From d1637dad0b2ca0e5fb411ee0843f01bfb4cc94e0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sat, 10 Oct 2009 23:21:15 +0000 Subject: [PATCH] Ref link fixed, nickname fixed, several rewrites, TODOs.txt updated: - Reflink should now work again with nicknames, rewritten to use NICKNAME_GET_NICK() - Above function fixed (may be now better) - Several rewrites of SQL_FETCHROW() to SQL_FETCHARRAY() (internal TODO) - Several constants rewritten to $content (internal TODO) - TODOs.txt updated --- DOCS/TODOs.txt | 46 ++-- inc/extensions/ext-nickname.php | 6 +- inc/filters.php | 6 +- inc/functions.php | 15 +- inc/gen_sql_patches.php | 10 +- inc/language/nickname_de.php | 2 +- inc/libs/nickname_functions.php | 35 +-- inc/libs/rallye_functions.php | 4 +- inc/libs/user_functions.php | 216 +++++++++--------- inc/modules/guest/what-rallyes.php | 4 +- inc/modules/guest/what-sponsor_reg.php | 2 +- inc/modules/member/what-beg.php | 16 +- inc/modules/member/what-holiday.php | 161 ++++++++----- inc/modules/member/what-html_mail.php | 31 ++- inc/modules/member/what-newsletter.php | 6 +- inc/modules/member/what-nickname.php | 12 +- inc/modules/member/what-order.php | 22 +- inc/modules/member/what-points.php | 4 +- inc/modules/member/what-primera.php | 2 +- inc/modules/member/what-rallyes.php | 57 +++-- inc/modules/member/what-reflinks.php | 39 ++-- inc/modules/member/what-stats.php | 41 ++-- inc/modules/member/what-wernis.php | 2 +- inc/mysql-manager.php | 4 +- ref.php | 30 ++- templates/de/emails/confirm-member.tpl | 2 +- templates/de/html/admin/admin_add_sponsor.tpl | 12 +- .../de/html/admin/admin_config_nickname.tpl | 6 +- templates/de/html/guest/guest_sponsor_reg.tpl | 12 +- .../html/member/member_html_mail_settings.tpl | 4 +- .../de/html/member/member_nickname_form.tpl | 4 +- .../de/html/member/member_reflinks_row.tpl | 10 +- .../de/html/sponsor/sponsor_settings_form.tpl | 12 +- 33 files changed, 456 insertions(+), 379 deletions(-) diff --git a/DOCS/TODOs.txt b/DOCS/TODOs.txt index 79e5a0bf68..9ad658e28c 100644 --- a/DOCS/TODOs.txt +++ b/DOCS/TODOs.txt @@ -14,22 +14,22 @@ ./inc/extensions.php:427: // @TODO Extension is loaded, what next? ./inc/fix_filters.php:71: // @TODO Why does this happen? In installation phase of sql_patches? ./inc/footer.php:50: // @TODO Rewrite these all into filters -./inc/functions.php:1238: // @TODO Rewrite this unnice code -./inc/functions.php:1299: // @TODO Remove this if() block if all is working fine -./inc/functions.php:1599: // @TODO This can be, somehow, rewritten +./inc/functions.php:1247: // @TODO Rewrite this unnice code +./inc/functions.php:1308: // @TODO Remove this if() block if all is working fine +./inc/functions.php:1608: // @TODO This can be, somehow, rewritten ./inc/functions.php:214: // @TODO Remove this sanity-check if all is fine -./inc/functions.php:2405: // @TODO The status should never be empty -./inc/functions.php:2496: // @TODO shouldn't do the unset and the reloading $GLOBALS['cache_instance']->destroyCacheFile() Or a new methode like forceCacheReload('revision')? -./inc/functions.php:253: // @TODO Find all templates which are using these direct variables and rewrite them. -./inc/functions.php:254: // @TODO After this step is done, this else-block is history -./inc/functions.php:2559:// @TODO Please describe this function -./inc/functions.php:2577: searchDirsRecursive($next_dir, $last_changed); // @TODO small change to API to $last_changed = searchDirsRecursive($next_dir, $time); -./inc/functions.php:2660: // @TODO Add a little more infos here -./inc/functions.php:2671: // @TODO This cannot be rewritten to app_die(), try to find a solution for this. -./inc/functions.php:2829: // @TODO Are these convertions still required? -./inc/functions.php:2847:// @TODO Rewrite this function to use readFromFile() and writeToFile() -./inc/functions.php:398: // @TODO Extension 'msg' does not exist -./inc/functions.php:477:// @TODO Rewrite this to an extension 'smtp' +./inc/functions.php:2414: // @TODO The status should never be empty +./inc/functions.php:2505: // @TODO shouldn't do the unset and the reloading $GLOBALS['cache_instance']->destroyCacheFile() Or a new methode like forceCacheReload('revision')? +./inc/functions.php:250: // @TODO Find all templates which are using these direct variables and rewrite them. +./inc/functions.php:251: // @TODO After this step is done, this else-block is history +./inc/functions.php:2568:// @TODO Please describe this function +./inc/functions.php:2586: searchDirsRecursive($next_dir, $last_changed); // @TODO small change to API to $last_changed = searchDirsRecursive($next_dir, $time); +./inc/functions.php:2669: // @TODO Add a little more infos here +./inc/functions.php:2680: // @TODO This cannot be rewritten to app_die(), try to find a solution for this. +./inc/functions.php:2838: // @TODO Are these convertions still required? +./inc/functions.php:2856:// @TODO Rewrite this function to use readFromFile() and writeToFile() +./inc/functions.php:395: // @TODO Extension 'msg' does not exist +./inc/functions.php:474:// @TODO Rewrite this to an extension 'smtp' ./inc/install-inc.php:20: * @TODO Rewrite all constants in this include file * ./inc/language/de.php:1160:// @TODO Rewrite these two constants ./inc/language/de.php:1176:// @TODO Rewrite these five constants @@ -52,9 +52,9 @@ ./inc/libs/surfbar_functions.php:955: // @TODO Invalid salt should be refused ./inc/libs/task_functions.php:261: // @TODO These can be rewritten to filter ./inc/libs/task_functions.php:53:// @TODO Move all extension-dependent queries into filters -./inc/libs/user_functions.php:315: // @TODO Make this filter working: $ADDON = runFilterChain('post_login_update', $content); -./inc/libs/user_functions.php:340: // @TODO Make this filter working: $URL = runFilterChain('do_login', array('content' => $content, 'addon' => $ADDON)); -./inc/libs/user_functions.php:381: // @TODO Can this query be merged with above query? +./inc/libs/user_functions.php:315: // @TODO Make this filter working: $ADDON = runFilterChain('post_login_update', $content); +./inc/libs/user_functions.php:340: // @TODO Make this filter working: $URL = runFilterChain('do_login', array('content' => $content, 'addon' => $ADDON)); +./inc/libs/user_functions.php:381: // @TODO Can this query be merged with above query? ./inc/libs/yoomedia_functions.php:65: $response = YOOMEDIA_QUERY_API('out_textmail.php', true); // @TODO Ask Yoo!Media for test script ./inc/load_config.php:77: // @TODO Rewrite them to avoid this else block ./inc/load_extensions.php:13: * @TODO Rewrite this whole file to load_cache-extensions.php * @@ -195,7 +195,6 @@ ./inc/modules/member/what-categories.php:112: // @TODO Rewrite this to use $OUT .