Fixes for sql_patches removal vs. password reset of admin
authorRoland Häder <roland@mxchange.org>
Sat, 30 Aug 2008 22:55:41 +0000 (22:55 +0000)
committerRoland Häder <roland@mxchange.org>
Sat, 30 Aug 2008 22:55:41 +0000 (22:55 +0000)
49 files changed:
.gitattributes
inc/extensions.php
inc/language.php
inc/language/de.php
inc/libs/cache_functions.php
inc/load_extensions.php
inc/modules/admin.php
inc/modules/admin/action-admins.php
inc/modules/admin/action-country.php
inc/modules/admin/action-doubler.php
inc/modules/admin/action-email.php
inc/modules/admin/action-holiday.php
inc/modules/admin/action-login.php
inc/modules/admin/action-menu.php
inc/modules/admin/action-misc.php
inc/modules/admin/action-mods.php
inc/modules/admin/action-newsletter.php
inc/modules/admin/action-payouts.php
inc/modules/admin/action-rallye.php
inc/modules/admin/action-repair.php
inc/modules/admin/action-setup.php
inc/modules/admin/action-sponsor.php
inc/modules/admin/action-stats.php
inc/modules/admin/action-task.php
inc/modules/admin/action-theme.php
inc/modules/admin/action-transfer.php
inc/modules/admin/action-user.php
inc/modules/admin/action-wernis.php
inc/modules/admin/admin-inc.php
inc/modules/admin/what-extensions.php
inc/modules/guest/action-admin.php
inc/modules/guest/action-main.php
inc/modules/guest/action-members.php
inc/modules/index.php
inc/modules/member/action-account.php
inc/modules/member/action-bank.php
inc/modules/member/action-extras.php
inc/modules/member/action-logout.php
inc/modules/member/action-main.php
inc/modules/member/action-order.php
inc/modules/member/action-rals.php
inc/modules/member/action-stats.php
inc/mysql-manager.php
modules.php
ref.php
templates/de/html/admin/admin_logout_sql_patches.tpl [deleted file]
templates/de/html/admin/admin_logout_sql_patches_install.tpl [new file with mode: 0644]
templates/de/html/admin/admin_logout_sql_patches_remove.tpl [new file with mode: 0644]
templates/de/html/admin/admin_reset_pass_done.tpl

index 30914c6..1a02466 100644 (file)
@@ -922,7 +922,8 @@ templates/de/html/admin/admin_login_form.tpl -text
 templates/de/html/admin/admin_login_msg.tpl -text
 templates/de/html/admin/admin_logout.tpl -text
 templates/de/html/admin/admin_logout_form.tpl -text
-templates/de/html/admin/admin_logout_sql_patches.tpl -text
+templates/de/html/admin/admin_logout_sql_patches_install.tpl -text
+templates/de/html/admin/admin_logout_sql_patches_remove.tpl -text
 templates/de/html/admin/admin_main_footer.tpl -text
 templates/de/html/admin/admin_main_header.tpl -text
 templates/de/html/admin/admin_maintenance_form.tpl -text
index cf3ba20..145fb1b 100644 (file)
@@ -52,7 +52,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false)
        if (EXT_IS_ACTIVE($ext_name)) return false;
 
        // Generate file name
-       $file = sprintf(PATH."inc/extensions/ext-%s.php", $ext_name);
+       $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name);
 
        // Does this extension exists?
        if (file_exists($file) && is_readable($file))
@@ -92,10 +92,10 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false)
                        $SQLs2 = $SQLs;  $SQLs = array(); $test = false;
 
                        // Backup language as well
-                       $LANG_BCK = $EXT_LANG_PREFIX;
+                       $LANG_BCK = $EXT_LANG_PREFIX; $EXT_ALWAYS_ACTIVE = "N";
 
                        // Load required extension also in update mode
-                       $file = sprintf(PATH."inc/extensions/ext-%s.php", $EXT_UPDATE_DEPENDS);
+                       $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $EXT_UPDATE_DEPENDS);
 
                        // Check for required file
                        if (file_exists($file) && is_readable($file))
@@ -181,8 +181,8 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false)
                                }
 
