also prevent it in .htacces. You may want to add this to one of your files in /etc...
[mailer.git] / beg.php
1 <?php
2 /************************************************************************
3  * Mailer v0.2.1-FINAL                                Start: 01/09/2005 *
4  * ===================                          Last change: 01/09/2005 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : beg.php                                          *
8  * -------------------------------------------------------------------- *
9  * Short description : Beg link for members                             *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Bettel-Link fuer Mitglieder                      *
12  * -------------------------------------------------------------------- *
13  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
14  * Copyright (c) 2009 - 2016 by Mailer Developer Team                   *
15  * For more information visit: http://mxchange.org                      *
16  *                                                                      *
17  * This program is free software; you can redistribute it and/or modify *
18  * it under the terms of the GNU General Public License as published by *
19  * the Free Software Foundation; either version 2 of the License, or    *
20  * (at your option) any later version.                                  *
21  *                                                                      *
22  * This program is distributed in the hope that it will be useful,      *
23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
25  * GNU General Public License for more details.                         *
26  *                                                                      *
27  * You should have received a copy of the GNU General Public License    *
28  * along with this program; if not, write to the Free Software          *
29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
30  * MA  02110-1301  USA                                                  *
31  ************************************************************************/
32
33 // Load security stuff here
34 require('inc/libs/security_functions.php');
35
36 // Init start time
37 $GLOBALS['__start_time'] = microtime(TRUE);
38
39 // Set module and output mode (HTML)
40 $GLOBALS['__module']      = 'beg';
41 $GLOBALS['__output_mode'] = '0';
42 $errorCode = NULL;
43
44 // Initialize application
45 require('inc/init.php');
46
47 // Set content type
48 setContentType('text/html');
49
50 // Is the 'beg' extension active?
51 redirectOnUninstalledExtension('beg');
52
53 // Check for userid
54 if (isGetRequestElementSet('userid')) {
55         // Init variables
56         $points = '0';
57
58         // Don't pay is the default...
59         $isPayed = FALSE;
60
61         // Validate if it is not a number
62         if ((isExtensionActive('nickname')) && (isNicknameUsed(getRequestElement('userid')))) {
63                 // Maybe a nickname is provided?
64                 fetchUserData(getRequestElement('userid'), 'nickname');
65         } elseif (isNicknameUsed(getRequestElement('userid'))) {
66                 // Nickname entered but nickname is not active
67                 $errorCode = getCode('EXTENSION_PROBLEM');
68         } else {
69                 // Direct userid
70                 fetchUserData(getRequestElement('userid'));
71         }
72
73         // Check if locked in so don't pay points
74         $status = 'failed';
75
76         // Check if account was found
77         if ((isValidUserData()) && (getUserData('status') == 'CONFIRMED')) {
78                 /*
79                  * Multiply configured values with 100000 and divide with 100000 so we can also handle small values
80                  * If we need more number behind the decimal dot then we just need to increase all these three
81                  * numbers matching to the numbers behind the decimal dot. Simple! ;-)
82                  */
83                 $points = mt_rand((getBegPoints() * 100000), (getBegPointsMax() * 100000)) / 100000;
84
85                 // Set nickname / userid for template
86                 $content['userid']        = getRequestElement('userid');
87                 $content['clicks']        = (getUserData('beg_clicks') + 1);
88                 $content['points']        = $points;
89         } // END - if
90
91         // User id valid and not webmaster's id?
92         if ((isValidId(getUserData('userid'))) && (getBegUserid() != getUserData('userid'))) {
93                 // Update counter
94                 sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `beg_clicks`=`beg_clicks`+1 WHERE `userid`=%s LIMIT 1",
95                         array(getUserData('userid')), __FILE__, __LINE__);
96
97                 // Check for last entry for userid w/o IP number                            12              33                               2    23              44            3                                          21     1                              1
98                 $result = sqlQueryEscaped("SELECT `id` FROM `{?_MYSQL_PREFIX?}_beg_ips` WHERE ((UNIX_TIMESTAMP() - `timeout`) >= {?beg_timeout?} OR ((UNIX_TIMESTAMP() - `timeout`) >= {?beg_userid_timeout?} AND `userid`=%s)) AND (`remote_ip`='%s' OR `sid`='%s') LIMIT 1",
99                         array(
100                                 getUserData('userid'),
101                                 determineRealRemoteAddress(),
102                                 session_id()
103                         ), __FILE__, __LINE__);
104
105                 // Entry not found, points set and not logged in?
