From a1ef1533f17e1ca5db81a9912632491e72626694 Mon Sep 17 00:00:00 2001 From: quix0r Date: Sat, 6 Sep 2008 05:28:10 +0000 Subject: [PATCH] Tons of rewrites (SQL queries), surfbar nearly finished (working: surfing with static payout), minor fixes --- .gitattributes | 29 +- beg.php | 17 +- birthday_confirm.php | 4 +- click.php | 2 +- doubler.php | 14 +- inc/autopurge.php | 22 +- inc/db/lib-mysql3.php | 14 +- inc/db/lib.php | 2 +- inc/doubler_send.php | 18 +- inc/extensions.php | 8 +- inc/extensions/ext-active.php | 2 +- inc/extensions/ext-autopurge.php | 6 +- inc/extensions/ext-beg.php | 10 +- inc/extensions/ext-birthday.php | 6 +- inc/extensions/ext-bonus.php | 12 +- inc/extensions/ext-cache.php | 2 +- inc/extensions/ext-doubler.php | 7 +- inc/extensions/ext-holiday.php | 6 +- inc/extensions/ext-maintenance.php | 2 +- inc/extensions/ext-mediadata.php | 4 +- inc/extensions/ext-newsletter.php | 6 +- inc/extensions/ext-order.php | 4 +- inc/extensions/ext-profile.php | 4 +- inc/extensions/ext-register.php | 2 +- inc/extensions/ext-rewrite.php | 2 +- inc/extensions/ext-sponsor.php | 2 +- inc/extensions/ext-sql_patches.php | 2 +- inc/extensions/ext-surfbar.php | 11 +- inc/extensions/ext-top10.php | 2 +- inc/extensions/ext-transfer.php | 4 +- inc/extensions/ext-user.php | 2 +- inc/footer.php | 7 +- inc/functions.php | 110 ++++--- inc/gen_sql_patches.php | 2 +- inc/header.php | 2 +- inc/libs/admins_functions.php | 14 +- inc/libs/autopurge_functions.php | 4 +- inc/libs/bonus_functions.php | 28 +- inc/libs/country_functions.php | 2 +- inc/libs/holiday_functions.php | 4 +- inc/libs/nickname_functions.php | 4 +- inc/libs/output_functions.php | 11 +- inc/libs/rallye_functions.php | 40 +-- inc/libs/sponsor_functions.php | 9 +- inc/libs/surfbar_functions.php | 288 +++++++++++++++++- inc/load_cache.php | 20 +- inc/mails/beg_mails.php | 2 +- inc/mails/birthday_mails.php | 4 +- inc/mails/bonus_mails.php | 2 +- inc/modules/admin.php | 4 +- inc/modules/admin/admin-inc.php | 21 +- inc/modules/admin/overview-inc.php | 20 +- inc/modules/admin/what-add_points.php | 8 +- inc/modules/admin/what-adminedit.php | 12 +- inc/modules/admin/what-admins_contct.php | 2 +- inc/modules/admin/what-admins_mails.php | 2 +- inc/modules/admin/what-config_admins.php | 12 +- inc/modules/admin/what-config_cats.php | 10 +- inc/modules/admin/what-config_email.php | 8 +- inc/modules/admin/what-config_mods.php | 4 +- inc/modules/admin/what-config_payouts.php | 10 +- inc/modules/admin/what-config_points.php | 14 +- .../admin/what-config_rallye_prices.php | 12 +- inc/modules/admin/what-config_register.php | 2 +- inc/modules/admin/what-del_email.php | 18 +- inc/modules/admin/what-del_holiday.php | 10 +- inc/modules/admin/what-del_transfer.php | 4 +- inc/modules/admin/what-del_user.php | 4 +- inc/modules/admin/what-edit_emails.php | 4 +- inc/modules/admin/what-edit_user.php | 6 +- inc/modules/admin/what-email_archiv.php | 2 +- inc/modules/admin/what-email_details.php | 2 +- inc/modules/admin/what-extensions.php | 12 +- inc/modules/admin/what-guestedit.php | 16 +- inc/modules/admin/what-list_cats.php | 4 +- inc/modules/admin/what-list_country.php | 2 +- inc/modules/admin/what-list_links.php | 12 +- inc/modules/admin/what-list_newsletter.php | 4 +- inc/modules/admin/what-list_payouts.php | 18 +- inc/modules/admin/what-list_rallyes.php | 26 +- inc/modules/admin/what-list_refs.php | 10 +- inc/modules/admin/what-list_task.php | 6 +- inc/modules/admin/what-list_unconfirmed.php | 4 +- inc/modules/admin/what-list_user.php | 2 +- inc/modules/admin/what-lock_user.php | 8 +- inc/modules/admin/what-memedit.php | 16 +- inc/modules/admin/what-newsletter.php | 3 - inc/modules/admin/what-payments.php | 4 +- inc/modules/admin/what-refbanner.php | 6 +- inc/modules/admin/what-repair_amnu.php | 4 +- inc/modules/admin/what-repair_cats.php | 4 +- inc/modules/admin/what-repair_gmnu.php | 4 +- inc/modules/admin/what-repair_mmnu.php | 4 +- inc/modules/admin/what-send_bonus.php | 6 +- inc/modules/admin/what-stats.php | 3 - inc/modules/admin/what-sub_points.php | 17 +- inc/modules/admin/what-theme_check.php | 21 +- inc/modules/admin/what-unlock_emails.php | 16 +- inc/modules/admin/what-user_contct.php | 2 +- inc/modules/chk_login.php | 4 +- inc/modules/frametester.php | 2 +- inc/modules/guest/action-online.php | 2 +- inc/modules/guest/what-confirm.php | 4 +- inc/modules/guest/what-login.php | 14 +- inc/modules/guest/what-register.php | 10 +- inc/modules/guest/what-stats.php | 4 +- inc/modules/member/what-beg.php | 2 +- inc/modules/member/what-categories.php | 6 +- inc/modules/member/what-holiday.php | 20 +- inc/modules/member/what-html_mail.php | 4 +- inc/modules/member/what-logout.php | 17 +- inc/modules/member/what-mydata.php | 26 +- inc/modules/member/what-newsletter.php | 4 +- inc/modules/member/what-nickname.php | 2 +- inc/modules/member/what-order.php | 46 +-- inc/modules/member/what-payout.php | 26 +- inc/modules/member/what-points.php | 10 +- inc/modules/member/what-reflinks.php | 2 +- inc/modules/member/what-stats.php | 4 +- inc/modules/member/what-surfbar_start.php | 5 +- inc/modules/member/what-themes.php | 7 +- inc/modules/member/what-transfer.php | 27 +- inc/modules/member/what-unconfirmed.php | 10 +- inc/modules/member/what-welcome.php | 2 +- inc/modules/member/what-wernis.php | 12 +- inc/modules/order.php | 9 +- inc/monthly/monthly_beg.php | 4 +- inc/monthly/monthly_bonus.php | 4 +- inc/monthly/monthly_newsletter.php | 4 +- inc/mysql-connect.php | 6 +- inc/mysql-manager.php | 91 +++--- inc/pool-update.php | 38 +-- inc/profile-updte.php | 2 +- inc/reset/reset_beg.php | 2 +- inc/reset/reset_bonus.php | 2 +- inc/reset/reset_daily.php | 4 +- inc/reset/reset_engine.php | 2 +- inc/reset/reset_holiday.php | 6 +- inc/session.php | 12 + inc/stats_bonus.php | 4 +- inc/theme-manager.php | 31 +- lead-confirm.php | 2 +- mailid.php | 14 +- mailid_top.php | 28 +- modules.php | 20 +- ref.php | 2 +- show_bonus.php | 2 +- surfbar.php | 138 +++++++++ .../html/admin/admin_config_autopurge_pro.tpl | 1 - .../de/html/admin/admin_config_beg_pro.tpl | 1 - .../de/html/admin/admin_config_bonus_pro.tpl | 1 - .../html/admin/admin_config_doubler_pro.tpl | 1 - templates/de/html/admin/admin_config_reg.tpl | 1 - .../html/admin/admin_config_transfer_pro.tpl | 1 - .../de/html/admin/admin_extensions_search.tpl | 1 - .../de/html/admin/admin_mods_footer_edit.tpl | 1 - .../de/html/admin/admin_mods_footer_list.tpl | 1 - .../de/html/admin/admin_mods_footer_stats.tpl | 1 - .../html/admin/admin_mods_footer_stats2.tpl | 1 - .../de/html/admin/admin_mods_header_edit.tpl | 1 - .../de/html/admin/admin_mods_header_list.tpl | 1 - .../de/html/admin/admin_mods_header_stats.tpl | 1 - .../html/admin/admin_mods_header_stats2.tpl | 1 - templates/de/html/admin/admin_setup_stats.tpl | 1 - templates/de/html/mailid/mailid_frames.tpl | 13 +- templates/de/html/mailid/mailid_frameset.tpl | 1 - templates/de/html/mailid/mailid_timer.tpl | 13 +- .../de/html/member/member_frameset-back.tpl | 1 - .../de/html/member/member_frameset-send.tpl | 1 - .../de/html/member/member_surfbar_link.tpl | 3 + .../member/member_surfbar_start_static.tpl | 12 + .../de/html/member/member_welcome_footer.tpl | 5 +- .../de/html/member/member_welcome_header.tpl | 20 +- templates/de/html/surfbar/.htaccess | 1 + .../de/html/surfbar/surfbar_frame_banner.tpl | 7 + .../de/html/surfbar/surfbar_frame_top.tpl | 54 ++++ .../de/html/surfbar/surfbar_frameset.tpl | 17 ++ templates/de/html/surfbar/surfbar_stopped.tpl | 9 + view.php | 4 +- 179 files changed, 1269 insertions(+), 813 deletions(-) delete mode 100644 inc/modules/admin/what-newsletter.php delete mode 100644 inc/modules/admin/what-stats.php create mode 100644 surfbar.php delete mode 100644 templates/de/html/admin/admin_config_autopurge_pro.tpl delete mode 100644 templates/de/html/admin/admin_config_beg_pro.tpl delete mode 100644 templates/de/html/admin/admin_config_bonus_pro.tpl delete mode 100644 templates/de/html/admin/admin_config_doubler_pro.tpl delete mode 100644 templates/de/html/admin/admin_config_reg.tpl delete mode 100644 templates/de/html/admin/admin_config_transfer_pro.tpl delete mode 100644 templates/de/html/admin/admin_extensions_search.tpl delete mode 100644 templates/de/html/admin/admin_mods_footer_edit.tpl delete mode 100644 templates/de/html/admin/admin_mods_footer_list.tpl delete mode 100644 templates/de/html/admin/admin_mods_footer_stats.tpl delete mode 100644 templates/de/html/admin/admin_mods_footer_stats2.tpl delete mode 100644 templates/de/html/admin/admin_mods_header_edit.tpl delete mode 100644 templates/de/html/admin/admin_mods_header_list.tpl delete mode 100644 templates/de/html/admin/admin_mods_header_stats.tpl delete mode 100644 templates/de/html/admin/admin_mods_header_stats2.tpl delete mode 100644 templates/de/html/admin/admin_setup_stats.tpl delete mode 100644 templates/de/html/mailid/mailid_frameset.tpl delete mode 100644 templates/de/html/member/member_frameset-back.tpl delete mode 100644 templates/de/html/member/member_frameset-send.tpl create mode 100644 templates/de/html/member/member_surfbar_link.tpl create mode 100644 templates/de/html/member/member_surfbar_start_static.tpl create mode 100644 templates/de/html/surfbar/.htaccess create mode 100644 templates/de/html/surfbar/surfbar_frame_banner.tpl create mode 100644 templates/de/html/surfbar/surfbar_frame_top.tpl create mode 100644 templates/de/html/surfbar/surfbar_frameset.tpl create mode 100644 templates/de/html/surfbar/surfbar_stopped.tpl diff --git a/.gitattributes b/.gitattributes index 4294b17df0..cff20e6627 100644 --- a/.gitattributes +++ b/.gitattributes @@ -343,7 +343,6 @@ inc/modules/admin/what-logs.php -text inc/modules/admin/what-maintenance.php -text inc/modules/admin/what-mem_add.php -text inc/modules/admin/what-memedit.php -text -inc/modules/admin/what-newsletter.php -text inc/modules/admin/what-optimize.php -text inc/modules/admin/what-overview.php -text inc/modules/admin/what-payments.php -text @@ -357,7 +356,6 @@ inc/modules/admin/what-repair_mmenu.php -text inc/modules/admin/what-repair_mmnu.php -text inc/modules/admin/what-send_bonus.php -text inc/modules/admin/what-send_newsletter.php -text -inc/modules/admin/what-stats.php -text inc/modules/admin/what-stats_mods.php -text inc/modules/admin/what-sub_points.php -text inc/modules/admin/what-theme_check.php -text @@ -559,6 +557,7 @@ install/tables.sql -text /show_bonus.php -text /sponsor_confirm.php -text /sponsor_ref.php -text +/surfbar.php -text templates/.htaccess -text templates/de/.htaccess -text templates/de/emails/add-points.tpl -text @@ -742,17 +741,13 @@ templates/de/html/admin/admin_config_admins_edit.tpl -text templates/de/html/admin/admin_config_admins_edit_row.tpl -text templates/de/html/admin/admin_config_admins_row.tpl -text templates/de/html/admin/admin_config_autopurge.tpl -text -templates/de/html/admin/admin_config_autopurge_pro.tpl -text templates/de/html/admin/admin_config_beg.tpl -text -templates/de/html/admin/admin_config_beg_pro.tpl -text templates/de/html/admin/admin_config_birthday.tpl -text templates/de/html/admin/admin_config_bonus.tpl -text -templates/de/html/admin/admin_config_bonus_pro.tpl -text templates/de/html/admin/admin_config_cache.tpl -text templates/de/html/admin/admin_config_cats.tpl -text templates/de/html/admin/admin_config_cats_row.tpl -text templates/de/html/admin/admin_config_doubler.tpl -text -templates/de/html/admin/admin_config_doubler_pro.tpl -text templates/de/html/admin/admin_config_email.tpl -text templates/de/html/admin/admin_config_email_del.tpl -text templates/de/html/admin/admin_config_email_del_row.tpl -text @@ -787,7 +782,6 @@ templates/de/html/admin/admin_config_rallye_edit_row.tpl -text templates/de/html/admin/admin_config_rallye_prices.tpl -text templates/de/html/admin/admin_config_rallye_prices_row.tpl -text templates/de/html/admin/admin_config_refid.tpl -text -templates/de/html/admin/admin_config_reg.tpl -text templates/de/html/admin/admin_config_reg_pro.tpl -text templates/de/html/admin/admin_config_register.tpl -text templates/de/html/admin/admin_config_register2.tpl -text @@ -801,7 +795,6 @@ templates/de/html/admin/admin_config_surfbar.tpl -text templates/de/html/admin/admin_config_title.tpl -text templates/de/html/admin/admin_config_top10.tpl -text templates/de/html/admin/admin_config_transfer.tpl -text -templates/de/html/admin/admin_config_transfer_pro.tpl -text templates/de/html/admin/admin_config_user.tpl -text templates/de/html/admin/admin_config_wernis.tpl -text templates/de/html/admin/admin_contct_user_form.tpl -text @@ -849,7 +842,6 @@ templates/de/html/admin/admin_extensions_edit_row.tpl -text templates/de/html/admin/admin_extensions_installed.tpl -text templates/de/html/admin/admin_extensions_list.tpl -text templates/de/html/admin/admin_extensions_row.tpl -text -templates/de/html/admin/admin_extensions_search.tpl -text templates/de/html/admin/admin_extensions_text.tpl -text templates/de/html/admin/admin_footer.tpl -text templates/de/html/admin/admin_gmenu_delete.tpl -text @@ -962,14 +954,6 @@ templates/de/html/admin/admin_mmenu_overview.tpl -text templates/de/html/admin/admin_mmenu_status.tpl -text templates/de/html/admin/admin_mods_edit.tpl -text templates/de/html/admin/admin_mods_edit_row.tpl -text -templates/de/html/admin/admin_mods_footer_edit.tpl -text -templates/de/html/admin/admin_mods_footer_list.tpl -text -templates/de/html/admin/admin_mods_footer_stats.tpl -text -templates/de/html/admin/admin_mods_footer_stats2.tpl -text -templates/de/html/admin/admin_mods_header_edit.tpl -text -templates/de/html/admin/admin_mods_header_list.tpl -text -templates/de/html/admin/admin_mods_header_stats.tpl -text -templates/de/html/admin/admin_mods_header_stats2.tpl -text templates/de/html/admin/admin_mods_list.tpl -text templates/de/html/admin/admin_mods_list_row.tpl -text templates/de/html/admin/admin_mods_stats.tpl -text @@ -1021,7 +1005,6 @@ templates/de/html/admin/admin_send_bonus_form.tpl -text templates/de/html/admin/admin_send_bonus_select.tpl -text templates/de/html/admin/admin_send_reset_link.tpl -text templates/de/html/admin/admin_settings_saved.tpl -text -templates/de/html/admin/admin_setup_stats.tpl -text templates/de/html/admin/admin_sponsor_paytypes.tpl -text templates/de/html/admin/admin_sub_points.tpl -text templates/de/html/admin/admin_sub_points_all.tpl -text @@ -1184,7 +1167,6 @@ templates/de/html/mailid/mailid_banner.tpl -text templates/de/html/mailid/mailid_confirm_buttom.tpl -text templates/de/html/mailid/mailid_enter_code.tpl -text templates/de/html/mailid/mailid_frames.tpl -text -templates/de/html/mailid/mailid_frameset.tpl -text templates/de/html/mailid/mailid_points_done.tpl -text templates/de/html/mailid/mailid_points_done2.tpl -text templates/de/html/mailid/mailid_points_failed.tpl -text @@ -1211,8 +1193,6 @@ templates/de/html/member/member_doubler.tpl -text templates/de/html/member/member_doubler_list.tpl -text templates/de/html/member/member_doubler_list_rows.tpl -text templates/de/html/member/member_footer.tpl -text -templates/de/html/member/member_frameset-back.tpl -text -templates/de/html/member/member_frameset-send.tpl -text templates/de/html/member/member_goto_top.tpl -text templates/de/html/member/member_header.tpl -text templates/de/html/member/member_holiday_deactivate.tpl -text @@ -1260,6 +1240,8 @@ templates/de/html/member/member_stats_table.tpl -text templates/de/html/member/member_support_contacted.tpl -text templates/de/html/member/member_support_contcted.tpl -text templates/de/html/member/member_support_form.tpl -text +templates/de/html/member/member_surfbar_link.tpl -text +templates/de/html/member/member_surfbar_start_static.tpl -text templates/de/html/member/member_themes.tpl -text templates/de/html/member/member_transfer_list.tpl -text templates/de/html/member/member_transfer_new.tpl -text @@ -1306,6 +1288,11 @@ templates/de/html/sponsor/sponsor_main.tpl -text templates/de/html/sponsor/sponsor_settings_form.tpl -text templates/de/html/sponsor/sponsor_welcome.tpl -text templates/de/html/sponsor/sponsor_what.tpl -text +templates/de/html/surfbar/.htaccess -text +templates/de/html/surfbar/surfbar_frame_banner.tpl -text +templates/de/html/surfbar/surfbar_frame_top.tpl -text +templates/de/html/surfbar/surfbar_frameset.tpl -text +templates/de/html/surfbar/surfbar_stopped.tpl -text templates/de/html/theme_one.tpl -text templates/de/html/theme_select_box.tpl -text templates/de/html/theme_select_form.tpl -text diff --git a/beg.php b/beg.php index eb9bf94422..e402809626 100644 --- a/beg.php +++ b/beg.php @@ -69,7 +69,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install } } else { // Direct userid - $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['uid'])), __FILE__, __LINE__); } @@ -112,11 +112,11 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install if (($uid > 0) && ($_CONFIG['beg_uid'] != $uid)) { // Update counter - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array($uid), __FILE__, __LINE__); // Check for last entry for userid w/o IP number - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%d)) AND remote_ip='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%s)) AND remote_ip='%s' LIMIT 1", array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__); if ((SQL_NUMROWS($result) == 0) && ($points > 0) && (!$login)) { // Free memory @@ -137,7 +137,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install // Is begging rallye active? if ($_CONFIG['beg_rallye'] == "Y") { // Add points to rallye account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1", array($points, $uid), __FILE__, __LINE__); } else { // Add points to account @@ -148,14 +148,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install // Subtract begged points from member account if the admin has selected one if ($_CONFIG['beg_uid'] > 0) { // Subtract from this account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array($points, bigintval($_CONFIG['beg_uid'])), __FILE__, __LINE__); - - // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") { - // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points); - } + SUB_POINTS($_CONFIG['beg_uid'], $points); } // Set message diff --git a/birthday_confirm.php b/birthday_confirm.php index 621b21fe92..68fd150ef9 100644 --- a/birthday_confirm.php +++ b/birthday_confirm.php @@ -57,7 +57,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install FROM "._MYSQL_PREFIX."_user_birthday AS b INNER JOIN "._MYSQL_PREFIX."_user_data AS d ON b.userid=d.userid -WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1", +WHERE b.userid=%s AND b.chk_value='%s' LIMIT 1", array($uid, $chk), __FILE__, __LINE__); //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")
\n"; @@ -77,7 +77,7 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1", ADD_POINTS_REFSYSTEM($uid, $data['points'], false, "0", $locked, strtolower($_CONFIG['birthday_mode'])); // Remove entry from table - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d AND chk_value='%s' LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%s AND chk_value='%s' LIMIT 1", array($uid, $chk), __FILE__, __LINE__); // Update mediadata if version is 0.0.4 or newer diff --git a/click.php b/click.php index 016ba77555..d5c3aaa6a0 100644 --- a/click.php +++ b/click.php @@ -47,7 +47,7 @@ require ("inc/config.php"); if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) { // Update clicks counter... $CLICK = 1; - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET clicks=clicks+1 WHERE id=%d LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__); if (SQL_AFFECTEDROWS($link) == 1) { if (!empty($_GET['user'])) { LOAD_URL("ref.php?refid=".bigintval($_GET['user'])); diff --git a/doubler.php b/doubler.php index e8a088bc8c..ca2934f7b6 100644 --- a/doubler.php +++ b/doubler.php @@ -64,7 +64,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install else { // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); } @@ -99,7 +99,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install else { // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_POST['userid'])), __FILE__, __LINE__); } @@ -134,15 +134,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__); // Subtract entered points - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array($_POST['points'], $uid), __FILE__, __LINE__); - - // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { - // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $_POST['points']); - } + SUB_POINTS($uid, $_POST['points']); // Add points to "total payed" including charge $points = $_POST['points'] - $_POST['points'] * $_CONFIG['doubler_charge']; diff --git a/inc/autopurge.php b/inc/autopurge.php index 39c630bdeb..0871b6ce80 100644 --- a/inc/autopurge.php +++ b/inc/autopurge.php @@ -67,7 +67,7 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid", while(list($mid, $sender, $pool, $price) = SQL_FETCHROW($result)) { // Check if confirmation links are purged or not - $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d LIMIT 1", + $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s LIMIT 1", array(bigintval($mid)), __FILE__, __LINE__); if (SQL_NUMROWS($result_links) == 1) { @@ -85,11 +85,11 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid", $uid = $sender; $points += $price; $admin_points += $price; // Remove confirmation links from queue - $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d", + $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s", array(bigintval($mid)), __FILE__, __LINE__); // Update status of order - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='DELETED' WHERE id=%d LIMIT 1", + $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='DELETED' WHERE id=%s LIMIT 1", array(bigintval($pool)), __FILE__, __LINE__); } } @@ -114,7 +114,7 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid", while (list($bid, $price) = SQL_FETCHROW($result)) { // Check if confirmation links are purged or not - $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d", + $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s", array(bigintval($bid)), __FILE__, __LINE__); if (SQL_NUMROWS($result_links) > 0) { @@ -125,11 +125,11 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid", SQL_FREERESULT($result_links); // Remove confirmation links from queue - $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d", + $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s", array(bigintval($bid)), __FILE__, __LINE__); // Update status of order - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='DELETED' WHERE id=%d LIMIT 1", + $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='DELETED' WHERE id=%s LIMIT 1", array(bigintval($bid)), __FILE__, __LINE__); } } @@ -199,7 +199,7 @@ ORDER BY d.userid", array($since, $since, $since), __FILE__, __LINE__); SEND_EMAIL($email, AUTOPURGE_MEMBER_INACTIVE_SUBJECT, $msg); // Update this account - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ap_notified=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1", + $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ap_notified=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); } @@ -328,11 +328,11 @@ if ($_CONFIG['ap_del_mails']) while(list($sender) = SQL_FETCHROW($result_mails)) { // Check now... - $fount = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__)); + $fount = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__)); if ($found == 0) { // Okay we found some mails! - $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE sender=%d", + $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE sender=%s", array(bigintval($sender)), __FILE__, __LINE__); $DELETED += SQL_AFFECTEDROWS(); @@ -359,11 +359,11 @@ if ($_CONFIG['ap_del_mails']) while(list($sender) = SQL_FETCHROW($result_mails)) { // Check now... - $found = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__)); + $found = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__)); if ($found == 0) { // Okay we found some mails! - $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE sender=%d", array(bigintval($sender)), __FILE__, __LINE__); + $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE sender=%s", array(bigintval($sender)), __FILE__, __LINE__); $DELETED += SQL_AFFECTEDROWS(); // Reset query (to prevent possible errors) ... diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index 95e409042d..a49a60f109 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -66,7 +66,7 @@ function SQL_QUERY($sql_string, $F, $L) { // Debug output //* DEBUG: */ print "Query=
".$sql_string."
, affected=".SQL_AFFECTEDROWS().", numrows=".SQL_NUMROWS($result)."
\n"; - if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (DEBUG_SQL)) { + if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (isBooleanConstantAndTrue('DEBUG_SQL'))) { // // Debugging stuff... // @@ -176,7 +176,7 @@ function SQL_CLOSE($link, $F, $L) { global $_CONFIG, $cacheInstance, $cacheArray; if ((GET_EXT_VERSION("cache") >= "0.0.7") && (isset($_CONFIG['db_hits'])) && (isset($_CONFIG['cache_hits'])) && (is_object($cacheInstance))) { // Update counter for db/cache - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%d, cache_hits=%d WHERE config=0 LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%s, cache_hits=%s WHERE config=0 LIMIT 1", array(bigintval($_CONFIG['db_hits']), bigintval($_CONFIG['cache_hits'])), __FILE__, __LINE__); // Update cache here @@ -234,9 +234,15 @@ function SQL_INSERTID() { return @mysql_insert_id(); } // Escape a string for the database -function SQL_ESCAPE($str) { +function SQL_ESCAPE($str, $secureString = true) { global $link; + // Secure string first? (which is the default behaviour!) + if ($secureString) { + // Then do it here + $str = secureString($str); + } // END - if + if (!is_resource($link)) { // Fall-back to addslashes() when there is no link return addslashes($str); @@ -256,7 +262,7 @@ function SQL_ESCAPE($str) { // SELECT query string from table, columns and so on... ;-) function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id) { // Prepare the SQL statement - $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%d LIMIT 1"; + $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%s LIMIT 1"; // Return the result return SQL_QUERY_ESC($SQL, array(bigintval($id)), __FILE__, __LINE__); diff --git a/inc/db/lib.php b/inc/db/lib.php index d461ebf1e1..5d9a30891e 100644 --- a/inc/db/lib.php +++ b/inc/db/lib.php @@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { if (_DB_TYPE == "_DB_TYPE") define('_DB_TYPE', "mysql3"); // Create include file name -$INC = PATH."inc/db/lib-"._DB_TYPE.".php"; +$INC = sprintf("%sinc/db/lib-%s.php", PATH, _DB_TYPE); if ((file_exists($INC)) && (is_readable($INC))) { // Include abstraction layer diff --git a/inc/doubler_send.php b/inc/doubler_send.php index e4f16f4f9b..a0d6ee8404 100644 --- a/inc/doubler_send.php +++ b/inc/doubler_send.php @@ -84,7 +84,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y")) if ($DOUBLER_POINTS >= $points) { // Check for his ref points - $result_ref = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_doubler WHERE refid=%d AND completed='N' AND is_ref='Y'", + $result_ref = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_doubler WHERE refid=%s AND completed='N' AND is_ref='Y'", array(bigintval($uid)), __FILE__, __LINE__); list($ref) = SQL_FETCHROW($result_ref); @@ -97,7 +97,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y")) { // Referral points found so add them and set line(s) to completed='Y' $points += $ref; - $result_ref = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE refid=%d AND completed='N' AND is_ref='Y'", + $result_ref = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE refid=%s AND completed='N' AND is_ref='Y'", array(bigintval($uid)), __FILE__, __LINE__); } else @@ -110,7 +110,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y")) if ($uid != $_CONFIG['doubler_uid']) { // Add points - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1", array($points, bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well @@ -122,7 +122,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y")) } // Set entry as "payed" - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); $OK = false; @@ -141,15 +141,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y")) if (($user > 0) && ($user >= $points) && (!$OK) && ($_CONFIG['doubler_uid'] > 0) && ($uid != $_CONFIG['doubler_uid'])) { // Add points to used points - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid='%d' LIMIT 1", - array($points, $_CONFIG['doubler_uid']), __FILE__, __LINE__); - - // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { - // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points); - } + SUB_POINTS($_CONFIG['doubler_uid'], $points); // Okay, done! $OK = true; diff --git a/inc/extensions.php b/inc/extensions.php index 06b5fc827e..fa5e463b8f 100644 --- a/inc/extensions.php +++ b/inc/extensions.php @@ -198,7 +198,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) array($ext_name, $EXT_LANG_PREFIX, $EXT_ALWAYS_ACTIVE, $EXT_VERSION), __FILE__, __LINE__); // Update task management - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); // In normal mode return a true on success @@ -222,7 +222,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) } } elseif (($id > 0) && (!empty($ext_name))) { // Remove task from system when id and extension's name is valid - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND status='NEW' LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND status='NEW' LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } @@ -275,7 +275,7 @@ function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE) { // Removal mode? if ($EXT_LOAD_MODE == "remove") { // Delete this extension (remember to remove it from your server *before* you click on welcome! - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); } // END - if @@ -563,7 +563,7 @@ function GET_EXT_NAME($id) else { // Load from database - $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($ret) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/extensions/ext-active.php b/inc/extensions/ext-active.php index 892b52e8d8..e867de09cf 100644 --- a/inc/extensions/ext-active.php +++ b/inc/extensions/ext-active.php @@ -123,7 +123,7 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); break; } diff --git a/inc/extensions/ext-autopurge.php b/inc/extensions/ext-autopurge.php index be92113332..84207b9bb3 100644 --- a/inc/extensions/ext-autopurge.php +++ b/inc/extensions/ext-autopurge.php @@ -258,14 +258,14 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); // Do we have a daily-reset-run? - if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1)) + if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1)) { // Yes, we have. So let's auto-purge some campaigns, inactive users and unconfirmed accounts - $INC_POOL[] = PATH."inc/autopurge.php"; + $INC_POOL[] = sprintf("%sinc/autopurge.php", PATH); } break; } diff --git a/inc/extensions/ext-beg.php b/inc/extensions/ext-beg.php index d30facebfc..ab6b8826f8 100644 --- a/inc/extensions/ext-beg.php +++ b/inc/extensions/ext-beg.php @@ -260,7 +260,7 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); // Remove old entries @@ -268,18 +268,18 @@ default: // Do stuff when extension is loaded if ($_CONFIG['beg_uid_timeout'] > $OLD) $OLD = $_CONFIG['beg_uid_timeout']; $result_ext = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_beg_ips WHERE timeout < ".