X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=mailid.php;h=a1b85addaad04d28b3a00b67fdfea1f53e31fdf1;hp=5bca0bab23565d0a33353965f4b9e7fb69e80e56;hb=6d08952d672c5a5de7d8522f894a5665599a2a4a;hpb=3daede4c904e23905c3e48dd6749019deca0a0e0 diff --git a/mailid.php b/mailid.php index 5bca0bab23..a1b85addaa 100644 --- a/mailid.php +++ b/mailid.php @@ -1,7 +1,7 @@ '0', + 'userid' => '0', + 'id' => '0', + 'code' => '0', + 'do' => 'frames', + 'type' => '', +); + +// Secure all data +if (isGetRequestElementSet('userid')) $data['userid'] = bigintval(getRequestElement('userid')); +if (isGetRequestElementSet('id')) $data['id'] = bigintval(getRequestElement('id')); +if (isGetRequestElementSet('code')) $data['code'] = bigintval(getRequestElement('code')); +if (isGetRequestElementSet('do')) $data['do'] = getRequestElement('do'); +if (isGetRequestElementSet('type')) $data['type'] = getRequestElement('type'); + +// @TODO Improve check on $data['type'], empty() is not very much ... +if ((isValidId($data['userid'])) && (isValidId($data['id'])) && (!empty($data['type'])) && (!ifFatalErrorsDetected())) { + // Is 'do' still "frames"? + if ($data['do'] == 'frames') { + // This is a frameset module + $GLOBALS['frameset_mode'] = TRUE; } // END - if - // Init - $url_uid = 0; $url_bid = 0; $url_mid = 0; - - // Secure all data - if (!empty($_GET['uid'])) $url_uid = bigintval($_GET['uid']); - if (!empty($_GET['mailid'])) $url_mid = bigintval($_GET['mailid']); - if (!empty($_GET['bonusid'])) $url_bid = bigintval($_GET['bonusid']); - - // 01 1 12 3 32 21 1 22 10 - if (($url_uid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErrors() == 0)) { - // Maybe he wants to confirm an email? - if ($url_mid > 0) { - // Normal-Mails - $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s AND userid=%s LIMIT 1", - array($url_mid, $url_uid), __FILE__, __LINE__); - $type = "mailid"; $DATA = $url_mid; - } elseif ($url_bid > 0) { - // Bonus-Mail - $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s AND userid=%s LIMIT 1", - array($url_bid, $url_uid), __FILE__, __LINE__); - $type = "bonusid"; $DATA = $url_bid; - } else { - // Problem: No ID entered - LOAD_URL("index.php"); - } + // No image? + if ($data['do'] != 'img') { + // ... then output header + loadIncludeOnce('inc/header.php'); + } // END - fi + + // Init result for below sqlNumRows() function + $result_main = FALSE; - if (SQL_NUMROWS($result) == 1) { - // Load the entry - list($ltype) = SQL_FETCHROW($result); + // Maybe he wants to confirm an email? + switch ($data['type']) { + case 'normal': + $result_main = sqlQueryEscaped("SELECT `id` AS `link_id`, `link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `stats_id`=%s AND `userid`=%s LIMIT 1", + array($data['id'], $data['userid']), __FILE__, __LINE__); + break; - // Clean result - SQL_FREERESULT($result); + case 'bonus': + $result_main = sqlQueryEscaped("SELECT `id` AS `link_id`, `link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `bonus_id`=%s AND `userid`=%s LIMIT 1", + array($data['id'], $data['userid']), __FILE__, __LINE__); + break; - switch ($ltype) - { - case "NORMAL": - // Is the stats ID valid? - $result = SQL_QUERY_ESC("SELECT pool_id, url, subject FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1", - array($url_mid), __FILE__, __LINE__); + default: // Not detected + reportBug(__FILE__, __LINE__, 'No valid type=' . $data['type'] . ' set.'); + break; + } // END - switch + + // Is an entry found? + if (sqlNumRows($result_main) == 1) { + // Is the stats id valid? + $data = merge_array($data, sqlFetchArray($result_main)); + + // Init result here with invalid to avoid possible missing variable + $result_mailid = FALSE; + + // @TODO Rewrite this to a filter/function + switch ($data['link_type']) { + case 'NORMAL': + $result_mailid = sqlQueryEscaped("SELECT `pool_id`, `userid` AS `sender`, `url` FROM `{?