                                // Register extension
-                               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_extensions (ext_name, ext_lang_file, ext_active, ext_version) VALUES ('%s', '%s', 'N', '%s')",
-                                array($ext_name, $EXT_LANG_PREFIX, $EXT_VERSION), __FILE__, __LINE__);
+                               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_extensions (ext_name, ext_lang_file, ext_active, ext_version) VALUES ('%s', '%s', '%s', '%s')",
+                                array($ext_name, $EXT_LANG_PREFIX, $EXT_ALWAYS_ACTIVE, $EXT_VERSION), __FILE__, __LINE__);
 
                                // Update task management
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
@@ -223,24 +223,22 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false)
        return $ret;
 }
 //
-function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE)
-{
+function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE) {
        global $cacheInstance;
+       $SQLs = array();
+
        // This shall never do a non-admin user!
        if (!IS_ADMIN()) return false;
 
        // Get extension's name
-       $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
-        array(bigintval($id)), __FILE__, __LINE__);
-       list($ext_name) = SQL_FETCHROW($result);
-       SQL_FREERESULT($result);
+       $ext_name = GET_EXT_NAME($id);
        if (empty($ext_name)) return false;
 
        // Load extension in detected mode
-       $file = sprintf(PATH."inc/extensions/ext-%s.php", $ext_name); $SQLs = array();
+       $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name);
        if (file_exists($file) && is_readable($file)) require($file);
-       if ((is_array($SQLs) && (sizeof($SQLs) > 0)))
-       {
+
+       if ((is_array($SQLs) && (sizeof($SQLs) > 0))) {
                // Run SQL commands...
                foreach ($SQLs as $sql) {
                        // Trim spaces away which we don't need
@@ -250,21 +248,26 @@ function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE)
                        if (!empty($sql)) {
                                // Run SQL command
                                $result = SQL_QUERY($sql, __FILE__, __LINE__, false);
-                       }
-               }
+                       } // END - if
+               } // END - foreach
 
                // Remove cache file(s) if extension is active
-               if (EXT_IS_ACTIVE("cache")) {
-                       // Remove cache filer
+               if ((EXT_IS_ACTIVE("cache")) || (GET_EXT_VERSION("cache") != "")) {
+                       // Remove cache files
                        if ($cacheInstance->cache_file("extensions", true)) $cacheInstance->cache_destroy();
                        if ($cacheInstance->cache_file("mod_reg", true))    $cacheInstance->cache_destroy();
                        if ($cacheInstance->cache_file("config", true))     $cacheInstance->cache_destroy();
-               }
-       }
+               } // END - if
+
+               // Is this the sql_patches?
+               if ($ext_name == "sql_patches") {
+                       // Then redirect to logout
+                       LOAD_URL("modules.php?module=admin&logout=1&remove=sql_patches");
+               } // END - if
+       } // END - if
 }
 //
-function EXT_IS_ACTIVE ($ext_name, $ignore_admin=false, $ignore_cache=false)
-{
+function EXT_IS_ACTIVE ($ext_name, $ignore_admin = false, $ignore_cache = false) {
        global $cacheArray, $_CONFIG;
 
        // Extensions are all inactive during installation
@@ -303,7 +306,7 @@ function EXT_IS_ACTIVE ($ext_name, $ignore_admin=false, $ignore_cache=false)
        }
 
        // Is this extension activated? (For admins we always have active extensions...)
-       $inc = sprintf(PATH."inc/extensions/ext-%s.php", $ext_name);
+       $inc = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name);
        // Shorter way
        return (
                (
index f39d09b..cd18027 100644 (file)
@@ -42,12 +42,12 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 if (empty($mx_lang)) $mx_lang = DEFAULT_LANG;
 
 // Look for file
-$file = sprintf(PATH."inc/language/%s.php", $mx_lang);
+$file = sprintf("%sinc/language/%s.php", PATH, $mx_lang);
 if ((!file_exists($file)) || (!is_readable($file))) {
        // Switch to default (DO NOT CHANGE!!!)
        set_session("mx_lang", "de");
        $mx_lang = "de";
-       $file = sprintf(PATH."inc/language/%s.php", $mx_lang);
+       $file = sprintf("%sinc/language/%s.php", PATH, $mx_lang);
 }
 
