and send an email to him...
- SUB_POINTS("admin_single", bigintval($_GET['u_id']), $_POST['points']);
+ SUB_POINTS("admin_single", bigintval(REQUEST_GET('uid')), REQUEST_POST('points'));
// Prepare content
$content = array(
- 'text' => SQL_ESCAPE($_POST['reason']),
- 'points' => bigintval($_POST['points'])
+ 'text' => SQL_ESCAPE(REQUEST_POST('reason')),
+ 'points' => bigintval(REQUEST_POST('points'))
);
// Load email and send it away
- $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($_GET['u_id']));
- SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_SUB_SUBJ'), $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval(REQUEST_GET('uid')));
+ SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_SUB_SUBJ'), $msg);
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_SUBTRACTED'));
} else {
// Opps, missing form here
define('__USER_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$sname." ".$fname."</a>");
- define('__UID', bigintval($_GET['u_id']));
+ define('__UID', bigintval(REQUEST_GET('uid')));
LOAD_TEMPLATE("admin_sub_points");
}
} else {
// User not found!
- LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+ LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
}
} else {
// Output selection form with all confirmed user accounts listed
ADD_DESCR("admin", __FILE__);
// Is the 'url_id' set?
-if (isset($_GET['url_id'])) {
+if (REQUEST_ISSET_GET(('url_id'))) {
// Generate general statistics
$result = SQL_QUERY_ESC("SELECT `userid`, `count` AS `total_visits`, UNIX_TIMESTAMP(`last_online`) AS `last_online`
FROM `{!_MYSQL_PREFIX!}_surfbar_stats`
WHERE `url_id`=%s
ORDER BY `userid` ASC",
- array(bigintval($_GET['url_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('url_id'))), __FILE__, __LINE__);
// Entries found?
if (SQL_NUMROWS($result) > 0) {
// Check for selected themes
$SEL = 0;
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
if ($SEL > 0) {
$OUT = "";
- foreach ($_POST['sel'] as $id => $sel) {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
$SQL = "";
// Shall I de-/activate or delete themes?
- if (isset($_POST['status'])) {
+ if (REQUEST_ISSET_POST(('status'))) {
// Change status
- if ($_POST['active'][$id] == "Y") {
+ if (REQUEST_POST('active', $id) == "Y") {
$SQL = "UPDATE `{!_MYSQL_PREFIX!}_themes` SET theme_active='N' WHERE id='".$id."' LIMIT 1";
} else {
$SQL = "UPDATE `{!_MYSQL_PREFIX!}_themes` SET theme_active='Y' WHERE id='".$id."' LIMIT 1";
}
$OUT = getMessage('ADMIN_THEMES_UPDATED');
- } elseif (isset($_POST['del'])) {
+ } elseif (REQUEST_ISSET_POST(('del'))) {
// Delete themes
$SQL = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_themes` WHERE id='".$id."' LIMIT 1";
$OUT = getMessage('ADMIN_THEMES_DELETED');
// Output generated?
if (empty($OUT)) $OUT = getMessage('ADMIN_THEME_NO_OUTPUT');
-} elseif (!empty($_GET['default_theme'])) {
+} elseif (REQUEST_ISSET_GET(('default_theme'))) {
// Escape string from input
- $POST['default_theme'] = SQL_ESCAPE($_GET['default_theme']);
+ $POST['default_theme'] = SQL_ESCAPE(REQUEST_GET('default_theme'));
// Set session
set_session('mxchange_theme', $POST['default_theme']);
$THEME_MODE = "test";
// Import selected theme if not present
-if (!empty($_POST['theme'])) {
+if (REQUEST_ISSET_POST(('theme'))) {
// Check if theme is there
- if (!THEME_CHECK_EXIST($_POST['theme'])) {
+ if (!THEME_CHECK_EXIST(REQUEST_POST('theme'))) {
// Import theme
- $INC = sprintf("theme/%s/theme.php", SQL_ESCAPE($_POST['theme']));
+ $INC = sprintf("theme/%s/theme.php", SQL_ESCAPE(REQUEST_POST('theme')));
if (INCLUDE_READABLE($INC)) {
// Load the theme header file
LOAD_INC($INC);
// Register it ith the exchange
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_themes` (`theme_path`, `theme_active`, `theme_ver`, `theme_name`)
VALUES ('%s','N','%s','%s')",
- array($_POST['theme'], $THEME_VERSION, $THEME_NAME), __FILE__, __LINE__);
+ array(REQUEST_POST('theme'), $THEME_VERSION, $THEME_NAME), __FILE__, __LINE__);
// Destroy cache
REBUILD_CACHE("themes", "them");
// Prepare message
- $msg = ADMIN_THEME_IMPORTED_1.$_POST['theme'].ADMIN_THEME_IMPORTED_2;
+ $msg = ADMIN_THEME_IMPORTED_1.REQUEST_POST('theme').ADMIN_THEME_IMPORTED_2;
} else {
// Include file not found!
- $msg = ADMIN_THEME_INC_404_1.$_POST['theme'].ADMIN_THEME_INC_404_2;
+ $msg = ADMIN_THEME_INC_404_1.REQUEST_POST('theme').ADMIN_THEME_INC_404_2;
}
} else {
// Theme already imported
- $msg = ADMIN_THEME_ALREADY_1.$_POST['theme'].ADMIN_THEME_ALREADY_2;
+ $msg = ADMIN_THEME_ALREADY_1.REQUEST_POST('theme').ADMIN_THEME_ALREADY_2;
}
// Output message
WHERE `data_type`='ADMIN'
ORDER BY `timestamp` ASC", __FILE__, __LINE__);
-if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) {
+if ((SQL_NUMROWS($result_main) > 0) || (REQUEST_ISSET_POST(('lock')))) {
// Count checked checkboxes
$SEL = 0;
- if (isset($_POST['sel'])) {
+ if (REQUEST_ISSET_POST(('sel'))) {
// Are there checked boxes?
- if (count($_POST['sel']) > 0) {
+ if (count(REQUEST_POST('sel')) > 0) {
// Count now... We use an own function for now
- $SEL = SELECTION_COUNT($_POST['sel']);
+ $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
} // END - if
} // END - if
- if (isset($_POST['accept'])) {
+ if (REQUEST_ISSET_POST(('accept'))) {
if ($SEL > 0) {
// Accept mail orders
- foreach ($_POST['sel'] as $id => $value) {
+ foreach (REQUEST_POST('sel') as $id => $value) {
// Secure ID number
$id = bigintval($id);
// Mails unlocked for mail delivery
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
- } elseif (isset($_POST['reject'])) {
+ } elseif (REQUEST_ISSET_POST(('reject'))) {
if ($SEL > 0) {
// Reject mail orders
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id => $value) {
+ foreach (REQUEST_POST('sel') as $id => $value) {
// Secure ID number
$id = bigintval($id);
SEND_EMAIL($DATA['sender'], MEMBER_ORDER_REJECTED, $msg_user);
// If you do not enter an URL to redirect to, your URL will be set!
- if ((empty($_POST['redirect'])) || ($_POST['redirect'] == "http://")) $_POST['redirect'] = constant('URL');
+ if ((!REQUEST_ISSET_POST(('redirect'))) || (REQUEST_POST('redirect') == "http://")) REQUEST_SET_POST('redirect', constant('URL'));
// Redirect URL
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1",
- array($_POST['redirect'], $id),__FILE__, __LINE__);
+ array(REQUEST_POST('redirect'), $id),__FILE__, __LINE__);
// Prepare data for the row template
$content = array(
'sw' => $SW,
'id' => $id,
- 'url' => $_POST['url'][$id],
+ 'url' => REQUEST_POST('url', $id),
);
// Load row template and switch colors
// Nothing selected
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_MAILS_NOTHING_CHECKED'));
}
- } elseif ((isset($_POST['lock'])) && ($SEL > 0) && (getConfig('url_blacklist') == "Y")) {
+ } elseif ((REQUEST_ISSET_POST(('lock'))) && ($SEL > 0) && (getConfig('url_blacklist') == "Y")) {
// Lock URLs
- foreach ($_POST['sel'] as $id => $url) {
+ foreach (REQUEST_POST('sel') as $id => $url) {
// Secure id number
$id = bigintval($id);
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_URLS_BLOCKED'));
- } elseif ((empty($_POST['lock'])) && (empty($_POST['accept'])) && (empty($_POST['reject'])) && (getConfig('url_blacklist') == "Y")) {
+ } elseif ((!REQUEST_ISSET_POST(('lock'))) && (!REQUEST_ISSET_POST(('accept'))) && (!REQUEST_ISSET_POST(('reject'))) && (getConfig('url_blacklist') == "Y")) {
// Mail orders are in pool so we can display them
$SW = 2; $OUT = "";
while ($content = SQL_FETCHARRAY($result_main)) {
// Load main template
LOAD_TEMPLATE("admin_unlock_emails");
- } elseif ((isset($_POST['lock'])) && (getConfig('url_blacklist') != "Y")) {
+ } elseif ((REQUEST_ISSET_POST(('lock'))) && (getConfig('url_blacklist') != "Y")) {
// URL blacklist not activated
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_URL_BLACKLIST_DISABLED'));
} else {
ADD_DESCR("admin", __FILE__);
// Check if admin has submitted form
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Does he have selected at least one sponsor?
- if (SELECTION_COUNT($_POST['id']) > 0) {
+ if (SELECTION_COUNT(REQUEST_POST('id')) > 0) {
// At least one entry selected
- foreach ($_POST['id'] as $id => $sel) {
+ foreach (REQUEST_POST('id') as $id => $sel) {
// Secure ID number
$id = bigintval($id);
ADD_DESCR("admin", __FILE__);
// Is the form sent?
-if ((isset($_POST['unlock'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) {
+if ((REQUEST_ISSET_POST(('unlock'))) && (is_array(REQUEST_POST('id'))) && (count(REQUEST_POST('id')) > 0)) {
// Unlock selected URLs
- if (SURFBAR_ADMIN_UNLOCK_URL_IDS($_POST['id'])) {
+ if (SURFBAR_ADMIN_UNLOCK_URL_IDS(REQUEST_POST('id'))) {
// Unlock done! :-)
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_UNLOCK_DONE'));
} else {
// Unlock failed!
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_UNLOCK_FAILED'));
}
-} elseif ((isset($_POST['reject'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('reject'))) && (is_array(REQUEST_POST('id'))) && (count(REQUEST_POST('id')) > 0)) {
// Reject selected URLs
- if (SURFBAR_ADMIN_REJECT_URL_IDS($_POST['id'])) {
+ if (SURFBAR_ADMIN_REJECT_URL_IDS(REQUEST_POST('id'))) {
// Unlock done! :-)
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_UNLOCK_DONE'));
} else {
// Base directory (should be moved to database)
$usage = getConfig('usage_base')."/";
-if (!empty($_GET['image'])) {
- if ($_GET['type'] == "usage") {
+if (REQUEST_ISSET_GET(('image'))) {
+ if (REQUEST_GET('type') == "usage") {
$FQFN = sprintf("%s%s/usage.png",
constant('PATH'),
getConfig('usage_base')
);
} else {
- if (strpos($_GET['image'], "\\") > 0) $_GET['image'] = substr($_GET['image'], 0, strpos($_GET['image'], "\\"));
+ if (strpos(REQUEST_GET('image'), "\\") > 0) REQUEST_SET_GET('image', substr(REQUEST_GET('image'), 0, strpos(REQUEST_GET('image'), "\\")));
$FQFN = sprintf("%s%s/%s_usage_%s.png",
constant('PATH'),
getConfig('usage_base'),
- SQL_ESCAPE($_GET['type']),
- SQL_ESCAPE($_GET['image'])
+ SQL_ESCAPE(REQUEST_GET('type')),
+ SQL_ESCAPE(REQUEST_GET('image'))
);
}
imagedestroy($image);
}
exit();
-} elseif (empty($_GET['usage'])) {
+} elseif (!REQUEST_ISSET_GET(('usage'))) {
$FQFN = sprintf("%s%s/index.html",
constant('PATH'),
getConfig('usage_base')
$FQFN = sprintf("%s%s/usage_%s.html",
constant('PATH'),
getConfig('usage_base'),
- SQL_ESCAPE($_GET['usage'])
+ SQL_ESCAPE(REQUEST_GET('usage'))
);
}
ADD_DESCR("admin", __FILE__);
// Is a user id given?
-if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) {
+if ((REQUEST_ISSET_GET(('uid'))) && (bigintval(REQUEST_GET('uid')) > 0)) {
// Load user data and display it
$result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
// Is a user account found?
if (SQL_NUMROWS($result) == 1) {
$content = SQL_FETCHARRAY($result);
// Including user ID
- $content['u_id'] = bigintval($_GET['u_id']);
+ $content['uid'] = bigintval(REQUEST_GET('uid'));
// Shall we send the email?
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Insert text
- $content['text'] = trim(strip_tags($_POST['text']));
+ $content['text'] = trim(strip_tags(REQUEST_POST('text')));
// Send contact form out
$msg = LOAD_EMAIL_TEMPLATE("member_contct", $content);
}
} else {
// Not found?
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(USER_ACCOUNT_404, bigintval($_GET['u_id'])));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(USER_ACCOUNT_404, bigintval(REQUEST_GET('uid'))));
}
// Free result
if (SQL_AFFECTEDROWS() == 1) $bonus = true;
} // END - if
- if (($bonus) && ($_GET['mode'] == "bonus") && (EXT_IS_ACTIVE("bonus"))) {
+ if (($bonus) && (REQUEST_GET('mode') == "bonus") && (EXT_IS_ACTIVE("bonus"))) {
// Output message with added points
$MSG .= "<div class=\"tiny\">
{--BONUS_LOGIN_BONUS_ADDED_1--}
$MODE = "guest";
-if (!empty($_GET['order'])) {
+if (REQUEST_ISSET_GET(('order'))) {
// Order number placed, is he also logged in?
if (IS_MEMBER()) {
// Ok, test passed... :)
$result = SQL_QUERY_ESC("SELECT subject, url FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
- array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('order')), $GLOBALS['userid']), __FILE__, __LINE__);
// Finally is the entry valid?
if (SQL_NUMROWS($result) == 1) {
list($sub, $url) = SQL_FETCHROW($result);
// This fixes a white page
- $_POST['url'] = $url;
+ REQUEST_SET_POST('url', $url);
// Mode is member
$MODE = "member";
}
}
-if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) {
+if ((REQUEST_ISSET_POST(('url'))) || (REQUEST_ISSET_GET(('url'))) || (REQUEST_ISSET_GET(('frame')))) {
// Default URL is ours
$url = constant('URL');
// Decode URL if set in GET parameters
- if (!empty($_GET['url'])) $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode($_GET['url']))));
+ if (REQUEST_ISSET_GET(('url'))) $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode(REQUEST_GET('url')))));
// Use URL from POST data if set
- if (!empty($_POST['url'])) $url = $_POST['url'];
+ if (REQUEST_ISSET_POST(('url'))) $url = REQUEST_POST('url');
// Add missing element
$frame = "";
- if (!empty($_GET['frame'])) $frame = SQL_ESCAPE($_GET['frame']);
+ if (REQUEST_ISSET_GET(('frame'))) $frame = SQL_ESCAPE(REQUEST_GET('frame'));
switch ($frame)
{
case "":
{
case "member":
// Build frameset
- define('__ORDER_VALUE', bigintval($_GET['order']));
+ define('__ORDER_VALUE', bigintval(REQUEST_GET('order')));
define('__URL_VALUE' , DEREFERER($url));
LOAD_TEMPLATE("member_order_frametester");
break;
break;
case "back": // Back buttom
- LOAD_TEMPLATE("member_order_back", false, $_GET['order']);
+ LOAD_TEMPLATE("member_order_back", false, REQUEST_GET('order'));
break;
case "send": // Send mail away
- LOAD_TEMPLATE("member_order_send", false, $_GET['order']);
+ LOAD_TEMPLATE("member_order_send", false, REQUEST_GET('order'));
break;
}
} else {
// Add description as navigation point
ADD_DESCR("guest", __FILE__);
-if (!empty($_GET['hash'])) {
+if (REQUEST_ISSET_GET(('hash'))) {
// Initialize the user ID
$uid = 0;
// Search for an unconfirmed or confirmed account
$result = SQL_QUERY_ESC("SELECT userid, email, refid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE user_hash='%s' AND (`status`='UNCONFIRMED' OR `status`='CONFIRMED') LIMIT 1",
- array($_GET['hash']), __FILE__, __LINE__);
+ array(REQUEST_GET('hash')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Ok, he want's to confirm now so we load some data
list ($uid, $email, $rid) = SQL_FETCHROW($result);
// Unlock his account (but only when it is on UNCONFIRMED!)
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='CONFIRMED', ref_payout=%s, user_hash=NULL WHERE user_hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
- array(getConfig('ref_payout'), $_GET['hash']), __FILE__, __LINE__);
+ array(getConfig('ref_payout'), REQUEST_GET('hash')), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS() == 1) {
$msg = LOAD_EMAIL_TEMPLATE("confirm-member", array('points' => getConfig('points_register')), bigintval($uid));
define('__UID', "0");
LOAD_TEMPLATE("guest_confirm_table");
}
-} elseif ((isset($_POST['ok'])) && (!empty($_POST['email']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('email')))) {
// Confirmation link requested 0 1 2
$result = SQL_QUERY_ESC("SELECT userid, status, user_hash FROM `{!_MYSQL_PREFIX!}_user_data` WHERE email='%s' LIMIT 1",
- array($_POST['email']), __FILE__, __LINE__);
+ array(REQUEST_POST('email')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Email address found
$DATA = SQL_FETCHROW($result);
{
case "UNCONFIRMED": // Account not confirmed
$msg = LOAD_EMAIL_TEMPLATE("guest_request_confirm", array('hash' => $DATA[2]), $DATA[0]);
- SEND_EMAIL($_POST['email'], getMessage('REQUEST_CONFIRM_LINK_SUBJ'), $msg);
+ SEND_EMAIL(REQUEST_POST('email'), getMessage('REQUEST_CONFIRM_LINK_SUBJ'), $msg);
$content = getMessage('CONFIRM_LINK_SENT');
break;
if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) {
// Maybe, then continue with it
$uid = $GLOBALS['userid'];
-} elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) {
+} elseif ((REQUEST_ISSET_POST(('id'))) && (REQUEST_ISSET_POST(('password'))) && (IS_FORM_SENT())) {
// Set userid and crypt password when login data was submitted
- if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($_POST['id']))) {
+ if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID(REQUEST_POST('id')))) {
// Nickname entered
- $uid = SQL_ESCAPE($_POST['id']);
+ $uid = SQL_ESCAPE(REQUEST_POST('id'));
} else {
// Direct userid entered
- $uid = bigintval($_POST['id']);
+ $uid = bigintval(REQUEST_POST('id'));
}
-} elseif (!empty($_POST['new_pass'])) {
+} elseif (REQUEST_ISSET_POST(('new_pass'))) {
// New password requested
$uid = 0;
- if (!empty($_POST['id'])) $uid = $_POST['id'];
+ if (REQUEST_ISSET_POST(('id'))) $uid = REQUEST_POST('id');
} else {
// Not logged in
$uid = 0; $hash = "";
}
// Set unset variables
-if (empty($_POST['new_pass'])) $_POST['new_pass'] = "";
-if (empty($_GET['login'])) $_GET['login'] = "";
+if (!REQUEST_ISSET_POST(('new_pass'))) REQUEST_SET_POST('new_pass', "");
+if (!REQUEST_ISSET_GET(('login'))) REQUEST_SET_GET('login' , "");
if (IS_MEMBER()) {
// Login immidiately...
