- Refactured FILTER_ORDER_ZIP_CODE_SQL() to allow also zip code member inclusion
through GET parameters. This can be used e.g. in what=list_user&zip=12345 to
only list members from zip code 12345
- Some todos added for what-list_user.php: please refacture birthday handling
and link generation
- TODOs.txt updated
./inc/expression-functions.php:46: // @TODO is escapeQuotes() enougth for strings with single/double quotes?
./inc/extensions/ext-html_mail.php:136: // @TODO Move these arrays into config
./inc/extensions/ext-menu.php:52: // @TODO Convert menu-Id to one coding-standard. admin(edit|_add) => admin_menu_(edit|add), mem(edit|_add) => (edit|add)_(admin|guest|member)_menu
-./inc/extensions/ext-network.php:101: // @TODO network_type_handler is an internal name and needs documentation
+./inc/extensions/ext-network.php:102: // @TODO network_type_handler is an internal name and needs documentation
./inc/extensions/ext-network.php:18: * @TODO Ad-Magnet: Layer(klick?). Layerviews.Skybannerklick/-view, *
./inc/extensions/ext-network.php:19: * @TODO Ad-Magnet: Banner-View, Textlink-Klick/-View. Page-Peel *
./inc/extensions/ext-network.php:20: * @TODO ADCocktail: All request parameters, BIDausKAS, WIDausKAS??? *
./inc/extensions/ext-network.php:26: * @TODO Admono.de: highforcedbanner, traffic from abroad *
./inc/extensions/ext-network.php:27: * @TODO Affiliblatt: All except banner, do they really have UTF-8? *
./inc/extensions/ext-network.php:28: * @TODO AllAds4You: Traffic from abroad, High-Forced banner *
-./inc/extensions/ext-network.php:29: * @TODO FuCoExSponsor: No High-Forced banner, HTML is BASE64 encoded *
-./inc/extensions/ext-network.php:30: * @TODO FuCoExSponsor: Textlink-View is JavaScript! *
-./inc/extensions/ext-network.php:31: * @TODO Fusion-Ads: Has click/banner URL in API response *
-./inc/extensions/ext-network.php:32: * @TODO GeldSponsor.de Requires ID card copy/business reg. *
-./inc/extensions/ext-network.php:33: * @TODO GolloX: Which charset? *
-./inc/extensions/ext-network.php:34: * @TODO paid4ad: Which URLs for click and banner? *
-./inc/extensions/ext-network.php:35: * @TODO SuperPromo24: HighForced banner, leader board, mini/page layer *
-./inc/extensions/ext-network.php:36: * @TODO SuperPromo24: Textlink view is a JavaScript *
-./inc/extensions/ext-network.php:37: * @TODO VIPads: HTML text is send encoded with BASE64 *
-./inc/extensions/ext-network.php:38: * @TODO Der Werbepartner.cc: Banner click/view is JavaScript! *
-./inc/extensions/ext-network.php:39: * @TODO Der Werbepartner.cc: Forced textlink not correct *
-./inc/extensions/ext-network.php:40: * @TODO Der Werbepartner.cc: Layer not correct *
-./inc/extensions/ext-network.php:41: * @TODO Der Werbepartner.cc: Sky banner is JavaScript! *
-./inc/extensions/ext-network.php:42: * @TODO Der Werbepartner.cc: Surfbar click not correct *
-./inc/extensions/ext-network.php:43: * @TODO Der Werbepartner.cc: Textlink not not correct *
-./inc/extensions/ext-network.php:44: * @TODO Yoo!Media: What is LayerAd compared to Layer click? *
+./inc/extensions/ext-network.php:29: * @TODO eu-ADS/WeltPromotion: Text for banner/buttons? *
+./inc/extensions/ext-network.php:30: * @TODO FuCoExSponsor: No High-Forced banner, HTML is BASE64 encoded *
+./inc/extensions/ext-network.php:31: * @TODO FuCoExSponsor: Textlink-View is JavaScript! *
+./inc/extensions/ext-network.php:32: * @TODO Fusion-Ads: Has click/banner URL in API response *
+./inc/extensions/ext-network.php:33: * @TODO GeldSponsor.de Requires ID card copy/business reg. *
+./inc/extensions/ext-network.php:34: * @TODO GolloX: Which charset? *
+./inc/extensions/ext-network.php:35: * @TODO paid4ad: Which URLs for click and banner? *
+./inc/extensions/ext-network.php:36: * @TODO SuperPromo24: HighForced banner, leader board, mini/page layer *
+./inc/extensions/ext-network.php:37: * @TODO SuperPromo24: Textlink view is a JavaScript *
+./inc/extensions/ext-network.php:38: * @TODO VIPads: HTML text is send encoded with BASE64 *
+./inc/extensions/ext-network.php:39: * @TODO Der Werbepartner.cc: Banner click/view is JavaScript! *
+./inc/extensions/ext-network.php:40: * @TODO Der Werbepartner.cc: Forced textlink not correct *
+./inc/extensions/ext-network.php:41: * @TODO Der Werbepartner.cc: Layer not correct *
+./inc/extensions/ext-network.php:42: * @TODO Der Werbepartner.cc: Sky banner is JavaScript! *
+./inc/extensions/ext-network.php:43: * @TODO Der Werbepartner.cc: Surfbar click not correct *
+./inc/extensions/ext-network.php:44: * @TODO Der Werbepartner.cc: Textlink not not correct *
+./inc/extensions/ext-network.php:45: * @TODO Yoo!Media: What is LayerAd compared to Layer click? *
./inc/extensions/ext-newsletter.php:218: // @TODO Move these into configuration
./inc/extensions/ext-rallye.php:94: // @TODO Fix config_rallye_prices to list_rallye_prices
./inc/extensions/ext-yoomedia.php:121: // @TODO Can this be moved into a database table?
