]> git.mxchange.org Git - mailer.git/commitdiff
Tons of rewrites (SQL queries), surfbar nearly finished (working: surfing with static...
authorRoland Häder <roland@mxchange.org>
Sat, 6 Sep 2008 05:28:10 +0000 (05:28 +0000)
committerRoland Häder <roland@mxchange.org>
Sat, 6 Sep 2008 05:28:10 +0000 (05:28 +0000)
179 files changed:
.gitattributes
beg.php
birthday_confirm.php
click.php
doubler.php
inc/autopurge.php
inc/db/lib-mysql3.php
inc/db/lib.php
inc/doubler_send.php
inc/extensions.php
inc/extensions/ext-active.php
inc/extensions/ext-autopurge.php
inc/extensions/ext-beg.php
inc/extensions/ext-birthday.php
inc/extensions/ext-bonus.php
inc/extensions/ext-cache.php
inc/extensions/ext-doubler.php
inc/extensions/ext-holiday.php
inc/extensions/ext-maintenance.php
inc/extensions/ext-mediadata.php
inc/extensions/ext-newsletter.php
inc/extensions/ext-order.php
inc/extensions/ext-profile.php
inc/extensions/ext-register.php
inc/extensions/ext-rewrite.php
inc/extensions/ext-sponsor.php
inc/extensions/ext-sql_patches.php
inc/extensions/ext-surfbar.php
inc/extensions/ext-top10.php
inc/extensions/ext-transfer.php
inc/extensions/ext-user.php
inc/footer.php
inc/functions.php
inc/gen_sql_patches.php
inc/header.php
inc/libs/admins_functions.php
inc/libs/autopurge_functions.php
inc/libs/bonus_functions.php
inc/libs/country_functions.php
inc/libs/holiday_functions.php
inc/libs/nickname_functions.php
inc/libs/output_functions.php
inc/libs/rallye_functions.php
inc/libs/sponsor_functions.php
inc/libs/surfbar_functions.php
inc/load_cache.php
inc/mails/beg_mails.php
inc/mails/birthday_mails.php
inc/mails/bonus_mails.php
inc/modules/admin.php
inc/modules/admin/admin-inc.php
inc/modules/admin/overview-inc.php
inc/modules/admin/what-add_points.php
inc/modules/admin/what-adminedit.php
inc/modules/admin/what-admins_contct.php
inc/modules/admin/what-admins_mails.php
inc/modules/admin/what-config_admins.php
inc/modules/admin/what-config_cats.php
inc/modules/admin/what-config_email.php
inc/modules/admin/what-config_mods.php
inc/modules/admin/what-config_payouts.php
inc/modules/admin/what-config_points.php
inc/modules/admin/what-config_rallye_prices.php
inc/modules/admin/what-config_register.php
inc/modules/admin/what-del_email.php
inc/modules/admin/what-del_holiday.php
inc/modules/admin/what-del_transfer.php
inc/modules/admin/what-del_user.php
inc/modules/admin/what-edit_emails.php
inc/modules/admin/what-edit_user.php
inc/modules/admin/what-email_archiv.php
inc/modules/admin/what-email_details.php
inc/modules/admin/what-extensions.php
inc/modules/admin/what-guestedit.php
inc/modules/admin/what-list_cats.php
inc/modules/admin/what-list_country.php
inc/modules/admin/what-list_links.php
inc/modules/admin/what-list_newsletter.php
inc/modules/admin/what-list_payouts.php
inc/modules/admin/what-list_rallyes.php
inc/modules/admin/what-list_refs.php
inc/modules/admin/what-list_task.php
inc/modules/admin/what-list_unconfirmed.php
inc/modules/admin/what-list_user.php
inc/modules/admin/what-lock_user.php
inc/modules/admin/what-memedit.php
inc/modules/admin/what-newsletter.php [deleted file]
inc/modules/admin/what-payments.php
inc/modules/admin/what-refbanner.php
inc/modules/admin/what-repair_amnu.php
inc/modules/admin/what-repair_cats.php
inc/modules/admin/what-repair_gmnu.php
inc/modules/admin/what-repair_mmnu.php
inc/modules/admin/what-send_bonus.php
inc/modules/admin/what-stats.php [deleted file]
inc/modules/admin/what-sub_points.php
inc/modules/admin/what-theme_check.php
inc/modules/admin/what-unlock_emails.php
inc/modules/admin/what-user_contct.php
inc/modules/chk_login.php
inc/modules/frametester.php
inc/modules/guest/action-online.php
inc/modules/guest/what-confirm.php
inc/modules/guest/what-login.php
inc/modules/guest/what-register.php
inc/modules/guest/what-stats.php
inc/modules/member/what-beg.php
inc/modules/member/what-categories.php
inc/modules/member/what-holiday.php
inc/modules/member/what-html_mail.php
inc/modules/member/what-logout.php
inc/modules/member/what-mydata.php
inc/modules/member/what-newsletter.php
inc/modules/member/what-nickname.php
inc/modules/member/what-order.php
inc/modules/member/what-payout.php
inc/modules/member/what-points.php
inc/modules/member/what-reflinks.php
inc/modules/member/what-stats.php
inc/modules/member/what-surfbar_start.php
inc/modules/member/what-themes.php
inc/modules/member/what-transfer.php
inc/modules/member/what-unconfirmed.php
inc/modules/member/what-welcome.php
inc/modules/member/what-wernis.php
inc/modules/order.php
inc/monthly/monthly_beg.php
inc/monthly/monthly_bonus.php
inc/monthly/monthly_newsletter.php
inc/mysql-connect.php
inc/mysql-manager.php
inc/pool-update.php
inc/profile-updte.php
inc/reset/reset_beg.php
inc/reset/reset_bonus.php
inc/reset/reset_daily.php
inc/reset/reset_engine.php
inc/reset/reset_holiday.php
inc/session.php
inc/stats_bonus.php
inc/theme-manager.php
lead-confirm.php
mailid.php
mailid_top.php
modules.php
ref.php
show_bonus.php
surfbar.php [new file with mode: 0644]
templates/de/html/admin/admin_config_autopurge_pro.tpl [deleted file]
templates/de/html/admin/admin_config_beg_pro.tpl [deleted file]
templates/de/html/admin/admin_config_bonus_pro.tpl [deleted file]
templates/de/html/admin/admin_config_doubler_pro.tpl [deleted file]
templates/de/html/admin/admin_config_reg.tpl [deleted file]
templates/de/html/admin/admin_config_transfer_pro.tpl [deleted file]
templates/de/html/admin/admin_extensions_search.tpl [deleted file]
templates/de/html/admin/admin_mods_footer_edit.tpl [deleted file]
templates/de/html/admin/admin_mods_footer_list.tpl [deleted file]
templates/de/html/admin/admin_mods_footer_stats.tpl [deleted file]
templates/de/html/admin/admin_mods_footer_stats2.tpl [deleted file]
templates/de/html/admin/admin_mods_header_edit.tpl [deleted file]
templates/de/html/admin/admin_mods_header_list.tpl [deleted file]
templates/de/html/admin/admin_mods_header_stats.tpl [deleted file]
templates/de/html/admin/admin_mods_header_stats2.tpl [deleted file]
templates/de/html/admin/admin_setup_stats.tpl [deleted file]
templates/de/html/mailid/mailid_frames.tpl
templates/de/html/mailid/mailid_frameset.tpl [deleted file]
templates/de/html/mailid/mailid_timer.tpl
templates/de/html/member/member_frameset-back.tpl [deleted file]
templates/de/html/member/member_frameset-send.tpl [deleted file]
templates/de/html/member/member_surfbar_link.tpl [new file with mode: 0644]
templates/de/html/member/member_surfbar_start_static.tpl [new file with mode: 0644]
templates/de/html/member/member_welcome_footer.tpl
templates/de/html/member/member_welcome_header.tpl
templates/de/html/surfbar/.htaccess [new file with mode: 0644]
templates/de/html/surfbar/surfbar_frame_banner.tpl [new file with mode: 0644]
templates/de/html/surfbar/surfbar_frame_top.tpl [new file with mode: 0644]
templates/de/html/surfbar/surfbar_frameset.tpl [new file with mode: 0644]
templates/de/html/surfbar/surfbar_stopped.tpl [new file with mode: 0644]
view.php

index 4294b17df0025fdc9d05f6e19829012fdf449675..cff20e66278bc6c5a54810166d9515d14a7bc700 100644 (file)
@@ -343,7 +343,6 @@ inc/modules/admin/what-logs.php -text
 inc/modules/admin/what-maintenance.php -text
 inc/modules/admin/what-mem_add.php -text
 inc/modules/admin/what-memedit.php -text
-inc/modules/admin/what-newsletter.php -text
 inc/modules/admin/what-optimize.php -text
 inc/modules/admin/what-overview.php -text
 inc/modules/admin/what-payments.php -text
@@ -357,7 +356,6 @@ inc/modules/admin/what-repair_mmenu.php -text
 inc/modules/admin/what-repair_mmnu.php -text
 inc/modules/admin/what-send_bonus.php -text
 inc/modules/admin/what-send_newsletter.php -text
-inc/modules/admin/what-stats.php -text
 inc/modules/admin/what-stats_mods.php -text
 inc/modules/admin/what-sub_points.php -text
 inc/modules/admin/what-theme_check.php -text
@@ -559,6 +557,7 @@ install/tables.sql -text
 /show_bonus.php -text
 /sponsor_confirm.php -text
 /sponsor_ref.php -text
+/surfbar.php -text
 templates/.htaccess -text
 templates/de/.htaccess -text
 templates/de/emails/add-points.tpl -text
@@ -742,17 +741,13 @@ templates/de/html/admin/admin_config_admins_edit.tpl -text
 templates/de/html/admin/admin_config_admins_edit_row.tpl -text
 templates/de/html/admin/admin_config_admins_row.tpl -text
 templates/de/html/admin/admin_config_autopurge.tpl -text
-templates/de/html/admin/admin_config_autopurge_pro.tpl -text
 templates/de/html/admin/admin_config_beg.tpl -text
-templates/de/html/admin/admin_config_beg_pro.tpl -text
 templates/de/html/admin/admin_config_birthday.tpl -text
 templates/de/html/admin/admin_config_bonus.tpl -text
-templates/de/html/admin/admin_config_bonus_pro.tpl -text
 templates/de/html/admin/admin_config_cache.tpl -text
 templates/de/html/admin/admin_config_cats.tpl -text
 templates/de/html/admin/admin_config_cats_row.tpl -text
 templates/de/html/admin/admin_config_doubler.tpl -text
-templates/de/html/admin/admin_config_doubler_pro.tpl -text
 templates/de/html/admin/admin_config_email.tpl -text
 templates/de/html/admin/admin_config_email_del.tpl -text
 templates/de/html/admin/admin_config_email_del_row.tpl -text
@@ -787,7 +782,6 @@ templates/de/html/admin/admin_config_rallye_edit_row.tpl -text
 templates/de/html/admin/admin_config_rallye_prices.tpl -text
 templates/de/html/admin/admin_config_rallye_prices_row.tpl -text
 templates/de/html/admin/admin_config_refid.tpl -text
-templates/de/html/admin/admin_config_reg.tpl -text
 templates/de/html/admin/admin_config_reg_pro.tpl -text
 templates/de/html/admin/admin_config_register.tpl -text
 templates/de/html/admin/admin_config_register2.tpl -text
@@ -801,7 +795,6 @@ templates/de/html/admin/admin_config_surfbar.tpl -text
 templates/de/html/admin/admin_config_title.tpl -text
 templates/de/html/admin/admin_config_top10.tpl -text
 templates/de/html/admin/admin_config_transfer.tpl -text
-templates/de/html/admin/admin_config_transfer_pro.tpl -text
 templates/de/html/admin/admin_config_user.tpl -text
 templates/de/html/admin/admin_config_wernis.tpl -text
 templates/de/html/admin/admin_contct_user_form.tpl -text
@@ -849,7 +842,6 @@ templates/de/html/admin/admin_extensions_edit_row.tpl -text
 templates/de/html/admin/admin_extensions_installed.tpl -text
 templates/de/html/admin/admin_extensions_list.tpl -text
 templates/de/html/admin/admin_extensions_row.tpl -text
-templates/de/html/admin/admin_extensions_search.tpl -text
 templates/de/html/admin/admin_extensions_text.tpl -text
 templates/de/html/admin/admin_footer.tpl -text
 templates/de/html/admin/admin_gmenu_delete.tpl -text
@@ -962,14 +954,6 @@ templates/de/html/admin/admin_mmenu_overview.tpl -text
 templates/de/html/admin/admin_mmenu_status.tpl -text
 templates/de/html/admin/admin_mods_edit.tpl -text
 templates/de/html/admin/admin_mods_edit_row.tpl -text
-templates/de/html/admin/admin_mods_footer_edit.tpl -text
-templates/de/html/admin/admin_mods_footer_list.tpl -text
-templates/de/html/admin/admin_mods_footer_stats.tpl -text
-templates/de/html/admin/admin_mods_footer_stats2.tpl -text
-templates/de/html/admin/admin_mods_header_edit.tpl -text
-templates/de/html/admin/admin_mods_header_list.tpl -text
-templates/de/html/admin/admin_mods_header_stats.tpl -text
-templates/de/html/admin/admin_mods_header_stats2.tpl -text
 templates/de/html/admin/admin_mods_list.tpl -text
 templates/de/html/admin/admin_mods_list_row.tpl -text
 templates/de/html/admin/admin_mods_stats.tpl -text
@@ -1021,7 +1005,6 @@ templates/de/html/admin/admin_send_bonus_form.tpl -text
 templates/de/html/admin/admin_send_bonus_select.tpl -text
 templates/de/html/admin/admin_send_reset_link.tpl -text
 templates/de/html/admin/admin_settings_saved.tpl -text
-templates/de/html/admin/admin_setup_stats.tpl -text
 templates/de/html/admin/admin_sponsor_paytypes.tpl -text
 templates/de/html/admin/admin_sub_points.tpl -text
 templates/de/html/admin/admin_sub_points_all.tpl -text
@@ -1184,7 +1167,6 @@ templates/de/html/mailid/mailid_banner.tpl -text
 templates/de/html/mailid/mailid_confirm_buttom.tpl -text
 templates/de/html/mailid/mailid_enter_code.tpl -text
 templates/de/html/mailid/mailid_frames.tpl -text
-templates/de/html/mailid/mailid_frameset.tpl -text
 templates/de/html/mailid/mailid_points_done.tpl -text
 templates/de/html/mailid/mailid_points_done2.tpl -text
 templates/de/html/mailid/mailid_points_failed.tpl -text
@@ -1211,8 +1193,6 @@ templates/de/html/member/member_doubler.tpl -text
 templates/de/html/member/member_doubler_list.tpl -text
 templates/de/html/member/member_doubler_list_rows.tpl -text
 templates/de/html/member/member_footer.tpl -text
-templates/de/html/member/member_frameset-back.tpl -text
-templates/de/html/member/member_frameset-send.tpl -text
 templates/de/html/member/member_goto_top.tpl -text
 templates/de/html/member/member_header.tpl -text
 templates/de/html/member/member_holiday_deactivate.tpl -text
@@ -1260,6 +1240,8 @@ templates/de/html/member/member_stats_table.tpl -text
 templates/de/html/member/member_support_contacted.tpl -text
 templates/de/html/member/member_support_contcted.tpl -text
 templates/de/html/member/member_support_form.tpl -text
+templates/de/html/member/member_surfbar_link.tpl -text
+templates/de/html/member/member_surfbar_start_static.tpl -text
 templates/de/html/member/member_themes.tpl -text
 templates/de/html/member/member_transfer_list.tpl -text
 templates/de/html/member/member_transfer_new.tpl -text
@@ -1306,6 +1288,11 @@ templates/de/html/sponsor/sponsor_main.tpl -text
 templates/de/html/sponsor/sponsor_settings_form.tpl -text
 templates/de/html/sponsor/sponsor_welcome.tpl -text
 templates/de/html/sponsor/sponsor_what.tpl -text
+templates/de/html/surfbar/.htaccess -text
+templates/de/html/surfbar/surfbar_frame_banner.tpl -text
+templates/de/html/surfbar/surfbar_frame_top.tpl -text
+templates/de/html/surfbar/surfbar_frameset.tpl -text
+templates/de/html/surfbar/surfbar_stopped.tpl -text
 templates/de/html/theme_one.tpl -text
 templates/de/html/theme_select_box.tpl -text
 templates/de/html/theme_select_form.tpl -text
diff --git a/beg.php b/beg.php
index eb9bf9442276d956f2aa9f06eaf44e84b082798a..e402809626df492982bd4b35c509954abd416bfd 100644 (file)
--- a/beg.php
+++ b/beg.php
@@ -69,7 +69,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                        }
                } else {
                        // Direct userid
-                       $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                         array(bigintval($_GET['uid'])), __FILE__, __LINE__);
                }
 
@@ -112,11 +112,11 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
 
                if (($uid > 0) && ($_CONFIG['beg_uid'] != $uid)) {
                        // Update counter
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                         array($uid), __FILE__, __LINE__);
 
                        // Check for last entry for userid w/o IP number
-                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%d)) AND remote_ip='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%s)) AND remote_ip='%s' LIMIT 1",
                         array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
                        if ((SQL_NUMROWS($result) == 0) && ($points > 0) && (!$login)) {
                                // Free memory
@@ -137,7 +137,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                // Is begging rallye active?
                                if ($_CONFIG['beg_rallye'] == "Y") {
                                        // Add points to rallye account
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1",
                                         array($points, $uid), __FILE__, __LINE__);
                                } else {
                                        // Add points to account
@@ -148,14 +148,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                // Subtract begged points from member account if the admin has selected one
                                if ($_CONFIG['beg_uid'] > 0) {
                                        // Subtract from this account
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                                        array($points, bigintval($_CONFIG['beg_uid'])), __FILE__, __LINE__);
-
-                                       // Update mediadata as well
-                                       if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
-                                               // Update database
-                                               MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
-                                       }
+                                       SUB_POINTS($_CONFIG['beg_uid'], $points);
                                }
 
                                // Set message
index 621b21fe92bb95a4124a916c9037fedf02052b18..68fd150ef9c2194ff03db3b43bbcf5f8dd4b17b3 100644 (file)
@@ -57,7 +57,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
 FROM "._MYSQL_PREFIX."_user_birthday AS b
 INNER JOIN "._MYSQL_PREFIX."_user_data AS d
 ON b.userid=d.userid
-WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
+WHERE b.userid=%s AND b.chk_value='%s' LIMIT 1",
  array($uid, $chk), __FILE__, __LINE__);
        //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")<br />\n";
 
@@ -77,7 +77,7 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
                        ADD_POINTS_REFSYSTEM($uid, $data['points'], false, "0", $locked, strtolower($_CONFIG['birthday_mode']));
 
                        // Remove entry from table
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d AND chk_value='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%s AND chk_value='%s' LIMIT 1",
                         array($uid, $chk), __FILE__, __LINE__);
 
                        // Update mediadata if version is 0.0.4 or newer
index 016ba77555bfe3416917320fdde06c134686c21e..d5c3aaa6a011854deb984395def4607c8273a14b 100644 (file)
--- a/click.php
+++ b/click.php
@@ -47,7 +47,7 @@ require ("inc/config.php");
 if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) {
        // Update clicks counter...
        $CLICK = 1;
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET clicks=clicks+1 WHERE id=%d LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
        if (SQL_AFFECTEDROWS($link) == 1) {
                if (!empty($_GET['user'])) {
                        LOAD_URL("ref.php?refid=".bigintval($_GET['user']));
index e8a088bc8cefdef9885e7ab482571898e9d1dcf1..ca2934f7b6cd3e9f1d2fb759a8dd4394b3b38cff 100644 (file)
@@ -64,7 +64,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
         else
        {
                // Direct userid entered
-               $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
        }
 
@@ -99,7 +99,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                         else
                        {
                                // Direct userid entered
-                               $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array(bigintval($_POST['userid'])), __FILE__, __LINE__);
                        }
 
@@ -134,15 +134,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                         array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__);
 
                                        // Subtract entered points
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                                        array($_POST['points'], $uid), __FILE__, __LINE__);
-
-                                       // Update mediadata as well
-                                       if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                                       {
-                                               // Update database
-                                               MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $_POST['points']);
-                                       }
+                                       SUB_POINTS($uid, $_POST['points']);
 
                                        // Add points to "total payed" including charge
                                        $points = $_POST['points'] - $_POST['points'] * $_CONFIG['doubler_charge'];
index 39c630bdebd3f6f110c219283d75937dd55ef4c0..0871b6ce80aa14ae21a16ebaa91ba513e28d7248 100644 (file)
@@ -67,7 +67,7 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid",
                while(list($mid, $sender, $pool, $price) = SQL_FETCHROW($result))
                {
                        // Check if confirmation links are purged or not
-                       $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d LIMIT 1",
+                       $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s LIMIT 1",
                         array(bigintval($mid)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result_links) == 1)
                        {
@@ -85,11 +85,11 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid",
                                $uid = $sender; $points += $price; $admin_points += $price;
 
                                // Remove confirmation links from queue
-                               $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d",
+                               $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s",
                                 array(bigintval($mid)), __FILE__, __LINE__);
 
                                // Update status of order
-                               $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='DELETED' WHERE id=%d LIMIT 1",
+                               $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='DELETED' WHERE id=%s LIMIT 1",
                                 array(bigintval($pool)), __FILE__, __LINE__);
                        }
                }
@@ -114,7 +114,7 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid",
                        while (list($bid, $price) = SQL_FETCHROW($result))
                        {
                                // Check if confirmation links are purged or not
-                               $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d",
+                               $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s",
                                 array(bigintval($bid)), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result_links) > 0)
                                {
@@ -125,11 +125,11 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid",
                                        SQL_FREERESULT($result_links);
 
                                        // Remove confirmation links from queue
-                                       $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d",
+                                       $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s",
                                         array(bigintval($bid)), __FILE__, __LINE__);
 
                                        // Update status of order
-                                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='DELETED' WHERE id=%d LIMIT 1",
+                                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='DELETED' WHERE id=%s LIMIT 1",
                                         array(bigintval($bid)), __FILE__, __LINE__);
                                }
                        }
@@ -199,7 +199,7 @@ ORDER BY d.userid", array($since, $since, $since), __FILE__, __LINE__);
                        SEND_EMAIL($email, AUTOPURGE_MEMBER_INACTIVE_SUBJECT, $msg);
 
                        // Update this account
-                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ap_notified=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ap_notified=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
                }
 
@@ -328,11 +328,11 @@ if ($_CONFIG['ap_del_mails'])
                while(list($sender) = SQL_FETCHROW($result_mails))
                {
                        // Check now...
-                       $fount = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
+                       $fount = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
                        if ($found == 0)
                        {
                                // Okay we found some mails!
-                               $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE sender=%d",
+                               $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE sender=%s",
                                 array(bigintval($sender)), __FILE__, __LINE__);
                                $DELETED += SQL_AFFECTEDROWS();
 
@@ -359,11 +359,11 @@ if ($_CONFIG['ap_del_mails'])
                while(list($sender) = SQL_FETCHROW($result_mails))
                {
                        // Check now...
-                       $found = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
+                       $found = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
                        if ($found == 0)
                        {
                                // Okay we found some mails!
-                               $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE sender=%d", array(bigintval($sender)), __FILE__, __LINE__);
+                               $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE sender=%s", array(bigintval($sender)), __FILE__, __LINE__);
                                $DELETED += SQL_AFFECTEDROWS();
 
                                // Reset query (to prevent possible errors) ...
index 95e409042d6c2421e031971dac3c5fa504521d0a..a49a60f10903333ac939830ce1cda4fed8af0489 100644 (file)
@@ -66,7 +66,7 @@ function SQL_QUERY($sql_string, $F, $L) {
        // Debug output
        //* DEBUG: */ print "Query=<pre>".$sql_string."</pre>, affected=<b>".SQL_AFFECTEDROWS()."</b>, numrows=<b>".SQL_NUMROWS($result)."</b><br />\n";
 
-       if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (DEBUG_SQL)) {
+       if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (isBooleanConstantAndTrue('DEBUG_SQL'))) {
                //
                // Debugging stuff...
                //
@@ -176,7 +176,7 @@ function SQL_CLOSE($link, $F, $L) {
        global $_CONFIG, $cacheInstance, $cacheArray;
        if ((GET_EXT_VERSION("cache") >= "0.0.7") && (isset($_CONFIG['db_hits'])) && (isset($_CONFIG['cache_hits'])) && (is_object($cacheInstance))) {
                // Update counter for db/cache
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%d, cache_hits=%d WHERE config=0 LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%s, cache_hits=%s WHERE config=0 LIMIT 1",
                        array(bigintval($_CONFIG['db_hits']), bigintval($_CONFIG['cache_hits'])), __FILE__, __LINE__);
 
                // Update cache here
@@ -234,9 +234,15 @@ function SQL_INSERTID() {
        return @mysql_insert_id();
 }
 // Escape a string for the database
-function SQL_ESCAPE($str) {
+function SQL_ESCAPE($str, $secureString = true) {
        global $link;
 
+       // Secure string first? (which is the default behaviour!)
+       if ($secureString) {
+               // Then do it here
+               $str = secureString($str);
+       } // END - if
+
        if (!is_resource($link)) {
                // Fall-back to addslashes() when there is no link
                return addslashes($str);
@@ -256,7 +262,7 @@ function SQL_ESCAPE($str) {
 // SELECT query string from table, columns and so on... ;-)
 function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id) {
        // Prepare the SQL statement
-       $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%d LIMIT 1";
+       $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%s LIMIT 1";
 
        // Return the result
        return SQL_QUERY_ESC($SQL, array(bigintval($id)), __FILE__, __LINE__);
index d461ebf1e174eb229e8b28c4e7e7f9a272e1ac3a..5d9a30891e5a284edf6e2a73a1877cf921649d65 100644 (file)
@@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 if (_DB_TYPE == "_DB_TYPE") define('_DB_TYPE', "mysql3");
 
 // Create include file name
-$INC = PATH."inc/db/lib-"._DB_TYPE.".php";
+$INC = sprintf("%sinc/db/lib-%s.php", PATH, _DB_TYPE);
 
 if ((file_exists($INC)) && (is_readable($INC))) {
        // Include abstraction layer
index e4f16f4f9b008ec25afa2b26afb135040145067e..a0d6ee84049095f6ecda8aa0c9ddd73e740e4928 100644 (file)
@@ -84,7 +84,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                if ($DOUBLER_POINTS >= $points)
                {
                        // Check for his ref points
-                       $result_ref = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_doubler WHERE refid=%d AND completed='N' AND is_ref='Y'",
+                       $result_ref = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_doubler WHERE refid=%s AND completed='N' AND is_ref='Y'",
                         array(bigintval($uid)), __FILE__, __LINE__);
                        list($ref) = SQL_FETCHROW($result_ref);
 
@@ -97,7 +97,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                        {
                                // Referral points found so add them and set line(s) to completed='Y'
                                $points += $ref;
-                               $result_ref = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE refid=%d AND completed='N' AND is_ref='Y'",
+                               $result_ref = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE refid=%s AND completed='N' AND is_ref='Y'",
                                 array(bigintval($uid)), __FILE__, __LINE__);
                        }
                         else
@@ -110,7 +110,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                        if ($uid != $_CONFIG['doubler_uid'])
                        {
                                // Add points
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
                                 array($points, bigintval($uid)), __FILE__, __LINE__);
 
                                // Update mediadata as well
@@ -122,7 +122,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                        }
 
                        // Set entry as "payed"
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
 
                        $OK = false;
@@ -141,15 +141,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                        if (($user > 0) && ($user >= $points) && (!$OK) && ($_CONFIG['doubler_uid'] > 0) && ($uid != $_CONFIG['doubler_uid']))
                        {
                                // Add points to used points
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid='%d' LIMIT 1",
-                                array($points, $_CONFIG['doubler_uid']), __FILE__, __LINE__);
-
-                               // Update mediadata as well
-                               if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                               {
-                                       // Update database
-                                       MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
-                               }
+                               SUB_POINTS($_CONFIG['doubler_uid'], $points);
 
                                // Okay, done!
                                $OK = true;
index 06b5fc827e5bad3847734a2ecff10b81484e4528..fa5e463b8f089aef5cefb1bc9beb4074473875bb 100644 (file)
@@ -198,7 +198,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false)
                                 array($ext_name, $EXT_LANG_PREFIX, $EXT_ALWAYS_ACTIVE, $EXT_VERSION), __FILE__, __LINE__);
 
                                // Update task management
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
 
                                // In normal mode return a true on success
@@ -222,7 +222,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false)
                }
        } elseif (($id > 0) && (!empty($ext_name))) {
                // Remove task from system when id and extension's name is valid
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND status='NEW' LIMIT 1",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND status='NEW' LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
        }
 
@@ -275,7 +275,7 @@ function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE) {
                // Removal mode?
                if ($EXT_LOAD_MODE == "remove") {
                        // Delete this extension (remember to remove it from your server *before* you click on welcome!
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                } // END - if
 
@@ -563,7 +563,7 @@ function GET_EXT_NAME($id)
         else
        {
                // Load from database
-               $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($ret) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index 892b52e8d8d68b1df3a91028855c505cf060e640..e867de09cfcef2ce5c6d3cfaadf1a1d7469bff54 100644 (file)
@@ -123,7 +123,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index be921133327cc502eef4dc95f71e5ba9d4faaf4e..84207b9bb3ba734350804b997d262f7fbe909577 100644 (file)
@@ -258,14 +258,14 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Do we have a daily-reset-run?
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // Yes, we have. So let's auto-purge some campaigns, inactive users and unconfirmed accounts
-               $INC_POOL[] = PATH."inc/autopurge.php";
+               $INC_POOL[] = sprintf("%sinc/autopurge.php", PATH);
        }
        break;
 }
index d30facebfcfb4b9a74ff64cb046f6db5e3e61706..ab6b8826f8212f1e95be39a8214ec4c2233f0211 100644 (file)
@@ -260,7 +260,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Remove old entries
@@ -268,18 +268,18 @@ default: // Do stuff when extension is loaded
        if ($_CONFIG['beg_uid_timeout'] > $OLD) $OLD = $_CONFIG['beg_uid_timeout'];
        $result_ext = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_beg_ips WHERE timeout < ".(time() - $OLD - 60*60), __FILE__, __LINE__);
 