$URL = "modules.php?module=login";
-} elseif ((isset($_POST['ok'])) && ("".$uid."" != "".$_POST['id']."")) {
+} elseif ((IS_FORM_SENT()) && ("".$uid."" != "".REQUEST_POST('id')."")) {
// Invalid input (no nickname extension installed but nickname entered)
$ERROR = constant('CODE_EXTENSION_PROBLEM');
-} elseif (isset($_POST['ok'])) {
+} elseif (IS_FORM_SENT()) {
// Try the login (see inc/libs/user_functions.php)
- $URL = USER_DO_LOGIN($_POST['id'], $_POST['password']);
-} elseif ((!empty($_POST['new_pass'])) && (isset($uid))) {
+ $URL = USER_DO_LOGIN(REQUEST_POST('id'), REQUEST_POST('password'));
+} elseif ((REQUEST_ISSET_POST(('new_pass'))) && (isset($uid))) {
// Try the userid/email lookup (see inc/libs/user_functions.php)
- $ERROR = USER_DO_NEW_PASSWORD($_POST['email'], $uid);
+ $ERROR = USER_DO_NEW_PASSWORD(REQUEST_POST('email'), $uid);
}
// Login problems?
-if (!empty($_GET['login'])) {
+if (REQUEST_ISSET_GET(('login'))) {
// Use code from URL
- $ERROR = SQL_ESCAPE($_GET['login']);
+ $ERROR = SQL_ESCAPE(REQUEST_GET('login'));
} // END - if
// Login problems?
// Initialize variables
$FAILED = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false;
-if (!isset($_POST['ok'])) unset($_POST['ok']);
-if (empty($_POST['agree'])) $_POST['agree'] = "";
-if (empty($_POST['addy'])) $_POST['addy'] = "";
-if (empty($_POST['surname'])) $_POST['surname'] = "";
-if (empty($_POST['family_name'])) $_POST['family_name'] = "";
-if (empty($_POST['pass1'])) $_POST['pass1'] = "";
-if (empty($_POST['pass2'])) $_POST['pass2'] = "";
-if (empty($_POST['day'])) $_POST['day'] = "";
-if (empty($_POST['month'])) $_POST['month'] = "";
-if (empty($_POST['year'])) $_POST['year'] = "";
-if (empty($_POST['max_mails'])) $_POST['max_mails'] = "";
-if (empty($_POST['street_nr'])) $_POST['street_nr'] = "";
-if (empty($_POST['zip'])) $_POST['zip'] = "";
-if (empty($_POST['city'])) $_POST['city'] = "";
-if (empty($_POST['cntry'])) $_POST['cntry'] = "";
-if (empty($_POST['country_code'])) $_POST['country_code'] = "1";
+
+if (!IS_FORM_SENT()) REQUEST_UNSET_POST('ok');
+
+if (!REQUEST_ISSET_POST(('agree'))) REQUEST_SET_POST('agree' , "");
+if (!REQUEST_ISSET_POST(('addy'))) REQUEST_SET_POST('addy' , "");
+if (!REQUEST_ISSET_POST(('surname'))) REQUEST_SET_POST('surname' , "");
+if (!REQUEST_ISSET_POST(('family'))) REQUEST_SET_POST('family' , "");
+if (!REQUEST_ISSET_POST(('pass1'))) REQUEST_SET_POST('pass1' , "");
+if (!REQUEST_ISSET_POST(('pass2'))) REQUEST_SET_POST('pass2' , "");
+if (!REQUEST_ISSET_POST(('day'))) REQUEST_SET_POST('day' , "");
+if (!REQUEST_ISSET_POST(('month'))) REQUEST_SET_POST('month' , "");
+if (!REQUEST_ISSET_POST(('year'))) REQUEST_SET_POST('year' , "");
+if (!REQUEST_ISSET_POST(('max_mails'))) REQUEST_SET_POST('max_mails' , "");
+if (!REQUEST_ISSET_POST(('street_nr'))) REQUEST_SET_POST('street_nr' , "");
+if (!REQUEST_ISSET_POST(('zip'))) REQUEST_SET_POST('zip' , "");
+if (!REQUEST_ISSET_POST(('city'))) REQUEST_SET_POST('city' , "");
+if (!REQUEST_ISSET_POST(('cntry'))) REQUEST_SET_POST('cntry' , "");
+if (!REQUEST_ISSET_POST(('country_code'))) REQUEST_SET_POST('country_code', "1");
// Default refid is zero
-$_POST['refid'] = 0;
+REQUEST_SET_POST('refid', 0);
if ($GLOBALS['refid'] > 0) {
// Test if the refid is valid
$result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
//* DEBUG: */ die("refid={$GLOBALS['refid']}/numRows=".SQL_NUMROWS($result)."");
if (SQL_NUMROWS($result) == 0) {
// Not found so we set your refid!
- $_POST['refid'] = getConfig('def_refid');
+ REQUEST_SET_POST('refid', getConfig('def_refid'));
set_session('refid', getConfig('def_refid'));
} else {
// Use the refid here
- $_POST['refid'] = $GLOBALS['refid'];
+ REQUEST_SET_POST('refid', $GLOBALS['refid']);
}
} // END - if
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// First we only check the submitted data then we continue... :)
//
// Did he agree to our Terms Of Usage?
- if ($_POST['agree'] != "Y") {
- $_POST['agree'] = "!";
+ if (REQUEST_POST('agree') != "Y") {
+ REQUEST_SET_POST('agree', "!");
$FAILED = true;
} // END - if
// Did he enter a valid email address? (we really don't care about
// that, he has to click on a confirmation link :P )
- if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy']))) {
- $_POST['addy'] = "!";
+ if ((!REQUEST_ISSET_POST(('addy'))) || (!VALIDATE_EMAIL(REQUEST_POST('addy')))) {
+ REQUEST_SET_POST('addy', "!");
$FAILED = true;
} // END - if
// And what about surname and family's name?
- if (empty($_POST['surname'])) {
- $_POST['surname'] = "!";
+ if (!REQUEST_ISSET_POST(('surname'))) {
+ REQUEST_SET_POST('surname', "!");
$FAILED = true;
} // END - if
- if (empty($_POST['family_name'])) {
- $_POST['family_name'] = "!";
+ if (!REQUEST_ISSET_POST(('family'))) {
+ REQUEST_SET_POST('family', "!");
$FAILED = true;
} // END - if
// Check for required fields
- if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS($_POST);
+ if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS(REQUEST_POST_ARRAY());
// Did he enter his password twice?
- if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))) {
- if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) {
- $_POST['pass1'] = "!";
- $_POST['pass2'] = "!";
+ if (((!REQUEST_ISSET_POST(('pass1'))) || (!REQUEST_ISSET_POST(('pass2')))) || ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))))) {
+ if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) {
+ REQUEST_SET_POST('pass1', "!");
+ REQUEST_SET_POST('pass2', "!");
} else {
- if (empty($_POST['pass1'])) { $_POST['pass1'] = "!"; } else { $_POST['pass1'] = ""; }
- if (empty($_POST['pass2'])) { $_POST['pass2'] = "!"; } else { $_POST['pass2'] = ""; }
+ if (!REQUEST_ISSET_POST(('pass1'))) { REQUEST_SET_POST('pass1', "!"); } else { REQUEST_SET_POST('pass1' ""); }
+ if (!REQUEST_ISSET_POST(('pass2'))) { REQUEST_SET_POST('pass2', "!"); } else { REQUEST_SET_POST('pass2' ""); }
}
$FAILED = true;
} // END - if
// Is the password long enouth?
- if ((strlen($_POST['pass1']) < getConfig('pass_len')) && (!$FAILED)) {
+ if ((strlen(REQUEST_POST('pass1')) < getConfig('pass_len')) && (!$FAILED)) {
$SHORT_PASS = true;
$FAILED = true;
} // END - if
// No admin? Admins can always register!
if (!IS_ADMIN()) {
// Do this check only when no admin is logged in
- foreach ($_POST['cat'] as $id => $answer) {
+ foreach (REQUEST_POST('cat') as $id => $answer) {
if ($answer == "Y") $cats++;
} // END - foreach
} // END - if
} // END - if
- if (($_POST['addy'] != "!") && (getConfig('check_double_email') == "Y")) {
+ if ((REQUEST_POST('addy') != "!") && (getConfig('check_double_email') == "Y")) {
// Does the email address already exists in our database?
- $CHK = SEARCH_EMAIL_USERTAB($_POST['addy']);
- if ($CHK) { $_POST['addy'] = "?"; $FAILED = true; }
+ $CHK = SEARCH_EMAIL_USERTAB(REQUEST_POST('addy'));
+ if ($CHK) { REQUEST_SET_POST('addy', "?"); $FAILED = true; }
} // END - if
// Check for IP timeout?
SQL_FREERESULT($result);
}
-if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) {
+if ((IS_FORM_SENT()) && ((!$FAILED) || (IS_ADMIN()))) {
// Prepapre month and day of birth
- if (strlen($_POST['day']) == 1) $_POST['day'] = "0".$_POST['day'];
- if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month'];
+ if (strlen(REQUEST_POST('day')) == 1) REQUEST_POST('day') = "0".REQUEST_POST('day');
+ if (strlen(REQUEST_POST('month')) == 1) REQUEST_SET_POST('month', "0".REQUEST_POST('month'));
// Get total ...
// ... confirmed, ...
$lockedUsers = GET_TOTAL_DATA("LOCKED", "user_data", "userid", "status", true);
// Generate hash which will be inserted into confirmation mail
- $hash = generateHash(sha1($confirmedUsers.":".$unconfirmedUsers.":".$lockedUsers.":".$_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".GET_REMOTE_ADDR().":".GET_USER_AGENT()."/".SITE_KEY."/".DATE_KEY."/".RAND_NUMBER));
+ $hash = generateHash(sha1($confirmedUsers.":".$unconfirmedUsers.":".$lockedUsers.":".REQUEST_POST('month')."-".REQUEST_POST('day')."-".REQUEST_POST('year').":".getenv('SERVER_NAME').":".GET_REMOTE_ADDR().":".GET_USER_AGENT()."/".SITE_KEY."/".DATE_KEY."/".RAND_NUMBER));
// Add design when extension sql_patches is v0.2.7 or greater
$ADD1 = ""; $ADD2 = "";
if (EXT_IS_ACTIVE("country")) {
// Save with new selectable country code
$countryRow = "country_code";
- $countryData = bigintval($_POST['country_code']);
+ $countryData = bigintval(REQUEST_POST('country_code'));
} else {
// Old way with enterable two-char-code
$countryRow = "country";
- $countryData = substr($_POST['cntry'], 0, 2);
+ $countryData = substr(REQUEST_POST('cntry'), 0, 2);
}
//////////////////////////////
VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
array(
$countryRow,
- substr($_POST['gender'], 0, 1),
- $_POST['surname'],
- $_POST['family_name'],
- $_POST['street_nr'],
+ substr(REQUEST_POST('gender'), 0, 1),
+ REQUEST_POST('surname'),
+ REQUEST_POST('family'),
+ REQUEST_POST('street_nr'),
$countryData,
- bigintval($_POST['zip']),
- $_POST['city'],
- $_POST['addy'],
- bigintval($_POST['day']),
- bigintval($_POST['month']),
- bigintval($_POST['year']),
- generateHash($_POST['pass1']),
- bigintval($_POST['max_mails']),
- bigintval($_POST['max_mails']),
- bigintval($_POST['refid']),
+ bigintval(REQUEST_POST('zip')),
+ REQUEST_POST('city'),
+ REQUEST_POST('addy'),
+ bigintval(REQUEST_POST('day')),
+ bigintval(REQUEST_POST('month')),
+ bigintval(REQUEST_POST('year')),
+ generateHash(REQUEST_POST('pass1')),
+ bigintval(REQUEST_POST('max_mails')),
+ bigintval(REQUEST_POST('max_mails')),
+ bigintval(REQUEST_POST('refid')),
$hash,
GET_REMOTE_ADDR(),
), __FILE__, __LINE__);
} // END - if
// Write catgories
- if ((is_array($_POST['cat'])) && (count($_POST['cat']))) {
- foreach ($_POST['cat'] as $cat => $joined) {
+ if ((is_array(REQUEST_POST('cat'))) && (count(REQUEST_POST('cat')))) {
+ foreach (REQUEST_POST('cat') as $cat => $joined) {
if ($joined == "Y") {
// Insert category entry
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_cats` (userid, cat_id) VALUES (%s, %s)",
} // END - if
// Rewrite gender
- $gender = TRANSLATE_GENDER($_POST['gender']);
+ $gender = TRANSLATE_GENDER(REQUEST_POST('gender'));
// ... rewrite a zero referal ID to the main title
- if ($_POST['refid'] == "0") $_POST['refid'] = constant('MAIN_TITLE');
+ if (REQUEST_POST('refid') == "0") REQUEST_SET_POST('refid', constant('MAIN_TITLE'));
// Is ZIP code set?
- if (!empty($_POST['zip'])) {
+ if (REQUEST_ISSET_POST(('zip'))) {
// Prepare data array for the email template
// Start with the gender...
$DATA = array(
'hash' => $hash,
'uid' => $userid,
'gender' => $gender,
- 'surname' => SQL_ESCAPE($_POST['surname']),
- 'family' => SQL_ESCAPE($_POST['family_name']),
- 'email' => SQL_ESCAPE($_POST['addy']),
- 'street' => SQL_ESCAPE($_POST['street_nr']),
- 'city' => SQL_ESCAPE($_POST['city']),
- 'zip' => bigintval($_POST['zip']),
+ 'surname' => SQL_ESCAPE(REQUEST_POST('surname')),
+ 'family' => SQL_ESCAPE(REQUEST_POST('family')),
+ 'email' => SQL_ESCAPE(REQUEST_POST('addy')),
+ 'street' => SQL_ESCAPE(REQUEST_POST('street_nr')),
+ 'city' => SQL_ESCAPE(REQUEST_POST('city')),
+ 'zip' => bigintval(REQUEST_POST('zip')),
'country' => $countryData,
- 'refid' => SQL_ESCAPE($_POST['refid']),
- 'pass' => SQL_ESCAPE($_POST['pass1']),
+ 'refid' => SQL_ESCAPE(REQUEST_POST('refid')),
+ 'pass' => SQL_ESCAPE(REQUEST_POST('pass1')),
);
} else {
// No ZIP code entered
'hash' => $hash,
'uid' => $userid,
'gender' => $gender,
- 'surname' => SQL_ESCAPE($_POST['surname']),
- 'family' => SQL_ESCAPE($_POST['family_name']),
- 'email' => SQL_ESCAPE($_POST['addy']),
- 'street' => SQL_ESCAPE($_POST['street_nr']),
- 'city' => SQL_ESCAPE($_POST['city']),
+ 'surname' => SQL_ESCAPE(REQUEST_POST('surname')),
+ 'family' => SQL_ESCAPE(REQUEST_POST('family')),
+ 'email' => SQL_ESCAPE(REQUEST_POST('addy')),
+ 'street' => SQL_ESCAPE(REQUEST_POST('street_nr')),
+ 'city' => SQL_ESCAPE(REQUEST_POST('city')),
'zip' => "",
'country' => $countryData,
- 'refid' => SQL_ESCAPE($_POST['refid']),
- 'pass' => SQL_ESCAPE($_POST['pass1']),
+ 'refid' => SQL_ESCAPE(REQUEST_POST('refid')),
+ 'pass' => SQL_ESCAPE(REQUEST_POST('pass1')),
);
}
switch (GET_LANGUAGE())
{
case "de":
- $DATA['birthday'] = bigintval($_POST['day']).".".bigintval($_POST['month']).".".bigintval($_POST['year']);
+ $DATA['birthday'] = bigintval(REQUEST_POST('day')).".".bigintval(REQUEST_POST('month')).".".bigintval(REQUEST_POST('year'));
break;
default:
- $DATA['birthday'] = bigintval($_POST['month'])."/".bigintval($_POST['day'])."/".bigintval($_POST['year']);
+ $DATA['birthday'] = bigintval(REQUEST_POST('month'))."/".bigintval(REQUEST_POST('day'))."/".bigintval(REQUEST_POST('year'));
break;
}
// Output success registration
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('REGISTRATION_DONE'));
} else {
- if ($_POST['agree'] == "!") {
+ if (REQUEST_POST('agree') == "!") {
OUTPUT_HTML("<div class=\"register_failed\">{--HAVE_TO_AGREE--}</div>");
} // END - if
- if ($_POST['addy'] == "!") {
+ if (REQUEST_POST('addy') == "!") {
OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_EMAIL--}</div>");
- $_POST['addy'] = "";
- } elseif ($_POST['addy'] == "?") {
+ REQUEST_SET_POST('addy', "");
+ } elseif (REQUEST_POST('addy') == "?") {
OUTPUT_HTML("<div class=\"register_failed\">{--EMAIL_ALREADY_DB--}</div>");
- $_POST['addy'] = "";
+ REQUEST_SET_POST('addy', "");
}
- if ($_POST['surname'] == "!") {
+ if (REQUEST_POST('surname') == "!") {
OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_SURNAME--}</div>");
- $_POST['surname'] = "";
+ REQUEST_SET_POST('surname', "");
} // END - if
- if ($_POST['family_name'] == "!") {
+ if (REQUEST_POST('family') == "!") {
OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_FAMILY--}</div>");
- $_POST['family_name'] = "";
+ REQUEST_SET_POST('family', "");
} // END - if
- if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!")) {
+ if ((REQUEST_POST('pass1') == "!") && (REQUEST_POST('pass2') == "!")) {
OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_BOTH_PASSWORDS--}</div>");
- } elseif ($_POST['pass1'] == "!") {
+ } elseif (REQUEST_POST('pass1') == "!") {
OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_PASS1--}</div>");
- } elseif ($_POST['pass2'] == "!") {
+ } elseif (REQUEST_POST('pass2') == "!") {
OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_PASS2--}</div>");
}
switch (GET_LANGUAGE())
{
case "de": // German date format
- define('BIRTHDAY_SELECTION', ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("year", $_POST['year']));
+ define('BIRTHDAY_SELECTION', ADD_SELECTION("day", REQUEST_POST('day')).ADD_SELECTION("month", REQUEST_POST('month')).ADD_SELECTION("year", REQUEST_POST('year')));
break;
default: // Default is the US date format... :)
- define('BIRTHDAY_SELECTION', ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("year", $_POST['year']));
+ define('BIRTHDAY_SELECTION', ADD_SELECTION("month", REQUEST_POST('month')).ADD_SELECTION("day", REQUEST_POST('day')).ADD_SELECTION("year", REQUEST_POST('year')));
break;
}
define('LEAST_CATS_VALUE', getConfig('least_cats'));
// Other values
- define('__SURNAME', SQL_ESCAPE($_POST['surname']));
- define('__FAMILY', SQL_ESCAPE($_POST['family_name']));
- define('__STREET', SQL_ESCAPE($_POST['street_nr']));
- define('__COUNTRY', SQL_ESCAPE($_POST['cntry']));
- if (!empty($_POST['zip'])) {
- define('__ZIP', bigintval($_POST['zip']));
+ define('__SURNAME', SQL_ESCAPE(REQUEST_POST('surname')));
+ define('__FAMILY', SQL_ESCAPE(REQUEST_POST('family')));
+ define('__STREET', SQL_ESCAPE(REQUEST_POST('street_nr')));
+ define('__COUNTRY', SQL_ESCAPE(REQUEST_POST('cntry')));
+ if (REQUEST_ISSET_POST(('zip'))) {
+ define('__ZIP', bigintval(REQUEST_POST('zip')));
} else {
define('__ZIP', "");
}
- define('__CITY', SQL_ESCAPE($_POST['city']));
- define('__ADDY', SQL_ESCAPE($_POST['addy']));
+ define('__CITY', SQL_ESCAPE(REQUEST_POST('city')));
+ define('__ADDY', SQL_ESCAPE(REQUEST_POST('addy')));
// Shall I add a counrty selection box or the old input box?
if (EXT_IS_ACTIVE("country")) {
$OUT = "<select name=\"country_code\" class=\"guest_select\" size=\"1\">\n";
$whereStatement = "WHERE is_active='Y'";
if (IS_ADMIN()) $whereStatement = "";
- $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $_POST['country_code'], "code", $whereStatement);
+ $OUT .= ADD_OPTION_LINES("countries", "id", "descr", REQUEST_POST('country_code'), "code", $whereStatement);
$OUT .= "</select>";
define('__COUNTRY_CONTENT', $OUT);
} else {
ADD_DESCR("guest", __FILE__);
$MODE = "";
-if (!empty($_GET['mode'])) {
+if (REQUEST_ISSET_GET(('mode'))) {
// A "special" mode of the login system was requested
- switch ($_GET['mode'])
+ switch (REQUEST_GET('mode'))
{
case "activate" : $MODE = "activate"; break; // Activation link requested
case "lost_pass": $MODE = "lost_pass"; break; // Request new password
} // END - if
// Check if hash for confirmation of email address is given...
