X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmysql-manager.php;h=a54357dafddb326f3689d6cec0ff06e5df95cffc;hp=1ea993612dcb38b6b5b5c3f8b491b4ed008c33f2;hb=c317b059bf0a1acb3171c4e3255afcce48795947;hpb=7ff28f7292939ad1a61b9b7a4e3398ff6310a3d0 diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 1ea993612d..a54357dafd 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -32,20 +32,20 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } // -function ADD_MODULE_TITLE($mod) -{ +function ADD_MODULE_TITLE($mod) { global $cacheArray, $_CONFIG; $name = ""; $result = false; - // Load title - if (!isBooleanConstantAndTrue('mxchange_installed')) { - if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module'])) && (isset($cacheArray['modules']['module'][$mod]))) { + + // Is the script installed? + if (isBooleanConstantAndTrue('mxchange_installed')) { + // Check if cache is valid + if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (in_array($mod, $cacheArray['modules']['module']))) { // Load from cache $name = $cacheArray['modules']['title'][$mod]; @@ -57,7 +57,7 @@ function ADD_MODULE_TITLE($mod) list($name) = SQL_FETCHROW($result); SQL_FREERESULT($result); } - } + } // END - if // Trim name $name = trim($name); @@ -69,10 +69,13 @@ function ADD_MODULE_TITLE($mod) if (SQL_NUMROWS($result) == 0) { // Add module to database $dummy = CHECK_MODULE($mod); - } - } + } // END - if + } // END - if + + // Return name return $name; } + // Check validity of a given module name (no file extension) function CHECK_MODULE($mod) { // We need them now here... @@ -101,7 +104,7 @@ function CHECK_MODULE($mod) { if ((!isBooleanConstantAndTrue('mxchange_installed')) || (isBooleanConstantAndTrue('mxchange_installing')) || (!isBooleanConstantAndTrue('admin_registered'))) return "done"; // Check if cache is latest version - $locked = 'Y'; $hidden = 'N'; $admin = 'N'; $mem = 'N'; $found = false; + $locked = "Y"; $hidden = "N"; $admin = "N"; $mem = "N"; $found = false; if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module']))) { // Is the module cached? if (isset($cacheArray['modules']['locked'][$mod_chk])) { @@ -132,49 +135,46 @@ function CHECK_MODULE($mod) { // Check returned values against current access permissions // // Admin access ----- Guest access ----- --- Guest or member? --- - if ((IS_ADMIN()) || (($locked == 'N') && ($admin == 'N') && (($mem == 'N') || (IS_LOGGED_IN())))) { + if ((IS_ADMIN()) || (($locked == "N") && ($admin == "N") && (($mem == "N") || (IS_MEMBER())))) { // If you are admin you are welcome for everything! $ret = "done"; - } elseif ($locked == 'Y') { + } elseif ($locked == "Y") { // Module is locked $ret = "locked"; - } elseif (($mem == 'Y') && (!IS_LOGGED_IN())) { + } elseif (($mem == "Y") && (!IS_MEMBER())) { // You have to login first! $ret = "mem_only"; - } elseif (($admin == 'Y') && (!IS_ADMIN())) { + } elseif (($admin == "Y") && (!IS_ADMIN())) { // Only the Admin is allowed to enter this module! $ret = "admin_only"; } // Still no luck or not found? if (($ret == "major") || ($ret == "cache_miss") || (!$found)) { - // ----- Legacy module ----- ---- Module in base folder ---- --- Module with extension's name --- - if ((file_exists(PATH."inc/modules/".$mod.".php")) || (file_exists(PATH.$mod.".php")) || (file_exists(PATH.$extension."/".$mod.".php"))) { + // ----- Legacy module ----- ---- Module in base folder ---- --- Module with extension's name --- + if ((FILE_READABLE(sprintf("%sinc/modules/%s.php", PATH, $mod))) || (FILE_READABLE(sprintf("%s%s.php", PATH, $mod))) || (FILE_READABLE(sprintf("%s%s/%s.php", PATH, $extension, $mod)))) { // Data is missing so we add it if (GET_EXT_VERSION("sql_patches") >= "0.3.6") { // Since 0.3.6 we have a has_menu column, this took me a half hour // to find a loop here... *sigh* $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_mod_reg (module, locked, hidden, mem_only, admin_only, has_menu) VALUES -('%s', 'Y', 'N', 'N', 'N', 'N')", array($mod_chk), __FILE__, __LINE__); +('%s','Y','N','N','N','N')", array($mod_chk), __FILE__, __LINE__); } else { // Wrong/missing sql_patches! $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_mod_reg (module, locked, hidden, mem_only, admin_only) VALUES -('%s', 'Y', 'N', 'N', 'N')", array($mod_chk), __FILE__, __LINE__); +('%s','Y','N','N','N')", array($mod_chk), __FILE__, __LINE__); } // Everthing is fine? if (SQL_AFFECTEDROWS() == 0) { // Something bad happend! return "major"; - } + } // END - if // Destroy cache here - if (GET_EXT_VERSION("cache") >= "0.1.2") { - if ($cacheInstance->cache_file("mod_reg", true)) $cacheInstance->cache_destroy(); - unset($cacheArray['modules']); - } + REBUILD_CACHE("mod_reg", "modreg"); // And reload data $ret = CHECK_MODULE($mod_chk); @@ -182,14 +182,14 @@ function CHECK_MODULE($mod) { // Module not found we don't add it to the database $ret = "404"; } - } + } // END - if // Return the value return $ret; } + // Add menu description pending on given file name (without path!) -function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) -{ +function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) { global $DEPTH, $_CONFIG; $LINK_ADD = ""; $OUT = ""; $AND = ""; // First we have to do some analysis... @@ -209,7 +209,7 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) $MOD_CHECK = $GLOBALS['module']; break; } - $AND = " AND what=''"; + $AND = " AND (what='' OR what IS NULL)"; } elseif (ereg("what-", $file)) { // This is an admin what file! $type = "what"; @@ -245,34 +245,58 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) $AND = ""; } if ((!isset($DEPTH)) && (!$return)) { - $DEPTH = "0"; + $DEPTH = 0; $prefix = "
".YOU_ARE_HERE." Home"; } else { if (!$return) $DEPTH++; $prefix = ""; } + $prefix .= " -> "; - if (ereg(".php", $search)) { - $search = substr($search, 0, strpos($search, ".php")); - } + + // We need to remove .php and the end + if (substr($search, -4, 4) == ".php") { + // Remove the .php + $search = substr($search, 0, -4); + } // END - i + + // Get the title from menu $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1", array($ACC_LVL, $type, $search), __FILE__, __LINE__); + + // Menu found? if (SQL_NUMROWS($result) == 1) { + // Load title list($ret) = SQL_FETCHROW($result); - SQL_FREERESULT($result); + + // Shall we return it? if ($return) { // Return title return $ret; - } elseif (((GET_EXT_VERSION("sql_patches") >= "0.2.3") && ($_CONFIG['youre_here'] == 'Y')) || ((IS_ADMIN()) && ($MOD_CHECK == "admin"))) { + } elseif (((GET_EXT_VERSION("sql_patches") >= "0.2.3") && ($_CONFIG['youre_here'] == "Y")) || ((IS_ADMIN()) && ($MOD_CHECK == "admin"))) { // Output HTML code $OUT = $prefix."".$ret."\n"; + + // Can we close the you-are-here navigation? //* DEBUG: */ echo __LINE__."*".$type."/".$GLOBALS['what']."*
\n"; - if (($type == "what") || (($type == "action") && (!isset($_GET['what'])) && ($GLOBALS['what'] != "welcome"))) { + //* DEBUG: */ die("
".print_r($_CONFIG, true)."
