Security line in all includes changed

[mailer.git] / inc / libs / autopurge_functions.php

diff --git a/inc/libs/autopurge_functions.php b/inc/libs/autopurge_functions.php
index 7318af10785ddba49a27e50dd7827493306eaeb1..7305ba5d4f8510b29eca159513511384bf90e05f 100644 (file)
--- a/inc/libs/autopurge_functions.php
+++ b/inc/libs/autopurge_functions.php
@@ -32,8 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
@@ -42,7 +41,7 @@ function AUTOPURGE_ADD_POINTS($uid, $points)
 {
        global $jackpot;
        // Check if he has locked points or not
-       $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($uid)), __FILE__, __LINE__);
        list($payout) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -61,13 +60,13 @@ function AUTOPURGE_ADD_POINTS($uid, $points)
        {
                // ... to jackpot account
                ADD_JACKPOT($points);
-               if (empty($jackpot)) $jackpot = "0";
+               if (empty($jackpot)) $jackpot = 0;
                $jackpot += $points;
        }
         else
        {
                // .. to user's account
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth='0' LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
                 array($target, $target, $points, bigintval($uid)), __FILE__, __LINE__);
 
                // Update mediadata as well