From: Roland Häder Date: Sat, 7 Feb 2009 17:27:15 +0000 (+0000) Subject: Cookie code removed, rewritten, internal URLs are now relative (see LOAD_URL()),... X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=e71e9e1380d65ccd06beef6fbc594bec10371f5f;p=mailer.git Cookie code removed, rewritten, internal URLs are now relative (see LOAD_URL()), tickets resolved --- diff --git a/beg.php b/beg.php index 531e8dbf71..b0ecebb6de 100644 --- a/beg.php +++ b/beg.php @@ -208,10 +208,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { require_once(PATH."inc/footer.php"); } elseif (($status != "CONFIRMED") && ($status != "failed")) { // Maybe locked/unconfirmed account? - switch ($status) { - case "LOCKED" : $msg = CODE_ID_LOCKED ; break; // Locked account - case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account - } + $msg = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status); } elseif (($uid == "0") || ($status == "failed")) { // Inalid or locked account, so let's find out $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1", diff --git a/confirm.php b/confirm.php index e55e503ee8..49197dcc2b 100644 --- a/confirm.php +++ b/confirm.php @@ -47,10 +47,10 @@ require("inc/config.php"); // Is the script installed? if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered'))) { // Base URL for redirection - $URL = URL."/modules.php?module=index&what=confirm&hash="; + $URL = "modules.php?module=index&what=confirm&hash="; if (empty($_GET['hash'])) { // No refid and we add our refid (don't forget to set $def_refid!) - $URL = URL."/modules.php?module=index"; + $URL = "modules.php?module=index"; } else { // We have an refid here. So we simply add it $URL .= $_GET['hash']; diff --git a/inc/databases.php b/inc/databases.php index 6fc682b4ba..3e8a598101 100644 --- a/inc/databases.php +++ b/inc/databases.php @@ -93,18 +93,6 @@ $_CONFIG['one_day'] = 60*60*24; define('START_YDAY', MAKE_TIME(0, 0, 0, time() - getConfig('one_day'))); define('START_TDAY', MAKE_TIME(0, 0, 0, time())); -$COOKIES = substr(URL, strpos(substr(URL, 8), "/") + 8); -if ((strpos($COOKIES, "/") == "0") && (strpos(substr(URL, 8), "/") > 0)) { - // Script was installed into a sub directory - if (substr($COOKIES, -1) != "/") $COOKIES .= "/"; -} else { - // No more sub directories added to URL - $COOKIES = "/"; -} - -// Cookie-Path ( for lame servers... ;-) ) -define('COOKIE_PATH', $COOKIES); - // Server-URL (DO NOT CHANGE THIS OR YOU CANNOT CHECK FOR UPDATES/EXTENSIONS!) define('SERVER_URL', "http://www.mxchange.org"); @@ -117,7 +105,7 @@ define('_PRIME', 591623); // Calculate "entropy" with the prime number (for code generation) define('_ADD', (_PRIME * _PRIME / (pi() * getConfig('code_length') + 1))); -// Random number for e.g. "cache-buster" used in OpenX script +// Random number for e.g. the "cache-buster" used in OpenX script define('CACHE_BUSTER', mt_rand(1000000, 9999999)); // Extra title is empty by default diff --git a/inc/filters.php b/inc/filters.php index 0a30fc752e..9c4c86230d 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -450,40 +450,40 @@ function FILTER_UPDATE_LOGIN_DATA () { // Secure user ID $GLOBALS['userid'] = bigintval(get_session('userid')); - // Extract last online time (life) and how long is auto-login valid (time) - $newl = time() + bigintval(get_session('lifetime')); - // Load last module and last online time - $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", + array($GLOBALS['userid']), __FILE__, __LINE__); + + // Entry found? if (SQL_NUMROWS($result) == 1) { // Load last module and online time list($mod, $onl) = SQL_FETCHROW($result); - SQL_FREERESULT($result); // Maybe first login time? if (empty($mod)) $mod = "login"; - if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", get_session('u_hash'), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) { - // This will be displayed on welcome page! :-) - if (empty($LAST['module'])) { - $LAST['module'] = $mod; $LAST['online'] = $onl; - } // END - if + // This will be displayed on welcome page! :-) + if (empty($LAST['module'])) { + $LAST['module'] = $mod; $LAST['online'] = $onl; + } // END - if - // "what" not set? - if (empty($GLOBALS['what'])) { - // Fix it to default - $GLOBALS['what'] = "welcome"; - if (getConfig('index_home') != "") $GLOBALS['what'] = getConfig('index_home'); - } // END - if + // "what" not set? + if (empty($GLOBALS['what'])) { + // Fix it to default + $GLOBALS['what'] = "welcome"; + if (getConfig('index_home') != "") $GLOBALS['what'] = getConfig('index_home'); + } // END - if - // Update last module / online time - SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1", - array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__); - } + // Update last module / online time + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1", + array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__); } else { // Destroy session, we cannot update! destroy_user_session(); } + + // Free the result + SQL_FREERESULT($result); } // Filter for checking admin ACL diff --git a/inc/functions.php b/inc/functions.php index 1133a3b1cb..b2a538bc9b 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -51,16 +51,17 @@ function IS_INC_WRITEABLE($inc) { $fp = @fopen($fqfn, 'a'); if ($inc == "dummy") { // Remove dummy file - @fclose($fp); - return @unlink($fqfn); + fclose($fp); + return unlink($fqfn); } else { // Close all other files - return @fclose($fp); + return fclose($fp); } } // Open a table (you may want to add some header stuff here) -function OPEN_TABLE($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_only=false) { +// @DEPRECATED +function OPEN_TABLE ($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_only=false) { global $table_cnt; // Count tables so we can generate CSS classes for every table... :-) @@ -88,14 +89,15 @@ function OPEN_TABLE($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_o } // Close a table (you may want to add some footer stuff here) -function CLOSE_TABLE($ADD="") { +// @DEPRECATED +function CLOSE_TABLE( $ADD="") { OUTPUT_HTML(" \n"); if (!empty($ADD)) OUTPUT_HTML($ADD); OUTPUT_HTML(""); } // Output HTML code directly or "render" it. You addionally switch the new-line character off -function OUTPUT_HTML($HTML, $NEW_LINE = true) { +function OUTPUT_HTML ($HTML, $NEW_LINE = true) { // Some global variables global $OUTPUT, $footer, $CSS; @@ -648,7 +650,7 @@ function DEREFERER ($URL) { // Don't de-refer our own links! if (substr($URL, 0, strlen(URL)) != URL) { // De-refer this link - $URL = URL."/modules.php?module=loader&url=".urlencode(base64_encode(gzcompress($URL))); + $URL = "modules.php?module=loader&url=".urlencode(base64_encode(gzcompress($URL))); } // END - if // Return link @@ -755,12 +757,12 @@ function GET_LANGUAGE() { return $ret; } // -function SET_LANGUAGE($lang) { +function SET_LANGUAGE ($lang) { // Accept only first 2 chars! $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2); // Set cookie - set_session("mx_lang", $lang); + set_session('mx_lang', $lang); } // function LOAD_EMAIL_TEMPLATE($template, $content=array(), $UID="0") { @@ -937,7 +939,7 @@ function LOAD_URL($URL, $addUrlData=true) { // Check if http(s):// is there if ((substr($URL, 0, 7) != "http://") && (substr($URL, 0, 8) != "https://")) { // Make all URLs full-qualified - $URL = URL."/".$URL; + $URL = "".$URL; } // Get output buffer @@ -1263,7 +1265,6 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") { // Add more additional data if (isSessionVariableSet('u_hash')) $data .= ":".get_session('u_hash'); if (isset($GLOBALS['userid'])) $data .= ":".$GLOBALS['userid']; - if (isSessionVariableSet('lifetime')) $data .= ":".get_session('lifetime'); if (isSessionVariableSet('mxchange_theme')) $data .= ":".get_session('mxchange_theme'); if (isSessionVariableSet('mx_lang')) $data .= ":".GET_LANGUAGE(); if (isset($GLOBALS['refid'])) $data .= ":".$GLOBALS['refid']; @@ -2377,6 +2378,7 @@ function get_session ($var) { // Return the value return $value; } + // Send notification to admin function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content=array(), $uid="0") { if (GET_EXT_VERSION("admins") >= "0.4.1") { @@ -2388,11 +2390,16 @@ function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content=array(), $uid SEND_ADMIN_EMAILS($subject, $msg); } } + // Destroy user session function destroy_user_session () { + // Reset userid + $GLOBALS['userid'] = 0; + // Remove all user data from session - return ((set_session("userid", "")) && (set_session("u_hash", "")) && (set_session("lifetime", ""))); + return ((set_session('userid', "")) && (set_session('u_hash', ""))); } + // Merges an array together but only if both are arrays function merge_array ($array1, $array2) { // Are both an array? @@ -2409,6 +2416,7 @@ function merge_array ($array1, $array2) { debug_print_backtrace(); die(""); } + // Debug message logger function DEBUG_LOG ($file, $line, $message, $force=true) { // Is debug mode enabled? @@ -2419,6 +2427,7 @@ function DEBUG_LOG ($file, $line, $message, $force=true) { fclose($fp); } // END - if } + // Reads a directory with PHP files in and gets only files back function GET_DIR_AS_ARRAY ($baseDir, $prefix) { $INCs = array(); @@ -2898,7 +2907,7 @@ function GET_CURR_THEME() { if (!isSessionVariableSet('mxchange_theme')) { // Set default theme - set_session("mxchange_theme", $ret); + set_session('mxchange_theme', $ret); } elseif ((isSessionVariableSet('mxchange_theme')) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) { //die("
".print_r($cacheArray['themes'], true)."