"); + if (($type == "what") || (($type == "action") && ((!isset($GLOBALS['what'])) || ($GLOBALS['what'] == "overview")))) { //* DEBUG: */ echo __LINE__."+".$type."+
\n"; $OUT .= "

\n"; - } + $DEPTH="0"; + + // Handle failed logins here if not in guest + //* DEBUG: */ echo __FUNCTION__.":type={$type},action={$GLOBALS['action']},what={$GLOBALS['what']},lvl={$ACC_LVL}
\n"; + if ((($type == "what") || ($type == "action") && ((!isset($GLOBALS['what'])) || ($GLOBALS['what'] == "overview") || ($GLOBALS['what'] == $_CONFIG['index_home']))) && ($ACC_LVL != "guest") && ((GET_EXT_VERSION("sql_patches") >= "0.4.7") || (GET_EXT_VERSION("admins") >= "0.7.0"))) { + // Handle failture + $OUT .= HANDLE_LOGIN_FAILTURES($ACC_LVL); + } // END - if + } // END - if } - } + } // END - if + + // Free result + SQL_FREERESULT($result); // Return or output HTML code? if ($output) { @@ -286,41 +310,54 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) // function ADD_MENU($MODE, $act, $wht) { global $_CONFIG; + + // Init some variables + $main_cnt = 0; + $AND = ""; + $main_action = ""; + $sub_what = ""; + if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID; - $main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = ""; - if (!IS_ADMIN()) - { + + // Non-admin shall not see all menus + if (!IS_ADMIN()) { $AND = "AND visible='Y' AND locked='N'"; } + // Load SQL data and add the menu to the output stream... - $result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort", + $result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE (what='' OR what IS NULL) ".$AND." ORDER BY sort", array($MODE), __FILE__, __LINE__); //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; - if (SQL_NUMROWS($result_main) > 0) - { + if (SQL_NUMROWS($result_main) > 0) { OUTPUT_HTML(""); // There are menus available, so we simply display them... :) - while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) - { + while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) { //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; - // Load menu header template + // Init variables $BLOCK_MODE = false; $act = $main_action; - LOAD_TEMPLATE($MODE."_menu_title", false, $main_title); - $result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort", + // Prepare content + $content = array( + 'action' => $main_action, + 'title' => $main_title + ); + + // Load menu header template + LOAD_TEMPLATE($MODE."_menu_title", false, $content); + + $result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' AND what IS NOT NULL ".$AND." ORDER BY sort", array($MODE, $main_action), __FILE__, __LINE__); $ctl = SQL_NUMROWS($result_sub); - if ($ctl > 0) - { + if ($ctl > 0) { $cnt=0; - while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) - { + while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) { + // Init content $content = ""; // Full file name for checking menu //* DEBUG: */ echo __LINE__.":!!!!".$sub_what."!!!
\n"; $test_inc = sprintf("%sinc/modules/%s/what-%s.php", PATH, $MODE, $sub_what); - $test = (file_exists($test_inc) && is_readable($test_inc)); + $test = (FILE_READABLE($test_inc)); if ($test) { if ((!empty($wht)) && (($wht == $sub_what))) { $content = ""; @@ -333,7 +370,7 @@ function ADD_MENU($MODE, $act, $wht) { } // Menu title - $content .= $_CONFIG['middot'].$sub_title; + $content .= $_CONFIG['menu_blur_spacer'].$sub_title; if ($test) { $content .= ""; @@ -345,6 +382,13 @@ function ADD_MENU($MODE, $act, $wht) { $content .= ""; } $wht = $sub_what; $cnt++; + // Prepare array + $content = array( + 'menu' => $content, + 'what' => $sub_what + ); + + // Add regular menu row or bottom row? if ($cnt < $ctl) { LOAD_TEMPLATE($MODE."_menu_row", false, $content); } else { @@ -354,8 +398,8 @@ function ADD_MENU($MODE, $act, $wht) { } else { // This is a menu block... ;-) $BLOCK_MODE = true; - $INC_BLOCK = sprintf(PATH."inc/modules/%s/action-%s.php", $MODE, $main_action); - if ((file_exists($INC_BLOCK)) && (is_readable($INC_BLOCK))) { + $INC_BLOCK = sprintf("%sinc/modules/%s/action-%s.php", PATH, $MODE, $main_action); + if (FILE_READABLE($INC_BLOCK)) { // Load include file if ((!EXT_IS_ACTIVE($main_action)) || ($main_action == "online")) OUTPUT_HTML("
"); @@ -381,7 +425,7 @@ function ADD_MENU($MODE, $act, $wht) { } } // This patched function will reduce many SELECT queries for the specified or current admin login -function IS_ADMIN ($admin="") +function IS_ADMIN($admin="") { global $cacheArray, $_CONFIG; $ret = false; $passCookie = ""; $valPass = ""; @@ -389,17 +433,25 @@ function IS_ADMIN ($admin="") // If admin login is not given take current from cookies... if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) { - $admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5'); + // Get admin login and password from session/cookies + $admin = get_session('admin_login'); + $passCookie = get_session('admin_md5'); } //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."
"; // Search in array for entry - if ((!empty($passCookie)) && (isset($cacheArray['admins']['password'][$admin])) && (!empty($admin))) { + if (isset($cacheArray['admin_hash'])) { + // Use cached string + $valPass = $cacheArray['admin_hash']; + } elseif ((!empty($passCookie)) && (isset($cacheArray['admins']['password'][$admin])) && (!empty($admin))) { // Count cache hits $_CONFIG['cache_hits']++; // Login data is valid or not? $valPass = generatePassString($cacheArray['admins']['password'][$admin]); + + // Cache it away + $cacheArray['admin_hash'] = $valPass; } elseif (!empty($admin)) { // Search for admin $result = SQL_QUERY_ESC("SELECT HIGH_PRIORITY password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", @@ -410,8 +462,13 @@ function IS_ADMIN ($admin="") if (SQL_NUMROWS($result) == 1) { // Admin login was found so let's load password from DB list($passDB) = SQL_FETCHROW($result); + + // Temporary cache it + $cacheArray['admins']['password'][$admin] = $passDB; + + // Generate password hash $valPass = generatePassString($passDB); - } + } // END - if // Free memory SQL_FREERESULT($result); @@ -419,12 +476,12 @@ function IS_ADMIN ($admin="") if (!empty($valPass)) { // Check if password is valid - //* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*
"; - $ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); + //* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*
\n"; + $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); } // Return result of comparision - //* DEBUG: */ if (!$ret) echo __LINE__."OK!