 // Load language file
index 2d6e543..43a36e3 100644 (file)
@@ -1105,6 +1105,7 @@ define('ADMIN_CONFIG_MAILID_REDIRECT_REJECT', "Auf Ablehnungsseite umleiten.");
 define('REASON_DIRECT_PAYMENT', "Direkte Gutschrift (siehe evtl. vorangegangene Mail)");
 define('SUBJECT_DIRECT_PAYMENT', "Direkte {!POINTS!}-Gutschrift durch das System");
 define('ADMIN_LOGOUT_SQL_PATCHES_DONE', "Sie wurden automatisch ausgeloggt, da Sie die Erweiterung <strong>sql_patches</strong> installiert haben und dabei das Passort-Hashing ge&auml;ndert/verbessert wurde. Bitte erneut einloggen!");
+define('ADMIN_LOGOUT_SQL_PATCHES_REMOVE', "Sie wurden automatisch ausgeloggt, da Sie die Erweiterun <strong>sql_patches</strong> entfernt haben. Bitte klicken Sie weiter, um jetzt das Passwort neu zu setzen.");
 define('ADMIN_POINTS_REPAYED', "Es wurden dem Mitglied <u>%s</u> {!POINTS!} zur&uuml;ckgeschrieben.");
 define('ADMIN_POINTS_TO_JACKPOT', "Es wurden <u>%s</u> {!POINTS!} in den Jackpot gelegt.");
 define('ADMIN_NO_POINTS_REPAYED', "Die Mailbuchung hatte keine {!POINTS!} zum zur&uuml;ckbuchen!");
@@ -1147,6 +1148,7 @@ define('ADMIN_SHOW_LOGIN', "Ihr Administratorlogin:");
 define('ADMIN_CHANGE_LOGIN', "Anderes Adminlogin");
 define('ADMIN_PASSWORD_RESET_DONE', "Ihr Administratorkennwort wurde neu gesetzt. Sie k&ouml;nnen sich jetzt mit Ihren neuen Zugangsdaten im Adminbereich einloggen.");
 define('ADMIN_CONTINUE_LOGIN', "Weiter zum Administratorlogin");
+define('ADMIN_RESET_PASS_LINK', "Jetzt Ihr Administratorkennwort zur&uuml;cksetzen (n&ouml;tiger Schritt!)");
 
 //
 ?>
index cfb4cd4..9e5202d 100644 (file)
@@ -262,13 +262,13 @@ class mxchange_cache
                                                foreach($v as $k2=>$v2)
                                                {
                                                        // Put every array element in a row...
-                                                       $LINE .= "\$cacheInstance['".$k."'][] = \"".$v2."\";\n";
+                                                       $LINE .= "\$data['".$k."'][] = \"".$v2."\";\n";
                                                }
                                        }
                                        else
                                        {
                                                // Single line found
-                                               $LINE = "\$cacheInstance['".$k."'] = \"".$v."\";\n";
+                                               $LINE = "\$data['".$k."'] = \"".$v."\";\n";
                                        }
 
                                        // Write line(s)
@@ -325,13 +325,13 @@ class mxchange_cache
                                                        foreach($v as $k2=>$v2)
                                                        {
                                                                // Put every array element in a row...
-                                                               $LINE .= "\$cacheInstance['".$k."'][] = \"".$v2."\";\n";
+                                                               $LINE .= "\$data['".$k."'][] = \"".$v2."\";\n";
                                                        }
                                                }
                                                else
                                                {
                                                        // Single line found
-                                                       $LINE = "\$cacheInstance['".$k."'] = \"".$v."\";\n";
+                                                       $LINE = "\$data['".$k."'] = \"".$v."\";\n";
                                                }
 
                                                // Write line(s)
index ed0a69b..1ca1045 100644 (file)
@@ -93,7 +93,7 @@ if ($cacheMode == "load") {
 
                // Load Language file
                if ($EXT_DUMMY['ext_lang'][$k] == "Y") {
-                       $INC = sprintf(PATH."inc/language/%s_%s.php", $name, GET_LANGUAGE());
+                       $INC = sprintf("%sinc/language/%s_%s.php", PATH, $name, GET_LANGUAGE());
                        if (file_exists($INC)) require_once($INC);
                }
 
