Birthday link fixed

[mailer.git] / birthday_confirm.php

diff --git a/birthday_confirm.php b/birthday_confirm.php
index abc3bad31f492c87949df28684d8672adeac3d6c..3dd8dedf4b8b74e8ec0bdbe80029103ad21003fb 100644 (file)
--- a/birthday_confirm.php
+++ b/birthday_confirm.php
@@ -37,8 +37,6 @@ require_once("inc/libs/security_functions.php");
 // Init "action" and "what"
 global $what, $action;
 $GLOBALS['what'] = ""; $GLOBALS['action'] = "";
-if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
-if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
 
 // Set module
 $GLOBALS['module'] = "birthday_confirm"; $CSS = -1;
@@ -46,37 +44,35 @@ $GLOBALS['module'] = "birthday_confirm"; $CSS = -1;
 // Load the required file(s)
 require ("inc/config.php");
 
-if (defined('mxchange_installed') && (mxchange_installed))
+if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')))
 {
        // Script is installed so let's check for his confirmation link...
        $uid = strip_tags(bigintval($_GET['uid']));
 
        // Only allow numbers here...
-       $chk = strip_tags(bigintval($_GET['check']));
-
-       // .. only first 32 numbers
-       $chk = substr($chk, 0, 32);
+       $chk = strip_tags(bigintval($_GET['check'], false));
 
        // Check if link is not clicked so far
        $result = SQL_QUERY_ESC("SELECT DISTINCT b.points, d.sex, d.surname, d.family, d.status
 FROM "._MYSQL_PREFIX."_user_birthday AS b
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON b.userid=d.userid
-WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
+WHERE b.userid=%d AND b.chk_value=%d LIMIT 1",
  array($uid, $chk), __FILE__, __LINE__);
 
        if (SQL_NUMROWS($result) == 1)
        {
                // Ok, congratulation again! Here's your gift from us...
-               list($GIFT, $salut, $sname, $fname, $status) = SQL_FETCHROW($result);
+               list($gift, $salut, $sname, $fname, $status) = SQL_FETCHROW($result);
                if ($status == "CONFIRMED")
                {
                        // Set mode depending on how many mails the member has to confirm
                        $locked = false;
-                       if (($ref_payout > 0) && ($CONFIG['allow_direct_pay'] == "N")) $locked = true;
+                       if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == 'N')) $locked = true;
 
                        // Add points to account
-                       ADD_POINTS_REFSYSTEM($uid, $GIFT, false, "0", $locked, strtolower($CONFIG['birthday_mode']));
+                       $DEPTH = 0;
+                       ADD_POINTS_REFSYSTEM($uid, $gift, false, "0", $locked, strtolower($_CONFIG['birthday_mode']));
 
                        // Remove entry from table
                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d LIMIT 1",
@@ -86,14 +82,14 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
                        if (GET_EXT_VERSION("mediadata") >= "0.0.4")
                        {
                                // Update database
-                               MEDIA_UPDATE_ENTRY(array("total_points"), "add", $GIFT);
+                               MEDIA_UPDATE_ENTRY(array("total_points"), "add", $gift);
                        }
 
                        // Transfer data to constants for the template
                        define('__SALUT', TRANSLATE_SEX($salut));
                        define('__SNAME', $sname);
                        define('__FNAME', $fname);
-                       define('__GIFT' , $GIFT);
+                       define('__GIFT' , $gift);
 
                        // Load message from template
                        define('__MSG', LOAD_TEMPLATE("birthday_msg", true));
@@ -134,7 +130,7 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
  else
 {
        // You have to configure first!
-       LOAD_URL(URL."/install.php");
+       LOAD_URL("install.php");
 }
 // Really all done here... ;-)
 ?>