./inc/libs/doubler_functions.php:96: // @TODO Can't this be moved into EL?
./inc/libs/forced_functions.php:457:// @TODO Can't we use our new expression language instead of this ugly code?
./inc/libs/mailid_functions.php:47: // @TODO Rewrite this to a dynamic include or so
-./inc/libs/network_functions.php:1067: // @TODO Implement this function, don't forget to set HTTP status back to '200 OK' if everything went fine
+./inc/libs/network_functions.php:1117: // @TODO Implement this function, don't forget to set HTTP status back to '200 OK' if everything went fine
./inc/libs/order_functions.php:46: // @TODO Move this array into a filter
./inc/libs/rallye_functions.php:771:// @TODO This function does not load min_users, min_prices, please encapsulate loading rallye data with e.g. getRallyeDataFromId()
./inc/libs/rallye_functions.php:838: $EXPIRE = 3; // @TODO The hard-coded value...
./inc/modules/admin/what-list_unconfirmed.php:114: // @TODO "Please do not call me directly." Should be rewritten to a nice selection depending on ext-bonus
./inc/modules/admin/what-list_unconfirmed.php:84: // @TODO This constant might be unused? define('__LIST_UNCON_TITLE', '{--ADMIN_LIST_UNCONFIRMED_BONUS_LINKS--}');
./inc/modules/admin/what-list_unconfirmed.php:87: // @TODO `id` has been used two times???
-./inc/modules/admin/what-list_user.php:289: // @TODO Rewrite this into a filter
-./inc/modules/admin/what-list_user.php:354: // @TODO Rewrite this into a filter
+./inc/modules/admin/what-list_user.php:104: // @TODO Refacture these old link generation to functions
+./inc/modules/admin/what-list_user.php:121: // @TODO Refacture birth_foo to avoid uni* timetstamps as older members cannot be greeded correctly
+./inc/modules/admin/what-list_user.php:291: // @TODO Rewrite this into a filter
+./inc/modules/admin/what-list_user.php:356: // @TODO Rewrite this into a filter
./inc/modules/admin/what-logs.php:64: // @TODO Fix content-type here
./inc/modules/admin/what-logs.php:70: // @TODO Fix content-type here
./inc/modules/admin/what-mem_add.php:124: // @TODO This can be somehow rewritten to a function
// Filter for ZIP code inclusion (not exclusion but it must be run in exclusion filter chain)
function FILTER_ORDER_ZIP_CODE_SQL ($sql) {
// Check if category and number of receivers is okay
- if ((isOrderMultiPageEnabled()) && (isPostRequestElementSet('zip')) && (postRequestElement('zip') != '')) {
- // Choose recipients by ZIP code
- if (empty($sql)) {
- $sql = sprintf(" WHERE `zip` LIKE '%s%%%%'",
- bigintval(postRequestElement('zip'))
- );
- } else {
- $sql .= sprintf(" AND `zip` LIKE '%s%%%%'",
- bigintval(postRequestElement('zip'))
- );
+ if (isOrderMultiPageEnabled()) {
+ // Default is no zip code limitation
+ $zip = NULL;
+
+ // POST or GET elements?
+ if ((isPostRequestElementSet('zip')) && (postRequestElement('zip') != '')) {
+ // Choose recipients by zip code from POST
+ $zip = bigintval(postRequestElement('zip'));
+ } elseif ((isGetRequestElementSet('zip')) && (getRequestElement('zip') != '')) {
+ // Choose recipients by zip code from GET
+ $zip = bigintval(getRequestElement('zip'));
}
+
+ // Is the zip code set?
+ if (!is_null($zip)) {
+ // Is the previous SQL statement empty?
+ if (empty($sql)) {
+ // SQL statemet is empty, so use WHERE
+ $sql = sprintf(" WHERE `zip` LIKE '%s%%%%'", $zip);
+ } else {
+ // ... otherwise use AND
+ $sql .= sprintf(" AND `zip` LIKE '%s%%%%'", $zip);
+ }
+ } // END - if
} // END - if
// Return expanded SQL
addYouAreHereLink('admin', __FILE__);
// Init variables
-$MORE = '';
+$moreColumns = '';
// Add lock reason?
if (isExtensionInstalledAndNewer('user', '0.3.5')) {
// Add them...