-if (!empty($_GET['hash'])) {
+if (REQUEST_ISSET_GET(('hash'))) {
// Lookup sponsor
$result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
company, position, tax_ident,
points_amount AS points, last_pay AS pay, last_curr AS curr
FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
-LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
+LIMIT 1", array(REQUEST_GET('hash')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Sponsor found, load his data...
$SPONSOR = SQL_FETCHARRAY($result);
// Set account to pending
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING'
WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
- array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
+ array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
// Check on success
if (SQL_AFFECTEDROWS() == 1) {
// Changed email adress need to be confirmed
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED'
WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
- array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
+ array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
// Check on success
if (SQL_AFFECTEDROWS() == 1) {
SQL_FREERESULT($result);
} elseif ($MODE == "activate") {
// Send activation link again
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check submitted data
- if (empty($_POST['email'])) unset($_POST['ok']);
+ if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
}
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check email
$result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
- array($_POST['email']), __FILE__, __LINE__);
+ array(REQUEST_POST('email')), __FILE__, __LINE__);
// Entry found?
if (SQL_NUMROWS($result) == 1) {
// Confirmed email address
$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
}
- SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
+ SEND_EMAIL(REQUEST_POST('email'), SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
}
} elseif ($MODE == "lost_pass") {
// Send new password
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check submitted data
- if (empty($_POST['email'])) unset($_POST['ok']);
+ if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
} // END - if
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check email
$result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1",
- array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
+ array(REQUEST_POST('email'), bigintval(REQUEST_POST('id'))), __FILE__, __LINE__);
// Entry found?
if (SQL_NUMROWS($result) == 1) {
// Unconfirmed sponsor account found so let's load the requested data
// Prepare email and send it to the sponsor
$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
- SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
+ SEND_EMAIL(REQUEST_POST('email'), SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
// Update password
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s'
// Load form
LOAD_TEMPLATE("guest_sponsor_lost");
}
-} elseif (isset($_POST['ok'])) {
+} elseif (IS_FORM_SENT()) {
// Check status and login data ...
$result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('sponsorid')), md5(REQUEST_POST('pass'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
list($status) = SQL_FETCHROW($result);
if ($status == "CONFIRMED") {
// Is confirmed so both is fine and we can continue with login procedure
- $login = ((set_session('sponsorid' , bigintval($_POST['sponsorid']))) &&
- (set_session('sponsorpass', md5($_POST['pass']) ))
+ $login = ((set_session('sponsorid' , bigintval(REQUEST_POST('sponsorid')))) &&
+ (set_session('sponsorpass', md5(REQUEST_POST('pass')) ))
);
if ($login) {
// Create array for form errors (= missing data)
$FORM_ERRORS = array();
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
//
// Check submitted form data
//
// 1. Salutation / Surname / family name
- if (empty($_POST['gender'])) {
+ if (!REQUEST_ISSET_POST(('gender'))) {
// Surname is empty
$FORM_ERRORS[] = getMessage('SPONSOR_NO_GENDER_SELECTED');
}
- if (empty($_POST['surname'])) {
+ if (!REQUEST_ISSET_POST(('surname'))) {
// Surname is empty
$FORM_ERRORS[] = getMessage('SPONSOR_SURNAME_IS_EMPTY');
}
- if (empty($_POST['family'])) {
+ if (!REQUEST_ISSET_POST(('family'))) {
// Surname is empty
$FORM_ERRORS[] = getMessage('SPONSOR_FAMILY_IS_EMPTY');
}
// 2. Company name
// 012 3 32 23 4 43 3 4 4321 12 3 32 2 3 3210
- if (((empty($_POST['company'])) && ((!empty($_POST['tax_ident'])) || (!empty($_POST['position'])))) || ((!empty($_POST['company'])) && (empty($_POST['tax_ident'])))) {
- if (empty($_POST['company'])) {
+ if (((!REQUEST_ISSET_POST(('company'))) && ((REQUEST_ISSET_POST(('tax_ident'))) || (REQUEST_ISSET_POST(('position'))))) || ((REQUEST_ISSET_POST(('company'))) && (!REQUEST_ISSET_POST(('tax_ident'))))) {
+ if (!REQUEST_ISSET_POST(('company'))) {
// Company name is empty
$FORM_ERRORS[] = getMessage('SPONSOR_COMPANY_IS_EMPTY');
- } elseif (empty($_POST['tax_ident'])) {
+ } elseif (!REQUEST_ISSET_POST(('tax_ident'))) {
// Tax ident number name is empty
$FORM_ERRORS[] = getMessage('SPONSOR_TAX_IDENT_IS_EMPTY');
}
- if (empty($_POST['position'])) {
+ if (!REQUEST_ISSET_POST(('position'))) {
// Not fatal but not nice: position in company is empty
$FORM_ERRORS[] = getMessage('SPONSOR_POSITION_IS_EMPTY');
}
}
// 3. Street and number
- if (empty($_POST['street_nr1'])) {
+ if (!REQUEST_ISSET_POST(('street_nr1'))) {
// Street name and house number are empty
$FORM_ERRORS[] = getMessage('SPONSOR_STREET_NR1_IS_EMPTY');
- } elseif ((!empty($_POST['street_nr2'])) && (empty($_POST['street_nr1']))) {
+ } elseif ((REQUEST_ISSET_POST(('street_nr2'))) && (!REQUEST_ISSET_POST(('street_nr1')))) {
// 1st line for street is empty, but 2nd line not
$FORM_ERRORS[] = getMessage('SPONSOR_STREET_NR1_IS_EMPTY_2_NOT');
}
// 4. Country code
- if (empty($_POST['country'])) {
+ if (!REQUEST_ISSET_POST(('country'))) {
// Country code is empty
$FORM_ERRORS[] = getMessage('SPONSOR_COUNTRY_IS_EMPTY');
- } elseif (strlen($_POST['country']) != 2) {
+ } elseif (strlen(REQUEST_POST('country')) != 2) {
// Country code is invalid
$FORM_ERRORS[] = getMessage('SPONSOR_COUNTRY_IS_INVALID');
}
// 3. ZIP code
- if (empty($_POST['zip'])) {
+ if (!REQUEST_ISSET_POST(('zip'))) {
// ZIP code is empty
$FORM_ERRORS[] = getMessage('SPONSOR_ZIP_IS_EMPTY');
- } elseif (bigintval($_POST['zip']) != $_POST['zip']) {
+ } elseif (bigintval(REQUEST_POST('zip')) != REQUEST_POST('zip')) {
// ZIP is invalid
$FORM_ERRORS[] = getMessage('SPONSOR_ZIP_IS_INVALID');
- $_POST['zip'] = "";
+ REQUEST_SET_POST('zip', "");
}
// 4. City
- if (empty($_POST['city'])) {
+ if (!REQUEST_ISSET_POST(('city'))) {
// City is empty
$FORM_ERRORS[] = getMessage('SPONSOR_CITY_IS_EMPTY');
}
// 5. Phone number
- if (empty($_POST['phone'])) {
+ if (!REQUEST_ISSET_POST(('phone'))) {
// City is empty
$FORM_ERRORS[] = getMessage('SPONSOR_PHONE_IS_EMPTY');
}
// 6. Homepage URL
- if (empty($_POST['url'])) {
+ if (!REQUEST_ISSET_POST(('url'))) {
// Homepage URL is empty
$FORM_ERRORS[] = getMessage('SPONSOR_URL_IS_EMPTY');
- } elseif (!VALIDATE_URL($_POST['url'])) {
+ } elseif (!VALIDATE_URL(REQUEST_POST('url'))) {
// Homepage URL is invalid
$FORM_ERRORS[] = getMessage('SPONSOR_URL_IS_INVALID');
- $_POST['url'] = "";
+ REQUEST_SET_POST('url', "");
}
// 7. Light validation of email address
- if ((empty($_POST['email'])) || ($_POST['email'] == "@")) {
+ if ((!REQUEST_ISSET_POST(('email'))) || (REQUEST_POST('email') == "@")) {
// Email is invalid/empty
$FORM_ERRORS[] = getMessage('SPONSOR_EMAIL_IS_INVALID');
- } elseif (SPONSOR_FOUND_EMAIL_DB($_POST['email'])) {
+ } elseif (SPONSOR_FOUND_EMAIL_DB(REQUEST_POST('email'))) {
// Email already found in database!
$FORM_ERRORS[] = getMessage('SPONSOR_EMAIL_IS_ALREADY_REGISTERED');
- $_POST['email'] = "";
+ REQUEST_SET_POST('email', "");
}
// 8. Pay type selected?
- if (empty($_POST['pay_type'])) {
+ if (!REQUEST_ISSET_POST(('pay_type'))) {
// Not pay type selected
$FORM_ERRORS[] = getMessage('SPONSOR_NO_PAYTYPE_SELECTED');
}
// 9. Interval of mails
- if (empty($_POST['warning_interval'])) {
+ if (!REQUEST_ISSET_POST(('warning_interval'))) {
// No warning interval selected
$FORM_ERRORS[] = getMessage('SPONSOR_NO_WARNING_INTERVAL_SELECTED');
}
// 10. Mail notifications disabled/enabled
- if (empty($_POST['receive_warnings'])) {
+ if (!REQUEST_ISSET_POST(('receive_warnings'))) {
// Option not selected!
$FORM_ERRORS[] = getMessage('SPONSOR_NO_RECEIVE_WARNINGS_SELECTED');
}
// Did he enter his password twice?
- if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))) {
- if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) {
+ if (((!REQUEST_ISSET_POST(('pass1'))) || (!REQUEST_ISSET_POST(('pass2')))) || ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))))) {
+ if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) {
// Passwords missmatch
$FORM_ERRORS[] = getMessage('SPONSOR_PASSWORDS_MISMATCH');
} else {
- if (empty($_POST['pass1'])) {
+ if (!REQUEST_ISSET_POST(('pass1'))) {
// Password 1 is empty
$FORM_ERRORS[] = getMessage('SPONSOR_PASSWORD1_EMPTY');
}
- if (empty($_POST['pass2'])) {
+ if (!REQUEST_ISSET_POST(('pass2'))) {
// Password 2 is empty
$FORM_ERRORS[] = getMessage('SPONSOR_PASSWORD2_EMPTY');
}
}
- } elseif (strlen($_POST['pass1']) < getConfig('pass_len')) {
+ } elseif (strlen(REQUEST_POST('pass1')) < getConfig('pass_len')) {
// Password is to short!
$FORM_ERRORS[] = sprintf(getMessage('SPONSOR_PASSWORD_TOO_SHORT'), getConfig('pass_len'));
}
// Check if he has accepted the terms&conditions
- if (empty($_POST['terms'])) {
+ if (!REQUEST_ISSET_POST(('terms'))) {
// Homepage URL is empty
$FORM_ERRORS[] = getMessage('SPONSOR_TERMS_NOT_ACCEPTED');
}
// If there is something wrong/missing stop registration
- if (count($FORM_ERRORS) > 0) unset($_POST['ok']);
+ if (count($FORM_ERRORS) > 0) REQUEST_UNSET_POST('ok');
}
-if ((isset($_POST['ok'])) && (count($FORM_ERRORS) == 0)) {
+if ((IS_FORM_SENT()) && (count($FORM_ERRORS) == 0)) {
// Generate message array
$MSGs = array(
'failed' => getMessage('SPONSOR_REGISTRATION_FAILED'),
// Calulate points
$result = SQL_QUERY_ESC("SELECT (pay_rate * pay_min_count) AS points, pay_min_count AS pay, pay_currency AS curr
FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes`
-WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__);
+WHERE id='%s' LIMIT 1", array(REQUEST_POST('pay_type')), __FILE__, __LINE__);
list($points, $pay, $curr) = SQL_FETCHROW($result);
// Free memory
SQL_FREERESULT($result);
// Add points to array
- $_POST['points_amount'] = $points;
- $_POST['points_used'] = "0.00000";
- $_POST['last_pay'] = $pay;
- $_POST['last_curr'] = $curr;
+ REQUEST_POST('points_amount', $points);
+ REQUEST_POST('points_used' , "0.00000");
+ REQUEST_POST('last_pay' , $pay);
+ REQUEST_POST('last_curr' , $curr);
// Register sponsor but never ever update here!
- $STATUS = SPONSOR_HANDLE_SPONSOR($_POST, true, $MSGs, true);
+ $STATUS = SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY(), true, $MSGs, true);
// Check the status of the registration process
switch ($STATUS)
case "added": // Sponsor successfully added with account status = UNCONFIRMED!
// Check for his ID number
$result = SQL_QUERY_ESC("SELECT id, hash FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' LIMIT 1",
- array($_POST['email']), __FILE__, __LINE__);
+ array(REQUEST_POST('email')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// ID found so let's load it for the confirmation email
list($id, $hash) = SQL_FETCHROW($result);
// Prepare data for the email template
define('__ID' , $id);
define('__HASH' , $hash);
- define('__EMAIL' , $_POST['email']);
- define('__SURNAME' , $_POST['surname']);
- define('__FAMILY' , $_POST['family']);
- define('__GENDER' , TRANSLATE_GENDER($_POST['gender']));
+ define('__EMAIL' , REQUEST_POST('email'));
+ define('__SURNAME' , REQUEST_POST('surname'));
+ define('__FAMILY' , REQUEST_POST('family'));
+ define('__GENDER' , TRANSLATE_GENDER(REQUEST_POST('gender')));
define('__TIMESTAMP', MAKE_DATETIME(time(), 0));
- define('__PASSWORD' , $_POST['pass1']);
+ define('__PASSWORD' , REQUEST_POST('pass1'));
// Generate email and send it to the new sponsor
$EMAIL_MSG = LOAD_EMAIL_TEMPLATE("sponsor_confirm", $hash);
- SEND_EMAIL($_POST['email'], getMessage('SPONSOR_PLEASE_CONFIRM_SUBJ'), $EMAIL_MSG);
+ SEND_EMAIL(REQUEST_POST('email'), getMessage('SPONSOR_PLEASE_CONFIRM_SUBJ'), $EMAIL_MSG);
// Send mail to admin
SEND_ADMIN_NOTIFICATION(getMessage('ADMIN_NEW_SPONSOR'), "admin_sponsor_reg", $hash);
$MSG = $MSGs['added'];
} else {
// Sponsor account not found???
- $MSG = sprintf(getMessage('SPONSOR_EMAIL_404'), $_POST['email']);
+ $MSG = sprintf(getMessage('SPONSOR_EMAIL_404'), REQUEST_POST('email'));
}
// Free memory
if (count($FORM_ERRORS) > 0)
{
// Some found... :-(
- define('__COMPANY' , COMPILE_CODE($_POST['company']));
- define('__POSITION' , COMPILE_CODE($_POST['position']));
- define('__TAX_IDENT', COMPILE_CODE($_POST['tax_ident']));
- define('__SURNAME' , COMPILE_CODE($_POST['surname']));
- define('__FAMILY' , COMPILE_CODE($_POST['family']));
- define('__STREET1' , COMPILE_CODE($_POST['street_nr1']));
- define('__STREET2' , COMPILE_CODE($_POST['street_nr2']));
- define('__COUNTRY' , COMPILE_CODE($_POST['country']));
- define('__ZIP' , COMPILE_CODE($_POST['zip']));
- define('__CITY' , COMPILE_CODE($_POST['city']));
- define('__PHONE' , COMPILE_CODE($_POST['phone']));
- define('__FAX' , COMPILE_CODE($_POST['fax']));
- define('__CELL' , COMPILE_CODE($_POST['cell']));
- define('__EMAIL' , COMPILE_CODE($_POST['email']));
- define('__URL' , COMPILE_CODE($_POST['url']));
+ define('__COMPANY' , COMPILE_CODE(REQUEST_POST('company')));
+ define('__POSITION' , COMPILE_CODE(REQUEST_POST('position')));
+ define('__TAX_IDENT', COMPILE_CODE(REQUEST_POST('tax_ident')));
+ define('__SURNAME' , COMPILE_CODE(REQUEST_POST('surname')));
+ define('__FAMILY' , COMPILE_CODE(REQUEST_POST('family')));
+ define('__STREET1' , COMPILE_CODE(REQUEST_POST('street_nr1')));
+ define('__STREET2' , COMPILE_CODE(REQUEST_POST('street_nr2')));
+ define('__COUNTRY' , COMPILE_CODE(REQUEST_POST('country')));
+ define('__ZIP' , COMPILE_CODE(REQUEST_POST('zip')));
+ define('__CITY' , COMPILE_CODE(REQUEST_POST('city')));
+ define('__PHONE' , COMPILE_CODE(REQUEST_POST('phone')));
+ define('__FAX' , COMPILE_CODE(REQUEST_POST('fax')));
+ define('__CELL' , COMPILE_CODE(REQUEST_POST('cell')));
+ define('__EMAIL' , COMPILE_CODE(REQUEST_POST('email')));
+ define('__URL' , COMPILE_CODE(REQUEST_POST('url')));
// Check for gender selection
- switch ($_POST['gender'])
+ switch (REQUEST_POST('gender'))
{
case "M": // Male
define('__GENDER_M' , " selected=\"selected\"");
}
// Check for receive_warnings
- switch ($_POST['receive_warnings'])
+ switch (REQUEST_POST('receive_warnings'))
{
case "Y":
define('__REC_Y' , " selected=\"selected\"");
$OUT .= "</ol><br />\n";
define('__SPONSOR_FORM_ERRORS', $OUT);
- define('__SPONSOR_REFID', $_POST['refid']);
+ define('__SPONSOR_REFID', REQUEST_POST('refid'));
} else {
// None found, first call
define('__COMPANY' , "");
}
// Prepare referal things
- if (!isset($_GET['refid'])) {
+ if (!REQUEST_ISSET_GET(('refid'))) {
// No referal link
define('__SPONSOR_REFID', "0");
} else {
// Referal ID transmitted, we don't care here if it is right or not
- define('__SPONSOR_REFID', bigintval($_GET['refid']));
+ define('__SPONSOR_REFID', bigintval(REQUEST_GET('refid')));
}
// Display registration form
ADD_DESCR("guest", __FILE__);
// Derterminate which stats we want and set mode and title for the link below stats block
-if (!isset($_GET['mode'])) $_GET['mode'] = strtolower(getConfig('guest_stats'));
-switch ($_GET['mode']) {
+if (!REQUEST_ISSET_GET(('mode'))) REQUEST_SET_GET('mode', strtolower(getConfig('guest_stats')));
+
+switch (REQUEST_GET('mode')) {
case "members" :
setConfigEntry('guest_stats', "MEMBERS");
$lmode = "modules";
LOAD_TEMPLATE("guest_header");
// Add message here
-if (!empty($_GET['msg'])) {
+if (REQUEST_ISSET_GET(('msg'))) {
// Default extension is "unknown"
$ext = "unknown";
// Is extension given?
