X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmysql-manager.php;h=1d87752921cfa0fab7d0b9b37cfc618e05ccb2e8;hp=593e21e0295076ec8c555f1c7b1a459850dfe5fe;hb=8a2ab6a6beb399e024ec5a56b487b03c4f65551c;hpb=5ef6ed7373ae85e5635e39e2a0adf9496a8add05;ds=sidebyside diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 593e21e029..1d87752921 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -79,9 +79,8 @@ function ADD_MODULE_TITLE($mod) } return $name; } -// -function CHECK_MODULE($mod) -{ +// Check validity of a given module name (no file extension) +function CHECK_MODULE($mod) { // We need them now here... global $MODULES, $CONFIG, $CACHE; @@ -89,17 +88,15 @@ function CHECK_MODULE($mod) $mod = preg_replace("/[^a-z_]/", "", $mod); // Check for prefix is a extension... - $MOD_SPLIT = explode("_", $mod); + $modSplit = explode("_", $mod); $extension = ""; $mod_chk = $mod; - //* DEBUG: */ echo __LINE__."*".count($MOD_SPLIT)."*/".$mod."*
"; - if (count($MOD_SPLIT) == 2) - { + //* DEBUG: */ echo __LINE__."*".count($modSplit)."*/".$mod."*
"; + if (count($modSplit) == 2) { // Okay, there is a seperator (_) in the name so is the first part a module? - //* DEBUG: */ echo __LINE__."*".$MOD_SPLIT[0]."*
"; - if (EXT_IS_ACTIVE($MOD_SPLIT[0])) - { + //* DEBUG: */ echo __LINE__."*".$modSplit[0]."*
"; + if (EXT_IS_ACTIVE($modSplit[0])) { // The prefix is an extension's name, so let's set it - $extension = $MOD_SPLIT[0]; $mod = $MOD_SPLIT[1]; + $extension = $modSplit[0]; $mod = $modSplit[1]; } } @@ -111,8 +108,7 @@ function CHECK_MODULE($mod) // Check if cache is latest version $locked = 'Y'; $hidden = 'N'; $admin = 'N'; $mem = 'N'; $found = false; - if ((GET_EXT_VERSION("cache") >= "0.1.2") && (is_array($MODULES['module']))) - { + if ((GET_EXT_VERSION("cache") >= "0.1.2") && (is_array($MODULES['module']))) { // Is the module cached? if (isset($MODULES['locked'][$mod_chk])) { // Check cache @@ -128,13 +124,10 @@ function CHECK_MODULE($mod) // No, then we have to update it! $ret = "cache_miss"; } - } - else - { + } else { // Check for module in database $result = SQL_QUERY_ESC("SELECT locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE module='%s' LIMIT 1", array($mod_chk), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Read data list($locked, $hidden, $admin, $mem) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -145,33 +138,24 @@ function CHECK_MODULE($mod) // Check returned values against current access permissions // // Admin access ----- Guest access ----- --- Guest or member? --- - if ((IS_ADMIN()) || (($locked == 'N') && ($admin == 'N') && (($mem == 'N') || (IS_LOGGED_IN())))) - { + if ((IS_ADMIN()) || (($locked == 'N') && ($admin == 'N') && (($mem == 'N') || (IS_LOGGED_IN())))) { // If you are admin you are welcome for everything! $ret = "done"; - } - elseif ($locked == 'Y') - { + } elseif ($locked == 'Y') { // Module is locked $ret = "locked"; - } - elseif (($mem == 'Y') && (!IS_LOGGED_IN())) - { + } elseif (($mem == 'Y') && (!IS_LOGGED_IN())) { // You have to login first! $ret = "mem_only"; - } - elseif (($admin == 'Y') && (!IS_ADMIN())) - { + } elseif (($admin == 'Y') && (!IS_ADMIN())) { // Only the Admin is allowed to enter this module! $ret = "admin_only"; } // Still no luck or not found? - if (($ret == "major") || ($ret == "cache_miss") || (!$found)) - { + if (($ret == "major") || ($ret == "cache_miss") || (!$found)) { // ----- Legacy module ----- ---- Module in base folder ---- --- Module with extension's name --- - if ((file_exists(PATH."inc/modules/".