************************************************************************/
// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
-require_once("inc/libs/security_functions.php");
+require("inc/libs/security_functions.php");
// Init "action" and "what"
global $what, $action, $startTime;
// Is the "beg" extension active?
if (!EXT_IS_ACTIVE("beg")) {
// Redirect to index
- LOAD_URL("modules.php?module=index&msg=".CODE_EXTENSION_PROBLEM."&ext=beg");
+ LOAD_URL("modules.php?module=index&msg=".constant('CODE_EXTENSION_PROBLEM')."&ext=beg");
} // END - if
// Is the script installed?
if ("".($_GET['uid'] + 0)."" !== "".$_GET['uid']."") {
if (EXT_IS_ACTIVE("nickname")) {
// Maybe we have found a nickname?
- $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
array($_GET['uid']), __FILE__, __LINE__);
} else {
// Nickname entered but nickname is not active
- $msg = CODE_EXTENSION_PROBLEM;
+ $msg = constant('CODE_EXTENSION_PROBLEM');
$uid = -1;
}
} else {
// Direct userid
- $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
array(bigintval($_GET['uid'])), __FILE__, __LINE__);
}
// Secure userid
$uid = bigintval($uid);
- // Calculate beg points
- mt_srand((double)microtime() * 10000000000 / time());
-
// Multiply configured values with 100000 and divide with 100000 so we can also handle small values
// If we need more number behind the decimal dot then we just need to increase all these three
// numbers matching to the numbers behind the decimal dot. Simple! ;-)
// User id valid and not webmaster's id?
if (($uid > 0) && (getConfig('beg_uid') != $uid)) {
// Update counter
- SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_user_data` SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+ SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET beg_clicks=beg_clicks+1 WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1",
array($uid), __FILE__, __LINE__);
// Check for last entry for userid w/o IP number
- $result = SQL_QUERY_ESC("SELECT id FROM `{!MYSQL_PREFIX!}_beg_ips` WHERE (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_timeout').") OR (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_uid_timeout').") AND userid=%s)) AND (remote_ip='%s' OR sid='%s') LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_beg_ips` WHERE (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_timeout').") OR (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_uid_timeout').") AND userid=%s)) AND (remote_ip='%s' OR sid='%s') LIMIT 1",
array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__);
// Entry not found, points set and not logged in?
// Remember remote address, userid and timestamp for next click
// but only when there is no admin begging.
// Admins shall be able to test it!
- SQL_QUERY_ESC("INSERT INTO `{!MYSQL_PREFIX!}_beg_ips` (userid, remote_ip,sid, timeout) VALUES ('%s','%s','%s', UNIX_TIMESTAMP())",
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_beg_ips` (userid, remote_ip,sid, timeout) VALUES ('%s','%s','%s', UNIX_TIMESTAMP())",
array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__);
// Was is successfull?
}
// Pay points?
- if ($pay) {
+ if ($pay === true) {
// Add points to user or begging rallye account
if (BEG_ADD_POINTS($uid, $points)) {
// Set "done" message
} elseif (getConfig('beg_pay_mode') != "NONE") { // Other pay-mode active!
// Prepare content for template
$content = array(
- 'clicks' => __BEG_CLICKS,
- 'points' => __BEG_POINTS,
- 'uid' => __BEG_UID
+ 'clicks' => constant('__BEG_CLICKS'),
+ 'points' => constant('__BEG_POINTS'),
+ 'uid' => constant('__BEG_UID')
);
// Load message template depending on pay-mode
SQL_FREERESULT($result);
// Include header
- require_once(PATH."inc/header.php");
+ LOAD_INC_ONCE("inc/header.php");
// Load final template
LOAD_TEMPLATE("beg_link");
}
// Include footer
- require_once(PATH."inc/footer.php");
+ LOAD_INC_ONCE("inc/footer.php");
} elseif (($status != "CONFIRMED") && ($status != "failed")) {
// Maybe locked/unconfirmed account?
$msg = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status);
} elseif (($uid == "0") || ($status == "failed")) {
// Inalid or locked account, so let's find out
- $result = SQL_QUERY_ESC("SELECT userid FROM `{!MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
array($_GET['uid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Locked account
- $msg = CODE_ACCOUNT_LOCKED;
+ $msg = constant('CODE_ACCOUNT_LOCKED');
} else {
// Invalid nickname! (404)
- $msg = CODE_USER_404;
+ $msg = constant('CODE_USER_404');
}
// Free memory
SQL_FREERESULT($result);
} elseif ($uid == getConfig('beg_uid')) {
// Webmaster's ID cannot beg for points!
- $msg = CODE_BEG_SAME_AS_OWN;
+ $msg = constant('CODE_BEG_SAME_AS_OWN');
}
// Reload to index module
projects / mailer.git / blobdiff