From d18075f375db1b9db40773cdf80a5d6f2c36cd3a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sun, 18 May 2008 23:11:07 +0000 Subject: [PATCH] Newer sponsor scripts found in backup\! :D :D --- .gitattributes | 6 +- inc/extensions/ext-sponsor.php | 19 ++- inc/libs/output_functions.php | 65 +++----- inc/libs/sponsor_functions.php | 17 +- inc/modules/admin/action-setup.php | 8 +- inc/modules/admin/action-sponsor.php | 11 +- inc/modules/admin/what-add_sponsor.php | 18 +-- inc/modules/admin/what-config_sponsor.php | 22 ++- inc/modules/admin/what-del_sponsor.php | 51 +++--- inc/modules/admin/what-edit_sponsor.php | 101 +++++------- inc/modules/admin/what-list_doubler.php | 10 +- inc/modules/admin/what-list_sponsor.php | 68 +++----- inc/modules/admin/what-list_sponsor_pay.php | 114 +++++-------- inc/modules/admin/what-list_sponsor_pays.php | 25 ++- inc/modules/admin/what-lock_sponsor.php | 68 +++----- inc/modules/admin/what-maintenance.php | 1 + inc/modules/admin/what-theme_check.php | 15 +- inc/modules/admin/what-theme_import.php | 38 ++--- inc/modules/admin/what-unlock_sponsor.php | 80 ++++----- inc/modules/admin/what-usage.php | 43 +++-- inc/modules/guest/action-sponsor.php | 11 +- inc/modules/guest/what-sponsor_login.php | 12 +- inc/modules/guest/what-sponsor_reg.php | 140 ++++++++-------- inc/modules/sponsor.php | 16 +- inc/modules/sponsor/.htaccess | 1 + .../action-sponsors.php => sponsor/.php} | 44 +++-- inc/modules/sponsor/account.php | 152 ++++++++++++++++++ inc/modules/sponsor/settings.php | 116 +++++++++++++ inc/modules/sponsor/welcome.php | 66 ++++++++ 29 files changed, 742 insertions(+), 596 deletions(-) create mode 100644 inc/modules/sponsor/.htaccess rename inc/modules/{guest/action-sponsors.php => sponsor/.php} (69%) create mode 100644 inc/modules/sponsor/account.php create mode 100644 inc/modules/sponsor/settings.php create mode 100644 inc/modules/sponsor/welcome.php diff --git a/.gitattributes b/.gitattributes index 2b14e244a2..f81ab98f4d 100644 --- a/.gitattributes +++ b/.gitattributes @@ -370,7 +370,6 @@ inc/modules/guest/action-main.php -text inc/modules/guest/action-members.php -text inc/modules/guest/action-online.php -text inc/modules/guest/action-sponsor.php -text -inc/modules/guest/action-sponsors.php -text inc/modules/guest/action-themes.php -text inc/modules/guest/what- -text inc/modules/guest/what-active.php -text @@ -441,6 +440,11 @@ inc/modules/member/what-welcome.php -text inc/modules/member/what-wernis.php -text inc/modules/order.php -text inc/modules/sponsor.php -text +inc/modules/sponsor/.htaccess -text +inc/modules/sponsor/.php -text +inc/modules/sponsor/account.php -text +inc/modules/sponsor/settings.php -text +inc/modules/sponsor/welcome.php -text inc/modules/welcome.php -text inc/monthly/.htaccess -text inc/monthly/monthly_ -text diff --git a/inc/extensions/ext-sponsor.php b/inc/extensions/ext-sponsor.php index 37d3c07193..d704b522b9 100644 --- a/inc/extensions/ext-sponsor.php +++ b/inc/extensions/ext-sponsor.php @@ -52,8 +52,11 @@ case "register": // Do stuff when installtion is running (modules.php?module=adm // // SQL commands to run // - if (EXT_IS_ACTIVE("repair")) - { + //if (EXT_IS_ACTIVE("repair")) + //{ + // Try to make it depend on repair + $EXT_UPDATE_DEPENDS = "repair"; + // // Sponsor data // @@ -368,12 +371,12 @@ PRIMARY KEY(id) // Load CSS file $EXT_CSS = "Y"; - } - else - { - // Sponsor extension depends now on repair extension! - $SQLs[] = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE ext_name='sponsor' LIMIT 1"; - } + //} + // else + //{ + // // Sponsor extension depends now on repair extension! + // $SQLs[] = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE ext_name='sponsor' LIMIT 1"; + //} break; case "remove": // Do stuff when removing extension diff --git a/inc/libs/output_functions.php b/inc/libs/output_functions.php index ab24e8fb3e..9b5be75732 100644 --- a/inc/libs/output_functions.php +++ b/inc/libs/output_functions.php @@ -38,30 +38,26 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) require($INC); } // Add HTML to the output stream -class HTMLParser -{ +class HTMLParser { // Initializer -function HTMLParser() -{ +function HTMLParser() { } // Add HTML-Code to buffer -function add_html ($HTML, $NEW_LINE = true) -{ +function add_html ($HTML, $NEW_LINE = true) { global $OUTPUT; } + // Compiles HTML code -function compile_html($code, $simple=false) -{ +function compile_html($code, $simple=false) { global $SEC_CHARS; // Compile constants $code = str_replace('{--', '".', str_replace('--}', '."', $code)); // Compile QUOT and other non-HTML codes - foreach ($SEC_CHARS['to'] as $k=>$from) - { + foreach ($SEC_CHARS['to'] as $k=>$from) { // Do the reversed thing as in inc/libs/security_functions.php $code = str_replace($from, $SEC_CHARS['from'][$k], $code); } @@ -72,6 +68,7 @@ function compile_html($code, $simple=false) // Return compiled code return $code; } + // Load a template file and return it's content (only it's name; do not use ' or ") function get_template ($template, $return=false, $content="") { @@ -79,8 +76,7 @@ function get_template ($template, $return=false, $content="") global $DATA, $ACTION, $WHAT; $REFID = bigintval(get_session('refid')); - if ($template == "member_support_form") - { + if ($template == "member_support_form") { // Support request of a member $ID = bigintval($GLOBALS['userid']); $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__); @@ -94,56 +90,44 @@ function get_template ($template, $return=false, $content="") $MODE = ""; // Check for admin/guest/member templates - if (strpos($template, "admin_") > -1) - { + if (strpos($template, "admin_") > -1) { // Admin template found $MODE = "admin/"; - } - elseif (strpos($template, "guest_") > -1) - { + } elseif (strpos($template, "guest_") > -1) { // Guest template found $MODE = "guest/"; - } - elseif (strpos($template, "member_") > -1) - { + } elseif (strpos($template, "member_") > -1) { // Member template found $MODE = "member/"; - } - elseif (strpos($template, "install_") > -1) - { + } elseif (strpos($template, "install_") > -1) { // Installation template found $MODE = "install/"; - } - elseif (strpos($template, "mailid_") > -1) - { + } elseif (strpos($template, "mailid_") > -1) { // Mail confirmation template found $MODE = "mailid/"; } // Generate file name $file = $BASE.$MODE.$template.".tpl"; - if ((!empty($HTTP_GET_VARS['what'])) && ((strpos($template, "_header") > 0) || (strpos($template, "_footer") > 0)) && (($MODE == "guest/") || ($MODE == "member/") || ($MODE == "admin/"))) - { + if ((!empty($_GET['what'])) && ((strpos($template, "_header") > 0) || (strpos($template, "_footer") > 0)) && (($MODE == "guest/") || ($MODE == "member/") || ($MODE == "admin/"))) { // Select what depended header/footer template file for admin/guest/member area - $file2 = $BASE.$MODE.$template."_".$HTTP_GET_VARS['what'].".tpl"; + $file2 = sprintf("%s%s%s_%s.tpl", $BASE, $MODE, $template, SQL_ESCAPE($_GET['what'])); // Probe for it... - if (file_exists($file2)) $file = $file2; + if ((file_exists($file2)) && (is_readable($file2))) $file = $file2; // Remove variable from memory unset($file2); } // Does the special template exists? - if (!file_exists($file)) - { + if ((!file_exists($file)) || (!is_readable($file))) { // Reset to default template $file = PATH."templates/".GET_LANGUAGE()."/html/".$template.".tpl"; } // Now does the final template exists? - if (file_exists($file)) - { + if ((file_exists($file)) && (is_readable($file))) { // The local file does exists so we load it. :) $tmpl_file = implode("", file($file)); $tmpl_file = str_replace("'", '{QUOT}', $tmpl_file); @@ -151,21 +135,17 @@ function get_template ($template, $return=false, $content="") // Compile and run code $ret = COMPILE_CODE(addslashes($tmpl_file), false, true); $ret = "\n".$ret."\n"; - } - elseif (IS_ADMIN()) - { + } elseif (IS_ADMIN()) { // Only admins shall see this warning $ret = "
".TEMPLATE_404."