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // Daily reset was run so let's check if begging rallye is active
                if ($_CONFIG['beg_rallye'] == "Y")
                {
                        // Check for our winers
-                       $INC_POOL[] = PATH."inc/monthly/monthly_beg.php";
+                       $INC_POOL[] = sprintf("%sinc/monthly/monthly_beg.php", PATH);
                }
                 else
                {
                        // Reset begging points
-                       $INC_POOL[] = PATH."inc/reset/reset_beg.php";
+                       $INC_POOL[] = sprintf("inc/reset/reset_beg.php", PATH);
                }
        }
 
@@ -287,7 +287,7 @@ default: // Do stuff when extension is loaded
        if (($_CONFIG['beg_rallye'] == "Y") && ($_CONFIG['beg_new_mem_notify'] == "Y"))
        {
                // Include file for sending out mails
-               $INC_POOL[] = PATH."inc/mails/beg_mails.php";
+               $INC_POOL[] = sprintf("%sinc/mails/beg_mails.php", PATH);
        }
 
        // Return code for the URL
index 067f106d69348c1c40f635123df3faa8ca771b33..7ea5372bc388adde6215835c802449104a112379 100644 (file)
@@ -186,16 +186,16 @@ default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
 
        // Copy config to main array
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
 
        // Save some RAM...
        unset($dummy);
 
-       if ((defined('__DAILY_RESET')) && ($_CONFIG['birthday_points'] > 0))
+       if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['birthday_points'] > 0))
        {
                // Daily reset was run and we shall pay points so we start checking for members who
                // has a birthday for today
-               $INC_POOL[] = PATH."inc/mails/birthday_mails.php";
+               $INC_POOL[] = sprintf("%sinc/mails/birthday_mails.php", PATH);
        }
        break;
 }
index 2d83afcc55d8e03b64cedc04e13512c48cd3a0a9..b0bad4d91d50412f3a1c49d73b2f359a6590b7e8 100644 (file)
@@ -541,22 +541,22 @@ WHERE last_online < ".$mark." ORDER BY userid";
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // Daily reset was run so let's check if active rallye is activated
                if ($_CONFIG['bonus_active'] == "Y")
                {
                        // Run active rallye
-                       if($_CONFIG['bonus_stats'] > 0) $INC_POOL[] = PATH."inc/stats_bonus.php";
-                       $INC_POOL[] = PATH."inc/monthly/monthly_bonus.php";
+                       if($_CONFIG['bonus_stats'] > 0) $INC_POOL[] = sprintf("%sinc/stats_bonus.php", PATH);
+                       $INC_POOL[] = sprintf("%sinc/monthly/monthly_bonus.php", PATH);
                }
                 else
                {
                        // Reset points
-                       $INC_POOL[] = PATH."inc/reset/reset_bonus.php";
+                       $INC_POOL[] = sprintf("%sinc/reset/reset_bonus.php", PATH);
                }
        }
 
@@ -564,7 +564,7 @@ default: // Do stuff when extension is loaded
        if (($_CONFIG['bonus_active'] == "Y") && ($_CONFIG['bonus_new_mem_notify'] == "Y"))
        {
                // Include file for sending out mails
-               $INC_POOL[] = PATH."inc/mails/bonus_mails.php";
+               $INC_POOL[] = sprintf("%sinc/mails/bonus_mails.php", PATH);
        }
        break;
 }
index 83aaba132ca6a6fd1180df47bb4a2766e15b4979..c13a330d372b0fe97778647c43aeccf90514d4f2 100644 (file)
@@ -185,7 +185,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Create instance on class
index 260095dc12d8f743801681496056c59a44870ae5..0b3aff3158a23ee800c36a47ae4ab6e2f63a587c 100644 (file)
@@ -237,13 +237,12 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
-       if ((defined('__DAILY_RESET')) && ($_CONFIG['doubler_send_mode'] == "RESET"))
-       {
+       if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['doubler_send_mode'] == "RESET")) {
                // So let's check for points
-               $INC_POOL[] = PATH."inc/doubler_send.php";
+               $INC_POOL[] = sprintf("%sinc/doubler_send.php", PATH);
        }
        break;
 }
index 29215c7ce20cbd0bb6833c7ffcb5d18f4ca09479..a5937ff22537f92357276e2ce404dfde83a44891 100644 (file)
@@ -225,14 +225,14 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Do we have a daily-reset-run?
-       if (((defined('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET")) || ($_CONFIG['holiday_mode'] == "DIRECT"))
+       if (((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET")) || ($_CONFIG['holiday_mode'] == "DIRECT"))
        {
                // Ok, let's check for finished holidays and unlock those accounts
-               $INC_POOL[] = PATH."inc/reset/reset_holiday.php";
+               $INC_POOL[] = sprintf("%sinc/reset/reset_holiday.php", PATH);
        }
        break;
 }
index cdcc08a7ba72eef95013d0aca034d7f9365f4979..0a36b7192821aebfa5ad25ea4e0eff4a2a6af313 100644 (file)
@@ -111,7 +111,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 65f3cd5fde5c83e9d1fc6df69d4796b630c1fd02..efd1986f878926b84da6a070b39b71a681c6c8d6 100644 (file)
@@ -130,7 +130,7 @@ Bitte stellen Sie diesen derzeit manuell unter <A href=\"".URL."/modules.php?mod
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
@@ -140,7 +140,7 @@ if ((isset($dry_run)) && (isset($EXT_LOAD_MODE)))
        if ((!$dry_run) && ($EXT_LOAD_MODE == "update") && ($EXT_VER == "0.0.4"))
        {
                // Add auto-check file
-               $INC_POOL[] = PATH."inc/gen_mediadata.php";
+               $INC_POOL[] = sprintf("%sinc/gen_mediadata.php", PATH);
        }
 }
 
index 23d5cd1cdf2657d3e4e430ab343dcbfa3a3bd205..4b625bc6d6452de83b2b74f16ab0b38e0d44b42c 100644 (file)
@@ -151,7 +151,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // URL ends which are used to indentify the end of an URL or email link
@@ -172,10 +172,10 @@ default: // Do stuff when extension is loaded
                '2', '3', '4', '5', '6', '7', '8', '9'
        );
 
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // Daily reset was run so let's check out for expired newsletter orders
-               $INC_POOL[] = PATH."inc/monthly/monthly_newsletter.php";
+               $INC_POOL[] = sprintf("%sinc/monthly/monthly_newsletter.php", PATH);
        }
        break;
 }
index 9c0b64948ec05103d68443d4ae2927fcb9bf5017..31fd4210696bf83623de10e9867e1c47da33d524 100644 (file)
@@ -304,11 +304,11 @@ nicht die vom Mitglied eingegebene. Resultat: Das Script beschwerte sich, der Us
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Do daily reset only when installed and extension version is at least 0.1.1
-       if ((defined('__DAILY_RESET')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (GET_EXT_VERSION("order") >= "0.1.1"))
+       if ((isBooleanConstantAndTrue('__DAILY_RESET')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (GET_EXT_VERSION("order") >= "0.1.1"))
        {
                // Reset mail order values
                $result_ext = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET mail_orders=0 WHERE mail_orders > 0", __FILE__, __LINE__);
index 87ce68aa670092c4dc3f2b99d6d7688af2b0571c..6173b778f12d403bb4aafb75c73181a2157b4c71 100644 (file)
@@ -121,10 +121,10 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        // Do we have a daily-reset-run?
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // So let's check for profiles which needs an update
-               $INC_POOL[] = PATH."inc/profile-updte.php";
+               $INC_POOL[] = sprintf("%sinc/profile-updte.php", PATH);
        }
        break;
 }
index 3836baf4b059d0c692432b6e4a0f2fea0ca97ffd..2224b0ba39ecc7337228c60ac0787ac981409a74 100644 (file)
@@ -324,7 +324,7 @@ PRIMARY KEY(id)
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 5e911a48e282ff16a2ad40c654b99176b1c806b4..724dca64d277127b298f4cf5a276dfab026fbab0 100644 (file)
@@ -137,7 +137,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index f53ee49b63bcbcd5f1a9c28328ab6ae0a9b2677f..4201cc029abee2b5ea2ef22732aecf5c9526442e 100644 (file)
@@ -428,7 +428,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 669222adb7d42e7ac50cc4ce0778680061b4cd8d..2d7ea00271c2495c0fe8879ee06ba2cfe079cec8 100644 (file)
@@ -567,7 +567,7 @@ default: // Do stuff when extension is loaded
        if (GET_EXT_VERSION("sql_patches") != '') {
                $_CONFIG['secret_key']        = "";
                //die("<pre>".print_r($dummy, true)."</pre>");
-               $_CONFIG = array_merge($_CONFIG, $dummy);
+               $_CONFIG = merge_array($_CONFIG, $dummy);
 
                // Read key from secret file
                if ((empty($_CONFIG['file_hash'])) || (empty($_CONFIG['master_salt'])) || (empty($_CONFIG['pass_scramble']))) {
index d345980610e57f1efb039748567d93ad7b7cd5f7..832f900abd470d8c1bb27629acb1a177847ed8b9 100644 (file)
@@ -55,7 +55,9 @@ case "register": // Do stuff when installtion is running (modules.php?module=adm
 `id` BIGINT(20) UNSIGNED  NOT NULL AUTO_INCREMENT,
 `userid` BIGINT(20) UNSIGNED  NOT NULL DEFAULT '0',
 `url` VARCHAR(255) NOT NULL DEFAULT '',
+`last_salt` VARCHAR( 255 ) NOT NULL DEFAULT '',
 `reward` DOUBLE(20,5) UNSIGNED  NOT NULL DEFAULT '0.00000',
+`payment_id` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0',
 `views_total` BIGINT(20) UNSIGNED  NOT NULL DEFAULT '0',
 `status` ENUM('PENDING','CONFIRMED', 'LOCKED') NOT NULL DEFAULT 'CONFIRMED',
 `registered` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
@@ -73,8 +75,8 @@ UNIQUE KEY `userid_url` (`userid`, `url`)
 `url_id` BIGINT(20) UNSIGNED  NOT NULL DEFAULT '0',
 `last_surfed` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
 PRIMARY KEY(`id`),
-INDEX(`userid`),
-INDEX(`url_id`)
+INDEX (`userid`),
+INDEX (`url_id`),
 ) TYPE=MyISAM COMMENT='Surfbar reload locks'";
 
        // Reload locks
@@ -108,6 +110,9 @@ PRIMARY KEY(`id`)
        $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','unlock_surfbar_urls','Wartende URLs freigeben','Geben Sie hier nur direkt in der Surfbar gebuchte URLs frei.',2)";
        $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','list_surfbar_reflvl','Referal-Ebenen einstellen','Stellen Sie hier die prozentuale Verg&uuml;tung f&uuml;r Refs ein. Es wird nur die Basisverg&uuml;tung zur Rechengrundlage der Referalverg&uuml;tung verwendet.',3)";
        $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','config_surfbar','Einstellungen','Einstellungen an der Surfbar &auml;ndern, wie Festverg&uuml;tung, prozentuale Ref-Verg&uuml;tung und vieles mehr.',4)";
+
+       // Load CSS?
+       $EXT_CSS = "Y";
        break;
 
 case "remove": // Do stuff when removing extension
@@ -143,7 +148,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 812699a71b62b9ffd73fc17ca346dc2d4c53084d..af5f2ed3336ac8af8650fd7046b1f4d585940297 100644 (file)
@@ -143,7 +143,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 76fec572ee57d642e0a94c6ae437ee1535166efd..a69fe2d0a0f52c235917c95ceb6e5258c8d1bf51 100644 (file)
@@ -284,10 +284,10 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
-       if ((defined('__DAILY_RESET')) && ($_CONFIG['ap_transfer'] == "Y"))
+       if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['ap_transfer'] == "Y"))
        {
                // Automatically remove outdated or not displayed transactions
                TRANSFER_AUTPPURGE($_CONFIG['transfer_max'], $_CONFIG['transfer_age']);
index 30f0e570bddf7bf61f22f75941bee77e0ccd32b4..fb87fe583c01b595695a704274d73427eacb8e8d 100644 (file)
@@ -215,7 +215,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index bbb91a4a20985e87951730252917a959442c8416..aca9c6e0ebdf3bcfdfcf3cae2f97d317c90563b1 100644 (file)
@@ -58,8 +58,11 @@ if (($footer != "1") && ($footer != "2") && ($CSS != "1")) {
                DISPLAY_PARSING_TIME_FOOTER();
        } // END - if
 
-       // Load page footer
-       LOAD_TEMPLATE("page_footer");
+       // Not in frameset mode?
+       if ((!isset($isFrameset)) || ($isFrameset === false)) {
+               // Load page footer
+               LOAD_TEMPLATE("page_footer");
+       } // END - if
 
        // And the last closing HTML tag
        OUTPUT_HTML("</HTML>");
index 7a08291573bbb32e871b2b29e23365e7dc3661e8..aae3aae26a9139227769be974d76e7c08af2fdd2 100644 (file)
@@ -209,9 +209,10 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
        if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = 0;
        $REFID = $GLOBALS['refid'];
 
+       // DEPRECATED!!!
        if ($template == "member_support_form") {
                // Support request of a member
-               $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
                list($sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -222,7 +223,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
        $date_time = MAKE_DATETIME(time(), "1");
 
        // Base directory
-       $BASE = PATH."templates/".GET_LANGUAGE()."/html/";
+       $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE());
        $MODE = "";
 
        // Check for admin/guest/member templates
@@ -342,7 +343,7 @@ function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") {
                        ADD_MESSAGE_TO_BOX($TO, $SUBJECT, $MSG, $HTML);
                        return;
                } else {
-                       $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__);
+                       $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__);
                        list($TO) = SQL_FETCHROW($result_email);
                        SQL_FREERESULT($result_email);
                }
@@ -410,7 +411,7 @@ function SEND_RAW_EMAIL ($to, $subject, $msg, $from) {
 
                // get new instance
                $mail = new PHPMailer();
-               $mail->PluginDir  = PATH."inc/phpmailer/";
+               $mail->PluginDir  = sprintf("%sinc/phpmailer/", PATH);
 
                $mail->IsSMTP();
                $mail->SMTPAuth   = true;
@@ -710,6 +711,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
                $EXPIRATION = round($_CONFIG['auto_purge']/60/60/24)." "._DAYS;
        }
 
+       // DEPRECATED switch!
        switch ($template)
        {
        case "bonus-mail": // Load data for the bonus mail
@@ -807,13 +809,13 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
        if ($UID > 0) {
                if (EXT_IS_ACTIVE("nickname")) {
                        // Load nickname
-                       $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                         array(bigintval($UID)), __FILE__, __LINE__);
                        list($surname, $family, $sex, $email, $nick) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                } else {
                        // Load normal data
-                       $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                         array(bigintval($UID)), __FILE__, __LINE__);
                        list($surname, $family, $sex, $email) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -832,7 +834,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
        $DATA['email'] = $email;
 
        // Base directory
-       $BASE = PATH."templates/".GET_LANGUAGE()."/emails/";
+       $BASE = sprintf("%stemplates/%s/emails/", PATH, GET_LANGUAGE());
 
        // Check for admin/guest/member templates
        if (strpos($template, "admin_") > -1) {
@@ -860,11 +862,10 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
        if ((!@file_exists($file)) || (!is_readable($file))) {
                // Reset to default template
                $file = $BASE.$template.".tpl";
-       }
+       } // END - if
 
        // Now does the final template exists?
-       if ((@file_exists($file)) && (is_readable($file)))
-       {
+       if ((@file_exists($file)) && (is_readable($file))) {
                // The local file does exists so we load it. :)
                $tmpl_file = @implode("", @file($file));
                $tmpl_file = addslashes($tmpl_file);
@@ -878,9 +879,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
 
                // Replace HTML confirm chars
                $content = html_entity_decode($content);
-       }
-        elseif (!empty($template))
-       {
+       } elseif (!empty($template)) {
                // Template file not found!
                $content = TEMPLATE_404.": ".$template."<br />
 ".TEMPLATE_CONTENT."
@@ -891,17 +890,16 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
 
                // Debug mode not active? Then remove the HTML tags
                if (!DEBUG_MODE) $content = strip_tags($content);
-       }
-        else
-       {
+       } else {
                // No template name supplied!
                $content = NO_TEMPLATE_SUPPLIED;
        }
+
+       // Return compiled content
        return COMPILE_CODE($content);
 }
 //
-function MAKE_TIME($H, $M, $S, $stamp)
-{
+function MAKE_TIME($H, $M, $S, $stamp) {
        // Extract day, month and year from given timestamp
        $DAY   = date("d", $stamp);
        $MONTH = date("m", $stamp);
@@ -1241,20 +1239,15 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") {
        return $return;
 }
 // Does only allow numbers
-function bigintval($num, $castValue = true)
-{
+function bigintval($num, $castValue = true) {
        // Filter all numbers out
        $ret = preg_replace("/[^0123456789]/", "", $num);
 
-       // Cast the value?
-       if ($castValue) $ret = (int) $ret;
-
        // Return result
        return $ret;
 }
 // Insert the code in $img_code into jpeg or PNG image
-function GENERATE_IMAGE($img_code, $header=true)
-{
+function GENERATE_IMAGE($img_code, $header=true) {
        global $_CONFIG;
        if ((strlen($img_code) > 6) || (empty($img_code)) || ($_CONFIG['code_length'] == 0))
        {
@@ -1271,14 +1264,11 @@ function GENERATE_IMAGE($img_code, $header=true)
        {
        case "jpg":
                // Loads JPEG image
-               $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.jpg";
-               if ((file_exists($img)) && (is_readable($img)))
-               {
+               $img = sprintf("%s/theme/%s/images/code_bg.jpg", PATH, GET_CURR_THEME());
+               if ((file_exists($img)) && (is_readable($img))) {
                        // Okay, load image and hide all errors
                        $image = @imagecreatefromjpeg($img);
-               }
-                else
-               {
+               } else  {
                        // Exit function here
                        return;
                }
@@ -1286,14 +1276,11 @@ function GENERATE_IMAGE($img_code, $header=true)
 
        case "png":
                // Loads PNG image
-               $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.png";
-               if ((file_exists($img)) && (is_readable($img)))
-               {
+               $img = sprintf("%s/theme/%s/images/code_bg.png", PATH, GET_CURR_THEME());
+               if ((file_exists($img)) && (is_readable($img))) {
                        // Okay, load image and hide all errors
                        $image = @imagecreatefrompng($img);
-               }
-                else
-               {
+               } else {
                        // Exit function here
                        return;
                }
@@ -1310,8 +1297,7 @@ function GENERATE_IMAGE($img_code, $header=true)
        header ("Content-Type: image/".$_CONFIG['img_type']);
 
        // Output image with matching image factory
-       switch ($_CONFIG['img_type'])
-       {
+       switch ($_CONFIG['img_type']) {
                case "jpg": imagejpeg($image); break;
                case "png": imagepng($image);  break;
        }
@@ -1916,6 +1902,14 @@ function generateHash ($plainText, $salt = "") {
                return $plainText;
        } // END - if
 
+       // Do we miss an arry element here?
+       if (!isset($_CONFIG['file_hash'])) {
+               // Stop here
+               print(__FUNCTION__.":<pre>");
+               debug_print_backtrace();
+               die("</pre>");
+       } // END - if
+
        // When the salt is empty build a new one, else use the first x configured characters as the salt
        if ($salt == "") {
                // Build server string
@@ -1941,10 +1935,10 @@ function generateHash ($plainText, $salt = "") {
                // Generate the password salt string
                $salt = substr($sha1, 0, $_CONFIG['salt_length']);
                //* DEBUG: */ echo $salt." (".strlen($salt).")<br />";
-       }
-        else
-       {
+       } else {
+               // Use given salt
                $salt = substr($salt, 0, $_CONFIG['salt_length']);
+               //* DEBUG: */ echo "GIVEN={$salt}<br />\n";
        }
 
        // Return hash
@@ -2070,7 +2064,7 @@ function ADD_URL_DATA($URL)
        // Add all together and return it
        return $URL.$ADD;
 }
-//
+// Generate an PGP-like encrypted hash of given hash for e.g. cookies
 function generatePassString($passHash) {
        global $_CONFIG;
 
@@ -2095,10 +2089,11 @@ function generatePassString($passHash) {
                        //* DEBUG: */ echo "*".$start."=".$mod."*<br>";
                        $start += 4;
                        $newHash .= $mod;
-               }
+               } // END - for
 
-               //* DEBUG: */ die($passHash."<br>".$newHash." (".strlen($newHash).")");
+               //* DEBUG: */ print($passHash."<br>".$newHash." (".strlen($newHash).")");
                $ret = generateHash($newHash, $_CONFIG['master_salt']);
+               //* DEBUG: */ print($ret."<br />\n");
        } else {
                // Hash it simple
                //* DEBUG: */ echo "--".$passHash."--<br />\n";
@@ -2191,6 +2186,9 @@ function set_session ($var, $value) {
        } elseif (!empty($value)) {
                // Update session
                $_SESSION[$var] = $value;
+       } else {
+               // Something bad happens!
+               return false; // Hope this doesn't make so much trouble???
        }
 
        // Return always true if the session variable is already set.
@@ -2236,7 +2234,27 @@ function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content="", $uid="0")
                SEND_ADMIN_EMAILS($subject, $msg);
        }
 }
-
+// Destroy user session
+function destroy_user_session () {
+       // Remove all user data from session
+       return ((set_session("userid", "")) && (set_session("u_hash", "")) && (set_session("lifetime", "")));
+}
+// Merges an array together but only if both are arrays
+function merge_array ($array1, $array2) {
+       // Are both an array?
+       if ((is_array($array1)) && (is_array($array2))) {
+               // Merge all together
+               return array_merge($array1, $array2);
+       } elseif (is_array($array1)) {
+               // Return left array
+               return $array1;
+       }
+
+       // Something wired happened here...
+       print(__FUNCTION__.":<pre>");
+       debug_print_backtrace();
+       die("</pre>");
+}
 //
 //////////////////////////////////////////////////
 //                                              //
index 61eebc187f0593ba9de770714806487ea559c345..5876e3d5fd88c71dc607c5da7eb37dfc6958e750 100644 (file)
@@ -72,7 +72,7 @@ if (empty($_CONFIG['master_salt'])) {
 if (empty($_CONFIG['file_hash'])) {
        // Create filename from hashed random string
        $file_hash = generateHash(GEN_PASS(rand(128, 256)));
-       $file = PATH."inc/.secret/.".$file_hash;
+       $file = sprintf("%sinc/.secret/.%s", PATH, $file_hash);
 
        // File hash was never created
        $fp = @fopen($file, 'w') or mxchange_die("Cannot write secret key file!");
index 3e31030b389e8eca7b318d9616b99d8b633d66ed..cbb11da08d791b7b3fb2cd9f49e43502d50d6537 100644 (file)
@@ -116,7 +116,7 @@ if (($header != "1") && ($header != "2")) {
 } // END - if
 
 // Load body or not
-if ((($GLOBALS['module'] != "frametester")) || (($header == "1") && ($GLOBALS['module'] == "frametester") && (!empty($_GET['frame']))) && ($CSS != "1")) {
+if (((!$isFrameset) && ($GLOBALS['module'] != "frametester")) || (($GLOBALS['module'] == "frametester") && (isset($_GET['frame']))) || (($header == "1") && ($isFrameset) && (!empty($_GET['frame']))) && ($CSS != "1")) {
        // Is the header sent and the script is not the mail confirmation script and not a CSS?
        if (($header == "1") && (basename($_SERVER['PHP_SELF']) != "mailid.php") && ($CSS != "1")) {
                // Add BODY tag
index b10cd3757c705063d58202de66c9b69c60f8bb59..8b017261f81a614e696687ec01c20875ac24683b 100644 (file)
@@ -119,11 +119,11 @@ function ADMINS_CHECK_ACL($act, $wht) {
                if (!empty($act))
                {
                        // Main menu
-                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' LIMIT 1",
                         array(bigintval($aid), $act), __FILE__, __LINE__);
                } elseif (!empty($wht)) {
                        // Sub menu
-                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND what_menu='%s' LIMIT 1",
                         array(bigintval($aid), $wht), __FILE__, __LINE__);
                }
 
@@ -232,7 +232,7 @@ login='%s'".$ADD.",
 email='%s',
 default_acl='%s',
 la_mode='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
  array(
        $login,
        $POST['email'][$id],
@@ -246,7 +246,7 @@ WHERE id=%d LIMIT 1",
 login='%s'".$ADD.",
 email='%s',
 la_mode='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
  array(
        $login,
        $POST['email'][$id],
@@ -283,7 +283,7 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) {
                $id = bigintval($id);
 
                // Get the admin's data
-               $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
                 array($id), __FILE__, __LINE__);
                if ((SQL_NUMROWS($result) == 1) && ($sel == 1)) {
                        // Entry found
@@ -329,7 +329,7 @@ function ADMINS_DELETE_ADMIN_ACCOUNTS ($POST) {
                        $id = bigintval($id);
 
                        // Get the admin's data
-                       $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1) {
                                // Entry found
@@ -374,7 +374,7 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) {
                         array($id), __FILE__, __LINE__);
 
                        // Remove account
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
 
                        $cacheInstance_UPDATE = "1";
index f6bd9f340bca07b3615d4c5c1284a4117442beb0..62073918fc055ad5ebe1ed11fe9e4295fe343428 100644 (file)
@@ -42,7 +42,7 @@ function AUTOPURGE_ADD_POINTS($uid, $points)
 {
        global $jackpot;
        // Check if he has locked points or not
-       $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($uid)), __FILE__, __LINE__);
        list($payout) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -67,7 +67,7 @@ function AUTOPURGE_ADD_POINTS($uid, $points)
         else
        {
                // .. to user's account
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
                 array($target, $target, $points, bigintval($uid)), __FILE__, __LINE__);
 
                // Update mediadata as well
index ebd186a483860ca374665957387d0849c10c6330..266866130f5455344450cb2e255e51e7858960dd 100644 (file)
@@ -50,13 +50,13 @@ function BONUS_ADD_TURBO_POINTS($mid, $uid, $type)
        switch ($type)
        {
        case "bonusid":
-               $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                 array($mid), __FILE__, __LINE__);
                $bonus = $mid; $mail = "0";
                break;
 
        case "mailid" :
-               $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
                 array($mid), __FILE__, __LINE__);
                $bonus = "0"; $mail = $mid;
                break;
@@ -88,7 +88,7 @@ function BONUS_ADD_TURBO_POINTS($mid, $uid, $type)
        }
 
        // Add points to his account directly
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=turbo_bonus+".$points." WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=turbo_bonus+".$points." WHERE userid=%s LIMIT 1",
         array(bigintval($uid)), __FILE__, __LINE__);
 
        // Rember this whole data for displaying ranking list
@@ -107,7 +107,7 @@ function BONUS_MAKE_RANK_ROWS($data, $type, $uid)
        $ranks = sizeof(explode(";", $_CONFIG['bonus_rates'])) + 1;
 
        // Load current user's data
-       $result = SQL_QUERY_ESC("SELECT level, points, timemark FROM "._MYSQL_PREFIX."_bonus_turbo WHERE %s=%s AND userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT level, points, timemark FROM "._MYSQL_PREFIX."_bonus_turbo WHERE %s=%s AND userid=%s LIMIT 1",
         array($type, $data, $uid), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -213,15 +213,7 @@ function BONUS_POINTS_HANDLER($MODE)
                        if ($TOTAL >= $points)
                        {
                                // Subtract points from userid's account
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                                array(bigintval($points), bigintval($_CONFIG['bonus_uid'])), __FILE__, __LINE__);
-
-                               // Update mediadata as well
-                               if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                               {
-                                       // Update database
-                                       MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
-                               }
+                               SUB_POINTS($_CONFIG['bonus_uid'], $points);
                        }
                }
                break;
@@ -232,15 +224,7 @@ function BONUS_POINTS_HANDLER($MODE)
                if ($TOTAL >= $points)
                {
                        // Subtract points from userid's account
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                        array(bigintval($points), bigintval($_CONFIG['bonus_uid'])),  __FILE__, __LINE__);
-
-                       // Update mediadata as well
-                       if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                       {
-                               // Update database
-                               MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
-                       }
+                       SUB_POINTS($_CONFIG['bonus_uid'], $points);
                }
                 else
                {
index 30b39fae7507cea2f2094929758dede55faba88b..be8658bd2a294e0cd28d7853fd3403c227f019dd 100644 (file)
@@ -40,7 +40,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 //
 function COUNTRY_GENERATE_INFO($ID)
 {
-       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%s LIMIT 1",
         array(bigintval($ID)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
index 49ab3b2be69de49a0195f40106fa185d36196ad4..f013ebeb2188fe5ebe34fa5350c18de0c516f2f5 100644 (file)
@@ -52,13 +52,13 @@ ORDER BY userid", __FILE__, __LINE__);
                while (list($uid, $start, $end, $comments) = SQL_FETCHROW($result_stop))
                {
                        // Stop holiday
-                       $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays WHERE userid=%d LIMIT 1",
+                       $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays WHERE userid=%s LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
 
                        // Unlock account
                        $result_del = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
 SET holiday_active='N', holiday_activated='0'
-WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
 
                        // Prepare array
                        $content = array(
index dbaee3b66ec871287ed80e14fc10f4c1e2e1a811..899d98b6fe73b0e04536387035a7ff3450c17aa9 100644 (file)
@@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 function NICKNAME_IS_ACTIVE($uidNick)
 {
        $ret = false;
-       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%d AND userid > 0) OR nickname='%s' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%s AND userid > 0) OR nickname='%s' LIMIT 1",
         array(bigintval($uidNick), $uidNick), __FILE__, __LINE__);
 
        // Check existence of nickname
@@ -60,7 +60,7 @@ function NICKNAME_GET_NICK($userid)
        $ret = "";
 
        // Search for non-empty nickname
-       $result = SQL_QUERY_ESC("SELECT nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND nickname != '' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND nickname != '' LIMIT 1",
         array(bigintval($userid)), __FILE__, __LINE__);
 
        // Found?
index 9b5be757323c57b63af559b145b69e3ac8d1aeca..c4391284349b458d32b065d4726abb86aff4981f 100644 (file)
@@ -78,15 +78,14 @@ function get_template ($template, $return=false, $content="")
 
        if ($template == "member_support_form") {
                // Support request of a member
-               $ID = bigintval($GLOBALS['userid']);
-               $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
                list($sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
                $salut = TRANSLATE_SEX($sex);
        }
 
        // Base directory
-       $BASE = PATH."templates/".GET_LANGUAGE()."/html/";
+       $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE());
        $MODE = "";
 
        // Check for admin/guest/member templates
@@ -118,13 +117,13 @@ function get_template ($template, $return=false, $content="")
 
                // Remove variable from memory
                unset($file2);
-       }
+       } // END - if
 
        // Does the special template exists?
        if ((!file_exists($file)) || (!is_readable($file))) {
                // Reset to default template
-               $file = PATH."templates/".GET_LANGUAGE()."/html/".$template.".tpl";
-       }
+               $file = sprintf("%stemplates/%s/html/%s.tpl", PATH, GET_LANGUAGE(), $template);
+       } // END - if
 
        // Now does the final template exists?
        if ((file_exists($file)) && (is_readable($file))) {
index 2a4f228c1f6c8e919f7eee267f893dbfb81b76c8..ad8d6c5f15139b4ee33102c70a208d6ace4d4dcf 100644 (file)
@@ -49,7 +49,7 @@ function RALLYE_AUTOSTART_RALLYES($result)
        SQL_FREERESULT($result);
 
        // Set notified to Y
-       $result_notified = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET notified='Y' WHERE id=%d LIMIT 1",
+       $result_notified = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET notified='Y' WHERE id=%s LIMIT 1",
         array(bigintval($id)), __FILE__, __LINE__);
 
        // Do a snapshot off all user refs
@@ -97,7 +97,7 @@ function RALLYE_AUTOSTART_RALLYES($result)
                if (empty($cnt)) $cnt = "0"; // Added prevent some unknown troubles... :-?
 
