X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=beg.php;h=83c0bb1e2a484281fd7d677194c85548ab479e88;hp=baffdec97f373fca724e1d3ef7bdfa5fa08623ef;hb=4fbb69b66564237c51d4eaf8c82d0d8cdfcf84a0;hpb=e1653405d28923c78b2e292125306ccf61138f24

diff --git a/beg.php b/beg.php
index baffdec97f..83c0bb1e2a 100644
--- a/beg.php
+++ b/beg.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 01/09/2005 *
- * ===============                              Last change: 01/09/2005 *
+ * Mailer v0.2.1-FINAL                                Start: 01/09/2005 *
+ * ===================                          Last change: 01/09/2005 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : beg.php                                          *
@@ -10,10 +10,14 @@
  * -------------------------------------------------------------------- *
  * Kurzbeschreibung  : Bettel-Link fuer Mitglieder                      *
  * -------------------------------------------------------------------- *
- *                                                                      *
+ * $Revision::                                                        $ *
+ * $Date::                                                            $ *
+ * $Tag:: 0.2.1-FINAL                                                 $ *
+ * $Author::                                                          $ *
  * -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder                           *
- * For more information visit: http://www.mxchange.org                  *
+ * Copyright (c) 2003 - 2009 by Roland Haeder                           *
+ * Copyright (c) 2009 - 2011 by Mailer Developer Team                   *
+ * For more information visit: http://mxchange.org                      *
  *                                                                      *
  * This program is free software; you can redistribute it and/or modify *
  * it under the terms of the GNU General Public License as published by *
@@ -31,226 +35,184 @@
  * MA  02110-1301  USA                                                  *
  ************************************************************************/
 
-// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
-require_once("inc/libs/security_functions.php");
+// Load security stuff here
+require('inc/libs/security_functions.php');
 
-// Init "action" and "what"
-global $what, $action;
-$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
-if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
-if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
+// Init start time
+$GLOBALS['startTime'] = microtime(true);
 
 // Set module
-$GLOBALS['module'] = "beg";
-$GLOBALS['refid']  = 0;
-$CSS = -1;
+$GLOBALS['__module'] = 'beg';
+$GLOBALS['output_mode'] = '0';
+$errorCode = NULL;
 
 // Load the required file(s)
-require ("inc/config.php");
-
-// Is the script installed?
-if (defined('mxchange_installed') && (mxchange_installed))
-{
-	// Check for userid
-	if (!empty($_GET['uid']))
-	{
-		$uid = 0;
-		if (bigintval($_GET['uid']) != $_GET['uid'])
-		{
-			if (EXT_IS_ACTIVE("nickname"))
-			{
-				// Maybe we have found a nickname?
-				$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
-				 array($_GET['uid']), __FILE__, __LINE__);
-			}
-			 else
-			{
-				// Nickname entered but nickname is not active
-				$msg = CODE_EXTENSION_PROBLEM;
-				$uid = -1;
-				$result = false;
-			}
-		}
-		 else
-		{
-			// Direct userid
-			$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
-			 array(bigintval($_GET['uid'])), __FILE__, __LINE__);
-		}
-
-		// Check if locked in so don't pay points
-		$login = false; $status = "failed";
-		if (IS_LOGGED_IN())
-		{
-			// Logged in user detected!
-			$login = true;
-		}
-
-		// Check if account was found
-		if ((SQL_NUMROWS($result) == 1) && ($result != false))
-		{
-			// Found an ID so we simply set it
-			list($uid, $clicks, $ref_payout, $status, $last) = SQL_FETCHROW($result);
-			if ($status == "CONFIRMED")
-			{
-				// Secure userid
-				$uid = bigintval($uid);
-
-				// Calculate beg points
-				srand((double)microtime() * 10000000000 / time());
-
-				// Multiply configured values with 100000 and divide with 100000 so we can also handle small values
-				// If we need more number behind the decimal dot then we just need to increase all these three
-				// numbers matching to the numbers behind the decimal dot. Simple! ;-)
-				$POINTS = rand(($CONFIG['beg_points'] * 100000), ($CONFIG['beg_points_max'] * 100000)) / 100000;
+require('inc/config-global.php');
+
+// Set content type
+setContentType('text/html');
+
+// Is the 'beg' extension active?
+redirectOnUninstalledExtension('beg');
+
+// Check for userid
+if (isGetRequestElementSet('userid')) {
+	// Init variables
+	$points = '0';
+
+	// Don't pay is the default...
+	$pay = false;
+
+	// Validate if it is not a number
+	if ((isExtensionActive('nickname')) && (isNicknameUsed(getRequestElement('userid')))) {
+		// Maybe we have found a nickname?
+		fetchUserData(getRequestElement('userid'), 'nickname');
+	} elseif (isNicknameUsed(getRequestElement('userid'))) {
+		// Nickname entered but nickname is not active
+		$errorCode = getCode('EXTENSION_PROBLEM');
+	} else {
+		// Direct userid
+		fetchUserData(getRequestElement('userid'));
+	}
 