- if (!empty($_GET['ext'])) $ext = SQL_ESCAPE($_GET['ext']);
+ if (REQUEST_ISSET_GET(('ext'))) $ext = SQL_ESCAPE(REQUEST_GET('ext'));
// Which message shall we output?
- $msg = convertCodeToMessage($_GET['msg']);
+ $msg = convertCodeToMessage(REQUEST_GET('msg'));
// Load message template
LOAD_TEMPLATE("message", false, $msg);
require($INC);
}
-if (!empty($_GET['url'])) {
+if (REQUEST_ISSET_GET(('url'))) {
// Decode URL
- $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode($_GET['url']))));
+ $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode(REQUEST_GET('url')))));
// Validate the URL
if (VALIDATE_URL($url)) {
if ($cats > 0)
{
$LEAST = false;
- if (isset($_POST['ok']))
+ if (IS_FORM_SENT())
{
$cnt = 0;
- foreach ($_POST['cat'] as $cat => $joined)
+ foreach (REQUEST_POST('cat') as $cat => $joined)
{
if ($joined == "N") $cnt++;
}
if (($cats - $cnt) < getConfig('least_cats'))
{
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
$LEAST = true;
}
}
- if (isset($_POST['ok']))
+ if (IS_FORM_SENT())
{
- foreach ($_POST['cat'] as $cat => $joined)
+ foreach (REQUEST_POST('cat') as $cat => $joined)
{
switch ($joined)
{
array($UID, bigintval($id)), __FILE__, __LINE__);
// When we found an entry don't read it, just change the JOINED_x variables
- if (isset($_POST['cat']))
+ if (REQUEST_ISSET_POST(('cat')))
{
- if ($_POST['cat'][$id] =='Y') { $JOINED_Y = " checked=\"checked\""; $JOINED_N = ""; }
+ if (REQUEST_POST('cat', $id) =='Y') { $JOINED_Y = " checked=\"checked\""; $JOINED_N = ""; }
}
else
{
if ((($stamp1 + getConfig('holiday_lock')) > time()) || (($stamp2 + getConfig('holiday_lock')) > time()))
{
// Mail order is to close away!
- unset($_POST['ok']);
- unset($_POST['stop']);
+ REQUEST_UNSET_POST('ok');
+ REQUEST_UNSET_POST(('stop'));
if (($stamp1 + getConfig('holiday_lock')) > time())
{
SQL_FREERESULT($result1);
SQL_FREERESULT($result2);
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
{
// Check holiday request...
- $START = mktime(0, 0, 0, $_POST['start_month'], $_POST['start_day'], $_POST['start_year']);
- $END = mktime(0, 0, 0, $_POST['end_month'] , $_POST['end_day'] , $_POST['end_year'] );
+ $START = mktime(0, 0, 0, REQUEST_POST('start_month'), REQUEST_POST('start_day'), REQUEST_POST('start_year'));
+ $END = mktime(0, 0, 0, REQUEST_POST('end_month') , REQUEST_POST('end_day') , REQUEST_POST('end_year') );
// Test both values
$TEST = $END - $START;
if (($TEST < 0) || ($TEST > (getConfig('one_day') * getConfig('holiday_max'))) || ($START < time()) || ($END < time()))
{
// Time test failed
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
}
else
{
// Everything went okay so let's store his request and send mails
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_holidays` (userid, holiday_start, holiday_end, comments) VALUES ('%s','%s','%s','%s')",
- array($GLOBALS['userid'], $START, $END, $_POST['comments']), __FILE__, __LINE__);
+ array($GLOBALS['userid'], $START, $END, REQUEST_POST('comments')), __FILE__, __LINE__);
// Activate holiday system
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data`
array($GLOBALS['userid']), __FILE__, __LINE__);
// Prepare constants
- define('_START_DAY' , $_POST['start_day']);
- define('_START_MONTH', $MONTH_DESCR[$_POST['start_month']]);
- define('_START_YEAR' , $_POST['start_year']);
- define('_END_DAY' , $_POST['end_day']);
- define('_END_MONTH' , $MONTH_DESCR[$_POST['end_month']]);
- define('_END_YEAR' , $_POST['end_year']);
+ define('_START_DAY' , REQUEST_POST('start_day'));
+ define('_START_MONTH', $MONTH_DESCR[REQUEST_POST('start_month')]);
+ define('_START_YEAR' , REQUEST_POST('start_year'));
+ define('_END_DAY' , REQUEST_POST('end_day'));
+ define('_END_MONTH' , $MONTH_DESCR[REQUEST_POST('end_month')]);
+ define('_END_YEAR' , REQUEST_POST('end_year'));
// Send mail to member
- $msg = LOAD_EMAIL_TEMPLATE("member_holiday_request", $_POST['comments'], $GLOBALS['userid']);
+ $msg = LOAD_EMAIL_TEMPLATE("member_holiday_request", REQUEST_POST('comments'), $GLOBALS['userid']);
SEND_EMAIL($GLOBALS['userid'], HOLIDAY_MEMBER_SUBJECT, $msg);
// Send mail to all admins
- SEND_ADMIN_NOTIFICATION(HOLIDAY_ADMIN_SUBJECT, "admin_holiday_request", $_POST['comments'], $GLOBALS['userid']);
+ SEND_ADMIN_NOTIFICATION(HOLIDAY_ADMIN_SUBJECT, "admin_holiday_request", REQUEST_POST('comments'), $GLOBALS['userid']);
// Create task
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (userid, assigned_admin, status, task_type, subject, text, task_created) VALUES ('%s','0','NEW','HOLIDAY_REQUEST','%s','%s', UNIX_TIMESTAMP())",
}
// Holiday shall be ended now
-if (isset($_POST['stop']))
+if (REQUEST_ISSET_POST(('stop')))
{
// Okay, end the holiday here...
$result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM `{!_MYSQL_PREFIX!}_user_data`
}
// If something is wrong or link in menu is just clicked display form
-if ((!isset($_POST['ok'])) && (!isset($_POST['stop'])))
+if ((!IS_FORM_SENT()) && (!REQUEST_ISSET_POST(('stop'))))
{
// Check if user is in holiday...
$result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM `{!_MYSQL_PREFIX!}_user_data`
ADD_DESCR("member", __FILE__);
// Class was found and loaded
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
// Save settings
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET html='%s' WHERE userid=%s LIMIT 1",
- array($_POST['html'], $GLOBALS['userid']), __FILE__, __LINE__);
+ array(REQUEST_POST('html'), $GLOBALS['userid']), __FILE__, __LINE__);
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEMBER_SETTINGS_SAVED'));
-}
- else
-{
+} else {
// Load template for changing settings
$result = SQL_QUERY_ESC("SELECT html FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
- array($GLOBALS['userid']), __FILE__, __LINE__);
+ array($GLOBALS['userid']), __FILE__, __LINE__);
list($mode) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- if ($mode == "Y")
- {
+ if ($mode == "Y") {
define('HTML_Y', " checked=\"checked\"");
define('HTML_N', "");
- }
- else
- {
+ } else {
define('HTML_N', " checked=\"checked\"");
define('HTML_Y', "");
}
LOAD_TEMPLATE("member_html_mail_settings");
}
+
//
?>
// Detect what the member wants to do
$MODE = "show"; // Show his data
-if (!empty($_POST['save'])) $MODE = "save"; // Save entered data
-if (isset($_POST['edit'])) $MODE = "edit"; // Edit data
-if (!empty($_POST['notify'])) $MODE = "notify"; // Switch off notification
+if (REQUEST_ISSET_POST(('save'))) $MODE = "save"; // Save entered data
+if (REQUEST_ISSET_POST(('edit'))) $MODE = "edit"; // Edit data
+if (REQUEST_ISSET_POST(('notify'))) $MODE = "notify"; // Switch off notification
switch ($MODE)
{
$DATA[3] = MAKE_DATETIME($DATA[3] + getConfig('profile_lock'), "0");
// You cannot change your account
LOAD_TEMPLATE("member_mydata_locked");
- } elseif (!VALIDATE_EMAIL($_POST['addy'])) {
+ } elseif (!VALIDATE_EMAIL(REQUEST_POST('addy'))) {
// Invalid email address!
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('INVALID_EMAIL_ADDRESS_ENTERED'));
} else {
// Generate hash
- $hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40));
- if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1']))) {
+ $hash = generateHash(REQUEST_POST('pass1'), substr($DATA[1], 0, -40));
+ if ((($hash == $DATA[1]) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) && (REQUEST_ISSET_POST(('pass1')))) {
// Only on simple changes normal mode is active = no email or password changed
$MODE = "normal"; $AND = "";
if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $MODE = "pass"; }
// Or did he changed his password?
- if ($_POST['addy'] != $DATA[0]) {
+ if (REQUEST_POST('addy') != $DATA[0]) {
// Jupp
if ($MODE == "normal") { $MODE = "email"; } else { $MODE .= ";email"; }
- $_POST['old_addy'] = $DATA[0];
+ REQUEST_SET_POST('old_addy', $DATA[0]);
}
// Update member's profile
last_profile_sent=UNIX_TIMESTAMP()
WHERE userid=%s AND password='%s' LIMIT 1",
array(
- $_POST['gender'],
- $_POST['surname'],
- $_POST['family_name'],
- $_POST['street_nr'],
- bigintval($_POST['country_code']),
- bigintval($_POST['zip']),
- $_POST['city'],
- $_POST['addy'],
- bigintval($_POST['day']),
- bigintval($_POST['month']),
- bigintval($_POST['year']),
- bigintval($_POST['max_mails']),
+ REQUEST_POST('gender'),
+ REQUEST_POST('surname'),
+ REQUEST_POST('family'),
+ REQUEST_POST('street_nr'),
+ bigintval(REQUEST_POST('country_code')),
+ bigintval(REQUEST_POST('zip')),
+ REQUEST_POST('city'),
+ REQUEST_POST('addy'),
+ bigintval(REQUEST_POST('day')),
+ bigintval(REQUEST_POST('month')),
+ bigintval(REQUEST_POST('year')),
+ bigintval(REQUEST_POST('max_mails')),
UID_VALUE,
get_session('u_hash')
), __FILE__, __LINE__);
last_profile_sent=UNIX_TIMESTAMP()
WHERE userid=%s AND password='%s' LIMIT 1",
array(
- $_POST['gender'],
- $_POST['surname'],
- $_POST['family_name'],
- $_POST['street_nr'],
- $_POST['cntry'],
- bigintval($_POST['zip']),
- $_POST['city'],
- $_POST['addy'],
- bigintval($_POST['day']),
- bigintval($_POST['month']),
- bigintval($_POST['year']),
- bigintval($_POST['max_mails']),
+ REQUEST_POST('gender'),
+ REQUEST_POST('surname'),
+ REQUEST_POST('family'),
+ REQUEST_POST('street_nr'),
+ REQUEST_POST('cntry'),
+ bigintval(REQUEST_POST('zip')),
+ REQUEST_POST('city'),
+ REQUEST_POST('addy'),
+ bigintval(REQUEST_POST('day')),
+ bigintval(REQUEST_POST('month')),
+ bigintval(REQUEST_POST('year')),
+ bigintval(REQUEST_POST('max_mails')),
UID_VALUE,
get_session('u_hash')
), __FILE__, __LINE__);
// Remember charge value
define('__CHARGE_VALUE', TRANSLATE_COMMA(getConfig('nl_charge')));
-if ((isset($_POST['ok'])) && ($status == "Y") && ($span == "0")) {
+if ((IS_FORM_SENT()) && ($status == "Y") && ($span == "0")) {
// Save request
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nl_timespan='".(getConfig('one_day') * 30)."' WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
ADD_DESCR("member", __FILE__);
$VALID = false;
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
// Nickname was submitted so let's check if it is not already in use
- if (!empty($_POST['nickname'])) {
+ if (REQUEST_ISSET_POST(('nickname'))) {
// Check if nickname is valid
$PATTERN = "[".__NICKNAME_PATTERN."]{".__NICKNAME_LENGTH.",}";
- if (ereg($PATTERN, $_POST['nickname'], $array)) {
+ if (ereg($PATTERN, REQUEST_POST('nickname'), $array)) {
// Entered nickname is valid?
- if ($array[0] == $_POST['nickname']) $VALID = true;
+ if ($array[0] == REQUEST_POST('nickname')) $VALID = true;
} // END - if
} // END - if
} // END - if
if ($VALID) {
// Look for nickname in database (we only need just one entry so don't worry about the "LIMIT 1" !
$result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' AND userid != '%s' LIMIT 1",
- array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__);
+ array(REQUEST_POST('nickname'), $GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Nickname not in use, so set it now
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nickname='%s' WHERE userid=%s LIMIT 1",
- array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__);
+ array(REQUEST_POST('nickname'), $GLOBALS['userid']), __FILE__, __LINE__);
$content = NICKNAME_SAVED;
} else {
// Free result
define('__NICKNAME', NICKNAME_GET_NICK($GLOBALS['userid']));
// Do we have already submit the form?
- if (!empty($_POST['nickname'])) {
+ if (REQUEST_ISSET_POST(('nickname'))) {
LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_failed\">".NICKNAME_IS_INVALID."</div");
} // END - if
$whereStatement = " WHERE `visible`='Y'";
// Set undefined array elements
-if (empty($_GET['msg'])) $_GET['msg'] = "";
-if (empty($_POST['zip'])) $_POST['zip'] = "";
-if (empty($_POST['html'])) $_POST['html'] = "";
-if (empty($_POST['receiver'])) $_POST['receiver'] = "";
+if (!REQUEST_ISSET_GET(('msg'))) REQUEST_SET_GET('msg' , "");
+if (!REQUEST_ISSET_POST(('zip'))) REQUEST_SET_POST('zip' , "");
+if (!REQUEST_ISSET_POST(('html'))) REQUEST_SET_POST('html' , "");
+if (!REQUEST_ISSET_POST(('receiver'))) REQUEST_SET_POST('receiver', "");
if (IS_ADMIN()) $whereStatement = "";
// Minimum mails / order
if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3")) {
// Holiday is active!
LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ORDER_NOT_POSSIBLE);
-} elseif ((!empty($_POST['frametester'])) && ($ALLOWED > 0) && ($_POST['receiver'] > 0)) {
+} elseif ((REQUEST_ISSET_POST(('frametester'))) && ($ALLOWED > 0) && (REQUEST_POST('receiver') > 0)) {
// Continue with the frametester, we first need to store the data temporary in the pool
//
// First we would like to store the data and get it's pool position back...
$result = SQL_QUERY_ESC("SELECT id, data_type
FROM `{!_MYSQL_PREFIX!}_pool`
WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
- array($GLOBALS['userid'], $_POST['url'], getConfig('url_tlock')), __FILE__, __LINE__);
+ array($GLOBALS['userid'], REQUEST_POST('url'), getConfig('url_tlock')), __FILE__, __LINE__);
$type = "TEMP"; $id = 0;
if (SQL_NUMROWS($result) == 1) {
$URL = "";
if (getConfig('test_text') == "Y") {
// Test submitted text against some filters (length, URLs in text etc.)
- if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1)) {
+ if ((strpos(strtolower(REQUEST_POST('text')), "https://") > -1) || (strpos(strtolower(REQUEST_POST('text')), "http://") > -1) || (strpos(strtolower(REQUEST_POST('text')), "www") > -1)) {
// URL found!
$URL = "modules.php?module=login&what=order&msg=".constant('CODE_URL_FOUND');
} // END - if
// Remove new-line and carriage-return characters
- $TEST = str_replace("\n", "", str_replace("\r", "", $_POST['text']));
+ $TEST = str_replace("\n", "", str_replace("\r", "", REQUEST_POST('text')));
// Text length within allowed length?
if (strlen($TEST) > getConfig('max_tlength')) {
// Shall I test the subject line against URLs?
if (getConfig('test_subj') == "Y") {
// Check the subject line for issues
- $_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200));
- if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1)) {
+ REQUEST_SET_POST('subject', str_replace("\\", "[nl]", substr(REQUEST_POST('subject'), 0, 200)));
+ if ((strpos(strtolower(REQUEST_POST('subject')), "http://") > -1) || (strpos(strtolower(REQUEST_POST('subject')), "www") > -1)) {
// URL in subject found
$URL = "modules.php?module=login&what=order&msg=".constant('CODE_SUBJ_URL');
} // END - if
if (getConfig('url_blacklist') == "Y") {
// Ok, I do that for you know...
$result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{!_MYSQL_PREFIX!}_url_blacklist` WHERE `url`='%s' LIMIT 1",
- array($_POST['url']), __FILE__, __LINE__);
+ array(REQUEST_POST('url')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Jupp, we got one listed
} // END - if
// Enougth receivers entered?
- if (($_POST['receiver'] < getConfig('order_min')) && (!IS_ADMIN())) {
+ if ((REQUEST_POST('receiver') < getConfig('order_min')) && (!IS_ADMIN())) {
// Less than allowed receivers entered!
$URL = "modules.php?module=login&what=order&msg=".constant('CODE_MORE_RECEIVERS3');
} // END - if
// Validate URL
- if (!VALIDATE_URL($_POST['url'])) {
+ if (!VALIDATE_URL(REQUEST_POST('url'))) {
// URL is invalid!
$URL = "modules.php?module=login&what=order&msg=".constant('CODE_INVALID_URL');
} // END - if
// Probe for HTML extension
if (EXT_IS_ACTIVE("html_mail")) {
// HTML or regular text mail?
- if ($_POST['html'] == "Y") {
+ if (REQUEST_POST('html') == "Y") {
// Chek for valid HTML tags
- $_POST['text'] = HTML_CHECK_TAGS($_POST['text']);
+ REQUEST_SET_POST('text', HTML_CHECK_TAGS(REQUEST_POST('text')));
// Maybe invalid tags found?
- if (empty($_POST['text'])) $URL = "modules.php?module=login&what=order&msg=".constant('CODE_INVALID_TAGS')."&id=".$id;
+ if (!REQUEST_ISSET_POST(('text'))) $URL = "modules.php?module=login&what=order&msg=".constant('CODE_INVALID_TAGS')."&id=".$id;
} else {
// Remove any HTML code
- $_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text']));
+ REQUEST_SET_POST('text', str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", REQUEST_POST('text'))));
}
}
} elseif (!IS_ADMIN()) {
if (empty($URL)) {
// Check if category and number of receivers is okay
$ADD = "";
- if ((getConfig('order_multi_page') == "Y") && (!empty($_POST['zip']))) {
+ if ((getConfig('order_multi_page') == "Y") && (REQUEST_ISSET_POST(('zip')))) {
// Choose recipients by ZIP code
- $ADD = " AND d.zip LIKE '".bigintval($_POST['zip'])."{PER}'";
+ $ADD = " AND d.zip LIKE '".bigintval(REQUEST_POST('zip'))."{PER}'";
} // END - if
// Check for userids
WHERE c.cat_id=%s AND c.userid != '%s' AND d.`status`='CONFIRMED' AND d.receive_mails > 0".$ADD."
ORDER BY d.%s %s",
array(
- bigintval($_POST['cat']),
+ bigintval(REQUEST_POST('cat')),
$GLOBALS['userid'],
getConfig('order_select'),
getConfig('order_mode'),
), __FILE__, __LINE__);
// Do we enougth receivers left?
