From d8148e3f1f3a6762b2e786dbe99ada269dcf2ea0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sat, 28 Feb 2009 21:52:50 +0000 Subject: [PATCH] Complete rewrite of and , wrapper functions added, see bug #101 --- .gitattributes | 5 + beg.php | 12 +- birthday_confirm.php | 6 +- click.php | 12 +- confirm.php | 4 +- debug.php | 10 +- doubler.php | 42 +- img.php | 8 +- inc/check-reset.php | 4 +- inc/config-functions.php | 93 +++ inc/footer.php | 4 +- inc/functions.php | 614 +----------------- inc/handler.php | 64 ++ inc/header.php | 2 +- inc/hooks.php | 55 ++ inc/install-inc.php | 118 ++-- inc/libs/admins_functions.php | 6 +- inc/libs/newsletter_functions.php | 2 +- inc/libs/primera_functions.php | 2 +- inc/libs/rallye_functions.php | 6 +- inc/libs/register_functions.php | 4 +- inc/libs/rewrite_functions.php | 4 +- inc/libs/sponsor_functions.php | 2 +- inc/libs/surfbar_functions.php | 4 +- inc/libs/theme_functions.php | 4 +- inc/libs/user_functions.php | 36 +- inc/modules/admin.php | 102 +-- inc/modules/admin/action-logout.php | 4 +- inc/modules/admin/admin-inc.php | 33 +- inc/modules/admin/what-add_bank_package.php | 4 +- inc/modules/admin/what-add_guestnl_cat.php | 7 +- inc/modules/admin/what-add_points.php | 34 +- inc/modules/admin/what-add_rallye.php | 37 +- inc/modules/admin/what-add_sponsor.php | 4 +- inc/modules/admin/what-add_surfbar_url.php | 6 +- inc/modules/admin/what-admin_add.php | 30 +- inc/modules/admin/what-adminedit.php | 52 +- inc/modules/admin/what-admins_add.php | 12 +- inc/modules/admin/what-admins_contct.php | 16 +- inc/modules/admin/what-admins_edit.php | 28 +- inc/modules/admin/what-admins_mails.php | 19 +- inc/modules/admin/what-config_active.php | 4 +- inc/modules/admin/what-config_admin.php | 4 +- inc/modules/admin/what-config_admins.php | 54 +- inc/modules/admin/what-config_autopurge.php | 4 +- inc/modules/admin/what-config_beg.php | 16 +- inc/modules/admin/what-config_birthday.php | 4 +- inc/modules/admin/what-config_bonus.php | 33 +- inc/modules/admin/what-config_cache.php | 31 +- inc/modules/admin/what-config_cats.php | 27 +- inc/modules/admin/what-config_doubler.php | 14 +- inc/modules/admin/what-config_email.php | 30 +- inc/modules/admin/what-config_extensions.php | 4 +- inc/modules/admin/what-config_holiday.php | 4 +- inc/modules/admin/what-config_home.php | 10 +- inc/modules/admin/what-config_mediadata.php | 45 +- inc/modules/admin/what-config_mods.php | 23 +- inc/modules/admin/what-config_newsletter.php | 6 +- inc/modules/admin/what-config_nickname.php | 4 +- inc/modules/admin/what-config_order.php | 4 +- inc/modules/admin/what-config_other.php | 32 +- inc/modules/admin/what-config_payouts.php | 56 +- inc/modules/admin/what-config_points.php | 60 +- inc/modules/admin/what-config_primera.php | 12 +- inc/modules/admin/what-config_proxy.php | 6 +- .../admin/what-config_rallye_prices.php | 73 ++- inc/modules/admin/what-config_refback.php | 4 +- inc/modules/admin/what-config_refid.php | 4 +- inc/modules/admin/what-config_register.php | 4 +- inc/modules/admin/what-config_register2.php | 8 +- inc/modules/admin/what-config_removeip.php | 4 +- inc/modules/admin/what-config_rewrite.php | 10 +- inc/modules/admin/what-config_secure.php | 8 +- inc/modules/admin/what-config_session.php | 6 +- inc/modules/admin/what-config_sponsor.php | 8 +- inc/modules/admin/what-config_stats.php | 4 +- inc/modules/admin/what-config_surfbar.php | 10 +- inc/modules/admin/what-config_title.php | 4 +- inc/modules/admin/what-config_top10.php | 4 +- inc/modules/admin/what-config_transfer.php | 4 +- inc/modules/admin/what-config_user.php | 4 +- inc/modules/admin/what-config_wernis.php | 12 +- inc/modules/admin/what-config_yoomedia.php | 6 +- inc/modules/admin/what-del_email.php | 34 +- inc/modules/admin/what-del_holiday.php | 14 +- inc/modules/admin/what-del_sponsor.php | 22 +- inc/modules/admin/what-del_transfer.php | 6 +- inc/modules/admin/what-del_user.php | 20 +- inc/modules/admin/what-edit_emails.php | 20 +- inc/modules/admin/what-edit_sponsor.php | 61 +- inc/modules/admin/what-edit_user.php | 38 +- inc/modules/admin/what-email_archiv.php | 6 +- inc/modules/admin/what-email_details.php | 20 +- inc/modules/admin/what-extensions.php | 40 +- inc/modules/admin/what-guest_add.php | 30 +- inc/modules/admin/what-guestedit.php | 76 +-- inc/modules/admin/what-list_bank_package.php | 22 +- inc/modules/admin/what-list_beg.php | 2 +- inc/modules/admin/what-list_bonus.php | 2 +- inc/modules/admin/what-list_cats.php | 10 +- inc/modules/admin/what-list_country.php | 38 +- inc/modules/admin/what-list_doubler.php | 12 +- inc/modules/admin/what-list_links.php | 26 +- inc/modules/admin/what-list_newsletter.php | 10 +- inc/modules/admin/what-list_notifications.php | 8 +- inc/modules/admin/what-list_payouts.php | 33 +- inc/modules/admin/what-list_rallyes.php | 93 ++- inc/modules/admin/what-list_refs.php | 10 +- inc/modules/admin/what-list_sponsor.php | 20 +- inc/modules/admin/what-list_sponsor_pay.php | 77 ++- inc/modules/admin/what-list_sponsor_pays.php | 6 +- inc/modules/admin/what-list_surfbar_urls.php | 34 +- inc/modules/admin/what-list_task.php | 34 +- inc/modules/admin/what-list_unconfirmed.php | 16 +- inc/modules/admin/what-list_user.php | 62 +- inc/modules/admin/what-list_yoomedia_tm.php | 16 +- inc/modules/admin/what-lock_sponsor.php | 18 +- inc/modules/admin/what-lock_user.php | 44 +- inc/modules/admin/what-logs.php | 4 +- inc/modules/admin/what-maintenance.php | 2 +- inc/modules/admin/what-mem_add.php | 30 +- inc/modules/admin/what-memedit.php | 46 +- inc/modules/admin/what-overview.php | 2 +- inc/modules/admin/what-payments.php | 28 +- inc/modules/admin/what-refbanner.php | 33 +- inc/modules/admin/what-send_bonus.php | 14 +- inc/modules/admin/what-send_newsletter.php | 14 +- inc/modules/admin/what-stats_mods.php | 12 +- inc/modules/admin/what-sub_points.php | 36 +- inc/modules/admin/what-surfbar_stats.php | 4 +- inc/modules/admin/what-theme_edit.php | 14 +- inc/modules/admin/what-theme_import.php | 14 +- inc/modules/admin/what-unlock_emails.php | 30 +- inc/modules/admin/what-unlock_sponsor.php | 6 +- .../admin/what-unlock_surfbar_urls.php | 8 +- inc/modules/admin/what-usage.php | 14 +- inc/modules/admin/what-user_contct.php | 12 +- inc/modules/chk_login.php | 2 +- inc/modules/frametester.php | 20 +- inc/modules/guest/what-confirm.php | 12 +- inc/modules/guest/what-login.php | 30 +- inc/modules/guest/what-register.php | 212 +++--- inc/modules/guest/what-sponsor_login.php | 40 +- inc/modules/guest/what-sponsor_reg.php | 136 ++-- inc/modules/guest/what-stats.php | 5 +- inc/modules/index.php | 6 +- inc/modules/loader.php | 4 +- inc/modules/member/what-categories.php | 14 +- inc/modules/member/what-holiday.php | 34 +- inc/modules/member/what-html_mail.php | 19 +- inc/modules/member/what-mydata.php | 64 +- inc/modules/member/what-newsletter.php | 2 +- inc/modules/member/what-nickname.php | 14 +- inc/modules/member/what-order.php | 134 ++-- inc/modules/member/what-payout.php | 30 +- inc/modules/member/what-primera.php | 42 +- inc/modules/member/what-refback.php | 10 +- inc/modules/member/what-support.php | 14 +- inc/modules/member/what-surfbar_book.php | 8 +- inc/modules/member/what-surfbar_list.php | 6 +- inc/modules/member/what-themes.php | 6 +- inc/modules/member/what-transfer.php | 66 +- inc/modules/member/what-unconfirmed.php | 8 +- inc/modules/member/what-wernis.php | 64 +- inc/modules/order.php | 6 +- inc/modules/sponsor/account.php | 24 +- inc/modules/sponsor/settings.php | 12 +- inc/mysql-connect.php | 57 +- inc/mysql-manager.php | 10 +- inc/request-functions.php | 141 ++++ inc/session-functions.php | 127 ++++ inc/stylesheet.php | 6 +- install.php | 2 +- js.php | 4 +- mailid.php | 6 +- mailid_top.php | 12 +- modules.php | 8 +- ref.php | 4 +- show_bonus.php | 12 +- sponsor_confirm.php | 4 +- sponsor_ref.php | 4 +- surfbar.php | 24 +- templates/de/emails/member/member_contct.tpl | 2 +- templates/de/html/admin/admin_add_points.tpl | 2 +- .../de/html/admin/admin_add_points_all.tpl | 2 +- .../de/html/admin/admin_contct_user_form.tpl | 2 +- templates/de/html/admin/admin_del_user.tpl | 2 +- templates/de/html/admin/admin_edit_user.tpl | 4 +- .../de/html/admin/admin_list_beg_rows.tpl | 2 +- templates/de/html/admin/admin_list_cats.tpl | 2 +- .../de/html/admin/admin_list_cats_404.tpl | 2 +- templates/de/html/admin/admin_list_links.tpl | 4 +- .../html/admin/admin_list_rallye_usr_row.tpl | 2 +- .../de/html/admin/admin_list_rallyes_row2.tpl | 2 +- .../de/html/admin/admin_list_unconfirmed.tpl | 2 +- templates/de/html/admin/admin_lock_user.tpl | 2 +- .../html/admin/admin_member_selection_box.tpl | 2 +- templates/de/html/admin/admin_sub_points.tpl | 2 +- .../de/html/admin/admin_sub_points_all.tpl | 2 +- .../de/html/admin/admin_task_holiday.tpl | 2 +- templates/de/html/guest/guest_register.tpl | 2 +- .../de/html/member/member_mydata_edit.tpl | 2 +- view.php | 6 +- 203 files changed, 2435 insertions(+), 2558 deletions(-) create mode 100644 inc/config-functions.php create mode 100644 inc/handler.php create mode 100644 inc/hooks.php create mode 100644 inc/request-functions.php create mode 100644 inc/session-functions.php diff --git a/.gitattributes b/.gitattributes index 28b84dc6ff..0b7e640230 100644 --- a/.gitattributes +++ b/.gitattributes @@ -92,6 +92,7 @@ inc/autopurge/purge-unconfirmed.php -text inc/cache/.htaccess -text inc/cache/.revision -text inc/check-reset.php -text +inc/config-functions.php -text inc/config.php -text inc/databases.php -text inc/db/.htaccess -text @@ -167,7 +168,9 @@ inc/functions.php -text inc/gen_mediadata.php -text inc/gen_refback.php -text inc/gen_sql_patches.php -text +inc/handler.php -text inc/header.php -text +inc/hooks.php -text inc/img/.htaccess -text inc/install-inc.php -text inc/js/.htaccess -text @@ -603,6 +606,7 @@ inc/pool/pool-bonus.php -text inc/pool/pool-user.php -text inc/profile-updte.php -text inc/rdf.class.php -text +inc/request-functions.php -text inc/reset/.htaccess -text inc/reset/reset_ -text inc/reset/reset_beg.php -text @@ -613,6 +617,7 @@ inc/reset/reset_holiday.php -text inc/reset/reset_surfbar.php -text inc/reset/reset_yoomedia.php -text inc/security.php -text +inc/session-functions.php -text inc/session.php -text inc/sql_error.php -text inc/stats_bonus.php -text diff --git a/beg.php b/beg.php index ae84055593..72148cbdb1 100644 --- a/beg.php +++ b/beg.php @@ -54,7 +54,7 @@ REDIRCT_ON_UNINSTALLED_EXTENSION("beg"); // Is the script installed? if (isBooleanConstantAndTrue('mxchange_installed')) { // Check for userid - if (!empty($_GET['uid'])) { + if (REQUEST_ISSET_GET(('uid'))) { // Init variables $uid = 0; $result = false; @@ -64,11 +64,11 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { $pay = false; // Validate if it is not a number - if ("".($_GET['uid'] + 0)."" !== "".$_GET['uid']."") { + if ("".(REQUEST_GET('uid') + 0)."" !== "".REQUEST_GET('uid')."") { if (EXT_IS_ACTIVE("nickname")) { // Maybe we have found a nickname? $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", - array($_GET['uid']), __FILE__, __LINE__); + array(REQUEST_GET('uid')), __FILE__, __LINE__); } else { // Nickname entered but nickname is not active $msg = constant('CODE_EXTENSION_PROBLEM'); @@ -77,7 +77,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { } else { // Direct userid $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_GET['uid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); } // Check if locked in so don't pay points @@ -99,7 +99,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { $points = mt_rand((getConfig('beg_points') * 100000), (getConfig('beg_points_max') * 100000)) / 100000; // Set nickname / userid for the template(s - define('__BEG_UID' , SQL_ESCAPE($_GET['uid'])); + define('__BEG_UID' , SQL_ESCAPE(REQUEST_GET('uid'))); define('__BEG_CLICKS', ($clicks + 1)); define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true)); define('__BEG_POINTS', TRANSLATE_COMMA($points)); @@ -207,7 +207,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { } elseif (($uid == "0") || ($status == "failed")) { // Inalid or locked account, so let's find out $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", - array($_GET['uid']), __FILE__, __LINE__); + array(REQUEST_GET('uid')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Locked account $msg = constant('CODE_ACCOUNT_LOCKED'); diff --git a/birthday_confirm.php b/birthday_confirm.php index 7b0a83bc0d..47bb1753b9 100644 --- a/birthday_confirm.php +++ b/birthday_confirm.php @@ -51,10 +51,10 @@ REDIRECT_ON_UNINSTALLED_EXTENSION("birthday"); // Is the script installed? if (isBooleanConstantAndTrue('mxchange_installed')) { // Script is installed so let's check for his confirmation link... - $uid = bigintval($_GET['uid']); + $uid = bigintval(REQUEST_GET('uid')); // Only allow numbers here... - $chk = bigintval($_GET['check'], false); + $chk = bigintval(REQUEST_GET('check'), false); // Check if link is not clicked so far $result = SQL_QUERY_ESC("SELECT b.points, d.gender, d.surname, d.family, d.status, d.ref_payout @@ -63,7 +63,7 @@ INNER JOIN `{!_MYSQL_PREFIX!}_user_data` AS d ON b.userid=d.userid WHERE b.userid=%s AND b.chk_value='%s' LIMIT 1", array($uid, $chk), __FILE__, __LINE__); - //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")
\n"; + //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen(REQUEST_GET('check'))."/".SQL_NUMROWS($result).")
\n"; // Is an entry there? if (SQL_NUMROWS($result) == 1) { diff --git a/click.php b/click.php index 4018e63236..342977a175 100644 --- a/click.php +++ b/click.php @@ -44,14 +44,14 @@ $GLOBALS['module'] = "click"; $GLOBALS['output_mode'] = -1; // Load the required file(s) require("inc/config.php"); -if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) { +if (((REQUEST_ISSET_GET(('user'))) || (REQUEST_ISSET_GET(('reseller')))) && (REQUEST_ISSET_GET(('banner')))) { // Update clicks counter... - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__); if (SQL_AFFECTEDROWS() == 1) { - if (!empty($_GET['user'])) { - LOAD_URL("ref.php?refid=".bigintval($_GET['user'])); - } elseif (!empty($_GET['reseller'])) { - LOAD_URL("shop_reseller.php?reseller=".bigintval($_GET['reseller'])); + if (REQUEST_ISSET_GET(('user'))) { + LOAD_URL("ref.php?refid=".bigintval(REQUEST_GET('user'))); + } elseif (REQUEST_ISSET_GET(('reseller'))) { + LOAD_URL("shop_reseller.php?reseller=".bigintval(REQUEST_GET('reseller'))); } } // END - if } // END - if diff --git a/confirm.php b/confirm.php index 278c428eb8..a865009f7c 100644 --- a/confirm.php +++ b/confirm.php @@ -49,12 +49,12 @@ require("inc/config.php"); if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered'))) { // Base URL for redirection $URL = "modules.php?module=index&what=confirm&hash="; - if (empty($_GET['hash'])) { + if (!REQUEST_ISSET_GET(('hash'))) { // No refid and we add our refid (don't forget to set $def_refid!) $URL = "modules.php?module=index"; } else { // We have an refid here. So we simply add it - $URL .= $_GET['hash']; + $URL .= REQUEST_GET('hash'); } // Load the URL diff --git a/debug.php b/debug.php index 38b90c5b9e..533676e3f9 100644 --- a/debug.php +++ b/debug.php @@ -54,13 +54,13 @@ if ((isBooleanConstantAndTrue('mxchange_installed')) && (getTotalFatalErrors() = } // END - if // Is the request parameter set? - if (isset($_POST['request'])) { + if (REQUEST_ISSET_POST(('request'))) { // Handle the request - if (DEBUG_HANDLE_REQUEST($_POST['request'])) { + if (DEBUG_HANDLE_REQUEST(REQUEST_POST('request'))) { // Construct FQFN for the module $INC = sprintf("inc/debug/%s/request_%s", getConfig('debug_mode'), - SQL_ESCAPE($_POST['request']) + SQL_ESCAPE(REQUEST_POST('request')) ); // Is the module there? Else we log it! @@ -69,11 +69,11 @@ if ((isBooleanConstantAndTrue('mxchange_installed')) && (getTotalFatalErrors() = LOAD_INC($INC); } else { // Missing request file, may happen while development - DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_404", $_POST['request']); + DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_404", REQUEST_POST('request')); } } else { // Unhandled request detected - DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_unhandled", $_POST['request']); + DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_unhandled", REQUEST_POST('request')); } } else { // Empty request diff --git a/doubler.php b/doubler.php index 92ebdc48e6..9eb0c4e918 100644 --- a/doubler.php +++ b/doubler.php @@ -53,7 +53,7 @@ REDIRECT_ON_UNINSTALLED_EXTENSION("doubler"); // Is the script installed? if (isBooleanConstantAndTrue('mxchange_installed')) { // Probe for referal ID - if (!empty($_GET['refid'])) $GLOBALS['refid'] = SQL_ESCAPE($_GET['refid']); + if (REQUEST_ISSET_GET(('refid'))) $GLOBALS['refid'] = SQL_ESCAPE(REQUEST_GET('refid')); // Only check this if refid is provided! if ($GLOBALS['refid'] > 0) { @@ -89,22 +89,22 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { } // END - if // Begin with doubler script... - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Secure points (so only integer/double values are allowed - $_POST['points'] = bigintval($_POST['points']); + REQUEST_SET_POST('points', bigintval(REQUEST_POST('points'))); // Begin with doubling process - if ((!empty($_POST['userid'])) && (!empty($_POST['pass'])) && (!empty($_POST['points']))) { + if ((REQUEST_ISSET_POST(('userid'))) && (REQUEST_ISSET_POST(('pass'))) && (REQUEST_ISSET_POST(('points')))) { // Probe for nickname extension and if a nickname was entered - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['userid'])."") != $_POST['userid'])); + $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round(REQUEST_POST('userid'))."") != REQUEST_POST('userid'))); if ($probe_nickname) { // Nickname in URL, so load the ID $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", - array($_POST['userid']), __FILE__, __LINE__); + array(REQUEST_POST('userid')), __FILE__, __LINE__); } else { // Direct userid entered $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_POST['userid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_POST('userid'))), __FILE__, __LINE__); } // Load data @@ -115,13 +115,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { SQL_FREERESULT($result); // Remove any dots and unwanted chars from the points - $_POST['points'] = bigintval(round(REVERT_COMMA($_POST['points']))); + REQUEST_SET_POST('points', bigintval(round(REVERT_COMMA(REQUEST_POST('points'))))); // Probe for enough points - $probe_points = (($_POST['points'] >= getConfig('doubler_min')) && ($_POST['points'] <= getConfig('doubler_max'))); + $probe_points = ((REQUEST_POST('points') >= getConfig('doubler_min')) && (REQUEST_POST('points') <= getConfig('doubler_max'))); // Check all together - if ((!empty($uid)) && ($password == generateHash($_POST['pass'], substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points)) { + if ((!empty($uid)) && ($password == generateHash(REQUEST_POST('pass'), substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points)) { // Nickname resolved to a unique userid or direct userid entered by the member $DOUBLER_UID = $uid; @@ -129,17 +129,17 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { $points = GET_TOTAL_DATA($uid, "user_points", "points") - GET_TOTAL_DATA($uid, "user_data", "used_points"); // So let's continue with probing his points amount - if (($points - getConfig('doubler_left') - $_POST['points'] * getConfig('doubler_charge')) >= 0) + if (($points - getConfig('doubler_left') - REQUEST_POST('points') * getConfig('doubler_charge')) >= 0) // Enough points are left so let's continue with the doubling process // Create doubling "account" width *DOUBLED* points SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s','%s','%s','".GET_REMOTE_ADDR()."', UNIX_TIMESTAMP(), 'N','N')", - array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__); + array($uid, bigintval($GLOBALS['refid']), bigintval(REQUEST_POST('points') * 2)), __FILE__, __LINE__); // Subtract entered points - SUB_POINTS("doubler", $uid, $_POST['points']); + SUB_POINTS("doubler", $uid, REQUEST_POST('points')); // Add points to "total payed" including charge - $points = $_POST['points'] - $_POST['points'] * getConfig('doubler_charge'); + $points = REQUEST_POST('points') - REQUEST_POST('points') * getConfig('doubler_charge'); UPDATE_CONFIG("doubler_points", $points, "+"); incrementConfigEntry('doubler_points', $points); @@ -149,7 +149,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s',0,'%s','".GET_REMOTE_ADDR()."',UNIX_TIMESTAMP(),'N','Y')", array( bigintval($GLOBALS['refid']), - bigintval($_POST['points'] * 2 * getConfig('doubler_ref')) + bigintval(REQUEST_POST('points') * 2 * getConfig('doubler_ref')) ), __FILE__, __LINE__); // And that's why we don't want to you more than one referal level of doubler-points. ^^^ @@ -159,7 +159,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { UPDATE_CONFIG("doubler_counter", 1, "+"); // Set constant - define('__DOUBLER_MSG', LOAD_TEMPLATE("doubler_reflink", true, $_POST['userid'])); + define('__DOUBLER_MSG', LOAD_TEMPLATE("doubler_reflink", true, REQUEST_POST('userid'))); } else { // Not enougth points left define('__ERROR_MSG', getMessage('DOUBLER_FORM_NO_POINTS_LEFT')); @@ -173,10 +173,10 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { } elseif ($status == "LOCKED") { // Account is locked by admin / holiday! define('__ERROR_MSG', getMessage('DOUBLER_FORM_STATUS_LOCKED')); - } elseif ($_POST['points'] < getConfig('doubler_min')) { + } elseif (REQUEST_POST('points') < getConfig('doubler_min')) { // Not enougth points entered define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MIN')); - } elseif ($_POST['points'] > getConfig('doubler_max')) { + } elseif (REQUEST_POST('points') > getConfig('doubler_max')) { // Too much points entered define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MAX')); } elseif ($probe_nickname) { @@ -186,13 +186,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // Wrong password or account not found define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_MEMBER')); } - } elseif (empty($_POST['userid'])) { + } elseif (!REQUEST_ISSET_POST(('userid'))) { // Login not entered define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_LOGIN')); - } elseif (empty($_POST['pass'])) { + } elseif (!REQUEST_ISSET_POST(('pass'))) { // Password not entered define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_PASSWORD')); - } elseif (empty($_POST['points'])) { + } elseif (!REQUEST_ISSET_POST(('points'))) { // points not entered define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_POINTS')); } diff --git a/img.php b/img.php index 0d68f14238..ba43157fc0 100644 --- a/img.php +++ b/img.php @@ -51,13 +51,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { LOAD_INC_ONCE("inc/header.php"); // Code set? - if (!empty($_GET['code'])) { + if (REQUEST_ISSET_GET(('code'))) { // Generate image - GENERATE_IMAGE(bigintval($_GET['code'])); - } elseif (!empty($_GET['tag'])) { + GENERATE_IMAGE(bigintval(REQUEST_GET('code'))); + } elseif (REQUEST_ISSET_GET(('tag'))) { // Tag set so create the IFN (Include-FileName) $INC = sprintf("inc/img/tag-%s.php", - SQL_ESCAPE($_GET['tag']) + SQL_ESCAPE(REQUEST_GET('tag')) ); // Include is readable? diff --git a/inc/check-reset.php b/inc/check-reset.php index 44e0944eb0..7de291abbf 100644 --- a/inc/check-reset.php +++ b/inc/check-reset.php @@ -37,8 +37,8 @@ if (!defined('__SECURITY')) { require($INC); } -// 01 2 3 32 2 3321 12 3 32 2 21 1 2 21 1 2 21 1 2 21 1 10 -if ((date("d", getConfig('last_update')) != date("d", time())) && ((!defined('mxchange_installing')) || (!mxchange_installing)) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($GLOBALS['output_mode'] != 1)) { +// 01 2 3 32 2 3321 12 3 32 2 21 1 2 21 1 2 21 1 23 321 1 10 +if ((date("d", getConfig('last_update')) != date("d", time())) && ((!defined('mxchange_installing')) || (!mxchange_installing)) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!REQUEST_ISSET_GET(('register'))) && ($GLOBALS['output_mode'] != 1)) { // Do daily things in external PHP file but only when script is completely setup // Daily reset was run! define('__DAILY_RESET', true); diff --git a/inc/config-functions.php b/inc/config-functions.php new file mode 100644 index 0000000000..cde1fa35c3 --- /dev/null +++ b/inc/config-functions.php @@ -0,0 +1,93 @@ + 0) { + $_CONFIG[$configEntry] += $value; + } else { + $_CONFIG[$configEntry] = $value; + } +} + +// [EOF] +?> diff --git a/inc/footer.php b/inc/footer.php index 47e3ed7b38..911cbc4921 100644 --- a/inc/footer.php +++ b/inc/footer.php @@ -47,7 +47,7 @@ if (($GLOBALS['footer_sent'] != "1") && ($GLOBALS['footer_sent'] != "2") && ($GL } // END - if // Shall we display the copyright notice? - if ((empty($_GET['frame'])) && (basename($_SERVER['PHP_SELF']) != "mailid_top.php") && (isBooleanConstantAndTrue('WRITE_FOOTER')) && ($GLOBALS['header_sent'] == "2")) { + if ((!REQUEST_ISSET_GET(('frame'))) && (basename($_SERVER['PHP_SELF']) != "mailid_top.php") && (isBooleanConstantAndTrue('WRITE_FOOTER')) && ($GLOBALS['header_sent'] == "2")) { // Backlink enabled? if (isBooleanConstantAndTrue('ENABLE_BACKLINK')) { // Copyright with backlink, thanks! :-) @@ -59,7 +59,7 @@ if (($GLOBALS['footer_sent'] != "1") && ($GLOBALS['footer_sent'] != "2") && ($GL } // END - if // Shall we display the parsing time and number of queries? - if ((getConfig('show_timings') == "Y") && (empty($_GET['frame'])) && ($GLOBALS['header_sent'] == "2")) { + if ((getConfig('show_timings') == "Y") && (!REQUEST_ISSET_GET(('frame'))) && ($GLOBALS['header_sent'] == "2")) { // Then display it here DISPLAY_PARSING_TIME_FOOTER(); } // END - if diff --git a/inc/functions.php b/inc/functions.php index 6635ab0a6e..6d414a5386 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -711,9 +711,9 @@ function GET_LANGUAGE() { $lang = ""; // Is the variable set - if (!empty($_GET['mx_lang'])) { + if (REQUEST_ISSET_GET(('mx_lang'))) { // Accept only first 2 chars - $lang = substr($_GET['mx_lang'], 0, 2); + $lang = substr(REQUEST_GET('mx_lang'), 0, 2); } elseif (isset($GLOBALS['cache_array']['language'])) { // Use cached $ret = $GLOBALS['cache_array']['language']; @@ -1677,7 +1677,7 @@ function ADD_EMAIL_NAV($PAGES, $offset, $show_form, $colspan, $return=false) { $NAV = ""; for ($page = 1; $page <= $PAGES; $page++) { // Is the page currently selected or shall we generate a link to it? - if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) { + if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) { // Is currently selected, so only highlight it $NAV .= "-"; } else { @@ -1685,13 +1685,13 @@ function ADD_EMAIL_NAV($PAGES, $offset, $show_form, $colspan, $return=false) { $NAV .= " 0)) $NAV .= "&u_id=".bigintval($_GET['u_id']); + if ((REQUEST_ISSET_GET(('uid'))) && (bigintval(REQUEST_GET('uid')) > 0)) $NAV .= "&uid=".bigintval(REQUEST_GET('uid')); // Close open anchor tag $NAV .= "\">"; } $NAV .= $page; - if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) { + if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) { // Is currently selected, so only highlight it $NAV .= "-"; } else { @@ -1974,7 +1974,7 @@ function MEMBER_ACTION_LINKS ($uid, $status = "") { $eval = "\$OUT = \"[ "; foreach ($TARGETS as $tar) { - $eval .= "\n"; if (($tar == "lock_user") && ($status == "LOCKED")) { // Locked accounts shall be unlocked @@ -2172,9 +2172,9 @@ function ADD_URL_DATA ($URL) { if ((!defined('__COOKIES')) || ((!__COOKIES))) { // Cookies are not accepted - if ((!empty($_GET['refid'])) && (strpos($URL, "refid=") == 0)) { + if ((REQUEST_ISSET_GET(('refid'))) && (strpos($URL, "refid=") == 0)) { // Cookie found in URL - $ADD .= $BIND."refid=".bigintval($_GET['refid']); + $ADD .= $BIND."refid=".bigintval(REQUEST_GET('refid')); } elseif ((GET_EXT_VERSION("sql_patches") != '') && (getConfig('def_refid') > 0)) { // Not found! So let's set default here $ADD .= $BIND."refid=".getConfig('def_refid'); @@ -2282,37 +2282,6 @@ function DISPLAY_PARSING_TIME_FOOTER() { LOAD_TEMPLATE("show_timings", false, $content); } -// Unset/set session variables -function set_session ($var, $value) { - // Abort in CSS mode here - if ($GLOBALS['output_mode'] == 1) return true; - - // Trim value and session variable - $var = trim(SQL_ESCAPE($var)); $value = trim($value); - - // Is the session variable set? - if (("".$value."" == "") && (isSessionVariableSet($var))) { - // Remove the session - //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."
\n"; - unset($_SESSION[$var]); - return session_unregister($var); - } elseif (("".$value."" != '') && (!isSessionVariableSet($var))) { - // Set session - //* DEBUG: */ echo "SET:".$var."=".$value."
\n"; - $_SESSION[$var] = $value; - return session_register($var); - } elseif (!empty($value)) { - // Update session - //* DEBUG: */ echo "UPDATE:".$var."=".$value."
\n"; - $_SESSION[$var] = $value; - return true; - } - - // Ignored (but valid) - //* DEBUG: */ echo "IGNORED:".$var."=".$value."
\n"; - return true; -} - // Check wether a boolean constant is set // Taken from user comments in PHP documentation for function constant() function isBooleanConstantAndTrue($constName) { // : Boolean @@ -2338,563 +2307,12 @@ function isBooleanConstantAndTrue($constName) { // : Boolean return $res; } -// Check wether a session variable is set -function isSessionVariableSet ($var) { - //* DEBUG: */ print __FUNCTION__."(".__LINE__."):var={$var}
\n"; - return (isset($_SESSION[$var])); -} -// Returns wether the value of the session variable or NULL if not set -function get_session ($var) { - // Default is not found! ;-) - $value = null; - - // Is the variable there or cached values? - if (isset($GLOBALS['cache_array']['session'][$var])) { - // Get cached value (skips a lot SQL_ESCAPE() calles! - //* DEBUG: */ print __FUNCTION__."(".__LINE__."): ".$var."-CACHE!
\n"; - $value = $GLOBALS['cache_array']['session'][$var]; - } elseif (isSessionVariableSet($var)) { - // Then get it secured! - //* DEBUG: */ print __FUNCTION__."(".__LINE__."): ".$var."-RESOLVE!
\n"; - $value = SQL_ESCAPE($_SESSION[$var]); - - // Cache the value - $GLOBALS['cache_array']['session'][$var] = $value; - } // END - if - - // Return the value - return $value; -} - -// Send notification to admin -function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content=array(), $uid="0") { - if (GET_EXT_VERSION("admins") >= "0.4.1") { - // Send new way - SEND_ADMIN_EMAILS_PRO($subject, $templateName, $content, $uid); - } else { - // Send outdated way - $msg = LOAD_EMAIL_TEMPLATE($templateName, $content, $uid); - SEND_ADMIN_EMAILS($subject, $msg); - } -} - -// Destroy user session -function destroy_user_session () { - // Reset userid - $GLOBALS['userid'] = 0; - - // Remove all user data from session - return ((set_session('userid', "")) && (set_session('u_hash', ""))); -} - -// Merges an array together but only if both are arrays -function merge_array ($array1, $array2) { - // Are both an array? - if ((is_array($array1)) && (is_array($array2))) { - // Merge all together - return array_merge($array1, $array2); - } elseif (is_array($array1)) { - // Return left array - DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("array2 is not an array. array != %s", gettype($array2))); - return $array1; - } elseif (is_array($array2)) { - // Return right array - DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("array1 is not an array. array != %s", gettype($array1))); - return $array2; - } - - // Both are not arrays - debug_report_bug(__FUNCTION__.": No arrays provided!"); -} - -// Debug message logger -function DEBUG_LOG ($funcFile, $line, $message, $force=true) { - // Is debug mode enabled? - if ((isBooleanConstantAndTrue('DEBUG_MODE')) || ($force === true)) { - // Log this message away - $fp = fopen(constant('PATH')."inc/cache/debug.log", 'a') or mxchange_die("Cannot write logfile debug.log!"); - fwrite($fp, date("d.m.Y|H:i:s", time())."|".basename($funcFile)."|".$line."|".strip_tags($message)."\n"); - fclose($fp); - } // END - if -} - -// Reads a directory with PHP files in and gets only files back -function GET_DIR_AS_ARRAY ($baseDir, $prefix) { - $INCs = array(); - - // Open directory - $dirPointer = opendir($baseDir) or mxchange_die("Cannot read ".basename($baseDir)." path!"); - - // Read all entries - while ($baseFile = readdir($dirPointer)) { - // Load file only if extension is active - // Make full path - $FQFN = $baseDir.$baseFile; - - // Is this a valid reset file? - //* DEBUG: */ print __FUNCTION__."(".__LINE__."):baseDir={$baseDir},prefix={$prefix},baseFile={$baseFile}
\n"; - if ((FILE_READABLE($FQFN)) && (substr($baseFile, 0, strlen($prefix)) == $prefix) && (substr($baseFile, -4, 4) == ".php")) { - // Remove both for extension name - $extName = substr($baseFile, strlen($prefix), -4); - - // Try to find it - $extId = GET_EXT_ID($extName); - - // Is the extension valid and active? - if (($extId > 0) && (EXT_IS_ACTIVE($extName))) { - // Then add this file - $INCs[] = $FQFN; - } elseif ($extId == 0) { - // Add non-extension files as well - $INCs[] = $FQFN; - } - } // END - if - } // END - while - - // Close directory - closedir($dirPointer); - - // Sort array - asort($INCs); - - // Return array with include files - return $INCs; -} -// Load more reset scripts -function RESET_ADD_INCLUDES () { - // Is the reset set or old sql_patches? - if ((!defined('__DAILY_RESET')) || (EXT_VERSION_IS_OLDER("sql_patches", "0.4.5"))) { - // Then abort here - return array(); - } // END - if - - // Get more daily reset scripts - $INC_POOL = GET_DIR_AS_ARRAY(constant('PATH')."inc/reset/", "reset_"); - - // Update database - if (!defined('DEBUG_RESET')) UPDATE_CONFIG("last_update", time()); - - // Create current week mark - $currWeek = date("W", time()); - - // Has it changed? - if (getConfig('last_week') != $currWeek) { - // Include weekly reset scripts - $INC_POOL = merge_array($INC_POOL, GET_DIR_AS_ARRAY(constant('PATH')."inc/weekly/", "weekly_")); - - // Update config - if (!defined('DEBUG_WEEKLY')) UPDATE_CONFIG("last_week", $currWeek); - } // END - if - - // Create current month mark - $currMonth = date("m", time()); - - // Has it changed? - if (getConfig('last_month') != $currMonth) { - // Include monthly reset scripts - $INC_POOL = merge_array($INC_POOL, GET_DIR_AS_ARRAY(constant('PATH')."inc/monthly/", "monthly_")); - - // Update config - if (!defined('DEBUG_MONTHLY')) UPDATE_CONFIG("last_month", $currMonth); - } // END - if - - // Return array - return $INC_POOL; -} -// Handle extra values -function HANDLE_EXTRA_VALUES ($filterFunction, $value, $extraValue) { - // Default is the value itself - $ret = $value; - - // Do we have a special filter function? - if (!empty($filterFunction)) { - // Does the filter function exist? - if (function_exists($filterFunction)) { - // Do we have extra parameters here? - if (!empty($extraValue)) { - // Put both parameters in one new array by default - $args = array($value, $extraValue); - - // If we have an array simply use it and pre-extend it with our value - if (is_array($extraValue)) { - // Make the new args array - $args = merge_array(array($value), $extraValue); - } // END - if - - // Call the multi-parameter call-back - $ret = call_user_func_array($filterFunction, $args); - } else { - // One parameter call - $ret = call_user_func($filterFunction, $value); - } - } // END - if - } // END - if - - // Return the value - return $ret; -} -// Check if given FQFN is a readable file -function FILE_READABLE($fqfn) { - // Check all... - return ((file_exists($fqfn)) && (is_file($fqfn)) && (is_readable($fqfn))); -} -// Converts timestamp selections into a timestamp -function CONVERT_SELECTIONS_TO_TIMESTAMP(&$POST, &$DATA, &$id, &$skip) { - // Init test variable - $test2 = ""; - - // Get last three chars - $test = substr($id, -3); - - // Improved way of checking! :-) - if (in_array($test, array("_ye", "_mo", "_we", "_da", "_ho", "_mi", "_se"))) { - // Found a multi-selection for timings? - $test = substr($id, 0, -3); - if ((isset($POST[$test."_ye"])) && (isset($POST[$test."_mo"])) && (isset($POST[$test."_we"])) && (isset($POST[$test."_da"])) && (isset($POST[$test."_ho"])) && (isset($POST[$test."_mi"])) && (isset($POST[$test."_se"])) && ($test != $test2)) { - // Generate timestamp - $POST[$test] = CREATE_TIMESTAMP_FROM_SELECTIONS($test, $POST); - $DATA[] = sprintf("%s='%s'", $test, $POST[$test]); - - // Remove data from array - foreach (array("ye", "mo", "we", "da", "ho", "mi", "se") as $rem) { - unset($POST[$test."_".$rem]); - } // END - foreach - - // Skip adding - unset($id); $skip = true; $test2 = $test; - } // END - if - } else { - // Process this entry - $skip = false; $test2 = ""; - } -} -// Reverts the german decimal comma into Computer decimal dot -function REVERT_COMMA ($str) { - // Default float is not a float... ;-) - $float = false; - - // Which language is selected? - switch (GET_LANGUAGE()) { - case "de": // German language - // Remove german thousand dots first - $str = str_replace(".", "", $str); - - // Replace german commata with decimal dot and cast it - $float = (float)str_replace(",", ".", $str); - break; - - default: // US and so on - // Remove thousand dots first and cast - $float = (float)str_replace(",", "", $str); - break; - } - - // Return float - return $float; -} - -// Handle menu-depending failed logins and return the rendered content -function HANDLE_LOGIN_FAILTURES ($accessLevel) { - // Default output is empty ;-) - $OUT = ""; - - // Is the session data set? - if ((isSessionVariableSet('mxchange_'.$accessLevel.'_failures')) && (isSessionVariableSet('mxchange_'.$accessLevel.'_last_fail'))) { - // Ignore zero values - if (get_session('mxchange_'.$accessLevel.'_failures') > 0) { - // Non-guest has login failures found, get both data and prepare it for template - //* DEBUG: */ print __FUNCTION__."(".__LINE__."):accessLevel={$accessLevel}
\n"; - $content = array( - 'login_failures' => get_session('mxchange_'.$accessLevel.'_failures'), - 'last_failure' => MAKE_DATETIME(get_session('mxchange_'.$accessLevel.'_last_fail'), "2") - ); - - // Load template - $OUT = LOAD_TEMPLATE("login_failures", true, $content); - } // END - if - - // Reset session data - set_session('mxchange_'.$accessLevel.'_failures', ""); - set_session('mxchange_'.$accessLevel.'_last_fail', ""); - } // END - if - - // Return rendered content - return $OUT; -} - -// Rebuild cache -function REBUILD_CACHE ($cache, $inc="") { - // Shall I remove the cache file? - if ((EXT_IS_ACTIVE("cache")) && (is_object($GLOBALS['cache_instance']))) { - // Rebuild cache - if ($GLOBALS['cache_instance']->loadCacheFile($cache)) { - // Destroy it - $GLOBALS['cache_instance']->destroyCacheFile(); - } // END - if - - // Include file given? - if (!empty($inc)) { - // Construct FQFN - $INC = sprintf("inc/loader/load_cache-%s.php", $inc); - - // Is the include there? - if (INCLUDE_READABLE($INC)) { - // And rebuild it from scratch - //* DEBUG: */ print __FUNCTION__."(".__LINE__."): inc={$inc} - LOADED!
\n"; - LOAD_INC($INC); - } else { - // Include not found! - DEBUG_LOG(__FUNCTION__, __LINE__, "Include {$inc} not found. cache={$cache}"); - } - } // END - if - } // END - if -} - -// Purge admin menu cache -function CACHE_PURGE_ADMIN_MENU ($id=0, $action="", $what="", $str="") { - // Is the cache extension enabled or no cache instance or admin menu cache disabled? - if (!EXT_IS_ACTIVE("cache")) { - // Cache extension not active - return false; - } elseif (!is_object($GLOBALS['cache_instance'])) { - // No cache instance! - DEBUG_LOG(__FUNCTION__, __LINE__, " No cache instance found."); - return false; - } elseif ((!isConfigEntrySet('cache_admin_menu')) || (getConfig('cache_admin_menu') != "Y")) { - // Caching disabled (currently experiemental!) - return false; - } - - // Experiemental feature! - debug_report_bug("Experimental feature: You have to delete the admin_*.cache files by yourself at this point."); -} - -// Translates the "pool type" into human-readable -function TRANSLATE_POOL_TYPE ($type) { - // Default type is unknown - $translated = sprintf(getMessage('POOL_TYPE_UNKNOWN'), $type); - - // Generate constant - $constName = sprintf("POOL_TYPE_%s", $type); - - // Does it exist? - if (defined($constName)) { - // Then use it - $translated = getMessage($constName); - } // END - if - - // Return "translation" - return $translated; -} - -// "Getter" for remote IP number -function GET_REMOTE_ADDR () { - // Get remote ip from environment - $remoteAddr = getenv('REMOTE_ADDR'); - - // Is removeip installed? - if (EXT_IS_ACTIVE("removeip")) { - // Then anonymize it - $remoteAddr = GET_ANONYMOUS_REMOTE_ADDR($remoteAddr); - } // END - if - - // Return it - return $remoteAddr; -} -// "Getter" for remote hostname -function GET_REMOTE_HOST () { - // Get remote ip from environment - $remoteHost = getenv('REMOTE_HOST'); - - // Is removeip installed? - if (EXT_IS_ACTIVE("removeip")) { - // Then anonymize it - $remoteHost = GET_ANONYMOUS_REMOTE_HOST($remoteHost); - } // END - if - - // Return it - return $remoteHost; -} -// "Getter" for user agent -function GET_USER_AGENT () { - // Get remote ip from environment - $userAgent = getenv('HTTP_USER_AGENT'); - - // Is removeip installed? - if (EXT_IS_ACTIVE("removeip")) { - // Then anonymize it - $userAgent = GET_ANONYMOUS_USER_AGENT($userAgent); - } // END - if - - // Return it - return $userAgent; -} -// "Getter" for referer -function GET_REFERER () { - // Get remote ip from environment - $referer = getenv('HTTP_REFERER'); - - // Is removeip installed? - if (EXT_IS_ACTIVE("removeip")) { - // Then anonymize it - $referer = GET_ANONYMOUS_REFERER($referer); - } // END - if - - // Return it - return $referer; -} - -// Adds a bonus mail to the queue -// This is a high-level function! -function ADD_NEW_BONUS_MAIL ($data, $mode="", $output=true) { - // Use mode from data if not set and availble ;-) - if ((empty($mode)) && (isset($data['mode']))) $mode = $data['mode']; - - // Generate receiver list - $RECEIVER = GENERATE_RECEIVER_LIST($data['cat'], $data['receiver'], $mode); - - // Receivers added? - if (!empty($RECEIVER)) { - // Add bonus mail to queue - ADD_BONUS_MAIL_TO_QUEUE( - $data['subject'], - $data['text'], - $RECEIVER, - $data['points'], - $data['seconds'], - $data['url'], - $data['cat'], - $mode, - $data['receiver'] - ); - - // Mail inserted into bonus pool - if ($output) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_BONUS_SEND')); - } elseif ($output) { - // More entered than can be reached! - LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_MORE_SELECTED')); - } else { - // Debug log - DEBUG_LOG(__FUNCTION__, __LINE__, " cat={$data['cat']},receiver={$data['receiver']},data=".base64_encode(serialize($data))." More selected, than available!"); - } -} - -// Determines referal id and sets it -function DETERMINE_REFID () { - global $CLICK, $_SERVER; - - // Check if refid is set - if ((!empty($_GET['user'])) && ($CLICK == 1) && (basename($_SERVER['PHP_SELF']) == "click.php")) { - // The variable user comes from the click-counter script click.php and we only accept this here - $GLOBALS['refid'] = bigintval($_GET['user']); - } elseif (!empty($_POST['refid'])) { - // Get referal id from variable refid (so I hope this makes my script more compatible to other scripts) - $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_POST['refid'])); - } elseif (!empty($_GET['refid'])) { - // Get referal id from variable refid (so I hope this makes my script more compatible to other scripts) - $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['refid'])); - } elseif (!empty($_GET['ref'])) { - // Set refid=ref (the referal link uses such variable) - $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref'])); - } elseif ((isSessionVariableSet('refid')) && (get_session('refid') != 0)) { - // Set session refid als global - $GLOBALS['refid'] = bigintval(get_session('refid')); - } elseif ((GET_EXT_VERSION("sql_patches") != "") && (getConfig('def_refid') > 0)) { - // Set default refid as refid in URL - $GLOBALS['refid'] = bigintval(getConfig('def_refid')); - } elseif ((GET_EXT_VERSION("user") >= "0.3.4") && (getConfig('select_user_zero_refid')) == "Y") { - // Select a random user which has confirmed enougth mails - $GLOBALS['refid'] = SELECT_RANDOM_REFID(); - } else { - // No default ID when sql_patches is not installed or none set - $GLOBALS['refid'] = 0; - } - - // Set cookie when default refid > 0 - if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_session('refid') == "0") && (getConfig('def_refid') > 0))) { - // Set cookie - set_session('refid', $GLOBALS['refid']); - } // END - if - - // Return determined refid - return $GLOBALS['refid']; -} - -// Destroys the admin session -function destroyAdminSession ($destroy = true) { - // Kill maybe existing session variables including array elements - set_session('admin_login', ""); - set_session('admin_md5' , ""); - set_session('admin_last' , ""); - set_session('admin_to' , ""); - - // Destroy session and return status - if ($destroy) { - return session_destroy(); - } // END - if - - // All fine if we shall not really destroy the session - return true; -} - // Checks if a given apache module is loaded function IF_APACHE_MODULE_LOADED ($apacheModule) { // Check it and return result return (((function_exists('apache_get_modules')) && (in_array($apacheModule, apache_get_modules()))) || (!function_exists('apache_get_modules'))); } -// Merges $_CONFIG with data in given array -function mergeConfig ($newConfig) { - global $_CONFIG; - $_CONFIG = merge_array($_CONFIG, $newConfig); -} - -// Getter for $_CONFIG entries -function getConfig ($entry) { - global $_CONFIG; - - // Default value - $value = null; - - // Is the entry there? - if (isConfigEntrySet($entry)) { - // Then use it - $value = $_CONFIG[$entry]; - } // END - if - - // Return it - return $value; -} - -// Setter for $_CONFIG entries -function setConfigEntry ($entry, $value) { - global $_CONFIG; - - // Secure the entry name - $entry = SQL_ESCAPE($entry); - - // And set it - $_CONFIG[$entry] = $value; -} - -// Checks wether the given config entry is set -function isConfigEntrySet ($entry) { - global $_CONFIG; - return (isset($_CONFIG[$entry])); -} - -// Increment or init with given value or 1 as default the given config entry -function incrementConfigEntry ($configEntry, $value=1) { - global $_CONFIG; - - // Increment it if set or init it with 1 - if (getConfig($configEntry) > 0) { - $_CONFIG[$configEntry] += $value; - } else { - $_CONFIG[$configEntry] = $value; - } -} - // "Getter" for language strings // @TODO Rewrite all language constants to this function. function getMessage ($messageId) { @@ -2943,17 +2361,17 @@ function GET_CURR_THEME() { // Fix it to default $ret = "default"; } // END - if - } elseif ((!isBooleanConstantAndTrue('mxchange_installed')) && ((isBooleanConstantAndTrue('mxchange_installing')) || ($GLOBALS['output_mode'] == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme'])))) { + } elseif ((!isBooleanConstantAndTrue('mxchange_installed')) && ((isBooleanConstantAndTrue('mxchange_installing')) || ($GLOBALS['output_mode'] == true)) && ((REQUEST_ISSET_GET(('theme'))) || (REQUEST_ISSET_POST(('theme'))))) { // Prepare FQFN for checking - $theme = sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE($_GET['theme'])); + $theme = sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE(REQUEST_GET('theme'))); // Installation mode active - if ((!empty($_GET['theme'])) && (FILE_READABLE($theme))) { + if ((REQUEST_ISSET_GET(('theme'))) && (FILE_READABLE($theme))) { // Set cookie from URL data - set_session('mxchange_theme', SQL_ESCAPE($_GET['theme'])); - } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE($_POST['theme'])))) { + set_session('mxchange_theme', SQL_ESCAPE(REQUEST_GET('theme'))); + } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE(REQUEST_POST('theme'))))) { // Set cookie from posted data - set_session('mxchange_theme', SQL_ESCAPE($_POST['theme'])); + set_session('mxchange_theme', SQL_ESCAPE(REQUEST_POST('theme'))); } // Set return value @@ -3250,8 +2668,8 @@ function convertCodeToMessage ($code) { break; case constant('CODE_EXTENSION_PROBLEM'): - if (isset($_GET['ext'])) { - $msg = sprintf(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), SQL_ESCAPE($_GET['ext'])); + if (REQUEST_ISSET_GET(('ext'))) { + $msg = sprintf(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), SQL_ESCAPE(REQUEST_GET('ext'))); } else { $msg = getMessage('EXTENSION_PROBLEM_UNSET_EXT'); } diff --git a/inc/handler.php b/inc/handler.php new file mode 100644 index 0000000000..e1e9523740 --- /dev/null +++ b/inc/handler.php @@ -0,0 +1,64 @@ +the main page to continue."); + } else { + // No debug extension found, so regular output + debug_report_bug($msg); + } +} + +// [EOF] +?> diff --git a/inc/header.php b/inc/header.php index 650dce7ddd..8d3cd966da 100644 --- a/inc/header.php +++ b/inc/header.php @@ -125,7 +125,7 @@ if (($GLOBALS['header_sent'] != "1") && ($GLOBALS['header_sent'] != "2")) { } // END - if // Load body or not -if (($GLOBALS['module'] != "frametester") || (($GLOBALS['module'] == "frametester") && (isset($_GET['frame']))) || (($GLOBALS['header_sent'] == "1") && (!empty($_GET['frame']))) && ($GLOBALS['output_mode'] != "1")) { +if (($GLOBALS['module'] != "frametester") || (($GLOBALS['module'] == "frametester") && (REQUEST_ISSET_GET(('frame')))) || (($GLOBALS['header_sent'] == "1") && (REQUEST_ISSET_GET(('frame')))) && ($GLOBALS['output_mode'] != "1")) { // Is the header sent and the script is not the mail confirmation script and not a CSS? if (($GLOBALS['header_sent'] == "1") && (basename($_SERVER['PHP_SELF']) != "mailid.php") && ($GLOBALS['output_mode'] != "1")) { // Add BODY tag diff --git a/inc/hooks.php b/inc/hooks.php new file mode 100644 index 0000000000..8bc6463e56 --- /dev/null +++ b/inc/hooks.php @@ -0,0 +1,55 @@ + diff --git a/inc/install-inc.php b/inc/install-inc.php index 1b8d1f486c..a6fbd91f2b 100644 --- a/inc/install-inc.php +++ b/inc/install-inc.php @@ -43,33 +43,33 @@ if (!defined('__SECURITY')) { // Init variables $mysql = ""; -if ((isset($_POST['mysql'])) && (is_array($_POST['mysql']))) $mysql = $_POST['mysql']; +if ((REQUEST_ISSET_POST(('mysql'))) && (is_array(REQUEST_POST('mysql')))) $mysql = REQUEST_POST('mysql'); // Check if both passwords from SMTP are matching -if ((isset($_GET['page']) && ($_GET['page'] == 5))) { +if ((REQUEST_ISSET_GET(('page')) && (REQUEST_GET('page') == 5))) { // Okay, we have to check it - if (!empty($_POST['smtp_user']) && (empty($_POST['smtp_host']))) { + if (REQUEST_ISSET_POST(('smtp_user')) && (!REQUEST_ISSET_POST(('smtp_host')))) { // Hostname not set OUTPUT_HTML(getMessage('INSTALL_SMTP_HOSTNAME_EMPTY')."
