Security line in all includes changed
[mailer.git] / inc / modules / guest / what-confirm.php
index 40a1c51..7d554b5 100644 (file)
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
+
 // Add description as navigation point
 ADD_DESCR("guest", basename(__FILE__));
 
-OPEN_TABLE("100%", "guest_content_align", "");
 if (!empty($_GET['hash']))
 {
        // Initialize the user ID
@@ -57,9 +56,9 @@ if (!empty($_GET['hash']))
                // Unlock his account (but only when it is on UNCONFIRMED!)
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED', ref_payout='%s' WHERE user_hash='%s' AND status='UNCONFIRMED' LIMIT 1",
                 array($_CONFIG['ref_payout'], $_GET['hash']), __FILE__, __LINE__);
-               if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
+               if (SQL_AFFECTEDROWS() == 1)
                {
-                       $msg = LOAD_EMAIL_TEMPLATE("confirm-member", "", bigintval($uid));
+                       $msg = LOAD_EMAIL_TEMPLATE("confirm-member", array('points' => $_CONFIG['points_register']), bigintval($uid));
 
                        // And send him right away the confirmation mail
                        SEND_EMAIL($email, GUEST_THANX_CONFIRM, $msg);
@@ -68,7 +67,7 @@ if (!empty($_GET['hash']))
                        if (($rid > 0) && ($rid != $uid))
                        {
                                // Select the referral userid
-                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array(bigintval($rid)), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result) == 1)
                                {
@@ -91,10 +90,10 @@ if (!empty($_GET['hash']))
                                        }
 
                                        // If version matches add ref bonus to refid's account
-                                       if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == 'Y'))
+                                       if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y"))
                                        {
                                                // Add points (directly only!)
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%s LIMIT 1",
                                                 array($_CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__);
 
                                                // Subtract points from system
@@ -115,7 +114,7 @@ if (!empty($_GET['hash']))
                        // Account confirmed!
                        if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                                // Set special lead cookie
-                               set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
+                               set_session("lead_uid", bigintval($uid));
 
                                // Lead-Code mode enabled
                                LOAD_URL("lead-confirm.php");
@@ -126,7 +125,7 @@ if (!empty($_GET['hash']))
                        }
                } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                        // Set special lead cookie
-                       set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
+                       set_session("lead_uid", bigintval($uid));
 
                        // Lead-Code mode enabled
                        LOAD_URL("lead-confirm.php");
@@ -155,7 +154,7 @@ if (!empty($_GET['hash']))
                switch ($DATA[1])
                {
                case "UNCONFIRMED": // Account not confirmed
-                       $msg = LOAD_EMAIL_TEMPLATE("guest_request_confirm", "", $DATA[0]);
+                       $msg = LOAD_EMAIL_TEMPLATE("guest_request_confirm", array('hash' => $DATA[2]), $DATA[0]);
                        SEND_EMAIL($_POST['email'], REQUEST_CONFIRM_LINK_SUBJ, $msg);
                        $content = CONFIRM_LINK_SENT;
                        break;
@@ -183,6 +182,6 @@ if (!empty($_GET['hash']))
        // No hash found, the guest may want to enter his email address to re-get his confirmation link?
        LOAD_TEMPLATE("guest_confirm_link");
 }
-CLOSE_TABLE();
+
 //
 ?>