$mod.".php")) || (file_exists(PATH.$mod.".php")) || (file_exists(PATH.$extension."/".$mod.".php"))) - { + if ((file_exists(PATH."inc/modules/".$mod.".php")) || (file_exists(PATH.$mod.".php")) || (file_exists(PATH.$extension."/".$mod.".php"))) { // Data is missing so we add it if (GET_EXT_VERSION("sql_patches") >= "0.3.6") { // Since 0.3.6 we have a has_menu column, this took me a half hour @@ -212,14 +196,13 @@ function CHECK_MODULE($mod) // Return the value return $ret; } -// +// Add menu description pending on given file name (without path!) function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) { global $DEPTH, $CONFIG; $LINK_ADD = ""; $OUT = ""; $AND = ""; // First we have to do some analysis... - if (ereg("action-", $file)) - { + if (ereg("action-", $file)) { // This is an action file! $type = "action"; $search = substr($file, 7); @@ -236,9 +219,7 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) break; } $AND = " AND what=''"; - } - elseif (ereg("what-", $file)) - { + } elseif (ereg("what-", $file)) { // This is an admin what file! $type = "what"; $search = substr($file, 5); @@ -252,84 +233,67 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) case "guest": case "member": $MOD_CHECK = $GLOBALS['module']; - if (!IS_ADMIN()) - { + if (!IS_ADMIN()) { $AND = " AND visible='Y' AND locked='N'"; } break; } $DUMMY = substr($search, 0, -4); $AND .= " AND action='".GET_ACTION($ACC_LVL, $DUMMY)."'"; - } - elseif (($ACC_LVL == "sponsor") || ($ACC_LVL == "engine")) - { + } elseif (($ACC_LVL == "sponsor") || ($ACC_LVL == "engine")) { // Sponsor / engine menu $type = "what"; $search = $file; $MOD_CHECK = $GLOBALS['module']; $AND = ""; - } - else - { + } else { // Other $type = "menu"; $search = $file; $MOD_CHECK = $GLOBALS['module']; $AND = ""; } - if ((!isset($DEPTH)) && (!$return)) - { + if ((!isset($DEPTH)) && (!$return)) { $DEPTH = "0"; $prefix = "
".YOU_ARE_HERE." Home"; - } - else - { + } else { if (!$return) $DEPTH++; $prefix = ""; } $prefix .= " -> "; - if (ereg(".php", $search)) - { + if (ereg(".php", $search)) { $search = substr($search, 0, strpos($search, ".php")); } $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1", array($ACC_LVL, $type, $search), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { list($ret) = SQL_FETCHROW($result); SQL_FREERESULT($result); - if ($return) - { + if ($return) { // Return title return $ret; - } - elseif (((GET_EXT_VERSION("sql_patches") >= "0.2.3") && ($CONFIG['youre_here'] == 'Y')) || ((IS_ADMIN()) && ($MOD_CHECK == "admin"))) - { + } elseif (((GET_EXT_VERSION("sql_patches") >= "0.2.3") && ($CONFIG['youre_here'] == 'Y')) || ((IS_ADMIN()) && ($MOD_CHECK == "admin"))) { // Output HTML code $OUT = $prefix."".$ret."\n"; //* DEBUG: */ echo __LINE__."*".$type."/".$GLOBALS['what']."*
\n"; if (($type == "what") || (($type == "action") && (!isset($_GET['what'])) && ($GLOBALS['what'] != "welcome"))) { //* DEBUG: */ echo __LINE__."+".$type."+
\n"; - $OUT .= "

\n"; + $OUT .= "
\n"; } } } // Return or output HTML code? - if ($output) - { + if ($output) { // Output HTML code here OUTPUT_HTML($OUT); - } - else - { + } else { // Return HTML code return $OUT; } } // -function ADD_MENU($MODE, $act, $wht) -{ +function ADD_MENU($MODE, $act, $wht) { global $CONFIG; if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID; $main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = ""; @@ -366,66 +330,41 @@ function ADD_MENU($MODE, $act, $wht) //* DEBUG: */ echo __LINE__.":!!!!".$sub_what."!!!
