X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=ref.php;h=c9b37ece10ba3cb8f43d4730814a1b7d4fa28966;hp=7edc3ed7d09c6ac434b7110393415e529fb51ed6;hb=3c2f106c02f6d86a90f529a0564abcbbe716fe71;hpb=43885129ac24cee5545a8a5ad51e90aa182fdf46

diff --git a/ref.php b/ref.php
index 7edc3ed7d0..c9b37ece10 100644
--- a/ref.php
+++ b/ref.php
@@ -45,8 +45,7 @@ $GLOBALS['module'] = "ref"; $CSS = -1;
 require ("inc/config.php");
 
 // Redirect only to registration page when this script is installed
-if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')))
-{
+if (isBooleanConstantAndTrue('mxchange_installed')) {
 	// Base URL for redirection
 	switch ($_CONFIG['refid_target'])
 	{
@@ -61,41 +60,50 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
 
 	// Get referral ID from ref or refid variable
 	if (!empty($_GET['ref']))        $ref = secureString($_GET['ref']);
-	 elseif (!empty($_GET['refid'])) $ref = bigintval($_GET['refid']);
+	 elseif (!empty($_GET['refid'])) $ref = secureString($_GET['refid']);
 
-	if (!empty($ref))
-	{
-		// Test if nickname ($test == "0") or ID
-		$test = "".round($ref)."";
-		if ((EXT_IS_ACTIVE("nickname")) && ($test != $ref))
-		{
-			// Nickname in URL, so load the ID
-			$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", array($ref), __FILE__, __LINE__);
-			list($ref) = SQL_FETCHROW($result);
-			SQL_FREERESULT($result);
-		}
+	if (!empty($ref)) {
+		// Test if nickname or numeric id
+		if ($ref != "".bigintval($ref)."") {
+			if (EXT_IS_ACTIVE("nickname")) {
+				// Nickname in URL, so load the ID
+				$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
+					array($ref), __FILE__, __LINE__);
+
+				// Load userid
+				list($ref) = SQL_FETCHROW($result);
+
+				// Free result
+				SQL_FREERESULT($result);
+			} else {
+				// Invalid request!
+				$ref = 0;
+			}
+		} // END - if
 
 		// Also edit this 0 !
-		if (empty($ref)) $ref = "0";
+		if (empty($ref)) $ref = 0;
+
+		// Update session
+		set_session('refid', $ref);
 
 		// We have an refid here. So we simply add it
 		$URL .= bigintval($ref);
 
-		// Update ref counter
-		$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%s LIMIT 1",
-		 array(bigintval($ref)), __FILE__, __LINE__);
-	}
-	 else
-	{
+		// Is the refid valid?
+		if ($ref > 0) {
+			// Update ref counter
+			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%s LIMIT 1",
+				array(bigintval($ref)), __FILE__, __LINE__);
+		} // END - if
+	} else {
 		// No refid and we add our refid (don't forget to set $def_refid!)
 		$URL = URL."/index.php";
 	}
+
 	// Load the URL
 	LOAD_URL($URL);
-	// Redirection should be done here
-}
- else
-{
+} else {
 	// You have to configure first!
 	LOAD_URL("install.php");
 }