(time() - $OLD - 60*60), __FILE__, __LINE__); - if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1)) + if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1)) { // Daily reset was run so let's check if begging rallye is active if ($_CONFIG['beg_rallye'] == "Y") { // Check for our winers - $INC_POOL[] = PATH."inc/monthly/monthly_beg.php"; + $INC_POOL[] = sprintf("%sinc/monthly/monthly_beg.php", PATH); } else { // Reset begging points - $INC_POOL[] = PATH."inc/reset/reset_beg.php"; + $INC_POOL[] = sprintf("inc/reset/reset_beg.php", PATH); } } @@ -287,7 +287,7 @@ default: // Do stuff when extension is loaded if (($_CONFIG['beg_rallye'] == "Y") && ($_CONFIG['beg_new_mem_notify'] == "Y")) { // Include file for sending out mails - $INC_POOL[] = PATH."inc/mails/beg_mails.php"; + $INC_POOL[] = sprintf("%sinc/mails/beg_mails.php", PATH); } // Return code for the URL diff --git a/inc/extensions/ext-birthday.php b/inc/extensions/ext-birthday.php index 067f106d69..7ea5372bc3 100644 --- a/inc/extensions/ext-birthday.php +++ b/inc/extensions/ext-birthday.php @@ -186,16 +186,16 @@ default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); // Copy config to main array - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); // Save some RAM... unset($dummy); - if ((defined('__DAILY_RESET')) && ($_CONFIG['birthday_points'] > 0)) + if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['birthday_points'] > 0)) { // Daily reset was run and we shall pay points so we start checking for members who // has a birthday for today - $INC_POOL[] = PATH."inc/mails/birthday_mails.php"; + $INC_POOL[] = sprintf("%sinc/mails/birthday_mails.php", PATH); } break; } diff --git a/inc/extensions/ext-bonus.php b/inc/extensions/ext-bonus.php index 2d83afcc55..b0bad4d91d 100644 --- a/inc/extensions/ext-bonus.php +++ b/inc/extensions/ext-bonus.php @@ -541,22 +541,22 @@ WHERE last_online < ".$mark." ORDER BY userid"; default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); - if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1)) + if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1)) { // Daily reset was run so let's check if active rallye is activated if ($_CONFIG['bonus_active'] == "Y") { // Run active rallye - if($_CONFIG['bonus_stats'] > 0) $INC_POOL[] = PATH."inc/stats_bonus.php"; - $INC_POOL[] = PATH."inc/monthly/monthly_bonus.php"; + if($_CONFIG['bonus_stats'] > 0) $INC_POOL[] = sprintf("%sinc/stats_bonus.php", PATH); + $INC_POOL[] = sprintf("%sinc/monthly/monthly_bonus.php", PATH); } else { // Reset points - $INC_POOL[] = PATH."inc/reset/reset_bonus.php"; + $INC_POOL[] = sprintf("%sinc/reset/reset_bonus.php", PATH); } } @@ -564,7 +564,7 @@ default: // Do stuff when extension is loaded if (($_CONFIG['bonus_active'] == "Y") && ($_CONFIG['bonus_new_mem_notify'] == "Y")) { // Include file for sending out mails - $INC_POOL[] = PATH."inc/mails/bonus_mails.php"; + $INC_POOL[] = sprintf("%sinc/mails/bonus_mails.php", PATH); } break; } diff --git a/inc/extensions/ext-cache.php b/inc/extensions/ext-cache.php index 83aaba132c..c13a330d37 100644 --- a/inc/extensions/ext-cache.php +++ b/inc/extensions/ext-cache.php @@ -185,7 +185,7 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); // Create instance on class diff --git a/inc/extensions/ext-doubler.php b/inc/extensions/ext-doubler.php index 260095dc12..0b3aff3158 100644 --- a/inc/extensions/ext-doubler.php +++ b/inc/extensions/ext-doubler.php @@ -237,13 +237,12 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); - if ((defined('__DAILY_RESET')) && ($_CONFIG['doubler_send_mode'] == "RESET")) - { + if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['doubler_send_mode'] == "RESET")) { // So let's check for points - $INC_POOL[] = PATH."inc/doubler_send.php"; + $INC_POOL[] = sprintf("%sinc/doubler_send.php", PATH); } break; } diff --git a/inc/extensions/ext-holiday.php b/inc/extensions/ext-holiday.php index 29215c7ce2..a5937ff225 100644 --- a/inc/extensions/ext-holiday.php +++ b/inc/extensions/ext-holiday.php @@ -225,14 +225,14 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); // Do we have a daily-reset-run? - if (((defined('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET")) || ($_CONFIG['holiday_mode'] == "DIRECT")) + if (((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET")) || ($_CONFIG['holiday_mode'] == "DIRECT")) { // Ok, let's check for finished holidays and unlock those accounts - $INC_POOL[] = PATH."inc/reset/reset_holiday.php"; + $INC_POOL[] = sprintf("%sinc/reset/reset_holiday.php", PATH); } break; } diff --git a/inc/extensions/ext-maintenance.php b/inc/extensions/ext-maintenance.php index cdcc08a7ba..0a36b71928 100644 --- a/inc/extensions/ext-maintenance.php +++ b/inc/extensions/ext-maintenance.php @@ -111,7 +111,7 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); break; } diff --git a/inc/extensions/ext-mediadata.php b/inc/extensions/ext-mediadata.php index 65f3cd5fde..efd1986f87 100644 --- a/inc/extensions/ext-mediadata.php +++ b/inc/extensions/ext-mediadata.php @@ -130,7 +130,7 @@ Bitte stellen Sie diesen derzeit manuell unter = "0.1.1")) + if ((isBooleanConstantAndTrue('__DAILY_RESET')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (GET_EXT_VERSION("order") >= "0.1.1")) { // Reset mail order values $result_ext = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET mail_orders=0 WHERE mail_orders > 0", __FILE__, __LINE__); diff --git a/inc/extensions/ext-profile.php b/inc/extensions/ext-profile.php index 87ce68aa67..6173b778f1 100644 --- a/inc/extensions/ext-profile.php +++ b/inc/extensions/ext-profile.php @@ -121,10 +121,10 @@ case "update": // Update an extension default: // Do stuff when extension is loaded // Do we have a daily-reset-run? - if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1)) + if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1)) { // So let's check for profiles which needs an update - $INC_POOL[] = PATH."inc/profile-updte.php"; + $INC_POOL[] = sprintf("%sinc/profile-updte.php", PATH); } break; } diff --git a/inc/extensions/ext-register.php b/inc/extensions/ext-register.php index 3836baf4b0..2224b0ba39 100644 --- a/inc/extensions/ext-register.php +++ b/inc/extensions/ext-register.php @@ -324,7 +324,7 @@ PRIMARY KEY(id) default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); break; } diff --git a/inc/extensions/ext-rewrite.php b/inc/extensions/ext-rewrite.php index 5e911a48e2..724dca64d2 100644 --- a/inc/extensions/ext-rewrite.php +++ b/inc/extensions/ext-rewrite.php @@ -137,7 +137,7 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); break; } diff --git a/inc/extensions/ext-sponsor.php b/inc/extensions/ext-sponsor.php index f53ee49b63..4201cc029a 100644 --- a/inc/extensions/ext-sponsor.php +++ b/inc/extensions/ext-sponsor.php @@ -428,7 +428,7 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); break; } diff --git a/inc/extensions/ext-sql_patches.php b/inc/extensions/ext-sql_patches.php index 669222adb7..2d7ea00271 100644 --- a/inc/extensions/ext-sql_patches.php +++ b/inc/extensions/ext-sql_patches.php @@ -567,7 +567,7 @@ default: // Do stuff when extension is loaded if (GET_EXT_VERSION("sql_patches") != '') { $_CONFIG['secret_key'] = ""; //die("
".print_r($dummy, true)."
"); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); // Read key from secret file if ((empty($_CONFIG['file_hash'])) || (empty($_CONFIG['master_salt'])) || (empty($_CONFIG['pass_scramble']))) { diff --git a/inc/extensions/ext-surfbar.php b/inc/extensions/ext-surfbar.php index d345980610..832f900abd 100644 --- a/inc/extensions/ext-surfbar.php +++ b/inc/extensions/ext-surfbar.php @@ -55,7 +55,9 @@ case "register": // Do stuff when installtion is running (modules.php?module=adm `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, `userid` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', `url` VARCHAR(255) NOT NULL DEFAULT '', +`last_salt` VARCHAR( 255 ) NOT NULL DEFAULT '', `reward` DOUBLE(20,5) UNSIGNED NOT NULL DEFAULT '0.00000', +`payment_id` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', `views_total` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', `status` ENUM('PENDING','CONFIRMED', 'LOCKED') NOT NULL DEFAULT 'CONFIRMED', `registered` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, @@ -73,8 +75,8 @@ UNIQUE KEY `userid_url` (`userid`, `url`) `url_id` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', `last_surfed` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY(`id`), -INDEX(`userid`), -INDEX(`url_id`) +INDEX (`userid`), +INDEX (`url_id`), ) TYPE=MyISAM COMMENT='Surfbar reload locks'"; // Reload locks @@ -108,6 +110,9 @@ PRIMARY KEY(`id`) $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','unlock_surfbar_urls','Wartende URLs freigeben','Geben Sie hier nur direkt in der Surfbar gebuchte URLs frei.',2)"; $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','list_surfbar_reflvl','Referal-Ebenen einstellen','Stellen Sie hier die prozentuale Vergütung für Refs ein. Es wird nur die Basisvergütung zur Rechengrundlage der Referalvergütung verwendet.',3)"; $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','config_surfbar','Einstellungen','Einstellungen an der Surfbar ändern, wie Festvergütung, prozentuale Ref-Vergütung und vieles mehr.',4)"; + + // Load CSS? + $EXT_CSS = "Y"; break; case "remove": // Do stuff when removing extension @@ -143,7 +148,7 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); break; } diff --git a/inc/extensions/ext-top10.php b/inc/extensions/ext-top10.php index 812699a71b..af5f2ed333 100644 --- a/inc/extensions/ext-top10.php +++ b/inc/extensions/ext-top10.php @@ -143,7 +143,7 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); break; } diff --git a/inc/extensions/ext-transfer.php b/inc/extensions/ext-transfer.php index 76fec572ee..a69fe2d0a0 100644 --- a/inc/extensions/ext-transfer.php +++ b/inc/extensions/ext-transfer.php @@ -284,10 +284,10 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); - if ((defined('__DAILY_RESET')) && ($_CONFIG['ap_transfer'] == "Y")) + if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['ap_transfer'] == "Y")) { // Automatically remove outdated or not displayed transactions TRANSFER_AUTPPURGE($_CONFIG['transfer_max'], $_CONFIG['transfer_age']); diff --git a/inc/extensions/ext-user.php b/inc/extensions/ext-user.php index 30f0e570bd..fb87fe583c 100644 --- a/inc/extensions/ext-user.php +++ b/inc/extensions/ext-user.php @@ -215,7 +215,7 @@ case "update": // Update an extension default: // Do stuff when extension is loaded $dummy = LOAD_CONFIG(); - $_CONFIG = array_merge($_CONFIG, $dummy); + $_CONFIG = merge_array($_CONFIG, $dummy); unset($dummy); break; } diff --git a/inc/footer.php b/inc/footer.php index bbb91a4a20..aca9c6e0eb 100644 --- a/inc/footer.php +++ b/inc/footer.php @@ -58,8 +58,11 @@ if (($footer != "1") && ($footer != "2") && ($CSS != "1")) { DISPLAY_PARSING_TIME_FOOTER(); } // END - if - // Load page footer - LOAD_TEMPLATE("page_footer"); + // Not in frameset mode? + if ((!isset($isFrameset)) || ($isFrameset === false)) { + // Load page footer + LOAD_TEMPLATE("page_footer"); + } // END - if // And the last closing HTML tag OUTPUT_HTML(""); diff --git a/inc/functions.php b/inc/functions.php index 7a08291573..aae3aae26a 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -209,9 +209,10 @@ function LOAD_TEMPLATE($template, $return=false, $content="") { if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = 0; $REFID = $GLOBALS['refid']; + // DEPRECATED!!! if ($template == "member_support_form") { // Support request of a member - $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($sex, $surname, $family) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -222,7 +223,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") { $date_time = MAKE_DATETIME(time(), "1"); // Base directory - $BASE = PATH."templates/".GET_LANGUAGE()."/html/"; + $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE()); $MODE = ""; // Check for admin/guest/member templates @@ -342,7 +343,7 @@ function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") { ADD_MESSAGE_TO_BOX($TO, $SUBJECT, $MSG, $HTML); return; } else { - $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__); + $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__); list($TO) = SQL_FETCHROW($result_email); SQL_FREERESULT($result_email); } @@ -410,7 +411,7 @@ function SEND_RAW_EMAIL ($to, $subject, $msg, $from) { // get new instance $mail = new PHPMailer(); - $mail->PluginDir = PATH."inc/phpmailer/"; + $mail->PluginDir = sprintf("%sinc/phpmailer/", PATH); $mail->IsSMTP(); $mail->SMTPAuth = true; @@ -710,6 +711,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { $EXPIRATION = round($_CONFIG['auto_purge']/60/60/24)." "._DAYS; } + // DEPRECATED switch! switch ($template) { case "bonus-mail": // Load data for the bonus mail @@ -807,13 +809,13 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { if ($UID > 0) { if (EXT_IS_ACTIVE("nickname")) { // Load nickname - $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); list($surname, $family, $sex, $email, $nick) = SQL_FETCHROW($result); SQL_FREERESULT($result); } else { // Load normal data - $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); list($surname, $family, $sex, $email) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -832,7 +834,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { $DATA['email'] = $email; // Base directory - $BASE = PATH."templates/".GET_LANGUAGE()."/emails/"; + $BASE = sprintf("%stemplates/%s/emails/", PATH, GET_LANGUAGE()); // Check for admin/guest/member templates if (strpos($template, "admin_") > -1) { @@ -860,11 +862,10 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { if ((!@file_exists($file)) || (!is_readable($file))) { // Reset to default template $file = $BASE.$template.".tpl"; - } + } // END - if // Now does the final template exists? - if ((@file_exists($file)) && (is_readable($file))) - { + if ((@file_exists($file)) && (is_readable($file))) { // The local file does exists so we load it. :) $tmpl_file = @implode("", @file($file)); $tmpl_file = addslashes($tmpl_file); @@ -878,9 +879,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { // Replace HTML confirm chars $content = html_entity_decode($content); - } - elseif (!empty($template)) - { + } elseif (!empty($template)) { // Template file not found! $content = TEMPLATE_404.": ".$template."
".TEMPLATE_CONTENT." @@ -891,17 +890,16 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { // Debug mode not active? Then remove the HTML tags if (!DEBUG_MODE) $content = strip_tags($content); - } - else - { + } else { // No template name supplied! $content = NO_TEMPLATE_SUPPLIED; } + + // Return compiled content return COMPILE_CODE($content); } // -function MAKE_TIME($H, $M, $S, $stamp) -{ +function MAKE_TIME($H, $M, $S, $stamp) { // Extract day, month and year from given timestamp $DAY = date("d", $stamp); $MONTH = date("m", $stamp); @@ -1241,20 +1239,15 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") { return $return; } // Does only allow numbers -function bigintval($num, $castValue = true) -{ +function bigintval($num, $castValue = true) { // Filter all numbers out $ret = preg_replace("/[^0123456789]/", "", $num); - // Cast the value? - if ($castValue) $ret = (int) $ret; - // Return result return $ret; } // Insert the code in $img_code into jpeg or PNG image -function GENERATE_IMAGE($img_code, $header=true) -{ +function GENERATE_IMAGE($img_code, $header=true) { global $_CONFIG; if ((strlen($img_code) > 6) || (empty($img_code)) || ($_CONFIG['code_length'] == 0)) { @@ -1271,14 +1264,11 @@ function GENERATE_IMAGE($img_code, $header=true) { case "jpg": // Loads JPEG image - $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.jpg"; - if ((file_exists($img)) && (is_readable($img))) - { + $img = sprintf("%s/theme/%s/images/code_bg.jpg", PATH, GET_CURR_THEME()); + if ((file_exists($img)) && (is_readable($img))) { // Okay, load image and hide all errors $image = @imagecreatefromjpeg($img); - } - else - { + } else { // Exit function here return; } @@ -1286,14 +1276,11 @@ function GENERATE_IMAGE($img_code, $header=true) case "png": // Loads PNG image - $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.png"; - if ((file_exists($img)) && (is_readable($img))) - { + $img = sprintf("%s/theme/%s/images/code_bg.png", PATH, GET_CURR_THEME()); + if ((file_exists($img)) && (is_readable($img))) { // Okay, load image and hide all errors $image = @imagecreatefrompng($img); - } - else - { + } else { // Exit function here return; } @@ -1310,8 +1297,7 @@ function GENERATE_IMAGE($img_code, $header=true) header ("Content-Type: image/".$_CONFIG['img_type']); // Output image with matching image factory - switch ($_CONFIG['img_type']) - { + switch ($_CONFIG['img_type']) { case "jpg": imagejpeg($image); break; case "png": imagepng($image); break; } @@ -1916,6 +1902,14 @@ function generateHash ($plainText, $salt = "") { return $plainText; } // END - if + // Do we miss an arry element here? + if (!isset($_CONFIG['file_hash'])) { + // Stop here + print(__FUNCTION__.":
");
+		debug_print_backtrace();
+		die("
"); + } // END - if + // When the salt is empty build a new one, else use the first x configured characters as the salt if ($salt == "") { // Build server string @@ -1941,10 +1935,10 @@ function generateHash ($plainText, $salt = "") { // Generate the password salt string $salt = substr($sha1, 0, $_CONFIG['salt_length']); //* DEBUG: */ echo $salt." (".strlen($salt).")
"; - } - else - { + } else { + // Use given salt $salt = substr($salt, 0, $_CONFIG['salt_length']); + //* DEBUG: */ echo "GIVEN={$salt}
\n"; } // Return hash @@ -2070,7 +2064,7 @@ function ADD_URL_DATA($URL) // Add all together and return it return $URL.$ADD; } -// +// Generate an PGP-like encrypted hash of given hash for e.g. cookies function generatePassString($passHash) { global $_CONFIG; @@ -2095,10 +2089,11 @@ function generatePassString($passHash) { //* DEBUG: */ echo "*".$start."=".$mod."*
"; $start += 4; $newHash .= $mod; - } + } // END - for - //* DEBUG: */ die($passHash."
".$newHash." (".strlen($newHash).")"); + //* DEBUG: */ print($passHash."
".$newHash." (".strlen($newHash).")"); $ret = generateHash($newHash, $_CONFIG['master_salt']); + //* DEBUG: */ print($ret."
\n"); } else { // Hash it simple //* DEBUG: */ echo "--".$passHash."--
\n"; @@ -2191,6 +2186,9 @@ function set_session ($var, $value) { } elseif (!empty($value)) { // Update session $_SESSION[$var] = $value; + } else { + // Something bad happens! + return false; // Hope this doesn't make so much trouble??? } // Return always true if the session variable is already set. @@ -2236,7 +2234,27 @@ function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content="", $uid="0") SEND_ADMIN_EMAILS($subject, $msg); } } - +// Destroy user session +function destroy_user_session () { + // Remove all user data from session + return ((set_session("userid", "")) && (set_session("u_hash", "")) && (set_session("lifetime", ""))); +} +// Merges an array together but only if both are arrays +function merge_array ($array1, $array2) { + // Are both an array? + if ((is_array($array1)) && (is_array($array2))) { + // Merge all together + return array_merge($array1, $array2); + } elseif (is_array($array1)) { + // Return left array + return $array1; + } + + // Something wired happened here... + print(__FUNCTION__.":
");
+	debug_print_backtrace();
+	die("
"); +} // ////////////////////////////////////////////////// // // diff --git a/inc/gen_sql_patches.php b/inc/gen_sql_patches.php index 61eebc187f..5876e3d5fd 100644 --- a/inc/gen_sql_patches.php +++ b/inc/gen_sql_patches.php @@ -72,7 +72,7 @@ if (empty($_CONFIG['master_salt'])) { if (empty($_CONFIG['file_hash'])) { // Create filename from hashed random string $file_hash = generateHash(GEN_PASS(rand(128, 256))); - $file = PATH."inc/.secret/.".$file_hash; + $file = sprintf("%sinc/.secret/.%s", PATH, $file_hash); // File hash was never created $fp = @fopen($file, 'w') or mxchange_die("Cannot write secret key file!"); diff --git a/inc/header.php b/inc/header.php index 3e31030b38..cbb11da08d 100644 --- a/inc/header.php +++ b/inc/header.php @@ -116,7 +116,7 @@ if (($header != "1") && ($header != "2")) { } // END - if // Load body or not -if ((($GLOBALS['module'] != "frametester")) || (($header == "1") && ($GLOBALS['module'] == "frametester") && (!empty($_GET['frame']))) && ($CSS != "1")) { +if (((!$isFrameset) && ($GLOBALS['module'] != "frametester")) || (($GLOBALS['module'] == "frametester") && (isset($_GET['frame']))) || (($header == "1") && ($isFrameset) && (!empty($_GET['frame']))) && ($CSS != "1")) { // Is the header sent and the script is not the mail confirmation script and not a CSS? if (($header == "1") && (basename($_SERVER['PHP_SELF']) != "mailid.php") && ($CSS != "1")) { // Add BODY tag diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index b10cd3757c..8b017261f8 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -119,11 +119,11 @@ function ADMINS_CHECK_ACL($act, $wht) { if (!empty($act)) { // Main menu - $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' LIMIT 1", array(bigintval($aid), $act), __FILE__, __LINE__); } elseif (!empty($wht)) { // Sub menu - $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND what_menu='%s' LIMIT 1", array(bigintval($aid), $wht), __FILE__, __LINE__); } @@ -232,7 +232,7 @@ login='%s'".$ADD.", email='%s', default_acl='%s', la_mode='%s' -WHERE id=%d LIMIT 1", +WHERE id=%s LIMIT 1", array( $login, $POST['email'][$id], @@ -246,7 +246,7 @@ WHERE id=%d LIMIT 1", login='%s'".$ADD.", email='%s', la_mode='%s' -WHERE id=%d LIMIT 1", +WHERE id=%s LIMIT 1", array( $login, $POST['email'][$id], @@ -283,7 +283,7 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) { $id = bigintval($id); // Get the admin's data - $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); if ((SQL_NUMROWS($result) == 1) && ($sel == 1)) { // Entry found @@ -329,7 +329,7 @@ function ADMINS_DELETE_ADMIN_ACCOUNTS ($POST) { $id = bigintval($id); // Get the admin's data - $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Entry found @@ -374,7 +374,7 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) { array($id), __FILE__, __LINE__); // Remove account - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); $cacheInstance_UPDATE = "1"; diff --git a/inc/libs/autopurge_functions.php b/inc/libs/autopurge_functions.php index f6bd9f340b..62073918fc 100644 --- a/inc/libs/autopurge_functions.php +++ b/inc/libs/autopurge_functions.php @@ -42,7 +42,7 @@ function AUTOPURGE_ADD_POINTS($uid, $points) { global $jackpot; // Check if he has locked points or not - $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); list($payout) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -67,7 +67,7 @@ function AUTOPURGE_ADD_POINTS($uid, $points) else { // .. to user's account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=0 LIMIT 1", array($target, $target, $points, bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well diff --git a/inc/libs/bonus_functions.php b/inc/libs/bonus_functions.php index ebd186a483..266866130f 100644 --- a/inc/libs/bonus_functions.php +++ b/inc/libs/bonus_functions.php @@ -50,13 +50,13 @@ function BONUS_ADD_TURBO_POINTS($mid, $uid, $type) switch ($type) { case "bonusid": - $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1", array($mid), __FILE__, __LINE__); $bonus = $mid; $mail = "0"; break; case "mailid" : - $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1", array($mid), __FILE__, __LINE__); $bonus = "0"; $mail = $mid; break; @@ -88,7 +88,7 @@ function BONUS_ADD_TURBO_POINTS($mid, $uid, $type) } // Add points to his account directly - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=turbo_bonus+".$points." WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=turbo_bonus+".$points." WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); // Rember this whole data for displaying ranking list @@ -107,7 +107,7 @@ function BONUS_MAKE_RANK_ROWS($data, $type, $uid) $ranks = sizeof(explode(";", $_CONFIG['bonus_rates'])) + 1; // Load current user's data - $result = SQL_QUERY_ESC("SELECT level, points, timemark FROM "._MYSQL_PREFIX."_bonus_turbo WHERE %s=%s AND userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT level, points, timemark FROM "._MYSQL_PREFIX."_bonus_turbo WHERE %s=%s AND userid=%s LIMIT 1", array($type, $data, $uid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -213,15 +213,7 @@ function BONUS_POINTS_HANDLER($MODE) if ($TOTAL >= $points) { // Subtract points from userid's account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array(bigintval($points), bigintval($_CONFIG['bonus_uid'])), __FILE__, __LINE__); - - // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { - // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points); - } + SUB_POINTS($_CONFIG['bonus_uid'], $points); } } break; @@ -232,15 +224,7 @@ function BONUS_POINTS_HANDLER($MODE) if ($TOTAL >= $points) { // Subtract points from userid's account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array(bigintval($points), bigintval($_CONFIG['bonus_uid'])), __FILE__, __LINE__); - - // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { - // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points); - } + SUB_POINTS($_CONFIG['bonus_uid'], $points); } else { diff --git a/inc/libs/country_functions.php b/inc/libs/country_functions.php index 30b39fae75..be8658bd2a 100644 --- a/inc/libs/country_functions.php +++ b/inc/libs/country_functions.php @@ -40,7 +40,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) // function COUNTRY_GENERATE_INFO($ID) { - $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%s LIMIT 1", array(bigintval($ID)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { diff --git a/inc/libs/holiday_functions.php b/inc/libs/holiday_functions.php index 49ab3b2be6..f013ebeb21 100644 --- a/inc/libs/holiday_functions.php +++ b/inc/libs/holiday_functions.php @@ -52,13 +52,13 @@ ORDER BY userid", __FILE__, __LINE__); while (list($uid, $start, $end, $comments) = SQL_FETCHROW($result_stop)) { // Stop holiday - $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays WHERE userid=%d LIMIT 1", + $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); // Unlock account $result_del = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET holiday_active='N', holiday_activated='0' -WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); // Prepare array $content = array( diff --git a/inc/libs/nickname_functions.php b/inc/libs/nickname_functions.php index dbaee3b66e..899d98b6fe 100644 --- a/inc/libs/nickname_functions.php +++ b/inc/libs/nickname_functions.php @@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) function NICKNAME_IS_ACTIVE($uidNick) { $ret = false; - $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%d AND userid > 0) OR nickname='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%s AND userid > 0) OR nickname='%s' LIMIT 1", array(bigintval($uidNick), $uidNick), __FILE__, __LINE__); // Check existence of nickname @@ -60,7 +60,7 @@ function NICKNAME_GET_NICK($userid) $ret = ""; // Search for non-empty nickname - $result = SQL_QUERY_ESC("SELECT nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND nickname != '' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND nickname != '' LIMIT 1", array(bigintval($userid)), __FILE__, __LINE__); // Found? diff --git a/inc/libs/output_functions.php b/inc/libs/output_functions.php index 9b5be75732..c439128434 100644 --- a/inc/libs/output_functions.php +++ b/inc/libs/output_functions.php @@ -78,15 +78,14 @@ function get_template ($template, $return=false, $content="") if ($template == "member_support_form") { // Support request of a member - $ID = bigintval($GLOBALS['userid']); - $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($sex, $surname, $family) = SQL_FETCHROW($result); SQL_FREERESULT($result); $salut = TRANSLATE_SEX($sex); } // Base directory - $BASE = PATH."templates/".GET_LANGUAGE()."/html/"; + $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE()); $MODE = ""; // Check for admin/guest/member templates @@ -118,13 +117,13 @@ function get_template ($template, $return=false, $content="") // Remove variable from memory unset($file2); - } + } // END - if // Does the special template exists? if ((!file_exists($file)) || (!is_readable($file))) { // Reset to default template - $file = PATH."templates/".GET_LANGUAGE()."/html/".$template.".tpl"; - } + $file = sprintf("%stemplates/%s/html/%s.tpl", PATH, GET_LANGUAGE(), $template); + } // END - if // Now does the final template exists? if ((file_exists($file)) && (is_readable($file))) { diff --git a/inc/libs/rallye_functions.php b/inc/libs/rallye_functions.php index 2a4f228c1f..ad8d6c5f15 100644 --- a/inc/libs/rallye_functions.php +++ b/inc/libs/rallye_functions.php @@ -49,7 +49,7 @@ function RALLYE_AUTOSTART_RALLYES($result) SQL_FREERESULT($result); // Set notified to Y - $result_notified = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET notified='Y' WHERE id=%d LIMIT 1", + $result_notified = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET notified='Y' WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); // Do a snapshot off all user refs @@ -97,7 +97,7 @@ function RALLYE_AUTOSTART_RALLYES($result) if (empty($cnt)) $cnt = "0"; // Added prevent some unknown troubles... :-? // Check if line is already included... - $result_ref = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d AND userid=%d LIMIT 1", + $result_ref = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s AND userid=%s LIMIT 1", array(bigintval($id), bigintval($uid)), __FILE__, __LINE__); if (SQL_NUMROWS($result_ref) == 0) { @@ -109,7 +109,7 @@ function RALLYE_AUTOSTART_RALLYES($result) FROM "._MYSQL_PREFIX."_user_points AS p LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON p.userid=d.userid -WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d", +WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%s", array($_CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__); list($cpoints) = SQL_FETCHROW($result_ref); SQL_FREERESULT($result_ref); @@ -197,7 +197,7 @@ function RALLYE_ADD_TOPUSERS($rallye,$default=0) $since = (time() - $_CONFIG['ap_in_since']); // First check how many prices are set - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level", array(bigintval($rallye)), __FILE__, __LINE__); $prices = SQL_NUMROWS($result); SQL_FREERESULT($result); @@ -206,7 +206,7 @@ function RALLYE_ADD_TOPUSERS($rallye,$default=0) $result = SQL_QUERY_ESC("SELECT DISTINCT u.userid, u.refs, u.curr_points FROM "._MYSQL_PREFIX."_rallye_users AS u LEFT JOIN "._MYSQL_PREFIX."_refsystem AS r ON u.userid=r.userid -WHERE u.rallye_id=%d AND r.counter > 0 ORDER BY u.refs DESC", +WHERE u.rallye_id=%s AND r.counter > 0 ORDER BY u.refs DESC", array(bigintval($rallye)), __FILE__, __LINE__); // Load users @@ -225,7 +225,7 @@ WHERE u.rallye_id=%d AND r.counter > 0 ORDER BY u.refs DESC", $result_ref = SQL_QUERY_ESC("SELECT DISTINCT p.points FROM "._MYSQL_PREFIX."_user_points AS p LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON p.userid=d.userid -WHERE d.userid=%d AND d.status='CONFIRMED' AND p.ref_depth=1 AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s +WHERE d.userid=%s AND d.status='CONFIRMED' AND p.ref_depth=1 AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s LIMIT 1", array(bigintval($uid), $_CONFIG['ref_payout'], $since), __FILE__, __LINE__); list($refpoints) = SQL_FETCHROW($result_ref); SQL_FREERESULT($result_ref); @@ -293,7 +293,7 @@ function RALLYE_AUTOADD_USER($uid) SQL_FREERESULT($result); // Check if line is already included... - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d AND userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s AND userid=%s LIMIT 1", array(bigintval($id), bigintval($uid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { @@ -359,7 +359,7 @@ function RALLYE_EXPIRE_RALLYES($result) // active = 0: account is deleted or locked $result = SQL_QUERY_ESC("SELECT COUNT(userid) AS active FROM "._MYSQL_PREFIX."