X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fsponsor_functions.php;h=5c511f85a61e96b1f2ebc002d527657b07b1f2b0;hp=ac2324e567f05bb68cf33bf4a7f66003e5d37b96;hb=076e28c32b079b93b73a67b0c8710d65596b76a9;hpb=9beb33ae0c3194b05d172508768a833b1b69af2f diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php index ac2324e567..5c511f85a6 100644 --- a/inc/libs/sponsor_functions.php +++ b/inc/libs/sponsor_functions.php @@ -31,15 +31,14 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php"; require($INC); } + // function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) { - global $HTTP_GET_VARS, $_SERVER, $_COOKIE; $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false; $ret = "unused"; @@ -55,7 +54,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST ); // Check if sponsor already exists - foreach ($POST as $k=>$v) + foreach ($POST as $k => $v) { if (!(array_search($k, $SKIPPED) > -1)) { @@ -82,7 +81,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST SQL_FREERESULT($result); // Yes, he is! - if (($HTTP_GET_VARS['what'] == "add_sponsor") || ($NO_UPDATE)) + if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) { // Already found! $ALREADY = true; @@ -154,7 +153,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST if ($SAVE) { // Default is no force even when a guest want to abuse this force switch - if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = "0"; + if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0; // SQL and message string is empty by default $SQL = ""; $MSG = ""; @@ -164,14 +163,14 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST { // Update his data $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET "; - foreach ($DATA['keys'] as $k=>$v) + foreach ($DATA['keys'] as $k => $v) { $SQL .= $v."='%s', "; } // Remove last ", " from SQL string $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1"; - $DATA['values'][] = bigintval($HTTP_GET_VARS['id']); + $DATA['values'][] = bigintval($_GET['id']); // Generate message $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs); @@ -182,7 +181,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Add new sponsor, first add more data $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time(); $DATA['keys'][] = "status"; - if ((!$NO_UPDATE) && (IS_ADMIN()) && ($HTTP_GET_VARS['what'] == "add_sponsor")) + if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) { // Only allowed for admin $DATA['values'][] = "PENDING"; @@ -194,9 +193,9 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Generate hash code $DATA['keys'][] = "hash"; - $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time()); + $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); $DATA['keys'][] = "remote_addr"; - $DATA['values'][] = $_SERVER['REMOTE_ADDR']; + $DATA['values'][] = GET_REMOTE_ADDR(); } // Implode all data into strings @@ -204,7 +203,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST $VALUES = str_repeat("%s', '", count($DATA['values']) - 1); // Generate string - $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES('".$VALUES."%s')"; + $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')"; // Generate message $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs); @@ -214,7 +213,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST { // Add all data as hidden data $OUT = ""; - foreach ($POST as $k=>$v) + foreach ($POST as $k => $v) { // Do not add 'force' ! if ($k != "force") @@ -284,6 +283,7 @@ function SPONSOR_TRANSLATE_STATUS($status) break; default: + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status)); $ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2; break; } @@ -357,7 +357,7 @@ function GENERATE_SPONSOR_MENU($current) // Load main menu entries $result_main = SQL_QUERY("SELECT action, title FROM "._MYSQL_PREFIX."_sponsor_menu -WHERE what='' ".$WHERE." +WHERE (what='' OR what IS NULL) ".$WHERE." ORDER BY sort", __FILE__, __LINE__); if (SQL_NUMROWS($result_main) > 0) { @@ -366,7 +366,7 @@ ORDER BY sort", __FILE__, __LINE__); { // Load sub menus $result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu -WHERE action='%s' AND what != '' ".$WHERE." +WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE." ORDER BY sort", array($action), __FILE__, __LINE__); if (SQL_NUMROWS($result_sub) > 0) { @@ -421,16 +421,13 @@ ORDER BY sort", array($action), __FILE__, __LINE__); // function GENERATE_SPONSOR_CONTENT($what) { - global $HTTP_POST_VARS, $HTTP_GET_VARS, $CONFIG; - $FILE = PATH."inc/modules/sponsor/".