X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=mailid_top.php;h=927610b030de67121626f827ce3019d8f363ccd7;hp=f1e83132d403e9ebae7a440ad436634c13b538b0;hb=d900268f17d81753e28bed251f143edc0402930b;hpb=3c8df4406f9247182f4dbe4494d62ac229a7bd28
diff --git a/mailid_top.php b/mailid_top.php
index f1e83132d4..927610b030 100644
--- a/mailid_top.php
+++ b/mailid_top.php
@@ -1,7 +1,7 @@
0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErrors() == 0)) {
+// Secure all data
+if (isGetRequestParameterSet('userid')) $url_userid = bigintval(getRequestParameter('userid'));
+if (isGetRequestParameterSet('mailid')) $url_mid = bigintval(getRequestParameter('mailid'));
+if (isGetRequestParameterSet('bonusid')) $url_bid = bigintval(getRequestParameter('bonusid'));
+if (isGetRequestParameterSet('code')) $code = bigintval(getRequestParameter('code'));
+if (isGetRequestParameterSet('mode')) $mode = getRequestParameter('mode');
+
+// 01 1 12 2 2 21 1 22 10
+if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErrors() == '0')) {
// No image? Then output header
if ($mode != 'img') loadIncludeOnce('inc/header.php');
@@ -79,16 +83,19 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
array($url_mid, $url_userid), __FILE__, __LINE__);
$type = 'mailid'; $urlId = $url_mid;
} elseif ($url_bid > 0) {
- $result = SQL_QUERY_ESC("SELECT `id`, link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `bonus_id`=%s AND `userid`=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT `id`, `link_type` FROM `{?_MYSQL_PREFIX?}_user_links` WHERE `bonus_id`=%s AND `userid`=%s LIMIT 1",
array($url_bid, $url_userid), __FILE__, __LINE__);
$type = 'bonusid'; $urlId = $url_bid;
}
if (SQL_NUMROWS($result) == 1) {
- // Is the stats ID valid?
+ // Is the stats id valid?
list($lid, $ltype) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
+ // Init result here with invalid to avoid possible missing variable
+ $result_mailid = false;
+
// @TODO Rewrite this to a filter
switch ($ltype) {
case 'NORMAL':
@@ -97,7 +104,7 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
break;
case 'BONUS':
- $result_mailid = SQL_QUERY_ESC("SELECT `id, `id`, `is_notify` FROM `{?_MYSQL_PREFIX?}_bonus` WHERE `id`=%s LIMIT 1",
+ $result_mailid = SQL_QUERY_ESC("SELECT `id`, `id`, `is_notify` FROM `{?_MYSQL_PREFIX?}_bonus` WHERE `id`=%s LIMIT 1",
array($url_bid), __FILE__, __LINE__);
break;
@@ -118,27 +125,15 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
SQL_FREERESULT($result_mailid);
// Set sender to 0 when we have a bonus mail
- if ($ltype == 'BONUS') $sender = 0;
-
- // Is the user's ID unlocked?
- $result = SQL_QUERY_ESC("SELECT `status`, `gender`, `surname`, `family`, `ref_payout` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1",
- array($url_userid), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1) {
- // Load data
- list($status, $gender, $surname, $family, $ref_pay) = SQL_FETCHROW($result);
-
- // Free some memory
- SQL_FREERESULT($result);
-
- if ($status == 'CONFIRMED') {
- // Update last activity
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `last_online`=UNIX_TIMESTAMP(), `last_module`='mailid_top' WHERE `userid`=%s LIMIT 1",
- array($url_userid), __FILE__, __LINE__);
+ if ($ltype == 'BONUS') $sender = '0';
+ // Is the user id valid?
+ if (fetchUserData($url_userid) === true) {
+ // Is the user status CONFIRMED?
+ if (getUserData('status') == 'CONFIRMED') {
// User has confirmed his account so we can procede...
// @TODO Rewrite this to a filter
- switch ($ltype)
- {
+ switch ($ltype) {
case 'NORMAL':
$result = SQL_QUERY_ESC("SELECT `payment_id` FROM `{?_MYSQL_PREFIX?}_user_stats` WHERE `pool_id`=%s LIMIT 1",
array(bigintval($pool)), __FILE__, __LINE__);
@@ -176,9 +171,9 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
// Is this entry valid?