_user_data -WHERE userid=%d AND status='CONFIRMED' AND last_online >= %s +WHERE userid=%s AND status='CONFIRMED' AND last_online >= %s LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__); list($active) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -380,7 +380,7 @@ LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__); } // Expire rallye - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET expired='Y' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET expired='Y' WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); // Run array through (by uid is the most important 2nd-level-array) @@ -398,7 +398,7 @@ LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__); if ($DATA['points'] > 0) { // Add points directly to user's account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1", array($DATA['points'], bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well @@ -503,7 +503,7 @@ function RALLYE_LOAD_PRICES_ARRAY($rallye) ); // Load prices - $result = SQL_QUERY_ESC("SELECT price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level", + $result = SQL_QUERY_ESC("SELECT price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level", array(bigintval($rallye)), __FILE__, __LINE__); while(list($level, $points, $info) = SQL_FETCHROW($result)) { @@ -534,7 +534,7 @@ function RALLYE_LOAD_USERS_ARRAY($rallye) ); // Load users uid old points earned - $result_user = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d ORDER BY userid", + $result_user = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s ORDER BY userid", array(bigintval($rallye)), __FILE__, __LINE__); while(list($uid, $refs, $cpoints) = SQL_FETCHROW($result_user)) { @@ -546,7 +546,7 @@ function RALLYE_LOAD_USERS_ARRAY($rallye) FROM "._MYSQL_PREFIX."_user_points AS p LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON p.userid=d.userid -WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d", +WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%s", array($_CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__); list($refpoints) = SQL_FETCHROW($result_ref); SQL_FREERESULT($result_ref); @@ -585,7 +585,7 @@ WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p function RALLYE_LIST_WINNERS($rallye,$default=0) { // First check how many prices are set - $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level", + $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level", array(bigintval($rallye)), __FILE__, __LINE__); $prices = SQL_NUMROWS($result_prices); SQL_FREERESULT($result_prices); @@ -601,7 +601,7 @@ function RALLYE_LIST_WINNERS($rallye,$default=0) // Check status // active = 1: account is still confirmed // active = 0: account is deleted or locked - $result_active = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result_active = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($DATA['uid'][$idx])), __FILE__, __LINE__); list($active) = SQL_FETCHROW($result_active); SQL_FREERESULT($result_active); @@ -676,11 +676,11 @@ function RALLYE_DELETE_EXPIRED_RALLYES() SEND_ADMIN_NOTIFICATION(RALLYE_ADMIN_PURGED.": ".$title, "admin_rallye_purged", "", 0); // Purge whole rallye - $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1", + $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); - $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d LIMIT 1", + $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); - $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d LIMIT 1", + $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } @@ -698,7 +698,7 @@ function RALLYE_TEMPLATE_SELECTION($name="template", $default="") { // Check templates directory $OUT = ""; $ral = array(); - $BASE = PATH."templates/".GET_LANGUAGE()."/html"; + $BASE = sprintf("%stemplates/%s/html", PATH, GET_LANGUAGE()); $dir = opendir($BASE); while ($read = readdir($dir)) { @@ -793,7 +793,7 @@ function RALLYE_GET_REFCOUNT($uid, $old=0) FROM "._MYSQL_PREFIX."_refsystem AS s LEFT JOIN "._MYSQL_PREFIX."_refdepths AS d ON s.level=d.level -WHERE s.userid=%d AND s.level=0", array(bigintval($uid)), __FILE__, __LINE__); +WHERE s.userid=%s AND s.level=0", array(bigintval($uid)), __FILE__, __LINE__); list($cnt) = SQL_FETCHROW($result_ref); SQL_FREERESULT($result_ref); if (empty($cnt)) diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php index d76263196e..019eac79ff 100644 --- a/inc/libs/sponsor_functions.php +++ b/inc/libs/sponsor_functions.php @@ -421,15 +421,12 @@ ORDER BY sort", array($action), __FILE__, __LINE__); function GENERATE_SPONSOR_CONTENT($what) { global $HTTP_POST_VARS, $_GET, $CONFIG; - $FILE = PATH."inc/modules/sponsor/".$what.".php"; $OUT = ""; - if (@file_exists($FILE)) - { + $FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what); + if ((file_exists($FILE)) && (is_readable($FILE))) { // Every sponsor action will output nothing directly. It will be written into $OUT! require_once($FILE); - } - else - { + } else { // File not found! $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2); } diff --git a/inc/libs/surfbar_functions.php b/inc/libs/surfbar_functions.php index 8cd6082367..5af00ce901 100644 --- a/inc/libs/surfbar_functions.php +++ b/inc/libs/surfbar_functions.php @@ -38,7 +38,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { } // Admin has added an URL with given user id -function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward) { +function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward, $paymentId) { // Is this really an admin? if (!IS_ADMIN()) { // Then leave here @@ -52,7 +52,7 @@ function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward) { } // END - if // Register the new URL - return SURFBAR_REGISTER_URL($url, $uid, $reward, "CONFIRMED", "unlock"); + return SURFBAR_REGISTER_URL($url, $uid, $reward, $paymentId, "CONFIRMED", "unlock"); } // Looks up by an URL function SURFBAR_LOOKUP_BY_URL ($url) { @@ -104,7 +104,7 @@ ORDER BY %s %s", return $lastUrlData; } // Registers an URL with the surfbar. You should have called SURFBAR_LOOKUP_BY_URL() first! -function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode="reg") { +function SURFBAR_REGISTER_URL ($url, $uid, $reward, $paymentId, $status="PENDING", $addMode="reg") { global $_CONFIG; // Make sure by the user registered URLs are always pending @@ -116,6 +116,7 @@ function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode= 'frametester' => FRAMETESTER($url), 'uid' => $uid, 'reward' => $reward, + 'payment_id' => $paymentId, 'status' => $status ); @@ -141,11 +142,12 @@ function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode= // Inserts an url by given data array and return the insert id function SURFBAR_INSERT_URL_BY_ARRAY ($urlData) { // Just run the insert query for now - SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid, url, reward, status) VALUES(%s, '%s', %s, '%s')", + SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid, url, reward, payment_id, status) VALUES(%s, '%s', %s, %s, '%s')", array( bigintval($urlData['uid']), - bigintval($urlData['url']), + $urlData['url'], (float)$urlData['reward'], + bigintval($urlData['payment_id']), $urlData['status'] ), __FILE__, __LINE__ ); @@ -201,5 +203,281 @@ function SURFBAR_TRANSLATE_STATUS ($status) { // Return result return $statusTranslated; } +// Determine right template name +function SURFBAR_DETERMINE_TEMPLATE_NAME() { + // Default is the frameset + $templateName = "surfbar_frameset"; + + // Any frame set? ;-) + if (isset($_GET['frame'])) { + // Use the frame as a template name part... ;-) + $templateName = sprintf("surfbar_frame_%s", + SQL_ESCAPE($_GET['frame']) + ); + } // END - if + + // Return result + return $templateName; +} +// Check if the "reload lock" of the current user is full +function SURFBAR_CHECK_RELOAD_FULL() { + global $SURFBAR_DATA, $_CONFIG; + + // Default is full! + $isFull = true; + + // Do we have static or dynamic mode? + if ($_CONFIG['surfbar_pay_model'] == "STATIC") { + // Cache static reload lock + $SURFBAR_DATA['surf_lock'] = $_CONFIG['surfbar_static_lock']; + + // Ask the database + $result = SQL_QUERY_ESC("SELECT COUNT(id) AS cnt FROM "._MYSQL_PREFIX."_surfbar_locks +WHERE userid=%s AND (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") < UNIX_TIMESTAMP(last_surfed) +LIMIT 1", + array($GLOBALS['userid']), __FILE__, __LINE__ + ); + + // Fetch row + list($SURFBAR_DATA['user_locks']) = SQL_FETCHROW($result); + + // Is it null? + if (is_null($SURFBAR_DATA['user_locks'])) { + // Then fix it to zero! + $SURFBAR_DATA['user_locks'] = 0; + } // END - if + + // Free result + SQL_FREERESULT($result); + + // Get total URLs + $total = SURFBAR_GET_TOTAL_URLS(); + + // Do we have some URLs in lock? Admins can always surf on own URLs! + $isFull = (($SURFBAR_DATA['user_locks'] == $total) && ($total > 0)); + } else { + // Dynamic model... + die("DYNAMIC not yet implemented!"); + } + + // Return result + return $isFull; +} +// Get total amount of URLs of given status for current user or of CONFIRMED URLs by default +function SURFBAR_GET_TOTAL_URLS ($status="CONFIRMED") { + // Get amount from database + $result = SQL_QUERY_ESC("SELECT COUNT(id) AS cnt +FROM "._MYSQL_PREFIX."_surfbar_urls +WHERE userid != %d AND status='%s'", + array($GLOBALS['userid'], $status), __FILE__, __LINE__ + ); + + // Fetch row + list($cnt) = SQL_FETCHROW($result); + + // Free result + SQL_FREERESULT($result); + + // Return result + return $cnt; +} +// Generate a validation code for the given id number +function SURFBAR_GENERATE_VALIDATION_CODE ($id, $salt="") { + global $_CONFIG, $SURFBAR_DATA; + + // Generate a code until the length matches + $valCode = ""; + while (strlen($valCode) != $_CONFIG['code_length']) { + // Is the salt set? + if (empty($salt)) { + // Generate random hashed string + $SURFBAR_DATA['salt'] = sha1(GEN_PASS(255)); + } else { + // Use this as salt! + $SURFBAR_DATA['salt'] = $salt; + } + //* DEBUG: */ echo "*".$SURFBAR_DATA['salt']."*
\n"; + + // ... and now the validation code + $valCode = GEN_RANDOM_CODE($_CONFIG['code_length'], sha1(SURFBAR_GET_DATA('salt').":".$id), $GLOBALS['userid']); + //* DEBUG: */ echo "valCode={$valCode}
\n"; + } // END - while + + // Hash it with md5() and salt it with the random string + $hashedCode = generateHash(md5($valCode), SURFBAR_GET_DATA('salt')); + + // Finally encrypt it PGP-like and return it + return generatePassString($hashedCode); +} +// Check validation code +function SURFBAR_CHECK_VALIDATION_CODE ($id, $check, $salt) { + global $SURFBAR_DATA; + + // Secure id number + $id = bigintval($id); + + // Now generate the code again + $code = SURFBAR_GENERATE_VALIDATION_CODE($id, $salt); + + // Return result of checking hashes and salts + //* DEBUG: */ echo "--- ".$code."
\n--- ".$check."
\n"; + //* DEBUG: */ echo "+++ ".$salt."
\n+++ ".SURFBAR_GET_DATA('last_salt')."
\n"; + return (($code == $check) && ($salt == SURFBAR_GET_DATA('last_salt'))); +} +// Lockdown the userid/id combination (reload lock) +function SURFBAR_LOCKDOWN_ID ($id) { + // Just add it to the database + SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_locks (userid, url_id) VALUES(%s, %s)", + array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__); +} +// Pay points to the user and remove it from the sender +function SURFBAR_PAY_POINTS ($id) { + global $SURFBAR_DATA, $_CONFIG; + + // Re-configure ref-system to surfbar levels + $_CONFIG['db_percents'] = "percent"; + $_CONFIG['db_table'] = "surfbar_reflevels"; + + // Book it to the user + ADD_POINTS_REFSYSTEM($GLOBALS['userid'], $SURFBAR_DATA['reward']); + + // Remove it from the URL owner + SUB_POINTS($SURFBAR_DATA['userid'], $SURFBAR_DATA['reward']); +} +// Update the salt for validation +function SURFBAR_UPDATE_SALT() { + global $SURFBAR_DATA; + + // Simply store the salt from cache away in database... + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_surfbar_urls SET last_salt='%s', views_total=views_total+1 WHERE id=%s LIMIT 1", + array(SURFBAR_GET_DATA('salt'), SURFBAR_GET_DATA('id')), __FILE__, __LINE__); + + // Return if the update was okay + return (SQL_AFFECTEDROWS() == 1); +} +// Determine next id for surfbar view, always call this before you call other +// getters below this function!!! +function SURFBAR_GET_NEXT_ID ($id = 0) { + global $SURFBAR_DATA, $_CONFIG; + + // Default is no id! + $nextId = 0; + + // Is the ID set? + if ($id == 0) { + // Set max random factor to total URLs minus 1 + $maxRand = SURFBAR_GET_TOTAL_URLS() - 1; + + // Generate random number + $randNum = mt_rand(0, $maxRand); + + // And query the database + $result = SQL_QUERY_ESC("SELECT sb.id, sb.userid, sb.url, sb.last_salt, sb.reward, sb.views_total, p.time, UNIX_TIMESTAMP(l.last_surfed) AS last_surfed +FROM "._MYSQL_PREFIX."_surfbar_urls AS sb +LEFT JOIN "._MYSQL_PREFIX."_payments AS p +ON sb.payment_id=p.id +LEFT JOIN "._MYSQL_PREFIX."_surfbar_locks AS l +ON sb.id=l.url_id +WHERE sb.userid != %d AND sb.status='CONFIRMED' AND (l.last_surfed IS NULL OR (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") >= UNIX_TIMESTAMP(l.last_surfed)) +ORDER BY l.last_surfed DESC, sb.last_salt ASC, sb.id ASC +LIMIT %d,1", + array($GLOBALS['userid'], $randNum), __FILE__, __LINE__ + ); + } else { + // Get data from specified id number + $result = SQL_QUERY_ESC("SELECT sb.id, sb.userid, sb.url, sb.last_salt, sb.reward, sb.views_total, p.time +FROM "._MYSQL_PREFIX."_surfbar_urls AS sb +LEFT JOIN "._MYSQL_PREFIX."_payments AS p +ON sb.payment_id=p.id +WHERE sb.userid != %s AND sb.status='CONFIRMED' AND sb.id=%s +LIMIT 1", + array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__ + ); + } + + // Is there an id number? + if (SQL_NUMROWS($result) == 1) { + // Load/cache data + //* DEBUG: */ echo "*".count($SURFBAR_DATA)."*
\n"; + $SURFBAR_DATA = merge_array($SURFBAR_DATA, SQL_FETCHARRAY($result)); + //* DEBUG: */ echo "*".count($SURFBAR_DATA)."*
\n"; + + // Is the time there? + if (is_null($SURFBAR_DATA['time'])) { + // Then repair it wit the static! + $SURFBAR_DATA['time'] = $_CONFIG['surfbar_static_time']; + } // END - if + + // Fix missing last_surfed + if ((!isset($SURFBAR_DATA['last_surfed'])) || (is_null($SURFBAR_DATA['last_surfed']))) { + // Fix it here + $SURFBAR_DATA['last_surfed'] = "0"; + } // END - if + + // Are we in static mode? + if ($_CONFIG['surfbar_pay_model'] == "STATIC") { + // Then use static reward! + $SURFBAR_DATA['reward'] = $_CONFIG['surfbar_static_reward']; + } else { + // Calculate dynamic reward and add it + $SURFBAR_DATA['reward'] += SURFBAR_CALCULATE_DYNAMIC_REWARD_ADD(); + } + + // Now get the id + $nextId = SURFBAR_GET_DATA('id'); + } // END - if + + // Free result + SQL_FREERESULT($result); + + // Return result + //* DEBUG: */ echo "nextId={$nextId}
\n"; + return $nextId; +} +// ---------------------------------------------------------------------------- +// PLEASE DO NOT ADD ANY OTHER FUNCTIONS BELOW THIS LINE ELSE THEY "WRAP" THE +// $SURFBAR_DATA ARRAY! +// ---------------------------------------------------------------------------- +// Private getter for data elements +function SURFBAR_GET_DATA ($element) { + global $SURFBAR_DATA; + + // Default is null + $data = null; + + // Is the entry there? + if (isset($SURFBAR_DATA[$element])) { + // Then take it + $data = $SURFBAR_DATA[$element]; + } else { // END - if + print("
");
+		print_r($SURFBAR_DATA);
+		debug_print_backtrace();
+		die("
"); + } + + // Return result + return $data; +} +// Getter for reward from cache +function SURFBAR_GET_REWARD () { + // Get data element and return its contents + return SURFBAR_GET_DATA('reward'); +} +// Getter for URL from cache +function SURFBAR_GET_URL () { + // Get data element and return its contents + return SURFBAR_GET_DATA('url'); +} +// Getter for user reload locks +function SURFBAR_GET_USER_RELOAD_LOCK () { + // Get data element and return its contents + return SURFBAR_GET_DATA('user_locks'); +} +// Getter for reload time +function SURFBAR_GET_RELOAD_TIME () { + // Get data element and return its contents + return SURFBAR_GET_DATA('time'); +} // ?> diff --git a/inc/load_cache.php b/inc/load_cache.php index cdad73540e..bf4b34326b 100644 --- a/inc/load_cache.php +++ b/inc/load_cache.php @@ -145,25 +145,26 @@ if ($cacheInstance->cache_file("mod_reg", true) == true) { unset($cacheArray['modules']); } else { // Rewrite module cache - $MOD = $cacheArray['modules']; - foreach ($cacheArray['modules']['module'] as $key=>$mod) { - $cacheArray['modules']['id'][$mod] = $cacheArray['modules']['id'][$key]; + $modArray = $cacheArray['modules']; + foreach ($modArray['module'] as $key=>$mod) { + $cacheArray['modules']['id'][$mod] = $modArray['id'][$key]; unset($cacheArray['modules']['id'][$key]); - $cacheArray['modules']['title'][$mod] = $cacheArray['modules']['title'][$key]; + $cacheArray['modules']['title'][$mod] = $modArray['title'][$key]; unset($cacheArray['modules']['title'][$key]); - $cacheArray['modules']['locked'][$mod] = $cacheArray['modules']['locked'][$key]; + $cacheArray['modules']['locked'][$mod] = $modArray['locked'][$key]; unset($cacheArray['modules']['locked'][$key]); - $cacheArray['modules']['hidden'][$mod] = $cacheArray['modules']['hidden'][$key]; + $cacheArray['modules']['hidden'][$mod] = $modArray['hidden'][$key]; unset($cacheArray['modules']['hidden'][$key]); - $cacheArray['modules']['admin_only'][$mod] = $cacheArray['modules']['admin_only'][$key]; + $cacheArray['modules']['admin_only'][$mod] = $modArray['admin_only'][$key]; unset($cacheArray['modules']['admin_only'][$key]); - $cacheArray['modules']['mem_only'][$mod] = $cacheArray['modules']['mem_only'][$key]; + $cacheArray['modules']['mem_only'][$mod] = $modArray['mem_only'][$key]; unset($cacheArray['modules']['mem_only'][$key]); if (isset($cacheArray['modules']['has_menu'][$key])) { - $cacheArray['modules']['has_menu'][$mod] = $cacheArray['modules']['has_menu'][$key]; + $cacheArray['modules']['has_menu'][$mod] = $modArray['has_menu'][$key]; unset($cacheArray['modules']['has_menu'][$key]); } // END - if } + unset($modArray); } } elseif (($_CONFIG['cache_modreg'] == "Y") && ($CSS != "1") && ($CSS != "-1")) { // Create cache file here @@ -208,6 +209,7 @@ if ($cacheInstance->cache_file("config", true) == true) { // Overwrite the config with the cache version $cacheArray['config'] = $newCache; + unset($newCache); // When there is a period (.) in the result this test will fail and so the cache file is // damaged/corrupted diff --git a/inc/mails/beg_mails.php b/inc/mails/beg_mails.php index ce4573232a..44991df0be 100644 --- a/inc/mails/beg_mails.php +++ b/inc/mails/beg_mails.php @@ -123,7 +123,7 @@ if (!empty($SQL)) { // Update account $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data -SET beg_ral_notify='%s', beg_ral_%s_notify='%s' WHERE userid=%d LIMIT 1", +SET beg_ral_notify='%s', beg_ral_%s_notify='%s' WHERE userid=%s LIMIT 1", array(time(), $MODE, time(), $uid), __FILE__, __LINE__); // Load email template and send it to the user! diff --git a/inc/mails/birthday_mails.php b/inc/mails/birthday_mails.php index d0faabfc5e..0d3e2ef4a2 100644 --- a/inc/mails/birthday_mails.php +++ b/inc/mails/birthday_mails.php @@ -62,7 +62,7 @@ if (($_CONFIG['birthday_active']) && (EXT_IS_ACTIVE("autopurge")) && ($_CONFIG[' // Only confirmed members shall receive birthday mails... $result_birthday = SQL_QUERY_ESC("SELECT userid, email, birth_year FROM "._MYSQL_PREFIX."_user_data -WHERE status='CONFIRMED' AND birth_day=%d AND birth_month=%d AND birthday_sent < ".(time() - (ONE_DAY*364)).$ADD." +WHERE status='CONFIRMED' AND birth_day=%s AND birth_month=%s AND birthday_sent < ".(time() - (ONE_DAY*364)).$ADD." ORDER BY userid", array($DAY, $MONTH, $VALUE), __FILE__, __LINE__); @@ -108,7 +108,7 @@ if (SQL_NUMROWS($result_birthday) > 0) SEND_EMAIL($email, HAPPY_BIRTHDAY, $msg); // Remember him that he has received a birthday mail - $result_bd = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET birthday_sent=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1", + $result_bd = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET birthday_sent=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); } diff --git a/inc/mails/bonus_mails.php b/inc/mails/bonus_mails.php index 198419d4d8..43a382dbea 100644 --- a/inc/mails/bonus_mails.php +++ b/inc/mails/bonus_mails.php @@ -108,7 +108,7 @@ if (!empty($SQL)) { // Update account $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data -SET bonus_ral_notify='%s', bonus_ral_%s_notify='%s' WHERE userid=%d LIMIT 1", +SET bonus_ral_notify='%s', bonus_ral_%s_notify='%s' WHERE userid=%s LIMIT 1", array(time(), $MODE, time(), $uid), __FILE__, __LINE__); // Load email template and send it to the user! diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 458f1bcdae..604abdf9b4 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -310,13 +310,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Load logout template if (isset($_GET['register'])) { // Secure input - $register = secureString(SQL_ESCAPE($_GET['register'])); + $register = SQL_ESCAPE($_GET['register']); // Special logout redirect for installation of given extension LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register)); } elseif (isset($_GET['remove'])) { // Secure input - $remove = secureString(SQL_ESCAPE($_GET['remove'])); + $remove = SQL_ESCAPE($_GET['remove']); // Special logout redirect for removal of given extension LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove)); diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 0a5b93e134..7ef2e0aa55 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -666,17 +666,18 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con } // function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") { + // Open the requested menu directory + $handle = opendir(sprintf("%sinc/modules/%s/", PATH, $menu)) or mxchange_die("Cannot load menu ".$menu."!"); + // Init the selection box $OUT = "\n"; @@ -756,7 +757,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { // Should always be 1 ;-) if ($selected == 1) { // Determine new status - $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1", array($row, $table, $idRow, $id), __FILE__, __LINE__); // Row found? @@ -766,7 +767,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { if ($currStatus == "Y") $newStatus='N'; else $newStatus = "Y"; // Change this status - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%d LIMIT 1", + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%s LIMIT 1", array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__); // Count up affected rows diff --git a/inc/modules/admin/overview-inc.php b/inc/modules/admin/overview-inc.php index 7f0f3416ba..6fdcafcf56 100644 --- a/inc/modules/admin/overview-inc.php +++ b/inc/modules/admin/overview-inc.php @@ -173,7 +173,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { // Assign / do tasks $OUT = ""; $SW = 2; foreach ($_POST['task'] as $id=>$sel) { - $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1", + $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1", array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__); if (SQL_NUMROWS($result_task) == 1) { // Task is valid... @@ -182,7 +182,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { if ($aid == "0") { // Assgin current admin to unassgigned task - $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%d LIMIT 1", + $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%s LIMIT 1", array(GET_ADMIN_ID(get_session('admin_login')), bigintval($tid)), __FILE__, __LINE__); } @@ -194,7 +194,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { } if ($uid > 0) { - $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); if (SQL_NUMROWS($result_user) == 1) { @@ -292,7 +292,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { // Close task but not already closes or deleted or update tasks if (($status != "CLOSED") && ($status != "DELETED") && ($type != "EXTENSION_UPDATE")) { - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1", array(bigintval($tid)), __FILE__, __LINE__); } } @@ -304,7 +304,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { // Close task if (($status != "CLOSED") && ($status != "DELETED")) { - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1", array(bigintval($tid)), __FILE__, __LINE__); } break; @@ -322,7 +322,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { if (EXT_IS_ACTIVE("payout")) { // Extension is installed so let him send a notification to the user - $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%d AND payout_timestamp=%d LIMIT 1", + $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%s AND payout_timestamp=%s LIMIT 1", array(bigintval($uid), bigintval($created)), __FILE__, __LINE__); list($pid) = SQL_FETCHROW($result_pay); SQL_FREERESULT($result_pay); @@ -353,7 +353,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { if (EXT_IS_ACTIVE("wernis")) { // Extension is installed so let him send a notification to the user - $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%d AND wernis_timestamp=%d LIMIT 1", + $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%s AND wernis_timestamp=%s LIMIT 1", array(bigintval($uid), bigintval($created)), __FILE__, __LINE__); list($pid) = SQL_FETCHROW($result_pay); SQL_FREERESULT($result_pay); @@ -385,7 +385,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { break; case "NL_UNSUBSCRIBE": // Newsletter unsubscriptions - $result = SQL_QUERY_ESC("SELECT nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); list($span) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -431,7 +431,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { // Unassign from tasks foreach ($_POST['task'] as $id=>$sel) { - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%s AND assigned_admin='%s' LIMIT 1", array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__); } } @@ -440,7 +440,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { // Delete tasks foreach ($_POST['task'] as $id=>$sel) { - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1", array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__); } } diff --git a/inc/modules/admin/what-add_points.php b/inc/modules/admin/what-add_points.php index a71bb71c18..0d9ea9651d 100644 --- a/inc/modules/admin/what-add_points.php +++ b/inc/modules/admin/what-add_points.php @@ -54,7 +54,7 @@ if ($_GET['u_id'] == "all") while (list($uid) = SQL_FETCHROW($result_main)) { // User ID found in URL so we use this give him some credits - $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -65,7 +65,7 @@ if ($_GET['u_id'] == "all") if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { // Ok, add points and send an email to him... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1", array($_POST['points'], bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well @@ -97,7 +97,7 @@ if ($_GET['u_id'] == "all") elseif (!empty($_GET['u_id'])) { // User ID found in URL so we use this give him some credits - $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -108,7 +108,7 @@ if ($_GET['u_id'] == "all") if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { // Ok, add points and send an email to him... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1", array($_POST['points'], bigintval($_GET['u_id'])), __FILE__, __LINE__); // Remember points in constant diff --git a/inc/modules/admin/what-adminedit.php b/inc/modules/admin/what-adminedit.php index 4b4970f406..18f9414b77 100644 --- a/inc/modules/admin/what-adminedit.php +++ b/inc/modules/admin/what-adminedit.php @@ -68,7 +68,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ($confirm == 1) { $cnt++; - $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -117,7 +117,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ($confirm == 1) { $cnt++; - $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -169,7 +169,7 @@ title='%s', action='%s', what='%s', descr='%s' -WHERE ".$AND." AND id=%d LIMIT 1", +WHERE ".$AND." AND id=%s LIMIT 1", array( $menu, $_POST['sel_action'][$sel], @@ -184,7 +184,7 @@ WHERE ".$AND." AND id=%d LIMIT 1", case "del": // Delete menu foreach ($_POST['sel'] as $sel=>$menu) { - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); } LOAD_TEMPLATE("admin_data_saved"); @@ -229,9 +229,9 @@ WHERE ".$AND." AND id=%d LIMIT 1", if ((!empty($tid)) && (!empty($fid))) { // Sort menu - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__); - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__); } } diff --git a/inc/modules/admin/what-admins_contct.php b/inc/modules/admin/what-admins_contct.php index 16bdb4ce12..31d92eaf70 100644 --- a/inc/modules/admin/what-admins_contct.php +++ b/inc/modules/admin/what-admins_contct.php @@ -52,7 +52,7 @@ if ((isset($_POST['ok'])) && (!empty($_GET['admin']))) else { // Load admin's email address - $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array(bigintval($_GET['admin'])), __FILE__, __LINE__); list($email) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/modules/admin/what-admins_mails.php b/inc/modules/admin/what-admins_mails.php index d10136d258..7089670e0e 100644 --- a/inc/modules/admin/what-admins_mails.php +++ b/inc/modules/admin/what-admins_mails.php @@ -129,7 +129,7 @@ ORDER BY m.admin_id, m.mail_template", __FILE__, __LINE__); $aid = bigintval($aid); // Update entry - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_mails SET admin_id=%d WHERE id=%d ORDER BY id LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_mails SET admin_id=%s WHERE id=%s ORDER BY id LIMIT 1", array($aid, $id), __FILE__, __LINE__); if (($aid < 1) && (!empty($_POST['template'][$id]))) diff --git a/inc/modules/admin/what-config_admins.php b/inc/modules/admin/what-config_admins.php index c20a8c4f8f..d75a08ed75 100644 --- a/inc/modules/admin/what-config_admins.php +++ b/inc/modules/admin/what-config_admins.php @@ -50,7 +50,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) foreach ($_POST['sel'] as $id=>$sel) { // Load data for the ID - $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($aid, $act, $wht, $mode) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -88,7 +88,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) $id = bigintval($id); // Update entries - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%d, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1", array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__); } @@ -108,7 +108,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) foreach ($_POST['sel'] as $id=>$sel) { // Load data for the ID - $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($admin, $act, $wht, $mode) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -156,7 +156,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) // Remove entries foreach ($_POST['sel'] as $id=>$sel) { - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1", array(bigintval($id)),__FILE__, __LINE__); } @@ -172,7 +172,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) elseif (isset($_POST['add'])) { // Check if everything is fine... - $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array(bigintval($_POST['admin_id'])), __FILE__, __LINE__); list($mode) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -192,7 +192,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH)) { // Main or sub menu selected - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' AND what_menu='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1", array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { diff --git a/inc/modules/admin/what-config_cats.php b/inc/modules/admin/what-config_cats.php index df24b85e89..59b6eae39f 100644 --- a/inc/modules/admin/what-config_cats.php +++ b/inc/modules/admin/what-config_cats.php @@ -76,15 +76,15 @@ if (isset($_POST['add'])) { switch ($_GET['do']) { case "edit": // Change categories - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%d WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%s WHERE id=%s LIMIT 1", array($cat, $_POST['vis'][$id], $_POST['sort'][$id], $id), __FILE__, __LINE__); $TEXT = CATEGORIES_SAVED; break; case "del": // Delete categories - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s", array($id), __FILE__, __LINE__); $TEXT = CATEGORIES_DELETED; break; @@ -107,7 +107,7 @@ if (isset($_POST['add'])) { foreach ($_POST['sel'] as $id=>$value) { // Load data of category - $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($cat) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -133,7 +133,7 @@ if (isset($_POST['add'])) { foreach ($_POST['sel'] as $id=>$value) { // Load data from the category - $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($cat, $vis, $sort) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/modules/admin/what-config_email.php b/inc/modules/admin/what-config_email.php index 176e5f991b..fcc868b16c 100644 --- a/inc/modules/admin/what-config_email.php +++ b/inc/modules/admin/what-config_email.php @@ -72,13 +72,13 @@ if (isset($_POST['add_max'])) { switch ($_GET['do']) { case "edit": // Change entries - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%s LIMIT 1", array(bigintval($_POST['val'][$id]), $_POST['comm'][$id], $id),__FILE__, __LINE__); $TEXT = MRECEIVE_SAVED; break; case "del": - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); $TEXT = MRECEIVE_DELETED; break; @@ -95,7 +95,7 @@ if (isset($_POST['add_max'])) { foreach ($_POST['sel'] as $id=>$value) { // Load data - $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($value, $comment) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -121,7 +121,7 @@ if (isset($_POST['add_max'])) { $SW = 2; $OUT = ""; foreach ($_POST['sel'] as $id=>$value) { // Load data - $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($value, $comment) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/modules/admin/what-config_mods.php b/inc/modules/admin/what-config_mods.php index 8878c9ad5a..997f0de016 100644 --- a/inc/modules/admin/what-config_mods.php +++ b/inc/modules/admin/what-config_mods.php @@ -54,7 +54,7 @@ if (isset($_POST['edit'])) foreach ($_POST['sel'] as $id=>$sel) { // Load module data - $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($mod, $title, $locked, $hidden, $admin, $mem) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -99,7 +99,7 @@ if (isset($_POST['edit'])) $id = bigintval($id); // Update module - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%s LIMIT 1", array($_POST['title'][$id], $_POST['locked'][$id], $_POST['hidden'][$id], $_POST['admin'][$id], $_POST['member'][$id], $id), __FILE__, __LINE__); } diff --git a/inc/modules/admin/what-config_payouts.php b/inc/modules/admin/what-config_payouts.php index 93074ff03e..85f05c5466 100644 --- a/inc/modules/admin/what-config_payouts.php +++ b/inc/modules/admin/what-config_payouts.php @@ -98,8 +98,8 @@ if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) // Update entry $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_payout_types SET type='%s', -rate=%d, -min_points=%d, +rate=%s, +min_points=%s, allow_url='%s' WHERE id='".