X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=beg.php;h=8ce941981883112c4e54aea02a84885a874ac099;hp=9d5380cb8770979d499b1768242fbd637b8e339b;hb=4d6226782aa4ba157dca8c3891412ba50159481f;hpb=75ad748a68473ace540251427a74fb781b1145e9

diff --git a/beg.php b/beg.php
index 9d5380cb87..8ce9419818 100644
--- a/beg.php
+++ b/beg.php
@@ -37,42 +37,36 @@ require_once("inc/libs/security_functions.php");
 // Init "action" and "what"
 global $what, $action;
 $GLOBALS['what'] = ""; $GLOBALS['action'] = "";
-if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
-if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
 
 // Set module
 $GLOBALS['module'] = "beg";
 $GLOBALS['refid']  = 0;
 $CSS = -1;
+$msg = null;
 
 // Load the required file(s)
 require ("inc/config.php");
 
 // Is the script installed?
-if (defined('mxchange_installed') && (mxchange_installed))
-{
+if (defined('mxchange_installed') && (mxchange_installed)) {
 	// Check for userid
-	if (!empty($_GET['uid']))
-	{
+	if (!empty($_GET['uid'])) {
+		// Init user ID
 		$uid = 0;
-		if (bigintval($_GET['uid']) != $_GET['uid'])
-		{
-			if (EXT_IS_ACTIVE("nickname"))
-			{
+
+		// Validate if it is not a number
+		if (bigintval($_GET['uid']) !== "".$_GET['uid']."") {
+			if (EXT_IS_ACTIVE("nickname")) {
 				// Maybe we have found a nickname?
 				$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
 				 array($_GET['uid']), __FILE__, __LINE__);
-			}
-			 else
-			{
+			} else {
 				// Nickname entered but nickname is not active
 				$msg = CODE_EXTENSION_PROBLEM;
 				$uid = -1;
 				$result = false;
 			}
-		}
-		 else
-		{
+		} else {
 			// Direct userid
 			$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
 			 array(bigintval($_GET['uid'])), __FILE__, __LINE__);
@@ -80,19 +74,16 @@ if (defined('mxchange_installed') && (mxchange_installed))
 
 		// Check if locked in so don't pay points
 		$login = false; $status = "failed";
-		if (IS_LOGGED_IN())
-		{
+		if (IS_LOGGED_IN()) {
 			// Logged in user detected!
 			$login = true;
 		}
 
 		// Check if account was found
-		if ((SQL_NUMROWS($result) == 1) && ($result != false))
-		{
+		if ((SQL_NUMROWS($result) == 1) && ($result != false)) {
 			// Found an ID so we simply set it
 			list($uid, $clicks, $ref_payout, $status, $last) = SQL_FETCHROW($result);
-			if ($status == "CONFIRMED")
-			{
+			if ($status == "CONFIRMED") {
 				// Secure userid
 				$uid = bigintval($uid);
 
@@ -109,9 +100,7 @@ if (defined('mxchange_installed') && (mxchange_installed))
 				define('__BEG_CLICKS', ($clicks + 1));
 				define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true));
 				define('__BEG_POINTS', TRANSLATE_COMMA($POINTS));
-			}
-			 else
-			{
+			} else {
 				// Other status
 				$uid = "0";
 			}
@@ -120,8 +109,7 @@ if (defined('mxchange_installed') && (mxchange_installed))
 		// Free memory
 		SQL_FREERESULT($result);
 
-		if (($uid > 0) && ($CONFIG['beg_uid'] != $uid))
-		{
+		if (($uid > 0) && ($CONFIG['beg_uid'] != $uid)) {
 			// Update counter
 			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
 			 array($uid), __FILE__, __LINE__);
@@ -129,13 +117,11 @@ if (defined('mxchange_installed') && (mxchange_installed))
 			// Check for last entry for userid w/o IP number
 			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $CONFIG['beg_timeout'])." OR (timeout > ".(time() - $CONFIG['beg_uid_timeout'])." AND userid=%d)) AND remote_ip='%s' LIMIT 1",
 			 array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
-			if ((SQL_NUMROWS($result) == 0) && ($POINTS > 0) && (!$login))
-			{
+			if ((SQL_NUMROWS($result) == 0) && ($POINTS > 0) && (!$login)) {
 				// Free memory
 				SQL_FREERESULT($result);
 
