X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fsponsor_functions.php;h=85ba1734272c851b1840bb3e1dde549126b9026b;hp=e9df50e78bf578eef1f0778a4eeaa276715433a4;hb=e71e9e1380d65ccd06beef6fbc594bec10371f5f;hpb=89edd713e330fd16e8da1edeadfd5046296ff0d2 diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php index e9df50e78b..85ba173427 100644 --- a/inc/libs/sponsor_functions.php +++ b/inc/libs/sponsor_functions.php @@ -31,15 +31,18 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php"; require($INC); } + // -function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) -{ - $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false; +function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) { + // Init a lot variables + $SAVE = true; + $UPDATE = false; + $skip = false; + $ALREADY = false; $ret = "unused"; // Skip these entries @@ -54,44 +57,35 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST ); // Check if sponsor already exists - foreach ($POST as $k => $v) - { - if (!(array_search($k, $SKIPPED) > -1)) - { + foreach ($POST as $k => $v) { + if (!(array_search($k, $SKIPPED) > -1)) { // Check only posted input entries not the submit button switch ($k) { case "email": $ALREADY = false; - if (!VALIDATE_EMAIL($v)) - { + if (!VALIDATE_EMAIL($v)) { // Email address is not valid $SAVE = false; - } - else - { + } else { // Do we want to add a new sponsor or update his data? $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1", - array($POST['email']), __FILE__, __LINE__); + array($POST['email']), __FILE__, __LINE__); // Is a sponsor alread in the db? - if (SQL_NUMROWS($result) == 1) - { - // Free memory - SQL_FREERESULT($result); - + if (SQL_NUMROWS($result) == 1) { // Yes, he is! - if (($_GET['what'] == "add_sponsor") || ($NO_UPDATE)) - { + if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) { // Already found! $ALREADY = true; - } - else - { + } else { // Update his data $UPDATE = true; } } + + // Free memory + SQL_FREERESULT($result); } break; @@ -110,18 +104,17 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST default: // Test if there is are time selections $TEST = substr($k, -3); - if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v))) - { + if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v))) { // Found a multi-selection for timings? $TEST = substr($k, 0, -3); - if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2)) - { + if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2)) { // Generate timestamp $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST); $DATA['keys'][] = $TEST; $DATA['values'][] = $POST[$TEST]; // Remove data from array + // @TODO Do we still need this all? unset($POST[$TEST."_ye"]); unset($POST[$TEST."_mo"]); unset($POST[$TEST."_we"]); @@ -133,16 +126,13 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Skip adding $k = ""; $skip = true; $TEST2 = $TEST; } - } - else - { + } else { $skip = false; $TEST2 = ""; } break; } - if ((!empty($k)) && ($skip == false)) - { + if ((!empty($k)) && ($skip == false)) { // Add data $DATA['keys'][] = $k; $DATA['values'][] = $v; } @@ -150,8 +140,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST } // Save sponsor? - if ($SAVE) - { + if ($SAVE) { // Default is no force even when a guest want to abuse this force switch if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0; @@ -159,12 +148,10 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST $SQL = ""; $MSG = ""; // Update? - if ($UPDATE) - { + if ($UPDATE) { // Update his data $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET "; - foreach ($DATA['keys'] as $k => $v) - { + foreach ($DATA['keys'] as $k => $v) { $SQL .= $v."='%s', "; } @@ -173,29 +160,24 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST $DATA['values'][] = bigintval($_GET['id']); // Generate message - $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs); + $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs); $ret = "updated"; - } - elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) - { + } elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) { // Add new sponsor, first add more data $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time(); $DATA['keys'][] = "status"; - if ((!