$id."' LIMIT 1", array( @@ -119,7 +119,7 @@ WHERE id='".$id."' LIMIT 1", foreach ($_POST['sel'] as $id=>$sel) { // Load data - $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($title, $rate, $mpoi, $allow) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -152,7 +152,7 @@ WHERE id='".$id."' LIMIT 1", // Delete entries foreach ($_POST['sel'] as $id=>$sel) { - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } $msg = ADMIN_PAYOUT_ENTRIES_DELETED; @@ -167,7 +167,7 @@ WHERE id='".$id."' LIMIT 1", $id = bigintval($id); // Load data - $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); list($title, $rate, $mpoi) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/modules/admin/what-config_points.php b/inc/modules/admin/what-config_points.php index f9728a8ff2..b11990bec1 100644 --- a/inc/modules/admin/what-config_points.php +++ b/inc/modules/admin/what-config_points.php @@ -95,7 +95,7 @@ if (isset($_POST['ok'])) $id = bigintval($id); // Update entry - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refdepths SET level='%s', percents='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refdepths SET level='%s', percents='%s' WHERE id=%s LIMIT 1", array(bigintval($value), $_POST['perc'][$id], $id), __FILE__, __LINE__); } $TEXT = REF_DEPTHS_SAVED; @@ -104,7 +104,7 @@ if (isset($_POST['ok'])) case "del": foreach ($_POST['id'] as $id=>$value) { - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } $TEXT = REF_DEPTHS_DELETED; @@ -123,7 +123,7 @@ if (isset($_POST['ok'])) $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_config SET allow_direct_pay='%s', reg_points_mode='%s', -ref_payout='%d' +ref_payout='%s' WHERE config=0 LIMIT 1", $_POST['allow_direct_pay'], $_POST['reg_points_mode'], @@ -132,8 +132,8 @@ WHERE config=0 LIMIT 1", if (($_CONFIG['ref_payout'] == 0) && ($_POST['ref_payout'] > 0)) { // Update account's ref_payout for "must-confirm" - $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=(%d - mails_confirmed) -WHERE mails_confirmed < %d", $REF, $REF); + $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=(%s - mails_confirmed) +WHERE mails_confirmed < %s", $REF, $REF); } elseif (($_CONFIG['ref_payout'] > 0) && ($_POST['ref_payout'] == 0)) { @@ -219,7 +219,7 @@ WHERE mails_confirmed < %d", $REF, $REF); $SW = 2; $OUT = ""; foreach ($_POST['sel'] as $id=>$value) { - $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($lvl, $perc) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -247,7 +247,7 @@ WHERE mails_confirmed < %d", $REF, $REF); $SW = 2; $OUT = ""; foreach ($_POST['sel'] as $id=>$value) { - $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($lvl, $perc) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/modules/admin/what-config_rallye_prices.php b/inc/modules/admin/what-config_rallye_prices.php index 0d3faf764b..de11145ca2 100644 --- a/inc/modules/admin/what-config_rallye_prices.php +++ b/inc/modules/admin/what-config_rallye_prices.php @@ -48,7 +48,7 @@ if (!empty($_GET['rallye'])) if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info'])))) { // Submitted data is valid, but maybe we already have this price level? - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d AND price_level='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s AND price_level='%s' LIMIT 1", array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) @@ -83,7 +83,7 @@ VALUES ('%s', '%s', '%s', '%s')", // Delete selected entries foreach ($_POST['sel'] as $id=>$sel) { - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } @@ -104,7 +104,7 @@ VALUES ('%s', '%s', '%s', '%s')", $id = bigintval($id); // Update entry - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%d, price_level='%s', points='%s', info='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1", array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__); } @@ -123,7 +123,7 @@ VALUES ('%s', '%s', '%s', '%s')", foreach ($_POST['sel'] as $id=>$sel) { // Load data to selected rallye - $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($rallye, $level, $points, $infos) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -168,7 +168,7 @@ VALUES ('%s', '%s', '%s', '%s')", foreach ($_POST['sel'] as $id=>$sel) { // Load data to selected rallye - $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($rallye, $level, $points, $infos) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -206,7 +206,7 @@ VALUES ('%s', '%s', '%s', '%s')", else { // A rallye was selected, so check if there are already prices assigned... - $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level", + $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level", array(bigintval($_GET['rallye'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) diff --git a/inc/modules/admin/what-config_register.php b/inc/modules/admin/what-config_register.php index 55b411fb52..7da90e439d 100644 --- a/inc/modules/admin/what-config_register.php +++ b/inc/modules/admin/what-config_register.php @@ -46,7 +46,7 @@ if (isset($_POST['ok'])) { foreach ($_POST['sel'] as $id=>$value) { - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_must_register SET field_required='%s' WHERE id=%d AND field_required != '%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_must_register SET field_required='%s' WHERE id=%s AND field_required != '%s' LIMIT 1", array($value, bigintval($id), $value),__FILE__, __LINE__); } LOAD_TEMPLATE("admin_settings_saved", false, REGISTER_ADMIN_CHANGES_SAVED); diff --git a/inc/modules/admin/what-del_email.php b/inc/modules/admin/what-del_email.php index 19816688b5..183410103e 100644 --- a/inc/modules/admin/what-del_email.php +++ b/inc/modules/admin/what-del_email.php @@ -45,7 +45,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (!empty($_GET['mid'])) { // Load email data - $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1", array(bigintval($_GET['mid'])), __FILE__, __LINE__); // Delete mail only once @@ -75,14 +75,14 @@ if (!empty($_GET['mid'])) { SEND_EMAIL($sender, MEMBER_ORDER_DELETED, $msg_user); // Delete mail from queue - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1", array(bigintval($_GET['mid'])), __FILE__, __LINE__); // Fetch right stats_id from pool $result = SQL_QUERY_ESC("SELECT s.id FROM "._MYSQL_PREFIX."_user_stats AS s LEFT JOIN "._MYSQL_PREFIX."_pool AS p ON s.pool_id=p.id -WHERE s.pool_id=%d LIMIT 1", +WHERE s.pool_id=%s LIMIT 1", array(bigintval($_GET['mid'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Fetch stats id @@ -92,7 +92,7 @@ WHERE s.pool_id=%d LIMIT 1", SQL_FREERESULT($result); // Get all user links - $result = SQL_QUERY_ESC("SELECT COUNT(id) AS 'cnt' FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d", + $result = SQL_QUERY_ESC("SELECT COUNT(id) AS 'cnt' FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s", array(bigintval($stats_id)), __FILE__, __LINE__); // Get unconfirmed links for calculation of total points @@ -140,7 +140,7 @@ WHERE s.pool_id=%d LIMIT 1", } // Remove links from DB - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s", array(bigintval($stats_id)), __FILE__, __LINE__); // Output link for manually removing stats entry @@ -152,12 +152,12 @@ WHERE s.pool_id=%d LIMIT 1", } } elseif (!empty($_GET['pid'])) { // Remove stats entries - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1", array(bigintval($_GET['pid'])), __FILE__, __LINE__); LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_USER_STATS_REMOVED); } elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) { // Load data from bonus mail - $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%d", + $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%s", array(bigintval($_GET['bid'])), __FILE__, __LINE__); // Delete mail only once @@ -167,9 +167,9 @@ WHERE s.pool_id=%d LIMIT 1", SQL_FREERESULT($result); // Delete bonus mail entirely from database - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1", array(bigintval($_GET['bid'])), __FILE__, __LINE__); - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s", array(bigintval($_GET['bid'])), __FILE__, __LINE__); // Prepare data for the template diff --git a/inc/modules/admin/what-del_holiday.php b/inc/modules/admin/what-del_holiday.php index 26a98a80df..f2b840e3fd 100644 --- a/inc/modules/admin/what-del_holiday.php +++ b/inc/modules/admin/what-del_holiday.php @@ -54,7 +54,7 @@ if ($SUM > 0) // Get the userid $result = SQL_QUERY_ESC("SELECT userid, holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays -WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); +WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load data and free memory @@ -64,11 +64,11 @@ WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); // Update user's account $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET holiday_active='N', holiday_activated='0' -WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); // Remove holiday $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays -WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); +WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); // Prepare loaded data for the $content = array( @@ -92,7 +92,7 @@ WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); // Fetch data $result_load = SQL_QUERY_ESC("SELECT holiday_start AS start, holiday_end AS end FROM "._MYSQL_PREFIX."_user_holidays -WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_NUMROWS($result_load) == 1) { // Load data @@ -104,7 +104,7 @@ WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); // Delete one holiday request (for task) $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays -WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); // Send email to user $msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, $_GET['u_id']); diff --git a/inc/modules/admin/what-del_transfer.php b/inc/modules/admin/what-del_transfer.php index 27ace76a17..3c833ba359 100644 --- a/inc/modules/admin/what-del_transfer.php +++ b/inc/modules/admin/what-del_transfer.php @@ -50,9 +50,9 @@ if (isset($_POST['del'])) // Delete entries... foreach ($_POST['sel'] as $id=>$sel) { - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_in WHERE trans_id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_in WHERE trans_id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_out WHERE trans_id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_out WHERE trans_id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } } diff --git a/inc/modules/admin/what-del_user.php b/inc/modules/admin/what-del_user.php index ba3d9e9c09..c18b248419 100644 --- a/inc/modules/admin/what-del_user.php +++ b/inc/modules/admin/what-del_user.php @@ -47,7 +47,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", ""); if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason'])))) { // Delete users account - $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_NUMROWS($result_user) == 1) { @@ -77,7 +77,7 @@ if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason'] else { // Realy want to delete? - $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { diff --git a/inc/modules/admin/what-edit_emails.php b/inc/modules/admin/what-edit_emails.php index 431c518819..ff86a369e1 100644 --- a/inc/modules/admin/what-edit_emails.php +++ b/inc/modules/admin/what-edit_emails.php @@ -54,7 +54,7 @@ if (SQL_NUMROWS($result) > 0) if (isset($_POST['ok'])) { // Make mail editable... - $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1", array(bigintval($_POST['id'])), __FILE__, __LINE__); list($subj, $text, $url) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -75,7 +75,7 @@ if (SQL_NUMROWS($result) > 0) subject='%s', text='%s', url='%s' -WHERE id=%d LIMIT 1", +WHERE id=%s LIMIT 1", array( addslashes($_POST['subj']), addslashes($_POST['text']), diff --git a/inc/modules/admin/what-edit_user.php b/inc/modules/admin/what-edit_user.php index ea524158c7..82e38399bb 100644 --- a/inc/modules/admin/what-edit_user.php +++ b/inc/modules/admin/what-edit_user.php @@ -46,7 +46,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", ""); $result_main = false; if (isset($_GET['u_id'])) { // 0 1 2 3 4 5 6 7 8 9 10 11 - $result_main = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_main = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); } @@ -82,11 +82,11 @@ surname='%s', family='%s', street_nr='%s', country='%s', -zip=%d, +zip=%s, city='%s', email='%s' ".$ADD." -WHERE userid=%d LIMIT 1", +WHERE userid=%s LIMIT 1", array( substr($_POST['salut'], 0, 1), $_POST['surname'], diff --git a/inc/modules/admin/what-email_archiv.php b/inc/modules/admin/what-email_archiv.php index 7e822c5dd8..7ec5a8febd 100644 --- a/inc/modules/admin/what-email_archiv.php +++ b/inc/modules/admin/what-email_archiv.php @@ -86,7 +86,7 @@ if (SQL_NUMROWS($result) > 0) while ($pool = SQL_FETCHROW($result)) { // Check sent mails and clicks - $result_mails = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1", + $result_mails = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1", array(bigintval($pool[0])), __FILE__, __LINE__); list($sent, $clicks) = SQL_FETCHROW($result_mails); SQL_FREERESULT($result_mails); diff --git a/inc/modules/admin/what-email_details.php b/inc/modules/admin/what-email_details.php index 190e808c92..2a765f9b3a 100644 --- a/inc/modules/admin/what-email_details.php +++ b/inc/modules/admin/what-email_details.php @@ -139,7 +139,7 @@ if (SQL_NUMROWS($result_list) > 0) while ($pool = SQL_FETCHROW($result_list)) { // Unconfirmed mails and sent mails - $result_uncon = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1", + $result_uncon = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1", array(bigintval($pool[0])), __FILE__, __LINE__); list($sent, $clicks) = SQL_FETCHROW($result_uncon); SQL_FREERESULT($result_uncon); diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index fb79f0a38a..3d47fee1d9 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -61,7 +61,7 @@ if (!empty($_GET['reg_ext'])) { // De/activate extension $ACT = "N"; $EXT_LOAD_MODE = "deactivate"; if ($active == "N") { $ACT = "Y"; $EXT_LOAD_MODE = "activate"; } - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%d AND ext_active='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%s AND ext_active='%s' LIMIT 1", array(bigintval($id), $active), __FILE__, __LINE__); // Run embeded SQL commands @@ -83,11 +83,11 @@ if (!empty($_GET['reg_ext'])) { $active = $_POST['active'][$id]; if (GET_EXT_VERSION("sql_patches") >= "0.0.6") { // Update also CSS column when extensions sql_patches is newer or exact v0.0.6 - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1", array($_POST['css'][$id], $active, $id), __FILE__, __LINE__); } else { // When extension is older than v0.0.6 there is no column for the CSS information - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%s LIMIT 1", array($active, $id), __FILE__, __LINE__); } @@ -114,12 +114,12 @@ if (!empty($_GET['reg_ext'])) { if (($sel == "Y") || ($sel == "N")) { // Load required data if (GET_EXT_VERSION("sql_patches") >= "0.0.6") { - $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($name, $css, $active) = SQL_FETCHROW($result); SQL_FREERESULT($result); } else { - $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($name, $active) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -291,7 +291,7 @@ case "register": // Register new extension // Is the ID number valid and the task was found? if (($id > 0) && ($task_found == 1)) { // ID is valid so begin with registration, we first want to it's real name from task management (subject column) - $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($subj) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/modules/admin/what-guestedit.php b/inc/modules/admin/what-guestedit.php index ea87d80141..72736ee626 100644 --- a/inc/modules/admin/what-guestedit.php +++ b/inc/modules/admin/what-guestedit.php @@ -69,7 +69,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ($confirm == 1) { $cnt++; - $query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1", + $query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); if (SQL_NUMROWS($query) == 1) { @@ -116,7 +116,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ($confirm == 1) { $cnt++; - $query = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1", + $query = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); if (SQL_NUMROWS($query) == 1) { @@ -161,7 +161,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) $sel = bigintval($sel); // Update entry - $query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1", array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__); } LOAD_TEMPLATE("admin_data_saved"); @@ -171,7 +171,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) foreach ($_POST['sel'] as $sel=>$menu) { // Delete enty - $query = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1", + $query = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); } LOAD_TEMPLATE("admin_data_saved"); @@ -184,7 +184,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) $sel = bigintval($sel); // Update entry - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1", array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__); } LOAD_TEMPLATE("admin_data_saved"); @@ -209,7 +209,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ($confirm == 1) { $cnt++; - $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -279,9 +279,9 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ((!empty($tid)) && (!empty($fid))) { // Sort menu - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__); - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__); } } diff --git a/inc/modules/admin/what-list_cats.php b/inc/modules/admin/what-list_cats.php index b0d0fc960c..9ec6e996f0 100644 --- a/inc/modules/admin/what-list_cats.php +++ b/inc/modules/admin/what-list_cats.php @@ -45,7 +45,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", ""); if (!empty($_GET['u_id'])) { // Check if the user already exists - $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -69,7 +69,7 @@ if (!empty($_GET['u_id'])) while (list($cid, $cat) = SQL_FETCHROW($result_cats)) { // Check user's selection - $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1", array(bigintval($_GET['u_id']), bigintval($cid)), __FILE__, __LINE__); // Set selection diff --git a/inc/modules/admin/what-list_country.php b/inc/modules/admin/what-list_country.php index d694fdf927..16ceaef0bf 100644 --- a/inc/modules/admin/what-list_country.php +++ b/inc/modules/admin/what-list_country.php @@ -107,7 +107,7 @@ if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr' foreach ($_POST['id'] as $id=>$status) { // Load data from DB - $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { diff --git a/inc/modules/admin/what-list_links.php b/inc/modules/admin/what-list_links.php index 5d7a1b02b5..ba73c72236 100644 --- a/inc/modules/admin/what-list_links.php +++ b/inc/modules/admin/what-list_links.php @@ -47,7 +47,7 @@ if (empty($_GET['del'])) $_GET['del'] = ""; if (!empty($_GET['u_id'])) { // Check if the user already exists - $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); // Is there an entry? @@ -59,11 +59,11 @@ if (!empty($_GET['u_id'])) { // Grab user's all unconfirmed mails if (EXT_IS_ACTIVE("bonus")) { // Load bonus ID - $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id", + $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); } else { // Load stats ID (2nd will be ignored later! But it is needed for the same fetchrow command) - $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id", + $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); } @@ -74,7 +74,7 @@ if (!empty($_GET['u_id'])) { // Some unconfirmed mails left if ($_GET['del'] == "all") { // Delete all unconfirmed mails by this user - $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d LIMIT %s", + $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s LIMIT %s", array(bigintval($_GET['u_id']), $nums), __FILE__, __LINE__); // Prepare mail and send it away @@ -92,14 +92,14 @@ if (!empty($_GET['u_id'])) { switch ($type) { case "NORMAL": - $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1", + $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); $type = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM; $LINK = "".$id.""; break; case "BONUS": - $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1", + $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1", array(bigintval($id2)), __FILE__, __LINE__); $type = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM; $LINK = "".$id2.""; diff --git a/inc/modules/admin/what-list_newsletter.php b/inc/modules/admin/what-list_newsletter.php index 58c998be0a..93ec1c91a9 100644 --- a/inc/modules/admin/what-list_newsletter.php +++ b/inc/modules/admin/what-list_newsletter.php @@ -45,11 +45,11 @@ if ((!empty($_POST['uid'])) && (!empty($_POST['id']))) { // Update database... // First user's account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%s LIMIT 1", array(bigintval($_POST['uid'])), __FILE__, __LINE__); // Next the task system... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1", array(bigintval($_POST['id'])), __FILE__, __LINE__); // Send mail to user diff --git a/inc/modules/admin/what-list_payouts.php b/inc/modules/admin/what-list_payouts.php index 43f831436d..737863132a 100644 --- a/inc/modules/admin/what-list_payouts.php +++ b/inc/modules/admin/what-list_payouts.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (!empty($_GET['pid'])) { // First let's get the member's ID - $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1", array($_GET['pid']), __FILE__, __LINE__); list($uid, $tuid, $points, $tstamp, $tpass) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -52,7 +52,7 @@ if (!empty($_GET['pid'])) if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0)) { // Get task ID from database - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%d AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%s AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); list($task) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -72,7 +72,7 @@ if (!empty($_GET['pid'])) if ((!empty($task)) && (!empty($uid)) && ($uid > 0)) { // Load user's data - $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); list($email, $sex, $surname, $family) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -86,7 +86,7 @@ if (!empty($_GET['pid'])) if (isset($_POST['ok'])) { // Obtain payout type and other data - $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1", array(bigintval($_GET['pid'])), __FILE__, __LINE__); list($ptype) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -94,7 +94,7 @@ if (!empty($_GET['pid'])) if (!empty($ptype)) { // Obtain data from payout type - $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1", array(bigintval($ptype)), __FILE__, __LINE__); list($fuid, $fpass, $eurl, $eok, $failed, $eenc, $allow) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -136,12 +136,12 @@ if (!empty($_GET['pid'])) // Clear task if ($task > 0) { - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1", array(bigintval($task)),__FILE__, __LINE__); } // Clear payout request - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%s LIMIT 1", array(bigintval($_GET['pid'])), __FILE__, __LINE__); // Send out mail @@ -189,12 +189,12 @@ if (!empty($_GET['pid'])) if ($task > 0) { // Clear task - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1", array(bigintval($task)), __FILE__, __LINE__); } // Clear payout request - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%s LIMIT 1", array(bigintval($_GET['pid'])), __FILE__, __LINE__); // Send out mail diff --git a/inc/modules/admin/what-list_rallyes.php b/inc/modules/admin/what-list_rallyes.php index f8f809a166..aee3d15034 100644 --- a/inc/modules/admin/what-list_rallyes.php +++ b/inc/modules/admin/what-list_rallyes.php @@ -54,11 +54,11 @@ if (isset($_GET['rallye'])) switch ($_GET['activate']) { case "1": // Activate - $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='Y' WHERE id=%d AND is_active='N' LIMIT 1"; + $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='Y' WHERE id=%s AND is_active='N' LIMIT 1"; break; case "0": // Deactivate - $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='N' WHERE id=%d AND is_active='Y' LIMIT 1"; + $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='N' WHERE id=%s AND is_active='Y' LIMIT 1"; break; } } @@ -69,11 +69,11 @@ if (isset($_GET['rallye'])) switch ($_GET['notify']) { case "1": // Activate - $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='Y' WHERE id=%d AND send_notify='N' LIMIT 1"; + $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='Y' WHERE id=%s AND send_notify='N' LIMIT 1"; break; case "0": // Deactivate - $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='N' WHERE id=%d AND send_notify='Y' LIMIT 1"; + $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='N' WHERE id=%s AND send_notify='Y' LIMIT 1"; break; } } @@ -84,11 +84,11 @@ if (isset($_GET['rallye'])) switch ($_GET['auto']) { case "1": // Activate - $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='Y' WHERE id=%d AND auto_add_new_user='N' LIMIT 1"; + $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='Y' WHERE id=%s AND auto_add_new_user='N' LIMIT 1"; break; case "0": // Deactivate - $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='N' WHERE id=%d AND auto_add_new_user='Y' LIMIT 1"; + $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='N' WHERE id=%s AND auto_add_new_user='Y' LIMIT 1"; break; } } @@ -109,11 +109,11 @@ if (isset($_GET['rallye'])) foreach ($_POST['sel'] as $id=>$sel) { // Remove selected rallye entirely... - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s", array(bigintval($id)), __FILE__, __LINE__); - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s", array(bigintval($id)), __FILE__, __LINE__); } @@ -172,7 +172,7 @@ if (isset($_POST['edit'])) foreach ($_POST['sel'] as $id=>$sel) { // Load rallye basic data - $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($title, $descr, $templ, $start, $end, $min_users, $min_prices) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -223,7 +223,7 @@ if (isset($_POST['edit'])) elseif (($_GET['sub'] == "users") && ($_GET['rallye'] > 0)) { // List users and their refs before start and current - $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d ORDER BY userid", + $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s ORDER BY userid", array(bigintval($_GET['rallye'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { @@ -287,11 +287,11 @@ ORDER BY start_time DESC", $alogin = GET_ADMIN_LOGIN($aid); // Count assigned prices - $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d", + $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s", array(bigintval($id)), __FILE__, __LINE__); // Count joined userids - $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d", + $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s", array($id), __FILE__, __LINE__); $joined = SQL_NUMROWS($result_user); diff --git a/inc/modules/admin/what-list_refs.php b/inc/modules/admin/what-list_refs.php index 29b0b1ca78..acfc839872 100644 --- a/inc/modules/admin/what-list_refs.php +++ b/inc/modules/admin/what-list_refs.php @@ -51,7 +51,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", ""); if (!empty($_GET['u_id'])) { // Check if the user already exists - $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -59,9 +59,9 @@ if (!empty($_GET['u_id'])) SQL_FREERESULT($result); // Loads surname, family's name and the email address - $result = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d", + $result = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); - $result_lck = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d AND status != 'CONFIRMED' ORDER BY userid", + $result_lck = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s AND status != 'CONFIRMED' ORDER BY userid", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); $menge = SQL_RESULT($result , 0, 0); $menge_lck = SQL_RESULT($result_lck, 0, 0); @@ -70,7 +70,7 @@ if (!empty($_GET['u_id'])) SQL_FREERESULT($result); SQL_FREERESULT($result_lck); - $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email, status, joined FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d ORDER BY userid", + $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email, status, joined FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s ORDER BY userid", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); OUTPUT_HTML(ADMIN_TOTAL_REFS_1."".ADMIN_USER_PROFILE_LINK($_GET['u_id'])."".ADMIN_TOTAL_REFS_2.$menge.ADMIN_TOTAL_REFS_3.$menge_lck.ADMIN_TOTAL_REFS_4."

