More fixes from bugtracker issues, thanks to profi-concept
[mailer.git] / ref.php
diff --git a/ref.php b/ref.php
index f4ee90a..4b34282 100644 (file)
--- a/ref.php
+++ b/ref.php
@@ -6,9 +6,9 @@
  * -------------------------------------------------------------------- *
  * File              : ref.php                                          *
  * -------------------------------------------------------------------- *
- * Short description : Redirection for the referral link                *
+ * Short description : Redirection for the referal link                 *
  * -------------------------------------------------------------------- *
- * Kurzbeschreibung  : Weiterleitungsscript fuer die Referral-Links     *
+ * Kurzbeschreibung  : Weiterleitungsscript fuer die Referal-Links      *
  * -------------------------------------------------------------------- *
  *                                                                      *
  * -------------------------------------------------------------------- *
@@ -37,20 +37,17 @@ require_once("inc/libs/security_functions.php");
 // Init "action" and "what"
 global $what, $action;
 $GLOBALS['what'] = ""; $GLOBALS['action'] = "";
-if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
-if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
 
 // Set module
 $GLOBALS['module'] = "ref"; $CSS = -1;
 
 // Load the required file(s)
-require ("inc/config.php");
+require("inc/config.php");
 
 // Redirect only to registration page when this script is installed
-if (defined('mxchange_installed') && (mxchange_installed))
-{
+if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Base URL for redirection
-       switch ($CONFIG['refid_target'])
+       switch (getConfig('refid_target'))
        {
        case "register":
                $URL = URL."/modules.php?module=index&what=register&refid=";
@@ -61,44 +58,54 @@ if (defined('mxchange_installed') && (mxchange_installed))
                break;
        }
 
-       // Get referral ID from ref or refid variable
-       if (!empty($_GET['ref']))        $ref = strip_tags(htmlentities($_GET['ref']));
-        elseif (!empty($_GET['refid'])) $ref = bigintval($_GET['refid']);
+       // Get referal ID from ref or refid variable
+       if (!empty($_GET['ref']))        $ref = secureString($_GET['ref']);
+        elseif (!empty($_GET['refid'])) $ref = secureString($_GET['refid']);
+
+       if (!empty($ref)) {
+               // Test if nickname or numeric id
+               if ($ref != "".($ref + 0)."") {
+                       if (EXT_IS_ACTIVE("nickname")) {
+                               // Nickname in URL, so load the ID
+                               $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1",
+                                       array($ref), __FILE__, __LINE__);
+
+                               // Load userid
+                               list($ref) = SQL_FETCHROW($result);
+
+                               // Free result
+                               SQL_FREERESULT($result);
+                       } else {
+                               // Invalid request!
+                               $ref = 0;
+                       }
+               } // END - if
 
-       if (!empty($ref))
-       {
-               // Test if nickname ($test == "0") or ID
-               $test = "".round($ref)."";
-               if ((EXT_IS_ACTIVE("nickname")) && ($test != $ref))
-               {
-                       // Nickname in URL, so load the ID
-                       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", array($ref), __FILE__, __LINE__);
-                       list($ref) = SQL_FETCHROW($result);
-                       SQL_FREERESULT($result);
-               }
                // Also edit this 0 !
-               if (empty($ref)) $ref = "0";
+               if (empty($ref)) $ref = 0;
+
+               // Update session
+               set_session('refid', $ref);
 
                // We have an refid here. So we simply add it
                $URL .= bigintval($ref);
 
-               // Update ref counter
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%d LIMIT 1",
-                array(bigintval($ref)), __FILE__, __LINE__);
-       }
-        else
-       {
+               // Is the refid valid?
+               if ($ref > 0) {
+                       // Update ref counter
+                       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET ref_clicks=ref_clicks+1 WHERE userid=%s LIMIT 1",
+                               array(bigintval($ref)), __FILE__, __LINE__);
+               } // END - if
+       } else {
                // No refid and we add our refid (don't forget to set $def_refid!)
                $URL = URL."/index.php";
        }
+
        // Load the URL
        LOAD_URL($URL);
-       // Redirection should be done here
-}
- else
-{
+} else {
        // You have to configure first!
-       LOAD_URL(URL."/install.php");
+       LOAD_URL("install.php");
 }
 
 // Really all done here... ;-)