-// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
-require_once("inc/libs/security_functions.php");
-
-// Init "action" and "what"
-global $what, $action;
-$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
-if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
-if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
-
-// Set module
-$GLOBALS['module'] = "doubler";
-$GLOBALS['refid'] = 0;
-$CSS = "0";
-
-// Load the required file(s)
-require ("inc/config.php");
-
-// Is the script installed?
-if (defined('mxchange_installed') && (mxchange_installed))
-{
- // Probe for referral ID
- if (!empty($_GET['refid'])) $GLOBALS['refid'] = bigintval($_GET['refid']);
-
- // Probe for nickname extension and if a nickname was supplied by URL
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($GLOBALS['refid'])."") != $GLOBALS['refid']));
- if ($probe_nickname)
- {
- // Nickname in URL, so load the ID
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
- array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
- }
- else
- {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
- array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
- }
-
- // Load data
- list($rid, $status_ref) = SQL_FETCHROW($result);
- $GLOBALS['refid'] = bigintval($rid);
-
- // Free memory
- SQL_FREERESULT($result);
- $uid = 0;
-
- // If no account was found set default refid and status to CONFIRMED
- if (empty($GLOBALS['refid'])) { $GLOBALS['refid'] = $CONFIG['def_refid']; $status = "CONFIRMED"; }
-
- // Begin with doubler script...
- if (isset($_POST['ok']))
- {
- // Secure points (so only integer/double values are allowed
- $_POST['points'] = bigintval($_POST['points']);
-
- // Begin with doubling process
- if ((!empty($_POST['userid'])) && (!empty($_POST['pass'])) && (!empty($_POST['points'])))
- {
- // Probe for nickname extension and if a nickname was entered
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['userid'])."") != $_POST['userid']));
- if ($probe_nickname)
- {
- // Nickname in URL, so load the ID
- $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
- array($_POST['userid']), __FILE__, __LINE__);
- }
- else
- {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
- array(bigintval($_POST['userid'])), __FILE__, __LINE__);
- }
-
- // Load data
- list($uid, $status, $password) = SQL_FETCHROW($result);
- $uid = bigintval($uid);
-
- // Free result
- SQL_FREERESULT($result);
-
- // Remove any dots and unwanted chars from the points
- $_POST['points'] = bigintval(round(str_replace(",", ".", $_POST['points'])));
-
- // Probe for enough points
- $probe_points = (($_POST['points'] >= $CONFIG['doubler_min']) && ($_POST['points'] <= $CONFIG['doubler_max']));
-
- // Check all together
- if ((!empty($uid)) && ($password == generateHash($_POST['pass'], substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points))
- {
- // Nickname resolved to a unique userid or direct userid entered by the member
- $DOUBLER_UID = $uid;