\n"; $test_inc = sprintf("%sinc/modules/%s/what-%s.php", PATH, $MODE, $sub_what); $test = (file_exists($test_inc) && is_readable($test_inc)); - if ($test) - { - if ((!empty($wht)) && (($wht == $sub_what))) - { + if ($test) { + if ((!empty($wht)) && (($wht == $sub_what))) { $content = ""; } // Navigation link - $content .= ""; + } else { $content .= ""; } // Menu title $content .= $CONFIG['middot'].$sub_title; - if ($test) - { + if ($test) { $content .= ""; - } - else - { + } else { $content .= ""; } - if ((!empty($wht)) && (($wht == $sub_what))) - { + if ((!empty($wht)) && (($wht == $sub_what))) { $content .= ""; } $wht = $sub_what; $cnt++; - if ($cnt < $ctl) - { + if ($cnt < $ctl) { LOAD_TEMPLATE($MODE."_menu_row", false, $content); - } - else - { + } else { LOAD_TEMPLATE($MODE."_menu_bottom", false, $content); } } - } - else - { + } else { // This is a menu block... ;-) $BLOCK_MODE = true; $INC_BLOCK = sprintf(PATH."inc/modules/%s/action-%s.php", $MODE, $main_action); - if ((file_exists($INC_BLOCK)) && (is_readable($INC_BLOCK))) - { + if ((file_exists($INC_BLOCK)) && (is_readable($INC_BLOCK))) { // Load include file if ((!EXT_IS_ACTIVE($main_action)) || ($main_action == "online")) OUTPUT_HTML(" "); @@ -455,14 +394,14 @@ function IS_ADMIN($admin="") { global $_COOKIE, $ADMINS, $CONFIG; $ret = false; $passCookie = ""; $valPass = ""; - //* DEBUG: */ echo __LINE__."ADMIN:".$admin."
"; + //* DEBUG: */ echo __LINE__."ADMIN:".$admin."
"; // If admin login is not given take current from cookies... if ((empty($admin)) && (!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5']))) { $admin = SQL_ESCAPE($_COOKIE['admin_login']); $passCookie = $_COOKIE['admin_md5']; } - //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."
"; + //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."
"; // Search in array for entry if ((!empty($passCookie)) && (isset($ADMINS['password'][$admin])) && (!empty($admin))) @@ -796,33 +735,42 @@ function GET_MOD_DESCR($MODE, $wht) // function SEND_MODE_MAILS($mod, $modes) { - global $_COOKIE, $_POST, $CONFIG, $DATA; + global $CONFIG, $DATA; + // Load hash - $result_main = SQL_QUERY("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); - if (SQL_NUMROWS($result_main) == 1) - { - // Load hash and extract salt - list($hash) = SQL_FETCHROW($result_main); - $salt = substr($hash, 0, -40); + if (SQL_NUMROWS($result_main) == 1) { + // Load hash from database + list($hashDB) = SQL_FETCHROW($result_main); + + // Extract salt from cookie + $salt = substr($_COOKIE['u_hash'], 0, -40); // Now let's compare passwords - $hash = generateHash($_POST['pass1'], $salt); - if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) - { + $hash = generatePassString($hashDB); + if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) { // Load user's data $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1", - array($GLOBALS['userid'], $hash), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { + // Load the data $DATA = SQL_FETCHROW($result); + + // Free result SQL_FREERESULT($result); + + // Translate salutation $DATA[0] = TRANSLATE_SEX($DATA[0]); + + // Clear/init the content variable + $content = ""; + $DATA['info'] = ""; + switch ($mod) { case "mydata": - foreach ($modes as $mode) - { + foreach ($modes as $mode) { switch ($mode) { case "normal": break; // Do not add any special lines @@ -839,10 +787,9 @@ function SEND_MODE_MAILS($mod, $modes) $content = MEMBER_UNKNOWN_MODE.": ".$mode."