]> git.mxchange.org Git - mailer.git/blobdiff - inc/modules/admin/what-list_rallyes.php
projects / mailer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixes for stripped HTML tags, and false warnings in debug log
[mailer.git] / inc / modules / admin / what-list_rallyes.php
diff --git a/inc/modules/admin/what-list_rallyes.php b/inc/modules/admin/what-list_rallyes.php
index 18be1d8cc0d04711072bad6c963dcbe24e7a89d2..98b6f61d1785faa8541c81c7dc32c15cf8861ca3 100644 (file)
--- a/inc/modules/admin/what-list_rallyes.php
+++ b/inc/modules/admin/what-list_rallyes.php
@@ -40,54 +40,54 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (empty($_GET['sub'])) $_GET['sub'] = "";
+if (!REQUEST_ISSET_GET(('sub'))) REQUEST_SET_GET('sub', "");
 $MSG = "";
 
 // Quick actions on a rallye
-if (isset($_GET['rallye']))
+if (REQUEST_ISSET_GET(('rallye')))
 {
        // Activate / deactivate
        $SQL = "";
-       if (isset($_GET['activate']))
+       if (REQUEST_ISSET_GET(('activate')))
        {
-               switch ($_GET['activate'])
+               switch (REQUEST_GET('activate'))
                {
                case "1": // Activate
-                       $SQL = "UPDATE `{!MYSQL_PREFIX!}_rallye_data` SET is_active='Y' WHERE id=%s AND is_active='N' LIMIT 1";
+                       $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET is_active='Y' WHERE id=%s AND is_active='N' LIMIT 1";
                        break;
 
                case "0": // Deactivate
-                       $SQL = "UPDATE `{!MYSQL_PREFIX!}_rallye_data` SET is_active='N' WHERE id=%s AND is_active='Y' LIMIT 1";
+                       $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET is_active='N' WHERE id=%s AND is_active='Y' LIMIT 1";
                        break;
                }
        }
 
        // Automatic notification
-       if (isset($_GET['notify']))
+       if (REQUEST_ISSET_GET(('notify')))
        {
-               switch ($_GET['notify'])
+               switch (REQUEST_GET('notify'))
                {
                case "1": // Activate
-                       $SQL = "UPDATE `{!MYSQL_PREFIX!}_rallye_data` SET send_notify='Y' WHERE id=%s AND send_notify='N' LIMIT 1";
+                       $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET send_notify='Y' WHERE id=%s AND send_notify='N' LIMIT 1";
                        break;
 
                case "0": // Deactivate
-                       $SQL = "UPDATE `{!MYSQL_PREFIX!}_rallye_data` SET send_notify='N' WHERE id=%s AND send_notify='Y' LIMIT 1";
+                       $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET send_notify='N' WHERE id=%s AND send_notify='Y' LIMIT 1";
                        break;
                }
        }
 
        // Automatic adding of new members
-       if (isset($_GET['auto']))
+       if (REQUEST_ISSET_GET(('auto')))
        {
-               switch ($_GET['auto'])
+               switch (REQUEST_GET('auto'))
                {
                case "1": // Activate
-                       $SQL = "UPDATE `{!MYSQL_PREFIX!}_rallye_data` SET auto_add_new_user='Y' WHERE id=%s AND auto_add_new_user='N' LIMIT 1";
+                       $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET auto_add_new_user='Y' WHERE id=%s AND auto_add_new_user='N' LIMIT 1";
                        break;
 
                case "0": // Deactivate
-                       $SQL = "UPDATE `{!MYSQL_PREFIX!}_rallye_data` SET auto_add_new_user='N' WHERE id=%s AND auto_add_new_user='Y' LIMIT 1";
+                       $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET auto_add_new_user='N' WHERE id=%s AND auto_add_new_user='Y' LIMIT 1";
                        break;
                }
        }
@@ -95,24 +95,24 @@ if (isset($_GET['rallye']))
        // Run SQL command
        if (!empty($SQL))
        {
-               $result = SQL_QUERY_ESC($SQL, array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC($SQL, array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
        }
 }
- elseif (isset($_POST['remove']))
+ elseif (REQUEST_ISSET_POST(('remove')))
 {
        // Delete rallyes
-       $SEL = SELECTION_COUNT($_POST['sel']);
+       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
        if ($SEL > 0)
        {
                // Delete selected rallyes and all it's data
-               foreach ($_POST['sel'] as $id => $sel)
+               foreach (REQUEST_POST('sel') as $id => $sel)
                {
                        // Remove selected rallye entirely...
-                       SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1",
+                       SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
-                       SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s",
+                       SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s",
                                array(bigintval($id)), __FILE__, __LINE__);
-                       SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!MYSQL_PREFIX!}_rallye_users` WHERE rallye_id=%s",
+                       SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_users` WHERE rallye_id=%s",
                                array(bigintval($id)), __FILE__, __LINE__);
                }
 