"; + //* DEBUG: */ if (!$ret) echo __LINE__."OK!
"; return $ret; } // @@ -524,20 +581,26 @@ function WHAT_IS_VALID($act, $wht, $type="guest") } } // -function IS_LOGGED_IN() +function IS_MEMBER() { - global $status, $LAST; + global $status, $LAST, $cacheArray; if (!is_array($LAST)) $LAST = array(); $ret = false; + // is the cache entry there? + if (isset($cacheArray['is_member'])) { + // Then return it + return $cacheArray['is_member']; + } // END - if + // Fix "deleted" cookies first - FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime')); + FIX_DELETED_COOKIES(array('userid','u_hash','lifetime')); // Are cookies set? if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH'))) { // Cookies are set with values, but are they valid? - $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -551,69 +614,59 @@ function IS_LOGGED_IN() if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; } // So did we now have valid data and an unlocked user? - //* DEBUG: */ echo $valPass."
".get_session('u_hash')."
"; + //* DEBUG: */ echo $valPass."
".get_session('u_hash')."
"; if (($status == "CONFIRMED") && ($valPass == get_session('u_hash'))) { // Account is confirmed and all cookie data is valid so he is definely logged in! :-) $ret = true; } else { // Maybe got locked etc. - //* DEBUG: */ echo __LINE__."!!!
"; - set_session("userid", ""); - set_session("u_hash", ""); - set_session("lifetime", ""); + //* DEBUG: */ echo __LINE__."!!!
"; + destroy_user_session(); - // Remove array elements to prevent errors - unset($GLOBALS['userid']); + // Reset userid + $GLOBALS['userid'] = 0; } } else { // Cookie data is invalid! - //* DEBUG: */ echo __LINE__."***
"; - set_session("userid", ""); - set_session("u_hash", ""); - set_session("lifetime", ""); + //* DEBUG: */ echo __LINE__."***
"; - // Remove array elements to prevent errors - unset($GLOBALS['userid']); + // Reset userid + $GLOBALS['userid'] = 0; } // Free memory SQL_FREERESULT($result); - } - else - { + } else { // Cookie data is invalid! - //* DEBUG: */ echo __LINE__."///
"; - set_session("userid", ""); - set_session("u_hash", ""); - set_session("lifetime", ""); + //* DEBUG: */ echo __LINE__."///
"; + destroy_user_session(); - // Remove array elements to prevent errors - unset($GLOBALS['userid']); + // Reset userid + $GLOBALS['userid'] = 0; } + + // Cache status + $cacheArray['is_member'] = $ret; + + // Return status return $ret; } // -function UPDATE_LOGIN_DATA ($UPDATE=true) { - global $LAST; +function UPDATE_LOGIN_DATA () { + global $LAST, $_CONFIG; if (!is_array($LAST)) $LAST = array(); - // Are the required cookies set? - if ((!isset($GLOBALS['userid'])) || (!isSessionVariableSet('u_hash')) || (!isSessionVariableSet('lifetime'))) { - // Nope, then return here to caller function - return false; - } else { - // Secure user ID - $GLOBALS['userid'] = bigintval(get_session('userid')); - } + // Recheck if logged in + if (!IS_MEMBER()) return false; + + // Secure user ID + $GLOBALS['userid'] = bigintval(get_session('userid')); // Extract last online time (life) and how long is auto-login valid (time) $newl = time() + bigintval(get_session('lifetime')); - // Recheck if logged in - if (!IS_LOGGED_IN()) return false; - // Load last module and last online time - $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load last module and online time list($mod, $onl) = SQL_FETCHROW($result); @@ -622,30 +675,31 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { // Maybe first login time? if (empty($mod)) $mod = "login"; - if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE(get_session('u_hash')), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) { + if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", get_session('u_hash'), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) { // This will be displayed on welcome page! :-) if (empty($LAST['module'])) { $LAST['module'] = $mod; $LAST['online'] = $onl; - } + } // END - if + + // "what" not set? if (empty($GLOBALS['what'])) { + // Fix it to default $GLOBALS['what'] = "welcome"; - } + if (!empty($_CONFIG['index_home'])) $GLOBALS['what'] = $_CONFIG['index_home']; + } // END - if // Update last module / online time - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__); } } else { // Destroy session, we cannot update! - set_session("userid", ""); - set_session("u_hash", ""); - set_session("lifetime", ""); + destroy_user_session(); } } // function VALIDATE_MENU_ACTION ($MODE, $act, $wht, $UPDATE=false) { - global $link; $ret = false; $ADD = ""; if ((!IS_ADMIN()) && ($MODE != "admin")) $ADD = " AND locked='N'"; @@ -665,7 +719,7 @@ function VALIDATE_MENU_ACTION ($MODE, $act, $wht, $UPDATE=false) else { // Admin login overview - $SQL = SQL_QUERY_ESC("SELECT id, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what=''".$ADD." ORDER BY action DESC LIMIT 1", + $SQL = SQL_QUERY_ESC("SELECT id, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND (what='' OR what IS NULL)".$ADD." ORDER BY action DESC LIMIT 1", array($MODE, $act), __FILE__, __LINE__, false); } @@ -673,7 +727,7 @@ function VALIDATE_MENU_ACTION ($MODE, $act, $wht, $UPDATE=false) $result = SQL_QUERY($SQL, __FILE__, __LINE__); if ($UPDATE) { - if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) $ret = true; + if (SQL_AFFECTEDROWS() == 1) $ret = true; //* DEBUG: */ debug_print_backtrace(); } else @@ -688,20 +742,34 @@ function VALIDATE_MENU_ACTION ($MODE, $act, $wht, $UPDATE=false) // Free memory SQL_FREERESULT($result); - //* DEBUG: */ var_dump($ret); + + // Return result return $ret; } // -function GET_MOD_DESCR($MODE, $wht) +function GET_MOD_DESCR($MODE, $wht, $column="what") { - if (empty($wht)) $wht = "welcome"; + // Fix empty "what" + if (empty($wht)) { + $wht = "welcome"; + if (!empty($_CONFIG['index_home'])) $wht = $_CONFIG['index_home']; + } // END - if + + // Default is not found $ret = "??? (".