Continued a bit:
[mailer.git] / mailid.php
1 <?php
2 /************************************************************************
3  * Mailer v0.2.1-FINAL                                Start: 11/14/2003 *
4  * ===================                          Last change: 01/10/2013 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : mailid.php                                       *
8  * -------------------------------------------------------------------- *
9  * Short description : Confirmation file for emails                     *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Bestaetigung von Mails                           *
12  * -------------------------------------------------------------------- *
13  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
14  * Copyright (c) 2009 - 2016 by Mailer Developer Team                   *
15  * For more information visit: http://mxchange.org                      *
16  *                                                                      *
17  * This program is free software; you can redistribute it and/or modify *
18  * it under the terms of the GNU General Public License as published by *
19  * the Free Software Foundation; either version 2 of the License, or    *
20  * (at your option) any later version.                                  *
21  *                                                                      *
22  * This program is distributed in the hope that it will be useful,      *
23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
25  * GNU General Public License for more details.                         *
26  *                                                                      *
27  * You should have received a copy of the GNU General Public License    *
28  * along with this program; if not, write to the Free Software          *
29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
30  * MA  02110-1301  USA                                                  *
31  ************************************************************************/
32
33 // Load security stuff here
34 require('inc/libs/security_functions.php');
35
36 // Init start time
37 $GLOBALS['__start_time'] = microtime(TRUE);
38
39 // Tell everyone we are in this module
40 $GLOBALS['__module']      = 'mailid';
41 $GLOBALS['__output_mode'] = '0';
42
43 // Disable copyright footer which would be to large for the upper frame
44 $GLOBALS['__copyright_enabled'] = 'N';
45
46 // Load the required file(s)
47 require('inc/config-global.php');
48
49 // Set content type and HTTP status
50 setContentType('text/html');
51 setHttpStatus('404 Not Found');
52
53 // Is ext-mailid active?
54 redirectOnUninstalledExtension('mailid');
55
56 // Is ext-other active?
57 redirectOnUninstalledExtension('other');
58
59 // Init data
60 $data = array(
61         'error_code' => '0',
62         'userid'     => '0',
63         'id'         => '0',
64         'code'       => '0',
65         'do'         => 'frames',
66         'type'       => '',
67 );
68
69 // Secure all data
70 if (isGetRequestElementSet('userid')) $data['userid'] = bigintval(getRequestElement('userid'));
71 if (isGetRequestElementSet('id'))     $data['id']     = bigintval(getRequestElement('id'));
72 if (isGetRequestElementSet('code'))   $data['code']   = bigintval(getRequestElement('code'));
73 if (isGetRequestElementSet('do'))     $data['do']     = getRequestElement('do');
74 if (isGetRequestElementSet('type'))   $data['type']   = getRequestElement('type');
75
76 // @TODO Improve check on $data['type'], empty() is not very much ...
77 if ((isValidId($data['userid'])) && (isValidId($data['id'])) && (!empty($data['type'])) && (!ifFatalErrorsDetected())) {
78         // Is 'do' still "frames"?
79         if ($data['do'] == 'frames') {
80                 // This is a frameset module
81                 $GLOBALS['frameset_mode'] = TRUE;
82         } // END - if
83
84         // No image?
85         if ($data['do'] != 'img') {
86                 // ... then output header
87                 loadPageHeader();
88         } //¬†END - fi
89
90         // Init result for below sqlNumRows() function
91         $result_main = FALSE;
92
93         // Maybe he wants to confirm an email?
94         switch ($data['type']) {
95                 case 'normal':
96                         $result_main = sqlQueryEscaped("SELECT `id` AS `link_id`, `link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `stats_id`=%s AND `userid`=%s LIMIT 1",
97                                 array($data['id'], $data['userid']), __FILE__, __LINE__);
98                         break;
99
100                 case 'bonus':
101                         $result_main = sqlQueryEscaped("SELECT `id` AS `link_id`, `link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `bonus_id`=%s AND `userid`=%s LIMIT 1",
102                                 array($data['id'], $data['userid']), __FILE__, __LINE__);
103                         break;
104
105                 default: // Not detected
106                         reportBug(__FILE__, __LINE__, 'No valid type=' . $data['type'] . ' set.');
107                         break;
108         } // END - switch
109
110         // Is an entry found?
111         if (sqlNumRows($result_main) == 1) {
112                 // Is the stats id valid?
113                 $data = merge_array($data, sqlFetchArray($result_main));
114
115                 // Init result here with invalid to avoid possible missing variable
116                 $result_mailid = FALSE;
117
118                 // @TODO Rewrite this to a filter/function
119                 switch ($data['link_type']) {
120                         case 'NORMAL':
121                                 $result_mailid = sqlQueryEscaped("SELECT `pool_id`, `userid` AS `sender`, `url` FROM `{?_MYSQL_PREFIX?}_user_stats` WHERE `id`=%s LIMIT 1",
122                                         array($data['id']), __FILE__, __LINE__);
123                                 break;
124
125                         case 'BONUS':
126                                 $result_mailid = sqlQueryEscaped("SELECT `id` AS `pool_id`, `is_notify`, `url` FROM `{?_MYSQL_PREFIX?}_bonus` WHERE `id`=%s LIMIT 1",
127                                         array($data['id']), __FILE__, __LINE__);
128                                 break;
129
130                         default: // Unknown type
131                                 reportBug(__FILE__, __LINE__, 'Unknown mail type ' . $data['link_type'] . ' detected.');
132                                 break;
133                 } // END - switch
134
135                 // Entry found?