"); @@ -84,7 +84,7 @@ if (!empty($_GET['u_id'])) while ($row = SQL_FETCHROW($result)) { // Check for referrals - $result_refs = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d", + $result_refs = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s", array(bigintval($row[0])), __FILE__, __LINE__); $refs_cnt = SQL_RESULT($result_refs, 0, 0); SQL_FREERESULT($result_refs); diff --git a/inc/modules/admin/what-list_task.php b/inc/modules/admin/what-list_task.php index a4c2c82f76..5ac8fff0b1 100644 --- a/inc/modules/admin/what-list_task.php +++ b/inc/modules/admin/what-list_task.php @@ -103,7 +103,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L // Unassign from tasks foreach ($_POST['task'] as $id=>$sel) { - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%s AND assigned_admin='%s' LIMIT 1", array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__); } } @@ -115,13 +115,13 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L if ($_GET['type'] == "deleted") { // Delete task immediately - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1", array(bigintval($id)),__FILE__, __LINE__); } else { // Mark task as to be deleted (purged by autppurge extension) - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='DELETED' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='DELETED' WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } } diff --git a/inc/modules/admin/what-list_unconfirmed.php b/inc/modules/admin/what-list_unconfirmed.php index a4cfc7b654..1c763694f5 100644 --- a/inc/modules/admin/what-list_unconfirmed.php +++ b/inc/modules/admin/what-list_unconfirmed.php @@ -158,9 +158,9 @@ WHERE l.%s='%s' ORDER BY l.userid LIMIT %s", elseif ($_GET['mid'] > 0) { // Data in pool or in user_stats not found, so let's find out where data is missing - $result1 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + $result1 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1", array(bigintval($ID)), __FILE__, __LINE__); - $result2 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1", + $result2 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1", array(bigintval($ID)), __FILE__, __LINE__); if (SQL_NUMROWS($result1) == 1) { diff --git a/inc/modules/admin/what-list_user.php b/inc/modules/admin/what-list_user.php index 0199638d13..f8f5982e0d 100644 --- a/inc/modules/admin/what-list_user.php +++ b/inc/modules/admin/what-list_user.php @@ -74,7 +74,7 @@ if (!empty($_GET['u_id'])) // Does the account exists? 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails, receive_mails, refid, status, REMOTE_ADDR, last_online, last_module, ref_clicks, total_logins, used_points, emails_sent, joined, last_update, last_profile_sent, notified, ref_payout".$MORE." FROM "._MYSQL_PREFIX."_user_data -WHERE userid=%d LIMIT 1", +WHERE userid=%s LIMIT 1", array($uid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { diff --git a/inc/modules/admin/what-lock_user.php b/inc/modules/admin/what-lock_user.php index 021adfaf4b..d31d1e7c1c 100644 --- a/inc/modules/admin/what-lock_user.php +++ b/inc/modules/admin/what-lock_user.php @@ -44,7 +44,7 @@ ADD_DESCR("admin", basename(__FILE__)); OPEN_TABLE("100%", "admin_content admin_content_align", ""); if (!empty($_GET['u_id'])) { - $result_user = SQL_QUERY_ESC("SELECT status, sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT status, sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); $ACT = false; if (SQL_NUMROWS($result_user) == 1) @@ -58,7 +58,7 @@ if (!empty($_GET['u_id'])) ADD_MEMBER_SELECTION_BOX(); } elseif (!empty($_POST['lock'])) { // Ok, lock the account! - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) { @@ -74,7 +74,7 @@ if (!empty($_GET['u_id'])) $ACT = true; } elseif (!empty($_POST['unlock'])) { // Ok, unlock the account! - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) { @@ -106,7 +106,7 @@ if (!empty($_GET['u_id'])) } else { - $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { diff --git a/inc/modules/admin/what-memedit.php b/inc/modules/admin/what-memedit.php index d240fc7d63..fc93c8932d 100644 --- a/inc/modules/admin/what-memedit.php +++ b/inc/modules/admin/what-memedit.php @@ -68,7 +68,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ($confirm == 1) { $cnt++; - $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -115,7 +115,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ($confirm == 1) { $cnt++; - $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -157,7 +157,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ($confirm == 1) { $cnt++; - $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -204,17 +204,17 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) switch ($_POST['ok']) { case "edit": // Edit menu - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%s LIMIT 1", array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $_POST['sel_descr'][$sel], $sel), __FILE__, __LINE__); break; case "del": // Delete menu - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1", array($sel), __FILE__, __LINE__); break; case "status": // Change status of menus - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1", array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__); break; } @@ -255,9 +255,9 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ((!empty($tid)) && (!empty($fid))) { // Sort menu - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__); - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__); } } diff --git a/inc/modules/admin/what-newsletter.php b/inc/modules/admin/what-newsletter.php deleted file mode 100644 index 456fab2594..0000000000 --- a/inc/modules/admin/what-newsletter.php +++ /dev/null @@ -1,3 +0,0 @@ - diff --git a/inc/modules/admin/what-payments.php b/inc/modules/admin/what-payments.php index 9a987d72a4..fe64ee8c48 100644 --- a/inc/modules/admin/what-payments.php +++ b/inc/modules/admin/what-payments.php @@ -115,7 +115,7 @@ if (isset($_POST['ok'])) $SW = 2; $OUT = ""; foreach ($_POST['sel'] as $id=>$value) { - $result = SQL_QUERY_ESC("SELECT time, mail_title FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT time, mail_title FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($time, $title) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -143,7 +143,7 @@ if (isset($_POST['ok'])) $SW = 2; $OUT = ""; foreach ($_POST['sel'] as $id=>$value) { - $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($time, $pay, $title, $price) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/modules/admin/what-refbanner.php b/inc/modules/admin/what-refbanner.php index c52ab321cd..1d8c3605fb 100644 --- a/inc/modules/admin/what-refbanner.php +++ b/inc/modules/admin/what-refbanner.php @@ -82,7 +82,7 @@ VALUES ('%s', '%s', '%s')", $id = bigintval($id); // Update entry - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%s LIMIT 1", array($_POST['url'][$id], $_POST['alternate'][$id], $_POST['visible'], $id), __FILE__, __LINE__); } break; @@ -104,7 +104,7 @@ VALUES ('%s', '%s', '%s')", foreach ($_POST['sel'] as $id=>$sel) { // Load data - $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($url, $alt, $vis) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -134,7 +134,7 @@ VALUES ('%s', '%s', '%s')", // Delete banner foreach ($_POST['sel'] as $id=>$sel) { - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } } diff --git a/inc/modules/admin/what-repair_amnu.php b/inc/modules/admin/what-repair_amnu.php index 35f926b828..774d53e800 100644 --- a/inc/modules/admin/what-repair_amnu.php +++ b/inc/modules/admin/what-repair_amnu.php @@ -51,7 +51,7 @@ while(list($id, $act) = SQL_FETCHROW($result_fix)) $ACTIONs[] = $act; // Fix weight - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%s LIMIT 1", array($cnt, bigintval($id)), __FILE__, __LINE__); $REP += SQL_AFFECTEDROWS(); @@ -74,7 +74,7 @@ foreach ($ACTIONs as $act) while (list($id) = SQL_FETCHROW($result_fix)) { // Fix weight - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%s LIMIT 1", array($cnt, bigintval($id)), __FILE__, __LINE__); $REP += SQL_AFFECTEDROWS(); diff --git a/inc/modules/admin/what-repair_cats.php b/inc/modules/admin/what-repair_cats.php index eb9be4cdc4..aee12756a9 100644 --- a/inc/modules/admin/what-repair_cats.php +++ b/inc/modules/admin/what-repair_cats.php @@ -47,12 +47,12 @@ if (SQL_NUMROWS($result) > 0) $REMOVED = 0; // Nothing is removed for now... ;-) while (list($uid) = SQL_FETCHROW($result)) { - $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); if (SQL_NUMROWS($result_user) == 0) { // Ok, we found something to remove - $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d", + $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); $REMOVED += SQL_AFFECTEDROWS(); } diff --git a/inc/modules/admin/what-repair_gmnu.php b/inc/modules/admin/what-repair_gmnu.php index 85e635484a..80ac7ca7c0 100644 --- a/inc/modules/admin/what-repair_gmnu.php +++ b/inc/modules/admin/what-repair_gmnu.php @@ -50,7 +50,7 @@ while(list($id, $act) = SQL_FETCHROW($result_fix)) $ACTIONS[] = $act; // Fix weight - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%s LIMIT 1", array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__); $REP += SQL_AFFECTEDROWS(); @@ -74,7 +74,7 @@ foreach ($ACTIONS as $act) while (list($id) = SQL_FETCHROW($result_fix)) { // Fix weight - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%s LIMIT 1", array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__); $REP += SQL_AFFECTEDROWS(); diff --git a/inc/modules/admin/what-repair_mmnu.php b/inc/modules/admin/what-repair_mmnu.php index 0eeb00cd14..81d3ade161 100644 --- a/inc/modules/admin/what-repair_mmnu.php +++ b/inc/modules/admin/what-repair_mmnu.php @@ -50,7 +50,7 @@ while(list($id, $act) = SQL_FETCHROW($result_fix)) $ACTIONS[] = $act; // Fix weight - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%s LIMIT 1", array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__); $REP += SQL_AFFECTEDROWS(); @@ -73,7 +73,7 @@ foreach ($ACTIONS as $act) while (list($id) = SQL_FETCHROW($result_fix)) { // Fix weight - $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%d LIMIT 1", + $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%s LIMIT 1", array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__); $REP += SQL_AFFECTEDROWS(); diff --git a/inc/modules/admin/what-send_bonus.php b/inc/modules/admin/what-send_bonus.php index ace9560270..3bd840b305 100644 --- a/inc/modules/admin/what-send_bonus.php +++ b/inc/modules/admin/what-send_bonus.php @@ -57,7 +57,7 @@ if (isset($_POST['ok'])) // Select category $CAT_TABS = "LEFT JOIN "._MYSQL_PREFIX."_user_cats AS c ON d.userid=c.userid"; $cat = bigintval($_POST['cat']); - $CAT_WHERE = " AND c.cat_id=%d"; + $CAT_WHERE = " AND c.cat_id=%s"; } if (GET_EXT_VERSION("holiday") >= "0.1.3") { @@ -167,13 +167,13 @@ VALUES ('%s', '%s', '%s', '%s', '%s', 'NEW', UNIX_TIMESTAMP(), '%s', '%s', '%s', { $CATS['id'][] = $id; $CATS['name'][] = $cat; - $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d", + $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s", array(bigintval($id)), __FILE__, __LINE__); $uid_cnt = "0"; while (list($ucat) = SQL_FETCHROW($result_uids)) { $result_ver = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data -WHERE userid=%d AND status='CONFIRMED' AND receive_mails > 0".$MORE." LIMIT 1", +WHERE userid=%s AND status='CONFIRMED' AND receive_mails > 0".$MORE." LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); $uid_cnt += SQL_NUMROWS($result_ver); diff --git a/inc/modules/admin/what-stats.php b/inc/modules/admin/what-stats.php deleted file mode 100644 index cc11671e26..0000000000 --- a/inc/modules/admin/what-stats.php +++ /dev/null @@ -1,3 +0,0 @@ - diff --git a/inc/modules/admin/what-sub_points.php b/inc/modules/admin/what-sub_points.php index 9c6cc1d8fe..dc9982fc0f 100644 --- a/inc/modules/admin/what-sub_points.php +++ b/inc/modules/admin/what-sub_points.php @@ -54,7 +54,7 @@ if ($_GET['u_id'] == "all") while (list($uid) = SQL_FETCHROW($result_main)) { // User ID found in URL so we use this give him some credits - $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -65,8 +65,7 @@ if ($_GET['u_id'] == "all") if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { // Ok, add points to used points and send an email to him... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array(bigintval($_POST['points'], bigintval($uid))), __FILE__, __LINE__); + SUB_POINTS($uid, $_POST['points']); // Load message and send it away $msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $uid); @@ -89,7 +88,7 @@ if ($_GET['u_id'] == "all") elseif (!empty($_GET['u_id'])) { // User ID found in URL so we use this give him some credits - $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($_GET['u_id'])),__FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -100,15 +99,7 @@ if ($_GET['u_id'] == "all") if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { // Ok, add to used points and send an email to him... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array(bigintval($_POST['points']), bigintval($_GET['u_id'])), __FILE__, __LINE__); - - // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { - // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "sub", bigintval($_POST['points'])); - } + SUB_POINTS(bigintval($_GET['u_id']), $_POST['points']); // Remember points in template define('__POINTS_VALUE', bigintval($_POST['points'])); diff --git a/inc/modules/admin/what-theme_check.php b/inc/modules/admin/what-theme_check.php index 99df9a4106..62eca499ee 100644 --- a/inc/modules/admin/what-theme_check.php +++ b/inc/modules/admin/what-theme_check.php @@ -72,7 +72,7 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]")) if ((substr($value, 0, 6) == "theme-") && (substr($value, -4) == ".zip")) { $name = substr($value, 6, -4); - $file = PATH."themes/".$name."/theme.php"; + $file = sprintf("%sthemes/%s/theme.php", PATH, $name); $ver = trim(substr($response[$idx + 3], 4)); // Load version @@ -101,18 +101,18 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]")) $LANG_DUMMY[$k] = $v; if ($v == "xx:xx") break; $LANG[] = $v; - } + } // END - foreach // If language is found stop searching on matching line foreach($LANG as $search) { if (substr($search, 0, 3) == (GET_LANGUAGE().":")) { $INFO = substr($search, 3); break; } - } + } // END - foreach // Add informations to array $THEMES['infos'][] = $INFO; - } - } - } + } // END - if + } // END - if + } // END - foreach // Ok, themes are on our server but maybe you have already installed them? if (sizeof($THEMES['fname']) > 0) { @@ -146,17 +146,14 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]")) // Load template LOAD_TEMPLATE("admin_theme_list"); - } - else - { + } else { // All Themes are downloaded and installed LOAD_TEMPLATE("admin_theme_installed", false, $count); } -} - else -{ +} else { // No theme where found LOAD_TEMPLATE("admin_theme_404"); } + // ?> diff --git a/inc/modules/admin/what-unlock_emails.php b/inc/modules/admin/what-unlock_emails.php index 663d9ae4ea..65c342dec1 100644 --- a/inc/modules/admin/what-unlock_emails.php +++ b/inc/modules/admin/what-unlock_emails.php @@ -66,17 +66,17 @@ if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) { $id = bigintval($id); // Unlock selected email - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%d AND data_type='ADMIN' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%s AND data_type='ADMIN' LIMIT 1", array($id), __FILE__, __LINE__); // Update wents fine? if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) { - // Order placed in queue... 0 1 2 3 - $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment + // Order placed in queue... 0 1 2 3 4 + $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment, po.payment_id FROM "._MYSQL_PREFIX."_pool AS po INNER JOIN "._MYSQL_PREFIX."_payments AS pay ON po.payment_id=pay.id -WHERE po.id=%d +WHERE po.id=%s LIMIT 1", array($id), __FILE__, __LINE__); @@ -89,7 +89,7 @@ LIMIT 1", // Check for bonus extension version >= 0.4.4 for the order bonus if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y")) { // Add points directly - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%s LIMIT 1", array(bigintval($DATA['sender'])), __FILE__, __LINE__); // Subtract bonus points from system @@ -99,7 +99,7 @@ LIMIT 1", // Check for surfbar extension if (EXT_IS_ACTIVE("surfbar")) { // Add the url - $insertId = SURFBAR_ADMIN_ADD_URL($DATA['url'], $DATA['sender'], $DATA['payment']); + $insertId = SURFBAR_ADMIN_ADD_URL($DATA['url'], $DATA['sender'], $DATA['payment'], $DATA['payment_id']); // Load email template $msg_user = LOAD_EMAIL_TEMPLATE("order_accept_sb", $insertId, $DATA['sender']); @@ -131,7 +131,7 @@ LIMIT 1", $id = bigintval($id); // Load URL and subject from pool - $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); // Load data @@ -148,7 +148,7 @@ LIMIT 1", if ((empty($_POST['redirect'])) || ($_POST['redirect'] == "http://")) $_POST['redirect'] = URL; // Redirect URL - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1", array($_POST['redirect'], $id),__FILE__, __LINE__); // Prepare data for the row template diff --git a/inc/modules/admin/what-user_contct.php b/inc/modules/admin/what-user_contct.php index be76d576ed..4475fed1d5 100644 --- a/inc/modules/admin/what-user_contct.php +++ b/inc/modules/admin/what-user_contct.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); // Is a user id given? if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) { // Load user data and display it - $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); // Is a user account found? diff --git a/inc/modules/chk_login.php b/inc/modules/chk_login.php index 14a9ee7a4c..7db176ac52 100644 --- a/inc/modules/chk_login.php +++ b/inc/modules/chk_login.php @@ -44,7 +44,7 @@ OUTPUT_HTML("
".VALIDATING_LOGIN."
"); if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime'))) { // Get theme from profile - $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($NewTheme) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -57,7 +57,7 @@ if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSession // Update last login $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_login=UNIX_TIMESTAMP() -WHERE userid=%d AND last_login < (UNIX_TIMESTAMP() - %d) +WHERE userid=%s AND last_login < (UNIX_TIMESTAMP() - %s) LIMIT 1", array($GLOBALS['userid'], $_CONFIG['login_timeout']), __FILE__, __LINE__); if (SQL_AFFECTEDROWS($link) == 1) $bonus = true; diff --git a/inc/modules/frametester.php b/inc/modules/frametester.php index 48ff5cc346..78ab97dacc 100644 --- a/inc/modules/frametester.php +++ b/inc/modules/frametester.php @@ -43,7 +43,7 @@ if (!empty($_GET['order'])) { // Order number placed, is he also logged in? if(IS_LOGGED_IN()) { // Ok, test passed... :) - $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1", array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); // Finally is the entry valid? diff --git a/inc/modules/guest/action-online.php b/inc/modules/guest/action-online.php index e8df9e7777..a030f9eff2 100644 --- a/inc/modules/guest/action-online.php +++ b/inc/modules/guest/action-online.php @@ -54,7 +54,7 @@ if ($_CONFIG['mad_counter'] < $total) // Update counter $_CONFIG['mad_counter'] = $total; $_CONFIG['last_mad'] = time(); - $result_mad = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET mad_timestamp=%d, mad_count='%s' WHERE config=0 LIMIT 1", + $result_mad = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET mad_timestamp=%s, mad_count='%s' WHERE config=0 LIMIT 1", array($_CONFIG['last_mad'], $_CONFIG['mad_counter']), __FILE__, __LINE__); // Destroy cache diff --git a/inc/modules/guest/what-confirm.php b/inc/modules/guest/what-confirm.php index 6ecc2d43e4..9ac317ea97 100644 --- a/inc/modules/guest/what-confirm.php +++ b/inc/modules/guest/what-confirm.php @@ -68,7 +68,7 @@ if (!empty($_GET['hash'])) if (($rid > 0) && ($rid != $uid)) { // Select the referral userid - $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($rid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -94,7 +94,7 @@ if (!empty($_GET['hash'])) if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y")) { // Add points (directly only!) - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%s LIMIT 1", array($_CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__); // Subtract points from system diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index 62450c81b6..70652bf981 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -98,7 +98,7 @@ if (IS_LOGGED_IN()) { if (!empty($UID2)) $UID = $UID2; } else { // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($UID), $hash), __FILE__, __LINE__); list($dmy, $password, $online, $login) = SQL_FETCHROW($result); } @@ -122,7 +122,7 @@ if (IS_LOGGED_IN()) { $hash = generateHash($_POST['password']); // ... and update database - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array($hash, $UID), __FILE__, __LINE__); // No login bonus by default @@ -157,7 +157,7 @@ if (IS_LOGGED_IN()) { && set_session("lifetime", $l , $life, COOKIE_PATH)); // Update global array - $GLOBALS['userid'] = $UID; + $GLOBALS['userid'] = bigintval($UID); } else { // Check for login data $login = IS_LOGGED_IN(); @@ -165,7 +165,7 @@ if (IS_LOGGED_IN()) { if ($login) { // Update database records - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); if (SQL_AFFECTEDROWS($link) == 1) { // Procedure to checking for login data @@ -194,7 +194,7 @@ if (IS_LOGGED_IN()) { } } else { // Other account status? - $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -244,7 +244,7 @@ if (IS_LOGGED_IN()) { else { // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1", array(bigintval($UID), $_POST['email']), __FILE__, __LINE__); } if (SQL_NUMROWS($result) == 1) @@ -256,7 +256,7 @@ if (IS_LOGGED_IN()) { { // Ooppps, this was missing! ;-) We should update the database... $NEW_PASS = GEN_PASS(); - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s LIMIT 1", array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__); // Prepare data and message for email diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index c0eeb66f5b..a69272b4b7 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -161,7 +161,7 @@ if (isset($_POST['ok'])) } // Test the refid (because some strange hackers... :-P) - $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { @@ -235,7 +235,7 @@ if ((isset($_POST['ok'])) && (!$FAILED)) ////////////////////////////// // $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.") -VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")", +VALUES ('%s', '%s', '%s', '%s', '%s', %s, '%s', '%s', %s, %s, %s, '%s', %s, %s, %s, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")", array( $countryRow, SQL_ESCAPE(substr($_POST['sex'], 0, 1)), @@ -266,14 +266,14 @@ array( $userid = bigintval($userid); // Write his welcome-points - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=0 LIMIT 1", array(bigintval($userid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Add only when the line was not found (maybe some more secure?) $locked = "points"; if ($_CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails! - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%s, 0, '%s')", array(bigintval($userid), $_CONFIG['points_register']), __FILE__, __LINE__); // Update mediadata as well @@ -288,7 +288,7 @@ array( foreach ($_POST['cat'] as $cat=>$joined) { if ($joined == "Y") { // Insert category entry - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%s, %s)", array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__); } } diff --git a/inc/modules/guest/what-stats.php b/inc/modules/guest/what-stats.php index 3fa8d6f720..fa3acb35a9 100644 --- a/inc/modules/guest/what-stats.php +++ b/inc/modules/guest/what-stats.php @@ -75,7 +75,7 @@ case "MEMBERS": // Statistics about your members for ($idx = 1; $idx < 13; $idx++) { $month = $idx; if ($idx < 10) $month = "0".$idx; - $months[$month] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE birth_month=%d AND status='CONFIRMED'", + $months[$month] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE birth_month=%s AND status='CONFIRMED'", array(bigintval($month)), __FILE__, __LINE__)); } @@ -94,7 +94,7 @@ case "MEMBERS": // Statistics about your members foreach ($cats as $id=>$dummy) { // We only need id and nothing more to count... - $cat_cnt[$id] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d", + $cat_cnt[$id] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s", array(bigintval($id)), __FILE__, __LINE__)); } diff --git a/inc/modules/member/what-beg.php b/inc/modules/member/what-beg.php index 98fb7e21c5..eb9c6aa125 100644 --- a/inc/modules/member/what-beg.php +++ b/inc/modules/member/what-beg.php @@ -63,7 +63,7 @@ if (EXT_IS_ACTIVE("nickname")) } // Run SQL command -$result = SQL_QUERY_ESC("SELECT ".$data.", beg_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($uid), __FILE__, __LINE__); +$result = SQL_QUERY_ESC("SELECT ".$data.", beg_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($uid), __FILE__, __LINE__); list($uid, $clicks) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/modules/member/what-categories.php b/inc/modules/member/what-categories.php index 9a4473c541..4f2a8ae238 100644 --- a/inc/modules/member/what-categories.php +++ b/inc/modules/member/what-categories.php @@ -76,7 +76,7 @@ if ($cats > 0) { case 'Y': $sql = ""; - $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1", array($UID, bigintval($cat)), __FILE__, __LINE__); if (SQL_NUMROWS($result_user) == 0) @@ -91,7 +91,7 @@ if ($cats > 0) break; case 'N': - $sql = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1"; + $sql = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1"; break; } if (!empty($sql)) @@ -124,7 +124,7 @@ if ($cats > 0) $JOINED_N = ' checked'; $JOINED_Y = ""; // Check category selection - $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1", array($UID, bigintval($id)), __FILE__, __LINE__); // When we found an entry don't read it, just change the JOINED_x variables diff --git a/inc/modules/member/what-holiday.php b/inc/modules/member/what-holiday.php index 57c5e38485..2df58e320c 100644 --- a/inc/modules/member/what-holiday.php +++ b/inc/modules/member/what-holiday.php @@ -52,11 +52,11 @@ ADD_DESCR("member", basename(__FILE__)); // Check for running mail orders in pool $result1 = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool -WHERE sender=%d ORDER BY timestamp DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); +WHERE sender=%s ORDER BY timestamp DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Check for sent mail orders in stats $result2 = SQL_QUERY_ESC("SELECT timestamp_ordered FROM "._MYSQL_PREFIX."_user_stats -WHERE userid=%d ORDER BY timestamp_ordered DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); +WHERE userid=%s ORDER BY timestamp_ordered DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if ((SQL_NUMROWS($result1) == 1) || (SQL_NUMROWS($result2) == 1)) { @@ -115,7 +115,7 @@ if (isset($_POST['ok'])) // Activate holiday system $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET holiday_active='N', holiday_activated=UNIX_TIMESTAMP() -WHERE userid=%d LIMIT 1", +WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Prepare constants @@ -148,7 +148,7 @@ if (isset($_POST['stop'])) { // Okay, end the holiday here... $result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM "._MYSQL_PREFIX."_user_data -WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($active, $locked) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -156,7 +156,7 @@ WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); { // Load data $result = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays -WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Data was found @@ -170,11 +170,11 @@ WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Deactivate it now $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET holiday_active='N', holiday_activated='0' -WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Remove entry $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays -WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Send email to admin SEND_ADMIN_NOTIFICATION(HOLIDAY_ADMIN_DEAC_SUBJ, "admin_holiday_deactivated", "", $GLOBALS['userid']); @@ -200,7 +200,7 @@ if ((!isset($_POST['ok'])) && (!isset($_POST['stop']))) { // Check if user is in holiday... $result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM "._MYSQL_PREFIX."_user_data -WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($active, $locked) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -213,7 +213,7 @@ WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); case 'Y': // Display deactivation form // Load starting and ending date $result = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays -WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Data was found @@ -236,7 +236,7 @@ WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Remove entry and reload URL $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET holiday_active='N' -WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); LOAD_URL("modules.php?module=login&what=holiday"); return; } diff --git a/inc/modules/member/what-html_mail.php b/inc/modules/member/what-html_mail.php index 451a68e65a..2ce7fd81dc 100644 --- a/inc/modules/member/what-html_mail.php +++ b/inc/modules/member/what-html_mail.php @@ -54,14 +54,14 @@ ADD_DESCR("member", basename(__FILE__)); if (isset($_POST['ok'])) { // Save settings - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET html='%s' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET html='%s' WHERE userid=%s LIMIT 1", array($_POST['html'], $GLOBALS['userid']), __FILE__, __LINE__); LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_SETTINGS_SAVED); } else { // Load template for changing settings - $result = SQL_QUERY_ESC("SELECT html FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT html FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($mode) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/modules/member/what-logout.php b/inc/modules/member/what-logout.php index 6c7926ac2a..d2f8e71bbd 100644 --- a/inc/modules/member/what-logout.php +++ b/inc/modules/member/what-logout.php @@ -32,13 +32,10 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); -} - elseif (!IS_LOGGED_IN()) -{ +} elseif (!IS_LOGGED_IN()) { LOAD_URL("modules.php?module=index"); } @@ -50,8 +47,7 @@ $URL = URL."/modules.php?module=index"; // NEW: Fixed the Set of Cookies, you mus add right TimeSet, if you changed it in What_login.php! (eg. time()- cookieTime -if (set_session("userid", "") && set_session("u_hash", "") && set_session("lifetime", "")) -{ +if (destroy_user_session()) { // Remove theme cookie as well set_session("mxchange_theme", ""); @@ -60,14 +56,13 @@ if (set_session("userid", "") && set_session("u_hash", "") && set_session("lifet // Destroy session here @session_destroy(); -} - else -{ +} else { // Cannot logout! :-( $URL .= "&msg=".CODE_LOGOUT_FAILED; } -// +// Load the URL LOAD_URL($URL); + // ?> diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php index fbcf7b56a8..97554795d5 100644 --- a/inc/modules/member/what-mydata.php +++ b/inc/modules/member/what-mydata.php @@ -65,13 +65,13 @@ case "show": // Show his data if (EXT_IS_ACTIVE("country", true)) { // New way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 - $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); } else { // Old way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 - $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); } $DATA = SQL_FETCHROW($result); @@ -115,14 +115,14 @@ case "edit": // Edit data { // New way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update -FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", +FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); } else { // Old way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update -FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", +FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); } @@ -203,7 +203,7 @@ FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", case "save": // Save entered data // Load old email / password: 0 1 2 - $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); $DATA = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -253,14 +253,14 @@ case "save": // Save entered data $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET sex='%s', surname='%s', family='%s', street_nr='%s', -country_code=%d, zip=%d, city='%s', +country_code=%s, zip=%s, city='%s', email='%s', -birth_day=%d, birth_month=%d, birth_year=%d, -max_mails=%d, +birth_day=%s, birth_month=%s, birth_year=%s, +max_mails=%s, last_update=UNIX_TIMESTAMP()".$AND.", notified='N', last_profile_sent=UNIX_TIMESTAMP() -WHERE userid=%d AND password='%s' LIMIT 1", +WHERE userid=%s AND password='%s' LIMIT 1", array( $_POST['sex'], $_POST['surname'], @@ -284,14 +284,14 @@ array( $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET sex='%s', surname='%s', family='%s', street_nr='%s', -country='%s', zip=%d, city='%s', +country='%s', zip=%s, city='%s', email='%s', -birth_day=%d, birth_month=%d, birth_year=%d, +birth_day=%s, birth_month=%s, birth_year=%s, max_mails='%s', last_update=UNIX_TIMESTAMP()".$AND.", notified='N', last_profile_sent=UNIX_TIMESTAMP() -WHERE userid=%d AND password='%s' LIMIT 1", +WHERE userid=%s AND password='%s' LIMIT 1", array( $_POST['sex'], $_POST['surname'], @@ -325,7 +325,7 @@ array( break; case "notify": // Switch off notfication - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); $URL = URL."/modules.php?module=login&what=welcome&msg=".urlencode(PROFILE_UPDATED); break; diff --git a/inc/modules/member/what-newsletter.php b/inc/modules/member/what-newsletter.php index 04a8dbfc31..eac7c3265f 100644 --- a/inc/modules/member/what-newsletter.php +++ b/inc/modules/member/what-newsletter.php @@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load status -$result = SQL_QUERY_ESC("SELECT nl_receive, nl_until, nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", +$result = SQL_QUERY_ESC("SELECT nl_receive, nl_until, nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($status, $until, $span) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -62,7 +62,7 @@ define('__CHARGE_VALUE', TRANSLATE_COMMA($_CONFIG['nl_charge'])); if ((isset($_POST['ok'])) && ($status == "Y") && ($span == "0")) { // Save request - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_timespan='".(ONE_DAY * 30)."' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_timespan='".(ONE_DAY * 30)."' WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Load admin message diff --git a/inc/modules/member/what-nickname.php b/inc/modules/member/what-nickname.php index 5459df4780..f6802001b7 100644 --- a/inc/modules/member/what-nickname.php +++ b/inc/modules/member/what-nickname.php @@ -74,7 +74,7 @@ if ($VALID) if (SQL_NUMROWS($result) == 0) { // Nickname not in use, so set it now - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nickname='%s' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nickname='%s' WHERE userid=%s LIMIT 1", array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__); $content = NICKNAME_SAVED; } diff --git a/inc/modules/member/what-order.php b/inc/modules/member/what-order.php index a71d44fdc4..9bbe6a58f8 100644 --- a/inc/modules/member/what-order.php +++ b/inc/modules/member/what-order.php @@ -71,7 +71,7 @@ foreach($_POST as $key=>$value) define('__MIN_VALUE', $_CONFIG['order_min']); // Count unconfirmed mails -$result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d", +$result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__); $links = SQL_NUMROWS($result_links); SQL_FREERESULT($result_links); @@ -86,7 +86,7 @@ if (GET_EXT_VERSION("holiday") >= "0.1.3") $result_mmails = SQL_QUERY_ESC("SELECT userid, receive_mails, mail_orders, ".$HOLIDAY." FROM "._MYSQL_PREFIX."_user_data -WHERE userid=%d AND max_mails > 0 LIMIT 1", +WHERE userid=%s AND max_mails > 0 LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); $mmails = SQL_NUMROWS($result_mmails); @@ -101,7 +101,7 @@ if ($_CONFIG['order_max_full'] == "MAX") $ALLOWED = $MAXI; $HTML_EXT = EXT_IS_ACTIVE("html_mail"); // Now check his points amount -$result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d", +$result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__); $TOTAL = "0"; @@ -112,7 +112,7 @@ if (SQL_NUMROWS($result_p) > 0) SQL_FREERESULT($result_p); // And subtract his used points... - $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($p) = SQL_FETCHROW($result_p); @@ -134,7 +134,7 @@ if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3")) // Continue with the frametester, we first need to store the data temporary in the pool // // First we would like to store the data and get it's pool position back... - $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND url='%s' AND timestamp > %d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND url='%s' AND timestamp > %s LIMIT 1", array($GLOBALS['userid'], $_POST['url'], bigintval(time() - $_CONFIG['url_tlock'])), __FILE__, __LINE__); $type = "TEMP"; $id = "0"; @@ -235,7 +235,7 @@ if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3")) $result = SQL_QUERY_ESC("SELECT DISTINCT c.userid FROM "._MYSQL_PREFIX."_user_cats AS c LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON c.userid=d.userid -WHERE c.cat_id=%d AND c.userid != '%s' AND d.status='CONFIRMED' AND d.receive_mails > 0 +WHERE c.cat_id=%s AND c.userid != '%s' AND d.status='CONFIRMED' AND d.receive_mails > 0 ".$ADD." ORDER BY d.%s %s", array( @@ -264,7 +264,7 @@ ORDER BY d.%s %s", { // Check for his holiday status $result_holiday = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_holidays -WHERE userid=%d AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1", +WHERE userid=%s AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1", array(bigintval($REC)), __FILE__, __LINE__); if (SQL_NUMROWS($result_holiday) == 1) $REC = 0; // Exclude user who are in holiday @@ -356,14 +356,14 @@ array( subject='%s', text='%s', receivers='%s', -payment_id=%d, +payment_id=%s, timestamp=UNIX_TIMESTAMP(), url='%s', -cat_id=%d, -target_send=%d, -zip=%d, +cat_id=%s, +target_send=%s, +zip=%s, html_msg='%s' -WHERE id=%d LIMIT 1", +WHERE id=%s LIMIT 1", array( $_POST['subject'], $_POST['text'], @@ -384,13 +384,13 @@ array( subject='%s', text='%s', receivers='%s', -payment_id=%d, +payment_id=%s, timestamp=UNIX_TIMESTAMP(), url='%s', -cat_id=%d, -target_send=%d, -zip=%d -WHERE id=%d LIMIT 1", +cat_id=%s, +target_send=%s, +zip=%s +WHERE id=%s LIMIT 1", array( $_POST['subject'], $_POST['text'], @@ -408,7 +408,7 @@ array( // Do we need to get the ID number? if ($id == 0) { // Order is placed as temporary. We need to get it's id for the frametester - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND subject='%s' AND payment_id=%d AND data_type='TEMP' AND timestamp=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND subject='%s' AND payment_id=%s AND data_type='TEMP' AND timestamp=%s LIMIT 1", array( $GLOBALS['userid'], $_POST['subject'], @@ -482,7 +482,7 @@ array( $CATS['name'][] = $cat; // Select users in current category - $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d AND userid != '%s' ORDER BY userid", + $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s AND userid != '%s' ORDER BY userid", array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__); $uid_cnt = "0"; @@ -496,7 +496,7 @@ array( $result_holiday = SQL_QUERY_ESC("SELECT DISTINCT d.userid FROM "._MYSQL_PREFIX."_user_data AS d LEFT JOIN "._MYSQL_PREFIX."_user_holidays AS h ON d.userid=h.userid -WHERE d.userid=%d AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y' +WHERE d.userid=%s AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y' AND h.holiday_start < ".time()." AND h.holiday_end > ".time()." LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); if (SQL_NUMROWS($result_holiday) == 1) @@ -512,7 +512,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); if (!$HOL_ACTIVE) { // Check if the user want's to receive mails? - $result_ver = SQL_QUERY_ESC("SELECT zip FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d".$HTML." AND receive_mails > 0 AND status='CONFIRMED' LIMIT 1", + $result_ver = SQL_QUERY_ESC("SELECT zip FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s".