From 898d17a09c66527b1e5d45149e23b88d42487c35 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Tue, 6 May 2008 09:40:47 +0000
Subject: [PATCH] Birthday link fixed

---
 birthday_confirm.php | 15 ++++++---------
 inc/functions.php    | 10 ++++++++--
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/birthday_confirm.php b/birthday_confirm.php
index 8dd674554a..3dd8dedf4b 100644
--- a/birthday_confirm.php
+++ b/birthday_confirm.php
@@ -50,23 +50,20 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
 	$uid = strip_tags(bigintval($_GET['uid']));
 
 	// Only allow numbers here...
-	$chk = strip_tags(bigintval($_GET['check']));
-
-	// .. only first 32 numbers
-	$chk = substr($chk, 0, 32);
+	$chk = strip_tags(bigintval($_GET['check'], false));
 
 	// Check if link is not clicked so far
 	$result = SQL_QUERY_ESC("SELECT DISTINCT b.points, d.sex, d.surname, d.family, d.status
 FROM "._MYSQL_PREFIX."_user_birthday AS b
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON b.userid=d.userid
-WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
+WHERE b.userid=%d AND b.chk_value=%d LIMIT 1",
  array($uid, $chk), __FILE__, __LINE__);
 
 	if (SQL_NUMROWS($result) == 1)
 	{
 		// Ok, congratulation again! Here's your gift from us...
-		list($GIFT, $salut, $sname, $fname, $status) = SQL_FETCHROW($result);
+		list($gift, $salut, $sname, $fname, $status) = SQL_FETCHROW($result);
 		if ($status == "CONFIRMED")
 		{
 			// Set mode depending on how many mails the member has to confirm
@@ -75,7 +72,7 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
 
 			// Add points to account
 			$DEPTH = 0;
-			ADD_POINTS_REFSYSTEM($uid, $GIFT, false, "0", $locked, strtolower($_CONFIG['birthday_mode']));
+			ADD_POINTS_REFSYSTEM($uid, $gift, false, "0", $locked, strtolower($_CONFIG['birthday_mode']));
 
 			// Remove entry from table
 			$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d LIMIT 1",
@@ -85,14 +82,14 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
 			if (GET_EXT_VERSION("mediadata") >= "0.0.4")
 			{
 				// Update database
-				MEDIA_UPDATE_ENTRY(array("total_points"), "add", $GIFT);
+				MEDIA_UPDATE_ENTRY(array("total_points"), "add", $gift);
 			}
 
 			// Transfer data to constants for the template
 			define('__SALUT', TRANSLATE_SEX($salut));
 			define('__SNAME', $sname);
 			define('__FNAME', $fname);
-			define('__GIFT' , $GIFT);
+			define('__GIFT' , $gift);
 
 			// Load message from template
 			define('__MSG', LOAD_TEMPLATE("birthday_msg", true));
diff --git a/inc/functions.php b/inc/functions.php
index 005fea7a72..e24be85a2d 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1216,9 +1216,15 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="")
 	return $return;
 }
 // Does only allow numbers
-function bigintval($num)
+function bigintval($num, $castValue = true)
 {
-	$ret = (int) preg_replace("/[^0123456789]/", "", $num);
+	// Filter all numbers out
+	$ret = preg_replace("/[^0123456789]/", "", $num);
+
+	// Cast the value?
+	if ($castValue) $ret = (int) $ret;
+
+	// Return result
 	return $ret;
 }
 // Insert the code in $img_code into jpeg or PNG image
-- 
2.39.5