                // Check if line is already included...
-               $result_ref = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d AND userid=%d LIMIT 1",
+               $result_ref = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s AND userid=%s LIMIT 1",
                 array(bigintval($id), bigintval($uid)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result_ref) == 0)
                {
@@ -109,7 +109,7 @@ function RALLYE_AUTOSTART_RALLYES($result)
 FROM "._MYSQL_PREFIX."_user_points AS p
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON p.userid=d.userid
-WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d",
+WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%s",
  array($_CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__);
                        list($cpoints) = SQL_FETCHROW($result_ref);
                        SQL_FREERESULT($result_ref);
@@ -197,7 +197,7 @@ function RALLYE_ADD_TOPUSERS($rallye,$default=0)
        $since = (time() - $_CONFIG['ap_in_since']);
 
        // First check how many prices are set
-       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
         array(bigintval($rallye)), __FILE__, __LINE__);
        $prices = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
@@ -206,7 +206,7 @@ function RALLYE_ADD_TOPUSERS($rallye,$default=0)
        $result = SQL_QUERY_ESC("SELECT DISTINCT u.userid, u.refs, u.curr_points FROM "._MYSQL_PREFIX."_rallye_users AS u
 LEFT JOIN "._MYSQL_PREFIX."_refsystem AS r
 ON u.userid=r.userid
-WHERE u.rallye_id=%d AND r.counter > 0 ORDER BY u.refs DESC",
+WHERE u.rallye_id=%s AND r.counter > 0 ORDER BY u.refs DESC",
  array(bigintval($rallye)), __FILE__, __LINE__);
 
        // Load users
@@ -225,7 +225,7 @@ WHERE u.rallye_id=%d AND r.counter > 0 ORDER BY u.refs DESC",
                $result_ref = SQL_QUERY_ESC("SELECT DISTINCT p.points FROM "._MYSQL_PREFIX."_user_points AS p
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON p.userid=d.userid
-WHERE d.userid=%d AND d.status='CONFIRMED' AND p.ref_depth=1 AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s
+WHERE d.userid=%s AND d.status='CONFIRMED' AND p.ref_depth=1 AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s
 LIMIT 1", array(bigintval($uid), $_CONFIG['ref_payout'], $since), __FILE__, __LINE__);
                list($refpoints) = SQL_FETCHROW($result_ref);
                SQL_FREERESULT($result_ref);
@@ -293,7 +293,7 @@ function RALLYE_AUTOADD_USER($uid)
                SQL_FREERESULT($result);
 
                // Check if line is already included...
-               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d AND userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s AND userid=%s LIMIT 1",
                 array(bigintval($id), bigintval($uid)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 0)
                {
@@ -359,7 +359,7 @@ function RALLYE_EXPIRE_RALLYES($result)
                //   active = 0: account is deleted or locked
                $result = SQL_QUERY_ESC("SELECT COUNT(userid) AS active
 FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d AND status='CONFIRMED' AND last_online >= %s
+WHERE userid=%s AND status='CONFIRMED' AND last_online >= %s
 LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__);
                list($active) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -380,7 +380,7 @@ LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__);
        }
 
        // Expire rallye
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET expired='Y' WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET expired='Y' WHERE id=%s LIMIT 1",
         array(bigintval($id)), __FILE__, __LINE__);
 
        // Run array through (by uid is the most important 2nd-level-array)
@@ -398,7 +398,7 @@ LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__);
                        if ($DATA['points'] > 0)
                        {
                                // Add points directly to user's account
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
                                 array($DATA['points'], bigintval($uid)), __FILE__, __LINE__);
 
                                // Update mediadata as well
@@ -503,7 +503,7 @@ function RALLYE_LOAD_PRICES_ARRAY($rallye)
        );
 
        // Load prices
-       $result = SQL_QUERY_ESC("SELECT price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+       $result = SQL_QUERY_ESC("SELECT price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
         array(bigintval($rallye)), __FILE__, __LINE__);
        while(list($level, $points, $info) = SQL_FETCHROW($result))
        {
@@ -534,7 +534,7 @@ function RALLYE_LOAD_USERS_ARRAY($rallye)
        );
 
        // Load users                    uid    old   points earned
-       $result_user = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d ORDER BY userid",
+       $result_user = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s ORDER BY userid",
         array(bigintval($rallye)), __FILE__, __LINE__);
        while(list($uid, $refs, $cpoints) = SQL_FETCHROW($result_user))
        {
@@ -546,7 +546,7 @@ function RALLYE_LOAD_USERS_ARRAY($rallye)
 FROM "._MYSQL_PREFIX."_user_points AS p
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON p.userid=d.userid
-WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d",
+WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%s",
  array($_CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__);
                list($refpoints) = SQL_FETCHROW($result_ref);
                SQL_FREERESULT($result_ref);
@@ -585,7 +585,7 @@ WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p
 function RALLYE_LIST_WINNERS($rallye,$default=0)
 {
        // First check how many prices are set
-       $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+       $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
         array(bigintval($rallye)), __FILE__, __LINE__);
        $prices = SQL_NUMROWS($result_prices);
        SQL_FREERESULT($result_prices);
@@ -601,7 +601,7 @@ function RALLYE_LIST_WINNERS($rallye,$default=0)
                // Check status
                //   active = 1: account is still confirmed
                //   active = 0: account is deleted or locked
-               $result_active = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+               $result_active = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                 array(bigintval($DATA['uid'][$idx])), __FILE__, __LINE__);
                list($active) = SQL_FETCHROW($result_active);
                SQL_FREERESULT($result_active);
@@ -676,11 +676,11 @@ function RALLYE_DELETE_EXPIRED_RALLYES()
                        SEND_ADMIN_NOTIFICATION(RALLYE_ADMIN_PURGED.": ".$title, "admin_rallye_purged", "", 0);
 
                        // Purge whole rallye
-                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1",
+                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d LIMIT 1",
+                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d LIMIT 1",
+                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
 
@@ -698,7 +698,7 @@ function RALLYE_TEMPLATE_SELECTION($name="template", $default="")
 {
        // Check templates directory
        $OUT = ""; $ral = array();
-       $BASE = PATH."templates/".GET_LANGUAGE()."/html";
+       $BASE = sprintf("%stemplates/%s/html", PATH, GET_LANGUAGE());
        $dir = opendir($BASE);
        while ($read = readdir($dir))
        {
@@ -793,7 +793,7 @@ function RALLYE_GET_REFCOUNT($uid, $old=0)
 FROM "._MYSQL_PREFIX."_refsystem AS s
 LEFT JOIN "._MYSQL_PREFIX."_refdepths AS d
 ON s.level=d.level
-WHERE s.userid=%d AND s.level=0", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE s.userid=%s AND s.level=0", array(bigintval($uid)), __FILE__, __LINE__);
                list($cnt) = SQL_FETCHROW($result_ref);
                SQL_FREERESULT($result_ref);
                if (empty($cnt))
index d76263196e04fcc1e3de56e04a09e210729604c2..019eac79ff0ca47acd623e1fdd47d6905a4aebd1 100644 (file)
@@ -421,15 +421,12 @@ ORDER BY sort", array($action), __FILE__, __LINE__);
 function GENERATE_SPONSOR_CONTENT($what)
 {
        global $HTTP_POST_VARS, $_GET, $CONFIG;
-       $FILE = PATH."inc/modules/sponsor/".$what.".php";
        $OUT = "";
-       if (@file_exists($FILE))
-       {
+       $FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
+       if ((file_exists($FILE)) && (is_readable($FILE))) {
                // Every sponsor action will output nothing directly. It will be written into $OUT!
                require_once($FILE);
-       }
-        else
-       {
+       } else {
                // File not found!
                $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
        }
index 8cd6082367ad4998b136abddcd4e26ef568095f1..5af00ce901b202e82a00851e5442f14a18ba9695 100644 (file)
@@ -38,7 +38,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 }
 
 // Admin has added an URL with given user id
-function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward) {
+function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward, $paymentId) {
        // Is this really an admin?
        if (!IS_ADMIN()) {
                // Then leave here
@@ -52,7 +52,7 @@ function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward) {
        } // END - if
 
        // Register the new URL
-       return SURFBAR_REGISTER_URL($url, $uid, $reward, "CONFIRMED", "unlock");
+       return SURFBAR_REGISTER_URL($url, $uid, $reward, $paymentId, "CONFIRMED", "unlock");
 }
 // Looks up by an URL
 function SURFBAR_LOOKUP_BY_URL ($url) {
@@ -104,7 +104,7 @@ ORDER BY %s %s",
        return $lastUrlData;
 }
 // Registers an URL with the surfbar. You should have called SURFBAR_LOOKUP_BY_URL() first!
-function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode="reg") {
+function SURFBAR_REGISTER_URL ($url, $uid, $reward, $paymentId, $status="PENDING", $addMode="reg") {
        global $_CONFIG;
 
        // Make sure by the user registered URLs are always pending
@@ -116,6 +116,7 @@ function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode=
                'frametester' => FRAMETESTER($url),
                'uid'         => $uid,
                'reward'      => $reward,
+               'payment_id'  => $paymentId,
                'status'      => $status
        );
 
@@ -141,11 +142,12 @@ function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode=
 // Inserts an url by given data array and return the insert id
 function SURFBAR_INSERT_URL_BY_ARRAY ($urlData) {
        // Just run the insert query for now
-       SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid, url, reward, status) VALUES(%s, '%s', %s, '%s')",
+       SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid, url, reward, payment_id, status) VALUES(%s, '%s', %s, %s, '%s')",
                array(
                        bigintval($urlData['uid']),
-                       bigintval($urlData['url']),
+                       $urlData['url'],
                        (float)$urlData['reward'],
+                       bigintval($urlData['payment_id']),
                        $urlData['status']
                ), __FILE__, __LINE__
        );
@@ -201,5 +203,281 @@ function SURFBAR_TRANSLATE_STATUS ($status) {
        // Return result
        return $statusTranslated;
 }
+// Determine right template name
+function SURFBAR_DETERMINE_TEMPLATE_NAME() {
+       // Default is the frameset
+       $templateName = "surfbar_frameset";
+
+       // Any frame set? ;-)
+       if (isset($_GET['frame'])) {
+               // Use the frame as a template name part... ;-)
+               $templateName = sprintf("surfbar_frame_%s",
+                       SQL_ESCAPE($_GET['frame'])
+               );
+       } // END - if
+
+       // Return result
+       return $templateName;
+}
+// Check if the "reload lock" of the current user is full
+function SURFBAR_CHECK_RELOAD_FULL() {
+       global $SURFBAR_DATA, $_CONFIG;
+
+       // Default is full!
+       $isFull = true;
+
+       // Do we have static or dynamic mode?
+       if ($_CONFIG['surfbar_pay_model'] == "STATIC") {
+               // Cache static reload lock
+               $SURFBAR_DATA['surf_lock'] = $_CONFIG['surfbar_static_lock'];
+
+               // Ask the database
+               $result = SQL_QUERY_ESC("SELECT COUNT(id) AS cnt FROM "._MYSQL_PREFIX."_surfbar_locks
+WHERE userid=%s AND (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") < UNIX_TIMESTAMP(last_surfed)
+LIMIT 1",
+                       array($GLOBALS['userid']), __FILE__, __LINE__
+               );
+
+               // Fetch row
+               list($SURFBAR_DATA['user_locks']) = SQL_FETCHROW($result);
+
+               // Is it null?
+               if (is_null($SURFBAR_DATA['user_locks'])) {
+                       // Then fix it to zero!
+                       $SURFBAR_DATA['user_locks'] = 0;
+               } // END - if
+
+               // Free result
+               SQL_FREERESULT($result);
+
+               // Get total URLs
+               $total = SURFBAR_GET_TOTAL_URLS();
+
+               // Do we have some URLs in lock? Admins can always surf on own URLs!
+               $isFull = (($SURFBAR_DATA['user_locks'] == $total) && ($total > 0));
+       } else {
+               // Dynamic model...
+               die("DYNAMIC not yet implemented!");
+       }
+
+       // Return result
+       return $isFull;
+}
+// Get total amount of URLs of given status for current user or of CONFIRMED URLs by default
+function SURFBAR_GET_TOTAL_URLS ($status="CONFIRMED") {
+       // Get amount from database
+       $result = SQL_QUERY_ESC("SELECT COUNT(id) AS cnt
+FROM "._MYSQL_PREFIX."_surfbar_urls
+WHERE userid != %d AND status='%s'",
+               array($GLOBALS['userid'], $status), __FILE__, __LINE__
+       );
+
+       // Fetch row
+       list($cnt) = SQL_FETCHROW($result);
+
+       // Free result
+       SQL_FREERESULT($result);
+
+       // Return result
+       return $cnt;
+}
+// Generate a validation code for the given id number
+function SURFBAR_GENERATE_VALIDATION_CODE ($id, $salt="") {
+       global $_CONFIG, $SURFBAR_DATA;
+
+       // Generate a code until the length matches
+       $valCode = "";
+       while (strlen($valCode) != $_CONFIG['code_length']) {
+               // Is the salt set?
+               if (empty($salt)) {
+                       // Generate random hashed string
+                       $SURFBAR_DATA['salt'] = sha1(GEN_PASS(255));
+               } else {
+                       // Use this as salt!
+                       $SURFBAR_DATA['salt'] = $salt;
+               }
+               //* DEBUG: */ echo "*".$SURFBAR_DATA['salt']."*<br />\n";
+
+               // ... and now the validation code
+               $valCode = GEN_RANDOM_CODE($_CONFIG['code_length'], sha1(SURFBAR_GET_DATA('salt').":".$id), $GLOBALS['userid']);
+               //* DEBUG: */ echo "valCode={$valCode}<br />\n";
+       } // END - while
+
+       // Hash it with md5() and salt it with the random string
+       $hashedCode = generateHash(md5($valCode), SURFBAR_GET_DATA('salt'));
+
+       // Finally encrypt it PGP-like and return it
+       return generatePassString($hashedCode);
+}
+// Check validation code
+function SURFBAR_CHECK_VALIDATION_CODE ($id, $check, $salt) {
+       global $SURFBAR_DATA;
+
+       // Secure id number
+       $id = bigintval($id);
+
+       // Now generate the code again
+       $code = SURFBAR_GENERATE_VALIDATION_CODE($id, $salt);
+
+       // Return result of checking hashes and salts
+       //* DEBUG: */ echo "--- ".$code."<br />\n--- ".$check."<br />\n";
+       //* DEBUG: */ echo "+++ ".$salt."<br />\n+++ ".SURFBAR_GET_DATA('last_salt')."<br />\n";
+       return (($code == $check) && ($salt == SURFBAR_GET_DATA('last_salt')));
+}
+// Lockdown the userid/id combination (reload lock)
+function SURFBAR_LOCKDOWN_ID ($id) {
+       // Just add it to the database
+       SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_locks (userid, url_id) VALUES(%s, %s)",
+               array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__);
+}
+// Pay points to the user and remove it from the sender
+function SURFBAR_PAY_POINTS ($id) {
+       global $SURFBAR_DATA, $_CONFIG;
+
+       // Re-configure ref-system to surfbar levels
+       $_CONFIG['db_percents'] = "percent";
+       $_CONFIG['db_table']    = "surfbar_reflevels";
+
+       // Book it to the user
+       ADD_POINTS_REFSYSTEM($GLOBALS['userid'], $SURFBAR_DATA['reward']);
+
+       // Remove it from the URL owner
+       SUB_POINTS($SURFBAR_DATA['userid'], $SURFBAR_DATA['reward']);
+}
+// Update the salt for validation
+function SURFBAR_UPDATE_SALT() {
+       global $SURFBAR_DATA;
+
+       // Simply store the salt from cache away in database...
+       SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_surfbar_urls SET last_salt='%s', views_total=views_total+1 WHERE id=%s LIMIT 1",
+               array(SURFBAR_GET_DATA('salt'), SURFBAR_GET_DATA('id')), __FILE__, __LINE__);
+
+       // Return if the update was okay
+       return (SQL_AFFECTEDROWS() == 1);
+}
+// Determine next id for surfbar view, always call this before you call other
+// getters below this function!!!
+function SURFBAR_GET_NEXT_ID ($id = 0) {
+       global $SURFBAR_DATA, $_CONFIG;
+
+       // Default is no id!
+       $nextId = 0;
+
+       // Is the ID set?
+       if ($id == 0) {
+               // Set max random factor to total URLs minus 1
+               $maxRand = SURFBAR_GET_TOTAL_URLS() - 1;
+
+               // Generate random number
+               $randNum = mt_rand(0, $maxRand);
+
+               // And query the database
+               $result = SQL_QUERY_ESC("SELECT sb.id, sb.userid, sb.url, sb.last_salt, sb.reward, sb.views_total, p.time, UNIX_TIMESTAMP(l.last_surfed) AS last_surfed
+FROM "._MYSQL_PREFIX."_surfbar_urls AS sb
+LEFT JOIN "._MYSQL_PREFIX."_payments AS p
+ON sb.payment_id=p.id
+LEFT JOIN "._MYSQL_PREFIX."_surfbar_locks AS l
+ON sb.id=l.url_id
+WHERE sb.userid != %d AND sb.status='CONFIRMED' AND (l.last_surfed IS NULL OR (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") >= UNIX_TIMESTAMP(l.last_surfed))
+ORDER BY l.last_surfed DESC, sb.last_salt ASC, sb.id ASC
+LIMIT %d,1",
+                       array($GLOBALS['userid'], $randNum), __FILE__, __LINE__
+               );
+       } else {
+               // Get data from specified id number
+               $result = SQL_QUERY_ESC("SELECT sb.id, sb.userid, sb.url, sb.last_salt, sb.reward, sb.views_total, p.time
+FROM "._MYSQL_PREFIX."_surfbar_urls AS sb
+LEFT JOIN "._MYSQL_PREFIX."_payments AS p
+ON sb.payment_id=p.id
+WHERE sb.userid != %s AND sb.status='CONFIRMED' AND sb.id=%s
+LIMIT 1",
+                       array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__
+               );
+       }
+
+       // Is there an id number?
+       if (SQL_NUMROWS($result) == 1) {
+               // Load/cache data
+               //* DEBUG: */ echo "*".count($SURFBAR_DATA)."*<br />\n";
+               $SURFBAR_DATA = merge_array($SURFBAR_DATA, SQL_FETCHARRAY($result));
+               //* DEBUG: */ echo "*".count($SURFBAR_DATA)."*<br />\n";
+
+               // Is the time there?
+               if (is_null($SURFBAR_DATA['time'])) {
+                       // Then repair it wit the static!
+                       $SURFBAR_DATA['time'] = $_CONFIG['surfbar_static_time'];
+               } // END - if
+
+               // Fix missing last_surfed
+               if ((!isset($SURFBAR_DATA['last_surfed'])) || (is_null($SURFBAR_DATA['last_surfed']))) {
+                       // Fix it here
+                       $SURFBAR_DATA['last_surfed'] = "0";
+               } // END - if
+
+               // Are we in static mode?
+               if ($_CONFIG['surfbar_pay_model'] == "STATIC") {
+                       // Then use static reward!
+                       $SURFBAR_DATA['reward'] = $_CONFIG['surfbar_static_reward'];
+               } else {
+                       // Calculate dynamic reward and add it
+                       $SURFBAR_DATA['reward'] += SURFBAR_CALCULATE_DYNAMIC_REWARD_ADD();
+               }
+
+               // Now get the id
+               $nextId = SURFBAR_GET_DATA('id');
+       } // END - if
+
+       // Free result
+       SQL_FREERESULT($result);
+
+       // Return result
+       //* DEBUG: */ echo "nextId={$nextId}<br />\n";
+       return $nextId;
+}
+// ----------------------------------------------------------------------------
+// PLEASE DO NOT ADD ANY OTHER FUNCTIONS BELOW THIS LINE ELSE THEY "WRAP" THE
+// $SURFBAR_DATA ARRAY!
+// ----------------------------------------------------------------------------
+// Private getter for data elements
+function SURFBAR_GET_DATA ($element) {
+       global $SURFBAR_DATA;
+
+       // Default is null
+       $data = null;
+
+       // Is the entry there?
+       if (isset($SURFBAR_DATA[$element])) {
+               // Then take it
+               $data = $SURFBAR_DATA[$element];
+       } else { // END - if
+               print("<pre>");
+               print_r($SURFBAR_DATA);
+               debug_print_backtrace();
+               die("</pre>");
+       }
+
+       // Return result
+       return $data;
+}
+// Getter for reward from cache
+function SURFBAR_GET_REWARD () {
+       // Get data element and return its contents
+       return SURFBAR_GET_DATA('reward');
+}
+// Getter for URL from cache
+function SURFBAR_GET_URL () {
+       // Get data element and return its contents
+       return SURFBAR_GET_DATA('url');
+}
+// Getter for user reload locks
+function SURFBAR_GET_USER_RELOAD_LOCK () {
+       // Get data element and return its contents
+       return SURFBAR_GET_DATA('user_locks');
+}
+// Getter for reload time
+function SURFBAR_GET_RELOAD_TIME () {
+       // Get data element and return its contents
+       return SURFBAR_GET_DATA('time');
+}
 //
 ?>
index cdad73540e39b1d1301eba61d418dee402cbe77a..bf4b34326bd954da0ed558dd4af1158d0ce03a4d 100644 (file)
@@ -145,25 +145,26 @@ if ($cacheInstance->cache_file("mod_reg", true) == true) {
                unset($cacheArray['modules']);
        } else {
                // Rewrite module cache
-               $MOD = $cacheArray['modules'];
-               foreach ($cacheArray['modules']['module'] as $key=>$mod) {
-                       $cacheArray['modules']['id'][$mod] = $cacheArray['modules']['id'][$key];
+               $modArray = $cacheArray['modules'];
+               foreach ($modArray['module'] as $key=>$mod) {
+                       $cacheArray['modules']['id'][$mod] = $modArray['id'][$key];
                        unset($cacheArray['modules']['id'][$key]);
-                       $cacheArray['modules']['title'][$mod] = $cacheArray['modules']['title'][$key];
+                       $cacheArray['modules']['title'][$mod] = $modArray['title'][$key];
                        unset($cacheArray['modules']['title'][$key]);
-                       $cacheArray['modules']['locked'][$mod] = $cacheArray['modules']['locked'][$key];
+                       $cacheArray['modules']['locked'][$mod] = $modArray['locked'][$key];
                        unset($cacheArray['modules']['locked'][$key]);
-                       $cacheArray['modules']['hidden'][$mod] = $cacheArray['modules']['hidden'][$key];
+                       $cacheArray['modules']['hidden'][$mod] = $modArray['hidden'][$key];
                        unset($cacheArray['modules']['hidden'][$key]);
-                       $cacheArray['modules']['admin_only'][$mod] = $cacheArray['modules']['admin_only'][$key];
+                       $cacheArray['modules']['admin_only'][$mod] = $modArray['admin_only'][$key];
                        unset($cacheArray['modules']['admin_only'][$key]);
-                       $cacheArray['modules']['mem_only'][$mod] = $cacheArray['modules']['mem_only'][$key];
+                       $cacheArray['modules']['mem_only'][$mod] = $modArray['mem_only'][$key];
                        unset($cacheArray['modules']['mem_only'][$key]);
                        if (isset($cacheArray['modules']['has_menu'][$key])) {
-                               $cacheArray['modules']['has_menu'][$mod] = $cacheArray['modules']['has_menu'][$key];
+                               $cacheArray['modules']['has_menu'][$mod] = $modArray['has_menu'][$key];
                                unset($cacheArray['modules']['has_menu'][$key]);
                        } // END - if
                }
+               unset($modArray);
        }
 } elseif (($_CONFIG['cache_modreg'] == "Y") && ($CSS != "1") && ($CSS != "-1")) {
        // Create cache file here
@@ -208,6 +209,7 @@ if ($cacheInstance->cache_file("config", true) == true) {
 
        // Overwrite the config with the cache version
        $cacheArray['config'] = $newCache;
+       unset($newCache);
 
        // When there is a period (.) in the result this test will fail and so the cache file is
        // damaged/corrupted
index ce4573232abf5b6f973049bc107377e9c11ed087..44991df0be5c6910a26d099bca5bc214565f8fdd 100644 (file)
@@ -123,7 +123,7 @@ if (!empty($SQL))
                {
                        // Update account
                        $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
-SET beg_ral_notify='%s', beg_ral_%s_notify='%s' WHERE userid=%d LIMIT 1",
+SET beg_ral_notify='%s', beg_ral_%s_notify='%s' WHERE userid=%s LIMIT 1",
  array(time(), $MODE, time(), $uid), __FILE__, __LINE__);
 
                        // Load email template and send it to the user!
index d0faabfc5e919e0d4b1d3a5947eaf73ffe66e125..0d3e2ef4a2c3a20768587ef21c3bc02d91ab9f88 100644 (file)
@@ -62,7 +62,7 @@ if (($_CONFIG['birthday_active']) && (EXT_IS_ACTIVE("autopurge")) && ($_CONFIG['
 // Only confirmed members shall receive birthday mails...
 $result_birthday = SQL_QUERY_ESC("SELECT userid, email, birth_year
 FROM "._MYSQL_PREFIX."_user_data
-WHERE status='CONFIRMED' AND birth_day=%d AND birth_month=%d AND birthday_sent < ".(time() - (ONE_DAY*364)).$ADD."
+WHERE status='CONFIRMED' AND birth_day=%s AND birth_month=%s AND birthday_sent < ".(time() - (ONE_DAY*364)).$ADD."
 ORDER BY userid",
  array($DAY, $MONTH, $VALUE), __FILE__, __LINE__);
 
@@ -108,7 +108,7 @@ if (SQL_NUMROWS($result_birthday) > 0)
                SEND_EMAIL($email, HAPPY_BIRTHDAY, $msg);
 
                // Remember him that he has received a birthday mail
-               $result_bd = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET birthday_sent=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+               $result_bd = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET birthday_sent=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
                 array(bigintval($uid)), __FILE__, __LINE__);
        }
 
index 198419d4d8dcbc3d2219b0bfbfaf47dbf905e901..43a382dbeaf31dfa9cbfdde6117568561e386643 100644 (file)
@@ -108,7 +108,7 @@ if (!empty($SQL))
                {
                        // Update account
                        $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
-SET bonus_ral_notify='%s', bonus_ral_%s_notify='%s' WHERE userid=%d LIMIT 1",
+SET bonus_ral_notify='%s', bonus_ral_%s_notify='%s' WHERE userid=%s LIMIT 1",
  array(time(), $MODE, time(), $uid), __FILE__, __LINE__);
 
                        // Load email template and send it to the user!
index 458f1bcdae81eb3627bbaa28b16dd9dded2b9e48..604abdf9b43ebb5d0d7165d1579b0d28cdb02bb4 100644 (file)
@@ -310,13 +310,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                // Load logout template
                if (isset($_GET['register'])) {
                        // Secure input
-                       $register = secureString(SQL_ESCAPE($_GET['register']));
+                       $register = SQL_ESCAPE($_GET['register']);
 
                        // Special logout redirect for installation of given extension
                        LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
                } elseif (isset($_GET['remove'])) {
                        // Secure input
-                       $remove = secureString(SQL_ESCAPE($_GET['remove']));
+                       $remove = SQL_ESCAPE($_GET['remove']);
 
                        // Special logout redirect for removal of given extension
                        LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
index 0a5b93e134e771de3ff7a5fef891bdc4b539b293..7ef2e0aa551460bf65d5528565237463dca36aba 100644 (file)
@@ -666,17 +666,18 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con
 }
 //
 function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") {
+       // Open the requested menu directory
+       $handle = opendir(sprintf("%sinc/modules/%s/", PATH, $menu)) or mxchange_die("Cannot load menu ".$menu."!");
+
        // Init the selection box
        $OUT = "<SELECT name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <OPTION value=\"\">".IS_TOP_MENU."</OPTION>\n";
-
-       // Open the requested menu directory
-       $handle = opendir(PATH."inc/modules/".$menu."/") or mxchange_die("Cannot load menu ".$menu."!");
+       // Walk through all files
        while ($file = readdir($handle)) {
                // Is this a PHP script?
                if (($file != ".") && ($file != "..") && ($file != "lost+found") && (strpos($file, "".$type."-") > -1) && (strpos($file, ".php") > 0)) {
                        // Then test if the file is readable
-                       $test = PATH."inc/modules/".$menu."/".$file;
-                       if (is_readable($test)) {
+                       $test = sprintf("%sinc/modules/%s/%s", PATH, $menu, $file);
+                       if ((is_file($test)) && (is_readable($test))) {
                                // Extract the value for what=xxx
                                $part = substr($file, (strlen($type) + 1)); $part = substr($part, 0, strpos($part, ".php"));
 
@@ -685,9 +686,9 @@ function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") {
                                        $OUT .= "       <OPTION value=\"".$part."\"";
                                        if ($part == $default) $OUT .= "selected";
                                        $OUT .= ">".$part."</OPTION>\n";
-                               }
-                       }
-               }
+                               } // END - if
+                       } // END - if
+               } // END - if
        }
        closedir($handle);
        $OUT .= "</SELECT>\n";
@@ -756,7 +757,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") {
                        // Should always be 1 ;-)
                        if ($selected == 1) {
                                // Determine new status
-                               $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1",
                                        array($row, $table, $idRow, $id), __FILE__, __LINE__);
 
                                // Row found?
@@ -766,7 +767,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") {
                                        if ($currStatus == "Y") $newStatus='N'; else $newStatus = "Y";
 