$wht.")"; - $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE what='%s' LIMIT 1", array($MODE, $wht), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + + // Look for title + $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' LIMIT 1", + array($MODE, $column, $wht), __FILE__, __LINE__); + + // Is there an entry? + if (SQL_NUMROWS($result) == 1) { + // Fetch the title list($ret) = SQL_FETCHROW($result); - SQL_FREERESULT($result); - } + } // END - if + + // Free result + SQL_FREERESULT($result); return $ret; } // @@ -710,7 +778,7 @@ function SEND_MODE_MAILS($mod, $modes) global $_CONFIG, $DATA; // Load hash - $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result_main) == 1) { // Load hash from database @@ -723,7 +791,7 @@ function SEND_MODE_MAILS($mod, $modes) $hash = generatePassString($hashDB); if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) { // Load user's data - $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND password='%s' LIMIT 1", array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load the data @@ -732,8 +800,8 @@ function SEND_MODE_MAILS($mod, $modes) // Free result SQL_FREERESULT($result); - // Translate salutation - $DATA[0] = TRANSLATE_SEX($DATA[0]); + // Translate gender + $DATA[0] = TRANSLATE_GENDER($DATA[0]); // Clear/init the content variable $content = ""; @@ -769,7 +837,7 @@ function SEND_MODE_MAILS($mod, $modes) // Load template $msg = LOAD_EMAIL_TEMPLATE("member_mydata_notify", $content, $GLOBALS['userid']); - if ($_CONFIG['admin_notify'] == 'Y') { + if ($_CONFIG['admin_notify'] == "Y") { // The admin needs to be notified about a profile change $msg_admin = "admin_mydata_notify"; $sub_adm = ADMIN_CHANGED_DATA; @@ -813,12 +881,8 @@ function SEND_MODE_MAILS($mod, $modes) if (empty($content)) { if ((!empty($sub_adm)) && (!empty($msg_admin))) { // Send admin mail - if (GET_EXT_VERSION("admins") >= "0.4.1") { - SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']); - } else { - SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid'])); - } - } elseif ($_CONFIG['admin_notify'] == 'Y') { + SEND_ADMIN_NOTIFICATION($sub_adm, $msg_admin, $content, $GLOBALS['userid']); + } elseif ($_CONFIG['admin_notify'] == "Y") { // Cannot send mails to admin! $content = CANNOT_SEND_ADMIN_MAILS; } else { @@ -843,47 +907,37 @@ function COUNT_MODULE($mod) // Get action value from mode (admin/guest/member) and what-value function GET_ACTION ($MODE, &$wht) { - global $ret; $ret = ""; - //* DEBUG: */ echo __LINE__."=".$MODE."/".$wht."/".$GLOBALS['action']."=
"; - if ((empty($wht)) && ($MODE != "admin")) - { + global $ret, $_CONFIG; + // @DEPRECATED Init status + $ret = ""; + + //* DEBUG: */ echo __LINE__."=".$MODE."/".$wht."/".$GLOBALS['action']."=
"; + if ((empty($wht)) && ($MODE != "admin")) { $wht = "welcome"; - } - if ($MODE == "admin") - { + if (!empty($_CONFIG['index_home'])) $wht = $_CONFIG['index_home']; + } // END - if + + if ($MODE == "admin") { // Action value for admin area - if (!empty($GLOBALS['action'])) - { + if (!empty($GLOBALS['action'])) { // Get it directly from URL return $GLOBALS['action']; - } - elseif (($wht == "overview") || (empty($GLOBALS['what']))) - { + } elseif (($wht == "overview") || (empty($GLOBALS['what']))) { // Default value for admin area $ret = "login"; } - } - elseif (!empty($GLOBALS['action'])) - { - // Fix welcome value - if (empty($wht)) $wht = "welcome"; + } elseif (!empty($GLOBALS['action'])) { + // Get it directly from URL return $GLOBALS['action']; - } - else - { - // Everything else will be touched after checking the module has a menu assigned } //* DEBUG: */ echo __LINE__."*".$ret."*
\n"; - if (MODULE_HAS_MENU($MODE)) - { + if (MODULE_HAS_MENU($MODE)) { // Rewriting modules to menu - switch ($MODE) - { + switch ($MODE) { case "index": $MODE = "guest"; break; case "login": $MODE = "member"; break; - break; - } + } // END - switch // Guest and member menu is "main" as the default if (empty($ret)) $ret = "main"; @@ -891,60 +945,74 @@ function GET_ACTION ($MODE, &$wht) // Load from database $result = SQL_QUERY_ESC("SELECT action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='%s' LIMIT 1", array($MODE, $wht), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Load action value and pray that this one is the right you want... ;-) list($ret) = SQL_FETCHROW($result); - } + } // END - if // Free memory SQL_FREERESULT($result); - } + } // END - if // Return action value return $ret; } // -function GET_CATEGORY ($cid) -{ +function GET_CATEGORY ($cid) { + // Default is not found $ret = _CATEGORY_404; - $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1", array($cid), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { - // Category found... :-) - list($ret) = SQL_FETCHROW($result); + + // Is the category id set? + if ($cid == "0") { + // No category + $ret = _CATEGORY_NONE; + } elseif ($cid > 0) { + // Lookup the category in database + $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1", + array(bigintval($cid)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { + // Category found... :-) + list($ret) = SQL_FETCHROW($result); + } // END - if + + // Free result SQL_FREERESULT($result); - } + } // END - if + + // Return result return $ret; } // -function GET_PAYMENT ($pid, $full=false) -{ +function GET_PAYMENT ($pid, $full=false) { + // Default is not found $ret = _PAYMENT_404; - $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1", array($pid), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + + // Load payment data + $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1", + array(bigintval($pid)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Payment type found... :-) - if (!$full) - { + if (!$full) { // Return only title list($ret) = SQL_FETCHROW($result); - SQL_FREERESULT($result); - } - else - { + } else { // Return title and price list($t, $p) = SQL_FETCHROW($result); $ret = $t." / ".TRANSLATE_COMMA($p)." ".POINTS; } } + + // Free result + SQL_FREERESULT($result); + + // Return result return $ret; } // function GET_PAY_POINTS($pid, $lookFor="price") { $ret = "-1"; - $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1", array($lookFor, $pid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -969,12 +1037,12 @@ function REMOVE_RECEIVER(&$ARRAY, $key, $uid, $pool_id, $stats_id="", $bonus=fal // Only when we got a real stats ID continue searching for the entry $type = "NORMAL"; $rowName = "stats_id"; if ($bonus) { $type = "BONUS"; $rowName = "bonus_id"; } - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%d AND link_type='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%s AND link_type='%s' LIMIT 1", array($rowName, $stats_id, bigintval($uid), $type), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // No, so we add one! - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_links (%s, userid, link_type) VALUES ('%s', '%s', '%s')", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_links (%s, userid, link_type) VALUES ('%s','%s','%s')", array($rowName, $stats_id, bigintval($uid), $type), __FILE__, __LINE__); $ret = "done"; } @@ -992,9 +1060,8 @@ function REMOVE_RECEIVER(&$ARRAY, $key, $uid, $pool_id, $stats_id="", $bonus=fal return $ret; } // -function GET_TOTAL_DATA($search, $tableName, $lookFor, $whereStatement="userid", $onlyRows=false) -{ - $ret = "0"; +function GET_TOTAL_DATA($search, $tableName, $lookFor, $whereStatement="userid", $onlyRows=false) { + $ret = 0; if ($onlyRows) { // Count rows $result = SQL_QUERY_ESC("SELECT COUNT(%s) FROM "._MYSQL_PREFIX."_%s WHERE %s='%s'", @@ -1007,15 +1074,16 @@ function GET_TOTAL_DATA($search, $tableName, $lookFor, $whereStatement="userid", // Load row list($ret) = SQL_FETCHROW($result); - //* DEBUG: */ echo __LINE__."*".$DATA."/".$search."/".$tableName."/".$ret."*