@@ -184,7 +184,7 @@ if ((SQL_NUMROWS($res_ext_crt) > 0) && (($cacheMode == "init") || ($cacheMode ==
                $file2 = $file1; $EXT_CSS = "N"; $EXT_ALWAYS_ACTIVE = "N";
 
                // Special functions file
-               $file3 = sprintf(PATH."inc/libs/%s_functions.php", $name);
+               $file3 = sprintf("%sinc/libs/%s_functions.php", PATH, $name);
 
                // Does the extension file exists?
                if (file_exists($file1) && is_readable($file1))
index ed6f004..5219de2 100644 (file)
@@ -299,18 +299,27 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
        // Only try to remove cookies
        if (set_session("admin_login", "") && set_session("admin_md5", "") && set_session("admin_last", "") && set_session("admin_to", "")) {
                // Also remove array elements
-               set_session('admin_login'       , "");
-               set_session('admin_md5'         , "");
-               set_session('admin_last'        , "");
-               set_session('admin_to'          , "");
+               set_session('admin_login', "");
+               set_session('admin_md5'  , "");
+               set_session('admin_last' , "");
+               set_session('admin_to'   , "");
 
                // Destroy session
                @session_destroy();
 
                // Load logout template
-               if (isset($_GET['sql_patches'])) {
-                       // Special logout redirect for sql_patchrs
-                       LOAD_TEMPLATE("admin_logout_sql_patches");
+               if (isset($_GET['install'])) {
+                       // Secure input
+                       $install = secureString(SQL_ESCAPE($_GET['install']));
+
+                       // Special logout redirect for installation of given extension
+                       LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $install));
+               } elseif (isset($_GET['remove'])) {
+                       // Secure input
+                       $remove = secureString(SQL_ESCAPE($_GET['remove']));
+
+                       // Special logout redirect for removal of given extension
+                       LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
                } else {
                        // Logged out normally
                        LOAD_TEMPLATE("admin_logout");
index a0beb1b..a4a1d73 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 90455e7..342f2b0 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 6982a40..6f553f0 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf(."%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 787081a..a2a221c 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index ca00de5..a9ee8cb 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index a66a1be..17a0d0d 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index ddaf08a..e124559 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 41cdcc6..95d0b1e 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 4f05fcc..20c8468 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 49c3361..da9c090 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 2882feb..8871db9 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 221889a..243c179 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 1f54b7e..09eba7e 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 2e62585..b9e372c 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC)) {
        // Ok, we finally load the admin action module
        include($INC);
index b4cbba3..a841ef6 100644 (file)
@@ -41,7 +41,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC)) {
        // Ok, we finally load the admin action module
        include($INC);
index 2db7b93..3cd3874 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 692d4f0..4c7691c 100644 (file)
@@ -44,7 +44,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 651d82a..8b702b0 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 3ea5af9..1eae1b1 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 20254c2..1d53df9 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index 25b4ff1..5b91251 100644 (file)
@@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 ADD_DESCR("admin", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the admin action module
index d0aef8c..6c7c241 100644 (file)
@@ -308,7 +308,7 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);
                SQL_FREERESULT($result);
 
                // Is valid but does the inlcude file exists?
-               $INC = sprintf(PATH."inc/modules/admin/action-%s.php", $act);
+               $INC = sprintf("%sinc/modules/admin/action-%s.php", PATH, $act);
                if ((file_exists($INC)) && (is_readable($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true))
                {
                        // Ok, we finally load the admin action module
@@ -406,7 +406,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false)
                                                while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what))
                                        {
                                                // Filename
-                                               $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $wht_sub);
+                                               $INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $wht_sub);
                                                if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))
                                                {
                                                        $ACL = ADMINS_CHECK_ACL("", $wht_sub);
index bf5e182..eb6079c 100644 (file)
@@ -143,7 +143,7 @@ if (!empty($_GET['reg_ext'])) {
                                $OUT .= LOAD_TEMPLATE("admin_extensions_edit_row", true, $content);
                                $SW = 3 - $SW;
                        }
-               }
+               } // END - foreach
                define('__EXTENSIONS_ROWS', $OUT);
 