(".basename($file).")

"; } - if ($return) - { + + if ($return) { // Return the HTML code return $ret; - } - else - { + } else { // Output directly $this->add_html ($ret); } @@ -173,5 +153,6 @@ function get_template ($template, $return=false, $content="") // END OF CLASS } + // ?> diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php index ac2324e567..e0c63d5316 100644 --- a/inc/libs/sponsor_functions.php +++ b/inc/libs/sponsor_functions.php @@ -39,7 +39,6 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) // function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) { - global $HTTP_GET_VARS, $_SERVER, $_COOKIE; $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false; $ret = "unused"; @@ -82,7 +81,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST SQL_FREERESULT($result); // Yes, he is! - if (($HTTP_GET_VARS['what'] == "add_sponsor") || ($NO_UPDATE)) + if (($_GET['what'] == "add_sponsor") || ($NO_UPDATE)) { // Already found! $ALREADY = true; @@ -171,7 +170,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Remove last ", " from SQL string $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1"; - $DATA['values'][] = bigintval($HTTP_GET_VARS['id']); + $DATA['values'][] = bigintval($_GET['id']); // Generate message $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs); @@ -182,7 +181,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Add new sponsor, first add more data $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time(); $DATA['keys'][] = "status"; - if ((!$NO_UPDATE) && (IS_ADMIN()) && ($HTTP_GET_VARS['what'] == "add_sponsor")) + if ((!$NO_UPDATE) && (IS_ADMIN()) && ($_GET['what'] == "add_sponsor")) { // Only allowed for admin $DATA['values'][] = "PENDING"; @@ -421,7 +420,7 @@ ORDER BY sort", array($action), __FILE__, __LINE__); // function GENERATE_SPONSOR_CONTENT($what) { - global $HTTP_POST_VARS, $HTTP_GET_VARS, $CONFIG; + global $HTTP_POST_VARS, $_GET, $CONFIG; $FILE = PATH."inc/modules/sponsor/".$what.".php"; $OUT = ""; if (@file_exists($FILE)) @@ -470,7 +469,7 @@ WHERE id='%s' AND password='%s' LIMIT 1", // function SPONSOR_SAVE_DATA($POST, $content) { - global $_COOKIE, $_SERVER, $HTTP_GET_VARS; + global $_COOKIE, $_SERVER, $_GET; $EMAIL = false; // Unsecure data which we don't want @@ -542,7 +541,7 @@ function SPONSOR_SAVE_DATA($POST, $content) $DATA[] = $_COOKIE['sponsorpass']; // Saving data was completed... ufff... - switch ($HTTP_GET_VARS['what']) + switch ($_GET['what']) { case "account": // Change account data if ($EMAIL) @@ -571,7 +570,7 @@ function SPONSOR_SAVE_DATA($POST, $content) break; default: // Unknown sponsor what value! - $MSG = SPONSOR_UNKNOWN_WHAT_1.$HTTP_GET_VARS['what'].SPONSOR_UNKNOWN_WHAT_2; + $MSG = SPONSOR_UNKNOWN_WHAT_1.$_GET['what'].SPONSOR_UNKNOWN_WHAT_2; $templ = ""; $subj = ""; break; } @@ -613,7 +612,7 @@ function SPONSOR_SAVE_DATA($POST, $content) // to the old address // First to old address - switch ($HTTP_GET_VARS['what']) + switch ($_GET['what']) { case "account": // Change account data $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content); diff --git a/inc/modules/admin/action-setup.php b/inc/modules/admin/action-setup.php index 5cf0b0c60f..2e62585b95 100644 --- a/inc/modules/admin/action-setup.php +++ b/inc/modules/admin/action-setup.php @@ -43,14 +43,12 @@ ADD_DESCR("admin", basename(__FILE__)); // Load the include file $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); -if (file_exists($INC)) -{ +if (file_exists($INC)) { // Ok, we finally load the admin action module include($INC); -} - else -{ +} else { ADD_FATAL(ADMIN_404_ACTION_1.$GLOBALS['what'].ADMIN_404_ACTION_2); } + // ?> diff --git a/inc/modules/admin/action-sponsor.php b/inc/modules/admin/action-sponsor.php index 0306396d08..b4cbba35c9 100644 --- a/inc/modules/admin/action-sponsor.php +++ b/inc/modules/admin/action-sponsor.php @@ -41,15 +41,12 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = PATH."inc/modules/admin/what-".$what.".php"; -if (file_exists($INC)) -{ +$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +if (file_exists($INC)) { // Ok, we finally load the admin action module include($INC); -} - else -{ - $FATAL[] = ADMIN_404_ACTION_1.$what.ADMIN_404_ACTION_2; +} else { + $FATAL[] = ADMIN_404_ACTION_1.$GLOBALS['what'].ADMIN_404_ACTION_2; } // ?> diff --git a/inc/modules/admin/what-add_sponsor.php b/inc/modules/admin/what-add_sponsor.php index 07767a67af..2d056ebce7 100644 --- a/inc/modules/admin/what-add_sponsor.php +++ b/inc/modules/admin/what-add_sponsor.php @@ -1,7 +1,7 @@ diff --git a/inc/modules/admin/what-config_sponsor.php b/inc/modules/admin/what-config_sponsor.php index 22185a82b8..dc81d948a9 100644 --- a/inc/modules/admin/what-config_sponsor.php +++ b/inc/modules/admin/what-config_sponsor.php @@ -1,7 +1,7 @@ diff --git a/inc/modules/admin/what-del_sponsor.php b/inc/modules/admin/what-del_sponsor.php index 0bd3444b15..d0140fc149 100644 --- a/inc/modules/admin/what-del_sponsor.php +++ b/inc/modules/admin/what-del_sponsor.php @@ -1,7 +1,7 @@ 0) - { + if (strval($_POST['points']) > 0) { // Replace german decimal comma with computer's decimal dot - $POINTS = strval(str_replace(",", ".", $HTTP_POST_VARS['points'])); + $POINTS = strval(str_replace(",", ".", $_POST['points'])); // Add points to account $result_add = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET points_amount=points_amount+%s WHERE id='%s' LIMIT 1", - array($POINTS, bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__); + array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__); // Remember points /reason for the template define('__POINTS' , TRANSLATE_COMMA($POINTS)); - define('__REASON' , $HTTP_POST_VARS['reason']); + define('__REASON' , $_POST['reason']); // Send email - $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $HTTP_POST_VARS['reason'], true); + $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $_POST['reason'], true); SEND_EMAIL(__EMAIL, SPONSOR_ADMIN_ADD_POINTS, $msg); $MSG = ADMIN_SPONSOR_POINTS_ADDED; - } - else - { + } else { // No points entered to add! $MSG = ADMIN_SPONSPOR_NO_POINTS_TO_ADD; } break; case "sub_points": // Subtract points - if (strval($HTTP_POST_VARS['points']) > 0) - { + if (strval($_POST['points']) > 0) { // Replace german decimal comma with computer's decimal dot - $POINTS = strval(str_replace(",", ".", $HTTP_POST_VARS['points'])); + $POINTS = strval(str_replace(",", ".", $_POST['points'])); // Add points to account $result_add = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET points_used=points_used+%s WHERE id='%s' LIMIT 