= ... ./inc/modules/member/what-doubler.php:54:// @TODO Rewrite these all constants ./inc/modules/member/what-mydata.php:53:// @TODO Try to rewrite this constant -./inc/modules/member/what-nickname.php:87: // @TODO Rewrite this constant ./inc/modules/member/what-order.php:444: // @TODO Rewrite this to a filter ./inc/modules/member/what-order.php:543: // @TODO Rewrite this old lost code to a template ./inc/modules/member/what-payout.php:132: // @TODO Rewritings: acc->target_account,bank->target_bank in templates @@ -204,7 +203,6 @@ ./inc/modules/member/what-payout.php:190: // @TODO Rewrite this constant ./inc/modules/member/what-payout.php:235: // @TODO Rewrite this to a filter ./inc/modules/member/what-points.php:54:// @TODO Should we rewrite this to a filter? -./inc/modules/member/what-reflinks.php:105: // @TODO Rewritings: alt->alternate,cnt->counter,cks->clicks,uid->userid in template ./inc/modules/member/what-transfer.php:115: // @TODO Rewrite all these constants to array elements ./inc/modules/member/what-transfer.php:246: // @TODO Try to rewrite his to $content = SQL_FETCHARRAY(), see some lines above for two different queries ./inc/modules/member/what-transfer.php:308: // @TODO Rewrite these constants @@ -218,8 +216,8 @@ ./inc/mysql-manager.php:1575: // @TODO Try to rewrite this to $content = SQL_FETCHARRAY() ./inc/mysql-manager.php:1618: // @TODO Rewrite this to a filter ./inc/mysql-manager.php:1785: // @TODO Rewrite this to a filter -./inc/mysql-manager.php:1813: // @TODO Find a way for updating $_CONFIG here -./inc/mysql-manager.php:1837: // @TODO Find a way for updating $_CONFIG here +./inc/mysql-manager.php:1813: // @TODO Find a way for updating configuration here +./inc/mysql-manager.php:1837: // @TODO Find a way for updating configuration here ./inc/mysql-manager.php:1860:// @TODO Can this be rewritten to a filter? ./inc/mysql-manager.php:1925: // @TODO Rewrite this to $content = SQL_FETCHARRAY() ./inc/mysql-manager.php:212: // @TODO Nothing helped??? @@ -243,7 +241,7 @@ ./show_bonus.php:108: // @TODO Rewrite this constant ./view.php:72: // @TODO No banner found, output some default banner ### ### DEPRECATION FOLLOWS: ### ### -./inc/functions.php:238: // @DEPRECATED Try to rewrite the if() condition -./inc/functions.php:252: // @DEPRECATED +./inc/functions.php:235: // @DEPRECATED Try to rewrite the if() condition +./inc/functions.php:249: // @DEPRECATED ./inc/language-functions.php:55: // @DEPRECATED Language array element found in BIG_LETTERS ./inc/language-functions.php:58: // @DEPRECATED Deprecated constant found diff --git a/inc/extensions/ext-nickname.php b/inc/extensions/ext-nickname.php index 54040ee1bd..7b6c96c7b7 100644 --- a/inc/extensions/ext-nickname.php +++ b/inc/extensions/ext-nickname.php @@ -103,9 +103,9 @@ switch ($EXT_LOAD_MODE) break; case '0.0.6': // SQL queries for v0.0.6 - ADD_EXT_SQL("ALTER TABLE `{!_MYSQL_PREFIX!}_config` ADD nickname_len TINYINT(3) UNSIGNED NOT NULL DEFAULT '5'"); - ADD_EXT_SQL("ALTER TABLE `{!_MYSQL_PREFIX!}_config` ADD nickname_pattern VARCHAR(255) NOT NULL DEFAULT 'a-zA-Z0-9_'"); - ADD_EXT_SQL("ALTER TABLE `{!_MYSQL_PREFIX!}_config` ADD nickname_chars VARCHAR(255) NOT NULL DEFAULT 'a-z, A-Z, 0-9, _'"); + ADD_EXT_SQL("ALTER TABLE `{!_MYSQL_PREFIX!}_config` ADD `nickname_len` TINYINT(3) UNSIGNED NOT NULL DEFAULT '5'"); + ADD_EXT_SQL("ALTER TABLE `{!_MYSQL_PREFIX!}_config` ADD `nickname_pattern` VARCHAR(255) NOT NULL DEFAULT 'a-zA-Z0-9_'"); + ADD_EXT_SQL("ALTER TABLE `{!_MYSQL_PREFIX!}_config` ADD `nickname_chars` VARCHAR(255) NOT NULL DEFAULT 'a-z, A-Z, 0-9, _'"); ADD_EXT_SQL("INSERT INTO `{!_MYSQL_PREFIX!}_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('setup','config_nickname','Nicknamen','Stellen Sie minimale Nicknamenlänge, sowie erlaubte Zeichen hier ein.', 12)"); // Update notes (these will be set as task text!) diff --git a/inc/filters.php b/inc/filters.php index db886a0d65..b178483474 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -591,8 +591,10 @@ function FILTER_DETERMINE_USERNAME () { array(getUserId()), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load surname and family's name and build the username - list($s, $f) = SQL_FETCHROW($result); - $username = $s . ' ' . $f; + $content = SQL_FETCHARRAY($result); + + // Prepare username + $username = $content['surname'] . ' ' . $content['family']; // Additionally admin? if (IS_ADMIN()) { diff --git a/inc/functions.php b/inc/functions.php index fa2b69e694..c2ea17cec2 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -217,9 +217,6 @@ function LOAD_TEMPLATE ($template, $return=false, $content=array()) { // Add more variables which you want to use in your template files global $DATA, $username; - // Get whole config array - $_CONFIG = getConfigArray(); - // Make all template names lowercase $template = strtolower($template); @@ -1014,6 +1011,18 @@ function COMPILE_CODE ($code, $simple = false, $constants = true, $full = true) // But shall I keep simple quotes for later use? if ($simple) $code = str_replace("'", '{QUOT}', $code); + // Compile {?some_var?} to getConfig('some_var') + preg_match_all('/\{\?(([a-zA-Z0-9-_]+)*)\?\}/', $code, $matches); + + // Some entries found? + if ((count($matches) > 0) && (count($matches[0]) > 0)) { + // Replace all matches + foreach ($matches[0] as $key => $match) { + // Replace it + $code = str_replace($matches[0], getConfig($matches[1][$key]), $code); + } // END - foreach + } // END - if + // Find $content[bla][blub] entries preg_match_all('/\$(content|DATA)((\[([a-zA-Z0-9-_]+)\])*)/', $code, $matches); diff --git a/inc/gen_sql_patches.php b/inc/gen_sql_patches.php index e2b45f2eab..8a8797dcaf 100644 --- a/inc/gen_sql_patches.php +++ b/inc/gen_sql_patches.php @@ -63,11 +63,11 @@ if (getConfig('pass_scramble') == '') { if (getConfig('master_salt') == '') { // Generate the master salt which is the first chars minus 40 chars of this random hash // We do an extra scrambling here... - $masterSalt = scrambleString(substr(sha1(generatePassword(mt_rand(128, 256))), 0, -40)); + $masterSalt = scrambleString(sha1(generatePassword(mt_rand(128, 256)))); // ... and store it there for future usage - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_config` SET master_salt='%s' WHERE config=0 LIMIT 1", - array($masterSalt), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_config` SET `master_salt`='%s' WHERE config=0 LIMIT 1", + array($masterSalt), __FILE__, __LINE__); // Also remember it in config setConfigEntry('master_salt', $masterSalt); @@ -78,8 +78,8 @@ if (getConfig('file_hash') == '') { // Create filename from hashed random string $fileHash = sha1(generatePassword(mt_rand(128, 256))); $FQFN = sprintf("%sinc/.secret/.%s", - constant('PATH'), - $fileHash + constant('PATH'), + $fileHash ); // Count of chars to be taken from back of the string diff --git a/inc/language/nickname_de.php b/inc/language/nickname_de.php index 2fa12e465c..e4ccc8424a 100644 --- a/inc/language/nickname_de.php +++ b/inc/language/nickname_de.php @@ -44,7 +44,7 @@ if (!defined('__SECURITY')) { // Language definitions define('NICKNAME_CHANGE_NICKNAME_TITLE', "Einstellen Ihres Nicknames"); -define('NICKNAME_CHANGE_NICKNAME_INTRO', "Stellen Sie hier einen Nicknamen ein, der anstelle Ihrer User-ID angezeigt wird! Dieser darf nur unten aufgeführte Zeichen enthalten und sollte nicht kürzer als {!__NICKNAME_LENGTH!