Tons of rewrites (SQL queries), surfbar nearly finished (working: surfing with static...
authorRoland Häder <roland@mxchange.org>
Sat, 6 Sep 2008 05:28:10 +0000 (05:28 +0000)
committerRoland Häder <roland@mxchange.org>
Sat, 6 Sep 2008 05:28:10 +0000 (05:28 +0000)
179 files changed:
.gitattributes
beg.php
birthday_confirm.php
click.php
doubler.php
inc/autopurge.php
inc/db/lib-mysql3.php
inc/db/lib.php
inc/doubler_send.php
inc/extensions.php
inc/extensions/ext-active.php
inc/extensions/ext-autopurge.php
inc/extensions/ext-beg.php
inc/extensions/ext-birthday.php
inc/extensions/ext-bonus.php
inc/extensions/ext-cache.php
inc/extensions/ext-doubler.php
inc/extensions/ext-holiday.php
inc/extensions/ext-maintenance.php
inc/extensions/ext-mediadata.php
inc/extensions/ext-newsletter.php
inc/extensions/ext-order.php
inc/extensions/ext-profile.php
inc/extensions/ext-register.php
inc/extensions/ext-rewrite.php
inc/extensions/ext-sponsor.php
inc/extensions/ext-sql_patches.php
inc/extensions/ext-surfbar.php
inc/extensions/ext-top10.php
inc/extensions/ext-transfer.php
inc/extensions/ext-user.php
inc/footer.php
inc/functions.php
inc/gen_sql_patches.php
inc/header.php
inc/libs/admins_functions.php
inc/libs/autopurge_functions.php
inc/libs/bonus_functions.php
inc/libs/country_functions.php
inc/libs/holiday_functions.php
inc/libs/nickname_functions.php
inc/libs/output_functions.php
inc/libs/rallye_functions.php
inc/libs/sponsor_functions.php
inc/libs/surfbar_functions.php
inc/load_cache.php
inc/mails/beg_mails.php
inc/mails/birthday_mails.php
inc/mails/bonus_mails.php
inc/modules/admin.php
inc/modules/admin/admin-inc.php
inc/modules/admin/overview-inc.php
inc/modules/admin/what-add_points.php
inc/modules/admin/what-adminedit.php
inc/modules/admin/what-admins_contct.php
inc/modules/admin/what-admins_mails.php
inc/modules/admin/what-config_admins.php
inc/modules/admin/what-config_cats.php
inc/modules/admin/what-config_email.php
inc/modules/admin/what-config_mods.php
inc/modules/admin/what-config_payouts.php
inc/modules/admin/what-config_points.php
inc/modules/admin/what-config_rallye_prices.php
inc/modules/admin/what-config_register.php
inc/modules/admin/what-del_email.php
inc/modules/admin/what-del_holiday.php
inc/modules/admin/what-del_transfer.php
inc/modules/admin/what-del_user.php
inc/modules/admin/what-edit_emails.php
inc/modules/admin/what-edit_user.php
inc/modules/admin/what-email_archiv.php
inc/modules/admin/what-email_details.php
inc/modules/admin/what-extensions.php
inc/modules/admin/what-guestedit.php
inc/modules/admin/what-list_cats.php
inc/modules/admin/what-list_country.php
inc/modules/admin/what-list_links.php
inc/modules/admin/what-list_newsletter.php
inc/modules/admin/what-list_payouts.php
inc/modules/admin/what-list_rallyes.php
inc/modules/admin/what-list_refs.php
inc/modules/admin/what-list_task.php
inc/modules/admin/what-list_unconfirmed.php
inc/modules/admin/what-list_user.php
inc/modules/admin/what-lock_user.php
inc/modules/admin/what-memedit.php
inc/modules/admin/what-newsletter.php [deleted file]
inc/modules/admin/what-payments.php
inc/modules/admin/what-refbanner.php
inc/modules/admin/what-repair_amnu.php
inc/modules/admin/what-repair_cats.php
inc/modules/admin/what-repair_gmnu.php
inc/modules/admin/what-repair_mmnu.php
inc/modules/admin/what-send_bonus.php
inc/modules/admin/what-stats.php [deleted file]
inc/modules/admin/what-sub_points.php
inc/modules/admin/what-theme_check.php
inc/modules/admin/what-unlock_emails.php
inc/modules/admin/what-user_contct.php
inc/modules/chk_login.php
inc/modules/frametester.php
inc/modules/guest/action-online.php
inc/modules/guest/what-confirm.php
inc/modules/guest/what-login.php
inc/modules/guest/what-register.php
inc/modules/guest/what-stats.php
inc/modules/member/what-beg.php
inc/modules/member/what-categories.php
inc/modules/member/what-holiday.php
inc/modules/member/what-html_mail.php
inc/modules/member/what-logout.php
inc/modules/member/what-mydata.php
inc/modules/member/what-newsletter.php
inc/modules/member/what-nickname.php
inc/modules/member/what-order.php
inc/modules/member/what-payout.php
inc/modules/member/what-points.php
inc/modules/member/what-reflinks.php
inc/modules/member/what-stats.php
inc/modules/member/what-surfbar_start.php
inc/modules/member/what-themes.php
inc/modules/member/what-transfer.php
inc/modules/member/what-unconfirmed.php
inc/modules/member/what-welcome.php
inc/modules/member/what-wernis.php
inc/modules/order.php
inc/monthly/monthly_beg.php
inc/monthly/monthly_bonus.php
inc/monthly/monthly_newsletter.php
inc/mysql-connect.php
inc/mysql-manager.php
inc/pool-update.php
inc/profile-updte.php
inc/reset/reset_beg.php
inc/reset/reset_bonus.php
inc/reset/reset_daily.php
inc/reset/reset_engine.php
inc/reset/reset_holiday.php
inc/session.php
inc/stats_bonus.php
inc/theme-manager.php
lead-confirm.php
mailid.php
mailid_top.php
modules.php
ref.php
show_bonus.php
surfbar.php [new file with mode: 0644]
templates/de/html/admin/admin_config_autopurge_pro.tpl [deleted file]
templates/de/html/admin/admin_config_beg_pro.tpl [deleted file]
templates/de/html/admin/admin_config_bonus_pro.tpl [deleted file]
templates/de/html/admin/admin_config_doubler_pro.tpl [deleted file]
templates/de/html/admin/admin_config_reg.tpl [deleted file]
templates/de/html/admin/admin_config_transfer_pro.tpl [deleted file]
templates/de/html/admin/admin_extensions_search.tpl [deleted file]
templates/de/html/admin/admin_mods_footer_edit.tpl [deleted file]
templates/de/html/admin/admin_mods_footer_list.tpl [deleted file]
templates/de/html/admin/admin_mods_footer_stats.tpl [deleted file]
templates/de/html/admin/admin_mods_footer_stats2.tpl [deleted file]
templates/de/html/admin/admin_mods_header_edit.tpl [deleted file]
templates/de/html/admin/admin_mods_header_list.tpl [deleted file]
templates/de/html/admin/admin_mods_header_stats.tpl [deleted file]
templates/de/html/admin/admin_mods_header_stats2.tpl [deleted file]
templates/de/html/admin/admin_setup_stats.tpl [deleted file]
templates/de/html/mailid/mailid_frames.tpl
templates/de/html/mailid/mailid_frameset.tpl [deleted file]
templates/de/html/mailid/mailid_timer.tpl
templates/de/html/member/member_frameset-back.tpl [deleted file]
templates/de/html/member/member_frameset-send.tpl [deleted file]
templates/de/html/member/member_surfbar_link.tpl [new file with mode: 0644]
templates/de/html/member/member_surfbar_start_static.tpl [new file with mode: 0644]
templates/de/html/member/member_welcome_footer.tpl
templates/de/html/member/member_welcome_header.tpl
templates/de/html/surfbar/.htaccess [new file with mode: 0644]
templates/de/html/surfbar/surfbar_frame_banner.tpl [new file with mode: 0644]
templates/de/html/surfbar/surfbar_frame_top.tpl [new file with mode: 0644]
templates/de/html/surfbar/surfbar_frameset.tpl [new file with mode: 0644]
templates/de/html/surfbar/surfbar_stopped.tpl [new file with mode: 0644]
view.php

index 4294b17..cff20e6 100644 (file)
@@ -343,7 +343,6 @@ inc/modules/admin/what-logs.php -text
 inc/modules/admin/what-maintenance.php -text
 inc/modules/admin/what-mem_add.php -text
 inc/modules/admin/what-memedit.php -text
-inc/modules/admin/what-newsletter.php -text
 inc/modules/admin/what-optimize.php -text
 inc/modules/admin/what-overview.php -text
 inc/modules/admin/what-payments.php -text
@@ -357,7 +356,6 @@ inc/modules/admin/what-repair_mmenu.php -text
 inc/modules/admin/what-repair_mmnu.php -text
 inc/modules/admin/what-send_bonus.php -text
 inc/modules/admin/what-send_newsletter.php -text
-inc/modules/admin/what-stats.php -text
 inc/modules/admin/what-stats_mods.php -text
 inc/modules/admin/what-sub_points.php -text
 inc/modules/admin/what-theme_check.php -text
@@ -559,6 +557,7 @@ install/tables.sql -text
 /show_bonus.php -text
 /sponsor_confirm.php -text
 /sponsor_ref.php -text
+/surfbar.php -text
 templates/.htaccess -text
 templates/de/.htaccess -text
 templates/de/emails/add-points.tpl -text
@@ -742,17 +741,13 @@ templates/de/html/admin/admin_config_admins_edit.tpl -text
 templates/de/html/admin/admin_config_admins_edit_row.tpl -text
 templates/de/html/admin/admin_config_admins_row.tpl -text
 templates/de/html/admin/admin_config_autopurge.tpl -text
-templates/de/html/admin/admin_config_autopurge_pro.tpl -text
 templates/de/html/admin/admin_config_beg.tpl -text
-templates/de/html/admin/admin_config_beg_pro.tpl -text
 templates/de/html/admin/admin_config_birthday.tpl -text
 templates/de/html/admin/admin_config_bonus.tpl -text
-templates/de/html/admin/admin_config_bonus_pro.tpl -text
 templates/de/html/admin/admin_config_cache.tpl -text
 templates/de/html/admin/admin_config_cats.tpl -text
 templates/de/html/admin/admin_config_cats_row.tpl -text
 templates/de/html/admin/admin_config_doubler.tpl -text
-templates/de/html/admin/admin_config_doubler_pro.tpl -text
 templates/de/html/admin/admin_config_email.tpl -text
 templates/de/html/admin/admin_config_email_del.tpl -text
 templates/de/html/admin/admin_config_email_del_row.tpl -text
@@ -787,7 +782,6 @@ templates/de/html/admin/admin_config_rallye_edit_row.tpl -text
 templates/de/html/admin/admin_config_rallye_prices.tpl -text
 templates/de/html/admin/admin_config_rallye_prices_row.tpl -text
 templates/de/html/admin/admin_config_refid.tpl -text
-templates/de/html/admin/admin_config_reg.tpl -text
 templates/de/html/admin/admin_config_reg_pro.tpl -text
 templates/de/html/admin/admin_config_register.tpl -text
 templates/de/html/admin/admin_config_register2.tpl -text
@@ -801,7 +795,6 @@ templates/de/html/admin/admin_config_surfbar.tpl -text
 templates/de/html/admin/admin_config_title.tpl -text
 templates/de/html/admin/admin_config_top10.tpl -text
 templates/de/html/admin/admin_config_transfer.tpl -text
-templates/de/html/admin/admin_config_transfer_pro.tpl -text
 templates/de/html/admin/admin_config_user.tpl -text
 templates/de/html/admin/admin_config_wernis.tpl -text
 templates/de/html/admin/admin_contct_user_form.tpl -text
@@ -849,7 +842,6 @@ templates/de/html/admin/admin_extensions_edit_row.tpl -text
 templates/de/html/admin/admin_extensions_installed.tpl -text
 templates/de/html/admin/admin_extensions_list.tpl -text
 templates/de/html/admin/admin_extensions_row.tpl -text
-templates/de/html/admin/admin_extensions_search.tpl -text
 templates/de/html/admin/admin_extensions_text.tpl -text
 templates/de/html/admin/admin_footer.tpl -text
 templates/de/html/admin/admin_gmenu_delete.tpl -text
@@ -962,14 +954,6 @@ templates/de/html/admin/admin_mmenu_overview.tpl -text
 templates/de/html/admin/admin_mmenu_status.tpl -text
 templates/de/html/admin/admin_mods_edit.tpl -text
 templates/de/html/admin/admin_mods_edit_row.tpl -text
-templates/de/html/admin/admin_mods_footer_edit.tpl -text
-templates/de/html/admin/admin_mods_footer_list.tpl -text
-templates/de/html/admin/admin_mods_footer_stats.tpl -text
-templates/de/html/admin/admin_mods_footer_stats2.tpl -text
-templates/de/html/admin/admin_mods_header_edit.tpl -text
-templates/de/html/admin/admin_mods_header_list.tpl -text
-templates/de/html/admin/admin_mods_header_stats.tpl -text
-templates/de/html/admin/admin_mods_header_stats2.tpl -text
 templates/de/html/admin/admin_mods_list.tpl -text
 templates/de/html/admin/admin_mods_list_row.tpl -text
 templates/de/html/admin/admin_mods_stats.tpl -text
@@ -1021,7 +1005,6 @@ templates/de/html/admin/admin_send_bonus_form.tpl -text
 templates/de/html/admin/admin_send_bonus_select.tpl -text
 templates/de/html/admin/admin_send_reset_link.tpl -text
 templates/de/html/admin/admin_settings_saved.tpl -text
-templates/de/html/admin/admin_setup_stats.tpl -text
 templates/de/html/admin/admin_sponsor_paytypes.tpl -text
 templates/de/html/admin/admin_sub_points.tpl -text
 templates/de/html/admin/admin_sub_points_all.tpl -text
@@ -1184,7 +1167,6 @@ templates/de/html/mailid/mailid_banner.tpl -text
 templates/de/html/mailid/mailid_confirm_buttom.tpl -text
 templates/de/html/mailid/mailid_enter_code.tpl -text
 templates/de/html/mailid/mailid_frames.tpl -text
-templates/de/html/mailid/mailid_frameset.tpl -text
 templates/de/html/mailid/mailid_points_done.tpl -text
 templates/de/html/mailid/mailid_points_done2.tpl -text
 templates/de/html/mailid/mailid_points_failed.tpl -text
@@ -1211,8 +1193,6 @@ templates/de/html/member/member_doubler.tpl -text
 templates/de/html/member/member_doubler_list.tpl -text
 templates/de/html/member/member_doubler_list_rows.tpl -text
 templates/de/html/member/member_footer.tpl -text
-templates/de/html/member/member_frameset-back.tpl -text
-templates/de/html/member/member_frameset-send.tpl -text
 templates/de/html/member/member_goto_top.tpl -text
 templates/de/html/member/member_header.tpl -text
 templates/de/html/member/member_holiday_deactivate.tpl -text
@@ -1260,6 +1240,8 @@ templates/de/html/member/member_stats_table.tpl -text
 templates/de/html/member/member_support_contacted.tpl -text
 templates/de/html/member/member_support_contcted.tpl -text
 templates/de/html/member/member_support_form.tpl -text
+templates/de/html/member/member_surfbar_link.tpl -text
+templates/de/html/member/member_surfbar_start_static.tpl -text
 templates/de/html/member/member_themes.tpl -text
 templates/de/html/member/member_transfer_list.tpl -text
 templates/de/html/member/member_transfer_new.tpl -text
@@ -1306,6 +1288,11 @@ templates/de/html/sponsor/sponsor_main.tpl -text
 templates/de/html/sponsor/sponsor_settings_form.tpl -text
 templates/de/html/sponsor/sponsor_welcome.tpl -text
 templates/de/html/sponsor/sponsor_what.tpl -text
+templates/de/html/surfbar/.htaccess -text
+templates/de/html/surfbar/surfbar_frame_banner.tpl -text
+templates/de/html/surfbar/surfbar_frame_top.tpl -text
+templates/de/html/surfbar/surfbar_frameset.tpl -text
+templates/de/html/surfbar/surfbar_stopped.tpl -text
 templates/de/html/theme_one.tpl -text
 templates/de/html/theme_select_box.tpl -text
 templates/de/html/theme_select_form.tpl -text
diff --git a/beg.php b/beg.php
index eb9bf94..e402809 100644 (file)
--- a/beg.php
+++ b/beg.php
@@ -69,7 +69,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                        }
                } else {
                        // Direct userid
-                       $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                         array(bigintval($_GET['uid'])), __FILE__, __LINE__);
                }
 
@@ -112,11 +112,11 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
 
                if (($uid > 0) && ($_CONFIG['beg_uid'] != $uid)) {
                        // Update counter
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                         array($uid), __FILE__, __LINE__);
 
                        // Check for last entry for userid w/o IP number
-                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%d)) AND remote_ip='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $_CONFIG['beg_timeout'])." OR (timeout > ".(time() - $_CONFIG['beg_uid_timeout'])." AND userid=%s)) AND remote_ip='%s' LIMIT 1",
                         array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__);
                        if ((SQL_NUMROWS($result) == 0) && ($points > 0) && (!$login)) {
                                // Free memory
@@ -137,7 +137,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                // Is begging rallye active?
                                if ($_CONFIG['beg_rallye'] == "Y") {
                                        // Add points to rallye account
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1",
                                         array($points, $uid), __FILE__, __LINE__);
                                } else {
                                        // Add points to account
@@ -148,14 +148,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                // Subtract begged points from member account if the admin has selected one
                                if ($_CONFIG['beg_uid'] > 0) {
                                        // Subtract from this account
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                                        array($points, bigintval($_CONFIG['beg_uid'])), __FILE__, __LINE__);
-
-                                       // Update mediadata as well
-                                       if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
-                                               // Update database
-                                               MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
-                                       }
+                                       SUB_POINTS($_CONFIG['beg_uid'], $points);
                                }
 