106                 //* DEBUG: */ logDebugMessage(__FILE__, __LINE__, 'SQL_HASZERONUMS()=' . intval(SQL_HASZERONUMS($result)) . ',isAdmin()=' . intval(isAdmin()) . ',points=' . $points . ',isMember()=' . intval(isMember()) . ',getBegPayMode()=' . getBegPayMode());
107                 if ((ifSqlHasZeroNumRows($result)) && ($points > 0) && (getBegPayMode() == 'NONE') && ((!isMember()) || (isAdmin()))) {
108                         // Default is result from isAdmin(), mostly false
109                         $isPayed = isAdmin();
110
111                         // Admin is testing?
112                         if (!isAdmin()) {
113                                 /*
114                                  * Remember remote address, userid and timestamp for next click
115                                  * but only when there is no admin begging.
116                                  * Admins shall be able to test it!
117                                  */
118                                 sqlQueryEscaped("INSERT INTO `{?_MYSQL_PREFIX?}_beg_ips` (`userid`, `remote_ip`, `sid`, `timeout`) VALUES ('%s','%s','%s', UNIX_TIMESTAMP())",
119                                         array(
120                                                 getUserData('userid'),
121                                                 determineRealRemoteAddress(),
122                                                 session_id()
123                                         ), __FILE__, __LINE__);
124
125                                 // Was is successfull?
126                                 $isPayed = (!ifSqlHasZeroAffectedRows());
127                         } // END - if
128
129                         // Pay points?
130                         //* DEBUG: */ logDebugMessage(__FILE__, __LINE__, 'isPayed=' . intval($isPayed));
131                         if ($isPayed === TRUE) {
132                                 // Add points to user or begging rallye account
133                                 if (addPointsBeg(getUserData('userid'), $points)) {
134                                         // Set 'done' message
135                                         $content['message'] = loadTemplate('beg_done', TRUE, $content);
136                                 } else {
137                                         // Error!
138                                         $content['message'] = loadTemplate('beg_failed', TRUE, $content);
139                                 }
140                         } else {
141                                 // Error!
142                                 $content['message'] = loadTemplate('beg_failed', TRUE, $content);
143                         }
144                 } elseif (isMember()) {
145                         // Logged in user found
146                         $content['message'] = loadTemplate('beg_login', TRUE, $content);
147                 } elseif (getBegPayMode() != 'NONE') { // Other pay-mode active!
148                         // Load message template depending on pay-mode
149                         $content['message'] = loadTemplate('beg_pay_mode_' . strtolower(getBegPayMode()), TRUE, $content);
150                         $isPayed = TRUE;
151                 } else {
152                         // Clicked received while reload lock is active
153                         $content['message'] = loadTemplate('beg_failed', TRUE, $content);
154                 }
155
156                 // Free memory
157                 sqlFreeResult($result);
158
159                 // Include header
160                 loadPageHeader();
161
162                 // Load final template
163                 loadTemplate('beg_link', FALSE, $content);
164
165                 // Tracker code enabled? (We don't track users here!
166                 if ((getBegPayMode() != 'NONE') && ($isPayed === TRUE)) {
167                         // Prepare content for template
168                         // @TODO Opps, what is missing here???
169                         $content = array(
170                         );
171
172                         // Include config-depending template
173                         loadTemplate('beg_pay_code_' . strtolower(getBegPayMode()), FALSE, $content);
174                 } elseif (($isPayed === FALSE) && (!isset($content['message']))) {
175                         // Cannot pay! :-(
176                         $content['message'] = loadTemplate('beg_failed', TRUE);
177                 }
178
179                 // Include footer
180                 loadPageFooter();
181         } elseif ((getUserData('status') != 'CONFIRMED') && (getUserData('status') != 'failed')) {
182                 // Maybe locked/unconfirmed account?
183                 $errorCode = generateErrorCodeFromUserStatus();
184         } elseif ((!isValidId(getUserData('userid'))) || (getUserData('status') == 'failed')) {
185                 // Inalid or locked account, so let's find out
186                 if (fetchUserData(getRequestElement('userid'), 'nickname')) {
187                         // Locked account
188                         $errorCode = getCode('ACCOUNT_LOCKED');
189                 } else {
190                         // Invalid nickname! (404)
191                         $errorCode = getCode('USER_404');
192                 }
193         } elseif (getUserData('userid') == getBegUserid()) {
194                 // Webmaster's id cannot beg for points!
195                 $errorCode = getCode('BEG_SAME_AS_OWN');
196         }
197
198         // Reload to index module if an error happens
199         if (!is_null($errorCode)) {
200                 redirectToUrl('modules.php?module=index&amp;code=' . $errorCode . '&amp;ext=beg');
201         } // END - if
202 } else {
203         // No userid entered
204         redirectToUrl('modules.php?module=index');
205 }
206
207 // Really all done here... ;-)
208 doShutdown();
209
210 // [EOF]
211 ?>