************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
}
+
//
function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
{
// Generate hash code
$DATA['keys'][] = "hash";
- $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
+ $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA['keys'][] = "remote_addr";
- $DATA['values'][] = $_SERVER['REMOTE_ADDR'];
+ $DATA['values'][] = GET_REMOTE_ADDR();
}
// Implode all data into strings
{
// Load sub menus
$result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE action='%s' AND what != '' ".$WHERE."
+WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE."
ORDER BY sort", array($action), __FILE__, __LINE__);
if (SQL_NUMROWS($result_sub) > 0)
{
// Unsecure data which we don't want
$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
- 'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old',
+ 'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
'ok', 'pass1', 'pass2');
// Set default message ("not saved")
$SQL .= " status='EMAIL', hash='%s',";
// Generate hash code
- $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
+ $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA[] = $HASH;
}
}