                                // Set message
index 621b21f..68fd150 100644 (file)
@@ -57,7 +57,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
 FROM "._MYSQL_PREFIX."_user_birthday AS b
 INNER JOIN "._MYSQL_PREFIX."_user_data AS d
 ON b.userid=d.userid
-WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
+WHERE b.userid=%s AND b.chk_value='%s' LIMIT 1",
  array($uid, $chk), __FILE__, __LINE__);
        //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")<br />\n";
 
@@ -77,7 +77,7 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1",
                        ADD_POINTS_REFSYSTEM($uid, $data['points'], false, "0", $locked, strtolower($_CONFIG['birthday_mode']));
 
                        // Remove entry from table
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d AND chk_value='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%s AND chk_value='%s' LIMIT 1",
                         array($uid, $chk), __FILE__, __LINE__);
 
                        // Update mediadata if version is 0.0.4 or newer
index 016ba77..d5c3aaa 100644 (file)
--- a/click.php
+++ b/click.php
@@ -47,7 +47,7 @@ require ("inc/config.php");
 if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) {
        // Update clicks counter...
        $CLICK = 1;
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET clicks=clicks+1 WHERE id=%d LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
        if (SQL_AFFECTEDROWS($link) == 1) {
                if (!empty($_GET['user'])) {
                        LOAD_URL("ref.php?refid=".bigintval($_GET['user']));
index e8a088b..ca2934f 100644 (file)
@@ -64,7 +64,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
         else
        {
                // Direct userid entered
-               $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
        }
 
@@ -99,7 +99,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                         else
                        {
                                // Direct userid entered
-                               $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT userid, status, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array(bigintval($_POST['userid'])), __FILE__, __LINE__);
                        }
 
@@ -134,15 +134,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                                         array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__);
 
                                        // Subtract entered points
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                                        array($_POST['points'], $uid), __FILE__, __LINE__);
-
-                                       // Update mediadata as well
-                                       if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                                       {
-                                               // Update database
-                                               MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $_POST['points']);
-                                       }
+                                       SUB_POINTS($uid, $_POST['points']);
 
                                        // Add points to "total payed" including charge
                                        $points = $_POST['points'] - $_POST['points'] * $_CONFIG['doubler_charge'];
index 39c630b..0871b6c 100644 (file)
@@ -67,7 +67,7 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid",
                while(list($mid, $sender, $pool, $price) = SQL_FETCHROW($result))
                {
                        // Check if confirmation links are purged or not
-                       $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d LIMIT 1",
+                       $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s LIMIT 1",
                         array(bigintval($mid)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result_links) == 1)
                        {
@@ -85,11 +85,11 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid",
                                $uid = $sender; $points += $price; $admin_points += $price;
 
                                // Remove confirmation links from queue
-                               $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d",
+                               $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s",
                                 array(bigintval($mid)), __FILE__, __LINE__);
 
                                // Update status of order
-                               $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='DELETED' WHERE id=%d LIMIT 1",
+                               $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='DELETED' WHERE id=%s LIMIT 1",
                                 array(bigintval($pool)), __FILE__, __LINE__);
                        }
                }
@@ -114,7 +114,7 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid",
                        while (list($bid, $price) = SQL_FETCHROW($result))
                        {
                                // Check if confirmation links are purged or not
-                               $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d",
+                               $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s",
                                 array(bigintval($bid)), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result_links) > 0)
                                {
@@ -125,11 +125,11 @@ WHERE s.timestamp_ordered <= %s ORDER BY s.userid",
                                        SQL_FREERESULT($result_links);
 
                                        // Remove confirmation links from queue
-                                       $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d",
+                                       $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s",
                                         array(bigintval($bid)), __FILE__, __LINE__);
 
                                        // Update status of order
-                                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='DELETED' WHERE id=%d LIMIT 1",
+                                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_bonus SET data_type='DELETED' WHERE id=%s LIMIT 1",
                                         array(bigintval($bid)), __FILE__, __LINE__);
                                }
                        }
@@ -199,7 +199,7 @@ ORDER BY d.userid", array($since, $since, $since), __FILE__, __LINE__);
                        SEND_EMAIL($email, AUTOPURGE_MEMBER_INACTIVE_SUBJECT, $msg);
 
                        // Update this account
-                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ap_notified=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+                       $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ap_notified=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
                }
 
@@ -328,11 +328,11 @@ if ($_CONFIG['ap_del_mails'])
                while(list($sender) = SQL_FETCHROW($result_mails))
                {
                        // Check now...
-                       $fount = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
+                       $fount = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
                        if ($found == 0)
                        {
                                // Okay we found some mails!
-                               $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE sender=%d",
+                               $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE sender=%s",
                                 array(bigintval($sender)), __FILE__, __LINE__);
                                $DELETED += SQL_AFFECTEDROWS();
 
@@ -359,11 +359,11 @@ if ($_CONFIG['ap_del_mails'])
                while(list($sender) = SQL_FETCHROW($result_mails))
                {
                        // Check now...
-                       $found = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
+                       $found = SQL_NUMROWS(SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($sender)), __FILE__, __LINE__));
                        if ($found == 0)
                        {
                                // Okay we found some mails!
-                               $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE sender=%d", array(bigintval($sender)), __FILE__, __LINE__);
+                               $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE sender=%s", array(bigintval($sender)), __FILE__, __LINE__);
                                $DELETED += SQL_AFFECTEDROWS();
 
                                // Reset query (to prevent possible errors) ...
index 95e4090..a49a60f 100644 (file)
@@ -66,7 +66,7 @@ function SQL_QUERY($sql_string, $F, $L) {
        // Debug output
        //* DEBUG: */ print "Query=<pre>".$sql_string."</pre>, affected=<b>".SQL_AFFECTEDROWS()."</b>, numrows=<b>".SQL_NUMROWS($result)."</b><br />\n";
 
-       if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (DEBUG_SQL)) {
+       if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (isBooleanConstantAndTrue('DEBUG_SQL'))) {
                //
                // Debugging stuff...
                //
@@ -176,7 +176,7 @@ function SQL_CLOSE($link, $F, $L) {
        global $_CONFIG, $cacheInstance, $cacheArray;
        if ((GET_EXT_VERSION("cache") >= "0.0.7") && (isset($_CONFIG['db_hits'])) && (isset($_CONFIG['cache_hits'])) && (is_object($cacheInstance))) {
                // Update counter for db/cache
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%d, cache_hits=%d WHERE config=0 LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%s, cache_hits=%s WHERE config=0 LIMIT 1",
                        array(bigintval($_CONFIG['db_hits']), bigintval($_CONFIG['cache_hits'])), __FILE__, __LINE__);
 
                // Update cache here
@@ -234,9 +234,15 @@ function SQL_INSERTID() {
        return @mysql_insert_id();
 }
 // Escape a string for the database
-function SQL_ESCAPE($str) {
+function SQL_ESCAPE($str, $secureString = true) {
        global $link;
 
+       // Secure string first? (which is the default behaviour!)
+       if ($secureString) {
+               // Then do it here
+               $str = secureString($str);
+       } // END - if
+
        if (!is_resource($link)) {
                // Fall-back to addslashes() when there is no link
                return addslashes($str);
@@ -256,7 +262,7 @@ function SQL_ESCAPE($str) {
 // SELECT query string from table, columns and so on... ;-)
 function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id) {
        // Prepare the SQL statement
-       $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%d LIMIT 1";
+       $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%s LIMIT 1";
 
        // Return the result
        return SQL_QUERY_ESC($SQL, array(bigintval($id)), __FILE__, __LINE__);
index d461ebf..5d9a308 100644 (file)
@@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 if (_DB_TYPE == "_DB_TYPE") define('_DB_TYPE', "mysql3");
 
 // Create include file name
-$INC = PATH."inc/db/lib-"._DB_TYPE.".php";
+$INC = sprintf("%sinc/db/lib-%s.php", PATH, _DB_TYPE);
 
 if ((file_exists($INC)) && (is_readable($INC))) {
        // Include abstraction layer
index e4f16f4..a0d6ee8 100644 (file)
@@ -84,7 +84,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                if ($DOUBLER_POINTS >= $points)
                {
                        // Check for his ref points
-                       $result_ref = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_doubler WHERE refid=%d AND completed='N' AND is_ref='Y'",
+                       $result_ref = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_doubler WHERE refid=%s AND completed='N' AND is_ref='Y'",
                         array(bigintval($uid)), __FILE__, __LINE__);
                        list($ref) = SQL_FETCHROW($result_ref);
 
@@ -97,7 +97,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                        {
                                // Referral points found so add them and set line(s) to completed='Y'
                                $points += $ref;
-                               $result_ref = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE refid=%d AND completed='N' AND is_ref='Y'",
+                               $result_ref = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE refid=%s AND completed='N' AND is_ref='Y'",
                                 array(bigintval($uid)), __FILE__, __LINE__);
                        }
                         else
@@ -110,7 +110,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                        if ($uid != $_CONFIG['doubler_uid'])
                        {
                                // Add points
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
                                 array($points, bigintval($uid)), __FILE__, __LINE__);
 
                                // Update mediadata as well
@@ -122,7 +122,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                        }
 
                        // Set entry as "payed"
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
 
                        $OK = false;
@@ -141,15 +141,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y"))
                        if (($user > 0) && ($user >= $points) && (!$OK) && ($_CONFIG['doubler_uid'] > 0) && ($uid != $_CONFIG['doubler_uid']))
                        {
                                // Add points to used points
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid='%d' LIMIT 1",
-                                array($points, $_CONFIG['doubler_uid']), __FILE__, __LINE__);
-
-                               // Update mediadata as well
-                               if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                               {
-                                       // Update database
-                                       MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
-                               }
+                               SUB_POINTS($_CONFIG['doubler_uid'], $points);
 
                                // Okay, done!
                                $OK = true;
index 06b5fc8..fa5e463 100644 (file)
@@ -198,7 +198,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false)
                                 array($ext_name, $EXT_LANG_PREFIX, $EXT_ALWAYS_ACTIVE, $EXT_VERSION), __FILE__, __LINE__);
 
                                // Update task management
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
 
                                // In normal mode return a true on success
@@ -222,7 +222,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false)
                }
        } elseif (($id > 0) && (!empty($ext_name))) {
                // Remove task from system when id and extension's name is valid
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND status='NEW' LIMIT 1",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND status='NEW' LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
        }
 
@@ -275,7 +275,7 @@ function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE) {
                // Removal mode?
                if ($EXT_LOAD_MODE == "remove") {
                        // Delete this extension (remember to remove it from your server *before* you click on welcome!
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                } // END - if
 
@@ -563,7 +563,7 @@ function GET_EXT_NAME($id)
         else
        {
                // Load from database
-               $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($ret) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index 892b52e..e867de0 100644 (file)
@@ -123,7 +123,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index be92113..84207b9 100644 (file)
@@ -258,14 +258,14 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Do we have a daily-reset-run?
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // Yes, we have. So let's auto-purge some campaigns, inactive users and unconfirmed accounts
-               $INC_POOL[] = PATH."inc/autopurge.php";
+               $INC_POOL[] = sprintf("%sinc/autopurge.php", PATH);
        }
        break;
 }
index d30face..ab6b882 100644 (file)
@@ -260,7 +260,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Remove old entries
@@ -268,18 +268,18 @@ default: // Do stuff when extension is loaded
        if ($_CONFIG['beg_uid_timeout'] > $OLD) $OLD = $_CONFIG['beg_uid_timeout'];
        $result_ext = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_beg_ips WHERE timeout < ".(time() - $OLD - 60*60), __FILE__, __LINE__);
 
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // Daily reset was run so let's check if begging rallye is active
                if ($_CONFIG['beg_rallye'] == "Y")
                {
                        // Check for our winers
-                       $INC_POOL[] = PATH."inc/monthly/monthly_beg.php";
+                       $INC_POOL[] = sprintf("%sinc/monthly/monthly_beg.php", PATH);
                }
                 else
                {
                        // Reset begging points
-                       $INC_POOL[] = PATH."inc/reset/reset_beg.php";
+                       $INC_POOL[] = sprintf("inc/reset/reset_beg.php", PATH);
                }
        }
 
@@ -287,7 +287,7 @@ default: // Do stuff when extension is loaded
        if (($_CONFIG['beg_rallye'] == "Y") && ($_CONFIG['beg_new_mem_notify'] == "Y"))
        {
                // Include file for sending out mails
-               $INC_POOL[] = PATH."inc/mails/beg_mails.php";
+               $INC_POOL[] = sprintf("%sinc/mails/beg_mails.php", PATH);
        }
 
        // Return code for the URL
index 067f106..7ea5372 100644 (file)
@@ -186,16 +186,16 @@ default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
 
        // Copy config to main array
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
 
        // Save some RAM...
        unset($dummy);
 
-       if ((defined('__DAILY_RESET')) && ($_CONFIG['birthday_points'] > 0))
+       if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['birthday_points'] > 0))
        {
                // Daily reset was run and we shall pay points so we start checking for members who
                // has a birthday for today
-               $INC_POOL[] = PATH."inc/mails/birthday_mails.php";
+               $INC_POOL[] = sprintf("%sinc/mails/birthday_mails.php", PATH);
        }
        break;
 }
index 2d83afc..b0bad4d 100644 (file)
@@ -541,22 +541,22 @@ WHERE last_online < ".$mark." ORDER BY userid";
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // Daily reset was run so let's check if active rallye is activated
                if ($_CONFIG['bonus_active'] == "Y")
                {
                        // Run active rallye
-                       if($_CONFIG['bonus_stats'] > 0) $INC_POOL[] = PATH."inc/stats_bonus.php";
-                       $INC_POOL[] = PATH."inc/monthly/monthly_bonus.php";
+                       if($_CONFIG['bonus_stats'] > 0) $INC_POOL[] = sprintf("%sinc/stats_bonus.php", PATH);
+                       $INC_POOL[] = sprintf("%sinc/monthly/monthly_bonus.php", PATH);
                }
                 else
                {
                        // Reset points
-                       $INC_POOL[] = PATH."inc/reset/reset_bonus.php";
+                       $INC_POOL[] = sprintf("%sinc/reset/reset_bonus.php", PATH);
                }
        }
 
@@ -564,7 +564,7 @@ default: // Do stuff when extension is loaded
        if (($_CONFIG['bonus_active'] == "Y") && ($_CONFIG['bonus_new_mem_notify'] == "Y"))
        {
                // Include file for sending out mails
-               $INC_POOL[] = PATH."inc/mails/bonus_mails.php";
+               $INC_POOL[] = sprintf("%sinc/mails/bonus_mails.php", PATH);
        }
        break;
 }
index 83aaba1..c13a330 100644 (file)
@@ -185,7 +185,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Create instance on class
index 260095d..0b3aff3 100644 (file)
@@ -237,13 +237,12 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
-       if ((defined('__DAILY_RESET')) && ($_CONFIG['doubler_send_mode'] == "RESET"))
-       {
+       if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['doubler_send_mode'] == "RESET")) {
                // So let's check for points
-               $INC_POOL[] = PATH."inc/doubler_send.php";
+               $INC_POOL[] = sprintf("%sinc/doubler_send.php", PATH);
        }
        break;
 }
index 29215c7..a5937ff 100644 (file)
@@ -225,14 +225,14 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Do we have a daily-reset-run?
-       if (((defined('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET")) || ($_CONFIG['holiday_mode'] == "DIRECT"))
+       if (((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['holiday_mode'] == "RESET")) || ($_CONFIG['holiday_mode'] == "DIRECT"))
        {
                // Ok, let's check for finished holidays and unlock those accounts
-               $INC_POOL[] = PATH."inc/reset/reset_holiday.php";
+               $INC_POOL[] = sprintf("%sinc/reset/reset_holiday.php", PATH);
        }
        break;
 }
index cdcc08a..0a36b71 100644 (file)
@@ -111,7 +111,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 65f3cd5..efd1986 100644 (file)
@@ -130,7 +130,7 @@ Bitte stellen Sie diesen derzeit manuell unter <A href=\"".URL."/modules.php?mod
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
@@ -140,7 +140,7 @@ if ((isset($dry_run)) && (isset($EXT_LOAD_MODE)))
        if ((!$dry_run) && ($EXT_LOAD_MODE == "update") && ($EXT_VER == "0.0.4"))
        {
                // Add auto-check file
-               $INC_POOL[] = PATH."inc/gen_mediadata.php";
+               $INC_POOL[] = sprintf("%sinc/gen_mediadata.php", PATH);
        }
 }
 
index 23d5cd1..4b625bc 100644 (file)
@@ -151,7 +151,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // URL ends which are used to indentify the end of an URL or email link
@@ -172,10 +172,10 @@ default: // Do stuff when extension is loaded
                '2', '3', '4', '5', '6', '7', '8', '9'
        );
 