$what.".php"; + global $_CONFIG; $OUT = ""; - if (@file_exists($FILE)) - { + $FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what); + if (FILE_READABLE($FILE)) { // Every sponsor action will output nothing directly. It will be written into $OUT! require_once($FILE); - } - else - { + } else { // File not found! $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2); } @@ -441,14 +438,14 @@ function GENERATE_SPONSOR_CONTENT($what) // function UPDATE_SPONSOR_LOGIN() { - global $_COOKIE, $CONFIG; + global $_COOKIE, $_CONFIG; // Check if cookies are set if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false; // Calculate cookie lifetime, maybe we have to change this so the admin can setup a // seperate timeout for these two cookies? - $life = (time() + $CONFIG['online_timeout']); + $life = (time() + $_CONFIG['online_timeout']); // Is confirmed so both is fine and we can continue with login procedure $login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) && @@ -470,25 +467,25 @@ WHERE id='%s' AND password='%s' LIMIT 1", // function SPONSOR_SAVE_DATA($POST, $content) { - global $_COOKIE, $_SERVER, $HTTP_GET_VARS; + global $_COOKIE, $_SERVER, $_GET; $EMAIL = false; // Unsecure data which we don't want $UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count', - 'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old', + 'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old', 'ok', 'pass1', 'pass2'); // Set default message ("not saved") $MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED; // Check for submitted passwords - if ((!empty($HTTP_POST_VARS['pass1'])) && (!empty($HTTP_POST_VARS['pass2']))) + if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) { // Are both passwords the same? - if ($HTTP_POST_VARS['pass1'] == $HTTP_POST_VARS['pass2']) + if ($_POST['pass1'] == $_POST['pass2']) { // Okay, then set password and remove pass1 and pass2 - $HTTP_POST_VARS['password'] = md5($HTTP_POST_VARS['pass1']); + $_POST['password'] = md5($_POST['pass1']); } } @@ -504,7 +501,7 @@ function SPONSOR_SAVE_DATA($POST, $content) // Prepare SQL string $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET"; - foreach ($POST as $key=>$value) + foreach ($POST as $key => $value) { // Mmmmm, too less security here??? $SQL .= " ".strip_tags($key)."='%s',"; @@ -528,7 +525,7 @@ function SPONSOR_SAVE_DATA($POST, $content) $SQL .= " status='EMAIL', hash='%s',"; // Generate hash code - $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time()); + $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); $DATA[] = $HASH; } } @@ -542,7 +539,7 @@ function SPONSOR_SAVE_DATA($POST, $content) $DATA[] = $_COOKIE['sponsorpass']; // Saving data was completed... ufff... - switch ($HTTP_GET_VARS['what']) + switch ($GLOBALS['what']) { case "account": // Change account data if ($EMAIL) @@ -571,7 +568,8 @@ function SPONSOR_SAVE_DATA($POST, $content) break; default: // Unknown sponsor what value! - $MSG = SPONSOR_UNKNOWN_WHAT_1.$HTTP_GET_VARS['what'].SPONSOR_UNKNOWN_WHAT_2; + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what'])); + $MSG = SPONSOR_UNKNOWN_WHAT_1.$GLOBALS['what'].SPONSOR_UNKNOWN_WHAT_2; $templ = ""; $subj = ""; break; } @@ -588,23 +586,13 @@ function SPONSOR_SAVE_DATA($POST, $content) $DATA = $POST; // Change some data - if (isset($content['salut'])) $content['salut'] = TRANSLATE_SEX($content['salut']); - if (isset($DATA['salut'])) $DATA['salut'] = TRANSLATE_SEX($DATA['salut']); + if (isset($content['gender'])) $content['gender'] = TRANSLATE_GENDER($content['gender']); + if (isset($DATA['gender'])) $DATA['gender'] = TRANSLATE_GENDER($DATA['gender']); if (isset($content['receive_warnings'])) $DATA['receive'] = TRANSLATE_YESNO($POST['receive_warnings']); if (isset($content['warning_interval'])) $DATA['interval'] = CREATE_FANCY_TIME($POST['warning_interval']); // Send email to admins - if (GET_EXT_VERSION("admins") < "0.4.1") - { - // Use old method to send out - $msg = LOAD_EMAIL_TEMPLATE($templ, $content); - SEND_ADMIN_EMAILS($subj, $msg); - } - else - { - // Use new system to send out - SEND_ADMIN_EMAILS_PRO($subj, $templ, $content); - } + SEND_ADMIN_NOTIFICATION($subj, $templ, $content); // Shall we send mail to the sponsor's new email address? if ($content['receive_warnings'] == "Y") @@ -613,7 +601,7 @@ function SPONSOR_SAVE_DATA($POST, $content) // to the old address // First to old address - switch ($HTTP_GET_VARS['what']) + switch ($GLOBALS['what']) { case "account": // Change account data $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);