"); // Get theme from cookie @@ -2916,17 +2925,17 @@ function GET_CURR_THEME() { // Installation mode active if ((!empty($_GET['theme'])) && (FILE_READABLE($theme))) { // Set cookie from URL data - set_session("mxchange_theme", SQL_ESCAPE($_GET['theme'])); + set_session('mxchange_theme', SQL_ESCAPE($_GET['theme'])); } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($_POST['theme'])))) { // Set cookie from posted data - set_session("mxchange_theme", SQL_ESCAPE($_POST['theme'])); + set_session('mxchange_theme', SQL_ESCAPE($_POST['theme'])); } // Set return value $ret = get_session('mxchange_theme'); } else { // Invalid design, reset cookie - set_session("mxchange_theme", $ret); + set_session('mxchange_theme', $ret); } // Add (maybe) found theme.php file to inclusion list @@ -3012,10 +3021,29 @@ function READ_FILE ($FQFN, $sqlPrepare = false) { return $content; } +// Generates an error code from given account status +function GEN_ERROR_CODE_FROM_ACCOUNT_STATUS ($status) { + // Default error code if unknown account status + $ERROR = CODE_UNKNOWN_STATUS; + + // Generate constant name + $constantName = sprintf("CODE_ID_%s", $status); + + // Is the constant there? + if (defined($constantName)) { + // Then get it! + $ERROR = constant($constantName); + } else { + // Unknown status + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown error status %s detected.", $status)); + } + + // Return error code + return $ERROR; +} + ////////////////////////////////////////////////// -// // // AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS // -// // ////////////////////////////////////////////////// // if (!function_exists('html_entity_decode')) { @@ -3027,5 +3055,5 @@ if (!function_exists('html_entity_decode')) { } } // END - if -// +// [EOF] ?> diff --git a/inc/language.php b/inc/language.php index fc7f73c1b7..1f8275c4cc 100644 --- a/inc/language.php +++ b/inc/language.php @@ -40,18 +40,20 @@ if (!defined('__SECURITY')) { // Set default language if (empty($mx_lang)) $mx_lang = DEFAULT_LANG; +// Generate FQFN +$FQFN = sprintf("%sinc/language/%s.php", PATH, $mx_lang); + // Look for file -$file = sprintf("%sinc/language/%s.php", PATH, $mx_lang); -if (!FILE_READABLE($file)) { +if (!FILE_READABLE($FQFN)) { // Switch to default (DO NOT CHANGE!!!) - set_session("mx_lang", "de"); + set_session('mx_lang', 'de'); $mx_lang = "de"; - $file = sprintf("%sinc/language/%s.php", PATH, "de"); + $FQFN = sprintf("%sinc/language/%s.php", PATH, "de"); } // END - if // Load language file -require($file); -unset($file); +require($FQFN); +unset($FQFN); // Check for installation mode if (isBooleanConstantAndTrue('mxchange_installing')) { diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index dd8d3273f1..38169a08c8 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -188,17 +188,17 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) { // Rewrite cookie when it's own account if ($aid == $id) { // Set timeout cookie - set_session("admin_last", time()); + set_session('admin_last', time()); if ($login != get_session('admin_login')) { // Update login cookie - set_session("admin_login", $login); + set_session('admin_login', $login); // Update password cookie as well? - if (!empty($ADD)) set_session("admin_md5", $hash); + if (!empty($ADD)) set_session('admin_md5', $hash); } elseif (generateHash($POST['pass1'][$id], $salt) != get_session('admin_md5')) { // Update password cookie - set_session("admin_md5", $hash); + set_session('admin_md5', $hash); } } // END - if @@ -214,13 +214,13 @@ email='%s', default_acl='%s', la_mode='%s' WHERE id=%s LIMIT 1", - array( - $login, - $POST['email'][$id], - $POST['mode'][$id], - $POST['la_mode'][$id], - $id -), __FILE__, __LINE__); + array( + $login, + $POST['email'][$id], + $POST['mode'][$id], + $POST['la_mode'][$id], + $id + ), __FILE__, __LINE__); } else { // Do not allow it here SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET @@ -228,12 +228,12 @@ login='%s'".$ADD.", email='%s', la_mode='%s' WHERE id=%s LIMIT 1", - array( - $login, - $POST['email'][$id], - $POST['la_mode'][$id], - $id -), __FILE__, __LINE__); + array( + $login, + $POST['email'][$id], + $POST['la_mode'][$id], + $id + ), __FILE__, __LINE__); } // Purge cache diff --git a/inc/libs/nickname_functions.php b/inc/libs/nickname_functions.php index d1834fb34d..8b9fe5bcec 100644 --- a/inc/libs/nickname_functions.php +++ b/inc/libs/nickname_functions.php @@ -38,43 +38,79 @@ if (!defined('__SECURITY')) { } // -function NICKNAME_IS_ACTIVE($uidNick) -{ +function NICKNAME_IS_ACTIVE ($uidNick) { + global $cacheArray; + + // By default nothing is found... $ret = false; - $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE (userid=%s AND userid > 0) OR nickname='%s' LIMIT 1", - array(bigintval($uidNick), $uidNick), __FILE__, __LINE__); - // Check existence of nickname - if (SQL_NUMROWS($result) == 1) $ret = true; + // Found in cache? + if (isset($cacheArray['nick_active'][$uidNick])) { + // Use it directly + $ret = $cacheArray['nick_active'][$uidNick]; + + // Increment cache counter + incrementConfigEntry('cache_hits'); + } else { + // Search in database + // @TODO Can we replace this with GET_TOTAL_DATA() ? + $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s OR nickname='%s' LIMIT 1", + array(bigintval($uidNick), $uidNick), __FILE__, __LINE__); - // Free result - SQL_FREERESULT($result); + // Check existence of nickname + $ret = (SQL_NUMROWS($result) == 1); + + // Put it in cache + $cacheArray['nick_active'][$uidNick] = $ret; + + // Free result + SQL_FREERESULT($result); + } // Return nickname return $ret; } + // -function NICKNAME_GET_NICK($userid) -{ +function NICKNAME_GET_NICK ($userid) { + global $cacheArray; + // If not found... $ret = ""; - // Search for non-empty nickname - $result = SQL_QUERY_ESC("SELECT nickname FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND nickname != '' LIMIT 1", - array(bigintval($userid)), __FILE__, __LINE__); + // Found in cache? + if (isset($cacheArray['nicknames'][$userid])) { + // Use it directly + $ret = $cacheArray['nicknames'][$userid]; - // Found? - if (SQL_NUMROWS($result) == 1) - { - // Load nickname from database - list($ret) = SQL_FETCHROW($result); - } + // Increment cache counter + incrementConfigEntry('cache_hits'); + } elseif (NICKNAME_IS_ACTIVE($userid)) { + // Search for non-empty nickname + $result = SQL_QUERY_ESC("SELECT nickname FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND nickname != '' LIMIT 1", + array(bigintval($userid)), __FILE__, __LINE__); + + // Found? + if (SQL_NUMROWS($result) == 1) { + // Load nickname from database + list($ret) = SQL_FETCHROW($result); - // Free result - SQL_FREERESULT($result); + // Put it in cche + $cacheArray['nicknames'][$userid] = $ret; + } // END - if + + // Free result + SQL_FREERESULT($result); + } // Return nickname return $ret; } + +// Simple wrapper function +function NICKNAME_PROBE_ON_USERID ($uid) { + return (NICKNAME_GET_NICK($uid) != ""); +} + // ?> diff --git a/inc/libs/primera_functions.php b/inc/libs/primera_functions.php index 3a1cff07a0..58c7f4fff8 100644 --- a/inc/libs/primera_functions.php +++ b/inc/libs/primera_functions.php @@ -258,7 +258,7 @@ function PRIMERA_EXECUTE_WITHDRAW ($primusNick, $userMd5, $amount) { $api = new PrimeraApi($primusNick, $userMd5); // Prepare purpose - $eval = "\$purpose = \"".COMPILE_CODE(sprintf(PRIMERA_API_PURPOSE_WITHDRAW, $_COOKIE['sponsorid']))."\";"; + $eval = "\$purpose = \"".COMPILE_CODE(sprintf(PRIMERA_API_PURPOSE_WITHDRAW, get_session('sponsorid')))."\";"; eval($eval); // Pay the Primera diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php index 0f34c42e88..5b5589359b 100644 --- a/inc/libs/security_functions.php +++ b/inc/libs/security_functions.php @@ -83,11 +83,6 @@ if (!isset($_POST)) { $_POST = $GLOBALS['_POST']; } -if (!isset($_COOKIE)) { - global $_COOKIE; - $_COOKIE = $GLOBALS['_COOKIE']; -} - // Include IP-Filter here //require("/usr/share/php/ipfilter.php"); @@ -161,23 +156,6 @@ if (basename($_SERVER['PHP_SELF']) != "install.php") { $_POST[$seckey] = strip_tags($_POST[$seckey]); } } - - // ... and finally cookies - foreach ($_COOKIE as $seckey => $secvalue) { - if (is_array($secvalue)) { - // Throw arrays away... - unset($_COOKIE[$seckey]); - } else { - // Only variables are allowed (non-array) but we secure them all! - foreach ($SEC_CHARS['from'] as $key => $char) { - // Pass all through - $_COOKIE[$seckey] = str_replace($char , $SEC_CHARS['to'][$key], $_COOKIE[$seckey]); - } - - // Strip all other out - $_COOKIE[$seckey] = strip_tags($_COOKIE[$seckey]); - } - } } // Activate caching or transparent compressing when it is not already done diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php index 499abe7e9f..85ba173427 100644 --- a/inc/libs/sponsor_functions.php +++ b/inc/libs/sponsor_functions.php @@ -37,9 +37,12 @@ if (!defined('__SECURITY')) { } // -function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) -{ - $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false; +function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) { + // Init a lot variables + $SAVE = true; + $UPDATE = false; + $skip = false; + $ALREADY = false; $ret = "unused"; // Skip these entries @@ -54,44 +57,35 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST ); // Check if sponsor already exists - foreach ($POST as $k => $v) - { - if (!(array_search($k, $SKIPPED) > -1)) - { + foreach ($POST as $k => $v) { + if (!