-				if (!IS_ADMIN())
-				{
+				if (!IS_ADMIN()) {
 					// Remember remote address, userid and timestamp for next click
 					// but only when there is no admin begging.
 					// Admins shall be able to test it!
@@ -145,31 +131,26 @@ if (defined('mxchange_installed') && (mxchange_installed))
 
 				// Set mode depending on how many mails the member has to confirm
 				$locked = false;
-				if (($ref_payout > 0) && ($CONFIG['allow_direct_pay'] == "N")) $locked = true;
+				if (($ref_payout > 0) && ($CONFIG['allow_direct_pay'] == 'N')) $locked = true;
 
 				// Is begging rallye active?
-				if ($CONFIG['beg_rallye'] == "Y")
-				{
+				if ($CONFIG['beg_rallye'] == 'Y') {
 					// Add points to rallye account
 					$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%d LIMIT 1",
 					 array($POINTS, $uid), __FILE__, __LINE__);
-				}
-				 else
-				{
+				} else {
 					// Add points to account
 					ADD_POINTS_REFSYSTEM($uid, $POINTS, false, "0", $locked, strtolower($CONFIG['beg_mode']));
 				}
 
 				// Subtract begged points from member account if the admin has selected one
-				if ($CONFIG['beg_uid'] > 0)
-				{
+				if ($CONFIG['beg_uid'] > 0) {
 					// Subtract from this account
 					$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
 					 array($POINTS, bigintval($CONFIG['beg_uid'])), __FILE__, __LINE__);
 
 					// Update mediadata as well
-					if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-					{
+					if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
 						// Update database
 						MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $POINTS);
 					}
@@ -177,17 +158,13 @@ if (defined('mxchange_installed') && (mxchange_installed))
 
 				// Set message
 				define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true));
-			}
-			 elseif ($login)
-			{
+			} elseif ($login) {
 				// Logged in user found!
 				define('__BEG_MSG', LOAD_TEMPLATE("beg_login", true));
 
 				// Free memory
 				SQL_FREERESULT($result);
-			}
-			 else
-			{
+			} else {
 				// Free memory
 				SQL_FREERESULT($result);
 
@@ -203,54 +180,42 @@ if (defined('mxchange_installed') && (mxchange_installed))
 
 			// Include footer
 			require_once(PATH."inc/footer.php");
-		}
-		 elseif (($status != "CONFIRMED") && ($status != "failed"))
-		{
+		} elseif (($status != "CONFIRMED") && ($status != "failed")) {
 			// Maybe locked/unconfirmed account?
-			switch ($status)
-			{
+			switch ($status) {
 				case "LOCKED"     : $msg = CODE_ID_LOCKED     ; break; // Locked account
 				case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account
 			}
-		}
-		 elseif (($uid == "0") || ($status == "failed"))
-		{
+		} elseif (($uid == "0") || ($status == "failed")) {
 			// Inalid or locked account, so let's find out
 			$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
 			 array($_GET['uid']), __FILE__, __LINE__);
-			if (SQL_NUMROWS($result) == 1)
-			{
+			if (SQL_NUMROWS($result) == 1) {
 				// Locked account
 				$msg = CODE_ACCOUNT_LOCKED;
-			}
-			 else
-			{
+			} else {
 				// Invalid nickname! (404)
 				$msg = CODE_USER_404;
 			}
 
 			// Free memory
 			SQL_FREERESULT($result);
-		}
-		 elseif ($uid = $CONFIG['beg_uid'])
-		{
+		} elseif ($uid == $CONFIG['beg_uid']) {
 			// Webmaster's ID cannot beg for points!
 			$msg = CODE_BEG_SAME_AS_OWN;
 		}
 
 		// Reload to index module
+		die("-".$msg."-");
 		if ((!empty($msg)) && (!empty($msg))) LOAD_URL(URL."/modules.php?module=index&msg=".$msg);
-	}
-	 else
-	{
+	} else {
 		// No userid entered
 		LOAD_URL(URL."/modules.php?module=index");
 	}
-}
- else
-{
+} else {
 	// You have to configure first!
 	LOAD_URL(URL."/install.php");
 }
+
 // Really all done here... ;-)
 ?>