-				// Set nickname / userid for the template(s
-				define('__BEG_UID'   , $_GET['uid']);
-				define('__BEG_CLICKS', ($clicks + 1));
-				define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true));
-				define('__BEG_POINTS', TRANSLATE_COMMA($POINTS));
-			}
-			 else
-			{
-				// Other status
-				$uid = "0";
+	// Check if locked in so don't pay points
+	$status = 'failed';
+
+	// Check if account was found
+	if ((isUserDataValid()) && (getUserData('status') == 'CONFIRMED')) {
+		/*
+		 * Multiply configured values with 100000 and divide with 100000 so we can also handle small values
+		 * If we need more number behind the decimal dot then we just need to increase all these three
+		 * numbers matching to the numbers behind the decimal dot. Simple! ;-)
+		 */
+		$points = mt_rand((getBegPoints() * 100000), (getBegPointsMax() * 100000)) / 100000;
+
+		// Set nickname / userid for template
+		$content['userid']        = getRequestElement('userid');
+		$content['clicks']        = (getUserData('beg_clicks') + 1);
+		$content['header_banner'] = loadTemplate('beg_header_banner', true);
+		$content['footer_banner'] = loadTemplate('beg_footer_banner', true);
+		$content['points']        = $points;
+	} // END - if
+
+	// User id valid and not webmaster's id?
+	if ((isValidUserId(getUserData('userid'))) && (getBegUserid() != getUserData('userid'))) {
+		// Update counter
+		SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `beg_clicks`=`beg_clicks`+1 WHERE `userid`=%s LIMIT 1",
+			array(getUserData('userid')), __FILE__, __LINE__);
+
+		// Check for last entry for userid w/o IP number                            12              33                               2    23              44            3                                          21     1                              1
+		$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_beg_ips` WHERE ((UNIX_TIMESTAMP() - `timeout`) >= {?beg_timeout?} OR ((UNIX_TIMESTAMP() - `timeout`) >= {?beg_userid_timeout?} AND `userid`=%s)) AND (`remote_ip`='%s' OR `sid`='%s') LIMIT 1",
+			array(
+				getUserData('userid'),
+				detectRemoteAddr(),
+				session_id()
+			), __FILE__, __LINE__);
+
+		// Entry not found, points set and not logged in?
+		//* DEBUG: */ logDebugMessage(__FILE__, __LINE__, 'SQL_HASZERONUMS()=' . intval(SQL_HASZERONUMS($result)) . ',isAdmin()=' . intval(isAdmin()) . ',points=' . $points . ',isMember()=' . intval(isMember()) . ',getBegPayMode()=' . getBegPayMode());
+		if ((SQL_HASZERONUMS($result)) && ($points > 0) && (getBegPayMode() == 'NONE') && ((!isMember()) || (isAdmin()))) {
+			// Default is result from isAdmin(), mostly false
+			$pay = isAdmin();
+
+			// Admin is testing?
+			if (!isAdmin()) {
+				/*
+				 * Remember remote address, userid and timestamp for next click
+				 * but only when there is no admin begging.
+				 * Admins shall be able to test it!
+				 */
+				SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_beg_ips` (`userid`,`remote_ip`,`sid`,`timeout`) VALUES ('%s','%s','%s', UNIX_TIMESTAMP())",
+					array(
+						getUserData('userid'),
+						detectRemoteAddr(),
+						session_id()
+					), __FILE__, __LINE__);
+
+				// Was is successfull?
+				$pay = (!SQL_HASZEROAFFECTED());
+			} // END - if
+
+			// Pay points?
+			//* DEBUG: */ logDebugMessage(__FILE__, __LINE__, 'pay=' . intval($pay));
+			if ($pay === true) {
+				// Add points to user or begging rallye account
+				if (addPointsBeg(getUserData('userid'), $points)) {
+					// Set 'done' message
+					$content['message'] = loadTemplate('beg_done', true, $content);
+				} else {
+					// Error!
+					$content['message'] = loadTemplate('beg_failed', true, $content);
+				}
+			} else {
+				// Error!
+				$content['message'] = loadTemplate('beg_failed', true, $content);
 			}
+		} elseif (isMember()) {
+			// Logged in user found
+			$content['message'] = loadTemplate('beg_login', true, $content);
+		} elseif (getBegPayMode() != 'NONE') { // Other pay-mode active!
+			// Load message template depending on pay-mode
+			$content['message'] = loadTemplate('beg_pay_mode_' . strtolower(getBegPayMode()), true, $content);
+			$pay = true;
+		} else {
+			// Clicked received while reload lock is active
+			$content['message'] = loadTemplate('beg_failed', true, $content);
 		}
 