_MYSQL_PREFIX?}_user_stats` WHERE `id`=%s LIMIT 1", + array($data['id']), __FILE__, __LINE__); break; - case "BONUS": - // Is the bonus extension active? - if (!EXT_IS_ACTIVE("bonus")) { - // Abort here - LOAD_URL("modules.php?module=index&msg=".CODE_EXTENSION_PROBLEM."&ext=mailid"); - } // END - if + case 'BONUS': + $result_mailid = sqlQueryEscaped("SELECT `id` AS `pool_id`, `is_notify`, `url` FROM `{?_MYSQL_PREFIX?}_bonus` WHERE `id`=%s LIMIT 1", + array($data['id']), __FILE__, __LINE__); + break; - // Bonus-Mails - $result = SQL_QUERY_ESC("SELECT id, url, subject FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1", - array($url_bid), __FILE__, __LINE__); + default: // Unknown type + reportBug(__FILE__, __LINE__, 'Unknown mail type ' . $data['link_type'] . ' detected.'); break; - } + } // END - switch + + // Entry found? + if (sqlNumRows($result_mailid) == 1) { + // Load data + $data = merge_array($data, sqlFetchArray($result_mailid)); + + // Correct notification switch in non-bonus mails + if ((!isset($data['is_notify'])) || (!in_array($data['is_notify'], array('Y', 'N')))) { + $data['is_notify'] = 'N'; + } // END - if + + // Set sender to 0 when we have a bonus mail + if ($data['link_type'] == 'BONUS') { + $data['sender'] = NULL; + } // END - if + + // Is the user id valid? + if (fetchUserData($data['userid']) === TRUE) { + // Is the user status CONFIRMED? + if (getUserData('status') == 'CONFIRMED') { + // User has confirmed his account so we can procede... + // @TODO Rewrite this to a filter + switch ($data['link_type']) { + case 'NORMAL': + $result = sqlQueryEscaped("SELECT `payment_id` FROM `{?_MYSQL_PREFIX?}_user_stats` WHERE `pool_id`=%s LIMIT 1", + array(bigintval($data['pool_id'])), __FILE__, __LINE__); + + // Entry found? + if (sqlNumRows($result) == 1) { + $data = merge_array($data, sqlFetchArray($result)); + $data['time'] = getPaymentTime($data['payment_id']); + $data['payment'] = getPaymentPayment($data['payment_id']); + $isValid = TRUE; + } // END - if - if (SQL_NUMROWS($result) == 1) { - // Load data - list($pool, $URL, $EXTRA_TITLE) = SQL_FETCHROW($result); - - // Free result - SQL_FREERESULT($result); - - // Compile extra title - $EXTRA_TITLE = COMPILE_CODE($EXTRA_TITLE); - - // Is the user's ID unlocked? - $result = SQL_QUERY_ESC("SELECT status, gender, surname, family FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", - array($url_uid), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) { - list($status, $gender, $sname, $fname) = SQL_FETCHROW($result); - SQL_FREERESULT($result); - if ($status == "CONFIRMED") { - // User has confirmed his account so we can procede... - switch ($ltype) - { - case "NORMAL": - $result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1", - array(bigintval($pool)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { - list($pay) = SQL_FETCHROW($result); - $time = GET_PAY_POINTS($pay, "time"); - $payment = GET_PAY_POINTS($pay, "payment"); - $VALID = true; - } - - // Free memory - SQL_FREERESULT($result); + // Free memory... + sqlFreeResult($result); break; - case "BONUS": - $result = SQL_QUERY_ESC("SELECT points, time FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1", - array($url_bid), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { - list($points, $time) = SQL_FETCHROW($result); - $payment = "0.00000"; - $VALID = true; - } - - // Free memory - SQL_FREERESULT($result); + case 'BONUS': + $result = sqlQueryEscaped("SELECT `time`, `points` AS `payment` FROM `{?