136                 if (sqlNumRows($result_mailid) == 1) {
137                         // Load data
138                         $data = merge_array($data, sqlFetchArray($result_mailid));
139
140                         // Correct notification switch in non-bonus mails
141                         if ((!isset($data['is_notify'])) || (!in_array($data['is_notify'], array('Y', 'N')))) {
142                                 $data['is_notify'] = 'N';
143                         } // END - if
144
145                         // Set sender to 0 when we have a bonus mail
146                         if ($data['link_type'] == 'BONUS') {
147                                 $data['sender'] = NULL;
148                         } // END - if
149
150                         // Is the user id valid?
151                         if (fetchUserData($data['userid']) === TRUE) {
152                                 // Is the user status CONFIRMED?
153                                 if (getUserData('status') == 'CONFIRMED') {
154                                         // User has confirmed his account so we can procede...
155                                         // @TODO Rewrite this to a filter
156                                         switch ($data['link_type']) {
157                                                 case 'NORMAL':
158                                                         $result = sqlQueryEscaped("SELECT `payment_id` FROM `{?_MYSQL_PREFIX?}_user_stats` WHERE `pool_id`=%s LIMIT 1",
159                                                                 array(bigintval($data['pool_id'])), __FILE__, __LINE__);
160
161                                                         // Entry found?
162                                                         if (sqlNumRows($result) == 1) {
163                                                                 $data = merge_array($data, sqlFetchArray($result));
164                                                                 $data['time']    = getPaymentTime($data['payment_id']);
165                                                                 $data['payment'] = getPaymentPayment($data['payment_id']);
166                                                                 $isValid   = TRUE;
167                                                         } // END - if
168
169                                                         // Free memory...
170                                                         sqlFreeResult($result);
171                                                         break;
172
173                                                 case 'BONUS':
174                                                         $result = sqlQueryEscaped("SELECT `time`, `points` AS `payment` FROM `{?_MYSQL_PREFIX?}_bonus` WHERE `id`=%s LIMIT 1",
175                                                                 array(bigintval($data['pool_id'])), __FILE__, __LINE__);
176
177                                                         // Entry found?
178                                                         if (sqlNumRows($result) == 1) {
179                                                                 $data = merge_array($data, sqlFetchArray($result));
180                                                                 $isValid = TRUE;
181                                                         } // END - if
182
183                                                         // Free memory...
184                                                         sqlFreeResult($result);
185                                                         break;
186
187                                                 default: // Unknown type
188                                                         reportBug(__FILE__, __LINE__, 'Unknown mail type ' . $data['link_type'] . ' detected.');
189                                                         break;
190                                         } // END - switch
191
192                                         // Is this entry valid?
193                                         if ($isValid === TRUE) {
194                                                 // Run at least one second
195                                                 if (($data['time'] < 1) && ($data['payment'] > 0)) {
196                                                         // Zero seconds is not supported
197                                                         $data['time'] = 1;
198                                                 } // END - if
199
200                                                 // Is time and payment set?
201                                                 if (($data['time'] > 0) && ($data['payment'] > 0)) {
202                                                         $data['real_code'] = '0';
203                                                         if (!empty($data['code'])) {
204                                                                 // Generate code (the user sees in the CAPTCHA)
205                                                                 $data['real_code'] = generateRandomCode(getCodeLength(), $data['code'], $data['userid'], $data['id']);
206                                                         } // END - if
207
208                                                         // Do the call-back by given data array
209                                                         doMailIdCallback($data);
210                                                 } else {
211                                                         $data['error_code'] = getCode('DATA_INVALID');
212                                                         $data['do'] = 'failed';
213                                                 }
214                                         } else {
215                                                 $data['error_code'] = getCode('POSSIBLE_INVALID');
216                                                 $data['do'] = 'failed';
217                                         }
218                                 } else {
219                                         $data['error_code'] = getCode('ACCOUNT_' . strtoupper(getUserData('status')));
220                                         $data['do'] = 'failed';
221                                 }
222                         } else {
223                                 $data['error_code'] = getCode('USER_404');
224                                 $data['do'] = 'failed';
225                         }
226                 } else {
227                         $data['error_code'] = getCode('STATS_404');
228                         $data['do'] = 'failed';
229                 }
230
231                 // Free result
232                 sqlFreeResult($result_mailid);
233         } else {
234                 $data['error_code'] = getCode('ALREADY_CONFIRMED');
235                 $data['do'] = 'failed';
236         }
237
238         // Free result
239         sqlFreeResult($result_main);
240 } else {
241         // Not all variables are set
242         $data['error_code'] = getCode('ERROR_MAILID');
243         $data['do'] = 'failed';
244 }
245
246 // Error code is set?
247 handleMailIdErrorCode($data['error_code']);
248
249 // Insert footer if no image
250 if ($data['do'] != 'img') {
251         // Write footer
252         loadPageFooter();
253 } // END - if
254
255 // Really all done here... ;-)
256 doShutdown();
257
258 // [EOF]
259 ?>