 		// Free memory
 		SQL_FREERESULT($result);
 
-		if (($uid > 0) && ($CONFIG['beg_uid'] != $uid))
-		{
-			// Update counter
-			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
-			 array($uid), __FILE__, __LINE__);
-
-			// Check for last entry for userid w/o IP number
-			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $CONFIG['beg_timeout'])." OR (timeout > ".(time() - $CONFIG['beg_uid_timeout'])." AND userid=%d)) AND remote_ip='%s' LIMIT 1",
-			 array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
-			if ((SQL_NUMROWS($result) == 0) && ($POINTS > 0) && (!$login))
-			{
-				// Free memory
-				SQL_FREERESULT($result);
-
-				if (!IS_ADMIN())
-				{
-					// Remember remote address, userid and timestamp for next click
-					// but only when there is no admin begging.
-					// Admins shall be able to test it!
-					$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_beg_ips (userid, remote_ip, timeout) VALUES('%s', '%s', UNIX_TIMESTAMP())",
-					 array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
-				}
+		// Include header
+		loadIncludeOnce('inc/header.php');
 
-				// Set mode depending on how many mails the member has to confirm
-				$locked = false;
-				if (($ref_payout > 0) && ($CONFIG['allow_direct_pay'] == 'N')) $locked = true;
+		// Load final template
+		loadTemplate('beg_link', false, $content);
 
-				// Is begging rallye active?
-				if ($CONFIG['beg_rallye'] == 'Y')
-				{
-					// Add points to rallye account
-					$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%d LIMIT 1",
-					 array($POINTS, $uid), __FILE__, __LINE__);
-				}
-				 else
-				{
-					// Add points to account
-					ADD_POINTS_REFSYSTEM($uid, $POINTS, false, "0", $locked, strtolower($CONFIG['beg_mode']));
-				}
+		// Tracker code enabled? (We don't track users here!
+		if ((getBegPayMode() != 'NONE') && ($pay === true)) {
+			// Prepare content for template
+			// @TODO Opps, what is missing here???
+			$content = array(
+			);
 