"); - $_GET['page'] = 3; + REQUEST_SET_GET('page', 3); } // END - if - if ((empty($_POST['smtp_pass1'])) && (!empty($_POST['smtp_pass2']))) { + if ((!REQUEST_ISSET_POST(('smtp_pass1'))) && (REQUEST_ISSET_POST(('smtp_pass2')))) { // Password is empty OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS1_EMPTY')."
"); - $_GET['page'] = 3; + REQUEST_SET_GET('page', 3); } // END - if - if ((!empty($_POST['smtp_pass1'])) && (empty($_POST['smtp_pass2']))) { + if ((REQUEST_ISSET_POST(('smtp_pass1'))) && (!REQUEST_ISSET_POST(('smtp_pass2')))) { // Password repeat is empty OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS2_EMPTY')."
"); - $_GET['page'] = 3; + REQUEST_SET_GET('page', 3); } // END - if - if ($_POST['smtp_pass1'] != $_POST['smtp_pass1']) { + if (REQUEST_POST('smtp_pass1') != REQUEST_POST('smtp_pass1')) { // Passwords are not matching OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS_MISMATCH')."
"); - $_GET['page'] = 3; + REQUEST_SET_GET('page', 3); } // END - if } // END - if @@ -80,7 +80,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT define('__BURL_ACTION', constant('URL')); // Output page for entered value - switch ($_GET['page']) + switch (REQUEST_GET('page')) { case "welcome": // Welcome to the installation! LOAD_TEMPLATE("install_welcome"); @@ -108,11 +108,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT define('__MYSQL_DBASE' , $mysql['dbase']); define('__MYSQL_PREFIX', $mysql['prefix']); define('__MYSQL_LOGIN' , $mysql['login']); - define('__SPATH_VALUE' , $_POST['spath']); - define('__BURL_VALUE' , $_POST['burl']); - define('__TITLE_VALUE' , $_POST['title']); - define('__SLOGAN_VALUE', $_POST['slogan']); - define('__EMAIL_VALUE' , $_POST['email']); + define('__SPATH_VALUE' , REQUEST_POST('spath')); + define('__BURL_VALUE' , REQUEST_POST('burl')); + define('__TITLE_VALUE' , REQUEST_POST('title')); + define('__SLOGAN_VALUE', REQUEST_POST('slogan')); + define('__EMAIL_VALUE' , REQUEST_POST('email')); // Load template LOAD_TEMPLATE("install_page2"); @@ -120,11 +120,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT case "3": // Set more values - define('__SPATH_VALUE' , $_POST['spath']); - define('__BURL_VALUE' , $_POST['burl']); - define('__TITLE_VALUE' , $_POST['title']); - define('__SLOGAN_VALUE' , $_POST['slogan']); - define('__EMAIL_VALUE' , $_POST['email']); + define('__SPATH_VALUE' , REQUEST_POST('spath')); + define('__BURL_VALUE' , REQUEST_POST('burl')); + define('__TITLE_VALUE' , REQUEST_POST('title')); + define('__SLOGAN_VALUE' , REQUEST_POST('slogan')); + define('__EMAIL_VALUE' , REQUEST_POST('email')); // Use default SMTP data $smtpHost = constant('SMTP_HOSTNAME'); @@ -133,8 +133,8 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT $smtpPass2 = constant('SMTP_PASSWORD'); // Overwrite it with the data from sent (failed) form - if (!empty($_POST['smtp_host'])) $smtpHost = $_POST['smtp_host']; - if (!empty($_POST['smtp_user'])) $smtpUser = $_POST['smtp_user']; + if (REQUEST_ISSET_POST(('smtp_host'))) $smtpHost = REQUEST_POST('smtp_host'); + if (REQUEST_ISSET_POST(('smtp_user'))) $smtpUser = REQUEST_POST('smtp_user'); // MySQL settings define('__MYSQL_HOST' , $mysql['host']); @@ -156,11 +156,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT case "5": // Misc settings // General settings - define('__SPATH_VALUE' , $_POST['spath']); - define('__BURL_VALUE' , $_POST['burl']); - define('__TITLE_VALUE' , $_POST['title']); - define('__SLOGAN_VALUE' , $_POST['slogan']); - define('__EMAIL_VALUE' , $_POST['email']); + define('__SPATH_VALUE' , REQUEST_POST('spath')); + define('__BURL_VALUE' , REQUEST_POST('burl')); + define('__TITLE_VALUE' , REQUEST_POST('title')); + define('__SLOGAN_VALUE' , REQUEST_POST('slogan')); + define('__EMAIL_VALUE' , REQUEST_POST('email')); // MySQL settings define('__MYSQL_HOST' , $mysql['host']); @@ -169,9 +169,9 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT define('__MYSQL_LOGIN' , $mysql['login']); // SMTP settings - define('__SMTP_HOST' , $_POST['smtp_host']); - define('__SMTP_USER' , $_POST['smtp_user']); - define('__SMTP_PASS' , $_POST['smtp_pass1']); + define('__SMTP_HOST' , REQUEST_POST('smtp_host')); + define('__SMTP_USER' , REQUEST_POST('smtp_user')); + define('__SMTP_PASS' , REQUEST_POST('smtp_pass1')); OUTPUT_HTML("
@@ -264,7 +264,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT break; case "finalize": // Write captured data to files - if ((!empty($_POST['finalize'])) && (!isBooleanConstantAndTrue('mxchange_installed'))) { + if ((REQUEST_ISSET_POST(('finalize'))) && (!isBooleanConstantAndTrue('mxchange_installed'))) { // You have submitted data then we have to reset the fatal messages $SQLs = array(); @@ -274,11 +274,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT // Seems to work, also right database? if (SQL_SELECT_DB($mysql['dbase'], __FILE__, __LINE__) === true) { // Automatically run install.sql - if ((FILE_READABLE($_POST['spath']."install/tables.sql")) && (FILE_READABLE($_POST['spath']."install/menu-".GET_LANGUAGE().".sql"))) { + if ((FILE_READABLE(REQUEST_POST('spath')."install/tables.sql")) && (FILE_READABLE(REQUEST_POST('spath')."install/menu-".GET_LANGUAGE().".sql"))) { // Both exists so import them foreach (array("tables.sql", "menu-".GET_LANGUAGE().".sql") as $dump) { // Should be save here because file_exists() is there but we check it again. :) - $FQFN = secureString($_POST['spath']) . "install/" . $dump; + $FQFN = secureString(REQUEST_POST('spath')) . "install/" . $dump; if (FILE_READABLE($FQFN)) { // Read the file $SQLs = READ_FILE($FQFN, true); @@ -311,24 +311,24 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT } // END - foreach // Ok, all done. So we can write the config data to the php files - if ($_POST['spath'] != constant('PATH')) changeDataInFile($_POST['spath']."inc/config.php", "SERVER-PATH", "define('PATH', \"", "\");", $_POST['spath'], 0); - if ($_POST['burl'] != constant('URL')) changeDataInFile($_POST['spath']."inc/config.php", "HOST-URL", "define('URL', \"", "\");", $_POST['burl'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "MAIN_TITLE", "define('MAIN_TITLE', \"", "\");", $_POST['title'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "SLOGAN", "define('SLOGAN', \"", "\");", $_POST['slogan'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "WEBMASTER", "define('WEBMASTER', \"", "\");", $_POST['email'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "NULLPASS-WARNING", "define('warn_no_pass', ", ");", $_POST['warn_no_pass'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "WRITE-FOOTER", "define('WRITE_FOOTER', ", ");", $_POST['wfooter'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "BACKLINK", "define('ENABLE_BACKLINK', ", ");", $_POST['blink'], 0); - // changeDataInFile($_POST['spath']."inc/config.php", "OUTPUT-MODE", "define('OUTPUT_MODE', \"", "\");", $_POST['omode'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-HOST", " 'host' => \"", "\",", $mysql['host'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-DBASE", " 'dbase' => \"", "\",", $mysql['dbase'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-LOGIN", " 'login' => \"", "\",", $mysql['login'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-PASSWORD", " 'password' => \"", "\",", $mysql['pass1'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-PREFIX", "define('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "SMTP-HOSTNAME", "define('SMTP_HOSTNAME', \"", "\");", $_POST['smtp_host'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", $_POST['smtp_user'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", $_POST['smtp_pass'], 0); - changeDataInFile($_POST['spath']."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0); + if (REQUEST_POST('spath') != constant('PATH')) changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SERVER-PATH", "define('PATH', \"", "\");", REQUEST_POST('spath'), 0); + if (REQUEST_POST('burl') != constant('URL')) changeDataInFile(REQUEST_POST('spath')."inc/config.php", "HOST-URL", "define('URL', \"", "\");", REQUEST_POST('burl'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MAIN_TITLE", "define('MAIN_TITLE', \"", "\");", REQUEST_POST('title'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SLOGAN", "define('SLOGAN', \"", "\");", REQUEST_POST('slogan'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "WEBMASTER", "define('WEBMASTER', \"", "\");", REQUEST_POST('email'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "NULLPASS-WARNING", "define('warn_no_pass', ", ");", REQUEST_POST('warn_no_pass'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "WRITE-FOOTER", "define('WRITE_FOOTER', ", ");", REQUEST_POST('wfooter'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "BACKLINK", "define('ENABLE_BACKLINK', ", ");", REQUEST_POST('blink'), 0); + // DEACTIVATED: changeDataInFile(REQUEST_POST('spath')."inc/config.php", "OUTPUT-MODE", "define('OUTPUT_MODE', \"", "\");", REQUEST_POST('omode'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-HOST", " 'host' => \"", "\",", $mysql['host'], 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-DBASE", " 'dbase' => \"", "\",", $mysql['dbase'], 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-LOGIN", " 'login' => \"", "\",", $mysql['login'], 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-PASSWORD", " 'password' => \"", "\",", $mysql['pass1'], 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-PREFIX", "define('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-HOSTNAME", "define('SMTP_HOSTNAME', \"", "\");", REQUEST_POST('smtp_host'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", REQUEST_POST('smtp_user'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", REQUEST_POST('smtp_pass1'), 0); + changeDataInFile(REQUEST_POST('spath')."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0); } else { // Installation area not found! addFatalMessage(getMessage('INSTALL_MISSING_DUMPS')); @@ -347,12 +347,12 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT $OUT .= " \n"; } // END foreach define('__MYSQL_DATA' , $OUT); - define('__SPATH_VALUE' , $_POST['spath']); - define('__BURL_VALUE' , $_POST['burl']); - define('__TITLE_VALUE' , $_POST['title']); - define('__SMTP_HOST' , $_POST['smtp_host']); - define('__SMTP_USER' , $_POST['smtp_user']); - define('__SMTP_PASS' , $_POST['smtp_pass']); + define('__SPATH_VALUE' , REQUEST_POST('spath')); + define('__BURL_VALUE' , REQUEST_POST('burl')); + define('__TITLE_VALUE' , REQUEST_POST('title')); + define('__SMTP_HOST' , REQUEST_POST('smtp_host')); + define('__SMTP_USER' , REQUEST_POST('smtp_user')); + define('__SMTP_PASS' , REQUEST_POST('smtp_pass1')); // Load template LOAD_TEMPLATE("install_fatal_errors"); @@ -371,7 +371,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT break; default: - DEBUG_LOG(__FILE__, __LINE__, sprintf("Wrong page %s detected", $_GET['page'])); + DEBUG_LOG(__FILE__, __LINE__, sprintf("Wrong page %s detected", REQUEST_GET('page'))); OUTPUT_HTML("
{--WRONG_PAGE--}"); break; } diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index 5f3c4a5d5d..71e179e00e 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -145,7 +145,7 @@ WHERE email='%s'".$locked." LIMIT 1", list($uid) = SQL_FETCHROW($result); // Rewrite email address to contact link - $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&u_id=".bigintval($uid); + $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&uid=".bigintval($uid); } // Free memory @@ -250,7 +250,7 @@ WHERE id=%s LIMIT 1", } // Remove cache file - RUN_FILTER('post_admin_edited', $_POST); + RUN_FILTER('post_admin_edited', REQUEST_POST_ARRAY()); } // Make admin accounts editable @@ -364,7 +364,7 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) { } // Remove cache if cache system is activated - RUN_FILTER('post_admin_deleted', $_POST); + RUN_FILTER('post_admin_deleted', REQUEST_POST_ARRAY()); } // List all admin accounts diff --git a/inc/libs/newsletter_functions.php b/inc/libs/newsletter_functions.php index 7fccd6fa40..f0626fb3b2 100644 --- a/inc/libs/newsletter_functions.php +++ b/inc/libs/newsletter_functions.php @@ -150,7 +150,7 @@ function NL_INSERT_URLS ($text) { // function SEND_NEWSLETTER ($TO, $SUBJECT, $MSG, $MODE) { // Send mail away as HTML - if ($_POST['auto_urls'] == "Y") { + if (REQUEST_POST('auto_urls') == "Y") { // Automatically insert URLs into newsletter if ((EXT_IS_ACTIVE("html")) && ($MODE == "html")) { // Send HTML mail diff --git a/inc/libs/primera_functions.php b/inc/libs/primera_functions.php index 34da5e8dd5..04228a1cfe 100644 --- a/inc/libs/primera_functions.php +++ b/inc/libs/primera_functions.php @@ -236,7 +236,7 @@ class PrimeraApi { // is not false the API data is valid, else invalid function PRIMERA_TEST_API () { // Get new instance - $api = new PrimeraApi($_POST['primera_api_name'], $_POST['primera_api_md5']); + $api = new PrimeraApi(REQUEST_POST('primera_api_name'), REQUEST_POST('primera_api_md5')); // Was that fine? return ($api->getPrimera() !== false); diff --git a/inc/libs/rallye_functions.php b/inc/libs/rallye_functions.php index d38b61b2e6..aa4859a4e1 100644 --- a/inc/libs/rallye_functions.php +++ b/inc/libs/rallye_functions.php @@ -737,10 +737,10 @@ function RALLYE_GET_REFCOUNT($uid, $old=0) { if (GET_EXT_VERSION("cache") >= "0.1.2") { // Get refs from cache $cnt = 0; - foreach ($GLOBALS['cache_array']['refsystem']['userid'] as $id => $u_id) { + foreach ($GLOBALS['cache_array']['refsystem']['userid'] as $id => $uid) { // Do we have a ref for this user? - //* DEBUG: */ echo "id={$id},u_id={$u_id},uid={$uid},old={$old},level={$GLOBALS['cache_array']['refsystem']['level'][$id]}
\n"; - if (($u_id == $uid) && ($GLOBALS['cache_array']['refsystem']['level'][$id] == 1)) { + //* DEBUG: */ echo "id={$id},uid={$uid},uid={$uid},old={$old},level={$GLOBALS['cache_array']['refsystem']['level'][$id]}
\n"; + if (($uid == $uid) && ($GLOBALS['cache_array']['refsystem']['level'][$id] == 1)) { //* DEBUG: */ echo "uid matches!
\n"; foreach ($GLOBALS['cache_array']['ref_depths']['level'] as $level) { if (($level == $GLOBALS['cache_array']['refsystem']['level'][$id]) && ($level == 1)) { diff --git a/inc/libs/register_functions.php b/inc/libs/register_functions.php index 1d36cd12a4..5f82f17270 100644 --- a/inc/libs/register_functions.php +++ b/inc/libs/register_functions.php @@ -117,7 +117,7 @@ function REGISTER_ADD_CATEGORY_TABLE ($MODE, $return=false) { $SW = 2; $OUT .= "
\n"; while (list($id, $cat, $visible) = SQL_FETCHROW($result)) { - if (empty($_POST['cat'][$id])) $_POST['cat'][$id] = ""; + if (!REQUEST_ISSET_POST(('cat', $id))) REQUEST_POST('cat', $id) = ""; // Prepare array for the template $content = array( 'sw' => $SW, @@ -127,7 +127,7 @@ function REGISTER_ADD_CATEGORY_TABLE ($MODE, $return=false) { 'id' => $id, ); - if (($_POST['cat'][$id] == "Y") || ((getConfig('register_default') == "Y") && (empty($_POST['cat'][$id])))) { + if ((REQUEST_POST('cat', $id) == "Y") || ((getConfig('register_default') == "Y") && (!REQUEST_ISSET_POST(('cat', $id))))) { $content['def_y'] = " checked=\"checked\""; } else { $content['def_n'] = " checked=\"checked\""; diff --git a/inc/libs/rewrite_functions.php b/inc/libs/rewrite_functions.php index e7fa920e68..769fb7ad2f 100644 --- a/inc/libs/rewrite_functions.php +++ b/inc/libs/rewrite_functions.php @@ -83,7 +83,7 @@ function REWRITE_LINKS ($HTML) { // Simple from->to replacements $REPLACE = array( - 'search' => array("u_id", "url", "page", "offset", "mid", "bid", "sub", "home"), + 'search' => array("uid", "url", "page", "offset", "mid", "bid", "sub", "home"), 'replace' => array("u" , "url", "page", "offset", "m" , "b" , "s" , "h") ); @@ -96,7 +96,7 @@ function REWRITE_LINKS ($HTML) { // Replace all array elements through foreach ($REPLACE['search'] as $k => $v) { if (eregi("$v=", $test)) { - // Replace &u_id= with /u/ + // Replace &uid= with /u/ $test = preg_replace("/&".$v."=/i", "/".$REPLACE['replace'][$k]."/", $test); } // END - if } // END - foreach diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php index 4f6dafa9c2..5a24877ff0 100644 --- a/inc/libs/sponsor_functions.php +++ b/inc/libs/sponsor_functions.php @@ -132,7 +132,7 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_S // Remove last ", " from SQL string $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1"; - $DATA['values'][] = bigintval($_GET['id']); + $DATA['values'][] = bigintval(REQUEST_GET('id')); // Generate message $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs); diff --git a/inc/libs/surfbar_functions.php b/inc/libs/surfbar_functions.php index 8fa321af6a..390f874e4d 100644 --- a/inc/libs/surfbar_functions.php +++ b/inc/libs/surfbar_functions.php @@ -772,10 +772,10 @@ function SURFBAR_DETERMINE_TEMPLATE_NAME() { $templateName = "surfbar_frameset"; // Any frame set? ;-) - if (isset($_GET['frame'])) { + if (REQUEST_ISSET_GET(('frame'))) { // Use the frame as a template name part... ;-) $templateName = sprintf("surfbar_frame_%s", - SQL_ESCAPE($_GET['frame']) + SQL_ESCAPE(REQUEST_GET('frame')) ); } // END - if diff --git a/inc/libs/theme_functions.php b/inc/libs/theme_functions.php index 2dfcac22cb..58c866dc7f 100644 --- a/inc/libs/theme_functions.php +++ b/inc/libs/theme_functions.php @@ -194,9 +194,9 @@ function GET_CURR_THEME_NAME () { $GLOBALS['curr_theme'] = GET_CURR_THEME(); // Check if new theme is selcted -if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $GLOBALS['curr_theme'])) { +if ((REQUEST_ISSET_POST(('new_theme'))) && (REQUEST_POST('new_theme') != $GLOBALS['curr_theme'])) { // Set new theme for guests - $newTheme = $_POST['new_theme']; + $newTheme = REQUEST_POST('new_theme'); // Change to new theme set_session('mxchange_theme', $newTheme); diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php index 05d43f9a84..2d40f4520a 100644 --- a/inc/libs/user_functions.php +++ b/inc/libs/user_functions.php @@ -39,22 +39,22 @@ if (!defined('__SECURITY')) { // Add links for selecting some users function alpha ($sortby, $colspan, $return=false) { - if (empty($_GET['offset'])) $_GET['offset'] = 0; - $ADD = "&page=".SQL_ESCAPE($_GET['page'])."&offset=".SQL_ESCAPE($_GET['offset']); - if (!empty($_GET['mode'])) $ADD .= "&mode=".SQL_ESCAPE($_GET['mode']); + if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', 0); + $ADD = "&page=".SQL_ESCAPE(REQUEST_GET('page'))."&offset=".SQL_ESCAPE(REQUEST_GET('offset')); + if (REQUEST_ISSET_GET(('mode'))) $ADD .= "&mode=".SQL_ESCAPE(REQUEST_GET('mode')); /* Creates the list of letters and makes them a link. */ $alphabet = array(_ALL2,"A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z",_OTHERS); $num = count($alphabet) - 1; $OUT = ""; while (list($counter, $ltr) = each($alphabet)) { - if ($_GET['letter'] == $ltr) { + if (REQUEST_GET('letter') == $ltr) { // Current letter is letter from URL $OUT .= "".$ltr.""; } else { // Output link to letter $OUT .= "".$ltr.""; } @@ -81,15 +81,15 @@ function alpha ($sortby, $colspan, $return=false) { // Add links for sorting function SortLinks($letter, $sortby, $colspan, $return=false) { $OUT = ""; - if (empty($_GET['offset'])) $_GET['offset'] = 0; - if (empty($_GET['page'])) $_GET['page'] = 0; + if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', 0); + if (!REQUEST_ISSET_GET(('page'))) REQUEST_SET_GET('page' , 0); // Add page and offset - $ADD = "&page=".SQL_ESCAPE($_GET['page'])."&offset=".SQL_ESCAPE($_GET['offset']); + $ADD = "&page=".SQL_ESCAPE(REQUEST_GET('page'))."&offset=".SQL_ESCAPE(REQUEST_GET('offset')); // Add status or mode - if (!empty($_GET['status'])) $ADD .= "&mode=".SQL_ESCAPE($_GET['status']); - elseif (!empty($_GET['mode'])) $ADD .= "&mode=".SQL_ESCAPE($_GET['mode']); + if (REQUEST_ISSET_GET(('status'))) $ADD .= "&mode=".SQL_ESCAPE(REQUEST_GET('status')); + elseif (REQUEST_ISSET_GET(('mode'))) $ADD .= "&mode=".SQL_ESCAPE(REQUEST_GET('mode')); // Makes order by links.. if ($letter == "front") $letter = _ALL2; @@ -148,26 +148,26 @@ function ADD_PAGENAV($PAGES, $offset, $show_form, $colspan,$return=false) { $OUT = ""; for ($page = 1; $page <= $PAGES; $page++) { - if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) { + if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) { $OUT .= "-"; } else { - if (empty($_GET['letter'])) $_GET['letter'] = _ALL2; - if (empty($_GET['sortby'])) $_GET['sortby'] = "userid"; + if (!REQUEST_ISSET_GET(('letter'))) REQUEST_SET_GET('letter', getMessage('_ALL2')); + if (!REQUEST_ISSET_GET(('sortby'))) REQUEST_SET_GET('sortby', "userid"); // Base link $OUT .= ""; + $OUT .= "&letter=".SQL_ESCAPE(REQUEST_GET('letter'))."&sortby=".SQL_ESCAPE(REQUEST_GET('sortby'))."&page=".$page."&offset=".$offset."\">"; } $OUT .= $page; - if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) { + if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) { $OUT .= "-"; } else { $OUT .= ""; @@ -206,7 +206,7 @@ WHERE email='%s'".$locked." LIMIT 1", list($uid) = SQL_FETCHROW($result); // Rewrite email address to contact link - $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&u_id=".bigintval($uid); + $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&uid=".bigintval($uid); } // END - if // Free memory diff --git a/inc/modules/admin.php b/inc/modules/admin.php index f72adf4b19..7261d1cddc 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -55,16 +55,19 @@ $ret = "init"; // Is no admin registered? if (!isBooleanConstantAndTrue('admin_registered')) { // Admin is not registered so we have to inform the user - if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; - if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { + if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) { + REQUEST_SET_POST('ok', "***"); + } + + if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5($_POST['pass']); + $hashedPass = md5(REQUEST_POST('pass')); // Kill maybe existing session variables destroyAdminSession(false); // Do registration - $ret = REGISTER_ADMIN($_POST['login'], $hashedPass); + $ret = REGISTER_ADMIN(REQUEST_POST('login'), $hashedPass); switch ($ret) { case "done": @@ -108,25 +111,25 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Whas that action okay? if ($ret != "done") { // Fixes another "Notice" - if (!empty($_POST['login'])) { - define('__LOGIN_VALUE', $_POST['login']); + if (REQUEST_ISSET_POST(('login'))) { + define('__LOGIN_VALUE', REQUEST_POST('login')); } else { define('__LOGIN_VALUE', ""); } // Yet-another "Notice" fix - if ((!empty($_POST['ok'])) && ($_POST['ok'] == "***")) { + if ((IS_FORM_SENT()) && (REQUEST_POST('ok') == "***")) { // No login entered? - if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN'); + if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN'); // An error comes back from registration? if (!empty($ret)) $MSG1 = $ret; // No password entered? - if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS'); + if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); + if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); // Output error messages define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1)); @@ -143,27 +146,27 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Load register template LOAD_TEMPLATE("admin_reg_form"); } -} elseif (isset($_GET['reset_pass'])) { +} elseif (REQUEST_ISSET_GET(('reset_pass'))) { // Is the form submitted? - if ((isset($_POST['send_link'])) && (!empty($_POST['email']))) { + if ((REQUEST_ISSET_POST(('send_link'))) && (REQUEST_ISSET_POST(('email')))) { // Try to send the link out - $OUT = ADMIN_SEND_PASSWORD_RESET_LINK($_POST['email']); + $OUT = ADMIN_SEND_PASSWORD_RESET_LINK(REQUEST_POST('email')); // Output result LOAD_TEMPLATE("admin_settings_saved", false, $OUT); - } elseif (!empty($_GET['hash'])) { + } elseif (REQUEST_ISSET_GET(('hash'))) { // Output form for hash validation - LOAD_TEMPLATE("admin_validate_reset_hash_form", false, $_GET['hash']); - } elseif ((isset($_POST['validate_hash'])) && (!empty($_POST['login'])) && (!empty($_POST['hash']))) { + LOAD_TEMPLATE("admin_validate_reset_hash_form", false, REQUEST_GET('hash')); + } elseif ((REQUEST_ISSET_POST(('validate_hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('hash')))) { // Validate the login data and hash - $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login']); + $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login')); // Valid? if ($valid === true) { // Prepare content first $content = array( - 'hash' => SQL_ESCAPE($_POST['hash']), - 'login' => SQL_ESCAPE($_POST['login']) + 'hash' => SQL_ESCAPE(REQUEST_POST('hash')), + 'login' => SQL_ESCAPE(REQUEST_POST('login')) ); // Validation okay so display form for final password change @@ -172,11 +175,11 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Cannot validate the login data and hash LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); } - } elseif ((isset($_POST['reset_pass'])) && (!empty($_POST['hash'])) && (!empty($_POST['login'])) && (!empty($_POST['pass1'])) && ($_POST['pass1'] == $_POST['pass2'])) { + } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login'])) { + if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) { // Set the password now - $OUT = ADMIN_RESET_PASSWORD($_POST['login'], $_POST['pass1']); + $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1')); // Output result LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT); @@ -195,16 +198,19 @@ if (!isBooleanConstantAndTrue('admin_registered')) { LOAD_URL("modules.php?module=admin&action=login&logout=1"); } // END - if - if (!empty($_GET['register'])) { + if (REQUEST_ISSET_GET(('register'))) { // Registration of first admin is done - if ($_GET['register'] == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE')); + if (REQUEST_GET('register') == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE')); } // END - if // Check if the admin has submitted data or not - if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; - if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { + if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) { + REQUEST_SET_POST('ok', "***"); + } + + if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) { // All required data was entered so we check his account - $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']); + $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass')); // Which status do we have? switch ($ret) @@ -221,20 +227,20 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Add data to URL if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what']; elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action']; - elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area']; + elseif (REQUEST_ISSET_GET(('area'))) $URL .= "area=".REQUEST_GET('area'); // Load URL LOAD_URL($URL); break; case "404": // Administrator login not found - $_POST['ok'] = $ret; + REQUEST_SET_POST('ok', $ret); $ret = getMessage('ADMIN_NOT_FOUND'); destroyAdminSession(); break; case "pass": // Wrong password - $_POST['ok'] = $ret; + REQUEST_SET_POST('ok', $ret); $ret = "{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]\n"; destroyAdminSession(); break; @@ -247,30 +253,30 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Error detected? if ($ret != "done") { - if (!empty($_POST['login'])) { - define('__LOGIN_VALUE', $_POST['login']); + if (REQUEST_ISSET_POST(('login'))) { + define('__LOGIN_VALUE', REQUEST_POST('login')); } else { define('__LOGIN_VALUE', ""); } - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Set messages to zero $MSG1 = ""; $MSG2 = ""; // No login entered? - if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN'); + if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN'); // An error comes back from login? - if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret; + if ((!empty($ret)) && (REQUEST_POST('ok') == "404")) $MSG1 = $ret; // No password entered? - if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS'); + if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); + if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); // An error comes back from login? - if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret; + if ((!empty($ret)) && (REQUEST_POST('ok') == "pass")) $MSG2 = $ret; // Load message template define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1)); @@ -296,9 +302,9 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Set default values $content = array('target' => "action", 'value' => "login"); } - } elseif (!empty($_GET['area'])) { + } elseif (REQUEST_ISSET_GET(('area'))) { // Restore old area value - $content = array('target' => "area", 'value' => $_GET['area']); + $content = array('target' => "area", 'value' => REQUEST_GET('area')); } else { // Set default values $content = array('target' => "action", 'value' => "login"); @@ -307,19 +313,19 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Load login form template LOAD_TEMPLATE("admin_login_form", false, $content); } // END - if -} elseif (isset($_GET['logout'])) { +} elseif (REQUEST_ISSET_GET(('logout'))) { // Only try to remove cookies if (destroyAdminSession()) { // Load logout template - if (isset($_GET['register'])) { + if (REQUEST_ISSET_GET(('register'))) { // Secure input - $register = SQL_ESCAPE($_GET['register']); + $register = SQL_ESCAPE(REQUEST_GET('register')); // Special logout redirect for installation of given extension LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register)); - } elseif (isset($_GET['remove'])) { + } elseif (REQUEST_ISSET_GET(('remove'))) { // Secure input - $remove = SQL_ESCAPE($_GET['remove']); + $remove = SQL_ESCAPE(REQUEST_GET('remove')); // Special logout redirect for removal of given extension LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove)); @@ -352,7 +358,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { $area = "entrance"; // Check for similar URL variable - if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']); + if (REQUEST_ISSET_GET(('area'))) $area = SQL_ESCAPE(REQUEST_GET('area')); // Load "logical-area menu-system" file LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php"); @@ -367,13 +373,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) { break; case "404": // Administrator login not found - $_POST['ok'] = $ret; + REQUEST_SET_POST('ok', $ret); destroyAdminSession(); addFatalMessage(getMessage('ADMIN_NOT_FOUND')); break; case "pass": // Wrong password - $_POST['ok'] = $ret; + REQUEST_SET_POST('ok', $ret); destroyAdminSession(); addFatalMessage(getMessage('WRONG_PASS')); break; diff --git a/inc/modules/admin/action-logout.php b/inc/modules/admin/action-logout.php index 82b4aeacda..49f02d5674 100644 --- a/inc/modules/admin/action-logout.php +++ b/inc/modules/admin/action-logout.php @@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_POST['no'])) { +if (REQUEST_ISSET_POST(('no'))) { // Do not logout now LOAD_URL("admin.php"); -} elseif ((!empty($_POST['yes'])) && ($GLOBALS['action'] == "logout")) { +} elseif ((REQUEST_ISSET_POST(('yes'))) && ($GLOBALS['action'] == "logout")) { // Redirect to logout link LOAD_URL("modules.php?module=admin&logout=1"); } diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index ea677c8fdb..c960342106 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -204,7 +204,7 @@ function LOGIN_ADMIN ($adminLogin, $passHash) { ) && ( set_session('admin_last', time()) ) && ( - set_session('admin_to', bigintval($_POST['timeout'])) + set_session('admin_to', bigintval(REQUEST_POST('timeout'))) ) ); } @@ -536,15 +536,24 @@ function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") { $OUT .= "\n"; } else { // No menus??? - $OUT = ADMIN_PROBLEM_NO_MENU; + $OUT = getMessage('ADMIN_PROBLEM_NO_MENU'); } // Return output return $OUT; } +// Wrapper for $_POST and ADMIN_SAVE_SETTINGS +function ADMIN_SAVE_SETTINGS_POST () { + // Get the array + $POST = REQUEST_POST_ARRAY(); + + // Call the lower function + ADMIN_SAVE_SETTINGS($POST); +} + // Save settings to the database -function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="config=0", $translateComma=array(), $alwaysAdd=false) { +function ADMIN_SAVE_SETTINGS (&$POST, $tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) { // Prepare all arrays, variables $DATA = array(); $skip = false; @@ -643,7 +652,7 @@ function ADMIN_MAKE_MENU_SELECTION ($menu, $type, $name, $default="") { $handle = opendir(sprintf("%sinc/modules/%s/", constant('PATH'), $menu)) or mxchange_die("Cannot load menu ".$menu."!"); // Init the selection box - $OUT = "\n \n"; // Walk through all files while ($file = readdir($handle)) { @@ -689,7 +698,7 @@ function ADMIN_USER_PROFILE_LINK ($uid, $title="", $wht="list_user") { //* DEBUG: */ echo "a:".$title."
"; // Return link - return "".$title.""; + return "".$title.""; } // Check "logical-area-mode" @@ -782,7 +791,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="") } // END - if // Is the raw userid set? - if ($_POST['uid_raw'][$id] > 0) { + if (REQUEST_POST('uid_raw', $id) > 0) { // Generate subject $subjectLine = constant('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT'); @@ -794,7 +803,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="") } // Send email out - SEND_EMAIL($_POST['uid_raw'][$id], $subjectLine, $mail); + SEND_EMAIL(REQUEST_POST('uid_raw', $id), $subjectLine, $mail); } // END - if // Generate subject @@ -802,9 +811,9 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="") // Send admin notification out if (!empty($subjectPart)) { - SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, $_POST['uid_raw'][$id]); + SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, REQUEST_POST('uid_raw', $id)); } else { - SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, $_POST['uid_raw'][$id]); + SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, REQUEST_POST('uid_raw', $id)); } } @@ -911,7 +920,7 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct } // END - foreach // Add other columns as well - foreach ($_POST as $key => $entries) { + foreach (REQUEST_POST_ARRAY() as $key => $entries) { // Skip id, raw userid and 'do_$mode' if (!in_array($key, array($idColumn, 'uid_raw', ('do_'.$mode)))) { // Are there brackets () at the end? @@ -964,7 +973,7 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu $idList = ""; foreach ($IDs as $id => $sel) { // Is there a userid? - if (isset($_POST['uid_raw'][$id])) { + if (REQUEST_ISSET_POST(('uid_raw', $id))) { // Load all data from that id $result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", array($table, $idColumn, $id), __FILE__, __LINE__); @@ -1017,7 +1026,7 @@ function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc $SQL = sprintf("UPDATE `{!_MYSQL_PREFIX!}_ SET", SQL_ESCAPE($table) ); - foreach ($_POST as $key => $entries) { + foreach (REQUEST_POST_ARRAY() as $key => $entries) { // Skip raw userid which is always invalid if ($key == "uid_raw") { // Continue with next field diff --git a/inc/modules/admin/what-add_bank_package.php b/inc/modules/admin/what-add_bank_package.php index ed4e351b2c..2a9c71d546 100644 --- a/inc/modules/admin/what-add_bank_package.php +++ b/inc/modules/admin/what-add_bank_package.php @@ -41,9 +41,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Is the formular sent? -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save the row to the database - ADMIN_SAVE_SETTINGS($_POST, "_bank_packages", "", array("account_fee", "interest_plus", "interest_minus", "first_payment"), true); + ADMIN_SAVE_SETTINGS(REQUEST_POST_ARRAY(), "_bank_packages", "", array("account_fee", "interest_plus", "interest_minus", "first_payment"), true); } else { // Display form LOAD_TEMPLATE("admin_add_bank_package"); diff --git a/inc/modules/admin/what-add_guestnl_cat.php b/inc/modules/admin/what-add_guestnl_cat.php index c7fcc2b11a..352fd10fa0 100644 --- a/inc/modules/admin/what-add_guestnl_cat.php +++ b/inc/modules/admin/what-add_guestnl_cat.php @@ -40,12 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) -{ +if (IS_FORM_SENT()) { // Check if category does already exist -} - else -{ +} else { // Display form LOAD_TEMPLATE("admin_add_guestnl_cat"); } diff --git a/inc/modules/admin/what-add_points.php b/inc/modules/admin/what-add_points.php index 3dc99e4a3e..08019d932c 100644 --- a/inc/modules/admin/what-add_points.php +++ b/inc/modules/admin/what-add_points.php @@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Fix a notice -if (!isset($_GET['u_id'])) $_GET['u_id'] = ""; +if (!REQUEST_ISSET_GET(('uid'))) REQUEST_SET_GET('uid', ""); -if ($_GET['u_id'] == "all") { +if (REQUEST_GET('uid') == "all") { // Add points to all accounts - if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) { - define('__POINTS_VALUE', $_POST['points']); + if ((IS_FORM_SENT()) && (REQUEST_POST('points') > 0)) { + define('__POINTS_VALUE', REQUEST_POST('points')); $result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' ORDER BY userid", __FILE__, __LINE__); while (list($uid) = SQL_FETCHROW($result_main)) { // Remove depth to prevent booking errors. This is a bad coding @@ -55,12 +55,12 @@ if ($_GET['u_id'] == "all") { $GLOBALS['ref_level'] = -1; // Ok, add points and send an email to him... - ADD_POINTS_REFSYSTEM("admin_all", $uid, bigintval($_POST['points']), false, "0", false, "direct"); + ADD_POINTS_REFSYSTEM("admin_all", $uid, bigintval(REQUEST_POST('points')), false, "0", false, "direct"); // Prepare content $content = array( - 'text' => SQL_ESCAPE($_POST['reason']), - 'points' => bigintval($_POST['points']) + 'text' => SQL_ESCAPE(REQUEST_POST('reason')), + 'points' => bigintval(REQUEST_POST('points')) ); // Load email template and send email away @@ -77,44 +77,44 @@ if ($_GET['u_id'] == "all") { // Display form add points LOAD_TEMPLATE("admin_add_points_all"); } -} elseif (!empty($_GET['u_id'])) { +} elseif (REQUEST_ISSET_GET(('uid'))) { // User ID found in URL so we use this give him some credits $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Selected user does exist list($sname, $fname, $email) = SQL_FETCHROW($result); SQL_FREERESULT($result); - if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { + if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) { // Remove depth to prevent booking errors. This is a bad coding // practice, thats also why we need to write this project from // scratch... unset($GLOBALS['ref_level']); // Ok, add points and send an email to him... - ADD_POINTS_REFSYSTEM("admin_single", bigintval($_GET['u_id']), bigintval($_POST['points']), false, "0", false, "direct"); + ADD_POINTS_REFSYSTEM("admin_single", bigintval(REQUEST_GET('uid')), bigintval(REQUEST_POST('points')), false, "0", false, "direct"); // Prepare content $content = array( - 'text' => SQL_ESCAPE($_POST['reason']), - 'points' => bigintval($_POST['points']) + 'text' => SQL_ESCAPE(REQUEST_POST('reason')), + 'points' => bigintval(REQUEST_POST('points')) ); // Message laden - $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($_GET['u_id'])); + $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval(REQUEST_GET('uid'))); - SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_ADD_SUBJ'), $msg); + SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_ADD_SUBJ'), $msg); LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_ADDED')); } else { // Opps, missing form here define('__USER_VALUE', "".$sname." ".$fname.""); - define('__UID' , bigintval($_GET['u_id'])); + define('__UID' , bigintval(REQUEST_GET('uid'))); LOAD_TEMPLATE("admin_add_points"); } } else { // User not found! - LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."
"); + LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."