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // Daily reset was run so let's check out for expired newsletter orders
-               $INC_POOL[] = PATH."inc/monthly/monthly_newsletter.php";
+               $INC_POOL[] = sprintf("%sinc/monthly/monthly_newsletter.php", PATH);
        }
        break;
 }
index 9c0b649..31fd421 100644 (file)
@@ -304,11 +304,11 @@ nicht die vom Mitglied eingegebene. Resultat: Das Script beschwerte sich, der Us
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
        // Do daily reset only when installed and extension version is at least 0.1.1
-       if ((defined('__DAILY_RESET')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (GET_EXT_VERSION("order") >= "0.1.1"))
+       if ((isBooleanConstantAndTrue('__DAILY_RESET')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (GET_EXT_VERSION("order") >= "0.1.1"))
        {
                // Reset mail order values
                $result_ext = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_user_data SET mail_orders=0 WHERE mail_orders > 0", __FILE__, __LINE__);
index 87ce68a..6173b77 100644 (file)
@@ -121,10 +121,10 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        // Do we have a daily-reset-run?
-       if (defined('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
+       if (isBooleanConstantAndTrue('__DAILY_RESET') && (!DEBUG_MODE) && ($CSS != 1))
        {
                // So let's check for profiles which needs an update
-               $INC_POOL[] = PATH."inc/profile-updte.php";
+               $INC_POOL[] = sprintf("%sinc/profile-updte.php", PATH);
        }
        break;
 }
index 3836baf..2224b0b 100644 (file)
@@ -324,7 +324,7 @@ PRIMARY KEY(id)
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 5e911a4..724dca6 100644 (file)
@@ -137,7 +137,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index f53ee49..4201cc0 100644 (file)
@@ -428,7 +428,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 669222a..2d7ea00 100644 (file)
@@ -567,7 +567,7 @@ default: // Do stuff when extension is loaded
        if (GET_EXT_VERSION("sql_patches") != '') {
                $_CONFIG['secret_key']        = "";
                //die("<pre>".print_r($dummy, true)."</pre>");
-               $_CONFIG = array_merge($_CONFIG, $dummy);
+               $_CONFIG = merge_array($_CONFIG, $dummy);
 
                // Read key from secret file
                if ((empty($_CONFIG['file_hash'])) || (empty($_CONFIG['master_salt'])) || (empty($_CONFIG['pass_scramble']))) {
index d345980..832f900 100644 (file)
@@ -55,7 +55,9 @@ case "register": // Do stuff when installtion is running (modules.php?module=adm
 `id` BIGINT(20) UNSIGNED  NOT NULL AUTO_INCREMENT,
 `userid` BIGINT(20) UNSIGNED  NOT NULL DEFAULT '0',
 `url` VARCHAR(255) NOT NULL DEFAULT '',
+`last_salt` VARCHAR( 255 ) NOT NULL DEFAULT '',
 `reward` DOUBLE(20,5) UNSIGNED  NOT NULL DEFAULT '0.00000',
+`payment_id` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0',
 `views_total` BIGINT(20) UNSIGNED  NOT NULL DEFAULT '0',
 `status` ENUM('PENDING','CONFIRMED', 'LOCKED') NOT NULL DEFAULT 'CONFIRMED',
 `registered` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
@@ -73,8 +75,8 @@ UNIQUE KEY `userid_url` (`userid`, `url`)
 `url_id` BIGINT(20) UNSIGNED  NOT NULL DEFAULT '0',
 `last_surfed` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
 PRIMARY KEY(`id`),
-INDEX(`userid`),
-INDEX(`url_id`)
+INDEX (`userid`),
+INDEX (`url_id`),
 ) TYPE=MyISAM COMMENT='Surfbar reload locks'";
 
        // Reload locks
@@ -108,6 +110,9 @@ PRIMARY KEY(`id`)
        $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','unlock_surfbar_urls','Wartende URLs freigeben','Geben Sie hier nur direkt in der Surfbar gebuchte URLs frei.',2)";
        $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','list_surfbar_reflvl','Referal-Ebenen einstellen','Stellen Sie hier die prozentuale Verg&uuml;tung f&uuml;r Refs ein. Es wird nur die Basisverg&uuml;tung zur Rechengrundlage der Referalverg&uuml;tung verwendet.',3)";
        $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','config_surfbar','Einstellungen','Einstellungen an der Surfbar &auml;ndern, wie Festverg&uuml;tung, prozentuale Ref-Verg&uuml;tung und vieles mehr.',4)";
+
+       // Load CSS?
+       $EXT_CSS = "Y";
        break;
 
 case "remove": // Do stuff when removing extension
@@ -143,7 +148,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 812699a..af5f2ed 100644 (file)
@@ -143,7 +143,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index 76fec57..a69fe2d 100644 (file)
@@ -284,10 +284,10 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
 
-       if ((defined('__DAILY_RESET')) && ($_CONFIG['ap_transfer'] == "Y"))
+       if ((isBooleanConstantAndTrue('__DAILY_RESET')) && ($_CONFIG['ap_transfer'] == "Y"))
        {
                // Automatically remove outdated or not displayed transactions
                TRANSFER_AUTPPURGE($_CONFIG['transfer_max'], $_CONFIG['transfer_age']);
index 30f0e57..fb87fe5 100644 (file)
@@ -215,7 +215,7 @@ case "update": // Update an extension
 
 default: // Do stuff when extension is loaded
        $dummy = LOAD_CONFIG();
-       $_CONFIG = array_merge($_CONFIG, $dummy);
+       $_CONFIG = merge_array($_CONFIG, $dummy);
        unset($dummy);
        break;
 }
index bbb91a4..aca9c6e 100644 (file)
@@ -58,8 +58,11 @@ if (($footer != "1") && ($footer != "2") && ($CSS != "1")) {
                DISPLAY_PARSING_TIME_FOOTER();
        } // END - if
 
-       // Load page footer
-       LOAD_TEMPLATE("page_footer");
+       // Not in frameset mode?
+       if ((!isset($isFrameset)) || ($isFrameset === false)) {
+               // Load page footer
+               LOAD_TEMPLATE("page_footer");
+       } // END - if
 
        // And the last closing HTML tag
        OUTPUT_HTML("</HTML>");
index 7a08291..aae3aae 100644 (file)
@@ -209,9 +209,10 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
        if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = 0;
        $REFID = $GLOBALS['refid'];
 
+       // DEPRECATED!!!
        if ($template == "member_support_form") {
                // Support request of a member
-               $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
                list($sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -222,7 +223,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
        $date_time = MAKE_DATETIME(time(), "1");
 
        // Base directory
-       $BASE = PATH."templates/".GET_LANGUAGE()."/html/";
+       $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE());
        $MODE = "";
 
        // Check for admin/guest/member templates
@@ -342,7 +343,7 @@ function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") {
                        ADD_MESSAGE_TO_BOX($TO, $SUBJECT, $MSG, $HTML);
                        return;
                } else {
-                       $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__);
+                       $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__);
                        list($TO) = SQL_FETCHROW($result_email);
                        SQL_FREERESULT($result_email);
                }
@@ -410,7 +411,7 @@ function SEND_RAW_EMAIL ($to, $subject, $msg, $from) {
 
                // get new instance
                $mail = new PHPMailer();
-               $mail->PluginDir  = PATH."inc/phpmailer/";
+               $mail->PluginDir  = sprintf("%sinc/phpmailer/", PATH);
 
                $mail->IsSMTP();
                $mail->SMTPAuth   = true;
@@ -710,6 +711,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
                $EXPIRATION = round($_CONFIG['auto_purge']/60/60/24)." "._DAYS;
        }
 
+       // DEPRECATED switch!
        switch ($template)
        {
        case "bonus-mail": // Load data for the bonus mail
@@ -807,13 +809,13 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
        if ($UID > 0) {
                if (EXT_IS_ACTIVE("nickname")) {
                        // Load nickname
-                       $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                         array(bigintval($UID)), __FILE__, __LINE__);
                        list($surname, $family, $sex, $email, $nick) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                } else {
                        // Load normal data
-                       $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                         array(bigintval($UID)), __FILE__, __LINE__);
                        list($surname, $family, $sex, $email) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -832,7 +834,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
        $DATA['email'] = $email;
 
        // Base directory
-       $BASE = PATH."templates/".GET_LANGUAGE()."/emails/";
+       $BASE = sprintf("%stemplates/%s/emails/", PATH, GET_LANGUAGE());
 
        // Check for admin/guest/member templates
        if (strpos($template, "admin_") > -1) {
@@ -860,11 +862,10 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
        if ((!@file_exists($file)) || (!is_readable($file))) {
                // Reset to default template
                $file = $BASE.$template.".tpl";
-       }
+       } // END - if
 
        // Now does the final template exists?
-       if ((@file_exists($file)) && (is_readable($file)))
-       {
+       if ((@file_exists($file)) && (is_readable($file))) {
                // The local file does exists so we load it. :)
                $tmpl_file = @implode("", @file($file));
                $tmpl_file = addslashes($tmpl_file);
@@ -878,9 +879,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
 
                // Replace HTML confirm chars
                $content = html_entity_decode($content);
-       }
-        elseif (!empty($template))
-       {
+       } elseif (!empty($template)) {
                // Template file not found!
                $content = TEMPLATE_404.": ".$template."<br />
 ".TEMPLATE_CONTENT."
@@ -891,17 +890,16 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") {
 
                // Debug mode not active? Then remove the HTML tags
                if (!DEBUG_MODE) $content = strip_tags($content);
-       }
-        else
-       {
+       } else {
                // No template name supplied!
                $content = NO_TEMPLATE_SUPPLIED;
        }
+
+       // Return compiled content
        return COMPILE_CODE($content);
 }
 //
-function MAKE_TIME($H, $M, $S, $stamp)
-{
+function MAKE_TIME($H, $M, $S, $stamp) {
        // Extract day, month and year from given timestamp
        $DAY   = date("d", $stamp);
        $MONTH = date("m", $stamp);
@@ -1241,20 +1239,15 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") {
        return $return;
 }
 // Does only allow numbers
-function bigintval($num, $castValue = true)
-{
+function bigintval($num, $castValue = true) {
        // Filter all numbers out
        $ret = preg_replace("/[^0123456789]/", "", $num);
 
-       // Cast the value?
-       if ($castValue) $ret = (int) $ret;
-
        // Return result
        return $ret;
 }
 // Insert the code in $img_code into jpeg or PNG image
-function GENERATE_IMAGE($img_code, $header=true)
-{
+function GENERATE_IMAGE($img_code, $header=true) {
        global $_CONFIG;
        if ((strlen($img_code) > 6) || (empty($img_code)) || ($_CONFIG['code_length'] == 0))
        {
@@ -1271,14 +1264,11 @@ function GENERATE_IMAGE($img_code, $header=true)
        {
        case "jpg":
                // Loads JPEG image
-               $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.jpg";
-               if ((file_exists($img)) && (is_readable($img)))
-               {
+               $img = sprintf("%s/theme/%s/images/code_bg.jpg", PATH, GET_CURR_THEME());
+               if ((file_exists($img)) && (is_readable($img))) {
                        // Okay, load image and hide all errors
                        $image = @imagecreatefromjpeg($img);
-               }
-                else
-               {
+               } else  {
                        // Exit function here
                        return;
                }
@@ -1286,14 +1276,11 @@ function GENERATE_IMAGE($img_code, $header=true)
 
        case "png":
                // Loads PNG image
-               $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.png";
-               if ((file_exists($img)) && (is_readable($img)))
-               {
+               $img = sprintf("%s/theme/%s/images/code_bg.png", PATH, GET_CURR_THEME());
+               if ((file_exists($img)) && (is_readable($img))) {
                        // Okay, load image and hide all errors
                        $image = @imagecreatefrompng($img);
-               }
-                else
-               {
+               } else {
                        // Exit function here
                        return;
                }
@@ -1310,8 +1297,7 @@ function GENERATE_IMAGE($img_code, $header=true)
        header ("Content-Type: image/".$_CONFIG['img_type']);
 
        // Output image with matching image factory
-       switch ($_CONFIG['img_type'])
-       {
+       switch ($_CONFIG['img_type']) {
                case "jpg": imagejpeg($image); break;
                case "png": imagepng($image);  break;
        }
@@ -1916,6 +1902,14 @@ function generateHash ($plainText, $salt = "") {
                return $plainText;
        } // END - if
 
+       // Do we miss an arry element here?
+       if (!isset($_CONFIG['file_hash'])) {
+               // Stop here
+               print(__FUNCTION__.":<pre>");
+               debug_print_backtrace();
+               die("</pre>");
+       } // END - if
+
        // When the salt is empty build a new one, else use the first x configured characters as the salt
        if ($salt == "") {
                // Build server string
@@ -1941,10 +1935,10 @@ function generateHash ($plainText, $salt = "") {
                // Generate the password salt string
                $salt = substr($sha1, 0, $_CONFIG['salt_length']);
                //* DEBUG: */ echo $salt." (".strlen($salt).")<br />";
-       }
-        else
-       {
+       } else {
+               // Use given salt
                $salt = substr($salt, 0, $_CONFIG['salt_length']);
+               //* DEBUG: */ echo "GIVEN={$salt}<br />\n";
        }
 
        // Return hash
@@ -2070,7 +2064,7 @@ function ADD_URL_DATA($URL)
        // Add all together and return it
        return $URL.$ADD;
 }
-//
+// Generate an PGP-like encrypted hash of given hash for e.g. cookies
 function generatePassString($passHash) {
        global $_CONFIG;
 
@@ -2095,10 +2089,11 @@ function generatePassString($passHash) {
                        //* DEBUG: */ echo "*".$start."=".$mod."*<br>";
                        $start += 4;
                        $newHash .= $mod;
-               }
+               } // END - for
 
-               //* DEBUG: */ die($passHash."<br>".$newHash." (".strlen($newHash).")");
+               //* DEBUG: */ print($passHash."<br>".$newHash." (".strlen($newHash).")");
                $ret = generateHash($newHash, $_CONFIG['master_salt']);
+               //* DEBUG: */ print($ret."<br />\n");
        } else {
                // Hash it simple
                //* DEBUG: */ echo "--".$passHash."--<br />\n";
@@ -2191,6 +2186,9 @@ function set_session ($var, $value) {
        } elseif (!empty($value)) {
                // Update session
                $_SESSION[$var] = $value;
+       } else {
+               // Something bad happens!
+               return false; // Hope this doesn't make so much trouble???
        }
 
        // Return always true if the session variable is already set.
@@ -2236,7 +2234,27 @@ function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content="", $uid="0")
                SEND_ADMIN_EMAILS($subject, $msg);
        }
 }
-
+// Destroy user session
+function destroy_user_session () {
+       // Remove all user data from session
+       return ((set_session("userid", "")) && (set_session("u_hash", "")) && (set_session("lifetime", "")));
+}
+// Merges an array together but only if both are arrays
+function merge_array ($array1, $array2) {
+       // Are both an array?
+       if ((is_array($array1)) && (is_array($array2))) {
+               // Merge all together
+               return array_merge($array1, $array2);
+       } elseif (is_array($array1)) {
+               // Return left array
+               return $array1;
+       }
+
+       // Something wired happened here...
+       print(__FUNCTION__.":<pre>");
+       debug_print_backtrace();
+       die("</pre>");
+}
 //
 //////////////////////////////////////////////////
 //                                              //
index 61eebc1..5876e3d 100644 (file)
@@ -72,7 +72,7 @@ if (empty($_CONFIG['master_salt'])) {
 if (empty($_CONFIG['file_hash'])) {
        // Create filename from hashed random string
        $file_hash = generateHash(GEN_PASS(rand(128, 256)));
-       $file = PATH."inc/.secret/.".$file_hash;
+       $file = sprintf("%sinc/.secret/.%s", PATH, $file_hash);
 
        // File hash was never created
        $fp = @fopen($file, 'w') or mxchange_die("Cannot write secret key file!");
index 3e31030..cbb11da 100644 (file)
@@ -116,7 +116,7 @@ if (($header != "1") && ($header != "2")) {
 } // END - if
 
 // Load body or not
-if ((($GLOBALS['module'] != "frametester")) || (($header == "1") && ($GLOBALS['module'] == "frametester") && (!empty($_GET['frame']))) && ($CSS != "1")) {
+if (((!$isFrameset) && ($GLOBALS['module'] != "frametester")) || (($GLOBALS['module'] == "frametester") && (isset($_GET['frame']))) || (($header == "1") && ($isFrameset) && (!empty($_GET['frame']))) && ($CSS != "1")) {
        // Is the header sent and the script is not the mail confirmation script and not a CSS?
        if (($header == "1") && (basename($_SERVER['PHP_SELF']) != "mailid.php") && ($CSS != "1")) {
                // Add BODY tag
index b10cd37..8b01726 100644 (file)
@@ -119,11 +119,11 @@ function ADMINS_CHECK_ACL($act, $wht) {
                if (!empty($act))
                {
                        // Main menu
-                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' LIMIT 1",
                         array(bigintval($aid), $act), __FILE__, __LINE__);
                } elseif (!empty($wht)) {
                        // Sub menu
-                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND what_menu='%s' LIMIT 1",
                         array(bigintval($aid), $wht), __FILE__, __LINE__);
                }
 
@@ -232,7 +232,7 @@ login='%s'".$ADD.",
 email='%s',
 default_acl='%s',
 la_mode='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
  array(
        $login,
        $POST['email'][$id],
@@ -246,7 +246,7 @@ WHERE id=%d LIMIT 1",
 login='%s'".$ADD.",
 email='%s',
 la_mode='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
  array(
        $login,
        $POST['email'][$id],
@@ -283,7 +283,7 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) {
                $id = bigintval($id);
 
                // Get the admin's data
-               $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
                 array($id), __FILE__, __LINE__);
                if ((SQL_NUMROWS($result) == 1) && ($sel == 1)) {
                        // Entry found
@@ -329,7 +329,7 @@ function ADMINS_DELETE_ADMIN_ACCOUNTS ($POST) {
                        $id = bigintval($id);
 
