<?php
/************************************************************************
 * MXChange v0.2.1                                    Start: 01/09/2005 *
 * ===============                              Last change: 01/09/2005 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : beg.php                                          *
 * -------------------------------------------------------------------- *
 * Short description : Beg link for members                             *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Bettel-Link fuer Mitglieder                      *
 * -------------------------------------------------------------------- *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2008 by Roland Haeder                           *
 * For more information visit: http://www.mxchange.org                  *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License, or    *
 * (at your option) any later version.                                  *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
require_once("inc/libs/security_functions.php");

// Init "action" and "what"
global $what, $action, $startTime;
$GLOBALS['startTime'] = microtime(true);
$GLOBALS['what'] = ""; $GLOBALS['action'] = "";

// Set module
$GLOBALS['module'] = "beg";
$GLOBALS['refid']  = 0;
$CSS = -1;
$msg = null;

// Load the required file(s)
require ("inc/config.php");

// Is the "beg" extension active?
if (!EXT_IS_ACTIVE("beg")) {
	// Redirect to index
	LOAD_URL("modules.php?module=index&amp;msg=".CODE_EXTENSION_PROBLEM."&amp;ext=beg");
} // END - if

// Is the script installed?
if (isBooleanConstantAndTrue('mxchange_installed')) {
	// Check for userid
	if (!empty($_GET['uid'])) {
		// Init user ID
		$uid = 0;
		$result = false;

		// Validate if it is not a number
		if ("".($_GET['uid'] + 0)."" !== "".$_GET['uid']."") {
			if (EXT_IS_ACTIVE("nickname")) {
				// Maybe we have found a nickname?
				$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
					array($_GET['uid']), __FILE__, __LINE__);
			} else {
				// Nickname entered but nickname is not active
				$msg = CODE_EXTENSION_PROBLEM;
				$uid = -1;
			}
		} else {
			// Direct userid
			$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
				array(bigintval($_GET['uid'])), __FILE__, __LINE__);
		}

		// Check if locked in so don't pay points
		$login = IS_MEMBER(); $status = "failed";

		// Check if account was found
		if ((SQL_NUMROWS($result) == 1) && ($result != false)) {
			// Found an ID so we simply set it
			list($uid, $clicks, $ref_payout, $status, $last) = SQL_FETCHROW($result);

			// Account confirmed?
			if ($status == "CONFIRMED") {
				// Secure userid
				$uid = bigintval($uid);

				// Calculate beg points
				mt_srand((double)microtime() * 10000000000 / time());

				// Multiply configured values with 100000 and divide with 100000 so we can also handle small values
				// If we need more number behind the decimal dot then we just need to increase all these three
				// numbers matching to the numbers behind the decimal dot. Simple! ;-)
				$points = mt_rand(($_CONFIG['beg_points'] * 100000), ($_CONFIG['beg_points_max'] * 100000)) / 100000;

				// Set nickname / userid for the template(s
				define('__BEG_UID'   , $_GET['uid']);
				define('__BEG_CLICKS', ($clicks + 1));
				define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true));
				define('__BEG_POINTS', TRANSLATE_COMMA($points));
			} else {
				// Other status
				$uid = 0;
			}
		}

		// Free memory
		SQL_FREERESULT($result);

		// User id valid and not webmaster's id?
		if (($uid > 0) && ($_CONFIG['beg_uid'] != $uid)) {
			// Update counter
			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
				array($uid), __FILE__, __LINE__);

			// Check for last entry for userid w/o IP number
			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > (UNIX_TIMESTAMP() - ".$_CONFIG['beg_timeout'].") OR (timeout > (UNIX_TIMESTAMP() - ".$_CONFIG['beg_uid_timeout'].") AND userid=%s)) AND (remote_ip='%s' OR sid='%s') LIMIT 1",
				array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__);