} Zeichen sein."); +define('NICKNAME_CHANGE_NICKNAME_INTRO', "Stellen Sie hier einen Nicknamen ein, der anstelle Ihrer User-ID angezeigt wird! Dieser darf nur unten aufgeführte Zeichen enthalten und sollte nicht kürzer als ".getConfig('nickname_len')." Zeichen sein."); define('NICKNAME_ENTER_NICKNAME', "Nickname eingeben"); define('NICKNAME_SUBMIT', "Nickname ändern"); define('NICKNAME_ALREADY_IN_USE', "Der von Ihnen eingegebene Nickname wird bereits verwendet!"); diff --git a/inc/libs/nickname_functions.php b/inc/libs/nickname_functions.php index 3304c01074..766bd54cfe 100644 --- a/inc/libs/nickname_functions.php +++ b/inc/libs/nickname_functions.php @@ -58,8 +58,11 @@ function NICKNAME_IS_ACTIVE ($uidNick) { // Nickname or userid used? $nick = NICKNAME_GET_NICK($uidNick); + // Check for nickname + $ret = ($nick != $uidNick); + // Put it in cache - $GLOBALS['cache_array']['nick_active'][$uidNick] = (!empty($nick)); + $GLOBALS['cache_array']['nick_active'][$uidNick] = $ret; } // Return nickname @@ -85,25 +88,27 @@ function NICKNAME_GET_NICK ($userid) { // Nickname or userid used? if (''.round($userid).'' === ''.$userid.'') { // Userid given - $result = SQL_QUERY_ESC("SELECT `userid` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid` =%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT `nickname` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid` =%s LIMIT 1", array(bigintval($userid)), __FUNCTION__, __LINE__); - } else { - // Nickname given - $result = SQL_QUERY_ESC("SELECT `userid` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `nickname`='%s' LIMIT 1", - array($userid), __FUNCTION__, __LINE__); - } - // Found? - if (SQL_NUMROWS($result) == 1) { - // Load nickname from database - list($ret) = SQL_FETCHROW($result); + // Found? + if (SQL_NUMROWS($result) == 1) { + // Load nickname from database + list($ret) = SQL_FETCHROW($result); + + // Put it in cche + $GLOBALS['cache_array']['nicknames'][$userid] = $ret; + } // END - if + + // Free result + SQL_FREERESULT($result); + } else { + // Direct nickname found! + $ret = $userid; // Put it in cche $GLOBALS['cache_array']['nicknames'][$userid] = $ret; - } // END - if - - // Free result - SQL_FREERESULT($result); + } } // Return nickname diff --git a/inc/libs/rallye_functions.php b/inc/libs/rallye_functions.php index 9a7fac9ebe..c1e37c5812 100644 --- a/inc/libs/rallye_functions.php +++ b/inc/libs/rallye_functions.php @@ -99,7 +99,7 @@ WHERE d.`status`='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND list($cpoints) = SQL_FETCHROW($result_ref); SQL_FREERESULT($result_ref); - if (empty($cpoints)) $cpoints = "0.00000"; + if (empty($cpoints)) $cpoints = '0.00000'; // Add info line SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_users` (rallye_id, userid, refs, curr_points) @@ -495,7 +495,7 @@ function RALLYE_LOAD_PRICES_ARRAY ($rallye) { // function RALLYE_LOAD_USERS_ARRAY ($rallye) { // Fix zero points to 0.00000 - if (getConfig('ref_payout') == '0') setConfigEntry('ref_payout', "0.00000"); + if (getConfig('ref_payout') == '0') setConfigEntry('ref_payout', '0.00000'); // Init multi array $users = array( diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php index cfb52655e3..194314edb1 100644 --- a/inc/libs/user_functions.php +++ b/inc/libs/user_functions.php @@ -275,134 +275,134 @@ function USER_DO_LOGIN ($uid, $passwd, $successUrl = '') { 'last_online' => 0, 'last_login' => 0, 'hash' => '' - ); + ); - // Check login data - if ((EXT_IS_ACTIVE('nickname')) && (NICKNAME_IS_ACTIVE($uid))) { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT `userid`, `password`, `last_online`" . $lastOnline . " FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `nickname`='%s' AND `status`='CONFIRMED' LIMIT 1", - array($uid), __FUNCTION__, __LINE__); + // Check login data + if ((EXT_IS_ACTIVE('nickname')) && (NICKNAME_IS_ACTIVE($uid))) { + // Nickname entered + $result = SQL_QUERY_ESC("SELECT `userid`, `password`, `last_online`" . $lastOnline . " FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `nickname`='%s' AND `status`='CONFIRMED' LIMIT 1", + array($uid), __FUNCTION__, __LINE__); + } else { + // Direct userid entered + $result = SQL_QUERY_ESC("SELECT `userid`, `password`, `last_online`" . $lastOnline . " FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s AND `status`='CONFIRMED' LIMIT 1", + array($uid, $content['hash']), __FUNCTION__, __LINE__); + } + + // Load entry + $content = SQL_FETCHARRAY($result); + if (!empty($content['userid'])) $uid = bigintval($content['userid']); + + // Is there an entry? + if ((SQL_NUMROWS($result) == 1) && ((isNicknameUsed($content['userid'] === true) && (!empty($content['userid']))) || ($content['userid'] == $uid))) { + // Free result + SQL_FREERESULT($result); + + // Check for old MD5 passwords + if ((strlen($content['password']) == 32) && (md5($passwd) == $content['password'])) { + // Just set the hash to the password from DB... :) + $content['hash'] = $content['password']; } else { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT `userid`, `password`, `last_online`" . $lastOnline . " FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s AND `status`='CONFIRMED' LIMIT 1", - array($uid, $content['hash']), __FUNCTION__, __LINE__); + // Hash password with improved way for comparsion + $content['hash'] = generateHash($passwd, substr($content['password'], 0, -40)); } - // Load entry - $content = SQL_FETCHARRAY($result); - if (!empty($content['userid'])) $uid = bigintval($content['userid']); + // Does the password match the hash? + if ($content['hash'] == $content['password']) { + // New hashed password found so let's generate a new one + $content['hash'] = generateHash($passwd); + + // ... and update database + // @TODO Make this filter working: $ADDON = runFilterChain('post_login_update', $content); + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `password`='%s' WHERE `userid`=%s AND `status`='CONFIRMED' LIMIT 1", + array($content['hash'], $uid), __FUNCTION__, __LINE__); + + // No login bonus by default + $GLOBALS['bonus_payed'] = false; + + // Probe for last online timemark + $probe = time() - $content['last_online']; + if (!empty($content['last_login'])) $probe = time() - $content['last_login']; + if ((GET_EXT_VERSION('bonus') >= '0.2.2') && ($probe >= getConfig('login_timeout'))) { + // Add login bonus to user's account + $add = sprintf(", `login_bonus`=`login_bonus`+%s", + (float)getConfig('login_bonus') + ); + $GLOBALS['bonus_payed'] = true; + + // Subtract login bonus from userid's account or jackpot + if ((GET_EXT_VERSION('bonus') >= '0.3.5') && (getConfig('bonus_mode') != 'ADD')) BONUS_POINTS_HANDLER('login_bonus'); + } // END - if - // Is there an entry? - if ((SQL_NUMROWS($result) == 1) && ((isNicknameUsed($content['userid'] === true) && (!empty($content['userid']))) || ($content['userid'] == $uid))) { - // Free result - SQL_FREERESULT($result); + // Calculate new hash with the secret key and master salt together + $content['hash'] = generatePassString($content['hash']); - // Check for old MD5 passwords - if ((strlen($content['password']) == 32) && (md5($passwd) == $content['password'])) { - // Just set the hash to the