                        // Get the admin's data
-                       $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1) {
                                // Entry found
@@ -374,7 +374,7 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) {
                         array($id), __FILE__, __LINE__);
 
                        // Remove account
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
 
                        $cacheInstance_UPDATE = "1";
index f6bd9f3..6207391 100644 (file)
@@ -42,7 +42,7 @@ function AUTOPURGE_ADD_POINTS($uid, $points)
 {
        global $jackpot;
        // Check if he has locked points or not
-       $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT ref_payout FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($uid)), __FILE__, __LINE__);
        list($payout) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -67,7 +67,7 @@ function AUTOPURGE_ADD_POINTS($uid, $points)
         else
        {
                // .. to user's account
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
                 array($target, $target, $points, bigintval($uid)), __FILE__, __LINE__);
 
                // Update mediadata as well
index ebd186a..2668661 100644 (file)
@@ -50,13 +50,13 @@ function BONUS_ADD_TURBO_POINTS($mid, $uid, $type)
        switch ($type)
        {
        case "bonusid":
-               $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                 array($mid), __FILE__, __LINE__);
                $bonus = $mid; $mail = "0";
                break;
 
        case "mailid" :
-               $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT clicks FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
                 array($mid), __FILE__, __LINE__);
                $bonus = "0"; $mail = $mid;
                break;
@@ -88,7 +88,7 @@ function BONUS_ADD_TURBO_POINTS($mid, $uid, $type)
        }
 
        // Add points to his account directly
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=turbo_bonus+".$points." WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET turbo_bonus=turbo_bonus+".$points." WHERE userid=%s LIMIT 1",
         array(bigintval($uid)), __FILE__, __LINE__);
 
        // Rember this whole data for displaying ranking list
@@ -107,7 +107,7 @@ function BONUS_MAKE_RANK_ROWS($data, $type, $uid)
        $ranks = sizeof(explode(";", $_CONFIG['bonus_rates'])) + 1;
 
        // Load current user's data
-       $result = SQL_QUERY_ESC("SELECT level, points, timemark FROM "._MYSQL_PREFIX."_bonus_turbo WHERE %s=%s AND userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT level, points, timemark FROM "._MYSQL_PREFIX."_bonus_turbo WHERE %s=%s AND userid=%s LIMIT 1",
         array($type, $data, $uid), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -213,15 +213,7 @@ function BONUS_POINTS_HANDLER($MODE)
                        if ($TOTAL >= $points)
                        {
                                // Subtract points from userid's account
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                                array(bigintval($points), bigintval($_CONFIG['bonus_uid'])), __FILE__, __LINE__);
-
-                               // Update mediadata as well
-                               if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                               {
-                                       // Update database
-                                       MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
-                               }
+                               SUB_POINTS($_CONFIG['bonus_uid'], $points);
                        }
                }
                break;
@@ -232,15 +224,7 @@ function BONUS_POINTS_HANDLER($MODE)
                if ($TOTAL >= $points)
                {
                        // Subtract points from userid's account
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                        array(bigintval($points), bigintval($_CONFIG['bonus_uid'])),  __FILE__, __LINE__);
-
-                       // Update mediadata as well
-                       if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                       {
-                               // Update database
-                               MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $points);
-                       }
+                       SUB_POINTS($_CONFIG['bonus_uid'], $points);
                }
                 else
                {
index 30b39fa..be8658b 100644 (file)
@@ -40,7 +40,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 //
 function COUNTRY_GENERATE_INFO($ID)
 {
-       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%s LIMIT 1",
         array(bigintval($ID)), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
index 49ab3b2..f013ebe 100644 (file)
@@ -52,13 +52,13 @@ ORDER BY userid", __FILE__, __LINE__);
                while (list($uid, $start, $end, $comments) = SQL_FETCHROW($result_stop))
                {
                        // Stop holiday
-                       $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays WHERE userid=%d LIMIT 1",
+                       $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays WHERE userid=%s LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
 
                        // Unlock account
                        $result_del = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
 SET holiday_active='N', holiday_activated='0'
-WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
 
                        // Prepare array
                        $content = array(
index dbaee3b..899d98b 100644 (file)
@@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 function NICKNAME_IS_ACTIVE($uidNick)
 {
        $ret = false;
-       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%d AND userid > 0) OR nickname='%s' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%s AND userid > 0) OR nickname='%s' LIMIT 1",
         array(bigintval($uidNick), $uidNick), __FILE__, __LINE__);
 
        // Check existence of nickname
@@ -60,7 +60,7 @@ function NICKNAME_GET_NICK($userid)
        $ret = "";
 
        // Search for non-empty nickname
-       $result = SQL_QUERY_ESC("SELECT nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND nickname != '' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND nickname != '' LIMIT 1",
         array(bigintval($userid)), __FILE__, __LINE__);
 
        // Found?
index 9b5be75..c439128 100644 (file)
@@ -78,15 +78,14 @@ function get_template ($template, $return=false, $content="")
 
        if ($template == "member_support_form") {
                // Support request of a member
-               $ID = bigintval($GLOBALS['userid']);
-               $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
                list($sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
                $salut = TRANSLATE_SEX($sex);
        }
 
        // Base directory
-       $BASE = PATH."templates/".GET_LANGUAGE()."/html/";
+       $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE());
        $MODE = "";
 
        // Check for admin/guest/member templates
@@ -118,13 +117,13 @@ function get_template ($template, $return=false, $content="")
 
                // Remove variable from memory
                unset($file2);
-       }
+       } // END - if
 
        // Does the special template exists?
        if ((!file_exists($file)) || (!is_readable($file))) {
                // Reset to default template
-               $file = PATH."templates/".GET_LANGUAGE()."/html/".$template.".tpl";
-       }
+               $file = sprintf("%stemplates/%s/html/%s.tpl", PATH, GET_LANGUAGE(), $template);
+       } // END - if
 
        // Now does the final template exists?
        if ((file_exists($file)) && (is_readable($file))) {
index 2a4f228..ad8d6c5 100644 (file)
@@ -49,7 +49,7 @@ function RALLYE_AUTOSTART_RALLYES($result)
        SQL_FREERESULT($result);
 
        // Set notified to Y
-       $result_notified = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET notified='Y' WHERE id=%d LIMIT 1",
+       $result_notified = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET notified='Y' WHERE id=%s LIMIT 1",
         array(bigintval($id)), __FILE__, __LINE__);
 
        // Do a snapshot off all user refs
@@ -97,7 +97,7 @@ function RALLYE_AUTOSTART_RALLYES($result)
                if (empty($cnt)) $cnt = "0"; // Added prevent some unknown troubles... :-?
 
                // Check if line is already included...
-               $result_ref = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d AND userid=%d LIMIT 1",
+               $result_ref = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s AND userid=%s LIMIT 1",
                 array(bigintval($id), bigintval($uid)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result_ref) == 0)
                {
@@ -109,7 +109,7 @@ function RALLYE_AUTOSTART_RALLYES($result)
 FROM "._MYSQL_PREFIX."_user_points AS p
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON p.userid=d.userid
-WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d",
+WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%s",
  array($_CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__);
                        list($cpoints) = SQL_FETCHROW($result_ref);
                        SQL_FREERESULT($result_ref);
@@ -197,7 +197,7 @@ function RALLYE_ADD_TOPUSERS($rallye,$default=0)
        $since = (time() - $_CONFIG['ap_in_since']);
 
        // First check how many prices are set
-       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
         array(bigintval($rallye)), __FILE__, __LINE__);
        $prices = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
@@ -206,7 +206,7 @@ function RALLYE_ADD_TOPUSERS($rallye,$default=0)
        $result = SQL_QUERY_ESC("SELECT DISTINCT u.userid, u.refs, u.curr_points FROM "._MYSQL_PREFIX."_rallye_users AS u
 LEFT JOIN "._MYSQL_PREFIX."_refsystem AS r
 ON u.userid=r.userid
-WHERE u.rallye_id=%d AND r.counter > 0 ORDER BY u.refs DESC",
+WHERE u.rallye_id=%s AND r.counter > 0 ORDER BY u.refs DESC",
  array(bigintval($rallye)), __FILE__, __LINE__);
 
        // Load users
@@ -225,7 +225,7 @@ WHERE u.rallye_id=%d AND r.counter > 0 ORDER BY u.refs DESC",
                $result_ref = SQL_QUERY_ESC("SELECT DISTINCT p.points FROM "._MYSQL_PREFIX."_user_points AS p
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON p.userid=d.userid
-WHERE d.userid=%d AND d.status='CONFIRMED' AND p.ref_depth=1 AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s
+WHERE d.userid=%s AND d.status='CONFIRMED' AND p.ref_depth=1 AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s
 LIMIT 1", array(bigintval($uid), $_CONFIG['ref_payout'], $since), __FILE__, __LINE__);
                list($refpoints) = SQL_FETCHROW($result_ref);
                SQL_FREERESULT($result_ref);
@@ -293,7 +293,7 @@ function RALLYE_AUTOADD_USER($uid)
                SQL_FREERESULT($result);
 
                // Check if line is already included...
-               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d AND userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s AND userid=%s LIMIT 1",
                 array(bigintval($id), bigintval($uid)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 0)
                {
@@ -359,7 +359,7 @@ function RALLYE_EXPIRE_RALLYES($result)
                //   active = 0: account is deleted or locked
                $result = SQL_QUERY_ESC("SELECT COUNT(userid) AS active
 FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d AND status='CONFIRMED' AND last_online >= %s
+WHERE userid=%s AND status='CONFIRMED' AND last_online >= %s
 LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__);
                list($active) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -380,7 +380,7 @@ LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__);
        }
 
        // Expire rallye
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET expired='Y' WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_data SET expired='Y' WHERE id=%s LIMIT 1",
         array(bigintval($id)), __FILE__, __LINE__);
 
        // Run array through (by uid is the most important 2nd-level-array)
@@ -398,7 +398,7 @@ LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__);
                        if ($DATA['points'] > 0)
                        {
                                // Add points directly to user's account
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
                                 array($DATA['points'], bigintval($uid)), __FILE__, __LINE__);
 
                                // Update mediadata as well
@@ -503,7 +503,7 @@ function RALLYE_LOAD_PRICES_ARRAY($rallye)
        );
 
        // Load prices
-       $result = SQL_QUERY_ESC("SELECT price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+       $result = SQL_QUERY_ESC("SELECT price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
         array(bigintval($rallye)), __FILE__, __LINE__);
        while(list($level, $points, $info) = SQL_FETCHROW($result))
        {
@@ -534,7 +534,7 @@ function RALLYE_LOAD_USERS_ARRAY($rallye)
        );
 
        // Load users                    uid    old   points earned
-       $result_user = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d ORDER BY userid",
+       $result_user = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s ORDER BY userid",
         array(bigintval($rallye)), __FILE__, __LINE__);
        while(list($uid, $refs, $cpoints) = SQL_FETCHROW($result_user))
        {
@@ -546,7 +546,7 @@ function RALLYE_LOAD_USERS_ARRAY($rallye)
 FROM "._MYSQL_PREFIX."_user_points AS p
 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
 ON p.userid=d.userid
-WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d",
+WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%s",
  array($_CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__);
                list($refpoints) = SQL_FETCHROW($result_ref);
                SQL_FREERESULT($result_ref);
@@ -585,7 +585,7 @@ WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p
 function RALLYE_LIST_WINNERS($rallye,$default=0)
 {
        // First check how many prices are set
-       $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+       $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
         array(bigintval($rallye)), __FILE__, __LINE__);
        $prices = SQL_NUMROWS($result_prices);
        SQL_FREERESULT($result_prices);
@@ -601,7 +601,7 @@ function RALLYE_LIST_WINNERS($rallye,$default=0)
                // Check status
                //   active = 1: account is still confirmed
                //   active = 0: account is deleted or locked
-               $result_active = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+               $result_active = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                 array(bigintval($DATA['uid'][$idx])), __FILE__, __LINE__);
                list($active) = SQL_FETCHROW($result_active);
                SQL_FREERESULT($result_active);
@@ -676,11 +676,11 @@ function RALLYE_DELETE_EXPIRED_RALLYES()
                        SEND_ADMIN_NOTIFICATION(RALLYE_ADMIN_PURGED.": ".$title, "admin_rallye_purged", "", 0);
 
                        // Purge whole rallye
-                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1",
+                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d LIMIT 1",
+                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d LIMIT 1",
+                       $result_purge = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
 
@@ -698,7 +698,7 @@ function RALLYE_TEMPLATE_SELECTION($name="template", $default="")
 {
        // Check templates directory
        $OUT = ""; $ral = array();
-       $BASE = PATH."templates/".GET_LANGUAGE()."/html";
+       $BASE = sprintf("%stemplates/%s/html", PATH, GET_LANGUAGE());
        $dir = opendir($BASE);
        while ($read = readdir($dir))
        {
@@ -793,7 +793,7 @@ function RALLYE_GET_REFCOUNT($uid, $old=0)
 FROM "._MYSQL_PREFIX."_refsystem AS s
 LEFT JOIN "._MYSQL_PREFIX."_refdepths AS d
 ON s.level=d.level
-WHERE s.userid=%d AND s.level=0", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE s.userid=%s AND s.level=0", array(bigintval($uid)), __FILE__, __LINE__);
                list($cnt) = SQL_FETCHROW($result_ref);
                SQL_FREERESULT($result_ref);
                if (empty($cnt))
index d762631..019eac7 100644 (file)
@@ -421,15 +421,12 @@ ORDER BY sort", array($action), __FILE__, __LINE__);
 function GENERATE_SPONSOR_CONTENT($what)
 {
        global $HTTP_POST_VARS, $_GET, $CONFIG;
-       $FILE = PATH."inc/modules/sponsor/".$what.".php";
        $OUT = "";
-       if (@file_exists($FILE))
-       {
+       $FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
+       if ((file_exists($FILE)) && (is_readable($FILE))) {
                // Every sponsor action will output nothing directly. It will be written into $OUT!
                require_once($FILE);
-       }
-        else
-       {
+       } else {
                // File not found!
                $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
        }
index 8cd6082..5af00ce 100644 (file)
@@ -38,7 +38,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 }
 
 // Admin has added an URL with given user id
-function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward) {
+function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward, $paymentId) {
        // Is this really an admin?
        if (!IS_ADMIN()) {
                // Then leave here
@@ -52,7 +52,7 @@ function SURFBAR_ADMIN_ADD_URL ($url, $uid, $reward) {
        } // END - if
 
        // Register the new URL
-       return SURFBAR_REGISTER_URL($url, $uid, $reward, "CONFIRMED", "unlock");
+       return SURFBAR_REGISTER_URL($url, $uid, $reward, $paymentId, "CONFIRMED", "unlock");
 }
 // Looks up by an URL
 function SURFBAR_LOOKUP_BY_URL ($url) {
@@ -104,7 +104,7 @@ ORDER BY %s %s",
        return $lastUrlData;
 }
 // Registers an URL with the surfbar. You should have called SURFBAR_LOOKUP_BY_URL() first!
-function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode="reg") {
+function SURFBAR_REGISTER_URL ($url, $uid, $reward, $paymentId, $status="PENDING", $addMode="reg") {
        global $_CONFIG;
 
        // Make sure by the user registered URLs are always pending
@@ -116,6 +116,7 @@ function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode=
                'frametester' => FRAMETESTER($url),
                'uid'         => $uid,
                'reward'      => $reward,
+               'payment_id'  => $paymentId,
                'status'      => $status
        );
 