if ($isValid === true) {
- if (($time == '0') && ($payment > 0)) $time = '1';
+ if (($time == '0') && ($payment > 0)) $time = 1;
if (($time > 0) && ($payment > 0)) {
- $img_code = 0;
+ $img_code = '0';
if (!empty($code)) {
// Generate code
$img_code = generateRandomCode(getConfig('code_length'), $code, $url_userid, $urlId);
@@ -188,7 +183,7 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
switch ($mode) {
case 'add':
// Init stats data
- $stats_data = 0;
+ $stats_data = '0';
// Count clicks
// @TODO Rewrite this to a filter
@@ -231,13 +226,13 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
if (getExtensionVersion('user') >= '0.1.2') {
// Update counter
SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET mails_confirmed=mails_confirmed + 1 WHERE `userid`=%s LIMIT 1",
- array($url_userid), __FILE__, __LINE__);
+ array($url_userid), __FILE__, __LINE__);
// Update random confirmed as well?
if (getExtensionVersion('user') >= '0.3.4') {
// Update second counter
SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET rand_confirmed=rand_confirmed + 1 WHERE `userid`=%s LIMIT 1",
- array($url_userid), __FILE__, __LINE__);
+ array($url_userid), __FILE__, __LINE__);
} // END - if
} // END - if
@@ -245,13 +240,13 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
insertUserStatsRecord($url_userid, $type, $stats_data);
// Right code entered?
- if (bigintval(postRequestElement('gfx_check')) == $img_code) {
+ if (bigintval(postRequestParameter('gfx_check')) == $img_code) {
// Add points over referal system is the default
$locked = false;
$template = 'mailid_points_done';
// Right code entered add points and remove entry
- if (($ref_pay > 0) && (getConfig('allow_direct_pay') != 'Y')) {
+ if ((getUserData('ref_payout') > 0) && (getConfig('allow_direct_pay') != 'Y')) {
// Don't add points over the referal system
$locked = true;
$template = 'mailid_points_locked';
@@ -264,7 +259,7 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
// Add points
// @TODO Try to rewrite the following unset()
unset($GLOBALS['ref_level']);
- addPointsThroughReferalSystem('mailid_okay', $url_userid, $payment, false, '0', $locked);
+ addPointsThroughReferalSystem('mailid_okay', $url_userid, $payment, false, 0, $locked);
// Shall I add bonus points for "turbo clickers" ?
if (getExtensionVersion('bonus') >= '0.2.2') {
@@ -293,7 +288,7 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
// Load template
loadTemplate($template, false, $content);
- } else {
+ } elseif ($sender > 0) {
// Wrong image code! So add points to sender's account
addPointsDirectly('mailid_payback', $sender, $payment);
@@ -330,6 +325,9 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
// Load template
loadTemplate($templ, false, $content);
+ } else {
+ // Cannot confirm!
+ debug_report_bug('No code given.');
}
break;
@@ -353,30 +351,30 @@ if (($url_userid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErr
break;
} // END - switch
} else {
- loadTemplate('admin_settings_saved', false, "{--MAIL_ALREADY_CONFIRMED--} (6)
");
+ loadTemplate('admin_settings_saved', false, '{--MAIL_ALREADY_CONFIRMED--} (6)
');
$mode = 'failed';
}
} else {
- loadTemplate('admin_settings_saved', false, "{--MAIL_ALREADY_CONFIRMED--} (5)
");
+ loadTemplate('admin_settings_saved', false, '{--MAIL_ALREADY_CONFIRMED--} (5)
');
$mode = 'failed';
}
} else {
- loadTemplate('admin_settings_saved', false, "{--MAIL_ALREADY_CONFIRMED--} (4)
");
+ loadTemplate('admin_settings_saved', false, '{--MAIL_ALREADY_CONFIRMED--} (4)
');
$mode = 'failed';
}
} else {
SQL_FREERESULT($result);
- loadTemplate('admin_settings_saved', false, "{--MAIL_ALREADY_CONFIRMED--} (3)
");
+ loadTemplate('admin_settings_saved', false, '{--MAIL_ALREADY_CONFIRMED--} (3)
');
$mode = 'failed';
}
} else {
SQL_FREERESULT($result);
- loadTemplate('admin_settings_saved', false, "{--MAIL_ALREADY_CONFIRMED--} (2)
");
+ loadTemplate('admin_settings_saved', false, '{--MAIL_ALREADY_CONFIRMED--} (2)
');
$mode = 'failed';
}
} else {
SQL_FREERESULT($result);
- loadTemplate('admin_settings_saved', false, "{--MAIL_ALREADY_CONFIRMED--} (1)
");
+ loadTemplate('admin_settings_saved', false, '{--MAIL_ALREADY_CONFIRMED--} (1)
');
$mode = 'failed';
}