"); } } else { // Output selection form with all confirmed user accounts listed diff --git a/inc/modules/admin/what-add_rallye.php b/inc/modules/admin/what-add_rallye.php index 12798e8899..ccb2d887cb 100644 --- a/inc/modules/admin/what-add_rallye.php +++ b/inc/modules/admin/what-add_rallye.php @@ -40,52 +40,45 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) -{ +if (IS_FORM_SENT()) { // Generate timestamps - $START = mktime($_POST['start_hour'], $_POST['start_min'], $_POST['start_sec'], $_POST['start_month'], $_POST['start_day'], $_POST['start_year']); - $END = mktime($_POST['end_hour'] , $_POST['end_min'] , $_POST['end_sec'] , $_POST['end_month'] , $_POST['end_day'] , $_POST['end_year'] ); + $START = mktime(REQUEST_POST('start_hour'), REQUEST_POST('start_min'), REQUEST_POST('start_sec'), REQUEST_POST('start_month'), REQUEST_POST('start_day'), REQUEST_POST('start_year')); + $END = mktime(REQUEST_POST('end_hour') , REQUEST_POST('end_min') , REQUEST_POST('end_sec') , REQUEST_POST('end_month') , REQUEST_POST('end_day') , REQUEST_POST('end_year') ); // Is there already a rallye running? $result = SQL_QUERY_ESC("SELECT id, admin_id FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE (start_time <= %s AND end_time >= %s) OR (start_time >= %s AND start_time <= %s) LIMIT 1", - array($START, $START, $START, $END), __FILE__, __LINE__); + array($START, $START, $START, $END), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 0) - { + if (SQL_NUMROWS($result) == 0) { // Ok, start and end time did not overlap SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_data` (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')", array( GET_CURRENT_ADMIN_ID(), - $_POST['title'], - $_POST['descr'], - $_POST['template'], + REQUEST_POST('title'), + REQUEST_POST('descr'), + REQUEST_POST('template'), $START, $END, - $_POST['auto_add'], - $_POST['active'], - $_POST['notify'], + REQUEST_POST('auto_add'), + REQUEST_POST('active'), + REQUEST_POST('notify'), ), __FILE__, __LINE__); // Load ID $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE start_time='%s' AND end_time='%s' AND `title`='%s' LIMIT 1", - array($START, $END, $_POST['title']), __FILE__, __LINE__); + array($START, $END, REQUEST_POST('title')), __FILE__, __LINE__); list($id) = SQL_FETCHROW($result); SQL_FREERESULT($result); - if (!empty($id)) - { + if (!empty($id)) { // Reload to prices... LOAD_URL("modules.php?module=admin&what=config_rallye_prices&rallye=".$id); - } - else - { + } else { // Problem detected... LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PROBLEM_CREATE); } - } - else - { + } else { // Free memory SQL_FREERESULT($result); diff --git a/inc/modules/admin/what-add_sponsor.php b/inc/modules/admin/what-add_sponsor.php index 3630a89c13..894b8cf273 100644 --- a/inc/modules/admin/what-add_sponsor.php +++ b/inc/modules/admin/what-add_sponsor.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save sponsor in database - SPONSOR_HANDLE_SPONSOR($_POST); + SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY()); } else { // Prepare constants for the template define('__SPONSOR_MIN_VALUE', getConfig('sponsor_min_points')); diff --git a/inc/modules/admin/what-add_surfbar_url.php b/inc/modules/admin/what-add_surfbar_url.php index 21268b0bcd..8b5c33d80e 100644 --- a/inc/modules/admin/what-add_surfbar_url.php +++ b/inc/modules/admin/what-add_surfbar_url.php @@ -41,15 +41,15 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Was an URL added? -if ((isset($_POST['add'])) && (!empty($_POST['url']))) { +if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('url')))) { // Dummy variables $DATA = array(); $id = "reload_ye"; $skip = false; // Convert the "reload selections" - CONVERT_SELECTIONS_TO_TIMESTAMP($_POST, $DATA, $id, $skip); + CONVERT_SELECTIONS_TO_TIMESTAMP(REQUEST_POST_ARRAY(), $DATA, $id, $skip); // Then add this URL - if (SURFBAR_ADMIN_ADD_URL($_POST['url'], $_POST['limit'], $_POST['reload'])) { + if (SURFBAR_ADMIN_ADD_URL(REQUEST_POST('url'), REQUEST_POST('limit'), REQUEST_POST('reload'))) { // URL was added LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_URL_ADDED')); } else { diff --git a/inc/modules/admin/what-admin_add.php b/inc/modules/admin/what-admin_add.php index 89d00727ab..5d123199cb 100644 --- a/inc/modules/admin/what-admin_add.php +++ b/inc/modules/admin/what-admin_add.php @@ -41,11 +41,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Check if the admin has entered title and what-php file name... -if (((empty($_POST['title'])) || (empty($_POST['menu'])) || (empty($_POST['descr']))) && (isset($_POST['ok']))) { - unset($_POST['ok']); +if (((!REQUEST_ISSET_POST(('title'))) || (!REQUEST_ISSET_POST(('menu'))) || (!REQUEST_ISSET_POST(('descr')))) && (IS_FORM_SENT())) { + REQUEST_UNSET_POST('ok'); } -if (!isset($_POST['ok'])) +if (!IS_FORM_SENT()) { // Create arrays $menus = array(); $titles = array(); $below = array(); @@ -165,29 +165,29 @@ if (!isset($_POST['ok'])) LOAD_TEMPLATE("admin_admin_add"); } elseif (!IS_DEMO()) { // Insert new menu entry - if (!empty($_POST['menu'])) { + if (REQUEST_ISSET_POST(('menu'))) { // Add sub menu SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('%s','%s','%s','%s','%s')", array( - $_POST['menu'], - $_POST['name'], - $_POST['title'], - $_POST['descr'], - bigintval($_POST['sort']), + REQUEST_POST('menu'), + REQUEST_POST('name'), + REQUEST_POST('title'), + REQUEST_POST('descr'), + bigintval(REQUEST_POST('sort')), ), __FILE__, __LINE__ ); - CACHE_PURGE_ADMIN_MENU(0, $_POST['menu'], $_POST['name']); + CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('menu'), REQUEST_POST('name')); } else { // Add main menu SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admin_menu` (action, title, descr, sort) VALUES ('%s','%s','%s','%s')", array( - $_POST['name'], - $_POST['title'], - $_POST['descr'], - bigintval($_POST['sort']), + REQUEST_POST('name'), + REQUEST_POST('title'), + REQUEST_POST('descr'), + bigintval(REQUEST_POST('sort')), ), __FILE__, __LINE__ ); - CACHE_PURGE_ADMIN_MENU(0, $_POST['name']); + CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('name')); } LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED')); } else { diff --git a/inc/modules/admin/what-adminedit.php b/inc/modules/admin/what-adminedit.php index b20760df3e..380ef3157e 100644 --- a/inc/modules/admin/what-adminedit.php +++ b/inc/modules/admin/what-adminedit.php @@ -42,23 +42,23 @@ ADD_DESCR("admin", __FILE__); // Do we edit/delete/change main menus or sub menus? $AND = "(`what` = '' OR `what` IS NULL)"; $SUB = ""; -if (!empty($_GET['sub'])) +if (REQUEST_ISSET_GET(('sub'))) { - $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub'])); - $SUB = SQL_ESCAPE($_GET['sub']); + $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub'))); + $SUB = SQL_ESCAPE(REQUEST_GET('sub')); } // Get count of (maybe) selected menu points $chk = 0; -if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']); +if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel')); // List all menu points and make them editable -if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) { +if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO())) { // Edit menu entries define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); $cnt = 0; $SW = 2; - foreach ($_POST['sel'] as $sel => $confirm) + foreach (REQUEST_POST('sel') as $sel => $confirm) { if ($confirm == 1) { @@ -101,13 +101,13 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) { // Load template LOAD_TEMPLATE("admin_amenu_edit_form"); } - elseif ((isset($_POST['del'])) && (!IS_DEMO())) + elseif ((REQUEST_ISSET_POST(('del'))) && (!IS_DEMO())) { define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); // Del menu entries with or without confirmation $SW = 2; $cnt = 0; $OUT = ""; - foreach ($_POST['sel'] as $sel => $confirm) + foreach (REQUEST_POST('sel') as $sel => $confirm) { if ($confirm == 1) { @@ -146,12 +146,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) { // Load template LOAD_TEMPLATE("admin_amenu_delete"); -} elseif ((isset($_POST['ok'])) && (!IS_DEMO())) { +} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) { // An action is done... - switch ($_POST['ok']) + switch (REQUEST_POST('ok')) { case "edit": // Edit menu - foreach ($_POST['sel'] as $sel => $menu) { + foreach (REQUEST_POST('sel') as $sel => $menu) { // Secure ID $sel = bigintval($sel); @@ -164,22 +164,22 @@ descr='%s' WHERE ".$AND." AND id=%s LIMIT 1", array( $menu, - $_POST['sel_action'][$sel], - $_POST['sel_what'][$sel], - $_POST['sel_desc'][$sel], + REQUEST_POST('sel_action', $sel), + REQUEST_POST('sel_what', $sel), + REQUEST_POST('sel_desc', $sel), $sel, ), __FILE__, __LINE__); } // Purge admin menu cache - CACHE_PURGE_ADMIN_MENU(0, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel]); + CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('sel_action', $sel), REQUEST_POST('sel_what', $sel)); // Load template LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED')); break; case "del": // Delete menu - foreach ($_POST['sel'] as $sel => $menu) { + foreach (REQUEST_POST('sel') as $sel => $menu) { SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); CACHE_PURGE_ADMIN_MENU(0, "", "", $AND); @@ -190,32 +190,32 @@ WHERE ".$AND." AND id=%s LIMIT 1", break; default: // Unexpected action - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", $_POST['ok'])); - define('__OK_VALUE', $_POST['ok']); + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", REQUEST_POST('ok'))); + define('__OK_VALUE', REQUEST_POST('ok')); LOAD_TEMPLATE("admin_menu_unknown_okay"); break; } } else { - if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) { + if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) { // Get IDs - if (!empty($_GET['w'])) { + if (REQUEST_ISSET_GET(('w'))) { // Sub menus selected $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1", - array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__); + array(REQUEST_GET('act'), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__); list($tid) = SQL_FETCHROW($result); SQL_FREERESULT($result); $result = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1", - array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__); + array(REQUEST_GET('act'), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__); list($fid) = SQL_FETCHROW($result); SQL_FREERESULT($result); } else { // Main menu selected $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1", - array(bigintval($_GET['tid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__); list($tid) = SQL_FETCHROW($result); SQL_FREERESULT($result); $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1", - array(bigintval($_GET['fid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__); list($fid) = SQL_FETCHROW($result); SQL_FREERESULT($result); } @@ -223,9 +223,9 @@ WHERE ".$AND." AND id=%s LIMIT 1", if ((!empty($tid)) && (!empty($fid))) { // Sort menu SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admin_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__); SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admin_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__); CACHE_PURGE_ADMIN_MENU(0, "", "", $AND); } } diff --git a/inc/modules/admin/what-admins_add.php b/inc/modules/admin/what-admins_add.php index c1054846cb..4f7f51e59f 100644 --- a/inc/modules/admin/what-admins_add.php +++ b/inc/modules/admin/what-admins_add.php @@ -43,9 +43,9 @@ ADD_DESCR("admin", __FILE__); // Display form is default $FORM = true; -if ((isset($_POST['add'])) && (!empty($_POST['login'])) && (!empty($_POST['email'])) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] == $_POST['pass2'])) { +if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('email'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) { // Add admin when not added already - if (REGISTER_ADMIN($_POST['login'], generateHash($_POST['pass1']), $_POST['email']) == "done") { + if (REGISTER_ADMIN(REQUEST_POST('login'), generateHash(REQUEST_POST('pass1')), REQUEST_POST('email')) == "done") { // Do not ouput any form! $FORM = false; @@ -53,16 +53,16 @@ if ((isset($_POST['add'])) && (!empty($_POST['login'])) && (!empty($_POST['email LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ADD_DONE')); // Run filter chain - RUN_FILTER('post_admin_added', $_POST); + RUN_FILTER('post_admin_added', REQUEST_POST_ARRAY()); } // END - if } // END - if // Shall we display the form? if ($FORM === true) { // Set missing elements - // @TODO Do we need this ugly code here? - if (!isset($_POST['login'])) $_POST['login'] = ""; - if (!isset($_POST['email'])) $_POST['email'] = ""; + // @TODO Do we still need this ugly code here? + if (!REQUEST_ISSET_POST(('login'))) REQUEST_SET_POST('login', ""); + if (!REQUEST_ISSET_POST(('email'))) REQUEST_SET_POST('email', ""); // Load form from template LOAD_TEMPLATE("admin_admins_add"); diff --git a/inc/modules/admin/what-admins_contct.php b/inc/modules/admin/what-admins_contct.php index c6341ea4f1..65e1f69cdf 100644 --- a/inc/modules/admin/what-admins_contct.php +++ b/inc/modules/admin/what-admins_contct.php @@ -40,26 +40,26 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if ((isset($_POST['ok'])) && (!empty($_GET['admin']))) { +if ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('admin')))) { // Send mail or message - if ((EXT_IS_ACTIVE("msg")) && ($_POST['type'] == "msg")) { + if ((EXT_IS_ACTIVE("msg")) && (REQUEST_POST('type') == "msg")) { // Add message - $msg = LOAD_EMAIL_TEMPLATE("admins_msg_contct_admin", $_POST['text'], "0"); - SEND_ADMIN_MESSAGE($_GET['admin'], ADMINS_MSG_FROM_ADMIN, $msg); + $msg = LOAD_EMAIL_TEMPLATE("admins_msg_contct_admin", REQUEST_POST('text'), "0"); + SEND_ADMIN_MESSAGE(REQUEST_GET('admin'), ADMINS_MSG_FROM_ADMIN, $msg); } else { // Load admin's email address - $email = GET_ADMIN_EMAIL(bigintval($_GET['admin'])); + $email = GET_ADMIN_EMAIL(bigintval(REQUEST_GET('admin'))); // Load email template and send the mail to the admin - $msg = LOAD_EMAIL_TEMPLATE("admins_mail_contct_admin", $_POST['text'], "0"); + $msg = LOAD_EMAIL_TEMPLATE("admins_mail_contct_admin", REQUEST_POST('text'), "0"); SEND_EMAIL($email, ADMINS_MSG_FROM_ADMIN, $msg); } // Mail / message dropped LOAD_TEMPLATE("admin_settings_saved", false, ADMINS_ADMIN_CONTACTED); -} elseif (!empty($_GET['admin'])) { +} elseif (REQUEST_ISSET_GET(('admin'))) { // Load contact form template - define('__ADMIN', $_GET['admin']); + define('__ADMIN', REQUEST_GET('admin')); if (EXT_IS_ACTIVE("msg")) { // Add option to select between mail and message define('ADMINS_MESSAGING_SELECTION', LOAD_TEMPLATE("admin_admins_contct_select", true)); diff --git a/inc/modules/admin/what-admins_edit.php b/inc/modules/admin/what-admins_edit.php index 6706d9a016..d3a151b791 100644 --- a/inc/modules/admin/what-admins_edit.php +++ b/inc/modules/admin/what-admins_edit.php @@ -41,29 +41,31 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Set selection data to empty array when it is empty -if (empty($_POST['sel'])) $_POST['sel'] = array(); +if (!REQUEST_ISSET_POST(('sel'))) REQUEST_SET_POST('sel', array()); // Check if direct admin account was selected -if (!empty($_GET['admin'])) { +if (REQUEST_ISSET_GET(('admin'))) { // Secure ID number - $aid = bigintval($_GET['admin']); - $_POST['edit'] = "1"; - $_POST['sel'][$aid] = "1"; + $aid = bigintval(REQUEST_GET('admin')); + + // Set required fields + REQUEST_SET_POST('edit', "1"); + REQUEST_SET_POST(array('sel', $aid), "1"); } -if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) { +if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) { // Edit account(s) - ADMINS_EDIT_ADMIN_ACCOUNTS($_POST); -} elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0)) { + ADMINS_EDIT_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY()); +} elseif ((REQUEST_ISSET_POST(('change'))) && (sizeof(REQUEST_POST('login')) > 0)) { // Change admin accounts - ADMINS_CHANGE_ADMIN_ACCOUNT($_POST); -} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) { + ADMINS_CHANGE_ADMIN_ACCOUNT(REQUEST_POST_ARRAY()); +} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) { // Show admin accounts for deletetion - ADMINS_DELETE_ADMIN_ACCOUNTS($_POST); + ADMINS_DELETE_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY()); } else { - if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0)) { + if ((REQUEST_ISSET_POST(('remove'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) { // Remove accounts now - ADMINS_REMOVE_ADMIN_ACCOUNTS($_POST); + ADMINS_REMOVE_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY()); } // List all admin accounts diff --git a/inc/modules/admin/what-admins_mails.php b/inc/modules/admin/what-admins_mails.php index 04124c3ca1..fddbc9a0ae 100644 --- a/inc/modules/admin/what-admins_mails.php +++ b/inc/modules/admin/what-admins_mails.php @@ -40,16 +40,16 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['edit'])) +if (REQUEST_ISSET_POST(('edit'))) { // Check if entires are checked - $SEL = SELECTION_COUNT($_POST['sel']); + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); if ($SEL > 0) { // Add option for events $GLOBALS['cache_array']['admins'] = ADD_OPTION_LINES("admins", "id", "login", "", "email"); $SW = 2; $rowNameS = ""; - foreach ($_POST['sel'] as $template => $sel) { + foreach (REQUEST_POST('sel') as $template => $sel) { // First of all load data from DB $result = SQL_QUERY_ESC("SELECT admin_id, id FROM `{!_MYSQL_PREFIX!}_admins_mails` WHERE mail_template='%s' ORDER BY `id`", array($template), __FILE__, __LINE__); @@ -117,11 +117,10 @@ ORDER BY m.admin_id, m.mail_template", __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { // Shall I change entries? - if (isset($_POST['change'])) + if (REQUEST_ISSET_POST(('change'))) { // Ok, update database - foreach ($_POST['admin_id'] as $id => $aid) - { + foreach (REQUEST_POST('admin_id') as $id => $aid) { // Secure IDs $id = bigintval($id); $aid = bigintval($aid); @@ -130,17 +129,17 @@ ORDER BY m.admin_id, m.mail_template", __FILE__, __LINE__); SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins_mails` SET admin_id=%s WHERE id=%s ORDER BY `id` LIMIT 1", array($aid, $id), __FILE__, __LINE__); - if (($aid < 1) && (!empty($_POST['template'][$id]))) + if (($aid < 1) && (REQUEST_ISSET_POST(('template', $id)))) { // Remove any other admin entries SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins_mails` WHERE mail_template='%s' AND id != '%s'", - array($_POST['template'][$id], $id), __FILE__, __LINE__); + array(REQUEST_POST('template', $id), $id), __FILE__, __LINE__); } - if ($_POST['admin_new'][$_POST['template'][$id]] > 0) + if (REQUEST_POST('admin_new', REQUEST_POST('template', $id)) > 0) { // Add new admin SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_mails` (admin_id, mail_template) VALUES ('%s','%s')", - array($aid, $_POST['template'][$id]), __FILE__, __LINE__); + array($aid, REQUEST_POST('template', $id)), __FILE__, __LINE__); } } diff --git a/inc/modules/admin/what-config_active.php b/inc/modules/admin/what-config_active.php index efb00e6321..37242ae4a3 100644 --- a/inc/modules/admin/what-config_active.php +++ b/inc/modules/admin/what-config_active.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save data - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Minimum mails / active define('__LIMIT_VALUE', getConfig('active_limit')); diff --git a/inc/modules/admin/what-config_admin.php b/inc/modules/admin/what-config_admin.php index 8f42cfc5ec..90f507768d 100644 --- a/inc/modules/admin/what-config_admin.php +++ b/inc/modules/admin/what-config_admin.php @@ -39,9 +39,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare data for the template switch (getConfig('admin_menu')) diff --git a/inc/modules/admin/what-config_admins.php b/inc/modules/admin/what-config_admins.php index a8957adaf9..78e1109e10 100644 --- a/inc/modules/admin/what-config_admins.php +++ b/inc/modules/admin/what-config_admins.php @@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); $SEL = 0; -if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']); +if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel')); -if ((isset($_POST['edit'])) && ($SEL > 0)) { +if ((REQUEST_ISSET_POST(('edit'))) && ($SEL > 0)) { // Edit ACLs $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Load data for the ID $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -76,15 +76,21 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) { // Load main template LOAD_TEMPLATE("admin_config_admins_edit"); -} elseif ((isset($_POST['change'])) && ($SEL > 0)) { +} elseif ((REQUEST_ISSET_POST(('change'))) && ($SEL > 0)) { // Change entries - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Secure ID $id = bigintval($id); // Update entries SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins_acls` SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1", - array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__); + array( + REQUEST_POST('admin', $id), + REQUEST_POST('action_menu', $id), + REQUEST_POST('what_menu', $id), + REQUEST_POST('mode', $id), + $id + ),__FILE__, __LINE__); } // Update cache when installed @@ -92,15 +98,15 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) { if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile(); // Purge menu cache - CACHE_PURGE_ADMIN_MENU($_POST['admin'][$id]); + CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin', $id)); } // Entries changed LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_CHANGED')); -} elseif ((isset($_POST['del'])) && ($SEL > 0)) { +} elseif ((REQUEST_ISSET_POST(('del'))) && ($SEL > 0)) { // Delete ACLs $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Load data for the ID $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -135,9 +141,9 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) { // Load main template LOAD_TEMPLATE("admin_config_admins_del"); -} elseif ((isset($_POST['remove'])) && ($SEL > 0)) { +} elseif ((REQUEST_ISSET_POST(('remove'))) && ($SEL > 0)) { // Remove entries - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1", array(bigintval($id)),__FILE__, __LINE__); } @@ -152,33 +158,33 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) { // Entries deleted LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_DELETED')); -} elseif (isset($_POST['add'])) { +} elseif (REQUEST_ISSET_POST(('add'))) { // Check if everything is fine... - $mode = GET_ADMIN_DEFAULT_ACL(bigintval($_POST['admin_id'])); + $mode = GET_ADMIN_DEFAULT_ACL(bigintval(REQUEST_POST('admin_id'))); // Default ACL is false $ACL = false; - if (!empty($_POST['what_menu'])) { + if (REQUEST_ISSET_POST(('what_menu'))) { // Check parent ACL - $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", $_POST['what_menu']), ""); + $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", REQUEST_POST('what_menu')), ""); } - if ($mode != $_POST['mode'] || ($ACL)) { + if ($mode != REQUEST_POST('mode') || ($ACL)) { // Mode is fine - $BOTH = ((!empty($_POST['action_menu'])) && (!empty($_POST['what_menu']))); - if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH)) { + $BOTH = ((REQUEST_ISSET_POST(('action_menu'))) && (REQUEST_ISSET_POST(('what_menu')))); + if (((REQUEST_ISSET_POST(('action_menu'))) || (REQUEST_ISSET_POST(('what_menu')))) && (!$BOTH)) { // Main or sub menu selected $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1", - array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__); + array(bigintval(REQUEST_POST('admin_id')), REQUEST_POST('action_menu'), REQUEST_POST('what_menu')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Finally add the new ACL SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_acls` (admin_id, action_menu, what_menu, access_mode) VALUES ('%s','%s','%s','%s')", array( - bigintval($_POST['admin_id']), - $_POST['action_menu'], - $_POST['what_menu'], - $_POST['mode'] + bigintval(REQUEST_POST('admin_id')), + REQUEST_POST('action_menu'), + REQUEST_POST('what_menu'), + REQUEST_POST('mode') ), __FILE__, __LINE__); $content = ADMIN_ADMINS_ACL_SAVED; @@ -187,7 +193,7 @@ VALUES ('%s','%s','%s','%s')", if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile(); // Purge cache - CACHE_PURGE_ADMIN_MENU($_POST['admin_id'], $_POST['action_menu'], $_POST['what_menu']); + CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin_id'), REQUEST_POST('action_menu'), REQUEST_POST('what_menu')); } // END - if } else { // ACL does already exist! diff --git a/inc/modules/admin/what-config_autopurge.php b/inc/modules/admin/what-config_autopurge.php index cea9d4cb81..956d5bf402 100644 --- a/inc/modules/admin/what-config_autopurge.php +++ b/inc/modules/admin/what-config_autopurge.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Data was submitted so we store it - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Output de-/activation selections define('__AP_INACTIVE_SELECTION' , ADD_SELECTION("yn", getConfig('autopurge_inactive') , "autopurge_inactive")); diff --git a/inc/modules/admin/what-config_beg.php b/inc/modules/admin/what-config_beg.php index 6bc51b7e8d..1f4d635026 100644 --- a/inc/modules/admin/what-config_beg.php +++ b/inc/modules/admin/what-config_beg.php @@ -40,19 +40,19 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Translate german decimal commas to computer decimal dots - $_POST['beg_points'] = REVERT_COMMA($_POST['beg_points'] ); - $_POST['beg_points_max'] = REVERT_COMMA($_POST['beg_points_max'] ); - $_POST['beg_notify_bonus'] = REVERT_COMMA($_POST['beg_notify_bonus']); + REQUEST_SET_POST('beg_points' , REVERT_COMMA(REQUEST_POST('beg_points') )); + REQUEST_SET_POST('beg_points_max' , REVERT_COMMA(REQUEST_POST('beg_points_max') )); + REQUEST_SET_POST('beg_notify_bonus', REVERT_COMMA(REQUEST_POST('beg_notify_bonus'))); // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); // Remember new settings - setConfigEntry('beg_rallye' , $_POST['beg_rallye']); - setConfigEntry('beg_ral_en_notify', $_POST['beg_ral_en_notify']); - setConfigEntry('beg_ral_di_notify', $_POST['beg_ral_di_notify']); + setConfigEntry('beg_rallye' , REQUEST_POST('beg_rallye')); + setConfigEntry('beg_ral_en_notify', REQUEST_POST('beg_ral_en_notify')); + setConfigEntry('beg_ral_di_notify', REQUEST_POST('beg_ral_di_notify')); } else { // Prepare constants for the template define('__BEG_POINTS' , TRANSLATE_COMMA(getConfig('beg_points') , false)); diff --git a/inc/modules/admin/what-config_birthday.php b/inc/modules/admin/what-config_birthday.php index 174bbf6556..bba2f20f35 100644 --- a/inc/modules/admin/what-config_birthday.php +++ b/inc/modules/admin/what-config_birthday.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare data for the template define('__POINTS_VALUE', getConfig('birthday_points')); diff --git a/inc/modules/admin/what-config_bonus.php b/inc/modules/admin/what-config_bonus.php index b50b55ee0a..cfce062364 100644 --- a/inc/modules/admin/what-config_bonus.php +++ b/inc/modules/admin/what-config_bonus.php @@ -40,33 +40,34 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Replace german decimal commas to computer decimal dots - $_POST['login_bonus'] = REVERT_COMMA($_POST['login_bonus'] ); - $_POST['turbo_bonus'] = REVERT_COMMA($_POST['turbo_bonus'] ); - $_POST['bonus_ref'] = REVERT_COMMA($_POST['bonus_ref'] ); - $_POST['bonus_order'] = REVERT_COMMA($_POST['bonus_order'] ); - $_POST['bonus_notify_points'] = REVERT_COMMA($_POST['bonus_notify_points']); + REQUEST_POST('login_bonus') = REVERT_COMMA(REQUEST_POST('login_bonus') ); + REQUEST_POST('turbo_bonus') = REVERT_COMMA(REQUEST_POST('turbo_bonus') ); + REQUEST_POST('bonus_ref') = REVERT_COMMA(REQUEST_POST('bonus_ref') ); + REQUEST_POST('bonus_order') = REVERT_COMMA(REQUEST_POST('bonus_order') ); + REQUEST_SET_POST('bonus_notify_points', REVERT_COMMA(REQUEST_POST('bonus_notify_points'))); // Generate string for saving ranks - $_POST['turbo_rates'] = ""; $RATES = array(); - foreach ($_POST['rate'] as $rate) { + REQUEST_SET_POST('turbo_rates', ""); + $RATES = array(); + foreach (REQUEST_POST('rate') as $rate) { $rate = trim(REVERT_COMMA($rate)); - if (isset($rate)) $RATES[] = $rate; + if (!empty($rate)) $RATES[] = $rate; } - $_POST['turbo_rates'] = trim(implode(";", $RATES)); - unset($_POST['rate']); + REQUEST_SET_POST('turbo_rates', trim(implode(";", $RATES))); + REQUEST_UNSET_POST(('rate')); // Automatically calculate bonus points for ranks 2 and 3 when not set - if (empty($_POST['turbo_rates'])) $_POST['turbo_rates'] = "".round(getConfig('turbo_bonus') / 2).";".round(getConfig('turbo_bonus') / 4).""; + if (!REQUEST_ISSET_POST(('turbo_rates'))) REQUEST_SET_POST('turbo_rates', "".round(getConfig('turbo_bonus') / 2).";".round(getConfig('turbo_bonus') / 4).""); // Save data - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); // Remember new settings - setConfigEntry('bonus_active' , $_POST['bonus_active']); - setConfigEntry('bonus_en_notify', $_POST['bonus_en_notify']); - setConfigEntry('bonus_di_notify', $_POST['bonus_di_notify']); + setConfigEntry('bonus_active' , REQUEST_POST('bonus_active')); + setConfigEntry('bonus_en_notify', REQUEST_POST('bonus_en_notify')); + setConfigEntry('bonus_di_notify', REQUEST_POST('bonus_di_notify')); } else { // Prepare contants for the template define('__LOGIN_VALUE' , TRANSLATE_COMMA(getConfig('login_bonus') , false)); diff --git a/inc/modules/admin/what-config_cache.php b/inc/modules/admin/what-config_cache.php index 6a86a67325..1056c3f3a6 100644 --- a/inc/modules/admin/what-config_cache.php +++ b/inc/modules/admin/what-config_cache.php @@ -40,41 +40,46 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Cache path has been not changed by default so don't test it again - $_POST['cache_tested'] = "N"; + REQUEST_SET_POST('cache_tested', "N"); // Check if path has been changed - if ($_POST['cache_path'] != getConfig('cache_path')) { + if (REQUEST_POST('cache_path') != getConfig('cache_path')) { // Okay, cache path has been altered so we have to test it again! - $_POST['cache_tested'] = "Y"; + REQUEST_SET_POST('cache_tested', "Y"); } - // Delete deactivated cache files - if (($_POST['cache_admins'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("admins"))) { + if ((REQUEST_POST('cache_admins') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("admins"))) { $GLOBALS['cache_instance']->destroyCacheFile(); } - if (($_POST['cache_acls'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("acls"))) { + + if ((REQUEST_POST('cache_acls') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("acls"))) { $GLOBALS['cache_instance']->destroyCacheFile(); } - if (($_POST['cache_exts'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("extensions", true))) { + + if ((REQUEST_POST('cache_exts') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("extensions", true))) { $GLOBALS['cache_instance']->destroyCacheFile(); } - if (($_POST['cache_config'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("config"))) { + + if ((REQUEST_POST('cache_config') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("config"))) { $GLOBALS['cache_instance']->destroyCacheFile(); } - if (($_POST['cache_modreg'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("modreg"))) { + + if ((REQUEST_POST('cache_modreg') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("modreg"))) { $GLOBALS['cache_instance']->destroyCacheFile(); } - if (($_POST['cache_refdepth'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refdepth"))) { + + if ((REQUEST_POST('cache_refdepth') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refdepth"))) { $GLOBALS['cache_instance']->destroyCacheFile(); } - if (($_POST['cache_refsys'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refsys"))) { + + if ((REQUEST_POST('cache_refsys') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refsys"))) { $GLOBALS['cache_instance']->destroyCacheFile(); } // Save configuration - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare data switch (getConfig('cache_admins')) { diff --git a/inc/modules/admin/what-config_cats.php b/inc/modules/admin/what-config_cats.php index 5bda6c5df8..2789835efb 100644 --- a/inc/modules/admin/what-config_cats.php +++ b/inc/modules/admin/what-config_cats.php @@ -44,14 +44,14 @@ ADD_DESCR("admin", __FILE__); // Init variable to avoid a notice $CATS = ""; -if (isset($_POST['add'])) { +if (REQUEST_ISSET_POST(('add'))) { // Add a new category $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_cats` WHERE cat='%s' LIMIT 1", - array($_POST['catname']), __FILE__, __LINE__); + array(REQUEST_POST('catname')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Category does not exists, we simply add it... SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_cats` (cat, visible, sort) VALUES ('%s','%s','%s')", - array($_POST['catname'], $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__); + array(REQUEST_POST('catname'), REQUEST_POST('visible'), bigintval(REQUEST_POST('parent') + 1)), __FILE__, __LINE__); $content = CATEGORY_ADDED; } else { // Category does already exists @@ -63,20 +63,25 @@ if (isset($_POST['add'])) { // Display message LOAD_TEMPLATE("admin_settings_saved", false, $content); -} elseif ((isset($_POST['ok'])) && (isset($_POST['id'])) && (is_array($_POST['id']))) { +} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('id'))) && (is_array(REQUEST_POST('id')))) { // Change or delete categories... $TEXT = ""; - foreach ($_POST['id'] as $id => $cat) { + foreach (REQUEST_POST('id') as $id => $cat) { // Secure ID $id = bigintval($id); // Is the entry set? if (!empty($cat)) { - switch ($_GET['do']) + switch (REQUEST_GET('do')) { case "edit": // Change categories SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_cats` SET cat='%s', `visible`='%s', sort=%s WHERE id=%s LIMIT 1", - array($cat, $_POST['vis'][$id], $_POST['sort'][$id], $id), __FILE__, __LINE__); + array( + $cat, + REQUEST_POST('vis', $id), + REQUEST_POST('sort', $id), + $id + ), __FILE__, __LINE__); $TEXT = CATEGORIES_SAVED; break; @@ -98,10 +103,10 @@ if (isset($_POST['add'])) { // Display message LOAD_TEMPLATE("admin_settings_saved", false, $TEXT); } -} elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) { +} elseif ((REQUEST_ISSET_POST(('del'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) { // Delete categories $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $value) { + foreach (REQUEST_POST('sel') as $id => $value) { // Load data of category $result = SQL_QUERY_ESC("SELECT cat FROM `{!_MYSQL_PREFIX!}_cats` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -123,10 +128,10 @@ if (isset($_POST['add'])) { // Load main template LOAD_TEMPLATE("admin_del_cats"); -} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) { +} elseif ((REQUEST_ISSET_POST(('edit'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) { // Edit categories $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $value) + foreach (REQUEST_POST('sel') as $id => $value) { // Load data from the category $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM `{!_MYSQL_PREFIX!}_cats` WHERE id=%s LIMIT 1", diff --git a/inc/modules/admin/what-config_doubler.php b/inc/modules/admin/what-config_doubler.php index 185aae57c1..8b21140c30 100644 --- a/inc/modules/admin/what-config_doubler.php +++ b/inc/modules/admin/what-config_doubler.php @@ -40,16 +40,16 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Replace commata with decimal dot - $_POST['doubler_charge'] = REVERT_COMMA(($_POST['doubler_charge'] / 100)); - $_POST['doubler_ref'] = REVERT_COMMA(($_POST['doubler_ref'] / 100)); - $_POST['doubler_min'] = REVERT_COMMA($_POST['doubler_min']); - $_POST['doubler_max'] = REVERT_COMMA($_POST['doubler_max']); - $_POST['doubler_left'] = REVERT_COMMA($_POST['doubler_left']); + REQUEST_SET_POST('doubler_charge', REVERT_COMMA((REQUEST_POST('doubler_charge') / 100))); + REQUEST_SET_POST('doubler_ref' , REVERT_COMMA((REQUEST_POST('doubler_ref') / 100))); + REQUEST_SET_POST('doubler_min' , REVERT_COMMA(REQUEST_POST('doubler_min'))); + REQUEST_SET_POST('doubler_max' , REVERT_COMMA(REQUEST_POST('doubler_max'))); + REQUEST_SET_POST('doubler_left' , REVERT_COMMA(REQUEST_POST('doubler_left'))); // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare data for the template // - Charge rate diff --git a/inc/modules/admin/what-config_email.php b/inc/modules/admin/what-config_email.php index 754f36912f..7048cd0a8f 100644 --- a/inc/modules/admin/what-config_email.php +++ b/inc/modules/admin/what-config_email.php @@ -41,20 +41,20 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Remove empty array index -if (empty($_POST['max'])) unset($_POST['add_max']); +if (!REQUEST_ISSET_POST(('max'))) REQUEST_UNSET_POST(('add_max')); -if (isset($_POST['add_max'])) { +if (REQUEST_ISSET_POST(('add_max'))) { // Save all settings $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE value='%s' LIMIT 1", - array(bigintval($_POST['max'])), __FILE__, __LINE__); + array(bigintval(REQUEST_POST('max'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Add this value (including comment) SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_max_receive` (value, comment) VALUES ('%s','%s')", - array(bigintval($_POST['max']), $_POST['comment']),__FILE__, __LINE__); + array(bigintval(REQUEST_POST('max')), REQUEST_POST('comment')),__FILE__, __LINE__); $content = MAX_VALUE_SAVED; } else { // Value does alread exists! - $content = "".MAX_VALUE_ALREADY.""; + $content = "{--MAX_VALUE_ALREADY--}"; } // Free memory @@ -62,18 +62,22 @@ if (isset($_POST['add_max'])) { // Display message LOAD_TEMPLATE("admin_settings_saved", false, $content); -} elseif ((isset($_POST['ok'])) && (isset($_GET['do']))) { +} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('do')))) { // Change or delete entries... $TEXT = ""; - foreach ($_POST['id'] as $id => $value) { + foreach (REQUEST_POST('id') as $id => $value) { // Secure ID $id = bigintval($id); - switch ($_GET['do']) + switch (REQUEST_GET('do')) { case "edit": // Change entries SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_max_receive` SET value='%s', comment='%s' WHERE id=%s LIMIT 1", - array(bigintval($_POST['val'][$id]), $_POST['comm'][$id], $id),__FILE__, __LINE__); + array( + bigintval(REQUEST_POST('val', $id)), + REQUEST_POST('comm', $id), + $id + ),__FILE__, __LINE__); $TEXT = MRECEIVE_SAVED; break; @@ -89,10 +93,10 @@ if (isset($_POST['add_max'])) { // Display message LOAD_TEMPLATE("admin_settings_saved", false, $TEXT); } -} elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) { +} elseif ((REQUEST_ISSET_POST(('del'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) { // Delete entries $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $value) + foreach (REQUEST_POST('sel') as $id => $value) { // Load data $result = SQL_QUERY_ESC("SELECT value, comment FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE id=%s LIMIT 1", @@ -116,10 +120,10 @@ if (isset($_POST['add_max'])) { // Load main template LOAD_TEMPLATE("admin_config_email_del"); -} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) { +} elseif ((REQUEST_ISSET_POST(('edit'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) { // Edit entries $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $value) { + foreach (REQUEST_POST('sel') as $id => $value) { // Load data $result = SQL_QUERY_ESC("SELECT value, comment FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); diff --git a/inc/modules/admin/what-config_extensions.php b/inc/modules/admin/what-config_extensions.php index 4bd20e5a69..3129867db0 100644 --- a/inc/modules/admin/what-config_extensions.php +++ b/inc/modules/admin/what-config_extensions.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare data switch (getConfig('verbose_sql')) { diff --git a/inc/modules/admin/what-config_holiday.php b/inc/modules/admin/what-config_holiday.php index 56f823b928..43019d2966 100644 --- a/inc/modules/admin/what-config_holiday.php +++ b/inc/modules/admin/what-config_holiday.php @@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) +if (IS_FORM_SENT()) { // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { diff --git a/inc/modules/admin/what-config_home.php b/inc/modules/admin/what-config_home.php index 9c3ae2cc5b..7a0d4ccfd0 100644 --- a/inc/modules/admin/what-config_home.php +++ b/inc/modules/admin/what-config_home.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); $sub = ""; -if (!empty($_GET['sub'])) $sub = $_GET['sub']; +if (REQUEST_ISSET_GET(('sub'))) $sub = REQUEST_GET('sub'); switch ($sub) { @@ -50,9 +50,9 @@ case "": // Output selection table break; case "settings": // Settings related to the index page - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); OUTPUT_HTML("".ADMIN_CONTINUE_TO_CONFIG.""); } else { // Prepare data for the template @@ -65,9 +65,9 @@ case "settings": // Settings related to the index page break; case "target": // Set which what-file will be placed in home-page (only modules.php?module=index) - if (isset($_GET['home'])) { + if (REQUEST_ISSET_GET(('home'))) { // Set new home - UPDATE_CONFIG("index_home", SQL_ESCAPE($_GET['home'])); + UPDATE_CONFIG("index_home", SQL_ESCAPE(REQUEST_GET('home'))); } // END - if // Load all what menu points diff --git a/inc/modules/admin/what-config_mediadata.php b/inc/modules/admin/what-config_mediadata.php index 20e1b5537b..aa1d9a94a2 100644 --- a/inc/modules/admin/what-config_mediadata.php +++ b/inc/modules/admin/what-config_mediadata.php @@ -40,50 +40,39 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) -{ +if (IS_FORM_SENT()) { // Test timestamp - $STAMP = mktime(0, 0, 0, bigintval($_POST['month']), bigintval($_POST['day']), bigintval($_POST['year'])); - if ($STAMP > time()) - { + $STAMP = mktime(0, 0, 0, bigintval(REQUEST_POST('month')), bigintval(REQUEST_POST('day')), bigintval(REQUEST_POST('year'))); + if ($STAMP > time()) { // Date is in the future! - unset($_POST['ok']); - } - else - { + REQUEST_UNSET_POST('ok'); + } else { // Remove entries - unset($_POST['day']); - unset($_POST['month']); - unset($_POST['year']); + REQUEST_UNSET_POST(('day')); + REQUEST_UNSET_POST(('month')); + REQUEST_UNSET_POST(('year')); // Remember timestamp - $_POST['mt_start'] = $STAMP; + REQUEST_SET_POST('mt_start', $STAMP); } // Convert some data - $_POST['mt_stage'] = bigintval($_POST['mt_stage']); - if ($_POST['mt_stage'] <= GET_TOTAL_DATA("CONFIRMED", "user_data", "userid", "status", true)) - { + REQUEST_SET_POST('mt_stage', bigintval(REQUEST_POST('mt_stage'))); + if (REQUEST_POST('mt_stage') <= GET_TOTAL_DATA("CONFIRMED", "user_data", "userid", "status", true)) { // Not enougth! - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); } } -if (isset($_POST['ok'])) -{ +if (IS_FORM_SENT()) { // Save data - ADMIN_SAVE_SETTINGS($_POST); -} - else -{ + ADMIN_SAVE_SETTINGS_POST(); +} else { // Start of this exchange - if (getConfig('mt_start') > 0) - { + if (getConfig('mt_start') > 0) { // Only show start define('__MT_START', "".MAKE_DATETIME(getConfig('mt_start'), "3").""); - } - else - { + } else { // Make start editable define('__MT_START', ADD_SELECTION("day" , date("d", time())). diff --git a/inc/modules/admin/what-config_mods.php b/inc/modules/admin/what-config_mods.php index 2b1c292599..e8afadd7f4 100644 --- a/inc/modules/admin/what-config_mods.php +++ b/inc/modules/admin/what-config_mods.php @@ -41,15 +41,15 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); $SEL = 0; -if (isset($_POST['edit'])) { +if (REQUEST_ISSET_POST(('edit'))) { // Check if at least one module is selected - $SEL = SELECTION_COUNT($_POST['sel']); + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); if ($SEL > 0) { // Output header $OUT = ""; $SW = 2; // Edit selected modules - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Load module data $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM `{!_MYSQL_PREFIX!}_mod_reg` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -80,18 +80,25 @@ if (isset($_POST['edit'])) { LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MODS_NOTHING_SELECTED')); // Remove maybe confusing data - unset($_POST['edit']); - unset($_POST['change']); + REQUEST_UNSET_POST(('edit')); + REQUEST_UNSET_POST(('change')); } -} elseif (isset($_POST['change'])) { +} elseif (REQUEST_ISSET_POST(('change'))) { // Change modules - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Secure ID number $id = bigintval($id); // Update module SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_mod_reg` SET `title`='%s', `locked`='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%s LIMIT 1", - array($_POST['title'][$id], $_POST['locked'][$id], $_POST['hidden'][$id], $_POST['admin'][$id], $_POST['member'][$id], $id), __FILE__, __LINE__); + array( + REQUEST_POST('title', $id), + REQUEST_POST('locked', $id), + REQUEST_POST('hidden', $id), + REQUEST_POST('admin', $id), + REQUEST_POST('member', $id), + $id + ), __FILE__, __LINE__); } // Remove cache file if version matches diff --git a/inc/modules/admin/what-config_newsletter.php b/inc/modules/admin/what-config_newsletter.php index d1ae33fc83..b7abc790c3 100644 --- a/inc/modules/admin/what-config_newsletter.php +++ b/inc/modules/admin/what-config_newsletter.php @@ -40,11 +40,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save data - $_POST['nl_charge'] = REVERT_COMMA($_POST['nl_charge']); + REQUEST_SET_POST('nl_charge', REVERT_COMMA(REQUEST_POST('nl_charge'))); - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare contants for the template define('__CHARGE_VALUE' , TRANSLATE_COMMA(getConfig('nl_charge'), false)); diff --git a/inc/modules/admin/what-config_nickname.php b/inc/modules/admin/what-config_nickname.php index c95b924b25..34dfa051cc 100644 --- a/inc/modules/admin/what-config_nickname.php +++ b/inc/modules/admin/what-config_nickname.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save data - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Load template LOAD_TEMPLATE("admin_config_nickname"); diff --git a/inc/modules/admin/what-config_order.php b/inc/modules/admin/what-config_order.php index dbf9e3075a..ba2f0e2489 100644 --- a/inc/modules/admin/what-config_order.php +++ b/inc/modules/admin/what-config_order.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save data - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare constants for the template switch (getConfig('order_max_full')) diff --git a/inc/modules/admin/what-config_other.php b/inc/modules/admin/what-config_other.php index 6b5db674fc..0a67c5b9c4 100644 --- a/inc/modules/admin/what-config_other.php +++ b/inc/modules/admin/what-config_other.php @@ -45,32 +45,32 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Stop saving data if one input field is !isset -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Calculate stamps and set calculated stamps - $_POST['online_timeout'] = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout" , $_POST); - $_POST['url_tlock'] = CREATE_TIMESTAMP_FROM_SELECTIONS("url_tlock" , $_POST); - $_POST['profile_lock'] = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_lock" , $_POST); - $_POST['profile_update'] = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_update" , $_POST); - $_POST['resend_profile_update'] = CREATE_TIMESTAMP_FROM_SELECTIONS("resend_profile_update", $_POST); + REQUEST_POST('online_timeout') = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout" , REQUEST_POST_ARRAY()); + REQUEST_POST('url_tlock') = CREATE_TIMESTAMP_FROM_SELECTIONS("url_tlock" , REQUEST_POST_ARRAY()); + REQUEST_POST('profile_lock') = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_lock" , REQUEST_POST_ARRAY()); + REQUEST_POST('profile_update') = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_update" , REQUEST_POST_ARRAY()); + REQUEST_SET_POST('resend_profile_update', CREATE_TIMESTAMP_FROM_SELECTIONS("resend_profile_update", REQUEST_POST_ARRAY())); // Online-Timeout shall be > 0 or your database will crow and crow and crow... - if (!isset($_POST['online_timeout'])) { unset($_POST['ok']); } + if (!REQUEST_ISSET_POST(('online_timeout'))) { REQUEST_UNSET_POST('ok'); } // Chedck other timestamps (which can be zero!) - if (!isset($_POST['profile_lock'])) { unset($_POST['ok']); } - if (!isset($_POST['url_tlock'])) { unset($_POST['ok']); } - if (!isset($_POST['profile_update'])) { unset($_POST['ok']); } - if (!isset($_POST['resend_profile_update'])) { unset($_POST['ok']); } + if (!REQUEST_ISSET_POST(('profile_lock'))) { REQUEST_UNSET_POST('ok'); } + if (!REQUEST_ISSET_POST(('url_tlock'))) { REQUEST_UNSET_POST('ok'); } + if (!REQUEST_ISSET_POST(('profile_update'))) { REQUEST_UNSET_POST('ok'); } + if (!REQUEST_ISSET_POST(('resend_profile_update'))) { REQUEST_UNSET_POST('ok'); } // Check other settings - if (!isset($_POST['max_send'])) { unset($_POST['ok']); } - if (!isset($_POST['code_length'])) { unset($_POST['ok']); } - if (!isset($_POST['reject_url'])) { unset($_POST['ok']); } + if (!REQUEST_ISSET_POST(('max_send'))) { REQUEST_UNSET_POST('ok'); } + if (!REQUEST_ISSET_POST(('code_length'))) { REQUEST_UNSET_POST('ok'); } + if (!REQUEST_ISSET_POST(('reject_url'))) { REQUEST_UNSET_POST('ok'); } } -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Update stamps directly - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Transfer config data into constants for the template (DO NOT set $_CONFIG as global in LOAD_TEMPLATE!!!) define('_CFG_CODE_LENGTH', getConfig('code_length')); diff --git a/inc/modules/admin/what-config_payouts.php b/inc/modules/admin/what-config_payouts.php index 8ba924fe48..d15f8ae59f 100644 --- a/inc/modules/admin/what-config_payouts.php +++ b/inc/modules/admin/what-config_payouts.php @@ -40,30 +40,30 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_POST['rate'])) $_POST['rate'] = REVERT_COMMA($_POST['rate']); +if (REQUEST_ISSET_POST(('rate'))) REQUEST_SET_POST('rate', REVERT_COMMA(REQUEST_POST('rate'))); -if ((isset($_POST['add'])) && (!empty($_POST['title'])) && ($_POST['rate'] > 0)) { +if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('title'))) && (REQUEST_POST('rate') > 0)) { // Add new payout type $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE type='%s' LIMIT 1", - array($_POST['title']), __FILE__, __LINE__); + array(REQUEST_POST('title')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Add now SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_payout_types` (type, rate, min_points, from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url) VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')", array( - $_POST['title'], - bigintval($_POST['rate']), - bigintval($_POST['mpoi']), - $_POST['yacc'], - $_POST['ypass'], - $_POST['yurl'], - $_POST['yrdone'], - $_POST['yrfailed'], - $_POST['ytrans'], - $_POST['allow_url'], + REQUEST_POST('title'), + bigintval(REQUEST_POST('rate')), + bigintval(REQUEST_POST('mpoi')), + REQUEST_POST('yacc'), + REQUEST_POST('ypass'), + REQUEST_POST('yurl'), + REQUEST_POST('yrdone'), + REQUEST_POST('yrfailed'), + REQUEST_POST('ytrans'), + REQUEST_POST('allow_url'), ), __FILE__, __LINE__); - $msg = ADMIN_PAYOUT_TYPE_ADDED; + $msg = getMessage('ADMIN_PAYOUT_TYPE_ADDED'); } else { // Free memory SQL_FREERESULT($result); @@ -77,16 +77,16 @@ VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')", $result_mem = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE `status`='NEW' ORDER BY payout_timestamp DESC", __FILE__, __LINE__); $display = true; -if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) { +if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) { // Edit payout types - if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) { + if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) { // Edit entries - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Secure ID $id = bigintval($id); // Edit only if something is entered - if ((!empty($_POST['title'][$id])) && ($_POST['rate'][$id] > 0)) { + if ((REQUEST_ISSET_POST(('title', $id))) && (REQUEST_POST('rate', $id) > 0)) { // Update entry SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_payout_types` SET type='%s', @@ -95,18 +95,18 @@ min_points=%s, allow_url='%s' WHERE id='".$id."' LIMIT 1", array( - $_POST['title'][$id], - bigintval(REVERT_COMMA($_POST['rate'][$id])), - bigintval(REVERT_COMMA($_POST['mpoi'][$id])), - $_POST['allow'][$id], + REQUEST_POST('title', $id), + bigintval(REVERT_COMMA(REQUEST_POST('rate', $id))), + bigintval(REVERT_COMMA(REQUEST_POST('mpoi' , $id))), + REQUEST_POST('allow', $id), ),__FILE__, __LINE__); } } - $msg = ADMIN_PAYOUT_ENTRIES_CHANGED; + $msg = getMessage('ADMIN_PAYOUT_ENTRIES_CHANGED'); } else { $display = false; //Suppress any other outputs $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Load data $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -132,11 +132,11 @@ WHERE id='".$id."' LIMIT 1", // Load main template LOAD_TEMPLATE("admin_config_payouts_edit"); } -} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) { +} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) { // Delete payout types - if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) { + if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) { // Delete entries - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } @@ -144,7 +144,7 @@ WHERE id='".$id."' LIMIT 1", } else { $display = false; //Suppress any other outputs $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Secure ID number $id = bigintval($id); diff --git a/inc/modules/admin/what-config_points.php b/inc/modules/admin/what-config_points.php index 524ec68c71..085393a3d5 100644 --- a/inc/modules/admin/what-config_points.php +++ b/inc/modules/admin/what-config_points.php @@ -44,61 +44,61 @@ ADD_DESCR("admin", __FILE__); $message = ""; // Is the 'sub' parameter set? -if (!empty($_GET['sub'])) { +if (REQUEST_ISSET_GET(('sub'))) { // Yes, then do some sanity-checks - switch ($_GET['sub']) + switch (REQUEST_GET('sub')) { case "points": - if ((empty($_POST['points_register'])) || (empty($_POST['points_ref']))) { - unset($_POST['ok']); + if ((!REQUEST_ISSET_POST(('points_register'))) || (!REQUEST_ISSET_POST(('points_ref')))) { + REQUEST_UNSET_POST('ok'); } break; case "ref": - if (isset($_GET['do'])) { - if (((empty($_POST['lvl'])) || (empty($_POST['perc']))) && ($_GET['do'] == "add")) { - unset($_POST['ok']); + if (REQUEST_ISSET_GET(('do'))) { + if (((!REQUEST_ISSET_POST(('lvl'))) || (!REQUEST_ISSET_POST(('perc')))) && (REQUEST_GET('do') == "add")) { + REQUEST_UNSET_POST('ok'); } } break; } } else { // Display overview - $_GET['sub'] = "overview"; + REQUEST_SET_GET('sub', "overview"); } -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { $SQLs = array(); - switch ($_GET['sub']) + switch (REQUEST_GET('sub')) { case "points": - $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_config` SET points_register='".$_POST['points_register']."', points_ref='".$_POST['points_ref']."' WHERE config=0 LIMIT 1"; + $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_config` SET points_register='".REQUEST_POST('points_register')."', points_ref='".REQUEST_POST('points_ref')."' WHERE config=0 LIMIT 1"; break; case "ref": - switch ($_GET['do']) + switch (REQUEST_GET('do')) { case "add": - $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_refdepths` (level, percents) VALUES ('".$_POST['lvl']."','".$_POST['perc']."')"; + $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_refdepths` (level, percents) VALUES ('".REQUEST_POST('lvl')."','".REQUEST_POST('perc')."')"; break; case "edit": // Change entries - foreach ($_POST['lvl'] as $id => $value) { + foreach (REQUEST_POST('lvl') as $id => $value) { // Secure ID $id = bigintval($id); // Revert german commata - $_POST['perc'][$id] = REVERT_COMMA($_POST['perc'][$id]); + REQUEST_POST('perc', $id) = REVERT_COMMA(REQUEST_POST('perc', $id)); // Update entry SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refdepths` SET level='%s', percents='%s' WHERE id=%s LIMIT 1", - array(bigintval($value), $_POST['perc'][$id], $id), __FILE__, __LINE__); + array(bigintval($value), REQUEST_POST('perc', $id), $id), __FILE__, __LINE__); } $message = REF_DEPTHS_SAVED; break; case "del": - foreach ($_POST['id'] as $id => $value) { + foreach (REQUEST_POST('id') as $id => $value) { SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } @@ -113,21 +113,21 @@ if (isset($_POST['ok'])) { break; case "settings": - $REF = bigintval($_POST['ref_payout']); + $REF = bigintval(REQUEST_POST('ref_payout')); $SQLs[] = sprintf("UPDATE `{!_MYSQL_PREFIX!