password from DB... :) - $content['hash'] = $content['password']; - } else { - // Hash password with improved way for comparsion - $content['hash'] = generateHash($passwd, substr($content['password'], 0, -40)); - } + // Update global array + // @TODO Make this filter working: $URL = runFilterChain('do_login', array('content' => $content, 'addon' => $ADDON)); + setUserId($uid); - // Does the password match the hash? - if ($content['hash'] == $content['password']) { - // New hashed password found so let's generate a new one - $content['hash'] = generateHash($passwd); - - // ... and update database - // @TODO Make this filter working: $ADDON = runFilterChain('post_login_update', $content); - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `password`='%s' WHERE `userid`=%s AND `status`='CONFIRMED' LIMIT 1", - array($content['hash'], $uid), __FUNCTION__, __LINE__); - - // No login bonus by default - $GLOBALS['bonus_payed'] = false; - - // Probe for last online timemark - $probe = time() - $content['last_online']; - if (!empty($content['last_login'])) $probe = time() - $content['last_login']; - if ((GET_EXT_VERSION('bonus') >= '0.2.2') && ($probe >= getConfig('login_timeout'))) { - // Add login bonus to user's account - $add = sprintf(", `login_bonus`=`login_bonus`+%s", - (float)getConfig('login_bonus') - ); - $GLOBALS['bonus_payed'] = true; - - // Subtract login bonus from userid's account or jackpot - if ((GET_EXT_VERSION('bonus') >= '0.3.5') && (getConfig('bonus_mode') != 'ADD')) BONUS_POINTS_HANDLER('login_bonus'); - } // END - if - - // Calculate new hash with the secret key and master salt together - $content['hash'] = generatePassString($content['hash']); - - // Update global array - // @TODO Make this filter working: $URL = runFilterChain('do_login', array('content' => $content, 'addon' => $ADDON)); - setUserId($uid); - - // Try to set session data (which shall normally always work!) - if ((setSession('userid', $uid )) && (setSession('u_hash', $content['hash']))) { - // Update database records - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `total_logins`=`total_logins`+1" . $add . " WHERE `userid`=%s LIMIT 1", - array($uid), __FUNCTION__, __LINE__); - if (SQL_AFFECTEDROWS() == 1) { - // Is a success URL set? - if (empty($successUrl)) { - // Procedure to checking for login data - if (($GLOBALS['bonus_payed']) && (EXT_IS_ACTIVE('bonus'))) { - // Bonus added (just displaying!) - $URL = 'modules.php?module=chk_login&mode=bonus'; - } else { - // Bonus not added - $URL = 'modules.php?module=chk_login&mode=login'; - } + // Try to set session data (which shall normally always work!) + if ((setSession('userid', $uid )) && (setSession('u_hash', $content['hash']))) { + // Update database records + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `total_logins`=`total_logins`+1" . $add . " WHERE `userid`=%s LIMIT 1", + array($uid), __FUNCTION__, __LINE__); + if (SQL_AFFECTEDROWS() == 1) { + // Is a success URL set? + if (empty($successUrl)) { + // Procedure to checking for login data + if (($GLOBALS['bonus_payed']) && (EXT_IS_ACTIVE('bonus'))) { + // Bonus added (just displaying!) + $URL = 'modules.php?module=chk_login&mode=bonus'; } else { - // Use this URL - $URL = $successUrl; + // Bonus not added + $URL = 'modules.php?module=chk_login&mode=login'; } } else { - // Cannot update counter! - $URL = 'modules.php?module=index&what=login&login='.getCode('CNTR_FAILED'); + // Use this URL + $URL = $successUrl; } } else { - // Cookies not setable! - $URL = 'modules.php?module=index&what=login&login='.getCode('NO_COOKIES'); + // Cannot update counter! + $URL = 'modules.php?module=index&what=login&login='.getCode('CNTR_FAILED'); } - } elseif (GET_EXT_VERSION('sql_patches') >= '0.6.1') { - // Update failture counter - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `userid`=%s LIMIT 1", - array($uid), __FUNCTION__, __LINE__); - - // Wrong password! - $URL = 'modules.php?module=index&what=login&login='.getCode('WRONG_PASS'); - } - } elseif (((isNicknameUsed($content['userid'])) && (!empty($content['userid']))) || ($content['userid'] == $uid)) { - // Other account status? - // @TODO Can this query be merged with above query? - $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1", - array($uid), __FUNCTION__, __LINE__); - - // Entry found? - if (SQL_NUMROWS($result) == 1) { - // Load status - list($status) = SQL_FETCHROW($result); - - // Create an error code from given status - $errorCode = generateErrorCodeFromUserStatus($status); } else { - // ID not found! - $errorCode = getCode('WRONG_ID'); + // Cookies not setable! + $URL = 'modules.php?module=index&what=login&login='.getCode('NO_COOKIES'); } + } elseif (GET_EXT_VERSION('sql_patches') >= '0.6.1') { + // Update failture counter + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `userid`=%s LIMIT 1", + array($uid), __FUNCTION__, __LINE__); - // Construct URL - $URL = 'modules.php?module=index&what=login&login='.$errorCode; + // Wrong password! + $URL = 'modules.php?module=index&what=login&login='.getCode('WRONG_PASS'); + } + } elseif (((isNicknameUsed($content['userid'])) && (!empty($content['userid']))) || ($content['userid'] == $uid)) { + // Other account status? + // @TODO Can this query be merged with above query? + $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1", + array($uid), __FUNCTION__, __LINE__); + + // Entry found? + if (SQL_NUMROWS($result) == 1) { + // Load status + list($status) = SQL_FETCHROW($result); + + // Create an error code from given status + $errorCode = generateErrorCodeFromUserStatus($status); } else { // ID not found! - $URL = 'modules.php?module=index&what=login&login='.getCode('WRONG_ID'); + $errorCode = getCode('WRONG_ID'); } - // Return URL - return $URL; + // Construct URL + $URL = 'modules.php?module=index&what=login&login='.$errorCode; + } else { + // ID not found! + $URL = 'modules.php?module=index&what=login&login='.getCode('WRONG_ID'); + } + + // Return URL + return $URL; } // Try to send a new password for the given user account diff --git a/inc/modules/guest/what-rallyes.php b/inc/modules/guest/what-rallyes.php index fffb7ab638..11489d0b7e 100644 --- a/inc/modules/guest/what-rallyes.php +++ b/inc/modules/guest/what-rallyes.php @@ -93,7 +93,7 @@ if (SQL_NUMROWS($result) == 1) { // Handle description... if ((empty($descr)) && (!empty($templ))) { // Use description from template - define('__RALLYE_DESCR', LOAD_TEMPLATE("rallye_".$templ, true)); + define('__RALLYE_DESCR', LOAD_TEMPLATE('rallye_' . $templ, true)); } else { // Use description from database define('__RALLYE_DESCR', COMPILE_CODE($descr)); @@ -129,5 +129,5 @@ if (SQL_NUMROWS($result) == 1) { // Close the div tag OUTPUT_HTML(''); -// +// [EOF] ?