$HTML." AND receive_mails > 0 AND status='CONFIRMED' LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); if ((SQL_NUMROWS($result_ver) == 1) && (!empty($_POST['zip'])) && ($_CONFIG['order_multi_page'] == "Y")) @@ -552,7 +552,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); switch ($_GET['msg']) { case CODE_URL_TLOCK: - $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1", array(bigintval($_GET['id'])), __FILE__, __LINE__); // Load timestamp from last order @@ -666,7 +666,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); $OLD_ORDER = false; $subject = ""; $text = ""; $target = ""; // Check if we already have an order placed and make it editable - $result = SQL_QUERY_ESC("SELECT subject, text, payment_id, timestamp, url, target_send, cat_id, zip FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND data_type='TEMP' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT subject, text, payment_id, timestamp, url, target_send, cat_id, zip FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND data_type='TEMP' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) diff --git a/inc/modules/member/what-payout.php b/inc/modules/member/what-payout.php index a61a58bf3c..48bd9617d2 100644 --- a/inc/modules/member/what-payout.php +++ b/inc/modules/member/what-payout.php @@ -53,7 +53,7 @@ $TPTS = "0"; while (list($lvl, $per) = SQL_FETCHROW($result_depths)) { // Load referral points - $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=%d LIMIT 1", + $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=%s LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__); if (SQL_NUMROWS($result_points) == 1) { @@ -66,7 +66,7 @@ while (list($lvl, $per) = SQL_FETCHROW($result_depths)) // Free memory SQL_FREERESULT($result_depths); -$result = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", +$result = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($USED) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -82,7 +82,7 @@ if (empty($_GET['payout'])) // Load payout types $result = SQL_QUERY_ESC("SELECT id, type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types -WHERE %d >= min_points +WHERE %s >= min_points ORDER BY type", array(str_replace(",", ".", $TPTS)), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { @@ -94,7 +94,7 @@ ORDER BY type", array(str_replace(",", ".", $TPTS)), __FILE__, __LINE__); FROM "._MYSQL_PREFIX."_user_payouts AS p LEFT JOIN "._MYSQL_PREFIX."_payout_types AS t ON p.payout_id = t.id -WHERE p.userid = %d +WHERE p.userid = %s ORDER BY p.payout_timestamp DESC", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result_payouts) > 0) @@ -162,7 +162,7 @@ ORDER BY p.payout_timestamp DESC", else { // Chedk if he can get paid by selected type - $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1", array(bigintval($_GET['payout'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) @@ -195,22 +195,14 @@ ORDER BY p.payout_timestamp DESC", define('PAYOUT_POINTS_VALUE', $PAYOUT); // Subtract points from member's account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array($PAYOUT, $GLOBALS['userid']), __FILE__, __LINE__); - - // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { - // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $PAYOUT); - } + SUB_POINTS($GLOBALS['userid'], $PAYOUT); // Add entry to his tranfer history if ($allow == "Y") { // Banner/textlink ordered $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, payout_id, payout_timestamp, status, target_url, link_text, banner_url) -VALUES (%d, %d, %d, UNIX_TIMESTAMP(), 'NEW', '%s', '%s', '%s')", +VALUES (%s, %s, %s, UNIX_TIMESTAMP(), 'NEW', '%s', '%s', '%s')", array( $GLOBALS['userid'], bigintval($_POST['payout']), @@ -235,7 +227,7 @@ VALUES (%d, %d, %d, UNIX_TIMESTAMP(), 'NEW', '%s', '%s', '%s')", { // e-currency payout requested $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, target_account, target_bank, payout_id, payout_timestamp, status, password) -VALUES (%d, %d, %d, '%s', %d, UNIX_TIMESTAMP(), 'NEW', '%s')", +VALUES (%s, %s, %s, '%s', %s, UNIX_TIMESTAMP(), 'NEW', '%s')", array( $GLOBALS['userid'], bigintval($_POST['payout']), @@ -257,7 +249,7 @@ VALUES (%d, %d, %d, '%s', %d, UNIX_TIMESTAMP(), 'NEW', '%s')", // Generate task $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, status, task_type, subject, text, task_created, userid) -VALUES (0, 'NEW', 'PAYOUT_REQUEST', '[payout:] ".PAYOUT_REQUEST_ADMIN."', '%s', UNIX_TIMESTAMP(), %d)", +VALUES (0, 'NEW', 'PAYOUT_REQUEST', '[payout:] ".PAYOUT_REQUEST_ADMIN."', '%s', UNIX_TIMESTAMP(), %s)", array( $msg_adm, $GLOBALS['userid'] diff --git a/inc/modules/member/what-points.php b/inc/modules/member/what-points.php index fe9402524a..88f026fd61 100644 --- a/inc/modules/member/what-points.php +++ b/inc/modules/member/what-points.php @@ -63,7 +63,7 @@ while (list($lvl, $per) = SQL_FETCHROW($result_depths)) { $REFS = "0"; // Load referral points - $result_points = SQL_QUERY_ESC("SELECT points, locked_points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=%d LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__); + $result_points = SQL_QUERY_ESC("SELECT points, locked_points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=%s LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__); if (SQL_NUMROWS($result_points) == 1) { list($points, $LOCKED) = SQL_FETCHROW($result_points); SQL_FREERESULT($result_points); @@ -74,7 +74,7 @@ while (list($lvl, $per) = SQL_FETCHROW($result_depths)) { } // Load referral counts - $result_refs = SQL_QUERY_ESC("SELECT counter FROM "._MYSQL_PREFIX."_refsystem WHERE userid=%d AND level='%s' LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__); + $result_refs = SQL_QUERY_ESC("SELECT counter FROM "._MYSQL_PREFIX."_refsystem WHERE userid=%s AND level='%s' LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__); if (SQL_NUMROWS($result_refs) == 1) { list($REFS) = SQL_FETCHROW($result_refs); SQL_FREERESULT($result_refs); @@ -101,7 +101,7 @@ SQL_FREERESULT($result_depths); // Put rows to constant for the main template define('__REF_LEVEL_ROWS', $OUT); -$result = SQL_QUERY_ESC("SELECT used_points, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", +$result = SQL_QUERY_ESC("SELECT used_points, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($USED, $PAY) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -115,7 +115,7 @@ if (GET_EXT_VERSION("user") >= "0.1.2") { if (GET_EXT_VERSION("user") >= "0.1.4") { $ADD = ", emails_sent, emails_received"; } - $result = SQL_QUERY_ESC("SELECT mails_confirmed".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT mails_confirmed".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($CONFIRMED, $SENT, $RECEIVED) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -145,7 +145,7 @@ if ((GET_EXT_VERSION("bonus") >= "0.2.2") && (EXT_IS_ACTIVE("bonus")) && ($_CONF if (GET_EXT_VERSION("bonus") >= "0.4.4") $ADD = ", bonus_ref, bonus_order, bonus_stats"; // Load data - $result = SQL_QUERY_ESC("SELECT login_bonus, turbo_bonus".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT login_bonus, turbo_bonus".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // We don't add this points now. This will be done after each month diff --git a/inc/modules/member/what-reflinks.php b/inc/modules/member/what-reflinks.php index 4cc8f5a57e..0715a595b7 100644 --- a/inc/modules/member/what-reflinks.php +++ b/inc/modules/member/what-reflinks.php @@ -48,7 +48,7 @@ ADD_DESCR("member", basename(__FILE__)); OPEN_TABLE("90%", "member_table member_content_align", ""); // Load current referral clicks -$result = SQL_QUERY_ESC("SELECT ref_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", +$result = SQL_QUERY_ESC("SELECT ref_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($c) = SQL_FETCHROW($result); diff --git a/inc/modules/member/what-stats.php b/inc/modules/member/what-stats.php index a6a9468d83..2e22897621 100644 --- a/inc/modules/member/what-stats.php +++ b/inc/modules/member/what-stats.php @@ -45,7 +45,7 @@ ADD_DESCR("member", basename(__FILE__)); // Load waiting/pending orders $result = SQL_QUERY_ESC("SELECT id, cat_id, payment_id, subject, url, timestamp, target_send, data_type, zip FROM "._MYSQL_PREFIX."_pool -WHERE sender=%d AND data_type != 'SEND' +WHERE sender=%s AND data_type != 'SEND' ORDER BY timestamp DESC", array($GLOBALS['userid']), __FILE__, __LINE__); @@ -92,7 +92,7 @@ SQL_FREERESULT($result); // 0 1 2 3 4 5 6 7 8 $result = SQL_QUERY_ESC("SELECT id, cat_id, payment_id, subject, url, timestamp_ordered, max_rec, timestamp_send, clicks FROM "._MYSQL_PREFIX."_user_stats -WHERE userid=%d +WHERE userid=%s ORDER BY timestamp_ordered DESC", array($GLOBALS['userid']), __FILE__, __LINE__); diff --git a/inc/modules/member/what-surfbar_start.php b/inc/modules/member/what-surfbar_start.php index fcbf2bc4e0..b90d08d338 100644 --- a/inc/modules/member/what-surfbar_start.php +++ b/inc/modules/member/what-surfbar_start.php @@ -51,10 +51,13 @@ $content = array( ); // Construct template name -$templateName = substr(basename(__FILE__), 5, -4)."_".strtolower($_CONFIG['surfbar_pay_model']); +$templateName = "member_".substr(basename(__FILE__), 5, -4)."_".strtolower($_CONFIG['surfbar_pay_model']); // Load the template LOAD_TEMPLATE($templateName, false, $content); +// Load surfbar link template +LOAD_TEMPLATE("member_surfbar_link"); + // ?> diff --git a/inc/modules/member/what-themes.php b/inc/modules/member/what-themes.php index eb2c73ec18..e52b8da189 100644 --- a/inc/modules/member/what-themes.php +++ b/inc/modules/member/what-themes.php @@ -48,7 +48,7 @@ ADD_DESCR("member", basename(__FILE__)); if (!empty($_POST['member_theme'])) { // Save theme to member's profile - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET curr_theme='%s' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET curr_theme='%s' WHERE userid=%s LIMIT 1", array($_POST['member_theme'], $GLOBALS['userid']), __FILE__, __LINE__); // Set new theme for guests @@ -76,14 +76,13 @@ $handle = opendir(PATH."theme/") or mxchange_die("Cannot read themes dir!"); while ($dir = readdir($handle)) { // Construct absolute theme.php file name - $theme = PATH."theme/".$dir."/"."theme.php"; + $theme = sprintf("%stheme/%s/theme.php", PATH, $dir); // Test it... $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' AND theme_active='Y' LIMIT 1", array($dir), __FILE__, __LINE__); - if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme)) && (SQL_NUMROWS($result) == 1)) - { + if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme)) && (SQL_NUMROWS($result) == 1)) { // Free memory SQL_FREERESULT($result); diff --git a/inc/modules/member/what-transfer.php b/inc/modules/member/what-transfer.php index 03da5c22f3..b521ba218f 100644 --- a/inc/modules/member/what-transfer.php +++ b/inc/modules/member/what-transfer.php @@ -46,7 +46,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { ADD_DESCR("member", basename(__FILE__)); // Load data -$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", +$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($opt_in) = SQL_FETCHROW($result); @@ -63,13 +63,13 @@ switch ($MODE) { case "new": // Start new transfer // Get total points and subtract the balance amount from it = maximum transferable points - $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND points > 0", + $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND points > 0", array($GLOBALS['userid']), __FILE__, __LINE__); list($total) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Get totally used points and password - $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($used, $pass) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -201,12 +201,11 @@ case "new": // Start new transfer __FILE__, __LINE__); // Add points to account *directly* ... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1", array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__); // ... and add it to current user's used points - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array(bigintval($_POST['points']), $GLOBALS['userid']), __FILE__, __LINE__); + SUB_POINTS($GLOBALS['userid'], $_POST['points']); // First send email to recipient $msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID); @@ -348,14 +347,14 @@ case "list_out": // List only outgoing transactions switch ($MODE) { case "list_in": - $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max']; + $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max']; $NOTHING = TRANSFER_NO_INCOMING_TRANSFERS; define('__TRANSFER_SUM', TRANSFER_TOTAL_INCOMING); define('__TRANSFER_TITLE', TRANSFER_LIST_INCOMING); break; case "list_out": - $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max']; + $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max']; $NOTHING = TRANSFER_NO_OUTGOING_TRANSFERS; define('__TRANSFER_SUM', TRANSFER_TOTAL_OUTGOING); define('__TRANSFER_TITLE', TRANSFER_LIST_OUTGOING); @@ -432,7 +431,7 @@ KEY(party_uid) ) TYPE=HEAP", __FILE__, __LINE__); // Let's begin with the incoming list - $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY id LIMIT %s", + $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY id LIMIT %s", array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__); while ($DATA = SQL_FETCHROW($result)) { @@ -445,7 +444,7 @@ array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__); SQL_FREERESULT($result); // As the last table transfer data from outgoing table to temporary - $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY id LIMIT %s", + $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY id LIMIT %s", array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__); while ($DATA = SQL_FETCHROW($result)) { @@ -524,7 +523,7 @@ array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__); case "": // Overview page // Check incoming transfers - $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__); list($dmy) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -539,7 +538,7 @@ case "": // Overview page } // Check outgoing transfers - $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__); list($dmy) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -566,7 +565,7 @@ case "": // Overview page if (isset($_POST['ok'])) { // Save settings - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%s LIMIT 1", array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__); // Rember for next switch() command @@ -591,7 +590,7 @@ case "": // Overview page } // Check for latest out-transfers - $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%d ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%s ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Load template diff --git a/inc/modules/member/what-unconfirmed.php b/inc/modules/member/what-unconfirmed.php index 0e53bcb920..ade5361525 100644 --- a/inc/modules/member/what-unconfirmed.php +++ b/inc/modules/member/what-unconfirmed.php @@ -49,13 +49,13 @@ OPEN_TABLE("100%", "member_content member_content_align", ""); if (EXT_IS_ACTIVE("bonus")) { // Load bonus ID - $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY bonus_id DESC", + $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY bonus_id DESC", array($GLOBALS['userid']), __FILE__, __LINE__); } else { // Don't load bonus ID - $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY stats_id DESC", + $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY stats_id DESC", array($GLOBALS['userid']), __FILE__, __LINE__); } @@ -70,13 +70,13 @@ if (SQL_NUMROWS($result) > 0) switch ($type) { case "NORMAL": - $result_data = SQL_QUERY_ESC("SELECT subject, subject, timestamp_ordered, cat_id, payment_id, pool_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1", + $result_data = SQL_QUERY_ESC("SELECT subject, subject, timestamp_ordered, cat_id, payment_id, pool_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); $type = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM; break; case "BONUS": - $result_data = SQL_QUERY_ESC("SELECT subject, text, timestamp, cat_id, points, id FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1", + $result_data = SQL_QUERY_ESC("SELECT subject, text, timestamp, cat_id, points, id FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1", array(bigintval($id2)), __FILE__, __LINE__); $type = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM; break; @@ -90,7 +90,7 @@ if (SQL_NUMROWS($result) > 0) if ($type == "NORMAL") { $pay = GET_PAY_POINTS($pay, "payment"); - $result_text = SQL_QUERY_ESC("SELECT text FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + $result_text = SQL_QUERY_ESC("SELECT text FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1", array(bigintval($pool)), __FILE__, __LINE__); list($text) = SQL_FETCHROW($result_text); SQL_FREERESULT($result_text); diff --git a/inc/modules/member/what-welcome.php b/inc/modules/member/what-welcome.php index a008e48709..46dd492a4d 100644 --- a/inc/modules/member/what-welcome.php +++ b/inc/modules/member/what-welcome.php @@ -54,7 +54,7 @@ define('_LAST_MODULE_VALUE', GET_MOD_DESCR("member", $LAST['module'])); LOAD_TEMPLATE("member_welcome_header"); // Chedk if he is returning from a profile update notification -$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE notified='Y' AND userid=%d LIMIT 1", +$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE notified='Y' AND userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if ((SQL_NUMROWS($result) == 1) && (EXT_IS_ACTIVE("profile"))) diff --git a/inc/modules/member/what-wernis.php b/inc/modules/member/what-wernis.php index 4fc5af8c21..181603bab5 100644 --- a/inc/modules/member/what-wernis.php +++ b/inc/modules/member/what-wernis.php @@ -63,7 +63,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) { $content['refid'] = bigintval($_CONFIG['wernis_refid']); // Get WDS66 id - $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Are there some entries? @@ -81,7 +81,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) { $_GET['mode'] = "list"; // And load all rows! - $result = SQL_QUERY_ESC("SELECT `id`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type` FROM "._MYSQL_PREFIX."_user_wernis WHERE `userid` = %d ORDER BY `wernis_timestamp` DESC", + $result = SQL_QUERY_ESC("SELECT `id`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type` FROM "._MYSQL_PREFIX."_user_wernis WHERE `userid` = %s ORDER BY `wernis_timestamp` DESC", array($GLOBALS['userid']), __FILE__, __LINE__); // Load all rows @@ -132,7 +132,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) { // Get WDS66 id $content['wds66_id'] = ""; - $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Are there some entries? @@ -153,7 +153,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) { $content['wds66_id'] = ""; // Get WDS66 id - $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Are there some entries? @@ -209,7 +209,7 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) { ADD_POINTS_REFSYSTEM($GLOBALS['userid'], bigintval($_POST['amount']), false, 0, false, "direct"); // Update the user data as well.. - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `wernis_userid`=%d WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `wernis_userid`=%s WHERE userid=%s LIMIT 1", array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__); // All done! @@ -271,7 +271,7 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) { } // Remove the points from the account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `used_points` = `used_points` + %d, `wernis_userid`=%d WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `used_points` = `used_points` + %s, `wernis_userid`=%s WHERE userid=%s LIMIT 1", array(bigintval($_POST['amount']), bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__); // All done! diff --git a/inc/modules/order.php b/inc/modules/order.php index 53d88eb778..e617ab9b6c 100644 --- a/inc/modules/order.php +++ b/inc/modules/order.php @@ -63,7 +63,7 @@ if (empty($URL)) { } // Update sending pool - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1", array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); // Finally is the entry valid? @@ -72,13 +72,13 @@ if (empty($URL)) { UPDATE_LOGIN_DATA(); // Load personal data... - $result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($sex, $sname, $fname, $email) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Load mail again... 0 1 2 3 4 5 6 7 - $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s LIMIT 1", array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); $DATA = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -90,8 +90,7 @@ if (empty($URL)) { // Update used points $ADD = ""; if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1"; - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s".$ADD." WHERE userid=%d LIMIT 1", - array($USED, $GLOBALS['userid']), __FILE__, __LINE__); + SUB_POINTS($GLOBALS['userid']), $USED); // Update mediadata as well if (GET_EXT_VERSION("mediadata") >= "0.0.4") { diff --git a/inc/monthly/monthly_beg.php b/inc/monthly/monthly_beg.php index d66358db40..d5afb1cd3c 100644 --- a/inc/monthly/monthly_beg.php +++ b/inc/monthly/monthly_beg.php @@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // Do not execute when script is in CSS mode or no daily reset -if (($CSS == 1) || (!defined('__DAILY_RESET'))) return; +if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return; // Get current month (2 digits) $curr = date("m", time()); @@ -83,7 +83,7 @@ FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' ".$whereStatement1." % { // Add points to user's account directly $result_data = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points -SET points=points+%s WHERE ref_depth=0 AND userid=%d LIMIT 1", +SET points=points+%s WHERE ref_depth=0 AND userid=%s LIMIT 1", array($points, bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well diff --git a/inc/monthly/monthly_bonus.php b/inc/monthly/monthly_bonus.php index 12da67f6b4..b555dd3238 100644 --- a/inc/monthly/monthly_bonus.php +++ b/inc/monthly/monthly_bonus.php @@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // Do not execute when script is in CSS mode or no daily reset -if (($CSS == 1) || (!defined('__DAILY_RESET'))) return; +if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return; // Get current month (2 digits) $curr = date("m", time()); @@ -96,7 +96,7 @@ ORDER BY active_bonus DESC, userid LIMIT %s", // Add points to user's account directly $result_data = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points -SET points=points+%s WHERE ref_depth=0 AND userid=%d LIMIT 1", +SET points=points+%s WHERE ref_depth=0 AND userid=%s LIMIT 1", array($points, bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well diff --git a/inc/monthly/monthly_newsletter.php b/inc/monthly/monthly_newsletter.php index 1afaf04c61..a23eea936a 100644 --- a/inc/monthly/monthly_newsletter.php +++ b/inc/monthly/monthly_newsletter.php @@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // Do not execute when script is in CSS mode or no daily reset -if (($CSS == 1) || (!defined('__DAILY_RESET'))) return; +if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return; // Get current month (2 digits) $curr = date("m", time()); @@ -59,7 +59,7 @@ if ($_CONFIG['nl_month'] != $curr) while(list($uid, $until) = SQL_FETCHROW($result)) { // Update account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_receive='Y', nl_until='0' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_receive='Y', nl_until='0' WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); // Send email to him diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php index 20f4233310..9cd96c8fa4 100644 --- a/inc/mysql-connect.php +++ b/inc/mysql-connect.php @@ -40,6 +40,10 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { // CFG: DEBUG-SQL (if enabled and DEBUG_MODE is enabled all SQL queries will be logged to debug.log) define('DEBUG_SQL', false); +// Default is not a frameset +global $isFrameset; +$isFrameset = false; + // Load library require_once(PATH."inc/db/lib.php"); @@ -113,7 +117,7 @@ LIMIT 1", __FILE__, __LINE__); // Run daily reset if ((date("d", $_CONFIG['last_update']) != date("d", time()) || ((isBooleanConstantAndTrue('DEBUG_MODE')))) && (!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($CSS != 1)) { // Do daily things in external PHP file but only when script is completely setup - $INC_POOL[] = PATH."inc/reset/reset_daily.php"; + $INC_POOL[] = sprintf("%sinc/reset/reset_daily.php", PATH); // Daily reset was run! define('__DAILY_RESET', "1"); diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 4be52eb6d6..f87c4c4c0d 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -551,7 +551,7 @@ function IS_LOGGED_IN() if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH'))) { // Cookies are set with values, but are they valid? - $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -572,9 +572,7 @@ function IS_LOGGED_IN() } else { // Maybe got locked etc. //* DEBUG: */ echo __LINE__."!!!
"; - set_session("userid", ""); - set_session("u_hash", ""); - set_session("lifetime", ""); + destroy_user_session(); // Remove array elements to prevent errors unset($GLOBALS['userid']); @@ -582,9 +580,6 @@ function IS_LOGGED_IN() } else { // Cookie data is invalid! //* DEBUG: */ echo __LINE__."***
"; - set_session("userid", ""); - set_session("u_hash", ""); - set_session("lifetime", ""); // Remove array elements to prevent errors unset($GLOBALS['userid']); @@ -597,9 +592,7 @@ function IS_LOGGED_IN() { // Cookie data is invalid! //* DEBUG: */ echo __LINE__."///
"; - set_session("userid", ""); - set_session("u_hash", ""); - set_session("lifetime", ""); + destroy_user_session(); // Remove array elements to prevent errors unset($GLOBALS['userid']); @@ -627,7 +620,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { if (!IS_LOGGED_IN()) return false; // Load last module and last online time - $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load last module and online time list($mod, $onl) = SQL_FETCHROW($result); @@ -646,14 +639,12 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { } // Update last module / online time - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__); } } else { // Destroy session, we cannot update! - set_session("userid", ""); - set_session("u_hash", ""); - set_session("lifetime", ""); + destroy_user_session(); } } // @@ -724,7 +715,7 @@ function SEND_MODE_MAILS($mod, $modes) global $_CONFIG, $DATA; // Load hash - $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result_main) == 1) { // Load hash from database @@ -737,7 +728,7 @@ function SEND_MODE_MAILS($mod, $modes) $hash = generatePassString($hashDB); if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) { // Load user's data - $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND password='%s' LIMIT 1", array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load the data @@ -920,7 +911,7 @@ function GET_CATEGORY ($cid) { $ret = _CATEGORY_404; // Lookup the category - $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1", array(bigintval($cid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Category found... :-) @@ -939,7 +930,7 @@ function GET_PAYMENT ($pid, $full=false) { $ret = _PAYMENT_404; // Load payment data - $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1", array(bigintval($pid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Payment type found... :-) @@ -963,7 +954,7 @@ function GET_PAYMENT ($pid, $full=false) { function GET_PAY_POINTS($pid, $lookFor="price") { $ret = "-1"; - $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1", array($lookFor, $pid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -988,7 +979,7 @@ function REMOVE_RECEIVER(&$ARRAY, $key, $uid, $pool_id, $stats_id="", $bonus=fal // Only when we got a real stats ID continue searching for the entry $type = "NORMAL"; $rowName = "stats_id"; if ($bonus) { $type = "BONUS"; $rowName = "bonus_id"; } - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%d AND link_type='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%s AND link_type='%s' LIMIT 1", array($rowName, $stats_id, bigintval($uid), $type), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { @@ -1069,10 +1060,14 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock $DEPTH++; } + // Percents and table + $percents = "percents"; if (isset($_CONFIG['db_percents'])) $percents = $_CONFIG['db_percents']; + $table = "refdepths"; if (isset($_CONFIG['db_table'])) $table = $_CONFIG['db_table']; + // Which points, locked or normal? $data = "points"; if ($locked) $data = "locked_points"; - $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); //* DEBUG */ echo "+".SQL_NUMROWS($result_user).":".$points."+
\n"; if (SQL_NUMROWS($result_user) == 1) { @@ -1080,8 +1075,8 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock list ($ref, $email) = SQL_FETCHROW($result_user); SQL_FREERESULT($result_user); - $result = SQL_QUERY_ESC("SELECT percents FROM "._MYSQL_PREFIX."_refdepths WHERE level='%s' LIMIT 1", - array(bigintval($DEPTH)), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE level='%s' LIMIT 1", + array($percents, $table, bigintval($DEPTH)), __FILE__, __LINE__); //* DEBUG */ echo "DEPTH:".$DEPTH."
\n"; if (SQL_NUMROWS($result) == 1) { list($per) = SQL_FETCHROW($result); @@ -1090,11 +1085,11 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock //* DEBUG */ echo "ADD:".$P."
\n"; // Update points... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=%s LIMIT 1", array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__); if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) { // First ref in this level! :-) - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%s, %s, %s)", array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__); } @@ -1139,7 +1134,7 @@ function UPDATE_REF_COUNTER($uid) if (empty($REF_LVL)) $REF_LVL = "0"; // Update counter - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%d AND level='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%s AND level='%s' LIMIT 1", array(bigintval($uid), $REF_LVL), __FILE__, __LINE__); // When no entry was updated then we have to create it here @@ -1151,7 +1146,7 @@ function UPDATE_REF_COUNTER($uid) } // Check for his referral - $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); list($ref) = SQL_FETCHROW($result); @@ -1211,8 +1206,8 @@ WHERE sid='%s' LIMIT 1", module='%s', action='%s', what='%s', -userid=%d, -refid=%d, +userid=%s, +refid=%s, is_member='%s', is_admin='%s', timestamp=UNIX_TIMESTAMP() @@ -1231,12 +1226,12 @@ WHERE sid='%s' LIMIT 1", else { // No entry does exists so we simply add it! - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s', '%s', '%s', %d, %d, '%s', '%s', UNIX_TIMESTAMP(), '%s', '%s')", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s', '%s', '%s', %s, %s, '%s', '%s', UNIX_TIMESTAMP(), '%s', '%s')", array($mod, $act, $wht, bigintval($uid), bigintval($rid), $MEM, $ADMIN, $SID, getenv('REMOTE_ADDR')), __FILE__, __LINE__); } // Purge old entries - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= (UNIX_TIMESTAMP() - %d)", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= (UNIX_TIMESTAMP() - %s)", array($_CONFIG['online_timeout']), __FILE__, __LINE__); } // OBSULETE: Sends out mail to all administrators @@ -1309,7 +1304,7 @@ function GET_ADMIN_LOGIN($aid) { if (empty($ret)) $ret = "***"; } else { // Load from database - $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array(bigintval($aid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Fetch data @@ -1396,7 +1391,7 @@ function DELETE_USER_ACCOUNT($uid, $reason) FROM "._MYSQL_PREFIX."_user_points AS p LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON p.userid=d.userid -WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__); +WHERE p.userid=%s", array(bigintval($uid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Save his points to add them to the jackpot @@ -1404,7 +1399,7 @@ WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__); SQL_FREERESULT($result); // Delete points entries as well - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d", array(bigintval($uid)), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well if (GET_EXT_VERSION("mediadata") >= "0.0.4") @@ -1418,13 +1413,13 @@ WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__); } // Delete category selections as well... - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); // Remove from rallye if found if (EXT_IS_ACTIVE("rallye")) { - $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%d", + $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); } @@ -1433,7 +1428,7 @@ WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__); SEND_EMAIL($uid, ADMIN_DEL_ACCOUNT, $msg); // Ok, delete the account! - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); } // function META_DESCRIPTION($mod, $wht) @@ -1500,8 +1495,7 @@ function IS_DEMO() { return ((EXT_IS_ACTIVE("demo")) && (get_session('admin_login') == "demo")); } // -function LOAD_CONFIG($no="0") -{ +function LOAD_CONFIG($no="0") { global $cacheArray; $CFG_DUMMY = array(); @@ -1511,7 +1505,7 @@ function LOAD_CONFIG($no="0") //* DEBUG: */ echo gettype($cacheArray['config'][$no])."
\n"; foreach ($cacheArray['config'][$no] as $key=>$value) { $CFG_DUMMY[$key] = $value; - } + } // END - foreach // Count cache hits if exists if ((isset($CFG_DUMMY['cache_hits'])) && (EXT_IS_ACTIVE("cache"))) { @@ -1536,8 +1530,7 @@ function LOAD_CONFIG($no="0") return $CFG_DUMMY; } // Gets the matching what name from module -function GET_WHAT($MOD_CHECK) -{ +function GET_WHAT($MOD_CHECK) { $wht = ""; //* DEBUG: */ echo __LINE__."!".$MOD_CHECK."!
\n"; switch ($MOD_CHECK) @@ -1602,6 +1595,18 @@ function MODULE_HAS_MENU($mod) // Return status return $ret; } +// Subtract points from database and mediadata cache +function SUB_POINTS ($uid, $points) { + // Add points to used points + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%s LIMIT 1", + array($points, bigintval($uid)), __FILE__, __LINE__); + + // Update mediadata as well + if (GET_EXT_VERSION("mediadata") >= "0.0.4") { + // Update database + MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points); + } // END - if +} // ?> diff --git a/inc/pool-update.php b/inc/pool-update.php index d69a008cd0..b42ef49298 100644 --- a/inc/pool-update.php +++ b/inc/pool-update.php @@ -66,7 +66,7 @@ if (SQL_NUMROWS($result_main) > 0) $DATA[7] = COMPILE_CODE($DATA[7]); // Set mail order as "active". That means it will be sent out - $result_active = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='ACTIVE' WHERE id=%d AND data_type='NEW' LIMIT 1", + $result_active = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='ACTIVE' WHERE id=%s AND data_type='NEW' LIMIT 1", array($DATA[0]), __FILE__, __LINE__); if (SQL_AFFECTEDROWS($result_active) == 1) { @@ -93,7 +93,7 @@ if (SQL_NUMROWS($result_main) > 0) foreach ($RECEIVERS as $key=>$uid) { // Lookup user ID - $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); // Is his data available? @@ -107,7 +107,7 @@ if (SQL_NUMROWS($result_main) > 0) SQL_FREERESULT($result_user); // Do we have a stats entry? - $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d AND userid=%d AND timestamp_ordered='%s' LIMIT 1", + $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s AND userid=%s AND timestamp_ordered='%s' LIMIT 1", array($DATA[0], $DATA[1], $DATA[6]), __FILE__, __LINE__); // If there's no stats entry add it! @@ -119,7 +119,7 @@ if (SQL_NUMROWS($result_main) > 0) array(bigintval($DATA[0]), bigintval($DATA[1]), bigintval($DATA[9]), bigintval($DATA[5]), $DATA[2], $DATA[7], $DATA[8], bigintval($DATA[6])), __FILE__, __LINE__); // Receive it's ID for the links table - $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d AND userid=%d AND timestamp_ordered='%s' LIMIT 1", + $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s AND userid=%s AND timestamp_ordered='%s' LIMIT 1", array(bigintval($DATA[0]), bigintval($DATA[1]), bigintval($DATA[6])), __FILE__, __LINE__); } @@ -148,13 +148,13 @@ if (SQL_NUMROWS($result_main) > 0) SEND_EMAIL($email, $DATA[2], $msg, $HTML); // Count sent mails... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_sent=emails_sent+1 WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_sent=emails_sent+1 WHERE userid=%s LIMIT 1", array(bigintval($DATA[1])), __FILE__, __LINE__); if (GET_EXT_VERSION("user") >= "0.1.4") { // Update mails received for receiver - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); } @@ -187,7 +187,7 @@ if (SQL_NUMROWS($result_main) > 0) SEND_ADMIN_NOTIFICATION(ADMIN_SUBJ_SEND_DONE, "done-admin", $DATA[3], $uid); // Get sender's data - $result_sender = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_sender = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($DATA[1])), __FILE__, __LINE__); if (SQL_NUMROWS($result_sender) == 1) { @@ -201,11 +201,11 @@ if (SQL_NUMROWS($result_main) > 0) } // Set status to SEND because we completely send it away - $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND', target_send='0', receivers='' WHERE id=%d LIMIT 1", + $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND', target_send='0', receivers='' WHERE id=%s LIMIT 1", array(bigintval($DATA[0])), __FILE__, __LINE__); // Update send-completed-time - $result_user = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET timestamp_send=UNIX_TIMESTAMP() WHERE pool_id=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET timestamp_send=UNIX_TIMESTAMP() WHERE pool_id=%s LIMIT 1", array(bigintval($DATA[0])), __FILE__, __LINE__); $LAST_SENT_ID = $DATA[0]; $cnt = "0"; @@ -228,7 +228,7 @@ if (SQL_NUMROWS($result_main) > 0) // There are some mails left to send for next round, so we reset the status back to NEW (=still not fully delivered) $ADD = ""; if ($cnt <= $DATA[8]) $ADD = ", target_send=target_send-".$cnt; - $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW', receivers='%s'".$ADD." WHERE id=%d LIMIT 1", + $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW', receivers='%s'".$ADD." WHERE id=%s LIMIT 1", array(implode(";", $dummy), bigintval($DATA[0])), __FILE__, __LINE__); //* DEBUG: */ echo"*EXIT/L:".__LINE__."*
"; @@ -241,7 +241,7 @@ if (SQL_NUMROWS($result_main) > 0) if (($RECEIVERS[0] == "0") || (empty($RECEIVERS[0]))) { // List was empty - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND' WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND' WHERE id=%s LIMIT 1", array(bigintval($DATA[0])), __FILE__, __LINE__); } else @@ -250,7 +250,7 @@ if (SQL_NUMROWS($result_main) > 0) { // User does not exists, pay points back $points = GET_PAY_POINTS($DATA[5]); - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1", array($points, bigintval($DATA[1])), __FILE__, __LINE__); // Update mediadata as well @@ -270,7 +270,7 @@ if (SQL_NUMROWS($result_main) > 0) unset($dummy[$key]); // Update receivers - $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET receivers='%s' WHERE id=%d LIMIT 1", + $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET receivers='%s' WHERE id=%s LIMIT 1", array(implode(";", $dummy), bigintval($DATA[0])), __FILE__, __LINE__); } } @@ -284,7 +284,7 @@ if (SQL_NUMROWS($result_main) > 0) if (($PB > 0) && ($uid > 0)) { // We have to pay back some points to the sender (we add them directly :-P) - $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); $DATA[10] = $PB; $DATA[11] = $cnt_back[$uid]; if (SQL_NUMROWS($result) == 1) @@ -339,7 +339,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send']))) $DATA[8] = COMPILE_CODE($DATA[8]); // Message is active in queue - $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='QUEUE' WHERE id=%d LIMIT 1", + $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='QUEUE' WHERE id=%s LIMIT 1", array(bigintval($DATA[0])), __FILE__, __LINE__); // "Explode" all receivers into an array @@ -366,7 +366,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send']))) { // Load personal data //* DEBUG: */ echo "*L:".__LINE__."/".$uid."*
"; - $result_user = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); // Is his data available? @@ -391,7 +391,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send']))) if (GET_EXT_VERSION("user") >= "0.1.4") { // Update mails received for receiver - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); } @@ -424,7 +424,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send']))) if (SELECTION_COUNT($dummy) == 0) { // Queue reached! - $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='SEND', target_send='0', receivers='' WHERE id=%d LIMIT 1", + $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='SEND', target_send='0', receivers='' WHERE id=%s LIMIT 1", array(bigintval($DATA[0])), __FILE__, __LINE__); //* DEBUG: */ echo "*L:".__LINE__."*
"; @@ -439,7 +439,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send']))) elseif ($cnt >= $_CONFIG['max_send']) { // Update bonus pool - $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='NEW', target_send=%d, receivers='%s' WHERE id=%d LIMIT 1", + $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='NEW', target_send=%s, receivers='%s' WHERE id=%s LIMIT 1", array(SELECTION_COUNT($dummy), implode(";", $dummy), bigintval($DATA[0])), __FILE__, __LINE__); //* DEBUG: */ echo "*L:".__LINE__."
";
 				//* DEBUG: */ print_r($dummy);
diff --git a/inc/profile-updte.php b/inc/profile-updte.php
index 24b0319862..565b24cbfc 100644
--- a/inc/profile-updte.php
+++ b/inc/profile-updte.php
@@ -72,7 +72,7 @@ if (($_CONFIG['send_prof_update'] == "Y") && ($_CONFIG['profile_update'] > 0) &&
 			SEND_EMAIL($DATA[1], PROFILE_OUTDATED, $msg);
 