                // Load template
@@ -154,11 +154,15 @@ if (!empty($_GET['reg_ext'])) {
        // List extensions and when verbose is enabled SQL statements which will be executed
        $SW = 2; $OUT = "";
        foreach ($_POST['sel'] as $id=>$sel) {
+               // Init variables
                $VERBOSE_OUT = ""; $SQLs = array();
-               // Load extension's data
-               $result = SQL_QUERY_ESC("SELECT ext_name, ext_version FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
-                array(bigintval($id)), __FILE__, __LINE__);
-               list($ext_name, $ext_ver) = SQL_FETCHROW($result);
+
+               // Secure id number
+               $id = bigintval($id);
+
+               // Get extension name
+               $ext_name = GET_EXT_NAME($id);
+               $ext_ver = GET_EXT_VERSION($ext_name);
 
                // Free the result
                SQL_FREERESULT($result);
@@ -166,12 +170,12 @@ if (!empty($_GET['reg_ext'])) {
                if ($_CONFIG['verbose_sql']) {
                        // Load SQL commands in remove mode
                        $EXT_LOAD_MODE = "remove";
-                       $file = sprintf(PATH."inc/extensions/ext-%s.php", $ext_name);
+                       $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name);
                        include($file);
 
                        // Generate extra table with loaded SQL commands
                        $VERBOSE_OUT = EXTENSION_VERBOSE_TABLE($SQLs);
-               }
+               } // END - if
 
                // Prepare data for the row template
                $content = array(
@@ -185,7 +189,7 @@ if (!empty($_GET['reg_ext'])) {
                // Load row template and switch color
                $OUT .= LOAD_TEMPLATE("admin_extensions_delete_row", true, $content);
                $SW = 3 - $SW;
-       }
+       } // END - foreach
        define('__EXTENSIONS_ROWS', $OUT);
 
        // Load template
@@ -205,9 +209,9 @@ if (!empty($_GET['reg_ext'])) {
 
                        // Delete this extension (remember to remove it from your server *before* you click on welcome!
                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1",
-                        array(bigintval($id)), __FILE__, __LINE__);
-               }
-       }
+                        array($id), __FILE__, __LINE__);
+               } // END - if
+       } // END - foreach
 } elseif (!empty($_GET['do']) && (!IS_DEMO())) {
        // Other things to do
        $do = SQL_ESCAPE(strip_tags($_GET['do']));
@@ -220,7 +224,7 @@ if (!empty($_GET['reg_ext'])) {
 $where = "";
 if (!empty($_GET['active'])) {
        $where = sprintf("WHERE ext_active = '%s'", SQL_ESCAPE(strip_tags($_GET['active'])));
-}
+} // END - if
 
 // Case selection
 switch ($do) {
@@ -308,7 +312,7 @@ case "register": // Register new extension
                                // Is this sql_patches? Then we need to auto-logout!
                                if ($ext_name == "sql_patches") {
                                        // Auto-logout here
-                                       LOAD_URL("modules.php?module=admin&logout=1&sql_patches=1");
+                                       LOAD_URL("modules.php?module=admin&logout=1&install=sql_patches");
                                }
 
                                // Extension was found and successfully registered
@@ -362,7 +366,7 @@ case "search": // Search for new extensions on our server
                        if ((substr($value, 0, 4) == "ext-") && (substr($value, -4) == ".zip"))
                        {
                                $name = substr($value, 4, -4);
-                               $file = sprintf(PATH."inc/extensions/ext-%s.php", $name);
+                               $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $name);
                                $ver = trim(substr($response[$id + 3], 4));
 
                                // Load current extension's version
index 7eaf1cd..fce845e 100644 (file)
@@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 if (GET_ACTION("guest", $GLOBALS['what']) == "admin")
 {
        // Only when one admin link is clicked...
-       $INC = sprintf(PATH."inc/modules/guest/what-%s.php", $GLOBALS['what']);
+       $INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']);
        if (file_exists($INC))
        {
             // Ok, we finally load the guest action module
index 8894d8a..0647588 100644 (file)
@@ -42,7 +42,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("guest", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/guest/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']);
 $IS_VALID = WHAT_IS_VALID(GET_ACTION("guest", $GLOBALS['what']), $GLOBALS['what'], "guest");
 
 if ((file_exists($INC)) && (is_readable($INC)) && ($IS_VALID))
index 911c408..1b2c046 100644 (file)
@@ -42,7 +42,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("guest", basename(__FILE__));
 