> diff --git a/inc/modules/guest/what-sponsor_reg.php b/inc/modules/guest/what-sponsor_reg.php index 153ae8d427..9e329bba5b 100644 --- a/inc/modules/guest/what-sponsor_reg.php +++ b/inc/modules/guest/what-sponsor_reg.php @@ -215,7 +215,7 @@ WHERE `id`='%s' LIMIT 1", // Add points to array REQUEST_POST('points_amount', $points); - REQUEST_POST('points_used' , "0.00000"); + REQUEST_POST('points_used' , '0.00000'); REQUEST_POST('last_pay' , $pay); REQUEST_POST('last_curr' , $curr); diff --git a/inc/modules/member/what-beg.php b/inc/modules/member/what-beg.php index e0fb928d31..ede146da64 100644 --- a/inc/modules/member/what-beg.php +++ b/inc/modules/member/what-beg.php @@ -51,23 +51,23 @@ if (!defined('__SECURITY')) { ADD_DESCR('member', __FILE__); $uid = getUserId(); -if (EXT_IS_ACTIVE('nickname')) -{ +if (EXT_IS_ACTIVE('nickname')) { // Load nickname $data = 'nickname'; -} -else -{ +} else { // Load userid $data = 'userid'; } // Run SQL command -$result = SQL_QUERY_ESC("SELECT ".$data.", beg_clicks +$result = SQL_QUERY_ESC("SELECT ".$data.", `beg_clicks` FROM `{!_MYSQL_PREFIX!}_user_data` -WHERE userid=%s +WHERE `userid`=%s LIMIT 1", array($uid), __FILE__, __LINE__); + list($uid, $clicks) = SQL_FETCHROW($result); + +// Free result SQL_FREERESULT($result); // Set User-ID when no nickname was found @@ -83,7 +83,7 @@ define('__BEG_TIMEOUT' , createFancyTime(getConfig('beg_timeout'))); define('__BEG_UID_TIMEOUT', createFancyTime(getConfig('beg_uid_timeout'))); // Load template -LOAD_TEMPLATE("member_".substr(basename(__FILE__), 5, -4)); +LOAD_TEMPLATE('member_' . substr(basename(__FILE__), 5, -4)); // ?> diff --git a/inc/modules/member/what-holiday.php b/inc/modules/member/what-holiday.php index 761577cad2..11f17185ff 100644 --- a/inc/modules/member/what-holiday.php +++ b/inc/modules/member/what-holiday.php @@ -47,42 +47,61 @@ if (!defined('__SECURITY')) { return; } +// Init content array +$content = array(); + // Add description as navigation point ADD_DESCR('member', __FILE__); // Check for running mail orders in pool -$result1 = SQL_QUERY_ESC("SELECT timestamp FROM `{!_MYSQL_PREFIX!}_pool` -WHERE sender=%s ORDER BY timestamp DESC LIMIT 1", array(getUserId()), __FILE__, __LINE__); +$result1 = SQL_QUERY_ESC("SELECT + `timestamp` +FROM + `{!_MYSQL_PREFIX!}_pool` +WHERE + `sender`=%s +ORDER BY + `timestamp` DESC +LIMIT 1", array(getUserId()), __FILE__, __LINE__); // Check for sent mail orders in stats -$result2 = SQL_QUERY_ESC("SELECT timestamp_ordered FROM `{!_MYSQL_PREFIX!}_user_stats` -WHERE userid=%s ORDER BY timestamp_ordered DESC LIMIT 1", array(getUserId()), __FILE__, __LINE__); +$result2 = SQL_QUERY_ESC("SELECT + `timestamp_ordered` +FROM + `{!_MYSQL_PREFIX!}_user_stats` +WHERE + `userid`=%s +ORDER BY + `timestamp_ordered` DESC +LIMIT 1", array(getUserId()), __FILE__, __LINE__); if ((SQL_NUMROWS($result1) == 1) || (SQL_NUMROWS($result2) == 1)) { // Mail order found! - list($stamp1) = SQL_FETCHROW($result1); - list($stamp2) = SQL_FETCHROW($result2); - if (empty($stamp1)) $stamp1 = 0; - if (empty($stamp2)) $stamp2 = 0; + $content = merge_array($content, SQL_FETCHARRAY($result1)); + $content = merge_array($content, SQL_FETCHARRAY($result2)); + + // Fix missing entries + if (empty($content['timestamp'])) $content['timestamp'] = 0; + if (empty($content['timestamp_ordered'])) $content['timestamp_ordered'] = 0; - if ((($stamp1 + getConfig('holiday_lock')) > time()) || (($stamp2 + getConfig('holiday_lock')) > time())) { + if ((($content['timestamp'] + getConfig('holiday_lock')) > time()) || (($content['timestamp_ordered'] + getConfig('holiday_lock')) > time())) { // Mail order is to close away! REQUEST_UNSET_POST('ok'); REQUEST_UNSET_POST('stop'); - if (($stamp1 + getConfig('holiday_lock')) > time()) { + if (($content['timestamp'] + getConfig('holiday_lock')) > time()) { // Mail found in pool - $stamp = $stamp1; + $stamp = $content['timestamp']; } else { // Mail found in stats - $stamp = $stamp2; + $stamp = $content['timestamp_ordered']; } // Display message and exit here LOAD_TEMPLATE('admin_settings_saved', false, sprintf(getMessage('HOLIDAY_MEMBER_ORDER'), generateDateTime($stamp, '1'))); return; } -} +} // END - if // Free memory SQL_FREERESULT($result1); @@ -91,22 +110,26 @@ SQL_FREERESULT($result2); if (isFormSent()) { // Check holiday request... $START = mktime(0, 0, 0, REQUEST_POST('start_month'), REQUEST_POST('start_day'), REQUEST_POST('start_year')); - $END = mktime(0, 0, 0, REQUEST_POST('end_month') , REQUEST_POST('end_day') , REQUEST_POST('end_year') ); + $content['holiday_end'] = mktime(0, 0, 0, REQUEST_POST('end_month') , REQUEST_POST('end_day') , REQUEST_POST('end_year') ); // Test both values - $TEST = $END - $START; - if (($TEST < 0) || ($TEST > (getConfig('one_day') * getConfig('holiday_max'))) || ($START < time()) || ($END < time())) { + $TEST = $content['holiday_end'] - $START; + if (($TEST < 0) || ($TEST > (getConfig('one_day') * getConfig('holiday_max'))) || ($START < time()) || ($content['holiday_end'] < time())) { // Time test failed REQUEST_UNSET_POST('ok'); } else { // Everything went okay so let's store his request and send mails - SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_holidays` (userid, holiday_start, holiday_end, comments) VALUES ('%s','%s','%s','%s')", - array(getUserId(), $START, $END, REQUEST_POST('comments')), __FILE__, __LINE__); + SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_holidays` (`userid`, `holiday_start`, `holiday_end`, `comments`) VALUES ('%s','%s','%s','%s')", + array(getUserId(), $START, $content['holiday_end'], REQUEST_POST('comments')), __FILE__, __LINE__); // Activate holiday system - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` -SET `holiday_active`='N', holiday_activated=UNIX_TIMESTAMP() -WHERE userid=%s LIMIT 1", + SQL_QUERY_ESC("UPDATE + `{!_MYSQL_PREFIX!}_user_data` +SET + `holiday_active`='N', `holiday_activated`=UNIX_TIMESTAMP() +WHERE + `userid`=%s +LIMIT 1", array(getUserId()), __FILE__, __LINE__); // Prepare constants @@ -130,37 +153,54 @@ WHERE userid=%s LIMIT 1", // Display message LOAD_TEMPLATE('admin_settings_saved', false, getMessage('HOLIDAY_IS_ACTIVATED_NOW')); } -} +} // END - if // Holiday shall be ended now if (REQUEST_ISSET_POST('stop')) { // Okay, end the holiday here... - $result = SQL_QUERY_ESC("SELECT `holiday_active`, `holiday_activated` FROM `{!_MYSQL_PREFIX!}_user_data` -WHERE `userid`=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); - list($active, $locked) = SQL_FETCHROW($result); + $result = SQL_QUERY_ESC("SELECT + `holiday_active`, `holiday_activated` +FROM + `{!_MYSQL_PREFIX!}_user_data` +WHERE + `userid`=%s +LIMIT 1", array(getUserId()), __FILE__, __LINE__); + $content = merge_array($content, SQL_FETCHARRAY($result)); SQL_FREERESULT($result); - if (($active == 'Y') && (($locked + getConfig('holiday_lock')) < time())) { + if (($content['holiday_active'] == 'Y') && (($content['holiday_activated'] + getConfig('holiday_lock')) < time())) { // Load data - $result = SQL_QUERY_ESC("SELECT `holiday_start`, `holiday_end` FROM `{!_MYSQL_PREFIX!}_user_holidays` -WHERE `userid`=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT + `holiday_start`, `holiday_end` +FROM + `{!_MYSQL_PREFIX!