$NO_UPDATE) && (IS_ADMIN()) && ($_GET['what'] == "add_sponsor")) - { + if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) { // Only allowed for admin $DATA['values'][] = "PENDING"; - } - else - { + } elsen{ // Guest area $DATA['values'][] = "UNCONFIRMED"; // Generate hash code $DATA['keys'][] = "hash"; - $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time()); + $DATA['values'][] = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); $DATA['keys'][] = "remote_addr"; - $DATA['values'][] = $_SERVER['REMOTE_ADDR']; + $DATA['values'][] = GET_REMOTE_ADDR(); } // Implode all data into strings @@ -203,21 +185,17 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST $VALUES = str_repeat("%s', '", count($DATA['values']) - 1); // Generate string - $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES('".$VALUES."%s')"; + $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')"; // Generate message - $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs); + $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs); $ret = "added"; - } - elseif ((!$NO_UPDATE) && (IS_ADMIN())) - { + } elseif ((!$NO_UPDATE) && (IS_ADMIN())) { // Add all data as hidden data $OUT = ""; - foreach ($POST as $k => $v) - { + foreach ($POST as $k => $v) { // Do not add 'force' ! - if ($k != "force") - { + if ($k != "force") { $OUT .= "\n"; } } @@ -227,30 +205,24 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST // Ask for adding a sponsor with same email address LOAD_TEMPLATE("admin_add_sponsor_already"); return; - } - else - { + } else { // Already added! $MSG = SPONSOR_ALREADY_FOUND_1.$POST['email'].SPONSOR_ALREADY_FOUND_2; $ret = "already"; } - if (!empty($SQL)) - { + if (!empty($SQL)) { // Run SQL command $result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__); } // Output message - if ((!$NO_UPDATE) && (IS_ADMIN())) - { + if ((!$NO_UPDATE) && (IS_ADMIN())) { LOAD_TEMPLATE("admin_settings_saved", false, $MSG); } - } - else - { + } else { // Error found! - $MSG = SPONSOR_SET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs); + $MSG = SPONSOR_GET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs); LOAD_TEMPLATE("admin_settings_saved", false, $MSG); } @@ -258,8 +230,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST if ($RET_STATUS) return $ret; } // -function SPONSOR_TRANSLATE_STATUS($status) -{ +function SPONSOR_TRANSLATE_STATUS($status) { switch ($status) { case "UNCONFIRMED": @@ -283,38 +254,27 @@ function SPONSOR_TRANSLATE_STATUS($status) break; default: + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status)); $ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2; break; } return $ret; } // Search for an email address in the database -function SPONSOR_FOUND_EMAIL_DB($email) -{ - // Default status is failed (as it is always be...) - $ret = false; - - // Check for email (and secure input) - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1", - array($email), __FILE__, __LINE__); - +function SPONSOR_FOUND_EMAIL_DB ($email) { // Do we already have the provided email address in our DB? - if (SQL_NUMROWS($result) == 1) $ret = true; + $ret = (GET_TOTAL_DATA($email, "sponsor_data", "id", "email", true) == 1); // Return result return $ret; } // -function SPONSOR_SET_MESSAGE($msg, $pos, $array) -{ +function SPONSOR_GET_MESSAGE ($msg, $pos, $array) { // Check if the requested message was found in array - if (isset($array[$pos])) - { + if (isset($array[$pos])) { // ... if yes then use it! $ret = $array[$pos]; - } - else - { + } else { // ... else use default message $ret = $msg; } @@ -322,20 +282,17 @@ function SPONSOR_SET_MESSAGE($msg, $pos, $array) // Return result return $ret; } + // -function IS_SPONSOR() -{ - global $_COOKIE; +function IS_SPONSOR () { // Failed... $ret = false; - if ((!empty($_COOKIE['sponsorid'])) && (!empty($_COOKIE['sponsorpass']))) - { + if ((isSessionVariableSet('sponsorid'))) && (isSessionVariableSet('sponsorpass')))) { // Check cookies against database records... $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE id='%s' AND password='%s' AND status='CONFIRMED' LIMIT 1", - array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // All is fine $ret = true; } @@ -435,62 +392,48 @@ function GENERATE_SPONSOR_CONTENT($what) return $OUT; } // -function UPDATE_SPONSOR_LOGIN() -{ - global $_COOKIE, $_CONFIG; - - // Check if cookies are set - if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false; +function UPDATE_SPONSOR_LOGIN () { + // Failed by default + $login = false; - // Calculate cookie lifetime, maybe we have to change this so the admin can setup a - // seperate timeout for these two cookies? - $life = (time() + $_CONFIG['online_timeout']); - - // Is confirmed so both is fine and we can continue with login procedure - $login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) && - (setcookie("sponsorpass", $_COOKIE['sponsorpass'] , $life, COOKIE_PATH))); - - // Update database? - if ($login) - { + // Is sponsor? + if (IS_SPONSOR()) { // Update last online timestamp - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data -SET last_online='".time()."' + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data +SET last_online=UNIX_TIMESTAMP() WHERE id='%s' AND password='%s' LIMIT 1", - array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__); + array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__); + + // This update went fine? + $login = (SQL_AFFECTEDROWS() == 1); } // Return status return $login; } // -function SPONSOR_SAVE_DATA($POST, $content) -{ - global $_COOKIE, $_SERVER, $_GET; +function SPONSOR_SAVE_DATA ($POST, $content) { $EMAIL = false; // Unsecure data which we don't want $UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count', - 'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old', + 'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old', 'ok', 'pass1', 'pass2'); // Set default message ("not saved") $MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED; // Check for submitted passwords - if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) - { + if ((!empty($POST['pass1'])) && (!empty($POST['pass2']))) { // Are both passwords the same? - if ($_POST['pass1'] == $_POST['pass2']) - { + if ($POST['pass1'] == $POST['pass2']) { // Okay, then set password and remove pass1 and pass2 - $_POST['password'] = md5($_POST['pass1']); + $POST['password'] = md5($POST['pass1']); } } // Remove all (maybe spoofed) unsafe data from array - foreach ($UNSAFE as $remove) - { + foreach ($UNSAFE as $remove) { unset($POST[$remove]); } @@ -500,8 +443,7 @@ function SPONSOR_SAVE_DATA($POST, $content) // Prepare SQL string $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET"; - foreach ($POST as $key => $value) - { + foreach ($POST as $key => $value) { // Mmmmm, too less security here??? $SQL .= " ".strip_tags($key)."='%s',"; @@ -513,10 +455,8 @@ function SPONSOR_SAVE_DATA($POST, $content) } // Check if email has changed - if ((!empty($content['email'])) && (!empty($POST['email']))) - { - if ($content['email'] != $POST['email']) - { + if ((!empty($content['email'])) && (!empty($POST['email']))) { + if ($content['email'] != $POST['email']) { // Change email address $EMAIL = true; @@ -524,7 +464,7 @@ function SPONSOR_SAVE_DATA($POST, $content) $SQL .= " status='EMAIL', hash='%s',"; // Generate hash code - $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time()); + $HASH = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time()); $DATA[] = $HASH; } } @@ -534,15 +474,14 @@ function SPONSOR_SAVE_DATA($POST, $content) // Add SQL tail data $SQL .= " WHERE id='%s' AND password='%s' LIMIT 1"; - $DATA[] = bigintval($_COOKIE['sponsorid']); - $DATA[] = $_COOKIE['sponsorpass']; + $DATA[] = bigintval(get_session('sponsorid')); + $DATA[] = get_session('sponsorpass'); // Saving data was completed... ufff... - switch ($_GET['what']) + switch ($GLOBALS['what']) { case "account": // Change account data - if ($EMAIL) - { + if ($EMAIL) { $MSG = SPONSOR_ACCOUNT_EMAIL_CHANGED; $templ = "admin_sponsor_change_email"; $subj = ADMIN_SPONSOR_ACC_EMAIL_SUBJ; @@ -567,7 +506,8 @@ function SPONSOR_SAVE_DATA($POST, $content) break; default: // Unknown sponsor what value! - $MSG = SPONSOR_UNKNOWN_WHAT_1.$_GET['what'].SPONSOR_UNKNOWN_WHAT_2; + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what'])); + $MSG = SPONSOR_UNKNOWN_WHAT_1.$GLOBALS['what'].SPONSOR_UNKNOWN_WHAT_2; $templ = ""; $subj = ""; break; } @@ -599,7 +539,7 @@ function SPONSOR_SAVE_DATA($POST, $content) // to the old address // First to old address - switch ($_GET['what']) + switch ($GLOBALS['what']) { case "account": // Change account data $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);