@@ -141,11 +142,12 @@ function SURFBAR_REGISTER_URL ($url, $uid, $reward, $status="PENDING", $addMode=
 // Inserts an url by given data array and return the insert id
 function SURFBAR_INSERT_URL_BY_ARRAY ($urlData) {
        // Just run the insert query for now
-       SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid, url, reward, status) VALUES(%s, '%s', %s, '%s')",
+       SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid, url, reward, payment_id, status) VALUES(%s, '%s', %s, %s, '%s')",
                array(
                        bigintval($urlData['uid']),
-                       bigintval($urlData['url']),
+                       $urlData['url'],
                        (float)$urlData['reward'],
+                       bigintval($urlData['payment_id']),
                        $urlData['status']
                ), __FILE__, __LINE__
        );
@@ -201,5 +203,281 @@ function SURFBAR_TRANSLATE_STATUS ($status) {
        // Return result
        return $statusTranslated;
 }
+// Determine right template name
+function SURFBAR_DETERMINE_TEMPLATE_NAME() {
+       // Default is the frameset
+       $templateName = "surfbar_frameset";
+
+       // Any frame set? ;-)
+       if (isset($_GET['frame'])) {
+               // Use the frame as a template name part... ;-)
+               $templateName = sprintf("surfbar_frame_%s",
+                       SQL_ESCAPE($_GET['frame'])
+               );
+       } // END - if
+
+       // Return result
+       return $templateName;
+}
+// Check if the "reload lock" of the current user is full
+function SURFBAR_CHECK_RELOAD_FULL() {
+       global $SURFBAR_DATA, $_CONFIG;
+
+       // Default is full!
+       $isFull = true;
+
+       // Do we have static or dynamic mode?
+       if ($_CONFIG['surfbar_pay_model'] == "STATIC") {
+               // Cache static reload lock
+               $SURFBAR_DATA['surf_lock'] = $_CONFIG['surfbar_static_lock'];
+
+               // Ask the database
+               $result = SQL_QUERY_ESC("SELECT COUNT(id) AS cnt FROM "._MYSQL_PREFIX."_surfbar_locks
+WHERE userid=%s AND (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") < UNIX_TIMESTAMP(last_surfed)
+LIMIT 1",
+                       array($GLOBALS['userid']), __FILE__, __LINE__
+               );
+
+               // Fetch row
+               list($SURFBAR_DATA['user_locks']) = SQL_FETCHROW($result);
+
+               // Is it null?
+               if (is_null($SURFBAR_DATA['user_locks'])) {
+                       // Then fix it to zero!
+                       $SURFBAR_DATA['user_locks'] = 0;
+               } // END - if
+
+               // Free result
+               SQL_FREERESULT($result);
+
+               // Get total URLs
+               $total = SURFBAR_GET_TOTAL_URLS();
+
+               // Do we have some URLs in lock? Admins can always surf on own URLs!
+               $isFull = (($SURFBAR_DATA['user_locks'] == $total) && ($total > 0));
+       } else {
+               // Dynamic model...
+               die("DYNAMIC not yet implemented!");
+       }
+
+       // Return result
+       return $isFull;
+}
+// Get total amount of URLs of given status for current user or of CONFIRMED URLs by default
+function SURFBAR_GET_TOTAL_URLS ($status="CONFIRMED") {
+       // Get amount from database
+       $result = SQL_QUERY_ESC("SELECT COUNT(id) AS cnt
+FROM "._MYSQL_PREFIX."_surfbar_urls
+WHERE userid != %d AND status='%s'",
+               array($GLOBALS['userid'], $status), __FILE__, __LINE__
+       );
+
+       // Fetch row
+       list($cnt) = SQL_FETCHROW($result);
+
+       // Free result
+       SQL_FREERESULT($result);
+
+       // Return result
+       return $cnt;
+}
+// Generate a validation code for the given id number
+function SURFBAR_GENERATE_VALIDATION_CODE ($id, $salt="") {
+       global $_CONFIG, $SURFBAR_DATA;
+
+       // Generate a code until the length matches
+       $valCode = "";
+       while (strlen($valCode) != $_CONFIG['code_length']) {
+               // Is the salt set?
+               if (empty($salt)) {
+                       // Generate random hashed string
+                       $SURFBAR_DATA['salt'] = sha1(GEN_PASS(255));
+               } else {
+                       // Use this as salt!
+                       $SURFBAR_DATA['salt'] = $salt;
+               }
+               //* DEBUG: */ echo "*".$SURFBAR_DATA['salt']."*<br />\n";
+
+               // ... and now the validation code
+               $valCode = GEN_RANDOM_CODE($_CONFIG['code_length'], sha1(SURFBAR_GET_DATA('salt').":".$id), $GLOBALS['userid']);
+               //* DEBUG: */ echo "valCode={$valCode}<br />\n";
+       } // END - while
+
+       // Hash it with md5() and salt it with the random string
+       $hashedCode = generateHash(md5($valCode), SURFBAR_GET_DATA('salt'));
+
+       // Finally encrypt it PGP-like and return it
+       return generatePassString($hashedCode);
+}
+// Check validation code
+function SURFBAR_CHECK_VALIDATION_CODE ($id, $check, $salt) {
+       global $SURFBAR_DATA;
+
+       // Secure id number
+       $id = bigintval($id);
+
+       // Now generate the code again
+       $code = SURFBAR_GENERATE_VALIDATION_CODE($id, $salt);
+
+       // Return result of checking hashes and salts
+       //* DEBUG: */ echo "--- ".$code."<br />\n--- ".$check."<br />\n";
+       //* DEBUG: */ echo "+++ ".$salt."<br />\n+++ ".SURFBAR_GET_DATA('last_salt')."<br />\n";
+       return (($code == $check) && ($salt == SURFBAR_GET_DATA('last_salt')));
+}
+// Lockdown the userid/id combination (reload lock)
+function SURFBAR_LOCKDOWN_ID ($id) {
+       // Just add it to the database
+       SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_locks (userid, url_id) VALUES(%s, %s)",
+               array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__);
+}
+// Pay points to the user and remove it from the sender
+function SURFBAR_PAY_POINTS ($id) {
+       global $SURFBAR_DATA, $_CONFIG;
+
+       // Re-configure ref-system to surfbar levels
+       $_CONFIG['db_percents'] = "percent";
+       $_CONFIG['db_table']    = "surfbar_reflevels";
+
+       // Book it to the user
+       ADD_POINTS_REFSYSTEM($GLOBALS['userid'], $SURFBAR_DATA['reward']);
+
+       // Remove it from the URL owner
+       SUB_POINTS($SURFBAR_DATA['userid'], $SURFBAR_DATA['reward']);
+}
+// Update the salt for validation
+function SURFBAR_UPDATE_SALT() {
+       global $SURFBAR_DATA;
+
+       // Simply store the salt from cache away in database...
+       SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_surfbar_urls SET last_salt='%s', views_total=views_total+1 WHERE id=%s LIMIT 1",
+               array(SURFBAR_GET_DATA('salt'), SURFBAR_GET_DATA('id')), __FILE__, __LINE__);
+
+       // Return if the update was okay
+       return (SQL_AFFECTEDROWS() == 1);
+}
+// Determine next id for surfbar view, always call this before you call other
+// getters below this function!!!
+function SURFBAR_GET_NEXT_ID ($id = 0) {
+       global $SURFBAR_DATA, $_CONFIG;
+
+       // Default is no id!
+       $nextId = 0;
+
+       // Is the ID set?
+       if ($id == 0) {
+               // Set max random factor to total URLs minus 1
+               $maxRand = SURFBAR_GET_TOTAL_URLS() - 1;
+
+               // Generate random number
+               $randNum = mt_rand(0, $maxRand);
+
+               // And query the database
+               $result = SQL_QUERY_ESC("SELECT sb.id, sb.userid, sb.url, sb.last_salt, sb.reward, sb.views_total, p.time, UNIX_TIMESTAMP(l.last_surfed) AS last_surfed
+FROM "._MYSQL_PREFIX."_surfbar_urls AS sb
+LEFT JOIN "._MYSQL_PREFIX."_payments AS p
+ON sb.payment_id=p.id
+LEFT JOIN "._MYSQL_PREFIX."_surfbar_locks AS l
+ON sb.id=l.url_id
+WHERE sb.userid != %d AND sb.status='CONFIRMED' AND (l.last_surfed IS NULL OR (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") >= UNIX_TIMESTAMP(l.last_surfed))
+ORDER BY l.last_surfed DESC, sb.last_salt ASC, sb.id ASC
+LIMIT %d,1",
+                       array($GLOBALS['userid'], $randNum), __FILE__, __LINE__
+               );
+       } else {
+               // Get data from specified id number
+               $result = SQL_QUERY_ESC("SELECT sb.id, sb.userid, sb.url, sb.last_salt, sb.reward, sb.views_total, p.time
+FROM "._MYSQL_PREFIX."_surfbar_urls AS sb
+LEFT JOIN "._MYSQL_PREFIX."_payments AS p
+ON sb.payment_id=p.id
+WHERE sb.userid != %s AND sb.status='CONFIRMED' AND sb.id=%s
+LIMIT 1",
+                       array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__
+               );
+       }
+
+       // Is there an id number?
+       if (SQL_NUMROWS($result) == 1) {
+               // Load/cache data
+               //* DEBUG: */ echo "*".count($SURFBAR_DATA)."*<br />\n";
+               $SURFBAR_DATA = merge_array($SURFBAR_DATA, SQL_FETCHARRAY($result));
+               //* DEBUG: */ echo "*".count($SURFBAR_DATA)."*<br />\n";
+
+               // Is the time there?
+               if (is_null($SURFBAR_DATA['time'])) {
+                       // Then repair it wit the static!
+                       $SURFBAR_DATA['time'] = $_CONFIG['surfbar_static_time'];
+               } // END - if
+
+               // Fix missing last_surfed
+               if ((!isset($SURFBAR_DATA['last_surfed'])) || (is_null($SURFBAR_DATA['last_surfed']))) {
+                       // Fix it here
+                       $SURFBAR_DATA['last_surfed'] = "0";
+               } // END - if
+
+               // Are we in static mode?
+               if ($_CONFIG['surfbar_pay_model'] == "STATIC") {
+                       // Then use static reward!
+                       $SURFBAR_DATA['reward'] = $_CONFIG['surfbar_static_reward'];
+               } else {
+                       // Calculate dynamic reward and add it
+                       $SURFBAR_DATA['reward'] += SURFBAR_CALCULATE_DYNAMIC_REWARD_ADD();
+               }
+
+               // Now get the id
+               $nextId = SURFBAR_GET_DATA('id');
+       } // END - if
+
+       // Free result
+       SQL_FREERESULT($result);
+
+       // Return result
+       //* DEBUG: */ echo "nextId={$nextId}<br />\n";
+       return $nextId;
+}
+// ----------------------------------------------------------------------------
+// PLEASE DO NOT ADD ANY OTHER FUNCTIONS BELOW THIS LINE ELSE THEY "WRAP" THE
+// $SURFBAR_DATA ARRAY!
+// ----------------------------------------------------------------------------
+// Private getter for data elements
+function SURFBAR_GET_DATA ($element) {
+       global $SURFBAR_DATA;
+
+       // Default is null
+       $data = null;
+
+       // Is the entry there?
+       if (isset($SURFBAR_DATA[$element])) {
+               // Then take it
+               $data = $SURFBAR_DATA[$element];
+       } else { // END - if
+               print("<pre>");
+               print_r($SURFBAR_DATA);
+               debug_print_backtrace();
+               die("</pre>");
+       }
+
+       // Return result
+       return $data;
+}
+// Getter for reward from cache
+function SURFBAR_GET_REWARD () {
+       // Get data element and return its contents
+       return SURFBAR_GET_DATA('reward');
+}
+// Getter for URL from cache
+function SURFBAR_GET_URL () {
+       // Get data element and return its contents
+       return SURFBAR_GET_DATA('url');
+}
+// Getter for user reload locks
+function SURFBAR_GET_USER_RELOAD_LOCK () {
+       // Get data element and return its contents
+       return SURFBAR_GET_DATA('user_locks');
+}
+// Getter for reload time
+function SURFBAR_GET_RELOAD_TIME () {
+       // Get data element and return its contents
+       return SURFBAR_GET_DATA('time');
+}
 //
 ?>
index cdad735..bf4b343 100644 (file)
@@ -145,25 +145,26 @@ if ($cacheInstance->cache_file("mod_reg", true) == true) {
                unset($cacheArray['modules']);
        } else {
                // Rewrite module cache
-               $MOD = $cacheArray['modules'];
-               foreach ($cacheArray['modules']['module'] as $key=>$mod) {
-                       $cacheArray['modules']['id'][$mod] = $cacheArray['modules']['id'][$key];
+               $modArray = $cacheArray['modules'];
+               foreach ($modArray['module'] as $key=>$mod) {
+                       $cacheArray['modules']['id'][$mod] = $modArray['id'][$key];
                        unset($cacheArray['modules']['id'][$key]);
-                       $cacheArray['modules']['title'][$mod] = $cacheArray['modules']['title'][$key];
+                       $cacheArray['modules']['title'][$mod] = $modArray['title'][$key];
                        unset($cacheArray['modules']['title'][$key]);
-                       $cacheArray['modules']['locked'][$mod] = $cacheArray['modules']['locked'][$key];
+                       $cacheArray['modules']['locked'][$mod] = $modArray['locked'][$key];
                        unset($cacheArray['modules']['locked'][$key]);
-                       $cacheArray['modules']['hidden'][$mod] = $cacheArray['modules']['hidden'][$key];
+                       $cacheArray['modules']['hidden'][$mod] = $modArray['hidden'][$key];
                        unset($cacheArray['modules']['hidden'][$key]);
-                       $cacheArray['modules']['admin_only'][$mod] = $cacheArray['modules']['admin_only'][$key];
+                       $cacheArray['modules']['admin_only'][$mod] = $modArray['admin_only'][$key];
                        unset($cacheArray['modules']['admin_only'][$key]);
-                       $cacheArray['modules']['mem_only'][$mod] = $cacheArray['modules']['mem_only'][$key];
+                       $cacheArray['modules']['mem_only'][$mod] = $modArray['mem_only'][$key];
                        unset($cacheArray['modules']['mem_only'][$key]);
                        if (isset($cacheArray['modules']['has_menu'][$key])) {
-                               $cacheArray['modules']['has_menu'][$mod] = $cacheArray['modules']['has_menu'][$key];
+                               $cacheArray['modules']['has_menu'][$mod] = $modArray['has_menu'][$key];
                                unset($cacheArray['modules']['has_menu'][$key]);
                        } // END - if
                }
+               unset($modArray);
        }
 } elseif (($_CONFIG['cache_modreg'] == "Y") && ($CSS != "1") && ($CSS != "-1")) {
        // Create cache file here
@@ -208,6 +209,7 @@ if ($cacheInstance->cache_file("config", true) == true) {
 
        // Overwrite the config with the cache version
        $cacheArray['config'] = $newCache;
+       unset($newCache);
 
        // When there is a period (.) in the result this test will fail and so the cache file is
        // damaged/corrupted
index ce45732..44991df 100644 (file)
@@ -123,7 +123,7 @@ if (!empty($SQL))
                {
                        // Update account
                        $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
-SET beg_ral_notify='%s', beg_ral_%s_notify='%s' WHERE userid=%d LIMIT 1",
+SET beg_ral_notify='%s', beg_ral_%s_notify='%s' WHERE userid=%s LIMIT 1",
  array(time(), $MODE, time(), $uid), __FILE__, __LINE__);
 
                        // Load email template and send it to the user!
index d0faabf..0d3e2ef 100644 (file)
@@ -62,7 +62,7 @@ if (($_CONFIG['birthday_active']) && (EXT_IS_ACTIVE("autopurge")) && ($_CONFIG['
 // Only confirmed members shall receive birthday mails...
 $result_birthday = SQL_QUERY_ESC("SELECT userid, email, birth_year
 FROM "._MYSQL_PREFIX."_user_data
-WHERE status='CONFIRMED' AND birth_day=%d AND birth_month=%d AND birthday_sent < ".(time() - (ONE_DAY*364)).$ADD."
+WHERE status='CONFIRMED' AND birth_day=%s AND birth_month=%s AND birthday_sent < ".(time() - (ONE_DAY*364)).$ADD."
 ORDER BY userid",
  array($DAY, $MONTH, $VALUE), __FILE__, __LINE__);
 
@@ -108,7 +108,7 @@ if (SQL_NUMROWS($result_birthday) > 0)
                SEND_EMAIL($email, HAPPY_BIRTHDAY, $msg);
 
                // Remember him that he has received a birthday mail
-               $result_bd = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET birthday_sent=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
+               $result_bd = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET birthday_sent=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
                 array(bigintval($uid)), __FILE__, __LINE__);
        }
 
index 198419d..43a382d 100644 (file)
@@ -108,7 +108,7 @@ if (!empty($SQL))
                {
                        // Update account
                        $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
-SET bonus_ral_notify='%s', bonus_ral_%s_notify='%s' WHERE userid=%d LIMIT 1",
+SET bonus_ral_notify='%s', bonus_ral_%s_notify='%s' WHERE userid=%s LIMIT 1",
  array(time(), $MODE, time(), $uid), __FILE__, __LINE__);
 
                        // Load email template and send it to the user!
index 458f1bc..604abdf 100644 (file)
@@ -310,13 +310,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                // Load logout template
                if (isset($_GET['register'])) {
                        // Secure input
-                       $register = secureString(SQL_ESCAPE($_GET['register']));
+                       $register = SQL_ESCAPE($_GET['register']);
 
                        // Special logout redirect for installation of given extension
                        LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
                } elseif (isset($_GET['remove'])) {
                        // Secure input
-                       $remove = secureString(SQL_ESCAPE($_GET['remove']));
+                       $remove = SQL_ESCAPE($_GET['remove']);
 
                        // Special logout redirect for removal of given extension
                        LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
index 0a5b93e..7ef2e0a 100644 (file)
@@ -666,17 +666,18 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con
 }
 //
 function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") {
+       // Open the requested menu directory
+       $handle = opendir(sprintf("%sinc/modules/%s/", PATH, $menu)) or mxchange_die("Cannot load menu ".$menu."!");
+
        // Init the selection box
        $OUT = "<SELECT name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <OPTION value=\"\">".IS_TOP_MENU."</OPTION>\n";
-
-       // Open the requested menu directory
-       $handle = opendir(PATH."inc/modules/".$menu."/") or mxchange_die("Cannot load menu ".$menu."!");
+       // Walk through all files
        while ($file = readdir($handle)) {
                // Is this a PHP script?
                if (($file != ".") && ($file != "..") && ($file != "lost+found") && (strpos($file, "".$type."-") > -1) && (strpos($file, ".php") > 0)) {
                        // Then test if the file is readable
-                       $test = PATH."inc/modules/".$menu."/".$file;
-                       if (is_readable($test)) {
+                       $test = sprintf("%sinc/modules/%s/%s", PATH, $menu, $file);
+                       if ((is_file($test)) && (is_readable($test))) {
                                // Extract the value for what=xxx
                                $part = substr($file, (strlen($type) + 1)); $part = substr($part, 0, strpos($part, ".php"));
 
@@ -685,9 +686,9 @@ function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") {
                                        $OUT .= "       <OPTION value=\"".$part."\"";
                                        if ($part == $default) $OUT .= "selected";
                                        $OUT .= ">".$part."</OPTION>\n";
-                               }
-                       }
-               }
+                               } // END - if
+                       } // END - if
+               } // END - if
        }
        closedir($handle);
        $OUT .= "</SELECT>\n";
@@ -756,7 +757,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") {
                        // Should always be 1 ;-)
                        if ($selected == 1) {
                                // Determine new status
-                               $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1",
                                        array($row, $table, $idRow, $id), __FILE__, __LINE__);
 