 			// Update profile data
-			$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_profile_sent=UNIX_TIMESTAMP(), notified='Y' WHERE userid=%d LIMIT 1",
+			$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_profile_sent=UNIX_TIMESTAMP(), notified='Y' WHERE userid=%s LIMIT 1",
 			 array(bigintval($DATA[0])), __FILE__, __LINE__);
 		}
 	}
diff --git a/inc/reset/reset_beg.php b/inc/reset/reset_beg.php
index 062b602a5d..e8fb34aecb 100644
--- a/inc/reset/reset_beg.php
+++ b/inc/reset/reset_beg.php
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
 
 // Reset accounts
 $result = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=0.00000 WHERE beg_points > 0",
diff --git a/inc/reset/reset_bonus.php b/inc/reset/reset_bonus.php
index 58a25db0ed..98c2ab506d 100644
--- a/inc/reset/reset_bonus.php
+++ b/inc/reset/reset_bonus.php
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
 
 // Reset accounts
 $result = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=0, login_bonus=0, bonus_order=0, bonus_stats=0, bonus_ref=0",
diff --git a/inc/reset/reset_daily.php b/inc/reset/reset_daily.php
index a02548c322..9df8158716 100644
--- a/inc/reset/reset_daily.php
+++ b/inc/reset/reset_daily.php
@@ -56,7 +56,7 @@ if (SQL_NUMROWS($result_daily) > 0)
 	while (list($uid) = SQL_FETCHROW($result_daily))
 	{
 		$result_points = SQL_QUERY_ESC("SELECT ref_depth, locked_points FROM "._MYSQL_PREFIX."_user_points
-WHERE userid=%d AND locked_points != 0.00000 ORDER BY ref_depth",
+WHERE userid=%s AND locked_points != 0.00000 ORDER BY ref_depth",
 		 array(bigintval($uid)), __FILE__, __LINE__);
 		if (SQL_NUMROWS($result_points) > 0)
 		{
@@ -64,7 +64,7 @@ WHERE userid=%d AND locked_points != 0.00000 ORDER BY ref_depth",
 			while (list($dep, $locked) = SQL_FETCHROW($result_points))
 			{
 				$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s, locked_points=0.00000
-WHERE userid=%d AND ref_depth=%d LIMIT 1",
+WHERE userid=%s AND ref_depth=%s LIMIT 1",
 				 array($locked, bigintval($uid), $dep), __FILE__, __LINE__);
 
