X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=doubler.php;h=3a3cb93ba46aaf228ace04231e7d1b766a6a667f;hp=189925ac4c8dcbadcdc2bd3afcb710d65e743083;hb=e1d636846bafc8ae71855595a2a2843463025e26;hpb=a090e351c49fe021fb3064325694da03402332e0 diff --git a/doubler.php b/doubler.php index 189925ac4c..3a3cb93ba4 100644 --- a/doubler.php +++ b/doubler.php @@ -36,13 +36,11 @@ * MA 02110-1301 USA * ************************************************************************/ -// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) ) +// Load security stuff here require('inc/libs/security_functions.php'); -// Init "action" and "what" +// Init start time $GLOBALS['startTime'] = microtime(true); -$GLOBALS['what'] = ''; -$GLOBALS['action'] = ''; // Set module $GLOBALS['module'] = 'doubler'; @@ -50,203 +48,202 @@ $GLOBALS['refid'] = 0; $GLOBALS['output_mode'] = 0; // Load the required file(s) -require('inc/config.php'); +require('inc/config-global.php'); // Is the 'doubler' extension active? -REDIRECT_ON_UNINSTALLED_EXTENSION('doubler'); +redirectOnUninstalledExtension('doubler'); // Is the script installed? -if (isInstalled()) { - // Probe for referal ID - if (REQUEST_ISSET_GET(('refid'))) $GLOBALS['refid'] = REQUEST_GET(('refid')); +if (!isInstalled()) { + // You have to install first! + redirectToUrl('install.php'); +} // END - if + +// Probe for referal ID +if (REQUEST_ISSET_GET(('refid'))) $GLOBALS['refid'] = REQUEST_GET(('refid')); + +// Only check this if refid is provided! +if ($GLOBALS['refid'] > 0) { + // Do we have nickname or userid set? + if (isNicknameUsed($GLOBALS['refid'])) { + // Nickname in URL, so load the ID + $result = SQL_QUERY_ESC("SELECT userid, status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", + array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); + } else { + // Direct userid entered + $result = SQL_QUERY_ESC("SELECT userid, status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", + array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); + } + + // Load data + list($rid, $status_ref) = SQL_FETCHROW($result); + $GLOBALS['refid'] = bigintval($rid); + + // Free memory + SQL_FREERESULT($result); +} // END - if - // Only check this if refid is provided! - if ($GLOBALS['refid'] > 0) { - // Probe for nickname extension and if a nickname was supplied by URL - $probe_nickname = ((EXT_IS_ACTIVE('nickname')) && ((''.round($GLOBALS['refid']).'') != $GLOBALS['refid'])); +// Init userid +$uid = 0; - // Do we have nickname or userid set? - if ($probe_nickname) { +// If no account was found set default refid and status to CONFIRMED +if (empty($GLOBALS['refid'])) { + $GLOBALS['refid'] = getConfig('def_refid'); + $status = 'CONFIRMED'; +} // END - if + +// Begin with doubler script... +if (isFormSent()) { + // Secure points (so only integer/double values are allowed + REQUEST_SET_POST('points', bigintval(REQUEST_POST('points'))); + + // Begin with doubling process + if ((REQUEST_ISSET_POST(('userid'))) && (REQUEST_ISSET_POST(('pass'))) && (REQUEST_ISSET_POST(('points')))) { + // Probe for nickname extension and if a nickname was entered + if (isNickNameUsed(REQUEST_POST('userid'))) { // Nickname in URL, so load the ID - $result = SQL_QUERY_ESC("SELECT userid, status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", - array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", + array(REQUEST_POST('userid')), __FILE__, __LINE__); } else { // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", + array(bigintval(REQUEST_POST('userid'))), __FILE__, __LINE__); } // Load data - list($rid, $status_ref) = SQL_FETCHROW($result); - $GLOBALS['refid'] = bigintval($rid); + list($uid, $status, $password) = SQL_FETCHROW($result); + $uid = bigintval($uid); - // Free memory + // Free result SQL_FREERESULT($result); - } // END - if - - // Init userid - $uid = 0; - - // If no account was found set default refid and status to CONFIRMED - if (empty($GLOBALS['refid'])) { - $GLOBALS['refid'] = getConfig('def_refid'); - $status = 'CONFIRMED'; - } // END - if - - // Begin with doubler script... - if (IS_FORM_SENT()) { - // Secure points (so only integer/double values are allowed - REQUEST_SET_POST('points', bigintval(REQUEST_POST('points'))); - - // Begin with doubling process - if ((REQUEST_ISSET_POST(('userid'))) && (REQUEST_ISSET_POST(('pass'))) && (REQUEST_ISSET_POST(('points')))) { - // Probe for nickname extension and if a nickname was entered - $probe_nickname = ((EXT_IS_ACTIVE('nickname')) && ((''.round(REQUEST_POST('userid')).'') != REQUEST_POST('userid'))); - if ($probe_nickname) { - // Nickname in URL, so load the ID - $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1", - array(REQUEST_POST('userid')), __FILE__, __LINE__); - } else { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1", - array(bigintval(REQUEST_POST('userid'))), __FILE__, __LINE__); - } - // Load data - list($uid, $status, $password) = SQL_FETCHROW($result); - $uid = bigintval($uid); - - // Free result - SQL_FREERESULT($result); - - // Remove any dots and unwanted chars from the points - REQUEST_SET_POST('points', bigintval(round(REVERT_COMMA(REQUEST_POST('points'))))); - - // Probe for enough points - $probe_points = ((REQUEST_POST('points') >= getConfig('doubler_min')) && (REQUEST_POST('points') <= getConfig('doubler_max'))); - - // Check all together - if ((!empty($uid)) && ($password == generateHash(REQUEST_POST('pass'), substr($password, 0, -40))) && ($status == 'CONFIRMED') && ($probe_points)) { - // Nickname resolved to a unique userid or direct userid entered by the member - $GLOBALS['doubler_uid'] = $uid; - - // Calulcate points - $points = GET_TOTAL_DATA($uid, 'user_points', 'points') - GET_TOTAL_DATA($uid, 'user_data', 'used_points'); - - // So let's continue with probing his points amount - if (($points - getConfig('doubler_left') - REQUEST_POST('points') * getConfig('doubler_charge')) >= 0) - // Enough points are left so let's continue with the doubling process - // Create doubling "account" width *DOUBLED* points - SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s','%s','%s','".GET_REMOTE_ADDR()."', UNIX_TIMESTAMP(), 'N','N')", - array($uid, bigintval($GLOBALS['refid']), bigintval(REQUEST_POST('points') * 2)), __FILE__, __LINE__); - - // Subtract entered points - SUB_POINTS('doubler', $uid, REQUEST_POST('points')); - - // Add points to "total payed" including charge - $points = REQUEST_POST('points') - REQUEST_POST('points') * getConfig('doubler_charge'); - UPDATE_CONFIG('doubler_points', $points, '+'); - incrementConfigEntry('doubler_points', $points); - - // Add second line for the referal but only when uid != refid - if (($GLOBALS['refid'] > 0) && ($GLOBALS['refid'] != $uid)) { - // Okay add a refid line and apply refid percents - SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s',0,'%s','".GET_REMOTE_ADDR()."',UNIX_TIMESTAMP(),'N','Y')", - array( - bigintval($GLOBALS['refid']), - bigintval(REQUEST_POST('points') * 2 * getConfig('doubler_ref')) - ), __FILE__, __LINE__); - - // And that's why we don't want to you more than one referal level of doubler-points. ^^^ - } // END - if - - // Update usage counter - UPDATE_CONFIG('doubler_counter', 1, '+'); - - // Set constant - define('__DOUBLER_MSG', LOAD_TEMPLATE('doubler_reflink', true, REQUEST_POST('userid'))); - } else { - // Not enougth points left - define('__ERROR_MSG', getMessage('DOUBLER_FORM_NO_POINTS_LEFT')); - } - } elseif ($status == 'CONFIRMED') { - // Account is unconfirmed! - define('__ERROR_MSG', getMessage('DOUBLER_FORM_WRONG_PASS')); - } elseif ($status == 'UNCONFIRMED') { - // Account is unconfirmed! - define('__ERROR_MSG', getMessage('DOUBLER_FORM_STATUS_UNCONFIRMED')); - } elseif ($status == 'LOCKED') { - // Account is locked by admin / holiday! - define('__ERROR_MSG', getMessage('DOUBLER_FORM_STATUS_LOCKED')); - } elseif (REQUEST_POST('points') < getConfig('doubler_min')) { - // Not enougth points entered - define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MIN')); - } elseif (REQUEST_POST('points') > getConfig('doubler_max')) { - // Too much points entered - define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MAX')); - } elseif ($probe_nickname) { - // Cannot resolv nickname -> userid - define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_NICKNAME')); + // Remove any dots and unwanted chars from the points + REQUEST_SET_POST('points', bigintval(round(convertCommaToDot(REQUEST_POST('points'))))); + + // Probe for enough points + $probe_points = ((REQUEST_POST('points') >= getConfig('doubler_min')) && (REQUEST_POST('points') <= getConfig('doubler_max'))); + + // Check