}_user_holidays` +WHERE + `userid`=%s +LIMIT 1", array(getUserId()), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Data was found - list($start, $end) = SQL_FETCHROW($result); + $content = merge_array($content, SQL_FETCHARRAY($result)); SQL_FREERESULT($result); // Prepare it for the template - define('__HOLIDAY_START', generateDateTime($start, '3')); - define('__HOLIDAY_END' , generateDateTime($end , '3')); + define('__HOLIDAY_START', generateDateTime($content['holiday_start'], '3')); + define('__HOLIDAY_END' , generateDateTime($content['holiday_end'] , '3')); // Deactivate it now SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` -SET `holiday_active`='N', holiday_activated='0' -WHERE userid=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); +SET + `holiday_active`='N', + `holiday_activated`=0 +WHERE + `userid`=%s +LIMIT 1", array(getUserId()), __FILE__, __LINE__); // Remove entry - SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_holidays` -WHERE userid=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); + SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM + `{!_MYSQL_PREFIX!}_user_holidays` +WHERE + `userid`=%s +LIMIT 1", array(getUserId()), __FILE__, __LINE__); // Send email to admin sendAdminNotification(getMessage('HOLIDAY_ADMIN_DEAC_SUBJ'), 'admin_holiday_deactivated', array(), getUserId()); @@ -171,38 +211,48 @@ WHERE userid=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); // Display message to user LOAD_TEMPLATE('admin_settings_saved', false, getMessage('HOLIDAY_MEMBER_CANNOT_DEACTIVATE')); } - } elseif ($active == 'Y') { + } elseif ($content['holiday_active'] == 'Y') { // To fast! LOAD_TEMPLATE('admin_settings_saved', false, getMessage('HOLIDAY_MEMBER_LOCKED')); } -} +} // END - if // If something is wrong or link in menu is just clicked display form if ((!isFormSent()) && (!REQUEST_ISSET_POST('stop'))) { // Check if user is in holiday... - $result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM `{!_MYSQL_PREFIX!}_user_data` -WHERE userid=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); - list($active, $locked) = SQL_FETCHROW($result); + $result = SQL_QUERY_ESC("SELECT + `holiday_active`, `holiday_activated` +FROM + `{!_MYSQL_PREFIX!}_user_data` +WHERE + `userid`=%s +LIMIT 1", array(getUserId()), __FILE__, __LINE__); + $content = SQL_FETCHARRAY($result); SQL_FREERESULT($result); // Check for lock - if (($locked + getConfig('holiday_lock')) < time()) { + if (($content['holiday_activated'] + getConfig('holiday_lock')) < time()) { // User can deactivate his holiday request - switch ($active) + switch ($content['holiday_active']) { case 'Y': // Display deactivation form // Load starting and ending date - $result = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM `{!_MYSQL_PREFIX!}_user_holidays` -WHERE userid=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT + `holiday_start`, `holiday_end` +FROM + `{!_MYSQL_PREFIX!}_user_holidays` +WHERE + `userid`=%s +LIMIT 1", array(getUserId()), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Data was found - list($start, $end) = SQL_FETCHROW($result); + $content = merge_array($content, SQL_FETCHARRAY($result)); SQL_FREERESULT($result); // Prepare it for the template - define('__HOLIDAY_START', generateDateTime($start , '3')); - define('__HOLIDAY_END' , generateDateTime($end , '3')); - define('__HOLIDAY_LOCK' , generateDateTime($locked, '1')); + define('__HOLIDAY_START', generateDateTime($content['holiday_start'] , '3')); + define('__HOLIDAY_END' , generateDateTime($content['holiday_end'] , '3')); + define('__HOLIDAY_LOCK' , generateDateTime($content['holiday_activated'], '1')); // Load template LOAD_TEMPLATE('member_holiday_deactivate'); @@ -211,9 +261,13 @@ WHERE userid=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); SQL_FREERESULT($result); // Remove entry and reload URL - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` -SET `holiday_active`='N' -WHERE userid=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE + `{!_MYSQL_PREFIX!}_user_data` +SET + `holiday_active`='N' +WHERE + `userid`=%s +LIMIT 1", array(getUserId()), __FILE__, __LINE__); redirectToUrl('modules.php?module=login&what=holiday'); return; } @@ -246,6 +300,7 @@ WHERE userid=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); // To fast! LOAD_TEMPLATE('admin_settings_saved', false, getMessage('HOLIDAY_MEMBER_LOCKED')); } -} -// +} // END - if + +// [EOF] ?> diff --git a/inc/modules/member/what-html_mail.php b/inc/modules/member/what-html_mail.php index f00ec341fd..07e592301c 100644 --- a/inc/modules/member/what-html_mail.php +++ b/inc/modules/member/what-html_mail.php @@ -53,25 +53,32 @@ ADD_DESCR('member', __FILE__); // Class was found and loaded if (isFormSent()) { // Save settings - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `html`='%s' WHERE userid=%s LIMIT 1", - array(REQUEST_POST('html'), getUserId()), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `html`='%s' WHERE `userid`=%s LIMIT 1", + array(REQUEST_POST('html'), getUserId()), __FILE__, __LINE__); LOAD_TEMPLATE('admin_settings_saved', false, getMessage('MEMBER_SETTINGS_SAVED')); } else { // Load template for changing settings - $result = SQL_QUERY_ESC("SELECT html FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(getUserId()), __FILE__, __LINE__); - list($mode) = SQL_FETCHROW($result); + $result = SQL_QUERY_ESC("SELECT `html` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1", + array(getUserId()), __FILE__, __LINE__); + + // Get the mode + $content = SQL_FETCHARRAY($result); + + // Free result SQL_FREERESULT($result); - if ($mode == 'Y') { - define('HTML_Y', ' checked="checked"'); - define('HTML_N', ''); + // Prepare it + if ($content['html'] == 'Y') { + $content['html_y'] = ' checked="checked"'; + $content['html_n'] = ''); } else { - define('HTML_N', ' checked="checked"'); - define('HTML_Y', ''); + $content['html_n'] = ' checked="checked"'; + $content['html_y'] = ''; } - LOAD_TEMPLATE("member_html_mail_settings"); + + // Load main template + LOAD_TEMPLATE('member_html_mail_settings'); } -// +// [EOF] ?> diff --git a/inc/modules/member/what-newsletter.php b/inc/modules/member/what-newsletter.php index 2d83f42f3a..cfb079145b 100644 --- a/inc/modules/member/what-newsletter.php +++ b/inc/modules/member/what-newsletter.php @@ -51,8 +51,8 @@ if (!defined('__SECURITY')) { ADD_DESCR('member', __FILE__); // Load status -$result = SQL_QUERY_ESC("SELECT nl_receive, nl_until, nl_timespan FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", -array(getUserId()), __FILE__, __LINE__); +$result = SQL_QUERY_ESC("SELECT `nl_receive`, `nl_until`, `nl_timespan` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1", + array(getUserId()), __FILE__, __LINE__); list($status, $until, $span) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -62,7 +62,7 @@ define('__CHARGE_VALUE', translateComma(getConfig('nl_charge'))); if ((isFormSent()) && ($status == 'Y') && ($span == '0')) { // Save request SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nl_timespan='".