 // Load the include file
-$INC = sprintf(PATH."inc/modules/guest/what-%s.php", $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC))
 {
        // Ok, we finally load the guest action module
index 006eca1..e501964 100644 (file)
@@ -96,7 +96,7 @@ if (($_CONFIG['guest_menu'] == "Y") || (!EXT_IS_ACTIVE("sql_patches", true)))
 // TDs between menu and content
 LOAD_TEMPLATE("guest_menu_content");
 
-$INC_ACTION = sprintf(PATH."inc/modules/guest/action-%s.php", $act);
+$INC_ACTION = sprintf("%sinc/modules/guest/action-%s.php", PATH, $act);
 if ((file_exists($INC_ACTION)) && (is_readable($INC_ACTION)) && (VALIDATE_MENU_ACTION("guest", $act, $GLOBALS['what'])))
 {
        // Requested module is available so we load it
index 03de3d9..e7391a9 100644 (file)
@@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("member", basename(__FILE__));
 
 // Load the include file
-$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']);
+$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC_WHAT))
 {
        // Ok, we finally load the member action module
index 71f3041..4b01b03 100644 (file)
@@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("member", basename(__FILE__));
 
 // Load the include file
-$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']);
+$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC_WHAT))
 {
        // Ok, we finally load the member action module
index 2feb671..7cd95fa 100644 (file)
@@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("member", basename(__FILE__));
 
 // Load the include file
-$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']);
+$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC_WHAT))
 {
        // Ok, we finally load the member action module
index 440503f..1a35520 100644 (file)
@@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("member", basename(__FILE__));
 
 // Load the include file
-$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']);
+$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC_WHAT))
 {
        // Ok, we finally load the member action module
index fa47565..d3c82ec 100644 (file)
@@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("member", basename(__FILE__));
 
 // Load the include file
-$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']);
+$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC_WHAT))
 {
        // Ok, we finally load the member action module
index 171e581..6c3cbfc 100644 (file)
@@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("member", basename(__FILE__));
 
 // Load the include file
-$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']);
+$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC_WHAT))
 {
        // Ok, we finally load the member action module
index a9fb0e7..4733d9c 100644 (file)
@@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("member", basename(__FILE__));
 
 // Load the include file
-$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']);
+$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC_WHAT))
 {
        // Ok, we finally load the member action module
index e556417..ac10d88 100644 (file)
@@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 ADD_DESCR("member", basename(__FILE__));
 
 // Load the include file
-$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']);
+$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']);
 if (file_exists($INC_WHAT))
 {
        // Ok, we finally load the member action module
index ef2e46d..50ca9f7 100644 (file)
@@ -364,7 +364,7 @@ function ADD_MENU($MODE, $act, $wht) {
                        } else {
                                // This is a menu block... ;-)
                                $BLOCK_MODE = true;
-                               $INC_BLOCK = sprintf(PATH."inc/modules/%s/action-%s.php", $MODE, $main_action);
+                               $INC_BLOCK = sprintf("%sinc/modules/%s/action-%s.php", PATH, $MODE, $main_action);
                                if ((file_exists($INC_BLOCK)) && (is_readable($INC_BLOCK))) {
                                        // Load include file
                                        if ((!EXT_IS_ACTIVE($main_action)) || ($main_action == "online")) OUTPUT_HTML("<TR>
index f8fbe88..41b0499 100644 (file)
@@ -109,7 +109,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I
        case "mem_only":
        case "done":
                // Construct module name
-               define('__MODULE', sprintf(PATH."inc/modules/%s.php", $GLOBALS['module']));
+               define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module']));
 
                // Does the module exists on local file system?
                if (((file_exists(__MODULE)) || (!empty($URL))) && (sizeof($FATAL) == 0))
diff --git a/ref.php b/ref.php
index 456fc3b..0532103 100644 (file)
--- a/ref.php
+++ b/ref.php
@@ -60,7 +60,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
        }
 