}_config` SET allow_direct_pay='%s', reg_points_mode='%s', ref_payout='%s' WHERE config=0 LIMIT 1", - $_POST['allow_direct_pay'], - $_POST['reg_points_mode'], + REQUEST_POST('allow_direct_pay'), + REQUEST_POST('reg_points_mode'), $REF ); - if ((getConfig('ref_payout') == 0) && ($_POST['ref_payout'] > 0)) { + if ((getConfig('ref_payout') == 0) && (REQUEST_POST('ref_payout') > 0)) { // Update account's ref_payout for "must-confirm" $SQLs[] = sprintf("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET ref_payout=(%s - mails_confirmed) WHERE mails_confirmed < %s", $REF, $REF); - } elseif ((getConfig('ref_payout') > 0) && ($_POST['ref_payout'] == 0)) { + } elseif ((getConfig('ref_payout') > 0) && (REQUEST_POST('ref_payout') == 0)) { // Update account's ref_payout for "not-must-confirm" $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_user_data` SET ref_payout=0 WHERE ref_payout > 0"; $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_user_points` SET points=points+locked_points WHERE locked_points>0"; @@ -139,7 +139,7 @@ WHERE mails_confirmed < %s", $REF, $REF); if ((isset($SQLs)) && (is_array($SQLs)) && (!empty($SQLs[0]))) { if (strpos($SQLs[0], "INSERT") > -1) { $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE level='%s' LIMIT 1", - array(bigintval($_POST['lvl'])), __FILE__, __LINE__); + array(bigintval(REQUEST_POST('lvl'))), __FILE__, __LINE__); SQL_FREERESULT($result); } // END - if @@ -166,7 +166,7 @@ WHERE mails_confirmed < %s", $REF, $REF); // When do so... LOAD_TEMPLATE("admin_settings_saved", false, $message); } -} elseif ($_GET['sub'] == "settings") { +} elseif (REQUEST_GET('sub') == "settings") { // Setup some settings like direct pay and so on // Including new add-mode for one-time referal bonus switch (getConfig('allow_direct_pay')) { @@ -192,11 +192,11 @@ WHERE mails_confirmed < %s", $REF, $REF); // Load template LOAD_TEMPLATE("admin_config_point_settings"); -} elseif ($_GET['sub'] == "ref") { - if ((isset($_POST['del'])) && (isset($_POST['sel'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) { +} elseif (REQUEST_GET('sub') == "ref") { + if ((REQUEST_ISSET_POST(('del'))) && (REQUEST_ISSET_POST(('sel'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) { // Delete entries $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $value) { + foreach (REQUEST_POST('sel') as $id => $value) { $result = SQL_QUERY_ESC("SELECT level, percents FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($lvl, $perc) = SQL_FETCHROW($result); @@ -218,10 +218,10 @@ WHERE mails_confirmed < %s", $REF, $REF); // Load main template LOAD_TEMPLATE("admin_points_del"); - } elseif ((isset($_POST['edit'])) && (isset($_POST['sel'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) { + } elseif ((REQUEST_ISSET_POST(('edit'))) && (REQUEST_ISSET_POST(('sel'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) { // Edit entries $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $value) { + foreach (REQUEST_POST('sel') as $id => $value) { $result = SQL_QUERY_ESC("SELECT level, percents FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($lvl, $perc) = SQL_FETCHROW($result); @@ -276,7 +276,7 @@ WHERE mails_confirmed < %s", $REF, $REF); // Form for adding new referal levels LOAD_TEMPLATE("admin_add_reflvl"); } -} elseif ($_GET['sub'] == "points") { +} elseif (REQUEST_GET('sub') == "points") { // First points for registration and other fixed points including new add-mode for one-time referal bonus... define('P_REG_VALUE', getConfig('points_register')); define('P_REF_VALUE', getConfig('points_ref')); diff --git a/inc/modules/admin/what-config_primera.php b/inc/modules/admin/what-config_primera.php index ea836b6fcf..8b26a7b621 100644 --- a/inc/modules/admin/what-config_primera.php +++ b/inc/modules/admin/what-config_primera.php @@ -40,21 +40,21 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // First merge temporarily the new API data into the current config - mergeConfig($_POST); + mergeConfig(REQUEST_POST_ARRAY()); // Is the password set? - if (isset($_POST['pass'])) { + if (REQUEST_ISSET_POST(('pass'))) { // Then hash and remove it - $_POST['primera_api_md5'] = md5($_POST['pass']); - unset($_POST['pass']); + REQUEST_SET_POST('primera_api_md5', md5(REQUEST_POST('pass'))); + REQUEST_UNSET_POST('pass'); } // END - if // Let's test the API first (hold your horses here, cowboy! Thank you. :) ) if (PRIMERA_TEST_API()) { // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Failed to test the API! LOAD_TEMPLATE("admin_settings_saved", false, GET_PRIMERA_ERROR_MESSAGE()); diff --git a/inc/modules/admin/what-config_proxy.php b/inc/modules/admin/what-config_proxy.php index 9d74c9bf7a..b01ace1070 100644 --- a/inc/modules/admin/what-config_proxy.php +++ b/inc/modules/admin/what-config_proxy.php @@ -40,11 +40,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Test proxy settings - if (ADMIN_TEST_PROXY_SETTINGS($_POST)) { + if (ADMIN_TEST_PROXY_SETTINGS(REQUEST_POST_ARRAY())) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Invalid! LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_PROXY_SETTINGS_INVALID')); diff --git a/inc/modules/admin/what-config_rallye_prices.php b/inc/modules/admin/what-config_rallye_prices.php index 33f53536c6..73e182fdc6 100644 --- a/inc/modules/admin/what-config_rallye_prices.php +++ b/inc/modules/admin/what-config_rallye_prices.php @@ -40,16 +40,16 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_GET['rallye'])) +if (REQUEST_ISSET_GET(('rallye'))) { // Price submitted? - if (isset($_POST['add'])) + if (REQUEST_ISSET_POST(('add'))) { - if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info'])))) + if ((REQUEST_ISSET_POST(('level'))) && ((REQUEST_ISSET_POST(('points'))) || (REQUEST_ISSET_POST(('info'))))) { // Submitted data is valid, but maybe we already have this price level? $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s AND price_level='%s' LIMIT 1", - array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('rallye')), bigintval(REQUEST_POST('level'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { @@ -57,10 +57,10 @@ if (!empty($_GET['rallye'])) SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_prices` (rallye_id, price_level, points, info) VALUES ('%s','%s','%s','%s')", array( - bigintval($_GET['rallye']), - bigintval($_POST['level']), - $_POST['points'], - $_POST['info'] + bigintval(REQUEST_GET('rallye')), + bigintval(REQUEST_POST('level')), + REQUEST_POST('points'), + REQUEST_POST('info') ), __FILE__, __LINE__); LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED); } @@ -73,12 +73,12 @@ VALUES ('%s','%s','%s','%s')", LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND); } } - } elseif (isset($_POST['remove'])) { + } elseif (REQUEST_ISSET_POST(('remove'))) { // Check if at last one line is selected - $SEL = SELECTION_COUNT($_POST['sel']); + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); if ($SEL > 0) { // Delete selected entries - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } @@ -88,33 +88,37 @@ VALUES ('%s','%s','%s','%s')", } else { LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED); } - } elseif (isset($_POST['change'])) { + } elseif (REQUEST_ISSET_POST(('change'))) { // Change entries - foreach ($_POST['level'] as $id => $level) { + foreach (REQUEST_POST('level') as $id => $level) { // Secure ID $id = bigintval($id); // Update entry SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_prices` SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1", - array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__); + array( + REQUEST_POST('rallye_id', $id), + bigintval($level), + REQUEST_POST('points', $id]), + REQUEST_POST('infos', $id), + $id + ), __FILE__, __LINE__); } // Output message LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED); } - if (isset($_POST['edit'])) { + if (REQUEST_ISSET_POST(('edit'))) { // Check if at last one line is selected - $SEL = SELECTION_COUNT($_POST['sel']); - if ($SEL > 0) - { + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); + if ($SEL > 0) { // Make selected editable $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $sel) - { + foreach (REQUEST_POST('sel') as $id => $sel) { // Load data to selected rallye $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1", - array(bigintval($id)), __FILE__, __LINE__); + array(bigintval($id)), __FILE__, __LINE__); list($rallye, $level, $points, $infos) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -135,7 +139,7 @@ VALUES ('%s','%s','%s','%s')", define('__PRICE_ROWS', $OUT); // Prepare data for the main template - define('__RALLYE_ID', $_GET['rallye']); + define('__RALLYE_ID', REQUEST_GET('rallye')); // Load main template LOAD_TEMPLATE("admin_config_rallye_edit"); @@ -143,19 +147,19 @@ VALUES ('%s','%s','%s','%s')", else { // Nothing selected - $content = RALLYE_NO_PRICES_SELECTED_1."".RALLYE_NO_PRICES_SELECTED_2."".RALLYE_NO_PRICES_SELECTED_3; + $content = RALLYE_NO_PRICES_SELECTED_1."".RALLYE_NO_PRICES_SELECTED_2."".RALLYE_NO_PRICES_SELECTED_3; LOAD_TEMPLATE("admin_settings_saved", false, $content); } } - elseif (isset($_POST['del'])) + elseif (REQUEST_ISSET_POST(('del'))) { // Check if at last one line is selected - $SEL = SELECTION_COUNT($_POST['sel']); + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); if ($SEL > 0) { // List all prices $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $sel) + foreach (REQUEST_POST('sel') as $id => $sel) { // Load data to selected rallye $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1", @@ -181,7 +185,7 @@ VALUES ('%s','%s','%s','%s')", define('__PRICE_ROWS', $OUT); // Prepare data for the main template - define('__RALLYE_ID', $_GET['rallye']); + define('__RALLYE_ID', REQUEST_GET('rallye')); // Load main template LOAD_TEMPLATE("admin_config_rallye_del"); @@ -189,7 +193,7 @@ VALUES ('%s','%s','%s','%s')", else { // Nothing selected - $content = RALLYE_NO_PRICES_SELECTED_1."".RALLYE_NO_PRICES_SELECTED_2."".RALLYE_NO_PRICES_SELECTED_3; + $content = RALLYE_NO_PRICES_SELECTED_1."".RALLYE_NO_PRICES_SELECTED_2."".RALLYE_NO_PRICES_SELECTED_3; LOAD_TEMPLATE("admin_settings_saved", false, $content); } } @@ -197,7 +201,7 @@ VALUES ('%s','%s','%s','%s')", { // a rallye was selected, so check if there are already prices assigned... $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s ORDER BY price_level", - array(bigintval($_GET['rallye'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { @@ -226,7 +230,7 @@ VALUES ('%s','%s','%s','%s')", define('__PRICE_ROWS', $OUT); // Prepare data for the main template - define('__RALLYE_ID', $_GET['rallye']); + define('__RALLYE_ID', REQUEST_GET('rallye')); // Load main template LOAD_TEMPLATE("admin_config_rallye_prices"); @@ -234,13 +238,10 @@ VALUES ('%s','%s','%s','%s')", } // Add form for adding new price level - if (empty($_POST['edit'])) - { - LOAD_TEMPLATE("admin_add_rallye_prices", false, $_GET['rallye']); + if (!REQUEST_ISSET_POST(('edit'))) { + LOAD_TEMPLATE("admin_add_rallye_prices", false, REQUEST_GET('rallye')); } -} - else -{ +} else { // No rallye selected so display all available without prices $result = SQL_QUERY("SELECT d.id, d.admin_id, d.start_time, d.end_time, d.title, a.login, d.is_active FROM `{!_MYSQL_PREFIX!}_rallye_data` AS d, `{!_MYSQL_PREFIX!}_admins` AS a diff --git a/inc/modules/admin/what-config_refback.php b/inc/modules/admin/what-config_refback.php index 3939a8c389..599f4b7339 100644 --- a/inc/modules/admin/what-config_refback.php +++ b/inc/modules/admin/what-config_refback.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare content $content = array( diff --git a/inc/modules/admin/what-config_refid.php b/inc/modules/admin/what-config_refid.php index e737934136..7d91ef7304 100644 --- a/inc/modules/admin/what-config_refid.php +++ b/inc/modules/admin/what-config_refid.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save data - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare contants for the template define('__MEMBER_SELECTION', ADD_MEMBER_SELECTION_BOX(getConfig('def_refid'), false, true, true, "def_refid")); diff --git a/inc/modules/admin/what-config_register.php b/inc/modules/admin/what-config_register.php index 21e4c6d53a..be5aab4947 100644 --- a/inc/modules/admin/what-config_register.php +++ b/inc/modules/admin/what-config_register.php @@ -41,8 +41,8 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Do we want to save changes? -if (isset($_POST['ok'])) { - foreach ($_POST['sel'] as $id => $value) { +if (IS_FORM_SENT()) { + foreach (REQUEST_POST('sel') as $id => $value) { SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_must_register` SET field_required='%s' WHERE id=%s AND field_required != '%s' LIMIT 1", array($value, bigintval($id), $value),__FILE__, __LINE__); } diff --git a/inc/modules/admin/what-config_register2.php b/inc/modules/admin/what-config_register2.php index 0b66142186..3356d97c9f 100644 --- a/inc/modules/admin/what-config_register2.php +++ b/inc/modules/admin/what-config_register2.php @@ -40,13 +40,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Calculate timestamp from selections... - $_POST['ip_timeout'] = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout", $_POST); - $_POST['least_cats'] = round($_POST['least_cats']); + REQUEST_SET_POST('ip_timeout', CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout", REQUEST_POST_ARRAY())); + REQUEST_SET_POST('least_cats', round(REQUEST_POST('least_cats'))); // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Remember stuff in constants define('LEAST_CATS_VALUE' , round(getConfig('least_cats'))); diff --git a/inc/modules/admin/what-config_removeip.php b/inc/modules/admin/what-config_removeip.php index 3340076b32..f0e0db8297 100644 --- a/inc/modules/admin/what-config_removeip.php +++ b/inc/modules/admin/what-config_removeip.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare data switch (getConfig('removeip_anon_ip')) { diff --git a/inc/modules/admin/what-config_rewrite.php b/inc/modules/admin/what-config_rewrite.php index ed73ec998f..00bfce4a4e 100644 --- a/inc/modules/admin/what-config_rewrite.php +++ b/inc/modules/admin/what-config_rewrite.php @@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Generate string $MODs = array(); - foreach ($_POST['mod'] as $mod => $sel) { + foreach (REQUEST_POST('mod') as $mod => $sel) { // Now you can never deselect the admin module, bah!!! ;-) if (($sel == "Y") || ($mod == "admin")) { // Add module to queue @@ -52,11 +52,11 @@ if (isset($_POST['ok'])) { } // Implode array to string and remove posted mod array - $_POST['rewrite_skip'] = implode(":", $MODs); - unset($_POST['mod']); + REQUEST_SET_POST('rewrite_skip', implode(":", $MODs)); + REQUEST_UNSET_POST(('mod')); // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Load existing modules and generate TR rows for the template $result = SQL_QUERY("SELECT module, title FROM `{!_MYSQL_PREFIX!}_mod_reg` ORDER BY module", __FILE__, __LINE__); diff --git a/inc/modules/admin/what-config_secure.php b/inc/modules/admin/what-config_secure.php index b717f17bcc..3effe1dfda 100644 --- a/inc/modules/admin/what-config_secure.php +++ b/inc/modules/admin/what-config_secure.php @@ -39,21 +39,21 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // If salt length is empty or null then we shall generate new passwords - if (empty($_POST['salt_length']) || ($_POST['salt_length'] == "0")) { + if (!REQUEST_ISSET_POST(('salt_length')) || (REQUEST_POST('salt_length') == "0")) { // Generate new passwords for all! LOAD_INC("inc/gen_sql_patches.php"); // Forget the wrong number! - unset($_POST['salt_length']); + REQUEST_UNSET_POST(('salt_length')); // Redirect to logout link LOAD_URL("modules.php?module=admin&logout=1"); } // END - if // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Remember stuff in constants define('__PASS_LEN' , getConfig('pass_len')); diff --git a/inc/modules/admin/what-config_session.php b/inc/modules/admin/what-config_session.php index 9da34ffb18..131bf44ad5 100644 --- a/inc/modules/admin/what-config_session.php +++ b/inc/modules/admin/what-config_session.php @@ -40,11 +40,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Test Path - if ((empty($_POST['session_save_path'])) || ((is_dir($_POST['session_save_path'])) && (is_writeable($_POST['session_save_path'])))) { + if ((!REQUEST_ISSET_POST(('session_save_path'))) || ((is_dir(REQUEST_POST('session_save_path'))) && (is_writeable(REQUEST_POST('session_save_path'))))) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Invalid! LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SESSION_SAVE_PATH_INVALID')); diff --git a/inc/modules/admin/what-config_sponsor.php b/inc/modules/admin/what-config_sponsor.php index ba900de273..292fd279ba 100644 --- a/inc/modules/admin/what-config_sponsor.php +++ b/inc/modules/admin/what-config_sponsor.php @@ -40,13 +40,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Allow only direct points (non-floating) - $_POST['sponsor_min_points'] = bigintval($_POST['sponsor_min_points']); - $_POST['sponsor_ref_points'] = bigintval($_POST['sponsor_ref_points']); + REQUEST_SET_POST('sponsor_min_points', bigintval(REQUEST_POST('sponsor_min_points'))); + REQUEST_SET_POST('sponsor_ref_points', bigintval(REQUEST_POST('sponsor_ref_points'))); // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Remember config data in constants for the template define('__SPONSOR_MIN_POINTS', getConfig('sponsor_min_points')); diff --git a/inc/modules/admin/what-config_stats.php b/inc/modules/admin/what-config_stats.php index d76591812a..ece898a4d2 100644 --- a/inc/modules/admin/what-config_stats.php +++ b/inc/modules/admin/what-config_stats.php @@ -41,9 +41,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Was the form submitted? -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Guest stats switch (getConfig('guest_stats')) diff --git a/inc/modules/admin/what-config_surfbar.php b/inc/modules/admin/what-config_surfbar.php index dcbea25333..854470c601 100644 --- a/inc/modules/admin/what-config_surfbar.php +++ b/inc/modules/admin/what-config_surfbar.php @@ -41,14 +41,14 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Was the form submitted? -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Replace german decimal comma with computer decimal dot - if (isset($_POST['surfbar_static_reward'])) $_POST['surfbar_static_reward'] = REVERT_COMMA($_POST['surfbar_static_reward']); - if (isset($_POST['surfbar_static_costs'])) $_POST['surfbar_static_costs'] = REVERT_COMMA($_POST['surfbar_static_costs']); - if (isset($_POST['surfbar_dynamic_percent'])) $_POST['surfbar_dynamic_percent'] = REVERT_COMMA($_POST['surfbar_dynamic_percent']); + if (REQUEST_ISSET_POST(('surfbar_static_reward'))) REQUEST_SET_POST('surfbar_static_reward' , REVERT_COMMA(REQUEST_POST('surfbar_static_reward'))); + if (REQUEST_ISSET_POST(('surfbar_static_costs'))) REQUEST_SET_POST('surfbar_static_costs' , REVERT_COMMA(REQUEST_POST('surfbar_static_costs'))); + if (REQUEST_ISSET_POST(('surfbar_dynamic_percent'))) REQUEST_SET_POST('surfbar_dynamic_percent', REVERT_COMMA(REQUEST_POST('surfbar_dynamic_percent'))); // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare content $content = array( diff --git a/inc/modules/admin/what-config_title.php b/inc/modules/admin/what-config_title.php index 8ebb2a9335..4f15a691c3 100644 --- a/inc/modules/admin/what-config_title.php +++ b/inc/modules/admin/what-config_title.php @@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) +if (IS_FORM_SENT()) { // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { diff --git a/inc/modules/admin/what-config_top10.php b/inc/modules/admin/what-config_top10.php index 4eeaf49ac6..553a924d86 100644 --- a/inc/modules/admin/what-config_top10.php +++ b/inc/modules/admin/what-config_top10.php @@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) +if (IS_FORM_SENT()) { // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { diff --git a/inc/modules/admin/what-config_transfer.php b/inc/modules/admin/what-config_transfer.php index 5e6e755869..29320d1863 100644 --- a/inc/modules/admin/what-config_transfer.php +++ b/inc/modules/admin/what-config_transfer.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save settings... - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } // Prepare constants for template diff --git a/inc/modules/admin/what-config_user.php b/inc/modules/admin/what-config_user.php index 62df2811ff..914c9c22ef 100644 --- a/inc/modules/admin/what-config_user.php +++ b/inc/modules/admin/what-config_user.php @@ -39,9 +39,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Prepare constants for the template define('__LIMIT_VALUE', getConfig('user_limit')); diff --git a/inc/modules/admin/what-config_wernis.php b/inc/modules/admin/what-config_wernis.php index b92afc06d5..1dc18f6183 100644 --- a/inc/modules/admin/what-config_wernis.php +++ b/inc/modules/admin/what-config_wernis.php @@ -40,23 +40,23 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // First merge temporarily the new API data into the current config - mergeConfig($_POST); + mergeConfig(REQUEST_POST_ARRAY()); // Let's test the API first (hold your horses here, cowboy! Thank you. :) ) if (WERNIS_TEST_API()) { // Revert german commata foreach (array('payout_factor', 'withdraw_factor', 'payout_fee_percent', 'withdraw_fee_percent') as $revert) { - $_POST['wernis_'.$revert] = REVERT_COMMA($_POST['wernis_'.$revert]); + REQUEST_SET_POST('wernis_'.$revert, REVERT_COMMA(REQUEST_POST('wernis_'.$revert))); } // END - if // Hash the password and remove clear-text - $_POST['wernis_pass_md5'] = md5($_POST['wernis_pass']); - unset($_POST['wernis_pass']); + REQUEST_SET_POST('wernis_pass_md5', md5(REQUEST_POST('wernis_pass'))); + REQUEST_UNSET_POST(('wernis_pass')); // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Failed to test the API! LOAD_TEMPLATE("admin_settings_saved", false, GET_WERNIS_ERROR_MESSAGE()); diff --git a/inc/modules/admin/what-config_yoomedia.php b/inc/modules/admin/what-config_yoomedia.php index 0b2618f03e..0f3e923d8d 100644 --- a/inc/modules/admin/what-config_yoomedia.php +++ b/inc/modules/admin/what-config_yoomedia.php @@ -44,11 +44,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Was the form submitted? -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Test Yoo!Media config - if (YOOMEDIA_TEST_CONFIG($_POST)) { + if (YOOMEDIA_TEST_CONFIG(REQUEST_POST_ARRAY())) { // Save settings - ADMIN_SAVE_SETTINGS($_POST); + ADMIN_SAVE_SETTINGS_POST(); } else { // Config not saved LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_CONFIG_YOOMEDIA_TEST_FAILED')); diff --git a/inc/modules/admin/what-del_email.php b/inc/modules/admin/what-del_email.php index a1ed1b1c45..3b2e9fe47d 100644 --- a/inc/modules/admin/what-del_email.php +++ b/inc/modules/admin/what-del_email.php @@ -46,10 +46,10 @@ ADD_DESCR("admin", __FILE__); // Init counter for deleted mails $cnt = 0; -if (!empty($_GET['mid'])) { +if (REQUEST_ISSET_GET(('mid'))) { // Load email data $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1", - array(bigintval($_GET['mid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__); // Delete mail only once if (SQL_NUMROWS($result) == 1) { @@ -82,7 +82,7 @@ if (!empty($_GET['mid'])) { LEFT JOIN `{!_MYSQL_PREFIX!}_pool` AS p ON s.pool_id=p.id WHERE s.pool_id=%s LIMIT 1", - array(bigintval($_GET['mid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__); if (SQL_NUMROWS($result_pool) == 1) { // Fetch stats id list($stats_id) = SQL_FETCHROW($result_pool); @@ -91,7 +91,7 @@ WHERE s.pool_id=%s LIMIT 1", $links = GET_TOTAL_DATA($stats_id, "user_links", "userid", "stats_id", true); // Reset sent mails for recipient(s) - REDUCT_RECIPIENT_RECEIVED_MAILS("stats_id", $_GET['mid'], $links); + REDUCT_RECIPIENT_RECEIVED_MAILS("stats_id", REQUEST_GET('mid'), $links); // Calc total points and pay them back $totalPoints = $links * $price; @@ -137,7 +137,7 @@ WHERE s.pool_id=%s LIMIT 1", $cnt += SQL_AFFECTEDROWS(); // Load template for link - LOAD_TEMPLATE("admin_settings_saved", false, "".ADMIN_REMOVE_STATS_ENTRY.""); + LOAD_TEMPLATE("admin_settings_saved", false, "".ADMIN_REMOVE_STATS_ENTRY.""); } // END - if // Free the result @@ -145,7 +145,7 @@ WHERE s.pool_id=%s LIMIT 1", // Delete mail from queue SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1", - array(bigintval($_GET['mid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__); $cnt += SQL_AFFECTEDROWS(); // Output link for manually removing stats entry @@ -154,17 +154,17 @@ WHERE s.pool_id=%s LIMIT 1", // Mail already deleted! LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_NORMAL_MAIL_ALREADY_DELETED')); } -} elseif (!empty($_GET['pid'])) { +} elseif (REQUEST_ISSET_GET(('pid'))) { // Remove stats entries SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_stats` WHERE pool_id=%s LIMIT 1", - array(bigintval($_GET['pid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__); // Output message LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_USER_STATS_REMOVED')); -} elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) { +} elseif ((REQUEST_ISSET_GET(('bid'))) && (EXT_IS_ACTIVE("bonus"))) { // Load data from bonus mail $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp, mails_sent FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s", - array(bigintval($_GET['bid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('bid'))), __FILE__, __LINE__); // Delete mail only once if (SQL_NUMROWS($result) == 1) { @@ -172,17 +172,17 @@ WHERE s.pool_id=%s LIMIT 1", list ($id, $subject, $url, $timestamp, $sent) = SQL_FETCHROW($result); // Reset sent mails for recipient(s) - REDUCT_RECIPIENT_RECEIVED_MAILS ("bonus_id", $_GET['bid'], $sent); + REDUCT_RECIPIENT_RECEIVED_MAILS ("bonus_id", REQUEST_GET('bid'), $sent); // Init counter for deleted mails $cnt = 0; // Delete bonus mail entirely from database SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s LIMIT 1", - array(bigintval($_GET['bid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('bid'))), __FILE__, __LINE__); $cnt += SQL_AFFECTEDROWS(); SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_links` WHERE bonus_id=%s", - array(bigintval($_GET['bid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('bid'))), __FILE__, __LINE__); $cnt += SQL_AFFECTEDROWS(); // Prepare data for the template @@ -201,10 +201,10 @@ WHERE s.pool_id=%s LIMIT 1", // Free result SQL_FREERESULT($result); -} elseif ((!empty($_GET['nid'])) && (GET_EXT_VERSION("bonus") >= "0.8.7")) { +} elseif ((REQUEST_ISSET_GET(('nid'))) && (GET_EXT_VERSION("bonus") >= "0.8.7")) { // Load data from bonus mail $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s", - array(bigintval($_GET['nid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('nid'))), __FILE__, __LINE__); // Delete mail only once if (SQL_NUMROWS($result) == 1) { @@ -217,10 +217,10 @@ WHERE s.pool_id=%s LIMIT 1", // Delete bonus mail entirely from database SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s LIMIT 1", - array(bigintval($_GET['nid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('nid'))), __FILE__, __LINE__); $cnt += SQL_AFFECTEDROWS(); SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_links` WHERE bonus_id=%s", - array(bigintval($_GET['nid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('nid'))), __FILE__, __LINE__); $cnt += SQL_AFFECTEDROWS(); // Prepare data for the template diff --git a/inc/modules/admin/what-del_holiday.php b/inc/modules/admin/what-del_holiday.php index 2e4bc33e4a..8fa89f5218 100644 --- a/inc/modules/admin/what-del_holiday.php +++ b/inc/modules/admin/what-del_holiday.php @@ -42,14 +42,14 @@ ADD_DESCR("admin", __FILE__); // Check for selected holidays $SUM = 0; -if (isset($_POST['sel'])) $SUM = SELECTION_COUNT($_POST['sel']); +if (REQUEST_ISSET_POST(('sel'))) $SUM = SELECTION_COUNT(REQUEST_POST('sel')); // Shall I delete selected holidays??? if ($SUM > 0) { // Delete multiple holiday requests (for list_holiday) $cnt = 0; - foreach ($_POST['sel'] as $id => $sel) + foreach (REQUEST_POST('sel') as $id => $sel) { // Get the userid $result = SQL_QUERY_ESC("SELECT userid, holiday_start, holiday_end @@ -84,7 +84,7 @@ WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ADMIN_MULTI_DEL_1.$cnt.HOLIDAY_ADMIN_MULTI_DEL_2); } - elseif (!empty($_GET['u_id'])) + elseif (REQUEST_ISSET_GET(('uid'))) { // Set default message $MSG = HOLIDAY_ADMIN_SINGLE_404; @@ -92,7 +92,7 @@ WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); // Fetch data $result_load = SQL_QUERY_ESC("SELECT holiday_start AS start, holiday_end AS end FROM `{!_MYSQL_PREFIX!}_user_holidays` -WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); if (SQL_NUMROWS($result_load) == 1) { // Load data @@ -104,11 +104,11 @@ WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); // Delete one holiday request (for task) SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_holidays` -WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); +WHERE userid=%s LIMIT 1", array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); // Send email to user - $msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, $_GET['u_id']); - SEND_EMAIL($_GET['u_id'], HOLIDAY_ADMIN_REMOVED_SUBJ, $msg); + $msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, REQUEST_GET('uid')); + SEND_EMAIL(REQUEST_GET('uid'), HOLIDAY_ADMIN_REMOVED_SUBJ, $msg); // Set message $MSG = HOLIDAY_ADMIN_SINGLE_DELETED; diff --git a/inc/modules/admin/what-del_sponsor.php b/inc/modules/admin/what-del_sponsor.php index 51b98f72e9..dca9ca67de 100644 --- a/inc/modules/admin/what-del_sponsor.php +++ b/inc/modules/admin/what-del_sponsor.php @@ -40,13 +40,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_GET['id'])) { +if (REQUEST_ISSET_GET(('id'))) { // Check for selected sponsor $result = SQL_QUERY_ESC("SELECT email, gender, surname, family FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1", - array(bigintval($_GET['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Remove sponsor - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Load data and remember it in constants list($email, $gender, $surname, $family) = SQL_FETCHROW($result); @@ -59,22 +59,22 @@ if (!empty($_GET['id'])) { define('__FAMILY' , $family); // Prepare message and send it away - $msg = LOAD_EMAIL_TEMPLATE("del_sponsor", $_POST['reason'], bigintval($_GET['id'])); + $msg = LOAD_EMAIL_TEMPLATE("del_sponsor", REQUEST_POST('reason'), bigintval(REQUEST_GET('id'))); SEND_EMAIL($email, getMessage('ADMIN_SPONSOR_DEL_SUBJECT'), $msg); // Remove account SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1", - array(bigintval($_GET['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); // Remove orders SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_sponsor_orders` WHERE sponsorid='%s' LIMIT 1", - array(bigintval($_GET['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); // Output message - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_DELETED'), bigintval($_GET['id']))); - } elseif (!empty($_POST['no'])) { + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_DELETED'), bigintval(REQUEST_GET('id')))); + } elseif (REQUEST_ISSET_POST(('no'))) { // Do not delete him... - LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id'])); + LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval(REQUEST_GET('id'))); } else { // Load data list ($email, $gender, $sname, $fname) = SQL_FETCHROW($result); @@ -84,14 +84,14 @@ if (!empty($_GET['id'])) { define('__SNAME' , $sname); define('__FNAME' , $fname); define('__GENDER', TRANSLATE_GENDER($gender)); - define('__UID' , bigintval($_GET['id'])); + define('__UID' , bigintval(REQUEST_GET('id'))); // Display form LOAD_TEMPLATE("admin_del_sponsor"); } } else { // Sponsor not found! - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id']))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id')))); } } else { // Not called by what-list_sponsor.php diff --git a/inc/modules/admin/what-del_transfer.php b/inc/modules/admin/what-del_transfer.php index 8183fef0fc..6cfeda596a 100644 --- a/inc/modules/admin/what-del_transfer.php +++ b/inc/modules/admin/what-del_transfer.php @@ -41,14 +41,14 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']) || (!IS_ADMIN())) // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['del'])) +if (REQUEST_ISSET_POST(('del'))) { // Delete entries from tables - $SEL = SELECTION_COUNT($_POST['sel']); + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); if ($SEL > 0) { // Delete entries... - foreach ($_POST['sel'] as $id => $sel) + foreach (REQUEST_POST('sel') as $id => $sel) { SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_transfers_in` WHERE trans_id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); diff --git a/inc/modules/admin/what-del_user.php b/inc/modules/admin/what-del_user.php index c7a798a57c..08ea5c04e9 100644 --- a/inc/modules/admin/what-del_user.php +++ b/inc/modules/admin/what-del_user.php @@ -41,31 +41,31 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // User exists.. -if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason'])))) { +if ((IS_FORM_SENT()) || ((REQUEST_ISSET_POST(('del'))) && (REQUEST_ISSET_POST(('reason'))))) { // Delete users account $result_user = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); if (SQL_NUMROWS($result_user) == 1) { // Free memory SQL_FREERESULT($result_user); // Delete user account - DELETE_USER_ACCOUNT(bigintval($_GET['u_id']), $_POST['reason']); + DELETE_USER_ACCOUNT(bigintval(REQUEST_GET('uid')), REQUEST_POST('reason')); LOAD_TEMPLATE("admin_settings_saved", false, "
".ADMIN_DEL_COMPLETED."
"); } else { // Account does not exists! - LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."
"); + LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."
"); } -} elseif (!empty($_POST['no'])) { +} elseif (REQUEST_ISSET_POST(('no'))) { // Do not delete him... - LOAD_URL("modules.php?module=admin&what=list_user&u_id=".$_GET['u_id']); -} elseif (empty($_GET['u_id'])) { + LOAD_URL("modules.php?module=admin&what=list_user&uid=".REQUEST_GET('uid')); +} elseif (!REQUEST_ISSET_GET(('uid'))) { // Output selection form with all confirmed user accounts listed ADD_MEMBER_SELECTION_BOX(); } else { // Realy want to delete? $result = SQL_QUERY_ESC("SELECT email, surname, family FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load data list ($email, $sname, $fname) = SQL_FETCHROW($result); @@ -75,13 +75,13 @@ if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason'] define('__EMAIL', CREATE_EMAIL_LINK($email, "user_data")); define('__SNAME', $sname); define('__FNAME', $fname); - define('__UID' , $_GET['u_id']); + define('__UID' , REQUEST_GET('uid')); // Display form LOAD_TEMPLATE("admin_del_user"); } else { // Account does not exists! - LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."
"); + LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."
"); } } diff --git a/inc/modules/admin/what-edit_emails.php b/inc/modules/admin/what-edit_emails.php index bb171d0de3..c7e5c74de3 100644 --- a/inc/modules/admin/what-edit_emails.php +++ b/inc/modules/admin/what-edit_emails.php @@ -40,26 +40,26 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if ((isset($_POST['ok'])) && (empty($_POST['id']))) { - unset($_POST['ok']); +if ((IS_FORM_SENT()) && (!REQUEST_ISSET_POST(('id')))) { + REQUEST_UNSET_POST('ok'); } $result = SQL_QUERY("SELECT id, sender, subject, payment_id, cat_id FROM `{!_MYSQL_PREFIX!}_pool` ORDER BY timestamp", __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Make mail editable... $result = SQL_QUERY_ESC("SELECT subject, text, url FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1", - array(bigintval($_POST['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_POST('id'))), __FILE__, __LINE__); list($subj, $text, $url) = SQL_FETCHROW($result); SQL_FREERESULT($result); - define('__ID_VALUE' , $_POST['id']); + define('__ID_VALUE' , REQUEST_POST('id')); define('__URL_VALUE' , $url); define('__SUBJ_VALUE', $subj); define('__TEXT_VALUE', $text); // Load template LOAD_TEMPLATE("admin_edit_email"); - } elseif (!empty($_POST['save'])) { + } elseif (REQUEST_ISSET_POST(('save'))) { // Save changes SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET subject='%s', @@ -67,10 +67,10 @@ text='%s', url='%s' WHERE id=%s LIMIT 1", array( - $_POST['subj'], - $_POST['text'], - $_POST['url'], - bigintval($_POST['id']), + REQUEST_POST('subj'), + REQUEST_POST('text'), + REQUEST_POST('url'), + bigintval(REQUEST_POST('id')), ), __FILE__, __LINE__); if (SQL_AFFECTEDROWS() == 1) { diff --git a/inc/modules/admin/what-edit_sponsor.php b/inc/modules/admin/what-edit_sponsor.php index 4b448b2546..183b4b1d99 100644 --- a/inc/modules/admin/what-edit_sponsor.php +++ b/inc/modules/admin/what-edit_sponsor.php @@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) { +if ((REQUEST_ISSET_GET(('id'))) && (REQUEST_ISSET_GET(('mode')))) { // Check for selected sponsor $result = SQL_QUERY_ESC("SELECT company, position, gender, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, receive_warnings, warning_interval FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1", - array(bigintval($_GET['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load sponsor details $DATA = SQL_FETCHARRAY($result); @@ -51,7 +51,7 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) { // Prepare all data for the template // Sponsor's ID - define('__SPONSOR_ID' , bigintval($_GET['id'])); + define('__SPONSOR_ID' , bigintval(REQUEST_GET('id'))); // Company's data define('__COMPANY' , $DATA['company']); define('__POSITION' , $DATA['position']); @@ -95,29 +95,29 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) { define('__INTERVAL' , CREATE_TIME_SELECTIONS($DATA['warning_interval'], "warning_interval", "MWDh")); // Init variables here - $TPL = sprintf("admin_edit_sponsor_%s", SQL_ESCAPE($_GET['mode'])); + $TPL = sprintf("admin_edit_sponsor_%s", SQL_ESCAPE(REQUEST_GET('mode'))); $SQLs = array(); // Sponsor was found - if ((isset($_POST['ok'])) || (isset($_POST['edit']))) { + if ((IS_FORM_SENT()) || (REQUEST_ISSET_POST(('edit')))) { // Perform action on mode - switch ($_GET['mode']) + switch (REQUEST_GET('mode')) { case "add_points": // Add points - if (strval($_POST['points']) > 0) { + if (strval(REQUEST_POST('points')) > 0) { // Replace german decimal comma with computer's decimal dot - $POINTS = strval(REVERT_COMMA($_POST['points'])); + $POINTS = strval(REVERT_COMMA(REQUEST_POST('points'))); // Add points to account SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET points_amount=points_amount+%s WHERE id='%s' LIMIT 1", - array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__); + array($POINTS, bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); // Remember points /reason for the template define('__POINTS' , TRANSLATE_COMMA($POINTS)); - define('__REASON' , $_POST['reason']); + define('__REASON' , REQUEST_POST('reason')); // Send email - $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $_POST['reason'], true); + $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", REQUEST_POST('reason'), true); SEND_EMAIL(__EMAIL, ADMIN_SPONSOR_ADD_POINTS, $msg); $MSG = ADMIN_SPONSOR_POINTS_ADDED; } else { @@ -127,20 +127,20 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) { break; case "sub_points": // Subtract points - if (strval($_POST['points']) > 0) { + if (strval(REQUEST_POST('points')) > 0) { // Replace german decimal comma with computer's decimal dot - $POINTS = strval(REVERT_COMMA($_POST['points'])); + $POINTS = strval(REVERT_COMMA(REQUEST_POST('points'))); // Add points to account SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET points_used=points_used+%s WHERE id='%s' LIMIT 1", - array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__); + array($POINTS, bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); // Remember points /reason for the template define('__POINTS' , TRANSLATE_COMMA($POINTS)); - define('__REASON' , $_POST['reason']); + define('__REASON' , REQUEST_POST('reason')); // Send email - $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $_POST['reason'], true); + $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", REQUEST_POST('reason'), true); SEND_EMAIL(__EMAIL, ADMIN_SPONSOR_SUB_POINTS, $msg); $MSG = ADMIN_SPONSOR_POINTS_SUBTRACTED; } else { @@ -151,33 +151,34 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) { case "edit": // Edit sponsor account $PASS = true; - if (($_POST['pass1'] != $_POST['pass2']) || ((empty($_POST['pass1'])) && (empty($_POST['pass1'])))) { + if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) || ((!REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass1'))))) { // Remove passwords - unset($_POST['pass1']); - unset($_POST['pass2']); + REQUEST_UNSET_POST(('pass1')); + REQUEST_UNSET_POST(('pass2')); $PASS = false; } // Convert time selection $DATA = array(); $id = "warning_interval_ye"; $skip = false; - CONVERT_SELECTIONS_TO_TIMESTAMP($_POST, $DATA, $id, $skip); + CONVERT_SELECTIONS_TO_TIMESTAMP(REQUEST_POST_ARRAY(), $DATA, $id, $skip); // Save the sponsor - SPONSOR_HANDLE_SPONSOR($_POST); + SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY()); // Convert some data for the email template - $_POST['gender'] = TRANSLATE_GENDER($_POST['gender']); - $_POST['warning_interval'] = CREATE_FANCY_TIME($_POST['warning_interval']); - if (!$PASS) $_POST['pass1'] = SPONSOR_PASS_UNCHANGED; + REQUEST_POST('gender' , TRANSLATE_GENDER(REQUEST_POST('gender'))); + REQUEST_POST('warning_interval', CREATE_FANCY_TIME(REQUEST_POST('warning_interval'))); + + if (!$PASS) REQUEST_SET_POST('pass1', getMessage('SPONSOR_PASS_UNCHANGED')); // Load email template and send the mail away - $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $_POST, false); - SEND_EMAIL($_POST['email'], ADMIN_SPONSOR_EDIT_SUBJECT, $msg); + $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", REQUEST_POST_ARRAY(), false); + SEND_EMAIL(REQUEST_POST('email'), getMessage('ADMIN_SPONSOR_EDIT_SUBJECT'), $msg); break; default: // Unknown mode - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown mode %s detected.", $_GET['mode'])); - $MSG = sprintf(getMessage('ADMIN_SPONSOR_INVALID_MODE'), SQL_ESCAPE($_GET['mode'])); + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown mode %s detected.", REQUEST_GET('mode'))); + $MSG = sprintf(getMessage('ADMIN_SPONSOR_INVALID_MODE'), SQL_ESCAPE(REQUEST_GET('mode'))); break; } @@ -193,11 +194,11 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) { LOAD_TEMPLATE($TPL); } else { // Template not found! - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_MODUS_TPL_404'), SQL_ESCAPE($_GET['mode']))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_MODUS_TPL_404'), SQL_ESCAPE(REQUEST_GET('mode')))); } } else { // Sponsor not found! - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id']))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id')))); } } else { // Not called by what-list_sponsor.php diff --git a/inc/modules/admin/what-edit_user.php b/inc/modules/admin/what-edit_user.php index 726707009f..3934d67c65 100644 --- a/inc/modules/admin/what-edit_user.php +++ b/inc/modules/admin/what-edit_user.php @@ -42,37 +42,37 @@ ADD_DESCR("admin", __FILE__); // Fix a notice $result_main = false; -if (isset($_GET['u_id'])) { +if (REQUEST_ISSET_GET(('uid'))) { // 0 1 2 3 4 5 6 7 8 9 10 11 $result_main = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); } -if ((SQL_NUMROWS($result_main) == 1) || (empty($_GET['u_id']))) +if ((SQL_NUMROWS($result_main) == 1) || (!REQUEST_ISSET_GET(('uid')))) { // User found - if (empty($_GET['u_id'])) + if (!REQUEST_ISSET_GET(('uid'))) { // Output selection form with all confirmed user accounts listed ADD_MEMBER_SELECTION_BOX(); } - elseif (isset($_POST['edit'])) + elseif (REQUEST_ISSET_POST(('edit'))) { // Ok, change the account... $PASS = false; $ADD = ""; - if ((empty($_POST['pass1'])) && (empty($_POST['pass2']))) + if ((!REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass2')))) { // Don't change the password $PASS = true; } - elseif (($_POST['pass1'] == $_POST['pass2'])) + elseif ((REQUEST_POST('pass1') == REQUEST_POST('pass2'))) { // Change the password $PASS = true; - $ADD = ", password='".generateHash($_POST['pass1'])."'"; + $ADD = ", password='".generateHash(REQUEST_POST('pass1'))."'"; } if ($PASS) { @@ -89,15 +89,15 @@ email='%s' ".$ADD." WHERE userid=%s LIMIT 1", array( - substr($_POST['gender'], 0, 1), - $_POST['surname'], - $_POST['family_name'], - $_POST['street_nr'], - $_POST['country'], - bigintval($_POST['zip']), - $_POST['city'], - $_POST['email'], - bigintval($_GET['u_id']), + substr(REQUEST_POST('gender'), 0, 1), + REQUEST_POST('surname'), + REQUEST_POST('family'), + REQUEST_POST('street_nr'), + REQUEST_POST('country'), + bigintval(REQUEST_POST('zip')), + REQUEST_POST('city'), + REQUEST_POST('email'), + bigintval(REQUEST_GET('uid')), ), __FILE__, __LINE__); $content = USER_ACCOUNT_SAVED; } @@ -143,11 +143,11 @@ WHERE userid=%s LIMIT 1", define('_COUNTRY', $country); define('_EMAIL' , $email); // Load template - LOAD_TEMPLATE("admin_edit_user", false, bigintval($_GET['u_id'])); + LOAD_TEMPLATE("admin_edit_user", false, bigintval(REQUEST_GET('uid'))); } } else { // Account does not exists! - LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."
"); + LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."
"); } // diff --git a/inc/modules/admin/what-email_archiv.php b/inc/modules/admin/what-email_archiv.php index 5aa4d53081..1095da6e65 100644 --- a/inc/modules/admin/what-email_archiv.php +++ b/inc/modules/admin/what-email_archiv.php @@ -53,11 +53,11 @@ $SQL = "SELECT id, sender, subject, text, receivers, payment_id, data_type, time $result_normal = SQL_QUERY($SQL, __FILE__, __LINE__); // Set offset an current page to default values -if (empty($_GET['page'])) $_GET['page'] = "1"; -if (empty($_GET['offset'])) $_GET['offset'] = getConfig('mails_page'); +if (!REQUEST_ISSET_GET(('page'))) REQUEST_GET('page') = "1"; +if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('mails_page')); // Add limitation to SQL string -$SQL .= " LIMIT ".($_GET['offset'] * $_GET['page'] - $_GET['offset']).", ".$_GET['offset']; +$SQL .= " LIMIT ".(REQUEST_GET('offset') * REQUEST_GET('page') - REQUEST_GET('offset')).", ".REQUEST_GET('offset'); // Run SQL query for normal mails $result = SQL_QUERY($SQL, __FILE__, __LINE__); diff --git a/inc/modules/admin/what-email_details.php b/inc/modules/admin/what-email_details.php index a2193ec131..40161f3807 100644 --- a/inc/modules/admin/what-email_details.php +++ b/inc/modules/admin/what-email_details.php @@ -60,22 +60,22 @@ ORDER BY timestamp DESC"; $WHO = _ALL; $SQL2 = ""; -if (!empty($_GET['mid'])) { +if (REQUEST_ISSET_GET(('mid'))) { // Only a specific mail shall be displayed // 0 1 2 3 4 5 6 7 8 9 10 $SQL = "SELECT id, sender, subject, text, receivers, payment_id, data_type, timestamp, url, target_send, cat_id FROM `{!_MYSQL_PREFIX!}_pool` - WHERE id='".bigintval($_GET['mid'])."' + WHERE id='".bigintval(REQUEST_GET('mid'))."' LIMIT 1"; - $WHO = MAIL_ID.": ".$_GET['mid']; -} elseif (!empty($_GET['u_id'])) { + $WHO = MAIL_ID.": ".REQUEST_GET('mid'); +} elseif (REQUEST_ISSET_GET(('uid'))) { // All mails by a specific member shall be displayed // 0 1 2 3 4 5 6 7 8 9 10 $SQL = "SELECT id, sender, subject, text, receivers, payment_id, data_type, timestamp, url, target_send, cat_id FROM `{!_MYSQL_PREFIX!}_pool` -WHERE sender='".bigintval($_GET['u_id'])."' +WHERE sender='".bigintval(REQUEST_GET('uid'))."' ORDER by timestamp DESC"; - $WHO = USER_ID.": ".$_GET['u_id']; + $WHO = USER_ID.": ".REQUEST_GET('uid'); } if ((EXT_IS_ACTIVE("bonus")) && ($WHO == _ALL)) { @@ -94,13 +94,13 @@ ORDER BY timestamp DESC"; $result_normal = SQL_QUERY($SQL, __FILE__, __LINE__); // Set offset an current page to default values -if (empty($_GET['page'])) $_GET['page'] = "1"; -if (empty($_GET['offset'])) $_GET['offset'] = getConfig('mails_page'); +if (!REQUEST_ISSET_GET(('page'))) REQUEST_GET('page') = "1"; +if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('mails_page')); // Add limitation to SQL string -if (empty($_GET['mid'])) { +if (!REQUEST_ISSET_GET(('mid'))) { // Create limitation line - $ADD = " LIMIT ".(bigintval($_GET['offset']) * bigintval($_GET['page']) - bigintval($_GET['offset'])).", ".bigintval($_GET['offset']); + $ADD = " LIMIT ".(bigintval(REQUEST_GET('offset')) * bigintval(REQUEST_GET('page')) - bigintval(REQUEST_GET('offset'))).", ".bigintval(REQUEST_GET('offset')); // For normal mails $SQL .= $ADD; diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index 548d708ade..7bab8cf7d2 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -43,15 +43,15 @@ ADD_DESCR("admin", __FILE__); // Normally we want the overview of all registered extensions $do = "overview"; $SEL = 0; -if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']); +if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel')); -if (!empty($_GET['reg_ext'])) { +if (REQUEST_ISSET_GET(('reg_ext'))) { // We are about to register a new extension - $do = "register"; $ext_id = bigintval($_GET['reg_ext']); + $do = "register"; $ext_id = bigintval(REQUEST_GET('reg_ext')); // The ID comes from task management and it is - of course - *not* the extension's name! -} elseif ((isset($_POST['change'])) && ($SEL > 0) && (!IS_DEMO())) { +} elseif ((REQUEST_ISSET_POST(('change'))) && ($SEL > 0) && (!IS_DEMO())) { // De-/activate extensions - foreach ($_POST['sel'] as $ext_id => $active) { + foreach (REQUEST_POST('sel') as $ext_id => $active) { // Shall we keep the extension always active? if ((isset($GLOBALS['cache_array']['active_extensions'][GET_EXT_NAME($ext_id)])) && ($GLOBALS['cache_array']['active_extensions'][GET_EXT_NAME($ext_id)] == "Y") && ($active == "N")) { // Keep this extension active! @@ -66,23 +66,23 @@ if (!empty($_GET['reg_ext'])) { EXTENSION_RUN_SQLS($ext_id, $EXT_LOAD_MODE); } } -} elseif (((isset($_POST['edit'])) || (isset($_POST['modify']))) && ($SEL > 0) && (!IS_DEMO())) { +} elseif (((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('modify')))) && ($SEL > 0) && (!IS_DEMO())) { // Change settings like CSS file load - if (isset($_POST['modify'])) { + if (REQUEST_ISSET_POST(('modify'))) { // Change entries $cache_update = 0; - foreach ($_POST['sel'] as $ext_id => $sel) { + foreach (REQUEST_POST('sel') as $ext_id => $sel) { // Secure ID $ext_id = bigintval($ext_id); // Change this extension? if ($sel == 1) { // Update extension's record - $active = $_POST['active'][$ext_id]; + $active = REQUEST_POST('active', $ext_id); if (GET_EXT_VERSION("sql_patches") >= "0.0.6") { // Update also CSS column when extensions sql_patches is newer or exact v0.0.6 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_extensions` SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1", - array($_POST['css'][$ext_id], $active, $ext_id), __FILE__, __LINE__); + array(REQUEST_POST('css', $ext_id), $active, $ext_id), __FILE__, __LINE__); } else { // When extension is older than v0.0.6 there is no column for the CSS information SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_extensions` SET ext_active='%s' WHERE id=%s LIMIT 1", @@ -105,7 +105,7 @@ if (!empty($_GET['reg_ext'])) { } else { // Edit selected entries $SW = "2"; $OUT = ""; - foreach ($_POST['sel'] as $ext_id => $sel) { + foreach (REQUEST_POST('sel') as $ext_id => $sel) { // Edit this extension? if (($sel == "Y") || ($sel == "N")) { // Load required data @@ -146,10 +146,10 @@ if (!empty($_GET['reg_ext'])) { LOAD_TEMPLATE("admin_extensions_edit"); $do = "edit"; } -} elseif ((isset($_POST['delete'])) && ($SEL > 0) && (!IS_DEMO())) { +} elseif ((REQUEST_ISSET_POST(('delete'))) && ($SEL > 0) && (!IS_DEMO())) { // List extensions and when verbose is enabled SQL statements which will be executed $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $ext_id => $sel) { + foreach (REQUEST_POST('sel') as $ext_id => $sel) { // Init variables $VERBOSE_OUT = ""; $SQLs = array(); @@ -185,10 +185,10 @@ if (!empty($_GET['reg_ext'])) { // Load template LOAD_TEMPLATE("admin_extensions_delete"); $do = "delete"; -} elseif ((isset($_POST['remove'])) && ($SEL > 0) && (!IS_DEMO())) { +} elseif ((REQUEST_ISSET_POST(('remove'))) && ($SEL > 0) && (!IS_DEMO())) { // Remove extensions from DB (you have to delete all files manually!) $cache_update = 0; - foreach ($_POST['sel'] as $ext_id => $active) { + foreach (REQUEST_POST('sel') as $ext_id => $active) { // Secure ID number $ext_id = bigintval($ext_id); @@ -201,18 +201,18 @@ if (!empty($_GET['reg_ext'])) { EXTENSION_RUN_SQLS($ext_id, "remove"); } // END - if } // END - foreach -} elseif (!empty($_GET['do']) && (!IS_DEMO())) { +} elseif (REQUEST_ISSET_GET(('do')) && (!IS_DEMO())) { // Other things to do - $do = SQL_ESCAPE(strip_tags($_GET['do'])); -} elseif (!empty($_GET['do'])) { + $do = SQL_ESCAPE(strip_tags(REQUEST_GET('do'))); +} elseif (REQUEST_ISSET_GET(('do'))) { // Demo mode active! $do = "demo"; } // Shall we display active/inactive extensions? $where = ""; -if (!empty($_GET['active'])) { - $where = sprintf("WHERE ext_active = '%s'", SQL_ESCAPE(strip_tags($_GET['active']))); +if (REQUEST_ISSET_GET(('active'))) { + $where = sprintf("WHERE ext_active = '%s'", SQL_ESCAPE(strip_tags(REQUEST_GET('active')))); } // END - if // Case selection diff --git a/inc/modules/admin/what-guest_add.php b/inc/modules/admin/what-guest_add.php index ecae91db22..52e768a92a 100644 --- a/inc/modules/admin/what-guest_add.php +++ b/inc/modules/admin/what-guest_add.php @@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Check if the admin has entered title and what-php file name... -if (((empty($_POST['title'])) || (empty($_POST['menu']))) && (isset($_POST['ok']))) { +if (((!REQUEST_ISSET_POST(('title'))) || (!REQUEST_ISSET_POST(('menu')))) && (IS_FORM_SENT())) { // Abort adding the menu entry - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); } -if (!isset($_POST['ok'])) { +if (!IS_FORM_SENT()) { // Create arrays $menus = array(); $titles = array(); $below = array(); @@ -166,24 +166,24 @@ WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ORDER BY `sort`", LOAD_TEMPLATE("admin_guest_add"); } elseif (!IS_DEMO()) { // Insert new menu entry - if (!empty($_POST['menu'])) { + if (REQUEST_ISSET_POST(('menu'))) { SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_guest_menu` (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('%s','%s','%s','%s','%s','%s')", array( - $_POST['menu'], - $_POST['name'], - $_POST['title'], - bigintval($_POST['sort']), - $_POST['visible'], - $_POST['active'], + REQUEST_POST('menu'), + REQUEST_POST('name'), + REQUEST_POST('title'), + bigintval(REQUEST_POST('sort')), + REQUEST_POST('visible'), + REQUEST_POST('active'), ), __FILE__, __LINE__); } else { SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_guest_menu` (action, title, sort, visible, locked) VALUES ('%s','%s','%s','%s','%s')", array( - $_POST['name'], - $_POST['title'], - bigintval($_POST['sort']), - $_POST['visible'], - $_POST['active'], + REQUEST_POST('name'), + REQUEST_POST('title'), + bigintval(REQUEST_POST('sort')), + REQUEST_POST('visible'), + REQUEST_POST('active'), ), __FILE__, __LINE__); } LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED')); diff --git a/inc/modules/admin/what-guestedit.php b/inc/modules/admin/what-guestedit.php index 3f67c4ca9c..ad43c6961a 100644 --- a/inc/modules/admin/what-guestedit.php +++ b/inc/modules/admin/what-guestedit.php @@ -43,24 +43,24 @@ ADD_DESCR("admin", __FILE__); // Do we edit/delete/change main menus or sub menus? $AND = "(`what` = '' OR `what` IS NULL)"; $SUB = ""; -if (!empty($_GET['sub'])) { - $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub'])); - $SUB = SQL_ESCAPE($_GET['sub']); +if (REQUEST_ISSET_GET(('sub'))) { + $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub'))); + $SUB = SQL_ESCAPE(REQUEST_GET('sub')); } // END - if // Get count of (maybe) selected menu points $chk = 0; -if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']); +if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel')); // List all menu points and make them editable -if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) +if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO())) { // Edit menu entries define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); $cnt = 0; $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $sel => $confirm) + foreach (REQUEST_POST('sel') as $sel => $confirm) { if ($confirm == 1) { @@ -99,23 +99,18 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) // Load template LOAD_TEMPLATE("admin_gmenu_edit_form"); -} - elseif ((isset($_POST['del'])) && (!IS_DEMO())) -{ +} elseif ((REQUEST_ISSET_POST(('del'))) && (!IS_DEMO())) { // Del menu entries with or without confirmation define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); $cnt = 0; $OUT = ""; $SW = 2; - foreach ($_POST['sel'] as $sel => $confirm) - { - if ($confirm == 1) - { + foreach (REQUEST_POST('sel') as $sel => $confirm) { + if ($confirm == 1) { $cnt++; $result = SQL_QUERY_ESC("SELECT title FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($sel)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array(bigintval($sel)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Entry found so we load the stuff... list($menu) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -126,9 +121,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) 'sw' => $SW, ); $OUT .= LOAD_TEMPLATE("admin_gmenu_delete_row", true, $DATA); - } - else - { + } else { // Entry not found? $content = array( 'sw' => $SW, @@ -144,28 +137,24 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) // Load template LOAD_TEMPLATE("admin_gmenu_delete"); -} - elseif ((isset($_POST['ok'])) && (!IS_DEMO())) -{ +} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) { // An action is done... - switch ($_POST['ok']) + switch (REQUEST_POST('ok')) { case "edit": // Edit menu - foreach ($_POST['sel'] as $sel => $menu) - { + foreach (REQUEST_POST('sel') as $sel => $menu) { // Secure selector $sel = bigintval($sel); // Update entry SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `title`='%s', `action`='%s', `what`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__); + array($menu, REQUEST_POST('sel_action', $sel), REQUEST_POST('sel_what', $sel), $sel),__FILE__, __LINE__); } LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED')); break; case "del": // Delete menu - foreach ($_POST['sel'] as $sel => $menu) - { + foreach (REQUEST_POST('sel') as $sel => $menu) { // Delete enty SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); @@ -174,34 +163,31 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) break; case "status": // Change access levels - foreach ($_POST['sel'] as $sel => $menu) - { + foreach (REQUEST_POST('sel') as $sel => $menu) { // Secure selector $sel = bigintval($sel); // Update entry SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `visible`='%s', `locked`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__); + array(REQUEST_POST('visible', $sel), REQUEST_POST('locked', $sel), $sel), __FILE__, __LINE__); } LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED')); break; default: // Unexpected action - define('__OK_VALUE', $_POST['ok']); - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", $_POST['ok'])); + define('__OK_VALUE', REQUEST_POST('ok')); + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", REQUEST_POST('ok'))); LOAD_TEMPLATE("admin_menu_unknown_okay"); break; } -} - elseif ((isset($_POST['status'])) && ($chk > 0) && (!IS_DEMO())) -{ +} elseif ((REQUEST_ISSET_POST(('status'))) && ($chk > 0) && (!IS_DEMO())) { // Change status (visible / locked) define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); // Load template $SW = 2; $cnt = 0; $OUT = ""; - foreach ($_POST['sel'] as $sel => $confirm) + foreach (REQUEST_POST('sel') as $sel => $confirm) { if ($confirm == 1) { @@ -243,26 +229,26 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) // Load template LOAD_TEMPLATE("admin_gmenu_status"); } else { - if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) { + if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) { // Get IDs - if (!empty($_GET['w'])) { + if (REQUEST_ISSET_GET(('w'))) { // Sub menus selected $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1", - array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__); + array(REQUEST_GET('act'), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__); list($tid) = SQL_FETCHROW($result); SQL_FREERESULT($result); $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1", - array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__); + array(REQUEST_GET('act'), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__); list($fid) = SQL_FETCHROW($result); SQL_FREERESULT($result); } else { // Main menu selected $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1", - array(bigintval($_GET['tid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__); list($tid) = SQL_FETCHROW($result); SQL_FREERESULT($result); $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1", - array(bigintval($_GET['fid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__); list($fid) = SQL_FETCHROW($result); SQL_FREERESULT($result); } @@ -270,9 +256,9 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) if ((!empty($tid)) && (!empty($fid))) { // Sort menu SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__); SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__); } // END - if } // END - if diff --git a/inc/modules/admin/what-list_bank_package.php b/inc/modules/admin/what-list_bank_package.php index 413c3cba79..e6d2c99a8f 100644 --- a/inc/modules/admin/what-list_bank_package.php +++ b/inc/modules/admin/what-list_bank_package.php @@ -42,31 +42,31 @@ ADD_DESCR("admin", __FILE__); // Check if there is enougth selected $show = true; -if ((isset($_POST['id'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) { +if ((REQUEST_ISSET_POST(('id'))) && (is_array(REQUEST_POST('id'))) && (count(REQUEST_POST('id')) > 0)) { // Okay, which button was pressed? - if (isset($_POST['change'])) { + if (REQUEST_ISSET_POST(('change'))) { // Change permissions - ADMIN_CHANGE_ACTIVATION_STATUS($_POST['id'], "bank_packages", "package_active"); - } elseif (isset($_POST['edit'])) { + ADMIN_CHANGE_ACTIVATION_STATUS(REQUEST_POST('id'), "bank_packages", "package_active"); + } elseif (REQUEST_ISSET_POST(('edit'))) { // Delete entries (with confirmation) ADMIN_EDIT_ENTRIES_CONFIRM( - $_POST['id'], + REQUEST_POST('id'), "bank_packages", array("id", "title", "description", "account_fee", "free_transfers", "transfer_fee", "output_system_mode", "package_active", "free_months_no_fee", "interest_plus", "interest_minus", "first_payment", "free_account_income", "free_account_stuff", "tan_lock"), array("bigintval", "", "", "TRANSLATE_COMMA", "bigintval", "TRANSLATE_COMMA", "", "", "bigintval", "TRANSLATE_COMMA", "TRANSLATE_COMMA", "TRANSLATE_COMMA", "TRANSLATE_COMMA", "", "bigintval"), array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "") ); $show = false; - } elseif (isset($_POST['do_edit'])) { + } elseif (REQUEST_ISSET_POST(('do_edit'))) { // Delete entries (with confirmation) - ADMIN_EDIT_ENTRIES_CONFIRM($_POST['id'], "bank_packages", array(), array(), array(), true); - } elseif (isset($_POST['delete'])) { + ADMIN_EDIT_ENTRIES_CONFIRM(REQUEST_POST('id'), "bank_packages", array(), array(), array(), true); + } elseif (REQUEST_ISSET_POST(('delete'))) { // Delete entries (with confirmation) - ADMIN_DELETE_ENTRIES_CONFIRM($_POST['id'], "bank_packages", array("id", "title", "description", "account_fee"), array("bigintval", "", "", "TRANSLATE_COMMA"), array("", "", "", "")); + ADMIN_DELETE_ENTRIES_CONFIRM(REQUEST_POST('id'), "bank_packages", array("id", "title", "description", "account_fee"), array("bigintval", "", "", "TRANSLATE_COMMA"), array("", "", "", "")); $show = false; - } elseif (isset($_POST['remove'])) { + } elseif (REQUEST_ISSET_POST(('remove'))) { // Delete entries (with confirmation) - ADMIN_DELETE_ENTRIES_CONFIRM($_POST['id'], "bank_packages", array(), array(), array(), true); + ADMIN_DELETE_ENTRIES_CONFIRM(REQUEST_POST('id'), "bank_packages", array(), array(), array(), true); } } // END - if diff --git a/inc/modules/admin/what-list_beg.php b/inc/modules/admin/what-list_beg.php index f99652bc31..28e8f6abaa 100644 --- a/inc/modules/admin/what-list_beg.php +++ b/inc/modules/admin/what-list_beg.php @@ -41,7 +41,7 @@ ADD_DESCR("admin", __FILE__); if (getConfig('beg_rallye') == "Y") { // Shall I withdraw now? - if (isset($_POST['withdraw'])) { + if (REQUEST_ISSET_POST(('withdraw'))) { // Okay, let's prepare... $curr = date("m", time()) - 1; if (strlen($curr) == 1) $curr = "0".$curr; diff --git a/inc/modules/admin/what-list_bonus.php b/inc/modules/admin/what-list_bonus.php index 3148e6cedc..0b36b260e1 100644 --- a/inc/modules/admin/what-list_bonus.php +++ b/inc/modules/admin/what-list_bonus.php @@ -42,7 +42,7 @@ ADD_DESCR("admin", __FILE__); if (getConfig('bonus_active') == "Y") { // Shall I withdraw now? - if (isset($_POST['withdraw'])) { + if (REQUEST_ISSET_POST(('withdraw'))) { // Okay, let's prepare... $curr = date("m", time()) - 1; if (strlen($curr) == 1) $curr = "0".$curr; diff --git a/inc/modules/admin/what-list_cats.php b/inc/modules/admin/what-list_cats.php index 7d6556fc90..4b1eac18ed 100644 --- a/inc/modules/admin/what-list_cats.php +++ b/inc/modules/admin/what-list_cats.php @@ -41,18 +41,18 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_GET['u_id'])) { +if (REQUEST_ISSET_GET(('uid'))) { // Check if the user already exists $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Loads surname, family's name and the email address list($sname, $fname, $email) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Prepare constants - define('__CATS_BASE' , "".