@@ -125,24 +125,24 @@ if (isset($_GET['rallye']))
                $MSG = RALLYE_DELETE_NOTHING_SELECTED;
        }
 }
- elseif (isset($_POST['change']))
+ elseif (REQUEST_ISSET_POST(('change')))
 {
        // Change rallye
-       $SEL = SELECTION_COUNT($_POST['title']);
+       $SEL = SELECTION_COUNT(REQUEST_POST('title'));
        if ($SEL > 0)
        {
                // Change selected rallyes and all it's data
-               foreach ($_POST['title'] as $id => $title)
+               foreach (REQUEST_POST('title') as $id => $title)
                {
                        // Secure ID number
                        $id = bigintval($id);
 
                        // Generate timestamps
-                       $START = mktime($_POST['start_hour'][$id], $_POST['start_min'][$id], $_POST['start_sec'][$id], $_POST['start_month'][$id], $_POST['start_day'][$id], $_POST['start_year'][$id]);
-                       $END   = mktime($_POST['end_hour'][$id]  , $_POST['end_min'][$id]  , $_POST['end_sec'][$id]  , $_POST['end_month'][$id]  , $_POST['end_day'][$id]  , $_POST['end_year'][$id]  );
+                       $START = mktime(REQUEST_POST('start_hour', $id), REQUEST_POST('start_min', $id), REQUEST_POST('start_sec', $id), REQUEST_POST('start_month', $id), REQUEST_POST('start_day', $id), REQUEST_POST('start_year', $id));
+                       $END   = mktime(REQUEST_POST('end_hour', $id)  , REQUEST_POST('end_min', $id)  , REQUEST_POST('end_sec', $id)  , REQUEST_POST('end_month', $id)  , REQUEST_POST('end_day', $id)  , REQUEST_POST('end_year', $id)  );
 
                        // Update entry
-                       SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_rallye_data` SET
+                       SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET
 title='%s',
 descr='%s',
 template='%s',
@@ -151,8 +151,16 @@ end_time='%s',
 min_users='%s',
 min_prices='%s'
 WHERE id='".$id."' LIMIT 1",
- array($title, $_POST['descr'][$id], $_POST['templ'][$id], bigintval($START), bigintval($END), bigintval($_POST['min_users'][$id]), bigintval($_POST['min_prices'][$id]), $id),
- __FILE__, __LINE__);
+                               array(
+                                       $title,
+                                       REQUEST_POST('descr', $id),
+                                       REQUEST_POST('templ', $id),
+                                       bigintval($START),
+                                       bigintval($END),
+                                       bigintval(REQUEST_POST('min_users', $id)),
+                                       bigintval(REQUEST_POST('min_prices', $id)),
+                                       $id
+                               ), __FILE__, __LINE__);
                }
 
                // Output message
@@ -160,18 +168,15 @@ WHERE id='".$id."' LIMIT 1",
        }
 }
 
-if (isset($_POST['edit']))
-{
+if (REQUEST_ISSET_POST(('edit'))) {
        // Check for selections
-       $SEL = SELECTION_COUNT($_POST['sel']);
-       if ($SEL > 0)
-       {
+       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
+       if ($SEL > 0) {
                // Make all selected and deactivated rallyes editable
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $sel)
-               {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Load rallye basic data
-                       $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM `{!MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($title, $descr, $templ, $start, $end, $min_users, $min_prices) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -207,25 +212,24 @@ if (isset($_POST['edit']))
                        // Color switching
                        $SW = 3 - $SW;
                }
+
                // Remember rows in constant
                define('__RALLYE_ROWS', $OUT);
 
