X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=beg.php;h=e402809626df492982bd4b35c509954abd416bfd;hp=9d5380cb8770979d499b1768242fbd637b8e339b;hb=ea2a5e6a7838127d2f9dec02ba68ec575188528b;hpb=75ad748a68473ace540251427a74fb781b1145e9 diff --git a/beg.php b/beg.php index 9d5380cb87..e402809626 100644 --- a/beg.php +++ b/beg.php @@ -35,64 +35,56 @@ require_once("inc/libs/security_functions.php"); // Init "action" and "what" -global $what, $action; +global $what, $action, $startTime; +$GLOBALS['startTime'] = microtime(true); $GLOBALS['what'] = ""; $GLOBALS['action'] = ""; -if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']); -if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']); // Set module $GLOBALS['module'] = "beg"; $GLOBALS['refid'] = 0; $CSS = -1; +$msg = null; // Load the required file(s) require ("inc/config.php"); // Is the script installed? -if (defined('mxchange_installed') && (mxchange_installed)) -{ +if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed'))) { // Check for userid - if (!empty($_GET['uid'])) - { + if (!empty($_GET['uid'])) { + // Init user ID $uid = 0; - if (bigintval($_GET['uid']) != $_GET['uid']) - { - if (EXT_IS_ACTIVE("nickname")) - { + + // Validate if it is not a number + if (bigintval($_GET['uid']) !== "".$_GET['uid']."") { + if (EXT_IS_ACTIVE("nickname")) { // Maybe we have found a nickname? $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", array($_GET['uid']), __FILE__, __LINE__); - } - else - { + } else { // Nickname entered but nickname is not active $msg = CODE_EXTENSION_PROBLEM; $uid = -1; $result = false; } - } - else - { + } else { // Direct userid - $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['uid'])), __FILE__, __LINE__); } // Check if locked in so don't pay points $login = false; $status = "failed"; - if (IS_LOGGED_IN()) - { + if (IS_LOGGED_IN()) { // Logged in user detected! $login = true; } // Check if account was found - if ((SQL_NUMROWS($result) == 1) && ($result != false)) - { + if ((SQL_NUMROWS($result) == 1) && ($result != false)) { // Found an ID so we simply set it list($uid, $clicks, $ref_payout, $status, $last) = SQL_FETCHROW($result); - if ($status == "CONFIRMED") - { + if ($status == "CONFIRMED") { // Secure userid $uid = bigintval($uid); @@ -102,16 +94,14 @@ if (defined('mxchange_installed') && (mxchange_installed)) // Multiply configured values with 100000 and divide with 100000 so we can also handle small values // If we need more number behind the decimal dot then we just need to increase all these three // numbers matching to the numbers behind the decimal dot. Simple! ;-) - $POINTS = rand(($CONFIG['beg_points'] * 100000), ($CONFIG['beg_points_max'] * 100000)) / 100000; + $points = rand(($_CONFIG['beg_points'] * 100000), ($_CONFIG['beg_points_max'] * 100000)) / 100000; // Set nickname / userid for the template(s define('__BEG_UID' , $_GET['uid']); define('__BEG_CLICKS', ($clicks + 1)); define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true)); - define('__BEG_POINTS', TRANSLATE_COMMA($POINTS)); - } - else - { + define('__BEG_POINTS', TRANSLATE_COMMA($points)); + } else { // Other status $uid = "0"; } @@ -120,22 +110,19 @@ if (defined('mxchange_installed') && (mxchange_installed)) // Free memory SQL_FREERESULT($result); - if (($uid > 0) && ($CONFIG['beg_uid'] != $uid)) - { + if (($uid > 0) && ($_CONFIG['beg_uid'] != $uid)) { // Update counter - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array($uid), __FILE__, __LINE__); // Check for last entry for userid w/o IP number - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $CONFIG['beg_timeout'])." OR (timeout > ".