all together + if ((!empty($uid)) && ($password == generateHash(REQUEST_POST('pass'), substr($password, 0, -40))) && ($status == 'CONFIRMED') && ($probe_points)) { + // Nickname resolved to a unique userid or direct userid entered by the member + $GLOBALS['doubler_uid'] = $uid; + + // Calulcate points + $points = GET_TOTAL_DATA($uid, 'user_points', 'points') - GET_TOTAL_DATA($uid, 'user_data', 'used_points'); + + // So let's continue with probing his points amount + if (($points - getConfig('doubler_left') - REQUEST_POST('points') * getConfig('doubler_charge')) >= 0) + // Enough points are left so let's continue with the doubling process + // Create doubling "account" width *DOUBLED* points + SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s','%s','%s','".detectRemoteAddr()."', UNIX_TIMESTAMP(), 'N','N')", + array($uid, bigintval($GLOBALS['refid']), bigintval(REQUEST_POST('points') * 2)), __FILE__, __LINE__); + + // Subtract entered points + SUB_POINTS('doubler', $uid, REQUEST_POST('points')); + + // Add points to "total payed" including charge + $points = REQUEST_POST('points') - REQUEST_POST('points') * getConfig('doubler_charge'); + updateConfiguration('doubler_points', $points, '+'); + incrementConfigEntry('doubler_points', $points); + + // Add second line for the referal but only when uid != refid + if (($GLOBALS['refid'] > 0) && ($GLOBALS['refid'] != $uid)) { + // Okay add a refid line and apply refid percents + SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s',0,'%s','".detectRemoteAddr()."',UNIX_TIMESTAMP(),'N','Y')", + array( + bigintval($GLOBALS['refid']), + bigintval(REQUEST_POST('points') * 2 * getConfig('doubler_ref')) + ), __FILE__, __LINE__); + + // And that's why we don't want to you more than one referal level of doubler-points. ^^^ + } // END - if + + // Update usage counter + updateConfiguration('doubler_counter', 1, '+'); + + // Set constant + define('__DOUBLER_MSG', LOAD_TEMPLATE('doubler_reflink', true, REQUEST_POST('userid'))); } else { - // Wrong password or account not found - define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_MEMBER')); + // Not enougth points left + define('__ERROR_MSG', getMessage('DOUBLER_FORM_NO_POINTS_LEFT')); } - } elseif (!REQUEST_ISSET_POST(('userid'))) { - // Login not entered - define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_LOGIN')); - } elseif (!REQUEST_ISSET_POST(('pass'))) { - // Password not entered - define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_PASSWORD')); - } elseif (!REQUEST_ISSET_POST(('points'))) { - // points not entered - define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_POINTS')); + } elseif ($status == 'CONFIRMED') { + // Account is unconfirmed! + define('__ERROR_MSG', getMessage('DOUBLER_FORM_WRONG_PASS')); + } elseif ($status == 'UNCONFIRMED') { + // Account is unconfirmed! + define('__ERROR_MSG', getMessage('DOUBLER_FORM_STATUS_UNCONFIRMED')); + } elseif ($status == 'LOCKED') { + // Account is locked by admin / holiday! + define('__ERROR_MSG', getMessage('DOUBLER_FORM_STATUS_LOCKED')); + } elseif (REQUEST_POST('points') < getConfig('doubler_min')) { + // Not enougth points entered + define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MIN')); + } elseif (REQUEST_POST('points') > getConfig('doubler_max')) { + // Too much points entered + define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MAX')); + } elseif (isNickNameUsed(REQUEST_POST('userid'))) { + // Cannot resolv nickname -> userid + define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_NICKNAME')); + } else { + // Wrong password or account not found + define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_MEMBER')); } + } elseif (!REQUEST_ISSET_POST(('userid'))) { + // Login not entered + define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_LOGIN')); + } elseif (!REQUEST_ISSET_POST(('pass'))) { + // Password not entered + define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_PASSWORD')); + } elseif (!REQUEST_ISSET_POST(('points'))) { + // points not entered + define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_POINTS')); } +} - // Set messages to nothing - if (!defined('__DOUBLER_MSG')) define('__DOUBLER_MSG', ''); - if (!defined('__ERROR_MSG')) define('__ERROR_MSG' , ''); +// Set messages to nothing +if (!defined('__DOUBLER_MSG')) define('__DOUBLER_MSG', ''); +if (!defined('__ERROR_MSG')) define('__ERROR_MSG' , ''); - // Shall I check for points immediately? - if (getConfig('doubler_send_mode') == 'DIRECT') LOAD_INC('inc/doubler_send.php'); +// Shall I check for points immediately? +if (getConfig('doubler_send_mode') == 'DIRECT') loadInclude('inc/doubler_send.php'); - // Output header - LOAD_INC('inc/header.php'); +// Output header +loadIncludeOnce('inc/header.php'); - // Banner in text - define('__DOUBLER_BANNER', LOAD_TEMPLATE('doubler_banner', true)); +// Banner in text +define('__DOUBLER_BANNER', LOAD_TEMPLATE('doubler_banner', true)); - // Load header/footer templates - define('__DOUBLER_HEADER', LOAD_TEMPLATE('doubler_header', true)); - define('__DOUBLER_FOOTER', LOAD_TEMPLATE('doubler_footer', true)); +// Load header/footer templates +define('__DOUBLER_HEADER', LOAD_TEMPLATE('doubler_header', true)); +define('__DOUBLER_FOOTER', LOAD_TEMPLATE('doubler_footer', true)); - if (!empty($uid)) { - // Transfer userid/nickname to constant - define('__REFID', $uid); - } else { - // Transfer userid/nickname to constant - define('__REFID', $GLOBALS['refid']); - } +if (!empty($uid)) { + // Transfer userid/nickname to constant + define('__REFID', $uid); +} else { + // Transfer userid/nickname to constant + define('__REFID', $GLOBALS['refid']); +} - // Percent values etc. - define('__CHARGE_VALUE', TRANSLATE_COMMA(getConfig('doubler_charge') * 100)); - define('__REF_VALUE' , TRANSLATE_COMMA(getConfig('doubler_ref') * 100)); - define('__TOTAL_VALUE' , TRANSLATE_COMMA(getConfig('doubler_points'))); - define('__MIN_VALUE' , TRANSLATE_COMMA(getConfig('doubler_min'))); - define('__MAX_VALUE' , TRANSLATE_COMMA(getConfig('doubler_max'))); - - // Text "Enter login" - if (EXT_IS_ACTIVE('nickname')) { - // Choose login/nickname - define('DOUBLER_ENTER_LOGIN', getMessage('GUEST_ENTER_LOGIN_NICKNAME')); - } else { - // Simple login ID - define('DOUBLER_ENTER_LOGIN', getMessage('GUEST_ENTER_LOGIN')); - } +// Percent values etc. +define('__CHARGE_VALUE', translateComma(getConfig('doubler_charge') * 100)); +define('__REF_VALUE' , translateComma(getConfig('doubler_ref') * 100)); +define('__TOTAL_VALUE' , translateComma(getConfig('doubler_points'))); +define('__MIN_VALUE' , translateComma(getConfig('doubler_min'))); +define('__MAX_VALUE' , translateComma(getConfig('doubler_max'))); + +// Text "Enter login" +if (EXT_IS_ACTIVE('nickname')) { + // Choose login/nickname + define('DOUBLER_ENTER_LOGIN', getMessage('GUEST_ENTER_LOGIN_NICKNAME')); +} else { + // Simple login ID + define('DOUBLER_ENTER_LOGIN', getMessage('GUEST_ENTER_LOGIN')); +} - // Which mail-send-mode did the admin setup? - switch (getConfig('doubler_send_mode')) - { +// Which mail-send-mode did the admin setup? +switch (getConfig('doubler_send_mode')) { case 'DIRECT': define('DOUBLER_PAYOUT_TIME', getMessage('DOUBLER_PAYOUT_TIME_DIRECT')); break; @@ -254,32 +251,26 @@ if (isInstalled()) { case 'RESET': define('DOUBLER_PAYOUT_TIME', getMessage('DOUBLER_PAYOUT_TIME_RESET')); break; - } - - // Generate table with already payed out doubles - define('__DOUBLER_PAYOUT_HISTORY', DOUBLER_GENERATE_TABLE('0', 'Y', 'N', 'DESC')); +} - // Generate timemark - define('__TIMEOUT_MARK', CREATE_FANCY_TIME(getConfig('doubler_timeout'))); +// Generate table with already payed out doubles +define('__DOUBLER_PAYOUT_HISTORY', DOUBLER_GENERATE_TABLE('0', 'Y', 'N', 'DESC')); - // Usage counter - define('__DOUBLER_COUNTER', getConfig('doubler_counter')); +// Generate timemark +define('__TIMEOUT_MARK', createFancyTime(getConfig('doubler_timeout'))); - // Points left to doubler - define('__LEFT_VALUE', TRANSLATE_COMMA(DOUBLER_GET_TOTAL_POINTS_LEFT())); +// Usage counter +define('__DOUBLER_COUNTER', getConfig('doubler_counter')); - // Output neccessary form for this - LOAD_TEMPLATE('doubler_index'); +// Points left to doubler +define('__LEFT_VALUE', translateComma(DOUBLER_GET_TOTAL_POINTS_LEFT())); - // Output footer - LOAD_INC('inc/footer.php'); -} else { - // You have to install first! - LOAD_URL('install.php'); -} +// Output neccessary form for this +// @TODO Rewrite all constants +LOAD_TEMPLATE('doubler_index'); -// Really all done here... ;-) -shutdown(); +// Output footer +loadIncludeOnce('inc/footer.php'); -// +// [EOF] ?>