From 9941686b7682e5aa18a3c022152d3c614b133cfc Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 25 Aug 2010 21:09:35 +0000 Subject: [PATCH] Some minor rewrites, addPointsAutoPurge() now validates the userid before executing anything --- inc/libs/autopurge_functions.php | 6 ++++++ inc/wrapper-functions.php | 6 +++--- lead-confirm.php | 25 ++++++++----------------- 3 files changed, 17 insertions(+), 20 deletions(-) diff --git a/inc/libs/autopurge_functions.php b/inc/libs/autopurge_functions.php index 176e6e40c4..8843c56145 100644 --- a/inc/libs/autopurge_functions.php +++ b/inc/libs/autopurge_functions.php @@ -44,6 +44,12 @@ if (!defined('__SECURITY')) { // Add points in autopurge-mode function addPointsAutoPurge ($userid, $points) { + // Is the userid valid? + if (!isValidUserId($userid)) { + // Please report all these bugs + debug_report_bug(__FUNCTION__, __LINE__, 'Invalid call. userid=' . $userid . ',points=' . $points); + } // END - if + // Add points over the ref system directly now addPointsDirectly('autopurge_add', $userid, $points); diff --git a/inc/wrapper-functions.php b/inc/wrapper-functions.php index 7480bb4cf9..da04d5ddcc 100644 --- a/inc/wrapper-functions.php +++ b/inc/wrapper-functions.php @@ -807,7 +807,7 @@ function initUserData () { // User id should not be zero if (!isValidUserId(getCurrentUserId())) { // Should be always valid - debug_report_bug(__FUNCTION__, __LINE__, 'User id is zero.'); + debug_report_bug(__FUNCTION__, __LINE__, 'Current user id is invalid: ' . getCurrentUserId()); } // END - if // Init the user @@ -819,7 +819,7 @@ function getUserData ($column) { // User id should not be zero if (!isValidUserId(getCurrentUserId())) { // Should be always valid - debug_report_bug(__FUNCTION__, __LINE__, 'User id is zero.'); + debug_report_bug(__FUNCTION__, __LINE__, 'Current user id is invalid: ' . getCurrentUserId()); } // END - if // Return the value @@ -834,7 +834,7 @@ function getUserDataArray () { // Is the current userid valid? if (!isValidUserId($userid)) { // Should be always valid - debug_report_bug(__FUNCTION__, __LINE__, 'User id is invalid.'); + debug_report_bug(__FUNCTION__, __LINE__, 'Current user id is invalid: ' . $userid); } // END - if // Get the whole array if found diff --git a/lead-confirm.php b/lead-confirm.php index 65a1ecfa7c..4c179e831c 100644 --- a/lead-confirm.php +++ b/lead-confirm.php @@ -63,27 +63,18 @@ loadIncludeOnce('inc/header.php'); // Initialize the array for the template $content = array( - 'lead_userid' => -1, - 'lead_email' => 'INVALID@EMAIL' + 'lead_userid' => '0', + 'lead_email' => '{?WEBMASTER?}' ); // Is the cookie set? -if (isSessionVariableSet('lead_userid')) { - // Is the user-account unlocked and valid? - if (fetchUserData(getSession('lead_userid'))) { - // Secure the id number - $content['lead_userid'] = bigintval(getSession('lead_userid')); +if ((isSessionVariableSet('lead_userid')) && (fetchUserData(getSession('lead_userid')))) { + // Secure the id number + $content['lead_userid'] = bigintval(getSession('lead_userid')); - // Load the email address - $content['lead_email'] = getUserData('email'); - } else { - // Not found! - $content['lead_userid'] = '0'; - } -} else { - // Maybe spider? - $content['lead_email'] = getConfig('WEBMASTER'); -} + // Load the email address + $content['lead_email'] = getUserData('email'); +} // END - if // Load the lead template loadTemplate('lead_code', false, $content); -- 2.39.5