query masking rewritten in more SQLs, several cleanups and fix on beg link
[mailer.git] / beg.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 01/09/2005 *
4  * ===============                              Last change: 01/09/2005 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : beg.php                                          *
8  * -------------------------------------------------------------------- *
9  * Short description : Beg link for members                             *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Bettel-Link fuer Mitglieder                      *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software; you can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License, or    *
21  * (at your option) any later version.                                  *
22  *                                                                      *
23  * This program is distributed in the hope that it will be useful,      *
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
26  * GNU General Public License for more details.                         *
27  *                                                                      *
28  * You should have received a copy of the GNU General Public License    *
29  * along with this program; if not, write to the Free Software          *
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
31  * MA  02110-1301  USA                                                  *
32  ************************************************************************/
33
34 // Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
35 require_once("inc/libs/security_functions.php");
36
37 // Init "action" and "what"
38 global $what, $action;
39 $GLOBALS['what'] = ""; $GLOBALS['action'] = "";
40
41 // Set module
42 $GLOBALS['module'] = "beg";
43 $GLOBALS['refid']  = 0;
44 $CSS = -1;
45 $msg = null;
46
47 // Load the required file(s)
48 require ("inc/config.php");
49
50 // Is the script installed?
51 if (defined('mxchange_installed') && (mxchange_installed)) {
52         // Check for userid
53         if (!empty($_GET['uid'])) {
54                 // Init user ID
55                 $uid = 0;
56
57                 // Validate if it is not a number
58                 if (bigintval($_GET['uid']) !== "".$_GET['uid']."") {
59                         if (EXT_IS_ACTIVE("nickname")) {
60                                 // Maybe we have found a nickname?
61                                 $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
62                                  array($_GET['uid']), __FILE__, __LINE__);
63                         } else {
64                                 // Nickname entered but nickname is not active
65                                 $msg = CODE_EXTENSION_PROBLEM;
66                                 $uid = -1;
67                                 $result = false;
68                         }
69                 } else {
70                         // Direct userid
71                         $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
72                          array(bigintval($_GET['uid'])), __FILE__, __LINE__);
73                 }
74
75                 // Check if locked in so don't pay points
76                 $login = false; $status = "failed";
77                 if (IS_LOGGED_IN()) {
78                         // Logged in user detected!
79                         $login = true;
80                 }
81
82                 // Check if account was found
83                 if ((SQL_NUMROWS($result) == 1) && ($result != false)) {
84                         // Found an ID so we simply set it
85                         list($uid, $clicks, $ref_payout, $status, $last) = SQL_FETCHROW($result);
86                         if ($status == "CONFIRMED") {
87                                 // Secure userid
88                                 $uid = bigintval($uid);
89
90                                 // Calculate beg points
91                                 srand((double)microtime() * 10000000000 / time());
92
93                                 // Multiply configured values with 100000 and divide with 100000 so we can also handle small values
94                                 // If we need more number behind the decimal dot then we just need to increase all these three
95                                 // numbers matching to the numbers behind the decimal dot. Simple! ;-)
96                                 $POINTS = rand(($CONFIG['beg_points'] * 100000), ($CONFIG['beg_points_max'] * 100000)) / 100000;
97
98                                 // Set nickname / userid for the template(s
99                                 define('__BEG_UID'   , $_GET['uid']);
100                                 define('__BEG_CLICKS', ($clicks + 1));
101                                 define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true));
102                                 define('__BEG_POINTS', TRANSLATE_COMMA($POINTS));
103                         } else {
104                                 // Other status
105                                 $uid = "0";
106                         }
107                 }
108
109                 // Free memory
110                 SQL_FREERESULT($result);
111
112                 if (($uid > 0) && ($CONFIG['beg_uid'] != $uid)) {
113                         // Update counter
114                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
115                          array($uid), __FILE__, __LINE__);
116
117                         // Check for last entry for userid w/o IP number
118                         $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $CONFIG['beg_timeout'])." OR (timeout > ".(time() - $CONFIG['beg_uid_timeout'])." AND userid=%d)) AND remote_ip='%s' LIMIT 1",
119                          array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
120                         if ((SQL_NUMROWS($result) == 0) && ($POINTS > 0) && (!$login)) {
121                                 // Free memory
122                                 SQL_FREERESULT($result);
123
124                                 if (!IS_ADMIN()) {
125                                         // Remember remote address, userid and timestamp for next click
126                                         // but only when there is no admin begging.
