X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-list_payouts.php;h=c01272ea56698fa3194e75950acfec3696af5628;hp=157025c55d0c5071fc9b42438f46980479571631;hb=d0c792100bf4b67acd1824860204929c1540f6fb;hpb=8a9324b2d931f54f54f4319fd7234910af77012c

diff --git a/inc/modules/admin/what-list_payouts.php b/inc/modules/admin/what-list_payouts.php
index 157025c55d..c01272ea56 100644
--- a/inc/modules/admin/what-list_payouts.php
+++ b/inc/modules/admin/what-list_payouts.php
@@ -32,53 +32,47 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
+
 // Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
 
 if (!empty($_GET['pid']))
 {
 	// First let's get the member's ID
-	$result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+	$result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
 	 array($_GET['pid']), __FILE__, __LINE__);
 	list($uid, $tuid, $points, $tstamp, $tpass) = SQL_FETCHROW($result);
 	SQL_FREERESULT($result);
 
 	// Obtain some data
-	if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0))
-	{
+	if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0)) {
 		// Get task ID from database
-		$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%d AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%s AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
 		 array(bigintval($uid)), __FILE__, __LINE__);
 		list($task) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
-		if (empty($task)) $task = "0";
-
-	}
-	 elseif ((empty($uid)) || ($uid == "0"))
-	{
+		if (empty($task)) $task = 0;
+	} elseif ((empty($uid)) || ($uid == "0")) {
 		// Cannot obtain member ID!
 		LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_FAILED_OBTAIN_USERID);
-	}
-	 else
-	{
+	} else {
 		// Get task ID from URL
 		$task = $_GET['task'];
 	}
-	if ((!empty($task)) && (!empty($uid)) && ($uid > 0))
-	{
+
+	if ((!empty($task)) && (!empty($uid)) && ($uid > 0)) {
 		// Load user's data
-		$result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT email, gender, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
 		 array(bigintval($uid)), __FILE__, __LINE__);
-		list($email, $sex, $surname, $family) = SQL_FETCHROW($result);
+		list($email, $gender, $surname, $family) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
 
 		// Konstante bauen
-		define('PAYOUT_USERDATA_VALUE', "<A href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".TRANSLATE_SEX($sex)." ".$surname." ".$family."</A>");
+		define('PAYOUT_USERDATA_VALUE', "<A href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".TRANSLATE_GENDER($gender)." ".$surname." ".$family."</A>");
 
 		if (($_GET['do'] == "accept") && (!empty($email)))
 		{
@@ -86,7 +80,7 @@ if (!empty($_GET['pid']))
 			if (isset($_POST['ok']))
 			{
 				// Obtain payout type and other data
-				$result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+				$result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
 				 array(bigintval($_GET['pid'])), __FILE__, __LINE__);
 				list($ptype) = SQL_FETCHROW($result);
 				SQL_FREERESULT($result);
@@ -94,7 +88,7 @@ if (!empty($_GET['pid']))
 				if (!empty($ptype))
 				{
 					// Obtain data from payout type
-					$result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+					$result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
 					 array(bigintval($ptype)), __FILE__, __LINE__);
 					list($fuid, $fpass, $eurl, $eok, $failed, $eenc, $allow) = SQL_FETCHROW($result);
 					SQL_FREERESULT($result);
@@ -124,7 +118,7 @@ if (!empty($_GET['pid']))
 						eval($eval);
 
 						// Execute transfer
-						$ret = @file($URL);
+						$ret = GET_URL($URL);
 					}
 					 else
 					{
@@ -134,21 +128,19 @@ if (!empty($_GET['pid']))
 					if ($ret[0] == $eok)
 					{
 						// Clear task
-						if ($task > 0)
-						{
-							$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
-							 array(bigintval($task)),__FILE__, __LINE__);
+						if ($task > 0) {
+							ADMIN_SOLVE_TASK($task);
 						}
 
 						// Clear payout request
-						$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%d LIMIT 1",
+						$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%s LIMIT 1",
 						 array(bigintval($_GET['pid'])), __FILE__, __LINE__);
 
 						// Send out mail
 						$msg = LOAD_EMAIL_TEMPLATE("member_payout_accepted", $_POST['text'], $uid);
 
 						// Output message
-						if ($allow == 'Y')
+						if ($allow == "Y")
 						{
 							// Banner / Textlink request
 							LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_BANNER_ACCEPTED_NOTIFIED);
@@ -186,15 +178,13 @@ if (!empty($_GET['pid']))
 			// Ok, now we can output the form or execute rejecting
 			if (isset($_POST['ok']))
 			{
-				if ($task > 0)
-				{
+				if ($task > 0) {
 					// Clear task
-					$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
-					 array(bigintval($task)), __FILE__, __LINE__);
+					ADMIN_SOLVE_TASK($task);
 				}
 
 				// Clear payout request
-				$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%d LIMIT 1",
+				$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%s LIMIT 1",
 				 array(bigintval($_GET['pid'])), __FILE__, __LINE__);
 
 				// Send out mail
@@ -253,17 +243,14 @@ ORDER BY p.payout_timestamp DESC", __FILE__, __LINE__);
 			 else
 			{
 				// Translate status
-				$evl = "\$status = PAYOUT_STATUS_".strtoupper($status).";";
-				eval($evl);
+				$status = constant('PAYOUT_STATUS_'.strtoupper($status).'');
 				$status = "<FONT class=\"admin_failed\">".$status."</FONT>";
 			}
 
 			// Nothing entered must be secured in member/what-payputs.php !
-			if ($allow == 'Y')
-			{
+			if ($allow == "Y") {
 				// Banner/Textlink views/clicks request
-				if (!empty($banner))
-				{
+				if (!empty($banner)) {
 					// Prepare array for the banner
 					$content = array(
 						'banner' => $banner,
@@ -273,9 +260,7 @@ ORDER BY p.payout_timestamp DESC", __FILE__, __LINE__);
 
 					// Load template for the banner
 					$account = LOAD_TEMPLATE("admin_list_payouts_banner", true, $content);
-				}
-				 else
-				{
+				} else {
 					// Textlink
 					$content = array(
 						'txt_link' => $alt,
@@ -286,9 +271,7 @@ ORDER BY p.payout_timestamp DESC", __FILE__, __LINE__);
 
 				// Admins can addionally test the URL for framekillers
 				$bank = "<A href=\"".FRAMETESTER($url)."\" target=\"_blank\">".CLICK_HERE."</A>";
-			}
-			 else
-			{
+			} else {
 				// e-currency payout request
 				if (empty($account)) $account = "---";
 				if (empty($bank))    $bank    = "---";