- $uid = 0;
-
- // If no account was found set default refid and status to CONFIRMED
- if (empty($GLOBALS['refid'])) {
- $GLOBALS['refid'] = $_CONFIG['def_refid'];
- $status = "CONFIRMED";
- } // END - if
-
- // Begin with doubler script...
- if (isset($_POST['ok'])) {
- // Secure points (so only integer/double values are allowed
- $_POST['points'] = bigintval($_POST['points']);
-
- // Begin with doubling process
- if ((!empty($_POST['userid'])) && (!empty($_POST['pass'])) && (!empty($_POST['points']))) {
- // Probe for nickname extension and if a nickname was entered
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['userid'])."") != $_POST['userid']));
- if ($probe_nickname) {
- // Nickname in URL, so load the ID
- $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
- array($_POST['userid']), __FILE__, __LINE__);
- } else {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
- array(bigintval($_POST['userid'])), __FILE__, __LINE__);
- }
-
- // Load data
- list($uid, $status, $password) = SQL_FETCHROW($result);
- $uid = bigintval($uid);
-
- // Free result
- SQL_FREERESULT($result);
-
- // Remove any dots and unwanted chars from the points
- $_POST['points'] = bigintval(round(str_replace(",", ".", $_POST['points'])));
-
- // Probe for enough points
- $probe_points = (($_POST['points'] >= $_CONFIG['doubler_min']) && ($_POST['points'] <= $_CONFIG['doubler_max']));
-
- // Check all together
- if ((!empty($uid)) && ($password == generateHash($_POST['pass'], substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points)) {
- // Nickname resolved to a unique userid or direct userid entered by the member
- $DOUBLER_UID = $uid;
-
- // Calulcate points
- $points = GET_TOTAL_DATA($uid, "user_points", "points") - GET_TOTAL_DATA($uid, "user_data", "used_points");
-
- // So let's continue with probing his points amount
- if (($points - $_CONFIG['doubler_left'] - $_POST['points'] * $_CONFIG['doubler_charge']) >= 0)
- {
- // Enough points are left so let's continue with the doubling process
- // Create doubling "account" width *DOUBLED* points
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_doubler (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s','%s','%s','".GET_REMOTE_ADDR()."', UNIX_TIMESTAMP(), 'N','N')",
- array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__);
-
- // Subtract entered points
- SUB_POINTS($uid, $_POST['points']);
-
- // Add points to "total payed" including charge
- $points = $_POST['points'] - $_POST['points'] * $_CONFIG['doubler_charge'];
- UPDATE_CONFIG("doubler_points", $points, "+");
- $_CONFIG['doubler_points'] += $points;
-
- // Add second line for the referral but only when uid != refid
- if (($GLOBALS['refid'] > 0) && ($GLOBALS['refid'] != $uid)) {
- // Okay add a refid line and apply refid percents
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_doubler (userid,refid,points,remote_ip,timemark,completed,is_ref) VALUES ('%s',0,'%s','".GET_REMOTE_ADDR()."',UNIX_TIMESTAMP(),'N','Y')",
- array(bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2 * $_CONFIG['doubler_ref'])), __FILE__, __LINE__);
-
- // And that's why we dont't want to you more than one referral level of doubler-points. ^^^
- } // END - if
-
- // Update usage counter
- UPDATE_CONFIG("doubler_counter", 1, "+");
- $_CONFIG['doubler_counter']++;
-
- // Set constant
- define('__DOUBLER_MSG', LOAD_TEMPLATE("doubler_reflink", true, $_POST['userid']));
- } else {
- // Not enougth points left
- define('__ERROR_MSG', DOUBLER_FORM_NO_POINTS_LEFT);
- }
- } elseif ($status == "CONFIRMED") {
- // Account is unconfirmed!
- define('__ERROR_MSG', DOUBLER_FORM_WRONG_PASS);
- } elseif ($status == "UNCONFIRMED") {
- // Account is unconfirmed!
- define('__ERROR_MSG', DOUBLER_FORM_STATUS_UNCONFIRMED);
- } elseif ($status == "LOCKED") {
- // Account is locked by admin / holiday!
- define('__ERROR_MSG', DOUBLER_FORM_STATUS_LOCKED);
- } elseif ($_POST['points'] < $_CONFIG['doubler_min']) {
- // Not enougth points entered
- define('__ERROR_MSG', DOUBLER_FORM_POINTS_MIN);
- } elseif ($_POST['points'] > $_CONFIG['doubler_max']) {
- // Too much points entered
- define('__ERROR_MSG', DOUBLER_FORM_POINTS_MAX);
- } elseif ($probe_nickname) {
- // Cannot resolv nickname -> userid
- define('__ERROR_MSG', DOUBLER_FORM_404_NICKNAME);
- } else {
- // Wrong password or account not found
- define('__ERROR_MSG', DOUBLER_FORM_404_MEMBER);
- }
- } elseif (empty($_POST['userid'])) {
- // Login not entered
- define('__ERROR_MSG', DOUBLER_FORM_404_LOGIN);
- } elseif (empty($_POST['pass'])) {
- // Password not entered
- define('__ERROR_MSG', DOUBLER_FORM_404_PASSWORD);
- } elseif (empty($_POST['points'])) {
- // points not entered
- define('__ERROR_MSG', DOUBLER_FORM_404_POINTS);
+} // END - if
+
+// Init userid
+$userid = 0;
+
+// If no account was found set default refid and status to CONFIRMED
+if (empty($GLOBALS['refid'])) {
+ // Determine referal id again
+ $GLOBALS['refid'] = determineReferalId();
+ $status = 'CONFIRMED';
+} // END - if
+
+// Init content array
+$content = array(
+ 'message' => '',
+);
+
+// Begin with doubler script...
+if (isFormSent()) {
+ // Secure points (so only integer/double values are allowed
+ setRequestPostElement('points', bigintval(postRequestElement('points')));
+
+ // Begin with doubling process
+ if ((isPostRequestElementSet('userid')) && (isPostRequestElementSet('pass')) && (isPostRequestElementSet('points'))) {
+ // Probe for nickname extension and if a nickname was entered
+ if (isNickNameUsed(postRequestElement('userid'))) {
+ // Nickname in URL, so load the ID
+ $result = SQL_QUERY_ESC("SELECT `userid`, `status`, `password` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `nickname`='%s' LIMIT 1",
+ array(postRequestElement('userid')), __FILE__, __LINE__);
+ } else {
+ // Direct userid entered
+ $result = SQL_QUERY_ESC("SELECT `userid`, `status, `password` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1",
+ array(bigintval(postRequestElement('userid'))), __FILE__, __LINE__);