                                        // Change this status
-                                       SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%d LIMIT 1",
+                                       SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%s LIMIT 1",
                                                array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__);
 
                                        // Count up affected rows
index 7f0f3416ba3b5fd8fa0be48e59f4feb68227ce9c..6fdcafcf5676fbf3118d78782da0a6f2acfdf847 100644 (file)
@@ -173,7 +173,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                // Assign / do tasks
                $OUT = ""; $SW = 2;
                foreach ($_POST['task'] as $id=>$sel) {
-                       $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
+                       $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
                         array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result_task) == 1) {
                                // Task is valid...
@@ -182,7 +182,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
 
                                if ($aid == "0") {
                                        // Assgin current admin to unassgigned task
-                                       $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%d LIMIT 1",
+                                       $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%s LIMIT 1",
                                         array(GET_ADMIN_ID(get_session('admin_login')), bigintval($tid)), __FILE__, __LINE__);
                                }
 
@@ -194,7 +194,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                }
 
                                if ($uid > 0) {
-                                       $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                                       $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                         array(bigintval($uid)), __FILE__, __LINE__);
                                        if (SQL_NUMROWS($result_user) == 1)
                                        {
@@ -292,7 +292,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                                // Close task but not already closes or deleted or update tasks
                                                if (($status != "CLOSED") && ($status != "DELETED") && ($type != "EXTENSION_UPDATE"))
                                                {
-                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                                         array(bigintval($tid)), __FILE__, __LINE__);
                                                }
                                        }
@@ -304,7 +304,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
 
                                        // Close task
                                        if (($status != "CLOSED") && ($status != "DELETED")) {
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                                 array(bigintval($tid)), __FILE__, __LINE__);
                                        }
                                        break;
@@ -322,7 +322,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                        if (EXT_IS_ACTIVE("payout"))
                                        {
                                                // Extension is installed so let him send a notification to the user
-                                               $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%d AND payout_timestamp=%d LIMIT 1",
+                                               $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%s AND payout_timestamp=%s LIMIT 1",
                                                 array(bigintval($uid), bigintval($created)), __FILE__, __LINE__);
                                                list($pid) = SQL_FETCHROW($result_pay);
                                                SQL_FREERESULT($result_pay);
@@ -353,7 +353,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                        if (EXT_IS_ACTIVE("wernis"))
                                        {
                                                // Extension is installed so let him send a notification to the user
-                                               $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%d AND wernis_timestamp=%d LIMIT 1",
+                                               $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%s AND wernis_timestamp=%s LIMIT 1",
                                                 array(bigintval($uid), bigintval($created)), __FILE__, __LINE__);
                                                list($pid) = SQL_FETCHROW($result_pay);
                                                SQL_FREERESULT($result_pay);
@@ -385,7 +385,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                        break;
 
                                case "NL_UNSUBSCRIBE": // Newsletter unsubscriptions
-                                       $result = SQL_QUERY_ESC("SELECT nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                         array(bigintval($uid)), __FILE__, __LINE__);
                                        list($span) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
@@ -431,7 +431,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                // Unassign from tasks
                                foreach ($_POST['task'] as $id=>$sel)
                                {
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%s AND assigned_admin='%s' LIMIT 1",
                                         array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                                }
                        }
@@ -440,7 +440,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                // Delete tasks
                                foreach ($_POST['task'] as $id=>$sel)
                                {
-                                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",
+                                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",
                                         array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                                }
                        }
index a71bb71c18e30bca856119593371af9b6ee5e58b..0d9ea9651d6a5c2c6e1a5cf5866801abe4678eea 100644 (file)
@@ -54,7 +54,7 @@ if ($_GET['u_id'] == "all")
                while (list($uid) = SQL_FETCHROW($result_main))
                {
                        // User ID found in URL so we use this give him some credits
-                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -65,7 +65,7 @@ if ($_GET['u_id'] == "all")
                                if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
                                {
                                        // Ok, add points and send an email to him...
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1",
                                         array($_POST['points'], bigintval($uid)), __FILE__, __LINE__);
 
                                        // Update mediadata as well
@@ -97,7 +97,7 @@ if ($_GET['u_id'] == "all")
  elseif (!empty($_GET['u_id']))
 {
        // User ID found in URL so we use this give him some credits
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -108,7 +108,7 @@ if ($_GET['u_id'] == "all")
                if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
                {
                        // Ok, add points and send an email to him...
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1",
                         array($_POST['points'], bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
                        // Remember points in constant
index 4b4970f406756fce00dc613107437203e843e233..18f9414b7710a9e35f26fe3c1b6970784f207590 100644 (file)
@@ -68,7 +68,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -117,7 +117,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -169,7 +169,7 @@ title='%s',
 action='%s',
 what='%s',
 descr='%s'
-WHERE ".$AND." AND id=%d LIMIT 1",
+WHERE ".$AND." AND id=%s LIMIT 1",
  array(
        $menu,
        $_POST['sel_action'][$sel],
@@ -184,7 +184,7 @@ WHERE ".$AND." AND id=%d LIMIT 1",
        case "del": // Delete menu
                foreach ($_POST['sel'] as $sel=>$menu)
                {
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_data_saved");
@@ -229,9 +229,9 @@ WHERE ".$AND." AND id=%d LIMIT 1",
                if ((!empty($tid)) && (!empty($fid)))
                {
                        // Sort menu
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
                }
        }
index 16bdb4ce122835b90cc84d6ff2a60287612e8702..31d92eaf701373a37bdab08dde42ff3dced41f1b 100644 (file)
@@ -52,7 +52,7 @@ if ((isset($_POST['ok'])) && (!empty($_GET['admin'])))
         else
        {
                // Load admin's email address
-               $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
                 array(bigintval($_GET['admin'])), __FILE__, __LINE__);
                list($email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index d10136d258657076558bb1cd3ac41284b7320623..7089670e0ee48f6fa7024cbf01c005d96ca35235 100644 (file)
@@ -129,7 +129,7 @@ ORDER BY m.admin_id, m.mail_template", __FILE__, __LINE__);
                                $aid = bigintval($aid);
 
                                // Update entry
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_mails SET admin_id=%d WHERE id=%d ORDER BY id LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_mails SET admin_id=%s WHERE id=%s ORDER BY id LIMIT 1",
                                 array($aid, $id), __FILE__, __LINE__);
 
                                if (($aid < 1) && (!empty($_POST['template'][$id])))
index c20a8c4f8fab4db9d9068871539a5b83c2534c28..d75a08ed75e9e2851d947594b362ed005704af1c 100644 (file)
@@ -50,7 +50,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
        foreach ($_POST['sel'] as $id=>$sel)
        {
                // Load data for the ID
-               $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($aid, $act, $wht, $mode) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -88,7 +88,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
                $id = bigintval($id);
 
                // Update entries
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%d, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
                 array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
        }
 
@@ -108,7 +108,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
        foreach ($_POST['sel'] as $id=>$sel)
        {
                // Load data for the ID
-               $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($admin, $act, $wht, $mode) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -156,7 +156,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
        // Remove entries
        foreach ($_POST['sel'] as $id=>$sel)
        {
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
                 array(bigintval($id)),__FILE__, __LINE__);
        }
 
@@ -172,7 +172,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
  elseif (isset($_POST['add']))
 {
        // Check if everything is fine...
-       $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
         array(bigintval($_POST['admin_id'])), __FILE__, __LINE__);
        list($mode) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -192,7 +192,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
                if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH))
                {
                        // Main or sub menu selected
-                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' AND what_menu='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
                         array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 0)
                        {
index df24b85e898c153305e6d0fe534dc3899bed04a7..59b6eae39fadc27407e91ed05ae85675ecb20e37 100644 (file)
@@ -76,15 +76,15 @@ if (isset($_POST['add'])) {
                        switch ($_GET['do'])
                        {
                        case "edit": // Change categories
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%d WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%s WHERE id=%s LIMIT 1",
                                 array($cat, $_POST['vis'][$id], $_POST['sort'][$id], $id), __FILE__, __LINE__);
                                $TEXT = CATEGORIES_SAVED;
                                break;
 
                        case "del": // Delete categories
-                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
                                 array($id), __FILE__, __LINE__);
-                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d",
+                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s",
                                 array($id), __FILE__, __LINE__);
                                $TEXT = CATEGORIES_DELETED;
                                break;
@@ -107,7 +107,7 @@ if (isset($_POST['add'])) {
        foreach ($_POST['sel'] as $id=>$value)
        {
                // Load data of category
-               $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($cat) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -133,7 +133,7 @@ if (isset($_POST['add'])) {
        foreach ($_POST['sel'] as $id=>$value)
        {
                // Load data from the category
-               $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($cat, $vis, $sort) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index 176e5f991b89ffde313dfcb268f17b9479745af1..fcc868b16ca02210aecc4eca4952c316bea3b9a7 100644 (file)
@@ -72,13 +72,13 @@ if (isset($_POST['add_max'])) {
                switch ($_GET['do'])
                {
                case "edit": // Change entries
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%s LIMIT 1",
                         array(bigintval($_POST['val'][$id]), $_POST['comm'][$id], $id),__FILE__, __LINE__);
                        $TEXT = MRECEIVE_SAVED;
                        break;
 
                case "del":
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                        $TEXT = MRECEIVE_DELETED;
                        break;
@@ -95,7 +95,7 @@ if (isset($_POST['add_max'])) {
        foreach ($_POST['sel'] as $id=>$value)
        {
                // Load data
-               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($value, $comment) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -121,7 +121,7 @@ if (isset($_POST['add_max'])) {
        $SW = 2; $OUT = "";
        foreach ($_POST['sel'] as $id=>$value) {
                // Load data
-               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($value, $comment) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index 8878c9ad5ac6ae06cfe1e7b037d362d564fe10b3..997f0de016ffa3bd8cbe61c5371377959d2c9098 100644 (file)
@@ -54,7 +54,7 @@ if (isset($_POST['edit']))
                foreach ($_POST['sel'] as $id=>$sel)
                {
                        // Load module data
-                       $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($mod, $title, $locked, $hidden, $admin, $mem) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -99,7 +99,7 @@ if (isset($_POST['edit']))
                $id = bigintval($id);
 
                // Update module
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%s LIMIT 1",
                 array($_POST['title'][$id], $_POST['locked'][$id], $_POST['hidden'][$id], $_POST['admin'][$id], $_POST['member'][$id], $id),  __FILE__, __LINE__);
        }
 
index 93074ff03e0ba439f8463c51d3c0020464ae01dd..85f05c5466c0718bd7e9e185e1ea15c54ccb737a 100644 (file)
@@ -98,8 +98,8 @@ if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
                                // Update entry
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_payout_types SET
 type='%s',
-rate=%d,
-min_points=%d,
+rate=%s,
+min_points=%s,
 allow_url='%s'
 WHERE id='".$id."' LIMIT 1",
  array(
@@ -119,7 +119,7 @@ WHERE id='".$id."' LIMIT 1",
                foreach ($_POST['sel'] as $id=>$sel)
                {
                        // Load data
-                       $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($title, $rate, $mpoi, $allow) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -152,7 +152,7 @@ WHERE id='".$id."' LIMIT 1",
                // Delete entries
                foreach ($_POST['sel'] as $id=>$sel)
                {
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
                $msg = ADMIN_PAYOUT_ENTRIES_DELETED;
@@ -167,7 +167,7 @@ WHERE id='".$id."' LIMIT 1",
                        $id = bigintval($id);
 
                        // Load data
-                       $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                        list($title, $rate, $mpoi) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
index f9728a8ff2cc28f2c50620cc2a240f0dc0ac23ed..b11990bec1aca02cdd27ff76bc657f306d32cef7 100644 (file)
@@ -95,7 +95,7 @@ if (isset($_POST['ok']))
                                $id = bigintval($id);
 
                                // Update entry
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refdepths SET level='%s', percents='%s' WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refdepths SET level='%s', percents='%s' WHERE id=%s LIMIT 1",
                                 array(bigintval($value), $_POST['perc'][$id], $id), __FILE__, __LINE__);
                        }
                        $TEXT = REF_DEPTHS_SAVED;
@@ -104,7 +104,7 @@ if (isset($_POST['ok']))
                case "del":
                        foreach ($_POST['id'] as $id=>$value)
                        {
-                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
                        }
                        $TEXT = REF_DEPTHS_DELETED;
@@ -123,7 +123,7 @@ if (isset($_POST['ok']))
                $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_config SET
 allow_direct_pay='%s',
 reg_points_mode='%s',
-ref_payout='%d'
+ref_payout='%s'
 WHERE config=0 LIMIT 1",
  $_POST['allow_direct_pay'],
  $_POST['reg_points_mode'],
@@ -132,8 +132,8 @@ WHERE config=0 LIMIT 1",
                if (($_CONFIG['ref_payout'] == 0) && ($_POST['ref_payout'] > 0))
                {
                        // Update account's ref_payout for "must-confirm"
-                       $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=(%d - mails_confirmed)
-WHERE mails_confirmed < %d", $REF, $REF);
+                       $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=(%s - mails_confirmed)
+WHERE mails_confirmed < %s", $REF, $REF);
                }
                 elseif (($_CONFIG['ref_payout'] > 0) && ($_POST['ref_payout'] == 0))
                {
@@ -219,7 +219,7 @@ WHERE mails_confirmed < %d", $REF, $REF);
                $SW = 2; $OUT = "";
                foreach ($_POST['sel'] as $id=>$value)
                {
-                       $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($lvl, $perc) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -247,7 +247,7 @@ WHERE mails_confirmed < %d", $REF, $REF);
                $SW = 2; $OUT = "";
                foreach ($_POST['sel'] as $id=>$value)
                {
-                       $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($lvl, $perc) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
index 0d3faf764b7b37536cd53e6650cd07aab6e32211..de11145ca2df8b28b28f356c700dba9794eb9525 100644 (file)
@@ -48,7 +48,7 @@ if (!empty($_GET['rallye']))
                if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
                {
                        // Submitted data is valid, but maybe we already have this price level?
-                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d AND price_level='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
                         array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
 
                        if (SQL_NUMROWS($result) == 0)
@@ -83,7 +83,7 @@ VALUES ('%s', '%s', '%s', '%s')",
                        // Delete selected entries
                        foreach ($_POST['sel'] as $id=>$sel)
                        {
-                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
                        }
 
@@ -104,7 +104,7 @@ VALUES ('%s', '%s', '%s', '%s')",
                        $id = bigintval($id);
 
                        // Update entry
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%d, price_level='%s', points='%s', info='%s' WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
                         array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
                }
 
@@ -123,7 +123,7 @@ VALUES ('%s', '%s', '%s', '%s')",
                        foreach ($_POST['sel'] as $id=>$sel)
                        {
                                // Load data to selected rallye
-                               $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
                                list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
@@ -168,7 +168,7 @@ VALUES ('%s', '%s', '%s', '%s')",
                        foreach ($_POST['sel'] as $id=>$sel)
                        {
                                // Load data to selected rallye
-                               $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
                                list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
@@ -206,7 +206,7 @@ VALUES ('%s', '%s', '%s', '%s')",
         else
        {
                // A rallye was selected, so check if there are already prices assigned...
-               $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+               $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
                 array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
 
                if (SQL_NUMROWS($result) > 0)
index 55b411fb52ad82bc7ab72ce57aaa736ec7e0bd20..7da90e439dcbdee40e9242f5023875908599acd8 100644 (file)
@@ -46,7 +46,7 @@ if (isset($_POST['ok']))
 {
        foreach ($_POST['sel'] as $id=>$value)
        {
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_must_register SET field_required='%s' WHERE id=%d AND field_required != '%s' LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_must_register SET field_required='%s' WHERE id=%s AND field_required != '%s' LIMIT 1",
                 array($value, bigintval($id), $value),__FILE__, __LINE__);
        }
        LOAD_TEMPLATE("admin_settings_saved", false, REGISTER_ADMIN_CHANGES_SAVED);
index 19816688b55a6ebabdb094889ef16a3bc938914f..183410103e621a5710921a89ac93b9fb917fe17a 100644 (file)
@@ -45,7 +45,7 @@ ADD_DESCR("admin", basename(__FILE__));
 
 if (!empty($_GET['mid'])) {
        // Load email data
-       $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
         array(bigintval($_GET['mid'])), __FILE__, __LINE__);
 
        // Delete mail only once
@@ -75,14 +75,14 @@ if (!empty($_GET['mid'])) {
                SEND_EMAIL($sender, MEMBER_ORDER_DELETED, $msg_user);
 
                // Delete mail from queue
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                 array(bigintval($_GET['mid'])), __FILE__, __LINE__);
 
                // Fetch right stats_id from pool
                $result = SQL_QUERY_ESC("SELECT s.id FROM "._MYSQL_PREFIX."_user_stats AS s
 LEFT JOIN "._MYSQL_PREFIX."_pool AS p
 ON s.pool_id=p.id
-WHERE s.pool_id=%d LIMIT 1",
+WHERE s.pool_id=%s LIMIT 1",
  array(bigintval($_GET['mid'])), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Fetch stats id
@@ -92,7 +92,7 @@ WHERE s.pool_id=%d LIMIT 1",
                        SQL_FREERESULT($result);
 
                        // Get all user links
-                       $result = SQL_QUERY_ESC("SELECT COUNT(id) AS 'cnt' FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d",
+                       $result = SQL_QUERY_ESC("SELECT COUNT(id) AS 'cnt' FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s",
                                array(bigintval($stats_id)), __FILE__, __LINE__);
 
                        // Get unconfirmed links for calculation of total points
@@ -140,7 +140,7 @@ WHERE s.pool_id=%d LIMIT 1",
                        }
 
                        // Remove links from DB
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s",
                         array(bigintval($stats_id)), __FILE__, __LINE__);
 
                        // Output link for manually removing stats entry
@@ -152,12 +152,12 @@ WHERE s.pool_id=%d LIMIT 1",
        }
 } elseif (!empty($_GET['pid'])) {
        // Remove stats entries
-       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
         array(bigintval($_GET['pid'])), __FILE__, __LINE__);
        LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_USER_STATS_REMOVED);
 } elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) {
        // Load data from bonus mail
-       $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%d",
+       $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%s",
         array(bigintval($_GET['bid'])), __FILE__, __LINE__);
 
        // Delete mail only once
@@ -167,9 +167,9 @@ WHERE s.pool_id=%d LIMIT 1",
                SQL_FREERESULT($result);
 
                // Delete bonus mail entirely from database
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                 array(bigintval($_GET['bid'])), __FILE__, __LINE__);
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s",
                 array(bigintval($_GET['bid'])), __FILE__, __LINE__);
 
                // Prepare data for the template
index 26a98a80dfbb07519a131b4cb4fff79154533a92..f2b840e3fdf52d991a366e20d4420e49c33f6b64 100644 (file)
@@ -54,7 +54,7 @@ if ($SUM > 0)
                // Get the userid
                $result = SQL_QUERY_ESC("SELECT userid, holiday_start, holiday_end
 FROM "._MYSQL_PREFIX."_user_holidays
-WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
+WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // Load data and free memory
@@ -64,11 +64,11 @@ WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
                        // Update user's account
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
 SET holiday_active='N', holiday_activated='0'
-WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
 
                        // Remove holiday
                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays
-WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
+WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
 
                        // Prepare loaded data for the
                        $content = array(
@@ -92,7 +92,7 @@ WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
        // Fetch data
        $result_load = SQL_QUERY_ESC("SELECT holiday_start AS start, holiday_end AS end
 FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_load) == 1)
        {
                // Load data
@@ -104,7 +104,7 @@ WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
                // Delete one holiday request (for task)
                $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
                // Send email to user
                $msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, $_GET['u_id']);
index 27ace76a17cb7358e9ba9132f45761b1487e6be1..3c833ba359b211c6f983110acee66edb9f0eee0a 100644 (file)
@@ -50,9 +50,9 @@ if (isset($_POST['del']))
                // Delete entries...
                foreach ($_POST['sel'] as $id=>$sel)
                {
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_in WHERE trans_id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_in WHERE trans_id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_out WHERE trans_id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_out WHERE trans_id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
        }
index ba3d9e9c090c1df4cf266ebe258571dbaddcd7e3..c18b248419d4fbdc5699b82fc801cbd3ef32741b 100644 (file)
@@ -47,7 +47,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", "");
 if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason']))))
 {
        // Delete users account
-       $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_user) == 1)
        {
@@ -77,7 +77,7 @@ if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason']
  else
 {
        // Realy want to delete?
-       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
index 431c51881925f55357fa7742604b125cab03919d..ff86a369e1928aa44075ee31ff2565c734171537 100644 (file)
@@ -54,7 +54,7 @@ if (SQL_NUMROWS($result) > 0)
        if (isset($_POST['ok']))
        {
                // Make mail editable...
-               $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                 array(bigintval($_POST['id'])), __FILE__, __LINE__);
                list($subj, $text, $url) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -75,7 +75,7 @@ if (SQL_NUMROWS($result) > 0)
 subject='%s',
 text='%s',
 url='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
  array(
        addslashes($_POST['subj']),
        addslashes($_POST['text']),
index ea524158c7ccf010a82b1254d646e4a2012e9fa7..82e38399bb6e2c37a2a0f30c84bbb87888d4113f 100644 (file)
@@ -46,7 +46,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", "");
 $result_main = false;
 if (isset($_GET['u_id'])) {
        //                                    0      1        2         3      4     5      6       7         8          9           10         11
-       $result_main = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result_main = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 }
 
@@ -82,11 +82,11 @@ surname='%s',
 family='%s',
 street_nr='%s',
 country='%s',
-zip=%d,
+zip=%s,
 city='%s',
 email='%s'
 ".$ADD."
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
  array(
        substr($_POST['salut'], 0, 1),
        $_POST['surname'],
index 7e822c5dd8de5e2cc83e102f2fe6346ac8f215c0..7ec5a8febddb028e9e170f6015429ca83d20cd6d 100644 (file)
@@ -86,7 +86,7 @@ if (SQL_NUMROWS($result) > 0)
        while ($pool = SQL_FETCHROW($result))
        {
                // Check sent mails and clicks
-               $result_mails = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+               $result_mails = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
                 array(bigintval($pool[0])), __FILE__, __LINE__);
                list($sent, $clicks) = SQL_FETCHROW($result_mails);
                SQL_FREERESULT($result_mails);
index 190e808c924fdfd8c6e087a3b4f95c9346dd2a5a..2a765f9b3a9e51704413552e869d92f09f2cff78 100644 (file)
@@ -139,7 +139,7 @@ if (SQL_NUMROWS($result_list) > 0)
        while ($pool = SQL_FETCHROW($result_list))
        {
                // Unconfirmed mails and sent mails
-               $result_uncon = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+               $result_uncon = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
                 array(bigintval($pool[0])), __FILE__, __LINE__);
                list($sent, $clicks) = SQL_FETCHROW($result_uncon);
                SQL_FREERESULT($result_uncon);
index fb79f0a38a53a1242f6f77c021084e1f1f643b55..3d47fee1d9dde02ec61a4da5fb2bef42b603d7b7 100644 (file)
@@ -61,7 +61,7 @@ if (!empty($_GET['reg_ext'])) {
                        // De/activate extension
                        $ACT = "N"; $EXT_LOAD_MODE = "deactivate";
                        if ($active == "N") { $ACT = "Y"; $EXT_LOAD_MODE = "activate"; }
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%d AND ext_active='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%s AND ext_active='%s' LIMIT 1",
                         array(bigintval($id), $active), __FILE__, __LINE__);
 
                        // Run embeded SQL commands
@@ -83,11 +83,11 @@ if (!empty($_GET['reg_ext'])) {
                                $active = $_POST['active'][$id];
                                if (GET_EXT_VERSION("sql_patches") >= "0.0.6")  {
                                        // Update also CSS column when extensions sql_patches is newer or exact v0.0.6
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1",
                                         array($_POST['css'][$id], $active, $id), __FILE__, __LINE__);
                                } else {
                                        // When extension is older than v0.0.6 there is no column for the CSS information
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%s LIMIT 1",
                                         array($active, $id), __FILE__, __LINE__);
                                }
 
@@ -114,12 +114,12 @@ if (!empty($_GET['reg_ext'])) {
                        if (($sel == "Y") || ($sel == "N")) {
                                // Load required data
                                if (GET_EXT_VERSION("sql_patches") >= "0.0.6") {
-                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                                         array(bigintval($id)), __FILE__, __LINE__);
                                        list($name, $css, $active) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
                                } else {
-                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                                         array(bigintval($id)), __FILE__, __LINE__);
                                        list($name, $active) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
@@ -291,7 +291,7 @@ case "register": // Register new extension
        // Is the ID number valid and the task was found?
        if (($id > 0) && ($task_found == 1)) {
                // ID is valid so begin with registration, we first want to it's real name from task management (subject column)
-               $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($subj) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index ea87d80141b940fe37690ec949fe96ba1656bbfc..72736ee6265e96dd8b9fc7a5056d82dbf3c50408 100644 (file)
@@ -69,7 +69,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($query) == 1)
                        {
@@ -116,7 +116,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $query = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $query = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($query) == 1)
                        {
@@ -161,7 +161,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                        $sel = bigintval($sel);
 
                        // Update entry
-                       $query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_data_saved");
@@ -171,7 +171,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                foreach ($_POST['sel'] as $sel=>$menu)
                {
                        // Delete enty
-                       $query = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $query = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_data_saved");
@@ -184,7 +184,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                        $sel = bigintval($sel);
 
                        // Update entry
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_data_saved");
@@ -209,7 +209,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -279,9 +279,9 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ((!empty($tid)) && (!empty($fid)))
                {
                        // Sort menu
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
                }
        }
index b0d0fc960cbfbfa66c80eebc850311cec46d8299..9ec6e996f07e36e11e519371153aaca6e6f95c80 100644 (file)
@@ -45,7 +45,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", "");
 if (!empty($_GET['u_id']))
 {
        // Check if the user already exists
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -69,7 +69,7 @@ if (!empty($_GET['u_id']))
                        while (list($cid, $cat) = SQL_FETCHROW($result_cats))
                        {
                                // Check user's selection
-                               $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+                               $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
                                 array(bigintval($_GET['u_id']), bigintval($cid)), __FILE__, __LINE__);
 
                                // Set selection
index d694fdf927bb3be1f8d953ced41efa6e02e4d24f..16ceaef0bf65e6661699f66f2fa29efe8a2b8f2f 100644 (file)
@@ -107,7 +107,7 @@ if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr'
                foreach ($_POST['id'] as $id=>$status)
                {
                        // Load data from DB
-                       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
index 5d7a1b02b50c6f977b1b4803f3b90eccadaa757e..ba73c7223664198edd7d163db214250e47989b44 100644 (file)
@@ -47,7 +47,7 @@ if (empty($_GET['del'])) $_GET['del'] = "";
 
 if (!empty($_GET['u_id'])) {
        // Check if the user already exists
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
         // Is there an entry?
@@ -59,11 +59,11 @@ if (!empty($_GET['u_id'])) {
                // Grab user's all unconfirmed mails
                if (EXT_IS_ACTIVE("bonus")) {
                        // Load bonus ID
-                       $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+                       $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                } else {
                        // Load stats ID (2nd will be ignored later! But it is needed for the same fetchrow command)
-                       $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+                       $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                }
 
@@ -74,7 +74,7 @@ if (!empty($_GET['u_id'])) {
                        // Some unconfirmed mails left
                        if ($_GET['del'] == "all") {
                                // Delete all unconfirmed mails by this user
-                               $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d LIMIT %s",
+                               $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s LIMIT %s",
                                 array(bigintval($_GET['u_id']), $nums), __FILE__, __LINE__);
 
                                // Prepare mail and send it away
@@ -92,14 +92,14 @@ if (!empty($_GET['u_id'])) {
                                        switch ($type)
                                        {
                                        case "NORMAL":
-                                               $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+                                               $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
                                                 array(bigintval($id)), __FILE__, __LINE__);
                                                $type = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM;
                                                $LINK = "<A href=\"".URL."/mailid.php?uid=".$_GET['u_id']."&amp;mailid=".$id."\" target=\"_blank\">".$id."</A>";
                                                break;
 
                                        case "BONUS":
-                                               $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+                                               $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                                                 array(bigintval($id2)), __FILE__, __LINE__);
                                                $type = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM;
                                                $LINK = "<A href=\"".URL."/mailid.php?uid=".$_GET['u_id']."&amp;bonusid=".$id2."\" target=\"_blank\">".$id2."</A>";
index 58c998be0ac508b01970939e91cb14f9f7a40a02..93ec1c91a9d47f9f852f97cd26c0dcbd34308466 100644 (file)
@@ -45,11 +45,11 @@ if ((!empty($_POST['uid'])) && (!empty($_POST['id'])))
 {
        // Update database...
        // First user's account
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%s LIMIT 1",
         array(bigintval($_POST['uid'])), __FILE__, __LINE__);
 
        // Next the task system...
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
         array(bigintval($_POST['id'])), __FILE__, __LINE__);
 
        // Send mail to user
index 43f831436d98a81b7af9701a81256125368f3c23..737863132ab7aceaa04cf934894190ff6f74b906 100644 (file)
@@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__));
 if (!empty($_GET['pid']))
 {
        // First let's get the member's ID
-       $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
         array($_GET['pid']), __FILE__, __LINE__);
        list($uid, $tuid, $points, $tstamp, $tpass) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -52,7 +52,7 @@ if (!empty($_GET['pid']))
        if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0))
        {
                // Get task ID from database
-               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%d AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%s AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
                 array(bigintval($uid)), __FILE__, __LINE__);
                list($task) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -72,7 +72,7 @@ if (!empty($_GET['pid']))
        if ((!empty($task)) && (!empty($uid)) && ($uid > 0))
        {
                // Load user's data
-               $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(bigintval($uid)), __FILE__, __LINE__);
                list($email, $sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -86,7 +86,7 @@ if (!empty($_GET['pid']))
                        if (isset($_POST['ok']))
                        {
                                // Obtain payout type and other data
-                               $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
                                 array(bigintval($_GET['pid'])), __FILE__, __LINE__);
                                list($ptype) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
@@ -94,7 +94,7 @@ if (!empty($_GET['pid']))
                                if (!empty($ptype))
                                {
                                        // Obtain data from payout type
-                                       $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
                                         array(bigintval($ptype)), __FILE__, __LINE__);
                                        list($fuid, $fpass, $eurl, $eok, $failed, $eenc, $allow) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
@@ -136,12 +136,12 @@ if (!empty($_GET['pid']))
                                                // Clear task
                                                if ($task > 0)
                                                {
-                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                                         array(bigintval($task)),__FILE__, __LINE__);
                                                }
 