- $MORE .= ', UNIX_TIMESTAMP(`lock_timestamp`) AS `lock_timestamp`';
+ $moreColumns .= ', UNIX_TIMESTAMP(`lock_timestamp`) AS `lock_timestamp`';
} // END - if
// Is the extension 'country' installed?
if (isExtensionActive('country')) {
// Add country code
- $MORE .= ',`country_code`';
-} else {
- // Add direct value
- $MORE .= ',`country`';
-}
+ $moreColumns .= ',`country_code`';
+} // END - if
// Init unset data
if (!isGetRequestElementSet('letter')) { setGetRequestElement('letter', ''); }
if (!isGetRequestElementSet('sortby')) { setGetRequestElement('sortby', 'userid'); }
if (!isGetRequestElementSet('page')) { setGetRequestElement('page' , 1); }
-// Set base URL
+// Set base HTML
$base = '[<a href="{%url=modules.php?module=admin';
if (isGetRequestElementSet('userid')) {
$userid = bigintval(getRequestElement('userid'));
// Does the account exists?
- $result_user = SQL_QUERY_ESC("SELECT
+ $result_user = SQL_QUERY_ESC('SELECT
`userid`,
`country`,
`email`,
`notified`,
`emails_received`,
`mails_confirmed`
- ".$MORE."
+ ' . $moreColumns . '
FROM
`{?_MYSQL_PREFIX?}_user_data`
WHERE
`userid`=%s
-LIMIT 1",
+LIMIT 1',
array($userid), __FILE__, __LINE__);
// User found?
$content = SQL_FETCHARRAY($result_user);
// Get count/sum of refs, selected categories, unconfirmed mails
+ // @TODO Refacture these old link generation to functions
$content['refs'] = countSumTotalData($userid, 'refsystem', 'counter');
$content['cats'] = countSumTotalData($userid, 'user_cats', 'id', 'userid', true);
$content['links'] = getTotalUnconfirmedMails($userid);
} // END - if
// Calculate timestamp for birthday
+ // @TODO Refacture birth_foo to avoid uni* timetstamps as older members cannot be greeded correctly
$stamp = mktime(0, 0, 0, $content['birth_month'], $content['birth_day'], $content['birth_year']);
// Is this above zero?
// Is a WHERE statement already there?
if (!empty($whereStatement)) {
// Then append the status column
- $whereStatement .= sprintf(" AND `status`='%s'", SQL_ESCAPE(secureString(strtoupper(getRequestElement('status')))));
+ $whereStatement .= sprintf(" AND `status`='%s'", SQL_ESCAPE(strtoupper(getRequestElement('status'))));
} else {
// Start a new one
- $whereStatement = sprintf(" WHERE `status`='%s'", SQL_ESCAPE(secureString(strtoupper(getRequestElement('status')))));
+ $whereStatement = sprintf(" WHERE `status`='%s'", SQL_ESCAPE(strtoupper(getRequestElement('status'))));
}
+
+ // Exclude other users
+ $whereStatement = runFilterChain('user_exclusion_sql', $whereStatement);
} elseif (isGetRequestElementSet('do')) {
// Choose what we need to list
switch (getRequestElement('do')) {
break;
default: // Invalid list mode
- reportBug(__FILE__, __LINE__, sprintf("Invalid do %s detected.", SQL_ESCAPE(secureString(getRequestElement('do')))));
+ reportBug(__FILE__, __LINE__, sprintf('Invalid do %s detected.', SQL_ESCAPE(secureString(getRequestElement('do')))));
break;
} // END - switch
} // END - if
// Generate master query string
- $sql = sprintf("SELECT
+ $sql = sprintf('SELECT
`userid`,
`email`,
`emails_sent`,
`mails_confirmed`,
`emails_received`
- " . $MORE . "
+ ' . $moreColumns . '
FROM
`{?_MYSQL_PREFIX?}_user_data`
-" . $whereStatement . "
+' . $whereStatement . '
ORDER BY
- `%s` ASC",
+ `%s` ASC',
getRequestElement('sortby')
);
if (isFormSent('login')) {
// Check email
$result = SQL_QUERY_ESC("SELECT
- `id`, `hash`, `status`, `remote_addr`, `gender`, `surname`, `family`,
+ `id`,
+ `hash`,
+ `status`,
+ `remote_addr`,
+ `gender`,
+ `surname`,
+ `family`,
UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
FROM
`{?_MYSQL_PREFIX?}_sponsor_data`
if (isFormSent('login')) {
// Check email
$result = SQL_QUERY_ESC("SELECT
- `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`,
+ `id`,
+ `hash`,
+ `remote_addr`,
+ `gender`,
+ `surname`,
+ `family`,
UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
FROM
`{?_MYSQL_PREFIX?}_sponsor_data`