$sname." ".$fname.""); @@ -65,7 +65,7 @@ if (!empty($_GET['u_id'])) { while (list($cid, $cat) = SQL_FETCHROW($result_cats)) { // Check user's selection $result_user = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_user_cats` WHERE userid=%s AND cat_id=%s LIMIT 1", - array(bigintval($_GET['u_id']), bigintval($cid)), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid')), bigintval($cid)), __FILE__, __LINE__); // Set selection $SELECTED = "{--NO--}"; diff --git a/inc/modules/admin/what-list_country.php b/inc/modules/admin/what-list_country.php index 1c99093ddd..ee00866b20 100644 --- a/inc/modules/admin/what-list_country.php +++ b/inc/modules/admin/what-list_country.php @@ -41,43 +41,43 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Add new code? -if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr']))) { +if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('code'))) && (REQUEST_ISSET_POST(('descr')))) { // Check if country code does already exist $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_countries` WHERE code='%s' LIMIT 1", - array(strtoupper($_POST['code'])), __FILE__, __LINE__); + array(strtoupper(REQUEST_POST('code'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Save entry SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_countries` (code, descr, is_active) VALUES ('%s','%s','%s')", array( - strtoupper(substr($_POST['code'], 0, 2)), - $_POST['descr'], - $_POST['is_active'] + strtoupper(substr(REQUEST_POST('code'), 0, 2)), + REQUEST_POST('descr'), + REQUEST_POST('is_active') ), __FILE__, __LINE__); // Country added - $MSG = ADMIN_COUNTRY_ADDED_1.strtoupper($_POST['descr']).ADMIN_COUNTRY_ADDED_2; + $MSG = ADMIN_COUNTRY_ADDED_1.strtoupper(REQUEST_POST('descr')).ADMIN_COUNTRY_ADDED_2; } else { // Free memory SQL_FREERESULT($result); // Does already exist - $MSG = ADMIN_COUNTRY_ALREADY_1.strtoupper($_POST['code']).ADMIN_COUNTRY_ALREADY_2; + $MSG = ADMIN_COUNTRY_ALREADY_1.strtoupper(REQUEST_POST('code')).ADMIN_COUNTRY_ALREADY_2; } // Display message LOAD_TEMPLATE("admin_settings_saved", false, $MSG); -} elseif ((isset($_POST['change'])) && (!empty($_POST['id']))) { +} elseif ((REQUEST_ISSET_POST(('change'))) && (REQUEST_ISSET_POST(('id')))) { // Change all status - ADMIN_CHANGE_ACTIVATION_STATUS($_POST['id'], "countries", "is_active"); + ADMIN_CHANGE_ACTIVATION_STATUS(REQUEST_POST('id'), "countries", "is_active"); // Show next link LOAD_TEMPLATE("admin_next_link", false, array( 'url' => "modules.php?module=admin&what=list_country", 'title' => getMessage('ADMIN_COUNTRY_ACTIVATION_NEXT_LINK') )); -} elseif (((isset($_POST['edit'])) || (isset($_POST['delete']))) && (!empty($_POST['id']))) { - if (count($_POST['id']) > 0) { - if (isset($_POST['edit'])) { +} elseif (((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('delete')))) && (REQUEST_ISSET_POST(('id')))) { + if (count(REQUEST_POST('id')) > 0) { + if (REQUEST_ISSET_POST(('edit'))) { // Edit template $row = "admin_list_country_edit_row"; $post = "modify"; @@ -97,7 +97,7 @@ if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr' // Edit all selected country codes $OUT = ""; $SW = 2; - foreach ($_POST['id'] as $id => $status) { + foreach (REQUEST_POST('id') as $id => $status) { // Load data from DB $result = SQL_QUERY_ESC("SELECT code, descr FROM `{!_MYSQL_PREFIX!}_countries` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -140,18 +140,18 @@ if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr' } else { // Shall we modify / remove entries now? $MSG = ""; $SQLs = array(); - if ((isset($_POST['modify'])) && (!empty($_POST['id']))) { + if ((REQUEST_ISSET_POST(('modify'))) && (REQUEST_ISSET_POST(('id')))) { // Modify - foreach ($_POST['id'] as $id => $sel) { - $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_countries` SET code='".$_POST['code'][$id]."', descr='".$_POST['descr'][$id]."', is_active='".$_POST['is_active'][$id]."' WHERE id='".$id."' LIMIT 1"; + foreach (REQUEST_POST('id') as $id => $sel) { + $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_countries` SET code='".REQUEST_POST('code', $id)."', descr='".REQUEST_POST('descr', $id)."', is_active='".REQUEST_POST('is_active', $id)."' WHERE id='".$id."' LIMIT 1"; } // Create message $MSG = ADMIN_COUNTRIES_MODIFIED; - } elseif ((isset($_POST['remove'])) && (!empty($_POST['id']))) { + } elseif ((REQUEST_ISSET_POST(('remove'))) && (REQUEST_ISSET_POST(('id')))) { // Remove - $IDs = implode(",", array_keys($_POST['id'])); - $SQLs[] = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_countries` WHERE id IN (".$IDs.") LIMIT ".count($_POST['id']).""; + $IDs = implode(",", array_keys(REQUEST_POST('id'))); + $SQLs[] = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_countries` WHERE id IN (".$IDs.") LIMIT ".count(REQUEST_POST('id')).""; // Create message $MSG = ADMIN_COUNTRIES_REMOVED; diff --git a/inc/modules/admin/what-list_doubler.php b/inc/modules/admin/what-list_doubler.php index 2ad42035d9..b436e2ffe4 100644 --- a/inc/modules/admin/what-list_doubler.php +++ b/inc/modules/admin/what-list_doubler.php @@ -40,18 +40,18 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (empty($_GET['mode'])) { +if (!REQUEST_ISSET_GET(('mode'))) { // Chosse the overview page as default - $_GET['mode'] = "overview"; + REQUEST_GET('mode', "overview"); } else { // Set table title automatically - if (empty($_GET['select'])) $_GET['select'] = "all"; - $eval = "define('__ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."', getMessage('ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."_".strtoupper($_GET['select'])."'));"; + if (!REQUEST_ISSET_GET(('select'))) REQUEST_GET('select', "all"); + $eval = "define('__ADMIN_DOUBLER_LIST_".strtoupper(REQUEST_GET('mode'))."', getMessage('ADMIN_DOUBLER_LIST_".strtoupper(REQUEST_GET('mode'))."_".strtoupper(REQUEST_GET('select'))."'));"; eval($eval); } // Load data for the template -switch ($_GET['mode']) +switch (REQUEST_GET('mode')) { case "already": // Already payed out points break; @@ -129,7 +129,7 @@ case "overview": // General overview page } // Load mode template -LOAD_TEMPLATE("admin_list_doubler_".$_GET['mode']); +LOAD_TEMPLATE("admin_list_doubler_".REQUEST_GET('mode')); // ?> diff --git a/inc/modules/admin/what-list_links.php b/inc/modules/admin/what-list_links.php index 0045d14913..cae5fb6885 100644 --- a/inc/modules/admin/what-list_links.php +++ b/inc/modules/admin/what-list_links.php @@ -43,12 +43,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (empty($_GET['del'])) $_GET['del'] = ""; +if (!REQUEST_ISSET_GET(('del'))) REQUEST_SET_GET('del', ""); -if (!empty($_GET['u_id'])) { +if (REQUEST_ISSET_GET(('uid'))) { // Check if the user already exists $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); // Is there an entry? if (SQL_NUMROWS($result) == 1) { @@ -60,11 +60,11 @@ if (!empty($_GET['u_id'])) { if (EXT_IS_ACTIVE("bonus")) { // Load bonus ID $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM `{!_MYSQL_PREFIX!}_user_links` WHERE userid=%s ORDER BY `id`", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); } else { // Load stats ID (2nd will be ignored later! But it is needed for the same fetchrow command) $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM `{!_MYSQL_PREFIX!}_user_links` WHERE userid=%s ORDER BY `id`", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); } // Get number of rows from the query @@ -72,13 +72,13 @@ if (!empty($_GET['u_id'])) { if ($nums > 0) { // Some unconfirmed mails left - if ($_GET['del'] == "all") { + if (REQUEST_GET('del') == "all") { // Delete all unconfirmed mails by this user SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_links` WHERE userid=%s LIMIT %s", - array(bigintval($_GET['u_id']), $nums), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid')), $nums), __FILE__, __LINE__); // Prepare mail and send it away - $msg = LOAD_EMAIL_TEMPLATE("admin-del_links", $nums, bigintval($_GET['u_id'])); + $msg = LOAD_EMAIL_TEMPLATE("admin-del_links", $nums, bigintval(REQUEST_GET('uid'))); SEND_EMAIL($email, getMessage('ADMIN_DEL_LINK_SUBJ'), $msg); // Display message @@ -100,14 +100,14 @@ if (!empty($_GET['u_id'])) { $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM `{!_MYSQL_PREFIX!}_user_stats` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); $type = "mailid"; $DATA = $id; $PROBLEM = getMessage('NORMAL_MAIL_PROBLEM'); - $LINK = "".$id.""; + $LINK = "".$id.""; break; case "BONUS": $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s LIMIT 1", array(bigintval($id2)), __FILE__, __LINE__); $type = "bonusid"; $DATA = $id2; $PROBLEM = getMessage('BONUS_MAIL_PROBLEM'); - $LINK = "".$id2.""; + $LINK = "".$id2.""; break; default: // Problem in application detected! @@ -155,18 +155,18 @@ if (!empty($_GET['u_id'])) { define('__EMAIL_VALUE', "".$email.""); define('__EMAIL_LIST' , $OUT); define('__NUMS_VALUE' , $nums); - define('__UID' , bigintval($_GET['u_id'])); + define('__UID' , bigintval(REQUEST_GET('uid'))); // Load final template LOAD_TEMPLATE("admin_list_links"); } } else { // No mails left to confirm - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_LINKS'), $_GET['u_id'])); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_LINKS'), REQUEST_GET('uid'))); } } else { // User not found - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))); } } else { // Output selection form with all confirmed user accounts listed diff --git a/inc/modules/admin/what-list_newsletter.php b/inc/modules/admin/what-list_newsletter.php index 201c52a67e..6685de8a84 100644 --- a/inc/modules/admin/what-list_newsletter.php +++ b/inc/modules/admin/what-list_newsletter.php @@ -40,18 +40,18 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if ((!empty($_POST['uid'])) && (!empty($_POST['id']))) { +if ((REQUEST_ISSET_POST(('uid'))) && (REQUEST_ISSET_POST(('id')))) { // Update database... // First user's account SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nl_until=(UNIX_TIMESTAMP() + nl_timespan), nl_receive='N', nl_timespan=0 WHERE userid=%s LIMIT 1", - array(bigintval($_POST['uid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_POST('uid'))), __FILE__, __LINE__); // Next the task system... - RUN_FILTER('solve_task', bigintval($_POST['id'])); + RUN_FILTER('solve_task', bigintval(REQUEST_POST('id'))); // Send mail to user - $msg = LOAD_EMAIL_TEMPLATE("member_newsletter_done", true, bigintval($_POST['uid'])); - SEND_EMAIL(bigintval($_POST['uid']), NL_MEMBER_DONE_SUBJECT, $msg); + $msg = LOAD_EMAIL_TEMPLATE("member_newsletter_done", true, bigintval(REQUEST_POST('uid'))); + SEND_EMAIL(bigintval(REQUEST_POST('uid')), NL_MEMBER_DONE_SUBJECT, $msg); // Output message to admin LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_NL_MEMBER_DONE')); diff --git a/inc/modules/admin/what-list_notifications.php b/inc/modules/admin/what-list_notifications.php index 253a8d647c..cfee49da76 100644 --- a/inc/modules/admin/what-list_notifications.php +++ b/inc/modules/admin/what-list_notifications.php @@ -45,10 +45,10 @@ $WHO = _ALL; $SQL2 = ""; // Set offset an current page to default values -if (empty($_GET['page'])) $_GET['page'] = "1"; -if (empty($_GET['offset'])) $_GET['offset'] = getConfig('mails_page'); +if (!REQUEST_ISSET_GET(('page'))) REQUEST_GET('page') = "1"; +if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('mails_page')); -if ((EXT_IS_ACTIVE("bonus")) && ($WHO == _ALL)) { +if ((EXT_IS_ACTIVE("bonus")) && ($WHO == getMessage('_ALL'))) { // Bonus mails sent by you // 0 1 2 3 4 5 6 7 8 9 10 11 12 $SQL2 = "SELECT id, subject, text, receivers, points, time, data_type, timestamp, url, cat_id, target_send, mails_sent, clicks @@ -63,7 +63,7 @@ ORDER BY timestamp DESC"; } // Create limitation line -$ADD = " LIMIT ".(bigintval($_GET['offset']) * bigintval($_GET['page']) - bigintval($_GET['offset'])).", ".bigintval($_GET['offset']); +$ADD = " LIMIT ".(bigintval(REQUEST_GET('offset')) * bigintval(REQUEST_GET('page')) - bigintval(REQUEST_GET('offset'))).", ".bigintval(REQUEST_GET('offset')); // Add limitation if (!empty($SQL2)) $SQL2 .= $ADD; diff --git a/inc/modules/admin/what-list_payouts.php b/inc/modules/admin/what-list_payouts.php index 35e3bb7215..c6600aec5c 100644 --- a/inc/modules/admin/what-list_payouts.php +++ b/inc/modules/admin/what-list_payouts.php @@ -40,15 +40,15 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_GET['pid'])) { +if (REQUEST_ISSET_GET(('pid'))) { // First let's get the member's ID $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE id=%s LIMIT 1", - array($_GET['pid']), __FILE__, __LINE__); + array(REQUEST_GET('pid')), __FILE__, __LINE__); list($uid, $tuid, $points, $tstamp, $tpass) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Obtain some data - if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0)) { + if (!REQUEST_ISSET_GET(('task')) && (!empty($uid)) && ($uid > 0)) { // Get task ID from database $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_task_system` WHERE userid=%s AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); @@ -60,7 +60,7 @@ if (!empty($_GET['pid'])) { LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_FAILED_OBTAIN_USERID); } else { // Get task ID from URL - $task = $_GET['task']; + $task = REQUEST_GET('task'); } if ((!empty($task)) && (!empty($uid)) && ($uid > 0)) { @@ -73,12 +73,12 @@ if (!empty($_GET['pid'])) { // Konstante bauen define('PAYOUT_USERDATA_VALUE', "".TRANSLATE_GENDER($gender)." ".$surname." ".$family.""); - if (($_GET['do'] == "accept") && (!empty($email))) { + if ((REQUEST_GET('do') == "accept") && (!empty($email))) { // Ok, now we can output the form or execute accepting - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Obtain payout type and other data $result = SQL_QUERY_ESC("SELECT payout_id FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE id=%s LIMIT 1", - array(bigintval($_GET['pid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__); list($ptype) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -127,10 +127,10 @@ if (!empty($_GET['pid'])) { // Clear payout request SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_payouts` SET `status`='ACCEPTED' WHERE id=%s LIMIT 1", - array(bigintval($_GET['pid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__); // Send out mail - $msg = LOAD_EMAIL_TEMPLATE("member_payout_accepted", $_POST['text'], $uid); + $msg = LOAD_EMAIL_TEMPLATE("member_payout_accepted", REQUEST_POST('text'), $uid); // Output message if ($allow == "Y") { @@ -156,9 +156,9 @@ if (!empty($_GET['pid'])) { // Load template LOAD_TEMPLATE("admin_payout_accept_form", false, $task); } - } elseif (($_GET['do'] == "reject") && (!empty($email))) { + } elseif ((REQUEST_GET('do') == "reject") && (!empty($email))) { // Ok, now we can output the form or execute rejecting - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { if ($task > 0) { // Clear task RUN_FILTER('solve_task', $task); @@ -166,10 +166,10 @@ if (!empty($_GET['pid'])) { // Clear payout request SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_payouts` SET `status`='REJECTED' WHERE id=%s LIMIT 1", - array(bigintval($_GET['pid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__); // Send out mail - $msg = LOAD_EMAIL_TEMPLATE("member_payout_rejected", $_POST['text'], $uid); + $msg = LOAD_EMAIL_TEMPLATE("member_payout_rejected", REQUEST_POST('text'), $uid); // Output message LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_REJECTED_NOTIFIED); @@ -186,11 +186,12 @@ if (!empty($_GET['pid'])) { } } elseif ((empty($task)) || ($task == "0")) { // Failed loading task ID - LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_FAILED_OBTAIN_TASK_ID); + LOAD_TEMPLATE("admin_settings_saved", false, getMessage('PAYOUT_FAILED_OBTAIN_TASK_ID')); } } else { - if (empty($_GET['do'])) $_GET['do'] = ""; - if ($_GET['do'] == "delete") { + if (!REQUEST_ISSET_GET(('do'))) REQUEST_SET_GET('do', ""); + + if (REQUEST_GET('do') == "delete") { // Delete all requests $result = SQL_QUERY("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_payouts`", __FILE__, __LINE__); } diff --git a/inc/modules/admin/what-list_rallyes.php b/inc/modules/admin/what-list_rallyes.php index 44b4be1d7a..98b6f61d17 100644 --- a/inc/modules/admin/what-list_rallyes.php +++ b/inc/modules/admin/what-list_rallyes.php @@ -40,17 +40,17 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (empty($_GET['sub'])) $_GET['sub'] = ""; +if (!REQUEST_ISSET_GET(('sub'))) REQUEST_SET_GET('sub', ""); $MSG = ""; // Quick actions on a rallye -if (isset($_GET['rallye'])) +if (REQUEST_ISSET_GET(('rallye'))) { // Activate / deactivate $SQL = ""; - if (isset($_GET['activate'])) + if (REQUEST_ISSET_GET(('activate'))) { - switch ($_GET['activate']) + switch (REQUEST_GET('activate')) { case "1": // Activate $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET is_active='Y' WHERE id=%s AND is_active='N' LIMIT 1"; @@ -63,9 +63,9 @@ if (isset($_GET['rallye'])) } // Automatic notification - if (isset($_GET['notify'])) + if (REQUEST_ISSET_GET(('notify'))) { - switch ($_GET['notify']) + switch (REQUEST_GET('notify')) { case "1": // Activate $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET send_notify='Y' WHERE id=%s AND send_notify='N' LIMIT 1"; @@ -78,9 +78,9 @@ if (isset($_GET['rallye'])) } // Automatic adding of new members - if (isset($_GET['auto'])) + if (REQUEST_ISSET_GET(('auto'))) { - switch ($_GET['auto']) + switch (REQUEST_GET('auto')) { case "1": // Activate $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET auto_add_new_user='Y' WHERE id=%s AND auto_add_new_user='N' LIMIT 1"; @@ -95,17 +95,17 @@ if (isset($_GET['rallye'])) // Run SQL command if (!empty($SQL)) { - $result = SQL_QUERY_ESC($SQL, array(bigintval($_GET['rallye'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC($SQL, array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__); } } - elseif (isset($_POST['remove'])) + elseif (REQUEST_ISSET_POST(('remove'))) { // Delete rallyes - $SEL = SELECTION_COUNT($_POST['sel']); + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); if ($SEL > 0) { // Delete selected rallyes and all it's data - foreach ($_POST['sel'] as $id => $sel) + foreach (REQUEST_POST('sel') as $id => $sel) { // Remove selected rallye entirely... SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1", @@ -125,21 +125,21 @@ if (isset($_GET['rallye'])) $MSG = RALLYE_DELETE_NOTHING_SELECTED; } } - elseif (isset($_POST['change'])) + elseif (REQUEST_ISSET_POST(('change'))) { // Change rallye - $SEL = SELECTION_COUNT($_POST['title']); + $SEL = SELECTION_COUNT(REQUEST_POST('title')); if ($SEL > 0) { // Change selected rallyes and all it's data - foreach ($_POST['title'] as $id => $title) + foreach (REQUEST_POST('title') as $id => $title) { // Secure ID number $id = bigintval($id); // Generate timestamps - $START = mktime($_POST['start_hour'][$id], $_POST['start_min'][$id], $_POST['start_sec'][$id], $_POST['start_month'][$id], $_POST['start_day'][$id], $_POST['start_year'][$id]); - $END = mktime($_POST['end_hour'][$id] , $_POST['end_min'][$id] , $_POST['end_sec'][$id] , $_POST['end_month'][$id] , $_POST['end_day'][$id] , $_POST['end_year'][$id] ); + $START = mktime(REQUEST_POST('start_hour', $id), REQUEST_POST('start_min', $id), REQUEST_POST('start_sec', $id), REQUEST_POST('start_month', $id), REQUEST_POST('start_day', $id), REQUEST_POST('start_year', $id)); + $END = mktime(REQUEST_POST('end_hour', $id) , REQUEST_POST('end_min', $id) , REQUEST_POST('end_sec', $id) , REQUEST_POST('end_month', $id) , REQUEST_POST('end_day', $id) , REQUEST_POST('end_year', $id) ); // Update entry SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET @@ -151,8 +151,16 @@ end_time='%s', min_users='%s', min_prices='%s' WHERE id='".$id."' LIMIT 1", - array($title, $_POST['descr'][$id], $_POST['templ'][$id], bigintval($START), bigintval($END), bigintval($_POST['min_users'][$id]), bigintval($_POST['min_prices'][$id]), $id), - __FILE__, __LINE__); + array( + $title, + REQUEST_POST('descr', $id), + REQUEST_POST('templ', $id), + bigintval($START), + bigintval($END), + bigintval(REQUEST_POST('min_users', $id)), + bigintval(REQUEST_POST('min_prices', $id)), + $id + ), __FILE__, __LINE__); } // Output message @@ -160,16 +168,13 @@ WHERE id='".$id."' LIMIT 1", } } -if (isset($_POST['edit'])) -{ +if (REQUEST_ISSET_POST(('edit'))) { // Check for selections - $SEL = SELECTION_COUNT($_POST['sel']); - if ($SEL > 0) - { + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); + if ($SEL > 0) { // Make all selected and deactivated rallyes editable $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $sel) - { + foreach (REQUEST_POST('sel') as $id => $sel) { // Load rallye basic data $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -207,25 +212,24 @@ if (isset($_POST['edit'])) // Color switching $SW = 3 - $SW; } + // Remember rows in constant define('__RALLYE_ROWS', $OUT); // Load final template LOAD_TEMPLATE("admin_edit_rallyes"); - } - else - { + } else { // Nothing selected to edit LOAD_TEMPLATE("admin_settings_saved", false, LOAD_TEMPLATE("admin_list_rallye_noselect", true)); } -} elseif (($_GET['sub'] == "users") && ($_GET['rallye'] > 0)) { +} elseif ((REQUEST_GET('sub') == "users") && (REQUEST_GET('rallye') > 0)) { // List users and their refs before start and current $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM `{!_MYSQL_PREFIX!}_rallye_users` WHERE rallye_id=%s ORDER BY userid", - array(bigintval($_GET['rallye'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { $SW = 2; $OUT = ""; - define('__RALLYE_VALUE', $_GET['rallye']); + define('__RALLYE_VALUE', REQUEST_GET('rallye')); while (list($uid, $old, $opoints) = SQL_FETCHROW($result)) { // Check for referal count @@ -234,8 +238,7 @@ if (isset($_POST['edit'])) // Output row $Bl = ""; $Br = ""; if (($opoints > 0) && ($cnt > 0)) { $Bl = ""; $Br = ""; } - if (($old > 0) || ($cnt > 0)) - { + if (($old > 0) || ($cnt > 0)) { // Insert link to referal list //* DEBUG: */ echo "-".$uid."/".$cnt."/".$old."-
"; $cnt = ADMIN_USER_PROFILE_LINK($uid, $cnt, "list_refs"); @@ -264,26 +267,20 @@ if (isset($_POST['edit'])) // Load template LOAD_TEMPLATE("admin_list_rallye_usr"); - } - else - { + } else { // No entries found? LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ADMIN_USERS_404); } -} - else -{ +} else { // Start listing rallyes $result = SQL_QUERY("SELECT id, admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify, notified, min_users, min_prices FROM `{!_MYSQL_PREFIX!}_rallye_data` ORDER BY start_time DESC", __FILE__, __LINE__); - if (SQL_NUMROWS($result) > 0) - { + if (SQL_NUMROWS($result) > 0) { // List found rallyes $SW = 2; $OUT = ""; - while (list($id, $aid, $title, $descr, $templ, $start, $end, $auto_add, $active, $notify, $notified, $min_users, $min_prices) = SQL_FETCHROW($result)) - { + while (list($id, $aid, $title, $descr, $templ, $start, $end, $auto_add, $active, $notify, $notified, $min_users, $min_prices) = SQL_FETCHROW($result)) { // Load admin login $alogin = GET_ADMIN_LOGIN($aid); @@ -297,8 +294,7 @@ ORDER BY start_time DESC", $joined = SQL_NUMROWS($result_user); // Did some users joined this rallye? - if ($joined > 0) - { + if ($joined > 0) { // List joined users $joined = "".$joined.""; } @@ -390,12 +386,11 @@ ORDER BY start_time DESC", // Load template LOAD_TEMPLATE("admin_list_rallyes"); - } - else - { + } else { // No rallyes setup so far LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_NO_RALLYES_SETUP); } } + // ?> diff --git a/inc/modules/admin/what-list_refs.php b/inc/modules/admin/what-list_refs.php index 6803a04aec..8881b2f9fb 100644 --- a/inc/modules/admin/what-list_refs.php +++ b/inc/modules/admin/what-list_refs.php @@ -46,9 +46,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_GET['u_id'])) { +if (REQUEST_ISSET_GET(('uid'))) { // Secure userid - $uid = bigintval($_GET['u_id']); + $uid = bigintval(REQUEST_GET('uid')); // Check if the user already exists $result_user = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", @@ -81,7 +81,7 @@ ORDER BY level ASC", __FILE__, __LINE__); array($uid), __FILE__, __LINE__); // Output info message - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_USER_TOTAL_REFS'), ADMIN_USER_PROFILE_LINK($_GET['u_id']), $menge, $menge_lck)); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_USER_TOTAL_REFS'), ADMIN_USER_PROFILE_LINK(REQUEST_GET('uid')), $menge, $menge_lck)); } // Are there some levels (VERY BAD IF NONE!) @@ -217,7 +217,7 @@ ORDER BY level ASC", __FILE__, __LINE__); // Prepare content $content = array( 'rows' => $OUT, - 'uid' => ADMIN_USER_PROFILE_LINK($_GET['u_id']) + 'uid' => ADMIN_USER_PROFILE_LINK(REQUEST_GET('uid')) ); // Load main template @@ -238,7 +238,7 @@ ORDER BY level ASC", __FILE__, __LINE__); SQL_FREERESULT($result_levels); } else { // User not found - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))); } // Free memory diff --git a/inc/modules/admin/what-list_sponsor.php b/inc/modules/admin/what-list_sponsor.php index fa00a1cc30..569ff0e1d0 100644 --- a/inc/modules/admin/what-list_sponsor.php +++ b/inc/modules/admin/what-list_sponsor.php @@ -40,12 +40,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_GET['id'])) { +if (REQUEST_ISSET_GET(('id'))) { // Show detailed informations to a sponsor $result = SQL_QUERY_ESC("SELECT company, position, gender, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, status, sponsor_created, last_online, last_change, receive_warnings, points_amount, points_used, remote_addr, warning_interval, refid, ref_count FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1", - array(bigintval($_GET['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load sponsor details @@ -59,14 +59,14 @@ WHERE id='%s' LIMIT 1", // Check for sponsor's orders (only count) $result_orders = SQL_QUERY_ESC("SELECT COUNT(id) FROM `{!_MYSQL_PREFIX!}_sponsor_orders` WHERE sponsorid='%s'", - array(bigintval($_GET['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); list($orders) = SQL_FETCHROW($result_orders); SQL_FREERESULT($result_orders); if (empty($orders)) $orders = 0; // Prepare all data for the template // Sponsor's ID - define('__SPONSOR_ID' , $_GET['id']); + define('__SPONSOR_ID' , REQUEST_GET('id')); // Company's data define('__SPONSOR_COMPANY' , $DATA['company']); define('__SPONSOR_POSITION' , $DATA['position']); @@ -109,12 +109,12 @@ WHERE id='%s' LIMIT 1", LOAD_TEMPLATE("admin_list_sponsor_details"); } else { // Sponsor not found - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), $_GET['id'])); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), REQUEST_GET('id'))); } -} elseif (!empty($_GET['rid'])) { +} elseif (REQUEST_ISSET_GET(('rid'))) { // Search for sponsor $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1", - array(bigintval($_GET['rid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('rid'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Free memory SQL_FREERESULT($result); @@ -123,7 +123,7 @@ WHERE id='%s' LIMIT 1", $result = SQL_QUERY_ESC("SELECT id, gender, surname, family, email, status, sponsor_created, last_online, points_amount, points_used, remote_addr, ref_count FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE refid='%s' ORDER BY `id`", - array(bigintval($_GET['rid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('rid'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { // List refs now @@ -131,11 +131,11 @@ WHERE refid='%s' ORDER BY `id`", SQL_FREERESULT($result); } else { // No refs made so far - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_REFS_404'), "".bigintval($_GET['rid'])."")); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_REFS_404'), "".bigintval(REQUEST_GET('rid'))."")); } } else { // Sponsor not found - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['rid']))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('rid')))); } } else { // List all sponsors diff --git a/inc/modules/admin/what-list_sponsor_pay.php b/inc/modules/admin/what-list_sponsor_pay.php index 9e1033bc70..cd7a8e117e 100644 --- a/inc/modules/admin/what-list_sponsor_pay.php +++ b/inc/modules/admin/what-list_sponsor_pay.php @@ -42,46 +42,54 @@ ADD_DESCR("admin", __FILE__); $MSG = ""; -if (isset($_POST['add'])) { +if (REQUEST_ISSET_POST(('add'))) { // Check input variables - if (empty($_POST['pay_name'])) unset($_POST['add']); - if ((round($_POST['pay_rate']) == 0) || (empty($_POST['pay_rate']))) unset($_POST['add']); - $_POST['pay_min_count'] = bigintval($_POST['pay_min_count']); - if (($_POST['pay_min_count'] == 0) || (empty($_POST['pay_min_count']))) unset($_POST['add']); - if (empty($_POST['pay_currency'])) unset($_POST['add']); -} elseif ((isset($_POST['edit'])) || (isset($_POST['del'])) || (isset($_POST['change'])) || (isset($_POST['remove']))) { + if (!REQUEST_ISSET_POST(('pay_name'))) REQUEST_UNSET_POST(('add')); + if ((round(REQUEST_POST('pay_rate')) == 0) || (!REQUEST_ISSET_POST(('pay_rate')))) REQUEST_UNSET_POST(('add')); + + REQUEST_SET_POST('pay_min_count', bigintval(REQUEST_POST('pay_min_count'))); + + if ((REQUEST_POST('pay_min_count') == 0) || (!REQUEST_ISSET_POST(('pay_min_count')))) REQUEST_UNSET_POST(('add')); + if (!REQUEST_ISSET_POST(('pay_currency'))) REQUEST_UNSET_POST(('add')); + +} elseif ((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('del'))) || (REQUEST_ISSET_POST(('change'))) || (REQUEST_ISSET_POST(('remove')))) { // Check if at least one entry was selected - if (empty($_POST['id'])) { + if (!REQUEST_ISSET_POST(('id'))) { // Nothing selected for editing / deleting??? - unset($_POST['edit']); - unset($_POST['del']); - unset($_POST['change']); - unset($_POST['remove']); - } elseif (isset($_POST['change'])) { + REQUEST_UNSET_POST(('edit')); + REQUEST_UNSET_POST(('del')); + REQUEST_UNSET_POST(('change')); + REQUEST_UNSET_POST(('remove')); + } elseif (REQUEST_ISSET_POST(('change'))) { // Change entries here... - foreach ($_POST['id'] as $id => $sel) { + foreach (REQUEST_POST('id') as $id => $sel) { // Secure ID $id = bigintval($id); // Save entry SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_paytypes` SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id='%s' LIMIT 1", - array($_POST['name'][$id], $_POST['rate'][$id], bigintval($_POST['min'][$id]), $_POST['curr'][$id], $id), - __FILE__, __LINE__); + array( + REQUEST_POST('name', $id), + REQUEST_POST('rate', $id), + bigintval(REQUEST_POST('min', $id)), + REQUEST_POST('curr', $id), + $id + ), __FILE__, __LINE__); } // Generate message - $MSG = SPONSOR_PAY_ENTRIES_CHANGED; - } elseif (isset($_POST['remove'])) { + $MSG = getMessage('SPONSOR_PAY_ENTRIES_CHANGED'); + } elseif (REQUEST_ISSET_POST(('remove'))) { // Remove entries here... - foreach ($_POST['id'] as $id => $sel) { + foreach (REQUEST_POST('id') as $id => $sel) { // Remove entry SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` WHERE id='%s' LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } // Generate message - $MSG = SPONSOR_PAY_ENTRIES_REMOVED; + $MSG = getMessage('SPONSOR_PAY_ENTRIES_REMOVED'); } if (!empty($MSG)) { @@ -90,33 +98,36 @@ SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id } } -if (isset($_POST['add'])) { +if (REQUEST_ISSET_POST(('add'))) { // Check if entry with same name does exists $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` WHERE pay_name='%s' LIMIT 1", - array($_POST['pay_name']), __FILE__, __LINE__); + array(REQUEST_POST('pay_name')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // No entry found so add this line - SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_paytypes` (pay_name, pay_rate, pay_min_count, pay_currency) - VALUES ('%s','%s','%s','%s')", - array(htmlspecialchars($_POST['pay_name']), REVERT_COMMA($_POST['pay_rate']), bigintval($_POST['pay_min_count']), htmlspecialchars($_POST['pay_currency'])), - __FILE__, __LINE__); + SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_paytypes` (pay_name, pay_rate, pay_min_count, pay_currency) VALUES ('%s','%s','%s','%s')", + array( + htmlspecialchars(REQUEST_POST('pay_name')), + REVERT_COMMA(REQUEST_POST('pay_rate')), + bigintval(REQUEST_POST('pay_min_count')), + htmlspecialchars(REQUEST_POST('pay_currency')) + ), __FILE__, __LINE__); // Payment type added! - $MSG = ADMIN_SPONSOR_PAYTYPE_ADDED_1.$_POST['pay_name'].ADMIN_SPONSOR_PAYTYPE_ADDED_2; + $MSG = ADMIN_SPONSOR_PAYTYPE_ADDED_1.REQUEST_POST('pay_name').ADMIN_SPONSOR_PAYTYPE_ADDED_2; } else { // Free memory SQL_FREERESULT($result); // Entry does already exists - $MSG = ADMIN_SPONSOR_PAYTYPE_ALREADY_1.$_POST['pay_name'].ADMIN_SPONSOR_PAYTYPE_ALREADY_2; + $MSG = ADMIN_SPONSOR_PAYTYPE_ALREADY_1.REQUEST_POST('pay_name').ADMIN_SPONSOR_PAYTYPE_ALREADY_2; } // Output message LOAD_TEMPLATE("admin_settings_saved", false, $MSG); -} elseif ((isset($_POST['edit'])) || (isset($_POST['del']))) { +} elseif ((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('del')))) { // Load all data $OUT = ""; $SW = 2; - foreach ($_POST['id'] as $id => $sel) { + foreach (REQUEST_POST('id') as $id => $sel) { // Load entry $result = SQL_QUERY_ESC("SELECT pay_name, pay_rate, pay_min_count, pay_currency FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` WHERE id='%s' LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -135,7 +146,7 @@ if (isset($_POST['add'])) { 'curr' => htmlspecialchars($curr) ); - if (isset($_POST['edit'])) { + if (REQUEST_ISSET_POST(('edit'))) { // Edit entry $OUT .= LOAD_TEMPLATE("admin_list_sponsor_pay_edit_row", true, $content); } else { @@ -155,7 +166,7 @@ if (isset($_POST['add'])) { define('__SPONSOR_ROWS', $OUT); // Load main template depending on mode (edit/delete) - if (isset($_POST['edit'])) { + if (REQUEST_ISSET_POST(('edit'))) { // Load main edit template LOAD_TEMPLATE("admin_list_sponsor_pay_edit"); } else { @@ -201,7 +212,7 @@ if (isset($_POST['add'])) { define('__LIST_CONTENT', LOAD_TEMPLATE("admin_list_sponsor_pay", true)); } else { // Noting setup so far! - define('__LIST_CONTENT', LOAD_TEMPLATE("admin_settings_saved", true, ADMIN_SPONSOR_NO_PAYTYPES)); + define('__LIST_CONTENT', LOAD_TEMPLATE("admin_settings_saved", true, getMessage('ADMIN_SPONSOR_NO_PAYTYPES'))); } // Add new payment types here diff --git a/inc/modules/admin/what-list_sponsor_pays.php b/inc/modules/admin/what-list_sponsor_pays.php index 47a4531ecf..db66cb18ed 100644 --- a/inc/modules/admin/what-list_sponsor_pays.php +++ b/inc/modules/admin/what-list_sponsor_pays.php @@ -40,17 +40,17 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_GET['id'])) { +if (REQUEST_ISSET_GET(('id'))) { // Check for selected sponsor $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1", - array(bigintval($_GET['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // ... // Free memory SQL_FREERESULT($result); } else { // Sponsor not found! - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id']))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id')))); } } else { // Not called by what-list_sponsor.php diff --git a/inc/modules/admin/what-list_surfbar_urls.php b/inc/modules/admin/what-list_surfbar_urls.php index aabef21732..6f9c4379c9 100644 --- a/inc/modules/admin/what-list_surfbar_urls.php +++ b/inc/modules/admin/what-list_surfbar_urls.php @@ -44,7 +44,7 @@ ADD_DESCR("admin", __FILE__); $show = true; // Check for 'id' element -if ((count($_POST) > 0) && ((!isset($_POST['id'])) || (!is_array($_POST['id'])) || (count($_POST['id']) == 0))) { +if ((REQUEST_POST_COUNT() > 0) && ((!REQUEST_ISSET_POST(('id'))) || (!is_array(REQUEST_POST('id'))) || (count(REQUEST_POST('id')) == 0))) { // Not found so output message LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_NO_SELECTIONS')); @@ -53,53 +53,53 @@ if ((count($_POST) > 0) && ((!isset($_POST['id'])) || (!is_array($_POST['id'])) } // Edit or delete button hit? -if (isset($_POST['edit'])) { +if (REQUEST_ISSET_POST(('edit'))) { // Show entries for editing ADMIN_EDIT_ENTRIES_CONFIRM( - $_POST['id'], + REQUEST_POST('id'), "surfbar_urls", array("id", "userid", "url"), array("bigintval", "ADD_MEMBER_SELECTION_BOX", ""), array("", array(false, true, true), "") ); $show = false; -} elseif (isset($_POST['do_edit'])) { +} elseif (REQUEST_ISSET_POST(('do_edit'))) { // Change data of entries ADMIN_EDIT_ENTRIES_CONFIRM( - $_POST['id'], + REQUEST_POST('id'), "surfbar_urls", array(), array(), array(), true ); -} elseif (isset($_POST['delete'])) { +} elseif (REQUEST_ISSET_POST(('delete'))) { // Show entries for deletion ADMIN_DELETE_ENTRIES_CONFIRM( - $_POST['id'], + REQUEST_POST('id'), "surfbar_urls", array("id", "userid", "url", "registered"), array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", ""), array("", "", "", "") ); $show = false; -} elseif (isset($_POST['do_delete'])) { +} elseif (REQUEST_ISSET_POST(('do_delete'))) { // Remove entries from database - ADMIN_DELETE_ENTRIES_CONFIRM($_POST['id'], "surfbar_urls", array(), array(), array(), true); -} elseif (isset($_POST['lock'])) { + ADMIN_DELETE_ENTRIES_CONFIRM(REQUEST_POST('id'), "surfbar_urls", array(), array(), array(), true); +} elseif (REQUEST_ISSET_POST(('lock'))) { // Un-/lock selected URLs. This does not work for pending URLs ADMIN_LOCK_ENTRIES_CONFIRM( - $_POST['id'], + REQUEST_POST('id'), "surfbar_urls", array("id", "userid", "url", "registered", "status"), array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", "", "SURFBAR_TRANSLATE_STATUS"), array("", "", "", "", "") ); $show = false; -} elseif (isset($_POST['do_lock'])) { +} elseif (REQUEST_ISSET_POST(('do_lock'))) { // Un-/lock selected URLs. This does not work for pending URLs ADMIN_LOCK_ENTRIES_CONFIRM( - $_POST['id'], + REQUEST_POST('id'), "surfbar_urls", array(), array(), @@ -107,20 +107,20 @@ if (isset($_POST['edit'])) { array("status" => array("ACTIVE" => "LOCKED", "LOCKED" => "ACTIVE")), true ); -} elseif (isset($_POST['undelete'])) { +} elseif (REQUEST_ISSET_POST(('undelete'))) { // Undelete selected URLs. This does only work for deleted URLs... ;-) ADMIN_UNDELETE_ENTRIES_CONFIRM( - $_POST['id'], + REQUEST_POST('id'), "surfbar_urls", array("id", "userid", "url", "registered", "status"), array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", "", "SURFBAR_TRANSLATE_STATUS"), array("", "", "", "", "") ); $show = false; -} elseif (isset($_POST['do_undelete'])) { +} elseif (REQUEST_ISSET_POST(('do_undelete'))) { // Undelete selected URLs. This does only work for deleted URLs... ;-) ADMIN_UNDELETE_ENTRIES_CONFIRM( - $_POST['id'], + REQUEST_POST('id'), "surfbar_urls", array(), array(), diff --git a/inc/modules/admin/what-list_task.php b/inc/modules/admin/what-list_task.php index 493903850c..d8af21ff70 100644 --- a/inc/modules/admin/what-list_task.php +++ b/inc/modules/admin/what-list_task.php @@ -44,9 +44,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); $whereStatement = ""; -if (empty($_GET['type'])) $_GET['type'] = "your"; +if (!REQUEST_ISSET_GET(('type'))) REQUEST_SET_GET('type', "your"); -switch ($_GET['type']) +switch (REQUEST_GET('type')) { case "your": // List only your own open (new) tasks $whereStatement = "assigned_admin='".GET_CURRENT_ADMIN_ID()."' AND `status`='NEW' AND task_type != 'EXTENSION_UPDATE'"; @@ -73,20 +73,20 @@ case "closed": // List all closed break; default: // Unknown type - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown task type %s detected.", $_GET['type'])); - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_TASK_UNKNOWN_MODE'), $_GET['type'])); + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown task type %s detected.", REQUEST_GET('type'))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_TASK_UNKNOWN_MODE'), REQUEST_GET('type'))); break; } -if (!empty($whereStatement)) -{ +if (!empty($whereStatement)) { $SEL = 0; - if (isset($_POST['task'])) $SEL = SELECTION_COUNT($_POST['task']); - if ((isset($_POST['assign'])) && ($SEL > 0)) { + if (REQUEST_ISSET_POST(('task'))) $SEL = SELECTION_COUNT(REQUEST_POST('task')); + + if ((REQUEST_ISSET_POST(('assign'))) && ($SEL > 0)) { // Assign / do tasks LOAD_INC_ONCE("inc/modules/admin/overview-inc.php"); if (empty($dmy)) $dmy = ""; - OUTPUT_SELECTED_TASKS($_POST, $dmy); + OUTPUT_SELECTED_TASKS(REQUEST_POST_ARRAY(), $dmy); } else { // Start listing tasks matching selected filter $result_tasks = SQL_QUERY("SELECT id, assigned_admin, userid, task_type, subject, text, task_created @@ -95,16 +95,16 @@ WHERE ".$whereStatement." ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __LINE__); if (($SEL > 0) && (!IS_DEMO())) { // Only unassign / delete tasks when there are selected tasks posted - if (isset($_POST['unassign'])) { + if (REQUEST_ISSET_POST(('unassign'))) { // Unassign from tasks - foreach ($_POST['task'] as $id => $sel) { + foreach (REQUEST_POST('task') as $id => $sel) { SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_task_system` SET assigned_admin=0 WHERE id=%s AND assigned_admin=%s LIMIT 1", array(bigintval($id), GET_CURRENT_ADMIN_ID()), __FILE__, __LINE__); } - } elseif (isset($_POST['del'])) { + } elseif (REQUEST_ISSET_POST(('del'))) { // Delete tasks - foreach ($_POST['task'] as $id => $sel) { - if ($_GET['type'] == "deleted") { + foreach (REQUEST_POST('task') as $id => $sel) { + if (REQUEST_GET('type') == "deleted") { // Delete task immediately SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_task_system` WHERE id=%s LIMIT 1", array(bigintval($id)),__FILE__, __LINE__); @@ -120,10 +120,10 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L } // There are uncompleted jobs! - $type = constant('ADMIN_OVERVIEW_TASK_'.strtoupper($_GET['type']).'_TYPE'); + $type = constant('ADMIN_OVERVIEW_TASK_'.strtoupper(REQUEST_GET('type')).'_TYPE'); LOAD_TEMPLATE("admin_overview_header_task", false, array( 'message' => $type, - 'type' => $_GET['type'] + 'type' => REQUEST_GET('type') )); $SW = 2; while (list($id, $admin, $uid, $type, $subj, $text, $created) = SQL_FETCHROW($result_tasks)) { @@ -183,7 +183,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L SQL_FREERESULT($result_tasks); // Load footer template - if ($_GET['type'] == "deleted") + if (REQUEST_GET('type') == "deleted") { // Delete now button LOAD_TEMPLATE("admin_overview_footer_task"); diff --git a/inc/modules/admin/what-list_unconfirmed.php b/inc/modules/admin/what-list_unconfirmed.php index 4fbe78833c..ccc74f2e1f 100644 --- a/inc/modules/admin/what-list_unconfirmed.php +++ b/inc/modules/admin/what-list_unconfirmed.php @@ -46,7 +46,7 @@ ADD_DESCR("admin", __FILE__); // Don't load the admin_list_unconfirmed template by default $listed = false; -if (!empty($_GET['mid'])) { +if (REQUEST_ISSET_GET(('mid'))) { // List confirmation links from your member's mail orders define('__LIST_UNCON_TITLE', getMessage('LIST_UNCONFIRMED_MEMBER_LINKS')); @@ -54,22 +54,22 @@ if (!empty($_GET['mid'])) { $SQL = "SELECT DISTINCT s.id, p.sender, p.subject, p.text, p.url, p.timestamp, s.max_rec FROM `{!_MYSQL_PREFIX!}_pool` AS p LEFT JOIN `{!_MYSQL_PREFIX!}_user_stats` AS s ON p.id=s.pool_id -WHERE p.id='".$_GET['mid']."' LIMIT 1"; +WHERE p.id='".REQUEST_GET('mid')."' LIMIT 1"; // Column, type and ID for member's mail $col = "stats_id"; $type = "NORMAL"; $ID = "-1"; // Load admin_list_unconfirmed template - $listed = true; $DATA = $_GET['mid']; $LINK = "mailid"; -} elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) { + $listed = true; $DATA = REQUEST_GET('mid'); $LINK = "mailid"; +} elseif ((REQUEST_ISSET_GET(('bid'))) && (EXT_IS_ACTIVE("bonus"))) { // List confirmation links from bonus mails define('__LIST_UNCON_TITLE', getMessage('LIST_UNCONFIRMED_BONUS_LINKS')); // SQL query for mail data (both ids are required for compatiblity to above normal mail - $SQL = "SELECT id, id, subject, text, url, timestamp, mails_sent FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id='".$_GET['bid']."' LIMIT 1"; + $SQL = "SELECT id, id, subject, text, url, timestamp, mails_sent FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id='".REQUEST_GET('bid')."' LIMIT 1"; // Column, type and ID for member's mail - $col = "bonus_id"; $type = "BONUS"; $ID = $_GET['bid']; + $col = "bonus_id"; $type = "BONUS"; $ID = REQUEST_GET('bid'); // Load admin_list_unconfirmed template $listed = true; $DATA = $ID; $LINK = "bonusid"; @@ -143,7 +143,7 @@ WHERE l.%s='%s' ORDER BY l.userid LIMIT %s", // Load final template LOAD_TEMPLATE("admin_list_unconfirmed"); - } elseif ($_GET['mid'] > 0) { + } elseif (REQUEST_GET('mid') > 0) { // Data in pool or in user_stats not found, so let's find out where data is missing $result1 = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1", array(bigintval($ID)), __FILE__, __LINE__); @@ -163,7 +163,7 @@ WHERE l.%s='%s' ORDER BY l.userid LIMIT %s", // Free memory SQL_FREERESULT($result1); SQL_FREERESULT($result2); - } elseif (!empty($_GET['bid'])) { + } elseif (REQUEST_ISSET_GET(('bid'))) { // Data in bonus table not found LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_UNCONFIRMED_INVALID_LINK')); } diff --git a/inc/modules/admin/what-list_user.php b/inc/modules/admin/what-list_user.php index d3020a6a0a..38702a8652 100644 --- a/inc/modules/admin/what-list_user.php +++ b/inc/modules/admin/what-list_user.php @@ -46,12 +46,12 @@ ADD_DESCR("admin", __FILE__); // Init title with "all accounts" $listHeader = getMessage('ADMIN_ALL_ACCOUNTS'); -if (!empty($_GET['status'])) { +if (REQUEST_ISSET_GET(('status'))) { // Set title according to the "status" - $listHeader = getMessage(sprintf("ADMIN_LIST_STATUS_%s_ACCOUNTS", strtoupper(SQL_ESCAPE($_GET['status'])))); -} elseif (!empty($_GET['mode'])) { + $listHeader = getMessage(sprintf("ADMIN_LIST_STATUS_%s_ACCOUNTS", strtoupper(SQL_ESCAPE(REQUEST_GET('status'))))); +} elseif (REQUEST_ISSET_GET(('mode'))) { // Set title according to the "mode" - $listHeader = getMessage(sprintf("ADMIN_LIST_MODE_%s_ACCOUNTS", strtoupper(SQL_ESCAPE($_GET['mode'])))); + $listHeader = getMessage(sprintf("ADMIN_LIST_MODE_%s_ACCOUNTS", strtoupper(SQL_ESCAPE(REQUEST_GET('mode'))))); } // Remember it @@ -85,16 +85,16 @@ if (EXT_IS_ACTIVE("country")) { } // Init unset data (bad that we change $_GET here!) -if (empty($_GET['letter'])) { $_GET['letter'] = _ALL2; } -if (empty($_GET['sortby'])) { $_GET['sortby'] = "userid"; } -if (empty($_GET['page'])) { $_GET['page'] = "1"; } +if (!REQUEST_ISSET_GET(('letter'))) { REQUEST_SET_GET('letter', getMessage('_ALL2')); } +if (!REQUEST_ISSET_GET(('sortby'))) { REQUEST_SET_GET('sortby', "userid"); } +if (!REQUEST_ISSET_GET(('page'))) { REQUEST_SET_GET('page' , "1"); } // Set base URL $BASE = "[ 0) $LINKS = $BASE."&what=list_links&u_id=".$uid."\">".$LINKS."]"; - if ($DATA['refid'] > 0) $DATA['refid'] = $BASE."&what=list_user&u_id=".$DATA['refid']."\">".$DATA['refid']."]"; + if ($LINKS > 0) $LINKS = $BASE."&what=list_links&uid=".$uid."\">".$LINKS."]"; + if ($DATA['refid'] > 0) $DATA['refid'] = $BASE."&what=list_user&uid=".$DATA['refid']."\">".$DATA['refid']."]"; if (empty($DATA['last_module'])) $DATA['last_module'] = "---"; - if ($REFS > 0) $REFS = $BASE."&what=list_refs&u_id=".$uid."\">".$REFS."]"; - if ($CATS > 0) $CATS = $BASE."&what=list_cats&u_id=".$uid."\">".$CATS."]"; + if ($REFS > 0) $REFS = $BASE."&what=list_refs&uid=".$uid."\">".$REFS."]"; + if ($CATS > 0) $CATS = $BASE."&what=list_cats&uid=".$uid."\">".$CATS."]"; // Calculate timestamp for birthday $stamp = mktime(0, 0, 0, $DATA['birth_month'], $DATA['birth_day'], $DATA['birth_year']); @@ -140,7 +140,7 @@ LIMIT 1", $DATA['status'] = TRANSLATE_STATUS($DATA['status']); $DATA['last_online'] = MAKE_DATETIME($DATA['last_online'], "0"); $DATA['used_points'] = TRANSLATE_COMMA($DATA['used_points']); - if ($DATA['emails_sent'] > 0) $DATA['emails_sent'] = $BASE."&what=email_details&u_id=".$uid."\">".TRANSLATE_COMMA($DATA['emails_sent'])."]"; + if ($DATA['emails_sent'] > 0) $DATA['emails_sent'] = $BASE."&what=email_details&uid=".$uid."\">".TRANSLATE_COMMA($DATA['emails_sent'])."]"; $DATA['joined'] = MAKE_DATETIME($DATA['joined'], "0"); $DATA['last_update'] = MAKE_DATETIME($DATA['last_update'], "0"); $DATA['last_profile_sent'] = MAKE_DATETIME($DATA['last_profile_sent'], "0"); @@ -197,25 +197,25 @@ LIMIT 1", SQL_FREERESULT($result_user); } else { $whereStatement = ""; - if (($_GET['letter'] != getMessage('_ALL2')) && ($_GET['letter'] != getMessage('_OTHERS')) && (!empty($_GET['letter']))) { + if ((REQUEST_GET('letter') != getMessage('_ALL2')) && (REQUEST_GET('letter') != getMessage('_OTHERS')) && (REQUEST_ISSET_GET(('letter')))) { // List only persons w - $whereStatement = " WHERE family LIKE '".$_GET['letter']."%'"; + $whereStatement = " WHERE family LIKE '".REQUEST_GET('letter')."%'"; } // END - if - if ($_GET['sortby'] == "family_name") $_GET['sortby'] = "family"; + if (REQUEST_GET('sortby') == "family_name") REQUEST_SET_GET('sortby', "family"); // Parse the status or mode parameter - if (isset($_GET['status'])) { + if (REQUEST_ISSET_GET(('status'))) { // Is a WHERE statement already there? if (!empty($whereStatement)) { // Then append the status column - $whereStatement .= sprintf(" AND `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['status'])))); + $whereStatement .= sprintf(" AND `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper(REQUEST_GET('status'))))); } else { // Start a new one - $whereStatement = sprintf(" WHERE `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['status'])))); + $whereStatement = sprintf(" WHERE `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper(REQUEST_GET('status'))))); } - } elseif (isset($_GET['mode'])) { + } elseif (REQUEST_ISSET_GET(('mode'))) { // Choose what we need to list - switch ($_GET['mode']) { + switch (REQUEST_GET('mode')) { case "norefs": // Users w/o refs if (!empty($whereStatement)) { // Add AND statement @@ -227,13 +227,13 @@ LIMIT 1", break; default: // Invalid list mode - DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid list mode %s detected.", SQL_ESCAPE($_GET['mode']))); + DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid list mode %s detected.", SQL_ESCAPE(REQUEST_GET('mode')))); break; } } // END = if // Prepare SQL and run it - $SQL = "SELECT userid, gender, surname, family, email, REMOTE_ADDR, refid, status, emails_sent, mails_confirmed, emails_received".$MORE." FROM `{!_MYSQL_PREFIX!}_user_data`".$whereStatement." ORDER BY ".SQL_ESCAPE($_GET['sortby']); + $SQL = "SELECT userid, gender, surname, family, email, REMOTE_ADDR, refid, status, emails_sent, mails_confirmed, emails_received".$MORE." FROM `{!_MYSQL_PREFIX!}_user_data`".$whereStatement." ORDER BY ".SQL_ESCAPE(REQUEST_GET('sortby')); $result_master = SQL_QUERY($SQL, __FILE__, __LINE__); // Calculate page count (0.5 fixes a bug with page count) @@ -245,11 +245,11 @@ LIMIT 1", // Activate the extension please! $PAGES = round(SQL_NUMROWS($result_master) / getConfig('user_limit') + 0.5); - if (empty($_GET['page'])) $_GET['page'] = "1"; - if (empty($_GET['offset'])) $_GET['offset'] = getConfig('user_limit'); + if (!REQUEST_ISSET_GET(('page'))) REQUEST_SET_GET('page' , "1"); + if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('user_limit')); // Add limitation to SQL string and run him again - $SQL .= " LIMIT ".($_GET['offset'] * $_GET['page'] - $_GET['offset']).", ".$_GET['offset']; + $SQL .= " LIMIT ".(REQUEST_GET('offset') * REQUEST_GET('page') - REQUEST_GET('offset')).", ".REQUEST_GET('offset'); $result = SQL_QUERY($SQL, __FILE__, __LINE__); $result_user = SQL_QUERY("SELECT emails_sent FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED'", __FILE__, __LINE__); @@ -266,8 +266,8 @@ LIMIT 1", define('__USER_CNT' , $user_count); // Sorting links - define('__ALPHA_SORT', alpha($_GET['sortby'], $colspan, true)); - define('__SORT_LINKS', SortLinks($_GET['letter'], $_GET['sortby'], $colspan, true)); + define('__ALPHA_SORT', alpha(REQUEST_GET('sortby'), $colspan, true)); + define('__SORT_LINKS', SortLinks(REQUEST_GET('letter'), REQUEST_GET('sortby'), $colspan, true)); if ($PAGES > 1) { define('__PAGE_NAV', ADD_PAGENAV($PAGES, getConfig('user_limit'), true, $colspan, true)); @@ -294,10 +294,10 @@ LIMIT 1", // Get number of unconfirmed mails $LINKS = GET_TOTAL_DATA($content['userid'], "user_links", "id", "userid", true); - if ($LINKS > 0) $LINKS = $BASE."&what=list_links&u_id=".$content['userid']."\">".TRANSLATE_COMMA($LINKS)."]"; + if ($LINKS > 0) $LINKS = $BASE."&what=list_links&uid=".$content['userid']."\">".TRANSLATE_COMMA($LINKS)."]"; // Set link to sent mails if present - if ($content['emails_sent'] > 0) $content['emails_sent'] = $BASE."&what=email_details&u_id=".$content['userid']."\">".TRANSLATE_COMMA($content['emails_sent'])."]"; + if ($content['emails_sent'] > 0) $content['emails_sent'] = $BASE."&what=email_details&uid=".$content['userid']."\">".TRANSLATE_COMMA($content['emails_sent'])."]"; // Add nickname if (empty($content['nickname']) || $content['nickname'] == $content['userid']) $content['nickname'] = "---"; diff --git a/inc/modules/admin/what-list_yoomedia_tm.php b/inc/modules/admin/what-list_yoomedia_tm.php index 019b6b82da..d93dddb94f 100644 --- a/inc/modules/admin/what-list_yoomedia_tm.php +++ b/inc/modules/admin/what-list_yoomedia_tm.php @@ -46,19 +46,19 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Do actions here -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Prepare mail for delivery - YOOMEDIA_PREPARE_MAIL_DELIVERY($_POST); + YOOMEDIA_PREPARE_MAIL_DELIVERY(REQUEST_POST_ARRAY()); return; -} elseif (isset($_POST['sent'])) { +} elseif (REQUEST_ISSET_POST(('sent'))) { // Sent mail - YOOMEDIA_SEND_BONUS_MAIL($_POST, "normal"); -} elseif (isset($_POST['remove'])) { + YOOMEDIA_SEND_BONUS_MAIL(REQUEST_POST_ARRAY(), "normal"); +} elseif (REQUEST_ISSET_POST(('remove'))) { // Add mail to exclude list - YOOMEDIA_EXCLUDE_MAIL($_POST, "normal"); -} elseif (isset($_POST['unlist'])) { + YOOMEDIA_EXCLUDE_MAIL(REQUEST_POST_ARRAY(), "normal"); +} elseif (REQUEST_ISSET_POST(('unlist'))) { // Remove mail from exclude list - YOOMEDIA_UNLIST_MAIL($_POST, "normal"); + YOOMEDIA_UNLIST_MAIL(REQUEST_POST_ARRAY(), "normal"); } // Enougth queries left? diff --git a/inc/modules/admin/what-lock_sponsor.php b/inc/modules/admin/what-lock_sponsor.php index bed365337a..f20b9a7e13 100644 --- a/inc/modules/admin/what-lock_sponsor.php +++ b/inc/modules/admin/what-lock_sponsor.php @@ -41,10 +41,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); $MSG = ""; -if (!empty($_GET['id'])) { +if (REQUEST_ISSET_GET(('id'))) { // Check for selected sponsor $result = SQL_QUERY_ESC("SELECT gender, surname, family, email, status FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1", - array(bigintval($_GET['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Get sponsor's current status and let only confirmed and locked status pass list($gender, $sname, $fname, $email, $status) = SQL_FETCHROW($result); @@ -55,9 +55,9 @@ if (!empty($_GET['id'])) { define('__GENDER' , TRANSLATE_GENDER($gender)); define('__SURNAME', $sname); define('__FAMILY' , $fname); - define('__ID' , bigintval($_GET['id'])); + define('__ID' , bigintval(REQUEST_GET('id'))); - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Create messages if ($status == "CONFIRMED") { // Message when sponsor's account got lock @@ -72,17 +72,17 @@ if (!empty($_GET['id'])) { } // Load email message - $msg = LOAD_EMAIL_TEMPLATE("lock_sponsor", $_POST['reason'], bigintval($_GET['id'])); + $msg = LOAD_EMAIL_TEMPLATE("lock_sponsor", REQUEST_POST('reason'), bigintval(REQUEST_GET('id'))); // And send it away SEND_EMAIL($email, $subject, $msg); // Update sponsor's account SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='".$status."' WHERE id='%s' LIMIT 1", - array(bigintval($_GET['id'])), __FILE__, __LINE__); - } elseif (!empty($_POST['no'])) { + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); + } elseif (REQUEST_ISSET_POST(('no'))) { // No don't lock / unlock now! - LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id'])); + LOAD_URL("modules.php?module=admin&what=list_sponsor&id=".bigintval(REQUEST_GET('id'))); } else { // Create header and text messages if ($status == "CONFIRMED") { @@ -107,7 +107,7 @@ if (!empty($_GET['id'])) { } } else { // Sponsor not found! - $MSG = sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id'])); + $MSG = sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id'))); } } else { // Not called by what-list_sponsor.php diff --git a/inc/modules/admin/what-lock_user.php b/inc/modules/admin/what-lock_user.php index 06c4557c92..aff963e0b4 100644 --- a/inc/modules/admin/what-lock_user.php +++ b/inc/modules/admin/what-lock_user.php @@ -41,10 +41,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Is a userid set? -if (!empty($_GET['u_id'])) { +if (REQUEST_ISSET_GET(('uid'))) { // Load user's data $result_user = SQL_QUERY_ESC("SELECT status, gender, surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); $ACT = false; if (SQL_NUMROWS($result_user) == 1) { // User found @@ -54,67 +54,67 @@ if (!empty($_GET['u_id'])) { SQL_FREERESULT($result_user); // Is a lock reason set? - if ((!empty($_POST['lock'])) && ($status != "LOCKED")) { + if ((REQUEST_ISSET_POST(('lock'))) && ($status != "LOCKED")) { // Ok, lock the account! if (GET_EXT_VERSION("user") >= "0.3.5") { // Lock with reason SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='LOCKED',lock_reason='%s',lock_timestamp=NOW() WHERE userid=%s LIMIT 1", - array($_POST['reason'], bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(REQUEST_POST('reason'), bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); } else { // Lock with no lock reason saved SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='LOCKED' WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); } // Entry updated? if (SQL_AFFECTEDROWS() == 1) { // Send an email to the user! In later version you can optionally switch this feature off - $msg = LOAD_EMAIL_TEMPLATE("lock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id'])); + $msg = LOAD_EMAIL_TEMPLATE("lock-user", array('text' => REQUEST_POST('reason')), bigintval(REQUEST_GET('uid'))); // Send away... - SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_LOCKED_SUBJ, $msg); + SEND_EMAIL(bigintval(REQUEST_GET('uid')), ADMIN_LOCKED_SUBJ, $msg); } // END - if // Prepare message - $MSG = USER_ACCOUNT_LOCKED_1.$_GET['u_id'].USER_ACCOUNT_LOCKED_2; + $MSG = USER_ACCOUNT_LOCKED_1.REQUEST_GET('uid').USER_ACCOUNT_LOCKED_2; $ACT = true; - } elseif ((!empty($_POST['unlock'])) && ($status == "LOCKED")) { + } elseif ((REQUEST_ISSET_POST(('unlock'))) && ($status == "LOCKED")) { // Ok, unlock the account! if (GET_EXT_VERSION("user") >= "0.3.5") { // Reset lock reason as well SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='CONFIRMED',lock_reason='',lock_timestamp='0000-00-00 00:00' WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); } else { // No lock reason to reset SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='CONFIRMED' WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); } // Entry updated? if (SQL_AFFECTEDROWS() == 1) { // Send an email to the user! In later version you can optionally switch this feature off - $msg = LOAD_EMAIL_TEMPLATE("unlock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id'])); + $msg = LOAD_EMAIL_TEMPLATE("unlock-user", array('text' => REQUEST_POST('reason')), bigintval(REQUEST_GET('uid'))); // Send away... - SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_UNLOCKED_SUBJ'), $msg); + SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_UNLOCKED_SUBJ'), $msg); if (EXT_IS_ACTIVE("rallye")) { - RALLYE_AUTOADD_USER($_GET['u_id']); + RALLYE_AUTOADD_USER(REQUEST_GET('uid')); } // END - if } // END - if // Prepare message - $MSG = USER_ACCOUNT_UNLOCKED_1.$_GET['u_id'].USER_ACCOUNT_UNLOCKED_2; + $MSG = USER_ACCOUNT_UNLOCKED_1.REQUEST_GET('uid').USER_ACCOUNT_UNLOCKED_2; $ACT = true; - } elseif (isset($_POST['del'])) { + } elseif (REQUEST_ISSET_POST(('del'))) { // Delete the account $ACT = true; LOAD_INC_ONCE("inc/modules/admin/what-del_user.php"); - } elseif (!empty($_POST['no'])) { + } elseif (REQUEST_ISSET_POST(('no'))) { // Do not lock him... - $URL = "modules.php?module=admin&what=list_user&u_id=".bigintval($_GET['u_id']); + $URL = "modules.php?module=admin&what=list_user&uid=".bigintval(REQUEST_GET('uid')); } else { $result = SQL_QUERY_ESC("SELECT email, surname, family FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { @@ -128,7 +128,7 @@ if (!empty($_GET['u_id'])) { define('__EMAIL', CREATE_EMAIL_LINK($email, "user_data")); define('__SNAME', $sname); define('__FNAME', $fname); - define('__UID' , bigintval($_GET['u_id'])); + define('__UID' , bigintval(REQUEST_GET('uid'))); // Realy want to lock? switch ($status) @@ -156,7 +156,7 @@ if (!empty($_GET['u_id'])) { LOAD_TEMPLATE("admin_lock_user"); } else { // Account does not exists! - LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."
"); + LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."
"); } } @@ -174,7 +174,7 @@ if (!empty($_GET['u_id'])) { } } else { // Account does not exists! - LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."
"); + LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."
"); } } else { // List all users diff --git a/inc/modules/admin/what-logs.php b/inc/modules/admin/what-logs.php index c1f1f4a1be..e3bce0b26e 100644 --- a/inc/modules/admin/what-logs.php +++ b/inc/modules/admin/what-logs.php @@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (!empty($_GET['access'])) { +if (REQUEST_ISSET_GET(('access'))) { // Secure input and construct FQFN - $access = SQL_ESCAPE(strip_tags($_GET['access'])); + $access = SQL_ESCAPE(strip_tags(REQUEST_GET('access'))); $target = sprintf("%slogs/%s", constant('PATH'), $access); // Is the file valid and readable? diff --git a/inc/modules/admin/what-maintenance.php b/inc/modules/admin/what-maintenance.php index 6ae59ecbd9..adb4692f64 100644 --- a/inc/modules/admin/what-maintenance.php +++ b/inc/modules/admin/what-maintenance.php @@ -40,7 +40,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // De- or activate maintenance mode switch (getConfig('maintenance')) { diff --git a/inc/modules/admin/what-mem_add.php b/inc/modules/admin/what-mem_add.php index e783f528c3..72b54fb70e 100644 --- a/inc/modules/admin/what-mem_add.php +++ b/inc/modules/admin/what-mem_add.php @@ -42,11 +42,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Check if the admin has entered title and what-php file name... -if ((empty($_POST['title'])) && (isset($_POST['ok']))) { - unset($_POST['ok']); +if ((!REQUEST_ISSET_POST(('title'))) && (IS_FORM_SENT())) { + REQUEST_UNSET_POST('ok'); } -if (!isset($_POST['ok'])) { +if (!IS_FORM_SENT()) { // Create arrays $menus = array(); $titles = array(); $below = array(); @@ -152,25 +152,25 @@ if (!isset($_POST['ok'])) { LOAD_TEMPLATE("admin_member_add"); } elseif (!IS_DEMO()) { // Insert new menu entry - if (!empty($_POST['menu'])) + if (REQUEST_ISSET_POST(('menu'))) { SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_member_menu` (`action`,`what`,`title`,`visible`,`locked`,`sort`) VALUES ('%s','%s','%s','%s','%s','%s')", array( - $_POST['menu'], - $_POST['name'], - $_POST['title'], - $_POST['visible'], - $_POST['active'], - bigintval($_POST['sort']), + REQUEST_POST('menu'), + REQUEST_POST('name'), + REQUEST_POST('title'), + REQUEST_POST('visible'), + REQUEST_POST('active'), + bigintval(REQUEST_POST('sort')), ), __FILE__, __LINE__); } else { SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_member_menu` (`action`,`title`,`visible`,`locked`,`sort`) VALUES ('%s','%s','%s','%s','%s')", array( - $_POST['name'], - $_POST['title'], - $_POST['visible'], - $_POST['active'], - bigintval($_POST['sort']), + REQUEST_POST('name'), + REQUEST_POST('title'), + REQUEST_POST('visible'), + REQUEST_POST('active'), + bigintval(REQUEST_POST('sort')), ), __FILE__, __LINE__); } LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED')); diff --git a/inc/modules/admin/what-memedit.php b/inc/modules/admin/what-memedit.php index fb80b42047..ed4f7f9182 100644 --- a/inc/modules/admin/what-memedit.php +++ b/inc/modules/admin/what-memedit.php @@ -43,22 +43,22 @@ ADD_DESCR("admin", __FILE__); // Do we edit/delete/change main menus or sub menus? $AND = "(`what` = '' OR `what` IS NULL)"; $SUB = ""; -if (!empty($_GET['sub'])) { - $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub'])); - $SUB = SQL_ESCAPE($_GET['sub']); +if (REQUEST_ISSET_GET(('sub'))) { + $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub'))); + $SUB = SQL_ESCAPE(REQUEST_GET('sub')); } // Get count of (maybe) selected menu points $chk = 0; -if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']); +if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel')); // List all menu points and make them editable -if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) { +if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO())) { // Edit menu entries define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); $SW = 2; $cnt = 0; $OUT = ""; - foreach ($_POST['sel'] as $sel => $confirm) { + foreach (REQUEST_POST('sel') as $sel => $confirm) { if ($confirm == 1) { $cnt++; $result = SQL_QUERY_ESC("SELECT title, action, what FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE ".$AND." AND id=%s LIMIT 1", @@ -93,12 +93,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) { // Load template LOAD_TEMPLATE("admin_mmenu_edit"); -} elseif ((isset($_POST['del'])) && ($chk > 0) && (!IS_DEMO())) { +} elseif ((REQUEST_ISSET_POST(('del'))) && ($chk > 0) && (!IS_DEMO())) { // Del menu entries with or without confirmation define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); $SW = 2; $cnt = 0; $OUT = ""; - foreach ($_POST['sel'] as $sel => $confirm) { + foreach (REQUEST_POST('sel') as $sel => $confirm) { if ($confirm == 1) { $cnt++; $result = SQL_QUERY_ESC("SELECT title FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE ".$AND." AND id=%s LIMIT 1", @@ -131,12 +131,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) { // Load template LOAD_TEMPLATE("admin_mmenu_delete"); -} elseif ((isset($_POST['status'])) && ($chk > 0) && (!IS_DEMO())) { +} elseif ((REQUEST_ISSET_POST(('status'))) && ($chk > 0) && (!IS_DEMO())) { // Change status (visible / locked) define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); $SW = 2; $cnt = 0; $OUT = ""; - foreach ($_POST['sel'] as $sel => $confirm) { + foreach (REQUEST_POST('sel') as $sel => $confirm) { if ($confirm == 1) { $cnt++; $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE ".$AND." AND id=%s LIMIT 1", @@ -173,17 +173,17 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) { define('__CNT_VALUE', $cnt); // LOAD_TEMPLATE("admin_mmenu_status"); -} elseif ((isset($_POST['ok'])) && (!IS_DEMO())) { +} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) { // An act is done... - foreach ($_POST['sel'] as $sel => $menu) { + foreach (REQUEST_POST('sel') as $sel => $menu) { $AND = "(`what` = '' OR `what` IS NULL)"; $sel = bigintval($sel); if (!empty($SUB)) $AND = "action='".$SUB."'"; - switch ($_POST['ok']) + switch (REQUEST_POST('ok')) { case "edit": // Edit menu SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `title`='%s', `action`='%s', `what`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $sel), __FILE__, __LINE__); + array($menu, REQUEST_POST('sel_act', $sel), REQUEST_POST('sel_what', $sel), $sel), __FILE__, __LINE__); break; case "del": // Delete menu @@ -193,7 +193,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) { case "status": // Change status of menus SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `visible`='%s', `locked`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__); + array(REQUEST_POST('visible', $sel), REQUEST_POST('locked', $sel), $sel), __FILE__, __LINE__); break; } break; @@ -202,37 +202,37 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) { // Load template LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED')); } else { - if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) { + if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) { // Init $tid = ""; $fid = ""; // Get IDs - if (!empty($_GET['w'])) { + if (REQUEST_ISSET_GET(('w'))) { // Sub menus selected $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1", - array(bigintval($_GET['act']), bigintval($_GET['tid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('act')), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__); list($tid) = SQL_FETCHROW($result); SQL_FREERESULT($result); $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1", - array(bigintval($_GET['act']), bigintval($_GET['fid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('act')), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__); list($fid) = SQL_FETCHROW($result); SQL_FREERESULT($result); } else { // Main menu selected $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1", - array(bigintval($_GET['tid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__); list($tid) = SQL_FETCHROW($result); $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1", - array(bigintval($_GET['fid'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__); list($fid) = SQL_FETCHROW($result); } if ((!empty($tid)) && (!empty($fid))) { // Sort menu SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__); SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__); } // END - -fi } diff --git a/inc/modules/admin/what-overview.php b/inc/modules/admin/what-overview.php index 9d43b8d6bf..4f1a7073b4 100644 --- a/inc/modules/admin/what-overview.php +++ b/inc/modules/admin/what-overview.php @@ -85,7 +85,7 @@ if ($JOBS_DONE) { } // List selected tasks on overview when task management is not active - OUTPUT_SELECTED_TASKS($_POST, $result_tasks); + OUTPUT_SELECTED_TASKS(REQUEST_POST_ARRAY(), $result_tasks); } // diff --git a/inc/modules/admin/what-payments.php b/inc/modules/admin/what-payments.php index 210812d708..24f58d4c6a 100644 --- a/inc/modules/admin/what-payments.php +++ b/inc/modules/admin/what-payments.php @@ -40,19 +40,17 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (empty($_GET['do'])) unset($_GET['do']); - -if (((empty($_POST['t_wait'])) || (empty($_POST['payment']))) && (!empty($_GET['do'])) && ($_GET['do'] == "add")) { - unset($_POST['ok']); +if (((!REQUEST_ISSET_POST(('t_wait'))) || (!REQUEST_ISSET_POST(('payment')))) && (REQUEST_ISSET_GET(('do'))) && (REQUEST_GET('do') == "add")) { + REQUEST_UNSET_POST('ok'); } -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { $SQL = array(); - switch ($_GET['do']) { + switch (REQUEST_GET('do')) { case "add": - $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_payments` (time, payment, mail_title, price) VALUES ('".$_POST['t_wait']."','".$_POST['payment']."','".$_POST['title']."','".$_POST['price']."')"; + $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_payments` (time, payment, mail_title, price) VALUES ('".REQUEST_POST('t_wait')."','".REQUEST_POST('payment')."','".REQUEST_POST('title')."','".REQUEST_POST('price')."')"; $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_payments` WHERE time='%s' LIMIT 1", - array($_POST['t_wait']), __FILE__, __LINE__); + array(REQUEST_POST('t_wait')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Free memory $SQLs[0] = ""; @@ -61,13 +59,13 @@ if (isset($_POST['ok'])) { break; case "edit": - foreach ($_POST['time'] as $id => $value) { - $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_payments` SET time='".$value."', payment='".$_POST['pay'][$id]."', price='".$_POST['price'][$id]."', mail_title='".$_POST['title'][$id]."' WHERE id='".$id."' LIMIT 1"; + foreach (REQUEST_POST('time') as $id => $value) { + $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_payments` SET time='".$value."', payment='".REQUEST_POST('pay', $id)."', price='".REQUEST_POST('price', $id)."', mail_title='".REQUEST_POST('title', $id)."' WHERE id='".$id."' LIMIT 1"; } break; case "del": - foreach ($_POST['id'] as $id => $value) { + foreach (REQUEST_POST('id') as $id => $value) { $SQLs[] = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_payments` WHERE id='".$id."' LIMIT 1"; } break; @@ -85,10 +83,10 @@ if (isset($_POST['ok'])) { // Output template LOAD_TEMPLATE("admin_settings_saved", false, $content); -} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) { +} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) { // Delete entries here $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $value) { + foreach (REQUEST_POST('sel') as $id => $value) { $result = SQL_QUERY_ESC("SELECT time, mail_title FROM `{!_MYSQL_PREFIX!}_payments` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($time, $title) = SQL_FETCHROW($result); @@ -110,10 +108,10 @@ if (isset($_POST['ok'])) { // Load main template LOAD_TEMPLATE("admin_del_payments"); -} elseif ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) { +} elseif ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) { // Edit entries $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $value) { + foreach (REQUEST_POST('sel') as $id => $value) { $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM `{!_MYSQL_PREFIX!}_payments` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); list($time, $pay, $title, $price) = SQL_FETCHROW($result); diff --git a/inc/modules/admin/what-refbanner.php b/inc/modules/admin/what-refbanner.php index 1866e42f98..f17446b43e 100644 --- a/inc/modules/admin/what-refbanner.php +++ b/inc/modules/admin/what-refbanner.php @@ -44,28 +44,28 @@ ADD_DESCR("admin", __FILE__); $SEL = 0; // Some sanity-check -if ((empty($_POST['url'])) || (empty($_POST['alternate']))) { - unset($_POST['ok']); +if ((!REQUEST_ISSET_POST(('url'))) || (!REQUEST_ISSET_POST(('alternate')))) { + REQUEST_UNSET_POST('ok'); } // Check selection count -if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']); +if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel')); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Fix older calls from add-new-banner-form - if (empty($_GET['mode'])) $_GET['mode'] = "add"; + if (!REQUEST_ISSET_GET(('mode'))) REQUEST_SET_GET('mode', "add"); $SQL = ""; - switch ($_GET['mode']) + switch (REQUEST_GET('mode')) { case "add": // Check if banner is already added $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE url='%s' LIMIT 1", - array($_POST['url']), __FILE__, __LINE__); + array(REQUEST_POST('url')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Add banner SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_refbanner` (url, alternate, visible) VALUES ('%s','%s','%s')", - array($_POST['url'], $_POST['alternate'], $_POST['visible']), __FILE__, __LINE__); + array(REQUEST_POST('url'), REQUEST_POST('alternate'), REQUEST_POST('visible')), __FILE__, __LINE__); } else { // Free memory SQL_FREERESULT($result); @@ -73,13 +73,18 @@ VALUES ('%s','%s','%s')", break; case "edit": // Update banner - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Secure ID $id = bigintval($id); // Update entry SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET url='%s', alternate='%s', `visible`='%s' WHERE id=%s LIMIT 1", - array($_POST['url'][$id], $_POST['alternate'][$id], $_POST['visible'], $id), __FILE__, __LINE__); + array( + REQUEST_POST('url', $id), + REQUEST_POST('alternate', $id), + REQUEST_POST('visible'), + $id + ), __FILE__, __LINE__); } break; } @@ -90,10 +95,10 @@ VALUES ('%s','%s','%s')", $content = "{--SETTINGS_NOT_SAVED--}"; } LOAD_TEMPLATE("admin_settings_saved", false, $content); -} elseif (($SEL > 0) && (isset($_POST['edit']))) { +} elseif (($SEL > 0) && (REQUEST_ISSET_POST(('edit')))) { // Edit banner $SW = ""; $OUT = ""; - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { // Load data $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); @@ -118,10 +123,10 @@ VALUES ('%s','%s','%s')", // Load main template LOAD_TEMPLATE("admin_refbanner_edit"); } else { - if (($SEL > 0) && (isset($_POST['del']))) + if (($SEL > 0) && (REQUEST_ISSET_POST(('del')))) { // Delete banner - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__); } diff --git a/inc/modules/admin/what-send_bonus.php b/inc/modules/admin/what-send_bonus.php index 6dccfbf088..651b6d6816 100644 --- a/inc/modules/admin/what-send_bonus.php +++ b/inc/modules/admin/what-send_bonus.php @@ -44,20 +44,20 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Set empty mode to "select" -if (empty($_GET['mode'])) $_GET['mode'] = "select"; +if (!REQUEST_ISSET_GET('mode')) REQUEST_SET_GET('mode', "select"); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Deliver bonus mail - ADD_NEW_BONUS_MAIL($_POST, $_GET['mode']); + ADD_NEW_BONUS_MAIL(REQUEST_POST_ARRAY(), REQUEST_GET('mode')); } else { // Get all available users - define('__ALL_VALUE', TRANSLATE_COMMA(GET_TOTAL_RECEIVERS($_GET['mode']))); + define('__ALL_VALUE', TRANSLATE_COMMA(GET_TOTAL_RECEIVERS(REQUEST_GET('mode')))); // Prepare option lines - define('__OPTION_LINES', ADD_CATEGORY_OPTIONS($_GET['mode'])); + define('__OPTION_LINES', ADD_CATEGORY_OPTIONS(REQUEST_GET('mode'))); // Store send mode - define('__MODE', SQL_ESCAPE($_GET['mode'])); + define('__MODE', SQL_ESCAPE(REQUEST_GET('mode'))); if (EXT_IS_ACTIVE("html_mail")) { // If HTML extension is active @@ -68,7 +68,7 @@ if (isset($_POST['ok'])) { } // Select template - switch($_GET['mode']) { + switch(REQUEST_GET('mode')) { case "html": // HTML mails case "normal": // Normal mails $template = "admin_send_bonus_form"; diff --git a/inc/modules/admin/what-send_newsletter.php b/inc/modules/admin/what-send_newsletter.php index f18caeab52..98f1723669 100644 --- a/inc/modules/admin/what-send_newsletter.php +++ b/inc/modules/admin/what-send_newsletter.php @@ -40,7 +40,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { // Add description as navigation point ADD_DESCR("admin", __FILE__); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { $result = SQL_QUERY("SELECT userid, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' AND nl_receive='Y' @@ -52,22 +52,22 @@ ORDER BY userid ASC", __FILE__, __LINE__); $template = "newsletter"; // Check for extension and sending-mode - if (!EXT_IS_ACTIVE("html_mail", true) && ($_POST['mode'] == "html")) { + if (!EXT_IS_ACTIVE("html_mail", true) && (REQUEST_POST('mode') == "html")) { // Set mode to text mode - $_POST['mode'] == "text"; - } elseif ($_POST['mode'] == "html") { + REQUEST_POST('mode') == "text"; + } elseif (REQUEST_POST('mode') == "html") { // Set HTML templates $template = "newsletter_html"; } // Compile message - $_POST['text'] = COMPILE_CODE($_POST['text']); + REQUEST_SET_POST('text', COMPILE_CODE(REQUEST_POST('text'))); // Load template - $msg = LOAD_EMAIL_TEMPLATE($template, array('text' => $_POST['text']), $id); + $msg = LOAD_EMAIL_TEMPLATE($template, array('text' => REQUEST_POST('text')), $id); // ... and send it away! - SEND_NEWSLETTER($email, $_POST['subject'], $msg, $_POST['mode']); + SEND_NEWSLETTER($email, REQUEST_POST('subject'), $msg, REQUEST_POST('mode')); } // Free memory diff --git a/inc/modules/admin/what-stats_mods.php b/inc/modules/admin/what-stats_mods.php index 59a1c99fa3..33e9536e12 100644 --- a/inc/modules/admin/what-stats_mods.php +++ b/inc/modules/admin/what-stats_mods.php @@ -41,15 +41,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // If var is empty set it to empty -if (empty($_GET['mod'])) $_GET['mod'] = ""; +if (!REQUEST_ISSET_GET(('mod'))) REQUEST_SET_GET('mod', ""); // Check if module was selected -if (($_GET['mod'] == "index") || ($_GET['mod'] == "login")) -{ +if ((REQUEST_GET('mod') == "index") || (REQUEST_GET('mod') == "login")) { // Select menu system $mod = ""; - switch ($_GET['mod']) - { + switch (REQUEST_GET('mod')) { case "index": $mod = "guest" ; break; case "login": $mod = "member"; break; } @@ -58,8 +56,7 @@ if (($_GET['mod'] == "index") || ($_GET['mod'] == "login")) $result = SQL_QUERY_ESC("SELECT action, title, counter FROM `{!_MYSQL_PREFIX!}_%s_menu` WHERE `what` != '' AND `what` IS NOT NULL ORDER BY counter DESC", array($mod), __FILE__, __LINE__); $SW = 2; $OUT = ""; - while (list($act, $title, $clicks) = SQL_FETCHROW($result)) - { + while (list($act, $title, $clicks) = SQL_FETCHROW($result)) { // Prepare array for the template $content = array( 'sw' => $SW, @@ -111,5 +108,6 @@ if (($_GET['mod'] == "index") || ($_GET['mod'] == "login")) // Load final template LOAD_TEMPLATE("admin_mods_stats"); } + // ?> diff --git a/inc/modules/admin/what-sub_points.php b/inc/modules/admin/what-sub_points.php index 838204470b..775fdaeac3 100644 --- a/inc/modules/admin/what-sub_points.php +++ b/inc/modules/admin/what-sub_points.php @@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Fix a notice -if (!isset($_GET['u_id'])) $_GET['u_id'] = ""; +if (!REQUEST_ISSET_GET(('uid'))) REQUEST_SET_GET('uid', ""); -if ($_GET['u_id'] == "all") { +if (REQUEST_GET('uid') == "all") { // Add points to all accounts - define('__POINTS_VALUE', $_POST['points']); - if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) { + define('__POINTS_VALUE', REQUEST_POST('points')); + if ((IS_FORM_SENT()) && (REQUEST_POST('points') > 0)) { $result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' ORDER BY userid", __FILE__, __LINE__); while (list($uid) = SQL_FETCHROW($result_main)) { // User ID found in URL so we use this give him some credits @@ -61,14 +61,14 @@ if ($_GET['u_id'] == "all") { // Free result SQL_FREERESULT($result); - if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { + if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) { // Ok, add points to used points and send an email to him... - SUB_POINTS("admin_all", $uid, $_POST['points']); + SUB_POINTS("admin_all", $uid, REQUEST_POST('points')); // Prepare content $content = array( - 'text' => SQL_ESCAPE($_POST['reason']), - 'points' => bigintval($_POST['points']) + 'text' => SQL_ESCAPE(REQUEST_POST('reason')), + 'points' => bigintval(REQUEST_POST('points')) ); // Load message and send it away @@ -86,40 +86,40 @@ if ($_GET['u_id'] == "all") { // Display form add points LOAD_TEMPLATE("admin_sub_points_all"); } -} elseif (!empty($_GET['u_id'])) { +} elseif (REQUEST_ISSET_GET(('uid'))) { // User ID found in URL so we use this give him some credits $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1", - array(bigintval($_GET['u_id'])),__FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))),__FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Selected user does exist list($sname, $fname, $email) = SQL_FETCHROW($result); SQL_FREERESULT($result); - if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { + if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) { // Ok, add to used points and send an email to him... - SUB_POINTS("admin_single", bigintval($_GET['u_id']), $_POST['points']); + SUB_POINTS("admin_single", bigintval(REQUEST_GET('uid')), REQUEST_POST('points')); // Prepare content $content = array( - 'text' => SQL_ESCAPE($_POST['reason']), - 'points' => bigintval($_POST['points']) + 'text' => SQL_ESCAPE(REQUEST_POST('reason')), + 'points' => bigintval(REQUEST_POST('points')) ); // Load email and send it away - $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($_GET['u_id'])); - SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_SUB_SUBJ'), $msg); + $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval(REQUEST_GET('uid'))); + SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_SUB_SUBJ'), $msg); // Output message LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_SUBTRACTED')); } else { // Opps, missing form here define('__USER_VALUE', "".$sname." ".$fname.""); - define('__UID', bigintval($_GET['u_id'])); + define('__UID', bigintval(REQUEST_GET('uid'))); LOAD_TEMPLATE("admin_sub_points"); } } else { // User not found! - LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."
"); + LOAD_TEMPLATE("admin_settings_saved", false, "
".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."
"); } } else { // Output selection form with all confirmed user accounts listed diff --git a/inc/modules/admin/what-surfbar_stats.php b/inc/modules/admin/what-surfbar_stats.php index 2696de21fa..fd48d1ad67 100644 --- a/inc/modules/admin/what-surfbar_stats.php +++ b/inc/modules/admin/what-surfbar_stats.php @@ -41,13 +41,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Is the 'url_id' set? -if (isset($_GET['url_id'])) { +if (REQUEST_ISSET_GET(('url_id'))) { // Generate general statistics $result = SQL_QUERY_ESC("SELECT `userid`, `count` AS `total_visits`, UNIX_TIMESTAMP(`last_online`) AS `last_online` FROM `{!_MYSQL_PREFIX!}_surfbar_stats` WHERE `url_id`=%s ORDER BY `userid` ASC", - array(bigintval($_GET['url_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('url_id'))), __FILE__, __LINE__); // Entries found? if (SQL_NUMROWS($result) > 0) { diff --git a/inc/modules/admin/what-theme_edit.php b/inc/modules/admin/what-theme_edit.php index 13ffa23221..0f7f4738ce 100644 --- a/inc/modules/admin/what-theme_edit.php +++ b/inc/modules/admin/what-theme_edit.php @@ -45,21 +45,21 @@ ADD_DESCR("admin", __FILE__); // Check for selected themes $SEL = 0; -if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']); +if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel')); if ($SEL > 0) { $OUT = ""; - foreach ($_POST['sel'] as $id => $sel) { + foreach (REQUEST_POST('sel') as $id => $sel) { $SQL = ""; // Shall I de-/activate or delete themes? - if (isset($_POST['status'])) { + if (REQUEST_ISSET_POST(('status'))) { // Change status - if ($_POST['active'][$id] == "Y") { + if (REQUEST_POST('active', $id) == "Y") { $SQL = "UPDATE `{!_MYSQL_PREFIX!}_themes` SET theme_active='N' WHERE id='".$id."' LIMIT 1"; } else { $SQL = "UPDATE `{!_MYSQL_PREFIX!}_themes` SET theme_active='Y' WHERE id='".$id."' LIMIT 1"; } $OUT = getMessage('ADMIN_THEMES_UPDATED'); - } elseif (isset($_POST['del'])) { + } elseif (REQUEST_ISSET_POST(('del'))) { // Delete themes $SQL = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_themes` WHERE id='".$id."' LIMIT 1"; $OUT = getMessage('ADMIN_THEMES_DELETED'); @@ -77,9 +77,9 @@ if ($SEL > 0) { // Output generated? if (empty($OUT)) $OUT = getMessage('ADMIN_THEME_NO_OUTPUT'); -} elseif (!empty($_GET['default_theme'])) { +} elseif (REQUEST_ISSET_GET(('default_theme'))) { // Escape string from input - $POST['default_theme'] = SQL_ESCAPE($_GET['default_theme']); + $POST['default_theme'] = SQL_ESCAPE(REQUEST_GET('default_theme')); // Set session set_session('mxchange_theme', $POST['default_theme']); diff --git a/inc/modules/admin/what-theme_import.php b/inc/modules/admin/what-theme_import.php index df118063b9..7cfa35b394 100644 --- a/inc/modules/admin/what-theme_import.php +++ b/inc/modules/admin/what-theme_import.php @@ -47,11 +47,11 @@ ADD_DESCR("admin", __FILE__); $THEME_MODE = "test"; // Import selected theme if not present -if (!empty($_POST['theme'])) { +if (REQUEST_ISSET_POST(('theme'))) { // Check if theme is there - if (!THEME_CHECK_EXIST($_POST['theme'])) { + if (!THEME_CHECK_EXIST(REQUEST_POST('theme'))) { // Import theme - $INC = sprintf("theme/%s/theme.php", SQL_ESCAPE($_POST['theme'])); + $INC = sprintf("theme/%s/theme.php", SQL_ESCAPE(REQUEST_POST('theme'))); if (INCLUDE_READABLE($INC)) { // Load the theme header file LOAD_INC($INC); @@ -59,20 +59,20 @@ if (!empty($_POST['theme'])) { // Register it ith the exchange SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_themes` (`theme_path`, `theme_active`, `theme_ver`, `theme_name`) VALUES ('%s','N','%s','%s')", - array($_POST['theme'], $THEME_VERSION, $THEME_NAME), __FILE__, __LINE__); + array(REQUEST_POST('theme'), $THEME_VERSION, $THEME_NAME), __FILE__, __LINE__); // Destroy cache REBUILD_CACHE("themes", "them"); // Prepare message - $msg = ADMIN_THEME_IMPORTED_1.$_POST['theme'].ADMIN_THEME_IMPORTED_2; + $msg = ADMIN_THEME_IMPORTED_1.REQUEST_POST('theme').ADMIN_THEME_IMPORTED_2; } else { // Include file not found! - $msg = ADMIN_THEME_INC_404_1.$_POST['theme'].ADMIN_THEME_INC_404_2; + $msg = ADMIN_THEME_INC_404_1.REQUEST_POST('theme').ADMIN_THEME_INC_404_2; } } else { // Theme already imported - $msg = ADMIN_THEME_ALREADY_1.$_POST['theme'].ADMIN_THEME_ALREADY_2; + $msg = ADMIN_THEME_ALREADY_1.REQUEST_POST('theme').ADMIN_THEME_ALREADY_2; } // Output message diff --git a/inc/modules/admin/what-unlock_emails.php b/inc/modules/admin/what-unlock_emails.php index e1f53a777f..644d36a984 100644 --- a/inc/modules/admin/what-unlock_emails.php +++ b/inc/modules/admin/what-unlock_emails.php @@ -49,21 +49,21 @@ FROM `{!_MYSQL_PREFIX!}_pool` WHERE `data_type`='ADMIN' ORDER BY `timestamp` ASC", __FILE__, __LINE__); -if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) { +if ((SQL_NUMROWS($result_main) > 0) || (REQUEST_ISSET_POST(('lock')))) { // Count checked checkboxes $SEL = 0; - if (isset($_POST['sel'])) { + if (REQUEST_ISSET_POST(('sel'))) { // Are there checked boxes? - if (count($_POST['sel']) > 0) { + if (count(REQUEST_POST('sel')) > 0) { // Count now... We use an own function for now - $SEL = SELECTION_COUNT($_POST['sel']); + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); } // END - if } // END - if - if (isset($_POST['accept'])) { + if (REQUEST_ISSET_POST(('accept'))) { if ($SEL > 0) { // Accept mail orders - foreach ($_POST['sel'] as $id => $value) { + foreach (REQUEST_POST('sel') as $id => $value) { // Secure ID number $id = bigintval($id); @@ -121,11 +121,11 @@ LIMIT 1", // Mails unlocked for mail delivery LOAD_TEMPLATE("admin_settings_saved", false, $MSG); - } elseif (isset($_POST['reject'])) { + } elseif (REQUEST_ISSET_POST(('reject'))) { if ($SEL > 0) { // Reject mail orders $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id => $value) { + foreach (REQUEST_POST('sel') as $id => $value) { // Secure ID number $id = bigintval($id); @@ -144,17 +144,17 @@ LIMIT 1", SEND_EMAIL($DATA['sender'], MEMBER_ORDER_REJECTED, $msg_user); // If you do not enter an URL to redirect to, your URL will be set! - if ((empty($_POST['redirect'])) || ($_POST['redirect'] == "http://")) $_POST['redirect'] = constant('URL'); + if ((!REQUEST_ISSET_POST(('redirect'))) || (REQUEST_POST('redirect') == "http://")) REQUEST_SET_POST('redirect', constant('URL')); // Redirect URL SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1", - array($_POST['redirect'], $id),__FILE__, __LINE__); + array(REQUEST_POST('redirect'), $id),__FILE__, __LINE__); // Prepare data for the row template $content = array( 'sw' => $SW, 'id' => $id, - 'url' => $_POST['url'][$id], + 'url' => REQUEST_POST('url', $id), ); // Load row template and switch colors @@ -169,9 +169,9 @@ LIMIT 1", // Nothing selected LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_MAILS_NOTHING_CHECKED')); } - } elseif ((isset($_POST['lock'])) && ($SEL > 0) && (getConfig('url_blacklist') == "Y")) { + } elseif ((REQUEST_ISSET_POST(('lock'))) && ($SEL > 0) && (getConfig('url_blacklist') == "Y")) { // Lock URLs - foreach ($_POST['sel'] as $id => $url) { + foreach (REQUEST_POST('sel') as $id => $url) { // Secure id number $id = bigintval($id); @@ -190,7 +190,7 @@ LIMIT 1", // Output message LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_URLS_BLOCKED')); - } elseif ((empty($_POST['lock'])) && (empty($_POST['accept'])) && (empty($_POST['reject'])) && (getConfig('url_blacklist') == "Y")) { + } elseif ((!REQUEST_ISSET_POST(('lock'))) && (!REQUEST_ISSET_POST(('accept'))) && (!REQUEST_ISSET_POST(('reject'))) && (getConfig('url_blacklist') == "Y")) { // Mail orders are in pool so we can display them $SW = 2; $OUT = ""; while ($content = SQL_FETCHARRAY($result_main)) { @@ -227,7 +227,7 @@ LIMIT 1", // Load main template LOAD_TEMPLATE("admin_unlock_emails"); - } elseif ((isset($_POST['lock'])) && (getConfig('url_blacklist') != "Y")) { + } elseif ((REQUEST_ISSET_POST(('lock'))) && (getConfig('url_blacklist') != "Y")) { // URL blacklist not activated LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_URL_BLACKLIST_DISABLED')); } else { diff --git a/inc/modules/admin/what-unlock_sponsor.php b/inc/modules/admin/what-unlock_sponsor.php index a4c552c97c..9867936bb8 100644 --- a/inc/modules/admin/what-unlock_sponsor.php +++ b/inc/modules/admin/what-unlock_sponsor.php @@ -41,11 +41,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Check if admin has submitted form -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Does he have selected at least one sponsor? - if (SELECTION_COUNT($_POST['id']) > 0) { + if (SELECTION_COUNT(REQUEST_POST('id')) > 0) { // At least one entry selected - foreach ($_POST['id'] as $id => $sel) { + foreach (REQUEST_POST('id') as $id => $sel) { // Secure ID number $id = bigintval($id); diff --git a/inc/modules/admin/what-unlock_surfbar_urls.php b/inc/modules/admin/what-unlock_surfbar_urls.php index 3e52edd27e..8ce2a2a8a0 100644 --- a/inc/modules/admin/what-unlock_surfbar_urls.php +++ b/inc/modules/admin/what-unlock_surfbar_urls.php @@ -41,18 +41,18 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Is the form sent? -if ((isset($_POST['unlock'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) { +if ((REQUEST_ISSET_POST(('unlock'))) && (is_array(REQUEST_POST('id'))) && (count(REQUEST_POST('id')) > 0)) { // Unlock selected URLs - if (SURFBAR_ADMIN_UNLOCK_URL_IDS($_POST['id'])) { + if (SURFBAR_ADMIN_UNLOCK_URL_IDS(REQUEST_POST('id'))) { // Unlock done! :-) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_UNLOCK_DONE')); } else { // Unlock failed! LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_UNLOCK_FAILED')); } -} elseif ((isset($_POST['reject'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) { +} elseif ((REQUEST_ISSET_POST(('reject'))) && (is_array(REQUEST_POST('id'))) && (count(REQUEST_POST('id')) > 0)) { // Reject selected URLs - if (SURFBAR_ADMIN_REJECT_URL_IDS($_POST['id'])) { + if (SURFBAR_ADMIN_REJECT_URL_IDS(REQUEST_POST('id'))) { // Unlock done! :-) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_UNLOCK_DONE')); } else { diff --git a/inc/modules/admin/what-usage.php b/inc/modules/admin/what-usage.php index 09da0a61ee..f211bde553 100644 --- a/inc/modules/admin/what-usage.php +++ b/inc/modules/admin/what-usage.php @@ -43,19 +43,19 @@ ADD_DESCR("admin", __FILE__); // Base directory (should be moved to database) $usage = getConfig('usage_base')."/"; -if (!empty($_GET['image'])) { - if ($_GET['type'] == "usage") { +if (REQUEST_ISSET_GET(('image'))) { + if (REQUEST_GET('type') == "usage") { $FQFN = sprintf("%s%s/usage.png", constant('PATH'), getConfig('usage_base') ); } else { - if (strpos($_GET['image'], "\\") > 0) $_GET['image'] = substr($_GET['image'], 0, strpos($_GET['image'], "\\")); + if (strpos(REQUEST_GET('image'), "\\") > 0) REQUEST_SET_GET('image', substr(REQUEST_GET('image'), 0, strpos(REQUEST_GET('image'), "\\"))); $FQFN = sprintf("%s%s/%s_usage_%s.png", constant('PATH'), getConfig('usage_base'), - SQL_ESCAPE($_GET['type']), - SQL_ESCAPE($_GET['image']) + SQL_ESCAPE(REQUEST_GET('type')), + SQL_ESCAPE(REQUEST_GET('image')) ); } @@ -66,7 +66,7 @@ if (!empty($_GET['image'])) { imagedestroy($image); } exit(); -} elseif (empty($_GET['usage'])) { +} elseif (!REQUEST_ISSET_GET(('usage'))) { $FQFN = sprintf("%s%s/index.html", constant('PATH'), getConfig('usage_base') @@ -75,7 +75,7 @@ if (!empty($_GET['image'])) { $FQFN = sprintf("%s%s/usage_%s.html", constant('PATH'), getConfig('usage_base'), - SQL_ESCAPE($_GET['usage']) + SQL_ESCAPE(REQUEST_GET('usage')) ); } diff --git a/inc/modules/admin/what-user_contct.php b/inc/modules/admin/what-user_contct.php index 99f50fc35f..0fda63c56a 100644 --- a/inc/modules/admin/what-user_contct.php +++ b/inc/modules/admin/what-user_contct.php @@ -41,10 +41,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Is a user id given? -if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) { +if ((REQUEST_ISSET_GET(('uid'))) && (bigintval(REQUEST_GET('uid')) > 0)) { // Load user data and display it $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($_GET['u_id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__); // Is a user account found? if (SQL_NUMROWS($result) == 1) { @@ -52,12 +52,12 @@ if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) { $content = SQL_FETCHARRAY($result); // Including user ID - $content['u_id'] = bigintval($_GET['u_id']); + $content['uid'] = bigintval(REQUEST_GET('uid')); // Shall we send the email? - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Insert text - $content['text'] = trim(strip_tags($_POST['text'])); + $content['text'] = trim(strip_tags(REQUEST_POST('text'))); // Send contact form out $msg = LOAD_EMAIL_TEMPLATE("member_contct", $content); @@ -69,7 +69,7 @@ if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) { } } else { // Not found? - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(USER_ACCOUNT_404, bigintval($_GET['u_id']))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(USER_ACCOUNT_404, bigintval(REQUEST_GET('uid')))); } // Free result diff --git a/inc/modules/chk_login.php b/inc/modules/chk_login.php index 016ecc249a..1790aeb1f1 100644 --- a/inc/modules/chk_login.php +++ b/inc/modules/chk_login.php @@ -92,7 +92,7 @@ LIMIT 1", if (SQL_AFFECTEDROWS() == 1) $bonus = true; } // END - if - if (($bonus) && ($_GET['mode'] == "bonus") && (EXT_IS_ACTIVE("bonus"))) { + if (($bonus) && (REQUEST_GET('mode') == "bonus") && (EXT_IS_ACTIVE("bonus"))) { // Output message with added points $MSG .= "
{--BONUS_LOGIN_BONUS_ADDED_1--} diff --git a/inc/modules/frametester.php b/inc/modules/frametester.php index aae2439303..97d8c32bb6 100644 --- a/inc/modules/frametester.php +++ b/inc/modules/frametester.php @@ -39,12 +39,12 @@ if (!defined('__SECURITY')) { $MODE = "guest"; -if (!empty($_GET['order'])) { +if (REQUEST_ISSET_GET(('order'))) { // Order number placed, is he also logged in? if (IS_MEMBER()) { // Ok, test passed... :) $result = SQL_QUERY_ESC("SELECT subject, url FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1", - array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('order')), $GLOBALS['userid']), __FILE__, __LINE__); // Finally is the entry valid? if (SQL_NUMROWS($result) == 1) { @@ -52,7 +52,7 @@ if (!empty($_GET['order'])) { list($sub, $url) = SQL_FETCHROW($result); // This fixes a white page - $_POST['url'] = $url; + REQUEST_SET_POST('url', $url); // Mode is member $MODE = "member"; @@ -69,19 +69,19 @@ if (!empty($_GET['order'])) { } } -if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) { +if ((REQUEST_ISSET_POST(('url'))) || (REQUEST_ISSET_GET(('url'))) || (REQUEST_ISSET_GET(('frame')))) { // Default URL is ours $url = constant('URL'); // Decode URL if set in GET parameters - if (!empty($_GET['url'])) $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode($_GET['url'])))); + if (REQUEST_ISSET_GET(('url'))) $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode(REQUEST_GET('url'))))); // Use URL from POST data if set - if (!empty($_POST['url'])) $url = $_POST['url']; + if (REQUEST_ISSET_POST(('url'))) $url = REQUEST_POST('url'); // Add missing element $frame = ""; - if (!empty($_GET['frame'])) $frame = SQL_ESCAPE($_GET['frame']); + if (REQUEST_ISSET_GET(('frame'))) $frame = SQL_ESCAPE(REQUEST_GET('frame')); switch ($frame) { case "": @@ -89,7 +89,7 @@ if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']) { case "member": // Build frameset - define('__ORDER_VALUE', bigintval($_GET['order'])); + define('__ORDER_VALUE', bigintval(REQUEST_GET('order'))); define('__URL_VALUE' , DEREFERER($url)); LOAD_TEMPLATE("member_order_frametester"); break; @@ -106,11 +106,11 @@ if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']) break; case "back": // Back buttom - LOAD_TEMPLATE("member_order_back", false, $_GET['order']); + LOAD_TEMPLATE("member_order_back", false, REQUEST_GET('order')); break; case "send": // Send mail away - LOAD_TEMPLATE("member_order_send", false, $_GET['order']); + LOAD_TEMPLATE("member_order_send", false, REQUEST_GET('order')); break; } } else { diff --git a/inc/modules/guest/what-confirm.php b/inc/modules/guest/what-confirm.php index a41e757126..f0748ce729 100644 --- a/inc/modules/guest/what-confirm.php +++ b/inc/modules/guest/what-confirm.php @@ -40,20 +40,20 @@ if (!defined('__SECURITY')) { // Add description as navigation point ADD_DESCR("guest", __FILE__); -if (!empty($_GET['hash'])) { +if (REQUEST_ISSET_GET(('hash'))) { // Initialize the user ID $uid = 0; // Search for an unconfirmed or confirmed account $result = SQL_QUERY_ESC("SELECT userid, email, refid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE user_hash='%s' AND (`status`='UNCONFIRMED' OR `status`='CONFIRMED') LIMIT 1", - array($_GET['hash']), __FILE__, __LINE__); + array(REQUEST_GET('hash')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Ok, he want's to confirm now so we load some data list ($uid, $email, $rid) = SQL_FETCHROW($result); // Unlock his account (but only when it is on UNCONFIRMED!) SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='CONFIRMED', ref_payout=%s, user_hash=NULL WHERE user_hash='%s' AND `status`='UNCONFIRMED' LIMIT 1", - array(getConfig('ref_payout'), $_GET['hash']), __FILE__, __LINE__); + array(getConfig('ref_payout'), REQUEST_GET('hash')), __FILE__, __LINE__); if (SQL_AFFECTEDROWS() == 1) { $msg = LOAD_EMAIL_TEMPLATE("confirm-member", array('points' => getConfig('points_register')), bigintval($uid)); @@ -132,10 +132,10 @@ if (!empty($_GET['hash'])) { define('__UID', "0"); LOAD_TEMPLATE("guest_confirm_table"); } -} elseif ((isset($_POST['ok'])) && (!empty($_POST['email']))) { +} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('email')))) { // Confirmation link requested 0 1 2 $result = SQL_QUERY_ESC("SELECT userid, status, user_hash FROM `{!_MYSQL_PREFIX!}_user_data` WHERE email='%s' LIMIT 1", - array($_POST['email']), __FILE__, __LINE__); + array(REQUEST_POST('email')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Email address found $DATA = SQL_FETCHROW($result); @@ -143,7 +143,7 @@ if (!empty($_GET['hash'])) { { case "UNCONFIRMED": // Account not confirmed $msg = LOAD_EMAIL_TEMPLATE("guest_request_confirm", array('hash' => $DATA[2]), $DATA[0]); - SEND_EMAIL($_POST['email'], getMessage('REQUEST_CONFIRM_LINK_SUBJ'), $msg); + SEND_EMAIL(REQUEST_POST('email'), getMessage('REQUEST_CONFIRM_LINK_SUBJ'), $msg); $content = getMessage('CONFIRM_LINK_SENT'); break; diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index cd575419ea..4a2f2a233e 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -58,46 +58,46 @@ $ADD = ""; if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) { // Maybe, then continue with it $uid = $GLOBALS['userid']; -} elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) { +} elseif ((REQUEST_ISSET_POST(('id'))) && (REQUEST_ISSET_POST(('password'))) && (IS_FORM_SENT())) { // Set userid and crypt password when login data was submitted - if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($_POST['id']))) { + if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID(REQUEST_POST('id')))) { // Nickname entered - $uid = SQL_ESCAPE($_POST['id']); + $uid = SQL_ESCAPE(REQUEST_POST('id')); } else { // Direct userid entered - $uid = bigintval($_POST['id']); + $uid = bigintval(REQUEST_POST('id')); } -} elseif (!empty($_POST['new_pass'])) { +} elseif (REQUEST_ISSET_POST(('new_pass'))) { // New password requested $uid = 0; - if (!empty($_POST['id'])) $uid = $_POST['id']; + if (REQUEST_ISSET_POST(('id'))) $uid = REQUEST_POST('id'); } else { // Not logged in $uid = 0; $hash = ""; } // Set unset variables -if (empty($_POST['new_pass'])) $_POST['new_pass'] = ""; -if (empty($_GET['login'])) $_GET['login'] = ""; +if (!REQUEST_ISSET_POST(('new_pass'))) REQUEST_SET_POST('new_pass', ""); +if (!REQUEST_ISSET_GET(('login'))) REQUEST_SET_GET('login' , ""); if (IS_MEMBER()) { // Login immidiately... $URL = "modules.php?module=login"; -} elseif ((isset($_POST['ok'])) && ("".$uid."" != "".$_POST['id']."")) { +} elseif ((IS_FORM_SENT()) && ("".