_MYSQL_PREFIX?}_bonus` WHERE `id`=%s LIMIT 1", + array(bigintval($data['pool_id'])), __FILE__, __LINE__); + + // Entry found? + if (sqlNumRows($result) == 1) { + $data = merge_array($data, sqlFetchArray($result)); + $isValid = TRUE; + } // END - if + + // Free memory... + sqlFreeResult($result); break; - } - // Add header - require_once(PATH."inc/header.php"); - - // Was that mail a valid one? - if ($VALID) { - // If time is zero seconds we have a sponsor mail. 1 Second shall be set to avoid problems - if (($time == "0") && ($payment > 0)) { $URL = URL; $time = "1"; } - if (($time > 0) && (($payment > 0) || ($points > 0))) { - // He can confirm this mail! - // Export data into constants for the template - define('_UID_VALUE' , $url_uid); - define('_TYPE_VALUE', $type); - define('_DATA_VALUE', $DATA); - define('_URL_VALUE' , DEREFERER($URL)); - - // Load template - LOAD_TEMPLATE("mailid_frames"); - } else { - $msg = CODE_DATA_INVALID; - } + default: // Unknown type + reportBug(__FILE__, __LINE__, 'Unknown mail type ' . $data['link_type'] . ' detected.'); + break; + } // END - switch + + // Is this entry valid? + if ($isValid === TRUE) { + // Run at least one second + if (($data['time'] < 1) && ($data['payment'] > 0)) { + // Zero seconds is not supported + $data['time'] = 1; + } // END - if + + // Is time and payment set? + if (($data['time'] > 0) && ($data['payment'] > 0)) { + $data['real_code'] = '0'; + if (!empty($data['code'])) { + // Generate code (the user sees in the CAPTCHA) + $data['real_code'] = generateRandomCode(getCodeLength(), $data['code'], $data['userid'], $data['id']); + } // END - if + + // Do the call-back by given data array + doMailIdCallback($data); } else { - $msg = CODE_POSSIBLE_INVALID; + $data['error_code'] = getCode('DATA_INVALID'); + $data['do'] = 'failed'; } } else { - $msg = CODE_ACCOUNT_LOCKED; + $data['error_code'] = getCode('POSSIBLE_INVALID'); + $data['do'] = 'failed'; } } else { - SQL_FREERESULT($result); - $msg = CODE_USER_404; + $data['error_code'] = getCode('ACCOUNT_' . strtoupper(getUserData('status'))); + $data['do'] = 'failed'; } } else { - SQL_FREERESULT($result); - $msg = CODE_STATS_404; + $data['error_code'] = getCode('USER_404'); + $data['do'] = 'failed'; } } else { - SQL_FREERESULT($result); - $msg = CODE_ALREADY_CONFIRMED; + $data['error_code'] = getCode('STATS_404'); + $data['do'] = 'failed'; } - } else { - // Nothing entered - $msg = CODE_ERROR_MAILID; - } - // Error code is set? - if (!empty($msg)) { - switch (getConfig('mailid_error_redirect')) { - case "INDEX": // Redirect to index page - LOAD_URL("modules.php?module=index&msg=".$msg."&ext=mailid"); - break; - - case "REJECT": // Redirect to rejection page - LOAD_URL(getConfig('reject_url')); - break; - - default: - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown status %s detected in mailid_error_redirect.", getConfig('mailid_error_redirect'))); - LOAD_URL("modules.php?module=index&msg=".CODE_UNKNOWN_STATUS."&ext=mailid"); - break; - } + // Free result + sqlFreeResult($result_mailid); } else { - // Include footer - require_once(PATH."inc/footer.php"); + $data['error_code'] = getCode('ALREADY_CONFIRMED'); + $data['do'] = 'failed'; } + + // Free result + sqlFreeResult($result_main); } else { - // You have to configure first! - LOAD_URL("install.php"); + // Not all variables are set + $data['error_code'] = getCode('ERROR_MAILID'); + $data['do'] = 'failed'; } -// +// Error code is set? +handleMailIdErrorCode($data['error_code']); + +// Insert footer if no image +if ($data['do'] != 'img') { + // Write footer + loadIncludeOnce('inc/footer.php'); +} // END - if + +// Really all done here... ;-) +doShutdown(); + +// [EOF] ?>