\n"; + + // Free result SQL_FREERESULT($result); - if (empty($ret)) { - if (($lookFor == "counter") || ($lookFor == "id")) { - $ret = "0"; - } else { - $ret = "0.00000"; - } - } + + // Fix empty values + if ((empty($ret)) && ($lookFor != "counter") && ($lookFor != "id") && ($lookFor != "userid")) { + $ret = "0.00000"; + } // END - if + + // Return value return $ret; } /** @@ -1025,110 +1093,163 @@ function GET_TOTAL_DATA($search, $tableName, $lookFor, $whereStatement="userid", * uid = Referral ID wich should receive... * points = ... xxx points * send_notify = shall I send the referral an email or not? - * refid = inc/modules/guest/what-confirm.php need this + * rid = inc/modules/guest/what-confirm.php need this * locked = Shall I pay it to normal (false) or locked (true) points ammount? * add_mode = Add points only to $uid or also refs? (WARNING! Changing "ref" to "direct" - * will cause no referral will get points ever!!!) + * for default value will cause no referral will get points ever!!!) */ -function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $locked=false, $add_mode="ref") -{ - global $DEPTH, $_CONFIG, $DATA, $link; +function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $locked=false, $add_mode="ref") { + global $DEPTH, $_CONFIG, $DATA; + + // Convert mode to lower-case + $add_mode = strtolower($add_mode); + + // Debug message + //DEBUG_LOG(__FUNCTION__.": uid={$uid},points={$points}"); // When $uid = 0 add points to jackpot - if ($uid == "0") - { + if ($uid == "0") { // Add points to jackpot ADD_JACKPOT($points); return; } // Count up referral depth - if (empty($DEPTH)) - { + if (empty($DEPTH)) { // Initialialize referral system - $DEPTH = "0"; - } - else - { + $DEPTH = 0; + } else { // Increase referral level $DEPTH++; } + // Percents and table + $percents = "percents"; if (isset($_CONFIG['db_percents'])) $percents = $_CONFIG['db_percents']; + $table = "refdepths"; if (isset($_CONFIG['db_table'])) $table = $_CONFIG['db_table']; + + // Default is "normal" points + $data = "points"; + // Which points, locked or normal? - $data = "points"; if ($locked) $data = "locked_points"; + if ($locked) $data = "locked_points"; - $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + // Check user account + $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); - if (SQL_NUMROWS($result_user) == 1) - { + + //* DEBUG */ echo "+".SQL_NUMROWS($result_user).":".$points."+
\n"; + if (SQL_NUMROWS($result_user) == 1) { // This is the user and his ref list ($ref, $email) = SQL_FETCHROW($result_user); - SQL_FREERESULT($result_user); - $result = SQL_QUERY_ESC("SELECT percents FROM "._MYSQL_PREFIX."_refdepths WHERE level='%s' LIMIT 1", - array(bigintval($DEPTH)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { - list($per) = SQL_FETCHROW($result); - SQL_FREERESULT($result); - $P = $points * $per / 100; + + // Debug message + //DEBUG_LOG(__FUNCTION__.": ref={$ref},email={$email},DEPTH={$DEPTH}"); + + // Get referal data + $result_lvl = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE level='%s' LIMIT 1", + array($percents, $table, bigintval($DEPTH)), __FILE__, __LINE__); + //* DEBUG */ echo "DEPTH:".$DEPTH."
\n"; + if (SQL_NUMROWS($result_lvl) == 1) { + // Get percents + list($per) = SQL_FETCHROW($result_lvl); + + // Calculate new points + $ref_points = $points * $per / 100; + + // Debug message + //DEBUG_LOG(__FUNCTION__.": percent={$per},ref_points={$ref_points}"); // Update points... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1", - array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) - { + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=%d LIMIT 1", + array($data, $data, $ref_points, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__); + + // Debug log + //DEBUG_LOG(__FUNCTION__.": affectedRows=".SQL_AFFECTEDROWS().",DEPTH={$DEPTH}"); + + // No entry updated? + if (SQL_AFFECTEDROWS() == 0) { // First ref in this level! :-) - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)", - array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__); - } + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%s, %d, %s)", + array($data, bigintval($uid), bigintval($DEPTH), $ref_points), __FILE__, __LINE__); + + // Debug log + //DEBUG_LOG(__FUNCTION__.": insertedRows=".SQL_AFFECTEDROWS().""); + } // END - if // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { + if (GET_EXT_VERSION("mediadata") >= "0.0.4") { // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "add", $P); - } + MEDIA_UPDATE_ENTRY(array("total_points"), "add", $ref_points); + } // END - if // Points updated, maybe I shall send him an email? - if (($send_notify) && ($ref > 0) && (!$locked)) - { - // 0 1 2 3 - $DATA = array($per, bigintval($DEPTH), $P, bigintval($ref)); - $msg = LOAD_EMAIL_TEMPLATE("confirm-referral", "", bigintval($uid)); + if (($send_notify) && ($ref > 0) && (!$locked)) { + // Prepare content + $content = array( + 'percent' => $per, + 'level' => bigintval($DEPTH), + 'points' => $ref_points, + 'refid' => bigintval($ref) + ); + + // Load email template + $msg = LOAD_EMAIL_TEMPLATE("confirm-referral", $content, bigintval($uid)); SEND_EMAIL($email, THANX_REFERRAL_ONE, $msg); + } elseif (($send_notify) && ($ref == 0) && (!