			// Entry not found, points set and not logged in?
			if (((SQL_NUMROWS($result) == 0) || (IS_ADMIN())) && ($points > 0) && (!$login) && ($_CONFIG['beg_pay_mode'] == "NONE")) {
				// Don't pay is the default...
				$pay = false;

				// Admin is testing?
				if (!IS_ADMIN()) {
					// Remember remote address, userid and timestamp for next click
					// but only when there is no admin begging.
					// Admins shall be able to test it!
					SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_beg_ips (userid, remote_ip,sid, timeout) VALUES ('%s','%s','%s', UNIX_TIMESTAMP())",
						array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__);

					// Was is successfull?
					if (SQL_AFFECTEDROWS() == 1) {
						// Okay!
						$pay = true;
					} // END - if
				} else {
					// Is admin!
					$pay = true;
				}

				// Pay points?
				if ($pay) {
					// Set mode depending on how many mails the member has to confirm
					$locked = false;
					if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == "N")) $locked = true;

					// Is begging rallye active?
					if ($_CONFIG['beg_rallye'] == "Y") {
						// Add points to rallye account
						SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1",
							array($points, $uid), __FILE__, __LINE__);
					} else {
						// Add points to account
						unset($DEPTH);
						ADD_POINTS_REFSYSTEM($uid, $points, false, "0", $locked, strtolower($_CONFIG['beg_mode']));
					}

					// Subtract begged points from member account if the admin has selected one
					if ($_CONFIG['beg_uid'] > 0) {
						// Subtract from this account
						SUB_POINTS($_CONFIG['beg_uid'], $points);
					} // END - if

					// Set message
					define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true));
				} else {
					// Error!
					define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true));
				}
			} elseif ($login) {
				// Logged in user found!
				define('__BEG_MSG', LOAD_TEMPLATE("beg_login", true));
			} elseif ($_CONFIG['beg_pay_mode'] != "NONE") {
				// Other pay-mode active!
				define('__BEG_MSG', LOAD_TEMPLATE("beg_pay_mode_".strtolower($_CONFIG['beg_pay_mode']), true));
			} else {
				// Clicked received while reload lock is active
				define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true));
			}

			// Free memory
			SQL_FREERESULT($result);

			// Include header
			require_once(PATH."inc/header.php");

			// Load final template
			LOAD_TEMPLATE("beg_link");

			// Tracker code enabled? (We don't track users here!
			if ($_CONFIG['beg_pay_mode'] != "NONE") {
				// Include config-depending template
				LOAD_TEMPLATE("beg_pay_code_".strtolower($_CONFIG['beg_pay_mode']));
			} // END - if

			// Include footer
			require_once(PATH."inc/footer.php");
		} elseif (($status != "CONFIRMED") && ($status != "failed")) {
			// Maybe locked/unconfirmed account?
			switch ($status) {
				case "LOCKED"     : $msg = CODE_ID_LOCKED     ; break; // Locked account
				case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account
			}
		} elseif (($uid == "0") || ($status == "failed")) {
			// Inalid or locked account, so let's find out
			$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
				array($_GET['uid']), __FILE__, __LINE__);
			if (SQL_NUMROWS($result) == 1) {
				// Locked account
				$msg = CODE_ACCOUNT_LOCKED;
			} else {
				// Invalid nickname! (404)
				$msg = CODE_USER_404;
			}

			// Free memory
			SQL_FREERESULT($result);
		} elseif ($uid == $_CONFIG['beg_uid']) {
			// Webmaster's ID cannot beg for points!
			$msg = CODE_BEG_SAME_AS_OWN;
		}

		// Reload to index module
		if ((!empty($msg)) && (!empty($msg))) LOAD_URL("modules.php?module=index&amp;msg=".$msg."&amp;ext=beg");
	} else {
		// No userid entered
		LOAD_URL("modules.php?module=index");
	}
} else {
	// You have to configure first!
	LOAD_URL("install.php");
}

// Really all done here... ;-)
?>