1", - array($POINTS, bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__); + array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__); // Remember points /reason for the template define('__POINTS' , TRANSLATE_COMMA($POINTS)); - define('__REASON' , $HTTP_POST_VARS['reason']); + define('__REASON' , $_POST['reason']); // Send email - $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $HTTP_POST_VARS['reason'], true); + $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $_POST['reason'], true); SEND_EMAIL(__EMAIL, SPONSOR_ADMIN_SUB_POINTS, $msg); $MSG = ADMIN_SPONSOR_POINTS_SUBTRACTED; - } - else - { + } else { // No points entered to add! $MSG = ADMIN_SPONSPOR_NO_POINTS_TO_SUBTRACT; } @@ -157,58 +150,48 @@ if ((!empty($HTTP_GET_VARS['id'])) && (!empty($HTTP_GET_VARS['mode']))) case "edit": // Edit sponsor account $PASS = true; - if (($HTTP_POST_VARS['pass1'] != $HTTP_POST_VARS['pass2']) || ((empty($HTTP_POST_VARS['pass1'])) && (empty($HTTP_POST_VARS['pass1'])))) - { + if (($_POST['pass1'] != $_POST['pass2']) || ((empty($_POST['pass1'])) && (empty($_POST['pass1'])))) { // Remove passwords - unset($HTTP_POST_VARS['pass1']); - unset($HTTP_POST_VARS['pass2']); + unset($_POST['pass1']); + unset($_POST['pass2']); $PASS = false; } - SPONSOR_HANDLE_SPONSOR($HTTP_POST_VARS); + SPONSOR_HANDLE_SPONSOR($_POST); // Convert some data for the email template - $HTTP_POST_VARS['salut'] = TRANSLATE_SEX($HTTP_POST_VARS['salut']); - $HTTP_POST_VARS['warning_interval'] = CREATE_FANCY_TIME($HTTP_POST_VARS['warning_interval']); - if (!$PASS) $HTTP_POST_VARS['pass1'] = SPONSOR_PASS_UNCHANGED; + $_POST['salut'] = TRANSLATE_SEX($_POST['salut']); + $_POST['warning_interval'] = CREATE_FANCY_TIME($_POST['warning_interval']); + if (!$PASS) $_POST['pass1'] = SPONSOR_PASS_UNCHANGED; // Load email template and send the mail away - $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $HTTP_POST_VARS, false); - SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ADMIN_EDIT_SUBJECT, $msg); + $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $_POST, false); + SEND_EMAIL($_POST['email'], SPONSOR_ADMIN_EDIT_SUBJECT, $msg); break; default: // Unknown mode - $MSG = ADMIN_INVALID_MODE_1.$HTTP_GET_VARS['mode'].ADMIN_INVALID_MODE_2; + $MSG = ADMIN_INVALID_MODE_1.SQL_ESCAPE($_GET['mode']).ADMIN_INVALID_MODE_2; break; } - if (!empty($MSG)) - { + if (!empty($MSG)) { // Output message LOAD_TEMPLATE("admin_settings_saved", false, $MSG); } - } - elseif (file_exists(PATH."templates/".GET_LANGUAGE()."/html/admin/".$TPL.".tpl")) - { + } elseif (file_exists(PATH."templates/".GET_LANGUAGE()."/html/admin/".$TPL.".tpl")) { // Create mailto link define('__SPONSOR_VALUE', "".__SURNAME." ".__FAMILY.""); // Load mode template LOAD_TEMPLATE($TPL); - } - else - { + } else { // Template not found! - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_TPL_404_1.$HTTP_GET_VARS['mode'].ADMIN_TPL_404_2); + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_TPL_404_1.SQL_ESCAPE($_GET['mode']).ADMIN_TPL_404_2); } - } - else - { + } else { // Sponsor not found! - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['id'].ADMIN_SPONSOR_404_2); + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.bigintval($_GET['id']).ADMIN_SPONSOR_404_2); } -} - else -{ +} else { // Not called by what-list_sponsor.php LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_CALL_NOT_DIRECTLY); } diff --git a/inc/modules/admin/what-list_doubler.php b/inc/modules/admin/what-list_doubler.php index fe7df7ad8c..d9f373aa2f 100644 --- a/inc/modules/admin/what-list_doubler.php +++ b/inc/modules/admin/what-list_doubler.php @@ -32,8 +32,7 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) -{ +if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -41,13 +40,10 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) // Add description as navigation point ADD_DESCR("admin", basename(__FILE__)); -if (empty($_GET['mode'])) -{ +if (empty($_GET['mode'])) { // Chosse the overview page as default $_GET['mode'] = "overview"; -} - else -{ +} else { // Set table title automatically if (empty($_GET['select'])) $_GET['select'] = "all"; $eval = "define('__ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."', ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."_".strtoupper($_GET['select']).");"; diff --git a/inc/modules/admin/what-list_sponsor.php b/inc/modules/admin/what-list_sponsor.php index fc48a1f7d9..a753c8d831 100644 --- a/inc/modules/admin/what-list_sponsor.php +++ b/inc/modules/admin/what-list_sponsor.php @@ -1,7 +1,7 @@ $v) - { + foreach ($DATA as $k=>$v) { if (empty($v)) $DATA[$k] = "---"; } // Check for sponsor's orders (only count) $result_orders = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_sponsor_orders WHERE sponsorid='%s'", - array(bigintval($HTTP_GET_VARS['id'])), __FILE__, __LINE__); + array(bigintval($_GET['id'])), __FILE__, __LINE__); list($orders) = SQL_FETCHROW($result_orders); SQL_FREERESULT($result_orders); if (empty($orders)) $orders = "0"; // Prepare all data for the template // Sponsor's ID - define('__SPONSOR_ID' , $HTTP_GET_VARS['id']); + define('__SPONSOR_ID' , $_GET['id']); // Company's data define('__SPONSOR_COMPANY' , $DATA['company']); define('__SPONSOR_POSITION' , $DATA['position']); @@ -110,20 +106,15 @@ WHERE id='%s' LIMIT 1", // Load template LOAD_TEMPLATE("admin_list_sponsor_details"); - } - else - { + } else { // Sponsor not found - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['id'].ADMIN_SPONSOR_404_2); + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$_GET['id'].ADMIN_SPONSOR_404_2); } -} - elseif (!empty($HTTP_GET_VARS['rid'])) -{ +} elseif (!empty($_GET['rid'])) { // Search for sponsor $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1", - array(bigintval($HTTP_GET_VARS['rid'])), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array(bigintval($_GET['rid'])), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Free memory SQL_FREERESULT($result); @@ -131,37 +122,28 @@ WHERE id='%s' LIMIT 1", $result = SQL_QUERY_ESC("SELECT id, salut, surname, family, email, status, sponsor_created, last_online, points_amount, points_used, remote_addr, ref_count FROM "._MYSQL_PREFIX."_sponsor_data WHERE refid='%s' ORDER BY id", - array(bigintval($HTTP_GET_VARS['rid'])), __FILE__, __LINE__); + array(bigintval($_GET['rid'])), __FILE__, __LINE__); - if (SQL_NUMROWS($result) > 0) - { + if (SQL_NUMROWS($result) > 0) { // List refs now // Free memory SQL_FREERESULT($result); - } - else - { + } else { // No refs made so far - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_REFS_404_1."".