                                // Row found?
@@ -766,7 +767,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") {
                                        if ($currStatus == "Y") $newStatus='N'; else $newStatus = "Y";
 
                                        // Change this status
-                                       SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%d LIMIT 1",
+                                       SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%s LIMIT 1",
                                                array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__);
 
                                        // Count up affected rows
index 7f0f341..6fdcafc 100644 (file)
@@ -173,7 +173,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                // Assign / do tasks
                $OUT = ""; $SW = 2;
                foreach ($_POST['task'] as $id=>$sel) {
-                       $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
+                       $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
                         array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result_task) == 1) {
                                // Task is valid...
@@ -182,7 +182,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
 
                                if ($aid == "0") {
                                        // Assgin current admin to unassgigned task
-                                       $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%d LIMIT 1",
+                                       $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%s LIMIT 1",
                                         array(GET_ADMIN_ID(get_session('admin_login')), bigintval($tid)), __FILE__, __LINE__);
                                }
 
@@ -194,7 +194,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                }
 
                                if ($uid > 0) {
-                                       $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                                       $result_user = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                         array(bigintval($uid)), __FILE__, __LINE__);
                                        if (SQL_NUMROWS($result_user) == 1)
                                        {
@@ -292,7 +292,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                                // Close task but not already closes or deleted or update tasks
                                                if (($status != "CLOSED") && ($status != "DELETED") && ($type != "EXTENSION_UPDATE"))
                                                {
-                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                                         array(bigintval($tid)), __FILE__, __LINE__);
                                                }
                                        }
@@ -304,7 +304,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
 
                                        // Close task
                                        if (($status != "CLOSED") && ($status != "DELETED")) {
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                                 array(bigintval($tid)), __FILE__, __LINE__);
                                        }
                                        break;
@@ -322,7 +322,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                        if (EXT_IS_ACTIVE("payout"))
                                        {
                                                // Extension is installed so let him send a notification to the user
-                                               $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%d AND payout_timestamp=%d LIMIT 1",
+                                               $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%s AND payout_timestamp=%s LIMIT 1",
                                                 array(bigintval($uid), bigintval($created)), __FILE__, __LINE__);
                                                list($pid) = SQL_FETCHROW($result_pay);
                                                SQL_FREERESULT($result_pay);
@@ -353,7 +353,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                        if (EXT_IS_ACTIVE("wernis"))
                                        {
                                                // Extension is installed so let him send a notification to the user
-                                               $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%d AND wernis_timestamp=%d LIMIT 1",
+                                               $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%s AND wernis_timestamp=%s LIMIT 1",
                                                 array(bigintval($uid), bigintval($created)), __FILE__, __LINE__);
                                                list($pid) = SQL_FETCHROW($result_pay);
                                                SQL_FREERESULT($result_pay);
@@ -385,7 +385,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                        break;
 
                                case "NL_UNSUBSCRIBE": // Newsletter unsubscriptions
-                                       $result = SQL_QUERY_ESC("SELECT nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                         array(bigintval($uid)), __FILE__, __LINE__);
                                        list($span) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
@@ -431,7 +431,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                // Unassign from tasks
                                foreach ($_POST['task'] as $id=>$sel)
                                {
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%s AND assigned_admin='%s' LIMIT 1",
                                         array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                                }
                        }
@@ -440,7 +440,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
                                // Delete tasks
                                foreach ($_POST['task'] as $id=>$sel)
                                {
-                                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",
+                                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",
                                         array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                                }
                        }
index a71bb71..0d9ea96 100644 (file)
@@ -54,7 +54,7 @@ if ($_GET['u_id'] == "all")
                while (list($uid) = SQL_FETCHROW($result_main))
                {
                        // User ID found in URL so we use this give him some credits
-                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -65,7 +65,7 @@ if ($_GET['u_id'] == "all")
                                if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
                                {
                                        // Ok, add points and send an email to him...
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1",
                                         array($_POST['points'], bigintval($uid)), __FILE__, __LINE__);
 
                                        // Update mediadata as well
@@ -97,7 +97,7 @@ if ($_GET['u_id'] == "all")
  elseif (!empty($_GET['u_id']))
 {
        // User ID found in URL so we use this give him some credits
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -108,7 +108,7 @@ if ($_GET['u_id'] == "all")
                if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
                {
                        // Ok, add points and send an email to him...
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1",
                         array($_POST['points'], bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
                        // Remember points in constant
index 4b4970f..18f9414 100644 (file)
@@ -68,7 +68,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -117,7 +117,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -169,7 +169,7 @@ title='%s',
 action='%s',
 what='%s',
 descr='%s'
-WHERE ".$AND." AND id=%d LIMIT 1",
+WHERE ".$AND." AND id=%s LIMIT 1",
  array(
        $menu,
        $_POST['sel_action'][$sel],
@@ -184,7 +184,7 @@ WHERE ".$AND." AND id=%d LIMIT 1",
        case "del": // Delete menu
                foreach ($_POST['sel'] as $sel=>$menu)
                {
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_data_saved");
@@ -229,9 +229,9 @@ WHERE ".$AND." AND id=%d LIMIT 1",
                if ((!empty($tid)) && (!empty($fid)))
                {
                        // Sort menu
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
                }
        }
index 16bdb4c..31d92ea 100644 (file)
@@ -52,7 +52,7 @@ if ((isset($_POST['ok'])) && (!empty($_GET['admin'])))
         else
        {
                // Load admin's email address
-               $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
                 array(bigintval($_GET['admin'])), __FILE__, __LINE__);
                list($email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index d10136d..7089670 100644 (file)
@@ -129,7 +129,7 @@ ORDER BY m.admin_id, m.mail_template", __FILE__, __LINE__);
                                $aid = bigintval($aid);
 
                                // Update entry
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_mails SET admin_id=%d WHERE id=%d ORDER BY id LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_mails SET admin_id=%s WHERE id=%s ORDER BY id LIMIT 1",
                                 array($aid, $id), __FILE__, __LINE__);
 
                                if (($aid < 1) && (!empty($_POST['template'][$id])))
index c20a8c4..d75a08e 100644 (file)
@@ -50,7 +50,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
        foreach ($_POST['sel'] as $id=>$sel)
        {
                // Load data for the ID
-               $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($aid, $act, $wht, $mode) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -88,7 +88,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
                $id = bigintval($id);
 
                // Update entries
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%d, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
                 array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
        }
 
@@ -108,7 +108,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
        foreach ($_POST['sel'] as $id=>$sel)
        {
                // Load data for the ID
-               $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($admin, $act, $wht, $mode) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -156,7 +156,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
        // Remove entries
        foreach ($_POST['sel'] as $id=>$sel)
        {
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
                 array(bigintval($id)),__FILE__, __LINE__);
        }
 
@@ -172,7 +172,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
  elseif (isset($_POST['add']))
 {
        // Check if everything is fine...
-       $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
         array(bigintval($_POST['admin_id'])), __FILE__, __LINE__);
        list($mode) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -192,7 +192,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
                if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH))
                {
                        // Main or sub menu selected
-                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' AND what_menu='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
                         array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 0)
                        {
index df24b85..59b6eae 100644 (file)
@@ -76,15 +76,15 @@ if (isset($_POST['add'])) {
                        switch ($_GET['do'])
                        {
                        case "edit": // Change categories
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%d WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%s WHERE id=%s LIMIT 1",
                                 array($cat, $_POST['vis'][$id], $_POST['sort'][$id], $id), __FILE__, __LINE__);
                                $TEXT = CATEGORIES_SAVED;
                                break;
 
                        case "del": // Delete categories
-                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
                                 array($id), __FILE__, __LINE__);
-                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d",
+                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s",
                                 array($id), __FILE__, __LINE__);
                                $TEXT = CATEGORIES_DELETED;
                                break;
@@ -107,7 +107,7 @@ if (isset($_POST['add'])) {
        foreach ($_POST['sel'] as $id=>$value)
        {
                // Load data of category
-               $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($cat) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -133,7 +133,7 @@ if (isset($_POST['add'])) {
        foreach ($_POST['sel'] as $id=>$value)
        {
                // Load data from the category
-               $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($cat, $vis, $sort) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index 176e5f9..fcc868b 100644 (file)
@@ -72,13 +72,13 @@ if (isset($_POST['add_max'])) {
                switch ($_GET['do'])
                {
                case "edit": // Change entries
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%s LIMIT 1",
                         array(bigintval($_POST['val'][$id]), $_POST['comm'][$id], $id),__FILE__, __LINE__);
                        $TEXT = MRECEIVE_SAVED;
                        break;
 
                case "del":
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                        $TEXT = MRECEIVE_DELETED;
                        break;
@@ -95,7 +95,7 @@ if (isset($_POST['add_max'])) {
        foreach ($_POST['sel'] as $id=>$value)
        {
                // Load data
-               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($value, $comment) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -121,7 +121,7 @@ if (isset($_POST['add_max'])) {
        $SW = 2; $OUT = "";
        foreach ($_POST['sel'] as $id=>$value) {
                // Load data
-               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($value, $comment) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index 8878c9a..997f0de 100644 (file)
@@ -54,7 +54,7 @@ if (isset($_POST['edit']))
                foreach ($_POST['sel'] as $id=>$sel)
                {
                        // Load module data
-                       $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($mod, $title, $locked, $hidden, $admin, $mem) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -99,7 +99,7 @@ if (isset($_POST['edit']))
                $id = bigintval($id);
 
                // Update module
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%s LIMIT 1",
                 array($_POST['title'][$id], $_POST['locked'][$id], $_POST['hidden'][$id], $_POST['admin'][$id], $_POST['member'][$id], $id),  __FILE__, __LINE__);
        }
 
index 93074ff..85f05c5 100644 (file)
@@ -98,8 +98,8 @@ if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
                                // Update entry
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_payout_types SET
 type='%s',
-rate=%d,
-min_points=%d,
+rate=%s,
+min_points=%s,
 allow_url='%s'
 WHERE id='".$id."' LIMIT 1",
  array(
@@ -119,7 +119,7 @@ WHERE id='".$id."' LIMIT 1",
                foreach ($_POST['sel'] as $id=>$sel)
                {
                        // Load data
-                       $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($title, $rate, $mpoi, $allow) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -152,7 +152,7 @@ WHERE id='".$id."' LIMIT 1",
                // Delete entries
                foreach ($_POST['sel'] as $id=>$sel)
                {
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
                $msg = ADMIN_PAYOUT_ENTRIES_DELETED;
@@ -167,7 +167,7 @@ WHERE id='".$id."' LIMIT 1",
                        $id = bigintval($id);
 
                        // Load data
-                       $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT type, rate, min_points FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                        list($title, $rate, $mpoi) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
index f9728a8..b11990b 100644 (file)
@@ -95,7 +95,7 @@ if (isset($_POST['ok']))
                                $id = bigintval($id);
 
                                // Update entry
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refdepths SET level='%s', percents='%s' WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refdepths SET level='%s', percents='%s' WHERE id=%s LIMIT 1",
                                 array(bigintval($value), $_POST['perc'][$id], $id), __FILE__, __LINE__);
                        }
                        $TEXT = REF_DEPTHS_SAVED;
@@ -104,7 +104,7 @@ if (isset($_POST['ok']))
                case "del":
                        foreach ($_POST['id'] as $id=>$value)
                        {
-                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
                        }
                        $TEXT = REF_DEPTHS_DELETED;
@@ -123,7 +123,7 @@ if (isset($_POST['ok']))
                $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_config SET
 allow_direct_pay='%s',
 reg_points_mode='%s',
-ref_payout='%d'
+ref_payout='%s'
 WHERE config=0 LIMIT 1",
  $_POST['allow_direct_pay'],
  $_POST['reg_points_mode'],
@@ -132,8 +132,8 @@ WHERE config=0 LIMIT 1",
                if (($_CONFIG['ref_payout'] == 0) && ($_POST['ref_payout'] > 0))
                {
                        // Update account's ref_payout for "must-confirm"
-                       $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=(%d - mails_confirmed)
-WHERE mails_confirmed < %d", $REF, $REF);
+                       $SQL[] = sprintf("UPDATE "._MYSQL_PREFIX."_user_data SET ref_payout=(%s - mails_confirmed)
+WHERE mails_confirmed < %s", $REF, $REF);
                }
                 elseif (($_CONFIG['ref_payout'] > 0) && ($_POST['ref_payout'] == 0))
                {
@@ -219,7 +219,7 @@ WHERE mails_confirmed < %d", $REF, $REF);
                $SW = 2; $OUT = "";
                foreach ($_POST['sel'] as $id=>$value)
                {
-                       $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($lvl, $perc) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -247,7 +247,7 @@ WHERE mails_confirmed < %d", $REF, $REF);
                $SW = 2; $OUT = "";
                foreach ($_POST['sel'] as $id=>$value)
                {
-                       $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($lvl, $perc) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
index 0d3faf7..de11145 100644 (file)
@@ -48,7 +48,7 @@ if (!empty($_GET['rallye']))
                if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
                {
                        // Submitted data is valid, but maybe we already have this price level?
-                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d AND price_level='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
                         array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
 
                        if (SQL_NUMROWS($result) == 0)
@@ -83,7 +83,7 @@ VALUES ('%s', '%s', '%s', '%s')",
                        // Delete selected entries
                        foreach ($_POST['sel'] as $id=>$sel)
                        {
-                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
                        }
 
@@ -104,7 +104,7 @@ VALUES ('%s', '%s', '%s', '%s')",
                        $id = bigintval($id);
 
                        // Update entry
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%d, price_level='%s', points='%s', info='%s' WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
                         array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
                }
 
@@ -123,7 +123,7 @@ VALUES ('%s', '%s', '%s', '%s')",
                        foreach ($_POST['sel'] as $id=>$sel)
                        {
                                // Load data to selected rallye
-                               $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
                                list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
@@ -168,7 +168,7 @@ VALUES ('%s', '%s', '%s', '%s')",
                        foreach ($_POST['sel'] as $id=>$sel)
                        {
                                // Load data to selected rallye
-                               $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
                                 array(bigintval($id)), __FILE__, __LINE__);
                                list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
@@ -206,7 +206,7 @@ VALUES ('%s', '%s', '%s', '%s')",
         else
        {
                // A rallye was selected, so check if there are already prices assigned...
-               $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+               $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
                 array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
 
                if (SQL_NUMROWS($result) > 0)
index 55b411f..7da90e4 100644 (file)
@@ -46,7 +46,7 @@ if (isset($_POST['ok']))
 {
        foreach ($_POST['sel'] as $id=>$value)
        {
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_must_register SET field_required='%s' WHERE id=%d AND field_required != '%s' LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_must_register SET field_required='%s' WHERE id=%s AND field_required != '%s' LIMIT 1",
                 array($value, bigintval($id), $value),__FILE__, __LINE__);
        }
        LOAD_TEMPLATE("admin_settings_saved", false, REGISTER_ADMIN_CHANGES_SAVED);
index 1981668..1834101 100644 (file)
@@ -45,7 +45,7 @@ ADD_DESCR("admin", basename(__FILE__));
 
 if (!empty($_GET['mid'])) {
        // Load email data
-       $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
         array(bigintval($_GET['mid'])), __FILE__, __LINE__);
 
        // Delete mail only once
@@ -75,14 +75,14 @@ if (!empty($_GET['mid'])) {
                SEND_EMAIL($sender, MEMBER_ORDER_DELETED, $msg_user);
 
                // Delete mail from queue
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                 array(bigintval($_GET['mid'])), __FILE__, __LINE__);
 
                // Fetch right stats_id from pool
                $result = SQL_QUERY_ESC("SELECT s.id FROM "._MYSQL_PREFIX."_user_stats AS s
 LEFT JOIN "._MYSQL_PREFIX."_pool AS p
 ON s.pool_id=p.id
-WHERE s.pool_id=%d LIMIT 1",
+WHERE s.pool_id=%s LIMIT 1",
  array(bigintval($_GET['mid'])), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Fetch stats id
@@ -92,7 +92,7 @@ WHERE s.pool_id=%d LIMIT 1",
                        SQL_FREERESULT($result);
 
                        // Get all user links
-                       $result = SQL_QUERY_ESC("SELECT COUNT(id) AS 'cnt' FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d",
+                       $result = SQL_QUERY_ESC("SELECT COUNT(id) AS 'cnt' FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s",
                                array(bigintval($stats_id)), __FILE__, __LINE__);
 
                        // Get unconfirmed links for calculation of total points
@@ -140,7 +140,7 @@ WHERE s.pool_id=%d LIMIT 1",
                        }
 
                        // Remove links from DB
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%s",
                         array(bigintval($stats_id)), __FILE__, __LINE__);
 
                        // Output link for manually removing stats entry
@@ -152,12 +152,12 @@ WHERE s.pool_id=%d LIMIT 1",
        }
 } elseif (!empty($_GET['pid'])) {
        // Remove stats entries
-       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
         array(bigintval($_GET['pid'])), __FILE__, __LINE__);
        LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_USER_STATS_REMOVED);
 } elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) {
        // Load data from bonus mail
-       $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%d",
+       $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%s",
         array(bigintval($_GET['bid'])), __FILE__, __LINE__);
 
        // Delete mail only once
@@ -167,9 +167,9 @@ WHERE s.pool_id=%d LIMIT 1",
                SQL_FREERESULT($result);
 
                // Delete bonus mail entirely from database
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                 array(bigintval($_GET['bid'])), __FILE__, __LINE__);
-               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%d",
+               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE bonus_id=%s",
                 array(bigintval($_GET['bid'])), __FILE__, __LINE__);
 