$locked) && ($add_mode == "direct") && (!defined('__POINTS_VALUE'))) { + // Direct payment shall be notified about + define('__POINTS_VALUE', $ref_points); + + // Prepare content + $content = array( + 'text' => REASON_DIRECT_PAYMENT, + 'points' => TRANSLATE_COMMA($ref_points) + ); + + // Load message + $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, $uid); + + // And sent it away + SEND_EMAIL($email, SUBJECT_DIRECT_PAYMENT, $msg); + if (!isset($_GET['mid'])) LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_ADDED); } // Maybe there's another ref? - if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref")) - { + if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref")) { // Then let's credit him here... ADD_POINTS_REFSYSTEM($ref, $points, $send_notify, $ref, $locked); } } + + // Free result + SQL_FREERESULT($result_lvl); } + + // Free result + SQL_FREERESULT($result_user); } // function UPDATE_REF_COUNTER($uid) { - global $REF_LVL, $link, $cacheInstance; + global $REF_LVL, $cacheInstance; + // Make it sure referral level zero (member him-/herself) is at least selected - if (empty($REF_LVL)) $REF_LVL = "0"; + if (empty($REF_LVL)) $REF_LVL = 0; // Update counter - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%d AND level='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%s AND level='%s' LIMIT 1", array(bigintval($uid), $REF_LVL), __FILE__, __LINE__); // When no entry was updated then we have to create it here - if (SQL_AFFECTEDROWS($link) == 0) + if (SQL_AFFECTEDROWS() == 0) { // First count! - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_refsystem (userid, level, counter) VALUES ('%s', '%s', '1')", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_refsystem (userid, level, counter) VALUES ('%s','%s','1')", array(bigintval($uid), $REF_LVL), __FILE__, __LINE__); } // Check for his referral - $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); list($ref) = SQL_FETCHROW($result); @@ -1147,107 +1268,109 @@ function UPDATE_REF_COUNTER($uid) if ($cacheInstance->cache_file("refsystem", true)) $cacheInstance->cache_destroy(); } } -// -function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht) -{ - global $link, $_CONFIG; +// Updates/extends the online list +function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht) { + global $_CONFIG; + // Do not update online list when extension is deactivated if (!EXT_IS_ACTIVE("online", true)) return; + // Empty session? + if (empty($SID)) { + // This is invalid here! + print "Invalid session. Backtrace:
";
+		debug_print_backtrace();
+		die("
"); + } // END - if + // Initialize variables - $uid = "0"; $rid = "0"; $MEM = 'N'; $ADMIN = 'N'; - if (!empty($GLOBALS['userid'])) - { - // Update member status only when userid is valid - if (($GLOBALS['userid'] > 0) && (IS_LOGGED_IN())) - { - // Is valid user - $uid = $GLOBALS['userid']; - $MEM = 'Y'; - } - } - if (IS_ADMIN()) - { + $uid = 0; $rid = 0; $MEM = "N"; $ADMIN = "N"; + + // Valid userid? + if ((!empty($GLOBALS['userid'])) && ($GLOBALS['userid'] > 0) && (IS_MEMBER())) { + // Is valid user + $uid = bigintval($GLOBALS['userid']); + $MEM = "Y"; + } // END - if + + if (IS_ADMIN()) { // Is administrator - $ADMIN = 'Y'; - } + $ADMIN = "Y"; + } // END - if + if (isSessionVariableSet('refid')) { // Check cookie - if (get_session('refid') > 0) $rid = $GLOBALS['refid']; - } + if (get_session('refid') > 0) $rid = bigintval($GLOBALS['refid']); + } // END - if - // Now Read data + // Now search for the user $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_online WHERE sid='%s' LIMIT 1", array($SID), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { - SQL_FREERESULT($result); - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_online SET + // Entry found? + if (SQL_NUMROWS($result) == 1) { + // Then update it + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_online SET module='%s', action='%s', what='%s', -userid=%d, -refid=%d, +userid=%s, +refid=%s, is_member='%s', is_admin='%s', timestamp=UNIX_TIMESTAMP() WHERE sid='%s' LIMIT 1", - array( - $mod, - $act, - $wht, - bigintval($uid), - bigintval($rid), - $MEM, - $ADMIN, - $SID -), __FILE__, __LINE__); - } - else - { + array($mod, $act, $wht, $uid, $rid, $MEM, $ADMIN, $SID), __FILE__, __LINE__ + ); + } else { // No entry does exists so we simply add it! - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s', '%s', '%s', %d, %d, '%s', '%s', UNIX_TIMESTAMP(), '%s', '%s')", - array($mod, $act, $wht, bigintval($uid), bigintval($rid), $MEM, $ADMIN, $SID, getenv('REMOTE_ADDR')), __FILE__, __LINE__); + SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s','%s','%s', %s, %s, '%s','%s', UNIX_TIMESTAMP(), '%s','%s')", + array($mod, $act, $wht, $uid, $rid, $MEM, $ADMIN, $SID, getenv('REMOTE_ADDR')), __FILE__, __LINE__ + ); } + // Free result + SQL_FREERESULT($result); + // Purge old entries - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= (UNIX_TIMESTAMP() - %d)", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= (UNIX_TIMESTAMP() - %s)", array($_CONFIG['online_timeout']), __FILE__, __LINE__); } // OBSULETE: Sends out mail to all administrators -function SEND_ADMIN_EMAILS($subj, $msg) -{ - $result = SQL_QUERY("SELECT email FROM "._MYSQL_PREFIX."_admins ORDER BY id", __FILE__, __LINE__); - while (list($email) = SQL_FETCHROW($result)) - { +function SEND_ADMIN_EMAILS($subj, $msg) { + // Load all admin email addresses + $result = SQL_QUERY("SELECT email FROM "._MYSQL_PREFIX."_admins ORDER BY id ASC", __FILE__, __LINE__); + while (list($email) = SQL_FETCHROW($result)) { + // Send the email out SEND_EMAIL($email, $subj, $msg); - } - // Really simple... ;-) + } // END - if + + // Free result SQL_FREERESULT($result); + + // Really simple... ;-) } // Get ID number from administrator's login name -function GET_ADMIN_ID($login) -{ - global $cacheArray; +function GET_ADMIN_ID($login) { + global $cacheArray, $_CONFIG; $ret = "-1"; - if (!empty($cacheArray['admins']['aid'][$login])) - { + if (!empty($cacheArray['admins']['aid'][$login])) { // Check cache $ret = $cacheArray['admins']['aid'][$login]; - if (empty($ret)) $ret = "-1"; - } - else - { + + // Update cache hits + $_CONFIG['cache_hits']++; + } elseif (!EXT_IS_ACTIVE("cache")) { // Load from database $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($login), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { list($ret) = SQL_FETCHROW($result); - SQL_FREERESULT($result); - } + } // END - if + + // Free result + SQL_FREERESULT($result); } return $ret; } @@ -1255,74 +1378,132 @@ function GET_ADMIN_ID($login) // Get password hash from administrator's login name function GET_ADMIN_HASH($login) { - global $cacheArray; + global $cacheArray, $_CONFIG; $ret = "-1"; - if (!empty($cacheArray['admins']['password'][$login])) - { + if (!empty($cacheArray['admins']['password'][$login])) { // Check cache $ret = $cacheArray['admins']['password'][$login]; - if (empty($ret)) $ret = "-1"; - } - else - { + + // Update cache hits + $_CONFIG['cache_hits']++; + } elseif (!EXT_IS_ACTIVE("cache")) { // Load from database $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($login), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { + // Fetch data list($ret) = SQL_FETCHROW($result); - SQL_FREERESULT($result); + + // Set cache + $cacheArray['admins']['password'][$login] = $ret; } + + // Free result + SQL_FREERESULT($result); } return $ret; } // -function GET_ADMIN_LOGIN($aid) -{ - global $cacheArray; +function GET_ADMIN_LOGIN ($aid) { + global $cacheArray, $_CONFIG; $ret = "***"; - if (!empty($cacheArray['admins']['login']['aid'])) - { - // Check cache - if (!empty($cacheArray['admins']['login'][$aid])) $ret = $cacheArray['admins']['login'][$aid]; - if (empty($ret)) $ret = "***"; - } - else - { + if (!empty($cacheArray['admins']['login'][$aid])) { + // Get cache + $ret = $cacheArray['admins']['login'][$aid]; + + // Update cache hits + $_CONFIG['cache_hits']++; + } elseif (!EXT_IS_ACTIVE("cache")) { // Load from database - $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", - array(bigintval($aid)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", + array(bigintval($aid)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Fetch data list($ret) = SQL_FETCHROW($result); - } + + // Set cache + $cacheArray['admins']['login'][$aid] = $ret; + } // END - if // Free memory SQL_FREERESULT($result); } return $ret; } +// Get email address of admin id +function GET_ADMIN_EMAIL ($aid) { + global $cacheArray, $_CONFIG; + + $ret = "***"; + if (!empty($cacheArray['admins']['email'])) { + // Get cache + $ret = $cacheArray['admins']['email'][$aid]; + + // Update cache hits + $_CONFIG['cache_hits']++; + } elseif (!EXT_IS_ACTIVE("cache")) { + // Load from database + $result_aid = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", + array(bigintval($ret)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { + // Get data + list($ret) = SQL_FETCHROW($result_aid); + + // Set cache + $cacheArray['admins']['email'][$aid] = $ret; + } // END - if + + // Free result + SQL_FREERESULT($result_aid); + } + + // Return email + return $ret; +} +// Get default ACL of admin id +function GET_ADMIN_DEFAULT_ACL ($aid) { + global $cacheArray, $_CONFIG; + + $ret = "***"; + if (!empty($cacheArray['admins']['def_acl'])) { + // Use cache + $ret = $cacheArray['admins']['def_acl'][$aid]; + + // Update cache hits + $_CONFIG['cache_hits']++; + } else { + // Load from database + $result_aid = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", + array(bigintval($ret)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { + // Fetch data + list($ret) = SQL_FETCHROW($result_aid); + + // Set cache + $cacheArray['admins']['def_acl'][$aid] = $ret; + } + + // Free result + SQL_FREERESULT($result_aid); + } + + // Return email + return $ret; +} // -function ADD_OPTION_LINES($table, $id, $name, $default="",$special="",$where="") -{ +function ADD_OPTION_LINES($table, $id, $name, $default="",$special="",$where="") { $ret = ""; - if ($table == "/ARRAY/") - { + if ($table == "/ARRAY/") { // Selection from array - if (is_array($id) && is_array($name) && sizeof($id) == sizeof($name)) - { + if (is_array($id) && is_array($name) && sizeof($id) == sizeof($name)) { // Both are arrays - foreach ($id as $idx=>$value) - { + foreach ($id as $idx => $value) { $ret .= "\n"; } } + // Return - hopefully - the requested data return $ret; } -// Aiut +// Activate exchange (DEPERECATED???) function activateExchange() { global $_CONFIG; $result = SQL_QUERY("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND max_mails > 0", __FILE__, __LINE__); @@ -1371,12 +1549,11 @@ function activateExchange() { ); // Run SQLs - foreach ($SQLs as $sql) - { + foreach ($SQLs as $sql) { $result = SQL_QUERY($sql, __FILE__, __LINE__); } - // Destroy cache + // @TODO Destroy cache } } // @@ -1387,44 +1564,41 @@ function DELETE_USER_ACCOUNT($uid, $reason) FROM "._MYSQL_PREFIX."_user_points AS p LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON p.userid=d.userid -WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { +WHERE p.userid=%s", array(bigintval($uid)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Save his points to add them to the jackpot list($points) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Delete points entries as well - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d", array(bigintval($uid)), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { + if (GET_EXT_VERSION("mediadata") >= "0.0.4") { // Update database MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points); - } + } // END - if // Now, when we have all his points adds them do the jackpot! ADD_JACKPOT($points); } // Delete category selections as well... - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); // Remove from rallye if found - if (EXT_IS_ACTIVE("rallye")) - { - $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%d", + if (EXT_IS_ACTIVE("rallye")) { + $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__); } // Now a mail to the user and that's all... - $msg = LOAD_EMAIL_TEMPLATE("del-user", $reason, $uid); + $msg = LOAD_EMAIL_TEMPLATE("del-user", array('text' => $reason), $uid); SEND_EMAIL($uid, ADMIN_DEL_ACCOUNT, $msg); // Ok, delete the account! - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); } // function META_DESCRIPTION($mod, $wht) @@ -1445,7 +1619,7 @@ function ADD_JACKPOT($points) if (SQL_NUMROWS($result) == 0) { // Create line - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_jackpot (ok, points) VALUES ('ok', '%s')", array($points), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_jackpot (ok, points) VALUES ('ok','%s')", array($points), __FILE__, __LINE__); } else { @@ -1491,8 +1665,7 @@ function IS_DEMO() { return ((EXT_IS_ACTIVE("demo")) && (get_session('admin_login') == "demo")); } // -function LOAD_CONFIG($no="0") -{ +function LOAD_CONFIG($no="0") { global $cacheArray; $CFG_DUMMY = array(); @@ -1500,12 +1673,14 @@ function LOAD_CONFIG($no="0") if ((is_array($cacheArray)) && (isset($cacheArray['config'][$no])) && (is_array($cacheArray['config'][$no]))) { // Load config from cache //* DEBUG: */ echo gettype($cacheArray['config'][$no])."
\n"; - foreach ($cacheArray['config'][$no] as $key=>$value) { + foreach ($cacheArray['config'][$no] as $key => $value) { $CFG_DUMMY[$key] = $value; - } + } // END - foreach - // Count cache hits - $CFG_DUMMY['cache_hits']++; + // Count cache hits if exists + if ((isset($CFG_DUMMY['cache_hits'])) && (EXT_IS_ACTIVE("cache"))) { + $CFG_DUMMY['cache_hits']++; + } // END - if } else { // Load config from DB $result_config = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_config WHERE config=%d LIMIT 1", @@ -1525,8 +1700,9 @@ function LOAD_CONFIG($no="0") return $CFG_DUMMY; } // Gets the matching what name from module -function GET_WHAT($MOD_CHECK) -{ +function GET_WHAT($MOD_CHECK) { + global $_CONFIG; + $wht = ""; //* DEBUG: */ echo __LINE__."!".$MOD_CHECK."!