(array_search($k, $SKIPPED) > -1)) { // Check only posted input entries not the submit button switch ($k) { case "email": $ALREADY = false; - if (!VALIDATE_EMAIL($v)) - { + if (!VALIDATE_EMAIL($v)) { // Email address is not valid $SAVE = false; - } - else - { + } else { // Do we want to add a new sponsor or update his data? $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1", - array($POST['email']), __FILE__, __LINE__); + array($POST['email']), __FILE__, __LINE__); // Is a sponsor alread in the db? - if (SQL_NUMROWS($result) == 1) - { - // Free memory - SQL_FREERESULT($result); - + if (SQL_NUMROWS($result) == 1) { // Yes, he is! - if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) - { + if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) { // Already found! $ALREADY = true; - } - else - { + } else { // Update his data $UPDATE = true; } } + + // Free memory + SQL_FREERESULT($result); } break; @@ -110,18 +104,17 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST default: // Test if there is are time selections $TEST = substr($k, -3); - if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v))) - { + if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v))) { // Found a multi-selection for timings? $TEST = substr($k, 0, -3); - if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2)) - { + if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2)) { // Generate timestamp $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST); $DATA['keys'][] = $TEST; $DATA['values'][] = $POST[$TEST]; // Remove data from array + // @TODO Do we still need this all? unset($POST[$TEST."_ye"]); unset($POST[$TEST."_mo"]); unset($POST[$TEST."_we"]); @@ -133,16 +126,13 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Skip adding $k = ""; $skip = true; $TEST2 = $TEST; } - } - else - { + } else { $skip = false; $TEST2 = ""; } break; } - if ((!empty($k)) && ($skip == false)) - { + if ((!empty($k)) && ($skip == false)) { // Add data $DATA['keys'][] = $k; $DATA['values'][] = $v; } @@ -150,8 +140,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST } // Save sponsor? - if ($SAVE) - { + if ($SAVE) { // Default is no force even when a guest want to abuse this force switch if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0; @@ -159,12 +148,10 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST $SQL = ""; $MSG = ""; // Update? - if ($UPDATE) - { + if ($UPDATE) { // Update his data $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET "; - foreach ($DATA['keys'] as $k => $v) - { + foreach ($DATA['keys'] as $k => $v) { $SQL .= $v."='%s', "; } @@ -173,27 +160,22 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST $DATA['values'][] = bigintval($_GET['id']); // Generate message - $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs); + $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs); $ret = "updated"; - } - elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) - { + } elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) { // Add new sponsor, first add more data $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time(); $DATA['keys'][] = "status"; - if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) - { + if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) { // Only allowed for admin $DATA['values'][] = "PENDING"; - } - else - { + } elsen{ // Guest area $DATA['values'][] = "UNCONFIRMED"; // Generate hash code $DATA['keys'][] = "hash"; - $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); + $DATA['values'][] = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); $DATA['keys'][] = "remote_addr"; $DATA['values'][] = GET_REMOTE_ADDR(); } @@ -206,18 +188,14 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')"; // Generate message - $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs); + $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs); $ret = "added"; - } - elseif ((!$NO_UPDATE) && (IS_ADMIN())) - { + } elseif ((!$NO_UPDATE) && (IS_ADMIN())) { // Add all data as hidden data $OUT = ""; - foreach ($POST as $k => $v) - { + foreach ($POST as $k => $v) { // Do not add 'force' ! - if ($k != "force") - { + if ($k != "force") { $OUT .= "\n"; } } @@ -227,30 +205,24 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Ask for adding a sponsor with same email address LOAD_TEMPLATE("admin_add_sponsor_already"); return; - } - else - { + } else { // Already added! $MSG = SPONSOR_ALREADY_FOUND_1.$POST['email'].SPONSOR_ALREADY_FOUND_2; $ret = "already"; } - if (!empty($SQL)) - { + if (!empty($SQL)) { // Run SQL command $result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__); } // Output message - if ((!$NO_UPDATE) && (IS_ADMIN())) - { + if ((!$NO_UPDATE) && (IS_ADMIN())) { LOAD_TEMPLATE("admin_settings_saved", false, $MSG); } - } - else - { + } else { // Error found! - $MSG = SPONSOR_SET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs); + $MSG = SPONSOR_GET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs); LOAD_TEMPLATE("admin_settings_saved", false, $MSG); } @@ -258,8 +230,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST if ($RET_STATUS) return $ret; } // -function SPONSOR_TRANSLATE_STATUS($status) -{ +function SPONSOR_TRANSLATE_STATUS($status) { switch ($status) { case "UNCONFIRMED": @@ -290,32 +261,20 @@ function SPONSOR_TRANSLATE_STATUS($status) return $ret; } // Search for an email address in the database -function SPONSOR_FOUND_EMAIL_DB($email) -{ - // Default status is failed (as it is always be...) - $ret = false; - - // Check for email (and secure input) - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1", - array($email), __FILE__, __LINE__); - +function SPONSOR_FOUND_EMAIL_DB ($email) { // Do we already have the provided email address in our DB? - if (SQL_NUMROWS($result) == 1) $ret = true; + $ret = (GET_TOTAL_DATA($email, "sponsor_data", "id", "email", true) == 1); // Return result return $ret; } // -function SPONSOR_SET_MESSAGE($msg, $pos, $array) -{ +function SPONSOR_GET_MESSAGE ($msg, $pos, $array) { // Check if the requested message was found in array - if (isset($array[$pos])) - { + if (isset($array[$pos])) { // ... if yes then use it! $ret = $array[$pos]; - } - else - { + } else { // ... else use default message $ret = $msg; } @@ -323,20 +282,17 @@ function SPONSOR_SET_MESSAGE($msg, $pos, $array) // Return result return $ret; } + // -function IS_SPONSOR() -{ - global $_COOKIE; +function IS_SPONSOR () { // Failed... $ret = false; - if ((!empty($_COOKIE['sponsorid'])) && (!empty($_COOKIE['sponsorpass']))) - { + if ((isSessionVariableSet('sponsorid'))) && (isSessionVariableSet('sponsorpass')))) { // Check cookies against database records... $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' AND password='%s' AND status='CONFIRMED' LIMIT 1", - array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // All is fine $ret = true; } @@ -436,38 +392,27 @@ function GENERATE_SPONSOR_CONTENT($what) return $OUT; } // -function UPDATE_SPONSOR_LOGIN() -{ - global $_COOKIE, $_CONFIG; - - // Check if cookies are set - if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false; +function UPDATE_SPONSOR_LOGIN () { + // Failed by default + $login = false; - // Calculate cookie lifetime, maybe we have to change this so the admin can setup a - // seperate timeout for these two cookies? - $life = (time() + getConfig('online_timeout')); - - // Is confirmed so both is fine and we can continue with login procedure - $login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) && - (setcookie("sponsorpass", $_COOKIE['sponsorpass'] , $life, COOKIE_PATH))); - - // Update database? - if ($login) - { + // Is sponsor? + if (IS_SPONSOR()) { // Update last online timestamp SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data -SET last_online='".time()."' +SET last_online=UNIX_TIMESTAMP() WHERE id='%s' AND password='%s' LIMIT 1", - array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__); + array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__); + + // This update went fine? + $login = (SQL_AFFECTEDROWS() == 1); } // Return status return $login; } // -function SPONSOR_SAVE_DATA($POST, $content) -{ - global $_COOKIE, $_SERVER, $_GET; +function SPONSOR_SAVE_DATA ($POST, $content) { $EMAIL = false; // Unsecure data which we don't want @@ -479,19 +424,16 @@ function SPONSOR_SAVE_DATA($POST, $content) $MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED; // Check for submitted passwords - if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) - { + if ((!empty($POST['pass1'])) && (!empty($POST['pass2']))) { // Are both passwords the same? - if ($_POST['pass1'] == $_POST['pass2']) - { + if ($POST['pass1'] == $POST['pass2']) { // Okay, then set password and remove pass1 and pass2 - $_POST['password'] = md5($_POST['pass1']); + $POST['password'] = md5($POST['pass1']); } } // Remove all (maybe spoofed) unsafe data from array - foreach ($UNSAFE as $remove) - { + foreach ($UNSAFE as $remove) { unset($POST[$remove]); } @@ -501,8 +443,7 @@ function SPONSOR_SAVE_DATA($POST, $content) // Prepare SQL string $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET"; - foreach ($POST as $key => $value) - { + foreach ($POST as $key => $value) { // Mmmmm, too less security here??? $SQL .= " ".strip_tags($key)."='%s',"; @@ -514,10 +455,8 @@ function SPONSOR_SAVE_DATA($POST, $content) } // Check if email has changed - if ((!empty($content['email'])) && (!empty($POST['email']))) - { - if ($content['email'] != $POST['email']) - { + if ((!empty($content['email'])) && (!empty($POST['email']))) { + if ($content['email'] != $POST['email']) { // Change email address $EMAIL = true; @@ -525,7 +464,7 @@ function SPONSOR_SAVE_DATA($POST, $content) $SQL .