also prevent it in .htacces. You may want to add this to one of your files in /etc...
[mailer.git] / doubler.php
1 <?php
2 /************************************************************************
3  * Mailer v0.2.1-FINAL                                Start: 02/13/2005 *
4  * ===================                          Last change: 02/13/2005 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : doubler.php                                      *
8  * -------------------------------------------------------------------- *
9  * Short description : Points doubler                                   *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Punkteverdoppler                                 *
12  * -------------------------------------------------------------------- *
13  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
14  * Copyright (c) 2009 - 2016 by Mailer Developer Team                   *
15  * For more information visit: http://mxchange.org                      *
16  *                                                                      *
17  * This program is free software; you can redistribute it and/or modify *
18  * it under the terms of the GNU General Public License as published by *
19  * the Free Software Foundation; either version 2 of the License, or    *
20  * (at your option) any later version.                                  *
21  *                                                                      *
22  * This program is distributed in the hope that it will be useful,      *
23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
25  * GNU General Public License for more details.                         *
26  *                                                                      *
27  * You should have received a copy of the GNU General Public License    *
28  * along with this program; if not, write to the Free Software          *
29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
30  * MA  02110-1301  USA                                                  *
31  ************************************************************************/
32
33 // Load security stuff here
34 require('inc/libs/security_functions.php');
35
36 // Init start time
37 $GLOBALS['__start_time'] = microtime(TRUE);
38
39 // Set module and output mode
40 $GLOBALS['__module']      = 'doubler';
41 $GLOBALS['__output_mode'] = '0';
42
43 // Initialize application
44 require('inc/init.php');
45
46 // Set content type
47 setContentType('text/html');
48
49 // Is the 'doubler' extension active?
50 redirectOnUninstalledExtension('doubler');
51
52 // Init content array
53 $content = array(
54         'message' => '',
55 );
56
57 // Begin with doubler script...
58 if (isFormSent()) {
59         // Secure points (so only integer/double values are allowed
60         setPostRequestElement('points', bigintval(postRequestElement('points')));
61
62         // Begin with doubling process
63         if ((isPostRequestElementSet('userid')) && (isPostRequestElementSet('password')) && (isPostRequestElementSet('points'))) {
64                 // Probe for nickname extension and if a nickname was entered
65                 if (isNicknameUsed(postRequestElement('userid'))) {
66                         // Nickname in URL, so load the id
67                         fetchUserData(postRequestElement('userid'), 'nickname');
68                 } else {
69                         // Direct userid entered
70                         fetchUserData(postRequestElement('userid'));
71                 }
72
73                 // Is the data valid?
74                 if (!isValidUserData()) {
75                         // Output message that the userid is not okay
76                         displayMessage('{--DOUBLER_USERID_INVALID--}');
77                 } // END - if
78
79                 // Remove any dots and unwanted chars from the points
80                 setPostRequestElement('points', bigintval(round(convertCommaToDot(postRequestElement('points')))));
81
82                 // Probe for enough points
83                 $probe_points = ((postRequestElement('points') >= getDoublerMin()) && (postRequestElement('points') <= getDoublerMax()));
84
85                 // Check all together
86                 if ((isValidUserData()) && (getUserData('password') == generateHash(postRequestElement('password'), substr(getUserData('password'), 0, -40))) && (getUserData('status') == 'CONFIRMED') && ($probe_points)) {
87                         // Nickname resolved to a unique userid or direct userid entered by the member
88                         $GLOBALS['local_doubler_userid'] = getUserData('userid');
89
90                         // Calulcate points
91                         $points = getTotalPoints(getUserData('userid'));
92
93                         // So let's continue with probing his points amount
94                         if (($points - getConfig('doubler_left') - postRequestElement('points') * getDoublerCharge() / 100) >= 0) {
95                                 // Enough points are left so let's continue with the doubling process
96                                 // Create doubling "account" with *DOUBLED* points
97                                 sqlQueryEscaped("INSERT INTO `{?_MYSQL_PREFIX?}_doubler` (`userid`, `refid`, `points`, `remote_ip`, `timemark`, `completed`, `is_ref`) VALUES (%s,%s,%s,'%s', UNIX_TIMESTAMP(), 'N','N')",
98                                         array(
99                                                 getUserData('userid'),
100                                                 convertZeroToNull(determineReferralId()),
101                                                 bigintval(postRequestElement('points') * 2),
102                                                 determineRealRemoteAddress()
