X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fsponsor_functions.php;h=5c511f85a61e96b1f2ebc002d527657b07b1f2b0;hp=e9df50e78bf578eef1f0778a4eeaa276715433a4;hb=076e28c32b079b93b73a67b0c8710d65596b76a9;hpb=89edd713e330fd16e8da1edeadfd5046296ff0d2 diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php index e9df50e78b..5c511f85a6 100644 --- a/inc/libs/sponsor_functions.php +++ b/inc/libs/sponsor_functions.php @@ -31,11 +31,11 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php"; require($INC); } + // function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) { @@ -81,7 +81,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST SQL_FREERESULT($result); // Yes, he is! - if (($_GET['what'] == "add_sponsor") || ($NO_UPDATE)) + if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) { // Already found! $ALREADY = true; @@ -181,7 +181,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Add new sponsor, first add more data $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time(); $DATA['keys'][] = "status"; - if ((!$NO_UPDATE) && (IS_ADMIN()) && ($_GET['what'] == "add_sponsor")) + if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) { // Only allowed for admin $DATA['values'][] = "PENDING"; @@ -193,9 +193,9 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Generate hash code $DATA['keys'][] = "hash"; - $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time()); + $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); $DATA['keys'][] = "remote_addr"; - $DATA['values'][] = $_SERVER['REMOTE_ADDR']; + $DATA['values'][] = GET_REMOTE_ADDR(); } // Implode all data into strings @@ -203,7 +203,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST $VALUES = str_repeat("%s', '", count($DATA['values']) - 1); // Generate string - $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES('".$VALUES."%s')"; + $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')"; // Generate message $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs); @@ -283,6 +283,7 @@ function SPONSOR_TRANSLATE_STATUS($status) break; default: + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status)); $ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2; break; } @@ -471,7 +472,7 @@ function SPONSOR_SAVE_DATA($POST, $content) // Unsecure data which we don't want $UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count', - 'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old', + 'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old', 'ok', 'pass1', 'pass2'); // Set default message ("not saved") @@ -524,7 +525,7 @@ function SPONSOR_SAVE_DATA($POST, $content) $SQL .= " status='EMAIL', hash='%s',"; // Generate hash code - $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time()); + $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); $DATA[] = $HASH; } } @@ -538,7 +539,7 @@ function SPONSOR_SAVE_DATA($POST, $content) $DATA[] = $_COOKIE['sponsorpass']; // Saving data was completed... ufff... - switch ($_GET['what']) + switch ($GLOBALS['what']) { case "account": // Change account data if ($EMAIL) @@ -567,7 +568,8 @@ function SPONSOR_SAVE_DATA($POST, $content) break; default: // Unknown sponsor what value! - $MSG = SPONSOR_UNKNOWN_WHAT_1.$_GET['what'].SPONSOR_UNKNOWN_WHAT_2; + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what'])); + $MSG = SPONSOR_UNKNOWN_WHAT_1.$GLOBALS['what'].SPONSOR_UNKNOWN_WHAT_2; $templ = ""; $subj = ""; break; } @@ -599,7 +601,7 @@ function SPONSOR_SAVE_DATA($POST, $content) // to the old address // First to old address - switch ($_GET['what']) + switch ($GLOBALS['what']) { case "account": // Change account data $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);