= " status='EMAIL', hash='%s',"; // Generate hash code - $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); + $HASH = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); $DATA[] = $HASH; } } @@ -535,15 +474,14 @@ function SPONSOR_SAVE_DATA($POST, $content) // Add SQL tail data $SQL .= " WHERE id='%s' AND password='%s' LIMIT 1"; - $DATA[] = bigintval($_COOKIE['sponsorid']); - $DATA[] = $_COOKIE['sponsorpass']; + $DATA[] = bigintval(get_session('sponsorid')); + $DATA[] = get_session('sponsorpass'); // Saving data was completed... ufff... switch ($GLOBALS['what']) { case "account": // Change account data - if ($EMAIL) - { + if ($EMAIL) { $MSG = SPONSOR_ACCOUNT_EMAIL_CHANGED; $templ = "admin_sponsor_change_email"; $subj = ADMIN_SPONSOR_ACC_EMAIL_SUBJ; diff --git a/inc/libs/theme_functions.php b/inc/libs/theme_functions.php index 31ec274cca..f7df80bbc0 100644 --- a/inc/libs/theme_functions.php +++ b/inc/libs/theme_functions.php @@ -205,7 +205,7 @@ if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $currTheme)) { $newTheme = $_POST['new_theme']; // Change to new theme - set_session("mxchange_theme", $newTheme); + set_session('mxchange_theme', $newTheme); // Remove current from array and set new $theme = sprintf("%stheme/%s/theme.php", PATH, $currTheme); diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php index 3a385ff3ae..76d85f5876 100644 --- a/inc/libs/user_functions.php +++ b/inc/libs/user_functions.php @@ -257,5 +257,203 @@ function SELECT_RANDOM_REFID () { return $refid; } +// Do the user login +function USER_DO_LOGIN ($uid, $passwd) { + // Add last_login if available + $LAST = ""; + if (GET_EXT_VERSION("sql_patches") >= "0.2.8") { + $LAST = ", last_login"; + } // END - if + + // Check login data + $password = ""; $uid2 = ""; $dmy = ""; $online = 0; $login = 0; + if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($uid))) { + // Nickname entered + $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1", + array($uid), __FILE__, __LINE__); + list($uid2, $password, $online, $login) = SQL_FETCHROW($result); + if (!empty($uid2)) $uid = bigintval($uid2); + } else { + // Direct userid entered + $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1", + array($uid, $hash), __FILE__, __LINE__); + list($uid2, $password, $online, $login) = SQL_FETCHROW($result); + } + + // Is there an entry? + if ((SQL_NUMROWS($result) == 1) && ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid))) { + // Free result + SQL_FREERESULT($result); + + // By default the hash is empty + $hash = ""; + + // Check for old MD5 passwords + if ((strlen($password) == 32) && (md5($passwd) == $password)) { + // Just set the hash to the password from DB... :) + $hash = $password; + } else { + // Hash password with improved way for comparsion + $hash = generateHash($passwd, substr($password, 0, -40)); + } + + if ($hash == $password) { + // New hashed password found so let's generate a new one + $hash = generateHash($passwd); + + // ... and update database + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1", + array($hash, $uid), __FILE__, __LINE__); + + // No login bonus by default + // @TODO Make this filter working: $ADDON = RUN_FILTER('post_login_update', array('login' => $login, 'online' => $online)); + $BONUS = false; + + // Probe for last online timemark + $probe = time() - $online; + if (!empty($login)) $probe = time() - $login; + if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= getConfig('login_timeout'))) { + // Add login bonus to user's account + $ADD = sprintf(", login_bonus=login_bonus+%s", + (float)getConfig('login_bonus') + ); + $BONUS = true; + + // Subtract login bonus from userid's account or jackpot + if ((GET_EXT_VERSION("bonus") >= "0.3.5") && (getConfig('bonus_mode') != "ADD")) BONUS_POINTS_HANDLER('login_bonus'); + } // END - if + + // Init variables + $login = false; + + // Calculate new hash with the secret key and master salt together + $hash = generatePassString($hash); + + // Update global array + // @TODO Make this filter working: $URL = RUN_FILTER('do_login', array('uid' => $uid, 'hash' => $hash, 'addon' => $ADDON)); + $GLOBALS['userid'] = $uid; + + // Try to set session data (which shall normally always work!) + if ((set_session('userid', $uid )) && (set_session('u_hash', $hash))) { + // Update database records + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1", + array($uid), __FILE__, __LINE__); + if (SQL_AFFECTEDROWS() == 1) { + // Procedure to checking for login data + if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) { + // Bonus added (just displaying!) + $URL = "modules.php?module=chk_login&mode=bonus"; + } else { + // Bonus not added + $URL = "modules.php?module=chk_login&mode=login"; + } + } else { + // Cannot update counter! + $URL = "modules.php?module=index&what=login&login=".CODE_CNTR_FAILED; + } + } else { + // Cookies not setable! + $URL = "modules.php?module=index&what=login&login=".CODE_NO_COOKIES; + } + } elseif (GET_EXT_VERSION("sql_patches") >= "0.4.7") { + // Update failture counter + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1", + array($uid), __FILE__, __LINE__); + + // Wrong password! + $URL = "modules.php?module=index&what=login&login=".CODE_WRONG_PASS; + } + } elseif ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid)) { + // Other account status? + // @TODO Can this query be saved??? + $result = SQL_QUERY_ESC("SELECT status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", + array($uid), __FILE__, __LINE__); + + // Entry found? + if (SQL_NUMROWS($result) == 1) { + // Load status + list($status) = SQL_FETCHROW($result); + + // Create an error code from given status + $ERROR = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status); + } else { + // ID not found! + $ERROR = CODE_WRONG_ID; + } + + // Construct URL + $URL = "modules.php?module=index&what=login&login=".$ERROR; + } else { + // ID not found! + $URL = "modules.php?module=index&what=login&login=".CODE_WRONG_ID; + } + + // Return URL + return $URL; +} + +// Try to send a new password for the given user account +function USER_DO_NEW_PASSWORD ($email, $uid) { + // Compile email when found in address (only secure chars!) + if (!empty($email)) $email = str_replace("{DOT}", '.', $email); + + // Init result and error + $ERROR = ""; + $result = false; + + // Probe userid/nickname + if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($uid))) { + // Nickname entered + $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' OR email='%s' LIMIT 1", + array($uid, $email), __FILE__, __LINE__); + } elseif (($uid > 0) && (empty($email))) { + // Direct userid entered + $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", + array(bigintval($uid)), __FILE__, __LINE__); + } elseif (!empty($email)) { + // Email entered + $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1", + array($email), __FILE__, __LINE__); + } else { + // Userid not set! + DEBUG_LOG(__FUNCTION__, __LINE__, "Userid is not set! BUG!"); + $ERROR = CODE_WRONG_ID; + } + + // Any entry found? + if (SQL_NUMROWS($result) == 1) { + // This data is valid, so we create a new pass... :-) + list($uid, $status) = SQL_FETCHROW($result); + + if ($status == "CONFIRMED") { + // Ooppps, this was missing! ;-) We should update the database... + $NEW_PASS = GEN_PASS(); + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s LIMIT 1", + array(generateHash($NEW_PASS), $uid), __FILE__, __LINE__); + + // Prepare data and message for email + $msg = LOAD_EMAIL_TEMPLATE("new-pass", array('new_pass' => $NEW_PASS), $uid); + + // ... and send it away + SEND_EMAIL($uid, GUEST_NEW_PASSWORD, $msg); + + // Output note to user + LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND); + } else { + // Account is locked or unconfirmed + $ERROR = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status); + + // Load URL + LOAD_URL("modules.php?module=index&what=login&login=".$ERROR); + } + } else { + // ID or email is wrong + LOAD_TEMPLATE("admin_settings_saved", false, "".GUEST_WRONG_ID_EMAIL.""); + } + + // Return the error code + return $ERROR; +} + // [EOF] ?> diff --git a/inc/mails/beg_mails.php b/inc/mails/beg_mails.php index b3580e82c0..cd43f5df05 100644 --- a/inc/mails/beg_mails.php +++ b/inc/mails/beg_mails.php @@ -138,10 +138,10 @@ LIMIT 1", $RECEIVER = implode(";", $UIDs); // Prepare URL - $url = URL."/modules.php?module=index&what=login"; + $URL = "modules.php?module=index&what=login"; // Insert mail - ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('beg_notify_bonus'), getConfig('beg_notify_wait'), $url, 0, "normal", SQL_NUMROWS($result_main)); + ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('beg_notify_bonus'), getConfig('beg_notify_wait'), $URL, 0, "normal", SQL_NUMROWS($result_main)); } // END - if } // END - if diff --git a/inc/mails/bonus_mails.php b/inc/mails/bonus_mails.php index 2df07aa5a3..b77202d461 100644 --- a/inc/mails/bonus_mails.php +++ b/inc/mails/bonus_mails.php @@ -117,10 +117,10 @@ LIMIT 1", $RECEIVER = implode(";", $UIDs); // Prepare URL - $url = URL."/modules.php?module=index&what=login"; + $URL = "modules.php?module=index&what=login"; // Insert mail - ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('bonus_notify_points'), getConfig('bonus_notify_wait'), $url, 0, "normal", SQL_NUMROWS($result_main)); + ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('bonus_notify_points'), getConfig('bonus_notify_wait'), $URL, 0, "normal", SQL_NUMROWS($result_main)); } // END - if } // END - if diff --git a/inc/modules/admin.php b/inc/modules/admin.php index cbf18f8b2d..719533118c 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -71,7 +71,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); if (!