$HTTP_GET_VARS['rid']."".ADMIN_SPONSOR_REFS_404_2); + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_REFS_404_1."".bigintval($_GET['rid'])."".ADMIN_SPONSOR_REFS_404_2); } - } - else - { + } else { // Sponsor not found - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.$HTTP_GET_VARS['rid'].ADMIN_SPONSOR_404_2); + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_404_1.bigintval($_GET['rid']).ADMIN_SPONSOR_404_2); } -} - else -{ +} else { // List all sponsors $result_main = SQL_QUERY("SELECT id, salut, surname, family, email, status, sponsor_created, last_online, points_amount, points_used, remote_addr FROM "._MYSQL_PREFIX."_sponsor_data ORDER BY id", __FILE__, __LINE__); - if (SQL_NUMROWS($result_main) > 0) - { + if (SQL_NUMROWS($result_main) > 0) { // At least one sponsor found! $OUT = ""; $SW = 2; - while(list($id, $salut, $sname, $fname, $email, $status, $created, $last, $amount, $used, $ip) = SQL_FETCHROW($result_main)) - { + while(list($id, $salut, $sname, $fname, $email, $status, $created, $last, $amount, $used, $ip) = SQL_FETCHROW($result_main)) { // Transfer data to array $content = array( 'id' => $id, @@ -188,9 +170,7 @@ FROM "._MYSQL_PREFIX."_sponsor_data ORDER BY id", __FILE__, __LINE__); // Load final template LOAD_TEMPLATE("admin_list_sponsor"); - } - else - { + } else { // No sponsors registered so far LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_NONE_REGISTERED); } diff --git a/inc/modules/admin/what-list_sponsor_pay.php b/inc/modules/admin/what-list_sponsor_pay.php index 587fc05805..8564656c69 100644 --- a/inc/modules/admin/what-list_sponsor_pay.php +++ b/inc/modules/admin/what-list_sponsor_pay.php @@ -1,7 +1,7 @@ $sel) - { + foreach ($_POST['id'] as $id=>$sel) { // Secure ID $id = bigintval($id); // Save entry $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_paytypes SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id='%s' LIMIT 1", - array($HTTP_POST_VARS['name'][$id], $HTTP_POST_VARS['rate'][$id], bigintval($HTTP_POST_VARS['min'][$id]), $HTTP_POST_VARS['curr'][$id], $id), + array($_POST['name'][$id], $_POST['rate'][$id], bigintval($_POST['min'][$id]), $_POST['curr'][$id], $id), __FILE__, __LINE__); } // Generate message $MSG = SPONSOR_PAY_ENTRIES_CHANGED; - } - elseif (isset($HTTP_POST_VARS['remove'])) - { + } elseif (isset($_POST['remove'])) { // Remove entries here... - foreach ($HTTP_POST_VARS['id'] as $id=>$sel) - { + foreach ($_POST['id'] as $id=>$sel) { // Remove entry $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_sponsor_paytypes WHERE id='%s' LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -93,54 +82,45 @@ SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id $MSG = SPONSOR_PAY_ENTRIES_REMOVED; } - if (!empty($MSG)) - { + if (!empty($MSG)) { // Output message LOAD_TEMPLATE("admin_settings_saved", false, $MSG); OUTPUT_HTML("
"); } } -if (isset($HTTP_POST_VARS['add'])) -{ +if (isset($_POST['add'])) { // Check if entry with same name does exists $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_paytypes WHERE pay_name='%s' LIMIT 1", - array($HTTP_POST_VARS['pay_name']), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 0) - { + array($_POST['pay_name']), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 0) { // No entry found so add this line $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_sponsor_paytypes (pay_name, pay_rate, pay_min_count, pay_currency) VALUES ('%s', '%s', '%s', '%s')", - array(htmlspecialchars($HTTP_POST_VARS['pay_name']), str_replace(",", ".", $HTTP_POST_VARS['pay_rate']), bigintval($HTTP_POST_VARS['pay_min_count']), htmlspecialchars($HTTP_POST_VARS['pay_currency'])), + array(htmlspecialchars($_POST['pay_name']), str_replace(",", ".", $_POST['pay_rate']), bigintval($_POST['pay_min_count']), htmlspecialchars($_POST['pay_currency'])), __FILE__, __LINE__); // Payment type added! - $MSG = SPONSOR_ADMIN_PAYTYPE_ADDED_1.$HTTP_POST_VARS['pay_name'].SPONSOR_ADMIN_PAYTYPE_ADDED_2; - } - else - { + $MSG = SPONSOR_ADMIN_PAYTYPE_ADDED_1.$_POST['pay_name'].SPONSOR_ADMIN_PAYTYPE_ADDED_2; + } else { // Free memory SQL_FREERESULT($result); // Entry does already exists - $MSG = SPONSOR_ADMIN_PAYTYPE_ALREADY_1.$HTTP_POST_VARS['pay_name'].SPONSOR_ADMIN_PAYTYPE_ALREADY_2; + $MSG = SPONSOR_ADMIN_PAYTYPE_ALREADY_1.$_POST['pay_name'].SPONSOR_ADMIN_PAYTYPE_ALREADY_2; } // Output message LOAD_TEMPLATE("admin_settings_saved", false, $MSG); OUTPUT_HTML("
"); -} - elseif ((isset($HTTP_POST_VARS['edit'])) || (isset($HTTP_POST_VARS['del']))) -{ +} elseif ((isset($_POST['edit'])) || (isset($_POST['del']))) { // Load all data $OUT = ""; $SW = 2; - foreach ($HTTP_POST_VARS['id'] as $id=>$sel) - { + foreach ($_POST['id'] as $id=>$sel) { // Load entry $result = SQL_QUERY_ESC("SELECT pay_name, pay_rate, pay_min_count, pay_currency FROM "._MYSQL_PREFIX."_sponsor_paytypes WHERE id='%s' LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Load data list($name, $rate, $min, $curr) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -155,19 +135,14 @@ if (isset($HTTP_POST_VARS['add'])) 'curr' => htmlspecialchars($curr) ); - if (isset($HTTP_POST_VARS['edit'])) - { + if (isset($_POST['edit'])) { // Edit entry $OUT .= LOAD_TEMPLATE("admin_list_sponsor_pay_edit_row", true, $content); - } - else - { + } else { // Delete entry $OUT .= LOAD_TEMPLATE("admin_list_sponsor_pay_del_row", true, $content); } - } - else - { + } else { // Entry invalid $OUT .= LOAD_TEMPLATE("admin_list_sponsor_pay_404", true, $id); } @@ -180,32 +155,25 @@ if (isset($HTTP_POST_VARS['add'])) define('__SPONSOR_ROWS', $OUT); // Load main template depending on mode (edit/delete) - if (isset($HTTP_POST_VARS['edit'])) - { + if (isset($_POST['edit'])) { // Load main edit template LOAD_TEMPLATE("admin_list_sponsor_pay_edit"); - } - else - { + } else { // Load main delete template LOAD_TEMPLATE("admin_list_sponsor_pay_del"); } -} - else -{ +} else { // Load all payment types $result = SQL_QUERY("SELECT id, pay_name, pay_rate, pay_min_count, pay_currency FROM "._MYSQL_PREFIX."