a7e4e82aefd70298ab8ad6666bfb94da68145331
[mailer.git] / beg.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 01/09/2005 *
4  * ===============                              Last change: 01/09/2005 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : beg.php                                          *
8  * -------------------------------------------------------------------- *
9  * Short description : Beg link for members                             *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Bettel-Link fuer Mitglieder                      *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software; you can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License, or    *
21  * (at your option) any later version.                                  *
22  *                                                                      *
23  * This program is distributed in the hope that it will be useful,      *
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
26  * GNU General Public License for more details.                         *
27  *                                                                      *
28  * You should have received a copy of the GNU General Public License    *
29  * along with this program; if not, write to the Free Software          *
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
31  * MA  02110-1301  USA                                                  *
32  ************************************************************************/
33
34 // Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
35 require_once("inc/libs/security_functions.php");
36
37 // Init "action" and "what"
38 global $what, $action, $startTime;
39 $GLOBALS['startTime'] = microtime(true);
40 $GLOBALS['what'] = ""; $GLOBALS['action'] = "";
41
42 // Set module
43 $GLOBALS['module'] = "beg";
44 $GLOBALS['refid']  = 0;
45 $CSS = -1;
46 $msg = null;
47
48 // Load the required file(s)
49 require ("inc/config.php");
50
51 // Is the script installed?
52 if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed'))) {
53         // Check for userid
54         if (!empty($_GET['uid'])) {
55                 // Init user ID
56                 $uid = 0;
57
58                 // Validate if it is not a number
59                 if (bigintval($_GET['uid']) !== "".$_GET['uid']."") {
60                         if (EXT_IS_ACTIVE("nickname")) {
61                                 // Maybe we have found a nickname?
62                                 $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
63                                  array($_GET['uid']), __FILE__, __LINE__);
64                         } else {
65                                 // Nickname entered but nickname is not active
66                                 $msg = CODE_EXTENSION_PROBLEM;
67                                 $uid = -1;
68                                 $result = false;
69                         }
70                 } else {
71                         // Direct userid
72                         $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
73                          array(bigintval($_GET['uid'])), __FILE__, __LINE__);
74                 }
75
76                 // Check if locked in so don't pay points
77                 $login = false; $status = "failed";
78                 if (IS_MEMBER()) {
79                         // Logged in user detected!
80                         $login = true;
81                 }
82
83                 // Check if account was found
84                 if ((SQL_NUMROWS($result) == 1) && ($result != false)) {
85                         // Found an ID so we simply set it
86                         list($uid, $clicks, $ref_payout, $status, $last) = SQL_FETCHROW($result);
87                         if ($status == "CONFIRMED") {
88                                 // Secure userid
89                                 $uid = bigintval($uid);
90
91                                 // Calculate beg points
92                                 srand((double)microtime() * 10000000000 / time());
93
94                                 // Multiply configured values with 100000 and divide with 100000 so we can also handle small values
95                                 // If we need more number behind the decimal dot then we just need to increase all these three
96                                 // numbers matching to the numbers behind the decimal dot. Simple! ;-)
97                                 $points = rand(($_CONFIG['beg_points'] * 100000), ($_CONFIG['beg_points_max'] * 100000)) / 100000;
98
99                                 // Set nickname / userid for the template(s
100                                 define('__BEG_UID'   , $_GET['uid']);
101                                 define('__BEG_CLICKS', ($clicks + 1));
102                                 define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true));
103                                 define('__BEG_POINTS', TRANSLATE_COMMA($points));
104                         } else {
105                                 // Other status
106                                 $uid = "0";
107                         }
108                 }
109
110                 // Free memory
111                 SQL_FREERESULT($result);
112
113                 if (($uid > 0) && ($_CONFIG['beg_uid'] != $uid)) {
114                         // Update counter
115                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
116                          array($uid), __FILE__, __LINE__);
117
118                         // Check for last entry for userid w/o IP number
119                         $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%s)) AND remote_ip='%s' LIMIT 1",
120                          array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
121                         if ((SQL_NUMROWS($result) == 0) && ($points > 0) && (!$login)) {
122                                 // Free memory
123                                 SQL_FREERESULT($result);
124
125                                 if (!IS_ADMIN()) {
126                                         // Remember remote address, userid and timestamp for next click
127                                         // but only when there is no admin begging.
128                                         // Admins shall be able to test it!
129                                         $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_beg_ips (userid, remote_ip, timeout) VALUES('%s', '%s', UNIX_TIMESTAMP())",
130                                          array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
131                                 }
132
133                                 // Set mode depending on how many mails the member has to confirm
134                                 $locked = false;
135                                 if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == "N")) $locked = true;
136
137                                 // Is begging rallye active?
138                                 if ($_CONFIG['beg_rallye'] == "Y") {
139                                         // Add points to rallye account
140                                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1",
141                                          array($points, $uid), __FILE__, __LINE__);
142                                 } else {
143                                         // Add points to account
144                                         $DEPTH = 0;
145                                         ADD_POINTS_REFSYSTEM($uid, $points, false, "0", $locked, strtolower($_CONFIG['beg_mode']));
146                                 }
147
148                                 // Subtract begged points from member account if the admin has selected one
149                                 if ($_CONFIG['beg_uid'] > 0) {
150                                         // Subtract from this account
151                                         SUB_POINTS($_CONFIG['beg_uid'], $points);
152                                 }
153
154                                 // Set message
155                                 define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true));
156                         } elseif ($login) {
157                                 // Logged in user found!
158                                 define('__BEG_MSG', LOAD_TEMPLATE("beg_login", true));
159
160                                 // Free memory
161                                 SQL_FREERESULT($result);
162                         } else {
163                                 // Free memory
164                                 SQL_FREERESULT($result);
165
166                                 // Clicked received while reload lock is active
167                                 define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true));
168                         }
169
170                         // Include header
171                         require_once(PATH."inc/header.php");
172
173                         // Load final template
174                         LOAD_TEMPLATE("beg_link");
175
176                         // Include footer
177                         require_once(PATH."inc/footer.php");
178                 } elseif (($status != "CONFIRMED") && ($status != "failed")) {
179                         // Maybe locked/unconfirmed account?
180                         switch ($status) {
181                                 case "LOCKED"     : $msg = CODE_ID_LOCKED     ; break; // Locked account
182                                 case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account
183                         }
184                 } elseif (($uid == "0") || ($status == "failed")) {
185                         // Inalid or locked account, so let's find out
186                         $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
187                          array($_GET['uid']), __FILE__, __LINE__);
188                         if (SQL_NUMROWS($result) == 1) {
189                                 // Locked account
190                                 $msg = CODE_ACCOUNT_LOCKED;
191                         } else {
192                                 // Invalid nickname! (404)
193                                 $msg = CODE_USER_404;
194                         }
195
196                         // Free memory
197                         SQL_FREERESULT($result);
198                 } elseif ($uid == $_CONFIG['beg_uid']) {
199                         // Webmaster's ID cannot beg for points!
200                         $msg = CODE_BEG_SAME_AS_OWN;
201                 }
202
203                 // Reload to index module
204                 die("-".$msg."-");
205                 if ((!empty($msg)) && (!empty($msg))) LOAD_URL("modules.php?module=index&msg=".$msg);
206         } else {
207                 // No userid entered
208                 LOAD_URL("modules.php?module=index");
209         }
210 } else {
211         // You have to configure first!
212         LOAD_URL("install.php");
213 }
214
215 // Really all done here... ;-)
216 ?>