_FATAL) { // Registering is done - LOAD_URL(URL."/modules.php?module=admin&action=login®ister=done"); + LOAD_URL("modules.php?module=admin&action=login®ister=done"); } else { $ret = ADMIN_CANNOT_COMPLETE; } @@ -99,7 +99,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); // Load URL for login - LOAD_URL(URL."/modules.php?module=admin&action=login"); + LOAD_URL("modules.php?module=admin&action=login"); } // END - if break; } @@ -192,7 +192,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // At leat one administrator account was created if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) { // Timeout for last login, we have to logout first! - LOAD_URL(URL."/modules.php?module=admin&action=login&logout=1"); + LOAD_URL("modules.php?module=admin&action=login&logout=1"); } // END - if if (!empty($_GET['register'])) { @@ -211,7 +211,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { { case "done": // Admin and password are okay, so we log in now // Construct URL and redirect - $URL = URL."/modules.php?module=admin&"; + $URL = "modules.php?module=admin&"; // Rewrite overview module if ($GLOBALS['what'] == "overview") { @@ -340,37 +340,29 @@ if (!isBooleanConstantAndTrue('admin_registered')) { switch ($ret) { case "done": - // Cookie-Data accepted - if ((set_session("admin_md5", get_session('admin_md5'))) && (set_session("admin_login", get_session('admin_login'))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) { - // Ok, Cookie-Update done - // Check for access control line of current menu entry - define('__ACL_ALLOW', RUN_FILTER('check_admin_acl')); + // Check for access control line of current menu entry + define('__ACL_ALLOW', RUN_FILTER('check_admin_acl')); - // When type of admin menu is not set fallback to old menu system - if (getConfig('admin_menu') == null) $_CONFIG['admin_menu'] = "OLD"; + // When type of admin menu is not set fallback to old menu system + if (getConfig('admin_menu') == null) $_CONFIG['admin_menu'] = "OLD"; - // Check for version and switch between old menu system and new "intelligent menu system" - if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (FILE_READABLE(PATH."inc/modules/admin/lasys-inc.php"))) { - // Default area is the entrance, of course - $area = "entrance"; + // Check for version and switch between old menu system and new "intelligent menu system" + if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (FILE_READABLE(PATH."inc/modules/admin/lasys-inc.php"))) { + // Default area is the entrance, of course + $area = "entrance"; - // Check for similar URL variable - if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']); + // Check for similar URL variable + if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']); - // Load "logical-area menu-system" file - require_once(PATH."inc/modules/admin/lasys-inc.php"); + // Load "logical-area menu-system" file + require_once(PATH."inc/modules/admin/lasys-inc.php"); - // Create new-style menu system will "logical areas" - ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']); - } else { - // This little call constructs the whole default old and lacky menu system - // on left side - ADMIN_DO_ACTION($GLOBALS['what']); - } + // Create new-style menu system will "logical areas" + ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']); } else { - // Login failed (cookies enabled?) - OUTPUT_HTML("".ADMIN_LOGIN_FAILED.""); - ADD_FATAL(CANNOT_RE_REGISTER_SESS); + // This little call constructs the whole default old and lacky menu system + // on left side + ADMIN_DO_ACTION($GLOBALS['what']); } break; diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 31de75a568..af97f70378 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -202,13 +202,13 @@ function LOGIN_ADMIN ($adminLogin, $passHash) { // Now set all session variables and return the result return ( ( - set_session("admin_md5", generatePassString($passHash)) + set_session('admin_md5', generatePassString($passHash)) ) && ( - set_session("admin_login", $adminLogin) + set_session('admin_login', $adminLogin) ) && ( - set_session("admin_last", time()) + set_session('admin_last', time()) ) && ( - set_session("admin_to", bigintval($_POST['timeout'])) + set_session('admin_to', bigintval($_POST['timeout'])) ) ); } diff --git a/inc/modules/admin/overview-inc.php b/inc/modules/admin/overview-inc.php index ee772bbdb7..46c2ed7f31 100644 --- a/inc/modules/admin/overview-inc.php +++ b/inc/modules/admin/overview-inc.php @@ -224,6 +224,7 @@ function OUTPUT_SELECTED_TASKS ($POST, $result_tasks) { $OUT .= LOAD_TEMPLATE("admin_overview_row", true, $content); // Which task do we actually have here? + // @TODO Rewrite this to something with include files switch ($type) { case "EXTENSION": // Install new extensions @@ -264,7 +265,7 @@ function OUTPUT_SELECTED_TASKS ($POST, $result_tasks) { case "SUPPORT_MEMBER": // Assign on member's support request switch ($mode) { - default: // Unknown support mode + default: // @TODO Unknown support mode DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown support mode %s detected. This part is under construction!", $mode)); $OUT .= "".ADMIN_UNKNOWN_SUPPORT_MODE_1.$mode.ADMIN_UNKNOWN_SUPPORT_MODE_2."\n"; break; diff --git a/inc/modules/admin/what-del_sponsor.php b/inc/modules/admin/what-del_sponsor.php index a3b7324936..9bf42b7830 100644 --- a/inc/modules/admin/what-del_sponsor.php +++ b/inc/modules/admin/what-del_sponsor.php @@ -74,7 +74,7 @@ if (!empty($_GET['id'])) { LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_DELETED_1.bigintval($_GET['id']).SPONSOR_DELETED_2); } elseif (!empty($_POST['no'])) { // Do not delete him... - LOAD_URL(URL."/modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id'])); + LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id'])); } else { // Load data list ($email, $gender, $sname, $fname) = SQL_FETCHROW($result); diff --git a/inc/modules/admin/what-list_newsletter.php b/inc/modules/admin/what-list_newsletter.php index db649c3b18..3a7f335271 100644 --- a/inc/modules/admin/what-list_newsletter.php +++ b/inc/modules/admin/what-list_newsletter.php @@ -40,11 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if ((!empty($_POST['uid'])) && (!empty($_POST['id']))) -{ +if ((!empty($_POST['uid'])) && (!empty($_POST['id']))) { // Update database... // First user's account - SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%s LIMIT 1", + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET nl_until=(UNIX_TIMESTAMP() + nl_timespan), nl_receive='N', nl_timespan=0 WHERE userid=%s LIMIT 1", array(bigintval($_POST['uid'])), __FILE__, __LINE__); // Next the task system... @@ -56,11 +55,10 @@ if ((!empty($_POST['uid'])) && (!empty($_POST['id']))) // Output message to admin LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NL_MEMBER_DONE); -} - else -{ - // Currently under construction! +} else { + // @TODO Currently under construction! LOAD_TEMPLATE("admin_settings_saved", false, UNDER_CONSTRUCTION); } + // ?> diff --git a/inc/modules/admin/what-lock_sponsor.php b/inc/modules/admin/what-lock_sponsor.php index a4aebb3c8b..adcc4407a2 100644 --- a/inc/modules/admin/what-lock_sponsor.php +++ b/inc/modules/admin/what-lock_sponsor.php @@ -82,7 +82,7 @@ if (!empty($_GET['id'])) { array(bigintval($_GET['id'])), __FILE__, __LINE__); } elseif (!empty($_POST['no'])) { // No don't lock / unlock now! - LOAD_URL(URL."/modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id'])); + LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id'])); } else { // Create header and text messages if ($status == "CONFIRMED") { diff --git a/inc/modules/admin/what-lock_user.php b/inc/modules/admin/what-lock_user.php index e96c9a5847..a658027875 100644 --- a/inc/modules/admin/what-lock_user.php +++ b/inc/modules/admin/what-lock_user.php @@ -111,7 +111,7 @@ if (!empty($_GET['u_id'])) { require_once(PATH."inc/modules/admin/what-del_user.php"); } elseif (!empty($_POST['no'])) { // Do not lock him... - $URL = URL."/modules.php?module=admin&what=list_user&u_id=".bigintval($_GET['u_id']); + $URL = "modules.php?module=admin&what=list_user&u_id=".bigintval($_GET['u_id']); } else { $result = SQL_QUERY_ESC("SELECT email, surname, family FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); diff --git a/inc/modules/admin/what-theme_edit.php b/inc/modules/admin/what-theme_edit.php index f5de9a864a..f69e0a4da2 100644 --- a/inc/modules/admin/what-theme_edit.php +++ b/inc/modules/admin/what-theme_edit.php @@ -82,7 +82,7 @@ if ($SEL > 0) { $POST['default_theme'] = SQL_ESCAPE($_GET['default_theme']); // Set session - set_session("mxchange_theme", $POST['default_theme']); + set_session('mxchange_theme', $POST['default_theme']); // Set it in config and current theme as well global $currTheme; @@ -99,10 +99,8 @@ $THEME_MODE = "test"; // Generate output lines for the template $OUT = ""; $SW = 2; $result = SQL_QUERY("SELECT id, theme_path, theme_active, theme_ver, theme_name FROM `"._MYSQL_PREFIX."_themes` ORDER BY theme_path", __FILE__, __LINE__); -if (SQL_NUMROWS($result) > 0) -{ - while(list($id, $unix, $active, $ver, $name) = SQL_FETCHROW($result)) - { +if (SQL_NUMROWS($result) > 0) { + while(list($id, $unix, $active, $ver, $name) = SQL_FETCHROW($result)) { // Load theme in test mode require(PATH."theme/".$unix."/theme.php"); diff --git a/inc/modules/chk_login.php b/inc/modules/chk_login.php index e53914bff5..bcdddce43c 100644 --- a/inc/modules/chk_login.php +++ b/inc/modules/chk_login.php @@ -41,7 +41,7 @@ if (!defined('__SECURITY')) { OPEN_TABLE("500", "guest_login_header dashed", "center"); OUTPUT_HTML("
".VALIDATING_LOGIN."