_sponsor_paytypes ORDER BY pay_name", __FILE__, __LINE__); // Do we have some paytypes setup? - if (SQL_NUMROWS($result) > 0) - { + if (SQL_NUMROWS($result) > 0) { // Prepare variables for listing $SW = 2; $OUT = ""; // List alle found payment types - while(list($id, $name, $rate, $min, $currency) = SQL_FETCHROW($result)) - { + while(list($id, $name, $rate, $min, $currency) = SQL_FETCHROW($result)) { // Remember data in array $content = array( 'sw' => $SW, @@ -231,9 +199,7 @@ if (isset($HTTP_POST_VARS['add'])) // Load list template define('__LIST_CONTENT', LOAD_TEMPLATE("admin_list_sponsor_pay", true)); - } - else - { + } else { // Noting setup so far! define('__LIST_CONTENT', LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ADMIN_NO_PAYTYPES)); } diff --git a/inc/modules/admin/what-list_sponsor_pays.php b/inc/modules/admin/what-list_sponsor_pays.php index 5c183d69a7..fe961dc14f 100644 --- a/inc/modules/admin/what-list_sponsor_pays.php +++ b/inc/modules/admin/what-list_sponsor_pays.php @@ -1,7 +1,7 @@ $v) - { + foreach ($LANG_DUMMY as $k=>$v) { $v = trim($v); if (substr($v, 3) == "") $v = "---"; $LANG_DUMMY[$k] = $v; @@ -106,8 +104,7 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]")) } // If language is found stop searching on matching line - foreach($LANG as $search) - { + foreach($LANG as $search) { if (substr($search, 0, 3) == (GET_LANGUAGE().":")) { $INFO = substr($search, 3); break; } } @@ -118,15 +115,13 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]")) } // Ok, themes are on our server but maybe you have already installed them? - if (sizeof($THEMES['fname']) > 0) - { + if (sizeof($THEMES['fname']) > 0) { // Sort array (I missed ver and cver here) array_pk_sort($THEMES, array("cver", "fname"), 0, 1); // Extensions where found which are not downloaded and installed $SW = 2; $OUT = ""; $TSIZE = 0; - foreach ($THEMES['fname'] as $idx=>$name) - { + foreach ($THEMES['fname'] as $idx=>$name) { // Generate download link $LINK = SERVER_URL."/themes/theme-".$name.".zip"; $OUT .= " diff --git a/inc/modules/admin/what-theme_import.php b/inc/modules/admin/what-theme_import.php index 0e3ec8ebdf..775f6f493f 100644 --- a/inc/modules/admin/what-theme_import.php +++ b/inc/modules/admin/what-theme_import.php @@ -52,23 +52,21 @@ if (!empty($_POST['theme'])) if (SQL_NUMROWS($result) == 0) { // Import theme - $file = PATH."theme/".$_POST['theme']."/theme.php"; - if (file_exists($file)) - { + $file = sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($_POST['theme'])); + if ((file_exists($file)) && (is_readable($file))) { + // Load the theme header file include($file); + + // Register it ith the exchange $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_themes (theme_path, theme_active, theme_ver) VALUES ('%s', 'N', '%s')", array($_POST['theme'], $THEME_VERSION), __FILE__, __LINE__); $msg = ADMIN_THEME_IMPORTED_1.$_POST['theme'].ADMIN_THEME_IMPORTED_2; - } - else - { + } else { // Include file not found! $msg = ADMIN_THEME_INC_404_1.$_POST['theme'].ADMIN_THEME_INC_404_2; } - } - else - { + } else { // Free memory SQL_FREERESULT($result); @@ -93,14 +91,12 @@ $THEMES = array( // Read directory "themes" $handle = opendir(PATH."theme/") or mxchange_die("Cannot read themes dir!"); -while ($dir = readdir($handle)) -{ +while ($dir = readdir($handle)) { // Construct absolute theme.php file name - $theme = PATH."theme/".$dir."/"."theme.php"; + $theme = sprintf("%stheme/%s/theme.php", PATH, $dir); // Test it... - if (($dir != ".") && ($dir != "..") && (file_exists($theme))) - { + if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme))) { // Found a valid directory so let's load it's theme.php file include($theme); @@ -120,21 +116,17 @@ array_pk_sort($THEMES, array("theme_name")); // Generate output lines for the template $OUT = ""; $SW = 2; -foreach ($THEMES['theme_unix'] as $key=>$unix) -{ +foreach ($THEMES['theme_unix'] as $key=>$unix) { // Check if current theme is already imported or not $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($unix), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Free memory SQL_FREERESULT($result); // Already installed $FOUND = "".ADMIN_THEME_ALREADY_INSTALLED.""; - } - else - { + } else { // Theme not installed $FOUND = "
@@ -159,8 +151,8 @@ foreach ($THEMES['theme_unix'] as $key=>$unix) \n"; $SW = 3 - $SW; } -if (empty($OUT)) -{ + +if (empty($OUT)) { // No themes found??? $OUT .= " diff --git a/inc/modules/admin/what-unlock_sponsor.php b/inc/modules/admin/what-unlock_sponsor.php index d8018db2d3..130f511cf9 100644 --- a/inc/modules/admin/what-unlock_sponsor.php +++ b/inc/modules/admin/what-unlock_sponsor.php @@ -1,7 +1,7 @@ 0) - { + if (SELECTION_COUNT($_POST['id']) > 0) { // At least one entry selected - foreach ($HTTP_POST_VARS['id'] as $id=>$sel) - { + foreach ($_POST['id'] as $id=>$sel) { + // Secure ID number + $id = bigintval($id); + // Load his personal data $result_main = SQL_QUERY_ESC("SELECT salut, surname, family, email, remote_addr, sponsor_created, points_amount, refid FROM "._MYSQL_PREFIX."_sponsor_data WHERE status='PENDING' AND id='%s' LIMIT 1", - array(bigintval($id)), __FILE__, __LINE__); + array($id), __FILE__, __LINE__); $refid = 0; - if (SQL_NUMROWS($result_main) == 1) - { + if (SQL_NUMROWS($result_main) == 1) { // Load data and free memory list($salut, $sname, $fname, $email, $ip, $created, $points, $refid) = SQL_FETCHROW($result_main); @@ -68,19 +56,15 @@ LEFT JOIN "._MYSQL_PREFIX."_sponsor_paytypes AS sp ON sp.id=so.payid WHERE so.sponsorid='%s' ORDER BY sp.pay_name", - array(bigintval($id)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) > 0) - { + array($id), __FILE__, __LINE__); + if (SQL_NUMROWS($result) > 0) { // Payment does exist while(list($aid, $count, $ordered, $status, $pname, $prate, $pcurr) = SQL_FETCHROW($result)) { - if ($aid == "0") - { + if ($aid == "0") { // No admin assigned! $aid = SPONSOR_NO_ADMIN; - } - else - { + } else { // Load admin's email address for contact $result_aid = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id='%s' LIMIT 1", array(bigintval($aid)), __FILE__, __LINE__); @@ -102,9 +86,7 @@ ORDER BY sp.pay_name", // Load email template $content['msg'] = LOAD_EMAIL_TEMPLATE("sponsor_unlock_sponsor_pay", $content, $id); } - } - else - { + } else { // No payments found $content['msg'] = SPONSOR_NO_PAYMENTS_FOUND; } @@ -119,28 +101,28 @@ ORDER BY sp.pay_name", // Unlock sponsor account $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED' WHERE id='%s' AND status='PENDING' LIMIT 1", - array(bigintval($id)), __FILE__, __LINE__); + array($id), __FILE__, __LINE__); // Update, if applyable, referral count and points - if (($refid > 0) && ($refid != $id)) - { + if (($refid > 0) && ($refid != $id)) { // Update referral account $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET points_amount=points_amount+%s, ref_count=ref_count+1 WHERE id='%s' LIMIT 1", array($CONFIG['sponsor_ref_points'], bigintval($refid)), __FILE__, __LINE__); - // Load referral's data - if (SQL_AFFECTED_ROWS($link) == 1) - { + // Whas that update