                // Load final template
                LOAD_TEMPLATE("admin_edit_rallyes");
-       }
-        else
-       {
+       } else {
                // Nothing selected to edit
                LOAD_TEMPLATE("admin_settings_saved", false, LOAD_TEMPLATE("admin_list_rallye_noselect", true));
        }
-} elseif (($_GET['sub'] == "users") && ($_GET['rallye'] > 0)) {
+} elseif ((REQUEST_GET('sub') == "users") && (REQUEST_GET('rallye') > 0)) {
        // List users and their refs before start and current
-       $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM `{!MYSQL_PREFIX!}_rallye_users` WHERE rallye_id=%s ORDER BY userid",
-        array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM `{!_MYSQL_PREFIX!}_rallye_users` WHERE rallye_id=%s ORDER BY userid",
+        array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) > 0)
        {
                $SW = 2; $OUT = "";
-               define('__RALLYE_VALUE', $_GET['rallye']);
+               define('__RALLYE_VALUE', REQUEST_GET('rallye'));
                while (list($uid, $old, $opoints) = SQL_FETCHROW($result))
                {
                        // Check for referal count
@@ -234,8 +238,7 @@ if (isset($_POST['edit']))
                        // Output row
                        $Bl = ""; $Br = "";
                        if (($opoints > 0) && ($cnt > 0)) { $Bl = "<strong>"; $Br = "</strong>"; }
-                       if (($old > 0) || ($cnt > 0))
-                       {
+                       if (($old > 0) || ($cnt > 0)) {
                                // Insert link to referal list
                                //* DEBUG: */ echo "-".$uid."/".$cnt."/".$old."-<br />";
                                $cnt = ADMIN_USER_PROFILE_LINK($uid, $cnt, "list_refs");
@@ -264,43 +267,36 @@ if (isset($_POST['edit']))
 
                // Load template
                LOAD_TEMPLATE("admin_list_rallye_usr");
-       }
-        else
-       {
+       } else {
                // No entries found?
                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ADMIN_USERS_404);
        }
-}
- else
-{
+} else {
        // Start listing rallyes
        $result = SQL_QUERY("SELECT id, admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify, notified, min_users, min_prices
-FROM `{!MYSQL_PREFIX!}_rallye_data`
+FROM `{!_MYSQL_PREFIX!}_rallye_data`
 ORDER BY start_time DESC",
  __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) > 0)
-       {
+       if (SQL_NUMROWS($result) > 0) {
                // List found rallyes
                $SW = 2; $OUT = "";
-               while (list($id, $aid, $title, $descr, $templ, $start, $end, $auto_add, $active, $notify, $notified, $min_users, $min_prices) = SQL_FETCHROW($result))
-               {
+               while (list($id, $aid, $title, $descr, $templ, $start, $end, $auto_add, $active, $notify, $notified, $min_users, $min_prices) = SQL_FETCHROW($result)) {
                        // Load admin login
                        $alogin = GET_ADMIN_LOGIN($aid);
 
                        // Count assigned prices
-                       $result_prices = SQL_QUERY_ESC("SELECT id FROM `{!MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s",
+                       $result_prices = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s",
                         array(bigintval($id)), __FILE__, __LINE__);
 
                        // Count joined userids
-                       $result_user = SQL_QUERY_ESC("SELECT id FROM `{!MYSQL_PREFIX!}_rallye_users` WHERE rallye_id=%s",
+                       $result_user = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_users` WHERE rallye_id=%s",
                         array($id), __FILE__, __LINE__);
                        $joined = SQL_NUMROWS($result_user);
 
                        // Did some users joined this rallye?
-                       if ($joined > 0)
-                       {
+                       if ($joined > 0) {
                                // List joined users
-                               $joined = "<a href=\"".URL."/modules.php?module=admin&amp;what=list_rallyes&amp;sub=users&amp;rallye=".$id."\" title=\"".RALLYE_LIST_USERS."\">".$joined."</a>";
+                               $joined = "<a href=\"{!URL!}/modules.php?module=admin&amp;what=list_rallyes&amp;sub=users&amp;rallye=".$id."\" title=\"".RALLYE_LIST_USERS."\">".$joined."</a>";
                        }
 
                        // Alter some variables
@@ -390,12 +386,11 @@ ORDER BY start_time DESC",
 
                // Load template
                LOAD_TEMPLATE("admin_list_rallyes");
-       }
-        else
-       {
+       } else {
                // No rallyes setup so far
                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_NO_RALLYES_SETUP);
        }
 }
+
 //
 ?>
Mailer-Project repository