                                                // Clear payout request
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%s LIMIT 1",
                                                 array(bigintval($_GET['pid'])), __FILE__, __LINE__);
 
                                                // Send out mail
@@ -189,12 +189,12 @@ if (!empty($_GET['pid']))
                                if ($task > 0)
                                {
                                        // Clear task
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                         array(bigintval($task)), __FILE__, __LINE__);
                                }
 
                                // Clear payout request
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%s LIMIT 1",
                                 array(bigintval($_GET['pid'])), __FILE__, __LINE__);
 
                                // Send out mail
index f8f809a166e6668ed7ec7440ae0c38f117e7010c..aee3d15034f01867335af24c4eba27d2df25e0bc 100644 (file)
@@ -54,11 +54,11 @@ if (isset($_GET['rallye']))
                switch ($_GET['activate'])
                {
                case "1": // Activate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='Y' WHERE id=%d AND is_active='N' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='Y' WHERE id=%s AND is_active='N' LIMIT 1";
                        break;
 
                case "0": // Deactivate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='N' WHERE id=%d AND is_active='Y' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='N' WHERE id=%s AND is_active='Y' LIMIT 1";
                        break;
                }
        }
@@ -69,11 +69,11 @@ if (isset($_GET['rallye']))
                switch ($_GET['notify'])
                {
                case "1": // Activate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='Y' WHERE id=%d AND send_notify='N' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='Y' WHERE id=%s AND send_notify='N' LIMIT 1";
                        break;
 
                case "0": // Deactivate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='N' WHERE id=%d AND send_notify='Y' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='N' WHERE id=%s AND send_notify='Y' LIMIT 1";
                        break;
                }
        }
@@ -84,11 +84,11 @@ if (isset($_GET['rallye']))
                switch ($_GET['auto'])
                {
                case "1": // Activate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='Y' WHERE id=%d AND auto_add_new_user='N' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='Y' WHERE id=%s AND auto_add_new_user='N' LIMIT 1";
                        break;
 
                case "0": // Deactivate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='N' WHERE id=%d AND auto_add_new_user='Y' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='N' WHERE id=%s AND auto_add_new_user='Y' LIMIT 1";
                        break;
                }
        }
@@ -109,11 +109,11 @@ if (isset($_GET['rallye']))
                foreach ($_POST['sel'] as $id=>$sel)
                {
                        // Remove selected rallye entirely...
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
 
@@ -172,7 +172,7 @@ if (isset($_POST['edit']))
                foreach ($_POST['sel'] as $id=>$sel)
                {
                        // Load rallye basic data
-                       $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($title, $descr, $templ, $start, $end, $min_users, $min_prices) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -223,7 +223,7 @@ if (isset($_POST['edit']))
  elseif (($_GET['sub'] == "users") && ($_GET['rallye'] > 0))
 {
        // List users and their refs before start and current
-       $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d ORDER BY userid",
+       $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s ORDER BY userid",
         array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) > 0)
        {
@@ -287,11 +287,11 @@ ORDER BY start_time DESC",
                        $alogin = GET_ADMIN_LOGIN($aid);
 
                        // Count assigned prices
-                       $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d",
+                       $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s",
                         array(bigintval($id)), __FILE__, __LINE__);
 
                        // Count joined userids
-                       $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d",
+                       $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s",
                         array($id), __FILE__, __LINE__);
                        $joined = SQL_NUMROWS($result_user);
 
index 29b0b1ca789b61de9c3e88fec7d94a60da0b01fa..acfc839872e7536b12e31cd6bbf07c2baafccf37 100644 (file)
@@ -51,7 +51,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", "");
 if (!empty($_GET['u_id']))
 {
        // Check if the user already exists
-       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -59,9 +59,9 @@ if (!empty($_GET['u_id']))
                SQL_FREERESULT($result);
 
                // Loads surname, family's name and the email address
-               $result     = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d",
+               $result     = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s",
                 array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
-               $result_lck = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d AND status != 'CONFIRMED' ORDER BY userid",
+               $result_lck = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s AND status != 'CONFIRMED' ORDER BY userid",
                 array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                $menge      = SQL_RESULT($result    , 0, 0);
                $menge_lck  = SQL_RESULT($result_lck, 0, 0);
@@ -70,7 +70,7 @@ if (!empty($_GET['u_id']))
                SQL_FREERESULT($result);
                SQL_FREERESULT($result_lck);
 
-               $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email, status, joined FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d ORDER BY userid",
+               $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email, status, joined FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s ORDER BY userid",
                 array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
                OUTPUT_HTML(ADMIN_TOTAL_REFS_1."".ADMIN_USER_PROFILE_LINK($_GET['u_id'])."".ADMIN_TOTAL_REFS_2.$menge.ADMIN_TOTAL_REFS_3.$menge_lck.ADMIN_TOTAL_REFS_4."<br /><br />");
@@ -84,7 +84,7 @@ if (!empty($_GET['u_id']))
                                while ($row = SQL_FETCHROW($result))
                                {
                                        // Check for referrals
-                                       $result_refs = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d",
+                                       $result_refs = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s",
                                         array(bigintval($row[0])), __FILE__, __LINE__);
                                        $refs_cnt = SQL_RESULT($result_refs, 0, 0);
                                        SQL_FREERESULT($result_refs);
index a4c2c82f766bad2a82d124265d80b2daf8c878a8..5ac8fff0b1f45e0df1878483ad575b3524eda804 100644 (file)
@@ -103,7 +103,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L
                                // Unassign from tasks
                                foreach ($_POST['task'] as $id=>$sel)
                                {
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%s AND assigned_admin='%s' LIMIT 1",
                                         array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                                }
                        }
@@ -115,13 +115,13 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L
                                        if ($_GET['type'] == "deleted")
                                        {
                                                // Delete task immediately
-                                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1",
                                                 array(bigintval($id)),__FILE__, __LINE__);
                                        }
                                         else
                                        {
                                                // Mark task as to be deleted (purged by autppurge extension)
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='DELETED' WHERE id=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='DELETED' WHERE id=%s LIMIT 1",
                                                 array(bigintval($id)), __FILE__, __LINE__);
                                        }
                                }
index a4cfc7b654f6e698a546159b0db7d32df517c7de..1c763694f52bbb4d87af433f5f46d851241c6ca9 100644 (file)
@@ -158,9 +158,9 @@ WHERE l.%s='%s' ORDER BY l.userid LIMIT %s",
         elseif ($_GET['mid'] > 0)
        {
                // Data in pool or in user_stats not found, so let's find out where data is missing
-               $result1 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+               $result1 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                 array(bigintval($ID)), __FILE__, __LINE__);
-               $result2 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+               $result2 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
                 array(bigintval($ID)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result1) == 1)
                {
index 0199638d136c39047917a5c705bbfdc684290b5e..f8f5982e0df91eefd9180a1c5883d981428958f8 100644 (file)
@@ -74,7 +74,7 @@ if (!empty($_GET['u_id']))
        // Does the account exists?       0      1        2         3      4     5      6       7         8          9          10           11           12         13     14         15           16          17            18           19           20           21        22        23             24              25         26
        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails, receive_mails, refid, status, REMOTE_ADDR, last_online, last_module, ref_clicks, total_logins, used_points, emails_sent, joined, last_update, last_profile_sent, notified, ref_payout".$MORE."
 FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
         array($uid), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
index 021adfaf4bf4d78a1824aa2ad3968603750064e0..d31d1e7c1c68e4b3da96eef71727f5b06bd8e798 100644 (file)
@@ -44,7 +44,7 @@ ADD_DESCR("admin", basename(__FILE__));
 OPEN_TABLE("100%", "admin_content admin_content_align", "");
 if (!empty($_GET['u_id']))
 {
-       $result_user = SQL_QUERY_ESC("SELECT status, sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result_user = SQL_QUERY_ESC("SELECT status, sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        $ACT = false;
        if (SQL_NUMROWS($result_user) == 1)
@@ -58,7 +58,7 @@ if (!empty($_GET['u_id']))
                        ADD_MEMBER_SELECTION_BOX();
                } elseif (!empty($_POST['lock'])) {
                        // Ok, lock the account!
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%s LIMIT 1",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                        if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
                        {
@@ -74,7 +74,7 @@ if (!empty($_GET['u_id']))
                        $ACT = true;
                } elseif (!empty($_POST['unlock'])) {
                        // Ok, unlock the account!
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%s LIMIT 1",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                        if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
                        {
@@ -106,7 +106,7 @@ if (!empty($_GET['u_id']))
                }
                 else
                {
-                       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
index d240fc7d6349596bb412307850310f1f7cbeebcd..fc93c8932d8bf1e0ad105ed6287210d2ec07399b 100644 (file)
@@ -68,7 +68,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -115,7 +115,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -157,7 +157,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -204,17 +204,17 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                switch ($_POST['ok'])
                {
                case "edit": // Edit menu
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $_POST['sel_descr'][$sel], $sel), __FILE__, __LINE__);
                        break;
 
                case "del": // Delete menu
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array($sel), __FILE__, __LINE__);
                        break;
 
                case "status": // Change status of menus
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
                        break;
                }
@@ -255,9 +255,9 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ((!empty($tid)) && (!empty($fid)))
                {
                        // Sort menu
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
                }
        }
diff --git a/inc/modules/admin/what-newsletter.php b/inc/modules/admin/what-newsletter.php
deleted file mode 100644 (file)
index 456fab2..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-<?php
-// DEPRECATED!!!
-?>
index 9a987d72a4d42414119f4b56fd7e4da2ef4bc627..fe64ee8c488f1d8a11c16282f6e5faf4678f31f0 100644 (file)
@@ -115,7 +115,7 @@ if (isset($_POST['ok']))
        $SW = 2; $OUT = "";
        foreach ($_POST['sel'] as $id=>$value)
        {
-               $result = SQL_QUERY_ESC("SELECT time, mail_title FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT time, mail_title FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($time, $title) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -143,7 +143,7 @@ if (isset($_POST['ok']))
        $SW = 2; $OUT = "";
        foreach ($_POST['sel'] as $id=>$value)
        {
-               $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($time, $pay, $title, $price) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index c52ab321cd6985eef84c98239ecf32a7c42d12a8..1d8c3605fbbc690cbcedb39205b174b5b2ab6112 100644 (file)
@@ -82,7 +82,7 @@ VALUES ('%s', '%s', '%s')",
                        $id = bigintval($id);
 
                        // Update entry
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%s LIMIT 1",
                         array($_POST['url'][$id], $_POST['alternate'][$id], $_POST['visible'], $id), __FILE__, __LINE__);
                }
                break;
@@ -104,7 +104,7 @@ VALUES ('%s', '%s', '%s')",
        foreach ($_POST['sel'] as $id=>$sel)
        {
                // Load data
-               $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($url, $alt, $vis) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -134,7 +134,7 @@ VALUES ('%s', '%s', '%s')",
                // Delete banner
                foreach ($_POST['sel'] as $id=>$sel)
                {
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
        }
index 35f926b828e8b51ed2e69102e6daf58c9fbc8bdc..774d53e80088f71c952589171f097f23ad51abf2 100644 (file)
@@ -51,7 +51,7 @@ while(list($id, $act) = SQL_FETCHROW($result_fix))
        $ACTIONs[] = $act;
 
        // Fix weight
-       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%d LIMIT 1",
+       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%s LIMIT 1",
         array($cnt, bigintval($id)), __FILE__, __LINE__);
        $REP += SQL_AFFECTEDROWS();
 
@@ -74,7 +74,7 @@ foreach ($ACTIONs as $act)
        while (list($id) = SQL_FETCHROW($result_fix))
        {
                // Fix weight
-               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%d LIMIT 1",
+               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%s LIMIT 1",
                 array($cnt, bigintval($id)), __FILE__, __LINE__);
                $REP += SQL_AFFECTEDROWS();
 
index eb9be4cdc4fbe09da68600e7b01514281b202ab9..aee12756a9187ff7221aac0a394c7c750ad5e287 100644 (file)
@@ -47,12 +47,12 @@ if (SQL_NUMROWS($result) > 0)
        $REMOVED = 0; // Nothing is removed for now... ;-)
        while (list($uid) = SQL_FETCHROW($result))
        {
-               $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(bigintval($uid)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result_user) == 0)
                {
                        // Ok, we found something to remove
-                       $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d",
+                       $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s",
                         array(bigintval($uid)), __FILE__, __LINE__);
                        $REMOVED += SQL_AFFECTEDROWS();
                }
index 85e635484a5a0f6e927a59a4f74cb378dddb369a..80ac7ca7c000f07b774b791db98291930a25a505 100644 (file)
@@ -50,7 +50,7 @@ while(list($id, $act) = SQL_FETCHROW($result_fix))
        $ACTIONS[] = $act;
 
        // Fix weight
-       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%d LIMIT 1",
+       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%s LIMIT 1",
         array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
        $REP += SQL_AFFECTEDROWS();
 
@@ -74,7 +74,7 @@ foreach ($ACTIONS as $act)
        while (list($id) = SQL_FETCHROW($result_fix))
        {
                // Fix weight
-               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%d LIMIT 1",
+               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%s LIMIT 1",
                 array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
                $REP += SQL_AFFECTEDROWS();
 
index 0eeb00cd14c519f4f96063a9ef3b84baddb24f62..81d3ade1617a02647327dfff6f0039861a539980 100644 (file)
@@ -50,7 +50,7 @@ while(list($id, $act) = SQL_FETCHROW($result_fix))
        $ACTIONS[] = $act;
 
        // Fix weight
-       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%d LIMIT 1",
+       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%s LIMIT 1",
         array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
        $REP += SQL_AFFECTEDROWS();
 
@@ -73,7 +73,7 @@ foreach ($ACTIONS as $act)
        while (list($id) = SQL_FETCHROW($result_fix))
        {
                // Fix weight
-               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%d LIMIT 1",
+               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%s LIMIT 1",
                 array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
                $REP += SQL_AFFECTEDROWS();
 
index ace9560270c957d40e271afb905f340ba7aab853..3bd840b30537ecb8885c2f29540b013f2951e08d 100644 (file)
@@ -57,7 +57,7 @@ if (isset($_POST['ok']))
                // Select category
                $CAT_TABS  = "LEFT JOIN "._MYSQL_PREFIX."_user_cats AS c ON d.userid=c.userid";
                $cat = bigintval($_POST['cat']);
-               $CAT_WHERE = " AND c.cat_id=%d";
+               $CAT_WHERE = " AND c.cat_id=%s";
        }
        if (GET_EXT_VERSION("holiday") >= "0.1.3")
        {
@@ -167,13 +167,13 @@ VALUES ('%s', '%s', '%s', '%s', '%s', 'NEW', UNIX_TIMESTAMP(), '%s', '%s', '%s',
                {
                        $CATS['id'][]   = $id;
                        $CATS['name'][] = $cat;
-                       $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d",
+                       $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s",
                         array(bigintval($id)), __FILE__, __LINE__);
                        $uid_cnt = "0";
                        while (list($ucat) = SQL_FETCHROW($result_uids))
                        {
                                $result_ver = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d AND status='CONFIRMED' AND receive_mails > 0".$MORE." LIMIT 1",
+WHERE userid=%s AND status='CONFIRMED' AND receive_mails > 0".$MORE." LIMIT 1",
  array(bigintval($ucat)), __FILE__, __LINE__);
                                $uid_cnt += SQL_NUMROWS($result_ver);
 
diff --git a/inc/modules/admin/what-stats.php b/inc/modules/admin/what-stats.php
deleted file mode 100644 (file)
index cc11671..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-<?php
-// OBSOLETE!
-?>
index 9c6cc1d8fe11bd209594a2348302d72ba483bf38..dc9982fc0f2e639ebd1707755ee944f774afac9b 100644 (file)
@@ -54,7 +54,7 @@ if ($_GET['u_id'] == "all")
                while (list($uid) = SQL_FETCHROW($result_main))
                {
                        // User ID found in URL so we use this give him some credits
-                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -65,8 +65,7 @@ if ($_GET['u_id'] == "all")
                                if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
                                {
                                        // Ok, add points to used points and send an email to him...
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                                        array(bigintval($_POST['points'], bigintval($uid))), __FILE__, __LINE__);
+                                       SUB_POINTS($uid, $_POST['points']);
 
                                        // Load message and send it away
                                        $msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $uid);
@@ -89,7 +88,7 @@ if ($_GET['u_id'] == "all")
  elseif (!empty($_GET['u_id']))
 {
        // User ID found in URL so we use this give him some credits
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
         array(bigintval($_GET['u_id'])),__FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -100,15 +99,7 @@ if ($_GET['u_id'] == "all")
                if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
                {
                        // Ok, add to used points and send an email to him...
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                        array(bigintval($_POST['points']), bigintval($_GET['u_id'])), __FILE__, __LINE__);
-
-                       // Update mediadata as well
-                       if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                       {
-                               // Update database
-                               MEDIA_UPDATE_ENTRY(array("total_points"), "sub", bigintval($_POST['points']));
-                       }
+                       SUB_POINTS(bigintval($_GET['u_id']), $_POST['points']);
 
                        // Remember points in template
                        define('__POINTS_VALUE', bigintval($_POST['points']));
index 99df9a41061a7e6e17cb40c9432f89919e6caef0..62eca499eef0f77d7aacbcc5cf02603486b2236c 100644 (file)
@@ -72,7 +72,7 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
                if ((substr($value, 0, 6) == "theme-") && (substr($value, -4) == ".zip"))
                {
                        $name = substr($value, 6, -4);
-                       $file = PATH."themes/".$name."/theme.php";
+                       $file = sprintf("%sthemes/%s/theme.php", PATH, $name);
                        $ver = trim(substr($response[$idx + 3], 4));
 
                        // Load version
@@ -101,18 +101,18 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
                                        $LANG_DUMMY[$k] = $v;
                                        if ($v == "xx:xx") break;
                                        $LANG[] = $v;
-                               }
+                               } // END - foreach
 
                                // If language is found stop searching on matching line
                                foreach($LANG as $search) {
                                        if (substr($search, 0, 3) == (GET_LANGUAGE().":")) { $INFO = substr($search, 3); break; }
-                               }
+                               } // END - foreach
 
                                // Add informations to array
                                $THEMES['infos'][] = $INFO;
-                       }
-               }
-       }
+                       } // END - if
+               } // END - if
+       } // END - foreach
 
        // Ok, themes are on our server but maybe you have already installed them?
        if (sizeof($THEMES['fname']) > 0) {
@@ -146,17 +146,14 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
 
                // Load template
                LOAD_TEMPLATE("admin_theme_list");
-       }
-        else
-       {
+       } else {
                // All Themes are downloaded and installed
                LOAD_TEMPLATE("admin_theme_installed", false, $count);
        }
-}
- else
-{
+} else {
        // No theme where found
        LOAD_TEMPLATE("admin_theme_404");
 }
+
 //
 ?>
index 663d9ae4ea1b986742cfffeb8e0413ab5165857b..65c342dec1ab6d1bdb61ba77228738f87bb95e82 100644 (file)
@@ -66,17 +66,17 @@ if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) {
                                $id = bigintval($id);
 
                                // Unlock selected email
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%d AND data_type='ADMIN' LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%s AND data_type='ADMIN' LIMIT 1",
                                 array($id), __FILE__, __LINE__);
 
                                // Update wents fine?
                                if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) {
-                                       // Order placed in queue...        0         1           2           3
-                                       $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment
+                                       // Order placed in queue...        0         1           2           3             4
+                                       $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment, po.payment_id
 FROM "._MYSQL_PREFIX."_pool AS po
 INNER JOIN "._MYSQL_PREFIX."_payments AS pay
 ON po.payment_id=pay.id
-WHERE po.id=%d
+WHERE po.id=%s
 LIMIT 1",
                                         array($id), __FILE__, __LINE__);
 
@@ -89,7 +89,7 @@ LIMIT 1",
                                        // Check for bonus extension version >= 0.4.4 for the order bonus
                                        if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y")) {
                                                // Add points directly
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%s LIMIT 1",
                                                 array(bigintval($DATA['sender'])), __FILE__, __LINE__);
 
                                                // Subtract bonus points from system
@@ -99,7 +99,7 @@ LIMIT 1",
                                        // Check for surfbar extension
                                        if (EXT_IS_ACTIVE("surfbar")) {
                                                // Add the url
-                                               $insertId = SURFBAR_ADMIN_ADD_URL($DATA['url'], $DATA['sender'], $DATA['payment']);
+                                               $insertId = SURFBAR_ADMIN_ADD_URL($DATA['url'], $DATA['sender'], $DATA['payment'], $DATA['payment_id']);
 
                                                // Load email template
                                                $msg_user = LOAD_EMAIL_TEMPLATE("order_accept_sb", $insertId, $DATA['sender']);
@@ -131,7 +131,7 @@ LIMIT 1",
                                $id = bigintval($id);
 
                                // Load URL and subject from pool
-                               $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                                 array($id), __FILE__, __LINE__);
 
                                // Load data
@@ -148,7 +148,7 @@ LIMIT 1",
                                if ((empty($_POST['redirect'])) || ($_POST['redirect'] == "http://")) $_POST['redirect'] = URL;
 
                                // Redirect URL
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1",
                                 array($_POST['redirect'], $id),__FILE__, __LINE__);
 
                                // Prepare data for the row template
index be76d576ed91f4716981b40ceb2aa26ef0cf8d4f..4475fed1d567c8ef5d398b2e3ea6d4097a3588a5 100644 (file)
@@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__));
 // Is a user id given?
 if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) {
        // Load user data and display it
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
        // Is a user account found?
index 14a9ee7a4c5d646e59807a9c60a05869081bf278..7db176ac5251d959e8036533fea0f8e698f99ca3 100644 (file)
@@ -44,7 +44,7 @@ OUTPUT_HTML("<br /><STRONG>".VALIDATING_LOGIN."</STRONG><br />");
 
 if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime'))) {
        // Get theme from profile
-       $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
        list($NewTheme) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -57,7 +57,7 @@ if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSession
                // Update last login
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
 SET last_login=UNIX_TIMESTAMP()
-WHERE userid=%d AND last_login < (UNIX_TIMESTAMP() - %d)
+WHERE userid=%s AND last_login < (UNIX_TIMESTAMP() - %s)
 LIMIT 1", array($GLOBALS['userid'], $_CONFIG['login_timeout']),
  __FILE__, __LINE__);
                if (SQL_AFFECTEDROWS($link) == 1) $bonus = true;
index 48ff5cc346718b6c90f8791683774fdfba22ceb3..78ab97dacca4553aac2e4ef3a3f370113aa5e669 100644 (file)
@@ -43,7 +43,7 @@ if (!empty($_GET['order'])) {
        // Order number placed, is he also logged in?
        if(IS_LOGGED_IN()) {
                // Ok, test passed... :)
-               $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
                 array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
 
                // Finally is the entry valid?
index e8df9e777748f31878233bc4d8ef0e5e4eda2e5f..a030f9eff216dcbdbbc3eaad33caab411a7056b7 100644 (file)
@@ -54,7 +54,7 @@ if ($_CONFIG['mad_counter'] < $total)
        // Update counter
        $_CONFIG['mad_counter'] = $total;
        $_CONFIG['last_mad']    = time();
-       $result_mad = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET mad_timestamp=%d, mad_count='%s' WHERE config=0 LIMIT 1",
+       $result_mad = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET mad_timestamp=%s, mad_count='%s' WHERE config=0 LIMIT 1",
         array($_CONFIG['last_mad'], $_CONFIG['mad_counter']), __FILE__, __LINE__);
 
        // Destroy cache
index 6ecc2d43e4747e30ab0fd3dcef0a7c702d630695..9ac317ea977061053716923edef33648b0fb355a 100644 (file)
@@ -68,7 +68,7 @@ if (!empty($_GET['hash']))
                        if (($rid > 0) && ($rid != $uid))
                        {
                                // Select the referral userid
-                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array(bigintval($rid)), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result) == 1)
                                {
@@ -94,7 +94,7 @@ if (!empty($_GET['hash']))
                                        if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y"))
                                        {
                                                // Add points (directly only!)
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%s LIMIT 1",
                                                 array($_CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__);
 
                                                // Subtract points from system
index 62450c81b6b2a728bc45617ef4ca97928feb88fa..70652bf9813180ade71ce8055f1d77676a4aee0e 100644 (file)
@@ -98,7 +98,7 @@ if (IS_LOGGED_IN()) {
                if (!empty($UID2)) $UID = $UID2;
        } else {
                // Direct userid entered
-               $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                 array(bigintval($UID), $hash), __FILE__, __LINE__);
                list($dmy, $password, $online, $login) = SQL_FETCHROW($result);
        }
@@ -122,7 +122,7 @@ if (IS_LOGGED_IN()) {
                                $hash = generateHash($_POST['password']);
 
                                // ... and update database
-                               $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+                               $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                                 array($hash, $UID), __FILE__, __LINE__);
 
                                // No login bonus by default
@@ -157,7 +157,7 @@ if (IS_LOGGED_IN()) {
                                               && set_session("lifetime", $l   , $life, COOKIE_PATH));
 
                                        // Update global array
-                                       $GLOBALS['userid'] = $UID;
+                                       $GLOBALS['userid'] = bigintval($UID);
                                } else {
                                        // Check for login data
                                        $login = IS_LOGGED_IN();
@@ -165,7 +165,7 @@ if (IS_LOGGED_IN()) {
 
                                if ($login) {
                                        // Update database records
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1",
                                         array(bigintval($UID)), __FILE__, __LINE__);
                                        if (SQL_AFFECTEDROWS($link) == 1) {
                                                // Procedure to checking for login data
@@ -194,7 +194,7 @@ if (IS_LOGGED_IN()) {
                }
        } else {
                // Other account status?
-               $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(bigintval($UID)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
@@ -244,7 +244,7 @@ if (IS_LOGGED_IN()) {
         else
        {
                // Direct userid entered
-               $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1",
                 array(bigintval($UID), $_POST['email']), __FILE__, __LINE__);
        }
        if (SQL_NUMROWS($result) == 1)
@@ -256,7 +256,7 @@ if (IS_LOGGED_IN()) {
                {
                        // Ooppps, this was missing! ;-) We should update the database...
                        $NEW_PASS = GEN_PASS();
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s LIMIT 1",
                         array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__);
 
                        // Prepare data and message for email
index c0eeb66f5b82e40a23c8eba0e0f57136b9b06549..a69272b4b7fd2884b46c763fd01c6d8c091b9f87 100644 (file)
@@ -161,7 +161,7 @@ if (isset($_POST['ok']))
        }
 
        // Test the refid (because some strange hackers... :-P)
-       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0)
        {
@@ -235,7 +235,7 @@ if ((isset($_POST['ok'])) && (!$FAILED))
        //////////////////////////////
        //
        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
-VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
+VALUES ('%s', '%s', '%s', '%s', '%s', %s, '%s', '%s', %s, %s, %s, '%s', %s, %s, %s, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
 array(
        $countryRow,
        SQL_ESCAPE(substr($_POST['sex'], 0, 1)),
@@ -266,14 +266,14 @@ array(
        $userid = bigintval($userid);
 
        // Write his welcome-points
-       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=0 LIMIT 1",
         array(bigintval($userid)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0)
        {
                // Add only when the line was not found (maybe some more secure?)
                $locked = "points";
                if ($_CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!
-               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')",
+               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%s, 0, '%s')",
                 array(bigintval($userid), $_CONFIG['points_register']), __FILE__, __LINE__);
 
                // Update mediadata as well
@@ -288,7 +288,7 @@ array(
                foreach ($_POST['cat'] as $cat=>$joined) {
                        if ($joined == "Y") {
                                // Insert category entry
-                               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)",
+                               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%s, %s)",
                                 array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__);
                        }
                }
index 3fa8d6f720b41ef322a508824d810110f9233e3d..fa3acb35a912dc179bcd811ca05525364c3e2da4 100644 (file)
@@ -75,7 +75,7 @@ case "MEMBERS": // Statistics about your members
        for ($idx = 1; $idx < 13; $idx++)
        {
                $month = $idx; if ($idx < 10) $month = "0".$idx;
-               $months[$month] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE birth_month=%d AND status='CONFIRMED'",
+               $months[$month] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE birth_month=%s AND status='CONFIRMED'",
                 array(bigintval($month)), __FILE__, __LINE__));
        }
 
@@ -94,7 +94,7 @@ case "MEMBERS": // Statistics about your members
        foreach ($cats as $id=>$dummy)
        {
                // We only need id and nothing more to count...
-               $cat_cnt[$id] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d",
+               $cat_cnt[$id] = SQL_NUMROWS(SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s",
                 array(bigintval($id)), __FILE__, __LINE__));
        }
 
index 98fb7e21c5517b427de0a682d11f8c97d68b4bc2..eb9c6aa12582cdb6f68c50dd6d834945a142814c 100644 (file)
@@ -63,7 +63,7 @@ if (EXT_IS_ACTIVE("nickname"))
 }
 
 // Run SQL command
-$result = SQL_QUERY_ESC("SELECT ".$data.", beg_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($uid), __FILE__, __LINE__);
+$result = SQL_QUERY_ESC("SELECT ".$data.", beg_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($uid), __FILE__, __LINE__);
 list($uid, $clicks) = SQL_FETCHROW($result);
 SQL_FREERESULT($result);
 
index 9a4473c5417028236f88c92663aeab356f6cfbc6..4f2a8ae2386033a3910bb971b4cfd861ff256534 100644 (file)
@@ -76,7 +76,7 @@ if ($cats > 0)
                        {
                                case 'Y':
                                        $sql = "";
-                                       $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+                                       $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
                                         array($UID, bigintval($cat)), __FILE__, __LINE__);
 
                                        if (SQL_NUMROWS($result_user) == 0)
@@ -91,7 +91,7 @@ if ($cats > 0)
                                        break;
 
                                case 'N':
-                                       $sql = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1";
+                                       $sql = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1";
                                        break;
                        }
                        if (!empty($sql))
@@ -124,7 +124,7 @@ if ($cats > 0)
                        $JOINED_N = ' checked'; $JOINED_Y = "";
 
                        // Check category selection
-                       $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+                       $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
                         array($UID, bigintval($id)), __FILE__, __LINE__);
 
                        // When we found an entry don't read it, just change the JOINED_x variables
index 57c5e3848506393062505f42110774c178af9d2f..2df58e320cb409c3506d8f996ff6aada42c89fa9 100644 (file)
@@ -52,11 +52,11 @@ ADD_DESCR("member", basename(__FILE__));
 
 // Check for running mail orders in pool
 $result1 = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool
-WHERE sender=%d ORDER BY timestamp DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE sender=%s ORDER BY timestamp DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
 