-				// Subtract begged points from member account if the admin has selected one
-				if ($CONFIG['beg_uid'] > 0)
-				{
-					// Subtract from this account
-					$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-					 array($POINTS, bigintval($CONFIG['beg_uid'])), __FILE__, __LINE__);
-
-					// Update mediadata as well
-					if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-					{
-						// Update database
-						MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $POINTS);
-					}
-				}
-
-				// Set message
-				define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true));
-			}
-			 elseif ($login)
-			{
-				// Logged in user found!
-				define('__BEG_MSG', LOAD_TEMPLATE("beg_login", true));
-
-				// Free memory
-				SQL_FREERESULT($result);
-			}
-			 else
-			{
-				// Free memory
-				SQL_FREERESULT($result);
-
-				// Clicked received while reload lock is active
-				define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true));
-			}
-
-			// Include header
-			require_once(PATH."inc/header.php");
-
-			// Load final template
-			LOAD_TEMPLATE("beg_link");
-
-			// Include footer
-			require_once(PATH."inc/footer.php");
-		}
-		 elseif (($status != "CONFIRMED") && ($status != "failed"))
-		{
-			// Maybe locked/unconfirmed account?
-			switch ($status)
-			{
-				case "LOCKED"     : $msg = CODE_ID_LOCKED     ; break; // Locked account
-				case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account
-			}
+			// Include config-depending template
+			loadTemplate('beg_pay_code_' . strtolower(getBegPayMode()), false, $content);
+		} elseif (($pay === false) && (!isset($content['message']))) {
+			// Cannot pay! :-(
+			$content['message'] = loadTemplate('beg_failed', true);
 		}
-		 elseif (($uid == "0") || ($status == "failed"))
-		{
-			// Inalid or locked account, so let's find out
-			$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
-			 array($_GET['uid']), __FILE__, __LINE__);
-			if (SQL_NUMROWS($result) == 1)
-			{
-				// Locked account
-				$msg = CODE_ACCOUNT_LOCKED;
-			}
-			 else
-			{
-				// Invalid nickname! (404)
-				$msg = CODE_USER_404;
-			}
 
-			// Free memory
-			SQL_FREERESULT($result);
+		// Include footer
+		loadIncludeOnce('inc/footer.php');
+	} elseif ((getUserData('status') != 'CONFIRMED') && (getUserData('status') != 'failed')) {
+		// Maybe locked/unconfirmed account?
+		$errorCode = generateErrorCodeFromUserStatus();
+	} elseif ((getUserData('userid') == '0') || (getUserData('status') == 'failed')) {
+		// Inalid or locked account, so let's find out
+		if (fetchUserData(getRequestElement('userid'), 'nickname')) {
+			// Locked account
+			$errorCode = getCode('ACCOUNT_LOCKED');
+		} else {
+			// Invalid nickname! (404)
+			$errorCode = getCode('USER_404');
 		}
-		 elseif ($uid = $CONFIG['beg_uid'])
-		{
-			// Webmaster's ID cannot beg for points!
-			$msg = CODE_BEG_SAME_AS_OWN;
-		}
-
-		// Reload to index module
-		if ((!empty($msg)) && (!empty($msg))) LOAD_URL(URL."/modules.php?module=index&msg=".$msg);
+	} elseif (getUserData('userid') == getBegUserid()) {
+		// Webmaster's id cannot beg for points!
+		$errorCode = getCode('BEG_SAME_AS_OWN');
 	}
-	 else
-	{
-		// No userid entered
-		LOAD_URL(URL."/modules.php?module=index");
-	}
-}
- else
-{
-	// You have to configure first!
-	LOAD_URL(URL."/install.php");
+
+	// Reload to index module if an error happens
+	if (!is_null($errorCode)) {
+		redirectToUrl('modules.php?module=index&amp;code=' . $errorCode . '&amp;ext=beg');
+	} // END - if
+} else {
+	// No userid entered
+	redirectToUrl('modules.php?module=index');
 }
+
 // Really all done here... ;-)
+shutdown();
+
+// [EOF]
 ?>