"); -if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime'))) { +if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash'))) { // Login failtures are supported since 0.4.7 // Do we have 0.4.7 of sql_patches or later? $ADD = ""; @@ -61,7 +61,7 @@ if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSession SQL_FREERESULT($result); // Change to new theme - set_session("mxchange_theme", $data['curr_theme']); + set_session('mxchange_theme', $data['curr_theme']); // Remmeber login failtures if available if (GET_EXT_VERSION("sql_patches") >= "0.4.7") { diff --git a/inc/modules/guest/what-confirm.php b/inc/modules/guest/what-confirm.php index 333d777b45..76fdc29438 100644 --- a/inc/modules/guest/what-confirm.php +++ b/inc/modules/guest/what-confirm.php @@ -105,7 +105,7 @@ if (!empty($_GET['hash'])) { // Account confirmed! if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) { // Set special lead cookie - set_session("lead_uid", bigintval($uid)); + set_session('lead_uid', bigintval($uid)); // Lead-Code mode enabled LOAD_URL("lead-confirm.php"); @@ -116,7 +116,7 @@ if (!empty($_GET['hash'])) { } } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) { // Set special lead cookie - set_session("lead_uid", bigintval($uid)); + set_session('lead_uid', bigintval($uid)); // Lead-Code mode enabled LOAD_URL("lead-confirm.php"); @@ -132,14 +132,11 @@ if (!empty($_GET['hash'])) { define('__UID', "0"); LOAD_TEMPLATE("guest_confirm_table"); } -} - elseif ((isset($_POST['ok'])) && (!empty($_POST['email']))) -{ +} elseif ((isset($_POST['ok'])) && (!empty($_POST['email']))) { // Confirmation link requested 0 1 2 $result = SQL_QUERY_ESC("SELECT userid, status, user_hash FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1", - array($_POST['email']), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array($_POST['email']), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Email address found $DATA = SQL_FETCHROW($result); switch ($DATA[1]) diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index 8f8074f9fd..6b108994f6 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -36,24 +36,31 @@ if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); +} elseif ((!EXT_IS_ACTIVE("user")) && (!IS_ADMIN())) { + ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "user"); + return; } // Add description as navigation point ADD_DESCR("guest", __FILE__); -global $DATA, $FATAL; +global $DATA, $ERROR; -// Initialize data -$probe_nickname = false; $uid = false; $hash = ""; -unset($login); unset($online); +// Initialize variables +$ERROR = 0; +$probe_nickname = false; +$uid = false; +$hash = ""; +$URL = ""; +$ADD = ""; +// Already logged in? if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) { - // Already logged in? + // Maybe, then continue with it $uid = $GLOBALS['userid']; } elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) { // Set userid and crypt password when login data was submitted - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".($_POST['id'] + 0)."") != $_POST['id'])); - if ($probe_nickname === true) { + if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($_POST['id']))) { // Nickname entered $uid = SQL_ESCAPE($_POST['id']); } else { @@ -69,237 +76,22 @@ if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) { $uid = 0; $hash = ""; } -$URL = ""; $ADD = ""; // Set unset variables if (empty($_POST['new_pass'])) $_POST['new_pass'] = ""; if (empty($_GET['login'])) $_GET['login'] = ""; if (IS_MEMBER()) { // Login immidiately... - $URL = URL."/modules.php?module=login"; + $URL = "modules.php?module=login"; } elseif ((isset($_POST['ok'])) && ("".$uid."" != "".$_POST['id']."")) { // Invalid input (no nickname extension installed but nickname entered) $ERROR = CODE_EXTENSION_PROBLEM; } elseif (isset($_POST['ok'])) { - // Add last_login if available - $LAST = ""; - if (GET_EXT_VERSION("sql_patches") >= "0.2.8") { - $LAST = ", last_login"; - } // END - if - - // Check login data - $password = ""; $uid2 = ""; $dmy = ""; - if ($probe_nickname === true) { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1", - array($uid), __FILE__, __LINE__); - list($uid2, $password, $online, $login) = SQL_FETCHROW($result); - if (!empty($uid2)) $uid = bigintval($uid2); - } else { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1", - array($uid, $hash), __FILE__, __LINE__); - list($uid2, $password, $online, $login) = SQL_FETCHROW($result); - } - - // Is there an entry? - if ((SQL_NUMROWS($result) == 1) && ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid))) { - // Free result - SQL_FREERESULT($result); - - // By default the hash is empty - $hash = ""; - - // Check for old MD5 passwords - if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) { - // Just set the hash to the password from DB... :) - $hash = $password; - } else { - // Hash password with improved way for comparsion - $hash = generateHash($_POST['password'], substr($password, 0, -40)); - } - - if ($hash == $password) { - // New hashed password found so let's generate a new one - $hash = generateHash($_POST['password']); - - // ... and update database - SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1", - array($hash, $uid), __FILE__, __LINE__); - - // No login bonus by default - $BONUS = false; - - // Probe for last online timemark - $probe = time() - $online; - if (!empty($login)) $probe = time() - $login; - if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= getConfig('login_timeout'))) { - // Add login bonus to user's account - $ADD = sprintf(", login_bonus=login_bonus+%s", - (float)getConfig('login_bonus') - ); - $BONUS = true; - - // Subtract login bonus from userid's account or jackpot - if ((GET_EXT_VERSION("bonus") >= "0.3.5") && (getConfig('bonus_mode') != "ADD")) BONUS_POINTS_HANDLER('login_bonus'); - } // END - if - - // Init variables - $life = "-1"; $login = false; - - // Secure lifetime from input form - $l = bigintval($_POST['lifetime']); - - // Is the lifetime set? - if ($l > 0) { - // Calculate lifetime of cookies - $life = time() + $l; - - // Calculate new hash with the secret key and master salt together - $hash = generatePassString($hash); - - // Update cookies - $login = (set_session("userid" , $uid , $life, COOKIE_PATH) - && set_session("u_hash" , $hash, $life, COOKIE_PATH) - && set_session("lifetime", $l , $life, COOKIE_PATH) - ); - - // Update global array - $GLOBALS['userid'] = $uid; - } else { - // Check for login data - $login = IS_MEMBER(); - } - - if ($login) { - // Update database records - SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1", - array($uid), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS() == 1) { - // Procedure to checking for login data - if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) { - // Bonus added (just displaying!) - $URL = URL."/modules.php?module=chk_login&mode=bonus"; - } else { - // Bonus not added - $URL = URL."/modules.php?module=chk_login&mode=login"; - } - } else { - // Cannot update counter! - $URL = URL."/modules.php?module=index&what=login&login=".CODE_CNTR_FAILED; - } - } else { - // Cookies not setable! - $URL = URL."/modules.php?module=index&what=login&login=".CODE_NO_COOKIES; - } - } elseif (GET_EXT_VERSION("sql_patches") >= "0.4.7") { - // Update failture counter - SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1", - array($uid), __FILE__, __LINE__); - - // Wrong password! - $ERROR = CODE_WRONG_PASS; - } - } elseif ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid)) { - // Other account status? - $result = SQL_QUERY_ESC("SELECT status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", - array($uid), __FILE__, __LINE__); - - // Entry found? - if (SQL_NUMROWS($result) == 1) { - // Load status - list($status) = SQL_FETCHROW($result); - switch ($status) { - case "LOCKED": - $ERROR = CODE_ID_LOCKED; - break; - - case "UNCONFIRMED": - $ERROR = CODE_ID_UNCONFIRMED; - break; - - default: - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error status %s detected.", $status)); - $ERROR = CODE_UNKNOWN_STATUS; - break; - } - } else { - // ID not found! - $ERROR = CODE_WRONG_ID; - } - - // Construct URL - $URL = URL."/modules.php?module=index&what=login&login=".$ERROR; - } else { - // ID not found! - $ERROR = CODE_WRONG_ID; - } + // Try the login (see inc/libs/user_functions.php) + $URL = USER_DO_LOGIN($_POST['id'], $_POST['password']); } elseif ((!empty($_POST['new_pass'])) && (isset($uid))) { - // Compile email when found in address (only secure chars!) - if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']); - - // Set ID number when left empty - if (empty($_POST['id'])) $_POST['id'] = 0; - - // Init result - $result = false; - - // Probe userid/nickname - if ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])) { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' OR email='%s' LIMIT 1", - array($uid, $_POST['email']), __FILE__, __LINE__); - } elseif (($uid > 0) && (empty($_POST['email']))) { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($uid)), __FILE__, __LINE__); - } elseif (!empty($_POST['email'])) { - // Email entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1", - array($_POST['email']), __FILE__, __LINE__); - } else { - // Userid not set! - DEBUG_LOG(__FILE__, __LINE__, "Userid is not set! BUG!"); - $ERROR = CODE_WRONG_ID; - } - - // Any entry found? - if (SQL_NUMROWS($result) == 1) { - // This data is valid, so we create a new pass... :-) - list($uid, $status) = SQL_FETCHROW($result); - - if ($status == "CONFIRMED") { - // Ooppps, this was missing! ;-) We should update the database... - $NEW_PASS = GEN_PASS(); - SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s LIMIT 1", - array(generateHash($NEW_PASS), $uid), __FILE__, __LINE__); - - // Prepare data and message for email - $msg = LOAD_EMAIL_TEMPLATE("new-pass", array('new_pass' => $NEW_PASS), $uid); - - // ... and send it away - SEND_EMAIL($uid, GUEST_NEW_PASSWORD, $msg); - - // Output note to user - LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND); - } else { - // Account is locked or unconfirmed - switch ($status) { - case "LOCKED" : $ERROR = CODE_ID_LOCKED; break; - case "UNCONFIRMED": $ERROR = CODE_ID_UNCONFIRMED; break; - default: // Unhandled account status! - $ERROR = CODE_UNHANDLED_STATUS; - DEBUG_LOG(__FILE__, __LINE__, sprintf("Undhandled account status %s detected.", $status)); - break; - } - - // Load URL - LOAD_URL("modules.php?module=index&what=login&login=".$MSG); - } - } else { - // ID or email is wrong - LOAD_TEMPLATE("admin_settings_saved", false, "".GUEST_WRONG_ID_EMAIL.""); - } + // Try the userid/email lookup (see inc/libs/user_functions.php) + $ERROR = USER_DO_NEW_PASSWORD($_POST['email'], $uid); } // Login problems? @@ -311,10 +103,10 @@ if (!empty($_GET['login'])) { // Login problems? if (!empty($ERROR)) { // Ok, which one now? - $MSG = " -   - - "; + $MSG = " +   + + "; switch ($ERROR) { case CODE_WRONG_PASS: @@ -350,10 +142,10 @@ if (!empty($ERROR)) { $MSG .