- if (SQL_NUMROWS($result) >= $_POST['receiver']) {
+ if (SQL_NUMROWS($result) >= REQUEST_POST('receiver')) {
// Check for holiday extensions
$HOLIDAY = false;
if (GET_EXT_VERSION("holiday") >= "0.1.3") {
array(str_replace(";", ", ", $RECEIVER), $MAX_SEND), __FILE__, __LINE__);
// Is calculated max receivers larger than wanted receivers then reset it
- if ($MAX_SEND > $_POST['receiver']) $MAX_SEND = $_POST['receiver'];
+ if ($MAX_SEND > REQUEST_POST('receiver')) $MAX_SEND = REQUEST_POST('receiver');
// Calculate used points
- $USED = $MAX_SEND * GET_PAY_POINTS(bigintval($_POST['type']));
+ $USED = $MAX_SEND * GET_PAY_POINTS(bigintval(REQUEST_POST('type')));
// Fix empty zip code
- if (empty($_POST['zip'])) $_POST['zip'] = "0";
+ if (!REQUEST_ISSET_POST(('zip'))) REQUEST_SET_POST('zip', "0");
// Check if he has enougth points for this order and selected more than 0 receivers
if (($USED > 0) && ($USED <= $TOTAL) && ($MAX_SEND > 0)) {
VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s','%s')",
array(
$GLOBALS['userid'],
- $_POST['subject'],
- $_POST['text'],
+ REQUEST_POST('subject'),
+ REQUEST_POST('text'),
$RECEIVER,
- bigintval($_POST['type']),
+ bigintval(REQUEST_POST('type')),
$TIME,
- $_POST['url'],
- bigintval($_POST['cat']),
+ REQUEST_POST('url'),
+ bigintval(REQUEST_POST('cat')),
$MAX_SEND,
- bigintval($_POST['zip']),
- $_POST['html']
+ bigintval(REQUEST_POST('zip')),
+ REQUEST_POST('html')
), __FILE__, __LINE__);
} else {
// No HTML extension is active
VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s')",
array(
$GLOBALS['userid'],
- $_POST['subject'],
- $_POST['text'],
+ REQUEST_POST('subject'),
+ REQUEST_POST('text'),
$RECEIVER,
- bigintval($_POST['type']),
+ bigintval(REQUEST_POST('type')),
$TIME,
- $_POST['url'],
- bigintval($_POST['cat']),
+ REQUEST_POST('url'),
+ bigintval(REQUEST_POST('cat')),
$MAX_SEND,
- bigintval($_POST['zip']),
+ bigintval(REQUEST_POST('zip')),
), __FILE__, __LINE__);
}
} else {
html_msg='%s'
WHERE id=%s LIMIT 1",
array(
- $_POST['subject'],
- $_POST['text'],
+ REQUEST_POST('subject'),
+ REQUEST_POST('text'),
$RECEIVER,
- bigintval($_POST['type']),
- $_POST['url'],
- bigintval($_POST['cat']),
+ bigintval(REQUEST_POST('type')),
+ REQUEST_POST('url'),
+ bigintval(REQUEST_POST('cat')),
$MAX_SEND,
- bigintval($_POST['zip']),
- $_POST['html'],
+ bigintval(REQUEST_POST('zip')),
+ REQUEST_POST('html'),
bigintval($id)
), __FILE__, __LINE__);
} else {
zip=%s
WHERE id=%s LIMIT 1",
array(
- $_POST['subject'],
- $_POST['text'],
+ REQUEST_POST('subject'),
+ REQUEST_POST('text'),
$RECEIVER,
- bigintval($_POST['type']),
- $_POST['url'],
- bigintval($_POST['cat']),
+ bigintval(REQUEST_POST('type')),
+ REQUEST_POST('url'),
+ bigintval(REQUEST_POST('cat')),
$MAX_SEND,
- bigintval($_POST['zip']),
+ bigintval(REQUEST_POST('zip')),
bigintval($id)
), __FILE__, __LINE__);
}
$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_pool` WHERE sender=%s AND subject='%s' AND payment_id=%s AND data_type='TEMP' AND timestamp=%s LIMIT 1",
array(
$GLOBALS['userid'],
- $_POST['subject'],
- bigintval($_POST['type']),
+ REQUEST_POST('subject'),
+ bigintval(REQUEST_POST('type')),
$TIME
), __FILE__, __LINE__);
$URL = "modules.php?module=login&what=order&msg=".constant('CODE_NO_RECS_LEFT');
}
}
-} elseif ($_POST['receiver'] == "0") {
+} elseif (REQUEST_POST('receiver') == "0") {
// Not enougth receivers selected
$URL = "modules.php?module=login&what=order&msg=".constant('CODE_MORE_RECEIVERS1');
} elseif (($ALLOWED == 0) && (getConfig('order_max_full') == "ORDER")) {
// Enable HTML checking
$HTML = ""; $HOLIDAY = false; $HOL_STRING = "";
- if ((EXT_IS_ACTIVE("html_mail")) && ($_POST['html'] == "Y")) $HTML = " AND html='Y'";
+ if ((EXT_IS_ACTIVE("html_mail")) && (REQUEST_POST('html') == "Y")) $HTML = " AND html='Y'";
if (GET_EXT_VERSION("holiday") >= "0.1.3") {
// Extension's version is fine
$HOLIDAY = true; $HOL_STRING = " AND holiday_active='N'";
$result_ver = SQL_QUERY_ESC("SELECT zip FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s".$HTML." AND receive_mails > 0 AND `status`='CONFIRMED' LIMIT 1",
array(bigintval($ucat)), __FILE__, __LINE__);
- if ((SQL_NUMROWS($result_ver) == 1) && (!empty($_POST['zip'])) && (getConfig('order_multi_page') == "Y")) {
+ if ((SQL_NUMROWS($result_ver) == 1) && (REQUEST_ISSET_POST(('zip'))) && (getConfig('order_multi_page') == "Y")) {
list($zip) = SQL_FETCHROW($result_ver);
SQL_FREERESULT($result_ver);
- if (substr($zip, 0, strlen($_POST['zip'])) == $_POST['zip']) {
+ if (substr($zip, 0, strlen(REQUEST_POST('zip'))) == REQUEST_POST('zip')) {
// Ok, ZIP part is found
$uid_cnt++;
} // END - if
if (SQL_NUMROWS($result) > 0) {
// Check for message ID in URL
$MSG = "";
- switch ($_GET['msg'])
+ switch (REQUEST_GET('msg'))
{
case constant('CODE_URL_TLOCK'):
$result = SQL_QUERY_ESC("SELECT timestamp FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
// Load timestamp from last order
list($LORDER) = SQL_FETCHROW($result);
break;
case constant('CODE_BLIST_URL'):
- $MSG = "{--MEMBER_URL_BLACK_LISTED--}<br />\n{--MEMBER_BLIST_TIME--}: ".MAKE_DATETIME($_GET['blist'], "0");
+ $MSG = "{--MEMBER_URL_BLACK_LISTED--}<br />\n{--MEMBER_BLIST_TIME--}: ".MAKE_DATETIME(REQUEST_GET('blist'), "0");
break;
case constant('CODE_NO_RECS_LEFT'):
break;
default:
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error code %s detected.", $_GET['msg']));
- $MSG = sprintf(getMessage('UNKNOWN_CODE'), $_GET['msg']);
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error code %s detected.", REQUEST_GET('msg')));
+ $MSG = sprintf(getMessage('UNKNOWN_CODE'), REQUEST_GET('msg'));
break;
}
SQL_FREERESULT($result);
// 01 2 21 12 2 23 443 3 3210
- if ((!empty($_POST['data'])) || ((getConfig('order_multi_page') != "Y") && ((!IS_ADMIN()) && (!EXT_IS_ACTIVE("html_mail"))))) {
+ if ((REQUEST_ISSET_POST(('data'))) || ((getConfig('order_multi_page') != "Y") && ((!IS_ADMIN()) && (!EXT_IS_ACTIVE("html_mail"))))) {
// Pre-output categories
$CAT = "";
foreach ($CATS['id'] as $key => $value) {
define('TEXT', COMPILE_CODE($text));
define('T_URL', $url);
- if (!empty($_POST['zip'])) {
+ if (REQUEST_ISSET_POST(('zip'))) {
// Output entered ZIP code
- define('ZIP_OUTPUT', LOAD_TEMPLATE("member_order-zip2", true, $_POST['zip']));
+ define('ZIP_OUTPUT', LOAD_TEMPLATE("member_order-zip2", true, REQUEST_POST('zip')));
} else {
define('ZIP_OUTPUT', "<tr><td colspan=\"5\" height=\"5\" class=\"seperator\"> </td></tr>");
}
// HTML extension
- if ((EXT_IS_ACTIVE("html_mail")) && ($_POST['html'] == "Y")) {
+ if ((EXT_IS_ACTIVE("html_mail")) && (REQUEST_POST('html') == "Y")) {
// Extension is active so output valid HTML tags
define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_ext", true, HTML_ADD_VALID_TAGS()));
} else {
// Do we want ZIP code or not?
if ((getConfig('order_multi_page') == "Y") || (IS_ADMIN())) {
// Yes
- if ($_POST['zip'] > 0) {
+ if (REQUEST_POST('zip') > 0) {
$content = array(
- 'zip' => bigintval($_POST['zip']),
+ 'zip' => bigintval(REQUEST_POST('zip')),
'add' => $ADD
);
} else {
// Sanity check...
if (empty($TPTS)) $TPTS = "0.00000";
-if (empty($_GET['payout'])) {
+if (!REQUEST_ISSET_GET(('payout'))) {
// Load payout types
$result = SQL_QUERY_ESC("SELECT id, type, rate, min_points, allow_url
FROM `{!_MYSQL_PREFIX!}_payout_types`
} else {
// Chedk if he can get paid by selected type
$result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
- array(bigintval($_GET['payout'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('payout'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// ID is valid
// Calulcate points from submitted amount
$PAYOUT = 0;
- if (!empty($_POST['payout'])) {
- $PAYOUT = bigintval($_POST['payout']) / $rate;
+ if (REQUEST_ISSET_POST(('payout'))) {
+ $PAYOUT = bigintval(REQUEST_POST('payout')) / $rate;
$PAY_MAX = $max / $rate;
}
if (REVERT_COMMA($TPTS) >= $min) {
// Ok, he can get be paid
- if ((isset($_POST['ok'])) && ($PAYOUT <= $PAY_MAX) && ($PAYOUT >= $min)) {
+ if ((IS_FORM_SENT()) && ($PAYOUT <= $PAY_MAX) && ($PAYOUT >= $min)) {
// Calculate exact value
define('PAYOUT_POINTS_VALUE', $PAYOUT);
VALUES (%s,%s,%s, UNIX_TIMESTAMP(), 'NEW','%s','%s','%s')",
array(
$GLOBALS['userid'],
- bigintval($_POST['payout']),
- bigintval($_GET['payout']),
- $_POST['turl'],
- $_POST['alt'],
- $_POST['banner']
+ bigintval(REQUEST_POST('payout')),
+ bigintval(REQUEST_GET('payout')),
+ REQUEST_POST('turl'),
+ REQUEST_POST('alt'),
+ REQUEST_POST('banner')
), __FILE__, __LINE__);
// Load templates
VALUES (%s,%s,%s,'%s',%s, UNIX_TIMESTAMP(), 'NEW','%s')",
array(
$GLOBALS['userid'],
- bigintval($_POST['payout']),
- bigintval($_POST['account']),
- $_POST['bank'],
- bigintval($_GET['payout']),
- $_POST['pass']
+ bigintval(REQUEST_POST('payout')),
+ bigintval(REQUEST_POST('account')),
+ REQUEST_POST('bank'),
+ bigintval(REQUEST_GET('payout')),
+ REQUEST_POST('pass')
), __FILE__, __LINE__);
// Load templates
$content = array(); $points = false;
// Is the mode set (payout only)
-if (!isset($_GET['mode'])) {
+if (!REQUEST_ISSET_GET(('mode'))) {
// Get referal id
$content['refid'] = bigintval(getConfig('primera_refid'));
SQL_FREERESULT($result);
// Is there an ID?
- if ((!empty($content['primera_nickname'])) && (!isset($_GET['mode']))) {
+ if ((!empty($content['primera_nickname'])) && (!REQUEST_ISSET_GET(('mode')))) {
// Then use an other "mode"
- $_GET['mode'] = "list";
+ REQUEST_SET_GET('mode', "list");
// And load all rows!
$result = SQL_QUERY_ESC("SELECT `id`, `primera_account`, `primera_amount`, `primera_timestamp`, `primera_type` FROM `{!_MYSQL_PREFIX!}_user_primera` WHERE `userid` = %s ORDER BY `primera_timestamp` DESC",
SQL_FREERESULT($result);
} else {
// Mode pay
- $_GET['mode'] = "pay";
+ REQUEST_SET_GET('mode', "pay");
}
} // END - if
-if ($_GET['mode'] == "pay") {
+if (REQUEST_GET('mode') == "pay") {
// Get total points and check if the user can request a payout
$points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
SQL_FREERESULT($result);
} else {
// Invalid mode!
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode'))));
return;
}
// Is the formular sent?
-if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
+if ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('mode')))) {
// Check input data depending on the mode and execute the requested mode
- switch ($_GET['mode']) {
+ switch (REQUEST_GET('mode')) {
case "pay": // Payout this exchange -> Primus
// Is the user ID and password set?
- if (empty($_POST['primera_nickname'])) {
+ if (!REQUEST_ISSET_POST(('primera_nickname'))) {
// Nothing entered in Primus nickname
LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_EMPTY_USERNAME);
- } elseif (empty($_POST['primera_password'])) {
+ } elseif (!REQUEST_ISSET_POST(('primera_password'))) {
// Nothing entered in Primera password
LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_EMPTY_PASSWORD);
- } elseif (empty($_POST['amount'])) {
+ } elseif (!REQUEST_ISSET_POST(('amount'))) {
// Nothing entered in amount
LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_EMPTY_AMOUNT);
- } elseif ($_POST['amount'] != bigintval($_POST['amount'])) {
+ } elseif (REQUEST_POST('amount') != bigintval(REQUEST_POST('amount'))) {
// Only numbers in amount!
LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_INVALID_AMOUNT);
- } elseif ($_POST['amount'] < getConfig('primera_min_payout')) {
+ } elseif (REQUEST_POST('amount') < getConfig('primera_min_payout')) {
// Not enougth entered!
LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_AMOUNT_SMALLER_MIN, bigintval(getConfig('primera_min_payout'))));
- } elseif ($_POST['amount'] > $points) {
+ } elseif (REQUEST_POST('amount') > $points) {
// Not enougth points left!
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval($_POST['amount']), bigintval($points)));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval(REQUEST_POST('amount')), bigintval($points)));
} else {
// All is fine here so do the payout
- $success = PRIMERA_EXECUTE_PAYOUT($_POST['primera_nickname'], md5($_POST['primera_password']), $_POST['amount']);
+ $success = PRIMERA_EXECUTE_PAYOUT(REQUEST_POST('primera_nickname'), md5(REQUEST_POST('primera_password')), REQUEST_POST('amount'));
if ($success) {
// Default is locked!
$locked = true;
} // END - if
// Remove points from account
- SUB_POINTS("primera_payout", $GLOBALS['userid'], $_POST['amount']);
+ SUB_POINTS("primera_payout", $GLOBALS['userid'], REQUEST_POST('amount'));
// Update primera nickname
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `primera_userid`=%s WHERE userid=%s LIMIT 1",
- array($_POST['primera_nickname'], $GLOBALS['userid']), __FILE__, __LINE__);
+ array(REQUEST_POST('primera_nickname'), $GLOBALS['userid']), __FILE__, __LINE__);
// All done!
LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_PAYOUT_DONE);
break;
default: // Invalid mode!
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", $_GET['mode']));
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", REQUEST_GET('mode')));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode'))));
return;
}
} // END - if
// Prepare mode for template name
-$mode = sprintf("member_primera_mode_%s", SQL_ESCAPE($_GET['mode']));
+$mode = sprintf("member_primera_mode_%s", SQL_ESCAPE(REQUEST_GET('mode')));
// Load the template
LOAD_TEMPLATE($mode, false, $content);
ADD_DESCR("member", __FILE__);
// Was the form submitted?
-if ((isset($_POST['edit'])) && (isset($_POST['id']))) {
+if ((REQUEST_ISSET_POST(('edit'))) && (REQUEST_ISSET_POST(('id')))) {
// Okay, has the user entered some values?
- if (isset($_POST['percents'])) {
+ if (REQUEST_ISSET_POST(('percents'))) {
// Revert german commta for testing
- $percents = REVERT_COMMA($_POST['percents']);
+ $percents = REVERT_COMMA(REQUEST_POST('percents'));
// Validate percents
if ((($percents >= getConfig('refback_min_perc')) || (round($percents) == 0)) && ($percents <= getConfig('refback_max_perc'))) {
// Change ref-back for this direct id
- $status = REFBACK_CHANGE_MEMBER_PERCENTS($_POST['id'], $_POST['percents']);
+ $status = REFBACK_CHANGE_MEMBER_PERCENTS(REQUEST_POST('id'), REQUEST_POST('percents'));
// Check status
if (isset($status['ok'])) {
// Insert line
} else {
// Read data from refback table
- $content = GET_USER_REF_ENTRY($_POST['id']);
+ $content = GET_USER_REF_ENTRY(REQUEST_POST('id'));
// Translate comma
$content['refback'] = TRANSLATE_COMMA($content['refback']);
// Add description as navigation point
ADD_DESCR("member", __FILE__);
-if ((!isset($_POST['ok'])) || (empty($_POST['qsummary']))) {
+if ((!IS_FORM_SENT()) || (!REQUEST_ISSET_POST(('qsummary')))) {
// Output form
LOAD_TEMPLATE("member_support_form");
} else {
// Load mail template based on your member's decision
if (GET_EXT_VERSION("admins") >= "0.4.1") {
- $a_tpl = "admin_support-".$_POST['qsummary'];
+ $a_tpl = "admin_support-".REQUEST_POST('qsummary');
} else {
- $msg_a = LOAD_EMAIL_TEMPLATE("admin_support-".$_POST['qsummary'], array('text' => $_POST['qdetails']), $GLOBALS['userid']);
+ $msg_a = LOAD_EMAIL_TEMPLATE("admin_support-".REQUEST_POST('qsummary'), array('text' => REQUEST_POST('qdetails')), $GLOBALS['userid']);
}
- $msg_m = LOAD_EMAIL_TEMPLATE("member_support-".$_POST['qsummary'], array('text' => $_POST['qdetails']), $GLOBALS['userid']);
+ $msg_m = LOAD_EMAIL_TEMPLATE("member_support-".REQUEST_POST('qsummary'), array('text' => REQUEST_POST('qdetails')), $GLOBALS['userid']);
// Select right subject
- switch ($_POST['qsummary']) {
+ switch (REQUEST_POST('qsummary')) {
case "ordr":
$subj_a = getMessage('SUPPORT_SUBJ_ADMIN_ORDER');
$subj_m = getMessage('SUPPORT_SUBJ_MEMBER_ORDER');
} // END - switch
// Send mail to admin
- SEND_ADMIN_NOTIFICATION($subj_a, $a_tpl, array('text' => $_POST['qdetails']), $GLOBALS['userid']);
+ SEND_ADMIN_NOTIFICATION($subj_a, $a_tpl, array('text' => REQUEST_POST('qdetails')), $GLOBALS['userid']);
// Send mail to user
SEND_EMAIL($GLOBALS['userid'], $subj_m, $msg_m);
// Drop a message in the admin's area
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (userid, assigned_admin, status, task_type, subject, text, task_created) VALUES ('%s','0','NEW','SUPPORT_MEMBER','%s','%s', UNIX_TIMESTAMP())",
- array($GLOBALS['userid'], $subj_a, $_POST['qsummary'].":".array('text' => $_POST['qdetails'])), __FILE__, __LINE__);
+ array($GLOBALS['userid'], $subj_a, REQUEST_POST('qsummary').":".array('text' => REQUEST_POST('qdetails'))), __FILE__, __LINE__);
// Form sent
LOAD_TEMPLATE("member_support_contcted");
if (!SURFBAR_IF_USER_BOOK_MORE_URLS()) {
// No more URLs allowed to book!