103                                         ), __FILE__, __LINE__);
104
105                                 // Subtract entered points and ignore return status
106                                 subtractPoints('doubler', getUserData('userid'), postRequestElement('points'));
107
108                                 // Add points to "total payed" including charge
109                                 $points = postRequestElement('points') - postRequestElement('points') * getDoublerCharge() / 100;
110                                 updateConfiguration('doubler_points', $points, '+');
111                                 incrementConfigEntry('doubler_points', $points);
112
113                                 // Add second line for the referral but only when userid != refid
114                                 if ((isValidId(determineReferralId())) && (determineReferralId() != getUserData('userid'))) {
115                                         // Okay add a refid line and apply refid percents
116                                         sqlQueryEscaped("INSERT INTO `{?_MYSQL_PREFIX?}_doubler` (`userid`, `refid`, `points`, `remote_ip`, `timemark`, `completed`, `is_ref`) VALUES (%s,0,%s,'%s',UNIX_TIMESTAMP(),'N','Y')",
117                                                 array(
118                                                         convertZeroToNull(determineReferralId()),
119                                                         (postRequestElement('points') * 2 * getDoublerRef() / 100),
120                                                         determineRealRemoteAddress()
121                                                 ), __FILE__, __LINE__);
122
123                                         // And that's why we don't want to you more than one referral level of doubler-points. ^^^
124                                 } // END - if
125
126                                 // Update usage counter
127                                 updateConfiguration('doubler_counter', 1, '+');
128
129                                 // Set constant
130                                 $content['message'] = loadTemplate('doubler_reflink', TRUE, postRequestElement('userid'));
131                         } else {
132                                 // Not enougth points left
133                                 $content['message'] = '{--DOUBLER_FORM_NO_POINTS_LEFT--}';
134                         }
135                 } elseif (getUserData('status') == 'CONFIRMED') {
136                         // Account is unconfirmed!
137                         $content['message'] = '{--DOUBLER_FORM_WRONG_PASS--}';
138                 } elseif (getUserData('status') == 'UNCONFIRMED') {
139                         // Account is unconfirmed!
140                         $content['message'] = '{--DOUBLER_FORM_STATUS_UNCONFIRMED--}';
141                 } elseif (getUserData('status') == 'LOCKED') {
142                         // Account is locked by admin / holiday!
143                         $content['message'] = '{--DOUBLER_FORM_STATUS_LOCKED--}';
144                 } elseif (postRequestElement('points') < getDoublerMin()) {
145                         // Not enougth points entered
146                         $content['message'] = '{--DOUBLER_FORM_POINTS_MIN--}';
147                 } elseif (postRequestElement('points') > getDoublerMax()) {
148                         // Too much points entered
149                         $content['message'] = '{--DOUBLER_FORM_POINTS_MAX--}';
150                 } elseif (isNicknameUsed(postRequestElement('userid'))) {
151                         // Cannot resolv nickname -> userid
152                         $content['message'] = '{--DOUBLER_FORM_404_NICKNAME--}';
153                 } else {
154                         // Wrong password or account not found
155                         $content['message'] = '{--DOUBLER_FORM_404_MEMBER--}';
156                 }
157         } elseif (!isPostRequestElementSet('userid')) {
158                 // Login not entered
159                 $content['message'] = '{--DOUBLER_FORM_404_LOGIN--}';
160         } elseif (!isPostRequestElementSet('password')) {
161                 // Password not entered
162                 $content['message'] = '{--DOUBLER_FORM_404_PASSWORD--}';
163         } elseif (!isPostRequestElementSet('points')) {
164                 // points not entered
165                 $content['message'] = '{--DOUBLER_FORM_404_POINTS--}';
166         }
167 } // END - if (isFormSet())
168
169 // Shall I check for points immediately?
170 if (getDoublerSendMode() == 'DIRECT') {
171         loadInclude('inc/mails/doubler_mails.php');
172 } // END - if
173
174 // Output header
175 loadPageHeader();
176
177 if (isValidUserData()) {
178         // Transfer userid/nickname to constant
179         $content['refid'] = getUserData('userid');
180 } else {
181         // Transfer userid/nickname to constant
182         $content['refid'] = determineReferralId();
183 }
184
185 // Text "Enter login"
186 if (isExtensionActive('nickname')) {
187         // Choose login/nickname
188         $content['enter_login'] = '{--GUEST_ENTER_LOGIN_NICKNAME--}';
189 } else {
190         // Simple login id
191         $content['enter_login'] = '{--GUEST_ENTER_LOGIN--}';
192 }
193
194 // Which mail-send-mode did the admin setup?
195 $content['payout_time'] = '{--DOUBLER_PAYOUT_TIME_' . getDoublerSendMode() . '--}';
196
197 // Generate table with already payed out doubles
198 $content['payout_history'] = generateDoublerTable(0, 'Y', 'N', 'DESC');
199
200 // Output neccessary form for this
201 loadTemplate('doubler_index', FALSE, $content);
202
203 // Output footer
204 loadPageFooter();
205
206 // [EOF]
207 ?>