= LOGIN_WRONG_ID; break; } - $MSG .= " - -   -\n"; + $MSG .= " + +   +\n"; define('LOGIN_FAILURE_MSG', $MSG); } else { // No problems, no output @@ -370,6 +162,7 @@ if (EXT_IS_ACTIVE("nickname")) { // Was an URL constructed? if (!empty($URL)) { // URL was constructed + global $FATAL; if (!empty($FATAL[0])) { // Fatal errors! require_once(PATH."inc/fatal_errors.php"); diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index e185ae89f3..2f7ed2aebd 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -224,17 +224,14 @@ WHERE id='%s' AND password='%s' LIMIT 1", // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account? list($status) = SQL_FETCHROW($result); if ($status == "CONFIRMED") { - // Calculate cookie lifetime, maybe we have to change this so the admin can setup a - // seperate timeout for these two cookies? - $life = (time() + getConfig('online_timeout')); - // Is confirmed so both is fine and we can continue with login procedure - $login = ((setcookie("sponsorid" , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) && - (setcookie("sponsorpass", md5($_POST['pass']) , $life, COOKIE_PATH))); + $login = ((set_session('sponsorid' , bigintval($_POST['sponsorid']))) && + (set_session('sponsorpass', md5($_POST['pass']) )) + ); if ($login) { // Cookie setup successfull so we can forward to sponsor area - LOAD_URL(URL."/modules.php?module=sponsor"); + LOAD_URL("modules.php?module=sponsor"); } else { // Cookie setup failed! LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED); diff --git a/inc/modules/login.php b/inc/modules/login.php index b308473f75..ba29320e88 100644 --- a/inc/modules/login.php +++ b/inc/modules/login.php @@ -36,31 +36,17 @@ if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } elseif (!IS_MEMBER()) { - $URL = URL."/modules.php?module=index"; - if ($check == "mem_only") $URL .= "&msg=".urlencode(LANG_MEM_ONLY_1.$GLOBALS['module'].LANG_MEM_ONLY_2); + $URL = "modules.php?module=index"; + if ($check == "mem_only") $URL .= "&msg=".urlencode(LANG_MEM_ONLY_1.$GLOBALS['module'].LANG_MEM_ONLY_2); LOAD_URL($URL); } if ($status != "CONFIRMED") { // If the status is different than confirmed move the user away from here - switch ($status) - { - case "LOCKED": - $ERROR = CODE_ID_LOCKED; - break; - - case "UNCONFIRMED": - $ERROR = CODE_ID_UNCONFIRMED; - break; - - default: - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown status %s detected.", $status)); - $ERROR = CODE_UNKNOWN_STATUS; - break; - } + $ERROR = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status); // Load URL - LOAD_URL(URL."/modules.php?module=index&login=".$ERROR); + LOAD_URL("modules.php?module=index&what=login&login=".$ERROR); } // END - if // Load adverstising template diff --git a/inc/modules/member/action-surfbar.php b/inc/modules/member/action-surfbar.php index a32c590700..163bd496f8 100644 --- a/inc/modules/member/action-surfbar.php +++ b/inc/modules/member/action-surfbar.php @@ -36,7 +36,7 @@ if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } elseif (!IS_MEMBER()) { - LOAD_URL(URL."/modules.php?module=index"); + LOAD_URL("modules.php?module=index"); } elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) { ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar"); return; diff --git a/inc/modules/member/what-logout.php b/inc/modules/member/what-logout.php index 00e83449b0..3eaf9e7583 100644 --- a/inc/modules/member/what-logout.php +++ b/inc/modules/member/what-logout.php @@ -40,20 +40,20 @@ if (!defined('__SECURITY')) { } // Base URL for redirection (both cases) -$URL = URL."/modules.php?module=index"; +$URL = "modules.php?module=index"; if (destroy_user_session()) { // Remove theme cookie as well set_session("mxchange_theme", ""); // Logout completed - $URL .= "&msg=".CODE_LOGOUT_DONE; + $URL .= "&msg=".CODE_LOGOUT_DONE; // Destroy session here @session_destroy(); } else { // Cannot logout! :-( - $URL .= "&msg=".CODE_LOGOUT_FAILED; + $URL .= "&msg=".CODE_LOGOUT_FAILED; } // Load the URL diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php index d874b3beec..7122e5e79a 100644 --- a/inc/modules/member/what-mydata.php +++ b/inc/modules/member/what-mydata.php @@ -306,7 +306,7 @@ array( case "notify": // Switch off notfication SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); - $URL = URL."/modules.php?module=login&what=welcome&msg=".urlencode(PROFILE_UPDATED); + $URL = "modules.php?module=login&what=welcome&msg=".urlencode(PROFILE_UPDATED); break; } diff --git a/inc/modules/member/what-order.php b/inc/modules/member/what-order.php index 9c42dcfce1..fec95d23c2 100644 --- a/inc/modules/member/what-order.php +++ b/inc/modules/member/what-order.php @@ -113,7 +113,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", // Test submitted text against some filters (length, URLs in text etc.) if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1)) { // URL found! - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_FOUND; + $URL = "modules.php?module=login&what=order&msg=".CODE_URL_FOUND; } // END - if // Remove new-line and carriage-return characters @@ -122,7 +122,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", // Text length within allowed length? if (strlen($TEST) > getConfig('max_tlength')) { // Text is too long! - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_OVERLENGTH; + $URL = "modules.php?module=login&what=order&msg=".CODE_OVERLENGTH; } // END - if } // END - if @@ -132,7 +132,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", $_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200)); if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1)) { // URL in subject found - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_SUBJ_URL; + $URL = "modules.php?module=login&what=order&msg=".CODE_SUBJ_URL; } // END - if } // END - if @@ -147,7 +147,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", list($blist) = SQL_FETCHROW($result); // Create redirect-URL - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_BLIST_URL."&blist=".$blist; + $URL = "modules.php?module=login&what=order&msg=".CODE_BLIST_URL."&blist=".$blist; } // END - if // Free result @@ -157,13 +157,13 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", // Enougth receivers entered? if (($_POST['receiver'] < getConfig('order_min')) && (!IS_ADMIN())) { // Less than allowed receivers entered! - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS3; + $URL = "modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS3; } // END - if // Validate URL if (!VALIDATE_URL($_POST['url'])) { // URL is invalid! - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_URL; + $URL = "modules.php?module=login&what=order&msg=".CODE_INVALID_URL; } // END - if // Probe for HTML extension @@ -174,7 +174,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", $_POST['text'] = HTML_CHECK_TAGS($_POST['text']); // Maybe invalid tags found? - if (empty($_POST['text'])) $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_TAGS."&id=".$id; + if (empty($_POST['text'])) $URL = "modules.php?module=login&what=order&msg=".CODE_INVALID_TAGS."&id=".$id; } else { // Remove any HTML code $_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text'])); @@ -182,7 +182,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", } } elseif (!IS_ADMIN()) { // He has already sent a mail within a specific time - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_TLOCK."&id=".$id; + $URL = "modules.php?module=login&what=order&msg=".CODE_URL_TLOCK."&id=".$id; } // Still no error? @@ -371,22 +371,22 @@ array( } // ID is received so we can redirect the user, used points will be added when he send's out the mail - $URL = URL."/modules.php?module=frametester&order=".$id.""; + $URL = "modules.php?module=frametester&order=".$id.""; } elseif ($MAX_SEND == 0) { // Not enougth receivers found which can receive mails - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS2; + $URL = "modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS2; } else { // No enougth points left! - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_POINTS; + $URL = "modules.php?module=login&what=order&msg=".CODE_MORE_POINTS; } } else { // Ordered more mails than he can send in this category - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_NO_RECS_LEFT; + $URL = "modules.php?module=login&what=order&msg=".CODE_NO_RECS_LEFT; } } } elseif ($_POST['receiver'] == "0") { // Not enougth receivers selected - $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS1; + $URL = "modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS1; } elseif (($ALLOWED == 0) && (getConfig('order_max_full') == "ORDER")) { // No more mail orders allowed LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_ORDER_ALLOWED_EXHAUSTED); diff --git a/inc/modules/member/what-sponsor.php b/inc/modules/member/what-sponsor.php index 6a39e181a6..f6f60f75b7 100644 --- a/inc/modules/member/what-sponsor.php +++ b/inc/modules/member/what-sponsor.php @@ -35,7 +35,7 @@ if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php"; require($INC); } elseif (!IS_MEMBER()) { - LOAD_URL(URL."/modules.php?module=index"); + LOAD_URL("modules.php?module=index"); } elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) { ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "sponsor"); return; diff --git a/inc/modules/member/what-surfbar_book.php b/inc/modules/member/what-surfbar_book.php index d38757f1f0..c70cb25199 100644 --- a/inc/modules/member/what-surfbar_book.php +++ b/inc/modules/member/what-surfbar_book.php @@ -37,7 +37,7 @@ if (!defined('__SECURITY')) { require($INC); } elseif (!IS_MEMBER()) { // Redirect - LOAD_URL(URL."/modules.php?module=index"); + LOAD_URL("modules.php?module=index"); } elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) { ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar"); return; diff --git a/inc/modules/member/what-surfbar_list.php b/inc/modules/member/what-surfbar_list.php index b9b9df87dd..4a5493fb02 100644 --- a/inc/modules/member/what-surfbar_list.php +++ b/inc/modules/member/what-surfbar_list.php @@ -36,7 +36,7 @@ if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } elseif (!IS_MEMBER()) { - LOAD_URL(URL."/modules.php?module=index"); + LOAD_URL("modules.php?module=index"); } elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) { ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar"); return; diff --git a/inc/modules/member/what-surfbar_stats.php b/inc/modules/member/what-surfbar_stats.php index a1d6f979e3..bcdd6d1b4c 100644 --- a/inc/modules/member/what-surfbar_stats.php +++ b/inc/modules/member/what-surfbar_stats.php @@ -36,7 +36,7 @@ if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } elseif (!IS_MEMBER()) { - LOAD_URL(URL."