************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
-if (!empty($_POST['rate'])) $_POST['rate'] = str_replace(",", ".", $_POST['rate']);
+if (REQUEST_ISSET_POST(('rate'))) REQUEST_SET_POST('rate', REVERT_COMMA(REQUEST_POST('rate')));
-if ((isset($_POST['add'])) && (!empty($_POST['title'])) && ($_POST['rate'] > 0))
-{
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('title'))) && (REQUEST_POST('rate') > 0)) {
// Add new payout type
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_payout_types WHERE type='%s' LIMIT 1",
- array($_POST['title']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 0)
- {
+ $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE type='%s' LIMIT 1",
+ array(REQUEST_POST('title')), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 0) {
// Add now
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_payout_types
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_payout_types`
(type, rate, min_points, from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url)
-VALUES ('%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
+VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')",
array(
- $_POST['title'],
- bigintval($_POST['rate']),
- bigintval($_POST['mpoi']),
- $_POST['yacc'],
- $_POST['ypass'],
- $_POST['yurl'],
- $_POST['yrdone'],
- $_POST['yrfailed'],
- $_POST['ytrans'],
- $_POST['allow_url'],
+ REQUEST_POST('title'),
+ bigintval(REQUEST_POST('rate')),
+ bigintval(REQUEST_POST('mpoi')),
+ REQUEST_POST('yacc'),
+ REQUEST_POST('ypass'),
+ REQUEST_POST('yurl'),
+ REQUEST_POST('yrdone'),
+ REQUEST_POST('yrfailed'),
+ REQUEST_POST('ytrans'),
+ REQUEST_POST('allow_url'),
), __FILE__, __LINE__);
- $msg = "<FONT class=\"admin_done\">".ADMIN_PAYOUT_TYPE_ADDED."</FONT>";
- }
- else
- {
+ $msg = getMessage('ADMIN_PAYOUT_TYPE_ADDED');
+ } else {
// Free memory
SQL_FREERESULT($result);
// Does already exist
- $msg = "<FONT class=\"admin_failed\">".ADMIN_PAYOUT_TYPE_ALREADY."</FONT>";
+ $msg = "<div class=\"admin_failed\">{--ADMIN_PAYOUT_TYPE_ALREADY--}</div>";
}
}
// Payout requests by your members
-$result_mem = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE status='NEW' ORDER BY payout_timestamp DESC", __FILE__, __LINE__);
+$result_mem = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE `status`='NEW' ORDER BY payout_timestamp DESC", __FILE__, __LINE__);
$display = true;
-if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
-{
+if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
// Edit payout types
- if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok"))
- {
+ if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
// Edit entries
- foreach ($_POST['sel'] as $id=>$sel)
- {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Secure ID
$id = bigintval($id);
// Edit only if something is entered
- if ((!empty($_POST['title'][$id])) && ($_POST['rate'][$id] > 0))
- {
+ if ((REQUEST_ISSET_POST(('title', $id))) && (REQUEST_POST('rate', $id) > 0)) {
// Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_payout_types SET
+ SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_payout_types` SET
type='%s',
rate=%s,
min_points=%s,
allow_url='%s'
WHERE id='".$id."' LIMIT 1",
array(
- $_POST['title'][$id],
- bigintval(str_replace(",", ".", $_POST['rate'][$id])),
- bigintval(str_replace(",", ".", $_POST['mpoi'][$id])),
- $_POST['allow'][$id],
+ REQUEST_POST('title', $id),
+ bigintval(REVERT_COMMA(REQUEST_POST('rate', $id))),
+ bigintval(REVERT_COMMA(REQUEST_POST('mpoi' , $id))),
+ REQUEST_POST('allow', $id),
),__FILE__, __LINE__);
}
}
- $msg = ADMIN_PAYOUT_ENTRIES_CHANGED;
- }
- else
- {
+ $msg = getMessage('ADMIN_PAYOUT_ENTRIES_CHANGED');
+ } else {
$display = false; //Suppress any other outputs
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id=>$sel)
- {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Load data
- $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($title, $rate, $mpoi, $allow) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Load main template
LOAD_TEMPLATE("admin_config_payouts_edit");
}
-}
- elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0))
-{
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
// Delete payout types
- if ($_GET['ok'] == "ok")
- {
+ if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
// Delete entries
- foreach ($_POST['sel'] as $id=>$sel)
- {
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
- array(bigintval($id)), __FILE__, __LINE__);
+ foreach (REQUEST_POST('sel') as $id => $sel) {
+ SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
+ array(bigintval($id)), __FILE__, __LINE__);
}
$msg = ADMIN_PAYOUT_ENTRIES_DELETED;
- }
- else
- {
+ } else {
$display = false; //Suppress any other outputs
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id=>$sel)
- {
+ foreach (REQUEST_POST('sel') as $id => $sel) {
// Secure ID number
$id = bigintval($id);
// Load data
- $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
list($title, $rate, $mpoi) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
}
-if (!empty($msg))
-{
+if (!empty($msg)) {
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, $msg);
}
// Payout types
-$result_type = SQL_QUERY("SELECT id, type, rate, min_points, from_account FROM "._MYSQL_PREFIX."_payout_types ORDER BY type", __FILE__, __LINE__);
+$result_type = SQL_QUERY("SELECT id, type, rate, min_points, from_account FROM `{!_MYSQL_PREFIX!}_payout_types` ORDER BY type", __FILE__, __LINE__);
-if ((SQL_NUMROWS($result_type) > 0) && ($display))
-{
+if ((SQL_NUMROWS($result_type) > 0) && ($display)) {
// List all payout types
$SW = 2; $OUT = "";
- while (list($id, $type, $rate, $mpoi, $from) = SQL_FETCHROW($result_type))
- {
+ while (list($id, $type, $rate, $mpoi, $from) = SQL_FETCHROW($result_type)) {
// Prepare data for the row template
$content = array(
'sw' => $SW,
}
// Does your members request payouts?
-if ((SQL_NUMROWS($result_mem) > 0) && ($display))
-{
+if ((SQL_NUMROWS($result_mem) > 0) && ($display)) {
// Members has requested payouts
- SQL_FREERESULT($result_mem);
- OUTPUT_HTML("<P><A href=\"".URL."/modules.php?module=admin&what=list_payouts\">".ADMIN_PAYOUT_LIST_REQUESTS."</A></P>");
-}
- elseif ($display)
-{
+ LOAD_TEMPLATE("admin_settings_saved", false, "<a href=\"{!URL!}/modules.php?module=admin&what=list_payouts\">{--ADMIN_PAYOUT_LIST_REQUESTS--}</a></P>");
+} elseif ($display) {
// No member requests so far
- OUTPUT_HTML("<P><STRONG>".ADMIN_PAYOUT_NO_MEMBER_REQUESTS."</STRONG></P>");
+ LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_PAYOUT_NO_MEMBER_REQUESTS'));
}
+
+// Free result
+SQL_FREERESULT($result_mem);
+
// Add new paypout type
if ($display) LOAD_TEMPLATE("admin_payout_add_new");
projects / mailer.git / blobdiff