XHTML fixes (not fully valid)
[mailer.git] / birthday_confirm.php
index 8dd6745..621b21f 100644 (file)
@@ -44,67 +44,61 @@ $GLOBALS['module'] = "birthday_confirm"; $CSS = -1;
 // Load the required file(s)
 require ("inc/config.php");
 
 // Load the required file(s)
 require ("inc/config.php");
 
-if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')))
-{
+// Is the script installed?
+if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed'))) {
        // Script is installed so let's check for his confirmation link...
        // Script is installed so let's check for his confirmation link...
-       $uid = strip_tags(bigintval($_GET['uid']));
+       $uid = bigintval($_GET['uid']);
 
        // Only allow numbers here...
 
        // Only allow numbers here...
-       $chk = strip_tags(bigintval($_GET['check']));
-
-       // .. only first 32 numbers
-       $chk = substr($chk, 0, 32);
+       $chk = bigintval($_GET['check'], false);
 
        // Check if link is not clicked so far
 
        // Check if link is not clicked so far
-       $result = SQL_QUERY_ESC("SELECT DISTINCT b.points, d.sex, d.surname, d.family, d.status
+       $result = SQL_QUERY_ESC("SELECT b.points, d.sex, d.surname, d.family, d.status, d.ref_payout
 FROM "._MYSQL_PREFIX."_user_birthday AS b
 FROM "._MYSQL_PREFIX."_user_birthday AS b
-LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
+INNER JOIN "._MYSQL_PREFIX."_user_data AS d
 ON b.userid=d.userid
 WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
  array($uid, $chk), __FILE__, __LINE__);
 ON b.userid=d.userid
 WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
  array($uid, $chk), __FILE__, __LINE__);
+       //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")<br />\n";
 
 
-       if (SQL_NUMROWS($result) == 1)
-       {
+       // Is an entry there?
+       if (SQL_NUMROWS($result) == 1) {
                // Ok, congratulation again! Here's your gift from us...
                // Ok, congratulation again! Here's your gift from us...
-               list($GIFT, $salut, $sname, $fname, $status) = SQL_FETCHROW($result);
-               if ($status == "CONFIRMED")
-               {
+               $data = SQL_FETCHARRAY($result, false);
+
+               // Is the account confirmed?
+               if ($data['status'] == "CONFIRMED") {
                        // Set mode depending on how many mails the member has to confirm
                        $locked = false;
                        // Set mode depending on how many mails the member has to confirm
                        $locked = false;
-                       if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == 'N')) $locked = true;
+                       if (($data['ref_payout'] > 0) && ($_CONFIG['allow_direct_pay'] == "N")) $locked = true;
 
                        // Add points to account
                        $DEPTH = 0;
 
                        // Add points to account
                        $DEPTH = 0;
-                       ADD_POINTS_REFSYSTEM($uid, $GIFT, false, "0", $locked, strtolower($_CONFIG['birthday_mode']));
+                       ADD_POINTS_REFSYSTEM($uid, $data['points'], false, "0", $locked, strtolower($_CONFIG['birthday_mode']));
 
                        // Remove entry from table
 
                        // Remove entry from table
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d LIMIT 1",
-                        array($uid), __FILE__, __LINE__);
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d AND chk_value='%s' LIMIT 1",
+                        array($uid, $chk), __FILE__, __LINE__);
 
                        // Update mediadata if version is 0.0.4 or newer
 
                        // Update mediadata if version is 0.0.4 or newer
-                       if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                       {
+                       if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
                                // Update database
                                // Update database
-                               MEDIA_UPDATE_ENTRY(array("total_points"), "add", $GIFT);
+                               MEDIA_UPDATE_ENTRY(array("total_points"), "add", $data['points']);
                        }
 
                        // Transfer data to constants for the template
                        }
 
                        // Transfer data to constants for the template
-                       define('__SALUT', TRANSLATE_SEX($salut));
-                       define('__SNAME', $sname);
-                       define('__FNAME', $fname);
-                       define('__GIFT' , $GIFT);
+                       define('__SALUT', TRANSLATE_SEX($data['sex']));
+                       define('__SNAME', $data['surname']);
+                       define('__FNAME', $data['family']);
+                       define('__GIFT' , $data['points']);
 
                        // Load message from template
                        define('__MSG', LOAD_TEMPLATE("birthday_msg", true));
 
                        // Load message from template
                        define('__MSG', LOAD_TEMPLATE("birthday_msg", true));
-               }
-                else
-               {
+               } else {
                        // Unconfirmed / locked accounts cannot get points
                        // Unconfirmed / locked accounts cannot get points
-                       define('__MSG', BIRTHDAY_CANNOT_STATUS_1.TRANSLATE_STATUS($status).BIRTHDAY_CANNOT_STATUS_2);
+                       define('__MSG', BIRTHDAY_CANNOT_STATUS_1.TRANSLATE_STATUS($data['status']).BIRTHDAY_CANNOT_STATUS_2);
                }
                }
-       }
-        else
-       {
+       } else {
                // Cannot load data!
                define('__MSG', BIRTHDAY_CANNOT_LOAD_DATA);
        }
                // Cannot load data!
                define('__MSG', BIRTHDAY_CANNOT_LOAD_DATA);
        }
@@ -129,9 +123,7 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
 
        // Include footer
        include(PATH."inc/footer.php");
 
        // Include footer
        include(PATH."inc/footer.php");
-}
- else
-{
+} else {
        // You have to configure first!
        LOAD_URL("install.php");
 }
        // You have to configure first!
        LOAD_URL("install.php");
 }