fine? + if (SQL_AFFECTED_ROWS($link) == 1) { + // Load referral's data $result = SQL_QUERY_ESC("SELECT id, salut, surname, family, email, (points_amount - points_used) AS points, receive_warnings, ref_count AS refs FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' LIMIT 1", array(bigintval($refid)), __FILE__, __LINE__); $REFERRAL = SQL_FETCHARRAY($result); - if ($REFERRAL['receive_warnings'] == "Y") - { + + // Send warnings out? + if ($REFERRAL['receive_warnings'] == "Y") { // Translate some data $REFERRAL['points'] = TRANSLATE_COMMA($REFERRAL['points']); $REFERRAL['ref_points'] = TRANSLATE_COMMA($CONFIG['sponsor_ref_points']); @@ -167,9 +149,7 @@ WHERE id='%s' LIMIT 1", $msg = LOAD_EMAIL_TEMPLATE("sponsor_unlocked", $content); SEND_EMAIL($email, SPONSOR_UNLOCKED_SUBJ, $msg); } - } - else - { + } else { // Nothing selected LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_NONE_SELECTED_UNLOCK); } @@ -183,12 +163,10 @@ $result = SQL_QUERY("SELECT id, salut, surname, family, email, remote_addr, spon FROM "._MYSQL_PREFIX."_sponsor_data WHERE status='PENDING' ORDER BY id", __FILE__, __LINE__); -if (SQL_NUMROWS($result) > 0) -{ +if (SQL_NUMROWS($result) > 0) { // Entries found so let's list them! $OUT = ""; $SW = 2; - while(list($id, $salut, $sname, $fname, $email, $ip, $created) = SQL_FETCHROW($result)) - { + while(list($id, $salut, $sname, $fname, $email, $ip, $created) = SQL_FETCHROW($result)) { // Transfer data to array $content = array( 'sw' => $SW, @@ -209,9 +187,7 @@ if (SQL_NUMROWS($result) > 0) // Load template LOAD_TEMPLATE("admin_unlock_sponsor"); -} - else -{ +} else { // No pending accounts found LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SPONSOR_NONE_PENDING); } diff --git a/inc/modules/admin/what-usage.php b/inc/modules/admin/what-usage.php index f5afcc325e..3a17999e65 100644 --- a/inc/modules/admin/what-usage.php +++ b/inc/modules/admin/what-usage.php @@ -32,52 +32,46 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) -{ +if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } + // Add description as navigation point ADD_DESCR("admin", basename(__FILE__)); -OPEN_TABLE("100%", "admin_content admin_content_align", ""); +// Base directory (should be moved to database) $usage = "usage/"; -if (!empty($_GET['image'])) -{ - if ($_GET['type'] == "usage") - { - $file = PATH.$usage."usage.png"; - } - else - { + +OPEN_TABLE("100%", "admin_content admin_content_align", ""); + +if (!empty($_GET['image'])) { + if ($_GET['type'] == "usage") { + $file = sprintf("%s%susage.png", PATH, $usage); + } else { if (strpos($_GET['image'], "\\") > 0) $_GET['image'] = substr($_GET['image'], 0, strpos($_GET['image'], "\\")); - $file = PATH.$usage.$_GET['type']."_usage_".$_GET['image'].".png"; + $file = sprintf("%s%s%s_usage_%s.png", PATH, $usage, SQL_ESCAPE($_GET['type']), SQL_ESCAPE($_GET['image'])); } - if (file_exists($file)) - { + + if ((file_exists($file)) && (is_readable($file))) { $image = imagecreatefrompng($file); header("Content-type: image/png"); imagepng($image); imagedestroy($image); } exit(); -} - elseif (empty($_GET['usage'])) -{ +} elseif (empty($_GET['usage'])) { $file = PATH.$usage."index.html"; -} - else -{ +} else { $file = sprintf("%s%susage_%s.html", PATH, $usage, SQL_ESCAPE($_GET['usage']) ); } -if ($file !="") -{ - if (file_exists($file) && is_readable($file)) - { + +if (!empty($file)) { + if (file_exists($file) && is_readable($file)) { $tmpl_file = implode("", file($file)); $tmpl_file = addslashes($tmpl_file); $tmpl_file = "\$content=\"".$tmpl_file."\";"; @@ -102,6 +96,7 @@ if ($file !="") } } } + CLOSE_TABLE(); // ?> diff --git a/inc/modules/guest/action-sponsor.php b/inc/modules/guest/action-sponsor.php index 3485b82deb..de40dbc715 100644 --- a/inc/modules/guest/action-sponsor.php +++ b/inc/modules/guest/action-sponsor.php @@ -41,15 +41,12 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("guest", basename(__FILE__)); // Load the include file -$INC = PATH."inc/modules/guest/what-".$what.".php"; -if (file_exists($INC)) -{ +$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']); +if (file_exists($INC)) { // Ok, we finally load the guest action module include($INC); -} - else -{ - $FATAL[] = GUEST_404_ACTION_1.$what.GUEST_404_ACTION_2; +} else { + $FATAL[] = GUEST_404_ACTION_1.$GLOBALS['what'].GUEST_404_ACTION_2; } // ?> diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index 77a6db57c7..2c00d2ec86 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -41,10 +41,10 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("guest", basename(__FILE__)); $MODE = ""; -if (!empty($HTTP_GET_VARS['mode'])) +if (!empty($_GET['mode'])) { // A "special" mode of the login system was requested - switch ($HTTP_GET_VARS['mode']) + switch ($_GET['mode']) { case "activate" : $MODE = "activate"; break; // Activation link requested case "lost_pass": $MODE = "lost_pass"; break; // Request new password @@ -52,7 +52,7 @@ if (!empty($HTTP_GET_VARS['mode'])) } // Check if hash for confirmation of email address is given... -if (!empty($HTTP_GET_VARS['hash'])) +if (!empty($_GET['hash'])) { // Lookup sponsor $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family, @@ -61,7 +61,7 @@ street_nr1, street_nr2, country, zip, city, email, phone, fax, cell, points_amount AS points, last_pay AS pay, last_curr AS curr FROM "._MYSQL_PREFIX."_sponsor_data WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL') -LIMIT 1", array($HTTP_GET_VARS['hash']), __FILE__, __LINE__); +LIMIT 1", array($_GET['hash']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Sponsor found, load his data... @@ -78,7 +78,7 @@ LIMIT 1", array($HTTP_GET_VARS['hash']), __FILE__, __LINE__); // Set account to pending $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING' WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1", - array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__); + array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__); // Check on success if (SQL_AFFECTEDROWS($link) == 1) @@ -114,7 +114,7 @@ WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1", // Changed email adress need to be confirmed $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED' WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1", - array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__); + array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__); // Check on success if (SQL_AFFECTEDROWS($link) == 1) diff --git a/inc/modules/guest/what-sponsor_reg.php b/inc/modules/guest/what-sponsor_reg.php index 473e091254..3d54c25b2c 100644 --- a/inc/modules/guest/what-sponsor_reg.php +++ b/inc/modules/guest/what-sponsor_reg.php @@ -31,8 +31,7 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php"; require($INC); } @@ -43,151 +42,150 @@ ADD_DESCR("guest", basename(__FILE__)); // Create array for form errors (= missing data) $FORM_ERRORS = array(); -if (isset($HTTP_POST_VARS['ok'])) -{ +if (isset($_POST['ok'])) { // // Check submitted form data // // 1. Salutation / Surname / family name - if (empty($HTTP_POST_VARS['salut'])) + if (empty($_POST['salut'])) { // Surname is empty $FORM_ERRORS[] = SPONSOR_NO_SALUT_SELECTED; } - if (empty($HTTP_POST_VARS['surname'])) + if (empty($_POST['surname'])) { // Surname is empty $FORM_ERRORS[] = SPONSOR_SURNAME_IS_EMPTY; } - if (empty($HTTP_POST_VARS['family'])) + if (empty($_POST['family'])) { // Surname is empty $FORM_ERRORS[] = SPONSOR_FAMILY_IS_EMPTY; } // 2. Company name // 012 3 32 23 4 43 3 4 4321 12 3 32 2 3 3210 - if (((empty($HTTP_POST_VARS['company'])) && ((!empty($HTTP_POST_VARS['tax_ident'])) || (!empty($HTTP_POST_VARS['position'])))) || ((!empty($HTTP_POST_VARS['company'])) && (empty($HTTP_POST_VARS['tax_ident'])))) + if (((empty($_POST['company'])) && ((!empty($_POST['tax_ident'])) || (!empty($_POST['position'])))) || ((!empty($_POST['company'])) && (empty($_POST['tax_ident'])))) { - if (empty($HTTP_POST_VARS['company'])) + if (empty($_POST['company'])) { // Company name is empty $FORM_ERRORS[] = SPONSOR_COMPANY_IS_EMPTY; } - elseif (empty($HTTP_POST_VARS['tax_ident'])) + elseif (empty($_POST['tax_ident'])) { // Tax ident number name is empty $FORM_ERRORS[] = SPONSOR_TAX_IDENT_IS_EMPTY; } - if (empty($HTTP_POST_VARS['position'])) + if (empty($_POST['position'])) { // Not fatal but not nice: position in company is empty $FORM_ERRORS[] = SPONSOR_POSITION_IS_EMPTY; } } // 3. Street and number - if (empty($HTTP_POST_VARS['street_nr1'])) + if (empty($_POST['street_nr1'])) { // Street name and house number are empty $FORM_ERRORS[] = SPONSOR_STREET_NR1_IS_EMPTY; } - elseif ((!empty($HTTP_POST_VARS['street_nr2'])) && (empty($HTTP_POST_VARS['street_nr1']))) + elseif ((!empty($_POST['street_nr2'])) && (empty($_POST['street_nr1']))) { // 1st line for street is empty, but 2nd line not $FORM_ERRORS[] = SPONSOR_STREET_NR1_IS_EMPTY_2_NOT; } // 4. Country code - if (empty($HTTP_POST_VARS['country'])) + if (empty($_POST['country'])) { // Country code is empty $FORM_ERRORS[] = SPONSOR_COUNTRY_IS_EMPTY; } - elseif (strlen($HTTP_POST_VARS['country']) != 2) + elseif (strlen($_POST['country']) != 2) { // Country code is invalid $FORM_ERRORS[] = SPONSOR_COUNTRY_IS_INVALID; } // 3. ZIP code - if (empty($HTTP_POST_VARS['zip'])) + if (empty($_POST['zip'])) { // ZIP code is empty $FORM_ERRORS[] = SPONSOR_ZIP_IS_EMPTY; } - elseif (bigintval($HTTP_POST_VARS['zip']) != $HTTP_POST_VARS['zip']) + elseif (bigintval($_POST['zip']) != $_POST['zip']) { // ZIP is invalid $FORM_ERRORS[] = SPONSOR_ZIP_IS_INVALID; - $HTTP_POST_VARS['zip'] = ""; + $_POST['zip'] = ""; } // 4. City - if (empty($HTTP_POST_VARS['city'])) + if (empty($_POST['city'])) { // City is empty $FORM_ERRORS[] = SPONSOR_CITY_IS_EMPTY; } // 5. Phone number - if (empty($HTTP_POST_VARS['phone'])) + if (empty($_POST['phone'])) { // City is empty $FORM_ERRORS[] = SPONSOR_PHONE_IS_EMPTY; } // 6. Homepage URL - if (empty($HTTP_POST_VARS['url'])) + if (empty($_POST['url'])) { // Homepage URL is empty $FORM_ERRORS[] = SPONSOR_URL_IS_EMPTY; } - elseif (!VALIDATE_URL($HTTP_POST_VARS['url'])) + elseif (!VALIDATE_URL($_POST['url'])) { // Homepage URL is invalid $FORM_ERRORS[] = SPONSOR_URL_IS_INVALID; - $HTTP_POST_VARS['url'] = ""; + $_POST['url'] = ""; } // 7. Light validation of email address - if ((empty($HTTP_POST_VARS['email'])) || ($HTTP_POST_VARS['email'] == "@")) + if ((empty($_POST['email'])) || ($_POST['email'] == "@")) { // Email is invalid/empty $FORM_ERRORS[] = SPONSOR_EMAIL_IS_INVALID; } - elseif (SPONSOR_FOUND_EMAIL_DB($HTTP_POST_VARS['email'])) + elseif (SPONSOR_FOUND_EMAIL_DB($_POST['email'])) { // Email already found in database! $FORM_ERRORS[] = SPONSOR_EMAIL_IS_ALREADY_REGISTERED; - $HTTP_POST_VARS['email'] = ""; + $_POST['email'] = ""; } // 8. Pay type selected? - if (empty($HTTP_POST_VARS['pay_type'])) + if (empty($_POST['pay_type'])) { // Not pay type selected $FORM_ERRORS[] = SPONSOR_NO_PAYTYPE_SELECTED; } // 9. Interval of mails - if (empty($HTTP_POST_VARS['warning_interval'])) + if (empty($_POST['warning_interval'])) { // No warning interval selected $FORM_ERRORS[] = SPONSOR_NO_WARNING_INTERVAL_SELECTED; } // 10. Mail notifications disabled/enabled - if (empty($HTTP_POST_VARS['receive_warnings'])) + if (empty($_POST['receive_warnings'])) { // Option not selected! $FORM_ERRORS[] = SPONSOR_NO_RECEIVE_WARNINGS_SELECTED; } // Did he enter his password twice? - if (((empty($HTTP_POST_VARS['pass1'])) || (empty($HTTP_POST_VARS['pass2']))) || (($HTTP_POST_VARS['pass1'] != $HTTP_POST_VARS['pass2']) && (!empty($HTTP_POST_VARS['pass1'])) && (!empty($HTTP_POST_VARS['pass2'])))) + if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))) { - if (($HTTP_POST_VARS['pass1'] != $HTTP_POST_VARS['pass2']) && (!empty($HTTP_POST_VARS['pass1'])) && (!empty($HTTP_POST_VARS['pass2']))) + if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) { // Passwords missmatch $FORM_ERRORS[] = SPONSOR_PASSWORDS_MISMATCH; } else { - if (empty($HTTP_POST_VARS['pass1'])) + if (empty($_POST['pass1'])) { // Password 1 is empty $FORM_ERRORS[] = SPONSOR_PASSWORD1_EMPTY; } - if (empty($HTTP_POST_VARS['pass2'])) + if (empty($_POST['pass2'])) { // Password 2 is empty $FORM_ERRORS[] = SPONSOR_PASSWORD2_EMPTY; @@ -195,24 +193,24 @@ if (isset($HTTP_POST_VARS['ok'])) } } // Is the password long enough? - elseif (strlen($HTTP_POST_VARS['pass1']) < $CONFIG['pass_len']) + elseif (strlen($_POST['pass1']) < $CONFIG['pass_len']) { // Too short! $FORM_ERRORS[] = SPONSOR_PASSWORD_TOO_SHORT; } // Check if he has accepted the terms&conditions - if (empty($HTTP_POST_VARS['terms'])) + if (empty($_POST['terms'])) { // Homepage URL is empty $FORM_ERRORS[] = SPONSOR_TERMS_NOT_ACCEPTED; } // If there is something wrong/missing stop registration - if (count($FORM_ERRORS) > 0) unset($HTTP_POST_VARS['ok']); + if (count($FORM_ERRORS) > 0) unset($_POST['ok']); } -if ((isset($HTTP_POST_VARS['ok'])) && (count($FORM_ERRORS) == 0)) +if ((isset($_POST['ok'])) && (count($FORM_ERRORS) == 0)) { // Generate message array $MSGs = array( @@ -223,20 +221,20 @@ if ((isset($HTTP_POST_VARS['ok'])) && (count($FORM_ERRORS) == 0)) // Calulate points $result = SQL_QUERY_ESC("SELECT (pay_rate * pay_min_count) AS points, pay_min_count AS pay, pay_currency AS curr FROM "._MYSQL_PREFIX."