                // Prepare data for the template
index 26a98a8..f2b840e 100644 (file)
@@ -54,7 +54,7 @@ if ($SUM > 0)
                // Get the userid
                $result = SQL_QUERY_ESC("SELECT userid, holiday_start, holiday_end
 FROM "._MYSQL_PREFIX."_user_holidays
-WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
+WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // Load data and free memory
@@ -64,11 +64,11 @@ WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
                        // Update user's account
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
 SET holiday_active='N', holiday_activated='0'
-WHERE userid=%d LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__);
 
                        // Remove holiday
                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays
-WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
+WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
 
                        // Prepare loaded data for the
                        $content = array(
@@ -92,7 +92,7 @@ WHERE id=%d LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
        // Fetch data
        $result_load = SQL_QUERY_ESC("SELECT holiday_start AS start, holiday_end AS end
 FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_load) == 1)
        {
                // Load data
@@ -104,7 +104,7 @@ WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
                // Delete one holiday request (for task)
                $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_holidays
-WHERE userid=%d LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
                // Send email to user
                $msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, $_GET['u_id']);
index 27ace76..3c833ba 100644 (file)
@@ -50,9 +50,9 @@ if (isset($_POST['del']))
                // Delete entries...
                foreach ($_POST['sel'] as $id=>$sel)
                {
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_in WHERE trans_id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_in WHERE trans_id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_out WHERE trans_id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_transfers_out WHERE trans_id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
        }
index ba3d9e9..c18b248 100644 (file)
@@ -47,7 +47,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", "");
 if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason']))))
 {
        // Delete users account
-       $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_user) == 1)
        {
@@ -77,7 +77,7 @@ if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason']
  else
 {
        // Realy want to delete?
-       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
index 431c518..ff86a36 100644 (file)
@@ -54,7 +54,7 @@ if (SQL_NUMROWS($result) > 0)
        if (isset($_POST['ok']))
        {
                // Make mail editable...
-               $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                 array(bigintval($_POST['id'])), __FILE__, __LINE__);
                list($subj, $text, $url) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -75,7 +75,7 @@ if (SQL_NUMROWS($result) > 0)
 subject='%s',
 text='%s',
 url='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
  array(
        addslashes($_POST['subj']),
        addslashes($_POST['text']),
index ea52415..82e3839 100644 (file)
@@ -46,7 +46,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", "");
 $result_main = false;
 if (isset($_GET['u_id'])) {
        //                                    0      1        2         3      4     5      6       7         8          9           10         11
-       $result_main = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result_main = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 }
 
@@ -82,11 +82,11 @@ surname='%s',
 family='%s',
 street_nr='%s',
 country='%s',
-zip=%d,
+zip=%s,
 city='%s',
 email='%s'
 ".$ADD."
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
  array(
        substr($_POST['salut'], 0, 1),
        $_POST['surname'],
index 7e822c5..7ec5a8f 100644 (file)
@@ -86,7 +86,7 @@ if (SQL_NUMROWS($result) > 0)
        while ($pool = SQL_FETCHROW($result))
        {
                // Check sent mails and clicks
-               $result_mails = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+               $result_mails = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
                 array(bigintval($pool[0])), __FILE__, __LINE__);
                list($sent, $clicks) = SQL_FETCHROW($result_mails);
                SQL_FREERESULT($result_mails);
index 190e808..2a765f9 100644 (file)
@@ -139,7 +139,7 @@ if (SQL_NUMROWS($result_list) > 0)
        while ($pool = SQL_FETCHROW($result_list))
        {
                // Unconfirmed mails and sent mails
-               $result_uncon = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+               $result_uncon = SQL_QUERY_ESC("SELECT max_rec, clicks FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
                 array(bigintval($pool[0])), __FILE__, __LINE__);
                list($sent, $clicks) = SQL_FETCHROW($result_uncon);
                SQL_FREERESULT($result_uncon);
index fb79f0a..3d47fee 100644 (file)
@@ -61,7 +61,7 @@ if (!empty($_GET['reg_ext'])) {
                        // De/activate extension
                        $ACT = "N"; $EXT_LOAD_MODE = "deactivate";
                        if ($active == "N") { $ACT = "Y"; $EXT_LOAD_MODE = "activate"; }
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%d AND ext_active='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='".$ACT."' WHERE id=%s AND ext_active='%s' LIMIT 1",
                         array(bigintval($id), $active), __FILE__, __LINE__);
 
                        // Run embeded SQL commands
@@ -83,11 +83,11 @@ if (!empty($_GET['reg_ext'])) {
                                $active = $_POST['active'][$id];
                                if (GET_EXT_VERSION("sql_patches") >= "0.0.6")  {
                                        // Update also CSS column when extensions sql_patches is newer or exact v0.0.6
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1",
                                         array($_POST['css'][$id], $active, $id), __FILE__, __LINE__);
                                } else {
                                        // When extension is older than v0.0.6 there is no column for the CSS information
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='%s' WHERE id=%s LIMIT 1",
                                         array($active, $id), __FILE__, __LINE__);
                                }
 
@@ -114,12 +114,12 @@ if (!empty($_GET['reg_ext'])) {
                        if (($sel == "Y") || ($sel == "N")) {
                                // Load required data
                                if (GET_EXT_VERSION("sql_patches") >= "0.0.6") {
-                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_has_css, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                                         array(bigintval($id)), __FILE__, __LINE__);
                                        list($name, $css, $active) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
                                } else {
-                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT ext_name, ext_active FROM "._MYSQL_PREFIX."_extensions WHERE id=%s LIMIT 1",
                                         array(bigintval($id)), __FILE__, __LINE__);
                                        list($name, $active) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
@@ -291,7 +291,7 @@ case "register": // Register new extension
        // Is the ID number valid and the task was found?
        if (($id > 0) && ($task_found == 1)) {
                // ID is valid so begin with registration, we first want to it's real name from task management (subject column)
-               $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($subj) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index ea87d80..72736ee 100644 (file)
@@ -69,7 +69,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($query) == 1)
                        {
@@ -116,7 +116,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $query = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $query = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($query) == 1)
                        {
@@ -161,7 +161,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                        $sel = bigintval($sel);
 
                        // Update entry
-                       $query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_data_saved");
@@ -171,7 +171,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                foreach ($_POST['sel'] as $sel=>$menu)
                {
                        // Delete enty
-                       $query = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $query = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_data_saved");
@@ -184,7 +184,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                        $sel = bigintval($sel);
 
                        // Update entry
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_data_saved");
@@ -209,7 +209,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -279,9 +279,9 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ((!empty($tid)) && (!empty($fid)))
                {
                        // Sort menu
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
                }
        }
index b0d0fc9..9ec6e99 100644 (file)
@@ -45,7 +45,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", "");
 if (!empty($_GET['u_id']))
 {
        // Check if the user already exists
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -69,7 +69,7 @@ if (!empty($_GET['u_id']))
                        while (list($cid, $cat) = SQL_FETCHROW($result_cats))
                        {
                                // Check user's selection
-                               $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+                               $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
                                 array(bigintval($_GET['u_id']), bigintval($cid)), __FILE__, __LINE__);
 
                                // Set selection
index d694fdf..16ceaef 100644 (file)
@@ -107,7 +107,7 @@ if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr'
                foreach ($_POST['id'] as $id=>$status)
                {
                        // Load data from DB
-                       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
index 5d7a1b0..ba73c72 100644 (file)
@@ -47,7 +47,7 @@ if (empty($_GET['del'])) $_GET['del'] = "";
 
 if (!empty($_GET['u_id'])) {
        // Check if the user already exists
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
         // Is there an entry?
@@ -59,11 +59,11 @@ if (!empty($_GET['u_id'])) {
                // Grab user's all unconfirmed mails
                if (EXT_IS_ACTIVE("bonus")) {
                        // Load bonus ID
-                       $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+                       $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                } else {
                        // Load stats ID (2nd will be ignored later! But it is needed for the same fetchrow command)
-                       $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d ORDER BY id",
+                       $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s ORDER BY id",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                }
 
@@ -74,7 +74,7 @@ if (!empty($_GET['u_id'])) {
                        // Some unconfirmed mails left
                        if ($_GET['del'] == "all") {
                                // Delete all unconfirmed mails by this user
-                               $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d LIMIT %s",
+                               $result_del = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE userid=%s LIMIT %s",
                                 array(bigintval($_GET['u_id']), $nums), __FILE__, __LINE__);
 
                                // Prepare mail and send it away
@@ -92,14 +92,14 @@ if (!empty($_GET['u_id'])) {
                                        switch ($type)
                                        {
                                        case "NORMAL":
-                                               $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%d LIMIT 1",
+                                               $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM "._MYSQL_PREFIX."_user_stats WHERE id=%s LIMIT 1",
                                                 array(bigintval($id)), __FILE__, __LINE__);
                                                $type = "mailid"; $DATA = $id; $PROBLEM = NORMAL_MAIL_PROBLEM;
                                                $LINK = "<A href=\"".URL."/mailid.php?uid=".$_GET['u_id']."&amp;mailid=".$id."\" target=\"_blank\">".$id."</A>";
                                                break;
 
                                        case "BONUS":
-                                               $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1",
+                                               $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM "._MYSQL_PREFIX."_bonus WHERE id=%s LIMIT 1",
                                                 array(bigintval($id2)), __FILE__, __LINE__);
                                                $type = "bonusid"; $DATA = $id2; $PROBLEM = BONUS_MAIL_PROBLEM;
                                                $LINK = "<A href=\"".URL."/mailid.php?uid=".$_GET['u_id']."&amp;bonusid=".$id2."\" target=\"_blank\">".$id2."</A>";
index 58c998b..93ec1c9 100644 (file)
@@ -45,11 +45,11 @@ if ((!empty($_POST['uid'])) && (!empty($_POST['id'])))
 {
        // Update database...
        // First user's account
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%s LIMIT 1",
         array(bigintval($_POST['uid'])), __FILE__, __LINE__);
 
        // Next the task system...
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
         array(bigintval($_POST['id'])), __FILE__, __LINE__);
 
        // Send mail to user
index 43f8314..7378631 100644 (file)
@@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__));
 if (!empty($_GET['pid']))
 {
        // First let's get the member's ID
-       $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
         array($_GET['pid']), __FILE__, __LINE__);
        list($uid, $tuid, $points, $tstamp, $tpass) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -52,7 +52,7 @@ if (!empty($_GET['pid']))
        if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0))
        {
                // Get task ID from database
-               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%d AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%s AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
                 array(bigintval($uid)), __FILE__, __LINE__);
                list($task) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -72,7 +72,7 @@ if (!empty($_GET['pid']))
        if ((!empty($task)) && (!empty($uid)) && ($uid > 0))
        {
                // Load user's data
-               $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(bigintval($uid)), __FILE__, __LINE__);
                list($email, $sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -86,7 +86,7 @@ if (!empty($_GET['pid']))
                        if (isset($_POST['ok']))
                        {
                                // Obtain payout type and other data
-                               $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
                                 array(bigintval($_GET['pid'])), __FILE__, __LINE__);
                                list($ptype) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
@@ -94,7 +94,7 @@ if (!empty($_GET['pid']))
                                if (!empty($ptype))
                                {
                                        // Obtain data from payout type
-                                       $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
                                         array(bigintval($ptype)), __FILE__, __LINE__);
                                        list($fuid, $fpass, $eurl, $eok, $failed, $eenc, $allow) = SQL_FETCHROW($result);
                                        SQL_FREERESULT($result);
@@ -136,12 +136,12 @@ if (!empty($_GET['pid']))
                                                // Clear task
                                                if ($task > 0)
                                                {
-                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                                         array(bigintval($task)),__FILE__, __LINE__);
                                                }
 
                                                // Clear payout request
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%s LIMIT 1",
                                                 array(bigintval($_GET['pid'])), __FILE__, __LINE__);
 
                                                // Send out mail
@@ -189,12 +189,12 @@ if (!empty($_GET['pid']))
                                if ($task > 0)
                                {
                                        // Clear task
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
                                         array(bigintval($task)), __FILE__, __LINE__);
                                }
 
                                // Clear payout request
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%s LIMIT 1",
                                 array(bigintval($_GET['pid'])), __FILE__, __LINE__);
 
                                // Send out mail
index f8f809a..aee3d15 100644 (file)
@@ -54,11 +54,11 @@ if (isset($_GET['rallye']))
                switch ($_GET['activate'])
                {
                case "1": // Activate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='Y' WHERE id=%d AND is_active='N' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='Y' WHERE id=%s AND is_active='N' LIMIT 1";
                        break;
 
                case "0": // Deactivate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='N' WHERE id=%d AND is_active='Y' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET is_active='N' WHERE id=%s AND is_active='Y' LIMIT 1";
                        break;
                }
        }
@@ -69,11 +69,11 @@ if (isset($_GET['rallye']))
                switch ($_GET['notify'])
                {
                case "1": // Activate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='Y' WHERE id=%d AND send_notify='N' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='Y' WHERE id=%s AND send_notify='N' LIMIT 1";
                        break;
 
                case "0": // Deactivate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='N' WHERE id=%d AND send_notify='Y' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET send_notify='N' WHERE id=%s AND send_notify='Y' LIMIT 1";
                        break;
                }
        }
@@ -84,11 +84,11 @@ if (isset($_GET['rallye']))
                switch ($_GET['auto'])
                {
                case "1": // Activate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='Y' WHERE id=%d AND auto_add_new_user='N' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='Y' WHERE id=%s AND auto_add_new_user='N' LIMIT 1";
                        break;
 
                case "0": // Deactivate
-                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='N' WHERE id=%d AND auto_add_new_user='Y' LIMIT 1";
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_rallye_data SET auto_add_new_user='N' WHERE id=%s AND auto_add_new_user='Y' LIMIT 1";
                        break;
                }
        }
@@ -109,11 +109,11 @@ if (isset($_GET['rallye']))
                foreach ($_POST['sel'] as $id=>$sel)
                {
                        // Remove selected rallye entirely...
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s",
                         array(bigintval($id)), __FILE__, __LINE__);
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
 
@@ -172,7 +172,7 @@ if (isset($_POST['edit']))
                foreach ($_POST['sel'] as $id=>$sel)
                {
                        // Load rallye basic data
-                       $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM "._MYSQL_PREFIX."_rallye_data WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($title, $descr, $templ, $start, $end, $min_users, $min_prices) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
@@ -223,7 +223,7 @@ if (isset($_POST['edit']))
  elseif (($_GET['sub'] == "users") && ($_GET['rallye'] > 0))
 {
        // List users and their refs before start and current
-       $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d ORDER BY userid",
+       $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s ORDER BY userid",
         array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) > 0)
        {
@@ -287,11 +287,11 @@ ORDER BY start_time DESC",
                        $alogin = GET_ADMIN_LOGIN($aid);
 
                        // Count assigned prices
-                       $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d",
+                       $result_prices = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s",
                         array(bigintval($id)), __FILE__, __LINE__);
 
                        // Count joined userids
-                       $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%d",
+                       $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_users WHERE rallye_id=%s",
                         array($id), __FILE__, __LINE__);
                        $joined = SQL_NUMROWS($result_user);
 
index 29b0b1c..acfc839 100644 (file)
@@ -51,7 +51,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", "");
 if (!empty($_GET['u_id']))
 {
        // Check if the user already exists
-       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -59,9 +59,9 @@ if (!empty($_GET['u_id']))
                SQL_FREERESULT($result);
 
                // Loads surname, family's name and the email address
-               $result     = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d",
+               $result     = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s",
                 array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
-               $result_lck = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d AND status != 'CONFIRMED' ORDER BY userid",
+               $result_lck = SQL_QUERY_ESC("SELECT COUNT(*) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s AND status != 'CONFIRMED' ORDER BY userid",
                 array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                $menge      = SQL_RESULT($result    , 0, 0);
                $menge_lck  = SQL_RESULT($result_lck, 0, 0);
@@ -70,7 +70,7 @@ if (!empty($_GET['u_id']))
                SQL_FREERESULT($result);
                SQL_FREERESULT($result_lck);
 