$uid."" != "".REQUEST_POST('id')."")) { // Invalid input (no nickname extension installed but nickname entered) $ERROR = constant('CODE_EXTENSION_PROBLEM'); -} elseif (isset($_POST['ok'])) { +} elseif (IS_FORM_SENT()) { // Try the login (see inc/libs/user_functions.php) - $URL = USER_DO_LOGIN($_POST['id'], $_POST['password']); -} elseif ((!empty($_POST['new_pass'])) && (isset($uid))) { + $URL = USER_DO_LOGIN(REQUEST_POST('id'), REQUEST_POST('password')); +} elseif ((REQUEST_ISSET_POST(('new_pass'))) && (isset($uid))) { // Try the userid/email lookup (see inc/libs/user_functions.php) - $ERROR = USER_DO_NEW_PASSWORD($_POST['email'], $uid); + $ERROR = USER_DO_NEW_PASSWORD(REQUEST_POST('email'), $uid); } // Login problems? -if (!empty($_GET['login'])) { +if (REQUEST_ISSET_GET(('login'))) { // Use code from URL - $ERROR = SQL_ESCAPE($_GET['login']); + $ERROR = SQL_ESCAPE(REQUEST_GET('login')); } // END - if // Login problems? diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index 422fbf7787..def32b4b41 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -47,25 +47,27 @@ global $DATA; // Initialize variables $FAILED = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false; -if (!isset($_POST['ok'])) unset($_POST['ok']); -if (empty($_POST['agree'])) $_POST['agree'] = ""; -if (empty($_POST['addy'])) $_POST['addy'] = ""; -if (empty($_POST['surname'])) $_POST['surname'] = ""; -if (empty($_POST['family_name'])) $_POST['family_name'] = ""; -if (empty($_POST['pass1'])) $_POST['pass1'] = ""; -if (empty($_POST['pass2'])) $_POST['pass2'] = ""; -if (empty($_POST['day'])) $_POST['day'] = ""; -if (empty($_POST['month'])) $_POST['month'] = ""; -if (empty($_POST['year'])) $_POST['year'] = ""; -if (empty($_POST['max_mails'])) $_POST['max_mails'] = ""; -if (empty($_POST['street_nr'])) $_POST['street_nr'] = ""; -if (empty($_POST['zip'])) $_POST['zip'] = ""; -if (empty($_POST['city'])) $_POST['city'] = ""; -if (empty($_POST['cntry'])) $_POST['cntry'] = ""; -if (empty($_POST['country_code'])) $_POST['country_code'] = "1"; + +if (!IS_FORM_SENT()) REQUEST_UNSET_POST('ok'); + +if (!REQUEST_ISSET_POST(('agree'))) REQUEST_SET_POST('agree' , ""); +if (!REQUEST_ISSET_POST(('addy'))) REQUEST_SET_POST('addy' , ""); +if (!REQUEST_ISSET_POST(('surname'))) REQUEST_SET_POST('surname' , ""); +if (!REQUEST_ISSET_POST(('family'))) REQUEST_SET_POST('family' , ""); +if (!REQUEST_ISSET_POST(('pass1'))) REQUEST_SET_POST('pass1' , ""); +if (!REQUEST_ISSET_POST(('pass2'))) REQUEST_SET_POST('pass2' , ""); +if (!REQUEST_ISSET_POST(('day'))) REQUEST_SET_POST('day' , ""); +if (!REQUEST_ISSET_POST(('month'))) REQUEST_SET_POST('month' , ""); +if (!REQUEST_ISSET_POST(('year'))) REQUEST_SET_POST('year' , ""); +if (!REQUEST_ISSET_POST(('max_mails'))) REQUEST_SET_POST('max_mails' , ""); +if (!REQUEST_ISSET_POST(('street_nr'))) REQUEST_SET_POST('street_nr' , ""); +if (!REQUEST_ISSET_POST(('zip'))) REQUEST_SET_POST('zip' , ""); +if (!REQUEST_ISSET_POST(('city'))) REQUEST_SET_POST('city' , ""); +if (!REQUEST_ISSET_POST(('cntry'))) REQUEST_SET_POST('cntry' , ""); +if (!REQUEST_ISSET_POST(('country_code'))) REQUEST_SET_POST('country_code', "1"); // Default refid is zero -$_POST['refid'] = 0; +REQUEST_SET_POST('refid', 0); if ($GLOBALS['refid'] > 0) { // Test if the refid is valid $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", @@ -75,57 +77,57 @@ if ($GLOBALS['refid'] > 0) { //* DEBUG: */ die("refid={$GLOBALS['refid']}/numRows=".SQL_NUMROWS($result).""); if (SQL_NUMROWS($result) == 0) { // Not found so we set your refid! - $_POST['refid'] = getConfig('def_refid'); + REQUEST_SET_POST('refid', getConfig('def_refid')); set_session('refid', getConfig('def_refid')); } else { // Use the refid here - $_POST['refid'] = $GLOBALS['refid']; + REQUEST_SET_POST('refid', $GLOBALS['refid']); } } // END - if -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // First we only check the submitted data then we continue... :) // // Did he agree to our Terms Of Usage? - if ($_POST['agree'] != "Y") { - $_POST['agree'] = "!"; + if (REQUEST_POST('agree') != "Y") { + REQUEST_SET_POST('agree', "!"); $FAILED = true; } // END - if // Did he enter a valid email address? (we really don't care about // that, he has to click on a confirmation link :P ) - if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy']))) { - $_POST['addy'] = "!"; + if ((!REQUEST_ISSET_POST(('addy'))) || (!VALIDATE_EMAIL(REQUEST_POST('addy')))) { + REQUEST_SET_POST('addy', "!"); $FAILED = true; } // END - if // And what about surname and family's name? - if (empty($_POST['surname'])) { - $_POST['surname'] = "!"; + if (!REQUEST_ISSET_POST(('surname'))) { + REQUEST_SET_POST('surname', "!"); $FAILED = true; } // END - if - if (empty($_POST['family_name'])) { - $_POST['family_name'] = "!"; + if (!REQUEST_ISSET_POST(('family'))) { + REQUEST_SET_POST('family', "!"); $FAILED = true; } // END - if // Check for required fields - if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS($_POST); + if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS(REQUEST_POST_ARRAY()); // Did he enter his password twice? - if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))) { - if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) { - $_POST['pass1'] = "!"; - $_POST['pass2'] = "!"; + if (((!REQUEST_ISSET_POST(('pass1'))) || (!REQUEST_ISSET_POST(('pass2')))) || ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))))) { + if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) { + REQUEST_SET_POST('pass1', "!"); + REQUEST_SET_POST('pass2', "!"); } else { - if (empty($_POST['pass1'])) { $_POST['pass1'] = "!"; } else { $_POST['pass1'] = ""; } - if (empty($_POST['pass2'])) { $_POST['pass2'] = "!"; } else { $_POST['pass2'] = ""; } + if (!REQUEST_ISSET_POST(('pass1'))) { REQUEST_SET_POST('pass1', "!"); } else { REQUEST_SET_POST('pass1' ""); } + if (!REQUEST_ISSET_POST(('pass2'))) { REQUEST_SET_POST('pass2', "!"); } else { REQUEST_SET_POST('pass2' ""); } } $FAILED = true; } // END - if // Is the password long enouth? - if ((strlen($_POST['pass1']) < getConfig('pass_len')) && (!$FAILED)) { + if ((strlen(REQUEST_POST('pass1')) < getConfig('pass_len')) && (!$FAILED)) { $SHORT_PASS = true; $FAILED = true; } // END - if @@ -133,7 +135,7 @@ if (isset($_POST['ok'])) { // No admin? Admins can always register! if (!IS_ADMIN()) { // Do this check only when no admin is logged in - foreach ($_POST['cat'] as $id => $answer) { + foreach (REQUEST_POST('cat') as $id => $answer) { if ($answer == "Y") $cats++; } // END - foreach @@ -143,10 +145,10 @@ if (isset($_POST['ok'])) { } // END - if } // END - if - if (($_POST['addy'] != "!") && (getConfig('check_double_email') == "Y")) { + if ((REQUEST_POST('addy') != "!") && (getConfig('check_double_email') == "Y")) { // Does the email address already exists in our database? - $CHK = SEARCH_EMAIL_USERTAB($_POST['addy']); - if ($CHK) { $_POST['addy'] = "?"; $FAILED = true; } + $CHK = SEARCH_EMAIL_USERTAB(REQUEST_POST('addy')); + if ($CHK) { REQUEST_SET_POST('addy', "?"); $FAILED = true; } } // END - if // Check for IP timeout? @@ -166,10 +168,10 @@ if (isset($_POST['ok'])) { SQL_FREERESULT($result); } -if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) { +if ((IS_FORM_SENT()) && ((!$FAILED) || (IS_ADMIN()))) { // Prepapre month and day of birth - if (strlen($_POST['day']) == 1) $_POST['day'] = "0".$_POST['day']; - if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month']; + if (strlen(REQUEST_POST('day')) == 1) REQUEST_POST('day') = "0".REQUEST_POST('day'); + if (strlen(REQUEST_POST('month')) == 1) REQUEST_SET_POST('month', "0".REQUEST_POST('month')); // Get total ... // ... confirmed, ... @@ -180,7 +182,7 @@ if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) { $lockedUsers = GET_TOTAL_DATA("LOCKED", "user_data", "userid", "status", true); // Generate hash which will be inserted into confirmation mail - $hash = generateHash(sha1($confirmedUsers.":".$unconfirmedUsers.":".$lockedUsers.":".$_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".GET_REMOTE_ADDR().":".GET_USER_AGENT()."/".SITE_KEY."/".DATE_KEY."/".RAND_NUMBER)); + $hash = generateHash(sha1($confirmedUsers.":".$unconfirmedUsers.":".$lockedUsers.":".REQUEST_POST('month')."-".REQUEST_POST('day')."-".REQUEST_POST('year').":".getenv('SERVER_NAME').":".GET_REMOTE_ADDR().":".GET_USER_AGENT()."/".SITE_KEY."/".DATE_KEY."/".RAND_NUMBER)); // Add design when extension sql_patches is v0.2.7 or greater $ADD1 = ""; $ADD2 = ""; @@ -215,11 +217,11 @@ if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) { if (EXT_IS_ACTIVE("country")) { // Save with new selectable country code $countryRow = "country_code"; - $countryData = bigintval($_POST['country_code']); + $countryData = bigintval(REQUEST_POST('country_code')); } else { // Old way with enterable two-char-code $countryRow = "country"; - $countryData = substr($_POST['cntry'], 0, 2); + $countryData = substr(REQUEST_POST('cntry'), 0, 2); } ////////////////////////////// @@ -230,21 +232,21 @@ if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) { VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")", array( $countryRow, - substr($_POST['gender'], 0, 1), - $_POST['surname'], - $_POST['family_name'], - $_POST['street_nr'], + substr(REQUEST_POST('gender'), 0, 1), + REQUEST_POST('surname'), + REQUEST_POST('family'), + REQUEST_POST('street_nr'), $countryData, - bigintval($_POST['zip']), - $_POST['city'], - $_POST['addy'], - bigintval($_POST['day']), - bigintval($_POST['month']), - bigintval($_POST['year']), - generateHash($_POST['pass1']), - bigintval($_POST['max_mails']), - bigintval($_POST['max_mails']), - bigintval($_POST['refid']), + bigintval(REQUEST_POST('zip')), + REQUEST_POST('city'), + REQUEST_POST('addy'), + bigintval(REQUEST_POST('day')), + bigintval(REQUEST_POST('month')), + bigintval(REQUEST_POST('year')), + generateHash(REQUEST_POST('pass1')), + bigintval(REQUEST_POST('max_mails')), + bigintval(REQUEST_POST('max_mails')), + bigintval(REQUEST_POST('refid')), $hash, GET_REMOTE_ADDR(), ), __FILE__, __LINE__); @@ -283,8 +285,8 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF } // END - if // Write catgories - if ((is_array($_POST['cat'])) && (count($_POST['cat']))) { - foreach ($_POST['cat'] as $cat => $joined) { + if ((is_array(REQUEST_POST('cat'))) && (count(REQUEST_POST('cat')))) { + foreach (REQUEST_POST('cat') as $cat => $joined) { if ($joined == "Y") { // Insert category entry SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_cats` (userid, cat_id) VALUES (%s, %s)", @@ -294,28 +296,28 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF } // END - if // Rewrite gender - $gender = TRANSLATE_GENDER($_POST['gender']); + $gender = TRANSLATE_GENDER(REQUEST_POST('gender')); // ... rewrite a zero referal ID to the main title - if ($_POST['refid'] == "0") $_POST['refid'] = constant('MAIN_TITLE'); + if (REQUEST_POST('refid') == "0") REQUEST_SET_POST('refid', constant('MAIN_TITLE')); // Is ZIP code set? - if (!empty($_POST['zip'])) { + if (REQUEST_ISSET_POST(('zip'))) { // Prepare data array for the email template // Start with the gender... $DATA = array( 'hash' => $hash, 'uid' => $userid, 'gender' => $gender, - 'surname' => SQL_ESCAPE($_POST['surname']), - 'family' => SQL_ESCAPE($_POST['family_name']), - 'email' => SQL_ESCAPE($_POST['addy']), - 'street' => SQL_ESCAPE($_POST['street_nr']), - 'city' => SQL_ESCAPE($_POST['city']), - 'zip' => bigintval($_POST['zip']), + 'surname' => SQL_ESCAPE(REQUEST_POST('surname')), + 'family' => SQL_ESCAPE(REQUEST_POST('family')), + 'email' => SQL_ESCAPE(REQUEST_POST('addy')), + 'street' => SQL_ESCAPE(REQUEST_POST('street_nr')), + 'city' => SQL_ESCAPE(REQUEST_POST('city')), + 'zip' => bigintval(REQUEST_POST('zip')), 'country' => $countryData, - 'refid' => SQL_ESCAPE($_POST['refid']), - 'pass' => SQL_ESCAPE($_POST['pass1']), + 'refid' => SQL_ESCAPE(REQUEST_POST('refid')), + 'pass' => SQL_ESCAPE(REQUEST_POST('pass1')), ); } else { // No ZIP code entered @@ -323,15 +325,15 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF 'hash' => $hash, 'uid' => $userid, 'gender' => $gender, - 'surname' => SQL_ESCAPE($_POST['surname']), - 'family' => SQL_ESCAPE($_POST['family_name']), - 'email' => SQL_ESCAPE($_POST['addy']), - 'street' => SQL_ESCAPE($_POST['street_nr']), - 'city' => SQL_ESCAPE($_POST['city']), + 'surname' => SQL_ESCAPE(REQUEST_POST('surname')), + 'family' => SQL_ESCAPE(REQUEST_POST('family')), + 'email' => SQL_ESCAPE(REQUEST_POST('addy')), + 'street' => SQL_ESCAPE(REQUEST_POST('street_nr')), + 'city' => SQL_ESCAPE(REQUEST_POST('city')), 'zip' => "", 'country' => $countryData, - 'refid' => SQL_ESCAPE($_POST['refid']), - 'pass' => SQL_ESCAPE($_POST['pass1']), + 'refid' => SQL_ESCAPE(REQUEST_POST('refid')), + 'pass' => SQL_ESCAPE(REQUEST_POST('pass1')), ); } @@ -339,11 +341,11 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF switch (GET_LANGUAGE()) { case "de": - $DATA['birthday'] = bigintval($_POST['day']).".".bigintval($_POST['month']).".".bigintval($_POST['year']); + $DATA['birthday'] = bigintval(REQUEST_POST('day')).".".bigintval(REQUEST_POST('month')).".".bigintval(REQUEST_POST('year')); break; default: - $DATA['birthday'] = bigintval($_POST['month'])."/".bigintval($_POST['day'])."/".bigintval($_POST['year']); + $DATA['birthday'] = bigintval(REQUEST_POST('month'))."/".bigintval(REQUEST_POST('day'))."/".bigintval(REQUEST_POST('year')); break; } @@ -361,33 +363,33 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF // Output success registration LOAD_TEMPLATE("admin_settings_saved", false, getMessage('REGISTRATION_DONE')); } else { - if ($_POST['agree'] == "!") { + if (REQUEST_POST('agree') == "!") { OUTPUT_HTML("
{--HAVE_TO_AGREE--}
"); } // END - if - if ($_POST['addy'] == "!") { + if (REQUEST_POST('addy') == "!") { OUTPUT_HTML("
{--ENTER_EMAIL--}
"); - $_POST['addy'] = ""; - } elseif ($_POST['addy'] == "?") { + REQUEST_SET_POST('addy', ""); + } elseif (REQUEST_POST('addy') == "?") { OUTPUT_HTML("
{--EMAIL_ALREADY_DB--}
"); - $_POST['addy'] = ""; + REQUEST_SET_POST('addy', ""); } - if ($_POST['surname'] == "!") { + if (REQUEST_POST('surname') == "!") { OUTPUT_HTML("
{--ENTER_SURNAME--}
"); - $_POST['surname'] = ""; + REQUEST_SET_POST('surname', ""); } // END - if - if ($_POST['family_name'] == "!") { + if (REQUEST_POST('family') == "!") { OUTPUT_HTML("
{--ENTER_FAMILY--}
"); - $_POST['family_name'] = ""; + REQUEST_SET_POST('family', ""); } // END - if - if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!")) { + if ((REQUEST_POST('pass1') == "!") && (REQUEST_POST('pass2') == "!")) { OUTPUT_HTML("
{--ENTER_BOTH_PASSWORDS--}
"); - } elseif ($_POST['pass1'] == "!") { + } elseif (REQUEST_POST('pass1') == "!") { OUTPUT_HTML("
{--ENTER_PASS1--}
"); - } elseif ($_POST['pass2'] == "!") { + } elseif (REQUEST_POST('pass2') == "!") { OUTPUT_HTML("
{--ENTER_PASS2--}
"); } @@ -407,11 +409,11 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF switch (GET_LANGUAGE()) { case "de": // German date format - define('BIRTHDAY_SELECTION', ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("year", $_POST['year'])); + define('BIRTHDAY_SELECTION', ADD_SELECTION("day", REQUEST_POST('day')).ADD_SELECTION("month", REQUEST_POST('month')).ADD_SELECTION("year", REQUEST_POST('year'))); break; default: // Default is the US date format... :) - define('BIRTHDAY_SELECTION', ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("year", $_POST['year'])); + define('BIRTHDAY_SELECTION', ADD_SELECTION("month", REQUEST_POST('month')).ADD_SELECTION("day", REQUEST_POST('day')).ADD_SELECTION("year", REQUEST_POST('year'))); break; } @@ -437,17 +439,17 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF define('LEAST_CATS_VALUE', getConfig('least_cats')); // Other values - define('__SURNAME', SQL_ESCAPE($_POST['surname'])); - define('__FAMILY', SQL_ESCAPE($_POST['family_name'])); - define('__STREET', SQL_ESCAPE($_POST['street_nr'])); - define('__COUNTRY', SQL_ESCAPE($_POST['cntry'])); - if (!empty($_POST['zip'])) { - define('__ZIP', bigintval($_POST['zip'])); + define('__SURNAME', SQL_ESCAPE(REQUEST_POST('surname'))); + define('__FAMILY', SQL_ESCAPE(REQUEST_POST('family'))); + define('__STREET', SQL_ESCAPE(REQUEST_POST('street_nr'))); + define('__COUNTRY', SQL_ESCAPE(REQUEST_POST('cntry'))); + if (REQUEST_ISSET_POST(('zip'))) { + define('__ZIP', bigintval(REQUEST_POST('zip'))); } else { define('__ZIP', ""); } - define('__CITY', SQL_ESCAPE($_POST['city'])); - define('__ADDY', SQL_ESCAPE($_POST['addy'])); + define('__CITY', SQL_ESCAPE(REQUEST_POST('city'))); + define('__ADDY', SQL_ESCAPE(REQUEST_POST('addy'))); // Shall I add a counrty selection box or the old input box? if (EXT_IS_ACTIVE("country")) { @@ -455,7 +457,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF $OUT = ""; define('__COUNTRY_CONTENT', $OUT); } else { diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index bd05f92770..b7d9dbd08e 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -43,9 +43,9 @@ if (!defined('__SECURITY')) { ADD_DESCR("guest", __FILE__); $MODE = ""; -if (!empty($_GET['mode'])) { +if (REQUEST_ISSET_GET(('mode'))) { // A "special" mode of the login system was requested - switch ($_GET['mode']) + switch (REQUEST_GET('mode')) { case "activate" : $MODE = "activate"; break; // Activation link requested case "lost_pass": $MODE = "lost_pass"; break; // Request new password @@ -53,7 +53,7 @@ if (!empty($_GET['mode'])) { } // END - if // Check if hash for confirmation of email address is given... -if (!empty($_GET['hash'])) { +if (REQUEST_ISSET_GET(('hash'))) { // Lookup sponsor $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family, company, position, tax_ident, @@ -61,7 +61,7 @@ street_nr1, street_nr2, country, zip, city, email, phone, fax, cell, points_amount AS points, last_pay AS pay, last_curr AS curr FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') -LIMIT 1", array($_GET['hash']), __FILE__, __LINE__); +LIMIT 1", array(REQUEST_GET('hash')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Sponsor found, load his data... $SPONSOR = SQL_FETCHARRAY($result); @@ -76,7 +76,7 @@ LIMIT 1", array($_GET['hash']), __FILE__, __LINE__); // Set account to pending SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING' WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1", - array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__); + array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__); // Check on success if (SQL_AFFECTEDROWS() == 1) { @@ -97,7 +97,7 @@ WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1", // Changed email adress need to be confirmed SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED' WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1", - array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__); + array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__); // Check on success if (SQL_AFFECTEDROWS() == 1) { @@ -120,17 +120,17 @@ WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1", SQL_FREERESULT($result); } elseif ($MODE == "activate") { // Send activation link again - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Check submitted data - if (empty($_POST['email'])) unset($_POST['ok']); + if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok'); } - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Check email $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", - array($_POST['email']), __FILE__, __LINE__); + array(REQUEST_POST('email')), __FILE__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { @@ -149,7 +149,7 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", // Confirmed email address $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR); } - SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor); + SEND_EMAIL(REQUEST_POST('email'), SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor); // Output message LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT); @@ -166,17 +166,17 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", } } elseif ($MODE == "lost_pass") { // Send new password - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Check submitted data - if (empty($_POST['email'])) unset($_POST['ok']); + if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok'); } // END - if - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Check email $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1", - array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__); + array(REQUEST_POST('email'), bigintval(REQUEST_POST('id'))), __FILE__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { // Unconfirmed sponsor account found so let's load the requested data @@ -191,7 +191,7 @@ WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1", // Prepare email and send it to the sponsor $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR); - SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor); + SEND_EMAIL(REQUEST_POST('email'), SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor); // Update password SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s' @@ -211,18 +211,18 @@ WHERE id='%s' LIMIT 1", // Load form LOAD_TEMPLATE("guest_sponsor_lost"); } -} elseif (isset($_POST['ok'])) { +} elseif (IS_FORM_SENT()) { // Check status and login data ... $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' AND password='%s' LIMIT 1", - array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__); + array(bigintval(REQUEST_POST('sponsorid')), md5(REQUEST_POST('pass'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account? list($status) = SQL_FETCHROW($result); if ($status == "CONFIRMED") { // Is confirmed so both is fine and we can continue with login procedure - $login = ((set_session('sponsorid' , bigintval($_POST['sponsorid']))) && - (set_session('sponsorpass', md5($_POST['pass']) )) + $login = ((set_session('sponsorid' , bigintval(REQUEST_POST('sponsorid')))) && + (set_session('sponsorpass', md5(REQUEST_POST('pass')) )) ); if ($login) { diff --git a/inc/modules/guest/what-sponsor_reg.php b/inc/modules/guest/what-sponsor_reg.php index 65afc5ef8b..ceb9c6638c 100644 --- a/inc/modules/guest/what-sponsor_reg.php +++ b/inc/modules/guest/what-sponsor_reg.php @@ -45,153 +45,153 @@ ADD_DESCR("guest", __FILE__); // Create array for form errors (= missing data) $FORM_ERRORS = array(); -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // // Check submitted form data // // 1. Salutation / Surname / family name - if (empty($_POST['gender'])) { + if (!REQUEST_ISSET_POST(('gender'))) { // Surname is empty $FORM_ERRORS[] = getMessage('SPONSOR_NO_GENDER_SELECTED'); } - if (empty($_POST['surname'])) { + if (!REQUEST_ISSET_POST(('surname'))) { // Surname is empty $FORM_ERRORS[] = getMessage('SPONSOR_SURNAME_IS_EMPTY'); } - if (empty($_POST['family'])) { + if (!REQUEST_ISSET_POST(('family'))) { // Surname is empty $FORM_ERRORS[] = getMessage('SPONSOR_FAMILY_IS_EMPTY'); } // 2. Company name // 012 3 32 23 4 43 3 4 4321 12 3 32 2 3 3210 - if (((empty($_POST['company'])) && ((!empty($_POST['tax_ident'])) || (!empty($_POST['position'])))) || ((!empty($_POST['company'])) && (empty($_POST['tax_ident'])))) { - if (empty($_POST['company'])) { + if (((!REQUEST_ISSET_POST(('company'))) && ((REQUEST_ISSET_POST(('tax_ident'))) || (REQUEST_ISSET_POST(('position'))))) || ((REQUEST_ISSET_POST(('company'))) && (!REQUEST_ISSET_POST(('tax_ident'))))) { + if (!REQUEST_ISSET_POST(('company'))) { // Company name is empty $FORM_ERRORS[] = getMessage('SPONSOR_COMPANY_IS_EMPTY'); - } elseif (empty($_POST['tax_ident'])) { + } elseif (!REQUEST_ISSET_POST(('tax_ident'))) { // Tax ident number name is empty $FORM_ERRORS[] = getMessage('SPONSOR_TAX_IDENT_IS_EMPTY'); } - if (empty($_POST['position'])) { + if (!REQUEST_ISSET_POST(('position'))) { // Not fatal but not nice: position in company is empty $FORM_ERRORS[] = getMessage('SPONSOR_POSITION_IS_EMPTY'); } } // 3. Street and number - if (empty($_POST['street_nr1'])) { + if (!REQUEST_ISSET_POST(('street_nr1'))) { // Street name and house number are empty $FORM_ERRORS[] = getMessage('SPONSOR_STREET_NR1_IS_EMPTY'); - } elseif ((!empty($_POST['street_nr2'])) && (empty($_POST['street_nr1']))) { + } elseif ((REQUEST_ISSET_POST(('street_nr2'))) && (!REQUEST_ISSET_POST(('street_nr1')))) { // 1st line for street is empty, but 2nd line not $FORM_ERRORS[] = getMessage('SPONSOR_STREET_NR1_IS_EMPTY_2_NOT'); } // 4. Country code - if (empty($_POST['country'])) { + if (!REQUEST_ISSET_POST(('country'))) { // Country code is empty $FORM_ERRORS[] = getMessage('SPONSOR_COUNTRY_IS_EMPTY'); - } elseif (strlen($_POST['country']) != 2) { + } elseif (strlen(REQUEST_POST('country')) != 2) { // Country code is invalid $FORM_ERRORS[] = getMessage('SPONSOR_COUNTRY_IS_INVALID'); } // 3. ZIP code - if (empty($_POST['zip'])) { + if (!REQUEST_ISSET_POST(('zip'))) { // ZIP code is empty $FORM_ERRORS[] = getMessage('SPONSOR_ZIP_IS_EMPTY'); - } elseif (bigintval($_POST['zip']) != $_POST['zip']) { + } elseif (bigintval(REQUEST_POST('zip')) != REQUEST_POST('zip')) { // ZIP is invalid $FORM_ERRORS[] = getMessage('SPONSOR_ZIP_IS_INVALID'); - $_POST['zip'] = ""; + REQUEST_SET_POST('zip', ""); } // 4. City - if (empty($_POST['city'])) { + if (!REQUEST_ISSET_POST(('city'))) { // City is empty $FORM_ERRORS[] = getMessage('SPONSOR_CITY_IS_EMPTY'); } // 5. Phone number - if (empty($_POST['phone'])) { + if (!REQUEST_ISSET_POST(('phone'))) { // City is empty $FORM_ERRORS[] = getMessage('SPONSOR_PHONE_IS_EMPTY'); } // 6. Homepage URL - if (empty($_POST['url'])) { + if (!REQUEST_ISSET_POST(('url'))) { // Homepage URL is empty $FORM_ERRORS[] = getMessage('SPONSOR_URL_IS_EMPTY'); - } elseif (!VALIDATE_URL($_POST['url'])) { + } elseif (!VALIDATE_URL(REQUEST_POST('url'))) { // Homepage URL is invalid $FORM_ERRORS[] = getMessage('SPONSOR_URL_IS_INVALID'); - $_POST['url'] = ""; + REQUEST_SET_POST('url', ""); } // 7. Light validation of email address - if ((empty($_POST['email'])) || ($_POST['email'] == "@")) { + if ((!REQUEST_ISSET_POST(('email'))) || (REQUEST_POST('email') == "@")) { // Email is invalid/empty $FORM_ERRORS[] = getMessage('SPONSOR_EMAIL_IS_INVALID'); - } elseif (SPONSOR_FOUND_EMAIL_DB($_POST['email'])) { + } elseif (SPONSOR_FOUND_EMAIL_DB(REQUEST_POST('email'))) { // Email already found in database! $FORM_ERRORS[] = getMessage('SPONSOR_EMAIL_IS_ALREADY_REGISTERED'); - $_POST['email'] = ""; + REQUEST_SET_POST('email', ""); } // 8. Pay type selected? - if (empty($_POST['pay_type'])) { + if (!REQUEST_ISSET_POST(('pay_type'))) { // Not pay type selected $FORM_ERRORS[] = getMessage('SPONSOR_NO_PAYTYPE_SELECTED'); } // 9. Interval of mails - if (empty($_POST['warning_interval'])) { + if (!REQUEST_ISSET_POST(('warning_interval'))) { // No warning interval selected $FORM_ERRORS[] = getMessage('SPONSOR_NO_WARNING_INTERVAL_SELECTED'); } // 10. Mail notifications disabled/enabled - if (empty($_POST['receive_warnings'])) { + if (!REQUEST_ISSET_POST(('receive_warnings'))) { // Option not selected! $FORM_ERRORS[] = getMessage('SPONSOR_NO_RECEIVE_WARNINGS_SELECTED'); } // Did he enter his password twice? - if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))) { - if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) { + if (((!REQUEST_ISSET_POST(('pass1'))) || (!REQUEST_ISSET_POST(('pass2')))) || ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))))) { + if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) { // Passwords missmatch $FORM_ERRORS[] = getMessage('SPONSOR_PASSWORDS_MISMATCH'); } else { - if (empty($_POST['pass1'])) { + if (!REQUEST_ISSET_POST(('pass1'))) { // Password 1 is empty $FORM_ERRORS[] = getMessage('SPONSOR_PASSWORD1_EMPTY'); } - if (empty($_POST['pass2'])) { + if (!REQUEST_ISSET_POST(('pass2'))) { // Password 2 is empty $FORM_ERRORS[] = getMessage('SPONSOR_PASSWORD2_EMPTY'); } } - } elseif (strlen($_POST['pass1']) < getConfig('pass_len')) { + } elseif (strlen(REQUEST_POST('pass1')) < getConfig('pass_len')) { // Password is to short! $FORM_ERRORS[] = sprintf(getMessage('SPONSOR_PASSWORD_TOO_SHORT'), getConfig('pass_len')); } // Check if he has accepted the terms&conditions - if (empty($_POST['terms'])) { + if (!REQUEST_ISSET_POST(('terms'))) { // Homepage URL is empty $FORM_ERRORS[] = getMessage('SPONSOR_TERMS_NOT_ACCEPTED'); } // If there is something wrong/missing stop registration - if (count($FORM_ERRORS) > 0) unset($_POST['ok']); + if (count($FORM_ERRORS) > 0) REQUEST_UNSET_POST('ok'); } -if ((isset($_POST['ok'])) && (count($FORM_ERRORS) == 0)) { +if ((IS_FORM_SENT()) && (count($FORM_ERRORS) == 0)) { // Generate message array $MSGs = array( 'failed' => getMessage('SPONSOR_REGISTRATION_FAILED'), @@ -201,20 +201,20 @@ if ((isset($_POST['ok'])) && (count($FORM_ERRORS) == 0)) { // Calulate points $result = SQL_QUERY_ESC("SELECT (pay_rate * pay_min_count) AS points, pay_min_count AS pay, pay_currency AS curr FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` -WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__); +WHERE id='%s' LIMIT 1", array(REQUEST_POST('pay_type')), __FILE__, __LINE__); list($points, $pay, $curr) = SQL_FETCHROW($result); // Free memory SQL_FREERESULT($result); // Add points to array - $_POST['points_amount'] = $points; - $_POST['points_used'] = "0.00000"; - $_POST['last_pay'] = $pay; - $_POST['last_curr'] = $curr; + REQUEST_POST('points_amount', $points); + REQUEST_POST('points_used' , "0.00000"); + REQUEST_POST('last_pay' , $pay); + REQUEST_POST('last_curr' , $curr); // Register sponsor but never ever update here! - $STATUS = SPONSOR_HANDLE_SPONSOR($_POST, true, $MSGs, true); + $STATUS = SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY(), true, $MSGs, true); // Check the status of the registration process switch ($STATUS) @@ -222,7 +222,7 @@ WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__); case "added": // Sponsor successfully added with account status = UNCONFIRMED! // Check for his ID number $result = SQL_QUERY_ESC("SELECT id, hash FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' LIMIT 1", - array($_POST['email']), __FILE__, __LINE__); + array(REQUEST_POST('email')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // ID found so let's load it for the confirmation email list($id, $hash) = SQL_FETCHROW($result); @@ -230,16 +230,16 @@ WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__); // Prepare data for the email template define('__ID' , $id); define('__HASH' , $hash); - define('__EMAIL' , $_POST['email']); - define('__SURNAME' , $_POST['surname']); - define('__FAMILY' , $_POST['family']); - define('__GENDER' , TRANSLATE_GENDER($_POST['gender'])); + define('__EMAIL' , REQUEST_POST('email')); + define('__SURNAME' , REQUEST_POST('surname')); + define('__FAMILY' , REQUEST_POST('family')); + define('__GENDER' , TRANSLATE_GENDER(REQUEST_POST('gender'))); define('__TIMESTAMP', MAKE_DATETIME(time(), 0)); - define('__PASSWORD' , $_POST['pass1']); + define('__PASSWORD' , REQUEST_POST('pass1')); // Generate email and send it to the new sponsor $EMAIL_MSG = LOAD_EMAIL_TEMPLATE("sponsor_confirm", $hash); - SEND_EMAIL($_POST['email'], getMessage('SPONSOR_PLEASE_CONFIRM_SUBJ'), $EMAIL_MSG); + SEND_EMAIL(REQUEST_POST('email'), getMessage('SPONSOR_PLEASE_CONFIRM_SUBJ'), $EMAIL_MSG); // Send mail to admin SEND_ADMIN_NOTIFICATION(getMessage('ADMIN_NEW_SPONSOR'), "admin_sponsor_reg", $hash); @@ -248,7 +248,7 @@ WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__); $MSG = $MSGs['added']; } else { // Sponsor account not found??? - $MSG = sprintf(getMessage('SPONSOR_EMAIL_404'), $_POST['email']); + $MSG = sprintf(getMessage('SPONSOR_EMAIL_404'), REQUEST_POST('email')); } // Free memory @@ -296,24 +296,24 @@ ORDER BY pay_name", __FILE__, __LINE__); if (count($FORM_ERRORS) > 0) { // Some found... :-( - define('__COMPANY' , COMPILE_CODE($_POST['company'])); - define('__POSITION' , COMPILE_CODE($_POST['position'])); - define('__TAX_IDENT', COMPILE_CODE($_POST['tax_ident'])); - define('__SURNAME' , COMPILE_CODE($_POST['surname'])); - define('__FAMILY' , COMPILE_CODE($_POST['family'])); - define('__STREET1' , COMPILE_CODE($_POST['street_nr1'])); - define('__STREET2' , COMPILE_CODE($_POST['street_nr2'])); - define('__COUNTRY' , COMPILE_CODE($_POST['country'])); - define('__ZIP' , COMPILE_CODE($_POST['zip'])); - define('__CITY' , COMPILE_CODE($_POST['city'])); - define('__PHONE' , COMPILE_CODE($_POST['phone'])); - define('__FAX' , COMPILE_CODE($_POST['fax'])); - define('__CELL' , COMPILE_CODE($_POST['cell'])); - define('__EMAIL' , COMPILE_CODE($_POST['email'])); - define('__URL' , COMPILE_CODE($_POST['url'])); + define('__COMPANY' , COMPILE_CODE(REQUEST_POST('company'))); + define('__POSITION' , COMPILE_CODE(REQUEST_POST('position'))); + define('__TAX_IDENT', COMPILE_CODE(REQUEST_POST('tax_ident'))); + define('__SURNAME' , COMPILE_CODE(REQUEST_POST('surname'))); + define('__FAMILY' , COMPILE_CODE(REQUEST_POST('family'))); + define('__STREET1' , COMPILE_CODE(REQUEST_POST('street_nr1'))); + define('__STREET2' , COMPILE_CODE(REQUEST_POST('street_nr2'))); + define('__COUNTRY' , COMPILE_CODE(REQUEST_POST('country'))); + define('__ZIP' , COMPILE_CODE(REQUEST_POST('zip'))); + define('__CITY' , COMPILE_CODE(REQUEST_POST('city'))); + define('__PHONE' , COMPILE_CODE(REQUEST_POST('phone'))); + define('__FAX' , COMPILE_CODE(REQUEST_POST('fax'))); + define('__CELL' , COMPILE_CODE(REQUEST_POST('cell'))); + define('__EMAIL' , COMPILE_CODE(REQUEST_POST('email'))); + define('__URL' , COMPILE_CODE(REQUEST_POST('url'))); // Check for gender selection - switch ($_POST['gender']) + switch (REQUEST_POST('gender')) { case "M": // Male define('__GENDER_M' , " selected=\"selected\""); @@ -335,7 +335,7 @@ ORDER BY pay_name", __FILE__, __LINE__); } // Check for receive_warnings - switch ($_POST['receive_warnings']) + switch (REQUEST_POST('receive_warnings')) { case "Y": define('__REC_Y' , " selected=\"selected\""); @@ -359,7 +359,7 @@ ORDER BY pay_name", __FILE__, __LINE__); $OUT .= "
\n"; define('__SPONSOR_FORM_ERRORS', $OUT); - define('__SPONSOR_REFID', $_POST['refid']); + define('__SPONSOR_REFID', REQUEST_POST('refid')); } else { // None found, first call define('__COMPANY' , ""); @@ -388,12 +388,12 @@ ORDER BY pay_name", __FILE__, __LINE__); } // Prepare referal things - if (!isset($_GET['refid'])) { + if (!REQUEST_ISSET_GET(('refid'))) { // No referal link define('__SPONSOR_REFID', "0"); } else { // Referal ID transmitted, we don't care here if it is right or not - define('__SPONSOR_REFID', bigintval($_GET['refid'])); + define('__SPONSOR_REFID', bigintval(REQUEST_GET('refid'))); } // Display registration form diff --git a/inc/modules/guest/what-stats.php b/inc/modules/guest/what-stats.php index 5826384de7..b7e9484bf9 100644 --- a/inc/modules/guest/what-stats.php +++ b/inc/modules/guest/what-stats.php @@ -41,8 +41,9 @@ if (!defined('__SECURITY')) { ADD_DESCR("guest", __FILE__); // Derterminate which stats we want and set mode and title for the link below stats block -if (!isset($_GET['mode'])) $_GET['mode'] = strtolower(getConfig('guest_stats')); -switch ($_GET['mode']) { +if (!REQUEST_ISSET_GET(('mode'))) REQUEST_SET_GET('mode', strtolower(getConfig('guest_stats'))); + +switch (REQUEST_GET('mode')) { case "members" : setConfigEntry('guest_stats', "MEMBERS"); $lmode = "modules"; diff --git a/inc/modules/index.php b/inc/modules/index.php index 8ca5c6cf01..94ef4689a7 100644 --- a/inc/modules/index.php +++ b/inc/modules/index.php @@ -47,15 +47,15 @@ define('__GUEST_ADVERT', LOAD_TEMPLATE("guest_advert", true)); LOAD_TEMPLATE("guest_header"); // Add message here -if (!empty($_GET['msg'])) { +if (REQUEST_ISSET_GET(('msg'))) { // Default extension is "unknown" $ext = "unknown"; // Is extension given? - if (!empty($_GET['ext'])) $ext = SQL_ESCAPE($_GET['ext']); + if (REQUEST_ISSET_GET(('ext'))) $ext = SQL_ESCAPE(REQUEST_GET('ext')); // Which message shall we output? - $msg = convertCodeToMessage($_GET['msg']); + $msg = convertCodeToMessage(REQUEST_GET('msg')); // Load message template LOAD_TEMPLATE("message", false, $msg); diff --git a/inc/modules/loader.php b/inc/modules/loader.php index 4b6a8d1d85..6d5b5a37d2 100644 --- a/inc/modules/loader.php +++ b/inc/modules/loader.php @@ -37,9 +37,9 @@ if (!defined('__SECURITY')) { require($INC); } -if (!empty($_GET['url'])) { +if (REQUEST_ISSET_GET(('url'))) { // Decode URL - $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode($_GET['url'])))); + $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode(REQUEST_GET('url'))))); // Validate the URL if (VALIDATE_URL($url)) { diff --git a/inc/modules/member/what-categories.php b/inc/modules/member/what-categories.php index ab5fc444b6..61da7b93ed 100644 --- a/inc/modules/member/what-categories.php +++ b/inc/modules/member/what-categories.php @@ -52,22 +52,22 @@ $cats = SQL_NUMROWS($result); if ($cats > 0) { $LEAST = false; - if (isset($_POST['ok'])) + if (IS_FORM_SENT()) { $cnt = 0; - foreach ($_POST['cat'] as $cat => $joined) + foreach (REQUEST_POST('cat') as $cat => $joined) { if ($joined == "N") $cnt++; } if (($cats - $cnt) < getConfig('least_cats')) { - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); $LEAST = true; } } - if (isset($_POST['ok'])) + if (IS_FORM_SENT()) { - foreach ($_POST['cat'] as $cat => $joined) + foreach (REQUEST_POST('cat') as $cat => $joined) { switch ($joined) { @@ -125,9 +125,9 @@ if ($cats > 0) array($UID, bigintval($id)), __FILE__, __LINE__); // When we found an entry don't read it, just change the JOINED_x variables - if (isset($_POST['cat'])) + if (REQUEST_ISSET_POST(('cat'))) { - if ($_POST['cat'][$id] =='Y') { $JOINED_Y = " checked=\"checked\""; $JOINED_N = ""; } + if (REQUEST_POST('cat', $id) =='Y') { $JOINED_Y = " checked=\"checked\""; $JOINED_N = ""; } } else { diff --git a/inc/modules/member/what-holiday.php b/inc/modules/member/what-holiday.php index 3f3c29223d..5bbf90d4c1 100644 --- a/inc/modules/member/what-holiday.php +++ b/inc/modules/member/what-holiday.php @@ -64,8 +64,8 @@ if ((SQL_NUMROWS($result1) == 1) || (SQL_NUMROWS($result2) == 1)) if ((($stamp1 + getConfig('holiday_lock')) > time()) || (($stamp2 + getConfig('holiday_lock')) > time())) { // Mail order is to close away! - unset($_POST['ok']); - unset($_POST['stop']); + REQUEST_UNSET_POST('ok'); + REQUEST_UNSET_POST(('stop')); if (($stamp1 + getConfig('holiday_lock')) > time()) { @@ -88,24 +88,24 @@ if ((SQL_NUMROWS($result1) == 1) || (SQL_NUMROWS($result2) == 1)) SQL_FREERESULT($result1); SQL_FREERESULT($result2); -if (isset($_POST['ok'])) +if (IS_FORM_SENT()) { // Check holiday request... - $START = mktime(0, 0, 0, $_POST['start_month'], $_POST['start_day'], $_POST['start_year']); - $END = mktime(0, 0, 0, $_POST['end_month'] , $_POST['end_day'] , $_POST['end_year'] ); + $START = mktime(0, 0, 0, REQUEST_POST('start_month'), REQUEST_POST('start_day'), REQUEST_POST('start_year')); + $END = mktime(0, 0, 0, REQUEST_POST('end_month') , REQUEST_POST('end_day') , REQUEST_POST('end_year') ); // Test both values $TEST = $END - $START; if (($TEST < 0) || ($TEST > (getConfig('one_day') * getConfig('holiday_max'))) || ($START < time()) || ($END < time())) { // Time test failed - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); } else { // Everything went okay so let's store his request and send mails SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_holidays` (userid, holiday_start, holiday_end, comments) VALUES ('%s','%s','%s','%s')", - array($GLOBALS['userid'], $START, $END, $_POST['comments']), __FILE__, __LINE__); + array($GLOBALS['userid'], $START, $END, REQUEST_POST('comments')), __FILE__, __LINE__); // Activate holiday system SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` @@ -114,19 +114,19 @@ WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); // Prepare constants - define('_START_DAY' , $_POST['start_day']); - define('_START_MONTH', $MONTH_DESCR[$_POST['start_month']]); - define('_START_YEAR' , $_POST['start_year']); - define('_END_DAY' , $_POST['end_day']); - define('_END_MONTH' , $MONTH_DESCR[$_POST['end_month']]); - define('_END_YEAR' , $_POST['end_year']); + define('_START_DAY' , REQUEST_POST('start_day')); + define('_START_MONTH', $MONTH_DESCR[REQUEST_POST('start_month')]); + define('_START_YEAR' , REQUEST_POST('start_year')); + define('_END_DAY' , REQUEST_POST('end_day')); + define('_END_MONTH' , $MONTH_DESCR[REQUEST_POST('end_month')]); + define('_END_YEAR' , REQUEST_POST('end_year')); // Send mail to member - $msg = LOAD_EMAIL_TEMPLATE("member_holiday_request", $_POST['comments'], $GLOBALS['userid']); + $msg = LOAD_EMAIL_TEMPLATE("member_holiday_request", REQUEST_POST('comments'), $GLOBALS['userid']); SEND_EMAIL($GLOBALS['userid'], HOLIDAY_MEMBER_SUBJECT, $msg); // Send mail to all admins - SEND_ADMIN_NOTIFICATION(HOLIDAY_ADMIN_SUBJECT, "admin_holiday_request", $_POST['comments'], $GLOBALS['userid']); + SEND_ADMIN_NOTIFICATION(HOLIDAY_ADMIN_SUBJECT, "admin_holiday_request", REQUEST_POST('comments'), $GLOBALS['userid']); // Create task SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (userid, assigned_admin, status, task_type, subject, text, task_created) VALUES ('%s','0','NEW','HOLIDAY_REQUEST','%s','%s', UNIX_TIMESTAMP())", @@ -138,7 +138,7 @@ WHERE userid=%s LIMIT 1", } // Holiday shall be ended now -if (isset($_POST['stop'])) +if (REQUEST_ISSET_POST(('stop'))) { // Okay, end the holiday here... $result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM `{!_MYSQL_PREFIX!}_user_data` @@ -190,7 +190,7 @@ WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); } // If something is wrong or link in menu is just clicked display form -if ((!isset($_POST['ok'])) && (!isset($_POST['stop']))) +if ((!IS_FORM_SENT()) && (!REQUEST_ISSET_POST(('stop')))) { // Check if user is in holiday... $result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM `{!_MYSQL_PREFIX!}_user_data` diff --git a/inc/modules/member/what-html_mail.php b/inc/modules/member/what-html_mail.php index af47b72b98..e7b9337df4 100644 --- a/inc/modules/member/what-html_mail.php +++ b/inc/modules/member/what-html_mail.php @@ -46,32 +46,27 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Class was found and loaded -if (isset($_POST['ok'])) -{ +if (IS_FORM_SENT()) { // Save settings SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET html='%s' WHERE userid=%s LIMIT 1", - array($_POST['html'], $GLOBALS['userid']), __FILE__, __LINE__); + array(REQUEST_POST('html'), $GLOBALS['userid']), __FILE__, __LINE__); LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEMBER_SETTINGS_SAVED')); -} - else -{ +} else { // Load template for changing settings $result = SQL_QUERY_ESC("SELECT html FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array($GLOBALS['userid']), __FILE__, __LINE__); + array($GLOBALS['userid']), __FILE__, __LINE__); list($mode) = SQL_FETCHROW($result); SQL_FREERESULT($result); - if ($mode == "Y") - { + if ($mode == "Y") { define('HTML_Y', " checked=\"checked\""); define('HTML_N', ""); - } - else - { + } else { define('HTML_N', " checked=\"checked\""); define('HTML_Y', ""); } LOAD_TEMPLATE("member_html_mail_settings"); } + // ?> diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php index d742a4fbee..419708c9a5 100644 --- a/inc/modules/member/what-mydata.php +++ b/inc/modules/member/what-mydata.php @@ -49,9 +49,9 @@ define('UID_VALUE', $GLOBALS['userid']); $URL = ""; // Detect what the member wants to do $MODE = "show"; // Show his data -if (!empty($_POST['save'])) $MODE = "save"; // Save entered data -if (isset($_POST['edit'])) $MODE = "edit"; // Edit data -if (!empty($_POST['notify'])) $MODE = "notify"; // Switch off notification +if (REQUEST_ISSET_POST(('save'))) $MODE = "save"; // Save entered data +if (REQUEST_ISSET_POST(('edit'))) $MODE = "edit"; // Edit data +if (REQUEST_ISSET_POST(('notify'))) $MODE = "notify"; // Switch off notification switch ($MODE) { @@ -194,13 +194,13 @@ case "save": // Save entered data $DATA[3] = MAKE_DATETIME($DATA[3] + getConfig('profile_lock'), "0"); // You cannot change your account LOAD_TEMPLATE("member_mydata_locked"); - } elseif (!VALIDATE_EMAIL($_POST['addy'])) { + } elseif (!VALIDATE_EMAIL(REQUEST_POST('addy'))) { // Invalid email address! LOAD_TEMPLATE("admin_settings_saved", false, getMessage('INVALID_EMAIL_ADDRESS_ENTERED')); } else { // Generate hash - $hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40)); - if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1']))) { + $hash = generateHash(REQUEST_POST('pass1'), substr($DATA[1], 0, -40)); + if ((($hash == $DATA[1]) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) && (REQUEST_ISSET_POST(('pass1')))) { // Only on simple changes normal mode is active = no email or password changed $MODE = "normal"; $AND = ""; @@ -208,10 +208,10 @@ case "save": // Save entered data if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $MODE = "pass"; } // Or did he changed his password? - if ($_POST['addy'] != $DATA[0]) { + if (REQUEST_POST('addy') != $DATA[0]) { // Jupp if ($MODE == "normal") { $MODE = "email"; } else { $MODE .= ";email"; } - $_POST['old_addy'] = $DATA[0]; + REQUEST_SET_POST('old_addy', $DATA[0]); } // Update member's profile @@ -229,18 +229,18 @@ notified='N', last_profile_sent=UNIX_TIMESTAMP() WHERE userid=%s AND password='%s' LIMIT 1", array( - $_POST['gender'], - $_POST['surname'], - $_POST['family_name'], - $_POST['street_nr'], - bigintval($_POST['country_code']), - bigintval($_POST['zip']), - $_POST['city'], - $_POST['addy'], - bigintval($_POST['day']), - bigintval($_POST['month']), - bigintval($_POST['year']), - bigintval($_POST['max_mails']), + REQUEST_POST('gender'), + REQUEST_POST('surname'), + REQUEST_POST('family'), + REQUEST_POST('street_nr'), + bigintval(REQUEST_POST('country_code')), + bigintval(REQUEST_POST('zip')), + REQUEST_POST('city'), + REQUEST_POST('addy'), + bigintval(REQUEST_POST('day')), + bigintval(REQUEST_POST('month')), + bigintval(REQUEST_POST('year')), + bigintval(REQUEST_POST('max_mails')), UID_VALUE, get_session('u_hash') ), __FILE__, __LINE__); @@ -258,18 +258,18 @@ notified='N', last_profile_sent=UNIX_TIMESTAMP() WHERE userid=%s AND password='%s' LIMIT 1", array( - $_POST['gender'], - $_POST['surname'], - $_POST['family_name'], - $_POST['street_nr'], - $_POST['cntry'], - bigintval($_POST['zip']), - $_POST['city'], - $_POST['addy'], - bigintval($_POST['day']), - bigintval($_POST['month']), - bigintval($_POST['year']), - bigintval($_POST['max_mails']), + REQUEST_POST('gender'), + REQUEST_POST('surname'), + REQUEST_POST('family'), + REQUEST_POST('street_nr'), + REQUEST_POST('cntry'), + bigintval(REQUEST_POST('zip')), + REQUEST_POST('city'), + REQUEST_POST('addy'), + bigintval(REQUEST_POST('day')), + bigintval(REQUEST_POST('month')), + bigintval(REQUEST_POST('year')), + bigintval(REQUEST_POST('max_mails')), UID_VALUE, get_session('u_hash') ), __FILE__, __LINE__); diff --git a/inc/modules/member/what-newsletter.php b/inc/modules/member/what-newsletter.php index 9fb4453d17..ebfe236222 100644 --- a/inc/modules/member/what-newsletter.php +++ b/inc/modules/member/what-newsletter.php @@ -54,7 +54,7 @@ SQL_FREERESULT($result); // Remember charge value define('__CHARGE_VALUE', TRANSLATE_COMMA(getConfig('nl_charge'))); -if ((isset($_POST['ok'])) && ($status == "Y") && ($span == "0")) { +if ((IS_FORM_SENT()) && ($status == "Y") && ($span == "0")) { // Save request SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nl_timespan='".(getConfig('one_day') * 30)."' WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); diff --git a/inc/modules/member/what-nickname.php b/inc/modules/member/what-nickname.php index 6afe0ce978..73ae2b3fc1 100644 --- a/inc/modules/member/what-nickname.php +++ b/inc/modules/member/what-nickname.php @@ -46,14 +46,14 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); $VALID = false; -if (isset($_POST['ok'])) { +if (IS_FORM_SENT()) { // Nickname was submitted so let's check if it is not already in use - if (!empty($_POST['nickname'])) { + if (REQUEST_ISSET_POST(('nickname'))) { // Check if nickname is valid $PATTERN = "[".__NICKNAME_PATTERN."]{".__NICKNAME_LENGTH.",}"; - if (ereg($PATTERN, $_POST['nickname'], $array)) { + if (ereg($PATTERN, REQUEST_POST('nickname'), $array)) { // Entered nickname is valid? - if ($array[0] == $_POST['nickname']) $VALID = true; + if ($array[0] == REQUEST_POST('nickname')) $VALID = true; } // END - if } // END - if } // END - if @@ -61,11 +61,11 @@ if (isset($_POST['ok'])) { if ($VALID) { // Look for nickname in database (we only need just one entry so don't worry about the "LIMIT 1" ! $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' AND userid != '%s' LIMIT 1", - array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__); + array(REQUEST_POST('nickname'), $GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Nickname not in use, so set it now SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nickname='%s' WHERE userid=%s LIMIT 1", - array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__); + array(REQUEST_POST('nickname'), $GLOBALS['userid']), __FILE__, __LINE__); $content = NICKNAME_SAVED; } else { // Free result @@ -82,7 +82,7 @@ if ($VALID) { define('__NICKNAME', NICKNAME_GET_NICK($GLOBALS['userid'])); // Do we have already submit the form? - if (!empty($_POST['nickname'])) { + if (REQUEST_ISSET_POST(('nickname'))) { LOAD_TEMPLATE("admin_settings_saved", false, "