 // Check for sent mail orders in stats
 $result2 = SQL_QUERY_ESC("SELECT timestamp_ordered FROM "._MYSQL_PREFIX."_user_stats
-WHERE userid=%d ORDER BY timestamp_ordered DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s ORDER BY timestamp_ordered DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
 
 if ((SQL_NUMROWS($result1) == 1) || (SQL_NUMROWS($result2) == 1))
 {
@@ -115,7 +115,7 @@ if (isset($_POST['ok']))
                // Activate holiday system
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
 SET holiday_active='N', holiday_activated=UNIX_TIMESTAMP()
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
 
                // Prepare constants
@@ -148,7 +148,7 @@ if (isset($_POST['stop']))
 {
        // Okay, end the holiday here...
        $result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
        list($active, $locked) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
 
@@ -156,7 +156,7 @@ WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
        {
                // Load data
                $result = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // Data was found
@@ -170,11 +170,11 @@ WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
                        // Deactivate it now
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
 SET holiday_active='N', holiday_activated='0'
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
 
                        // Remove entry
                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
 
                        // Send email to admin
                        SEND_ADMIN_NOTIFICATION(HOLIDAY_ADMIN_DEAC_SUBJ, "admin_holiday_deactivated", "", $GLOBALS['userid']);
@@ -200,7 +200,7 @@ if ((!isset($_POST['ok'])) && (!isset($_POST['stop'])))
 {
        // Check if user is in holiday...
        $result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
        list($active, $locked) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
 
@@ -213,7 +213,7 @@ WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
                case 'Y': // Display deactivation form
                        // Load starting and ending date
                        $result = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
                                // Data was found
@@ -236,7 +236,7 @@ WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
                                // Remove entry and reload URL
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
 SET holiday_active='N'
-WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
                                LOAD_URL("modules.php?module=login&amp;what=holiday");
                                return;
                        }
index 451a68e65a78697e81f759553f6dc0dd259b8aed..2ce7fd81dcb59abdefc4207f4a92d764f8e15924 100644 (file)
@@ -54,14 +54,14 @@ ADD_DESCR("member", basename(__FILE__));
 if (isset($_POST['ok']))
 {
        // Save settings
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET html='%s' WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET html='%s' WHERE userid=%s LIMIT 1",
         array($_POST['html'], $GLOBALS['userid']), __FILE__, __LINE__);
        LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_SETTINGS_SAVED);
 }
  else
 {
        // Load template for changing settings
-       $result = SQL_QUERY_ESC("SELECT html FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT html FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
        list($mode) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
index 6c7926ac2a9376c7ee3897e5c84dbcffb2ca23f1..d2f8e71bbd83b1eb319b0035e317475d931cae60 100644 (file)
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
-}
- elseif (!IS_LOGGED_IN())
-{
+} elseif (!IS_LOGGED_IN()) {
        LOAD_URL("modules.php?module=index");
 }
 
@@ -50,8 +47,7 @@ $URL = URL."/modules.php?module=index";
 // NEW: Fixed the Set of Cookies, you mus add right TimeSet, if you changed it in What_login.php! (eg. time()- cookieTime
 
 
-if (set_session("userid", "") && set_session("u_hash", "") && set_session("lifetime", ""))
-{
+if (destroy_user_session()) {
        // Remove theme cookie as well
        set_session("mxchange_theme", "");
 
@@ -60,14 +56,13 @@ if (set_session("userid", "") && set_session("u_hash", "") && set_session("lifet
 
        // Destroy session here
        @session_destroy();
-}
- else
-{
+} else {
        // Cannot logout! :-(
        $URL .= "&msg=".CODE_LOGOUT_FAILED;
 }
 
-//
+// Load the URL
 LOAD_URL($URL);
+
 //
 ?>
index fbcf7b56a84210e90eeae79ace50b4b947a830ad..97554795d5aff43bbd8a228289c1a93cbd5ac813 100644 (file)
@@ -65,13 +65,13 @@ case "show": // Show his data
        if (EXT_IS_ACTIVE("country", true))
        {
                // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
-               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(UID_VALUE), __FILE__, __LINE__);
        }
         else
        {
                // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
-               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(UID_VALUE), __FILE__, __LINE__);
        }
        $DATA = SQL_FETCHROW($result);
@@ -115,14 +115,14 @@ case "edit": // Edit data
        {
                // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
                $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
-FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(UID_VALUE), __FILE__, __LINE__);
        }
         else
        {
                // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
                $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
-FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(UID_VALUE), __FILE__, __LINE__);
        }
 
@@ -203,7 +203,7 @@ FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
 
 case "save": // Save entered data
        // Load old email / password:      0        1          2
-       $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(UID_VALUE), __FILE__, __LINE__);
        $DATA = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -253,14 +253,14 @@ case "save": // Save entered data
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
 sex='%s', surname='%s', family='%s',
 street_nr='%s',
-country_code=%d, zip=%d, city='%s',
+country_code=%s, zip=%s, city='%s',
 email='%s',
-birth_day=%d, birth_month=%d, birth_year=%d,
-max_mails=%d,
+birth_day=%s, birth_month=%s, birth_year=%s,
+max_mails=%s,
 last_update=UNIX_TIMESTAMP()".$AND.",
 notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
-WHERE userid=%d AND password='%s' LIMIT 1",
+WHERE userid=%s AND password='%s' LIMIT 1",
 array(
        $_POST['sex'],
        $_POST['surname'],
@@ -284,14 +284,14 @@ array(
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
 sex='%s', surname='%s', family='%s',
 street_nr='%s',
-country='%s', zip=%d, city='%s',
+country='%s', zip=%s, city='%s',
 email='%s',
-birth_day=%d, birth_month=%d, birth_year=%d,
+birth_day=%s, birth_month=%s, birth_year=%s,
 max_mails='%s',
 last_update=UNIX_TIMESTAMP()".$AND.",
 notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
-WHERE userid=%d AND password='%s' LIMIT 1",
+WHERE userid=%s AND password='%s' LIMIT 1",
 array(
        $_POST['sex'],
        $_POST['surname'],
@@ -325,7 +325,7 @@ array(
        break;
 
 case "notify": // Switch off notfication
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
        $URL = URL."/modules.php?module=login&amp;what=welcome&msg=".urlencode(PROFILE_UPDATED);
        break;
index 04a8dbfc31f4a171b9deb242b335ba6c3e8ca0a6..eac7c3265fe4af2f5108cd2667ff420aa822b619 100644 (file)
@@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("member", basename(__FILE__));
 
 // Load status
-$result = SQL_QUERY_ESC("SELECT nl_receive, nl_until, nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT nl_receive, nl_until, nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 list($status, $until, $span) = SQL_FETCHROW($result);
 SQL_FREERESULT($result);
@@ -62,7 +62,7 @@ define('__CHARGE_VALUE', TRANSLATE_COMMA($_CONFIG['nl_charge']));
 if ((isset($_POST['ok'])) && ($status == "Y") && ($span == "0"))
 {
        // Save request
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_timespan='".(ONE_DAY * 30)."' WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_timespan='".(ONE_DAY * 30)."' WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
 
        // Load admin message
index 5459df47803a2d0f7840935a1aecb3cbeed7e3f3..f6802001b7e5b7371ae2a315d8034afcafa72c9a 100644 (file)
@@ -74,7 +74,7 @@ if ($VALID)
        if (SQL_NUMROWS($result) == 0)
        {
                // Nickname not in use, so set it now
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nickname='%s' WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nickname='%s' WHERE userid=%s LIMIT 1",
                 array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__);
                $content = NICKNAME_SAVED;
        }
index a71d44fdc4b08f1fb7246325f0cfcdcf4cd2161e..9bbe6a58f80923476f0780deca018533378001dd 100644 (file)
@@ -71,7 +71,7 @@ foreach($_POST as $key=>$value)
 define('__MIN_VALUE', $_CONFIG['order_min']);
 
 // Count unconfirmed mails
-$result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d",
+$result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 $links = SQL_NUMROWS($result_links);
 SQL_FREERESULT($result_links);
@@ -86,7 +86,7 @@ if (GET_EXT_VERSION("holiday") >= "0.1.3")
 
 $result_mmails = SQL_QUERY_ESC("SELECT userid, receive_mails, mail_orders, ".$HOLIDAY."
 FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d AND max_mails > 0 LIMIT 1",
+WHERE userid=%s AND max_mails > 0 LIMIT 1",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 
 $mmails = SQL_NUMROWS($result_mmails);
@@ -101,7 +101,7 @@ if ($_CONFIG['order_max_full'] == "MAX") $ALLOWED = $MAXI;
 $HTML_EXT = EXT_IS_ACTIVE("html_mail");
 
 // Now check his points amount
-$result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d",
+$result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 
 $TOTAL = "0";
@@ -112,7 +112,7 @@ if (SQL_NUMROWS($result_p) > 0)
        SQL_FREERESULT($result_p);
 
        // And subtract his used points...
-       $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
 
        list($p) = SQL_FETCHROW($result_p);
@@ -134,7 +134,7 @@ if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3"))
        // Continue with the frametester, we first need to store the data temporary in the pool
        //
        // First we would like to store the data and get it's pool position back...
-       $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND url='%s' AND timestamp > %d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND url='%s' AND timestamp > %s LIMIT 1",
         array($GLOBALS['userid'], $_POST['url'], bigintval(time() - $_CONFIG['url_tlock'])), __FILE__, __LINE__);
 
        $type = "TEMP"; $id = "0";
@@ -235,7 +235,7 @@ if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3"))
                $result = SQL_QUERY_ESC("SELECT DISTINCT c.userid FROM "._MYSQL_PREFIX."_user_cats AS c
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON c.userid=d.userid
-WHERE c.cat_id=%d AND c.userid != '%s' AND d.status='CONFIRMED' AND d.receive_mails > 0
+WHERE c.cat_id=%s AND c.userid != '%s' AND d.status='CONFIRMED' AND d.receive_mails > 0
 ".$ADD."
 ORDER BY d.%s %s",
  array(
@@ -264,7 +264,7 @@ ORDER BY d.%s %s",
                                {
                                        // Check for his holiday status
                                        $result_holiday = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1",
+WHERE userid=%s AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1",
  array(bigintval($REC)), __FILE__, __LINE__);
                                        if (SQL_NUMROWS($result_holiday) == 1) $REC = 0; // Exclude user who are in holiday
 
@@ -356,14 +356,14 @@ array(
 subject='%s',
 text='%s',
 receivers='%s',
-payment_id=%d,
+payment_id=%s,
 timestamp=UNIX_TIMESTAMP(),
 url='%s',
-cat_id=%d,
-target_send=%d,
-zip=%d,
+cat_id=%s,
+target_send=%s,
+zip=%s,
 html_msg='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
 array(
        $_POST['subject'],
        $_POST['text'],
@@ -384,13 +384,13 @@ array(
 subject='%s',
 text='%s',
 receivers='%s',
-payment_id=%d,
+payment_id=%s,
 timestamp=UNIX_TIMESTAMP(),
 url='%s',
-cat_id=%d,
-target_send=%d,
-zip=%d
-WHERE id=%d LIMIT 1",
+cat_id=%s,
+target_send=%s,
+zip=%s
+WHERE id=%s LIMIT 1",
 array(
        $_POST['subject'],
        $_POST['text'],
@@ -408,7 +408,7 @@ array(
                                // Do we need to get the ID number?
                                if ($id == 0) {
                                        // Order is placed as temporary. We need to get it's id for the frametester
-                                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND subject='%s' AND payment_id=%d AND data_type='TEMP' AND timestamp=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND subject='%s' AND payment_id=%s AND data_type='TEMP' AND timestamp=%s LIMIT 1",
                                        array(
                                                $GLOBALS['userid'],
                                                $_POST['subject'],
@@ -482,7 +482,7 @@ array(
                                $CATS['name'][] = $cat;
 
                                // Select users in current category
-                               $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d AND userid != '%s' ORDER BY userid",
+                               $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s AND userid != '%s' ORDER BY userid",
                                 array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__);
 
                                $uid_cnt = "0";
@@ -496,7 +496,7 @@ array(
                                                $result_holiday = SQL_QUERY_ESC("SELECT DISTINCT d.userid FROM "._MYSQL_PREFIX."_user_data AS d
 LEFT JOIN "._MYSQL_PREFIX."_user_holidays AS h
 ON d.userid=h.userid
-WHERE d.userid=%d AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y'
+WHERE d.userid=%s AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y'
 AND h.holiday_start < ".time()." AND h.holiday_end > ".time()."
 LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                                if (SQL_NUMROWS($result_holiday) == 1)
@@ -512,7 +512,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                        if (!$HOL_ACTIVE)
                                        {
                                                // Check if the user want's to receive mails?
-                                               $result_ver = SQL_QUERY_ESC("SELECT zip FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d".$HTML." AND receive_mails > 0 AND status='CONFIRMED' LIMIT 1",
+                                               $result_ver = SQL_QUERY_ESC("SELECT zip FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s".$HTML." AND receive_mails > 0 AND status='CONFIRMED' LIMIT 1",
                                                 array(bigintval($ucat)), __FILE__, __LINE__);
 
                                                if ((SQL_NUMROWS($result_ver) == 1) && (!empty($_POST['zip'])) && ($_CONFIG['order_multi_page'] == "Y"))
@@ -552,7 +552,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                switch ($_GET['msg'])
                                {
                                case CODE_URL_TLOCK:
-                                       $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                                         array(bigintval($_GET['id'])), __FILE__, __LINE__);
 
                                        // Load timestamp from last order
@@ -666,7 +666,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                $OLD_ORDER = false; $subject = ""; $text = ""; $target = "";
 
                                // Check if we already have an order placed and make it editable
-                               $result = SQL_QUERY_ESC("SELECT subject, text, payment_id, timestamp, url, target_send, cat_id, zip FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND data_type='TEMP' LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT subject, text, payment_id, timestamp, url, target_send, cat_id, zip FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND data_type='TEMP' LIMIT 1",
                                 array($GLOBALS['userid']), __FILE__, __LINE__);
 
                                if (SQL_NUMROWS($result) == 1)
index a61a58bf3cc65435de6702eb2a4f91d8e7207649..48bd9617d28152387dd31009ba62b5f6d480f63f 100644 (file)
@@ -53,7 +53,7 @@ $TPTS = "0";
 while (list($lvl, $per) = SQL_FETCHROW($result_depths))
 {
        // Load referral points
-       $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=%d LIMIT 1",
+       $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=%s LIMIT 1",
         array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_points) == 1)
        {
@@ -66,7 +66,7 @@ while (list($lvl, $per) = SQL_FETCHROW($result_depths))
 // Free memory
 SQL_FREERESULT($result_depths);
 
-$result = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 list($USED) = SQL_FETCHROW($result);
 SQL_FREERESULT($result);
@@ -82,7 +82,7 @@ if (empty($_GET['payout']))
        // Load payout types
        $result = SQL_QUERY_ESC("SELECT id, type, rate, min_points, allow_url
 FROM "._MYSQL_PREFIX."_payout_types
-WHERE %d >= min_points
+WHERE %s >= min_points
 ORDER BY type", array(str_replace(",", ".", $TPTS)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) > 0)
        {
@@ -94,7 +94,7 @@ ORDER BY type", array(str_replace(",", ".", $TPTS)), __FILE__, __LINE__);
 FROM "._MYSQL_PREFIX."_user_payouts AS p
 LEFT JOIN "._MYSQL_PREFIX."_payout_types AS t
 ON p.payout_id = t.id
-WHERE p.userid = %d
+WHERE p.userid = %s
 ORDER BY p.payout_timestamp DESC",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
                if (SQL_NUMROWS($result_payouts) > 0)
@@ -162,7 +162,7 @@ ORDER BY p.payout_timestamp DESC",
  else
 {
        // Chedk if he can get paid by selected type
-       $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
         array(bigintval($_GET['payout'])), __FILE__, __LINE__);
 
        if (SQL_NUMROWS($result) == 1)
@@ -195,22 +195,14 @@ ORDER BY p.payout_timestamp DESC",
                                define('PAYOUT_POINTS_VALUE', $PAYOUT);
 
                                // Subtract points from member's account
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                                array($PAYOUT, $GLOBALS['userid']), __FILE__, __LINE__);
-
-                               // Update mediadata as well
-                               if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                               {
-                                       // Update database
-                                       MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $PAYOUT);
-                               }
+                               SUB_POINTS($GLOBALS['userid'], $PAYOUT);
 
                                // Add entry to his tranfer history
                                if ($allow == "Y")
                                {
                                        // Banner/textlink ordered
                                        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, payout_id, payout_timestamp, status, target_url, link_text, banner_url)
-VALUES (%d, %d, %d, UNIX_TIMESTAMP(), 'NEW', '%s', '%s', '%s')",
+VALUES (%s, %s, %s, UNIX_TIMESTAMP(), 'NEW', '%s', '%s', '%s')",
  array(
        $GLOBALS['userid'],
        bigintval($_POST['payout']),
@@ -235,7 +227,7 @@ VALUES (%d, %d, %d, UNIX_TIMESTAMP(), 'NEW', '%s', '%s', '%s')",
                                {
                                        // e-currency payout requested
                                        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, target_account, target_bank, payout_id, payout_timestamp, status, password)
-VALUES (%d, %d, %d, '%s', %d, UNIX_TIMESTAMP(), 'NEW', '%s')",
+VALUES (%s, %s, %s, '%s', %s, UNIX_TIMESTAMP(), 'NEW', '%s')",
  array(
        $GLOBALS['userid'],
        bigintval($_POST['payout']),
@@ -257,7 +249,7 @@ VALUES (%d, %d, %d, '%s', %d, UNIX_TIMESTAMP(), 'NEW', '%s')",
 
                                // Generate task
                                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, status, task_type, subject, text, task_created, userid)
-VALUES (0, 'NEW', 'PAYOUT_REQUEST', '[payout:] ".PAYOUT_REQUEST_ADMIN."', '%s', UNIX_TIMESTAMP(), %d)",
+VALUES (0, 'NEW', 'PAYOUT_REQUEST', '[payout:] ".PAYOUT_REQUEST_ADMIN."', '%s', UNIX_TIMESTAMP(), %s)",
  array(
        $msg_adm,
        $GLOBALS['userid']
index fe9402524af5fcd4d16925ea2fc9fdd4d08b5feb..88f026fd614f13cbf659a610da7a15f344c6786e 100644 (file)
@@ -63,7 +63,7 @@ while (list($lvl, $per) = SQL_FETCHROW($result_depths)) {
        $REFS = "0";
 
        // Load referral points
-       $result_points = SQL_QUERY_ESC("SELECT points, locked_points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=%d LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
+       $result_points = SQL_QUERY_ESC("SELECT points, locked_points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=%s LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_points) == 1) {
                list($points, $LOCKED) = SQL_FETCHROW($result_points);
                SQL_FREERESULT($result_points);
@@ -74,7 +74,7 @@ while (list($lvl, $per) = SQL_FETCHROW($result_depths)) {
        }
 
        // Load referral counts
-       $result_refs = SQL_QUERY_ESC("SELECT counter FROM "._MYSQL_PREFIX."_refsystem WHERE userid=%d AND level='%s' LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
+       $result_refs = SQL_QUERY_ESC("SELECT counter FROM "._MYSQL_PREFIX."_refsystem WHERE userid=%s AND level='%s' LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_refs) == 1) {
                list($REFS) = SQL_FETCHROW($result_refs);
                SQL_FREERESULT($result_refs);
@@ -101,7 +101,7 @@ SQL_FREERESULT($result_depths);
 // Put rows to constant for the main template
 define('__REF_LEVEL_ROWS', $OUT);
 
-$result = SQL_QUERY_ESC("SELECT used_points, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT used_points, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 list($USED, $PAY) = SQL_FETCHROW($result);
 SQL_FREERESULT($result);
@@ -115,7 +115,7 @@ if (GET_EXT_VERSION("user") >= "0.1.2") {
        if (GET_EXT_VERSION("user") >= "0.1.4") {
                $ADD = ", emails_sent, emails_received";
        }
-       $result = SQL_QUERY_ESC("SELECT mails_confirmed".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT mails_confirmed".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
        list($CONFIRMED, $SENT, $RECEIVED) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
 
@@ -145,7 +145,7 @@ if ((GET_EXT_VERSION("bonus") >= "0.2.2") && (EXT_IS_ACTIVE("bonus")) && ($_CONF
        if (GET_EXT_VERSION("bonus") >= "0.4.4") $ADD = ", bonus_ref, bonus_order, bonus_stats";
 
        // Load data
-       $result = SQL_QUERY_ESC("SELECT login_bonus, turbo_bonus".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT login_bonus, turbo_bonus".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
 
        // We don't add this points now. This will be done after each month
index 4cc8f5a57e5ce12ff554d0d620a2302e291451a5..0715a595b78525261b3ae96e2c2d2c4059fe06cf 100644 (file)
@@ -48,7 +48,7 @@ ADD_DESCR("member", basename(__FILE__));
 OPEN_TABLE("90%", "member_table member_content_align", "");
 
 // Load current referral clicks
-$result = SQL_QUERY_ESC("SELECT ref_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT ref_clicks FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 
 list($c) = SQL_FETCHROW($result);
index a6a9468d838d0721da798c0921bfe03805bee606..2e228976215c056dd516c0aea761e78df4c58d10 100644 (file)
@@ -45,7 +45,7 @@ ADD_DESCR("member", basename(__FILE__));
 // Load waiting/pending orders
 $result = SQL_QUERY_ESC("SELECT id, cat_id, payment_id, subject, url, timestamp, target_send, data_type, zip
 FROM "._MYSQL_PREFIX."_pool
-WHERE sender=%d AND data_type != 'SEND'
+WHERE sender=%s AND data_type != 'SEND'
 ORDER BY timestamp DESC",
        array($GLOBALS['userid']), __FILE__, __LINE__);
 
@@ -92,7 +92,7 @@ SQL_FREERESULT($result);
 //                               0     1         2         3      4            5            6            7           8
 $result = SQL_QUERY_ESC("SELECT id, cat_id, payment_id, subject, url, timestamp_ordered, max_rec, timestamp_send, clicks
 FROM "._MYSQL_PREFIX."_user_stats
-WHERE userid=%d
+WHERE userid=%s
 ORDER BY timestamp_ordered DESC",
        array($GLOBALS['userid']), __FILE__, __LINE__);
 
index fcbf2bc4e0587f8d22a86bbfa63038f9348ac630..b90d08d33807f1b9fa565df1f037667e2b3d8d1b 100644 (file)
@@ -51,10 +51,13 @@ $content = array(
 );
 
 // Construct template name
-$templateName = substr(basename(__FILE__), 5, -4)."_".strtolower($_CONFIG['surfbar_pay_model']);
+$templateName = "member_".substr(basename(__FILE__), 5, -4)."_".strtolower($_CONFIG['surfbar_pay_model']);
 
 // Load the template
 LOAD_TEMPLATE($templateName, false, $content);
 
+// Load surfbar link template
+LOAD_TEMPLATE("member_surfbar_link");
+
 //
 ?>
index eb2c73ec184c85a4021b6e0225ca619d7b94018a..e52b8da18960b47bba63682fbd9243c18d0a2c92 100644 (file)
@@ -48,7 +48,7 @@ ADD_DESCR("member", basename(__FILE__));
 if (!empty($_POST['member_theme']))
 {
        // Save theme to member's profile
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET curr_theme='%s' WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET curr_theme='%s' WHERE userid=%s LIMIT 1",
          array($_POST['member_theme'], $GLOBALS['userid']), __FILE__, __LINE__);
 
        // Set new theme for guests
@@ -76,14 +76,13 @@ $handle = opendir(PATH."theme/") or mxchange_die("Cannot read themes dir!");
 while ($dir = readdir($handle))
 {
        // Construct absolute theme.php file name
-       $theme = PATH."theme/".$dir."/"."theme.php";
+       $theme = sprintf("%stheme/%s/theme.php", PATH, $dir);
 
        // Test it...
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' AND theme_active='Y' LIMIT 1",
         array($dir), __FILE__, __LINE__);
 
-       if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme)) && (SQL_NUMROWS($result) == 1))
-       {
+       if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme)) && (SQL_NUMROWS($result) == 1)) {
                // Free memory
                SQL_FREERESULT($result);
 
index 03da5c22f3785c6dec57c1e9f21aff69fa555923..b521ba218f88e9b9aed24906941adbab6d7a6a45 100644 (file)
@@ -46,7 +46,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 ADD_DESCR("member", basename(__FILE__));
 
 // Load data
-$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 list($opt_in) = SQL_FETCHROW($result);
 
@@ -63,13 +63,13 @@ switch ($MODE)
 {
 case "new": // Start new transfer
        // Get total points and subtract the balance amount from it = maximum transferable points
-       $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND points > 0",
+       $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND points > 0",
         array($GLOBALS['userid']), __FILE__, __LINE__);
        list($total) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
 
        // Get totally used points and password
-       $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
        list($used, $pass) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -201,12 +201,11 @@ case "new": // Start new transfer
                         __FILE__, __LINE__);
 
                        // Add points to account *directly* ...
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
                         array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__);
 
                        // ... and add it to current user's used points
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                        array(bigintval($_POST['points']), $GLOBALS['userid']), __FILE__, __LINE__);
+                       SUB_POINTS($GLOBALS['userid'], $_POST['points']);
 
                        // First send email to recipient
                        $msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID);
@@ -348,14 +347,14 @@ case "list_out": // List only outgoing transactions
        switch ($MODE)
        {
        case "list_in":
-               $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
+               $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
                $NOTHING = TRANSFER_NO_INCOMING_TRANSFERS;
                define('__TRANSFER_SUM', TRANSFER_TOTAL_INCOMING);
                define('__TRANSFER_TITLE', TRANSFER_LIST_INCOMING);
                break;
 
        case "list_out":
-               $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
+               $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
                $NOTHING = TRANSFER_NO_OUTGOING_TRANSFERS;
                define('__TRANSFER_SUM', TRANSFER_TOTAL_OUTGOING);
                define('__TRANSFER_TITLE', TRANSFER_LIST_OUTGOING);
@@ -432,7 +431,7 @@ KEY(party_uid)
 ) TYPE=HEAP", __FILE__, __LINE__);
 
        // Let's begin with the incoming list
-       $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY id LIMIT %s",
+       $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY id LIMIT %s",
 array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
        while ($DATA = SQL_FETCHROW($result))
        {
@@ -445,7 +444,7 @@ array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
        SQL_FREERESULT($result);
 
        // As the last table transfer data from outgoing table to temporary
-       $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY id LIMIT %s",
+       $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY id LIMIT %s",
 array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
        while ($DATA = SQL_FETCHROW($result))
        {
@@ -524,7 +523,7 @@ array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
 
 case "": // Overview page
        // Check incoming transfers
-       $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__);
        list($dmy) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
 
@@ -539,7 +538,7 @@ case "": // Overview page
        }
 
        // Check outgoing transfers
-       $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__);
        list($dmy) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
 
@@ -566,7 +565,7 @@ case "": // Overview page
        if (isset($_POST['ok']))
        {
                // Save settings
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%s LIMIT 1",
                 array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__);
 
                // Rember for next switch() command
@@ -591,7 +590,7 @@ case "": // Overview page
        }
 
        // Check for latest out-transfers
-       $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%d ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%s ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0)
        {
                // Load template
index 0e53bcb92093fef0102f2745b421ebd092e57240..ade536152577ea0ef2c25bd0be050d8da1a1844b 100644 (file)
@@ -49,13 +49,13 @@ OPEN_TABLE("100%", "member_content member_content_align", "");
 if (EXT_IS_ACTIVE("bonus"))
 {
        // Load bonus ID
-       $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY bonus_id DESC",
+       $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY bonus_id DESC",
         array($GLOBALS['userid']), __FILE__, __LINE__);
 }
  else
 {
        // Don't load bonus ID
-       $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY stats_id DESC",
+       $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY stats_id DESC",
         array($GLOBALS['userid']), __FILE__, __LINE__);
 }
 
@@ -70,13 +70,13 @@ if (SQL_NUMROWS($result) > 0)
                switch ($type)
                {
                case "NORMAL":
-                       $result_data = SQL_QUERY_ESC("SELECT subject, subject, timestamp_ordered, cat_id, payment_id, pool_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+                       $result_data = SQL_QUERY_ESC("SELECT subject, subject, timestamp_ordered, cat_id, payment_id, pool_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        $type = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM;
                        break;
 
                case "BONUS":
-                       $result_data = SQL_QUERY_ESC("SELECT subject, text, timestamp, cat_id, points, id FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+                       $result_data = SQL_QUERY_ESC("SELECT subject, text, timestamp, cat_id, points, id FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                         array(bigintval($id2)), __FILE__, __LINE__);
                        $type = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM;
                        break;
@@ -90,7 +90,7 @@ if (SQL_NUMROWS($result) > 0)
                        if ($type == "NORMAL")
                        {
                                $pay = GET_PAY_POINTS($pay, "payment");
-                               $result_text = SQL_QUERY_ESC("SELECT text FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+                               $result_text = SQL_QUERY_ESC("SELECT text FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                                 array(bigintval($pool)), __FILE__, __LINE__);
                                list($text) = SQL_FETCHROW($result_text);
                                SQL_FREERESULT($result_text);
index a008e48709c912222db3fd38c858d60fd9d7c1c4..46dd492a4d7c2ef7f06e8fcf4d368be58b95f54a 100644 (file)
@@ -54,7 +54,7 @@ define('_LAST_MODULE_VALUE', GET_MOD_DESCR("member", $LAST['module']));
 LOAD_TEMPLATE("member_welcome_header");
 
 // Chedk if he is returning from a profile update notification
-$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE notified='Y' AND userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE notified='Y' AND userid=%s LIMIT 1",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 
 if ((SQL_NUMROWS($result) == 1) && (EXT_IS_ACTIVE("profile")))
index 4fc5af8c21563ed07a19f4d48be625ef336cc4b6..181603bab545bdc82b203d3b6db0fe80c0057236 100644 (file)
@@ -63,7 +63,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
        $content['refid'] = bigintval($_CONFIG['wernis_refid']);
 
        // Get WDS66 id
-       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                array($GLOBALS['userid']), __FILE__, __LINE__);
 
        // Are there some entries?
@@ -81,7 +81,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
                $_GET['mode'] = "list";
 
                // And load all rows!
-               $result = SQL_QUERY_ESC("SELECT `id`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type` FROM "._MYSQL_PREFIX."_user_wernis WHERE `userid` = %d ORDER BY `wernis_timestamp` DESC",
+               $result = SQL_QUERY_ESC("SELECT `id`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type` FROM "._MYSQL_PREFIX."_user_wernis WHERE `userid` = %s ORDER BY `wernis_timestamp` DESC",
                        array($GLOBALS['userid']), __FILE__, __LINE__);
 