(getConfig('one_day') * 30)."' WHERE userid=%s LIMIT 1", - array(getUserId()), __FILE__, __LINE__); + array(getUserId()), __FILE__, __LINE__); // Load admin message $admin_msg = LOAD_EMAIL_TEMPLATE('admin_newsletter_request', array(), getUserId()); diff --git a/inc/modules/member/what-nickname.php b/inc/modules/member/what-nickname.php index ce052c1c1d..a086dfd3fe 100644 --- a/inc/modules/member/what-nickname.php +++ b/inc/modules/member/what-nickname.php @@ -55,16 +55,16 @@ if (isFormSent()) { // Nickname was submitted so let's check if it is not already in use if (REQUEST_ISSET_POST('nickname')) { // Check if nickname is valid - $PATTERN = '[' . getConfig('nickname_pattern') . ']{' . getConfig('nickname_length') . ',}'; + $PATTERN = '[' . getConfig('nickname_pattern') . ']{' . getConfig('nickname_len') . ',}'; if (ereg($PATTERN, REQUEST_POST('nickname'), $array)) { // Entered nickname is valid? - if ($array[0] == REQUEST_POST('nickname')) $isValid = true; + $isValid = ($array[0] == REQUEST_POST('nickname')); } // END - if } // END - if } // END - if if ($isValid === true) { - // Look for nickname in database (we only need just one entry so don't worry about the "LIMIT 1" ! + // Look for nickname in database (we only need just one entry so don't worry about the "LIMIT 1" !) $result = SQL_QUERY_ESC("SELECT `userid` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `nickname`='%s' AND `userid` != '%s' LIMIT 1", array(REQUEST_POST('nickname'), getUserId()), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { @@ -83,17 +83,13 @@ if ($isValid === true) { // Load template LOAD_TEMPLATE('admin_settings_saved', false, $content); } else { - // Load current nickname - // @TODO Rewrite this constant - define('__NICKNAME', NICKNAME_GET_NICK(getUserId())); - // Do we have already submit the form? if (REQUEST_ISSET_POST('nickname')) { LOAD_TEMPLATE('admin_settings_saved', false, "
{--NICKNAME_IS_INVALID--} $CATS['uids'][$content['cat']])) $target = $CATS['uids'][$content['cat']]; + if ((isset($CATS['uids'][$content['cat_id']])) && ($content['target_send'] > $CATS['uids'][$content['cat_id']])) $content['target_send'] = $CATS['uids'][$content['cat_id']]; // Old order is grabbed $OLD_ORDER = true; } else { // Default output for that your members don't forget it... - $url = 'http://'; + $content['url'] = 'http://'; } // Free result @@ -669,7 +669,7 @@ LIMIT 1", $CAT = ''; foreach ($CATS['id'] as $key => $value) { $CAT .= "
'); // ?> diff --git a/inc/modules/member/what-reflinks.php b/inc/modules/member/what-reflinks.php index 375e1f66a4..8688d2a476 100644 --- a/inc/modules/member/what-reflinks.php +++ b/inc/modules/member/what-reflinks.php @@ -48,9 +48,9 @@ if (!defined('__SECURITY')) { ADD_DESCR('member', __FILE__); // Load current referal clicks -$result = SQL_QUERY_ESC("SELECT ref_clicks FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", -array(getUserId()), __FILE__, __LINE__); -list($c) = SQL_FETCHROW($result); +$result = SQL_QUERY_ESC("SELECT `ref_clicks` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1", + array(getUserId()), __FILE__, __LINE__); +$content = SQL_FETCHARRAY($result); SQL_FREERESULT($result); OUTPUT_HTML("
{--YOUR_PERSONAL_REFLINK--}:
@@ -74,10 +74,11 @@ if (EXT_IS_ACTIVE('nickname')) { } // Clicks on your reflink -OUTPUT_HTML("{--YOUR_REFCLICKS--}: ".$c." {--CLICKS--}


"); +OUTPUT_HTML("{--YOUR_REFCLICKS--}: ".$content['ref_clicks']." {--CLICKS--}

"); + $whereStatement = " WHERE `visible`='Y'"; if (IS_ADMIN()) $whereStatement = ''; -$result = SQL_QUERY("SELECT id, url, alternate, counter, clicks FROM `{!_MYSQL_PREFIX!}_refbanner`", __FILE__, __LINE__); +$result = SQL_QUERY("SELECT `id`, `url`, `alternate`, `counter`, `clicks` FROM `{!_MYSQL_PREFIX!}_refbanner`", __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { // List available ref banners @@ -92,38 +93,30 @@ if (SQL_NUMROWS($result) > 0) { // will cause an "Invalid argument supplied for foreach()" error foreach ($fp as $f) { $bannerContent .= $f; - } - } + } // END - foreach + } // END - if $size = strlen($bannerContent); } elseif (isFileReadable($test)) { $size = filesize($test); } - if ($size > 0) $content['alternate'] .= " (".translateComma(round($size/102.4)/10)." {--KBYTES--})"; + if ($size > 0) $content['alternate'] .= ' (' .translateComma(round($size / 102.4) / 10) . ' {--KBYTES--})'; - // Load banner data - // @TODO Rewritings: alt->alternate,cnt->counter,cks->clicks,uid->userid in template - $content = array( - 'sw' => $SW, - 'url' => $content['url'], - 'alt' => $content['alternate'], - 'cnt' => $content['counter'], - 'cks' => $content['clicks'], - 'uid' => getUserId(), - 'id' => $content['id'], - ); + // Add some more data + $content['sw'] = $SW; + $content['userid'] = getUserId(); // Add row - $OUT .= LOAD_TEMPLATE("member_reflinks_row", true, $content); + $OUT .= LOAD_TEMPLATE('member_reflinks_row', true, $content); // Switchcolors $SW = 3 - $SW; - } + } // END - while define('__REFLINKS_ROWS', $OUT); // Load final template - LOAD_TEMPLATE("member_reflinks_table", false, getUserId()); + LOAD_TEMPLATE('member_reflinks_table', false, getUserId()); } else { // No refbanner found! LOAD_TEMPLATE('admin_settings_saved', false, getMessage('MEMBER_NO_REFBANNER_FOUND')); @@ -132,5 +125,5 @@ if (SQL_NUMROWS($result) > 0) { // Free result SQL_FREERESULT($result); -// +// [EOF] ?> diff --git a/inc/modules/member/what-stats.php b/inc/modules/member/what-stats.php index 739b83a55b..110701133d 100644 --- a/inc/modules/member/what-stats.php +++ b/inc/modules/member/what-stats.php @@ -97,38 +97,41 @@ if (SQL_NUMROWS($result) > 0) { SQL_FREERESULT($result); // Load sent orders -// 0 1 2 3 4 5 6 7 8 -$result = SQL_QUERY_ESC("SELECT id, cat_id, payment_id, subject, url, timestamp_ordered, max_rec, timestamp_send, clicks -FROM `{!_MYSQL_PREFIX!}_user_stats` -WHERE userid=%s -ORDER BY timestamp_ordered DESC", -array(getUserId()), __FILE__, __LINE__); +$result = SQL_QUERY_ESC("SELECT + `id`, `cat_id`, `payment_id`, `subject`, `url`, `timestamp_ordered`, `max_rec`, `timestamp_send`, `clicks` +FROM + `{!_MYSQL_PREFIX!}_user_stats` +WHERE + `userid`=%s +ORDER BY + `timestamp_ordered` DESC", + array(getUserId()), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { // Mail orders are in pool so we can display them $OUT = ''; $SW = 2; - while ($data = SQL_FETCHROW($result)) { + while ($content = SQL_FETCHARRAY($result)) { // Prepare data for the template $content = array( 'sw' => $SW, - 'cat' => getCategory($data[1]), - 'pay' => getPaymentTitlePrice($data[2]), - 'subj' => COMPILE_CODE($data[3]), - 'url' => DEREFERER($data[4]), - 'stamp' => generateDateTime($data[5], '2'), - 'recs' => $data[6], - 'sent' => generateDateTime($data[7], '2'), - 'clix' => $data[8], - 'perc' => COMPILE_CODE($data[8] / $data[6] * 100)."%", + 'cat' => getCategory($content['cat_id']), + 'pay' => getPaymentTitlePrice($content['payment_id']), + 'subj' => COMPILE_CODE($content['subject']), + 'url' => DEREFERER($content['url']), + 'stamp' => generateDateTime($content['timestamp_ordered'], '2'), + 'recs' => $content['max_rec'], + 'sent' => generateDateTime($content['timestamp_send'], '2'), + 'clix' => $content['clicks'], + 'perc' => COMPILE_CODE($content['clicks'] / $content['max_rec'] * 100)."%", ); // Load row template and switch colors - $OUT .= LOAD_TEMPLATE("member_stats_row", true, $content); + $OUT .