".NICKNAME_IS_INVALID."= "0.1.3")) { // Holiday is active! LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ORDER_NOT_POSSIBLE); -} elseif ((!empty($_POST['frametester'])) && ($ALLOWED > 0) && ($_POST['receiver'] > 0)) { +} elseif ((REQUEST_ISSET_POST(('frametester'))) && ($ALLOWED > 0) && (REQUEST_POST('receiver') > 0)) { // Continue with the frametester, we first need to store the data temporary in the pool // // First we would like to store the data and get it's pool position back... $result = SQL_QUERY_ESC("SELECT id, data_type FROM `{!_MYSQL_PREFIX!}_pool` WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", - array($GLOBALS['userid'], $_POST['url'], getConfig('url_tlock')), __FILE__, __LINE__); + array($GLOBALS['userid'], REQUEST_POST('url'), getConfig('url_tlock')), __FILE__, __LINE__); $type = "TEMP"; $id = 0; if (SQL_NUMROWS($result) == 1) { @@ -111,13 +111,13 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", $URL = ""; if (getConfig('test_text') == "Y") { // Test submitted text against some filters (length, URLs in text etc.) - if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1)) { + if ((strpos(strtolower(REQUEST_POST('text')), "https://") > -1) || (strpos(strtolower(REQUEST_POST('text')), "http://") > -1) || (strpos(strtolower(REQUEST_POST('text')), "www") > -1)) { // URL found! $URL = "modules.php?module=login&what=order&msg=".constant('CODE_URL_FOUND'); } // END - if // Remove new-line and carriage-return characters - $TEST = str_replace("\n", "", str_replace("\r", "", $_POST['text'])); + $TEST = str_replace("\n", "", str_replace("\r", "", REQUEST_POST('text'))); // Text length within allowed length? if (strlen($TEST) > getConfig('max_tlength')) { @@ -129,8 +129,8 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", // Shall I test the subject line against URLs? if (getConfig('test_subj') == "Y") { // Check the subject line for issues - $_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200)); - if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1)) { + REQUEST_SET_POST('subject', str_replace("\\", "[nl]", substr(REQUEST_POST('subject'), 0, 200))); + if ((strpos(strtolower(REQUEST_POST('subject')), "http://") > -1) || (strpos(strtolower(REQUEST_POST('subject')), "www") > -1)) { // URL in subject found $URL = "modules.php?module=login&what=order&msg=".constant('CODE_SUBJ_URL'); } // END - if @@ -140,7 +140,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", if (getConfig('url_blacklist') == "Y") { // Ok, I do that for you know... $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{!_MYSQL_PREFIX!}_url_blacklist` WHERE `url`='%s' LIMIT 1", - array($_POST['url']), __FILE__, __LINE__); + array(REQUEST_POST('url')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Jupp, we got one listed @@ -155,13 +155,13 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", } // END - if // Enougth receivers entered? - if (($_POST['receiver'] < getConfig('order_min')) && (!IS_ADMIN())) { + if ((REQUEST_POST('receiver') < getConfig('order_min')) && (!IS_ADMIN())) { // Less than allowed receivers entered! $URL = "modules.php?module=login&what=order&msg=".constant('CODE_MORE_RECEIVERS3'); } // END - if // Validate URL - if (!VALIDATE_URL($_POST['url'])) { + if (!VALIDATE_URL(REQUEST_POST('url'))) { // URL is invalid! $URL = "modules.php?module=login&what=order&msg=".constant('CODE_INVALID_URL'); } // END - if @@ -169,15 +169,15 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", // Probe for HTML extension if (EXT_IS_ACTIVE("html_mail")) { // HTML or regular text mail? - if ($_POST['html'] == "Y") { + if (REQUEST_POST('html') == "Y") { // Chek for valid HTML tags - $_POST['text'] = HTML_CHECK_TAGS($_POST['text']); + REQUEST_SET_POST('text', HTML_CHECK_TAGS(REQUEST_POST('text'))); // Maybe invalid tags found? - if (empty($_POST['text'])) $URL = "modules.php?module=login&what=order&msg=".constant('CODE_INVALID_TAGS')."&id=".$id; + if (!REQUEST_ISSET_POST(('text'))) $URL = "modules.php?module=login&what=order&msg=".constant('CODE_INVALID_TAGS')."&id=".$id; } else { // Remove any HTML code - $_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text'])); + REQUEST_SET_POST('text', str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", REQUEST_POST('text')))); } } } elseif (!IS_ADMIN()) { @@ -189,9 +189,9 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", if (empty($URL)) { // Check if category and number of receivers is okay $ADD = ""; - if ((getConfig('order_multi_page') == "Y") && (!empty($_POST['zip']))) { + if ((getConfig('order_multi_page') == "Y") && (REQUEST_ISSET_POST(('zip')))) { // Choose recipients by ZIP code - $ADD = " AND d.zip LIKE '".bigintval($_POST['zip'])."{PER}'"; + $ADD = " AND d.zip LIKE '".bigintval(REQUEST_POST('zip'))."{PER}'"; } // END - if // Check for userids @@ -201,14 +201,14 @@ ON c.userid=d.userid WHERE c.cat_id=%s AND c.userid != '%s' AND d.`status`='CONFIRMED' AND d.receive_mails > 0".$ADD." ORDER BY d.%s %s", array( - bigintval($_POST['cat']), + bigintval(REQUEST_POST('cat')), $GLOBALS['userid'], getConfig('order_select'), getConfig('order_mode'), ), __FILE__, __LINE__); // Do we enougth receivers left? - if (SQL_NUMROWS($result) >= $_POST['receiver']) { + if (SQL_NUMROWS($result) >= REQUEST_POST('receiver')) { // Check for holiday extensions $HOLIDAY = false; if (GET_EXT_VERSION("holiday") >= "0.1.3") { @@ -251,13 +251,13 @@ WHERE userid=%s AND holiday_start < UNIX_TIMESTAMP() AND holiday_end > UNIX_TIME array(str_replace(";", ", ", $RECEIVER), $MAX_SEND), __FILE__, __LINE__); // Is calculated max receivers larger than wanted receivers then reset it - if ($MAX_SEND > $_POST['receiver']) $MAX_SEND = $_POST['receiver']; + if ($MAX_SEND > REQUEST_POST('receiver')) $MAX_SEND = REQUEST_POST('receiver'); // Calculate used points - $USED = $MAX_SEND * GET_PAY_POINTS(bigintval($_POST['type'])); + $USED = $MAX_SEND * GET_PAY_POINTS(bigintval(REQUEST_POST('type'))); // Fix empty zip code - if (empty($_POST['zip'])) $_POST['zip'] = "0"; + if (!REQUEST_ISSET_POST(('zip'))) REQUEST_SET_POST('zip', "0"); // Check if he has enougth points for this order and selected more than 0 receivers if (($USED > 0) && ($USED <= $TOTAL) && ($MAX_SEND > 0)) { @@ -272,16 +272,16 @@ WHERE userid=%s AND holiday_start < UNIX_TIMESTAMP() AND holiday_end > UNIX_TIME VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s','%s')", array( $GLOBALS['userid'], - $_POST['subject'], - $_POST['text'], + REQUEST_POST('subject'), + REQUEST_POST('text'), $RECEIVER, - bigintval($_POST['type']), + bigintval(REQUEST_POST('type')), $TIME, - $_POST['url'], - bigintval($_POST['cat']), + REQUEST_POST('url'), + bigintval(REQUEST_POST('cat')), $MAX_SEND, - bigintval($_POST['zip']), - $_POST['html'] + bigintval(REQUEST_POST('zip')), + REQUEST_POST('html') ), __FILE__, __LINE__); } else { // No HTML extension is active @@ -289,15 +289,15 @@ array( VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s')", array( $GLOBALS['userid'], - $_POST['subject'], - $_POST['text'], + REQUEST_POST('subject'), + REQUEST_POST('text'), $RECEIVER, - bigintval($_POST['type']), + bigintval(REQUEST_POST('type')), $TIME, - $_POST['url'], - bigintval($_POST['cat']), + REQUEST_POST('url'), + bigintval(REQUEST_POST('cat')), $MAX_SEND, - bigintval($_POST['zip']), + bigintval(REQUEST_POST('zip')), ), __FILE__, __LINE__); } } else { @@ -317,15 +317,15 @@ zip=%s, html_msg='%s' WHERE id=%s LIMIT 1", array( - $_POST['subject'], - $_POST['text'], + REQUEST_POST('subject'), + REQUEST_POST('text'), $RECEIVER, - bigintval($_POST['type']), - $_POST['url'], - bigintval($_POST['cat']), + bigintval(REQUEST_POST('type')), + REQUEST_POST('url'), + bigintval(REQUEST_POST('cat')), $MAX_SEND, - bigintval($_POST['zip']), - $_POST['html'], + bigintval(REQUEST_POST('zip')), + REQUEST_POST('html'), bigintval($id) ), __FILE__, __LINE__); } else { @@ -342,14 +342,14 @@ target_send=%s, zip=%s WHERE id=%s LIMIT 1", array( - $_POST['subject'], - $_POST['text'], + REQUEST_POST('subject'), + REQUEST_POST('text'), $RECEIVER, - bigintval($_POST['type']), - $_POST['url'], - bigintval($_POST['cat']), + bigintval(REQUEST_POST('type')), + REQUEST_POST('url'), + bigintval(REQUEST_POST('cat')), $MAX_SEND, - bigintval($_POST['zip']), + bigintval(REQUEST_POST('zip')), bigintval($id) ), __FILE__, __LINE__); } @@ -361,8 +361,8 @@ array( $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_pool` WHERE sender=%s AND subject='%s' AND payment_id=%s AND data_type='TEMP' AND timestamp=%s LIMIT 1", array( $GLOBALS['userid'], - $_POST['subject'], - bigintval($_POST['type']), + REQUEST_POST('subject'), + bigintval(REQUEST_POST('type')), $TIME ), __FILE__, __LINE__); @@ -384,7 +384,7 @@ array( $URL = "modules.php?module=login&what=order&msg=".constant('CODE_NO_RECS_LEFT'); } } -} elseif ($_POST['receiver'] == "0") { +} elseif (REQUEST_POST('receiver') == "0") { // Not enougth receivers selected $URL = "modules.php?module=login&what=order&msg=".constant('CODE_MORE_RECEIVERS1'); } elseif (($ALLOWED == 0) && (getConfig('order_max_full') == "ORDER")) { @@ -404,7 +404,7 @@ array( // Enable HTML checking $HTML = ""; $HOLIDAY = false; $HOL_STRING = ""; - if ((EXT_IS_ACTIVE("html_mail")) && ($_POST['html'] == "Y")) $HTML = " AND html='Y'"; + if ((EXT_IS_ACTIVE("html_mail")) && (REQUEST_POST('html') == "Y")) $HTML = " AND html='Y'"; if (GET_EXT_VERSION("holiday") >= "0.1.3") { // Extension's version is fine $HOLIDAY = true; $HOL_STRING = " AND holiday_active='N'"; @@ -445,10 +445,10 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); $result_ver = SQL_QUERY_ESC("SELECT zip FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s".$HTML." AND receive_mails > 0 AND `status`='CONFIRMED' LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); - if ((SQL_NUMROWS($result_ver) == 1) && (!empty($_POST['zip'])) && (getConfig('order_multi_page') == "Y")) { + if ((SQL_NUMROWS($result_ver) == 1) && (REQUEST_ISSET_POST(('zip'))) && (getConfig('order_multi_page') == "Y")) { list($zip) = SQL_FETCHROW($result_ver); SQL_FREERESULT($result_ver); - if (substr($zip, 0, strlen($_POST['zip'])) == $_POST['zip']) { + if (substr($zip, 0, strlen(REQUEST_POST('zip'))) == REQUEST_POST('zip')) { // Ok, ZIP part is found $uid_cnt++; } // END - if @@ -474,11 +474,11 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { // Check for message ID in URL $MSG = ""; - switch ($_GET['msg']) + switch (REQUEST_GET('msg')) { case constant('CODE_URL_TLOCK'): $result = SQL_QUERY_ESC("SELECT timestamp FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1", - array(bigintval($_GET['id'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__); // Load timestamp from last order list($LORDER) = SQL_FETCHROW($result); @@ -516,7 +516,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); break; case constant('CODE_BLIST_URL'): - $MSG = "{--MEMBER_URL_BLACK_LISTED--}
\n{--MEMBER_BLIST_TIME--}: ".MAKE_DATETIME($_GET['blist'], "0"); + $MSG = "{--MEMBER_URL_BLACK_LISTED--}
\n{--MEMBER_BLIST_TIME--}: ".MAKE_DATETIME(REQUEST_GET('blist'), "0"); break; case constant('CODE_NO_RECS_LEFT'): @@ -551,8 +551,8 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); break; default: - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error code %s detected.", $_GET['msg'])); - $MSG = sprintf(getMessage('UNKNOWN_CODE'), $_GET['msg']); + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error code %s detected.", REQUEST_GET('msg'))); + $MSG = sprintf(getMessage('UNKNOWN_CODE'), REQUEST_GET('msg')); break; } @@ -617,7 +617,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); SQL_FREERESULT($result); // 01 2 21 12 2 23 443 3 3210 - if ((!empty($_POST['data'])) || ((getConfig('order_multi_page') != "Y") && ((!IS_ADMIN()) && (!EXT_IS_ACTIVE("html_mail"))))) { + if ((REQUEST_ISSET_POST(('data'))) || ((getConfig('order_multi_page') != "Y") && ((!IS_ADMIN()) && (!EXT_IS_ACTIVE("html_mail"))))) { // Pre-output categories $CAT = ""; foreach ($CATS['id'] as $key => $value) { @@ -646,15 +646,15 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); define('TEXT', COMPILE_CODE($text)); define('T_URL', $url); - if (!empty($_POST['zip'])) { + if (REQUEST_ISSET_POST(('zip'))) { // Output entered ZIP code - define('ZIP_OUTPUT', LOAD_TEMPLATE("member_order-zip2", true, $_POST['zip'])); + define('ZIP_OUTPUT', LOAD_TEMPLATE("member_order-zip2", true, REQUEST_POST('zip'))); } else { define('ZIP_OUTPUT', "
"); } // HTML extension - if ((EXT_IS_ACTIVE("html_mail")) && ($_POST['html'] == "Y")) { + if ((EXT_IS_ACTIVE("html_mail")) && (REQUEST_POST('html') == "Y")) { // Extension is active so output valid HTML tags define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_ext", true, HTML_ADD_VALID_TAGS())); } else { @@ -679,9 +679,9 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); // Do we want ZIP code or not? if ((getConfig('order_multi_page') == "Y") || (IS_ADMIN())) { // Yes - if ($_POST['zip'] > 0) { + if (REQUEST_POST('zip') > 0) { $content = array( - 'zip' => bigintval($_POST['zip']), + 'zip' => bigintval(REQUEST_POST('zip')), 'add' => $ADD ); } else { diff --git a/inc/modules/member/what-payout.php b/inc/modules/member/what-payout.php index 6b8ea9cc36..42b42b7ade 100644 --- a/inc/modules/member/what-payout.php +++ b/inc/modules/member/what-payout.php @@ -79,7 +79,7 @@ $TPTS = TRANSLATE_COMMA($TPTS - $USED); // Sanity check... if (empty($TPTS)) $TPTS = "0.00000"; -if (empty($_GET['payout'])) { +if (!REQUEST_ISSET_GET(('payout'))) { // Load payout types $result = SQL_QUERY_ESC("SELECT id, type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` @@ -152,7 +152,7 @@ ORDER BY p.payout_timestamp DESC", } else { // Chedk if he can get paid by selected type $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1", - array(bigintval($_GET['payout'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('payout'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // ID is valid @@ -164,8 +164,8 @@ ORDER BY p.payout_timestamp DESC", // Calulcate points from submitted amount $PAYOUT = 0; - if (!empty($_POST['payout'])) { - $PAYOUT = bigintval($_POST['payout']) / $rate; + if (REQUEST_ISSET_POST(('payout'))) { + $PAYOUT = bigintval(REQUEST_POST('payout')) / $rate; $PAY_MAX = $max / $rate; } @@ -175,7 +175,7 @@ ORDER BY p.payout_timestamp DESC", if (REVERT_COMMA($TPTS) >= $min) { // Ok, he can get be paid - if ((isset($_POST['ok'])) && ($PAYOUT <= $PAY_MAX) && ($PAYOUT >= $min)) { + if ((IS_FORM_SENT()) && ($PAYOUT <= $PAY_MAX) && ($PAYOUT >= $min)) { // Calculate exact value define('PAYOUT_POINTS_VALUE', $PAYOUT); @@ -189,11 +189,11 @@ ORDER BY p.payout_timestamp DESC", VALUES (%s,%s,%s, UNIX_TIMESTAMP(), 'NEW','%s','%s','%s')", array( $GLOBALS['userid'], - bigintval($_POST['payout']), - bigintval($_GET['payout']), - $_POST['turl'], - $_POST['alt'], - $_POST['banner'] + bigintval(REQUEST_POST('payout')), + bigintval(REQUEST_GET('payout')), + REQUEST_POST('turl'), + REQUEST_POST('alt'), + REQUEST_POST('banner') ), __FILE__, __LINE__); // Load templates @@ -209,11 +209,11 @@ VALUES (%s,%s,%s, UNIX_TIMESTAMP(), 'NEW','%s','%s','%s')", VALUES (%s,%s,%s,'%s',%s, UNIX_TIMESTAMP(), 'NEW','%s')", array( $GLOBALS['userid'], - bigintval($_POST['payout']), - bigintval($_POST['account']), - $_POST['bank'], - bigintval($_GET['payout']), - $_POST['pass'] + bigintval(REQUEST_POST('payout')), + bigintval(REQUEST_POST('account')), + REQUEST_POST('bank'), + bigintval(REQUEST_GET('payout')), + REQUEST_POST('pass') ), __FILE__, __LINE__); // Load templates diff --git a/inc/modules/member/what-primera.php b/inc/modules/member/what-primera.php index 2783498ba6..648eefb27d 100644 --- a/inc/modules/member/what-primera.php +++ b/inc/modules/member/what-primera.php @@ -58,7 +58,7 @@ if ((getConfig('primera_api_name') == "") || (getConfig('primera_api_md5') == "" $content = array(); $points = false; // Is the mode set (payout only) -if (!isset($_GET['mode'])) { +if (!REQUEST_ISSET_GET(('mode'))) { // Get referal id $content['refid'] = bigintval(getConfig('primera_refid')); @@ -76,9 +76,9 @@ if (!isset($_GET['mode'])) { SQL_FREERESULT($result); // Is there an ID? - if ((!empty($content['primera_nickname'])) && (!isset($_GET['mode']))) { + if ((!empty($content['primera_nickname'])) && (!REQUEST_ISSET_GET(('mode')))) { // Then use an other "mode" - $_GET['mode'] = "list"; + REQUEST_SET_GET('mode', "list"); // And load all rows! $result = SQL_QUERY_ESC("SELECT `id`, `primera_account`, `primera_amount`, `primera_timestamp`, `primera_type` FROM `{!_MYSQL_PREFIX!}_user_primera` WHERE `userid` = %s ORDER BY `primera_timestamp` DESC", @@ -106,10 +106,10 @@ if (!isset($_GET['mode'])) { SQL_FREERESULT($result); } else { // Mode pay - $_GET['mode'] = "pay"; + REQUEST_SET_GET('mode', "pay"); } } // END - if -if ($_GET['mode'] == "pay") { +if (REQUEST_GET('mode') == "pay") { // Get total points and check if the user can request a payout $points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points"); @@ -146,37 +146,37 @@ if ($_GET['mode'] == "pay") { SQL_FREERESULT($result); } else { // Invalid mode! - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode']))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode')))); return; } // Is the formular sent? -if ((isset($_POST['ok'])) && (isset($_GET['mode']))) { +if ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('mode')))) { // Check input data depending on the mode and execute the requested mode - switch ($_GET['mode']) { + switch (REQUEST_GET('mode')) { case "pay": // Payout this exchange -> Primus // Is the user ID and password set? - if (empty($_POST['primera_nickname'])) { + if (!REQUEST_ISSET_POST(('primera_nickname'))) { // Nothing entered in Primus nickname LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_EMPTY_USERNAME); - } elseif (empty($_POST['primera_password'])) { + } elseif (!REQUEST_ISSET_POST(('primera_password'))) { // Nothing entered in Primera password LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_EMPTY_PASSWORD); - } elseif (empty($_POST['amount'])) { + } elseif (!REQUEST_ISSET_POST(('amount'))) { // Nothing entered in amount LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_EMPTY_AMOUNT); - } elseif ($_POST['amount'] != bigintval($_POST['amount'])) { + } elseif (REQUEST_POST('amount') != bigintval(REQUEST_POST('amount'))) { // Only numbers in amount! LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_INVALID_AMOUNT); - } elseif ($_POST['amount'] < getConfig('primera_min_payout')) { + } elseif (REQUEST_POST('amount') < getConfig('primera_min_payout')) { // Not enougth entered! LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_AMOUNT_SMALLER_MIN, bigintval(getConfig('primera_min_payout')))); - } elseif ($_POST['amount'] > $points) { + } elseif (REQUEST_POST('amount') > $points) { // Not enougth points left! - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval($_POST['amount']), bigintval($points))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval(REQUEST_POST('amount')), bigintval($points))); } else { // All is fine here so do the payout - $success = PRIMERA_EXECUTE_PAYOUT($_POST['primera_nickname'], md5($_POST['primera_password']), $_POST['amount']); + $success = PRIMERA_EXECUTE_PAYOUT(REQUEST_POST('primera_nickname'), md5(REQUEST_POST('primera_password')), REQUEST_POST('amount')); if ($success) { // Default is locked! $locked = true; @@ -188,11 +188,11 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) { } // END - if // Remove points from account - SUB_POINTS("primera_payout", $GLOBALS['userid'], $_POST['amount']); + SUB_POINTS("primera_payout", $GLOBALS['userid'], REQUEST_POST('amount')); // Update primera nickname SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `primera_userid`=%s WHERE userid=%s LIMIT 1", - array($_POST['primera_nickname'], $GLOBALS['userid']), __FILE__, __LINE__); + array(REQUEST_POST('primera_nickname'), $GLOBALS['userid']), __FILE__, __LINE__); // All done! LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_PAYOUT_DONE); @@ -208,14 +208,14 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) { break; default: // Invalid mode! - DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", $_GET['mode'])); - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode']))); + DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", REQUEST_GET('mode'))); + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode')))); return; } } // END - if // Prepare mode for template name -$mode = sprintf("member_primera_mode_%s", SQL_ESCAPE($_GET['mode'])); +$mode = sprintf("member_primera_mode_%s", SQL_ESCAPE(REQUEST_GET('mode'))); // Load the template LOAD_TEMPLATE($mode, false, $content); diff --git a/inc/modules/member/what-refback.php b/inc/modules/member/what-refback.php index e3c56d86d6..f78aba8b9b 100644 --- a/inc/modules/member/what-refback.php +++ b/inc/modules/member/what-refback.php @@ -55,16 +55,16 @@ if (getConfig('refback_enabled') != "Y") { ADD_DESCR("member", __FILE__); // Was the form submitted? -if ((isset($_POST['edit'])) && (isset($_POST['id']))) { +if ((REQUEST_ISSET_POST(('edit'))) && (REQUEST_ISSET_POST(('id')))) { // Okay, has the user entered some values? - if (isset($_POST['percents'])) { + if (REQUEST_ISSET_POST(('percents'))) { // Revert german commta for testing - $percents = REVERT_COMMA($_POST['percents']); + $percents = REVERT_COMMA(REQUEST_POST('percents')); // Validate percents if ((($percents >= getConfig('refback_min_perc')) || (round($percents) == 0)) && ($percents <= getConfig('refback_max_perc'))) { // Change ref-back for this direct id - $status = REFBACK_CHANGE_MEMBER_PERCENTS($_POST['id'], $_POST['percents']); + $status = REFBACK_CHANGE_MEMBER_PERCENTS(REQUEST_POST('id'), REQUEST_POST('percents')); // Check status if (isset($status['ok'])) { @@ -85,7 +85,7 @@ if ((isset($_POST['edit'])) && (isset($_POST['id']))) { // Insert line } else { // Read data from refback table - $content = GET_USER_REF_ENTRY($_POST['id']); + $content = GET_USER_REF_ENTRY(REQUEST_POST('id')); // Translate comma $content['refback'] = TRANSLATE_COMMA($content['refback']); diff --git a/inc/modules/member/what-support.php b/inc/modules/member/what-support.php index 5315036aac..9062a3841e 100644 --- a/inc/modules/member/what-support.php +++ b/inc/modules/member/what-support.php @@ -45,20 +45,20 @@ if (!defined('__SECURITY')) { // Add description as navigation point ADD_DESCR("member", __FILE__); -if ((!isset($_POST['ok'])) || (empty($_POST['qsummary']))) { +if ((!IS_FORM_SENT()) || (!REQUEST_ISSET_POST(('qsummary')))) { // Output form LOAD_TEMPLATE("member_support_form"); } else { // Load mail template based on your member's decision if (GET_EXT_VERSION("admins") >= "0.4.1") { - $a_tpl = "admin_support-".$_POST['qsummary']; + $a_tpl = "admin_support-".REQUEST_POST('qsummary'); } else { - $msg_a = LOAD_EMAIL_TEMPLATE("admin_support-".$_POST['qsummary'], array('text' => $_POST['qdetails']), $GLOBALS['userid']); + $msg_a = LOAD_EMAIL_TEMPLATE("admin_support-".REQUEST_POST('qsummary'), array('text' => REQUEST_POST('qdetails')), $GLOBALS['userid']); } - $msg_m = LOAD_EMAIL_TEMPLATE("member_support-".$_POST['qsummary'], array('text' => $_POST['qdetails']), $GLOBALS['userid']); + $msg_m = LOAD_EMAIL_TEMPLATE("member_support-".REQUEST_POST('qsummary'), array('text' => REQUEST_POST('qdetails')), $GLOBALS['userid']); // Select right subject - switch ($_POST['qsummary']) { + switch (REQUEST_POST('qsummary')) { case "ordr": $subj_a = getMessage('SUPPORT_SUBJ_ADMIN_ORDER'); $subj_m = getMessage('SUPPORT_SUBJ_MEMBER_ORDER'); @@ -76,14 +76,14 @@ if ((!isset($_POST['ok'])) || (empty($_POST['qsummary']))) { } // END - switch // Send mail to admin - SEND_ADMIN_NOTIFICATION($subj_a, $a_tpl, array('text' => $_POST['qdetails']), $GLOBALS['userid']); + SEND_ADMIN_NOTIFICATION($subj_a, $a_tpl, array('text' => REQUEST_POST('qdetails')), $GLOBALS['userid']); // Send mail to user SEND_EMAIL($GLOBALS['userid'], $subj_m, $msg_m); // Drop a message in the admin's area SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (userid, assigned_admin, status, task_type, subject, text, task_created) VALUES ('%s','0','NEW','SUPPORT_MEMBER','%s','%s', UNIX_TIMESTAMP())", - array($GLOBALS['userid'], $subj_a, $_POST['qsummary'].":".array('text' => $_POST['qdetails'])), __FILE__, __LINE__); + array($GLOBALS['userid'], $subj_a, REQUEST_POST('qsummary').":".array('text' => REQUEST_POST('qdetails'))), __FILE__, __LINE__); // Form sent LOAD_TEMPLATE("member_support_contcted"); diff --git a/inc/modules/member/what-surfbar_book.php b/inc/modules/member/what-surfbar_book.php index 16f68e694c..0b98ccd88d 100644 --- a/inc/modules/member/what-surfbar_book.php +++ b/inc/modules/member/what-surfbar_book.php @@ -50,15 +50,15 @@ ADD_DESCR("member", __FILE__); if (!SURFBAR_IF_USER_BOOK_MORE_URLS()) { // No more URLs allowed to book! LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEMBER_SURFBAR_NO_MORE_ALLOWED')); -} elseif ((isset($_POST['ok'])) && (isset($_POST['limited']))) { +} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('limited')))) { // Is limitation "no" and "limit" is > 0? - if (($_POST['limited'] == "N") && ((isset($_POST['limit'])) && ($_POST['limit'] > 0)) || (!isset($_POST['limit']))) { + if ((REQUEST_POST('limited') == "N") && ((REQUEST_ISSET_POST(('limit'))) && (REQUEST_POST('limit') > 0)) || (!REQUEST_ISSET_POST(('limit')))) { // Set it to unlimited - $_POST['limit'] = 0; + REQUEST_SET_POST('limit', 0); } // END - if // Register the new URL - $insertId = SURFBAR_MEMBER_ADD_URL($_POST['url'], $_POST['limit']); + $insertId = SURFBAR_MEMBER_ADD_URL(REQUEST_POST('url'), REQUEST_POST('limit')); // By default something went wrong $msg = getMessage('MEMBER_SURFBAR_URL_NOT_ADDED'); diff --git a/inc/modules/member/what-surfbar_list.php b/inc/modules/member/what-surfbar_list.php index b5aeeba063..bb07b7a175 100644 --- a/inc/modules/member/what-surfbar_list.php +++ b/inc/modules/member/what-surfbar_list.php @@ -49,11 +49,11 @@ ADD_DESCR("member", __FILE__); $URLs = SURFBAR_GET_USER_URLS(); // Are there entries or form is submitted? -if ((isset($_POST['ok'])) && (isset($_POST['action'])) && (isset($_POST['id']))) { +if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('action'))) && (REQUEST_ISSET_POST(('id')))) { // Process the form - if (SURFBAR_MEMBER_DO_FORM($_POST, $URLs)) { + if (SURFBAR_MEMBER_DO_FORM(REQUEST_POST_ARRAY(), $URLs)) { // Action performed but shall we display it? - if ((($_POST['action'] != "edit") && ($_POST['action'] != "delete")) || (isset($_POST['execute']))) { + if (((REQUEST_POST('action') != "edit") && (REQUEST_POST('action') != "delete")) || (REQUEST_ISSET_POST(('execute')))) { // Display "action done" message if action is wether 'edit' nor 'delete' or has been executed LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEMBER_SURFBAR_ACTION_DONE')); } // END - if diff --git a/inc/modules/member/what-themes.php b/inc/modules/member/what-themes.php index cf10a10eab..eac6c44ec1 100644 --- a/inc/modules/member/what-themes.php +++ b/inc/modules/member/what-themes.php @@ -45,13 +45,13 @@ if (!defined('__SECURITY')) { // Add description as navigation point ADD_DESCR("member", __FILE__); -if (!empty($_POST['member_theme'])) { +if (REQUEST_ISSET_POST(('member_theme'))) { // Save theme to member's profile SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET curr_theme='%s' WHERE userid=%s LIMIT 1", - array($_POST['member_theme'], $GLOBALS['userid']), __FILE__, __LINE__); + array(REQUEST_POST('member_theme'), $GLOBALS['userid']), __FILE__, __LINE__); // Set new theme for guests - $newTheme = SQL_ESCAPE($_POST['member_theme']); + $newTheme = SQL_ESCAPE(REQUEST_POST('member_theme')); // Change to new theme set_session('mxchange_theme', $newTheme); diff --git a/inc/modules/member/what-transfer.php b/inc/modules/member/what-transfer.php index 83510d2d85..1be4d545db 100644 --- a/inc/modules/member/what-transfer.php +++ b/inc/modules/member/what-transfer.php @@ -54,7 +54,7 @@ list($opt_in) = SQL_FETCHROW($result); SQL_FREERESULT($result); $MODE = ""; -if (!empty($_GET['mode'])) $MODE = $_GET['mode']; +if (REQUEST_ISSET_GET(('mode'))) $MODE = REQUEST_GET('mode'); // Check for "faker" if (($opt_in == "N") && ($MODE == "new")) $MODE = ""; @@ -68,28 +68,28 @@ case "new": // Start new transfer // Remember maximum value for template define('__TRANSFER_MAX_VALUE', round($total - getConfig('transfer_balance') - 0.5)); - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Add new transfer if (getConfig('transfer_code') > 0) { // Check for code - $code = GEN_RANDOM_CODE(getConfig('transfer_code'), $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE); - $valid_code = ($code == $_POST['code']); + $code = GEN_RANDOM_CODE(getConfig('transfer_code'), REQUEST_POST('code_chk'), $GLOBALS['userid'], constant('__TRANSFER_MAX_VALUE')); + $valid_code = ($code == REQUEST_POST('code')); } else { // Zero length (= disabled) is always valid! $valid_code = true; } // Test password - $valid_pass = ($pass == generateHash($_POST['password'], $pass)); + $valid_pass = ($pass == generateHash(REQUEST_POST('password'), $pass)); // Test transfer amount - $valid_amount = ((!empty($_POST['points'])) && ($_POST['points'] <= __TRANSFER_MAX_VALUE)); + $valid_amount = ((REQUEST_ISSET_POST(('points'))) && (REQUEST_POST('points') <= constant('__TRANSFER_MAX_VALUE'))); // Test reason for transfer - $valid_reason = (!empty($_POST['reason'])); + $valid_reason = (REQUEST_ISSET_POST(('reason'))); // Test if a recipient is selected - $valid_recipient = ($_POST['to_uid'] > 0); + $valid_recipient = (REQUEST_POST('to_uid') > 0); // Check for nickname extension and set additional data $nick = false; $ADD = ", userid"; @@ -100,7 +100,7 @@ case "new": // Start new transfer // Re-check receivers and own personal data $result = SQL_QUERY_ESC("SELECT userid, gender, surname, family, email".$ADD." FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid IN ('%s','%s') AND `status`='CONFIRMED' ORDER BY userid LIMIT 2", - array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__); + array($GLOBALS['userid'], bigintval(REQUEST_POST('to_uid'))), __FILE__, __LINE__); $valid_data = (SQL_NUMROWS($result) == 2); if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient) { @@ -146,7 +146,7 @@ case "new": // Start new transfer // Sender's UID is always currently stored in cookie userid... define('__SENDER_UID' , $GLOBALS['userid']); - define('__RECIPIENT_UID' , $_POST['to_uid']); + define('__RECIPIENT_UID' , REQUEST_POST('to_uid')); $SENDER = __SENDER_UID; $RECIPIENT = __RECIPIENT_UID; @@ -161,25 +161,25 @@ case "new": // Start new transfer } // Remember transfer reason and fancy date/time in constants - define('__TRANSFER_REASON', $_POST['reason']); + define('__TRANSFER_REASON', REQUEST_POST('reason')); define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME(getConfig('transfer_age'))); // Generate tranafer id - define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", mt_rand(0, 99999), $GLOBALS['userid'], $_POST['reason']))); + define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", mt_rand(0, 99999), $GLOBALS['userid'], REQUEST_POST('reason')))); // Add entries to both tables SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_transfers_in` (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')", - array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), $_POST['reason'], __TRANS_ID), + array(bigintval(REQUEST_POST('to_uid')), $GLOBALS['userid'], bigintval(REQUEST_POST('points')), REQUEST_POST('reason'), __TRANS_ID), __FILE__, __LINE__); SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_transfers_out` (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')", - array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), $_POST['reason'], __TRANS_ID), + array($GLOBALS['userid'], bigintval(REQUEST_POST('to_uid')), bigintval(REQUEST_POST('points')), REQUEST_POST('reason'), __TRANS_ID), __FILE__, __LINE__); // Add points to account *directly* ... - ADD_POINTS_REFSYSTEM("member_transfer", bigintval($_POST['to_uid']), bigintval($_POST['points']), false, "0", false, "direct"); + ADD_POINTS_REFSYSTEM("member_transfer", bigintval(REQUEST_POST('to_uid')), bigintval(REQUEST_POST('points')), false, "0", false, "direct"); // ... and add it to current user's used points - SUB_POINTS("transfer", $GLOBALS['userid'], $_POST['points']); + SUB_POINTS("transfer", $GLOBALS['userid'], REQUEST_POST('points')); // First send email to recipient $msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID); @@ -198,31 +198,31 @@ case "new": // Start new transfer } elseif (!$valid_code) { // Invalid Touring code! LOAD_TEMPLATE("admin_settings_saved", false, "
".TRANSFER_INVALID_CODE."
"); - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); } elseif (!$valid_pass) { // Wrong password entered LOAD_TEMPLATE("admin_settings_saved", false, "
".TRANSFER_INVALID_PASSWORD."
"); - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); } elseif (!$valid_amount) { // Too much points entered LOAD_TEMPLATE("admin_settings_saved", false, "
".TRANSFER_INVALID_POINTS."
"); - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); } elseif (!$valid_reason) { // No transfer reason entered LOAD_TEMPLATE("admin_settings_saved", false, "
".TRANSFER_INVALID_REASON."
"); - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); } elseif (!$valid_recipient) { // No recipient selected LOAD_TEMPLATE("admin_settings_saved", false, "
".TRANSFER_INVALID_RECIPIENT."
"); - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); } elseif (!$valid_data) { // No recipient selected LOAD_TEMPLATE("admin_settings_saved", false, "
".TRANSFER_INVALID_DATA."
"); - unset($_POST['ok']); + REQUEST_UNSET_POST('ok'); } } - if (!isset($_POST['ok'])) { + if (!IS_FORM_SENT()) { // Load member list if (EXT_IS_ACTIVE("nickname")) { // Load userid and nickname @@ -240,7 +240,7 @@ case "new": // Start new transfer \n"; while (list($uid, $nick) = SQL_FETCHROW($result)) { $OUT .= "
 
diff --git a/templates/de/html/admin/admin_add_points_all.tpl b/templates/de/html/admin/admin_add_points_all.tpl index c2076ec37a..10a14209bd 100644 --- a/templates/de/html/admin/admin_add_points_all.tpl +++ b/templates/de/html/admin/admin_add_points_all.tpl @@ -1,5 +1,5 @@
diff --git a/templates/de/html/admin/admin_contct_user_form.tpl b/templates/de/html/admin/admin_contct_user_form.tpl index 09e14a16f9..c7fec1d7f1 100644 --- a/templates/de/html/admin/admin_contct_user_form.tpl +++ b/templates/de/html/admin/admin_contct_user_form.tpl @@ -1,4 +1,4 @@ - +
diff --git a/templates/de/html/admin/admin_list_rallyes_row2.tpl b/templates/de/html/admin/admin_list_rallyes_row2.tpl index 9428df698d..3f6abdd540 100644 --- a/templates/de/html/admin/admin_list_rallyes_row2.tpl +++ b/templates/de/html/admin/admin_list_rallyes_row2.tpl @@ -1,7 +1,7 @@ diff --git a/templates/de/html/admin/admin_list_unconfirmed.tpl b/templates/de/html/admin/admin_list_unconfirmed.tpl index 7a7dba65c4..3626a49c96 100644 --- a/templates/de/html/admin/admin_list_unconfirmed.tpl +++ b/templates/de/html/admin/admin_list_unconfirmed.tpl @@ -2,7 +2,7 @@
diff --git a/templates/de/html/admin/admin_del_user.tpl b/templates/de/html/admin/admin_del_user.tpl index 9b5d2447e7..035a5b48a6 100644 --- a/templates/de/html/admin/admin_del_user.tpl +++ b/templates/de/html/admin/admin_del_user.tpl @@ -1,4 +1,4 @@ - + diff --git a/templates/de/html/admin/admin_edit_user.tpl b/templates/de/html/admin/admin_edit_user.tpl index 15ccea30bb..fd29b41139 100644 --- a/templates/de/html/admin/admin_edit_user.tpl +++ b/templates/de/html/admin/admin_edit_user.tpl @@ -1,5 +1,5 @@
@@ -26,7 +26,7 @@ - diff --git a/templates/de/html/admin/admin_list_beg_rows.tpl b/templates/de/html/admin/admin_list_beg_rows.tpl index addd447f3f..b75c4bacfd 100644 --- a/templates/de/html/admin/admin_list_beg_rows.tpl +++ b/templates/de/html/admin/admin_list_beg_rows.tpl @@ -1,7 +1,7 @@ + href="{!URL!}/modules.php?module=admin&what=list_user&uid=$content[uid]">$content[uid]$content[win2] diff --git a/templates/de/html/admin/admin_list_cats.tpl b/templates/de/html/admin/admin_list_cats.tpl index d5cee91301..728786d6bc 100644 --- a/templates/de/html/admin/admin_list_cats.tpl +++ b/templates/de/html/admin/admin_list_cats.tpl @@ -3,7 +3,7 @@ {!__CATS_ROWS!} diff --git a/templates/de/html/admin/admin_list_cats_404.tpl b/templates/de/html/admin/admin_list_cats_404.tpl index 7c5183076d..f81e07e4f7 100644 --- a/templates/de/html/admin/admin_list_cats_404.tpl +++ b/templates/de/html/admin/admin_list_cats_404.tpl @@ -5,7 +5,7 @@ diff --git a/templates/de/html/admin/admin_list_links.tpl b/templates/de/html/admin/admin_list_links.tpl index f060708eff..ac7125cbba 100644 --- a/templates/de/html/admin/admin_list_links.tpl +++ b/templates/de/html/admin/admin_list_links.tpl @@ -1,14 +1,14 @@
{--FAMILY_NAME--}:  
$content[win1]$content[cnt]$content[win2] $content[win1]$content[uid]$content[win2]  $content[win1]$content[gender] $content[sname] $content[fname]$content[win2]
{--USER_ID--}: {!__UID!}({!__EMAIL!}) + href="{!URL!}/modules.php?module=admin&what=list_user&uid={!__UID!}">{!__UID!}({!__EMAIL!})
{--ADMIN_MEM_NO_CATS_1--}{!__UID!}{--ADMIN_MEM_NO_CATS_2--} + href="{!URL!}/modules.php?module=admin&what=list_user&uid={!__UID!}">{!__UID!}{--ADMIN_MEM_NO_CATS_2--}
{!__EMAIL_LIST!}
- {!__SNAME_VALUE!} {!__FNAME_VALUE!} ({!__EMAIL_VALUE!}): + {!__SNAME_VALUE!} {!__FNAME_VALUE!} ({!__EMAIL_VALUE!}):
{--MEMBER_TOTAL_LINKS_1--}{!__NUMS_VALUE!}{--MEMBER_TOTAL_LINKS_2--}
- {--ADMIN_DEL_UNCONFIRMED_LINKS--} + {--ADMIN_DEL_UNCONFIRMED_LINKS--}
diff --git a/templates/de/html/admin/admin_list_rallye_usr_row.tpl b/templates/de/html/admin/admin_list_rallye_usr_row.tpl index 2335141806..a3c2681068 100644 --- a/templates/de/html/admin/admin_list_rallye_usr_row.tpl +++ b/templates/de/html/admin/admin_list_rallye_usr_row.tpl @@ -1,7 +1,7 @@
$content[bold_l]$content[uid]$content[bold_r] + href="{!URL!}/modules.php?module=admin&what=list_user&uid=$content[uid]">$content[uid]$content[bold_r] $content[bold_l]$content[old]$content[bold_r]
$content[bold_l]$content[uid]$content[bold_r] + href="{!URL!}/modules.php?module=admin&what=list_user&uid=$content[uid]">$content[uid]$content[bold_r] $content[bold_l]$content[old]$content[bold_r]
{--EMAIL_SENDER--}:
- {!__LIST_UNCON_SENDER!} + {!__LIST_UNCON_SENDER!} 		{--EMAIL_SUBJECT--}:
diff --git a/templates/de/html/admin/admin_lock_user.tpl b/templates/de/html/admin/admin_lock_user.tpl index 7982c58e37..5b938f5d11 100644 --- a/templates/de/html/admin/admin_lock_user.tpl +++ b/templates/de/html/admin/admin_lock_user.tpl @@ -1,5 +1,5 @@ diff --git a/templates/de/html/admin/admin_member_selection_box.tpl b/templates/de/html/admin/admin_member_selection_box.tpl index 45c65533c2..6cf5419cb8 100644 --- a/templates/de/html/admin/admin_member_selection_box.tpl +++ b/templates/de/html/admin/admin_member_selection_box.tpl @@ -13,7 +13,7 @@ {--ADMIN_SELECT_USER--}: - {!_MEMBER_SELECTION!} diff --git a/templates/de/html/admin/admin_sub_points.tpl b/templates/de/html/admin/admin_sub_points.tpl index c51708aa83..b722e4a979 100644 --- a/templates/de/html/admin/admin_sub_points.tpl +++ b/templates/de/html/admin/admin_sub_points.tpl @@ -1,4 +1,4 @@ - +
diff --git a/templates/de/html/admin/admin_sub_points_all.tpl b/templates/de/html/admin/admin_sub_points_all.tpl index 7ff14f4cd1..08fcd6adbf 100644 --- a/templates/de/html/admin/admin_sub_points_all.tpl +++ b/templates/de/html/admin/admin_sub_points_all.tpl @@ -1,5 +1,5 @@
diff --git a/templates/de/html/admin/admin_task_holiday.tpl b/templates/de/html/admin/admin_task_holiday.tpl index 81282e4787..0bee6ce605 100644 --- a/templates/de/html/admin/admin_task_holiday.tpl +++ b/templates/de/html/admin/admin_task_holiday.tpl @@ -1,2 +1,2 @@ {--HOLIDAY_ADMIN_DEL_LINK--} \ No newline at end of file + href="{!URL!}/modules.php?module=admin&what=del_holiday&uid=$content">{--HOLIDAY_ADMIN_DEL_LINK--} \ No newline at end of file diff --git a/templates/de/html/guest/guest_register.tpl b/templates/de/html/guest/guest_register.tpl index a59f4f61c9..d2a6eef9da 100644 --- a/templates/de/html/guest/guest_register.tpl +++ b/templates/de/html/guest/guest_register.tpl @@ -35,7 +35,7 @@ diff --git a/templates/de/html/member/member_mydata_edit.tpl b/templates/de/html/member/member_mydata_edit.tpl index c6b8867751..e0ebdcc385 100644 --- a/templates/de/html/member/member_mydata_edit.tpl +++ b/templates/de/html/member/member_mydata_edit.tpl @@ -32,7 +32,7 @@ diff --git a/view.php b/view.php index f1d8562929..e08b8e0017 100644 --- a/view.php +++ b/view.php @@ -45,18 +45,18 @@ $GLOBALS['output_mode'] = -1; // Load the required file(s) require("inc/config.php"); -if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) { +if (((REQUEST_ISSET_GET(('user'))) || (REQUEST_ISSET_GET(('reseller')))) && (REQUEST_ISSET_GET(('banner')))) { // Count banner view... we currently don't need the user's id but maybe $VIEW = 1; // for later things... ;-) $result = SQL_QUERY_ESC("SELECT url FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1", - array(bigintval($_GET['banner'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { list($url) = SQL_FETCHROW($result); SQL_FREERESULT($result); SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET counter=counter+1 WHERE id=%s LIMIT 1", - array(bigintval($_GET['banner'])), __FILE__, __LINE__); + array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__); $type = substr($url, -3); header ("Content-Type: image/".$type); -- 2.39.5