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEMBER_SURFBAR_NO_MORE_ALLOWED'));
-} elseif ((isset($_POST['ok'])) && (isset($_POST['limited']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('limited')))) {
// Is limitation "no" and "limit" is > 0?
- if (($_POST['limited'] == "N") && ((isset($_POST['limit'])) && ($_POST['limit'] > 0)) || (!isset($_POST['limit']))) {
+ if ((REQUEST_POST('limited') == "N") && ((REQUEST_ISSET_POST(('limit'))) && (REQUEST_POST('limit') > 0)) || (!REQUEST_ISSET_POST(('limit')))) {
// Set it to unlimited
- $_POST['limit'] = 0;
+ REQUEST_SET_POST('limit', 0);
} // END - if
// Register the new URL
- $insertId = SURFBAR_MEMBER_ADD_URL($_POST['url'], $_POST['limit']);
+ $insertId = SURFBAR_MEMBER_ADD_URL(REQUEST_POST('url'), REQUEST_POST('limit'));
// By default something went wrong
$msg = getMessage('MEMBER_SURFBAR_URL_NOT_ADDED');
$URLs = SURFBAR_GET_USER_URLS();
// Are there entries or form is submitted?
-if ((isset($_POST['ok'])) && (isset($_POST['action'])) && (isset($_POST['id']))) {
+if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('action'))) && (REQUEST_ISSET_POST(('id')))) {
// Process the form
- if (SURFBAR_MEMBER_DO_FORM($_POST, $URLs)) {
+ if (SURFBAR_MEMBER_DO_FORM(REQUEST_POST_ARRAY(), $URLs)) {
// Action performed but shall we display it?
- if ((($_POST['action'] != "edit") && ($_POST['action'] != "delete")) || (isset($_POST['execute']))) {
+ if (((REQUEST_POST('action') != "edit") && (REQUEST_POST('action') != "delete")) || (REQUEST_ISSET_POST(('execute')))) {
// Display "action done" message if action is wether 'edit' nor 'delete' or has been executed
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEMBER_SURFBAR_ACTION_DONE'));
} // END - if
// Add description as navigation point
ADD_DESCR("member", __FILE__);
-if (!empty($_POST['member_theme'])) {
+if (REQUEST_ISSET_POST(('member_theme'))) {
// Save theme to member's profile
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET curr_theme='%s' WHERE userid=%s LIMIT 1",
- array($_POST['member_theme'], $GLOBALS['userid']), __FILE__, __LINE__);
+ array(REQUEST_POST('member_theme'), $GLOBALS['userid']), __FILE__, __LINE__);
// Set new theme for guests
- $newTheme = SQL_ESCAPE($_POST['member_theme']);
+ $newTheme = SQL_ESCAPE(REQUEST_POST('member_theme'));
// Change to new theme
set_session('mxchange_theme', $newTheme);
SQL_FREERESULT($result);
$MODE = "";
-if (!empty($_GET['mode'])) $MODE = $_GET['mode'];
+if (REQUEST_ISSET_GET(('mode'))) $MODE = REQUEST_GET('mode');
// Check for "faker"
if (($opt_in == "N") && ($MODE == "new")) $MODE = "";
// Remember maximum value for template
define('__TRANSFER_MAX_VALUE', round($total - getConfig('transfer_balance') - 0.5));
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Add new transfer
if (getConfig('transfer_code') > 0) {
// Check for code
- $code = GEN_RANDOM_CODE(getConfig('transfer_code'), $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
- $valid_code = ($code == $_POST['code']);
+ $code = GEN_RANDOM_CODE(getConfig('transfer_code'), REQUEST_POST('code_chk'), $GLOBALS['userid'], constant('__TRANSFER_MAX_VALUE'));
+ $valid_code = ($code == REQUEST_POST('code'));
} else {
// Zero length (= disabled) is always valid!
$valid_code = true;
}
// Test password
- $valid_pass = ($pass == generateHash($_POST['password'], $pass));
+ $valid_pass = ($pass == generateHash(REQUEST_POST('password'), $pass));
// Test transfer amount
- $valid_amount = ((!empty($_POST['points'])) && ($_POST['points'] <= __TRANSFER_MAX_VALUE));
+ $valid_amount = ((REQUEST_ISSET_POST(('points'))) && (REQUEST_POST('points') <= constant('__TRANSFER_MAX_VALUE')));
// Test reason for transfer
- $valid_reason = (!empty($_POST['reason']));
+ $valid_reason = (REQUEST_ISSET_POST(('reason')));
// Test if a recipient is selected
- $valid_recipient = ($_POST['to_uid'] > 0);
+ $valid_recipient = (REQUEST_POST('to_uid') > 0);
// Check for nickname extension and set additional data
$nick = false; $ADD = ", userid";
// Re-check receivers and own personal data
$result = SQL_QUERY_ESC("SELECT userid, gender, surname, family, email".$ADD." FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid IN ('%s','%s') AND `status`='CONFIRMED' ORDER BY userid LIMIT 2",
- array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__);
+ array($GLOBALS['userid'], bigintval(REQUEST_POST('to_uid'))), __FILE__, __LINE__);
$valid_data = (SQL_NUMROWS($result) == 2);
if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient) {
// Sender's UID is always currently stored in cookie userid...
define('__SENDER_UID' , $GLOBALS['userid']);
- define('__RECIPIENT_UID' , $_POST['to_uid']);
+ define('__RECIPIENT_UID' , REQUEST_POST('to_uid'));
$SENDER = __SENDER_UID;
$RECIPIENT = __RECIPIENT_UID;
}
// Remember transfer reason and fancy date/time in constants
- define('__TRANSFER_REASON', $_POST['reason']);
+ define('__TRANSFER_REASON', REQUEST_POST('reason'));
define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME(getConfig('transfer_age')));
// Generate tranafer id
- define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", mt_rand(0, 99999), $GLOBALS['userid'], $_POST['reason'])));
+ define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", mt_rand(0, 99999), $GLOBALS['userid'], REQUEST_POST('reason'))));
// Add entries to both tables
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_transfers_in` (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
- array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+ array(bigintval(REQUEST_POST('to_uid')), $GLOBALS['userid'], bigintval(REQUEST_POST('points')), REQUEST_POST('reason'), __TRANS_ID),
__FILE__, __LINE__);
SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_transfers_out` (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
- array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+ array($GLOBALS['userid'], bigintval(REQUEST_POST('to_uid')), bigintval(REQUEST_POST('points')), REQUEST_POST('reason'), __TRANS_ID),
__FILE__, __LINE__);
// Add points to account *directly* ...
- ADD_POINTS_REFSYSTEM("member_transfer", bigintval($_POST['to_uid']), bigintval($_POST['points']), false, "0", false, "direct");
+ ADD_POINTS_REFSYSTEM("member_transfer", bigintval(REQUEST_POST('to_uid')), bigintval(REQUEST_POST('points')), false, "0", false, "direct");
// ... and add it to current user's used points
- SUB_POINTS("transfer", $GLOBALS['userid'], $_POST['points']);
+ SUB_POINTS("transfer", $GLOBALS['userid'], REQUEST_POST('points'));
// First send email to recipient
$msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID);
} elseif (!$valid_code) {
// Invalid Touring code!
LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_CODE."</div>");
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
} elseif (!$valid_pass) {
// Wrong password entered
LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_PASSWORD."</div>");
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
} elseif (!$valid_amount) {
// Too much points entered
LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_POINTS."</div>");
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
} elseif (!$valid_reason) {
// No transfer reason entered
LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_REASON."</div>");
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
} elseif (!$valid_recipient) {
// No recipient selected
LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_RECIPIENT."</div>");
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
} elseif (!$valid_data) {
// No recipient selected
LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_DATA."</div>");
- unset($_POST['ok']);
+ REQUEST_UNSET_POST('ok');
}
}
- if (!isset($_POST['ok'])) {
+ if (!IS_FORM_SENT()) {
// Load member list
if (EXT_IS_ACTIVE("nickname")) {
// Load userid and nickname
<option value=\"0\">".SELECT_NONE."</option>\n";
while (list($uid, $nick) = SQL_FETCHROW($result)) {
$OUT .= "<option value=\"".$uid."\"";
- if ((isset($_POST['to_uid'])) && ($_POST['to_uid'] == $uid)) $OUT .= " selected=\"selected\"";
+ if ((REQUEST_ISSET_POST(('to_uid'))) && (REQUEST_POST('to_uid') == $uid)) $OUT .= " selected=\"selected\"";
$OUT .= ">";
if (($nick != $uid) && (!empty($nick))) {
// Output nickname
SQL_FREERESULT($result);
} else {
// No one else is opt-in
- $OUT = TRANSFER_NO_ONE_ELSE_OPT_IN;
+ $OUT = getMessage('TRANSFER_NO_ONE_ELSE_OPT_IN');
define('__TRANSFER_TO_DISABLED', " disabled");
}
// Generate Code
if (getConfig('transfer_code') > 0) {
$rand = mt_rand(0, 99999);
- $code = GEN_RANDOM_CODE(getConfig('transfer_code'), $rand, $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
+ $code = GEN_RANDOM_CODE(getConfig('transfer_code'), $rand, $GLOBALS['userid'], constant('__TRANSFER_MAX_VALUE'));
$img = GENERATE_IMAGE($code, false);
define('__TRANSFER_IMAGE_INPUT', "<input type=\"hidden\" name=\"code_chk\" value=\"".$rand."\" /><input type=\"text\" name=\"code\" class=\"member_normal\" size=\"5\" maxlength=\"7\"{!__TRANSFER_TO_DISABLED!} /> ".$img);
} else {
$code = "00000";
- define('__TRANSFER_IMAGE_INPUT', TRANSFER_NO_CODE);
+ define('__TRANSFER_IMAGE_INPUT', getMessage('TRANSFER_NO_CODE'));
}
// Transfer maybe already entered valued'
- if (isset($_GET['ok'])) {
+ if (REQUEST_ISSET_GET('ok')) {
// Get values from form
- define('__TRANSFER_POINTS_VALUE', bigintval($_POST['points']));
- define('__TRANSFER_REASON_VALUE', strip_tags($_POST['reason']));
+ define('__TRANSFER_POINTS_VALUE', bigintval(REQUEST_POST('points')));
+ define('__TRANSFER_REASON_VALUE', strip_tags(REQUEST_POST('reason')));
} else {
// Set empty values
define('__TRANSFER_POINTS_VALUE', "");
define('__TRANSFER_ALL_LINK', $total);
}
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Save settings
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET opt_in='%s' WHERE userid=%s LIMIT 1",
- array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__);
+ array(REQUEST_POST('opt_in'), $GLOBALS['userid']), __FILE__, __LINE__);
// Rember for next switch() command
- $opt_in = $_POST['opt_in'];
+ $opt_in = REQUEST_POST('opt_in');
// "Settings saved..."
LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_done\">".SETTINGS_SAVED."</div>");
ADD_DESCR("member", __FILE__);
// Shall we display a mail?
-if ((isset($_GET['bonusid'])) && (EXT_IS_ACTIVE("bonus"))) {
+if ((REQUEST_ISSET_GET(('bonusid'))) && (EXT_IS_ACTIVE("bonus"))) {
// Display bonus mail by loading it's full data
$result_data = SQL_QUERY_ESC("SELECT id, subject, timestamp, cat_id, points, text, is_notify, data_type, time, url
FROM `{!_MYSQL_PREFIX!}_bonus`
WHERE id=%s LIMIT 1",
- array(bigintval($_GET['bonusid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('bonusid'))), __FILE__, __LINE__);
// Load data
$content = SQL_FETCHARRAY($result_data);
// Free result
SQL_FREERESULT($result_data);
-} elseif (isset($_GET['mailid'])) {
+} elseif (REQUEST_ISSET_GET(('mailid'))) {
// Display regular member mail by loading its full data
$result_data = SQL_QUERY_ESC("SELECT s.id, s.subject, p.text, s.timestamp_ordered AS `timestamp`, s.cat_id, pay.price AS points, p.sender, pay.time, p.data_type
FROM `{!_MYSQL_PREFIX!}_user_stats` AS s
LEFT JOIN `{!_MYSQL_PREFIX!}_payments` AS pay
ON p.payment_id=pay.id
WHERE s.id=%s LIMIT 1",
- array(bigintval($_GET['mailid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('mailid'))), __FILE__, __LINE__);
// Load data
$content = SQL_FETCHARRAY($result_data);
$content = array(); $points = false;
// Is the mode set (withdraw or payout)
-if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
+if ((!REQUEST_ISSET_GET(('mode'))) || (REQUEST_GET('mode') == "choose")) {
// Let the user choose what he wants to do
$content['refid'] = bigintval(getConfig('wernis_refid'));
$content['wds66_id'] = 0;
SQL_FREERESULT($result);
// Is there an ID?
- if ((!empty($content['wds66_id'])) && (!isset($_GET['mode']))) {
+ if ((!empty($content['wds66_id'])) && (!REQUEST_ISSET_GET(('mode')))) {
// Then use an other "mode"
- $_GET['mode'] = "list";
+ REQUEST_SET_GET('mode', "list");
// And load all rows!
$result = SQL_QUERY_ESC("SELECT `id`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type` FROM `{!_MYSQL_PREFIX!}_user_wernis` WHERE `userid` = %s ORDER BY `wernis_timestamp` DESC",
SQL_FREERESULT($result);
} else {
// Default links are not active!
- $content['payout_link'] = "<em>".WERNIS_MEMBER_PAYOUT_DISABLED."</em>";
- $content['withdraw_link'] = "<em>".WERNIS_MEMBER_WITHDRAW_DISABLED."</em>";
+ $content['payout_link'] = "<em>{--WERNIS_MEMBER_PAYOUT_DISABLED--}</em>";
+ $content['withdraw_link'] = "<em>{--WERNIS_MEMBER_WITHDRAW_DISABLED--}</em>";
// Is the payout mode active?
if (getConfig('wernis_payout_active') == "Y") {
// Add link
- $content['payout_link'] = "<a class=\"menu_blur\" style=\"height: 40px\" href=\"{!URL!}/modules.php?module=login&what=wernis&mode=payout\"><div style=\"padding-top: 10px\">".MEMBER_WERNIS_MODE_PAYOUT."</div></a>";
+ $content['payout_link'] = "<a class=\"menu_blur\" style=\"height: 40px\" href=\"{!URL!}/modules.php?module=login&what=wernis&mode=payout\"><div style=\"padding-top: 10px\">{--MEMBER_WERNIS_MODE_PAYOUT--}</div></a>";
} // END - if
// Is the withdraw mode active?
if (getConfig('wernis_withdraw_active') == "Y") {
// Add link
- $content['withdraw_link'] = "<a class=\"menu_blur\" style=\"height: 40px\" href=\"{!URL!}/modules.php?module=login&what=wernis&mode=withdraw\"><div style=\"padding-top: 10px\">".MEMBER_WERNIS_MODE_WITHDRAW."</div></a>";
+ $content['withdraw_link'] = "<a class=\"menu_blur\" style=\"height: 40px\" href=\"{!URL!}/modules.php?module=login&what=wernis&mode=withdraw\"><div style=\"padding-top: 10px\">{--MEMBER_WERNIS_MODE_WITHDRAW--}</div></a>";
} // END - if
// Mode chooser! ;-)
- $_GET['mode'] = "choose";
+ REQUEST_SET_GET('mode', "choose");
}
-} elseif (($_GET['mode'] == "payout") && (getConfig('wernis_payout_active') == "Y")) {
+} elseif ((REQUEST_GET('mode') == "payout") && (getConfig('wernis_payout_active') == "Y")) {
// Get total points and check if the user can request a payout
$points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
// Is this enougth for a payout?
if ($points < getConfig('wernis_min_payout')) {
// No, then abort here
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MIN_PAYOUT, TRANSLATE_COMMA(getConfig('wernis_min_payout'))));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('WERNIS_MEMBER_MIN_PAYOUT'), TRANSLATE_COMMA(getConfig('wernis_min_payout'))));
return;
} // END - if
// Free result
SQL_FREERESULT($result);
-} elseif (($_GET['mode'] == "withdraw") && (getConfig('wernis_withdraw_active') == "Y")) {
+} elseif ((REQUEST_GET('mode') == "withdraw") && (getConfig('wernis_withdraw_active') == "Y")) {
// Get total points for just displaying them
$points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
SQL_FREERESULT($result);
} else {
// Invalid mode!
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode'))));
return;
}
// Is the formular sent?
-if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
+if ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('mode')))) {
// Is the user ID and password set?
- if (empty($_POST['wds66_id'])) {
+ if (!REQUEST_ISSET_POST(('wds66_id'))) {
// Nothing entered in WDS66 user ID
LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_USERNAME);
- } elseif (empty($_POST['wds66_password'])) {
+ } elseif (!REQUEST_ISSET_POST(('wds66_password'))) {
// Nothing entered in WDS66 password
LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_PASSWORD);
- } elseif (empty($_POST['amount'])) {
+ } elseif (!REQUEST_ISSET_POST(('amount'))) {
// Nothing entered in amount
LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_AMOUNT);
- } elseif ($_POST['wds66_id'] != bigintval($_POST['wds66_id'])) {
+ } elseif (REQUEST_POST('wds66_id') != bigintval(REQUEST_POST('wds66_id'))) {
// Only numbers in account ID!
LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_INVALID_USERNAME);
- } elseif ($_POST['amount'] != bigintval($_POST['amount'])) {
+ } elseif (REQUEST_POST('amount') != bigintval(REQUEST_POST('amount'))) {
// Only numbers in amount!
LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_INVALID_AMOUNT);
} else {
// Check input data depending on the mode and execute the requested mode
- switch ($_GET['mode']) {
+ switch (REQUEST_GET('mode')) {
case "withdraw": // Widthdraws WDS66 -> This exchange
- if ($_POST['amount'] < getConfig('wernis_min_withdraw')) {
+ if (REQUEST_POST('amount') < getConfig('wernis_min_withdraw')) {
// Not enougth entered!
LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_AMOUNT_SMALLER_MIN, bigintval(getConfig('wernis_min_withdraw'))));
} else {
// All is fine here so do the withdraw
- $success = WERNIS_EXECUTE_WITHDRAW($_POST['wds66_id'], md5($_POST['wds66_password']), $_POST['amount']);
+ $success = WERNIS_EXECUTE_WITHDRAW(REQUEST_POST('wds66_id'), md5(REQUEST_POST('wds66_password')), REQUEST_POST('amount'));
if ($success) {
// Add it to this amount
unset($GLOBALS['ref_level']);
- ADD_POINTS_REFSYSTEM("wernis_withdraw", $GLOBALS['userid'], bigintval($_POST['amount']), false, 0, false, "direct");
+ ADD_POINTS_REFSYSTEM("wernis_withdraw", $GLOBALS['userid'], bigintval(REQUEST_POST('amount')), false, 0, false, "direct");
// Update the user data as well..
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
- array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('wds66_id')), $GLOBALS['userid']), __FILE__, __LINE__);
// All done!
LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_WITHDRAW_DONE);
break;
case "payout": // Payout this exchange -> WDS66
- if ($_POST['amount'] < getConfig('wernis_min_payout')) {
+ if (REQUEST_POST('amount') < getConfig('wernis_min_payout')) {
// Not enougth entered!
LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_AMOUNT_SMALLER_MIN, bigintval(getConfig('wernis_min_payout'))));
- } elseif ($_POST['amount'] > $points) {
+ } elseif (REQUEST_POST('amount') > $points) {
// Not enougth points left!
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval($_POST['amount']), bigintval($points)));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval(REQUEST_POST('amount')), bigintval($points)));
} else {
// All is fine here so do the withdraw
- $success = WERNIS_EXECUTE_PAYOUT($_POST['wds66_id'], $_POST['amount']);
+ $success = WERNIS_EXECUTE_PAYOUT(REQUEST_POST('wds66_id'), REQUEST_POST('amount'));
if ($success) {
// Sub points
- SUB_POINTS("wernis_payout", $GLOBALS['userid'], $_POST['amount']);
+ SUB_POINTS("wernis_payout", $GLOBALS['userid'], REQUEST_POST('amount'));
// Update WDS66 id
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
- array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('wds66_id')), $GLOBALS['userid']), __FILE__, __LINE__);
// All done!
LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_PAYOUT_DONE);
break;
default: // Invalid mode!
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", $_GET['mode']));
- LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", REQUEST_GET('mode')));
+ LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode'))));
return;
}
}
} // END - if
// Prepare mode for template name
-$mode = sprintf("member_wernis_mode_%s", SQL_ESCAPE($_GET['mode']));
+$mode = sprintf("member_wernis_mode_%s", SQL_ESCAPE(REQUEST_GET('mode')));
// Load the template
LOAD_TEMPLATE($mode, false, $content);
} elseif (!IS_MEMBER()) {
// Sorry, no guest access!
$URL = "modules.php?module=index";
-} elseif (empty($_GET['order'])) {
+} elseif (!REQUEST_ISSET_GET(('order'))) {
// You cannot call this module directly!
$URL = "modules.php?module=login&what=order";
}
// Update sending pool
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
- array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
+ array($type, bigintval(REQUEST_GET('order')), $GLOBALS['userid']), __FILE__, __LINE__);
// Finally is the entry valid?
if (SQL_AFFECTEDROWS() == 1) {
// Load mail again... 0 1 2 3 4 5 6 7
$result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s AND sender=%s LIMIT 1",
- array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('order')), $GLOBALS['userid']), __FILE__, __LINE__);
$DATA = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (empty($DATA[0])) $DATA[0] = getMessage('DEFAULT_SUBJECT_LINE');
$content = SQL_FETCHARRAY($result);
if ($content['status'] == "CONFIRMED") {
// Check if form was submitted or not
- if (!empty($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check passwords
- if (empty($_POST['pass_old'])) {
+ if (!REQUEST_ISSET_POST(('pass_old'))) {
// No current password entered
$MSG = getMessage('SPONSOR_NO_CURRENT_PASSWORD_ENTERED');
- } elseif (md5($_POST['pass_old']) != get_session('sponsorpass')) {
+ } elseif (md5(REQUEST_POST('pass_old')) != get_session('sponsorpass')) {
// Entered password didn't match password in DB
$MSG = getMessage('SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB');
- } elseif ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] != $_POST['pass2'])) {
+ } elseif ((REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))) && (REQUEST_POST('pass1') != REQUEST_POST('pass2'))) {
// Both new passwords did not match
$MSG = getMessage('SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH');
- } elseif ((empty($_POST['pass1'])) && (!empty($_POST['pass2']))) {
+ } elseif ((!REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) {
// No password one entered
$MSG = getMessage('SPONSOR_PASSWORD_ONE_EMPTY');
- } elseif ((!empty($_POST['pass1'])) && (empty($_POST['pass2']))) {
+ } elseif ((REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass2')))) {
// No password two entered
$MSG = getMessage('SPONSOR_PASSWORD_TWO_EMPTY');
- } elseif ((!empty($_POST['pass1'])) && (strlen($_POST['pass1']) < getConfig('pass_len'))) {
+ } elseif ((REQUEST_ISSET_POST(('pass1'))) && (strlen(REQUEST_POST('pass1')) < getConfig('pass_len'))) {
// Too short password
$MSG = sprintf(getMessage('SPONSOR_PASSWORD_TOO_SHORT'), getConfig('pass_len'));
} else {
$PASS_AND = ""; $PASS_DATA = "";
// Check if we want to change password or not
- if (($_POST['pass1'] == $_POST['pass2']) && (!empty($_POST['pass1'])) && ($_POST['pass1'] != $_POST['pass_old'])) {
+ if ((REQUEST_POST('pass1') == REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') != REQUEST_POST('pass_old'))) {
// Change current password
$PASS_AND = ", password='%s'";
- $PASS_DATA = md5($_POST['pass1']);
+ $PASS_DATA = md5(REQUEST_POST('pass1'));
}
// Unsecure data which we don't want here
// Remove all (maybe spoofed) unsafe data from array
foreach ($UNSAFE as $remove) {
- unset($_POST[$remove]);
+ REQUEST_UNSET_POST($remove);
}
// Set last change timestamp
- $_POST['last_change'] = time();
+ REQUEST_SET_POST('last_change', "UNIX_TIMESTAMP()");
// Save data
- $MSG = SPONSOR_SAVE_DATA($_POST, $content);
+ $MSG = SPONSOR_SAVE_DATA(REQUEST_POST_ARRAY(), $content);
}
if (!empty($MSG)) {
$content = SQL_FETCHARRAY($result);
if ($content['status'] == "CONFIRMED") {
// Check if form was submitted or not
- if (!empty($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check passwords
- if (empty($_POST['password'])) {
+ if (!REQUEST_ISSET_POST(('password'))) {
// No current password entered
$MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
- } elseif (md5($_POST['password']) != get_session('sponsorpass')) {
+ } elseif (md5(REQUEST_POST('password')) != get_session('sponsorpass')) {
// Entered password didn't match password in DB
$MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
} else {
// Remove all (maybe spoofed) unsafe data from array
foreach ($UNSAFE as $remove) {
- unset($_POST[$remove]);
+ REQUEST_UNSET_POST($remove);
}
// Set last change timestamp
- $_POST['last_change'] = time();
+ REQUEST_SET_POST('last_change', "UNIX_TIMESTAMP()");
// Save data
- $MSG = SPONSOR_SAVE_DATA($_POST, $content);
+ $MSG = SPONSOR_SAVE_DATA(REQUEST_POST_ARRAY(), $content);
}
if (!empty($MSG)) {
// Non-database functions
require("inc/functions.php");
-// Filter functions
-LOAD_INC_ONCE("inc/filters.php");
-
-// Functions which interact with the database
-LOAD_INC_ONCE("inc/mysql-manager.php");
-
-// Load extensions and language
-LOAD_INC_ONCE("inc/extensions.php");
-
-// Load database library
-LOAD_INC_ONCE("inc/db/lib.php");
-
-// Error handler function
-function __errorHandler ($errno, $errstr, $errfile, $errline) {
- // Construct message
- $msg = sprintf("errno=%s,errstr=%s,errfile=%s,errline=%s",
- $errno,
- $errstr,
- basename($errfile),
- $errline
- );
-
- // Write debug log message
- DEBUG_LOG(__FUNCTION__, __LINE__, "".$msg, true);
-
- // Output message to user and die
- if (EXT_IS_ACTIVE("debug")) {
- // Debug extension found! So Output a small message
- mxchange_die("Error message written to debug.log. Please try to call <a href=\"{!URL!}\">the main page</a> to continue.");
- } else {
- // No debug extension found, so regular output
- debug_report_bug($msg);
- }
-}
+// Load more function libraries
+foreach (array('request-functions', 'config-functions', 'filters', 'mysql-manager', 'extensions', 'db/lib', 'handler', 'hooks') as $lib) {
+ // Load special functions
+ LOAD_INC_ONCE(sprintf("inc/%s.php", $lib));
+} // END - foreach
// Set error handler
set_error_handler('__errorHandler');
-// Call-back function for running shutdown functions and close database connection
-function __SHUTDOWN_HOOK () {
- // Call the filter chain 'shutdown'
- RUN_FILTER('shutdown', null, false);
-
- if (SQL_IS_LINK_UP()) {
- // Close link
- SQL_CLOSE(__FILE__, __LINE__);
- } else {
- // No database link
- addFatalMessage(getMessage('NO_DB_LINK'));
- }
-}
-
// Register shutdown hook
register_shutdown_function('__SHUTDOWN_HOOK');
// Check if the user setups his MySQL stuff...
-if ((empty($MySQL['login'])) && (!defined('mxchange_installing')) && (!isset($_GET['installing'])) && (isBooleanConstantAndTrue('mxchange_installed'))) {
+if ((empty($MySQL['login'])) && (!defined('mxchange_installing')) && (!REQUEST_ISSET_GET(('installing'))) && (isBooleanConstantAndTrue('mxchange_installed'))) {
// No login entered and outside installation mode
OUTPUT_HTML("<strong>{--LANG_WARNING--}:</strong> ");
if (isBooleanConstantAndTrue('mxchange_installed')) {
// Please run the installation script (maybe again)
mxchange_die("{--DIE_RUN_INSTALL_MYSQL--}");
}
-} elseif ((!isBooleanConstantAndTrue('mxchange_installing')) && (!isset($_GET['installing'])) && (empty($MySQL['password'])) && (isBooleanConstantAndTrue('warn_no_pass'))) {
+} elseif ((!isBooleanConstantAndTrue('mxchange_installing')) && (!REQUEST_ISSET_GET(('installing'))) && (empty($MySQL['password'])) && (isBooleanConstantAndTrue('warn_no_pass'))) {
// No database password entered!!!
OUTPUT_HTML("<div>{--LANG_WARNING--}:</div> {--WARN_NULL_PASSWORD--}");
}
$OUT = "";
while (list($value, $comment) = SQL_FETCHROW($result)) {
$OUT .= " <option value=\"".$value."\"";
- if ($_POST['max_mails'] == $value) $OUT .= " selected=\"selected\"";
+ if (REQUEST_POST('max_mails') == $value) $OUT .= " selected=\"selected\"";
$OUT .= ">".$value." {--PER_DAY--}";
if (!empty($comment)) $OUT .= " (".$comment.")";
$OUT .= "</option>\n";
// Now let's compare passwords
$hash = generatePassString($hashDB);
- if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) {
+ if (($hash == get_session('u_hash')) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
// Load user's data
$result = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, country, zip, city, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND password='%s' LIMIT 1",
array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
case "normal": break; // Do not add any special lines
case "email": // Email was changed!
- $content = MEMBER_CHANGED_EMAIL.": ".$_POST['old_addy']."\n";
+ $content = MEMBER_CHANGED_EMAIL.": ".REQUEST_POST('old_addy')."\n";
break;
case "pass": // Password was changed
if (EXT_IS_ACTIVE("country")) {
// Replace code with description
- $DATA[4] = COUNTRY_GENERATE_INFO($_POST['country_code']);
+ $DATA[4] = COUNTRY_GENERATE_INFO(REQUEST_POST('country_code'));
} // END - if
// Load template
// And sent it away
SEND_EMAIL($email, SUBJECT_DIRECT_PAYMENT, $msg);
- if (!isset($_GET['mid'])) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_ADDED'));
+ if (!REQUEST_ISSET_GET(('mid'))) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_ADDED'));
}
// Maybe there's another ref?
--- /dev/null
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 02/28/2009 *
+ * =============== Last change: 02/28/2009 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : request-functions.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Special functions for request handling *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Spezialle Funktionen fuer die Anfragebehandlung *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ require($INC);
+} // END - if
+
+// Wrapper for elements in $_GET
+function REQUEST_GET ($element) {
+ // By default no element is there
+ $value = null;
+
+ // Is the element there?
+ if (REQUEST_ISSET_GET($element)) {
+ // Then use it
+ $value = $_GET[$element];
+ } // END - if
+
+ // Return value
+ return $value;
+}
+
+// Checks if an element in $_GET exists
+function REQUEST_ISSET_GET ($element) {
+ return (isset($_GET['element']));
+}
+
+// Removes an element from $_GET
+function REQUEST_UNSET_GET ($element) {
+ unset($_GET[$element]);
+}
+
+// Getter for whole $_GET array
+function REQUEST_GET_ARRAY () {
+ return $_GET;
+}
+
+// Counts entries in $_GET or returns false if not an array
+function REQUEST_GET_COUNT () {
+ // By default this is not an array
+ $count = false;
+
+ // Get the array
+ $GET = REQUEST_GET_ARRAY();
+
+ // Is it an array?
+ if (is_array($GET)) {
+ // Then count it
+ $count = count($GET);
+ } // END - if
+
+ // Return value
+}
+
+// Wrapper for elements in $_POST
+function REQUEST_POST ($element) {
+ // By default no element is there
+ $value = null;
+
+ // Is the element there?
+ if (REQUEST_ISSET_POST($element)) {
+ // Then use it
+ $value = $_POST[$element];
+ } // END - if
+
+ // Return value
+ return $value;
+}
+
+// Checks if an element in $_POST exists
+function REQUEST_ISSET_POST ($element) {
+ return (isset($_POST['element']));
+}
+
+// Removes an element from $_POST
+function REQUEST_UNSET_POST ($element) {
+ unset($_POST[$element]);
+}
+
+// Getter for whole $_POST array
+function REQUEST_POST_ARRAY () {
+ return $_POST;
+}
+
+// Counts entries in $_POST or returns false if not an array
+function REQUEST_POST_COUNT () {
+ // By default this is not an array
+ $count = false;
+
+ // Get the array
+ $POST = REQUEST_POST_ARRAY();
+
+ // Is it an array?
+ if (is_array($POST)) {
+ // Then count it
+ $count = count($POST);
+ } // END - if
+
+ // Return value
+}
+
+// Checks wether a form was sent. If so, the $_POST['ok'] element must be set
+function IS_FORM_SENT () {
+ // Simply wrap it!
+ return REQUEST_ISSET_POST('ok');
+}
+
+//
+?>
--- /dev/null
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 02/28/2009 *
+ * =============== Last change: 02/28/2009 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : session-functions.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Session-relevant functions *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Sitzungsrelevante Funktionen *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+ require($INC);
+}
+
+// Unset/set session variables
+function set_session ($var, $value) {
+ // Abort in CSS mode here
+ if ($GLOBALS['output_mode'] == 1) return true;
+
+ // Trim value and session variable
+ $var = trim(SQL_ESCAPE($var)); $value = trim($value);
+
+ // Is the session variable set?
+ if (("".$value."" == "") && (isSessionVariableSet($var))) {
+ // Remove the session
+ //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."<br />\n";
+ unset($_SESSION[$var]);
+ return session_unregister($var);
+ } elseif (("".$value."" != '') && (!isSessionVariableSet($var))) {
+ // Set session
+ //* DEBUG: */ echo "SET:".$var."=".$value."<br />\n";
+ $_SESSION[$var] = $value;
+ return session_register($var);
+ } elseif (!empty($value)) {
+ // Update session
+ //* DEBUG: */ echo "UPDATE:".$var."=".$value."<br />\n";
+ $_SESSION[$var] = $value;
+ return true;
+ }
+
+ // Ignored (but valid)
+ //* DEBUG: */ echo "IGNORED:".$var."=".$value."<br />\n";
+ return true;
+}
+
+// Check wether a session variable is set
+function isSessionVariableSet ($var) {
+ //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):var={$var}<br />\n";
+ return (isset($_SESSION[$var]));
+}
+
+// Returns wether the value of the session variable or NULL if not set
+function get_session ($var) {
+ // Default is not found! ;-)
+ $value = null;
+
+ // Is the variable there or cached values?
+ if (isset($GLOBALS['cache_array']['session'][$var])) {
+ // Get cached value (skips a lot SQL_ESCAPE() calles!
+ //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-CACHE!<br />\n";
+ $value = $GLOBALS['cache_array']['session'][$var];
+ } elseif (isSessionVariableSet($var)) {
+ // Then get it secured!
+ //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-RESOLVE!<br />\n";
+ $value = SQL_ESCAPE($_SESSION[$var]);
+
+ // Cache the value
+ $GLOBALS['cache_array']['session'][$var] = $value;
+ } // END - if
+
+ // Return the value
+ return $value;
+}
+
+// Destroy user session
+function destroy_user_session () {
+ // Reset userid
+ $GLOBALS['userid'] = 0;
+
+ // Remove all user data from session
+ return ((set_session('userid', "")) && (set_session('u_hash', "")));
+}
+
+// Destroys the admin session
+function destroyAdminSession ($destroy = true) {
+ // Kill maybe existing session variables including array elements
+ set_session('admin_login', "");
+ set_session('admin_md5' , "");
+ set_session('admin_last' , "");
+ set_session('admin_to' , "");
+
+ // Destroy session and return status
+ if ($destroy) {
+ return session_destroy();
+ } // END - if
+
+ // All fine if we shall not really destroy the session
+ return true;
+}
+
+// [EOF]
+?>
);
// Add stylesheet for installation
-if ((basename($_SERVER['PHP_SELF']) == "install.php") || (!isBooleanConstantAndTrue('mxchange_installed')) || (isset($_GET['installing']))) $STYLES[] = "install.css";
+if ((basename($_SERVER['PHP_SELF']) == "install.php") || (!isBooleanConstantAndTrue('mxchange_installed')) || (REQUEST_ISSET_GET(('installing')))) $STYLES[] = "install.css";
// When no CSS output-mode is set, set it to file-output
if (!isConfigEntrySet('css_php')) setConfigEntry('css_php', "FILE");
if (isBooleanConstantAndTrue('mxchange_installing')) {
// Default theme first
$NEW_THEME = "default";
- if (!empty($_GET['theme'])) $NEW_THEME = SQL_ESCAPE($_GET['theme']);
- if (!empty($_POST['theme'])) $NEW_THEME = SQL_ESCAPE($_POST['theme']);
+ if (REQUEST_ISSET_GET(('theme'))) $NEW_THEME = SQL_ESCAPE(REQUEST_GET('theme'));
+ if (REQUEST_ISSET_POST(('theme'))) $NEW_THEME = SQL_ESCAPE(REQUEST_POST('theme'));
OUTPUT_HTML("?theme=".$NEW_THEME."&installing=1", false);
} // END - if
OUTPUT_HTML("\" />");
LOAD_INC("inc/header.php");
// Reload page to page=welcome when it is not specified
-if (!isset($_GET['page'])) {
+if (!REQUEST_ISSET_GET(('page'))) {
LOAD_URL("install.php?page=welcome");
} // END - if
require("inc/config.php");
// Is this script installed and a JavaScript tag is provied?
-if ((isBooleanConstantAndTrue('mxchange_installed')) && (isset($_GET['tag']))) {
+if ((isBooleanConstantAndTrue('mxchange_installed')) && (REQUEST_ISSET_GET(('tag')))) {
// Set header
header("Content-type: text/javascript");
// Prepare include file for looking
$INC = sprintf("inc/js/tag-%s.php",
- SQL_ESCAPE($_GET['tag'])
+ SQL_ESCAPE(REQUEST_GET('tag'))
);
// Is that file readable?