/modules.php?module=index"); + LOAD_URL("modules.php?module=index"); } elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) { ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar"); return; diff --git a/inc/modules/member/what-themes.php b/inc/modules/member/what-themes.php index 62569097bf..17708e14d7 100644 --- a/inc/modules/member/what-themes.php +++ b/inc/modules/member/what-themes.php @@ -54,7 +54,7 @@ if (!empty($_POST['member_theme'])) { $newTheme = SQL_ESCAPE($_POST['member_theme']); // Change to new theme - set_session("mxchange_theme", $newTheme); + set_session('mxchange_theme', $newTheme); // Theme saved! LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_THEME_SAVED); diff --git a/inc/modules/order.php b/inc/modules/order.php index 8df46153fc..c6c5be24a5 100644 --- a/inc/modules/order.php +++ b/inc/modules/order.php @@ -41,10 +41,10 @@ if (!defined('__SECURITY')) { return; } elseif (!IS_MEMBER()) { // Sorry, no guest access! - $URL = URL."/modules.php?module=index"; + $URL = "modules.php?module=index"; } elseif (empty($_GET['order'])) { // You cannot call this module directly! - $URL = URL."/modules.php?module=login&what=order"; + $URL = "modules.php?module=login&what=order"; } // When URL is empty nothing bad happend here @@ -110,7 +110,7 @@ if (empty($URL)) { LOAD_TEMPLATE("member_order-back", false); } else { // Matching line not found or already "placed" in send queue - LOAD_URL(URL."/modules.php?module=login"); + LOAD_URL("modules.php?module=login"); } } else { // Redirect... diff --git a/inc/modules/sponsor/account.php b/inc/modules/sponsor/account.php index c402de5dbd..70c8f4b128 100644 --- a/inc/modules/sponsor/account.php +++ b/inc/modules/sponsor/account.php @@ -50,7 +50,7 @@ phone, fax, cell, email, url, status, receive_warnings FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' AND password='%s' LIMIT 1", - array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__); + array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load sponsor data $content = SQL_FETCHARRAY($result); @@ -61,7 +61,7 @@ if (SQL_NUMROWS($result) == 1) { if (empty($_POST['pass_old'])) { // No current password entered $MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED; - } elseif (md5($_POST['pass_old']) != $_COOKIE['sponsorpass']) { + } elseif (md5($_POST['pass_old']) != get_session('sponsorpass')) { // Entered password didn't match password in DB $MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB; } elseif ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] != $_POST['pass2'])) { @@ -142,7 +142,7 @@ if (SQL_NUMROWS($result) == 1) { } } else { // Sponsor account not found! - $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2); + $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.get_session('sponsorid').SPONSOR_ACCOUNT_404_2); } // Free memory diff --git a/inc/modules/sponsor/settings.php b/inc/modules/sponsor/settings.php index 1db6bbdaf8..0d46ecf129 100644 --- a/inc/modules/sponsor/settings.php +++ b/inc/modules/sponsor/settings.php @@ -47,7 +47,7 @@ if (!defined('__SECURITY')) { $result = SQL_QUERY_ESC("SELECT status, receive_warnings, warning_interval, email, surname, family, gender FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' AND password='%s' LIMIT 1", - array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__); + array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load sponsor data $content = SQL_FETCHARRAY($result); @@ -58,7 +58,7 @@ if (SQL_NUMROWS($result) == 1) { if (empty($_POST['password'])) { // No current password entered $MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED; - } elseif (md5($_POST['password']) != $_COOKIE['sponsorpass']) { + } elseif (md5($_POST['password']) != get_session('sponsorpass')) { // Entered password didn't match password in DB $MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB; } else { @@ -113,7 +113,7 @@ if (SQL_NUMROWS($result) == 1) { } } else { // Sponsor account not found! - $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2); + $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.get_session('sponsorid').SPONSOR_ACCOUNT_404_2); } // Free memory diff --git a/inc/modules/sponsor/welcome.php b/inc/modules/sponsor/welcome.php index 49454d7c80..d2c0c59444 100644 --- a/inc/modules/sponsor/welcome.php +++ b/inc/modules/sponsor/welcome.php @@ -47,7 +47,7 @@ if (!defined('__SECURITY')) { $result = SQL_QUERY_ESC("SELECT gender, surname, family, (points_amount - points_used) AS points FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' AND password='%s' LIMIT 1", - array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__); + array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__); list($gender, $surname, $family, $points) = SQL_FETCHROW($result); // Free memory diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 084bb5ad27..82ebd0721b 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -595,8 +595,7 @@ function WHAT_IS_VALID($act, $wht, $type="guest") } } // -function IS_MEMBER() -{ +function IS_MEMBER () { global $status, $LAST, $cacheArray; if (!is_array($LAST)) $LAST = array(); $ret = false; @@ -608,16 +607,14 @@ function IS_MEMBER() } // END - if // Fix "deleted" cookies first - FIX_DELETED_COOKIES(array('userid','u_hash','lifetime')); + FIX_DELETED_COOKIES(array('userid', 'u_hash')); // Are cookies set? - if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH'))) - { + if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) { // Cookies are set with values, but are they valid? $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", - array($GLOBALS['userid']), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array($GLOBALS['userid']), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Load data from cookies list($password, $status, $mod, $onl) = SQL_FETCHROW($result); @@ -625,7 +622,10 @@ function IS_MEMBER() $valPass = generatePassString($password); // Transfer last module and online time - if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; } + if ((!empty($mod)) && (empty($LAST['module']))) { + $LAST['module'] = $mod; + $LAST['online'] = $onl; + } // END - if // So did we now have valid data and an unlocked user? //* DEBUG: */ echo $valPass."
".get_session('u_hash')."
"; @@ -636,17 +636,11 @@ function IS_MEMBER() // Maybe got locked etc. //* DEBUG: */ echo __LINE__."!!!
"; destroy_user_session(); - - // Reset userid - $GLOBALS['userid'] = 0; } } else { // Cookie data is invalid! //* DEBUG: */ echo __LINE__."***
"; destroy_user_session(); - - // Reset userid - $GLOBALS['userid'] = 0; } // Free memory @@ -655,9 +649,6 @@ function IS_MEMBER() // Cookie data is invalid! //* DEBUG: */ echo __LINE__."///
"; destroy_user_session(); - - // Reset userid - $GLOBALS['userid'] = 0; } // Cache status diff --git a/index.php b/index.php index 9b98c0f1d3..312719aa93 100644 --- a/index.php +++ b/index.php @@ -59,10 +59,10 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // Is the index page configured for redirect pr not? if (getConfig('index_cookie') > 0) { // Set cookie and remeber it for specified time - set_session("visited", "true"); + set_session('visited', "true"); } elseif (isSessionVariableSet('visited')) { // Remove cookie when admin set 0 in setup - set_session("visited", ""); + set_session('visited', ""); } // Template laden diff --git a/ref.php b/ref.php index 4b34282a65..7f92027256 100644 --- a/ref.php +++ b/ref.php @@ -50,11 +50,11 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { switch (getConfig('refid_target')) { case "register": - $URL = URL."/modules.php?module=index&what=register&refid="; + $URL = "modules.php?module=index&what=register&refid="; break; case "index": - $URL = URL."/index.php?refid="; + $URL = "index.php?refid="; break; } @@ -98,7 +98,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { } // END - if } else { // No refid and we add our refid (don't forget to set $def_refid!) - $URL = URL."/index.php"; + $URL = "index.php"; } // Load the URL diff --git a/sponsor_confirm.php b/sponsor_confirm.php index 9d1a29222e..c3aadaa205 100644 --- a/sponsor_confirm.php +++ b/sponsor_confirm.php @@ -39,10 +39,10 @@ require("inc/config.php"); // Is the script installed? if (isBooleanConstantAndTrue('mxchange_installed')) { // Base URL for redirection - $URL = URL."/modules.php?module=index&what=sponsor_login&hash="; + $URL = "modules.php?module=index&what=sponsor_login&hash="; if (empty($_GET['hash'])) { // No refid and we add our refid (don't forget to set $def_refid!) - $URL = URL."/modules.php?module=index"; + $URL = "modules.php?module=index"; } else { // We have an refid here. So we simply add it $URL .= SQL_ESCAPE($_GET['hash']); @@ -54,7 +54,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // Redirection should be done here } else { // You have to configure first! - LOAD_URL(URL."/install.php"); + LOAD_URL("install.php"); } // Really all done here... ;-) diff --git a/sponsor_ref.php b/sponsor_ref.php index 6b66586eab..bbcb00a7f2 100644 --- a/sponsor_ref.php +++ b/sponsor_ref.php @@ -39,7 +39,7 @@ require("inc/config.php"); // Redirect only to registration page when this script is installed if (defined('mxchange_installed') && (isBooleanConstantAndTrue(mxchange_installed))) { // Base URL for redirection - $URL = URL."/modules.php?module=index&what=sponsor_reg&refid="; + $URL = "modules.php?module=index&what=sponsor_reg&refid="; // Get referal ID from ref or refid variable $ref = 0; @@ -51,7 +51,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue(mxchange_installe $URL .= $ref; } else { // No refid so we redirect to the index page - $URL = URL."/index.php"; + $URL = "index.php"; } // Load the URL @@ -60,7 +60,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue(mxchange_installe // Redirection should be done here } else { // You have to configure first! - LOAD_URL(URL."/install.php"); + LOAD_URL("install.php"); } // Really all done here... ;-) diff --git a/surfbar.php b/surfbar.php index 68b6d38707..dfc8d87175 100644 --- a/surfbar.php +++ b/surfbar.php @@ -54,10 +54,10 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // Only logged in users may use this surfbar! if (!EXT_IS_ACTIVE("surfbar")) { // Surfbar deactivated - LOAD_URL(URL."/modules.php?module=login&msg=".CODE_EXTENSION_PROBLEM."&ext=surfbar"); + LOAD_URL("modules.php?module=login&msg=".CODE_EXTENSION_PROBLEM."&ext=surfbar"); } elseif (!IS_MEMBER()) { // Redirect - LOAD_URL(URL."/modules.php?module=index"); + LOAD_URL("modules.php?module=index"); } // Handle tasks on self-maintenance