                // Load all rows
@@ -132,7 +132,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
 
        // Get WDS66 id
        $content['wds66_id'] = "";
-       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                array($GLOBALS['userid']), __FILE__, __LINE__);
 
        // Are there some entries?
@@ -153,7 +153,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
        $content['wds66_id']    = "";
 
        // Get WDS66 id
-       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                array($GLOBALS['userid']), __FILE__, __LINE__);
 
        // Are there some entries?
@@ -209,7 +209,7 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
                                        ADD_POINTS_REFSYSTEM($GLOBALS['userid'], bigintval($_POST['amount']), false, 0, false, "direct");
 
                                        // Update the user data as well..
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `wernis_userid`=%d WHERE userid=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
                                                array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
 
                                        // All done!
@@ -271,7 +271,7 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
                                        }
 
                                        // Remove the points from the account
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `used_points` = `used_points` + %d, `wernis_userid`=%d WHERE userid=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `used_points` = `used_points` + %s, `wernis_userid`=%s WHERE userid=%s LIMIT 1",
                                                array(bigintval($_POST['amount']), bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
 
                                        // All done!
index 53d88eb7783fea5cee0bfeb440f1ff1da0e68b19..e617ab9b6c972e485765230024ea30cf520f17dd 100644 (file)
@@ -63,7 +63,7 @@ if (empty($URL)) {
        }
 
        // Update sending pool
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
         array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
 
        // Finally is the entry valid?
@@ -72,13 +72,13 @@ if (empty($URL)) {
                UPDATE_LOGIN_DATA();
 
                // Load personal data...
-               $result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
                list($sex, $sname, $fname, $email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
                // Load mail again...              0       1        2           3          4      5      6         7
-               $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s LIMIT 1",
                 array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
                $DATA = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -90,8 +90,7 @@ if (empty($URL)) {
                // Update used points
                $ADD = "";
                if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1";
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s".$ADD." WHERE userid=%d LIMIT 1",
-                array($USED, $GLOBALS['userid']), __FILE__, __LINE__);
+               SUB_POINTS($GLOBALS['userid']), $USED);
 
                // Update mediadata as well
                if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
index d66358db404bb19c5c384f53e3abafd16869cc7e..d5afb1cd3c4db6cdc9c7095800cd6c627d7eaea5 100644 (file)
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
 
 // Get current month (2 digits)
 $curr = date("m", time());
@@ -83,7 +83,7 @@ FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' ".$whereStatement1." %
                {
                        // Add points to user's account directly
                        $result_data = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points
-SET points=points+%s WHERE ref_depth=0 AND userid=%d LIMIT 1",
+SET points=points+%s WHERE ref_depth=0 AND userid=%s LIMIT 1",
  array($points, bigintval($uid)), __FILE__, __LINE__);
 
                        // Update mediadata as well
index 12da67f6b47dd8882abd1d0c7cbfdba3a0a59758..b555dd32384da2a020b43479b55878d2da0d639c 100644 (file)
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
 
 // Get current month (2 digits)
 $curr = date("m", time());
@@ -96,7 +96,7 @@ ORDER BY active_bonus DESC, userid LIMIT %s",
 
                        // Add points to user's account directly
                        $result_data = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points
-SET points=points+%s WHERE ref_depth=0 AND userid=%d LIMIT 1",
+SET points=points+%s WHERE ref_depth=0 AND userid=%s LIMIT 1",
  array($points, bigintval($uid)), __FILE__, __LINE__);
 
                        // Update mediadata as well
index 1afaf04c616755620faf3d42db60b6d859db5980..a23eea936ab759c8b48ffd3da83e8924ad586a18 100644 (file)
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
 
 // Get current month (2 digits)
 $curr = date("m", time());
@@ -59,7 +59,7 @@ if ($_CONFIG['nl_month'] != $curr)
                while(list($uid, $until) = SQL_FETCHROW($result))
                {
                        // Update account
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_receive='Y', nl_until='0' WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_receive='Y', nl_until='0' WHERE userid=%s LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
 
                        // Send email to him
index 20f4233310d567c28386d0cce369264da24c1bf6..9cd96c8fa492f27b5bdde675b4488abe42986120 100644 (file)
@@ -40,6 +40,10 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 // CFG: DEBUG-SQL (if enabled and DEBUG_MODE is enabled all SQL queries will be logged to debug.log)
 define('DEBUG_SQL', false);
 
+// Default is not a frameset
+global $isFrameset;
+$isFrameset = false;
+
 // Load library
 require_once(PATH."inc/db/lib.php");
 
@@ -113,7 +117,7 @@ LIMIT 1", __FILE__, __LINE__);
                                        // Run daily reset
                                        if ((date("d", $_CONFIG['last_update']) != date("d", time()) || ((isBooleanConstantAndTrue('DEBUG_MODE')))) && (!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($CSS != 1)) {
                                                // Do daily things in external PHP file but only when script is completely setup
-                                               $INC_POOL[] = PATH."inc/reset/reset_daily.php";
+                                               $INC_POOL[] = sprintf("%sinc/reset/reset_daily.php", PATH);
 
                                                // Daily reset was run!
                                                define('__DAILY_RESET', "1");
index 4be52eb6d64ad6284509abd822d8a45170a6ad60..f87c4c4c0df7957d258fb59ebd10e657605dc89c 100644 (file)
@@ -551,7 +551,7 @@ function IS_LOGGED_IN()
        if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH')))
        {
                // Cookies are set with values, but are they valid?
-               $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
@@ -572,9 +572,7 @@ function IS_LOGGED_IN()
                        } else {
                                // Maybe got locked etc.
                                //* DEBUG: */ echo __LINE__."!!!<br>";
-                               set_session("userid", "");
-                               set_session("u_hash", "");
-                               set_session("lifetime", "");
+                               destroy_user_session();
 
                                // Remove array elements to prevent errors
                                unset($GLOBALS['userid']);
@@ -582,9 +580,6 @@ function IS_LOGGED_IN()
                } else {
                        // Cookie data is invalid!
                        //* DEBUG: */ echo __LINE__."***<br>";
-                       set_session("userid", "");
-                       set_session("u_hash", "");
-                       set_session("lifetime", "");
 
                        // Remove array elements to prevent errors
                        unset($GLOBALS['userid']);
@@ -597,9 +592,7 @@ function IS_LOGGED_IN()
        {
                // Cookie data is invalid!
                //* DEBUG: */ echo __LINE__."///<br>";
-               set_session("userid", "");
-               set_session("u_hash", "");
-               set_session("lifetime", "");
+               destroy_user_session();
 
                // Remove array elements to prevent errors
                unset($GLOBALS['userid']);
@@ -627,7 +620,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
        if (!IS_LOGGED_IN()) return false;
 
        // Load last module and last online time
-       $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Load last module and online time
                list($mod, $onl) = SQL_FETCHROW($result);
@@ -646,14 +639,12 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
                        }
 
                        // Update last module / online time
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
                         array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__);
                }
        }  else {
                // Destroy session, we cannot update!
-               set_session("userid", "");
-               set_session("u_hash", "");
-               set_session("lifetime", "");
+               destroy_user_session();
        }
 }
 //
@@ -724,7 +715,7 @@ function SEND_MODE_MAILS($mod, $modes)
        global $_CONFIG, $DATA;
 
        // Load hash
-       $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+       $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_main) == 1) {
                // Load hash from database
@@ -737,7 +728,7 @@ function SEND_MODE_MAILS($mod, $modes)
                $hash = generatePassString($hashDB);
                if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) {
                        // Load user's data
-                       $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND password='%s' LIMIT 1",
                         array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1) {
                                // Load the data
@@ -920,7 +911,7 @@ function GET_CATEGORY ($cid) {
        $ret = _CATEGORY_404;
 
        // Lookup the category
-       $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
                array(bigintval($cid)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Category found... :-)
@@ -939,7 +930,7 @@ function GET_PAYMENT ($pid, $full=false) {
        $ret = _PAYMENT_404;
 
        // Load payment data
-       $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
                array(bigintval($pid)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Payment type found... :-)
@@ -963,7 +954,7 @@ function GET_PAYMENT ($pid, $full=false) {
 function GET_PAY_POINTS($pid, $lookFor="price")
 {
        $ret = "-1";
-       $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
                array($lookFor, $pid), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -988,7 +979,7 @@ function REMOVE_RECEIVER(&$ARRAY, $key, $uid, $pool_id, $stats_id="", $bonus=fal
                        // Only when we got a real stats ID continue searching for the entry
                        $type = "NORMAL"; $rowName = "stats_id";
                        if ($bonus) { $type = "BONUS"; $rowName = "bonus_id"; }
-                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%d AND link_type='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE %s='%s' AND userid=%s AND link_type='%s' LIMIT 1",
                         array($rowName, $stats_id, bigintval($uid), $type), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 0)
                        {
@@ -1069,10 +1060,14 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock
                $DEPTH++;
        }
 
+       // Percents and table
+       $percents = "percents"; if (isset($_CONFIG['db_percents'])) $percents = $_CONFIG['db_percents'];
+       $table = "refdepths";   if (isset($_CONFIG['db_table']))    $table    = $_CONFIG['db_table'];
+
        // Which points, locked or normal?
        $data = "points"; if ($locked) $data = "locked_points";
 
-       $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+       $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
         array(bigintval($uid)), __FILE__, __LINE__);
        //* DEBUG */ echo "+".SQL_NUMROWS($result_user).":".$points."+<br />\n";
        if (SQL_NUMROWS($result_user) == 1) {
@@ -1080,8 +1075,8 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock
                list ($ref, $email) = SQL_FETCHROW($result_user);
                SQL_FREERESULT($result_user);
 
-               $result = SQL_QUERY_ESC("SELECT percents FROM "._MYSQL_PREFIX."_refdepths WHERE level='%s' LIMIT 1",
-                array(bigintval($DEPTH)), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE level='%s' LIMIT 1",
+                array($percents, $table, bigintval($DEPTH)), __FILE__, __LINE__);
                //* DEBUG */ echo "DEPTH:".$DEPTH."<br />\n";
                if (SQL_NUMROWS($result) == 1) {
                        list($per) = SQL_FETCHROW($result);
@@ -1090,11 +1085,11 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock
                        //* DEBUG */ echo "ADD:".$P."<br />\n";
 
                        // Update points...
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=%s LIMIT 1",
                         array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__);
                        if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) {
                                // First ref in this level! :-)
-                               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)",
+                               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%s, %s, %s)",
                                 array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__);
                        }
 
@@ -1139,7 +1134,7 @@ function UPDATE_REF_COUNTER($uid)
        if (empty($REF_LVL)) $REF_LVL = "0";
 
        // Update counter
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%d AND level='%s' LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refsystem SET counter=counter+1 WHERE userid=%s AND level='%s' LIMIT 1",
         array(bigintval($uid), $REF_LVL), __FILE__, __LINE__);
 
        // When no entry was updated then we have to create it here
@@ -1151,7 +1146,7 @@ function UPDATE_REF_COUNTER($uid)
        }
 
        // Check for his referral
-       $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT refid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($uid)), __FILE__, __LINE__);
        list($ref) = SQL_FETCHROW($result);
 
@@ -1211,8 +1206,8 @@ WHERE sid='%s' LIMIT 1",
 module='%s',
 action='%s',
 what='%s',
-userid=%d,
-refid=%d,
+userid=%s,
+refid=%s,
 is_member='%s',
 is_admin='%s',
 timestamp=UNIX_TIMESTAMP()
@@ -1231,12 +1226,12 @@ WHERE sid='%s' LIMIT 1",
         else
        {
                // No entry does exists so we simply add it!
-               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s', '%s', '%s', %d, %d, '%s', '%s', UNIX_TIMESTAMP(), '%s', '%s')",
+               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_online (module, action, what, userid, refid, is_member, is_admin, timestamp, sid, ip) VALUES ('%s', '%s', '%s', %s, %s, '%s', '%s', UNIX_TIMESTAMP(), '%s', '%s')",
                 array($mod, $act, $wht, bigintval($uid), bigintval($rid), $MEM, $ADMIN, $SID, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
        }
 
        // Purge old entries
-       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= (UNIX_TIMESTAMP() - %d)",
+       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_online WHERE timestamp <= (UNIX_TIMESTAMP() - %s)",
         array($_CONFIG['online_timeout']), __FILE__, __LINE__);
 }
 // OBSULETE: Sends out mail to all administrators
@@ -1309,7 +1304,7 @@ function GET_ADMIN_LOGIN($aid) {
                if (empty($ret)) $ret = "***";
        } else {
                // Load from database
-               $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT login FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
                 array(bigintval($aid)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Fetch data
@@ -1396,7 +1391,7 @@ function DELETE_USER_ACCOUNT($uid, $reason)
 FROM "._MYSQL_PREFIX."_user_points AS p
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON p.userid=d.userid
-WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE p.userid=%s", array(bigintval($uid)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
                // Save his points to add them to the jackpot
@@ -1404,7 +1399,7 @@ WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__);
                SQL_FREERESULT($result);
 
                // Delete points entries as well
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d", array(bigintval($uid)), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s", array(bigintval($uid)), __FILE__, __LINE__);
 
                // Update mediadata as well
                if (GET_EXT_VERSION("mediadata") >= "0.0.4")
@@ -1418,13 +1413,13 @@ WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__);
        }
 
        // Delete category selections as well...
-       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d",
+       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s",
         array(bigintval($uid)), __FILE__, __LINE__);
 
        // Remove from rallye if found
        if (EXT_IS_ACTIVE("rallye"))
        {
-               $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%d",
+               $result = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE userid=%s",
                 array(bigintval($uid)), __FILE__, __LINE__);
        }
 
@@ -1433,7 +1428,7 @@ WHERE p.userid=%d", array(bigintval($uid)), __FILE__, __LINE__);
        SEND_EMAIL($uid, ADMIN_DEL_ACCOUNT, $msg);
 
        // Ok, delete the account!
-       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
 }
 //
 function META_DESCRIPTION($mod, $wht)
@@ -1500,8 +1495,7 @@ function IS_DEMO() {
        return ((EXT_IS_ACTIVE("demo")) && (get_session('admin_login') == "demo"));
 }
 //
-function LOAD_CONFIG($no="0")
-{
+function LOAD_CONFIG($no="0") {
        global $cacheArray;
        $CFG_DUMMY = array();
 
@@ -1511,7 +1505,7 @@ function LOAD_CONFIG($no="0")
                //* DEBUG: */ echo gettype($cacheArray['config'][$no])."<br />\n";
                foreach ($cacheArray['config'][$no] as $key=>$value) {
                        $CFG_DUMMY[$key] = $value;
-               }
+               } // END - foreach
 
                // Count cache hits if exists
                if ((isset($CFG_DUMMY['cache_hits'])) && (EXT_IS_ACTIVE("cache"))) {
@@ -1536,8 +1530,7 @@ function LOAD_CONFIG($no="0")
        return $CFG_DUMMY;
 }
 // Gets the matching what name from module
-function GET_WHAT($MOD_CHECK)
-{
+function GET_WHAT($MOD_CHECK) {
        $wht = "";
        //* DEBUG: */ echo __LINE__."!".$MOD_CHECK."!<br />\n";
        switch ($MOD_CHECK)
@@ -1602,6 +1595,18 @@ function MODULE_HAS_MENU($mod)
        // Return status
        return $ret;
 }
+// Subtract points from database and mediadata cache
+function SUB_POINTS ($uid, $points) {
+       // Add points to used points
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%s LIMIT 1",
+        array($points, bigintval($uid)), __FILE__, __LINE__);
+
+       // Update mediadata as well
+       if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
+               // Update database
+               MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
+       } // END - if
+}
 
 //
 ?>
index d69a008cd00e476af0039f05a6ba108558bf5864..b42ef492985d535c3b556bee32b15cd5dd763f62 100644 (file)
@@ -66,7 +66,7 @@ if (SQL_NUMROWS($result_main) > 0)
                $DATA[7] = COMPILE_CODE($DATA[7]);
 
                // Set mail order as "active". That means it will be sent out
-               $result_active = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='ACTIVE' WHERE id=%d AND data_type='NEW' LIMIT 1",
+               $result_active = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='ACTIVE' WHERE id=%s AND data_type='NEW' LIMIT 1",
                 array($DATA[0]), __FILE__, __LINE__);
                if (SQL_AFFECTEDROWS($result_active) == 1)
                {
@@ -93,7 +93,7 @@ if (SQL_NUMROWS($result_main) > 0)
                        foreach ($RECEIVERS as $key=>$uid)
                        {
                                // Lookup user ID
-                               $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array(bigintval($uid)), __FILE__, __LINE__);
 
                                // Is his data available?
@@ -107,7 +107,7 @@ if (SQL_NUMROWS($result_main) > 0)
                                        SQL_FREERESULT($result_user);
 
                                        // Do we have a stats entry?
-                                       $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d AND userid=%d AND timestamp_ordered='%s' LIMIT 1",
+                                       $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s AND userid=%s AND timestamp_ordered='%s' LIMIT 1",
                                         array($DATA[0], $DATA[1], $DATA[6]), __FILE__, __LINE__);
 
                                        // If there's no stats entry add it!
@@ -119,7 +119,7 @@ if (SQL_NUMROWS($result_main) > 0)
                                                 array(bigintval($DATA[0]), bigintval($DATA[1]), bigintval($DATA[9]), bigintval($DATA[5]), $DATA[2], $DATA[7], $DATA[8], bigintval($DATA[6])), __FILE__, __LINE__);
 
                                                // Receive it's ID for the links table
-                                               $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d AND userid=%d AND timestamp_ordered='%s' LIMIT 1",
+                                               $result_stats = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s AND userid=%s AND timestamp_ordered='%s' LIMIT 1",
                                                 array(bigintval($DATA[0]), bigintval($DATA[1]), bigintval($DATA[6])), __FILE__, __LINE__);
                                        }
 
@@ -148,13 +148,13 @@ if (SQL_NUMROWS($result_main) > 0)
                                                        SEND_EMAIL($email, $DATA[2], $msg, $HTML);
 
                                                        // Count sent mails...
-                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_sent=emails_sent+1 WHERE userid=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_sent=emails_sent+1 WHERE userid=%s LIMIT 1",
                                                         array(bigintval($DATA[1])), __FILE__, __LINE__);
 
                                                        if (GET_EXT_VERSION("user") >= "0.1.4")
                                                        {
                                                                // Update mails received for receiver
-                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%d LIMIT 1",
+                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%s LIMIT 1",
                                                                array(bigintval($uid)), __FILE__, __LINE__);
                                                        }
 
@@ -187,7 +187,7 @@ if (SQL_NUMROWS($result_main) > 0)
                                                SEND_ADMIN_NOTIFICATION(ADMIN_SUBJ_SEND_DONE, "done-admin", $DATA[3], $uid);
 
                                                // Get sender's data
-                                               $result_sender = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                                               $result_sender = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                                 array(bigintval($DATA[1])), __FILE__, __LINE__);
                                                if (SQL_NUMROWS($result_sender) == 1)
                                                {
@@ -201,11 +201,11 @@ if (SQL_NUMROWS($result_main) > 0)
                                                }
 
                                                // Set status to SEND because we completely send it away
-                                               $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND', target_send='0', receivers='' WHERE id=%d LIMIT 1",
+                                               $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND', target_send='0', receivers='' WHERE id=%s LIMIT 1",
                                                 array(bigintval($DATA[0])), __FILE__, __LINE__);
 
                                                // Update send-completed-time
-                                               $result_user = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET timestamp_send=UNIX_TIMESTAMP() WHERE pool_id=%d LIMIT 1",
+                                               $result_user = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET timestamp_send=UNIX_TIMESTAMP() WHERE pool_id=%s LIMIT 1",
                                                 array(bigintval($DATA[0])), __FILE__, __LINE__);
 
                                                $LAST_SENT_ID = $DATA[0]; $cnt = "0";
@@ -228,7 +228,7 @@ if (SQL_NUMROWS($result_main) > 0)
                                                // There are some mails left to send for next round, so we reset the status back to NEW (=still not fully delivered)
                                                $ADD = "";
                                                if ($cnt <= $DATA[8]) $ADD = ", target_send=target_send-".$cnt;
-                                               $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW', receivers='%s'".$ADD." WHERE id=%d LIMIT 1",
+                                               $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW', receivers='%s'".$ADD." WHERE id=%s LIMIT 1",
                                                 array(implode(";", $dummy), bigintval($DATA[0])), __FILE__, __LINE__);
 
                                                //* DEBUG: */ echo"*EXIT/L:".__LINE__."*<br />";
@@ -241,7 +241,7 @@ if (SQL_NUMROWS($result_main) > 0)
                                        if (($RECEIVERS[0] == "0") || (empty($RECEIVERS[0])))
                                        {
                                                // List was empty
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND' WHERE id=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='SEND' WHERE id=%s LIMIT 1",
                                                 array(bigintval($DATA[0])), __FILE__, __LINE__);
                                        }
                                         else
@@ -250,7 +250,7 @@ if (SQL_NUMROWS($result_main) > 0)
                                                {
                                                        // User does not exists, pay points back
                                                        $points = GET_PAY_POINTS($DATA[5]);
-                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
                                                         array($points, bigintval($DATA[1])), __FILE__, __LINE__);
 
                                                        // Update mediadata as well
@@ -270,7 +270,7 @@ if (SQL_NUMROWS($result_main) > 0)
                                        unset($dummy[$key]);
 
                                        // Update receivers
-                                       $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET receivers='%s' WHERE id=%d LIMIT 1",
+                                       $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET receivers='%s' WHERE id=%s LIMIT 1",
                                         array(implode(";", $dummy), bigintval($DATA[0])), __FILE__, __LINE__);
                                }
                        }
@@ -284,7 +284,7 @@ if (SQL_NUMROWS($result_main) > 0)
                        if (($PB > 0) && ($uid > 0))
                        {
                                // We have to pay back some points to the sender (we add them directly :-P)
-                               $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                                 array(bigintval($uid)), __FILE__, __LINE__);
                                $DATA[10] = $PB; $DATA[11] = $cnt_back[$uid];
                                if (SQL_NUMROWS($result) == 1)
@@ -339,7 +339,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send'])))
                        $DATA[8] = COMPILE_CODE($DATA[8]);
 
                        // Message is active in queue
-                       $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='QUEUE' WHERE id=%d LIMIT 1",
+                       $result_queue = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='QUEUE' WHERE id=%s LIMIT 1",
                         array(bigintval($DATA[0])), __FILE__, __LINE__);
 
                        // "Explode" all receivers into an array
@@ -366,7 +366,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send'])))
                        {
                                // Load personal data
                                //* DEBUG: */ echo "*L:".__LINE__."/".$uid."*<br />";
-                               $result_user = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result_user = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array(bigintval($uid)), __FILE__, __LINE__);
 
                                // Is his data available?
@@ -391,7 +391,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send'])))
                                                if (GET_EXT_VERSION("user") >= "0.1.4")
                                                {
                                                        // Update mails received for receiver
-                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET emails_received=emails_received+1 WHERE userid=%s LIMIT 1",
                                                         array(bigintval($uid)), __FILE__, __LINE__);
                                                }
 
@@ -424,7 +424,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send'])))
                        if (SELECTION_COUNT($dummy) == 0)
                        {
                                // Queue reached!
-                               $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='SEND', target_send='0', receivers='' WHERE id=%d LIMIT 1",
+                               $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='SEND', target_send='0', receivers='' WHERE id=%s LIMIT 1",
                                 array(bigintval($DATA[0])), __FILE__, __LINE__);
                                //* DEBUG: */ echo "*L:".__LINE__."*<br />";
 
@@ -439,7 +439,7 @@ if ((EXT_IS_ACTIVE("bonus") && ($cnt < $_CONFIG['max_send'])))
                         elseif ($cnt >= $_CONFIG['max_send'])
                        {
                                // Update bonus pool
-                               $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='NEW', target_send=%d, receivers='%s' WHERE id=%d LIMIT 1",
+                               $result_done = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='NEW', target_send=%s, receivers='%s' WHERE id=%s LIMIT 1",
                                 array(SELECTION_COUNT($dummy), implode(";", $dummy), bigintval($DATA[0])), __FILE__, __LINE__);
                                //* DEBUG: */ echo "*L:".__LINE__."<PRE>";
                                //* DEBUG: */ print_r($dummy);
index 24b0319862ae388301208f646ece537208bb629a..565b24cbfcc0224238313f992d319d835989e6f3 100644 (file)
@@ -72,7 +72,7 @@ if (($_CONFIG['send_prof_update'] == "Y") && ($_CONFIG['profile_update'] > 0) &&
                        SEND_EMAIL($DATA[1], PROFILE_OUTDATED, $msg);
 
                        // Update profile data
-                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_profile_sent=UNIX_TIMESTAMP(), notified='Y' WHERE userid=%d LIMIT 1",
+                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_profile_sent=UNIX_TIMESTAMP(), notified='Y' WHERE userid=%s LIMIT 1",
                         array(bigintval($DATA[0])), __FILE__, __LINE__);
                }
        }
index 062b602a5d7ce7975e2095be7129f2617b89b4f0..e8fb34aecb3c0429400517abb8085ccc331f5336 100644 (file)
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
 
 // Reset accounts
 $result = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=0.00000 WHERE beg_points > 0",
index 58a25db0ed8dee354f0b28e76e4c7b75befc4d27..98c2ab506dccf61a0930a78568a114581d83643f 100644 (file)
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
 
 // Reset accounts
 $result = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=0, login_bonus=0, bonus_order=0, bonus_stats=0, bonus_ref=0",
index a02548c322d9085fb95677a19a52e50e93dd8933..9df8158716b335d423c99fe096c40e2487d22e28 100644 (file)
@@ -56,7 +56,7 @@ if (SQL_NUMROWS($result_daily) > 0)
        while (list($uid) = SQL_FETCHROW($result_daily))
        {
                $result_points = SQL_QUERY_ESC("SELECT ref_depth, locked_points FROM "._MYSQL_PREFIX."_user_points
-WHERE userid=%d AND locked_points != 0.00000 ORDER BY ref_depth",
+WHERE userid=%s AND locked_points != 0.00000 ORDER BY ref_depth",
                 array(bigintval($uid)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result_points) > 0)
                {
@@ -64,7 +64,7 @@ WHERE userid=%d AND locked_points != 0.00000 ORDER BY ref_depth",
                        while (list($dep, $locked) = SQL_FETCHROW($result_points))
                        {
                                $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s, locked_points=0.00000
-WHERE userid=%d AND ref_depth=%d LIMIT 1",
+WHERE userid=%s AND ref_depth=%s LIMIT 1",
                                 array($locked, bigintval($uid), $dep), __FILE__, __LINE__);
 
                                // Update mediadata as well
index f093bf6277ab149bdcef91443983450ef9713bd2..fdc3192366014eead0b55125ffccdee8952fa57d 100644 (file)
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || (!defined('__DAILY_RESET'))) return;
+if (($CSS == 1) || (!isBooleanConstantAndTrue('__DAILY_RESET'))) return;
 
 //
 ?>
index d0e7c45d99679496668f312a1d424def3cfd7ed7..93397faf1afcd38379f30b877f8dbbbb73888ae5 100644 (file)
@@ -44,7 +44,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 // Do not execute when script is in CSS mode or no daily reset
-if (($CSS == 1) || ((!defined('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET"))) return;
+if (($CSS == 1) || ((!isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET"))) return;
 
 // Check for holidays we need to enable and send email to user
 $result_main = SQL_QUERY("SELECT userid, holiday_activated FROM "._MYSQL_PREFIX."_user_data
@@ -57,7 +57,7 @@ if (SQL_NUMROWS($result_main) > 0)
        {
                // Check if his holiday can be activated
                $result_holiday = SQL_QUERY_ESC("SELECT holiday_start, holiday_end FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d AND holiday_start <= ".time()." AND holiday_end > ".time()." LIMIT 1",
+WHERE userid=%s AND holiday_start <= ".time()." AND holiday_end > ".time()." LIMIT 1",
  array(bigintval($uid)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result_holiday) == 1)
                {
@@ -77,7 +77,7 @@ WHERE userid=%d AND holiday_start <= ".time()." AND holiday_end > ".time()." LIM
 
                        // Update account
                        $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET holiday_active='Y'
-WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
                }
 
                // Free memory
index 6999d8c9d7aeadd313ee27ef07adb8430fa6e2f8..af8eb7c050f9aaec5fe282c789c8fdcf6c0cd142 100644 (file)
@@ -85,6 +85,18 @@ if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_sessi
        set_session("refid", $GLOBALS['refid']);
 }
 
+// Transfer userid from session and validate it
+if (isset($_SESSION['userid'])) {
+       // Get it secured from session
+       $GLOBALS['userid'] = bigintval($_SESSION['userid']);
+
+       // Is it valid?
+       if (!IS_LOGGED_IN()) {
+               // Then destroy the user id
+               destroy_user_session();
+       } // END - if
+}
+
 // Test session if index.php or modules.php is loaded
 if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (isBooleanConstantAndTrue('mxchange_installing'))) {
        if (count($_SESSION) > 0) {
index 05baaceaedda6e68e6186219a63c06d2e46709ca..48492c69f067f9583a46edecfac8872b03cd6d69 100644 (file)
@@ -53,7 +53,7 @@ if (SQL_NUMROWS($result_bonus) > 0)
        while(list($id, $uid, $subj, $stamp, $clicks, $url) = SQL_FETCHROW($result_bonus))
        {
                // Add points
-               $result_points = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_stats=bonus_stats+%s WHERE userid=%d LIMIT 1",
+               $result_points = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_stats=bonus_stats+%s WHERE userid=%s LIMIT 1",
                 array($_CONFIG['bonus_stats'], bigintval($uid)), __FILE__, __LINE__);
 
                // Prepare array
@@ -69,7 +69,7 @@ if (SQL_NUMROWS($result_bonus) > 0)
                SEND_EMAIL($uid, BONUS_MEMBER_STATS_SUBJECT, $msg);
 
                // Update database
-               $result_update =  SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET bonus_stats='Y' WHERE id=%d LIMIT 1",
+               $result_update =  SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET bonus_stats='Y' WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
        }
 
index a0145518ab90056ad03fc9f8b375763fadc40423..5a3f843988c85669372c6ec052b5f12a8c1d195f 100644 (file)
@@ -94,8 +94,7 @@ function GET_CURR_THEME() {
        return $ret;
 }
 