$url_uid = 0; $url_bid = 0; $url_mid = 0;
// Secure all data
- if (!empty($_GET['uid'])) $url_uid = bigintval($_GET['uid']);
- if (!empty($_GET['mailid'])) $url_mid = bigintval($_GET['mailid']);
- if (!empty($_GET['bonusid'])) $url_bid = bigintval($_GET['bonusid']);
+ if (REQUEST_ISSET_GET(('uid'))) $url_uid = bigintval(REQUEST_GET('uid'));
+ if (REQUEST_ISSET_GET(('mailid'))) $url_mid = bigintval(REQUEST_GET('mailid'));
+ if (REQUEST_ISSET_GET(('bonusid'))) $url_bid = bigintval(REQUEST_GET('bonusid'));
// 01 1 12 3 32 21 1 22 10
if (($url_uid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErrors() == 0)) {
// Secure all data
$url_uid = 0; $url_bid = 0; $url_mid = 0; $code = 0; $mode = "";
- if (!empty($_GET['uid'])) $url_uid = bigintval($_GET['uid']);
- if (!empty($_GET['mailid'])) $url_mid = bigintval($_GET['mailid']);
- if (!empty($_GET['bonusid'])) $url_bid = bigintval($_GET['bonusid']);
- if (!empty($_GET['code'])) $code = bigintval($_GET['code']);
- if (!empty($_GET['mode'])) $mode = $_GET['mode'];
+ if (REQUEST_ISSET_GET(('uid'))) $url_uid = bigintval(REQUEST_GET('uid'));
+ if (REQUEST_ISSET_GET(('mailid'))) $url_mid = bigintval(REQUEST_GET('mailid'));
+ if (REQUEST_ISSET_GET(('bonusid'))) $url_bid = bigintval(REQUEST_GET('bonusid'));
+ if (REQUEST_ISSET_GET(('code'))) $code = bigintval(REQUEST_GET('code'));
+ if (REQUEST_ISSET_GET(('mode'))) $mode = REQUEST_GET('mode');
// 01 1 12 2 2 21 1 22 10
if (($url_uid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErrors() == 0)) {
USER_STATS_INSERT_RECORD($url_uid, $type, $stats_data);
// Right code entered?
- if (bigintval($_POST['gfx_check']) == $img_code) {
+ if (bigintval(REQUEST_POST('gfx_check')) == $img_code) {
// Add points over referal system is the default
$locked = false;
$template = "mailid_points_done";
$GLOBALS['userid'] = 0;
// Fix missing module to "index"
-if (empty($_GET['module'])) $_GET['module'] = "index";
+if (!REQUEST_ISSET_GET(('module'))) REQUEST_SET_GET('module', "index");
// Secure action/what if present
-if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
-if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
+if (REQUEST_ISSET_GET(('action'))) $GLOBALS['action'] = secureString(REQUEST_GET('action'));
+if (REQUEST_ISSET_GET(('what'))) $GLOBALS['what'] = secureString(REQUEST_GET('what'));
// Secure the module name (very important line!)
-$GLOBALS['module'] = secureString($_GET['module']);
+$GLOBALS['module'] = secureString(REQUEST_GET('module'));
// Needed include files
require("inc/config.php");
}
// Get referal ID from ref or refid variable
- if (!empty($_GET['ref'])) $ref = secureString($_GET['ref']);
- elseif (!empty($_GET['refid'])) $ref = secureString($_GET['refid']);
+ if (REQUEST_ISSET_GET(('ref'))) $ref = secureString(REQUEST_GET('ref'));
+ elseif (REQUEST_ISSET_GET(('refid'))) $ref = secureString(REQUEST_GET('refid'));
if (!empty($ref)) {
// Test if nickname or numeric id
// Include header
LOAD_INC("inc/header.php");
- if (($_GET['uid'] > 0) && ($_GET['d'] > 0) && (!empty($_GET['t']))) {
+ if ((REQUEST_GET('uid') > 0) && (REQUEST_GET('d') > 0) && (REQUEST_ISSET_GET(('t')))) {
// Set row name
$t = "";
- switch ($_GET['t']) {
+ switch (REQUEST_GET('t')) {
case "bonusid": // Bonus mail
$t = "bonus_id";
break;
break;
default: // Invalid type
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid type %s detected.", $_GET['t']));
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid type %s detected.", REQUEST_GET('t')));
break;
} // END - switch
ON d.userid=b.userid
WHERE d.`status`='CONFIRMED' AND d.userid=%s AND b.%s=%s
LIMIT 1",
- array(bigintval($_GET['uid']), $t, bigintval($_GET['d'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid')), $t, bigintval(REQUEST_GET('d'))), __FILE__, __LINE__);
// Entry found?
if (SQL_NUMROWS($result) == 1) {
define('__FNAME' , $content['family']);
define('__RANK' , BIGINTVAL($content['level']));
define('__POINTS' , TRANSLATE_COMMA($content['points']));
- define('__MAILID' , bigintval($_GET['d']));
- define('__RANK_ROWS', BONUS_MAKE_RANK_ROWS(bigintval($_GET['d']), $t, bigintval($_GET['uid'])));
+ define('__MAILID' , bigintval(REQUEST_GET('d')));
+ define('__RANK_ROWS', BONUS_MAKE_RANK_ROWS(bigintval(REQUEST_GET('d')), $t, bigintval(REQUEST_GET('uid'))));
// Constant created within previous function which contains informations for current user's ranking position:
// __YOUR_RANKING_LINE
if (isBooleanConstantAndTrue('mxchange_installed')) {
// Base URL for redirection
$URL = "modules.php?module=index&what=sponsor_login&hash=";
- if (empty($_GET['hash'])) {
+ if (!REQUEST_ISSET_GET(('hash'))) {
// No refid and we add our refid (don't forget to set $def_refid!)
$URL = "modules.php?module=index";
} else {
// We have an refid here. So we simply add it
- $URL .= SQL_ESCAPE($_GET['hash']);
+ $URL .= SQL_ESCAPE(REQUEST_GET('hash'));
}
// Load the URL
// Get referal ID from ref or refid variable
$ref = 0;
- if (!empty($_GET['ref'])) $ref = bigintval($_GET['ref']);
- elseif (!empty($_GET['refid'])) $ref = bigintval($_GET['refid']);
+ if (REQUEST_ISSET_GET(('ref'))) $ref = bigintval(REQUEST_GET('ref'));
+ elseif (REQUEST_ISSET_GET(('refid'))) $ref = bigintval(REQUEST_GET('refid'));
if (!empty($ref)) {
// We have an refid here. So we simply add it
SURFBAR_HANDLE_SELF_MAINTENANCE();
// Is there a check value?
- if ((SURFBAR_CHECK_RELOAD_FULL()) || ((isset($_GET['frame'])) && (in_array($_GET['frame'], array("stop", "stop2", "stats", "textlinks"))))) {
+ if ((SURFBAR_CHECK_RELOAD_FULL()) || ((REQUEST_ISSET_GET(('frame'))) && (in_array(REQUEST_GET('frame'), array("stop", "stop2", "stats", "textlinks"))))) {
// Reload-lock is full, surfbar stopped so...
// Load header
LOAD_INC_ONCE("inc/header.php");
// Load template
- if (((isset($_GET['frame'])) && ($_GET['frame'] == "stop")) || (!isset($_GET['frame']))) {
+ if (((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "stop")) || (!REQUEST_ISSET_GET(('frame')))) {
// Load template for "start" page
LOAD_TEMPLATE("surfbar_frame_start");
LOAD_TEMPLATE("surfbar_start_banner");
// This makes the footer appear again
- unset($_GET['frame']);
- } elseif ((isset($_GET['frame'])) && ($_GET['frame'] == "stats")) {
+ REQUEST_UNSET_GET(('frame'));
+ } elseif ((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "stats")) {
// Get total points amount
$points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
// Load template for "stats" page
LOAD_TEMPLATE("surfbar_frame_stats", false, $content);
- } elseif ((isset($_GET['frame'])) && ($_GET['frame'] == "textlinks")) {
+ } elseif ((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "textlinks")) {
// Prepare content
$content = array(
'online' => SURFBAR_DETERMINE_TOTAL_ONLINE(),
// Load template for stopped surfbar
LOAD_TEMPLATE("surfbar_stopped", false, $content);
}
- } elseif ((isset($_GET['check'])) && (isset($_GET['id'])) && (isset($_GET['salt']))) {
+ } elseif ((REQUEST_ISSET_GET(('check'))) && (REQUEST_ISSET_GET(('id'))) && (REQUEST_ISSET_GET(('salt')))) {
// Dummy next id get
- SURFBAR_DETERMINE_NEXT_ID($_GET['id']);
+ SURFBAR_DETERMINE_NEXT_ID(REQUEST_GET('id'));
// Check reload lock and validation code
- if ((!SURFBAR_CHECK_RELOAD_LOCK($_GET['id'])) && (SURFBAR_CHECK_VALIDATION_CODE($_GET['id'], $_GET['check'], $_GET['salt']))) {
+ if ((!SURFBAR_CHECK_RELOAD_LOCK(REQUEST_GET('id'))) && (SURFBAR_CHECK_VALIDATION_CODE(REQUEST_GET('id'), REQUEST_GET('check'), REQUEST_GET('salt')))) {
// Lock the URL (id) down
- SURFBAR_LOCKDOWN_ID($_GET['id']);
+ SURFBAR_LOCKDOWN_ID(REQUEST_GET('id'));
// Code is valid so pay points here
SURFBAR_PAY_POINTS();
$templateName = SURFBAR_DETERMINE_TEMPLATE_NAME();
// Frame "top" set?
- if ((isset($_GET['frame'])) && ($_GET['frame'] == "top")) {
+ if ((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "top")) {
// Determine next id
$nextId = SURFBAR_DETERMINE_NEXT_ID();
// Load new URL
SURFBAR_RELOAD_TO_STOP_PAGE("stop2");
}
- } elseif ((isset($_GET['frame'])) && ($_GET['frame'] == "start")) {
+ } elseif ((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "start")) {
// Starter frame found so let the footer display
- unset($_GET['frame']);
+ REQUEST_UNSET_GET(('frame'));
} else {
// Load header in frameset mode
$isFrameset = true;
Hallo $content[gender] $content[surname] $content[family],
------------------------------
-Ihre Mitglied-ID lautet: $content[u_id]
+Ihre Mitglied-ID lautet: $content[uid]
------------------------------
Einer unserer Administratoren hat Ihnen folgende Nachricht zugeschickt:
-<form action="{!URL!}/modules.php?module=admin&what=add_points&u_id={!__UID!}" method="POST" style="margin-bottom: 0px">
+<form action="{!URL!}/modules.php?module=admin&what=add_points&uid={!__UID!}" method="POST" style="margin-bottom: 0px">
<table border="0" cellspacing="0" cellpadding="0" width="500"
align="center" class="admin_table dashed">
<tr>
<form
- action="{!URL!}/modules.php?module=admin&what=add_points&u_id=all"
+ action="{!URL!}/modules.php?module=admin&what=add_points&uid=all"
method="POST" style="margin-bottom: 0px">
<table border="0" cellspacing="0" cellpadding="0" width="500"
align="center" class="admin_table dashed">
-<form action="{!URL!}/modules.php?module=admin&what=user_contct&u_id=$content[u_id]" method="POST">
+<form action="{!URL!}/modules.php?module=admin&what=user_contct&uid=$content[uid]" method="POST">
<table border="0" cellspacing="0" cellpadding="0" width="400" class="admin_table dashed" align="center">
<tr>
<td align="center" class="admin_title bottom2" height="30">
-<form action="{!URL!}/modules.php?module=admin&what=del_user&u_id={!__UID!}" method="POST">
+<form action="{!URL!}/modules.php?module=admin&what=del_user&uid={!__UID!}" method="POST">
<table border="0" cellspacing="0" cellpadding="0" width="500"
align="center" class="admin_table dashed">
<tr>
<form
- action="{!URL!}/modules.php?module=admin&what=edit_user&u_id=$content"
+ action="{!URL!}/modules.php?module=admin&what=edit_user&uid=$content"
method="POST">
<table border="0" cellspacing="0" cellpadding="0" width="400"
class="admin_table dashed" align="center">
<tr>
<td align="right">{--FAMILY_NAME--}:</td>
<td class="seperator" width="10"> </td>
- <td><input type="text" name="family_name" class="admin_normal"
+ <td><input type="text" name="family" class="admin_normal"
size="15" maxlength="255" value="{!_FAMILY!}"></td>
</tr>
<tr>
<tr>
<td class="switch_sw$content[sw] bottom2 right2" align="center">$content[win1]$content[cnt]$content[win2]</td>
<td class="switch_sw$content[sw] bottom2 right2" align="center">$content[win1]<a
- href="{!URL!}/modules.php?module=admin&what=list_user&u_id=$content[uid]">$content[uid]</a>$content[win2]</td>
+ href="{!URL!}/modules.php?module=admin&what=list_user&uid=$content[uid]">$content[uid]</a>$content[win2]</td>
<td class="switch_sw$content[sw] bottom2 right2"> $content[win1]<a
href="$content[email]">$content[gender] $content[sname]
$content[fname]</a>$content[win2]</td>
<tr>
<td colspan="3" align="center" class="admin_header bottom2"
height="50">{--USER_ID--}: <strong><a
- href="{!URL!}/modules.php?module=admin&what=list_user&u_id={!__UID!}">{!__UID!}</a></strong>({!__EMAIL!})
+ href="{!URL!}/modules.php?module=admin&what=list_user&uid={!__UID!}">{!__UID!}</a></strong>({!__EMAIL!})
</td>
</tr>
{!__CATS_ROWS!}
</tr>
<tr>
<td align="center" class="admin_header"><strong>{--ADMIN_MEM_NO_CATS_1--}<a
- href="{!URL!}/modules.php?module=admin&what=list_user&u_id={!__UID!}">{!__UID!}</a>{--ADMIN_MEM_NO_CATS_2--}</strong>
+ href="{!URL!}/modules.php?module=admin&what=list_user&uid={!__UID!}">{!__UID!}</a>{--ADMIN_MEM_NO_CATS_2--}</strong>
</td>
</tr>
<tr>
<table border="0" cellspacing="0" cellpadding="0" width="500" align="center" class="admin_table dashed">
<tr>
<td colspan="4" align="center" class="admin_header bottom2" height="40">
- <strong><a href="{!URL!}/modules.php?module=admin&what=list_user&u_id={!__UID!}">{!__SNAME_VALUE!} {!__FNAME_VALUE!}</a></strong> ({!__EMAIL_VALUE!}):
+ <strong><a href="{!URL!}/modules.php?module=admin&what=list_user&uid={!__UID!}">{!__SNAME_VALUE!} {!__FNAME_VALUE!}</a></strong> ({!__EMAIL_VALUE!}):
</td>
</tr>
{!__EMAIL_LIST!}
<tr>
<td colspan="4" height="40" class="admin_header" align="center">
{--MEMBER_TOTAL_LINKS_1--}{!__NUMS_VALUE!}{--MEMBER_TOTAL_LINKS_2--}<br />
- <a href="{!URL!}/modules.php?module=admin&what=list_links&u_id={!__UID!}&del=all" onclick="return confirm('{--ADMIN_REALLY_DELETE_ALL_MAILS--}')">{--ADMIN_DEL_UNCONFIRMED_LINKS--}</a>
+ <a href="{!URL!}/modules.php?module=admin&what=list_links&uid={!__UID!}&del=all" onclick="return confirm('{--ADMIN_REALLY_DELETE_ALL_MAILS--}')">{--ADMIN_DEL_UNCONFIRMED_LINKS--}</a>
</td>
</tr>
</table>
<tr>
<td align="center" class="switch_sw$content[sw] bottom2 right2">
$content[bold_l]<a
- href="{!URL!}/modules.php?module=admin&what=list_user&u_id=$content[uid]">$content[uid]</a>$content[bold_r]
+ href="{!URL!}/modules.php?module=admin&what=list_user&uid=$content[uid]">$content[uid]</a>$content[bold_r]
</td>
<td align="center" class="switch_sw$content[sw] bottom2 right2">
$content[bold_l]$content[old]$content[bold_r]</td>
<tr>
<td align="center" class="switch_sw$content[sw] bottom2 right2">
$content[bold_l]<a
- href="{!URL!}/modules.php?module=admin&what=list_user&u_id=$content[uid]">$content[uid]</a>$content[bold_r]
+ href="{!URL!}/modules.php?module=admin&what=list_user&uid=$content[uid]">$content[uid]</a>$content[bold_r]
</td>
<td align="center" class="switch_sw$content[sw] bottom2 right2">
$content[bold_l]$content[old]$content[bold_r]</td>
<tr>
<td width="260" align="center" class="bottom2 right2">
{--EMAIL_SENDER--}:<br />
- <strong><a href="{!URL!}/modules.php?module=admin&what=list_user&u_id={!__LIST_UNCON_SENDER!}">{!__LIST_UNCON_SENDER!}</a></strong>
+ <strong><a href="{!URL!}/modules.php?module=admin&what=list_user&uid={!__LIST_UNCON_SENDER!}">{!__LIST_UNCON_SENDER!}</a></strong>
</td>
<td width="260" align="center" class="bottom2">
{--EMAIL_SUBJECT--}:<br />
<form
- action="{!URL!}/modules.php?module=admin&what=lock_user&u_id={!__UID!}"
+ action="{!URL!}/modules.php?module=admin&what=lock_user&uid={!__UID!}"
method="POST">
<table border="0" cellspacing="0" cellpadding="0" width="500"
align="center" class="admin_table dashed">
<input type="hidden" name="module" value="admin" />
<input type="hidden" name="what" value="$content" />
{--ADMIN_SELECT_USER--}:
- <select name="u_id" size="1" class="admin_select">
+ <select name="uid" size="1" class="admin_select">
{!_MEMBER_SELECTION!}
</select>
</td>
-<form action="{!URL!}/modules.php?module=admin&what=sub_points&u_id={!__UID!}" method="POST">
+<form action="{!URL!}/modules.php?module=admin&what=sub_points&uid={!__UID!}" method="POST">
<table border="0" cellspacing="0" cellpadding="0" width="500"
align="center" class="admin_table dashed">
<tr>
<form
- action="{!URL!}/modules.php?module=admin&what=sub_points&u_id=all"
+ action="{!URL!}/modules.php?module=admin&what=sub_points&uid=all"
method="POST">
<table border="0" cellspacing="0" cellpadding="0" width="500"
align="center" class="admin_table dashed">
<a
- href="{!URL!}/modules.php?module=admin&what=del_holiday&u_id=$content">{--HOLIDAY_ADMIN_DEL_LINK--}</a>
\ No newline at end of file
+ href="{!URL!}/modules.php?module=admin&what=del_holiday&uid=$content">{--HOLIDAY_ADMIN_DEL_LINK--}</a>
\ No newline at end of file
<td class="register_right"><input type="text" name="surname"
class="guest_normal" size="15" maxlength="255"
value="{!__SURNAME!}"> <input type="text"
- name="family_name" class="guest_normal" size="15" maxlength="255"
+ name="family" class="guest_normal" size="15" maxlength="255"
value="{!__FAMILY!}"></td>
</tr>
<tr>
<td width="10" class="seperator"> </td>
<td><input type="text" name="surname" class="member_normal"
size="15" maxlength="255" value="$DATA[0]"> <input
- type="text" name="family_name" class="member_normal" size="15"
+ type="text" name="family" class="member_normal" size="15"
maxlength="255" value="$DATA[1]"></td>
</tr>
<tr>
// Load the required file(s)
require("inc/config.php");
-if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) {
+if (((REQUEST_ISSET_GET(('user'))) || (REQUEST_ISSET_GET(('reseller')))) && (REQUEST_ISSET_GET(('banner')))) {
// Count banner view... we currently don't need the user's id but maybe
$VIEW = 1;
// for later things... ;-)
$result = SQL_QUERY_ESC("SELECT url FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1",
- array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
list($url) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET counter=counter+1 WHERE id=%s LIMIT 1",
- array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__);
$type = substr($url, -3);
header ("Content-Type: image/".$type);
projects / mailer.git / commitdiff