Security line in all includes changed
[mailer.git] / inc / modules / admin / what-list_user.php
index 0ab0267..95845f4 100644 (file)
@@ -32,8 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 } elseif ((!EXT_IS_ACTIVE("user")) || (GET_EXT_VERSION("user") == "")) {
@@ -72,9 +71,9 @@ if (!empty($_GET['u_id']))
        $uid = bigintval($_GET['u_id']);
 
        // Does the account exists?       0      1        2         3      4     5      6       7         8          9          10           11           12         13     14         15           16          17            18           19           20           21        22        23             24              25         26
-       $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails, receive_mails, refid, status, REMOTE_ADDR, last_online, last_module, ref_clicks, total_logins, used_points, emails_sent, joined, last_update, last_profile_sent, notified, ref_payout".$MORE."
+       $result = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails, receive_mails, refid, status, REMOTE_ADDR, last_online, last_module, ref_clicks, total_logins, used_points, emails_sent, joined, last_update, last_profile_sent, notified, ref_payout".$MORE."
 FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
         array($uid), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -98,7 +97,7 @@ WHERE userid=%d LIMIT 1",
                define('_CATS' , $CATS);
                define('_LINKS', $LINKS);
                define('_ADMIN_LINKS', MEMBER_ACTION_LINKS($uid, $DATA[14]));
-               $DATA[0]      = TRANSLATE_SEX($DATA[0]);
+               $DATA[0]      = TRANSLATE_GENDER($DATA[0]);
                $DATA[28]     = CREATE_EMAIL_LINK($DATA[7], "user_data");
                $DATA[14]     = TRANSLATE_STATUS($DATA[14]);
                $DATA[16]     = MAKE_DATETIME($DATA[16], "0");
@@ -128,34 +127,40 @@ WHERE userid=%d LIMIT 1",
 }
  else
 {
-       $WHERE = "";
+       $whereStatement = "";
        if (($_GET['letter'] != _ALL2) && ($_GET['letter'] != _OTHERS) && (!empty($_GET['letter'])))
        {
                // List only persons w
-               $WHERE = " WHERE family LIKE '".$_GET['letter']."%'";
+               $whereStatement = " WHERE family LIKE '".$_GET['letter']."%'";
        }
        if ($_GET['sortby'] == "family_name") $_GET['sortby'] = "family";
 
        // Parse the mode parameter
        if (isset($_GET['mode'])) {
                // Is a WHERE statement already there?
-               if (!empty($WHERE)) {
+               if (!empty($whereStatement)) {
                        // Then append the status column
-                       $WHERE .= sprintf(" AND status='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['mode']))));
+                       $whereStatement .= sprintf(" AND status='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['mode']))));
                } else {
                        // Start a new one
-                       $WHERE = sprintf(" WHERE status='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['mode']))));
+                       $whereStatement = sprintf(" WHERE status='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['mode']))));
                }
        }
 
-       $SQL = "SELECT userid, sex, surname, family, email, REMOTE_ADDR, refid, status".$MORE." FROM "._MYSQL_PREFIX."_user_data".$WHERE." ORDER BY ".$_GET['sortby'];
+       $SQL = "SELECT userid, gender, surname, family, email, REMOTE_ADDR, refid, status".$MORE." FROM "._MYSQL_PREFIX."_user_data".$whereStatement." ORDER BY ".$_GET['sortby'];
        $result_master = SQL_QUERY($SQL, __FILE__, __LINE__);
 
        // Calculate page count (0.5 fixes a bug with page count)
-       $PAGES = round(SQL_NUMROWS($result_master) / $CONFIG['user_limit'] + 0.5);
+       if ($_CONFIG['user_limit'] == 0) {
+               $_CONFIG['user_limit'] = 100;
+               LOAD_TEMPLATE("admin_settings_saved", false, EXTENSION_WARNING_USER_LIMIT);
+       }
+
+       // Activate the extension please!
+       $PAGES = round(SQL_NUMROWS($result_master) / $_CONFIG['user_limit'] + 0.5);
 
        if (empty($_GET['page']))   $_GET['page']   = "1";
-       if (empty($_GET['offset'])) $_GET['offset'] = $CONFIG['user_limit'];
+       if (empty($_GET['offset'])) $_GET['offset'] = $_CONFIG['user_limit'];
 
        // Add limitation to SQL string and run him again
        $SQL .= " LIMIT ".($_GET['offset'] * $_GET['page'] - $_GET['offset']).", ".$_GET['offset'];
@@ -174,17 +179,22 @@ WHERE userid=%d LIMIT 1",
                define('__COLSPAN1'  , $colspan);
                define('__COLSPAN2'  , ($colspan + 2));
                define('__USER_CNT'  , $user_count);
-               define('__ALPHA_SORT', alpha($_GET['sortby'], $colspan, true));
-               define('__SORT_LINKS', SortLinks($_GET['letter'], $_GET['sortby'], $colspan, true));
-               if ($PAGES > 1)
-               {
-                       define('__PAGE_NAV', ADD_PAGENAV($PAGES, $CONFIG['user_limit'], true, $colspan, true));
+
+               if ((function_exists('alpha')) && (function_exists('SortLinks'))) {
+                       define('__ALPHA_SORT', alpha($_GET['sortby'], $colspan, true));
+                       define('__SORT_LINKS', SortLinks($_GET['letter'], $_GET['sortby'], $colspan, true));
+               } else {
+                       define('__ALPHA_SORT', "");
+                       define('__SORT_LINKS', "");
                }
-                else
-               {
+
+               if ($PAGES > 1) {
+                       define('__PAGE_NAV', ADD_PAGENAV($PAGES, $_CONFIG['user_limit'], true, $colspan, true));
+               } else {
                        // No page navigation is required
                        define('__PAGE_NAV', "");
                }
+
                // Column with nickname when nickname extension is present
                if (EXT_IS_ACTIVE("nickname"))
                {
@@ -198,7 +208,7 @@ WHERE userid=%d LIMIT 1",
                }
 
                $SW = 2; $OUT = "";
-               while (list($uid, $sex, $sname, $fname, $email, $IP, $ref, $status, $nick) = SQL_FETCHROW($result))
+               while (list($uid, $gender, $sname, $fname, $email, $IP, $ref, $status, $nick) = SQL_FETCHROW($result))
                {
                        if ($ref > 0) $ref = ADMIN_USER_PROFILE_LINK($ref);
                        $LINKS = TRANSLATE_COMMA(GET_TOTAL_DATA($uid, "user_links", "id", "userid", true));
@@ -211,10 +221,10 @@ WHERE userid=%d LIMIT 1",
                        $content = array(
                                'sw'     => $SW,
                                'uid'    => ADMIN_USER_PROFILE_LINK($uid),
-                               'sex'    => TRANSLATE_SEX($sex),
+                               'gender' => TRANSLATE_GENDER($gender),
                                'sname'  => $sname,
                                'fname'  => $fname,
-                               'email'  => "<A href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".stripslashes($email)."</A>",
+                               'email'  => "<A href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$email."</A>",
                                'addr'   => $IP,
                                'ref'    => $ref,
                                'status' => TRANSLATE_STATUS($status),