Security line in all includes changed
[mailer.git] / inc / modules / guest / what-confirm.php
index 2f0f114..7d554b5 100644 (file)
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
+
 // Add description as navigation point
 ADD_DESCR("guest", basename(__FILE__));
 
-OPEN_TABLE("100%", "guest_content_align", "");
 if (!empty($_GET['hash']))
 {
        // Initialize the user ID
@@ -56,10 +55,10 @@ if (!empty($_GET['hash']))
 
                // Unlock his account (but only when it is on UNCONFIRMED!)
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED', ref_payout='%s' WHERE user_hash='%s' AND status='UNCONFIRMED' LIMIT 1",
-                array($CONFIG['ref_payout'], $_GET['hash']), __FILE__, __LINE__);
-               if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
+                array($_CONFIG['ref_payout'], $_GET['hash']), __FILE__, __LINE__);
+               if (SQL_AFFECTEDROWS() == 1)
                {
-                       $msg = LOAD_EMAIL_TEMPLATE("confirm-member", "", bigintval($uid));
+                       $msg = LOAD_EMAIL_TEMPLATE("confirm-member", array('points' => $_CONFIG['points_register']), bigintval($uid));
 
                        // And send him right away the confirmation mail
                        SEND_EMAIL($email, GUEST_THANX_CONFIRM, $msg);
@@ -68,7 +67,7 @@ if (!empty($_GET['hash']))
                        if (($rid > 0) && ($rid != $uid))
                        {
                                // Select the referral userid
-                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array(bigintval($rid)), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result) == 1)
                                {
@@ -79,7 +78,7 @@ if (!empty($_GET['hash']))
                                        unset($DEPTH);
 
                                        // Shall I "pay" the referral points imidiately?
-                                       if ($CONFIG['ref_payout'] == "0")
+                                       if ($_CONFIG['ref_payout'] == "0")
                                        {
                                                // Yes, "pay" it now
                                                $locked = false;
@@ -91,18 +90,19 @@ if (!empty($_GET['hash']))
                                        }
 
                                        // If version matches add ref bonus to refid's account
-                                       if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($CONFIG['bonus_active'] == 'Y'))
+                                       if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y"))
                                        {
                                                // Add points (directly only!)
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%d LIMIT 1",
-                                                array($CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__);
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%s LIMIT 1",
+                                                array($_CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__);
 
                                                // Subtract points from system
-                                               BONUS_POINTS_HANDLER($CONFIG['bonus_ref']);
+                                               BONUS_POINTS_HANDLER($_CONFIG['bonus_ref']);
                                        }
 
                                        // Add one-time referral bonus over referral system or directly
-                                       ADD_POINTS_REFSYSTEM($rid, $CONFIG['points_ref'], true, bigintval($uid), $locked, $CONFIG['reg_points_mode']);
+                                       $DEPTH = 0;
+                                       ADD_POINTS_REFSYSTEM($rid, $_CONFIG['points_ref'], true, bigintval($uid), $locked, $_CONFIG['reg_points_mode']);
                                }
                        }
 
@@ -114,11 +114,10 @@ if (!empty($_GET['hash']))
                        // Account confirmed!
                        if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                                // Set special lead cookie
-                               setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                               $_COOKIE['lead_uid'] = bigintval($uid);
+                               set_session("lead_uid", bigintval($uid));
 
                                // Lead-Code mode enabled
-                               LOAD_URL(URL."/lead-confirm.php");
+                               LOAD_URL("lead-confirm.php");
                        } else {
                                define('__CONFIRM_MSG', GUEST_CONFIRMED_DONE);
                                define('__UID', bigintval($uid));
@@ -126,11 +125,10 @@ if (!empty($_GET['hash']))
                        }
                } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                        // Set special lead cookie
-                       setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                       $_COOKIE['lead_uid'] = bigintval($uid);
+                       set_session("lead_uid", bigintval($uid));
 
                        // Lead-Code mode enabled
-                       LOAD_URL(URL."/lead-confirm.php");
+                       LOAD_URL("lead-confirm.php");
                } else {
                        // Nobody was found unter this hash key... or our new member want's to confirm twice?
                        define('__CONFIRM_MSG', GUEST_CONFIRMED_TWICE);
@@ -156,7 +154,7 @@ if (!empty($_GET['hash']))
                switch ($DATA[1])
                {
                case "UNCONFIRMED": // Account not confirmed
-                       $msg = LOAD_EMAIL_TEMPLATE("guest_request_confirm", "", $DATA[0]);
+                       $msg = LOAD_EMAIL_TEMPLATE("guest_request_confirm", array('hash' => $DATA[2]), $DATA[0]);
                        SEND_EMAIL($_POST['email'], REQUEST_CONFIRM_LINK_SUBJ, $msg);
                        $content = CONFIRM_LINK_SENT;
                        break;
@@ -184,6 +182,6 @@ if (!empty($_GET['hash']))
        // No hash found, the guest may want to enter his email address to re-get his confirmation link?
        LOAD_TEMPLATE("guest_confirm_link");
 }
-CLOSE_TABLE();
+
 //
 ?>