        // Get referral ID from ref or refid variable
-       if (!empty($_GET['ref']))        $ref = strip_tags(htmlentities($_GET['ref']));
+       if (!empty($_GET['ref']))        $ref = secureString($_GET['ref']);
         elseif (!empty($_GET['refid'])) $ref = bigintval($_GET['refid']);
 
        if (!empty($ref))
@@ -74,6 +74,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                        list($ref) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                }
+
                // Also edit this 0 !
                if (empty($ref)) $ref = "0";
 
diff --git a/templates/de/html/admin/admin_logout_sql_patches.tpl b/templates/de/html/admin/admin_logout_sql_patches.tpl
deleted file mode 100644 (file)
index 1c4c067..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-<DIV align="center">
-<TABLE border="0" cellspacing="0" cellpadding="0" width="500" class="admin dashed">
-       <TR>
-               <TD height="5" class="seperator">&nbsp;</TD>
-       </TR>
-       <TR>
-               <TD align="center" class="admin_content"><STRONG>{--ADMIN_LOGOUT_SQL_PATCHES_DONE--}</STRONG><BR />
-               <BR />
-               <A class="admin_content" href="{!URL!}/modules.php?module=admin&amp;action=login">{--ADMIN_RELOGIN_LINK--}</A><BR />
-               <BR />
-               <A class="admin_content" href="{!URL!}/modules.php?module=index">{--ADMIN_BACK_TO_GUEST_MENU--}</A><BR />
-               </TD>
-       </TR>
-       <TR>
-               <TD height="5" class="seperator">&nbsp;</TD>
-       </TR>
-</TABLE>
-</DIV>
diff --git a/templates/de/html/admin/admin_logout_sql_patches_install.tpl b/templates/de/html/admin/admin_logout_sql_patches_install.tpl
new file mode 100644 (file)
index 0000000..1c4c067
--- /dev/null
@@ -0,0 +1,18 @@
+<DIV align="center">
+<TABLE border="0" cellspacing="0" cellpadding="0" width="500" class="admin dashed">
+       <TR>
+               <TD height="5" class="seperator">&nbsp;</TD>
+       </TR>
+       <TR>
+               <TD align="center" class="admin_content"><STRONG>{--ADMIN_LOGOUT_SQL_PATCHES_DONE--}</STRONG><BR />
+               <BR />
+               <A class="admin_content" href="{!URL!}/modules.php?module=admin&amp;action=login">{--ADMIN_RELOGIN_LINK--}</A><BR />
+               <BR />
+               <A class="admin_content" href="{!URL!}/modules.php?module=index">{--ADMIN_BACK_TO_GUEST_MENU--}</A><BR />
+               </TD>
+       </TR>
+       <TR>
+               <TD height="5" class="seperator">&nbsp;</TD>
+       </TR>
+</TABLE>
+</DIV>
diff --git a/templates/de/html/admin/admin_logout_sql_patches_remove.tpl b/templates/de/html/admin/admin_logout_sql_patches_remove.tpl
new file mode 100644 (file)
index 0000000..a4de412
--- /dev/null
@@ -0,0 +1,17 @@
+<DIV align="center">
+<TABLE border="0" cellspacing="0" cellpadding="0" width="500" class="admin dashed">
+       <TR>
+               <TD height="5" class="seperator">&nbsp;</TD>
+       </TR>
+       <TR>
+               <TD align="center" class="admin_content">
+                       <STRONG>{--ADMIN_LOGOUT_SQL_PATCHES_REMOVE--}</STRONG><BR />
+                       <BR />
+                       <A class="admin_content" href="{!URL!}/modules.php?module=admin&amp;action=login">{--ADMIN_RESET_PASS_LINK--}</A>
+               </TD>
+       </TR>
+       <TR>
+               <TD height="5" class="seperator">&nbsp;</TD>
+       </TR>
+</TABLE>
+</DIV>
index 289a8f1..ea48561 100644 (file)
@@ -12,7 +12,7 @@
 </TR>
 <TR>
        <TD class="admin_footer">
-               <A href="{!URL!}/modules.php?module=admin">{--ADMIN_CONTINUE_LOGIN--}</A>
+               --&gt;&nbsp;<STRONG><A href="{!URL!}/modules.php?module=admin">{--ADMIN_CONTINUE_LOGIN--}</A></STRONG>
        </TD>
 </TR>
 </TABLE>