(time() - $CONFIG['beg_uid_timeout'])." AND userid=%d)) AND remote_ip='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%s)) AND remote_ip='%s' LIMIT 1", array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__); - if ((SQL_NUMROWS($result) == 0) && ($POINTS > 0) && (!$login)) - { + if ((SQL_NUMROWS($result) == 0) && ($points > 0) && (!$login)) { // Free memory SQL_FREERESULT($result); - if (!IS_ADMIN()) - { + if (!IS_ADMIN()) { // Remember remote address, userid and timestamp for next click // but only when there is no admin begging. // Admins shall be able to test it! @@ -145,49 +132,34 @@ if (defined('mxchange_installed') && (mxchange_installed)) // Set mode depending on how many mails the member has to confirm $locked = false; - if (($ref_payout > 0) && ($CONFIG['allow_direct_pay'] == "N")) $locked = true; + if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == "N")) $locked = true; // Is begging rallye active? - if ($CONFIG['beg_rallye'] == "Y") - { + if ($_CONFIG['beg_rallye'] == "Y") { // Add points to rallye account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%d LIMIT 1", - array($POINTS, $uid), __FILE__, __LINE__); - } - else - { + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1", + array($points, $uid), __FILE__, __LINE__); + } else { // Add points to account - ADD_POINTS_REFSYSTEM($uid, $POINTS, false, "0", $locked, strtolower($CONFIG['beg_mode'])); + $DEPTH = 0; + ADD_POINTS_REFSYSTEM($uid, $points, false, "0", $locked, strtolower($_CONFIG['beg_mode'])); } // Subtract begged points from member account if the admin has selected one - if ($CONFIG['beg_uid'] > 0) - { + if ($_CONFIG['beg_uid'] > 0) { // Subtract from this account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array($POINTS, bigintval($CONFIG['beg_uid'])), __FILE__, __LINE__); - - // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { - // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $POINTS); - } + SUB_POINTS($_CONFIG['beg_uid'], $points); } // Set message define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true)); - } - elseif ($login) - { + } elseif ($login) { // Logged in user found! define('__BEG_MSG', LOAD_TEMPLATE("beg_login", true)); // Free memory SQL_FREERESULT($result); - } - else - { + } else { // Free memory SQL_FREERESULT($result); @@ -203,54 +175,42 @@ if (defined('mxchange_installed') && (mxchange_installed)) // Include footer require_once(PATH."inc/footer.php"); - } - elseif (($status != "CONFIRMED") && ($status != "failed")) - { + } elseif (($status != "CONFIRMED") && ($status != "failed")) { // Maybe locked/unconfirmed account? - switch ($status) - { + switch ($status) { case "LOCKED" : $msg = CODE_ID_LOCKED ; break; // Locked account case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account } - } - elseif (($uid == "0") || ($status == "failed")) - { + } elseif (($uid == "0") || ($status == "failed")) { // Inalid or locked account, so let's find out $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", array($_GET['uid']), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Locked account $msg = CODE_ACCOUNT_LOCKED; - } - else - { + } else { // Invalid nickname! (404) $msg = CODE_USER_404; } // Free memory SQL_FREERESULT($result); - } - elseif ($uid = $CONFIG['beg_uid']) - { + } elseif ($uid == $_CONFIG['beg_uid']) { // Webmaster's ID cannot beg for points! $msg = CODE_BEG_SAME_AS_OWN; } // Reload to index module - if ((!empty($msg)) && (!empty($msg))) LOAD_URL(URL."/modules.php?module=index&msg=".$msg); - } - else - { + die("-".$msg."-"); + if ((!empty($msg)) && (!empty($msg))) LOAD_URL("modules.php?module=index&msg=".$msg); + } else { // No userid entered - LOAD_URL(URL."/modules.php?module=index"); + LOAD_URL("modules.php?module=index"); } -} - else -{ +} else { // You have to configure first! - LOAD_URL(URL."/install.php"); + LOAD_URL("install.php"); } + // Really all done here... ;-) ?>