\n\n"; break; } - } + } // END - if - if (EXT_IS_ACTIVE("country")) - { + if (EXT_IS_ACTIVE("country")) { // Replace code with description $DATA[4] = COUNTRY_GENERATE_INFO($_POST['country_code']); } @@ -850,14 +797,11 @@ function SEND_MODE_MAILS($mod, $modes) // Load template $msg = LOAD_EMAIL_TEMPLATE("member_mydata_notify", $content, $GLOBALS['userid']); - if ($CONFIG['admin_notify'] == 'Y') - { + if ($CONFIG['admin_notify'] == 'Y') { // The admin needs to be notified about a profile change $msg_admin = "admin_mydata_notify"; $sub_adm = ADMIN_CHANGED_DATA; - } - else - { + } else { // No mail to admin $msg_admin = ""; $sub_adm = ""; @@ -874,51 +818,42 @@ function SEND_MODE_MAILS($mod, $modes) $content = "".UNKNOWN_MODULE.""; break; } - } - else - { + } else { // Could not load profile data $content = "".MEMBER_CANNOT_LOAD_PROFILE.""; } - } - else - { + } else { // Passwords mismatch $content = "".MEMBER_PASSWORD_ERROR.""; } - } - else - { + } else { // Could not load profile $content = "".MEMBER_CANNOT_LOAD_PROFILE.""; } - if ((!empty($sub_mem)) && (!empty($msg))) - { + + // Send email to user if required + if ((!empty($sub_mem)) && (!empty($msg))) { // Send member mail SEND_EMAIL($DATA[7], $sub_mem, $msg); } - if ((!empty($sub_adm)) && (!empty($msg_admin))) - { - // Send admin mail - if (GET_EXT_VERSION("admins") >= "0.4.1") - { - SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']); - } - else - { - SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid'])); + + // Send only if no other error has occured + if (empty($content)) { + if ((!empty($sub_adm)) && (!empty($msg_admin))) { + // Send admin mail + if (GET_EXT_VERSION("admins") >= "0.4.1") { + SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']); + } else { + SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid'])); + } + } elseif ($CONFIG['admin_notify'] == 'Y') { + // Cannot send mails to admin! + $content = CANNOT_SEND_ADMIN_MAILS; + } else { + // No mail to admin + $content = "".MYDATA_MAIL_SENT.""; } } - elseif ($CONFIG['admin_notify'] == 'Y') - { - // Cannot send mails to admin! - $content = CANNOT_SEND_ADMIN_MAILS; - } - else - { - // No mail to admin - $content = "".MYDATA_MAIL_SENT.""; - } // Load template LOAD_TEMPLATE("admin_settings_saved", false, $content); @@ -1167,12 +1102,12 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock $P = $points * $per / 100; // Update points... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1", array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__); if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) { // First ref in this level! :-) - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES ('%s', '%s', '%s')", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)", array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__); } @@ -1531,7 +1466,7 @@ function META_DESCRIPTION($mod, $wht) // Exclude admin and member's area $DESCR = MAIN_TITLE." ".trim($CONFIG['title_middle'])." ".ADD_DESCR("guest", "what-".$wht, true); unset($DEPTH); - OUTPUT_HTML("\n"); + OUTPUT_HTML(""); } } // @@ -1564,7 +1499,7 @@ function SUB_JACKPOT($points) if (SQL_NUMROWS($result) == 0) { // Create line - $result = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_jackpot (ok, points) VALUES ('ok', '0.00000')", __FILE__, __LINE__); + $result = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_jackpot (ok, points) VALUES ('ok', 0.00000)", __FILE__, __LINE__); } else { @@ -1576,7 +1511,8 @@ function SUB_JACKPOT($points) if ($jackpot >= $points) { // Update points when there are enougth points in jackpot - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_jackpot SET points=points-%s WHERE ok='ok' LIMIT 1", array($points), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_jackpot SET points=points-%s WHERE ok='ok' LIMIT 1", + array($points), __FILE__, __LINE__); $ret = $jackpot - $points; } }