-               $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email, status, joined FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d ORDER BY userid",
+               $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email, status, joined FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s ORDER BY userid",
                 array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
                OUTPUT_HTML(ADMIN_TOTAL_REFS_1."".ADMIN_USER_PROFILE_LINK($_GET['u_id'])."".ADMIN_TOTAL_REFS_2.$menge.ADMIN_TOTAL_REFS_3.$menge_lck.ADMIN_TOTAL_REFS_4."<br /><br />");
@@ -84,7 +84,7 @@ if (!empty($_GET['u_id']))
                                while ($row = SQL_FETCHROW($result))
                                {
                                        // Check for referrals
-                                       $result_refs = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%d",
+                                       $result_refs = SQL_QUERY_ESC("SELECT COUNT(userid) FROM "._MYSQL_PREFIX."_user_data WHERE refid=%s",
                                         array(bigintval($row[0])), __FILE__, __LINE__);
                                        $refs_cnt = SQL_RESULT($result_refs, 0, 0);
                                        SQL_FREERESULT($result_refs);
index a4c2c82..5ac8fff 100644 (file)
@@ -103,7 +103,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L
                                // Unassign from tasks
                                foreach ($_POST['task'] as $id=>$sel)
                                {
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
+                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%s AND assigned_admin='%s' LIMIT 1",
                                         array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                                }
                        }
@@ -115,13 +115,13 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L
                                        if ($_GET['type'] == "deleted")
                                        {
                                                // Delete task immediately
-                                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s LIMIT 1",
                                                 array(bigintval($id)),__FILE__, __LINE__);
                                        }
                                         else
                                        {
                                                // Mark task as to be deleted (purged by autppurge extension)
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='DELETED' WHERE id=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='DELETED' WHERE id=%s LIMIT 1",
                                                 array(bigintval($id)), __FILE__, __LINE__);
                                        }
                                }
index a4cfc7b..1c76369 100644 (file)
@@ -158,9 +158,9 @@ WHERE l.%s='%s' ORDER BY l.userid LIMIT %s",
         elseif ($_GET['mid'] > 0)
        {
                // Data in pool or in user_stats not found, so let's find out where data is missing
-               $result1 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+               $result1 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                 array(bigintval($ID)), __FILE__, __LINE__);
-               $result2 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1",
+               $result2 = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%s LIMIT 1",
                 array(bigintval($ID)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result1) == 1)
                {
index 0199638..f8f5982 100644 (file)
@@ -74,7 +74,7 @@ if (!empty($_GET['u_id']))
        // Does the account exists?       0      1        2         3      4     5      6       7         8          9          10           11           12         13     14         15           16          17            18           19           20           21        22        23             24              25         26
        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails, receive_mails, refid, status, REMOTE_ADDR, last_online, last_module, ref_clicks, total_logins, used_points, emails_sent, joined, last_update, last_profile_sent, notified, ref_payout".$MORE."
 FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
         array($uid), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
index 021adfa..d31d1e7 100644 (file)
@@ -44,7 +44,7 @@ ADD_DESCR("admin", basename(__FILE__));
 OPEN_TABLE("100%", "admin_content admin_content_align", "");
 if (!empty($_GET['u_id']))
 {
-       $result_user = SQL_QUERY_ESC("SELECT status, sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result_user = SQL_QUERY_ESC("SELECT status, sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        $ACT = false;
        if (SQL_NUMROWS($result_user) == 1)
@@ -58,7 +58,7 @@ if (!empty($_GET['u_id']))
                        ADD_MEMBER_SELECTION_BOX();
                } elseif (!empty($_POST['lock'])) {
                        // Ok, lock the account!
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%s LIMIT 1",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                        if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
                        {
@@ -74,7 +74,7 @@ if (!empty($_GET['u_id']))
                        $ACT = true;
                } elseif (!empty($_POST['unlock'])) {
                        // Ok, unlock the account!
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%s LIMIT 1",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                        if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
                        {
@@ -106,7 +106,7 @@ if (!empty($_GET['u_id']))
                }
                 else
                {
-                       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
index d240fc7..fc93c89 100644 (file)
@@ -68,7 +68,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -115,7 +115,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -157,7 +157,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ($confirm == 1)
                {
                        $cnt++;
-                       $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($sel)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -204,17 +204,17 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                switch ($_POST['ok'])
                {
                case "edit": // Edit menu
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $_POST['sel_descr'][$sel], $sel), __FILE__, __LINE__);
                        break;
 
                case "del": // Delete menu
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
                         array($sel), __FILE__, __LINE__);
                        break;
 
                case "status": // Change status of menus
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
                        break;
                }
@@ -255,9 +255,9 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ((!empty($tid)) && (!empty($fid)))
                {
                        // Sort menu
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
-                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+                       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
                         array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
                }
        }
diff --git a/inc/modules/admin/what-newsletter.php b/inc/modules/admin/what-newsletter.php
deleted file mode 100644 (file)
index 456fab2..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-<?php
-// DEPRECATED!!!
-?>
index 9a987d7..fe64ee8 100644 (file)
@@ -115,7 +115,7 @@ if (isset($_POST['ok']))
        $SW = 2; $OUT = "";
        foreach ($_POST['sel'] as $id=>$value)
        {
-               $result = SQL_QUERY_ESC("SELECT time, mail_title FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT time, mail_title FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($time, $title) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -143,7 +143,7 @@ if (isset($_POST['ok']))
        $SW = 2; $OUT = "";
        foreach ($_POST['sel'] as $id=>$value)
        {
-               $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM "._MYSQL_PREFIX."_payments WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($time, $pay, $title, $price) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index c52ab32..1d8c360 100644 (file)
@@ -82,7 +82,7 @@ VALUES ('%s', '%s', '%s')",
                        $id = bigintval($id);
 
                        // Update entry
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%s LIMIT 1",
                         array($_POST['url'][$id], $_POST['alternate'][$id], $_POST['visible'], $id), __FILE__, __LINE__);
                }
                break;
@@ -104,7 +104,7 @@ VALUES ('%s', '%s', '%s')",
        foreach ($_POST['sel'] as $id=>$sel)
        {
                // Load data
-               $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($url, $alt, $vis) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -134,7 +134,7 @@ VALUES ('%s', '%s', '%s')",
                // Delete banner
                foreach ($_POST['sel'] as $id=>$sel)
                {
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                }
        }
index 35f926b..774d53e 100644 (file)
@@ -51,7 +51,7 @@ while(list($id, $act) = SQL_FETCHROW($result_fix))
        $ACTIONs[] = $act;
 
        // Fix weight
-       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%d LIMIT 1",
+       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%s LIMIT 1",
         array($cnt, bigintval($id)), __FILE__, __LINE__);
        $REP += SQL_AFFECTEDROWS();
 
@@ -74,7 +74,7 @@ foreach ($ACTIONs as $act)
        while (list($id) = SQL_FETCHROW($result_fix))
        {
                // Fix weight
-               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%d LIMIT 1",
+               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE id=%s LIMIT 1",
                 array($cnt, bigintval($id)), __FILE__, __LINE__);
                $REP += SQL_AFFECTEDROWS();
 
index eb9be4c..aee1275 100644 (file)
@@ -47,12 +47,12 @@ if (SQL_NUMROWS($result) > 0)
        $REMOVED = 0; // Nothing is removed for now... ;-)
        while (list($uid) = SQL_FETCHROW($result))
        {
-               $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array(bigintval($uid)), __FILE__, __LINE__);
                if (SQL_NUMROWS($result_user) == 0)
                {
                        // Ok, we found something to remove
-                       $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d",
+                       $result_remove = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s",
                         array(bigintval($uid)), __FILE__, __LINE__);
                        $REMOVED += SQL_AFFECTEDROWS();
                }
index 85e6354..80ac7ca 100644 (file)
@@ -50,7 +50,7 @@ while(list($id, $act) = SQL_FETCHROW($result_fix))
        $ACTIONS[] = $act;
 
        // Fix weight
-       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%d LIMIT 1",
+       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%s LIMIT 1",
         array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
        $REP += SQL_AFFECTEDROWS();
 
@@ -74,7 +74,7 @@ foreach ($ACTIONS as $act)
        while (list($id) = SQL_FETCHROW($result_fix))
        {
                // Fix weight
-               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%d LIMIT 1",
+               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE id=%s LIMIT 1",
                 array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
                $REP += SQL_AFFECTEDROWS();
 
index 0eeb00c..81d3ade 100644 (file)
@@ -50,7 +50,7 @@ while(list($id, $act) = SQL_FETCHROW($result_fix))
        $ACTIONS[] = $act;
 
        // Fix weight
-       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%d LIMIT 1",
+       $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%s LIMIT 1",
         array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
        $REP += SQL_AFFECTEDROWS();
 
@@ -73,7 +73,7 @@ foreach ($ACTIONS as $act)
        while (list($id) = SQL_FETCHROW($result_fix))
        {
                // Fix weight
-               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%d LIMIT 1",
+               $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET sort='%s' WHERE id=%s LIMIT 1",
                 array(bigintval($cnt), bigintval($id)), __FILE__, __LINE__);
                $REP += SQL_AFFECTEDROWS();
 
index ace9560..3bd840b 100644 (file)
@@ -57,7 +57,7 @@ if (isset($_POST['ok']))
                // Select category
                $CAT_TABS  = "LEFT JOIN "._MYSQL_PREFIX."_user_cats AS c ON d.userid=c.userid";
                $cat = bigintval($_POST['cat']);
-               $CAT_WHERE = " AND c.cat_id=%d";
+               $CAT_WHERE = " AND c.cat_id=%s";
        }
        if (GET_EXT_VERSION("holiday") >= "0.1.3")
        {
@@ -167,13 +167,13 @@ VALUES ('%s', '%s', '%s', '%s', '%s', 'NEW', UNIX_TIMESTAMP(), '%s', '%s', '%s',
                {
                        $CATS['id'][]   = $id;
                        $CATS['name'][] = $cat;
-                       $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d",
+                       $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s",
                         array(bigintval($id)), __FILE__, __LINE__);
                        $uid_cnt = "0";
                        while (list($ucat) = SQL_FETCHROW($result_uids))
                        {
                                $result_ver = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data
-WHERE userid=%d AND status='CONFIRMED' AND receive_mails > 0".$MORE." LIMIT 1",
+WHERE userid=%s AND status='CONFIRMED' AND receive_mails > 0".$MORE." LIMIT 1",
  array(bigintval($ucat)), __FILE__, __LINE__);
                                $uid_cnt += SQL_NUMROWS($result_ver);
 
diff --git a/inc/modules/admin/what-stats.php b/inc/modules/admin/what-stats.php
deleted file mode 100644 (file)
index cc11671..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-<?php
-// OBSOLETE!
-?>
index 9c6cc1d..dc9982f 100644 (file)
@@ -54,7 +54,7 @@ if ($_GET['u_id'] == "all")
                while (list($uid) = SQL_FETCHROW($result_main))
                {
                        // User ID found in URL so we use this give him some credits
-                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -65,8 +65,7 @@ if ($_GET['u_id'] == "all")
                                if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
                                {
                                        // Ok, add points to used points and send an email to him...
-                                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                                        array(bigintval($_POST['points'], bigintval($uid))), __FILE__, __LINE__);
+                                       SUB_POINTS($uid, $_POST['points']);
 
                                        // Load message and send it away
                                        $msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $uid);
@@ -89,7 +88,7 @@ if ($_GET['u_id'] == "all")
  elseif (!empty($_GET['u_id']))
 {
        // User ID found in URL so we use this give him some credits
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
         array(bigintval($_GET['u_id'])),__FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
@@ -100,15 +99,7 @@ if ($_GET['u_id'] == "all")
                if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
                {
                        // Ok, add to used points and send an email to him...
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
-                        array(bigintval($_POST['points']), bigintval($_GET['u_id'])), __FILE__, __LINE__);
-
-                       // Update mediadata as well
-                       if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-                       {
-                               // Update database
-                               MEDIA_UPDATE_ENTRY(array("total_points"), "sub", bigintval($_POST['points']));
-                       }
+                       SUB_POINTS(bigintval($_GET['u_id']), $_POST['points']);
 
                        // Remember points in template
                        define('__POINTS_VALUE', bigintval($_POST['points']));
index 99df9a4..62eca49 100644 (file)
@@ -72,7 +72,7 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
                if ((substr($value, 0, 6) == "theme-") && (substr($value, -4) == ".zip"))
                {
                        $name = substr($value, 6, -4);
-                       $file = PATH."themes/".$name."/theme.php";
+                       $file = sprintf("%sthemes/%s/theme.php", PATH, $name);
                        $ver = trim(substr($response[$idx + 3], 4));
 
                        // Load version
@@ -101,18 +101,18 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
                                        $LANG_DUMMY[$k] = $v;
                                        if ($v == "xx:xx") break;
                                        $LANG[] = $v;
-                               }
+                               } // END - foreach
 
                                // If language is found stop searching on matching line
                                foreach($LANG as $search) {
                                        if (substr($search, 0, 3) == (GET_LANGUAGE().":")) { $INFO = substr($search, 3); break; }
-                               }
+                               } // END - foreach
 
                                // Add informations to array
                                $THEMES['infos'][] = $INFO;
-                       }
-               }
-       }
+                       } // END - if
+               } // END - if
+       } // END - foreach
 
        // Ok, themes are on our server but maybe you have already installed them?
        if (sizeof($THEMES['fname']) > 0) {
@@ -146,17 +146,14 @@ if (($response[sizeof($response) - 1] == "[EOF]") && ($response[0] != "[EOF]"))
 
                // Load template
                LOAD_TEMPLATE("admin_theme_list");
-       }
-        else
-       {
+       } else {
                // All Themes are downloaded and installed
                LOAD_TEMPLATE("admin_theme_installed", false, $count);
        }
-}
- else
-{
+} else {
        // No theme where found
        LOAD_TEMPLATE("admin_theme_404");
 }
+
 //
 ?>
index 663d9ae..65c342d 100644 (file)
@@ -66,17 +66,17 @@ if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) {
                                $id = bigintval($id);
 
                                // Unlock selected email
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%d AND data_type='ADMIN' LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%s AND data_type='ADMIN' LIMIT 1",
                                 array($id), __FILE__, __LINE__);
 
                                // Update wents fine?
                                if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) {
-                                       // Order placed in queue...        0         1           2           3
-                                       $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment
+                                       // Order placed in queue...        0         1           2           3             4
+                                       $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment, po.payment_id
 FROM "._MYSQL_PREFIX."_pool AS po
 INNER JOIN "._MYSQL_PREFIX."_payments AS pay
 ON po.payment_id=pay.id
-WHERE po.id=%d
+WHERE po.id=%s
 LIMIT 1",
                                         array($id), __FILE__, __LINE__);
 
@@ -89,7 +89,7 @@ LIMIT 1",
                                        // Check for bonus extension version >= 0.4.4 for the order bonus
                                        if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y")) {
                                                // Add points directly
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%s LIMIT 1",
                                                 array(bigintval($DATA['sender'])), __FILE__, __LINE__);
 
                                                // Subtract bonus points from system
@@ -99,7 +99,7 @@ LIMIT 1",
                                        // Check for surfbar extension
                                        if (EXT_IS_ACTIVE("surfbar")) {
                                                // Add the url
-                                               $insertId = SURFBAR_ADMIN_ADD_URL($DATA['url'], $DATA['sender'], $DATA['payment']);
+                                               $insertId = SURFBAR_ADMIN_ADD_URL($DATA['url'], $DATA['sender'], $DATA['payment'], $DATA['payment_id']);
 
                                                // Load email template
                                                $msg_user = LOAD_EMAIL_TEMPLATE("order_accept_sb", $insertId, $DATA['sender']);
@@ -131,7 +131,7 @@ LIMIT 1",
                                $id = bigintval($id);
 
                                // Load URL and subject from pool
-                               $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
                                 array($id), __FILE__, __LINE__);
 
                                // Load data
@@ -148,7 +148,7 @@ LIMIT 1",
                                if ((empty($_POST['redirect'])) || ($_POST['redirect'] == "http://")) $_POST['redirect'] = URL;
 
                                // Redirect URL
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1",
                                 array($_POST['redirect'], $id),__FILE__, __LINE__);
 
                                // Prepare data for the row template
index be76d57..4475fed 100644 (file)
@@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__));
 // Is a user id given?
 if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) {
        // Load user data and display it
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
        // Is a user account found?
index 14a9ee7..7db176a 100644 (file)
@@ -44,7 +44,7 @@ OUTPUT_HTML("<br /><STRONG>".VALIDATING_LOGIN."</STRONG><br />");
 
 if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime'))) {
        // Get theme from profile
-       $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
        list($NewTheme) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
@@ -57,7 +57,7 @@ if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSession
                // Update last login
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data
 SET last_login=UNIX_TIMESTAMP()
-WHERE userid=%d AND last_login < (UNIX_TIMESTAMP() - %d)
+WHERE userid=%s AND last_login < (UNIX_TIMESTAMP() - %s)
 LIMIT 1", array($GLOBALS['userid'], $_CONFIG['login_timeout']),
  __FILE__, __LINE__);
                if (SQL_AFFECTEDROWS($link) == 1) $bonus = true;
index 48ff5cc..78ab97d 100644 (file)
@@ -43,7 +43,7 @@ if (!empty($_GET['order'])) {
        // Order number placed, is he also logged in?
        if(IS_LOGGED_IN()) {
                // Ok, test passed... :)
-               $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
                 array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
 
                // Finally is the entry valid?
index e8df9e7..a030f9e 100644 (file)
@@ -54,7 +54,7 @@ if ($_CONFIG['mad_counter'] < $total)
        // Update counter
        $_CONFIG['mad_counter'] = $total;
        $_CONFIG['last_mad']    = time();
-       $result_mad = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET mad_timestamp=%d, mad_count='%s' WHERE config=0 LIMIT 1",
+       $result_mad = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET mad_timestamp=%s, mad_count='%s' WHERE config=0 LIMIT 1",
         array($_CONFIG['last_mad'], $_CONFIG['mad_counter']), __FILE__, __LINE__);
 
        // Destroy cache
index 6ecc2d4..9ac317e 100644 (file)
@@ -68,7 +68,7 @@ if (!empty($_GET['hash']))
                        if (($rid > 0) && ($rid != $uid))
                        {
                                // Select the referral userid
-                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                                 array(bigintval($rid)), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result) == 1)
                                {
@@ -94,7 +94,7 @@ if (!empty($_GET['hash']))
                                        if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y"))
                                        {
                                                // Add points (directly only!)
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%d LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%s LIMIT 1",
                                                 array($_CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__);
 
                                                // Subtract points from system
index 62450c8..70652bf 100644 (file)
@@ -98,7 +98,7 @@ if (IS_LOGGED_IN()) {
                if (!empty($UID2)) $UID = $UID2;
        } else {
                // Direct userid entered
-               $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                 array(bigintval($UID), $hash), __FILE__, __LINE__);
                list($dmy, $password, $online, $login) = SQL_FETCHROW($result);
        }
@@ -122,7 +122,7 @@ if (IS_LOGGED_IN()) {
                                $hash = generateHash($_POST['password']);