Security line in all includes changed

[mailer.git] / inc / modules / guest / what-confirm.php

diff --git a/inc/modules/guest/what-confirm.php b/inc/modules/guest/what-confirm.php
index 3c20c0156d25a1f6c7447663f89bd57d03782c85..7d554b5f3daf2a1c0549981e6799791138ff5bb7 100644 (file)
--- a/inc/modules/guest/what-confirm.php
+++ b/inc/modules/guest/what-confirm.php
@@ -32,15 +32,14 @@
  ************************************************************************/
 
 // Some security stuff...
  ************************************************************************/
 
 // Some security stuff...

-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {

        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }

+

 // Add description as navigation point
 ADD_DESCR("guest", basename(__FILE__));
 
 // Add description as navigation point
 ADD_DESCR("guest", basename(__FILE__));
 

-OPEN_TABLE("100%", "guest_content_align", "");

 if (!empty($_GET['hash']))
 {
        // Initialize the user ID
 if (!empty($_GET['hash']))
 {
        // Initialize the user ID


@@ -57,9 +56,9 @@ if (!empty($_GET['hash']))
                // Unlock his account (but only when it is on UNCONFIRMED!)
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED', ref_payout='%s' WHERE user_hash='%s' AND status='UNCONFIRMED' LIMIT 1",
                 array($_CONFIG['ref_payout'], $_GET['hash']), __FILE__, __LINE__);
                // Unlock his account (but only when it is on UNCONFIRMED!)
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED', ref_payout='%s' WHERE user_hash='%s' AND status='UNCONFIRMED' LIMIT 1",
                 array($_CONFIG['ref_payout'], $_GET['hash']), __FILE__, __LINE__);

-               if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
+               if (SQL_AFFECTEDROWS() == 1)

                {
                {

-                       $msg = LOAD_EMAIL_TEMPLATE("confirm-member", "", bigintval($uid));
+                       $msg = LOAD_EMAIL_TEMPLATE("confirm-member", array('points' => $_CONFIG['points_register']), bigintval($uid));

 
                        // And send him right away the confirmation mail
                        SEND_EMAIL($email, GUEST_THANX_CONFIRM, $msg);
 
                        // And send him right away the confirmation mail
                        SEND_EMAIL($email, GUEST_THANX_CONFIRM, $msg);


@@ -68,7 +67,7 @@ if (!empty($_GET['hash']))
                        if (($rid > 0) && ($rid != $uid))
                        {
                                // Select the referral userid
                        if (($rid > 0) && ($rid != $uid))
                        {
                                // Select the referral userid

-                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",

                                 array(bigintval($rid)), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result) == 1)
                                {
                                 array(bigintval($rid)), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result) == 1)
                                {


@@ -91,10 +90,10 @@ if (!empty($_GET['hash']))
                                        }
 
                                        // If version matches add ref bonus to refid's account
                                        }
 
                                        // If version matches add ref bonus to refid's account

-                                       if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == 'Y'))
+                                       if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y"))

                                        {
                                                // Add points (directly only!)
                                        {
                                                // Add points (directly only!)

-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%s LIMIT 1",

                                                 array($_CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__);
 
                                                // Subtract points from system
                                                 array($_CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__);
 
                                                // Subtract points from system


@@ -115,8 +114,7 @@ if (!empty($_GET['hash']))
                        // Account confirmed!
                        if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                                // Set special lead cookie
                        // Account confirmed!
                        if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                                // Set special lead cookie

-                               setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                               $_COOKIE['lead_uid'] = bigintval($uid);
+                               set_session("lead_uid", bigintval($uid));

 
                                // Lead-Code mode enabled
                                LOAD_URL("lead-confirm.php");
 
                                // Lead-Code mode enabled
                                LOAD_URL("lead-confirm.php");


@@ -127,8 +125,7 @@ if (!empty($_GET['hash']))
                        }
                } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                        // Set special lead cookie
                        }
                } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                        // Set special lead cookie

-                       setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                       $_COOKIE['lead_uid'] = bigintval($uid);
+                       set_session("lead_uid", bigintval($uid));

 
                        // Lead-Code mode enabled
                        LOAD_URL("lead-confirm.php");
 
                        // Lead-Code mode enabled
                        LOAD_URL("lead-confirm.php");


@@ -157,7 +154,7 @@ if (!empty($_GET['hash']))
                switch ($DATA[1])
                {
                case "UNCONFIRMED": // Account not confirmed
                switch ($DATA[1])
                {
                case "UNCONFIRMED": // Account not confirmed

-                       $msg = LOAD_EMAIL_TEMPLATE("guest_request_confirm", "", $DATA[0]);
+                       $msg = LOAD_EMAIL_TEMPLATE("guest_request_confirm", array('hash' => $DATA[2]), $DATA[0]);

                        SEND_EMAIL($_POST['email'], REQUEST_CONFIRM_LINK_SUBJ, $msg);
                        $content = CONFIRM_LINK_SENT;
                        break;
                        SEND_EMAIL($_POST['email'], REQUEST_CONFIRM_LINK_SUBJ, $msg);
                        $content = CONFIRM_LINK_SENT;
                        break;


@@ -185,6 +182,6 @@ if (!empty($_GET['hash']))
        // No hash found, the guest may want to enter his email address to re-get his confirmation link?
        LOAD_TEMPLATE("guest_confirm_link");
 }
        // No hash found, the guest may want to enter his email address to re-get his confirmation link?
        LOAD_TEMPLATE("guest_confirm_link");
 }

-CLOSE_TABLE();
+

 //
 ?>
 //
 ?>