X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fsponsor_functions.php;h=5c511f85a61e96b1f2ebc002d527657b07b1f2b0;hp=fdf4eb9f43b4bded1bc1104cc22545c38181eeb5;hb=808db972209a973665be5ab9d69f520762a4e087;hpb=0369c36aaab5af6ed44da1e13a53baef285f79b4

diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php
index fdf4eb9f43..5c511f85a6 100644
--- a/inc/libs/sponsor_functions.php
+++ b/inc/libs/sponsor_functions.php
@@ -31,11 +31,11 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
 	require($INC);
 }
+
 //
 function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
 {
@@ -81,7 +81,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 						SQL_FREERESULT($result);
 
 						// Yes, he is!
-						if (($_GET['what'] == "add_sponsor") || ($NO_UPDATE))
+						if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE))
 						{
 							// Already found!
 							$ALREADY = true;
@@ -181,7 +181,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 			// Add new sponsor, first add more data
 			$DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
 			$DATA['keys'][] = "status";
-			if ((!$NO_UPDATE) && (IS_ADMIN()) && ($_GET['what'] == "add_sponsor"))
+			if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor"))
 			{
 				// Only allowed for admin
 				$DATA['values'][] = "PENDING";
@@ -193,9 +193,9 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 
 				// Generate hash code
 				$DATA['keys'][] = "hash";
-				$DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
+				$DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
 				$DATA['keys'][] = "remote_addr";
-				$DATA['values'][] = $_SERVER['REMOTE_ADDR'];
+				$DATA['values'][] = GET_REMOTE_ADDR();
 			}
 
 			// Implode all data into strings
@@ -203,7 +203,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
 			$VALUES = str_repeat("%s', '", count($DATA['values']) - 1);
 
 			// Generate string
-			$SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES('".$VALUES."%s')";
+			$SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')";
 
 			// Generate message
 			$MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
@@ -283,6 +283,7 @@ function SPONSOR_TRANSLATE_STATUS($status)
 		break;
 
 	default:
+		DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
 		$ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2;
 		break;
 	}
@@ -365,7 +366,7 @@ ORDER BY sort", __FILE__, __LINE__);
 		{
 			// Load sub menus
 			$result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE action='%s' AND what != '' ".$WHERE."
+WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE."
 ORDER BY sort", array($action), __FILE__, __LINE__);
 			if (SQL_NUMROWS($result_sub) > 0)
 			{
@@ -420,7 +421,7 @@ ORDER BY sort", array($action), __FILE__, __LINE__);
 //
 function GENERATE_SPONSOR_CONTENT($what)
 {
-	global $HTTP_POST_VARS, $_GET, $CONFIG;
+	global $_CONFIG;
 	$OUT = "";
 	$FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
 	if (FILE_READABLE($FILE)) {
@@ -437,14 +438,14 @@ function GENERATE_SPONSOR_CONTENT($what)
 //
 function UPDATE_SPONSOR_LOGIN()
 {
-	global $_COOKIE, $CONFIG;
+	global $_COOKIE, $_CONFIG;
 
 	// Check if cookies are set
 	if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
 
 	// Calculate cookie lifetime, maybe we have to change this so the admin can setup a
 	// seperate timeout for these two cookies?
-	$life = (time() + $CONFIG['online_timeout']);
+	$life = (time() + $_CONFIG['online_timeout']);
 
 	// Is confirmed so both is fine and we can continue with login procedure
 	$login = ((setcookie("sponsorid"  , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
@@ -471,7 +472,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
 
 	// Unsecure data which we don't want
 	$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
-	                'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old',
+	                'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
 	                'ok', 'pass1', 'pass2');
 
 	// Set default message ("not saved")
@@ -524,7 +525,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
 			$SQL .= " status='EMAIL', hash='%s',";
 
 			// Generate hash code
-			$HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
+			$HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
 			$DATA[] = $HASH;
 		}
 	}
@@ -538,7 +539,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
 	$DATA[] = $_COOKIE['sponsorpass'];
 
 	// Saving data was completed... ufff...
-	switch ($_GET['what'])
+	switch ($GLOBALS['what'])
 	{
 	case "account": // Change account data
 		if ($EMAIL)
@@ -567,7 +568,8 @@ function SPONSOR_SAVE_DATA($POST, $content)
 		break;
 
 	default: // Unknown sponsor what value!
-		$MSG = SPONSOR_UNKNOWN_WHAT_1.$_GET['what'].SPONSOR_UNKNOWN_WHAT_2;
+		DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what']));
+		$MSG = SPONSOR_UNKNOWN_WHAT_1.$GLOBALS['what'].SPONSOR_UNKNOWN_WHAT_2;
 		$templ = ""; $subj = "";
 		break;
 	}
@@ -584,8 +586,8 @@ function SPONSOR_SAVE_DATA($POST, $content)
 			$DATA = $POST;
 
 			// Change some data
-			if (isset($content['salut'])) $content['salut'] = TRANSLATE_SEX($content['salut']);
-			if (isset($DATA['salut']))    $DATA['salut']    = TRANSLATE_SEX($DATA['salut']);
+			if (isset($content['gender'])) $content['gender'] = TRANSLATE_GENDER($content['gender']);
+			if (isset($DATA['gender']))    $DATA['gender']    = TRANSLATE_GENDER($DATA['gender']);
 			if (isset($content['receive_warnings'])) $DATA['receive']     = TRANSLATE_YESNO($POST['receive_warnings']);
 			if (isset($content['warning_interval'])) $DATA['interval']    = CREATE_FANCY_TIME($POST['warning_interval']);
 
@@ -599,7 +601,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
 				// to the old address
 
 				// First to old address
-				switch ($_GET['what'])
+				switch ($GLOBALS['what'])
 				{
 				case "account": // Change account data
 					$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);