 				// Update mediadata as well
diff --git a/inc/reset/reset_engine.php b/inc/reset/reset_engine.php
index f093bf6277..fdc3192366 100644
--- a/inc/reset/reset_engine.php
+++ b/inc/reset/reset_engine.php
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
 
 //
 ?>
diff --git a/inc/reset/reset_holiday.php b/inc/reset/reset_holiday.php
index d0e7c45d99..93397faf1a 100644
--- a/inc/reset/reset_holiday.php
+++ b/inc/reset/reset_holiday.php
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || ((!defined('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET"))) return;
+if (($CSS == 1) || ((!isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET"))) return;
 
 // Check for holidays we need to enable and send email to user
 $result_main = SQL_QUERY("SELECT userid, holiday_activated FROM "._MYSQL_PREFIX."_user_data
@@ -57,7 +57,7 @@ if (SQL_NUMROWS($result_main) > 0)
 	{
 		// Check if his holiday can be activated
 		$result_holiday = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d AND holiday_start <= ".time()." AND holiday_end > ".time()." LIMIT 1",
+WHERE userid=%s AND holiday_start <= ".time()." AND holiday_end > ".time()." LIMIT 1",
  array(bigintval($uid)), __FILE__, __LINE__);
 		if (SQL_NUMROWS($result_holiday) == 1)
 		{
@@ -77,7 +77,7 @@ WHERE userid=%d AND holiday_start <= ".time()." AND holiday_end > ".time()." LIM
 
 			// Update account
 			$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET holiday_active='Y'
-WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
 		}
 
 		// Free memory
diff --git a/inc/session.php b/inc/session.php
index 6999d8c9d7..af8eb7c050 100644
--- a/inc/session.php
+++ b/inc/session.php
@@ -85,6 +85,18 @@ if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_sessi
 	set_session("refid", $GLOBALS['refid']);
 }
 
+// Transfer userid from session and validate it
+if (isset($_SESSION['userid'])) {
+	// Get it secured from session
+	$GLOBALS['userid'] = bigintval($_SESSION['userid']);
+
+	// Is it valid?
+	if (!IS_LOGGED_IN()) {
+		// Then destroy the user id
+		destroy_user_session();
+	} // END - if
+}
+
 // Test session if index.php or modules.php is loaded
 if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (isBooleanConstantAndTrue('mxchange_installing'))) {
 	if (count($_SESSION) > 0) {
diff --git a/inc/stats_bonus.php b/inc/stats_bonus.php
index 05baaceaed..48492c69f0 100644
--- a/inc/stats_bonus.php
+++ b/inc/stats_bonus.php
@@ -53,7 +53,7 @@ if (SQL_NUMROWS($result_bonus) > 0)
 	while(list($id, $uid, $subj, $stamp, $clicks, $url) = SQL_FETCHROW($result_bonus))
 	{
 		// Add points
-		$result_points = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_stats=bonus_stats+%s WHERE userid=%d LIMIT 1",
+		$result_points = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_stats=bonus_stats+%s WHERE userid=%s LIMIT 1",
 		 array($_CONFIG['bonus_stats'], bigintval($uid)), __FILE__, __LINE__);
 
 		// Prepare array
@@ -69,7 +69,7 @@ if (SQL_NUMROWS($result_bonus) > 0)
 		SEND_EMAIL($uid, BONUS_MEMBER_STATS_SUBJECT, $msg);
 
 		// Update database
-		$result_update =  SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET bonus_stats='Y' WHERE id=%d LIMIT 1",
+		$result_update =  SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET bonus_stats='Y' WHERE id=%s LIMIT 1",
 		 array(bigintval($id)), __FILE__, __LINE__);
 	}
 
diff --git a/inc/theme-manager.php b/inc/theme-manager.php
index a0145518ab..5a3f843988 100644
--- a/inc/theme-manager.php
+++ b/inc/theme-manager.php
@@ -94,8 +94,7 @@ function GET_CURR_THEME() {
 	return $ret;
 }
 
-function THEME_SELECTION_BOX($mod, $act, $wht, $result)
-{
+function THEME_SELECTION_BOX($mod, $act, $wht, $result) {
 	// Construction URL
 	global $currTheme;
 	$FORM = URL."/modules.php?module=".$mod;
@@ -110,30 +109,27 @@ function THEME_SELECTION_BOX($mod, $act, $wht, $result)
 	);
 
 	// Load all themes
-	while(list($theme) = SQL_FETCHROW($result))
-	{
+	while(list($theme) = SQL_FETCHROW($result)) {
 		// Load it's theme.php file
-		$INC = PATH."theme/".$theme."/theme.php";
-		if (file_exists($INC))
-		{
+		$INC = sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($theme));
+		if ((file_exists($INC)) && (is_readable($INC))) {
 			// And save all data in array
-			include($INC);
+			require($INC);
 			$THEMES['theme_unix'][] = $theme;
 			$THEMES['theme_name'][] = $THEME_NAME;
-		}
-	}
+		} // END - if
+	} // END - while
 
 	// Sort whole array by title
 	array_pk_sort($THEMES, array("theme_name"));
 
 	// Construct selection form for the box template
 	$OUT = "";
-	foreach ($THEMES['theme_unix'] as $key=>$theme)
-	{
+	foreach ($THEMES['theme_unix'] as $key => $theme) {
 		$OUT .= "