ADD_DESCR("admin", __FILE__);
// Fix a notice
-if (!isset($_GET['u_id'])) $_GET['u_id'] = "";
+if (!REQUEST_ISSET_GET(('uid'))) REQUEST_SET_GET('uid', "");
-if ($_GET['u_id'] == "all") {
+if (REQUEST_GET('uid') == "all") {
// Add points to all accounts
- define('__POINTS_VALUE', $_POST['points']);
- if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) {
+ define('__POINTS_VALUE', REQUEST_POST('points'));
+ if ((IS_FORM_SENT()) && (REQUEST_POST('points') > 0)) {
$result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
while (list($uid) = SQL_FETCHROW($result_main)) {
// User ID found in URL so we use this give him some credits
// Free result
SQL_FREERESULT($result);
- if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+ if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) {
// Ok, add points to used points and send an email to him...
- SUB_POINTS("admin_all", $uid, $_POST['points']);
+ SUB_POINTS("admin_all", $uid, REQUEST_POST('points'));
// Prepare content
$content = array(
- 'text' => SQL_ESCAPE($_POST['reason']),
- 'points' => bigintval($_POST['points'])
+ 'text' => SQL_ESCAPE(REQUEST_POST('reason')),
+ 'points' => bigintval(REQUEST_POST('points'))
);
// Load message and send it away
// Display form add points
LOAD_TEMPLATE("admin_sub_points_all");
}
-} elseif (!empty($_GET['u_id'])) {
+} elseif (REQUEST_ISSET_GET(('uid'))) {
// User ID found in URL so we use this give him some credits
$result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1",
- array(bigintval($_GET['u_id'])),__FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('uid'))),__FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Selected user does exist
list($sname, $fname, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+ if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) {
// Ok, add to used points and send an email to him...
- SUB_POINTS("admin_single", bigintval($_GET['u_id']), $_POST['points']);
+ SUB_POINTS("admin_single", bigintval(REQUEST_GET('uid')), REQUEST_POST('points'));
// Prepare content
$content = array(
- 'text' => SQL_ESCAPE($_POST['reason']),
- 'points' => bigintval($_POST['points'])
+ 'text' => SQL_ESCAPE(REQUEST_POST('reason')),
+ 'points' => bigintval(REQUEST_POST('points'))
);
// Load email and send it away
- $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($_GET['u_id']));
- SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_SUB_SUBJ'), $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval(REQUEST_GET('uid')));
+ SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_SUB_SUBJ'), $msg);
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_SUBTRACTED'));
} else {
// Opps, missing form here
define('__USER_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$sname." ".$fname."</a>");
- define('__UID', bigintval($_GET['u_id']));
+ define('__UID', bigintval(REQUEST_GET('uid')));
LOAD_TEMPLATE("admin_sub_points");
}
} else {
// User not found!
- LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+ LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
}
} else {
// Output selection form with all confirmed user accounts listed