-// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
-require_once("inc/libs/security_functions.php");
-
-// Init "action" and "what"
-global $what, $action, $startTime;
-$GLOBALS['startTime'] = microtime(true);
-$GLOBALS['what'] = "";
-$GLOBALS['action'] = "";
-
-// Set this because we have no module in URI
-$GLOBALS['module'] = "show_bonus"; $CSS = 0;
-
-// Load the required file(s)
-require("inc/config.php");
-
-// Is the "bonus" extension active?
-if (!EXT_IS_ACTIVE("bonus")) {
- // Redirect to index
- LOAD_URL("modules.php?module=index&msg=".CODE_EXTENSION_PROBLEM."&ext=bonus");
-} // END - if
-
-// List only rankings when script is installed
-if (isBooleanConstantAndTrue('mxchange_installed')) {
- // Include header
- include(PATH."inc/header.php");
-
- if (($_GET['uid'] > 0) && ($_GET['d'] > 0) && (!empty($_GET['t']))) {
- // Set row name
- $t = "";
- switch ($_GET['t']) {
- case "bonusid": // Bonus mail
- $t = "bonus_id";
- break;
-
- case "mailid": // Regular member mail
- $t = "mail_id";
- break;
-
- default: // Invalid type
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid type %s detected.", $_GET['t']));
- break;
- } // END - switch
-
- // Valid type?
- if (!empty($t)) {
- // Check for data
- $result = SQL_QUERY_ESC("SELECT DISTINCT d.gender, d.surname, d.family, b.level, b.points
-FROM `"._MYSQL_PREFIX."_user_data` AS d
-RIGHT JOIN "._MYSQL_PREFIX."_bonus_turbo AS b
-ON d.userid=b.userid
-WHERE d.status='CONFIRMED' AND d.userid=%s AND b.%s=%s
+// Load security stuff here
+require('inc/libs/security_functions.php');
+
+// Init start time
+$GLOBALS['__start_time'] = microtime(TRUE);
+
+// Set this because there is no module in URI
+$GLOBALS['__module'] = 'show_bonus';
+$GLOBALS['__output_mode'] = '0';
+
+// Initialize application
+require('inc/init.php');
+
+// Set content type
+setContentType('text/html');
+
+// Is the 'bonus' extension active?
+redirectOnUninstalledExtension('bonus');
+
+// Include header
+loadPageHeader();
+
+if ((isValidId(getRequestElement('userid'))) && (getRequestElement('d') > 0) && (isGetRequestElementSet('t'))) {
+ // Set row name
+ $t = '';
+ switch (getRequestElement('t')) {
+ case 'bonusid': // Bonus mail
+ $t = 'bonus_id';
+ break;
+
+ case 'mailid': // Regular member mail
+ $t = 'mail_id';
+ break;
+
+ default: // Invalid type
+ logDebugMessage(__FILE__, __LINE__, sprintf('Invalid type %s detected.', getRequestElement('t')));
+ break;
+ } // END - switch
+
+ // Valid type?
+ if (!empty($t)) {
+ // Check for data
+ $result = sqlQueryEscaped("SELECT
+ `d`.`userid`,
+ `b`.`level`,
+ `b`.`points`
+FROM
+ `{?_MYSQL_PREFIX?}_user_data` AS `d`
+INNER JOIN
+ `{?_MYSQL_PREFIX?}_bonus_turbo` AS `b`
+ON
+ `d`.`userid`=`b`.`userid`
+WHERE
+ `d`.`status`='CONFIRMED' AND
+ `d`.`userid`=%s AND
+ `b`.`%s`=%s