= LOAD_TEMPLATE('member_stats_row', true, $content); $SW = 3 - $SW; } // Load main template - $main_content['stats'] = LOAD_TEMPLATE("member_stats_table", true, $OUT); + $main_content['stats'] = LOAD_TEMPLATE('member_stats_table', true, $OUT); } else { // No mail orders fond $main_content['stats'] = LOAD_TEMPLATE('admin_settings_saved', true, getMessage('MEMBER_NO_MAILS_IN_STATS')); @@ -138,7 +141,7 @@ if (SQL_NUMROWS($result) > 0) { SQL_FREERESULT($result); // Load main template -LOAD_TEMPLATE("member_stats_pool", false, $main_content); +LOAD_TEMPLATE('member_stats_pool', false, $main_content); // ?> diff --git a/inc/modules/member/what-wernis.php b/inc/modules/member/what-wernis.php index ba5d83c97a..4403462e86 100644 --- a/inc/modules/member/what-wernis.php +++ b/inc/modules/member/what-wernis.php @@ -183,7 +183,7 @@ if ((!REQUEST_ISSET_GET('mode')) || (REQUEST_GET('mode') == 'choose')) { WERNIS_ADD_FEES_TO_ARRAY($content); // Get WDS66 id - $result = SQL_QUERY_ESC("SELECT wernis_userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT `wernis_userid` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); // Are there some entries? diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 102a3de242..d07f48dbe5 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -1810,7 +1810,7 @@ function updateConfiguration ($entries, $values, $updateMode='') { // Update mode set? if (!empty($updateMode)) { // Update entry - // @TODO Find a way for updating $_CONFIG here + // @TODO Find a way for updating configuration here $all .= sprintf("`%s`=%s%s%s,", $entry, $entry, $updateMode, (float)$values[$idx]); } else { // Check if string or number @@ -1834,7 +1834,7 @@ function updateConfiguration ($entries, $values, $updateMode='') { $entries = substr($all, 0, -1); } elseif (!empty($updateMode)) { // Update mode set - // @TODO Find a way for updating $_CONFIG here + // @TODO Find a way for updating configuration here $entries .= sprintf("=%s%s%s", $entries, $updateMode, (float)$values); } else { // Set it in config first diff --git a/ref.php b/ref.php index 730799b089..08398c7efc 100644 --- a/ref.php +++ b/ref.php @@ -69,22 +69,20 @@ if (REQUEST_ISSET_GET('ref')) $ref = REQUEST_GET('ref'); if (!empty($ref)) { // Test if nickname or numeric id - if ($ref != ''.($ref + 0).'') { - if (EXT_IS_ACTIVE('nickname')) { - // Nickname in URL, so load the ID - $result = SQL_QUERY_ESC("SELECT `userid` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `nickname`='%s' LIMIT 1", - array($ref), __FILE__, __LINE__); - - // Load userid - list($ref) = SQL_FETCHROW($result); - - // Free result - SQL_FREERESULT($result); - } else { - // Invalid request! - $ref = 0; - } - } // END - if + if (EXT_IS_ACTIVE('nickname')) { + // Nickname in URL, so load the ID + $result = SQL_QUERY_ESC("SELECT `userid` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `nickname`='%s' LIMIT 1", + array($ref), __FILE__, __LINE__); + + // Load userid + list($ref) = SQL_FETCHROW($result); + + // Free result + SQL_FREERESULT($result); + } else { + // Invalid request! + $ref = 0; + } // Also edit this 0 ! if (empty($ref)) $ref = 0; diff --git a/templates/de/emails/confirm-member.tpl b/templates/de/emails/confirm-member.tpl index 889ff57ba2..68e52ced19 100644 --- a/templates/de/emails/confirm-member.tpl +++ b/templates/de/emails/confirm-member.tpl @@ -7,7 +7,7 @@ Sie können sich nun hier einloggen: Ihre Login-ID lautet: $UID URL zum Login: {!URL!}/login.php -für Ihre Anmeldung werden wir Ihnen als Willkommensgutschrift $content[points] {!POINTS!} gutschreiben, sobald Sie $_CONFIG[ref_payout] Mails bestätigt haben. Erst dann können Sie Mails an die anderen Mitglieder verschicken! +für Ihre Anmeldung werden wir Ihnen als Willkommensgutschrift $content[points] {!POINTS!} gutschreiben, sobald Sie {?ref_payout?} Mails bestätigt haben. Erst dann können Sie Mails an die anderen Mitglieder verschicken! Wir wünschen Ihnen viel Spass und Erfolg beim Mail-Versand! diff --git a/templates/de/html/admin/admin_add_sponsor.tpl b/templates/de/html/admin/admin_add_sponsor.tpl index bd624006ce..9bbc0f1192 100644 --- a/templates/de/html/admin/admin_add_sponsor.tpl +++ b/templates/de/html/admin/admin_add_sponsor.tpl @@ -257,12 +257,12 @@   diff --git a/templates/de/html/admin/admin_config_nickname.tpl b/templates/de/html/admin/admin_config_nickname.tpl index ac47408328..88f3eee594 100644 --- a/templates/de/html/admin/admin_config_nickname.tpl +++ b/templates/de/html/admin/admin_config_nickname.tpl @@ -12,7 +12,7 @@ {--ADMIN_NICKNAME_MIN_LENGTH--}:   - + @@ -22,7 +22,7 @@ {--ADMIN_NICKNAME_PATTERN--}:   - + @@ -32,7 +32,7 @@ {--ADMIN_NICKNAME_LANG_CHARS--}:   - + diff --git a/templates/de/html/guest/guest_sponsor_reg.tpl b/templates/de/html/guest/guest_sponsor_reg.tpl index 5a0f526327..dbaf1e8137 100644 --- a/templates/de/html/guest/guest_sponsor_reg.tpl +++ b/templates/de/html/guest/guest_sponsor_reg.tpl @@ -288,12 +288,12 @@   diff --git a/templates/de/html/member/member_html_mail_settings.tpl b/templates/de/html/member/member_html_mail_settings.tpl index c41974fd72..228f041fea 100644 --- a/templates/de/html/member/member_html_mail_settings.tpl +++ b/templates/de/html/member/member_html_mail_settings.tpl @@ -15,9 +15,9 @@ {--YES--}:    + name="html" class="member_normal" value="Y"$content[html_y] />     {--NO--}:  + type="radio" name="html" class="member_normal" value="N"$content[html_n] />   diff --git a/templates/de/html/member/member_nickname_form.tpl b/templates/de/html/member/member_nickname_form.tpl index efc646a0ab..4825f96770 100644 --- a/templates/de/html/member/member_nickname_form.tpl +++ b/templates/de/html/member/member_nickname_form.tpl @@ -22,7 +22,7 @@ {--NICKNAME_ENTER_NICKNAME--}:   - +   @@ -31,7 +31,7 @@   - {--NICKNAME_ALLOWED_CHARS--} ($content[nickname_chars]) + {--NICKNAME_ALLOWED_CHARS--} ({?nickname_chars?})   diff --git a/templates/de/html/member/member_reflinks_row.tpl b/templates/de/html/member/member_reflinks_row.tpl index 110b811bb8..7ff93357de 100644 --- a/templates/de/html/member/member_reflinks_row.tpl +++ b/templates/de/html/member/member_reflinks_row.tpl @@ -3,8 +3,8 @@ $content[alt]
{--REFBANNER_TOTALS--}: - $content[cnt] {--REF_VIEWS--} / - $content[cks] {--REF_CLIX--} + $content[counter] {--REF_VIEWS--} / + $content[clicks] {--REF_CLIX--}
  @@ -16,9 +16,9 @@   -
<A href="{!URL!}/click.php?user=$content[uid]&banner=$content[id]"
- target="_blank"><IMG src="{!URL!}/view.php?user=$content[uid]&banner=$content[id]"
- alt="$content[alt]" title="$content[alt]" border="0"></A>
+
<a href="{!URL!}/click.php?user=$content[userid]&banner=$content[id]"
+ target="_blank"><img src="{!URL!}/view.php?user=$content[userid]&banner=$content[id]"
+ alt="$content[alternate]" title="$content[alternate]" border="0" /></a>
  diff --git a/templates/de/html/sponsor/sponsor_settings_form.tpl b/templates/de/html/sponsor/sponsor_settings_form.tpl index 35df14aa7c..812fb1d502 100644 --- a/templates/de/html/sponsor/sponsor_settings_form.tpl +++ b/templates/de/html/sponsor/sponsor_settings_form.tpl @@ -22,12 +22,12 @@ -- 2.39.5