X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=doubler.php;h=03a2e5872a946c1f5e2ea0bd1b8b9c3447f78d81;hp=783bf99288856ee53da7809ffae91356d78dee60;hb=a7c7b8307405aa270a38ce4e363c41b3d1c9c745;hpb=3afdce4fe00b4af570122ce7b8158ced44aec7d3;ds=sidebyside diff --git a/doubler.php b/doubler.php index 783bf99288..03a2e5872a 100644 --- a/doubler.php +++ b/doubler.php @@ -39,10 +39,8 @@ // Load security stuff here require('inc/libs/security_functions.php'); -// Init "action" and "what" +// Init start time $GLOBALS['startTime'] = microtime(true); -$GLOBALS['what'] = ''; -$GLOBALS['action'] = ''; // Set module $GLOBALS['module'] = 'doubler'; @@ -56,89 +54,89 @@ require('inc/config-global.php'); redirectOnUninstalledExtension('doubler'); // Is the script installed? -if (isInstalled()) { - // Probe for referal ID - if (REQUEST_ISSET_GET(('refid'))) $GLOBALS['refid'] = REQUEST_GET(('refid')); +if (!isInstalled()) { + // You have to install first! + redirectToUrl('install.php'); +} // END - if - // Only check this if refid is provided! - if ($GLOBALS['refid'] > 0) { - // Probe for nickname extension and if a nickname was supplied by URL - $probe_nickname = ((EXT_IS_ACTIVE('nickname')) && ((''.round($GLOBALS['refid']).'') != $GLOBALS['refid'])); +// Probe for referal ID +if (REQUEST_ISSET_GET('refid')) $GLOBALS['refid'] = REQUEST_GET('refid'); - // Do we have nickname or userid set? - if ($probe_nickname === true) { - // Nickname in URL, so load the ID - $result = SQL_QUERY_ESC("SELECT userid, status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", +// Only check this if refid is provided! +if ($GLOBALS['refid'] > 0) { + // Do we have nickname or userid set? + if (isNicknameUsed($GLOBALS['refid'])) { + // Nickname in URL, so load the ID + $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `nickname`='%s' LIMIT 1", array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); - } else { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", + } else { + // Direct userid entered + $result = SQL_QUERY_ESC("SELECT userid, status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1", array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); - } + } - // Load data - list($rid, $status_ref) = SQL_FETCHROW($result); - $GLOBALS['refid'] = bigintval($rid); + // Load data + list($rid, $status_ref) = SQL_FETCHROW($result); + $GLOBALS['refid'] = bigintval($rid); - // Free memory - SQL_FREERESULT($result); - } // END - if - - // Init userid - $uid = 0; - - // If no account was found set default refid and status to CONFIRMED - if (empty($GLOBALS['refid'])) { - $GLOBALS['refid'] = getConfig('def_refid'); - $status = 'CONFIRMED'; - } // END - if - - // Begin with doubler script... - if (isFormSent()) { - // Secure points (so only integer/double values are allowed - REQUEST_SET_POST('points', bigintval(REQUEST_POST('points'))); - - // Begin with doubling process - if ((REQUEST_ISSET_POST(('userid'))) && (REQUEST_ISSET_POST(('pass'))) && (REQUEST_ISSET_POST(('points')))) { - // Probe for nickname extension and if a nickname was entered - $probe_nickname = ((EXT_IS_ACTIVE('nickname')) && ((''.round(REQUEST_POST('userid')).'') != REQUEST_POST('userid'))); - if ($probe_nickname) { - // Nickname in URL, so load the ID - $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", + // Free memory + SQL_FREERESULT($result); +} // END - if + +// Init userid +$uid = 0; + +// If no account was found set default refid and status to CONFIRMED +if (empty($GLOBALS['refid'])) { + $GLOBALS['refid'] = getConfig('def_refid'); + $status = 'CONFIRMED'; +} // END - if + +// Begin with doubler script... +if (isFormSent()) { + // Secure points (so only integer/double values are allowed + REQUEST_SET_POST('points', bigintval(REQUEST_POST('points'))); + + // Begin with doubling process + if ((REQUEST_ISSET_POST('userid')) && (REQUEST_ISSET_POST('pass')) && (REQUEST_ISSET_POST('points'))) { + // Probe for nickname extension and if a nickname was entered + if (isNickNameUsed(REQUEST_POST('userid'))) { + // Nickname in URL, so load the ID + $result = SQL_QUERY_ESC("SELECT `userid`, `status`, `password` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `nickname`='%s' LIMIT 1", array(REQUEST_POST('userid')), __FILE__, __LINE__); - } else { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", + } else { + // Direct userid entered + $result = SQL_QUERY_ESC("SELECT `userid`, `status, `password` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1", array(bigintval(REQUEST_POST('userid'))), __FILE__, __LINE__); - } + } - // Load data - list($uid, $status, $password) = SQL_FETCHROW($result); - $uid = bigintval($uid); + // Load data + list($uid, $status, $password) = SQL_FETCHROW($result); + $uid = bigintval($uid); - // Free result - SQL_FREERESULT($result); + // Free result + SQL_FREERESULT($result); - // Remove any dots and unwanted chars from the points - REQUEST_SET_POST('points', bigintval(round(convertCommaToDot(REQUEST_POST('points'))))); + // Remove any dots and unwanted chars from the points + REQUEST_SET_POST('points', bigintval(round(convertCommaToDot(REQUEST_POST('points'))))); - // Probe for enough points - $probe_points = ((REQUEST_POST('points') >= getConfig('doubler_min')) && (REQUEST_POST('points') <= getConfig('doubler_max'))); + // Probe for enough points + $probe_points = ((REQUEST_POST('points') >= getConfig('doubler_min')) && (REQUEST_POST('points') <= getConfig('doubler_max'))); - // Check all together - if ((!empty($uid)) && ($password == generateHash(REQUEST_POST('pass'), substr($password, 0, -40))) && ($status == 'CONFIRMED') && ($probe_points)) { - // Nickname resolved to a unique userid or direct userid entered by the member - $GLOBALS['doubler_uid'] = $uid; + // Check all together + if ((!empty($uid)) && ($password == generateHash(REQUEST_POST('pass'), substr($password, 0, -40))) && ($status == 'CONFIRMED') && ($probe_points)) { + // Nickname resolved to a unique userid or direct userid entered by the member + $GLOBALS['doubler_uid'] = $uid; - // Calulcate points - $points = GET_TOTAL_DATA($uid, 'user_points', 'points') - GET_TOTAL_DATA($uid, 'user_data', 'used_points'); + // Calulcate points + $points = GET_TOTAL_DATA($uid, 'user_points', 'points') - GET_TOTAL_DATA($uid, 'user_data', 'used_points'); - // So let's continue with probing his points amount - if (($points - getConfig('doubler_left') - REQUEST_POST('points') * getConfig('doubler_charge')) >= 0) + // So let's continue with probing his points amount + if (($points - getConfig('doubler_left') - REQUEST_POST('points') * getConfig('doubler_charge')) >= 0) // Enough points are left so let's continue with the doubling process // Create doubling "account" width *DOUBLED* points - SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s','%s','%s','".detectRemoteAddr()."', UNIX_TIMESTAMP(), 'N','N')", - array($uid, bigintval($GLOBALS['refid']), bigintval(REQUEST_POST('points') * 2)), __FILE__, __LINE__); + SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (`userid`, `refid`, `points`, `remote_ip`, `timemark`, `completed`, `is_ref`) VALUES ('%s','%s','%s','".detectRemoteAddr()."', UNIX_TIMESTAMP(), 'N','N')", + array($uid, bigintval($GLOBALS['refid']), bigintval(REQUEST_POST('points') * 2)), __FILE__, __LINE__); // Subtract entered points SUB_POINTS('doubler', $uid, REQUEST_POST('points')); @@ -151,11 +149,11 @@ if (isInstalled()) { // Add second line for the referal but only when uid != refid if (($GLOBALS['refid'] > 0) && ($GLOBALS['refid'] != $uid)) { // Okay add a refid line and apply refid percents - SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s',0,'%s','".detectRemoteAddr()."',UNIX_TIMESTAMP(),'N','Y')", - array( - bigintval($GLOBALS['refid']), - bigintval(REQUEST_POST('points') * 2 * getConfig('doubler_ref')) - ), __FILE__, __LINE__); + SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (`userid`, `refid`, `points`, `remote_ip`, `timemark`, `completed`, `is_ref`) VALUES ('%s',0,'%s','".detectRemoteAddr()."',UNIX_TIMESTAMP(),'N','Y')", + array( + bigintval($GLOBALS['refid']), + bigintval(REQUEST_POST('points') * 2 * getConfig('doubler_ref')) + ), __FILE__, __LINE__); // And that's why we don't want to you more than one referal level of doubler-points. ^^^ } // END - if @@ -184,20 +182,20 @@ if (isInstalled()) { } elseif (REQUEST_POST('points') > getConfig('doubler_max')) { // Too much points entered define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MAX')); - } elseif ($probe_nickname) { + } elseif (isNickNameUsed(REQUEST_POST('userid'))) { // Cannot resolv nickname -> userid define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_NICKNAME')); } else { // Wrong password or account not found define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_MEMBER')); } - } elseif (!REQUEST_ISSET_POST(('userid'))) { + } elseif (!REQUEST_ISSET_POST('userid')) { // Login not entered define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_LOGIN')); - } elseif (!REQUEST_ISSET_POST(('pass'))) { + } elseif (!REQUEST_ISSET_POST('pass')) { // Password not entered define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_PASSWORD')); - } elseif (!REQUEST_ISSET_POST(('points'))) { + } elseif (!REQUEST_ISSET_POST('points')) { // points not entered define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_POINTS')); } @@ -268,17 +266,11 @@ define('__DOUBLER_COUNTER', getConfig('doubler_counter')); define('__LEFT_VALUE', translateComma(DOUBLER_GET_TOTAL_POINTS_LEFT())); // Output neccessary form for this +// @TODO Rewrite all constants LOAD_TEMPLATE('doubler_index'); // Output footer loadIncludeOnce('inc/footer.php'); -} else { - // You have to install first! - redirectToUrl('install.php'); -} - -// Really all done here... ;-) -shutdown(); -// +// [EOF] ?>