_sponsor_paytypes -WHERE id='%s' LIMIT 1", array($HTTP_POST_VARS['pay_type']), __FILE__, __LINE__); +WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__); list($points, $pay, $curr) = SQL_FETCHROW($result); // Free memory SQL_FREERESULT($result); // Add points to array - $HTTP_POST_VARS['points_amount'] = $points; - $HTTP_POST_VARS['points_used'] = "0.00000"; - $HTTP_POST_VARS['last_pay'] = $pay; - $HTTP_POST_VARS['last_curr'] = $curr; + $_POST['points_amount'] = $points; + $_POST['points_used'] = "0.00000"; + $_POST['last_pay'] = $pay; + $_POST['last_curr'] = $curr; // Register sponsor but never ever update here! - $STATUS = SPONSOR_HANDLE_SPONSOR($HTTP_POST_VARS, true, $MSGs, true); + $STATUS = SPONSOR_HANDLE_SPONSOR($_POST, true, $MSGs, true); // Check the status of the registration process switch ($STATUS) @@ -244,7 +242,7 @@ WHERE id='%s' LIMIT 1", array($HTTP_POST_VARS['pay_type']), __FILE__, __LINE__); case "added": // Sponsor successfully added with account status = UNCONFIRMED! // Check for his ID number $result = SQL_QUERY_ESC("SELECT id, hash FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1", - array($HTTP_POST_VARS['email']), __FILE__, __LINE__); + array($_POST['email']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // ID found so let's load it for the confirmation email @@ -253,16 +251,16 @@ WHERE id='%s' LIMIT 1", array($HTTP_POST_VARS['pay_type']), __FILE__, __LINE__); // Prepare data for the email template define('__ID' , $id); define('__HASH' , $hash); - define('__EMAIL' , $HTTP_POST_VARS['email']); - define('__SURNAME' , $HTTP_POST_VARS['surname']); - define('__FAMILY' , $HTTP_POST_VARS['family']); - define('__SALUT' , TRANSLATE_SEX($HTTP_POST_VARS['salut'])); + define('__EMAIL' , $_POST['email']); + define('__SURNAME' , $_POST['surname']); + define('__FAMILY' , $_POST['family']); + define('__SALUT' , TRANSLATE_SEX($_POST['salut'])); define('__TIMESTAMP', MAKE_DATETIME(time(), 0)); - define('__PASSWORD' , $HTTP_POST_VARS['pass1']); + define('__PASSWORD' , $_POST['pass1']); // Generate email and send it to the new sponsor $EMAIL_MSG = LOAD_EMAIL_TEMPLATE("sponsor_confirm", $hash); - SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_PLEASE_CONFIRM_SUBJ, $EMAIL_MSG); + SEND_EMAIL($_POST['email'], SPONSOR_PLEASE_CONFIRM_SUBJ, $EMAIL_MSG); // Send mail to admin if (GET_EXT_VERSION("admins") >= "0.4.1") @@ -283,7 +281,7 @@ WHERE id='%s' LIMIT 1", array($HTTP_POST_VARS['pay_type']), __FILE__, __LINE__); else { // Sponsor account not found??? - $MSG = SPONSOR_EMAIL_404_1.$HTTP_POST_VARS['email'].SPONSOR_EMAIL_404_2; + $MSG = SPONSOR_EMAIL_404_1.$_POST['email'].SPONSOR_EMAIL_404_2; } // Free memory @@ -336,24 +334,24 @@ ORDER BY pay_name", __FILE__, __LINE__); if (count($FORM_ERRORS) > 0) { // Some found... :-( - define('__COMPANY' , COMPILE_CODE($HTTP_POST_VARS['company'])); - define('__POSITION' , COMPILE_CODE($HTTP_POST_VARS['position'])); - define('__TAX_IDENT', COMPILE_CODE($HTTP_POST_VARS['tax_ident'])); - define('__SURNAME' , COMPILE_CODE($HTTP_POST_VARS['surname'])); - define('__FAMILY' , COMPILE_CODE($HTTP_POST_VARS['family'])); - define('__STREET1' , COMPILE_CODE($HTTP_POST_VARS['street_nr1'])); - define('__STREET2' , COMPILE_CODE($HTTP_POST_VARS['street_nr2'])); - define('__COUNTRY' , COMPILE_CODE($HTTP_POST_VARS['country'])); - define('__ZIP' , COMPILE_CODE($HTTP_POST_VARS['zip'])); - define('__CITY' , COMPILE_CODE($HTTP_POST_VARS['city'])); - define('__PHONE' , COMPILE_CODE($HTTP_POST_VARS['phone'])); - define('__FAX' , COMPILE_CODE($HTTP_POST_VARS['fax'])); - define('__CELL' , COMPILE_CODE($HTTP_POST_VARS['cell'])); - define('__EMAIL' , COMPILE_CODE($HTTP_POST_VARS['email'])); - define('__URL' , COMPILE_CODE($HTTP_POST_VARS['url'])); + define('__COMPANY' , COMPILE_CODE($_POST['company'])); + define('__POSITION' , COMPILE_CODE($_POST['position'])); + define('__TAX_IDENT', COMPILE_CODE($_POST['tax_ident'])); + define('__SURNAME' , COMPILE_CODE($_POST['surname'])); + define('__FAMILY' , COMPILE_CODE($_POST['family'])); + define('__STREET1' , COMPILE_CODE($_POST['street_nr1'])); + define('__STREET2' , COMPILE_CODE($_POST['street_nr2'])); + define('__COUNTRY' , COMPILE_CODE($_POST['country'])); + define('__ZIP' , COMPILE_CODE($_POST['zip'])); + define('__CITY' , COMPILE_CODE($_POST['city'])); + define('__PHONE' , COMPILE_CODE($_POST['phone'])); + define('__FAX' , COMPILE_CODE($_POST['fax'])); + define('__CELL' , COMPILE_CODE($_POST['cell'])); + define('__EMAIL' , COMPILE_CODE($_POST['email'])); + define('__URL' , COMPILE_CODE($_POST['url'])); // Check for salutation selection - switch ($HTTP_POST_VARS['salut']) + switch ($_POST['salut']) { case "M": // Male define('__SALUT_M' , " selected"); @@ -375,7 +373,7 @@ ORDER BY pay_name", __FILE__, __LINE__); } // Check for receive_warnings - switch ($HTTP_POST_VARS['receive_warnings']) + switch ($_POST['receive_warnings']) { case "Y": define('__REC_Y' , " selected"); @@ -399,7 +397,7 @@ ORDER BY pay_name", __FILE__, __LINE__); } $OUT .= "
\n"; define('__SPONSOR_FORM_ERRORS', $OUT); - define('__SPONSOR_REFID', $HTTP_POST_VARS['refid']); + define('__SPONSOR_REFID', $_POST['refid']); } else { @@ -430,7 +428,7 @@ ORDER BY pay_name", __FILE__, __LINE__); } // Prepare referral things - if (!isset($HTTP_GET_VARS['refid'])) + if (!isset($_GET['refid'])) { // No referral link define('__SPONSOR_REFID', "0"); @@ -438,7 +436,7 @@ ORDER BY pay_name", __FILE__, __LINE__); else { // Referral ID transmitted, we don't care here if it is right or not - define('__SPONSOR_REFID', $HTTP_GET_VARS['refid']); + define('__SPONSOR_REFID', bigintval($_GET['refid'])); } // Display registration form diff --git a/inc/modules/sponsor.php b/inc/modules/sponsor.php index 5f54f36596..f8a1083e9b 100644 --- a/inc/modules/sponsor.php +++ b/inc/modules/sponsor.php @@ -1,7 +1,7 @@ diff --git a/inc/modules/sponsor/account.php b/inc/modules/sponsor/account.php new file mode 100644 index 0000000000..cdd775e718 --- /dev/null +++ b/inc/modules/sponsor/account.php @@ -0,0 +1,152 @@ + diff --git a/inc/modules/sponsor/settings.php b/inc/modules/sponsor/settings.php new file mode 100644 index 0000000000..8c2f4dacbf --- /dev/null +++ b/inc/modules/sponsor/settings.php @@ -0,0 +1,116 @@ + diff --git a/inc/modules/sponsor/welcome.php b/inc/modules/sponsor/welcome.php new file mode 100644 index 0000000000..0c9b1f7f9b --- /dev/null +++ b/inc/modules/sponsor/welcome.php @@ -0,0 +1,66 @@ + -- 2.39.5