127                                         // Admins shall be able to test it!
128                                         $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_beg_ips (userid, remote_ip, timeout) VALUES('%s', '%s', UNIX_TIMESTAMP())",
129                                          array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
130                                 }
131
132                                 // Set mode depending on how many mails the member has to confirm
133                                 $locked = false;
134                                 if (($ref_payout > 0) && ($CONFIG['allow_direct_pay'] == 'N')) $locked = true;
135
136                                 // Is begging rallye active?
137                                 if ($CONFIG['beg_rallye'] == 'Y') {
138                                         // Add points to rallye account
139                                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%d LIMIT 1",
140                                          array($POINTS, $uid), __FILE__, __LINE__);
141                                 } else {
142                                         // Add points to account
143                                         ADD_POINTS_REFSYSTEM($uid, $POINTS, false, "0", $locked, strtolower($CONFIG['beg_mode']));
144                                 }
145
146                                 // Subtract begged points from member account if the admin has selected one
147                                 if ($CONFIG['beg_uid'] > 0) {
148                                         // Subtract from this account
149                                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
150                                          array($POINTS, bigintval($CONFIG['beg_uid'])), __FILE__, __LINE__);
151
152                                         // Update mediadata as well
153                                         if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
154                                                 // Update database
155                                                 MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $POINTS);
156                                         }
157                                 }
158
159                                 // Set message
160                                 define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true));
161                         } elseif ($login) {
162                                 // Logged in user found!
163                                 define('__BEG_MSG', LOAD_TEMPLATE("beg_login", true));
164
165                                 // Free memory
166                                 SQL_FREERESULT($result);
167                         } else {
168                                 // Free memory
169                                 SQL_FREERESULT($result);
170
171                                 // Clicked received while reload lock is active
172                                 define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true));
173                         }
174
175                         // Include header
176                         require_once(PATH."inc/header.php");
177
178                         // Load final template
179                         LOAD_TEMPLATE("beg_link");
180
181                         // Include footer
182                         require_once(PATH."inc/footer.php");
183                 } elseif (($status != "CONFIRMED") && ($status != "failed")) {
184                         // Maybe locked/unconfirmed account?
185                         switch ($status) {
186                                 case "LOCKED"     : $msg = CODE_ID_LOCKED     ; break; // Locked account
187                                 case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account
188                         }
189                 } elseif (($uid == "0") || ($status == "failed")) {
190                         // Inalid or locked account, so let's find out
191                         $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
192                          array($_GET['uid']), __FILE__, __LINE__);
193                         if (SQL_NUMROWS($result) == 1) {
194                                 // Locked account
195                                 $msg = CODE_ACCOUNT_LOCKED;
196                         } else {
197                                 // Invalid nickname! (404)
198                                 $msg = CODE_USER_404;
199                         }
200
201                         // Free memory
202                         SQL_FREERESULT($result);
203                 } elseif ($uid == $CONFIG['beg_uid']) {
204                         // Webmaster's ID cannot beg for points!
205                         $msg = CODE_BEG_SAME_AS_OWN;
206                 }
207
208                 // Reload to index module
209                 die("-".$msg."-");
210                 if ((!empty($msg)) && (!empty($msg))) LOAD_URL(URL."/modules.php?module=index&msg=".$msg);
211         } else {
212                 // No userid entered
213                 LOAD_URL(URL."/modules.php?module=index");
214         }
215 } else {
216         // You have to configure first!
217         LOAD_URL(URL."/install.php");
218 }
219
220 // Really all done here... ;-)
221 ?>