\n"; switch ($MOD_CHECK) @@ -1538,6 +1714,7 @@ function GET_WHAT($MOD_CHECK) case "login": case "index": $wht = "welcome"; + if (($MOD_CHECK == "index") && (!empty($_CONFIG['index_home']))) $wht = $_CONFIG['index_home']; break; default: @@ -1549,48 +1726,154 @@ function GET_WHAT($MOD_CHECK) return $wht; } // -function MODULE_HAS_MENU($mod) +function MODULE_HAS_MENU($mod, $forceDb = false) { global $cacheArray, $_CONFIG; // All is false by default $ret = false; - if (GET_EXT_VERSION("cache") >= "0.1.2") - { - if (isset($cacheArray['modules']['has_menu'][$mod])) - { + //* DEBUG: */ echo __FUNCTION__.":mod={$mod},cache=".GET_EXT_VERSION("cache")."
\n"; + if (GET_EXT_VERSION("cache") >= "0.1.2") { + // Cache version is okay, so let's check the cache! + if (isset($cacheArray['modules']['has_menu'][$mod])) { // Check module cache and count hit - if ($cacheArray['modules']['has_menu'][$mod] == 'Y') $ret = true; + $ret = ($cacheArray['modules']['has_menu'][$mod] == "Y"); $_CONFIG['cache_hits']++; - } - elseif (isset($cacheArray['extensions']['ext_menu'][$mod])) - { + } elseif (isset($cacheArray['extensions']['ext_menu'][$mod])) { // Check cache and count hit - if ($cacheArray['extensions']['ext_menu'][$mod] == 'Y') $ret = true; + $ret = ($cacheArray['extensions']['ext_menu'][$mod] == "Y"); $_CONFIG['cache_hits']++; } - } - if ((GET_EXT_VERSION("sql_patches") >= "0.3.6") && ($ret === false)) - { + } elseif ((GET_EXT_VERSION("sql_patches") >= "0.3.6") && ((!EXT_IS_ACTIVE("cache")) || ($forceDb === true))) { // Check database for entry $result = SQL_QUERY_ESC("SELECT has_menu FROM "._MYSQL_PREFIX."_mod_reg WHERE module='%s' LIMIT 1", array($mod), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { list($has_menu) = SQL_FETCHROW($result); - if ($has_menu == 'Y') $ret = true; - } + + // Fake cache... ;-) + $cacheArray['extensions']['ext_menu'][$mod] = $has_menu; + + // Does it have a menu? + $ret = ($has_menu == "Y"); + } // END - if // Free memory SQL_FREERESULT($result); } elseif (GET_EXT_VERSION("sql_patches") == "") { // No sql_patches installed, so maybe in admin area? - if ((IS_ADMIN()) && ($mod == "admin")) return true; // Then there is a menu! + $ret = ((IS_ADMIN()) && ($mod == "admin")); // Then there is a menu! } // Return status return $ret; } +// Subtract points from database and mediadata cache +function SUB_POINTS ($uid, $points) { + // Add points to used points + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `used_points`=`used_points`+%s WHERE userid=%s LIMIT 1", + array($points, bigintval($uid)), __FILE__, __LINE__); + + // Update mediadata as well + if (GET_EXT_VERSION("mediadata") >= "0.0.4") { + // Update database + MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points); + } // END - if +} +// Update config entries +function UPDATE_CONFIG ($entries, $values, $updateMode="") { + // Do we have multiple entries? + if (is_array($entries)) { + // Walk through all + $all = ""; + foreach ($entries as $idx => $entry) { + // Update mode set? + if (!empty($updateMode)) { + // Update entry + $all .= sprintf("%s=%s%s%s,", $entry, $entry, $updateMode, (float)$values[$idx]); + } else { + // Check if string or number + if (($values[$idx] + 0) === $values[$idx]) { + // Number detected + $all .= sprintf("%s=%s,", $entry, (float)$values[$idx]); + } else { + // String detected + $all .= sprintf("%s='%s',", $entry, SQL_ESCAPE($values[$idx])); + } + } + } // END - foreach + + // Remove last comma + $entries = substr($all, 0, -1); + } elseif (!empty($updateMode)) { + // Update mode set + $entries .= sprintf("=%s%s%s", $entries, $updateMode, (float)$value); + } else { + // Regular entry to update + $entries .= sprintf("='%s'", SQL_ESCAPE($values)); + } + + // Run database update + //DEBUG_LOG(__FUNCTION__.":entries={$entries}"); + SQL_QUERY("UPDATE "._MYSQL_PREFIX."_config SET ".$entries." WHERE config=0 LIMIT 1", __FILE__, __LINE__); + + // Get affected rows + $affectedRows = SQL_AFFECTEDROWS(); + //* DEBUG: */ echo __FUNCTION__.":entries={$entries},affectedRows={$affectedRows}
\n"; + + // Rebuild cache + REBUILD_CACHE("config", "config"); +} +// Creates a new task for updated extension +function CREATE_EXTENSION_UPDATE_TASK ($admin_id, $subject, $notes) { + // Check if task is not there + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE subject='%s' LIMIT 1", + array($subject), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 0) { + // Task not created so it's a brand-new extension which we need to register and create a task for! + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created) VALUES ('%s','0','NEW','EXTENSION_UPDATE','%s','%s', UNIX_TIMESTAMP())", + array($admin_id, $subject, $notes), __FILE__, __LINE__); + } // END - if + + // Free memory + SQL_FREERESULT($result); +} +// Creates a new task for newly installed extension +function CREATE_NEW_EXTENSION_TASK ($admin_id, $subject, $ext) { + // Not installed and do we have created a task for the admin? + $result = SQL_QUERY_ESC("SELECT `id` FROM `"._MYSQL_PREFIX."_task_system` WHERE `subject` LIKE '%s%%' LIMIT 1", + array($subject), __FILE__, __LINE__); + if ((SQL_NUMROWS($result) == 0) && (GET_EXT_VERSION($ext) == "")) { + // Template file + $tpl = sprintf("%stemplates/%s/html/ext/ext_%s.tpl", + PATH, + GET_LANGUAGE(), + $ext + ); + + // Load text for task + if (FILE_READABLE($tpl)) { + // Load extension's own text template (HTML!) + $msg = LOAD_TEMPLATE("ext_".$ext, true); + } else { + // Load default message + $msg = LOAD_TEMPLATE("admin_new_ext", "", 0); + } + + // Task not created so it's a brand-new extension which we need to register and create a task for! + $result_insert = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created) +VALUES (%s,0,'NEW','EXTENSION','%s','%s',UNIX_TIMESTAMP())", + array( + $admin_id, + $subject, + addslashes($msg), + ), __FILE__, __LINE__, true, false + ); + } // END - if + + // Free memory + SQL_FREERESULT($result); +} // ?>