-function THEME_SELECTION_BOX($mod, $act, $wht, $result)
-{
+function THEME_SELECTION_BOX($mod, $act, $wht, $result) {
        // Construction URL
        global $currTheme;
        $FORM = URL."/modules.php?module=".$mod;
@@ -110,30 +109,27 @@ function THEME_SELECTION_BOX($mod, $act, $wht, $result)
        );
 
        // Load all themes
-       while(list($theme) = SQL_FETCHROW($result))
-       {
+       while(list($theme) = SQL_FETCHROW($result)) {
                // Load it's theme.php file
-               $INC = PATH."theme/".$theme."/theme.php";
-               if (file_exists($INC))
-               {
+               $INC = sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($theme));
+               if ((file_exists($INC)) && (is_readable($INC))) {
                        // And save all data in array
-                       include($INC);
+                       require($INC);
                        $THEMES['theme_unix'][] = $theme;
                        $THEMES['theme_name'][] = $THEME_NAME;
-               }
-       }
+               } // END - if
+       } // END - while
 
        // Sort whole array by title
        array_pk_sort($THEMES, array("theme_name"));
 
        // Construct selection form for the box template
        $OUT = "";
-       foreach ($THEMES['theme_unix'] as $key=>$theme)
-       {
+       foreach ($THEMES['theme_unix'] as $key => $theme) {
                $OUT .= "  <OPTION value=\"".$theme."\"";
                if ($theme == $currTheme) $OUT .= " selected=\"selected\"";
                $OUT .= ">".$THEMES['theme_name'][$key]."</OPTION>\n";
-       }
+       } // END - foreach
 
        // Return generated selection
        define('__THEME_SELECTION_OPTIONS', $OUT);
@@ -146,8 +142,7 @@ $currTheme = GET_CURR_THEME();
 if (empty($_POST['new_theme'])) $_POST['new_theme'] = "";
 
 // Check if new theme is selcted
-if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $currTheme))
-{
+if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $currTheme)) {
        // Set new theme for guests
        $NewTheme = $_POST['new_theme'];
 
@@ -155,10 +150,10 @@ if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $currTheme))
        set_session("mxchange_theme", $NewTheme);
 
        // Remove current from array and set new
-       $theme = PATH."theme/".$currTheme."/theme.php";
+       $theme = sprintf("%stheme/%s/theme.php", PATH, $currTheme);
        unset($INC_POOL[array_search($theme, $INC_POOL)]);
-       $INC_POOL[] = PATH."theme/".$NewTheme."/theme.php";
-}
+       $INC_POOL[] = sprintf("%stheme/%s/theme.php", PATH, $NewTheme);
+} // END - if
 
 // Remove variable again
 unset($_POST['new_theme']);
index bb4112b0f912d09ab4e0bf37130420265b518743..5c806993e114fe18f3b41b2989beee16d7b10cd6 100644 (file)
@@ -59,7 +59,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
        // Is the cookie set?
        if (isSessionVariableSet('lead_uid')) {
                // Is the user-account unlocked and valid?
-               $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                        array(bigintval(get_session('lead_uid'))), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Secure the ID number
index c30f0f41fd98587ab4a3cd3bea998dbf241668ba..c9a28889f1dab9bf4b8e557e47a8b4e6c6aabe3c 100644 (file)
@@ -70,12 +70,12 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                // Maybe he wants to confirm an email?
                if ($url_mid > 0) {
                        // Normal-Mails
-                       $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d AND userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s AND userid=%s LIMIT 1",
                         array($url_mid, $url_uid), __FILE__, __LINE__);
                        $type = "mailid"; $DATA = $url_mid;
                } elseif ($url_bid > 0) {
                        // Bonus-Mail
-                       $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d AND userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s AND userid=%s LIMIT 1",
                         array($url_bid, $url_uid), __FILE__, __LINE__);
                        $type = "bonusid"; $DATA = $url_bid;
                } else {
@@ -93,13 +93,13 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                        {
                        case "NORMAL":
                                // Is the stats ID valid?
-                               $result = SQL_QUERY_ESC("SELECT pool_id, url FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT pool_id, url FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
                                 array($url_mid), __FILE__, __LINE__);
                                break;
 
                        case "BONUS":
                                // Bonus-Mails
-                               $result = SQL_QUERY_ESC("SELECT id, url FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT id, url FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                                 array($url_bid), __FILE__, __LINE__);
                                break;
                        }
@@ -110,7 +110,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                SQL_FREERESULT($result);
 
                                // Is the user's ID unlocked?
-                               $result = SQL_QUERY_ESC("SELECT status, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT status, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array($url_uid), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result) == 1) {
                                        list($status, $sex, $sname, $fname) = SQL_FETCHROW($result);
@@ -120,7 +120,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                                switch ($ltype)
                                                {
                                                case "NORMAL":
-                                                       $result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
                                                         array(bigintval($pool)), __FILE__, __LINE__);
                                                        if (SQL_NUMROWS($result) == 1)
                                                        {
@@ -135,7 +135,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                                        break;
 
                                                case "BONUS":
-                                                       $result = SQL_QUERY_ESC("SELECT points, time FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("SELECT points, time FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                                                         array($url_bid), __FILE__, __LINE__);
                                                        if (SQL_NUMROWS($result) == 1)
                                                        {
index 63e498998fc367d0ba8e7d83c00d8a512e251727..23e76732ad2c49c9fdb77cdcc9bfa2eeab01e4d9 100644 (file)
@@ -68,13 +68,13 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                // Maybe he wants to confirm an email?
                if ($url_mid > 0)
                {
-                       $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d AND userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s AND userid=%s LIMIT 1",
                         array($url_mid, $url_uid), __FILE__, __LINE__);
                        $type = "mailid"; $DATA = $url_mid;
                }
                 elseif ($url_bid > 0)
                {
-                       $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d AND userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s AND userid=%s LIMIT 1",
                         array($url_bid, $url_uid), __FILE__, __LINE__);
                        $type = "bonusid"; $DATA = $url_bid;
                }
@@ -86,12 +86,12 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                        switch ($ltype)
                        {
                        case "NORMAL":
-                               $result_mailid = SQL_QUERY_ESC("SELECT pool_id, userid, id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+                               $result_mailid = SQL_QUERY_ESC("SELECT pool_id, userid, id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
                                 array($url_mid), __FILE__, __LINE__);
                                break;
 
                        case "BONUS":
-                               $result_mailid = SQL_QUERY_ESC("SELECT id, id, is_notify FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+                               $result_mailid = SQL_QUERY_ESC("SELECT id, id, is_notify FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                                 array($url_bid), __FILE__, __LINE__);
                                break;
                        }
@@ -109,7 +109,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                if ($ltype == "BONUS") $sender = 0;
 
                                // Is the user's ID unlocked?
-                               $result = SQL_QUERY_ESC("SELECT status, sex, surname, family, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT status, sex, surname, family, ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array($url_uid), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result) == 1)
                                {
@@ -120,14 +120,14 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                        if ($status == "CONFIRMED")
                                        {
                                                // Update last activity
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_online=UNIX_TIMESTAMP(), last_module='mailid_top' WHERE userid=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_online=UNIX_TIMESTAMP(), last_module='mailid_top' WHERE userid=%s LIMIT 1",
                                                 array($url_uid), __FILE__, __LINE__);
 
                                                // User has confirmed his account so we can procede...
                                                switch ($ltype)
                                                {
                                                case "NORMAL":
-                                                       $result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("SELECT payment_id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
                                                         array(bigintval($pool)), __FILE__, __LINE__);
                                                        if (SQL_NUMROWS($result) == 1)
                                                        {
@@ -142,7 +142,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                                        break;
 
                                                case "BONUS":
-                                                       $result = SQL_QUERY_ESC("SELECT time, points FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("SELECT time, points FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                                                         array(bigintval($pool)), __FILE__, __LINE__);
                                                        if (SQL_NUMROWS($result) == 1)
                                                        {
@@ -172,7 +172,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                                                        switch ($ltype)
                                                                        {
                                                                        case "NORMAL":
-                                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET clicks=clicks+1 WHERE id=%d LIMIT 1",
+                                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_stats SET clicks=clicks+1 WHERE id=%s LIMIT 1",
                                                                                 array($url_mid), __FILE__, __LINE__);
 
                                                                                // Update mediadata as well
@@ -184,7 +184,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                                                                break;
 
                                                                        case "BONUS":
-                                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET clicks=clicks+1 WHERE id=%d LIMIT 1",
+                                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET clicks=clicks+1 WHERE id=%s LIMIT 1",
                                                                                 array($url_bid), __FILE__, __LINE__);
 
                                                                                // Update mediadata as well
@@ -204,7 +204,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                                                        if (GET_EXT_VERSION("user") >= "0.1.2")
                                                                        {
                                                                                // Update counter
-                                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET mails_confirmed=mails_confirmed+1 WHERE userid=%d LIMIT 1",
+                                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET mails_confirmed=mails_confirmed+1 WHERE userid=%s LIMIT 1",
                                                                                 array($url_uid), __FILE__, __LINE__);
                                                                        }
 
@@ -226,7 +226,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                                                                }
 
                                                                                // Count down ref_payout value
-                                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=ref_payout-1 WHERE userid=%d AND ref_payout > 0 LIMIT 1",
+                                                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=ref_payout-1 WHERE userid=%s AND ref_payout > 0 LIMIT 1",
                                                                                 array($url_uid), __FILE__, __LINE__);
 
                                                                                // Add points
@@ -256,7 +256,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                                                                }
 
                                                                                // Remove link from table
-                                                                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE id=%d LIMIT 1",
+                                                                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE id=%s LIMIT 1",
                                                                                 array(bigintval($link_id)), __FILE__, __LINE__);
 
                                                                                // Load total points
@@ -275,7 +275,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                                                                ADD_POINTS_REFSYSTEM($sender, $payment, false, 0, false, "direct");
 
                                                                                // Remove link from table
-                                                                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE id=%d LIMIT 1",
+                                                                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE id=%s LIMIT 1",
                                                                                 array(bigintval($link_id)), __FILE__, __LINE__);
 
                                                                                // Load template
index 41b049938a9696da4f5f66f0e3fe7206129a7881..53a8e0ff41e62c6d3b18344e89625acac042623f 100644 (file)
@@ -55,22 +55,18 @@ $GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES);
 require ("inc/config.php");
 
 // Check if logged in
-if (IS_LOGGED_IN())
-{
+if (IS_LOGGED_IN()) {
        // Is still logged in so we welcome him with his name
-       $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
+       if (SQL_NUMROWS($result) == 1) {
                // Load surname and family's name and build the username
                list($s, $f) = SQL_FETCHROW($result);
                $username = $s." ".$f;
 
                // Update only cookies and no login data!
                UPDATE_LOGIN_DATA(false);
-       }
-        else
-       {
+       } else {
 
                // Hmmm, logged in and no valid cookies???
                $username = "<I>"._UNKNOWN."</I>";
@@ -78,13 +74,9 @@ if (IS_LOGGED_IN())
 
        // Free memory
        SQL_FREERESULT($result);
-}
- elseif (IS_ADMIN())
-{
+} elseif (IS_ADMIN()) {
        $username = _ADMIN;
-}
- else
-{
+} else {
        // He's a guest, hello there... ;-)
        $username = _GUEST;
 }
diff --git a/ref.php b/ref.php
index 05321030896f7026537c2529a0af1a355580b907..7edc3ed7d09c6ac434b7110393415e529fb51ed6 100644 (file)
--- a/ref.php
+++ b/ref.php
@@ -82,7 +82,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                $URL .= bigintval($ref);
 
                // Update ref counter
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%s LIMIT 1",
                 array(bigintval($ref)), __FILE__, __LINE__);
        }
         else
index 0d5c910e7f7427bc6fc5be0679077f999acdad35..861d8ca78fe71c2237aa50ce1236fc2a6ebb184c 100644 (file)
@@ -72,7 +72,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
 FROM "._MYSQL_PREFIX."_user_data AS d
 RIGHT JOIN "._MYSQL_PREFIX."_bonus_turbo AS b
 ON d.userid=b.userid
-WHERE d.status='CONFIRMED' AND d.userid=%d AND b.".$t."='%s' LIMIT 1",
+WHERE d.status='CONFIRMED' AND d.userid=%s AND b.".$t."='%s' LIMIT 1",
  array(bigintval($_GET['uid']), bigintval($_GET['d'])), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
diff --git a/surfbar.php b/surfbar.php
new file mode 100644 (file)
index 0000000..3bfe655
--- /dev/null
@@ -0,0 +1,138 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 09/05/2008 *
+ * ===============                              Last change: 09/05/2008 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : surfbar.php                                      *
+ * -------------------------------------------------------------------- *
+ * Short description : The surfbar itself                               *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Die Surfbar selbst                               *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
+require_once("inc/libs/security_functions.php");
+
+// Init "action" and "what"
+global $what, $action, $startTime, $SURFBAR_DATA;
+$SURFBAR_DATA = array();
+$GLOBALS['startTime'] = microtime(true);
+$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
+
+// Set module
+$GLOBALS['module'] = "surfbar";
+$GLOBALS['refid']  = 0;
+$CSS = 0;
+$msg = null;
+
+// Load the required file(s)
+require ("inc/config.php");
+
+// Is the script installed?
+if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed'))) {
+       // Only logged in users may use this surfbar!
+       if (!IS_LOGGED_IN()) {
+               // Redirect
+               LOAD_URL(URL."/modules.php?module=index");
+       } // END - if
+
+       // Is there a check value?
+       if ((isset($_GET['check'])) && (isset($_GET['id'])) && (isset($_GET['salt']))) {
+               // Dummy next id get
+               SURFBAR_GET_NEXT_ID($_GET['id']);
+
+               // Check validation code
+               if (SURFBAR_CHECK_VALIDATION_CODE($_GET['id'], $_GET['check'], $_GET['salt'])) {
+                       // Lock the URL (id) down
+                       SURFBAR_LOCKDOWN_ID($_GET['id']);
+
+                       // Code is valid so pay points here
+                       SURFBAR_PAY_POINTS($_GET['id']);
+               } // END - if
+
+               // Set footer (fixes notice)
+               $footer = 1;
+       } elseif (SURFBAR_CHECK_RELOAD_FULL()) {
+               // Reload-lock is full, surfbar stopped so...
+               // Load header
+               require_once(PATH."inc/header.php");
+
+               // Load template
+               LOAD_TEMPLATE("surfbar_stopped");
+       } else {
+               // Prepare content
+               $content = "";
+
+               // Determine template name
+               $templateName = SURFBAR_DETERMINE_TEMPLATE_NAME();
+
+               // Frame "top" set?
+               if ((isset($_GET['frame'])) && ($_GET['frame'] == "top")) {
+                       // Determine next id
+                       $nextId = SURFBAR_GET_NEXT_ID();
+
+                       // Is there a valid id?
+                       if ($nextId > 0) {
+                               // Then prepare other content
+                               $content = array(
+                                       'id'          => $nextId,
+                                       'check'       => SURFBAR_GENERATE_VALIDATION_CODE($nextId),
+                                       'salt'        => $SURFBAR_DATA['salt'],
+                                       'reward'      => TRANSLATE_COMMA(SURFBAR_GET_REWARD($nextId)),
+                                       'url'         => SURFBAR_GET_URL($nextId),
+                                       'curr_reload' => SURFBAR_GET_USER_RELOAD_LOCK(),
+                                       'max_urls'    => SURFBAR_GET_TOTAL_URLS(),
+                                       'reload'      => SURFBAR_GET_RELOAD_TIME($nextId)
+                       );
+
+                               // Update salt (double-call lock!)
+                               SURFBAR_UPDATE_SALT();
+                       } else {
+                               // Change template name
+                               $templateName = "surfbar_stopped";
+                       }
+               } else {
+                       // Load header in frameset mode
+                       $isFrameset = true;
+               }
+
+               // Load header
+               require_once(PATH."inc/header.php");
+
+               // Load that template
+               LOAD_TEMPLATE($templateName, false, $content);
+       }
+
+       // Load footer
+       require_once(PATH."inc/footer.php");
+} else {
+       // You have to configure first!
+       LOAD_URL("install.php");
+}
+
+// Close any open database connection here
+SQL_CLOSE($link, __FILE__, __LINE__);
+
+// Really all done here... ;-)
+?>
diff --git a/templates/de/html/admin/admin_config_autopurge_pro.tpl b/templates/de/html/admin/admin_config_autopurge_pro.tpl
deleted file mode 100644 (file)
index ae197cc..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE -->
\ No newline at end of file
diff --git a/templates/de/html/admin/admin_config_beg_pro.tpl b/templates/de/html/admin/admin_config_beg_pro.tpl
deleted file mode 100644 (file)
index ae197cc..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE -->
\ No newline at end of file
diff --git a/templates/de/html/admin/admin_config_bonus_pro.tpl b/templates/de/html/admin/admin_config_bonus_pro.tpl
deleted file mode 100644 (file)
index ae197cc..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE -->
\ No newline at end of file
diff --git a/templates/de/html/admin/admin_config_doubler_pro.tpl b/templates/de/html/admin/admin_config_doubler_pro.tpl
deleted file mode 100644 (file)
index ae197cc..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE -->
\ No newline at end of file
diff --git a/templates/de/html/admin/admin_config_reg.tpl b/templates/de/html/admin/admin_config_reg.tpl
deleted file mode 100644 (file)
index 9581bb2..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE! //-->
diff --git a/templates/de/html/admin/admin_config_transfer_pro.tpl b/templates/de/html/admin/admin_config_transfer_pro.tpl
deleted file mode 100644 (file)
index ae197cc..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE -->
\ No newline at end of file
diff --git a/templates/de/html/admin/admin_extensions_search.tpl b/templates/de/html/admin/admin_extensions_search.tpl
deleted file mode 100644 (file)
index 9795fab..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE!!! -->
\ No newline at end of file
diff --git a/templates/de/html/admin/admin_mods_footer_edit.tpl b/templates/de/html/admin/admin_mods_footer_edit.tpl
deleted file mode 100644 (file)
index 999ba1e..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- DEPRECARED! //-->
diff --git a/templates/de/html/admin/admin_mods_footer_list.tpl b/templates/de/html/admin/admin_mods_footer_list.tpl
deleted file mode 100644 (file)
index 8be4403..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- DEPRECATED! //-->
diff --git a/templates/de/html/admin/admin_mods_footer_stats.tpl b/templates/de/html/admin/admin_mods_footer_stats.tpl
deleted file mode 100644 (file)
index 8be4403..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- DEPRECATED! //-->
diff --git a/templates/de/html/admin/admin_mods_footer_stats2.tpl b/templates/de/html/admin/admin_mods_footer_stats2.tpl
deleted file mode 100644 (file)
index 8be4403..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- DEPRECATED! //-->
diff --git a/templates/de/html/admin/admin_mods_header_edit.tpl b/templates/de/html/admin/admin_mods_header_edit.tpl
deleted file mode 100644 (file)
index 999ba1e..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- DEPRECARED! //-->
diff --git a/templates/de/html/admin/admin_mods_header_list.tpl b/templates/de/html/admin/admin_mods_header_list.tpl
deleted file mode 100644 (file)
index 8be4403..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- DEPRECATED! //-->
diff --git a/templates/de/html/admin/admin_mods_header_stats.tpl b/templates/de/html/admin/admin_mods_header_stats.tpl
deleted file mode 100644 (file)
index 8be4403..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- DEPRECATED! //-->
diff --git a/templates/de/html/admin/admin_mods_header_stats2.tpl b/templates/de/html/admin/admin_mods_header_stats2.tpl
deleted file mode 100644 (file)
index 8be4403..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- DEPRECATED! //-->
diff --git a/templates/de/html/admin/admin_setup_stats.tpl b/templates/de/html/admin/admin_setup_stats.tpl
deleted file mode 100644 (file)
index 6f49a0e..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE! -->
\ No newline at end of file
index 9710a01feea7a3eb5248fc7258fbaf8f5249db39..fe9471ebc1221a298861acfafe391032c155fbd0 100644 (file)
@@ -1,6 +1,7 @@
-<FRAMESET rows="120,*" frameborder="no" framespacing="0" border="0">
-       <FRAME
-               src="{!URL!}/mailid_top.php?uid={!_UID_VALUE!}&amp;{!_TYPE_VALUE!}={!_DATA_VALUE!}"
-               name="mailid_top">
-       <FRAME src="{--_URL_VALUE!}" name="mailid_url">
-</FRAMESET>
\ No newline at end of file
+<frameset rows="120,*" frameborder="no" framespacing="0" border="0">
+       <frame name="mailid_top" src="{!URL!}/mailid_top.php?uid={!_UID_VALUE!}&amp;{!_TYPE_VALUE!}={!_DATA_VALUE!}">
+       <frame name="mailid_url" src="{--_URL_VALUE!}">
+</frameset>
+<noframes>
+       Ihr Browser unterst&uuml;tzt keine frames!
+</noframes>
diff --git a/templates/de/html/mailid/mailid_frameset.tpl b/templates/de/html/mailid/mailid_frameset.tpl
deleted file mode 100644 (file)
index 9795fab..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE!!! -->
\ No newline at end of file
index 30e5b2c7a3fcb5653e145db3cfdc24ba7ebd9e32..9365c8589d27258f8eaf4f058b7e0c0faa8fa363 100644 (file)
@@ -2,17 +2,18 @@
 <!--
 var Timer = "{--_TIME_VALUE!}";
 
-function Init()
-{
+function Init() {
        var Counter = window.setInterval("StartCounter()", 1000);
 }
 
-function StartCounter()
-{
+function StartCounter() {
+       if (Timer < 1) {
+               return false;
+       }
+
        Timer--;
        document.confirm.counter.value = Timer;
-       if (Timer == 0)
-       {
+       if (Timer == 0) {
                document.location.href="{!URL!}/mailid_top.php?uid={!_UID_VALUE!}&{!_TYPE_VALUE!}={!_DATA_VALUE!}&mode=confirm&code={--_RAND_VALUE!}";
                clearInterval(Counter);
        }
diff --git a/templates/de/html/member/member_frameset-back.tpl b/templates/de/html/member/member_frameset-back.tpl
deleted file mode 100644 (file)
index 6f49a0e..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE! -->
\ No newline at end of file
diff --git a/templates/de/html/member/member_frameset-send.tpl b/templates/de/html/member/member_frameset-send.tpl
deleted file mode 100644 (file)
index 6f49a0e..0000000
+++ /dev/null
@@ -1 +0,0 @@
-<!-- OBSULETE! -->
\ No newline at end of file
diff --git a/templates/de/html/member/member_surfbar_link.tpl b/templates/de/html/member/member_surfbar_link.tpl
new file mode 100644 (file)
index 0000000..4ff666d
--- /dev/null
@@ -0,0 +1,3 @@
+<div class="member_title2 dashed" style="width:600px;margin-top:10px">
+       &gt;&gt;&nbsp;<strong><a href="{!URL!}/surfbar.php" target="_blank">Jetzt die Surfbar starten!</a></strong>&nbsp;&lt;&lt;
+</div>
diff --git a/templates/de/html/member/member_surfbar_start_static.tpl b/templates/de/html/member/member_surfbar_start_static.tpl
new file mode 100644 (file)
index 0000000..8ed167f
--- /dev/null
@@ -0,0 +1,12 @@
+<div class="member_table dashed" style="width:600px">
+       <div class="member_title2 bottom2">
+               <strong>Statisch verg&uuml;tete Surfbar ist aktiv</strong>
+       </div>
+       <div style="padding:5px">
+               Bei der statischen Verg&uuml;tung werden Ihnen derzeit
+               $content[surfbar_static_reward] {!POINTS!} f&uuml;r jede besuchte Seite
+               verg&uuml;tet. Diese m&uuml;ssen Sie $content[surfbar_static_time]
+               lang angesehen haben und k&ouml;nnen die selbe Seite erst nach
+               $content[surfbar_static_lock] wieder aufrufen.
+       </div>
+</div>
index 485d616a12d3818ce68e86e00558bf7e887f4a91..395eedc516697d8fa2805e9f6b767f2e845776c5 100644 (file)
@@ -1,4 +1,3 @@
-
-</TD>
+       </TD>
 </TR>
-</TABLE>
\ No newline at end of file
+</TABLE>
index 3684669ba1994101d2ac5c0dddba1bbab5ecc1da..fb63aeaa730c1284c8c4e5f55628195c627fe00a 100644 (file)
@@ -1,11 +1,11 @@
 <TABLE border="0" cellspacing="0" cellpadding="0" width="100%">
-       <TR>
-               <TD width="10" class="seperator">&nbsp;</TD>
-               <TD class="member_content">{--LAST_ONLINE--}: <STRONG>{!_LAST_ONLINE_VALUE!}</STRONG><br />
-               {--LAST_MODULE--}: <STRONG>{!_LAST_MODULE_VALUE!}</STRONG></TD>
-       </TR>
-       <TR>
-               <TD colspan="2" height="7" class="seperator">&nbsp;</TD>
-       </TR>
-       <TR>
-               <TD colspan="2" align="center" class="member_content">
\ No newline at end of file
+<TR>
+       <TD width="10" class="seperator">&nbsp;</TD>
+       <TD class="member_content">{--LAST_ONLINE--}: <STRONG>{!_LAST_ONLINE_VALUE!}</STRONG><br />
+       {--LAST_MODULE--}: <STRONG>{!_LAST_MODULE_VALUE!}</STRONG></TD>
+</TR>
+<TR>
+       <TD colspan="2" height="7" class="seperator">&nbsp;</TD>
+</TR>
+<TR>
+       <TD colspan="2" align="center" class="member_content">
diff --git a/templates/de/html/surfbar/.htaccess b/templates/de/html/surfbar/.htaccess
new file mode 100644 (file)
index 0000000..03688ee
--- /dev/null
@@ -0,0 +1 @@
+Deny from all\r
diff --git a/templates/de/html/surfbar/surfbar_frame_banner.tpl b/templates/de/html/surfbar/surfbar_frame_banner.tpl
new file mode 100644 (file)
index 0000000..985fee6
--- /dev/null
@@ -0,0 +1,7 @@
+<table border="0" cellspacing="0" cellpadding="0" class="surfbar_banner dashed" width="468" align="center">
+<tr>
+       <td height="60">
+               <!-- Hier kommt Ihr Code fuer 468x60-Banner rein! //-->
+       </td>
+</tr>
+</table>
diff --git a/templates/de/html/surfbar/surfbar_frame_top.tpl b/templates/de/html/surfbar/surfbar_frame_top.tpl
new file mode 100644 (file)
index 0000000..8038a14
--- /dev/null
@@ -0,0 +1,54 @@
+<table border="0" cellspacing="0" cellpadding="0" width="100%" class="surfbar_table">
+<tr>
+       <td class="surfbar_td">
+               &raquo;<span class="surfbar_points">$content[reward] {!POINTS!}</span> in
+               <span id="surfbar_counter">X</span>&nbsp;<span
+                id="counter_word">Sekunden</span>&laquo;&nbsp;&raquo;<span
+                class="surfbar_reload">$content[curr_reload]</span> von <span
+                class="surfbar_max">$content[max_urls]</span> im Reload&laquo;<br />
+
+                &raquo;<a href="$content[url]" target="_blank">Aktuelle Seite in neuem
+                Fenster &ouml;ffnen</a>&laquo;<br />&nbsp;[<a
+                 href="{!URL!}/modules.php?module=index&amp;what=logout">Ausloggen</a>|<a
+                 href="javascript:close()">Schliessen</a>]
+
+               &raquo;{!MAIN_TITLE!} ist f&uuml;r den Inhalt nicht verantwortlich!&laquo;
+       </td>
+</tr>
+</table>
+<script language="JavaScript" type="text/javascript">
+<!--
+var currCounter = "$content[reload]";
+var maxCounter = "$content[reload]";
+var counter = document.getElementById("surfbar_counter");
+var countDown = null;
+
+function Init() {
+       countDown = window.setInterval("StartCounter()", 1000);
+       parent.surfbar_url.location.href = "$content[url]";
+}
+
+function Confirm() {
+       parent.surfbar_url.location="{!URL!}/surfbar.php?id=$content[id]&check=$content[check]&salt=$content[salt]";
+}
+
+function StartCounter() {
+       if (currCounter < 1) {
+               return false;
+       }
+
+       currCounter--;
+       counter.innerHTML = currCounter;
+
+       if (currCounter == 0) {
+               clearInterval(countDown);
+               Confirm();
+               this.location.reload();
+       }
+}
+
+counter.innerHTML = $content[reload];
+Init();
+
+//-->
+</script>
diff --git a/templates/de/html/surfbar/surfbar_frameset.tpl b/templates/de/html/surfbar/surfbar_frameset.tpl
new file mode 100644 (file)
index 0000000..3eff74f
--- /dev/null
@@ -0,0 +1,17 @@
+<script language="JavaScript" type="text/javascript">
+<!--
+if (top.frames.length > 0) {
+       top.location.href=self.location;
+}
+//-->
+</script>
+<frameset rows="62,*" frameborder="no" border="0" framespacing="0">
+       <frameset cols="*,468" frameborder="no" border="0" framespacing="0">
+               <frame name="surfbar_top" src="{!URL!}/surfbar.php?frame=top" frameborder="no" scrolling="no" noresize>
+               <frame name="surfbar_banner" src="{!URL!}/surfbar.php?frame=banner" frameborder="no" scrolling="no" noresize>
+       </frameset>
+       <frame name="surfbar_url" src="about:blank" frameborder="no" scrolling="no" noresize>
+</frameset>
+<noframes>
+       Ihr Browser unterst&uuml;tzt keine Frames!
+</noframes>
diff --git a/templates/de/html/surfbar/surfbar_stopped.tpl b/templates/de/html/surfbar/surfbar_stopped.tpl
new file mode 100644 (file)
index 0000000..4ce5779
--- /dev/null
@@ -0,0 +1,9 @@
+<div align="center">
+       <div class="member_table dashed" style="width:500px">
+               <div class="member_title2 bottom2">
+                       <strong>Surfbar angehalten!</strong>
+               </div>
+
+               Keine URLs mehr verf&uuml;rgbar oder Datenbankfehler liegt vor.
+       </div>
+</div>
index 003ca6de1f779f0958e118dd6b1c6e8c3b61531a..2c45b0d4f7deeaf2498fd51c6044f9cfc01450de 100644 (file)
--- a/view.php
+++ b/view.php
@@ -49,11 +49,11 @@ if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['b
        $VIEW = 1;
 
        // for later things... ;-)
-       $result = SQL_QUERY_ESC("SELECT url FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT url FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)  {
                list($url) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET counter=counter+1 WHERE id=%d LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET counter=counter+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
 
                $type = substr($url, -3);
                @header ("Content-Type: image/".$type);